From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 security/manager/android_stub.h                    |     31 +
 .../en-US/chrome/pipnss/nsserrors.properties       |    331 +
 .../locales/en-US/chrome/pipnss/pipnss.properties  |    123 +
 .../locales/en-US/chrome/pippki/pippki.properties  |     75 +
 .../en-US/security/certificates/certManager.ftl    |    228 +
 .../en-US/security/certificates/deviceManager.ftl  |    132 +
 .../locales/en-US/security/pippki/pippki.ftl       |     79 +
 security/manager/locales/jar.mn                    |     14 +
 security/manager/locales/moz.build                 |      7 +
 security/manager/moz.build                         |     13 +
 security/manager/pki/components.conf               |     21 +
 security/manager/pki/moz.build                     |     34 +
 security/manager/pki/nsIASN1Tree.idl               |     24 +
 security/manager/pki/nsNSSDialogHelper.cpp         |     45 +
 security/manager/pki/nsNSSDialogHelper.h           |     39 +
 security/manager/pki/nsNSSDialogs.cpp              |    314 +
 security/manager/pki/nsNSSDialogs.h                |     40 +
 .../manager/pki/resources/content/certManager.css  |     34 +
 .../manager/pki/resources/content/certManager.js   |    769 +
 .../pki/resources/content/certManager.xhtml        |    330 +
 .../pki/resources/content/changepassword.js        |    212 +
 .../pki/resources/content/changepassword.xhtml     |     77 +
 .../manager/pki/resources/content/clientauthask.js |    178 +
 .../pki/resources/content/clientauthask.xhtml      |     55 +
 .../manager/pki/resources/content/deletecert.css   |     19 +
 .../manager/pki/resources/content/deletecert.js    |    121 +
 .../manager/pki/resources/content/deletecert.xhtml |     33 +
 .../pki/resources/content/device_manager.js        |    433 +
 .../pki/resources/content/device_manager.xhtml     |    113 +
 .../manager/pki/resources/content/downloadcert.js  |     83 +
 .../pki/resources/content/downloadcert.xhtml       |     66 +
 .../manager/pki/resources/content/editcacert.js    |     52 +
 .../manager/pki/resources/content/editcacert.xhtml |     35 +
 .../pki/resources/content/exceptionDialog.css      |     35 +
 .../pki/resources/content/exceptionDialog.js       |    334 +
 .../pki/resources/content/exceptionDialog.xhtml    |     88 +
 .../manager/pki/resources/content/load_device.js   |     75 +
 .../pki/resources/content/load_device.xhtml        |     55 +
 security/manager/pki/resources/content/pippki.js   |    300 +
 .../manager/pki/resources/content/resetpassword.js |     28 +
 .../pki/resources/content/resetpassword.xhtml      |     49 +
 .../pki/resources/content/setp12password.js        |    127 +
 .../pki/resources/content/setp12password.xhtml     |     56 +
 security/manager/pki/resources/jar.mn              |     32 +
 security/manager/pki/resources/moz.build           |      7 +
 security/manager/ssl/AppSignatureVerification.cpp  |   1410 +
 security/manager/ssl/AppTrustDomain.cpp            |    319 +
 security/manager/ssl/AppTrustDomain.h              |     94 +
 .../manager/ssl/CertStorageMemoryReporting.cpp     |     17 +
 security/manager/ssl/CommonSocketControl.cpp       |    525 +
 security/manager/ssl/CommonSocketControl.h         |    191 +
 security/manager/ssl/ContentSignatureVerifier.cpp  |    454 +
 security/manager/ssl/ContentSignatureVerifier.h    |     32 +
 security/manager/ssl/CredentialManagerSecret.cpp   |    114 +
 security/manager/ssl/CredentialManagerSecret.h     |     28 +
 security/manager/ssl/CryptoTask.cpp                |     43 +
 security/manager/ssl/CryptoTask.h                  |     52 +
 security/manager/ssl/DER.sys.mjs                   |    333 +
 security/manager/ssl/DataStorage.cpp               |    866 +
 security/manager/ssl/DataStorage.h                 |    226 +
 security/manager/ssl/DataStorageIPCUtils.h         |     21 +
 security/manager/ssl/DataStorageList.h             |     18 +
 security/manager/ssl/EnterpriseRoots.cpp           |    373 +
 security/manager/ssl/EnterpriseRoots.h             |     35 +
 security/manager/ssl/IPCClientCertsChild.cpp       |     17 +
 security/manager/ssl/IPCClientCertsChild.h         |     36 +
 security/manager/ssl/IPCClientCertsParent.cpp      |    130 +
 security/manager/ssl/IPCClientCertsParent.h        |     40 +
 security/manager/ssl/KeychainSecret.cpp            |    186 +
 security/manager/ssl/KeychainSecret.h              |     49 +
 security/manager/ssl/LibSecret.cpp                 |    385 +
 security/manager/ssl/LibSecret.h                   |     31 +
 security/manager/ssl/NSSErrorsService.cpp          |    212 +
 security/manager/ssl/NSSErrorsService.h            |     56 +
 security/manager/ssl/NSSKeyStore.cpp               |    228 +
 security/manager/ssl/NSSKeyStore.h                 |     36 +
 security/manager/ssl/NSSSocketControl.cpp          |    699 +
 security/manager/ssl/NSSSocketControl.h            |    340 +
 security/manager/ssl/OSKeyStore.cpp                |    726 +
 security/manager/ssl/OSKeyStore.h                  |    105 +
 security/manager/ssl/OSReauthenticator.cpp         |    562 +
 security/manager/ssl/OSReauthenticator.h           |     36 +
 security/manager/ssl/OSReauthenticatorDarwin.mm    |     60 +
 security/manager/ssl/PIPCClientCerts.ipdl          |     35 +
 security/manager/ssl/PKCS11ModuleDB.cpp            |    184 +
 security/manager/ssl/PKCS11ModuleDB.h              |     35 +
 security/manager/ssl/PSMIPCTypes.ipdlh             |     51 +
 security/manager/ssl/PSMRunnable.cpp               |     42 +
 security/manager/ssl/PSMRunnable.h                 |     49 +
 security/manager/ssl/PSelectTLSClientAuthCert.ipdl |     26 +
 security/manager/ssl/PVerifySSLServerCert.ipdl     |     31 +
 security/manager/ssl/PublicKeyPinningService.cpp   |    393 +
 security/manager/ssl/PublicKeyPinningService.h     |     54 +
 security/manager/ssl/PublicSSL.h                   |     24 +
 .../manager/ssl/RemoteSecuritySettings.sys.mjs     |    710 +
 .../manager/ssl/RootCertificateTelemetryUtils.cpp  |    139 +
 .../manager/ssl/RootCertificateTelemetryUtils.h    |     37 +
 security/manager/ssl/RootHashes.inc                |   1501 +
 security/manager/ssl/SSLServerCertVerification.cpp |   1130 +
 security/manager/ssl/SSLServerCertVerification.h   |    161 +
 security/manager/ssl/ScopedNSSTypes.h              |    464 +
 security/manager/ssl/SecretDecoderRing.cpp         |    344 +
 security/manager/ssl/SecretDecoderRing.h           |     37 +
 .../manager/ssl/SelectTLSClientAuthCertChild.h     |     42 +
 .../manager/ssl/SelectTLSClientAuthCertParent.h    |     53 +
 security/manager/ssl/SharedCertVerifier.h          |     38 +
 security/manager/ssl/SharedSSLState.cpp            |    192 +
 security/manager/ssl/SharedSSLState.h              |     74 +
 security/manager/ssl/StaticHPKPins.errors          |     33 +
 security/manager/ssl/StaticHPKPins.h               |    778 +
 .../manager/ssl/TLSClientAuthCertSelection.cpp     |    926 +
 security/manager/ssl/TLSClientAuthCertSelection.h  |    120 +
 security/manager/ssl/TransportSecurityInfo.cpp     |   1131 +
 security/manager/ssl/TransportSecurityInfo.h       |    107 +
 security/manager/ssl/VerifySSLServerCertChild.cpp  |    123 +
 security/manager/ssl/VerifySSLServerCertChild.h    |     62 +
 security/manager/ssl/VerifySSLServerCertParent.cpp |    185 +
 security/manager/ssl/VerifySSLServerCertParent.h   |     60 +
 security/manager/ssl/X509.sys.mjs                  |    641 +
 security/manager/ssl/X509CertValidity.cpp          |     96 +
 security/manager/ssl/X509CertValidity.h            |     31 +
 .../manager/ssl/addons-public-intermediate.crt     |    Bin 0 -> 1841 bytes
 security/manager/ssl/addons-public.crt             |    Bin 0 -> 1637 bytes
 security/manager/ssl/addons-stage.crt              |    Bin 0 -> 1895 bytes
 security/manager/ssl/builtins/Cargo.toml           |     17 +
 security/manager/ssl/builtins/build.rs             |    568 +
 .../ssl/builtins/dynamic-library/builtins.symbols  |      1 +
 .../manager/ssl/builtins/dynamic-library/moz.build |     38 +
 .../manager/ssl/builtins/dynamic-library/stub.c    |     27 +
 .../manager/ssl/builtins/dynamic-library/stub.cpp  |     17 +
 security/manager/ssl/builtins/moz.build            |      9 +
 security/manager/ssl/builtins/src/certdata.rs      |     52 +
 security/manager/ssl/builtins/src/internal.rs      |    344 +
 security/manager/ssl/builtins/src/lib.rs           |      9 +
 security/manager/ssl/builtins/src/pkcs11.rs        |   1227 +
 security/manager/ssl/builtins/src/version.rs       |      6 +
 security/manager/ssl/cert_storage/Cargo.toml       |     24 +
 .../manager/ssl/cert_storage/src/cert_storage.h    |     24 +
 security/manager/ssl/cert_storage/src/lib.rs       |   1807 +
 security/manager/ssl/components.conf               |    143 +
 security/manager/ssl/content-signature-local.crt   |    Bin 0 -> 558 bytes
 security/manager/ssl/content-signature-prod.crt    |    Bin 0 -> 1637 bytes
 security/manager/ssl/content-signature-stage.crt   |    Bin 0 -> 1904 bytes
 security/manager/ssl/crashtests/398665-1.html      |      1 +
 security/manager/ssl/crashtests/crashtests.list    |      1 +
 security/manager/ssl/crypto_hash/Cargo.toml        |     23 +
 security/manager/ssl/crypto_hash/crypto_hash.h     |     46 +
 security/manager/ssl/crypto_hash/src/lib.rs        |    177 +
 security/manager/ssl/gen_cert_header.py            |     46 +
 security/manager/ssl/ipcclientcerts/Cargo.toml     |     15 +
 .../dynamic-library/ipcclientcerts.symbols         |      1 +
 .../ssl/ipcclientcerts/dynamic-library/moz.build   |     40 +
 .../ssl/ipcclientcerts/dynamic-library/stub.c      |     43 +
 .../ssl/ipcclientcerts/dynamic-library/stub.cpp    |     29 +
 security/manager/ssl/ipcclientcerts/moz.build      |      9 +
 security/manager/ssl/ipcclientcerts/src/backend.rs |    373 +
 security/manager/ssl/ipcclientcerts/src/lib.rs     |   1047 +
 security/manager/ssl/md4.c                         |    179 +
 security/manager/ssl/md4.h                         |     38 +
 security/manager/ssl/moz.build                     |    277 +
 security/manager/ssl/nsCertOverrideService.cpp     |    757 +
 security/manager/ssl/nsCertOverrideService.h       |    152 +
 security/manager/ssl/nsCertTree.cpp                |    844 +
 security/manager/ssl/nsCertTree.h                  |    131 +
 security/manager/ssl/nsClientAuthRemember.cpp      |    363 +
 security/manager/ssl/nsClientAuthRemember.h        |     98 +
 security/manager/ssl/nsICertOverrideService.idl    |    143 +
 security/manager/ssl/nsICertStorage.idl            |    265 +
 security/manager/ssl/nsICertTree.idl               |     39 +
 security/manager/ssl/nsICertificateDialogs.idl     |     68 +
 security/manager/ssl/nsIClientAuthDialogs.idl      |     41 +
 .../manager/ssl/nsIClientAuthRememberService.idl   |     65 +
 .../manager/ssl/nsIContentSignatureVerifier.idl    |     49 +
 security/manager/ssl/nsICryptoHash.idl             |    109 +
 security/manager/ssl/nsINSSComponent.idl           |    105 +
 security/manager/ssl/nsINSSErrorsService.idl       |     72 +
 security/manager/ssl/nsINSSVersion.idl             |     37 +
 security/manager/ssl/nsIOSKeyStore.idl             |    144 +
 security/manager/ssl/nsIOSReauthenticator.idl      |     45 +
 security/manager/ssl/nsIPK11Token.idl              |     81 +
 security/manager/ssl/nsIPK11TokenDB.idl            |     31 +
 security/manager/ssl/nsIPKCS11Module.idl           |     21 +
 security/manager/ssl/nsIPKCS11ModuleDB.idl         |     40 +
 security/manager/ssl/nsIPKCS11Slot.idl             |     52 +
 .../manager/ssl/nsIPublicKeyPinningService.idl     |     22 +
 security/manager/ssl/nsISecretDecoderRing.idl      |     77 +
 security/manager/ssl/nsISecurityUITelemetry.idl    |     34 +
 security/manager/ssl/nsISiteSecurityService.idl    |    145 +
 security/manager/ssl/nsITLSSocketControl.idl       |    187 +
 security/manager/ssl/nsITokenPasswordDialogs.idl   |     30 +
 security/manager/ssl/nsITransportSecurityInfo.idl  |    137 +
 security/manager/ssl/nsIX509Cert.idl               |    206 +
 security/manager/ssl/nsIX509CertDB.idl             |    351 +
 security/manager/ssl/nsIX509CertValidity.idl       |     25 +
 security/manager/ssl/nsNSSCallbacks.cpp            |   1206 +
 security/manager/ssl/nsNSSCallbacks.h              |     42 +
 security/manager/ssl/nsNSSCertHelper.cpp           |     99 +
 security/manager/ssl/nsNSSCertHelper.h             |     31 +
 security/manager/ssl/nsNSSCertTrust.cpp            |    121 +
 security/manager/ssl/nsNSSCertTrust.h              |     55 +
 security/manager/ssl/nsNSSCertificate.cpp          |    709 +
 security/manager/ssl/nsNSSCertificate.h            |     50 +
 security/manager/ssl/nsNSSCertificateDB.cpp        |   1356 +
 security/manager/ssl/nsNSSCertificateDB.h          |     71 +
 security/manager/ssl/nsNSSComponent.cpp            |   2769 +
 security/manager/ssl/nsNSSComponent.h              |    168 +
 security/manager/ssl/nsNSSHelper.h                 |     32 +
 security/manager/ssl/nsNSSIOLayer.cpp              |   1770 +
 security/manager/ssl/nsNSSIOLayer.h                |    134 +
 security/manager/ssl/nsNSSModule.cpp               |    107 +
 security/manager/ssl/nsNSSModule.h                 |     21 +
 security/manager/ssl/nsNSSVersion.cpp              |     78 +
 security/manager/ssl/nsNSSVersion.h                |     30 +
 security/manager/ssl/nsNTLMAuthModule.cpp          |   1040 +
 security/manager/ssl/nsNTLMAuthModule.h            |     33 +
 security/manager/ssl/nsPK11TokenDB.cpp             |    287 +
 security/manager/ssl/nsPK11TokenDB.h               |     67 +
 security/manager/ssl/nsPKCS11Slot.cpp              |    277 +
 security/manager/ssl/nsPKCS11Slot.h                |     58 +
 security/manager/ssl/nsPKCS12Blob.cpp              |    357 +
 security/manager/ssl/nsPKCS12Blob.h                |     54 +
 security/manager/ssl/nsRandomGenerator.cpp         |     36 +
 security/manager/ssl/nsRandomGenerator.h           |     29 +
 security/manager/ssl/nsSSLSocketProvider.cpp       |     46 +
 security/manager/ssl/nsSSLSocketProvider.h         |     32 +
 security/manager/ssl/nsSTSPreloadList.inc          | 156063 ++++++++++++++++++
 security/manager/ssl/nsSecureBrowserUI.cpp         |    162 +
 security/manager/ssl/nsSecureBrowserUI.h           |     53 +
 security/manager/ssl/nsSecurityHeaderParser.cpp    |    206 +
 security/manager/ssl/nsSecurityHeaderParser.h      |     78 +
 security/manager/ssl/nsSiteSecurityService.cpp     |    830 +
 security/manager/ssl/nsSiteSecurityService.h       |    145 +
 security/manager/ssl/nsTLSSocketProvider.cpp       |     47 +
 security/manager/ssl/nsTLSSocketProvider.h         |     31 +
 security/manager/ssl/nsVerificationJob.h           |     48 +
 security/manager/ssl/osclientcerts/Cargo.toml      |     31 +
 .../ssl/osclientcerts/dynamic-library/moz.build    |     33 +
 .../dynamic-library/osclientcerts.symbols          |      1 +
 .../ssl/osclientcerts/dynamic-library/stub.cpp     |      8 +
 security/manager/ssl/osclientcerts/moz.build       |      9 +
 .../manager/ssl/osclientcerts/src/backend_macos.rs |    849 +
 .../ssl/osclientcerts/src/backend_windows.rs       |    914 +
 .../ssl/osclientcerts/src/bindings_macos.rs        |     79 +
 security/manager/ssl/osclientcerts/src/lib.rs      |   1235 +
 .../manager/ssl/osclientcerts/test/certificate.bin |    Bin 0 -> 909 bytes
 .../manager/ssl/osclientcerts/test/modulus.bin     |      2 +
 security/manager/ssl/osclientcerts/test/rsa.bin    |    Bin 0 -> 270 bytes
 security/manager/ssl/rsclientcerts/Cargo.toml      |     10 +
 security/manager/ssl/rsclientcerts/src/error.rs    |    103 +
 security/manager/ssl/rsclientcerts/src/lib.rs      |     11 +
 security/manager/ssl/rsclientcerts/src/manager.rs  |    671 +
 security/manager/ssl/rsclientcerts/src/util.rs     |    540 +
 .../manager/ssl/rsclientcerts/test/certificate.bin |    Bin 0 -> 909 bytes
 .../manager/ssl/rsclientcerts/test/modulus.bin     |      2 +
 security/manager/ssl/rsclientcerts/test/rsa.bin    |    Bin 0 -> 270 bytes
 security/manager/ssl/tests/.eslintrc.js            |      8 +
 security/manager/ssl/tests/gtest/CertDBTest.cpp    |     52 +
 security/manager/ssl/tests/gtest/CoseTest.cpp      |    756 +
 .../manager/ssl/tests/gtest/DataStorageTest.cpp    |    201 +
 .../ssl/tests/gtest/DeserializeCertTest.cpp        |    507 +
 security/manager/ssl/tests/gtest/HMACTest.cpp      |     64 +
 security/manager/ssl/tests/gtest/MD4Test.cpp       |     62 +
 security/manager/ssl/tests/gtest/OCSPCacheTest.cpp |    357 +
 security/manager/ssl/tests/gtest/README.txt        |      2 +
 .../manager/ssl/tests/gtest/TLSIntoleranceTest.cpp |    383 +
 security/manager/ssl/tests/gtest/moz.build         |     26 +
 .../ssl/tests/mochitest/browser/browser.ini        |     40 +
 .../ssl/tests/mochitest/browser/browser_HSTS.js    |    277 +
 .../browser/browser_add_exception_dialog.js        |     69 +
 .../browser/browser_bug627234_perwindowpb.js       |     91 +
 .../tests/mochitest/browser/browser_certViewer.js  |    112 +
 .../browser/browser_certificateManager.js          |    105 +
 .../browser/browser_clientAuthRememberService.js   |    297 +
 .../browser/browser_clientAuth_connection.js       |    401 +
 .../browser_clientAuth_speculative_connection.html |      6 +
 .../browser_clientAuth_speculative_connection.js   |     90 +
 .../mochitest/browser/browser_clientAuth_ui.js     |    195 +
 .../mochitest/browser/browser_deleteCert_ui.js     |    259 +
 .../mochitest/browser/browser_downloadCert_ui.js   |    134 +
 .../mochitest/browser/browser_editCACertTrust.js   |    141 +
 .../browser/browser_exportP12_passwordUI.js        |    164 +
 .../browser/browser_loadPKCS11Module_ui.js         |    312 +
 .../manager/ssl/tests/mochitest/browser/ca.pem     |     17 +
 .../ssl/tests/mochitest/browser/ca.pem.certspec    |      4 +
 .../browser/client-cert-via-intermediate.pem       |     19 +
 .../client-cert-via-intermediate.pem.certspec      |      3 +
 .../browser/client-cert-with-ocsp-signing.pem      |     20 +
 .../client-cert-with-ocsp-signing.pem.certspec     |      3 +
 .../ssl/tests/mochitest/browser/code-ee.pem        |     17 +
 .../tests/mochitest/browser/code-ee.pem.certspec   |      3 +
 .../tests/mochitest/browser/ee-from-expired-ca.pem |     17 +
 .../browser/ee-from-expired-ca.pem.certspec        |      2 +
 .../mochitest/browser/ee-from-untrusted-ca.pem     |     17 +
 .../browser/ee-from-untrusted-ca.pem.certspec      |      2 +
 .../ssl/tests/mochitest/browser/email-ee.pem       |     17 +
 .../tests/mochitest/browser/email-ee.pem.certspec  |      3 +
 .../ssl/tests/mochitest/browser/expired-ca.pem     |     18 +
 .../mochitest/browser/expired-ca.pem.certspec      |      5 +
 .../manager/ssl/tests/mochitest/browser/has-cn.pem |     18 +
 .../tests/mochitest/browser/has-cn.pem.certspec    |      2 +
 .../tests/mochitest/browser/has-empty-subject.pem  |     16 +
 .../browser/has-empty-subject.pem.certspec         |      3 +
 .../mochitest/browser/has-non-empty-subject.pem    |     17 +
 .../browser/has-non-empty-subject.pem.certspec     |      2 +
 .../manager/ssl/tests/mochitest/browser/has-o.pem  |     17 +
 .../ssl/tests/mochitest/browser/has-o.pem.certspec |      2 +
 .../manager/ssl/tests/mochitest/browser/has-ou.pem |     17 +
 .../tests/mochitest/browser/has-ou.pem.certspec    |      2 +
 .../manager/ssl/tests/mochitest/browser/head.js    |     82 +
 .../ssl/tests/mochitest/browser/hsts_headers.sjs   |     16 +
 .../mochitest/browser/hsts_headers_framed.html     |     22 +
 .../ssl/tests/mochitest/browser/intermediate.pem   |     20 +
 .../mochitest/browser/intermediate.pem.certspec    |      4 +
 .../ssl/tests/mochitest/browser/invalid.pem        |     17 +
 .../tests/mochitest/browser/invalid.pem.certspec   |      3 +
 .../ssl/tests/mochitest/browser/longOID.pem        |     25 +
 .../tests/mochitest/browser/longOID.pem.certspec   |      4 +
 .../manager/ssl/tests/mochitest/browser/md5-ee.pem |     17 +
 .../tests/mochitest/browser/md5-ee.pem.certspec    |      3 +
 .../manager/ssl/tests/mochitest/browser/moz.build  |      7 +
 .../tests/mochitest/browser/pgo-ca-all-usages.pem  |     21 +
 .../browser/pgo-ca-all-usages.pem.certspec         |      4 +
 .../mochitest/browser/pgo-ca-regular-usages.pem    |     21 +
 .../browser/pgo-ca-regular-usages.pem.certspec     |      4 +
 .../ssl/tests/mochitest/browser/revoked.pem        |     17 +
 .../tests/mochitest/browser/revoked.pem.certspec   |      2 +
 .../ssl/tests/mochitest/browser/some_content.html  |      6 +
 .../mochitest/browser/some_content_framed.html     |     14 +
 .../manager/ssl/tests/mochitest/browser/ssl-ee.pem |     18 +
 .../tests/mochitest/browser/ssl-ee.pem.certspec    |      3 +
 .../ssl/tests/mochitest/browser/unknown-issuer.pem |     17 +
 .../mochitest/browser/unknown-issuer.pem.certspec  |      2 +
 .../ssl/tests/mochitest/browser/untrusted-ca.pem   |     18 +
 .../mochitest/browser/untrusted-ca.pem.certspec    |      4 +
 .../tests/mochitest/mixedcontent/alloworigin.sjs   |      7 +
 .../ssl/tests/mochitest/mixedcontent/backward.html |     18 +
 .../ssl/tests/mochitest/mixedcontent/bug329869.js  |     11 +
 .../mochitest/mixedcontent/bug383369step2.html     |     28 +
 .../mochitest/mixedcontent/bug383369step3.html     |     29 +
 .../ssl/tests/mochitest/mixedcontent/download.auto |      1 +
 .../mochitest/mixedcontent/download.auto^headers^  |      2 +
 .../tests/mochitest/mixedcontent/emptyimage.sjs    |      6 +
 .../ssl/tests/mochitest/mixedcontent/hugebmp.sjs   |     17 +
 .../ssl/tests/mochitest/mixedcontent/iframe.html   |     14 +
 .../ssl/tests/mochitest/mixedcontent/iframe2.html  |     15 +
 .../mochitest/mixedcontent/iframeMetaRedirect.html |      8 +
 .../mochitest/mixedcontent/iframesecredirect.sjs   |      9 +
 .../mochitest/mixedcontent/iframeunsecredirect.sjs |      9 +
 .../mochitest/mixedcontent/imgsecredirect.sjs      |      9 +
 .../mochitest/mixedcontent/imgunsecredirect.sjs    |      9 +
 .../mochitest/mixedcontent/mixedContentTest.js     |    211 +
 .../ssl/tests/mochitest/mixedcontent/mochitest.ini |     70 +
 .../tests/mochitest/mixedcontent/moonsurface.jpg   |    Bin 0 -> 52159 bytes
 .../ssl/tests/mochitest/mixedcontent/moz.build     |      7 +
 .../ssl/tests/mochitest/mixedcontent/nocontent.sjs |      5 +
 .../mixedcontent/redirecttoemptyimage.sjs          |      9 +
 .../ssl/tests/mochitest/mixedcontent/somestyle.css |      4 +
 .../mochitest/mixedcontent/test_bug329869.html     |     36 +
 .../mochitest/mixedcontent/test_bug383369.html     |     89 +
 .../mochitest/mixedcontent/test_bug455367.html     |     37 +
 .../mochitest/mixedcontent/test_bug472986.html     |     46 +
 .../mochitest/mixedcontent/test_bug477118.html     |     34 +
 .../mochitest/mixedcontent/test_bug521461.html     |     39 +
 .../mochitest/mixedcontent/test_cssBefore1.html    |     42 +
 .../mochitest/mixedcontent/test_cssContent1.html   |     41 +
 .../mochitest/mixedcontent/test_cssContent2.html   |     46 +
 .../mixedcontent/test_documentWrite1.html          |     38 +
 .../mixedcontent/test_documentWrite2.html          |     40 +
 .../test_dynDelayedUnsecurePicture.html            |     47 +
 .../mixedcontent/test_dynDelayedUnsecureXHR.html   |     48 +
 .../mixedcontent/test_dynUnsecureBackground.html   |     44 +
 .../test_dynUnsecureIframeRedirect.html            |     44 +
 .../mixedcontent/test_dynUnsecurePicture.html      |     46 +
 .../test_dynUnsecurePicturePreload.html            |     36 +
 .../mixedcontent/test_dynUnsecureRedirect.html     |     39 +
 .../test_innerHtmlDelayedUnsecurePicture.html      |     42 +
 .../test_innerHtmlUnsecurePicture.html             |     40 +
 .../mixedcontent/test_javascriptPicture.html       |     34 +
 .../mochitest/mixedcontent/test_secureAll.html     |     42 +
 .../mochitest/mixedcontent/test_securePicture.html |     36 +
 .../mixedcontent/test_unsecureBackground.html      |     35 +
 .../mochitest/mixedcontent/test_unsecureCSS.html   |     38 +
 .../mixedcontent/test_unsecureIframe.html          |     36 +
 .../mixedcontent/test_unsecureIframe2.html         |     36 +
 .../test_unsecureIframeMetaRedirect.html           |     36 +
 .../mixedcontent/test_unsecureIframeRedirect.html  |     36 +
 .../mixedcontent/test_unsecurePicture.html         |     34 +
 .../mixedcontent/test_unsecurePictureDup.html      |     20 +
 .../mixedcontent/test_unsecurePictureInIframe.html |     36 +
 .../mixedcontent/test_unsecureRedirect.html        |     36 +
 .../mochitest/mixedcontent/unsecureIframe.html     |      9 +
 .../mochitest/mixedcontent/unsecurePictureDup.html |     34 +
 security/manager/ssl/tests/mochitest/moz.build     |     10 +
 security/manager/ssl/tests/moz.build               |     17 +
 .../tests/unit/bad_certs/badSubjectAltNames.pem    |     18 +
 .../unit/bad_certs/badSubjectAltNames.pem.certspec |      3 +
 .../ssl/tests/unit/bad_certs/beforeEpoch.pem       |     19 +
 .../tests/unit/bad_certs/beforeEpoch.pem.certspec  |      5 +
 .../ssl/tests/unit/bad_certs/beforeEpochINT.pem    |     18 +
 .../unit/bad_certs/beforeEpochINT.pem.certspec     |      5 +
 .../ssl/tests/unit/bad_certs/beforeEpochIssuer.pem |     20 +
 .../unit/bad_certs/beforeEpochIssuer.pem.certspec  |      4 +
 .../tests/unit/bad_certs/beforeEpochSelfSigned.pem |     20 +
 .../bad_certs/beforeEpochSelfSigned.pem.certspec   |      4 +
 .../tests/unit/bad_certs/ca-used-as-end-entity.pem |     20 +
 .../bad_certs/ca-used-as-end-entity.pem.certspec   |      5 +
 .../ssl/tests/unit/bad_certs/default-ee.key        |     28 +
 .../tests/unit/bad_certs/default-ee.key.keyspec    |      1 +
 .../ssl/tests/unit/bad_certs/default-ee.pem        |     21 +
 .../tests/unit/bad_certs/default-ee.pem.certspec   |      4 +
 .../bad_certs/ee-from-missing-intermediate.pem     |     19 +
 .../ee-from-missing-intermediate.pem.certspec      |      3 +
 .../unit/bad_certs/ee-imminently-distrusted.pem    |     20 +
 .../ee-imminently-distrusted.pem.certspec          |      4 +
 .../ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem   |     19 +
 .../unit/bad_certs/eeIssuedByNonCA.pem.certspec    |      4 +
 .../ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem  |     18 +
 .../unit/bad_certs/eeIssuedByV1Cert.pem.certspec   |      3 +
 .../ssl/tests/unit/bad_certs/emptyIssuerName.pem   |     18 +
 .../unit/bad_certs/emptyIssuerName.pem.certspec    |      3 +
 .../ssl/tests/unit/bad_certs/emptyNameCA.pem       |     17 +
 .../tests/unit/bad_certs/emptyNameCA.pem.certspec  |      4 +
 .../tests/unit/bad_certs/ev-test-intermediate.pem  |     20 +
 .../bad_certs/ev-test-intermediate.pem.certspec    |      7 +
 .../manager/ssl/tests/unit/bad_certs/ev-test.pem   |     20 +
 .../ssl/tests/unit/bad_certs/ev-test.pem.certspec  |      5 +
 .../manager/ssl/tests/unit/bad_certs/evroot.key    |     28 +
 .../ssl/tests/unit/bad_certs/evroot.key.keyspec    |      1 +
 .../manager/ssl/tests/unit/bad_certs/evroot.pem    |     18 +
 .../ssl/tests/unit/bad_certs/evroot.pem.certspec   |      7 +
 .../ssl/tests/unit/bad_certs/expired-ee.pem        |     19 +
 .../tests/unit/bad_certs/expired-ee.pem.certspec   |      5 +
 .../ssl/tests/unit/bad_certs/expiredINT.pem        |     18 +
 .../tests/unit/bad_certs/expiredINT.pem.certspec   |      5 +
 .../ssl/tests/unit/bad_certs/expiredissuer.pem     |     20 +
 .../unit/bad_certs/expiredissuer.pem.certspec      |      4 +
 .../ssl/tests/unit/bad_certs/idn-certificate.pem   |     19 +
 .../unit/bad_certs/idn-certificate.pem.certspec    |      3 +
 .../tests/unit/bad_certs/inadequateKeySizeEE.key   |     16 +
 .../unit/bad_certs/inadequateKeySizeEE.key.keyspec |      1 +
 .../tests/unit/bad_certs/inadequateKeySizeEE.pem   |     17 +
 .../bad_certs/inadequateKeySizeEE.pem.certspec     |      5 +
 .../tests/unit/bad_certs/inadequatekeyusage-ee.pem |     20 +
 .../bad_certs/inadequatekeyusage-ee.pem.certspec   |      5 +
 .../unit/bad_certs/ipAddressAsDNSNameInSAN.pem     |     18 +
 .../bad_certs/ipAddressAsDNSNameInSAN.pem.certspec |      3 +
 .../tests/unit/bad_certs/md5signature-expired.pem  |     20 +
 .../bad_certs/md5signature-expired.pem.certspec    |      6 +
 .../ssl/tests/unit/bad_certs/md5signature.pem      |     19 +
 .../tests/unit/bad_certs/md5signature.pem.certspec |      5 +
 .../ssl/tests/unit/bad_certs/mismatch-expired.pem  |     19 +
 .../unit/bad_certs/mismatch-expired.pem.certspec   |      5 +
 .../tests/unit/bad_certs/mismatch-notYetValid.pem  |     20 +
 .../bad_certs/mismatch-notYetValid.pem.certspec    |      5 +
 .../unit/bad_certs/mismatch-untrusted-expired.pem  |     20 +
 .../mismatch-untrusted-expired.pem.certspec        |      5 +
 .../tests/unit/bad_certs/mismatch-untrusted.pem    |     20 +
 .../unit/bad_certs/mismatch-untrusted.pem.certspec |      4 +
 .../manager/ssl/tests/unit/bad_certs/mismatch.pem  |     20 +
 .../ssl/tests/unit/bad_certs/mismatch.pem.certspec |      4 +
 .../ssl/tests/unit/bad_certs/mismatchCN.pem        |     17 +
 .../tests/unit/bad_certs/mismatchCN.pem.certspec   |      2 +
 security/manager/ssl/tests/unit/bad_certs/mitm.pem |     18 +
 .../ssl/tests/unit/bad_certs/mitm.pem.certspec     |      3 +
 .../ssl/tests/unit/bad_certs/noValidNames.pem      |     19 +
 .../tests/unit/bad_certs/noValidNames.pem.certspec |      3 +
 .../ssl/tests/unit/bad_certs/notYetValid.pem       |     19 +
 .../tests/unit/bad_certs/notYetValid.pem.certspec  |      5 +
 .../ssl/tests/unit/bad_certs/notYetValidINT.pem    |     18 +
 .../unit/bad_certs/notYetValidINT.pem.certspec     |      5 +
 .../ssl/tests/unit/bad_certs/notYetValidIssuer.pem |     20 +
 .../unit/bad_certs/notYetValidIssuer.pem.certspec  |      4 +
 .../tests/unit/bad_certs/nsCertTypeCritical.pem    |     19 +
 .../unit/bad_certs/nsCertTypeCritical.pem.certspec |      4 +
 .../nsCertTypeCriticalWithExtKeyUsage.pem          |     20 +
 .../nsCertTypeCriticalWithExtKeyUsage.pem.certspec |      6 +
 .../tests/unit/bad_certs/nsCertTypeNotCritical.pem |     19 +
 .../bad_certs/nsCertTypeNotCritical.pem.certspec   |      4 +
 .../ssl/tests/unit/bad_certs/other-issuer-ee.pem   |     21 +
 .../unit/bad_certs/other-issuer-ee.pem.certspec    |      6 +
 .../ssl/tests/unit/bad_certs/other-test-ca.key     |     28 +
 .../tests/unit/bad_certs/other-test-ca.key.keyspec |      1 +
 .../ssl/tests/unit/bad_certs/other-test-ca.pem     |     18 +
 .../unit/bad_certs/other-test-ca.pem.certspec      |      7 +
 .../unit/bad_certs/self-signed-EE-with-cA-true.pem |     21 +
 .../self-signed-EE-with-cA-true.pem.certspec       |      5 +
 .../unit/bad_certs/selfsigned-inadequateEKU.pem    |     21 +
 .../selfsigned-inadequateEKU.pem.certspec          |      6 +
 .../ssl/tests/unit/bad_certs/selfsigned.pem        |     20 +
 .../tests/unit/bad_certs/selfsigned.pem.certspec   |      4 +
 .../manager/ssl/tests/unit/bad_certs/test-ca.pem   |     18 +
 .../ssl/tests/unit/bad_certs/test-ca.pem.certspec  |      4 +
 .../manager/ssl/tests/unit/bad_certs/test-int.pem  |     18 +
 .../ssl/tests/unit/bad_certs/test-int.pem.certspec |      5 +
 .../ssl/tests/unit/bad_certs/unknownissuer.pem     |     22 +
 .../unit/bad_certs/unknownissuer.pem.certspec      |      4 +
 .../ssl/tests/unit/bad_certs/untrusted-expired.pem |     20 +
 .../unit/bad_certs/untrusted-expired.pem.certspec  |      5 +
 .../ssl/tests/unit/bad_certs/untrustedissuer.pem   |     20 +
 .../unit/bad_certs/untrustedissuer.pem.certspec    |      4 +
 .../manager/ssl/tests/unit/bad_certs/v1Cert.pem    |     17 +
 .../ssl/tests/unit/bad_certs/v1Cert.pem.certspec   |      3 +
 .../ssl/tests/unit/corrupted_crlite_helper.js      |    103 +
 .../manager/ssl/tests/unit/crlite_enrollment_id.py |     33 +
 security/manager/ssl/tests/unit/crlite_key.py      |     58 +
 security/manager/ssl/tests/unit/head_psm.js        |   1192 +
 security/manager/ssl/tests/unit/moz.build          |     10 +
 .../unit/ocsp_certs/ca-used-as-end-entity.pem      |     20 +
 .../ocsp_certs/ca-used-as-end-entity.pem.certspec  |      5 +
 .../ssl/tests/unit/ocsp_certs/default-ee.key       |     28 +
 .../tests/unit/ocsp_certs/default-ee.key.keyspec   |      1 +
 .../ssl/tests/unit/ocsp_certs/default-ee.pem       |     21 +
 .../tests/unit/ocsp_certs/default-ee.pem.certspec  |      4 +
 .../tests/unit/ocsp_certs/delegatedSHA1Signer.pem  |     18 +
 .../ocsp_certs/delegatedSHA1Signer.pem.certspec    |      5 +
 .../ssl/tests/unit/ocsp_certs/delegatedSigner.pem  |     18 +
 .../unit/ocsp_certs/delegatedSigner.pem.certspec   |      4 +
 .../invalidDelegatedSignerFromIntermediate.pem     |     19 +
 ...lidDelegatedSignerFromIntermediate.pem.certspec |      4 +
 .../invalidDelegatedSignerKeyUsageCrlSigning.pem   |     18 +
 ...dDelegatedSignerKeyUsageCrlSigning.pem.certspec |      4 +
 .../invalidDelegatedSignerNoExtKeyUsage.pem        |     18 +
 ...nvalidDelegatedSignerNoExtKeyUsage.pem.certspec |      3 +
 .../invalidDelegatedSignerWrongExtKeyUsage.pem     |     18 +
 ...lidDelegatedSignerWrongExtKeyUsage.pem.certspec |      4 +
 .../unit/ocsp_certs/multi-tls-feature-bad-ee.pem   |     19 +
 .../multi-tls-feature-bad-ee.pem.certspec          |      4 +
 .../unit/ocsp_certs/multi-tls-feature-good-ee.pem  |     19 +
 .../multi-tls-feature-good-ee.pem.certspec         |      4 +
 .../must-staple-ee-with-must-staple-int.pem        |     19 +
 ...ust-staple-ee-with-must-staple-int.pem.certspec |      4 +
 .../ssl/tests/unit/ocsp_certs/must-staple-ee.pem   |     19 +
 .../unit/ocsp_certs/must-staple-ee.pem.certspec    |      5 +
 .../unit/ocsp_certs/must-staple-missing-ee.pem     |     18 +
 .../ocsp_certs/must-staple-missing-ee.pem.certspec |      3 +
 .../unit/ocsp_certs/ocspEEWithIntermediate.pem     |     20 +
 .../ocsp_certs/ocspEEWithIntermediate.pem.certspec |      4 +
 .../tests/unit/ocsp_certs/ocspOtherEndEntity.pem   |     19 +
 .../ocsp_certs/ocspOtherEndEntity.pem.certspec     |      4 +
 .../ssl/tests/unit/ocsp_certs/other-test-ca.key    |     28 +
 .../unit/ocsp_certs/other-test-ca.key.keyspec      |      1 +
 .../ssl/tests/unit/ocsp_certs/other-test-ca.pem    |     18 +
 .../unit/ocsp_certs/other-test-ca.pem.certspec     |      7 +
 .../ocsp_certs/rsa-1016-keysizeDelegatedSigner.key |     16 +
 .../rsa-1016-keysizeDelegatedSigner.key.keyspec    |      1 +
 .../ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem |     15 +
 .../rsa-1016-keysizeDelegatedSigner.pem.certspec   |      4 +
 .../manager/ssl/tests/unit/ocsp_certs/test-ca.pem  |     18 +
 .../ssl/tests/unit/ocsp_certs/test-ca.pem.certspec |      4 +
 .../manager/ssl/tests/unit/ocsp_certs/test-int.pem |     18 +
 .../tests/unit/ocsp_certs/test-int.pem.certspec    |      5 +
 .../unit/ocsp_certs/test-multi-tls-feature-int.pem |     19 +
 .../test-multi-tls-feature-int.pem.certspec        |      5 +
 .../tests/unit/ocsp_certs/test-must-staple-int.pem |     19 +
 .../ocsp_certs/test-must-staple-int.pem.certspec   |      5 +
 .../ssl/tests/unit/pkcs11testmodule/moz.build      |     20 +
 .../unit/pkcs11testmodule/pkcs11testmodule.cpp     |    597 +
 .../unit/pkcs11testmodule/pkcs11testmodule.symbols |      1 +
 security/manager/ssl/tests/unit/requirements.txt   |      6 +
 security/manager/ssl/tests/unit/sign_app.py        |    426 +
 .../ssl/tests/unit/test_add_preexisting_cert.js    |     46 +
 .../ssl/tests/unit/test_allow_all_cert_errors.js   |     25 +
 .../tests/unit/test_baseline_requirements/ca.pem   |     17 +
 .../test_baseline_requirements/ca.pem.certspec     |      5 +
 .../unit/test_baseline_requirements/no-san-old.pem |     17 +
 .../no-san-old.pem.certspec                        |      3 +
 .../test_baseline_requirements/no-san-older.pem    |     17 +
 .../no-san-older.pem.certspec                      |      3 +
 .../test_baseline_requirements/no-san-recent.pem   |     17 +
 .../no-san-recent.pem.certspec                     |      3 +
 .../san-contains-no-hostnames-old.pem              |     18 +
 .../san-contains-no-hostnames-old.pem.certspec     |      4 +
 .../san-contains-no-hostnames-older.pem            |     18 +
 .../san-contains-no-hostnames-older.pem.certspec   |      4 +
 .../san-contains-no-hostnames-recent.pem           |     18 +
 .../san-contains-no-hostnames-recent.pem.certspec  |      4 +
 ...st_baseline_requirements_subject_common_name.js |     78 +
 .../ssl/tests/unit/test_blocklist_onecrl.js        |    148 +
 .../manager/ssl/tests/unit/test_broken_fips.js     |     61 +
 .../ssl/tests/unit/test_broken_fips/key4.db        |    Bin 0 -> 36864 bytes
 .../ssl/tests/unit/test_broken_fips/pkcs11.txt     |      5 +
 .../ssl/tests/unit/test_certDB_export_pkcs12.js    |     56 +
 ...t_certDB_export_pkcs12_with_primary_password.js |    117 +
 .../manager/ssl/tests/unit/test_certDB_import.js   |    187 +
 .../unit/test_certDB_import/cert_from_windows.pfx  |    Bin 0 -> 2041 bytes
 .../cert_from_windows_emptypass.pfx                |    Bin 0 -> 2068 bytes
 .../cert_from_windows_nopass.pfx                   |    Bin 0 -> 2068 bytes
 .../ssl/tests/unit/test_certDB_import/emailEE.pem  |     17 +
 .../unit/test_certDB_import/emailEE.pem.certspec   |      2 +
 .../unit/test_certDB_import/encrypted_with_aes.p12 |    Bin 0 -> 3239 bytes
 .../tests/unit/test_certDB_import/importedCA.pem   |     17 +
 .../test_certDB_import/importedCA.pem.certspec     |      3 +
 .../ssl/tests/unit/test_certDB_import_pkcs12.js    |    126 +
 .../test_certDB_import_with_primary_password.js    |    148 +
 .../manager/ssl/tests/unit/test_cert_chains.js     |    394 +
 security/manager/ssl/tests/unit/test_cert_dbKey.js |    225 +
 security/manager/ssl/tests/unit/test_cert_eku.js   |    189 +
 .../manager/ssl/tests/unit/test_cert_eku/ca.pem    |     17 +
 .../ssl/tests/unit/test_cert_eku/ca.pem.certspec   |      4 +
 .../manager/ssl/tests/unit/test_cert_eku/ee-CA.pem |     17 +
 .../tests/unit/test_cert_eku/ee-CA.pem.certspec    |      3 +
 .../ssl/tests/unit/test_cert_eku/ee-SA-CA.pem      |     18 +
 .../tests/unit/test_cert_eku/ee-SA-CA.pem.certspec |      3 +
 .../ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem    |     18 +
 .../unit/test_cert_eku/ee-SA-OCSP.pem.certspec     |      3 +
 .../ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem   |     18 +
 .../unit/test_cert_eku/ee-SA-nsSGC.pem.certspec    |      3 +
 .../manager/ssl/tests/unit/test_cert_eku/ee-SA.pem |     17 +
 .../tests/unit/test_cert_eku/ee-SA.pem.certspec    |      3 +
 .../ssl/tests/unit/test_cert_eku/ee-int-CA.pem     |     17 +
 .../unit/test_cert_eku/ee-int-CA.pem.certspec      |      2 +
 .../ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem  |     17 +
 .../unit/test_cert_eku/ee-int-SA-CA.pem.certspec   |      2 +
 .../tests/unit/test_cert_eku/ee-int-SA-OCSP.pem    |     17 +
 .../unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec |      2 +
 .../tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem   |     17 +
 .../test_cert_eku/ee-int-SA-nsSGC.pem.certspec     |      2 +
 .../ssl/tests/unit/test_cert_eku/ee-int-SA.pem     |     17 +
 .../unit/test_cert_eku/ee-int-SA.pem.certspec      |      2 +
 .../tests/unit/test_cert_eku/ee-int-nsSGC-old.pem  |     17 +
 .../test_cert_eku/ee-int-nsSGC-old.pem.certspec    |      3 +
 .../unit/test_cert_eku/ee-int-nsSGC-older.pem      |     17 +
 .../test_cert_eku/ee-int-nsSGC-older.pem.certspec  |      3 +
 .../unit/test_cert_eku/ee-int-nsSGC-recent.pem     |     17 +
 .../test_cert_eku/ee-int-nsSGC-recent.pem.certspec |      3 +
 .../ssl/tests/unit/test_cert_eku/ee-nsSGC.pem      |     17 +
 .../tests/unit/test_cert_eku/ee-nsSGC.pem.certspec |      3 +
 .../ssl/tests/unit/test_cert_eku/int-CA.pem        |     18 +
 .../tests/unit/test_cert_eku/int-CA.pem.certspec   |      4 +
 .../ssl/tests/unit/test_cert_eku/int-SA-CA.pem     |     18 +
 .../unit/test_cert_eku/int-SA-CA.pem.certspec      |      4 +
 .../ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem   |     18 +
 .../unit/test_cert_eku/int-SA-OCSP.pem.certspec    |      4 +
 .../ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem  |     18 +
 .../unit/test_cert_eku/int-SA-nsSGC.pem.certspec   |      4 +
 .../ssl/tests/unit/test_cert_eku/int-SA.pem        |     18 +
 .../tests/unit/test_cert_eku/int-SA.pem.certspec   |      4 +
 .../ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem |     18 +
 .../unit/test_cert_eku/int-nsSGC-old.pem.certspec  |      5 +
 .../tests/unit/test_cert_eku/int-nsSGC-older.pem   |     18 +
 .../test_cert_eku/int-nsSGC-older.pem.certspec     |      5 +
 .../tests/unit/test_cert_eku/int-nsSGC-recent.pem  |     18 +
 .../test_cert_eku/int-nsSGC-recent.pem.certspec    |      5 +
 .../ssl/tests/unit/test_cert_embedded_null.js      |     54 +
 .../ssl/tests/unit/test_cert_embedded_null/ca.pem  |     17 +
 .../unit/test_cert_embedded_null/ca.pem.certspec   |      4 +
 .../unit/test_cert_embedded_null/embeddedNull.pem  |     17 +
 .../embeddedNull.pem.certspec                      |      2 +
 .../embeddedNullCNAndSAN.pem                       |     18 +
 .../embeddedNullCNAndSAN.pem.certspec              |      3 +
 .../test_cert_embedded_null/embeddedNullSAN.pem    |     18 +
 .../embeddedNullSAN.pem.certspec                   |      3 +
 .../test_cert_embedded_null/embeddedNullSAN2.pem   |     18 +
 .../embeddedNullSAN2.pem.certspec                  |      3 +
 .../ssl/tests/unit/test_cert_expiration_canary.js  |     40 +
 .../ssl/tests/unit/test_cert_isBuiltInRoot.js      |     89 +
 .../tests/unit/test_cert_isBuiltInRoot_reload.js   |    143 +
 .../unit/test_cert_isBuiltInRoot_reload/cert9.db   |    Bin 0 -> 28672 bytes
 .../unit/test_cert_isBuiltInRoot_reload/key4.db    |    Bin 0 -> 36864 bytes
 .../manager/ssl/tests/unit/test_cert_keyUsage.js   |     76 +
 .../unit/test_cert_keyUsage/ca-all-usages.pem      |     18 +
 .../test_cert_keyUsage/ca-all-usages.pem.certspec  |      4 +
 .../test_cert_keyUsage/ca-missing-keyCertSign.pem  |     18 +
 .../ca-missing-keyCertSign.pem.certspec            |      4 +
 .../ca-no-keyUsage-extension.pem                   |     18 +
 .../ca-no-keyUsage-extension.pem.certspec          |      3 +
 ...yCertSign-and-keyEncipherment-ca-all-usages.pem |     18 +
 ...-and-keyEncipherment-ca-all-usages.pem.certspec |      3 +
 ...-and-keyEncipherment-ca-missing-keyCertSign.pem |     18 +
 ...ncipherment-ca-missing-keyCertSign.pem.certspec |      3 +
 ...nd-keyEncipherment-ca-no-keyUsage-extension.pem |     18 +
 ...ipherment-ca-no-keyUsage-extension.pem.certspec |      3 +
 .../ee-keyCertSign-only-ca-all-usages.pem          |     18 +
 .../ee-keyCertSign-only-ca-all-usages.pem.certspec |      3 +
 .../ee-keyCertSign-only-ca-missing-keyCertSign.pem |     18 +
 ...rtSign-only-ca-missing-keyCertSign.pem.certspec |      3 +
 ...e-keyCertSign-only-ca-no-keyUsage-extension.pem |     18 +
 ...Sign-only-ca-no-keyUsage-extension.pem.certspec |      3 +
 .../ee-keyEncipherment-only-ca-all-usages.pem      |     18 +
 ...keyEncipherment-only-ca-all-usages.pem.certspec |      3 +
 ...keyEncipherment-only-ca-missing-keyCertSign.pem |     18 +
 ...erment-only-ca-missing-keyCertSign.pem.certspec |      3 +
 ...yEncipherment-only-ca-no-keyUsage-extension.pem |     18 +
 ...ment-only-ca-no-keyUsage-extension.pem.certspec |      3 +
 .../ee-no-keyUsage-extension-ca-all-usages.pem     |     17 +
 ...o-keyUsage-extension-ca-all-usages.pem.certspec |      2 +
 ...o-keyUsage-extension-ca-missing-keyCertSign.pem |     18 +
 ...e-extension-ca-missing-keyCertSign.pem.certspec |      2 +
 ...keyUsage-extension-ca-no-keyUsage-extension.pem |     18 +
 ...extension-ca-no-keyUsage-extension.pem.certspec |      2 +
 .../ssl/tests/unit/test_cert_override_read.js      |    188 +
 .../manager/ssl/tests/unit/test_cert_overrides.js  |    734 +
 .../tests/unit/test_cert_overrides_read_only.js    |     94 +
 .../unit/test_cert_overrides_read_only/cert9.db    |    Bin 0 -> 28672 bytes
 .../unit/test_cert_overrides_read_only/key4.db     |    Bin 0 -> 36864 bytes
 security/manager/ssl/tests/unit/test_cert_sha1.js  |     53 +
 .../manager/ssl/tests/unit/test_cert_sha1/ca.pem   |     17 +
 .../ssl/tests/unit/test_cert_sha1/ca.pem.certspec  |      6 +
 .../tests/unit/test_cert_sha1/ee-post_int-post.pem |     17 +
 .../test_cert_sha1/ee-post_int-post.pem.certspec   |      4 +
 .../tests/unit/test_cert_sha1/ee-post_int-pre.pem  |     17 +
 .../test_cert_sha1/ee-post_int-pre.pem.certspec    |      4 +
 .../tests/unit/test_cert_sha1/ee-pre_int-pre.pem   |     17 +
 .../test_cert_sha1/ee-pre_int-pre.pem.certspec     |      4 +
 .../ssl/tests/unit/test_cert_sha1/int-post.pem     |     18 +
 .../unit/test_cert_sha1/int-post.pem.certspec      |      6 +
 .../ssl/tests/unit/test_cert_sha1/int-pre.pem      |     18 +
 .../tests/unit/test_cert_sha1/int-pre.pem.certspec |      6 +
 .../manager/ssl/tests/unit/test_cert_signatures.js |    140 +
 .../ssl/tests/unit/test_cert_signatures/ca-rsa.pem |     18 +
 .../unit/test_cert_signatures/ca-rsa.pem.certspec  |      4 +
 .../unit/test_cert_signatures/ca-secp384r1.pem     |     11 +
 .../test_cert_signatures/ca-secp384r1.pem.certspec |      7 +
 .../unit/test_cert_signatures/ee-rsa-direct.pem    |     17 +
 .../ee-rsa-direct.pem.certspec                     |      2 +
 .../ssl/tests/unit/test_cert_signatures/ee-rsa.pem |     17 +
 .../unit/test_cert_signatures/ee-rsa.pem.certspec  |      2 +
 .../test_cert_signatures/ee-secp384r1-direct.pem   |     10 +
 .../ee-secp384r1-direct.pem.certspec               |      5 +
 .../unit/test_cert_signatures/ee-secp384r1.pem     |     10 +
 .../test_cert_signatures/ee-secp384r1.pem.certspec |      5 +
 .../tests/unit/test_cert_signatures/int-rsa.pem    |     18 +
 .../unit/test_cert_signatures/int-rsa.pem.certspec |      4 +
 .../unit/test_cert_signatures/int-secp384r1.pem    |     11 +
 .../int-secp384r1.pem.certspec                     |      7 +
 .../manager/ssl/tests/unit/test_cert_storage.js    |    258 +
 .../ssl/tests/unit/test_cert_storage_broken_db.js  |     72 +
 .../ssl/tests/unit/test_cert_storage_direct.js     |    417 +
 .../revoked-cert-issuer.pem                        |     27 +
 .../unit/test_cert_storage_direct/revoked-cert.pem |     41 +
 .../test_cert_storage_direct/test-filter.crlite    |    Bin 0 -> 15244 bytes
 .../test_cert_storage_direct/valid-cert-issuer.pem |     27 +
 .../unit/test_cert_storage_direct/valid-cert.pem   |     34 +
 .../tests/unit/test_cert_storage_preexisting.js    |     48 +
 .../unit/test_cert_storage_preexisting/data.mdb    |    Bin 0 -> 45056 bytes
 .../test_cert_storage_preexisting/data.safe.bin    |    Bin 0 -> 122 bytes
 .../unit/test_cert_storage_preexisting/lock.mdb    |    Bin 0 -> 8192 bytes
 .../unit/test_cert_storage_preexisting_crlite.js   |     83 +
 .../crlite.coverage                                |    Bin 0 -> 97 bytes
 .../crlite.enrollment                              |      1 +
 .../crlite.filter                                  |    Bin 0 -> 15244 bytes
 .../data.safe.bin                                  |    Bin 0 -> 1607775 bytes
 security/manager/ssl/tests/unit/test_cert_trust.js |    324 +
 .../manager/ssl/tests/unit/test_cert_trust/ca.pem  |     17 +
 .../ssl/tests/unit/test_cert_trust/ca.pem.certspec |      4 +
 .../manager/ssl/tests/unit/test_cert_trust/ee.pem  |     18 +
 .../ssl/tests/unit/test_cert_trust/ee.pem.certspec |      3 +
 .../manager/ssl/tests/unit/test_cert_trust/int.pem |     17 +
 .../tests/unit/test_cert_trust/int.pem.certspec    |      4 +
 security/manager/ssl/tests/unit/test_cert_utf8.js  |     79 +
 .../unit/test_cert_utf8/certificateToAlter.pem     |     24 +
 .../test_cert_utf8/certificateToAlter.pem.certspec |      3 +
 .../manager/ssl/tests/unit/test_cert_version.js    |    304 +
 .../ssl/tests/unit/test_cert_version/ca.pem        |     17 +
 .../tests/unit/test_cert_version/ca.pem.certspec   |      4 +
 .../unit/test_cert_version/ee-v1-BC-cA_ca.pem      |     17 +
 .../test_cert_version/ee-v1-BC-cA_ca.pem.certspec  |      4 +
 .../unit/test_cert_version/ee-v1-BC-not-cA_ca.pem  |     17 +
 .../ee-v1-BC-not-cA_ca.pem.certspec                |      4 +
 .../tests/unit/test_cert_version/ee-v1-noBC_ca.pem |     17 +
 .../test_cert_version/ee-v1-noBC_ca.pem.certspec   |      3 +
 .../unit/test_cert_version/ee-v2-BC-cA_ca.pem      |     17 +
 .../test_cert_version/ee-v2-BC-cA_ca.pem.certspec  |      4 +
 .../unit/test_cert_version/ee-v2-BC-not-cA_ca.pem  |     17 +
 .../ee-v2-BC-not-cA_ca.pem.certspec                |      4 +
 .../tests/unit/test_cert_version/ee-v2-noBC_ca.pem |     17 +
 .../test_cert_version/ee-v2-noBC_ca.pem.certspec   |      3 +
 .../unit/test_cert_version/ee-v3-BC-cA_ca.pem      |     17 +
 .../test_cert_version/ee-v3-BC-cA_ca.pem.certspec  |      4 +
 .../unit/test_cert_version/ee-v3-BC-not-cA_ca.pem  |     17 +
 .../ee-v3-BC-not-cA_ca.pem.certspec                |      4 +
 .../tests/unit/test_cert_version/ee-v3-noBC_ca.pem |     17 +
 .../test_cert_version/ee-v3-noBC_ca.pem.certspec   |      3 +
 .../unit/test_cert_version/ee-v4-BC-cA_ca.pem      |     17 +
 .../test_cert_version/ee-v4-BC-cA_ca.pem.certspec  |      4 +
 .../unit/test_cert_version/ee-v4-BC-not-cA_ca.pem  |     17 +
 .../ee-v4-BC-not-cA_ca.pem.certspec                |      4 +
 .../tests/unit/test_cert_version/ee-v4-noBC_ca.pem |     17 +
 .../test_cert_version/ee-v4-noBC_ca.pem.certspec   |      3 +
 .../unit/test_cert_version/ee_int-v1-BC-cA.pem     |     17 +
 .../test_cert_version/ee_int-v1-BC-cA.pem.certspec |      2 +
 .../unit/test_cert_version/ee_int-v1-BC-not-cA.pem |     17 +
 .../ee_int-v1-BC-not-cA.pem.certspec               |      2 +
 .../unit/test_cert_version/ee_int-v1-noBC.pem      |     17 +
 .../test_cert_version/ee_int-v1-noBC.pem.certspec  |      2 +
 .../unit/test_cert_version/ee_int-v2-BC-cA.pem     |     17 +
 .../test_cert_version/ee_int-v2-BC-cA.pem.certspec |      2 +
 .../unit/test_cert_version/ee_int-v2-BC-not-cA.pem |     17 +
 .../ee_int-v2-BC-not-cA.pem.certspec               |      2 +
 .../unit/test_cert_version/ee_int-v2-noBC.pem      |     17 +
 .../test_cert_version/ee_int-v2-noBC.pem.certspec  |      2 +
 .../unit/test_cert_version/ee_int-v3-BC-cA.pem     |     17 +
 .../test_cert_version/ee_int-v3-BC-cA.pem.certspec |      2 +
 .../unit/test_cert_version/ee_int-v3-BC-not-cA.pem |     17 +
 .../ee_int-v3-BC-not-cA.pem.certspec               |      2 +
 .../unit/test_cert_version/ee_int-v3-noBC.pem      |     17 +
 .../test_cert_version/ee_int-v3-noBC.pem.certspec  |      2 +
 .../unit/test_cert_version/ee_int-v4-BC-cA.pem     |     17 +
 .../test_cert_version/ee_int-v4-BC-cA.pem.certspec |      2 +
 .../unit/test_cert_version/ee_int-v4-BC-not-cA.pem |     17 +
 .../ee_int-v4-BC-not-cA.pem.certspec               |      2 +
 .../unit/test_cert_version/ee_int-v4-noBC.pem      |     17 +
 .../test_cert_version/ee_int-v4-noBC.pem.certspec  |      2 +
 .../ssl/tests/unit/test_cert_version/generate.py   |     93 +
 .../unit/test_cert_version/int-v1-BC-cA_ca.pem     |     18 +
 .../test_cert_version/int-v1-BC-cA_ca.pem.certspec |      5 +
 .../unit/test_cert_version/int-v1-BC-not-cA_ca.pem |     18 +
 .../int-v1-BC-not-cA_ca.pem.certspec               |      5 +
 .../unit/test_cert_version/int-v1-noBC_ca.pem      |     17 +
 .../test_cert_version/int-v1-noBC_ca.pem.certspec  |      4 +
 .../unit/test_cert_version/int-v2-BC-cA_ca.pem     |     18 +
 .../test_cert_version/int-v2-BC-cA_ca.pem.certspec |      5 +
 .../unit/test_cert_version/int-v2-BC-not-cA_ca.pem |     18 +
 .../int-v2-BC-not-cA_ca.pem.certspec               |      5 +
 .../unit/test_cert_version/int-v2-noBC_ca.pem      |     17 +
 .../test_cert_version/int-v2-noBC_ca.pem.certspec  |      4 +
 .../unit/test_cert_version/int-v3-BC-cA_ca.pem     |     18 +
 .../test_cert_version/int-v3-BC-cA_ca.pem.certspec |      5 +
 .../unit/test_cert_version/int-v3-BC-not-cA_ca.pem |     18 +
 .../int-v3-BC-not-cA_ca.pem.certspec               |      5 +
 .../unit/test_cert_version/int-v3-noBC_ca.pem      |     17 +
 .../test_cert_version/int-v3-noBC_ca.pem.certspec  |      4 +
 .../unit/test_cert_version/int-v4-BC-cA_ca.pem     |     18 +
 .../test_cert_version/int-v4-BC-cA_ca.pem.certspec |      5 +
 .../unit/test_cert_version/int-v4-BC-not-cA_ca.pem |     18 +
 .../int-v4-BC-not-cA_ca.pem.certspec               |      5 +
 .../unit/test_cert_version/int-v4-noBC_ca.pem      |     17 +
 .../test_cert_version/int-v4-noBC_ca.pem.certspec  |      4 +
 .../tests/unit/test_cert_version/ss-v1-BC-cA.pem   |     17 +
 .../test_cert_version/ss-v1-BC-cA.pem.certspec     |      4 +
 .../unit/test_cert_version/ss-v1-BC-not-cA.pem     |     18 +
 .../test_cert_version/ss-v1-BC-not-cA.pem.certspec |      4 +
 .../tests/unit/test_cert_version/ss-v1-noBC.pem    |     17 +
 .../unit/test_cert_version/ss-v1-noBC.pem.certspec |      3 +
 .../tests/unit/test_cert_version/ss-v2-BC-cA.pem   |     18 +
 .../test_cert_version/ss-v2-BC-cA.pem.certspec     |      4 +
 .../unit/test_cert_version/ss-v2-BC-not-cA.pem     |     18 +
 .../test_cert_version/ss-v2-BC-not-cA.pem.certspec |      4 +
 .../tests/unit/test_cert_version/ss-v2-noBC.pem    |     17 +
 .../unit/test_cert_version/ss-v2-noBC.pem.certspec |      3 +
 .../tests/unit/test_cert_version/ss-v3-BC-cA.pem   |     18 +
 .../test_cert_version/ss-v3-BC-cA.pem.certspec     |      4 +
 .../unit/test_cert_version/ss-v3-BC-not-cA.pem     |     18 +
 .../test_cert_version/ss-v3-BC-not-cA.pem.certspec |      4 +
 .../tests/unit/test_cert_version/ss-v3-noBC.pem    |     17 +
 .../unit/test_cert_version/ss-v3-noBC.pem.certspec |      3 +
 .../tests/unit/test_cert_version/ss-v4-BC-cA.pem   |     18 +
 .../test_cert_version/ss-v4-BC-cA.pem.certspec     |      4 +
 .../unit/test_cert_version/ss-v4-BC-not-cA.pem     |     18 +
 .../test_cert_version/ss-v4-BC-not-cA.pem.certspec |      4 +
 .../tests/unit/test_cert_version/ss-v4-noBC.pem    |     17 +
 .../unit/test_cert_version/ss-v4-noBC.pem.certspec |      3 +
 .../ClientAuthRememberList.txt                     |      3 +
 .../unit/test_client_auth_remember_service_read.js |     64 +
 .../ssl/tests/unit/test_constructX509FromBase64.js |     87 +
 .../manager/ssl/tests/unit/test_content_signing.js |    431 +
 .../test_content_signing/content_signing_int.pem   |     18 +
 .../content_signing_int.pem.certspec               |      4 +
 .../content_signing_onecrl_RSA_ee.pem              |     18 +
 .../content_signing_onecrl_RSA_ee.pem.certspec     |      4 +
 .../content_signing_onecrl_ee.pem                  |     15 +
 .../content_signing_onecrl_ee.pem.certspec         |      5 +
 .../content_signing_onecrl_ee_expired.pem          |     15 +
 .../content_signing_onecrl_ee_expired.pem.certspec |      6 +
 .../content_signing_onecrl_ee_not_valid_yet.pem    |     15 +
 ...nt_signing_onecrl_ee_not_valid_yet.pem.certspec |      6 +
 .../content_signing_onecrl_no_SAN_ee.pem           |     14 +
 .../content_signing_onecrl_no_SAN_ee.pem.certspec  |      4 +
 .../content_signing_onecrl_wrong_key_ee.pem        |     14 +
 ...ontent_signing_onecrl_wrong_key_ee.pem.certspec |      5 +
 .../content_signing_remote_newtab_ee.pem           |     15 +
 .../content_signing_remote_newtab_ee.pem.certspec  |      5 +
 .../ssl/tests/unit/test_content_signing/pysign.py  |     36 +
 .../ssl/tests/unit/test_content_signing/test.txt   |      1 +
 .../unit/test_content_signing/test.txt.signature   |      1 +
 .../ssl/tests/unit/test_crlite_corrupted/bad.stash |      1 +
 .../unit/test_crlite_corrupted/hash-alg-0.filter   |    Bin 0 -> 1 bytes
 .../trunc-issuer-id.enrollment                     |      2 +
 .../test_crlite_corrupted/trunc-log-id.coverage    |      2 +
 .../trunc-max-timestamp.coverage                   |    Bin 0 -> 48 bytes
 .../trunc-min-timestamp.coverage                   |    Bin 0 -> 36 bytes
 .../unit/test_crlite_corrupted/version-0.coverage  |    Bin 0 -> 49 bytes
 .../test_crlite_corrupted/version-0.enrollment     |    Bin 0 -> 33 bytes
 .../ssl/tests/unit/test_crlite_coverage_missing.js |     17 +
 .../ssl/tests/unit/test_crlite_coverage_trunc1.js  |     17 +
 .../ssl/tests/unit/test_crlite_coverage_trunc2.js  |     19 +
 .../ssl/tests/unit/test_crlite_coverage_trunc3.js  |     19 +
 .../ssl/tests/unit/test_crlite_coverage_version.js |     17 +
 .../tests/unit/test_crlite_enrollment_trunc1.js    |     19 +
 .../tests/unit/test_crlite_enrollment_version.js   |     17 +
 .../ssl/tests/unit/test_crlite_filter_corrupted.js |     21 +
 .../manager/ssl/tests/unit/test_crlite_filters.js  |    880 +
 .../unit/test_crlite_filters/20201017-0-filter     |    Bin 0 -> 62 bytes
 .../test_crlite_filters/20201017-1-filter.stash    |    Bin 0 -> 36632 bytes
 .../test_crlite_filters/20201201-3-filter.stash    |    Bin 0 -> 57737 bytes
 .../ssl/tests/unit/test_crlite_filters/issuer.pem  |     28 +
 .../unit/test_crlite_filters/no-sct-issuer.pem     |     27 +
 .../ssl/tests/unit/test_crlite_filters/no-sct.pem  |     33 +
 .../tests/unit/test_crlite_filters/notcovered.pem  |     38 +
 .../test_crlite_filters/revoked-in-stash-2.pem     |     36 +
 .../unit/test_crlite_filters/revoked-in-stash.pem  |     36 +
 .../ssl/tests/unit/test_crlite_filters/revoked.pem |     42 +
 .../ssl/tests/unit/test_crlite_filters/valid.pem   |     39 +
 .../ssl/tests/unit/test_crlite_preexisting.js      |    208 +
 .../unit/test_crlite_preexisting/crlite.coverage   |    Bin 0 -> 97 bytes
 .../unit/test_crlite_preexisting/crlite.enrollment |      1 +
 .../unit/test_crlite_preexisting/crlite.stash      |    Bin 0 -> 209843 bytes
 .../ssl/tests/unit/test_crlite_stash_corrupted.js  |     91 +
 security/manager/ssl/tests/unit/test_ct.js         |     72 +
 .../test_ct/ct-insufficient-scts.example.com.pem   |     28 +
 .../ct-insufficient-scts.example.com.pem.certspec  |      4 +
 .../tests/unit/test_ct/ct-valid.example.com.pem    |     34 +
 .../unit/test_ct/ct-valid.example.com.pem.certspec |      4 +
 .../manager/ssl/tests/unit/test_ct/default-ee.key  |     28 +
 .../ssl/tests/unit/test_ct/default-ee.key.keyspec  |      1 +
 .../manager/ssl/tests/unit/test_ct/default-ee.pem  |     21 +
 .../ssl/tests/unit/test_ct/default-ee.pem.certspec |      4 +
 .../manager/ssl/tests/unit/test_ct/test-ca.pem     |     18 +
 .../ssl/tests/unit/test_ct/test-ca.pem.certspec    |      4 +
 .../ssl/tests/unit/test_db_format_pref_new.js      |     30 +
 .../ssl/tests/unit/test_delegated_credentials.js   |     91 +
 .../unit/test_delegated_credentials/default-ee.key |      5 +
 .../default-ee.key.keyspec                         |      1 +
 .../unit/test_delegated_credentials/default-ee.pem |     15 +
 .../default-ee.pem.certspec                        |      5 +
 .../test_delegated_credentials/delegated-ee.pem    |     16 +
 .../delegated-ee.pem.certspec                      |      7 +
 .../unit/test_delegated_credentials/delegated.key  |      6 +
 .../delegated.key.keyspec                          |      1 +
 .../unit/test_delegated_credentials/test-ca.pem    |     18 +
 .../test-ca.pem.certspec                           |      4 +
 .../unit/test_delegated_credentials/test-int.pem   |     19 +
 .../test-int.pem.certspec                          |      4 +
 security/manager/ssl/tests/unit/test_der.js        |    345 +
 .../ssl/tests/unit/test_encrypted_client_hello.js  |    101 +
 .../test_encrypted_client_hello/default-ee.key     |     28 +
 .../default-ee.key.keyspec                         |      1 +
 .../test_encrypted_client_hello/default-ee.pem     |     18 +
 .../default-ee.pem.certspec                        |      3 +
 .../test_encrypted_client_hello/private-ee.key     |     28 +
 .../private-ee.key.keyspec                         |      1 +
 .../test_encrypted_client_hello/private-ee.pem     |     18 +
 .../private-ee.pem.certspec                        |      3 +
 .../test_encrypted_client_hello/selfsigned.pem     |     19 +
 .../selfsigned.pem.certspec                        |      3 +
 .../unit/test_encrypted_client_hello/test-ca.pem   |     18 +
 .../test-ca.pem.certspec                           |      4 +
 .../test_encrypted_client_hello_client_only.js     |     32 +
 .../ssl/tests/unit/test_enterprise_roots.js        |     82 +
 security/manager/ssl/tests/unit/test_ev_certs.js   |    310 +
 .../unit/test_ev_certs/anyPolicy-ee-path-ee.pem    |     20 +
 .../anyPolicy-ee-path-ee.pem.certspec              |      5 +
 .../unit/test_ev_certs/anyPolicy-ee-path-int.pem   |     20 +
 .../anyPolicy-ee-path-int.pem.certspec             |      7 +
 .../unit/test_ev_certs/anyPolicy-int-path-ee.pem   |     21 +
 .../anyPolicy-int-path-ee.pem.certspec             |      5 +
 .../unit/test_ev_certs/anyPolicy-int-path-int.pem  |     20 +
 .../anyPolicy-int-path-int.pem.certspec            |      7 +
 ...um-and-test-oid-ee-cabforum-oid-int-path-ee.pem |     23 +
 ...st-oid-ee-cabforum-oid-int-path-ee.pem.certspec |      5 +
 ...m-and-test-oid-ee-cabforum-oid-int-path-int.pem |     21 +
 ...t-oid-ee-cabforum-oid-int-path-int.pem.certspec |      7 +
 .../cabforum-and-test-oid-ee-path-ee.pem           |     22 +
 .../cabforum-and-test-oid-ee-path-ee.pem.certspec  |      5 +
 .../cabforum-and-test-oid-ee-path-int.pem          |     21 +
 .../cabforum-and-test-oid-ee-path-int.pem.certspec |      7 +
 .../unit/test_ev_certs/cabforum-oid-path-ee.pem    |     20 +
 .../cabforum-oid-path-ee.pem.certspec              |      5 +
 .../unit/test_ev_certs/cabforum-oid-path-int.pem   |     20 +
 .../cabforum-oid-path-int.pem.certspec             |      7 +
 .../ssl/tests/unit/test_ev_certs/evroot.key        |     28 +
 .../tests/unit/test_ev_certs/evroot.key.keyspec    |      1 +
 .../ssl/tests/unit/test_ev_certs/evroot.pem        |     18 +
 .../tests/unit/test_ev_certs/evroot.pem.certspec   |      7 +
 .../unit/test_ev_certs/no-ocsp-ee-path-ee.pem      |     19 +
 .../test_ev_certs/no-ocsp-ee-path-ee.pem.certspec  |      4 +
 .../unit/test_ev_certs/no-ocsp-ee-path-int.pem     |     20 +
 .../test_ev_certs/no-ocsp-ee-path-int.pem.certspec |      7 +
 .../unit/test_ev_certs/no-ocsp-int-path-ee.pem     |     21 +
 .../test_ev_certs/no-ocsp-int-path-ee.pem.certspec |      5 +
 .../unit/test_ev_certs/no-ocsp-int-path-int.pem    |     18 +
 .../no-ocsp-int-path-int.pem.certspec              |      6 +
 .../unit/test_ev_certs/non-ev-root-path-ee.pem     |     21 +
 .../test_ev_certs/non-ev-root-path-ee.pem.certspec |      5 +
 .../unit/test_ev_certs/non-ev-root-path-int.pem    |     20 +
 .../non-ev-root-path-int.pem.certspec              |      6 +
 .../ssl/tests/unit/test_ev_certs/non-evroot-ca.pem |     18 +
 .../unit/test_ev_certs/non-evroot-ca.pem.certspec  |      4 +
 .../test_ev_certs/reverse-order-oids-path-ee.pem   |     21 +
 .../reverse-order-oids-path-ee.pem.certspec        |      5 +
 .../test_ev_certs/reverse-order-oids-path-int.pem  |     21 +
 .../reverse-order-oids-path-int.pem.certspec       |      7 +
 ...nd-cabforum-oid-ee-cabforum-oid-int-path-ee.pem |     23 +
 ...um-oid-ee-cabforum-oid-int-path-ee.pem.certspec |      5 +
 ...d-cabforum-oid-ee-cabforum-oid-int-path-int.pem |     21 +
 ...m-oid-ee-cabforum-oid-int-path-int.pem.certspec |      7 +
 .../test-and-cabforum-oid-ee-path-ee.pem           |     22 +
 .../test-and-cabforum-oid-ee-path-ee.pem.certspec  |      5 +
 .../test-and-cabforum-oid-ee-path-int.pem          |     21 +
 .../test-and-cabforum-oid-ee-path-int.pem.certspec |      7 +
 .../test-oid-ee-cabforum-oid-int-path-ee.pem       |     22 +
 ...st-oid-ee-cabforum-oid-int-path-ee.pem.certspec |      5 +
 .../test-oid-ee-cabforum-oid-int-path-int.pem      |     21 +
 ...t-oid-ee-cabforum-oid-int-path-int.pem.certspec |      7 +
 .../tests/unit/test_ev_certs/test-oid-path-ee.pem  |     20 +
 .../test_ev_certs/test-oid-path-ee.pem.certspec    |      5 +
 .../tests/unit/test_ev_certs/test-oid-path-int.key |     28 +
 .../test_ev_certs/test-oid-path-int.key.keyspec    |      1 +
 .../tests/unit/test_ev_certs/test-oid-path-int.pem |     20 +
 .../test_ev_certs/test-oid-path-int.pem.certspec   |      7 +
 .../tests/unit/test_faulty_server/default-ee.key   |      5 +
 .../unit/test_faulty_server/default-ee.key.keyspec |      1 +
 .../tests/unit/test_faulty_server/default-ee.pem   |     14 +
 .../test_faulty_server/default-ee.pem.certspec     |      5 +
 .../tests/unit/test_faulty_server/no-san-ee.pem    |     14 +
 .../unit/test_faulty_server/no-san-ee.pem.certspec |      4 +
 .../unit/test_faulty_server/no-san-ee.pem.key      |      5 +
 .../test_faulty_server/no-san-ee.pem.key.keyspec   |      1 +
 .../ssl/tests/unit/test_faulty_server/test-ca.pem  |     18 +
 .../unit/test_faulty_server/test-ca.pem.certspec   |      4 +
 .../ssl/tests/unit/test_faulty_server/test-int.pem |     18 +
 .../unit/test_faulty_server/test-int.pem.certspec  |      4 +
 .../test_forget_about_site_security_headers.js     |    119 +
 .../manager/ssl/tests/unit/test_hash_algorithms.js |    158 +
 .../ssl/tests/unit/test_hash_algorithms_wrap.js    |      5 +
 .../test_intermediate_basic_usage_constraints.js   |    138 +
 .../ca.pem                                         |     17 +
 .../ca.pem.certspec                                |      3 +
 .../ee-int-bad-ku-no-eku.pem                       |     18 +
 .../ee-int-bad-ku-no-eku.pem.certspec              |      4 +
 .../ee-int-bad-ku-server-eku.pem                   |     18 +
 .../ee-int-bad-ku-server-eku.pem.certspec          |      4 +
 .../ee-int-cA-FALSE-asserts-keyCertSign.pem        |     19 +
 ...e-int-cA-FALSE-asserts-keyCertSign.pem.certspec |      4 +
 .../ee-int-limited-depth-invalid.pem               |     18 +
 .../ee-int-limited-depth-invalid.pem.certspec      |      4 +
 .../ee-int-limited-depth.pem                       |     18 +
 .../ee-int-limited-depth.pem.certspec              |      4 +
 .../ee-int-no-extensions.pem                       |     18 +
 .../ee-int-no-extensions.pem.certspec              |      4 +
 .../ee-int-no-ku-no-eku.pem                        |     18 +
 .../ee-int-no-ku-no-eku.pem.certspec               |      4 +
 .../ee-int-no-ku-server-eku.pem                    |     18 +
 .../ee-int-no-ku-server-eku.pem.certspec           |      4 +
 .../ee-int-not-a-ca.pem                            |     18 +
 .../ee-int-not-a-ca.pem.certspec                   |      4 +
 .../ee-int-valid-ku-no-eku.pem                     |     18 +
 .../ee-int-valid-ku-no-eku.pem.certspec            |      4 +
 .../ee-int-valid-ku-server-eku.pem                 |     18 +
 .../ee-int-valid-ku-server-eku.pem.certspec        |      4 +
 .../int-bad-ku-no-eku.pem                          |     18 +
 .../int-bad-ku-no-eku.pem.certspec                 |      4 +
 .../int-bad-ku-server-eku.pem                      |     18 +
 .../int-bad-ku-server-eku.pem.certspec             |      5 +
 .../int-cA-FALSE-asserts-keyCertSign.pem           |     18 +
 .../int-cA-FALSE-asserts-keyCertSign.pem.certspec  |      4 +
 .../int-limited-depth-invalid.pem                  |     18 +
 .../int-limited-depth-invalid.pem.certspec         |      3 +
 .../int-limited-depth.pem                          |     18 +
 .../int-limited-depth.pem.certspec                 |      3 +
 .../int-no-extensions.pem                          |     17 +
 .../int-no-extensions.pem.certspec                 |      2 +
 .../int-no-ku-no-eku.pem                           |     17 +
 .../int-no-ku-no-eku.pem.certspec                  |      3 +
 .../int-no-ku-server-eku.pem                       |     18 +
 .../int-no-ku-server-eku.pem.certspec              |      4 +
 .../int-not-a-ca.pem                               |     17 +
 .../int-not-a-ca.pem.certspec                      |      3 +
 .../int-valid-ku-no-eku.pem                        |     18 +
 .../int-valid-ku-no-eku.pem.certspec               |      4 +
 .../int-valid-ku-server-eku.pem                    |     19 +
 .../int-valid-ku-server-eku.pem.certspec           |      5 +
 .../ssl/tests/unit/test_intermediate_preloads.js   |    528 +
 .../tests/unit/test_intermediate_preloads/ca.pem   |     18 +
 .../test_intermediate_preloads/ca.pem.certspec     |      5 +
 .../unit/test_intermediate_preloads/default-ee.key |     28 +
 .../default-ee.key.keyspec                         |      1 +
 .../unit/test_intermediate_preloads/default-ee.pem |     19 +
 .../default-ee.pem.certspec                        |      4 +
 .../tests/unit/test_intermediate_preloads/ee2.pem  |     18 +
 .../test_intermediate_preloads/ee2.pem.certspec    |      3 +
 .../tests/unit/test_intermediate_preloads/int.pem  |     19 +
 .../test_intermediate_preloads/int.pem.certspec    |      4 +
 .../tests/unit/test_intermediate_preloads/int2.pem |     19 +
 .../test_intermediate_preloads/int2.pem.certspec   |      4 +
 security/manager/ssl/tests/unit/test_keysize.js    |    204 +
 .../ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem     |     13 +
 ...sa_1016-int_rsa_1024-root_rsa_1024.pem.certspec |      4 +
 .../ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem     |     13 +
 ...sa_1024-int_rsa_1016-root_rsa_1024.pem.certspec |      4 +
 .../ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem     |     15 +
 ...sa_1024-int_rsa_1024-root_rsa_1016.pem.certspec |      4 +
 .../ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem     |     13 +
 ...sa_1024-int_rsa_1024-root_rsa_1024.pem.certspec |      4 +
 ...cp224r1_224-int_secp256r1_256-root_rsa_2048.pem |     10 +
 ...24-int_secp256r1_256-root_rsa_2048.pem.certspec |      5 +
 ...r1_224-int_secp256r1_256-root_secp256r1_256.pem |     10 +
 ...t_secp256r1_256-root_secp256r1_256.pem.certspec |      5 +
 ...k1_256-int_secp256r1_256-root_secp256r1_256.pem |     10 +
 ...t_secp256r1_256-root_secp256r1_256.pem.certspec |      5 +
 ...cp256r1_256-int_rsa_1016-root_secp256r1_256.pem |     11 +
 ...56-int_rsa_1016-root_secp256r1_256.pem.certspec |      4 +
 ...r1_256-int_secp224r1_224-root_secp256r1_256.pem |     10 +
 ...t_secp224r1_224-root_secp256r1_256.pem.certspec |      5 +
 ...r1_256-int_secp256r1_256-root_secp224r1_224.pem |     10 +
 ...t_secp256r1_256-root_secp224r1_224.pem.certspec |      5 +
 ...r1_256-int_secp256r1_256-root_secp256k1_256.pem |     10 +
 ...t_secp256r1_256-root_secp256k1_256.pem.certspec |      5 +
 ...cp384r1_384-int_secp256r1_256-root_rsa_2048.pem |     11 +
 ...84-int_secp256r1_256-root_rsa_2048.pem.certspec |      5 +
 ...r1_521-int_secp384r1_384-root_secp256r1_256.pem |     12 +
 ...t_secp384r1_384-root_secp256r1_256.pem.certspec |      5 +
 .../test_keysize/int_rsa_1016-root_rsa_1024.pem    |     13 +
 .../int_rsa_1016-root_rsa_1024.pem.certspec        |      6 +
 .../int_rsa_1016-root_secp256r1_256.pem            |     12 +
 .../int_rsa_1016-root_secp256r1_256.pem.certspec   |      7 +
 .../test_keysize/int_rsa_1024-root_rsa_1016.pem    |     13 +
 .../int_rsa_1024-root_rsa_1016.pem.certspec        |      6 +
 .../test_keysize/int_rsa_1024-root_rsa_1024.pem    |     13 +
 .../int_rsa_1024-root_rsa_1024.pem.certspec        |      6 +
 .../int_secp224r1_224-root_secp256r1_256.pem       |     10 +
 ...t_secp224r1_224-root_secp256r1_256.pem.certspec |      7 +
 .../int_secp256r1_256-root_rsa_2048.pem            |     14 +
 .../int_secp256r1_256-root_rsa_2048.pem.certspec   |      5 +
 .../int_secp256r1_256-root_secp224r1_224.pem       |     10 +
 ...t_secp256r1_256-root_secp224r1_224.pem.certspec |      7 +
 .../int_secp256r1_256-root_secp256k1_256.pem       |     10 +
 ...t_secp256r1_256-root_secp256k1_256.pem.certspec |      7 +
 .../int_secp256r1_256-root_secp256r1_256.pem       |     10 +
 ...t_secp256r1_256-root_secp256r1_256.pem.certspec |      7 +
 .../int_secp384r1_384-root_secp256r1_256.pem       |     11 +
 ...t_secp384r1_384-root_secp256r1_256.pem.certspec |      7 +
 .../ssl/tests/unit/test_keysize/root_rsa_1016.pem  |     12 +
 .../unit/test_keysize/root_rsa_1016.pem.certspec   |      6 +
 .../ssl/tests/unit/test_keysize/root_rsa_1024.pem  |     12 +
 .../unit/test_keysize/root_rsa_1024.pem.certspec   |      6 +
 .../ssl/tests/unit/test_keysize/root_rsa_2048.pem  |     18 +
 .../unit/test_keysize/root_rsa_2048.pem.certspec   |      4 +
 .../tests/unit/test_keysize/root_secp224r1_224.pem |      9 +
 .../test_keysize/root_secp224r1_224.pem.certspec   |      7 +
 .../tests/unit/test_keysize/root_secp256k1_256.pem |     10 +
 .../test_keysize/root_secp256k1_256.pem.certspec   |      7 +
 .../tests/unit/test_keysize/root_secp256r1_256.pem |     10 +
 .../test_keysize/root_secp256r1_256.pem.certspec   |      7 +
 security/manager/ssl/tests/unit/test_keysize_ev.js |    169 +
 .../ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem      |     21 +
 ...ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec |      5 +
 .../ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem      |     21 +
 ...ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec |      5 +
 ...e_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem |     21 +
 ...8-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec |      4 +
 .../ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem      |     21 +
 ...ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec |      4 +
 .../test_keysize_ev/ev_int_rsa_2040-evroot.pem     |     20 +
 .../ev_int_rsa_2040-evroot.pem.certspec            |      8 +
 .../tests/unit/test_keysize_ev/ev_int_rsa_2040.key |     28 +
 .../test_keysize_ev/ev_int_rsa_2040.key.keyspec    |      1 +
 .../ev_int_rsa_2048-ev_root_rsa_2040.pem           |     21 +
 .../ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec  |      7 +
 .../test_keysize_ev/ev_int_rsa_2048-evroot.pem     |     20 +
 .../ev_int_rsa_2048-evroot.pem.certspec            |      7 +
 .../tests/unit/test_keysize_ev/ev_int_rsa_2048.key |     28 +
 .../test_keysize_ev/ev_int_rsa_2048.key.keyspec    |      1 +
 .../unit/test_keysize_ev/ev_root_rsa_2040.key      |     28 +
 .../test_keysize_ev/ev_root_rsa_2040.key.keyspec   |      1 +
 .../unit/test_keysize_ev/ev_root_rsa_2040.pem      |     18 +
 .../test_keysize_ev/ev_root_rsa_2040.pem.certspec  |      7 +
 .../ssl/tests/unit/test_keysize_ev/evroot.key      |     28 +
 .../tests/unit/test_keysize_ev/evroot.key.keyspec  |      1 +
 .../ssl/tests/unit/test_keysize_ev/evroot.pem      |     18 +
 .../tests/unit/test_keysize_ev/evroot.pem.certspec |      7 +
 .../ssl/tests/unit/test_logoutAndTeardown.js       |    195 +
 .../ssl/tests/unit/test_missing_intermediate.js    |     92 +
 .../missing-intermediate.pem                       |     18 +
 .../missing-intermediate.pem.certspec              |      4 +
 .../ssl/tests/unit/test_name_constraints.js        |     71 +
 .../NameConstraints.dcissallowed.pem               |     20 +
 .../NameConstraints.dcissallowed.pem.certspec      |      2 +
 .../NameConstraints.dcissblocked.pem               |     20 +
 .../NameConstraints.dcissblocked.pem.certspec      |      2 +
 .../ca-example-com-permitted.pem                   |     19 +
 .../ca-example-com-permitted.pem.certspec          |      5 +
 .../ssl/tests/unit/test_name_constraints/dciss.pem |     22 +
 .../unit/test_name_constraints/dciss.pem.certspec  |      4 +
 .../ee-example-com-and-org.pem                     |     19 +
 .../ee-example-com-and-org.pem.certspec            |      3 +
 .../unit/test_name_constraints/ee-example-com.pem  |     18 +
 .../ee-example-com.pem.certspec                    |      3 +
 .../unit/test_name_constraints/ee-example-org.pem  |     18 +
 .../ee-example-org.pem.certspec                    |      3 +
 .../unit/test_name_constraints/ee-example-test.pem |     18 +
 .../ee-example-test.pem.certspec                   |      3 +
 .../int-example-org-permitted.pem                  |     19 +
 .../int-example-org-permitted.pem.certspec         |      5 +
 .../manager/ssl/tests/unit/test_nonascii_path.js   |     52 +
 security/manager/ssl/tests/unit/test_nsCertType.js |     32 +
 .../ssl/tests/unit/test_nsIX509CertValidity.js     |     25 +
 .../ssl/tests/unit/test_nsIX509Cert_utf8.js        |     96 +
 .../manager/ssl/tests/unit/test_ocsp_caching.js    |    479 +
 .../ssl/tests/unit/test_ocsp_enabled_pref.js       |    146 +
 .../ssl/tests/unit/test_ocsp_must_staple.js        |    160 +
 .../ssl/tests/unit/test_ocsp_no_hsts_upgrade.js    |     58 +
 .../ssl/tests/unit/test_ocsp_private_caching.js    |    115 +
 .../manager/ssl/tests/unit/test_ocsp_required.js   |     95 +
 .../manager/ssl/tests/unit/test_ocsp_stapling.js   |    393 +
 .../ssl/tests/unit/test_ocsp_stapling_expired.js   |    317 +
 .../unit/test_ocsp_stapling_with_intermediate.js   |     48 +
 .../manager/ssl/tests/unit/test_ocsp_timeout.js    |    100 +
 security/manager/ssl/tests/unit/test_ocsp_url.js   |    122 +
 .../ssl/tests/unit/test_ocsp_url/bad-scheme.pem    |     18 +
 .../unit/test_ocsp_url/bad-scheme.pem.certspec     |      3 +
 .../manager/ssl/tests/unit/test_ocsp_url/ca.pem    |     17 +
 .../ssl/tests/unit/test_ocsp_url/ca.pem.certspec   |      4 +
 .../tests/unit/test_ocsp_url/empty-scheme-url.pem  |     18 +
 .../test_ocsp_url/empty-scheme-url.pem.certspec    |      3 +
 .../ssl/tests/unit/test_ocsp_url/ftp-url.pem       |     18 +
 .../tests/unit/test_ocsp_url/ftp-url.pem.certspec  |      3 +
 .../ssl/tests/unit/test_ocsp_url/hTTp-url.pem      |     18 +
 .../tests/unit/test_ocsp_url/hTTp-url.pem.certspec |      3 +
 .../ssl/tests/unit/test_ocsp_url/https-url.pem     |     18 +
 .../unit/test_ocsp_url/https-url.pem.certspec      |      3 +
 .../manager/ssl/tests/unit/test_ocsp_url/int.key   |     28 +
 .../ssl/tests/unit/test_ocsp_url/int.key.keyspec   |      1 +
 .../manager/ssl/tests/unit/test_ocsp_url/int.pem   |     17 +
 .../ssl/tests/unit/test_ocsp_url/int.pem.certspec  |      4 +
 .../ssl/tests/unit/test_ocsp_url/negative-port.pem |     18 +
 .../unit/test_ocsp_url/negative-port.pem.certspec  |      3 +
 .../ssl/tests/unit/test_ocsp_url/no-host-url.pem   |     18 +
 .../unit/test_ocsp_url/no-host-url.pem.certspec    |      3 +
 .../ssl/tests/unit/test_ocsp_url/no-path-url.pem   |     18 +
 .../unit/test_ocsp_url/no-path-url.pem.certspec    |      3 +
 .../unit/test_ocsp_url/no-scheme-host-port.pem     |     18 +
 .../test_ocsp_url/no-scheme-host-port.pem.certspec |      3 +
 .../ssl/tests/unit/test_ocsp_url/no-scheme-url.pem |     18 +
 .../unit/test_ocsp_url/no-scheme-url.pem.certspec  |      3 +
 .../tests/unit/test_ocsp_url/unknown-scheme.pem    |     18 +
 .../unit/test_ocsp_url/unknown-scheme.pem.certspec |      3 +
 .../ssl/tests/unit/test_ocsp_url/user-pass.pem     |     18 +
 .../unit/test_ocsp_url/user-pass.pem.certspec      |      3 +
 ...ther-ee-revoked-by-revocations-txt-serial-2.pem |     17 +
 ...evoked-by-revocations-txt-serial-2.pem.certspec |      3 +
 .../another-ee-revoked-by-revocations-txt.pem      |     17 +
 ...ther-ee-revoked-by-revocations-txt.pem.certspec |      3 +
 .../test_onecrl/ee-revoked-by-revocations-txt.pem  |     17 +
 .../ee-revoked-by-revocations-txt.pem.certspec     |      3 +
 .../ee-revoked-by-subject-and-pubkey.pem           |     18 +
 .../ee-revoked-by-subject-and-pubkey.pem.certspec  |      2 +
 .../ssl/tests/unit/test_onecrl/same-issuer-ee.pem  |     19 +
 .../unit/test_onecrl/same-issuer-ee.pem.certspec   |      4 +
 .../tests/unit/test_onecrl/sample_revocations.txt  |     41 +
 .../ssl/tests/unit/test_onecrl/test-int-ee.pem     |     18 +
 .../unit/test_onecrl/test-int-ee.pem.certspec      |      3 +
 .../ssl/tests/unit/test_osclientcerts_module.js    |     60 +
 security/manager/ssl/tests/unit/test_oskeystore.js |    413 +
 .../ssl/tests/unit/test_osreauthenticator.js       |     27 +
 .../manager/ssl/tests/unit/test_password_prompt.js |     87 +
 security/manager/ssl/tests/unit/test_pinning.js    |    311 +
 .../manager/ssl/tests/unit/test_pkcs11_module.js   |     58 +
 .../manager/ssl/tests/unit/test_pkcs11_moduleDB.js |     46 +
 .../ssl/tests/unit/test_pkcs11_safe_mode.js        |     58 +
 .../manager/ssl/tests/unit/test_pkcs11_slot.js     |    161 +
 .../manager/ssl/tests/unit/test_pkcs11_token.js    |    149 +
 .../manager/ssl/tests/unit/test_pkcs11_tokenDB.js  |     20 +
 .../apple-ist-ca-8-g1-intermediate.pem             |     20 +
 .../tests/unit/test_sanctions/cds-apple-com.pem    |     38 +
 .../ssl/tests/unit/test_sanctions/default-ee.key   |     28 +
 .../unit/test_sanctions/default-ee.key.keyspec     |      1 +
 .../ssl/tests/unit/test_sanctions/default-ee.pem   |     21 +
 .../unit/test_sanctions/default-ee.pem.certspec    |      4 +
 .../symantec-ee-from-allowlist-after-cutoff.pem    |     20 +
 ...tec-ee-from-allowlist-after-cutoff.pem.certspec |      4 +
 .../symantec-ee-from-allowlist-before-cutoff.pem   |     20 +
 ...ec-ee-from-allowlist-before-cutoff.pem.certspec |      4 +
 .../symantec-ee-not-allowlisted-after-cutoff.pem   |     20 +
 ...ec-ee-not-allowlisted-after-cutoff.pem.certspec |      4 +
 .../symantec-ee-not-allowlisted-before-cutoff.pem  |     20 +
 ...c-ee-not-allowlisted-before-cutoff.pem.certspec |      4 +
 .../symantec-intermediate-allowlisted.pem          |     22 +
 .../symantec-intermediate-allowlisted.pem.certspec |      5 +
 .../symantec-intermediate-other-crossigned.pem     |     19 +
 ...ntec-intermediate-other-crossigned.pem.certspec |      5 +
 .../test_sanctions/symantec-intermediate-other.pem |     22 +
 .../symantec-intermediate-other.pem.certspec       |      5 +
 .../tests/unit/test_sanctions/symantec-test-ca.pem |     23 +
 .../test_sanctions/symantec-test-ca.pem.certspec   |      5 +
 .../unit/test_sanctions_symantec_apple_google.js   |     95 +
 security/manager/ssl/tests/unit/test_sdr.js        |    272 +
 .../manager/ssl/tests/unit/test_sdr_preexisting.js |     79 +
 .../ssl/tests/unit/test_sdr_preexisting/key4.db    |    Bin 0 -> 36864 bytes
 .../unit/test_sdr_preexisting_with_password.js     |    135 +
 .../test_sdr_preexisting_with_password/key4.db     |    Bin 0 -> 36864 bytes
 .../ssl/tests/unit/test_self_signed_certs.js       |    109 +
 .../ssl/tests/unit/test_self_signed_certs/ca1.pem  |     18 +
 .../unit/test_self_signed_certs/ca1.pem.certspec   |      5 +
 .../ssl/tests/unit/test_self_signed_certs/ca2.pem  |     18 +
 .../unit/test_self_signed_certs/ca2.pem.certspec   |      7 +
 .../ssl/tests/unit/test_self_signed_certs/cert9.db |    Bin 0 -> 45056 bytes
 .../ssl/tests/unit/test_self_signed_certs/ee1.pem  |     17 +
 .../unit/test_self_signed_certs/ee1.pem.certspec   |      3 +
 .../ssl/tests/unit/test_self_signed_certs/ee2.pem  |     17 +
 .../unit/test_self_signed_certs/ee2.pem.certspec   |      5 +
 .../ssl/tests/unit/test_session_resumption.js      |    291 +
 .../manager/ssl/tests/unit/test_signed_apps.js     |   1038 +
 .../ssl/tests/unit/test_signed_apps/app/README     |      1 +
 .../tests/unit/test_signed_apps/app/data/image.png |    Bin 0 -> 534 bytes
 .../tests/unit/test_signed_apps/app/manifest.json  |      5 +
 .../app_cose_tampered/META-INF/cose.manifest       |     10 +
 .../app_cose_tampered/META-INF/cose.sig            |    Bin 0 -> 655 bytes
 .../unit/test_signed_apps/app_cose_tampered/README |      2 +
 .../app_cose_tampered/data/image.png               |    Bin 0 -> 534 bytes
 .../app_cose_tampered/manifest.json                |      5 +
 .../app_mf-1-256_sf-1-256_p7-1-256.zip             |    Bin 0 -> 2678 bytes
 .../app_mf-1-256_sf-1-256_p7-1.zip                 |    Bin 0 -> 2341 bytes
 .../app_mf-1-256_sf-1-256_p7-256.zip               |    Bin 0 -> 2362 bytes
 .../app_mf-1-256_sf-1_p7-1-256.zip                 |    Bin 0 -> 2624 bytes
 .../test_signed_apps/app_mf-1-256_sf-1_p7-1.zip    |    Bin 0 -> 2288 bytes
 .../test_signed_apps/app_mf-1-256_sf-1_p7-256.zip  |    Bin 0 -> 2309 bytes
 .../app_mf-1-256_sf-256_p7-1-256.zip               |    Bin 0 -> 2643 bytes
 .../test_signed_apps/app_mf-1-256_sf-256_p7-1.zip  |    Bin 0 -> 2307 bytes
 .../app_mf-1-256_sf-256_p7-256.zip                 |    Bin 0 -> 2327 bytes
 .../app_mf-1_sf-1-256_p7-1-256.zip                 |    Bin 0 -> 2562 bytes
 .../test_signed_apps/app_mf-1_sf-1-256_p7-1.zip    |    Bin 0 -> 2226 bytes
 .../test_signed_apps/app_mf-1_sf-1-256_p7-256.zip  |    Bin 0 -> 2247 bytes
 .../test_signed_apps/app_mf-1_sf-1_p7-1-256.zip    |    Bin 0 -> 2513 bytes
 .../unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip   |    Bin 0 -> 2174 bytes
 .../unit/test_signed_apps/app_mf-1_sf-1_p7-256.zip |    Bin 0 -> 2196 bytes
 .../test_signed_apps/app_mf-1_sf-256_p7-1-256.zip  |    Bin 0 -> 2526 bytes
 .../unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip |    Bin 0 -> 2192 bytes
 .../test_signed_apps/app_mf-1_sf-256_p7-256.zip    |    Bin 0 -> 2210 bytes
 .../app_mf-256_sf-1-256_p7-1-256.zip               |    Bin 0 -> 2601 bytes
 .../test_signed_apps/app_mf-256_sf-1-256_p7-1.zip  |    Bin 0 -> 2264 bytes
 .../app_mf-256_sf-1-256_p7-256.zip                 |    Bin 0 -> 2287 bytes
 .../test_signed_apps/app_mf-256_sf-1_p7-1-256.zip  |    Bin 0 -> 2549 bytes
 .../unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip |    Bin 0 -> 2213 bytes
 .../test_signed_apps/app_mf-256_sf-1_p7-256.zip    |    Bin 0 -> 2234 bytes
 .../app_mf-256_sf-256_p7-1-256.zip                 |    Bin 0 -> 2567 bytes
 .../test_signed_apps/app_mf-256_sf-256_p7-1.zip    |    Bin 0 -> 2232 bytes
 .../test_signed_apps/app_mf-256_sf-256_p7-256.zip  |    Bin 0 -> 2251 bytes
 ...48-prod-tomato-clock-PKCS7-SHA1-ES256-ES384.zip |    Bin 0 -> 459148 bytes
 ...48-prod-tomato-clock-PKCS7-SHA1-ES256-PS256.zip |    Bin 0 -> 459984 bytes
 ...714ba248-prod-tomato-clock-PKCS7-SHA1-ES256.zip |    Bin 0 -> 458382 bytes
 ...714ba248-prod-tomato-clock-PKCS7-SHA1-PS256.zip |    Bin 0 -> 459272 bytes
 ...8-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip |    Bin 0 -> 459192 bytes
 ...8-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip |    Bin 0 -> 460028 bytes
 ...14ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip |    Bin 0 -> 458426 bytes
 ...14ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip |    Bin 0 -> 459315 bytes
 .../tests/unit/test_signed_apps/big_manifest.zip   |    Bin 0 -> 8107 bytes
 .../tests/unit/test_signed_apps/bug_1411458.zip    |    Bin 0 -> 2698 bytes
 .../cose_int_signed_with_pkcs7.zip                 |    Bin 0 -> 4045 bytes
 .../cose_multiple_signed_with_pkcs7.zip            |    Bin 0 -> 3942 bytes
 .../test_signed_apps/cose_signed_with_pkcs7.zip    |    Bin 0 -> 3400 bytes
 .../test_signed_apps/cose_tampered_good_pkcs7.zip  |    Bin 0 -> 3379 bytes
 .../unit/test_signed_apps/empty_signerInfos.zip    |    Bin 0 -> 1890 bytes
 .../tests/unit/test_signed_apps/huge_manifest.zip  |    Bin 0 -> 31397 bytes
 .../ssl/tests/unit/test_signed_apps/moz.build      |     78 +
 .../test_signed_apps/only_cose_multiple_signed.zip |    Bin 0 -> 2107 bytes
 .../unit/test_signed_apps/only_cose_signed.zip     |    Bin 0 -> 1563 bytes
 .../unit/test_signed_apps/unknown_issuer_app.zip   |    Bin 0 -> 2256 bytes
 .../tests/unit/test_signed_apps/unsigned_app.zip   |    Bin 0 -> 510 bytes
 .../unit/test_signed_apps/validity_expired.zip     |    Bin 0 -> 3394 bytes
 .../test_signed_apps/validity_not_yet_valid.zip    |    Bin 0 -> 3393 bytes
 .../unit/test_signed_apps/xpcshellTestRoot.der     |    Bin 0 -> 794 bytes
 .../test_signed_apps/xpcshellTestRoot.pem.certspec |      6 +
 security/manager/ssl/tests/unit/test_ssl_status.js |     75 +
 .../manager/ssl/tests/unit/test_sss_eviction.js    |     88 +
 .../ssl/tests/unit/test_sss_originAttributes.js    |     99 +
 .../manager/ssl/tests/unit/test_sss_readstate.js   |    123 +
 .../ssl/tests/unit/test_sss_readstate_empty.js     |     50 +
 .../ssl/tests/unit/test_sss_readstate_garbage.js   |     95 +
 .../ssl/tests/unit/test_sss_readstate_huge.js      |     80 +
 .../manager/ssl/tests/unit/test_sss_resetState.js  |     62 +
 .../ssl/tests/unit/test_sss_sanitizeOnShutdown.js  |     66 +
 .../manager/ssl/tests/unit/test_sss_savestate.js   |    126 +
 security/manager/ssl/tests/unit/test_sts_fqdn.js   |     40 +
 .../manager/ssl/tests/unit/test_sts_ipv4_ipv6.js   |     55 +
 security/manager/ssl/tests/unit/test_sts_parser.js |    126 +
 .../tests/unit/test_sts_preloadlist_perwindowpb.js |    269 +
 .../unit/test_sts_preloadlist_selfdestruct.js      |     22 +
 security/manager/ssl/tests/unit/test_validity.js   |    106 +
 .../ev_ee_27_months-ev_int_60_months-evroot.pem    |     21 +
 ..._27_months-ev_int_60_months-evroot.pem.certspec |      5 +
 .../ev_ee_28_months-ev_int_60_months-evroot.pem    |     21 +
 ..._28_months-ev_int_60_months-evroot.pem.certspec |      5 +
 .../unit/test_validity/ev_int_60_months-evroot.key |     28 +
 .../ev_int_60_months-evroot.key.keyspec            |      1 +
 .../unit/test_validity/ev_int_60_months-evroot.pem |     20 +
 .../ev_int_60_months-evroot.pem.certspec           |      8 +
 .../ssl/tests/unit/test_validity/evroot.key        |     28 +
 .../tests/unit/test_validity/evroot.key.keyspec    |      1 +
 .../ssl/tests/unit/test_validity/evroot.pem        |     18 +
 .../tests/unit/test_validity/evroot.pem.certspec   |      7 +
 security/manager/ssl/tests/unit/test_x509.js       |    124 +
 .../unit/tlsserver/cmd/BadCertAndPinningServer.cpp |    141 +
 .../tlsserver/cmd/DelegatedCredentialsServer.cpp   |    142 +
 .../tlsserver/cmd/EncryptedClientHelloServer.cpp   |    178 +
 .../ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp  |    206 +
 .../unit/tlsserver/cmd/GenerateOCSPResponse.cpp    |    168 +
 .../unit/tlsserver/cmd/OCSPStaplingServer.cpp      |    153 +
 .../unit/tlsserver/cmd/SanctionsTestServer.cpp     |     87 +
 .../manager/ssl/tests/unit/tlsserver/cmd/moz.build |     45 +
 .../ssl/tests/unit/tlsserver/default-ee.der        |      3 +
 .../ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp    |    204 +
 .../ssl/tests/unit/tlsserver/lib/OCSPCommon.h      |     66 +
 .../ssl/tests/unit/tlsserver/lib/TLSServer.cpp     |    692 +
 .../ssl/tests/unit/tlsserver/lib/TLSServer.h       |     93 +
 .../manager/ssl/tests/unit/tlsserver/lib/moz.build |     48 +
 .../manager/ssl/tests/unit/tlsserver/moz.build     |      8 +
 .../manager/ssl/tests/unit/xpcshell-smartcards.ini |     17 +
 security/manager/ssl/tests/unit/xpcshell.ini       |    242 +
 security/manager/tools/.eslintrc.js                |     13 +
 security/manager/tools/KnownRootHashes.json        |   1263 +
 security/manager/tools/PreloadedHPKPins.json       |    207 +
 .../crtshToIdentifyingStruct.py                    |    156 +
 .../crtshToIdentifyingStruct/requirements.txt      |      4 +
 security/manager/tools/dumpGoogleRoots.js          |     96 +
 security/manager/tools/genRootCAHashes.js          |    273 +
 security/manager/tools/getCTKnownLogs.py           |    330 +
 security/manager/tools/log_list.json               |    403 +
 security/manager/tools/mach_commands.py            |    129 +
 security/manager/tools/pycert.py                   |    805 +
 security/manager/tools/pycms.py                    |    219 +
 security/manager/tools/pyct.py                     |    103 +
 security/manager/tools/pykey.py                    |    957 +
 security/manager/tools/pypkcs12.py                 |    124 +
 1424 files changed, 253270 insertions(+)
 create mode 100644 security/manager/android_stub.h
 create mode 100644 security/manager/locales/en-US/chrome/pipnss/nsserrors.properties
 create mode 100644 security/manager/locales/en-US/chrome/pipnss/pipnss.properties
 create mode 100644 security/manager/locales/en-US/chrome/pippki/pippki.properties
 create mode 100644 security/manager/locales/en-US/security/certificates/certManager.ftl
 create mode 100644 security/manager/locales/en-US/security/certificates/deviceManager.ftl
 create mode 100644 security/manager/locales/en-US/security/pippki/pippki.ftl
 create mode 100644 security/manager/locales/jar.mn
 create mode 100644 security/manager/locales/moz.build
 create mode 100644 security/manager/moz.build
 create mode 100644 security/manager/pki/components.conf
 create mode 100644 security/manager/pki/moz.build
 create mode 100644 security/manager/pki/nsIASN1Tree.idl
 create mode 100644 security/manager/pki/nsNSSDialogHelper.cpp
 create mode 100644 security/manager/pki/nsNSSDialogHelper.h
 create mode 100644 security/manager/pki/nsNSSDialogs.cpp
 create mode 100644 security/manager/pki/nsNSSDialogs.h
 create mode 100644 security/manager/pki/resources/content/certManager.css
 create mode 100644 security/manager/pki/resources/content/certManager.js
 create mode 100644 security/manager/pki/resources/content/certManager.xhtml
 create mode 100644 security/manager/pki/resources/content/changepassword.js
 create mode 100644 security/manager/pki/resources/content/changepassword.xhtml
 create mode 100644 security/manager/pki/resources/content/clientauthask.js
 create mode 100644 security/manager/pki/resources/content/clientauthask.xhtml
 create mode 100644 security/manager/pki/resources/content/deletecert.css
 create mode 100644 security/manager/pki/resources/content/deletecert.js
 create mode 100644 security/manager/pki/resources/content/deletecert.xhtml
 create mode 100644 security/manager/pki/resources/content/device_manager.js
 create mode 100644 security/manager/pki/resources/content/device_manager.xhtml
 create mode 100644 security/manager/pki/resources/content/downloadcert.js
 create mode 100644 security/manager/pki/resources/content/downloadcert.xhtml
 create mode 100644 security/manager/pki/resources/content/editcacert.js
 create mode 100644 security/manager/pki/resources/content/editcacert.xhtml
 create mode 100644 security/manager/pki/resources/content/exceptionDialog.css
 create mode 100644 security/manager/pki/resources/content/exceptionDialog.js
 create mode 100644 security/manager/pki/resources/content/exceptionDialog.xhtml
 create mode 100644 security/manager/pki/resources/content/load_device.js
 create mode 100644 security/manager/pki/resources/content/load_device.xhtml
 create mode 100644 security/manager/pki/resources/content/pippki.js
 create mode 100644 security/manager/pki/resources/content/resetpassword.js
 create mode 100644 security/manager/pki/resources/content/resetpassword.xhtml
 create mode 100644 security/manager/pki/resources/content/setp12password.js
 create mode 100644 security/manager/pki/resources/content/setp12password.xhtml
 create mode 100644 security/manager/pki/resources/jar.mn
 create mode 100644 security/manager/pki/resources/moz.build
 create mode 100644 security/manager/ssl/AppSignatureVerification.cpp
 create mode 100644 security/manager/ssl/AppTrustDomain.cpp
 create mode 100644 security/manager/ssl/AppTrustDomain.h
 create mode 100644 security/manager/ssl/CertStorageMemoryReporting.cpp
 create mode 100644 security/manager/ssl/CommonSocketControl.cpp
 create mode 100644 security/manager/ssl/CommonSocketControl.h
 create mode 100644 security/manager/ssl/ContentSignatureVerifier.cpp
 create mode 100644 security/manager/ssl/ContentSignatureVerifier.h
 create mode 100644 security/manager/ssl/CredentialManagerSecret.cpp
 create mode 100644 security/manager/ssl/CredentialManagerSecret.h
 create mode 100644 security/manager/ssl/CryptoTask.cpp
 create mode 100644 security/manager/ssl/CryptoTask.h
 create mode 100644 security/manager/ssl/DER.sys.mjs
 create mode 100644 security/manager/ssl/DataStorage.cpp
 create mode 100644 security/manager/ssl/DataStorage.h
 create mode 100644 security/manager/ssl/DataStorageIPCUtils.h
 create mode 100644 security/manager/ssl/DataStorageList.h
 create mode 100644 security/manager/ssl/EnterpriseRoots.cpp
 create mode 100644 security/manager/ssl/EnterpriseRoots.h
 create mode 100644 security/manager/ssl/IPCClientCertsChild.cpp
 create mode 100644 security/manager/ssl/IPCClientCertsChild.h
 create mode 100644 security/manager/ssl/IPCClientCertsParent.cpp
 create mode 100644 security/manager/ssl/IPCClientCertsParent.h
 create mode 100644 security/manager/ssl/KeychainSecret.cpp
 create mode 100644 security/manager/ssl/KeychainSecret.h
 create mode 100644 security/manager/ssl/LibSecret.cpp
 create mode 100644 security/manager/ssl/LibSecret.h
 create mode 100644 security/manager/ssl/NSSErrorsService.cpp
 create mode 100644 security/manager/ssl/NSSErrorsService.h
 create mode 100644 security/manager/ssl/NSSKeyStore.cpp
 create mode 100644 security/manager/ssl/NSSKeyStore.h
 create mode 100644 security/manager/ssl/NSSSocketControl.cpp
 create mode 100644 security/manager/ssl/NSSSocketControl.h
 create mode 100644 security/manager/ssl/OSKeyStore.cpp
 create mode 100644 security/manager/ssl/OSKeyStore.h
 create mode 100644 security/manager/ssl/OSReauthenticator.cpp
 create mode 100644 security/manager/ssl/OSReauthenticator.h
 create mode 100644 security/manager/ssl/OSReauthenticatorDarwin.mm
 create mode 100644 security/manager/ssl/PIPCClientCerts.ipdl
 create mode 100644 security/manager/ssl/PKCS11ModuleDB.cpp
 create mode 100644 security/manager/ssl/PKCS11ModuleDB.h
 create mode 100644 security/manager/ssl/PSMIPCTypes.ipdlh
 create mode 100644 security/manager/ssl/PSMRunnable.cpp
 create mode 100644 security/manager/ssl/PSMRunnable.h
 create mode 100644 security/manager/ssl/PSelectTLSClientAuthCert.ipdl
 create mode 100644 security/manager/ssl/PVerifySSLServerCert.ipdl
 create mode 100644 security/manager/ssl/PublicKeyPinningService.cpp
 create mode 100644 security/manager/ssl/PublicKeyPinningService.h
 create mode 100644 security/manager/ssl/PublicSSL.h
 create mode 100644 security/manager/ssl/RemoteSecuritySettings.sys.mjs
 create mode 100644 security/manager/ssl/RootCertificateTelemetryUtils.cpp
 create mode 100644 security/manager/ssl/RootCertificateTelemetryUtils.h
 create mode 100644 security/manager/ssl/RootHashes.inc
 create mode 100644 security/manager/ssl/SSLServerCertVerification.cpp
 create mode 100644 security/manager/ssl/SSLServerCertVerification.h
 create mode 100644 security/manager/ssl/ScopedNSSTypes.h
 create mode 100644 security/manager/ssl/SecretDecoderRing.cpp
 create mode 100644 security/manager/ssl/SecretDecoderRing.h
 create mode 100644 security/manager/ssl/SelectTLSClientAuthCertChild.h
 create mode 100644 security/manager/ssl/SelectTLSClientAuthCertParent.h
 create mode 100644 security/manager/ssl/SharedCertVerifier.h
 create mode 100644 security/manager/ssl/SharedSSLState.cpp
 create mode 100644 security/manager/ssl/SharedSSLState.h
 create mode 100644 security/manager/ssl/StaticHPKPins.errors
 create mode 100644 security/manager/ssl/StaticHPKPins.h
 create mode 100644 security/manager/ssl/TLSClientAuthCertSelection.cpp
 create mode 100644 security/manager/ssl/TLSClientAuthCertSelection.h
 create mode 100644 security/manager/ssl/TransportSecurityInfo.cpp
 create mode 100644 security/manager/ssl/TransportSecurityInfo.h
 create mode 100644 security/manager/ssl/VerifySSLServerCertChild.cpp
 create mode 100644 security/manager/ssl/VerifySSLServerCertChild.h
 create mode 100644 security/manager/ssl/VerifySSLServerCertParent.cpp
 create mode 100644 security/manager/ssl/VerifySSLServerCertParent.h
 create mode 100644 security/manager/ssl/X509.sys.mjs
 create mode 100644 security/manager/ssl/X509CertValidity.cpp
 create mode 100644 security/manager/ssl/X509CertValidity.h
 create mode 100644 security/manager/ssl/addons-public-intermediate.crt
 create mode 100644 security/manager/ssl/addons-public.crt
 create mode 100644 security/manager/ssl/addons-stage.crt
 create mode 100644 security/manager/ssl/builtins/Cargo.toml
 create mode 100644 security/manager/ssl/builtins/build.rs
 create mode 100644 security/manager/ssl/builtins/dynamic-library/builtins.symbols
 create mode 100644 security/manager/ssl/builtins/dynamic-library/moz.build
 create mode 100644 security/manager/ssl/builtins/dynamic-library/stub.c
 create mode 100644 security/manager/ssl/builtins/dynamic-library/stub.cpp
 create mode 100644 security/manager/ssl/builtins/moz.build
 create mode 100644 security/manager/ssl/builtins/src/certdata.rs
 create mode 100644 security/manager/ssl/builtins/src/internal.rs
 create mode 100644 security/manager/ssl/builtins/src/lib.rs
 create mode 100644 security/manager/ssl/builtins/src/pkcs11.rs
 create mode 100644 security/manager/ssl/builtins/src/version.rs
 create mode 100644 security/manager/ssl/cert_storage/Cargo.toml
 create mode 100644 security/manager/ssl/cert_storage/src/cert_storage.h
 create mode 100644 security/manager/ssl/cert_storage/src/lib.rs
 create mode 100644 security/manager/ssl/components.conf
 create mode 100644 security/manager/ssl/content-signature-local.crt
 create mode 100644 security/manager/ssl/content-signature-prod.crt
 create mode 100644 security/manager/ssl/content-signature-stage.crt
 create mode 100644 security/manager/ssl/crashtests/398665-1.html
 create mode 100644 security/manager/ssl/crashtests/crashtests.list
 create mode 100644 security/manager/ssl/crypto_hash/Cargo.toml
 create mode 100644 security/manager/ssl/crypto_hash/crypto_hash.h
 create mode 100644 security/manager/ssl/crypto_hash/src/lib.rs
 create mode 100644 security/manager/ssl/gen_cert_header.py
 create mode 100644 security/manager/ssl/ipcclientcerts/Cargo.toml
 create mode 100644 security/manager/ssl/ipcclientcerts/dynamic-library/ipcclientcerts.symbols
 create mode 100644 security/manager/ssl/ipcclientcerts/dynamic-library/moz.build
 create mode 100644 security/manager/ssl/ipcclientcerts/dynamic-library/stub.c
 create mode 100644 security/manager/ssl/ipcclientcerts/dynamic-library/stub.cpp
 create mode 100644 security/manager/ssl/ipcclientcerts/moz.build
 create mode 100644 security/manager/ssl/ipcclientcerts/src/backend.rs
 create mode 100644 security/manager/ssl/ipcclientcerts/src/lib.rs
 create mode 100644 security/manager/ssl/md4.c
 create mode 100644 security/manager/ssl/md4.h
 create mode 100644 security/manager/ssl/moz.build
 create mode 100644 security/manager/ssl/nsCertOverrideService.cpp
 create mode 100644 security/manager/ssl/nsCertOverrideService.h
 create mode 100644 security/manager/ssl/nsCertTree.cpp
 create mode 100644 security/manager/ssl/nsCertTree.h
 create mode 100644 security/manager/ssl/nsClientAuthRemember.cpp
 create mode 100644 security/manager/ssl/nsClientAuthRemember.h
 create mode 100644 security/manager/ssl/nsICertOverrideService.idl
 create mode 100644 security/manager/ssl/nsICertStorage.idl
 create mode 100644 security/manager/ssl/nsICertTree.idl
 create mode 100644 security/manager/ssl/nsICertificateDialogs.idl
 create mode 100644 security/manager/ssl/nsIClientAuthDialogs.idl
 create mode 100644 security/manager/ssl/nsIClientAuthRememberService.idl
 create mode 100644 security/manager/ssl/nsIContentSignatureVerifier.idl
 create mode 100644 security/manager/ssl/nsICryptoHash.idl
 create mode 100644 security/manager/ssl/nsINSSComponent.idl
 create mode 100644 security/manager/ssl/nsINSSErrorsService.idl
 create mode 100644 security/manager/ssl/nsINSSVersion.idl
 create mode 100644 security/manager/ssl/nsIOSKeyStore.idl
 create mode 100644 security/manager/ssl/nsIOSReauthenticator.idl
 create mode 100644 security/manager/ssl/nsIPK11Token.idl
 create mode 100644 security/manager/ssl/nsIPK11TokenDB.idl
 create mode 100644 security/manager/ssl/nsIPKCS11Module.idl
 create mode 100644 security/manager/ssl/nsIPKCS11ModuleDB.idl
 create mode 100644 security/manager/ssl/nsIPKCS11Slot.idl
 create mode 100644 security/manager/ssl/nsIPublicKeyPinningService.idl
 create mode 100644 security/manager/ssl/nsISecretDecoderRing.idl
 create mode 100644 security/manager/ssl/nsISecurityUITelemetry.idl
 create mode 100644 security/manager/ssl/nsISiteSecurityService.idl
 create mode 100644 security/manager/ssl/nsITLSSocketControl.idl
 create mode 100644 security/manager/ssl/nsITokenPasswordDialogs.idl
 create mode 100644 security/manager/ssl/nsITransportSecurityInfo.idl
 create mode 100644 security/manager/ssl/nsIX509Cert.idl
 create mode 100644 security/manager/ssl/nsIX509CertDB.idl
 create mode 100644 security/manager/ssl/nsIX509CertValidity.idl
 create mode 100644 security/manager/ssl/nsNSSCallbacks.cpp
 create mode 100644 security/manager/ssl/nsNSSCallbacks.h
 create mode 100644 security/manager/ssl/nsNSSCertHelper.cpp
 create mode 100644 security/manager/ssl/nsNSSCertHelper.h
 create mode 100644 security/manager/ssl/nsNSSCertTrust.cpp
 create mode 100644 security/manager/ssl/nsNSSCertTrust.h
 create mode 100644 security/manager/ssl/nsNSSCertificate.cpp
 create mode 100644 security/manager/ssl/nsNSSCertificate.h
 create mode 100644 security/manager/ssl/nsNSSCertificateDB.cpp
 create mode 100644 security/manager/ssl/nsNSSCertificateDB.h
 create mode 100644 security/manager/ssl/nsNSSComponent.cpp
 create mode 100644 security/manager/ssl/nsNSSComponent.h
 create mode 100644 security/manager/ssl/nsNSSHelper.h
 create mode 100644 security/manager/ssl/nsNSSIOLayer.cpp
 create mode 100644 security/manager/ssl/nsNSSIOLayer.h
 create mode 100644 security/manager/ssl/nsNSSModule.cpp
 create mode 100644 security/manager/ssl/nsNSSModule.h
 create mode 100644 security/manager/ssl/nsNSSVersion.cpp
 create mode 100644 security/manager/ssl/nsNSSVersion.h
 create mode 100644 security/manager/ssl/nsNTLMAuthModule.cpp
 create mode 100644 security/manager/ssl/nsNTLMAuthModule.h
 create mode 100644 security/manager/ssl/nsPK11TokenDB.cpp
 create mode 100644 security/manager/ssl/nsPK11TokenDB.h
 create mode 100644 security/manager/ssl/nsPKCS11Slot.cpp
 create mode 100644 security/manager/ssl/nsPKCS11Slot.h
 create mode 100644 security/manager/ssl/nsPKCS12Blob.cpp
 create mode 100644 security/manager/ssl/nsPKCS12Blob.h
 create mode 100644 security/manager/ssl/nsRandomGenerator.cpp
 create mode 100644 security/manager/ssl/nsRandomGenerator.h
 create mode 100644 security/manager/ssl/nsSSLSocketProvider.cpp
 create mode 100644 security/manager/ssl/nsSSLSocketProvider.h
 create mode 100644 security/manager/ssl/nsSTSPreloadList.inc
 create mode 100644 security/manager/ssl/nsSecureBrowserUI.cpp
 create mode 100644 security/manager/ssl/nsSecureBrowserUI.h
 create mode 100644 security/manager/ssl/nsSecurityHeaderParser.cpp
 create mode 100644 security/manager/ssl/nsSecurityHeaderParser.h
 create mode 100644 security/manager/ssl/nsSiteSecurityService.cpp
 create mode 100644 security/manager/ssl/nsSiteSecurityService.h
 create mode 100644 security/manager/ssl/nsTLSSocketProvider.cpp
 create mode 100644 security/manager/ssl/nsTLSSocketProvider.h
 create mode 100644 security/manager/ssl/nsVerificationJob.h
 create mode 100644 security/manager/ssl/osclientcerts/Cargo.toml
 create mode 100644 security/manager/ssl/osclientcerts/dynamic-library/moz.build
 create mode 100644 security/manager/ssl/osclientcerts/dynamic-library/osclientcerts.symbols
 create mode 100644 security/manager/ssl/osclientcerts/dynamic-library/stub.cpp
 create mode 100644 security/manager/ssl/osclientcerts/moz.build
 create mode 100644 security/manager/ssl/osclientcerts/src/backend_macos.rs
 create mode 100644 security/manager/ssl/osclientcerts/src/backend_windows.rs
 create mode 100644 security/manager/ssl/osclientcerts/src/bindings_macos.rs
 create mode 100644 security/manager/ssl/osclientcerts/src/lib.rs
 create mode 100644 security/manager/ssl/osclientcerts/test/certificate.bin
 create mode 100644 security/manager/ssl/osclientcerts/test/modulus.bin
 create mode 100644 security/manager/ssl/osclientcerts/test/rsa.bin
 create mode 100644 security/manager/ssl/rsclientcerts/Cargo.toml
 create mode 100644 security/manager/ssl/rsclientcerts/src/error.rs
 create mode 100644 security/manager/ssl/rsclientcerts/src/lib.rs
 create mode 100644 security/manager/ssl/rsclientcerts/src/manager.rs
 create mode 100644 security/manager/ssl/rsclientcerts/src/util.rs
 create mode 100644 security/manager/ssl/rsclientcerts/test/certificate.bin
 create mode 100644 security/manager/ssl/rsclientcerts/test/modulus.bin
 create mode 100644 security/manager/ssl/rsclientcerts/test/rsa.bin
 create mode 100644 security/manager/ssl/tests/.eslintrc.js
 create mode 100644 security/manager/ssl/tests/gtest/CertDBTest.cpp
 create mode 100644 security/manager/ssl/tests/gtest/CoseTest.cpp
 create mode 100644 security/manager/ssl/tests/gtest/DataStorageTest.cpp
 create mode 100644 security/manager/ssl/tests/gtest/DeserializeCertTest.cpp
 create mode 100644 security/manager/ssl/tests/gtest/HMACTest.cpp
 create mode 100644 security/manager/ssl/tests/gtest/MD4Test.cpp
 create mode 100644 security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
 create mode 100644 security/manager/ssl/tests/gtest/README.txt
 create mode 100644 security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
 create mode 100644 security/manager/ssl/tests/gtest/moz.build
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser.ini
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_HSTS.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_clientAuthRememberService.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.html
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ca.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/code-ee.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/email-ee.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/expired-ca.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-cn.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-o.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-ou.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/head.js
 create mode 100644 security/manager/ssl/tests/mochitest/browser/hsts_headers.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/browser/hsts_headers_framed.html
 create mode 100644 security/manager/ssl/tests/mochitest/browser/intermediate.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/intermediate.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/invalid.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/longOID.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/longOID.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/md5-ee.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/moz.build
 create mode 100644 security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/revoked.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/some_content.html
 create mode 100644 security/manager/ssl/tests/mochitest/browser/some_content_framed.html
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ssl-ee.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem
 create mode 100644 security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/backward.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/download.auto
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/moz.build
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
 create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
 create mode 100644 security/manager/ssl/tests/mochitest/moz.build
 create mode 100644 security/manager/ssl/tests/moz.build
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.key
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/expired-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredINT.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mitm.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/mitm.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/noValidNames.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValid.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.key
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-int.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/v1Cert.pem
 create mode 100644 security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/corrupted_crlite_helper.js
 create mode 100755 security/manager/ssl/tests/unit/crlite_enrollment_id.py
 create mode 100755 security/manager/ssl/tests/unit/crlite_key.py
 create mode 100644 security/manager/ssl/tests/unit/head_psm.js
 create mode 100644 security/manager/ssl/tests/unit/moz.build
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-int.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem
 create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/pkcs11testmodule/moz.build
 create mode 100644 security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp
 create mode 100644 security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols
 create mode 100644 security/manager/ssl/tests/unit/requirements.txt
 create mode 100755 security/manager/ssl/tests/unit/sign_app.py
 create mode 100644 security/manager/ssl/tests/unit/test_add_preexisting_cert.js
 create mode 100644 security/manager/ssl/tests/unit/test_allow_all_cert_errors.js
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
 create mode 100644 security/manager/ssl/tests/unit/test_blocklist_onecrl.js
 create mode 100644 security/manager/ssl/tests/unit/test_broken_fips.js
 create mode 100644 security/manager/ssl/tests/unit/test_broken_fips/key4.db
 create mode 100644 security/manager/ssl/tests/unit/test_broken_fips/pkcs11.txt
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_export_pkcs12.js
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import.js
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_emptypass.pfx
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_nopass.pfx
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/encrypted_with_aes.p12
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
 create mode 100644 security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_chains.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_dbKey.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_expiration_canary.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db
 create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_override_read.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_overrides.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_overrides_read_only.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_overrides_read_only/cert9.db
 create mode 100644 security/manager/ssl/tests/unit/test_cert_overrides_read_only/key4.db
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_broken_db.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_direct.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert-issuer.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_direct/test-filter.crlite
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert-issuer.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter
 create mode 100644 security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin
 create mode 100644 security/manager/ssl/tests/unit/test_cert_trust.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_utf8.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version.js
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec
 create mode 100755 security/manager/ssl/tests/unit/test_cert_version/generate.py
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem
 create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_client_auth_remember_service/ClientAuthRememberList.txt
 create mode 100644 security/manager/ssl/tests/unit/test_client_auth_remember_service_read.js
 create mode 100644 security/manager/ssl/tests/unit/test_constructX509FromBase64.js
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing.js
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/pysign.py
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/test.txt
 create mode 100644 security/manager/ssl/tests/unit/test_content_signing/test.txt.signature
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/bad.stash
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/hash-alg-0.filter
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-issuer-id.enrollment
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-log-id.coverage
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-max-timestamp.coverage
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-min-timestamp.coverage
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.coverage
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.enrollment
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_coverage_missing.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_coverage_trunc1.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_coverage_trunc2.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_coverage_trunc3.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_coverage_version.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_enrollment_trunc1.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_enrollment_version.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filter_corrupted.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/20201017-0-filter
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/20201017-1-filter.stash
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/20201201-3-filter.stash
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/issuer.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/no-sct-issuer.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/no-sct.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/notcovered.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash-2.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/revoked.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_filters/valid.pem
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_preexisting.js
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.coverage
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.enrollment
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.stash
 create mode 100644 security/manager/ssl/tests/unit/test_crlite_stash_corrupted.js
 create mode 100644 security/manager/ssl/tests/unit/test_ct.js
 create mode 100644 security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ct/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/test_ct/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_ct/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ct/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ct/test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ct/test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_db_format_pref_new.js
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials.js
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_der.js
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello.js
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_encrypted_client_hello_client_only.js
 create mode 100644 security/manager/ssl/tests/unit/test_enterprise_roots.js
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs.js
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.key
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/test-int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_faulty_server/test-int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
 create mode 100644 security/manager/ssl/tests/unit/test_hash_algorithms.js
 create mode 100644 security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads.js
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem
 create mode 100644 security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize.js
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev.js
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.key
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_logoutAndTeardown.js
 create mode 100644 security/manager/ssl/tests/unit/test_missing_intermediate.js
 create mode 100644 security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem
 create mode 100644 security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints.js
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/dciss.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem
 create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_nonascii_path.js
 create mode 100644 security/manager/ssl/tests/unit/test_nsCertType.js
 create mode 100644 security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
 create mode 100644 security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_caching.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_must_staple.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_private_caching.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_required.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_stapling.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_timeout.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url.js
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.key
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
 create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_osclientcerts_module.js
 create mode 100644 security/manager/ssl/tests/unit/test_oskeystore.js
 create mode 100644 security/manager/ssl/tests/unit/test_osreauthenticator.js
 create mode 100644 security/manager/ssl/tests/unit/test_password_prompt.js
 create mode 100644 security/manager/ssl/tests/unit/test_pinning.js
 create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_module.js
 create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_moduleDB.js
 create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
 create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_slot.js
 create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_token.js
 create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/apple-ist-ca-8-g1-intermediate.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/cds-apple-com.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/default-ee.key
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/default-ee.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/default-ee.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/default-ee.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_sanctions_symantec_apple_google.js
 create mode 100644 security/manager/ssl/tests/unit/test_sdr.js
 create mode 100644 security/manager/ssl/tests/unit/test_sdr_preexisting.js
 create mode 100644 security/manager/ssl/tests/unit/test_sdr_preexisting/key4.db
 create mode 100644 security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
 create mode 100644 security/manager/ssl/tests/unit/test_sdr_preexisting_with_password/key4.db
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs.js
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/cert9.db
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem
 create mode 100644 security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_session_resumption.js
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps.js
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app/README
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app/data/image.png
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app/manifest.json
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.manifest
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.sig
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/README
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/data/image.png
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/manifest.json
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-ES384.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-PS256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-PS256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/big_manifest.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/bug_1411458.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/cose_int_signed_with_pkcs7.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed_with_pkcs7.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/cose_signed_with_pkcs7.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/cose_tampered_good_pkcs7.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/empty_signerInfos.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/huge_manifest.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/moz.build
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/only_cose_multiple_signed.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/only_cose_signed.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/unsigned_app.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/validity_expired.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/validity_not_yet_valid.zip
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.der
 create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_ssl_status.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_eviction.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_originAttributes.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate_empty.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate_huge.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_resetState.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js
 create mode 100644 security/manager/ssl/tests/unit/test_sss_savestate.js
 create mode 100644 security/manager/ssl/tests/unit/test_sts_fqdn.js
 create mode 100644 security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
 create mode 100644 security/manager/ssl/tests/unit/test_sts_parser.js
 create mode 100644 security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
 create mode 100644 security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
 create mode 100644 security/manager/ssl/tests/unit/test_validity.js
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.key
 create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec
 create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.pem
 create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec
 create mode 100644 security/manager/ssl/tests/unit/test_x509.js
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/BadCertAndPinningServer.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/DelegatedCredentialsServer.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/EncryptedClientHelloServer.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/SanctionsTestServer.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/moz.build
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/default-ee.der
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/moz.build
 create mode 100644 security/manager/ssl/tests/unit/tlsserver/moz.build
 create mode 100644 security/manager/ssl/tests/unit/xpcshell-smartcards.ini
 create mode 100644 security/manager/ssl/tests/unit/xpcshell.ini
 create mode 100644 security/manager/tools/.eslintrc.js
 create mode 100644 security/manager/tools/KnownRootHashes.json
 create mode 100644 security/manager/tools/PreloadedHPKPins.json
 create mode 100644 security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py
 create mode 100644 security/manager/tools/crtshToIdentifyingStruct/requirements.txt
 create mode 100644 security/manager/tools/dumpGoogleRoots.js
 create mode 100644 security/manager/tools/genRootCAHashes.js
 create mode 100755 security/manager/tools/getCTKnownLogs.py
 create mode 100644 security/manager/tools/log_list.json
 create mode 100644 security/manager/tools/mach_commands.py
 create mode 100755 security/manager/tools/pycert.py
 create mode 100755 security/manager/tools/pycms.py
 create mode 100644 security/manager/tools/pyct.py
 create mode 100755 security/manager/tools/pykey.py
 create mode 100644 security/manager/tools/pypkcs12.py

(limited to 'security/manager')

diff --git a/security/manager/android_stub.h b/security/manager/android_stub.h
new file mode 100644
index 0000000000..8e83f76568
--- /dev/null
+++ b/security/manager/android_stub.h
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file allows NSS to build by stubbing out
+ * features that aren't provided by Android/Bionic */
+
+#ifndef ANDROID_STUB_H
+#define ANDROID_STUB_H
+
+/* sysinfo is defined but not implemented.
+ * we may be able to implement it ourselves. */
+#define _SYS_SYSINFO_H_
+
+#include <sys/cdefs.h>
+#include <sys/resource.h>
+#include <linux/kernel.h>
+#include <unistd.h>
+
+#ifndef ANDROID_VERSION
+#  include <android/api-level.h>
+#  define ANDROID_VERSION __ANDROID_API__
+#endif
+
+#if ANDROID_VERSION < 21
+#  define RTLD_NOLOAD 0
+#endif
+
+#define sysinfo(foo) -1
+
+#endif /* ANDROID_STUB_H */
diff --git a/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties b/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties
new file mode 100644
index 0000000000..d698db12af
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties
@@ -0,0 +1,331 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SSL_ERROR_EXPORT_ONLY_SERVER=Unable to communicate securely. Peer does not support high-grade encryption.
+SSL_ERROR_US_ONLY_SERVER=Unable to communicate securely. Peer requires high-grade encryption which is not supported.
+SSL_ERROR_NO_CYPHER_OVERLAP=Cannot communicate securely with peer: no common encryption algorithm(s).
+SSL_ERROR_NO_CERTIFICATE=Unable to find the certificate or key necessary for authentication.
+SSL_ERROR_BAD_CERTIFICATE=Unable to communicate securely with peer: peers’s certificate was rejected.
+SSL_ERROR_BAD_CLIENT=The server has encountered bad data from the client.
+SSL_ERROR_BAD_SERVER=The client has encountered bad data from the server.
+SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE=Unsupported certificate type.
+SSL_ERROR_UNSUPPORTED_VERSION=Peer using unsupported version of security protocol.
+SSL_ERROR_WRONG_CERTIFICATE=Client authentication failed: private key in key database does not match public key in certificate database.
+SSL_ERROR_BAD_CERT_DOMAIN=Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
+SSL_ERROR_POST_WARNING=Unrecognized SSL error code.
+SSL_ERROR_SSL2_DISABLED=Peer only supports SSL version 2, which is locally disabled.
+SSL_ERROR_BAD_MAC_READ=SSL received a record with an incorrect Message Authentication Code.
+SSL_ERROR_BAD_MAC_ALERT=SSL peer reports incorrect Message Authentication Code.
+SSL_ERROR_BAD_CERT_ALERT=SSL peer cannot verify your certificate.
+SSL_ERROR_REVOKED_CERT_ALERT=SSL peer rejected your certificate as revoked.
+SSL_ERROR_EXPIRED_CERT_ALERT=SSL peer rejected your certificate as expired.
+SSL_ERROR_SSL_DISABLED=Cannot connect: SSL is disabled.
+SSL_ERROR_FORTEZZA_PQG=Cannot connect: SSL peer is in another FORTEZZA domain.
+SSL_ERROR_UNKNOWN_CIPHER_SUITE=An unknown SSL cipher suite has been requested.
+SSL_ERROR_NO_CIPHERS_SUPPORTED=No cipher suites are present and enabled in this program.
+SSL_ERROR_BAD_BLOCK_PADDING=SSL received a record with bad block padding.
+SSL_ERROR_RX_RECORD_TOO_LONG=SSL received a record that exceeded the maximum permissible length.
+SSL_ERROR_TX_RECORD_TOO_LONG=SSL attempted to send a record that exceeded the maximum permissible length.
+SSL_ERROR_RX_MALFORMED_HELLO_REQUEST=SSL received a malformed Hello Request handshake message.
+SSL_ERROR_RX_MALFORMED_CLIENT_HELLO=SSL received a malformed Client Hello handshake message.
+SSL_ERROR_RX_MALFORMED_SERVER_HELLO=SSL received a malformed Server Hello handshake message.
+SSL_ERROR_RX_MALFORMED_CERTIFICATE=SSL received a malformed Certificate handshake message.
+SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH=SSL received a malformed Server Key Exchange handshake message.
+SSL_ERROR_RX_MALFORMED_CERT_REQUEST=SSL received a malformed Certificate Request handshake message.
+SSL_ERROR_RX_MALFORMED_HELLO_DONE=SSL received a malformed Server Hello Done handshake message.
+SSL_ERROR_RX_MALFORMED_CERT_VERIFY=SSL received a malformed Certificate Verify handshake message.
+SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH=SSL received a malformed Client Key Exchange handshake message.
+SSL_ERROR_RX_MALFORMED_FINISHED=SSL received a malformed Finished handshake message.
+SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER=SSL received a malformed Change Cipher Spec record.
+SSL_ERROR_RX_MALFORMED_ALERT=SSL received a malformed Alert record.
+SSL_ERROR_RX_MALFORMED_HANDSHAKE=SSL received a malformed Handshake record.
+SSL_ERROR_RX_MALFORMED_APPLICATION_DATA=SSL received a malformed Application Data record.
+SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST=SSL received an unexpected Hello Request handshake message.
+SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO=SSL received an unexpected Client Hello handshake message.
+SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO=SSL received an unexpected Server Hello handshake message.
+SSL_ERROR_RX_UNEXPECTED_CERTIFICATE=SSL received an unexpected Certificate handshake message.
+SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH=SSL received an unexpected Server Key Exchange handshake message.
+SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST=SSL received an unexpected Certificate Request handshake message.
+SSL_ERROR_RX_UNEXPECTED_HELLO_DONE=SSL received an unexpected Server Hello Done handshake message.
+SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY=SSL received an unexpected Certificate Verify handshake message.
+SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH=SSL received an unexpected Client Key Exchange handshake message.
+SSL_ERROR_RX_UNEXPECTED_FINISHED=SSL received an unexpected Finished handshake message.
+SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER=SSL received an unexpected Change Cipher Spec record.
+SSL_ERROR_RX_UNEXPECTED_ALERT=SSL received an unexpected Alert record.
+SSL_ERROR_RX_UNEXPECTED_HANDSHAKE=SSL received an unexpected Handshake record.
+SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA=SSL received an unexpected Application Data record.
+SSL_ERROR_RX_UNKNOWN_RECORD_TYPE=SSL received a record with an unknown content type.
+SSL_ERROR_RX_UNKNOWN_HANDSHAKE=SSL received a handshake message with an unknown message type.
+SSL_ERROR_RX_UNKNOWN_ALERT=SSL received an alert record with an unknown alert description.
+SSL_ERROR_CLOSE_NOTIFY_ALERT=SSL peer has closed this connection.
+SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT=SSL peer was not expecting a handshake message it received.
+SSL_ERROR_DECOMPRESSION_FAILURE_ALERT=SSL peer was unable to successfully decompress an SSL record it received.
+SSL_ERROR_HANDSHAKE_FAILURE_ALERT=SSL peer was unable to negotiate an acceptable set of security parameters.
+SSL_ERROR_ILLEGAL_PARAMETER_ALERT=SSL peer rejected a handshake message for unacceptable content.
+SSL_ERROR_UNSUPPORTED_CERT_ALERT=SSL peer does not support certificates of the type it received.
+SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT=SSL peer had some unspecified issue with the certificate it received.
+SSL_ERROR_GENERATE_RANDOM_FAILURE=SSL experienced a failure of its random number generator.
+SSL_ERROR_SIGN_HASHES_FAILURE=Unable to digitally sign data required to verify your certificate.
+SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE=SSL was unable to extract the public key from the peer’s certificate.
+SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE=Unspecified failure while processing SSL Server Key Exchange handshake.
+SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE=Unspecified failure while processing SSL Client Key Exchange handshake.
+SSL_ERROR_ENCRYPTION_FAILURE=Bulk data encryption algorithm failed in selected cipher suite.
+SSL_ERROR_DECRYPTION_FAILURE=Bulk data decryption algorithm failed in selected cipher suite.
+SSL_ERROR_SOCKET_WRITE_FAILURE=Attempt to write encrypted data to underlying socket failed.
+SSL_ERROR_MD5_DIGEST_FAILURE=MD5 digest function failed.
+SSL_ERROR_SHA_DIGEST_FAILURE=SHA-1 digest function failed.
+SSL_ERROR_MAC_COMPUTATION_FAILURE=MAC computation failed.
+SSL_ERROR_SYM_KEY_CONTEXT_FAILURE=Failure to create Symmetric Key context.
+SSL_ERROR_SYM_KEY_UNWRAP_FAILURE=Failure to unwrap the Symmetric key in Client Key Exchange message.
+SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED=SSL Server attempted to use domestic-grade public key with export cipher suite.
+SSL_ERROR_IV_PARAM_FAILURE=PKCS11 code failed to translate an IV into a param.
+SSL_ERROR_INIT_CIPHER_SUITE_FAILURE=Failed to initialize the selected cipher suite.
+SSL_ERROR_SESSION_KEY_GEN_FAILURE=Client failed to generate session keys for SSL session.
+SSL_ERROR_NO_SERVER_KEY_FOR_ALG=Server has no key for the attempted key exchange algorithm.
+SSL_ERROR_TOKEN_INSERTION_REMOVAL=PKCS#11 token was inserted or removed while operation was in progress.
+SSL_ERROR_TOKEN_SLOT_NOT_FOUND=No PKCS#11 token could be found to do a required operation.
+SSL_ERROR_NO_COMPRESSION_OVERLAP=Cannot communicate securely with peer: no common compression algorithm(s).
+SSL_ERROR_HANDSHAKE_NOT_COMPLETED=Cannot initiate another SSL handshake until current handshake is complete.
+SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE=Received incorrect handshakes hash values from peer.
+SSL_ERROR_CERT_KEA_MISMATCH=The certificate provided cannot be used with the selected key exchange algorithm.
+SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA=No certificate authority is trusted for SSL client authentication.
+SSL_ERROR_SESSION_NOT_FOUND=Client’s SSL session ID not found in server’s session cache.
+SSL_ERROR_DECRYPTION_FAILED_ALERT=Peer was unable to decrypt an SSL record it received.
+SSL_ERROR_RECORD_OVERFLOW_ALERT=Peer received an SSL record that was longer than is permitted.
+SSL_ERROR_UNKNOWN_CA_ALERT=Peer does not recognize and trust the CA that issued your certificate.
+SSL_ERROR_ACCESS_DENIED_ALERT=Peer received a valid certificate, but access was denied.
+SSL_ERROR_DECODE_ERROR_ALERT=Peer could not decode an SSL handshake message.
+SSL_ERROR_DECRYPT_ERROR_ALERT=Peer reports failure of signature verification or key exchange.
+SSL_ERROR_EXPORT_RESTRICTION_ALERT=Peer reports negotiation not in compliance with export regulations.
+SSL_ERROR_PROTOCOL_VERSION_ALERT=Peer reports incompatible or unsupported protocol version.
+SSL_ERROR_INSUFFICIENT_SECURITY_ALERT=Server requires ciphers more secure than those supported by client.
+SSL_ERROR_INTERNAL_ERROR_ALERT=Peer reports it experienced an internal error.
+SSL_ERROR_USER_CANCELED_ALERT=Peer user canceled handshake.
+SSL_ERROR_NO_RENEGOTIATION_ALERT=Peer does not permit renegotiation of SSL security parameters.
+SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED=SSL server cache not configured and not disabled for this socket.
+SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT=SSL peer does not support requested TLS hello extension.
+SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT=SSL peer could not obtain your certificate from the supplied URL.
+SSL_ERROR_UNRECOGNIZED_NAME_ALERT=SSL peer has no certificate for the requested DNS name.
+SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT=SSL peer was unable to get an OCSP response for its certificate.
+SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT=SSL peer reported bad certificate hash value.
+SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET=SSL received an unexpected New Session Ticket handshake message.
+SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET=SSL received a malformed New Session Ticket handshake message.
+SSL_ERROR_DECOMPRESSION_FAILURE=SSL received a compressed record that could not be decompressed.
+SSL_ERROR_RENEGOTIATION_NOT_ALLOWED=Renegotiation is not allowed on this SSL socket.
+SSL_ERROR_UNSAFE_NEGOTIATION=Peer attempted old style (potentially vulnerable) handshake.
+SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD=SSL received an unexpected uncompressed record.
+SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY=SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.
+SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID=SSL received invalid NPN extension data.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2=SSL feature not supported for SSL 2.0 connections.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS=SSL feature not supported for servers.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS=SSL feature not supported for clients.
+SSL_ERROR_INVALID_VERSION_RANGE=SSL version range is not valid.
+SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION=SSL peer selected a cipher suite disallowed for the selected protocol version.
+SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST=SSL received a malformed Hello Verify Request handshake message.
+SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST=SSL received an unexpected Hello Verify Request handshake message.
+SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION=SSL feature not supported for the protocol version.
+SSL_ERROR_RX_UNEXPECTED_CERT_STATUS=SSL received an unexpected Certificate Status handshake message.
+SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM=Unsupported hash algorithm used by TLS peer.
+SSL_ERROR_DIGEST_FAILURE=Digest function failed.
+SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM=Incorrect signature algorithm specified in a digitally-signed element.
+SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK=The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.
+SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL=The server supports no protocols that the client advertises in the ALPN extension.
+SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT=The server rejected the handshake because the client downgraded to a lower TLS version than the server supports.
+SSL_ERROR_WEAK_SERVER_CERT_KEY=The server certificate included a public key that was too weak.
+SSL_ERROR_RX_SHORT_DTLS_READ=Not enough room in buffer for DTLS record.
+SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM=No supported TLS signature algorithm was configured.
+SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM=The peer used an unsupported combination of signature and hash algorithm.
+SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET=The peer tried to resume without a correct extended_master_secret extension.
+SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET=The peer tried to resume with an unexpected extended_master_secret extension.
+SEC_ERROR_IO=An I/O error occurred during security authorization.
+SEC_ERROR_LIBRARY_FAILURE=security library failure.
+SEC_ERROR_BAD_DATA=security library: received bad data.
+SEC_ERROR_OUTPUT_LEN=security library: output length error.
+SEC_ERROR_INPUT_LEN=security library has experienced an input length error.
+SEC_ERROR_INVALID_ARGS=security library: invalid arguments.
+SEC_ERROR_INVALID_ALGORITHM=security library: invalid algorithm.
+SEC_ERROR_INVALID_AVA=security library: invalid AVA.
+SEC_ERROR_INVALID_TIME=Improperly formatted time string.
+SEC_ERROR_BAD_DER=security library: improperly formatted DER-encoded message.
+SEC_ERROR_BAD_SIGNATURE=Peer’s certificate has an invalid signature.
+SEC_ERROR_EXPIRED_CERTIFICATE=Peer’s Certificate has expired.
+SEC_ERROR_REVOKED_CERTIFICATE=Peer’s Certificate has been revoked.
+SEC_ERROR_UNKNOWN_ISSUER=Peer’s Certificate issuer is not recognized.
+SEC_ERROR_BAD_KEY=Peer’s public key is invalid.
+SEC_ERROR_BAD_PASSWORD=The security password entered is incorrect.
+SEC_ERROR_RETRY_PASSWORD=New password entered incorrectly. Please try again.
+SEC_ERROR_NO_NODELOCK=security library: no nodelock.
+SEC_ERROR_BAD_DATABASE=security library: bad database.
+SEC_ERROR_NO_MEMORY=security library: memory allocation failure.
+SEC_ERROR_UNTRUSTED_ISSUER=Peer’s certificate issuer has been marked as not trusted by the user.
+SEC_ERROR_UNTRUSTED_CERT=Peer’s certificate has been marked as not trusted by the user.
+SEC_ERROR_DUPLICATE_CERT=Certificate already exists in your database.
+SEC_ERROR_DUPLICATE_CERT_NAME=Downloaded certificate’s name duplicates one already in your database.
+SEC_ERROR_ADDING_CERT=Error adding certificate to database.
+SEC_ERROR_FILING_KEY=Error refiling the key for this certificate.
+SEC_ERROR_NO_KEY=The private key for this certificate cannot be found in key database
+SEC_ERROR_CERT_VALID=This certificate is valid.
+SEC_ERROR_CERT_NOT_VALID=This certificate is not valid.
+SEC_ERROR_CERT_NO_RESPONSE=Cert Library: No Response
+SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE=The certificate issuer’s certificate has expired. Check your system date and time.
+SEC_ERROR_CRL_EXPIRED=The CRL for the certificate’s issuer has expired. Update it or check your system date and time.
+SEC_ERROR_CRL_BAD_SIGNATURE=The CRL for the certificate’s issuer has an invalid signature.
+SEC_ERROR_CRL_INVALID=New CRL has an invalid format.
+SEC_ERROR_EXTENSION_VALUE_INVALID=Certificate extension value is invalid.
+SEC_ERROR_EXTENSION_NOT_FOUND=Certificate extension not found.
+SEC_ERROR_CA_CERT_INVALID=Issuer certificate is invalid.
+SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID=Certificate path length constraint is invalid.
+SEC_ERROR_CERT_USAGES_INVALID=Certificate usages field is invalid.
+SEC_INTERNAL_ONLY=**Internal ONLY module**
+SEC_ERROR_INVALID_KEY=The key does not support the requested operation.
+SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION=Certificate contains unknown critical extension.
+SEC_ERROR_OLD_CRL=New CRL is not later than the current one.
+SEC_ERROR_NO_EMAIL_CERT=Not encrypted or signed: you do not yet have an email certificate.
+SEC_ERROR_NO_RECIPIENT_CERTS_QUERY=Not encrypted: you do not have certificates for each of the recipients.
+SEC_ERROR_NOT_A_RECIPIENT=Cannot decrypt: you are not a recipient, or matching certificate and private key not found.
+SEC_ERROR_PKCS7_KEYALG_MISMATCH=Cannot decrypt: key encryption algorithm does not match your certificate.
+SEC_ERROR_PKCS7_BAD_SIGNATURE=Signature verification failed: no signer found, too many signers found, or improper or corrupted data.
+SEC_ERROR_UNSUPPORTED_KEYALG=Unsupported or unknown key algorithm.
+SEC_ERROR_DECRYPTION_DISALLOWED=Cannot decrypt: encrypted using a disallowed algorithm or key size.
+XP_SEC_FORTEZZA_BAD_CARD=Fortezza card has not been properly initialized. Please remove it and return it to your issuer.
+XP_SEC_FORTEZZA_NO_CARD=No Fortezza cards Found
+XP_SEC_FORTEZZA_NONE_SELECTED=No Fortezza card selected
+XP_SEC_FORTEZZA_MORE_INFO=Please select a personality to get more info on
+XP_SEC_FORTEZZA_PERSON_NOT_FOUND=Personality not found
+XP_SEC_FORTEZZA_NO_MORE_INFO=No more information on that Personality
+XP_SEC_FORTEZZA_BAD_PIN=Invalid Pin
+XP_SEC_FORTEZZA_PERSON_ERROR=Couldn’t initialize Fortezza personalities.
+SEC_ERROR_NO_KRL=No KRL for this site’s certificate has been found.
+SEC_ERROR_KRL_EXPIRED=The KRL for this site’s certificate has expired.
+SEC_ERROR_KRL_BAD_SIGNATURE=The KRL for this site’s certificate has an invalid signature.
+SEC_ERROR_REVOKED_KEY=The key for this site’s certificate has been revoked.
+SEC_ERROR_KRL_INVALID=New KRL has an invalid format.
+SEC_ERROR_NEED_RANDOM=security library: need random data.
+SEC_ERROR_NO_MODULE=security library: no security module can perform the requested operation.
+SEC_ERROR_NO_TOKEN=The security card or token does not exist, needs to be initialized, or has been removed.
+SEC_ERROR_READ_ONLY=security library: read-only database.
+SEC_ERROR_NO_SLOT_SELECTED=No slot or token was selected.
+SEC_ERROR_CERT_NICKNAME_COLLISION=A certificate with the same nickname already exists.
+SEC_ERROR_KEY_NICKNAME_COLLISION=A key with the same nickname already exists.
+SEC_ERROR_SAFE_NOT_CREATED=error while creating safe object
+SEC_ERROR_BAGGAGE_NOT_CREATED=error while creating baggage object
+XP_JAVA_REMOVE_PRINCIPAL_ERROR=Couldn’t remove the principal
+XP_JAVA_DELETE_PRIVILEGE_ERROR=Couldn’t delete the privilege
+XP_JAVA_CERT_NOT_EXISTS_ERROR=This principal doesn’t have a certificate
+SEC_ERROR_BAD_EXPORT_ALGORITHM=Required algorithm is not allowed.
+SEC_ERROR_EXPORTING_CERTIFICATES=Error attempting to export certificates.
+SEC_ERROR_IMPORTING_CERTIFICATES=Error attempting to import certificates.
+SEC_ERROR_PKCS12_DECODING_PFX=Unable to import. Decoding error. File not valid.
+SEC_ERROR_PKCS12_INVALID_MAC=Unable to import. Invalid MAC. Incorrect password or corrupt file.
+SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM=Unable to import. MAC algorithm not supported.
+SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE=Unable to import. Only password integrity and privacy modes supported.
+SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE=Unable to import. File structure is corrupt.
+SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM=Unable to import. Encryption algorithm not supported.
+SEC_ERROR_PKCS12_UNSUPPORTED_VERSION=Unable to import. File version not supported.
+SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT=Unable to import. Incorrect privacy password.
+SEC_ERROR_PKCS12_CERT_COLLISION=Unable to import. Same nickname already exists in database.
+SEC_ERROR_USER_CANCELLED=The user pressed cancel.
+SEC_ERROR_PKCS12_DUPLICATE_DATA=Not imported, already in database.
+SEC_ERROR_MESSAGE_SEND_ABORTED=Message not sent.
+SEC_ERROR_INADEQUATE_KEY_USAGE=Certificate key usage inadequate for attempted operation.
+SEC_ERROR_INADEQUATE_CERT_TYPE=Certificate type not approved for application.
+SEC_ERROR_CERT_ADDR_MISMATCH=Address in signing certificate does not match address in message headers.
+SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY=Unable to import. Error attempting to import private key.
+SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN=Unable to import. Error attempting to import certificate chain.
+SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME=Unable to export. Unable to locate certificate or key by nickname.
+SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY=Unable to export. Private Key could not be located and exported.
+SEC_ERROR_PKCS12_UNABLE_TO_WRITE=Unable to export. Unable to write the export file.
+SEC_ERROR_PKCS12_UNABLE_TO_READ=Unable to import. Unable to read the import file.
+SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED=Unable to export. Key database corrupt or deleted.
+SEC_ERROR_KEYGEN_FAIL=Unable to generate public/private key pair.
+SEC_ERROR_INVALID_PASSWORD=Password entered is invalid. Please pick a different one.
+SEC_ERROR_RETRY_OLD_PASSWORD=Old password entered incorrectly. Please try again.
+SEC_ERROR_BAD_NICKNAME=Certificate nickname already in use.
+SEC_ERROR_NOT_FORTEZZA_ISSUER=Peer FORTEZZA chain has a non-FORTEZZA Certificate.
+SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY=A sensitive key cannot be moved to the slot where it is needed.
+SEC_ERROR_JS_INVALID_MODULE_NAME=Invalid module name.
+SEC_ERROR_JS_INVALID_DLL=Invalid module path/filename
+SEC_ERROR_JS_ADD_MOD_FAILURE=Unable to add module
+SEC_ERROR_JS_DEL_MOD_FAILURE=Unable to delete module
+SEC_ERROR_OLD_KRL=New KRL is not later than the current one.
+SEC_ERROR_CKL_CONFLICT=New CKL has different issuer than current CKL. Delete current CKL.
+SEC_ERROR_CERT_NOT_IN_NAME_SPACE=The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
+SEC_ERROR_KRL_NOT_YET_VALID=The key revocation list for this certificate is not yet valid.
+SEC_ERROR_CRL_NOT_YET_VALID=The certificate revocation list for this certificate is not yet valid.
+SEC_ERROR_UNKNOWN_CERT=The requested certificate could not be found.
+SEC_ERROR_UNKNOWN_SIGNER=The signer’s certificate could not be found.
+SEC_ERROR_CERT_BAD_ACCESS_LOCATION=The location for the certificate status server has invalid format.
+SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE=The OCSP response cannot be fully decoded; it is of an unknown type.
+SEC_ERROR_OCSP_BAD_HTTP_RESPONSE=The OCSP server returned unexpected/invalid HTTP data.
+SEC_ERROR_OCSP_MALFORMED_REQUEST=The OCSP server found the request to be corrupted or improperly formed.
+SEC_ERROR_OCSP_SERVER_ERROR=The OCSP server experienced an internal error.
+SEC_ERROR_OCSP_TRY_SERVER_LATER=The OCSP server suggests trying again later.
+SEC_ERROR_OCSP_REQUEST_NEEDS_SIG=The OCSP server requires a signature on this request.
+SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST=The OCSP server has refused this request as unauthorized.
+SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS=The OCSP server returned an unrecognizable status.
+SEC_ERROR_OCSP_UNKNOWN_CERT=The OCSP server has no status for the certificate.
+SEC_ERROR_OCSP_NOT_ENABLED=You must enable OCSP before performing this operation.
+SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER=You must set the OCSP default responder before performing this operation.
+SEC_ERROR_OCSP_MALFORMED_RESPONSE=The response from the OCSP server was corrupted or improperly formed.
+SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE=The signer of the OCSP response is not authorized to give status for this certificate.
+SEC_ERROR_OCSP_FUTURE_RESPONSE=The OCSP response is not yet valid (contains a date in the future).
+SEC_ERROR_OCSP_OLD_RESPONSE=The OCSP response contains out-of-date information.
+SEC_ERROR_DIGEST_NOT_FOUND=The CMS or PKCS #7 Digest was not found in signed message.
+SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE=The CMS or PKCS #7 Message type is unsupported.
+SEC_ERROR_MODULE_STUCK=PKCS #11 module could not be removed because it is still in use.
+SEC_ERROR_BAD_TEMPLATE=Could not decode ASN.1 data. Specified template was invalid.
+SEC_ERROR_CRL_NOT_FOUND=No matching CRL was found.
+SEC_ERROR_REUSED_ISSUER_AND_SERIAL=You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
+SEC_ERROR_BUSY=NSS could not shutdown. Objects are still in use.
+SEC_ERROR_EXTRA_INPUT=DER-encoded message contained extra unused data.
+SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE=Unsupported elliptic curve.
+SEC_ERROR_UNSUPPORTED_EC_POINT_FORM=Unsupported elliptic curve point form.
+SEC_ERROR_UNRECOGNIZED_OID=Unrecognized Object Identifier.
+SEC_ERROR_OCSP_INVALID_SIGNING_CERT=Invalid OCSP signing certificate in OCSP response.
+SEC_ERROR_REVOKED_CERTIFICATE_CRL=Certificate is revoked in issuer’s certificate revocation list.
+SEC_ERROR_REVOKED_CERTIFICATE_OCSP=Issuer’s OCSP responder reports certificate is revoked.
+SEC_ERROR_CRL_INVALID_VERSION=Issuer’s Certificate Revocation List has an unknown version number.
+SEC_ERROR_CRL_V1_CRITICAL_EXTENSION=Issuer’s V1 Certificate Revocation List has a critical extension.
+SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION=Issuer’s V2 Certificate Revocation List has an unknown critical extension.
+SEC_ERROR_UNKNOWN_OBJECT_TYPE=Unknown object type specified.
+SEC_ERROR_INCOMPATIBLE_PKCS11=PKCS #11 driver violates the spec in an incompatible way.
+SEC_ERROR_NO_EVENT=No new slot event is available at this time.
+SEC_ERROR_CRL_ALREADY_EXISTS=CRL already exists.
+SEC_ERROR_NOT_INITIALIZED=NSS is not initialized.
+SEC_ERROR_TOKEN_NOT_LOGGED_IN=The operation failed because the PKCS#11 token is not logged in.
+SEC_ERROR_OCSP_RESPONDER_CERT_INVALID=Configured OCSP responder’s certificate is invalid.
+SEC_ERROR_OCSP_BAD_SIGNATURE=OCSP response has an invalid signature.
+SEC_ERROR_OUT_OF_SEARCH_LIMITS=Cert validation search is out of search limits
+SEC_ERROR_INVALID_POLICY_MAPPING=Policy mapping contains anypolicy
+SEC_ERROR_POLICY_VALIDATION_FAILED=Cert chain fails policy validation
+SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE=Unknown location type in cert AIA extension
+SEC_ERROR_BAD_HTTP_RESPONSE=Server returned bad HTTP response
+SEC_ERROR_BAD_LDAP_RESPONSE=Server returned bad LDAP response
+SEC_ERROR_FAILED_TO_ENCODE_DATA=Failed to encode data with ASN1 encoder
+SEC_ERROR_BAD_INFO_ACCESS_LOCATION=Bad information access location in cert extension
+SEC_ERROR_LIBPKIX_INTERNAL=Libpkix internal error occurred during cert validation.
+SEC_ERROR_PKCS11_GENERAL_ERROR=A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.
+SEC_ERROR_PKCS11_FUNCTION_FAILED=A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.
+SEC_ERROR_PKCS11_DEVICE_ERROR=A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.
+SEC_ERROR_BAD_INFO_ACCESS_METHOD=Unknown information access method in certificate extension.
+SEC_ERROR_CRL_IMPORT_FAILED=Error attempting to import a CRL.
+SEC_ERROR_EXPIRED_PASSWORD=The password expired.
+SEC_ERROR_LOCKED_PASSWORD=The password is locked.
+SEC_ERROR_UNKNOWN_PKCS11_ERROR=Unknown PKCS #11 error.
+SEC_ERROR_BAD_CRL_DP_URL=Invalid or unsupported URL in CRL distribution point name.
+SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED=The certificate was signed using a signature algorithm that is disabled because it is not secure.
+MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE=The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden.
+MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY=The server uses a certificate with a basic constraints extension identifying it as a certificate authority. For a properly-issued certificate, this should not be the case.
+MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE=The server presented a certificate with a key size that is too small to establish a secure connection.
+MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA=An X.509 version 1 certificate that is not a trust anchor was used to issue the server’s certificate. X.509 version 1 certificates are deprecated and should not be used to sign other certificates.
+MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE=The server presented a certificate that is not yet valid.
+MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE=A certificate that is not yet valid was used to issue the server’s certificate.
+MOZILLA_PKIX_ERROR_SIGNATURE_ALGORITHM_MISMATCH=The signature algorithm in the signature field of the certificate does not match the algorithm in its signatureAlgorithm field.
+MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING=The OCSP response does not include a status for the certificate being verified.
+MOZILLA_PKIX_ERROR_VALIDITY_TOO_LONG=The server presented a certificate that is valid for too long.
+MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING=A required TLS feature is missing.
+MOZILLA_PKIX_ERROR_INVALID_INTEGER_ENCODING=The server presented a certificate that contains an invalid encoding of an integer. Common causes include negative serial numbers, negative RSA moduli, and encodings that are longer than necessary.
+MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME=The server presented a certificate with an empty issuer distinguished name.
+MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED=An additional policy constraint failed when validating this certificate.
+MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT=The certificate is not trusted because it is self-signed.
diff --git a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
new file mode 100644
index 0000000000..c7f946dd60
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -0,0 +1,123 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CertPasswordPrompt=Please enter the password for the PKCS#11 token %S.
+
+CertPasswordPromptDefault=Please enter your Primary Password.
+
+# The following strings have special requirements: they must fit in a 32 or 64
+# bytes buffer after being encoded to UTF-8.
+#
+# It's possible to verify the length of a translation using the Browser Console
+# in Firefox and evaluating the following code:
+#
+# (new TextEncoder().encode('YOURSTRING')).length
+#
+# Simply replace YOURSTRING with your translation.
+#
+# If it's not possible to produce an understandable translation within these
+# limits, keeping the English text is an acceptable workaround.
+
+# LOCALIZATION NOTE (RootCertModuleName): string limit is 64 bytes after
+# conversion to UTF-8.
+# length_limit = 64 bytes
+RootCertModuleName=Builtin Roots Module
+# LOCALIZATION NOTE (ManufacturerID): string limit is 32 bytes after conversion
+# to UTF-8.
+# length_limit = 32 bytes
+ManufacturerID=Mozilla.org
+# LOCALIZATION NOTE (LibraryDescription): string limit is 32 bytes after
+# conversion to UTF-8.
+# length_limit = 32 bytes
+LibraryDescription=PSM Internal Crypto Services
+# LOCALIZATION NOTE (TokenDescription): string limit is 32 bytes after
+# conversion to UTF-8.
+# length_limit = 32 bytes
+TokenDescription=Generic Crypto Services
+# LOCALIZATION NOTE (PrivateTokenDescription): string limit is 32 bytes after
+# conversion to UTF-8.
+# length_limit = 32 bytes
+PrivateTokenDescription=Software Security Device
+# LOCALIZATION NOTE (SlotDescription): string limit is 64 bytes after conversion
+# to UTF-8.
+# length_limit = 64 bytes
+SlotDescription=PSM Internal Cryptographic Services
+# LOCALIZATION NOTE (PrivateSlotDescription): string limit is 64 bytes after
+# conversion to UTF-8.
+# length_limit = 64 bytes
+PrivateSlotDescription=PSM Private Keys
+# LOCALIZATION NOTE (Fips140TokenDescription): string limit is 32 bytes after
+# conversion to UTF-8.
+# length_limit = 32 bytes
+Fips140TokenDescription=Software Security Device (FIPS)
+# LOCALIZATION NOTE (Fips140SlotDescription): string limit is 64 bytes after
+# conversion to UTF-8.
+# length_limit = 64 bytes
+Fips140SlotDescription=FIPS 140 Cryptographic, Key and Certificate Services
+
+# LOCALIZATION NOTE (nick_template): $1s is the common name from a cert (e.g. "Mozilla"), $2s is the CA name (e.g. VeriSign)
+nick_template=%1$s’s %2$s ID
+
+CertDumpKUSign=Signing
+CertDumpKUNonRep=Non-repudiation
+CertDumpKUEnc=Key Encipherment
+CertDumpKUDEnc=Data Encipherment
+CertDumpKUKA=Key Agreement
+CertDumpKUCertSign=Certificate Signer
+CertDumpKUCRLSigner=CRL Signer
+
+PSMERR_SSL_Disabled=Can’t connect securely because the SSL protocol has been disabled.
+PSMERR_SSL2_Disabled=Can’t connect securely because the site uses an older, insecure version of the SSL protocol.
+PSMERR_HostReusedIssuerSerial=You have received an invalid certificate.  Please contact the server administrator or email correspondent and give them the following information:\n\nYour certificate contains the same serial number as another certificate issued by the certificate authority.  Please get a new certificate containing a unique serial number.
+
+# LOCALIZATION NOTE (SSLConnectionErrorPrefix2): %1$S is the host string, %2$S is more detailed information (localized as well).
+SSLConnectionErrorPrefix2=An error occurred during a connection to %1$S. %2$S\n
+
+certErrorIntro=%S uses an invalid security certificate.
+
+certErrorTrust_SelfSigned=The certificate is not trusted because it is self-signed.
+certErrorTrust_UnknownIssuer=The certificate is not trusted because the issuer certificate is unknown.
+certErrorTrust_UnknownIssuer2=The server might not be sending the appropriate intermediate certificates.
+certErrorTrust_UnknownIssuer3=An additional root certificate may need to be imported.
+certErrorTrust_CaInvalid=The certificate is not trusted because it was issued by an invalid CA certificate.
+certErrorTrust_Issuer=The certificate is not trusted because the issuer certificate is not trusted.
+certErrorTrust_SignatureAlgorithmDisabled=The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
+certErrorTrust_ExpiredIssuer=The certificate is not trusted because the issuer certificate has expired.
+certErrorTrust_Untrusted=The certificate does not come from a trusted source.
+certErrorTrust_MitM=Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate.
+
+certErrorMismatch=The certificate is not valid for the name %S.
+# LOCALIZATION NOTE (certErrorMismatchSinglePrefix): %S is replaced by the domain for which the certificate is valid
+certErrorMismatchSinglePrefix=The certificate is only valid for %S.
+certErrorMismatchMultiple=The certificate is only valid for the following names:
+
+# LOCALIZATION NOTE (certErrorExpiredNow): Do not translate %1$S (date+time of expired certificate) or %2$S (current date+time)
+certErrorExpiredNow=The certificate expired on %1$S. The current time is %2$S.
+
+# LOCALIZATION NOTE (certErrorNotYetValidNow): Do not translate %1$S (date+time certificate will become valid) or %2$S (current date+time)
+certErrorNotYetValidNow=The certificate will not be valid until %1$S. The current time is %2$S.
+
+certErrorMitM=Websites prove their identity via certificates, which are issued by certificate authorities.
+# LOCALIZATION NOTE (certErrorMitM2): %S is brandShortName
+certErrorMitM2=%S is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
+# LOCALIZATION NOTE (certErrorMitM3): %S is brandShortName
+certErrorMitM3=%S uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
+
+certErrorSymantecDistrustAdministrator=You may notify the website’s administrator about this problem.
+
+# LOCALIZATION NOTE (certErrorCodePrefix3): %S is replaced by the error code.
+certErrorCodePrefix3=Error code: %S
+
+P12DefaultNickname=Imported Certificate
+CertUnknown=Unknown
+CertNoEmailAddress=(no email address)
+CaCertExists=This certificate is already installed as a certificate authority.
+NotACACert=This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.
+UserCertIgnoredNoPrivateKey=This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.
+UserCertImported=Your personal certificate has been installed. You should keep a backup copy of this certificate.
+CertOrgUnknown=(Unknown)
+CertNotStored=(Not Stored)
+CertExceptionPermanent=Permanent
+CertExceptionTemporary=Temporary
diff --git a/security/manager/locales/en-US/chrome/pippki/pippki.properties b/security/manager/locales/en-US/chrome/pippki/pippki.properties
new file mode 100644
index 0000000000..165fb3f650
--- /dev/null
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@@ -0,0 +1,75 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Download Cert dialog
+# LOCALIZATION NOTE(newCAMessage1):
+# %S is a string representative of the certificate being downloaded/imported.
+newCAMessage1=Do you want to trust “%S� for the following purposes?
+unnamedCA=Certificate Authority (unnamed)
+
+# PKCS#12 file dialogs
+getPKCS12FilePasswordMessage=Please enter the password that was used to encrypt this certificate backup:
+
+# Client auth
+clientAuthRemember=Remember this decision
+# LOCALIZATION NOTE(clientAuthNickAndSerial): Represents a single cert when the
+# user is choosing from a list of certificates.
+# %1$S is the nickname of the cert.
+# %2$S is the serial number of the cert in AA:BB:CC hex format.
+clientAuthNickAndSerial=%1$S [%2$S]
+# LOCALIZATION NOTE(clientAuthHostnameAndPort):
+# %1$S is the hostname of the server.
+# %2$S is the port of the server.
+clientAuthHostnameAndPort=%1$S:%2$S
+# LOCALIZATION NOTE(clientAuthMessage1): %S is the Organization of the server
+# cert.
+clientAuthMessage1=Organization: “%S�
+# LOCALIZATION NOTE(clientAuthMessage2): %S is the Organization of the issuer
+# cert of the server cert.
+clientAuthMessage2=Issued Under: “%S�
+# LOCALIZATION NOTE(clientAuthIssuedTo): %1$S is the Distinguished Name of the
+# currently selected client cert, such as "CN=John Doe,OU=Example" (without
+# quotes).
+clientAuthIssuedTo=Issued to: %1$S
+# LOCALIZATION NOTE(clientAuthSerial): %1$S is the serial number of the selected
+# cert in AA:BB:CC hex format.
+clientAuthSerial=Serial number: %1$S
+# LOCALIZATION NOTE(clientAuthValidityPeriod):
+# %1$S is the already localized notBefore date of the selected cert.
+# %2$S is the already localized notAfter date of the selected cert.
+clientAuthValidityPeriod=Valid from %1$S to %2$S
+# LOCALIZATION NOTE(clientAuthKeyUsages): %1$S is a comma separated list of
+# already localized key usages the selected cert is valid for.
+clientAuthKeyUsages=Key Usages: %1$S
+# LOCALIZATION NOTE(clientAuthEmailAddresses): %1$S is a comma separated list of
+# e-mail addresses the selected cert is valid for.
+clientAuthEmailAddresses=Email addresses: %1$S
+# LOCALIZATION NOTE(clientAuthIssuedBy): %1$S is the Distinguished Name of the
+# cert which issued the selected cert.
+clientAuthIssuedBy=Issued by: %1$S
+# LOCALIZATION NOTE(clientAuthStoredOn): %1$S is the name of the PKCS #11 token
+# the selected cert is stored on.
+clientAuthStoredOn=Stored on: %1$S
+
+# Page Info
+pageInfo_NoEncryption=Connection Not Encrypted
+pageInfo_Privacy_None1=The website %S does not support encryption for the page you are viewing.
+pageInfo_Privacy_None2=Information sent over the Internet without encryption can be seen by other people while it is in transit.
+pageInfo_Privacy_None4=The page you are viewing was not encrypted before being transmitted over the Internet.
+# LOCALIZATION NOTE (pageInfo_EncryptionWithBitsAndProtocol and pageInfo_BrokenEncryption):
+# %1$S is the name of the encryption standard,
+# %2$S is the key size of the cipher.
+# %3$S is protocol version like "SSL 3" or "TLS 1.2"
+pageInfo_EncryptionWithBitsAndProtocol=Connection Encrypted (%1$S, %2$S bit keys, %3$S)
+pageInfo_BrokenEncryption=Broken Encryption (%1$S, %2$S bit keys, %3$S)
+pageInfo_Privacy_Encrypted1=The page you are viewing was encrypted before being transmitted over the Internet.
+pageInfo_Privacy_Encrypted2=Encryption makes it difficult for unauthorized people to view information traveling between computers. It is therefore unlikely that anyone read this page as it traveled across the network.
+pageInfo_MixedContent=Connection Partially Encrypted
+pageInfo_MixedContent2=Parts of the page you are viewing were not encrypted before being transmitted over the Internet.
+pageInfo_WeakCipher=Your connection to this website uses weak encryption and is not private. Other people can view your information or modify the website’s behavior.
+pageInfo_CertificateTransparency_Compliant=This website complies with the Certificate Transparency policy.
+
+# Token Manager
+password_not_set=(not set)
+enable_fips=Enable FIPS
diff --git a/security/manager/locales/en-US/security/certificates/certManager.ftl b/security/manager/locales/en-US/security/certificates/certManager.ftl
new file mode 100644
index 0000000000..4e8d372291
--- /dev/null
+++ b/security/manager/locales/en-US/security/certificates/certManager.ftl
@@ -0,0 +1,228 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+certmgr-title =
+    .title = Certificate Manager
+
+certmgr-tab-mine =
+    .label = Your Certificates
+
+certmgr-tab-remembered =
+    .label = Authentication Decisions
+
+certmgr-tab-people =
+    .label = People
+
+certmgr-tab-servers =
+    .label = Servers
+
+certmgr-tab-ca =
+    .label = Authorities
+
+certmgr-mine = You have certificates from these organizations that identify you
+certmgr-remembered = These certificates are used to identify you to websites
+certmgr-people = You have certificates on file that identify these people
+certmgr-server = These entries identify server certificate error exceptions
+certmgr-ca = You have certificates on file that identify these certificate authorities
+
+certmgr-edit-ca-cert2 =
+    .title = Edit CA certificate trust settings
+    .style = min-width: 48em;
+
+certmgr-edit-cert-edit-trust = Edit trust settings:
+
+certmgr-edit-cert-trust-ssl =
+    .label = This certificate can identify websites.
+
+certmgr-edit-cert-trust-email =
+    .label = This certificate can identify mail users.
+
+certmgr-delete-cert2 =
+    .title = Delete Certificate
+    .style = min-width: 48em; min-height: 24em;
+
+certmgr-cert-host =
+    .label = Host
+
+certmgr-cert-name =
+    .label = Certificate Name
+
+certmgr-cert-server =
+    .label = Server
+
+certmgr-token-name =
+    .label = Security Device
+
+certmgr-begins-label =
+    .label = Begins On
+
+certmgr-expires-label =
+    .label = Expires On
+
+certmgr-email =
+    .label = E-Mail Address
+
+certmgr-serial =
+    .label = Serial Number
+
+certmgr-fingerprint-sha-256 =
+    .label = SHA-256 Fingerprint
+
+certmgr-view =
+    .label = View…
+    .accesskey = V
+
+certmgr-edit =
+    .label = Edit Trust…
+    .accesskey = E
+
+certmgr-export =
+    .label = Export…
+    .accesskey = x
+
+certmgr-delete =
+    .label = Delete…
+    .accesskey = D
+
+certmgr-delete-builtin =
+    .label = Delete or Distrust…
+    .accesskey = D
+
+certmgr-backup =
+    .label = Backup…
+    .accesskey = B
+
+certmgr-backup-all =
+    .label = Backup All…
+    .accesskey = k
+
+certmgr-restore =
+    .label = Import…
+    .accesskey = m
+
+certmgr-add-exception =
+    .label = Add Exception…
+    .accesskey = x
+
+exception-mgr =
+    .title = Add Security Exception
+
+exception-mgr-extra-button =
+    .label = Confirm Security Exception
+    .accesskey = C
+
+exception-mgr-supplemental-warning = Legitimate banks, stores, and other public sites will not ask you to do this.
+
+exception-mgr-cert-location-url =
+    .value = Location:
+
+exception-mgr-cert-location-download =
+    .label = Get Certificate
+    .accesskey = G
+
+exception-mgr-cert-status-view-cert =
+    .label = View…
+    .accesskey = V
+
+exception-mgr-permanent =
+    .label = Permanently store this exception
+    .accesskey = P
+
+pk11-bad-password = The password entered was incorrect.
+pkcs12-decode-err = Failed to decode the file. Either it is not in PKCS #12 format, has been corrupted, or the password you entered was incorrect.
+pkcs12-unknown-err-restore = Failed to restore the PKCS #12 file for unknown reasons.
+pkcs12-unknown-err-backup = Failed to create the PKCS #12 backup file for unknown reasons.
+pkcs12-unknown-err = The PKCS #12 operation failed for unknown reasons.
+pkcs12-info-no-smartcard-backup = It is not possible to back up certificates from a hardware security device such as a smart card.
+pkcs12-dup-data = The certificate and private key already exist on the security device.
+
+## PKCS#12 file dialogs
+
+choose-p12-backup-file-dialog = File Name to Backup
+file-browse-pkcs12-spec = PKCS12 Files
+choose-p12-restore-file-dialog = Certificate File to Import
+
+## Import certificate(s) file dialog
+
+file-browse-certificate-spec = Certificate Files
+import-ca-certs-prompt = Select File containing CA certificate(s) to import
+import-email-cert-prompt = Select File containing somebody’s Email certificate to import
+
+## For editing certificates trust
+
+# Variables:
+#   $certName: the name of certificate
+edit-trust-ca = The certificate “{ $certName }� represents a Certificate Authority.
+
+## For Deleting Certificates
+
+delete-user-cert-title =
+    .title = Delete your Certificates
+delete-user-cert-confirm = Are you sure you want to delete these certificates?
+delete-user-cert-impact = If you delete one of your own certificates, you can no longer use it to identify yourself.
+
+
+delete-ssl-override-title =
+    .title = Delete Server Certificate Exception
+delete-ssl-override-confirm = Are you sure you want to delete this server exception?
+delete-ssl-override-impact = If you delete a server exception, you restore the usual security checks for that server and require it uses a valid certificate.
+
+delete-ca-cert-title =
+    .title = Delete or Distrust CA Certificates
+delete-ca-cert-confirm = You have requested to delete these CA certificates. For built-in certificates all trust will be removed, which has the same effect. Are you sure you want to delete or distrust?
+delete-ca-cert-impact = If you delete or distrust a certificate authority (CA) certificate, this application will no longer trust any certificates issued by that CA.
+
+
+delete-email-cert-title =
+    .title = Delete E-Mail Certificates
+delete-email-cert-confirm = Are you sure you want to delete these people’s e-mail certificates?
+delete-email-cert-impact = If you delete a person’s e-mail certificate, you will no longer be able to send encrypted e-mail to that person.
+
+# Used for semi-uniquely representing a cert.
+#
+# Variables:
+#   $serialNumber : the serial number of the cert in AA:BB:CC hex format.
+cert-with-serial =
+    .value = Certificate with serial number: { $serialNumber }
+
+# Used to indicate that the user chose not to send a client authentication certificate to a server that requested one in a TLS handshake.
+send-no-client-certificate = Send no client certificate
+
+# Used when no cert is stored for an override
+no-cert-stored-for-override = (Not Stored)
+
+# When a certificate is unavailable (for example, it has been deleted or the token it exists on has been removed).
+certificate-not-available = (Unavailable)
+
+## Used to show whether an override is temporary or permanent
+
+permanent-override = Permanent
+temporary-override = Temporary
+
+## Add Security Exception dialog
+
+add-exception-branded-warning = You are about to override how { -brand-short-name } identifies this site.
+add-exception-invalid-header = This site attempts to identify itself with invalid information.
+add-exception-domain-mismatch-short = Wrong Site
+add-exception-domain-mismatch-long = The certificate belongs to a different site, which could mean that someone is trying to impersonate this site.
+add-exception-expired-short = Outdated Information
+add-exception-expired-long = The certificate is not currently valid. It may have been stolen or lost, and could be used by someone to impersonate this site.
+add-exception-unverified-or-bad-signature-short = Unknown Identity
+add-exception-unverified-or-bad-signature-long = The certificate is not trusted because it hasn’t been verified as issued by a trusted authority using a secure signature.
+add-exception-valid-short = Valid Certificate
+add-exception-valid-long = This site provides valid, verified identification.  There is no need to add an exception.
+add-exception-checking-short = Checking Information
+add-exception-checking-long = Attempting to identify this site…
+add-exception-no-cert-short = No Information Available
+add-exception-no-cert-long = Unable to obtain identification status for this site.
+
+## Certificate export "Save as" and error dialogs
+
+save-cert-as = Save Certificate To File
+cert-format-base64 = X.509 Certificate (PEM)
+cert-format-base64-chain = X.509 Certificate with chain (PEM)
+cert-format-der = X.509 Certificate (DER)
+cert-format-pkcs7 = X.509 Certificate (PKCS#7)
+cert-format-pkcs7-chain = X.509 Certificate with chain (PKCS#7)
+write-file-failure = File Error
diff --git a/security/manager/locales/en-US/security/certificates/deviceManager.ftl b/security/manager/locales/en-US/security/certificates/deviceManager.ftl
new file mode 100644
index 0000000000..0e73acb813
--- /dev/null
+++ b/security/manager/locales/en-US/security/certificates/deviceManager.ftl
@@ -0,0 +1,132 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+## Strings used for device manager
+
+devmgr-window =
+    .title = Device Manager
+    .style = min-width: 67em; min-height: 32em;
+
+devmgr-devlist =
+    .label = Security Modules and Devices
+
+devmgr-header-details =
+    .label = Details
+
+devmgr-header-value =
+    .label = Value
+
+devmgr-button-login =
+    .label = Log In
+    .accesskey = n
+
+devmgr-button-logout =
+    .label = Log Out
+    .accesskey = O
+
+devmgr-button-changepw =
+    .label = Change Password
+    .accesskey = P
+
+devmgr-button-load =
+    .label = Load
+    .accesskey = L
+
+devmgr-button-unload =
+    .label = Unload
+    .accesskey = U
+
+devmgr-button-enable-fips =
+    .label = Enable FIPS
+    .accesskey = F
+
+devmgr-button-disable-fips =
+    .label = Disable FIPS
+    .accesskey = F
+
+## Strings used for load device
+
+load-device =
+    .title = Load PKCS#11 Device Driver
+
+load-device-info = Enter the information for the module you want to add.
+
+load-device-modname =
+    .value = Module Name
+    .accesskey = M
+
+load-device-modname-default =
+    .value = New PKCS#11 Module
+
+load-device-filename =
+    .value = Module filename
+    .accesskey = f
+
+load-device-browse =
+    .label = Browse…
+    .accesskey = B
+
+## Token Manager
+
+devinfo-status =
+    .label = Status
+
+devinfo-status-disabled =
+    .label = Disabled
+
+devinfo-status-not-present =
+    .label = Not Present
+
+devinfo-status-uninitialized =
+    .label = Uninitialized
+
+devinfo-status-not-logged-in =
+    .label = Not Logged In
+
+devinfo-status-logged-in =
+    .label = Logged In
+
+devinfo-status-ready =
+    .label = Ready
+
+devinfo-desc =
+    .label = Description
+
+devinfo-man-id =
+    .label = Manufacturer
+
+devinfo-hwversion =
+    .label = HW Version
+devinfo-fwversion =
+    .label = FW Version
+
+devinfo-modname =
+    .label = Module
+
+devinfo-modpath =
+    .label = Path
+
+login-failed = Failed to Login
+
+devinfo-label =
+    .label = Label
+
+devinfo-serialnum =
+    .label = Serial Number
+
+fips-nonempty-primary-password-required = FIPS mode requires that you have a Primary Password set for each security device. Please set the password before trying to enable FIPS mode.
+unable-to-toggle-fips = Unable to change the FIPS mode for the security device. It is recommended that you exit and restart this application.
+load-pk11-module-file-picker-title = Choose a PKCS#11 device driver to load
+
+# Load Module Dialog
+load-module-help-empty-module-name =
+    .value = The module name cannot be empty.
+
+# Do not translate 'Root Certs'
+load-module-help-root-certs-module-name =
+    .value = ‘Root Certs‘ is reserved and cannot be used as the module name.
+
+add-module-failure = Unable to add module
+del-module-warning = Are you sure you want to delete this security module?
+del-module-error = Unable to delete module
diff --git a/security/manager/locales/en-US/security/pippki/pippki.ftl b/security/manager/locales/en-US/security/pippki/pippki.ftl
new file mode 100644
index 0000000000..b54e45409d
--- /dev/null
+++ b/security/manager/locales/en-US/security/pippki/pippki.ftl
@@ -0,0 +1,79 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+password-quality-meter = Password quality meter
+
+## Change Password dialog
+
+change-device-password-window =
+  .title = Change Password
+
+# Variables:
+# $tokenName (String) - Security device of the change password dialog
+change-password-token = Security Device: { $tokenName }
+change-password-old = Current password:
+change-password-new = New password:
+change-password-reenter = New password (again):
+
+pippki-failed-pw-change = Unable to change password.
+pippki-incorrect-pw = You did not enter the correct current password. Please try again.
+pippki-pw-change-ok = Password successfully changed.
+
+pippki-pw-empty-warning = Your stored passwords and private keys will not be protected.
+pippki-pw-erased-ok = You have deleted your password. { pippki-pw-empty-warning }
+pippki-pw-not-wanted = Warning! You have decided not to use a password. { pippki-pw-empty-warning }
+
+pippki-pw-change2empty-in-fips-mode = You are currently in FIPS mode. FIPS requires a non-empty password.
+
+## Reset Primary Password dialog
+
+reset-primary-password-window2 =
+  .title = Reset Primary Password
+  .style = min-width: 40em
+reset-password-button-label =
+  .label = Reset
+reset-primary-password-text = If you reset your Primary Password, all your stored web and e-mail passwords, personal certificates, and private keys will be forgotten. Are you sure you want to reset your Primary Password?
+
+pippki-reset-password-confirmation-title = Reset Primary Password
+pippki-reset-password-confirmation-message = Your Primary Password has been reset.
+
+## Downloading cert dialog
+
+download-cert-window2 =
+  .title = Downloading Certificate
+  .style = min-width: 46em
+download-cert-message = You have been asked to trust a new Certificate Authority (CA).
+download-cert-trust-ssl =
+  .label = Trust this CA to identify websites.
+download-cert-trust-email =
+  .label = Trust this CA to identify email users.
+download-cert-message-desc = Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).
+download-cert-view-cert =
+  .label = View
+download-cert-view-text = Examine CA certificate
+
+## Client Authorization Ask dialog
+
+client-auth-window =
+  .title = User Identification Request
+client-auth-site-description = This site has requested that you identify yourself with a certificate:
+client-auth-choose-cert = Choose a certificate to present as identification:
+client-auth-cert-details = Details of selected certificate:
+
+## Set password (p12) dialog
+
+set-password-window =
+  .title = Choose a Certificate Backup Password
+set-password-message = The certificate backup password you set here protects the backup file that you are about to create. You must set this password to proceed with the backup.
+set-password-backup-pw =
+  .value = Certificate backup password:
+set-password-repeat-backup-pw =
+  .value = Certificate backup password (again):
+set-password-reminder = Important: If you forget your certificate backup password, you will not be able to restore this backup later. Please record it in a safe location.
+
+## Protected authentication alert
+
+# Variables:
+# $tokenName (String) - The name of the token to authenticate to (for example, "OS Client Cert Token (Modern)")
+protected-auth-alert = Please authenticate to the token “{ $tokenName }�. How to do so depends on the token (for example, using a fingerprint reader or entering a code with a keypad).
diff --git a/security/manager/locales/jar.mn b/security/manager/locales/jar.mn
new file mode 100644
index 0000000000..a61529289a
--- /dev/null
+++ b/security/manager/locales/jar.mn
@@ -0,0 +1,14 @@
+#filter substitution
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+[localization] @AB_CD@.jar:
+  security                                     (%security/**/*.ftl)
+
+@AB_CD@.jar:
+% locale pipnss @AB_CD@ %locale/@AB_CD@/pipnss/
+% locale pippki @AB_CD@ %locale/@AB_CD@/pippki/
+  locale/@AB_CD@/pipnss/pipnss.properties     (%chrome/pipnss/pipnss.properties)
+  locale/@AB_CD@/pipnss/nsserrors.properties  (%chrome/pipnss/nsserrors.properties)
+  locale/@AB_CD@/pippki/pippki.properties     (%chrome/pippki/pippki.properties)
diff --git a/security/manager/locales/moz.build b/security/manager/locales/moz.build
new file mode 100644
index 0000000000..d988c0ff9b
--- /dev/null
+++ b/security/manager/locales/moz.build
@@ -0,0 +1,7 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+JAR_MANIFESTS += ["jar.mn"]
diff --git a/security/manager/moz.build b/security/manager/moz.build
new file mode 100644
index 0000000000..3890007503
--- /dev/null
+++ b/security/manager/moz.build
@@ -0,0 +1,13 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "Security: PSM")
+
+DIRS += ["ssl", "locales"]
+
+if CONFIG["MOZ_BUILD_APP"] != "mobile/android":
+    DIRS += ["pki"]
diff --git a/security/manager/pki/components.conf b/security/manager/pki/components.conf
new file mode 100644
index 0000000000..e381806925
--- /dev/null
+++ b/security/manager/pki/components.conf
@@ -0,0 +1,21 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Classes = [
+    {
+        'cid': '{518e071f-1dd2-11b2-937e-c45f14def778}',
+        'contract_ids': [
+            '@mozilla.org/nsCertificateDialogs;1',
+            '@mozilla.org/nsClientAuthDialogs;1',
+            '@mozilla.org/nsGeneratingKeypairInfoDialogs;1',
+            '@mozilla.org/nsTokenDialogs;1',
+            '@mozilla.org/nsTokenPasswordDialogs;1',
+        ],
+        'type': 'nsNSSDialogs',
+        'headers': ['/security/manager/pki/nsNSSDialogs.h'],
+        'init_method': 'Init',
+    },
+]
diff --git a/security/manager/pki/moz.build b/security/manager/pki/moz.build
new file mode 100644
index 0000000000..5f0bf95738
--- /dev/null
+++ b/security/manager/pki/moz.build
@@ -0,0 +1,34 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ["resources"]
+
+UNIFIED_SOURCES += [
+    "nsNSSDialogHelper.cpp",
+    "nsNSSDialogs.cpp",
+]
+
+XPCOM_MANIFESTS += [
+    "components.conf",
+]
+
+LOCAL_INCLUDES += [
+    "!/dist/public/nss",
+]
+
+FINAL_LIBRARY = "xul"
+
+if CONFIG["CC_TYPE"] in ("clang", "gcc"):
+    CXXFLAGS += [
+        "-Wextra",
+        # -Wextra enables this warning, but it's too noisy to be useful.
+        "-Wno-missing-field-initializers",
+    ]
+
+    # Gecko headers aren't warning-free enough for us to enable these warnings.
+    CXXFLAGS += [
+        "-Wno-unused-parameter",
+    ]
diff --git a/security/manager/pki/nsIASN1Tree.idl b/security/manager/pki/nsIASN1Tree.idl
new file mode 100644
index 0000000000..b44362e5b2
--- /dev/null
+++ b/security/manager/pki/nsIASN1Tree.idl
@@ -0,0 +1,24 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsITreeView.idl"
+#include "nsIX509Cert.idl"
+
+[scriptable, uuid(de142307-7b88-4e0a-b232-250f310e25d8)]
+interface nsIASN1Tree : nsITreeView {
+  [must_use]
+  void loadASN1Structure(in nsIASN1Object asn1Object);
+
+  [must_use]
+  AString getDisplayData(in unsigned long index);
+};
+
+%{C++
+
+#define NS_ASN1TREE_CONTRACTID "@mozilla.org/security/nsASN1Tree;1"
+
+%}
diff --git a/security/manager/pki/nsNSSDialogHelper.cpp b/security/manager/pki/nsNSSDialogHelper.cpp
new file mode 100644
index 0000000000..18691aa6e9
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogHelper.cpp
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSDialogHelper.h"
+
+#include "mozIDOMWindow.h"
+#include "mozilla/dom/ScriptSettings.h"
+#include "nsCOMPtr.h"
+#include "nsIWindowWatcher.h"
+#include "nsServiceManagerUtils.h"
+
+static const char kOpenDialogParam[] = "centerscreen,chrome,modal,titlebar";
+static const char kOpenWindowParam[] = "centerscreen,chrome,titlebar";
+
+nsresult nsNSSDialogHelper::openDialog(mozIDOMWindowProxy* window,
+                                       const char* url, nsISupports* params,
+                                       bool modal) {
+  nsresult rv;
+  nsCOMPtr<nsIWindowWatcher> windowWatcher =
+      do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) return rv;
+
+  nsCOMPtr<mozIDOMWindowProxy> parent = window;
+
+  if (!parent) {
+    windowWatcher->GetActiveWindow(getter_AddRefs(parent));
+  }
+
+  // We're loading XUL into this window, and it's happening on behalf of the
+  // system, not on behalf of content. Make sure the initial about:blank window
+  // gets a system principal, otherwise we'll bork when trying to wrap the
+  // nsIKeyGenThread |arguments| property into the unprivileged scoope.
+  MOZ_ASSERT(!strncmp("chrome://", url, strlen("chrome://")));
+  mozilla::dom::AutoNoJSAPI nojsapi;
+
+  nsCOMPtr<mozIDOMWindowProxy> newWindow;
+  rv = windowWatcher->OpenWindow(
+      parent, nsDependentCString(url), "_blank"_ns,
+      nsDependentCString(modal ? kOpenDialogParam : kOpenWindowParam), params,
+      getter_AddRefs(newWindow));
+  return rv;
+}
diff --git a/security/manager/pki/nsNSSDialogHelper.h b/security/manager/pki/nsNSSDialogHelper.h
new file mode 100644
index 0000000000..a7f3d5e474
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogHelper.h
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSDialogHelper_h
+#define nsNSSDialogHelper_h
+
+#include "nsError.h"
+
+class mozIDOMWindowProxy;
+class nsISupports;
+
+/**
+ * Helper class that uses the window watcher service to open a standard dialog,
+ * with or without a parent context.
+ */
+class nsNSSDialogHelper {
+ public:
+  /**
+   * Opens a XUL dialog.
+   *
+   * @param window
+   *        Parent window of the dialog, or nullptr to signal no parent.
+   * @param url
+   *        URL to the XUL dialog.
+   * @param params
+   *        Parameters to pass to the dialog. Same semantics as the
+   *        nsIWindowWatcher.openWindow() |aArguments| parameter.
+   * @param modal
+   *        true if the dialog should be modal, false otherwise.
+   * @return The result of opening the dialog.
+   */
+  static nsresult openDialog(mozIDOMWindowProxy* window, const char* url,
+                             nsISupports* params, bool modal = true);
+};
+
+#endif  // nsNSSDialogHelper_h
diff --git a/security/manager/pki/nsNSSDialogs.cpp b/security/manager/pki/nsNSSDialogs.cpp
new file mode 100644
index 0000000000..b1c1a939d5
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogs.cpp
@@ -0,0 +1,314 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Dialog services for PIP.
+ */
+
+#include "nsNSSDialogs.h"
+
+#include "mozIDOMWindow.h"
+#include "nsArray.h"
+#include "nsComponentManagerUtils.h"
+#include "nsEmbedCID.h"
+#include "nsHashPropertyBag.h"
+#include "nsIDialogParamBlock.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIPK11Token.h"
+#include "nsIPromptService.h"
+#include "nsIWindowWatcher.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509Cert.h"
+#include "nsNSSDialogHelper.h"
+#include "nsPromiseFlatString.h"
+#include "nsServiceManagerUtils.h"
+#include "nsString.h"
+#include "nsVariant.h"
+
+#define PIPSTRING_BUNDLE_URL "chrome://pippki/locale/pippki.properties"
+
+nsNSSDialogs::nsNSSDialogs() = default;
+
+nsNSSDialogs::~nsNSSDialogs() = default;
+
+NS_IMPL_ISUPPORTS(nsNSSDialogs, nsITokenPasswordDialogs, nsICertificateDialogs,
+                  nsIClientAuthDialogs)
+
+nsresult nsNSSDialogs::Init() {
+  nsresult rv;
+
+  nsCOMPtr<nsIStringBundleService> service =
+      do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = service->CreateBundle(PIPSTRING_BUNDLE_URL,
+                             getter_AddRefs(mPIPStringBundle));
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::SetPassword(nsIInterfaceRequestor* ctx, nsIPK11Token* token,
+                          /*out*/ bool* canceled) {
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(canceled);
+
+  *canceled = false;
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+
+  nsCOMPtr<nsIDialogParamBlock> block =
+      do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
+  if (!block) return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIMutableArray> objects = nsArrayBase::Create();
+  if (!objects) {
+    return NS_ERROR_FAILURE;
+  }
+  nsresult rv = objects->AppendElement(token);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = block->SetObjects(objects);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = nsNSSDialogHelper::openDialog(
+      parent, "chrome://pippki/content/changepassword.xhtml", block);
+
+  if (NS_FAILED(rv)) return rv;
+
+  int32_t status;
+
+  rv = block->GetInt(1, &status);
+  if (NS_FAILED(rv)) return rv;
+
+  *canceled = (status == 0);
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor* ctx,
+                                    nsIX509Cert* cert,
+                                    /*out*/ uint32_t* trust,
+                                    /*out*/ bool* importConfirmed) {
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(cert);
+  NS_ENSURE_ARG(trust);
+  NS_ENSURE_ARG(importConfirmed);
+
+  nsCOMPtr<nsIMutableArray> argArray = nsArrayBase::Create();
+  if (!argArray) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = argArray->AppendElement(cert);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritablePropertyBag2> retVals = new nsHashPropertyBag();
+  rv = argArray->AppendElement(retVals);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+  rv = nsNSSDialogHelper::openDialog(
+      parent, "chrome://pippki/content/downloadcert.xhtml", argArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = retVals->GetPropertyAsBool(u"importConfirmed"_ns, importConfirmed);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  *trust = nsIX509CertDB::UNTRUSTED;
+  if (!*importConfirmed) {
+    return NS_OK;
+  }
+
+  bool trustForSSL = false;
+  rv = retVals->GetPropertyAsBool(u"trustForSSL"_ns, &trustForSSL);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  bool trustForEmail = false;
+  rv = retVals->GetPropertyAsBool(u"trustForEmail"_ns, &trustForEmail);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  *trust |= trustForSSL ? nsIX509CertDB::TRUSTED_SSL : 0;
+  *trust |= trustForEmail ? nsIX509CertDB::TRUSTED_EMAIL : 0;
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::ChooseCertificate(const nsACString& hostname, int32_t port,
+                                const nsACString& organization,
+                                const nsACString& issuerOrg, nsIArray* certList,
+                                /*out*/ uint32_t* selectedIndex,
+                                /*out*/ bool* rememberClientAuthCertificate,
+                                /*out*/ bool* certificateChosen) {
+  NS_ENSURE_ARG_POINTER(certList);
+  NS_ENSURE_ARG_POINTER(selectedIndex);
+  NS_ENSURE_ARG_POINTER(rememberClientAuthCertificate);
+  NS_ENSURE_ARG_POINTER(certificateChosen);
+
+  *certificateChosen = false;
+  *rememberClientAuthCertificate = false;
+
+  nsCOMPtr<nsIMutableArray> argArray = nsArrayBase::Create();
+  if (!argArray) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIWritableVariant> hostnameVariant = new nsVariant();
+  nsresult rv = hostnameVariant->SetAsAUTF8String(hostname);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(hostnameVariant);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritableVariant> organizationVariant = new nsVariant();
+  rv = organizationVariant->SetAsAUTF8String(organization);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(organizationVariant);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritableVariant> issuerOrgVariant = new nsVariant();
+  rv = issuerOrgVariant->SetAsAUTF8String(issuerOrg);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(issuerOrgVariant);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritableVariant> portVariant = new nsVariant();
+  rv = portVariant->SetAsInt32(port);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = argArray->AppendElement(portVariant);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = argArray->AppendElement(certList);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIWritablePropertyBag2> retVals = new nsHashPropertyBag();
+  rv = argArray->AppendElement(retVals);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = nsNSSDialogHelper::openDialog(
+      nullptr, "chrome://pippki/content/clientauthask.xhtml", argArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = retVals->GetPropertyAsBool(u"rememberSelection"_ns,
+                                  rememberClientAuthCertificate);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = retVals->GetPropertyAsBool(u"certChosen"_ns, certificateChosen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (*certificateChosen) {
+    rv = retVals->GetPropertyAsUint32(u"selectedIndex"_ns, selectedIndex);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor* ctx,
+                                    /*out*/ nsAString& password,
+                                    /*out*/ bool* confirmedPassword) {
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(confirmedPassword);
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+  nsCOMPtr<nsIWritablePropertyBag2> retVals = new nsHashPropertyBag();
+  nsresult rv = nsNSSDialogHelper::openDialog(
+      parent, "chrome://pippki/content/setp12password.xhtml", retVals);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = retVals->GetPropertyAsBool(u"confirmedPassword"_ns, confirmedPassword);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!*confirmedPassword) {
+    return NS_OK;
+  }
+
+  return retVals->GetPropertyAsAString(u"password"_ns, password);
+}
+
+NS_IMETHODIMP
+nsNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor* ctx,
+                                    nsAString& _password, bool* _retval) {
+  *_retval = false;
+
+  nsCOMPtr<nsIPromptService> promptSvc(
+      do_GetService(NS_PROMPTSERVICE_CONTRACTID));
+  if (!promptSvc) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoString msg;
+  nsresult rv =
+      mPIPStringBundle->GetStringFromName("getPKCS12FilePasswordMessage", msg);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Get the parent window for the dialog
+  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
+  char16_t* pwTemp = nullptr;
+  rv = promptSvc->PromptPassword(parent, nullptr, msg.get(), &pwTemp, _retval);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (*_retval) {
+    _password.Assign(pwTemp);
+    free(pwTemp);
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/pki/nsNSSDialogs.h b/security/manager/pki/nsNSSDialogs.h
new file mode 100644
index 0000000000..3c687ac667
--- /dev/null
+++ b/security/manager/pki/nsNSSDialogs.h
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSDialogs_h
+#define nsNSSDialogs_h
+
+#include "nsCOMPtr.h"
+#include "nsICertificateDialogs.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsIStringBundle.h"
+#include "nsITokenPasswordDialogs.h"
+
+#define NS_NSSDIALOGS_CID                            \
+  {                                                  \
+    0x518e071f, 0x1dd2, 0x11b2, {                    \
+      0x93, 0x7e, 0xc4, 0x5f, 0x14, 0xde, 0xf7, 0x78 \
+    }                                                \
+  }
+
+class nsNSSDialogs : public nsICertificateDialogs,
+                     public nsIClientAuthDialogs,
+                     public nsITokenPasswordDialogs {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSITOKENPASSWORDDIALOGS
+  NS_DECL_NSICERTIFICATEDIALOGS
+  NS_DECL_NSICLIENTAUTHDIALOGS
+  nsNSSDialogs();
+
+  nsresult Init();
+
+ protected:
+  virtual ~nsNSSDialogs();
+  nsCOMPtr<nsIStringBundle> mPIPStringBundle;
+};
+
+#endif  // nsNSSDialogs_h
diff --git a/security/manager/pki/resources/content/certManager.css b/security/manager/pki/resources/content/certManager.css
new file mode 100644
index 0000000000..9259472771
--- /dev/null
+++ b/security/manager/pki/resources/content/certManager.css
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Good enough support for equalsize=always for the cert manager use cases.
+ * You probably shouldn't use this as-is elsewhere, this selector is somewhat
+ * slow, it relies on stuff having display: flex, and you probably can use
+ * something simpler if you need this */
+[equalsize="always"] > * {
+  flex: 1;
+  contain: inline-size;
+}
+
+treecol {
+  flex: 1 auto;
+  width: 0; /* Don't let intrinsic sizes affect our minimum size. */
+}
+
+#certmanager {
+  /* This prevents horizontal scrollbars due to <tree> and non-XUL layout
+   * interactions */
+  padding: 0;
+}
+
+/* This matches the <tree> height from dialog.css */
+richlistbox {
+  min-height: 15em;
+  contain: size;
+}
+
+richlistbox,
+richlistitem {
+  min-height: 30px;
+}
diff --git a/security/manager/pki/resources/content/certManager.js b/security/manager/pki/resources/content/certManager.js
new file mode 100644
index 0000000000..00bb29f307
--- /dev/null
+++ b/security/manager/pki/resources/content/certManager.js
@@ -0,0 +1,769 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+const gCertFileTypes = "*.p7b; *.crt; *.cert; *.cer; *.pem; *.der";
+
+var { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+
+var key;
+
+var certdialogs = Cc["@mozilla.org/nsCertificateDialogs;1"].getService(
+  Ci.nsICertificateDialogs
+);
+
+/**
+ * List of certs currently selected in the active tab.
+ *
+ * @type {nsIX509Cert[]}
+ */
+var selected_certs = [];
+var selected_tree_items = [];
+var selected_index = [];
+var certdb;
+
+/**
+ * Cert tree for the "Authorities" tab.
+ *
+ * @type {nsICertTree}
+ */
+var caTreeView;
+/**
+ * Cert tree for the "Servers" tab.
+ *
+ * @type {nsICertTree}
+ */
+var serverTreeView;
+
+var overrideService;
+
+function createRichlistItem(item) {
+  let innerHbox = document.createXULElement("hbox");
+  innerHbox.setAttribute("align", "center");
+  innerHbox.setAttribute("flex", "1");
+
+  let row = document.createXULElement("label");
+  row.setAttribute("flex", "1");
+  row.setAttribute("crop", "end");
+  row.setAttribute("style", "margin-inline-start: 15px;");
+  if ("raw" in item) {
+    row.setAttribute("value", item.raw);
+  } else {
+    document.l10n.setAttributes(row, item.l10nid);
+  }
+  row.setAttribute("ordinal", "1");
+  innerHbox.appendChild(row);
+
+  return innerHbox;
+}
+
+var serverRichList = {
+  richlist: undefined,
+
+  buildRichList() {
+    let overrides = overrideService.getOverrides().map(item => {
+      return {
+        hostPort: item.hostPort,
+        asciiHost: item.asciiHost,
+        port: item.port,
+        originAttributes: item.originAttributes,
+        fingerprint: item.fingerprint,
+      };
+    });
+    overrides.sort((a, b) => {
+      let criteria = ["hostPort", "fingerprint"];
+      for (let c of criteria) {
+        let res = a[c].localeCompare(b[c]);
+        if (res !== 0) {
+          return res;
+        }
+      }
+      return 0;
+    });
+
+    this.richlist.textContent = "";
+    this.richlist.clearSelection();
+
+    let frag = document.createDocumentFragment();
+    for (let override of overrides) {
+      let richlistitem = this._richBoxAddItem(override);
+      frag.appendChild(richlistitem);
+    }
+    this.richlist.appendChild(frag);
+
+    this._setButtonState();
+    this.richlist.addEventListener("select", () => this._setButtonState());
+  },
+
+  _richBoxAddItem(item) {
+    let richlistitem = document.createXULElement("richlistitem");
+
+    richlistitem.setAttribute("host", item.asciiHost);
+    richlistitem.setAttribute("port", item.port);
+    richlistitem.setAttribute("hostPort", item.hostPort);
+    richlistitem.setAttribute("fingerprint", item.fingerprint);
+    richlistitem.setAttribute(
+      "originAttributes",
+      JSON.stringify(item.originAttributes)
+    );
+
+    let hbox = document.createXULElement("hbox");
+    hbox.setAttribute("flex", "1");
+    hbox.setAttribute("equalsize", "always");
+
+    hbox.appendChild(createRichlistItem({ raw: item.hostPort }));
+    hbox.appendChild(createRichlistItem({ raw: item.fingerprint }));
+
+    richlistitem.appendChild(hbox);
+
+    return richlistitem;
+  },
+
+  deleteSelectedRichListItem() {
+    let selectedItem = this.richlist.selectedItem;
+    if (!selectedItem) {
+      return;
+    }
+
+    let retVals = {
+      deleteConfirmed: false,
+    };
+    window.browsingContext.topChromeWindow.openDialog(
+      "chrome://pippki/content/deletecert.xhtml",
+      "",
+      "chrome,centerscreen,modal",
+      "websites_tab",
+      [
+        {
+          hostPort: selectedItem.attributes.hostPort.value,
+        },
+      ],
+      retVals
+    );
+
+    if (retVals.deleteConfirmed) {
+      overrideService.clearValidityOverride(
+        selectedItem.attributes.host.value,
+        selectedItem.attributes.port.value,
+        JSON.parse(selectedItem.attributes.originAttributes.value)
+      );
+      this.buildRichList();
+    }
+  },
+
+  addException() {
+    let retval = {
+      exceptionAdded: false,
+    };
+    window.browsingContext.topChromeWindow.openDialog(
+      "chrome://pippki/content/exceptionDialog.xhtml",
+      "",
+      "chrome,centerscreen,modal",
+      retval
+    );
+    if (retval.exceptionAdded) {
+      this.buildRichList();
+    }
+  },
+
+  _setButtonState() {
+    let websiteDeleteButton = document.getElementById("websites_deleteButton");
+    websiteDeleteButton.disabled = this.richlist.selectedIndex < 0;
+  },
+};
+/**
+ * Cert tree for the "People" tab.
+ *
+ * @type {nsICertTree}
+ */
+var emailTreeView;
+/**
+ * Cert tree for the "Your Certificates" tab.
+ *
+ * @type {nsICertTree}
+ */
+var userTreeView;
+
+var clientAuthRememberService;
+
+var rememberedDecisionsRichList = {
+  richlist: undefined,
+
+  buildRichList() {
+    let rememberedDecisions = clientAuthRememberService.getDecisions();
+
+    let oldItems = this.richlist.querySelectorAll("richlistitem");
+    for (let item of oldItems) {
+      item.remove();
+    }
+
+    let frag = document.createDocumentFragment();
+    for (let decision of rememberedDecisions) {
+      let richlistitem = this._richBoxAddItem(decision);
+      frag.appendChild(richlistitem);
+    }
+    this.richlist.appendChild(frag);
+
+    this.richlist.addEventListener("select", () => this.setButtonState());
+  },
+
+  _richBoxAddItem(item) {
+    let richlistitem = document.createXULElement("richlistitem");
+
+    richlistitem.setAttribute("entryKey", item.entryKey);
+    richlistitem.setAttribute("dbKey", item.dbKey);
+
+    let hbox = document.createXULElement("hbox");
+    hbox.setAttribute("flex", "1");
+    hbox.setAttribute("equalsize", "always");
+
+    hbox.appendChild(createRichlistItem({ raw: item.asciiHost }));
+    if (item.dbKey == "") {
+      hbox.appendChild(
+        createRichlistItem({ l10nid: "send-no-client-certificate" })
+      );
+
+      hbox.appendChild(createRichlistItem({ raw: "" }));
+    } else {
+      let tmpCert = certdb.findCertByDBKey(item.dbKey);
+      // The certificate corresponding to this item's dbKey may not be
+      // available (for example, if it was stored on a token that's been
+      // removed, or if it was deleted).
+      if (tmpCert) {
+        hbox.appendChild(createRichlistItem({ raw: tmpCert.commonName }));
+        hbox.appendChild(createRichlistItem({ raw: tmpCert.serialNumber }));
+      } else {
+        hbox.appendChild(
+          createRichlistItem({ l10nid: "certificate-not-available" })
+        );
+        hbox.appendChild(
+          createRichlistItem({ l10nid: "certificate-not-available" })
+        );
+      }
+    }
+
+    richlistitem.appendChild(hbox);
+
+    return richlistitem;
+  },
+
+  deleteSelectedRichListItem() {
+    let selectedItem = this.richlist.selectedItem;
+    let index = this.richlist.selectedIndex;
+    if (index < 0) {
+      return;
+    }
+
+    clientAuthRememberService.forgetRememberedDecision(
+      selectedItem.attributes.entryKey.value
+    );
+
+    this.buildRichList();
+    this.setButtonState();
+  },
+
+  viewSelectedRichListItem() {
+    let selectedItem = this.richlist.selectedItem;
+    let index = this.richlist.selectedIndex;
+    if (index < 0) {
+      return;
+    }
+
+    if (selectedItem.attributes.dbKey.value != "") {
+      let cert = certdb.findCertByDBKey(selectedItem.attributes.dbKey.value);
+      viewCertHelper(window, cert);
+    }
+  },
+
+  setButtonState() {
+    let rememberedDeleteButton = document.getElementById(
+      "remembered_deleteButton"
+    );
+    let rememberedViewButton = document.getElementById("remembered_viewButton");
+
+    rememberedDeleteButton.disabled = this.richlist.selectedIndex < 0;
+    rememberedViewButton.disabled =
+      this.richlist.selectedItem == null
+        ? true
+        : this.richlist.selectedItem.attributes.dbKey.value == "";
+  },
+};
+
+function LoadCerts() {
+  certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  var certcache = certdb.getCerts();
+
+  caTreeView = Cc["@mozilla.org/security/nsCertTree;1"].createInstance(
+    Ci.nsICertTree
+  );
+  caTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.CA_CERT);
+  document.getElementById("ca-tree").view = caTreeView;
+
+  emailTreeView = Cc["@mozilla.org/security/nsCertTree;1"].createInstance(
+    Ci.nsICertTree
+  );
+  emailTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.EMAIL_CERT);
+  document.getElementById("email-tree").view = emailTreeView;
+
+  userTreeView = Cc["@mozilla.org/security/nsCertTree;1"].createInstance(
+    Ci.nsICertTree
+  );
+  userTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.USER_CERT);
+  document.getElementById("user-tree").view = userTreeView;
+
+  clientAuthRememberService = Cc[
+    "@mozilla.org/security/clientAuthRememberService;1"
+  ].getService(Ci.nsIClientAuthRememberService);
+
+  overrideService = Cc["@mozilla.org/security/certoverride;1"].getService(
+    Ci.nsICertOverrideService
+  );
+
+  rememberedDecisionsRichList.richlist =
+    document.getElementById("rememberedList");
+  serverRichList.richlist = document.getElementById("serverList");
+
+  rememberedDecisionsRichList.buildRichList();
+  serverRichList.buildRichList();
+
+  rememberedDecisionsRichList.setButtonState();
+
+  enableBackupAllButton();
+}
+
+function enableBackupAllButton() {
+  let backupAllButton = document.getElementById("mine_backupAllButton");
+  backupAllButton.disabled = userTreeView.rowCount < 1;
+}
+
+function getSelectedCerts() {
+  var ca_tab = document.getElementById("ca_tab");
+  var mine_tab = document.getElementById("mine_tab");
+  var others_tab = document.getElementById("others_tab");
+  var items = null;
+  if (ca_tab.selected) {
+    items = caTreeView.selection;
+  } else if (mine_tab.selected) {
+    items = userTreeView.selection;
+  } else if (others_tab.selected) {
+    items = emailTreeView.selection;
+  }
+  selected_certs = [];
+  var cert = null;
+  var nr = 0;
+  if (items != null) {
+    nr = items.getRangeCount();
+  }
+  if (nr > 0) {
+    for (let i = 0; i < nr; i++) {
+      var o1 = {};
+      var o2 = {};
+      items.getRangeAt(i, o1, o2);
+      var min = o1.value;
+      var max = o2.value;
+      for (let j = min; j <= max; j++) {
+        if (ca_tab.selected) {
+          cert = caTreeView.getCert(j);
+        } else if (mine_tab.selected) {
+          cert = userTreeView.getCert(j);
+        } else if (others_tab.selected) {
+          cert = emailTreeView.getCert(j);
+        }
+        if (cert) {
+          var sc = selected_certs.length;
+          selected_certs[sc] = cert;
+          selected_index[sc] = j;
+        }
+      }
+    }
+  }
+}
+
+function getSelectedTreeItems() {
+  var ca_tab = document.getElementById("ca_tab");
+  var mine_tab = document.getElementById("mine_tab");
+  var others_tab = document.getElementById("others_tab");
+  var items = null;
+  if (ca_tab.selected) {
+    items = caTreeView.selection;
+  } else if (mine_tab.selected) {
+    items = userTreeView.selection;
+  } else if (others_tab.selected) {
+    items = emailTreeView.selection;
+  }
+  selected_certs = [];
+  selected_tree_items = [];
+  selected_index = [];
+  var tree_item = null;
+  var nr = 0;
+  if (items != null) {
+    nr = items.getRangeCount();
+  }
+  if (nr > 0) {
+    for (let i = 0; i < nr; i++) {
+      var o1 = {};
+      var o2 = {};
+      items.getRangeAt(i, o1, o2);
+      var min = o1.value;
+      var max = o2.value;
+      for (let j = min; j <= max; j++) {
+        if (ca_tab.selected) {
+          tree_item = caTreeView.getTreeItem(j);
+        } else if (mine_tab.selected) {
+          tree_item = userTreeView.getTreeItem(j);
+        } else if (others_tab.selected) {
+          tree_item = emailTreeView.getTreeItem(j);
+        }
+        if (tree_item) {
+          var sc = selected_tree_items.length;
+          selected_tree_items[sc] = tree_item;
+          selected_index[sc] = j;
+        }
+      }
+    }
+  }
+}
+
+/**
+ * Returns true if nothing in the given cert tree is selected or if the
+ * selection includes a container. Returns false otherwise.
+ *
+ * @param {nsICertTree} certTree
+ * @returns {boolean}
+ */
+function nothingOrContainerSelected(certTree) {
+  var certTreeSelection = certTree.selection;
+  var numSelectionRanges = certTreeSelection.getRangeCount();
+
+  if (numSelectionRanges == 0) {
+    return true;
+  }
+
+  for (var i = 0; i < numSelectionRanges; i++) {
+    var o1 = {};
+    var o2 = {};
+    certTreeSelection.getRangeAt(i, o1, o2);
+    var minIndex = o1.value;
+    var maxIndex = o2.value;
+    for (var j = minIndex; j <= maxIndex; j++) {
+      if (certTree.isContainer(j)) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
+
+async function promptError(aErrorCode) {
+  if (aErrorCode != Ci.nsIX509CertDB.Success) {
+    let msgName = "pkcs12-unknown-err";
+    switch (aErrorCode) {
+      case Ci.nsIX509CertDB.ERROR_PKCS12_NOSMARTCARD_EXPORT:
+        msgName = "pkcs12-info-no-smartcard-backup";
+        break;
+      case Ci.nsIX509CertDB.ERROR_PKCS12_RESTORE_FAILED:
+        msgName = "pkcs12-unknown-err-restore";
+        break;
+      case Ci.nsIX509CertDB.ERROR_PKCS12_BACKUP_FAILED:
+        msgName = "pkcs12-unknown-err-backup";
+        break;
+      case Ci.nsIX509CertDB.ERROR_PKCS12_CERT_COLLISION:
+      case Ci.nsIX509CertDB.ERROR_PKCS12_DUPLICATE_DATA:
+        msgName = "pkcs12-dup-data";
+        break;
+      case Ci.nsIX509CertDB.ERROR_BAD_PASSWORD:
+        msgName = "pk11-bad-password";
+        break;
+      case Ci.nsIX509CertDB.ERROR_DECODE_ERROR:
+        msgName = "pkcs12-decode-err";
+        break;
+      default:
+        break;
+    }
+    let [message] = await document.l10n.formatValues([{ id: msgName }]);
+    let prompter = Services.ww.getNewPrompter(window);
+    prompter.alert(null, message);
+  }
+}
+
+/**
+ * Enables or disables buttons corresponding to a cert tree depending on what
+ * is selected in the cert tree.
+ *
+ * @param {nsICertTree} certTree
+ * @param {Array} idList A list of string identifiers for button elements to
+ *    enable or disable.
+ */
+function enableButtonsForCertTree(certTree, idList) {
+  let disableButtons = nothingOrContainerSelected(certTree);
+
+  for (let id of idList) {
+    document.getElementById(id).setAttribute("disabled", disableButtons);
+  }
+}
+
+function ca_enableButtons() {
+  let idList = [
+    "ca_viewButton",
+    "ca_editButton",
+    "ca_exportButton",
+    "ca_deleteButton",
+  ];
+  enableButtonsForCertTree(caTreeView, idList);
+}
+
+function mine_enableButtons() {
+  let idList = ["mine_viewButton", "mine_backupButton", "mine_deleteButton"];
+  enableButtonsForCertTree(userTreeView, idList);
+}
+
+function email_enableButtons() {
+  let idList = ["email_viewButton", "email_exportButton", "email_deleteButton"];
+  enableButtonsForCertTree(emailTreeView, idList);
+}
+
+async function backupCerts() {
+  getSelectedCerts();
+  var numcerts = selected_certs.length;
+  if (numcerts == 0) {
+    return;
+  }
+
+  var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
+  let [backupFileDialog, filePkcs12Spec] = await document.l10n.formatValues([
+    { id: "choose-p12-backup-file-dialog" },
+    { id: "file-browse-pkcs12-spec" },
+  ]);
+  fp.init(window, backupFileDialog, Ci.nsIFilePicker.modeSave);
+  fp.appendFilter(filePkcs12Spec, "*.p12");
+  fp.appendFilters(Ci.nsIFilePicker.filterAll);
+  fp.defaultExtension = "p12";
+  fp.open(rv => {
+    if (
+      rv == Ci.nsIFilePicker.returnOK ||
+      rv == Ci.nsIFilePicker.returnReplace
+    ) {
+      let password = {};
+      if (certdialogs.setPKCS12FilePassword(window, password)) {
+        let errorCode = certdb.exportPKCS12File(
+          fp.file,
+          selected_certs,
+          password.value
+        );
+        promptError(errorCode);
+      }
+    }
+  });
+}
+
+function backupAllCerts() {
+  // Select all rows, then call doBackup()
+  userTreeView.selection.selectAll();
+  backupCerts();
+}
+
+function editCerts() {
+  getSelectedCerts();
+
+  for (let cert of selected_certs) {
+    window.browsingContext.topChromeWindow.openDialog(
+      "chrome://pippki/content/editcacert.xhtml",
+      "",
+      "chrome,centerscreen,modal",
+      cert
+    );
+  }
+}
+
+async function restoreCerts() {
+  var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
+  let [restoreFileDialog, filePkcs12Spec, fileCertSpec] =
+    await document.l10n.formatValues([
+      { id: "choose-p12-restore-file-dialog" },
+      { id: "file-browse-pkcs12-spec" },
+      { id: "file-browse-certificate-spec" },
+    ]);
+  fp.init(window, restoreFileDialog, Ci.nsIFilePicker.modeOpen);
+  fp.appendFilter(filePkcs12Spec, "*.p12; *.pfx");
+  fp.appendFilter(fileCertSpec, gCertFileTypes);
+  fp.appendFilters(Ci.nsIFilePicker.filterAll);
+  fp.open(rv => {
+    if (rv != Ci.nsIFilePicker.returnOK) {
+      return;
+    }
+
+    // If this is an X509 user certificate, import it as one.
+
+    var isX509FileType = false;
+    var fileTypesList = gCertFileTypes.slice(1).split("; *");
+    for (var type of fileTypesList) {
+      if (fp.file.path.endsWith(type)) {
+        isX509FileType = true;
+        break;
+      }
+    }
+
+    if (isX509FileType) {
+      let fstream = Cc[
+        "@mozilla.org/network/file-input-stream;1"
+      ].createInstance(Ci.nsIFileInputStream);
+      fstream.init(fp.file, -1, 0, 0);
+      let dataString = NetUtil.readInputStreamToString(
+        fstream,
+        fstream.available()
+      );
+      let dataArray = [];
+      for (let i = 0; i < dataString.length; i++) {
+        dataArray.push(dataString.charCodeAt(i));
+      }
+      fstream.close();
+      let prompter = Services.ww.getNewPrompter(window);
+      let interfaceRequestor = {
+        getInterface() {
+          return prompter;
+        },
+      };
+      certdb.importUserCertificate(
+        dataArray,
+        dataArray.length,
+        interfaceRequestor
+      );
+    } else {
+      // Otherwise, assume it's a PKCS12 file and import it that way.
+      let password = {};
+      let errorCode = Ci.nsIX509CertDB.ERROR_BAD_PASSWORD;
+      while (
+        errorCode == Ci.nsIX509CertDB.ERROR_BAD_PASSWORD &&
+        certdialogs.getPKCS12FilePassword(window, password)
+      ) {
+        errorCode = certdb.importPKCS12File(fp.file, password.value);
+        if (
+          errorCode == Ci.nsIX509CertDB.ERROR_BAD_PASSWORD &&
+          !password.value.length
+        ) {
+          // It didn't like empty string password, try no password.
+          errorCode = certdb.importPKCS12File(fp.file, null);
+        }
+        promptError(errorCode);
+      }
+    }
+
+    var certcache = certdb.getCerts();
+    userTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.USER_CERT);
+    userTreeView.selection.clearSelection();
+    caTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.CA_CERT);
+    caTreeView.selection.clearSelection();
+    enableBackupAllButton();
+  });
+}
+
+async function exportCerts() {
+  getSelectedCerts();
+
+  for (let cert of selected_certs) {
+    await exportToFile(window, cert);
+  }
+}
+
+/**
+ * Deletes the selected certs in the active tab.
+ */
+function deleteCerts() {
+  getSelectedTreeItems();
+  let numcerts = selected_tree_items.length;
+  if (numcerts == 0) {
+    return;
+  }
+
+  const treeViewMap = {
+    mine_tab: userTreeView,
+    ca_tab: caTreeView,
+    others_tab: emailTreeView,
+  };
+  let selTab = document.getElementById("certMgrTabbox").selectedItem;
+  let selTabID = selTab.getAttribute("id");
+
+  if (!(selTabID in treeViewMap)) {
+    return;
+  }
+
+  let retVals = {
+    deleteConfirmed: false,
+  };
+  window.browsingContext.topChromeWindow.openDialog(
+    "chrome://pippki/content/deletecert.xhtml",
+    "",
+    "chrome,centerscreen,modal",
+    selTabID,
+    selected_tree_items,
+    retVals
+  );
+
+  if (retVals.deleteConfirmed) {
+    let treeView = treeViewMap[selTabID];
+
+    for (let t = numcerts - 1; t >= 0; t--) {
+      treeView.deleteEntryObject(selected_index[t]);
+    }
+
+    selected_tree_items = [];
+    selected_index = [];
+    treeView.selection.clearSelection();
+    if (selTabID == "mine_tab") {
+      enableBackupAllButton();
+    }
+  }
+}
+
+function viewCerts() {
+  getSelectedCerts();
+
+  for (let cert of selected_certs) {
+    viewCertHelper(window, cert);
+  }
+}
+
+async function addCACerts() {
+  var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
+  let [importCa, fileCertSpec] = await document.l10n.formatValues([
+    { id: "import-ca-certs-prompt" },
+    { id: "file-browse-certificate-spec" },
+  ]);
+  fp.init(window, importCa, Ci.nsIFilePicker.modeOpen);
+  fp.appendFilter(fileCertSpec, gCertFileTypes);
+  fp.appendFilters(Ci.nsIFilePicker.filterAll);
+  fp.open(rv => {
+    if (rv == Ci.nsIFilePicker.returnOK) {
+      certdb.importCertsFromFile(fp.file, Ci.nsIX509Cert.CA_CERT);
+      let certcache = certdb.getCerts();
+      caTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.CA_CERT);
+      caTreeView.selection.clearSelection();
+    }
+  });
+}
+
+async function addEmailCert() {
+  var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
+  let [importEmail, fileCertSpec] = await document.l10n.formatValues([
+    { id: "import-email-cert-prompt" },
+    { id: "file-browse-certificate-spec" },
+  ]);
+  fp.init(window, importEmail, Ci.nsIFilePicker.modeOpen);
+  fp.appendFilter(fileCertSpec, gCertFileTypes);
+  fp.appendFilters(Ci.nsIFilePicker.filterAll);
+  fp.open(rv => {
+    if (rv == Ci.nsIFilePicker.returnOK) {
+      certdb.importCertsFromFile(fp.file, Ci.nsIX509Cert.EMAIL_CERT);
+      var certcache = certdb.getCerts();
+      emailTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.EMAIL_CERT);
+      emailTreeView.selection.clearSelection();
+      caTreeView.loadCertsFromCache(certcache, Ci.nsIX509Cert.CA_CERT);
+      caTreeView.selection.clearSelection();
+    }
+  });
+}
diff --git a/security/manager/pki/resources/content/certManager.xhtml b/security/manager/pki/resources/content/certManager.xhtml
new file mode 100644
index 0000000000..9cf0543d78
--- /dev/null
+++ b/security/manager/pki/resources/content/certManager.xhtml
@@ -0,0 +1,330 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+<?xml-stylesheet href="chrome://pippki/content/certManager.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  windowtype="mozilla:certmanager"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  data-l10n-id="certmgr-title"
+  onload="LoadCerts();"
+  persist="screenX screenY width height"
+>
+  <dialog id="certmanager" buttons="accept">
+    <linkset>
+      <html:link
+        rel="localization"
+        href="security/certificates/certManager.ftl"
+      />
+    </linkset>
+
+    <script src="chrome://pippki/content/pippki.js" />
+    <script src="chrome://pippki/content/certManager.js" />
+
+    <tabbox id="certmanagertabs" flex="1" persist="selectedIndex">
+      <tabs id="certMgrTabbox">
+        <tab id="mine_tab" data-l10n-id="certmgr-tab-mine" />
+        <tab id="remembered_tab" data-l10n-id="certmgr-tab-remembered" />
+        <tab id="others_tab" data-l10n-id="certmgr-tab-people" />
+        <tab id="websites_tab" data-l10n-id="certmgr-tab-servers" />
+        <tab id="ca_tab" data-l10n-id="certmgr-tab-ca" selected="true" />
+      </tabs>
+      <tabpanels flex="1">
+        <vbox id="myCerts" flex="1">
+          <description data-l10n-id="certmgr-mine"></description>
+          <separator class="thin" />
+          <tree
+            id="user-tree"
+            flex="1"
+            enableColumnDrag="true"
+            onselect="mine_enableButtons()"
+          >
+            <treecols>
+              <!--
+              The below code may suggest that 'ordinal' is still a supported XUL
+              XUL attribute. It is not. This is a crutch so that we can
+              continue persisting the CSS order property,
+              which is the appropriate replacement for the ordinal attribute
+              but cannot yet be easily persisted. The code that synchronizes
+              the attribute with the CSS lives in
+              toolkit/content/widget/tree.js and is specific to tree elements.
+            -->
+              <treecol
+                id="certcol"
+                data-l10n-id="certmgr-cert-name"
+                primary="true"
+                persist="hidden width ordinal"
+              />
+              <splitter class="tree-splitter" />
+              <treecol
+                id="tokencol"
+                data-l10n-id="certmgr-token-name"
+                persist="hidden width ordinal"
+              />
+              <splitter class="tree-splitter" />
+              <treecol
+                id="serialnumcol"
+                data-l10n-id="certmgr-serial"
+                persist="hidden width ordinal"
+              />
+              <splitter class="tree-splitter" />
+              <treecol
+                id="issuedcol"
+                data-l10n-id="certmgr-begins-label"
+                hidden="true"
+                persist="hidden width ordinal"
+              />
+              <splitter class="tree-splitter" />
+              <treecol
+                id="expiredcol"
+                data-l10n-id="certmgr-expires-label"
+                persist="hidden width ordinal"
+              />
+            </treecols>
+            <treechildren ondblclick="viewCerts();" />
+          </tree>
+
+          <separator class="thin" />
+
+          <hbox>
+            <button
+              id="mine_viewButton"
+              class="normal"
+              data-l10n-id="certmgr-view"
+              disabled="true"
+              oncommand="viewCerts();"
+            />
+            <button
+              id="mine_backupButton"
+              class="normal"
+              data-l10n-id="certmgr-backup"
+              disabled="true"
+              oncommand="backupCerts();"
+            />
+            <button
+              id="mine_backupAllButton"
+              class="normal"
+              data-l10n-id="certmgr-backup-all"
+              oncommand="backupAllCerts();"
+            />
+            <button
+              id="mine_restoreButton"
+              class="normal"
+              data-l10n-id="certmgr-restore"
+              oncommand="restoreCerts();"
+            />
+            <button
+              id="mine_deleteButton"
+              class="normal"
+              data-l10n-id="certmgr-delete"
+              disabled="true"
+              oncommand="deleteCerts();"
+            />
+          </hbox>
+        </vbox>
+        <vbox id="rememberedCerts" flex="1">
+          <description data-l10n-id="certmgr-remembered"></description>
+          <separator class="thin" />
+
+          <listheader equalsize="always">
+            <treecol
+              id="hostcol"
+              data-l10n-id="certmgr-cert-host"
+              primary="true"
+              persist="hidden width ordinal"
+            />
+            <treecol
+              id="certcol"
+              data-l10n-id="certmgr-cert-name"
+              primary="true"
+              persist="hidden width ordinal"
+            />
+            <treecol
+              id="serialnumcol"
+              data-l10n-id="certmgr-serial"
+              persist="hidden width ordinal"
+            />
+          </listheader>
+          <richlistbox id="rememberedList" flex="1" selected="false" />
+
+          <separator class="thin" />
+
+          <hbox>
+            <button
+              id="remembered_deleteButton"
+              class="normal"
+              data-l10n-id="certmgr-delete"
+              oncommand="rememberedDecisionsRichList.deleteSelectedRichListItem()"
+            />
+
+            <button
+              id="remembered_viewButton"
+              class="normal"
+              data-l10n-id="certmgr-view"
+              oncommand="rememberedDecisionsRichList.viewSelectedRichListItem()"
+            />
+          </hbox>
+        </vbox>
+        <vbox id="othersCerts" flex="1">
+          <description data-l10n-id="certmgr-people"></description>
+          <separator class="thin" />
+          <tree id="email-tree" flex="1" onselect="email_enableButtons()">
+            <treecols>
+              <treecol
+                id="certcol"
+                data-l10n-id="certmgr-cert-name"
+                primary="true"
+              />
+              <splitter class="tree-splitter" />
+              <treecol id="emailcol" data-l10n-id="certmgr-email" />
+              <splitter class="tree-splitter" />
+              <treecol id="expiredcol" data-l10n-id="certmgr-expires-label" />
+            </treecols>
+            <treechildren flex="1" ondblclick="viewCerts();" />
+          </tree>
+
+          <separator class="thin" />
+
+          <hbox>
+            <button
+              id="email_viewButton"
+              data-l10n-id="certmgr-view"
+              disabled="true"
+              oncommand="viewCerts();"
+            />
+            <button
+              id="email_addButton"
+              data-l10n-id="certmgr-restore"
+              oncommand="addEmailCert();"
+            />
+            <button
+              id="email_exportButton"
+              data-l10n-id="certmgr-export"
+              disabled="true"
+              oncommand="exportCerts();"
+            />
+            <button
+              id="email_deleteButton"
+              data-l10n-id="certmgr-delete"
+              disabled="true"
+              oncommand="deleteCerts();"
+            />
+          </hbox>
+        </vbox>
+
+        <vbox id="webCerts" flex="1">
+          <description data-l10n-id="certmgr-server"></description>
+          <separator class="thin" />
+
+          <listheader equalsize="always">
+            <treecol
+              id="sitecol"
+              data-l10n-id="certmgr-cert-server"
+              primary="true"
+            />
+            <treecol
+              id="sha256col"
+              data-l10n-id="certmgr-fingerprint-sha-256"
+            />
+          </listheader>
+          <richlistbox
+            ondblclick="serverRichList.viewSelectedRichListItem();"
+            id="serverList"
+            flex="1"
+            selected="false"
+          />
+
+          <separator class="thin" />
+
+          <hbox>
+            <button
+              id="websites_deleteButton"
+              data-l10n-id="certmgr-delete"
+              oncommand="serverRichList.deleteSelectedRichListItem();"
+            />
+            <button
+              id="websites_exceptionButton"
+              data-l10n-id="certmgr-add-exception"
+              oncommand="serverRichList.addException();"
+            />
+          </hbox>
+        </vbox>
+        <vbox id="CACerts" flex="1">
+          <description data-l10n-id="certmgr-ca"></description>
+          <separator class="thin" />
+          <tree
+            id="ca-tree"
+            flex="1"
+            enableColumnDrag="true"
+            onselect="ca_enableButtons()"
+          >
+            <treecols>
+              <!--
+              The below code may suggest that 'ordinal' is still a supported XUL
+              XUL attribute. It is not. This is a crutch so that we can
+              continue persisting the CSS order property,
+              which is the appropriate replacement for the ordinal attribute
+              but cannot yet be easily persisted. The code that synchronizes
+              the attribute with the CSS lives in
+              toolkit/content/widget/tree.js and is specific to tree elements.
+            -->
+              <treecol
+                id="certcol"
+                data-l10n-id="certmgr-cert-name"
+                primary="true"
+                persist="hidden width ordinal"
+              />
+              <splitter class="tree-splitter" />
+              <treecol
+                id="tokencol"
+                data-l10n-id="certmgr-token-name"
+                persist="hidden width ordinal"
+              />
+            </treecols>
+            <treechildren ondblclick="viewCerts();" />
+          </tree>
+
+          <separator class="thin" />
+
+          <hbox>
+            <button
+              id="ca_viewButton"
+              data-l10n-id="certmgr-view"
+              disabled="true"
+              oncommand="viewCerts();"
+            />
+            <button
+              id="ca_editButton"
+              data-l10n-id="certmgr-edit"
+              disabled="true"
+              oncommand="editCerts();"
+            />
+            <button
+              id="ca_addButton"
+              data-l10n-id="certmgr-restore"
+              oncommand="addCACerts();"
+            />
+            <button
+              id="ca_exportButton"
+              data-l10n-id="certmgr-export"
+              disabled="true"
+              oncommand="exportCerts();"
+            />
+            <button
+              id="ca_deleteButton"
+              data-l10n-id="certmgr-delete-builtin"
+              disabled="true"
+              oncommand="deleteCerts();"
+            />
+          </hbox>
+        </vbox>
+      </tabpanels>
+    </tabbox>
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/changepassword.js b/security/manager/pki/resources/content/changepassword.js
new file mode 100644
index 0000000000..e3d6b118bf
--- /dev/null
+++ b/security/manager/pki/resources/content/changepassword.js
@@ -0,0 +1,212 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+const { XPCOMUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/XPCOMUtils.sys.mjs"
+);
+
+XPCOMUtils.defineLazyGetter(
+  this,
+  "l10n",
+  () => new Localization(["security/pippki/pippki.ftl"], true)
+);
+
+var params;
+var token;
+var pw1;
+
+function doPrompt(messageL10nId) {
+  let msg = l10n.formatValueSync(messageL10nId);
+  Services.prompt.alert(window, null, msg);
+}
+
+function onLoad() {
+  document.getElementById("set_password").getButton("accept").disabled = true;
+  document.addEventListener("dialogaccept", setPassword);
+
+  pw1 = document.getElementById("pw1");
+  params = window.arguments[0].QueryInterface(Ci.nsIDialogParamBlock);
+  token = params.objects.GetElementAt(0).QueryInterface(Ci.nsIPK11Token);
+
+  document.l10n.setAttributes(
+    document.getElementById("tokenName"),
+    "change-password-token",
+    { tokenName: token.tokenName }
+  );
+  process();
+}
+
+function process() {
+  let bundle = document.getElementById("pippki_bundle");
+  let oldpwbox = document.getElementById("oldpw");
+  let msgBox = document.getElementById("message");
+  // If the token is unitialized, don't use the old password box.
+  // Otherwise, do.
+  if ((token.needsLogin() && token.needsUserInit) || !token.needsLogin()) {
+    oldpwbox.hidden = true;
+    msgBox.setAttribute("value", bundle.getString("password_not_set"));
+    msgBox.hidden = false;
+
+    if (!token.needsLogin()) {
+      oldpwbox.setAttribute("inited", "empty");
+    } else {
+      oldpwbox.setAttribute("inited", "true");
+    }
+
+    // Select first password field
+    document.getElementById("pw1").focus();
+  } else {
+    // Select old password field
+    oldpwbox.hidden = false;
+    msgBox.hidden = true;
+    oldpwbox.setAttribute("inited", "false");
+    oldpwbox.focus();
+  }
+
+  // Return value 0 means "canceled"
+  params.SetInt(1, 0);
+
+  checkPasswords();
+}
+
+function setPassword(event) {
+  var oldpwbox = document.getElementById("oldpw");
+  var initpw = oldpwbox.getAttribute("inited");
+
+  var success = false;
+
+  if (initpw == "false" || initpw == "empty") {
+    try {
+      var oldpw = "";
+      var passok = 0;
+
+      if (initpw == "empty") {
+        passok = 1;
+      } else {
+        oldpw = oldpwbox.value;
+        passok = token.checkPassword(oldpw);
+      }
+
+      if (passok) {
+        if (initpw == "empty" && pw1.value == "") {
+          // checkPasswords() should have prevented this path from being reached.
+        } else {
+          if (pw1.value == "") {
+            var secmoddb = Cc[
+              "@mozilla.org/security/pkcs11moduledb;1"
+            ].getService(Ci.nsIPKCS11ModuleDB);
+            if (secmoddb.isFIPSEnabled) {
+              // empty passwords are not allowed in FIPS mode
+              doPrompt("pippki-pw-change2empty-in-fips-mode");
+              passok = 0;
+            }
+          }
+          if (passok) {
+            token.changePassword(oldpw, pw1.value);
+            if (pw1.value == "") {
+              doPrompt("pippki-pw-erased-ok");
+            } else {
+              doPrompt("pippki-pw-change-ok");
+            }
+            success = true;
+          }
+        }
+      } else {
+        oldpwbox.focus();
+        oldpwbox.setAttribute("value", "");
+        doPrompt("pippki-incorrect-pw");
+      }
+    } catch (e) {
+      doPrompt("pippki-failed-pw-change");
+    }
+  } else {
+    token.initPassword(pw1.value);
+    if (pw1.value == "") {
+      doPrompt("pippki-pw-not-wanted");
+    }
+    success = true;
+  }
+
+  if (success && params) {
+    // Return value 1 means "successfully executed ok"
+    params.SetInt(1, 1);
+  }
+
+  // Terminate dialog
+  if (!success) {
+    event.preventDefault();
+  }
+}
+
+function setPasswordStrength() {
+  // We weigh the quality of the password by checking the number of:
+  //  - Characters
+  //  - Numbers
+  //  - Non-alphanumeric chars
+  //  - Upper and lower case characters
+
+  let pw = document.getElementById("pw1").value;
+
+  let pwlength = pw.length;
+  if (pwlength > 5) {
+    pwlength = 5;
+  }
+
+  let numnumeric = pw.replace(/[0-9]/g, "");
+  let numeric = pw.length - numnumeric.length;
+  if (numeric > 3) {
+    numeric = 3;
+  }
+
+  let symbols = pw.replace(/\W/g, "");
+  let numsymbols = pw.length - symbols.length;
+  if (numsymbols > 3) {
+    numsymbols = 3;
+  }
+
+  let numupper = pw.replace(/[A-Z]/g, "");
+  let upper = pw.length - numupper.length;
+  if (upper > 3) {
+    upper = 3;
+  }
+
+  let pwstrength =
+    pwlength * 10 - 20 + numeric * 10 + numsymbols * 15 + upper * 10;
+
+  // Clamp strength to [0, 100].
+  if (pwstrength < 0) {
+    pwstrength = 0;
+  }
+  if (pwstrength > 100) {
+    pwstrength = 100;
+  }
+
+  let meter = document.getElementById("pwmeter");
+  meter.setAttribute("value", pwstrength);
+}
+
+function checkPasswords() {
+  let pw1 = document.getElementById("pw1").value;
+  let pw2 = document.getElementById("pw2").value;
+
+  var oldpwbox = document.getElementById("oldpw");
+  if (oldpwbox) {
+    var initpw = oldpwbox.getAttribute("inited");
+
+    if (initpw == "empty" && pw1 == "") {
+      // The token has already been initialized, therefore this dialog
+      // was called with the intention to change the password.
+      // The token currently uses an empty password.
+      // We will not allow changing the password from empty to empty.
+      document
+        .getElementById("set_password")
+        .getButton("accept").disabled = true;
+      return;
+    }
+  }
+
+  document.getElementById("set_password").getButton("accept").disabled =
+    pw1 != pw2;
+}
diff --git a/security/manager/pki/resources/content/changepassword.xhtml b/security/manager/pki/resources/content/changepassword.xhtml
new file mode 100644
index 0000000000..8ed7e5e6a2
--- /dev/null
+++ b/security/manager/pki/resources/content/changepassword.xhtml
@@ -0,0 +1,77 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  data-l10n-id="change-device-password-window"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  onload="onLoad();"
+>
+  <dialog id="set_password" buttons="accept,cancel">
+    <linkset>
+      <html:link rel="localization" href="security/pippki/pippki.ftl" />
+    </linkset>
+
+    <stringbundle
+      id="pippki_bundle"
+      src="chrome://pippki/locale/pippki.properties"
+    />
+
+    <script src="chrome://global/content/globalOverlay.js" />
+    <script src="chrome://global/content/editMenuOverlay.js" />
+
+    <script src="chrome://pippki/content/changepassword.js" />
+
+    <hbox align="center">
+      <label
+        id="tokenName"
+        data-l10n-id="change-password-token"
+        data-l10n-args='{"tokenName":""}'
+      />
+    </hbox>
+
+    <separator />
+
+    <vbox>
+      <hbox class="input-row">
+        <label flex="1" data-l10n-id="change-password-old" />
+        <html:input id="oldpw" type="password" />
+        <!-- This textbox is inserted as a workaround to the fact that making the 'type'
+         & 'disabled' property of the 'oldpw' textbox toggle between ['password' &
+         'false'] and ['text' & 'true'] - as would be necessary if the menu has more
+         than one tokens, some initialized and some not - does not work properly. So,
+         either the textbox 'oldpw' or the textbox 'message' would be displayed,
+         depending on the state of the token selected
+     -->
+        <html:input id="message" disabled="true" />
+      </hbox>
+      <hbox class="input-row">
+        <label flex="1" data-l10n-id="change-password-new" />
+        <html:input
+          id="pw1"
+          type="password"
+          oninput="setPasswordStrength(); checkPasswords();"
+        />
+      </hbox>
+      <hbox class="input-row">
+        <label flex="1" data-l10n-id="change-password-reenter" />
+        <html:input id="pw2" type="password" oninput="checkPasswords();" />
+      </hbox>
+    </vbox>
+
+    <vbox style="margin: 6px">
+      <label
+        for="pwmeter"
+        style="display: flex"
+        data-l10n-id="password-quality-meter"
+      />
+      <html:progress id="pwmeter" value="0" max="100" />
+    </vbox>
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/clientauthask.js b/security/manager/pki/resources/content/clientauthask.js
new file mode 100644
index 0000000000..782b0d7204
--- /dev/null
+++ b/security/manager/pki/resources/content/clientauthask.js
@@ -0,0 +1,178 @@
+/* -*- tab-width: 2; indent-tabs-mode: nil; js-indent-level: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+const { parse, pemToDER } = ChromeUtils.importESModule(
+  "chrome://global/content/certviewer/certDecoder.mjs"
+);
+
+/**
+ * @file Implements the functionality of clientauthask.xhtml: a dialog that allows
+ *       a user pick a client certificate for TLS client authentication.
+ * @param {string} window.arguments.0
+ *           The hostname of the server requesting client authentication.
+ * @param {string} window.arguments.1
+ *           The Organization of the server cert.
+ * @param {string} window.arguments.2
+ *           The Organization of the issuer of the server cert.
+ * @param {number} window.arguments.3
+ *           The port of the server.
+ * @param {nsISupports} window.arguments.4
+ *           List of certificates the user can choose from, queryable to
+ *           nsIArray<nsIX509Cert>.
+ * @param {nsISupports} window.arguments.5
+ *           Object to set the return values of calling the dialog on, queryable
+ *           to the underlying type of ClientAuthAskReturnValues.
+ */
+
+/**
+ * @typedef ClientAuthAskReturnValues
+ * @type {nsIWritablePropertyBag2}
+ * @property {boolean} certChosen
+ *           Set to true if the user chose a cert and accepted the dialog, false
+ *           otherwise.
+ * @property {boolean} rememberSelection
+ *           Set to true if the user wanted their cert selection to be
+ *           remembered, false otherwise.
+ * @property {number} selectedIndex
+ *           The index the chosen cert is at for the given cert list. Undefined
+ *           value if |certChosen| is not true.
+ */
+
+/**
+ * The pippki <stringbundle> element.
+ *
+ * @type {stringbundle}
+ * @see {@link toolkit/content/widgets/stringbundle.js}
+ */
+var bundle;
+/**
+ * The array of certs the user can choose from.
+ *
+ * @type {nsIArray<nsIX509Cert>}
+ */
+var certArray;
+/**
+ * The checkbox storing whether the user wants to remember the selected cert.
+ *
+ * @type {HTMLInputElement} Element checkbox, has to have |checked| property.
+ */
+var rememberBox;
+
+async function onLoad() {
+  bundle = document.getElementById("pippki_bundle");
+  let rememberSetting = Services.prefs.getBoolPref(
+    "security.remember_cert_checkbox_default_setting"
+  );
+
+  rememberBox = document.getElementById("rememberBox");
+  rememberBox.label = bundle.getString("clientAuthRemember");
+  rememberBox.checked = rememberSetting;
+
+  let hostname = window.arguments[0];
+  let org = window.arguments[1];
+  let issuerOrg = window.arguments[2];
+  let port = window.arguments[3];
+  let formattedOrg = bundle.getFormattedString("clientAuthMessage1", [org]);
+  let formattedIssuerOrg = bundle.getFormattedString("clientAuthMessage2", [
+    issuerOrg,
+  ]);
+  let formattedHostnameAndPort = bundle.getFormattedString(
+    "clientAuthHostnameAndPort",
+    [hostname, port.toString()]
+  );
+  setText("hostname", formattedHostnameAndPort);
+  setText("organization", formattedOrg);
+  setText("issuer", formattedIssuerOrg);
+
+  let selectElement = document.getElementById("nicknames");
+  certArray = window.arguments[4].QueryInterface(Ci.nsIArray);
+  for (let i = 0; i < certArray.length; i++) {
+    let menuItemNode = document.createXULElement("menuitem");
+    let cert = certArray.queryElementAt(i, Ci.nsIX509Cert);
+    let nickAndSerial = bundle.getFormattedString("clientAuthNickAndSerial", [
+      cert.displayName,
+      cert.serialNumber,
+    ]);
+    menuItemNode.setAttribute("value", i);
+    menuItemNode.setAttribute("label", nickAndSerial); // This is displayed.
+    selectElement.menupopup.appendChild(menuItemNode);
+    if (i == 0) {
+      selectElement.selectedItem = menuItemNode;
+    }
+  }
+
+  await setDetails();
+  document.addEventListener("dialogaccept", doOK);
+  document.addEventListener("dialogcancel", doCancel);
+
+  Services.obs.notifyObservers(
+    document.getElementById("certAuthAsk"),
+    "cert-dialog-loaded"
+  );
+}
+
+/**
+ * Populates the details section with information concerning the selected cert.
+ */
+async function setDetails() {
+  let index = parseInt(document.getElementById("nicknames").value);
+  let cert = certArray.queryElementAt(index, Ci.nsIX509Cert);
+
+  const formatter = new Intl.DateTimeFormat(undefined, {
+    dateStyle: "medium",
+    timeStyle: "long",
+  });
+  let detailLines = [
+    bundle.getFormattedString("clientAuthIssuedTo", [cert.subjectName]),
+    bundle.getFormattedString("clientAuthSerial", [cert.serialNumber]),
+    bundle.getFormattedString("clientAuthValidityPeriod", [
+      formatter.format(new Date(cert.validity.notBefore / 1000)),
+      formatter.format(new Date(cert.validity.notAfter / 1000)),
+    ]),
+  ];
+  let parsedCert = await parse(pemToDER(cert.getBase64DERString()));
+  let keyUsages = parsedCert.ext.keyUsages;
+  if (keyUsages && keyUsages.purposes.length) {
+    detailLines.push(
+      bundle.getFormattedString("clientAuthKeyUsages", [keyUsages.purposes])
+    );
+  }
+  let emailAddresses = cert.getEmailAddresses();
+  if (emailAddresses.length) {
+    let joinedAddresses = emailAddresses.join(", ");
+    detailLines.push(
+      bundle.getFormattedString("clientAuthEmailAddresses", [joinedAddresses])
+    );
+  }
+  detailLines.push(
+    bundle.getFormattedString("clientAuthIssuedBy", [cert.issuerName])
+  );
+  detailLines.push(
+    bundle.getFormattedString("clientAuthStoredOn", [cert.tokenName])
+  );
+
+  document.getElementById("details").value = detailLines.join("\n");
+}
+
+async function onCertSelected() {
+  await setDetails();
+}
+
+function doOK() {
+  let retVals = window.arguments[5].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("certChosen", true);
+  let index = parseInt(document.getElementById("nicknames").value);
+  retVals.setPropertyAsUint32("selectedIndex", index);
+  retVals.setPropertyAsBool("rememberSelection", rememberBox.checked);
+}
+
+function doCancel() {
+  let retVals = window.arguments[5].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("certChosen", false);
+  retVals.setPropertyAsBool("rememberSelection", rememberBox.checked);
+}
diff --git a/security/manager/pki/resources/content/clientauthask.xhtml b/security/manager/pki/resources/content/clientauthask.xhtml
new file mode 100644
index 0000000000..f182372ed2
--- /dev/null
+++ b/security/manager/pki/resources/content/clientauthask.xhtml
@@ -0,0 +1,55 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  data-l10n-id="client-auth-window"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  onload="onLoad();"
+>
+  <dialog id="certAuthAsk" buttons="accept,cancel">
+    <linkset>
+      <html:link rel="localization" href="security/pippki/pippki.ftl" />
+    </linkset>
+
+    <stringbundleset id="stringbundleset">
+      <stringbundle
+        id="pippki_bundle"
+        src="chrome://pippki/locale/pippki.properties"
+      />
+    </stringbundleset>
+
+    <script src="chrome://pippki/content/pippki.js" />
+    <script src="chrome://pippki/content/clientauthask.js" />
+    <script src="chrome://global/content/globalOverlay.js" />
+    <script src="chrome://global/content/editMenuOverlay.js" />
+
+    <description
+      style="font-weight: bold"
+      data-l10n-id="client-auth-site-description"
+    ></description>
+    <description id="hostname" />
+    <description id="organization" />
+    <description id="issuer" />
+
+    <description
+      style="font-weight: bold"
+      data-l10n-id="client-auth-choose-cert"
+    ></description>
+    <!-- The items in this menulist must never be sorted,
+     but remain in the order filled by the application
+-->
+    <menulist id="nicknames" oncommand="onCertSelected();" native="true">
+      <menupopup />
+    </menulist>
+    <description data-l10n-id="client-auth-cert-details"></description>
+    <html:textarea readonly="readonly" id="details" style="height: 11em" />
+    <checkbox id="rememberBox" checked="true" native="true" />
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/deletecert.css b/security/manager/pki/resources/content/deletecert.css
new file mode 100644
index 0000000000..4607f0a44a
--- /dev/null
+++ b/security/manager/pki/resources/content/deletecert.css
@@ -0,0 +1,19 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+dialog::part(content-box) {
+  flex: 1;
+}
+
+#confirm,
+#impact {
+  /* We don't want these to impact the horizontal size of the dialog */
+  contain: inline-size;
+}
+
+#certlist {
+  flex: 1;
+  min-height: 8em;
+  min-width: 35em;
+}
diff --git a/security/manager/pki/resources/content/deletecert.js b/security/manager/pki/resources/content/deletecert.js
new file mode 100644
index 0000000000..7d926863ed
--- /dev/null
+++ b/security/manager/pki/resources/content/deletecert.js
@@ -0,0 +1,121 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+/**
+ * @file Implements the functionality of deletecert.xhtml: a dialog that allows a
+ *       user to confirm whether to delete certain certificates.
+ * @param {string} window.arguments.0
+ *           One of the tab IDs listed in certManager.xhtml.
+ * @param {object[]} window.arguments.1
+ *           An array of objects representing the certs to delete.
+ *           Each must have a 'cert' property or a 'hostPort' property.
+ * @param {DeleteCertReturnValues} window.arguments.2
+ *           Object holding the return values of calling the dialog.
+ */
+
+/**
+ * @typedef DeleteCertReturnValues
+ * @type {object}
+ * @property {boolean} deleteConfirmed
+ *           Set to true if the user confirmed deletion of the given certs,
+ *           false otherwise.
+ */
+
+/**
+ * Returns the element to represent the given cert to delete.
+ *
+ * @param {object} certToDelete
+ *        The item to represent.
+ * @returns {Element}
+ *          A element of each cert tree item.
+ */
+function getLabelForCertToDelete(certToDelete) {
+  let element = document.createXULElement("label");
+  let cert = certToDelete.cert;
+  if (!cert) {
+    element.setAttribute("value", certToDelete.hostPort);
+    return element;
+  }
+
+  const attributes = [
+    cert.commonName,
+    cert.organizationalUnit,
+    cert.organization,
+    cert.subjectName,
+  ];
+  for (let attribute of attributes) {
+    if (attribute) {
+      element.setAttribute("value", attribute);
+      return element;
+    }
+  }
+
+  document.l10n.setAttributes(element, "cert-with-serial", {
+    serialNumber: cert.serialNumber,
+  });
+  return element;
+}
+
+/**
+ * onload() handler.
+ */
+function onLoad() {
+  let typeFlag = window.arguments[0];
+  let confirm = document.getElementById("confirm");
+  let impact = document.getElementById("impact");
+  let prefixForType;
+  switch (typeFlag) {
+    case "mine_tab":
+      prefixForType = "delete-user-cert-";
+      break;
+    case "websites_tab":
+      prefixForType = "delete-ssl-override-";
+      break;
+    case "ca_tab":
+      prefixForType = "delete-ca-cert-";
+      break;
+    case "others_tab":
+      prefixForType = "delete-email-cert-";
+      break;
+    default:
+      return;
+  }
+
+  document.l10n.setAttributes(
+    document.documentElement,
+    prefixForType + "title"
+  );
+  document.l10n.setAttributes(confirm, prefixForType + "confirm");
+  document.l10n.setAttributes(impact, prefixForType + "impact");
+
+  document.addEventListener("dialogaccept", onDialogAccept);
+  document.addEventListener("dialogcancel", onDialogCancel);
+
+  let box = document.getElementById("certlist");
+  let certsToDelete = window.arguments[1];
+  for (let certToDelete of certsToDelete) {
+    let listItem = document.createXULElement("richlistitem");
+    let label = getLabelForCertToDelete(certToDelete);
+    listItem.appendChild(label);
+    box.appendChild(listItem);
+  }
+}
+
+/**
+ * ondialogaccept() handler.
+ */
+function onDialogAccept() {
+  let retVals = window.arguments[2];
+  retVals.deleteConfirmed = true;
+}
+
+/**
+ * ondialogcancel() handler.
+ */
+function onDialogCancel() {
+  let retVals = window.arguments[2];
+  retVals.deleteConfirmed = false;
+}
diff --git a/security/manager/pki/resources/content/deletecert.xhtml b/security/manager/pki/resources/content/deletecert.xhtml
new file mode 100644
index 0000000000..44f4248399
--- /dev/null
+++ b/security/manager/pki/resources/content/deletecert.xhtml
@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+<?xml-stylesheet href="chrome://pippki/content/deletecert.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  data-l10n-id="certmgr-delete-cert2"
+  data-l10n-attrs="style"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  onload="onLoad();"
+>
+  <dialog id="deleteCertificate" buttons="accept,cancel">
+    <linkset>
+      <html:link
+        rel="localization"
+        href="security/certificates/certManager.ftl"
+      />
+    </linkset>
+
+    <script src="pippki.js" />
+    <script src="chrome://pippki/content/deletecert.js" />
+
+    <description id="confirm" />
+    <richlistbox id="certlist" class="box-padded" />
+    <description id="impact" />
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/device_manager.js b/security/manager/pki/resources/content/device_manager.js
new file mode 100644
index 0000000000..deb58d2ff3
--- /dev/null
+++ b/security/manager/pki/resources/content/device_manager.js
@@ -0,0 +1,433 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+const { XPCOMUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/XPCOMUtils.sys.mjs"
+);
+
+var secmoddb;
+var skip_enable_buttons = false;
+
+/* Do the initial load of all PKCS# modules and list them. */
+function LoadModules() {
+  secmoddb = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  RefreshDeviceList();
+}
+
+async function doPrompt(l10n_id) {
+  let [msg] = await document.l10n.formatValues([{ id: l10n_id }]);
+  Services.prompt.alert(window, null, msg);
+}
+
+async function doConfirm(l10n_id) {
+  let [msg] = await document.l10n.formatValues([{ id: l10n_id }]);
+  return Services.prompt.confirm(window, null, msg);
+}
+
+function RefreshDeviceList() {
+  for (let module of secmoddb.listModules()) {
+    let slots = module.listSlots();
+    AddModule(module, slots);
+  }
+
+  // Set the text on the FIPS button.
+  SetFIPSButton();
+}
+
+function SetFIPSButton() {
+  var fipsButton = document.getElementById("fipsbutton");
+  if (secmoddb.isFIPSEnabled) {
+    document.l10n.setAttributes(fipsButton, "devmgr-button-disable-fips");
+  } else {
+    document.l10n.setAttributes(fipsButton, "devmgr-button-enable-fips");
+  }
+
+  var can_toggle = secmoddb.canToggleFIPS;
+  if (can_toggle) {
+    fipsButton.removeAttribute("disabled");
+  } else {
+    fipsButton.setAttribute("disabled", "true");
+  }
+}
+
+/* Add a module to the tree.  slots is the array of slots in the module,
+ * to be represented as children.
+ */
+function AddModule(module, slots) {
+  var tree = document.getElementById("device_list");
+  var item = document.createXULElement("treeitem");
+  var row = document.createXULElement("treerow");
+  var cell = document.createXULElement("treecell");
+  cell.setAttribute("label", module.name);
+  row.appendChild(cell);
+  item.appendChild(row);
+  var parent = document.createXULElement("treechildren");
+  for (let slot of slots) {
+    var child_item = document.createXULElement("treeitem");
+    var child_row = document.createXULElement("treerow");
+    var child_cell = document.createXULElement("treecell");
+    child_cell.setAttribute("label", slot.name);
+    child_row.appendChild(child_cell);
+    child_item.appendChild(child_row);
+    child_item.setAttribute("pk11kind", "slot");
+    // 'slot' is an attribute on any HTML element, hence 'slotObject' instead.
+    child_item.slotObject = slot;
+    parent.appendChild(child_item);
+  }
+  item.appendChild(parent);
+  item.setAttribute("pk11kind", "module");
+  item.module = module;
+  item.setAttribute("open", "true");
+  item.setAttribute("container", "true");
+  tree.appendChild(item);
+}
+
+var selected_slot;
+var selected_module;
+
+/* get the slot selected by the user (can only be one-at-a-time) */
+function getSelectedItem() {
+  let tree = document.getElementById("device_tree");
+  if (tree.currentIndex < 0) {
+    return;
+  }
+  let item = tree.view.getItemAtIndex(tree.currentIndex);
+  selected_slot = null;
+  selected_module = null;
+  if (item) {
+    let kind = item.getAttribute("pk11kind");
+    if (kind == "slot") {
+      selected_slot = item.slotObject;
+    } else {
+      // (kind == "module")
+      selected_module = item.module;
+    }
+  }
+}
+
+function enableButtons() {
+  if (skip_enable_buttons) {
+    return;
+  }
+
+  var login_toggle = "true";
+  var logout_toggle = "true";
+  var pw_toggle = "true";
+  var unload_toggle = "true";
+  getSelectedItem();
+  if (selected_module) {
+    unload_toggle = "false";
+    showModuleInfo();
+  } else if (selected_slot) {
+    // here's the workaround - login functions are all with token,
+    // so grab the token type
+    var selected_token = selected_slot.getToken();
+    if (selected_token != null) {
+      if (selected_token.needsLogin() || !selected_token.needsUserInit) {
+        pw_toggle = "false";
+        if (selected_token.needsLogin()) {
+          if (selected_token.isLoggedIn()) {
+            logout_toggle = "false";
+          } else {
+            login_toggle = "false";
+          }
+        }
+      }
+
+      if (
+        !Services.policies.isAllowed("createMasterPassword") &&
+        selected_token.isInternalKeyToken &&
+        !selected_token.hasPassword
+      ) {
+        pw_toggle = "true";
+      }
+    }
+    showSlotInfo();
+  }
+  document
+    .getElementById("login_button")
+    .setAttribute("disabled", login_toggle);
+  document
+    .getElementById("logout_button")
+    .setAttribute("disabled", logout_toggle);
+  document
+    .getElementById("change_pw_button")
+    .setAttribute("disabled", pw_toggle);
+  document
+    .getElementById("unload_button")
+    .setAttribute("disabled", unload_toggle);
+}
+
+// clear the display of information for the slot
+function ClearInfoList() {
+  let infoList = document.getElementById("info_list");
+  while (infoList.hasChildNodes()) {
+    infoList.firstChild.remove();
+  }
+}
+
+function ClearDeviceList() {
+  ClearInfoList();
+
+  skip_enable_buttons = true;
+  var tree = document.getElementById("device_tree");
+  tree.view.selection.clearSelection();
+  skip_enable_buttons = false;
+
+  // Remove the existing listed modules so that a refresh doesn't display the
+  // module that just changed.
+  let deviceList = document.getElementById("device_list");
+  while (deviceList.hasChildNodes()) {
+    deviceList.firstChild.remove();
+  }
+}
+
+// show a list of info about a slot
+function showSlotInfo() {
+  var present = true;
+  ClearInfoList();
+  switch (selected_slot.status) {
+    case Ci.nsIPKCS11Slot.SLOT_DISABLED:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-disabled" },
+        "tok_status"
+      );
+      present = false;
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_NOT_PRESENT:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-not-present" },
+        "tok_status"
+      );
+      present = false;
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_UNINITIALIZED:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-uninitialized" },
+        "tok_status"
+      );
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_NOT_LOGGED_IN:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-not-logged-in" },
+        "tok_status"
+      );
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_LOGGED_IN:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-logged-in" },
+        "tok_status"
+      );
+      break;
+    case Ci.nsIPKCS11Slot.SLOT_READY:
+      AddInfoRow(
+        "devinfo-status",
+        { l10nID: "devinfo-status-ready" },
+        "tok_status"
+      );
+      break;
+    default:
+      return;
+  }
+  AddInfoRow("devinfo-desc", { label: selected_slot.desc }, "slot_desc");
+  AddInfoRow("devinfo-man-id", { label: selected_slot.manID }, "slot_manID");
+  AddInfoRow(
+    "devinfo-hwversion",
+    { label: selected_slot.HWVersion },
+    "slot_hwv"
+  );
+  AddInfoRow(
+    "devinfo-fwversion",
+    { label: selected_slot.FWVersion },
+    "slot_fwv"
+  );
+  if (present) {
+    showTokenInfo();
+  }
+}
+
+function showModuleInfo() {
+  ClearInfoList();
+  AddInfoRow("devinfo-modname", { label: selected_module.name }, "module_name");
+  AddInfoRow(
+    "devinfo-modpath",
+    { label: selected_module.libName },
+    "module_path"
+  );
+}
+
+// add a row to the info list, as [col1 col2] (ex.: ["status" "logged in"])
+function AddInfoRow(l10nID, col2, cell_id) {
+  var tree = document.getElementById("info_list");
+  var item = document.createXULElement("treeitem");
+  var row = document.createXULElement("treerow");
+  var cell1 = document.createXULElement("treecell");
+  document.l10n.setAttributes(cell1, l10nID);
+  cell1.setAttribute("crop", "never");
+  row.appendChild(cell1);
+  var cell2 = document.createXULElement("treecell");
+  if (col2.l10nID) {
+    document.l10n.setAttributes(cell2, col2.l10nID);
+  } else {
+    cell2.setAttribute("label", col2.label);
+  }
+  cell2.setAttribute("crop", "never");
+  cell2.setAttribute("id", cell_id);
+  row.appendChild(cell2);
+  item.appendChild(row);
+  tree.appendChild(item);
+}
+
+// log in to a slot
+function doLogin() {
+  getSelectedItem();
+  // here's the workaround - login functions are with token
+  var selected_token = selected_slot.getToken();
+  try {
+    selected_token.login(false);
+    var tok_status = document.getElementById("tok_status");
+    if (selected_token.isLoggedIn()) {
+      document.l10n.setAttributes(tok_status, "devinfo-status-logged-in");
+    } else {
+      document.l10n.setAttributes(tok_status, "devinfo-status-not-logged-in");
+    }
+  } catch (e) {
+    doPrompt("login-failed");
+  }
+  enableButtons();
+}
+
+// log out of a slot
+function doLogout() {
+  getSelectedItem();
+  // here's the workaround - login functions are with token
+  var selected_token = selected_slot.getToken();
+  try {
+    selected_token.logoutAndDropAuthenticatedResources();
+    var tok_status = document.getElementById("tok_status");
+    if (selected_token.isLoggedIn()) {
+      document.l10n.setAttributes(tok_status, "devinfo-status-logged-in");
+    } else {
+      document.l10n.setAttributes(tok_status, "devinfo-status-not-logged-in");
+    }
+  } catch (e) {}
+  enableButtons();
+}
+
+// load a new device
+function doLoad() {
+  window.browsingContext.topChromeWindow.open(
+    "load_device.xhtml",
+    "loaddevice",
+    "chrome,centerscreen,modal"
+  );
+  ClearDeviceList();
+  RefreshDeviceList();
+}
+
+async function deleteSelected() {
+  getSelectedItem();
+  if (selected_module && (await doConfirm("del-module-warning"))) {
+    try {
+      secmoddb.deleteModule(selected_module.name);
+    } catch (e) {
+      doPrompt("del-module-error");
+      return false;
+    }
+    selected_module = null;
+    return true;
+  }
+  return false;
+}
+
+async function doUnload() {
+  if (await deleteSelected()) {
+    ClearDeviceList();
+    RefreshDeviceList();
+  }
+}
+
+function changePassword() {
+  getSelectedItem();
+  let params = Cc["@mozilla.org/embedcomp/dialogparam;1"].createInstance(
+    Ci.nsIDialogParamBlock
+  );
+  let objects = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
+  objects.appendElement(selected_slot.getToken());
+  params.objects = objects;
+  window.browsingContext.topChromeWindow.openDialog(
+    "changepassword.xhtml",
+    "",
+    "chrome,centerscreen,modal",
+    params
+  );
+  showSlotInfo();
+  enableButtons();
+}
+
+// -------------------------------------   Old code
+
+function showTokenInfo() {
+  var selected_token = selected_slot.getToken();
+  AddInfoRow("devinfo-label", { label: selected_token.tokenName }, "tok_label");
+  AddInfoRow(
+    "devinfo-man-id",
+    { label: selected_token.tokenManID },
+    "tok_manID"
+  );
+  AddInfoRow(
+    "devinfo-serialnum",
+    { label: selected_token.tokenSerialNumber },
+    "tok_sNum"
+  );
+  AddInfoRow(
+    "devinfo-hwversion",
+    { label: selected_token.tokenHWVersion },
+    "tok_hwv"
+  );
+  AddInfoRow(
+    "devinfo-fwversion",
+    { label: selected_token.tokenFWVersion },
+    "tok_fwv"
+  );
+}
+
+function toggleFIPS() {
+  if (!secmoddb.isFIPSEnabled) {
+    // A restriction of FIPS mode is, the password must be set
+    // In FIPS mode the password must be non-empty.
+    // This is different from what we allow in NON-Fips mode.
+
+    var tokendb = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+      Ci.nsIPK11TokenDB
+    );
+    var internal_token = tokendb.getInternalKeyToken(); // nsIPK11Token
+    if (!internal_token.hasPassword) {
+      // Token has either no or an empty password.
+      doPrompt("fips-nonempty-primary-password-required");
+      return;
+    }
+  }
+
+  try {
+    secmoddb.toggleFIPSMode();
+  } catch (e) {
+    doPrompt("unable-to-toggle-fips");
+    return;
+  }
+
+  // Remove the existing listed modules so that a refresh doesn't display the
+  // module that just changed.
+  ClearDeviceList();
+
+  RefreshDeviceList();
+}
diff --git a/security/manager/pki/resources/content/device_manager.xhtml b/security/manager/pki/resources/content/device_manager.xhtml
new file mode 100644
index 0000000000..145aa98c3d
--- /dev/null
+++ b/security/manager/pki/resources/content/device_manager.xhtml
@@ -0,0 +1,113 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE dialog>
+
+<window
+  windowtype="mozilla:devicemanager"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  data-l10n-id="devmgr-window"
+  data-l10n-attrs="style"
+  persist="screenX screenY width height"
+  onload="LoadModules();"
+>
+  <dialog id="devicemanager" buttons="accept">
+    <linkset>
+      <html:link
+        rel="localization"
+        href="security/certificates/deviceManager.ftl"
+      />
+    </linkset>
+
+    <script src="chrome://pippki/content/device_manager.js" />
+
+    <hbox flex="1" style="margin: 5px">
+      <!-- List of devices -->
+      <tree
+        id="device_tree"
+        seltype="single"
+        onselect="enableButtons();"
+        hidecolumnpicker="true"
+        flex="1"
+        style="min-width: 15em"
+      >
+        <treecols>
+          <treecol
+            id="deviceCol"
+            flex="1"
+            primary="true"
+            data-l10n-id="devmgr-devlist"
+          />
+        </treecols>
+        <treechildren id="device_list" />
+      </tree>
+      <!-- / List of devices -->
+      <!-- Device status -->
+      <tree
+        id="info_tree"
+        seltype="single"
+        hidecolumnpicker="true"
+        style="flex: 3 3; min-width: 10em"
+      >
+        <treecols>
+          <treecol
+            id="title1Col"
+            style="flex: 5 5 auto"
+            primary="true"
+            data-l10n-id="devmgr-header-details"
+          />
+          <treecol
+            id="title2Col"
+            style="flex: 7 7 auto"
+            data-l10n-id="devmgr-header-value"
+          />
+        </treecols>
+        <treechildren id="info_list" />
+      </tree>
+      <!-- / Device status -->
+      <vbox>
+        <!-- Buttons for manipulating devices -->
+        <button
+          id="login_button"
+          data-l10n-id="devmgr-button-login"
+          oncommand="doLogin();"
+          disabled="true"
+        />
+        <button
+          id="logout_button"
+          data-l10n-id="devmgr-button-logout"
+          oncommand="doLogout();"
+          disabled="true"
+        />
+        <button
+          id="change_pw_button"
+          data-l10n-id="devmgr-button-changepw"
+          oncommand="changePassword();"
+          disabled="true"
+        />
+        <button
+          id="load_button"
+          data-l10n-id="devmgr-button-load"
+          oncommand="doLoad();"
+        />
+        <button
+          id="unload_button"
+          data-l10n-id="devmgr-button-unload"
+          oncommand="doUnload();"
+          disabled="true"
+        />
+        <button
+          id="fipsbutton"
+          data-l10n-id="devmgr-button-enable-fips"
+          oncommand="toggleFIPS();"
+        />
+      </vbox>
+      <!-- / Buttons for manipulating devices -->
+    </hbox>
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/downloadcert.js b/security/manager/pki/resources/content/downloadcert.js
new file mode 100644
index 0000000000..8451997441
--- /dev/null
+++ b/security/manager/pki/resources/content/downloadcert.js
@@ -0,0 +1,83 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+/**
+ * @file Implements the functionality of downloadcert.xhtml: a dialog that allows
+ *       a user to confirm whether to import a certificate, and if so what trust
+ *       to give it.
+ * @param {nsISupports} window.arguments.0
+ *           Certificate to confirm import of, queryable to nsIX509Cert.
+ * @param {nsISupports} window.arguments.1
+ *           Object to set the return values of calling the dialog on, queryable
+ *           to the underlying type of DownloadCertReturnValues.
+ */
+
+/**
+ * @typedef DownloadCertReturnValues
+ * @type {nsIWritablePropertyBag2}
+ * @property {boolean} importConfirmed
+ *           Set to true if the user confirmed import of the cert and accepted
+ *           the dialog, false otherwise.
+ * @property {boolean} trustForSSL
+ *           Set to true if the cert should be trusted for SSL, false otherwise.
+ *           Undefined value if |importConfirmed| is not true.
+ * @property {boolean} trustForEmail
+ *           Set to true if the cert should be trusted for e-mail, false
+ *           otherwise. Undefined value if |importConfirmed| is not true.
+ */
+
+/**
+ * The cert to potentially import.
+ *
+ * @type {nsIX509Cert}
+ */
+var gCert;
+
+/**
+ * onload() handler.
+ */
+function onLoad() {
+  gCert = window.arguments[0].QueryInterface(Ci.nsIX509Cert);
+
+  document.addEventListener("dialogaccept", onDialogAccept);
+  document.addEventListener("dialogcancel", onDialogCancel);
+
+  let bundle = document.getElementById("pippki_bundle");
+  let caName = gCert.commonName;
+  if (!caName.length) {
+    caName = bundle.getString("unnamedCA");
+  }
+
+  setText("trustHeader", bundle.getFormattedString("newCAMessage1", [caName]));
+}
+
+/**
+ * Handler for the "View Cert" button.
+ */
+function viewCert() {
+  viewCertHelper(window, gCert, "window");
+}
+
+/**
+ * ondialogaccept() handler.
+ */
+function onDialogAccept() {
+  let checkSSL = document.getElementById("trustSSL");
+  let checkEmail = document.getElementById("trustEmail");
+
+  let retVals = window.arguments[1].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("importConfirmed", true);
+  retVals.setPropertyAsBool("trustForSSL", checkSSL.checked);
+  retVals.setPropertyAsBool("trustForEmail", checkEmail.checked);
+}
+
+/**
+ * ondialogcancel() handler.
+ */
+function onDialogCancel() {
+  let retVals = window.arguments[1].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("importConfirmed", false);
+}
diff --git a/security/manager/pki/resources/content/downloadcert.xhtml b/security/manager/pki/resources/content/downloadcert.xhtml
new file mode 100644
index 0000000000..cf85c01faf
--- /dev/null
+++ b/security/manager/pki/resources/content/downloadcert.xhtml
@@ -0,0 +1,66 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  data-l10n-id="download-cert-window2"
+  data-l10n-attrs="title, style"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  onload="onLoad();"
+>
+  <dialog id="download_cert" buttons="accept,cancel">
+    <linkset>
+      <html:link rel="localization" href="security/pippki/pippki.ftl" />
+    </linkset>
+
+    <stringbundle
+      id="pippki_bundle"
+      src="chrome://pippki/locale/pippki.properties"
+    />
+
+    <script src="chrome://pippki/content/pippki.js" />
+    <script src="chrome://pippki/content/downloadcert.js" />
+
+    <!--  Let 'em know what they're doing -->
+    <vbox>
+      <description data-l10n-id="download-cert-message"></description>
+    </vbox>
+
+    <separator />
+
+    <!--  checkboxes for trust bits
+     -  "do you want to?"
+     -  * trust for SSL
+     -  * trust for email
+    -->
+    <vbox>
+      <description id="trustHeader" />
+      <checkbox data-l10n-id="download-cert-trust-ssl" id="trustSSL" />
+      <checkbox data-l10n-id="download-cert-trust-email" id="trustEmail" />
+    </vbox>
+
+    <separator />
+
+    <vbox>
+      <description data-l10n-id="download-cert-message-desc"></description>
+      <separator />
+      <hbox>
+        <button
+          id="viewC-button"
+          data-l10n-id="download-cert-view-cert"
+          oncommand="viewCert();"
+        />
+        <description
+          style="margin: 4px"
+          data-l10n-id="download-cert-view-text"
+        ></description>
+      </hbox>
+    </vbox>
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/editcacert.js b/security/manager/pki/resources/content/editcacert.js
new file mode 100644
index 0000000000..ecb6b3e3ce
--- /dev/null
+++ b/security/manager/pki/resources/content/editcacert.js
@@ -0,0 +1,52 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+/**
+ * Cert to edit the trust of.
+ *
+ * @type {nsIX509Cert}
+ */
+var gCert = window.arguments[0];
+
+document.addEventListener("DOMContentLoaded", init);
+
+function init() {
+  document.addEventListener("dialogaccept", onDialogAccept);
+
+  let sslCheckbox = document.getElementById("trustSSL");
+  sslCheckbox.checked = gCertDB.isCertTrusted(
+    gCert,
+    Ci.nsIX509Cert.CA_CERT,
+    Ci.nsIX509CertDB.TRUSTED_SSL
+  );
+
+  let emailCheckbox = document.getElementById("trustEmail");
+  emailCheckbox.checked = gCertDB.isCertTrusted(
+    gCert,
+    Ci.nsIX509Cert.CA_CERT,
+    Ci.nsIX509CertDB.TRUSTED_EMAIL
+  );
+
+  let certMsg = document.getElementById("certmsg");
+  document.l10n.setAttributes(certMsg, "edit-trust-ca", {
+    certName: gCert.commonName,
+  });
+}
+
+/**
+ * ondialogaccept() handler.
+ */
+function onDialogAccept() {
+  let sslCheckbox = document.getElementById("trustSSL");
+  let emailCheckbox = document.getElementById("trustEmail");
+  let trustSSL = sslCheckbox.checked ? Ci.nsIX509CertDB.TRUSTED_SSL : 0;
+  let trustEmail = emailCheckbox.checked ? Ci.nsIX509CertDB.TRUSTED_EMAIL : 0;
+
+  gCertDB.setCertTrust(gCert, Ci.nsIX509Cert.CA_CERT, trustSSL | trustEmail);
+}
diff --git a/security/manager/pki/resources/content/editcacert.xhtml b/security/manager/pki/resources/content/editcacert.xhtml
new file mode 100644
index 0000000000..2d4dabb367
--- /dev/null
+++ b/security/manager/pki/resources/content/editcacert.xhtml
@@ -0,0 +1,35 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  data-l10n-id="certmgr-edit-ca-cert2"
+  data-l10n-attrs="style"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+>
+  <dialog id="editCaCert" buttons="accept,cancel">
+    <linkset>
+      <html:link
+        rel="localization"
+        href="security/certificates/certManager.ftl"
+      />
+    </linkset>
+
+    <script src="chrome://pippki/content/pippki.js" />
+    <script src="chrome://pippki/content/editcacert.js" />
+
+    <description id="certmsg" />
+    <separator />
+    <description data-l10n-id="certmgr-edit-cert-edit-trust" />
+    <vbox align="start">
+      <checkbox data-l10n-id="certmgr-edit-cert-trust-ssl" id="trustSSL" />
+      <checkbox data-l10n-id="certmgr-edit-cert-trust-email" id="trustEmail" />
+    </vbox>
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/exceptionDialog.css b/security/manager/pki/resources/content/exceptionDialog.css
new file mode 100644
index 0000000000..b2c8eb7a7b
--- /dev/null
+++ b/security/manager/pki/resources/content/exceptionDialog.css
@@ -0,0 +1,35 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+:root {
+  max-width: 40em;
+  min-width: 35em;
+}
+
+#warningSupplemental,
+.description {
+  font-weight: bold;
+}
+
+.longDescription {
+  padding-bottom: 1em;
+}
+
+#warningText,
+#warningSupplemental,
+#headerDescription,
+.longDescription {
+  /* Don't let these affect the min horizontal size of the dialog */
+  contain: inline-size;
+  white-space: pre-wrap;
+}
+
+.description:empty,
+.longDescription:empty {
+  display: none;
+}
+
+#locationTextBox {
+  flex: 1;
+}
diff --git a/security/manager/pki/resources/content/exceptionDialog.js b/security/manager/pki/resources/content/exceptionDialog.js
new file mode 100644
index 0000000000..1953cce8fa
--- /dev/null
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@@ -0,0 +1,334 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+var gDialog;
+var gSecInfo;
+var gCert;
+var gChecking;
+var gBroken;
+var gNeedReset;
+
+const { PrivateBrowsingUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/PrivateBrowsingUtils.sys.mjs"
+);
+
+function initExceptionDialog() {
+  gNeedReset = false;
+  gDialog = document.getElementById("exceptiondialog");
+  let warningText = document.getElementById("warningText");
+  document.l10n.setAttributes(warningText, "add-exception-branded-warning");
+  let confirmButton = gDialog.getButton("extra1");
+  let l10nUpdatedElements = [confirmButton, warningText];
+  confirmButton.disabled = true;
+
+  var args = window.arguments;
+  if (args && args[0]) {
+    if (args[0].location) {
+      // We were pre-seeded with a location.
+      document.getElementById("locationTextBox").value = args[0].location;
+      document.getElementById("checkCertButton").disabled = false;
+
+      if (args[0].securityInfo) {
+        gSecInfo = args[0].securityInfo;
+        gCert = gSecInfo.serverCert;
+        gBroken = true;
+        l10nUpdatedElements = l10nUpdatedElements.concat(updateCertStatus());
+      } else if (args[0].prefetchCert) {
+        // We can optionally pre-fetch the certificate too.  Don't do this
+        // synchronously, since it would prevent the window from appearing
+        // until the fetch is completed, which could be multiple seconds.
+        // Instead, let's use a timer to spawn the actual fetch, but update
+        // the dialog to "checking..." state right away, so that the UI
+        // is appropriately responsive.  Bug 453855
+        document.getElementById("checkCertButton").disabled = true;
+        gChecking = true;
+        l10nUpdatedElements = l10nUpdatedElements.concat(updateCertStatus());
+
+        window.setTimeout(checkCert, 0);
+      }
+    }
+
+    // Set out parameter to false by default
+    args[0].exceptionAdded = false;
+  }
+
+  for (let id of [
+    "warningSupplemental",
+    "certLocationLabel",
+    "checkCertButton",
+    "statusDescription",
+    "statusLongDescription",
+    "viewCertButton",
+    "permanent",
+  ]) {
+    let element = document.getElementById(id);
+    l10nUpdatedElements.push(element);
+  }
+
+  document.l10n
+    .translateElements(l10nUpdatedElements)
+    .then(() => window.sizeToContent());
+
+  document.addEventListener("dialogextra1", addException);
+  document.addEventListener("dialogextra2", checkCert);
+}
+
+/**
+ * Helper function for checkCert. Set as the onerror/onload callbacks for an
+ * XMLHttpRequest. Sets gSecInfo, gCert, gBroken, and gChecking according to
+ * the load information from the request. Probably should not be used directly.
+ *
+ * @param {XMLHttpRequest} req
+ *        The XMLHttpRequest created and sent by checkCert.
+ * @param {Event} evt
+ *        The load or error event.
+ */
+function grabCert(req, evt) {
+  if (req.channel && req.channel.securityInfo) {
+    gSecInfo = req.channel.securityInfo;
+    gCert = gSecInfo ? gSecInfo.serverCert : null;
+  }
+  gBroken = evt.type == "error";
+  gChecking = false;
+  document.l10n
+    .translateElements(updateCertStatus())
+    .then(() => window.sizeToContent());
+}
+
+/**
+ * Attempt to download the certificate for the location specified, and populate
+ * the Certificate Status section with the result.
+ */
+async function checkCert() {
+  gCert = null;
+  gSecInfo = null;
+  gChecking = true;
+  gBroken = false;
+  await document.l10n.translateElements(updateCertStatus());
+  window.sizeToContent();
+
+  let uri = getURI();
+
+  if (uri) {
+    let req = new XMLHttpRequest();
+    req.open("GET", uri.prePath);
+    req.onerror = grabCert.bind(this, req);
+    req.onload = grabCert.bind(this, req);
+    req.send(null);
+  } else {
+    gChecking = false;
+    await document.l10n.translateElements(updateCertStatus());
+    window.sizeToContent();
+  }
+}
+
+/**
+ * Build and return a URI, based on the information supplied in the
+ * Certificate Location fields
+ *
+ * @returns {nsIURI}
+ *          URI constructed from the information supplied on success, null
+ *          otherwise.
+ */
+function getURI() {
+  // Use fixup service instead of just ioservice's newURI since it's quite
+  // likely that the host will be supplied without a protocol prefix, resulting
+  // in malformed uri exceptions being thrown.
+  let locationTextBox = document.getElementById("locationTextBox");
+  let { preferredURI: uri } = Services.uriFixup.getFixupURIInfo(
+    locationTextBox.value
+  );
+
+  if (!uri) {
+    return null;
+  }
+
+  let mutator = uri.mutate();
+  if (uri.scheme == "http") {
+    mutator.setScheme("https");
+  }
+
+  if (uri.port == -1) {
+    mutator.setPort(443);
+  }
+
+  return mutator.finalize();
+}
+
+function resetDialog() {
+  document.getElementById("viewCertButton").disabled = true;
+  document.getElementById("permanent").disabled = true;
+  gDialog.getButton("extra1").disabled = true;
+  setText("headerDescription", "");
+  setText("statusDescription", "");
+  setText("statusLongDescription", "");
+  setText("status2Description", "");
+  setText("status2LongDescription", "");
+  setText("status3Description", "");
+  setText("status3LongDescription", "");
+  window.sizeToContent();
+}
+
+/**
+ * Called by input textboxes to manage UI state
+ */
+function handleTextChange() {
+  var checkCertButton = document.getElementById("checkCertButton");
+  checkCertButton.disabled = !document.getElementById("locationTextBox").value;
+  if (gNeedReset) {
+    gNeedReset = false;
+    resetDialog();
+  }
+}
+
+function updateCertStatus() {
+  var shortDesc, longDesc;
+  let l10nUpdatedElements = [];
+  if (gCert) {
+    if (gBroken) {
+      var mms = "add-exception-domain-mismatch-short";
+      var mml = "add-exception-domain-mismatch-long";
+      var exs = "add-exception-expired-short";
+      var exl = "add-exception-expired-long";
+      var uts = "add-exception-unverified-or-bad-signature-short";
+      var utl = "add-exception-unverified-or-bad-signature-long";
+      if (
+        gSecInfo.overridableErrorCategory ==
+        Ci.nsITransportSecurityInfo.ERROR_TRUST
+      ) {
+        shortDesc = uts;
+        longDesc = utl;
+      } else if (
+        gSecInfo.overridableErrorCategory ==
+        Ci.nsITransportSecurityInfo.ERROR_DOMAIN
+      ) {
+        shortDesc = mms;
+        longDesc = mml;
+      } else if (
+        gSecInfo.overridableErrorCategory ==
+        Ci.nsITransportSecurityInfo.ERROR_TIME
+      ) {
+        shortDesc = exs;
+        longDesc = exl;
+      }
+      // In these cases, we do want to enable the "Add Exception" button
+      gDialog.getButton("extra1").disabled = false;
+
+      // If the Private Browsing service is available and the mode is active,
+      // don't store permanent exceptions, since they would persist after
+      // private browsing mode was disabled.
+      var inPrivateBrowsing = inPrivateBrowsingMode();
+      var pe = document.getElementById("permanent");
+      pe.disabled = inPrivateBrowsing;
+      pe.checked = !inPrivateBrowsing;
+
+      let headerDescription = document.getElementById("headerDescription");
+      document.l10n.setAttributes(
+        headerDescription,
+        "add-exception-invalid-header"
+      );
+      l10nUpdatedElements.push(headerDescription);
+    } else {
+      shortDesc = "add-exception-valid-short";
+      longDesc = "add-exception-valid-long";
+      gDialog.getButton("extra1").disabled = true;
+      document.getElementById("permanent").disabled = true;
+    }
+
+    // We're done checking the certificate, so allow the user to check it again.
+    document.getElementById("checkCertButton").disabled = false;
+    document.getElementById("viewCertButton").disabled = false;
+
+    // Notify observers about the availability of the certificate
+    Services.obs.notifyObservers(null, "cert-exception-ui-ready");
+  } else if (gChecking) {
+    shortDesc = "add-exception-checking-short";
+    longDesc = "add-exception-checking-long";
+    // We're checking the certificate, so we disable the Get Certificate
+    // button to make sure that the user can't interrupt the process and
+    // trigger another certificate fetch.
+    document.getElementById("checkCertButton").disabled = true;
+    document.getElementById("viewCertButton").disabled = true;
+    gDialog.getButton("extra1").disabled = true;
+    document.getElementById("permanent").disabled = true;
+  } else {
+    shortDesc = "add-exception-no-cert-short";
+    longDesc = "add-exception-no-cert-long";
+    // We're done checking the certificate, so allow the user to check it again.
+    document.getElementById("checkCertButton").disabled = false;
+    document.getElementById("viewCertButton").disabled = true;
+    gDialog.getButton("extra1").disabled = true;
+    document.getElementById("permanent").disabled = true;
+  }
+  let statusDescription = document.getElementById("statusDescription");
+  let statusLongDescription = document.getElementById("statusLongDescription");
+  document.l10n.setAttributes(statusDescription, shortDesc);
+  document.l10n.setAttributes(statusLongDescription, longDesc);
+  l10nUpdatedElements.push(statusDescription);
+  l10nUpdatedElements.push(statusLongDescription);
+
+  gNeedReset = true;
+  return l10nUpdatedElements;
+}
+
+/**
+ * Handle user request to display certificate details
+ */
+function viewCertButtonClick() {
+  if (gCert) {
+    viewCertHelper(this, gCert);
+  }
+}
+
+/**
+ * Handle user request to add an exception for the specified cert
+ */
+function addException() {
+  if (!gCert || !gSecInfo) {
+    return;
+  }
+
+  var overrideService = Cc["@mozilla.org/security/certoverride;1"].getService(
+    Ci.nsICertOverrideService
+  );
+  var flags = 0;
+  if (gSecInfo.isUntrusted) {
+    flags |= overrideService.ERROR_UNTRUSTED;
+  }
+  if (gSecInfo.isDomainMismatch) {
+    flags |= overrideService.ERROR_MISMATCH;
+  }
+  if (gSecInfo.isNotValidAtThisTime) {
+    flags |= overrideService.ERROR_TIME;
+  }
+
+  var permanentCheckbox = document.getElementById("permanent");
+  var shouldStorePermanently =
+    permanentCheckbox.checked && !inPrivateBrowsingMode();
+  var uri = getURI();
+  overrideService.rememberValidityOverride(
+    uri.asciiHost,
+    uri.port,
+    {},
+    gCert,
+    flags,
+    !shouldStorePermanently
+  );
+
+  let args = window.arguments;
+  if (args && args[0]) {
+    args[0].exceptionAdded = true;
+  }
+
+  gDialog.acceptDialog();
+}
+
+/**
+ * @returns {boolean} Whether this dialog is in private browsing mode.
+ */
+function inPrivateBrowsingMode() {
+  return PrivateBrowsingUtils.isWindowPrivate(window);
+}
diff --git a/security/manager/pki/resources/content/exceptionDialog.xhtml b/security/manager/pki/resources/content/exceptionDialog.xhtml
new file mode 100644
index 0000000000..56be4bc5cb
--- /dev/null
+++ b/security/manager/pki/resources/content/exceptionDialog.xhtml
@@ -0,0 +1,88 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+<?xml-stylesheet href="chrome://pippki/content/exceptionDialog.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window windowtype="mozilla:exceptiondialog"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        xmlns:html="http://www.w3.org/1999/xhtml"
+        data-l10n-id="exception-mgr"
+        onload="initExceptionDialog();">
+<dialog id="exceptiondialog"
+        buttonidextra1="exception-mgr-extra-button"
+        buttons="cancel,extra1,extra2"
+        defaultButton="extra2">
+
+  <linkset>
+    <html:link rel="localization" href="branding/brand.ftl"/>
+    <html:link rel="localization" href="security/certificates/certManager.ftl"/>
+  </linkset>
+
+  <script src="chrome://global/content/globalOverlay.js"/>
+  <script src="chrome://global/content/editMenuOverlay.js"/>
+
+  <script src="chrome://pippki/content/pippki.js"/>
+  <script src="chrome://pippki/content/exceptionDialog.js"/>
+
+  <hbox>
+    <vbox>
+#ifdef MOZ_WIDGET_GTK
+      <image src="moz-icon://stock/gtk-dialog-warning?size=dialog"/>
+#else
+      <image src="chrome://global/skin/icons/warning-large.png"/>
+#endif
+      <spacer flex="1"/>
+    </vbox>
+    <vbox flex="1">
+      <!-- Note that because of the styling, there must be no whitespace within
+      the description tags -->
+      <description id="warningText"/>
+      <description id="warningSupplemental"
+                   data-l10n-id="exception-mgr-supplemental-warning"/>
+    </vbox>
+  </hbox>
+
+  <hbox align="center">
+    <label control="locationTextBox"
+           id="certLocationLabel"
+           data-l10n-id="exception-mgr-cert-location-url"/>
+    <html:input id="locationTextBox"
+                oninput="handleTextChange();"
+                value="https://"
+                class="uri-element"/>
+    <button id="checkCertButton"
+            disabled="true"
+            dlgtype="extra2"
+            data-l10n-id="exception-mgr-cert-location-download"/>
+  </hbox>
+
+  <hbox align="center">
+    <description id="headerDescription"
+                 flex="1"/>
+    <button id="viewCertButton"
+            data-l10n-id="exception-mgr-cert-status-view-cert"
+            disabled="true"
+            oncommand="viewCertButtonClick();"/>
+  </hbox>
+  <description id="statusDescription"
+               class="description"/>
+  <description id="statusLongDescription"
+               class="longDescription"/>
+  <description id="status2Description"
+               class="description"/>
+  <description id="status2LongDescription"
+               class="longDescription"/>
+  <description id="status3Description"
+               class="description"/>
+  <description id="status3LongDescription"
+               class="longDescription"/>
+  <checkbox id="permanent"
+            disabled="true"
+            data-l10n-id="exception-mgr-permanent"/>
+</dialog>
+</window>
diff --git a/security/manager/pki/resources/content/load_device.js b/security/manager/pki/resources/content/load_device.js
new file mode 100644
index 0000000000..0f77e1f1bd
--- /dev/null
+++ b/security/manager/pki/resources/content/load_device.js
@@ -0,0 +1,75 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+document.addEventListener("dialogaccept", onDialogAccept);
+
+/**
+ * @file Implements the functionality of load_device.xhtml: a dialog that allows
+ *       a PKCS #11 module to be loaded into Firefox.
+ */
+
+async function onBrowseBtnPress() {
+  let fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
+  let [loadPK11ModuleFilePickerTitle] = await document.l10n.formatValues([
+    { id: "load-pk11-module-file-picker-title" },
+  ]);
+  fp.init(window, loadPK11ModuleFilePickerTitle, Ci.nsIFilePicker.modeOpen);
+  fp.appendFilters(Ci.nsIFilePicker.filterAll);
+  fp.open(rv => {
+    if (rv == Ci.nsIFilePicker.returnOK) {
+      document.getElementById("device_path").value = fp.file.path;
+    }
+
+    // This notification gets sent solely for test purposes. It should not be
+    // used by production code.
+    Services.obs.notifyObservers(window, "LoadPKCS11Module:FilePickHandled");
+  });
+}
+
+/**
+ * ondialogaccept() handler.
+ *
+ * @param {object} event
+ *        The event causing this handler function to be called.
+ */
+function onDialogAccept(event) {
+  let nameBox = document.getElementById("device_name");
+  let pathBox = document.getElementById("device_path");
+  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+
+  try {
+    pkcs11ModuleDB.addModule(nameBox.value, pathBox.value, 0, 0);
+  } catch (e) {
+    addModuleFailure("add-module-failure");
+    event.preventDefault();
+  }
+}
+
+async function addModuleFailure(l10nID) {
+  let [AddModuleFailure] = await document.l10n.formatValues([{ id: l10nID }]);
+  alertPromptService(null, AddModuleFailure);
+}
+
+function validateModuleName() {
+  let name = document.getElementById("device_name").value;
+  let helpText = document.getElementById("helpText");
+  helpText.value = "";
+  let dialogNode = document.querySelector("dialog");
+  dialogNode.removeAttribute("buttondisabledaccept");
+  if (name == "") {
+    document.l10n.setAttributes(helpText, "load-module-help-empty-module-name");
+    dialogNode.setAttribute("buttondisabledaccept", true);
+  }
+  if (name == "Root Certs") {
+    document.l10n.setAttributes(
+      helpText,
+      "load-module-help-root-certs-module-name"
+    );
+    dialogNode.setAttribute("buttondisabledaccept", true);
+  }
+}
diff --git a/security/manager/pki/resources/content/load_device.xhtml b/security/manager/pki/resources/content/load_device.xhtml
new file mode 100644
index 0000000000..440b8b1f6b
--- /dev/null
+++ b/security/manager/pki/resources/content/load_device.xhtml
@@ -0,0 +1,55 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  data-l10n-id="load-device"
+>
+  <dialog id="loaddevice" buttons="accept,cancel">
+    <linkset>
+      <html:link
+        rel="localization"
+        href="security/certificates/deviceManager.ftl"
+      />
+    </linkset>
+
+    <script src="chrome://global/content/globalOverlay.js" />
+    <script src="chrome://global/content/editMenuOverlay.js" />
+
+    <script src="chrome://pippki/content/pippki.js" />
+    <script src="chrome://pippki/content/load_device.js" />
+
+    <html:style>
+      #device_name, #device_path { flex: 1; }
+    </html:style>
+
+    <description data-l10n-id="load-device-info"></description>
+    <hbox align="center">
+      <label data-l10n-id="load-device-modname" control="device_name" />
+      <html:input
+        id="device_name"
+        data-l10n-id="load-device-modname-default"
+        data-l10n-attrs="value"
+        onchange="validateModuleName();"
+      />
+    </hbox>
+    <hbox align="center">
+      <label data-l10n-id="load-device-filename" control="device_path" />
+      <html:input id="device_path" />
+      <button
+        id="browse"
+        flex="1"
+        data-l10n-id="load-device-browse"
+        oncommand="onBrowseBtnPress();"
+      />
+    </hbox>
+    <label id="helpText" value="" />
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/pippki.js b/security/manager/pki/resources/content/pippki.js
new file mode 100644
index 0000000000..8094074281
--- /dev/null
+++ b/security/manager/pki/resources/content/pippki.js
@@ -0,0 +1,300 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+/*
+ * These are helper functions to be included
+ * pippki UI js files.
+ */
+
+function setText(id, value) {
+  let element = document.getElementById(id);
+  if (!element) {
+    return;
+  }
+  if (element.hasChildNodes()) {
+    element.firstChild.remove();
+  }
+  element.appendChild(document.createTextNode(value));
+}
+
+async function viewCertHelper(parent, cert, openingOption = "tab") {
+  if (!cert) {
+    return;
+  }
+
+  let win = Services.wm.getMostRecentBrowserWindow();
+  let results = await asyncDetermineUsages(cert);
+  let chain = getBestChain(results);
+  if (!chain) {
+    chain = [cert];
+  }
+  let certs = chain.map(elem => encodeURIComponent(elem.getBase64DERString()));
+  let certsStringURL = certs.map(elem => `cert=${elem}`);
+  certsStringURL = certsStringURL.join("&");
+  let url = `about:certificate?${certsStringURL}`;
+  let opened = win.switchToTabHavingURI(url, false, {});
+  if (!opened) {
+    win.openTrustedLinkIn(url, openingOption);
+  }
+}
+
+function getPKCS7Array(certArray) {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let pkcs7String = certdb.asPKCS7Blob(certArray);
+  let pkcs7Array = new Uint8Array(pkcs7String.length);
+  for (let i = 0; i < pkcs7Array.length; i++) {
+    pkcs7Array[i] = pkcs7String.charCodeAt(i);
+  }
+  return pkcs7Array;
+}
+
+function getPEMString(cert) {
+  var derb64 = cert.getBase64DERString();
+  // Wrap the Base64 string into lines of 64 characters with CRLF line breaks
+  // (as specified in RFC 1421).
+  var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
+  return (
+    "-----BEGIN CERTIFICATE-----\r\n" +
+    wrapped +
+    "\r\n-----END CERTIFICATE-----\r\n"
+  );
+}
+
+function alertPromptService(title, message) {
+  // XXX Bug 1425832 - Using Services.prompt here causes tests to report memory
+  // leaks.
+  // eslint-disable-next-line mozilla/use-services
+  var ps = Cc["@mozilla.org/prompter;1"].getService(Ci.nsIPromptService);
+  ps.alert(window, title, message);
+}
+
+const DEFAULT_CERT_EXTENSION = "crt";
+
+/**
+ * Generates a filename for a cert suitable to set as the |defaultString|
+ * attribute on an Ci.nsIFilePicker.
+ *
+ * @param {nsIX509Cert} cert
+ *        The cert to generate a filename for.
+ * @returns {string}
+ *          Generated filename.
+ */
+function certToFilename(cert) {
+  let filename = cert.displayName;
+
+  // Remove unneeded and/or unsafe characters.
+  filename = filename
+    .replace(/\s/g, "")
+    .replace(/\./g, "_")
+    .replace(/\\/g, "")
+    .replace(/\//g, "");
+
+  // Ci.nsIFilePicker.defaultExtension is more of a suggestion to some
+  // implementations, so we include the extension in the file name as well. This
+  // is what the documentation for Ci.nsIFilePicker.defaultString says we should do
+  // anyways.
+  return `${filename}.${DEFAULT_CERT_EXTENSION}`;
+}
+
+async function exportToFile(parent, cert) {
+  if (!cert) {
+    return;
+  }
+
+  let results = await asyncDetermineUsages(cert);
+  let chain = getBestChain(results);
+  if (!chain) {
+    chain = [cert];
+  }
+
+  let formats = {
+    base64: "*.crt; *.pem",
+    "base64-chain": "*.crt; *.pem",
+    der: "*.der",
+    pkcs7: "*.p7c",
+    "pkcs7-chain": "*.p7c",
+  };
+  let [saveCertAs, ...formatLabels] = await document.l10n.formatValues(
+    ["save-cert-as", ...Object.keys(formats).map(f => "cert-format-" + f)].map(
+      id => ({ id })
+    )
+  );
+
+  var fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);
+  fp.init(parent, saveCertAs, Ci.nsIFilePicker.modeSave);
+  fp.defaultString = certToFilename(cert);
+  fp.defaultExtension = DEFAULT_CERT_EXTENSION;
+  for (let format of Object.values(formats)) {
+    fp.appendFilter(formatLabels.shift(), format);
+  }
+  fp.appendFilters(Ci.nsIFilePicker.filterAll);
+  let filePickerResult = await new Promise(resolve => {
+    fp.open(resolve);
+  });
+
+  if (
+    filePickerResult != Ci.nsIFilePicker.returnOK &&
+    filePickerResult != Ci.nsIFilePicker.returnReplace
+  ) {
+    return;
+  }
+
+  var content = "";
+  switch (fp.filterIndex) {
+    case 1:
+      content = getPEMString(cert);
+      for (let i = 1; i < chain.length; i++) {
+        content += getPEMString(chain[i]);
+      }
+      break;
+    case 2:
+      // IOUtils.write requires a typed array.
+      // nsIX509Cert.getRawDER() returns an array (not a typed array), so we
+      // convert it here.
+      content = Uint8Array.from(cert.getRawDER());
+      break;
+    case 3:
+      // getPKCS7Array returns a typed array already, so no conversion is
+      // necessary.
+      content = getPKCS7Array([cert]);
+      break;
+    case 4:
+      content = getPKCS7Array(chain);
+      break;
+    case 0:
+    default:
+      content = getPEMString(cert);
+      break;
+  }
+
+  if (typeof content === "string") {
+    content = new TextEncoder().encode(content);
+  }
+
+  try {
+    await IOUtils.write(fp.file.path, content);
+  } catch (ex) {
+    let title = await document.l10n.formatValue("write-file-failure");
+    alertPromptService(title, ex.toString());
+  }
+  if (Cu.isInAutomation) {
+    Services.obs.notifyObservers(null, "cert-export-finished");
+  }
+}
+
+const PRErrorCodeSuccess = 0;
+
+// Certificate usages we care about in the certificate viewer.
+const certificateUsageSSLClient = 0x0001;
+const certificateUsageSSLServer = 0x0002;
+const certificateUsageSSLCA = 0x0008;
+const certificateUsageEmailSigner = 0x0010;
+const certificateUsageEmailRecipient = 0x0020;
+
+// A map from the name of a certificate usage to the value of the usage.
+// Useful for printing debugging information and for enumerating all supported
+// usages.
+const certificateUsages = {
+  certificateUsageSSLClient,
+  certificateUsageSSLServer,
+  certificateUsageSSLCA,
+  certificateUsageEmailSigner,
+  certificateUsageEmailRecipient,
+};
+
+/**
+ * Returns a promise that will resolve with a results array consisting of what
+ * usages the given certificate successfully verified for.
+ *
+ * @param {nsIX509Cert} cert
+ *        The certificate to determine valid usages for.
+ * @returns {Promise}
+ *        A promise that will resolve with the results of the verifications.
+ */
+function asyncDetermineUsages(cert) {
+  let promises = [];
+  let now = Date.now() / 1000;
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  Object.keys(certificateUsages).forEach(usageString => {
+    promises.push(
+      new Promise((resolve, reject) => {
+        let usage = certificateUsages[usageString];
+        certdb.asyncVerifyCertAtTime(
+          cert,
+          usage,
+          0,
+          null,
+          now,
+          (aPRErrorCode, aVerifiedChain, aHasEVPolicy) => {
+            resolve({
+              usageString,
+              errorCode: aPRErrorCode,
+              chain: aVerifiedChain,
+            });
+          }
+        );
+      })
+    );
+  });
+  return Promise.all(promises);
+}
+
+/**
+ * Given a results array, returns the "best" verified certificate chain. Since
+ * the primary use case is for TLS server certificates in Firefox, such a
+ * verified chain will be returned if present. Otherwise, the priority is: TLS
+ * client certificate, email signer, email recipient, CA. Returns null if no
+ * usage verified successfully.
+ *
+ * @param {Array} results
+ *        An array of results from `asyncDetermineUsages`. See `displayUsages`.
+ * @returns {Array} An array of `nsIX509Cert` representing the verified
+ *          certificate chain for the given usage, or null if there is none.
+ */
+function getBestChain(results) {
+  let usages = [
+    certificateUsageSSLServer,
+    certificateUsageSSLClient,
+    certificateUsageEmailSigner,
+    certificateUsageEmailRecipient,
+    certificateUsageSSLCA,
+  ];
+  for (let usage of usages) {
+    let chain = getChainForUsage(results, usage);
+    if (chain) {
+      return chain;
+    }
+  }
+  return null;
+}
+
+/**
+ * Given a results array, returns the chain corresponding to the desired usage,
+ * if verifying for that usage succeeded. Returns null otherwise.
+ *
+ * @param {Array} results
+ *        An array of results from `asyncDetermineUsages`. See `displayUsages`.
+ * @param {number} usage
+ *        A numerical value corresponding to a usage. See `certificateUsages`.
+ * @returns {Array} An array of `nsIX509Cert` representing the verified
+ *          certificate chain for the given usage, or null if there is none.
+ */
+function getChainForUsage(results, usage) {
+  for (let result of results) {
+    if (
+      certificateUsages[result.usageString] == usage &&
+      result.errorCode == PRErrorCodeSuccess
+    ) {
+      return result.chain;
+    }
+  }
+  return null;
+}
diff --git a/security/manager/pki/resources/content/resetpassword.js b/security/manager/pki/resources/content/resetpassword.js
new file mode 100644
index 0000000000..30db349794
--- /dev/null
+++ b/security/manager/pki/resources/content/resetpassword.js
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* import-globals-from pippki.js */
+"use strict";
+
+document.addEventListener("dialogaccept", resetPassword);
+
+function resetPassword() {
+  var pk11db = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
+  var token = pk11db.getInternalKeyToken();
+  token.reset();
+
+  try {
+    Services.logins.removeAllUserFacingLogins();
+  } catch (e) {}
+
+  let l10n = new Localization(["security/pippki/pippki.ftl"], true);
+  if (l10n) {
+    Services.prompt.alert(
+      window,
+      l10n.formatValueSync("pippki-reset-password-confirmation-title"),
+      l10n.formatValueSync("pippki-reset-password-confirmation-message")
+    );
+  }
+}
diff --git a/security/manager/pki/resources/content/resetpassword.xhtml b/security/manager/pki/resources/content/resetpassword.xhtml
new file mode 100644
index 0000000000..d83fa05bd6
--- /dev/null
+++ b/security/manager/pki/resources/content/resetpassword.xhtml
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  data-l10n-id="reset-primary-password-window2"
+  data-l10n-attrs="title, style"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+>
+  <dialog
+    id="reset_password"
+    buttons="accept,cancel"
+    buttonidaccept="reset-password-button-label"
+    defaultButton="cancel"
+  >
+    <linkset>
+      <html:link rel="localization" href="security/pippki/pippki.ftl" />
+    </linkset>
+
+    <stringbundle
+      id="pippki_bundle"
+      src="chrome://pippki/locale/pippki.properties"
+    />
+
+    <script src="chrome://pippki/content/pippki.js" />
+    <script src="chrome://pippki/content/resetpassword.js" />
+
+    <hbox flex="1">
+      <vbox>
+        <image class="alert-icon" style="margin: 5px" />
+      </vbox>
+      <vbox style="margin: 5px" flex="1">
+        <hbox flex="1">
+          <vbox flex="1">
+            <description
+              data-l10n-id="reset-primary-password-text"
+            ></description>
+          </vbox>
+        </hbox>
+      </vbox>
+    </hbox>
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/content/setp12password.js b/security/manager/pki/resources/content/setp12password.js
new file mode 100644
index 0000000000..14200c36ce
--- /dev/null
+++ b/security/manager/pki/resources/content/setp12password.js
@@ -0,0 +1,127 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+/**
+ * @file Implements the functionality of setp12password.xhtml: a dialog that lets
+ *       the user confirm the password to set on a PKCS #12 file.
+ * @param {nsISupports} window.arguments.0
+ *           Object to set the return values of calling the dialog on, queryable
+ *           to the underlying type of SetP12PasswordReturnValues.
+ */
+
+/**
+ * @typedef SetP12PasswordReturnValues
+ * @type {nsIWritablePropertyBag2}
+ * @property {boolean} confirmedPassword
+ *           Set to true if the user entered two matching passwords and
+ *           confirmed the dialog.
+ * @property {string} password
+ *           The password the user entered. Undefined value if
+ *           |confirmedPassword| is not true.
+ */
+
+/**
+ * onload() handler.
+ */
+function onLoad() {
+  // Ensure the first password textbox has focus.
+  document.getElementById("pw1").focus();
+  document.addEventListener("dialogaccept", onDialogAccept);
+  document.addEventListener("dialogcancel", onDialogCancel);
+}
+
+/**
+ * ondialogaccept() handler.
+ */
+function onDialogAccept() {
+  let password = document.getElementById("pw1").value;
+
+  let retVals = window.arguments[0].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("confirmedPassword", true);
+  retVals.setPropertyAsAString("password", password);
+}
+
+/**
+ * ondialogcancel() handler.
+ */
+function onDialogCancel() {
+  let retVals = window.arguments[0].QueryInterface(Ci.nsIWritablePropertyBag2);
+  retVals.setPropertyAsBool("confirmedPassword", false);
+}
+
+/**
+ * Calculates the strength of the given password, suitable for use in updating
+ * a progress bar that represents said strength.
+ *
+ * The strength of the password is calculated by checking the number of:
+ *   - Characters
+ *   - Numbers
+ *   - Non-alphanumeric chars
+ *   - Upper case characters
+ *
+ * @param {string} password
+ *        The password to calculate the strength of.
+ * @returns {number}
+ *          The strength of the password in the range [0, 100].
+ */
+function getPasswordStrength(password) {
+  let lengthStrength = password.length;
+  if (lengthStrength > 5) {
+    lengthStrength = 5;
+  }
+
+  let nonNumericChars = password.replace(/[0-9]/g, "");
+  let numericStrength = password.length - nonNumericChars.length;
+  if (numericStrength > 3) {
+    numericStrength = 3;
+  }
+
+  let nonSymbolChars = password.replace(/\W/g, "");
+  let symbolStrength = password.length - nonSymbolChars.length;
+  if (symbolStrength > 3) {
+    symbolStrength = 3;
+  }
+
+  let nonUpperAlphaChars = password.replace(/[A-Z]/g, "");
+  let upperAlphaStrength = password.length - nonUpperAlphaChars.length;
+  if (upperAlphaStrength > 3) {
+    upperAlphaStrength = 3;
+  }
+
+  let strength =
+    lengthStrength * 10 -
+    20 +
+    numericStrength * 10 +
+    symbolStrength * 15 +
+    upperAlphaStrength * 10;
+  if (strength < 0) {
+    strength = 0;
+  }
+  if (strength > 100) {
+    strength = 100;
+  }
+
+  return strength;
+}
+
+/**
+ * oninput() handler for both password textboxes.
+ *
+ * @param {boolean} recalculatePasswordStrength
+ *                  Whether to recalculate the strength of the first password.
+ */
+function onPasswordInput(recalculatePasswordStrength) {
+  let pw1 = document.getElementById("pw1").value;
+
+  if (recalculatePasswordStrength) {
+    document.getElementById("pwmeter").value = getPasswordStrength(pw1);
+  }
+
+  // Disable the accept button if the two passwords don't match, and enable it
+  // if the passwords do match.
+  let pw2 = document.getElementById("pw2").value;
+  document.getElementById("setp12password").getButton("accept").disabled =
+    pw1 != pw2;
+}
diff --git a/security/manager/pki/resources/content/setp12password.xhtml b/security/manager/pki/resources/content/setp12password.xhtml
new file mode 100644
index 0000000000..f4ba567c0e
--- /dev/null
+++ b/security/manager/pki/resources/content/setp12password.xhtml
@@ -0,0 +1,56 @@
+<?xml version="1.0"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
+
+<!DOCTYPE window>
+
+<window
+  data-l10n-id="set-password-window"
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+  xmlns:html="http://www.w3.org/1999/xhtml"
+  style="width: 48em"
+  onload="onLoad();"
+>
+  <dialog id="setp12password" buttons="accept,cancel">
+    <linkset>
+      <html:link rel="localization" href="security/pippki/pippki.ftl" />
+    </linkset>
+
+    <script src="chrome://global/content/globalOverlay.js" />
+    <script src="chrome://global/content/editMenuOverlay.js" />
+
+    <script src="chrome://pippki/content/setp12password.js" />
+
+    <description data-l10n-id="set-password-message"></description>
+    <separator />
+    <vbox>
+      <hbox class="input-row">
+        <label flex="1" data-l10n-id="set-password-backup-pw" />
+        <html:input id="pw1" type="password" oninput="onPasswordInput(true);" />
+      </hbox>
+      <hbox class="input-row">
+        <label flex="1" data-l10n-id="set-password-repeat-backup-pw" />
+        <html:input
+          id="pw2"
+          type="password"
+          oninput="onPasswordInput(false);"
+        />
+      </hbox>
+    </vbox>
+    <separator />
+    <description data-l10n-id="set-password-reminder"></description>
+    <separator />
+
+    <vbox style="margin: 6px">
+      <html:label
+        for="pwmeter"
+        style="display: flex"
+        data-l10n-id="password-quality-meter"
+      ></html:label>
+      <html:progress id="pwmeter" value="0" max="100" />
+    </vbox>
+  </dialog>
+</window>
diff --git a/security/manager/pki/resources/jar.mn b/security/manager/pki/resources/jar.mn
new file mode 100644
index 0000000000..a855664601
--- /dev/null
+++ b/security/manager/pki/resources/jar.mn
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+pippki.jar:
+% content pippki %content/pippki/
+    content/pippki/certManager.js            (content/certManager.js)
+    content/pippki/certManager.css           (content/certManager.css)
+    content/pippki/certManager.xhtml           (content/certManager.xhtml)
+    content/pippki/changepassword.js         (content/changepassword.js)
+    content/pippki/changepassword.xhtml        (content/changepassword.xhtml)
+    content/pippki/clientauthask.js          (content/clientauthask.js)
+    content/pippki/clientauthask.xhtml         (content/clientauthask.xhtml)
+    content/pippki/deletecert.js             (content/deletecert.js)
+    content/pippki/deletecert.css            (content/deletecert.css)
+    content/pippki/deletecert.xhtml            (content/deletecert.xhtml)
+    content/pippki/device_manager.js         (content/device_manager.js)
+    content/pippki/device_manager.xhtml        (content/device_manager.xhtml)
+    content/pippki/downloadcert.js           (content/downloadcert.js)
+    content/pippki/downloadcert.xhtml          (content/downloadcert.xhtml)
+    content/pippki/editcacert.js             (content/editcacert.js)
+    content/pippki/editcacert.xhtml          (content/editcacert.xhtml)
+    content/pippki/exceptionDialog.css       (content/exceptionDialog.css)
+    content/pippki/exceptionDialog.js        (content/exceptionDialog.js)
+*   content/pippki/exceptionDialog.xhtml       (content/exceptionDialog.xhtml)
+    content/pippki/load_device.js            (content/load_device.js)
+    content/pippki/load_device.xhtml           (content/load_device.xhtml)
+    content/pippki/pippki.js                 (content/pippki.js)
+    content/pippki/resetpassword.js          (content/resetpassword.js)
+    content/pippki/resetpassword.xhtml         (content/resetpassword.xhtml)
+    content/pippki/setp12password.js         (content/setp12password.js)
+    content/pippki/setp12password.xhtml        (content/setp12password.xhtml)
diff --git a/security/manager/pki/resources/moz.build b/security/manager/pki/resources/moz.build
new file mode 100644
index 0000000000..d988c0ff9b
--- /dev/null
+++ b/security/manager/pki/resources/moz.build
@@ -0,0 +1,7 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+JAR_MANIFESTS += ["jar.mn"]
diff --git a/security/manager/ssl/AppSignatureVerification.cpp b/security/manager/ssl/AppSignatureVerification.cpp
new file mode 100644
index 0000000000..399516dd9c
--- /dev/null
+++ b/security/manager/ssl/AppSignatureVerification.cpp
@@ -0,0 +1,1410 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificateDB.h"
+
+#include "AppTrustDomain.h"
+#include "CryptoTask.h"
+#include "NSSCertDBTrustDomain.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "certdb.h"
+#include "cms.h"
+#include "cosec.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDependentString.h"
+#include "nsHashKeys.h"
+#include "nsIFile.h"
+#include "nsIInputStream.h"
+#include "nsIStringEnumerator.h"
+#include "nsIZipReader.h"
+#include "nsNSSCertificate.h"
+#include "nsNetUtil.h"
+#include "nsProxyRelease.h"
+#include "nsString.h"
+#include "nsTHashtable.h"
+#include "mozpkix/pkix.h"
+#include "mozpkix/pkixnss.h"
+#include "mozpkix/pkixutil.h"
+#include "secerr.h"
+#include "secmime.h"
+
+using namespace mozilla::pkix;
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+namespace {
+
+// A convenient way to pair the bytes of a digest with the algorithm that
+// purportedly produced those bytes. Only SHA-1 and SHA-256 are supported.
+struct DigestWithAlgorithm {
+  nsresult ValidateLength() const {
+    size_t hashLen;
+    switch (mAlgorithm) {
+      case SEC_OID_SHA256:
+        hashLen = SHA256_LENGTH;
+        break;
+      case SEC_OID_SHA1:
+        hashLen = SHA1_LENGTH;
+        break;
+      default:
+        MOZ_ASSERT_UNREACHABLE(
+            "unsupported hash type in DigestWithAlgorithm::ValidateLength");
+        return NS_ERROR_FAILURE;
+    }
+    if (mDigest.Length() != hashLen) {
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
+    return NS_OK;
+  }
+
+  nsAutoCString mDigest;
+  SECOidTag mAlgorithm;
+};
+
+// The digest must have a lifetime greater than or equal to the returned string.
+inline nsDependentCSubstring DigestToDependentString(
+    nsTArray<uint8_t>& digest) {
+  return nsDependentCSubstring(BitwiseCast<char*, uint8_t*>(digest.Elements()),
+                               digest.Length());
+}
+
+// Reads a maximum of 8MB from a stream into the supplied buffer.
+// The reason for the 8MB limit is because this function is used to read
+// signature-related files and we want to avoid OOM. The uncompressed length of
+// an entry can be hundreds of times larger than the compressed version,
+// especially if someone has specifically crafted the entry to cause OOM or to
+// consume massive amounts of disk space.
+//
+// @param stream  The input stream to read from.
+// @param buf     The buffer that we read the stream into, which must have
+//                already been allocated.
+nsresult ReadStream(const nsCOMPtr<nsIInputStream>& stream,
+                    /*out*/ SECItem& buf) {
+  // The size returned by Available() might be inaccurate so we need
+  // to check that Available() matches up with the actual length of
+  // the file.
+  uint64_t length;
+  nsresult rv = stream->Available(&length);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  // Cap the maximum accepted size of signature-related files at 8MB (which
+  // should be much larger than necessary for our purposes) to avoid OOM.
+  static const uint32_t MAX_LENGTH = 8 * 1000 * 1000;
+  if (length > MAX_LENGTH) {
+    return NS_ERROR_FILE_TOO_BIG;
+  }
+
+  // With bug 164695 in mind we +1 to leave room for null-terminating
+  // the buffer.
+  SECITEM_AllocItem(buf, static_cast<uint32_t>(length + 1));
+
+  // buf.len == length + 1. We attempt to read length + 1 bytes
+  // instead of length, so that we can check whether the metadata for
+  // the entry is incorrect.
+  uint32_t bytesRead;
+  rv = stream->Read(BitwiseCast<char*, unsigned char*>(buf.data), buf.len,
+                    &bytesRead);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  if (bytesRead != length) {
+    return NS_ERROR_FILE_CORRUPTED;
+  }
+
+  buf.data[buf.len - 1] = 0;  // null-terminate
+
+  return NS_OK;
+}
+
+// Finds exactly one (signature metadata) JAR entry that matches the given
+// search pattern, and then loads it. Fails if there are no matches or if
+// there is more than one match. If bufDigest is not null then on success
+// bufDigest will contain the digeset of the entry using the given digest
+// algorithm.
+nsresult FindAndLoadOneEntry(
+    nsIZipReader* zip, const nsACString& searchPattern,
+    /*out*/ nsACString& filename,
+    /*out*/ SECItem& buf,
+    /*optional, in*/ SECOidTag digestAlgorithm = SEC_OID_SHA1,
+    /*optional, out*/ nsTArray<uint8_t>* bufDigest = nullptr) {
+  nsCOMPtr<nsIUTF8StringEnumerator> files;
+  nsresult rv = zip->FindEntries(searchPattern, getter_AddRefs(files));
+  if (NS_FAILED(rv) || !files) {
+    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+  }
+
+  bool more;
+  rv = files->HasMore(&more);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (!more) {
+    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+  }
+
+  rv = files->GetNext(filename);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // Check if there is more than one match, if so then error!
+  rv = files->HasMore(&more);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (more) {
+    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+  }
+
+  nsCOMPtr<nsIInputStream> stream;
+  rv = zip->GetInputStream(filename, getter_AddRefs(stream));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = ReadStream(stream, buf);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return NS_ERROR_SIGNED_JAR_ENTRY_INVALID;
+  }
+
+  if (bufDigest) {
+    rv = Digest::DigestBuf(digestAlgorithm,
+                           Span<uint8_t>{buf.data, buf.len - 1}, *bufDigest);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  return NS_OK;
+}
+
+// Verify the digest of an entry. We avoid loading the entire entry into memory
+// at once, which would require memory in proportion to the size of the largest
+// entry. Instead, we require only a small, fixed amount of memory.
+//
+// @param stream  an input stream from a JAR entry or file depending on whether
+//                it is from a signed archive or unpacked into a directory
+// @param digestFromManifest The digest that we're supposed to check the file's
+//                           contents against, from the manifest
+// @param buf A scratch buffer that we use for doing the I/O, which must have
+//            already been allocated. The size of this buffer is the unit
+//            size of our I/O.
+nsresult VerifyStreamContentDigest(
+    nsIInputStream* stream, const DigestWithAlgorithm& digestFromManifest,
+    SECItem& buf) {
+  MOZ_ASSERT(buf.len > 0);
+  nsresult rv = digestFromManifest.ValidateLength();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint64_t len64;
+  rv = stream->Available(&len64);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (len64 > UINT32_MAX) {
+    return NS_ERROR_SIGNED_JAR_ENTRY_TOO_LARGE;
+  }
+
+  Digest digest;
+
+  rv = digest.Begin(digestFromManifest.mAlgorithm);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  uint64_t totalBytesRead = 0;
+  for (;;) {
+    uint32_t bytesRead;
+    rv = stream->Read(BitwiseCast<char*, unsigned char*>(buf.data), buf.len,
+                      &bytesRead);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (bytesRead == 0) {
+      break;  // EOF
+    }
+
+    totalBytesRead += bytesRead;
+    if (totalBytesRead >= UINT32_MAX) {
+      return NS_ERROR_SIGNED_JAR_ENTRY_TOO_LARGE;
+    }
+
+    rv = digest.Update(buf.data, bytesRead);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  if (totalBytesRead != len64) {
+    // The metadata we used for Available() doesn't match the actual size of
+    // the entry.
+    return NS_ERROR_SIGNED_JAR_ENTRY_INVALID;
+  }
+
+  // Verify that the digests match.
+  nsTArray<uint8_t> outArray;
+  rv = digest.End(outArray);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  nsDependentCSubstring digestStr(DigestToDependentString(outArray));
+  if (!digestStr.Equals(digestFromManifest.mDigest)) {
+    return NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY;
+  }
+
+  return NS_OK;
+}
+
+nsresult VerifyEntryContentDigest(nsIZipReader* zip,
+                                  const nsACString& aFilename,
+                                  const DigestWithAlgorithm& digestFromManifest,
+                                  SECItem& buf) {
+  nsCOMPtr<nsIInputStream> stream;
+  nsresult rv = zip->GetInputStream(aFilename, getter_AddRefs(stream));
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_SIGNED_JAR_ENTRY_MISSING;
+  }
+
+  return VerifyStreamContentDigest(stream, digestFromManifest, buf);
+}
+
+// On input, nextLineStart is the start of the current line. On output,
+// nextLineStart is the start of the next line.
+nsresult ReadLine(/*in/out*/ const char*& nextLineStart,
+                  /*out*/ nsCString& line, bool allowContinuations = true) {
+  line.Truncate();
+  size_t previousLength = 0;
+  size_t currentLength = 0;
+  for (;;) {
+    const char* eol = strpbrk(nextLineStart, "\r\n");
+
+    if (!eol) {  // Reached end of file before newline
+      eol = nextLineStart + strlen(nextLineStart);
+    }
+
+    previousLength = currentLength;
+    line.Append(nextLineStart, eol - nextLineStart);
+    currentLength = line.Length();
+
+    // The spec says "No line may be longer than 72 bytes (not characters)"
+    // in its UTF8-encoded form.
+    static const size_t lineLimit = 72;
+    if (currentLength - previousLength > lineLimit) {
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
+
+    // The spec says: "Implementations should support 65535-byte
+    // (not character) header values..."
+    if (currentLength > 65535) {
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
+
+    if (*eol == '\r') {
+      ++eol;
+    }
+    if (*eol == '\n') {
+      ++eol;
+    }
+
+    nextLineStart = eol;
+
+    if (*eol != ' ') {
+      // not a continuation
+      return NS_OK;
+    }
+
+    // continuation
+    if (!allowContinuations) {
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
+
+    ++nextLineStart;  // skip space and keep appending
+  }
+}
+
+// The header strings are defined in the JAR specification.
+#define JAR_MF_SEARCH_STRING "(M|/M)ETA-INF/(M|m)(ANIFEST|anifest).(MF|mf)$"
+#define JAR_COSE_MF_SEARCH_STRING "(M|/M)ETA-INF/cose.manifest$"
+#define JAR_SF_SEARCH_STRING "(M|/M)ETA-INF/*.(SF|sf)$"
+#define JAR_RSA_SEARCH_STRING "(M|/M)ETA-INF/*.(RSA|rsa)$"
+#define JAR_COSE_SEARCH_STRING "(M|/M)ETA-INF/cose.sig$"
+#define JAR_META_DIR "META-INF"
+#define JAR_MF_HEADER "Manifest-Version: 1.0"
+#define JAR_SF_HEADER "Signature-Version: 1.0"
+
+nsresult ParseAttribute(const nsAutoCString& curLine,
+                        /*out*/ nsAutoCString& attrName,
+                        /*out*/ nsAutoCString& attrValue) {
+  // Find the colon that separates the name from the value.
+  int32_t colonPos = curLine.FindChar(':');
+  if (colonPos == kNotFound) {
+    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+  }
+
+  // set attrName to the name, skipping spaces between the name and colon
+  int32_t nameEnd = colonPos;
+  for (;;) {
+    if (nameEnd == 0) {
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;  // colon with no name
+    }
+    if (curLine[nameEnd - 1] != ' ') break;
+    --nameEnd;
+  }
+  curLine.Left(attrName, nameEnd);
+
+  // Set attrValue to the value, skipping spaces between the colon and the
+  // value. The value may be empty.
+  int32_t valueStart = colonPos + 1;
+  int32_t curLineLength = curLine.Length();
+  while (valueStart != curLineLength && curLine[valueStart] == ' ') {
+    ++valueStart;
+  }
+  curLine.Right(attrValue, curLineLength - valueStart);
+
+  return NS_OK;
+}
+
+// Parses the version line of the MF or SF header.
+nsresult CheckManifestVersion(const char*& nextLineStart,
+                              const nsACString& expectedHeader) {
+  // The JAR spec says: "Manifest-Version and Signature-Version must be first,
+  // and in exactly that case (so that they can be recognized easily as magic
+  // strings)."
+  nsAutoCString curLine;
+  nsresult rv = ReadLine(nextLineStart, curLine, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!curLine.Equals(expectedHeader)) {
+    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+  }
+  return NS_OK;
+}
+
+// Parses a signature file (SF) based on the JDK 8 JAR Specification.
+//
+// The SF file must contain a SHA*-Digest-Manifest attribute in the main
+// section (where the * is either 1 or 256, depending on the given digest
+// algorithm). All other sections are ignored. This means that this will NOT
+// parse old-style signature files that have separate digests per entry.
+// The JDK8 x-Digest-Manifest variant is better because:
+//
+//   (1) It allows us to follow the principle that we should minimize the
+//       processing of data that we do before we verify its signature. In
+//       particular, with the x-Digest-Manifest style, we can verify the digest
+//       of MANIFEST.MF before we parse it, which prevents malicious JARs
+//       exploiting our MANIFEST.MF parser.
+//   (2) It is more time-efficient and space-efficient to have one
+//       x-Digest-Manifest instead of multiple x-Digest values.
+//
+// filebuf must be null-terminated. On output, mfDigest will contain the
+// decoded value of the appropriate SHA*-DigestManifest, if found.
+nsresult ParseSF(const char* filebuf, SECOidTag digestAlgorithm,
+                 /*out*/ nsAutoCString& mfDigest) {
+  const char* digestNameToFind = nullptr;
+  switch (digestAlgorithm) {
+    case SEC_OID_SHA256:
+      digestNameToFind = "sha256-digest-manifest";
+      break;
+    case SEC_OID_SHA1:
+      digestNameToFind = "sha1-digest-manifest";
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("bad argument to ParseSF");
+      return NS_ERROR_FAILURE;
+  }
+
+  const char* nextLineStart = filebuf;
+  nsresult rv =
+      CheckManifestVersion(nextLineStart, nsLiteralCString(JAR_SF_HEADER));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  for (;;) {
+    nsAutoCString curLine;
+    rv = ReadLine(nextLineStart, curLine);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (curLine.Length() == 0) {
+      // End of main section (blank line or end-of-file). We didn't find the
+      // SHA*-Digest-Manifest we were looking for.
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
+
+    nsAutoCString attrName;
+    nsAutoCString attrValue;
+    rv = ParseAttribute(curLine, attrName, attrValue);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (attrName.EqualsIgnoreCase(digestNameToFind)) {
+      rv = Base64Decode(attrValue, mfDigest);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+
+      // There could be multiple SHA*-Digest-Manifest attributes, which
+      // would be an error, but it's better to just skip any erroneous
+      // duplicate entries rather than trying to detect them, because:
+      //
+      //   (1) It's simpler, and simpler generally means more secure
+      //   (2) An attacker can't make us accept a JAR we would otherwise
+      //       reject just by adding additional SHA*-Digest-Manifest
+      //       attributes.
+      return NS_OK;
+    }
+
+    // ignore unrecognized attributes
+  }
+
+  MOZ_ASSERT_UNREACHABLE("somehow exited loop in ParseSF without returning");
+  return NS_ERROR_FAILURE;
+}
+
+// Parses MANIFEST.MF. The filenames of all entries will be returned in
+// mfItems. buf must be a pre-allocated scratch buffer that is used for doing
+// I/O. Each file's contents are verified against the entry in the manifest with
+// the digest algorithm that matches the given one. This algorithm comes from
+// the signature file. If the signature file has a SHA-256 digest, then SHA-256
+// entries must be present in the manifest file. If the signature file only has
+// a SHA-1 digest, then only SHA-1 digests will be used in the manifest file.
+nsresult ParseMF(const char* filebuf, nsIZipReader* zip,
+                 SECOidTag digestAlgorithm,
+                 /*out*/ nsTHashtable<nsCStringHashKey>& mfItems,
+                 ScopedAutoSECItem& buf) {
+  const char* digestNameToFind = nullptr;
+  switch (digestAlgorithm) {
+    case SEC_OID_SHA256:
+      digestNameToFind = "sha256-digest";
+      break;
+    case SEC_OID_SHA1:
+      digestNameToFind = "sha1-digest";
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("bad argument to ParseMF");
+      return NS_ERROR_FAILURE;
+  }
+
+  const char* nextLineStart = filebuf;
+  nsresult rv =
+      CheckManifestVersion(nextLineStart, nsLiteralCString(JAR_MF_HEADER));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Skip the rest of the header section, which ends with a blank line.
+  {
+    nsAutoCString line;
+    do {
+      rv = ReadLine(nextLineStart, line);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    } while (line.Length() > 0);
+
+    // Manifest containing no file entries is OK, though useless.
+    if (*nextLineStart == '\0') {
+      return NS_OK;
+    }
+  }
+
+  nsAutoCString curItemName;
+  nsAutoCString digest;
+
+  for (;;) {
+    nsAutoCString curLine;
+    rv = ReadLine(nextLineStart, curLine);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (curLine.Length() == 0) {
+      // end of section (blank line or end-of-file)
+
+      if (curItemName.Length() == 0) {
+        // '...Each section must start with an attribute with the name as
+        // "Name",...', so every section must have a Name attribute.
+        return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+      }
+
+      if (digest.IsEmpty()) {
+        // We require every entry to have a digest, since we require every
+        // entry to be signed and we don't allow duplicate entries.
+        return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+      }
+
+      if (mfItems.Contains(curItemName)) {
+        // Duplicate entry
+        return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+      }
+
+      // Verify that the entry's content digest matches the digest from this
+      // MF section.
+      DigestWithAlgorithm digestWithAlgorithm = {digest, digestAlgorithm};
+      rv = VerifyEntryContentDigest(zip, curItemName, digestWithAlgorithm, buf);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+
+      mfItems.PutEntry(curItemName);
+
+      if (*nextLineStart == '\0') {
+        // end-of-file
+        break;
+      }
+
+      // reset so we know we haven't encountered either of these for the next
+      // item yet.
+      curItemName.Truncate();
+      digest.Truncate();
+
+      continue;  // skip the rest of the loop below
+    }
+
+    nsAutoCString attrName;
+    nsAutoCString attrValue;
+    rv = ParseAttribute(curLine, attrName, attrValue);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Lines to look for:
+
+    // (1) Digest:
+    if (attrName.EqualsIgnoreCase(digestNameToFind)) {
+      if (!digest.IsEmpty()) {  // multiple SHA* digests in section
+        return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+      }
+
+      rv = Base64Decode(attrValue, digest);
+      if (NS_FAILED(rv)) {
+        return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+      }
+
+      continue;
+    }
+
+    // (2) Name: associates this manifest section with a file in the jar.
+    if (attrName.LowerCaseEqualsLiteral("name")) {
+      if (MOZ_UNLIKELY(curItemName.Length() > 0))  // multiple names in section
+        return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+
+      if (MOZ_UNLIKELY(attrValue.Length() == 0))
+        return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+
+      curItemName = attrValue;
+
+      continue;
+    }
+
+    // (3) Magic: the only other must-understand attribute
+    if (attrName.LowerCaseEqualsLiteral("magic")) {
+      // We don't understand any magic, so we can't verify an entry that
+      // requires magic. Since we require every entry to have a valid
+      // signature, we have no choice but to reject the entry.
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
+
+    // unrecognized attributes must be ignored
+  }
+
+  return NS_OK;
+}
+
+nsresult VerifyCertificate(Span<const uint8_t> signerCert,
+                           AppTrustedRoot trustedRoot,
+                           nsTArray<Span<const uint8_t>>&& collectedCerts) {
+  AppTrustDomain trustDomain(std::move(collectedCerts));
+  nsresult rv = trustDomain.SetTrustedRoot(trustedRoot);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  Input certDER;
+  mozilla::pkix::Result result =
+      certDER.Init(signerCert.Elements(), signerCert.Length());
+  if (result != Success) {
+    return mozilla::psm::GetXPCOMFromNSSError(MapResultToPRErrorCode(result));
+  }
+
+  result = BuildCertChain(
+      trustDomain, certDER, Now(), EndEntityOrCA::MustBeEndEntity,
+      KeyUsage::digitalSignature, KeyPurposeId::id_kp_codeSigning,
+      CertPolicyId::anyPolicy, nullptr /*stapledOCSPResponse*/);
+  if (result == mozilla::pkix::Result::ERROR_EXPIRED_CERTIFICATE ||
+      result == mozilla::pkix::Result::ERROR_NOT_YET_VALID_CERTIFICATE) {
+    // For code-signing you normally need trusted 3rd-party timestamps to
+    // handle expiration properly. The signer could always mess with their
+    // system clock so you can't trust the certificate was un-expired when
+    // the signing took place. The choice is either to ignore expiration
+    // or to enforce expiration at time of use. The latter leads to the
+    // user-hostile result that perfectly good code stops working.
+    //
+    // Our package format doesn't support timestamps (nor do we have a
+    // trusted 3rd party timestamper), but since we sign all of our apps and
+    // add-ons ourselves we can trust ourselves not to mess with the clock
+    // on the signing systems. We also have a revocation mechanism if we
+    // need it. Under these conditions it's OK to ignore cert  errors related
+    // to time validity (expiration and "not yet valid").
+    //
+    // This is an invalid approach if
+    //  * we issue certs to let others sign their own packages
+    //  * mozilla::pkix returns "expired" when there are "worse" problems
+    //    with the certificate or chain.
+    // (see bug 1267318)
+    result = Success;
+  }
+  if (result != Success) {
+    return mozilla::psm::GetXPCOMFromNSSError(MapResultToPRErrorCode(result));
+  }
+
+  return NS_OK;
+}
+
+// Given a SECOidTag representing a digest algorithm (either SEC_OID_SHA1 or
+// SEC_OID_SHA256), returns the first signerInfo in the given signedData that
+// purports to have been created using that digest algorithm, or nullptr if
+// there is none.
+// The returned signerInfo is owned by signedData, so the caller must ensure
+// that the lifetime of the signerInfo is contained by the lifetime of the
+// signedData.
+NSSCMSSignerInfo* GetSignerInfoForDigestAlgorithm(NSSCMSSignedData* signedData,
+                                                  SECOidTag digestAlgorithm) {
+  MOZ_ASSERT(digestAlgorithm == SEC_OID_SHA1 ||
+             digestAlgorithm == SEC_OID_SHA256);
+  if (digestAlgorithm != SEC_OID_SHA1 && digestAlgorithm != SEC_OID_SHA256) {
+    return nullptr;
+  }
+
+  int numSigners = NSS_CMSSignedData_SignerInfoCount(signedData);
+  if (numSigners < 1) {
+    return nullptr;
+  }
+  for (int i = 0; i < numSigners; i++) {
+    NSSCMSSignerInfo* signerInfo =
+        NSS_CMSSignedData_GetSignerInfo(signedData, i);
+    // NSS_CMSSignerInfo_GetDigestAlgTag isn't exported from NSS.
+    SECOidData* digestAlgOID = SECOID_FindOID(&signerInfo->digestAlg.algorithm);
+    if (!digestAlgOID) {
+      continue;
+    }
+    if (digestAlgorithm == digestAlgOID->offset) {
+      return signerInfo;
+    }
+  }
+  return nullptr;
+}
+
+Span<const uint8_t> GetPKCS7SignerCert(
+    NSSCMSSignerInfo* signerInfo,
+    nsTArray<Span<const uint8_t>>& collectedCerts) {
+  if (!signerInfo) {
+    return {};
+  }
+  // The NSS APIs use the term "CMS", but since these are all signed by Mozilla
+  // infrastructure, we know they are actually PKCS7. This means that this only
+  // needs to handle issuer/serial number signer identifiers.
+  if (signerInfo->signerIdentifier.identifierType != NSSCMSSignerID_IssuerSN) {
+    return {};
+  }
+  CERTIssuerAndSN* issuerAndSN = signerInfo->signerIdentifier.id.issuerAndSN;
+  if (!issuerAndSN) {
+    return {};
+  }
+  Input issuer;
+  mozilla::pkix::Result result =
+      issuer.Init(issuerAndSN->derIssuer.data, issuerAndSN->derIssuer.len);
+  if (result != Success) {
+    return {};
+  }
+  Input serialNumber;
+  result = serialNumber.Init(issuerAndSN->serialNumber.data,
+                             issuerAndSN->serialNumber.len);
+  if (result != Success) {
+    return {};
+  }
+  for (const auto& certDER : collectedCerts) {
+    Input certInput;
+    result = certInput.Init(certDER.Elements(), certDER.Length());
+    if (result != Success) {
+      continue;  // probably too big
+    }
+    // Since this only decodes the certificate and doesn't attempt to build a
+    // verified chain with it, the EndEntityOrCA parameter doesn't matter.
+    BackCert cert(certInput, EndEntityOrCA::MustBeEndEntity, nullptr);
+    result = cert.Init();
+    if (result != Success) {
+      continue;
+    }
+    if (InputsAreEqual(issuer, cert.GetIssuer()) &&
+        InputsAreEqual(serialNumber, cert.GetSerialNumber())) {
+      return certDER;
+    }
+  }
+  return {};
+}
+
+nsresult VerifySignature(AppTrustedRoot trustedRoot, const SECItem& buffer,
+                         nsTArray<uint8_t>& detachedSHA1Digest,
+                         nsTArray<uint8_t>& detachedSHA256Digest,
+                         /*out*/ SECOidTag& digestAlgorithm,
+                         /*out*/ nsTArray<uint8_t>& signerCert) {
+  if (NS_WARN_IF(!buffer.data || buffer.len == 0 ||
+                 detachedSHA1Digest.Length() == 0 ||
+                 detachedSHA256Digest.Length() == 0)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueNSSCMSMessage cmsMsg(NSS_CMSMessage_CreateFromDER(
+      const_cast<SECItem*>(&buffer), nullptr, nullptr, nullptr, nullptr,
+      nullptr, nullptr));
+  if (!cmsMsg) {
+    return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
+  }
+
+  if (!NSS_CMSMessage_IsSigned(cmsMsg.get())) {
+    return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
+  }
+
+  NSSCMSContentInfo* cinfo = NSS_CMSMessage_ContentLevel(cmsMsg.get(), 0);
+  if (!cinfo) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // We're expecting this to be a PKCS#7 signedData content info.
+  if (NSS_CMSContentInfo_GetContentTypeTag(cinfo) !=
+      SEC_OID_PKCS7_SIGNED_DATA) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // signedData is non-owning
+  NSSCMSSignedData* signedData =
+      static_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
+  if (!signedData) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  nsTArray<Span<const uint8_t>> collectedCerts;
+  if (signedData->rawCerts) {
+    for (size_t i = 0; signedData->rawCerts[i]; ++i) {
+      Span<const uint8_t> cert(signedData->rawCerts[i]->data,
+                               signedData->rawCerts[i]->len);
+      collectedCerts.AppendElement(std::move(cert));
+    }
+  }
+
+  NSSCMSSignerInfo* signerInfo =
+      GetSignerInfoForDigestAlgorithm(signedData, SEC_OID_SHA256);
+  nsTArray<uint8_t>* tmpDetachedDigest = &detachedSHA256Digest;
+  digestAlgorithm = SEC_OID_SHA256;
+  if (!signerInfo) {
+    signerInfo = GetSignerInfoForDigestAlgorithm(signedData, SEC_OID_SHA1);
+    if (!signerInfo) {
+      return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
+    }
+    tmpDetachedDigest = &detachedSHA1Digest;
+    digestAlgorithm = SEC_OID_SHA1;
+  }
+
+  const SECItem detachedDigest = {
+      siBuffer, tmpDetachedDigest->Elements(),
+      static_cast<unsigned int>(tmpDetachedDigest->Length())};
+
+  // Get the certificate that issued the PKCS7 signature.
+  Span<const uint8_t> signerCertSpan =
+      GetPKCS7SignerCert(signerInfo, collectedCerts);
+  if (signerCertSpan.IsEmpty()) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  nsresult rv =
+      VerifyCertificate(signerCertSpan, trustedRoot, std::move(collectedCerts));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  signerCert.Clear();
+  signerCert.AppendElements(signerCertSpan);
+
+  // Ensure that the PKCS#7 data OID is present as the PKCS#9 contentType.
+  const char* pkcs7DataOidString = "1.2.840.113549.1.7.1";
+  ScopedAutoSECItem pkcs7DataOid;
+  if (SEC_StringToOID(nullptr, &pkcs7DataOid, pkcs7DataOidString, 0) !=
+      SECSuccess) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  // NSS_CMSSignerInfo_Verify relies on NSS_CMSSignerInfo_GetSigningCertificate
+  // having been called already. This relies on the signing certificate being
+  // decoded as a CERTCertificate.
+  // This assertion should never fail, as this certificate has been
+  // successfully verified, which means it fits in the size of an unsigned int.
+  SECItem signingCertificateItem = {
+      siBuffer, const_cast<unsigned char*>(signerCertSpan.Elements()),
+      AssertedCast<unsigned int>(signerCertSpan.Length())};
+  UniqueCERTCertificate signingCertificateHandle(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &signingCertificateItem, nullptr, false, true));
+  if (!signingCertificateHandle) {
+    return mozilla::psm::GetXPCOMFromNSSError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+  }
+  // NB: This function does not return an owning reference, unlike with many
+  // other NSS APIs.
+  if (!NSS_CMSSignerInfo_GetSigningCertificate(signerInfo,
+                                               CERT_GetDefaultCertDB())) {
+    return mozilla::psm::GetXPCOMFromNSSError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+  }
+  return MapSECStatus(NSS_CMSSignerInfo_Verify(
+      signerInfo, const_cast<SECItem*>(&detachedDigest), &pkcs7DataOid));
+}
+
+class CoseVerificationContext {
+ public:
+  explicit CoseVerificationContext(AppTrustedRoot aTrustedRoot)
+      : mTrustedRoot(aTrustedRoot) {}
+  ~CoseVerificationContext() = default;
+
+  AppTrustedRoot GetTrustedRoot() { return mTrustedRoot; }
+  void SetCert(Span<const uint8_t> certDER) {
+    mCertDER.Clear();
+    mCertDER.AppendElements(certDER);
+  }
+
+  nsTArray<uint8_t> TakeCert() { return std::move(mCertDER); }
+
+ private:
+  AppTrustedRoot mTrustedRoot;
+  nsTArray<uint8_t> mCertDER;
+};
+
+// Verification function called from cose-rust.
+// Returns true if everything goes well and the signature and certificate chain
+// are good, false in any other case.
+bool CoseVerificationCallback(const uint8_t* aPayload, size_t aPayloadLen,
+                              const uint8_t** aCertChain, size_t aCertChainLen,
+                              const size_t* aCertsLen, const uint8_t* aEECert,
+                              size_t aEECertLen, const uint8_t* aSignature,
+                              size_t aSignatureLen, uint8_t aSignatureAlgorithm,
+                              void* ctx) {
+  if (!ctx || !aPayload || !aEECert || !aSignature) {
+    return false;
+  }
+  // The ctx here is a pointer to a CoseVerificationContext object
+  CoseVerificationContext* context = static_cast<CoseVerificationContext*>(ctx);
+  AppTrustedRoot aTrustedRoot = context->GetTrustedRoot();
+
+  CK_MECHANISM_TYPE mechanism;
+  SECOidTag oid;
+  uint32_t hash_length;
+  SECItem param = {siBuffer, nullptr, 0};
+  switch (aSignatureAlgorithm) {
+    case ES256:
+      mechanism = CKM_ECDSA;
+      oid = SEC_OID_SHA256;
+      hash_length = SHA256_LENGTH;
+      break;
+    case ES384:
+      mechanism = CKM_ECDSA;
+      oid = SEC_OID_SHA384;
+      hash_length = SHA384_LENGTH;
+      break;
+    case ES512:
+      mechanism = CKM_ECDSA;
+      oid = SEC_OID_SHA512;
+      hash_length = SHA512_LENGTH;
+      break;
+    default:
+      return false;
+  }
+
+  uint8_t hashBuf[HASH_LENGTH_MAX];
+  SECStatus rv = PK11_HashBuf(oid, hashBuf, aPayload, aPayloadLen);
+  if (rv != SECSuccess) {
+    return false;
+  }
+  SECItem hashItem = {siBuffer, hashBuf, hash_length};
+  Input certInput;
+  if (certInput.Init(aEECert, aEECertLen) != Success) {
+    return false;
+  }
+  // Since this only decodes the certificate and doesn't attempt to build a
+  // verified chain with it, the EndEntityOrCA parameter doesn't matter.
+  BackCert backCert(certInput, EndEntityOrCA::MustBeEndEntity, nullptr);
+  if (backCert.Init() != Success) {
+    return false;
+  }
+  Input spkiInput = backCert.GetSubjectPublicKeyInfo();
+  SECItem spkiItem = {siBuffer, const_cast<uint8_t*>(spkiInput.UnsafeGetData()),
+                      spkiInput.GetLength()};
+  UniqueCERTSubjectPublicKeyInfo spki(
+      SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+  if (!spki) {
+    return false;
+  }
+  UniqueSECKEYPublicKey key(SECKEY_ExtractPublicKey(spki.get()));
+  SECItem signatureItem = {siBuffer, const_cast<uint8_t*>(aSignature),
+                           static_cast<unsigned int>(aSignatureLen)};
+  rv = PK11_VerifyWithMechanism(key.get(), mechanism, &param, &signatureItem,
+                                &hashItem, nullptr);
+  if (rv != SECSuccess) {
+    return false;
+  }
+
+  nsTArray<Span<const uint8_t>> collectedCerts;
+  for (size_t i = 0; i < aCertChainLen; ++i) {
+    Span<const uint8_t> cert(aCertChain[i], aCertsLen[i]);
+    collectedCerts.AppendElement(std::move(cert));
+  }
+
+  Span<const uint8_t> certSpan = {aEECert, aEECertLen};
+  nsresult nrv =
+      VerifyCertificate(certSpan, aTrustedRoot, std::move(collectedCerts));
+  bool result = true;
+  if (NS_FAILED(nrv)) {
+    result = false;
+  }
+
+  // Passing back the signing certificate in form of the DER cert.
+  context->SetCert(certSpan);
+  if (NS_FAILED(nrv)) {
+    result = false;
+  }
+
+  return result;
+}
+
+nsresult VerifyAppManifest(SECOidTag aDigestToUse, nsCOMPtr<nsIZipReader> aZip,
+                           nsTHashtable<nsCStringHashKey>& aIgnoredFiles,
+                           const SECItem& aManifestBuffer) {
+  // Allocate the I/O buffer only once per JAR, instead of once per entry, in
+  // order to minimize malloc/free calls and in order to avoid fragmenting
+  // memory.
+  ScopedAutoSECItem buf(128 * 1024);
+
+  nsTHashtable<nsCStringHashKey> items;
+
+  nsresult rv =
+      ParseMF(BitwiseCast<char*, unsigned char*>(aManifestBuffer.data), aZip,
+              aDigestToUse, items, buf);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Verify every entry in the file.
+  nsCOMPtr<nsIUTF8StringEnumerator> entries;
+  rv = aZip->FindEntries(""_ns, getter_AddRefs(entries));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!entries) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  for (;;) {
+    bool hasMore;
+    rv = entries->HasMore(&hasMore);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (!hasMore) {
+      break;
+    }
+
+    nsAutoCString entryFilename;
+    rv = entries->GetNext(entryFilename);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("Verifying digests for %s", entryFilename.get()));
+
+    if (entryFilename.Length() == 0) {
+      return NS_ERROR_SIGNED_JAR_ENTRY_INVALID;
+    }
+
+    // The files that comprise the signature mechanism are not covered by the
+    // signature. Ignore these files.
+    if (aIgnoredFiles.Contains(entryFilename)) {
+      continue;
+    }
+
+    // Entries with names that end in "/" are directory entries, which are not
+    // signed.
+    //
+    // Since bug 1415991 we don't support unpacked JARs. The "/" entries are
+    // therefore harmless.
+    if (entryFilename.Last() == '/') {
+      continue;
+    }
+
+    nsCStringHashKey* item = items.GetEntry(entryFilename);
+    if (!item) {
+      return NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY;
+    }
+
+    // Remove the item so we can check for leftover items later
+    items.RemoveEntry(item);
+  }
+
+  // We verified that every entry that we require to be signed is signed. But,
+  // were there any missing entries--that is, entries that are mentioned in the
+  // manifest but missing from the archive?
+  if (items.Count() != 0) {
+    return NS_ERROR_SIGNED_JAR_ENTRY_MISSING;
+  }
+
+  return NS_OK;
+}
+
+// This corresponds to the preference "security.signed_app_signatures.policy".
+// The lowest order bit determines which PKCS#7 algorithms are accepted.
+// xxx_0_: SHA-1 and/or SHA-256 PKCS#7 allowed
+// xxx_1_: SHA-256 PKCS#7 allowed
+// The next two bits determine whether COSE is required and PKCS#7 is allowed
+// x_00_x: COSE disabled, ignore files, PKCS#7 must verify
+// x_01_x: COSE is verified if present, PKCS#7 must verify
+// x_10_x: COSE is required, PKCS#7 must verify if present
+// x_11_x: COSE is required, PKCS#7 disabled (fail when present)
+class SignaturePolicy {
+ public:
+  explicit SignaturePolicy(int32_t preference)
+      : mProcessCose(true),
+        mCoseRequired(false),
+        mProcessPK7(true),
+        mPK7Required(true),
+        mSHA1Allowed(true),
+        mSHA256Allowed(true) {
+    mCoseRequired = (preference & 0b100) != 0;
+    mProcessCose = (preference & 0b110) != 0;
+    mPK7Required = (preference & 0b100) == 0;
+    mProcessPK7 = (preference & 0b110) != 0b110;
+    if ((preference & 0b1) == 0) {
+      mSHA1Allowed = true;
+      mSHA256Allowed = true;
+    } else {
+      mSHA1Allowed = false;
+      mSHA256Allowed = true;
+    }
+  }
+  ~SignaturePolicy() = default;
+  bool ProcessCOSE() { return mProcessCose; }
+  bool COSERequired() { return mCoseRequired; }
+  bool PK7Required() { return mPK7Required; }
+  bool ProcessPK7() { return mProcessPK7; }
+  bool IsPK7HashAllowed(SECOidTag aHashAlg) {
+    if (aHashAlg == SEC_OID_SHA256 && mSHA256Allowed) {
+      return true;
+    }
+    if (aHashAlg == SEC_OID_SHA1 && mSHA1Allowed) {
+      return true;
+    }
+    return false;
+  }
+
+ private:
+  bool mProcessCose;
+  bool mCoseRequired;
+  bool mProcessPK7;
+  bool mPK7Required;
+  bool mSHA1Allowed;
+  bool mSHA256Allowed;
+};
+
+nsresult VerifyCOSESignature(AppTrustedRoot aTrustedRoot, nsIZipReader* aZip,
+                             SignaturePolicy& aPolicy,
+                             nsTHashtable<nsCStringHashKey>& aIgnoredFiles,
+                             /* out */ bool& aVerified,
+                             /* out */ nsTArray<uint8_t>& aCoseCertDER) {
+  NS_ENSURE_ARG_POINTER(aZip);
+  bool required = aPolicy.COSERequired();
+  aVerified = false;
+
+  // Read COSE signature file.
+  nsAutoCString coseFilename;
+  ScopedAutoSECItem coseBuffer;
+  nsresult rv = FindAndLoadOneEntry(
+      aZip, nsLiteralCString(JAR_COSE_SEARCH_STRING), coseFilename, coseBuffer);
+  if (NS_FAILED(rv)) {
+    return required ? NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE : NS_OK;
+  }
+
+  // Verify COSE signature.
+  nsAutoCString mfFilename;
+  ScopedAutoSECItem manifestBuffer;
+  rv = FindAndLoadOneEntry(aZip, nsLiteralCString(JAR_COSE_MF_SEARCH_STRING),
+                           mfFilename, manifestBuffer);
+  if (NS_FAILED(rv)) {
+    return required ? NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE : rv;
+  }
+  MOZ_ASSERT(manifestBuffer.len >= 1);
+  MOZ_ASSERT(coseBuffer.len >= 1);
+  CoseVerificationContext context(aTrustedRoot);
+  bool coseVerification = verify_cose_signature_ffi(
+      manifestBuffer.data, manifestBuffer.len - 1, coseBuffer.data,
+      coseBuffer.len - 1, &context, CoseVerificationCallback);
+  if (!coseVerification) {
+    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+  }
+  // CoseVerificationCallback sets the context certificate to the first cert
+  // it encounters.
+  aCoseCertDER = context.TakeCert();
+
+  // aIgnoredFiles contains the PKCS#7 manifest and signature files iff the
+  // PKCS#7 verification was successful.
+  aIgnoredFiles.PutEntry(mfFilename);
+  aIgnoredFiles.PutEntry(coseFilename);
+  rv = VerifyAppManifest(SEC_OID_SHA256, aZip, aIgnoredFiles, manifestBuffer);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  aVerified = true;
+  return NS_OK;
+}
+
+nsresult VerifyPK7Signature(
+    AppTrustedRoot aTrustedRoot, nsIZipReader* aZip, SignaturePolicy& aPolicy,
+    /* out */ nsTHashtable<nsCStringHashKey>& aIgnoredFiles,
+    /* out */ bool& aVerified,
+    /* out */ nsTArray<uint8_t>& aSignerCert) {
+  NS_ENSURE_ARG_POINTER(aZip);
+  bool required = aPolicy.PK7Required();
+  aVerified = false;
+
+  // Signature (RSA) file
+  nsAutoCString sigFilename;
+  ScopedAutoSECItem sigBuffer;
+  nsresult rv = FindAndLoadOneEntry(
+      aZip, nsLiteralCString(JAR_RSA_SEARCH_STRING), sigFilename, sigBuffer);
+  if (NS_FAILED(rv)) {
+    return required ? NS_ERROR_SIGNED_JAR_NOT_SIGNED : NS_OK;
+  }
+
+  // Signature (SF) file
+  nsAutoCString sfFilename;
+  ScopedAutoSECItem sfBuffer;
+  rv = FindAndLoadOneEntry(aZip, nsLiteralCString(JAR_SF_SEARCH_STRING),
+                           sfFilename, sfBuffer);
+  if (NS_FAILED(rv)) {
+    return required ? NS_ERROR_SIGNED_JAR_MANIFEST_INVALID : NS_OK;
+  }
+
+  // Calculate both the SHA-1 and SHA-256 hashes of the signature file - we
+  // don't know what algorithm the PKCS#7 signature used.
+  nsTArray<uint8_t> sfCalculatedSHA1Digest;
+  rv = Digest::DigestBuf(SEC_OID_SHA1, sfBuffer.data, sfBuffer.len - 1,
+                         sfCalculatedSHA1Digest);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsTArray<uint8_t> sfCalculatedSHA256Digest;
+  rv = Digest::DigestBuf(SEC_OID_SHA256, sfBuffer.data, sfBuffer.len - 1,
+                         sfCalculatedSHA256Digest);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Verify PKCS#7 signature.
+  // If we get here, the signature has to verify even if PKCS#7 is not required.
+  sigBuffer.type = siBuffer;
+  SECOidTag digestToUse;
+  rv = VerifySignature(aTrustedRoot, sigBuffer, sfCalculatedSHA1Digest,
+                       sfCalculatedSHA256Digest, digestToUse, aSignerCert);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Check the digest used for the signature against the policy.
+  if (!aPolicy.IsPK7HashAllowed(digestToUse)) {
+    return NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE;
+  }
+
+  nsAutoCString mfDigest;
+  rv = ParseSF(BitwiseCast<char*, unsigned char*>(sfBuffer.data), digestToUse,
+               mfDigest);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Read PK7 manifest (MF) file.
+  ScopedAutoSECItem manifestBuffer;
+  nsTArray<uint8_t> digestArray;
+  nsAutoCString mfFilename;
+  rv = FindAndLoadOneEntry(aZip, nsLiteralCString(JAR_MF_SEARCH_STRING),
+                           mfFilename, manifestBuffer, digestToUse,
+                           &digestArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsDependentCSubstring calculatedDigest(
+      BitwiseCast<char*, uint8_t*>(digestArray.Elements()),
+      digestArray.Length());
+  if (!mfDigest.Equals(calculatedDigest)) {
+    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+  }
+
+  // Verify PKCS7 manifest file hashes.
+  aIgnoredFiles.PutEntry(sfFilename);
+  aIgnoredFiles.PutEntry(sigFilename);
+  aIgnoredFiles.PutEntry(mfFilename);
+  rv = VerifyAppManifest(digestToUse, aZip, aIgnoredFiles, manifestBuffer);
+  if (NS_FAILED(rv)) {
+    aIgnoredFiles.Clear();
+    return rv;
+  }
+
+  aVerified = true;
+  return NS_OK;
+}
+
+nsresult OpenSignedAppFile(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
+                           SignaturePolicy aPolicy,
+                           /* out, optional */ nsIZipReader** aZipReader,
+                           /* out, optional */ nsIX509Cert** aSignerCert) {
+  NS_ENSURE_ARG_POINTER(aJarFile);
+
+  if (aZipReader) {
+    *aZipReader = nullptr;
+  }
+
+  if (aSignerCert) {
+    *aSignerCert = nullptr;
+  }
+
+  nsresult rv;
+
+  static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
+  nsCOMPtr<nsIZipReader> zip = do_CreateInstance(kZipReaderCID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = zip->Open(aJarFile);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  bool pk7Verified = false;
+  bool coseVerified = false;
+  nsTHashtable<nsCStringHashKey> ignoredFiles;
+  nsTArray<uint8_t> pkcs7CertDER;
+  nsTArray<uint8_t> coseCertDER;
+
+  // First we have to verify the PKCS#7 signature if there is one.
+  // This signature covers all files (except for the signature files itself),
+  // including the COSE signature files. Only when this verification is
+  // successful the respective files will be ignored in the subsequent COSE
+  // signature verification.
+  if (aPolicy.ProcessPK7()) {
+    rv = VerifyPK7Signature(aTrustedRoot, zip, aPolicy, ignoredFiles,
+                            pk7Verified, pkcs7CertDER);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  if (aPolicy.ProcessCOSE()) {
+    rv = VerifyCOSESignature(aTrustedRoot, zip, aPolicy, ignoredFiles,
+                             coseVerified, coseCertDER);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  // Bits 1 and 2
+  // 00 = Didn't Process PKCS#7 signatures
+  // 01 = Processed but no valid cert or signature
+  // 10 = Processed and valid cert found, but addon didn't match manifest
+  // 11 = Processed and valid.
+  // Bits 3 and 4 are the same but for COSE.
+  uint32_t bucket = 0;
+  bucket += aPolicy.ProcessCOSE();
+  bucket += !coseCertDER.IsEmpty();
+  bucket += coseVerified;
+  bucket <<= 2;
+  bucket += aPolicy.ProcessPK7();
+  bucket += !pkcs7CertDER.IsEmpty();
+  bucket += pk7Verified;
+  Telemetry::Accumulate(Telemetry::ADDON_SIGNATURE_VERIFICATION_STATUS, bucket);
+
+  if ((aPolicy.PK7Required() && !pk7Verified) ||
+      (aPolicy.COSERequired() && !coseVerified)) {
+    return NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE;
+  }
+
+  // Return the reader to the caller if they want it
+  if (aZipReader) {
+    zip.forget(aZipReader);
+  }
+
+  // Return the signer's certificate to the reader if they want it.
+  if (aSignerCert) {
+    // The COSE certificate is authoritative.
+    if (aPolicy.COSERequired() || !coseCertDER.IsEmpty()) {
+      if (coseCertDER.IsEmpty()) {
+        return NS_ERROR_FAILURE;
+      }
+      nsCOMPtr<nsIX509Cert> signerCert(
+          new nsNSSCertificate(std::move(coseCertDER)));
+      signerCert.forget(aSignerCert);
+    } else {
+      if (pkcs7CertDER.IsEmpty()) {
+        return NS_ERROR_FAILURE;
+      }
+      nsCOMPtr<nsIX509Cert> signerCert(
+          new nsNSSCertificate(std::move(pkcs7CertDER)));
+      signerCert.forget(aSignerCert);
+    }
+  }
+
+  return NS_OK;
+}
+
+class OpenSignedAppFileTask final : public CryptoTask {
+ public:
+  OpenSignedAppFileTask(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
+                        SignaturePolicy aPolicy,
+                        nsIOpenSignedAppFileCallback* aCallback)
+      : mTrustedRoot(aTrustedRoot),
+        mJarFile(aJarFile),
+        mPolicy(aPolicy),
+        mCallback(new nsMainThreadPtrHolder<nsIOpenSignedAppFileCallback>(
+            "OpenSignedAppFileTask::mCallback", aCallback)) {}
+
+ private:
+  virtual nsresult CalculateResult() override {
+    return OpenSignedAppFile(mTrustedRoot, mJarFile, mPolicy,
+                             getter_AddRefs(mZipReader),
+                             getter_AddRefs(mSignerCert));
+  }
+
+  virtual void CallCallback(nsresult rv) override {
+    (void)mCallback->OpenSignedAppFileFinished(rv, mZipReader, mSignerCert);
+  }
+
+  const AppTrustedRoot mTrustedRoot;
+  const nsCOMPtr<nsIFile> mJarFile;
+  const SignaturePolicy mPolicy;
+  nsMainThreadPtrHandle<nsIOpenSignedAppFileCallback> mCallback;
+  nsCOMPtr<nsIZipReader> mZipReader;  // out
+  nsCOMPtr<nsIX509Cert> mSignerCert;  // out
+};
+
+static const int32_t sDefaultSignaturePolicy = 0b10;
+
+}  // unnamed namespace
+
+NS_IMETHODIMP
+nsNSSCertificateDB::OpenSignedAppFileAsync(
+    AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
+    nsIOpenSignedAppFileCallback* aCallback) {
+  NS_ENSURE_ARG_POINTER(aJarFile);
+  NS_ENSURE_ARG_POINTER(aCallback);
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  int32_t policyInt =
+      Preferences::GetInt("security.signed_app_signatures.policy",
+                          static_cast<int32_t>(sDefaultSignaturePolicy));
+  SignaturePolicy policy(policyInt);
+  RefPtr<OpenSignedAppFileTask> task(
+      new OpenSignedAppFileTask(aTrustedRoot, aJarFile, policy, aCallback));
+  return task->Dispatch();
+}
diff --git a/security/manager/ssl/AppTrustDomain.cpp b/security/manager/ssl/AppTrustDomain.cpp
new file mode 100644
index 0000000000..2cdf275ade
--- /dev/null
+++ b/security/manager/ssl/AppTrustDomain.cpp
@@ -0,0 +1,319 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "AppTrustDomain.h"
+
+#include "MainThreadUtils.h"
+#include "cert_storage/src/cert_storage.h"
+// FIXME: these two must be included before certdb.h {
+#include "seccomon.h"
+#include "certt.h"
+// }
+#include "certdb.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozpkix/pkixnss.h"
+#include "NSSCertDBTrustDomain.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsIContentSignatureVerifier.h"
+#include "nsIX509CertDB.h"
+#include "nsNSSCertificate.h"
+#include "nsNetUtil.h"
+#include "prerror.h"
+
+// Generated by gen_cert_header.py, which gets called by the build system.
+#include "xpcshell.inc"
+// Add-on signing Certificates
+#include "addons-public.inc"
+#include "addons-public-intermediate.inc"
+#include "addons-stage.inc"
+// Content signature root certificates
+#include "content-signature-dev.inc"
+#include "content-signature-local.inc"
+#include "content-signature-prod.inc"
+#include "content-signature-stage.inc"
+
+using namespace mozilla::pkix;
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+namespace mozilla {
+namespace psm {
+
+AppTrustDomain::AppTrustDomain(nsTArray<Span<const uint8_t>>&& collectedCerts)
+    : mIntermediates(std::move(collectedCerts)),
+      mCertBlocklist(do_GetService(NS_CERT_STORAGE_CID)) {}
+
+nsresult AppTrustDomain::SetTrustedRoot(AppTrustedRoot trustedRoot) {
+  switch (trustedRoot) {
+    case nsIX509CertDB::AppXPCShellRoot:
+      mTrustedRoot = {xpcshellRoot};
+      break;
+
+    case nsIX509CertDB::AddonsPublicRoot:
+      mTrustedRoot = {addonsPublicRoot};
+      break;
+
+    case nsIX509CertDB::AddonsStageRoot:
+      mTrustedRoot = {addonsStageRoot};
+      break;
+
+    case nsIContentSignatureVerifier::ContentSignatureLocalRoot:
+      mTrustedRoot = {contentSignatureLocalRoot};
+      break;
+
+    case nsIContentSignatureVerifier::ContentSignatureProdRoot:
+      mTrustedRoot = {contentSignatureProdRoot};
+      break;
+
+    case nsIContentSignatureVerifier::ContentSignatureStageRoot:
+      mTrustedRoot = {contentSignatureStageRoot};
+      break;
+
+    case nsIContentSignatureVerifier::ContentSignatureDevRoot:
+      mTrustedRoot = {contentSignatureDevRoot};
+      break;
+
+    default:
+      return NS_ERROR_INVALID_ARG;
+  }
+
+  // If we're verifying add-ons signed by our production root, we want to make
+  // sure a valid intermediate certificate is available for path building.
+  if (trustedRoot == nsIX509CertDB::AddonsPublicRoot) {
+    mAddonsIntermediate = {addonsPublicIntermediate};
+  }
+
+  return NS_OK;
+}
+
+pkix::Result AppTrustDomain::FindIssuer(Input encodedIssuerName,
+                                        IssuerChecker& checker, Time) {
+  MOZ_ASSERT(!mTrustedRoot.IsEmpty());
+  if (mTrustedRoot.IsEmpty()) {
+    return pkix::Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  nsTArray<Input> candidates;
+  Input rootInput;
+  pkix::Result rv =
+      rootInput.Init(mTrustedRoot.Elements(), mTrustedRoot.Length());
+  // This should never fail, since the possible roots are all hard-coded and
+  // they should never be too long.
+  if (rv != Success) {
+    return rv;
+  }
+  candidates.AppendElement(std::move(rootInput));
+  if (!mAddonsIntermediate.IsEmpty()) {
+    Input intermediateInput;
+    rv = intermediateInput.Init(mAddonsIntermediate.Elements(),
+                                mAddonsIntermediate.Length());
+    // Again, this should never fail for the same reason as above.
+    if (rv != Success) {
+      return rv;
+    }
+    candidates.AppendElement(std::move(intermediateInput));
+  }
+  for (const auto& intermediate : mIntermediates) {
+    Input intermediateInput;
+    rv = intermediateInput.Init(intermediate.Elements(), intermediate.Length());
+    // This is untrusted input, so skip any intermediates that are too large.
+    if (rv != Success) {
+      continue;
+    }
+    candidates.AppendElement(std::move(intermediateInput));
+  }
+
+  for (const auto& candidate : candidates) {
+    bool keepGoing;
+    rv = checker.Check(candidate, nullptr /*additionalNameConstraints*/,
+                       keepGoing);
+    if (rv != Success) {
+      return rv;
+    }
+    if (!keepGoing) {
+      return Success;
+    }
+  }
+
+  // If the above did not succeed in building a verified certificate chain,
+  // fall back to searching for candidates in NSS. This is important in case an
+  // intermediate involved in add-on signing expires before it is replaced. See
+  // bug 1548973.
+  SECItem encodedIssuerNameSECItem = UnsafeMapInputToSECItem(encodedIssuerName);
+  UniqueCERTCertList nssCandidates(CERT_CreateSubjectCertList(
+      nullptr, CERT_GetDefaultCertDB(), &encodedIssuerNameSECItem, 0, false));
+  if (nssCandidates) {
+    for (CERTCertListNode* n = CERT_LIST_HEAD(nssCandidates);
+         !CERT_LIST_END(n, nssCandidates); n = CERT_LIST_NEXT(n)) {
+      Input certDER;
+      pkix::Result rv =
+          certDER.Init(n->cert->derCert.data, n->cert->derCert.len);
+      if (rv != Success) {
+        continue;  // probably too big
+      }
+
+      bool keepGoing;
+      rv = checker.Check(certDER, nullptr /*additionalNameConstraints*/,
+                         keepGoing);
+      if (rv != Success) {
+        return rv;
+      }
+      if (!keepGoing) {
+        break;
+      }
+    }
+  }
+
+  return Success;
+}
+
+pkix::Result AppTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
+                                          const CertPolicyId& policy,
+                                          Input candidateCertDER,
+                                          /*out*/ TrustLevel& trustLevel) {
+  MOZ_ASSERT(policy.IsAnyPolicy());
+  MOZ_ASSERT(!mTrustedRoot.IsEmpty());
+  if (!policy.IsAnyPolicy()) {
+    return pkix::Result::FATAL_ERROR_INVALID_ARGS;
+  }
+  if (mTrustedRoot.IsEmpty()) {
+    return pkix::Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  nsTArray<uint8_t> issuerBytes;
+  nsTArray<uint8_t> serialBytes;
+  nsTArray<uint8_t> subjectBytes;
+  nsTArray<uint8_t> pubKeyBytes;
+
+  pkix::Result result =
+      BuildRevocationCheckArrays(candidateCertDER, endEntityOrCA, issuerBytes,
+                                 serialBytes, subjectBytes, pubKeyBytes);
+  if (result != Success) {
+    return result;
+  }
+
+  int16_t revocationState;
+  nsresult nsrv = mCertBlocklist->GetRevocationState(
+      issuerBytes, serialBytes, subjectBytes, pubKeyBytes, &revocationState);
+  if (NS_FAILED(nsrv)) {
+    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  if (revocationState == nsICertStorage::STATE_ENFORCE) {
+    return pkix::Result::ERROR_REVOKED_CERTIFICATE;
+  }
+
+  // mTrustedRoot is the only trust anchor for this validation.
+  Span<const uint8_t> candidateCertDERSpan = {candidateCertDER.UnsafeGetData(),
+                                              candidateCertDER.GetLength()};
+  if (mTrustedRoot == candidateCertDERSpan) {
+    trustLevel = TrustLevel::TrustAnchor;
+    return Success;
+  }
+
+  trustLevel = TrustLevel::InheritsTrust;
+  return Success;
+}
+
+pkix::Result AppTrustDomain::DigestBuf(Input item, DigestAlgorithm digestAlg,
+                                       /*out*/ uint8_t* digestBuf,
+                                       size_t digestBufLen) {
+  return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen);
+}
+
+pkix::Result AppTrustDomain::CheckRevocation(EndEntityOrCA, const CertID&, Time,
+                                             Duration,
+                                             /*optional*/ const Input*,
+                                             /*optional*/ const Input*,
+                                             /*optional*/ const Input*) {
+  // We don't currently do revocation checking. If we need to distrust an Apps
+  // certificate, we will use the active distrust mechanism.
+  return Success;
+}
+
+pkix::Result AppTrustDomain::IsChainValid(const DERArray& certChain, Time time,
+                                          const CertPolicyId& requiredPolicy) {
+  MOZ_ASSERT(requiredPolicy.IsAnyPolicy());
+  return Success;
+}
+
+pkix::Result AppTrustDomain::CheckSignatureDigestAlgorithm(
+    DigestAlgorithm digestAlg, EndEntityOrCA, Time) {
+  switch (digestAlg) {
+    case DigestAlgorithm::sha256:  // fall through
+    case DigestAlgorithm::sha384:  // fall through
+    case DigestAlgorithm::sha512:
+      return Success;
+    case DigestAlgorithm::sha1:
+      return pkix::Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;
+  }
+  return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+}
+
+pkix::Result AppTrustDomain::CheckRSAPublicKeyModulusSizeInBits(
+    EndEntityOrCA /*endEntityOrCA*/, unsigned int modulusSizeInBits) {
+  if (modulusSizeInBits < 2048u) {
+    return pkix::Result::ERROR_INADEQUATE_KEY_SIZE;
+  }
+  return Success;
+}
+
+pkix::Result AppTrustDomain::VerifyRSAPKCS1SignedData(
+    Input data, DigestAlgorithm digestAlgorithm, Input signature,
+    Input subjectPublicKeyInfo) {
+  // TODO: We should restrict signatures to SHA-256 or better.
+  return VerifyRSAPKCS1SignedDataNSS(data, digestAlgorithm, signature,
+                                     subjectPublicKeyInfo, nullptr);
+}
+
+pkix::Result AppTrustDomain::VerifyRSAPSSSignedData(
+    Input data, DigestAlgorithm digestAlgorithm, Input signature,
+    Input subjectPublicKeyInfo) {
+  return VerifyRSAPSSSignedDataNSS(data, digestAlgorithm, signature,
+                                   subjectPublicKeyInfo, nullptr);
+}
+
+pkix::Result AppTrustDomain::CheckECDSACurveIsAcceptable(
+    EndEntityOrCA /*endEntityOrCA*/, NamedCurve curve) {
+  switch (curve) {
+    case NamedCurve::secp256r1:  // fall through
+    case NamedCurve::secp384r1:  // fall through
+    case NamedCurve::secp521r1:
+      return Success;
+  }
+
+  return pkix::Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+}
+
+pkix::Result AppTrustDomain::VerifyECDSASignedData(
+    Input data, DigestAlgorithm digestAlgorithm, Input signature,
+    Input subjectPublicKeyInfo) {
+  return VerifyECDSASignedDataNSS(data, digestAlgorithm, signature,
+                                  subjectPublicKeyInfo, nullptr);
+}
+
+pkix::Result AppTrustDomain::CheckValidityIsAcceptable(
+    Time /*notBefore*/, Time /*notAfter*/, EndEntityOrCA /*endEntityOrCA*/,
+    KeyPurposeId /*keyPurpose*/) {
+  return Success;
+}
+
+pkix::Result AppTrustDomain::NetscapeStepUpMatchesServerAuth(
+    Time /*notBefore*/,
+    /*out*/ bool& matches) {
+  matches = false;
+  return Success;
+}
+
+void AppTrustDomain::NoteAuxiliaryExtension(AuxiliaryExtension /*extension*/,
+                                            Input /*extensionData*/) {}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/AppTrustDomain.h b/security/manager/ssl/AppTrustDomain.h
new file mode 100644
index 0000000000..4d09cdabdf
--- /dev/null
+++ b/security/manager/ssl/AppTrustDomain.h
@@ -0,0 +1,94 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef AppTrustDomain_h
+#define AppTrustDomain_h
+
+#include "mozilla/Span.h"
+#include "mozpkix/pkixtypes.h"
+#include "nsCOMPtr.h"
+#include "nsDebug.h"
+#include "nsICertStorage.h"
+#include "nsIX509CertDB.h"
+#include "nsTArray.h"
+
+namespace mozilla {
+namespace psm {
+
+class AppTrustDomain final : public mozilla::pkix::TrustDomain {
+ public:
+  typedef mozilla::pkix::Result Result;
+
+  explicit AppTrustDomain(nsTArray<Span<const uint8_t>>&& collectedCerts);
+
+  nsresult SetTrustedRoot(AppTrustedRoot trustedRoot);
+
+  virtual Result GetCertTrust(
+      mozilla::pkix::EndEntityOrCA endEntityOrCA,
+      const mozilla::pkix::CertPolicyId& policy,
+      mozilla::pkix::Input candidateCertDER,
+      /*out*/ mozilla::pkix::TrustLevel& trustLevel) override;
+  virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
+                            IssuerChecker& checker,
+                            mozilla::pkix::Time time) override;
+  virtual Result CheckRevocation(
+      mozilla::pkix::EndEntityOrCA endEntityOrCA,
+      const mozilla::pkix::CertID& certID, mozilla::pkix::Time time,
+      mozilla::pkix::Duration validityDuration,
+      /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse,
+      /*optional*/ const mozilla::pkix::Input* aiaExtension,
+      /*optional*/ const mozilla::pkix::Input* sctExtension) override;
+  virtual Result IsChainValid(
+      const mozilla::pkix::DERArray& certChain, mozilla::pkix::Time time,
+      const mozilla::pkix::CertPolicyId& requiredPolicy) override;
+  virtual Result CheckSignatureDigestAlgorithm(
+      mozilla::pkix::DigestAlgorithm digestAlg,
+      mozilla::pkix::EndEntityOrCA endEntityOrCA,
+      mozilla::pkix::Time notBefore) override;
+  virtual Result CheckRSAPublicKeyModulusSizeInBits(
+      mozilla::pkix::EndEntityOrCA endEntityOrCA,
+      unsigned int modulusSizeInBits) override;
+  virtual Result VerifyRSAPKCS1SignedData(
+      mozilla::pkix::Input data, mozilla::pkix::DigestAlgorithm digestAlgorithm,
+      mozilla::pkix::Input signature,
+      mozilla::pkix::Input subjectPublicKeyInfo) override;
+  virtual Result VerifyRSAPSSSignedData(
+      mozilla::pkix::Input data, mozilla::pkix::DigestAlgorithm digestAlgorithm,
+      mozilla::pkix::Input signature,
+      mozilla::pkix::Input subjectPublicKeyInfo) override;
+  virtual Result CheckECDSACurveIsAcceptable(
+      mozilla::pkix::EndEntityOrCA endEntityOrCA,
+      mozilla::pkix::NamedCurve curve) override;
+  virtual Result VerifyECDSASignedData(
+      mozilla::pkix::Input data, mozilla::pkix::DigestAlgorithm digestAlgorithm,
+      mozilla::pkix::Input signature,
+      mozilla::pkix::Input subjectPublicKeyInfo) override;
+  virtual Result CheckValidityIsAcceptable(
+      mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter,
+      mozilla::pkix::EndEntityOrCA endEntityOrCA,
+      mozilla::pkix::KeyPurposeId keyPurpose) override;
+  virtual Result NetscapeStepUpMatchesServerAuth(
+      mozilla::pkix::Time notBefore,
+      /*out*/ bool& matches) override;
+  virtual void NoteAuxiliaryExtension(
+      mozilla::pkix::AuxiliaryExtension extension,
+      mozilla::pkix::Input extensionData) override;
+  virtual Result DigestBuf(mozilla::pkix::Input item,
+                           mozilla::pkix::DigestAlgorithm digestAlg,
+                           /*out*/ uint8_t* digestBuf,
+                           size_t digestBufLen) override;
+
+ private:
+  Span<const uint8_t> mTrustedRoot;
+  Span<const uint8_t> mAddonsIntermediate;
+  nsTArray<Span<const uint8_t>> mIntermediates;
+  nsCOMPtr<nsICertStorage> mCertBlocklist;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // AppTrustDomain_h
diff --git a/security/manager/ssl/CertStorageMemoryReporting.cpp b/security/manager/ssl/CertStorageMemoryReporting.cpp
new file mode 100644
index 0000000000..524d16fc02
--- /dev/null
+++ b/security/manager/ssl/CertStorageMemoryReporting.cpp
@@ -0,0 +1,17 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIMemoryReporter.h"
+
+// Rust doesn't support weak-linking, so MFBT_API functions like
+// moz_malloc_size_of need a C++ wrapper that uses the regular ABI
+//
+// We're not using MOZ_DEFINE_MALLOC_SIZE_OF here because that makes the
+// function `static`, which would make it not visible outside this file
+extern "C" size_t cert_storage_malloc_size_of(void* aPtr) {
+  MOZ_REPORT(aPtr);
+  return moz_malloc_size_of(aPtr);
+}
diff --git a/security/manager/ssl/CommonSocketControl.cpp b/security/manager/ssl/CommonSocketControl.cpp
new file mode 100644
index 0000000000..f963e763c7
--- /dev/null
+++ b/security/manager/ssl/CommonSocketControl.cpp
@@ -0,0 +1,525 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CommonSocketControl.h"
+
+#include "PublicKeyPinningService.h"
+#include "SharedCertVerifier.h"
+#include "SharedSSLState.h"
+#include "mozilla/ErrorResult.h"
+#include "mozilla/StaticPrefs_network.h"
+#include "mozilla/dom/Promise.h"
+#include "nsICertOverrideService.h"
+#include "nsISocketProvider.h"
+#include "nsITlsHandshakeListener.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "sslt.h"
+
+using namespace mozilla;
+
+extern LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(CommonSocketControl, nsITLSSocketControl)
+
+CommonSocketControl::CommonSocketControl(const nsCString& aHostName,
+                                         int32_t aPort, uint32_t aProviderFlags)
+    : mHostName(aHostName),
+      mPort(aPort),
+      mOriginAttributes(),
+      mCanceled(false),
+      mSessionCacheInfo(),
+      mHandshakeCompleted(false),
+      mJoined(false),
+      mSentClientCert(false),
+      mFailedVerification(false),
+      mSSLVersionUsed(nsITLSSocketControl::SSL_VERSION_UNKNOWN),
+      mProviderFlags(aProviderFlags),
+      mSecurityState(0),
+      mErrorCode(0),
+      mFailedCertChain(),
+      mServerCert(nullptr),
+      mSucceededCertChain(),
+      mCipherSuite(),
+      mKeaGroupName(),
+      mSignatureSchemeName(),
+      mProtocolVersion(),
+      mCertificateTransparencyStatus(0),
+      mIsAcceptedEch(),
+      mIsDelegatedCredential(),
+      mOverridableErrorCategory(),
+      mMadeOCSPRequests(false),
+      mUsedPrivateDNS(false),
+      mIsEV(),
+      mNPNCompleted(false),
+      mNegotiatedNPN(),
+      mResumed(false),
+      mIsBuiltCertChainRootBuiltInRoot(false),
+      mPeerId() {
+#ifdef DEBUG
+  mOwningThread = PR_GetCurrentThread();
+#endif
+}
+
+void CommonSocketControl::SetStatusErrorBits(
+    const nsCOMPtr<nsIX509Cert>& cert,
+    nsITransportSecurityInfo::OverridableErrorCategory
+        overridableErrorCategory) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  SetServerCert(cert, mozilla::psm::EVStatus::NotEV);
+  mOverridableErrorCategory = Some(overridableErrorCategory);
+}
+
+static void CreateCertChain(nsTArray<RefPtr<nsIX509Cert>>& aOutput,
+                            nsTArray<nsTArray<uint8_t>>&& aCertList) {
+  nsTArray<nsTArray<uint8_t>> certList = std::move(aCertList);
+  aOutput.Clear();
+  for (auto& certBytes : certList) {
+    RefPtr<nsIX509Cert> cert = new nsNSSCertificate(std::move(certBytes));
+    aOutput.AppendElement(cert);
+  }
+}
+
+void CommonSocketControl::SetServerCert(
+    const nsCOMPtr<nsIX509Cert>& aServerCert,
+    mozilla::psm::EVStatus aEVStatus) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mServerCert = aServerCert;
+  mIsEV = Some(aEVStatus == mozilla::psm::EVStatus::EV);
+}
+
+void CommonSocketControl::SetSucceededCertChain(
+    nsTArray<nsTArray<uint8_t>>&& aCertList) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  return CreateCertChain(mSucceededCertChain, std::move(aCertList));
+}
+
+void CommonSocketControl::SetFailedCertChain(
+    nsTArray<nsTArray<uint8_t>>&& aCertList) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  return CreateCertChain(mFailedCertChain, std::move(aCertList));
+}
+
+void CommonSocketControl::SetCanceled(PRErrorCode errorCode) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  MOZ_ASSERT(errorCode != 0);
+  if (errorCode == 0) {
+    errorCode = SEC_ERROR_LIBRARY_FAILURE;
+  }
+
+  mErrorCode = errorCode;
+  mCanceled = true;
+}
+
+// NB: GetErrorCode may be called before an error code is set (if ever). In that
+// case, this returns 0, which is treated as a successful value.
+int32_t CommonSocketControl::GetErrorCode() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  // We're in an inconsistent state if we think we've been canceled but no error
+  // code was set or we haven't been canceled but an error code was set.
+  MOZ_ASSERT(
+      !((mCanceled && mErrorCode == 0) || (!mCanceled && mErrorCode != 0)));
+  if ((mCanceled && mErrorCode == 0) || (!mCanceled && mErrorCode != 0)) {
+    mCanceled = true;
+    mErrorCode = SEC_ERROR_LIBRARY_FAILURE;
+  }
+
+  return mErrorCode;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::ProxyStartSSL(void) { return NS_ERROR_NOT_IMPLEMENTED; }
+
+NS_IMETHODIMP
+CommonSocketControl::StartTLS(void) { return NS_ERROR_NOT_IMPLEMENTED; }
+
+NS_IMETHODIMP
+CommonSocketControl::SetNPNList(nsTArray<nsCString>& aNPNList) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetAlpnEarlySelection(nsACString& _retval) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetEarlyDataAccepted(bool* aEarlyDataAccepted) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::DriveHandshake(void) { return NS_ERROR_NOT_IMPLEMENTED; }
+
+NS_IMETHODIMP
+CommonSocketControl::JoinConnection(const nsACString& npnProtocol,
+                                    const nsACString& hostname, int32_t port,
+                                    bool* _retval) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  nsresult rv = TestJoinConnection(npnProtocol, hostname, port, _retval);
+  if (NS_SUCCEEDED(rv) && *_retval) {
+    // All tests pass - this is joinable
+    mJoined = true;
+  }
+  return rv;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::TestJoinConnection(const nsACString& npnProtocol,
+                                        const nsACString& hostname,
+                                        int32_t port, bool* _retval) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *_retval = false;
+
+  // Different ports may not be joined together
+  if (port != GetPort()) return NS_OK;
+
+  // Make sure NPN has been completed and matches requested npnProtocol
+  if (!mNPNCompleted || !mNegotiatedNPN.Equals(npnProtocol)) {
+    return NS_OK;
+  }
+
+  IsAcceptableForHost(hostname, _retval);  // sets _retval
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::IsAcceptableForHost(const nsACString& hostname,
+                                         bool* _retval) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  NS_ENSURE_ARG(_retval);
+
+  *_retval = false;
+
+  // If this is the same hostname then the certicate status does not
+  // need to be considered. They are joinable.
+  if (hostname.Equals(GetHostName())) {
+    *_retval = true;
+    return NS_OK;
+  }
+
+  // Before checking the server certificate we need to make sure the
+  // handshake has completed.
+  if (!mHandshakeCompleted || !HasServerCert()) {
+    return NS_OK;
+  }
+
+  // Security checks can only be skipped when running xpcshell tests.
+  if (PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR")) {
+    nsCOMPtr<nsICertOverrideService> overrideService =
+        do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+    if (overrideService) {
+      bool securityCheckDisabled = false;
+      overrideService->GetSecurityCheckDisabled(&securityCheckDisabled);
+      if (securityCheckDisabled) {
+        *_retval = true;
+        return NS_OK;
+      }
+    }
+  }
+
+  // If the cert has error bits (e.g. it is untrusted) then do not join.
+  if (mOverridableErrorCategory.isSome()) {
+    return NS_OK;
+  }
+
+  // If the connection is using client certificates then do not join
+  // because the user decides on whether to send client certs to hosts on a
+  // per-domain basis.
+  if (mSentClientCert) return NS_OK;
+
+  // Ensure that the server certificate covers the hostname that would
+  // like to join this connection
+
+  nsCOMPtr<nsIX509Cert> cert(GetServerCert());
+  if (!cert) {
+    return NS_OK;
+  }
+  nsTArray<uint8_t> certDER;
+  if (NS_FAILED(cert->GetRawDER(certDER))) {
+    return NS_OK;
+  }
+
+  // An empty mSucceededCertChain means the server certificate verification
+  // failed before, so don't join in this case.
+  if (mSucceededCertChain.IsEmpty()) {
+    return NS_OK;
+  }
+
+  // See where CheckCertHostname() is called in
+  // CertVerifier::VerifySSLServerCert. We are doing the same hostname-specific
+  // checks here. If any hostname-specific checks are added to
+  // CertVerifier::VerifySSLServerCert we need to add them here too.
+  pkix::Input serverCertInput;
+  mozilla::pkix::Result rv =
+      serverCertInput.Init(certDER.Elements(), certDER.Length());
+  if (rv != pkix::Success) {
+    return NS_OK;
+  }
+
+  pkix::Input hostnameInput;
+  rv = hostnameInput.Init(
+      BitwiseCast<const uint8_t*, const char*>(hostname.BeginReading()),
+      hostname.Length());
+  if (rv != pkix::Success) {
+    return NS_OK;
+  }
+
+  rv = CheckCertHostname(serverCertInput, hostnameInput);
+  if (rv != pkix::Success) {
+    return NS_OK;
+  }
+
+  nsTArray<nsTArray<uint8_t>> rawDerCertList;
+  nsTArray<Span<const uint8_t>> derCertSpanList;
+  for (const auto& cert : mSucceededCertChain) {
+    rawDerCertList.EmplaceBack();
+    nsresult nsrv = cert->GetRawDER(rawDerCertList.LastElement());
+    if (NS_FAILED(nsrv)) {
+      return nsrv;
+    }
+    derCertSpanList.EmplaceBack(rawDerCertList.LastElement());
+  }
+  bool chainHasValidPins;
+  nsresult nsrv = mozilla::psm::PublicKeyPinningService::ChainHasValidPins(
+      derCertSpanList, PromiseFlatCString(hostname).BeginReading(), pkix::Now(),
+      mIsBuiltCertChainRootBuiltInRoot, chainHasValidPins, nullptr);
+  if (NS_FAILED(nsrv)) {
+    return NS_OK;
+  }
+
+  if (!chainHasValidPins) {
+    return NS_OK;
+  }
+
+  // All tests pass
+  *_retval = true;
+  return NS_OK;
+}
+
+void CommonSocketControl::RebuildCertificateInfoFromSSLTokenCache() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mSessionCacheInfo) {
+    MOZ_LOG(
+        gPIPNSSLog, LogLevel::Debug,
+        ("CommonSocketControl::RebuildCertificateInfoFromSSLTokenCache cannot "
+         "find cached info."));
+    return;
+  }
+
+  mozilla::net::SessionCacheInfo& info = *mSessionCacheInfo;
+  nsCOMPtr<nsIX509Cert> cert(
+      new nsNSSCertificate(std::move(info.mServerCertBytes)));
+  if (info.mOverridableErrorCategory ==
+      nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET) {
+    SetServerCert(cert, info.mEVStatus);
+  } else {
+    SetStatusErrorBits(cert, info.mOverridableErrorCategory);
+  }
+  SetCertificateTransparencyStatus(info.mCertificateTransparencyStatus);
+  if (info.mSucceededCertChainBytes) {
+    SetSucceededCertChain(std::move(*info.mSucceededCertChainBytes));
+  }
+
+  if (info.mIsBuiltCertChainRootBuiltInRoot) {
+    SetIsBuiltCertChainRootBuiltInRoot(*info.mIsBuiltCertChainRootBuiltInRoot);
+  }
+
+  if (info.mFailedCertChainBytes) {
+    SetFailedCertChain(std::move(*info.mFailedCertChainBytes));
+  }
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetKEAUsed(int16_t* aKEAUsed) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetKEAKeyBits(uint32_t* aKEAKeyBits) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetProviderFlags(uint32_t* aProviderFlags) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aProviderFlags = mProviderFlags;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetSSLVersionUsed(int16_t* aSSLVersionUsed) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aSSLVersionUsed = mSSLVersionUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetSSLVersionOffered(int16_t* aSSLVersionOffered) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetMACAlgorithmUsed(int16_t* aMACAlgorithmUsed) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+bool CommonSocketControl::GetDenyClientCert() { return true; }
+
+void CommonSocketControl::SetDenyClientCert(bool aDenyClientCert) {}
+
+NS_IMETHODIMP
+CommonSocketControl::GetClientCertSent(bool* arg) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *arg = mSentClientCert;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetFailedVerification(bool* arg) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *arg = mFailedVerification;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetEsniTxt(nsACString& aEsniTxt) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::SetEsniTxt(const nsACString& aEsniTxt) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetEchConfig(nsACString& aEchConfig) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::SetEchConfig(const nsACString& aEchConfig) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetRetryEchConfig(nsACString& aEchConfig) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::SetHandshakeCallbackListener(
+    nsITlsHandshakeCallbackListener* callback) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::DisableEarlyData(void) { return NS_ERROR_NOT_IMPLEMENTED; }
+
+NS_IMETHODIMP
+CommonSocketControl::GetPeerId(nsACString& aResult) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mPeerId.IsEmpty()) {
+    aResult.Assign(mPeerId);
+    return NS_OK;
+  }
+
+  if (mProviderFlags &
+      nsISocketProvider::ANONYMOUS_CONNECT) {  // See bug 466080
+    mPeerId.AppendLiteral("anon:");
+  }
+  if (mProviderFlags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    mPeerId.AppendLiteral("private:");
+  }
+  if (mProviderFlags & nsISocketProvider::BE_CONSERVATIVE) {
+    mPeerId.AppendLiteral("beConservative:");
+  }
+
+  mPeerId.Append(mHostName);
+  mPeerId.Append(':');
+  mPeerId.AppendInt(GetPort());
+  nsAutoCString suffix;
+  mOriginAttributes.CreateSuffix(suffix);
+  mPeerId.Append(suffix);
+
+  aResult.Assign(mPeerId);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::GetSecurityInfo(nsITransportSecurityInfo** aSecurityInfo) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  // Make sure peerId is set.
+  nsAutoCString unused;
+  nsresult rv = GetPeerId(unused);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsCOMPtr<nsITransportSecurityInfo> securityInfo(
+      new psm::TransportSecurityInfo(
+          mSecurityState, mErrorCode, mFailedCertChain.Clone(), mServerCert,
+          mSucceededCertChain.Clone(), mCipherSuite, mKeaGroupName,
+          mSignatureSchemeName, mProtocolVersion,
+          mCertificateTransparencyStatus, mIsAcceptedEch,
+          mIsDelegatedCredential, mOverridableErrorCategory, mMadeOCSPRequests,
+          mUsedPrivateDNS, mIsEV, mNPNCompleted, mNegotiatedNPN, mResumed,
+          mIsBuiltCertChainRootBuiltInRoot, mPeerId));
+  securityInfo.forget(aSecurityInfo);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CommonSocketControl::AsyncGetSecurityInfo(JSContext* aCx,
+                                          mozilla::dom::Promise** aPromise) {
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  NS_ENSURE_ARG_POINTER(aCx);
+  NS_ENSURE_ARG_POINTER(aPromise);
+
+  nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
+  if (!globalObject) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  ErrorResult result;
+  RefPtr<mozilla::dom::Promise> promise =
+      mozilla::dom::Promise::Create(globalObject, result);
+  if (result.Failed()) {
+    return result.StealNSResult();
+  }
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "CommonSocketControl::AsyncGetSecurityInfo",
+      [promise, self = RefPtr{this}]() mutable {
+        nsCOMPtr<nsITransportSecurityInfo> securityInfo;
+        nsresult rv = self->GetSecurityInfo(getter_AddRefs(securityInfo));
+        nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+            "CommonSocketControl::AsyncGetSecurityInfoResolve",
+            [rv, promise = std::move(promise),
+             securityInfo = std::move(securityInfo)]() {
+              if (NS_FAILED(rv)) {
+                promise->MaybeReject(rv);
+              } else {
+                promise->MaybeResolve(securityInfo);
+              }
+            }));
+        NS_DispatchToMainThread(runnable.forget());
+      }));
+  nsCOMPtr<nsIEventTarget> target(
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID));
+  if (!target) {
+    return NS_ERROR_FAILURE;
+  }
+  nsresult rv = target->Dispatch(runnable, NS_DISPATCH_NORMAL);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  promise.forget(aPromise);
+  return NS_OK;
+}
+
+NS_IMETHODIMP CommonSocketControl::Claim() { return NS_ERROR_NOT_IMPLEMENTED; }
diff --git a/security/manager/ssl/CommonSocketControl.h b/security/manager/ssl/CommonSocketControl.h
new file mode 100644
index 0000000000..4ff8bd4094
--- /dev/null
+++ b/security/manager/ssl/CommonSocketControl.h
@@ -0,0 +1,191 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CommonSocketControl_h
+#define CommonSocketControl_h
+
+#include "CertVerifier.h"
+#include "TransportSecurityInfo.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/net/SSLTokensCache.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsITLSSocketControl.h"
+#include "nsSocketTransportService2.h"
+
+#ifdef DEBUG
+#  include "prthread.h"
+#  define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
+    MOZ_ASSERT(mOwningThread == PR_GetCurrentThread())
+#else
+#  define COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() \
+    do {                                                  \
+    } while (false)
+#endif
+
+// CommonSocketControl is the base class that implements nsITLSSocketControl.
+// Various concrete TLS socket control implementations inherit from this class.
+// Currently these implementations consist of NSSSocketControl (a socket
+// control for NSS) and QuicSocketControl (a socket control for quic).
+// NB: these classes must only be used on the socket thread (the one exception
+// being tests that incidentally use CommonSocketControl on the main thread
+// (and only the main thread)). This is enforced via the macro
+// COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD() that should be called at the
+// beginning of every function in this class and all subclasses.
+class CommonSocketControl : public nsITLSSocketControl {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSITLSSOCKETCONTROL
+
+  CommonSocketControl(const nsCString& aHostName, int32_t aPort,
+                      uint32_t aProviderFlags);
+
+  // Use "errorCode" 0 to indicate success.
+  virtual void SetCertVerificationResult(PRErrorCode errorCode) {
+    MOZ_ASSERT_UNREACHABLE("Subclasses must override this.");
+  }
+
+  const nsACString& GetHostName() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mHostName;
+  }
+  int32_t GetPort() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mPort;
+  }
+  void SetMadeOCSPRequests(bool aMadeOCSPRequests) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mMadeOCSPRequests = aMadeOCSPRequests;
+  }
+  bool GetMadeOCSPRequests() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mMadeOCSPRequests;
+  }
+  void SetUsedPrivateDNS(bool aUsedPrivateDNS) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mUsedPrivateDNS = aUsedPrivateDNS;
+  }
+  bool GetUsedPrivateDNS() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mUsedPrivateDNS;
+  }
+
+  void SetServerCert(const nsCOMPtr<nsIX509Cert>& aServerCert,
+                     mozilla::psm::EVStatus aEVStatus);
+  already_AddRefed<nsIX509Cert> GetServerCert() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return do_AddRef(mServerCert);
+  }
+  bool HasServerCert() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mServerCert != nullptr;
+  }
+  void SetStatusErrorBits(const nsCOMPtr<nsIX509Cert>& cert,
+                          nsITransportSecurityInfo::OverridableErrorCategory
+                              overridableErrorCategory);
+  bool HasUserOverriddenCertificateError() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mOverridableErrorCategory.isSome() &&
+           *mOverridableErrorCategory !=
+               nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
+  }
+  void SetSucceededCertChain(nsTArray<nsTArray<uint8_t>>&& certList);
+  void SetFailedCertChain(nsTArray<nsTArray<uint8_t>>&& certList);
+  void SetIsBuiltCertChainRootBuiltInRoot(
+      bool aIsBuiltCertChainRootBuiltInRoot) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mIsBuiltCertChainRootBuiltInRoot = aIsBuiltCertChainRootBuiltInRoot;
+  }
+  void SetCertificateTransparencyStatus(
+      uint16_t aCertificateTransparencyStatus) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mCertificateTransparencyStatus = aCertificateTransparencyStatus;
+  }
+  void SetOriginAttributes(const mozilla::OriginAttributes& aOriginAttributes) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mOriginAttributes = aOriginAttributes;
+  }
+  mozilla::OriginAttributes& GetOriginAttributes() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mOriginAttributes;
+  }
+
+  void SetSecurityState(uint32_t aSecurityState) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mSecurityState = aSecurityState;
+  }
+  void SetResumed(bool aResumed) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mResumed = aResumed;
+  }
+
+  uint32_t GetProviderFlags() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mProviderFlags;
+  }
+  void SetSSLVersionUsed(uint16_t version) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mSSLVersionUsed = version;
+  }
+  void SetSessionCacheInfo(mozilla::net::SessionCacheInfo&& aInfo) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mSessionCacheInfo.reset();
+    mSessionCacheInfo.emplace(std::move(aInfo));
+  }
+  void RebuildCertificateInfoFromSSLTokenCache();
+  void SetCanceled(PRErrorCode errorCode);
+  bool IsCanceled() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mCanceled;
+  }
+  int32_t GetErrorCode();
+
+ protected:
+  virtual ~CommonSocketControl() = default;
+
+  nsCString mHostName;
+  int32_t mPort;
+  mozilla::OriginAttributes mOriginAttributes;
+
+  bool mCanceled;
+  mozilla::Maybe<mozilla::net::SessionCacheInfo> mSessionCacheInfo;
+  bool mHandshakeCompleted;
+  bool mJoined;
+  bool mSentClientCert;
+  bool mFailedVerification;
+  uint16_t mSSLVersionUsed;
+  uint32_t mProviderFlags;
+
+  // Fields used to build a TransportSecurityInfo
+  uint32_t mSecurityState;
+  PRErrorCode mErrorCode;
+  // Peer cert chain for failed connections.
+  nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain;
+  nsCOMPtr<nsIX509Cert> mServerCert;
+  nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain;
+  mozilla::Maybe<uint16_t> mCipherSuite;
+  mozilla::Maybe<nsCString> mKeaGroupName;
+  mozilla::Maybe<nsCString> mSignatureSchemeName;
+  mozilla::Maybe<uint16_t> mProtocolVersion;
+  uint16_t mCertificateTransparencyStatus;
+  mozilla::Maybe<bool> mIsAcceptedEch;
+  mozilla::Maybe<bool> mIsDelegatedCredential;
+  mozilla::Maybe<nsITransportSecurityInfo::OverridableErrorCategory>
+      mOverridableErrorCategory;
+  bool mMadeOCSPRequests;
+  bool mUsedPrivateDNS;
+  mozilla::Maybe<bool> mIsEV;
+  bool mNPNCompleted;
+  nsCString mNegotiatedNPN;
+  bool mResumed;
+  bool mIsBuiltCertChainRootBuiltInRoot;
+  nsCString mPeerId;
+
+#ifdef DEBUG
+  const PRThread* mOwningThread;
+#endif
+};
+
+#endif  // CommonSocketControl_h
diff --git a/security/manager/ssl/ContentSignatureVerifier.cpp b/security/manager/ssl/ContentSignatureVerifier.cpp
new file mode 100644
index 0000000000..bc0a7c5d06
--- /dev/null
+++ b/security/manager/ssl/ContentSignatureVerifier.cpp
@@ -0,0 +1,454 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ContentSignatureVerifier.h"
+
+#include "AppTrustDomain.h"
+#include "CryptoTask.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Logging.h"
+#include "mozilla/dom/Promise.h"
+#include "nsCOMPtr.h"
+#include "nsPromiseFlatString.h"
+#include "nsSecurityHeaderParser.h"
+#include "nsWhitespaceTokenizer.h"
+#include "mozpkix/pkix.h"
+#include "mozpkix/pkixtypes.h"
+#include "mozpkix/pkixutil.h"
+#include "secerr.h"
+#include "ssl.h"
+
+NS_IMPL_ISUPPORTS(ContentSignatureVerifier, nsIContentSignatureVerifier)
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+using dom::Promise;
+
+static LazyLogModule gCSVerifierPRLog("ContentSignatureVerifier");
+#define CSVerifier_LOG(args) MOZ_LOG(gCSVerifierPRLog, LogLevel::Debug, args)
+
+// Content-Signature prefix
+const unsigned char kPREFIX[] = {'C', 'o', 'n', 't', 'e', 'n', 't',
+                                 '-', 'S', 'i', 'g', 'n', 'a', 't',
+                                 'u', 'r', 'e', ':', 0};
+
+class VerifyContentSignatureTask : public CryptoTask {
+ public:
+  VerifyContentSignatureTask(const nsACString& aData,
+                             const nsACString& aCSHeader,
+                             const nsACString& aCertChain,
+                             const nsACString& aHostname,
+                             AppTrustedRoot aTrustedRoot,
+                             RefPtr<Promise>& aPromise)
+      : mData(aData),
+        mCSHeader(aCSHeader),
+        mCertChain(aCertChain),
+        mHostname(aHostname),
+        mTrustedRoot(aTrustedRoot),
+        mSignatureVerified(false),
+        mPromise(new nsMainThreadPtrHolder<Promise>(
+            "VerifyContentSignatureTask::mPromise", aPromise)) {}
+
+ private:
+  virtual nsresult CalculateResult() override;
+  virtual void CallCallback(nsresult rv) override;
+
+  nsCString mData;
+  nsCString mCSHeader;
+  nsCString mCertChain;
+  nsCString mHostname;
+  AppTrustedRoot mTrustedRoot;
+  bool mSignatureVerified;
+  nsMainThreadPtrHandle<Promise> mPromise;
+};
+
+NS_IMETHODIMP
+ContentSignatureVerifier::AsyncVerifyContentSignature(
+    const nsACString& aData, const nsACString& aCSHeader,
+    const nsACString& aCertChain, const nsACString& aHostname,
+    AppTrustedRoot aTrustedRoot, JSContext* aCx, Promise** aPromise) {
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
+  if (NS_WARN_IF(!globalObject)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  ErrorResult result;
+  RefPtr<Promise> promise = Promise::Create(globalObject, result);
+  if (NS_WARN_IF(result.Failed())) {
+    return result.StealNSResult();
+  }
+
+  RefPtr<VerifyContentSignatureTask> task(new VerifyContentSignatureTask(
+      aData, aCSHeader, aCertChain, aHostname, aTrustedRoot, promise));
+  nsresult rv = task->Dispatch();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  promise.forget(aPromise);
+  return NS_OK;
+}
+
+static nsresult VerifyContentSignatureInternal(
+    const nsACString& aData, const nsACString& aCSHeader,
+    const nsACString& aCertChain, const nsACString& aHostname,
+    AppTrustedRoot aTrustedRoot,
+    /* out */
+    mozilla::Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS&
+        aErrorLabel,
+    /* out */ nsACString& aCertFingerprint, /* out */ uint32_t& aErrorValue);
+static nsresult ParseContentSignatureHeader(
+    const nsACString& aContentSignatureHeader,
+    /* out */ nsCString& aSignature);
+
+nsresult VerifyContentSignatureTask::CalculateResult() {
+  // 3 is the default, non-specific, "something failed" error.
+  Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS errorLabel =
+      Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err3;
+  nsAutoCString certFingerprint;
+  uint32_t errorValue = 3;
+  nsresult rv = VerifyContentSignatureInternal(
+      mData, mCSHeader, mCertChain, mHostname, mTrustedRoot, errorLabel,
+      certFingerprint, errorValue);
+  if (NS_FAILED(rv)) {
+    CSVerifier_LOG(("CSVerifier: Signature verification failed"));
+    if (certFingerprint.Length() > 0) {
+      Telemetry::AccumulateCategoricalKeyed(certFingerprint, errorLabel);
+    }
+    Accumulate(Telemetry::CONTENT_SIGNATURE_VERIFICATION_STATUS, errorValue);
+    if (rv == NS_ERROR_INVALID_SIGNATURE) {
+      return NS_OK;
+    }
+    return rv;
+  }
+
+  mSignatureVerified = true;
+  Accumulate(Telemetry::CONTENT_SIGNATURE_VERIFICATION_STATUS, 0);
+
+  return NS_OK;
+}
+
+void VerifyContentSignatureTask::CallCallback(nsresult rv) {
+  if (NS_FAILED(rv)) {
+    mPromise->MaybeReject(rv);
+  } else {
+    mPromise->MaybeResolve(mSignatureVerified);
+  }
+}
+
+bool IsNewLine(char16_t c) { return c == '\n' || c == '\r'; }
+
+nsresult ReadChainIntoCertList(const nsACString& aCertChain,
+                               nsTArray<nsTArray<uint8_t>>& aCertList) {
+  bool inBlock = false;
+  bool certFound = false;
+
+  const nsCString header = "-----BEGIN CERTIFICATE-----"_ns;
+  const nsCString footer = "-----END CERTIFICATE-----"_ns;
+
+  nsCWhitespaceTokenizerTemplate<IsNewLine> tokenizer(aCertChain);
+
+  nsAutoCString blockData;
+  while (tokenizer.hasMoreTokens()) {
+    nsDependentCSubstring token = tokenizer.nextToken();
+    if (token.IsEmpty()) {
+      continue;
+    }
+    if (inBlock) {
+      if (token.Equals(footer)) {
+        inBlock = false;
+        certFound = true;
+        // base64 decode data, make certs, append to chain
+        nsAutoCString derString;
+        nsresult rv = Base64Decode(blockData, derString);
+        if (NS_FAILED(rv)) {
+          CSVerifier_LOG(("CSVerifier: decoding the signature failed"));
+          return rv;
+        }
+        nsTArray<uint8_t> derBytes(derString.Data(), derString.Length());
+        aCertList.AppendElement(std::move(derBytes));
+      } else {
+        blockData.Append(token);
+      }
+    } else if (token.Equals(header)) {
+      inBlock = true;
+      blockData = "";
+    }
+  }
+  if (inBlock || !certFound) {
+    // the PEM data did not end; bad data.
+    CSVerifier_LOG(("CSVerifier: supplied chain contains bad data"));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+// Given data to verify, a content signature header value, a string representing
+// a list of PEM-encoded certificates, and a hostname to validate the
+// certificates against, this function attempts to validate the certificate
+// chain, extract the signature from the header, and verify the data using the
+// key in the end-entity certificate from the chain. Returns NS_OK if everything
+// is satisfactory and a failing nsresult otherwise. The output parameters are
+// filled with telemetry data to report in the case of failures.
+static nsresult VerifyContentSignatureInternal(
+    const nsACString& aData, const nsACString& aCSHeader,
+    const nsACString& aCertChain, const nsACString& aHostname,
+    AppTrustedRoot aTrustedRoot,
+    /* out */
+    Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS& aErrorLabel,
+    /* out */ nsACString& aCertFingerprint,
+    /* out */ uint32_t& aErrorValue) {
+  nsTArray<nsTArray<uint8_t>> certList;
+  nsresult rv = ReadChainIntoCertList(aCertChain, certList);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (certList.Length() < 1) {
+    return NS_ERROR_FAILURE;
+  }
+  // The 0th element should be the end-entity that issued the content
+  // signature.
+  nsTArray<uint8_t>& certBytes(certList.ElementAt(0));
+  Input certInput;
+  mozilla::pkix::Result result =
+      certInput.Init(certBytes.Elements(), certBytes.Length());
+  if (result != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Get EE certificate fingerprint for telemetry.
+  unsigned char fingerprint[SHA256_LENGTH] = {0};
+  SECStatus srv =
+      PK11_HashBuf(SEC_OID_SHA256, fingerprint, certInput.UnsafeGetData(),
+                   certInput.GetLength());
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  SECItem fingerprintItem = {siBuffer, fingerprint, SHA256_LENGTH};
+  UniquePORTString tmpFingerprintString(
+      CERT_Hexify(&fingerprintItem, false /* don't use colon delimiters */));
+  if (!tmpFingerprintString) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  aCertFingerprint.Assign(tmpFingerprintString.get());
+
+  nsTArray<Span<const uint8_t>> certSpans;
+  // Collect just the CAs.
+  for (size_t i = 1; i < certList.Length(); i++) {
+    Span<const uint8_t> certSpan(certList.ElementAt(i).Elements(),
+                                 certList.ElementAt(i).Length());
+    certSpans.AppendElement(std::move(certSpan));
+  }
+  AppTrustDomain trustDomain(std::move(certSpans));
+  rv = trustDomain.SetTrustedRoot(aTrustedRoot);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // Check the signerCert chain is good
+  result = BuildCertChain(
+      trustDomain, certInput, Now(), EndEntityOrCA::MustBeEndEntity,
+      KeyUsage::noParticularKeyUsageRequired, KeyPurposeId::id_kp_codeSigning,
+      CertPolicyId::anyPolicy, nullptr /*stapledOCSPResponse*/);
+  if (result != Success) {
+    // if there was a library error, return an appropriate error
+    if (IsFatalError(result)) {
+      return NS_ERROR_FAILURE;
+    }
+    // otherwise, assume the signature was invalid
+    if (result == mozilla::pkix::Result::ERROR_EXPIRED_CERTIFICATE) {
+      aErrorLabel =
+          Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err4;
+      aErrorValue = 4;
+    } else if (result ==
+               mozilla::pkix::Result::ERROR_NOT_YET_VALID_CERTIFICATE) {
+      aErrorLabel =
+          Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err5;
+      aErrorValue = 5;
+    } else {
+      // Building cert chain failed for some other reason.
+      aErrorLabel =
+          Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err6;
+      aErrorValue = 6;
+    }
+    CSVerifier_LOG(("CSVerifier: The supplied chain is bad (%s)",
+                    MapResultToName(result)));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  // Check the SAN
+  Input hostnameInput;
+
+  result = hostnameInput.Init(
+      BitwiseCast<const uint8_t*, const char*>(aHostname.BeginReading()),
+      aHostname.Length());
+  if (result != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result = CheckCertHostname(certInput, hostnameInput);
+  if (result != Success) {
+    // EE cert isnot valid for the given host name.
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err7;
+    aErrorValue = 7;
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  pkix::BackCert backCert(certInput, EndEntityOrCA::MustBeEndEntity, nullptr);
+  result = backCert.Init();
+  // This should never fail, because we've already built a verified certificate
+  // chain with this certificate.
+  if (result != Success) {
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err8;
+    aErrorValue = 8;
+    CSVerifier_LOG(("CSVerifier: couldn't decode certificate to get spki"));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+  Input spkiInput = backCert.GetSubjectPublicKeyInfo();
+  SECItem spkiItem = {siBuffer, const_cast<uint8_t*>(spkiInput.UnsafeGetData()),
+                      spkiInput.GetLength()};
+  UniqueCERTSubjectPublicKeyInfo spki(
+      SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+  if (!spki) {
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err8;
+    aErrorValue = 8;
+    CSVerifier_LOG(("CSVerifier: couldn't decode spki"));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+  mozilla::UniqueSECKEYPublicKey key(SECKEY_ExtractPublicKey(spki.get()));
+  if (!key) {
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err8;
+    aErrorValue = 8;
+    CSVerifier_LOG(("CSVerifier: unable to extract a key"));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  nsAutoCString signature;
+  rv = ParseContentSignatureHeader(aCSHeader, signature);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Base 64 decode the signature
+  nsAutoCString rawSignature;
+  rv = Base64Decode(signature, rawSignature);
+  if (NS_FAILED(rv)) {
+    CSVerifier_LOG(("CSVerifier: decoding the signature failed"));
+    return rv;
+  }
+
+  // get signature object
+  ScopedAutoSECItem signatureItem;
+  SECItem rawSignatureItem = {
+      siBuffer,
+      BitwiseCast<unsigned char*, const char*>(rawSignature.get()),
+      uint32_t(rawSignature.Length()),
+  };
+  // We have a raw ecdsa signature r||s so we have to DER-encode it first
+  // Note that we have to check rawSignatureItem->len % 2 here as
+  // DSAU_EncodeDerSigWithLen asserts this
+  if (rawSignatureItem.len == 0 || rawSignatureItem.len % 2 != 0) {
+    CSVerifier_LOG(("CSVerifier: signature length is bad"));
+    return NS_ERROR_FAILURE;
+  }
+  if (DSAU_EncodeDerSigWithLen(&signatureItem, &rawSignatureItem,
+                               rawSignatureItem.len) != SECSuccess) {
+    CSVerifier_LOG(("CSVerifier: encoding the signature failed"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // this is the only OID we support for now
+  SECOidTag oid = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
+  mozilla::UniqueVFYContext cx(
+      VFY_CreateContext(key.get(), &signatureItem, oid, nullptr));
+  if (!cx) {
+    // Creating context failed.
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err9;
+    aErrorValue = 9;
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  if (VFY_Begin(cx.get()) != SECSuccess) {
+    // Creating context failed.
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err9;
+    aErrorValue = 9;
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+  if (VFY_Update(cx.get(), kPREFIX, sizeof(kPREFIX)) != SECSuccess) {
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err1;
+    aErrorValue = 1;
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+  if (VFY_Update(cx.get(),
+                 reinterpret_cast<const unsigned char*>(aData.BeginReading()),
+                 aData.Length()) != SECSuccess) {
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err1;
+    aErrorValue = 1;
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+  if (VFY_End(cx.get()) != SECSuccess) {
+    aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err1;
+    aErrorValue = 1;
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  return NS_OK;
+}
+
+static nsresult ParseContentSignatureHeader(
+    const nsACString& aContentSignatureHeader,
+    /* out */ nsCString& aSignature) {
+  // We only support p384 ecdsa.
+  constexpr auto signature_var = "p384ecdsa"_ns;
+
+  aSignature.Truncate();
+
+  const nsCString& flatHeader = PromiseFlatCString(aContentSignatureHeader);
+  nsSecurityHeaderParser parser(flatHeader);
+  nsresult rv = parser.Parse();
+  if (NS_FAILED(rv)) {
+    CSVerifier_LOG(("CSVerifier: could not parse ContentSignature header"));
+    return NS_ERROR_FAILURE;
+  }
+  LinkedList<nsSecurityHeaderDirective>* directives = parser.GetDirectives();
+
+  for (nsSecurityHeaderDirective* directive = directives->getFirst();
+       directive != nullptr; directive = directive->getNext()) {
+    CSVerifier_LOG(
+        ("CSVerifier: found directive '%s'", directive->mName.get()));
+    if (directive->mName.EqualsIgnoreCase(signature_var)) {
+      if (!aSignature.IsEmpty()) {
+        CSVerifier_LOG(("CSVerifier: found two ContentSignatures"));
+        return NS_ERROR_INVALID_SIGNATURE;
+      }
+
+      CSVerifier_LOG(("CSVerifier: found a ContentSignature directive"));
+      aSignature.Assign(directive->mValue);
+    }
+  }
+
+  // we have to ensure that we found a signature at this point
+  if (aSignature.IsEmpty()) {
+    CSVerifier_LOG(
+        ("CSVerifier: got a Content-Signature header but didn't find a "
+         "signature."));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Bug 769521: We have to change b64 url to regular encoding as long as we
+  // don't have a b64 url decoder. This should change soon, but in the meantime
+  // we have to live with this.
+  aSignature.ReplaceChar('-', '+');
+  aSignature.ReplaceChar('_', '/');
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/ContentSignatureVerifier.h b/security/manager/ssl/ContentSignatureVerifier.h
new file mode 100644
index 0000000000..a10c9fe89c
--- /dev/null
+++ b/security/manager/ssl/ContentSignatureVerifier.h
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ContentSignatureVerifier_h
+#define ContentSignatureVerifier_h
+
+#include "nsIContentSignatureVerifier.h"
+#include "nsString.h"
+
+// 45a5fe2f-c350-4b86-962d-02d5aaaa955a
+#define NS_CONTENTSIGNATUREVERIFIER_CID              \
+  {                                                  \
+    0x45a5fe2f, 0xc350, 0x4b86, {                    \
+      0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a \
+    }                                                \
+  }
+#define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \
+  "@mozilla.org/security/contentsignatureverifier;1"
+
+class ContentSignatureVerifier final : public nsIContentSignatureVerifier {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICONTENTSIGNATUREVERIFIER
+
+ private:
+  ~ContentSignatureVerifier() = default;
+};
+
+#endif  // ContentSignatureVerifier_h
diff --git a/security/manager/ssl/CredentialManagerSecret.cpp b/security/manager/ssl/CredentialManagerSecret.cpp
new file mode 100644
index 0000000000..fdfe7b8ea8
--- /dev/null
+++ b/security/manager/ssl/CredentialManagerSecret.cpp
@@ -0,0 +1,114 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CredentialManagerSecret.h"
+
+#include <windows.h>
+#include <wincred.h>
+
+#include "mozilla/Logging.h"
+#include "mozilla/SyncRunnable.h"
+
+// This is the implementation of CredentialManagerSecretSecret, an instantiation
+// of OSKeyStore for Windows. It uses the system credential manager, hence the
+// name.
+
+using namespace mozilla;
+
+LazyLogModule gCredentialManagerSecretLog("credentialmanagersecret");
+struct ScopedDelete {
+  void operator()(CREDENTIALA* cred) { CredFree(cred); }
+};
+
+template <class T>
+struct ScopedMaybeDelete {
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDelete del;
+      del(ptr);
+    }
+  }
+};
+typedef std::unique_ptr<CREDENTIALA, ScopedMaybeDelete<CREDENTIALA>>
+    ScopedCREDENTIALA;
+
+CredentialManagerSecret::CredentialManagerSecret() {}
+
+CredentialManagerSecret::~CredentialManagerSecret() {}
+
+nsresult CredentialManagerSecret::Lock() {
+  // The Windows credential manager can't be locked.
+  return NS_OK;
+}
+
+nsresult CredentialManagerSecret::Unlock() {
+  // The Windows credential manager is always unlocked when the user is logged
+  // in.
+  return NS_OK;
+}
+
+nsresult CredentialManagerSecret::StoreSecret(const nsACString& aSecret,
+                                              const nsACString& aLabel) {
+  if (aSecret.Length() > CRED_MAX_CREDENTIAL_BLOB_SIZE) {
+    // Windows doesn't allow blobs larger than CRED_MAX_CREDENTIAL_BLOB_SIZE
+    // bytes.
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("StoreSecret secret must not be larger than 512 bytes (got %zd)",
+             aSecret.Length()));
+    return NS_ERROR_FAILURE;
+  }
+  CREDENTIALA cred = {0};
+  cred.Type = CRED_TYPE_GENERIC;
+  const nsCString& label = PromiseFlatCString(aLabel);
+  cred.TargetName = const_cast<LPSTR>(label.get());
+  cred.CredentialBlobSize = aSecret.Length();
+  const nsCString& secret = PromiseFlatCString(aSecret);
+  cred.CredentialBlob = (LPBYTE)secret.get();
+  cred.Persist = CRED_PERSIST_LOCAL_MACHINE;
+  cred.UserName = const_cast<char*>("");  // -Wwritable-strings
+
+  // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-credwritea
+  BOOL ok = CredWriteA(&cred, 0);
+  if (!ok) {
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("CredWriteW failed %lu", GetLastError()));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult CredentialManagerSecret::DeleteSecret(const nsACString& aLabel) {
+  // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-creddeletea
+  const nsCString& label = PromiseFlatCString(aLabel);
+  BOOL ok = CredDeleteA(label.get(), CRED_TYPE_GENERIC, 0);
+  int error = GetLastError();
+  if (!ok && error != ERROR_NOT_FOUND) {
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("CredDeleteA failed %d", error));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult CredentialManagerSecret::RetrieveSecret(
+    const nsACString& aLabel,
+    /* out */ nsACString& aSecret) {
+  aSecret.Truncate();
+  PCREDENTIALA pcred_raw = nullptr;
+  const nsCString& label = PromiseFlatCString(aLabel);
+  // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-credreada
+  BOOL ok = CredReadA(label.get(), CRED_TYPE_GENERIC, 0, &pcred_raw);
+  ScopedCREDENTIALA pcred(pcred_raw);
+  if (!ok) {
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("CredReadA failed %lu", GetLastError()));
+    return NS_ERROR_FAILURE;
+  }
+  MOZ_ASSERT(pcred);
+  aSecret.Assign(reinterpret_cast<const char*>(pcred->CredentialBlob),
+                 pcred->CredentialBlobSize);
+  return NS_OK;
+}
diff --git a/security/manager/ssl/CredentialManagerSecret.h b/security/manager/ssl/CredentialManagerSecret.h
new file mode 100644
index 0000000000..52873151e7
--- /dev/null
+++ b/security/manager/ssl/CredentialManagerSecret.h
@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CredentialManagerSecret_h
+#define CredentialManagerSecret_h
+
+#include "OSKeyStore.h"
+#include "nsString.h"
+
+class CredentialManagerSecret final : public AbstractOSKeyStore {
+ public:
+  CredentialManagerSecret();
+
+  virtual nsresult RetrieveSecret(const nsACString& label,
+                                  /* out */ nsACString& secret) override;
+  virtual nsresult StoreSecret(const nsACString& secret,
+                               const nsACString& label) override;
+  virtual nsresult DeleteSecret(const nsACString& label) override;
+  virtual nsresult Lock() override;
+  virtual nsresult Unlock() override;
+
+  virtual ~CredentialManagerSecret();
+};
+
+#endif  // CredentialManagerSecret_h
diff --git a/security/manager/ssl/CryptoTask.cpp b/security/manager/ssl/CryptoTask.cpp
new file mode 100644
index 0000000000..a466a374f6
--- /dev/null
+++ b/security/manager/ssl/CryptoTask.cpp
@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CryptoTask.h"
+#include "nsNSSComponent.h"
+#include "nsNetCID.h"
+
+namespace mozilla {
+
+nsresult CryptoTask::Dispatch() {
+  // Ensure that NSS is initialized, since presumably CalculateResult
+  // will use NSS functions
+  if (!EnsureNSSInitializedChromeOrContent()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // The stream transport service (note: not the socket transport service) can
+  // be used to perform background tasks or I/O that would otherwise block the
+  // main thread.
+  nsCOMPtr<nsIEventTarget> target(
+      do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID));
+  if (!target) {
+    return NS_ERROR_FAILURE;
+  }
+  return target->Dispatch(this, NS_DISPATCH_NORMAL);
+}
+
+NS_IMETHODIMP
+CryptoTask::Run() {
+  if (!NS_IsMainThread()) {
+    mRv = CalculateResult();
+    NS_DispatchToMainThread(this);
+  } else {
+    // back on the main thread
+    CallCallback(mRv);
+  }
+  return NS_OK;
+}
+
+}  // namespace mozilla
diff --git a/security/manager/ssl/CryptoTask.h b/security/manager/ssl/CryptoTask.h
new file mode 100644
index 0000000000..2cbd082d7a
--- /dev/null
+++ b/security/manager/ssl/CryptoTask.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla__CryptoTask_h
+#define mozilla__CryptoTask_h
+
+#include "mozilla/Attributes.h"
+#include "nsThreadUtils.h"
+
+namespace mozilla {
+
+/**
+ * Frequently we need to run a task on a background thread without blocking
+ * the main thread, and then call a callback on the main thread with the
+ * result. This class provides the framework for that. Subclasses must:
+ *
+ *   (1) Override CalculateResult for the off-the-main-thread computation.
+ *   (2) Override CallCallback() for the on-the-main-thread call of the
+ *       callback.
+ */
+class CryptoTask : public Runnable {
+ public:
+  nsresult Dispatch();
+
+ protected:
+  CryptoTask() : Runnable("CryptoTask"), mRv(NS_ERROR_NOT_INITIALIZED) {}
+
+  virtual ~CryptoTask() = default;
+
+  /**
+   * Called on a background thread (never the main thread). Its result will be
+   * passed to CallCallback on the main thread.
+   */
+  virtual nsresult CalculateResult() = 0;
+
+  /**
+   * Called on the main thread with the result from CalculateResult().
+   */
+  virtual void CallCallback(nsresult rv) = 0;
+
+ private:
+  NS_IMETHOD Run() final;
+
+  nsresult mRv;
+};
+
+}  // namespace mozilla
+
+#endif  // mozilla__CryptoTask_h
diff --git a/security/manager/ssl/DER.sys.mjs b/security/manager/ssl/DER.sys.mjs
new file mode 100644
index 0000000000..3620cf9f29
--- /dev/null
+++ b/security/manager/ssl/DER.sys.mjs
@@ -0,0 +1,333 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// A minimal ASN.1 DER decoder. Supports input lengths up to 65539 (one byte for
+// the outer tag, one byte for the 0x82 length-length indicator, two bytes
+// indicating a contents length of 65535, and then the 65535 bytes of contents).
+// Intended to be used like so:
+//
+// let bytes = <an array of bytes describing a SEQUENCE OF INTEGER>;
+// let der = new DER.DERDecoder(bytes);
+// let contents = new DER.DERDecoder(der.readTagAndGetContents(DER.SEQUENCE));
+// while (!contents.atEnd()) {
+//   let integerBytes = contents.readTagAndGetContents(DER.INTEGER);
+//   <... do something with integerBytes ...>
+// }
+// der.assertAtEnd();
+//
+// For CHOICE, use readTLVChoice and pass an array of acceptable tags.
+// The convenience function readBIT_STRING is provided to handle the unused bits
+// aspect of BIT STRING. It returns an object that has the properties contents
+// (an array of bytes consisting of the bytes making up the BIT STRING) and
+// unusedBits (indicating the number of unused bits at the end).
+// All other functions generally return an array of bytes or a single byte as
+// appropriate.
+// peekTag can be used to see if the next tag is an expected given tag.
+// readTLV reads and returns an entire (tag, length, value) tuple (again
+// returned as an array of bytes).
+//
+// NB: While DERDecoder must be given an array, it does not validate that each
+// element in the array is an integer in the range [0, 255]. If the input to be
+// decoded could conceivably violate this property, callers should perform this
+// check before using DERDecoder.
+
+const UNIVERSAL = 0 << 6;
+const CONSTRUCTED = 1 << 5;
+const CONTEXT_SPECIFIC = 2 << 6;
+
+const INTEGER = UNIVERSAL | 0x02; // 0x02
+const BIT_STRING = UNIVERSAL | 0x03; // 0x03
+const NULL = UNIVERSAL | 0x05; // 0x05
+const OBJECT_IDENTIFIER = UNIVERSAL | 0x06; // 0x06
+const PrintableString = UNIVERSAL | 0x13; // 0x13
+const TeletexString = UNIVERSAL | 0x14; // 0x14
+const IA5String = UNIVERSAL | 0x16; // 0x16
+const UTCTime = UNIVERSAL | 0x17; // 0x17
+const GeneralizedTime = UNIVERSAL | 0x18; // 0x18
+const UTF8String = UNIVERSAL | 0x0c; // 0x0c
+const SEQUENCE = UNIVERSAL | CONSTRUCTED | 0x10; // 0x30
+const SET = UNIVERSAL | CONSTRUCTED | 0x11; // 0x31
+
+const ERROR_INVALID_INPUT = "invalid input";
+const ERROR_DATA_TRUNCATED = "data truncated";
+const ERROR_EXTRA_DATA = "extra data";
+const ERROR_INVALID_LENGTH = "invalid length";
+const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1";
+const ERROR_UNSUPPORTED_LENGTH = "unsupported length";
+const ERROR_INVALID_BIT_STRING = "invalid BIT STRING encoding";
+
+/** Class representing a decoded BIT STRING. */
+class BitString {
+  /**
+   * @param {number} unusedBits the number of unused bits
+   * @param {number[]} contents an array of bytes comprising the BIT STRING
+   */
+  constructor(unusedBits, contents) {
+    this._unusedBits = unusedBits;
+    this._contents = contents;
+  }
+
+  /**
+   * Get the number of unused bits in the BIT STRING
+   *
+   * @returns {number} the number of unused bits
+   */
+  get unusedBits() {
+    return this._unusedBits;
+  }
+
+  /**
+   * Get the contents of the BIT STRING
+   *
+   * @returns {number[]} an array of bytes representing the contents
+   */
+  get contents() {
+    return this._contents;
+  }
+}
+
+/** Class representing DER-encoded data. Provides methods for decoding it. */
+class DERDecoder {
+  /**
+   * @param {number[]} bytes an array of bytes representing the encoded data
+   */
+  constructor(bytes) {
+    // Reject non-array inputs.
+    if (!Array.isArray(bytes)) {
+      throw new Error(ERROR_INVALID_INPUT);
+    }
+    if (bytes.length > 65539) {
+      throw new Error(ERROR_UNSUPPORTED_LENGTH);
+    }
+    this._bytes = bytes;
+    this._cursor = 0;
+  }
+
+  /**
+   * Asserts that the decoder is at the end of the given data. Throws an error
+   * if this is not the case.
+   */
+  assertAtEnd() {
+    if (!this.atEnd()) {
+      throw new Error(ERROR_EXTRA_DATA);
+    }
+  }
+
+  /**
+   * Determines whether or not the decoder is at the end of the given data.
+   *
+   * @returns {boolean} true if the decoder is at the end and false otherwise
+   */
+  atEnd() {
+    return this._cursor == this._bytes.length;
+  }
+
+  /**
+   * Reads the next byte of data. Throws if no more data is available.
+   *
+   * @returns {number} the next byte of data
+   */
+  readByte() {
+    if (this._cursor >= this._bytes.length) {
+      throw new Error(ERROR_DATA_TRUNCATED);
+    }
+    let val = this._bytes[this._cursor];
+    this._cursor++;
+    return val;
+  }
+
+  /**
+   * Given the next expected tag, reads and asserts that the next tag is in fact
+   * the given tag.
+   *
+   * @param {number} expectedTag the expected next tag
+   */
+  _readExpectedTag(expectedTag) {
+    let tag = this.readByte();
+    if (tag != expectedTag) {
+      throw new Error(`unexpected tag: found ${tag} instead of ${expectedTag}`);
+    }
+  }
+
+  /**
+   * Decodes and returns the length portion of an ASN.1 TLV tuple. Throws if the
+   * length is incorrectly encoded or if it describes a length greater than
+   * 65535 bytes. Indefinite-length encoding is not supported.
+   *
+   * @returns {number} the length of the value of the TLV tuple
+   */
+  _readLength() {
+    let nextByte = this.readByte();
+    if (nextByte < 0x80) {
+      return nextByte;
+    }
+    if (nextByte == 0x80) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    if (nextByte == 0x81) {
+      let length = this.readByte();
+      if (length < 0x80) {
+        throw new Error(ERROR_INVALID_LENGTH);
+      }
+      return length;
+    }
+    if (nextByte == 0x82) {
+      let length1 = this.readByte();
+      let length2 = this.readByte();
+      let length = (length1 << 8) | length2;
+      if (length < 256) {
+        throw new Error(ERROR_INVALID_LENGTH);
+      }
+      return length;
+    }
+    throw new Error(ERROR_UNSUPPORTED_LENGTH);
+  }
+
+  /**
+   * Reads <length> bytes of data if available. Throws if less than <length>
+   * bytes are available.
+   *
+   * @param {number} length the number of bytes to read. Must be non-negative.
+   * @returns {number[]} the next <length> bytes of data
+   */
+  readBytes(length) {
+    if (length < 0) {
+      throw new Error(ERROR_INVALID_LENGTH);
+    }
+    if (this._cursor + length > this._bytes.length) {
+      throw new Error(ERROR_DATA_TRUNCATED);
+    }
+    let bytes = this._bytes.slice(this._cursor, this._cursor + length);
+    this._cursor += length;
+    return bytes;
+  }
+
+  /**
+   * Given an expected next ASN.1 tag, ensures that that tag is next and returns
+   * the contents of that tag. Throws if a different tag is encountered or if
+   * the data is otherwise incorrectly encoded.
+   *
+   * @param {number} tag the next expected ASN.1 tag
+   * @returns {number[]} the contents of the tag
+   */
+  readTagAndGetContents(tag) {
+    this._readExpectedTag(tag);
+    let length = this._readLength();
+    return this.readBytes(length);
+  }
+
+  /**
+   * Returns the next byte without advancing the decoder. Throws if no more data
+   * is available.
+   *
+   * @returns {number} the next available byte
+   */
+  _peekByte() {
+    if (this._cursor >= this._bytes.length) {
+      throw new Error(ERROR_DATA_TRUNCATED);
+    }
+    return this._bytes[this._cursor];
+  }
+
+  /**
+   * Given an expected tag, reads the next entire ASN.1 TLV tuple, asserting
+   * that the tag matches.
+   *
+   * @param {number} tag the expected tag
+   * @returns {number[]} an array of bytes representing the TLV tuple
+   */
+  _readExpectedTLV(tag) {
+    let mark = this._cursor;
+    this._readExpectedTag(tag);
+    let length = this._readLength();
+    // read the bytes so we know they're there (also to advance the cursor)
+    this.readBytes(length);
+    return this._bytes.slice(mark, this._cursor);
+  }
+
+  /**
+   * Reads the next ASN.1 tag, length, and value and returns them as an array of
+   * bytes.
+   *
+   * @returns {number[]} an array of bytes representing the next ASN.1 TLV
+   */
+  readTLV() {
+    let nextTag = this._peekByte();
+    return this._readExpectedTLV(nextTag);
+  }
+
+  /**
+   * Convenience function for decoding a BIT STRING. Reads and returns the
+   * contents of the expected next BIT STRING. Throws if the next TLV isn't a
+   * BIT STRING or if the BIT STRING is incorrectly encoded.
+   *
+   * @returns {BitString} the next BIT STRING
+   */
+  readBIT_STRING() {
+    let contents = this.readTagAndGetContents(BIT_STRING);
+    if (contents.length < 1) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    let unusedBits = contents[0];
+    if (unusedBits > 7) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    // Zero bytes of content but some amount of padding is invalid.
+    if (contents.length == 1 && unusedBits != 0) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    return new BitString(unusedBits, contents.slice(1, contents.length));
+  }
+
+  /**
+   * Looks to see if the next ASN.1 tag is the expected given tag.
+   *
+   * @param {number} tag the expected next ASN.1 tag
+   * @returns {boolean} true if the next tag is the given one and false otherwise
+   */
+  peekTag(tag) {
+    if (this._cursor >= this._bytes.length) {
+      return false;
+    }
+    return this._bytes[this._cursor] == tag;
+  }
+
+  /**
+   * Given a list of possible next ASN.1 tags, returns the next TLV if the next
+   * tag is in the list. Throws if the next tag is not in the list or if the
+   * data is incorrectly encoded.
+   *
+   * @param {number[]} tagList the list of potential next tags
+   * @returns {number[]} the contents of the next TLV if the next tag is in
+   *                    <tagList>
+   */
+  readTLVChoice(tagList) {
+    let tag = this._peekByte();
+    if (!tagList.includes(tag)) {
+      throw new Error(
+        `unexpected tag: found ${tag} instead of one of ${tagList}`
+      );
+    }
+    return this._readExpectedTLV(tag);
+  }
+}
+
+export const DER = {
+  UNIVERSAL,
+  CONSTRUCTED,
+  CONTEXT_SPECIFIC,
+  INTEGER,
+  BIT_STRING,
+  NULL,
+  OBJECT_IDENTIFIER,
+  PrintableString,
+  TeletexString,
+  IA5String,
+  UTCTime,
+  GeneralizedTime,
+  UTF8String,
+  SEQUENCE,
+  SET,
+  DERDecoder,
+};
diff --git a/security/manager/ssl/DataStorage.cpp b/security/manager/ssl/DataStorage.cpp
new file mode 100644
index 0000000000..d2990e1aed
--- /dev/null
+++ b/security/manager/ssl/DataStorage.cpp
@@ -0,0 +1,866 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "DataStorage.h"
+
+#include "mozilla/AppShutdown.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/ClearOnShutdown.h"
+#include "mozilla/FileUtils.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Services.h"
+#include "mozilla/StaticMutex.h"
+#include "mozilla/StaticPtr.h"
+#include "mozilla/TaskQueue.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsIFileStreams.h"
+#include "nsIMemoryReporter.h"
+#include "nsIObserverService.h"
+#include "nsISafeOutputStream.h"
+#include "nsISerialEventTarget.h"
+#include "nsIThread.h"
+#include "nsITimer.h"
+#include "nsNetUtil.h"
+#include "nsPrintfCString.h"
+#include "nsStreamUtils.h"
+#include "nsThreadUtils.h"
+#include "private/pprio.h"
+
+#if defined(XP_WIN)
+#  include "nsILocalFileWin.h"
+#endif
+
+// NB: Read DataStorage.h first.
+
+// The default time between data changing and a write, in milliseconds.
+static const uint32_t sDataStorageDefaultTimerDelay = 5u * 60u * 1000u;
+// The maximum score an entry can have (prevents overflow)
+static const uint32_t sMaxScore = UINT32_MAX;
+// The maximum number of entries per type of data (limits resource use)
+static const uint32_t sMaxDataEntries = 1024;
+static const int64_t sOneDayInMicroseconds =
+    int64_t(24 * 60 * 60) * PR_USEC_PER_SEC;
+
+namespace mozilla {
+
+class DataStorageMemoryReporter final : public nsIMemoryReporter {
+  MOZ_DEFINE_MALLOC_SIZE_OF(MallocSizeOf)
+  ~DataStorageMemoryReporter() = default;
+
+ public:
+  NS_DECL_ISUPPORTS
+
+  NS_IMETHOD CollectReports(nsIHandleReportCallback* aHandleReport,
+                            nsISupports* aData, bool aAnonymize) final {
+    nsTArray<nsString> fileNames;
+#define DATA_STORAGE(_) \
+  fileNames.AppendElement(NS_LITERAL_STRING_FROM_CSTRING(#_ ".txt"));
+#include "mozilla/DataStorageList.h"
+#undef DATA_STORAGE
+    for (const auto& file : fileNames) {
+      RefPtr<DataStorage> ds = DataStorage::GetFromRawFileName(file);
+      size_t amount = ds->SizeOfIncludingThis(MallocSizeOf);
+      nsPrintfCString path("explicit/data-storage/%s",
+                           NS_ConvertUTF16toUTF8(file).get());
+      Unused << aHandleReport->Callback(
+          ""_ns, path, KIND_HEAP, UNITS_BYTES, amount,
+          "Memory used by PSM data storage cache."_ns, aData);
+    }
+    return NS_OK;
+  }
+};
+
+NS_IMPL_ISUPPORTS(DataStorageMemoryReporter, nsIMemoryReporter)
+
+NS_IMPL_ISUPPORTS(DataStorage, nsIObserver)
+
+mozilla::StaticAutoPtr<DataStorage::DataStorages> DataStorage::sDataStorages;
+
+DataStorage::DataStorage(const nsString& aFilename)
+    : mMutex("DataStorage::mMutex"),
+      mPendingWrite(false),
+      mTimerArmed(false),
+      mShuttingDown(false),
+      mInitCalled(false),
+      mReadyMonitor("DataStorage::mReadyMonitor"),
+      mReady(false),
+      mFilename(aFilename) {}
+
+// static
+already_AddRefed<DataStorage> DataStorage::Get(DataStorageClass aFilename) {
+  switch (aFilename) {
+#define DATA_STORAGE(_)     \
+  case DataStorageClass::_: \
+    return GetFromRawFileName(NS_LITERAL_STRING_FROM_CSTRING(#_ ".txt"));
+#include "mozilla/DataStorageList.h"
+#undef DATA_STORAGE
+    default:
+      MOZ_ASSERT_UNREACHABLE("Invalid DataStorage type passed?");
+      return nullptr;
+  }
+}
+
+// static
+already_AddRefed<DataStorage> DataStorage::GetFromRawFileName(
+    const nsString& aFilename) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!sDataStorages) {
+    sDataStorages = new DataStorages();
+    ClearOnShutdown(&sDataStorages);
+  }
+  return do_AddRef(sDataStorages->LookupOrInsertWith(
+      aFilename, [&] { return RefPtr{new DataStorage(aFilename)}; }));
+}
+
+size_t DataStorage::SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) {
+  MutexAutoLock lock(mMutex);
+  size_t sizeOfExcludingThis =
+      mPersistentDataTable.ShallowSizeOfExcludingThis(aMallocSizeOf) +
+      mTemporaryDataTable.ShallowSizeOfExcludingThis(aMallocSizeOf) +
+      mPrivateDataTable.ShallowSizeOfExcludingThis(aMallocSizeOf) +
+      mFilename.SizeOfExcludingThisIfUnshared(aMallocSizeOf);
+  return aMallocSizeOf(this) + sizeOfExcludingThis;
+}
+
+nsresult DataStorage::Init() {
+  // Don't access the observer service or preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    MOZ_ASSERT_UNREACHABLE("DataStorage::Init called off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (!XRE_IsParentProcess()) {
+    MOZ_ASSERT_UNREACHABLE("DataStorage used in non-parent process");
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+    // Reject new DataStorage instances if the browser is shutting down. There
+    // is no guarantee that DataStorage writes will be able to be persisted if
+    // we init during shutdown, so we return an error here to hopefully make
+    // this more explicit and consistent.
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  // Ignore attempts to initialize several times.
+  if (mInitCalled) {
+    return NS_OK;
+  }
+
+  mInitCalled = true;
+
+  static bool memoryReporterRegistered = false;
+  if (!memoryReporterRegistered) {
+    nsresult rv = RegisterStrongMemoryReporter(new DataStorageMemoryReporter());
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+    memoryReporterRegistered = true;
+  }
+
+  nsCOMPtr<nsISerialEventTarget> target;
+  nsresult rv = NS_CreateBackgroundTaskQueue(
+      "DataStorage::mBackgroundTaskQueue", getter_AddRefs(target));
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  mBackgroundTaskQueue = TaskQueue::Create(target.forget(), "PSM DataStorage");
+
+  // For test purposes, we can set the write timer to be very fast.
+  mTimerDelayMS = Preferences::GetInt("test.datastorage.write_timer_ms",
+                                      sDataStorageDefaultTimerDelay);
+
+  rv = AsyncReadData(lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+  if (NS_WARN_IF(!os)) {
+    return NS_ERROR_FAILURE;
+  }
+  // Clear private data as appropriate.
+  os->AddObserver(this, "last-pb-context-exited", false);
+  // Observe shutdown; save data and prevent any further writes.
+  // We need to write to the profile directory, so we should listen for
+  // profile-before-change so that we can safely write to the profile.
+  os->AddObserver(this, "profile-before-change", false);
+  // This is a backstop for xpcshell and other cases where
+  // profile-before-change might not get sent.
+  os->AddObserver(this, "xpcom-shutdown-threads", false);
+  // On mobile, if the app is backgrounded, it may be killed. Observe this
+  // notification to kick off an asynchronous write to avoid losing data.
+  os->AddObserver(this, "application-background", false);
+
+  return NS_OK;
+}
+
+class DataStorage::Reader : public Runnable {
+ public:
+  explicit Reader(DataStorage* aDataStorage)
+      : Runnable("DataStorage::Reader"), mDataStorage(aDataStorage) {}
+  ~Reader();
+
+ private:
+  NS_DECL_NSIRUNNABLE
+
+  static nsresult ParseLine(nsDependentCSubstring& aLine, nsCString& aKeyOut,
+                            Entry& aEntryOut);
+
+  RefPtr<DataStorage> mDataStorage;
+};
+
+DataStorage::Reader::~Reader() {
+  // Notify that calls to Get can proceed.
+  {
+    MonitorAutoLock readyLock(mDataStorage->mReadyMonitor);
+    mDataStorage->mReady = true;
+    mDataStorage->mReadyMonitor.NotifyAll();
+  }
+
+  // This is for tests.
+  nsCOMPtr<nsIRunnable> job = NewRunnableMethod<const char*>(
+      "DataStorage::NotifyObservers", mDataStorage,
+      &DataStorage::NotifyObservers, "data-storage-ready");
+  nsresult rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL);
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+}
+
+NS_IMETHODIMP
+DataStorage::Reader::Run() {
+  nsresult rv;
+  // Concurrent operations on nsIFile objects are not guaranteed to be safe,
+  // so we clone the file while holding the lock and then release the lock.
+  // At that point, we can safely operate on the clone.
+  nsCOMPtr<nsIFile> file;
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // If we don't have a profile, bail.
+    if (!mDataStorage->mBackingFile) {
+      return NS_OK;
+    }
+    rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), file);
+  // If we failed for some reason other than the file doesn't exist, bail.
+  if (NS_WARN_IF(NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND)) {
+    return rv;
+  }
+
+  // If there is a file with data in it, read it. If there isn't,
+  // we'll essentially fall through to notifying that we're good to go.
+  nsCString data;
+  if (fileInputStream) {
+    // Limit to 2MB of data, but only store sMaxDataEntries entries.
+    rv = NS_ConsumeStream(fileInputStream, 1u << 21, data);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+
+  // Atomically parse the data and insert the entries read.
+  // Don't clear existing entries - they may have been inserted between when
+  // this read was kicked-off and when it was run.
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // The backing file consists of a list of
+    //   <key>\t<score>\t<last accessed time>\t<value>\n
+    // The final \n is not optional; if it is not present the line is assumed
+    // to be corrupt.
+    int32_t currentIndex = 0;
+    int32_t newlineIndex = 0;
+    do {
+      newlineIndex = data.FindChar('\n', currentIndex);
+      // If there are no more newlines or the data table has too many
+      // entries, we are done.
+      if (newlineIndex < 0 ||
+          mDataStorage->mPersistentDataTable.Count() >= sMaxDataEntries) {
+        break;
+      }
+
+      nsDependentCSubstring line(data, currentIndex,
+                                 newlineIndex - currentIndex);
+      currentIndex = newlineIndex + 1;
+      nsCString key;
+      Entry entry;
+      nsresult parseRV = ParseLine(line, key, entry);
+      if (NS_SUCCEEDED(parseRV)) {
+        // It could be the case that a newer entry was added before
+        // we got around to reading the file. Don't overwrite new entries.
+        mDataStorage->mPersistentDataTable.LookupOrInsert(key,
+                                                          std::move(entry));
+      }
+    } while (true);
+
+    Telemetry::Accumulate(Telemetry::DATA_STORAGE_ENTRIES,
+                          mDataStorage->mPersistentDataTable.Count());
+  }
+
+  return NS_OK;
+}
+
+// The key must be a non-empty string containing no instances of '\t' or '\n',
+// and must have a length no more than 256.
+// The value must not contain '\n' and must have a length no more than 1024.
+// The length limits are to prevent unbounded memory and disk usage.
+/* static */
+nsresult DataStorage::ValidateKeyAndValue(const nsCString& aKey,
+                                          const nsCString& aValue) {
+  if (aKey.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aKey.Length() > 256) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  int32_t delimiterIndex = aKey.FindChar('\t', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  delimiterIndex = aKey.FindChar('\n', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  delimiterIndex = aValue.FindChar('\n', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aValue.Length() > 1024) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  return NS_OK;
+}
+
+// Each line is: <key>\t<score>\t<last accessed time>\t<value>
+// Where <score> is a uint32_t as a string, <last accessed time> is a
+// int32_t as a string, and the rest are strings.
+// <value> can contain anything but a newline.
+// Returns a successful status if the line can be decoded into a key and entry.
+// Otherwise, an error status is returned and the values assigned to the
+// output parameters are in an undefined state.
+/* static */
+nsresult DataStorage::Reader::ParseLine(nsDependentCSubstring& aLine,
+                                        nsCString& aKeyOut, Entry& aEntryOut) {
+  // First find the indices to each part of the line.
+  int32_t scoreIndex;
+  scoreIndex = aLine.FindChar('\t', 0) + 1;
+  if (scoreIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  int32_t accessedIndex = aLine.FindChar('\t', scoreIndex) + 1;
+  if (accessedIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  int32_t valueIndex = aLine.FindChar('\t', accessedIndex) + 1;
+  if (valueIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Now make substrings based on where each part is.
+  nsDependentCSubstring keyPart(aLine, 0, scoreIndex - 1);
+  nsDependentCSubstring scorePart(aLine, scoreIndex,
+                                  accessedIndex - scoreIndex - 1);
+  nsDependentCSubstring accessedPart(aLine, accessedIndex,
+                                     valueIndex - accessedIndex - 1);
+  nsDependentCSubstring valuePart(aLine, valueIndex);
+
+  nsresult rv;
+  rv = DataStorage::ValidateKeyAndValue(nsCString(keyPart),
+                                        nsCString(valuePart));
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Now attempt to decode the score part as a uint32_t.
+  // XXX nsDependentCSubstring doesn't support ToInteger
+  int32_t integer = nsCString(scorePart).ToInteger(&rv);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  if (integer < 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  aEntryOut.mScore = (uint32_t)integer;
+
+  integer = nsCString(accessedPart).ToInteger(&rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (integer < 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  aEntryOut.mLastAccessed = integer;
+
+  // Now set the key and value.
+  aKeyOut.Assign(keyPart);
+  aEntryOut.mValue.Assign(valuePart);
+
+  return NS_OK;
+}
+
+nsresult DataStorage::AsyncReadData(const MutexAutoLock& /*aProofOfLock*/) {
+  mMutex.AssertCurrentThreadOwns();
+  // Allocate a Reader so that even if it isn't dispatched,
+  // the data-storage-ready notification will be fired and Get
+  // will be able to proceed (this happens in its destructor).
+  nsCOMPtr<nsIRunnable> job(new Reader(this));
+  nsresult rv;
+  // If we don't have a profile directory, this will fail.
+  // That's okay - it just means there is no persistent state.
+  rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                              getter_AddRefs(mBackingFile));
+  if (NS_FAILED(rv)) {
+    mBackingFile = nullptr;
+    return NS_OK;
+  }
+
+  rv = mBackingFile->Append(mFilename);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  rv = mBackgroundTaskQueue->Dispatch(job.forget());
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+bool DataStorage::IsReady() {
+  MonitorAutoLock readyLock(mReadyMonitor);
+  return mReady;
+}
+
+void DataStorage::WaitForReady() {
+  MOZ_DIAGNOSTIC_ASSERT(mInitCalled, "Waiting before Init() has been called?");
+
+  MonitorAutoLock readyLock(mReadyMonitor);
+  while (!mReady) {
+    readyLock.Wait();
+  }
+  MOZ_ASSERT(mReady);
+}
+
+nsCString DataStorage::Get(const nsCString& aKey, DataStorageType aType) {
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  Entry entry;
+  bool foundValue = GetInternal(aKey, &entry, aType, lock);
+  if (!foundValue) {
+    return ""_ns;
+  }
+
+  // If we're here, we found a value. Maybe update its score.
+  if (entry.UpdateScore()) {
+    PutInternal(aKey, entry, aType, lock);
+  }
+
+  return entry.mValue;
+}
+
+bool DataStorage::GetInternal(const nsCString& aKey, Entry* aEntry,
+                              DataStorageType aType,
+                              const MutexAutoLock& aProofOfLock) {
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  bool foundValue = table.Get(aKey, aEntry);
+  return foundValue;
+}
+
+DataStorage::DataStorageTable& DataStorage::GetTableForType(
+    DataStorageType aType, const MutexAutoLock& /*aProofOfLock*/) {
+  switch (aType) {
+    case DataStorage_Persistent:
+      return mPersistentDataTable;
+    case DataStorage_Temporary:
+      return mTemporaryDataTable;
+    case DataStorage_Private:
+      return mPrivateDataTable;
+  }
+
+  MOZ_CRASH("given bad DataStorage storage type");
+}
+
+void DataStorage::ReadAllFromTable(DataStorageType aType,
+                                   nsTArray<DataStorageItem>* aItems,
+                                   const MutexAutoLock& aProofOfLock) {
+  for (auto iter = GetTableForType(aType, aProofOfLock).Iter(); !iter.Done();
+       iter.Next()) {
+    DataStorageItem* item = aItems->AppendElement();
+    item->key = iter.Key();
+    item->value = iter.Data().mValue;
+    item->type = aType;
+  }
+}
+
+void DataStorage::GetAll(nsTArray<DataStorageItem>* aItems) {
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  aItems->SetCapacity(mPersistentDataTable.Count() +
+                      mTemporaryDataTable.Count() + mPrivateDataTable.Count());
+  ReadAllFromTable(DataStorage_Persistent, aItems, lock);
+  ReadAllFromTable(DataStorage_Temporary, aItems, lock);
+  ReadAllFromTable(DataStorage_Private, aItems, lock);
+}
+
+// Limit the number of entries per table. This is to prevent unbounded
+// resource use. The eviction strategy is as follows:
+// - An entry's score is incremented once for every day it is accessed.
+// - Evict an entry with score no more than any other entry in the table
+//   (this is the same as saying evict the entry with the lowest score,
+//    except for when there are multiple entries with the lowest score,
+//    in which case one of them is evicted - which one is not specified).
+void DataStorage::MaybeEvictOneEntry(DataStorageType aType,
+                                     const MutexAutoLock& aProofOfLock) {
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  if (table.Count() >= sMaxDataEntries) {
+    KeyAndEntry toEvict;
+    // If all entries have score sMaxScore, this won't actually remove
+    // anything. This will never happen, however, because having that high
+    // a score either means someone tampered with the backing file or every
+    // entry has been accessed once a day for ~4 billion days.
+    // The worst that will happen is there will be 1025 entries in the
+    // persistent data table, with the 1025th entry being replaced every time
+    // data with a new key is inserted into the table. This is bad but
+    // ultimately not that concerning, considering that if an attacker can
+    // modify data in the profile, they can cause much worse harm.
+    toEvict.mEntry.mScore = sMaxScore;
+
+    for (auto iter = table.Iter(); !iter.Done(); iter.Next()) {
+      Entry entry = iter.UserData();
+      if (entry.mScore < toEvict.mEntry.mScore) {
+        toEvict.mKey = iter.Key();
+        toEvict.mEntry = entry;
+      }
+    }
+
+    table.Remove(toEvict.mKey);
+  }
+}
+
+nsresult DataStorage::Put(const nsCString& aKey, const nsCString& aValue,
+                          DataStorageType aType) {
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  nsresult rv;
+  rv = ValidateKeyAndValue(aKey, aValue);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  Entry entry;
+  bool exists = GetInternal(aKey, &entry, aType, lock);
+  if (exists) {
+    entry.UpdateScore();
+  } else {
+    MaybeEvictOneEntry(aType, lock);
+  }
+  entry.mValue = aValue;
+  return PutInternal(aKey, entry, aType, lock);
+}
+
+nsresult DataStorage::PutInternal(const nsCString& aKey, Entry& aEntry,
+                                  DataStorageType aType,
+                                  const MutexAutoLock& aProofOfLock) {
+  mMutex.AssertCurrentThreadOwns();
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  table.InsertOrUpdate(aKey, aEntry);
+
+  if (aType == DataStorage_Persistent) {
+    mPendingWrite = true;
+    ArmTimer(aProofOfLock);
+  }
+
+  return NS_OK;
+}
+
+void DataStorage::Remove(const nsCString& aKey, DataStorageType aType) {
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  DataStorageTable& table = GetTableForType(aType, lock);
+  table.Remove(aKey);
+
+  if (aType == DataStorage_Persistent) {
+    mPendingWrite = true;
+    ArmTimer(lock);
+  }
+}
+
+class DataStorage::Writer final : public Runnable {
+ public:
+  Writer(nsCString& aData, DataStorage* aDataStorage)
+      : Runnable("DataStorage::Writer"),
+        mData(aData),
+        mDataStorage(aDataStorage) {}
+
+ protected:
+  NS_DECL_NSIRUNNABLE
+
+  nsCString mData;
+  RefPtr<DataStorage> mDataStorage;
+};
+
+NS_IMETHODIMP
+DataStorage::Writer::Run() {
+  nsresult rv;
+  // Concurrent operations on nsIFile objects are not guaranteed to be safe,
+  // so we clone the file while holding the lock and then release the lock.
+  // At that point, we can safely operate on the clone.
+  nsCOMPtr<nsIFile> file;
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // If we don't have a profile, bail.
+    if (!mDataStorage->mBackingFile) {
+      return NS_OK;
+    }
+    rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+
+  nsCOMPtr<nsIOutputStream> outputStream;
+  rv =
+      NS_NewSafeLocalFileOutputStream(getter_AddRefs(outputStream), file,
+                                      PR_CREATE_FILE | PR_TRUNCATE | PR_WRONLY);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  // When the output stream is null, it means we don't have a profile.
+  if (!outputStream) {
+    return NS_OK;
+  }
+
+  const char* ptr = mData.get();
+  uint32_t remaining = mData.Length();
+  uint32_t written = 0;
+  while (remaining > 0) {
+    rv = outputStream->Write(ptr, remaining, &written);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+    remaining -= written;
+    ptr += written;
+  }
+
+  nsCOMPtr<nsISafeOutputStream> safeOutputStream =
+      do_QueryInterface(outputStream);
+  if (!safeOutputStream) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = safeOutputStream->Finish();
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  // Observed by tests.
+  nsCOMPtr<nsIRunnable> job = NewRunnableMethod<const char*>(
+      "DataStorage::NotifyObservers", mDataStorage,
+      &DataStorage::NotifyObservers, "data-storage-written");
+  rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult DataStorage::AsyncWriteData(const MutexAutoLock& /*aProofOfLock*/) {
+  mMutex.AssertCurrentThreadOwns();
+  if (!mPendingWrite || mShuttingDown || !mBackingFile) {
+    return NS_OK;
+  }
+
+  nsCString output;
+  for (auto iter = mPersistentDataTable.Iter(); !iter.Done(); iter.Next()) {
+    Entry entry = iter.UserData();
+    output.Append(iter.Key());
+    output.Append('\t');
+    output.AppendInt(entry.mScore);
+    output.Append('\t');
+    output.AppendInt(entry.mLastAccessed);
+    output.Append('\t');
+    output.Append(entry.mValue);
+    output.Append('\n');
+  }
+
+  nsCOMPtr<nsIRunnable> job(new Writer(output, this));
+  nsresult rv = mBackgroundTaskQueue->Dispatch(job.forget());
+  mPendingWrite = false;
+  if (mTimerArmed) {
+    rv = mTimer->Cancel();
+    Unused << NS_WARN_IF(NS_FAILED(rv));
+    mTimerArmed = false;
+  }
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult DataStorage::Clear() {
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+  mPersistentDataTable.Clear();
+  mTemporaryDataTable.Clear();
+  mPrivateDataTable.Clear();
+  mPendingWrite = true;
+
+  // Asynchronously clear the file. This is similar to the permission manager
+  // in that it doesn't wait to synchronously remove the data from its backing
+  // storage either.
+  return AsyncWriteData(lock);
+}
+
+/* static */
+void DataStorage::TimerCallback(nsITimer* aTimer, void* aClosure) {
+  RefPtr<DataStorage> aDataStorage = (DataStorage*)aClosure;
+  MutexAutoLock lock(aDataStorage->mMutex);
+  aDataStorage->mTimerArmed = false;
+  Unused << aDataStorage->AsyncWriteData(lock);
+}
+
+void DataStorage::NotifyObservers(const char* aTopic) {
+  // Don't access the observer service off the main thread.
+  if (!NS_IsMainThread()) {
+    MOZ_ASSERT_UNREACHABLE(
+        "DataStorage::NotifyObservers called off main thread");
+    return;
+  }
+
+  nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+  if (os) {
+    os->NotifyObservers(nullptr, aTopic, mFilename.get());
+  }
+}
+
+void DataStorage::ArmTimer(const MutexAutoLock& /*aProofOfLock*/) {
+  mMutex.AssertCurrentThreadOwns();
+  if (mTimerArmed) {
+    return;
+  }
+
+  if (!mTimer) {
+    mTimer = NS_NewTimer(mBackgroundTaskQueue);
+    if (NS_WARN_IF(!mTimer)) {
+      return;
+    }
+  }
+
+  nsresult rv = mTimer->InitWithNamedFuncCallback(
+      DataStorage::TimerCallback, this, mTimerDelayMS, nsITimer::TYPE_ONE_SHOT,
+      "DataStorageTimer");
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+
+  mTimerArmed = true;
+}
+
+void DataStorage::ShutdownTimer() {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (mTimer) {
+    nsresult rv = mTimer->Cancel();
+    Unused << NS_WARN_IF(NS_FAILED(rv));
+    mTimer = nullptr;
+  }
+}
+
+//------------------------------------------------------------
+// DataStorage::nsIObserver
+//------------------------------------------------------------
+
+NS_IMETHODIMP
+DataStorage::Observe(nsISupports* /*aSubject*/, const char* aTopic,
+                     const char16_t* /*aData*/) {
+  if (!NS_IsMainThread()) {
+    MOZ_ASSERT_UNREACHABLE("DataStorage::Observe called off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (strcmp(aTopic, "last-pb-context-exited") == 0) {
+    MutexAutoLock lock(mMutex);
+    mPrivateDataTable.Clear();
+    return NS_OK;
+  }
+
+  if (strcmp(aTopic, "profile-before-change") == 0 ||
+      strcmp(aTopic, "xpcom-shutdown-threads") == 0) {
+    RefPtr<TaskQueue> taskQueueToAwait;
+    {
+      MutexAutoLock lock(mMutex);
+      if (!mShuttingDown) {
+        nsresult rv = AsyncWriteData(lock);
+        Unused << NS_WARN_IF(NS_FAILED(rv));
+        mShuttingDown = true;
+        mBackgroundTaskQueue->BeginShutdown();
+        taskQueueToAwait = mBackgroundTaskQueue;
+      }
+    }
+    // Tasks on the background queue may take the lock, so it can't be held
+    // while waiting for them to finish.
+    if (taskQueueToAwait) {
+      taskQueueToAwait->AwaitShutdownAndIdle();
+    }
+    ShutdownTimer();
+  }
+
+  // On mobile, if the app is backgrounded, it may be killed. Kick off an
+  // asynchronous write to avoid losing data.
+  if (strcmp(aTopic, "application-background") == 0) {
+    MutexAutoLock lock(mMutex);
+    if (!mShuttingDown) {
+      nsresult rv = AsyncWriteData(lock);
+      Unused << NS_WARN_IF(NS_FAILED(rv));
+    }
+  }
+
+  return NS_OK;
+}
+
+DataStorage::Entry::Entry()
+    : mScore(0), mLastAccessed((int32_t)(PR_Now() / sOneDayInMicroseconds)) {}
+
+// Updates this entry's score. Returns true if the score has actually changed.
+// If it's been less than a day since this entry has been accessed, the score
+// does not change. Otherwise, the score increases by 1.
+// The default score is 0. The maximum score is the maximum value that can
+// be represented by an unsigned 32 bit integer.
+// This is to handle evictions from our tables, which in turn is to prevent
+// unbounded resource use.
+bool DataStorage::Entry::UpdateScore() {
+  int32_t nowInDays = (int32_t)(PR_Now() / sOneDayInMicroseconds);
+  int32_t daysSinceAccessed = (nowInDays - mLastAccessed);
+
+  // Update the last accessed time.
+  mLastAccessed = nowInDays;
+
+  // If it's been less than a day since we've been accessed,
+  // the score isn't updated.
+  if (daysSinceAccessed < 1) {
+    return false;
+  }
+
+  // Otherwise, increment the score (but don't overflow).
+  if (mScore < sMaxScore) {
+    mScore++;
+  }
+  return true;
+}
+
+}  // namespace mozilla
diff --git a/security/manager/ssl/DataStorage.h b/security/manager/ssl/DataStorage.h
new file mode 100644
index 0000000000..a0e6206439
--- /dev/null
+++ b/security/manager/ssl/DataStorage.h
@@ -0,0 +1,226 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_DataStorage_h
+#define mozilla_DataStorage_h
+
+#include "mozilla/Atomics.h"
+#include "mozilla/MemoryReporting.h"
+#include "mozilla/Monitor.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/StaticPtr.h"
+#include "nsCOMPtr.h"
+#include "nsTHashMap.h"
+#include "nsIObserver.h"
+#include "nsITimer.h"
+#include "nsRefPtrHashtable.h"
+#include "nsString.h"
+
+class psm_DataStorageTest;
+
+namespace mozilla {
+class DataStorageMemoryReporter;
+class TaskQueue;
+
+/**
+ * DataStorage is a threadsafe, generic, narrow string-based hash map that
+ * persists data on disk and additionally handles temporary and private data.
+ * However, if used in a context where there is no profile directory, data
+ * will not be persisted.
+ *
+ * Its lifecycle is as follows:
+ * - Allocate with a filename (this is or will eventually be a file in the
+ *   profile directory, if the profile exists).
+ * - Call Init() from the main thread. This spins off an asynchronous read
+ *   of the backing file.
+ * - Eventually observers of the topic "data-storage-ready" will be notified
+ *   with the backing filename as the data in the notification when this
+ *   has completed.
+ * - Should the profile directory not be available, (e.g. in xpcshell),
+ *   DataStorage will not initially read any persistent data. The
+ *   "data-storage-ready" event will still be emitted. This follows semantics
+ *   similar to the permission manager and allows tests that test unrelated
+ *   components to proceed without a profile.
+ * - A timer periodically fires on a background thread that checks if any
+ *   persistent data has changed, and if so writes all persistent data to the
+ *   backing file. When this happens, observers will be notified with the
+ *   topic "data-storage-written" and the backing filename as the data.
+ *   It is possible to receive a "data-storage-written" event while there exist
+ *   pending persistent data changes. However, those changes will eventually be
+ *   written when the timer fires again, and eventually another
+ *   "data-storage-written" event will be sent.
+ * - When a DataStorage instance observes the topic "profile-before-change" in
+ *   anticipation of shutdown, all persistent data for that DataStorage is
+ *   written to the backing file (this blocks the main thread). In the process
+ *   of doing this, the background serial event target responsible for these
+ *   writes is then shut down to prevent further writes to that file (the
+ *   background timer is also cancelled when this happens).
+ *   If "profile-before-change" is not observed, this happens upon observing
+ *   "xpcom-shutdown-threads".
+ * - For testing purposes, the preference "test.datastorage.write_timer_ms" can
+ *   be set to cause the asynchronous writing of data to happen more quickly.
+ * - To prevent unbounded memory and disk use, the number of entries in each
+ *   table is limited to 1024. Evictions are handled in by a modified LRU scheme
+ *   (see implementation comments).
+ * - NB: Instances of DataStorage have long lifetimes because they are strong
+ *   observers of events and won't go away until the observer service does.
+ *
+ * For each key/value:
+ * - The key must be a non-empty string containing no instances of '\t' or '\n'
+ *   (this is a limitation of how the data is stored and will be addressed in
+ *   the future).
+ * - The key must have a length no more than 256.
+ * - The value must not contain '\n' and must have a length no more than 1024.
+ *   (the length limits are to prevent unbounded disk and memory usage)
+ */
+
+/**
+ * Data that is DataStorage_Persistent is saved on disk. DataStorage_Temporary
+ * and DataStorage_Private are not saved. DataStorage_Private is meant to
+ * only be set and accessed from private contexts. It will be cleared upon
+ * observing the event "last-pb-context-exited".
+ */
+enum DataStorageType {
+  DataStorage_Persistent,
+  DataStorage_Temporary,
+  DataStorage_Private
+};
+
+struct DataStorageItem final {
+  nsCString key;
+  nsCString value;
+  DataStorageType type;
+};
+
+enum class DataStorageClass {
+#define DATA_STORAGE(_) _,
+#include "mozilla/DataStorageList.h"
+#undef DATA_STORAGE
+};
+
+class DataStorage : public nsIObserver {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  // If there is a profile directory, there is or will eventually be a file
+  // by the name specified by aFilename there.
+  static already_AddRefed<DataStorage> Get(DataStorageClass aFilename);
+
+  // Initializes the DataStorage. Must be called before using.
+  nsresult Init();
+
+  // Given a key and a type of data, returns a value. Returns an empty string if
+  // the key is not present for that type of data. If Get is called before the
+  // "data-storage-ready" event is observed, it will block. NB: It is not
+  // currently possible to differentiate between missing data and data that is
+  // the empty string.
+  nsCString Get(const nsCString& aKey, DataStorageType aType);
+  // Give a key, value, and type of data, adds an entry as appropriate.
+  // Updates existing entries.
+  nsresult Put(const nsCString& aKey, const nsCString& aValue,
+               DataStorageType aType);
+  // Given a key and type of data, removes an entry if present.
+  void Remove(const nsCString& aKey, DataStorageType aType);
+  // Removes all entries of all types of data.
+  nsresult Clear();
+
+  // Read all of the data items.
+  void GetAll(nsTArray<DataStorageItem>* aItems);
+
+  size_t SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf);
+
+  // Return true if this data storage is ready to be used.
+  bool IsReady();
+
+  void ArmTimer(const MutexAutoLock& aProofOfLock);
+  void ShutdownTimer();
+
+ private:
+  explicit DataStorage(const nsString& aFilename);
+  virtual ~DataStorage() = default;
+
+  static already_AddRefed<DataStorage> GetFromRawFileName(
+      const nsString& aFilename);
+
+  friend class ::psm_DataStorageTest;
+  friend class mozilla::DataStorageMemoryReporter;
+
+  class Writer;
+  class Reader;
+
+  class Entry {
+   public:
+    Entry();
+    bool UpdateScore();
+
+    uint32_t mScore;
+    int32_t mLastAccessed;  // the last accessed time in days since the epoch
+    nsCString mValue;
+  };
+
+  // Utility class for scanning tables for an entry to evict.
+  class KeyAndEntry {
+   public:
+    nsCString mKey;
+    Entry mEntry;
+  };
+
+  typedef nsTHashMap<nsCStringHashKey, Entry> DataStorageTable;
+  typedef nsRefPtrHashtable<nsStringHashKey, DataStorage> DataStorages;
+
+  void WaitForReady();
+  nsresult AsyncWriteData(const MutexAutoLock& aProofOfLock);
+  nsresult AsyncReadData(const MutexAutoLock& aProofOfLock);
+
+  static nsresult ValidateKeyAndValue(const nsCString& aKey,
+                                      const nsCString& aValue);
+  static void TimerCallback(nsITimer* aTimer, void* aClosure);
+  void NotifyObservers(const char* aTopic);
+
+  bool GetInternal(const nsCString& aKey, Entry* aEntry, DataStorageType aType,
+                   const MutexAutoLock& aProofOfLock);
+  nsresult PutInternal(const nsCString& aKey, Entry& aEntry,
+                       DataStorageType aType,
+                       const MutexAutoLock& aProofOfLock);
+  void MaybeEvictOneEntry(DataStorageType aType,
+                          const MutexAutoLock& aProofOfLock);
+  DataStorageTable& GetTableForType(DataStorageType aType,
+                                    const MutexAutoLock& aProofOfLock);
+
+  void ReadAllFromTable(DataStorageType aType,
+                        nsTArray<DataStorageItem>* aItems,
+                        const MutexAutoLock& aProofOfLock);
+
+  Mutex mMutex;  // This mutex protects access to the following members:
+  DataStorageTable mPersistentDataTable MOZ_GUARDED_BY(mMutex);
+  DataStorageTable mTemporaryDataTable MOZ_GUARDED_BY(mMutex);
+  DataStorageTable mPrivateDataTable MOZ_GUARDED_BY(mMutex);
+  nsCOMPtr<nsIFile> mBackingFile MOZ_GUARDED_BY(mMutex);
+  bool mPendingWrite MOZ_GUARDED_BY(
+      mMutex);  // true if a write is needed but hasn't been dispatched
+  bool mTimerArmed MOZ_GUARDED_BY(mMutex);
+  bool mShuttingDown MOZ_GUARDED_BY(mMutex);
+  RefPtr<TaskQueue> mBackgroundTaskQueue MOZ_GUARDED_BY(mMutex);
+  // (End list of members protected by mMutex)
+
+  nsCOMPtr<nsITimer> mTimer;
+
+  mozilla::Atomic<bool> mInitCalled;  // Indicates that Init() has been called.
+  uint32_t mTimerDelayMS;
+
+  Monitor mReadyMonitor;  // Do not acquire this at the same time as mMutex.
+  bool mReady MOZ_GUARDED_BY(mReadyMonitor);  // Indicates that saved data has
+                                              // been read and Get can proceed.
+
+  const nsString mFilename;
+
+  static StaticAutoPtr<DataStorages> sDataStorages;
+};
+
+}  // namespace mozilla
+
+#endif  // mozilla_DataStorage_h
diff --git a/security/manager/ssl/DataStorageIPCUtils.h b/security/manager/ssl/DataStorageIPCUtils.h
new file mode 100644
index 0000000000..4a8fe0cdeb
--- /dev/null
+++ b/security/manager/ssl/DataStorageIPCUtils.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ipc_DataStorageIPCUtils_h
+#define ipc_DataStorageIPCUtils_h
+
+#include "ipc/EnumSerializer.h"
+#include "mozilla/DataStorage.h"
+
+namespace IPC {
+template <>
+struct ParamTraits<mozilla::DataStorageType>
+    : public ContiguousEnumSerializer<
+          mozilla::DataStorageType, mozilla::DataStorage_Persistent,
+          mozilla::DataStorageType(mozilla::DataStorage_Private + 1)> {};
+}  // namespace IPC
+
+#endif  // mozilla_DataStorageIPCUtils_hh
diff --git a/security/manager/ssl/DataStorageList.h b/security/manager/ssl/DataStorageList.h
new file mode 100644
index 0000000000..88bf3b9996
--- /dev/null
+++ b/security/manager/ssl/DataStorageList.h
@@ -0,0 +1,18 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is the list of well-known PSM DataStorage classes that Gecko uses.
+// These are key value data stores that are backed by a simple text-based
+// storage in the profile directory.
+//
+// Please note that it is crucial for performance reasons for the number of
+// these classes to remain low.  If you need to add to this list, you may
+// need to update the algorithm in DataStorage::SetCachedStorageEntries()
+// to something faster.
+
+DATA_STORAGE(AlternateServices)
+DATA_STORAGE(ClientAuthRememberList)
+DATA_STORAGE(SiteSecurityServiceState)
diff --git a/security/manager/ssl/EnterpriseRoots.cpp b/security/manager/ssl/EnterpriseRoots.cpp
new file mode 100644
index 0000000000..b54233b7cd
--- /dev/null
+++ b/security/manager/ssl/EnterpriseRoots.cpp
@@ -0,0 +1,373 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "EnterpriseRoots.h"
+
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Unused.h"
+#include "mozpkix/Result.h"
+#include "nsThreadUtils.h"
+
+#ifdef MOZ_WIDGET_ANDROID
+#  include "mozilla/java/EnterpriseRootsWrappers.h"
+#endif  // MOZ_WIDGET_ANDROID
+
+#ifdef XP_MACOSX
+#  include <Security/Security.h>
+#  include "KeychainSecret.h"  // for ScopedCFType
+
+#  include "nsCocoaFeatures.h"
+#endif  // XP_MACOSX
+
+#ifdef XP_WIN
+#  include <windows.h>
+#  include <wincrypt.h>
+#endif  // XP_WIN
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+using namespace mozilla;
+
+nsresult EnterpriseCert::Init(const uint8_t* data, size_t len, bool isRoot) {
+  mDER.clear();
+  if (!mDER.append(data, len)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  mIsRoot = isRoot;
+
+  return NS_OK;
+}
+
+nsresult EnterpriseCert::Init(const EnterpriseCert& orig) {
+  return Init(orig.mDER.begin(), orig.mDER.length(), orig.mIsRoot);
+}
+
+nsresult EnterpriseCert::CopyBytes(nsTArray<uint8_t>& dest) const {
+  dest.Clear();
+  // XXX(Bug 1631371) Check if this should use a fallible operation as it
+  // pretended earlier, or change the return type to void.
+  dest.AppendElements(mDER.begin(), mDER.length());
+  return NS_OK;
+}
+
+pkix::Result EnterpriseCert::GetInput(pkix::Input& input) const {
+  return input.Init(mDER.begin(), mDER.length());
+}
+
+bool EnterpriseCert::GetIsRoot() const { return mIsRoot; }
+
+#ifdef XP_WIN
+const wchar_t* kWindowsDefaultRootStoreNames[] = {L"ROOT", L"CA"};
+
+// Helper function to determine if the OS considers the given certificate to be
+// a trust anchor for TLS server auth certificates. This is to be used in the
+// context of importing what are presumed to be root certificates from the OS.
+// If this function returns true but it turns out that the given certificate is
+// in some way unsuitable to issue certificates, mozilla::pkix will never build
+// a valid chain that includes the certificate, so importing it even if it
+// isn't a valid CA poses no risk.
+static void CertIsTrustAnchorForTLSServerAuth(PCCERT_CONTEXT certificate,
+                                              bool& isTrusted, bool& isRoot) {
+  isTrusted = false;
+  isRoot = false;
+  MOZ_ASSERT(certificate);
+  if (!certificate) {
+    return;
+  }
+
+  PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
+  CERT_ENHKEY_USAGE enhkeyUsage;
+  memset(&enhkeyUsage, 0, sizeof(CERT_ENHKEY_USAGE));
+  LPCSTR identifiers[] = {
+      "1.3.6.1.5.5.7.3.1",  // id-kp-serverAuth
+  };
+  enhkeyUsage.cUsageIdentifier = ArrayLength(identifiers);
+  enhkeyUsage.rgpszUsageIdentifier =
+      const_cast<LPSTR*>(identifiers);  // -Wwritable-strings
+  CERT_USAGE_MATCH certUsage;
+  memset(&certUsage, 0, sizeof(CERT_USAGE_MATCH));
+  certUsage.dwType = USAGE_MATCH_TYPE_AND;
+  certUsage.Usage = enhkeyUsage;
+  CERT_CHAIN_PARA chainPara;
+  memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA));
+  chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
+  chainPara.RequestedUsage = certUsage;
+  // Disable anything that could result in network I/O.
+  DWORD flags = CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY |
+                CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL |
+                CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE |
+                CERT_CHAIN_DISABLE_AIA;
+  if (!CertGetCertificateChain(nullptr, certificate, nullptr, nullptr,
+                               &chainPara, flags, nullptr, &pChainContext)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertGetCertificateChain failed"));
+    return;
+  }
+  isTrusted = pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR;
+  if (isTrusted && pChainContext->cChain > 0) {
+    // The so-called "final chain" is what we're after:
+    // https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/ns-wincrypt-_cert_chain_context
+    CERT_SIMPLE_CHAIN* finalChain =
+        pChainContext->rgpChain[pChainContext->cChain - 1];
+    // This is a root if the final chain consists of only one certificate (i.e.
+    // this one).
+    isRoot = finalChain->cElement == 1;
+  }
+  CertFreeCertificateChain(pChainContext);
+}
+
+// Because HCERTSTORE is just a typedef void*, we can't use any of the nice
+// scoped or unique pointer templates. To elaborate, any attempt would
+// instantiate those templates with T = void. When T gets used in the context
+// of T&, this results in void&, which isn't legal.
+class ScopedCertStore final {
+ public:
+  explicit ScopedCertStore(HCERTSTORE certstore) : certstore(certstore) {}
+
+  ~ScopedCertStore() { CertCloseStore(certstore, 0); }
+
+  HCERTSTORE get() { return certstore; }
+
+ private:
+  ScopedCertStore(const ScopedCertStore&) = delete;
+  ScopedCertStore& operator=(const ScopedCertStore&) = delete;
+  HCERTSTORE certstore;
+};
+
+// Loads the enterprise roots at the registry location corresponding to the
+// given location flag.
+// Supported flags are:
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE
+//     (for HKLM\SOFTWARE\Microsoft\SystemCertificates)
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
+//     (for HKLM\SOFTWARE\Policy\Microsoft\SystemCertificates)
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
+//     (for HKLM\SOFTWARE\Microsoft\EnterpriseCertificates)
+//   CERT_SYSTEM_STORE_CURRENT_USER
+//     (for HKCU\SOFTWARE\Microsoft\SystemCertificates)
+//   CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY
+//     (for HKCU\SOFTWARE\Policy\Microsoft\SystemCertificates)
+static void GatherEnterpriseCertsForLocation(DWORD locationFlag,
+                                             Vector<EnterpriseCert>& certs) {
+  MOZ_ASSERT(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
+                 locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
+                 locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE ||
+                 locationFlag == CERT_SYSTEM_STORE_CURRENT_USER ||
+                 locationFlag == CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY,
+             "unexpected locationFlag for GatherEnterpriseRootsForLocation");
+  if (!(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
+        locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
+        locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE ||
+        locationFlag == CERT_SYSTEM_STORE_CURRENT_USER ||
+        locationFlag == CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY)) {
+    return;
+  }
+
+  DWORD flags =
+      locationFlag | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG;
+  // The certificate store being opened should consist only of certificates
+  // added by a user or administrator and not any certificates that are part
+  // of Microsoft's root store program.
+  // The 3rd parameter to CertOpenStore should be NULL according to
+  // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376559%28v=vs.85%29.aspx
+  for (auto name : kWindowsDefaultRootStoreNames) {
+    ScopedCertStore enterpriseRootStore(
+        CertOpenStore(CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, NULL, flags, name));
+    if (!enterpriseRootStore.get()) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to open enterprise root store"));
+      continue;
+    }
+    PCCERT_CONTEXT certificate = nullptr;
+    uint32_t numImported = 0;
+    while ((certificate = CertFindCertificateInStore(
+                enterpriseRootStore.get(), X509_ASN_ENCODING, 0, CERT_FIND_ANY,
+                nullptr, certificate))) {
+      bool isTrusted;
+      bool isRoot;
+      CertIsTrustAnchorForTLSServerAuth(certificate, isTrusted, isRoot);
+      if (!isTrusted) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("skipping cert not trusted for TLS server auth"));
+        continue;
+      }
+      EnterpriseCert enterpriseCert;
+      if (NS_FAILED(enterpriseCert.Init(certificate->pbCertEncoded,
+                                        certificate->cbCertEncoded, isRoot))) {
+        // Best-effort. We probably ran out of memory.
+        continue;
+      }
+      if (!certs.append(std::move(enterpriseCert))) {
+        // Best-effort again.
+        continue;
+      }
+      numImported++;
+    }
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("imported %u certs from %S", numImported, name));
+  }
+}
+
+static void GatherEnterpriseCertsWindows(Vector<EnterpriseCert>& certs) {
+  GatherEnterpriseCertsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE, certs);
+  GatherEnterpriseCertsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY,
+                                   certs);
+  GatherEnterpriseCertsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE,
+                                   certs);
+  GatherEnterpriseCertsForLocation(CERT_SYSTEM_STORE_CURRENT_USER, certs);
+  GatherEnterpriseCertsForLocation(CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY,
+                                   certs);
+}
+#endif  // XP_WIN
+
+#ifdef XP_MACOSX
+OSStatus GatherEnterpriseCertsMacOS(Vector<EnterpriseCert>& certs) {
+  // The following builds a search dictionary corresponding to:
+  // { class: "certificate",
+  //   match limit: "match all",
+  //   policy: "SSL (TLS)",
+  //   only include trusted certificates: true }
+  // This operates on items that have been added to the keychain and thus gives
+  // us all 3rd party certificates that have been trusted for SSL (TLS), which
+  // is what we want (thus we don't import built-in root certificates that ship
+  // with the OS).
+  const CFStringRef keys[] = {kSecClass, kSecMatchLimit, kSecMatchPolicy,
+                              kSecMatchTrustedOnly};
+  // https://developer.apple.com/documentation/security/1392592-secpolicycreatessl
+  ScopedCFType<SecPolicyRef> sslPolicy(SecPolicyCreateSSL(true, nullptr));
+  const void* values[] = {kSecClassCertificate, kSecMatchLimitAll,
+                          sslPolicy.get(), kCFBooleanTrue};
+  static_assert(ArrayLength(keys) == ArrayLength(values),
+                "mismatched SecItemCopyMatching key/value array sizes");
+  // https://developer.apple.com/documentation/corefoundation/1516782-cfdictionarycreate
+  ScopedCFType<CFDictionaryRef> searchDictionary(CFDictionaryCreate(
+      nullptr, (const void**)&keys, (const void**)&values, ArrayLength(keys),
+      &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
+  CFTypeRef items;
+  // https://developer.apple.com/documentation/security/1398306-secitemcopymatching
+  OSStatus rv = SecItemCopyMatching(searchDictionary.get(), &items);
+  if (rv != errSecSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("SecItemCopyMatching failed"));
+    return rv;
+  }
+  // If given a match limit greater than 1 (which we did), SecItemCopyMatching
+  // returns a CFArrayRef.
+  ScopedCFType<CFArrayRef> arr(reinterpret_cast<CFArrayRef>(items));
+  CFIndex count = CFArrayGetCount(arr.get());
+  uint32_t numImported = 0;
+  for (CFIndex i = 0; i < count; i++) {
+    const CFTypeRef c = CFArrayGetValueAtIndex(arr.get(), i);
+    SecTrustRef trust;
+    rv = SecTrustCreateWithCertificates(c, sslPolicy.get(), &trust);
+    if (rv != errSecSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("SecTrustCreateWithCertificates failed"));
+      continue;
+    }
+    ScopedCFType<SecTrustRef> trustHandle(trust);
+    // Disable AIA chasing to avoid network I/O.
+    rv = SecTrustSetNetworkFetchAllowed(trustHandle.get(), false);
+    if (rv != errSecSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("SecTrustSetNetworkFetchAllowed failed"));
+      continue;
+    }
+    bool isTrusted = false;
+    bool fallBackToDeprecatedAPI = true;
+    if (nsCocoaFeatures::OnMojaveOrLater()) {
+      // This is an awkward way to express what we want, but the compiler
+      // complains if we try to put __builtin_available in a compound logical
+      // statement.
+      if (__builtin_available(macOS 10.14, *)) {
+        isTrusted = SecTrustEvaluateWithError(trustHandle.get(), nullptr);
+        fallBackToDeprecatedAPI = false;
+      }
+    }
+    if (fallBackToDeprecatedAPI) {
+      SecTrustResultType result;
+      rv = SecTrustEvaluate(trustHandle.get(), &result);
+      if (rv != errSecSuccess) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("SecTrustEvaluate failed"));
+        continue;
+      }
+      // 'kSecTrustResultProceed' means the trust evaluation succeeded and that
+      // this is a trusted certificate.
+      // 'kSecTrustResultUnspecified' means the trust evaluation succeeded and
+      // that this certificate inherits its trust.
+      isTrusted = result == kSecTrustResultProceed ||
+                  result == kSecTrustResultUnspecified;
+    }
+    if (!isTrusted) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("skipping cert not trusted"));
+      continue;
+    }
+    CFIndex count = SecTrustGetCertificateCount(trustHandle.get());
+    bool isRoot = count == 1;
+
+    // Because we asked for certificates, each CFTypeRef in the array is really
+    // a SecCertificateRef.
+    const SecCertificateRef s = (const SecCertificateRef)c;
+    ScopedCFType<CFDataRef> der(SecCertificateCopyData(s));
+    EnterpriseCert enterpriseCert;
+    if (NS_FAILED(enterpriseCert.Init(CFDataGetBytePtr(der.get()),
+                                      CFDataGetLength(der.get()), isRoot))) {
+      // Best-effort. We probably ran out of memory.
+      continue;
+    }
+    if (!certs.append(std::move(enterpriseCert))) {
+      // Best-effort again.
+      continue;
+    }
+    numImported++;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("imported %u certs", numImported));
+  return errSecSuccess;
+}
+#endif  // XP_MACOSX
+
+#ifdef MOZ_WIDGET_ANDROID
+void GatherEnterpriseCertsAndroid(Vector<EnterpriseCert>& certs) {
+  if (!jni::IsAvailable()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("JNI not available"));
+    return;
+  }
+  jni::ObjectArray::LocalRef roots =
+      java::EnterpriseRoots::GatherEnterpriseRoots();
+  for (size_t i = 0; i < roots->Length(); i++) {
+    jni::ByteArray::LocalRef root = roots->GetElement(i);
+    EnterpriseCert cert;
+    // Currently we treat all certificates gleaned from the Android
+    // CA store as roots.
+    if (NS_SUCCEEDED(cert.Init(
+            reinterpret_cast<uint8_t*>(root->GetElements().Elements()),
+            root->Length(), true))) {
+      Unused << certs.append(std::move(cert));
+    }
+  }
+}
+#endif  // MOZ_WIDGET_ANDROID
+
+nsresult GatherEnterpriseCerts(Vector<EnterpriseCert>& certs) {
+  MOZ_ASSERT(!NS_IsMainThread());
+  if (NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  certs.clear();
+#ifdef XP_WIN
+  GatherEnterpriseCertsWindows(certs);
+#endif  // XP_WIN
+#ifdef XP_MACOSX
+  OSStatus rv = GatherEnterpriseCertsMacOS(certs);
+  if (rv != errSecSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+#endif  // XP_MACOSX
+#ifdef MOZ_WIDGET_ANDROID
+  GatherEnterpriseCertsAndroid(certs);
+#endif  // MOZ_WIDGET_ANDROID
+  return NS_OK;
+}
diff --git a/security/manager/ssl/EnterpriseRoots.h b/security/manager/ssl/EnterpriseRoots.h
new file mode 100644
index 0000000000..7504dcec1d
--- /dev/null
+++ b/security/manager/ssl/EnterpriseRoots.h
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef EnterpriseRoots_h
+#define EnterpriseRoots_h
+
+#include "mozilla/Vector.h"
+#include "mozpkix/Input.h"
+#include "mozpkix/Result.h"
+#include "nsTArray.h"
+
+class EnterpriseCert {
+ public:
+  EnterpriseCert() : mIsRoot(false) {}
+
+  nsresult Init(const uint8_t* data, size_t len, bool isRoot);
+  // Like a copy constructor but able to return a result.
+  nsresult Init(const EnterpriseCert& orig);
+
+  nsresult CopyBytes(nsTArray<uint8_t>& dest) const;
+  mozilla::pkix::Result GetInput(mozilla::pkix::Input& input) const;
+  bool GetIsRoot() const;
+
+ private:
+  mozilla::Vector<uint8_t> mDER;
+  bool mIsRoot;
+};
+
+// This may block and must not be called from the main thread.
+nsresult GatherEnterpriseCerts(mozilla::Vector<EnterpriseCert>& certs);
+
+#endif  // EnterpriseRoots_h
diff --git a/security/manager/ssl/IPCClientCertsChild.cpp b/security/manager/ssl/IPCClientCertsChild.cpp
new file mode 100644
index 0000000000..bea0e27dff
--- /dev/null
+++ b/security/manager/ssl/IPCClientCertsChild.cpp
@@ -0,0 +1,17 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "IPCClientCertsChild.h"
+
+#include "mozilla/ipc/BackgroundChild.h"
+#include "mozilla/ipc/PBackgroundChild.h"
+
+namespace mozilla::psm {
+
+IPCClientCertsChild::IPCClientCertsChild() = default;
+
+}  // namespace mozilla::psm
diff --git a/security/manager/ssl/IPCClientCertsChild.h b/security/manager/ssl/IPCClientCertsChild.h
new file mode 100644
index 0000000000..17020fce2e
--- /dev/null
+++ b/security/manager/ssl/IPCClientCertsChild.h
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_psm_IPCClientCertsChild_h__
+#define mozilla_psm_IPCClientCertsChild_h__
+
+#include "mozilla/psm/PIPCClientCertsChild.h"
+
+namespace mozilla {
+
+namespace ipc {
+class BackgroundChildImpl;
+}  // namespace ipc
+
+namespace psm {
+
+class IPCClientCertsChild final : public PIPCClientCertsChild {
+  friend class mozilla::ipc::BackgroundChildImpl;
+
+ public:
+  IPCClientCertsChild();
+
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(IPCClientCertsChild);
+
+ private:
+  ~IPCClientCertsChild() = default;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/IPCClientCertsParent.cpp b/security/manager/ssl/IPCClientCertsParent.cpp
new file mode 100644
index 0000000000..bb8791d0fa
--- /dev/null
+++ b/security/manager/ssl/IPCClientCertsParent.cpp
@@ -0,0 +1,130 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "IPCClientCertsParent.h"
+#include "ScopedNSSTypes.h"
+#include "nsNSSComponent.h"
+#include "nsNSSIOLayer.h"
+
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/ipc/BackgroundParent.h"
+
+namespace mozilla::psm {
+
+IPCClientCertsParent::IPCClientCertsParent() = default;
+
+// When the IPC client certs module needs to find certificate and key objects
+// in the socket process, it will cause this function to be called in the
+// parent process. The parent process needs to find all certificates with
+// private keys (because these are potential client certificates).
+mozilla::ipc::IPCResult IPCClientCertsParent::RecvFindObjects(
+    nsTArray<IPCClientCertObject>* aObjects) {
+  nsCOMPtr<nsIEventTarget> socketThread(
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID));
+  if (!socketThread) {
+    return IPC_OK();
+  }
+  // Look for client certificates on the socket thread.
+  UniqueCERTCertList certList;
+  mozilla::SyncRunnable::DispatchToThread(
+      socketThread, NS_NewRunnableFunction(
+                        "IPCClientCertsParent::RecvFindObjects", [&certList]() {
+                          certList =
+                              psm::FindClientCertificatesWithPrivateKeys();
+                        }));
+  if (!certList) {
+    return IPC_OK();
+  }
+  CERTCertListNode* n = CERT_LIST_HEAD(certList);
+  while (!CERT_LIST_END(n, certList)) {
+    nsTArray<uint8_t> certDER(n->cert->derCert.data, n->cert->derCert.len);
+    uint32_t slotType;
+    UniqueSECKEYPublicKey pubkey(CERT_ExtractPublicKey(n->cert));
+    if (!pubkey) {
+      return IPC_OK();
+    }
+    switch (SECKEY_GetPublicKeyType(pubkey.get())) {
+      case rsaKey:
+      case rsaPssKey: {
+        slotType = PK11_DoesMechanism(n->cert->slot, CKM_RSA_PKCS_PSS)
+                       ? kIPCClientCertsSlotTypeModern
+                       : kIPCClientCertsSlotTypeLegacy;
+        nsTArray<uint8_t> modulus(pubkey->u.rsa.modulus.data,
+                                  pubkey->u.rsa.modulus.len);
+        RSAKey rsakey(modulus, certDER, slotType);
+        aObjects->AppendElement(std::move(rsakey));
+        break;
+      }
+      case ecKey: {
+        slotType = kIPCClientCertsSlotTypeModern;
+        nsTArray<uint8_t> params(pubkey->u.ec.DEREncodedParams.data,
+                                 pubkey->u.ec.DEREncodedParams.len);
+        ECKey eckey(params, certDER, slotType);
+        aObjects->AppendElement(std::move(eckey));
+        break;
+      }
+      default:
+        n = CERT_LIST_NEXT(n);
+        continue;
+    }
+    Certificate cert(certDER, slotType);
+    aObjects->AppendElement(std::move(cert));
+
+    n = CERT_LIST_NEXT(n);
+  }
+  return IPC_OK();
+}
+
+// When the IPC client certs module needs to sign data using a key managed by
+// the parent process, it will cause this function to be called in the parent
+// process. The parent process needs to find the key corresponding to the given
+// certificate and sign the given data with the given parameters.
+mozilla::ipc::IPCResult IPCClientCertsParent::RecvSign(ByteArray aCert,
+                                                       ByteArray aData,
+                                                       ByteArray aParams,
+                                                       ByteArray* aSignature) {
+  SECItem certItem = {siBuffer, const_cast<uint8_t*>(aCert.data().Elements()),
+                      static_cast<unsigned int>(aCert.data().Length())};
+  aSignature->data().Clear();
+
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &certItem, nullptr, false, true));
+  if (!cert) {
+    return IPC_OK();
+  }
+  UniqueSECKEYPrivateKey key(PK11_FindKeyByAnyCert(cert.get(), nullptr));
+  if (!key) {
+    return IPC_OK();
+  }
+  SECItem params = {siBuffer, aParams.data().Elements(),
+                    static_cast<unsigned int>(aParams.data().Length())};
+  SECItem* paramsPtr = aParams.data().Length() > 0 ? &params : nullptr;
+  CK_MECHANISM_TYPE mechanism;
+  switch (key->keyType) {
+    case ecKey:
+      mechanism = CKM_ECDSA;
+      break;
+    case rsaKey:
+      mechanism = aParams.data().Length() > 0 ? CKM_RSA_PKCS_PSS : CKM_RSA_PKCS;
+      break;
+    default:
+      return IPC_OK();
+  }
+  uint32_t len = PK11_SignatureLen(key.get());
+  UniqueSECItem sig(::SECITEM_AllocItem(nullptr, nullptr, len));
+  SECItem hash = {siBuffer, aData.data().Elements(),
+                  static_cast<unsigned int>(aData.data().Length())};
+  SECStatus srv =
+      PK11_SignWithMechanism(key.get(), mechanism, paramsPtr, sig.get(), &hash);
+  if (srv != SECSuccess) {
+    return IPC_OK();
+  }
+  aSignature->data().AppendElements(sig->data, sig->len);
+  return IPC_OK();
+}
+
+}  // namespace mozilla::psm
diff --git a/security/manager/ssl/IPCClientCertsParent.h b/security/manager/ssl/IPCClientCertsParent.h
new file mode 100644
index 0000000000..09ad589aca
--- /dev/null
+++ b/security/manager/ssl/IPCClientCertsParent.h
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_psm_IPCClientCertsParent_h__
+#define mozilla_psm_IPCClientCertsParent_h__
+
+#include "mozilla/psm/PIPCClientCertsParent.h"
+
+namespace mozilla {
+
+namespace ipc {
+class BackgroundParentImpl;
+}  // namespace ipc
+
+namespace psm {
+
+class IPCClientCertsParent final : public PIPCClientCertsParent {
+  friend class mozilla::ipc::BackgroundParentImpl;
+
+ public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(IPCClientCertsParent)
+
+  mozilla::ipc::IPCResult RecvFindObjects(
+      nsTArray<IPCClientCertObject>* aObjects);
+  mozilla::ipc::IPCResult RecvSign(ByteArray aCert, ByteArray aData,
+                                   ByteArray aParams, ByteArray* aSignature);
+
+ private:
+  IPCClientCertsParent();
+  ~IPCClientCertsParent() = default;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/KeychainSecret.cpp b/security/manager/ssl/KeychainSecret.cpp
new file mode 100644
index 0000000000..376e2f14c3
--- /dev/null
+++ b/security/manager/ssl/KeychainSecret.cpp
@@ -0,0 +1,186 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "KeychainSecret.h"
+
+#include <Security/Security.h>
+
+#include "mozilla/Logging.h"
+
+// This is the implementation of KeychainSecret, an instantiation of OSKeyStore
+// for OS X. It uses the system keychain, hence the name.
+
+using namespace mozilla;
+
+LazyLogModule gKeychainSecretLog("keychainsecret");
+
+KeychainSecret::KeychainSecret() {}
+
+KeychainSecret::~KeychainSecret() {}
+
+nsresult KeychainSecret::Lock() {
+  // https://developer.apple.com/documentation/security/1402180-seckeychainlock
+  // Passing `nullptr` locks the default keychain.
+  OSStatus rv = SecKeychainLock(nullptr);
+  if (rv != errSecSuccess) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("SecKeychainLock failed: %d", rv));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult KeychainSecret::Unlock() {
+  // https://developer.apple.com/documentation/security/1400341-seckeychainunlock
+  // This attempts to unlock the default keychain. Using `false` indicates we
+  // aren't passing in a password (if the keychain is locked, a dialog will
+  // appear for the user).
+  OSStatus rv = SecKeychainUnlock(nullptr, 0, nullptr, false);
+  if (rv != errSecSuccess) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("SecKeychainUnlock failed: %d", rv));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+ScopedCFType<CFStringRef> MozillaStringToCFString(const nsACString& stringIn) {
+  // https://developer.apple.com/documentation/corefoundation/1543419-cfstringcreatewithbytes
+  ScopedCFType<CFStringRef> stringOut(CFStringCreateWithBytes(
+      nullptr, reinterpret_cast<const UInt8*>(stringIn.BeginReading()),
+      stringIn.Length(), kCFStringEncodingUTF8, false));
+  return stringOut;
+}
+
+nsresult KeychainSecret::StoreSecret(const nsACString& aSecret,
+                                     const nsACString& aLabel) {
+  // This creates a CFDictionary of the form:
+  // { class: generic password,
+  //   account: the given label,
+  //   value: the given secret }
+  // "account" is the way we differentiate different secrets.
+  // By default, secrets stored by the application (Firefox) in this way are not
+  // accessible to other applications, so we shouldn't need to worry about
+  // unauthorized access or namespace collisions. This will be the case as long
+  // as we never set the kSecAttrAccessGroup attribute on the CFDictionary. The
+  // platform enforces this restriction using the application-identifier
+  // entitlement that each application bundle should have. See
+  // https://developer.apple.com/documentation/security/1401659-secitemadd?language=objc#discussion
+
+  // The keychain does not overwrite secrets by default (unlike other backends
+  // like libsecret and credential manager). To be consistent, we first delete
+  // any previously-stored secrets that use the given label.
+  nsresult rv = DeleteSecret(aLabel);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("DeleteSecret before StoreSecret failed"));
+    return rv;
+  }
+  const CFStringRef keys[] = {kSecClass, kSecAttrAccount, kSecValueData};
+  ScopedCFType<CFStringRef> label(MozillaStringToCFString(aLabel));
+  if (!label) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("MozillaStringToCFString failed"));
+    return NS_ERROR_FAILURE;
+  }
+  ScopedCFType<CFDataRef> secret(CFDataCreate(
+      nullptr, reinterpret_cast<const UInt8*>(aSecret.BeginReading()),
+      aSecret.Length()));
+  if (!secret) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug, ("CFDataCreate failed"));
+    return NS_ERROR_FAILURE;
+  }
+  const void* values[] = {kSecClassGenericPassword, label.get(), secret.get()};
+  static_assert(ArrayLength(keys) == ArrayLength(values),
+                "mismatched SecItemAdd key/value array sizes");
+  ScopedCFType<CFDictionaryRef> addDictionary(CFDictionaryCreate(
+      nullptr, (const void**)&keys, (const void**)&values, ArrayLength(keys),
+      &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
+  // https://developer.apple.com/documentation/security/1401659-secitemadd
+  OSStatus osrv = SecItemAdd(addDictionary.get(), nullptr);
+  if (osrv != errSecSuccess) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("SecItemAdd failed: %d", osrv));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult KeychainSecret::DeleteSecret(const nsACString& aLabel) {
+  // To delete a secret, we create a CFDictionary of the form:
+  // { class: generic password,
+  //   account: the given label }
+  // and then call SecItemDelete.
+  const CFStringRef keys[] = {kSecClass, kSecAttrAccount};
+  ScopedCFType<CFStringRef> label(MozillaStringToCFString(aLabel));
+  if (!label) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("MozillaStringToCFString failed"));
+    return NS_ERROR_FAILURE;
+  }
+  const void* values[] = {kSecClassGenericPassword, label.get()};
+  static_assert(ArrayLength(keys) == ArrayLength(values),
+                "mismatched SecItemDelete key/value array sizes");
+  ScopedCFType<CFDictionaryRef> deleteDictionary(CFDictionaryCreate(
+      nullptr, (const void**)&keys, (const void**)&values, ArrayLength(keys),
+      &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
+  // https://developer.apple.com/documentation/security/1395547-secitemdelete
+  OSStatus rv = SecItemDelete(deleteDictionary.get());
+  if (rv != errSecSuccess && rv != errSecItemNotFound) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("SecItemDelete failed: %d", rv));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult KeychainSecret::RetrieveSecret(const nsACString& aLabel,
+                                        /* out */ nsACString& aSecret) {
+  // To retrieve a secret, we create a CFDictionary of the form:
+  // { class: generic password,
+  //   account: the given label,
+  //   match limit: match one,
+  //   return attributes: true,
+  //   return data: true }
+  // This searches for and returns the attributes and data for the secret
+  // matching the given label. We then extract the data (i.e. the secret) and
+  // return it.
+  const CFStringRef keys[] = {kSecClass, kSecAttrAccount, kSecMatchLimit,
+                              kSecReturnAttributes, kSecReturnData};
+  ScopedCFType<CFStringRef> label(MozillaStringToCFString(aLabel));
+  if (!label) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("MozillaStringToCFString failed"));
+    return NS_ERROR_FAILURE;
+  }
+  const void* values[] = {kSecClassGenericPassword, label.get(),
+                          kSecMatchLimitOne, kCFBooleanTrue, kCFBooleanTrue};
+  static_assert(ArrayLength(keys) == ArrayLength(values),
+                "mismatched SecItemCopyMatching key/value array sizes");
+  ScopedCFType<CFDictionaryRef> searchDictionary(CFDictionaryCreate(
+      nullptr, (const void**)&keys, (const void**)&values, ArrayLength(keys),
+      &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
+  CFTypeRef item;
+  // https://developer.apple.com/documentation/security/1398306-secitemcopymatching
+  OSStatus rv = SecItemCopyMatching(searchDictionary.get(), &item);
+  if (rv != errSecSuccess) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("SecItemCopyMatching failed: %d", rv));
+    return NS_ERROR_FAILURE;
+  }
+  ScopedCFType<CFDictionaryRef> dictionary(
+      reinterpret_cast<CFDictionaryRef>(item));
+  CFDataRef secret = reinterpret_cast<CFDataRef>(
+      CFDictionaryGetValue(dictionary.get(), kSecValueData));
+  if (!secret) {
+    MOZ_LOG(gKeychainSecretLog, LogLevel::Debug,
+            ("CFDictionaryGetValue failed"));
+    return NS_ERROR_FAILURE;
+  }
+  aSecret.Assign(reinterpret_cast<const char*>(CFDataGetBytePtr(secret)),
+                 CFDataGetLength(secret));
+  return NS_OK;
+}
diff --git a/security/manager/ssl/KeychainSecret.h b/security/manager/ssl/KeychainSecret.h
new file mode 100644
index 0000000000..b31522b7dd
--- /dev/null
+++ b/security/manager/ssl/KeychainSecret.h
@@ -0,0 +1,49 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef KeychainSecret_h
+#define KeychainSecret_h
+
+#include "CoreFoundation/CFBase.h"
+
+#include "OSKeyStore.h"
+#include "nsString.h"
+
+template <typename T>
+class ScopedCFType {
+ public:
+  explicit ScopedCFType(T value) : mValue(value) {}
+
+  ~ScopedCFType() {
+    if (mValue) {
+      CFRelease((CFTypeRef)mValue);
+    }
+  }
+
+  T get() { return mValue; }
+
+  explicit operator bool() const { return mValue != nullptr; }
+
+ private:
+  T mValue;
+};
+
+class KeychainSecret final : public AbstractOSKeyStore {
+ public:
+  KeychainSecret();
+
+  virtual nsresult RetrieveSecret(const nsACString& label,
+                                  /* out */ nsACString& secret) override;
+  virtual nsresult StoreSecret(const nsACString& secret,
+                               const nsACString& label) override;
+  virtual nsresult DeleteSecret(const nsACString& label) override;
+  virtual nsresult Lock() override;
+  virtual nsresult Unlock() override;
+
+  virtual ~KeychainSecret();
+};
+
+#endif  // KeychainSecret_h
diff --git a/security/manager/ssl/LibSecret.cpp b/security/manager/ssl/LibSecret.cpp
new file mode 100644
index 0000000000..ff5270878a
--- /dev/null
+++ b/security/manager/ssl/LibSecret.cpp
@@ -0,0 +1,385 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "LibSecret.h"
+
+#include <gio/gio.h>
+#include <gmodule.h>
+#include <memory>
+
+#include "mozilla/Base64.h"
+#include "mozilla/Logging.h"
+#include "MainThreadUtils.h"
+#include "prlink.h"
+
+// This is the implementation of LibSecret, an instantiation of OSKeyStore for
+// Linux.
+
+using namespace mozilla;
+
+LazyLogModule gLibSecretLog("libsecret");
+
+static PRLibrary* libsecret = nullptr;
+
+typedef struct _SecretService SecretService;
+typedef struct _SecretCollection SecretCollection;
+
+typedef enum {
+  SECRET_SCHEMA_NONE = 0,
+  SECRET_SCHEMA_DONT_MATCH_NAME = 1 << 1
+} SecretSchemaFlags;
+
+typedef enum {
+  SECRET_SCHEMA_ATTRIBUTE_STRING = 0,
+  SECRET_SCHEMA_ATTRIBUTE_INTEGER = 1,
+  SECRET_SCHEMA_ATTRIBUTE_BOOLEAN = 2,
+} SecretSchemaAttributeType;
+
+typedef struct {
+  const gchar* name;
+  SecretSchemaAttributeType type;
+} SecretSchemaAttribute;
+
+typedef struct {
+  const gchar* name;
+  SecretSchemaFlags flags;
+  SecretSchemaAttribute attributes[32];
+
+  /* <private> */
+  gint reserved;
+  gpointer reserved1;
+  gpointer reserved2;
+  gpointer reserved3;
+  gpointer reserved4;
+  gpointer reserved5;
+  gpointer reserved6;
+  gpointer reserved7;
+} SecretSchema;
+
+typedef enum {
+  SECRET_COLLECTION_NONE = 0 << 0,
+  SECRET_COLLECTION_LOAD_ITEMS = 1 << 1,
+} SecretCollectionFlags;
+
+typedef enum {
+  SECRET_SERVICE_NONE = 0,
+  SECRET_SERVICE_OPEN_SESSION = 1 << 1,
+  SECRET_SERVICE_LOAD_COLLECTIONS = 1 << 2,
+} SecretServiceFlags;
+
+typedef enum {
+  SECRET_ERROR_PROTOCOL = 1,
+  SECRET_ERROR_IS_LOCKED = 2,
+  SECRET_ERROR_NO_SUCH_OBJECT = 3,
+  SECRET_ERROR_ALREADY_EXISTS = 4,
+} SecretError;
+
+#define SECRET_COLLECTION_DEFAULT "default"
+
+typedef SecretCollection* (*secret_collection_for_alias_sync_fn)(
+    SecretService*, const gchar*, SecretCollectionFlags, GCancellable*,
+    GError**);
+typedef SecretService* (*secret_service_get_sync_fn)(SecretServiceFlags,
+                                                     GCancellable*, GError**);
+typedef gint (*secret_service_lock_sync_fn)(SecretService*, GList*,
+                                            GCancellable*, GList**, GError**);
+typedef gint (*secret_service_unlock_sync_fn)(SecretService*, GList*,
+                                              GCancellable*, GList**, GError**);
+typedef gboolean (*secret_password_clear_sync_fn)(const SecretSchema*,
+                                                  GCancellable*, GError**, ...);
+typedef gchar* (*secret_password_lookup_sync_fn)(const SecretSchema*,
+                                                 GCancellable*, GError**, ...);
+typedef gboolean (*secret_password_store_sync_fn)(const SecretSchema*,
+                                                  const gchar*, const gchar*,
+                                                  const gchar*, GCancellable*,
+                                                  GError**, ...);
+typedef void (*secret_password_free_fn)(const gchar*);
+typedef GQuark (*secret_error_get_quark_fn)();
+
+static secret_collection_for_alias_sync_fn secret_collection_for_alias_sync =
+    nullptr;
+static secret_service_get_sync_fn secret_service_get_sync = nullptr;
+static secret_service_lock_sync_fn secret_service_lock_sync = nullptr;
+static secret_service_unlock_sync_fn secret_service_unlock_sync = nullptr;
+static secret_password_clear_sync_fn secret_password_clear_sync = nullptr;
+static secret_password_lookup_sync_fn secret_password_lookup_sync = nullptr;
+static secret_password_store_sync_fn secret_password_store_sync = nullptr;
+static secret_password_free_fn secret_password_free = nullptr;
+static secret_error_get_quark_fn secret_error_get_quark = nullptr;
+
+nsresult MaybeLoadLibSecret() {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (!libsecret) {
+    libsecret = PR_LoadLibrary("libsecret-1.so.0");
+    if (!libsecret) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+// With TSan, we cannot unload libsecret once we have loaded it because
+// TSan does not support unloading libraries that are matched from its
+// suppression list. Hence we just keep the library loaded in TSan builds.
+#ifdef MOZ_TSAN
+#  define UNLOAD_LIBSECRET(x) \
+    do {                      \
+    } while (0)
+#else
+#  define UNLOAD_LIBSECRET(x) PR_UnloadLibrary(x)
+#endif
+
+#define FIND_FUNCTION_SYMBOL(function)                                   \
+  function = (function##_fn)PR_FindFunctionSymbol(libsecret, #function); \
+  if (!(function)) {                                                     \
+    UNLOAD_LIBSECRET(libsecret);                                         \
+    libsecret = nullptr;                                                 \
+    return NS_ERROR_NOT_AVAILABLE;                                       \
+  }
+    FIND_FUNCTION_SYMBOL(secret_collection_for_alias_sync);
+    FIND_FUNCTION_SYMBOL(secret_service_get_sync);
+    FIND_FUNCTION_SYMBOL(secret_service_lock_sync);
+    FIND_FUNCTION_SYMBOL(secret_service_unlock_sync);
+    FIND_FUNCTION_SYMBOL(secret_password_clear_sync);
+    FIND_FUNCTION_SYMBOL(secret_password_lookup_sync);
+    FIND_FUNCTION_SYMBOL(secret_password_store_sync);
+    FIND_FUNCTION_SYMBOL(secret_password_free);
+    FIND_FUNCTION_SYMBOL(secret_error_get_quark);
+#undef FIND_FUNCTION_SYMBOL
+  }
+
+  return NS_OK;
+}
+
+struct ScopedDelete {
+  void operator()(SecretService* ss) {
+    if (ss) g_object_unref(ss);
+  }
+  void operator()(SecretCollection* sc) {
+    if (sc) g_object_unref(sc);
+  }
+  void operator()(GError* error) {
+    if (error) g_error_free(error);
+  }
+  void operator()(GList* list) {
+    if (list) g_list_free(list);
+  }
+  void operator()(char* val) {
+    if (val) secret_password_free(val);
+  }
+};
+
+template <class T>
+struct ScopedMaybeDelete {
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDelete del;
+      del(ptr);
+    }
+  }
+};
+
+typedef std::unique_ptr<GError, ScopedMaybeDelete<GError>> ScopedGError;
+typedef std::unique_ptr<GList, ScopedMaybeDelete<GList>> ScopedGList;
+typedef std::unique_ptr<char, ScopedMaybeDelete<char>> ScopedPassword;
+typedef std::unique_ptr<SecretCollection, ScopedMaybeDelete<SecretCollection>>
+    ScopedSecretCollection;
+typedef std::unique_ptr<SecretService, ScopedMaybeDelete<SecretService>>
+    ScopedSecretService;
+
+LibSecret::LibSecret() = default;
+
+LibSecret::~LibSecret() {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  if (libsecret) {
+    secret_collection_for_alias_sync = nullptr;
+    secret_service_get_sync = nullptr;
+    secret_service_lock_sync = nullptr;
+    secret_service_unlock_sync = nullptr;
+    secret_password_clear_sync = nullptr;
+    secret_password_lookup_sync = nullptr;
+    secret_password_store_sync = nullptr;
+    secret_password_free = nullptr;
+    secret_error_get_quark = nullptr;
+    UNLOAD_LIBSECRET(libsecret);
+    libsecret = nullptr;
+  }
+}
+
+static const SecretSchema kSchema = {
+    "mozilla.firefox",
+    SECRET_SCHEMA_NONE,
+    {{"string", SECRET_SCHEMA_ATTRIBUTE_STRING}, /* the label */
+     {"NULL", SECRET_SCHEMA_ATTRIBUTE_STRING}}};
+
+nsresult GetScopedServices(ScopedSecretService& aSs,
+                           ScopedSecretCollection& aSc) {
+  MOZ_ASSERT(secret_service_get_sync && secret_collection_for_alias_sync);
+  if (!secret_service_get_sync || !secret_collection_for_alias_sync) {
+    return NS_ERROR_FAILURE;
+  }
+  GError* raw_error = nullptr;
+  aSs = ScopedSecretService(secret_service_get_sync(
+      static_cast<SecretServiceFlags>(
+          SECRET_SERVICE_OPEN_SESSION),  // SecretServiceFlags
+      nullptr,                           // GCancellable
+      &raw_error));
+  ScopedGError error(raw_error);
+  if (error || !aSs) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug, ("Couldn't get a secret service"));
+    return NS_ERROR_FAILURE;
+  }
+
+  aSc = ScopedSecretCollection(secret_collection_for_alias_sync(
+      aSs.get(), "default", static_cast<SecretCollectionFlags>(0),
+      nullptr,  // GCancellable
+      &raw_error));
+  error.reset(raw_error);
+  if (!aSc) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug,
+            ("Couldn't get a secret collection"));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult LibSecret::Lock() {
+  MOZ_ASSERT(secret_service_lock_sync);
+  if (!secret_service_lock_sync) {
+    return NS_ERROR_FAILURE;
+  }
+  ScopedSecretService ss;
+  ScopedSecretCollection sc;
+  if (NS_FAILED(GetScopedServices(ss, sc))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  GError* raw_error = nullptr;
+  GList* collections = nullptr;
+  ScopedGList collectionList(g_list_append(collections, sc.get()));
+  int numLocked = secret_service_lock_sync(ss.get(), collectionList.get(),
+                                           nullptr,  // GCancellable
+                                           nullptr,  // list of locked items
+                                           &raw_error);
+  ScopedGError error(raw_error);
+  if (numLocked != 1) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug,
+            ("Couldn't lock secret collection"));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult LibSecret::Unlock() {
+  MOZ_ASSERT(secret_service_unlock_sync);
+  if (!secret_service_unlock_sync) {
+    return NS_ERROR_FAILURE;
+  }
+  // Accessing the secret service might unlock it.
+  ScopedSecretService ss;
+  ScopedSecretCollection sc;
+  if (NS_FAILED(GetScopedServices(ss, sc))) {
+    return NS_ERROR_FAILURE;
+  }
+  GError* raw_error = nullptr;
+  GList* collections = nullptr;
+  ScopedGList collectionList(g_list_append(collections, sc.get()));
+  int numLocked = secret_service_unlock_sync(ss.get(), collectionList.get(),
+                                             nullptr,  // GCancellable
+                                             nullptr,  // list of unlocked items
+                                             &raw_error);
+  ScopedGError error(raw_error);
+  if (numLocked != 1) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug,
+            ("Couldn't unlock secret collection"));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult LibSecret::StoreSecret(const nsACString& aSecret,
+                                const nsACString& aLabel) {
+  MOZ_ASSERT(secret_password_store_sync);
+  if (!secret_password_store_sync) {
+    return NS_ERROR_FAILURE;
+  }
+  // libsecret expects a null-terminated string, so to be safe we store the
+  // secret (which could be arbitrary bytes) base64-encoded.
+  nsAutoCString base64;
+  nsresult rv = Base64Encode(aSecret, base64);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug, ("Error base64-encoding secret"));
+    return rv;
+  }
+  GError* raw_error = nullptr;
+  bool stored = secret_password_store_sync(
+      &kSchema, SECRET_COLLECTION_DEFAULT, PromiseFlatCString(aLabel).get(),
+      PromiseFlatCString(base64).get(),
+      nullptr,  // GCancellable
+      &raw_error, "string", PromiseFlatCString(aLabel).get(), nullptr);
+  ScopedGError error(raw_error);
+  if (raw_error) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug, ("Error storing secret"));
+    return NS_ERROR_FAILURE;
+  }
+
+  return stored ? NS_OK : NS_ERROR_FAILURE;
+}
+
+nsresult LibSecret::DeleteSecret(const nsACString& aLabel) {
+  MOZ_ASSERT(secret_password_clear_sync && secret_error_get_quark);
+  if (!secret_password_clear_sync || !secret_error_get_quark) {
+    return NS_ERROR_FAILURE;
+  }
+  GError* raw_error = nullptr;
+  Unused << secret_password_clear_sync(
+      &kSchema,
+      nullptr,  // GCancellable
+      &raw_error, "string", PromiseFlatCString(aLabel).get(), nullptr);
+  ScopedGError error(raw_error);
+  if (raw_error && !(raw_error->domain == secret_error_get_quark() &&
+                     raw_error->code == SECRET_ERROR_NO_SUCH_OBJECT)) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug, ("Error deleting secret"));
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+nsresult LibSecret::RetrieveSecret(const nsACString& aLabel,
+                                   /* out */ nsACString& aSecret) {
+  MOZ_ASSERT(secret_password_lookup_sync && secret_password_free);
+  if (!secret_password_lookup_sync || !secret_password_free) {
+    return NS_ERROR_FAILURE;
+  }
+  GError* raw_error = nullptr;
+  aSecret.Truncate();
+  ScopedPassword s(secret_password_lookup_sync(
+      &kSchema,
+      nullptr,  // GCancellable
+      &raw_error, "string", PromiseFlatCString(aLabel).get(), nullptr));
+  ScopedGError error(raw_error);
+  if (raw_error || !s) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug,
+            ("Error retrieving secret or didn't find it"));
+    return NS_ERROR_FAILURE;
+  }
+  // libsecret expects a null-terminated string, so to be safe we store the
+  // secret (which could be arbitrary bytes) base64-encoded, which means we have
+  // to base64-decode it here.
+  nsAutoCString base64Encoded(s.get());
+  nsresult rv = Base64Decode(base64Encoded, aSecret);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gLibSecretLog, LogLevel::Debug, ("Error base64-decoding secret"));
+    return rv;
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/LibSecret.h b/security/manager/ssl/LibSecret.h
new file mode 100644
index 0000000000..bd2814de04
--- /dev/null
+++ b/security/manager/ssl/LibSecret.h
@@ -0,0 +1,31 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef LibSecret_h
+#define LibSecret_h
+
+#include "OSKeyStore.h"
+
+#include "nsString.h"
+
+nsresult MaybeLoadLibSecret();
+
+class LibSecret final : public AbstractOSKeyStore {
+ public:
+  LibSecret();
+
+  virtual nsresult RetrieveSecret(const nsACString& label,
+                                  /* out */ nsACString& secret) override;
+  virtual nsresult StoreSecret(const nsACString& secret,
+                               const nsACString& label) override;
+  virtual nsresult DeleteSecret(const nsACString& label) override;
+  virtual nsresult Lock() override;
+  virtual nsresult Unlock() override;
+
+  virtual ~LibSecret();
+};
+
+#endif  // LibSecret_h
diff --git a/security/manager/ssl/NSSErrorsService.cpp b/security/manager/ssl/NSSErrorsService.cpp
new file mode 100644
index 0000000000..06c0b1e790
--- /dev/null
+++ b/security/manager/ssl/NSSErrorsService.cpp
@@ -0,0 +1,212 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "NSSErrorsService.h"
+
+#include "nsIStringBundle.h"
+#include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
+#include "mozpkix/pkixnss.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
+#define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties"
+
+namespace mozilla {
+namespace psm {
+
+static_assert(mozilla::pkix::ERROR_BASE ==
+                  nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE,
+              "MOZILLA_PKIX_ERROR_BASE and "
+              "nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE do not match.");
+static_assert(mozilla::pkix::ERROR_LIMIT ==
+                  nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT,
+              "MOZILLA_PKIX_ERROR_LIMIT and "
+              "nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT do not match.");
+
+static bool IsPSMError(PRErrorCode error) {
+  return (error >= mozilla::pkix::ERROR_BASE &&
+          error < mozilla::pkix::ERROR_LIMIT);
+}
+
+NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService)
+
+NSSErrorsService::~NSSErrorsService() = default;
+
+nsresult NSSErrorsService::Init() {
+  nsresult rv;
+  nsCOMPtr<nsIStringBundleService> bundleService(
+      do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
+  if (NS_FAILED(rv) || !bundleService) return NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL,
+                              getter_AddRefs(mPIPNSSBundle));
+  if (!mPIPNSSBundle) rv = NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle(NSSERR_STRBUNDLE_URL,
+                              getter_AddRefs(mNSSErrorsBundle));
+  if (!mNSSErrorsBundle) rv = NS_ERROR_FAILURE;
+
+  return rv;
+}
+
+#define EXPECTED_SEC_ERROR_BASE (-0x2000)
+#define EXPECTED_SSL_ERROR_BASE (-0x3000)
+
+#if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || \
+    SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE
+#  error \
+      "Unexpected change of error code numbers in lib NSS, please adjust the mapping code"
+/*
+ * Please ensure the NSS error codes are mapped into the positive range 0x1000
+ * to 0xf000 Search for NS_ERROR_MODULE_SECURITY to ensure there are no
+ * conflicts. The current code also assumes that NSS library error codes are
+ * negative.
+ */
+#endif
+
+bool IsNSSErrorCode(PRErrorCode code) {
+  return IS_SEC_ERROR(code) || IS_SSL_ERROR(code) || IsPSMError(code);
+}
+
+nsresult GetXPCOMFromNSSError(PRErrorCode code) {
+  if (!code) {
+    MOZ_CRASH("Function failed without calling PR_GetError");
+  }
+
+  // The error codes within each module must be a 16 bit value.
+  // For simplicity we use the positive value of the NSS code.
+  return (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY,
+                                             -1 * code);
+}
+
+NS_IMETHODIMP
+NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool* _retval) {
+  if (!_retval) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *_retval = mozilla::psm::IsNSSErrorCode(aNSPRCode);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode,
+                                       nsresult* aXPCOMErrorCode) {
+  if (!aXPCOMErrorCode) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *aXPCOMErrorCode = mozilla::psm::GetXPCOMFromNSSError(aNSPRCode);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode,
+                                uint32_t* aErrorClass) {
+  NS_ENSURE_ARG(aErrorClass);
+
+  if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY ||
+      NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) {
+    return NS_ERROR_FAILURE;
+  }
+
+  int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (mozilla::psm::ErrorIsOverridable(aNSPRCode)) {
+    *aErrorClass = ERROR_CLASS_BAD_CERT;
+  } else {
+    *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
+  }
+
+  return NS_OK;
+}
+
+bool ErrorIsOverridable(PRErrorCode code) {
+  switch (code) {
+    // Overridable errors.
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_MITM_DETECTED:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SSL_ERROR_BAD_CERT_DOMAIN:
+      return true;
+    // Non-overridable errors.
+    default:
+      return false;
+  }
+}
+
+static const char* getOverrideErrorStringName(PRErrorCode aErrorCode) {
+  switch (aErrorCode) {
+    case SSL_ERROR_SSL_DISABLED:
+      return "PSMERR_SSL_Disabled";
+    case SSL_ERROR_SSL2_DISABLED:
+      return "PSMERR_SSL2_Disabled";
+    case SEC_ERROR_REUSED_ISSUER_AND_SERIAL:
+      return "PSMERR_HostReusedIssuerSerial";
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_MITM_DETECTED:
+      return "certErrorTrust_MitM";
+    default:
+      return nullptr;
+  }
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode,
+                                  nsAString& aErrorMessage) {
+  if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY ||
+      NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) {
+    return NS_ERROR_FAILURE;
+  }
+
+  int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIStringBundle> theBundle = mPIPNSSBundle;
+  const char* idStr = getOverrideErrorStringName(aNSPRCode);
+
+  if (!idStr) {
+    idStr = PR_ErrorToName(aNSPRCode);
+    theBundle = mNSSErrorsBundle;
+  }
+
+  if (!idStr || !theBundle) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoString msg;
+  nsresult rv = theBundle->GetStringFromName(idStr, msg);
+  if (NS_SUCCEEDED(rv)) {
+    aErrorMessage = msg;
+  }
+  return rv;
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/NSSErrorsService.h b/security/manager/ssl/NSSErrorsService.h
new file mode 100644
index 0000000000..a19bea9e5f
--- /dev/null
+++ b/security/manager/ssl/NSSErrorsService.h
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSErrorsService_h
+#define NSSErrorsService_h
+
+#include "mozilla/Attributes.h"
+#include "nsCOMPtr.h"
+#include "nsILineInputStream.h"
+#include "nsINSSErrorsService.h"
+#include "nsISafeOutputStream.h"
+#include "nsIStringBundle.h"
+#include "prerror.h"
+
+class nsIStringBundle;
+
+namespace mozilla {
+namespace psm {
+
+class NSSErrorsService final : public nsINSSErrorsService {
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSINSSERRORSSERVICE
+
+ public:
+  nsresult Init();
+
+ private:
+  // For XPCOM implementations that are not a base class for some other
+  // class, it is good practice to make the destructor non-virtual and
+  // private.  Then the only way to delete the object is via Release.
+#ifdef _MSC_VER
+  // C4265: Class has virtual members but destructor is not virtual
+  __pragma(warning(disable : 4265))
+#endif
+      ~NSSErrorsService();
+
+  nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
+  nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
+};
+
+bool IsNSSErrorCode(PRErrorCode code);
+nsresult GetXPCOMFromNSSError(PRErrorCode code);
+bool ErrorIsOverridable(PRErrorCode code);
+
+}  // namespace psm
+}  // namespace mozilla
+
+#define NS_NSSERRORSSERVICE_CID                      \
+  {                                                  \
+    0x9ef18451, 0xa157, 0x4d17, {                    \
+      0x81, 0x32, 0x47, 0xaf, 0xef, 0x21, 0x36, 0x89 \
+    }                                                \
+  }
+
+#endif  // NSSErrorsService_h
diff --git a/security/manager/ssl/NSSKeyStore.cpp b/security/manager/ssl/NSSKeyStore.cpp
new file mode 100644
index 0000000000..2850a13565
--- /dev/null
+++ b/security/manager/ssl/NSSKeyStore.cpp
@@ -0,0 +1,228 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "NSSKeyStore.h"
+
+#include "mozilla/AbstractThread.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Logging.h"
+#include "mozilla/SyncRunnable.h"
+#include "nsIThread.h"
+#include "nsNSSComponent.h"
+#include "nsPK11TokenDB.h"
+#include "nsXULAppAPI.h"
+
+/* Implementing OSKeyStore when there is no platform specific one.
+ * This key store instead puts the keys into the NSS DB.
+ */
+
+using namespace mozilla;
+using mozilla::SyncRunnable;
+
+LazyLogModule gNSSKeyStoreLog("nsskeystore");
+
+NSSKeyStore::NSSKeyStore() {
+  MOZ_ASSERT(XRE_IsParentProcess());
+  if (!XRE_IsParentProcess()) {
+    // This shouldn't happen as this is only initialised when creating the
+    // OSKeyStore, which is ParentProcessOnly.
+    return;
+  }
+  Unused << EnsureNSSInitializedChromeOrContent();
+  Unused << InitToken();
+}
+NSSKeyStore::~NSSKeyStore() = default;
+
+nsresult NSSKeyStore::InitToken() {
+  if (!mSlot) {
+    mSlot = UniquePK11SlotInfo(PK11_GetInternalKeySlot());
+    if (!mSlot) {
+      MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug,
+              ("Error getting internal key slot"));
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+  }
+  return NS_OK;
+}
+
+nsresult NSSKeyStoreMainThreadLock(PK11SlotInfo* aSlot) {
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(aSlot);
+  return token->LogoutSimple();
+}
+
+nsresult NSSKeyStore::Lock() {
+  NS_ENSURE_STATE(mSlot);
+
+  if (!NS_IsMainThread()) {
+    nsCOMPtr<nsIThread> mainThread;
+    nsresult rv = NS_GetMainThread(getter_AddRefs(mainThread));
+    if (NS_FAILED(rv)) {
+      return NS_ERROR_FAILURE;
+    }
+
+    // Forward to the main thread synchronously.
+    SyncRunnable::DispatchToThread(
+        mainThread, NS_NewRunnableFunction("NSSKeyStoreMainThreadLock",
+                                           [slot = mSlot.get()]() {
+                                             NSSKeyStoreMainThreadLock(slot);
+                                           }));
+
+    return NS_OK;
+  }
+
+  return NSSKeyStoreMainThreadLock(mSlot.get());
+}
+
+nsresult NSSKeyStoreMainThreadUnlock(PK11SlotInfo* aSlot) {
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(aSlot);
+  return NS_FAILED(token->Login(false /* force */)) ? NS_ERROR_FAILURE : NS_OK;
+}
+
+nsresult NSSKeyStore::Unlock() {
+  NS_ENSURE_STATE(mSlot);
+
+  if (!NS_IsMainThread()) {
+    nsCOMPtr<nsIThread> mainThread;
+    nsresult rv = NS_GetMainThread(getter_AddRefs(mainThread));
+    if (NS_FAILED(rv)) {
+      return NS_ERROR_FAILURE;
+    }
+
+    // Forward to the main thread synchronously.
+    nsresult result = NS_ERROR_FAILURE;
+    SyncRunnable::DispatchToThread(
+        mainThread,
+        NS_NewRunnableFunction("NSSKeyStoreMainThreadUnlock",
+                               [slot = mSlot.get(), result = &result]() {
+                                 *result = NSSKeyStoreMainThreadUnlock(slot);
+                               }));
+
+    return result;
+  }
+
+  return NSSKeyStoreMainThreadUnlock(mSlot.get());
+}
+
+nsresult NSSKeyStore::StoreSecret(const nsACString& aSecret,
+                                  const nsACString& aLabel) {
+  NS_ENSURE_STATE(mSlot);
+  if (NS_FAILED(Unlock())) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug, ("Error unlocking NSS key db"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // It is possible for multiple keys to have the same nickname in NSS. To
+  // prevent the problem of not knowing which key to use in the future, simply
+  // delete all keys with this nickname before storing a new one.
+  nsresult rv = DeleteSecret(aLabel);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug,
+            ("DeleteSecret before StoreSecret failed"));
+    return rv;
+  }
+
+  uint8_t* p = BitwiseCast<uint8_t*, const char*>(aSecret.BeginReading());
+  UniqueSECItem key(SECITEM_AllocItem(nullptr, nullptr, aSecret.Length()));
+  if (!key) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  key->type = siBuffer;
+  memcpy(key->data, p, aSecret.Length());
+  key->len = aSecret.Length();
+  UniquePK11SymKey symKey(
+      PK11_ImportSymKey(mSlot.get(), CKM_AES_GCM, PK11_OriginUnwrap,
+                        CKA_DECRYPT | CKA_ENCRYPT, key.get(), nullptr));
+  if (!symKey) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug, ("Error creating NSS SymKey"));
+    return NS_ERROR_FAILURE;
+  }
+  UniquePK11SymKey storedKey(
+      PK11_ConvertSessionSymKeyToTokenSymKey(symKey.get(), nullptr));
+  if (!storedKey) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug,
+            ("Error storing NSS SymKey in DB"));
+    return NS_ERROR_FAILURE;
+  }
+  SECStatus srv =
+      PK11_SetSymKeyNickname(storedKey.get(), PromiseFlatCString(aLabel).get());
+  if (srv != SECSuccess) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug, ("Error naming NSS SymKey"));
+    (void)PK11_DeleteTokenSymKey(storedKey.get());
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+nsresult NSSKeyStore::DeleteSecret(const nsACString& aLabel) {
+  NS_ENSURE_STATE(mSlot);
+  if (NS_FAILED(Unlock())) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug, ("Error unlocking NSS key db"));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SymKey symKey(PK11_ListFixedKeysInSlot(
+      mSlot.get(), const_cast<char*>(PromiseFlatCString(aLabel).get()),
+      nullptr));
+  if (!symKey) {
+    // Couldn't find the key or something is wrong. Be nice.
+    return NS_OK;
+  }
+  for (PK11SymKey* tmp = symKey.get(); tmp; tmp = PK11_GetNextSymKey(tmp)) {
+    SECStatus srv = PK11_DeleteTokenSymKey(tmp);
+    if (srv != SECSuccess) {
+      MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug, ("Error deleting NSS SymKey"));
+      return NS_ERROR_FAILURE;
+    }
+  }
+  return NS_OK;
+}
+
+bool NSSKeyStore::SecretAvailable(const nsACString& aLabel) {
+  if (!mSlot) {
+    return false;
+  }
+  if (NS_FAILED(Unlock())) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug, ("Error unlocking NSS key db"));
+    return false;
+  }
+
+  UniquePK11SymKey symKey(PK11_ListFixedKeysInSlot(
+      mSlot.get(), const_cast<char*>(PromiseFlatCString(aLabel).get()),
+      nullptr));
+  if (!symKey) {
+    return false;
+  }
+  return true;
+}
+
+nsresult NSSKeyStore::EncryptDecrypt(const nsACString& aLabel,
+                                     const std::vector<uint8_t>& inBytes,
+                                     std::vector<uint8_t>& outBytes,
+                                     bool encrypt) {
+  NS_ENSURE_STATE(mSlot);
+  if (NS_FAILED(Unlock())) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug, ("Error unlocking NSS key db"));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SymKey symKey(PK11_ListFixedKeysInSlot(
+      mSlot.get(), const_cast<char*>(PromiseFlatCString(aLabel).get()),
+      nullptr));
+  if (!symKey) {
+    MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug,
+            ("Error finding key for given label"));
+    return NS_ERROR_FAILURE;
+  }
+  return DoCipher(symKey, inBytes, outBytes, encrypt);
+}
+
+// Because NSSKeyStore overrides AbstractOSKeyStore's EncryptDecrypt and
+// SecretAvailable functions, this isn't necessary.
+nsresult NSSKeyStore::RetrieveSecret(const nsACString& aLabel,
+                                     /* out */ nsACString& aSecret) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
diff --git a/security/manager/ssl/NSSKeyStore.h b/security/manager/ssl/NSSKeyStore.h
new file mode 100644
index 0000000000..2506f91b0b
--- /dev/null
+++ b/security/manager/ssl/NSSKeyStore.h
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSKeyStore_h
+#define NSSKeyStore_h
+
+#include "OSKeyStore.h"
+#include "nsString.h"
+
+class NSSKeyStore final : public AbstractOSKeyStore {
+ public:
+  NSSKeyStore();
+
+  virtual nsresult RetrieveSecret(const nsACString& aLabel,
+                                  /* out */ nsACString& aSecret) override;
+  virtual nsresult StoreSecret(const nsACString& secret,
+                               const nsACString& label) override;
+  virtual nsresult DeleteSecret(const nsACString& label) override;
+  virtual nsresult Lock() override;
+  virtual nsresult Unlock() override;
+  virtual nsresult EncryptDecrypt(const nsACString& label,
+                                  const std::vector<uint8_t>& inBytes,
+                                  std::vector<uint8_t>& outBytes,
+                                  bool encrypt) override;
+  virtual bool SecretAvailable(const nsACString& label) override;
+  virtual ~NSSKeyStore();
+
+ private:
+  nsresult InitToken();
+  mozilla::UniquePK11SlotInfo mSlot = nullptr;
+};
+
+#endif  // NSSKeyStore_h
diff --git a/security/manager/ssl/NSSSocketControl.cpp b/security/manager/ssl/NSSSocketControl.cpp
new file mode 100644
index 0000000000..eaeae754a6
--- /dev/null
+++ b/security/manager/ssl/NSSSocketControl.cpp
@@ -0,0 +1,699 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "NSSSocketControl.h"
+
+#include "ssl.h"
+#include "sslexp.h"
+#include "nsISocketProvider.h"
+#include "secerr.h"
+#include "mozilla/Base64.h"
+#include "nsNSSCallbacks.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+NSSSocketControl::NSSSocketControl(const nsCString& aHostName, int32_t aPort,
+                                   SharedSSLState& aState,
+                                   uint32_t providerFlags,
+                                   uint32_t providerTlsFlags)
+    : CommonSocketControl(aHostName, aPort, providerFlags),
+      mFd(nullptr),
+      mCertVerificationState(BeforeCertVerification),
+      mSharedState(aState),
+      mForSTARTTLS(false),
+      mTLSVersionRange{0, 0},
+      mHandshakePending(true),
+      mPreliminaryHandshakeDone(false),
+      mEarlyDataAccepted(false),
+      mDenyClientCert(false),
+      mFalseStartCallbackCalled(false),
+      mFalseStarted(false),
+      mIsFullHandshake(false),
+      mNotedTimeUntilReady(false),
+      mEchExtensionStatus(EchExtensionStatus::kNotPresent),
+      mIsShortWritePending(false),
+      mShortWritePendingByte(0),
+      mShortWriteOriginalAmount(-1),
+      mKEAUsed(nsITLSSocketControl::KEY_EXCHANGE_UNKNOWN),
+      mKEAKeyBits(0),
+      mMACAlgorithmUsed(nsITLSSocketControl::SSL_MAC_UNKNOWN),
+      mProviderTlsFlags(providerTlsFlags),
+      mSocketCreationTimestamp(TimeStamp::Now()),
+      mPlaintextBytesRead(0),
+      mClaimed(!(providerFlags & nsISocketProvider::IS_SPECULATIVE_CONNECTION)),
+      mPendingSelectClientAuthCertificate(nullptr) {}
+
+NS_IMETHODIMP
+NSSSocketControl::GetKEAUsed(int16_t* aKea) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aKea = mKEAUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetKEAKeyBits(uint32_t* aKeyBits) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aKeyBits = mKEAKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetSSLVersionOffered(int16_t* aSSLVersionOffered) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aSSLVersionOffered = mTLSVersionRange.max;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetMACAlgorithmUsed(int16_t* aMac) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aMac = mMACAlgorithmUsed;
+  return NS_OK;
+}
+
+void NSSSocketControl::NoteTimeUntilReady() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (mNotedTimeUntilReady) {
+    return;
+  }
+  mNotedTimeUntilReady = true;
+
+  auto timestampNow = TimeStamp::Now();
+  if (!(mProviderFlags & nsISocketProvider::IS_RETRY)) {
+    Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY_FIRST_TRY,
+                                   mSocketCreationTimestamp, timestampNow);
+  }
+
+  if (mProviderFlags & nsISocketProvider::BE_CONSERVATIVE) {
+    Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY_CONSERVATIVE,
+                                   mSocketCreationTimestamp, timestampNow);
+  }
+
+  switch (GetEchExtensionStatus()) {
+    case EchExtensionStatus::kGREASE:
+      Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY_ECH_GREASE,
+                                     mSocketCreationTimestamp, timestampNow);
+      break;
+    case EchExtensionStatus::kReal:
+      Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY_ECH,
+                                     mSocketCreationTimestamp, timestampNow);
+      break;
+    default:
+      break;
+  }
+  // This will include TCP and proxy tunnel wait time
+  Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY,
+                                 mSocketCreationTimestamp, timestampNow);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] NSSSocketControl::NoteTimeUntilReady\n", mFd));
+}
+
+void NSSSocketControl::SetHandshakeCompleted() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mHandshakeCompleted) {
+    enum HandshakeType {
+      Resumption = 1,
+      FalseStarted = 2,
+      ChoseNotToFalseStart = 3,
+      NotAllowedToFalseStart = 4,
+    };
+
+    HandshakeType handshakeType = !IsFullHandshake() ? Resumption
+                                  : mFalseStarted    ? FalseStarted
+                                  : mFalseStartCallbackCalled
+                                      ? ChoseNotToFalseStart
+                                      : NotAllowedToFalseStart;
+    // This will include TCP and proxy tunnel wait time
+    if (mKeaGroupName.isSome()) {
+      Telemetry::AccumulateTimeDelta(
+          Telemetry::SSL_TIME_UNTIL_HANDSHAKE_FINISHED_KEYED_BY_KA,
+          *mKeaGroupName, mSocketCreationTimestamp, TimeStamp::Now());
+    }
+
+    // If the handshake is completed for the first time from just 1 callback
+    // that means that TLS session resumption must have been used.
+    Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION,
+                          handshakeType == Resumption);
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType);
+  }
+
+  // Remove the plaintext layer as it is not needed anymore.
+  // The plaintext layer is not always present - so it's not a fatal error if it
+  // cannot be removed.
+  // Note that PR_PopIOLayer may modify its stack, so a pointer returned by
+  // PR_GetIdentitiesLayer may not point to what we think it points to after
+  // calling PR_PopIOLayer. We must operate on the pointer returned by
+  // PR_PopIOLayer.
+  if (PR_GetIdentitiesLayer(mFd,
+                            nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity)) {
+    PRFileDesc* poppedPlaintext =
+        PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    poppedPlaintext->dtor(poppedPlaintext);
+  }
+
+  mHandshakeCompleted = true;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] NSSSocketControl::SetHandshakeCompleted\n", (void*)mFd));
+
+  mIsFullHandshake = false;  // reset for next handshake on this connection
+
+  if (mTlsHandshakeCallback) {
+    auto callback = std::move(mTlsHandshakeCallback);
+    Unused << callback->HandshakeDone();
+  }
+}
+
+void NSSSocketControl::SetNegotiatedNPN(const char* value, uint32_t length) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!value) {
+    mNegotiatedNPN.Truncate();
+  } else {
+    mNegotiatedNPN.Assign(value, length);
+  }
+  mNPNCompleted = true;
+}
+
+#define MAX_ALPN_LENGTH 255
+
+NS_IMETHODIMP
+NSSSocketControl::GetAlpnEarlySelection(nsACString& aAlpnSelected) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  aAlpnSelected.Truncate();
+
+  SSLPreliminaryChannelInfo info;
+  SECStatus rv = SSL_GetPreliminaryChannelInfo(mFd, &info, sizeof(info));
+  if (rv != SECSuccess || !info.canSendEarlyData) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SSLNextProtoState alpnState;
+  unsigned char chosenAlpn[MAX_ALPN_LENGTH];
+  unsigned int chosenAlpnLen;
+  rv = SSL_GetNextProto(mFd, &alpnState, chosenAlpn, &chosenAlpnLen,
+                        AssertedCast<unsigned int>(ArrayLength(chosenAlpn)));
+
+  if (rv != SECSuccess) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (alpnState == SSL_NEXT_PROTO_EARLY_VALUE) {
+    aAlpnSelected.Assign(BitwiseCast<char*, unsigned char*>(chosenAlpn),
+                         chosenAlpnLen);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetEarlyDataAccepted(bool* aAccepted) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aAccepted = mEarlyDataAccepted;
+  return NS_OK;
+}
+
+void NSSSocketControl::SetEarlyDataAccepted(bool aAccepted) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mEarlyDataAccepted = aAccepted;
+}
+
+bool NSSSocketControl::GetDenyClientCert() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  return mDenyClientCert;
+}
+
+void NSSSocketControl::SetDenyClientCert(bool aDenyClientCert) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mDenyClientCert = aDenyClientCert;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::DriveHandshake() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mFd) {
+    return NS_ERROR_FAILURE;
+  }
+  if (IsCanceled()) {
+    PRErrorCode errorCode = GetErrorCode();
+    MOZ_DIAGNOSTIC_ASSERT(errorCode, "handshake cancelled without error code");
+    return GetXPCOMFromNSSError(errorCode);
+  }
+
+  SECStatus rv = SSL_ForceHandshake(mFd);
+
+  if (rv != SECSuccess) {
+    PRErrorCode errorCode = PR_GetError();
+    MOZ_ASSERT(errorCode, "handshake failed without error code");
+    // There is a bug in NSS. Sometimes SSL_ForceHandshake will return
+    // SECFailure without setting an error code. In these cases, cancel
+    // the connection with SEC_ERROR_LIBRARY_FAILURE.
+    if (!errorCode) {
+      errorCode = SEC_ERROR_LIBRARY_FAILURE;
+    }
+    if (errorCode == PR_WOULD_BLOCK_ERROR) {
+      return NS_BASE_STREAM_WOULD_BLOCK;
+    }
+
+    SetCanceled(errorCode);
+    return GetXPCOMFromNSSError(errorCode);
+  }
+  return NS_OK;
+}
+
+bool NSSSocketControl::GetForSTARTTLS() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  return mForSTARTTLS;
+}
+
+void NSSSocketControl::SetForSTARTTLS(bool aForSTARTTLS) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mForSTARTTLS = aForSTARTTLS;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::ProxyStartSSL() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  return ActivateSSL();
+}
+
+NS_IMETHODIMP
+NSSSocketControl::StartTLS() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  return ActivateSSL();
+}
+
+NS_IMETHODIMP
+NSSSocketControl::SetNPNList(nsTArray<nsCString>& protocolArray) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mFd) return NS_ERROR_FAILURE;
+
+  // the npn list is a concatenated list of 8 bit byte strings.
+  nsCString npnList;
+
+  for (uint32_t index = 0; index < protocolArray.Length(); ++index) {
+    if (protocolArray[index].IsEmpty() || protocolArray[index].Length() > 255)
+      return NS_ERROR_ILLEGAL_VALUE;
+
+    npnList.Append(protocolArray[index].Length());
+    npnList.Append(protocolArray[index]);
+  }
+
+  if (SSL_SetNextProtoNego(
+          mFd, BitwiseCast<const unsigned char*, const char*>(npnList.get()),
+          npnList.Length()) != SECSuccess)
+    return NS_ERROR_FAILURE;
+
+  return NS_OK;
+}
+
+nsresult NSSSocketControl::ActivateSSL() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (SECSuccess != SSL_OptionSet(mFd, SSL_SECURITY, true))
+    return NS_ERROR_FAILURE;
+  if (SECSuccess != SSL_ResetHandshake(mFd, false)) return NS_ERROR_FAILURE;
+
+  mHandshakePending = true;
+
+  return SetResumptionTokenFromExternalCache(mFd);
+}
+
+nsresult NSSSocketControl::GetFileDescPtr(PRFileDesc** aFilePtr) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  *aFilePtr = mFd;
+  return NS_OK;
+}
+
+nsresult NSSSocketControl::SetFileDescPtr(PRFileDesc* aFilePtr) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mFd = aFilePtr;
+  return NS_OK;
+}
+
+void NSSSocketControl::SetCertVerificationWaiting() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  // mCertVerificationState may be BeforeCertVerification for the first
+  // handshake on the connection, or AfterCertVerification for subsequent
+  // renegotiation handshakes.
+  MOZ_ASSERT(mCertVerificationState != WaitingForCertVerification,
+             "Invalid state transition to WaitingForCertVerification");
+  mCertVerificationState = WaitingForCertVerification;
+}
+
+// Be careful that SetCertVerificationResult does NOT get called while we are
+// processing a SSL callback function, because SSL_AuthCertificateComplete will
+// attempt to acquire locks that are already held by libssl when it calls
+// callbacks.
+void NSSSocketControl::SetCertVerificationResult(PRErrorCode errorCode) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  SetUsedPrivateDNS(GetProviderFlags() & nsISocketProvider::USED_PRIVATE_DNS);
+  MOZ_ASSERT(mCertVerificationState == WaitingForCertVerification,
+             "Invalid state transition to AfterCertVerification");
+
+  if (mFd) {
+    SECStatus rv = SSL_AuthCertificateComplete(mFd, errorCode);
+    // Only replace errorCode if there was originally no error.
+    // SSL_AuthCertificateComplete will return SECFailure with the error code
+    // set to PR_WOULD_BLOCK_ERROR if there is a pending event to select a
+    // client authentication certificate. This is not an error.
+    if (rv != SECSuccess && PR_GetError() != PR_WOULD_BLOCK_ERROR &&
+        errorCode == 0) {
+      errorCode = PR_GetError();
+      if (errorCode == 0) {
+        NS_ERROR("SSL_AuthCertificateComplete didn't set error code");
+        errorCode = PR_INVALID_STATE_ERROR;
+      }
+    }
+  }
+
+  if (errorCode) {
+    mFailedVerification = true;
+    SetCanceled(errorCode);
+  }
+
+  if (mPlaintextBytesRead && !errorCode) {
+    Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK,
+                          AssertedCast<uint32_t>(mPlaintextBytesRead));
+  }
+
+  mCertVerificationState = AfterCertVerification;
+}
+
+void NSSSocketControl::ClientAuthCertificateSelected(
+    nsTArray<uint8_t>& certBytes, nsTArray<nsTArray<uint8_t>>& certChainBytes) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  // If mFd is nullptr, the connection has been closed already, so we don't
+  // need to do anything here.
+  if (!mFd) {
+    return;
+  }
+  SECItem certItem = {
+      siBuffer,
+      const_cast<uint8_t*>(certBytes.Elements()),
+      static_cast<unsigned int>(certBytes.Length()),
+  };
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &certItem, nullptr, false, true));
+  UniqueSECKEYPrivateKey key;
+  if (cert) {
+    key.reset(PK11_FindKeyByAnyCert(cert.get(), nullptr));
+    mClientCertChain.reset(CERT_NewCertList());
+    if (key && mClientCertChain) {
+      for (const auto& certBytes : certChainBytes) {
+        SECItem certItem = {
+            siBuffer,
+            const_cast<uint8_t*>(certBytes.Elements()),
+            static_cast<unsigned int>(certBytes.Length()),
+        };
+        UniqueCERTCertificate cert(CERT_NewTempCertificate(
+            CERT_GetDefaultCertDB(), &certItem, nullptr, false, true));
+        if (cert) {
+          if (CERT_AddCertToListTail(mClientCertChain.get(), cert.get()) ==
+              SECSuccess) {
+            Unused << cert.release();
+          }
+        }
+      }
+    }
+  }
+
+  bool sendingClientAuthCert = cert && key;
+  if (sendingClientAuthCert) {
+    mSentClientCert = true;
+    Telemetry::ScalarAdd(Telemetry::ScalarID::SECURITY_CLIENT_AUTH_CERT_USAGE,
+                         u"sent"_ns, 1);
+  }
+
+  Unused << SSL_ClientCertCallbackComplete(
+      mFd, sendingClientAuthCert ? SECSuccess : SECFailure,
+      sendingClientAuthCert ? key.release() : nullptr,
+      sendingClientAuthCert ? cert.release() : nullptr);
+}
+
+SharedSSLState& NSSSocketControl::SharedState() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  return mSharedState;
+}
+
+void NSSSocketControl::SetSharedOwningReference(SharedSSLState* aRef) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mOwningSharedRef = aRef;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::DisableEarlyData() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mFd) {
+    return NS_OK;
+  }
+  if (IsCanceled()) {
+    return NS_OK;
+  }
+
+  if (SSL_OptionSet(mFd, SSL_ENABLE_0RTT_DATA, false) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::SetHandshakeCallbackListener(
+    nsITlsHandshakeCallbackListener* callback) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mTlsHandshakeCallback = callback;
+  return NS_OK;
+}
+
+PRStatus NSSSocketControl::CloseSocketAndDestroy() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+
+  mPendingSelectClientAuthCertificate = nullptr;
+
+  PRFileDesc* popped = PR_PopIOLayer(mFd, PR_TOP_IO_LAYER);
+  MOZ_ASSERT(
+      popped && popped->identity == nsSSLIOLayerHelpers::nsSSLIOLayerIdentity,
+      "SSL Layer not on top of stack");
+
+  // The plaintext layer is not always present - so it's not a fatal error if it
+  // cannot be removed.
+  // Note that PR_PopIOLayer may modify its stack, so a pointer returned by
+  // PR_GetIdentitiesLayer may not point to what we think it points to after
+  // calling PR_PopIOLayer. We must operate on the pointer returned by
+  // PR_PopIOLayer.
+  if (PR_GetIdentitiesLayer(mFd,
+                            nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity)) {
+    PRFileDesc* poppedPlaintext =
+        PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    poppedPlaintext->dtor(poppedPlaintext);
+  }
+
+  // We need to clear the callback to make sure the ssl layer cannot call the
+  // callback after mFD is nulled.
+  SSL_SetResumptionTokenCallback(mFd, nullptr, nullptr);
+
+  PRStatus status = mFd->methods->close(mFd);
+
+  // the NSSSocketControl instance can out-live the connection, so we need some
+  // indication that the connection has been closed. mFd == nullptr is that
+  // indication. This is needed, for example, when the connection is closed
+  // before we have finished validating the server's certificate.
+  mFd = nullptr;
+
+  if (status != PR_SUCCESS) return status;
+
+  popped->identity = PR_INVALID_IO_LAYER;
+  popped->dtor(popped);
+
+  return PR_SUCCESS;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetEsniTxt(nsACString& aEsniTxt) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  aEsniTxt = mEsniTxt;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::SetEsniTxt(const nsACString& aEsniTxt) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mEsniTxt = aEsniTxt;
+
+  if (mEsniTxt.Length()) {
+    nsAutoCString esniBin;
+    if (NS_OK != Base64Decode(mEsniTxt, esniBin)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+              ("[%p] Invalid ESNIKeys record. Couldn't base64 decode\n",
+               (void*)mFd));
+      return NS_OK;
+    }
+
+    if (SECSuccess !=
+        SSL_EnableESNI(mFd, reinterpret_cast<const PRUint8*>(esniBin.get()),
+                       esniBin.Length(), nullptr)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+              ("[%p] Invalid ESNIKeys record %s\n", (void*)mFd,
+               PR_ErrorToName(PR_GetError())));
+      return NS_OK;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetEchConfig(nsACString& aEchConfig) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  aEchConfig = mEchConfig;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::SetEchConfig(const nsACString& aEchConfig) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mEchConfig = aEchConfig;
+
+  if (mEchConfig.Length()) {
+    if (SECSuccess !=
+        SSL_SetClientEchConfigs(
+            mFd, reinterpret_cast<const PRUint8*>(aEchConfig.BeginReading()),
+            aEchConfig.Length())) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+              ("[%p] Invalid EchConfig record %s\n", (void*)mFd,
+               PR_ErrorToName(PR_GetError())));
+      return NS_OK;
+    }
+    UpdateEchExtensionStatus(EchExtensionStatus::kReal);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetRetryEchConfig(nsACString& aEchConfig) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mFd) {
+    return NS_ERROR_FAILURE;
+  }
+
+  ScopedAutoSECItem retryConfigItem;
+  SECStatus rv = SSL_GetEchRetryConfigs(mFd, &retryConfigItem);
+  if (rv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  aEchConfig = nsCString(reinterpret_cast<const char*>(retryConfigItem.data),
+                         retryConfigItem.len);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSSocketControl::GetPeerId(nsACString& aResult) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!mPeerId.IsEmpty()) {
+    aResult.Assign(mPeerId);
+    return NS_OK;
+  }
+
+  if (mProviderFlags &
+      nsISocketProvider::ANONYMOUS_CONNECT) {  // See bug 466080
+    mPeerId.AppendLiteral("anon:");
+  }
+  if (mProviderFlags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    mPeerId.AppendLiteral("private:");
+  }
+  if (mProviderFlags & nsISocketProvider::BE_CONSERVATIVE) {
+    mPeerId.AppendLiteral("beConservative:");
+  }
+
+  mPeerId.AppendPrintf("tlsflags0x%08x:", mProviderTlsFlags);
+
+  mPeerId.Append(mHostName);
+  mPeerId.Append(':');
+  mPeerId.AppendInt(GetPort());
+  nsAutoCString suffix;
+  mOriginAttributes.CreateSuffix(suffix);
+  mPeerId.Append(suffix);
+
+  aResult.Assign(mPeerId);
+  return NS_OK;
+}
+
+nsresult NSSSocketControl::SetResumptionTokenFromExternalCache(PRFileDesc* fd) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  if (!fd) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  // If SSL_NO_CACHE option was set, we must not use the cache
+  PRIntn val;
+  if (SSL_OptionGet(fd, SSL_NO_CACHE, &val) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (val != 0) {
+    return NS_OK;
+  }
+
+  nsTArray<uint8_t> token;
+  nsAutoCString peerId;
+  nsresult rv = GetPeerId(peerId);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint64_t tokenId = 0;
+  mozilla::net::SessionCacheInfo info;
+  rv = mozilla::net::SSLTokensCache::Get(peerId, token, info, &tokenId);
+  if (NS_FAILED(rv)) {
+    if (rv == NS_ERROR_NOT_AVAILABLE) {
+      // It's ok if we can't find the token.
+      return NS_OK;
+    }
+
+    return rv;
+  }
+
+  SECStatus srv = SSL_SetResumptionToken(fd, token.Elements(), token.Length());
+  if (srv == SECFailure) {
+    PRErrorCode error = PR_GetError();
+    mozilla::net::SSLTokensCache::Remove(peerId, tokenId);
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("Setting token failed with NSS error %d [id=%s]", error,
+             PromiseFlatCString(peerId).get()));
+    // We don't consider SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR as a hard error,
+    // since this error means this token is just expired or can't be decoded
+    // correctly.
+    if (error == SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR) {
+      return NS_OK;
+    }
+
+    return NS_ERROR_FAILURE;
+  }
+
+  SetSessionCacheInfo(std::move(info));
+
+  return NS_OK;
+}
+
+void NSSSocketControl::SetPreliminaryHandshakeInfo(
+    const SSLChannelInfo& channelInfo, const SSLCipherSuiteInfo& cipherInfo) {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mResumed = channelInfo.resumed;
+  mCipherSuite.emplace(channelInfo.cipherSuite);
+  mProtocolVersion.emplace(channelInfo.protocolVersion & 0xFF);
+  mKeaGroupName.emplace(getKeaGroupName(channelInfo.keaGroup));
+  mSignatureSchemeName.emplace(getSignatureName(channelInfo.signatureScheme));
+  mIsDelegatedCredential.emplace(channelInfo.peerDelegCred);
+  mIsAcceptedEch.emplace(channelInfo.echAccepted);
+}
+
+NS_IMETHODIMP NSSSocketControl::Claim() {
+  COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+  mClaimed = true;
+  return NS_OK;
+}
diff --git a/security/manager/ssl/NSSSocketControl.h b/security/manager/ssl/NSSSocketControl.h
new file mode 100644
index 0000000000..0dfea04880
--- /dev/null
+++ b/security/manager/ssl/NSSSocketControl.h
@@ -0,0 +1,340 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSSocketControl_h
+#define NSSSocketControl_h
+
+#include "CommonSocketControl.h"
+#include "SharedSSLState.h"
+#include "TLSClientAuthCertSelection.h"
+#include "nsThreadUtils.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+class SelectClientAuthCertificate;
+
+class NSSSocketControl final : public CommonSocketControl {
+ public:
+  NSSSocketControl(const nsCString& aHostName, int32_t aPort,
+                   mozilla::psm::SharedSSLState& aState, uint32_t providerFlags,
+                   uint32_t providerTlsFlags);
+
+  NS_INLINE_DECL_REFCOUNTING_INHERITED(NSSSocketControl, CommonSocketControl);
+
+  void SetForSTARTTLS(bool aForSTARTTLS);
+  bool GetForSTARTTLS();
+
+  nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
+  nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
+
+  bool IsHandshakePending() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mHandshakePending;
+  }
+  void SetHandshakeNotPending() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mHandshakePending = false;
+  }
+
+  void SetTLSVersionRange(SSLVersionRange range) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mTLSVersionRange = range;
+  }
+  SSLVersionRange GetTLSVersionRange() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mTLSVersionRange;
+  };
+
+  // From nsITLSSocketControl.
+  NS_IMETHOD ProxyStartSSL(void) override;
+  NS_IMETHOD StartTLS(void) override;
+  NS_IMETHOD SetNPNList(nsTArray<nsCString>& aNPNList) override;
+  NS_IMETHOD GetAlpnEarlySelection(nsACString& _retval) override;
+  NS_IMETHOD GetEarlyDataAccepted(bool* aEarlyDataAccepted) override;
+  NS_IMETHOD DriveHandshake(void) override;
+  NS_IMETHOD GetKEAUsed(int16_t* aKEAUsed) override;
+  NS_IMETHOD GetKEAKeyBits(uint32_t* aKEAKeyBits) override;
+  NS_IMETHOD GetSSLVersionOffered(int16_t* aSSLVersionOffered) override;
+  NS_IMETHOD GetMACAlgorithmUsed(int16_t* aMACAlgorithmUsed) override;
+  bool GetDenyClientCert() override;
+  void SetDenyClientCert(bool aDenyClientCert) override;
+  NS_IMETHOD GetEsniTxt(nsACString& aEsniTxt) override;
+  NS_IMETHOD SetEsniTxt(const nsACString& aEsniTxt) override;
+  NS_IMETHOD GetEchConfig(nsACString& aEchConfig) override;
+  NS_IMETHOD SetEchConfig(const nsACString& aEchConfig) override;
+  NS_IMETHOD GetPeerId(nsACString& aResult) override;
+  NS_IMETHOD GetRetryEchConfig(nsACString& aEchConfig) override;
+  NS_IMETHOD DisableEarlyData(void) override;
+  NS_IMETHOD SetHandshakeCallbackListener(
+      nsITlsHandshakeCallbackListener* callback) override;
+  NS_IMETHOD Claim() override;
+
+  PRStatus CloseSocketAndDestroy();
+
+  void SetNegotiatedNPN(const char* value, uint32_t length);
+  void SetEarlyDataAccepted(bool aAccepted);
+
+  void SetHandshakeCompleted();
+  bool IsHandshakeCompleted() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mHandshakeCompleted;
+  }
+  void NoteTimeUntilReady();
+
+  void SetFalseStartCallbackCalled() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mFalseStartCallbackCalled = true;
+  }
+  void SetFalseStarted() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mFalseStarted = true;
+  }
+
+  // Note that this is only valid *during* a handshake; at the end of the
+  // handshake, it gets reset back to false.
+  void SetFullHandshake() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mIsFullHandshake = true;
+  }
+  bool IsFullHandshake() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mIsFullHandshake;
+  }
+
+  void UpdateEchExtensionStatus(EchExtensionStatus aEchExtensionStatus) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mEchExtensionStatus = std::max(aEchExtensionStatus, mEchExtensionStatus);
+  }
+  EchExtensionStatus GetEchExtensionStatus() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mEchExtensionStatus;
+  }
+
+  bool GetJoined() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mJoined;
+  }
+
+  uint32_t GetProviderTlsFlags() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mProviderTlsFlags;
+  }
+
+  mozilla::psm::SharedSSLState& SharedState();
+
+  enum CertVerificationState {
+    BeforeCertVerification,
+    WaitingForCertVerification,
+    AfterCertVerification
+  };
+
+  void SetCertVerificationWaiting();
+
+  // Use errorCode == 0 to indicate success;
+  void SetCertVerificationResult(PRErrorCode errorCode) override;
+
+  void ClientAuthCertificateSelected(
+      nsTArray<uint8_t>& certBytes,
+      nsTArray<nsTArray<uint8_t>>& certChainBytes);
+
+  bool IsWaitingForCertVerification() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mCertVerificationState == WaitingForCertVerification;
+  }
+  void AddPlaintextBytesRead(uint64_t val) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mPlaintextBytesRead += val;
+  }
+
+  bool IsPreliminaryHandshakeDone() const {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mPreliminaryHandshakeDone;
+  }
+  void SetPreliminaryHandshakeDone() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mPreliminaryHandshakeDone = true;
+  }
+
+  void SetKEAUsed(int16_t kea) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mKEAUsed = kea;
+  }
+
+  void SetKEAKeyBits(uint32_t keaBits) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mKEAKeyBits = keaBits;
+  }
+
+  void SetMACAlgorithmUsed(int16_t mac) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mMACAlgorithmUsed = mac;
+  }
+
+  void SetShortWritePending(int32_t amount, unsigned char data) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mIsShortWritePending = true;
+    mShortWriteOriginalAmount = amount;
+    mShortWritePendingByte = data;
+  }
+
+  bool IsShortWritePending() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return mIsShortWritePending;
+  }
+
+  unsigned char const* GetShortWritePendingByteRef() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    return &mShortWritePendingByte;
+  }
+
+  int32_t ResetShortWritePending() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mIsShortWritePending = false;
+    return mShortWriteOriginalAmount;
+  }
+
+#ifdef DEBUG
+  // These helpers assert that the caller does try to send the same data
+  // as it was previously when we hit the short-write.  This is a measure
+  // to make sure we communicate correctly to the consumer.
+  void RememberShortWrittenBuffer(const unsigned char* data) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    mShortWriteBufferCheck =
+        mozilla::MakeUnique<char[]>(mShortWriteOriginalAmount);
+    memcpy(mShortWriteBufferCheck.get(), data, mShortWriteOriginalAmount);
+  }
+  void CheckShortWrittenBuffer(const unsigned char* data, int32_t amount) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    if (!mShortWriteBufferCheck) return;
+    MOZ_ASSERT(amount >= mShortWriteOriginalAmount,
+               "unexpected amount length after short write");
+    MOZ_ASSERT(
+        !memcmp(mShortWriteBufferCheck.get(), data, mShortWriteOriginalAmount),
+        "unexpected buffer content after short write");
+    mShortWriteBufferCheck = nullptr;
+  }
+#endif
+
+  void SetSharedOwningReference(mozilla::psm::SharedSSLState* ref);
+
+  nsresult SetResumptionTokenFromExternalCache(PRFileDesc* fd);
+
+  void SetPreliminaryHandshakeInfo(const SSLChannelInfo& channelInfo,
+                                   const SSLCipherSuiteInfo& cipherInfo);
+
+  void SetPendingSelectClientAuthCertificate(
+      nsCOMPtr<nsIRunnable>&& selectClientAuthCertificate) {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    MOZ_LOG(
+        gPIPNSSLog, mozilla::LogLevel::Debug,
+        ("[%p] setting pending select client auth certificate", (void*)mFd));
+    // If the connection corresponding to this socket hasn't been claimed, it
+    // is a speculative connection. The connection will block until the "choose
+    // a client auth certificate" dialog has been shown. The dialog will only
+    // be shown when this connection gets claimed. However, necko will never
+    // claim the connection as long as it is blocking. Thus, this connection
+    // can't proceed, so it's best to cancel it. Necko will create a new,
+    // non-speculative connection instead.
+    if (!mClaimed) {
+      SetCanceled(PR_CONNECT_RESET_ERROR);
+    } else {
+      mPendingSelectClientAuthCertificate =
+          std::move(selectClientAuthCertificate);
+    }
+  }
+
+  void MaybeDispatchSelectClientAuthCertificate() {
+    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
+    if (!IsWaitingForCertVerification() && mClaimed &&
+        mPendingSelectClientAuthCertificate) {
+      MOZ_LOG(gPIPNSSLog, mozilla::LogLevel::Debug,
+              ("[%p] dispatching pending select client auth certificate",
+               (void*)mFd));
+      mozilla::Unused << NS_DispatchToMainThread(
+          mPendingSelectClientAuthCertificate);
+      mPendingSelectClientAuthCertificate = nullptr;
+    }
+  }
+
+ private:
+  ~NSSSocketControl() = default;
+
+  PRFileDesc* mFd;
+
+  CertVerificationState mCertVerificationState;
+
+  mozilla::psm::SharedSSLState& mSharedState;
+  bool mForSTARTTLS;
+  SSLVersionRange mTLSVersionRange;
+  bool mHandshakePending;
+  bool mPreliminaryHandshakeDone;  // after false start items are complete
+
+  nsresult ActivateSSL();
+
+  nsCString mEsniTxt;
+  nsCString mEchConfig;
+  bool mEarlyDataAccepted;
+  bool mDenyClientCert;
+  bool mFalseStartCallbackCalled;
+  bool mFalseStarted;
+  bool mIsFullHandshake;
+  bool mNotedTimeUntilReady;
+  EchExtensionStatus mEchExtensionStatus;  // Currently only used for telemetry.
+
+  // True when SSL layer has indicated an "SSL short write", i.e. need
+  // to call on send one or more times to push all pending data to write.
+  bool mIsShortWritePending;
+
+  // These are only valid if mIsShortWritePending is true.
+  //
+  // Value of the last byte pending from the SSL short write that needs
+  // to be passed to subsequent calls to send to perform the flush.
+  unsigned char mShortWritePendingByte;
+
+  // Original amount of data the upper layer has requested to write to
+  // return after the successful flush.
+  int32_t mShortWriteOriginalAmount;
+
+#ifdef DEBUG
+  mozilla::UniquePtr<char[]> mShortWriteBufferCheck;
+#endif
+
+  // mKEA* are used in false start and http/2 detetermination
+  // Values are from nsITLSSocketControl
+  int16_t mKEAUsed;
+  uint32_t mKEAKeyBits;
+  int16_t mMACAlgorithmUsed;
+
+  uint32_t mProviderTlsFlags;
+  mozilla::TimeStamp mSocketCreationTimestamp;
+  uint64_t mPlaintextBytesRead;
+
+  bool mClaimed;
+  nsCOMPtr<nsIRunnable> mPendingSelectClientAuthCertificate;
+
+  // Regarding the client certificate message in the TLS handshake, RFC 5246
+  // (TLS 1.2) says:
+  //   If the certificate_authorities list in the certificate request
+  //   message was non-empty, one of the certificates in the certificate
+  //   chain SHOULD be issued by one of the listed CAs.
+  // (RFC 8446 (TLS 1.3) has a similar provision)
+  // These certificates may be known to gecko but not NSS (e.g. enterprise
+  // intermediates). In order to make these certificates discoverable to NSS
+  // so it can include them in the message, we cache them here as temporary
+  // certificates.
+  mozilla::UniqueCERTCertList mClientCertChain;
+
+  // if non-null this is a reference to the mSharedState (which is
+  // not an owning reference). If this is used, the info has a private
+  // state that does not share things like intolerance lists with the
+  // rest of the session. This is normally used when you have per
+  // socket tls flags overriding session wide defaults.
+  RefPtr<mozilla::psm::SharedSSLState> mOwningSharedRef;
+
+  nsCOMPtr<nsITlsHandshakeCallbackListener> mTlsHandshakeCallback;
+};
+
+#endif  // NSSSocketControl_h
diff --git a/security/manager/ssl/OSKeyStore.cpp b/security/manager/ssl/OSKeyStore.cpp
new file mode 100644
index 0000000000..db4a46292d
--- /dev/null
+++ b/security/manager/ssl/OSKeyStore.cpp
@@ -0,0 +1,726 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "OSKeyStore.h"
+
+#include "mozilla/Base64.h"
+#include "mozilla/dom/Promise.h"
+#include "nsThreadUtils.h"
+#include "nsXPCOM.h"
+#include "pk11pub.h"
+
+#if defined(XP_MACOSX)
+#  include "KeychainSecret.h"
+#elif defined(XP_WIN)
+#  include "CredentialManagerSecret.h"
+#elif defined(MOZ_WIDGET_GTK)
+#  include "LibSecret.h"
+#  include "NSSKeyStore.h"
+#else
+#  include "NSSKeyStore.h"
+#endif
+
+NS_IMPL_ISUPPORTS(OSKeyStore, nsIOSKeyStore)
+
+using namespace mozilla;
+using dom::Promise;
+
+OSKeyStore::OSKeyStore() : mKs(nullptr), mKsIsNSSKeyStore(false) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (NS_WARN_IF(!NS_IsMainThread())) {
+    return;
+  }
+
+#if defined(XP_MACOSX)
+  mKs.reset(new KeychainSecret());
+#elif defined(XP_WIN)
+  mKs.reset(new CredentialManagerSecret());
+#elif defined(MOZ_WIDGET_GTK)
+  if (NS_SUCCEEDED(MaybeLoadLibSecret())) {
+    mKs.reset(new LibSecret());
+  } else {
+    mKs.reset(new NSSKeyStore());
+    mKsIsNSSKeyStore = true;
+  }
+#else
+  mKs.reset(new NSSKeyStore());
+  mKsIsNSSKeyStore = true;
+#endif
+}
+
+static nsresult GenerateRandom(std::vector<uint8_t>& r) {
+  if (r.empty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  SECStatus srv = PK11_GenerateRandomOnSlot(slot.get(), r.data(), r.size());
+  if (srv != SECSuccess) {
+    r.clear();
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+nsresult OSKeyStore::SecretAvailable(const nsACString& aLabel,
+                                     /* out */ bool* aAvailable) {
+  NS_ENSURE_STATE(mKs);
+  *aAvailable = mKs->SecretAvailable(aLabel);
+  return NS_OK;
+}
+
+nsresult OSKeyStore::GenerateSecret(const nsACString& aLabel,
+                                    /* out */ nsACString& aRecoveryPhrase) {
+  NS_ENSURE_STATE(mKs);
+  size_t keyByteLength = mKs->GetKeyByteLength();
+  std::vector<uint8_t> secret(keyByteLength);
+  nsresult rv = GenerateRandom(secret);
+  if (NS_FAILED(rv) || secret.size() != keyByteLength) {
+    return NS_ERROR_FAILURE;
+  }
+  nsAutoCString secretString;
+  secretString.Assign(BitwiseCast<char*, uint8_t*>(secret.data()),
+                      secret.size());
+
+  nsCString base64;
+  rv = Base64Encode(secretString, base64);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = mKs->StoreSecret(secretString, aLabel);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  aRecoveryPhrase = std::move(base64);
+  return NS_OK;
+}
+
+nsresult OSKeyStore::RecoverSecret(const nsACString& aLabel,
+                                   const nsACString& aRecoveryPhrase) {
+  NS_ENSURE_STATE(mKs);
+  nsAutoCString secret;
+  nsresult rv = Base64Decode(aRecoveryPhrase, secret);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (secret.Length() != mKs->GetKeyByteLength()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  rv = mKs->StoreSecret(secret, aLabel);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult OSKeyStore::DeleteSecret(const nsACString& aLabel) {
+  NS_ENSURE_STATE(mKs);
+  return mKs->DeleteSecret(aLabel);
+}
+
+enum Cipher { Encrypt = true, Decrypt = false };
+
+nsresult OSKeyStore::EncryptBytes(const nsACString& aLabel,
+                                  const std::vector<uint8_t>& aInBytes,
+                                  /*out*/ nsACString& aEncryptedBase64Text) {
+  NS_ENSURE_STATE(mKs);
+
+  aEncryptedBase64Text.Truncate();
+  std::vector<uint8_t> outBytes;
+  nsresult rv =
+      mKs->EncryptDecrypt(aLabel, aInBytes, outBytes, Cipher::Encrypt);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsAutoCString ciphertext;
+  ciphertext.Assign(BitwiseCast<char*, uint8_t*>(outBytes.data()),
+                    outBytes.size());
+
+  nsCString base64ciphertext;
+  rv = Base64Encode(ciphertext, base64ciphertext);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  aEncryptedBase64Text = std::move(base64ciphertext);
+  return NS_OK;
+}
+
+nsresult OSKeyStore::DecryptBytes(const nsACString& aLabel,
+                                  const nsACString& aEncryptedBase64Text,
+                                  /*out*/ uint32_t* outLen,
+                                  /*out*/ uint8_t** outBytes) {
+  NS_ENSURE_STATE(mKs);
+  NS_ENSURE_ARG_POINTER(outLen);
+  NS_ENSURE_ARG_POINTER(outBytes);
+  *outLen = 0;
+  *outBytes = nullptr;
+
+  nsAutoCString ciphertext;
+  nsresult rv = Base64Decode(aEncryptedBase64Text, ciphertext);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  uint8_t* tmp = BitwiseCast<uint8_t*, const char*>(ciphertext.BeginReading());
+  const std::vector<uint8_t> ciphertextBytes(tmp, tmp + ciphertext.Length());
+  std::vector<uint8_t> plaintextBytes;
+  rv = mKs->EncryptDecrypt(aLabel, ciphertextBytes, plaintextBytes,
+                           Cipher::Decrypt);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  *outBytes = (uint8_t*)moz_xmalloc(plaintextBytes.size());
+  memcpy(*outBytes, plaintextBytes.data(), plaintextBytes.size());
+  *outLen = plaintextBytes.size();
+  return NS_OK;
+}
+
+nsresult OSKeyStore::Lock() {
+  NS_ENSURE_STATE(mKs);
+  return mKs->Lock();
+}
+
+nsresult OSKeyStore::Unlock() {
+  NS_ENSURE_STATE(mKs);
+  return mKs->Unlock();
+}
+
+NS_IMETHODIMP
+OSKeyStore::GetIsNSSKeyStore(bool* aNSSKeyStore) {
+  NS_ENSURE_ARG_POINTER(aNSSKeyStore);
+  *aNSSKeyStore = mKsIsNSSKeyStore;
+  return NS_OK;
+}
+
+// Async interfaces that return promises because the key store implementation
+// might block, e.g. asking for a password.
+
+nsresult GetPromise(JSContext* aCx, /* out */ RefPtr<Promise>& aPromise) {
+  nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
+  if (NS_WARN_IF(!globalObject)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  ErrorResult result;
+  aPromise = Promise::Create(globalObject, result);
+  if (NS_WARN_IF(result.Failed())) {
+    return result.StealNSResult();
+  }
+  return NS_OK;
+}
+
+void BackgroundUnlock(RefPtr<Promise>& aPromise, RefPtr<OSKeyStore> self) {
+  nsAutoCString recovery;
+  nsresult rv = self->Unlock();
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundUnlockOSKSResolve", [rv, aPromise = std::move(aPromise)]() {
+        if (NS_FAILED(rv)) {
+          aPromise->MaybeReject(rv);
+        } else {
+          aPromise->MaybeResolveWithUndefined();
+        }
+      }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncUnlock(JSContext* aCx, Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundUnlock", [self, promiseHandle]() mutable {
+        BackgroundUnlock(promiseHandle, self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+void BackgroundLock(RefPtr<Promise>& aPromise, RefPtr<OSKeyStore> self) {
+  nsresult rv = self->Lock();
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundLockOSKSResolve", [rv, aPromise = std::move(aPromise)]() {
+        if (NS_FAILED(rv)) {
+          aPromise->MaybeReject(rv);
+        } else {
+          aPromise->MaybeResolveWithUndefined();
+        }
+      }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncLock(JSContext* aCx, Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(
+      NS_NewRunnableFunction("BackgroundLock", [self, promiseHandle]() mutable {
+        BackgroundLock(promiseHandle, self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+void BackgroundGenerateSecret(const nsACString& aLabel,
+                              RefPtr<Promise>& aPromise,
+                              RefPtr<OSKeyStore> self) {
+  nsAutoCString recovery;
+  nsresult rv = self->GenerateSecret(aLabel, recovery);
+  nsAutoString recoveryString;
+  if (NS_SUCCEEDED(rv)) {
+    CopyUTF8toUTF16(recovery, recoveryString);
+  }
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundGenerateSecreteOSKSResolve",
+      [rv, aPromise = std::move(aPromise), recoveryString]() {
+        if (NS_FAILED(rv)) {
+          aPromise->MaybeReject(rv);
+        } else {
+          aPromise->MaybeResolve(recoveryString);
+        }
+      }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncGenerateSecret(const nsACString& aLabel, JSContext* aCx,
+                                Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundGenerateSecret",
+      [self, promiseHandle, aLabel = nsAutoCString(aLabel)]() mutable {
+        BackgroundGenerateSecret(aLabel, promiseHandle, self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+void BackgroundSecretAvailable(const nsACString& aLabel,
+                               RefPtr<Promise>& aPromise,
+                               RefPtr<OSKeyStore> self) {
+  bool available = false;
+  nsresult rv = self->SecretAvailable(aLabel, &available);
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundSecreteAvailableOSKSResolve",
+      [rv, aPromise = std::move(aPromise), available = available]() {
+        if (NS_FAILED(rv)) {
+          aPromise->MaybeReject(rv);
+        } else {
+          aPromise->MaybeResolve(available);
+        }
+      }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncSecretAvailable(const nsACString& aLabel, JSContext* aCx,
+                                 Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundSecretAvailable",
+      [self, promiseHandle, aLabel = nsAutoCString(aLabel)]() mutable {
+        BackgroundSecretAvailable(aLabel, promiseHandle, self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+void BackgroundRecoverSecret(const nsACString& aLabel,
+                             const nsACString& aRecoveryPhrase,
+                             RefPtr<Promise>& aPromise,
+                             RefPtr<OSKeyStore> self) {
+  nsresult rv = self->RecoverSecret(aLabel, aRecoveryPhrase);
+  nsCOMPtr<nsIRunnable> runnable(
+      NS_NewRunnableFunction("BackgroundRecoverSecreteOSKSResolve",
+                             [rv, aPromise = std::move(aPromise)]() {
+                               if (NS_FAILED(rv)) {
+                                 aPromise->MaybeReject(rv);
+                               } else {
+                                 aPromise->MaybeResolveWithUndefined();
+                               }
+                             }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncRecoverSecret(const nsACString& aLabel,
+                               const nsACString& aRecoveryPhrase,
+                               JSContext* aCx, Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundRecoverSecret",
+      [self, promiseHandle, aLabel = nsAutoCString(aLabel),
+       aRecoveryPhrase = nsAutoCString(aRecoveryPhrase)]() mutable {
+        BackgroundRecoverSecret(aLabel, aRecoveryPhrase, promiseHandle, self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+void BackgroundDeleteSecret(const nsACString& aLabel, RefPtr<Promise>& aPromise,
+                            RefPtr<OSKeyStore> self) {
+  nsresult rv = self->DeleteSecret(aLabel);
+  nsCOMPtr<nsIRunnable> runnable(
+      NS_NewRunnableFunction("BackgroundDeleteSecreteOSKSResolve",
+                             [rv, aPromise = std::move(aPromise)]() {
+                               if (NS_FAILED(rv)) {
+                                 aPromise->MaybeReject(rv);
+                               } else {
+                                 aPromise->MaybeResolveWithUndefined();
+                               }
+                             }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncDeleteSecret(const nsACString& aLabel, JSContext* aCx,
+                              Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundDeleteSecret",
+      [self, promiseHandle, aLabel = nsAutoCString(aLabel)]() mutable {
+        BackgroundDeleteSecret(aLabel, promiseHandle, self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+static void BackgroundEncryptBytes(const nsACString& aLabel,
+                                   const std::vector<uint8_t>& aInBytes,
+                                   RefPtr<Promise>& aPromise,
+                                   RefPtr<OSKeyStore> self) {
+  nsAutoCString ciphertext;
+  nsresult rv = self->EncryptBytes(aLabel, aInBytes, ciphertext);
+  nsAutoString ctext;
+  CopyUTF8toUTF16(ciphertext, ctext);
+
+  nsCOMPtr<nsIRunnable> runnable(
+      NS_NewRunnableFunction("BackgroundEncryptOSKSResolve",
+                             [rv, aPromise = std::move(aPromise), ctext]() {
+                               if (NS_FAILED(rv)) {
+                                 aPromise->MaybeReject(rv);
+                               } else {
+                                 aPromise->MaybeResolve(ctext);
+                               }
+                             }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncEncryptBytes(const nsACString& aLabel,
+                              const nsTArray<uint8_t>& inBytes, JSContext* aCx,
+                              Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundEncryptBytes",
+      [promiseHandle,
+       inBytes = std::vector<uint8_t>(inBytes.Elements(),
+                                      inBytes.Elements() + inBytes.Length()),
+       aLabel = nsAutoCString(aLabel), self]() mutable {
+        BackgroundEncryptBytes(aLabel, inBytes, promiseHandle, self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+void BackgroundDecryptBytes(const nsACString& aLabel,
+                            const nsACString& aEncryptedBase64Text,
+                            RefPtr<Promise>& aPromise,
+                            RefPtr<OSKeyStore> self) {
+  uint8_t* plaintext = nullptr;
+  uint32_t plaintextLen = 0;
+  nsresult rv = self->DecryptBytes(aLabel, aEncryptedBase64Text, &plaintextLen,
+                                   &plaintext);
+  nsTArray<uint8_t> plain;
+  if (plaintext) {
+    MOZ_ASSERT(plaintextLen > 0);
+    plain.AppendElements(plaintext, plaintextLen);
+    free(plaintext);
+  }
+
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundDecryptOSKSResolve",
+      [rv, aPromise = std::move(aPromise), plain = std::move(plain)]() {
+        if (NS_FAILED(rv)) {
+          aPromise->MaybeReject(rv);
+        } else {
+          aPromise->MaybeResolve(plain);
+        }
+      }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSKeyStore::AsyncDecryptBytes(const nsACString& aLabel,
+                              const nsACString& aEncryptedBase64Text,
+                              JSContext* aCx, Promise** promiseOut) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<OSKeyStore> self = this;
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundDecryptBytes",
+      [promiseHandle, self,
+       aEncryptedBase64Text = nsAutoCString(aEncryptedBase64Text),
+       aLabel = nsAutoCString(aLabel)]() mutable {
+        BackgroundDecryptBytes(aLabel, aEncryptedBase64Text, promiseHandle,
+                               self);
+      }));
+
+  promiseHandle.forget(promiseOut);
+  return NS_DispatchBackgroundTask(runnable.forget(),
+                                   NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+// Generic AES-GCM cipher wrapper for NSS functions.
+
+nsresult AbstractOSKeyStore::BuildAesGcmKey(std::vector<uint8_t> aKeyBytes,
+                                            /* out */ UniquePK11SymKey& aKey) {
+  if (aKeyBytes.size() != mKeyByteLength) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueSECItem key =
+      UniqueSECItem(SECITEM_AllocItem(nullptr, nullptr, mKeyByteLength));
+  if (!key) {
+    return NS_ERROR_FAILURE;
+  }
+  key->type = siBuffer;
+  memcpy(key->data, aKeyBytes.data(), mKeyByteLength);
+  key->len = mKeyByteLength;
+
+  UniquePK11SymKey symKey(
+      PK11_ImportSymKey(slot.get(), CKM_AES_GCM, PK11_OriginUnwrap,
+                        CKA_DECRYPT | CKA_ENCRYPT, key.get(), nullptr));
+
+  if (!symKey) {
+    return NS_ERROR_FAILURE;
+  }
+  aKey.swap(symKey);
+
+  return NS_OK;
+}
+
+nsresult AbstractOSKeyStore::DoCipher(const UniquePK11SymKey& aSymKey,
+                                      const std::vector<uint8_t>& inBytes,
+                                      std::vector<uint8_t>& outBytes,
+                                      bool encrypt) {
+  NS_ENSURE_ARG_POINTER(aSymKey);
+  outBytes.clear();
+
+  // Build params.
+  // We need to get the IV from inBytes if we decrypt.
+  if (!encrypt && (inBytes.size() < mIVLength || inBytes.empty())) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  const uint8_t* ivp = nullptr;
+  std::vector<uint8_t> ivBuf;
+  if (encrypt) {
+    // Generate a new IV.
+    ivBuf.resize(mIVLength);
+    nsresult rv = GenerateRandom(ivBuf);
+    if (NS_FAILED(rv) || ivBuf.size() != mIVLength) {
+      return NS_ERROR_FAILURE;
+    }
+    ivp = ivBuf.data();
+  } else {
+    // An IV was passed in. Use the first mIVLength bytes from inBytes as IV.
+    ivp = inBytes.data();
+  }
+
+  CK_GCM_PARAMS gcm_params;
+  gcm_params.pIv = const_cast<unsigned char*>(ivp);
+  gcm_params.ulIvLen = mIVLength;
+  gcm_params.ulIvBits = gcm_params.ulIvLen * 8;
+  gcm_params.ulTagBits = 128;
+  gcm_params.pAAD = nullptr;
+  gcm_params.ulAADLen = 0;
+
+  SECItem paramsItem = {siBuffer, reinterpret_cast<unsigned char*>(&gcm_params),
+                        sizeof(CK_GCM_PARAMS)};
+
+  size_t blockLength = 16;
+  outBytes.resize(inBytes.size() + blockLength);
+  unsigned int outLen = 0;
+  SECStatus srv = SECFailure;
+  if (encrypt) {
+    srv = PK11_Encrypt(aSymKey.get(), CKM_AES_GCM, &paramsItem, outBytes.data(),
+                       &outLen, inBytes.size() + blockLength, inBytes.data(),
+                       inBytes.size());
+    // Prepend the used IV to the ciphertext.
+    Unused << outBytes.insert(outBytes.begin(), ivp, ivp + mIVLength);
+    outLen += mIVLength;
+  } else {
+    // Remove the IV from the input.
+    std::vector<uint8_t> input(inBytes);
+    input.erase(input.begin(), input.begin() + mIVLength);
+    srv = PK11_Decrypt(aSymKey.get(), CKM_AES_GCM, &paramsItem, outBytes.data(),
+                       &outLen, input.size() + blockLength, input.data(),
+                       input.size());
+  }
+  if (srv != SECSuccess || outLen > outBytes.size()) {
+    outBytes.clear();
+    return NS_ERROR_FAILURE;
+  }
+  if (outLen < outBytes.size()) {
+    outBytes.resize(outLen);
+  }
+
+  return NS_OK;
+}
+
+bool AbstractOSKeyStore::SecretAvailable(const nsACString& aLabel) {
+  nsAutoCString secret;
+  nsresult rv = RetrieveSecret(aLabel, secret);
+  if (NS_FAILED(rv) || secret.Length() == 0) {
+    return false;
+  }
+  return true;
+}
+
+nsresult AbstractOSKeyStore::EncryptDecrypt(const nsACString& aLabel,
+                                            const std::vector<uint8_t>& inBytes,
+                                            std::vector<uint8_t>& outBytes,
+                                            bool encrypt) {
+  nsAutoCString secret;
+  nsresult rv = RetrieveSecret(aLabel, secret);
+  if (NS_FAILED(rv) || secret.Length() == 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  uint8_t* p = BitwiseCast<uint8_t*, const char*>(secret.BeginReading());
+  std::vector<uint8_t> buf(p, p + secret.Length());
+  UniquePK11SymKey symKey;
+  rv = BuildAesGcmKey(buf, symKey);
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_FAILURE;
+  }
+  return DoCipher(symKey, inBytes, outBytes, encrypt);
+}
diff --git a/security/manager/ssl/OSKeyStore.h b/security/manager/ssl/OSKeyStore.h
new file mode 100644
index 0000000000..5163582ead
--- /dev/null
+++ b/security/manager/ssl/OSKeyStore.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Generic key store implementation for platforms that we don't support with OS
+// specific implementations.
+
+#ifndef OSKeyStore_h
+#define OSKeyStore_h
+
+#include "nsCOMPtr.h"
+#include "nsIOSKeyStore.h"
+#include "nsString.h"
+#include "ScopedNSSTypes.h"
+
+#include <memory>
+#include <vector>
+
+class AbstractOSKeyStore {
+ public:
+  // Retrieve a secret with the given label.
+  virtual nsresult RetrieveSecret(const nsACString& aLabel,
+                                  /* out */ nsACString& aSecret) = 0;
+  // Store a new secret with the given label.
+  virtual nsresult StoreSecret(const nsACString& secret,
+                               const nsACString& label) = 0;
+  // Delete the secret with the given label.
+  virtual nsresult DeleteSecret(const nsACString& label) = 0;
+  // Lock the key store.
+  virtual nsresult Lock() = 0;
+  // Unlock the key store.
+  virtual nsresult Unlock() = 0;
+  virtual ~AbstractOSKeyStore() = default;
+
+  // Returns true if the secret with the given label is available in the key
+  // store, false otherwise.
+  virtual bool SecretAvailable(const nsACString& label);
+  // Perform encryption or decryption operation with the given secret and input
+  // bytes. The output is written in outBytes. This function can make use of the
+  // AesGcm class to use NSS for encryption and decryption.
+  virtual nsresult EncryptDecrypt(const nsACString& label,
+                                  const std::vector<uint8_t>& inBytes,
+                                  std::vector<uint8_t>& outBytes, bool encrypt);
+
+  size_t GetKeyByteLength() { return mKeyByteLength; }
+
+ protected:
+  /* These helper functions are implemented in OSKeyStore.cpp and implement
+   * common functionality of the abstract key store to encrypt and decrypt.
+   */
+  nsresult DoCipher(const mozilla::UniquePK11SymKey& aSymKey,
+                    const std::vector<uint8_t>& inBytes,
+                    std::vector<uint8_t>& outBytes, bool aEncrypt);
+  nsresult BuildAesGcmKey(std::vector<uint8_t> keyBytes,
+                          /* out */ mozilla::UniquePK11SymKey& aKey);
+
+ private:
+  const size_t mKeyByteLength = 16;
+  const size_t mIVLength = 12;
+};
+
+#define NS_OSKEYSTORE_CONTRACTID "@mozilla.org/security/oskeystore;1"
+#define NS_OSKEYSTORE_CID                            \
+  {                                                  \
+    0x57972956, 0x5718, 0x42d2, {                    \
+      0x80, 0x70, 0xb3, 0xfc, 0x72, 0x21, 0x2e, 0xaf \
+    }                                                \
+  }
+
+nsresult GetPromise(JSContext* aCx,
+                    /* out */ RefPtr<mozilla::dom::Promise>& aPromise);
+
+class OSKeyStore final : public nsIOSKeyStore {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOSKEYSTORE
+
+  OSKeyStore();
+  nsresult GenerateSecret(const nsACString& aLabel,
+                          /* out */ nsACString& aRecoveryPhrase);
+  nsresult SecretAvailable(const nsACString& aLabel,
+                           /* out */ bool* aAvailable);
+  nsresult RecoverSecret(const nsACString& aLabel,
+                         const nsACString& aRecoveryPhrase);
+  nsresult DeleteSecret(const nsACString& aLabel);
+  nsresult EncryptBytes(const nsACString& aLabel,
+                        const std::vector<uint8_t>& aInBytes,
+                        /*out*/ nsACString& aEncryptedBase64Text);
+  nsresult DecryptBytes(const nsACString& aLabel,
+                        const nsACString& aEncryptedBase64Text,
+                        /*out*/ uint32_t* outLen,
+                        /*out*/ uint8_t** outBytes);
+  nsresult Lock();
+  nsresult Unlock();
+
+ private:
+  ~OSKeyStore() = default;
+
+  std::unique_ptr<AbstractOSKeyStore> mKs;
+  bool mKsIsNSSKeyStore;
+};
+
+#endif  // OSKeyStore_h
diff --git a/security/manager/ssl/OSReauthenticator.cpp b/security/manager/ssl/OSReauthenticator.cpp
new file mode 100644
index 0000000000..b63b8d557f
--- /dev/null
+++ b/security/manager/ssl/OSReauthenticator.cpp
@@ -0,0 +1,562 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "OSReauthenticator.h"
+
+#include "OSKeyStore.h"
+#include "nsNetCID.h"
+#include "mozilla/dom/Promise.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/Preferences.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIBaseWindow.h"
+#include "nsIDocShell.h"
+#include "nsISupportsUtils.h"
+#include "nsIWidget.h"
+#include "nsPIDOMWindow.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "mozilla/ipc/IPCTypes.h"
+
+NS_IMPL_ISUPPORTS(OSReauthenticator, nsIOSReauthenticator)
+
+extern mozilla::LazyLogModule gCredentialManagerSecretLog;
+
+using mozilla::LogLevel;
+using mozilla::Maybe;
+using mozilla::Preferences;
+using mozilla::WindowsHandle;
+using mozilla::dom::Promise;
+
+#define PREF_BLANK_PASSWORD "security.osreauthenticator.blank_password"
+#define PREF_PASSWORD_LAST_CHANGED_LO \
+  "security.osreauthenticator.password_last_changed_lo"
+#define PREF_PASSWORD_LAST_CHANGED_HI \
+  "security.osreauthenticator.password_last_changed_hi"
+
+#if defined(XP_WIN)
+#  include <combaseapi.h>
+#  include <ntsecapi.h>
+#  include <wincred.h>
+#  include <windows.h>
+#  include "nsIWindowsRegKey.h"  // Must be included after <windows.h> for HKEY definition
+#  define SECURITY_WIN32
+#  include <security.h>
+#  include <shlwapi.h>
+#  if !defined(__MINGW32__)
+#    include <Lm.h>
+#    undef ACCESS_READ  // nsWindowsRegKey defines its own ACCESS_READ
+#  endif                // !defined(__MINGW32__)
+struct HandleCloser {
+  typedef HANDLE pointer;
+  void operator()(HANDLE h) {
+    if (h != INVALID_HANDLE_VALUE) {
+      CloseHandle(h);
+    }
+  }
+};
+struct BufferFreer {
+  typedef LPVOID pointer;
+  ULONG mSize;
+  explicit BufferFreer(ULONG size) : mSize(size) {}
+  void operator()(LPVOID b) {
+    SecureZeroMemory(b, mSize);
+    CoTaskMemFree(b);
+  }
+};
+struct LsaDeregistrator {
+  typedef HANDLE pointer;
+  void operator()(HANDLE h) {
+    if (h != INVALID_HANDLE_VALUE) {
+      LsaDeregisterLogonProcess(h);
+    }
+  }
+};
+typedef std::unique_ptr<HANDLE, HandleCloser> ScopedHANDLE;
+typedef std::unique_ptr<LPVOID, BufferFreer> ScopedBuffer;
+typedef std::unique_ptr<HANDLE, LsaDeregistrator> ScopedLsaHANDLE;
+
+constexpr int64_t Int32Modulo = 2147483648;
+
+// Get the token info holding the sid.
+std::unique_ptr<char[]> GetTokenInfo(ScopedHANDLE& token) {
+  DWORD length = 0;
+  // https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-gettokeninformation
+  mozilla::Unused << GetTokenInformation(token.get(), TokenUser, nullptr, 0,
+                                         &length);
+  if (!length || GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("Unable to obtain current token info."));
+    return nullptr;
+  }
+  std::unique_ptr<char[]> token_info(new char[length]);
+  if (!GetTokenInformation(token.get(), TokenUser, token_info.get(), length,
+                           &length)) {
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("Unable to obtain current token info (second call, possible "
+             "system error."));
+    return nullptr;
+  }
+  return token_info;
+}
+
+std::unique_ptr<char[]> GetUserTokenInfo() {
+  // Get current user sid to make sure the same user got logged in.
+  HANDLE token;
+  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) {
+    // Couldn't get a process token. This will fail any unlock attempts later.
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("Unable to obtain process token."));
+    return nullptr;
+  }
+  ScopedHANDLE scopedToken(token);
+  return GetTokenInfo(scopedToken);
+}
+
+Maybe<int64_t> GetPasswordLastChanged(const WCHAR* username) {
+#  if defined(__MINGW32__)
+  // NetUserGetInfo requires Lm.h which is not provided in MinGW builds
+  return mozilla::Nothing();
+#  else
+  LPUSER_INFO_1 user_info = NULL;
+  DWORD passwordAgeInSeconds = 0;
+
+  NET_API_STATUS ret =
+      NetUserGetInfo(NULL, username, 1, reinterpret_cast<LPBYTE*>(&user_info));
+
+  if (ret == NERR_Success) {
+    // Returns seconds since last password change.
+    passwordAgeInSeconds = user_info->usri1_password_age;
+    NetApiBufferFree(user_info);
+  } else {
+    return mozilla::Nothing();
+  }
+
+  // Return the time that the password was changed so we can use this
+  // for future comparisons.
+  return mozilla::Some(PR_Now() - passwordAgeInSeconds * PR_USEC_PER_SEC);
+#  endif
+}
+
+bool IsAutoAdminLogonEnabled() {
+  // https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows
+  nsresult rv;
+  nsCOMPtr<nsIWindowsRegKey> regKey =
+      do_CreateInstance("@mozilla.org/windows-registry-key;1", &rv);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+
+  rv = regKey->Open(
+      nsIWindowsRegKey::ROOT_KEY_LOCAL_MACHINE,
+      nsLiteralString(
+          u"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"),
+      nsIWindowsRegKey::ACCESS_READ);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+
+  nsAutoString value;
+  rv = regKey->ReadStringValue(u"AutoAdminLogon"_ns, value);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+  regKey->Close();
+
+  return value.Equals(u"1"_ns);
+}
+
+bool IsRequireSignonEnabled() {
+  // https://docs.microsoft.com/en-us/windows-hardware/customize/power-settings/no-subgroup-settings-prompt-for-password-on-resume
+  nsresult rv;
+  nsCOMPtr<nsIWindowsRegKey> regKey =
+      do_CreateInstance("@mozilla.org/windows-registry-key;1", &rv);
+  if (NS_FAILED(rv)) {
+    return true;
+  }
+
+  rv = regKey->Open(nsIWindowsRegKey::ROOT_KEY_LOCAL_MACHINE,
+                    u"System\\CurrentControlSet\\Control\\Power\\User\\Power"
+                    "Schemes"_ns,
+                    nsIWindowsRegKey::ACCESS_READ);
+  if (NS_FAILED(rv)) {
+    return true;
+  }
+
+  nsAutoString activePowerScheme;
+  rv = regKey->ReadStringValue(u"ActivePowerScheme"_ns, activePowerScheme);
+  if (NS_FAILED(rv)) {
+    return true;
+  }
+  regKey->Close();
+
+  rv = regKey->Open(nsIWindowsRegKey::ROOT_KEY_LOCAL_MACHINE,
+                    u"System\\CurrentControlSet\\Control\\Power\\User\\Power"
+                    "Schemes\\"_ns +
+                        activePowerScheme +
+                        u"\\0e796bdb-100d-47d6-a2d5-f7d2daa51f51"_ns,
+                    nsIWindowsRegKey::ACCESS_READ);
+  if (NS_FAILED(rv)) {
+    return true;
+  }
+
+  uint32_t value;
+  rv = regKey->ReadIntValue(u"ACSettingIndex"_ns, &value);
+  if (NS_FAILED(rv)) {
+    return true;
+  }
+  regKey->Close();
+
+  return !!value;
+}
+
+// Use the Windows credential prompt to ask the user to authenticate the
+// currently used account.
+static nsresult ReauthenticateUserWindows(
+    const nsAString& aMessageText, const nsAString& aCaptionText,
+    const WindowsHandle& hwndParent,
+    /* out */ bool& reauthenticated,
+    /* inout */ bool& isBlankPassword,
+    /* inout */ int64_t& prefLastChanged,
+    /* out */ bool& isAutoAdminLogonEnabled,
+    /* out */ bool& isRequireSignonEnabled) {
+  reauthenticated = false;
+  isAutoAdminLogonEnabled = false;
+  isRequireSignonEnabled = true;
+
+  // Check if the user has a blank password before proceeding
+  DWORD usernameLength = CREDUI_MAX_USERNAME_LENGTH + 1;
+  WCHAR username[CREDUI_MAX_USERNAME_LENGTH + 1] = {0};
+
+  if (!GetUserNameEx(NameSamCompatible, username, &usernameLength)) {
+    MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+            ("Error getting username"));
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!IsOS(OS_DOMAINMEMBER)) {
+    const WCHAR* usernameNoDomain = username;
+    // Don't include the domain portion of the username when calling LogonUser.
+    LPCWSTR backslash = wcschr(username, L'\\');
+    if (backslash) {
+      usernameNoDomain = backslash + 1;
+    }
+
+    Maybe<int64_t> lastChanged = GetPasswordLastChanged(usernameNoDomain);
+    if (lastChanged.isSome()) {
+      bool shouldCheckAgain = lastChanged.value() > prefLastChanged;
+      // Update the value stored in preferences
+      prefLastChanged = lastChanged.value();
+
+      if (shouldCheckAgain) {
+        HANDLE logonUserHandle = INVALID_HANDLE_VALUE;
+        bool result =
+            LogonUser(usernameNoDomain, L".", L"", LOGON32_LOGON_INTERACTIVE,
+                      LOGON32_PROVIDER_DEFAULT, &logonUserHandle);
+        if (result) {
+          CloseHandle(logonUserHandle);
+        }
+        // ERROR_ACCOUNT_RESTRICTION: Indicates a referenced user name and
+        // authentication information are valid, but some user account
+        // restriction has prevented successful authentication (such as
+        // time-of-day restrictions).
+        reauthenticated = isBlankPassword =
+            (result || GetLastError() == ERROR_ACCOUNT_RESTRICTION);
+      } else if (isBlankPassword) {
+        reauthenticated = true;
+      }
+
+      if (reauthenticated) {
+        return NS_OK;
+      }
+    } else {
+      isBlankPassword = false;
+    }
+  } else {
+    // Update any preferences, assuming domain members do not have blank
+    // passwords
+    isBlankPassword = false;
+  }
+
+  isAutoAdminLogonEnabled = IsAutoAdminLogonEnabled();
+
+  isRequireSignonEnabled = IsRequireSignonEnabled();
+
+  // Is used in next iteration if the previous login failed.
+  DWORD err = 0;
+  std::unique_ptr<char[]> userTokenInfo = GetUserTokenInfo();
+
+  // CredUI prompt.
+  CREDUI_INFOW credui = {};
+  credui.cbSize = sizeof(credui);
+  credui.hwndParent = reinterpret_cast<HWND>(hwndParent);
+  const nsString& messageText = PromiseFlatString(aMessageText);
+  credui.pszMessageText = messageText.get();
+  const nsString& captionText = PromiseFlatString(aCaptionText);
+  credui.pszCaptionText = captionText.get();
+  credui.hbmBanner = nullptr;  // ignored
+
+  while (!reauthenticated) {
+    HANDLE lsa = INVALID_HANDLE_VALUE;
+    // Get authentication handle for future user authentications.
+    // https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/nf-ntsecapi-lsaconnectuntrusted
+    if (LsaConnectUntrusted(&lsa) != ERROR_SUCCESS) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Error acquiring lsa. Authentication attempts will fail."));
+      return NS_ERROR_FAILURE;
+    }
+    ScopedLsaHANDLE scopedLsa(lsa);
+
+    if (!userTokenInfo || lsa == INVALID_HANDLE_VALUE) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Error setting up login and user token."));
+      return NS_ERROR_FAILURE;
+    }
+
+    ULONG authPackage = 0;
+    ULONG outCredSize = 0;
+    LPVOID outCredBuffer = nullptr;
+
+    // Get user's Windows credentials.
+    // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-creduipromptforwindowscredentialsw
+    err = CredUIPromptForWindowsCredentialsW(
+        &credui, err, &authPackage, nullptr, 0, &outCredBuffer, &outCredSize,
+        nullptr, CREDUIWIN_ENUMERATE_CURRENT_USER);
+    ScopedBuffer scopedOutCredBuffer(outCredBuffer, BufferFreer(outCredSize));
+    if (err == ERROR_CANCELLED) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Error getting authPackage for user login, user cancel."));
+      return NS_OK;
+    }
+    if (err != ERROR_SUCCESS) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Error getting authPackage for user login."));
+      return NS_ERROR_FAILURE;
+    }
+
+    // Verify the credentials.
+    TOKEN_SOURCE source;
+    PCHAR contextName = const_cast<PCHAR>("Mozilla");
+    size_t nameLength =
+        std::min(TOKEN_SOURCE_LENGTH, static_cast<int>(strlen(contextName)));
+    // Note that the string must not be longer than TOKEN_SOURCE_LENGTH.
+    memcpy(source.SourceName, contextName, nameLength);
+    // https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-allocatelocallyuniqueid
+    if (!AllocateLocallyUniqueId(&source.SourceIdentifier)) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Error allocating ID for logon process."));
+      return NS_ERROR_FAILURE;
+    }
+
+    NTSTATUS substs;
+    void* profileBuffer = nullptr;
+    ULONG profileBufferLength = 0;
+    QUOTA_LIMITS limits = {0};
+    LUID luid;
+    HANDLE token = INVALID_HANDLE_VALUE;
+    LSA_STRING name;
+    name.Buffer = contextName;
+    name.Length = strlen(name.Buffer);
+    name.MaximumLength = name.Length;
+    // https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/nf-ntsecapi-lsalogonuser
+    NTSTATUS sts = LsaLogonUser(
+        scopedLsa.get(), &name, (SECURITY_LOGON_TYPE)Interactive, authPackage,
+        scopedOutCredBuffer.get(), outCredSize, nullptr, &source,
+        &profileBuffer, &profileBufferLength, &luid, &token, &limits, &substs);
+    ScopedHANDLE scopedToken(token);
+    LsaFreeReturnBuffer(profileBuffer);
+    if (sts == ERROR_SUCCESS) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("User logged in successfully."));
+    } else {
+      err = LsaNtStatusToWinError(sts);
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Login failed with %lx (%lx).", sts, err));
+      continue;
+    }
+
+    // The user can select any user to log-in on the authentication prompt.
+    // Make sure that the logged in user is the current user.
+    std::unique_ptr<char[]> logonTokenInfo = GetTokenInfo(scopedToken);
+    if (!logonTokenInfo) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Error getting logon token info."));
+      return NS_ERROR_FAILURE;
+    }
+    PSID logonSID =
+        reinterpret_cast<TOKEN_USER*>(logonTokenInfo.get())->User.Sid;
+    PSID userSID = reinterpret_cast<TOKEN_USER*>(userTokenInfo.get())->User.Sid;
+    if (EqualSid(userSID, logonSID)) {
+      MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
+              ("Login successfully (correct user)."));
+      reauthenticated = true;
+      break;
+    } else {
+      err = ERROR_LOGON_FAILURE;
+    }
+  }
+  return NS_OK;
+}
+#endif  // XP_WIN
+
+static nsresult ReauthenticateUser(const nsAString& prompt,
+                                   const nsAString& caption,
+                                   const WindowsHandle& hwndParent,
+                                   /* out */ bool& reauthenticated,
+                                   /* inout */ bool& isBlankPassword,
+                                   /* inout */ int64_t& prefLastChanged,
+                                   /* out */ bool& isAutoAdminLogonEnabled,
+                                   /* out */ bool& isRequireSignonEnabled) {
+  reauthenticated = false;
+#if defined(XP_WIN)
+  return ReauthenticateUserWindows(
+      prompt, caption, hwndParent, reauthenticated, isBlankPassword,
+      prefLastChanged, isAutoAdminLogonEnabled, isRequireSignonEnabled);
+#elif defined(XP_MACOSX)
+  return ReauthenticateUserMacOS(prompt, reauthenticated, isBlankPassword);
+#else
+  return NS_OK;
+#endif  // Reauthentication is not implemented for this platform.
+}
+
+static void BackgroundReauthenticateUser(RefPtr<Promise>& aPromise,
+                                         const nsAString& aMessageText,
+                                         const nsAString& aCaptionText,
+                                         const WindowsHandle& hwndParent,
+                                         bool isBlankPassword,
+                                         int64_t prefLastChanged) {
+  nsAutoCString recovery;
+  bool reauthenticated;
+  bool isAutoAdminLogonEnabled;
+  bool isRequireSignonEnabled;
+  nsresult rv = ReauthenticateUser(
+      aMessageText, aCaptionText, hwndParent, reauthenticated, isBlankPassword,
+      prefLastChanged, isAutoAdminLogonEnabled, isRequireSignonEnabled);
+
+  nsTArray<int32_t> prefLastChangedUpdates;
+#if defined(XP_WIN)
+  // Increase the lastChanged time to account for clock skew.
+  prefLastChanged += PR_USEC_PER_SEC;
+  // Need to split the 64bit integer to its hi and lo bits before sending it
+  // back to JS.
+  int32_t prefLastChangedHi = prefLastChanged / Int32Modulo;
+  int32_t prefLastChangedLo = prefLastChanged % Int32Modulo;
+  prefLastChangedUpdates.AppendElement(prefLastChangedHi);
+  prefLastChangedUpdates.AppendElement(prefLastChangedLo);
+#endif
+
+  nsTArray<int32_t> results;
+  results.AppendElement(reauthenticated);
+  results.AppendElement(isBlankPassword);
+#if defined(XP_WIN)
+  results.AppendElement(isAutoAdminLogonEnabled);
+  results.AppendElement(isRequireSignonEnabled);
+#endif
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundReauthenticateUserResolve",
+      [rv, results = std::move(results),
+       prefLastChangedUpdates = std::move(prefLastChangedUpdates),
+       aPromise = std::move(aPromise)]() {
+        if (NS_FAILED(rv)) {
+          aPromise->MaybeReject(rv);
+        } else {
+          aPromise->MaybeResolve(results);
+        }
+
+        nsresult rv = Preferences::SetBool(PREF_BLANK_PASSWORD, results[1]);
+        if (NS_FAILED(rv)) {
+          return;
+        }
+        if (prefLastChangedUpdates.Length() > 1) {
+          rv = Preferences::SetInt(PREF_PASSWORD_LAST_CHANGED_HI,
+                                   prefLastChangedUpdates[0]);
+          if (NS_FAILED(rv)) {
+            return;
+          }
+          Preferences::SetInt(PREF_PASSWORD_LAST_CHANGED_LO,
+                              prefLastChangedUpdates[1]);
+        }
+      }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+NS_IMETHODIMP
+OSReauthenticator::AsyncReauthenticateUser(const nsAString& aMessageText,
+                                           const nsAString& aCaptionText,
+                                           mozIDOMWindow* aParentWindow,
+                                           JSContext* aCx,
+                                           Promise** promiseOut) {
+  NS_ENSURE_ARG_POINTER(aCx);
+
+  RefPtr<Promise> promiseHandle;
+  nsresult rv = GetPromise(aCx, promiseHandle);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  WindowsHandle hwndParent = 0;
+  if (aParentWindow) {
+    nsPIDOMWindowInner* win = nsPIDOMWindowInner::From(aParentWindow);
+    nsIDocShell* docShell = win->GetDocShell();
+    if (docShell) {
+      nsCOMPtr<nsIBaseWindow> baseWindow = do_QueryInterface(docShell);
+      if (baseWindow) {
+        nsCOMPtr<nsIWidget> widget;
+        baseWindow->GetMainWidget(getter_AddRefs(widget));
+        if (widget) {
+          hwndParent = reinterpret_cast<WindowsHandle>(
+              widget->GetNativeData(NS_NATIVE_WINDOW));
+        }
+      }
+    }
+  }
+
+  int64_t prefLastChanged = 0;
+  bool isBlankPassword = false;
+#if defined(XP_WIN)
+  // These preferences are only supported on Windows.
+  // Preferences are read/write main-thread only.
+  int32_t prefLastChangedLo;
+  int32_t prefLastChangedHi;
+  rv = Preferences::GetBool(PREF_BLANK_PASSWORD, &isBlankPassword);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::GetInt(PREF_PASSWORD_LAST_CHANGED_LO, &prefLastChangedLo);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::GetInt(PREF_PASSWORD_LAST_CHANGED_HI, &prefLastChangedHi);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  prefLastChanged = prefLastChangedHi * Int32Modulo + prefLastChangedLo;
+#endif
+
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundReauthenticateUser",
+      [promiseHandle, aMessageText = nsAutoString(aMessageText),
+       aCaptionText = nsAutoString(aCaptionText), hwndParent, isBlankPassword,
+       prefLastChanged]() mutable {
+        BackgroundReauthenticateUser(promiseHandle, aMessageText, aCaptionText,
+                                     hwndParent, isBlankPassword,
+                                     prefLastChanged);
+      }));
+
+  nsCOMPtr<nsIEventTarget> target(
+      do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID));
+  if (!target) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = target->Dispatch(runnable, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  promiseHandle.forget(promiseOut);
+  return NS_OK;
+}
diff --git a/security/manager/ssl/OSReauthenticator.h b/security/manager/ssl/OSReauthenticator.h
new file mode 100644
index 0000000000..837dfa91c0
--- /dev/null
+++ b/security/manager/ssl/OSReauthenticator.h
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef OSReauthenticator_h
+#define OSReauthenticator_h
+
+#include "nsIOSReauthenticator.h"
+
+#define NS_OSREAUTHENTICATOR_CONTRACTID \
+  "@mozilla.org/security/osreauthenticator;1"
+#define NS_OSREAUTHENTICATOR_CID                     \
+  {                                                  \
+    0x4fe082ae, 0x6ff0, 0x4b41, {                    \
+      0xb2, 0x4f, 0xea, 0xa6, 0x64, 0xf6, 0xe4, 0x6a \
+    }                                                \
+  }
+
+class OSReauthenticator : public nsIOSReauthenticator {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOSREAUTHENTICATOR
+
+ private:
+  virtual ~OSReauthenticator() = default;
+};
+
+#ifdef XP_MACOSX
+nsresult ReauthenticateUserMacOS(const nsAString& aPrompt,
+                                 /* out */ bool& aReauthenticated,
+                                 /* out */ bool& aIsBlankPassword);
+#endif  // XP_MACOSX
+
+#endif  // OSReauthenticator_h
diff --git a/security/manager/ssl/OSReauthenticatorDarwin.mm b/security/manager/ssl/OSReauthenticatorDarwin.mm
new file mode 100644
index 0000000000..ac1ff66f9b
--- /dev/null
+++ b/security/manager/ssl/OSReauthenticatorDarwin.mm
@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "OSReauthenticator.h"
+
+#include "nsCocoaUtils.h"
+
+using namespace mozilla;
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <LocalAuthentication/LocalAuthentication.h>
+
+static const int32_t kPasswordNotSetErrorCode = -1000;
+
+nsresult ReauthenticateUserMacOS(const nsAString& aPrompt,
+                                 /* out */ bool& aReauthenticated,
+                                 /* out */ bool& aIsBlankPassword) {
+  // The idea here is that we ask to be authorized to unlock the user's session.
+  // This should cause a prompt to come up for the user asking them for their
+  // password. If they correctly enter it, we'll set aReauthenticated to true.
+
+  LAContext* context = [[LAContext alloc] init];
+  NSString* prompt = nsCocoaUtils::ToNSString(aPrompt);
+
+  dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+
+  __block BOOL biometricSuccess = NO;     // mark variable r/w across the block
+  __block BOOL errorPasswordNotSet = NO;  // mark variable r/w across the block
+
+  // Note: This is an async callback in an already-async Promise chain.
+  [context evaluatePolicy:LAPolicyDeviceOwnerAuthentication
+          localizedReason:prompt
+                    reply:^(BOOL success, NSError* error) {
+                      dispatch_async(dispatch_get_main_queue(), ^{
+                        // error is not particularly useful in this context, and we have no
+                        // mechanism to really return it. We could use it to set the nsresult,
+                        // but this is a best-effort mechanism and there's no particular case for
+                        // propagating up XPCOM. The one exception being a user account that
+                        // has no passcode set, which we handle below.
+                        errorPasswordNotSet = error && [error code] == kPasswordNotSetErrorCode;
+                        biometricSuccess = success || errorPasswordNotSet;
+                        dispatch_semaphore_signal(sema);
+                      });
+                    }];
+
+  // What we want to do here is convert this into a blocking call, since
+  // our calling methods expect us to block and set aReauthenticated on return.
+  dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
+  dispatch_release(sema);
+  sema = NULL;
+
+  aReauthenticated = biometricSuccess;
+  aIsBlankPassword = errorPasswordNotSet;
+
+  [context release];
+  return NS_OK;
+}
diff --git a/security/manager/ssl/PIPCClientCerts.ipdl b/security/manager/ssl/PIPCClientCerts.ipdl
new file mode 100644
index 0000000000..9278ad5715
--- /dev/null
+++ b/security/manager/ssl/PIPCClientCerts.ipdl
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PBackground;
+
+include PSMIPCTypes;
+
+using mozilla::OriginAttributes from "mozilla/ipc/BackgroundUtils.h";
+
+namespace mozilla {
+namespace psm {
+
+sync protocol PIPCClientCerts
+{
+  manager PBackground;
+
+parent:
+  // Called from the socket process to the parent process to find client
+  // certificates and associated keys.
+  sync FindObjects() returns (IPCClientCertObject[] aObjects);
+
+  // Called from the socket process to the parent process to sign the given
+  // data with the given parameters using the key associated with the given
+  // certificate. Used when a TLS server requests a client authentication
+  // certificate.
+  sync Sign(ByteArray aCert, ByteArray aData, ByteArray aParams)
+    returns (ByteArray aSignature);
+
+  async __delete__();
+};
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/PKCS11ModuleDB.cpp b/security/manager/ssl/PKCS11ModuleDB.cpp
new file mode 100644
index 0000000000..3825abb8b2
--- /dev/null
+++ b/security/manager/ssl/PKCS11ModuleDB.cpp
@@ -0,0 +1,184 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "PKCS11ModuleDB.h"
+
+#include "ScopedNSSTypes.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIMutableArray.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSComponent.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsPKCS11Slot.h"
+#include "nsServiceManagerUtils.h"
+
+namespace mozilla {
+namespace psm {
+
+NS_IMPL_ISUPPORTS(PKCS11ModuleDB, nsIPKCS11ModuleDB)
+
+// Convert the UTF16 name of the module as it appears to the user to the
+// internal representation. For most modules this just involves converting from
+// UTF16 to UTF8. For the builtin root module, it also involves mapping from the
+// localized name to the internal, non-localized name.
+static nsresult NormalizeModuleNameIn(const nsAString& moduleNameIn,
+                                      nsCString& moduleNameOut) {
+  nsAutoString localizedRootModuleName;
+  nsresult rv =
+      GetPIPNSSBundleString("RootCertModuleName", localizedRootModuleName);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (moduleNameIn.Equals(localizedRootModuleName)) {
+    moduleNameOut.Assign(kRootModuleName);
+    return NS_OK;
+  }
+  moduleNameOut.Assign(NS_ConvertUTF16toUTF8(moduleNameIn));
+  return NS_OK;
+}
+
+// Delete a PKCS11 module from the user's profile.
+NS_IMETHODIMP
+PKCS11ModuleDB::DeleteModule(const nsAString& aModuleName) {
+  if (aModuleName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsAutoCString moduleNameNormalized;
+  nsresult rv = NormalizeModuleNameIn(aModuleName, moduleNameNormalized);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // modType is an output variable. We ignore it.
+  int32_t modType;
+  SECStatus srv = SECMOD_DeleteModule(moduleNameNormalized.get(), &modType);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+// Add a new PKCS11 module to the user's profile.
+NS_IMETHODIMP
+PKCS11ModuleDB::AddModule(const nsAString& aModuleName,
+                          const nsAString& aLibraryFullPath,
+                          int32_t aCryptoMechanismFlags, int32_t aCipherFlags) {
+  if (aModuleName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  // "Root Certs" is the name some NSS command-line utilities will give the
+  // roots module if they decide to load it when there happens to be a
+  // `MOZ_DLL_PREFIX "nssckbi" MOZ_DLL_SUFFIX` file in the directory being
+  // operated on.  This causes failures, so as a workaround, the PSM
+  // initialization code will unconditionally remove any module named "Root
+  // Certs". We should prevent the user from adding an unrelated module named
+  // "Root Certs" in the first place so PSM doesn't delete it. See bug 1406396.
+  if (aModuleName.EqualsLiteral("Root Certs")) {
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  // There appears to be a deadlock if we try to load modules concurrently, so
+  // just wait until the loadable roots module has been loaded.
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsAutoCString moduleNameNormalized;
+  rv = NormalizeModuleNameIn(aModuleName, moduleNameNormalized);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsCString fullPath;
+  CopyUTF16toUTF8(aLibraryFullPath, fullPath);
+  uint32_t mechFlags = SECMOD_PubMechFlagstoInternal(aCryptoMechanismFlags);
+  uint32_t cipherFlags = SECMOD_PubCipherFlagstoInternal(aCipherFlags);
+  SECStatus srv = SECMOD_AddNewModule(moduleNameNormalized.get(),
+                                      fullPath.get(), mechFlags, cipherFlags);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PKCS11ModuleDB::ListModules(nsISimpleEnumerator** _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* lock down the list for reading */
+  AutoSECMODListReadLock lock;
+  for (SECMODModuleList* list = SECMOD_GetDefaultModuleList(); list;
+       list = list->next) {
+    nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
+    nsresult rv = array->AppendElement(module);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  /* Get the modules in the database that didn't load */
+  for (SECMODModuleList* list = SECMOD_GetDeadModuleList(); list;
+       list = list->next) {
+    nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
+    nsresult rv = array->AppendElement(module);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return array->Enumerate(_retval, NS_GET_IID(nsIPKCS11Module));
+}
+
+NS_IMETHODIMP
+PKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS) {
+  NS_ENSURE_ARG_POINTER(aCanToggleFIPS);
+
+  *aCanToggleFIPS = SECMOD_CanDeleteInternalModule();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PKCS11ModuleDB::ToggleFIPSMode() {
+  // The way to toggle FIPS mode in NSS is extremely obscure. Basically, we
+  // delete the internal module, and it gets replaced with the opposite module
+  // (i.e. if it was FIPS before, then it becomes non-FIPS next).
+  // SECMOD_GetInternalModule() returns a pointer to a local copy of the
+  // internal module stashed in NSS.  We don't want to delete it since it will
+  // cause much pain in NSS.
+  SECMODModule* internal = SECMOD_GetInternalModule();
+  if (!internal) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECMOD_DeleteInternalModule(internal->commonName) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PKCS11ModuleDB::GetIsFIPSEnabled(bool* aIsFIPSEnabled) {
+  NS_ENSURE_ARG_POINTER(aIsFIPSEnabled);
+
+  *aIsFIPSEnabled = PK11_IsFIPS();
+  return NS_OK;
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/PKCS11ModuleDB.h b/security/manager/ssl/PKCS11ModuleDB.h
new file mode 100644
index 0000000000..c167afe410
--- /dev/null
+++ b/security/manager/ssl/PKCS11ModuleDB.h
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef PKCS11ModuleDB_h
+#define PKCS11ModuleDB_h
+
+#include "nsIPKCS11ModuleDB.h"
+
+namespace mozilla {
+namespace psm {
+
+#define NS_PKCS11MODULEDB_CID                        \
+  {                                                  \
+    0xff9fbcd7, 0x9517, 0x4334, {                    \
+      0xb9, 0x7a, 0xce, 0xed, 0x78, 0x90, 0x99, 0x74 \
+    }                                                \
+  }
+
+class PKCS11ModuleDB : public nsIPKCS11ModuleDB {
+ public:
+  PKCS11ModuleDB() = default;
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULEDB
+
+ protected:
+  virtual ~PKCS11ModuleDB() = default;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // PKCS11ModuleDB_h
diff --git a/security/manager/ssl/PSMIPCTypes.ipdlh b/security/manager/ssl/PSMIPCTypes.ipdlh
new file mode 100644
index 0000000000..54bce317c2
--- /dev/null
+++ b/security/manager/ssl/PSMIPCTypes.ipdlh
@@ -0,0 +1,51 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 ft=cpp : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+namespace mozilla {
+namespace psm {
+
+struct ByteArray{
+  uint8_t[] data;
+};
+
+// For ECKey, RSAKey, and Certificate, slotType indicates which slot this object
+// should exist on:
+// 1: modern (supports EC, RSA-PSS)
+// 2: legacy (only supports RSA PKCS#1v1.5)
+
+struct ECKey{
+  uint8_t[] params; // the EC point representing this key
+  uint8_t[] cert; // the encoded certificate containing this key
+  uint32_t slotType;
+};
+
+struct RSAKey{
+  uint8_t[] modulus; // the modulus of this RSA key
+  uint8_t[] cert; // the encoded certificate containing this key
+  uint32_t slotType;
+};
+
+struct Certificate{
+  uint8_t[] der; // the encoding of this certificate
+  uint32_t slotType;
+};
+
+// Helper type for sending keys and certificates over IPC for use by IPC client
+// certs.
+union IPCClientCertObject{
+  ECKey;
+  RSAKey;
+  Certificate;
+};
+
+struct DelegatedCredentialInfoArg {
+  uint32_t scheme;
+  uint32_t authKeyBits;
+};
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/PSMRunnable.cpp b/security/manager/ssl/PSMRunnable.cpp
new file mode 100644
index 0000000000..b962f52af3
--- /dev/null
+++ b/security/manager/ssl/PSMRunnable.cpp
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "PSMRunnable.h"
+
+namespace mozilla {
+namespace psm {
+
+SyncRunnableBase::SyncRunnableBase()
+    : Runnable("psm::SyncRunnableBase"), monitor("SyncRunnableBase::monitor") {}
+
+nsresult SyncRunnableBase::DispatchToMainThreadAndWait() {
+  nsresult rv;
+  if (NS_IsMainThread()) {
+    RunOnTargetThread();
+    rv = NS_OK;
+  } else {
+    mozilla::MonitorAutoLock lock(monitor);
+    rv = NS_DispatchToMainThread(this);
+    if (NS_SUCCEEDED(rv)) {
+      lock.Wait();
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+SyncRunnableBase::Run() {
+  RunOnTargetThread();
+  mozilla::MonitorAutoLock(monitor).Notify();
+  return NS_OK;
+}
+
+nsresult NotifyObserverRunnable::Run() {
+  mObserver->Observe(nullptr, mTopic, nullptr);
+  return NS_OK;
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/PSMRunnable.h b/security/manager/ssl/PSMRunnable.h
new file mode 100644
index 0000000000..faafb14c60
--- /dev/null
+++ b/security/manager/ssl/PSMRunnable.h
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PSMRunnable_h
+#define PSMRunnable_h
+
+#include "mozilla/Monitor.h"
+#include "nsThreadUtils.h"
+#include "nsIObserver.h"
+#include "nsProxyRelease.h"
+
+namespace mozilla {
+namespace psm {
+
+// Wait for the event to run on the target thread without spinning the event
+// loop on the calling thread. (Dispatching events to a thread using
+// NS_DispatchAndSpinEventLoopUntilComplete would cause the event loop on the
+// calling thread to spin.)
+class SyncRunnableBase : public Runnable {
+ public:
+  NS_DECL_NSIRUNNABLE
+  nsresult DispatchToMainThreadAndWait();
+
+ protected:
+  SyncRunnableBase();
+  virtual void RunOnTargetThread() = 0;
+
+ private:
+  mozilla::Monitor monitor MOZ_UNANNOTATED;
+};
+
+class NotifyObserverRunnable : public Runnable {
+ public:
+  NotifyObserverRunnable(nsIObserver* observer, const char* topicStringLiteral)
+      : Runnable("psm::NotifyObserverRunnable"),
+        mObserver(new nsMainThreadPtrHolder<nsIObserver>(
+            "psm::NotifyObserverRunnable::mObserver", observer)),
+        mTopic(topicStringLiteral) {}
+  NS_DECL_NSIRUNNABLE
+ private:
+  nsMainThreadPtrHandle<nsIObserver> mObserver;
+  const char* const mTopic;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/PSelectTLSClientAuthCert.ipdl b/security/manager/ssl/PSelectTLSClientAuthCert.ipdl
new file mode 100644
index 0000000000..2270b8b12c
--- /dev/null
+++ b/security/manager/ssl/PSelectTLSClientAuthCert.ipdl
@@ -0,0 +1,26 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 ft=cpp : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PBackground;
+include PSMIPCTypes;
+
+namespace mozilla {
+namespace psm {
+
+protocol PSelectTLSClientAuthCert
+{
+  manager PBackground;
+
+child:
+  async TLSClientAuthCertSelected(ByteArray aSelectedCertBytes,
+                                  ByteArray[] aSelectedCertChainBytes);
+
+  async __delete__();
+};
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/PVerifySSLServerCert.ipdl b/security/manager/ssl/PVerifySSLServerCert.ipdl
new file mode 100644
index 0000000000..5277d00ac6
--- /dev/null
+++ b/security/manager/ssl/PVerifySSLServerCert.ipdl
@@ -0,0 +1,31 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 ft=cpp : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PBackground;
+include PSMIPCTypes;
+
+namespace mozilla {
+namespace psm {
+
+protocol PVerifySSLServerCert
+{
+  manager PBackground;
+
+child:
+  async OnVerifiedSSLServerCertSuccess(ByteArray[] aBuiltCertChain,
+                                       uint16_t aCertTransparencyStatus,
+                                       uint8_t aEVStatus,
+                                       bool isBuiltCertChainRootBuiltInRoot, bool aMadeOCSPRequests);
+
+  async OnVerifiedSSLServerCertFailure(int32_t aFinalError,
+                                       uint32_t aOverridableErrorCategory, bool aMadeOCSPRequests);
+
+  async __delete__();
+};
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/PublicKeyPinningService.cpp b/security/manager/ssl/PublicKeyPinningService.cpp
new file mode 100644
index 0000000000..e3d02ce326
--- /dev/null
+++ b/security/manager/ssl/PublicKeyPinningService.cpp
@@ -0,0 +1,393 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "PublicKeyPinningService.h"
+
+#include "RootCertificateTelemetryUtils.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Base64.h"
+#include "mozilla/BinarySearch.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Span.h"
+#include "mozilla/StaticPrefs_security.h"
+#include "mozilla/Telemetry.h"
+#include "nsDependentString.h"
+#include "nsServiceManagerUtils.h"
+#include "nsSiteSecurityService.h"
+#include "mozpkix/pkixtypes.h"
+#include "mozpkix/pkixutil.h"
+#include "seccomon.h"
+#include "sechash.h"
+
+#include "StaticHPKPins.h"  // autogenerated by genHPKPStaticpins.js
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService");
+
+NS_IMPL_ISUPPORTS(PublicKeyPinningService, nsIPublicKeyPinningService)
+
+enum class PinningMode : uint32_t {
+  Disabled = 0,
+  AllowUserCAMITM = 1,
+  Strict = 2,
+  EnforceTestMode = 3
+};
+
+PinningMode GetPinningMode() {
+  PinningMode pinningMode = static_cast<PinningMode>(
+      StaticPrefs::security_cert_pinning_enforcement_level_DoNotUseDirectly());
+  switch (pinningMode) {
+    case PinningMode::Disabled:
+      return PinningMode::Disabled;
+    case PinningMode::AllowUserCAMITM:
+      return PinningMode::AllowUserCAMITM;
+    case PinningMode::Strict:
+      return PinningMode::Strict;
+    case PinningMode::EnforceTestMode:
+      return PinningMode::EnforceTestMode;
+    default:
+      return PinningMode::Disabled;
+  }
+}
+
+/**
+ Computes in the location specified by base64Out the SHA256 digest
+ of the DER Encoded subject Public Key Info for the given cert
+*/
+static nsresult GetBase64HashSPKI(const BackCert& cert,
+                                  nsACString& hashSPKIDigest) {
+  Input derPublicKey = cert.GetSubjectPublicKeyInfo();
+
+  hashSPKIDigest.Truncate();
+  nsTArray<uint8_t> digestArray;
+  nsresult nsrv =
+      Digest::DigestBuf(SEC_OID_SHA256, derPublicKey.UnsafeGetData(),
+                        derPublicKey.GetLength(), digestArray);
+  if (NS_FAILED(nsrv)) {
+    return nsrv;
+  }
+  return Base64Encode(nsDependentCSubstring(
+                          BitwiseCast<char*, uint8_t*>(digestArray.Elements()),
+                          digestArray.Length()),
+                      hashSPKIDigest);
+}
+
+/*
+ * Sets certMatchesPinset to true if a given cert matches any fingerprints from
+ * the given pinset and false otherwise.
+ */
+static nsresult EvalCert(const BackCert& cert,
+                         const StaticFingerprints* fingerprints,
+                         /*out*/ bool& certMatchesPinset) {
+  certMatchesPinset = false;
+  if (!fingerprints) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+            ("pkpin: No hashes found\n"));
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsAutoCString base64Out;
+  nsresult rv = GetBase64HashSPKI(cert, base64Out);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+            ("pkpin: GetBase64HashSPKI failed!\n"));
+    return rv;
+  }
+
+  if (fingerprints) {
+    for (size_t i = 0; i < fingerprints->size; i++) {
+      if (base64Out.Equals(fingerprints->data[i])) {
+        MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+                ("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
+        certMatchesPinset = true;
+        return NS_OK;
+      }
+    }
+  }
+  return NS_OK;
+}
+
+/*
+ * Sets certListIntersectsPinset to true if a given chain matches any
+ * fingerprints from the given static fingerprints and false otherwise.
+ */
+static nsresult EvalChain(const nsTArray<Span<const uint8_t>>& derCertList,
+                          const StaticFingerprints* fingerprints,
+                          /*out*/ bool& certListIntersectsPinset) {
+  certListIntersectsPinset = false;
+  if (!fingerprints) {
+    MOZ_ASSERT(false, "Must pass in at least one type of pinset");
+    return NS_ERROR_FAILURE;
+  }
+
+  EndEntityOrCA endEntityOrCA = EndEntityOrCA::MustBeEndEntity;
+  for (const auto& cert : derCertList) {
+    Input certInput;
+    mozilla::pkix::Result rv = certInput.Init(cert.data(), cert.size());
+    if (rv != mozilla::pkix::Result::Success) {
+      return NS_ERROR_INVALID_ARG;
+    }
+    BackCert backCert(certInput, endEntityOrCA, nullptr);
+    rv = backCert.Init();
+    if (rv != mozilla::pkix::Result::Success) {
+      return NS_ERROR_INVALID_ARG;
+    }
+
+    nsresult nsrv = EvalCert(backCert, fingerprints, certListIntersectsPinset);
+    if (NS_FAILED(nsrv)) {
+      return nsrv;
+    }
+    if (certListIntersectsPinset) {
+      break;
+    }
+    endEntityOrCA = EndEntityOrCA::MustBeCA;
+  }
+
+  if (!certListIntersectsPinset) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+            ("pkpin: no matches found\n"));
+  }
+  return NS_OK;
+}
+
+class TransportSecurityPreloadBinarySearchComparator {
+ public:
+  explicit TransportSecurityPreloadBinarySearchComparator(
+      const char* aTargetHost)
+      : mTargetHost(aTargetHost) {}
+
+  int operator()(const TransportSecurityPreload& val) const {
+    return strcmp(mTargetHost, val.mHost);
+  }
+
+ private:
+  const char* mTargetHost;  // non-owning
+};
+
+#ifdef DEBUG
+static Atomic<bool> sValidatedPinningPreloadList(false);
+
+static void ValidatePinningPreloadList() {
+  if (sValidatedPinningPreloadList) {
+    return;
+  }
+  for (const auto& entry : kPublicKeyPinningPreloadList) {
+    // If and only if a static entry is a Mozilla entry, it has a telemetry ID.
+    MOZ_ASSERT((entry.mIsMoz && entry.mId != kUnknownId) ||
+               (!entry.mIsMoz && entry.mId == kUnknownId));
+  }
+  sValidatedPinningPreloadList = true;
+}
+#endif  // DEBUG
+
+// Returns via one of the output parameters the most relevant pinning
+// information that is valid for the given host at the given time.
+static nsresult FindPinningInformation(
+    const char* hostname, mozilla::pkix::Time time,
+    /*out*/ const TransportSecurityPreload*& staticFingerprints) {
+#ifdef DEBUG
+  ValidatePinningPreloadList();
+#endif
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  staticFingerprints = nullptr;
+  const TransportSecurityPreload* foundEntry = nullptr;
+  const char* evalHost = hostname;
+  const char* evalPart;
+  // Notice how the (xx = strchr) prevents pins for unqualified domain names.
+  while (!foundEntry && (evalPart = strchr(evalHost, '.'))) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+            ("pkpin: Querying pinsets for host: '%s'\n", evalHost));
+    size_t foundEntryIndex;
+    if (BinarySearchIf(kPublicKeyPinningPreloadList, 0,
+                       ArrayLength(kPublicKeyPinningPreloadList),
+                       TransportSecurityPreloadBinarySearchComparator(evalHost),
+                       &foundEntryIndex)) {
+      foundEntry = &kPublicKeyPinningPreloadList[foundEntryIndex];
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+              ("pkpin: Found pinset for host: '%s'\n", evalHost));
+      if (evalHost != hostname) {
+        if (!foundEntry->mIncludeSubdomains) {
+          // Does not apply to this host, continue iterating
+          foundEntry = nullptr;
+        }
+      }
+    } else {
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+              ("pkpin: Didn't find pinset for host: '%s'\n", evalHost));
+    }
+    // Add one for '.'
+    evalHost = evalPart + 1;
+  }
+
+  if (foundEntry && foundEntry->pinset) {
+    if (time > TimeFromEpochInSeconds(kPreloadPKPinsExpirationTime /
+                                      PR_USEC_PER_SEC)) {
+      return NS_OK;
+    }
+    staticFingerprints = foundEntry;
+  }
+  return NS_OK;
+}
+
+// Returns true via the output parameter if the given certificate list meets
+// pinning requirements for the given host at the given time. It must be the
+// case that either there is an intersection between the set of hashes of
+// subject public key info data in the list and the most relevant non-expired
+// pinset for the host or there is no pinning information for the host.
+static nsresult CheckPinsForHostname(
+    const nsTArray<Span<const uint8_t>>& certList, const char* hostname,
+    bool enforceTestMode, mozilla::pkix::Time time,
+    /*out*/ bool& chainHasValidPins,
+    /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo) {
+  chainHasValidPins = false;
+  if (certList.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  const TransportSecurityPreload* staticFingerprints = nullptr;
+  nsresult rv = FindPinningInformation(hostname, time, staticFingerprints);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // If we have no pinning information, the certificate chain trivially
+  // validates with respect to pinning.
+  if (!staticFingerprints) {
+    chainHasValidPins = true;
+    return NS_OK;
+  }
+  if (staticFingerprints) {
+    bool enforceTestModeResult;
+    rv = EvalChain(certList, staticFingerprints->pinset, enforceTestModeResult);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    chainHasValidPins = enforceTestModeResult;
+    if (staticFingerprints->mTestMode && !enforceTestMode) {
+      chainHasValidPins = true;
+    }
+
+    if (pinningTelemetryInfo) {
+      // If and only if a static entry is a Mozilla entry, it has a telemetry
+      // ID.
+      if ((staticFingerprints->mIsMoz &&
+           staticFingerprints->mId == kUnknownId) ||
+          (!staticFingerprints->mIsMoz &&
+           staticFingerprints->mId != kUnknownId)) {
+        return NS_ERROR_FAILURE;
+      }
+
+      Telemetry::HistogramID histogram;
+      int32_t bucket;
+      // We can collect per-host pinning violations for this host because it is
+      // operationally critical to Firefox.
+      if (staticFingerprints->mIsMoz) {
+        histogram = staticFingerprints->mTestMode
+                        ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
+                        : Telemetry::CERT_PINNING_MOZ_RESULTS_BY_HOST;
+        bucket = staticFingerprints->mId * 2 + (enforceTestModeResult ? 1 : 0);
+      } else {
+        histogram = staticFingerprints->mTestMode
+                        ? Telemetry::CERT_PINNING_TEST_RESULTS
+                        : Telemetry::CERT_PINNING_RESULTS;
+        bucket = enforceTestModeResult ? 1 : 0;
+      }
+      pinningTelemetryInfo->accumulateResult = true;
+      pinningTelemetryInfo->certPinningResultHistogram = Some(histogram);
+      pinningTelemetryInfo->certPinningResultBucket = bucket;
+
+      // We only collect per-CA pinning statistics upon failures.
+      if (!enforceTestModeResult) {
+        int32_t binNumber = RootCABinNumber(certList.LastElement());
+        if (binNumber != ROOT_CERTIFICATE_UNKNOWN) {
+          pinningTelemetryInfo->accumulateForRoot = true;
+          pinningTelemetryInfo->rootBucket = binNumber;
+        }
+      }
+    }
+
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+            ("pkpin: Pin check %s for %s host '%s' (mode=%s)\n",
+             enforceTestModeResult ? "passed" : "failed",
+             staticFingerprints->mIsMoz ? "mozilla" : "non-mozilla", hostname,
+             staticFingerprints->mTestMode ? "test" : "production"));
+  }
+
+  return NS_OK;
+}
+
+nsresult PublicKeyPinningService::ChainHasValidPins(
+    const nsTArray<Span<const uint8_t>>& certList, const char* hostname,
+    mozilla::pkix::Time time, bool isBuiltInRoot,
+    /*out*/ bool& chainHasValidPins,
+    /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo) {
+  PinningMode pinningMode(GetPinningMode());
+  if (pinningMode == PinningMode::Disabled ||
+      (!isBuiltInRoot && pinningMode == PinningMode::AllowUserCAMITM)) {
+    chainHasValidPins = true;
+    return NS_OK;
+  }
+
+  chainHasValidPins = false;
+  if (certList.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
+  bool enforceTestMode = pinningMode == PinningMode::EnforceTestMode;
+  return CheckPinsForHostname(certList, canonicalizedHostname.get(),
+                              enforceTestMode, time, chainHasValidPins,
+                              pinningTelemetryInfo);
+}
+
+NS_IMETHODIMP
+PublicKeyPinningService::HostHasPins(nsIURI* aURI, bool* hostHasPins) {
+  NS_ENSURE_ARG(aURI);
+  NS_ENSURE_ARG(hostHasPins);
+  *hostHasPins = false;
+  PinningMode pinningMode(GetPinningMode());
+  if (pinningMode == PinningMode::Disabled) {
+    return NS_OK;
+  }
+  nsAutoCString hostname;
+  nsresult rv = nsSiteSecurityService::GetHost(aURI, hostname);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (nsSiteSecurityService::HostIsIPAddress(hostname)) {
+    return NS_OK;
+  }
+
+  const TransportSecurityPreload* staticFingerprints = nullptr;
+  rv = FindPinningInformation(hostname.get(), Now(), staticFingerprints);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (staticFingerprints) {
+    *hostHasPins = !staticFingerprints->mTestMode ||
+                   pinningMode == PinningMode::EnforceTestMode;
+  }
+  return NS_OK;
+}
+
+nsAutoCString PublicKeyPinningService::CanonicalizeHostname(
+    const char* hostname) {
+  nsAutoCString canonicalizedHostname(hostname);
+  ToLowerCase(canonicalizedHostname);
+  while (canonicalizedHostname.Length() > 0 &&
+         canonicalizedHostname.Last() == '.') {
+    canonicalizedHostname.Truncate(canonicalizedHostname.Length() - 1);
+  }
+  return canonicalizedHostname;
+}
diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h
new file mode 100644
index 0000000000..46bcf01d18
--- /dev/null
+++ b/security/manager/ssl/PublicKeyPinningService.h
@@ -0,0 +1,54 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PublicKeyPinningService_h
+#define PublicKeyPinningService_h
+
+#include "CertVerifier.h"
+#include "nsIPublicKeyPinningService.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "mozilla/Span.h"
+#include "mozpkix/Time.h"
+
+namespace mozilla {
+namespace psm {
+
+class PublicKeyPinningService final : public nsIPublicKeyPinningService {
+ public:
+  PublicKeyPinningService() = default;
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIPUBLICKEYPINNINGSERVICE
+
+  /**
+   * Sets chainHasValidPins to true if the given (host, certList) passes pinning
+   * checks, or to false otherwise. If the host is pinned, returns true via
+   * chainHasValidPins if one of the keys in the given certificate chain matches
+   * the pin set specified by the hostname. The certList's head is the EE cert
+   * and the tail is the trust anchor.
+   * Note: if an alt name is a wildcard, it won't necessarily find a pinset
+   * that would otherwise be valid for it
+   */
+  static nsresult ChainHasValidPins(
+      const nsTArray<Span<const uint8_t>>& certList, const char* hostname,
+      mozilla::pkix::Time time, bool isBuiltInRoot,
+      /*out*/ bool& chainHasValidPins,
+      /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo);
+
+  /**
+   * Given a hostname of potentially mixed case with potentially multiple
+   * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no
+   * trailing '.'.
+   */
+  static nsAutoCString CanonicalizeHostname(const char* hostname);
+
+ private:
+  ~PublicKeyPinningService() = default;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // PublicKeyPinningService_h
diff --git a/security/manager/ssl/PublicSSL.h b/security/manager/ssl/PublicSSL.h
new file mode 100644
index 0000000000..06a67fac5f
--- /dev/null
+++ b/security/manager/ssl/PublicSSL.h
@@ -0,0 +1,24 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_SSL_h
+#define mozilla_SSL_h
+
+namespace mozilla {
+
+void ClearPrivateSSLState();
+
+namespace psm {
+
+void InitializeSSLServerCertVerificationThreads();
+void StopSSLServerCertVerificationThreads();
+void DisableMD5();
+nsresult InitializeCipherSuite();
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/RemoteSecuritySettings.sys.mjs b/security/manager/ssl/RemoteSecuritySettings.sys.mjs
new file mode 100644
index 0000000000..311833a995
--- /dev/null
+++ b/security/manager/ssl/RemoteSecuritySettings.sys.mjs
@@ -0,0 +1,710 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { RemoteSettings } from "resource://services-settings/remote-settings.sys.mjs";
+import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
+
+import { X509 } from "resource://gre/modules/psm/X509.sys.mjs";
+
+const SECURITY_STATE_BUCKET = "security-state";
+const SECURITY_STATE_SIGNER = "onecrl.content-signature.mozilla.org";
+
+const INTERMEDIATES_DL_PER_POLL_PREF =
+  "security.remote_settings.intermediates.downloads_per_poll";
+const INTERMEDIATES_DL_PARALLEL_REQUESTS =
+  "security.remote_settings.intermediates.parallel_downloads";
+const INTERMEDIATES_ENABLED_PREF =
+  "security.remote_settings.intermediates.enabled";
+const LOGLEVEL_PREF = "browser.policies.loglevel";
+
+const CRLITE_FILTERS_ENABLED_PREF =
+  "security.remote_settings.crlite_filters.enabled";
+
+const lazy = {};
+
+XPCOMUtils.defineLazyGetter(lazy, "gTextDecoder", () => new TextDecoder());
+
+XPCOMUtils.defineLazyGetter(lazy, "log", () => {
+  let { ConsoleAPI } = ChromeUtils.importESModule(
+    "resource://gre/modules/Console.sys.mjs"
+  );
+  return new ConsoleAPI({
+    prefix: "RemoteSecuritySettings.jsm",
+    // tip: set maxLogLevel to "debug" and use log.debug() to create detailed
+    // messages during development. See LOG_LEVELS in Console.sys.mjs for details.
+    maxLogLevel: "error",
+    maxLogLevelPref: LOGLEVEL_PREF,
+  });
+});
+
+// Converts a JS string to an array of bytes consisting of the char code at each
+// index in the string.
+function stringToBytes(s) {
+  let b = [];
+  for (let i = 0; i < s.length; i++) {
+    b.push(s.charCodeAt(i));
+  }
+  return b;
+}
+
+// Converts an array of bytes to a JS string using fromCharCode on each byte.
+function bytesToString(bytes) {
+  if (bytes.length > 65535) {
+    throw new Error("input too long for bytesToString");
+  }
+  return String.fromCharCode.apply(null, bytes);
+}
+
+class CRLiteCoverage {
+  constructor(b64LogID, minTimestamp, maxTimestamp) {
+    this.b64LogID = b64LogID;
+    this.minTimestamp = minTimestamp;
+    this.maxTimestamp = maxTimestamp;
+  }
+}
+CRLiteCoverage.prototype.QueryInterface = ChromeUtils.generateQI([
+  "nsICRLiteCoverage",
+]);
+
+class CertInfo {
+  constructor(cert, subject) {
+    this.cert = cert;
+    this.subject = subject;
+    this.trust = Ci.nsICertStorage.TRUST_INHERIT;
+  }
+}
+CertInfo.prototype.QueryInterface = ChromeUtils.generateQI(["nsICertInfo"]);
+
+class RevocationState {
+  constructor(state) {
+    this.state = state;
+  }
+}
+
+class IssuerAndSerialRevocationState extends RevocationState {
+  constructor(issuer, serial, state) {
+    super(state);
+    this.issuer = issuer;
+    this.serial = serial;
+  }
+}
+IssuerAndSerialRevocationState.prototype.QueryInterface =
+  ChromeUtils.generateQI(["nsIIssuerAndSerialRevocationState"]);
+
+class SubjectAndPubKeyRevocationState extends RevocationState {
+  constructor(subject, pubKey, state) {
+    super(state);
+    this.subject = subject;
+    this.pubKey = pubKey;
+  }
+}
+SubjectAndPubKeyRevocationState.prototype.QueryInterface =
+  ChromeUtils.generateQI(["nsISubjectAndPubKeyRevocationState"]);
+
+function setRevocations(certStorage, revocations) {
+  return new Promise(resolve =>
+    certStorage.setRevocations(revocations, resolve)
+  );
+}
+
+/**
+ * Helper function that returns a promise that will resolve with whether or not
+ * the nsICertStorage implementation has prior data of the given type.
+ *
+ * @param {Integer} dataType a Ci.nsICertStorage.DATA_TYPE_* constant
+ *                           indicating the type of data
+
+ * @returns {Promise} a promise that will resolve with true if the data type is
+ *                   present
+ */
+function hasPriorData(dataType) {
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+  return new Promise(resolve => {
+    certStorage.hasPriorData(dataType, (rv, hasPriorData) => {
+      if (rv == Cr.NS_OK) {
+        resolve(hasPriorData);
+      } else {
+        // If calling hasPriorData failed, assume we need to reload everything
+        // (even though it's unlikely doing so will succeed).
+        resolve(false);
+      }
+    });
+  });
+}
+
+/**
+ * Revoke the appropriate certificates based on the records from the blocklist.
+ *
+ * @param {object} options
+ * @param {object} options.data Current records in the local db.
+ * @param {Array} options.data.current
+ * @param {Array} options.data.created
+ * @param {Array} options.data.updated
+ * @param {Array} options.data.deleted
+ */
+const updateCertBlocklist = async function ({
+  data: { current, created, updated, deleted },
+}) {
+  let items = [];
+
+  // See if we have prior revocation data (this can happen when we can't open
+  // the database and we have to re-create it (see bug 1546361)).
+  let hasPriorRevocationData = await hasPriorData(
+    Ci.nsICertStorage.DATA_TYPE_REVOCATION
+  );
+
+  // If we don't have prior data, make it so we re-load everything.
+  if (!hasPriorRevocationData) {
+    deleted = [];
+    updated = [];
+    created = current;
+  }
+
+  let toDelete = deleted.concat(updated.map(u => u.old));
+  for (let item of toDelete) {
+    if (item.issuerName && item.serialNumber) {
+      items.push(
+        new IssuerAndSerialRevocationState(
+          item.issuerName,
+          item.serialNumber,
+          Ci.nsICertStorage.STATE_UNSET
+        )
+      );
+    } else if (item.subject && item.pubKeyHash) {
+      items.push(
+        new SubjectAndPubKeyRevocationState(
+          item.subject,
+          item.pubKeyHash,
+          Ci.nsICertStorage.STATE_UNSET
+        )
+      );
+    }
+  }
+
+  const toAdd = created.concat(updated.map(u => u.new));
+
+  for (let item of toAdd) {
+    if (item.issuerName && item.serialNumber) {
+      items.push(
+        new IssuerAndSerialRevocationState(
+          item.issuerName,
+          item.serialNumber,
+          Ci.nsICertStorage.STATE_ENFORCE
+        )
+      );
+    } else if (item.subject && item.pubKeyHash) {
+      items.push(
+        new SubjectAndPubKeyRevocationState(
+          item.subject,
+          item.pubKeyHash,
+          Ci.nsICertStorage.STATE_ENFORCE
+        )
+      );
+    }
+  }
+
+  try {
+    const certList = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    await setRevocations(certList, items);
+  } catch (e) {
+    lazy.log.error(e);
+  }
+};
+
+export var RemoteSecuritySettings = {
+  _initialized: false,
+  OneCRLBlocklistClient: null,
+  IntermediatePreloadsClient: null,
+  CRLiteFiltersClient: null,
+
+  /**
+   * Initialize the clients (cheap instantiation) and setup their sync event.
+   * This static method is called from BrowserGlue.sys.mjs soon after startup.
+   *
+   * @returns {object} instantiated clients for security remote settings.
+   */
+  init() {
+    // Avoid repeated initialization (work-around for bug 1730026).
+    if (this._initialized) {
+      return this;
+    }
+    this._initialized = true;
+
+    this.OneCRLBlocklistClient = RemoteSettings("onecrl", {
+      bucketName: SECURITY_STATE_BUCKET,
+      signerName: SECURITY_STATE_SIGNER,
+    });
+    this.OneCRLBlocklistClient.on("sync", updateCertBlocklist);
+
+    this.IntermediatePreloadsClient = new IntermediatePreloads();
+
+    this.CRLiteFiltersClient = new CRLiteFilters();
+    this.CRLiteFiltersClient.cleanAttachmentCache();
+
+    return this;
+  },
+};
+
+class IntermediatePreloads {
+  constructor() {
+    this.client = RemoteSettings("intermediates", {
+      bucketName: SECURITY_STATE_BUCKET,
+      signerName: SECURITY_STATE_SIGNER,
+      localFields: ["cert_import_complete"],
+    });
+
+    this.client.on("sync", this.onSync.bind(this));
+    Services.obs.addObserver(
+      this.onObservePollEnd.bind(this),
+      "remote-settings:changes-poll-end"
+    );
+
+    lazy.log.debug("Intermediate Preloading: constructor");
+  }
+
+  async updatePreloadedIntermediates() {
+    if (!Services.prefs.getBoolPref(INTERMEDIATES_ENABLED_PREF, true)) {
+      lazy.log.debug("Intermediate Preloading is disabled");
+      Services.obs.notifyObservers(
+        null,
+        "remote-security-settings:intermediates-updated",
+        "disabled"
+      );
+      return;
+    }
+
+    // Download attachments that are awaiting download, up to a max.
+    const maxDownloadsPerRun = Services.prefs.getIntPref(
+      INTERMEDIATES_DL_PER_POLL_PREF,
+      100
+    );
+    const parallelDownloads = Services.prefs.getIntPref(
+      INTERMEDIATES_DL_PARALLEL_REQUESTS,
+      8
+    );
+
+    // Bug 1519256: Move this to a separate method that's on a separate timer
+    // with a higher frequency (so we can attempt to download outstanding
+    // certs more than once daily)
+
+    // See if we have prior cert data (this can happen when we can't open the database and we
+    // have to re-create it (see bug 1546361)).
+    let hasPriorCertData = await hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CERTIFICATE
+    );
+    // If we don't have prior data, make it so we re-load everything.
+    if (!hasPriorCertData) {
+      let current;
+      try {
+        current = await this.client.db.list();
+      } catch (err) {
+        lazy.log.warn(
+          `Unable to list intermediate preloading collection: ${err}`
+        );
+        return;
+      }
+      const toReset = current.filter(record => record.cert_import_complete);
+      try {
+        await this.client.db.importChanges(
+          undefined, // do not touch metadata.
+          undefined, // do not touch collection timestamp.
+          toReset.map(r => ({ ...r, cert_import_complete: false }))
+        );
+      } catch (err) {
+        lazy.log.warn(
+          `Unable to update intermediate preloading collection: ${err}`
+        );
+        return;
+      }
+    }
+    let current;
+    try {
+      current = await this.client.db.list();
+    } catch (err) {
+      lazy.log.warn(
+        `Unable to list intermediate preloading collection: ${err}`
+      );
+      return;
+    }
+    const waiting = current.filter(record => !record.cert_import_complete);
+
+    lazy.log.debug(
+      `There are ${waiting.length} intermediates awaiting download.`
+    );
+    if (!waiting.length) {
+      // Nothing to do.
+      Services.obs.notifyObservers(
+        null,
+        "remote-security-settings:intermediates-updated",
+        "success"
+      );
+      return;
+    }
+
+    let toDownload = waiting.slice(0, maxDownloadsPerRun);
+    let recordsCertsAndSubjects = [];
+    for (let i = 0; i < toDownload.length; i += parallelDownloads) {
+      const chunk = toDownload.slice(i, i + parallelDownloads);
+      const downloaded = await Promise.all(
+        chunk.map(record => this.maybeDownloadAttachment(record))
+      );
+      recordsCertsAndSubjects = recordsCertsAndSubjects.concat(downloaded);
+    }
+
+    let certInfos = [];
+    let recordsToUpdate = [];
+    for (let { record, cert, subject } of recordsCertsAndSubjects) {
+      if (cert && subject) {
+        certInfos.push(new CertInfo(cert, subject));
+        recordsToUpdate.push(record);
+      }
+    }
+    const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    let result = await new Promise(resolve => {
+      certStorage.addCerts(certInfos, resolve);
+    }).catch(err => err);
+    if (result != Cr.NS_OK) {
+      lazy.log.error(`certStorage.addCerts failed: ${result}`);
+      return;
+    }
+    try {
+      await this.client.db.importChanges(
+        undefined, // do not touch metadata.
+        undefined, // do not touch collection timestamp.
+        recordsToUpdate.map(r => ({ ...r, cert_import_complete: true }))
+      );
+    } catch (err) {
+      lazy.log.warn(
+        `Unable to update intermediate preloading collection: ${err}`
+      );
+      return;
+    }
+
+    Services.obs.notifyObservers(
+      null,
+      "remote-security-settings:intermediates-updated",
+      "success"
+    );
+  }
+
+  async onObservePollEnd(subject, topic, data) {
+    lazy.log.debug(`onObservePollEnd ${subject} ${topic}`);
+
+    try {
+      await this.updatePreloadedIntermediates();
+    } catch (err) {
+      lazy.log.warn(`Unable to update intermediate preloads: ${err}`);
+    }
+  }
+
+  // This method returns a promise to RemoteSettingsClient.maybeSync method.
+  async onSync({ data: { current, created, updated, deleted } }) {
+    if (!Services.prefs.getBoolPref(INTERMEDIATES_ENABLED_PREF, true)) {
+      lazy.log.debug("Intermediate Preloading is disabled");
+      return;
+    }
+
+    lazy.log.debug(`Removing ${deleted.length} Intermediate certificates`);
+    await this.removeCerts(deleted);
+  }
+
+  /**
+   * Attempts to download the attachment, assuming it's not been processed
+   * already. Does not retry, and always resolves (e.g., does not reject upon
+   * failure.) Errors are reported via console.error.
+   *
+   * @param  {AttachmentRecord} record defines which data to obtain
+   * @returns {Promise}          a Promise that will resolve to an object with the properties
+   *                            record, cert, and subject. record is the original record.
+   *                            cert is the base64-encoded bytes of the downloaded certificate (if
+   *                            downloading was successful), and null otherwise.
+   *                            subject is the base64-encoded bytes of the subject distinguished
+   *                            name of the same.
+   */
+  async maybeDownloadAttachment(record) {
+    let result = { record, cert: null, subject: null };
+
+    let dataAsString = null;
+    try {
+      let buffer = await this.client.attachments.downloadAsBytes(record, {
+        retries: 0,
+      });
+      dataAsString = lazy.gTextDecoder.decode(new Uint8Array(buffer));
+    } catch (err) {
+      if (err.name == "BadContentError") {
+        lazy.log.debug(`Bad attachment content.`);
+      } else {
+        lazy.log.error(`Failed to download attachment: ${err}`);
+      }
+      return result;
+    }
+
+    let certBase64;
+    let subjectBase64;
+    try {
+      // split off the header and footer
+      certBase64 = dataAsString.split("-----")[2].replace(/\s/g, "");
+      // get an array of bytes so we can use X509.jsm
+      let certBytes = stringToBytes(atob(certBase64));
+      let cert = new X509.Certificate();
+      cert.parse(certBytes);
+      // get the DER-encoded subject and get a base64-encoded string from it
+      // TODO(bug 1542028): add getters for _der and _bytes
+      subjectBase64 = btoa(
+        bytesToString(cert.tbsCertificate.subject._der._bytes)
+      );
+    } catch (err) {
+      lazy.log.error(`Failed to decode cert: ${err}`);
+      return result;
+    }
+    result.cert = certBase64;
+    result.subject = subjectBase64;
+    return result;
+  }
+
+  async maybeSync(expectedTimestamp, options) {
+    return this.client.maybeSync(expectedTimestamp, options);
+  }
+
+  async removeCerts(recordsToRemove) {
+    let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    let hashes = recordsToRemove.map(record => record.derHash);
+    let result = await new Promise(resolve => {
+      certStorage.removeCertsByHashes(hashes, resolve);
+    }).catch(err => err);
+    if (result != Cr.NS_OK) {
+      lazy.log.error(`Failed to remove some intermediate certificates`);
+    }
+  }
+}
+
+// Helper function to compare filters. One filter is "less than" another filter (i.e. it sorts
+// earlier) if its timestamp is farther in the past than the other.
+function compareFilters(filterA, filterB) {
+  return filterA.effectiveTimestamp - filterB.effectiveTimestamp;
+}
+
+class CRLiteFilters {
+  constructor() {
+    this.client = RemoteSettings("cert-revocations", {
+      bucketName: SECURITY_STATE_BUCKET,
+      signerName: SECURITY_STATE_SIGNER,
+      localFields: ["loaded_into_cert_storage"],
+    });
+
+    Services.obs.addObserver(
+      this.onObservePollEnd.bind(this),
+      "remote-settings:changes-poll-end"
+    );
+  }
+
+  async cleanAttachmentCache() {
+    // Bug 1795710 - misuse of Remote Settings `downloadToDisk` caused us to
+    // keep filters and stashes on disk indefinitely. We're no longer caching
+    // these downloads, so if there are any filters still in the cache they can
+    // be removed.
+    let cachePath = PathUtils.join(
+      PathUtils.localProfileDir,
+      ...this.client.attachments.folders
+    );
+
+    try {
+      let needCleanup = await IOUtils.exists(cachePath);
+      if (needCleanup) {
+        let cacheFiles = await IOUtils.getChildren(cachePath);
+        let staleFilters = cacheFiles.filter(
+          path => path.endsWith("filter") || path.endsWith("filter.stash")
+        );
+        if (cacheFiles.length == staleFilters.length) {
+          // Expected case. No files other than filters, we can remove the
+          // entire directory
+          await IOUtils.remove(cachePath, { recursive: true });
+        } else {
+          for (let filter of staleFilters) {
+            await IOUtils.remove(filter);
+          }
+        }
+      }
+    } catch (e) {
+      lazy.log.error("Could not clean cert-revocations attachment cache", e);
+    }
+  }
+
+  async onObservePollEnd(subject, topic, data) {
+    if (!Services.prefs.getBoolPref(CRLITE_FILTERS_ENABLED_PREF, true)) {
+      lazy.log.debug("CRLite filter downloading is disabled");
+      Services.obs.notifyObservers(
+        null,
+        "remote-security-settings:crlite-filters-downloaded",
+        "disabled"
+      );
+      return;
+    }
+
+    let hasPriorFilter = await hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_FULL
+    );
+    if (!hasPriorFilter) {
+      let current = await this.client.db.list();
+      let toReset = current.filter(
+        record => !record.incremental && record.loaded_into_cert_storage
+      );
+      await this.client.db.importChanges(
+        undefined, // do not touch metadata.
+        undefined, // do not touch collection timestamp.
+        toReset.map(r => ({ ...r, loaded_into_cert_storage: false }))
+      );
+    }
+    let hasPriorStash = await hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_INCREMENTAL
+    );
+    if (!hasPriorStash) {
+      let current = await this.client.db.list();
+      let toReset = current.filter(
+        record => record.incremental && record.loaded_into_cert_storage
+      );
+      await this.client.db.importChanges(
+        undefined, // do not touch metadata.
+        undefined, // do not touch collection timestamp.
+        toReset.map(r => ({ ...r, loaded_into_cert_storage: false }))
+      );
+    }
+
+    let current = await this.client.db.list();
+    let fullFilters = current.filter(filter => !filter.incremental);
+    if (fullFilters.length < 1) {
+      lazy.log.debug("no full CRLite filters to download?");
+      Services.obs.notifyObservers(
+        null,
+        "remote-security-settings:crlite-filters-downloaded",
+        "unavailable"
+      );
+      return;
+    }
+    fullFilters.sort(compareFilters);
+    lazy.log.debug("fullFilters:", fullFilters);
+    let fullFilter = fullFilters.pop(); // the most recent filter sorts last
+    let incrementalFilters = current.filter(
+      filter =>
+        // Return incremental filters that are more recent than (i.e. sort later than) the full
+        // filter.
+        filter.incremental && compareFilters(filter, fullFilter) > 0
+    );
+    incrementalFilters.sort(compareFilters);
+    // Map of id to filter where that filter's parent has the given id.
+    let parentIdMap = {};
+    for (let filter of incrementalFilters) {
+      if (filter.parent in parentIdMap) {
+        lazy.log.debug(`filter with parent id ${filter.parent} already seen?`);
+      } else {
+        parentIdMap[filter.parent] = filter;
+      }
+    }
+    let filtersToDownload = [];
+    let nextFilter = fullFilter;
+    while (nextFilter) {
+      filtersToDownload.push(nextFilter);
+      nextFilter = parentIdMap[nextFilter.id];
+    }
+    const certList = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    filtersToDownload = filtersToDownload.filter(
+      filter => !filter.loaded_into_cert_storage
+    );
+    lazy.log.debug("filtersToDownload:", filtersToDownload);
+    let filtersDownloaded = [];
+    for (let filter of filtersToDownload) {
+      try {
+        let attachment = await this.client.attachments.downloadAsBytes(filter);
+        let bytes = new Uint8Array(attachment);
+        lazy.log.debug(
+          `Downloaded ${filter.details.name}: ${bytes.length} bytes`
+        );
+        filter.bytes = bytes;
+        filtersDownloaded.push(filter);
+      } catch (e) {
+        lazy.log.error("failed to download CRLite filter", e);
+      }
+    }
+    let fullFiltersDownloaded = filtersDownloaded.filter(
+      filter => !filter.incremental
+    );
+    if (fullFiltersDownloaded.length) {
+      if (fullFiltersDownloaded.length > 1) {
+        lazy.log.warn("trying to install more than one full CRLite filter?");
+      }
+      let filter = fullFiltersDownloaded[0];
+
+      let coverage = [];
+      if (filter.coverage) {
+        for (let entry of filter.coverage) {
+          coverage.push(
+            new CRLiteCoverage(
+              entry.logID,
+              entry.minTimestamp,
+              entry.maxTimestamp
+            )
+          );
+        }
+      }
+      let enrollment = filter.enrolledIssuers ? filter.enrolledIssuers : [];
+
+      await new Promise(resolve => {
+        certList.setFullCRLiteFilter(filter.bytes, enrollment, coverage, rv => {
+          lazy.log.debug(`setFullCRLiteFilter: ${rv}`);
+          resolve();
+        });
+      });
+    }
+    let stashes = filtersDownloaded.filter(filter => filter.incremental);
+    let totalLength = stashes.reduce(
+      (sum, filter) => sum + filter.bytes.length,
+      0
+    );
+    let concatenatedStashes = new Uint8Array(totalLength);
+    let offset = 0;
+    for (let filter of stashes) {
+      concatenatedStashes.set(filter.bytes, offset);
+      offset += filter.bytes.length;
+    }
+    if (concatenatedStashes.length) {
+      lazy.log.debug(
+        `adding concatenated incremental updates of total length ${concatenatedStashes.length}`
+      );
+      await new Promise(resolve => {
+        certList.addCRLiteStash(concatenatedStashes, rv => {
+          lazy.log.debug(`addCRLiteStash: ${rv}`);
+          resolve();
+        });
+      });
+    }
+
+    for (let filter of filtersDownloaded) {
+      delete filter.bytes;
+    }
+
+    await this.client.db.importChanges(
+      undefined, // do not touch metadata.
+      undefined, // do not touch collection timestamp.
+      filtersDownloaded.map(r => ({ ...r, loaded_into_cert_storage: true }))
+    );
+
+    Services.obs.notifyObservers(
+      null,
+      "remote-security-settings:crlite-filters-downloaded",
+      `finished;${filtersDownloaded
+        .map(filter => filter.details.name)
+        .join(",")}`
+    );
+  }
+}
diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.cpp b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
new file mode 100644
index 0000000000..d6bd54d741
--- /dev/null
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
@@ -0,0 +1,139 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "RootCertificateTelemetryUtils.h"
+
+#include "RootHashes.inc"  // Note: Generated by genRootCAHashes.js
+#include "ScopedNSSTypes.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Logging.h"
+#include "nsINSSComponent.h"
+#include "nsNSSCertHelper.h"
+#include "nsServiceManagerUtils.h"
+#include "pk11pub.h"
+
+namespace mozilla {
+namespace psm {
+
+mozilla::LazyLogModule gPublicKeyPinningTelemetryLog(
+    "PublicKeyPinningTelemetryService");
+
+// Used in the BinarySearch method, this does a memcmp between the pointer
+// provided to its construtor and whatever the binary search is looking for.
+//
+// This implementation assumes everything to be of HASH_LEN, so it should not
+// be used generically.
+class BinaryHashSearchArrayComparator {
+ public:
+  explicit BinaryHashSearchArrayComparator(const uint8_t* aTarget, size_t len)
+      : mTarget(aTarget) {
+    MOZ_ASSERT(len == HASH_LEN, "Hashes should be of the same length.");
+  }
+
+  int operator()(const CertAuthorityHash val) const {
+    return memcmp(mTarget, val.hash, HASH_LEN);
+  }
+
+ private:
+  const uint8_t* mTarget;
+};
+
+// Perform a hash of the provided cert, then search in the RootHashes.inc data
+// structure for a matching bin number.
+// If no matching root is found, this may be a CA from the softoken (cert9.db),
+// it may be a CA from an external PKCS#11 token, or it may be a CA from OS
+// storage (Enterprise Root).
+// See also the constants in RootCertificateTelemetryUtils.h.
+int32_t RootCABinNumber(Span<const uint8_t> cert) {
+  nsTArray<uint8_t> digestArray;
+
+  // Compute SHA256 hash of the certificate
+  nsresult rv = Digest::DigestBuf(SEC_OID_SHA256, cert, digestArray);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return ROOT_CERTIFICATE_HASH_FAILURE;
+  }
+
+  // Compare against list of stored hashes
+  size_t idx;
+
+  MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
+          ("pkpinTelem: First bytes %02x %02x %02x %02x\n",
+           digestArray.ElementAt(0), digestArray.ElementAt(1),
+           digestArray.ElementAt(2), digestArray.ElementAt(3)));
+
+  if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE),
+                              BinaryHashSearchArrayComparator(
+                                  digestArray.Elements(), digestArray.Length()),
+                              &idx)) {
+    MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
+            ("pkpinTelem: Telemetry index was %zu, bin is %d\n", idx,
+             ROOT_TABLE[idx].binNumber));
+    return (int32_t)ROOT_TABLE[idx].binNumber;
+  }
+
+  // Didn't find this certificate in the built-in list. It may be an enterprise
+  // root (gathered from the OS) or it may be from the softoken or an external
+  // PKCS#11 token.
+  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (!component) {
+    return ROOT_CERTIFICATE_UNKNOWN;
+  }
+  nsTArray<nsTArray<uint8_t>> enterpriseRoots;
+  rv = component->GetEnterpriseRoots(enterpriseRoots);
+  if (NS_FAILED(rv)) {
+    return ROOT_CERTIFICATE_UNKNOWN;
+  }
+  for (const auto& enterpriseRoot : enterpriseRoots) {
+    if (enterpriseRoot.Length() == cert.size() &&
+        memcmp(enterpriseRoot.Elements(), cert.data(),
+               enterpriseRoot.Length()) == 0) {
+      return ROOT_CERTIFICATE_ENTERPRISE_ROOT;
+    }
+  }
+
+  SECItem certItem = {siBuffer, const_cast<uint8_t*>(cert.data()),
+                      static_cast<unsigned int>(cert.size())};
+  UniquePK11SlotInfo softokenSlot(PK11_GetInternalKeySlot());
+  if (!softokenSlot) {
+    return ROOT_CERTIFICATE_UNKNOWN;
+  }
+  CK_OBJECT_HANDLE softokenCertHandle =
+      PK11_FindEncodedCertInSlot(softokenSlot.get(), &certItem, nullptr);
+  if (softokenCertHandle != CK_INVALID_HANDLE) {
+    return ROOT_CERTIFICATE_SOFTOKEN;
+  }
+  // In theory this should never find the certificate in the root module,
+  // because then it should have already matched our built-in list. This is
+  // here as a backstop to catch situations where a built-in root was added but
+  // the built-in telemetry information was not updated.
+  UniqueSECMODModule rootsModule(SECMOD_FindModule(kRootModuleName));
+  AutoSECMODListReadLock secmodLock;
+  if (!rootsModule || rootsModule->slotCount != 1) {
+    return ROOT_CERTIFICATE_UNKNOWN;
+  }
+  CK_OBJECT_HANDLE builtinCertHandle =
+      PK11_FindEncodedCertInSlot(rootsModule->slots[0], &certItem, nullptr);
+  if (builtinCertHandle == CK_INVALID_HANDLE) {
+    return ROOT_CERTIFICATE_EXTERNAL_TOKEN;
+  }
+
+  // We have no idea what this is.
+  return ROOT_CERTIFICATE_UNKNOWN;
+}
+
+// Attempt to increment the appropriate bin in the provided Telemetry probe ID.
+// If there was a hash failure, we do nothing.
+void AccumulateTelemetryForRootCA(mozilla::Telemetry::HistogramID probe,
+                                  const Span<const uint8_t> cert) {
+  int32_t binId = RootCABinNumber(cert);
+
+  if (binId != ROOT_CERTIFICATE_HASH_FAILURE) {
+    Accumulate(probe, binId);
+  }
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.h b/security/manager/ssl/RootCertificateTelemetryUtils.h
new file mode 100644
index 0000000000..01d033ec59
--- /dev/null
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.h
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef RootCertificateTelemetryUtils_h
+#define RootCertificateTelemetryUtils_h
+
+#include "mozilla/Span.h"
+#include "mozilla/Telemetry.h"
+
+namespace mozilla {
+namespace psm {
+
+// Note: New CAs will show up as UNKNOWN_ROOT until
+// RootHashes.inc is updated to include them. 0 is reserved by
+// genRootCAHashes.js for the unknowns.
+#define ROOT_CERTIFICATE_UNKNOWN 0
+// 1 indicates the CA is not a built-in and comes from the softoken (cert9.db)
+#define ROOT_CERTIFICATE_SOFTOKEN 1
+// 2 indicates the CA is not a bilt-in and comes from an external PKCS#11 token
+#define ROOT_CERTIFICATE_EXTERNAL_TOKEN 2
+// 3 indicates the CA is not a built-in and comes from the OS via the
+// "Enterprise Roots" feature
+#define ROOT_CERTIFICATE_ENTERPRISE_ROOT 3
+#define ROOT_CERTIFICATE_HASH_FAILURE -1
+
+int32_t RootCABinNumber(Span<const uint8_t> cert);
+
+void AccumulateTelemetryForRootCA(mozilla::Telemetry::HistogramID probe,
+                                  const Span<const uint8_t> cert);
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // RootCertificateTelemetryUtils_h
diff --git a/security/manager/ssl/RootHashes.inc b/security/manager/ssl/RootHashes.inc
new file mode 100644
index 0000000000..9ad62e0068
--- /dev/null
+++ b/security/manager/ssl/RootHashes.inc
@@ -0,0 +1,1501 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* RootCertificateTelemetryUtils.cpp, you shouldn't be #including it.        */
+/*****************************************************************************/
+
+#define HASH_LEN 32
+struct CertAuthorityHash {
+  // See bug 1338873 about making these fields const.
+  uint8_t hash[HASH_LEN];
+  int32_t binNumber;
+};
+
+static const struct CertAuthorityHash ROOT_TABLE[] = {
+  {
+    /* DigiCert_TLS_ECC_P384_Root_G5 */
+    { 0x01, 0x8E, 0x13, 0xF0, 0x77, 0x25, 0x32, 0xCF, 0x80, 0x9B, 0xD1, 0xB1, 0x72, 0x81, 0x86, 0x72,
+      0x83, 0xFC, 0x48, 0xC6, 0xE1, 0x3B, 0xE9, 0xC6, 0x98, 0x12, 0x85, 0x4A, 0x49, 0x0C, 0x1B, 0x05 },
+      243 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority___EC1 */
+    { 0x02, 0xED, 0x0E, 0xB2, 0x8C, 0x14, 0xDA, 0x45, 0x16, 0x5C, 0x56, 0x67, 0x91, 0x70, 0x0D, 0x64,
+      0x51, 0xD7, 0xFB, 0x56, 0xF0, 0xB2, 0xAB, 0x1D, 0x3B, 0x8E, 0xB0, 0x70, 0xE5, 0x6E, 0xDF, 0xF5 },
+      164 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Commercial */
+    { 0x03, 0x76, 0xAB, 0x1D, 0x54, 0xC5, 0xF9, 0x80, 0x3C, 0xE4, 0xB2, 0xE2, 0x01, 0xA0, 0xEE, 0x7E,
+      0xEF, 0x7B, 0x57, 0xB6, 0x36, 0xE8, 0xA9, 0x3C, 0x9B, 0x8D, 0x48, 0x60, 0xC9, 0x6F, 0x5F, 0xA7 },
+      109 /* Bin Number */
+  },
+  {
+    /* ACEDICOM_Root */
+    { 0x03, 0x95, 0x0F, 0xB4, 0x9A, 0x53, 0x1F, 0x3E, 0x19, 0x91, 0x94, 0x23, 0x98, 0xDF, 0xA9, 0xE0,
+      0xEA, 0x32, 0xD7, 0xBA, 0x1C, 0xDD, 0x9B, 0xC8, 0x5D, 0xB5, 0x7E, 0xD9, 0x40, 0x0B, 0x43, 0x4A },
+      98 /* Bin Number */
+  },
+  {
+    /* Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068 */
+    { 0x04, 0x04, 0x80, 0x28, 0xBF, 0x1F, 0x28, 0x64, 0xD4, 0x8F, 0x9A, 0xD4, 0xD8, 0x32, 0x94, 0x36,
+      0x6A, 0x82, 0x88, 0x56, 0x55, 0x3F, 0x3B, 0x14, 0x30, 0x3F, 0x90, 0x14, 0x7F, 0x5D, 0x40, 0xEF },
+      102 /* Bin Number */
+  },
+  {
+    /* Chambers_of_Commerce_Root___2008 */
+    { 0x06, 0x3E, 0x4A, 0xFA, 0xC4, 0x91, 0xDF, 0xD3, 0x32, 0xF3, 0x08, 0x9B, 0x85, 0x42, 0xE9, 0x46,
+      0x17, 0xD8, 0x93, 0xD7, 0xFE, 0x94, 0x4E, 0x10, 0xA7, 0x93, 0x7E, 0xE2, 0x9D, 0x96, 0x93, 0xC0 },
+      104 /* Bin Number */
+  },
+  {
+    /* DST_Root_CA_X3 */
+    { 0x06, 0x87, 0x26, 0x03, 0x31, 0xA7, 0x24, 0x03, 0xD9, 0x09, 0xF1, 0x05, 0xE6, 0x9B, 0xCF, 0x0D,
+      0x32, 0xE1, 0xBD, 0x24, 0x93, 0xFF, 0xC6, 0xD9, 0x20, 0x6D, 0x11, 0xBC, 0xD6, 0x77, 0x07, 0x39 },
+      52 /* Bin Number */
+  },
+  {
+    /* TrustCor_RootCert_CA_2 */
+    { 0x07, 0x53, 0xE9, 0x40, 0x37, 0x8C, 0x1B, 0xD5, 0xE3, 0x83, 0x6E, 0x39, 0x5D, 0xAE, 0xA5, 0xCB,
+      0x83, 0x9E, 0x50, 0x46, 0xF1, 0xBD, 0x0E, 0xAE, 0x19, 0x51, 0xCF, 0x10, 0xFE, 0xC7, 0xC9, 0x65 },
+      191 /* Bin Number */
+  },
+  {
+    /* AddTrust_Public_CA_Root */
+    { 0x07, 0x91, 0xCA, 0x07, 0x49, 0xB2, 0x07, 0x82, 0xAA, 0xD3, 0xC7, 0xD7, 0xBD, 0x0C, 0xDF, 0xC9,
+      0x48, 0x58, 0x35, 0x84, 0x3E, 0xB2, 0xD7, 0x99, 0x60, 0x09, 0xCE, 0x43, 0xAB, 0x6C, 0x69, 0x27 },
+      16 /* Bin Number */
+  },
+  {
+    /* D_TRUST_EV_Root_CA_1_2020 */
+    { 0x08, 0x17, 0x0D, 0x1A, 0xA3, 0x64, 0x53, 0x90, 0x1A, 0x2F, 0x95, 0x92, 0x45, 0xE3, 0x47, 0xDB,
+      0x0C, 0x8D, 0x37, 0xAB, 0xAA, 0xBC, 0x56, 0xB8, 0x1A, 0xA1, 0x00, 0xDC, 0x95, 0x89, 0x70, 0xDB },
+      242 /* Bin Number */
+  },
+  {
+    /* OU_Equifax_Secure_Certificate_Authority_O_Equifax_C_US */
+    { 0x08, 0x29, 0x7A, 0x40, 0x47, 0xDB, 0xA2, 0x36, 0x80, 0xC7, 0x31, 0xDB, 0x6E, 0x31, 0x76, 0x53,
+      0xCA, 0x78, 0x48, 0xE1, 0xBE, 0xBD, 0x3A, 0x0B, 0x01, 0x79, 0xA7, 0x07, 0xF9, 0x2C, 0xF1, 0x78 },
+      4 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Networking */
+    { 0x0A, 0x81, 0xEC, 0x5A, 0x92, 0x97, 0x77, 0xF1, 0x45, 0x90, 0x4A, 0xF3, 0x8D, 0x5D, 0x50, 0x9F,
+      0x66, 0xB5, 0xE2, 0xC5, 0x8F, 0xCD, 0xB5, 0x31, 0x05, 0x8B, 0x0E, 0x17, 0xF3, 0xF0, 0xB4, 0x1B },
+      110 /* Bin Number */
+  },
+  {
+    /* Chambers_of_Commerce_Root */
+    { 0x0C, 0x25, 0x8A, 0x12, 0xA5, 0x67, 0x4A, 0xEF, 0x25, 0xF2, 0x8B, 0xA7, 0xDC, 0xFA, 0xEC, 0xEE,
+      0xA3, 0x48, 0xE5, 0x41, 0xE6, 0xF5, 0xCC, 0x4E, 0xE6, 0x3B, 0x71, 0xB3, 0x61, 0x60, 0x6A, 0xC3 },
+      39 /* Bin Number */
+  },
+  {
+    /* COMODO_Certification_Authority */
+    { 0x0C, 0x2C, 0xD6, 0x3D, 0xF7, 0x80, 0x6F, 0xA3, 0x99, 0xED, 0xE8, 0x09, 0x11, 0x6B, 0x57, 0x5B,
+      0xF8, 0x79, 0x89, 0xF0, 0x65, 0x18, 0xF9, 0x80, 0x8C, 0x86, 0x05, 0x03, 0x17, 0x8B, 0xAF, 0x66 },
+      63 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_2_CA_1 */
+    { 0x0F, 0x4E, 0x9C, 0xDD, 0x26, 0x4B, 0x02, 0x55, 0x50, 0xD1, 0x70, 0x80, 0x63, 0x40, 0x21, 0x4F,
+      0xE9, 0x44, 0x34, 0xC9, 0xB0, 0x2F, 0x69, 0x7E, 0xC7, 0x10, 0xFC, 0x5F, 0xEA, 0xFB, 0x5E, 0x38 },
+      80 /* Bin Number */
+  },
+  {
+    /* Class_2_Primary_CA */
+    { 0x0F, 0x99, 0x3C, 0x8A, 0xEF, 0x97, 0xBA, 0xAF, 0x56, 0x87, 0x14, 0x0E, 0xD5, 0x9A, 0xD1, 0x82,
+      0x1B, 0xB4, 0xAF, 0xAC, 0xF0, 0xAA, 0x9A, 0x58, 0xB5, 0xD5, 0x7A, 0x33, 0x8A, 0x3A, 0xFB, 0xCB },
+      51 /* Bin Number */
+  },
+  {
+    /* emSign_Root_CA___C1 */
+    { 0x12, 0x56, 0x09, 0xAA, 0x30, 0x1D, 0xA0, 0xA2, 0x49, 0xB9, 0x7A, 0x82, 0x39, 0xCB, 0x6A, 0x34,
+      0x21, 0x6F, 0x44, 0xDC, 0xAC, 0x9F, 0x39, 0x54, 0xB1, 0x42, 0x92, 0xF2, 0xE8, 0xC8, 0x60, 0x8F },
+      208 /* Bin Number */
+  },
+  {
+    /* Global_Chambersign_Root___2008 */
+    { 0x13, 0x63, 0x35, 0x43, 0x93, 0x34, 0xA7, 0x69, 0x80, 0x16, 0xA0, 0xD3, 0x24, 0xDE, 0x72, 0x28,
+      0x4E, 0x07, 0x9D, 0x7B, 0x52, 0x20, 0xBB, 0x8F, 0xBD, 0x74, 0x78, 0x16, 0xEE, 0xBE, 0xBA, 0xCA },
+      105 /* Bin Number */
+  },
+  {
+    /* OU_Starfield_Class_2_Certification_Authority_O__Starfield_Technologies__Inc___C_US */
+    { 0x14, 0x65, 0xFA, 0x20, 0x53, 0x97, 0xB8, 0x76, 0xFA, 0xA6, 0xF0, 0xA9, 0x95, 0x8E, 0x55, 0x90,
+      0xE4, 0x0F, 0xCC, 0x7F, 0xAA, 0x4F, 0xB7, 0xC2, 0xC8, 0x67, 0x75, 0x21, 0xFB, 0x5F, 0xB6, 0x58 },
+      44 /* Bin Number */
+  },
+  {
+    /* Certplus_Root_CA_G1 */
+    { 0x15, 0x2A, 0x40, 0x2B, 0xFC, 0xDF, 0x2C, 0xD5, 0x48, 0x05, 0x4D, 0x22, 0x75, 0xB3, 0x9C, 0x7F,
+      0xCA, 0x3E, 0xC0, 0x97, 0x80, 0x78, 0xB0, 0xF0, 0xEA, 0x76, 0xE5, 0x61, 0xA6, 0xC7, 0x43, 0x3E },
+      176 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R3 */
+    { 0x15, 0xD5, 0xB8, 0x77, 0x46, 0x19, 0xEA, 0x7D, 0x54, 0xCE, 0x1C, 0xA6, 0xD0, 0xB0, 0xC4, 0x03,
+      0xE0, 0x37, 0xA9, 0x17, 0xF1, 0x31, 0xE8, 0xA0, 0x4E, 0x1E, 0x6B, 0x7A, 0x71, 0xBA, 0xBC, 0xE5 },
+      201 /* Bin Number */
+  },
+  {
+    /* Network_Solutions_Certificate_Authority */
+    { 0x15, 0xF0, 0xBA, 0x00, 0xA3, 0xAC, 0x7A, 0xF3, 0xAC, 0x88, 0x4C, 0x07, 0x2B, 0x10, 0x11, 0xA0,
+      0x77, 0xBD, 0x77, 0xC0, 0x97, 0xF4, 0x01, 0x64, 0xB2, 0xF8, 0x59, 0x8A, 0xBD, 0x83, 0x86, 0x0C },
+      64 /* Bin Number */
+  },
+  {
+    /* Baltimore_CyberTrust_Root */
+    { 0x16, 0xAF, 0x57, 0xA9, 0xF6, 0x76, 0xB0, 0xAB, 0x12, 0x60, 0x95, 0xAA, 0x5E, 0xBA, 0xDE, 0xF2,
+      0x2A, 0xB3, 0x11, 0x19, 0xD6, 0x44, 0xAC, 0x95, 0xCD, 0x4B, 0x93, 0xDB, 0xF3, 0xF2, 0x6A, 0xEB },
+      11 /* Bin Number */
+  },
+  {
+    /* COMODO_ECC_Certification_Authority */
+    { 0x17, 0x93, 0x92, 0x7A, 0x06, 0x14, 0x54, 0x97, 0x89, 0xAD, 0xCE, 0x2F, 0x8F, 0x34, 0xF7, 0xF0,
+      0xB6, 0x6D, 0x0F, 0x3A, 0xE3, 0xA3, 0xB8, 0x4D, 0x21, 0xEC, 0x15, 0xDB, 0xBA, 0x4F, 0xAD, 0xC7 },
+      66 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0x17, 0x9F, 0xBC, 0x14, 0x8A, 0x3D, 0xD0, 0x0F, 0xD2, 0x4E, 0xA1, 0x34, 0x58, 0xCC, 0x43, 0xBF,
+      0xA7, 0xF5, 0x9C, 0x81, 0x82, 0xD7, 0x83, 0xA5, 0x13, 0xF6, 0xEB, 0xEC, 0x10, 0x0C, 0x89, 0x24 },
+      158 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_3 */
+    { 0x18, 0xCE, 0x6C, 0xFE, 0x7B, 0xF1, 0x4E, 0x60, 0xB2, 0xE3, 0x47, 0xB8, 0xDF, 0xE8, 0x68, 0xCB,
+      0x31, 0xD0, 0x2E, 0xBB, 0x3A, 0xDA, 0x27, 0x15, 0x69, 0xF5, 0x03, 0x43, 0xB4, 0x6D, 0xB3, 0xA4 },
+      185 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_3 */
+    { 0x18, 0xF1, 0xFC, 0x7F, 0x20, 0x5D, 0xF8, 0xAD, 0xDD, 0xEB, 0x7F, 0xE0, 0x07, 0xDD, 0x57, 0xE3,
+      0xAF, 0x37, 0x5A, 0x9C, 0x4D, 0x8D, 0x73, 0x54, 0x6B, 0xF4, 0xF1, 0xFE, 0xD1, 0xE1, 0x8D, 0x35 },
+      33 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_2 */
+    { 0x1B, 0xA5, 0xB2, 0xAA, 0x8C, 0x65, 0x40, 0x1A, 0x82, 0x96, 0x01, 0x18, 0xF8, 0x0B, 0xEC, 0x4F,
+      0x62, 0x30, 0x4D, 0x83, 0xCE, 0xC4, 0x71, 0x3A, 0x19, 0xC3, 0x9C, 0x01, 0x1E, 0xA4, 0x6D, 0xB4 },
+      184 /* Bin Number */
+  },
+  {
+    /* China_Internet_Network_Information_Center_EV_Certificates_Root */
+    { 0x1C, 0x01, 0xC6, 0xF4, 0xDB, 0xB2, 0xFE, 0xFC, 0x22, 0x55, 0x8B, 0x2B, 0xCA, 0x32, 0x56, 0x3F,
+      0x49, 0x84, 0x4A, 0xCF, 0xC3, 0x2B, 0x7B, 0xE4, 0xB0, 0xFF, 0x59, 0x9F, 0x9E, 0x8C, 0x7A, 0xF7 },
+      133 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_CA_1 */
+    { 0x21, 0xDB, 0x20, 0x12, 0x36, 0x60, 0xBB, 0x2E, 0xD4, 0x18, 0x20, 0x5D, 0xA1, 0x1E, 0xE7, 0xA8,
+      0x5A, 0x65, 0xE2, 0xBC, 0x6E, 0x55, 0xB5, 0xAF, 0x7E, 0x78, 0x99, 0xC8, 0xA2, 0x66, 0xD9, 0x2E },
+      47 /* Bin Number */
+  },
+  {
+    /* SSL_com_EV_Root_Certification_Authority_ECC */
+    { 0x22, 0xA2, 0xC1, 0xF7, 0xBD, 0xED, 0x70, 0x4C, 0xC1, 0xE7, 0x01, 0xB5, 0xF4, 0x08, 0xC3, 0x10,
+      0x88, 0x0F, 0xE9, 0x56, 0xB5, 0xDE, 0x2A, 0x4A, 0x44, 0xF9, 0x9C, 0x87, 0x3A, 0x25, 0xA7, 0xC8 },
+      196 /* Bin Number */
+  },
+  {
+    /* VeriSign_Universal_Root_Certification_Authority */
+    { 0x23, 0x99, 0x56, 0x11, 0x27, 0xA5, 0x71, 0x25, 0xDE, 0x8C, 0xEF, 0xEA, 0x61, 0x0D, 0xDF, 0x2F,
+      0xA0, 0x78, 0xB5, 0xC8, 0x06, 0x7F, 0x4E, 0x82, 0x82, 0x90, 0xBF, 0xB8, 0x60, 0xE8, 0x4B, 0x3C },
+      90 /* Bin Number */
+  },
+  {
+    /* Telia_Root_CA_v2 */
+    { 0x24, 0x2B, 0x69, 0x74, 0x2F, 0xCB, 0x1E, 0x5B, 0x2A, 0xBF, 0x98, 0x89, 0x8B, 0x94, 0x57, 0x21,
+      0x87, 0x54, 0x4E, 0x5B, 0x4D, 0x99, 0x11, 0x78, 0x65, 0x73, 0x62, 0x1F, 0x6A, 0x74, 0xB8, 0x2C },
+      240 /* Bin Number */
+  },
+  {
+    /* Security_Communication_RootCA3 */
+    { 0x24, 0xA5, 0x5C, 0x2A, 0xB0, 0x51, 0x44, 0x2D, 0x06, 0x17, 0x76, 0x65, 0x41, 0x23, 0x9A, 0x4A,
+      0xD0, 0x32, 0xD7, 0xC5, 0x51, 0x75, 0xAA, 0x34, 0xFF, 0xDE, 0x2F, 0xBC, 0x4F, 0x5C, 0x52, 0x94 },
+      249 /* Bin Number */
+  },
+  {
+    /* Izenpe_com */
+    { 0x25, 0x30, 0xCC, 0x8E, 0x98, 0x32, 0x15, 0x02, 0xBA, 0xD9, 0x6F, 0x9B, 0x1F, 0xBA, 0x1B, 0x09,
+      0x9E, 0x2D, 0x29, 0x9E, 0x0F, 0x45, 0x48, 0xBB, 0x91, 0x4F, 0x36, 0x3B, 0xC0, 0xD4, 0x53, 0x1F },
+      103 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G2 */
+    { 0x27, 0x99, 0x58, 0x29, 0xFE, 0x6A, 0x75, 0x15, 0xC1, 0xBF, 0xE8, 0x48, 0xF9, 0xC4, 0x76, 0x1D,
+      0xB1, 0x6C, 0x22, 0x59, 0x29, 0x25, 0x7B, 0xF4, 0x0D, 0x08, 0x94, 0xF2, 0x9E, 0xA8, 0xBA, 0xF2 },
+      179 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R1 */
+    { 0x2A, 0x57, 0x54, 0x71, 0xE3, 0x13, 0x40, 0xBC, 0x21, 0x58, 0x1C, 0xBD, 0x2C, 0xF1, 0x3E, 0x15,
+      0x84, 0x63, 0x20, 0x3E, 0xCE, 0x94, 0xBC, 0xF9, 0xD3, 0xCC, 0x19, 0x6B, 0xF0, 0x9A, 0x54, 0x72 },
+      199 /* Bin Number */
+  },
+  {
+    /* Certinomis___Root_CA */
+    { 0x2A, 0x99, 0xF5, 0xBC, 0x11, 0x74, 0xB7, 0x3C, 0xBB, 0x1D, 0x62, 0x08, 0x84, 0xE0, 0x1C, 0x34,
+      0xE5, 0x1C, 0xCB, 0x39, 0x78, 0xDA, 0x12, 0x5F, 0x0E, 0x33, 0x26, 0x88, 0x83, 0xBF, 0x41, 0x58 },
+      168 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0x2C, 0xAB, 0xEA, 0xFE, 0x37, 0xD0, 0x6C, 0xA2, 0x2A, 0xBA, 0x73, 0x91, 0xC0, 0x03, 0x3D, 0x25,
+      0x98, 0x29, 0x52, 0xC4, 0x53, 0x64, 0x73, 0x49, 0x76, 0x3A, 0x3A, 0xB5, 0xAD, 0x6C, 0xCF, 0x69 },
+      197 /* Bin Number */
+  },
+  {
+    /* Starfield_Root_Certificate_Authority___G2 */
+    { 0x2C, 0xE1, 0xCB, 0x0B, 0xF9, 0xD2, 0xF9, 0xE1, 0x02, 0x99, 0x3F, 0xBE, 0x21, 0x51, 0x52, 0xC3,
+      0xB2, 0xDD, 0x0C, 0xAB, 0xDE, 0x1C, 0x68, 0xE5, 0x31, 0x9B, 0x83, 0x91, 0x54, 0xDB, 0xB7, 0xF5 },
+      107 /* Bin Number */
+  },
+  {
+    /* OU_ApplicationCA_O_Japanese_Government_C_JP */
+    { 0x2D, 0x47, 0x43, 0x7D, 0xE1, 0x79, 0x51, 0x21, 0x5A, 0x12, 0xF3, 0xC5, 0x8E, 0x51, 0xC7, 0x29,
+      0xA5, 0x80, 0x26, 0xEF, 0x1F, 0xCC, 0x0A, 0x5F, 0xB3, 0xD9, 0xDC, 0x01, 0x2F, 0x60, 0x0D, 0x19 },
+      85 /* Bin Number */
+  },
+  {
+    /* TunTrust_Root_CA */
+    { 0x2E, 0x44, 0x10, 0x2A, 0xB5, 0x8C, 0xB8, 0x54, 0x19, 0x45, 0x1C, 0x8E, 0x19, 0xD9, 0xAC, 0xF3,
+      0x66, 0x2C, 0xAF, 0xBC, 0x61, 0x4B, 0x6A, 0x53, 0x96, 0x0A, 0x30, 0xF7, 0xD0, 0xE2, 0xEB, 0x41 },
+      227 /* Bin Number */
+  },
+  {
+    /* SSL_com_EV_Root_Certification_Authority_RSA_R2 */
+    { 0x2E, 0x7B, 0xF1, 0x6C, 0xC2, 0x24, 0x85, 0xA7, 0xBB, 0xE2, 0xAA, 0x86, 0x96, 0x75, 0x07, 0x61,
+      0xB0, 0xAE, 0x39, 0xBE, 0x3B, 0x2F, 0xE9, 0xD0, 0xCC, 0x6D, 0x4E, 0xF7, 0x34, 0x91, 0x42, 0x5C },
+      195 /* Bin Number */
+  },
+  {
+    /* IdenTrust_Public_Sector_Root_CA_1 */
+    { 0x30, 0xD0, 0x89, 0x5A, 0x9A, 0x44, 0x8A, 0x26, 0x20, 0x91, 0x63, 0x55, 0x22, 0xD1, 0xF5, 0x20,
+      0x10, 0xB5, 0x86, 0x7A, 0xCA, 0xE1, 0x2C, 0x78, 0xEF, 0x95, 0x8F, 0xD4, 0xF4, 0x38, 0x9F, 0x2F },
+      162 /* Bin Number */
+  },
+  {
+    /* vTrus_ECC_Root_CA */
+    { 0x30, 0xFB, 0xBA, 0x2C, 0x32, 0x23, 0x8E, 0x2A, 0x98, 0x54, 0x7A, 0xF9, 0x79, 0x31, 0xE5, 0x50,
+      0x42, 0x8B, 0x9B, 0x3F, 0x1C, 0x8E, 0xEB, 0x66, 0x33, 0xDC, 0xFA, 0x86, 0xC5, 0xB2, 0x7D, 0xD3 },
+      231 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_G3 */
+    { 0x31, 0xAD, 0x66, 0x48, 0xF8, 0x10, 0x41, 0x38, 0xC7, 0x38, 0xF3, 0x9E, 0xA4, 0x32, 0x01, 0x33,
+      0x39, 0x3E, 0x3A, 0x18, 0xCC, 0x02, 0x29, 0x6E, 0xF9, 0x7C, 0x2A, 0xC9, 0xEF, 0x67, 0x31, 0xD0 },
+      150 /* Bin Number */
+  },
+  {
+    /* Microsec_e_Szigno_Root_CA */
+    { 0x32, 0x7A, 0x3D, 0x76, 0x1A, 0xBA, 0xDE, 0xA0, 0x34, 0xEB, 0x99, 0x84, 0x06, 0x27, 0x5C, 0xB1,
+      0xA4, 0x77, 0x6E, 0xFD, 0xAE, 0x2F, 0xDF, 0x6D, 0x01, 0x68, 0xEA, 0x1C, 0x4F, 0x55, 0x67, 0xD0 },
+      70 /* Bin Number */
+  },
+  {
+    /* SSL_com_Root_Certification_Authority_ECC */
+    { 0x34, 0x17, 0xBB, 0x06, 0xCC, 0x60, 0x07, 0xDA, 0x1B, 0x96, 0x1C, 0x92, 0x0B, 0x8A, 0xB4, 0xCE,
+      0x3F, 0xAD, 0x82, 0x0E, 0x4A, 0xA3, 0x0B, 0x9A, 0xCB, 0xC4, 0xA7, 0x4E, 0xBD, 0xCE, 0xBC, 0x65 },
+      194 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R4 */
+    { 0x34, 0x9D, 0xFA, 0x40, 0x58, 0xC5, 0xE2, 0x63, 0x12, 0x3B, 0x39, 0x8A, 0xE7, 0x95, 0x57, 0x3C,
+      0x4E, 0x13, 0x13, 0xC8, 0x3F, 0xE6, 0x8F, 0x93, 0x55, 0x6C, 0xD5, 0xE8, 0x03, 0x1B, 0x3C, 0x7D },
+      239 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R3 */
+    { 0x34, 0xD8, 0xA7, 0x3E, 0xE2, 0x08, 0xD9, 0xBC, 0xDB, 0x0D, 0x95, 0x65, 0x20, 0x93, 0x4B, 0x4E,
+      0x40, 0xE6, 0x94, 0x82, 0x59, 0x6E, 0x8B, 0x6F, 0x73, 0xC8, 0x42, 0x6B, 0x01, 0x0A, 0x6F, 0x48 },
+      238 /* Bin Number */
+  },
+  {
+    /* Microsoft_ECC_Root_Certificate_Authority_2017 */
+    { 0x35, 0x8D, 0xF3, 0x9D, 0x76, 0x4A, 0xF9, 0xE1, 0xB7, 0x66, 0xE9, 0xC9, 0x72, 0xDF, 0x35, 0x2E,
+      0xE1, 0x5C, 0xFA, 0xC2, 0x27, 0xAF, 0x6A, 0xD1, 0xD7, 0x0E, 0x8E, 0x4A, 0x6E, 0xDC, 0xBA, 0x02 },
+      212 /* Bin Number */
+  },
+  {
+    /* EBG_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x35, 0xAE, 0x5B, 0xDD, 0xD8, 0xF7, 0xAE, 0x63, 0x5C, 0xFF, 0xBA, 0x56, 0x82, 0xA8, 0xF0, 0x0B,
+      0x95, 0xF4, 0x84, 0x62, 0xC7, 0x10, 0x8E, 0xE9, 0xA0, 0xE5, 0x29, 0x2B, 0x07, 0x4A, 0xAF, 0xB2 },
+      82 /* Bin Number */
+  },
+  {
+    /* DigiCert_TLS_RSA4096_Root_G5 */
+    { 0x37, 0x1A, 0x00, 0xDC, 0x05, 0x33, 0xB3, 0x72, 0x1A, 0x7E, 0xEB, 0x40, 0xE8, 0x41, 0x9E, 0x70,
+      0x79, 0x9D, 0x2B, 0x0A, 0x0F, 0x2C, 0x1D, 0x80, 0x69, 0x31, 0x65, 0xF7, 0xCE, 0xC4, 0xAD, 0x75 },
+      244 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority */
+    { 0x37, 0xD5, 0x10, 0x06, 0xC5, 0x12, 0xEA, 0xAB, 0x62, 0x64, 0x21, 0xF1, 0xEC, 0x8C, 0x92, 0x01,
+      0x3F, 0xC5, 0xF8, 0x2A, 0xE9, 0x8E, 0xE5, 0x33, 0xEB, 0x46, 0x19, 0xB8, 0xDE, 0xB4, 0xD0, 0x6C },
+      58 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA___G3 */
+    { 0x3C, 0x4F, 0xB0, 0xB9, 0x5A, 0xB8, 0xB3, 0x00, 0x32, 0xF4, 0x32, 0xB8, 0x6F, 0x53, 0x5F, 0xE1,
+      0x72, 0xC1, 0x85, 0xD0, 0xFD, 0x39, 0x86, 0x58, 0x37, 0xCF, 0x36, 0x18, 0x7F, 0xA6, 0xF4, 0x28 },
+      159 /* Bin Number */
+  },
+  {
+    /* Microsec_e_Szigno_Root_CA_2009 */
+    { 0x3C, 0x5F, 0x81, 0xFE, 0xA5, 0xFA, 0xB8, 0x2C, 0x64, 0xBF, 0xA2, 0xEA, 0xEC, 0xAF, 0xCD, 0xE8,
+      0xE0, 0x77, 0xFC, 0x86, 0x20, 0xA7, 0xCA, 0xE5, 0x37, 0x16, 0x3D, 0xF3, 0x6E, 0xDB, 0xF3, 0x78 },
+      99 /* Bin Number */
+  },
+  {
+    /* PSCProcert */
+    { 0x3C, 0xFC, 0x3C, 0x14, 0xD1, 0xF6, 0x84, 0xFF, 0x17, 0xE3, 0x8C, 0x43, 0xCA, 0x44, 0x0C, 0x00,
+      0xB9, 0x67, 0xEC, 0x93, 0x3E, 0x8B, 0xFE, 0x06, 0x4C, 0xA1, 0xD7, 0x2C, 0x90, 0xF2, 0xAD, 0xB0 },
+      132 /* Bin Number */
+  },
+  {
+    /* EE_Certification_Centre_Root_CA */
+    { 0x3E, 0x84, 0xBA, 0x43, 0x42, 0x90, 0x85, 0x16, 0xE7, 0x75, 0x73, 0xC0, 0x99, 0x2F, 0x09, 0x79,
+      0xCA, 0x08, 0x4E, 0x46, 0x85, 0x68, 0x1F, 0xF1, 0x95, 0xCC, 0xBA, 0x8A, 0x22, 0x9B, 0x8A, 0x76 },
+      128 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_CA */
+    { 0x3E, 0x90, 0x99, 0xB5, 0x01, 0x5E, 0x8F, 0x48, 0x6C, 0x00, 0xBC, 0xEA, 0x9D, 0x11, 0x1E, 0xE7,
+      0x21, 0xFA, 0xBA, 0x35, 0x5A, 0x89, 0xBC, 0xF1, 0xDF, 0x69, 0x56, 0x1E, 0x3D, 0xC6, 0x32, 0x5C },
+      48 /* Bin Number */
+  },
+  {
+    /* Trusted_Certificate_Services */
+    { 0x3F, 0x06, 0xE5, 0x56, 0x81, 0xD4, 0x96, 0xF5, 0xBE, 0x16, 0x9E, 0xB5, 0x38, 0x9F, 0x9F, 0x2B,
+      0x8F, 0xF6, 0x1E, 0x17, 0x08, 0xDF, 0x68, 0x81, 0x72, 0x48, 0x49, 0xCD, 0x5D, 0x27, 0xCB, 0x69 },
+      30 /* Bin Number */
+  },
+  {
+    /* HARICA_TLS_ECC_Root_CA_2021 */
+    { 0x3F, 0x99, 0xCC, 0x47, 0x4A, 0xCF, 0xCE, 0x4D, 0xFE, 0xD5, 0x87, 0x94, 0x66, 0x5E, 0x47, 0x8D,
+      0x15, 0x47, 0x73, 0x9F, 0x2E, 0x78, 0x0F, 0x1B, 0xB4, 0xCA, 0x9B, 0x13, 0x30, 0x97, 0xD4, 0x01 },
+      229 /* Bin Number */
+  },
+  {
+    /* emSign_Root_CA___G1 */
+    { 0x40, 0xF6, 0xAF, 0x03, 0x46, 0xA9, 0x9A, 0xA1, 0xCD, 0x1D, 0x55, 0x5A, 0x4E, 0x9C, 0xCE, 0x62,
+      0xC7, 0xF9, 0x63, 0x46, 0x03, 0xEE, 0x40, 0x66, 0x15, 0x83, 0x3D, 0xC8, 0xC8, 0xD0, 0x03, 0x67 },
+      206 /* Bin Number */
+  },
+  {
+    /* OISTE_WISeKey_Global_Root_GA_CA */
+    { 0x41, 0xC9, 0x23, 0x86, 0x6A, 0xB4, 0xCA, 0xD6, 0xB7, 0xAD, 0x57, 0x80, 0x81, 0x58, 0x2E, 0x02,
+      0x07, 0x97, 0xA6, 0xCB, 0xDF, 0x4F, 0xFF, 0x78, 0xCE, 0x83, 0x96, 0xB3, 0x89, 0x37, 0xD7, 0xF5 },
+      69 /* Bin Number */
+  },
+  {
+    /* Secure_Global_CA */
+    { 0x42, 0x00, 0xF5, 0x04, 0x3A, 0xC8, 0x59, 0x0E, 0xBB, 0x52, 0x7D, 0x20, 0x9E, 0xD1, 0x50, 0x30,
+      0x29, 0xFB, 0xCB, 0xD4, 0x1C, 0xA1, 0xB5, 0x06, 0xEC, 0x27, 0xF1, 0x5A, 0xDE, 0x7D, 0xAC, 0x69 },
+      62 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_CA */
+    { 0x43, 0x48, 0xA0, 0xE9, 0x44, 0x4C, 0x78, 0xCB, 0x26, 0x5E, 0x05, 0x8D, 0x5E, 0x89, 0x44, 0xB4,
+      0xD8, 0x4F, 0x96, 0x62, 0xBD, 0x26, 0xDB, 0x25, 0x7F, 0x89, 0x34, 0xA4, 0x43, 0xC7, 0x01, 0x61 },
+      49 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority___G2 */
+    { 0x43, 0xDF, 0x57, 0x74, 0xB0, 0x3E, 0x7F, 0xEF, 0x5F, 0xE4, 0x0D, 0x93, 0x1A, 0x7B, 0xED, 0xF1,
+      0xBB, 0x2E, 0x6B, 0x42, 0x73, 0x8C, 0x4E, 0x6D, 0x38, 0x41, 0x10, 0x3D, 0x3A, 0xA7, 0xF3, 0x39 },
+      163 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x44, 0x04, 0xE3, 0x3B, 0x5E, 0x14, 0x0D, 0xCF, 0x99, 0x80, 0x51, 0xFD, 0xFC, 0x80, 0x28, 0xC7,
+      0xC8, 0x16, 0x15, 0xC5, 0xEE, 0x73, 0x7B, 0x11, 0x1B, 0x58, 0x82, 0x33, 0xA9, 0xB5, 0x35, 0xA0 },
+      54 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015 */
+    { 0x44, 0xB5, 0x45, 0xAA, 0x8A, 0x25, 0xE6, 0x5A, 0x73, 0xCA, 0x15, 0xDC, 0x27, 0xFC, 0x36, 0xD2,
+      0x4C, 0x1C, 0xB9, 0x95, 0x3A, 0x06, 0x65, 0x39, 0xB1, 0x15, 0x82, 0xDC, 0x48, 0x7B, 0x48, 0x33 },
+      175 /* Bin Number */
+  },
+  {
+    /* Go_Daddy_Root_Certificate_Authority___G2 */
+    { 0x45, 0x14, 0x0B, 0x32, 0x47, 0xEB, 0x9C, 0xC8, 0xC5, 0xB4, 0xF0, 0xD7, 0xB5, 0x30, 0x91, 0xF7,
+      0x32, 0x92, 0x08, 0x9E, 0x6E, 0x5A, 0x63, 0xE2, 0x74, 0x9D, 0xD3, 0xAC, 0xA9, 0x19, 0x8E, 0xDA },
+      106 /* Bin Number */
+  },
+  {
+    /* TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi___Surum_1 */
+    { 0x46, 0xED, 0xC3, 0x68, 0x90, 0x46, 0xD5, 0x3A, 0x45, 0x3F, 0xB3, 0x10, 0x4A, 0xB8, 0x0D, 0xCA,
+      0xEC, 0x65, 0x8B, 0x26, 0x60, 0xEA, 0x16, 0x29, 0xDD, 0x7E, 0x86, 0x79, 0x90, 0x64, 0x87, 0x16 },
+      188 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H5 */
+    { 0x49, 0x35, 0x1B, 0x90, 0x34, 0x44, 0xC1, 0x85, 0xCC, 0xDC, 0x5C, 0x69, 0x3D, 0x24, 0xD8, 0x55,
+      0x5C, 0xB2, 0x08, 0xD6, 0xA8, 0x14, 0x13, 0x07, 0x69, 0x9F, 0x4A, 0xF0, 0x63, 0x19, 0x9D, 0x78 },
+      166 /* Bin Number */
+  },
+  {
+    /* D_TRUST_Root_Class_3_CA_2_2009 */
+    { 0x49, 0xE7, 0xA4, 0x42, 0xAC, 0xF0, 0xEA, 0x62, 0x87, 0x05, 0x00, 0x54, 0xB5, 0x25, 0x64, 0xB6,
+      0x50, 0xE4, 0xF4, 0x9E, 0x42, 0xE3, 0x48, 0xD6, 0xAA, 0x38, 0xE0, 0x39, 0xE9, 0x57, 0xB1, 0xC1 },
+      130 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA___G3 */
+    { 0x4B, 0x03, 0xF4, 0x58, 0x07, 0xAD, 0x70, 0xF2, 0x1B, 0xFC, 0x2C, 0xAE, 0x71, 0xC9, 0xFD, 0xE4,
+      0x60, 0x4C, 0x06, 0x4C, 0xF5, 0xFF, 0xB6, 0x86, 0xBA, 0xE5, 0xDB, 0xAA, 0xD7, 0xFD, 0xD3, 0x4C },
+      88 /* Bin Number */
+  },
+  {
+    /* Certification_Authority_of_WoSign */
+    { 0x4B, 0x22, 0xD5, 0xA6, 0xAE, 0xC9, 0x9F, 0x3C, 0xDB, 0x79, 0xAA, 0x5E, 0xC0, 0x68, 0x38, 0x47,
+      0x9C, 0xD5, 0xEC, 0xBA, 0x71, 0x64, 0xF7, 0xF2, 0x2D, 0xC1, 0xD6, 0x5F, 0x63, 0xD8, 0x57, 0x08 },
+      152 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_EV_Root_CA */
+    { 0x4D, 0x24, 0x91, 0x41, 0x4C, 0xFE, 0x95, 0x67, 0x46, 0xEC, 0x4C, 0xEF, 0xA6, 0xCF, 0x6F, 0x72,
+      0xE2, 0x8A, 0x13, 0x29, 0x43, 0x2F, 0x9D, 0x8A, 0x90, 0x7A, 0xC4, 0xCB, 0x5D, 0xAD, 0xC1, 0x5A },
+      160 /* Bin Number */
+  },
+  {
+    /* GlobalSign_Root_R46 */
+    { 0x4F, 0xA3, 0x12, 0x6D, 0x8D, 0x3A, 0x11, 0xD1, 0xC4, 0x85, 0x5A, 0x4F, 0x80, 0x7C, 0xBA, 0xD6,
+      0xCF, 0x91, 0x9D, 0x3A, 0x5A, 0x88, 0xB0, 0x3B, 0xEA, 0x2C, 0x63, 0x72, 0xD9, 0x3C, 0x40, 0xC9 },
+      221 /* Bin Number */
+  },
+  {
+    /* USERTrust_ECC_Certification_Authority */
+    { 0x4F, 0xF4, 0x60, 0xD5, 0x4B, 0x9C, 0x86, 0xDA, 0xBF, 0xBC, 0xFC, 0x57, 0x12, 0xE0, 0x40, 0x0D,
+      0x2B, 0xED, 0x3F, 0xBC, 0x4D, 0x4F, 0xBD, 0xAA, 0x86, 0xE0, 0x6A, 0xDC, 0xD2, 0xA9, 0xAD, 0x7A },
+      156 /* Bin Number */
+  },
+  {
+    /* ComSign_Secured_CA */
+    { 0x50, 0x79, 0x41, 0xC7, 0x44, 0x60, 0xA0, 0xB4, 0x70, 0x86, 0x22, 0x0D, 0x4E, 0x99, 0x32, 0x57,
+      0x2A, 0xB5, 0xD1, 0xB5, 0xBB, 0xCB, 0x89, 0x80, 0xAB, 0x1C, 0xB1, 0x76, 0x51, 0xA8, 0x44, 0xD2 },
+      76 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_RootCA2_O__SECOM_Trust_Systems_CO__LTD___C_JP */
+    { 0x51, 0x3B, 0x2C, 0xEC, 0xB8, 0x10, 0xD4, 0xCD, 0xE5, 0xDD, 0x85, 0x39, 0x1A, 0xDF, 0xC6, 0xC2,
+      0xDD, 0x60, 0xD8, 0x7B, 0xB7, 0x36, 0xD2, 0xB5, 0x21, 0x48, 0x4A, 0xA4, 0x7A, 0x0E, 0xBE, 0xF6 },
+      118 /* Bin Number */
+  },
+  {
+    /* COMODO_RSA_Certification_Authority */
+    { 0x52, 0xF0, 0xE1, 0xC4, 0xE5, 0x8E, 0xC6, 0x29, 0x29, 0x1B, 0x60, 0x31, 0x7F, 0x07, 0x46, 0x71,
+      0xB8, 0x5D, 0x7E, 0xA8, 0x0D, 0x5B, 0x07, 0x27, 0x34, 0x63, 0x53, 0x4B, 0x32, 0xB4, 0x02, 0x34 },
+      154 /* Bin Number */
+  },
+  {
+    /* LuxTrust_Global_Root_2 */
+    { 0x54, 0x45, 0x5F, 0x71, 0x29, 0xC2, 0x0B, 0x14, 0x47, 0xC4, 0x18, 0xF9, 0x97, 0x16, 0x8F, 0x24,
+      0xC5, 0x8F, 0xC5, 0x02, 0x3B, 0xF5, 0xDA, 0x5B, 0xE2, 0xEB, 0x6E, 0x1D, 0xD8, 0x90, 0x2E, 0xD5 },
+      187 /* Bin Number */
+  },
+  {
+    /* DigiCert_Trusted_Root_G4 */
+    { 0x55, 0x2F, 0x7B, 0xDC, 0xF1, 0xA7, 0xAF, 0x9E, 0x6C, 0xE6, 0x72, 0x01, 0x7F, 0x4F, 0x12, 0xAB,
+      0xF7, 0x72, 0x40, 0xC7, 0x8E, 0x76, 0x1A, 0xC2, 0x03, 0xD1, 0xD9, 0xD2, 0x0A, 0xC8, 0x99, 0x88 },
+      151 /* Bin Number */
+  },
+  {
+    /* AC_RAIZ_FNMT_RCM_SERVIDORES_SEGUROS */
+    { 0x55, 0x41, 0x53, 0xB1, 0x3D, 0x2C, 0xF9, 0xDD, 0xB7, 0x53, 0xBF, 0xBE, 0x1A, 0x4E, 0x0A, 0xE0,
+      0x8D, 0x0A, 0xA4, 0x18, 0x70, 0x58, 0xFE, 0x60, 0xA2, 0xB8, 0x62, 0xB2, 0xE4, 0xB8, 0x7B, 0xCB },
+      220 /* Bin Number */
+  },
+  {
+    /* Trustwave_Global_ECC_P384_Certification_Authority */
+    { 0x55, 0x90, 0x38, 0x59, 0xC8, 0xC0, 0xC3, 0xEB, 0xB8, 0x75, 0x9E, 0xCE, 0x4E, 0x25, 0x57, 0x22,
+      0x5F, 0xF5, 0x75, 0x8B, 0xBD, 0x38, 0xEB, 0xD4, 0x82, 0x76, 0x60, 0x1E, 0x1B, 0xD5, 0x80, 0x97 },
+      218 /* Bin Number */
+  },
+  {
+    /* Actalis_Authentication_Root_CA */
+    { 0x55, 0x92, 0x60, 0x84, 0xEC, 0x96, 0x3A, 0x64, 0xB9, 0x6E, 0x2A, 0xBE, 0x01, 0xCE, 0x0B, 0xA8,
+      0x6A, 0x64, 0xFB, 0xFE, 0xBC, 0xC7, 0xAA, 0xB5, 0xAF, 0xC1, 0x55, 0xB3, 0x7F, 0xD7, 0x60, 0x66 },
+      121 /* Bin Number */
+  },
+  {
+    /* Starfield_Services_Root_Certificate_Authority___G2 */
+    { 0x56, 0x8D, 0x69, 0x05, 0xA2, 0xC8, 0x87, 0x08, 0xA4, 0xB3, 0x02, 0x51, 0x90, 0xED, 0xCF, 0xED,
+      0xB1, 0x97, 0x4A, 0x60, 0x6A, 0x13, 0xC6, 0xE5, 0x29, 0x0F, 0xCB, 0x2A, 0xE6, 0x3E, 0xDA, 0xB5 },
+      108 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G1 */
+    { 0x56, 0xC7, 0x71, 0x28, 0xD9, 0x8C, 0x18, 0xD9, 0x1B, 0x4C, 0xFD, 0xFF, 0xBC, 0x25, 0xEE, 0x91,
+      0x03, 0xD4, 0x75, 0x8E, 0xA2, 0xAB, 0xAD, 0x82, 0x6A, 0x90, 0xF3, 0x45, 0x7D, 0x46, 0x0E, 0xB4 },
+      178 /* Bin Number */
+  },
+  {
+    /* Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068 */
+    { 0x57, 0xDE, 0x05, 0x83, 0xEF, 0xD2, 0xB2, 0x6E, 0x03, 0x61, 0xDA, 0x99, 0xDA, 0x9D, 0xF4, 0x64,
+      0x8D, 0xEF, 0x7E, 0xE8, 0x44, 0x1C, 0x3B, 0x72, 0x8A, 0xFA, 0x9B, 0xCD, 0xE0, 0xF9, 0xB2, 0x6A },
+      230 /* Bin Number */
+  },
+  {
+    /* TWCA_Global_Root_CA */
+    { 0x59, 0x76, 0x90, 0x07, 0xF7, 0x68, 0x5D, 0x0F, 0xCD, 0x50, 0x87, 0x2F, 0x9F, 0x95, 0xD5, 0x75,
+      0x5A, 0x5B, 0x2B, 0x45, 0x7D, 0x81, 0xF3, 0x69, 0x2B, 0x61, 0x0A, 0x98, 0x67, 0x2F, 0x0E, 0x1B },
+      139 /* Bin Number */
+  },
+  {
+    /* Hongkong_Post_Root_CA_3 */
+    { 0x5A, 0x2F, 0xC0, 0x3F, 0x0C, 0x83, 0xB0, 0x90, 0xBB, 0xFA, 0x40, 0x60, 0x4B, 0x09, 0x88, 0x44,
+      0x6C, 0x76, 0x36, 0x18, 0x3D, 0xF9, 0x84, 0x6E, 0x17, 0x10, 0x1A, 0x44, 0x7F, 0xB8, 0xEF, 0xD6 },
+      210 /* Bin Number */
+  },
+  {
+    /* TrustCor_ECA_1 */
+    { 0x5A, 0x88, 0x5D, 0xB1, 0x9C, 0x01, 0xD9, 0x12, 0xC5, 0x75, 0x93, 0x88, 0x93, 0x8C, 0xAF, 0xBB,
+      0xDF, 0x03, 0x1A, 0xB2, 0xD4, 0x8E, 0x91, 0xEE, 0x15, 0x58, 0x9B, 0x42, 0x97, 0x1D, 0x03, 0x9C },
+      192 /* Bin Number */
+  },
+  {
+    /* Certum_Trusted_Network_CA */
+    { 0x5C, 0x58, 0x46, 0x8D, 0x55, 0xF5, 0x8E, 0x49, 0x7E, 0x74, 0x39, 0x82, 0xD2, 0xB5, 0x00, 0x10,
+      0xB6, 0xD1, 0x65, 0x37, 0x4A, 0xCF, 0x83, 0xA7, 0xD4, 0xA3, 0x2D, 0xB7, 0x68, 0xC4, 0x40, 0x8E },
+      113 /* Bin Number */
+  },
+  {
+    /* CFCA_EV_ROOT */
+    { 0x5C, 0xC3, 0xD7, 0x8E, 0x4E, 0x1D, 0x5E, 0x45, 0x54, 0x7A, 0x04, 0xE6, 0x87, 0x3E, 0x64, 0xF9,
+      0x0C, 0xF9, 0x53, 0x6D, 0x1C, 0xCC, 0x2E, 0xF8, 0x00, 0xF3, 0x55, 0xC4, 0xC5, 0xFD, 0x70, 0xFD },
+      165 /* Bin Number */
+  },
+  {
+    /* IdenTrust_Commercial_Root_CA_1 */
+    { 0x5D, 0x56, 0x49, 0x9B, 0xE4, 0xD2, 0xE0, 0x8B, 0xCF, 0xCA, 0xD0, 0x8A, 0x3E, 0x38, 0x72, 0x3D,
+      0x50, 0x50, 0x3B, 0xDE, 0x70, 0x69, 0x48, 0xE4, 0x2F, 0x55, 0x60, 0x30, 0x19, 0xE5, 0x28, 0xAE },
+      161 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority___G2 */
+    { 0x5E, 0xDB, 0x7A, 0xC4, 0x3B, 0x82, 0xA0, 0x6A, 0x87, 0x61, 0xE8, 0xD7, 0xBE, 0x49, 0x79, 0xEB,
+      0xF2, 0x61, 0x1F, 0x7D, 0xD7, 0x9B, 0xF9, 0x1C, 0x1C, 0x6B, 0x56, 0x6A, 0x21, 0x9E, 0xD7, 0x66 },
+      89 /* Bin Number */
+  },
+  {
+    /* Equifax_Secure_Global_eBusiness_CA_1 */
+    { 0x5F, 0x0B, 0x62, 0xEA, 0xB5, 0xE3, 0x53, 0xEA, 0x65, 0x21, 0x65, 0x16, 0x58, 0xFB, 0xB6, 0x53,
+      0x59, 0xF4, 0x43, 0x28, 0x0A, 0x4A, 0xFB, 0xD1, 0x04, 0xD7, 0x7D, 0x10, 0xF9, 0xF0, 0x4C, 0x07 },
+      12 /* Bin Number */
+  },
+  {
+    /* SwissSign_Gold_CA___G2 */
+    { 0x62, 0xDD, 0x0B, 0xE9, 0xB9, 0xF5, 0x0A, 0x16, 0x3E, 0xA0, 0xF8, 0xE7, 0x5C, 0x05, 0x3B, 0x1E,
+      0xCA, 0x57, 0xEA, 0x55, 0xC8, 0x68, 0x8F, 0x64, 0x7C, 0x68, 0x81, 0xF2, 0xC8, 0x35, 0x7B, 0x95 },
+      56 /* Bin Number */
+  },
+  {
+    /* OU_certSIGN_ROOT_CA_G2_O_CERTSIGN_SA_C_RO */
+    { 0x65, 0x7C, 0xFE, 0x2F, 0xA7, 0x3F, 0xAA, 0x38, 0x46, 0x25, 0x71, 0xF3, 0x32, 0xA2, 0x36, 0x3A,
+      0x46, 0xFC, 0xE7, 0x02, 0x09, 0x51, 0x71, 0x07, 0x02, 0xCD, 0xFB, 0xB6, 0xEE, 0xDA, 0x33, 0x05 },
+      215 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA___G2 */
+    { 0x66, 0x8C, 0x83, 0x94, 0x7D, 0xA6, 0x3B, 0x72, 0x4B, 0xEC, 0xE1, 0x74, 0x3C, 0x31, 0xA0, 0xE6,
+      0xAE, 0xD0, 0xDB, 0x8E, 0xC5, 0xB3, 0x1B, 0xE3, 0x77, 0xBB, 0x78, 0x4F, 0x91, 0xB6, 0x71, 0x6F },
+      93 /* Bin Number */
+  },
+  {
+    /* AddTrust_External_CA_Root */
+    { 0x68, 0x7F, 0xA4, 0x51, 0x38, 0x22, 0x78, 0xFF, 0xF0, 0xC8, 0xB1, 0x1F, 0x8D, 0x43, 0xD5, 0x76,
+      0x67, 0x1C, 0x6E, 0xB2, 0xBC, 0xEA, 0xB4, 0x13, 0xFB, 0x83, 0xD9, 0x65, 0xD0, 0x6D, 0x2F, 0xF2 },
+      15 /* Bin Number */
+  },
+  {
+    /* ISRG_Root_X2 */
+    { 0x69, 0x72, 0x9B, 0x8E, 0x15, 0xA8, 0x6E, 0xFC, 0x17, 0x7A, 0x57, 0xAF, 0xB7, 0x17, 0x1D, 0xFC,
+      0x64, 0xAD, 0xD2, 0x8C, 0x2F, 0xCA, 0x8C, 0xF1, 0x50, 0x7E, 0x34, 0x45, 0x3C, 0xCB, 0x14, 0x70 },
+      233 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G4 */
+    { 0x69, 0xDD, 0xD7, 0xEA, 0x90, 0xBB, 0x57, 0xC9, 0x3E, 0x13, 0x5D, 0xC8, 0x5E, 0xA6, 0xFC, 0xD5,
+      0x48, 0x0B, 0x60, 0x32, 0x39, 0xBD, 0xC4, 0x54, 0xFC, 0x75, 0x8B, 0x2A, 0x26, 0xCF, 0x7F, 0x79 },
+      91 /* Bin Number */
+  },
+  {
+    /* Visa_eCommerce_Root */
+    { 0x69, 0xFA, 0xC9, 0xBD, 0x55, 0xFB, 0x0A, 0xC7, 0x8D, 0x53, 0xBB, 0xEE, 0x5C, 0xF1, 0xD5, 0x97,
+      0x98, 0x9F, 0xD0, 0xAA, 0xAB, 0x20, 0xA2, 0x51, 0x51, 0xBD, 0xF1, 0x73, 0x3E, 0xE7, 0xD1, 0x22 },
+      26 /* Bin Number */
+  },
+  {
+    /* Certum_EC_384_CA */
+    { 0x6B, 0x32, 0x80, 0x85, 0x62, 0x53, 0x18, 0xAA, 0x50, 0xD1, 0x73, 0xC9, 0x8D, 0x8B, 0xDA, 0x09,
+      0xD5, 0x7E, 0x27, 0x41, 0x3D, 0x11, 0x4C, 0xF7, 0x87, 0xA0, 0xF5, 0xD0, 0x6C, 0x03, 0x0C, 0xF6 },
+      225 /* Bin Number */
+  },
+  {
+    /* OISTE_WISeKey_Global_Root_GB_CA */
+    { 0x6B, 0x9C, 0x08, 0xE8, 0x6E, 0xB0, 0xF7, 0x67, 0xCF, 0xAD, 0x65, 0xCD, 0x98, 0xB6, 0x21, 0x49,
+      0xE5, 0x49, 0x4A, 0x67, 0xF5, 0x84, 0x5E, 0x7B, 0xD1, 0xED, 0x01, 0x9F, 0x27, 0xB8, 0x6B, 0xD6 },
+      169 /* Bin Number */
+  },
+  {
+    /* NetLock_Arany__Class_Gold__F_tan_s_tv_ny */
+    { 0x6C, 0x61, 0xDA, 0xC3, 0xA2, 0xDE, 0xF0, 0x31, 0x50, 0x6B, 0xE0, 0x36, 0xD2, 0xA6, 0xFE, 0x40,
+      0x19, 0x94, 0xFB, 0xD1, 0x3D, 0xF9, 0xC8, 0xD4, 0x66, 0x59, 0x92, 0x74, 0xC4, 0x46, 0xEC, 0x98 },
+      92 /* Bin Number */
+  },
+  {
+    /* Certplus_Root_CA_G2 */
+    { 0x6C, 0xC0, 0x50, 0x41, 0xE6, 0x44, 0x5E, 0x74, 0x69, 0x6C, 0x4C, 0xFB, 0xC9, 0xF8, 0x0F, 0x54,
+      0x3B, 0x7E, 0xAB, 0xBB, 0x44, 0xB4, 0xCE, 0x6F, 0x78, 0x7C, 0x6A, 0x99, 0x71, 0xC4, 0x2F, 0x17 },
+      177 /* Bin Number */
+  },
+  {
+    /* Entrust_net_Certification_Authority__2048_ */
+    { 0x6D, 0xC4, 0x71, 0x72, 0xE0, 0x1C, 0xBC, 0xB0, 0xBF, 0x62, 0x58, 0x0D, 0x89, 0x5F, 0xE2, 0xB8,
+      0xAC, 0x9A, 0xD4, 0xF8, 0x73, 0x80, 0x1E, 0x0C, 0x10, 0xB9, 0xC8, 0x37, 0xD2, 0x1E, 0xB1, 0x77 },
+      10 /* Bin Number */
+  },
+  {
+    /* UTN_USERFirst_Hardware */
+    { 0x6E, 0xA5, 0x47, 0x41, 0xD0, 0x04, 0x66, 0x7E, 0xED, 0x1B, 0x48, 0x16, 0x63, 0x4A, 0xA3, 0xA7,
+      0x9E, 0x6E, 0x4B, 0x96, 0x95, 0x0F, 0x82, 0x79, 0xDA, 0xFC, 0x8D, 0x9B, 0xD8, 0x81, 0x21, 0x37 },
+      38 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Premium */
+    { 0x70, 0xA7, 0x3F, 0x7F, 0x37, 0x6B, 0x60, 0x07, 0x42, 0x48, 0x90, 0x45, 0x34, 0xB1, 0x14, 0x82,
+      0xD5, 0xBF, 0x0E, 0x69, 0x8E, 0xCC, 0x49, 0x8D, 0xF5, 0x25, 0x77, 0xEB, 0xF2, 0xE9, 0x3B, 0x9A },
+      111 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R4 */
+    { 0x71, 0xCC, 0xA5, 0x39, 0x1F, 0x9E, 0x79, 0x4B, 0x04, 0x80, 0x25, 0x30, 0xB3, 0x63, 0xE1, 0x21,
+      0xDA, 0x8A, 0x30, 0x43, 0xBB, 0x26, 0x66, 0x2F, 0xEA, 0x4D, 0xCA, 0x7F, 0xC9, 0x51, 0xA4, 0xBD },
+      202 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority */
+    { 0x73, 0xC1, 0x76, 0x43, 0x4F, 0x1B, 0xC6, 0xD5, 0xAD, 0xF4, 0x5B, 0x0E, 0x76, 0xE7, 0x27, 0x28,
+      0x7C, 0x8D, 0xE5, 0x76, 0x16, 0xC1, 0xE6, 0xE6, 0x14, 0x1A, 0x2B, 0x2C, 0xBC, 0x7D, 0x8E, 0x4C },
+      18 /* Bin Number */
+  },
+  {
+    /* DigiCert_High_Assurance_EV_Root_CA */
+    { 0x74, 0x31, 0xE5, 0xF4, 0xC3, 0xC1, 0xCE, 0x46, 0x90, 0x77, 0x4F, 0x0B, 0x61, 0xE0, 0x54, 0x40,
+      0x88, 0x3B, 0xA9, 0xA0, 0x1E, 0xD0, 0x0B, 0xA6, 0xAB, 0xD7, 0x80, 0x6E, 0xD3, 0xB1, 0x18, 0xCF },
+      50 /* Bin Number */
+  },
+  {
+    /* O_Government_Root_Certification_Authority_C_TW */
+    { 0x76, 0x00, 0x29, 0x5E, 0xEF, 0xE8, 0x5B, 0x9E, 0x1F, 0xD6, 0x24, 0xDB, 0x76, 0x06, 0x2A, 0xAA,
+      0xAE, 0x59, 0x81, 0x8A, 0x54, 0xD2, 0x77, 0x4C, 0xD4, 0xC0, 0xB2, 0xC0, 0x11, 0x31, 0xE1, 0xB3 },
+      46 /* Bin Number */
+  },
+  {
+    /* DST_ACES_CA_X6 */
+    { 0x76, 0x7C, 0x95, 0x5A, 0x76, 0x41, 0x2C, 0x89, 0xAF, 0x68, 0x8E, 0x90, 0xA1, 0xC7, 0x0F, 0x55,
+      0x6C, 0xFD, 0x6B, 0x60, 0x25, 0xDB, 0xEA, 0x10, 0x41, 0x6D, 0x7E, 0xB6, 0x83, 0x1F, 0x8C, 0x40 },
+      53 /* Bin Number */
+  },
+  {
+    /* America_Online_Root_Certification_Authority_1 */
+    { 0x77, 0x40, 0x73, 0x12, 0xC6, 0x3A, 0x15, 0x3D, 0x5B, 0xC0, 0x0B, 0x4E, 0x51, 0x75, 0x9C, 0xDF,
+      0xDA, 0xC2, 0x37, 0xDC, 0x2A, 0x33, 0xB6, 0x79, 0x46, 0xE9, 0x8E, 0x9B, 0xFA, 0x68, 0x0A, 0xE3 },
+      24 /* Bin Number */
+  },
+  {
+    /* Certainly_Root_R1 */
+    { 0x77, 0xB8, 0x2C, 0xD8, 0x64, 0x4C, 0x43, 0x05, 0xF7, 0xAC, 0xC5, 0xCB, 0x15, 0x6B, 0x45, 0x67,
+      0x50, 0x04, 0x03, 0x3D, 0x51, 0xC6, 0x0C, 0x62, 0x02, 0xA8, 0xE0, 0xC3, 0x34, 0x67, 0xD3, 0xA0 },
+      245 /* Bin Number */
+  },
+  {
+    /* Sonera_Class2_CA */
+    { 0x79, 0x08, 0xB4, 0x03, 0x14, 0xC1, 0x38, 0x10, 0x0B, 0x51, 0x8D, 0x07, 0x35, 0x80, 0x7F, 0xFB,
+      0xFC, 0xF8, 0x51, 0x8A, 0x00, 0x95, 0x33, 0x71, 0x05, 0xBA, 0x38, 0x6B, 0x15, 0x3D, 0xD9, 0x27 },
+      35 /* Bin Number */
+  },
+  {
+    /* A_Trust_nQual_03 */
+    { 0x79, 0x3C, 0xBF, 0x45, 0x59, 0xB9, 0xFD, 0xE3, 0x8A, 0xB2, 0x2D, 0xF1, 0x68, 0x69, 0xF6, 0x98,
+      0x81, 0xAE, 0x14, 0xC4, 0xB0, 0x13, 0x9A, 0xC7, 0x88, 0xA7, 0x8A, 0x1A, 0xFC, 0xCA, 0x02, 0xFB },
+      116 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_G2 */
+    { 0x7D, 0x05, 0xEB, 0xB6, 0x82, 0x33, 0x9F, 0x8C, 0x94, 0x51, 0xEE, 0x09, 0x4E, 0xEB, 0xFE, 0xFA,
+      0x79, 0x53, 0xA1, 0x14, 0xED, 0xB2, 0xF4, 0x49, 0x49, 0x45, 0x2F, 0xAB, 0x7D, 0x2F, 0xC1, 0x85 },
+      147 /* Bin Number */
+  },
+  {
+    /* America_Online_Root_Certification_Authority_2 */
+    { 0x7D, 0x3B, 0x46, 0x5A, 0x60, 0x14, 0xE5, 0x26, 0xC0, 0xAF, 0xFC, 0xEE, 0x21, 0x27, 0xD2, 0x31,
+      0x17, 0x27, 0xAD, 0x81, 0x1C, 0x26, 0x84, 0x2D, 0x00, 0x6A, 0xF3, 0x73, 0x06, 0xCC, 0x80, 0xBD },
+      25 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_G3 */
+    { 0x7E, 0x37, 0xCB, 0x8B, 0x4C, 0x47, 0x09, 0x0C, 0xAB, 0x36, 0x55, 0x1B, 0xA6, 0xF4, 0x5D, 0xB8,
+      0x40, 0x68, 0x0F, 0xBA, 0x16, 0x6A, 0x95, 0x2D, 0xB1, 0x00, 0x71, 0x7F, 0x43, 0x05, 0x3F, 0xC2 },
+      148 /* Bin Number */
+  },
+  {
+    /* NetLock_Kozjegyzoi__Class_A__Tanusitvanykiado */
+    { 0x7F, 0x12, 0xCD, 0x5F, 0x7E, 0x5E, 0x29, 0x0E, 0xC7, 0xD8, 0x51, 0x79, 0xD5, 0xB7, 0x2C, 0x20,
+      0xA5, 0xBE, 0x75, 0x08, 0xFF, 0xDB, 0x5B, 0xF8, 0x1A, 0xB9, 0x68, 0x4A, 0x7F, 0xC9, 0xF6, 0x67 },
+      41 /* Bin Number */
+  },
+  {
+    /* AddTrust_Qualified_CA_Root */
+    { 0x80, 0x95, 0x21, 0x08, 0x05, 0xDB, 0x4B, 0xBC, 0x35, 0x5E, 0x44, 0x28, 0xD8, 0xFD, 0x6E, 0xC2,
+      0xCD, 0xE3, 0xAB, 0x5F, 0xB9, 0x7A, 0x99, 0x42, 0x98, 0x8E, 0xB8, 0xF4, 0xDC, 0xD0, 0x60, 0x16 },
+      17 /* Bin Number */
+  },
+  {
+    /* OU_VeriSign_Trust_Network_OU___c__1998_VeriSign__Inc____For_authorized_use_only__OU_Class_3_Public_Primary_Certification_Authority___G2_O__VeriSign__Inc___C_US */
+    { 0x83, 0xCE, 0x3C, 0x12, 0x29, 0x68, 0x8A, 0x59, 0x3D, 0x48, 0x5F, 0x81, 0x97, 0x3C, 0x0F, 0x91,
+      0x95, 0x43, 0x1E, 0xDA, 0x37, 0xCC, 0x5E, 0x36, 0x43, 0x0E, 0x79, 0xC7, 0xA8, 0x88, 0x63, 0x8B },
+      5 /* Bin Number */
+  },
+  {
+    /* OISTE_WISeKey_Global_Root_GC_CA */
+    { 0x85, 0x60, 0xF9, 0x1C, 0x36, 0x24, 0xDA, 0xBA, 0x95, 0x70, 0xB5, 0xFE, 0xA0, 0xDB, 0xE3, 0x6F,
+      0xF1, 0x1A, 0x83, 0x23, 0xBE, 0x94, 0x86, 0x85, 0x4F, 0xB3, 0xF3, 0x4A, 0x55, 0x71, 0x19, 0x8D },
+      198 /* Bin Number */
+  },
+  {
+    /* SSL_com_Root_Certification_Authority_RSA */
+    { 0x85, 0x66, 0x6A, 0x56, 0x2E, 0xE0, 0xBE, 0x5C, 0xE9, 0x25, 0xC1, 0xD8, 0x89, 0x0A, 0x6F, 0x76,
+      0xA8, 0x7E, 0xC1, 0x6D, 0x4D, 0x7D, 0x5F, 0x29, 0xEA, 0x74, 0x19, 0xCF, 0x20, 0x12, 0x3B, 0x69 },
+      193 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_2 */
+    { 0x85, 0xA0, 0xDD, 0x7D, 0xD7, 0x20, 0xAD, 0xB7, 0xFF, 0x05, 0xF8, 0x3D, 0x54, 0x2B, 0x20, 0x9D,
+      0xC7, 0xFF, 0x45, 0x28, 0xF7, 0xD6, 0x77, 0xB1, 0x83, 0x89, 0xFE, 0xA5, 0xE5, 0xC4, 0x9E, 0x86 },
+      32 /* Bin Number */
+  },
+  {
+    /* UTN___DATACorp_SGC */
+    { 0x85, 0xFB, 0x2F, 0x91, 0xDD, 0x12, 0x27, 0x5A, 0x01, 0x45, 0xB6, 0x36, 0x53, 0x4F, 0x84, 0x02,
+      0x4A, 0xD6, 0x8B, 0x69, 0xB8, 0xEE, 0x88, 0x68, 0x4F, 0xF7, 0x11, 0x37, 0x58, 0x05, 0xB3, 0x48 },
+      37 /* Bin Number */
+  },
+  {
+    /* emSign_ECC_Root_CA___G3 */
+    { 0x86, 0xA1, 0xEC, 0xBA, 0x08, 0x9C, 0x4A, 0x8D, 0x3B, 0xBE, 0x27, 0x34, 0xC6, 0x12, 0xBA, 0x34,
+      0x1D, 0x81, 0x3E, 0x04, 0x3C, 0xF9, 0xE8, 0xA8, 0x62, 0xCD, 0x5C, 0x57, 0xA3, 0x6B, 0xBE, 0x6B },
+      207 /* Bin Number */
+  },
+  {
+    /* E_Tugra_Global_Root_CA_ECC_v3 */
+    { 0x87, 0x3F, 0x46, 0x85, 0xFA, 0x7F, 0x56, 0x36, 0x25, 0x25, 0x2E, 0x6D, 0x36, 0xBC, 0xD7, 0xF1,
+      0x6F, 0xC2, 0x49, 0x51, 0xF2, 0x64, 0xE4, 0x7E, 0x1B, 0x95, 0x4F, 0x49, 0x08, 0xCD, 0xCA, 0x13 },
+      248 /* Bin Number */
+  },
+  {
+    /* EC_ACC */
+    { 0x88, 0x49, 0x7F, 0x01, 0x60, 0x2F, 0x31, 0x54, 0x24, 0x6A, 0xE2, 0x8C, 0x4D, 0x5A, 0xEF, 0x10,
+      0xF1, 0xD8, 0x7E, 0xBB, 0x76, 0x62, 0x6F, 0x4A, 0xE0, 0xB7, 0xF9, 0x5B, 0xA7, 0x96, 0x87, 0x99 },
+      119 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_3_G3 */
+    { 0x88, 0xEF, 0x81, 0xDE, 0x20, 0x2E, 0xB0, 0x18, 0x45, 0x2E, 0x43, 0xF8, 0x64, 0x72, 0x5C, 0xEA,
+      0x5F, 0xBD, 0x1F, 0xC2, 0xD9, 0xD2, 0x05, 0x73, 0x07, 0x09, 0xC5, 0xD8, 0xB8, 0x69, 0x0F, 0x46 },
+      146 /* Bin Number */
+  },
+  {
+    /* NAVER_Global_Root_Certification_Authority */
+    { 0x88, 0xF4, 0x38, 0xDC, 0xF8, 0xFF, 0xD1, 0xFA, 0x8F, 0x42, 0x91, 0x15, 0xFF, 0xE5, 0xF8, 0x2A,
+      0xE1, 0xE0, 0x6E, 0x0C, 0x70, 0xC3, 0x75, 0xFA, 0xAD, 0x71, 0x7B, 0x34, 0xA4, 0x9E, 0x72, 0x65 },
+      219 /* Bin Number */
+  },
+  {
+    /* vTrus_Root_CA */
+    { 0x8A, 0x71, 0xDE, 0x65, 0x59, 0x33, 0x6F, 0x42, 0x6C, 0x26, 0xE5, 0x38, 0x80, 0xD0, 0x0D, 0x88,
+      0xA1, 0x8D, 0xA4, 0xC6, 0xA9, 0x1F, 0x0D, 0xCB, 0x61, 0x94, 0xE2, 0x06, 0xC5, 0xC9, 0x63, 0x87 },
+      232 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_1_G3 */
+    { 0x8A, 0x86, 0x6F, 0xD1, 0xB2, 0x76, 0xB5, 0x7E, 0x57, 0x8E, 0x92, 0x1C, 0x65, 0x82, 0x8A, 0x2B,
+      0xED, 0x58, 0xE9, 0xF2, 0xF2, 0x88, 0x05, 0x41, 0x34, 0xB7, 0xF1, 0xF4, 0xBF, 0xC9, 0xCC, 0x74 },
+      144 /* Bin Number */
+  },
+  {
+    /* CA_WoSign_ECC_Root */
+    { 0x8B, 0x45, 0xDA, 0x1C, 0x06, 0xF7, 0x91, 0xEB, 0x0C, 0xAB, 0xF2, 0x6B, 0xE5, 0x88, 0xF5, 0xFB,
+      0x23, 0x16, 0x5C, 0x2E, 0x61, 0x4B, 0xF8, 0x85, 0x56, 0x2D, 0x0D, 0xCE, 0x50, 0xB2, 0x9B, 0x02 },
+      171 /* Bin Number */
+  },
+  {
+    /* Root_CA_Generalitat_Valenciana */
+    { 0x8C, 0x4E, 0xDF, 0xD0, 0x43, 0x48, 0xF3, 0x22, 0x96, 0x9E, 0x7E, 0x29, 0xA4, 0xCD, 0x4D, 0xCA,
+      0x00, 0x46, 0x55, 0x06, 0x1C, 0x16, 0xE1, 0xB0, 0x76, 0x42, 0x2E, 0xF3, 0x42, 0xAD, 0x63, 0x0E },
+      115 /* Bin Number */
+  },
+  {
+    /* AddTrust_Class_1_CA_Root */
+    { 0x8C, 0x72, 0x09, 0x27, 0x9A, 0xC0, 0x4E, 0x27, 0x5E, 0x16, 0xD0, 0x7F, 0xD3, 0xB7, 0x75, 0xE8,
+      0x01, 0x54, 0xB5, 0x96, 0x80, 0x46, 0xE3, 0x1F, 0x52, 0xDD, 0x25, 0x76, 0x63, 0x24, 0xE9, 0xA7 },
+      14 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R2 */
+    { 0x8D, 0x25, 0xCD, 0x97, 0x22, 0x9D, 0xBF, 0x70, 0x35, 0x6B, 0xDA, 0x4E, 0xB3, 0xCC, 0x73, 0x40,
+      0x31, 0xE2, 0x4C, 0xF0, 0x0F, 0xAF, 0xCF, 0xD3, 0x2D, 0xC7, 0x6E, 0xB5, 0x84, 0x1C, 0x7E, 0xA8 },
+      237 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA */
+    { 0x8D, 0x72, 0x2F, 0x81, 0xA9, 0xC1, 0x13, 0xC0, 0x79, 0x1D, 0xF1, 0x36, 0xA2, 0x96, 0x6D, 0xB2,
+      0x6C, 0x95, 0x0A, 0x97, 0x1D, 0xB4, 0x6B, 0x41, 0x99, 0xF4, 0xEA, 0x54, 0xB7, 0x8B, 0xFB, 0x9F },
+      59 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Class_3_CA_II */
+    { 0x8D, 0xA0, 0x84, 0xFC, 0xF9, 0x9C, 0xE0, 0x77, 0x22, 0xF8, 0x9B, 0x32, 0x05, 0x93, 0x98, 0x06,
+      0xFA, 0x5C, 0xB8, 0x11, 0xE1, 0xC8, 0x13, 0xF6, 0xA1, 0x08, 0xC7, 0xD3, 0x36, 0xB3, 0x40, 0x8E },
+      73 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H6 */
+    { 0x8D, 0xE7, 0x86, 0x55, 0xE1, 0xBE, 0x7F, 0x78, 0x47, 0x80, 0x0B, 0x93, 0xF6, 0x94, 0xD2, 0x1D,
+      0x36, 0x8C, 0xC0, 0x6E, 0x03, 0x3E, 0x7F, 0xAB, 0x04, 0xBB, 0x5E, 0xB9, 0x9D, 0xA6, 0xB7, 0x00 },
+      167 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_1 */
+    { 0x8E, 0xCD, 0xE6, 0x88, 0x4F, 0x3D, 0x87, 0xB1, 0x12, 0x5B, 0xA3, 0x1A, 0xC3, 0xFC, 0xB1, 0x3D,
+      0x70, 0x16, 0xDE, 0x7F, 0x57, 0xCC, 0x90, 0x4F, 0xE1, 0xCB, 0x97, 0xC6, 0xAE, 0x98, 0x19, 0x6E },
+      183 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_2_G3 */
+    { 0x8F, 0xE4, 0xFB, 0x0A, 0xF9, 0x3A, 0x4D, 0x0D, 0x67, 0xDB, 0x0B, 0xEB, 0xB2, 0x3E, 0x37, 0xC7,
+      0x1B, 0xF3, 0x25, 0xDC, 0xBC, 0xDD, 0x24, 0x0E, 0xA0, 0x4D, 0xAF, 0x58, 0xB4, 0x7E, 0x18, 0x40 },
+      145 /* Bin Number */
+  },
+  {
+    /* T_TeleSec_GlobalRoot_Class_2 */
+    { 0x91, 0xE2, 0xF5, 0x78, 0x8D, 0x58, 0x10, 0xEB, 0xA7, 0xBA, 0x58, 0x73, 0x7D, 0xE1, 0x54, 0x8A,
+      0x8E, 0xCA, 0xCD, 0x01, 0x45, 0x98, 0xBC, 0x0B, 0x14, 0x3E, 0x04, 0x1B, 0x17, 0x05, 0x25, 0x52 },
+      142 /* Bin Number */
+  },
+  {
+    /* CA_Disig */
+    { 0x92, 0xBF, 0x51, 0x19, 0xAB, 0xEC, 0xCA, 0xD0, 0xB1, 0x33, 0x2D, 0xC4, 0xE1, 0xD0, 0x5F, 0xBA,
+      0x75, 0xB5, 0x67, 0x90, 0x44, 0xEE, 0x0C, 0xA2, 0x6E, 0x93, 0x1F, 0x74, 0x4F, 0x2F, 0x33, 0xCF },
+      94 /* Bin Number */
+  },
+  {
+    /* Trustwave_Global_ECC_P256_Certification_Authority */
+    { 0x94, 0x5B, 0xBC, 0x82, 0x5E, 0xA5, 0x54, 0xF4, 0x89, 0xD1, 0xFD, 0x51, 0xA7, 0x3D, 0xDF, 0x2E,
+      0xA6, 0x24, 0xAC, 0x70, 0x19, 0xA0, 0x52, 0x05, 0x22, 0x5C, 0x22, 0xA7, 0x8C, 0xCF, 0xA8, 0xB4 },
+      217 /* Bin Number */
+  },
+  {
+    /* Cybertrust_Global_Root */
+    { 0x96, 0x0A, 0xDF, 0x00, 0x63, 0xE9, 0x63, 0x56, 0x75, 0x0C, 0x29, 0x65, 0xDD, 0x0A, 0x08, 0x67,
+      0xDA, 0x0B, 0x9C, 0xBD, 0x6E, 0x77, 0x71, 0x4A, 0xEA, 0xFB, 0x23, 0x49, 0xAB, 0x39, 0x3D, 0xA3 },
+      77 /* Bin Number */
+  },
+  {
+    /* ISRG_Root_X1 */
+    { 0x96, 0xBC, 0xEC, 0x06, 0x26, 0x49, 0x76, 0xF3, 0x74, 0x60, 0x77, 0x9A, 0xCF, 0x28, 0xC5, 0xA7,
+      0xCF, 0xE8, 0xA3, 0xC0, 0xAA, 0xE1, 0x1A, 0x8F, 0xFC, 0xEE, 0x05, 0xC0, 0xBD, 0xDF, 0x08, 0xC6 },
+      181 /* Bin Number */
+  },
+  {
+    /* Trustwave_Global_Certification_Authority */
+    { 0x97, 0x55, 0x20, 0x15, 0xF5, 0xDD, 0xFC, 0x3C, 0x87, 0x88, 0xC0, 0x06, 0x94, 0x45, 0x55, 0x40,
+      0x88, 0x94, 0x45, 0x00, 0x84, 0xF1, 0x00, 0x86, 0x70, 0x86, 0xBC, 0x1A, 0x2B, 0xB5, 0x8D, 0xC8 },
+      216 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x97, 0x8C, 0xD9, 0x66, 0xF2, 0xFA, 0xA0, 0x7B, 0xA7, 0xAA, 0x95, 0x00, 0xD9, 0xC0, 0x2E, 0x9D,
+      0x77, 0xF2, 0xCD, 0xAD, 0xA6, 0xAD, 0x6B, 0xA7, 0x4A, 0xF4, 0xB9, 0x1C, 0x66, 0x59, 0x3C, 0x50 },
+      129 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_2_Root_CA */
+    { 0x9A, 0x11, 0x40, 0x25, 0x19, 0x7C, 0x5B, 0xB9, 0x5D, 0x94, 0xE6, 0x3D, 0x55, 0xCD, 0x43, 0x79,
+      0x08, 0x47, 0xB6, 0x46, 0xB2, 0x3C, 0xDF, 0x11, 0xAD, 0xA4, 0xA0, 0x0E, 0xFF, 0x15, 0xFB, 0x48 },
+      125 /* Bin Number */
+  },
+  {
+    /* GLOBALTRUST_2020 */
+    { 0x9A, 0x29, 0x6A, 0x51, 0x82, 0xD1, 0xD4, 0x51, 0xA2, 0xE3, 0x7F, 0x43, 0x9B, 0x74, 0xDA, 0xAF,
+      0xA2, 0x67, 0x52, 0x33, 0x29, 0xF9, 0x0F, 0x9A, 0x0D, 0x20, 0x07, 0xC3, 0x34, 0xE2, 0x3C, 0x9A },
+      223 /* Bin Number */
+  },
+  {
+    /* ACCVRAIZ1 */
+    { 0x9A, 0x6E, 0xC0, 0x12, 0xE1, 0xA7, 0xDA, 0x9D, 0xBE, 0x34, 0x19, 0x4D, 0x47, 0x8A, 0xD7, 0xC0,
+      0xDB, 0x18, 0x22, 0xFB, 0x07, 0x1D, 0xF1, 0x29, 0x81, 0x49, 0x6E, 0xD1, 0x04, 0x38, 0x41, 0x13 },
+      138 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G5 */
+    { 0x9A, 0xCF, 0xAB, 0x7E, 0x43, 0xC8, 0xD8, 0x80, 0xD0, 0x6B, 0x26, 0x2A, 0x94, 0xDE, 0xEE, 0xE4,
+      0xB4, 0x65, 0x99, 0x89, 0xC3, 0xD0, 0xCA, 0xF1, 0x9B, 0xAF, 0x64, 0x05, 0xE4, 0x1A, 0xB7, 0xDF },
+      60 /* Bin Number */
+  },
+  {
+    /* UCA_Global_G2_Root */
+    { 0x9B, 0xEA, 0x11, 0xC9, 0x76, 0xFE, 0x01, 0x47, 0x64, 0xC1, 0xBE, 0x56, 0xA6, 0xF9, 0x14, 0xB5,
+      0xA5, 0x60, 0x31, 0x7A, 0xBD, 0x99, 0x88, 0x39, 0x33, 0x82, 0xE5, 0x16, 0x1A, 0xA0, 0x49, 0x3C },
+      203 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Universal_CA_2 */
+    { 0xA0, 0x23, 0x4F, 0x3B, 0xC8, 0x52, 0x7C, 0xA5, 0x62, 0x8E, 0xEC, 0x81, 0xAD, 0x5D, 0x69, 0x89,
+      0x5D, 0xA5, 0x68, 0x0D, 0xC9, 0x1D, 0x1C, 0xB8, 0x47, 0x7F, 0x33, 0xF8, 0x78, 0xB9, 0x5B, 0x0B },
+      23 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_RootCA_2015 */
+    { 0xA0, 0x40, 0x92, 0x9A, 0x02, 0xCE, 0x53, 0xB4, 0xAC, 0xF4, 0xF2, 0xFF, 0xC6, 0x98, 0x1C, 0xE4,
+      0x49, 0x6F, 0x75, 0x5E, 0x6D, 0x45, 0xFE, 0x0B, 0x2A, 0x69, 0x2B, 0xCD, 0x52, 0x52, 0x3F, 0x36 },
+      174 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Universal_CA */
+    { 0xA0, 0x45, 0x9B, 0x9F, 0x63, 0xB2, 0x25, 0x59, 0xF5, 0xFA, 0x5D, 0x4C, 0x6D, 0xB3, 0xF9, 0xF7,
+      0x2F, 0xF1, 0x93, 0x42, 0x03, 0x35, 0x78, 0xF0, 0x73, 0xBF, 0x1D, 0x1B, 0x46, 0xCB, 0xB9, 0x12 },
+      22 /* Bin Number */
+  },
+  {
+    /* SZAFIR_ROOT_CA2 */
+    { 0xA1, 0x33, 0x9D, 0x33, 0x28, 0x1A, 0x0B, 0x56, 0xE5, 0x57, 0xD3, 0xD3, 0x2B, 0x1C, 0xE7, 0xF9,
+      0x36, 0x7E, 0xB0, 0x94, 0xBD, 0x5F, 0xA7, 0x2A, 0x7E, 0x50, 0x04, 0xC8, 0xDE, 0xD7, 0xCA, 0xFE },
+      172 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_EV_RootCA1_O__SECOM_Trust_Systems_CO__LTD___C_JP */
+    { 0xA2, 0x2D, 0xBA, 0x68, 0x1E, 0x97, 0x37, 0x6E, 0x2D, 0x39, 0x7D, 0x72, 0x8A, 0xAE, 0x3A, 0x9B,
+      0x62, 0x96, 0xB9, 0xFD, 0xBA, 0x60, 0xBC, 0x2E, 0x11, 0xF6, 0x47, 0xF2, 0xC6, 0x75, 0xFB, 0x37 },
+      68 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA___G2 */
+    { 0xA4, 0x31, 0x0D, 0x50, 0xAF, 0x18, 0xA6, 0x44, 0x71, 0x90, 0x37, 0x2A, 0x86, 0xAF, 0xAF, 0x8B,
+      0x95, 0x1F, 0xFB, 0x43, 0x1D, 0x83, 0x7F, 0x1E, 0x56, 0x88, 0xB4, 0x59, 0x71, 0xED, 0x15, 0x57 },
+      87 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_Certification_Authority */
+    { 0xA4, 0x5E, 0xDE, 0x3B, 0xBB, 0xF0, 0x9C, 0x8A, 0xE1, 0x5C, 0x72, 0xEF, 0xC0, 0x72, 0x68, 0xD6,
+      0x93, 0xA2, 0x1C, 0x99, 0x6F, 0xD5, 0x1E, 0x67, 0xCA, 0x07, 0x94, 0x60, 0xFD, 0x6D, 0x88, 0x73 },
+      31 /* Bin Number */
+  },
+  {
+    /* WellsSecure_Public_Root_Certificate_Authority */
+    { 0xA7, 0x12, 0x72, 0xAE, 0xAA, 0xA3, 0xCF, 0xE8, 0x72, 0x7F, 0x7F, 0xB3, 0x9F, 0x0F, 0xB3, 0xD1,
+      0xE5, 0x42, 0x6E, 0x90, 0x60, 0xB0, 0x6E, 0xE6, 0xF1, 0x3E, 0x9A, 0x3C, 0x58, 0x33, 0xCD, 0x43 },
+      65 /* Bin Number */
+  },
+  {
+    /* OU_RSA_Security_2048_V3_O_RSA_Security_Inc */
+    { 0xAF, 0x8B, 0x67, 0x62, 0xA1, 0xE5, 0x28, 0x22, 0x81, 0x61, 0xA9, 0x5D, 0x5C, 0x55, 0x9E, 0xE2,
+      0x66, 0x27, 0x8F, 0x75, 0xD7, 0x9E, 0x83, 0x01, 0x89, 0xA5, 0x03, 0x50, 0x6A, 0xBD, 0x6B, 0x4C },
+      19 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xB0, 0x85, 0xD7, 0x0B, 0x96, 0x4F, 0x19, 0x1A, 0x73, 0xE4, 0xAF, 0x0D, 0x54, 0xAE, 0x7A, 0x0E,
+      0x07, 0xAA, 0xFD, 0xAF, 0x9B, 0x71, 0xDD, 0x08, 0x62, 0x13, 0x8A, 0xB7, 0x32, 0x5A, 0x24, 0xA2 },
+      235 /* Bin Number */
+  },
+  {
+    /* E_Tugra_Certification_Authority */
+    { 0xB0, 0xBF, 0xD5, 0x2B, 0xB0, 0xD7, 0xD9, 0xBD, 0x92, 0xBF, 0x5D, 0x4D, 0xC1, 0x3D, 0xA2, 0x55,
+      0xC0, 0x2C, 0x54, 0x2F, 0x37, 0x83, 0x65, 0xEA, 0x89, 0x39, 0x11, 0xF5, 0x5E, 0x55, 0xF2, 0x3C },
+      141 /* Bin Number */
+  },
+  {
+    /* Certainly_Root_E1 */
+    { 0xB4, 0x58, 0x5F, 0x22, 0xE4, 0xAC, 0x75, 0x6A, 0x4E, 0x86, 0x12, 0xA1, 0x36, 0x1C, 0x5D, 0x9D,
+      0x03, 0x1A, 0x93, 0xFD, 0x84, 0xFE, 0xBB, 0x77, 0x8F, 0xA3, 0x06, 0x8B, 0x0F, 0xC4, 0x2D, 0xC2 },
+      246 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority___G3 */
+    { 0xB4, 0x78, 0xB8, 0x12, 0x25, 0x0D, 0xF8, 0x78, 0x63, 0x5C, 0x2A, 0xA7, 0xEC, 0x7D, 0x15, 0x5E,
+      0xAA, 0x62, 0x5E, 0xE8, 0x29, 0x16, 0xE2, 0xCD, 0x29, 0x43, 0x61, 0x88, 0x6C, 0xD1, 0xFB, 0xD4 },
+      86 /* Bin Number */
+  },
+  {
+    /* Deutsche_Telekom_Root_CA_2 */
+    { 0xB6, 0x19, 0x1A, 0x50, 0xD0, 0xC3, 0x97, 0x7F, 0x7D, 0xA9, 0x9B, 0xCD, 0xAA, 0xC8, 0x6A, 0x22,
+      0x7D, 0xAE, 0xB9, 0x67, 0x9E, 0xC7, 0x0B, 0xA3, 0xB0, 0xC9, 0xD9, 0x22, 0x71, 0xC1, 0x70, 0xD3 },
+      75 /* Bin Number */
+  },
+  {
+    /* Certum_Trusted_Network_CA_2 */
+    { 0xB6, 0x76, 0xF2, 0xED, 0xDA, 0xE8, 0x77, 0x5C, 0xD3, 0x6C, 0xB0, 0xF6, 0x3C, 0xD1, 0xD4, 0x60,
+      0x39, 0x61, 0xF4, 0x9E, 0x62, 0x65, 0xBA, 0x01, 0x3A, 0x2F, 0x03, 0x07, 0xB6, 0xD0, 0xB8, 0x04 },
+      173 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_3_CA_1 */
+    { 0xB7, 0xB1, 0x2B, 0x17, 0x1F, 0x82, 0x1D, 0xAA, 0x99, 0x0C, 0xD0, 0xFE, 0x50, 0x87, 0xB1, 0x28,
+      0x44, 0x8B, 0xA8, 0xE5, 0x18, 0x4F, 0x84, 0xC5, 0x1E, 0x02, 0xB5, 0xC8, 0xFB, 0x96, 0x2B, 0x24 },
+      81 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G3 */
+    { 0xB7, 0xC3, 0x62, 0x31, 0x70, 0x6E, 0x81, 0x07, 0x8C, 0x36, 0x7C, 0xB8, 0x96, 0x19, 0x8F, 0x1E,
+      0x32, 0x08, 0xDD, 0x92, 0x69, 0x49, 0xDD, 0x8F, 0x57, 0x09, 0xA4, 0x10, 0xF7, 0x5B, 0x62, 0x92 },
+      180 /* Bin Number */
+  },
+  {
+    /* IGC_A */
+    { 0xB9, 0xBE, 0xA7, 0x86, 0x0A, 0x96, 0x2E, 0xA3, 0x61, 0x1D, 0xAB, 0x97, 0xAB, 0x6D, 0xA3, 0xE2,
+      0x1C, 0x10, 0x68, 0xB9, 0x7D, 0x55, 0x57, 0x5E, 0xD0, 0xE1, 0x12, 0x79, 0xC1, 0x1C, 0x89, 0x32 },
+      67 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_RootCA_2011 */
+    { 0xBC, 0x10, 0x4F, 0x15, 0xA4, 0x8B, 0xE7, 0x09, 0xDC, 0xA5, 0x42, 0xA7, 0xE1, 0xD4, 0xB9, 0xDF,
+      0x6F, 0x05, 0x45, 0x27, 0xE8, 0x02, 0xEA, 0xA9, 0x2D, 0x59, 0x54, 0x44, 0x25, 0x8A, 0xFE, 0x71 },
+      120 /* Bin Number */
+  },
+  {
+    /* emSign_ECC_Root_CA___C3 */
+    { 0xBC, 0x4D, 0x80, 0x9B, 0x15, 0x18, 0x9D, 0x78, 0xDB, 0x3E, 0x1D, 0x8C, 0xF4, 0xF9, 0x72, 0x6A,
+      0x79, 0x5D, 0xA1, 0x64, 0x3C, 0xA5, 0xF1, 0x35, 0x8E, 0x1D, 0xDB, 0x0E, 0xDC, 0x0D, 0x7E, 0xB3 },
+      209 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Premium_ECC */
+    { 0xBD, 0x71, 0xFD, 0xF6, 0xDA, 0x97, 0xE4, 0xCF, 0x62, 0xD1, 0x64, 0x7A, 0xDD, 0x25, 0x81, 0xB0,
+      0x7D, 0x79, 0xAD, 0xF8, 0x39, 0x7E, 0xB4, 0xEC, 0xBA, 0x9C, 0x5E, 0x84, 0x88, 0x82, 0x14, 0x23 },
+      112 /* Bin Number */
+  },
+  {
+    /* Secure_Certificate_Services */
+    { 0xBD, 0x81, 0xCE, 0x3B, 0x4F, 0x65, 0x91, 0xD1, 0x1A, 0x67, 0xB5, 0xFC, 0x7A, 0x47, 0xFD, 0xEF,
+      0x25, 0x52, 0x1B, 0xF9, 0xAA, 0x4E, 0x18, 0xB9, 0xE3, 0xDF, 0x2E, 0x34, 0xA7, 0x80, 0x3B, 0xE8 },
+      29 /* Bin Number */
+  },
+  {
+    /* SwissSign_Silver_CA___G2 */
+    { 0xBE, 0x6C, 0x4D, 0xA2, 0xBB, 0xB9, 0xBA, 0x59, 0xB6, 0xF3, 0x93, 0x97, 0x68, 0x37, 0x42, 0x46,
+      0xC3, 0xC0, 0x05, 0x99, 0x3F, 0xA9, 0x8F, 0x02, 0x0D, 0x1D, 0xED, 0xBE, 0xD4, 0x8A, 0x81, 0xD5 },
+      57 /* Bin Number */
+  },
+  {
+    /* e_Szigno_Root_CA_2017 */
+    { 0xBE, 0xB0, 0x0B, 0x30, 0x83, 0x9B, 0x9B, 0xC3, 0x2C, 0x32, 0xE4, 0x44, 0x79, 0x05, 0x95, 0x06,
+      0x41, 0xF2, 0x64, 0x21, 0xB1, 0x5E, 0xD0, 0x89, 0x19, 0x8B, 0x51, 0x8A, 0xE2, 0xEA, 0x1B, 0x99 },
+      214 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xBE, 0xC9, 0x49, 0x11, 0xC2, 0x95, 0x56, 0x76, 0xDB, 0x6C, 0x0A, 0x55, 0x09, 0x86, 0xD7, 0x6E,
+      0x3B, 0xA0, 0x05, 0x66, 0x7C, 0x44, 0x2C, 0x97, 0x62, 0xB4, 0xFB, 0xB7, 0x73, 0xDE, 0x22, 0x8C },
+      157 /* Bin Number */
+  },
+  {
+    /* SecureSign_RootCA11 */
+    { 0xBF, 0x0F, 0xEE, 0xFB, 0x9E, 0x3A, 0x58, 0x1A, 0xD5, 0xF9, 0xE9, 0xDB, 0x75, 0x89, 0x98, 0x57,
+      0x43, 0xD2, 0x61, 0x08, 0x5C, 0x4D, 0x31, 0x4F, 0x6F, 0x5D, 0x72, 0x59, 0xAA, 0x42, 0x16, 0x12 },
+      97 /* Bin Number */
+  },
+  {
+    /* TWCA_Root_Certification_Authority */
+    { 0xBF, 0xD8, 0x8F, 0xE1, 0x10, 0x1C, 0x41, 0xAE, 0x3E, 0x80, 0x1B, 0xF8, 0xBE, 0x56, 0x35, 0x0E,
+      0xE9, 0xBA, 0xD1, 0xA6, 0xB9, 0xBD, 0x51, 0x5E, 0xDC, 0x5C, 0x6D, 0x5B, 0x87, 0x11, 0xAC, 0x44 },
+      117 /* Bin Number */
+  },
+  {
+    /* GDCA_TrustAUTH_R5_ROOT */
+    { 0xBF, 0xFF, 0x8F, 0xD0, 0x44, 0x33, 0x48, 0x7D, 0x6A, 0x8A, 0xA6, 0x0C, 0x1A, 0x29, 0x76, 0x7A,
+      0x9F, 0xC2, 0xBB, 0xB0, 0x5E, 0x42, 0x0F, 0x71, 0x3A, 0x13, 0xB9, 0x92, 0x89, 0x1D, 0x38, 0x93 },
+      189 /* Bin Number */
+  },
+  {
+    /* OU_ePKI_Root_Certification_Authority_O__Chunghwa_Telecom_Co___Ltd___C_TW */
+    { 0xC0, 0xA6, 0xF4, 0xDC, 0x63, 0xA2, 0x4B, 0xFD, 0xCF, 0x54, 0xEF, 0x2A, 0x6A, 0x08, 0x2A, 0x0A,
+      0x72, 0xDE, 0x35, 0x80, 0x3E, 0x2F, 0xF5, 0xFF, 0x52, 0x7A, 0xE5, 0xD8, 0x72, 0x06, 0xDF, 0xD5 },
+      78 /* Bin Number */
+  },
+  {
+    /* OU_Trustis_FPS_Root_CA_O_Trustis_Limited_C_GB */
+    { 0xC1, 0xB4, 0x82, 0x99, 0xAB, 0xA5, 0x20, 0x8F, 0xE9, 0x63, 0x0A, 0xCE, 0x55, 0xCA, 0x68, 0xA0,
+      0x3E, 0xDA, 0x5A, 0x51, 0x9C, 0x88, 0x02, 0xA0, 0xD3, 0xA6, 0x73, 0xBE, 0x8F, 0x8E, 0x55, 0x7D },
+      122 /* Bin Number */
+  },
+  {
+    /* OU_Go_Daddy_Class_2_Certification_Authority_O__The_Go_Daddy_Group__Inc___C_US */
+    { 0xC3, 0x84, 0x6B, 0xF2, 0x4B, 0x9E, 0x93, 0xCA, 0x64, 0x27, 0x4C, 0x0E, 0xC6, 0x7C, 0x1E, 0xCC,
+      0x5E, 0x02, 0x4F, 0xFC, 0xAC, 0xD2, 0xD7, 0x40, 0x19, 0x35, 0x0E, 0x81, 0xFE, 0x54, 0x6A, 0xE4 },
+      43 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R2 */
+    { 0xC4, 0x5D, 0x7B, 0xB0, 0x8E, 0x6D, 0x67, 0xE6, 0x2E, 0x42, 0x35, 0x11, 0x0B, 0x56, 0x4E, 0x5F,
+      0x78, 0xFD, 0x92, 0xEF, 0x05, 0x8C, 0x84, 0x0A, 0xEA, 0x4E, 0x64, 0x55, 0xD7, 0x58, 0x5C, 0x60 },
+      200 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0xC4, 0x70, 0xCF, 0x54, 0x7E, 0x23, 0x02, 0xB9, 0x77, 0xFB, 0x29, 0xDD, 0x71, 0xA8, 0x9A, 0x7B,
+      0x6C, 0x1F, 0x60, 0x77, 0x7B, 0x03, 0x29, 0xF5, 0x60, 0x17, 0xF3, 0x28, 0xBF, 0x4F, 0x6B, 0xE6 },
+      55 /* Bin Number */
+  },
+  {
+    /* Microsoft_RSA_Root_Certificate_Authority_2017 */
+    { 0xC7, 0x41, 0xF7, 0x0F, 0x4B, 0x2A, 0x8D, 0x88, 0xBF, 0x2E, 0x71, 0xC1, 0x41, 0x22, 0xEF, 0x53,
+      0xEF, 0x10, 0xEB, 0xA0, 0xCF, 0xA5, 0xE6, 0x4C, 0xFA, 0x20, 0xF4, 0x18, 0x85, 0x30, 0x73, 0xE0 },
+      213 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority */
+    { 0xC7, 0x66, 0xA9, 0xBE, 0xF2, 0xD4, 0x07, 0x1C, 0x86, 0x3A, 0x31, 0xAA, 0x49, 0x20, 0xE8, 0x13,
+      0xB2, 0xD1, 0x98, 0x60, 0x8C, 0xB7, 0xB7, 0xCF, 0xE2, 0x11, 0x43, 0xB8, 0x36, 0xDF, 0x09, 0xEA },
+      45 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority_G2 */
+    { 0xC7, 0xBA, 0x65, 0x67, 0xDE, 0x93, 0xA7, 0x98, 0xAE, 0x1F, 0xAA, 0x79, 0x1E, 0x71, 0x2D, 0x37,
+      0x8F, 0xAE, 0x1F, 0x93, 0xC4, 0x39, 0x7F, 0xEA, 0x44, 0x1B, 0xB7, 0xCB, 0xE6, 0xFD, 0x59, 0x95 },
+      124 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Global_CA_2 */
+    { 0xCA, 0x2D, 0x82, 0xA0, 0x86, 0x77, 0x07, 0x2F, 0x8A, 0xB6, 0x76, 0x4F, 0xF0, 0x35, 0x67, 0x6C,
+      0xFE, 0x3E, 0x5E, 0x32, 0x5E, 0x01, 0x21, 0x72, 0xDF, 0x3F, 0x92, 0x09, 0x6D, 0xB7, 0x9B, 0x85 },
+      21 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xCA, 0x42, 0xDD, 0x41, 0x74, 0x5F, 0xD0, 0xB8, 0x1E, 0xB9, 0x02, 0x36, 0x2C, 0xF9, 0xD8, 0xBF,
+      0x71, 0x9D, 0xA1, 0xBD, 0x1B, 0x1E, 0xFC, 0x94, 0x6F, 0x5B, 0x4C, 0x99, 0xF4, 0x2C, 0x1B, 0x9E },
+      7 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_G2 */
+    { 0xCB, 0x3C, 0xCB, 0xB7, 0x60, 0x31, 0xE5, 0xE0, 0x13, 0x8F, 0x8D, 0xD3, 0x9A, 0x23, 0xF9, 0xDE,
+      0x47, 0xFF, 0xC3, 0x5E, 0x43, 0xC1, 0x14, 0x4C, 0xEA, 0x27, 0xD4, 0x6A, 0x5A, 0xB1, 0xCB, 0x5F },
+      149 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xCB, 0xB5, 0x22, 0xD7, 0xB7, 0xF1, 0x27, 0xAD, 0x6A, 0x01, 0x13, 0x86, 0x5B, 0xDF, 0x1C, 0xD4,
+      0x10, 0x2E, 0x7D, 0x07, 0x59, 0xAF, 0x63, 0x5A, 0x7C, 0xF4, 0x72, 0x0D, 0xC9, 0x63, 0xC5, 0x3B },
+      101 /* Bin Number */
+  },
+  {
+    /* GlobalSign_Root_E46 */
+    { 0xCB, 0xB9, 0xC4, 0x4D, 0x84, 0xB8, 0x04, 0x3E, 0x10, 0x50, 0xEA, 0x31, 0xA6, 0x9F, 0x51, 0x49,
+      0x55, 0xD7, 0xBF, 0xD2, 0xE2, 0xC6, 0xB4, 0x93, 0x01, 0x01, 0x9A, 0xD6, 0x1D, 0x9F, 0x50, 0x58 },
+      222 /* Bin Number */
+  },
+  {
+    /* XRamp_Global_Certification_Authority */
+    { 0xCE, 0xCD, 0xDC, 0x90, 0x50, 0x99, 0xD8, 0xDA, 0xDF, 0xC5, 0xB1, 0xD2, 0x09, 0xB7, 0x37, 0xCB,
+      0xE2, 0xC1, 0x8C, 0xFB, 0x2C, 0x10, 0xC0, 0xFF, 0x0B, 0xCF, 0x0D, 0x32, 0x86, 0xFC, 0x1A, 0xA2 },
+      42 /* Bin Number */
+  },
+  {
+    /* Equifax_Secure_eBusiness_CA_1 */
+    { 0xCF, 0x56, 0xFF, 0x46, 0xA4, 0xA1, 0x86, 0x10, 0x9D, 0xD9, 0x65, 0x84, 0xB5, 0xEE, 0xB5, 0x8A,
+      0x51, 0x0C, 0x42, 0x75, 0xB0, 0xE5, 0xF9, 0x4F, 0x40, 0xBB, 0xAE, 0x86, 0x5E, 0x19, 0xF6, 0x73 },
+      13 /* Bin Number */
+  },
+  {
+    /* TrustCor_RootCert_CA_1 */
+    { 0xD4, 0x0E, 0x9C, 0x86, 0xCD, 0x8F, 0xE4, 0x68, 0xC1, 0x77, 0x69, 0x59, 0xF4, 0x9E, 0xA7, 0x74,
+      0xFA, 0x54, 0x86, 0x84, 0xB6, 0xC4, 0x06, 0xF3, 0x90, 0x92, 0x61, 0xF4, 0xDC, 0xE2, 0x57, 0x5C },
+      190 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA */
+    { 0xD4, 0x1D, 0x82, 0x9E, 0x8C, 0x16, 0x59, 0x82, 0x2A, 0xF9, 0x3F, 0xCE, 0x62, 0xBF, 0xFC, 0xDE,
+      0x26, 0x4F, 0xC8, 0x4E, 0x8B, 0x95, 0x0C, 0x5F, 0xF2, 0x75, 0xD0, 0x52, 0x35, 0x46, 0x95, 0xA3 },
+      36 /* Bin Number */
+  },
+  {
+    /* UCA_Extended_Validation_Root */
+    { 0xD4, 0x3A, 0xF9, 0xB3, 0x54, 0x73, 0x75, 0x5C, 0x96, 0x84, 0xFC, 0x06, 0xD7, 0xD8, 0xCB, 0x70,
+      0xEE, 0x5C, 0x28, 0xE7, 0x73, 0xFB, 0x29, 0x4E, 0xB4, 0x1E, 0xE7, 0x17, 0x22, 0x92, 0x4D, 0x24 },
+      204 /* Bin Number */
+  },
+  {
+    /* Certification_Authority_of_WoSign_G2 */
+    { 0xD4, 0x87, 0xA5, 0x6F, 0x83, 0xB0, 0x74, 0x82, 0xE8, 0x5E, 0x96, 0x33, 0x94, 0xC1, 0xEC, 0xC2,
+      0xC9, 0xE5, 0x1D, 0x09, 0x03, 0xEE, 0x94, 0x6B, 0x02, 0xC3, 0x01, 0x58, 0x1E, 0xD9, 0x9E, 0x16 },
+      170 /* Bin Number */
+  },
+  {
+    /* Certigna_Root_CA */
+    { 0xD4, 0x8D, 0x3D, 0x23, 0xEE, 0xDB, 0x50, 0xA4, 0x59, 0xE5, 0x51, 0x97, 0x60, 0x1C, 0x27, 0x77,
+      0x4B, 0x9D, 0x7B, 0x18, 0xC9, 0x4D, 0x5A, 0x05, 0x95, 0x11, 0xA1, 0x02, 0x50, 0xB9, 0x31, 0x68 },
+      205 /* Bin Number */
+  },
+  {
+    /* CA______ */
+    { 0xD6, 0xF0, 0x34, 0xBD, 0x94, 0xAA, 0x23, 0x3F, 0x02, 0x97, 0xEC, 0xA4, 0x24, 0x5B, 0x28, 0x39,
+      0x73, 0xE4, 0x47, 0xAA, 0x59, 0x0F, 0x31, 0x0C, 0x77, 0xF4, 0x8F, 0xDF, 0x83, 0x11, 0x22, 0x54 },
+      153 /* Bin Number */
+  },
+  {
+    /* AAA_Certificate_Services */
+    { 0xD7, 0xA7, 0xA0, 0xFB, 0x5D, 0x7E, 0x27, 0x31, 0xD7, 0x71, 0xE9, 0x48, 0x4E, 0xBC, 0xDE, 0xF7,
+      0x1D, 0x5F, 0x0C, 0x3E, 0x0A, 0x29, 0x48, 0x78, 0x2B, 0xC8, 0x3E, 0xE0, 0xEA, 0x69, 0x9E, 0xF4 },
+      28 /* Bin Number */
+  },
+  {
+    /* Certum_CA */
+    { 0xD8, 0xE0, 0xFE, 0xBC, 0x1D, 0xB2, 0xE3, 0x8D, 0x00, 0x94, 0x0F, 0x37, 0xD2, 0x7D, 0x41, 0x34,
+      0x4D, 0x99, 0x3E, 0x73, 0x4B, 0x99, 0xD5, 0x65, 0x6D, 0x97, 0x78, 0xD4, 0xD8, 0x14, 0x36, 0x24 },
+      27 /* Bin Number */
+  },
+  {
+    /* GTS_Root_R1 */
+    { 0xD9, 0x47, 0x43, 0x2A, 0xBD, 0xE7, 0xB7, 0xFA, 0x90, 0xFC, 0x2E, 0x6B, 0x59, 0x10, 0x1B, 0x12,
+      0x80, 0xE0, 0xE1, 0xC7, 0xE4, 0xE4, 0x0F, 0xA3, 0xC6, 0x88, 0x7F, 0xFF, 0x57, 0xA7, 0xF4, 0xCF },
+      236 /* Bin Number */
+  },
+  {
+    /* HARICA_TLS_RSA_Root_CA_2021 */
+    { 0xD9, 0x5D, 0x0E, 0x8E, 0xDA, 0x79, 0x52, 0x5B, 0xF9, 0xBE, 0xB1, 0x1B, 0x14, 0xD2, 0x10, 0x0D,
+      0x32, 0x94, 0x98, 0x5F, 0x0C, 0x62, 0xD9, 0xFA, 0xBD, 0x9C, 0xD9, 0x99, 0xEC, 0xCB, 0x7B, 0x1D },
+      228 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_EV_CA_2 */
+    { 0xD9, 0x5F, 0xEA, 0x3C, 0xA4, 0xEE, 0xDC, 0xE7, 0x4C, 0xD7, 0x6E, 0x75, 0xFC, 0x6D, 0x1F, 0xF6,
+      0x2C, 0x44, 0x1F, 0x0F, 0xA8, 0xBC, 0x77, 0xF0, 0x34, 0xB1, 0x9E, 0x5D, 0xB2, 0x58, 0x01, 0x5D },
+      135 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority___G4 */
+    { 0xDB, 0x35, 0x17, 0xD1, 0xF6, 0x73, 0x2A, 0x2D, 0x5A, 0xB9, 0x7C, 0x53, 0x3E, 0xC7, 0x07, 0x79,
+      0xEE, 0x32, 0x70, 0xA6, 0x2F, 0xB4, 0xAC, 0x42, 0x38, 0x37, 0x24, 0x60, 0xE6, 0xF0, 0x1E, 0x88 },
+      211 /* Bin Number */
+  },
+  {
+    /* TeliaSonera_Root_CA_v1 */
+    { 0xDD, 0x69, 0x36, 0xFE, 0x21, 0xF8, 0xF0, 0x77, 0xC1, 0x23, 0xA1, 0xA5, 0x21, 0xC1, 0x22, 0x24,
+      0xF7, 0x22, 0x55, 0xB7, 0x3E, 0x03, 0xA7, 0x26, 0x06, 0x93, 0xE8, 0xA2, 0x4B, 0x0F, 0xA3, 0x89 },
+      140 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority */
+    { 0xE1, 0x78, 0x90, 0xEE, 0x09, 0xA3, 0xFB, 0xF4, 0xF4, 0x8B, 0x9C, 0x41, 0x4A, 0x17, 0xD6, 0x37,
+      0xB7, 0xA5, 0x06, 0x47, 0xE9, 0xBC, 0x75, 0x23, 0x22, 0x72, 0x7F, 0xCC, 0x17, 0x42, 0xA9, 0x11 },
+      123 /* Bin Number */
+  },
+  {
+    /* CA_Disig_Root_R2 */
+    { 0xE2, 0x3D, 0x4A, 0x03, 0x6D, 0x7B, 0x70, 0xE9, 0xF5, 0x95, 0xB1, 0x42, 0x20, 0x79, 0xD2, 0xB9,
+      0x1E, 0xDF, 0xBB, 0x1F, 0xB6, 0x51, 0xA0, 0x63, 0x3E, 0xAA, 0x8A, 0x9D, 0xC5, 0xF8, 0x07, 0x03 },
+      137 /* Bin Number */
+  },
+  {
+    /* CNNIC_ROOT */
+    { 0xE2, 0x83, 0x93, 0x77, 0x3D, 0xA8, 0x45, 0xA6, 0x79, 0xF2, 0x08, 0x0C, 0xC7, 0xFB, 0x44, 0xA3,
+      0xB7, 0xA1, 0xC3, 0x79, 0x2C, 0xB7, 0xEB, 0x77, 0x29, 0xFD, 0xCB, 0x6A, 0x8D, 0x99, 0xAE, 0xA7 },
+      84 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_4 */
+    { 0xE3, 0x5D, 0x28, 0x41, 0x9E, 0xD0, 0x20, 0x25, 0xCF, 0xA6, 0x90, 0x38, 0xCD, 0x62, 0x39, 0x62,
+      0x45, 0x8D, 0xA5, 0xC6, 0x95, 0xFB, 0xDE, 0xA3, 0xC2, 0x2B, 0x0B, 0xFB, 0x25, 0x89, 0x70, 0x92 },
+      186 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_4_Public_Primary_Certification_Authority___G3 */
+    { 0xE3, 0x89, 0x36, 0x0D, 0x0F, 0xDB, 0xAE, 0xB3, 0xD2, 0x50, 0x58, 0x4B, 0x47, 0x30, 0x31, 0x4E,
+      0x22, 0x2F, 0x39, 0xC1, 0x56, 0xA0, 0x20, 0x14, 0x4E, 0x8D, 0x96, 0x05, 0x61, 0x79, 0x15, 0x06 },
+      9 /* Bin Number */
+  },
+  {
+    /* Certigna */
+    { 0xE3, 0xB6, 0xA2, 0xDB, 0x2E, 0xD7, 0xCE, 0x48, 0x84, 0x2F, 0x7A, 0xC5, 0x32, 0x41, 0xC7, 0xB7,
+      0x1D, 0x54, 0x14, 0x4B, 0xFB, 0x40, 0xC1, 0x1F, 0x3F, 0x1D, 0x0B, 0x42, 0xF5, 0xEE, 0xA1, 0x2D },
+      71 /* Bin Number */
+  },
+  {
+    /* T_B_TAK_UEKAE_K_k_Sertifika_Hizmet_Sa_lay_c_s____S_r_m_3 */
+    { 0xE4, 0xC7, 0x34, 0x30, 0xD7, 0xA5, 0xB5, 0x09, 0x25, 0xDF, 0x43, 0x37, 0x0A, 0x0D, 0x21, 0x6E,
+      0x9A, 0x79, 0xB9, 0xD6, 0xDB, 0x83, 0x73, 0xA0, 0xC6, 0x9E, 0xB1, 0xCC, 0x31, 0xC7, 0xC5, 0x2A },
+      79 /* Bin Number */
+  },
+  {
+    /* D_TRUST_BR_Root_CA_1_2020 */
+    { 0xE5, 0x9A, 0xAA, 0x81, 0x60, 0x09, 0xC2, 0x2B, 0xFF, 0x5B, 0x25, 0xBA, 0xD3, 0x7D, 0xF3, 0x06,
+      0xF0, 0x49, 0x79, 0x7C, 0x1F, 0x81, 0xD8, 0x5A, 0xB0, 0x89, 0xE6, 0x57, 0xBD, 0x8F, 0x00, 0x44 },
+      241 /* Bin Number */
+  },
+  {
+    /* e_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi */
+    { 0xE6, 0x09, 0x07, 0x84, 0x65, 0xA4, 0x19, 0x78, 0x0C, 0xB6, 0xAC, 0x4C, 0x1C, 0x0B, 0xFB, 0x46,
+      0x53, 0xD9, 0xD9, 0xCC, 0x6E, 0xB3, 0x94, 0x6E, 0xB7, 0xF3, 0xD6, 0x99, 0x97, 0xBA, 0xD5, 0x98 },
+      100 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Class_2_CA_II */
+    { 0xE6, 0xB8, 0xF8, 0x76, 0x64, 0x85, 0xF8, 0x07, 0xAE, 0x7F, 0x8D, 0xAC, 0x16, 0x70, 0x46, 0x1F,
+      0x07, 0xC0, 0xA1, 0x3E, 0xEF, 0x3A, 0x1F, 0xF7, 0x17, 0x53, 0x8D, 0x7A, 0xBA, 0xD3, 0x91, 0xB4 },
+      72 /* Bin Number */
+  },
+  {
+    /* Security_Communication_ECC_RootCA1 */
+    { 0xE7, 0x4F, 0xBD, 0xA5, 0x5B, 0xD5, 0x64, 0xC4, 0x73, 0xA3, 0x6B, 0x44, 0x1A, 0xA7, 0x99, 0xC8,
+      0xA6, 0x8E, 0x07, 0x74, 0x40, 0xE8, 0x28, 0x8B, 0x9F, 0xA1, 0xE5, 0x0E, 0x4B, 0xBA, 0xCA, 0x11 },
+      250 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_RootCA1_O_SECOM_Trust_net_C_JP */
+    { 0xE7, 0x5E, 0x72, 0xED, 0x9F, 0x56, 0x0E, 0xEC, 0x6E, 0xB4, 0x80, 0x00, 0x73, 0xA4, 0x3F, 0xC3,
+      0xAD, 0x19, 0x19, 0x5A, 0x39, 0x22, 0x82, 0x01, 0x78, 0x95, 0x97, 0x4A, 0x99, 0x02, 0x6B, 0x6C },
+      34 /* Bin Number */
+  },
+  {
+    /* USERTrust_RSA_Certification_Authority */
+    { 0xE7, 0x93, 0xC9, 0xB0, 0x2F, 0xD8, 0xAA, 0x13, 0xE2, 0x1C, 0x31, 0x22, 0x8A, 0xCC, 0xB0, 0x81,
+      0x19, 0x64, 0x3B, 0x74, 0x9C, 0x89, 0x89, 0x64, 0xB1, 0x74, 0x6D, 0x46, 0xC3, 0xD4, 0xCB, 0xD2 },
+      155 /* Bin Number */
+  },
+  {
+    /* OU_certSIGN_ROOT_CA_O_certSIGN_C_RO */
+    { 0xEA, 0xA9, 0x62, 0xC4, 0xFA, 0x4A, 0x6B, 0xAF, 0xEB, 0xE4, 0x15, 0x19, 0x6D, 0x35, 0x1C, 0xCD,
+      0x88, 0x8D, 0x4F, 0x53, 0xF3, 0xFA, 0x8A, 0xE6, 0xD7, 0xC4, 0x66, 0xA9, 0x4E, 0x60, 0x42, 0xBB },
+      83 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G3 */
+    { 0xEB, 0x04, 0xCF, 0x5E, 0xB1, 0xF3, 0x9A, 0xFA, 0x76, 0x2F, 0x2B, 0xB1, 0x20, 0xF2, 0x96, 0xCB,
+      0xA5, 0x20, 0xC1, 0xB9, 0x7D, 0xB1, 0x58, 0x95, 0x65, 0xB8, 0x1C, 0xB9, 0xA1, 0x7B, 0x72, 0x44 },
+      8 /* Bin Number */
+  },
+  {
+    /* OU_AC_RAIZ_FNMT_RCM_O_FNMT_RCM_C_ES */
+    { 0xEB, 0xC5, 0x57, 0x0C, 0x29, 0x01, 0x8C, 0x4D, 0x67, 0xB1, 0xAA, 0x12, 0x7B, 0xAF, 0x12, 0xF7,
+      0x03, 0xB4, 0x61, 0x1E, 0xBC, 0x17, 0xB7, 0xDA, 0xB5, 0x57, 0x38, 0x94, 0x17, 0x9B, 0x93, 0xFA },
+      182 /* Bin Number */
+  },
+  {
+    /* GlobalSign_Root_CA */
+    { 0xEB, 0xD4, 0x10, 0x40, 0xE4, 0xBB, 0x3E, 0xC7, 0x42, 0xC9, 0xE3, 0x81, 0xD3, 0x1E, 0xF2, 0xA4,
+      0x1A, 0x48, 0xB6, 0x68, 0x5C, 0x96, 0xE7, 0xCE, 0xF3, 0xC1, 0xDF, 0x6C, 0xD4, 0x33, 0x1C, 0x99 },
+      6 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Universal_CA_I */
+    { 0xEB, 0xF3, 0xC0, 0x2A, 0x87, 0x89, 0xB1, 0xFB, 0x7D, 0x51, 0x19, 0x95, 0xD6, 0x63, 0xB7, 0x29,
+      0x06, 0xD9, 0x13, 0xCE, 0x0D, 0x5E, 0x10, 0x56, 0x8A, 0x8A, 0x77, 0xE2, 0x58, 0x61, 0x67, 0xE7 },
+      74 /* Bin Number */
+  },
+  {
+    /* Juur_SK */
+    { 0xEC, 0xC3, 0xE9, 0xC3, 0x40, 0x75, 0x03, 0xBE, 0xE0, 0x91, 0xAA, 0x95, 0x2F, 0x41, 0x34, 0x8F,
+      0xF8, 0x8B, 0xAA, 0x86, 0x3B, 0x22, 0x64, 0xBE, 0xFA, 0xC8, 0x07, 0x90, 0x15, 0x74, 0xE9, 0x39 },
+      95 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_3_Root_CA */
+    { 0xED, 0xF7, 0xEB, 0xBC, 0xA2, 0x7A, 0x2A, 0x38, 0x4D, 0x38, 0x7B, 0x7D, 0x40, 0x10, 0xC6, 0x66,
+      0xE2, 0xED, 0xB4, 0x84, 0x3E, 0x4C, 0x29, 0xB4, 0xAE, 0x1D, 0x5B, 0x93, 0x32, 0xE6, 0xB2, 0x4D },
+      126 /* Bin Number */
+  },
+  {
+    /* D_TRUST_Root_Class_3_CA_2_EV_2009 */
+    { 0xEE, 0xC5, 0x49, 0x6B, 0x98, 0x8C, 0xE9, 0x86, 0x25, 0xB9, 0x34, 0x09, 0x2E, 0xEC, 0x29, 0x08,
+      0xBE, 0xD0, 0xB0, 0xF3, 0x16, 0xC2, 0xD4, 0x73, 0x0C, 0x84, 0xEA, 0xF1, 0xF3, 0xD3, 0x48, 0x81 },
+      131 /* Bin Number */
+  },
+  {
+    /* Global_Chambersign_Root */
+    { 0xEF, 0x3C, 0xB4, 0x17, 0xFC, 0x8E, 0xBF, 0x6F, 0x97, 0x87, 0x6C, 0x9E, 0x4E, 0xCE, 0x39, 0xDE,
+      0x1E, 0xA5, 0xFE, 0x64, 0x91, 0x41, 0xD1, 0x02, 0x8B, 0x7D, 0x11, 0xC0, 0xB2, 0x29, 0x8C, 0xED },
+      40 /* Bin Number */
+  },
+  {
+    /* E_Tugra_Global_Root_CA_RSA_v3 */
+    { 0xEF, 0x66, 0xB0, 0xB1, 0x0A, 0x3C, 0xDB, 0x9F, 0x2E, 0x36, 0x48, 0xC7, 0x6B, 0xD2, 0xAF, 0x18,
+      0xEA, 0xD2, 0xBF, 0xE6, 0xF1, 0x17, 0x65, 0x5E, 0x28, 0xC4, 0x06, 0x0D, 0xA1, 0xA3, 0xF4, 0xC2 },
+      247 /* Bin Number */
+  },
+  {
+    /* HiPKI_Root_CA___G1 */
+    { 0xF0, 0x15, 0xCE, 0x3C, 0xC2, 0x39, 0xBF, 0xEF, 0x06, 0x4B, 0xE9, 0xF1, 0xD2, 0xC4, 0x17, 0xE1,
+      0xA0, 0x26, 0x4A, 0x0A, 0x94, 0xBE, 0x1F, 0x0C, 0x8D, 0x12, 0x18, 0x64, 0xEB, 0x69, 0x49, 0xCC },
+      234 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_CA_2 */
+    { 0xF0, 0x9B, 0x12, 0x2C, 0x71, 0x14, 0xF4, 0xA0, 0x9B, 0xD4, 0xEA, 0x4F, 0x4A, 0x99, 0xD5, 0x58,
+      0xB4, 0x6E, 0x4C, 0x25, 0xCD, 0x81, 0x14, 0x0D, 0x29, 0xC0, 0x56, 0x13, 0x91, 0x4C, 0x38, 0x41 },
+      134 /* Bin Number */
+  },
+  {
+    /* SecureTrust_CA */
+    { 0xF1, 0xC1, 0xB5, 0x0A, 0xE5, 0xA2, 0x0D, 0xD8, 0x03, 0x0E, 0xC9, 0xF6, 0xBC, 0x24, 0x82, 0x3D,
+      0xD3, 0x67, 0xB5, 0x25, 0x57, 0x59, 0xB4, 0xE7, 0x1B, 0x61, 0xFC, 0xE9, 0xF7, 0x37, 0x5D, 0x73 },
+      61 /* Bin Number */
+  },
+  {
+    /* Atos_TrustedRoot_2011 */
+    { 0xF3, 0x56, 0xBE, 0xA2, 0x44, 0xB7, 0xA9, 0x1E, 0xB3, 0x5D, 0x53, 0xCA, 0x9A, 0xD7, 0x86, 0x4A,
+      0xCE, 0x01, 0x8E, 0x2D, 0x35, 0xD5, 0xF8, 0xF9, 0x6D, 0xDF, 0x68, 0xA6, 0xF4, 0x1A, 0xA4, 0x74 },
+      143 /* Bin Number */
+  },
+  {
+    /* CA_Disig_Root_R1 */
+    { 0xF9, 0x6F, 0x23, 0xF4, 0xC3, 0xE7, 0x9C, 0x07, 0x7A, 0x46, 0x98, 0x8D, 0x5A, 0xF5, 0x90, 0x06,
+      0x76, 0xA0, 0xF0, 0x39, 0xCB, 0x64, 0x5D, 0xD1, 0x75, 0x49, 0xB2, 0x16, 0xC8, 0x24, 0x40, 0xCE },
+      136 /* Bin Number */
+  },
+  {
+    /* Hongkong_Post_Root_CA_1 */
+    { 0xF9, 0xE6, 0x7D, 0x33, 0x6C, 0x51, 0x00, 0x2A, 0xC0, 0x54, 0xC6, 0x32, 0x02, 0x2D, 0x66, 0xDD,
+      0xA2, 0xE7, 0xE3, 0xFF, 0xF1, 0x0A, 0xD0, 0x61, 0xED, 0x31, 0xD8, 0xBB, 0xB4, 0x10, 0xCF, 0xB2 },
+      96 /* Bin Number */
+  },
+  {
+    /* ANF_Secure_Server_Root_CA */
+    { 0xFB, 0x8F, 0xEC, 0x75, 0x91, 0x69, 0xB9, 0x10, 0x6B, 0x1E, 0x51, 0x16, 0x44, 0xC6, 0x18, 0xC5,
+      0x13, 0x04, 0x37, 0x3F, 0x6C, 0x06, 0x43, 0x08, 0x8D, 0x8B, 0xEF, 0xFD, 0x1B, 0x99, 0x75, 0x99 },
+      224 /* Bin Number */
+  },
+  {
+    /* Certinomis___Autorit__Racine */
+    { 0xFC, 0xBF, 0xE2, 0x88, 0x62, 0x06, 0xF7, 0x2B, 0x27, 0x59, 0x3C, 0x8B, 0x07, 0x02, 0x97, 0xE1,
+      0x2D, 0x76, 0x9E, 0xD1, 0x0E, 0xD7, 0x93, 0x07, 0x05, 0xA8, 0x09, 0x8E, 0xFF, 0xC1, 0x4D, 0x17 },
+      114 /* Bin Number */
+  },
+  {
+    /* T_TeleSec_GlobalRoot_Class_3 */
+    { 0xFD, 0x73, 0xDA, 0xD3, 0x1C, 0x64, 0x4F, 0xF1, 0xB4, 0x3B, 0xEF, 0x0C, 0xCD, 0xDA, 0x96, 0x71,
+      0x0B, 0x9C, 0xD9, 0x87, 0x5E, 0xCA, 0x7E, 0x31, 0x70, 0x7A, 0xF3, 0xE9, 0x6D, 0x52, 0x2B, 0xBD },
+      127 /* Bin Number */
+  },
+  {
+    /* Certum_Trusted_Root_CA */
+    { 0xFE, 0x76, 0x96, 0x57, 0x38, 0x55, 0x77, 0x3E, 0x37, 0xA9, 0x5E, 0x7A, 0xD4, 0xD9, 0xCC, 0x96,
+      0xC3, 0x01, 0x57, 0xC1, 0x5D, 0x31, 0x76, 0x5B, 0xA9, 0xB1, 0x57, 0x04, 0xE1, 0xAE, 0x78, 0xFD },
+      226 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Global_CA */
+    { 0xFF, 0x85, 0x6A, 0x2D, 0x25, 0x1D, 0xCD, 0x88, 0xD3, 0x66, 0x56, 0xF4, 0x50, 0x12, 0x67, 0x98,
+      0xCF, 0xAB, 0xAA, 0xDE, 0x40, 0x79, 0x9C, 0x72, 0x2D, 0xE4, 0xD2, 0xB5, 0xDB, 0x36, 0xA7, 0x3A },
+      20 /* Bin Number */
+  },
+};
+
diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp
new file mode 100644
index 0000000000..f22ddb5917
--- /dev/null
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -0,0 +1,1130 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// During certificate authentication, we call CertVerifier::VerifySSLServerCert.
+// This function may make zero or more HTTP requests (e.g. to gather revocation
+// information). Our fetching logic for these requests processes them on the
+// socket transport service thread.
+//
+// Because the connection for which we are verifying the certificate is
+// happening on the socket transport thread, if our cert auth hook were to call
+// VerifySSLServerCert directly, there would be a deadlock: VerifySSLServerCert
+// would cause an event to be asynchronously posted to the socket transport
+// thread, and then it would block the socket transport thread waiting to be
+// notified of the HTTP response. However, the HTTP request would never actually
+// be processed because the socket transport thread would be blocked and so it
+// wouldn't be able process HTTP requests.
+//
+// Consequently, when we are asked to verify a certificate, we must always call
+// VerifySSLServerCert on another thread. To accomplish this, our auth cert hook
+// dispatches a SSLServerCertVerificationJob to a pool of background threads,
+// and then immediately returns SECWouldBlock to libssl. These jobs are where
+// VerifySSLServerCert is actually called.
+//
+// When our auth cert hook returns SECWouldBlock, libssl will carry on the
+// handshake while we validate the certificate. This will free up the socket
+// transport thread so that HTTP requests--including the OCSP requests needed
+// for cert verification as mentioned above--can be processed.
+//
+// Once VerifySSLServerCert returns, the cert verification job dispatches a
+// SSLServerCertVerificationResult to the socket transport thread; the
+// SSLServerCertVerificationResult will notify libssl that the certificate
+// authentication is complete. Once libssl is notified that the authentication
+// is complete, it will continue the TLS handshake (if it hasn't already
+// finished) and it will begin allowing us to send/receive data on the
+// connection.
+//
+// Timeline of events (for connections managed by the socket transport service):
+//
+//    * libssl calls SSLServerCertVerificationJob::Dispatch on the socket
+//      transport thread.
+//    * SSLServerCertVerificationJob::Dispatch queues a job
+//      (instance of SSLServerCertVerificationJob) to its background thread
+//      pool and returns.
+//    * One of the background threads calls CertVerifier::VerifySSLServerCert,
+//      which may enqueue some HTTP request(s) onto the socket transport thread,
+//      and then blocks that background thread waiting for the responses and/or
+//      timeouts or errors for those requests.
+//    * Once those HTTP responses have all come back or failed, the
+//      CertVerifier::VerifySSLServerCert function returns a result indicating
+//      that the validation succeeded or failed.
+//    * If the validation succeeded, then a SSLServerCertVerificationResult
+//      event is posted to the socket transport thread, and the cert
+//      verification thread becomes free to verify other certificates.
+//    * Otherwise, we do cert override processing to see if the validation
+//      error can be convered by override rules. The result of this processing
+//      is similarly dispatched in a SSLServerCertVerificationResult.
+//    * The SSLServerCertVerificationResult event will either wake up the
+//      socket (using SSL_AuthCertificateComplete) if validation succeeded or
+//      there was an error override, or it will set an error flag so that the
+//      next I/O operation on the socket will fail, causing the socket transport
+//      thread to close the connection.
+//
+// SSLServerCertVerificationResult must be dispatched to the socket transport
+// thread because we must only call SSL_* functions on the socket transport
+// thread since they may do I/O, because many parts of NSSSocketControl and the
+// PSM NSS I/O layer are not thread-safe, and because we need the event to
+// interrupt the PR_Poll that may waiting for I/O on the socket for which we
+// are validating the cert.
+//
+// When socket process is enabled, libssl is running on socket process. To
+// perform certificate authentication with CertVerifier, we have to send all
+// needed information to parent process and send the result back to socket
+// process via IPC. The workflow is described below.
+// 1. In AuthCertificateHookInternal(), we call RemoteProcessCertVerification()
+//    instead of SSLServerCertVerificationJob::Dispatch when we are on socket
+//    process.
+// 2. In RemoteProcessCertVerification(), PVerifySSLServerCert actors will be
+//    created on IPDL background thread for carrying needed information via IPC.
+// 3. On parent process, VerifySSLServerCertParent is created and it calls
+//    SSLServerCertVerificationJob::Dispatch for doing certificate verification
+//    on one of CertVerificationThreads.
+// 4. When validation is done, OnVerifiedSSLServerCertSuccess IPC message is
+//    sent through the IPDL background thread when
+//    CertVerifier::VerifySSLServerCert returns Success. Otherwise,
+//    OnVerifiedSSLServerCertFailure is sent.
+// 5. After setp 4, PVerifySSLServerCert actors will be released. The
+//    verification result will be dispatched via
+//    SSLServerCertVerificationResult.
+
+#include "SSLServerCertVerification.h"
+
+#include <cstring>
+
+#include "CertVerifier.h"
+#include "CryptoTask.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "NSSSocketControl.h"
+#include "PSMRunnable.h"
+#include "RootCertificateTelemetryUtils.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "SharedSSLState.h"
+#include "VerifySSLServerCertChild.h"
+#include "cert.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/Unused.h"
+#include "nsComponentManagerUtils.h"
+#include "nsContentUtils.h"
+#include "nsICertOverrideService.h"
+#include "nsIPublicKeyPinningService.h"
+#include "nsISiteSecurityService.h"
+#include "nsISocketProvider.h"
+#include "nsThreadPool.h"
+#include "nsNetUtil.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSIOLayer.h"
+#include "nsServiceManagerUtils.h"
+#include "nsString.h"
+#include "nsURLHelper.h"
+#include "nsXPCOMCIDInternal.h"
+#include "mozpkix/pkix.h"
+#include "mozpkix/pkixcheck.h"
+#include "mozpkix/pkixnss.h"
+#include "mozpkix/pkixutil.h"
+#include "secerr.h"
+#include "secport.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslexp.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+using namespace mozilla::pkix;
+
+namespace mozilla {
+namespace psm {
+
+// do not use a nsCOMPtr to avoid static initializer/destructor
+nsIThreadPool* gCertVerificationThreadPool = nullptr;
+
+// Called when the socket transport thread starts, to initialize the SSL cert
+// verification thread pool. By tying the thread pool startup/shutdown directly
+// to the STS thread's lifetime, we ensure that they are *always* available for
+// SSL connections and that there are no races during startup and especially
+// shutdown. (Previously, we have had multiple problems with races in PSM
+// background threads, and the race-prevention/shutdown logic used there is
+// brittle. Since this service is critical to things like downloading updates,
+// we take no chances.) Also, by doing things this way, we avoid the need for
+// locks, since gCertVerificationThreadPool is only ever accessed on the socket
+// transport thread.
+void InitializeSSLServerCertVerificationThreads() {
+  // TODO: tuning, make parameters preferences
+  gCertVerificationThreadPool = new nsThreadPool();
+  NS_ADDREF(gCertVerificationThreadPool);
+
+  (void)gCertVerificationThreadPool->SetIdleThreadLimit(5);
+  (void)gCertVerificationThreadPool->SetIdleThreadTimeout(30 * 1000);
+  (void)gCertVerificationThreadPool->SetThreadLimit(5);
+  (void)gCertVerificationThreadPool->SetName("SSL Cert"_ns);
+}
+
+// Called when the socket transport thread finishes, to destroy the thread
+// pool. Since the socket transport service has stopped processing events, it
+// will not attempt any more SSL I/O operations, so it is clearly safe to shut
+// down the SSL cert verification infrastructure. Also, the STS will not
+// dispatch many SSL verification result events at this point, so any pending
+// cert verifications will (correctly) fail at the point they are dispatched.
+//
+// The other shutdown race condition that is possible is a race condition with
+// shutdown of the nsNSSComponent service. We use the
+// nsNSSShutdownPreventionLock where needed (not here) to prevent that.
+void StopSSLServerCertVerificationThreads() {
+  if (gCertVerificationThreadPool) {
+    gCertVerificationThreadPool->Shutdown();
+    NS_RELEASE(gCertVerificationThreadPool);
+  }
+}
+
+// A probe value of 1 means "no error".
+uint32_t MapOverridableErrorToProbeValue(PRErrorCode errorCode) {
+  switch (errorCode) {
+    case SEC_ERROR_UNKNOWN_ISSUER:
+      return 2;
+    case SEC_ERROR_CA_CERT_INVALID:
+      return 3;
+    case SEC_ERROR_UNTRUSTED_ISSUER:
+      return 4;
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+      return 5;
+    case SEC_ERROR_UNTRUSTED_CERT:
+      return 6;
+    case SEC_ERROR_INADEQUATE_KEY_USAGE:
+      return 7;
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+      return 8;
+    case SSL_ERROR_BAD_CERT_DOMAIN:
+      return 9;
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+      return 10;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+      return 11;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
+      return 12;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
+      return 13;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
+      return 14;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+      return 15;
+    case SEC_ERROR_INVALID_TIME:
+      return 16;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME:
+      return 17;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED:
+      return 18;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT:
+      return 19;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_MITM_DETECTED:
+      return 20;
+  }
+  NS_WARNING(
+      "Unknown certificate error code. Does MapOverridableErrorToProbeValue "
+      "handle everything in CategorizeCertificateError?");
+  return 0;
+}
+
+static uint32_t MapCertErrorToProbeValue(PRErrorCode errorCode) {
+  uint32_t probeValue;
+  switch (errorCode) {
+    // see security/pkix/include/pkix/Result.h
+#define MOZILLA_PKIX_MAP(name, value, nss_name) \
+  case nss_name:                                \
+    probeValue = value;                         \
+    break;
+    MOZILLA_PKIX_MAP_LIST
+#undef MOZILLA_PKIX_MAP
+    default:
+      return 0;
+  }
+
+  // Since FATAL_ERROR_FLAG is 0x800, fatal error values are much larger than
+  // non-fatal error values. To conserve space, we remap these so they start at
+  // (decimal) 90 instead of 0x800. Currently there are ~50 non-fatal errors
+  // mozilla::pkix might return, so saving space for 90 should be sufficient
+  // (similarly, there are 4 fatal errors, so saving space for 10 should also
+  // be sufficient).
+  static_assert(
+      FATAL_ERROR_FLAG == 0x800,
+      "mozilla::pkix::FATAL_ERROR_FLAG is not what we were expecting");
+  if (probeValue & FATAL_ERROR_FLAG) {
+    probeValue ^= FATAL_ERROR_FLAG;
+    probeValue += 90;
+  }
+  return probeValue;
+}
+
+// If the given PRErrorCode is an overridable certificate error, return which
+// category (trust, time, domain mismatch) it falls in. If it is not
+// overridable, return Nothing.
+Maybe<nsITransportSecurityInfo::OverridableErrorCategory>
+CategorizeCertificateError(PRErrorCode certificateError) {
+  switch (certificateError) {
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_MITM_DETECTED:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
+      return Some(
+          nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TRUST);
+
+    case SSL_ERROR_BAD_CERT_DOMAIN:
+      return Some(
+          nsITransportSecurityInfo::OverridableErrorCategory::ERROR_DOMAIN);
+
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
+      return Some(
+          nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TIME);
+
+    default:
+      break;
+  }
+  return Nothing();
+}
+
+// Helper function to determine if overrides are allowed for this host.
+// Overrides are not allowed for known HSTS hosts or hosts with pinning
+// information. However, IP addresses can never be HSTS hosts and don't have
+// pinning information.
+static nsresult OverrideAllowedForHost(
+    uint64_t aPtrForLog, const nsACString& aHostname,
+    const OriginAttributes& aOriginAttributes, /*out*/ bool& aOverrideAllowed) {
+  aOverrideAllowed = false;
+
+  // If this is an IP address, overrides are allowed, because an IP address is
+  // never an HSTS host. nsISiteSecurityService takes this into account
+  // already, but the real problem here is that calling NS_NewURI with an IPv6
+  // address fails. We do this to avoid that. A more comprehensive fix would be
+  // to have Necko provide an nsIURI to PSM and to use that here (and
+  // everywhere). However, that would be a wide-spanning change.
+  if (net_IsValidIPv6Addr(aHostname)) {
+    aOverrideAllowed = true;
+    return NS_OK;
+  }
+
+  // If this is an HTTP Strict Transport Security host or a pinned host and the
+  // certificate is bad, don't allow overrides (RFC 6797 section 12.1).
+  bool strictTransportSecurityEnabled = false;
+  bool isStaticallyPinned = false;
+  nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
+  if (!sss) {
+    MOZ_LOG(
+        gPIPNSSLog, LogLevel::Debug,
+        ("[0x%" PRIx64 "] Couldn't get nsISiteSecurityService to check HSTS",
+         aPtrForLog));
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIURI> uri;
+  nsresult rv = NS_NewURI(getter_AddRefs(uri), "https://"_ns + aHostname);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[0x%" PRIx64 "] Creating new URI failed", aPtrForLog));
+    return rv;
+  }
+
+  rv =
+      sss->IsSecureURI(uri, aOriginAttributes, &strictTransportSecurityEnabled);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[0x%" PRIx64 "] checking for HSTS failed", aPtrForLog));
+    return rv;
+  }
+
+  nsCOMPtr<nsIPublicKeyPinningService> pkps =
+      do_GetService(NS_PKPSERVICE_CONTRACTID, &rv);
+  if (!pkps) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[0x%" PRIx64
+             "] Couldn't get nsIPublicKeyPinningService to check pinning",
+             aPtrForLog));
+    return NS_ERROR_FAILURE;
+  }
+  rv = pkps->HostHasPins(uri, &isStaticallyPinned);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[0x%" PRIx64 "] checking for static pin failed", aPtrForLog));
+    return rv;
+  }
+
+  aOverrideAllowed = !strictTransportSecurityEnabled && !isStaticallyPinned;
+  return NS_OK;
+}
+
+// This function assumes that we will only use the SPDY connection coalescing
+// feature on connections where we have negotiated SPDY using NPN. If we ever
+// talk SPDY without having negotiated it with SPDY, this code will give wrong
+// and perhaps unsafe results.
+//
+// Returns SECSuccess on the initial handshake of all connections, on
+// renegotiations for any connections where we did not negotiate SPDY, or on any
+// SPDY connection where the server's certificate did not change.
+//
+// Prohibit changing the server cert only if we negotiated SPDY,
+// in order to support SPDY's cross-origin connection pooling.
+static SECStatus BlockServerCertChangeForSpdy(
+    NSSSocketControl* socketControl, const UniqueCERTCertificate& serverCert) {
+  if (!socketControl->IsHandshakeCompleted()) {
+    // first handshake on this connection, not a
+    // renegotiation.
+    return SECSuccess;
+  }
+
+  // Filter out sockets that did not neogtiate SPDY via NPN
+  nsCOMPtr<nsITransportSecurityInfo> securityInfo;
+  nsresult rv = socketControl->GetSecurityInfo(getter_AddRefs(securityInfo));
+  MOZ_ASSERT(NS_SUCCEEDED(rv), "GetSecurityInfo() failed during renegotiation");
+  if (NS_FAILED(rv) || !securityInfo) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+  nsAutoCString negotiatedNPN;
+  rv = securityInfo->GetNegotiatedNPN(negotiatedNPN);
+  MOZ_ASSERT(NS_SUCCEEDED(rv),
+             "GetNegotiatedNPN() failed during renegotiation");
+
+  if (NS_SUCCEEDED(rv) && !StringBeginsWith(negotiatedNPN, "spdy/"_ns)) {
+    return SECSuccess;
+  }
+  // If GetNegotiatedNPN() failed we will assume spdy for safety's safe
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("BlockServerCertChangeForSpdy failed GetNegotiatedNPN() call."
+             " Assuming spdy."));
+  }
+
+  // Check to see if the cert has actually changed
+  nsCOMPtr<nsIX509Cert> cert(socketControl->GetServerCert());
+  if (!cert) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+  nsTArray<uint8_t> certDER;
+  if (NS_FAILED(cert->GetRawDER(certDER))) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+  if (certDER.Length() == serverCert->derCert.len &&
+      memcmp(certDER.Elements(), serverCert->derCert.data, certDER.Length()) ==
+          0) {
+    return SECSuccess;
+  }
+
+  // Report an error - changed cert is confirmed
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("SPDY refused to allow new cert during renegotiation"));
+  PR_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, 0);
+  return SECFailure;
+}
+
+void GatherTelemetryForSingleSCT(const ct::VerifiedSCT& verifiedSct) {
+  // See SSL_SCTS_ORIGIN in Histograms.json.
+  uint32_t origin = 0;
+  switch (verifiedSct.origin) {
+    case ct::VerifiedSCT::Origin::Embedded:
+      origin = 1;
+      break;
+    case ct::VerifiedSCT::Origin::TLSExtension:
+      origin = 2;
+      break;
+    case ct::VerifiedSCT::Origin::OCSPResponse:
+      origin = 3;
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected VerifiedSCT::Origin type");
+  }
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_ORIGIN, origin);
+
+  // See SSL_SCTS_VERIFICATION_STATUS in Histograms.json.
+  uint32_t verificationStatus = 0;
+  switch (verifiedSct.status) {
+    case ct::VerifiedSCT::Status::Valid:
+      verificationStatus = 1;
+      break;
+    case ct::VerifiedSCT::Status::UnknownLog:
+      verificationStatus = 2;
+      break;
+    case ct::VerifiedSCT::Status::InvalidSignature:
+      verificationStatus = 3;
+      break;
+    case ct::VerifiedSCT::Status::InvalidTimestamp:
+      verificationStatus = 4;
+      break;
+    case ct::VerifiedSCT::Status::ValidFromDisqualifiedLog:
+      verificationStatus = 5;
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected VerifiedSCT::Status type");
+  }
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS,
+                        verificationStatus);
+}
+
+void GatherCertificateTransparencyTelemetry(
+    const nsTArray<uint8_t>& rootCert, bool isEV,
+    const CertificateTransparencyInfo& info) {
+  if (!info.enabled) {
+    // No telemetry is gathered when CT is disabled.
+    return;
+  }
+
+  for (const ct::VerifiedSCT& sct : info.verifyResult.verifiedScts) {
+    GatherTelemetryForSingleSCT(sct);
+  }
+
+  // Decoding errors are reported to the 0th bucket
+  // of the SSL_SCTS_VERIFICATION_STATUS enumerated probe.
+  for (size_t i = 0; i < info.verifyResult.decodingErrors; ++i) {
+    Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, 0);
+  }
+
+  // Handle the histogram of SCTs counts.
+  uint32_t sctsCount =
+      static_cast<uint32_t>(info.verifyResult.verifiedScts.size());
+  // Note that sctsCount can also be 0 in case we've received SCT binary data,
+  // but it failed to parse (e.g. due to unsupported CT protocol version).
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, sctsCount);
+
+  // Report CT Policy compliance of EV certificates.
+  if (isEV) {
+    uint32_t evCompliance = 0;
+    switch (info.policyCompliance) {
+      case ct::CTPolicyCompliance::Compliant:
+        evCompliance = 1;
+        break;
+      case ct::CTPolicyCompliance::NotEnoughScts:
+        evCompliance = 2;
+        break;
+      case ct::CTPolicyCompliance::NotDiverseScts:
+        evCompliance = 3;
+        break;
+      case ct::CTPolicyCompliance::Unknown:
+      default:
+        MOZ_ASSERT_UNREACHABLE("Unexpected CTPolicyCompliance type");
+    }
+    Telemetry::Accumulate(Telemetry::SSL_CT_POLICY_COMPLIANCE_OF_EV_CERTS,
+                          evCompliance);
+  }
+
+  // Report CT Policy compliance by CA.
+  switch (info.policyCompliance) {
+    case ct::CTPolicyCompliance::Compliant:
+      AccumulateTelemetryForRootCA(
+          Telemetry::SSL_CT_POLICY_COMPLIANT_CONNECTIONS_BY_CA, rootCert);
+      break;
+    case ct::CTPolicyCompliance::NotEnoughScts:
+    case ct::CTPolicyCompliance::NotDiverseScts:
+      AccumulateTelemetryForRootCA(
+          Telemetry::SSL_CT_POLICY_NON_COMPLIANT_CONNECTIONS_BY_CA, rootCert);
+      break;
+    case ct::CTPolicyCompliance::Unknown:
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected CTPolicyCompliance type");
+  }
+}
+
+// This function collects telemetry about certs. It will be called on one of
+// CertVerificationThread. When the socket process is used this will be called
+// on the parent process.
+static void CollectCertTelemetry(
+    mozilla::pkix::Result aCertVerificationResult, EVStatus aEVStatus,
+    CertVerifier::OCSPStaplingStatus aOcspStaplingStatus,
+    KeySizeStatus aKeySizeStatus,
+    const PinningTelemetryInfo& aPinningTelemetryInfo,
+    const nsTArray<nsTArray<uint8_t>>& aBuiltCertChain,
+    const CertificateTransparencyInfo& aCertificateTransparencyInfo) {
+  uint32_t evStatus = (aCertVerificationResult != Success) ? 0  // 0 = Failure
+                      : (aEVStatus != EVStatus::EV)        ? 1  // 1 = DV
+                                                           : 2;        // 2 = EV
+  Telemetry::Accumulate(Telemetry::CERT_EV_STATUS, evStatus);
+
+  if (aOcspStaplingStatus != CertVerifier::OCSP_STAPLING_NEVER_CHECKED) {
+    Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, aOcspStaplingStatus);
+  }
+
+  if (aKeySizeStatus != KeySizeStatus::NeverChecked) {
+    Telemetry::Accumulate(Telemetry::CERT_CHAIN_KEY_SIZE_STATUS,
+                          static_cast<uint32_t>(aKeySizeStatus));
+  }
+
+  if (aPinningTelemetryInfo.accumulateForRoot) {
+    Telemetry::Accumulate(Telemetry::CERT_PINNING_FAILURES_BY_CA,
+                          aPinningTelemetryInfo.rootBucket);
+  }
+
+  if (aPinningTelemetryInfo.accumulateResult) {
+    MOZ_ASSERT(aPinningTelemetryInfo.certPinningResultHistogram.isSome());
+    Telemetry::Accumulate(
+        aPinningTelemetryInfo.certPinningResultHistogram.value(),
+        aPinningTelemetryInfo.certPinningResultBucket);
+  }
+
+  if (aCertVerificationResult == Success && aBuiltCertChain.Length() > 0) {
+    const nsTArray<uint8_t>& rootCert = aBuiltCertChain.LastElement();
+    AccumulateTelemetryForRootCA(Telemetry::CERT_VALIDATION_SUCCESS_BY_CA,
+                                 rootCert);
+    GatherCertificateTransparencyTelemetry(rootCert, aEVStatus == EVStatus::EV,
+                                           aCertificateTransparencyInfo);
+  }
+}
+
+// Note: Takes ownership of |peerCertChain| if SECSuccess is not returned.
+Result AuthCertificate(
+    CertVerifier& certVerifier, void* aPinArg,
+    const nsTArray<uint8_t>& certBytes,
+    const nsTArray<nsTArray<uint8_t>>& peerCertChain,
+    const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
+    const Maybe<nsTArray<uint8_t>>& stapledOCSPResponse,
+    const Maybe<nsTArray<uint8_t>>& sctsFromTLSExtension,
+    const Maybe<DelegatedCredentialInfo>& dcInfo, uint32_t providerFlags,
+    Time time, uint32_t certVerifierFlags,
+    /*out*/ nsTArray<nsTArray<uint8_t>>& builtCertChain,
+    /*out*/ EVStatus& evStatus,
+    /*out*/ CertificateTransparencyInfo& certificateTransparencyInfo,
+    /*out*/ bool& aIsBuiltCertChainRootBuiltInRoot,
+    /*out*/ bool& aMadeOCSPRequests) {
+  CertVerifier::OCSPStaplingStatus ocspStaplingStatus =
+      CertVerifier::OCSP_STAPLING_NEVER_CHECKED;
+  KeySizeStatus keySizeStatus = KeySizeStatus::NeverChecked;
+  PinningTelemetryInfo pinningTelemetryInfo;
+
+  nsTArray<nsTArray<uint8_t>> peerCertsBytes;
+  // Don't include the end-entity certificate.
+  if (!peerCertChain.IsEmpty()) {
+    std::transform(
+        peerCertChain.cbegin() + 1, peerCertChain.cend(),
+        MakeBackInserter(peerCertsBytes),
+        [](const auto& elementArray) { return elementArray.Clone(); });
+  }
+
+  Result rv = certVerifier.VerifySSLServerCert(
+      certBytes, time, aPinArg, aHostName, builtCertChain, certVerifierFlags,
+      Some(std::move(peerCertsBytes)), stapledOCSPResponse,
+      sctsFromTLSExtension, dcInfo, aOriginAttributes, &evStatus,
+      &ocspStaplingStatus, &keySizeStatus, &pinningTelemetryInfo,
+      &certificateTransparencyInfo, &aIsBuiltCertChainRootBuiltInRoot,
+      &aMadeOCSPRequests);
+
+  CollectCertTelemetry(rv, evStatus, ocspStaplingStatus, keySizeStatus,
+                       pinningTelemetryInfo, builtCertChain,
+                       certificateTransparencyInfo);
+
+  return rv;
+}
+
+PRErrorCode AuthCertificateParseResults(
+    uint64_t aPtrForLog, const nsACString& aHostName, int32_t aPort,
+    const OriginAttributes& aOriginAttributes,
+    const nsCOMPtr<nsIX509Cert>& aCert, mozilla::pkix::Time aTime,
+    PRErrorCode aCertVerificationError,
+    /* out */
+    nsITransportSecurityInfo::OverridableErrorCategory&
+        aOverridableErrorCategory) {
+  uint32_t probeValue = MapCertErrorToProbeValue(aCertVerificationError);
+  Telemetry::Accumulate(Telemetry::SSL_CERT_VERIFICATION_ERRORS, probeValue);
+
+  Maybe<nsITransportSecurityInfo::OverridableErrorCategory>
+      maybeOverridableErrorCategory =
+          CategorizeCertificateError(aCertVerificationError);
+  // If this isn't an overridable error, return it now. This will stop the
+  // connection and report the given error.
+  if (!maybeOverridableErrorCategory.isSome()) {
+    return aCertVerificationError;
+  }
+  aOverridableErrorCategory = *maybeOverridableErrorCategory;
+
+  bool overrideAllowed = false;
+  nsresult rv = OverrideAllowedForHost(aPtrForLog, aHostName, aOriginAttributes,
+                                       overrideAllowed);
+  if (NS_FAILED(rv)) {
+    return aCertVerificationError;
+  }
+
+  if (!overrideAllowed) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[0x%" PRIx64 "] HSTS or pinned host - no overrides allowed",
+             aPtrForLog));
+    return aCertVerificationError;
+  }
+
+  nsCOMPtr<nsICertOverrideService> overrideService =
+      do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+  if (!overrideService) {
+    return aCertVerificationError;
+  }
+  bool haveOverride;
+  bool isTemporaryOverride;
+  rv = overrideService->HasMatchingOverride(aHostName, aPort, aOriginAttributes,
+                                            aCert, &isTemporaryOverride,
+                                            &haveOverride);
+  if (NS_FAILED(rv)) {
+    return aCertVerificationError;
+  }
+  Unused << isTemporaryOverride;
+  if (haveOverride) {
+    uint32_t probeValue =
+        MapOverridableErrorToProbeValue(aCertVerificationError);
+    Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[0x%" PRIx64 "] certificate error overridden", aPtrForLog));
+    return 0;
+  }
+
+  return aCertVerificationError;
+}
+
+static nsTArray<nsTArray<uint8_t>> CreateCertBytesArray(
+    const UniqueCERTCertList& aCertChain) {
+  nsTArray<nsTArray<uint8_t>> certsBytes;
+  for (CERTCertListNode* n = CERT_LIST_HEAD(aCertChain);
+       !CERT_LIST_END(n, aCertChain); n = CERT_LIST_NEXT(n)) {
+    nsTArray<uint8_t> certBytes;
+    certBytes.AppendElements(n->cert->derCert.data, n->cert->derCert.len);
+    certsBytes.AppendElement(std::move(certBytes));
+  }
+  return certsBytes;
+}
+
+/*static*/
+SECStatus SSLServerCertVerificationJob::Dispatch(
+    uint64_t addrForLogging, void* aPinArg,
+    nsTArray<nsTArray<uint8_t>>&& peerCertChain, const nsACString& aHostName,
+    int32_t aPort, const OriginAttributes& aOriginAttributes,
+    Maybe<nsTArray<uint8_t>>& stapledOCSPResponse,
+    Maybe<nsTArray<uint8_t>>& sctsFromTLSExtension,
+    Maybe<DelegatedCredentialInfo>& dcInfo, uint32_t providerFlags, Time time,
+    uint32_t certVerifierFlags,
+    BaseSSLServerCertVerificationResult* aResultTask) {
+  // Runs on the socket transport thread
+  if (!aResultTask || peerCertChain.IsEmpty()) {
+    MOZ_ASSERT_UNREACHABLE(
+        "must have result task and non-empty peer cert chain");
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+
+  if (!gCertVerificationThreadPool) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  RefPtr<SSLServerCertVerificationJob> job(new SSLServerCertVerificationJob(
+      addrForLogging, aPinArg, std::move(peerCertChain), aHostName, aPort,
+      aOriginAttributes, stapledOCSPResponse, sctsFromTLSExtension, dcInfo,
+      providerFlags, time, certVerifierFlags, aResultTask));
+
+  nsresult nrv = gCertVerificationThreadPool->Dispatch(job, NS_DISPATCH_NORMAL);
+  if (NS_FAILED(nrv)) {
+    // We can't call SetCertVerificationResult here to change
+    // mCertVerificationState because SetCertVerificationResult will call
+    // libssl functions that acquire SSL locks that are already being held at
+    // this point. However, we can set an error with PR_SetError and return
+    // SECFailure, and the correct thing will happen (the error will be
+    // propagated and this connection will be terminated).
+    PRErrorCode error = nrv == NS_ERROR_OUT_OF_MEMORY ? PR_OUT_OF_MEMORY_ERROR
+                                                      : PR_INVALID_STATE_ERROR;
+    PR_SetError(error, 0);
+    return SECFailure;
+  }
+
+  PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+  return SECWouldBlock;
+}
+
+NS_IMETHODIMP
+SSLServerCertVerificationJob::Run() {
+  // Runs on a cert verification thread and only on parent process.
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  MOZ_LOG(
+      gPIPNSSLog, LogLevel::Debug,
+      ("[%" PRIx64 "] SSLServerCertVerificationJob::Run\n", mAddrForLogging));
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    PR_SetError(SEC_ERROR_NOT_INITIALIZED, 0);
+    return NS_OK;
+  }
+
+  TimeStamp jobStartTime = TimeStamp::Now();
+  EVStatus evStatus;
+  CertificateTransparencyInfo certificateTransparencyInfo;
+  bool isCertChainRootBuiltInRoot = false;
+  bool madeOCSPRequests = false;
+  nsTArray<nsTArray<uint8_t>> builtChainBytesArray;
+  nsTArray<uint8_t> certBytes(mPeerCertChain.ElementAt(0).Clone());
+  Result rv = AuthCertificate(
+      *certVerifier, mPinArg, certBytes, mPeerCertChain, mHostName,
+      mOriginAttributes, mStapledOCSPResponse, mSCTsFromTLSExtension, mDCInfo,
+      mProviderFlags, mTime, mCertVerifierFlags, builtChainBytesArray, evStatus,
+      certificateTransparencyInfo, isCertChainRootBuiltInRoot,
+      madeOCSPRequests);
+
+  if (rv == Success) {
+    Telemetry::AccumulateTimeDelta(
+        Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX, jobStartTime,
+        TimeStamp::Now());
+    Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
+
+    mResultTask->Dispatch(
+        std::move(builtChainBytesArray), std::move(mPeerCertChain),
+        TransportSecurityInfo::ConvertCertificateTransparencyInfoToStatus(
+            certificateTransparencyInfo),
+        evStatus, true, 0,
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET,
+        isCertChainRootBuiltInRoot, mProviderFlags, madeOCSPRequests);
+    return NS_OK;
+  }
+
+  Telemetry::AccumulateTimeDelta(
+      Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX,
+      jobStartTime, TimeStamp::Now());
+
+  PRErrorCode error = MapResultToPRErrorCode(rv);
+  nsITransportSecurityInfo::OverridableErrorCategory overridableErrorCategory =
+      nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
+  nsCOMPtr<nsIX509Cert> cert(new nsNSSCertificate(std::move(certBytes)));
+  PRErrorCode finalError = AuthCertificateParseResults(
+      mAddrForLogging, mHostName, mPort, mOriginAttributes, cert, mTime, error,
+      overridableErrorCategory);
+
+  // NB: finalError may be 0 here, in which the connection will continue.
+  mResultTask->Dispatch(
+      std::move(builtChainBytesArray), std::move(mPeerCertChain),
+      nsITransportSecurityInfo::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE,
+      EVStatus::NotEV, false, finalError, overridableErrorCategory, false,
+      mProviderFlags, madeOCSPRequests);
+  return NS_OK;
+}
+
+// Takes information needed for cert verification, does some consistency
+//  checks and calls SSLServerCertVerificationJob::Dispatch.
+SECStatus AuthCertificateHookInternal(
+    CommonSocketControl* socketControl, const void* aPtrForLogging,
+    const nsACString& hostName, nsTArray<nsTArray<uint8_t>>&& peerCertChain,
+    Maybe<nsTArray<uint8_t>>& stapledOCSPResponse,
+    Maybe<nsTArray<uint8_t>>& sctsFromTLSExtension,
+    Maybe<DelegatedCredentialInfo>& dcInfo, uint32_t providerFlags,
+    uint32_t certVerifierFlags) {
+  // Runs on the socket transport thread
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] starting AuthCertificateHookInternal\n", aPtrForLogging));
+
+  if (!socketControl || peerCertChain.IsEmpty()) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  bool onSTSThread;
+  nsresult nrv;
+  nsCOMPtr<nsIEventTarget> sts =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+  if (NS_SUCCEEDED(nrv)) {
+    nrv = sts->IsOnCurrentThread(&onSTSThread);
+  }
+
+  if (NS_FAILED(nrv)) {
+    NS_ERROR("Could not get STS service or IsOnCurrentThread failed");
+    PR_SetError(PR_UNKNOWN_ERROR, 0);
+    return SECFailure;
+  }
+
+  MOZ_ASSERT(onSTSThread);
+
+  if (!onSTSThread) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  uint64_t addr = reinterpret_cast<uintptr_t>(aPtrForLogging);
+  RefPtr<SSLServerCertVerificationResult> resultTask =
+      new SSLServerCertVerificationResult(socketControl);
+
+  if (XRE_IsSocketProcess()) {
+    return RemoteProcessCertVerification(
+        std::move(peerCertChain), hostName, socketControl->GetPort(),
+        socketControl->GetOriginAttributes(), stapledOCSPResponse,
+        sctsFromTLSExtension, dcInfo, providerFlags, certVerifierFlags,
+        resultTask);
+  }
+
+  // We *must* do certificate verification on a background thread because
+  // we need the socket transport thread to be free for our OCSP requests,
+  // and we *want* to do certificate verification on a background thread
+  // because of the performance benefits of doing so.
+  return SSLServerCertVerificationJob::Dispatch(
+      addr, socketControl, std::move(peerCertChain), hostName,
+      socketControl->GetPort(), socketControl->GetOriginAttributes(),
+      stapledOCSPResponse, sctsFromTLSExtension, dcInfo, providerFlags, Now(),
+      certVerifierFlags, resultTask);
+}
+
+// Extracts whatever information we need out of fd (using SSL_*) and passes it
+// to AuthCertificateHookInternal. AuthCertificateHookInternal will call
+// SSLServerCertVerificationJob::Dispatch. SSLServerCertVerificationJob
+// should never do anything with fd except logging.
+SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig,
+                              PRBool isServer) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] starting AuthCertificateHook\n", fd));
+
+  // Modern libssl always passes PR_TRUE for checkSig, and we have no means of
+  // doing verification without checking signatures.
+  MOZ_ASSERT(checkSig, "AuthCertificateHook: checkSig unexpectedly false");
+
+  // PSM never causes libssl to call this function with PR_TRUE for isServer,
+  // and many things in PSM assume that we are a client.
+  MOZ_ASSERT(!isServer, "AuthCertificateHook: isServer unexpectedly true");
+
+  NSSSocketControl* socketInfo = static_cast<NSSSocketControl*>(arg);
+
+  UniqueCERTCertificate serverCert(SSL_PeerCertificate(fd));
+
+  if (!checkSig || isServer || !socketInfo || !serverCert) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+  socketInfo->SetFullHandshake();
+
+  if (BlockServerCertChangeForSpdy(socketInfo, serverCert) != SECSuccess) {
+    return SECFailure;
+  }
+
+  UniqueCERTCertList peerCertChain(SSL_PeerCertificateChain(fd));
+  if (!peerCertChain) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  nsTArray<nsTArray<uint8_t>> peerCertsBytes =
+      CreateCertBytesArray(peerCertChain);
+
+  // SSL_PeerStapledOCSPResponses will never return a non-empty response if
+  // OCSP stapling wasn't enabled because libssl wouldn't have let the server
+  // return a stapled OCSP response.
+  // We don't own these pointers.
+  const SECItemArray* csa = SSL_PeerStapledOCSPResponses(fd);
+  Maybe<nsTArray<uint8_t>> stapledOCSPResponse;
+  // we currently only support single stapled responses
+  if (csa && csa->len == 1) {
+    stapledOCSPResponse.emplace();
+    stapledOCSPResponse->SetCapacity(csa->items[0].len);
+    stapledOCSPResponse->AppendElements(csa->items[0].data, csa->items[0].len);
+  }
+
+  Maybe<nsTArray<uint8_t>> sctsFromTLSExtension;
+  const SECItem* sctsFromTLSExtensionSECItem = SSL_PeerSignedCertTimestamps(fd);
+  if (sctsFromTLSExtensionSECItem) {
+    sctsFromTLSExtension.emplace();
+    sctsFromTLSExtension->SetCapacity(sctsFromTLSExtensionSECItem->len);
+    sctsFromTLSExtension->AppendElements(sctsFromTLSExtensionSECItem->data,
+                                         sctsFromTLSExtensionSECItem->len);
+  }
+
+  uint32_t providerFlags = 0;
+  socketInfo->GetProviderFlags(&providerFlags);
+
+  uint32_t certVerifierFlags = 0;
+  if (!socketInfo->SharedState().IsOCSPStaplingEnabled() ||
+      !socketInfo->SharedState().IsOCSPMustStapleEnabled()) {
+    certVerifierFlags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  }
+
+  // Get DC information
+  Maybe<DelegatedCredentialInfo> dcInfo;
+  SSLPreliminaryChannelInfo channelPreInfo;
+  SECStatus rv = SSL_GetPreliminaryChannelInfo(fd, &channelPreInfo,
+                                               sizeof(channelPreInfo));
+  if (rv != SECSuccess) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+  if (channelPreInfo.peerDelegCred) {
+    dcInfo.emplace(DelegatedCredentialInfo(channelPreInfo.signatureScheme,
+                                           channelPreInfo.authKeyBits));
+  }
+
+  // If we configured an ECHConfig and NSS returned the public name
+  // for verification, ECH was rejected. Proceed, verifying to the
+  // public name. The result determines how NSS will fail (i.e. with
+  // any provided retry_configs if successful). See draft-ietf-tls-esni-08.
+  nsCString echConfig;
+  nsresult nsrv = socketInfo->GetEchConfig(echConfig);
+  bool verifyToEchPublicName =
+      NS_SUCCEEDED(nsrv) && echConfig.Length() && channelPreInfo.echPublicName;
+
+  const nsCString echPublicName(channelPreInfo.echPublicName);
+  const nsACString& hostname =
+      verifyToEchPublicName ? echPublicName : socketInfo->GetHostName();
+  socketInfo->SetCertVerificationWaiting();
+  rv = AuthCertificateHookInternal(socketInfo, static_cast<const void*>(fd),
+                                   hostname, std::move(peerCertsBytes),
+                                   stapledOCSPResponse, sctsFromTLSExtension,
+                                   dcInfo, providerFlags, certVerifierFlags);
+  return rv;
+}
+
+// Takes information needed for cert verification, does some consistency
+// checks and calls SSLServerCertVerificationJob::Dispatch.
+// This function is used for Quic.
+SECStatus AuthCertificateHookWithInfo(
+    CommonSocketControl* socketControl, const nsACString& aHostName,
+    const void* aPtrForLogging, nsTArray<nsTArray<uint8_t>>&& peerCertChain,
+    Maybe<nsTArray<nsTArray<uint8_t>>>& stapledOCSPResponses,
+    Maybe<nsTArray<uint8_t>>& sctsFromTLSExtension, uint32_t providerFlags) {
+  if (peerCertChain.IsEmpty()) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  // we currently only support single stapled responses
+  Maybe<nsTArray<uint8_t>> stapledOCSPResponse;
+  if (stapledOCSPResponses && (stapledOCSPResponses->Length() == 1)) {
+    stapledOCSPResponse.emplace(stapledOCSPResponses->ElementAt(0).Clone());
+  }
+
+  uint32_t certVerifierFlags = 0;
+  // QuicSocketControl does not have a SharedState as NSSSocketControl.
+  // Here we need prefs for ocsp. This are prefs they are the same for
+  // PublicSSLState and PrivateSSLState, just take them from one of them.
+  if (!PublicSSLState()->IsOCSPStaplingEnabled() ||
+      !PublicSSLState()->IsOCSPMustStapleEnabled()) {
+    certVerifierFlags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  }
+
+  // Need to update Quic stack to reflect the PreliminaryInfo fields
+  // for Delegated Credentials.
+  Maybe<DelegatedCredentialInfo> dcInfo;
+
+  return AuthCertificateHookInternal(socketControl, aPtrForLogging, aHostName,
+                                     std::move(peerCertChain),
+                                     stapledOCSPResponse, sctsFromTLSExtension,
+                                     dcInfo, providerFlags, certVerifierFlags);
+}
+
+NS_IMPL_ISUPPORTS_INHERITED0(SSLServerCertVerificationResult, Runnable)
+
+SSLServerCertVerificationResult::SSLServerCertVerificationResult(
+    CommonSocketControl* socketControl)
+    : Runnable("psm::SSLServerCertVerificationResult"),
+      mSocketControl(socketControl),
+      mCertificateTransparencyStatus(0),
+      mEVStatus(EVStatus::NotEV),
+      mSucceeded(false),
+      mFinalError(0),
+      mOverridableErrorCategory(
+          nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET),
+      mProviderFlags(0) {}
+
+void SSLServerCertVerificationResult::Dispatch(
+    nsTArray<nsTArray<uint8_t>>&& aBuiltChain,
+    nsTArray<nsTArray<uint8_t>>&& aPeerCertChain,
+    uint16_t aCertificateTransparencyStatus, EVStatus aEVStatus,
+    bool aSucceeded, PRErrorCode aFinalError,
+    nsITransportSecurityInfo::OverridableErrorCategory
+        aOverridableErrorCategory,
+    bool aIsBuiltCertChainRootBuiltInRoot, uint32_t aProviderFlags,
+    bool aMadeOCSPRequests) {
+  mBuiltChain = std::move(aBuiltChain);
+  mPeerCertChain = std::move(aPeerCertChain);
+  mCertificateTransparencyStatus = aCertificateTransparencyStatus;
+  mEVStatus = aEVStatus;
+  mSucceeded = aSucceeded;
+  mFinalError = aFinalError;
+  mOverridableErrorCategory = aOverridableErrorCategory;
+  mIsBuiltCertChainRootBuiltInRoot = aIsBuiltCertChainRootBuiltInRoot;
+  mProviderFlags = aProviderFlags;
+  mMadeOCSPRequests = aMadeOCSPRequests;
+
+  if (mSucceeded && mBuiltChain.IsEmpty()) {
+    MOZ_ASSERT_UNREACHABLE(
+        "if the handshake succeeded, the built chain shouldn't be empty");
+    mSucceeded = false;
+    mFinalError = SEC_ERROR_LIBRARY_FAILURE;
+  }
+  if (!mSucceeded && mPeerCertChain.IsEmpty()) {
+    MOZ_ASSERT_UNREACHABLE(
+        "if the handshake failed, the peer chain shouldn't be empty");
+    mFinalError = SEC_ERROR_LIBRARY_FAILURE;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIEventTarget> stsTarget =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
+  MOZ_ASSERT(stsTarget, "Failed to get socket transport service event target");
+  rv = stsTarget->Dispatch(this, NS_DISPATCH_NORMAL);
+  MOZ_ASSERT(NS_SUCCEEDED(rv),
+             "Failed to dispatch SSLServerCertVerificationResult");
+}
+
+NS_IMETHODIMP
+SSLServerCertVerificationResult::Run() {
+#ifdef DEBUG
+  bool onSTSThread = false;
+  nsresult nrv;
+  nsCOMPtr<nsIEventTarget> sts =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+  if (NS_SUCCEEDED(nrv)) {
+    nrv = sts->IsOnCurrentThread(&onSTSThread);
+  }
+
+  MOZ_ASSERT(onSTSThread);
+#endif
+
+  if (mSucceeded && !XRE_IsSocketProcess() &&
+      !(mProviderFlags & nsISocketProvider::NO_PERMANENT_STORAGE)) {
+    // This dispatches an event that will run when the socket thread is idle.
+    SaveIntermediateCerts(mBuiltChain);
+  }
+
+  mSocketControl->SetMadeOCSPRequests(mMadeOCSPRequests);
+
+  if (mSucceeded) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("SSLServerCertVerificationResult::Run setting NEW cert"));
+    nsTArray<uint8_t> certBytes(mBuiltChain.ElementAt(0).Clone());
+    nsCOMPtr<nsIX509Cert> cert(new nsNSSCertificate(std::move(certBytes)));
+    mSocketControl->SetServerCert(cert, mEVStatus);
+    mSocketControl->SetSucceededCertChain(std::move(mBuiltChain));
+
+    mSocketControl->SetIsBuiltCertChainRootBuiltInRoot(
+        mIsBuiltCertChainRootBuiltInRoot);
+    mSocketControl->SetCertificateTransparencyStatus(
+        mCertificateTransparencyStatus);
+  } else {
+    nsTArray<uint8_t> certBytes(mPeerCertChain.ElementAt(0).Clone());
+    nsCOMPtr<nsIX509Cert> cert(new nsNSSCertificate(std::move(certBytes)));
+    // Certificate validation failed; store the peer certificate chain on
+    // mSocketControl so it can be used for error reporting.
+    mSocketControl->SetFailedCertChain(std::move(mPeerCertChain));
+    if (mOverridableErrorCategory !=
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET) {
+      mSocketControl->SetStatusErrorBits(cert, mOverridableErrorCategory);
+    }
+  }
+
+  mSocketControl->SetCertVerificationResult(mFinalError);
+  return NS_OK;
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/SSLServerCertVerification.h b/security/manager/ssl/SSLServerCertVerification.h
new file mode 100644
index 0000000000..694563152d
--- /dev/null
+++ b/security/manager/ssl/SSLServerCertVerification.h
@@ -0,0 +1,161 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _SSLSERVERCERTVERIFICATION_H
+#define _SSLSERVERCERTVERIFICATION_H
+
+#include "CertVerifier.h"
+#include "CommonSocketControl.h"
+#include "ScopedNSSTypes.h"
+#include "mozilla/Maybe.h"
+#include "mozpkix/pkix.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIX509Cert.h"
+#include "nsTArray.h"
+#include "nsThreadUtils.h"
+#include "prerror.h"
+#include "prio.h"
+#include "seccomon.h"
+#include "secoidt.h"
+
+using namespace mozilla::pkix;
+
+namespace mozilla {
+namespace psm {
+
+enum class EVStatus : uint8_t;
+
+SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig,
+                              PRBool isServer);
+
+// This function triggers the certificate verification. The verification is
+// asynchronous and the info object will be notified when the verification has
+// completed via SetCertVerificationResult.
+SECStatus AuthCertificateHookWithInfo(
+    CommonSocketControl* socketControl, const nsACString& aHostName,
+    const void* aPtrForLogging, nsTArray<nsTArray<uint8_t>>&& peerCertChain,
+    Maybe<nsTArray<nsTArray<uint8_t>>>& stapledOCSPResponses,
+    Maybe<nsTArray<uint8_t>>& sctsFromTLSExtension, uint32_t providerFlags);
+
+// Base class for dispatching the certificate verification result.
+class BaseSSLServerCertVerificationResult {
+ public:
+  NS_INLINE_DECL_PURE_VIRTUAL_REFCOUNTING
+
+  virtual void Dispatch(nsTArray<nsTArray<uint8_t>>&& aBuiltChain,
+                        nsTArray<nsTArray<uint8_t>>&& aPeerCertChain,
+                        uint16_t aCertificateTransparencyStatus,
+                        EVStatus aEVStatus, bool aSucceeded,
+                        PRErrorCode aFinalError,
+                        nsITransportSecurityInfo::OverridableErrorCategory
+                            aOverridableErrorCategory,
+                        bool aIsBuiltCertChainRootBuiltInRoot,
+                        uint32_t aProviderFlags, bool aMadeOCSPRequests) = 0;
+};
+
+// Dispatched to the STS thread to notify the infoObject of the verification
+// result.
+//
+// This will cause the PR_Poll in the STS thread to return, so things work
+// correctly even if the STS thread is blocked polling (only) on the file
+// descriptor that is waiting for this result.
+class SSLServerCertVerificationResult final
+    : public BaseSSLServerCertVerificationResult,
+      public Runnable {
+ public:
+  NS_DECL_ISUPPORTS_INHERITED
+  NS_DECL_NSIRUNNABLE
+
+  explicit SSLServerCertVerificationResult(CommonSocketControl* socketControl);
+
+  void Dispatch(nsTArray<nsTArray<uint8_t>>&& aBuiltChain,
+                nsTArray<nsTArray<uint8_t>>&& aPeerCertChain,
+                uint16_t aCertificateTransparencyStatus, EVStatus aEVStatus,
+                bool aSucceeded, PRErrorCode aFinalError,
+                nsITransportSecurityInfo::OverridableErrorCategory
+                    aOverridableErrorCategory,
+                bool aIsBuiltCertChainRootBuiltInRoot, uint32_t aProviderFlags,
+                bool aMadeOCSPRequests) override;
+
+ private:
+  ~SSLServerCertVerificationResult() = default;
+
+  const RefPtr<CommonSocketControl> mSocketControl;
+  nsTArray<nsTArray<uint8_t>> mBuiltChain;
+  nsTArray<nsTArray<uint8_t>> mPeerCertChain;
+  uint16_t mCertificateTransparencyStatus;
+  EVStatus mEVStatus;
+  bool mSucceeded;
+  PRErrorCode mFinalError;
+  nsITransportSecurityInfo::OverridableErrorCategory mOverridableErrorCategory;
+  bool mIsBuiltCertChainRootBuiltInRoot;
+  uint32_t mProviderFlags;
+  bool mMadeOCSPRequests;
+};
+
+class SSLServerCertVerificationJob : public Runnable {
+ public:
+  SSLServerCertVerificationJob(const SSLServerCertVerificationJob&) = delete;
+
+  // Must be called only on the socket transport thread
+  static SECStatus Dispatch(uint64_t addrForLogging, void* aPinArg,
+                            nsTArray<nsTArray<uint8_t>>&& peerCertChain,
+                            const nsACString& aHostName, int32_t aPort,
+                            const OriginAttributes& aOriginAttributes,
+                            Maybe<nsTArray<uint8_t>>& stapledOCSPResponse,
+                            Maybe<nsTArray<uint8_t>>& sctsFromTLSExtension,
+                            Maybe<DelegatedCredentialInfo>& dcInfo,
+                            uint32_t providerFlags, Time time,
+                            uint32_t certVerifierFlags,
+                            BaseSSLServerCertVerificationResult* aResultTask);
+
+ private:
+  NS_DECL_NSIRUNNABLE
+
+  // Must be called only on the socket transport thread
+  SSLServerCertVerificationJob(uint64_t addrForLogging, void* aPinArg,
+                               nsTArray<nsTArray<uint8_t>>&& peerCertChain,
+                               const nsACString& aHostName, int32_t aPort,
+                               const OriginAttributes& aOriginAttributes,
+                               Maybe<nsTArray<uint8_t>>& stapledOCSPResponse,
+                               Maybe<nsTArray<uint8_t>>& sctsFromTLSExtension,
+                               Maybe<DelegatedCredentialInfo>& dcInfo,
+                               uint32_t providerFlags, Time time,
+                               uint32_t certVerifierFlags,
+                               BaseSSLServerCertVerificationResult* aResultTask)
+      : Runnable("psm::SSLServerCertVerificationJob"),
+        mAddrForLogging(addrForLogging),
+        mPinArg(aPinArg),
+        mPeerCertChain(std::move(peerCertChain)),
+        mHostName(aHostName),
+        mPort(aPort),
+        mOriginAttributes(aOriginAttributes),
+        mProviderFlags(providerFlags),
+        mCertVerifierFlags(certVerifierFlags),
+        mTime(time),
+        mStapledOCSPResponse(std::move(stapledOCSPResponse)),
+        mSCTsFromTLSExtension(std::move(sctsFromTLSExtension)),
+        mDCInfo(std::move(dcInfo)),
+        mResultTask(aResultTask) {}
+
+  uint64_t mAddrForLogging;
+  void* mPinArg;
+  nsTArray<nsTArray<uint8_t>> mPeerCertChain;
+  nsCString mHostName;
+  int32_t mPort;
+  OriginAttributes mOriginAttributes;
+  const uint32_t mProviderFlags;
+  const uint32_t mCertVerifierFlags;
+  const Time mTime;
+  Maybe<nsTArray<uint8_t>> mStapledOCSPResponse;
+  Maybe<nsTArray<uint8_t>> mSCTsFromTLSExtension;
+  Maybe<DelegatedCredentialInfo> mDCInfo;
+  RefPtr<BaseSSLServerCertVerificationResult> mResultTask;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/ScopedNSSTypes.h b/security/manager/ssl/ScopedNSSTypes.h
new file mode 100644
index 0000000000..7ed1b7201b
--- /dev/null
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -0,0 +1,464 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This header provides smart pointers and various helpers for code that needs
+// to interact with NSS.
+
+#ifndef ScopedNSSTypes_h
+#define ScopedNSSTypes_h
+
+#include <limits>
+#include <memory>
+
+#include "cert.h"
+#include "cms.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Likely.h"
+#include "mozilla/UniquePtr.h"
+#include "nsDebug.h"
+#include "nsError.h"
+#include "NSSErrorsService.h"
+#include "pk11hpke.h"
+#include "pk11pub.h"
+#include "pkcs12.h"
+#include "prerror.h"
+#include "prio.h"
+#include "prmem.h"
+#include "sechash.h"
+#include "secmod.h"
+#include "secpkcs7.h"
+#include "secport.h"
+
+#ifndef MOZ_NO_MOZALLOC
+#  include "mozilla/mozalloc_oom.h"
+#endif
+
+// Normally this would be included from nsNSSComponent.h, but that file includes
+// this file.
+bool EnsureNSSInitializedChromeOrContent();
+
+namespace mozilla {
+
+// NSPR APIs use PRStatus/PR_GetError and NSS APIs use SECStatus/PR_GetError to
+// report success/failure. This function makes it more convenient and *safer*
+// to translate NSPR/NSS results to nsresult. It is safer because it
+// refuses to translate any bad PRStatus/SECStatus into an NS_OK, even when the
+// NSPR/NSS function forgot to call PR_SetError. The actual enforcement of
+// this happens in mozilla::psm::GetXPCOMFromNSSError.
+// IMPORTANT: This must be called immediately after the function returning the
+// SECStatus result. The recommended usage is:
+//    nsresult rv = MapSECStatus(f(x, y, z));
+inline nsresult MapSECStatus(SECStatus rv) {
+  if (rv == SECSuccess) {
+    return NS_OK;
+  }
+
+  return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+}
+
+namespace internal {
+
+inline void PK11_DestroyContext_true(PK11Context* ctx) {
+  PK11_DestroyContext(ctx, true);
+}
+
+inline void SECKEYEncryptedPrivateKeyInfo_true(
+    SECKEYEncryptedPrivateKeyInfo* epki) {
+  SECKEY_DestroyEncryptedPrivateKeyInfo(epki, true);
+}
+
+// If this was created via PK11_ListFixedKeysInSlot, we may have a list of keys,
+// in which case we have to free them all (and if not, this will still free the
+// one key).
+inline void FreeOneOrMoreSymKeys(PK11SymKey* keys) {
+  PK11SymKey* next;
+  while (keys) {
+    next = PK11_GetNextSymKey(keys);
+    PK11_FreeSymKey(keys);
+    keys = next;
+  }
+}
+
+}  // namespace internal
+
+// Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs.
+#define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \
+  struct name##DeletePolicy {                                      \
+    void operator()(Type* aValue) { Deleter(aValue); }             \
+  };                                                               \
+  typedef std::unique_ptr<Type, name##DeletePolicy> name;
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11Context, PK11Context,
+                                      internal::PK11_DestroyContext_true)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotInfo, PK11SlotInfo,
+                                      PK11_FreeSlot)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SymKey, PK11SymKey,
+                                      internal::FreeOneOrMoreSymKeys)
+
+// Common base class for Digest and HMAC. Should not be used directly.
+// Subclasses must implement a `Begin` function that initializes
+// `mDigestContext` and calls `SetLength`.
+class DigestBase {
+ protected:
+  explicit DigestBase() : mLen(0), mDigestContext(nullptr) {}
+
+ public:
+  nsresult Update(Span<const uint8_t> in) {
+    return Update(in.Elements(), in.Length());
+  }
+
+  nsresult Update(const unsigned char* buf, const uint32_t len) {
+    if (!mDigestContext) {
+      return NS_ERROR_NOT_INITIALIZED;
+    }
+    return MapSECStatus(PK11_DigestOp(mDigestContext.get(), buf, len));
+  }
+
+  nsresult End(/*out*/ nsTArray<uint8_t>& out) {
+    if (!mDigestContext) {
+      return NS_ERROR_NOT_INITIALIZED;
+    }
+    out.SetLength(mLen);
+    uint32_t len;
+    nsresult rv = MapSECStatus(
+        PK11_DigestFinal(mDigestContext.get(), out.Elements(), &len, mLen));
+    NS_ENSURE_SUCCESS(rv, rv);
+    mDigestContext = nullptr;
+    NS_ENSURE_TRUE(len == mLen, NS_ERROR_UNEXPECTED);
+
+    return NS_OK;
+  }
+
+ protected:
+  nsresult SetLength(SECOidTag hashType) {
+    switch (hashType) {
+      case SEC_OID_MD5:
+        mLen = MD5_LENGTH;
+        break;
+      case SEC_OID_SHA1:
+        mLen = SHA1_LENGTH;
+        break;
+      case SEC_OID_SHA256:
+        mLen = SHA256_LENGTH;
+        break;
+      case SEC_OID_SHA384:
+        mLen = SHA384_LENGTH;
+        break;
+      case SEC_OID_SHA512:
+        mLen = SHA512_LENGTH;
+        break;
+      default:
+        return NS_ERROR_INVALID_ARG;
+    }
+    return NS_OK;
+  }
+
+ private:
+  uint8_t mLen;
+
+ protected:
+  UniquePK11Context mDigestContext;
+};
+
+/** A more convenient way of dealing with digests calculated into
+ *  stack-allocated buffers. NSS must be initialized on the main thread before
+ *  use, and the caller must ensure NSS isn't shut down, typically by
+ *  being within the lifetime of XPCOM.
+ *
+ * Typical usage, for digesting a buffer in memory:
+ *
+ *   nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
+ *   nsTArray<uint8_t> digestArray;
+ *   nsresult rv = Digest::DigestBuf(SEC_OID_SHA256, mybuffer, myBufferLen,
+ *                                   digestArray);
+ *   NS_ENSURE_SUCCESS(rv, rv);
+ *
+ * Less typical usage, for digesting while doing streaming I/O and similar:
+ *
+ *   Digest digest;
+ *   nsresult rv = digest.Begin(SEC_OID_SHA256);
+ *   NS_ENSURE_SUCCESS(rv, rv);
+ *   for (...) {
+ *      rv = digest.Update(buf, len);
+ *      NS_ENSURE_SUCCESS(rv, rv);
+ *   }
+ *   nsTArray<uint8_t> digestArray;
+ *   rv = digest.End(digestArray);
+ *   NS_ENSURE_SUCCESS(rv, rv)
+ */
+class Digest : public DigestBase {
+ public:
+  explicit Digest() : DigestBase() {}
+
+  static nsresult DigestBuf(SECOidTag hashAlg, Span<const uint8_t> buf,
+                            /*out*/ nsTArray<uint8_t>& out) {
+    return Digest::DigestBuf(hashAlg, buf.Elements(), buf.Length(), out);
+  }
+
+  static nsresult DigestBuf(SECOidTag hashAlg, const uint8_t* buf, uint32_t len,
+                            /*out*/ nsTArray<uint8_t>& out) {
+    Digest digest;
+
+    nsresult rv = digest.Begin(hashAlg);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = digest.Update(buf, len);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = digest.End(out);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    return rv;
+  }
+
+  nsresult Begin(SECOidTag hashAlg) {
+    if (!EnsureNSSInitializedChromeOrContent()) {
+      return NS_ERROR_FAILURE;
+    }
+
+    switch (hashAlg) {
+      case SEC_OID_SHA1:
+      case SEC_OID_SHA256:
+      case SEC_OID_SHA384:
+      case SEC_OID_SHA512:
+        break;
+
+      default:
+        return NS_ERROR_INVALID_ARG;
+    }
+
+    mDigestContext = UniquePK11Context(PK11_CreateDigestContext(hashAlg));
+    if (!mDigestContext) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    nsresult rv = SetLength(hashAlg);
+    NS_ENSURE_SUCCESS(rv, rv);
+    return MapSECStatus(PK11_DigestBegin(mDigestContext.get()));
+  }
+};
+
+// A helper class to calculate HMACs over some data given a key.
+// Only SHA256 and, sadly, MD5 are supported at the moment.
+// Typical usage:
+//   (ensure NSS is initialized)
+//   (obtain raw bytes for a key, some data to calculate the HMAC for)
+//   HMAC hmac;
+//   nsresult rv = hmac.Begin(SEC_OID_SHA256, Span(key));
+//   NS_ENSURE_SUCCESS(rv, rv);
+//   rv = hmac.Update(buf, len);
+//   NS_ENSURE_SUCCESS(rv, rv);
+//   nsTArray<uint8_t> calculatedHmac;
+//   rv = hmac.End(calculatedHmac);
+//   NS_ENSURE_SUCCESS(rv, rv);
+class HMAC : public DigestBase {
+ public:
+  explicit HMAC() : DigestBase() {}
+
+  nsresult Begin(SECOidTag hashAlg, Span<const uint8_t> key) {
+    if (!EnsureNSSInitializedChromeOrContent()) {
+      return NS_ERROR_FAILURE;
+    }
+    CK_MECHANISM_TYPE mechType;
+    switch (hashAlg) {
+      case SEC_OID_SHA256:
+        mechType = CKM_SHA256_HMAC;
+        break;
+      case SEC_OID_MD5:
+        mechType = CKM_MD5_HMAC;
+        break;
+      default:
+        return NS_ERROR_INVALID_ARG;
+    }
+    if (key.Length() > std::numeric_limits<unsigned int>::max()) {
+      return NS_ERROR_INVALID_ARG;
+    }
+    // SECItem's data field is a non-const unsigned char*. The good news is the
+    // data won't be mutated, but the bad news is the constness needs to be
+    // casted away.
+    SECItem keyItem = {siBuffer, const_cast<unsigned char*>(key.Elements()),
+                       static_cast<unsigned int>(key.Length())};
+    UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+    if (!slot) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+    UniquePK11SymKey symKey(
+        PK11_ImportSymKey(slot.get(), CKM_GENERIC_SECRET_KEY_GEN,
+                          PK11_OriginUnwrap, CKA_SIGN, &keyItem, nullptr));
+    if (!symKey) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+    SECItem emptyData = {siBuffer, nullptr, 0};
+    mDigestContext = UniquePK11Context(PK11_CreateContextBySymKey(
+        mechType, CKA_SIGN, symKey.get(), &emptyData));
+    if (!mDigestContext) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    nsresult rv = SetLength(hashAlg);
+    NS_ENSURE_SUCCESS(rv, rv);
+    return MapSECStatus(PK11_DigestBegin(mDigestContext.get()));
+  }
+};
+
+namespace internal {
+
+inline void PORT_FreeArena_false(PLArenaPool* arena) {
+  // PL_FreeArenaPool can't be used because it doesn't actually free the
+  // memory, which doesn't work well with memory analysis tools.
+  return PORT_FreeArena(arena, false);
+}
+
+}  // namespace internal
+
+// Wrapper around NSS's SECItem_AllocItem that handles OOM the same way as
+// other allocators.
+inline void SECITEM_AllocItem(SECItem& item, uint32_t len) {
+  if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len))) {
+#ifndef MOZ_NO_MOZALLOC
+    mozalloc_handle_oom(len);
+    if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len)))
+#endif
+    {
+      MOZ_CRASH();
+    }
+  }
+}
+
+class ScopedAutoSECItem final : public SECItem {
+ public:
+  explicit ScopedAutoSECItem(uint32_t initialAllocatedLen = 0) {
+    data = nullptr;
+    len = 0;
+    if (initialAllocatedLen > 0) {
+      SECITEM_AllocItem(*this, initialAllocatedLen);
+    }
+  }
+
+  void reset() { SECITEM_FreeItem(this, false); }
+
+  ~ScopedAutoSECItem() { reset(); }
+};
+
+class MOZ_RAII AutoSECMODListReadLock final {
+ public:
+  AutoSECMODListReadLock() : mLock(SECMOD_GetDefaultModuleListLock()) {
+    MOZ_ASSERT(mLock, "should have SECMOD lock (has NSS been initialized?)");
+    SECMOD_GetReadLock(mLock);
+  }
+
+  ~AutoSECMODListReadLock() { SECMOD_ReleaseReadLock(mLock); }
+
+ private:
+  SECMODListLock* mLock;
+};
+
+namespace internal {
+
+inline void SECITEM_FreeItem_true(SECItem* s) {
+  return SECITEM_FreeItem(s, true);
+}
+
+inline void SECOID_DestroyAlgorithmID_true(SECAlgorithmID* a) {
+  return SECOID_DestroyAlgorithmID(a, true);
+}
+
+inline void VFY_DestroyContext_true(VFYContext* ctx) {
+  VFY_DestroyContext(ctx, true);
+}
+
+inline void PK11_HPKE_DestroyContext_true(HpkeContext* cx) {
+  PK11_HPKE_DestroyContext(cx, true);
+}
+
+}  // namespace internal
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificate, CERTCertificate,
+                                      CERT_DestroyCertificate)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateList,
+                                      CERTCertificateList,
+                                      CERT_DestroyCertificateList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificatePolicies,
+                                      CERTCertificatePolicies,
+                                      CERT_DestroyCertificatePoliciesExtension)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateRequest,
+                                      CERTCertificateRequest,
+                                      CERT_DestroyCertificateRequest)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertList, CERTCertList,
+                                      CERT_DestroyCertList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTName, CERTName,
+                                      CERT_DestroyName)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTOidSequence, CERTOidSequence,
+                                      CERT_DestroyOidSequence)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTSubjectPublicKeyInfo,
+                                      CERTSubjectPublicKeyInfo,
+                                      SECKEY_DestroySubjectPublicKeyInfo)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTUserNotice, CERTUserNotice,
+                                      CERT_DestroyUserNotice)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTValidity, CERTValidity,
+                                      CERT_DestroyValidity)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueHASHContext, HASHContext,
+                                      HASH_Destroy)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSMessage, NSSCMSMessage,
+                                      NSS_CMSMessage_Destroy)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSSignedData, NSSCMSSignedData,
+                                      NSS_CMSSignedData_Destroy)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11GenericObject,
+                                      PK11GenericObject,
+                                      PK11_DestroyGenericObject)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotList, PK11SlotList,
+                                      PK11_FreeSlotList)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePLArenaPool, PLArenaPool,
+                                      internal::PORT_FreeArena_false)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePORTString, char, PORT_Free)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRFileDesc, PRFileDesc, PR_Close)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRString, char, PR_Free)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECAlgorithmID, SECAlgorithmID,
+                                      internal::SECOID_DestroyAlgorithmID_true)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem, SECItem,
+                                      internal::SECITEM_FreeItem_true)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKey, SECKEYPrivateKey,
+                                      SECKEY_DestroyPrivateKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKeyList,
+                                      SECKEYPrivateKeyList,
+                                      SECKEY_DestroyPrivateKeyList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPublicKey, SECKEYPublicKey,
+                                      SECKEY_DestroyPublicKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECMODModule, SECMODModule,
+                                      SECMOD_DestroyModule)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSGNDigestInfo, SGNDigestInfo,
+                                      SGN_DestroyDigestInfo)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueVFYContext, VFYContext,
+                                      internal::VFY_DestroyContext_true)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSEC_PKCS12DecoderContext,
+                                      SEC_PKCS12DecoderContext,
+                                      SEC_PKCS12DecoderFinish)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSEC_PKCS12ExportContext,
+                                      SEC_PKCS12ExportContext,
+                                      SEC_PKCS12DestroyExportContext)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(
+    UniqueSECKEYEncryptedPrivateKeyInfo, SECKEYEncryptedPrivateKeyInfo,
+    internal::SECKEYEncryptedPrivateKeyInfo_true)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueHpkeContext, HpkeContext,
+                                      internal::PK11_HPKE_DestroyContext_true)
+}  // namespace mozilla
+
+#endif  // ScopedNSSTypes_h
diff --git a/security/manager/ssl/SecretDecoderRing.cpp b/security/manager/ssl/SecretDecoderRing.cpp
new file mode 100644
index 0000000000..8cfebde8f9
--- /dev/null
+++ b/security/manager/ssl/SecretDecoderRing.cpp
@@ -0,0 +1,344 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "SecretDecoderRing.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Services.h"
+#include "mozilla/ErrorResult.h"
+#include "mozilla/dom/Promise.h"
+#include "nsCOMPtr.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIObserverService.h"
+#include "nsITokenPasswordDialogs.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsNetCID.h"
+#include "nsPK11TokenDB.h"
+#include "pk11func.h"
+#include "pk11sdr.h"  // For PK11SDR_Encrypt, PK11SDR_Decrypt
+
+static mozilla::LazyLogModule gSDRLog("sdrlog");
+
+using namespace mozilla;
+using dom::Promise;
+
+NS_IMPL_ISUPPORTS(SecretDecoderRing, nsISecretDecoderRing)
+
+void BackgroundSdrEncryptStrings(const nsTArray<nsCString>& plaintexts,
+                                 RefPtr<Promise>& aPromise) {
+  nsCOMPtr<nsISecretDecoderRing> sdrService =
+      do_GetService(NS_SECRETDECODERRING_CONTRACTID);
+  nsTArray<nsString> cipherTexts(plaintexts.Length());
+
+  nsresult rv = NS_ERROR_FAILURE;
+  for (const auto& plaintext : plaintexts) {
+    nsCString cipherText;
+    rv = sdrService->EncryptString(plaintext, cipherText);
+
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      break;
+    }
+
+    cipherTexts.AppendElement(NS_ConvertASCIItoUTF16(cipherText));
+  }
+
+  nsCOMPtr<nsIRunnable> runnable(
+      NS_NewRunnableFunction("BackgroundSdrEncryptStringsResolve",
+                             [rv, aPromise = std::move(aPromise),
+                              cipherTexts = std::move(cipherTexts)]() {
+                               if (NS_FAILED(rv)) {
+                                 aPromise->MaybeReject(rv);
+                               } else {
+                                 aPromise->MaybeResolve(cipherTexts);
+                               }
+                             }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+void BackgroundSdrDecryptStrings(const nsTArray<nsCString>& encryptedStrings,
+                                 RefPtr<Promise>& aPromise) {
+  nsCOMPtr<nsISecretDecoderRing> sdrService =
+      do_GetService(NS_SECRETDECODERRING_CONTRACTID);
+  nsTArray<nsString> plainTexts(encryptedStrings.Length());
+
+  nsresult rv = NS_ERROR_FAILURE;
+  for (const auto& encryptedString : encryptedStrings) {
+    nsCString plainText;
+    rv = sdrService->DecryptString(encryptedString, plainText);
+
+    if (NS_FAILED(rv)) {
+      if (rv == NS_ERROR_NOT_AVAILABLE) {
+        // Master Password entry was canceled. Don't keep prompting again.
+        break;
+      }
+
+      // NS_ERROR_ILLEGAL_VALUE or NS_ERROR_FAILURE could be due to bad data for
+      // a single string but we still want to decrypt the others.
+      // Callers of `decryptMany` in crypto-SDR.js assume there will be an
+      // equal number of usernames and passwords so use an empty string to keep
+      // this assumption true.
+      MOZ_LOG(gSDRLog, LogLevel::Warning,
+              ("Couldn't decrypt string: %s", encryptedString.get()));
+      plainTexts.AppendElement(nullptr);
+      rv = NS_OK;
+      continue;
+    }
+
+    plainTexts.AppendElement(NS_ConvertUTF8toUTF16(plainText));
+  }
+
+  nsCOMPtr<nsIRunnable> runnable(
+      NS_NewRunnableFunction("BackgroundSdrDecryptStringsResolve",
+                             [rv, aPromise = std::move(aPromise),
+                              plainTexts = std::move(plainTexts)]() {
+                               if (NS_FAILED(rv)) {
+                                 aPromise->MaybeReject(rv);
+                               } else {
+                                 aPromise->MaybeResolve(plainTexts);
+                               }
+                             }));
+  NS_DispatchToMainThread(runnable.forget());
+}
+
+nsresult SecretDecoderRing::Encrypt(const nsACString& data,
+                                    /*out*/ nsACString& result) {
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Make sure token is initialized. */
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  nsresult rv = setPassword(slot.get(), ctx);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  /* Force authentication */
+  if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* Use default key id */
+  SECItem keyid;
+  keyid.data = nullptr;
+  keyid.len = 0;
+  SECItem request;
+  request.data = BitwiseCast<unsigned char*, const char*>(data.BeginReading());
+  request.len = data.Length();
+  ScopedAutoSECItem reply;
+  if (PK11SDR_Encrypt(&keyid, &request, &reply, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result.Assign(BitwiseCast<char*, unsigned char*>(reply.data), reply.len);
+  return NS_OK;
+}
+
+nsresult SecretDecoderRing::Decrypt(const nsACString& data,
+                                    /*out*/ nsACString& result) {
+  /* Find token with SDR key */
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Force authentication */
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SECItem request;
+  request.data = BitwiseCast<unsigned char*, const char*>(data.BeginReading());
+  request.len = data.Length();
+  ScopedAutoSECItem reply;
+  if (PK11SDR_Decrypt(&request, &reply, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result.Assign(BitwiseCast<char*, unsigned char*>(reply.data), reply.len);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::EncryptString(const nsACString& text,
+                                 /*out*/ nsACString& encryptedBase64Text) {
+  nsAutoCString encryptedText;
+  nsresult rv = Encrypt(text, encryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = Base64Encode(encryptedText, encryptedBase64Text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::AsyncEncryptStrings(const nsTArray<nsCString>& plaintexts,
+                                       JSContext* aCx, Promise** aPromise) {
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  NS_ENSURE_ARG(!plaintexts.IsEmpty());
+  NS_ENSURE_ARG_POINTER(aCx);
+  NS_ENSURE_ARG_POINTER(aPromise);
+
+  nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
+  if (NS_WARN_IF(!globalObject)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  ErrorResult result;
+  RefPtr<Promise> promise = Promise::Create(globalObject, result);
+  if (NS_WARN_IF(result.Failed())) {
+    return result.StealNSResult();
+  }
+
+  // plaintexts are already expected to be UTF-8.
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundSdrEncryptStrings",
+      [promise, plaintexts = plaintexts.Clone()]() mutable {
+        BackgroundSdrEncryptStrings(plaintexts, promise);
+      }));
+
+  nsCOMPtr<nsIEventTarget> target(
+      do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID));
+  if (!target) {
+    return NS_ERROR_FAILURE;
+  }
+  nsresult rv = target->Dispatch(runnable, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  promise.forget(aPromise);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::DecryptString(const nsACString& encryptedBase64Text,
+                                 /*out*/ nsACString& decryptedText) {
+  nsAutoCString encryptedText;
+  nsresult rv = Base64Decode(encryptedBase64Text, encryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = Decrypt(encryptedText, decryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::AsyncDecryptStrings(
+    const nsTArray<nsCString>& encryptedStrings, JSContext* aCx,
+    Promise** aPromise) {
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  NS_ENSURE_ARG(!encryptedStrings.IsEmpty());
+  NS_ENSURE_ARG_POINTER(aCx);
+  NS_ENSURE_ARG_POINTER(aPromise);
+
+  nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
+  if (NS_WARN_IF(!globalObject)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  ErrorResult result;
+  RefPtr<Promise> promise = Promise::Create(globalObject, result);
+  if (NS_WARN_IF(result.Failed())) {
+    return result.StealNSResult();
+  }
+
+  // encryptedStrings are expected to be base64.
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "BackgroundSdrDecryptStrings",
+      [promise, encryptedStrings = encryptedStrings.Clone()]() mutable {
+        BackgroundSdrDecryptStrings(encryptedStrings, promise);
+      }));
+
+  nsCOMPtr<nsIEventTarget> target(
+      do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID));
+  if (!target) {
+    return NS_ERROR_FAILURE;
+  }
+  nsresult rv = target->Dispatch(runnable, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  promise.forget(aPromise);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::ChangePassword() {
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // nsPK11Token::nsPK11Token takes its own reference to slot, so we pass a
+  // non-owning pointer here.
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot.get());
+
+  nsCOMPtr<nsITokenPasswordDialogs> dialogs;
+  nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
+                              NS_GET_IID(nsITokenPasswordDialogs),
+                              NS_TOKENPASSWORDSDIALOG_CONTRACTID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  bool canceled;  // Ignored
+  return dialogs->SetPassword(ctx, token, &canceled);
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::Logout() {
+  PK11_LogoutAll();
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(NS_NSSCOMPONENT_CID));
+  if (!nssComponent) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  return nssComponent->ClearSSLExternalAndInternalSessionCache();
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::LogoutAndTeardown() {
+  PK11_LogoutAll();
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(NS_NSSCOMPONENT_CID));
+  if (!nssComponent) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // LogoutAuthenticatedPK11 also clears the SSL caches.
+  nsresult rv = nssComponent->LogoutAuthenticatedPK11();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // After we just logged out, we need to prune dead connections to make
+  // sure that all connections that should be stopped, are stopped. See
+  // bug 517584.
+  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+  if (os) {
+    os->NotifyObservers(nullptr, "net:prune-dead-connections", nullptr);
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/SecretDecoderRing.h b/security/manager/ssl/SecretDecoderRing.h
new file mode 100644
index 0000000000..23187ae45d
--- /dev/null
+++ b/security/manager/ssl/SecretDecoderRing.h
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SecretDecoderRing_h
+#define SecretDecoderRing_h
+
+#include "nsISecretDecoderRing.h"
+#include "nsString.h"
+
+#define NS_SECRETDECODERRING_CONTRACTID "@mozilla.org/security/sdr;1"
+
+#define NS_SECRETDECODERRING_CID                     \
+  {                                                  \
+    0x0c4f1ddc, 0x1dd2, 0x11b2, {                    \
+      0x9d, 0x95, 0xf2, 0xfd, 0xf1, 0x13, 0x04, 0x4b \
+    }                                                \
+  }
+
+class SecretDecoderRing : public nsISecretDecoderRing {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISECRETDECODERRING
+
+  SecretDecoderRing() = default;
+
+ protected:
+  virtual ~SecretDecoderRing() = default;
+
+ private:
+  nsresult Encrypt(const nsACString& data, /*out*/ nsACString& result);
+  nsresult Decrypt(const nsACString& data, /*out*/ nsACString& result);
+};
+
+#endif  // SecretDecoderRing_h
diff --git a/security/manager/ssl/SelectTLSClientAuthCertChild.h b/security/manager/ssl/SelectTLSClientAuthCertChild.h
new file mode 100644
index 0000000000..cdf8999cda
--- /dev/null
+++ b/security/manager/ssl/SelectTLSClientAuthCertChild.h
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTCHILD_H_
+#define SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTCHILD_H_
+
+#include "mozilla/psm/PSelectTLSClientAuthCertChild.h"
+#include "TLSClientAuthCertSelection.h"
+
+namespace mozilla {
+namespace psm {
+
+// Socket process component of the SelectTLSClientAuthCert IPC protocol. When
+// the parent process selects a client authentication certificate (or opts for
+// no certificate), RecvTLSClientAuthCertSelected will be called via IPC with
+// the bytes of the certificate (and the bytes of the associated certificate
+// chain). That function dispatches an event to the socket thread that notifies
+// NSS that the associated connection can continue.
+class SelectTLSClientAuthCertChild : public PSelectTLSClientAuthCertChild {
+ public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SelectTLSClientAuthCertChild, override)
+
+  explicit SelectTLSClientAuthCertChild(
+      ClientAuthCertificateSelected* continuation);
+
+  ipc::IPCResult RecvTLSClientAuthCertSelected(
+      ByteArray&& aSelectedCertBytes,
+      nsTArray<ByteArray>&& aSelectedCertChainBytes);
+
+ private:
+  ~SelectTLSClientAuthCertChild() = default;
+
+  RefPtr<ClientAuthCertificateSelected> mContinuation;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTCHILD_H_
diff --git a/security/manager/ssl/SelectTLSClientAuthCertParent.h b/security/manager/ssl/SelectTLSClientAuthCertParent.h
new file mode 100644
index 0000000000..5dede41091
--- /dev/null
+++ b/security/manager/ssl/SelectTLSClientAuthCertParent.h
@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTPARENT_H_
+#define SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTPARENT_H_
+
+#include "mozilla/OriginAttributes.h"
+#include "mozilla/psm/PSelectTLSClientAuthCertParent.h"
+
+namespace mozilla {
+namespace psm {
+
+// Parent process component of the SelectTLSClientAuthCert IPC protocol. When
+// the socket process encounters a TLS server that requests a client
+// authentication certificate, Dispatch will be called via IPC with the
+// information associated with that connection. That function dispatches an
+// event to the main thread that determines what certificate to select, if any
+// (usually by opening a dialog for the user to interact with). When a
+// certificate (or no certificate) has been selected, TLSClientAuthCertSelected
+// will be called on the IPC thread, which will cause
+// SelectTLSClientAuthCertChild::RecvTLSClientAuthCertSelected to be called via
+// IPC, which will get the appropriate information to NSS to continue the
+// connection.
+class SelectTLSClientAuthCertParent : public PSelectTLSClientAuthCertParent {
+ public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SelectTLSClientAuthCertParent, override)
+
+  SelectTLSClientAuthCertParent() = default;
+
+  bool Dispatch(const nsACString& aHostName,
+                const OriginAttributes& aOriginAttributes, const int32_t& aPort,
+                const uint32_t& aProviderFlags,
+                const uint32_t& aProviderTlsFlags,
+                const ByteArray& aServerCertBytes,
+                nsTArray<ByteArray>&& aCANames);
+
+  void TLSClientAuthCertSelected(
+      const nsTArray<uint8_t>& aSelectedCertBytes,
+      nsTArray<nsTArray<uint8_t>>&& aSelectedCertChainBytes);
+
+ private:
+  ~SelectTLSClientAuthCertParent() = default;
+
+  void ActorDestroy(mozilla::ipc::IProtocol::ActorDestroyReason aWhy) override;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTPARENT_H_
diff --git a/security/manager/ssl/SharedCertVerifier.h b/security/manager/ssl/SharedCertVerifier.h
new file mode 100644
index 0000000000..a0acceb33d
--- /dev/null
+++ b/security/manager/ssl/SharedCertVerifier.h
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SharedCertVerifier_h
+#define SharedCertVerifier_h
+
+#include "CertVerifier.h"
+#include "EnterpriseRoots.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/TimeStamp.h"
+
+namespace mozilla {
+namespace psm {
+
+class SharedCertVerifier : public mozilla::psm::CertVerifier {
+ protected:
+  ~SharedCertVerifier();
+
+ public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedCertVerifier)
+
+  SharedCertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc,
+                     mozilla::TimeDuration ocspSoftTimeout,
+                     mozilla::TimeDuration ocspHardTimeout,
+                     uint32_t certShortLifetimeInDays,
+                     NetscapeStepUpPolicy netscapeStepUpPolicy,
+                     CertificateTransparencyMode ctMode, CRLiteMode crliteMode,
+                     const Vector<EnterpriseCert>& thirdPartyCerts)
+      : mozilla::psm::CertVerifier(
+            odc, osc, ocspSoftTimeout, ocspHardTimeout, certShortLifetimeInDays,
+            netscapeStepUpPolicy, ctMode, crliteMode, thirdPartyCerts) {}
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // SharedCertVerifier_h
diff --git a/security/manager/ssl/SharedSSLState.cpp b/security/manager/ssl/SharedSSLState.cpp
new file mode 100644
index 0000000000..d0d9667472
--- /dev/null
+++ b/security/manager/ssl/SharedSSLState.cpp
@@ -0,0 +1,192 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "SharedSSLState.h"
+#include "nsClientAuthRemember.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICertOverrideService.h"
+#include "mozilla/OriginAttributes.h"
+#include "nsNSSComponent.h"
+#include "nsIObserverService.h"
+#include "mozilla/Services.h"
+#include "nsThreadUtils.h"
+#include "nsCRT.h"
+#include "nsServiceManagerUtils.h"
+#include "PSMRunnable.h"
+#include "PublicSSL.h"
+#include "ssl.h"
+#include "nsNetCID.h"
+#include "mozilla/Atomics.h"
+#include "mozilla/Unused.h"
+
+using mozilla::Atomic;
+using mozilla::Unused;
+using mozilla::psm::SyncRunnableBase;
+
+namespace {
+
+static Atomic<bool> sCertOverrideSvcExists(false);
+
+class MainThreadClearer : public SyncRunnableBase {
+ public:
+  MainThreadClearer() : mShouldClearSessionCache(false) {}
+
+  void RunOnTargetThread() override {
+    // In some cases it's possible to cause PSM/NSS to initialize while XPCOM
+    // shutdown is in progress. We want to avoid this, since they do not handle
+    // the situation well, hence the flags to avoid instantiating the services
+    // if they don't already exist.
+
+    bool certOverrideSvcExists = sCertOverrideSvcExists.exchange(false);
+    if (certOverrideSvcExists) {
+      sCertOverrideSvcExists = true;
+      nsCOMPtr<nsICertOverrideService> icos =
+          do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+      if (icos) {
+        icos->ClearValidityOverride("all:temporary-certificates"_ns, 0,
+                                    OriginAttributes());
+      }
+    }
+
+    // This needs to be checked on the main thread to avoid racing with NSS
+    // initialization.
+    mShouldClearSessionCache = mozilla::psm::PrivateSSLState() &&
+                               mozilla::psm::PrivateSSLState()->SocketCreated();
+  }
+  bool mShouldClearSessionCache;
+};
+
+}  // namespace
+
+namespace mozilla {
+
+void ClearPrivateSSLState() {
+  // This only works if it is called on the socket transport
+  // service thread immediately after closing all private SSL
+  // connections.
+#ifdef DEBUG
+  nsresult rv;
+  nsCOMPtr<nsIEventTarget> sts =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
+  MOZ_ASSERT(NS_SUCCEEDED(rv));
+  bool onSTSThread;
+  rv = sts->IsOnCurrentThread(&onSTSThread);
+  MOZ_ASSERT(NS_SUCCEEDED(rv) && onSTSThread);
+#endif
+
+  RefPtr<MainThreadClearer> runnable = new MainThreadClearer;
+  runnable->DispatchToMainThreadAndWait();
+
+  // If NSS isn't initialized, this throws an assertion. We guard it by checking
+  // if the session cache might even have anything worth clearing.
+  if (runnable->mShouldClearSessionCache) {
+    nsNSSComponent::DoClearSSLExternalAndInternalSessionCache();
+  }
+}
+
+namespace psm {
+
+namespace {
+class PrivateBrowsingObserver : public nsIObserver {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  explicit PrivateBrowsingObserver(SharedSSLState* aOwner) : mOwner(aOwner) {}
+
+ protected:
+  virtual ~PrivateBrowsingObserver() = default;
+
+ private:
+  SharedSSLState* mOwner;
+};
+
+SharedSSLState* gPublicState;
+SharedSSLState* gPrivateState;
+}  // namespace
+
+NS_IMPL_ISUPPORTS(PrivateBrowsingObserver, nsIObserver)
+
+NS_IMETHODIMP
+PrivateBrowsingObserver::Observe(nsISupports* aSubject, const char* aTopic,
+                                 const char16_t* aData) {
+  if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) {
+    mOwner->ResetStoredData();
+  }
+  return NS_OK;
+}
+
+SharedSSLState::SharedSSLState(uint32_t aTlsFlags)
+    : mIOLayerHelpers(aTlsFlags),
+      mMutex("SharedSSLState::mMutex"),
+      mSocketCreated(false),
+      mOCSPStaplingEnabled(false),
+      mOCSPMustStapleEnabled(false),
+      mSignedCertTimestampsEnabled(false) {
+  mIOLayerHelpers.Init();
+}
+
+SharedSSLState::~SharedSSLState() = default;
+
+void SharedSSLState::NotePrivateBrowsingStatus() {
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  mObserver = new PrivateBrowsingObserver(this);
+  nsCOMPtr<nsIObserverService> obsSvc = mozilla::services::GetObserverService();
+  obsSvc->AddObserver(mObserver, "last-pb-context-exited", false);
+}
+
+void SharedSSLState::ResetStoredData() {
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  mIOLayerHelpers.clearStoredData();
+}
+
+void SharedSSLState::NoteSocketCreated() {
+  MutexAutoLock lock(mMutex);
+  mSocketCreated = true;
+}
+
+bool SharedSSLState::SocketCreated() {
+  MutexAutoLock lock(mMutex);
+  return mSocketCreated;
+}
+
+/*static*/
+void SharedSSLState::GlobalInit() {
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  gPublicState = new SharedSSLState();
+  gPrivateState = new SharedSSLState();
+  gPrivateState->NotePrivateBrowsingStatus();
+}
+
+/*static*/
+void SharedSSLState::GlobalCleanup() {
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+
+  if (gPrivateState) {
+    gPrivateState->Cleanup();
+    delete gPrivateState;
+    gPrivateState = nullptr;
+  }
+
+  if (gPublicState) {
+    gPublicState->Cleanup();
+    delete gPublicState;
+    gPublicState = nullptr;
+  }
+}
+
+/*static*/
+void SharedSSLState::NoteCertOverrideServiceInstantiated() {
+  sCertOverrideSvcExists = true;
+}
+
+void SharedSSLState::Cleanup() { mIOLayerHelpers.Cleanup(); }
+
+SharedSSLState* PublicSSLState() { return gPublicState; }
+
+SharedSSLState* PrivateSSLState() { return gPrivateState; }
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/SharedSSLState.h b/security/manager/ssl/SharedSSLState.h
new file mode 100644
index 0000000000..31562fc76b
--- /dev/null
+++ b/security/manager/ssl/SharedSSLState.h
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SharedSSLState_h
+#define SharedSSLState_h
+
+#include "nsNSSIOLayer.h"
+
+class nsIObserver;
+
+namespace mozilla {
+namespace psm {
+
+class SharedSSLState {
+ public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedSSLState)
+  explicit SharedSSLState(uint32_t aTlsFlags = 0);
+
+  static void GlobalInit();
+  static void GlobalCleanup();
+
+  nsSSLIOLayerHelpers& IOLayerHelpers() { return mIOLayerHelpers; }
+
+  // Main-thread only
+  void ResetStoredData();
+  void NotePrivateBrowsingStatus();
+  void SetOCSPStaplingEnabled(bool staplingEnabled) {
+    mOCSPStaplingEnabled = staplingEnabled;
+  }
+  void SetOCSPMustStapleEnabled(bool mustStapleEnabled) {
+    mOCSPMustStapleEnabled = mustStapleEnabled;
+  }
+  void SetSignedCertTimestampsEnabled(bool signedCertTimestampsEnabled) {
+    mSignedCertTimestampsEnabled = signedCertTimestampsEnabled;
+  }
+
+  // The following methods may be called from any thread
+  bool SocketCreated();
+  void NoteSocketCreated();
+  static void NoteCertOverrideServiceInstantiated();
+  bool IsOCSPStaplingEnabled() const { return mOCSPStaplingEnabled; }
+  bool IsOCSPMustStapleEnabled() const { return mOCSPMustStapleEnabled; }
+  bool IsSignedCertTimestampsEnabled() const {
+    return mSignedCertTimestampsEnabled;
+  }
+
+ private:
+  ~SharedSSLState();
+
+  void Cleanup();
+
+  nsCOMPtr<nsIObserver> mObserver;
+  nsSSLIOLayerHelpers mIOLayerHelpers;
+
+  // True if any sockets have been created that use this shared data.
+  // Requires synchronization between the socket and main threads for
+  // reading/writing.
+  Mutex mMutex MOZ_UNANNOTATED;
+  bool mSocketCreated;
+  bool mOCSPStaplingEnabled;
+  bool mOCSPMustStapleEnabled;
+  bool mSignedCertTimestampsEnabled;
+};
+
+SharedSSLState* PublicSSLState();
+SharedSSLState* PrivateSSLState();
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/StaticHPKPins.errors b/security/manager/ssl/StaticHPKPins.errors
new file mode 100644
index 0000000000..72958f2291
--- /dev/null
+++ b/security/manager/ssl/StaticHPKPins.errors
@@ -0,0 +1,33 @@
+Can't find hash in builtin certs for Chrome nickname GoogleG2, inserting GOOGLE_PIN_GoogleG2
+Can't find hash in builtin certs for Chrome nickname RapidSSL, inserting GOOGLE_PIN_RapidSSL
+Can't find hash in builtin certs for Chrome nickname DigiCertSHA2HighAssuranceServerCA, inserting GOOGLE_PIN_DigiCertSHA2HighAssuranceServerCA
+Can't find hash in builtin certs for Chrome nickname VeriSignClass1, inserting GOOGLE_PIN_VeriSignClass1
+Can't find hash in builtin certs for Chrome nickname VeriSignClass4_G3, inserting GOOGLE_PIN_VeriSignClass4_G3
+Can't find hash in builtin certs for Chrome nickname VeriSignClass3_G2, inserting GOOGLE_PIN_VeriSignClass3_G2
+Can't find hash in builtin certs for Chrome nickname VeriSignClass2_G2, inserting GOOGLE_PIN_VeriSignClass2_G2
+Can't find hash in builtin certs for Chrome nickname GeoTrustGlobal2, inserting GOOGLE_PIN_GeoTrustGlobal2
+Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL
+Can't find hash in builtin certs for Chrome nickname AddTrustPublicCARoot, inserting GOOGLE_PIN_AddTrustPublicCARoot
+Can't find hash in builtin certs for Chrome nickname AddTrustQualifiedCARoot, inserting GOOGLE_PIN_AddTrustQualifiedCARoot
+Can't find hash in builtin certs for Chrome nickname SecureCertificateServices, inserting GOOGLE_PIN_SecureCertificateServices
+Can't find hash in builtin certs for Chrome nickname TrustedCertificateServices, inserting GOOGLE_PIN_TrustedCertificateServices
+Can't find hash in builtin certs for Chrome nickname UTNDATACorpSGC, inserting GOOGLE_PIN_UTNDATACorpSGC
+Can't find hash in builtin certs for Chrome nickname UTNUSERFirstHardware, inserting GOOGLE_PIN_UTNUSERFirstHardware
+Can't find hash in builtin certs for Chrome nickname UTNUSERFirstObject, inserting GOOGLE_PIN_UTNUSERFirstObject
+Can't find hash in builtin certs for Chrome nickname GTECyberTrustGlobalRoot, inserting GOOGLE_PIN_GTECyberTrustGlobalRoot
+Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure
+Can't find hash in builtin certs for Chrome nickname SymantecClass3EVG3, inserting GOOGLE_PIN_SymantecClass3EVG3
+Can't find hash in builtin certs for Chrome nickname DigiCertECCSecureServerCA, inserting GOOGLE_PIN_DigiCertECCSecureServerCA
+Can't find hash in builtin certs for Chrome nickname COMODORSADomainValidationSecureServerCA, inserting GOOGLE_PIN_COMODORSADomainValidationSecureServerCA
+Writing pinset test
+Writing pinset google
+Writing pinset tor
+Writing pinset twitterCom
+Writing pinset twitterCDN
+Writing pinset dropbox
+Writing pinset facebook
+Writing pinset spideroak
+Writing pinset yahoo
+Writing pinset swehackCom
+Writing pinset ncsccs
+Writing pinset tumblr
diff --git a/security/manager/ssl/StaticHPKPins.h b/security/manager/ssl/StaticHPKPins.h
new file mode 100644
index 0000000000..80ce67f4bc
--- /dev/null
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -0,0 +1,778 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* PublicKeyPinningService.cpp, you shouldn't be #including it.              */
+/*****************************************************************************/
+#include <stdint.h>
+/* AffirmTrust Commercial */
+static const char kAffirmTrust_CommercialFingerprint[] =
+  "bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU=";
+
+/* AffirmTrust Networking */
+static const char kAffirmTrust_NetworkingFingerprint[] =
+  "lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA=";
+
+/* AffirmTrust Premium */
+static const char kAffirmTrust_PremiumFingerprint[] =
+  "x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc=";
+
+/* AffirmTrust Premium ECC */
+static const char kAffirmTrust_Premium_ECCFingerprint[] =
+  "MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8=";
+
+/* Baltimore CyberTrust Root */
+static const char kBaltimore_CyberTrust_RootFingerprint[] =
+  "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=";
+
+/* COMODO Certification Authority */
+static const char kCOMODO_Certification_AuthorityFingerprint[] =
+  "AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4=";
+
+/* COMODO ECC Certification Authority */
+static const char kCOMODO_ECC_Certification_AuthorityFingerprint[] =
+  "58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU=";
+
+/* COMODO RSA Certification Authority */
+static const char kCOMODO_RSA_Certification_AuthorityFingerprint[] =
+  "grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=";
+
+/* Comodo AAA Services root */
+static const char kComodo_AAA_Services_rootFingerprint[] =
+  "vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM=";
+
+/* DigiCert Assured ID Root CA */
+static const char kDigiCert_Assured_ID_Root_CAFingerprint[] =
+  "I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o=";
+
+/* DigiCert Assured ID Root G2 */
+static const char kDigiCert_Assured_ID_Root_G2Fingerprint[] =
+  "8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik=";
+
+/* DigiCert Assured ID Root G3 */
+static const char kDigiCert_Assured_ID_Root_G3Fingerprint[] =
+  "Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw=";
+
+/* DigiCert Global Root CA */
+static const char kDigiCert_Global_Root_CAFingerprint[] =
+  "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+
+/* DigiCert Global Root G2 */
+static const char kDigiCert_Global_Root_G2Fingerprint[] =
+  "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=";
+
+/* DigiCert Global Root G3 */
+static const char kDigiCert_Global_Root_G3Fingerprint[] =
+  "uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc=";
+
+/* DigiCert High Assurance EV Root CA */
+static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] =
+  "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=";
+
+/* DigiCert TLS ECC P384 Root G5 */
+static const char kDigiCert_TLS_ECC_P384_Root_G5Fingerprint[] =
+  "oC+voZLIy4HLE0FVT5wFtxzKKokLDRKY1oNkfJYe+98=";
+
+/* DigiCert TLS RSA4096 Root G5 */
+static const char kDigiCert_TLS_RSA4096_Root_G5Fingerprint[] =
+  "ape1HIIZ6T5d7GS61YBs3rD4NVvkfnVwELcCRW4Bqv0=";
+
+/* DigiCert Trusted Root G4 */
+static const char kDigiCert_Trusted_Root_G4Fingerprint[] =
+  "Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw=";
+
+/* End Entity Test Cert */
+static const char kEnd_Entity_Test_CertFingerprint[] =
+  "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+
+/* Entrust Root Certification Authority */
+static const char kEntrust_Root_Certification_AuthorityFingerprint[] =
+  "bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU=";
+
+/* Entrust Root Certification Authority - EC1 */
+static const char kEntrust_Root_Certification_Authority___EC1Fingerprint[] =
+  "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI=";
+
+/* Entrust Root Certification Authority - G2 */
+static const char kEntrust_Root_Certification_Authority___G2Fingerprint[] =
+  "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=";
+
+/* Entrust.net Premium 2048 Secure Server CA */
+static const char kEntrust_net_Premium_2048_Secure_Server_CAFingerprint[] =
+  "HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg=";
+
+/* FacebookBackup */
+static const char kFacebookBackupFingerprint[] =
+  "q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ=";
+
+/* GOOGLE_PIN_DigiCertECCSecureServerCA */
+static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] =
+  "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=";
+
+/* GOOGLE_PIN_R3LetsEncrypt */
+static const char kGOOGLE_PIN_R3LetsEncryptFingerprint[] =
+  "jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=";
+
+/* GOOGLE_PIN_R4LetsEncrypt */
+static const char kGOOGLE_PIN_R4LetsEncryptFingerprint[] =
+  "5VReIRNHJBiRxVSgOTTN6bdJZkpZ0m1hX+WPd5kPLQM=";
+
+/* GOOGLE_PIN_RapidSSL */
+static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
+  "lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
+
+/* GOOGLE_PIN_SymantecClass3EVG3 */
+static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] =
+  "gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E=";
+
+/* GTS Root R1 */
+static const char kGTS_Root_R1Fingerprint[] =
+  "hxqRlPTu1bMS/0DITB1SSu0vd4u/8l8TjPgfaAp63Gc=";
+
+/* GTS Root R2 */
+static const char kGTS_Root_R2Fingerprint[] =
+  "Vfd95BwDeSQo+NUYxVEEIlvkOlWY2SalKK1lPhzOx78=";
+
+/* GTS Root R3 */
+static const char kGTS_Root_R3Fingerprint[] =
+  "QXnt2YHvdHR3tJYmQIr0Paosp6t/nggsEGD4QJZ3Q0g=";
+
+/* GTS Root R4 */
+static const char kGTS_Root_R4Fingerprint[] =
+  "mEflZT5enoR1FuXLgYYGqnVEoZvmf9c2bVBpiOjYQ0c=";
+
+/* GlobalSign ECC Root CA - R4 */
+static const char kGlobalSign_ECC_Root_CA___R4Fingerprint[] =
+  "CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk=";
+
+/* GlobalSign ECC Root CA - R5 */
+static const char kGlobalSign_ECC_Root_CA___R5Fingerprint[] =
+  "fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8=";
+
+/* GlobalSign Root CA */
+static const char kGlobalSign_Root_CAFingerprint[] =
+  "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=";
+
+/* GlobalSign Root CA - R3 */
+static const char kGlobalSign_Root_CA___R3Fingerprint[] =
+  "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=";
+
+/* GlobalSign Root CA - R6 */
+static const char kGlobalSign_Root_CA___R6Fingerprint[] =
+  "aCdH+LpiG4fN07wpXtXKvOciocDANj0daLOJKNJ4fx4=";
+
+/* GlobalSign Root R46 */
+static const char kGlobalSign_Root_R46Fingerprint[] =
+  "rn+WLLnmp9v3uDP7GPqbcaiRdd+UnCMrap73yz3yu/w=";
+
+/* Go Daddy Class 2 CA */
+static const char kGo_Daddy_Class_2_CAFingerprint[] =
+  "VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=";
+
+/* Go Daddy Root Certificate Authority - G2 */
+static const char kGo_Daddy_Root_Certificate_Authority___G2Fingerprint[] =
+  "Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA=";
+
+/* GoogleBackup2048 */
+static const char kGoogleBackup2048Fingerprint[] =
+  "IPMbDAjLVSGntGO3WP53X/zilCVndez5YJ2+vJvhJsA=";
+
+/* ISRG Root X1 */
+static const char kISRG_Root_X1Fingerprint[] =
+  "C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=";
+
+/* ISRG Root X2 */
+static const char kISRG_Root_X2Fingerprint[] =
+  "diGVwiVYbubAI3RW4hB9xU8e/CH2GnkuvVFZE8zmgzI=";
+
+/* Let's Encrypt Authority X3 */
+static const char kLet_s_Encrypt_Authority_X3Fingerprint[] =
+  "YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
+
+/* Let's Encrypt Authority X4 */
+static const char kLet_s_Encrypt_Authority_X4Fingerprint[] =
+  "sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";
+
+/* Starfield Class 2 CA */
+static const char kStarfield_Class_2_CAFingerprint[] =
+  "FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=";
+
+/* Starfield Root Certificate Authority - G2 */
+static const char kStarfield_Root_Certificate_Authority___G2Fingerprint[] =
+  "gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ=";
+
+/* TestSPKI */
+static const char kTestSPKIFingerprint[] =
+  "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+
+/* Tor1 */
+static const char kTor1Fingerprint[] =
+  "bYz9JTDk89X3qu3fgswG+lBQso5vI0N1f0Rx4go4nLo=";
+
+/* Tor2 */
+static const char kTor2Fingerprint[] =
+  "xXCxhTdn7uxXneJSbQCqoAvuW3ZtQl2pDVTf2sewS8w=";
+
+/* Tor3 */
+static const char kTor3Fingerprint[] =
+  "CleC1qwUR8JPgH1nXvSe2VHxDe5/KfNs96EusbfSOfo=";
+
+/* USERTrust ECC Certification Authority */
+static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] =
+  "ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs=";
+
+/* USERTrust RSA Certification Authority */
+static const char kUSERTrust_RSA_Certification_AuthorityFingerprint[] =
+  "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=";
+
+/* Pinsets are each an ordered list by the actual value of the fingerprint */
+struct StaticFingerprints {
+  // See bug 1338873 about making these fields const.
+  size_t size;
+  const char* const* data;
+};
+
+/* PreloadedHPKPins.json pinsets */
+static const char* const kPinset_google_root_pems_Data[] = {
+  kEntrust_Root_Certification_Authority___EC1Fingerprint,
+  kCOMODO_ECC_Certification_AuthorityFingerprint,
+  kDigiCert_Assured_ID_Root_G2Fingerprint,
+  kCOMODO_Certification_AuthorityFingerprint,
+  kDigiCert_Assured_ID_Root_G3Fingerprint,
+  kStarfield_Class_2_CAFingerprint,
+  kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kUSERTrust_ECC_Certification_AuthorityFingerprint,
+  kGlobalSign_Root_CAFingerprint,
+  kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
+  kAffirmTrust_Premium_ECCFingerprint,
+  kGo_Daddy_Class_2_CAFingerprint,
+  kDigiCert_Trusted_Root_G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kGlobalSign_Root_CA___R6Fingerprint,
+  kAffirmTrust_CommercialFingerprint,
+  kEntrust_Root_Certification_AuthorityFingerprint,
+  kGlobalSign_Root_CA___R3Fingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
+  kGlobalSign_ECC_Root_CA___R5Fingerprint,
+  kStarfield_Root_Certificate_Authority___G2Fingerprint,
+  kCOMODO_RSA_Certification_AuthorityFingerprint,
+  kDigiCert_Global_Root_G2Fingerprint,
+  kAffirmTrust_NetworkingFingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kDigiCert_Global_Root_G3Fingerprint,
+  kComodo_AAA_Services_rootFingerprint,
+  kAffirmTrust_PremiumFingerprint,
+  kUSERTrust_RSA_Certification_AuthorityFingerprint,
+};
+static const StaticFingerprints kPinset_google_root_pems = {
+  sizeof(kPinset_google_root_pems_Data) / sizeof(const char*),
+  kPinset_google_root_pems_Data
+};
+
+static const char* const kPinset_mozilla_services_Data[] = {
+  kISRG_Root_X1Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kDigiCert_TLS_RSA4096_Root_G5Fingerprint,
+  kDigiCert_Global_Root_G2Fingerprint,
+  kDigiCert_TLS_ECC_P384_Root_G5Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+};
+static const StaticFingerprints kPinset_mozilla_services = {
+  sizeof(kPinset_mozilla_services_Data) / sizeof(const char*),
+  kPinset_mozilla_services_Data
+};
+
+static const char* const kPinset_mozilla_test_Data[] = {
+  kEnd_Entity_Test_CertFingerprint,
+};
+static const StaticFingerprints kPinset_mozilla_test = {
+  sizeof(kPinset_mozilla_test_Data) / sizeof(const char*),
+  kPinset_mozilla_test_Data
+};
+
+/* Chrome static pinsets */
+static const char* const kPinset_test_Data[] = {
+  kTestSPKIFingerprint,
+};
+static const StaticFingerprints kPinset_test = {
+  sizeof(kPinset_test_Data) / sizeof(const char*),
+  kPinset_test_Data
+};
+
+static const char* const kPinset_google_Data[] = {
+  kGlobalSign_ECC_Root_CA___R4Fingerprint,
+  kGoogleBackup2048Fingerprint,
+  kGTS_Root_R3Fingerprint,
+  kGTS_Root_R2Fingerprint,
+  kGTS_Root_R1Fingerprint,
+  kGTS_Root_R4Fingerprint,
+};
+static const StaticFingerprints kPinset_google = {
+  sizeof(kPinset_google_Data) / sizeof(const char*),
+  kPinset_google_Data
+};
+
+static const char* const kPinset_tor_Data[] = {
+  kGOOGLE_PIN_R4LetsEncryptFingerprint,
+  kTor3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kLet_s_Encrypt_Authority_X3Fingerprint,
+  kTor1Fingerprint,
+  kGOOGLE_PIN_R3LetsEncryptFingerprint,
+  kGOOGLE_PIN_RapidSSLFingerprint,
+  kLet_s_Encrypt_Authority_X4Fingerprint,
+  kTor2Fingerprint,
+};
+static const StaticFingerprints kPinset_tor = {
+  sizeof(kPinset_tor_Data) / sizeof(const char*),
+  kPinset_tor_Data
+};
+
+static const char* const kPinset_facebook_Data[] = {
+  kCOMODO_ECC_Certification_AuthorityFingerprint,
+  kISRG_Root_X1Fingerprint,
+  kUSERTrust_ECC_Certification_AuthorityFingerprint,
+  kGlobalSign_Root_CAFingerprint,
+  kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint,
+  kDigiCert_Trusted_Root_G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGlobalSign_Root_CA___R6Fingerprint,
+  kDigiCert_TLS_RSA4096_Root_G5Fingerprint,
+  kGlobalSign_Root_CA___R3Fingerprint,
+  kISRG_Root_X2Fingerprint,
+  kGOOGLE_PIN_SymantecClass3EVG3Fingerprint,
+  kCOMODO_RSA_Certification_AuthorityFingerprint,
+  kDigiCert_Global_Root_G2Fingerprint,
+  kDigiCert_TLS_ECC_P384_Root_G5Fingerprint,
+  kFacebookBackupFingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGlobalSign_Root_R46Fingerprint,
+  kDigiCert_Global_Root_G3Fingerprint,
+  kUSERTrust_RSA_Certification_AuthorityFingerprint,
+};
+static const StaticFingerprints kPinset_facebook = {
+  sizeof(kPinset_facebook_Data) / sizeof(const char*),
+  kPinset_facebook_Data
+};
+
+/* Domainlist */
+struct TransportSecurityPreload {
+  // See bug 1338873 about making these fields const.
+  const char* mHost;
+  bool mIncludeSubdomains;
+  bool mTestMode;
+  bool mIsMoz;
+  int32_t mId;
+  const StaticFingerprints* pinset;
+};
+
+/* Sort hostnames for binary search. */
+static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
+  { "2mdn.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "accounts.firefox.com", true, false, true, 4, &kPinset_mozilla_services },
+  { "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla_services },
+  { "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla_services },
+  { "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services },
+  { "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "apps.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla_services },
+  { "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla_services },
+  { "blog.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "business.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "calendar.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cdn.ampproject.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "cdn.mozilla.net", true, false, true, 16, &kPinset_mozilla_services },
+  { "cdn.mozilla.org", true, false, true, 17, &kPinset_mozilla_services },
+  { "check.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "checkout.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chrome-devtools-frontend.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chrome.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chrome.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chromereporting-pa.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chromiumbugs.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chromiumcodereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "classroom.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cloud.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "code.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "code.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "codereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "contributor.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "corp.goog", true, false, false, -1, &kPinset_google_root_pems },
+  { "crash-reports-xpsp2.mozilla.com", false, false, true, 11, &kPinset_mozilla_services },
+  { "crash-reports.mozilla.com", false, false, true, 10, &kPinset_mozilla_services },
+  { "crash-stats.mozilla.org", false, false, true, 12, &kPinset_mozilla_services },
+  { "crbug.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "crosbug.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "crrev.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "datastudio.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "developer.android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "developers.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "dist.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "dl.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "dns.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "docs.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "domains.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "download.mozilla.org", false, false, true, 14, &kPinset_mozilla_services },
+  { "drive.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "encrypted.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "example.test", true, true, false, -1, &kPinset_test },
+  { "exclude-subdomains.pinning.example.com", false, false, false, -1, &kPinset_mozilla_test },
+  { "facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "fi.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "firebaseio.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "firefox.com", true, true, true, 15, &kPinset_mozilla_services },
+  { "g.co", false, false, false, -1, &kPinset_google_root_pems },
+  { "g4w.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "ggpht.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "glass.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gmail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "goo.gl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google", true, false, false, -1, &kPinset_google_root_pems },
+  { "google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ac", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ad", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ae", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.af", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ag", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.am", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.as", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.at", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.az", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ba", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.be", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.by", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ca", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cat", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cd", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ch", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ci", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ao", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.bw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ck", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.cr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.hu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.id", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.il", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.im", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.in", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.je", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ke", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.kr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ls", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ma", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.mz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.nz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.th", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.tz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ug", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.uk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.uz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ve", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.vi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.za", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.zm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.zw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.af", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ag", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ai", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ar", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.au", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bd", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.br", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.by", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.do", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ec", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.eg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.et", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.fj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ge", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.hk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.iq", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.jm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.jo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.kh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.kw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.lb", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ly", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.mt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.mx", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.my", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.na", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.nf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ng", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ni", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.np", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.nr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.om", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pe", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ph", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.py", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.qa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ru", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sb", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ua", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.uy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.vc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ve", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.vn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.de", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ee", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.es", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ga", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ge", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ht", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ie", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.im", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.info", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.iq", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.is", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.it", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.it.ao", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.je", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jobs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.kg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ki", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.kz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.la", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.li", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.md", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.me", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ml", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ms", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ne", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ne.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.no", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.off.ai", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ps", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ro", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.rs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ru", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.rw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.se", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.si", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.so", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.st", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.td", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.to", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ua", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.us", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.uz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.vg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.vu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ws", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleadservices.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlecode.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlecommerce.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlegroups.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "googleplex.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlesource.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlesyndication.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googletagmanager.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googletagservices.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleusercontent.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlevideo.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleweblight.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "goto.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "groups.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gstatic.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "gstatic.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt1.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt2.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt3.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hangout", true, false, false, -1, &kPinset_google_root_pems },
+  { "hangouts.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "history.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hostedtalkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "inbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "include-subdomains.pinning.example.com", true, false, false, -1, &kPinset_mozilla_test },
+  { "lens.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "login.corp.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "m.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "mail-settings.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mail.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "market.android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mbasic.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "meet.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "messenger.com", true, false, false, -1, &kPinset_facebook },
+  { "mtouch.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "myaccount.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "myactivity.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "oauthaccountmanager.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "passwordsleakcheck-pa.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "payments.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "pinning-test.badssl.com", true, false, false, -1, &kPinset_test },
+  { "pinningtest.appspot.com", true, false, false, -1, &kPinset_test },
+  { "pixel.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "pixel.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "play.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "plus.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "remotedesktop.corp.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "research.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "script.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "secure.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "security.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "services.mozilla.com", true, false, true, 6, &kPinset_mozilla_services },
+  { "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "static.googleadsserving.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "stats.g.doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "sync.services.mozilla.com", true, false, true, 13, &kPinset_mozilla_services },
+  { "t.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "tablet.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "talk.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "telemetry.mozilla.org", true, true, true, 8, &kPinset_mozilla_services },
+  { "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test },
+  { "testpilot.firefox.com", false, false, true, 9, &kPinset_mozilla_services },
+  { "torproject.org", false, false, false, -1, &kPinset_tor },
+  { "touch.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "tunnel-staging.googlezip.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "tunnel.googlezip.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "ua5v.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "upload.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "urchin.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "w-spotlight.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wallet.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-eu-mirror.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-mirror-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-bigsky-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-demo-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-demo-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-dogfood-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-pentest.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-staging-hr.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-training-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-training-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-trial-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "withgoogle.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "withyoutube.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "www.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "www.g.co", false, false, false, -1, &kPinset_google_root_pems },
+  { "www.gmail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "www.googlegroups.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "www.messenger.com", true, false, false, -1, &kPinset_facebook },
+  { "www.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "xn--7xa.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtu.be", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtube-nocookie.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
+};
+
+// Pinning Preload List Length = 397;
+
+static const int32_t kUnknownId = -1;
+
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1713783018573000);
diff --git a/security/manager/ssl/TLSClientAuthCertSelection.cpp b/security/manager/ssl/TLSClientAuthCertSelection.cpp
new file mode 100644
index 0000000000..8a2e7fd8b6
--- /dev/null
+++ b/security/manager/ssl/TLSClientAuthCertSelection.cpp
@@ -0,0 +1,926 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Implements the client authentication certificate selection callback for NSS.
+// nsNSSIOLayer.cpp sets the callback by calling SSL_GetClientAuthDataHook and
+// identifying SSLGetClientAuthDataHook as the function to call when a TLS
+// server requests a client authentication certificate.
+//
+// In the general case, SSLGetClientAuthDataHook (running on the socket thread),
+// dispatches an event to the main thread to ask the user to select a client
+// authentication certificate. Meanwhile, it returns SECWouldBlock so that other
+// network I/O can occur. When the user selects a client certificate (or opts
+// not to send one), an event is dispatched to the socket thread that gives NSS
+// the appropriate information to proceed with the TLS connection.
+//
+// If networking is being done on the socket process, SSLGetClientAuthDataHook
+// sends an IPC call to the parent process to ask the user to select a
+// certificate. Meanwhile, it again returns SECWouldBlock so other network I/O
+// can occur. When a certificate (or no certificate) has been selected, the
+// parent process sends an IPC call back to the socket process, which causes an
+// event to be dispatched to the socket thread to continue to the TLS
+// connection.
+
+#include "TLSClientAuthCertSelection.h"
+#include "cert_storage/src/cert_storage.h"
+#include "mozilla/Logging.h"
+#include "mozilla/ipc/BackgroundChild.h"
+#include "mozilla/ipc/BackgroundParent.h"
+#include "mozilla/ipc/PBackgroundChild.h"
+#include "mozilla/psm/SelectTLSClientAuthCertChild.h"
+#include "mozilla/psm/SelectTLSClientAuthCertParent.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsNSSComponent.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsIMutableArray.h"
+#include "nsINSSComponent.h"
+#include "NSSCertDBTrustDomain.h"
+#include "nsIClientAuthRememberService.h"
+#include "nsIX509CertDB.h"
+#include "nsNSSHelper.h"
+#include "mozpkix/pkixnss.h"
+#include "mozpkix/pkixutil.h"
+#include "mozpkix/pkix.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+// Possible behaviors for choosing a cert for client auth.
+enum class UserCertChoice {
+  // Ask the user to choose a cert.
+  Ask = 0,
+  // Automatically choose a cert.
+  Auto = 1,
+};
+
+// Returns the most appropriate user cert choice based on the value of the
+// security.default_personal_cert preference.
+UserCertChoice nsGetUserCertChoice() {
+  nsAutoCString value;
+  nsresult rv =
+      Preferences::GetCString("security.default_personal_cert", value);
+  if (NS_FAILED(rv)) {
+    return UserCertChoice::Ask;
+  }
+
+  // There are three cases for what the preference could be set to:
+  //   1. "Select Automatically" -> Auto.
+  //   2. "Ask Every Time" -> Ask.
+  //   3. Something else -> Ask. This might be a nickname from a migrated cert,
+  //      but we no longer support this case.
+  return value.EqualsLiteral("Select Automatically") ? UserCertChoice::Auto
+                                                     : UserCertChoice::Ask;
+}
+
+static bool hasExplicitKeyUsageNonRepudiation(CERTCertificate* cert) {
+  // There is no extension, v1 or v2 certificate
+  if (!cert->extensions) return false;
+
+  SECStatus srv;
+  SECItem keyUsageItem;
+  keyUsageItem.data = nullptr;
+
+  srv = CERT_FindKeyUsageExtension(cert, &keyUsageItem);
+  if (srv == SECFailure) return false;
+
+  unsigned char keyUsage = keyUsageItem.data[0];
+  PORT_Free(keyUsageItem.data);
+
+  return !!(keyUsage & KU_NON_REPUDIATION);
+}
+
+ClientAuthInfo::ClientAuthInfo(const nsACString& hostName,
+                               const OriginAttributes& originAttributes,
+                               int32_t port, uint32_t providerFlags,
+                               uint32_t providerTlsFlags)
+    : mHostName(hostName),
+      mOriginAttributes(originAttributes),
+      mPort(port),
+      mProviderFlags(providerFlags),
+      mProviderTlsFlags(providerTlsFlags) {}
+
+ClientAuthInfo::ClientAuthInfo(ClientAuthInfo&& aOther) noexcept
+    : mHostName(std::move(aOther.mHostName)),
+      mOriginAttributes(std::move(aOther.mOriginAttributes)),
+      mPort(aOther.mPort),
+      mProviderFlags(aOther.mProviderFlags),
+      mProviderTlsFlags(aOther.mProviderTlsFlags) {}
+
+const nsACString& ClientAuthInfo::HostName() const { return mHostName; }
+
+const OriginAttributes& ClientAuthInfo::OriginAttributesRef() const {
+  return mOriginAttributes;
+}
+
+int32_t ClientAuthInfo::Port() const { return mPort; }
+
+uint32_t ClientAuthInfo::ProviderFlags() const { return mProviderFlags; }
+
+uint32_t ClientAuthInfo::ProviderTlsFlags() const { return mProviderTlsFlags; }
+
+nsTArray<nsTArray<uint8_t>> CollectCANames(CERTDistNames* caNames) {
+  MOZ_ASSERT(caNames);
+
+  nsTArray<nsTArray<uint8_t>> collectedCANames;
+  if (!caNames) {
+    return collectedCANames;
+  }
+
+  for (int i = 0; i < caNames->nnames; i++) {
+    nsTArray<uint8_t> caName;
+    caName.AppendElements(caNames->names[i].data, caNames->names[i].len);
+    collectedCANames.AppendElement(std::move(caName));
+  }
+  return collectedCANames;
+}
+
+// This TrustDomain only exists to facilitate the mozilla::pkix path building
+// algorithm. It considers any certificate with an issuer distinguished name in
+// the set of given CA names to be a trust anchor. It does essentially no
+// validation or verification (in particular, the signature checking function
+// always returns "Success").
+class ClientAuthCertNonverifyingTrustDomain final : public TrustDomain {
+ public:
+  ClientAuthCertNonverifyingTrustDomain(
+      nsTArray<nsTArray<uint8_t>>& caNames,
+      nsTArray<nsTArray<uint8_t>>& thirdPartyCertificates)
+      : mCANames(caNames),
+        mCertStorage(do_GetService(NS_CERT_STORAGE_CID)),
+        mThirdPartyCertificates(thirdPartyCertificates) {}
+
+  virtual mozilla::pkix::Result GetCertTrust(
+      pkix::EndEntityOrCA endEntityOrCA, const pkix::CertPolicyId& policy,
+      pkix::Input candidateCertDER,
+      /*out*/ pkix::TrustLevel& trustLevel) override;
+  virtual mozilla::pkix::Result FindIssuer(pkix::Input encodedIssuerName,
+                                           IssuerChecker& checker,
+                                           pkix::Time time) override;
+
+  virtual mozilla::pkix::Result CheckRevocation(
+      EndEntityOrCA endEntityOrCA, const pkix::CertID& certID, Time time,
+      mozilla::pkix::Duration validityDuration,
+      /*optional*/ const Input* stapledOCSPresponse,
+      /*optional*/ const Input* aiaExtension,
+      /*optional*/ const Input* sctExtension) override {
+    return pkix::Success;
+  }
+
+  virtual mozilla::pkix::Result IsChainValid(
+      const pkix::DERArray& certChain, pkix::Time time,
+      const pkix::CertPolicyId& requiredPolicy) override;
+
+  virtual mozilla::pkix::Result CheckSignatureDigestAlgorithm(
+      pkix::DigestAlgorithm digestAlg, pkix::EndEntityOrCA endEntityOrCA,
+      pkix::Time notBefore) override {
+    return pkix::Success;
+  }
+  virtual mozilla::pkix::Result CheckRSAPublicKeyModulusSizeInBits(
+      pkix::EndEntityOrCA endEntityOrCA,
+      unsigned int modulusSizeInBits) override {
+    return pkix::Success;
+  }
+  virtual mozilla::pkix::Result VerifyRSAPKCS1SignedData(
+      pkix::Input data, pkix::DigestAlgorithm, pkix::Input signature,
+      pkix::Input subjectPublicKeyInfo) override {
+    return pkix::Success;
+  }
+  virtual mozilla::pkix::Result VerifyRSAPSSSignedData(
+      pkix::Input data, pkix::DigestAlgorithm, pkix::Input signature,
+      pkix::Input subjectPublicKeyInfo) override {
+    return pkix::Success;
+  }
+  virtual mozilla::pkix::Result CheckECDSACurveIsAcceptable(
+      pkix::EndEntityOrCA endEntityOrCA, pkix::NamedCurve curve) override {
+    return pkix::Success;
+  }
+  virtual mozilla::pkix::Result VerifyECDSASignedData(
+      pkix::Input data, pkix::DigestAlgorithm, pkix::Input signature,
+      pkix::Input subjectPublicKeyInfo) override {
+    return pkix::Success;
+  }
+  virtual mozilla::pkix::Result CheckValidityIsAcceptable(
+      pkix::Time notBefore, pkix::Time notAfter,
+      pkix::EndEntityOrCA endEntityOrCA,
+      pkix::KeyPurposeId keyPurpose) override {
+    return pkix::Success;
+  }
+  virtual mozilla::pkix::Result NetscapeStepUpMatchesServerAuth(
+      pkix::Time notBefore,
+      /*out*/ bool& matches) override {
+    matches = true;
+    return pkix::Success;
+  }
+  virtual void NoteAuxiliaryExtension(pkix::AuxiliaryExtension extension,
+                                      pkix::Input extensionData) override {}
+  virtual mozilla::pkix::Result DigestBuf(pkix::Input item,
+                                          pkix::DigestAlgorithm digestAlg,
+                                          /*out*/ uint8_t* digestBuf,
+                                          size_t digestBufLen) override {
+    return pkix::DigestBufNSS(item, digestAlg, digestBuf, digestBufLen);
+  }
+
+  nsTArray<nsTArray<uint8_t>> TakeBuiltChain() {
+    return std::move(mBuiltChain);
+  }
+
+ private:
+  nsTArray<nsTArray<uint8_t>>& mCANames;  // non-owning
+  nsCOMPtr<nsICertStorage> mCertStorage;
+  nsTArray<nsTArray<uint8_t>>& mThirdPartyCertificates;  // non-owning
+  nsTArray<nsTArray<uint8_t>> mBuiltChain;
+};
+
+mozilla::pkix::Result ClientAuthCertNonverifyingTrustDomain::GetCertTrust(
+    pkix::EndEntityOrCA endEntityOrCA, const pkix::CertPolicyId& policy,
+    pkix::Input candidateCertDER,
+    /*out*/ pkix::TrustLevel& trustLevel) {
+  // If the server did not specify any CA names, all client certificates are
+  // acceptable.
+  if (mCANames.Length() == 0) {
+    trustLevel = pkix::TrustLevel::TrustAnchor;
+    return pkix::Success;
+  }
+  BackCert cert(candidateCertDER, endEntityOrCA, nullptr);
+  mozilla::pkix::Result rv = cert.Init();
+  if (rv != pkix::Success) {
+    return rv;
+  }
+  // If this certificate's issuer distinguished name is in the set of acceptable
+  // CA names, we say this is a trust anchor so that the client certificate
+  // issued from this certificate will be presented as an option for the user.
+  // We also check the certificate's subject distinguished name to account for
+  // the case where client certificates that have the id-kp-OCSPSigning EKU
+  // can't be trust anchors according to mozilla::pkix, and thus we may be
+  // looking directly at the issuer.
+  pkix::Input issuer(cert.GetIssuer());
+  pkix::Input subject(cert.GetSubject());
+  for (const auto& caName : mCANames) {
+    pkix::Input caNameInput;
+    rv = caNameInput.Init(caName.Elements(), caName.Length());
+    if (rv != pkix::Success) {
+      continue;  // probably too big
+    }
+    if (InputsAreEqual(issuer, caNameInput) ||
+        InputsAreEqual(subject, caNameInput)) {
+      trustLevel = pkix::TrustLevel::TrustAnchor;
+      return pkix::Success;
+    }
+  }
+  trustLevel = pkix::TrustLevel::InheritsTrust;
+  return pkix::Success;
+}
+
+// In theory this implementation should only need to consider intermediate
+// certificates, since in theory it should only need to look at the issuer
+// distinguished name of each certificate to determine if the client
+// certificate is considered acceptable to the server.
+// However, because we need to account for client certificates with the
+// id-kp-OCSPSigning EKU, and because mozilla::pkix doesn't allow such
+// certificates to be trust anchors, we need to consider the issuers of such
+// certificates directly. These issuers could be roots, so we have to consider
+// roots here.
+mozilla::pkix::Result ClientAuthCertNonverifyingTrustDomain::FindIssuer(
+    pkix::Input encodedIssuerName, IssuerChecker& checker, pkix::Time time) {
+  // First try all relevant certificates known to Gecko, which avoids calling
+  // CERT_CreateSubjectCertList, because that can be expensive.
+  Vector<pkix::Input> geckoCandidates;
+  if (!mCertStorage) {
+    return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  nsTArray<uint8_t> subject;
+  subject.AppendElements(encodedIssuerName.UnsafeGetData(),
+                         encodedIssuerName.GetLength());
+  nsTArray<nsTArray<uint8_t>> certs;
+  nsresult rv = mCertStorage->FindCertsBySubject(subject, certs);
+  if (NS_FAILED(rv)) {
+    return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  for (auto& cert : certs) {
+    pkix::Input certDER;
+    mozilla::pkix::Result rv = certDER.Init(cert.Elements(), cert.Length());
+    if (rv != pkix::Success) {
+      continue;  // probably too big
+    }
+    if (!geckoCandidates.append(certDER)) {
+      return mozilla::pkix::Result::FATAL_ERROR_NO_MEMORY;
+    }
+  }
+
+  for (const auto& thirdPartyCertificate : mThirdPartyCertificates) {
+    pkix::Input thirdPartyCertificateInput;
+    mozilla::pkix::Result rv = thirdPartyCertificateInput.Init(
+        thirdPartyCertificate.Elements(), thirdPartyCertificate.Length());
+    if (rv != pkix::Success) {
+      continue;  // probably too big
+    }
+    if (!geckoCandidates.append(thirdPartyCertificateInput)) {
+      return mozilla::pkix::Result::FATAL_ERROR_NO_MEMORY;
+    }
+  }
+
+  bool keepGoing = true;
+  for (pkix::Input candidate : geckoCandidates) {
+    mozilla::pkix::Result rv = checker.Check(candidate, nullptr, keepGoing);
+    if (rv != pkix::Success) {
+      return rv;
+    }
+    if (!keepGoing) {
+      return pkix::Success;
+    }
+  }
+
+  SECItem encodedIssuerNameItem =
+      pkix::UnsafeMapInputToSECItem(encodedIssuerName);
+  // NSS seems not to differentiate between "no potential issuers found" and
+  // "there was an error trying to retrieve the potential issuers." We assume
+  // there was no error if CERT_CreateSubjectCertList returns nullptr.
+  UniqueCERTCertList candidates(CERT_CreateSubjectCertList(
+      nullptr, CERT_GetDefaultCertDB(), &encodedIssuerNameItem, 0, false));
+  Vector<pkix::Input> nssCandidates;
+  if (candidates) {
+    for (CERTCertListNode* n = CERT_LIST_HEAD(candidates);
+         !CERT_LIST_END(n, candidates); n = CERT_LIST_NEXT(n)) {
+      pkix::Input certDER;
+      mozilla::pkix::Result rv =
+          certDER.Init(n->cert->derCert.data, n->cert->derCert.len);
+      if (rv != pkix::Success) {
+        continue;  // probably too big
+      }
+      if (!nssCandidates.append(certDER)) {
+        return mozilla::pkix::Result::FATAL_ERROR_NO_MEMORY;
+      }
+    }
+  }
+
+  for (pkix::Input candidate : nssCandidates) {
+    mozilla::pkix::Result rv = checker.Check(candidate, nullptr, keepGoing);
+    if (rv != pkix::Success) {
+      return rv;
+    }
+    if (!keepGoing) {
+      return pkix::Success;
+    }
+  }
+  return pkix::Success;
+}
+
+mozilla::pkix::Result ClientAuthCertNonverifyingTrustDomain::IsChainValid(
+    const pkix::DERArray& certArray, pkix::Time, const pkix::CertPolicyId&) {
+  mBuiltChain.Clear();
+
+  size_t numCerts = certArray.GetLength();
+  for (size_t i = 0; i < numCerts; ++i) {
+    nsTArray<uint8_t> certBytes;
+    const pkix::Input* certInput = certArray.GetDER(i);
+    MOZ_ASSERT(certInput != nullptr);
+    if (!certInput) {
+      return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+    }
+    certBytes.AppendElements(certInput->UnsafeGetData(),
+                             certInput->GetLength());
+    mBuiltChain.AppendElement(std::move(certBytes));
+  }
+
+  return pkix::Success;
+}
+
+void ClientAuthCertificateSelectedBase::SetSelectedClientAuthData(
+    nsTArray<uint8_t>&& selectedCertBytes,
+    nsTArray<nsTArray<uint8_t>>&& selectedCertChainBytes) {
+  mSelectedCertBytes = std::move(selectedCertBytes);
+  mSelectedCertChainBytes = std::move(selectedCertChainBytes);
+}
+
+NS_IMETHODIMP
+ClientAuthCertificateSelected::Run() {
+  mSocketInfo->ClientAuthCertificateSelected(mSelectedCertBytes,
+                                             mSelectedCertChainBytes);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SelectClientAuthCertificate::Run() {
+  DoSelectClientAuthCertificate();
+  if (mSelectedCertBytes.Length() > 0) {
+    nsTArray<nsTArray<uint8_t>> selectedCertChainBytes;
+    if (BuildChainForCertificate(mSelectedCertBytes, selectedCertChainBytes) !=
+        pkix::Success) {
+      selectedCertChainBytes.Clear();
+    }
+    mContinuation->SetSelectedClientAuthData(std::move(mSelectedCertBytes),
+                                             std::move(selectedCertChainBytes));
+  }
+  nsCOMPtr<nsIEventTarget> socketThread =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID);
+  if (NS_WARN_IF(!socketThread)) {
+    return NS_ERROR_FAILURE;
+  }
+  nsresult rv = socketThread->Dispatch(mContinuation, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+// Helper function to build a certificate chain from the given certificate to a
+// trust anchor in the set indicated by the peer (mCANames). This is essentially
+// best-effort, so no signature verification occurs.
+mozilla::pkix::Result SelectClientAuthCertificate::BuildChainForCertificate(
+    nsTArray<uint8_t>& certBytes, nsTArray<nsTArray<uint8_t>>& certChainBytes) {
+  ClientAuthCertNonverifyingTrustDomain trustDomain(mCANames,
+                                                    mEnterpriseCertificates);
+  pkix::Input certDER;
+  mozilla::pkix::Result result =
+      certDER.Init(certBytes.Elements(), certBytes.Length());
+  if (result != pkix::Success) {
+    return result;
+  }
+  // Client certificates shouldn't be CAs, but for interoperability reasons we
+  // attempt to build a path with each certificate as an end entity and then as
+  // a CA if that fails.
+  const pkix::EndEntityOrCA kEndEntityOrCAParams[] = {
+      pkix::EndEntityOrCA::MustBeEndEntity, pkix::EndEntityOrCA::MustBeCA};
+  // mozilla::pkix rejects certificates with id-kp-OCSPSigning unless it is
+  // specifically required. A client certificate should never have this EKU.
+  // Unfortunately, there are some client certificates in private PKIs that
+  // have this EKU. For interoperability, we attempt to work around this
+  // restriction in mozilla::pkix by first building the certificate chain with
+  // no particular EKU required and then again with id-kp-OCSPSigning required
+  // if that fails.
+  const pkix::KeyPurposeId kKeyPurposeIdParams[] = {
+      pkix::KeyPurposeId::anyExtendedKeyUsage,
+      pkix::KeyPurposeId::id_kp_OCSPSigning};
+  for (const auto& endEntityOrCAParam : kEndEntityOrCAParams) {
+    for (const auto& keyPurposeIdParam : kKeyPurposeIdParams) {
+      mozilla::pkix::Result result = BuildCertChain(
+          trustDomain, certDER, Now(), endEntityOrCAParam,
+          KeyUsage::noParticularKeyUsageRequired, keyPurposeIdParam,
+          pkix::CertPolicyId::anyPolicy, nullptr);
+      if (result == pkix::Success) {
+        certChainBytes = trustDomain.TakeBuiltChain();
+        return pkix::Success;
+      }
+    }
+  }
+  return mozilla::pkix::Result::ERROR_UNKNOWN_ISSUER;
+}
+
+void SelectClientAuthCertificate::DoSelectClientAuthCertificate() {
+  // We check the value of a pref, so this should only be run on the main
+  // thread.
+  MOZ_ASSERT(NS_IsMainThread());
+
+  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (NS_WARN_IF(!component)) {
+    return;
+  }
+  nsresult rv = component->GetEnterpriseIntermediates(mEnterpriseCertificates);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return;
+  }
+  nsTArray<nsTArray<uint8_t>> enterpriseRoots;
+  rv = component->GetEnterpriseRoots(enterpriseRoots);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return;
+  }
+  mEnterpriseCertificates.AppendElements(std::move(enterpriseRoots));
+
+  if (NS_WARN_IF(NS_FAILED(CheckForSmartCardChanges()))) {
+    return;
+  }
+
+  if (!mPotentialClientCertificates) {
+    return;
+  }
+
+  CERTCertListNode* n = CERT_LIST_HEAD(mPotentialClientCertificates);
+  while (!CERT_LIST_END(n, mPotentialClientCertificates)) {
+    nsTArray<nsTArray<uint8_t>> unusedBuiltChain;
+    nsTArray<uint8_t> certBytes;
+    certBytes.AppendElements(n->cert->derCert.data, n->cert->derCert.len);
+    mozilla::pkix::Result result =
+        BuildChainForCertificate(certBytes, unusedBuiltChain);
+    if (result != pkix::Success) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("removing cert '%s'", n->cert->subjectName));
+      CERTCertListNode* toRemove = n;
+      n = CERT_LIST_NEXT(n);
+      CERT_RemoveCertListNode(toRemove);
+      continue;
+    }
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("keeping cert '%s'\n", n->cert->subjectName));
+    n = CERT_LIST_NEXT(n);
+  }
+
+  if (CERT_LIST_EMPTY(mPotentialClientCertificates)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("no client certificates available after filtering by CA"));
+    return;
+  }
+
+  // find valid user cert and key pair
+  if (nsGetUserCertChoice() == UserCertChoice::Auto) {
+    // automatically find the right cert
+    UniqueCERTCertificate lowPrioNonrepCert;
+    // loop through the list until we find a cert with a key
+    for (CERTCertListNode* node = CERT_LIST_HEAD(mPotentialClientCertificates);
+         !CERT_LIST_END(node, mPotentialClientCertificates);
+         node = CERT_LIST_NEXT(node)) {
+      UniqueSECKEYPrivateKey tmpKey(PK11_FindKeyByAnyCert(node->cert, nullptr));
+      if (tmpKey) {
+        if (hasExplicitKeyUsageNonRepudiation(node->cert)) {
+          // Not a preferred cert
+          if (!lowPrioNonrepCert) {  // did not yet find a low prio cert
+            lowPrioNonrepCert.reset(CERT_DupCertificate(node->cert));
+          }
+        } else {
+          // this is a good cert to present
+          mSelectedCertBytes.AppendElements(node->cert->derCert.data,
+                                            node->cert->derCert.len);
+          return;
+        }
+      }
+      if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) {
+        // problem with password: bail
+        break;
+      }
+    }
+
+    if (lowPrioNonrepCert) {
+      mSelectedCertBytes.AppendElements(lowPrioNonrepCert->derCert.data,
+                                        lowPrioNonrepCert->derCert.len);
+    }
+    return;
+  }
+
+  // Not Auto => ask
+  // Get the SSL Certificate
+  const nsACString& hostname = mInfo.HostName();
+  nsCOMPtr<nsIClientAuthRememberService> cars = nullptr;
+
+  if (mInfo.ProviderTlsFlags() == 0) {
+    cars = do_GetService(NS_CLIENTAUTHREMEMBERSERVICE_CONTRACTID);
+  }
+
+  if (cars) {
+    nsCString rememberedDBKey;
+    bool found;
+    nsresult rv = cars->HasRememberedDecision(
+        hostname, mInfo.OriginAttributesRef(), rememberedDBKey, &found);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return;
+    }
+    if (found) {
+      // An empty dbKey indicates that the user chose not to use a certificate
+      // and chose to remember this decision
+      if (rememberedDBKey.IsEmpty()) {
+        return;
+      }
+      nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
+      if (NS_WARN_IF(!certdb)) {
+        return;
+      }
+      nsCOMPtr<nsIX509Cert> foundCert;
+      nsresult rv =
+          certdb->FindCertByDBKey(rememberedDBKey, getter_AddRefs(foundCert));
+      if (NS_WARN_IF(NS_FAILED(rv))) {
+        return;
+      }
+      if (foundCert) {
+        Unused << NS_WARN_IF(
+            NS_FAILED(foundCert->GetRawDER(mSelectedCertBytes)));
+        return;
+      }
+    }
+  }
+
+  // ask the user to select a certificate
+  nsCOMPtr<nsIClientAuthDialogs> dialogs;
+  UniquePORTString corg(CERT_GetOrgName(&mServerCert->subject));
+  nsAutoCString org(corg.get());
+
+  UniquePORTString cissuer(CERT_GetOrgName(&mServerCert->issuer));
+  nsAutoCString issuer(cissuer.get());
+
+  nsCOMPtr<nsIMutableArray> certArray = nsArrayBase::Create();
+  if (NS_WARN_IF(!certArray)) {
+    return;
+  }
+
+  for (CERTCertListNode* node = CERT_LIST_HEAD(mPotentialClientCertificates);
+       !CERT_LIST_END(node, mPotentialClientCertificates);
+       node = CERT_LIST_NEXT(node)) {
+    nsCOMPtr<nsIX509Cert> tempCert = new nsNSSCertificate(node->cert);
+    nsresult rv = certArray->AppendElement(tempCert);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return;
+    }
+  }
+
+  // Throw up the client auth dialog and get back the index of the selected
+  // cert
+  rv = getNSSDialogs(getter_AddRefs(dialogs), NS_GET_IID(nsIClientAuthDialogs),
+                     NS_CLIENTAUTHDIALOGS_CONTRACTID);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return;
+  }
+
+  uint32_t selectedIndex = 0;
+  bool certChosen = false;
+
+  // even if the user has canceled, we want to remember that, to avoid
+  // repeating prompts
+  bool wantRemember = false;
+  rv =
+      dialogs->ChooseCertificate(hostname, mInfo.Port(), org, issuer, certArray,
+                                 &selectedIndex, &wantRemember, &certChosen);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return;
+  }
+
+  nsCOMPtr<nsIX509Cert> selectedCert;
+  if (certChosen) {
+    selectedCert = do_QueryElementAt(certArray, selectedIndex);
+    if (NS_WARN_IF(!selectedCert)) {
+      return;
+    }
+    if (NS_WARN_IF(NS_FAILED(selectedCert->GetRawDER(mSelectedCertBytes)))) {
+      return;
+    }
+  }
+
+  if (cars && wantRemember) {
+    rv = cars->RememberDecision(hostname, mInfo.OriginAttributesRef(),
+                                selectedCert);
+    Unused << NS_WARN_IF(NS_FAILED(rv));
+  }
+}
+
+SECStatus SSLGetClientAuthDataHook(void* arg, PRFileDesc* socket,
+                                   CERTDistNames* caNamesDecoded,
+                                   CERTCertificate** pRetCert,
+                                   SECKEYPrivateKey** pRetKey) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] SSLGetClientAuthDataHook", socket));
+
+  if (!arg || !socket || !caNamesDecoded || !pRetCert || !pRetKey) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return SECFailure;
+  }
+
+  *pRetCert = nullptr;
+  *pRetKey = nullptr;
+
+  RefPtr<NSSSocketControl> info(static_cast<NSSSocketControl*>(arg));
+  Telemetry::ScalarAdd(Telemetry::ScalarID::SECURITY_CLIENT_AUTH_CERT_USAGE,
+                       u"requested"_ns, 1);
+
+  if (info->GetDenyClientCert()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] Not returning client cert due to denyClientCert attribute",
+             socket));
+    return SECSuccess;
+  }
+
+  if (info->GetJoined()) {
+    // We refuse to send a client certificate when there are multiple hostnames
+    // joined on this connection, because we only show the user one hostname
+    // (mHostName) in the client certificate UI.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] Not returning client cert due to previous join", socket));
+    return SECSuccess;
+  }
+
+  UniqueCERTCertificate serverCert(SSL_PeerCertificate(socket));
+  if (!serverCert) {
+    PR_SetError(SSL_ERROR_NO_CERTIFICATE, 0);
+    return SECFailure;
+  }
+
+  nsTArray<nsTArray<uint8_t>> caNames(CollectCANames(caNamesDecoded));
+
+  // Currently, the IPC client certs module only refreshes its view of
+  // available certificates and keys if the platform issues a search for all
+  // certificates or keys. In the socket process, such a search may not have
+  // happened, so this ensures it has.
+  // Additionally, instantiating certificates in NSS is not thread-safe and has
+  // performance implications, so search for them here (on the socket thread)
+  // when not in the socket process.
+  UniqueCERTCertList potentialClientCertificates(
+      FindClientCertificatesWithPrivateKeys());
+
+  RefPtr<ClientAuthCertificateSelected> continuation(
+      new ClientAuthCertificateSelected(info));
+  // If this is the socket process, dispatch an IPC call to select a client
+  // authentication certificate in the parent process.
+  // Otherwise, dispatch an event to the main thread to do the selection.
+  // When those events finish, they will run the continuation, which gives the
+  // appropriate information to the NSSSocketControl, which then calls
+  // SSL_ClientCertCallbackComplete to continue the connection.
+  if (XRE_IsSocketProcess()) {
+    RefPtr<SelectTLSClientAuthCertChild> selectClientAuthCertificate(
+        new SelectTLSClientAuthCertChild(continuation));
+    nsAutoCString hostname(info->GetHostName());
+    nsTArray<uint8_t> serverCertBytes;
+    nsTArray<ByteArray> caNamesBytes;
+    for (const auto& caName : caNames) {
+      caNamesBytes.AppendElement(ByteArray(std::move(caName)));
+    }
+    serverCertBytes.AppendElements(serverCert->derCert.data,
+                                   serverCert->derCert.len);
+    OriginAttributes originAttributes(info->GetOriginAttributes());
+    int32_t port(info->GetPort());
+    uint32_t providerFlags(info->GetProviderFlags());
+    uint32_t providerTlsFlags(info->GetProviderTlsFlags());
+    nsCOMPtr<nsIRunnable> remoteSelectClientAuthCertificate(
+        NS_NewRunnableFunction(
+            "RemoteSelectClientAuthCertificate",
+            [selectClientAuthCertificate(
+                 std::move(selectClientAuthCertificate)),
+             hostname(std::move(hostname)),
+             originAttributes(std::move(originAttributes)), port, providerFlags,
+             providerTlsFlags, serverCertBytes(std::move(serverCertBytes)),
+             caNamesBytes(std::move(caNamesBytes))]() {
+              mozilla::ipc::PBackgroundChild* actorChild =
+                  mozilla::ipc::BackgroundChild::
+                      GetOrCreateForSocketParentBridgeForCurrentThread();
+              if (actorChild) {
+                Unused << actorChild->SendPSelectTLSClientAuthCertConstructor(
+                    selectClientAuthCertificate, hostname, originAttributes,
+                    port, providerFlags, providerTlsFlags,
+                    ByteArray(serverCertBytes), caNamesBytes);
+              }
+            }));
+    info->SetPendingSelectClientAuthCertificate(
+        std::move(remoteSelectClientAuthCertificate));
+  } else {
+    ClientAuthInfo authInfo(info->GetHostName(), info->GetOriginAttributes(),
+                            info->GetPort(), info->GetProviderFlags(),
+                            info->GetProviderTlsFlags());
+    nsCOMPtr<nsIRunnable> selectClientAuthCertificate(
+        new SelectClientAuthCertificate(
+            std::move(authInfo), std::move(serverCert), std::move(caNames),
+            std::move(potentialClientCertificates), continuation));
+    info->SetPendingSelectClientAuthCertificate(
+        std::move(selectClientAuthCertificate));
+  }
+
+  // Meanwhile, tell NSS this connection is blocking for now.
+  PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+  return SECWouldBlock;
+}
+
+using mozilla::ipc::AssertIsOnBackgroundThread;
+using mozilla::ipc::IsOnBackgroundThread;
+
+// Helper continuation for when a client authentication certificate has been
+// selected in the parent process and the information needs to be sent to the
+// socket process.
+class RemoteClientAuthCertificateSelected
+    : public ClientAuthCertificateSelectedBase {
+ public:
+  explicit RemoteClientAuthCertificateSelected(
+      SelectTLSClientAuthCertParent* selectTLSClientAuthCertParent)
+      : mSelectTLSClientAuthCertParent(selectTLSClientAuthCertParent),
+        mEventTarget(NS_GetCurrentThread()) {}
+
+  NS_IMETHOD Run() override;
+
+ private:
+  RefPtr<SelectTLSClientAuthCertParent> mSelectTLSClientAuthCertParent;
+  nsCOMPtr<nsIEventTarget> mEventTarget;
+};
+
+NS_IMETHODIMP
+RemoteClientAuthCertificateSelected::Run() {
+  // When this runs, it dispatches an event to the IPC thread it originally came
+  // from in order to send the IPC call to the socket process that a client
+  // authentication certificate has been selected.
+  return mEventTarget->Dispatch(
+      NS_NewRunnableFunction(
+          "psm::RemoteClientAuthCertificateSelected::Run",
+          [parent(mSelectTLSClientAuthCertParent),
+           certBytes(std::move(mSelectedCertBytes)),
+           builtCertChain(std::move(mSelectedCertChainBytes))]() mutable {
+            parent->TLSClientAuthCertSelected(certBytes,
+                                              std::move(builtCertChain));
+          }),
+      NS_DISPATCH_NORMAL);
+}
+
+namespace mozilla::psm {
+
+// Given some information from the socket process about a connection that
+// requested a client authentication certificate, this function dispatches an
+// event to the main thread to ask the user to select one. When the user does so
+// (or selects no certificate), the continuation runs and sends the information
+// back via IPC.
+bool SelectTLSClientAuthCertParent::Dispatch(
+    const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
+    const int32_t& aPort, const uint32_t& aProviderFlags,
+    const uint32_t& aProviderTlsFlags, const ByteArray& aServerCertBytes,
+    nsTArray<ByteArray>&& aCANames) {
+  RefPtr<ClientAuthCertificateSelectedBase> continuation(
+      new RemoteClientAuthCertificateSelected(this));
+  ClientAuthInfo authInfo(aHostName, aOriginAttributes, aPort, aProviderFlags,
+                          aProviderTlsFlags);
+  nsCOMPtr<nsIEventTarget> socketThread =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID);
+  if (NS_WARN_IF(!socketThread)) {
+    return false;
+  }
+  // Dispatch the work of instantiating a CERTCertificate and searching for
+  // client certificates to the socket thread.
+  nsresult rv = socketThread->Dispatch(NS_NewRunnableFunction(
+      "SelectTLSClientAuthCertParent::Dispatch",
+      [authInfo(std::move(authInfo)), continuation(std::move(continuation)),
+       serverCertBytes(aServerCertBytes),
+       caNames(std::move(aCANames))]() mutable {
+        SECItem serverCertItem{
+            siBuffer,
+            const_cast<uint8_t*>(serverCertBytes.data().Elements()),
+            static_cast<unsigned int>(serverCertBytes.data().Length()),
+        };
+        UniqueCERTCertificate serverCert(CERT_NewTempCertificate(
+            CERT_GetDefaultCertDB(), &serverCertItem, nullptr, false, true));
+        if (!serverCert) {
+          return;
+        }
+        nsTArray<nsTArray<uint8_t>> caNamesArray;
+        for (auto& caName : caNames) {
+          caNamesArray.AppendElement(std::move(caName.data()));
+        }
+        UniqueCERTCertList potentialClientCertificates(
+            FindClientCertificatesWithPrivateKeys());
+        RefPtr<SelectClientAuthCertificate> selectClientAuthCertificate(
+            new SelectClientAuthCertificate(
+                std::move(authInfo), std::move(serverCert),
+                std::move(caNamesArray), std::move(potentialClientCertificates),
+                continuation));
+        Unused << NS_DispatchToMainThread(selectClientAuthCertificate);
+      }));
+  return NS_SUCCEEDED(rv);
+}
+
+void SelectTLSClientAuthCertParent::TLSClientAuthCertSelected(
+    const nsTArray<uint8_t>& aSelectedCertBytes,
+    nsTArray<nsTArray<uint8_t>>&& aSelectedCertChainBytes) {
+  AssertIsOnBackgroundThread();
+
+  if (!CanSend()) {
+    return;
+  }
+
+  nsTArray<ByteArray> selectedCertChainBytes;
+  for (auto& certBytes : aSelectedCertChainBytes) {
+    selectedCertChainBytes.AppendElement(ByteArray(certBytes));
+  }
+
+  Unused << SendTLSClientAuthCertSelected(aSelectedCertBytes,
+                                          selectedCertChainBytes);
+  Unused << Send__delete__(this);
+}
+
+void SelectTLSClientAuthCertParent::ActorDestroy(
+    mozilla::ipc::IProtocol::ActorDestroyReason aWhy) {}
+
+SelectTLSClientAuthCertChild::SelectTLSClientAuthCertChild(
+    ClientAuthCertificateSelected* continuation)
+    : mContinuation(continuation) {}
+
+// When the user has selected (or not) a client authentication certificate in
+// the parent, this function receives that information in the socket process and
+// dispatches a continuation to the socket process to continue the connection.
+ipc::IPCResult SelectTLSClientAuthCertChild::RecvTLSClientAuthCertSelected(
+    ByteArray&& aSelectedCertBytes,
+    nsTArray<ByteArray>&& aSelectedCertChainBytes) {
+  nsTArray<uint8_t> selectedCertBytes(std::move(aSelectedCertBytes.data()));
+  nsTArray<nsTArray<uint8_t>> selectedCertChainBytes;
+  for (auto& certBytes : aSelectedCertChainBytes) {
+    selectedCertChainBytes.AppendElement(std::move(certBytes.data()));
+  }
+  mContinuation->SetSelectedClientAuthData(std::move(selectedCertBytes),
+                                           std::move(selectedCertChainBytes));
+
+  nsCOMPtr<nsIEventTarget> socketThread =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID);
+  if (NS_WARN_IF(!socketThread)) {
+    return IPC_OK();
+  }
+  nsresult rv = socketThread->Dispatch(mContinuation, NS_DISPATCH_NORMAL);
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+
+  return IPC_OK();
+}
+
+}  // namespace mozilla::psm
diff --git a/security/manager/ssl/TLSClientAuthCertSelection.h b/security/manager/ssl/TLSClientAuthCertSelection.h
new file mode 100644
index 0000000000..c1e90fc775
--- /dev/null
+++ b/security/manager/ssl/TLSClientAuthCertSelection.h
@@ -0,0 +1,120 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SECURITY_MANAGER_SSL_TLSCLIENTAUTHCERTSELECTION_H_
+#define SECURITY_MANAGER_SSL_TLSCLIENTAUTHCERTSELECTION_H_
+
+#include "NSSSocketControl.h"
+#include "nsIX509Cert.h"
+#include "nsNSSIOLayer.h"
+#include "nsThreadUtils.h"
+#include "ssl.h"
+
+class NSSSocketControl;
+
+// NSS callback to select a client authentication certificate. See documentation
+// at the top of TLSClientAuthCertSelection.cpp.
+SECStatus SSLGetClientAuthDataHook(void* arg, PRFileDesc* socket,
+                                   CERTDistNames* caNames,
+                                   CERTCertificate** pRetCert,
+                                   SECKEYPrivateKey** pRetKey);
+
+// Base class for continuing the operation of selecting a client authentication
+// certificate. Should not be used directly.
+class ClientAuthCertificateSelectedBase : public mozilla::Runnable {
+ public:
+  ClientAuthCertificateSelectedBase()
+      : Runnable("ClientAuthCertificateSelectedBase") {}
+
+  // Call to indicate that a client authentication certificate has been
+  // selected.
+  void SetSelectedClientAuthData(
+      nsTArray<uint8_t>&& selectedCertBytes,
+      nsTArray<nsTArray<uint8_t>>&& selectedCertChainBytes);
+
+ protected:
+  nsTArray<uint8_t> mSelectedCertBytes;
+  // The bytes of the certificates that form a chain from the selected
+  // certificate to a root. Necessary so NSS can include them in the TLS
+  // handshake (see note about mClientCertChain in NSSSocketControl).
+  nsTArray<nsTArray<uint8_t>> mSelectedCertChainBytes;
+};
+
+class ClientAuthCertificateSelected : public ClientAuthCertificateSelectedBase {
+ public:
+  explicit ClientAuthCertificateSelected(NSSSocketControl* socketInfo)
+      : mSocketInfo(socketInfo) {}
+
+  NS_IMETHOD Run() override;
+
+ private:
+  RefPtr<NSSSocketControl> mSocketInfo;
+};
+
+// This class is used to store the needed information for invoking the client
+// cert selection UI.
+class ClientAuthInfo final {
+ public:
+  explicit ClientAuthInfo(const nsACString& hostName,
+                          const mozilla::OriginAttributes& originAttributes,
+                          int32_t port, uint32_t providerFlags,
+                          uint32_t providerTlsFlags);
+  ~ClientAuthInfo() = default;
+  ClientAuthInfo(ClientAuthInfo&& aOther) noexcept;
+
+  const nsACString& HostName() const;
+  const mozilla::OriginAttributes& OriginAttributesRef() const;
+  int32_t Port() const;
+  uint32_t ProviderFlags() const;
+  uint32_t ProviderTlsFlags() const;
+
+  ClientAuthInfo(const ClientAuthInfo&) = delete;
+  void operator=(const ClientAuthInfo&) = delete;
+
+ private:
+  nsCString mHostName;
+  mozilla::OriginAttributes mOriginAttributes;
+  int32_t mPort;
+  uint32_t mProviderFlags;
+  uint32_t mProviderTlsFlags;
+};
+
+// Helper runnable to select a client authentication certificate. Gets created
+// on the socket thread or an IPC thread, runs on the main thread, and then runs
+// its continuation on the socket thread.
+class SelectClientAuthCertificate : public mozilla::Runnable {
+ public:
+  SelectClientAuthCertificate(
+      ClientAuthInfo&& info, mozilla::UniqueCERTCertificate&& serverCert,
+      nsTArray<nsTArray<uint8_t>>&& caNames,
+      mozilla::UniqueCERTCertList&& potentialClientCertificates,
+      ClientAuthCertificateSelectedBase* continuation)
+      : Runnable("SelectClientAuthCertificate"),
+        mInfo(std::move(info)),
+        mServerCert(std::move(serverCert)),
+        mCANames(std::move(caNames)),
+        mPotentialClientCertificates(std::move(potentialClientCertificates)),
+        mContinuation(continuation) {}
+
+  NS_IMETHOD Run() override;
+
+ private:
+  mozilla::pkix::Result BuildChainForCertificate(
+      nsTArray<uint8_t>& certBytes,
+      nsTArray<nsTArray<uint8_t>>& certChainBytes);
+  void DoSelectClientAuthCertificate();
+
+  ClientAuthInfo mInfo;
+  mozilla::UniqueCERTCertificate mServerCert;
+  nsTArray<nsTArray<uint8_t>> mCANames;
+  mozilla::UniqueCERTCertList mPotentialClientCertificates;
+  RefPtr<ClientAuthCertificateSelectedBase> mContinuation;
+
+  nsTArray<nsTArray<uint8_t>> mEnterpriseCertificates;
+  nsTArray<uint8_t> mSelectedCertBytes;
+};
+
+#endif  // SECURITY_MANAGER_SSL_TLSCLIENTAUTHCERTSELECTION_H_
diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
new file mode 100644
index 0000000000..2bc39157e7
--- /dev/null
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -0,0 +1,1131 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "TransportSecurityInfo.h"
+
+#include "ipc/IPCMessageUtils.h"
+#include "mozilla/Base64.h"
+#include "mozpkix/pkixtypes.h"
+#include "nsBase64Encoder.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsIWebProgressListener.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsReadableUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "nsStringStream.h"
+#include "nsXULAppAPI.h"
+#include "nsIX509Cert.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#include "mozilla/ipc/IPDLParamTraits.h"
+
+// nsITransportSecurityInfo should not be created via do_CreateInstance. This
+// stub prevents that.
+template <>
+already_AddRefed<nsISupports>
+mozCreateComponent<mozilla::psm::TransportSecurityInfo>() {
+  return nullptr;
+}
+
+namespace mozilla {
+namespace psm {
+
+TransportSecurityInfo::TransportSecurityInfo(
+    uint32_t aSecurityState, PRErrorCode aErrorCode,
+    nsTArray<RefPtr<nsIX509Cert>>&& aFailedCertChain,
+    nsCOMPtr<nsIX509Cert>& aServerCert,
+    nsTArray<RefPtr<nsIX509Cert>>&& aSucceededCertChain,
+    Maybe<uint16_t> aCipherSuite, Maybe<nsCString> aKeaGroupName,
+    Maybe<nsCString> aSignatureSchemeName, Maybe<uint16_t> aProtocolVersion,
+    uint16_t aCertificateTransparencyStatus, Maybe<bool> aIsAcceptedEch,
+    Maybe<bool> aIsDelegatedCredential,
+    Maybe<OverridableErrorCategory> aOverridableErrorCategory,
+    bool aMadeOCSPRequests, bool aUsedPrivateDNS, Maybe<bool> aIsEV,
+    bool aNPNCompleted, const nsCString& aNegotiatedNPN, bool aResumed,
+    bool aIsBuiltCertChainRootBuiltInRoot, const nsCString& aPeerId)
+    : mSecurityState(aSecurityState),
+      mErrorCode(aErrorCode),
+      mFailedCertChain(std::move(aFailedCertChain)),
+      mServerCert(aServerCert),
+      mSucceededCertChain(std::move(aSucceededCertChain)),
+      mCipherSuite(aCipherSuite),
+      mKeaGroupName(aKeaGroupName),
+      mSignatureSchemeName(aSignatureSchemeName),
+      mProtocolVersion(aProtocolVersion),
+      mCertificateTransparencyStatus(aCertificateTransparencyStatus),
+      mIsAcceptedEch(aIsAcceptedEch),
+      mIsDelegatedCredential(aIsDelegatedCredential),
+      mOverridableErrorCategory(aOverridableErrorCategory),
+      mMadeOCSPRequests(aMadeOCSPRequests),
+      mUsedPrivateDNS(aUsedPrivateDNS),
+      mIsEV(aIsEV),
+      mNPNCompleted(aNPNCompleted),
+      mNegotiatedNPN(aNegotiatedNPN),
+      mResumed(aResumed),
+      mIsBuiltCertChainRootBuiltInRoot(aIsBuiltCertChainRootBuiltInRoot),
+      mPeerId(aPeerId) {}
+
+NS_IMPL_ISUPPORTS(TransportSecurityInfo, nsITransportSecurityInfo)
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetSecurityState(uint32_t* state) {
+  *state = mSecurityState;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetErrorCode(int32_t* state) {
+  *state = mErrorCode;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetErrorCodeString(nsAString& aErrorString) {
+  const char* codeName = PR_ErrorToName(mErrorCode);
+  aErrorString.Truncate();
+  if (codeName) {
+    aErrorString = NS_ConvertASCIItoUTF16(codeName);
+  }
+
+  return NS_OK;
+}
+
+// 16786594-0296-4471-8096-8f84497ca428
+#define TRANSPORTSECURITYINFO_CID                    \
+  {                                                  \
+    0x16786594, 0x0296, 0x4471, {                    \
+      0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 \
+    }                                                \
+  }
+static NS_DEFINE_CID(kTransportSecurityInfoCID, TRANSPORTSECURITYINFO_CID);
+
+// This is a new magic value. However, it re-uses the first 4 bytes
+// of the previous value. This is so when older versions attempt to
+// read a newer serialized TransportSecurityInfo, they will actually
+// fail and return NS_ERROR_FAILURE instead of silently failing.
+#define TRANSPORTSECURITYINFOMAGIC                   \
+  {                                                  \
+    0xa9863a23, 0x1faa, 0x4169, {                    \
+      0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde \
+    }                                                \
+  }
+static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC);
+
+NS_IMETHODIMP
+TransportSecurityInfo::ToString(nsACString& aResult) {
+  RefPtr<nsBase64Encoder> stream(new nsBase64Encoder());
+  nsCOMPtr<nsIObjectOutputStream> objStream(NS_NewObjectOutputStream(stream));
+  nsresult rv = objStream->WriteID(kTransportSecurityInfoCID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = objStream->WriteID(NS_ISUPPORTS_IID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteID(kTransportSecurityInfoMagic);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->Write32(mSecurityState);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // mSubRequestsBrokenSecurity was removed in bug 748809
+  rv = objStream->Write32(0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // mSubRequestsNoSecurity was removed in bug 748809
+  rv = objStream->Write32(0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = objStream->Write32(static_cast<uint32_t>(mErrorCode));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Re-purpose mErrorMessageCached to represent serialization version
+  // If string doesn't match exact version it will be treated as older
+  // serialization.
+  rv = objStream->WriteWStringZ(NS_ConvertUTF8toUTF16("9").get());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // moved from nsISSLStatus
+  rv = NS_WriteOptionalCompoundObject(objStream, mServerCert,
+                                      NS_GET_IID(nsIX509Cert), true);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->Write16(mCipherSuite.isSome() ? *mCipherSuite : 0);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->Write16(mProtocolVersion.isSome() ? *mProtocolVersion : 0);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->Write32(mOverridableErrorCategory.isSome()
+                              ? *mOverridableErrorCategory
+                              : OverridableErrorCategory::ERROR_UNSET);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = objStream->WriteBoolean(mIsEV.isSome() ? *mIsEV : false);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->WriteBoolean(mIsEV.isSome());  // previously mHasIsEV
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = objStream->WriteBoolean(
+      mCipherSuite.isSome());  // previously mHaveCipherSuiteAndProtocol
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = objStream->WriteBoolean(
+      mOverridableErrorCategory.isSome());  // previously mHaveCertErrorBits
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->Write16(mCertificateTransparencyStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->WriteStringZ(mKeaGroupName.isSome() ? (*mKeaGroupName).get()
+                                                      : "");
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->WriteStringZ(
+      mSignatureSchemeName.isSome() ? (*mSignatureSchemeName).get() : "");
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = objStream->Write16(mSucceededCertChain.Length());
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  for (const auto& cert : mSucceededCertChain) {
+    rv = objStream->WriteCompoundObject(cert, NS_GET_IID(nsIX509Cert), true);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+  // END moved from nsISSLStatus
+  rv = objStream->Write16(mFailedCertChain.Length());
+  NS_ENSURE_SUCCESS(rv, rv);
+  for (const auto& cert : mFailedCertChain) {
+    rv = objStream->WriteCompoundObject(cert, NS_GET_IID(nsIX509Cert), true);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  rv = objStream->WriteBoolean(
+      mIsDelegatedCredential.isSome() ? *mIsDelegatedCredential : false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteBoolean(mNPNCompleted);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteStringZ(mNegotiatedNPN.get());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteBoolean(mResumed);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteBoolean(mIsBuiltCertChainRootBuiltInRoot);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteBoolean(mIsAcceptedEch.isSome() ? *mIsAcceptedEch
+                                                       : false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteStringZ(mPeerId.get());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteBoolean(mMadeOCSPRequests);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = objStream->WriteBoolean(mUsedPrivateDNS);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = stream->Finish(aResult);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult TransportSecurityInfo::ReadOldOverridableErrorBits(
+    nsIObjectInputStream* aStream,
+    OverridableErrorCategory& aOverridableErrorCategory) {
+  bool isDomainMismatch;
+  nsresult rv = aStream->ReadBoolean(&isDomainMismatch);
+  NS_ENSURE_SUCCESS(rv, rv);
+  bool isNotValidAtThisTime;
+  rv = aStream->ReadBoolean(&isNotValidAtThisTime);
+  NS_ENSURE_SUCCESS(rv, rv);
+  bool isUntrusted;
+  rv = aStream->ReadBoolean(&isUntrusted);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (isUntrusted) {
+    aOverridableErrorCategory =
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TRUST;
+  } else if (isDomainMismatch) {
+    aOverridableErrorCategory =
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_DOMAIN;
+  } else if (isNotValidAtThisTime) {
+    aOverridableErrorCategory =
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TIME;
+  } else {
+    aOverridableErrorCategory =
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
+  }
+
+  return NS_OK;
+}
+
+// This is for backward compatibility to be able to read nsISSLStatus
+// serialized object.
+nsresult TransportSecurityInfo::ReadSSLStatus(
+    nsIObjectInputStream* aStream, nsCOMPtr<nsIX509Cert>& aServerCert,
+    Maybe<uint16_t>& aCipherSuite, Maybe<uint16_t>& aProtocolVersion,
+    Maybe<OverridableErrorCategory>& aOverridableErrorCategory,
+    Maybe<bool>& aIsEV, uint16_t& aCertificateTransparencyStatus,
+    Maybe<nsCString>& aKeaGroupName, Maybe<nsCString>& aSignatureSchemeName,
+    nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain) {
+  bool nsISSLStatusPresent;
+  nsresult rv = aStream->ReadBoolean(&nsISSLStatusPresent);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (!nsISSLStatusPresent) {
+    return NS_OK;
+  }
+  // nsISSLStatus present.  Prepare to read elements.
+  // Throw away cid, validate iid
+  nsCID cid;
+  nsIID iid;
+  rv = aStream->ReadID(&cid);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadID(&iid);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  static const nsIID nsSSLStatusIID = {
+      0xfa9ba95b,
+      0xca3b,
+      0x498a,
+      {0xb8, 0x89, 0x7c, 0x79, 0xcf, 0x28, 0xfe, 0xe8}};
+  if (!iid.Equals(nsSSLStatusIID)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  nsCOMPtr<nsISupports> cert;
+  rv = aStream->ReadObject(true, getter_AddRefs(cert));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  if (cert) {
+    aServerCert = do_QueryInterface(cert);
+    if (!aServerCert) {
+      return NS_NOINTERFACE;
+    }
+  }
+
+  uint16_t cipherSuite;
+  rv = aStream->Read16(&cipherSuite);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // The code below is a workaround to allow serializing new fields
+  // while preserving binary compatibility with older streams. For more details
+  // on the binary compatibility requirement, refer to bug 1248628.
+  // Here, we take advantage of the fact that mProtocolVersion was originally
+  // stored as a 16 bits integer, but the highest 8 bits were never used.
+  // These bits are now used for stream versioning.
+  uint16_t protocolVersionAndStreamFormatVersion;
+  rv = aStream->Read16(&protocolVersionAndStreamFormatVersion);
+  NS_ENSURE_SUCCESS(rv, rv);
+  const uint8_t streamFormatVersion =
+      (protocolVersionAndStreamFormatVersion >> 8) & 0xFF;
+
+  OverridableErrorCategory overridableErrorCategory;
+  rv = ReadOldOverridableErrorBits(aStream, overridableErrorCategory);
+  NS_ENSURE_SUCCESS(rv, rv);
+  bool isEV;
+  rv = aStream->ReadBoolean(&isEV);
+  NS_ENSURE_SUCCESS(rv, rv);
+  bool hasIsEVStatus;
+  rv = aStream->ReadBoolean(&hasIsEVStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (hasIsEVStatus) {
+    aIsEV.emplace(isEV);
+  }
+  bool haveCipherSuiteAndProtocol;
+  rv = aStream->ReadBoolean(&haveCipherSuiteAndProtocol);
+  if (haveCipherSuiteAndProtocol) {
+    aCipherSuite.emplace(cipherSuite);
+    aProtocolVersion.emplace(protocolVersionAndStreamFormatVersion & 0xFF);
+  }
+  NS_ENSURE_SUCCESS(rv, rv);
+  bool haveCertErrorBits;
+  rv = aStream->ReadBoolean(&haveCertErrorBits);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (haveCertErrorBits) {
+    aOverridableErrorCategory.emplace(overridableErrorCategory);
+  }
+
+  // Added in version 1 (see bug 1305289).
+  if (streamFormatVersion >= 1) {
+    rv = aStream->Read16(&aCertificateTransparencyStatus);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  // Added in version 2 (see bug 1304923).
+  if (streamFormatVersion >= 2) {
+    nsCString keaGroupName;
+    rv = aStream->ReadCString(keaGroupName);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (haveCipherSuiteAndProtocol) {
+      aKeaGroupName.emplace(keaGroupName);
+    }
+
+    nsCString signatureSchemeName;
+    rv = aStream->ReadCString(signatureSchemeName);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (haveCipherSuiteAndProtocol) {
+      aSignatureSchemeName.emplace(signatureSchemeName);
+    }
+  }
+
+  // Added in version 3 (see bug 1406856).
+  if (streamFormatVersion >= 3) {
+    rv = ReadCertList(aStream, aSucceededCertChain);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Read only to consume bytes from the stream.
+    nsTArray<RefPtr<nsIX509Cert>> failedCertChain;
+    rv = ReadCertList(aStream, failedCertChain);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+  return rv;
+}
+
+// This is for backward compatability to be able to read nsIX509CertList
+// serialized object.
+nsresult TransportSecurityInfo::ReadCertList(
+    nsIObjectInputStream* aStream, nsTArray<RefPtr<nsIX509Cert>>& aCertList) {
+  bool nsIX509CertListPresent;
+
+  nsresult rv = aStream->ReadBoolean(&nsIX509CertListPresent);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (!nsIX509CertListPresent) {
+    return NS_OK;
+  }
+  // nsIX509CertList present.  Prepare to read elements.
+  // Throw away cid, validate iid
+  nsCID cid;
+  nsIID iid;
+  rv = aStream->ReadID(&cid);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadID(&iid);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  static const nsIID nsIX509CertListIID = {
+      0xae74cda5,
+      0xcd2f,
+      0x473f,
+      {0x96, 0xf5, 0xf0, 0xb7, 0xff, 0xf6, 0x2c, 0x68}};
+
+  if (!iid.Equals(nsIX509CertListIID)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  uint32_t certListSize;
+  rv = aStream->Read32(&certListSize);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return ReadCertificatesFromStream(aStream, certListSize, aCertList);
+}
+
+nsresult TransportSecurityInfo::ReadCertificatesFromStream(
+    nsIObjectInputStream* aStream, uint32_t aSize,
+    nsTArray<RefPtr<nsIX509Cert>>& aCertList) {
+  nsresult rv;
+  for (uint32_t i = 0; i < aSize; ++i) {
+    nsCOMPtr<nsISupports> support;
+    rv = aStream->ReadObject(true, getter_AddRefs(support));
+    NS_ENSURE_SUCCESS(rv, rv);
+    nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(support);
+    if (!cert) {
+      return NS_ERROR_UNEXPECTED;
+    }
+    RefPtr<nsIX509Cert> castedCert(cert.get());
+    aCertList.AppendElement(castedCert);
+  }
+  return NS_OK;
+}
+
+static nsITransportSecurityInfo::OverridableErrorCategory
+IntToOverridableErrorCategory(uint32_t intVal) {
+  switch (intVal) {
+    case static_cast<uint32_t>(
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TRUST):
+      return nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TRUST;
+    case static_cast<uint32_t>(
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_DOMAIN):
+      return nsITransportSecurityInfo::OverridableErrorCategory::ERROR_DOMAIN;
+    case static_cast<uint32_t>(
+        nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TIME):
+      return nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TIME;
+    default:
+      break;
+  }
+  return nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
+}
+
+nsresult TransportSecurityInfo::Read(const nsCString& aSerializedSecurityInfo,
+                                     nsITransportSecurityInfo** aResult) {
+  *aResult = nullptr;
+
+  nsCString decodedSecurityInfo;
+  nsresult rv = Base64Decode(aSerializedSecurityInfo, decodedSecurityInfo);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsCOMPtr<nsIInputStream> inputStream;
+  rv = NS_NewCStringInputStream(getter_AddRefs(inputStream),
+                                std::move(decodedSecurityInfo));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsCOMPtr<nsIObjectInputStream> objStream(
+      NS_NewObjectInputStream(inputStream));
+  if (!objStream) {
+    return rv;
+  }
+
+  nsCID cid;
+  rv = objStream->ReadID(&cid);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!cid.Equals(kTransportSecurityInfoCID)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  nsIID iid;
+  rv = objStream->ReadID(&iid);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!iid.Equals(NS_ISUPPORTS_IID)) {
+    return rv;
+  }
+
+  nsID id;
+  rv = objStream->ReadID(&id);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!id.Equals(kTransportSecurityInfoMagic)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  uint32_t aSecurityState = 0;
+  PRErrorCode aErrorCode = 0;
+  nsTArray<RefPtr<nsIX509Cert>> aFailedCertChain;
+  nsCOMPtr<nsIX509Cert> aServerCert;
+  nsTArray<RefPtr<nsIX509Cert>> aSucceededCertChain;
+  Maybe<uint16_t> aCipherSuite;
+  Maybe<nsCString> aKeaGroupName;
+  Maybe<nsCString> aSignatureSchemeName;
+  Maybe<uint16_t> aProtocolVersion;
+  uint16_t aCertificateTransparencyStatus;
+  Maybe<bool> aIsAcceptedEch;
+  Maybe<bool> aIsDelegatedCredential;
+  Maybe<OverridableErrorCategory> aOverridableErrorCategory;
+  bool aMadeOCSPRequests = false;
+  bool aUsedPrivateDNS = false;
+  Maybe<bool> aIsEV;
+  bool aNPNCompleted = false;
+  nsCString aNegotiatedNPN;
+  bool aResumed = false;
+  bool aIsBuiltCertChainRootBuiltInRoot = false;
+  nsCString aPeerId;
+  rv = objStream->Read32(&aSecurityState);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // mSubRequestsBrokenSecurity was removed in bug 748809
+  uint32_t unusedSubRequestsBrokenSecurity;
+  rv = objStream->Read32(&unusedSubRequestsBrokenSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // mSubRequestsNoSecurity was removed in bug 748809
+  uint32_t unusedSubRequestsNoSecurity;
+  rv = objStream->Read32(&unusedSubRequestsNoSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  uint32_t errorCode;
+  rv = objStream->Read32(&errorCode);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // PRErrorCode will be a negative value
+  aErrorCode = static_cast<PRErrorCode>(errorCode);
+
+  // Re-purpose mErrorMessageCached to represent serialization version
+  // If string doesn't match exact version it will be treated as older
+  // serialization.
+  nsAutoString serVersion;
+  rv = objStream->ReadString(serVersion);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  int32_t serVersionParsedToInt = 0;
+
+  if (!serVersion.IsEmpty()) {
+    char first = serVersion.First();
+    // Check whether the first character of serVersion is a number
+    // since ToInteger() skipps some non integer values.
+    if (first >= '0' && first <= '9') {
+      nsresult error = NS_OK;
+      serVersionParsedToInt = serVersion.ToInteger(&error);
+      if (NS_FAILED(error)) {
+        return error;
+      }
+    }
+  }
+
+  // moved from nsISSLStatus
+  if (serVersionParsedToInt < 1) {
+    // nsISSLStatus may be present
+    rv = ReadSSLStatus(objStream, aServerCert, aCipherSuite, aProtocolVersion,
+                       aOverridableErrorCategory, aIsEV,
+                       aCertificateTransparencyStatus, aKeaGroupName,
+                       aSignatureSchemeName, aSucceededCertChain);
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else {
+    nsCOMPtr<nsISupports> cert;
+    rv = NS_ReadOptionalObject(objStream, true, getter_AddRefs(cert));
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (cert) {
+      aServerCert = do_QueryInterface(cert);
+      if (!aServerCert) {
+        return NS_NOINTERFACE;
+      }
+    }
+
+    uint16_t cipherSuite;
+    rv = objStream->Read16(&cipherSuite);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    uint16_t protocolVersion;
+    rv = objStream->Read16(&protocolVersion);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    OverridableErrorCategory overridableErrorCategory;
+    if (serVersionParsedToInt < 8) {
+      rv = ReadOldOverridableErrorBits(objStream, overridableErrorCategory);
+      NS_ENSURE_SUCCESS(rv, rv);
+    } else {
+      uint32_t overridableErrorCategoryInt;
+      rv = objStream->Read32(&overridableErrorCategoryInt);
+      NS_ENSURE_SUCCESS(rv, rv);
+      overridableErrorCategory =
+          IntToOverridableErrorCategory(overridableErrorCategoryInt);
+    }
+    bool isEV;
+    rv = objStream->ReadBoolean(&isEV);
+    NS_ENSURE_SUCCESS(rv, rv);
+    bool hasIsEVStatus;
+    rv = objStream->ReadBoolean(&hasIsEVStatus);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (hasIsEVStatus) {
+      aIsEV.emplace(isEV);
+    }
+    bool haveCipherSuiteAndProtocol;
+    rv = objStream->ReadBoolean(&haveCipherSuiteAndProtocol);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (haveCipherSuiteAndProtocol) {
+      aCipherSuite.emplace(cipherSuite);
+      aProtocolVersion.emplace(protocolVersion);
+    }
+    bool haveCertErrorBits;
+    rv = objStream->ReadBoolean(&haveCertErrorBits);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (haveCertErrorBits) {
+      aOverridableErrorCategory.emplace(overridableErrorCategory);
+    }
+
+    rv = objStream->Read16(&aCertificateTransparencyStatus);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    nsCString keaGroupName;
+    rv = objStream->ReadCString(keaGroupName);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (haveCipherSuiteAndProtocol) {
+      aKeaGroupName.emplace(keaGroupName);
+    }
+
+    nsCString signatureSchemeName;
+    rv = objStream->ReadCString(signatureSchemeName);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (haveCipherSuiteAndProtocol) {
+      aSignatureSchemeName.emplace(signatureSchemeName);
+    }
+
+    if (serVersionParsedToInt < 3) {
+      // The old data structure of certList(nsIX509CertList) presents
+      rv = ReadCertList(objStream, aSucceededCertChain);
+      NS_ENSURE_SUCCESS(rv, rv);
+    } else {
+      uint16_t certCount;
+      rv = objStream->Read16(&certCount);
+      NS_ENSURE_SUCCESS(rv, rv);
+
+      rv =
+          ReadCertificatesFromStream(objStream, certCount, aSucceededCertChain);
+      NS_ENSURE_SUCCESS(rv, rv);
+    }
+  }
+  // END moved from nsISSLStatus
+  if (serVersionParsedToInt < 3) {
+    // The old data structure of certList(nsIX509CertList) presents
+    rv = ReadCertList(objStream, aFailedCertChain);
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else {
+    uint16_t certCount;
+    rv = objStream->Read16(&certCount);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    rv = ReadCertificatesFromStream(objStream, certCount, aFailedCertChain);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  // mIsDelegatedCredential added in bug 1562773
+  if (serVersionParsedToInt >= 2) {
+    bool isDelegatedCredential;
+    rv = objStream->ReadBoolean(&isDelegatedCredential);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // If aCipherSuite is Some, the serialized TransportSecurityinfo had its
+    // cipher suite and protocol information, which means it has this
+    // information.
+    if (aCipherSuite.isSome()) {
+      aIsDelegatedCredential.emplace(isDelegatedCredential);
+    }
+  }
+
+  // mNPNCompleted, mNegotiatedNPN, mResumed added in bug 1584104
+  if (serVersionParsedToInt >= 4) {
+    rv = objStream->ReadBoolean(&aNPNCompleted);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = objStream->ReadCString(aNegotiatedNPN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = objStream->ReadBoolean(&aResumed);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  // mIsBuiltCertChainRootBuiltInRoot added in bug 1485652
+  if (serVersionParsedToInt >= 5) {
+    rv = objStream->ReadBoolean(&aIsBuiltCertChainRootBuiltInRoot);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  // mIsAcceptedEch added in bug 1678079
+  if (serVersionParsedToInt >= 6) {
+    bool isAcceptedEch;
+    rv = objStream->ReadBoolean(&isAcceptedEch);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // If aCipherSuite is Some, the serialized TransportSecurityinfo had its
+    // cipher suite and protocol information, which means it has this
+    // information.
+    if (aCipherSuite.isSome()) {
+      aIsAcceptedEch.emplace(isAcceptedEch);
+    }
+  }
+
+  // mPeerId added in bug 1738664
+  if (serVersionParsedToInt >= 7) {
+    rv = objStream->ReadCString(aPeerId);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  if (serVersionParsedToInt >= 9) {
+    rv = objStream->ReadBoolean(&aMadeOCSPRequests);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = objStream->ReadBoolean(&aUsedPrivateDNS);
+    if (NS_FAILED(rv)) {
+      return rv;
+    };
+  }
+
+  RefPtr<nsITransportSecurityInfo> securityInfo(new TransportSecurityInfo(
+      aSecurityState, aErrorCode, std::move(aFailedCertChain), aServerCert,
+      std::move(aSucceededCertChain), aCipherSuite, aKeaGroupName,
+      aSignatureSchemeName, aProtocolVersion, aCertificateTransparencyStatus,
+      aIsAcceptedEch, aIsDelegatedCredential, aOverridableErrorCategory,
+      aMadeOCSPRequests, aUsedPrivateDNS, aIsEV, aNPNCompleted, aNegotiatedNPN,
+      aResumed, aIsBuiltCertChainRootBuiltInRoot, aPeerId));
+  securityInfo.forget(aResult);
+  return NS_OK;
+}
+
+void TransportSecurityInfo::SerializeToIPC(IPC::MessageWriter* aWriter) {
+  WriteParam(aWriter, mSecurityState);
+  WriteParam(aWriter, mErrorCode);
+  WriteParam(aWriter, mFailedCertChain);
+  WriteParam(aWriter, mServerCert);
+  WriteParam(aWriter, mSucceededCertChain);
+  WriteParam(aWriter, mCipherSuite);
+  WriteParam(aWriter, mKeaGroupName);
+  WriteParam(aWriter, mSignatureSchemeName);
+  WriteParam(aWriter, mProtocolVersion);
+  WriteParam(aWriter, mCertificateTransparencyStatus);
+  WriteParam(aWriter, mIsAcceptedEch);
+  WriteParam(aWriter, mIsDelegatedCredential);
+  WriteParam(aWriter, mOverridableErrorCategory);
+  WriteParam(aWriter, mMadeOCSPRequests);
+  WriteParam(aWriter, mUsedPrivateDNS);
+  WriteParam(aWriter, mIsEV);
+  WriteParam(aWriter, mNPNCompleted);
+  WriteParam(aWriter, mNegotiatedNPN);
+  WriteParam(aWriter, mResumed);
+  WriteParam(aWriter, mIsBuiltCertChainRootBuiltInRoot);
+  WriteParam(aWriter, mPeerId);
+}
+
+bool TransportSecurityInfo::DeserializeFromIPC(
+    IPC::MessageReader* aReader, RefPtr<nsITransportSecurityInfo>* aResult) {
+  uint32_t aSecurityState;
+  PRErrorCode aErrorCode;
+  nsTArray<RefPtr<nsIX509Cert>> aFailedCertChain;
+  nsCOMPtr<nsIX509Cert> aServerCert;
+  nsTArray<RefPtr<nsIX509Cert>> aSucceededCertChain;
+  Maybe<uint16_t> aCipherSuite;
+  Maybe<nsCString> aKeaGroupName;
+  Maybe<nsCString> aSignatureSchemeName;
+  Maybe<uint16_t> aProtocolVersion;
+  uint16_t aCertificateTransparencyStatus;
+  Maybe<bool> aIsAcceptedEch;
+  Maybe<bool> aIsDelegatedCredential;
+  Maybe<OverridableErrorCategory> aOverridableErrorCategory;
+  bool aMadeOCSPRequests;
+  bool aUsedPrivateDNS;
+  Maybe<bool> aIsEV;
+  bool aNPNCompleted;
+  nsCString aNegotiatedNPN;
+  bool aResumed;
+  bool aIsBuiltCertChainRootBuiltInRoot;
+  nsCString aPeerId;
+
+  if (!ReadParam(aReader, &aSecurityState) ||
+      !ReadParam(aReader, &aErrorCode) ||
+      !ReadParam(aReader, &aFailedCertChain) ||
+      !ReadParam(aReader, &aServerCert) ||
+      !ReadParam(aReader, &aSucceededCertChain) ||
+      !ReadParam(aReader, &aCipherSuite) ||
+      !ReadParam(aReader, &aKeaGroupName) ||
+      !ReadParam(aReader, &aSignatureSchemeName) ||
+      !ReadParam(aReader, &aProtocolVersion) ||
+      !ReadParam(aReader, &aCertificateTransparencyStatus) ||
+      !ReadParam(aReader, &aIsAcceptedEch) ||
+      !ReadParam(aReader, &aIsDelegatedCredential) ||
+      !ReadParam(aReader, &aOverridableErrorCategory) ||
+      !ReadParam(aReader, &aMadeOCSPRequests) ||
+      !ReadParam(aReader, &aUsedPrivateDNS) || !ReadParam(aReader, &aIsEV) ||
+      !ReadParam(aReader, &aNPNCompleted) ||
+      !ReadParam(aReader, &aNegotiatedNPN) || !ReadParam(aReader, &aResumed) ||
+      !ReadParam(aReader, &aIsBuiltCertChainRootBuiltInRoot) ||
+      !ReadParam(aReader, &aPeerId)) {
+    return false;
+  }
+
+  RefPtr<nsITransportSecurityInfo> securityInfo(new TransportSecurityInfo(
+      aSecurityState, aErrorCode, std::move(aFailedCertChain), aServerCert,
+      std::move(aSucceededCertChain), aCipherSuite, aKeaGroupName,
+      aSignatureSchemeName, aProtocolVersion, aCertificateTransparencyStatus,
+      aIsAcceptedEch, aIsDelegatedCredential, aOverridableErrorCategory,
+      aMadeOCSPRequests, aUsedPrivateDNS, aIsEV, aNPNCompleted, aNegotiatedNPN,
+      aResumed, aIsBuiltCertChainRootBuiltInRoot, aPeerId));
+  *aResult = std::move(securityInfo);
+  return true;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetFailedCertChain(
+    nsTArray<RefPtr<nsIX509Cert>>& aFailedCertChain) {
+  MOZ_ASSERT(aFailedCertChain.IsEmpty());
+  if (!aFailedCertChain.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  aFailedCertChain.AppendElements(mFailedCertChain);
+  return NS_OK;
+}
+
+NS_IMETHODIMP TransportSecurityInfo::GetServerCert(nsIX509Cert** aServerCert) {
+  NS_ENSURE_ARG_POINTER(aServerCert);
+  nsCOMPtr<nsIX509Cert> cert = mServerCert;
+  cert.forget(aServerCert);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetSucceededCertChain(
+    nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain) {
+  MOZ_ASSERT(aSucceededCertChain.IsEmpty());
+  if (!aSucceededCertChain.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  aSucceededCertChain.AppendElements(mSucceededCertChain);
+  return NS_OK;
+}
+
+NS_IMETHODIMP TransportSecurityInfo::GetIsBuiltCertChainRootBuiltInRoot(
+    bool* aIsBuiltInRoot) {
+  NS_ENSURE_ARG_POINTER(aIsBuiltInRoot);
+  *aIsBuiltInRoot = mIsBuiltCertChainRootBuiltInRoot;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetCipherName(nsACString& aCipherName) {
+  if (mCipherSuite.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(*mCipherSuite, &cipherInfo, sizeof(cipherInfo)) !=
+      SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  aCipherName.Assign(cipherInfo.cipherSuiteName);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetKeyLength(uint32_t* aKeyLength) {
+  NS_ENSURE_ARG_POINTER(aKeyLength);
+
+  if (mCipherSuite.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(*mCipherSuite, &cipherInfo, sizeof(cipherInfo)) !=
+      SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aKeyLength = cipherInfo.symKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetSecretKeyLength(uint32_t* aSecretKeyLength) {
+  NS_ENSURE_ARG_POINTER(aSecretKeyLength);
+
+  if (mCipherSuite.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(*mCipherSuite, &cipherInfo, sizeof(cipherInfo)) !=
+      SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aSecretKeyLength = cipherInfo.effectiveKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetKeaGroupName(nsACString& aKeaGroupName) {
+  if (mKeaGroupName.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  aKeaGroupName.Assign(*mKeaGroupName);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetSignatureSchemeName(nsACString& aSignatureScheme) {
+  if (mSignatureSchemeName.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  aSignatureScheme.Assign(*mSignatureSchemeName);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetProtocolVersion(uint16_t* aProtocolVersion) {
+  if (mProtocolVersion.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  *aProtocolVersion = *mProtocolVersion;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetCertificateTransparencyStatus(
+    uint16_t* aCertificateTransparencyStatus) {
+  NS_ENSURE_ARG_POINTER(aCertificateTransparencyStatus);
+
+  *aCertificateTransparencyStatus = mCertificateTransparencyStatus;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetMadeOCSPRequests(bool* aMadeOCSPRequests) {
+  *aMadeOCSPRequests = mMadeOCSPRequests;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetUsedPrivateDNS(bool* aUsedPrivateDNS) {
+  *aUsedPrivateDNS = mUsedPrivateDNS;
+  return NS_OK;
+}
+
+// static
+uint16_t TransportSecurityInfo::ConvertCertificateTransparencyInfoToStatus(
+    const mozilla::psm::CertificateTransparencyInfo& info) {
+  using mozilla::ct::CTPolicyCompliance;
+
+  if (!info.enabled) {
+    // CT disabled.
+    return nsITransportSecurityInfo::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE;
+  }
+
+  switch (info.policyCompliance) {
+    case CTPolicyCompliance::Compliant:
+      return nsITransportSecurityInfo::
+          CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT;
+    case CTPolicyCompliance::NotEnoughScts:
+      return nsITransportSecurityInfo ::
+          CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS;
+    case CTPolicyCompliance::NotDiverseScts:
+      return nsITransportSecurityInfo ::
+          CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS;
+    case CTPolicyCompliance::Unknown:
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected CTPolicyCompliance type");
+  }
+
+  return nsITransportSecurityInfo::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetOverridableErrorCategory(
+    OverridableErrorCategory* aOverridableErrorCategory) {
+  NS_ENSURE_ARG_POINTER(aOverridableErrorCategory);
+
+  if (mOverridableErrorCategory.isSome()) {
+    *aOverridableErrorCategory = *mOverridableErrorCategory;
+  } else {
+    *aOverridableErrorCategory = OverridableErrorCategory::ERROR_UNSET;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetIsExtendedValidation(bool* aIsEV) {
+  NS_ENSURE_ARG_POINTER(aIsEV);
+
+  *aIsEV = false;
+  // Never allow bad certs for EV, regardless of overrides.
+  if (mOverridableErrorCategory.isSome()) {
+    return NS_OK;
+  }
+
+  if (!mIsEV.isSome()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aIsEV = *mIsEV;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetIsAcceptedEch(bool* aIsAcceptedEch) {
+  NS_ENSURE_ARG_POINTER(aIsAcceptedEch);
+
+  if (mIsAcceptedEch.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  *aIsAcceptedEch = *mIsAcceptedEch;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetIsDelegatedCredential(bool* aIsDelegatedCredential) {
+  NS_ENSURE_ARG_POINTER(aIsDelegatedCredential);
+
+  if (mIsDelegatedCredential.isNothing()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  *aIsDelegatedCredential = *mIsDelegatedCredential;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetNegotiatedNPN(nsACString& aNegotiatedNPN) {
+  if (!mNPNCompleted) {
+    return NS_ERROR_NOT_CONNECTED;
+  }
+
+  aNegotiatedNPN = mNegotiatedNPN;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetResumed(bool* aResumed) {
+  NS_ENSURE_ARG_POINTER(aResumed);
+  *aResumed = mResumed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetPeerId(nsACString& aResult) {
+  aResult.Assign(mPeerId);
+  return NS_OK;
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/TransportSecurityInfo.h b/security/manager/ssl/TransportSecurityInfo.h
new file mode 100644
index 0000000000..648e80b7e2
--- /dev/null
+++ b/security/manager/ssl/TransportSecurityInfo.h
@@ -0,0 +1,107 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef TransportSecurityInfo_h
+#define TransportSecurityInfo_h
+
+#include "CertVerifier.h"  // For CertificateTransparencyInfo, EVStatus
+#include "ScopedNSSTypes.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Components.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/ipc/TransportSecurityInfoUtils.h"
+#include "mozpkix/pkixtypes.h"
+#include "nsIObjectInputStream.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIX509Cert.h"
+#include "nsString.h"
+
+namespace mozilla {
+namespace psm {
+
+// TransportSecurityInfo implements nsITransportSecurityInfo, which is a
+// collection of attributes describing the outcome of a TLS handshake. It is
+// constant - once created, it cannot be modified.  It should probably not be
+// instantiated directly, but rather accessed via
+// nsITLSSocketControl.securityInfo.
+class TransportSecurityInfo : public nsITransportSecurityInfo {
+ public:
+  TransportSecurityInfo(
+      uint32_t aSecurityState, PRErrorCode aErrorCode,
+      nsTArray<RefPtr<nsIX509Cert>>&& aFailedCertChain,
+      nsCOMPtr<nsIX509Cert>& aServerCert,
+      nsTArray<RefPtr<nsIX509Cert>>&& aSucceededCertChain,
+      Maybe<uint16_t> aCipherSuite, Maybe<nsCString> aKeaGroupName,
+      Maybe<nsCString> aSignatureSchemeName, Maybe<uint16_t> aProtocolVersion,
+      uint16_t aCertificateTransparencyStatus, Maybe<bool> aIsAcceptedEch,
+      Maybe<bool> aIsDelegatedCredential,
+      Maybe<OverridableErrorCategory> aOverridableErrorCategory,
+      bool aMadeOCSPRequests, bool aUsedPrivateDNS, Maybe<bool> aIsEV,
+      bool aNPNCompleted, const nsCString& aNegotiatedNPN, bool aResumed,
+      bool aIsBuiltCertChainRootBuiltInRoot, const nsCString& aPeerId);
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSITRANSPORTSECURITYINFO
+
+  static bool DeserializeFromIPC(IPC::MessageReader* aReader,
+                                 RefPtr<nsITransportSecurityInfo>* aResult);
+  static nsresult Read(const nsCString& aSerializedSecurityInfo,
+                       nsITransportSecurityInfo** aResult);
+  static uint16_t ConvertCertificateTransparencyInfoToStatus(
+      const mozilla::psm::CertificateTransparencyInfo& info);
+
+ private:
+  virtual ~TransportSecurityInfo() = default;
+
+  const uint32_t mSecurityState;
+  const PRErrorCode mErrorCode;
+  // Peer cert chain for failed connections.
+  const nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain;
+  const nsCOMPtr<nsIX509Cert> mServerCert;
+  const nsTArray<RefPtr<nsIX509Cert>> mSucceededCertChain;
+  const mozilla::Maybe<uint16_t> mCipherSuite;
+  const mozilla::Maybe<nsCString> mKeaGroupName;
+  const mozilla::Maybe<nsCString> mSignatureSchemeName;
+  const mozilla::Maybe<uint16_t> mProtocolVersion;
+  const uint16_t mCertificateTransparencyStatus;
+  const mozilla::Maybe<bool> mIsAcceptedEch;
+  const mozilla::Maybe<bool> mIsDelegatedCredential;
+  const mozilla::Maybe<OverridableErrorCategory> mOverridableErrorCategory;
+  const bool mMadeOCSPRequests;
+  const bool mUsedPrivateDNS;
+  const mozilla::Maybe<bool> mIsEV;
+  const bool mNPNCompleted;
+  const nsCString mNegotiatedNPN;
+  const bool mResumed;
+  const bool mIsBuiltCertChainRootBuiltInRoot;
+  const nsCString mPeerId;
+
+  static nsresult ReadOldOverridableErrorBits(
+      nsIObjectInputStream* aStream,
+      OverridableErrorCategory& aOverridableErrorCategory);
+  static nsresult ReadSSLStatus(
+      nsIObjectInputStream* aStream, nsCOMPtr<nsIX509Cert>& aServerCert,
+      Maybe<uint16_t>& aCipherSuite, Maybe<uint16_t>& aProtocolVersion,
+      Maybe<OverridableErrorCategory>& aOverridableErrorCategory,
+      Maybe<bool>& aIsEV, uint16_t& aCertificateTransparencyStatus,
+      Maybe<nsCString>& aKeaGroupName, Maybe<nsCString>& aSignatureSchemeName,
+      nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain);
+
+  // This function is used to read the binary that are serialized
+  // by using nsIX509CertList
+  static nsresult ReadCertList(nsIObjectInputStream* aStream,
+                               nsTArray<RefPtr<nsIX509Cert>>& aCertList);
+  static nsresult ReadCertificatesFromStream(
+      nsIObjectInputStream* aStream, uint32_t aSize,
+      nsTArray<RefPtr<nsIX509Cert>>& aCertList);
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // TransportSecurityInfo_h
diff --git a/security/manager/ssl/VerifySSLServerCertChild.cpp b/security/manager/ssl/VerifySSLServerCertChild.cpp
new file mode 100644
index 0000000000..b8b00d1c34
--- /dev/null
+++ b/security/manager/ssl/VerifySSLServerCertChild.cpp
@@ -0,0 +1,123 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "VerifySSLServerCertChild.h"
+
+#include "CertVerifier.h"
+#include "mozilla/ipc/BackgroundChild.h"
+#include "mozilla/ipc/PBackgroundChild.h"
+#include "nsNSSIOLayer.h"
+#include "nsSerializationHelper.h"
+
+#include "secerr.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+namespace mozilla {
+namespace psm {
+
+VerifySSLServerCertChild::VerifySSLServerCertChild(
+    SSLServerCertVerificationResult* aResultTask,
+    nsTArray<nsTArray<uint8_t>>&& aPeerCertChain, uint32_t aProviderFlags)
+    : mResultTask(aResultTask),
+      mPeerCertChain(std::move(aPeerCertChain)),
+      mProviderFlags(aProviderFlags) {}
+
+ipc::IPCResult VerifySSLServerCertChild::RecvOnVerifiedSSLServerCertSuccess(
+    nsTArray<ByteArray>&& aBuiltCertChain,
+    const uint16_t& aCertTransparencyStatus, const uint8_t& aEVStatus,
+    const bool& aIsBuiltCertChainRootBuiltInRoot,
+    const bool& aMadeOCSPRequests) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] VerifySSLServerCertChild::RecvOnVerifiedSSLServerCertSuccess",
+           this));
+
+  nsTArray<nsTArray<uint8_t>> certBytesArray;
+  for (auto& cert : aBuiltCertChain) {
+    certBytesArray.AppendElement(std::move(cert.data()));
+  }
+
+  mResultTask->Dispatch(
+      std::move(certBytesArray), std::move(mPeerCertChain),
+      aCertTransparencyStatus, static_cast<EVStatus>(aEVStatus), true, 0,
+      nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET,
+      aIsBuiltCertChainRootBuiltInRoot, mProviderFlags, aMadeOCSPRequests);
+  return IPC_OK();
+}
+
+ipc::IPCResult VerifySSLServerCertChild::RecvOnVerifiedSSLServerCertFailure(
+    const int32_t& aFinalError, const uint32_t& aOverridableErrorCategory,
+    const bool& aMadeOCSPRequests) {
+  mResultTask->Dispatch(
+      nsTArray<nsTArray<uint8_t>>(), std::move(mPeerCertChain),
+      nsITransportSecurityInfo::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE,
+      EVStatus::NotEV, false, aFinalError,
+      static_cast<nsITransportSecurityInfo::OverridableErrorCategory>(
+          aOverridableErrorCategory),
+      false, mProviderFlags, aMadeOCSPRequests);
+  return IPC_OK();
+}
+
+SECStatus RemoteProcessCertVerification(
+    nsTArray<nsTArray<uint8_t>>&& aPeerCertChain, const nsACString& aHostName,
+    int32_t aPort, const OriginAttributes& aOriginAttributes,
+    Maybe<nsTArray<uint8_t>>& aStapledOCSPResponse,
+    Maybe<nsTArray<uint8_t>>& aSctsFromTLSExtension,
+    Maybe<DelegatedCredentialInfo>& aDcInfo, uint32_t aProviderFlags,
+    uint32_t aCertVerifierFlags, SSLServerCertVerificationResult* aResultTask) {
+  if (!aResultTask) {
+    PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+    return SECFailure;
+  }
+
+  nsTArray<ByteArray> peerCertBytes;
+  for (auto& certBytes : aPeerCertChain) {
+    peerCertBytes.AppendElement(ByteArray(certBytes));
+  }
+
+  Maybe<ByteArray> stapledOCSPResponse;
+  if (aStapledOCSPResponse) {
+    stapledOCSPResponse.emplace();
+    stapledOCSPResponse->data().Assign(*aStapledOCSPResponse);
+  }
+
+  Maybe<ByteArray> sctsFromTLSExtension;
+  if (aSctsFromTLSExtension) {
+    sctsFromTLSExtension.emplace();
+    sctsFromTLSExtension->data().Assign(*aSctsFromTLSExtension);
+  }
+
+  Maybe<DelegatedCredentialInfoArg> dcInfo;
+  if (aDcInfo) {
+    dcInfo.emplace();
+    dcInfo.ref().scheme() = static_cast<uint32_t>(aDcInfo->scheme);
+    dcInfo.ref().authKeyBits() = static_cast<uint32_t>(aDcInfo->authKeyBits);
+  }
+
+  mozilla::ipc::PBackgroundChild* actorChild = mozilla::ipc::BackgroundChild::
+      GetOrCreateForSocketParentBridgeForCurrentThread();
+  if (!actorChild) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+
+  RefPtr<VerifySSLServerCertChild> authCert = new VerifySSLServerCertChild(
+      aResultTask, std::move(aPeerCertChain), aProviderFlags);
+  if (!actorChild->SendPVerifySSLServerCertConstructor(
+          authCert, peerCertBytes, PromiseFlatCString(aHostName), aPort,
+          aOriginAttributes, stapledOCSPResponse, sctsFromTLSExtension, dcInfo,
+          aProviderFlags, aCertVerifierFlags)) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+
+  PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+  return SECWouldBlock;
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/VerifySSLServerCertChild.h b/security/manager/ssl/VerifySSLServerCertChild.h
new file mode 100644
index 0000000000..94fd5d48d0
--- /dev/null
+++ b/security/manager/ssl/VerifySSLServerCertChild.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_psm_VerifySSLServerCertChild_h__
+#define mozilla_psm_VerifySSLServerCertChild_h__
+
+#include "mozilla/psm/PVerifySSLServerCertChild.h"
+
+#include "SSLServerCertVerification.h"
+#include "mozilla/RefPtr.h"
+#include "nsISupportsImpl.h"
+#include "nsString.h"
+#include "seccomon.h"
+
+namespace mozilla {
+namespace psm {
+
+class DelegatedCredentialInfo;
+
+// This class implements the socket process part of the server certificate
+// verification IPC protocol.
+class VerifySSLServerCertChild : public PVerifySSLServerCertChild {
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(VerifySSLServerCertChild, override);
+
+  explicit VerifySSLServerCertChild(
+      SSLServerCertVerificationResult* aResultTask,
+      nsTArray<nsTArray<uint8_t>>&& aPeerCertChain, uint32_t aProviderFlags);
+
+  ipc::IPCResult RecvOnVerifiedSSLServerCertSuccess(
+      nsTArray<ByteArray>&& aBuiltCertChain,
+      const uint16_t& aCertTransparencyStatus, const uint8_t& aEVStatus,
+      const bool& aIsBuiltCertChainRootBuiltInRoot,
+      const bool& aMadeOCSPRequests);
+
+  ipc::IPCResult RecvOnVerifiedSSLServerCertFailure(
+      const int32_t& aFinalError, const uint32_t& aOverridableErrorCategory,
+      const bool& aMadeOCSPRequests);
+
+ private:
+  ~VerifySSLServerCertChild() = default;
+
+  RefPtr<SSLServerCertVerificationResult> mResultTask;
+  nsTArray<nsTArray<uint8_t>> mPeerCertChain;
+  uint32_t mProviderFlags;
+};
+
+SECStatus RemoteProcessCertVerification(
+    nsTArray<nsTArray<uint8_t>>&& aPeerCertChain, const nsACString& aHostName,
+    int32_t aPort, const OriginAttributes& aOriginAttributes,
+    Maybe<nsTArray<uint8_t>>& aStapledOCSPResponse,
+    Maybe<nsTArray<uint8_t>>& aSctsFromTLSExtension,
+    Maybe<DelegatedCredentialInfo>& aDcInfo, uint32_t aProviderFlags,
+    uint32_t aCertVerifierFlags, SSLServerCertVerificationResult* aResultTask);
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/VerifySSLServerCertParent.cpp b/security/manager/ssl/VerifySSLServerCertParent.cpp
new file mode 100644
index 0000000000..7216c571d1
--- /dev/null
+++ b/security/manager/ssl/VerifySSLServerCertParent.cpp
@@ -0,0 +1,185 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "VerifySSLServerCertParent.h"
+
+#include "cert.h"
+#include "nsNSSComponent.h"
+#include "secerr.h"
+#include "SharedCertVerifier.h"
+#include "NSSCertDBTrustDomain.h"
+#include "SSLServerCertVerification.h"
+#include "nsNSSIOLayer.h"
+#include "nsISocketProvider.h"
+#include "mozilla/ipc/BackgroundParent.h"
+#include "mozilla/Unused.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+using mozilla::ipc::AssertIsOnBackgroundThread;
+using mozilla::ipc::IsOnBackgroundThread;
+
+using namespace mozilla::pkix;
+
+namespace mozilla {
+namespace psm {
+
+VerifySSLServerCertParent::VerifySSLServerCertParent() {}
+
+void VerifySSLServerCertParent::OnVerifiedSSLServerCert(
+    const nsTArray<ByteArray>& aBuiltCertChain,
+    uint16_t aCertificateTransparencyStatus, uint8_t aEVStatus, bool aSucceeded,
+    PRErrorCode aFinalError, uint32_t aOverridableErrorCategory,
+    bool aIsBuiltCertChainRootBuiltInRoot, bool aMadeOCSPRequests) {
+  AssertIsOnBackgroundThread();
+
+  if (!CanSend()) {
+    return;
+  }
+
+  if (aSucceeded) {
+    Unused << SendOnVerifiedSSLServerCertSuccess(
+        aBuiltCertChain, aCertificateTransparencyStatus, aEVStatus,
+        aIsBuiltCertChainRootBuiltInRoot, aMadeOCSPRequests);
+  } else {
+    Unused << SendOnVerifiedSSLServerCertFailure(
+        aFinalError, aOverridableErrorCategory, aMadeOCSPRequests);
+  }
+  Unused << Send__delete__(this);
+}
+
+namespace {
+
+class IPCServerCertVerificationResult final
+    : public BaseSSLServerCertVerificationResult {
+ public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(IPCServerCertVerificationResult,
+                                        override)
+
+  IPCServerCertVerificationResult(nsIEventTarget* aTarget,
+                                  VerifySSLServerCertParent* aParent)
+      : mTarget(aTarget), mParent(aParent) {}
+
+  void Dispatch(nsTArray<nsTArray<uint8_t>>&& aBuiltChain,
+                nsTArray<nsTArray<uint8_t>>&& aPeerCertChain,
+                uint16_t aCertificateTransparencyStatus, EVStatus aEVStatus,
+                bool aSucceeded, PRErrorCode aFinalError,
+                nsITransportSecurityInfo::OverridableErrorCategory
+                    aOverridableErrorCategory,
+                bool aIsBuiltCertChainRootBuiltInRoot, uint32_t aProviderFlags,
+                bool aMadeOCSPRequests) override;
+
+ private:
+  ~IPCServerCertVerificationResult() = default;
+
+  nsCOMPtr<nsIEventTarget> mTarget;
+  RefPtr<VerifySSLServerCertParent> mParent;
+};
+
+void IPCServerCertVerificationResult::Dispatch(
+    nsTArray<nsTArray<uint8_t>>&& aBuiltChain,
+    nsTArray<nsTArray<uint8_t>>&& aPeerCertChain,
+    uint16_t aCertificateTransparencyStatus, EVStatus aEVStatus,
+    bool aSucceeded, PRErrorCode aFinalError,
+    nsITransportSecurityInfo::OverridableErrorCategory
+        aOverridableErrorCategory,
+    bool aIsBuiltCertChainRootBuiltInRoot, uint32_t aProviderFlags,
+    bool aMadeOCSPRequests) {
+  nsTArray<ByteArray> builtCertChain;
+  if (aSucceeded) {
+    for (auto& cert : aBuiltChain) {
+      builtCertChain.AppendElement(ByteArray(cert));
+    }
+  }
+
+  nsresult nrv = mTarget->Dispatch(
+      NS_NewRunnableFunction(
+          "psm::VerifySSLServerCertParent::OnVerifiedSSLServerCert",
+          [parent(mParent), builtCertChain{std::move(builtCertChain)},
+           aCertificateTransparencyStatus, aEVStatus, aSucceeded, aFinalError,
+           aOverridableErrorCategory, aIsBuiltCertChainRootBuiltInRoot,
+           aMadeOCSPRequests, aProviderFlags]() {
+            if (aSucceeded &&
+                !(aProviderFlags & nsISocketProvider::NO_PERMANENT_STORAGE)) {
+              nsTArray<nsTArray<uint8_t>> certBytesArray;
+              for (const auto& cert : builtCertChain) {
+                certBytesArray.AppendElement(cert.data().Clone());
+              }
+              // This dispatches an event that will run when the socket thread
+              // is idle.
+              SaveIntermediateCerts(certBytesArray);
+            }
+            parent->OnVerifiedSSLServerCert(
+                builtCertChain, aCertificateTransparencyStatus,
+                static_cast<uint8_t>(aEVStatus), aSucceeded, aFinalError,
+                static_cast<uint32_t>(aOverridableErrorCategory),
+                aIsBuiltCertChainRootBuiltInRoot, aMadeOCSPRequests);
+          }),
+      NS_DISPATCH_NORMAL);
+  MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(nrv));
+  Unused << nrv;
+}
+
+}  // anonymous namespace
+
+bool VerifySSLServerCertParent::Dispatch(
+    nsTArray<ByteArray>&& aPeerCertChain, const nsACString& aHostName,
+    const int32_t& aPort, const OriginAttributes& aOriginAttributes,
+    const Maybe<ByteArray>& aStapledOCSPResponse,
+    const Maybe<ByteArray>& aSctsFromTLSExtension,
+    const Maybe<DelegatedCredentialInfoArg>& aDcInfo,
+    const uint32_t& aProviderFlags, const uint32_t& aCertVerifierFlags) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("VerifySSLServerCertParent::Dispatch"));
+  AssertIsOnBackgroundThread();
+
+  mBackgroundThread = NS_GetCurrentThread();
+
+  nsTArray<nsTArray<uint8_t>> peerCertBytes;
+  for (auto& certBytes : aPeerCertChain) {
+    nsTArray<uint8_t> bytes;
+    peerCertBytes.AppendElement(std::move(certBytes.data()));
+  }
+
+  Maybe<nsTArray<uint8_t>> stapledOCSPResponse;
+  if (aStapledOCSPResponse) {
+    stapledOCSPResponse.emplace(aStapledOCSPResponse->data().Clone());
+  }
+
+  Maybe<nsTArray<uint8_t>> sctsFromTLSExtension;
+  if (aSctsFromTLSExtension) {
+    sctsFromTLSExtension.emplace(aSctsFromTLSExtension->data().Clone());
+  }
+
+  Maybe<DelegatedCredentialInfo> dcInfo;
+  if (aDcInfo) {
+    dcInfo.emplace();
+    dcInfo->scheme = static_cast<SSLSignatureScheme>(aDcInfo->scheme());
+    dcInfo->authKeyBits = aDcInfo->authKeyBits();
+  }
+
+  RefPtr<IPCServerCertVerificationResult> resultTask =
+      new IPCServerCertVerificationResult(mBackgroundThread, this);
+  SECStatus status = SSLServerCertVerificationJob::Dispatch(
+      0, nullptr, std::move(peerCertBytes), aHostName, aPort, aOriginAttributes,
+      stapledOCSPResponse, sctsFromTLSExtension, dcInfo, aProviderFlags, Now(),
+      aCertVerifierFlags, resultTask);
+
+  if (status != SECWouldBlock) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("VerifySSLServerCertParent::Dispatch - dispatch failed"));
+    return false;
+  }
+
+  return true;
+}
+
+void VerifySSLServerCertParent::ActorDestroy(ActorDestroyReason aWhy) {}
+
+VerifySSLServerCertParent::~VerifySSLServerCertParent() = default;
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/VerifySSLServerCertParent.h b/security/manager/ssl/VerifySSLServerCertParent.h
new file mode 100644
index 0000000000..b1ba35c393
--- /dev/null
+++ b/security/manager/ssl/VerifySSLServerCertParent.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_psm_VerifySSLServerCertParent_h__
+#define mozilla_psm_VerifySSLServerCertParent_h__
+
+#include "mozilla/psm/PVerifySSLServerCertParent.h"
+#include "mozpkix/Time.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+
+namespace mozilla {
+namespace psm {
+
+// This class implements the main process side of the server certificate
+// verification for socket process.
+// SSLServerCertVerificationJob::Dispatch is called in
+// VerifySSLServerCertParent::Dispatch with IPCServerCertVerificationResult and
+// the result of the certificate verification will be sent to the socket process
+// via IPC.
+class VerifySSLServerCertParent : public PVerifySSLServerCertParent {
+ public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(VerifySSLServerCertParent, override)
+
+  VerifySSLServerCertParent();
+
+  bool Dispatch(nsTArray<ByteArray>&& aPeerCertChain,
+                const nsACString& aHostName, const int32_t& aPort,
+                const OriginAttributes& aOriginAttributes,
+                const Maybe<ByteArray>& aStapledOCSPResponse,
+                const Maybe<ByteArray>& aSctsFromTLSExtension,
+                const Maybe<DelegatedCredentialInfoArg>& aDcInfo,
+                const uint32_t& aProviderFlags,
+                const uint32_t& aCertVerifierFlags);
+
+  void OnVerifiedSSLServerCert(const nsTArray<ByteArray>& aBuiltCertChain,
+                               uint16_t aCertificateTransparencyStatus,
+                               uint8_t aEVStatus, bool aSucceeded,
+                               PRErrorCode aFinalError,
+                               uint32_t aOverridableErrorCategory,
+                               bool aIsBuiltCertChainRootBuiltInRoot,
+                               bool aMadeOCSPRequests);
+
+ private:
+  virtual ~VerifySSLServerCertParent();
+
+  // PVerifySSLServerCertParent
+  void ActorDestroy(ActorDestroyReason aWhy) override;
+
+  nsCOMPtr<nsIEventTarget> mBackgroundThread;
+};
+
+}  // namespace psm
+}  // namespace mozilla
+
+#endif  // mozilla_psm_VerifySSLServerCertParent_h__
diff --git a/security/manager/ssl/X509.sys.mjs b/security/manager/ssl/X509.sys.mjs
new file mode 100644
index 0000000000..0d85ca5730
--- /dev/null
+++ b/security/manager/ssl/X509.sys.mjs
@@ -0,0 +1,641 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { DER } from "resource://gre/modules/psm/DER.sys.mjs";
+
+const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1";
+const ERROR_TIME_NOT_VALID = "Time not valid";
+const ERROR_LIBRARY_FAILURE = "library failure";
+
+const X509v3 = 2;
+
+/**
+ * Helper function to read a NULL tag from the given DER.
+ *
+ * @param {DER} der a DER object to read a NULL from
+ * @returns {null} an object representing an ASN.1 NULL
+ */
+function readNULL(der) {
+  return new NULL(der.readTagAndGetContents(DER.NULL));
+}
+
+/**
+ * Class representing an ASN.1 NULL. When encoded as DER, the only valid value
+ * is 05 00, and thus the contents should always be an empty array.
+ */
+class NULL {
+  /**
+   * @param {number[]} bytes the contents of the NULL tag (should be empty)
+   */
+  constructor(bytes) {
+    // Lint TODO: bytes should be an empty array
+    this._contents = bytes;
+  }
+}
+
+/**
+ * Helper function to read an OBJECT IDENTIFIER from the given DER.
+ *
+ * @param {DER} der the DER to read an OBJECT IDENTIFIER from
+ * @returns {OID} the value of the OBJECT IDENTIFIER
+ */
+function readOID(der) {
+  return new OID(der.readTagAndGetContents(DER.OBJECT_IDENTIFIER));
+}
+
+/** Class representing an ASN.1 OBJECT IDENTIFIER */
+class OID {
+  /**
+   * @param {number[]} bytes the encoded contents of the OBJECT IDENTIFIER
+   *                   (not including the ASN.1 tag or length bytes)
+   */
+  constructor(bytes) {
+    this._values = [];
+    // First octet has value 40 * value1 + value2
+    // Lint TODO: validate that value1 is one of {0, 1, 2}
+    // Lint TODO: validate that value2 is in [0, 39] if value1 is 0 or 1
+    let value1 = Math.floor(bytes[0] / 40);
+    let value2 = bytes[0] - 40 * value1;
+    this._values.push(value1);
+    this._values.push(value2);
+    bytes.shift();
+    let accumulator = 0;
+    // Lint TODO: prevent overflow here
+    while (bytes.length) {
+      let value = bytes.shift();
+      accumulator *= 128;
+      if (value > 128) {
+        accumulator += value - 128;
+      } else {
+        accumulator += value;
+        this._values.push(accumulator);
+        accumulator = 0;
+      }
+    }
+  }
+}
+
+/**
+ * Class that serves as an abstract base class for more specific classes that
+ * represent datatypes from RFC 5280 and others. Given an array of bytes
+ * representing the DER encoding of such types, this framework simplifies the
+ * process of making a new DER object, attempting to parse the given bytes, and
+ * catching and stashing thrown exceptions. Subclasses are to implement
+ * parseOverride, which should read from this._der to fill out the structure's
+ * values.
+ */
+class DecodedDER {
+  constructor() {
+    this._der = null;
+    this._error = null;
+  }
+
+  /**
+   * Returns the first exception encountered when decoding or null if none has
+   * been encountered.
+   *
+   * @returns {Error} the first exception encountered when decoding or null
+   */
+  get error() {
+    return this._error;
+  }
+
+  /**
+   * Does the actual work of parsing the data. To be overridden by subclasses.
+   * If an implementation of parseOverride throws an exception, parse will catch
+   * that exception and stash it in the error property. This enables parent
+   * levels in a nested decoding hierarchy to continue to decode as much as
+   * possible.
+   */
+  parseOverride() {
+    throw new Error(ERROR_LIBRARY_FAILURE);
+  }
+
+  /**
+   * Public interface to be called to parse all data. Calls parseOverride inside
+   * a try/catch block. If an exception is thrown, stashes the error, which can
+   * be obtained via the error getter (above).
+   *
+   * @param {number[]} bytes encoded DER to be decoded
+   */
+  parse(bytes) {
+    this._der = new DER.DERDecoder(bytes);
+    try {
+      this.parseOverride();
+    } catch (e) {
+      this._error = e;
+    }
+  }
+}
+
+/**
+ * Helper function for reading the next SEQUENCE out of a DER and creating a new
+ * DER out of the resulting bytes.
+ *
+ * @param {DER} der the underlying DER object
+ * @returns {DER} the contents of the SEQUENCE
+ */
+function readSEQUENCEAndMakeDER(der) {
+  return new DER.DERDecoder(der.readTagAndGetContents(DER.SEQUENCE));
+}
+
+/**
+ * Helper function for reading the next item identified by tag out of a DER and
+ * creating a new DER out of the resulting bytes.
+ *
+ * @param {DER} der the underlying DER object
+ * @param {number} tag the expected next tag in the DER
+ * @returns {DER} the contents of the tag
+ */
+function readTagAndMakeDER(der, tag) {
+  return new DER.DERDecoder(der.readTagAndGetContents(tag));
+}
+
+// Certificate  ::=  SEQUENCE  {
+//      tbsCertificate       TBSCertificate,
+//      signatureAlgorithm   AlgorithmIdentifier,
+//      signatureValue       BIT STRING  }
+class Certificate extends DecodedDER {
+  constructor() {
+    super();
+    this._tbsCertificate = new TBSCertificate();
+    this._signatureAlgorithm = new AlgorithmIdentifier();
+    this._signatureValue = [];
+  }
+
+  get tbsCertificate() {
+    return this._tbsCertificate;
+  }
+
+  get signatureAlgorithm() {
+    return this._signatureAlgorithm;
+  }
+
+  get signatureValue() {
+    return this._signatureValue;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._tbsCertificate.parse(contents.readTLV());
+    this._signatureAlgorithm.parse(contents.readTLV());
+
+    let signatureValue = contents.readBIT_STRING();
+    if (signatureValue.unusedBits != 0) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    this._signatureValue = signatureValue.contents;
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// TBSCertificate  ::=  SEQUENCE  {
+//      version         [0]  EXPLICIT Version DEFAULT v1,
+//      serialNumber         CertificateSerialNumber,
+//      signature            AlgorithmIdentifier,
+//      issuer               Name,
+//      validity             Validity,
+//      subject              Name,
+//      subjectPublicKeyInfo SubjectPublicKeyInfo,
+//      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+//                           -- If present, version MUST be v2 or v3
+//      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+//                           -- If present, version MUST be v2 or v3
+//      extensions      [3]  EXPLICIT Extensions OPTIONAL
+//                           -- If present, version MUST be v3
+//      }
+class TBSCertificate extends DecodedDER {
+  constructor() {
+    super();
+    this._version = null;
+    this._serialNumber = [];
+    this._signature = new AlgorithmIdentifier();
+    this._issuer = new Name();
+    this._validity = new Validity();
+    this._subject = new Name();
+    this._subjectPublicKeyInfo = new SubjectPublicKeyInfo();
+    this._extensions = [];
+  }
+
+  get version() {
+    return this._version;
+  }
+
+  get serialNumber() {
+    return this._serialNumber;
+  }
+
+  get signature() {
+    return this._signature;
+  }
+
+  get issuer() {
+    return this._issuer;
+  }
+
+  get validity() {
+    return this._validity;
+  }
+
+  get subject() {
+    return this._subject;
+  }
+
+  get subjectPublicKeyInfo() {
+    return this._subjectPublicKeyInfo;
+  }
+
+  get extensions() {
+    return this._extensions;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+
+    let versionTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 0;
+    if (!contents.peekTag(versionTag)) {
+      this._version = 1;
+    } else {
+      let versionContents = readTagAndMakeDER(contents, versionTag);
+      let versionBytes = versionContents.readTagAndGetContents(DER.INTEGER);
+      if (versionBytes.length == 1 && versionBytes[0] == X509v3) {
+        this._version = 3;
+      } else {
+        // Lint TODO: warn about non-v3 certificates (this INTEGER could take up
+        // multiple bytes, be negative, and so on).
+        this._version = versionBytes;
+      }
+      versionContents.assertAtEnd();
+    }
+
+    let serialNumberBytes = contents.readTagAndGetContents(DER.INTEGER);
+    this._serialNumber = serialNumberBytes;
+    this._signature.parse(contents.readTLV());
+    this._issuer.parse(contents.readTLV());
+    this._validity.parse(contents.readTLV());
+    this._subject.parse(contents.readTLV());
+    this._subjectPublicKeyInfo.parse(contents.readTLV());
+
+    // Lint TODO: warn about unsupported features
+    let issuerUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 1;
+    if (contents.peekTag(issuerUniqueIDTag)) {
+      contents.readTagAndGetContents(issuerUniqueIDTag);
+    }
+    let subjectUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 2;
+    if (contents.peekTag(subjectUniqueIDTag)) {
+      contents.readTagAndGetContents(subjectUniqueIDTag);
+    }
+
+    let extensionsTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 3;
+    if (contents.peekTag(extensionsTag)) {
+      let extensionsSequence = readTagAndMakeDER(contents, extensionsTag);
+      let extensionsContents = readSEQUENCEAndMakeDER(extensionsSequence);
+      while (!extensionsContents.atEnd()) {
+        // TODO: parse extensions
+        this._extensions.push(extensionsContents.readTLV());
+      }
+      extensionsContents.assertAtEnd();
+      extensionsSequence.assertAtEnd();
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// AlgorithmIdentifier  ::=  SEQUENCE  {
+//      algorithm               OBJECT IDENTIFIER,
+//      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+class AlgorithmIdentifier extends DecodedDER {
+  constructor() {
+    super();
+    this._algorithm = null;
+    this._parameters = null;
+  }
+
+  get algorithm() {
+    return this._algorithm;
+  }
+
+  get parameters() {
+    return this._parameters;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._algorithm = readOID(contents);
+    if (!contents.atEnd()) {
+      if (contents.peekTag(DER.NULL)) {
+        this._parameters = readNULL(contents);
+      } else if (contents.peekTag(DER.OBJECT_IDENTIFIER)) {
+        this._parameters = readOID(contents);
+      }
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// Name ::= CHOICE { -- only one possibility for now --
+//   rdnSequence  RDNSequence }
+//
+// RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+class Name extends DecodedDER {
+  constructor() {
+    super();
+    this._rdns = [];
+  }
+
+  get rdns() {
+    return this._rdns;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    while (!contents.atEnd()) {
+      let rdn = new RelativeDistinguishedName();
+      rdn.parse(contents.readTLV());
+      this._rdns.push(rdn);
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// RelativeDistinguishedName ::=
+//   SET SIZE (1..MAX) OF AttributeTypeAndValue
+class RelativeDistinguishedName extends DecodedDER {
+  constructor() {
+    super();
+    this._avas = [];
+  }
+
+  get avas() {
+    return this._avas;
+  }
+
+  parseOverride() {
+    let contents = readTagAndMakeDER(this._der, DER.SET);
+    // Lint TODO: enforce SET SIZE restrictions
+    while (!contents.atEnd()) {
+      let ava = new AttributeTypeAndValue();
+      ava.parse(contents.readTLV());
+      this._avas.push(ava);
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// AttributeTypeAndValue ::= SEQUENCE {
+//   type     AttributeType,
+//   value    AttributeValue }
+//
+// AttributeType ::= OBJECT IDENTIFIER
+//
+// AttributeValue ::= ANY -- DEFINED BY AttributeType
+class AttributeTypeAndValue extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._value = new DirectoryString();
+  }
+
+  get type() {
+    return this._type;
+  }
+
+  get value() {
+    return this._value;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._type = readOID(contents);
+    // We don't support universalString or bmpString.
+    // IA5String is supported because it is valid if `type == id-emailaddress`.
+    // Lint TODO: validate that the type of string is valid given `type`.
+    this._value.parse(
+      contents.readTLVChoice([
+        DER.UTF8String,
+        DER.PrintableString,
+        DER.TeletexString,
+        DER.IA5String,
+      ])
+    );
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// DirectoryString ::= CHOICE {
+//       teletexString           TeletexString (SIZE (1..MAX)),
+//       printableString         PrintableString (SIZE (1..MAX)),
+//       universalString         UniversalString (SIZE (1..MAX)),
+//       utf8String              UTF8String (SIZE (1..MAX)),
+//       bmpString               BMPString (SIZE (1..MAX)) }
+class DirectoryString extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._value = null;
+  }
+
+  get type() {
+    return this._type;
+  }
+
+  get value() {
+    return this._value;
+  }
+
+  parseOverride() {
+    if (this._der.peekTag(DER.UTF8String)) {
+      this._type = DER.UTF8String;
+    } else if (this._der.peekTag(DER.PrintableString)) {
+      this._type = DER.PrintableString;
+    } else if (this._der.peekTag(DER.TeletexString)) {
+      this._type = DER.TeletexString;
+    } else if (this._der.peekTag(DER.IA5String)) {
+      this._type = DER.IA5String;
+    }
+    // Lint TODO: validate that the contents are actually valid for the type
+    this._value = this._der.readTagAndGetContents(this._type);
+    this._der.assertAtEnd();
+  }
+}
+
+// Time ::= CHOICE {
+//      utcTime        UTCTime,
+//      generalTime    GeneralizedTime }
+class Time extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._time = null;
+  }
+
+  get time() {
+    return this._time;
+  }
+
+  parseOverride() {
+    if (this._der.peekTag(DER.UTCTime)) {
+      this._type = DER.UTCTime;
+    } else if (this._der.peekTag(DER.GeneralizedTime)) {
+      this._type = DER.GeneralizedTime;
+    }
+    let contents = readTagAndMakeDER(this._der, this._type);
+    let year;
+    // Lint TODO: validate that the appropriate one of {UTCTime,GeneralizedTime}
+    // is used according to RFC 5280 and what the value of the date is.
+    // TODO TODO: explain this better (just quote the rfc).
+    if (this._type == DER.UTCTime) {
+      // UTCTime is YYMMDDHHMMSSZ in RFC 5280. If YY is greater than or equal
+      // to 50, the year is 19YY. Otherwise, it is 20YY.
+      let y1 = this._validateDigit(contents.readByte());
+      let y2 = this._validateDigit(contents.readByte());
+      let yy = y1 * 10 + y2;
+      if (yy >= 50) {
+        year = 1900 + yy;
+      } else {
+        year = 2000 + yy;
+      }
+    } else {
+      // GeneralizedTime is YYYYMMDDHHMMSSZ in RFC 5280.
+      year = 0;
+      for (let i = 0; i < 4; i++) {
+        let y = this._validateDigit(contents.readByte());
+        year = year * 10 + y;
+      }
+    }
+
+    let m1 = this._validateDigit(contents.readByte());
+    let m2 = this._validateDigit(contents.readByte());
+    let month = m1 * 10 + m2;
+    if (month == 0 || month > 12) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let d1 = this._validateDigit(contents.readByte());
+    let d2 = this._validateDigit(contents.readByte());
+    let day = d1 * 10 + d2;
+    if (day == 0 || day > 31) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let h1 = this._validateDigit(contents.readByte());
+    let h2 = this._validateDigit(contents.readByte());
+    let hour = h1 * 10 + h2;
+    if (hour > 23) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let min1 = this._validateDigit(contents.readByte());
+    let min2 = this._validateDigit(contents.readByte());
+    let minute = min1 * 10 + min2;
+    if (minute > 59) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let s1 = this._validateDigit(contents.readByte());
+    let s2 = this._validateDigit(contents.readByte());
+    let second = s1 * 10 + s2;
+    if (second > 60) {
+      // leap-seconds mean this can be as much as 60
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let z = contents.readByte();
+    if (z != "Z".charCodeAt(0)) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+    // Lint TODO: verify that the Time doesn't specify a nonsensical
+    // month/day/etc.
+    // months are zero-indexed in JS
+    this._time = new Date(Date.UTC(year, month - 1, day, hour, minute, second));
+
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+
+  /**
+   * Takes a byte that is supposed to be in the ASCII range for "0" to "9".
+   * Validates the range and then converts it to the range 0 to 9.
+   *
+   * @param {number} d the digit in question (as ASCII in the range ["0", "9"])
+   * @returns {number} the numerical value of the digit (in the range [0, 9])
+   */
+  _validateDigit(d) {
+    if (d < "0".charCodeAt(0) || d > "9".charCodeAt(0)) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+    return d - "0".charCodeAt(0);
+  }
+}
+
+// Validity ::= SEQUENCE {
+//      notBefore      Time,
+//      notAfter       Time }
+class Validity extends DecodedDER {
+  constructor() {
+    super();
+    this._notBefore = new Time();
+    this._notAfter = new Time();
+  }
+
+  get notBefore() {
+    return this._notBefore;
+  }
+
+  get notAfter() {
+    return this._notAfter;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._notBefore.parse(
+      contents.readTLVChoice([DER.UTCTime, DER.GeneralizedTime])
+    );
+    this._notAfter.parse(
+      contents.readTLVChoice([DER.UTCTime, DER.GeneralizedTime])
+    );
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// SubjectPublicKeyInfo  ::=  SEQUENCE  {
+//      algorithm            AlgorithmIdentifier,
+//      subjectPublicKey     BIT STRING  }
+class SubjectPublicKeyInfo extends DecodedDER {
+  constructor() {
+    super();
+    this._algorithm = new AlgorithmIdentifier();
+    this._subjectPublicKey = null;
+  }
+
+  get algorithm() {
+    return this._algorithm;
+  }
+
+  get subjectPublicKey() {
+    return this._subjectPublicKey;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._algorithm.parse(contents.readTLV());
+    let subjectPublicKeyBitString = contents.readBIT_STRING();
+    if (subjectPublicKeyBitString.unusedBits != 0) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    this._subjectPublicKey = subjectPublicKeyBitString.contents;
+
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+export var X509 = { Certificate };
diff --git a/security/manager/ssl/X509CertValidity.cpp b/security/manager/ssl/X509CertValidity.cpp
new file mode 100644
index 0000000000..1d5dc54aa6
--- /dev/null
+++ b/security/manager/ssl/X509CertValidity.cpp
@@ -0,0 +1,96 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "X509CertValidity.h"
+
+#include "mozpkix/pkixder.h"
+#include "mozpkix/pkixutil.h"
+#include "nsComponentManagerUtils.h"
+#include "secder.h"
+
+NS_IMPL_ISUPPORTS(X509CertValidity, nsIX509CertValidity)
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+
+X509CertValidity::X509CertValidity(Input certDER)
+    : mNotBefore(0), mNotAfter(0), mTimesInitialized(false) {
+  using namespace mozilla::pkix::der;
+
+  // We're not building a verified certificate chain, so the EndEntityOrCA
+  // parameter doesn't matter.
+  BackCert cert(certDER, EndEntityOrCA::MustBeEndEntity, nullptr);
+  pkix::Result rv = cert.Init();
+  if (rv != Success) {
+    return;
+  }
+  // Validity ::= SEQUENCE {
+  //    notBefore      Time,
+  //    notAfter       Time  }
+  //
+  // Time ::= CHOICE {
+  //    utcTime        UTCTime,
+  //    generalTime    GeneralizedTime }
+  //
+  // NB: BackCert::GetValidity returns the value of the Validity of the
+  // certificate (i.e. notBefore and notAfter, without the enclosing SEQUENCE
+  // and length)
+  Reader reader(cert.GetValidity());
+  uint8_t expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
+  Input notBefore;
+  pkix::Result result = ExpectTagAndGetValue(reader, expectedTag, notBefore);
+  if (result != Success) {
+    return;
+  }
+  SECItemType notBeforeType =
+      expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
+  SECItem notBeforeItem = {
+      notBeforeType, const_cast<unsigned char*>(notBefore.UnsafeGetData()),
+      notBefore.GetLength()};
+  SECStatus srv = DER_DecodeTimeChoice(&mNotBefore, &notBeforeItem);
+  if (srv != SECSuccess) {
+    return;
+  }
+  expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
+  Input notAfter;
+  result = ExpectTagAndGetValue(reader, expectedTag, notAfter);
+  if (result != Success) {
+    return;
+  }
+  SECItemType notAfterType =
+      expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
+  SECItem notAfterItem = {notAfterType,
+                          const_cast<unsigned char*>(notAfter.UnsafeGetData()),
+                          notAfter.GetLength()};
+  srv = DER_DecodeTimeChoice(&mNotAfter, &notAfterItem);
+  if (srv != SECSuccess) {
+    return;
+  }
+
+  mTimesInitialized = true;
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotBefore(PRTime* aNotBefore) {
+  NS_ENSURE_ARG(aNotBefore);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotBefore = mNotBefore;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotAfter(PRTime* aNotAfter) {
+  NS_ENSURE_ARG(aNotAfter);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotAfter = mNotAfter;
+  return NS_OK;
+}
diff --git a/security/manager/ssl/X509CertValidity.h b/security/manager/ssl/X509CertValidity.h
new file mode 100644
index 0000000000..8201c52253
--- /dev/null
+++ b/security/manager/ssl/X509CertValidity.h
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef X509CertValidity_h
+#define X509CertValidity_h
+
+#include "mozpkix/Input.h"
+#include "nsIX509CertValidity.h"
+#include "prtime.h"
+
+class X509CertValidity : public nsIX509CertValidity {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTVALIDITY
+
+  explicit X509CertValidity(mozilla::pkix::Input certDER);
+
+  X509CertValidity(const X509CertValidity& x) = delete;
+  X509CertValidity& operator=(const X509CertValidity& x) = delete;
+
+ protected:
+  virtual ~X509CertValidity() = default;
+
+ private:
+  PRTime mNotBefore;
+  PRTime mNotAfter;
+  bool mTimesInitialized;
+};
+
+#endif  // X509CertValidity_h
diff --git a/security/manager/ssl/addons-public-intermediate.crt b/security/manager/ssl/addons-public-intermediate.crt
new file mode 100644
index 0000000000..d37979bf38
Binary files /dev/null and b/security/manager/ssl/addons-public-intermediate.crt differ
diff --git a/security/manager/ssl/addons-public.crt b/security/manager/ssl/addons-public.crt
new file mode 100644
index 0000000000..6ab711b996
Binary files /dev/null and b/security/manager/ssl/addons-public.crt differ
diff --git a/security/manager/ssl/addons-stage.crt b/security/manager/ssl/addons-stage.crt
new file mode 100644
index 0000000000..73e48cadfe
Binary files /dev/null and b/security/manager/ssl/addons-stage.crt differ
diff --git a/security/manager/ssl/builtins/Cargo.toml b/security/manager/ssl/builtins/Cargo.toml
new file mode 100644
index 0000000000..df54db8491
--- /dev/null
+++ b/security/manager/ssl/builtins/Cargo.toml
@@ -0,0 +1,17 @@
+[package]
+name = "builtins-static"
+version = "0.1.0"
+authors = ["John Schanck <jschanck@mozilla.com>"]
+edition = "2021"
+license = "MPL-2.0"
+
+[dependencies]
+pkcs11-bindings = "0.1.1"
+smallvec = { version = "1.9.0", features = ["const_new"] }
+
+[build-dependencies]
+bindgen = { default-features = false, features = ["runtime"], version = "0.64" }
+nom = "7.1.1"
+
+[lib]
+crate-type = ["staticlib"]
diff --git a/security/manager/ssl/builtins/build.rs b/security/manager/ssl/builtins/build.rs
new file mode 100644
index 0000000000..8375f3368d
--- /dev/null
+++ b/security/manager/ssl/builtins/build.rs
@@ -0,0 +1,568 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+extern crate bindgen;
+extern crate nom;
+
+use bindgen::callbacks::*;
+use bindgen::*;
+
+use nom::branch::alt;
+use nom::bytes::complete::{tag, take_until};
+use nom::character::complete::{
+    char, multispace0, newline, not_line_ending, one_of, space0, space1,
+};
+use nom::combinator::{fail, recognize};
+use nom::multi::{many1, separated_list0};
+use nom::sequence::{delimited, separated_pair, terminated, tuple};
+use nom::IResult;
+
+use std::collections::HashMap;
+use std::env;
+use std::fmt;
+use std::fs::File;
+use std::io::{BufWriter, Write};
+use std::path::PathBuf;
+
+fn octal_block_to_vec_u8(octal_block: &str) -> Vec<u8> {
+    octal_block
+        .lines()
+        .flat_map(|x| x.split('\\').skip(1))
+        .map(|x| u8::from_str_radix(x, 8).expect("octal value out of range."))
+        .collect()
+}
+
+fn octal_block_to_hex_string(octal: &str) -> String {
+    octal_block_to_vec_u8(octal)
+        .iter()
+        .map(|x| format!("0x{:02X}, ", x))
+        .collect()
+}
+
+// Wrapper around values parsed out of certdata.txt
+enum Ck<'a> {
+    Class(&'a str),
+    Comment(&'a str),
+    DistrustAfter(Option<&'a str>),
+    Empty,
+    MultilineOctal(&'a str),
+    OptionBool(&'a str),
+    Trust(&'a str),
+    Utf8(&'a str),
+}
+
+// Translation of parsed values into the output rust code
+impl fmt::Display for Ck<'_> {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            Ck::Class(s) => write!(f, "{s}_BYTES"),
+            Ck::Comment(s) => write!(f, "{}", s.replace('#', "//")),
+            Ck::DistrustAfter(None) => write!(f, "Some(CK_FALSE_BYTES)"),
+            Ck::DistrustAfter(Some(s)) => write!(f, "Some(&[{}])", octal_block_to_hex_string(s)),
+            Ck::Empty => write!(f, "None"),
+            Ck::MultilineOctal(s) => write!(f, "&[{}]", octal_block_to_hex_string(s)),
+            Ck::OptionBool(s) => write!(f, "Some({s}_BYTES)"),
+            Ck::Trust(s) => write!(f, "{s}_BYTES"),
+            Ck::Utf8(s) => write!(f, "\"{s}\\0\""),
+        }
+    }
+}
+
+impl PartialEq for Ck<'_> {
+    fn eq(&self, other: &Self) -> bool {
+        match (self, other) {
+            (Ck::Class(s), Ck::Class(t)) => s.eq(t),
+            (Ck::Comment(s), Ck::Comment(t)) => s.eq(t),
+            (Ck::DistrustAfter(None), Ck::DistrustAfter(None)) => true,
+            (Ck::DistrustAfter(Some(s)), Ck::DistrustAfter(Some(t))) => {
+                // compare the data rather than the presentation
+                let vec_s = octal_block_to_vec_u8(s);
+                let vec_t = octal_block_to_vec_u8(t);
+                vec_s.eq(&vec_t)
+            }
+            (Ck::Empty, Ck::Empty) => true,
+            (Ck::MultilineOctal(s), Ck::MultilineOctal(t)) => {
+                // compare the data rather than the presentation
+                let vec_s = octal_block_to_vec_u8(s);
+                let vec_t = octal_block_to_vec_u8(t);
+                vec_s.eq(&vec_t)
+            }
+            (Ck::Trust(s), Ck::Trust(t)) => s.eq(t),
+            (Ck::Utf8(s), Ck::Utf8(t)) => s.eq(t),
+            _ => false,
+        }
+    }
+}
+
+fn class(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("CK_OBJECT_CLASS")(i)?;
+    let (i, _) = space1(i)?;
+    let (i, class) = alt((
+        tag("CKO_NSS_BUILTIN_ROOT_LIST"),
+        tag("CKO_CERTIFICATE"),
+        tag("CKO_NSS_TRUST"),
+    ))(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    Ok((i, Ck::Class(class)))
+}
+
+fn trust(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("CK_TRUST")(i)?;
+    let (i, _) = space1(i)?;
+    let (i, trust) = alt((
+        tag("CKT_NSS_TRUSTED_DELEGATOR"),
+        tag("CKT_NSS_MUST_VERIFY_TRUST"),
+        tag("CKT_NSS_NOT_TRUSTED"),
+    ))(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    Ok((i, Ck::Trust(trust)))
+}
+
+// Parses a CK_BBOOL and wraps it with Ck::OptionBool so that it gets printed as
+// "Some(CK_TRUE_BYTES)" instead of "CK_TRUE_BYTES".
+fn option_bbool(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("CK_BBOOL")(i)?;
+    let (i, _) = space1(i)?;
+    let (i, b) = alt((tag("CK_TRUE"), tag("CK_FALSE")))(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    Ok((i, Ck::OptionBool(b)))
+}
+
+fn bbool_true(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("CK_BBOOL")(i)?;
+    let (i, _) = space1(i)?;
+    let (i, _) = tag("CK_TRUE")(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    Ok((i, Ck::Empty))
+}
+
+fn bbool_false(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("CK_BBOOL")(i)?;
+    let (i, _) = space1(i)?;
+    let (i, _) = tag("CK_FALSE")(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    Ok((i, Ck::Empty))
+}
+
+fn utf8(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("UTF8")(i)?;
+    let (i, _) = space1(i)?;
+    let (i, _) = char('"')(i)?;
+    let (i, utf8) = take_until("\"")(i)?;
+    let (i, _) = char('"')(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    Ok((i, Ck::Utf8(utf8)))
+}
+
+fn certificate_type(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("CK_CERTIFICATE_TYPE")(i)?;
+    let (i, _) = space1(i)?;
+    let (i, _) = tag("CKC_X_509")(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    Ok((i, Ck::Empty))
+}
+
+// A CKA_NSS_{EMAIL,SERVER}_DISTRUST_AFTER line in certdata.txt is encoded either as a CK_BBOOL
+// with value CK_FALSE (when there is no distrust after date) or as a MULTILINE_OCTAL block.
+fn distrust_after(i: &str) -> IResult<&str, Ck> {
+    let (i, value) = alt((multiline_octal, bbool_false))(i)?;
+    match value {
+        Ck::Empty => Ok((i, Ck::DistrustAfter(None))),
+        Ck::MultilineOctal(data) => Ok((i, Ck::DistrustAfter(Some(data)))),
+        _ => unreachable!(),
+    }
+}
+
+fn octal_octet(i: &str) -> IResult<&str, &str> {
+    recognize(tuple((
+        tag("\\"),
+        one_of("0123"), // 255 = \377
+        one_of("01234567"),
+        one_of("01234567"),
+    )))(i)
+}
+
+fn multiline_octal(i: &str) -> IResult<&str, Ck> {
+    let (i, _) = tag("MULTILINE_OCTAL")(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    let (i, lines) = recognize(many1(terminated(many1(octal_octet), newline)))(i)?;
+    let (i, _) = tag("END")(i)?;
+    let (i, _) = space0(i)?;
+    let (i, _) = newline(i)?;
+    return Ok((i, Ck::MultilineOctal(lines)));
+}
+
+fn distrust_comment(i: &str) -> IResult<&str, (&str, Ck)> {
+    let (i, comment) = recognize(delimited(
+        alt((
+            tag("# For Email Distrust After: "),
+            tag("# For Server Distrust After: "),
+        )),
+        not_line_ending,
+        newline,
+    ))(i)?;
+    Ok((i, ("DISTRUST_COMMENT", Ck::Comment(comment))))
+}
+
+fn comment(i: &str) -> IResult<&str, (&str, Ck)> {
+    let (i, comment) = recognize(many1(delimited(char('#'), not_line_ending, newline)))(i)?;
+    Ok((i, ("COMMENT", Ck::Comment(comment))))
+}
+
+fn certdata_line(i: &str) -> IResult<&str, (&str, Ck)> {
+    let (i, (attr, value)) = alt((
+        distrust_comment, // must be listed before `comment`
+        comment,
+        separated_pair(tag("CKA_CLASS"), space1, class),
+        separated_pair(tag("CKA_CERTIFICATE_TYPE"), space1, certificate_type),
+        separated_pair(alt((tag("CKA_ID"), tag("CKA_LABEL"))), space1, utf8),
+        separated_pair(
+            alt((
+                tag("CKA_ISSUER"),
+                tag("CKA_CERT_SHA1_HASH"),
+                tag("CKA_CERT_MD5_HASH"),
+                tag("CKA_SERIAL_NUMBER"),
+                tag("CKA_SUBJECT"),
+                tag("CKA_VALUE"),
+            )),
+            space1,
+            multiline_octal,
+        ),
+        separated_pair(
+            alt((
+                tag("CKA_NSS_SERVER_DISTRUST_AFTER"),
+                tag("CKA_NSS_EMAIL_DISTRUST_AFTER"),
+            )),
+            space1,
+            distrust_after,
+        ),
+        separated_pair(
+            alt((
+                tag("CKA_TRUST_EMAIL_PROTECTION"),
+                tag("CKA_TRUST_CODE_SIGNING"),
+                tag("CKA_TRUST_SERVER_AUTH"),
+            )),
+            space1,
+            trust,
+        ),
+        separated_pair(tag("CKA_NSS_MOZILLA_CA_POLICY"), space1, option_bbool),
+        separated_pair(tag("CKA_TOKEN"), space1, bbool_true),
+        separated_pair(
+            alt((
+                tag("CKA_TRUST_STEP_UP_APPROVED"),
+                tag("CKA_PRIVATE"),
+                tag("CKA_MODIFIABLE"),
+            )),
+            space1,
+            bbool_false,
+        ),
+    ))(i)?;
+    Ok((i, (attr, value)))
+}
+
+type Block<'a> = HashMap<&'a str, Ck<'a>>;
+
+fn attr<'a>(block: &'a Block, attr: &str) -> &'a Ck<'a> {
+    block.get(attr).unwrap_or(&Ck::Empty)
+}
+
+fn parse(i: &str) -> IResult<&str, Vec<Block>> {
+    let mut out: Vec<Block> = vec![];
+    let (i, _) = take_until("BEGINDATA\n")(i)?;
+    let (i, _) = tag("BEGINDATA\n")(i)?;
+    let (i, mut raw_blocks) = separated_list0(many1(char('\n')), many1(certdata_line))(i)?;
+    let (i, _) = multispace0(i)?; // allow trailing whitespace
+    if !i.is_empty() {
+        // The first line of i contains an error.
+        let (line, _) = i.split_once('\n').unwrap_or((i, ""));
+        fail::<_, &str, _>(line)?;
+    }
+    for raw_block in raw_blocks.drain(..) {
+        out.push(raw_block.into_iter().collect())
+    }
+    Ok((i, out))
+}
+
+#[derive(Debug)]
+struct PKCS11TypesParseCallbacks;
+
+impl ParseCallbacks for PKCS11TypesParseCallbacks {
+    fn int_macro(&self, _name: &str, _value: i64) -> Option<IntKind> {
+        Some(IntKind::U8)
+    }
+}
+
+// If we encounter a problem parsing certdata.txt we'll try to turn it into a compile time
+// error in builtins.rs. We need to output definitions for ROOT_LIST_LABEL and BUILTINS to
+// cut down on the number of errors the compiler produces.
+macro_rules! emit_build_error {
+    ($out:ident, $err:expr) => {
+        writeln!($out, "std::compile_error!(\"{}\");", $err)?;
+        writeln!($out, "pub static ROOT_LIST_LABEL: [u8; 0] = [];")?;
+        writeln!($out, "pub static BUILTINS: [Root; 0] = [];")?;
+    };
+}
+
+fn main() -> std::io::Result<()> {
+    println!("cargo:rerun-if-changed=../../../nss/lib/ckfw/builtins/certdata.txt");
+    println!("cargo:rerun-if-changed=../../../nss/lib/ckfw/builtins/nssckbi.h");
+
+    let bindings = Builder::default()
+        .header("../../../nss/lib/ckfw/builtins/nssckbi.h")
+        .allowlist_var("NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR")
+        .allowlist_var("NSS_BUILTINS_CRYPTOKI_VERSION_MINOR")
+        .allowlist_var("NSS_BUILTINS_LIBRARY_VERSION_MAJOR")
+        .allowlist_var("NSS_BUILTINS_LIBRARY_VERSION_MINOR")
+        .allowlist_var("NSS_BUILTINS_HARDWARE_VERSION_MAJOR")
+        .allowlist_var("NSS_BUILTINS_HARDWARE_VERSION_MINOR")
+        .allowlist_var("NSS_BUILTINS_FIRMWARE_VERSION_MAJOR")
+        .allowlist_var("NSS_BUILTINS_FIRMWARE_VERSION_MINOR")
+        .parse_callbacks(Box::new(PKCS11TypesParseCallbacks))
+        .generate()
+        .expect("Unable to generate bindings.");
+
+    let out_path = PathBuf::from(env::var("OUT_DIR").expect("OUT_DIR should be set in env."));
+    bindings
+        .write_to_file(out_path.join("version.rs"))
+        .expect("Could not write version.rs.");
+
+    let mut out = BufWriter::new(
+        File::create(out_path.join("builtins.rs")).expect("Could not write builtins.rs."),
+    );
+
+    let input: &str = &std::fs::read_to_string("../../../nss/lib/ckfw/builtins/certdata.txt")
+        .expect("Unable to read certdata.txt.");
+
+    let blocks = match parse(input) {
+        Ok((_, blocks)) => blocks,
+        Err(e) => {
+            let input = match e {
+                nom::Err::Error(nom::error::Error { input, .. }) => input,
+                _ => "Unknown",
+            };
+            emit_build_error!(
+                out,
+                &format!(
+                    "Could not parse certdata.txt. Failed at: \'{}\'\");",
+                    input.escape_debug().to_string().escape_debug()
+                )
+            );
+            return Ok(());
+        }
+    };
+
+    let root_lists: Vec<&Block> = blocks
+        .iter()
+        .filter(|x| attr(x, "CKA_CLASS") == &Ck::Class("CKO_NSS_BUILTIN_ROOT_LIST"))
+        .collect();
+
+    if root_lists.len() != 1 {
+        emit_build_error!(
+            out,
+            "certdata.txt does not define a CKO_NSS_BUILTIN_ROOT_LIST object."
+        );
+        return Ok(());
+    }
+
+    let mut certs: Vec<&Block> = blocks
+        .iter()
+        .filter(|x| attr(x, "CKA_CLASS") == &Ck::Class("CKO_CERTIFICATE"))
+        .collect();
+
+    let trusts: Vec<&Block> = blocks
+        .iter()
+        .filter(|x| attr(x, "CKA_CLASS") == &Ck::Class("CKO_NSS_TRUST"))
+        .collect();
+
+    if certs.len() != trusts.len() {
+        emit_build_error!(
+            out,
+            "certdata.txt has a mismatched number of certificate and trust objects"
+        );
+        return Ok(());
+    }
+
+    // Ensure that every certificate has a CKA_SUBJECT attribute for the sort
+    for (i, cert) in certs.iter().enumerate() {
+        match cert.get("CKA_SUBJECT") {
+            Some(Ck::MultilineOctal(_)) => (),
+            _ => {
+                emit_build_error!(
+                    out,
+                    format!("Certificate {i} in certdata.txt has no CKA_SUBJECT attribute.")
+                );
+                return Ok(());
+            }
+        }
+    }
+
+    certs.sort_by_cached_key(|x| match x.get("CKA_SUBJECT") {
+        Some(Ck::MultilineOctal(data)) => octal_block_to_vec_u8(data),
+        _ => unreachable!(),
+    });
+
+    // Write out arrays for the DER encoded certificate, serial number, and subject of each root.
+    // Since the serial number and the subject are in the DER cert, we don't need to store
+    // additional data for them.
+    for (i, cert) in certs.iter().enumerate() {
+        // Preserve the comment from certdata.txt
+        match attr(cert, "COMMENT") {
+            Ck::Empty => (),
+            comment => write!(out, "{comment}")?,
+        };
+
+        let der = attr(cert, "CKA_VALUE");
+        writeln!(out, "static ROOT_{i}: &[u8] = {der};")?;
+
+        // Search for the serial number and subject in the DER cert. We want to search on the raw
+        // bytes, not the octal presentation, so we have to unpack the enums.
+        let der_data = match der {
+            Ck::MultilineOctal(x) => octal_block_to_vec_u8(x),
+            _ => unreachable!(),
+        };
+        let serial_data = match attr(cert, "CKA_SERIAL_NUMBER") {
+            Ck::MultilineOctal(x) => octal_block_to_vec_u8(x),
+            _ => unreachable!(),
+        };
+        let subject_data = match attr(cert, "CKA_SUBJECT") {
+            Ck::MultilineOctal(x) => octal_block_to_vec_u8(x),
+            _ => unreachable!(),
+        };
+
+        fn need_u16(out: &mut impl Write, attr: &str, what: &str, i: usize) -> std::io::Result<()> {
+            emit_build_error!(
+                out,
+                format!("Certificate {i} in certdata.txt has a {attr} whose {what} doesn't fit in a u8. Time to upgrade to u16 at the expense of size?")
+            );
+            Ok(())
+        }
+
+        let serial_len = serial_data.len();
+        if let Some(serial_offset) = &der_data.windows(serial_len).position(|s| s == serial_data) {
+            if *serial_offset > u8::MAX.into() {
+                return need_u16(&mut out, "CKA_SERIAL_NUMBER", "offset", i);
+            }
+            if serial_len > u8::MAX.into() {
+                return need_u16(&mut out, "CKA_SERIAL_NUMBER", "length", i);
+            }
+            writeln!(
+                out,
+                "const SERIAL_{i}: (u8, u8) = ({serial_offset}, {serial_len});"
+            )?;
+        } else {
+            emit_build_error!(
+                out,
+                format!("Certificate {i} in certdata.txt has a CKA_SERIAL_NUMBER that does not match its CKA_VALUE.")
+            );
+            return Ok(());
+        }
+
+        let subject_len = subject_data.len();
+        if let Some(subject_offset) = &der_data
+            .windows(subject_len)
+            .position(|s| s == subject_data)
+        {
+            if *subject_offset > u8::MAX.into() {
+                return need_u16(&mut out, "CKA_SUBJECT", "offset", i);
+            }
+            if subject_len > u8::MAX.into() {
+                return need_u16(&mut out, "CKA_SUBJECT", "length", i);
+            }
+            writeln!(
+                out,
+                "const SUBJECT_{i}: (u8, u8) = ({subject_offset}, {subject_len});"
+            )?;
+        } else {
+            emit_build_error!(
+                out,
+                format!("Certificate {i} in certdata.txt has a CKA_SUBJECT that does not match its CKA_VALUE.")
+            );
+            return Ok(());
+        }
+    }
+
+    let root_list_label = attr(root_lists[0], "CKA_LABEL");
+    let root_list_label_len = match root_list_label {
+        Ck::Utf8(x) => x.len() + 1,
+        _ => unreachable!(),
+    };
+    writeln!(
+        out,
+        "pub const ROOT_LIST_LABEL: [u8; {root_list_label_len}] = *b{root_list_label};"
+    )?;
+
+    writeln!(out, "pub static BUILTINS: [Root; {}] = [", certs.len())?;
+    for (i, cert) in certs.iter().enumerate() {
+        let subject = attr(cert, "CKA_SUBJECT");
+        let issuer = attr(cert, "CKA_ISSUER");
+        let label = attr(cert, "CKA_LABEL");
+        if !subject.eq(issuer) {
+            writeln!(out, "];")?; // end the definition of BUILTINS
+            let label = format!("{}", label);
+            writeln!(
+                out,
+                "std::compile_error!(\"Certificate with label {} is not self-signed\");",
+                label.escape_debug()
+            )?;
+            return Ok(());
+        }
+        let mozpol = attr(cert, "CKA_NSS_MOZILLA_CA_POLICY");
+        let server_distrust = attr(cert, "CKA_NSS_SERVER_DISTRUST_AFTER");
+        let email_distrust = attr(cert, "CKA_NSS_EMAIL_DISTRUST_AFTER");
+        let matching_trusts: Vec<&&Block> = trusts
+            .iter()
+            .filter(|trust| {
+                (attr(cert, "CKA_ISSUER") == attr(trust, "CKA_ISSUER"))
+                    && (attr(cert, "CKA_SERIAL_NUMBER") == attr(trust, "CKA_SERIAL_NUMBER"))
+            })
+            .collect();
+        if matching_trusts.len() != 1 {
+            writeln!(out, "];")?; // end the definition of BUILTINS
+            let label = format!("{}", label);
+            writeln!(out, "std::compile_error!(\"Could not find unique trust object for {} in certdata.txt\");", label.escape_debug())?;
+            return Ok(());
+        }
+        let trust = *matching_trusts[0];
+        let sha1 = match attr(trust, "CKA_CERT_SHA1_HASH") {
+            Ck::MultilineOctal(x) => octal_block_to_hex_string(x),
+            _ => unreachable!(),
+        };
+        let md5 = match attr(trust, "CKA_CERT_MD5_HASH") {
+            Ck::MultilineOctal(x) => octal_block_to_hex_string(x),
+            _ => unreachable!(),
+        };
+        let server = attr(trust, "CKA_TRUST_SERVER_AUTH");
+        let email = attr(trust, "CKA_TRUST_EMAIL_PROTECTION");
+
+        writeln!(
+            out,
+            "        Root {{
+            label: {label},
+            der_name: SUBJECT_{i},
+            der_serial: SERIAL_{i},
+            der_cert: ROOT_{i},
+            mozilla_ca_policy: {mozpol},
+            server_distrust_after: {server_distrust},
+            email_distrust_after: {email_distrust},
+            sha1: [{sha1}],
+            md5: [{md5}],
+            trust_server: {server},
+            trust_email: {email},
+        }},"
+        )?;
+    }
+    writeln!(out, "];")?;
+
+    let _ = out.flush();
+    Ok(())
+}
diff --git a/security/manager/ssl/builtins/dynamic-library/builtins.symbols b/security/manager/ssl/builtins/dynamic-library/builtins.symbols
new file mode 100644
index 0000000000..562ecea21d
--- /dev/null
+++ b/security/manager/ssl/builtins/dynamic-library/builtins.symbols
@@ -0,0 +1 @@
+C_GetFunctionList
diff --git a/security/manager/ssl/builtins/dynamic-library/moz.build b/security/manager/ssl/builtins/dynamic-library/moz.build
new file mode 100644
index 0000000000..2413a4c441
--- /dev/null
+++ b/security/manager/ssl/builtins/dynamic-library/moz.build
@@ -0,0 +1,38 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+USE_LIBS += ["builtins-static"]
+
+# see notes in ipcclientcerts/dynamic-library/moz.build
+
+if CONFIG["OS_ARCH"] == "Linux" and CONFIG["OS_TARGET"] != "Android":
+    SOURCES += [
+        "stub.cpp",
+    ]
+else:
+    SOURCES += [
+        "stub.c",
+    ]
+
+if CONFIG["OS_TARGET"] == "Android":
+    OS_LIBS += ["m"]
+
+if CONFIG["OS_ARCH"] == "WINNT":
+    OS_LIBS += [
+        "advapi32",
+        "userenv",
+        "ws2_32",
+    ]
+    OS_LIBS += [
+        "bcrypt",
+        "ntdll",
+    ]
+
+
+SharedLibrary("nssckbi")
+
+NoVisibilityFlags()
+SYMBOLS_FILE = "builtins.symbols"
diff --git a/security/manager/ssl/builtins/dynamic-library/stub.c b/security/manager/ssl/builtins/dynamic-library/stub.c
new file mode 100644
index 0000000000..75139c48bf
--- /dev/null
+++ b/security/manager/ssl/builtins/dynamic-library/stub.c
@@ -0,0 +1,27 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+// see notes in ipcclientcerts/dynamic-library/stub.c
+
+CK_RV BUILTINSC_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  return BUILTINSC_GetFunctionList(ppFunctionList);
+}
+
+#ifdef __MINGW32__
+#  include "mozilla/Assertions.h"
+void _Unwind_Resume() { MOZ_CRASH("Unexpected call to _Unwind_*"); }
+void _Unwind_GetDataRelBase() { _Unwind_Resume(); }
+void _Unwind_GetTextRelBase() { _Unwind_Resume(); }
+void _Unwind_GetLanguageSpecificData() { _Unwind_Resume(); }
+void _Unwind_GetIPInfo() { _Unwind_Resume(); }
+void _Unwind_GetRegionStart() { _Unwind_Resume(); }
+void _Unwind_SetGR() { _Unwind_Resume(); }
+void _Unwind_SetIP() { _Unwind_Resume(); }
+void _GCC_specific_handler() { _Unwind_Resume(); }
+#endif
diff --git a/security/manager/ssl/builtins/dynamic-library/stub.cpp b/security/manager/ssl/builtins/dynamic-library/stub.cpp
new file mode 100644
index 0000000000..414f5a68c1
--- /dev/null
+++ b/security/manager/ssl/builtins/dynamic-library/stub.cpp
@@ -0,0 +1,17 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+// see notes in ipcclientcerts/dynamic-library/stub.cpp
+
+extern "C" {
+
+CK_RV BUILTINSC_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  return BUILTINSC_GetFunctionList(ppFunctionList);
+}
+}
diff --git a/security/manager/ssl/builtins/moz.build b/security/manager/ssl/builtins/moz.build
new file mode 100644
index 0000000000..f612798d79
--- /dev/null
+++ b/security/manager/ssl/builtins/moz.build
@@ -0,0 +1,9 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ["dynamic-library"]
+
+RustLibrary("builtins-static")
diff --git a/security/manager/ssl/builtins/src/certdata.rs b/security/manager/ssl/builtins/src/certdata.rs
new file mode 100644
index 0000000000..211abce475
--- /dev/null
+++ b/security/manager/ssl/builtins/src/certdata.rs
@@ -0,0 +1,52 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use pkcs11_bindings::nss::*;
+use pkcs11_bindings::*;
+
+// We need to expand some PKCS#11 / NSS constants as byte arrays for pattern matching and
+// C_GetAttributeValue queries. We use native endianness, because PKCS#11 sits between an
+// application and a device driver that are running on the same machine.
+pub const CKC_X_509_BYTES: &[u8] = &CKC_X_509.to_ne_bytes();
+pub const CKO_CERTIFICATE_BYTES: &[u8] = &CKO_CERTIFICATE.to_ne_bytes();
+pub const CKO_NSS_BUILTIN_ROOT_LIST_BYTES: &[u8] = &CKO_NSS_BUILTIN_ROOT_LIST.to_ne_bytes();
+pub const CKO_NSS_TRUST_BYTES: &[u8] = &CKO_NSS_TRUST.to_ne_bytes();
+pub const CKT_NSS_MUST_VERIFY_TRUST_BYTES: &[u8] = &CKT_NSS_MUST_VERIFY_TRUST.to_ne_bytes();
+pub const CKT_NSS_NOT_TRUSTED_BYTES: &[u8] = &CKT_NSS_NOT_TRUSTED.to_ne_bytes();
+pub const CKT_NSS_TRUSTED_DELEGATOR_BYTES: &[u8] = &CKT_NSS_TRUSTED_DELEGATOR.to_ne_bytes();
+pub const CK_FALSE_BYTES: &[u8] = &CK_FALSE.to_ne_bytes();
+pub const CK_TRUE_BYTES: &[u8] = &CK_TRUE.to_ne_bytes();
+
+#[derive(PartialEq, Eq)]
+pub struct Root {
+    pub label: &'static str,
+    pub der_name: (u8, u8),
+    pub der_serial: (u8, u8),
+    pub der_cert: &'static [u8],
+    pub mozilla_ca_policy: Option<&'static [u8]>,
+    pub server_distrust_after: Option<&'static [u8]>,
+    pub email_distrust_after: Option<&'static [u8]>,
+    pub sha1: [u8; 20],
+    pub md5: [u8; 16],
+    pub trust_server: &'static [u8],
+    pub trust_email: &'static [u8],
+}
+
+impl Root {
+    pub fn der_name(&self) -> &'static [u8] {
+        &self.der_cert[self.der_name.0 as usize..][..self.der_name.1 as usize]
+    }
+    pub fn der_serial(&self) -> &'static [u8] {
+        &self.der_cert[self.der_serial.0 as usize..][..self.der_serial.1 as usize]
+    }
+}
+
+impl PartialOrd for Root {
+    fn partial_cmp(&self, other: &Root) -> Option<std::cmp::Ordering> {
+        self.der_name().partial_cmp(other.der_name())
+    }
+}
+
+include!(concat!(env!("OUT_DIR"), "/builtins.rs"));
diff --git a/security/manager/ssl/builtins/src/internal.rs b/security/manager/ssl/builtins/src/internal.rs
new file mode 100644
index 0000000000..30bd1fcea7
--- /dev/null
+++ b/security/manager/ssl/builtins/src/internal.rs
@@ -0,0 +1,344 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use pkcs11_bindings::nss::*;
+use pkcs11_bindings::*;
+
+use smallvec::SmallVec;
+
+use crate::certdata::*;
+
+// The token stores 2N+1 objects: one NSS root list object, N certificate objects, and N trust
+// objects.
+//
+// Internally, the token identifies each object by its ObjectClass (RootList, Certificate,
+// or Trust) and its index in the list of objects of the same class.
+//
+// The PKCS#11 interface, on the other hand, identifies each object with a unique, non-zero,
+// unsigned long. This ulong is referred to as the object's CK_OBJECT_HANDLE.
+//
+// We're free to choose the mapping between ObjectHandles and CK_OBJECT_HANDLEs. Currently we
+// encode the ObjectClass in the low 2 bits of the CK_OBJECT_HANDLE and the index in the higher
+// bits. We use the values 1, 2, and 3 for ObjectClass to avoid using 0 as a CK_OBJECT_HANDLE.
+//
+#[derive(Clone, Copy)]
+pub enum ObjectClass {
+    RootList = 1,
+    Certificate = 2,
+    Trust = 3,
+}
+
+#[derive(Clone, Copy)]
+pub struct ObjectHandle {
+    class: ObjectClass,
+    index: usize,
+}
+
+impl TryFrom<CK_OBJECT_HANDLE> for ObjectHandle {
+    type Error = ();
+    fn try_from(handle: CK_OBJECT_HANDLE) -> Result<Self, Self::Error> {
+        if let Ok(handle) = usize::try_from(handle) {
+            let index = handle >> 2;
+            let class = match handle & 3 {
+                1 if index == 0 => ObjectClass::RootList,
+                2 if index < BUILTINS.len() => ObjectClass::Certificate,
+                3 if index < BUILTINS.len() => ObjectClass::Trust,
+                _ => return Err(()),
+            };
+            Ok(ObjectHandle { class, index })
+        } else {
+            Err(())
+        }
+    }
+}
+
+impl From<ObjectHandle> for CK_OBJECT_HANDLE {
+    fn from(object_handle: ObjectHandle) -> CK_OBJECT_HANDLE {
+        match CK_OBJECT_HANDLE::try_from(object_handle.index) {
+            Ok(index) => (index << 2) | (object_handle.class as CK_OBJECT_HANDLE),
+            Err(_) => 0,
+        }
+    }
+}
+
+pub fn get_attribute(attribute: CK_ATTRIBUTE_TYPE, object: &ObjectHandle) -> Option<&'static [u8]> {
+    match object.class {
+        ObjectClass::RootList => get_root_list_attribute(attribute),
+        ObjectClass::Certificate => get_cert_attribute(attribute, &BUILTINS[object.index]),
+        ObjectClass::Trust => get_trust_attribute(attribute, &BUILTINS[object.index]),
+    }
+}
+
+// Every attribute that appears in certdata.txt must have a corresponding match arm in one of the
+// get_*_attribute functions.
+//
+fn get_root_list_attribute(attribute: CK_ATTRIBUTE_TYPE) -> Option<&'static [u8]> {
+    match attribute {
+        CKA_CLASS => Some(CKO_NSS_BUILTIN_ROOT_LIST_BYTES),
+        CKA_TOKEN => Some(CK_TRUE_BYTES),
+        CKA_PRIVATE => Some(CK_FALSE_BYTES),
+        CKA_MODIFIABLE => Some(CK_FALSE_BYTES),
+        CKA_LABEL => Some(&ROOT_LIST_LABEL[..]),
+        _ => None,
+    }
+}
+
+fn get_cert_attribute(attribute: CK_ATTRIBUTE_TYPE, cert: &Root) -> Option<&[u8]> {
+    match attribute {
+        CKA_CLASS => Some(CKO_CERTIFICATE_BYTES),
+        CKA_TOKEN => Some(CK_TRUE_BYTES),
+        CKA_PRIVATE => Some(CK_FALSE_BYTES),
+        CKA_MODIFIABLE => Some(CK_FALSE_BYTES),
+        CKA_LABEL => Some(cert.label.as_bytes()),
+        CKA_CERTIFICATE_TYPE => Some(CKC_X_509_BYTES),
+        CKA_SUBJECT => Some(cert.der_name()),
+        CKA_ID => Some(b"0\0"), // null terminated to match C implementation
+        CKA_ISSUER => Some(cert.der_name()),
+        CKA_SERIAL_NUMBER => Some(cert.der_serial()),
+        CKA_VALUE => Some(cert.der_cert),
+        CKA_NSS_MOZILLA_CA_POLICY => cert.mozilla_ca_policy,
+        CKA_NSS_SERVER_DISTRUST_AFTER => cert.server_distrust_after,
+        CKA_NSS_EMAIL_DISTRUST_AFTER => cert.email_distrust_after,
+        _ => None,
+    }
+}
+
+fn get_trust_attribute(attribute: CK_ATTRIBUTE_TYPE, cert: &Root) -> Option<&[u8]> {
+    match attribute {
+        CKA_CLASS => Some(CKO_NSS_TRUST_BYTES),
+        CKA_TOKEN => Some(CK_TRUE_BYTES),
+        CKA_PRIVATE => Some(CK_FALSE_BYTES),
+        CKA_MODIFIABLE => Some(CK_FALSE_BYTES),
+        CKA_LABEL => Some(cert.label.as_bytes()),
+        CKA_CERT_SHA1_HASH => Some(&cert.sha1[..]),
+        CKA_CERT_MD5_HASH => Some(&cert.md5[..]),
+        CKA_ISSUER => Some(cert.der_name()),
+        CKA_SERIAL_NUMBER => Some(cert.der_serial()),
+        CKA_TRUST_STEP_UP_APPROVED => Some(CK_FALSE_BYTES),
+        CKA_TRUST_SERVER_AUTH => Some(cert.trust_server),
+        CKA_TRUST_EMAIL_PROTECTION => Some(cert.trust_email),
+        CKA_TRUST_CODE_SIGNING => Some(CKT_NSS_MUST_VERIFY_TRUST_BYTES),
+        _ => None,
+    }
+}
+
+// A query matches an object if each term matches some attribute of the object. A search result is
+// a list of object handles. Typical queries yield zero or one results, so we optimize for this
+// case.
+//
+pub type Query<'a> = [(CK_ATTRIBUTE_TYPE, &'a [u8])];
+pub type SearchResult = SmallVec<[ObjectHandle; 1]>;
+
+pub fn search(query: &Query) -> SearchResult {
+    // The BUILTINS list is sorted by name. So if the query includes a CKA_SUBJECT or CKA_ISSUER
+    // field we can binary search.
+    for &(attr, value) in query {
+        if attr == CKA_SUBJECT || attr == CKA_ISSUER {
+            return search_by_name(value, query);
+        }
+    }
+
+    let mut results: SearchResult = SearchResult::default();
+
+    // A query with no name term might match the root list object
+    if match_root_list(query) {
+        results.push(ObjectHandle {
+            class: ObjectClass::RootList,
+            index: 0,
+        });
+    }
+
+    // A query with a CKA_CLASS term matches exactly one type of object, and we should avoid
+    // iterating over BUILTINS when CKO_CLASS is neither CKO_CERTIFICATE_BYTES nor
+    // CKO_NSS_TRUST_BYTES.
+    let mut maybe_cert = true;
+    let mut maybe_trust = true;
+    for &(attr, value) in query {
+        if attr == CKA_CLASS {
+            maybe_cert = value.eq(CKO_CERTIFICATE_BYTES);
+            maybe_trust = value.eq(CKO_NSS_TRUST_BYTES);
+            break;
+        }
+    }
+
+    if !(maybe_cert || maybe_trust) {
+        return results; // The root list or nothing.
+    }
+
+    for (index, builtin) in BUILTINS.iter().enumerate() {
+        if maybe_cert && match_cert(query, builtin) {
+            results.push(ObjectHandle {
+                class: ObjectClass::Certificate,
+                index,
+            });
+        }
+        if maybe_trust && match_trust(query, builtin) {
+            results.push(ObjectHandle {
+                class: ObjectClass::Trust,
+                index,
+            });
+        }
+    }
+    results
+}
+
+fn search_by_name(name: &[u8], query: &Query) -> SearchResult {
+    let mut results: SearchResult = SearchResult::default();
+
+    let index = match BUILTINS.binary_search_by_key(&name, |r| r.der_name()) {
+        Ok(index) => index,
+        _ => return results,
+    };
+
+    // binary search returned a matching index, but maybe not the smallest
+    let mut min = index;
+    while min > 0 && name.eq(BUILTINS[min - 1].der_name()) {
+        min -= 1;
+    }
+
+    // ... and maybe not the largest.
+    let mut max = index;
+    while max < BUILTINS.len() - 1 && name.eq(BUILTINS[max + 1].der_name()) {
+        max += 1;
+    }
+
+    for (index, builtin) in BUILTINS.iter().enumerate().take(max + 1).skip(min) {
+        if match_cert(query, builtin) {
+            results.push(ObjectHandle {
+                class: ObjectClass::Certificate,
+                index,
+            });
+        }
+        if match_trust(query, builtin) {
+            results.push(ObjectHandle {
+                class: ObjectClass::Trust,
+                index,
+            });
+        }
+    }
+
+    results
+}
+
+fn match_root_list(query: &Query) -> bool {
+    for &(typ, x) in query {
+        match get_root_list_attribute(typ) {
+            Some(y) if x.eq(y) => (),
+            _ => return false,
+        }
+    }
+    true
+}
+
+fn match_cert(query: &Query, cert: &Root) -> bool {
+    for &(typ, x) in query {
+        match get_cert_attribute(typ, cert) {
+            Some(y) if x.eq(y) => (),
+            _ => return false,
+        }
+    }
+    true
+}
+
+fn match_trust(query: &Query, cert: &Root) -> bool {
+    for &(typ, x) in query {
+        match get_trust_attribute(typ, cert) {
+            Some(y) if x.eq(y) => (),
+            _ => return false,
+        }
+    }
+    true
+}
+
+#[cfg(test)]
+mod internal_tests {
+    use crate::certdata::BUILTINS;
+    use crate::internal::*;
+    use pkcs11_bindings::*;
+
+    // commented out to avoid vendoring x509_parser
+    // fn is_valid_utctime(utctime: &[u8]) -> bool {
+    //     /* TODO: actual validation */
+    //     utctime.len() == 13
+    // }
+    // #[test]
+    // fn test_certdata() {
+    //     for root in BUILTINS {
+    //         // the der_cert field is valid DER
+    //         let parsed_cert = X509Certificate::from_der(root.der_cert);
+    //         assert!(parsed_cert.is_ok());
+
+    //         // the der_cert field has no trailing data
+    //         let (trailing, parsed_cert) = parsed_cert.unwrap();
+    //         assert!(trailing.is_empty());
+
+    //         // the der_serial field matches the encoded serial
+    //         assert!(root.der_serial.len() > 2);
+    //         assert!(root.der_serial[0] == 0x02); // der integer
+    //         assert!(root.der_serial[1] <= 20); // no more than 20 bytes long
+    //         assert!(root.der_serial[1] as usize == root.der_serial.len() - 2);
+    //         assert!(parsed_cert.raw_serial().eq(&root.der_serial[2..]));
+
+    //         // the der_name field matches the encoded subject
+    //         assert!(parsed_cert.subject.as_raw().eq(root.der_name));
+
+    //         // the der_name field matches the encoded issuer
+    //         assert!(parsed_cert.issuer.as_raw().eq(root.der_name));
+
+    //         // The server_distrust_after field is None or a valid UTC time
+    //         if let Some(utctime) = root.server_distrust_after {
+    //             assert!(is_valid_utctime(&utctime));
+    //         }
+
+    //         // The email_distrust_after field is None or a valid UTC time
+    //         if let Some(utctime) = root.email_distrust_after {
+    //             assert!(is_valid_utctime(&utctime));
+    //         }
+
+    //         assert!(
+    //             root.trust_server == CKT_NSS_MUST_VERIFY_TRUST_BYTES
+    //                 || root.trust_server == CKT_NSS_TRUSTED_DELEGATOR_BYTES
+    //                 || root.trust_server == CKT_NSS_NOT_TRUSTED_BYTES
+    //         );
+    //         assert!(
+    //             root.trust_email == CKT_NSS_MUST_VERIFY_TRUST_BYTES
+    //                 || root.trust_email == CKT_NSS_TRUSTED_DELEGATOR_BYTES
+    //                 || root.trust_email == CKT_NSS_NOT_TRUSTED_BYTES
+    //         );
+    //     }
+    // }
+
+    #[test]
+    fn test_builtins_sorted() {
+        for i in 0..(BUILTINS.len() - 1) {
+            assert!(BUILTINS[i].der_name.le(BUILTINS[i + 1].der_name));
+        }
+    }
+
+    #[test]
+    fn test_search() {
+        // search for an element that will not be found
+        let result = search(&[(CKA_TOKEN, &[CK_FALSE])]);
+        assert_eq!(result.len(), 0);
+
+        // search for root list
+        let result = search(&[(CKA_CLASS, CKO_NSS_BUILTIN_ROOT_LIST_BYTES)]);
+        assert!(result.len() == 1);
+
+        // search by name
+        let result = search(&[
+            (CKA_CLASS, CKO_CERTIFICATE_BYTES),
+            (CKA_SUBJECT, BUILTINS[0].der_name),
+        ]);
+        assert!(result.len() >= 1);
+
+        // search by issuer and serial
+        let result = search(&[
+            (CKA_ISSUER, BUILTINS[0].der_name),
+            (CKA_SERIAL_NUMBER, BUILTINS[0].der_serial),
+        ]);
+        assert!(result.len() >= 1);
+    }
+}
diff --git a/security/manager/ssl/builtins/src/lib.rs b/security/manager/ssl/builtins/src/lib.rs
new file mode 100644
index 0000000000..17b05b454d
--- /dev/null
+++ b/security/manager/ssl/builtins/src/lib.rs
@@ -0,0 +1,9 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+mod certdata;
+mod internal;
+mod pkcs11;
+mod version;
diff --git a/security/manager/ssl/builtins/src/pkcs11.rs b/security/manager/ssl/builtins/src/pkcs11.rs
new file mode 100644
index 0000000000..56620f4a68
--- /dev/null
+++ b/security/manager/ssl/builtins/src/pkcs11.rs
@@ -0,0 +1,1227 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#![allow(non_snake_case)]
+
+use pkcs11_bindings::*;
+use std::slice;
+
+use std::collections::btree_map::Entry;
+use std::collections::{BTreeMap, BTreeSet};
+use std::sync::atomic::{AtomicU32, Ordering};
+use std::sync::{Mutex, MutexGuard};
+
+use crate::internal::{get_attribute, search};
+use crate::internal::{ObjectHandle, Query, SearchResult};
+
+use crate::version::*;
+
+const BUILTINS_VERSION: CK_VERSION = CK_VERSION {
+    major: NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
+    minor: NSS_BUILTINS_LIBRARY_VERSION_MINOR,
+};
+
+const FIRMWARE_VERSION: CK_VERSION = CK_VERSION {
+    major: NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
+    minor: NSS_BUILTINS_FIRMWARE_VERSION_MINOR,
+};
+
+const CRYPTOKI_VERSION: CK_VERSION = CK_VERSION {
+    major: NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
+    minor: NSS_BUILTINS_CRYPTOKI_VERSION_MINOR,
+};
+const HARDWARE_VERSION: CK_VERSION = CK_VERSION {
+    major: NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
+    minor: NSS_BUILTINS_HARDWARE_VERSION_MINOR,
+};
+
+const MANUFACTURER_ID_BYTES: &[u8; 32] = b"Mozilla Foundation              ";
+const LIBRARY_DESCRIPTION_BYTES: &[u8; 32] = b"NSS Builtin Object Cryptoki Modu";
+
+const SLOT_COUNT: CK_ULONG = 1;
+const SLOT_ID_ROOTS: CK_SLOT_ID = 1;
+const SLOT_DESCRIPTION_ROOTS_BYTES: &[u8; 64] =
+    b"NSS Builtin Objects                                             ";
+
+const TOKEN_LABEL_ROOTS_BYTES: &[u8; 32] = b"Builtin Object Token            ";
+const TOKEN_MODEL_BYTES: &[u8; 16] = b"1               ";
+const TOKEN_SERIAL_NUMBER_BYTES: &[u8; 16] = b"1               ";
+const TOKEN_UTC_TIME: &[u8; 16] = b"                ";
+
+#[derive(Debug)]
+struct PK11Error(CK_RV);
+
+// The token assigns session handles using a counter. It would make sense to use a 64 bit counter,
+// as there would then be no risk of exhausting the session handle space. However,
+// CK_SESSION_HANDLE is defined as a C unsigned long, which is a u32 on some platforms.
+//
+// We start the counter at 1 since PKCS#11 reserves 0 to signal an invalid handle
+//
+type SessionHandle = u32;
+static NEXT_HANDLE: AtomicU32 = AtomicU32::new(1);
+
+// The token needs to keep track of which sessions are open.
+//
+type SessionSet = BTreeSet<SessionHandle>;
+static OPEN_SESSIONS: Mutex<Option<SessionSet>> = Mutex::new(None);
+
+// Helper functions for accessing OPEN_SESSIONS
+//
+type SessionSetGuard = MutexGuard<'static, Option<SessionSet>>;
+
+fn get_open_sessions_guard() -> Result<SessionSetGuard, PK11Error> {
+    OPEN_SESSIONS
+        .lock()
+        .map_err(|_| PK11Error(CKR_DEVICE_ERROR))
+}
+
+fn get_open_sessions(guard: &mut SessionSetGuard) -> Result<&mut SessionSet, PK11Error> {
+    let sessions = guard
+        .as_mut()
+        .ok_or(PK11Error(CKR_CRYPTOKI_NOT_INITIALIZED))?;
+    Ok(sessions)
+}
+
+// The token needs to cache search results until the client reads them or closes the session.
+//
+type SearchCache = BTreeMap<SessionHandle, SearchResult>;
+static SEARCHES: Mutex<Option<SearchCache>> = Mutex::new(None);
+
+// Helper functions for accessing SEARCHES
+//
+type SearchCacheGuard = MutexGuard<'static, Option<SearchCache>>;
+
+fn get_search_cache_guard() -> Result<SearchCacheGuard, PK11Error> {
+    SEARCHES.lock().map_err(|_| PK11Error(CKR_DEVICE_ERROR))
+}
+
+fn get_search_cache(guard: &mut SearchCacheGuard) -> Result<&mut SearchCache, PK11Error> {
+    let searches = guard
+        .as_mut()
+        .ok_or(PK11Error(CKR_CRYPTOKI_NOT_INITIALIZED))?;
+    Ok(searches)
+}
+
+fn validate_session(handle: SessionHandle) -> Result<(), PK11Error> {
+    let mut guard = get_open_sessions_guard()?;
+    let sessions = get_open_sessions(&mut guard)?;
+    if sessions.contains(&handle) {
+        return Ok(());
+    }
+    if handle < NEXT_HANDLE.load(Ordering::SeqCst) {
+        Err(PK11Error(CKR_SESSION_CLOSED))
+    } else {
+        // Possible that NEXT_HANDLE wrapped and we should return CKR_SESSION_CLOSED.
+        // But this is best-effort.
+        Err(PK11Error(CKR_SESSION_HANDLE_INVALID))
+    }
+}
+
+// The internal implementation of C_Initialize
+fn initialize() -> Result<(), PK11Error> {
+    {
+        let mut search_cache_guard = get_search_cache_guard()?;
+        if (*search_cache_guard).is_some() {
+            return Err(PK11Error(CKR_CRYPTOKI_ALREADY_INITIALIZED));
+        }
+        *search_cache_guard = Some(SearchCache::default());
+    }
+
+    {
+        let mut session_guard = get_open_sessions_guard()?;
+        if (*session_guard).is_some() {
+            return Err(PK11Error(CKR_CRYPTOKI_ALREADY_INITIALIZED));
+        }
+        *session_guard = Some(SessionSet::default());
+    }
+
+    Ok(())
+}
+
+// The internal implementation of C_Finalize
+fn finalize() -> Result<(), PK11Error> {
+    {
+        let mut guard = get_search_cache_guard()?;
+        // Try to access the search cache to ensure we're initialized.
+        // Returns CKR_CRYPTOKI_NOT_INITIALIZED if we're not.
+        let _ = get_search_cache(&mut guard)?;
+        *guard = None;
+    }
+
+    let mut guard = get_open_sessions_guard()?;
+    let _ = get_open_sessions(&mut guard)?;
+    *guard = None;
+
+    Ok(())
+}
+
+// Internal implementation of C_OpenSession
+fn open_session() -> Result<SessionHandle, PK11Error> {
+    let mut handle = NEXT_HANDLE.fetch_add(1, Ordering::SeqCst);
+    if handle == 0 {
+        // skip handle 0 if the addition wraps
+        handle = NEXT_HANDLE.fetch_add(1, Ordering::SeqCst);
+    }
+
+    let mut guard = get_open_sessions_guard()?;
+    let sessions = get_open_sessions(&mut guard)?;
+    while !sessions.insert(handle) {
+        // this only executes if NEXT_HANDLE wraps while sessions with
+        // small handles are still open.
+        handle = NEXT_HANDLE.fetch_add(1, Ordering::SeqCst);
+    }
+
+    Ok(handle)
+}
+
+// Internal implementation of C_CloseSession
+fn close_session(session: SessionHandle) -> Result<(), PK11Error> {
+    {
+        let mut guard = get_search_cache_guard()?;
+        let searches = get_search_cache(&mut guard)?;
+        searches.remove(&session);
+    }
+
+    {
+        let mut guard = get_open_sessions_guard()?;
+        let sessions = get_open_sessions(&mut guard)?;
+        if sessions.remove(&session) {
+            Ok(())
+        } else if session < NEXT_HANDLE.load(Ordering::SeqCst) {
+            Err(PK11Error(CKR_SESSION_CLOSED))
+        } else {
+            Err(PK11Error(CKR_SESSION_HANDLE_INVALID))
+        }
+    }
+}
+
+// Internal implementation of C_CloseAllSessions
+fn close_all_sessions() -> Result<(), PK11Error> {
+    {
+        let mut guard = get_search_cache_guard()?;
+        let searches = get_search_cache(&mut guard)?;
+        searches.clear();
+    }
+
+    {
+        let mut guard = get_open_sessions_guard()?;
+        let sessions = get_open_sessions(&mut guard)?;
+        sessions.clear();
+    }
+
+    Ok(())
+}
+
+// Internal implementation of C_FindObjectsInit
+fn find_objects_init(session: SessionHandle, query: &Query) -> Result<usize, PK11Error> {
+    validate_session(session)?;
+
+    let results = search(query);
+    let count = results.len();
+
+    let mut guard = get_search_cache_guard()?;
+    let searches = get_search_cache(&mut guard)?;
+    match searches.entry(session) {
+        Entry::Occupied(_) => Err(PK11Error(CKR_OPERATION_ACTIVE)),
+        Entry::Vacant(v) => {
+            v.insert(results);
+            Ok(count)
+        }
+    }
+}
+
+// Internal implementation of C_FindObjects
+fn find_objects(session: SessionHandle, out: &mut [CK_OBJECT_HANDLE]) -> Result<usize, PK11Error> {
+    validate_session(session)?;
+
+    let mut guard = get_search_cache_guard()?;
+    let searches = get_search_cache(&mut guard)?;
+    if let Some(objects) = searches.get_mut(&session) {
+        for (i, out_i) in out.iter_mut().enumerate() {
+            match objects.pop() {
+                Some(object) => *out_i = object.into(),
+                None => return Ok(i),
+            }
+        }
+        Ok(out.len())
+    } else {
+        Ok(0)
+    }
+}
+
+// Internal implementation of C_FindObjectsFinal
+fn find_objects_final(session: SessionHandle) -> Result<(), PK11Error> {
+    validate_session(session)?;
+
+    let mut guard = get_search_cache_guard()?;
+    let searches = get_search_cache(&mut guard)?;
+    searches.remove(&session);
+    Ok(())
+}
+
+extern "C" fn C_Initialize(_pInitArgs: CK_VOID_PTR) -> CK_RV {
+    match initialize() {
+        Ok(_) => CKR_OK,
+        Err(PK11Error(e)) => e,
+    }
+}
+
+extern "C" fn C_Finalize(pReserved: CK_VOID_PTR) -> CK_RV {
+    if !pReserved.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    match finalize() {
+        Ok(_) => CKR_OK,
+        Err(PK11Error(e)) => e,
+    }
+}
+
+extern "C" fn C_GetInfo(pInfo: CK_INFO_PTR) -> CK_RV {
+    if pInfo.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    unsafe {
+        *pInfo = CK_INFO {
+            cryptokiVersion: CRYPTOKI_VERSION,
+            manufacturerID: *MANUFACTURER_ID_BYTES,
+            flags: 0,
+            libraryDescription: *LIBRARY_DESCRIPTION_BYTES,
+            libraryVersion: BUILTINS_VERSION,
+        };
+    }
+    CKR_OK
+}
+
+extern "C" fn C_GetSlotList(
+    _tokenPresent: CK_BBOOL,
+    pSlotList: CK_SLOT_ID_PTR,
+    pulCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if pulCount.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    if !pSlotList.is_null() {
+        if unsafe { *pulCount } < SLOT_COUNT {
+            return CKR_BUFFER_TOO_SMALL;
+        }
+        unsafe {
+            *pSlotList = SLOT_ID_ROOTS;
+        }
+    }
+    unsafe {
+        *pulCount = SLOT_COUNT;
+    }
+    CKR_OK
+}
+
+extern "C" fn C_GetSlotInfo(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) -> CK_RV {
+    if (slotID != SLOT_ID_ROOTS) || pInfo.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    unsafe {
+        *pInfo = CK_SLOT_INFO {
+            slotDescription: *SLOT_DESCRIPTION_ROOTS_BYTES,
+            manufacturerID: *MANUFACTURER_ID_BYTES,
+            flags: CKF_TOKEN_PRESENT,
+            hardwareVersion: HARDWARE_VERSION,
+            firmwareVersion: FIRMWARE_VERSION,
+        };
+    }
+    CKR_OK
+}
+
+extern "C" fn C_GetTokenInfo(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) -> CK_RV {
+    if (slotID != SLOT_ID_ROOTS) || pInfo.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    unsafe {
+        *pInfo = CK_TOKEN_INFO {
+            label: *TOKEN_LABEL_ROOTS_BYTES,
+            manufacturerID: *MANUFACTURER_ID_BYTES,
+            model: *TOKEN_MODEL_BYTES,
+            serialNumber: *TOKEN_SERIAL_NUMBER_BYTES,
+            flags: CKF_WRITE_PROTECTED,
+            ulMaxSessionCount: CK_UNAVAILABLE_INFORMATION,
+            ulSessionCount: 0,
+            ulMaxRwSessionCount: CK_UNAVAILABLE_INFORMATION,
+            ulRwSessionCount: 0,
+            ulMaxPinLen: CK_UNAVAILABLE_INFORMATION,
+            ulMinPinLen: CK_UNAVAILABLE_INFORMATION,
+            ulTotalPublicMemory: CK_UNAVAILABLE_INFORMATION,
+            ulFreePublicMemory: CK_UNAVAILABLE_INFORMATION,
+            ulTotalPrivateMemory: CK_UNAVAILABLE_INFORMATION,
+            ulFreePrivateMemory: CK_UNAVAILABLE_INFORMATION,
+            hardwareVersion: HARDWARE_VERSION,
+            firmwareVersion: FIRMWARE_VERSION,
+            utcTime: *TOKEN_UTC_TIME,
+        };
+    }
+    CKR_OK
+}
+
+extern "C" fn C_GetMechanismList(
+    slotID: CK_SLOT_ID,
+    _pMechanismList: CK_MECHANISM_TYPE_PTR,
+    pulCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if slotID != SLOT_ID_ROOTS || pulCount.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    unsafe {
+        *pulCount = 0;
+    }
+    CKR_OK
+}
+
+extern "C" fn C_GetMechanismInfo(
+    _slotID: CK_SLOT_ID,
+    _type: CK_MECHANISM_TYPE,
+    _pInfo: CK_MECHANISM_INFO_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_InitToken(
+    _slotID: CK_SLOT_ID,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+    _pLabel: CK_UTF8CHAR_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_InitPIN(
+    _hSession: CK_SESSION_HANDLE,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SetPIN(
+    _hSession: CK_SESSION_HANDLE,
+    _pOldPin: CK_UTF8CHAR_PTR,
+    _ulOldLen: CK_ULONG,
+    _pNewPin: CK_UTF8CHAR_PTR,
+    _ulNewLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_OpenSession(
+    slotID: CK_SLOT_ID,
+    flags: CK_FLAGS,
+    _pApplication: CK_VOID_PTR,
+    _Notify: CK_NOTIFY,
+    phSession: CK_SESSION_HANDLE_PTR,
+) -> CK_RV {
+    if slotID != SLOT_ID_ROOTS || phSession.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    // [pkcs11-base-v3.0, Section 5.6.1]
+    // For legacy reasons, the CKF_SERIAL_SESSION bit MUST always be set; if a call to
+    // C_OpenSession does not have this bit set, the call should return unsuccessfully with the
+    // error code CKR_SESSION_PARALLEL_NOT_SUPPORTED.
+    if flags & CKF_SERIAL_SESSION == 0 {
+        return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
+    }
+    let session_id = match open_session() {
+        Ok(session_id) => session_id as CK_SESSION_HANDLE,
+        Err(PK11Error(e)) => return e,
+    };
+    unsafe { *phSession = session_id };
+    CKR_OK
+}
+
+extern "C" fn C_CloseSession(hSession: CK_SESSION_HANDLE) -> CK_RV {
+    let session: SessionHandle = match hSession.try_into() {
+        Ok(session) => session,
+        Err(_) => return CKR_SESSION_HANDLE_INVALID,
+    };
+    match close_session(session) {
+        Ok(_) => CKR_OK,
+        Err(PK11Error(e)) => e,
+    }
+}
+
+extern "C" fn C_CloseAllSessions(slotID: CK_SLOT_ID) -> CK_RV {
+    if slotID != SLOT_ID_ROOTS {
+        return CKR_ARGUMENTS_BAD;
+    }
+    match close_all_sessions() {
+        Ok(_) => CKR_OK,
+        Err(PK11Error(e)) => e,
+    }
+}
+
+extern "C" fn C_GetSessionInfo(_hSession: CK_SESSION_HANDLE, _pInfo: CK_SESSION_INFO_PTR) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetOperationState(
+    _hSession: CK_SESSION_HANDLE,
+    _pOperationState: CK_BYTE_PTR,
+    _pulOperationStateLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SetOperationState(
+    _hSession: CK_SESSION_HANDLE,
+    _pOperationState: CK_BYTE_PTR,
+    _ulOperationStateLen: CK_ULONG,
+    _hEncryptionKey: CK_OBJECT_HANDLE,
+    _hAuthenticationKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Login(
+    _hSession: CK_SESSION_HANDLE,
+    _userType: CK_USER_TYPE,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Logout(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    CKR_OK
+}
+
+extern "C" fn C_CreateObject(
+    _hSession: CK_SESSION_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phObject: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_CopyObject(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phNewObject: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DestroyObject(_hSession: CK_SESSION_HANDLE, _hObject: CK_OBJECT_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetObjectSize(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pulSize: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetAttributeValue(
+    _hSession: CK_SESSION_HANDLE,
+    hObject: CK_OBJECT_HANDLE,
+    pTemplate: CK_ATTRIBUTE_PTR,
+    ulCount: CK_ULONG,
+) -> CK_RV {
+    if pTemplate.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    let count: usize = match ulCount.try_into() {
+        Ok(count) => count,
+        Err(_) => return CKR_ARGUMENTS_BAD,
+    };
+
+    // C_GetAttributeValue has a session handle parameter because PKCS#11 objects can have
+    // session-bound lifetimes and access controls. We don't have any session objects, and all of
+    // our token objects are public. So there's no good reason to validate the session handle.
+    //
+    //let session: SessionHandle = match hSession.try_into() {
+    //    Ok(session) => session,
+    //    Err(_) => return CKR_SESSION_HANDLE_INVALID,
+    //};
+    //
+    //if let Err(PK11Error(e)) = validate_session(session) {
+    //    return e;
+    //}
+
+    let handle: ObjectHandle = match hObject.try_into() {
+        Ok(handle) => handle,
+        Err(_) => return CKR_OBJECT_HANDLE_INVALID,
+    };
+
+    let attrs: &mut [CK_ATTRIBUTE] = unsafe { slice::from_raw_parts_mut(pTemplate, count) };
+
+    let mut rv = CKR_OK;
+
+    // Handle requests with null pValue fields
+    for attr in attrs.iter_mut().filter(|x| x.pValue.is_null()) {
+        attr.ulValueLen = match get_attribute(attr.type_, &handle) {
+            None => {
+                // [pkcs11-base-v3.0, Section 5.7.5]
+                // 2. [...] if the specified value for the object is invalid (the object does not possess
+                //    such an attribute), then the ulValueLen field in that triple is modified to hold the
+                //    value CK_UNAVAILABLE_INFORMATION.
+                rv = CKR_ATTRIBUTE_TYPE_INVALID;
+                CK_UNAVAILABLE_INFORMATION
+            }
+            Some(attr) => {
+                // [pkcs11-base-v3.0, Section 5.7.5]
+                // 3. [...] if the pValue field has the value NULL_PTR, then the ulValueLen field is modified
+                //    to hold the exact length of the specified attribute for the object.
+                attr.len() as CK_ULONG
+            }
+        }
+    }
+
+    // Handle requests with non-null pValue fields
+    for attr in attrs.iter_mut().filter(|x| !x.pValue.is_null()) {
+        let dst_len: usize = match attr.ulValueLen.try_into() {
+            Ok(dst_len) => dst_len,
+            Err(_) => return CKR_ARGUMENTS_BAD,
+        };
+        attr.ulValueLen = match get_attribute(attr.type_, &handle) {
+            None => {
+                // [pkcs11-base-v3.0, Section 5.7.5]
+                // 2. [...] if the specified value for the object is invalid (the object does not possess
+                //    such an attribute), then the ulValueLen field in that triple is modified to hold the
+                //    value CK_UNAVAILABLE_INFORMATION.
+                rv = CKR_ATTRIBUTE_TYPE_INVALID;
+                CK_UNAVAILABLE_INFORMATION
+            }
+            Some(src) if dst_len >= src.len() => {
+                // [pkcs11-base-v3.0, Section 5.7.5]
+                // 4. [...] if the length specified in ulValueLen is large enough to hold the value
+                //    of the specified attribute for the object, then that attribute is copied into
+                //    the buffer located at pValue, and the ulValueLen field is modified to hold
+                //    the exact length of the attribute.
+                let dst: &mut [u8] =
+                    unsafe { slice::from_raw_parts_mut(attr.pValue as *mut u8, dst_len) };
+                dst[..src.len()].copy_from_slice(src);
+                src.len() as CK_ULONG
+            }
+            _ => {
+                // [pkcs11-base-v3.0, Section 5.7.5]
+                // 5. Otherwise, the ulValueLen field is modified to hold the value
+                //    CK_UNAVAILABLE_INFORMATION.
+                rv = CKR_BUFFER_TOO_SMALL;
+                CK_UNAVAILABLE_INFORMATION
+            }
+        };
+    }
+
+    // [pkcs11-base-v3.0, Section 5.7.5]
+    // If case 2 applies to any of the requested attributes, then the call should return the value
+    // CKR_ATTRIBUTE_TYPE_INVALID.  If case 5 applies to any of the requested attributes, then the
+    // call should return the value CKR_BUFFER_TOO_SMALL.  As usual, if more than one of these
+    // error codes is applicable, Cryptoki may return any of them.  Only if none of them applies to
+    // any of the requested attributes will CKR_OK be returned.
+    rv
+}
+
+extern "C" fn C_SetAttributeValue(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_FindObjectsInit(
+    hSession: CK_SESSION_HANDLE,
+    pTemplate: CK_ATTRIBUTE_PTR,
+    ulCount: CK_ULONG,
+) -> CK_RV {
+    if pTemplate.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let count: usize = match ulCount.try_into() {
+        Ok(count) => count,
+        Err(_) => return CKR_ARGUMENTS_BAD,
+    };
+    let session: SessionHandle = match hSession.try_into() {
+        Ok(session) => session,
+        Err(_) => return CKR_SESSION_HANDLE_INVALID,
+    };
+
+    let raw_attrs: &[CK_ATTRIBUTE] = unsafe { slice::from_raw_parts_mut(pTemplate, count) };
+
+    let mut query: Vec<(CK_ATTRIBUTE_TYPE, &[u8])> = Vec::with_capacity(raw_attrs.len());
+    for attr in raw_attrs {
+        match usize::try_from(attr.ulValueLen) {
+            Ok(len) => query.push((attr.type_, unsafe {
+                slice::from_raw_parts_mut(attr.pValue as *mut u8, len)
+            })),
+            Err(_) => return CKR_ARGUMENTS_BAD,
+        }
+    }
+
+    match find_objects_init(session, &query) {
+        Ok(_) => CKR_OK,
+        Err(PK11Error(e)) => e,
+    }
+}
+
+extern "C" fn C_FindObjects(
+    hSession: CK_SESSION_HANDLE,
+    phObject: CK_OBJECT_HANDLE_PTR,
+    ulMaxObjectCount: CK_ULONG,
+    pulObjectCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if phObject.is_null() || pulObjectCount.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let max_object_count: usize = match ulMaxObjectCount.try_into() {
+        Ok(max_object_count) => max_object_count,
+        Err(_) => return CKR_ARGUMENTS_BAD,
+    };
+    let session: SessionHandle = match hSession.try_into() {
+        Ok(session) => session,
+        Err(_) => return CKR_SESSION_HANDLE_INVALID,
+    };
+    let out: &mut [CK_OBJECT_HANDLE] =
+        unsafe { slice::from_raw_parts_mut(phObject, max_object_count) };
+    match find_objects(session, out) {
+        Ok(num_found) => {
+            unsafe { *pulObjectCount = num_found as CK_ULONG };
+            CKR_OK
+        }
+        Err(PK11Error(e)) => e,
+    }
+}
+
+extern "C" fn C_FindObjectsFinal(hSession: CK_SESSION_HANDLE) -> CK_RV {
+    let session: SessionHandle = match hSession.try_into() {
+        Ok(session) => session,
+        Err(_) => return CKR_SESSION_HANDLE_INVALID,
+    };
+    match find_objects_final(session) {
+        Ok(()) => CKR_OK,
+        Err(PK11Error(e)) => e,
+    }
+}
+
+extern "C" fn C_EncryptInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Encrypt(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pEncryptedData: CK_BYTE_PTR,
+    _pulEncryptedDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_EncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_EncryptFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pLastEncryptedPart: CK_BYTE_PTR,
+    _pulLastEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Decrypt(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedData: CK_BYTE_PTR,
+    _ulEncryptedDataLen: CK_ULONG,
+    _pData: CK_BYTE_PTR,
+    _pulDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pLastPart: CK_BYTE_PTR,
+    _pulLastPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestInit(_hSession: CK_SESSION_HANDLE, _pMechanism: CK_MECHANISM_PTR) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Digest(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pDigest: CK_BYTE_PTR,
+    _pulDigestLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestKey(_hSession: CK_SESSION_HANDLE, _hKey: CK_OBJECT_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pDigest: CK_BYTE_PTR,
+    _pulDigestLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Sign(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pSignature: CK_BYTE_PTR,
+    _pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignRecoverInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignRecover(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pSignature: CK_BYTE_PTR,
+    _pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Verify(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyRecoverInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyRecover(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+    _pData: CK_BYTE_PTR,
+    _pulDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestEncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptDigestUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignEncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptVerifyUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateKeyPair(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _pPublicKeyTemplate: CK_ATTRIBUTE_PTR,
+    _ulPublicKeyAttributeCount: CK_ULONG,
+    _pPrivateKeyTemplate: CK_ATTRIBUTE_PTR,
+    _ulPrivateKeyAttributeCount: CK_ULONG,
+    _phPublicKey: CK_OBJECT_HANDLE_PTR,
+    _phPrivateKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_WrapKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hWrappingKey: CK_OBJECT_HANDLE,
+    _hKey: CK_OBJECT_HANDLE,
+    _pWrappedKey: CK_BYTE_PTR,
+    _pulWrappedKeyLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_UnwrapKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hUnwrappingKey: CK_OBJECT_HANDLE,
+    _pWrappedKey: CK_BYTE_PTR,
+    _ulWrappedKeyLen: CK_ULONG,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulAttributeCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DeriveKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hBaseKey: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulAttributeCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SeedRandom(
+    _hSession: CK_SESSION_HANDLE,
+    _pSeed: CK_BYTE_PTR,
+    _ulSeedLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateRandom(
+    _hSession: CK_SESSION_HANDLE,
+    _RandomData: CK_BYTE_PTR,
+    _ulRandomLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetFunctionStatus(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_CancelFunction(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_WaitForSlotEvent(
+    _flags: CK_FLAGS,
+    _pSlot: CK_SLOT_ID_PTR,
+    _pRserved: CK_VOID_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+pub static mut FUNCTION_LIST: CK_FUNCTION_LIST = CK_FUNCTION_LIST {
+    version: CRYPTOKI_VERSION,
+    C_Initialize: Some(C_Initialize),
+    C_Finalize: Some(C_Finalize),
+    C_GetInfo: Some(C_GetInfo),
+    C_GetFunctionList: None,
+    C_GetSlotList: Some(C_GetSlotList),
+    C_GetSlotInfo: Some(C_GetSlotInfo),
+    C_GetTokenInfo: Some(C_GetTokenInfo),
+    C_GetMechanismList: Some(C_GetMechanismList),
+    C_GetMechanismInfo: Some(C_GetMechanismInfo),
+    C_InitToken: Some(C_InitToken),
+    C_InitPIN: Some(C_InitPIN),
+    C_SetPIN: Some(C_SetPIN),
+    C_OpenSession: Some(C_OpenSession),
+    C_CloseSession: Some(C_CloseSession),
+    C_CloseAllSessions: Some(C_CloseAllSessions),
+    C_GetSessionInfo: Some(C_GetSessionInfo),
+    C_GetOperationState: Some(C_GetOperationState),
+    C_SetOperationState: Some(C_SetOperationState),
+    C_Login: Some(C_Login),
+    C_Logout: Some(C_Logout),
+    C_CreateObject: Some(C_CreateObject),
+    C_CopyObject: Some(C_CopyObject),
+    C_DestroyObject: Some(C_DestroyObject),
+    C_GetObjectSize: Some(C_GetObjectSize),
+    C_GetAttributeValue: Some(C_GetAttributeValue),
+    C_SetAttributeValue: Some(C_SetAttributeValue),
+    C_FindObjectsInit: Some(C_FindObjectsInit),
+    C_FindObjects: Some(C_FindObjects),
+    C_FindObjectsFinal: Some(C_FindObjectsFinal),
+    C_EncryptInit: Some(C_EncryptInit),
+    C_Encrypt: Some(C_Encrypt),
+    C_EncryptUpdate: Some(C_EncryptUpdate),
+    C_EncryptFinal: Some(C_EncryptFinal),
+    C_DecryptInit: Some(C_DecryptInit),
+    C_Decrypt: Some(C_Decrypt),
+    C_DecryptUpdate: Some(C_DecryptUpdate),
+    C_DecryptFinal: Some(C_DecryptFinal),
+    C_DigestInit: Some(C_DigestInit),
+    C_Digest: Some(C_Digest),
+    C_DigestUpdate: Some(C_DigestUpdate),
+    C_DigestKey: Some(C_DigestKey),
+    C_DigestFinal: Some(C_DigestFinal),
+    C_SignInit: Some(C_SignInit),
+    C_Sign: Some(C_Sign),
+    C_SignUpdate: Some(C_SignUpdate),
+    C_SignFinal: Some(C_SignFinal),
+    C_SignRecoverInit: Some(C_SignRecoverInit),
+    C_SignRecover: Some(C_SignRecover),
+    C_VerifyInit: Some(C_VerifyInit),
+    C_Verify: Some(C_Verify),
+    C_VerifyUpdate: Some(C_VerifyUpdate),
+    C_VerifyFinal: Some(C_VerifyFinal),
+    C_VerifyRecoverInit: Some(C_VerifyRecoverInit),
+    C_VerifyRecover: Some(C_VerifyRecover),
+    C_DigestEncryptUpdate: Some(C_DigestEncryptUpdate),
+    C_DecryptDigestUpdate: Some(C_DecryptDigestUpdate),
+    C_SignEncryptUpdate: Some(C_SignEncryptUpdate),
+    C_DecryptVerifyUpdate: Some(C_DecryptVerifyUpdate),
+    C_GenerateKey: Some(C_GenerateKey),
+    C_GenerateKeyPair: Some(C_GenerateKeyPair),
+    C_WrapKey: Some(C_WrapKey),
+    C_UnwrapKey: Some(C_UnwrapKey),
+    C_DeriveKey: Some(C_DeriveKey),
+    C_SeedRandom: Some(C_SeedRandom),
+    C_GenerateRandom: Some(C_GenerateRandom),
+    C_GetFunctionStatus: Some(C_GetFunctionStatus),
+    C_CancelFunction: Some(C_CancelFunction),
+    C_WaitForSlotEvent: Some(C_WaitForSlotEvent),
+};
+
+#[no_mangle]
+pub unsafe fn BUILTINSC_GetFunctionList(ppFunctionList: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV {
+    if ppFunctionList.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    *ppFunctionList = &mut FUNCTION_LIST;
+    CKR_OK
+}
+
+#[cfg(test)]
+mod pkcs11_tests {
+    use crate::certdata::*;
+    use crate::internal::*;
+    use crate::pkcs11::*;
+
+    #[test]
+    fn test_main() {
+        // We need to run tests serially because of C_Initialize / C_Finalize calls.
+        test_simple();
+        test_c_get_function_list();
+        test_c_get_attribute();
+    }
+
+    fn test_simple() {
+        let query = &[(CKA_CLASS, CKO_CERTIFICATE_BYTES)];
+        initialize().expect("initialize should not fail.");
+        let hSession = open_session().expect("open_session should not fail.");
+        let count = find_objects_init(hSession, query).expect("find_objects_init should not fail.");
+        assert_eq!(count, BUILTINS.len());
+        let mut results: [CK_OBJECT_HANDLE; 10] = [0; 10];
+        let n_read =
+            find_objects(hSession, &mut results).expect("find_objects_init should not fail.");
+        assert_eq!(n_read, 10);
+        finalize().expect("finalize should not fail.");
+    }
+
+    fn test_c_get_function_list() {
+        let c_null = 0 as *mut std::ffi::c_void;
+        let mut pFunctionList: CK_FUNCTION_LIST_PTR = c_null as CK_FUNCTION_LIST_PTR;
+        let rv = unsafe { crate::pkcs11::BUILTINSC_GetFunctionList(&mut pFunctionList) };
+        assert_eq!(CKR_OK, rv);
+        if let Some(pC_Initialize) = unsafe { (*pFunctionList).C_Initialize } {
+            let rv = unsafe { pC_Initialize(c_null) };
+            assert_eq!(CKR_OK, rv);
+        } else {
+            assert!(false);
+        }
+
+        if let Some(pC_Finalize) = unsafe { (*pFunctionList).C_Finalize } {
+            let rv = unsafe { pC_Finalize(c_null) };
+            assert_eq!(CKR_OK, rv);
+        } else {
+            assert!(false);
+        }
+    }
+
+    fn test_c_get_attribute() {
+        let c_null = 0 as *mut std::ffi::c_void;
+        let template: &mut [CK_ATTRIBUTE] = &mut [CK_ATTRIBUTE {
+            type_: CKA_SUBJECT,
+            pValue: c_null,
+            ulValueLen: 0,
+        }];
+        let template_ptr = &mut template[0] as CK_ATTRIBUTE_PTR;
+        let object: CK_OBJECT_HANDLE = 2;
+        let mut session: CK_SESSION_HANDLE = 0;
+        assert_eq!(CKR_OK, C_Initialize(c_null));
+        assert_eq!(
+            CKR_OK,
+            C_OpenSession(
+                SLOT_ID_ROOTS,
+                CKF_SERIAL_SESSION,
+                c_null,
+                None,
+                &mut session as *mut CK_SESSION_HANDLE
+            )
+        );
+        assert_eq!(
+            CKR_OK,
+            C_GetAttributeValue(session, object, template_ptr, 1)
+        );
+        let len = template[0].ulValueLen as usize;
+        assert_eq!(len, BUILTINS[0].der_name.len());
+
+        let value: &mut [u8] = &mut vec![0; 1];
+        let value_ptr: *mut u8 = &mut value[0] as *mut u8;
+        template[0].pValue = value_ptr as *mut std::ffi::c_void;
+        template[0].ulValueLen = 1;
+        assert_eq!(
+            CKR_BUFFER_TOO_SMALL,
+            C_GetAttributeValue(session, object, template_ptr, 1)
+        );
+        assert_eq!(template[0].ulValueLen, CK_UNAVAILABLE_INFORMATION);
+
+        let value: &mut [u8] = &mut vec![0; len];
+        let value_ptr: *mut u8 = &mut value[0] as *mut u8;
+        template[0].pValue = value_ptr as *mut std::ffi::c_void;
+        template[0].ulValueLen = len as CK_ULONG;
+        assert_eq!(
+            CKR_OK,
+            C_GetAttributeValue(session, object, template_ptr, 1)
+        );
+        assert_eq!(value, BUILTINS[0].der_name);
+        assert_eq!(CKR_OK, C_Finalize(c_null));
+    }
+}
diff --git a/security/manager/ssl/builtins/src/version.rs b/security/manager/ssl/builtins/src/version.rs
new file mode 100644
index 0000000000..f4fc63711d
--- /dev/null
+++ b/security/manager/ssl/builtins/src/version.rs
@@ -0,0 +1,6 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include!(concat!(env!("OUT_DIR"), "/version.rs"));
diff --git a/security/manager/ssl/cert_storage/Cargo.toml b/security/manager/ssl/cert_storage/Cargo.toml
new file mode 100644
index 0000000000..e8b4690421
--- /dev/null
+++ b/security/manager/ssl/cert_storage/Cargo.toml
@@ -0,0 +1,24 @@
+[package]
+name = "cert_storage"
+version = "0.0.1"
+authors = ["Dana Keeler <dkeeler@mozilla.com>", "Mark Goodwin <mgoodwin@mozilla.com"]
+license = "MPL-2.0"
+
+[dependencies]
+base64 = "0.21.0"
+byteorder = "1.2.7"
+crossbeam-utils = "0.8"
+cstr = "0.2"
+log = "0.4"
+moz_task = { path = "../../../../xpcom/rust/moz_task" }
+nserror = { path = "../../../../xpcom/rust/nserror" }
+nsstring = { path = "../../../../xpcom/rust/nsstring" }
+rkv = { version = "0.18", default-features = false }
+rust_cascade = "1.4.0"
+sha2 = "0.10.2"
+storage_variant = { path = "../../../../storage/variant" }
+tempfile = "3"
+thin-vec = { version = "0.2.1", features = ["gecko-ffi"] }
+time = "0.1"
+xpcom = { path = "../../../../xpcom/rust/xpcom" }
+wr_malloc_size_of = { path = "../../../../gfx/wr/wr_malloc_size_of" }
diff --git a/security/manager/ssl/cert_storage/src/cert_storage.h b/security/manager/ssl/cert_storage/src/cert_storage.h
new file mode 100644
index 0000000000..e420067b03
--- /dev/null
+++ b/security/manager/ssl/cert_storage/src/cert_storage.h
@@ -0,0 +1,24 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _cert_storage_h_
+#define _cert_storage_h_
+
+#include "nsISupportsUtils.h"  // for nsresult, etc.
+
+// {16e5c837-f877-4e23-9c64-eddf905e30e6}
+#define NS_CERT_STORAGE_CID                          \
+  {                                                  \
+    0x16e5c837, 0xf877, 0x4e23, {                    \
+      0x9c, 0x64, 0xed, 0xdf, 0x90, 0x5e, 0x30, 0xe6 \
+    }                                                \
+  }
+
+extern "C" {
+nsresult cert_storage_constructor(REFNSIID iid, void** result);
+};
+
+#endif  // _cert_storage_h_
diff --git a/security/manager/ssl/cert_storage/src/lib.rs b/security/manager/ssl/cert_storage/src/lib.rs
new file mode 100644
index 0000000000..71c966fa4c
--- /dev/null
+++ b/security/manager/ssl/cert_storage/src/lib.rs
@@ -0,0 +1,1807 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+extern crate base64;
+extern crate byteorder;
+extern crate crossbeam_utils;
+#[macro_use]
+extern crate cstr;
+#[macro_use]
+extern crate log;
+extern crate moz_task;
+extern crate nserror;
+extern crate nsstring;
+extern crate rkv;
+extern crate rust_cascade;
+extern crate sha2;
+extern crate thin_vec;
+extern crate time;
+#[macro_use]
+extern crate xpcom;
+extern crate storage_variant;
+extern crate tempfile;
+
+extern crate wr_malloc_size_of;
+use wr_malloc_size_of as malloc_size_of;
+
+use base64::prelude::*;
+use byteorder::{LittleEndian, NetworkEndian, ReadBytesExt, WriteBytesExt};
+use crossbeam_utils::atomic::AtomicCell;
+use malloc_size_of::{MallocSizeOf, MallocSizeOfOps};
+use moz_task::{create_background_task_queue, is_main_thread, Task, TaskRunnable};
+use nserror::{
+    nsresult, NS_ERROR_FAILURE, NS_ERROR_NOT_SAME_THREAD, NS_ERROR_NULL_POINTER,
+    NS_ERROR_UNEXPECTED, NS_OK,
+};
+use nsstring::{nsACString, nsCStr, nsCString, nsString};
+use rkv::backend::{BackendEnvironmentBuilder, SafeMode, SafeModeDatabase, SafeModeEnvironment};
+use rkv::{StoreError, StoreOptions, Value};
+use rust_cascade::Cascade;
+use sha2::{Digest, Sha256};
+use std::collections::{HashMap, HashSet};
+use std::ffi::CString;
+use std::fmt::Display;
+use std::fs::{create_dir_all, remove_file, File, OpenOptions};
+use std::io::{BufRead, BufReader, Read, Write};
+use std::mem::size_of;
+use std::path::{Path, PathBuf};
+use std::str;
+use std::sync::{Arc, RwLock};
+use std::time::{SystemTime, UNIX_EPOCH};
+use storage_variant::VariantType;
+use thin_vec::ThinVec;
+use xpcom::interfaces::{
+    nsICRLiteCoverage, nsICRLiteTimestamp, nsICertInfo, nsICertStorage, nsICertStorageCallback,
+    nsIFile, nsIHandleReportCallback, nsIIssuerAndSerialRevocationState, nsIMemoryReporter,
+    nsIMemoryReporterManager, nsIProperties, nsIRevocationState, nsISerialEventTarget,
+    nsISubjectAndPubKeyRevocationState, nsISupports,
+};
+use xpcom::{nsIID, GetterAddrefs, RefPtr, ThreadBoundRefPtr, XpCom};
+
+const PREFIX_REV_IS: &str = "is";
+const PREFIX_REV_SPK: &str = "spk";
+const PREFIX_SUBJECT: &str = "subject";
+const PREFIX_CERT: &str = "cert";
+const PREFIX_DATA_TYPE: &str = "datatype";
+
+const LAST_CRLITE_UPDATE_KEY: &str = "last_crlite_update";
+
+const COVERAGE_SERIALIZATION_VERSION: u8 = 1;
+const COVERAGE_V1_ENTRY_BYTES: usize = 48;
+
+const ENROLLMENT_SERIALIZATION_VERSION: u8 = 1;
+const ENROLLMENT_V1_ENTRY_BYTES: usize = 32;
+
+type Rkv = rkv::Rkv<SafeModeEnvironment>;
+type SingleStore = rkv::SingleStore<SafeModeDatabase>;
+
+macro_rules! make_key {
+    ( $prefix:expr, $( $part:expr ),+ ) => {
+        {
+            let mut key = $prefix.as_bytes().to_owned();
+            $( key.extend_from_slice($part); )+
+            key
+        }
+    }
+}
+
+#[allow(non_camel_case_types, non_snake_case)]
+
+/// `SecurityStateError` is a type to represent errors in accessing or
+/// modifying security state.
+#[derive(Debug)]
+struct SecurityStateError {
+    message: String,
+}
+
+impl<T: Display> From<T> for SecurityStateError {
+    /// Creates a new instance of `SecurityStateError` from something that
+    /// implements the `Display` trait.
+    fn from(err: T) -> SecurityStateError {
+        SecurityStateError {
+            message: format!("{}", err),
+        }
+    }
+}
+
+struct EnvAndStore {
+    env: Rkv,
+    store: SingleStore,
+}
+
+impl MallocSizeOf for EnvAndStore {
+    fn size_of(&self, _ops: &mut MallocSizeOfOps) -> usize {
+        self.env
+            .read()
+            .and_then(|reader| {
+                let iter = self.store.iter_start(&reader)?.into_iter();
+                Ok(iter
+                    .map(|r| {
+                        r.map(|(k, v)| k.len() + v.serialized_size().unwrap_or(0) as usize)
+                            .unwrap_or(0)
+                    })
+                    .sum())
+            })
+            .unwrap_or(0)
+    }
+}
+
+/// `SecurityState`
+struct SecurityState {
+    profile_path: PathBuf,
+    env_and_store: Option<EnvAndStore>,
+    crlite_filter: Option<Cascade>,
+    /// Maps issuer spki hashes to sets of serial numbers.
+    crlite_stash: Option<HashMap<Vec<u8>, HashSet<Vec<u8>>>>,
+    /// Maps an RFC 6962 LogID to a pair of 64 bit unix timestamps
+    crlite_coverage: Option<HashMap<Vec<u8>, (u64, u64)>>,
+    /// Set of `SHA256(subject || spki)` values for enrolled issuers
+    crlite_enrollment: Option<HashSet<Vec<u8>>>,
+    /// Tracks the number of asynchronous operations which have been dispatched but not completed.
+    remaining_ops: i32,
+}
+
+impl SecurityState {
+    pub fn new(profile_path: PathBuf) -> SecurityState {
+        // Since this gets called on the main thread, we don't actually want to open the DB yet.
+        // We do this on-demand later, when we're probably on a certificate verification thread.
+        SecurityState {
+            profile_path,
+            env_and_store: None,
+            crlite_filter: None,
+            crlite_stash: None,
+            crlite_coverage: None,
+            crlite_enrollment: None,
+            remaining_ops: 0,
+        }
+    }
+
+    pub fn db_needs_opening(&self) -> bool {
+        self.env_and_store.is_none()
+    }
+
+    pub fn open_db(&mut self) -> Result<(), SecurityStateError> {
+        if self.env_and_store.is_some() {
+            return Ok(());
+        }
+
+        let store_path = get_store_path(&self.profile_path)?;
+
+        // Open the store in read-write mode to create it (if needed) and migrate data from the old
+        // store (if any).
+        // If opening initially fails, try to remove and recreate the database. Consumers will
+        // repopulate the database as necessary if this happens (see bug 1546361).
+        let env = make_env(store_path.as_path()).or_else(|_| {
+            remove_db(store_path.as_path())?;
+            make_env(store_path.as_path())
+        })?;
+        let store = env.open_single("cert_storage", StoreOptions::create())?;
+
+        // if the profile has a revocations.txt, migrate it and remove the file
+        let mut revocations_path = self.profile_path.clone();
+        revocations_path.push("revocations.txt");
+        if revocations_path.exists() {
+            SecurityState::migrate(&revocations_path, &env, &store)?;
+            remove_file(revocations_path)?;
+        }
+
+        // We already returned early if env_and_store was Some, so this should take the None branch.
+        match self.env_and_store.replace(EnvAndStore { env, store }) {
+            Some(_) => Err(SecurityStateError::from(
+                "env and store already initialized? (did we mess up our threading model?)",
+            )),
+            None => Ok(()),
+        }?;
+        self.load_crlite_filter()?;
+        Ok(())
+    }
+
+    fn migrate(
+        revocations_path: &PathBuf,
+        env: &Rkv,
+        store: &SingleStore,
+    ) -> Result<(), SecurityStateError> {
+        let f = File::open(revocations_path)?;
+        let file = BufReader::new(f);
+        let value = Value::I64(nsICertStorage::STATE_ENFORCE as i64);
+        let mut writer = env.write()?;
+
+        // Add the data from revocations.txt
+        let mut dn: Option<Vec<u8>> = None;
+        for line in file.lines() {
+            let l = match line.map_err(|_| SecurityStateError::from("io error reading line data")) {
+                Ok(data) => data,
+                Err(e) => return Err(e),
+            };
+            if l.len() == 0 || l.starts_with("#") {
+                continue;
+            }
+            let leading_char = match l.chars().next() {
+                Some(c) => c,
+                None => {
+                    return Err(SecurityStateError::from(
+                        "couldn't get char from non-empty str?",
+                    ));
+                }
+            };
+            // In future, we can maybe log migration failures. For now, ignore decoding and storage
+            // errors and attempt to continue.
+            // Check if we have a new DN
+            if leading_char != '\t' && leading_char != ' ' {
+                if let Ok(decoded_dn) = BASE64_STANDARD.decode(&l) {
+                    dn = Some(decoded_dn);
+                }
+                continue;
+            }
+            let l_sans_prefix = match BASE64_STANDARD.decode(&l[1..]) {
+                Ok(decoded) => decoded,
+                Err(_) => continue,
+            };
+            if let Some(name) = &dn {
+                if leading_char == '\t' {
+                    let _ = store.put(
+                        &mut writer,
+                        &make_key!(PREFIX_REV_SPK, name, &l_sans_prefix),
+                        &value,
+                    );
+                } else {
+                    let _ = store.put(
+                        &mut writer,
+                        &make_key!(PREFIX_REV_IS, name, &l_sans_prefix),
+                        &value,
+                    );
+                }
+            }
+        }
+
+        writer.commit()?;
+        Ok(())
+    }
+
+    fn read_entry(&self, key: &[u8]) -> Result<Option<i16>, SecurityStateError> {
+        let env_and_store = match self.env_and_store.as_ref() {
+            Some(env_and_store) => env_and_store,
+            None => return Err(SecurityStateError::from("env and store not initialized?")),
+        };
+        let reader = env_and_store.env.read()?;
+        match env_and_store.store.get(&reader, key) {
+            Ok(Some(Value::I64(i)))
+                if i <= (std::i16::MAX as i64) && i >= (std::i16::MIN as i64) =>
+            {
+                Ok(Some(i as i16))
+            }
+            Ok(None) => Ok(None),
+            Ok(_) => Err(SecurityStateError::from(
+                "Unexpected type when trying to get a Value::I64",
+            )),
+            Err(_) => Err(SecurityStateError::from(
+                "There was a problem getting the value",
+            )),
+        }
+    }
+
+    pub fn get_has_prior_data(&self, data_type: u8) -> Result<bool, SecurityStateError> {
+        if data_type == nsICertStorage::DATA_TYPE_CRLITE_FILTER_FULL {
+            return Ok(self.crlite_filter.is_some()
+                && self.crlite_coverage.is_some()
+                && self.crlite_enrollment.is_some());
+        }
+        if data_type == nsICertStorage::DATA_TYPE_CRLITE_FILTER_INCREMENTAL {
+            return Ok(self.crlite_stash.is_some());
+        }
+
+        let env_and_store = match self.env_and_store.as_ref() {
+            Some(env_and_store) => env_and_store,
+            None => return Err(SecurityStateError::from("env and store not initialized?")),
+        };
+        let reader = env_and_store.env.read()?;
+        match env_and_store
+            .store
+            .get(&reader, &make_key!(PREFIX_DATA_TYPE, &[data_type]))
+        {
+            Ok(Some(Value::Bool(true))) => Ok(true),
+            Ok(None) => Ok(false),
+            Ok(_) => Err(SecurityStateError::from(
+                "Unexpected type when trying to get a Value::Bool",
+            )),
+            Err(_) => Err(SecurityStateError::from(
+                "There was a problem getting the value",
+            )),
+        }
+    }
+
+    pub fn set_batch_state(
+        &mut self,
+        entries: &[EncodedSecurityState],
+        typ: u8,
+    ) -> Result<(), SecurityStateError> {
+        let env_and_store = match self.env_and_store.as_mut() {
+            Some(env_and_store) => env_and_store,
+            None => return Err(SecurityStateError::from("env and store not initialized?")),
+        };
+        let mut writer = env_and_store.env.write()?;
+        // Make a note that we have prior data of the given type now.
+        env_and_store.store.put(
+            &mut writer,
+            &make_key!(PREFIX_DATA_TYPE, &[typ]),
+            &Value::Bool(true),
+        )?;
+
+        for entry in entries {
+            let key = match entry.key() {
+                Ok(key) => key,
+                Err(e) => {
+                    warn!("error base64-decoding key parts - ignoring: {}", e.message);
+                    continue;
+                }
+            };
+            env_and_store
+                .store
+                .put(&mut writer, &key, &Value::I64(entry.state() as i64))?;
+        }
+
+        writer.commit()?;
+        Ok(())
+    }
+
+    pub fn get_revocation_state(
+        &self,
+        issuer: &[u8],
+        serial: &[u8],
+        subject: &[u8],
+        pub_key: &[u8],
+    ) -> Result<i16, SecurityStateError> {
+        let mut digest = Sha256::default();
+        digest.update(pub_key);
+        let pub_key_hash = digest.finalize();
+
+        let subject_pubkey = make_key!(PREFIX_REV_SPK, subject, &pub_key_hash);
+        let issuer_serial = make_key!(PREFIX_REV_IS, issuer, serial);
+
+        let st: i16 = match self.read_entry(&issuer_serial) {
+            Ok(Some(value)) => value,
+            Ok(None) => nsICertStorage::STATE_UNSET,
+            Err(_) => {
+                return Err(SecurityStateError::from(
+                    "problem reading revocation state (from issuer / serial)",
+                ));
+            }
+        };
+
+        if st != nsICertStorage::STATE_UNSET {
+            return Ok(st);
+        }
+
+        match self.read_entry(&subject_pubkey) {
+            Ok(Some(value)) => Ok(value),
+            Ok(None) => Ok(nsICertStorage::STATE_UNSET),
+            Err(_) => {
+                return Err(SecurityStateError::from(
+                    "problem reading revocation state (from subject / pubkey)",
+                ));
+            }
+        }
+    }
+
+    fn issuer_is_enrolled(&self, subject: &[u8], pub_key: &[u8]) -> bool {
+        if let Some(crlite_enrollment) = self.crlite_enrollment.as_ref() {
+            let mut digest = Sha256::default();
+            digest.update(subject);
+            digest.update(pub_key);
+            let issuer_id = digest.finalize();
+            return crlite_enrollment.contains(&issuer_id.to_vec());
+        }
+        return false;
+    }
+
+    fn filter_covers_some_timestamp(&self, timestamps: &[CRLiteTimestamp]) -> bool {
+        if let Some(crlite_coverage) = self.crlite_coverage.as_ref() {
+            for entry in timestamps {
+                if let Some(&(low, high)) = crlite_coverage.get(entry.log_id.as_ref()) {
+                    if low <= entry.timestamp && entry.timestamp <= high {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
+    fn note_crlite_update_time(&mut self) -> Result<(), SecurityStateError> {
+        let seconds_since_epoch = Value::U64(
+            SystemTime::now()
+                .duration_since(UNIX_EPOCH)
+                .map_err(|_| SecurityStateError::from("could not get current time"))?
+                .as_secs(),
+        );
+        let env_and_store = match self.env_and_store.as_mut() {
+            Some(env_and_store) => env_and_store,
+            None => return Err(SecurityStateError::from("env and store not initialized?")),
+        };
+        let mut writer = env_and_store.env.write()?;
+        env_and_store
+            .store
+            .put(&mut writer, LAST_CRLITE_UPDATE_KEY, &seconds_since_epoch)
+            .map_err(|_| SecurityStateError::from("could not store timestamp"))?;
+        writer.commit()?;
+        Ok(())
+    }
+
+    fn is_crlite_fresh(&self) -> bool {
+        let now = match SystemTime::now().duration_since(UNIX_EPOCH) {
+            Ok(t) => t.as_secs(),
+            _ => return false,
+        };
+        let env_and_store = match self.env_and_store.as_ref() {
+            Some(env_and_store) => env_and_store,
+            None => return false,
+        };
+        let reader = match env_and_store.env.read() {
+            Ok(reader) => reader,
+            _ => return false,
+        };
+        match env_and_store.store.get(&reader, LAST_CRLITE_UPDATE_KEY) {
+            Ok(Some(Value::U64(last_update))) if last_update < u64::MAX / 2 => {
+                now < last_update + 60 * 60 * 24 * 10
+            }
+            _ => false,
+        }
+    }
+
+    pub fn set_full_crlite_filter(
+        &mut self,
+        filter: Vec<u8>,
+        enrolled_issuers: Vec<nsCString>,
+        coverage_entries: &[(nsCString, u64, u64)],
+    ) -> Result<(), SecurityStateError> {
+        // First drop any existing crlite filter and clear the accumulated stash.
+        {
+            let _ = self.crlite_filter.take();
+            let _ = self.crlite_stash.take();
+            let _ = self.crlite_coverage.take();
+            let _ = self.crlite_enrollment.take();
+            let mut path = get_store_path(&self.profile_path)?;
+            path.push("crlite.stash");
+            // Truncate the stash file if it exists.
+            if path.exists() {
+                File::create(path).map_err(|e| {
+                    SecurityStateError::from(format!("couldn't truncate stash file: {}", e))
+                })?;
+            }
+        }
+        // Write the new full filter.
+        let mut path = get_store_path(&self.profile_path)?;
+        path.push("crlite.filter");
+        {
+            let mut filter_file = File::create(&path)?;
+            filter_file.write_all(&filter)?;
+        }
+
+        // Serialize the coverage metadata as a 1 byte version number followed by any number of 48
+        // byte entries. Each entry is a 32 byte (opaque) log id, followed by two 8 byte
+        // timestamps. Each timestamp is an 8 byte unsigned integer in little endian.
+        let mut coverage_bytes =
+            Vec::with_capacity(size_of::<u8>() + coverage_entries.len() * COVERAGE_V1_ENTRY_BYTES);
+        coverage_bytes.push(COVERAGE_SERIALIZATION_VERSION);
+        for (b64_log_id, min_t, max_t) in coverage_entries {
+            let log_id = match BASE64_STANDARD.decode(&b64_log_id) {
+                Ok(log_id) if log_id.len() == 32 => log_id,
+                _ => {
+                    warn!("malformed log ID - skipping: {}", b64_log_id);
+                    continue;
+                }
+            };
+            coverage_bytes.extend_from_slice(&log_id);
+            coverage_bytes.extend_from_slice(&min_t.to_le_bytes());
+            coverage_bytes.extend_from_slice(&max_t.to_le_bytes());
+        }
+        // Write the coverage file for the new filter
+        let mut path = get_store_path(&self.profile_path)?;
+        path.push("crlite.coverage");
+        {
+            let mut coverage_file = File::create(&path)?;
+            coverage_file.write_all(&coverage_bytes)?;
+        }
+
+        // Serialize the enrollment list as a 1 byte version number followed by:
+        // Version 1: any number of 32 byte values of the form `SHA256(subject || spki)`.
+        let mut enrollment_bytes = Vec::with_capacity(
+            size_of::<u8>() + enrolled_issuers.len() * ENROLLMENT_V1_ENTRY_BYTES,
+        );
+        enrollment_bytes.push(ENROLLMENT_SERIALIZATION_VERSION);
+        for b64_issuer_id in enrolled_issuers {
+            let issuer_id = match BASE64_STANDARD.decode(&b64_issuer_id) {
+                Ok(issuer_id) if issuer_id.len() == 32 => issuer_id,
+                _ => {
+                    warn!("malformed issuer ID - skipping: {}", b64_issuer_id);
+                    continue;
+                }
+            };
+            enrollment_bytes.extend_from_slice(&issuer_id);
+        }
+        // Write the enrollment file for the new filter
+        let mut path = get_store_path(&self.profile_path)?;
+        path.push("crlite.enrollment");
+        {
+            let mut enrollment_file = File::create(&path)?;
+            enrollment_file.write_all(&enrollment_bytes)?;
+        }
+
+        self.note_crlite_update_time()?;
+        self.load_crlite_filter()?;
+        Ok(())
+    }
+
+    fn load_crlite_filter(&mut self) -> Result<(), SecurityStateError> {
+        if self.crlite_filter.is_some() || self.crlite_coverage.is_some() {
+            return Err(SecurityStateError::from(
+                "Both crlite_filter and crlite_coverage should be None here",
+            ));
+        }
+
+        let mut path = get_store_path(&self.profile_path)?;
+        path.push("crlite.filter");
+        // Before we've downloaded any filters, this file won't exist.
+        if !path.exists() {
+            return Ok(());
+        }
+        let mut filter_file = File::open(path)?;
+        let mut filter_bytes = Vec::new();
+        let _ = filter_file.read_to_end(&mut filter_bytes)?;
+        let crlite_filter = Cascade::from_bytes(filter_bytes)
+            .map_err(|_| SecurityStateError::from("invalid CRLite filter"))?
+            .ok_or(SecurityStateError::from("expecting non-empty filter"))?;
+
+        let mut path = get_store_path(&self.profile_path)?;
+        path.push("crlite.coverage");
+        if !path.exists() {
+            return Ok(());
+        }
+
+        // Deserialize the coverage metadata.
+        // The format is described in `set_full_crlite_filter`.
+        let coverage_file = File::open(path)?;
+        let coverage_file_len = coverage_file.metadata()?.len() as usize;
+        let mut coverage_reader = BufReader::new(coverage_file);
+        match coverage_reader.read_u8() {
+            Ok(COVERAGE_SERIALIZATION_VERSION) => (),
+            _ => return Err(SecurityStateError::from("unknown CRLite coverage version")),
+        }
+        if (coverage_file_len - 1) % COVERAGE_V1_ENTRY_BYTES != 0 {
+            return Err(SecurityStateError::from("truncated CRLite coverage file"));
+        }
+        let coverage_count = (coverage_file_len - 1) / COVERAGE_V1_ENTRY_BYTES;
+        let mut crlite_coverage: HashMap<Vec<u8>, (u64, u64)> = HashMap::new();
+        for _ in 0..coverage_count {
+            let mut coverage_entry = [0u8; COVERAGE_V1_ENTRY_BYTES];
+            match coverage_reader.read_exact(&mut coverage_entry) {
+                Ok(()) => (),
+                _ => return Err(SecurityStateError::from("truncated CRLite coverage file")),
+            };
+            let log_id = &coverage_entry[0..32];
+            let min_timestamp: u64;
+            let max_timestamp: u64;
+            match (&coverage_entry[32..40]).read_u64::<LittleEndian>() {
+                Ok(value) => min_timestamp = value,
+                _ => return Err(SecurityStateError::from("truncated CRLite coverage file")),
+            }
+            match (&coverage_entry[40..48]).read_u64::<LittleEndian>() {
+                Ok(value) => max_timestamp = value,
+                _ => return Err(SecurityStateError::from("truncated CRLite coverage file")),
+            }
+            crlite_coverage.insert(log_id.to_vec(), (min_timestamp, max_timestamp));
+        }
+
+        let mut path = get_store_path(&self.profile_path)?;
+        path.push("crlite.enrollment");
+        if !path.exists() {
+            return Ok(());
+        }
+
+        // Deserialize the enrollment metadata.
+        // The format is described in `set_full_crlite_filter`.
+        let enrollment_file = File::open(path)?;
+        let enrollment_file_len = enrollment_file.metadata()?.len() as usize;
+        let mut enrollment_reader = BufReader::new(enrollment_file);
+        match enrollment_reader.read_u8() {
+            Ok(ENROLLMENT_SERIALIZATION_VERSION) => (),
+            _ => {
+                return Err(SecurityStateError::from(
+                    "unknown CRLite enrollment version",
+                ))
+            }
+        }
+        if (enrollment_file_len - 1) % ENROLLMENT_V1_ENTRY_BYTES != 0 {
+            return Err(SecurityStateError::from("truncated CRLite enrollment file"));
+        }
+        let enrollment_count = (enrollment_file_len - 1) / ENROLLMENT_V1_ENTRY_BYTES;
+        let mut crlite_enrollment: HashSet<Vec<u8>> = HashSet::new();
+        for _ in 0..enrollment_count {
+            let mut enrollment_entry = [0u8; ENROLLMENT_V1_ENTRY_BYTES];
+            match enrollment_reader.read_exact(&mut enrollment_entry) {
+                Ok(()) => (),
+                _ => return Err(SecurityStateError::from("truncated CRLite enrollment file")),
+            };
+            let issuer_id = &enrollment_entry[..];
+            crlite_enrollment.insert(issuer_id.to_vec());
+        }
+
+        let old_crlite_filter_should_be_none = self.crlite_filter.replace(crlite_filter);
+        assert!(old_crlite_filter_should_be_none.is_none());
+        let old_crlite_coverage_should_be_none = self.crlite_coverage.replace(crlite_coverage);
+        assert!(old_crlite_coverage_should_be_none.is_none());
+        let old_crlite_enrollment_should_be_none =
+            self.crlite_enrollment.replace(crlite_enrollment);
+        assert!(old_crlite_enrollment_should_be_none.is_none());
+        Ok(())
+    }
+
+    pub fn add_crlite_stash(&mut self, stash: Vec<u8>) -> Result<(), SecurityStateError> {
+        // Append the update to the previously-seen stashes.
+        let mut path = get_store_path(&self.profile_path)?;
+        path.push("crlite.stash");
+        let mut stash_file = OpenOptions::new().append(true).create(true).open(path)?;
+        stash_file.write_all(&stash)?;
+        let crlite_stash = self.crlite_stash.get_or_insert(HashMap::new());
+        load_crlite_stash_from_reader_into_map(&mut stash.as_slice(), crlite_stash)?;
+        self.note_crlite_update_time()?;
+        Ok(())
+    }
+
+    pub fn is_cert_revoked_by_stash(
+        &self,
+        issuer_spki: &[u8],
+        serial: &[u8],
+    ) -> Result<bool, SecurityStateError> {
+        let crlite_stash = match self.crlite_stash.as_ref() {
+            Some(crlite_stash) => crlite_stash,
+            None => return Ok(false),
+        };
+        let mut digest = Sha256::default();
+        digest.update(issuer_spki);
+        let lookup_key = digest.finalize().to_vec();
+        let serials = match crlite_stash.get(&lookup_key) {
+            Some(serials) => serials,
+            None => return Ok(false),
+        };
+        Ok(serials.contains(&serial.to_vec()))
+    }
+
+    pub fn get_crlite_revocation_state(
+        &self,
+        issuer: &[u8],
+        issuer_spki: &[u8],
+        serial_number: &[u8],
+        timestamps: &[CRLiteTimestamp],
+    ) -> i16 {
+        if !self.is_crlite_fresh() {
+            return nsICertStorage::STATE_NO_FILTER;
+        }
+        if !self.issuer_is_enrolled(issuer, issuer_spki) {
+            return nsICertStorage::STATE_NOT_ENROLLED;
+        }
+        if !self.filter_covers_some_timestamp(timestamps) {
+            return nsICertStorage::STATE_NOT_COVERED;
+        }
+        let mut digest = Sha256::default();
+        digest.update(issuer_spki);
+        let mut lookup_key = digest.finalize().to_vec();
+        lookup_key.extend_from_slice(serial_number);
+        debug!("CRLite lookup key: {:?}", lookup_key);
+        let result = match &self.crlite_filter {
+            Some(crlite_filter) => crlite_filter.has(lookup_key),
+            // This can only happen if the backing file was deleted or if it or our database has
+            // become corrupted. In any case, we have no information.
+            None => return nsICertStorage::STATE_NO_FILTER,
+        };
+        match result {
+            true => nsICertStorage::STATE_ENFORCE,
+            false => nsICertStorage::STATE_UNSET,
+        }
+    }
+
+    // To store certificates, we create a Cert out of each given cert, subject, and trust tuple. We
+    // hash each certificate with sha-256 to obtain a unique* key for that certificate, and we store
+    // the Cert in the database. We also look up or create a CertHashList for the given subject and
+    // add the new certificate's hash if it isn't present in the list. If it wasn't present, we
+    // write out the updated CertHashList.
+    // *By the pigeon-hole principle, there exist collisions for sha-256, so this key is not
+    // actually unique. We rely on the assumption that sha-256 is a cryptographically strong hash.
+    // If an adversary can find two different certificates with the same sha-256 hash, they can
+    // probably forge a sha-256-based signature, so assuming the keys we create here are unique is
+    // not a security issue.
+    pub fn add_certs(
+        &mut self,
+        certs: &[(nsCString, nsCString, i16)],
+    ) -> Result<(), SecurityStateError> {
+        let env_and_store = match self.env_and_store.as_mut() {
+            Some(env_and_store) => env_and_store,
+            None => return Err(SecurityStateError::from("env and store not initialized?")),
+        };
+        let mut writer = env_and_store.env.write()?;
+        // Make a note that we have prior cert data now.
+        env_and_store.store.put(
+            &mut writer,
+            &make_key!(PREFIX_DATA_TYPE, &[nsICertStorage::DATA_TYPE_CERTIFICATE]),
+            &Value::Bool(true),
+        )?;
+
+        for (cert_der_base64, subject_base64, trust) in certs {
+            let cert_der = match BASE64_STANDARD.decode(&cert_der_base64) {
+                Ok(cert_der) => cert_der,
+                Err(e) => {
+                    warn!("error base64-decoding cert - skipping: {}", e);
+                    continue;
+                }
+            };
+            let subject = match BASE64_STANDARD.decode(&subject_base64) {
+                Ok(subject) => subject,
+                Err(e) => {
+                    warn!("error base64-decoding subject - skipping: {}", e);
+                    continue;
+                }
+            };
+            let mut digest = Sha256::default();
+            digest.update(&cert_der);
+            let cert_hash = digest.finalize();
+            let cert_key = make_key!(PREFIX_CERT, &cert_hash);
+            let cert = Cert::new(&cert_der, &subject, *trust)?;
+            env_and_store
+                .store
+                .put(&mut writer, &cert_key, &Value::Blob(&cert.to_bytes()?))?;
+            let subject_key = make_key!(PREFIX_SUBJECT, &subject);
+            let empty_vec = Vec::new();
+            let old_cert_hash_list = match env_and_store.store.get(&writer, &subject_key)? {
+                Some(Value::Blob(hashes)) => hashes.to_owned(),
+                Some(_) => empty_vec,
+                None => empty_vec,
+            };
+            let new_cert_hash_list = CertHashList::add(&old_cert_hash_list, &cert_hash)?;
+            if new_cert_hash_list.len() != old_cert_hash_list.len() {
+                env_and_store.store.put(
+                    &mut writer,
+                    &subject_key,
+                    &Value::Blob(&new_cert_hash_list),
+                )?;
+            }
+        }
+
+        writer.commit()?;
+        Ok(())
+    }
+
+    // Given a list of certificate sha-256 hashes, we can look up each Cert entry in the database.
+    // We use this to find the corresponding subject so we can look up the CertHashList it should
+    // appear in. If that list contains the given hash, we remove it and update the CertHashList.
+    // Finally we delete the Cert entry.
+    pub fn remove_certs_by_hashes(
+        &mut self,
+        hashes_base64: &[nsCString],
+    ) -> Result<(), SecurityStateError> {
+        let env_and_store = match self.env_and_store.as_mut() {
+            Some(env_and_store) => env_and_store,
+            None => return Err(SecurityStateError::from("env and store not initialized?")),
+        };
+        let mut writer = env_and_store.env.write()?;
+        let reader = env_and_store.env.read()?;
+
+        for hash in hashes_base64 {
+            let hash = match BASE64_STANDARD.decode(&hash) {
+                Ok(hash) => hash,
+                Err(e) => {
+                    warn!("error decoding hash - ignoring: {}", e);
+                    continue;
+                }
+            };
+            let cert_key = make_key!(PREFIX_CERT, &hash);
+            if let Some(Value::Blob(cert_bytes)) = env_and_store.store.get(&reader, &cert_key)? {
+                if let Ok(cert) = Cert::from_bytes(cert_bytes) {
+                    let subject_key = make_key!(PREFIX_SUBJECT, &cert.subject);
+                    let empty_vec = Vec::new();
+                    // We have to use the writer here to make sure we have an up-to-date view of
+                    // the cert hash list.
+                    let old_cert_hash_list = match env_and_store.store.get(&writer, &subject_key)? {
+                        Some(Value::Blob(hashes)) => hashes.to_owned(),
+                        Some(_) => empty_vec,
+                        None => empty_vec,
+                    };
+                    let new_cert_hash_list = CertHashList::remove(&old_cert_hash_list, &hash)?;
+                    if new_cert_hash_list.len() != old_cert_hash_list.len() {
+                        env_and_store.store.put(
+                            &mut writer,
+                            &subject_key,
+                            &Value::Blob(&new_cert_hash_list),
+                        )?;
+                    }
+                }
+            }
+            match env_and_store.store.delete(&mut writer, &cert_key) {
+                Ok(()) => {}
+                Err(StoreError::KeyValuePairNotFound) => {}
+                Err(e) => return Err(SecurityStateError::from(e)),
+            };
+        }
+        writer.commit()?;
+        Ok(())
+    }
+
+    // Given a certificate's subject, we look up the corresponding CertHashList. In theory, each
+    // hash in that list corresponds to a certificate with the given subject, so we look up each of
+    // these (assuming the database is consistent and contains them) and add them to the given list.
+    // If we encounter an inconsistency, we continue looking as best we can.
+    pub fn find_certs_by_subject(
+        &self,
+        subject: &[u8],
+        certs: &mut ThinVec<ThinVec<u8>>,
+    ) -> Result<(), SecurityStateError> {
+        let env_and_store = match self.env_and_store.as_ref() {
+            Some(env_and_store) => env_and_store,
+            None => return Err(SecurityStateError::from("env and store not initialized?")),
+        };
+        let reader = env_and_store.env.read()?;
+        certs.clear();
+        let subject_key = make_key!(PREFIX_SUBJECT, subject);
+        let empty_vec = Vec::new();
+        let cert_hash_list_bytes = match env_and_store.store.get(&reader, &subject_key)? {
+            Some(Value::Blob(hashes)) => hashes,
+            Some(_) => &empty_vec,
+            None => &empty_vec,
+        };
+        let cert_hash_list = CertHashList::new(cert_hash_list_bytes)?;
+        for cert_hash in cert_hash_list.into_iter() {
+            let cert_key = make_key!(PREFIX_CERT, cert_hash);
+            // If there's some inconsistency, we don't want to fail the whole operation - just go
+            // for best effort and find as many certificates as we can.
+            if let Some(Value::Blob(cert_bytes)) = env_and_store.store.get(&reader, &cert_key)? {
+                if let Ok(cert) = Cert::from_bytes(cert_bytes) {
+                    let mut thin_vec_cert = ThinVec::with_capacity(cert.der.len());
+                    thin_vec_cert.extend_from_slice(&cert.der);
+                    certs.push(thin_vec_cert);
+                }
+            }
+        }
+        Ok(())
+    }
+}
+
+impl MallocSizeOf for SecurityState {
+    fn size_of(&self, ops: &mut MallocSizeOfOps) -> usize {
+        self.profile_path.size_of(ops)
+            + self.env_and_store.size_of(ops)
+            + self
+                .crlite_filter
+                .as_ref()
+                .map_or(0, |crlite_filter| crlite_filter.approximate_size_of())
+            + self.crlite_stash.size_of(ops)
+            + self.crlite_coverage.size_of(ops)
+            + self.remaining_ops.size_of(ops)
+    }
+}
+
+const CERT_SERIALIZATION_VERSION_1: u8 = 1;
+
+// A Cert consists of its DER encoding, its DER-encoded subject, and its trust (currently
+// nsICertStorage::TRUST_INHERIT, but in the future nsICertStorage::TRUST_ANCHOR may also be used).
+// The length of each encoding must be representable by a u16 (so 65535 bytes is the longest a
+// certificate can be).
+struct Cert<'a> {
+    der: &'a [u8],
+    subject: &'a [u8],
+    trust: i16,
+}
+
+impl<'a> Cert<'a> {
+    fn new(der: &'a [u8], subject: &'a [u8], trust: i16) -> Result<Cert<'a>, SecurityStateError> {
+        if der.len() > u16::max as usize {
+            return Err(SecurityStateError::from("certificate is too long"));
+        }
+        if subject.len() > u16::max as usize {
+            return Err(SecurityStateError::from("subject is too long"));
+        }
+        Ok(Cert {
+            der,
+            subject,
+            trust,
+        })
+    }
+
+    fn from_bytes(encoded: &'a [u8]) -> Result<Cert<'a>, SecurityStateError> {
+        if encoded.len() < size_of::<u8>() {
+            return Err(SecurityStateError::from("invalid Cert: no version?"));
+        }
+        let (mut version, rest) = encoded.split_at(size_of::<u8>());
+        let version = version.read_u8()?;
+        if version != CERT_SERIALIZATION_VERSION_1 {
+            return Err(SecurityStateError::from("invalid Cert: unexpected version"));
+        }
+
+        if rest.len() < size_of::<u16>() {
+            return Err(SecurityStateError::from("invalid Cert: no der len?"));
+        }
+        let (mut der_len, rest) = rest.split_at(size_of::<u16>());
+        let der_len = der_len.read_u16::<NetworkEndian>()? as usize;
+        if rest.len() < der_len {
+            return Err(SecurityStateError::from("invalid Cert: no der?"));
+        }
+        let (der, rest) = rest.split_at(der_len);
+
+        if rest.len() < size_of::<u16>() {
+            return Err(SecurityStateError::from("invalid Cert: no subject len?"));
+        }
+        let (mut subject_len, rest) = rest.split_at(size_of::<u16>());
+        let subject_len = subject_len.read_u16::<NetworkEndian>()? as usize;
+        if rest.len() < subject_len {
+            return Err(SecurityStateError::from("invalid Cert: no subject?"));
+        }
+        let (subject, mut rest) = rest.split_at(subject_len);
+
+        if rest.len() < size_of::<i16>() {
+            return Err(SecurityStateError::from("invalid Cert: no trust?"));
+        }
+        let trust = rest.read_i16::<NetworkEndian>()?;
+        if rest.len() > 0 {
+            return Err(SecurityStateError::from("invalid Cert: trailing data?"));
+        }
+
+        Ok(Cert {
+            der,
+            subject,
+            trust,
+        })
+    }
+
+    fn to_bytes(&self) -> Result<Vec<u8>, SecurityStateError> {
+        let mut bytes = Vec::with_capacity(
+            size_of::<u8>()
+                + size_of::<u16>()
+                + self.der.len()
+                + size_of::<u16>()
+                + self.subject.len()
+                + size_of::<i16>(),
+        );
+        bytes.write_u8(CERT_SERIALIZATION_VERSION_1)?;
+        if self.der.len() > u16::max as usize {
+            return Err(SecurityStateError::from("certificate is too long"));
+        }
+        bytes.write_u16::<NetworkEndian>(self.der.len() as u16)?;
+        bytes.extend_from_slice(&self.der);
+        if self.subject.len() > u16::max as usize {
+            return Err(SecurityStateError::from("subject is too long"));
+        }
+        bytes.write_u16::<NetworkEndian>(self.subject.len() as u16)?;
+        bytes.extend_from_slice(&self.subject);
+        bytes.write_i16::<NetworkEndian>(self.trust)?;
+        Ok(bytes)
+    }
+}
+
+// A CertHashList is a list of sha-256 hashes of DER-encoded certificates.
+struct CertHashList<'a> {
+    hashes: Vec<&'a [u8]>,
+}
+
+impl<'a> CertHashList<'a> {
+    fn new(hashes_bytes: &'a [u8]) -> Result<CertHashList<'a>, SecurityStateError> {
+        if hashes_bytes.len() % Sha256::output_size() != 0 {
+            return Err(SecurityStateError::from(
+                "unexpected length for cert hash list",
+            ));
+        }
+        let mut hashes = Vec::with_capacity(hashes_bytes.len() / Sha256::output_size());
+        for hash in hashes_bytes.chunks_exact(Sha256::output_size()) {
+            hashes.push(hash);
+        }
+        Ok(CertHashList { hashes })
+    }
+
+    fn add(hashes_bytes: &[u8], new_hash: &[u8]) -> Result<Vec<u8>, SecurityStateError> {
+        if hashes_bytes.len() % Sha256::output_size() != 0 {
+            return Err(SecurityStateError::from(
+                "unexpected length for cert hash list",
+            ));
+        }
+        if new_hash.len() != Sha256::output_size() {
+            return Err(SecurityStateError::from("unexpected cert hash length"));
+        }
+        for hash in hashes_bytes.chunks_exact(Sha256::output_size()) {
+            if hash == new_hash {
+                return Ok(hashes_bytes.to_owned());
+            }
+        }
+        let mut combined = hashes_bytes.to_owned();
+        combined.extend_from_slice(new_hash);
+        Ok(combined)
+    }
+
+    fn remove(hashes_bytes: &[u8], cert_hash: &[u8]) -> Result<Vec<u8>, SecurityStateError> {
+        if hashes_bytes.len() % Sha256::output_size() != 0 {
+            return Err(SecurityStateError::from(
+                "unexpected length for cert hash list",
+            ));
+        }
+        if cert_hash.len() != Sha256::output_size() {
+            return Err(SecurityStateError::from("unexpected cert hash length"));
+        }
+        let mut result = Vec::with_capacity(hashes_bytes.len());
+        for hash in hashes_bytes.chunks_exact(Sha256::output_size()) {
+            if hash != cert_hash {
+                result.extend_from_slice(hash);
+            }
+        }
+        Ok(result)
+    }
+}
+
+impl<'a> IntoIterator for CertHashList<'a> {
+    type Item = &'a [u8];
+    type IntoIter = std::vec::IntoIter<&'a [u8]>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        self.hashes.into_iter()
+    }
+}
+
+// Helper struct for get_crlite_revocation_state.
+struct CRLiteTimestamp {
+    log_id: ThinVec<u8>,
+    timestamp: u64,
+}
+
+// Helper struct for set_batch_state. Takes a prefix, two base64-encoded key
+// parts, and a security state value.
+struct EncodedSecurityState {
+    prefix: &'static str,
+    key_part_1_base64: nsCString,
+    key_part_2_base64: nsCString,
+    state: i16,
+}
+
+impl EncodedSecurityState {
+    fn new(
+        prefix: &'static str,
+        key_part_1_base64: nsCString,
+        key_part_2_base64: nsCString,
+        state: i16,
+    ) -> EncodedSecurityState {
+        EncodedSecurityState {
+            prefix,
+            key_part_1_base64,
+            key_part_2_base64,
+            state,
+        }
+    }
+
+    fn key(&self) -> Result<Vec<u8>, SecurityStateError> {
+        let key_part_1 = BASE64_STANDARD.decode(&self.key_part_1_base64)?;
+        let key_part_2 = BASE64_STANDARD.decode(&self.key_part_2_base64)?;
+        Ok(make_key!(self.prefix, &key_part_1, &key_part_2))
+    }
+
+    fn state(&self) -> i16 {
+        self.state
+    }
+}
+
+fn get_path_from_directory_service(key: &str) -> Result<PathBuf, nserror::nsresult> {
+    let directory_service: RefPtr<nsIProperties> =
+        xpcom::components::Directory::service().map_err(|_| NS_ERROR_FAILURE)?;
+    let cs_key = CString::new(key).map_err(|_| NS_ERROR_FAILURE)?;
+
+    let mut requested_dir = GetterAddrefs::<nsIFile>::new();
+    unsafe {
+        (*directory_service)
+            .Get(
+                (&cs_key).as_ptr(),
+                &nsIFile::IID as *const nsIID,
+                requested_dir.void_ptr(),
+            )
+            .to_result()
+    }?;
+
+    let dir_path = requested_dir.refptr().ok_or(NS_ERROR_FAILURE)?;
+    let mut path = nsString::new();
+    unsafe { (*dir_path).GetPath(&mut *path).to_result() }?;
+    Ok(PathBuf::from(format!("{}", path)))
+}
+
+fn get_profile_path() -> Result<PathBuf, nserror::nsresult> {
+    get_path_from_directory_service("ProfD").or_else(|_| get_path_from_directory_service("TmpD"))
+}
+
+fn get_store_path(profile_path: &PathBuf) -> Result<PathBuf, SecurityStateError> {
+    let mut store_path = profile_path.clone();
+    store_path.push("security_state");
+    create_dir_all(store_path.as_path())?;
+    Ok(store_path)
+}
+
+fn make_env(path: &Path) -> Result<Rkv, SecurityStateError> {
+    let mut builder = Rkv::environment_builder::<SafeMode>();
+    builder.set_max_dbs(2);
+
+    // 16MB is a little over twice the size of the current dataset. When we
+    // eventually switch to the LMDB backend to create the builder above,
+    // we should set this as the map size, since it cannot currently resize.
+    // (The SafeMode backend warns when a map size is specified, so we skip it
+    // for now to avoid console spam.)
+
+    // builder.set_map_size(16777216);
+
+    // Bug 1595004: Migrate databases between backends in the future,
+    // and handle 32 and 64 bit architectures in case of LMDB.
+    Rkv::from_builder(path, builder).map_err(SecurityStateError::from)
+}
+
+fn unconditionally_remove_file(path: &Path) -> Result<(), SecurityStateError> {
+    match remove_file(path) {
+        Ok(()) => Ok(()),
+        Err(e) => match e.kind() {
+            std::io::ErrorKind::NotFound => Ok(()),
+            _ => Err(SecurityStateError::from(e)),
+        },
+    }
+}
+
+fn remove_db(path: &Path) -> Result<(), SecurityStateError> {
+    // Remove LMDB-related files.
+    let db = path.join("data.mdb");
+    unconditionally_remove_file(&db)?;
+    let lock = path.join("lock.mdb");
+    unconditionally_remove_file(&lock)?;
+
+    // Remove SafeMode-related files.
+    let db = path.join("data.safe.bin");
+    unconditionally_remove_file(&db)?;
+
+    Ok(())
+}
+
+// Helper function to read stash information from the given reader and insert the results into the
+// given stash map.
+fn load_crlite_stash_from_reader_into_map(
+    reader: &mut dyn Read,
+    dest: &mut HashMap<Vec<u8>, HashSet<Vec<u8>>>,
+) -> Result<(), SecurityStateError> {
+    // The basic unit of the stash file is an issuer subject public key info
+    // hash (sha-256) followed by a number of serial numbers corresponding
+    // to revoked certificates issued by that issuer. More specifically,
+    // each unit consists of:
+    //   4 bytes little-endian: the number of serial numbers following the issuer spki hash
+    //   1 byte: the length of the issuer spki hash
+    //   issuer spki hash length bytes: the issuer spki hash
+    //   as many times as the indicated serial numbers:
+    //     1 byte: the length of the serial number
+    //     serial number length bytes: the serial number
+    // The stash file consists of any number of these units concatenated
+    // together.
+    loop {
+        let num_serials = match reader.read_u32::<LittleEndian>() {
+            Ok(num_serials) => num_serials,
+            Err(_) => break, // end of input, presumably
+        };
+        let issuer_spki_hash_len = reader.read_u8().map_err(|e| {
+            SecurityStateError::from(format!("error reading stash issuer_spki_hash_len: {}", e))
+        })?;
+        let mut issuer_spki_hash = vec![0; issuer_spki_hash_len as usize];
+        reader.read_exact(&mut issuer_spki_hash).map_err(|e| {
+            SecurityStateError::from(format!("error reading stash issuer_spki_hash: {}", e))
+        })?;
+        let serials = dest.entry(issuer_spki_hash).or_insert(HashSet::new());
+        for _ in 0..num_serials {
+            let serial_len = reader.read_u8().map_err(|e| {
+                SecurityStateError::from(format!("error reading stash serial_len: {}", e))
+            })?;
+            let mut serial = vec![0; serial_len as usize];
+            reader.read_exact(&mut serial).map_err(|e| {
+                SecurityStateError::from(format!("error reading stash serial: {}", e))
+            })?;
+            let _ = serials.insert(serial);
+        }
+    }
+    Ok(())
+}
+
+// This is a helper struct that implements the task that asynchronously reads the CRLite stash on a
+// background thread.
+struct BackgroundReadStashTask {
+    profile_path: PathBuf,
+    security_state: Arc<RwLock<SecurityState>>,
+}
+
+impl BackgroundReadStashTask {
+    fn new(
+        profile_path: PathBuf,
+        security_state: &Arc<RwLock<SecurityState>>,
+    ) -> BackgroundReadStashTask {
+        BackgroundReadStashTask {
+            profile_path,
+            security_state: Arc::clone(security_state),
+        }
+    }
+}
+
+impl Task for BackgroundReadStashTask {
+    fn run(&self) {
+        let mut path = match get_store_path(&self.profile_path) {
+            Ok(path) => path,
+            Err(e) => {
+                error!("error getting security_state path: {}", e.message);
+                return;
+            }
+        };
+        path.push("crlite.stash");
+        // Before we've downloaded any stashes, this file won't exist.
+        if !path.exists() {
+            return;
+        }
+        let stash_file = match File::open(path) {
+            Ok(file) => file,
+            Err(e) => {
+                error!("error opening stash file: {}", e);
+                return;
+            }
+        };
+        let mut stash_reader = BufReader::new(stash_file);
+        let mut crlite_stash = HashMap::new();
+        match load_crlite_stash_from_reader_into_map(&mut stash_reader, &mut crlite_stash) {
+            Ok(()) => {}
+            Err(e) => {
+                error!("error loading crlite stash: {}", e.message);
+                return;
+            }
+        }
+        let mut ss = match self.security_state.write() {
+            Ok(ss) => ss,
+            Err(_) => return,
+        };
+        match ss.crlite_stash.replace(crlite_stash) {
+            Some(_) => {
+                error!("replacing existing crlite stash when reading for the first time?");
+                return;
+            }
+            None => {}
+        }
+    }
+
+    fn done(&self) -> Result<(), nsresult> {
+        Ok(())
+    }
+}
+
+fn do_construct_cert_storage(
+    iid: *const xpcom::nsIID,
+    result: *mut *mut xpcom::reexports::libc::c_void,
+) -> Result<(), nserror::nsresult> {
+    let path_buf = get_profile_path()?;
+    let security_state = Arc::new(RwLock::new(SecurityState::new(path_buf.clone())));
+    let cert_storage = CertStorage::allocate(InitCertStorage {
+        security_state: security_state.clone(),
+        queue: create_background_task_queue(cstr!("cert_storage"))?,
+    });
+    let memory_reporter = MemoryReporter::allocate(InitMemoryReporter { security_state });
+
+    // Dispatch a task to the background task queue to asynchronously read the CRLite stash file (if
+    // present) and load it into cert_storage. This task does not hold the
+    // cert_storage.security_state mutex for the majority of its operation, which allows certificate
+    // verification threads to query cert_storage without blocking. This is important for
+    // performance, but it means that certificate verifications that happen before the task has
+    // completed will not have stash information, and thus may not know of revocations that have
+    // occurred since the last full CRLite filter was downloaded. As long as the last full filter
+    // was downloaded no more than 10 days ago, this is no worse than relying on OCSP responses,
+    // which have a maximum validity of 10 days.
+    // NB: because the background task queue is serial, this task will complete before other tasks
+    // later dispatched to the queue run. This means that other tasks that interact with the stash
+    // will do so with the correct set of preconditions.
+    let load_crlite_stash_task = Box::new(BackgroundReadStashTask::new(
+        path_buf,
+        &cert_storage.security_state,
+    ));
+    let runnable = TaskRunnable::new("LoadCrliteStash", load_crlite_stash_task)?;
+    TaskRunnable::dispatch(runnable, cert_storage.queue.coerce())?;
+
+    if let Some(reporter) = memory_reporter.query_interface::<nsIMemoryReporter>() {
+        if let Some(reporter_manager) = xpcom::get_service::<nsIMemoryReporterManager>(cstr!(
+            "@mozilla.org/memory-reporter-manager;1"
+        )) {
+            unsafe { reporter_manager.RegisterStrongReporter(&*reporter) };
+        }
+    }
+
+    unsafe { cert_storage.QueryInterface(iid, result).to_result() }
+}
+
+// This is a helper for creating a task that will perform a specific action on a background thread.
+struct SecurityStateTask<
+    T: Default + VariantType,
+    F: FnOnce(&mut SecurityState) -> Result<T, SecurityStateError>,
+> {
+    callback: AtomicCell<Option<ThreadBoundRefPtr<nsICertStorageCallback>>>,
+    security_state: Arc<RwLock<SecurityState>>,
+    result: AtomicCell<(nserror::nsresult, T)>,
+    task_action: AtomicCell<Option<F>>,
+}
+
+impl<T: Default + VariantType, F: FnOnce(&mut SecurityState) -> Result<T, SecurityStateError>>
+    SecurityStateTask<T, F>
+{
+    fn new(
+        callback: &nsICertStorageCallback,
+        security_state: &Arc<RwLock<SecurityState>>,
+        task_action: F,
+    ) -> Result<SecurityStateTask<T, F>, nsresult> {
+        let mut ss = security_state.write().or(Err(NS_ERROR_FAILURE))?;
+        ss.remaining_ops = ss.remaining_ops.wrapping_add(1);
+
+        Ok(SecurityStateTask {
+            callback: AtomicCell::new(Some(ThreadBoundRefPtr::new(RefPtr::new(callback)))),
+            security_state: Arc::clone(security_state),
+            result: AtomicCell::new((NS_ERROR_FAILURE, T::default())),
+            task_action: AtomicCell::new(Some(task_action)),
+        })
+    }
+}
+
+impl<T: Default + VariantType, F: FnOnce(&mut SecurityState) -> Result<T, SecurityStateError>> Task
+    for SecurityStateTask<T, F>
+{
+    fn run(&self) {
+        let mut ss = match self.security_state.write() {
+            Ok(ss) => ss,
+            Err(_) => return,
+        };
+        // this is a no-op if the DB is already open
+        if ss.open_db().is_err() {
+            return;
+        }
+        if let Some(task_action) = self.task_action.swap(None) {
+            let rv = task_action(&mut ss)
+                .and_then(|v| Ok((NS_OK, v)))
+                .unwrap_or((NS_ERROR_FAILURE, T::default()));
+            self.result.store(rv);
+        }
+    }
+
+    fn done(&self) -> Result<(), nsresult> {
+        let threadbound = self.callback.swap(None).ok_or(NS_ERROR_FAILURE)?;
+        let callback = threadbound.get_ref().ok_or(NS_ERROR_FAILURE)?;
+        let result = self.result.swap((NS_ERROR_FAILURE, T::default()));
+        let variant = result.1.into_variant();
+        let nsrv = unsafe { callback.Done(result.0, &*variant) };
+
+        let mut ss = self.security_state.write().or(Err(NS_ERROR_FAILURE))?;
+        ss.remaining_ops = ss.remaining_ops.wrapping_sub(1);
+
+        match nsrv {
+            NS_OK => Ok(()),
+            e => Err(e),
+        }
+    }
+}
+
+#[no_mangle]
+pub extern "C" fn cert_storage_constructor(
+    iid: *const xpcom::nsIID,
+    result: *mut *mut xpcom::reexports::libc::c_void,
+) -> nserror::nsresult {
+    if !is_main_thread() {
+        return NS_ERROR_NOT_SAME_THREAD;
+    }
+    match do_construct_cert_storage(iid, result) {
+        Ok(()) => NS_OK,
+        Err(e) => e,
+    }
+}
+
+macro_rules! try_ns {
+    ($e:expr) => {
+        match $e {
+            Ok(value) => value,
+            Err(_) => return NS_ERROR_FAILURE,
+        }
+    };
+    ($e:expr, or continue) => {
+        match $e {
+            Ok(value) => value,
+            Err(err) => {
+                error!("{}", err);
+                continue;
+            }
+        }
+    };
+}
+
+// This macro is a way to ensure the DB has been opened while minimizing lock acquisitions in the
+// common (read-only) case. First we acquire a read lock and see if we even need to open the DB. If
+// not, we can continue with the read lock we already have. Otherwise, we drop the read lock,
+// acquire the write lock, open the DB, drop the write lock, and re-acquire the read lock. While it
+// is possible for two or more threads to all come to the conclusion that they need to open the DB,
+// this isn't ultimately an issue - `open_db` will exit early if another thread has already done the
+// work.
+macro_rules! get_security_state {
+    ($self:expr) => {{
+        let ss_read_only = try_ns!($self.security_state.read());
+        if !ss_read_only.db_needs_opening() {
+            ss_read_only
+        } else {
+            drop(ss_read_only);
+            {
+                let mut ss_write = try_ns!($self.security_state.write());
+                try_ns!(ss_write.open_db());
+            }
+            try_ns!($self.security_state.read())
+        }
+    }};
+}
+
+#[xpcom(implement(nsICertStorage), atomic)]
+struct CertStorage {
+    security_state: Arc<RwLock<SecurityState>>,
+    queue: RefPtr<nsISerialEventTarget>,
+}
+
+/// CertStorage implements the nsICertStorage interface. The actual work is done by the
+/// SecurityState. To handle any threading issues, we have an atomic-refcounted read/write lock on
+/// the one and only SecurityState. So, only one thread can use SecurityState's &mut self functions
+/// at a time, while multiple threads can use &self functions simultaneously (as long as there are
+/// no threads using an &mut self function). The Arc is to allow for the creation of background
+/// tasks that use the SecurityState on the queue owned by CertStorage. This allows us to not block
+/// the main thread.
+#[allow(non_snake_case)]
+impl CertStorage {
+    unsafe fn HasPriorData(
+        &self,
+        data_type: u8,
+        callback: *const nsICertStorageCallback,
+    ) -> nserror::nsresult {
+        if !is_main_thread() {
+            return NS_ERROR_NOT_SAME_THREAD;
+        }
+        if callback.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let task = Box::new(try_ns!(SecurityStateTask::new(
+            &*callback,
+            &self.security_state,
+            move |ss| ss.get_has_prior_data(data_type),
+        )));
+        let runnable = try_ns!(TaskRunnable::new("HasPriorData", task));
+        try_ns!(TaskRunnable::dispatch(runnable, self.queue.coerce()));
+        NS_OK
+    }
+
+    unsafe fn GetRemainingOperationCount(&self, state: *mut i32) -> nserror::nsresult {
+        if !is_main_thread() {
+            return NS_ERROR_NOT_SAME_THREAD;
+        }
+        if state.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let ss = try_ns!(self.security_state.read());
+        *state = ss.remaining_ops;
+        NS_OK
+    }
+
+    unsafe fn SetRevocations(
+        &self,
+        revocations: *const ThinVec<Option<RefPtr<nsIRevocationState>>>,
+        callback: *const nsICertStorageCallback,
+    ) -> nserror::nsresult {
+        if !is_main_thread() {
+            return NS_ERROR_NOT_SAME_THREAD;
+        }
+        if revocations.is_null() || callback.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+
+        let revocations = &*revocations;
+        let mut entries = Vec::with_capacity(revocations.len());
+
+        // By continuing when an nsIRevocationState attribute value is invalid,
+        // we prevent errors relating to individual blocklist entries from
+        // causing sync to fail. We will accumulate telemetry on these failures
+        // in bug 1254099.
+
+        for revocation in revocations.iter().flatten() {
+            let mut state: i16 = 0;
+            try_ns!(revocation.GetState(&mut state).to_result(), or continue);
+
+            if let Some(revocation) =
+                (*revocation).query_interface::<nsIIssuerAndSerialRevocationState>()
+            {
+                let mut issuer = nsCString::new();
+                try_ns!(revocation.GetIssuer(&mut *issuer).to_result(), or continue);
+
+                let mut serial = nsCString::new();
+                try_ns!(revocation.GetSerial(&mut *serial).to_result(), or continue);
+
+                entries.push(EncodedSecurityState::new(
+                    PREFIX_REV_IS,
+                    issuer,
+                    serial,
+                    state,
+                ));
+            } else if let Some(revocation) =
+                (*revocation).query_interface::<nsISubjectAndPubKeyRevocationState>()
+            {
+                let mut subject = nsCString::new();
+                try_ns!(revocation.GetSubject(&mut *subject).to_result(), or continue);
+
+                let mut pub_key_hash = nsCString::new();
+                try_ns!(revocation.GetPubKey(&mut *pub_key_hash).to_result(), or continue);
+
+                entries.push(EncodedSecurityState::new(
+                    PREFIX_REV_SPK,
+                    subject,
+                    pub_key_hash,
+                    state,
+                ));
+            }
+        }
+
+        let task = Box::new(try_ns!(SecurityStateTask::new(
+            &*callback,
+            &self.security_state,
+            move |ss| ss.set_batch_state(&entries, nsICertStorage::DATA_TYPE_REVOCATION),
+        )));
+        let runnable = try_ns!(TaskRunnable::new("SetRevocations", task));
+        try_ns!(TaskRunnable::dispatch(runnable, self.queue.coerce()));
+        NS_OK
+    }
+
+    unsafe fn GetRevocationState(
+        &self,
+        issuer: *const ThinVec<u8>,
+        serial: *const ThinVec<u8>,
+        subject: *const ThinVec<u8>,
+        pub_key: *const ThinVec<u8>,
+        state: *mut i16,
+    ) -> nserror::nsresult {
+        // TODO (bug 1541212): We really want to restrict this to non-main-threads only in non-test
+        // contexts, but we can't do so until bug 1406854 is fixed.
+        if issuer.is_null() || serial.is_null() || subject.is_null() || pub_key.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        *state = nsICertStorage::STATE_UNSET;
+        let ss = get_security_state!(self);
+        match ss.get_revocation_state(&*issuer, &*serial, &*subject, &*pub_key) {
+            Ok(st) => {
+                *state = st;
+                NS_OK
+            }
+            _ => NS_ERROR_FAILURE,
+        }
+    }
+
+    unsafe fn SetFullCRLiteFilter(
+        &self,
+        filter: *const ThinVec<u8>,
+        enrolled_issuers: *const ThinVec<nsCString>,
+        coverage: *const ThinVec<Option<RefPtr<nsICRLiteCoverage>>>,
+        callback: *const nsICertStorageCallback,
+    ) -> nserror::nsresult {
+        if !is_main_thread() {
+            return NS_ERROR_NOT_SAME_THREAD;
+        }
+        if filter.is_null()
+            || coverage.is_null()
+            || callback.is_null()
+            || enrolled_issuers.is_null()
+        {
+            return NS_ERROR_NULL_POINTER;
+        }
+
+        let filter_owned = (*filter).to_vec();
+        let enrolled_issuers_owned = (*enrolled_issuers).to_vec();
+
+        let coverage = &*coverage;
+        let mut coverage_entries = Vec::with_capacity(coverage.len());
+        for entry in coverage.iter().flatten() {
+            let mut b64_log_id = nsCString::new();
+            try_ns!((*entry).GetB64LogID(&mut *b64_log_id).to_result(), or continue);
+            let mut min_timestamp: u64 = 0;
+            try_ns!((*entry).GetMinTimestamp(&mut min_timestamp).to_result(), or continue);
+            let mut max_timestamp: u64 = 0;
+            try_ns!((*entry).GetMaxTimestamp(&mut max_timestamp).to_result(), or continue);
+            coverage_entries.push((b64_log_id, min_timestamp, max_timestamp));
+        }
+
+        let task = Box::new(try_ns!(SecurityStateTask::new(
+            &*callback,
+            &self.security_state,
+            move |ss| ss.set_full_crlite_filter(
+                filter_owned,
+                enrolled_issuers_owned,
+                &coverage_entries
+            ),
+        )));
+        let runnable = try_ns!(TaskRunnable::new("SetFullCRLiteFilter", task));
+        try_ns!(TaskRunnable::dispatch(runnable, self.queue.coerce()));
+        NS_OK
+    }
+
+    unsafe fn AddCRLiteStash(
+        &self,
+        stash: *const ThinVec<u8>,
+        callback: *const nsICertStorageCallback,
+    ) -> nserror::nsresult {
+        if !is_main_thread() {
+            return NS_ERROR_NOT_SAME_THREAD;
+        }
+        if stash.is_null() || callback.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let stash_owned = (*stash).to_vec();
+        let task = Box::new(try_ns!(SecurityStateTask::new(
+            &*callback,
+            &self.security_state,
+            move |ss| ss.add_crlite_stash(stash_owned),
+        )));
+        let runnable = try_ns!(TaskRunnable::new("AddCRLiteStash", task));
+        try_ns!(TaskRunnable::dispatch(runnable, self.queue.coerce()));
+        NS_OK
+    }
+
+    unsafe fn IsCertRevokedByStash(
+        &self,
+        issuer_spki: *const ThinVec<u8>,
+        serial_number: *const ThinVec<u8>,
+        is_revoked: *mut bool,
+    ) -> nserror::nsresult {
+        if issuer_spki.is_null() || serial_number.is_null() || is_revoked.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let ss = get_security_state!(self);
+        *is_revoked = match ss.is_cert_revoked_by_stash(&*issuer_spki, &*serial_number) {
+            Ok(is_revoked) => is_revoked,
+            Err(_) => return NS_ERROR_FAILURE,
+        };
+        NS_OK
+    }
+
+    unsafe fn GetCRLiteRevocationState(
+        &self,
+        issuer: *const ThinVec<u8>,
+        issuerSPKI: *const ThinVec<u8>,
+        serialNumber: *const ThinVec<u8>,
+        timestamps: *const ThinVec<Option<RefPtr<nsICRLiteTimestamp>>>,
+        state: *mut i16,
+    ) -> nserror::nsresult {
+        // TODO (bug 1541212): We really want to restrict this to non-main-threads only, but we
+        // can't do so until bug 1406854 is fixed.
+        if issuer.is_null()
+            || issuerSPKI.is_null()
+            || serialNumber.is_null()
+            || state.is_null()
+            || timestamps.is_null()
+        {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let timestamps = &*timestamps;
+        let mut timestamp_entries = Vec::with_capacity(timestamps.len());
+        for timestamp_entry in timestamps.iter().flatten() {
+            let mut log_id = ThinVec::with_capacity(32);
+            try_ns!(timestamp_entry.GetLogID(&mut log_id).to_result(), or continue);
+            let mut timestamp: u64 = 0;
+            try_ns!(timestamp_entry.GetTimestamp(&mut timestamp).to_result(), or continue);
+            timestamp_entries.push(CRLiteTimestamp { log_id, timestamp });
+        }
+        let ss = get_security_state!(self);
+        *state = ss.get_crlite_revocation_state(
+            &*issuer,
+            &*issuerSPKI,
+            &*serialNumber,
+            &timestamp_entries,
+        );
+        NS_OK
+    }
+
+    unsafe fn AddCerts(
+        &self,
+        certs: *const ThinVec<Option<RefPtr<nsICertInfo>>>,
+        callback: *const nsICertStorageCallback,
+    ) -> nserror::nsresult {
+        if !is_main_thread() {
+            return NS_ERROR_NOT_SAME_THREAD;
+        }
+        if certs.is_null() || callback.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let certs = &*certs;
+        let mut cert_entries = Vec::with_capacity(certs.len());
+        for cert in certs.iter().flatten() {
+            let mut der = nsCString::new();
+            try_ns!((*cert).GetCert(&mut *der).to_result(), or continue);
+            let mut subject = nsCString::new();
+            try_ns!((*cert).GetSubject(&mut *subject).to_result(), or continue);
+            let mut trust: i16 = 0;
+            try_ns!((*cert).GetTrust(&mut trust).to_result(), or continue);
+            cert_entries.push((der, subject, trust));
+        }
+        let task = Box::new(try_ns!(SecurityStateTask::new(
+            &*callback,
+            &self.security_state,
+            move |ss| ss.add_certs(&cert_entries),
+        )));
+        let runnable = try_ns!(TaskRunnable::new("AddCerts", task));
+        try_ns!(TaskRunnable::dispatch(runnable, self.queue.coerce()));
+        NS_OK
+    }
+
+    unsafe fn RemoveCertsByHashes(
+        &self,
+        hashes: *const ThinVec<nsCString>,
+        callback: *const nsICertStorageCallback,
+    ) -> nserror::nsresult {
+        if !is_main_thread() {
+            return NS_ERROR_NOT_SAME_THREAD;
+        }
+        if hashes.is_null() || callback.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let hashes = (*hashes).to_vec();
+        let task = Box::new(try_ns!(SecurityStateTask::new(
+            &*callback,
+            &self.security_state,
+            move |ss| ss.remove_certs_by_hashes(&hashes),
+        )));
+        let runnable = try_ns!(TaskRunnable::new("RemoveCertsByHashes", task));
+        try_ns!(TaskRunnable::dispatch(runnable, self.queue.coerce()));
+        NS_OK
+    }
+
+    unsafe fn FindCertsBySubject(
+        &self,
+        subject: *const ThinVec<u8>,
+        certs: *mut ThinVec<ThinVec<u8>>,
+    ) -> nserror::nsresult {
+        // TODO (bug 1541212): We really want to restrict this to non-main-threads only, but we
+        // can't do so until bug 1406854 is fixed.
+        if subject.is_null() || certs.is_null() {
+            return NS_ERROR_NULL_POINTER;
+        }
+        let ss = get_security_state!(self);
+        match ss.find_certs_by_subject(&*subject, &mut *certs) {
+            Ok(()) => NS_OK,
+            Err(_) => NS_ERROR_FAILURE,
+        }
+    }
+}
+
+extern "C" {
+    fn cert_storage_malloc_size_of(ptr: *const xpcom::reexports::libc::c_void) -> usize;
+}
+
+#[xpcom(implement(nsIMemoryReporter), atomic)]
+struct MemoryReporter {
+    security_state: Arc<RwLock<SecurityState>>,
+}
+
+#[allow(non_snake_case)]
+impl MemoryReporter {
+    unsafe fn CollectReports(
+        &self,
+        callback: *const nsIHandleReportCallback,
+        data: *const nsISupports,
+        _anonymize: bool,
+    ) -> nserror::nsresult {
+        let ss = try_ns!(self.security_state.read());
+        let mut ops = MallocSizeOfOps::new(cert_storage_malloc_size_of, None);
+        let size = ss.size_of(&mut ops);
+        let callback = match RefPtr::from_raw(callback) {
+            Some(ptr) => ptr,
+            None => return NS_ERROR_UNEXPECTED,
+        };
+        // This does the same as MOZ_COLLECT_REPORT
+        callback.Callback(
+            &nsCStr::new() as &nsACString,
+            &nsCStr::from("explicit/cert-storage/storage") as &nsACString,
+            nsIMemoryReporter::KIND_HEAP,
+            nsIMemoryReporter::UNITS_BYTES,
+            size as i64,
+            &nsCStr::from("Memory used by certificate storage") as &nsACString,
+            data,
+        );
+        NS_OK
+    }
+}
diff --git a/security/manager/ssl/components.conf b/security/manager/ssl/components.conf
new file mode 100644
index 0000000000..b7b3e135be
--- /dev/null
+++ b/security/manager/ssl/components.conf
@@ -0,0 +1,143 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Headers = [
+    '/security/manager/ssl/nsNSSModule.h',
+]
+
+Classes = [
+    {
+        'cid': '{4cb64dfd-ca98-4e24-befd-0d9285a33bcb}',
+        'contract_ids': ['@mozilla.org/psm;1'],
+        'type': 'nsNSSComponent',
+        'headers': ['nsNSSComponent.h'],
+        'init_method': 'Init',
+    },
+    {
+        'cid': '{9ef18451-a157-4d17-8132-47afef213689}',
+        'contract_ids': ['@mozilla.org/nss_errors_service;1'],
+        'type': 'mozilla::psm::NSSErrorsService',
+        'headers': ['NSSErrorsService.h'],
+        'init_method': 'Init',
+    },
+    {
+        'cid': '{23ad3531-11d2-4e8e-805a-6a752e91681a}',
+        'contract_ids': ['@mozilla.org/security/nssversion;1'],
+        'type': 'nsNSSVersion',
+        'headers': ['/security/manager/ssl/nsNSSVersion.h'],
+    },
+    {
+        'cid': '{0c4f1ddc-1dd2-11b2-9d95-f2fdf113044b}',
+        'contract_ids': ['@mozilla.org/security/sdr;1'],
+        'type': 'SecretDecoderRing',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<SecretDecoderRing>',
+    },
+    {
+        'cid': '{b084a2ce-1dd1-11b2-bf10-8324f8e065cc}',
+        'contract_ids': ['@mozilla.org/security/pk11tokendb;1'],
+        'type': 'nsPK11TokenDB',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<nsPK11TokenDB>',
+    },
+    {
+        'cid': '{ff9fbcd7-9517-4334-b97a-ceed78909974}',
+        'contract_ids': ['@mozilla.org/security/pkcs11moduledb;1'],
+        'type': 'mozilla::psm::PKCS11ModuleDB',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<mozilla::psm::PKCS11ModuleDB>',
+    },
+    {
+        'cid': '{660a3226-915c-4ffb-bb20-8985a632df05}',
+        'contract_ids': [],
+        'type': 'nsNSSCertificate',
+        'headers': ['nsNSSCertificate.h'],
+    },
+    {
+        'cid': '{fb0bbc5c-452e-4783-b32c-80124693d871}',
+        'contract_ids': ['@mozilla.org/security/x509certdb;1'],
+        'type': 'nsNSSCertificateDB',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<nsNSSCertificateDB>',
+    },
+    {
+        'cid': '{1dbc6eb6-0972-4bdb-9dc4-acd0abf72369}',
+        'contract_ids': ['@mozilla.org/security/clientAuthRememberService;1'],
+        'type': 'nsClientAuthRememberService',
+        'headers': ['nsClientAuthRemember.h'],
+        'init_method': 'Init',
+    },
+    {
+        'cid': '{36a1d3b3-d886-4317-96ff-87b0005cfef7}',
+        'contract_ids': ['@mozilla.org/security/hash;1'],
+        'headers': ['/security/manager/ssl/crypto_hash/crypto_hash.h'],
+        'legacy_constructor': 'crypto_hash_constructor',
+    },
+    {
+        'cid': '{45a5fe2f-c350-4b86-962d-02d5aaaa955a}',
+        'contract_ids': ['@mozilla.org/security/contentsignatureverifier;1'],
+        'type': 'ContentSignatureVerifier',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<ContentSignatureVerifier>',
+    },
+    {
+        'cid': '{67ba681d-5485-4fff-952c-2ee337ffdcd6}',
+        'contract_ids': ['@mozilla.org/security/certoverride;1'],
+        'type': 'nsCertOverrideService',
+        'headers': ['/security/manager/ssl/nsCertOverrideService.h'],
+        'init_method': 'Init',
+    },
+    {
+        'cid': '{be65e2b7-fe46-4e0f-88e0-4b385db4d68a}',
+        'contract_ids': ['@mozilla.org/security/random-generator;1'],
+        'type': 'nsRandomGenerator',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<nsRandomGenerator>',
+    },
+    {
+        'cid': '{16786594-0296-4471-8096-8f84497ca428}',
+        'contract_ids': ['@mozilla.org/security/transportsecurityinfo;1'],
+        'type': 'mozilla::psm::TransportSecurityInfo',
+    },
+    {
+        'cid': '{16955eee-6c48-4152-9309-c42a465138a1}',
+        'contract_ids': ['@mozilla.org/ssservice;1'],
+        'type': 'nsSiteSecurityService',
+        'headers': ['/security/manager/ssl/nsSiteSecurityService.h'],
+        'init_method': 'Init',
+        'processes': ProcessSelector.MAIN_PROCESS_ONLY,
+    },
+    {
+        'cid': '{57972956-5718-42d2-8070-b3fc72212eaf}',
+        'contract_ids': ['@mozilla.org/security/oskeystore;1'],
+        'type': 'OSKeyStore',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<OSKeyStore>',
+    },
+    {
+        'cid': '{4fe082ae-6ff0-4b41-b24f-eaa664f6e46a}',
+        'contract_ids': ['@mozilla.org/security/osreauthenticator;1'],
+        'type': 'OSReauthenticator',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<OSReauthenticator>',
+    },
+    {
+        'cid': '{16e5c837-f877-4e23-9c64-eddf905e30e6}',
+        'contract_ids': ['@mozilla.org/security/certstorage;1'],
+        'headers': ['/security/manager/ssl/cert_storage/src/cert_storage.h'],
+        'legacy_constructor': 'cert_storage_constructor',
+    },
+    {
+        'cid': '{f64432b9-e8c6-41b4-b2da-8eb004344bba}',
+        'contract_ids': ['@mozilla.org/security/publickeypinningservice;1'],
+        'type': 'psm::PublicKeyPinningService',
+        'headers': ['/security/manager/ssl/PublicKeyPinningService.h'],
+    },
+    {
+        'cid': '{4ea60761-31d6-491d-9e34-4b53a26c416c}',
+        'contract_ids': ['@mozilla.org/security/nsCertTree;1'],
+        'type': 'nsCertTree',
+        'legacy_constructor': 'mozilla::psm::NSSConstructor<nsCertTree>',
+    },
+    {
+        'cid': '{9676cfc4-6e84-11ec-a30d-d3cd0af86e01}',
+        'contract_ids': ['@mozilla.org/security/CRLiteTimestamp;1'],
+        'type': 'mozilla::psm::CRLiteTimestamp',
+        'headers': ['/security/certverifier/CRLiteTimestamp.h'],
+    },
+]
diff --git a/security/manager/ssl/content-signature-local.crt b/security/manager/ssl/content-signature-local.crt
new file mode 100644
index 0000000000..2acff7d7d6
Binary files /dev/null and b/security/manager/ssl/content-signature-local.crt differ
diff --git a/security/manager/ssl/content-signature-prod.crt b/security/manager/ssl/content-signature-prod.crt
new file mode 100644
index 0000000000..6ab711b996
Binary files /dev/null and b/security/manager/ssl/content-signature-prod.crt differ
diff --git a/security/manager/ssl/content-signature-stage.crt b/security/manager/ssl/content-signature-stage.crt
new file mode 100644
index 0000000000..38d36cb3f4
Binary files /dev/null and b/security/manager/ssl/content-signature-stage.crt differ
diff --git a/security/manager/ssl/crashtests/398665-1.html b/security/manager/ssl/crashtests/398665-1.html
new file mode 100644
index 0000000000..85afb1137f
--- /dev/null
+++ b/security/manager/ssl/crashtests/398665-1.html
@@ -0,0 +1 @@
+<html><body><keygen></keygen></body></html>
diff --git a/security/manager/ssl/crashtests/crashtests.list b/security/manager/ssl/crashtests/crashtests.list
new file mode 100644
index 0000000000..fbc5b85043
--- /dev/null
+++ b/security/manager/ssl/crashtests/crashtests.list
@@ -0,0 +1 @@
+load 398665-1.html
diff --git a/security/manager/ssl/crypto_hash/Cargo.toml b/security/manager/ssl/crypto_hash/Cargo.toml
new file mode 100644
index 0000000000..8d5e3f1c19
--- /dev/null
+++ b/security/manager/ssl/crypto_hash/Cargo.toml
@@ -0,0 +1,23 @@
+[package]
+name = "crypto_hash"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+base64 = "0.21"
+digest = "0.10.2"
+libc = "0.2"
+md-5 = "0.10.2"
+nserror = { path = "../../../../xpcom/rust/nserror" }
+nsstring = { path = "../../../../xpcom/rust/nsstring" }
+sha1 = "0.10.2"
+xpcom = { path = "../../../../xpcom/rust/xpcom" }
+
+# bug 1838108: on Windows 7 pre-SP1, AVX instructions are disabled, even though
+# they might be supported by the processor. cpufeatures doesn't take this into
+# account, so the assembly implementation causes illegal instruction crashes.
+# As a workaround for now, use the non-assembly implementation.
+[target.'cfg(windows)'.dependencies]
+sha2 = { version = "0.10.2", features = ["force-soft"]}
+[target.'cfg(not(windows))'.dependencies]
+sha2 = "0.10.2"
diff --git a/security/manager/ssl/crypto_hash/crypto_hash.h b/security/manager/ssl/crypto_hash/crypto_hash.h
new file mode 100644
index 0000000000..a85993b041
--- /dev/null
+++ b/security/manager/ssl/crypto_hash/crypto_hash.h
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsICryptoHash.h"
+
+extern "C" {
+nsresult crypto_hash_constructor(REFNSIID iid, void** result);
+};
+
+nsresult NS_NewCryptoHash(uint32_t aHashType, nsICryptoHash** aOutHasher) {
+  MOZ_ASSERT(aOutHasher);
+
+  nsCOMPtr<nsICryptoHash> hasher;
+  nsresult rv =
+      crypto_hash_constructor(NS_ICRYPTOHASH_IID, getter_AddRefs(hasher));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = hasher->Init(aHashType);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  hasher.forget(aOutHasher);
+
+  return NS_OK;
+}
+
+nsresult NS_NewCryptoHash(const nsACString& aHashType,
+                          nsICryptoHash** aOutHasher) {
+  MOZ_ASSERT(aOutHasher);
+
+  nsCOMPtr<nsICryptoHash> hasher;
+  nsresult rv =
+      crypto_hash_constructor(NS_ICRYPTOHASH_IID, getter_AddRefs(hasher));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = hasher->InitWithString(aHashType);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  hasher.forget(aOutHasher);
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/crypto_hash/src/lib.rs b/security/manager/ssl/crypto_hash/src/lib.rs
new file mode 100644
index 0000000000..9303f3cfd9
--- /dev/null
+++ b/security/manager/ssl/crypto_hash/src/lib.rs
@@ -0,0 +1,177 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+extern crate base64;
+extern crate digest;
+extern crate libc;
+extern crate md5;
+extern crate nsstring;
+extern crate sha1;
+extern crate sha2;
+#[macro_use]
+extern crate xpcom;
+
+use base64::Engine;
+use digest::{Digest, DynDigest};
+use nserror::{
+    nsresult, NS_ERROR_FAILURE, NS_ERROR_INVALID_ARG, NS_ERROR_NOT_AVAILABLE,
+    NS_ERROR_NOT_INITIALIZED, NS_OK,
+};
+use nsstring::{nsACString, nsCString};
+use xpcom::interfaces::{nsICryptoHash, nsIInputStream};
+use xpcom::xpcom_method;
+
+use std::borrow::Borrow;
+use std::sync::Mutex;
+
+enum Algorithm {
+    Md5,
+    Sha1,
+    Sha256,
+    Sha384,
+    Sha512,
+}
+
+impl TryFrom<u32> for Algorithm {
+    type Error = nsresult;
+
+    fn try_from(value: u32) -> Result<Self, Self::Error> {
+        match value {
+            nsICryptoHash::MD5 => Ok(Algorithm::Md5),
+            nsICryptoHash::SHA1 => Ok(Algorithm::Sha1),
+            nsICryptoHash::SHA256 => Ok(Algorithm::Sha256),
+            nsICryptoHash::SHA384 => Ok(Algorithm::Sha384),
+            nsICryptoHash::SHA512 => Ok(Algorithm::Sha512),
+            _ => Err(NS_ERROR_INVALID_ARG),
+        }
+    }
+}
+
+impl TryFrom<&nsACString> for Algorithm {
+    type Error = nsresult;
+
+    fn try_from(value: &nsACString) -> Result<Self, Self::Error> {
+        match value.to_utf8().borrow() {
+            "md5" => Ok(Algorithm::Md5),
+            "sha1" => Ok(Algorithm::Sha1),
+            "sha256" => Ok(Algorithm::Sha256),
+            "sha384" => Ok(Algorithm::Sha384),
+            "sha512" => Ok(Algorithm::Sha512),
+            _ => Err(NS_ERROR_INVALID_ARG),
+        }
+    }
+}
+
+#[xpcom(implement(nsICryptoHash), atomic)]
+struct CryptoHash {
+    digest: Mutex<Option<Box<dyn DynDigest>>>,
+}
+
+impl CryptoHash {
+    xpcom_method!(init => Init(algorithm: u32));
+    fn init(&self, algorithm: u32) -> Result<(), nsresult> {
+        let algorithm = algorithm.try_into()?;
+        self.init_with_algorithm(algorithm)
+    }
+
+    xpcom_method!(init_with_string => InitWithString(algorithm: *const nsACString));
+    fn init_with_string(&self, algorithm: &nsACString) -> Result<(), nsresult> {
+        let algorithm = algorithm.try_into()?;
+        self.init_with_algorithm(algorithm)
+    }
+
+    fn init_with_algorithm(&self, algorithm: Algorithm) -> Result<(), nsresult> {
+        let digest = match algorithm {
+            Algorithm::Md5 => Box::new(md5::Md5::new()) as Box<dyn DynDigest>,
+            Algorithm::Sha1 => Box::new(sha1::Sha1::new()) as Box<dyn DynDigest>,
+            Algorithm::Sha256 => Box::new(sha2::Sha256::new()) as Box<dyn DynDigest>,
+            Algorithm::Sha384 => Box::new(sha2::Sha384::new()) as Box<dyn DynDigest>,
+            Algorithm::Sha512 => Box::new(sha2::Sha512::new()) as Box<dyn DynDigest>,
+        };
+        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
+        if let Some(_expected_none_digest) = (*guard).replace(digest) {
+            return Err(NS_ERROR_FAILURE);
+        }
+        Ok(())
+    }
+
+    xpcom_method!(update => Update(data: *const u8, len: u32));
+    fn update(&self, data: *const u8, len: u32) -> Result<(), nsresult> {
+        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
+        let digest = match (*guard).as_mut() {
+            Some(digest) => digest,
+            None => return Err(NS_ERROR_NOT_INITIALIZED),
+        };
+        // Safety: this is safe as long as xpcom gave us valid arguments.
+        let data = unsafe {
+            std::slice::from_raw_parts(data, len.try_into().map_err(|_| NS_ERROR_INVALID_ARG)?)
+        };
+        digest.update(data);
+        Ok(())
+    }
+
+    xpcom_method!(update_from_stream => UpdateFromStream(stream: *const nsIInputStream, len: u32));
+    fn update_from_stream(&self, stream: &nsIInputStream, len: u32) -> Result<(), nsresult> {
+        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
+        let digest = match (*guard).as_mut() {
+            Some(digest) => digest,
+            None => return Err(NS_ERROR_NOT_INITIALIZED),
+        };
+        let mut available = 0u64;
+        unsafe { stream.Available(&mut available as *mut u64).to_result()? };
+        let mut to_read = if len == u32::MAX { available } else { len as u64 };
+        if available == 0 || available < to_read {
+            return Err(NS_ERROR_NOT_AVAILABLE);
+        }
+        let mut buf = vec![0u8; 4096];
+        let buf_len = buf.len() as u64;
+        while to_read > 0 {
+            let chunk_len = if to_read >= buf_len { buf_len as u32 } else { to_read as u32 };
+            let mut read = 0u32;
+            unsafe {
+                stream
+                    .Read(
+                        buf.as_mut_ptr() as *mut libc::c_char,
+                        chunk_len,
+                        &mut read as *mut u32,
+                    )
+                    .to_result()?
+            };
+            if read > chunk_len {
+                return Err(NS_ERROR_FAILURE);
+            }
+            digest.update(&buf[0..read.try_into().map_err(|_| NS_ERROR_FAILURE)?]);
+            to_read -= read as u64;
+        }
+        Ok(())
+    }
+
+    xpcom_method!(finish => Finish(ascii: bool) -> nsACString);
+    fn finish(&self, ascii: bool) -> Result<nsCString, nsresult> {
+        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
+        let digest = match (*guard).take() {
+            Some(digest) => digest,
+            None => return Err(NS_ERROR_NOT_INITIALIZED),
+        };
+        let result = digest.finalize();
+        if ascii {
+            Ok(nsCString::from(
+                base64::engine::general_purpose::STANDARD.encode(result),
+            ))
+        } else {
+            Ok(nsCString::from(result))
+        }
+    }
+}
+
+#[no_mangle]
+pub extern "C" fn crypto_hash_constructor(
+    iid: *const xpcom::nsIID,
+    result: *mut *mut xpcom::reexports::libc::c_void,
+) -> nserror::nsresult {
+    let crypto_hash = CryptoHash::allocate(InitCryptoHash {
+        digest: Mutex::new(None),
+    });
+    unsafe { crypto_hash.QueryInterface(iid, result) }
+}
diff --git a/security/manager/ssl/gen_cert_header.py b/security/manager/ssl/gen_cert_header.py
new file mode 100644
index 0000000000..a141a9b54b
--- /dev/null
+++ b/security/manager/ssl/gen_cert_header.py
@@ -0,0 +1,46 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+def _file_byte_generator(filename):
+    with open(filename, "rb") as f:
+        contents = f.read()
+
+        # Treat empty files the same as a file containing a lone 0;
+        # a single-element array will fail cert verifcation just as an
+        # empty array would.
+        if not contents:
+            return ["\0"]
+
+        return contents
+
+
+def _create_header(array_name, cert_bytes):
+    hexified = ["0x%02x" % byte for byte in cert_bytes]
+
+    substs = {"array_name": array_name, "bytes": ", ".join(hexified)}
+    return "const uint8_t %(array_name)s[] = {\n%(bytes)s\n};\n" % substs
+
+
+# Create functions named the same as the data arrays that we're going to
+# write to the headers, so we don't have to duplicate the names like so:
+#
+#   def arrayName(header, cert_filename):
+#     header.write(_create_header("arrayName", cert_filename))
+array_names = [
+    "addonsPublicIntermediate",
+    "addonsPublicRoot",
+    "addonsStageRoot",
+    "contentSignatureDevRoot",
+    "contentSignatureLocalRoot",
+    "contentSignatureProdRoot",
+    "contentSignatureStageRoot",
+    "xpcshellRoot",
+]
+
+for n in array_names:
+    # Make sure the lambda captures the right string.
+    globals()[n] = lambda header, cert_filename, name=n: header.write(
+        _create_header(name, _file_byte_generator(cert_filename))
+    )
diff --git a/security/manager/ssl/ipcclientcerts/Cargo.toml b/security/manager/ssl/ipcclientcerts/Cargo.toml
new file mode 100644
index 0000000000..3ed9e61907
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/Cargo.toml
@@ -0,0 +1,15 @@
+[package]
+name = "ipcclientcerts-static"
+version = "0.1.0"
+authors = ["Dana Keeler <dkeeler@mozilla.com>"]
+edition = "2018"
+license = "MPL-2.0"
+
+[dependencies]
+byteorder = "1.3"
+pkcs11-bindings = "0.1"
+rsclientcerts = { path = "../rsclientcerts" }
+sha2 = "0.10.2"
+
+[lib]
+crate-type = ["staticlib"]
diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/ipcclientcerts.symbols b/security/manager/ssl/ipcclientcerts/dynamic-library/ipcclientcerts.symbols
new file mode 100644
index 0000000000..562ecea21d
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/ipcclientcerts.symbols
@@ -0,0 +1 @@
+C_GetFunctionList
diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/moz.build b/security/manager/ssl/ipcclientcerts/dynamic-library/moz.build
new file mode 100644
index 0000000000..7f2ab5e27f
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/moz.build
@@ -0,0 +1,40 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+USE_LIBS += ["ipcclientcerts-static"]
+
+# On Linux (but not when building for Android), this needs to use the C++
+# version to avoid linking against the wrong libc symbols.
+# On Android, this needs to use the C version to avoid multiple definitions
+# of symbols caused by their presence in libgcc and ipcclientcerts-static.
+if CONFIG["OS_ARCH"] == "Linux" and CONFIG["OS_TARGET"] != "Android":
+    SOURCES += [
+        "stub.cpp",
+    ]
+else:
+    SOURCES += [
+        "stub.c",
+    ]
+
+if CONFIG["OS_TARGET"] == "Android":
+    OS_LIBS += ["m"]
+
+if CONFIG["OS_ARCH"] == "WINNT":
+    OS_LIBS += [
+        "advapi32",
+        "userenv",
+        "ws2_32",
+    ]
+    OS_LIBS += [
+        "bcrypt",
+        "ntdll",
+    ]
+
+
+SharedLibrary("ipcclientcerts")
+
+NoVisibilityFlags()
+SYMBOLS_FILE = "ipcclientcerts.symbols"
diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/stub.c b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.c
new file mode 100644
index 0000000000..f679e5dfd4
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.c
@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+// The build system builds the rust library ipcclientcerts as a static library
+// called ipcclientcerts_static. On macOS and Windows, that static library can
+// be linked with an empty file and turned into a shared library with the
+// function C_GetFunctionList exposed. This allows that shared library to be
+// used as a PKCS#11 module (see osclientcerts).
+// Unfortunately, on Linux, exposing the C_GetFunctionList in the static
+// library doesn't work for some unknown reason. As a workaround, this file
+// declares its own C_GetFunctionList that can be exposed in the shared
+// library. It then calls the function IPCCC_GetFunctionList exposed
+// (internally to the linkage in question) by ipcclientcerts. This enables
+// the build system to ultimately turn ipcclientcerts into a shared library
+// that exposes a C_GetFunctionList function, meaning it can be used as a
+// PKCS#11 module.
+
+CK_RV IPCCC_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  return IPCCC_GetFunctionList(ppFunctionList);
+}
+
+// On MinGW there's a toolchain mismatch that results in _Unwind_Resume being
+// undefined. It's never going to get called here anyway, so this defines it to
+// satisfy the linker. See bug 1745855 and
+// https://github.com/rust-lang/rust/issues/79609#issuecomment-987107562.
+#ifdef __MINGW32__
+#  include "mozilla/Assertions.h"
+void _Unwind_Resume() { MOZ_CRASH("Unexpected call to _Unwind_*"); }
+void _Unwind_GetDataRelBase() { _Unwind_Resume(); }
+void _Unwind_GetTextRelBase() { _Unwind_Resume(); }
+void _Unwind_GetLanguageSpecificData() { _Unwind_Resume(); }
+void _Unwind_GetIPInfo() { _Unwind_Resume(); }
+void _Unwind_GetRegionStart() { _Unwind_Resume(); }
+void _Unwind_SetGR() { _Unwind_Resume(); }
+void _Unwind_SetIP() { _Unwind_Resume(); }
+void _GCC_specific_handler() { _Unwind_Resume(); }
+#endif
diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/stub.cpp b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.cpp
new file mode 100644
index 0000000000..e50f867574
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.cpp
@@ -0,0 +1,29 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+// The build system builds the rust library ipcclientcerts as a static library
+// called ipcclientcerts_static. On macOS and Windows, that static library can
+// be linked with an empty file and turned into a shared library with the
+// function C_GetFunctionList exposed. This allows that shared library to be
+// used as a PKCS#11 module (see osclientcerts).
+// Unfortunately, on Linux, exposing the C_GetFunctionList in the static
+// library doesn't work for some unknown reason. As a workaround, this file
+// declares its own C_GetFunctionList that can be exposed in the shared
+// library. It then calls the function IPCCC_GetFunctionList exposed
+// (internally to the linkage in question) by ipcclientcerts. This enables
+// the build system to ultimately turn ipcclientcerts into a shared library
+// that exposes a C_GetFunctionList function, meaning it can be used as a
+// PKCS#11 module.
+
+extern "C" {
+
+CK_RV IPCCC_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  return IPCCC_GetFunctionList(ppFunctionList);
+}
+}
diff --git a/security/manager/ssl/ipcclientcerts/moz.build b/security/manager/ssl/ipcclientcerts/moz.build
new file mode 100644
index 0000000000..1d24bdea31
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/moz.build
@@ -0,0 +1,9 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ["dynamic-library"]
+
+RustLibrary("ipcclientcerts-static")
diff --git a/security/manager/ssl/ipcclientcerts/src/backend.rs b/security/manager/ssl/ipcclientcerts/src/backend.rs
new file mode 100644
index 0000000000..534eecd47e
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/src/backend.rs
@@ -0,0 +1,373 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use pkcs11_bindings::*;
+use rsclientcerts::error::{Error, ErrorType};
+use rsclientcerts::manager::{ClientCertsBackend, CryptokiObject, Sign, SlotType};
+use rsclientcerts::util::*;
+use sha2::{Digest, Sha256};
+use std::ffi::c_void;
+
+use crate::FindObjectsFunction;
+use crate::SignFunction;
+
+pub struct Cert {
+    class: Vec<u8>,
+    token: Vec<u8>,
+    id: Vec<u8>,
+    label: Vec<u8>,
+    value: Vec<u8>,
+    issuer: Vec<u8>,
+    serial_number: Vec<u8>,
+    subject: Vec<u8>,
+    slot_type: SlotType,
+}
+
+impl Cert {
+    fn new(der: &[u8], slot_type: SlotType) -> Result<Cert, Error> {
+        let (serial_number, issuer, subject) = read_encoded_certificate_identifiers(der)?;
+        let id = Sha256::digest(der).to_vec();
+        Ok(Cert {
+            class: serialize_uint(CKO_CERTIFICATE)?,
+            token: serialize_uint(CK_TRUE)?,
+            id,
+            label: b"IPC certificate".to_vec(),
+            value: der.to_vec(),
+            issuer,
+            serial_number,
+            subject,
+            slot_type,
+        })
+    }
+
+    fn class(&self) -> &[u8] {
+        &self.class
+    }
+
+    fn token(&self) -> &[u8] {
+        &self.token
+    }
+
+    fn id(&self) -> &[u8] {
+        &self.id
+    }
+
+    fn label(&self) -> &[u8] {
+        &self.label
+    }
+
+    fn value(&self) -> &[u8] {
+        &self.value
+    }
+
+    fn issuer(&self) -> &[u8] {
+        &self.issuer
+    }
+
+    fn serial_number(&self) -> &[u8] {
+        &self.serial_number
+    }
+
+    fn subject(&self) -> &[u8] {
+        &self.subject
+    }
+}
+
+impl CryptokiObject for Cert {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool {
+        if self.slot_type != slot_type {
+            return false;
+        }
+        for (attr_type, attr_value) in attrs {
+            let comparison = match *attr_type {
+                CKA_CLASS => self.class(),
+                CKA_TOKEN => self.token(),
+                CKA_LABEL => self.label(),
+                CKA_ID => self.id(),
+                CKA_VALUE => self.value(),
+                CKA_ISSUER => self.issuer(),
+                CKA_SERIAL_NUMBER => self.serial_number(),
+                CKA_SUBJECT => self.subject(),
+                _ => return false,
+            };
+            if attr_value.as_slice() != comparison {
+                return false;
+            }
+        }
+        true
+    }
+
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]> {
+        let result = match attribute {
+            CKA_CLASS => self.class(),
+            CKA_TOKEN => self.token(),
+            CKA_LABEL => self.label(),
+            CKA_ID => self.id(),
+            CKA_VALUE => self.value(),
+            CKA_ISSUER => self.issuer(),
+            CKA_SERIAL_NUMBER => self.serial_number(),
+            CKA_SUBJECT => self.subject(),
+            _ => return None,
+        };
+        Some(result)
+    }
+}
+
+pub struct Key {
+    cert: Vec<u8>,
+    class: Vec<u8>,
+    token: Vec<u8>,
+    id: Vec<u8>,
+    private: Vec<u8>,
+    key_type: Vec<u8>,
+    modulus: Option<Vec<u8>>,
+    ec_params: Option<Vec<u8>>,
+    slot_type: SlotType,
+    sign: SignFunction,
+}
+
+impl Key {
+    fn new(
+        modulus: Option<&[u8]>,
+        ec_params: Option<&[u8]>,
+        cert: &[u8],
+        slot_type: SlotType,
+        sign: SignFunction,
+    ) -> Result<Key, Error> {
+        let id = Sha256::digest(cert).to_vec();
+        let key_type = if modulus.is_some() { CKK_RSA } else { CKK_EC };
+        Ok(Key {
+            cert: cert.to_vec(),
+            class: serialize_uint(CKO_PRIVATE_KEY)?,
+            token: serialize_uint(CK_TRUE)?,
+            id,
+            private: serialize_uint(CK_TRUE)?,
+            key_type: serialize_uint(key_type)?,
+            modulus: modulus.map(|b| b.to_vec()),
+            ec_params: ec_params.map(|b| b.to_vec()),
+            slot_type,
+            sign,
+        })
+    }
+
+    fn class(&self) -> &[u8] {
+        &self.class
+    }
+
+    fn token(&self) -> &[u8] {
+        &self.token
+    }
+
+    pub fn id(&self) -> &[u8] {
+        &self.id
+    }
+
+    fn private(&self) -> &[u8] {
+        &self.private
+    }
+
+    fn key_type(&self) -> &[u8] {
+        &self.key_type
+    }
+
+    fn modulus(&self) -> Option<&[u8]> {
+        match &self.modulus {
+            Some(modulus) => Some(modulus.as_slice()),
+            None => None,
+        }
+    }
+
+    fn ec_params(&self) -> Option<&[u8]> {
+        match &self.ec_params {
+            Some(ec_params) => Some(ec_params.as_slice()),
+            None => None,
+        }
+    }
+}
+
+impl CryptokiObject for Key {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool {
+        if self.slot_type != slot_type {
+            return false;
+        }
+        for (attr_type, attr_value) in attrs {
+            let comparison = match *attr_type {
+                CKA_CLASS => self.class(),
+                CKA_TOKEN => self.token(),
+                CKA_ID => self.id(),
+                CKA_PRIVATE => self.private(),
+                CKA_KEY_TYPE => self.key_type(),
+                CKA_MODULUS => {
+                    if let Some(modulus) = self.modulus() {
+                        modulus
+                    } else {
+                        return false;
+                    }
+                }
+                CKA_EC_PARAMS => {
+                    if let Some(ec_params) = self.ec_params() {
+                        ec_params
+                    } else {
+                        return false;
+                    }
+                }
+                _ => return false,
+            };
+            if attr_value.as_slice() != comparison {
+                return false;
+            }
+        }
+        true
+    }
+
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]> {
+        match attribute {
+            CKA_CLASS => Some(self.class()),
+            CKA_TOKEN => Some(self.token()),
+            CKA_ID => Some(self.id()),
+            CKA_PRIVATE => Some(self.private()),
+            CKA_KEY_TYPE => Some(self.key_type()),
+            CKA_MODULUS => self.modulus(),
+            CKA_EC_PARAMS => self.ec_params(),
+            _ => None,
+        }
+    }
+}
+
+impl Sign for Key {
+    fn get_signature_length(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<usize, Error> {
+        // Unfortunately we don't have a way of getting the length of a signature without creating
+        // one.
+        let dummy_signature_bytes = self.sign(data, params)?;
+        Ok(dummy_signature_bytes.len())
+    }
+
+    fn sign(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<Vec<u8>, Error> {
+        let mut signature = Vec::new();
+        let (params_len, params) = match params {
+            Some(params) => (
+                std::mem::size_of::<CK_RSA_PKCS_PSS_PARAMS>(),
+                params as *const _ as *const u8,
+            ),
+            None => (0, std::ptr::null()),
+        };
+        (self.sign)(
+            self.cert.len(),
+            self.cert.as_ptr(),
+            data.len(),
+            data.as_ptr(),
+            params_len,
+            params,
+            Some(sign_callback),
+            &mut signature as *mut _ as *mut c_void,
+        );
+        if signature.len() > 0 {
+            Ok(signature)
+        } else {
+            Err(error_here!(ErrorType::LibraryFailure))
+        }
+    }
+}
+
+unsafe extern "C" fn sign_callback(data_len: usize, data: *const u8, ctx: *mut c_void) {
+    let signature: &mut Vec<u8> = std::mem::transmute(ctx);
+    signature.clear();
+    signature.extend_from_slice(std::slice::from_raw_parts(data, data_len));
+}
+
+unsafe extern "C" fn find_objects_callback(
+    typ: u8,
+    data_len: usize,
+    data: *const u8,
+    extra_len: usize,
+    extra: *const u8,
+    slot_type: u32,
+    ctx: *mut c_void,
+) {
+    let data = std::slice::from_raw_parts(data, data_len);
+    let extra = std::slice::from_raw_parts(extra, extra_len);
+    let slot_type = match slot_type {
+        1 => SlotType::Modern,
+        2 => SlotType::Legacy,
+        _ => return,
+    };
+    let find_objects_context: &mut FindObjectsContext = std::mem::transmute(ctx);
+    match typ {
+        1 => match Cert::new(data, slot_type) {
+            Ok(cert) => find_objects_context.certs.push(cert),
+            Err(_) => {}
+        },
+        2 => match Key::new(
+            Some(data),
+            None,
+            extra,
+            slot_type,
+            find_objects_context.sign,
+        ) {
+            Ok(key) => find_objects_context.keys.push(key),
+            Err(_) => {}
+        },
+        3 => match Key::new(
+            None,
+            Some(data),
+            extra,
+            slot_type,
+            find_objects_context.sign,
+        ) {
+            Ok(key) => find_objects_context.keys.push(key),
+            Err(_) => {}
+        },
+        _ => {}
+    }
+}
+
+struct FindObjectsContext {
+    certs: Vec<Cert>,
+    keys: Vec<Key>,
+    sign: SignFunction,
+}
+
+impl FindObjectsContext {
+    fn new(sign: SignFunction) -> FindObjectsContext {
+        FindObjectsContext {
+            certs: Vec::new(),
+            keys: Vec::new(),
+            sign,
+        }
+    }
+}
+
+pub struct Backend {
+    find_objects: FindObjectsFunction,
+    sign: SignFunction,
+}
+
+impl Backend {
+    pub fn new(find_objects: FindObjectsFunction, sign: SignFunction) -> Backend {
+        Backend { find_objects, sign }
+    }
+}
+
+impl ClientCertsBackend for Backend {
+    type Cert = Cert;
+    type Key = Key;
+
+    fn find_objects(&self) -> Result<(Vec<Cert>, Vec<Key>), Error> {
+        let mut find_objects_context = FindObjectsContext::new(self.sign);
+        (self.find_objects)(
+            Some(find_objects_callback),
+            &mut find_objects_context as *mut _ as *mut c_void,
+        );
+        Ok((find_objects_context.certs, find_objects_context.keys))
+    }
+}
diff --git a/security/manager/ssl/ipcclientcerts/src/lib.rs b/security/manager/ssl/ipcclientcerts/src/lib.rs
new file mode 100644
index 0000000000..a1a276df9d
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/src/lib.rs
@@ -0,0 +1,1047 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#![allow(non_snake_case)]
+
+extern crate byteorder;
+extern crate pkcs11_bindings;
+#[macro_use]
+extern crate rsclientcerts;
+extern crate sha2;
+
+use pkcs11_bindings::*;
+use rsclientcerts::manager::{Manager, SlotType};
+use std::ffi::{c_void, CStr};
+use std::sync::Mutex;
+
+mod backend;
+
+use backend::Backend;
+
+type FindObjectsCallback = Option<
+    unsafe extern "C" fn(
+        typ: u8,
+        data_len: usize,
+        data: *const u8,
+        extra_len: usize,
+        extra: *const u8,
+        slot_type: u32,
+        ctx: *mut c_void,
+    ),
+>;
+
+type FindObjectsFunction = extern "C" fn(callback: FindObjectsCallback, ctx: *mut c_void);
+
+type SignCallback =
+    Option<unsafe extern "C" fn(data_len: usize, data: *const u8, ctx: *mut c_void)>;
+
+type SignFunction = extern "C" fn(
+    cert_len: usize,
+    cert: *const u8,
+    data_len: usize,
+    data: *const u8,
+    params_len: usize,
+    params: *const u8,
+    callback: SignCallback,
+    ctx: *mut c_void,
+);
+
+/// The singleton `Manager` that handles state with respect to PKCS #11. Only one thread
+/// may use it at a time, but there is no restriction on which threads may use it.
+static MANAGER: Mutex<Option<Manager<Backend>>> = Mutex::new(None);
+
+// Obtaining a handle on the manager is a two-step process. First the mutex must be locked, which
+// (if successful), results in a mutex guard object. We must then get a mutable refence to the
+// underlying manager (if set - otherwise we return an error). This can't happen all in one macro
+// without dropping a reference that needs to live long enough for this to be safe. In
+// practice, this looks like:
+//   let mut manager_guard = try_to_get_manager_guard!();
+//   let manager = manager_guard_to_manager!(manager_guard);
+macro_rules! try_to_get_manager_guard {
+    () => {
+        match MANAGER.lock() {
+            Ok(maybe_manager) => maybe_manager,
+            Err(_) => return CKR_DEVICE_ERROR,
+        }
+    };
+}
+
+macro_rules! manager_guard_to_manager {
+    ($manager_guard:ident) => {
+        match $manager_guard.as_mut() {
+            Some(manager) => manager,
+            None => return CKR_DEVICE_ERROR,
+        }
+    };
+}
+
+/// This gets called to initialize the module. For this implementation, this consists of
+/// instantiating the `Manager`.
+extern "C" fn C_Initialize(pInitArgs: CK_VOID_PTR) -> CK_RV {
+    // pInitArgs.pReserved will be a c-string containing the base-16
+    // stringification of the addresses of the functions to call to communicate
+    // with the main process.
+    if pInitArgs.is_null() {
+        return CKR_DEVICE_ERROR;
+    }
+    let serialized_addresses_ptr = unsafe { (*(pInitArgs as CK_C_INITIALIZE_ARGS_PTR)).pReserved };
+    if serialized_addresses_ptr.is_null() {
+        return CKR_DEVICE_ERROR;
+    }
+    let serialized_addresses_cstr =
+        unsafe { CStr::from_ptr(serialized_addresses_ptr as *mut std::os::raw::c_char) };
+    let serialized_addresses = match serialized_addresses_cstr.to_str() {
+        Ok(serialized_addresses) => serialized_addresses,
+        Err(_) => return CKR_DEVICE_ERROR,
+    };
+    let function_addresses: Vec<usize> = serialized_addresses
+        .split(',')
+        .filter_map(|serialized_address| usize::from_str_radix(serialized_address, 16).ok())
+        .collect();
+    if function_addresses.len() != 2 {
+        return CKR_DEVICE_ERROR;
+    }
+    let find_objects: FindObjectsFunction = unsafe { std::mem::transmute(function_addresses[0]) };
+    let sign: SignFunction = unsafe { std::mem::transmute(function_addresses[1]) };
+    let mut manager_guard = try_to_get_manager_guard!();
+    let _unexpected_previous_manager =
+        manager_guard.replace(Manager::new(Backend::new(find_objects, sign)));
+    CKR_OK
+}
+
+extern "C" fn C_Finalize(_pReserved: CK_VOID_PTR) -> CK_RV {
+    // Drop the manager. When C_Finalize is called, there should be only one
+    // reference to this module (which is going away), so there shouldn't be
+    // any concurrency issues.
+    let mut manager_guard = try_to_get_manager_guard!();
+    match manager_guard.take() {
+        Some(_) => CKR_OK,
+        None => CKR_CRYPTOKI_NOT_INITIALIZED,
+    }
+}
+
+// The specification mandates that these strings be padded with spaces to the appropriate length.
+// Since the length of fixed-size arrays in rust is part of the type, the compiler enforces that
+// these byte strings are of the correct length.
+const MANUFACTURER_ID_BYTES: &[u8; 32] = b"Mozilla Corporation             ";
+const LIBRARY_DESCRIPTION_BYTES: &[u8; 32] = b"IPC Client Cert Module          ";
+
+/// This gets called to gather some information about the module. In particular, this implementation
+/// supports (portions of) cryptoki (PKCS #11) version 2.2.
+extern "C" fn C_GetInfo(pInfo: CK_INFO_PTR) -> CK_RV {
+    if pInfo.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut info = CK_INFO::default();
+    info.cryptokiVersion.major = 2;
+    info.cryptokiVersion.minor = 2;
+    info.manufacturerID = *MANUFACTURER_ID_BYTES;
+    info.libraryDescription = *LIBRARY_DESCRIPTION_BYTES;
+    unsafe {
+        *pInfo = info;
+    }
+    CKR_OK
+}
+
+/// This module has two slots.
+const SLOT_COUNT: CK_ULONG = 2;
+/// The slot with ID 1 supports modern mechanisms like RSA-PSS.
+const SLOT_ID_MODERN: CK_SLOT_ID = 1;
+/// The slot with ID 2 only supports legacy mechanisms.
+const SLOT_ID_LEGACY: CK_SLOT_ID = 2;
+
+/// This gets called twice: once with a null `pSlotList` to get the number of slots (returned via
+/// `pulCount`) and a second time to get the ID for each slot.
+extern "C" fn C_GetSlotList(
+    _tokenPresent: CK_BBOOL,
+    pSlotList: CK_SLOT_ID_PTR,
+    pulCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if pulCount.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    if !pSlotList.is_null() {
+        if unsafe { *pulCount } < SLOT_COUNT {
+            return CKR_BUFFER_TOO_SMALL;
+        }
+        unsafe {
+            *pSlotList = SLOT_ID_MODERN;
+            *pSlotList.offset(1) = SLOT_ID_LEGACY;
+        }
+    };
+    unsafe {
+        *pulCount = SLOT_COUNT;
+    }
+    CKR_OK
+}
+
+const SLOT_DESCRIPTION_MODERN_BYTES: &[u8; 64] =
+    b"IPC Client Cert Slot (Modern)                                   ";
+const SLOT_DESCRIPTION_LEGACY_BYTES: &[u8; 64] =
+    b"IPC Client Cert Slot (Legacy)                                   ";
+
+/// This gets called to obtain information about slots. In this implementation, the tokens are
+/// always present in the slots.
+extern "C" fn C_GetSlotInfo(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) -> CK_RV {
+    if (slotID != SLOT_ID_MODERN && slotID != SLOT_ID_LEGACY) || pInfo.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let description = if slotID == SLOT_ID_MODERN {
+        SLOT_DESCRIPTION_MODERN_BYTES
+    } else {
+        SLOT_DESCRIPTION_LEGACY_BYTES
+    };
+    let slot_info = CK_SLOT_INFO {
+        slotDescription: *description,
+        manufacturerID: *MANUFACTURER_ID_BYTES,
+        flags: CKF_TOKEN_PRESENT,
+        hardwareVersion: CK_VERSION::default(),
+        firmwareVersion: CK_VERSION::default(),
+    };
+    unsafe {
+        *pInfo = slot_info;
+    }
+    CKR_OK
+}
+
+const TOKEN_LABEL_MODERN_BYTES: &[u8; 32] = b"IPC Client Cert Token (Modern)  ";
+const TOKEN_LABEL_LEGACY_BYTES: &[u8; 32] = b"IPC Client Cert Token (Legacy)  ";
+const TOKEN_MODEL_BYTES: &[u8; 16] = b"ipcclientcerts  ";
+const TOKEN_SERIAL_NUMBER_BYTES: &[u8; 16] = b"0000000000000000";
+
+/// This gets called to obtain some information about tokens. This implementation has two slots,
+/// so it has two tokens. This information is primarily for display purposes.
+extern "C" fn C_GetTokenInfo(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) -> CK_RV {
+    if (slotID != SLOT_ID_MODERN && slotID != SLOT_ID_LEGACY) || pInfo.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut token_info = CK_TOKEN_INFO::default();
+    let label = if slotID == SLOT_ID_MODERN {
+        TOKEN_LABEL_MODERN_BYTES
+    } else {
+        TOKEN_LABEL_LEGACY_BYTES
+    };
+    token_info.label = *label;
+    token_info.manufacturerID = *MANUFACTURER_ID_BYTES;
+    token_info.model = *TOKEN_MODEL_BYTES;
+    token_info.serialNumber = *TOKEN_SERIAL_NUMBER_BYTES;
+    unsafe {
+        *pInfo = token_info;
+    }
+    CKR_OK
+}
+
+/// This gets called to determine what mechanisms a slot supports. The modern slot supports ECDSA,
+/// RSA PKCS, and RSA PSS. The legacy slot only supports RSA PKCS.
+extern "C" fn C_GetMechanismList(
+    slotID: CK_SLOT_ID,
+    pMechanismList: CK_MECHANISM_TYPE_PTR,
+    pulCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if (slotID != SLOT_ID_MODERN && slotID != SLOT_ID_LEGACY) || pulCount.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mechanisms = if slotID == SLOT_ID_MODERN {
+        vec![CKM_ECDSA, CKM_RSA_PKCS, CKM_RSA_PKCS_PSS]
+    } else {
+        vec![CKM_RSA_PKCS]
+    };
+    if !pMechanismList.is_null() {
+        if unsafe { *pulCount as usize } < mechanisms.len() {
+            return CKR_ARGUMENTS_BAD;
+        }
+        for i in 0..mechanisms.len() {
+            unsafe {
+                *pMechanismList.offset(i as isize) = mechanisms[i];
+            }
+        }
+    }
+    unsafe {
+        *pulCount = mechanisms.len() as CK_ULONG;
+    }
+    CKR_OK
+}
+
+extern "C" fn C_GetMechanismInfo(
+    _slotID: CK_SLOT_ID,
+    _type: CK_MECHANISM_TYPE,
+    _pInfo: CK_MECHANISM_INFO_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_InitToken(
+    _slotID: CK_SLOT_ID,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+    _pLabel: CK_UTF8CHAR_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_InitPIN(
+    _hSession: CK_SESSION_HANDLE,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SetPIN(
+    _hSession: CK_SESSION_HANDLE,
+    _pOldPin: CK_UTF8CHAR_PTR,
+    _ulOldLen: CK_ULONG,
+    _pNewPin: CK_UTF8CHAR_PTR,
+    _ulNewLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to create a new session. This module defers to the `ManagerProxy` to implement
+/// this.
+extern "C" fn C_OpenSession(
+    slotID: CK_SLOT_ID,
+    _flags: CK_FLAGS,
+    _pApplication: CK_VOID_PTR,
+    _Notify: CK_NOTIFY,
+    phSession: CK_SESSION_HANDLE_PTR,
+) -> CK_RV {
+    if (slotID != SLOT_ID_MODERN && slotID != SLOT_ID_LEGACY) || phSession.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    let slot_type = if slotID == SLOT_ID_MODERN {
+        SlotType::Modern
+    } else {
+        SlotType::Legacy
+    };
+    let session_handle = match manager.open_session(slot_type) {
+        Ok(session_handle) => session_handle,
+        Err(_) => return CKR_DEVICE_ERROR,
+    };
+    unsafe {
+        *phSession = session_handle;
+    }
+    CKR_OK
+}
+
+/// This gets called to close a session. This is handled by the `ManagerProxy`.
+extern "C" fn C_CloseSession(hSession: CK_SESSION_HANDLE) -> CK_RV {
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    if manager.close_session(hSession).is_err() {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    CKR_OK
+}
+
+/// This gets called to close all open sessions at once. This is handled by the `ManagerProxy`.
+extern "C" fn C_CloseAllSessions(slotID: CK_SLOT_ID) -> CK_RV {
+    if slotID != SLOT_ID_MODERN && slotID != SLOT_ID_LEGACY {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    let slot_type = if slotID == SLOT_ID_MODERN {
+        SlotType::Modern
+    } else {
+        SlotType::Legacy
+    };
+    match manager.close_all_sessions(slot_type) {
+        Ok(()) => CKR_OK,
+        Err(_) => CKR_DEVICE_ERROR,
+    }
+}
+
+extern "C" fn C_GetSessionInfo(_hSession: CK_SESSION_HANDLE, _pInfo: CK_SESSION_INFO_PTR) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetOperationState(
+    _hSession: CK_SESSION_HANDLE,
+    _pOperationState: CK_BYTE_PTR,
+    _pulOperationStateLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SetOperationState(
+    _hSession: CK_SESSION_HANDLE,
+    _pOperationState: CK_BYTE_PTR,
+    _ulOperationStateLen: CK_ULONG,
+    _hEncryptionKey: CK_OBJECT_HANDLE,
+    _hAuthenticationKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Login(
+    _hSession: CK_SESSION_HANDLE,
+    _userType: CK_USER_TYPE,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to log out and drop any authenticated resources. Because this module does not
+/// hold on to authenticated resources, this module "implements" this by doing nothing and
+/// returning a success result.
+extern "C" fn C_Logout(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    CKR_OK
+}
+
+extern "C" fn C_CreateObject(
+    _hSession: CK_SESSION_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phObject: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_CopyObject(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phNewObject: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DestroyObject(_hSession: CK_SESSION_HANDLE, _hObject: CK_OBJECT_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetObjectSize(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pulSize: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to obtain the values of a number of attributes of an object identified by the
+/// given handle. This module implements this by requesting that the `ManagerProxy` find the object
+/// and attempt to get the value of each attribute. If a specified attribute is not defined on the
+/// object, the length of that attribute is set to -1 to indicate that it is not available.
+/// This gets called twice: once to obtain the lengths of the attributes and again to get the
+/// values.
+extern "C" fn C_GetAttributeValue(
+    _hSession: CK_SESSION_HANDLE,
+    hObject: CK_OBJECT_HANDLE,
+    pTemplate: CK_ATTRIBUTE_PTR,
+    ulCount: CK_ULONG,
+) -> CK_RV {
+    if pTemplate.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut attr_types = Vec::with_capacity(ulCount as usize);
+    for i in 0..ulCount {
+        let attr = unsafe { &*pTemplate.offset(i as isize) };
+        attr_types.push(attr.type_);
+    }
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    let values = match manager.get_attributes(hObject, attr_types) {
+        Ok(values) => values,
+        Err(_) => return CKR_ARGUMENTS_BAD,
+    };
+    if values.len() != ulCount as usize {
+        return CKR_DEVICE_ERROR;
+    }
+    for i in 0..ulCount as usize {
+        let mut attr = unsafe { &mut *pTemplate.offset(i as isize) };
+        // NB: the safety of this array access depends on the length check above
+        if let Some(attr_value) = &values[i] {
+            if attr.pValue.is_null() {
+                attr.ulValueLen = attr_value.len() as CK_ULONG;
+            } else {
+                let ptr: *mut u8 = attr.pValue as *mut u8;
+                if attr_value.len() != attr.ulValueLen as usize {
+                    return CKR_ARGUMENTS_BAD;
+                }
+                unsafe {
+                    std::ptr::copy_nonoverlapping(attr_value.as_ptr(), ptr, attr_value.len());
+                }
+            }
+        } else {
+            attr.ulValueLen = (0 - 1) as CK_ULONG;
+        }
+    }
+    CKR_OK
+}
+
+extern "C" fn C_SetAttributeValue(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to initialize a search for objects matching a given list of attributes. This
+/// module implements this by gathering the attributes and passing them to the `ManagerProxy` to
+/// start the search.
+extern "C" fn C_FindObjectsInit(
+    hSession: CK_SESSION_HANDLE,
+    pTemplate: CK_ATTRIBUTE_PTR,
+    ulCount: CK_ULONG,
+) -> CK_RV {
+    if pTemplate.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut attrs = Vec::new();
+    for i in 0..ulCount {
+        let attr = unsafe { &*pTemplate.offset(i as isize) };
+        let slice = unsafe {
+            std::slice::from_raw_parts(attr.pValue as *const u8, attr.ulValueLen as usize)
+        };
+        attrs.push((attr.type_, slice.to_owned()));
+    }
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    match manager.start_search(hSession, attrs) {
+        Ok(()) => {}
+        Err(_) => return CKR_ARGUMENTS_BAD,
+    }
+    CKR_OK
+}
+
+/// This gets called after `C_FindObjectsInit` to get the results of a search. This module
+/// implements this by looking up the search in the `ManagerProxy` and copying out the matching
+/// object handles.
+extern "C" fn C_FindObjects(
+    hSession: CK_SESSION_HANDLE,
+    phObject: CK_OBJECT_HANDLE_PTR,
+    ulMaxObjectCount: CK_ULONG,
+    pulObjectCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if phObject.is_null() || pulObjectCount.is_null() || ulMaxObjectCount == 0 {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    let handles = match manager.search(hSession, ulMaxObjectCount as usize) {
+        Ok(handles) => handles,
+        Err(_) => return CKR_ARGUMENTS_BAD,
+    };
+    if handles.len() > ulMaxObjectCount as usize {
+        return CKR_DEVICE_ERROR;
+    }
+    unsafe {
+        *pulObjectCount = handles.len() as CK_ULONG;
+    }
+    for (index, handle) in handles.iter().enumerate() {
+        if index < ulMaxObjectCount as usize {
+            unsafe {
+                *(phObject.add(index)) = *handle;
+            }
+        }
+    }
+    CKR_OK
+}
+
+/// This gets called after `C_FindObjectsInit` and `C_FindObjects` to finish a search. The module
+/// tells the `ManagerProxy` to clear the search.
+extern "C" fn C_FindObjectsFinal(hSession: CK_SESSION_HANDLE) -> CK_RV {
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    // It would be an error if there were no search for this session, but we can be permissive here.
+    match manager.clear_search(hSession) {
+        Ok(()) => CKR_OK,
+        Err(_) => CKR_DEVICE_ERROR,
+    }
+}
+
+extern "C" fn C_EncryptInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Encrypt(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pEncryptedData: CK_BYTE_PTR,
+    _pulEncryptedDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_EncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_EncryptFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pLastEncryptedPart: CK_BYTE_PTR,
+    _pulLastEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Decrypt(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedData: CK_BYTE_PTR,
+    _ulEncryptedDataLen: CK_ULONG,
+    _pData: CK_BYTE_PTR,
+    _pulDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pLastPart: CK_BYTE_PTR,
+    _pulLastPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestInit(_hSession: CK_SESSION_HANDLE, _pMechanism: CK_MECHANISM_PTR) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Digest(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pDigest: CK_BYTE_PTR,
+    _pulDigestLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestKey(_hSession: CK_SESSION_HANDLE, _hKey: CK_OBJECT_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pDigest: CK_BYTE_PTR,
+    _pulDigestLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to set up a sign operation. The module essentially defers to the
+/// `ManagerProxy`.
+extern "C" fn C_SignInit(
+    hSession: CK_SESSION_HANDLE,
+    pMechanism: CK_MECHANISM_PTR,
+    hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    if pMechanism.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    // Presumably we should validate the mechanism against hKey, but the specification doesn't
+    // actually seem to require this.
+    let mechanism = unsafe { *pMechanism };
+    let mechanism_params = if mechanism.mechanism == CKM_RSA_PKCS_PSS {
+        if mechanism.ulParameterLen as usize != std::mem::size_of::<CK_RSA_PKCS_PSS_PARAMS>() {
+            return CKR_ARGUMENTS_BAD;
+        }
+        Some(unsafe { *(mechanism.pParameter as *const CK_RSA_PKCS_PSS_PARAMS) })
+    } else {
+        None
+    };
+    let mut manager_guard = try_to_get_manager_guard!();
+    let manager = manager_guard_to_manager!(manager_guard);
+    match manager.start_sign(hSession, hKey, mechanism_params) {
+        Ok(()) => {}
+        Err(_) => return CKR_GENERAL_ERROR,
+    };
+    CKR_OK
+}
+
+/// NSS calls this after `C_SignInit` (there are more ways in the PKCS #11 specification to sign
+/// data, but this is the only way supported by this module). The module essentially defers to the
+/// `ManagerProxy` and copies out the resulting signature.
+extern "C" fn C_Sign(
+    hSession: CK_SESSION_HANDLE,
+    pData: CK_BYTE_PTR,
+    ulDataLen: CK_ULONG,
+    pSignature: CK_BYTE_PTR,
+    pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    if pData.is_null() || pulSignatureLen.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    let data = unsafe { std::slice::from_raw_parts(pData, ulDataLen as usize) };
+    if pSignature.is_null() {
+        let mut manager_guard = try_to_get_manager_guard!();
+        let manager = manager_guard_to_manager!(manager_guard);
+        match manager.get_signature_length(hSession, data.to_vec()) {
+            Ok(signature_length) => unsafe {
+                *pulSignatureLen = signature_length as CK_ULONG;
+            },
+            Err(_) => return CKR_GENERAL_ERROR,
+        }
+    } else {
+        let mut manager_guard = try_to_get_manager_guard!();
+        let manager = manager_guard_to_manager!(manager_guard);
+        match manager.sign(hSession, data.to_vec()) {
+            Ok(signature) => {
+                let signature_capacity = unsafe { *pulSignatureLen } as usize;
+                if signature_capacity < signature.len() {
+                    return CKR_ARGUMENTS_BAD;
+                }
+                let ptr: *mut u8 = pSignature as *mut u8;
+                unsafe {
+                    std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len());
+                    *pulSignatureLen = signature.len() as CK_ULONG;
+                }
+            }
+            Err(_) => return CKR_GENERAL_ERROR,
+        }
+    }
+    CKR_OK
+}
+
+extern "C" fn C_SignUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignRecoverInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignRecover(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pSignature: CK_BYTE_PTR,
+    _pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Verify(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyRecoverInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyRecover(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+    _pData: CK_BYTE_PTR,
+    _pulDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestEncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptDigestUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignEncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptVerifyUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateKeyPair(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _pPublicKeyTemplate: CK_ATTRIBUTE_PTR,
+    _ulPublicKeyAttributeCount: CK_ULONG,
+    _pPrivateKeyTemplate: CK_ATTRIBUTE_PTR,
+    _ulPrivateKeyAttributeCount: CK_ULONG,
+    _phPublicKey: CK_OBJECT_HANDLE_PTR,
+    _phPrivateKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_WrapKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hWrappingKey: CK_OBJECT_HANDLE,
+    _hKey: CK_OBJECT_HANDLE,
+    _pWrappedKey: CK_BYTE_PTR,
+    _pulWrappedKeyLen: CK_ULONG_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_UnwrapKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hUnwrappingKey: CK_OBJECT_HANDLE,
+    _pWrappedKey: CK_BYTE_PTR,
+    _ulWrappedKeyLen: CK_ULONG,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulAttributeCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DeriveKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hBaseKey: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulAttributeCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SeedRandom(
+    _hSession: CK_SESSION_HANDLE,
+    _pSeed: CK_BYTE_PTR,
+    _ulSeedLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateRandom(
+    _hSession: CK_SESSION_HANDLE,
+    _RandomData: CK_BYTE_PTR,
+    _ulRandomLen: CK_ULONG,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetFunctionStatus(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_CancelFunction(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_WaitForSlotEvent(
+    _flags: CK_FLAGS,
+    _pSlot: CK_SLOT_ID_PTR,
+    _pRserved: CK_VOID_PTR,
+) -> CK_RV {
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// To be a valid PKCS #11 module, this list of functions must be supported. At least cryptoki 2.2
+/// must be supported for this module to work in NSS.
+static mut FUNCTION_LIST: CK_FUNCTION_LIST = CK_FUNCTION_LIST {
+    version: CK_VERSION { major: 2, minor: 2 },
+    C_Initialize: Some(C_Initialize),
+    C_Finalize: Some(C_Finalize),
+    C_GetInfo: Some(C_GetInfo),
+    C_GetFunctionList: None,
+    C_GetSlotList: Some(C_GetSlotList),
+    C_GetSlotInfo: Some(C_GetSlotInfo),
+    C_GetTokenInfo: Some(C_GetTokenInfo),
+    C_GetMechanismList: Some(C_GetMechanismList),
+    C_GetMechanismInfo: Some(C_GetMechanismInfo),
+    C_InitToken: Some(C_InitToken),
+    C_InitPIN: Some(C_InitPIN),
+    C_SetPIN: Some(C_SetPIN),
+    C_OpenSession: Some(C_OpenSession),
+    C_CloseSession: Some(C_CloseSession),
+    C_CloseAllSessions: Some(C_CloseAllSessions),
+    C_GetSessionInfo: Some(C_GetSessionInfo),
+    C_GetOperationState: Some(C_GetOperationState),
+    C_SetOperationState: Some(C_SetOperationState),
+    C_Login: Some(C_Login),
+    C_Logout: Some(C_Logout),
+    C_CreateObject: Some(C_CreateObject),
+    C_CopyObject: Some(C_CopyObject),
+    C_DestroyObject: Some(C_DestroyObject),
+    C_GetObjectSize: Some(C_GetObjectSize),
+    C_GetAttributeValue: Some(C_GetAttributeValue),
+    C_SetAttributeValue: Some(C_SetAttributeValue),
+    C_FindObjectsInit: Some(C_FindObjectsInit),
+    C_FindObjects: Some(C_FindObjects),
+    C_FindObjectsFinal: Some(C_FindObjectsFinal),
+    C_EncryptInit: Some(C_EncryptInit),
+    C_Encrypt: Some(C_Encrypt),
+    C_EncryptUpdate: Some(C_EncryptUpdate),
+    C_EncryptFinal: Some(C_EncryptFinal),
+    C_DecryptInit: Some(C_DecryptInit),
+    C_Decrypt: Some(C_Decrypt),
+    C_DecryptUpdate: Some(C_DecryptUpdate),
+    C_DecryptFinal: Some(C_DecryptFinal),
+    C_DigestInit: Some(C_DigestInit),
+    C_Digest: Some(C_Digest),
+    C_DigestUpdate: Some(C_DigestUpdate),
+    C_DigestKey: Some(C_DigestKey),
+    C_DigestFinal: Some(C_DigestFinal),
+    C_SignInit: Some(C_SignInit),
+    C_Sign: Some(C_Sign),
+    C_SignUpdate: Some(C_SignUpdate),
+    C_SignFinal: Some(C_SignFinal),
+    C_SignRecoverInit: Some(C_SignRecoverInit),
+    C_SignRecover: Some(C_SignRecover),
+    C_VerifyInit: Some(C_VerifyInit),
+    C_Verify: Some(C_Verify),
+    C_VerifyUpdate: Some(C_VerifyUpdate),
+    C_VerifyFinal: Some(C_VerifyFinal),
+    C_VerifyRecoverInit: Some(C_VerifyRecoverInit),
+    C_VerifyRecover: Some(C_VerifyRecover),
+    C_DigestEncryptUpdate: Some(C_DigestEncryptUpdate),
+    C_DecryptDigestUpdate: Some(C_DecryptDigestUpdate),
+    C_SignEncryptUpdate: Some(C_SignEncryptUpdate),
+    C_DecryptVerifyUpdate: Some(C_DecryptVerifyUpdate),
+    C_GenerateKey: Some(C_GenerateKey),
+    C_GenerateKeyPair: Some(C_GenerateKeyPair),
+    C_WrapKey: Some(C_WrapKey),
+    C_UnwrapKey: Some(C_UnwrapKey),
+    C_DeriveKey: Some(C_DeriveKey),
+    C_SeedRandom: Some(C_SeedRandom),
+    C_GenerateRandom: Some(C_GenerateRandom),
+    C_GetFunctionStatus: Some(C_GetFunctionStatus),
+    C_CancelFunction: Some(C_CancelFunction),
+    C_WaitForSlotEvent: Some(C_WaitForSlotEvent),
+};
+
+/// This is the only function this module exposes. The C stub calls it when NSS
+/// calls its exposed C_GetFunctionList function to obtain the list of functions
+/// comprising this module.
+#[no_mangle]
+pub extern "C" fn IPCCC_GetFunctionList(ppFunctionList: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV {
+    if ppFunctionList.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    unsafe {
+        *ppFunctionList = &mut FUNCTION_LIST;
+    }
+    CKR_OK
+}
+
+#[cfg_attr(target_os = "macos", link(name = "Security", kind = "framework"))]
+extern "C" {}
diff --git a/security/manager/ssl/md4.c b/security/manager/ssl/md4.c
new file mode 100644
index 0000000000..ed2369f1fa
--- /dev/null
+++ b/security/manager/ssl/md4.c
@@ -0,0 +1,179 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * "clean room" MD4 implementation (see RFC 1320)
+ */
+
+#include <string.h>
+#include "md4.h"
+
+/* the "conditional" function */
+#define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
+
+/* the "majority" function */
+#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+
+/* the "parity" function */
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+/* rotate n-bits to the left */
+#define ROTL(x, n) (((x) << (n)) | ((x) >> (0x20 - n)))
+
+/* round 1: [abcd k s]: a = (a + F(b,c,d) + X[k]) <<< s */
+#define RD1(a, b, c, d, k, s) \
+  a += F(b, c, d) + X[k];     \
+  a = ROTL(a, s)
+
+/* round 2: [abcd k s]: a = (a + G(b,c,d) + X[k] + MAGIC) <<< s */
+#define RD2(a, b, c, d, k, s)          \
+  a += G(b, c, d) + X[k] + 0x5A827999; \
+  a = ROTL(a, s)
+
+/* round 3: [abcd k s]: a = (a + H(b,c,d) + X[k] + MAGIC) <<< s */
+#define RD3(a, b, c, d, k, s)          \
+  a += H(b, c, d) + X[k] + 0x6ED9EBA1; \
+  a = ROTL(a, s)
+
+/* converts from word array to byte array, len is number of bytes */
+static void w2b(uint8_t* out, const uint32_t* in, uint32_t len) {
+  uint8_t* bp;
+  const uint32_t *wp, *wpend;
+
+  bp = out;
+  wp = in;
+  wpend = wp + (len >> 2);
+
+  for (; wp != wpend; ++wp, bp += 4) {
+    bp[0] = (uint8_t)((*wp) & 0xFF);
+    bp[1] = (uint8_t)((*wp >> 8) & 0xFF);
+    bp[2] = (uint8_t)((*wp >> 16) & 0xFF);
+    bp[3] = (uint8_t)((*wp >> 24) & 0xFF);
+  }
+}
+
+/* converts from byte array to word array, len is number of bytes */
+static void b2w(uint32_t* out, const uint8_t* in, uint32_t len) {
+  uint32_t* wp;
+  const uint8_t *bp, *bpend;
+
+  wp = out;
+  bp = in;
+  bpend = in + len;
+
+  for (; bp != bpend; bp += 4, ++wp) {
+    *wp = (uint32_t)bp[0] | ((uint32_t)bp[1] << 8) | ((uint32_t)bp[2] << 16) |
+          ((uint32_t)bp[3] << 24);
+  }
+}
+
+/* update state: data is 64 bytes in length */
+static void md4step(uint32_t state[4], const uint8_t* data) {
+  uint32_t A, B, C, D, X[16];
+
+  b2w(X, data, 64);
+
+  A = state[0];
+  B = state[1];
+  C = state[2];
+  D = state[3];
+
+  RD1(A, B, C, D, 0, 3);
+  RD1(D, A, B, C, 1, 7);
+  RD1(C, D, A, B, 2, 11);
+  RD1(B, C, D, A, 3, 19);
+  RD1(A, B, C, D, 4, 3);
+  RD1(D, A, B, C, 5, 7);
+  RD1(C, D, A, B, 6, 11);
+  RD1(B, C, D, A, 7, 19);
+  RD1(A, B, C, D, 8, 3);
+  RD1(D, A, B, C, 9, 7);
+  RD1(C, D, A, B, 10, 11);
+  RD1(B, C, D, A, 11, 19);
+  RD1(A, B, C, D, 12, 3);
+  RD1(D, A, B, C, 13, 7);
+  RD1(C, D, A, B, 14, 11);
+  RD1(B, C, D, A, 15, 19);
+
+  RD2(A, B, C, D, 0, 3);
+  RD2(D, A, B, C, 4, 5);
+  RD2(C, D, A, B, 8, 9);
+  RD2(B, C, D, A, 12, 13);
+  RD2(A, B, C, D, 1, 3);
+  RD2(D, A, B, C, 5, 5);
+  RD2(C, D, A, B, 9, 9);
+  RD2(B, C, D, A, 13, 13);
+  RD2(A, B, C, D, 2, 3);
+  RD2(D, A, B, C, 6, 5);
+  RD2(C, D, A, B, 10, 9);
+  RD2(B, C, D, A, 14, 13);
+  RD2(A, B, C, D, 3, 3);
+  RD2(D, A, B, C, 7, 5);
+  RD2(C, D, A, B, 11, 9);
+  RD2(B, C, D, A, 15, 13);
+
+  RD3(A, B, C, D, 0, 3);
+  RD3(D, A, B, C, 8, 9);
+  RD3(C, D, A, B, 4, 11);
+  RD3(B, C, D, A, 12, 15);
+  RD3(A, B, C, D, 2, 3);
+  RD3(D, A, B, C, 10, 9);
+  RD3(C, D, A, B, 6, 11);
+  RD3(B, C, D, A, 14, 15);
+  RD3(A, B, C, D, 1, 3);
+  RD3(D, A, B, C, 9, 9);
+  RD3(C, D, A, B, 5, 11);
+  RD3(B, C, D, A, 13, 15);
+  RD3(A, B, C, D, 3, 3);
+  RD3(D, A, B, C, 11, 9);
+  RD3(C, D, A, B, 7, 11);
+  RD3(B, C, D, A, 15, 15);
+
+  state[0] += A;
+  state[1] += B;
+  state[2] += C;
+  state[3] += D;
+}
+
+void md4sum(const uint8_t* input, uint32_t inputLen, uint8_t* result) {
+  uint8_t final[128];
+  uint32_t i, n, m, state[4];
+  uint64_t inputLenBits;
+  uint32_t inputLenBitsLow;
+  uint32_t inputLenBitsHigh;
+
+  /* magic initial states */
+  state[0] = 0x67452301;
+  state[1] = 0xEFCDAB89;
+  state[2] = 0x98BADCFE;
+  state[3] = 0x10325476;
+
+  /* compute number of complete 64-byte segments contained in input */
+  m = inputLen >> 6;
+
+  /* digest first m segments */
+  for (i = 0; i < m; ++i) md4step(state, (input + (i << 6)));
+
+  /* build final buffer */
+  n = inputLen % 64;
+  memcpy(final, input + (m << 6), n);
+  final[n] = 0x80;
+  memset(final + n + 1, 0, 120 - (n + 1));
+
+  /* Append the original input length in bits as a 64-bit number. This is done
+   * in two 32-bit chunks, with the least-significant 32 bits first.
+   * w2b will handle endianness. */
+  inputLenBits = inputLen << 3;
+  inputLenBitsLow = (uint32_t)(inputLenBits & 0xFFFFFFFF);
+  w2b(final + (n >= 56 ? 120 : 56), &inputLenBitsLow, 4);
+  inputLenBitsHigh = (uint32_t)((inputLenBits >> 32) & 0xFFFFFFFF);
+  w2b(final + (n >= 56 ? 124 : 60), &inputLenBitsHigh, 4);
+
+  md4step(state, final);
+  if (n >= 56) md4step(state, final + 64);
+
+  /* copy state to result */
+  w2b(result, state, 16);
+}
diff --git a/security/manager/ssl/md4.h b/security/manager/ssl/md4.h
new file mode 100644
index 0000000000..6e56a4ffdc
--- /dev/null
+++ b/security/manager/ssl/md4.h
@@ -0,0 +1,38 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef md4_h__
+#define md4_h__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+/**
+ * md4sum - computes the MD4 sum over the input buffer per RFC 1320
+ *
+ * @param input
+ *        buffer containing input data
+ * @param inputLen
+ *        length of input buffer (number of bytes)
+ * @param result
+ *        16-byte buffer that will contain the MD4 sum upon return
+ *
+ * NOTE: MD4 is superceded by MD5.  do not use MD4 unless required by the
+ * protocol you are implementing (e.g., NTLM requires MD4).
+ *
+ * NOTE: this interface is designed for relatively small buffers.  A streaming
+ * interface would make more sense if that were a requirement.  Currently, this
+ * is good enough for the applications we care about.
+ */
+void md4sum(const uint8_t* input, uint32_t inputLen, uint8_t* result);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* md4_h__ */
diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build
new file mode 100644
index 0000000000..2df4b2f365
--- /dev/null
+++ b/security/manager/ssl/moz.build
@@ -0,0 +1,277 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# osclientcerts is currently only implemented for Windows
+# osclientcerts transitively depends on winapi 0.2.8, which doesn't work with
+# AArch64
+if (CONFIG["OS_ARCH"] == "WINNT" and CONFIG["CPU_ARCH"] != "aarch64") or CONFIG[
+    "OS_ARCH"
+] == "Darwin":
+    DIRS += ["osclientcerts"]
+
+DIRS += ["ipcclientcerts"]
+DIRS += ["builtins"]
+
+TEST_DIRS += ["tests"]
+
+XPIDL_SOURCES += [
+    "nsICertificateDialogs.idl",
+    "nsICertOverrideService.idl",
+    "nsICertStorage.idl",
+    "nsICertTree.idl",
+    "nsIClientAuthDialogs.idl",
+    "nsIClientAuthRememberService.idl",
+    "nsIContentSignatureVerifier.idl",
+    "nsICryptoHash.idl",
+    "nsINSSComponent.idl",
+    "nsINSSErrorsService.idl",
+    "nsINSSVersion.idl",
+    "nsIOSKeyStore.idl",
+    "nsIOSReauthenticator.idl",
+    "nsIPK11Token.idl",
+    "nsIPK11TokenDB.idl",
+    "nsIPKCS11Module.idl",
+    "nsIPKCS11ModuleDB.idl",
+    "nsIPKCS11Slot.idl",
+    "nsIPublicKeyPinningService.idl",
+    "nsISecretDecoderRing.idl",
+    "nsISecurityUITelemetry.idl",
+    "nsISiteSecurityService.idl",
+    "nsITLSSocketControl.idl",
+    "nsITokenPasswordDialogs.idl",
+    "nsITransportSecurityInfo.idl",
+    "nsIX509Cert.idl",
+    "nsIX509CertDB.idl",
+    "nsIX509CertValidity.idl",
+]
+
+XPIDL_MODULE = "pipnss"
+
+XPCOM_MANIFESTS += [
+    "components.conf",
+]
+
+EXTRA_JS_MODULES.psm += [
+    "DER.sys.mjs",
+    "RemoteSecuritySettings.sys.mjs",
+    "X509.sys.mjs",
+]
+
+EXPORTS += [
+    "CommonSocketControl.h",
+    "CryptoTask.h",
+    "EnterpriseRoots.h",
+    "nsClientAuthRemember.h",
+    "nsNSSCallbacks.h",
+    "nsNSSCertificate.h",
+    "nsNSSComponent.h",
+    "nsNSSHelper.h",
+    "nsRandomGenerator.h",
+    "nsSecureBrowserUI.h",
+    "nsSecurityHeaderParser.h",
+    "NSSErrorsService.h",
+    "nsSSLSocketProvider.h",
+    "nsTLSSocketProvider.h",
+    "RootCertificateTelemetryUtils.h",
+    "ScopedNSSTypes.h",
+    "SharedCertVerifier.h",
+    "SSLServerCertVerification.h",
+    "TransportSecurityInfo.h",
+]
+
+EXPORTS.mozilla += [
+    "DataStorage.h",
+    "DataStorageList.h",
+    "PublicSSL.h",
+]
+
+EXPORTS.mozilla.psm += [
+    "IPCClientCertsChild.h",
+    "IPCClientCertsParent.h",
+    "SelectTLSClientAuthCertChild.h",
+    "SelectTLSClientAuthCertParent.h",
+    "TransportSecurityInfo.h",
+    "VerifySSLServerCertChild.h",
+    "VerifySSLServerCertParent.h",
+]
+
+EXPORTS.ipc += [
+    "DataStorageIPCUtils.h",
+]
+
+UNIFIED_SOURCES += [
+    "AppSignatureVerification.cpp",
+    "AppTrustDomain.cpp",
+    "CertStorageMemoryReporting.cpp",
+    "CommonSocketControl.cpp",
+    "ContentSignatureVerifier.cpp",
+    "CryptoTask.cpp",
+    "DataStorage.cpp",
+    "EnterpriseRoots.cpp",
+    "IPCClientCertsChild.cpp",
+    "IPCClientCertsParent.cpp",
+    "md4.c",
+    "nsCertOverrideService.cpp",
+    "nsCertTree.cpp",
+    "nsClientAuthRemember.cpp",
+    "nsNSSCallbacks.cpp",
+    "nsNSSCertHelper.cpp",
+    "nsNSSCertificate.cpp",
+    "nsNSSCertificateDB.cpp",
+    "nsNSSCertTrust.cpp",
+    "nsNSSComponent.cpp",
+    "nsNSSIOLayer.cpp",
+    "nsNSSModule.cpp",
+    "nsNSSVersion.cpp",
+    "nsNTLMAuthModule.cpp",
+    "nsPK11TokenDB.cpp",
+    "nsPKCS11Slot.cpp",
+    "nsPKCS12Blob.cpp",
+    "nsRandomGenerator.cpp",
+    "nsSecureBrowserUI.cpp",
+    "nsSecurityHeaderParser.cpp",
+    "NSSErrorsService.cpp",
+    "nsSiteSecurityService.cpp",
+    "NSSKeyStore.cpp",
+    "nsSSLSocketProvider.cpp",
+    "NSSSocketControl.cpp",
+    "nsTLSSocketProvider.cpp",
+    "OSKeyStore.cpp",
+    "PKCS11ModuleDB.cpp",
+    "PSMRunnable.cpp",
+    "PublicKeyPinningService.cpp",
+    "RootCertificateTelemetryUtils.cpp",
+    "SecretDecoderRing.cpp",
+    "SharedSSLState.cpp",
+    "SSLServerCertVerification.cpp",
+    "TLSClientAuthCertSelection.cpp",
+    "TransportSecurityInfo.cpp",
+    "VerifySSLServerCertChild.cpp",
+    "VerifySSLServerCertParent.cpp",
+    "X509CertValidity.cpp",
+]
+
+if CONFIG["OS_ARCH"] == "WINNT":
+    # On Windows this file includes ntsecapi.h, which contains definitions that
+    # conflict with headers included in remaining source files. We compile this
+    # one independently to prevent that interferance.
+    SOURCES += [
+        "OSReauthenticator.cpp",
+    ]
+else:
+    UNIFIED_SOURCES += [
+        "OSReauthenticator.cpp",
+    ]
+
+if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
+    UNIFIED_SOURCES += [
+        "LibSecret.cpp",
+    ]
+    CFLAGS += CONFIG["GLIB_CFLAGS"]
+    CXXFLAGS += CONFIG["GLIB_CFLAGS"]
+
+if CONFIG["OS_ARCH"] == "Darwin":
+    UNIFIED_SOURCES += [
+        "KeychainSecret.cpp",
+        "OSReauthenticatorDarwin.mm",
+    ]
+    OS_LIBS += [
+        "-framework LocalAuthentication",
+        "-framework Security",
+    ]
+
+if CONFIG["OS_ARCH"] == "WINNT":
+    OS_LIBS += ["credui"]
+    UNIFIED_SOURCES += [
+        "CredentialManagerSecret.cpp",
+    ]
+
+IPDL_SOURCES += [
+    "PIPCClientCerts.ipdl",
+    "PSelectTLSClientAuthCert.ipdl",
+    "PSMIPCTypes.ipdlh",
+    "PVerifySSLServerCert.ipdl",
+]
+
+FINAL_LIBRARY = "xul"
+
+LOCAL_INCLUDES += [
+    "!/dist/public/nss",
+    "/dom/base",
+    "/dom/crypto",
+    "/netwerk/base",
+    "/security/certverifier",
+    "/third_party/rust/cose-c/include",
+    "/xpcom/build",
+]
+
+GeneratedFile(
+    "nsSTSPreloadListGenerated.inc",
+    script="../../../xpcom/ds/tools/make_dafsa.py",
+    inputs=["nsSTSPreloadList.inc"],
+)
+
+DEFINES["SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES"] = "True"
+DEFINES["NSS_ENABLE_ECC"] = "True"
+
+# mozpkix is linked statically from the in-tree sources independent of whether
+# system NSS is used or not.
+USE_LIBS += ["mozpkix"]
+
+include("/ipc/chromium/chromium-config.mozbuild")
+
+if CONFIG["CC_TYPE"] in ("clang", "gcc"):
+    CXXFLAGS += [
+        "-Wextra",
+        # -Wextra enables this warning, but it's too noisy to be useful.
+        "-Wno-missing-field-initializers",
+    ]
+
+    # Gecko headers aren't warning-free enough for us to enable these warnings.
+    CXXFLAGS += [
+        "-Wno-unused-parameter",
+    ]
+
+headers_arrays_certs = [
+    (
+        "xpcshell.inc",
+        "xpcshellRoot",
+        "tests/unit/test_signed_apps/xpcshellTestRoot.der",
+    ),
+    ("addons-public.inc", "addonsPublicRoot", "addons-public.crt"),
+    (
+        "addons-public-intermediate.inc",
+        "addonsPublicIntermediate",
+        "addons-public-intermediate.crt",
+    ),
+    ("addons-stage.inc", "addonsStageRoot", "addons-stage.crt"),
+    (
+        "content-signature-prod.inc",
+        "contentSignatureProdRoot",
+        "content-signature-prod.crt",
+    ),
+    (
+        "content-signature-stage.inc",
+        "contentSignatureStageRoot",
+        "content-signature-stage.crt",
+    ),
+    # The dev root is the same as the stage root.
+    (
+        "content-signature-dev.inc",
+        "contentSignatureDevRoot",
+        "content-signature-stage.crt",
+    ),
+    (
+        "content-signature-local.inc",
+        "contentSignatureLocalRoot",
+        "content-signature-local.crt",
+    ),
+]
+
+for header, array_name, cert in headers_arrays_certs:
+    GeneratedFile(
+        header, script="gen_cert_header.py", entry_point=array_name, inputs=[cert]
+    )
diff --git a/security/manager/ssl/nsCertOverrideService.cpp b/security/manager/ssl/nsCertOverrideService.cpp
new file mode 100644
index 0000000000..b8d0bbc3a1
--- /dev/null
+++ b/security/manager/ssl/nsCertOverrideService.cpp
@@ -0,0 +1,757 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCertOverrideService.h"
+
+#include "NSSCertDBTrustDomain.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/TaskQueue.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/TextUtils.h"
+#include "mozilla/Tokenizer.h"
+#include "mozilla/Unused.h"
+#include "mozilla/dom/ToJSValue.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRT.h"
+#include "nsILineInputStream.h"
+#ifdef ENABLE_WEBDRIVER
+#  include "nsIMarionette.h"
+#endif
+#include "nsIObserver.h"
+#include "nsIObserverService.h"
+#include "nsIOutputStream.h"
+#ifdef ENABLE_WEBDRIVER
+#  include "nsIRemoteAgent.h"
+#endif
+#include "nsISafeOutputStream.h"
+#include "nsIX509Cert.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNetUtil.h"
+#include "nsStreamUtils.h"
+#include "nsStringBuffer.h"
+#include "nsThreadUtils.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+#define CERT_OVERRIDE_FILE_NAME "cert_override.txt"
+
+class WriterRunnable : public Runnable {
+ public:
+  WriterRunnable(nsCertOverrideService* aService, nsCString& aData,
+                 nsCOMPtr<nsIFile> aFile)
+      : Runnable("nsCertOverrideService::WriterRunnable"),
+        mCertOverrideService(aService),
+        mData(aData),
+        mFile(std::move(aFile)) {}
+
+  NS_IMETHOD
+  Run() override {
+    mCertOverrideService->AssertOnTaskQueue();
+    nsresult rv;
+
+    auto removeShutdownBlockerOnExit =
+        MakeScopeExit([certOverrideService = mCertOverrideService]() {
+          NS_DispatchToMainThread(NS_NewRunnableFunction(
+              "nsCertOverrideService::RemoveShutdownBlocker",
+              [certOverrideService] {
+                certOverrideService->RemoveShutdownBlocker();
+              }));
+        });
+
+    nsCOMPtr<nsIOutputStream> outputStream;
+    rv = NS_NewSafeLocalFileOutputStream(
+        getter_AddRefs(outputStream), mFile,
+        PR_CREATE_FILE | PR_TRUNCATE | PR_WRONLY);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    const char* ptr = mData.get();
+    uint32_t remaining = mData.Length();
+    uint32_t written = 0;
+    while (remaining > 0) {
+      rv = outputStream->Write(ptr, remaining, &written);
+      NS_ENSURE_SUCCESS(rv, rv);
+      remaining -= written;
+      ptr += written;
+    }
+
+    nsCOMPtr<nsISafeOutputStream> safeStream = do_QueryInterface(outputStream);
+    MOZ_ASSERT(safeStream);
+    rv = safeStream->Finish();
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    return NS_OK;
+  }
+
+ private:
+  const RefPtr<nsCertOverrideService> mCertOverrideService;
+  nsCString mData;
+  const nsCOMPtr<nsIFile> mFile;
+};
+
+NS_IMPL_ISUPPORTS(nsCertOverride, nsICertOverride)
+
+NS_IMETHODIMP
+nsCertOverride::GetAsciiHost(/*out*/ nsACString& aAsciiHost) {
+  aAsciiHost = mAsciiHost;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverride::GetFingerprint(/*out*/ nsACString& aFingerprint) {
+  aFingerprint = mFingerprint;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverride::GetPort(/*out*/ int32_t* aPort) {
+  *aPort = mPort;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverride::GetHostPort(/*out*/ nsACString& aHostPort) {
+  nsCertOverrideService::GetHostWithPort(mAsciiHost, mPort, aHostPort);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverride::GetOriginAttributes(
+    JSContext* aCtx, /*out*/ JS::MutableHandle<JS::Value> aValue) {
+  if (ToJSValue(aCtx, mOriginAttributes, aValue)) {
+    return NS_OK;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMPL_ISUPPORTS(nsCertOverrideService, nsICertOverrideService, nsIObserver,
+                  nsISupportsWeakReference, nsIAsyncShutdownBlocker)
+
+nsCertOverrideService::nsCertOverrideService()
+    : mMutex("nsCertOverrideService.mutex"),
+      mDisableAllSecurityCheck(false),
+      mPendingWriteCount(0) {
+  nsCOMPtr<nsIEventTarget> target =
+      do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID);
+  MOZ_ASSERT(target);
+
+  mWriterTaskQueue = TaskQueue::Create(target.forget(), "CertOverrideService");
+}
+
+nsCertOverrideService::~nsCertOverrideService() = default;
+
+static nsCOMPtr<nsIAsyncShutdownClient> GetShutdownBarrier() {
+  MOZ_ASSERT(NS_IsMainThread());
+  nsCOMPtr<nsIAsyncShutdownService> svc =
+      mozilla::services::GetAsyncShutdownService();
+  MOZ_RELEASE_ASSERT(svc);
+
+  nsCOMPtr<nsIAsyncShutdownClient> barrier;
+  nsresult rv = svc->GetProfileBeforeChange(getter_AddRefs(barrier));
+
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+  MOZ_RELEASE_ASSERT(barrier);
+  return barrier;
+}
+
+nsresult nsCertOverrideService::Init() {
+  if (!NS_IsMainThread()) {
+    MOZ_ASSERT_UNREACHABLE("nsCertOverrideService initialized off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+
+  // If we cannot add ourselves as a profile change observer, then we will not
+  // attempt to read/write any settings file. Otherwise, we would end up
+  // reading/writing the wrong settings file after a profile change.
+  if (observerService) {
+    observerService->AddObserver(this, "profile-do-change", true);
+    // simulate a profile change so we read the current profile's settings file
+    Observe(nullptr, "profile-do-change", nullptr);
+  }
+
+  SharedSSLState::NoteCertOverrideServiceInstantiated();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::Observe(nsISupports*, const char* aTopic,
+                               const char16_t* aData) {
+  if (!nsCRT::strcmp(aTopic, "profile-do-change")) {
+    // The profile has already changed.
+    // Now read from the new profile location.
+    // we also need to update the cached file location
+
+    MutexAutoLock lock(mMutex);
+
+    nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                         getter_AddRefs(mSettingsFile));
+    if (NS_SUCCEEDED(rv)) {
+      mSettingsFile->AppendNative(nsLiteralCString(CERT_OVERRIDE_FILE_NAME));
+    } else {
+      mSettingsFile = nullptr;
+    }
+    Read(lock);
+    CountPermanentOverrideTelemetry(lock);
+  }
+
+  return NS_OK;
+}
+
+void nsCertOverrideService::RemoveAllTemporaryOverrides() {
+  MutexAutoLock lock(mMutex);
+  bool removedAny = false;
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    nsCertOverrideEntry* entry = iter.Get();
+    if (entry->mSettings->mIsTemporary) {
+      iter.Remove();
+      removedAny = true;
+    }
+  }
+  if (removedAny) {
+    nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+    if (os) {
+      os->NotifyObservers(nullptr, "net:cancel-all-connections", nullptr);
+    }
+  }
+  // no need to write, as temporaries are never written to disk
+}
+
+static const char sSHA256OIDString[] = "OID.2.16.840.1.101.3.4.2.1";
+nsresult nsCertOverrideService::Read(const MutexAutoLock& aProofOfLock) {
+  mMutex.AssertCurrentThreadOwns();
+  // If we don't have a profile, then we won't try to read any settings file.
+  if (!mSettingsFile) return NS_OK;
+
+  nsresult rv;
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream),
+                                  mSettingsFile);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsILineInputStream> lineInputStream =
+      do_QueryInterface(fileInputStream, &rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsAutoCString buffer;
+  bool isMore = true;
+
+  // Each line is of the form:
+  // host:port:originAttributes \t sSHA256OIDString \t fingerprint \t
+  // There may be some "bits" identifiers and "dbKey" after the `fingerprint`
+  // field in 'fingerprint \t \t dbKey' format, but these are now ignored.
+  // Lines that don't match this form are silently dropped.
+
+  while (isMore && NS_SUCCEEDED(lineInputStream->ReadLine(buffer, &isMore))) {
+    if (buffer.IsEmpty() || buffer.First() == '#') {
+      continue;
+    }
+
+    Tokenizer parser(buffer);
+    nsDependentCSubstring host;
+    if (parser.CheckChar('[')) {  // this is a IPv6 address
+      if (!parser.ReadUntil(Tokenizer::Token::Char(']'), host) ||
+          host.Length() == 0 || !parser.CheckChar(':')) {
+        continue;
+      }
+    } else if (!parser.ReadUntil(Tokenizer::Token::Char(':'), host) ||
+               host.Length() == 0) {
+      continue;
+    }
+    int32_t port = -1;
+    if (!parser.ReadInteger(&port)) {
+      continue;
+    }
+    OriginAttributes attributes;
+    if (parser.CheckChar(':')) {
+      nsDependentCSubstring attributesString;
+      if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), attributesString) ||
+          !attributes.PopulateFromSuffix(attributesString)) {
+        continue;
+      }
+    } else if (!parser.CheckWhite()) {
+      continue;
+    }
+    nsDependentCSubstring algorithm;
+    if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), algorithm) ||
+        algorithm != sSHA256OIDString) {
+      continue;
+    }
+    nsDependentCSubstring fingerprint;
+    if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), fingerprint) ||
+        fingerprint.Length() == 0) {
+      continue;
+    }
+
+    AddEntryToList(host, port, attributes,
+                   false,  // not temporary
+                   fingerprint, aProofOfLock);
+  }
+
+  return NS_OK;
+}
+
+nsresult nsCertOverrideService::Write(const MutexAutoLock& aProofOfLock) {
+  mMutex.AssertCurrentThreadOwns();
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  // If we don't have any profile, then we won't try to write any file
+  if (!mSettingsFile) {
+    return NS_OK;
+  }
+
+  nsCString output;
+
+  static const char kHeader[] =
+      "# PSM Certificate Override Settings file" NS_LINEBREAK
+      "# This is a generated file!  Do not edit." NS_LINEBREAK;
+
+  /* see ::Read for file format */
+
+  output.Append(kHeader);
+
+  static const char kTab[] = "\t";
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    nsCertOverrideEntry* entry = iter.Get();
+
+    RefPtr<nsCertOverride> settings = entry->mSettings;
+    if (settings->mIsTemporary) {
+      continue;
+    }
+
+    output.Append(entry->mKeyString);
+    output.Append(kTab);
+    output.Append(sSHA256OIDString);
+    output.Append(kTab);
+    output.Append(settings->mFingerprint);
+    output.Append(kTab);
+    // the "bits" string used to go here, but it no longer exists
+    // the "\t dbKey" string used to go here, but it no longer exists
+    output.Append(NS_LINEBREAK);
+  }
+
+  // Make a clone of the file to pass to the WriterRunnable.
+  nsCOMPtr<nsIFile> file;
+  nsresult rv;
+  rv = mSettingsFile->Clone(getter_AddRefs(file));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  nsCOMPtr<nsIRunnable> runnable = new WriterRunnable(this, output, file);
+  rv = mWriterTaskQueue->Dispatch(runnable.forget());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  mPendingWriteCount++;
+
+  if (mPendingWriteCount == 1) {
+    rv = GetShutdownBarrier()->AddBlocker(
+        this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__), __LINE__,
+        u"nsCertOverrideService writing data"_ns);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  return NS_OK;
+}
+
+nsresult GetCertSha256Fingerprint(nsIX509Cert* aCert, nsCString& aResult) {
+  nsAutoString fpStrUTF16;
+  nsresult rv = aCert->GetSha256Fingerprint(fpStrUTF16);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  aResult.Assign(NS_ConvertUTF16toUTF8(fpStrUTF16));
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::RememberValidityOverride(
+    const nsACString& aHostName, int32_t aPort,
+    const OriginAttributes& aOriginAttributes, nsIX509Cert* aCert,
+    bool aTemporary) {
+  if (aHostName.IsEmpty() || !IsAscii(aHostName) || !aCert) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aPort < -1) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  UniqueCERTCertificate nsscert(aCert->GetCert());
+  if (!nsscert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoCString fpStr;
+  nsresult rv = GetCertSha256Fingerprint(aCert, fpStr);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  {
+    MutexAutoLock lock(mMutex);
+    AddEntryToList(aHostName, aPort, aOriginAttributes, aTemporary, fpStr,
+                   lock);
+    if (!aTemporary) {
+      Write(lock);
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::RememberValidityOverrideScriptable(
+    const nsACString& aHostName, int32_t aPort,
+    JS::Handle<JS::Value> aOriginAttributes, nsIX509Cert* aCert,
+    bool aTemporary, JSContext* aCx) {
+  OriginAttributes attrs;
+  if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  return RememberValidityOverride(aHostName, aPort, attrs, aCert, aTemporary);
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::HasMatchingOverride(
+    const nsACString& aHostName, int32_t aPort,
+    const OriginAttributes& aOriginAttributes, nsIX509Cert* aCert,
+    bool* aIsTemporary, bool* aRetval) {
+  bool disableAllSecurityCheck = false;
+  {
+    MutexAutoLock lock(mMutex);
+    disableAllSecurityCheck = mDisableAllSecurityCheck;
+  }
+  if (disableAllSecurityCheck) {
+    *aIsTemporary = false;
+    *aRetval = true;
+    return NS_OK;
+  }
+
+  if (aHostName.IsEmpty() || !IsAscii(aHostName)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aPort < -1) return NS_ERROR_INVALID_ARG;
+
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aIsTemporary);
+  NS_ENSURE_ARG_POINTER(aRetval);
+  *aRetval = false;
+
+  RefPtr<nsCertOverride> settings(
+      GetOverrideFor(aHostName, aPort, aOriginAttributes));
+  // If there is no corresponding override and the given OriginAttributes isn't
+  // the default, try to look up an override using the default OriginAttributes.
+  if (!settings && aOriginAttributes != OriginAttributes()) {
+    settings = GetOverrideFor(aHostName, aPort, OriginAttributes());
+  }
+  if (!settings) {
+    return NS_OK;
+  }
+
+  *aIsTemporary = settings->mIsTemporary;
+
+  nsAutoCString fpStr;
+  nsresult rv = GetCertSha256Fingerprint(aCert, fpStr);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  *aRetval = settings->mFingerprint.Equals(fpStr);
+  return NS_OK;
+}
+
+already_AddRefed<nsCertOverride> nsCertOverrideService::GetOverrideFor(
+    const nsACString& aHostName, int32_t aPort,
+    const OriginAttributes& aOriginAttributes) {
+  nsAutoCString keyString;
+  GetKeyString(aHostName, aPort, aOriginAttributes, keyString);
+  MutexAutoLock lock(mMutex);
+  nsCertOverrideEntry* entry = mSettingsTable.GetEntry(keyString.get());
+  if (!entry) {
+    return nullptr;
+  }
+  return do_AddRef(entry->mSettings);
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::HasMatchingOverrideScriptable(
+    const nsACString& aHostName, int32_t aPort,
+    JS::Handle<JS::Value> aOriginAttributes, nsIX509Cert* aCert,
+    bool* aIsTemporary, JSContext* aCx, bool* aRetval) {
+  OriginAttributes attrs;
+  if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  return HasMatchingOverride(aHostName, aPort, attrs, aCert, aIsTemporary,
+                             aRetval);
+}
+
+nsresult nsCertOverrideService::AddEntryToList(
+    const nsACString& aHostName, int32_t aPort,
+    const OriginAttributes& aOriginAttributes, const bool aIsTemporary,
+    const nsACString& fingerprint, const MutexAutoLock& aProofOfLock) {
+  mMutex.AssertCurrentThreadOwns();
+  nsAutoCString keyString;
+  GetKeyString(aHostName, aPort, aOriginAttributes, keyString);
+
+  nsCertOverrideEntry* entry = mSettingsTable.PutEntry(keyString.get());
+
+  if (!entry) {
+    NS_ERROR("can't insert a null entry!");
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  entry->mKeyString = keyString;
+
+  RefPtr<nsCertOverride> settings(new nsCertOverride());
+
+  settings->mAsciiHost = aHostName;
+  settings->mPort = aPort;
+  settings->mOriginAttributes = aOriginAttributes;
+  settings->mIsTemporary = aIsTemporary;
+  settings->mFingerprint = fingerprint;
+  entry->mSettings = settings;
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::ClearValidityOverride(
+    const nsACString& aHostName, int32_t aPort,
+    const OriginAttributes& aOriginAttributes) {
+  if (aHostName.IsEmpty() || !IsAscii(aHostName)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (aPort == 0 && aHostName.EqualsLiteral("all:temporary-certificates")) {
+    RemoveAllTemporaryOverrides();
+    return NS_OK;
+  }
+  nsAutoCString keyString;
+  GetKeyString(aHostName, aPort, aOriginAttributes, keyString);
+  {
+    MutexAutoLock lock(mMutex);
+    mSettingsTable.RemoveEntry(keyString.get());
+    Write(lock);
+  }
+
+  nsCOMPtr<nsINSSComponent> nss(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (nss) {
+    nss->ClearSSLExternalAndInternalSessionCache();
+  } else {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+  if (os) {
+    os->NotifyObservers(nullptr, "net:cancel-all-connections", nullptr);
+  }
+
+  return NS_OK;
+}
+NS_IMETHODIMP
+nsCertOverrideService::ClearValidityOverrideScriptable(
+    const nsACString& aHostName, int32_t aPort,
+    JS::Handle<JS::Value> aOriginAttributes, JSContext* aCx) {
+  OriginAttributes attrs;
+  if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  return ClearValidityOverride(aHostName, aPort, attrs);
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::ClearAllOverrides() {
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  {
+    MutexAutoLock lock(mMutex);
+    mSettingsTable.Clear();
+    Write(lock);
+  }
+
+  nsCOMPtr<nsINSSComponent> nss(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (nss) {
+    nss->ClearSSLExternalAndInternalSessionCache();
+  } else {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+  if (os) {
+    os->NotifyObservers(nullptr, "net:cancel-all-connections", nullptr);
+  }
+
+  return NS_OK;
+}
+
+void nsCertOverrideService::CountPermanentOverrideTelemetry(
+    const MutexAutoLock& aProofOfLock) {
+  mMutex.AssertCurrentThreadOwns();
+  uint32_t overrideCount = 0;
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    if (!iter.Get()->mSettings->mIsTemporary) {
+      overrideCount++;
+    }
+  }
+  Telemetry::Accumulate(Telemetry::SSL_PERMANENT_CERT_ERROR_OVERRIDES,
+                        overrideCount);
+}
+
+static bool IsDebugger() {
+#ifdef ENABLE_WEBDRIVER
+  nsCOMPtr<nsIMarionette> marionette = do_GetService(NS_MARIONETTE_CONTRACTID);
+  if (marionette) {
+    bool marionetteRunning = false;
+    marionette->GetRunning(&marionetteRunning);
+    if (marionetteRunning) {
+      return true;
+    }
+  }
+
+  nsCOMPtr<nsIRemoteAgent> agent = do_GetService(NS_REMOTEAGENT_CONTRACTID);
+  if (agent) {
+    bool remoteAgentRunning = false;
+    agent->GetRunning(&remoteAgentRunning);
+    if (remoteAgentRunning) {
+      return true;
+    }
+  }
+#endif
+
+  return false;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::
+    SetDisableAllSecurityChecksAndLetAttackersInterceptMyData(bool aDisable) {
+  if (!(PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR") || IsDebugger())) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  {
+    MutexAutoLock lock(mMutex);
+    mDisableAllSecurityCheck = aDisable;
+  }
+
+  nsCOMPtr<nsINSSComponent> nss(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (nss) {
+    nss->ClearSSLExternalAndInternalSessionCache();
+  } else {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::GetSecurityCheckDisabled(bool* aDisabled) {
+  MutexAutoLock lock(mMutex);
+  *aDisabled = mDisableAllSecurityCheck;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::GetOverrides(
+    /*out*/ nsTArray<RefPtr<nsICertOverride>>& retval) {
+  MutexAutoLock lock(mMutex);
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    const RefPtr<nsICertOverride> settings = iter.Get()->mSettings;
+
+    retval.AppendElement(settings);
+  }
+  return NS_OK;
+}
+
+void nsCertOverrideService::GetHostWithPort(const nsACString& aHostName,
+                                            int32_t aPort,
+                                            nsACString& aRetval) {
+  nsAutoCString hostPort;
+  if (aHostName.Contains(':')) {
+    // if aHostName is an IPv6 address, add brackets to match the internal
+    // representation, which always stores IPv6 addresses with brackets
+    hostPort.Append('[');
+    hostPort.Append(aHostName);
+    hostPort.Append(']');
+  } else {
+    hostPort.Append(aHostName);
+  }
+  if (aPort == -1) {
+    aPort = 443;
+  }
+  if (!hostPort.IsEmpty()) {
+    hostPort.Append(':');
+    hostPort.AppendInt(aPort);
+  }
+  aRetval.Assign(hostPort);
+}
+
+void nsCertOverrideService::GetKeyString(
+    const nsACString& aHostName, int32_t aPort,
+    const OriginAttributes& aOriginAttributes, nsACString& aRetval) {
+  nsAutoCString keyString;
+  GetHostWithPort(aHostName, aPort, keyString);
+  keyString.Append(':');
+  OriginAttributes strippedAttributes(aOriginAttributes);
+  strippedAttributes.StripAttributes(
+      ~OriginAttributes::STRIP_PRIVATE_BROWSING_ID);
+  nsAutoCString attributeSuffix;
+  strippedAttributes.CreateSuffix(attributeSuffix);
+  keyString.Append(attributeSuffix);
+  aRetval.Assign(keyString);
+}
+
+// nsIAsyncShutdownBlocker implementation
+NS_IMETHODIMP
+nsCertOverrideService::GetName(nsAString& aName) {
+  aName = u"nsCertOverrideService: shutdown"_ns;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::GetState(nsIPropertyBag** aState) {
+  if (!aState) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  *aState = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::BlockShutdown(nsIAsyncShutdownClient*) { return NS_OK; }
+
+void nsCertOverrideService::RemoveShutdownBlocker() {
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(mPendingWriteCount > 0);
+  mPendingWriteCount--;
+  if (mPendingWriteCount == 0) {
+    nsresult rv = GetShutdownBarrier()->RemoveBlocker(this);
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+  }
+}
diff --git a/security/manager/ssl/nsCertOverrideService.h b/security/manager/ssl/nsCertOverrideService.h
new file mode 100644
index 0000000000..21cff56300
--- /dev/null
+++ b/security/manager/ssl/nsCertOverrideService.h
@@ -0,0 +1,152 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsCertOverrideService_h
+#define nsCertOverrideService_h
+
+#include <utility>
+
+#include "mozilla/HashFunctions.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/OriginAttributes.h"
+#include "mozilla/TaskQueue.h"
+#include "nsIAsyncShutdown.h"
+#include "nsICertOverrideService.h"
+#include "nsIFile.h"
+#include "nsIObserver.h"
+#include "nsString.h"
+#include "nsTHashtable.h"
+#include "nsWeakReference.h"
+#include "secoidt.h"
+
+class nsCertOverride final : public nsICertOverride {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTOVERRIDE
+
+  nsCertOverride() : mPort(-1), mIsTemporary(false) {}
+
+  nsCString mAsciiHost;
+  int32_t mPort;
+  mozilla::OriginAttributes mOriginAttributes;
+  bool mIsTemporary;  // true: session only, false: stored on disk
+  nsCString mFingerprint;
+
+ private:
+  ~nsCertOverride() = default;
+};
+
+// hash entry class
+class nsCertOverrideEntry final : public PLDHashEntryHdr {
+ public:
+  // Hash methods
+  typedef const char* KeyType;
+  typedef const char* KeyTypePointer;
+
+  // do nothing with aHost - we require mHead to be set before we're live!
+  explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8) {}
+
+  nsCertOverrideEntry(nsCertOverrideEntry&& toMove)
+      : PLDHashEntryHdr(std::move(toMove)),
+        mSettings(std::move(toMove.mSettings)),
+        mKeyString(std::move(toMove.mKeyString)) {}
+
+  ~nsCertOverrideEntry() = default;
+
+  KeyType GetKey() const { return KeyStringPtr(); }
+
+  KeyTypePointer GetKeyPointer() const { return KeyStringPtr(); }
+
+  bool KeyEquals(KeyTypePointer aKey) const {
+    return !strcmp(KeyStringPtr(), aKey);
+  }
+
+  static KeyTypePointer KeyToPointer(KeyType aKey) { return aKey; }
+
+  static PLDHashNumber HashKey(KeyTypePointer aKey) {
+    return mozilla::HashString(aKey);
+  }
+
+  enum { ALLOW_MEMMOVE = false };
+
+  // get methods
+  inline const nsCString& KeyString() const { return mKeyString; }
+
+  inline KeyTypePointer KeyStringPtr() const { return mKeyString.get(); }
+
+  RefPtr<nsCertOverride> mSettings;
+  nsCString mKeyString;
+};
+
+class nsCertOverrideService final : public nsICertOverrideService,
+                                    public nsIObserver,
+                                    public nsSupportsWeakReference,
+                                    public nsIAsyncShutdownBlocker {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTOVERRIDESERVICE
+  NS_DECL_NSIOBSERVER
+  NS_DECL_NSIASYNCSHUTDOWNBLOCKER
+
+  nsCertOverrideService();
+
+  nsresult Init();
+  void RemoveAllTemporaryOverrides();
+
+  // Concatenates host name and the port number. If the port number is -1 then
+  // port 443 is automatically used. This method ensures there is always a port
+  // number separated with colon.
+  static void GetHostWithPort(const nsACString& aHostName, int32_t aPort,
+                              nsACString& aRetval);
+
+  // Concatenates host name, port number, and origin attributes.
+  static void GetKeyString(const nsACString& aHostName, int32_t aPort,
+                           const mozilla::OriginAttributes& aOriginAttributes,
+                           nsACString& aRetval);
+
+  void AssertOnTaskQueue() const {
+    MOZ_ASSERT(mWriterTaskQueue->IsOnCurrentThread());
+  }
+
+  void RemoveShutdownBlocker();
+
+ private:
+  ~nsCertOverrideService();
+
+  mozilla::Mutex mMutex;
+  bool mDisableAllSecurityCheck MOZ_GUARDED_BY(mMutex);
+  nsCOMPtr<nsIFile> mSettingsFile MOZ_GUARDED_BY(mMutex);
+  nsTHashtable<nsCertOverrideEntry> mSettingsTable MOZ_GUARDED_BY(mMutex);
+
+  void CountPermanentOverrideTelemetry(
+      const mozilla::MutexAutoLock& aProofOfLock);
+
+  nsresult Read(const mozilla::MutexAutoLock& aProofOfLock);
+  nsresult Write(const mozilla::MutexAutoLock& aProofOfLock);
+  nsresult AddEntryToList(const nsACString& host, int32_t port,
+                          const mozilla::OriginAttributes& aOriginAttributes,
+                          const bool aIsTemporary,
+                          const nsACString& fingerprint,
+                          const mozilla::MutexAutoLock& aProofOfLock);
+  already_AddRefed<nsCertOverride> GetOverrideFor(
+      const nsACString& aHostName, int32_t aPort,
+      const mozilla::OriginAttributes& aOriginAttributes);
+
+  // Set in constructor only
+  RefPtr<mozilla::TaskQueue> mWriterTaskQueue;
+
+  // Only accessed on the main thread
+  uint64_t mPendingWriteCount;
+};
+
+#define NS_CERTOVERRIDE_CID                          \
+  { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */       \
+    0x67ba681d, 0x5485, 0x4fff, {                    \
+      0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6 \
+    }                                                \
+  }
+
+#endif  // nsCertOverrideService_h
diff --git a/security/manager/ssl/nsCertTree.cpp b/security/manager/ssl/nsCertTree.cpp
new file mode 100644
index 0000000000..0448cf4566
--- /dev/null
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -0,0 +1,844 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCertTree.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/intl/AppDateTimeFormat.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsHashKeys.h"
+#include "nsISupportsPrimitives.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertValidity.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsComponentManagerUtils.h"
+#include "nsNSSCertificateDB.h"
+#include "nsNSSHelper.h"
+#include "nsReadableUtils.h"
+#include "nsTHashtable.h"
+#include "nsUnicharUtils.h"
+#include "nsXPCOMCID.h"
+#include "nsString.h"
+#include "nsTreeColumns.h"
+#include "mozpkix/pkixtypes.h"
+
+using namespace mozilla;
+
+extern LazyLogModule gPIPNSSLog;
+
+// treeArrayElStr
+//
+// structure used to hold map of tree.  Each thread (an organization
+// field from a cert) has an element in the array.  The numChildren field
+// stores the number of certs corresponding to that thread.
+struct treeArrayElStr {
+  nsString orgName;    /* heading for thread                   */
+  bool open;           /* toggle open state for thread         */
+  int32_t certIndex;   /* index into cert array for 1st cert   */
+  int32_t numChildren; /* number of chidren (certs) for thread */
+};
+
+CompareCacheHashEntryPtr::CompareCacheHashEntryPtr() {
+  entry = new CompareCacheHashEntry;
+}
+
+CompareCacheHashEntryPtr::~CompareCacheHashEntryPtr() { delete entry; }
+
+CompareCacheHashEntry::CompareCacheHashEntry() : key(nullptr), mCritInit() {
+  for (int i = 0; i < max_criterions; ++i) {
+    mCritInit[i] = false;
+    mCrit[i].SetIsVoid(true);
+  }
+}
+
+static bool CompareCacheMatchEntry(const PLDHashEntryHdr* hdr,
+                                   const void* key) {
+  const CompareCacheHashEntryPtr* entryPtr =
+      static_cast<const CompareCacheHashEntryPtr*>(hdr);
+  return entryPtr->entry->key == key;
+}
+
+static void CompareCacheInitEntry(PLDHashEntryHdr* hdr, const void* key) {
+  new (hdr) CompareCacheHashEntryPtr();
+  CompareCacheHashEntryPtr* entryPtr =
+      static_cast<CompareCacheHashEntryPtr*>(hdr);
+  entryPtr->entry->key = (void*)key;
+}
+
+static void CompareCacheClearEntry(PLDHashTable* table, PLDHashEntryHdr* hdr) {
+  CompareCacheHashEntryPtr* entryPtr =
+      static_cast<CompareCacheHashEntryPtr*>(hdr);
+  entryPtr->~CompareCacheHashEntryPtr();
+}
+
+static const PLDHashTableOps gMapOps = {
+    PLDHashTable::HashVoidPtrKeyStub, CompareCacheMatchEntry,
+    PLDHashTable::MoveEntryStub, CompareCacheClearEntry, CompareCacheInitEntry};
+
+NS_IMPL_ISUPPORTS(nsCertTreeDispInfo, nsICertTreeItem)
+
+nsCertTreeDispInfo::~nsCertTreeDispInfo() = default;
+
+NS_IMETHODIMP
+nsCertTreeDispInfo::GetCert(nsIX509Cert** aCert) {
+  NS_ENSURE_ARG(aCert);
+  nsCOMPtr<nsIX509Cert> cert = mCert;
+  cert.forget(aCert);
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsCertTree, nsICertTree, nsITreeView)
+
+nsCertTree::nsCertTree()
+    : mTreeArray(nullptr),
+      mNumOrgs(0),
+      mNumRows(0),
+      mCompareCache(&gMapOps, sizeof(CompareCacheHashEntryPtr),
+                    kInitialCacheLength) {
+  mCellText = nullptr;
+}
+
+void nsCertTree::ClearCompareHash() {
+  mCompareCache.ClearAndPrepareForLength(kInitialCacheLength);
+}
+
+nsCertTree::~nsCertTree() { delete[] mTreeArray; }
+
+void nsCertTree::FreeCertArray() { mDispInfo.Clear(); }
+
+CompareCacheHashEntry* nsCertTree::getCacheEntry(void* cache, void* aCert) {
+  PLDHashTable& aCompareCache = *static_cast<PLDHashTable*>(cache);
+  auto entryPtr = static_cast<CompareCacheHashEntryPtr*>(
+      aCompareCache.Add(aCert, fallible));
+  return entryPtr ? entryPtr->entry : nullptr;
+}
+
+void nsCertTree::RemoveCacheEntry(void* key) { mCompareCache.Remove(key); }
+
+// CountOrganizations
+//
+// Count the number of different organizations encountered in the cert
+// list.
+int32_t nsCertTree::CountOrganizations() {
+  uint32_t i, certCount;
+  certCount = mDispInfo.Length();
+  if (certCount == 0) return 0;
+  nsCOMPtr<nsIX509Cert> orgCert = mDispInfo.ElementAt(0)->mCert;
+  nsCOMPtr<nsIX509Cert> nextCert = nullptr;
+  int32_t orgCount = 1;
+  for (i = 1; i < certCount; i++) {
+    nextCert = mDispInfo.SafeElementAt(i, nullptr)->mCert;
+    // XXX we assume issuer org is always criterion 1
+    if (CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg, sort_None,
+              sort_None) != 0) {
+      orgCert = nextCert;
+      orgCount++;
+    }
+  }
+  return orgCount;
+}
+
+// GetThreadDescAtIndex
+//
+// If the row at index is an organization thread, return the collection
+// associated with that thread.  Otherwise, return null.
+treeArrayEl* nsCertTree::GetThreadDescAtIndex(int32_t index) {
+  int i, idx = 0;
+  if (index < 0) return nullptr;
+  for (i = 0; i < mNumOrgs; i++) {
+    if (index == idx) {
+      return &mTreeArray[i];
+    }
+    if (mTreeArray[i].open) {
+      idx += mTreeArray[i].numChildren;
+    }
+    idx++;
+    if (idx > index) break;
+  }
+  return nullptr;
+}
+
+//  GetCertAtIndex
+//
+//  If the row at index is a cert, return that cert.  Otherwise, return null.
+already_AddRefed<nsIX509Cert> nsCertTree::GetCertAtIndex(
+    int32_t index, int32_t* outAbsoluteCertOffset) {
+  RefPtr<nsCertTreeDispInfo> certdi(
+      GetDispInfoAtIndex(index, outAbsoluteCertOffset));
+  if (!certdi) return nullptr;
+
+  nsCOMPtr<nsIX509Cert> ret = certdi->mCert;
+  return ret.forget();
+}
+
+//  If the row at index is a cert, return that cert.  Otherwise, return null.
+already_AddRefed<nsCertTreeDispInfo> nsCertTree::GetDispInfoAtIndex(
+    int32_t index, int32_t* outAbsoluteCertOffset) {
+  int i, idx = 0, cIndex = 0, nc;
+  if (index < 0) return nullptr;
+  // Loop over the threads
+  for (i = 0; i < mNumOrgs; i++) {
+    if (index == idx) return nullptr;  // index is for thread
+    idx++;                             // get past the thread
+    nc = (mTreeArray[i].open) ? mTreeArray[i].numChildren : 0;
+    if (index < idx + nc) {  // cert is within range of this thread
+      int32_t certIndex = cIndex + index - idx;
+      if (outAbsoluteCertOffset) *outAbsoluteCertOffset = certIndex;
+      RefPtr<nsCertTreeDispInfo> certdi(
+          mDispInfo.SafeElementAt(certIndex, nullptr));
+      if (certdi) {
+        return certdi.forget();
+      }
+      break;
+    }
+    if (mTreeArray[i].open) idx += mTreeArray[i].numChildren;
+    cIndex += mTreeArray[i].numChildren;
+    if (idx > index) break;
+  }
+  return nullptr;
+}
+
+nsCertTree::nsCertCompareFunc nsCertTree::GetCompareFuncFromCertType(
+    uint32_t aType) {
+  switch (aType) {
+    case nsIX509Cert::ANY_CERT:
+    case nsIX509Cert::USER_CERT:
+      return CmpUserCert;
+    case nsIX509Cert::EMAIL_CERT:
+      return CmpEmailCert;
+    case nsIX509Cert::CA_CERT:
+    default:
+      return CmpCACert;
+  }
+}
+
+nsresult nsCertTree::GetCertsByTypeFromCertList(
+    const nsTArray<RefPtr<nsIX509Cert>>& aCertList, uint32_t aWantedType,
+    nsCertCompareFunc aCertCmpFn, void* aCertCmpFnArg) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetCertsByTypeFromCertList"));
+
+  nsTHashtable<nsCStringHashKey> allHostPortOverrideKeys;
+
+  if (aWantedType == nsIX509Cert::SERVER_CERT) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  int count = 0;
+  for (const auto& cert : aCertList) {
+    bool wantThisCert = (aWantedType == nsIX509Cert::ANY_CERT);
+
+    if (!wantThisCert) {
+      uint32_t thisCertType;
+      nsresult rv = cert->GetCertType(&thisCertType);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      if (thisCertType == aWantedType) {
+        wantThisCert = true;
+      }
+    }
+
+    if (wantThisCert) {
+      int InsertPosition = 0;
+      for (; InsertPosition < count; ++InsertPosition) {
+        nsCOMPtr<nsIX509Cert> otherCert = nullptr;
+        RefPtr<nsCertTreeDispInfo> elem(
+            mDispInfo.SafeElementAt(InsertPosition, nullptr));
+        if (elem) {
+          otherCert = elem->mCert;
+        }
+        if ((*aCertCmpFn)(aCertCmpFnArg, cert, otherCert) < 0) {
+          break;
+        }
+      }
+      nsCertTreeDispInfo* certdi = new nsCertTreeDispInfo(cert);
+      mDispInfo.InsertElementAt(InsertPosition, certdi);
+      ++count;
+      ++InsertPosition;
+    }
+  }
+
+  return NS_OK;
+}
+
+// LoadCerts
+//
+// Load all of the certificates in the DB for this type.  Sort them
+// by token, organization, then common name.
+NS_IMETHODIMP
+nsCertTree::LoadCertsFromCache(const nsTArray<RefPtr<nsIX509Cert>>& aCache,
+                               uint32_t aType) {
+  if (mTreeArray) {
+    FreeCertArray();
+    delete[] mTreeArray;
+    mTreeArray = nullptr;
+    mNumRows = 0;
+  }
+  ClearCompareHash();
+
+  nsresult rv = GetCertsByTypeFromCertList(
+      aCache, aType, GetCompareFuncFromCertType(aType), &mCompareCache);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return UpdateUIContents();
+}
+
+nsresult nsCertTree::UpdateUIContents() {
+  uint32_t count = mDispInfo.Length();
+  mNumOrgs = CountOrganizations();
+  mTreeArray = new treeArrayEl[mNumOrgs];
+
+  mCellText = nsArrayBase::Create();
+
+  if (count) {
+    uint32_t j = 0;
+    nsCOMPtr<nsIX509Cert> orgCert = mDispInfo.ElementAt(j)->mCert;
+    for (int32_t i = 0; i < mNumOrgs; i++) {
+      nsString& orgNameRef = mTreeArray[i].orgName;
+      if (!orgCert) {
+        GetPIPNSSBundleString("CertOrgUnknown", orgNameRef);
+      } else {
+        orgCert->GetIssuerOrganization(orgNameRef);
+        if (orgNameRef.IsEmpty()) orgCert->GetCommonName(orgNameRef);
+      }
+      mTreeArray[i].open = true;
+      mTreeArray[i].certIndex = j;
+      mTreeArray[i].numChildren = 1;
+      if (++j >= count) break;
+      nsCOMPtr<nsIX509Cert> nextCert =
+          mDispInfo.SafeElementAt(j, nullptr)->mCert;
+      while (0 == CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg,
+                        sort_None, sort_None)) {
+        mTreeArray[i].numChildren++;
+        if (++j >= count) break;
+        nextCert = mDispInfo.SafeElementAt(j, nullptr)->mCert;
+      }
+      orgCert = nextCert;
+    }
+  }
+  if (mTree) {
+    mTree->BeginUpdateBatch();
+    mTree->RowCountChanged(0, -mNumRows);
+  }
+  mNumRows = count + mNumOrgs;
+  if (mTree) mTree->EndUpdateBatch();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::DeleteEntryObject(uint32_t index) {
+  if (!mTreeArray) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509CertDB> certdb =
+      do_GetService("@mozilla.org/security/x509certdb;1");
+  if (!certdb) {
+    return NS_ERROR_FAILURE;
+  }
+
+  int i;
+  uint32_t idx = 0, cIndex = 0, nc;
+  // Loop over the threads
+  for (i = 0; i < mNumOrgs; i++) {
+    if (index == idx) return NS_OK;  // index is for thread
+    idx++;                           // get past the thread
+    nc = (mTreeArray[i].open) ? mTreeArray[i].numChildren : 0;
+    if (index < idx + nc) {  // cert is within range of this thread
+      int32_t certIndex = cIndex + index - idx;
+
+      RefPtr<nsCertTreeDispInfo> certdi(
+          mDispInfo.SafeElementAt(certIndex, nullptr));
+      if (certdi) {
+        nsCOMPtr<nsIX509Cert> cert = certdi->mCert;
+        RemoveCacheEntry(cert);
+        certdb->DeleteCertificate(cert);
+      }
+
+      mDispInfo.RemoveElementAt(certIndex);
+
+      delete[] mTreeArray;
+      mTreeArray = nullptr;
+      return UpdateUIContents();
+    }
+    if (mTreeArray[i].open) idx += mTreeArray[i].numChildren;
+    cIndex += mTreeArray[i].numChildren;
+    if (idx > index) break;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Begin nsITreeView methods
+//
+/////////////////////////////////////////////////////////////////////////////
+
+NS_IMETHODIMP
+nsCertTree::GetCert(uint32_t aIndex, nsIX509Cert** _cert) {
+  NS_ENSURE_ARG(_cert);
+  *_cert = GetCertAtIndex(aIndex).take();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetTreeItem(uint32_t aIndex, nsICertTreeItem** _treeitem) {
+  NS_ENSURE_ARG(_treeitem);
+
+  RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(aIndex));
+  if (!certdi) return NS_ERROR_FAILURE;
+
+  *_treeitem = certdi;
+  NS_IF_ADDREF(*_treeitem);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetRowCount(int32_t* aRowCount) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+  uint32_t count = 0;
+  for (int32_t i = 0; i < mNumOrgs; i++) {
+    if (mTreeArray[i].open) {
+      count += mTreeArray[i].numChildren;
+    }
+    count++;
+  }
+  *aRowCount = count;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetSelection(nsITreeSelection** aSelection) {
+  *aSelection = mSelection;
+  NS_IF_ADDREF(*aSelection);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::SetSelection(nsITreeSelection* aSelection) {
+  mSelection = aSelection;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetRowProperties(int32_t index, nsAString& aProps) { return NS_OK; }
+
+NS_IMETHODIMP
+nsCertTree::GetCellProperties(int32_t row, nsTreeColumn* col,
+                              nsAString& aProps) {
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetColumnProperties(nsTreeColumn* col, nsAString& aProps) {
+  return NS_OK;
+}
+NS_IMETHODIMP
+nsCertTree::IsContainer(int32_t index, bool* _retval) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl* el = GetThreadDescAtIndex(index);
+  if (el) {
+    *_retval = true;
+  } else {
+    *_retval = false;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::IsContainerOpen(int32_t index, bool* _retval) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl* el = GetThreadDescAtIndex(index);
+  if (el && el->open) {
+    *_retval = true;
+  } else {
+    *_retval = false;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::IsContainerEmpty(int32_t index, bool* _retval) {
+  *_retval = !mTreeArray;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::IsSeparator(int32_t index, bool* _retval) {
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetParentIndex(int32_t rowIndex, int32_t* _retval) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+  int i, idx = 0;
+  for (i = 0; i < mNumOrgs && idx < rowIndex; i++, idx++) {
+    if (mTreeArray[i].open) {
+      if (rowIndex <= idx + mTreeArray[i].numChildren) {
+        *_retval = idx;
+        return NS_OK;
+      }
+      idx += mTreeArray[i].numChildren;
+    }
+  }
+  *_retval = -1;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::HasNextSibling(int32_t rowIndex, int32_t afterIndex,
+                           bool* _retval) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+
+  int i, idx = 0;
+  for (i = 0; i < mNumOrgs && idx <= rowIndex; i++, idx++) {
+    if (mTreeArray[i].open) {
+      idx += mTreeArray[i].numChildren;
+      if (afterIndex <= idx) {
+        *_retval = afterIndex < idx;
+        return NS_OK;
+      }
+    }
+  }
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetLevel(int32_t index, int32_t* _retval) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl* el = GetThreadDescAtIndex(index);
+  if (el) {
+    *_retval = 0;
+  } else {
+    *_retval = 1;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetImageSrc(int32_t row, nsTreeColumn* col, nsAString& _retval) {
+  _retval.Truncate();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetCellValue(int32_t row, nsTreeColumn* col, nsAString& _retval) {
+  _retval.Truncate();
+  return NS_OK;
+}
+
+static void PRTimeToLocalDateString(PRTime time, nsAString& result) {
+  PRExplodedTime explodedTime;
+  PR_ExplodeTime(time, PR_LocalTimeParameters, &explodedTime);
+  intl::DateTimeFormat::StyleBag style;
+  style.date = Some(intl::DateTimeFormat::Style::Long);
+  style.time = Nothing();
+  Unused << intl::AppDateTimeFormat::Format(style, &explodedTime, result);
+}
+
+NS_IMETHODIMP
+nsCertTree::GetCellText(int32_t row, nsTreeColumn* col, nsAString& _retval) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+
+  nsresult rv = NS_OK;
+  _retval.Truncate();
+
+  const nsAString& colID = col->GetId();
+
+  treeArrayEl* el = GetThreadDescAtIndex(row);
+  if (el) {
+    if (u"certcol"_ns.Equals(colID))
+      _retval.Assign(el->orgName);
+    else
+      _retval.Truncate();
+    return NS_OK;
+  }
+
+  int32_t absoluteCertOffset;
+  RefPtr<nsCertTreeDispInfo> certdi(
+      GetDispInfoAtIndex(row, &absoluteCertOffset));
+  if (!certdi) return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIX509Cert> cert = certdi->mCert;
+
+  int32_t colIndex = col->Index();
+  uint32_t arrayIndex = absoluteCertOffset + colIndex * (mNumRows - mNumOrgs);
+  uint32_t arrayLength = 0;
+  if (mCellText) {
+    mCellText->GetLength(&arrayLength);
+  }
+  if (arrayIndex < arrayLength) {
+    nsCOMPtr<nsISupportsString> myString(
+        do_QueryElementAt(mCellText, arrayIndex));
+    if (myString) {
+      myString->GetData(_retval);
+      return NS_OK;
+    }
+  }
+
+  if (u"certcol"_ns.Equals(colID)) {
+    if (!cert) {
+      rv = GetPIPNSSBundleString("CertNotStored", _retval);
+    } else {
+      rv = cert->GetDisplayName(_retval);
+    }
+  } else if (u"tokencol"_ns.Equals(colID) && cert) {
+    rv = cert->GetTokenName(_retval);
+  } else if (u"emailcol"_ns.Equals(colID) && cert) {
+    rv = cert->GetEmailAddress(_retval);
+  } else if (u"issuedcol"_ns.Equals(colID) && cert) {
+    nsCOMPtr<nsIX509CertValidity> validity;
+
+    rv = cert->GetValidity(getter_AddRefs(validity));
+    if (NS_SUCCEEDED(rv)) {
+      PRTime notBefore;
+      rv = validity->GetNotBefore(&notBefore);
+      if (NS_SUCCEEDED(rv)) {
+        PRTimeToLocalDateString(notBefore, _retval);
+      }
+    }
+  } else if (u"expiredcol"_ns.Equals(colID) && cert) {
+    nsCOMPtr<nsIX509CertValidity> validity;
+
+    rv = cert->GetValidity(getter_AddRefs(validity));
+    if (NS_SUCCEEDED(rv)) {
+      PRTime notAfter;
+      rv = validity->GetNotAfter(&notAfter);
+      if (NS_SUCCEEDED(rv)) {
+        PRTimeToLocalDateString(notAfter, _retval);
+      }
+    }
+  } else if (u"serialnumcol"_ns.Equals(colID) && cert) {
+    rv = cert->GetSerialNumber(_retval);
+  } else {
+    return NS_ERROR_FAILURE;
+  }
+  if (mCellText) {
+    nsCOMPtr<nsISupportsString> text(
+        do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv));
+    NS_ENSURE_SUCCESS(rv, rv);
+    text->SetData(_retval);
+    mCellText->ReplaceElementAt(text, arrayIndex);
+  }
+  return rv;
+}
+
+NS_IMETHODIMP
+nsCertTree::SetTree(mozilla::dom::XULTreeElement* tree) {
+  mTree = tree;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::ToggleOpenState(int32_t index) {
+  if (!mTreeArray) return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl* el = GetThreadDescAtIndex(index);
+  if (el) {
+    el->open = !el->open;
+    int32_t newChildren = (el->open) ? el->numChildren : -el->numChildren;
+    if (mTree) {
+      mTree->RowCountChanged(index + 1, newChildren);
+      mTree->InvalidateRow(index);
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::CycleHeader(nsTreeColumn* col) { return NS_OK; }
+
+NS_IMETHODIMP
+nsCertTree::SelectionChangedXPCOM() { return NS_ERROR_NOT_IMPLEMENTED; }
+
+NS_IMETHODIMP
+nsCertTree::CycleCell(int32_t row, nsTreeColumn* col) { return NS_OK; }
+
+NS_IMETHODIMP
+nsCertTree::IsEditable(int32_t row, nsTreeColumn* col, bool* _retval) {
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::SetCellValue(int32_t row, nsTreeColumn* col,
+                         const nsAString& value) {
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::SetCellText(int32_t row, nsTreeColumn* col,
+                        const nsAString& value) {
+  return NS_OK;
+}
+
+//
+// CanDrop
+//
+NS_IMETHODIMP nsCertTree::CanDrop(int32_t index, int32_t orientation,
+                                  mozilla::dom::DataTransfer* aDataTransfer,
+                                  bool* _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+
+  return NS_OK;
+}
+
+//
+// Drop
+//
+NS_IMETHODIMP nsCertTree::Drop(int32_t row, int32_t orient,
+                               mozilla::dom::DataTransfer* aDataTransfer) {
+  return NS_OK;
+}
+
+//
+// IsSorted
+//
+// ...
+//
+NS_IMETHODIMP nsCertTree::IsSorted(bool* _retval) {
+  *_retval = false;
+  return NS_OK;
+}
+
+#define RETURN_NOTHING
+
+void nsCertTree::CmpInitCriterion(nsIX509Cert* cert,
+                                  CompareCacheHashEntry* entry,
+                                  sortCriterion crit, int32_t level) {
+  NS_ENSURE_TRUE(cert && entry, RETURN_NOTHING);
+
+  entry->mCritInit[level] = true;
+  nsString& str = entry->mCrit[level];
+
+  switch (crit) {
+    case sort_IssuerOrg:
+      cert->GetIssuerOrganization(str);
+      if (str.IsEmpty()) cert->GetCommonName(str);
+      break;
+    case sort_Org:
+      cert->GetOrganization(str);
+      break;
+    case sort_Token:
+      cert->GetTokenName(str);
+      break;
+    case sort_CommonName:
+      cert->GetCommonName(str);
+      break;
+    case sort_IssuedDateDescending: {
+      nsresult rv;
+      nsCOMPtr<nsIX509CertValidity> validity;
+      PRTime notBefore;
+
+      rv = cert->GetValidity(getter_AddRefs(validity));
+      if (NS_SUCCEEDED(rv)) {
+        rv = validity->GetNotBefore(&notBefore);
+      }
+
+      if (NS_SUCCEEDED(rv)) {
+        PRExplodedTime explodedTime;
+        PR_ExplodeTime(notBefore, PR_GMTParameters, &explodedTime);
+        char datebuf[20];  // 4 + 2 + 2 + 2 + 2 + 2 + 1 = 15
+        if (0 != PR_FormatTime(datebuf, sizeof(datebuf), "%Y%m%d%H%M%S",
+                               &explodedTime)) {
+          str = NS_ConvertASCIItoUTF16(nsDependentCString(datebuf));
+        }
+      }
+    } break;
+    case sort_Email:
+      cert->GetEmailAddress(str);
+      break;
+    case sort_None:
+    default:
+      break;
+  }
+}
+
+int32_t nsCertTree::CmpByCrit(nsIX509Cert* a, CompareCacheHashEntry* ace,
+                              nsIX509Cert* b, CompareCacheHashEntry* bce,
+                              sortCriterion crit, int32_t level) {
+  NS_ENSURE_TRUE(a && ace && b && bce, 0);
+
+  if (!ace->mCritInit[level]) {
+    CmpInitCriterion(a, ace, crit, level);
+  }
+
+  if (!bce->mCritInit[level]) {
+    CmpInitCriterion(b, bce, crit, level);
+  }
+
+  nsString& str_a = ace->mCrit[level];
+  nsString& str_b = bce->mCrit[level];
+
+  int32_t result;
+  if (!str_a.IsVoid() && !str_b.IsVoid())
+    result = Compare(str_a, str_b, nsCaseInsensitiveStringComparator);
+  else
+    result = str_a.IsVoid() ? (str_b.IsVoid() ? 0 : -1) : 1;
+
+  if (sort_IssuedDateDescending == crit) result *= -1;  // reverse compare order
+
+  return result;
+}
+
+int32_t nsCertTree::CmpBy(void* cache, nsIX509Cert* a, nsIX509Cert* b,
+                          sortCriterion c0, sortCriterion c1,
+                          sortCriterion c2) {
+  // This will be called when comparing items for display sorting.
+  // Some items might have no cert associated, so either a or b is null.
+  // We want all those orphans show at the top of the list,
+  // so we treat a null cert as "smaller" by returning -1.
+  // We don't try to sort within the group of no-cert entries,
+  // so we treat them as equal wrt sort order.
+
+  if (!a && !b) return 0;
+
+  if (!a) return -1;
+
+  if (!b) return 1;
+
+  NS_ENSURE_TRUE(cache && a && b, 0);
+
+  CompareCacheHashEntry* ace = getCacheEntry(cache, a);
+  CompareCacheHashEntry* bce = getCacheEntry(cache, b);
+
+  int32_t cmp;
+  cmp = CmpByCrit(a, ace, b, bce, c0, 0);
+  if (cmp != 0) return cmp;
+
+  if (c1 != sort_None) {
+    cmp = CmpByCrit(a, ace, b, bce, c1, 1);
+    if (cmp != 0) return cmp;
+
+    if (c2 != sort_None) {
+      return CmpByCrit(a, ace, b, bce, c2, 2);
+    }
+  }
+
+  return cmp;
+}
+
+int32_t nsCertTree::CmpCACert(void* cache, nsIX509Cert* a, nsIX509Cert* b) {
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Org, sort_Token);
+}
+
+int32_t nsCertTree::CmpUserCert(void* cache, nsIX509Cert* a, nsIX509Cert* b) {
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Token,
+               sort_IssuedDateDescending);
+}
+
+int32_t nsCertTree::CmpEmailCert(void* cache, nsIX509Cert* a, nsIX509Cert* b) {
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Email, sort_CommonName);
+}
diff --git a/security/manager/ssl/nsCertTree.h b/security/manager/ssl/nsCertTree.h
new file mode 100644
index 0000000000..d7fd86216c
--- /dev/null
+++ b/security/manager/ssl/nsCertTree.h
@@ -0,0 +1,131 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NS_CERTTREE_H_
+#define _NS_CERTTREE_H_
+
+#include "nsCOMPtr.h"
+#include "nsICertTree.h"
+#include "nsITreeSelection.h"
+#include "nsIMutableArray.h"
+#include "nsNSSComponent.h"
+#include "nsTArray.h"
+#include "PLDHashTable.h"
+#include "mozilla/Attributes.h"
+
+/* Disable the "base class XXX should be explicitly initialized
+   in the copy constructor" warning. */
+#if defined(__clang__)
+#  pragma clang diagnostic push
+#  pragma clang diagnostic ignored "-Wextra"
+#elif defined(__GNUC__)
+#  pragma GCC diagnostic push
+#  pragma GCC diagnostic ignored "-Wextra"
+#endif  // __clang__ || __GNUC__
+
+#include "mozilla/dom/XULTreeElement.h"
+
+#if defined(__clang__)
+#  pragma clang diagnostic pop
+#elif defined(__GNUC__)
+#  pragma GCC diagnostic pop
+#endif  // __clang__ || __GNUC__
+
+typedef struct treeArrayElStr treeArrayEl;
+
+struct CompareCacheHashEntry {
+  enum { max_criterions = 3 };
+  CompareCacheHashEntry();
+
+  void* key;  // no ownership
+  bool mCritInit[max_criterions];
+  nsString mCrit[max_criterions];
+};
+
+struct CompareCacheHashEntryPtr : PLDHashEntryHdr {
+  CompareCacheHashEntryPtr();
+  ~CompareCacheHashEntryPtr();
+  CompareCacheHashEntry* entry;
+};
+
+class nsCertTreeDispInfo : public nsICertTreeItem {
+ protected:
+  virtual ~nsCertTreeDispInfo();
+
+ public:
+  explicit nsCertTreeDispInfo(nsIX509Cert* aCert) : mCert(aCert) {}
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICERTTREEITEM
+
+  nsCOMPtr<nsIX509Cert> mCert;
+};
+
+class nsCertTree : public nsICertTree {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICERTTREE
+  NS_DECL_NSITREEVIEW
+
+  nsCertTree();
+
+  enum sortCriterion {
+    sort_IssuerOrg,
+    sort_Org,
+    sort_Token,
+    sort_CommonName,
+    sort_IssuedDateDescending,
+    sort_Email,
+    sort_None
+  };
+
+ protected:
+  virtual ~nsCertTree();
+
+  void ClearCompareHash();
+  void RemoveCacheEntry(void* key);
+
+  typedef int (*nsCertCompareFunc)(void*, nsIX509Cert* a, nsIX509Cert* b);
+
+  static CompareCacheHashEntry* getCacheEntry(void* cache, void* aCert);
+  static void CmpInitCriterion(nsIX509Cert* cert, CompareCacheHashEntry* entry,
+                               sortCriterion crit, int32_t level);
+  static int32_t CmpByCrit(nsIX509Cert* a, CompareCacheHashEntry* ace,
+                           nsIX509Cert* b, CompareCacheHashEntry* bce,
+                           sortCriterion crit, int32_t level);
+  static int32_t CmpBy(void* cache, nsIX509Cert* a, nsIX509Cert* b,
+                       sortCriterion c0, sortCriterion c1, sortCriterion c2);
+  static int32_t CmpCACert(void* cache, nsIX509Cert* a, nsIX509Cert* b);
+  static int32_t CmpUserCert(void* cache, nsIX509Cert* a, nsIX509Cert* b);
+  static int32_t CmpEmailCert(void* cache, nsIX509Cert* a, nsIX509Cert* b);
+  nsCertCompareFunc GetCompareFuncFromCertType(uint32_t aType);
+  int32_t CountOrganizations();
+
+ private:
+  static const uint32_t kInitialCacheLength = 64;
+
+  nsTArray<RefPtr<nsCertTreeDispInfo>> mDispInfo;
+  RefPtr<mozilla::dom::XULTreeElement> mTree;
+  nsCOMPtr<nsITreeSelection> mSelection;
+  treeArrayEl* mTreeArray;
+  int32_t mNumOrgs;
+  int32_t mNumRows;
+  PLDHashTable mCompareCache;
+
+  treeArrayEl* GetThreadDescAtIndex(int32_t _index);
+  already_AddRefed<nsIX509Cert> GetCertAtIndex(
+      int32_t _index, int32_t* outAbsoluteCertOffset = nullptr);
+  already_AddRefed<nsCertTreeDispInfo> GetDispInfoAtIndex(
+      int32_t index, int32_t* outAbsoluteCertOffset = nullptr);
+  void FreeCertArray();
+  nsresult UpdateUIContents();
+
+  nsresult GetCertsByTypeFromCertList(
+      const nsTArray<RefPtr<nsIX509Cert>>& aCertList, uint32_t aWantedType,
+      nsCertCompareFunc aCertCmpFn, void* aCertCmpFnArg);
+
+  nsCOMPtr<nsIMutableArray> mCellText;
+};
+
+#endif /* _NS_CERTTREE_H_ */
diff --git a/security/manager/ssl/nsClientAuthRemember.cpp b/security/manager/ssl/nsClientAuthRemember.cpp
new file mode 100644
index 0000000000..1c7422fc2f
--- /dev/null
+++ b/security/manager/ssl/nsClientAuthRemember.cpp
@@ -0,0 +1,363 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsClientAuthRemember.h"
+
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/DataStorage.h"
+#include "mozilla/RefPtr.h"
+#include "nsCRT.h"
+#include "nsINSSComponent.h"
+#include "nsPrintfCString.h"
+#include "nsNSSComponent.h"
+#include "nsIObserverService.h"
+#include "nsNetUtil.h"
+#include "nsPromiseFlatString.h"
+#include "nsThreadUtils.h"
+#include "nsStringBuffer.h"
+#include "cert.h"
+#include "nspr.h"
+#include "pk11pub.h"
+#include "certdb.h"
+#include "sechash.h"
+#include "SharedSSLState.h"
+
+#include "nsJSUtils.h"
+
+#ifdef XP_MACOSX
+#  include <CoreFoundation/CoreFoundation.h>
+#  include <Security/Security.h>
+#  include "KeychainSecret.h"  // for ScopedCFType
+#endif                         // XP_MACOSX
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsClientAuthRememberService, nsIClientAuthRememberService)
+NS_IMPL_ISUPPORTS(nsClientAuthRemember, nsIClientAuthRememberRecord)
+
+const nsCString nsClientAuthRemember::SentinelValue =
+    "no client certificate"_ns;
+
+NS_IMETHODIMP
+nsClientAuthRemember::GetAsciiHost(/*out*/ nsACString& aAsciiHost) {
+  aAsciiHost = mAsciiHost;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsClientAuthRemember::GetDbKey(/*out*/ nsACString& aDBKey) {
+  aDBKey = mDBKey;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsClientAuthRemember::GetEntryKey(/*out*/ nsACString& aEntryKey) {
+  aEntryKey.Assign(mAsciiHost);
+  aEntryKey.Append(',');
+  // This used to include the SHA-256 hash of the server certificate.
+  aEntryKey.Append(',');
+  aEntryKey.Append(mOriginAttributesSuffix);
+  return NS_OK;
+}
+
+nsresult nsClientAuthRememberService::Init() {
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsClientAuthRememberService::Init called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  mClientAuthRememberList =
+      mozilla::DataStorage::Get(DataStorageClass::ClientAuthRememberList);
+  nsresult rv = mClientAuthRememberList->Init();
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::ForgetRememberedDecision(const nsACString& key) {
+  mClientAuthRememberList->Remove(PromiseFlatCString(key),
+                                  mozilla::DataStorage_Persistent);
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(NS_NSSCOMPONENT_CID));
+  if (!nssComponent) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  return nssComponent->ClearSSLExternalAndInternalSessionCache();
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::GetDecisions(
+    nsTArray<RefPtr<nsIClientAuthRememberRecord>>& results) {
+  nsTArray<DataStorageItem> decisions;
+  mClientAuthRememberList->GetAll(&decisions);
+
+  for (const DataStorageItem& decision : decisions) {
+    if (decision.type == DataStorageType::DataStorage_Persistent) {
+      RefPtr<nsIClientAuthRememberRecord> tmp =
+          new nsClientAuthRemember(decision.key, decision.value);
+
+      results.AppendElement(tmp);
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::ClearRememberedDecisions() {
+  mClientAuthRememberList->Clear();
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(NS_NSSCOMPONENT_CID));
+  if (!nssComponent) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  return nssComponent->ClearSSLExternalAndInternalSessionCache();
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::DeleteDecisionsByHost(
+    const nsACString& aHostName, JS::Handle<JS::Value> aOriginAttributes,
+    JSContext* aCx) {
+  OriginAttributes attrs;
+  if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  DataStorageType storageType = GetDataStorageType(attrs);
+
+  nsTArray<DataStorageItem> decisions;
+  mClientAuthRememberList->GetAll(&decisions);
+
+  for (const DataStorageItem& decision : decisions) {
+    if (decision.type == storageType) {
+      RefPtr<nsIClientAuthRememberRecord> tmp =
+          new nsClientAuthRemember(decision.key, decision.value);
+      nsAutoCString asciiHost;
+      tmp->GetAsciiHost(asciiHost);
+      if (asciiHost.Equals(aHostName)) {
+        mClientAuthRememberList->Remove(decision.key, decision.type);
+      }
+    }
+  }
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(NS_NSSCOMPONENT_CID));
+  if (!nssComponent) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  return nssComponent->ClearSSLExternalAndInternalSessionCache();
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::RememberDecisionScriptable(
+    const nsACString& aHostName, JS::Handle<JS::Value> aOriginAttributes,
+    nsIX509Cert* aClientCert, JSContext* aCx) {
+  OriginAttributes attrs;
+  if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  return RememberDecision(aHostName, attrs, aClientCert);
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::RememberDecision(
+    const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
+    nsIX509Cert* aClientCert) {
+  if (aHostName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  // aClientCert == nullptr means: remember that user does not want to use a
+  // cert
+  if (aClientCert) {
+    nsAutoCString dbkey;
+    nsresult rv = aClientCert->GetDbKey(dbkey);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    return AddEntryToList(aHostName, aOriginAttributes, dbkey);
+  }
+  return AddEntryToList(aHostName, aOriginAttributes,
+                        nsClientAuthRemember::SentinelValue);
+}
+
+#ifdef XP_MACOSX
+// On macOS, users can add "identity preference" items in the keychain. These
+// can be added via the Keychain Access tool. These specify mappings from
+// URLs/wildcards like "*.mozilla.org" to specific client certificates. This
+// function retrieves the preferred client certificate for a hostname by
+// querying a system API that checks for these identity preferences.
+nsresult CheckForPreferredCertificate(const nsACString& aHostName,
+                                      nsACString& aCertDBKey) {
+  aCertDBKey.Truncate();
+  // SecIdentityCopyPreferred seems to expect a proper URI which it can use
+  // for prefix and wildcard matches.
+  // We don't have the full URL but we can turn the hostname into a URI with
+  // an authority section, so that it matches against macOS identity preferences
+  // like `*.foo.com`. If we know that this connection is always going to be
+  // https, then we should put that in the URI as well, so that it matches
+  // identity preferences like `https://foo.com/` as well. If we can plumb
+  // the path or the full URL into this function we could also match identity
+  // preferences like `https://foo.com/bar/` but for now we cannot.
+  nsPrintfCString fakeUrl("//%s/", PromiseFlatCString(aHostName).get());
+  ScopedCFType<CFStringRef> host(::CFStringCreateWithCString(
+      kCFAllocatorDefault, fakeUrl.get(), kCFStringEncodingUTF8));
+  if (!host) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  ScopedCFType<SecIdentityRef> identity(
+      ::SecIdentityCopyPreferred(host.get(), NULL, NULL));
+  if (!identity) {
+    // No preferred identity for this hostname, leave aCertDBKey empty and
+    // return
+    return NS_OK;
+  }
+  SecCertificateRef certRefRaw = NULL;
+  OSStatus copyResult =
+      ::SecIdentityCopyCertificate(identity.get(), &certRefRaw);
+  ScopedCFType<SecCertificateRef> certRef(certRefRaw);
+  if (copyResult != errSecSuccess || certRef.get() == NULL) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  ScopedCFType<CFDataRef> der(::SecCertificateCopyData(certRef.get()));
+  if (!der) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  nsTArray<uint8_t> derArray(::CFDataGetBytePtr(der.get()),
+                             ::CFDataGetLength(der.get()));
+  nsCOMPtr<nsIX509Cert> cert(new nsNSSCertificate(std::move(derArray)));
+  return cert->GetDbKey(aCertDBKey);
+}
+#endif
+
+void nsClientAuthRememberService::Migrate() {
+  MOZ_ASSERT(NS_IsMainThread());
+  static bool migrated = false;
+  if (migrated) {
+    return;
+  }
+  nsTArray<DataStorageItem> decisions;
+  mClientAuthRememberList->GetAll(&decisions);
+  for (const auto& decision : decisions) {
+    if (decision.type != DataStorage_Persistent) {
+      continue;
+    }
+    RefPtr<nsClientAuthRemember> entry(
+        new nsClientAuthRemember(decision.key, decision.value));
+    nsAutoCString newKey;
+    if (NS_FAILED(entry->GetEntryKey(newKey))) {
+      continue;
+    }
+    if (newKey != decision.key) {
+      mClientAuthRememberList->Remove(decision.key, DataStorage_Persistent);
+      (void)mClientAuthRememberList->Put(newKey, decision.value,
+                                         DataStorage_Persistent);
+    }
+  }
+  migrated = true;
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::HasRememberedDecision(
+    const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
+    nsACString& aCertDBKey, bool* aRetVal) {
+  NS_ENSURE_ARG_POINTER(aRetVal);
+  if (aHostName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  *aRetVal = false;
+  aCertDBKey.Truncate();
+
+  Migrate();
+
+  nsAutoCString entryKey;
+  RefPtr<nsClientAuthRemember> entry(
+      new nsClientAuthRemember(aHostName, aOriginAttributes));
+  nsresult rv = entry->GetEntryKey(entryKey);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  DataStorageType storageType = GetDataStorageType(aOriginAttributes);
+
+  nsCString listEntry = mClientAuthRememberList->Get(entryKey, storageType);
+  if (!listEntry.IsEmpty()) {
+    if (!listEntry.Equals(nsClientAuthRemember::SentinelValue)) {
+      aCertDBKey = listEntry;
+    }
+    *aRetVal = true;
+    return NS_OK;
+  }
+
+#ifdef XP_MACOSX
+  rv = CheckForPreferredCertificate(aHostName, aCertDBKey);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!aCertDBKey.IsEmpty()) {
+    *aRetVal = true;
+    return NS_OK;
+  }
+#endif
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::HasRememberedDecisionScriptable(
+    const nsACString& aHostName, JS::Handle<JS::Value> aOriginAttributes,
+    nsACString& aCertDBKey, JSContext* aCx, bool* aRetVal) {
+  OriginAttributes attrs;
+  if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  return HasRememberedDecision(aHostName, attrs, aCertDBKey, aRetVal);
+}
+
+nsresult nsClientAuthRememberService::AddEntryToList(
+    const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
+    const nsACString& aDBKey) {
+  nsAutoCString entryKey;
+  RefPtr<nsClientAuthRemember> entry(
+      new nsClientAuthRemember(aHostName, aOriginAttributes));
+  nsresult rv = entry->GetEntryKey(entryKey);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  DataStorageType storageType = GetDataStorageType(aOriginAttributes);
+
+  nsCString tmpDbKey(aDBKey);
+  rv = mClientAuthRememberList->Put(entryKey, tmpDbKey, storageType);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+bool nsClientAuthRememberService::IsPrivateBrowsingKey(
+    const nsCString& entryKey) {
+  const int32_t separator = entryKey.Find(":");
+  nsCString suffix;
+  if (separator >= 0) {
+    entryKey.Left(suffix, separator);
+  } else {
+    suffix = entryKey;
+  }
+  return OriginAttributes::IsPrivateBrowsing(suffix);
+}
+
+DataStorageType nsClientAuthRememberService::GetDataStorageType(
+    const OriginAttributes& aOriginAttributes) {
+  if (aOriginAttributes.mPrivateBrowsingId > 0) {
+    return DataStorage_Private;
+  }
+  return DataStorage_Persistent;
+}
diff --git a/security/manager/ssl/nsClientAuthRemember.h b/security/manager/ssl/nsClientAuthRemember.h
new file mode 100644
index 0000000000..b63c63ec57
--- /dev/null
+++ b/security/manager/ssl/nsClientAuthRemember.h
@@ -0,0 +1,98 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __NSCLIENTAUTHREMEMBER_H__
+#define __NSCLIENTAUTHREMEMBER_H__
+
+#include <utility>
+
+#include "mozilla/Attributes.h"
+#include "mozilla/DataStorage.h"
+#include "mozilla/HashFunctions.h"
+#include "mozilla/ReentrantMonitor.h"
+#include "nsIClientAuthRememberService.h"
+#include "nsIObserver.h"
+#include "nsNSSCertificate.h"
+#include "nsString.h"
+#include "nsTHashtable.h"
+#include "nsWeakReference.h"
+
+namespace mozilla {
+class OriginAttributes;
+}
+
+using mozilla::OriginAttributes;
+
+class nsClientAuthRemember final : public nsIClientAuthRememberRecord {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICLIENTAUTHREMEMBERRECORD
+
+  nsClientAuthRemember(const nsACString& aHostName,
+                       const OriginAttributes& aOriginAttributes) {
+    mAsciiHost.Assign(aHostName);
+    aOriginAttributes.CreateSuffix(mOriginAttributesSuffix);
+  }
+
+  nsClientAuthRemember(const nsCString& aEntryKey, const nsCString& aDBKey) {
+    if (!aDBKey.Equals(nsClientAuthRemember::SentinelValue)) {
+      mDBKey = aDBKey;
+    }
+
+    size_t field_index = 0;
+    for (const auto& field : aEntryKey.Split(',')) {
+      switch (field_index) {
+        case 0:
+          mAsciiHost.Assign(field);
+          break;
+        case 1:
+          break;
+        case 2:
+          mOriginAttributesSuffix.Assign(field);
+          break;
+        default:
+          break;
+      }
+      field_index++;
+    }
+  }
+
+  nsCString mAsciiHost;
+  nsCString mOriginAttributesSuffix;
+  nsCString mDBKey;
+  static const nsCString SentinelValue;
+
+ protected:
+  ~nsClientAuthRemember() = default;
+};
+
+class nsClientAuthRememberService final : public nsIClientAuthRememberService {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICLIENTAUTHREMEMBERSERVICE
+
+  nsClientAuthRememberService() = default;
+
+  nsresult Init();
+
+  static bool IsPrivateBrowsingKey(const nsCString& entryKey);
+
+ protected:
+  ~nsClientAuthRememberService() = default;
+
+  static mozilla::DataStorageType GetDataStorageType(
+      const OriginAttributes& aOriginAttributes);
+
+  RefPtr<mozilla::DataStorage> mClientAuthRememberList;
+
+  nsresult AddEntryToList(const nsACString& aHost,
+                          const OriginAttributes& aOriginAttributes,
+                          const nsACString& aDBKey);
+
+  void Migrate();
+};
+
+#endif
diff --git a/security/manager/ssl/nsICertOverrideService.idl b/security/manager/ssl/nsICertOverrideService.idl
new file mode 100644
index 0000000000..6dfd07d6b6
--- /dev/null
+++ b/security/manager/ssl/nsICertOverrideService.idl
@@ -0,0 +1,143 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509Cert;
+
+[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+
+%{C++
+#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
+
+namespace mozilla {
+class OriginAttributes;
+}
+%}
+
+[scriptable, builtinclass, uuid(ed735e24-fa55-4163-906d-17fb78851fe1)]
+interface nsICertOverride : nsISupports {
+
+  /**
+  *   The hostname of the server the override is used for.
+  */
+  readonly attribute ACString asciiHost;
+
+  /**
+  *   The port of the server the override is used for.
+  */
+  readonly attribute int32_t port;
+
+  /**
+  *   A combination of hostname and port in the form host:port.
+  *   Since the port can be -1 which is equivalent to port 433 we use an
+  *   existing function of nsCertOverrideService to create this property.
+  */
+  readonly attribute ACString hostPort;
+
+  /**
+  *   The fingerprint for the associated certificate.
+  */
+  readonly attribute ACString fingerprint;
+
+  /**
+  *   The origin attributes associated with this override.
+  */
+  [implicit_jscontext]
+  readonly attribute jsval originAttributes;
+};
+
+[scriptable, builtinclass, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
+interface nsICertOverrideService : nsISupports {
+  /**
+   * When making a TLS connection to the given hostname and port (in the
+   * context of the given origin attributes), if the certificate verifier
+   * encounters an overridable error when verifying the given certificate, the
+   * connection will continue (provided overrides are allowed for that host).
+   *
+   * @param aHostName The host (punycode) this mapping belongs to
+   * @param aPort The port this mapping belongs to. If it is -1 then it
+   *              is internaly treated as 443.
+   * @param aOriginAttributes the origin attributes of the mapping
+   * @param aCert The certificate used by the server
+   * @param aTemporary Whether or not to only store the mapping for the session
+   */
+  [binaryname(RememberValidityOverride), noscript, must_use]
+  void rememberValidityOverrideNative(in AUTF8String aHostName,
+                                in int32_t aPort,
+                                in const_OriginAttributesRef aOriginAttributes,
+                                in nsIX509Cert aCert,
+                                in boolean aTemporary);
+  [binaryname(RememberValidityOverrideScriptable), implicit_jscontext, must_use]
+  void rememberValidityOverride(in AUTF8String aHostName,
+                                in int32_t aPort,
+                                in jsval aOriginAttributes,
+                                in nsIX509Cert aCert,
+                                in boolean aTemporary);
+
+  /**
+   *  Return whether this host, port, cert triple has a stored override.
+   *  If so, the outparams will contain the specific errors that were
+   *  overridden, and whether the override is permanent, or only for the current
+   *  session.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPort The port this mapping belongs to, if it is -1 then it
+   *         is internally treated as 443
+   *  @param aCert The certificate this mapping belongs to
+   *  @param aIsTemporary Whether the stored override is session-only,
+   *         or permanent
+   *  @return Whether an override has been stored for this host+port+cert
+   */
+  [binaryname(HasMatchingOverride), noscript, must_use]
+  boolean hasMatchingOverrideNative(in AUTF8String aHostName,
+                              in int32_t aPort,
+                              in const_OriginAttributesRef aOriginAttributes,
+                              in nsIX509Cert aCert,
+                              out boolean aIsTemporary);
+  [binaryname(HasMatchingOverrideScriptable), implicit_jscontext, must_use]
+  boolean hasMatchingOverride(in AUTF8String aHostName,
+                              in int32_t aPort,
+                              in jsval aOriginAttributes,
+                              in nsIX509Cert aCert,
+                              out boolean aIsTemporary);
+
+  /**
+   *  Remove a override for the given hostname:port.
+   *
+   *  @param aHostName The host (punycode) whose entry should be cleared.
+   *  @param aPort The port whose entry should be cleared.
+   *               If it is -1, then it is internaly treated as 443.
+   *               If it is 0 and aHostName is "all:temporary-certificates",
+   *               then all temporary certificates should be cleared.
+   */
+  [binaryname(ClearValidityOverride), noscript]
+  void clearValidityOverrideNative(in AUTF8String aHostName,
+                             in int32_t aPort,
+                             in const_OriginAttributesRef aOriginAttributes);
+  [binaryname(ClearValidityOverrideScriptable), implicit_jscontext]
+  void clearValidityOverride(in AUTF8String aHostName,
+                             in int32_t aPort,
+                             in jsval aOriginAttributes);
+
+  /**
+   *  Remove all overrides.
+   */
+  void clearAllOverrides();
+
+  Array<nsICertOverride> getOverrides();
+
+  /**
+   *  NOTE: This function is used only for testing!
+   *
+   *  @param aDisable If true, disable all security check and make
+   *                  hasMatchingOverride always return true.
+   */
+  void setDisableAllSecurityChecksAndLetAttackersInterceptMyData(in boolean aDisable);
+
+  readonly attribute boolean securityCheckDisabled;
+};
diff --git a/security/manager/ssl/nsICertStorage.idl b/security/manager/ssl/nsICertStorage.idl
new file mode 100644
index 0000000000..3379aaafe7
--- /dev/null
+++ b/security/manager/ssl/nsICertStorage.idl
@@ -0,0 +1,265 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIVariant.idl"
+
+%{C++
+#define NS_CERTSTORAGE_CONTRACTID "@mozilla.org/security/certstorage;1"
+%}
+
+/**
+ * Callback type used to notify callers that an operation performed by
+ * nsICertStorage has completed. Indicates the result of the requested
+ * operation, as well as any data returned by the operation.
+ */
+[scriptable, function, uuid(3f8fe26a-a436-4ad4-9c1c-a53c60973c31)]
+interface nsICertStorageCallback : nsISupports {
+  [must_use]
+  void done(in nsresult rv, in nsIVariant result);
+};
+
+/**
+ * A base interface for representing the revocation state of a certificate.
+ * Implementing this interface by itself is insufficient; your type must
+ * implement an inheriting interface that specifies the certificate by issuer
+ * and serial number or by subject and public key hash.
+ * Set state to nsICertStorage.STATE_UNSET to mark the certificate as not revoked.
+ * Set state to nsICertStorage.STATE_ENFORCE to mark the certificate as revoked.
+ */
+[scriptable, uuid(96db6fd7-6b64-4a5a-955d-310bd9ca4234)]
+interface nsIRevocationState : nsISupports {
+  readonly attribute short state;
+};
+
+/**
+ * An interface representing the revocation state of a certificate by issuer
+ * and serial number. Both issuer name and serial number are base64-encoded.
+ */
+[scriptable, uuid(23ce3546-f1b9-46f6-8de3-77704da5702f)]
+interface nsIIssuerAndSerialRevocationState : nsIRevocationState {
+    readonly attribute ACString issuer;
+    readonly attribute ACString serial;
+};
+
+/**
+ * An interface representing the revocation state of a certificate by subject
+ * and pub key hash (the hash algorithm should be SHA-256). Both subject name
+ * and public key hash are base64-encoded.
+ */
+[scriptable, uuid(e78b51b4-6fa4-41e2-92ce-e9404f541e96)]
+interface nsISubjectAndPubKeyRevocationState : nsIRevocationState {
+    readonly attribute ACString subject;
+    readonly attribute ACString pubKey;
+};
+
+/**
+ * An interface representing a set of certificates that are covered by a CRLite
+ * filter. The set is represented by a certificate transparency log ID and a
+ * pair of timestamps. The timestamps are such that the CRLite aggregator has
+ * seen every certificate from the specified log with an SCT between the two
+ * timestamps.
+ * b64LogID is a base 64-encoded RFC 6962 LogID.
+ * minTimestamp is the smallest timestamp that the CRLite filter covers.
+ * maxTimestamp is the largest timestamp that the CRLite filter covers.
+ */
+[scriptable, uuid(416453f7-29bd-4820-a039-9c2e055d3715)]
+interface nsICRLiteCoverage : nsISupports {
+    readonly attribute ACString b64LogID;
+    readonly attribute unsigned long long minTimestamp;
+    readonly attribute unsigned long long maxTimestamp;
+};
+
+/**
+ * An interface representing the id and timestamp fields from an RFC 6962
+ * SignedCertificateTimestamp struct.
+ * logID is the id field.
+ * timestamp is the timestamp field.
+ */
+[uuid(9676cfc4-6e84-11ec-a30d-d3cd0af86e01)]
+interface nsICRLiteTimestamp: nsISupports {
+    readonly attribute Array<octet> logID;
+    readonly attribute unsigned long long timestamp;
+};
+
+/**
+ * An interface representing a certificate to add to storage. Consists of the
+ * base64-encoded DER bytes of the certificate (cert), the base64-encoded DER
+ * bytes of the subject distinguished name of the certificate (subject), and the
+ * trust of the certificate (one of the nsICertStorage.TRUST_* constants).
+ * (Note that this implementation does not validate that the given subject DN
+ * actually matches the subject DN of the certificate, nor that the given cert
+ * is a valid DER X.509 certificate.)
+ */
+[scriptable, uuid(27b66f5e-0faf-403b-95b4-bc11691ac50d)]
+interface nsICertInfo : nsISupports {
+  readonly attribute ACString cert;
+  readonly attribute ACString subject;
+  readonly attribute short trust;
+};
+
+[scriptable, uuid(327100a7-3401-45ef-b160-bf880f1016fd)]
+interface nsICertStorage : nsISupports {
+  const octet DATA_TYPE_REVOCATION = 1;
+  const octet DATA_TYPE_CERTIFICATE = 2;
+  const octet DATA_TYPE_CRLITE = 3;
+  const octet DATA_TYPE_CRLITE_FILTER_FULL = 4;
+  const octet DATA_TYPE_CRLITE_FILTER_INCREMENTAL = 5;
+
+  /**
+   * Asynchronously check if the backing storage has stored data of the given
+   * type in the past. This is useful if the backing storage may have had to
+   * have been deleted and recreated (as in bug 1546361 when we discovered that
+   * moving from a 32-bit binary to a 64-bit binary caused the DB to become
+   * unreadable, thus necessitating its deletion and recreation).
+   */
+  [must_use]
+  void hasPriorData(in octet type, in nsICertStorageCallback callback);
+
+  const short STATE_UNSET = 0;
+  const short STATE_ENFORCE = 1;
+  const short STATE_NOT_ENROLLED = 2;
+  const short STATE_NOT_COVERED = 3;
+  const short STATE_NO_FILTER = 4;
+
+  /**
+   * Asynchronously set the revocation states of a set of certificates.
+   * The given callback is called with the result of the operation when it
+   * completes.
+   * Must only be called from the main thread.
+   */
+  [must_use]
+  void setRevocations(in Array<nsIRevocationState> revocations,
+                      in nsICertStorageCallback callback);
+
+  /**
+   * Get the revocation state of a certificate. STATE_UNSET indicates the
+   * certificate is not revoked. STATE_ENFORCE indicates the certificate is
+   * revoked.
+   * issuer - issuer name, DER encoded
+   * serial - serial number, DER encoded
+   * subject - subject name, DER encoded
+   * pubkey - public key, DER encoded
+   * In gecko, must not be called from the main thread. See bug 1541212.
+   * xpcshell tests may call this from the main thread.
+   */
+  [must_use]
+  short getRevocationState(in Array<octet> issuer,
+                           in Array<octet> serial,
+                           in Array<octet> subject,
+                           in Array<octet> pubkey);
+
+  /**
+   * Given the contents of a new CRLite filter, a list containing
+   * `base64(sha256(subject DN || subject SPKI))` for each enrolled issuer, and
+   * the filter's timestamp coverage, replaces any existing filter with the new
+   * one. Also clears any previously-set incremental revocation updates
+   * ("stashes").
+   */
+  [must_use]
+  void setFullCRLiteFilter(in Array<octet> filter,
+                           in Array<ACString> enrolledIssuers,
+                           in Array<nsICRLiteCoverage> coverage,
+                           in nsICertStorageCallback callback);
+
+  /**
+   * Given the DER-encoded issuer distinguished name, DER-encoded issuer subject public key info,
+   * the bytes of the value of the serial number (so, not including the DER tag and length) of a
+   * certificate, and the timestamps from that certificate's embedded SCTs, returns the result of
+   * looking up the corresponding entry in the currently-saved CRLite filter (if any).
+   * Returns
+   *    - STATE_ENFORCE if the lookup indicates the certificate is revoked via CRLite,
+   *    - STATE_UNSET if the lookup indicates the certificate is not revoked via CRLite,
+   *    - STATE_NOT_ENROLLED if the issuer is not enrolled in CRLite, or
+   *    - STATE_NOT_COVERED if the issuer is enrolled but the provided timestamps indicate
+   *      that the serial number is not covered by the current CRLite filter.
+   *    - STATE_NO_FILTER if there is no (usable) CRLite filter.
+   * No lookup is performed in the STATE_NOT_ENROLLED and STATE_NOT_COVERED cases.
+   */
+  [must_use]
+  short getCRLiteRevocationState(in Array<octet> issuer,
+                                 in Array<octet> issuerSPKI,
+                                 in Array<octet> serialNumber,
+                                 in Array<nsICRLiteTimestamp> timestamps);
+
+  /**
+   * Given the contents of a CRLite incremental revocation update ("stash"), adds the revocation
+   * information to the current set of stashed revocations. The basic unit of the stash file is an
+   * issuer subject public key info hash (sha-256) followed by a number of serial numbers
+   * corresponding to revoked certificates issued by that issuer. More specifically, each unit
+   * consists of:
+   *   4 bytes little-endian: the number of serial numbers following the issuer spki hash
+   *   1 byte: the length of the issuer spki hash
+   *   issuer spki hash length bytes: the issuer spki hash
+   *   as many times as the indicated serial numbers:
+   *     1 byte: the length of the serial number
+   *     serial number length bytes: the serial number
+   * The stash file consists of any number of these units concatenated together.
+   */
+  [must_use]
+  void addCRLiteStash(in Array<octet> stash, in nsICertStorageCallback callback);
+
+  /**
+   * Given a DER-encoded issuer subject public key info and the bytes of the value of the serial
+   * number (so, not including the DER tag and length), determines if the certificate identified by
+   * this issuer SPKI and serial number is revoked according to the current set of stashed CRLite
+   * revocation information.
+   */
+  [must_use]
+  bool isCertRevokedByStash(in Array<octet> issuerSPKI, in Array<octet> serialNumber);
+
+  /**
+   * Trust flags to use when adding a adding a certificate.
+   * TRUST_INHERIT indicates a certificate inherits trust from another
+   * certificate.
+   * TRUST_ANCHOR indicates the certificate is a root of trust.
+   */
+  const short TRUST_INHERIT = 0;
+  const short TRUST_ANCHOR = 1;
+
+  /**
+   * Asynchronously add a list of certificates to the backing storage.
+   * See the documentation for nsICertInfo.
+   * The given callback is called with the result of the operation when it
+   * completes.
+   * Must only be called from the main thread.
+   */
+  [must_use]
+  void addCerts(in Array<nsICertInfo> certs, in nsICertStorageCallback callback);
+
+  /**
+   * Asynchronously remove the certificates with the given sha-256 hashes from
+   * the backing storage.
+   * hashes is an array of base64-encoded bytes of the sha-256 hashes of each
+   * certificate's bytes (DER-encoded).
+   * The given callback is called with the result of the operation when it
+   * completes.
+   * Must only be called from the main thread.
+   */
+  [must_use]
+  void removeCertsByHashes(in Array<ACString> hashes,
+                           in nsICertStorageCallback callback);
+
+  /**
+   * Find all certificates in the backing storage with the given subject
+   * distinguished name.
+   * subject is the DER-encoded bytes of the subject distinguished name.
+   * Returns an array of arrays of bytes, where each inner array corresponds to
+   * the DER-encoded bytes of a certificate that has the given subject (although
+   * as these certificates were presumably added via addCertBySubject, this
+   * aspect is never actually valided by nsICertStorage).
+   * Must not be called from the main thread. See bug 1541212.
+   */
+  [must_use]
+  Array<Array<octet> > findCertsBySubject(in Array<octet> subject);
+
+  /**
+   * Get the count of remaining async operations. Called to ensure we don't skip
+   * or interrupt any operations during fast shutdown.
+   * Must only be called from the main thread.
+   */
+  [must_use]
+  int32_t GetRemainingOperationCount();
+};
diff --git a/security/manager/ssl/nsICertTree.idl b/security/manager/ssl/nsICertTree.idl
new file mode 100644
index 0000000000..8b506882c3
--- /dev/null
+++ b/security/manager/ssl/nsICertTree.idl
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsITreeView.idl"
+
+interface nsIX509Cert;
+
+[scriptable, uuid(d0180863-606e-49e6-8324-cf45ed4dd891)]
+interface nsICertTreeItem : nsISupports {
+  [must_use]
+  readonly attribute nsIX509Cert cert;
+};
+
+[scriptable, uuid(55d5ad6b-5572-47fe-941c-f01fe723659e)]
+interface nsICertTree : nsITreeView {
+  [must_use]
+  void loadCertsFromCache(in Array<nsIX509Cert> cache, in unsigned long type);
+
+  [must_use]
+  nsIX509Cert getCert(in unsigned long index);
+  [must_use]
+  nsICertTreeItem getTreeItem(in unsigned long index);
+
+  [must_use]
+  void deleteEntryObject(in unsigned long index);
+};
+
+%{C++
+
+#define NS_CERTTREE_CID { 0x4ea60761, 0x31d6, 0x491d, \
+                         { 0x9e, 0x34, 0x4b, 0x53, 0xa2, 0x6c, 0x41, 0x6c } }
+
+#define NS_CERTTREE_CONTRACTID "@mozilla.org/security/nsCertTree;1"
+
+%}
diff --git a/security/manager/ssl/nsICertificateDialogs.idl b/security/manager/ssl/nsICertificateDialogs.idl
new file mode 100644
index 0000000000..7df24d94e0
--- /dev/null
+++ b/security/manager/ssl/nsICertificateDialogs.idl
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIX509Cert;
+
+/**
+ * Functions that implement user interface dialogs to manage certificates.
+ */
+[scriptable, uuid(da871dab-f69e-4173-ab26-99fcd47b0e85)]
+interface nsICertificateDialogs : nsISupports
+{
+  /**
+   *  UI shown when a user is asked to download a new CA cert.
+   *  Provides user with ability to choose trust settings for the cert.
+   *  Asks the user to grant permission to import the certificate.
+   *
+   *  @param ctx A user interface context.
+   *  @param cert The certificate that is about to get installed.
+   *  @param trust A bit mask of trust flags.
+   *               See nsIX509CertDB for possible values.
+   *
+   *  @return true if the user allows to import the certificate.
+   */
+  [must_use]
+  boolean confirmDownloadCACert(in nsIInterfaceRequestor ctx,
+                                in nsIX509Cert cert,
+                                out unsigned long trust);
+
+  /**
+   *  UI shown when a user's personal certificate is going to be
+   *  exported to a backup file.
+   *  The implementation of this dialog should make sure to prompt the user to
+   *  type the password twice in order to confirm correct input.
+   *  The wording in the dialog should also motivate the user to enter a strong
+   *  password.
+   *
+   *  @param ctx A user interface context.
+   *  @param password The password provided by the user.
+   *
+   *  @return false if the user requests to cancel.
+   */
+  [must_use]
+  boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx,
+                                out AString password);
+
+  /**
+   *  UI shown when a user is about to restore a personal
+   *  certificate from a backup file.
+   *  The user is requested to enter the password
+   *  that was used in the past to protect that backup file.
+   *
+   *  @param ctx A user interface context.
+   *  @param password The password provided by the user.
+   *
+   *  @return false if the user requests to cancel.
+   */
+  [must_use]
+  boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx,
+                                out AString password);
+};
+
+%{C++
+#define NS_CERTIFICATEDIALOGS_CONTRACTID "@mozilla.org/nsCertificateDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIClientAuthDialogs.idl b/security/manager/ssl/nsIClientAuthDialogs.idl
new file mode 100644
index 0000000000..e618ad0b73
--- /dev/null
+++ b/security/manager/ssl/nsIClientAuthDialogs.idl
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIInterfaceRequestor;
+
+/**
+ * Provides UI for SSL client-auth dialogs.
+ */
+[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)]
+interface nsIClientAuthDialogs : nsISupports
+{
+  /**
+   * Called when a user is asked to choose a certificate for client auth.
+   *
+   * @param hostname Hostname of the server.
+   * @param port Port of the server.
+   * @param organization Organization field of the server cert.
+   * @param issuerOrg Organization field of the issuer cert of the server cert.
+   * @param certList List of certificates the user can choose from.
+   * @param selectedIndex Index of the cert in |certList| that the user chose.
+   *                      Ignored if the return value is false.
+   * @param rememberClientAuthCertificate Whether to remember selection.
+   * @return true if a certificate was chosen. false if the user canceled.
+   */
+  [must_use]
+  boolean chooseCertificate(in AUTF8String hostname,
+                            in long port,
+                            in AUTF8String organization,
+                            in AUTF8String issuerOrg,
+                            in nsIArray certList,
+                            out unsigned long selectedIndex,
+                            out boolean rememberClientAuthCertificate);
+};
+
+%{C++
+#define NS_CLIENTAUTHDIALOGS_CONTRACTID "@mozilla.org/nsClientAuthDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIClientAuthRememberService.idl b/security/manager/ssl/nsIClientAuthRememberService.idl
new file mode 100644
index 0000000000..8797bae869
--- /dev/null
+++ b/security/manager/ssl/nsIClientAuthRememberService.idl
@@ -0,0 +1,65 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{ C++
+#include "mozilla/OriginAttributes.h"
+
+#define NS_CLIENTAUTHREMEMBERSERVICE_CONTRACTID "@mozilla.org/security/clientAuthRememberService;1"
+%}
+
+interface nsIX509Cert;
+
+[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+
+[scriptable, uuid(e92825af-7e81-4b5c-b412-8e1dd36d14fe)]
+interface nsIClientAuthRememberRecord : nsISupports
+{
+  readonly attribute ACString asciiHost;
+  readonly attribute ACString dbKey;
+  readonly attribute ACString entryKey;
+};
+
+[scriptable, uuid(1dbc6eb6-0972-4bdb-9dc4-acd0abf72369)]
+interface nsIClientAuthRememberService : nsISupports
+{
+
+  [must_use]
+  void forgetRememberedDecision(in ACString key);
+
+
+  [must_use]
+  Array<nsIClientAuthRememberRecord> getDecisions();
+
+
+  [must_use, noscript]
+  void rememberDecision(in ACString aHostName,
+                        in const_OriginAttributesRef aOriginAttributes,
+                        in nsIX509Cert aClientCert);
+
+  [implicit_jscontext]
+  void rememberDecisionScriptable(in ACString aHostName,
+                                  in jsval originAttributes,
+                                  in nsIX509Cert aClientCert);
+
+  [must_use, noscript]
+  bool hasRememberedDecision(in ACString aHostName,
+                             in const_OriginAttributesRef aOriginAttributes,
+                             out ACString aCertDBKey);
+
+  [implicit_jscontext]
+  bool hasRememberedDecisionScriptable(in ACString aHostName,
+                                       in jsval originAttributes,
+                                       out ACString aCertDBKey);
+
+  [must_use]
+  void clearRememberedDecisions();
+
+  [implicit_jscontext]
+  void deleteDecisionsByHost(in ACString aHostName,
+                             in jsval aOriginAttributes);
+};
diff --git a/security/manager/ssl/nsIContentSignatureVerifier.idl b/security/manager/ssl/nsIContentSignatureVerifier.idl
new file mode 100644
index 0000000000..e5442845d5
--- /dev/null
+++ b/security/manager/ssl/nsIContentSignatureVerifier.idl
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "nsISupports.idl"
+#include "nsIX509CertDB.idl"
+
+interface nsIContentSignatureReceiverCallback;
+
+/**
+ * An interface for verifying content-signatures, inspired by
+ * https://tools.ietf.org/html/draft-thomson-http-content-signature-00
+ * described here https://github.com/franziskuskiefer/content-signature/tree/pki
+ */
+[scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)]
+interface nsIContentSignatureVerifier : nsISupports
+{
+  const AppTrustedRoot ContentSignatureProdRoot = 1;
+  const AppTrustedRoot ContentSignatureStageRoot = 2;
+  const AppTrustedRoot ContentSignatureDevRoot = 3;
+  const AppTrustedRoot ContentSignatureLocalRoot = 4;
+
+  /**
+   * Verifies that the data matches the data that was used to generate the
+   * signature.
+   *
+   * @param aData                   The data to be tested.
+   * @param aContentSignatureHeader The content-signature header,
+   *                                url-safe base64 encoded.
+   * @param aCertificateChain       The certificate chain to use for verification.
+   *                                PEM encoded string.
+   * @param aHostname               The hostname for which the end entity must
+   *                                be valid.
+   * @param aTrustedRoot            The identifier corresponding to the
+   *                                expected root certificate of the
+   *                                certificate chain (note that the root need
+   *                                not actually be included in the chain).
+   * @returns Promise that resolves with the value true if the signature
+   *          matches the data and aCertificateChain is valid within aContext,
+   *          and false if not. Rejects if another error occurred.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncVerifyContentSignature(in ACString aData,
+                                      in ACString aContentSignatureHeader,
+                                      in ACString aCertificateChain,
+                                      in ACString aHostname,
+                                      in AppTrustedRoot aTrustedRoot);
+};
diff --git a/security/manager/ssl/nsICryptoHash.idl b/security/manager/ssl/nsICryptoHash.idl
new file mode 100644
index 0000000000..2aa0ebb242
--- /dev/null
+++ b/security/manager/ssl/nsICryptoHash.idl
@@ -0,0 +1,109 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInputStream;
+
+/**
+ * nsICryptoHash
+ * This interface provides crytographic hashing algorithms.
+ */
+
+[builtinclass, scriptable, uuid(1e5b7c43-4688-45ce-92e1-77ed931e3bbe)]
+interface nsICryptoHash : nsISupports
+{
+    /**
+     * Hashing Algorithms.  These values are to be used by the
+     * |init| method to indicate which hashing function to
+     * use.  These values must be identical to the values defined
+     * in security/nss/lib/util/hasht.h in type HASH_HashType.
+     * This allows us to use NSS mapping functions like
+     * HASH_GetHashOidTagByHashType with these values.
+     */
+    const unsigned long MD5    = 2;  /* String value: "md5"    */
+    const unsigned long SHA1   = 3;  /* String value: "sha1"   */
+    const unsigned long SHA256 = 4;  /* String value: "sha256" */
+    const unsigned long SHA384 = 5;  /* String value: "sha384" */
+    const unsigned long SHA512 = 6;  /* String value: "sha512" */
+
+    /**
+     * Initialize the hashing object. This method may be
+     * called multiple times with different algorithm types.
+     *
+     * @param aAlgorithm the algorithm type to be used.
+     *        This value must be one of the above valid
+     *        algorithm types.
+     *
+     * @throws NS_ERROR_INVALID_ARG if an unsupported algorithm
+     *         type is passed.
+     *
+     * NOTE: This method or initWithString must be called
+     *       before any other method on this interface is called.
+     */
+    void init(in unsigned long aAlgorithm);
+
+    /**
+     * Initialize the hashing object. This method may be
+     * called multiple times with different algorithm types.
+     *
+     * @param aAlgorithm the algorithm type to be used.
+     *
+     * @throws NS_ERROR_INVALID_ARG if an unsupported algorithm
+     *         type is passed.
+     *
+     * NOTE: This method or init must be called before any
+     *       other method on this interface is called.
+     */
+    [must_use]
+    void initWithString(in ACString aAlgorithm);
+
+    /**
+     * @param aData a buffer to calculate the hash over
+     *
+     * @param aLen the length of the buffer |aData|
+     *
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
+     */
+    void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen);
+
+    /**
+     * Calculates and updates a new hash based on a given data stream.
+     *
+     * @param aStream an input stream to read from.
+     *
+     * @param aLen How much to read from the given |aStream|. Passing UINT32_MAX
+     *        indicates that all data available will be used to update the hash.
+     *
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
+     *
+     * @throws NS_ERROR_NOT_AVAILABLE If the requested amount of
+     *         data to be calculated into the hash is not available.
+     *
+     */
+    [must_use]
+    void updateFromStream(in nsIInputStream aStream, in unsigned long aLen);
+
+    /**
+     * Completes this hash object and produces the actual hash data.
+     *
+     * @param aASCII If true then the returned value is a base64 encoded string.
+     *        If false, then the returned value is binary data.
+     *
+     * @return a hash of the data that was read by this object.  This can
+     *         be either binary data or base 64 encoded.
+     *
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
+     *
+     * NOTE: This method may be called any time after |init|
+     *       is called.  This call resets the object to its
+     *       pre-init state.
+     */
+    ACString finish(in boolean aASCII);
+};
+
+%{C++
+nsresult NS_NewCryptoHash(uint32_t aHashType, nsICryptoHash** aOutHasher);
+nsresult NS_NewCryptoHash(const nsACString& aHashType, nsICryptoHash** aOutHasher);
+%}
diff --git a/security/manager/ssl/nsINSSComponent.idl b/security/manager/ssl/nsINSSComponent.idl
new file mode 100644
index 0000000000..c0f6054ddf
--- /dev/null
+++ b/security/manager/ssl/nsINSSComponent.idl
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#include "cert.h"
+#include "SharedCertVerifier.h"
+#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
+%}
+
+[ptr] native CERTCertificatePtr(CERTCertificate);
+[ptr] native SharedCertVerifierPtr(mozilla::psm::SharedCertVerifier);
+
+[scriptable, uuid(a0a8f52b-ea18-4abc-a3ca-eccf704ffe63)]
+interface nsINSSComponent : nsISupports {
+  /**
+   * When we log out of a PKCS#11 token, any TLS connections that may have
+   * involved a client certificate stored on that token must be closed. Since we
+   * don't have a fine-grained way to do this, we basically cancel everything.
+   * More speficially, this clears all temporary certificate exception overrides
+   * and any remembered client authentication certificate decisions, and then
+   * cancels all network connections (strictly speaking, this last part is
+   * overzealous - we only need to cancel all https connections (see bug
+   * 1446645)).
+   */
+  [noscript] void logoutAuthenticatedPK11();
+
+  /**
+   * Used to determine if the given certificate (represented as an array of
+   * bytes) is the certificate we use in tests to simulate a built-in root
+   * certificate. Returns false in non-debug builds.
+   */
+  [noscript] bool isCertTestBuiltInRoot(in Array<octet> cert);
+
+  /**
+   * If enabled by the preference "security.enterprise_roots.enabled", returns
+   * an array of arrays of bytes representing the imported enterprise root
+   * certificates (i.e. root certificates gleaned from the OS certificate
+   * store). Returns an empty array otherwise.
+   * Currently this is only implemented on Windows and MacOS X, so this
+   * function returns an empty array on all other platforms.
+   */
+  Array<Array<octet> > getEnterpriseRoots();
+
+  /**
+   * Similarly, but for intermediate certificates.
+   */
+  Array<Array<octet> > getEnterpriseIntermediates();
+
+  /**
+   * Test utility for adding an intermediate certificate to the current set of
+   * imported enterprise intermediates, if any. Additions to the set made using
+   * this function will be cleared when the value of the preference
+   * "security.enterprise_roots.enabled" changes.
+   */
+  void addEnterpriseIntermediate(in Array<octet> intermediateBytes);
+
+  /**
+   * For performance reasons, the builtin roots module is loaded on a background
+   * thread. When any code that depends on the builtin roots module runs, it
+   * must first wait for the module to be loaded.
+   */
+  [noscript] void blockUntilLoadableCertsLoaded();
+
+  /**
+   * In theory a token on a PKCS#11 module can be inserted or removed at any
+   * time. Operations that may depend on resources on external tokens should
+   * call this to ensure they have a recent view of the token.
+   */
+  [noscript] void checkForSmartCardChanges();
+
+  /**
+   * Used to potentially detect when a user's internet connection is being
+   * intercepted. When doing an update ping, if certificate verification fails,
+   * we make a note of the issuer distinguished name of that certificate.
+   * If a subsequent certificate verification fails, we compare issuer
+   * distinguished names. If they match, something may be intercepting the
+   * user's traffic (if they don't match, the server is likely misconfigured).
+   * This function succeeds if the given DN matches the noted DN and fails
+   * otherwise (e.g. if the update ping never failed).
+   */
+  [noscript] void issuerMatchesMitmCanary(in string certIssuer);
+
+  /**
+   * Returns an already-adrefed handle to the currently configured shared
+   * certificate verifier.
+   */
+  [noscript] SharedCertVerifierPtr getDefaultCertVerifier();
+
+  /**
+   * For clearing both SSL internal and external session cache from JS.
+   * WARNING: May be racy when using the socket process.
+   */
+  void clearSSLExternalAndInternalSessionCache();
+
+  /**
+   * For clearing both SSL internal and external session cache from JS.
+   */
+  [implicit_jscontext]
+  Promise asyncClearSSLExternalAndInternalSessionCache();
+};
diff --git a/security/manager/ssl/nsINSSErrorsService.idl b/security/manager/ssl/nsINSSErrorsService.idl
new file mode 100644
index 0000000000..e68cba3a05
--- /dev/null
+++ b/security/manager/ssl/nsINSSErrorsService.idl
@@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(12f60021-e14b-4020-99d1-ed2c795be66a)]
+interface nsINSSErrorsService : nsISupports
+{
+    /**
+     *  @param aNSPRCode An error code obtained using PR_GetError()
+     *  @return True if it is error code defined by the NSS library
+     */
+    [must_use]
+    boolean isNSSErrorCode(in int32_t aNSPRCode);
+
+    /**
+     *  Function will fail if aNSPRCode is not an NSS error code.
+     *  @param aNSPRCode An error code obtained using PR_GetError()
+     *  @return The result of the conversion, an XPCOM error code
+     */
+    [must_use]
+    nsresult getXPCOMFromNSSError(in int32_t aNSPRCode);
+
+    /**
+     *  Function will fail if aXPCOMErrorCode is not an NSS error code.
+     *  @param aXPCOMErrorCode An error code obtained using getXPCOMFromNSSError
+     *  return A localized human readable error explanation.
+     */
+    AString getErrorMessage(in nsresult aXPCOMErrorCode);
+
+    /**
+     *  Function will fail if aXPCOMErrorCode is not an NSS error code.
+     *  @param aXPCOMErrorCode An error code obtained using getXPCOMFromNSSError
+     *  return the error class of the code, either ERROR_CLASS_BAD_CERT
+     *         or ERROR_CLASS_SSL_PROTOCOL
+     */
+    [must_use]
+    uint32_t getErrorClass(in nsresult aXPCOMErrorCode);
+
+    const unsigned long ERROR_CLASS_SSL_PROTOCOL = 1;
+    const unsigned long ERROR_CLASS_BAD_CERT     = 2;
+
+    /**
+     *  The following values define the range of NSPR error codes used by NSS.
+     *  NSS remains the authorative source for these numbers, as a result,
+     *  the values might change in the future.
+     *  The security module will perform a runtime check and assertion
+     *  to ensure the values are in synch with NSS.
+     */
+    const long NSS_SEC_ERROR_BASE  = -(0x2000);
+    const long NSS_SEC_ERROR_LIMIT = (NSS_SEC_ERROR_BASE + 1000);
+    const long NSS_SSL_ERROR_BASE  = -(0x3000);
+    const long NSS_SSL_ERROR_LIMIT = (NSS_SSL_ERROR_BASE + 1000);
+
+    /**
+     * The error codes within each module must fit in 16 bits. We want these
+     * errors to fit in the same module as the NSS errors but not overlap with
+     * any of them. Converting an NSS SEC, NSS SSL, or mozilla::pkix error to
+     * an NS error involves negating the value of the error and then
+     * synthesizing an error in the NS_ERROR_MODULE_SECURITY module. Hence,
+     * mozilla::pkix errors will start at a negative value that both doesn't
+     * overlap with the current value ranges for NSS errors and that will fit
+     * in 16 bits when negated.
+     *
+     * Keep these in sync with pkixnss.h.
+     */
+    const long MOZILLA_PKIX_ERROR_BASE  = -(0x4000);
+    const long MOZILLA_PKIX_ERROR_LIMIT = (MOZILLA_PKIX_ERROR_BASE + 1000);
+};
diff --git a/security/manager/ssl/nsINSSVersion.idl b/security/manager/ssl/nsINSSVersion.idl
new file mode 100644
index 0000000000..000f221e61
--- /dev/null
+++ b/security/manager/ssl/nsINSSVersion.idl
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#define NS_NSSVERSION_CONTRACTID "@mozilla.org/security/nssversion;1"
+%}
+
+[scriptable, uuid(a8a53a2b-75cc-4c68-a9bb-9791dbddaa00)]
+interface nsINSSVersion : nsISupports {
+    /* Minimal required versions as used at build time */
+    [must_use]
+    readonly attribute AString NSPR_MinVersion;
+    [must_use]
+    readonly attribute AString NSS_MinVersion;
+    [must_use]
+    readonly attribute AString NSSUTIL_MinVersion;
+    [must_use]
+    readonly attribute AString NSSSSL_MinVersion;
+    [must_use]
+    readonly attribute AString NSSSMIME_MinVersion;
+
+    /* Versions of libraries currently in use */
+    [must_use]
+    readonly attribute AString NSPR_Version;
+    [must_use]
+    readonly attribute AString NSS_Version;
+    [must_use]
+    readonly attribute AString NSSUTIL_Version;
+    [must_use]
+    readonly attribute AString NSSSSL_Version;
+    [must_use]
+    readonly attribute AString NSSSMIME_Version;
+};
diff --git a/security/manager/ssl/nsIOSKeyStore.idl b/security/manager/ssl/nsIOSKeyStore.idl
new file mode 100644
index 0000000000..478f852d2b
--- /dev/null
+++ b/security/manager/ssl/nsIOSKeyStore.idl
@@ -0,0 +1,144 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(57972956-5718-42d2-8070-b3fc72212eaf)]
+interface nsIOSKeyStore: nsISupports {
+  /**
+   * This interface provides encryption and decryption operations for data at
+   * rest. The key used to encrypt and decrypt the data is stored in the OS
+   * key store.
+   *
+   * Usage:
+   *
+   * // obtain the singleton OSKeyStore instance
+   * const oskeystore = Cc["@mozilla.org/security/oskeystore;1"].getService(Ci.nsIOSKeyStore);
+   *
+   * const PASSWORD_LABEL = "mylabel1";
+   * const COOKIE_LABEL = "mylabel2";
+   *
+   * // Unlock the key store.
+   * // Note that this is not necesssary. The key store will be unlocked
+   * // automatically when an operation is performed on it.
+   * await oskeystore.asyncUnlock();
+   *
+   * // Check if there's a secret for your label already.
+   * if (!await oskeystore.asyncSecretAvailable(PASSWORD_LABEL)) {
+   *   // Fail or generate a new secret for your label.
+   *   // If you want to generate a new secret, do.
+   *   // Hold onto `recoveryPhrase` to present to the user.
+   *   let recoveryPhrase = await oskeystore.asyncGenerateSecret(PASSWORD_LABEL);
+   * }
+   *
+   * // Assuming there's a secret with your label. Encrypt/Decrypt as follows.
+   * let encryptedPasswordBytes = await oskeystore.asyncEncryptBytes(PASSWORD_LABEL, passwordBytes);
+   * let newPasswordBytes = await oskeystore.asyncDecryptBytes(PASSWORD_LABEL, encryptedPasswordBytes);
+   *
+   * // Delete the secret from the key store.
+   * await oskeystore.asyncDeleteSecret(PASSWORD_LABEL);
+   *
+   * // Recover a secret from a recovery code.
+   * await oskeystore.asyncRecoverSecret(PASSWORD_LABEL, recoveryPhrase);
+   *
+   * // Lock the key store to prompt the user to log into her OS key store again.
+   * await oskeystore.asyncLock();
+   */
+
+  /**
+   * Generate a new secret and store it in the OS key store with the given label.
+   * The caller should make sure that no other secrets with the same label are
+   * present before calling this function.
+   * This invalidates all previous ciphertexts created with the key
+   * corresponding to the given label.
+   *
+   * @param label The label to use for the secret.
+   * @return Promise that resolves to the recoveryPhrase string used to generate
+   *         the secret.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncGenerateSecret(in ACString label);
+
+  /**
+   * Check whether a secret for a given label exists.
+   *
+   * @param label The label to lookup.
+   * @return Promise that resolves to a bool (whether a secret with label is
+   *         known or not) or an error.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncSecretAvailable(in ACString label);
+
+  /**
+   * Set a secret from a given recovery phrase.
+   * This might not be implemented on all platforms.
+   * This invalidates all previous ciphertexts.
+   *
+   * @param label The label to use for the secret.
+   * @param recoveryPhrase The recovery phrase that's used to generate the secret.
+   * @return Promise that resolves to undefined or an error.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncRecoverSecret(in ACString label, in ACString recoveryPhrase);
+
+  /**
+   * Delete secret with a given label. If there is no secret with the given
+   * label, no action is taken.
+   *
+   * @param label The label of the secret to delete.
+   * @return Promise that resolves to undefined or an error.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncDeleteSecret(in ACString label);
+
+
+  /**
+   * Encrypt the given data and then return the result as a base64-encoded
+   * string.
+   *
+   * @param label The label of the key to use to encrypt.
+   * @param inBytes The bytes to encrypt.
+   * @return Promise resolving to the encrypted text, encoded as Base64, or an
+   *         error.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncEncryptBytes(in ACString label, in Array<uint8_t> inBytes);
+
+  /**
+   * Decode and then decrypt the given base64-encoded string.
+   *
+   * @param label The label of the key to use to decrypt.
+   * @param encryptedBase64Text Encrypted input text, encoded as Base64.
+   * @return Promise resolving to the plaintext bytes or an error.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncDecryptBytes(in ACString label, in ACString encryptedBase64Text);
+
+  /**
+   * Lock the key store.
+   * The actual behaviour of this depends on the OS.
+   *
+   * @return Promise resolving to undefined or an error.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncLock();
+
+  /**
+   * Unlock the key store.
+   * The actual behaviour of this depends on the OS.
+   *
+   * @return Promise resolving to undefined or an error.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncUnlock();
+
+
+  /**
+   * Check if the implementation is using the NSS key store.
+   * This is a special case because Firefox has to handle the locking and
+   * unlocking.
+   */
+  readonly attribute bool isNSSKeyStore;
+};
diff --git a/security/manager/ssl/nsIOSReauthenticator.idl b/security/manager/ssl/nsIOSReauthenticator.idl
new file mode 100644
index 0000000000..753322ced5
--- /dev/null
+++ b/security/manager/ssl/nsIOSReauthenticator.idl
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface mozIDOMWindow;
+
+[scriptable, uuid(4fe082ae-6ff0-4b41-b24f-eaa664f6e46a)]
+interface nsIOSReauthenticator: nsISupports {
+  /**
+   * This interface provides an abstract way to request that the user
+   * reauthenticate themselves to the operating system. It may be useful in
+   * conjunction with nsIOSKeyStore, whereby consumers of these APIs may
+   * consider some secrets too sensitive to access without first
+   * reauthenticating the user.
+   *
+   * Usage:
+   *
+   * // obtain the singleton nsIOSReauthenticator instance
+   * const reauthenticator = Cc["@mozilla.org/security/osreauthenticator;1"]
+   *                           .getService(Ci.nsIOSReauthenticator);
+   * if (await reauthenticator.asyncReauthenticate()) {
+   *   // do something only authenticated users are allowed to do...
+   * } else {
+   *   // show a "sorry, this isn't allowed" error
+   * }
+   */
+
+  /**
+   * Asynchronously cause the operating system to request that the user
+   * reauthenticate. This is typically in the form of a dialog box asking the
+   * user for their login password. The actual behaviour of this depends on the
+   * OS.
+   *
+   * @param prompt A short string that may be incorporated in the dialog
+   * @param caption A short string that may be shown as the dialog caption (usually Product Name)
+   * @param parentWindow Used to associate the OS dialog with the calling window.
+   * @return Promise resolving to true if the user successfully authenticated
+   *         and false otherwise.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncReauthenticateUser(in AString prompt, in AString caption, in mozIDOMWindow parentWindow);
+};
diff --git a/security/manager/ssl/nsIPK11Token.idl b/security/manager/ssl/nsIPK11Token.idl
new file mode 100644
index 0000000000..ae8fc2e994
--- /dev/null
+++ b/security/manager/ssl/nsIPK11Token.idl
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(51191434-1dd2-11b2-a17c-e49c4e99a4e3)]
+interface nsIPK11Token : nsISupports
+{
+  /*
+   * The name of the token
+   */
+  [must_use]
+  readonly attribute AUTF8String tokenName;
+  [must_use]
+  readonly attribute boolean isInternalKeyToken;
+  /**
+   * Manufacturer ID of the token.
+   */
+  [must_use]
+  readonly attribute AUTF8String tokenManID;
+  /**
+   * Hardware version of the token.
+   */
+  [must_use]
+  readonly attribute AUTF8String tokenHWVersion;
+  /**
+   * Firmware version of the token.
+   */
+  [must_use]
+  readonly attribute AUTF8String tokenFWVersion;
+  [must_use]
+  readonly attribute AUTF8String tokenSerialNumber;
+
+  /*
+   * Login information
+   */
+  [must_use]
+  boolean isLoggedIn();
+  [must_use]
+  void login(in boolean force);
+  [must_use]
+  void logoutSimple();
+  [must_use]
+  void logoutAndDropAuthenticatedResources();
+  [must_use]
+  boolean needsLogin();
+  [must_use]
+  readonly attribute boolean needsUserInit;
+
+  /*
+   * Reset password
+   */
+  [must_use]
+  void reset();
+
+  /**
+   * Checks whether the given password is correct. Logs the token out if an
+   * incorrect password is given.
+   *
+   * @param password The password to check.
+   * @return true if the password was correct, false otherwise.
+   */
+  [must_use]
+  boolean checkPassword(in AUTF8String password);
+  [must_use]
+  void initPassword(in AUTF8String initialPassword);
+  [must_use]
+  void changePassword(in AUTF8String oldPassword, in AUTF8String newPassword);
+
+  /*
+   * True if a password has been configured for this token, and false otherwise.
+   * (Whether or not the user is currently logged in makes no difference.)
+   * In particular, this can be used to determine if a user has set a master
+   * password (if this is the internal key token).
+   */
+  [must_use]
+  readonly attribute boolean hasPassword;
+};
diff --git a/security/manager/ssl/nsIPK11TokenDB.idl b/security/manager/ssl/nsIPK11TokenDB.idl
new file mode 100644
index 0000000000..c493e0c57c
--- /dev/null
+++ b/security/manager/ssl/nsIPK11TokenDB.idl
@@ -0,0 +1,31 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPK11Token;
+
+/**
+ * The PK11 Token Database provides access to the PK11 modules
+ * that are installed, and the tokens that are available.
+ * Interfaces: nsIPK11TokenDB
+ * Threading: ??
+ */
+%{C++
+#define NS_PK11TOKENDB_CONTRACTID "@mozilla.org/security/pk11tokendb;1"
+%}
+
+/**
+ * nsIPK11TokenDB - Manages PK11 Tokens
+ */
+[scriptable, uuid(4ee28c82-1dd2-11b2-aabf-bb4017abe395)]
+interface nsIPK11TokenDB : nsISupports
+{
+  /*
+   * Get the internal key database token
+   */
+  nsIPK11Token getInternalKeyToken();
+};
diff --git a/security/manager/ssl/nsIPKCS11Module.idl b/security/manager/ssl/nsIPKCS11Module.idl
new file mode 100644
index 0000000000..0446b7ddaa
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11Module.idl
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPKCS11Slot;
+interface nsISimpleEnumerator;
+
+[scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)]
+interface nsIPKCS11Module : nsISupports
+{
+  [must_use]
+  readonly attribute AUTF8String name;
+  [must_use]
+  readonly attribute AUTF8String libName;
+  [must_use]
+  nsISimpleEnumerator listSlots();
+};
diff --git a/security/manager/ssl/nsIPKCS11ModuleDB.idl b/security/manager/ssl/nsIPKCS11ModuleDB.idl
new file mode 100644
index 0000000000..9221fd26c6
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11ModuleDB.idl
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPKCS11Module;
+interface nsIPKCS11Slot;
+interface nsISimpleEnumerator;
+
+%{C++
+#define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1"
+%}
+
+[scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)]
+interface nsIPKCS11ModuleDB : nsISupports
+{
+  [must_use]
+  void deleteModule(in AString moduleName);
+
+  [must_use]
+  void addModule(in AString moduleName,
+                 in AString libraryFullPath,
+                 in long cryptoMechanismFlags,
+                 in long cipherFlags);
+
+  [must_use]
+  nsISimpleEnumerator listModules();
+
+  [must_use]
+  readonly attribute boolean canToggleFIPS;
+
+  [must_use]
+  void toggleFIPSMode();
+
+  [must_use]
+  readonly attribute boolean isFIPSEnabled;
+};
diff --git a/security/manager/ssl/nsIPKCS11Slot.idl b/security/manager/ssl/nsIPKCS11Slot.idl
new file mode 100644
index 0000000000..20c82729c1
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11Slot.idl
@@ -0,0 +1,52 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPK11Token;
+
+[scriptable, uuid(c2d4f296-ee60-11d4-998b-00b0d02354a0)]
+interface nsIPKCS11Slot : nsISupports {
+  [must_use]
+  readonly attribute AUTF8String name;
+  [must_use]
+  readonly attribute AUTF8String desc;
+  /**
+   * Manufacturer ID of the slot.
+   */
+  [must_use]
+  readonly attribute AUTF8String manID;
+  /**
+   * Hardware version of the slot.
+   */
+  [must_use]
+  readonly attribute AUTF8String HWVersion;
+  /**
+   * Firmware version of the slot.
+   */
+  [must_use]
+  readonly attribute AUTF8String FWVersion;
+
+  const unsigned long SLOT_DISABLED      = 0;
+  const unsigned long SLOT_NOT_PRESENT   = 1;
+  const unsigned long SLOT_UNINITIALIZED = 2;
+  const unsigned long SLOT_NOT_LOGGED_IN = 3;
+  const unsigned long SLOT_LOGGED_IN     = 4;
+  const unsigned long SLOT_READY         = 5;
+  [must_use]
+  readonly attribute unsigned long status;
+
+  /* This is really a workaround for now.  All of the "slot" functions
+   * (isTokenPresent(), etc.) are in nsIPK11Token.  For now, return the
+   * token and handle those things there.
+   */
+  [must_use]
+  nsIPK11Token getToken();
+
+  /* more fun with workarounds - we're referring to everything by token name */
+  [must_use]
+  readonly attribute AUTF8String tokenName;
+};
diff --git a/security/manager/ssl/nsIPublicKeyPinningService.idl b/security/manager/ssl/nsIPublicKeyPinningService.idl
new file mode 100644
index 0000000000..b48f86dbb7
--- /dev/null
+++ b/security/manager/ssl/nsIPublicKeyPinningService.idl
@@ -0,0 +1,22 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+
+[scriptable, uuid(f64432b9-e8c6-41b4-b2da-8eb004344bba), builtinclass]
+interface nsIPublicKeyPinningService : nsISupports
+{
+  /**
+   * Returns true if the host of the given URI has pinning information, and
+   * false otherwise.
+   */
+  [must_use]
+  bool hostHasPins(in nsIURI aURI);
+};
+
+%{C++
+#define NS_PKPSERVICE_CONTRACTID "@mozilla.org/security/publickeypinningservice;1"
+%}
diff --git a/security/manager/ssl/nsISecretDecoderRing.idl b/security/manager/ssl/nsISecretDecoderRing.idl
new file mode 100644
index 0000000000..caa70b2f3b
--- /dev/null
+++ b/security/manager/ssl/nsISecretDecoderRing.idl
@@ -0,0 +1,77 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(0EC80360-075C-11d4-9FD4-00C04F1B83D8)]
+interface nsISecretDecoderRing: nsISupports {
+  /**
+   * Encrypt to Base64 output.
+   * Note that the input must basically be a byte array (i.e. the code points
+   * must be within the range [0, 255]). Hence, using this method directly to
+   * encrypt passwords (or any text, really) won't work as expected.
+   * Instead, use something like nsIScriptableUnicodeConverter to first convert
+   * the desired password or text to UTF-8, then encrypt that. Remember to
+   * convert back when calling decryptString().
+   *
+   * @param text The text to encrypt.
+   * @return The encrypted text, encoded as Base64.
+   */
+  [must_use]
+  ACString encryptString(in ACString text);
+
+  /**
+   * Run encryptString on multiple strings, asynchronously. This will allow you
+   * to not jank the browser if you need to encrypt a large number of strings
+   * all at once. This method accepts an array of wstrings which it will convert
+   * to UTF-8 internally before encrypting.
+   *
+   * @param plaintexts the strings to encrypt.
+   * @return A promise for the list of encrypted strings, encoded as Base64.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncEncryptStrings(in Array<AUTF8String> plaintexts);
+
+  /**
+   * Decrypt Base64 input.
+   * See the encryptString() documentation - this method has basically the same
+   * limitations.
+   *
+   * @param encryptedBase64Text Encrypted input text, encoded as Base64.
+   * @return The decoded text.
+   */
+  [must_use]
+  ACString decryptString(in ACString encryptedBase64Text);
+
+  /**
+   * Run decryptString on multiple strings, asynchronously. This will allow you
+   * to not jank the browser if you need to decrypt a large number of strings
+   * all at once.
+   *
+   * @param encryptedStrings the strings to decrypt, encoded as Base64.
+   * @return A promise that resolves with the list of decrypted strings in Unicode.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncDecryptStrings(in Array<ACString> encryptedStrings);
+
+  /**
+   * Prompt the user to change the password on the SDR key.
+   */
+  [must_use]
+  void changePassword();
+
+  /**
+   * Logout of the security device that protects the SDR key.
+   */
+  [must_use]
+  void logout();
+
+  /**
+   * Logout of the security device that protects the SDR key and tear
+   * down authenticated objects.
+   */
+  [must_use]
+  void logoutAndTeardown();
+};
diff --git a/security/manager/ssl/nsISecurityUITelemetry.idl b/security/manager/ssl/nsISecurityUITelemetry.idl
new file mode 100644
index 0000000000..5c550bd897
--- /dev/null
+++ b/security/manager/ssl/nsISecurityUITelemetry.idl
@@ -0,0 +1,34 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(5d1acf82-223a-46fb-a8f3-a1b16e2ceb04)]
+interface nsISecurityUITelemetry : nsISupports {
+
+/*
+ * Addon installation warnings
+ */
+
+// Firefox prevented this site from asking you to install addon
+const uint32_t WARNING_ADDON_ASKING_PREVENTED = 1;
+// User clicks through and allows site to ask to install addons
+const uint32_t WARNING_ADDON_ASKING_PREVENTED_CLICK_THROUGH = 2;
+// Are you sure you want to install this addon? Only install addons you trust
+const uint32_t WARNING_CONFIRM_ADDON_INSTALL = 3;
+// User clicked she is sure after waiting 3secs
+const uint32_t WARNING_CONFIRM_ADDON_INSTALL_CLICK_THROUGH  = 4;
+
+
+/*
+ * modal dialogs/warnings
+ */
+
+// User encountered a POST to an insecure context from a secure context.
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE = 9;
+// User clicked through to POST to an insecure context from a secure context.
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE_CLICK_THROUGH = 10;
+};
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl
new file mode 100644
index 0000000000..882dbb78ad
--- /dev/null
+++ b/security/manager/ssl/nsISiteSecurityService.idl
@@ -0,0 +1,145 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+
+[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+
+[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
+interface nsISiteSecurityService : nsISupports
+{
+    const uint32_t Success = 0;
+    const uint32_t ERROR_UNKNOWN = 1;
+    // ERROR_UNTRUSTWORTHY_CONNECTION was 2 (the caller is now responsible for
+    // checking this)
+    const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
+    const uint32_t ERROR_NO_MAX_AGE = 4;
+    const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
+    const uint32_t ERROR_INVALID_MAX_AGE = 6;
+    const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
+    const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
+    // The constants that were removed below were used in HPKP processing
+    // (which has been removed entirely).
+    // ERROR_INVALID_PIN was 9
+    // ERROR_MULTIPLE_REPORT_URIS was 10
+    // ERROR_PINSET_DOES_NOT_MATCH_CHAIN was 11
+    // ERROR_NO_BACKUP_PIN was 12
+    const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
+    // ERROR_ROOT_NOT_BUILT_IN was 14
+
+    /**
+     * Parses a given HTTP header and records the results internally.
+     * Currently one header type is supported: HSTS (aka STS).
+     * The format of the HSTS header is defined by the HSTS specification:
+     * https://tools.ietf.org/html/rfc6797
+     * and allows a host to specify that future HTTP requests should be
+     * upgraded to HTTPS.
+     * The caller is responsible for first determining that the header was
+     * delivered via a trustworthy connection (namely, https with no errors).
+     *
+     * @param aSourceURI the URI of the resource with the HTTP header.
+     * @param aHeader the HTTP response header specifying security data.
+     * @param aOriginAttributes the origin attributes that isolate this origin,
+     *                          (note that this implementation does not isolate
+     *                          by userContextId because of the risk of man-in-
+     *                          the-middle attacks before trust-on-second-use
+     *                          happens).
+     *                          If mPrivateBrowsingId > 0, information gathered
+     *                          from this header will not be saved persistently.
+     * @param aMaxAge the parsed max-age directive of the header.
+     * @param aIncludeSubdomains the parsed includeSubdomains directive.
+     * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
+                             was returned.
+     * @return NS_OK            if it succeeds
+     *         NS_ERROR_FAILURE if it can't be parsed
+     *         NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+     *                          if there are unrecognized tokens in the header.
+     */
+    [binaryname(ProcessHeader), noscript, must_use]
+    void processHeaderNative(in nsIURI aSourceURI,
+                             in ACString aHeader,
+                             in const_OriginAttributesRef aOriginAttributes,
+                             [optional] out unsigned long long aMaxAge,
+                             [optional] out boolean aIncludeSubdomains,
+                             [optional] out uint32_t aFailureResult);
+
+    [binaryname(ProcessHeaderScriptable), implicit_jscontext, optional_argc,
+     must_use]
+    void processHeader(in nsIURI aSourceURI,
+                       in ACString aHeader,
+                       [optional] in jsval aOriginAttributes,
+                       [optional] out unsigned long long aMaxAge,
+                       [optional] out boolean aIncludeSubdomains,
+                       [optional] out uint32_t aFailureResult);
+
+    // Helper enum for use with resetState.
+    cenum ResetStateBy : 8 {
+      // reset state for the exact domain
+      ExactDomain,
+      // reset state for any domain rooted by the given domain
+      // (e.g. foo.example.com if given example.com)
+      RootDomain,
+      // reset all state associated with the given base domain (e.g. data
+      // partitioned by total cookie protection)
+      BaseDomain,
+    };
+
+    /**
+     * Resets HSTS state a host, including the includeSubdomains state that
+     * would affect subdomains. This essentially removes the state for the
+     * domain tree rooted at this host. If any preloaded information is present
+     * for that host, that information will then be used instead of any other
+     * previously existing state.
+     *
+     * @param aURI    the URI of the target host
+     * @param aOriginAttributes the origin attributes that isolate this origin,
+     *                          (note that this implementation does not isolate
+     *                          by userContextId because of the risk of man-in-
+     *                          the-middle attacks before trust-on-second-use
+     *                          happens).
+     * @param aScope  The scope of state to reset. See ResetStateBy. Defaults
+     *                to ExactDomain.
+     */
+    [implicit_jscontext, optional_argc, must_use]
+    void resetState(in nsIURI aURI,
+                    [optional] in jsval aOriginAttributes,
+                    [optional] in nsISiteSecurityService_ResetStateBy aScope);
+
+    /**
+     * Checks whether or not the URI's hostname has HSTS set.
+     * For example:
+     * The URI is an HSTS URI if either the host has the HSTS state set, or one
+     * of its super-domains has the HSTS "includeSubdomains" flag set.
+     * NOTE: this function makes decisions based only on the
+     * host contained in the URI, and disregards other portions of the URI
+     * such as path and port.
+     *
+     * @param aURI the URI to query for STS state.
+     * @param aOriginAttributes the origin attributes that isolate this origin,
+     *                          (note that this implementation does not isolate
+     *                          by userContextId because of the risk of man-in-
+     *                          the-middle attacks before trust-on-second-use
+     *                          happens).
+     */
+    [binaryname(IsSecureURI), noscript, must_use]
+    boolean isSecureURINative(in nsIURI aURI,
+                              in const_OriginAttributesRef aOriginAttributes);
+
+    [binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc,
+     must_use]
+    boolean isSecureURI(in nsIURI aURI, [optional] in jsval aOriginAttributes);
+
+    /**
+     * Removes all non-preloaded HSTS state by resetting to factory-original
+     * settings.
+     */
+    [must_use]
+    void clearAll();
+};
+
+%{C++
+#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
+%}
diff --git a/security/manager/ssl/nsITLSSocketControl.idl b/security/manager/ssl/nsITLSSocketControl.idl
new file mode 100644
index 0000000000..ae34ec73b6
--- /dev/null
+++ b/security/manager/ssl/nsITLSSocketControl.idl
@@ -0,0 +1,187 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsITlsHandshakeCallbackListener;
+interface nsITransportSecurityInfo;
+interface nsIX509Cert;
+
+%{C++
+#include "nsStringFwd.h"
+#include "nsTArrayForwardDeclare.h"
+%}
+[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
+
+// An interface describing an object that controls and holds information about
+// a TLS handshake.
+// NB: The implementations of this interface may only be used on the socket
+// thread (except for asyncGetSecurityInfo);
+[scriptable, builtinclass, uuid(418265c8-654e-4fbb-ba62-4eed27de1f03)]
+interface nsITLSSocketControl : nsISupports {
+    void proxyStartSSL();
+    void StartTLS();
+
+    /* NPN (Next Protocol Negotiation) is a mechanism for
+       negotiating the protocol to be spoken inside the SSL
+       tunnel during the SSL handshake. The NPNList is the list
+       of offered client side protocols. setNPNList() needs to
+       be called before any data is read or written (including the
+       handshake to be setup correctly. The server determines the
+       priority when multiple matches occur, but if there is no overlap
+       the first protocol in the list is used. */
+
+    [noscript] void setNPNList(in nsCStringTArrayRef aNPNList);
+
+    /* For 0RTT we need to know the alpn protocol selected for the last tls
+     * session. This function will return a value if applicable or an error
+     * NS_ERROR_NOT_AVAILABLE.
+     */
+    ACString getAlpnEarlySelection();
+
+    /* If 0RTT handshake was applied and some data has been sent, as soon as
+     * the handshake finishes this attribute will be set to appropriate value.
+     */
+    readonly attribute bool earlyDataAccepted;
+
+    /* When 0RTT is performed, PR_Write will not drive the handshake forward.
+     * It must be forced by calling this function.
+     */
+    void driveHandshake();
+
+    /* Determine if a potential SSL connection to hostname:port with
+     * a desired NPN negotiated protocol of npnProtocol can use the socket
+     * associated with this object instead of making a new one. And if so, combine
+     * them.
+     */
+    boolean joinConnection(
+      in ACString npnProtocol, /* e.g. "h2" */
+      in ACString hostname,
+      in long port);
+
+    /* just like JoinConnection() except do not mark a successful test as joined.
+     */
+    boolean testJoinConnection(
+      in ACString npnProtocol, /* e.g. "h2" */
+      in ACString hostname,
+      in long port);
+
+    /* Determine if existing connection should be trusted to convey information about
+     * a hostname.
+     */
+    boolean isAcceptableForHost(in ACString hostname);
+
+    /* The Key Exchange Algorithm is used when determining whether or
+       not HTTP/2 can be used.
+
+       After a handshake is complete it can be read from KEAUsed.
+       The values correspond to the SSLKEAType enum in NSS or the
+       KEY_EXCHANGE_UNKNOWN constant defined below.
+
+       KEAKeyBits is the size/security-level used for the KEA.
+    */
+
+    [infallible] readonly attribute short KEAUsed;
+    [infallible] readonly attribute unsigned long KEAKeyBits;
+
+    const short KEY_EXCHANGE_UNKNOWN = -1;
+
+    /*
+     * The original flags from the socket provider.
+     */
+    readonly attribute uint32_t providerFlags;
+
+    /* These values are defined by TLS. */
+    const short SSL_VERSION_3   = 0x0300;
+    const short TLS_VERSION_1   = 0x0301;
+    const short TLS_VERSION_1_1 = 0x0302;
+    const short TLS_VERSION_1_2 = 0x0303;
+    const short TLS_VERSION_1_3 = 0x0304;
+    const short SSL_VERSION_UNKNOWN = -1;
+
+    [infallible] readonly attribute short SSLVersionUsed;
+    [infallible] readonly attribute short SSLVersionOffered;
+
+    /* These values match the NSS defined values in sslt.h */
+    const short SSL_MAC_UNKNOWN = -1;
+    const short SSL_MAC_NULL    = 0;
+    const short SSL_MAC_MD5     = 1;
+    const short SSL_MAC_SHA     = 2;
+    const short SSL_HMAC_MD5    = 3;
+    const short SSL_HMAC_SHA    = 4;
+    const short SSL_HMAC_SHA256 = 5;
+    const short SSL_MAC_AEAD    = 6;
+
+    [infallible] readonly attribute short MACAlgorithmUsed;
+
+    /**
+     * If set to true before the server requests a client cert
+     * no cert will be sent.
+     */
+    [notxpcom, nostdcall] attribute boolean denyClientCert;
+
+    /**
+     * True iff a client cert has been sent to the server - i.e. this
+     * socket has been client-cert authenticated.
+     */
+    [infallible] readonly attribute boolean clientCertSent;
+
+    /*
+     * failedVerification is true if any enforced certificate checks have failed.
+     * Connections that have not yet tried to verify, or are using acceptable
+     * exceptions will all return false.
+     */
+    [infallible] readonly attribute boolean failedVerification;
+
+    /*
+     * esniTxt is a string that consists of the concatenated _esni. TXT records.
+     * This is a base64 encoded ESNIKeys structure.
+     */
+    attribute ACString esniTxt;
+
+    /*
+     * echConfig is defined for conveying the ECH configuration.
+     * This is encoded in base64.
+     */
+    attribute ACString echConfig;
+
+    /**
+     * The echConfig that should be used to retry for the connection setup.
+     */
+    readonly attribute ACString retryEchConfig;
+
+    /**
+     * Disable early data.
+     */
+    [noscript] void disableEarlyData();
+
+    [noscript] void setHandshakeCallbackListener(in nsITlsHandshakeCallbackListener callback);
+
+    /**
+     * The id used to uniquely identify the connection to the peer.
+     */
+    readonly attribute ACString peerId;
+
+    /**
+     * The securityInfo of the TLS handshake.
+     */
+    readonly attribute nsITransportSecurityInfo securityInfo;
+
+    /**
+     * Asynchronously obtain the securityInfo of the TLS handshake. Resolves
+     * with an nsITransportSecurityInfo. This should probably only be used in
+     * tests, where JS running on the main thread cannot access any of the
+     * other fields of nsITLSSocketControl.
+     */
+    [implicit_jscontext, must_use]
+    Promise asyncGetSecurityInfo();
+
+    /**
+     * Claim a speculative connection.
+     */
+    void claim();
+};
diff --git a/security/manager/ssl/nsITokenPasswordDialogs.idl b/security/manager/ssl/nsITokenPasswordDialogs.idl
new file mode 100644
index 0000000000..1e5475e6dd
--- /dev/null
+++ b/security/manager/ssl/nsITokenPasswordDialogs.idl
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIPK11Token;
+
+/**
+ *  This is the interface for setting and changing password
+ *  on a PKCS11 token.
+ */
+[scriptable, uuid(87dbd64a-4466-474e-95f5-1ad1cee5702c)]
+interface nsITokenPasswordDialogs : nsISupports
+{
+  /**
+   * Brings up a dialog to set the password on a token.
+   *
+   * @param ctx A user interface context.
+   * @param token {nsIPK11Token} The token.
+   * @return true if the user canceled the dialog, false otherwise.
+   */
+  [must_use]
+  boolean setPassword(in nsIInterfaceRequestor ctx, in nsIPK11Token token);
+};
+
+%{C++
+#define NS_TOKENPASSWORDSDIALOG_CONTRACTID "@mozilla.org/nsTokenPasswordDialogs;1"
+%}
diff --git a/security/manager/ssl/nsITransportSecurityInfo.idl b/security/manager/ssl/nsITransportSecurityInfo.idl
new file mode 100644
index 0000000000..8fe5879e4a
--- /dev/null
+++ b/security/manager/ssl/nsITransportSecurityInfo.idl
@@ -0,0 +1,137 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIObjectOutputStream;
+interface nsIX509Cert;
+
+%{ C++
+namespace IPC {
+class MessageWriter;
+}
+%}
+
+[ptr] native IpcMessageWriterPtr(IPC::MessageWriter);
+
+[builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)]
+interface nsITransportSecurityInfo : nsISupports {
+    cenum OverridableErrorCategory : 32 {
+      ERROR_UNSET,
+      ERROR_TRUST,
+      ERROR_DOMAIN,
+      ERROR_TIME,
+    };
+
+    readonly attribute unsigned long securityState;
+    readonly attribute long errorCode; // PRErrorCode
+    // errorCode as string (e.g. "SEC_ERROR_UNKNOWN_ISSUER")
+    readonly attribute AString errorCodeString;
+
+    /**
+     * The following parameters are only valid after the TLS handshake
+     * has completed.  Check securityState first.
+     */
+
+    /**
+     * If certificate verification failed, this will be the peer certificate
+     * chain provided in the handshake, so it can be used for error reporting.
+     * If verification succeeded, this will be empty.
+     */
+    readonly attribute Array<nsIX509Cert> failedCertChain;
+
+    readonly attribute nsIX509Cert serverCert;
+    readonly attribute Array<nsIX509Cert> succeededCertChain;
+
+    [must_use]
+    readonly attribute ACString cipherName;
+    [must_use]
+    readonly attribute unsigned long keyLength;
+    [must_use]
+    readonly attribute unsigned long secretKeyLength;
+    [must_use]
+    readonly attribute ACString keaGroupName;
+    [must_use]
+    readonly attribute ACString signatureSchemeName;
+
+    const short SSL_VERSION_3   = 0;
+    const short TLS_VERSION_1   = 1;
+    const short TLS_VERSION_1_1 = 2;
+    const short TLS_VERSION_1_2 = 3;
+    const short TLS_VERSION_1_3 = 4;
+    [must_use]
+    readonly attribute unsigned short protocolVersion;
+
+    const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE          = 0;
+    const short CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT        = 5;
+    const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS  = 6;
+    const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS = 7;
+    [must_use]
+    readonly attribute unsigned short certificateTransparencyStatus;
+
+    [must_use]
+    readonly attribute boolean isAcceptedEch;
+    [must_use]
+    readonly attribute boolean isDelegatedCredential;
+    [must_use]
+    readonly attribute nsITransportSecurityInfo_OverridableErrorCategory overridableErrorCategory;
+
+    /**
+     * True if OCSP requests were made to query the status of certificates
+     * used in this connection.
+     */
+    [must_use]
+    readonly attribute boolean madeOCSPRequests;
+
+    /**
+     * True if the DNS record used for this connection was fetched over an encrypted connection.
+     */
+    [must_use]
+    readonly attribute boolean usedPrivateDNS;
+
+    /**
+     * True only if (and after) serverCert was successfully validated as
+     * Extended Validation (EV).
+     */
+    [must_use]
+    readonly attribute boolean isExtendedValidation;
+
+    [notxpcom, noscript]
+    void SerializeToIPC(in IpcMessageWriterPtr aWriter);
+
+    /**
+     * Serializes the data represented in this interface to a base64-encoded
+     * string that can be deserialized using TransportSecurityInfo::Read.
+     */
+    [must_use]
+    ACString toString();
+
+    /* negotiatedNPN is '' if no NPN list was provided by the client,
+     * or if the server did not select any protocol choice from that
+     * list. That also includes the case where the server does not
+     * implement NPN.
+     *
+     * If negotiatedNPN is read before NPN has progressed to the point
+     * where this information is available NS_ERROR_NOT_CONNECTED is
+     * raised.
+     */
+    readonly attribute ACString negotiatedNPN;
+
+    /**
+     * True iff the connection was resumed using the resumption token.
+     */
+    readonly attribute boolean resumed;
+
+    /**
+     * True iff the succeededCertChain is built in root.
+     */
+    readonly attribute boolean isBuiltCertChainRootBuiltInRoot;
+
+    /**
+     * The id used to uniquely identify the connection to the peer.
+     */
+    readonly attribute ACString peerId;
+};
diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl
new file mode 100644
index 0000000000..a0ce11f42c
--- /dev/null
+++ b/security/manager/ssl/nsIX509Cert.idl
@@ -0,0 +1,206 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509CertValidity;
+interface nsICertVerificationListener;
+
+%{ C++
+namespace IPC {
+class MessageReader;
+class MessageWriter;
+}
+
+ /* forward declaration */
+ typedef struct CERTCertificateStr CERTCertificate;
+%}
+
+[ptr] native CERTCertificatePtr(CERTCertificate);
+[ptr] native IpcMessageReaderPtr(IPC::MessageReader);
+[ptr] native IpcMessageWriterPtr(IPC::MessageWriter);
+
+/**
+ * This represents a X.509 certificate.
+ *
+ * NOTE: Service workers persist x.509 certs in object form on disk.  If you
+ *       change this uuid you probably need a hack in nsBinaryInputStream to
+ *       read the old uuid.  If you change the format of the object
+ *       serialization then more complex changes will be needed.
+ */
+[scriptable, builtinclass, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)]
+interface nsIX509Cert : nsISupports {
+
+  /**
+   *  The primary email address of the certificate, if present.
+   */
+  readonly attribute AString emailAddress;
+
+  /**
+   * Did this certificate ship with the platform as a built-in root?
+   */
+  [must_use]
+  readonly attribute bool isBuiltInRoot;
+
+  /**
+   *  Obtain a list of all email addresses
+   *  contained in the certificate.
+   *
+   *  @return An array of email addresses.
+   */
+  [must_use]
+  Array<AString> getEmailAddresses();
+
+  /**
+   *  Check whether a given address is contained in the certificate.
+   *  The comparison will convert the email address to lowercase.
+   *  The behaviour for non ASCII characters is undefined.
+   *
+   *  @param aEmailAddress The address to search for.
+   *
+   *  @return True if the address is contained in the certificate.
+   */
+  [must_use]
+  boolean containsEmailAddress(in AString aEmailAddress);
+
+  /**
+   *  The subject owning the certificate.
+   */
+  readonly attribute AString subjectName;
+
+  /**
+   *  The subject's common name.
+   */
+  readonly attribute AString commonName;
+
+  /**
+   *  The subject's organization.
+   */
+  readonly attribute AString organization;
+
+  /**
+   *  The subject's organizational unit.
+   */
+  [must_use]
+  readonly attribute AString organizationalUnit;
+
+  /**
+   *  The fingerprint of the certificate's DER encoding,
+   *  calculated using the SHA-256 algorithm.
+   */
+  readonly attribute AString sha256Fingerprint;
+
+  /**
+   *  The fingerprint of the certificate's DER encoding,
+   *  calculated using the SHA1 algorithm.
+   */
+  [must_use]
+  readonly attribute AString sha1Fingerprint;
+
+  /**
+   *  A human readable name identifying the hardware or
+   *  software token the certificate is stored on.
+   */
+  readonly attribute AString tokenName;
+
+  /**
+   *  The subject identifying the issuer certificate.
+   */
+  readonly attribute AString issuerName;
+
+  /**
+   *  The serial number the issuer assigned to this certificate.
+   */
+  [must_use]
+  readonly attribute AString serialNumber;
+
+  /**
+   *  The issuer subject's common name.
+   */
+  [must_use]
+  readonly attribute AString issuerCommonName;
+
+  /**
+   *  The issuer subject's organization.
+   */
+  readonly attribute AString issuerOrganization;
+
+  /**
+   *  The issuer subject's organizational unit.
+   */
+  [must_use]
+  readonly attribute AString issuerOrganizationUnit;
+
+  /**
+   *  This certificate's validity period.
+   */
+  readonly attribute nsIX509CertValidity validity;
+
+  /**
+   *  A unique identifier of this certificate within the local storage.
+   */
+  [must_use]
+  readonly attribute ACString dbKey;
+
+  /**
+   *  A human readable identifier to label this certificate.
+   */
+  [must_use]
+  readonly attribute AString displayName;
+
+  /**
+   *  Constants to classify the type of a certificate.
+   */
+  const unsigned long UNKNOWN_CERT =      0;
+  const unsigned long CA_CERT      = 1 << 0;
+  const unsigned long USER_CERT    = 1 << 1;
+  const unsigned long EMAIL_CERT   = 1 << 2;
+  const unsigned long SERVER_CERT  = 1 << 3;
+  const unsigned long ANY_CERT     = 0xffff;
+
+  /**
+   * Type of this certificate
+   */
+  readonly attribute unsigned long certType;
+
+  /**
+   *  Obtain a raw binary encoding of this certificate
+   *  in DER format.
+   *
+   *  @return The bytes representing the DER encoded certificate.
+   */
+  [must_use]
+  Array<octet> getRawDER();
+
+  /**
+   *  Obtain a base 64 string representation of this certificate
+   *  in DER format.
+   *
+   *  @return The DER encoded certificate as a string.
+   */
+  [must_use]
+  ACString getBase64DERString();
+
+  /**
+   * The base64 encoding of the DER encoded public key info using the specified
+   * digest.
+   */
+  [must_use]
+  readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
+
+  /**
+   * Retrieves the NSS certificate object wrapped by this interface
+   */
+  [notxpcom, noscript, must_use]
+  CERTCertificatePtr getCert();
+
+  [notxpcom, noscript]
+  void SerializeToIPC(in IpcMessageWriterPtr aWriter);
+
+  [notxpcom, noscript]
+  bool DeserializeFromIPC(in IpcMessageReaderPtr aReader);
+};
diff --git a/security/manager/ssl/nsIX509CertDB.idl b/security/manager/ssl/nsIX509CertDB.idl
new file mode 100644
index 0000000000..fe72c78f40
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertDB.idl
@@ -0,0 +1,351 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509Cert;
+interface nsIFile;
+interface nsIInterfaceRequestor;
+interface nsIZipReader;
+interface nsIInputStream;
+
+%{C++
+#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
+%}
+
+typedef uint32_t AppTrustedRoot;
+
+[scriptable, function, uuid(fc2b60e5-9a07-47c2-a2cd-b83b68a660ac)]
+interface nsIOpenSignedAppFileCallback : nsISupports
+{
+  void openSignedAppFileFinished(in nsresult rv,
+                                 in nsIZipReader aZipReader,
+                                 in nsIX509Cert aSignerCert);
+};
+
+[scriptable, function, uuid(07c08655-8b11-4650-b6c4-0c145595ceb5)]
+interface nsIAsyncBoolCallback : nsISupports
+{
+    void onResult(in bool result);
+};
+
+/**
+ * Callback type for use with asyncVerifyCertAtTime.
+ * If aPRErrorCode is PRErrorCodeSuccess (i.e. 0), aVerifiedChain represents the
+ * verified certificate chain determined by asyncVerifyCertAtTime. aHasEVPolicy
+ * represents whether or not the end-entity certificate verified as EV.
+ * If aPRErrorCode is non-zero, it represents the error encountered during
+ * verification. aVerifiedChain is null in that case and aHasEVPolicy has no
+ * meaning.
+ */
+[scriptable, function, uuid(49e16fc8-efac-4f57-8361-956ef6b960a4)]
+interface nsICertVerificationCallback : nsISupports {
+  void verifyCertFinished(in int32_t aPRErrorCode,
+                          in Array<nsIX509Cert> aVerifiedChain,
+                          in bool aHasEVPolicy);
+};
+
+/**
+ * This represents a service to access and manipulate
+ * X.509 certificates stored in a database.
+ */
+[scriptable, uuid(5c16cd9b-5a73-47f1-ab0f-11ede7495cce)]
+interface nsIX509CertDB : nsISupports {
+
+  /**
+   *  Constants that define which usages a certificate
+   *  is trusted for.
+   */
+  const unsigned long UNTRUSTED       =      0;
+  const unsigned long TRUSTED_SSL     = 1 << 0;
+  const unsigned long TRUSTED_EMAIL   = 1 << 1;
+
+  /**
+   *  Will find a certificate based on its dbkey
+   *  retrieved by getting the dbKey attribute of
+   *  the certificate.
+   *
+   *  @param aDBkey Database internal key, as obtained using
+   *                attribute dbkey in nsIX509Cert.
+   */
+  [must_use]
+  nsIX509Cert findCertByDBKey(in ACString aDBkey);
+
+  /**
+   *  Use this to import a stream sent down as a mime type into
+   *  the certificate database on the default token.
+   *  The stream may consist of one or more certificates.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param type The type of the certificate, see constants in nsIX509Cert
+   *  @param ctx A UI context.
+   */
+  void importCertificates([array, size_is(length)] in octet data,
+                          in unsigned long length,
+                          in unsigned long type,
+                          in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Import another person's email certificate into the database.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param ctx A UI context.
+   */
+  void importEmailCertificate([array, size_is(length)] in octet data,
+                              in unsigned long length,
+                              in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Import a personal certificate into the database, assuming
+   *  the database already contains the private key for this certificate.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param ctx A UI context.
+   */
+  void importUserCertificate([array, size_is(length)] in octet data,
+                             in unsigned long length,
+                             in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Delete a certificate stored in the database.
+   *
+   *  @param aCert Delete this certificate.
+   */
+  void deleteCertificate(in nsIX509Cert aCert);
+
+  /**
+   *  Modify the trust that is stored and associated to a certificate within
+   *  a database. Separate trust is stored for
+   *  One call manipulates the trust for one trust type only.
+   *  See the trust type constants defined within this interface.
+   *
+   *  @param cert Change the stored trust of this certificate.
+   *  @param type The type of the certificate. See nsIX509Cert.
+   *  @param trust A bitmask. The new trust for the possible usages.
+   *               See the trust constants defined within this interface.
+   */
+  [must_use]
+  void setCertTrust(in nsIX509Cert cert,
+                    in unsigned long type,
+                    in unsigned long trust);
+
+  /**
+   * @param cert        The certificate for which to modify trust.
+   * @param trustString decoded by CERT_DecodeTrustString. 3 comma separated
+   *                    characters, indicating SSL, Email, and Object signing
+   *                    trust. The object signing trust flags are effectively
+   *                    ignored by gecko, but they still must be specified (at
+   *                    least by a final trailing comma) because this argument
+   *                    is passed to CERT_DecodeTrustString.
+   */
+  [must_use]
+  void setCertTrustFromString(in nsIX509Cert cert, in ACString trustString);
+
+  /**
+   *  Query whether a certificate is trusted for a particular use.
+   *
+   *  @param cert Obtain the stored trust of this certificate.
+   *  @param certType The type of the certificate. See nsIX509Cert.
+   *  @param trustType A single bit from the usages constants defined
+   *                   within this interface.
+   *
+   *  @return Returns true if the certificate is trusted for the given use.
+   */
+  [must_use]
+  boolean isCertTrusted(in nsIX509Cert cert,
+                        in unsigned long certType,
+                        in unsigned long trustType);
+
+  /**
+   *  Import certificate(s) from file
+   *
+   *  @param aFile Identifies a file that contains the certificate
+   *               to be imported.
+   *  @param aType Describes the type of certificate that is going to
+   *               be imported. See type constants in nsIX509Cert.
+   */
+  [must_use]
+  void importCertsFromFile(in nsIFile aFile,
+                           in unsigned long aType);
+
+  const uint32_t Success = 0;
+  const uint32_t ERROR_UNKNOWN = 1;
+  const uint32_t ERROR_PKCS12_NOSMARTCARD_EXPORT = 2;
+  const uint32_t ERROR_PKCS12_RESTORE_FAILED = 3;
+  const uint32_t ERROR_PKCS12_BACKUP_FAILED = 4;
+  const uint32_t ERROR_PKCS12_CERT_COLLISION = 5;
+  const uint32_t ERROR_BAD_PASSWORD = 6;
+  const uint32_t ERROR_DECODE_ERROR = 7;
+  const uint32_t ERROR_PKCS12_DUPLICATE_DATA = 8;
+
+  /**
+   *  Import a PKCS#12 file containing cert(s) and key(s) into the database.
+   *
+   *  @param aFile Identifies a file that contains the data to be imported.
+   *  @param password The password used to protect the file.
+   *  @return Success or the specific error code on failure.  The return
+   *          values are defined in this file.
+   */
+  [must_use]
+  uint32_t importPKCS12File(in nsIFile aFile, in AString aPassword);
+
+  /**
+   *  Export a set of certs and keys from the database to a PKCS#12 file.
+   *
+   *  @param aFile Identifies a file that will be filled with the data to be
+   *               exported.
+   *  @param count The number of certificates to be exported.
+   *  @param aCerts The array of all certificates to be exported.
+   *  @param password The password used to protect the file.
+   *  @return Success or the specific error code on failure
+   */
+  [must_use]
+  uint32_t exportPKCS12File(in nsIFile aFile,
+                            in Array<nsIX509Cert> aCerts,
+                            in AString aPassword);
+
+  /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param base64 The raw representation of a certificate,
+   *                encoded as Base 64.
+   *  @return The new certificate object.
+   */
+  [must_use]
+  nsIX509Cert constructX509FromBase64(in ACString base64);
+
+  /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param certDER The raw representation of a certificate,
+   *                 encoded as raw DER.
+   *  @return The new certificate object.
+   */
+  [must_use]
+  nsIX509Cert constructX509(in Array<uint8_t> certDER);
+
+  /**
+   *  Verifies the signature on the given JAR file to verify that it has a
+   *  valid signature.  To be considered valid, there must be exactly one
+   *  signature on the JAR file and that signature must have signed every
+   *  entry. Further, the signature must come from a certificate that
+   *  is trusted for code signing.
+   *
+   *  On success, NS_OK, a nsIZipReader, and the trusted certificate that
+   *  signed the JAR are returned.
+   *
+   *  On failure, an error code is returned.
+   *
+   *  This method returns a nsIZipReader, instead of taking an nsIZipReader
+   *  as input, to encourage users of the API to verify the signature as the
+   *  first step in opening the JAR.
+   */
+  // 1 used to be AppMarketplaceProdPublicRoot.
+  // 2 used to be AppMarketplaceProdReviewersRoot.
+  // 3 used to be AppMarketplaceDevPublicRoot.
+  // 4 used to be AppMarketplaceDevReviewersRoot.
+  // 5 used to be AppMarketplaceStageRoot.
+  const AppTrustedRoot AppXPCShellRoot = 6;
+  const AppTrustedRoot AddonsPublicRoot = 7;
+  const AppTrustedRoot AddonsStageRoot = 8;
+  [must_use]
+  void openSignedAppFileAsync(in AppTrustedRoot trustedRoot,
+                              in nsIFile aJarFile,
+                              in nsIOpenSignedAppFileCallback callback);
+
+  /*
+   * Add a cert to a cert DB from a binary string.
+   *
+   * @param certDER The raw DER encoding of a certificate.
+   * @param trust String describing the trust settings to assign the
+   *              certificate. Decoded by CERT_DecodeTrustString. Consists of 3
+   *              comma separated sets of characters, indicating SSL, Email, and
+   *              Object signing trust. The object signing trust flags are
+   *              effectively ignored by gecko, but they still must be specified
+   *              (at least by a final trailing comma) because this argument is
+   *              passed to CERT_DecodeTrustString.
+   * @return nsIX509Cert the resulting certificate
+   */
+  [must_use]
+  nsIX509Cert addCert(in ACString certDER, in ACString trust);
+
+  // Flags for asyncVerifyCertAtTime (these must match the values in
+  // CertVerifier.cpp):
+  // Prevent network traffic.
+  const uint32_t FLAG_LOCAL_ONLY = 1 << 0;
+  // Do not fall back to DV verification after attempting EV validation.
+  const uint32_t FLAG_MUST_BE_EV = 1 << 1;
+
+  /*
+   * Asynchronously verify a certificate given a set of parameters. Calls the
+   * `verifyCertFinished` function on the provided `nsICertVerificationCallback`
+   * with the results of the verification operation.
+   * See the documentation for  nsICertVerificationCallback.
+   *
+   * @param aCert the certificate to verify
+   * @param aUsage an integer representing the usage to verify for (see
+   *               SECCertificateUsage in certt.h from NSS)
+   * @param aFlags flags as described above
+   * @param aHostname the (optional) hostname to verify for
+   * @param aTime the time at which to verify, in seconds since the epoch
+   * @param aCallback the nsICertVerificationCallback that will receive the
+                      results of this verification
+   * @return a succeeding nsresult if the job was dispatched successfully
+   */
+  [must_use]
+  void asyncVerifyCertAtTime(in nsIX509Cert aCert,
+                             in int64_t /*SECCertificateUsage*/ aUsage,
+                             in uint32_t aFlags,
+                             in ACString aHostname,
+                             in uint64_t aTime,
+                             in nsICertVerificationCallback aCallback);
+
+  // Clears the OCSP cache for the current certificate verification
+  // implementation.
+  [must_use]
+  void clearOCSPCache();
+
+  /*
+   * Add a cert to a cert DB from a base64 encoded string.
+   *
+   * @param base64 The raw representation of a certificate, encoded as Base 64.
+   * @param trust String describing the trust settings to assign the
+   *              certificate. Decoded by CERT_DecodeTrustString. Consists of 3
+   *              comma separated sets of characters, indicating SSL, Email, and
+   *              Object signing trust. The object signing trust flags are
+   *              effectively ignored by gecko, but they still must be specified
+   *              (at least by a final trailing comma) because this argument is
+   *              passed to CERT_DecodeTrustString.
+   * @return nsIX509Cert the resulting certificate
+   */
+  [must_use]
+  nsIX509Cert addCertFromBase64(in ACString base64, in ACString trust);
+
+  /*
+   * Get all the known certs in the database
+   */
+  [must_use]
+  Array<nsIX509Cert> getCerts();
+
+  /**
+   * Encode the list of certificates as a PKCS#7 SignedData structure. No data
+   * is actually signed - this is merely a way of exporting a collection of
+   * certificates.
+   */
+  [must_use]
+  ACString asPKCS7Blob(in Array<nsIX509Cert> certList);
+
+  /**
+   * Iterates through all the certs and returns false if any of the trusted
+   * CA certs are not built-in roots; and true otherwise.
+   */
+  [must_use]
+  void asyncHasThirdPartyRoots(in nsIAsyncBoolCallback callback);
+};
diff --git a/security/manager/ssl/nsIX509CertValidity.idl b/security/manager/ssl/nsIX509CertValidity.idl
new file mode 100644
index 0000000000..b27e1b3847
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertValidity.idl
@@ -0,0 +1,25 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * Information on the validity period of a X.509 certificate.
+ */
+[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
+interface nsIX509CertValidity : nsISupports {
+  /**
+   *  The earliest point in time where
+   *  a certificate is valid.
+   */
+  readonly attribute PRTime notBefore;
+
+  /**
+   *  The latest point in time where
+   *  a certificate is valid.
+   */
+  readonly attribute PRTime notAfter;
+};
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
new file mode 100644
index 0000000000..e299810cb7
--- /dev/null
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -0,0 +1,1206 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCallbacks.h"
+
+#include "NSSSocketControl.h"
+#include "PSMRunnable.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "SharedSSLState.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/Span.h"
+#include "mozilla/SpinEventLoopUntil.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "mozilla/intl/Localization.h"
+#include "nsContentUtils.h"
+#include "nsIChannel.h"
+#include "nsIHttpChannel.h"
+#include "nsIHttpChannelInternal.h"
+#include "nsIPrompt.h"
+#include "nsIProtocolProxyService.h"
+#include "nsISupportsPriority.h"
+#include "nsIStreamLoader.h"
+#include "nsIUploadChannel.h"
+#include "nsIWebProgressListener.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsNSSIOLayer.h"
+#include "nsNetUtil.h"
+#include "nsProxyRelease.h"
+#include "nsStringStream.h"
+#include "mozpkix/pkixtypes.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "SSLTokensCache.h"
+
+#include "TrustOverrideUtils.h"
+#include "TrustOverride-SymantecData.inc"
+#include "TrustOverride-AppleGoogleDigiCertData.inc"
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+static void AccumulateCipherSuite(Telemetry::HistogramID probe,
+                                  const SSLChannelInfo& channelInfo);
+
+namespace {
+
+// Bits in bit mask for SSL_REASONS_FOR_NOT_FALSE_STARTING telemetry probe
+// These bits are numbered so that the least subtle issues have higher values.
+// This should make it easier for us to interpret the results.
+const uint32_t POSSIBLE_VERSION_DOWNGRADE = 4;
+const uint32_t POSSIBLE_CIPHER_SUITE_DOWNGRADE = 2;
+const uint32_t KEA_NOT_SUPPORTED = 1;
+
+}  // namespace
+
+class OCSPRequest final : public nsIStreamLoaderObserver, public nsIRunnable {
+ public:
+  OCSPRequest(const nsACString& aiaLocation,
+              const OriginAttributes& originAttributes,
+              const uint8_t (&ocspRequest)[OCSP_REQUEST_MAX_LENGTH],
+              size_t ocspRequestLength, TimeDuration timeout);
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISTREAMLOADEROBSERVER
+  NS_DECL_NSIRUNNABLE
+
+  nsresult DispatchToMainThreadAndWait();
+  nsresult GetResponse(/*out*/ Vector<uint8_t>& response);
+
+ private:
+  ~OCSPRequest() = default;
+
+  static void OnTimeout(nsITimer* timer, void* closure);
+  nsresult NotifyDone(nsresult rv, MonitorAutoLock& proofOfLock);
+
+  // mMonitor provides the memory barrier protecting these member variables.
+  // What happens is the originating thread creates an OCSPRequest object with
+  // the information necessary to perform an OCSP request. It sends the object
+  // to the main thread and waits on the monitor for the operation to complete.
+  // On the main thread, a channel is set up to perform the request. This gets
+  // dispatched to necko. At the same time, a timeout timer is initialized. If
+  // the necko request completes, the response data is filled out, mNotifiedDone
+  // is set to true, and the monitor is notified. The original thread then wakes
+  // up and continues with the results that have been filled out. If the request
+  // times out, again the response data is filled out, mNotifiedDone is set to
+  // true, and the monitor is notified. The first of these two events wins. That
+  // is, if the timeout timer fires but the request completes shortly after, the
+  // caller will see the request as having timed out.
+  // When the request completes (i.e. OnStreamComplete runs), the timer will be
+  // cancelled. This is how we know the closure in OnTimeout is valid. If the
+  // timer fires before OnStreamComplete runs, it should be safe to not cancel
+  // the request because necko has a strong reference to it.
+  Monitor mMonitor MOZ_UNANNOTATED;
+  bool mNotifiedDone;
+  nsCOMPtr<nsIStreamLoader> mLoader;
+  const nsCString mAIALocation;
+  const OriginAttributes mOriginAttributes;
+  const mozilla::Span<const char> mPOSTData;
+  const TimeDuration mTimeout;
+  nsCOMPtr<nsITimer> mTimeoutTimer;
+  TimeStamp mStartTime;
+  nsresult mResponseResult;
+  Vector<uint8_t> mResponseBytes;
+};
+
+NS_IMPL_ISUPPORTS(OCSPRequest, nsIStreamLoaderObserver, nsIRunnable)
+
+OCSPRequest::OCSPRequest(const nsACString& aiaLocation,
+                         const OriginAttributes& originAttributes,
+                         const uint8_t (&ocspRequest)[OCSP_REQUEST_MAX_LENGTH],
+                         size_t ocspRequestLength, TimeDuration timeout)
+    : mMonitor("OCSPRequest.mMonitor"),
+      mNotifiedDone(false),
+      mLoader(nullptr),
+      mAIALocation(aiaLocation),
+      mOriginAttributes(originAttributes),
+      mPOSTData(reinterpret_cast<const char*>(ocspRequest), ocspRequestLength),
+      mTimeout(timeout),
+      mTimeoutTimer(nullptr),
+      mStartTime(),
+      mResponseResult(NS_ERROR_FAILURE),
+      mResponseBytes() {
+  MOZ_ASSERT(ocspRequestLength <= OCSP_REQUEST_MAX_LENGTH);
+}
+
+nsresult OCSPRequest::DispatchToMainThreadAndWait() {
+  MOZ_ASSERT(!NS_IsMainThread());
+  if (NS_IsMainThread()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  MonitorAutoLock lock(mMonitor);
+  nsresult rv = NS_DispatchToMainThread(this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  while (!mNotifiedDone) {
+    lock.Wait();
+  }
+
+  TimeStamp endTime = TimeStamp::Now();
+  // CERT_VALIDATION_HTTP_REQUEST_RESULT:
+  // 0: request timed out
+  // 1: request succeeded
+  // 2: request failed
+  // 3: internal error
+  // If mStartTime was never set, we consider this an internal error.
+  // Otherwise, we managed to at least send the request.
+  if (mStartTime.IsNull()) {
+    Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3);
+  } else if (mResponseResult == NS_ERROR_NET_TIMEOUT) {
+    Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 0);
+    Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_CANCELED_TIME, mStartTime,
+        endTime);
+  } else if (NS_SUCCEEDED(mResponseResult)) {
+    Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 1);
+    Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_SUCCEEDED_TIME, mStartTime,
+        endTime);
+  } else {
+    Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 2);
+    Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME, mStartTime,
+        endTime);
+  }
+  return rv;
+}
+
+nsresult OCSPRequest::GetResponse(/*out*/ Vector<uint8_t>& response) {
+  MOZ_ASSERT(!NS_IsMainThread());
+  if (NS_IsMainThread()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  MonitorAutoLock lock(mMonitor);
+  if (!mNotifiedDone) {
+    return NS_ERROR_IN_PROGRESS;
+  }
+  if (NS_FAILED(mResponseResult)) {
+    return mResponseResult;
+  }
+  response.clear();
+  if (!response.append(mResponseBytes.begin(), mResponseBytes.length())) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  return NS_OK;
+}
+
+static constexpr auto OCSP_REQUEST_MIME_TYPE = "application/ocsp-request"_ns;
+static constexpr auto OCSP_REQUEST_METHOD = "POST"_ns;
+
+NS_IMETHODIMP
+OCSPRequest::Run() {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  MonitorAutoLock lock(mMonitor);
+
+  nsCOMPtr<nsIIOService> ios = do_GetIOService();
+  if (!ios) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+
+  nsCOMPtr<nsIURI> uri;
+  nsresult rv = NS_NewURI(getter_AddRefs(uri), mAIALocation);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(NS_ERROR_MALFORMED_URI, lock);
+  }
+  nsAutoCString scheme;
+  rv = uri->GetScheme(scheme);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  if (!scheme.LowerCaseEqualsLiteral("http")) {
+    return NotifyDone(NS_ERROR_MALFORMED_URI, lock);
+  }
+
+  // See bug 1219935.
+  // We should not send OCSP request if the PAC is still loading.
+  nsCOMPtr<nsIProtocolProxyService> pps =
+      do_GetService(NS_PROTOCOLPROXYSERVICE_CONTRACTID, &rv);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  if (pps->GetIsPACLoading()) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+
+  nsCOMPtr<nsIChannel> channel;
+  rv = ios->NewChannel(mAIALocation, nullptr, nullptr,
+                       nullptr,  // aLoadingNode
+                       nsContentUtils::GetSystemPrincipal(),
+                       nullptr,  // aTriggeringPrincipal
+                       nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+                       nsIContentPolicy::TYPE_OTHER, getter_AddRefs(channel));
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  // Security operations scheduled through normal HTTP channels are given
+  // high priority to accommodate real time OCSP transactions.
+  nsCOMPtr<nsISupportsPriority> priorityChannel = do_QueryInterface(channel);
+  if (priorityChannel) {
+    priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST);
+  }
+
+  channel->SetLoadFlags(
+      nsIRequest::LOAD_ANONYMOUS | nsIRequest::LOAD_BYPASS_CACHE |
+      nsIRequest::INHIBIT_CACHING | nsIChannel::LOAD_BYPASS_SERVICE_WORKER |
+      nsIChannel::LOAD_BYPASS_URL_CLASSIFIER);
+
+  nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
+
+  // Prevent HTTPS-Only Mode from upgrading the OCSP request.
+  uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
+  httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT;
+  loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
+
+  // allow deprecated HTTP request from SystemPrincipal
+  loadInfo->SetAllowDeprecatedSystemRequests(true);
+
+  // For OCSP requests, only the first party domain and private browsing id
+  // aspects of origin attributes are used. This means that:
+  // a) if first party isolation is enabled, OCSP requests will be isolated
+  // according to the first party domain of the original https request
+  // b) OCSP requests are shared across different containers as long as first
+  // party isolation is not enabled and none of the containers are in private
+  // browsing mode.
+  if (mOriginAttributes != OriginAttributes()) {
+    OriginAttributes attrs;
+    attrs.mFirstPartyDomain = mOriginAttributes.mFirstPartyDomain;
+    attrs.mPrivateBrowsingId = mOriginAttributes.mPrivateBrowsingId;
+
+    rv = loadInfo->SetOriginAttributes(attrs);
+    if (NS_FAILED(rv)) {
+      return NotifyDone(rv, lock);
+    }
+  }
+
+  nsCOMPtr<nsIInputStream> uploadStream;
+  rv = NS_NewByteInputStream(getter_AddRefs(uploadStream), mPOSTData,
+                             NS_ASSIGNMENT_COPY);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  nsCOMPtr<nsIUploadChannel> uploadChannel(do_QueryInterface(channel));
+  if (!uploadChannel) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+  rv = uploadChannel->SetUploadStream(uploadStream, OCSP_REQUEST_MIME_TYPE, -1);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  // Do not use SPDY or HTTP3 for internal security operations. It could result
+  // in the silent upgrade to ssl, which in turn could require an SSL
+  // operation to fulfill something like an OCSP fetch, which is an
+  // endless loop.
+  nsCOMPtr<nsIHttpChannelInternal> internalChannel = do_QueryInterface(channel);
+  if (!internalChannel) {
+    return NotifyDone(rv, lock);
+  }
+  rv = internalChannel->SetAllowSpdy(false);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  rv = internalChannel->SetAllowHttp3(false);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  rv = internalChannel->SetIsOCSP(true);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  nsCOMPtr<nsIHttpChannel> hchan = do_QueryInterface(channel);
+  if (!hchan) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+  rv = hchan->SetAllowSTS(false);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  rv = hchan->SetRequestMethod(OCSP_REQUEST_METHOD);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  rv = NS_NewStreamLoader(getter_AddRefs(mLoader), this);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  rv = NS_NewTimerWithFuncCallback(
+      getter_AddRefs(mTimeoutTimer), OCSPRequest::OnTimeout, this,
+      mTimeout.ToMilliseconds(), nsITimer::TYPE_ONE_SHOT, "OCSPRequest::Run");
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  rv = hchan->AsyncOpen(this->mLoader);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  mStartTime = TimeStamp::Now();
+  return NS_OK;
+}
+
+nsresult OCSPRequest::NotifyDone(nsresult rv, MonitorAutoLock& lock) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (mNotifiedDone) {
+    return mResponseResult;
+  }
+  mLoader = nullptr;
+  mResponseResult = rv;
+  if (mTimeoutTimer) {
+    Unused << mTimeoutTimer->Cancel();
+  }
+  mNotifiedDone = true;
+  lock.Notify();
+  return rv;
+}
+
+NS_IMETHODIMP
+OCSPRequest::OnStreamComplete(nsIStreamLoader* aLoader, nsISupports* aContext,
+                              nsresult aStatus, uint32_t responseLen,
+                              const uint8_t* responseBytes) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  MonitorAutoLock lock(mMonitor);
+
+  nsCOMPtr<nsIRequest> req;
+  nsresult rv = aLoader->GetRequest(getter_AddRefs(req));
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+
+  if (NS_FAILED(aStatus)) {
+    return NotifyDone(aStatus, lock);
+  }
+
+  nsCOMPtr<nsIHttpChannel> hchan = do_QueryInterface(req);
+  if (!hchan) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+
+  bool requestSucceeded;
+  rv = hchan->GetRequestSucceeded(&requestSucceeded);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  if (!requestSucceeded) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+
+  unsigned int rcode;
+  rv = hchan->GetResponseStatus(&rcode);
+  if (NS_FAILED(rv)) {
+    return NotifyDone(rv, lock);
+  }
+  if (rcode != 200) {
+    return NotifyDone(NS_ERROR_FAILURE, lock);
+  }
+
+  mResponseBytes.clear();
+  if (!mResponseBytes.append(responseBytes, responseLen)) {
+    return NotifyDone(NS_ERROR_OUT_OF_MEMORY, lock);
+  }
+  mResponseResult = aStatus;
+
+  return NotifyDone(NS_OK, lock);
+}
+
+void OCSPRequest::OnTimeout(nsITimer* timer, void* closure) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+
+  // We know the OCSPRequest is still alive because if the request had completed
+  // (i.e. OnStreamComplete ran), the timer would have been cancelled in
+  // NotifyDone.
+  OCSPRequest* self = static_cast<OCSPRequest*>(closure);
+  MonitorAutoLock lock(self->mMonitor);
+  self->mTimeoutTimer = nullptr;
+  self->NotifyDone(NS_ERROR_NET_TIMEOUT, lock);
+}
+
+mozilla::pkix::Result DoOCSPRequest(
+    const nsCString& aiaLocation, const OriginAttributes& originAttributes,
+    uint8_t (&ocspRequest)[OCSP_REQUEST_MAX_LENGTH], size_t ocspRequestLength,
+    TimeDuration timeout, /*out*/ Vector<uint8_t>& result) {
+  MOZ_ASSERT(!NS_IsMainThread());
+  if (NS_IsMainThread()) {
+    return mozilla::pkix::Result::ERROR_OCSP_UNKNOWN_CERT;
+  }
+
+  if (ocspRequestLength > OCSP_REQUEST_MAX_LENGTH) {
+    return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  result.clear();
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("DoOCSPRequest to '%s'", aiaLocation.get()));
+
+  nsCOMPtr<nsIEventTarget> sts =
+      do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID);
+  MOZ_ASSERT(sts);
+  if (!sts) {
+    return mozilla::pkix::Result::FATAL_ERROR_INVALID_STATE;
+  }
+  bool onSTSThread;
+  nsresult rv = sts->IsOnCurrentThread(&onSTSThread);
+  if (NS_FAILED(rv)) {
+    return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  MOZ_ASSERT(!onSTSThread);
+  if (onSTSThread) {
+    return mozilla::pkix::Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  RefPtr<OCSPRequest> request(new OCSPRequest(
+      aiaLocation, originAttributes, ocspRequest, ocspRequestLength, timeout));
+  rv = request->DispatchToMainThreadAndWait();
+  if (NS_FAILED(rv)) {
+    return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  rv = request->GetResponse(result);
+  if (NS_FAILED(rv)) {
+    if (rv == NS_ERROR_MALFORMED_URI) {
+      return mozilla::pkix::Result::ERROR_CERT_BAD_ACCESS_LOCATION;
+    }
+    return mozilla::pkix::Result::ERROR_OCSP_SERVER_ERROR;
+  }
+  return Success;
+}
+
+static char* ShowProtectedAuthPrompt(PK11SlotInfo* slot, nsIPrompt* prompt) {
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(slot);
+  MOZ_ASSERT(prompt);
+  if (!NS_IsMainThread() || !slot || !prompt) {
+    return nullptr;
+  }
+
+  // Dispatch a background task to (eventually) call C_Login. The call will
+  // block until the protected authentication succeeds or fails.
+  Atomic<bool> done;
+  Atomic<SECStatus> result;
+  nsresult rv =
+      NS_DispatchBackgroundTask(NS_NewRunnableFunction(__func__, [&]() mutable {
+        result = PK11_CheckUserPassword(slot, nullptr);
+        done = true;
+      }));
+  if (NS_FAILED(rv)) {
+    return nullptr;
+  }
+
+  nsTArray<nsCString> resIds = {
+      "security/pippki/pippki.ftl"_ns,
+  };
+  RefPtr<mozilla::intl::Localization> l10n =
+      mozilla::intl::Localization::Create(resIds, true);
+  auto l10nId = "protected-auth-alert"_ns;
+  auto l10nArgs = mozilla::dom::Optional<intl::L10nArgs>();
+  l10nArgs.Construct();
+  auto dirArg = l10nArgs.Value().Entries().AppendElement();
+  dirArg->mKey = "tokenName"_ns;
+  dirArg->mValue.SetValue().SetAsUTF8String().Assign(PK11_GetTokenName(slot));
+  nsAutoCString promptString;
+  ErrorResult errorResult;
+  l10n->FormatValueSync(l10nId, l10nArgs, promptString, errorResult);
+  if (NS_FAILED(errorResult.StealNSResult())) {
+    return nullptr;
+  }
+  rv = prompt->Alert(nullptr, NS_ConvertUTF8toUTF16(promptString).get());
+  if (NS_FAILED(rv)) {
+    return nullptr;
+  }
+
+  MOZ_ALWAYS_TRUE(SpinEventLoopUntil(
+      "ShowProtectedAuthPrompt"_ns, [&]() { return static_cast<bool>(done); }));
+
+  switch (result) {
+    case SECSuccess:
+      return ToNewCString(nsDependentCString(PK11_PW_AUTHENTICATED));
+    case SECWouldBlock:
+      return ToNewCString(nsDependentCString(PK11_PW_RETRY));
+    default:
+      return nullptr;
+  }
+}
+
+class PK11PasswordPromptRunnable : public SyncRunnableBase {
+ public:
+  PK11PasswordPromptRunnable(PK11SlotInfo* slot, nsIInterfaceRequestor* ir)
+      : mResult(nullptr), mSlot(slot), mIR(ir) {}
+  virtual ~PK11PasswordPromptRunnable() = default;
+
+  char* mResult;  // out
+  virtual void RunOnTargetThread() override;
+
+ private:
+  static bool mRunning;
+
+  PK11SlotInfo* mSlot;
+  nsIInterfaceRequestor* mIR;
+};
+
+bool PK11PasswordPromptRunnable::mRunning = false;
+
+void PK11PasswordPromptRunnable::RunOnTargetThread() {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+
+  // If we've reentered due to the nested event loop implicit in using
+  // nsIPrompt synchronously (or indeed the explicit nested event loop in the
+  // protected authentication case), bail early, cancelling the password
+  // prompt. This will probably cause the operation that resulted in the prompt
+  // to fail, but this is better than littering the screen with a bunch of
+  // password prompts that the user will probably just cancel anyway.
+  if (mRunning) {
+    return;
+  }
+  mRunning = true;
+  auto setRunningToFalseOnExit = MakeScopeExit([&]() { mRunning = false; });
+
+  nsresult rv;
+  nsCOMPtr<nsIPrompt> prompt;
+  if (!mIR) {
+    rv = nsNSSComponent::GetNewPrompter(getter_AddRefs(prompt));
+    if (NS_FAILED(rv)) {
+      return;
+    }
+  } else {
+    prompt = do_GetInterface(mIR);
+    MOZ_ASSERT(prompt, "Interface requestor should implement nsIPrompt");
+  }
+
+  if (!prompt) {
+    return;
+  }
+
+  if (PK11_ProtectedAuthenticationPath(mSlot)) {
+    mResult = ShowProtectedAuthPrompt(mSlot, prompt);
+    return;
+  }
+
+  nsAutoString promptString;
+  if (PK11_IsInternal(mSlot)) {
+    rv = GetPIPNSSBundleString("CertPasswordPromptDefault", promptString);
+  } else {
+    AutoTArray<nsString, 1> formatStrings = {
+        NS_ConvertUTF8toUTF16(PK11_GetTokenName(mSlot))};
+    rv = PIPBundleFormatStringFromName("CertPasswordPrompt", formatStrings,
+                                       promptString);
+  }
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  nsString password;
+  bool userClickedOK = false;
+  rv = prompt->PromptPassword(nullptr, promptString.get(),
+                              getter_Copies(password), &userClickedOK);
+  if (NS_FAILED(rv) || !userClickedOK) {
+    return;
+  }
+
+  mResult = ToNewUTF8String(password);
+}
+
+char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool /*retry*/, void* arg) {
+  if (!slot) {
+    return nullptr;
+  }
+  RefPtr<PK11PasswordPromptRunnable> runnable(new PK11PasswordPromptRunnable(
+      slot, static_cast<nsIInterfaceRequestor*>(arg)));
+  runnable->DispatchToMainThreadAndWait();
+  return runnable->mResult;
+}
+
+nsCString getKeaGroupName(uint32_t aKeaGroup) {
+  nsCString groupName;
+  switch (aKeaGroup) {
+    case ssl_grp_ec_secp256r1:
+      groupName = "P256"_ns;
+      break;
+    case ssl_grp_ec_secp384r1:
+      groupName = "P384"_ns;
+      break;
+    case ssl_grp_ec_secp521r1:
+      groupName = "P521"_ns;
+      break;
+    case ssl_grp_ec_curve25519:
+      groupName = "x25519"_ns;
+      break;
+    case ssl_grp_ffdhe_2048:
+      groupName = "FF 2048"_ns;
+      break;
+    case ssl_grp_ffdhe_3072:
+      groupName = "FF 3072"_ns;
+      break;
+    case ssl_grp_none:
+      groupName = "none"_ns;
+      break;
+    case ssl_grp_ffdhe_custom:
+      groupName = "custom"_ns;
+      break;
+    // All other groups are not enabled in Firefox. See namedGroups in
+    // nsNSSIOLayer.cpp.
+    default:
+      // This really shouldn't happen!
+      MOZ_ASSERT_UNREACHABLE("Invalid key exchange group.");
+      groupName = "unknown group"_ns;
+  }
+  return groupName;
+}
+
+nsCString getSignatureName(uint32_t aSignatureScheme) {
+  nsCString signatureName;
+  switch (aSignatureScheme) {
+    case ssl_sig_none:
+      signatureName = "none"_ns;
+      break;
+    case ssl_sig_rsa_pkcs1_sha1:
+      signatureName = "RSA-PKCS1-SHA1"_ns;
+      break;
+    case ssl_sig_rsa_pkcs1_sha256:
+      signatureName = "RSA-PKCS1-SHA256"_ns;
+      break;
+    case ssl_sig_rsa_pkcs1_sha384:
+      signatureName = "RSA-PKCS1-SHA384"_ns;
+      break;
+    case ssl_sig_rsa_pkcs1_sha512:
+      signatureName = "RSA-PKCS1-SHA512"_ns;
+      break;
+    case ssl_sig_ecdsa_secp256r1_sha256:
+      signatureName = "ECDSA-P256-SHA256"_ns;
+      break;
+    case ssl_sig_ecdsa_secp384r1_sha384:
+      signatureName = "ECDSA-P384-SHA384"_ns;
+      break;
+    case ssl_sig_ecdsa_secp521r1_sha512:
+      signatureName = "ECDSA-P521-SHA512"_ns;
+      break;
+    case ssl_sig_rsa_pss_sha256:
+      signatureName = "RSA-PSS-SHA256"_ns;
+      break;
+    case ssl_sig_rsa_pss_sha384:
+      signatureName = "RSA-PSS-SHA384"_ns;
+      break;
+    case ssl_sig_rsa_pss_sha512:
+      signatureName = "RSA-PSS-SHA512"_ns;
+      break;
+    case ssl_sig_ecdsa_sha1:
+      signatureName = "ECDSA-SHA1"_ns;
+      break;
+    case ssl_sig_rsa_pkcs1_sha1md5:
+      signatureName = "RSA-PKCS1-SHA1MD5"_ns;
+      break;
+    // All other groups are not enabled in Firefox. See sEnabledSignatureSchemes
+    // in nsNSSIOLayer.cpp.
+    default:
+      // This really shouldn't happen!
+      MOZ_ASSERT_UNREACHABLE("Invalid signature scheme.");
+      signatureName = "unknown signature"_ns;
+  }
+  return signatureName;
+}
+
+static void PreliminaryHandshakeDone(PRFileDesc* fd) {
+  NSSSocketControl* socketControl = (NSSSocketControl*)fd->higher->secret;
+  if (!socketControl) {
+    return;
+  }
+  if (socketControl->IsPreliminaryHandshakeDone()) {
+    return;
+  }
+
+  SSLChannelInfo channelInfo;
+  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) != SECSuccess) {
+    return;
+  }
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    return;
+  }
+  socketControl->SetPreliminaryHandshakeInfo(channelInfo, cipherInfo);
+  socketControl->SetSSLVersionUsed(channelInfo.protocolVersion);
+  socketControl->SetEarlyDataAccepted(channelInfo.earlyDataAccepted);
+  socketControl->SetKEAUsed(channelInfo.keaType);
+  socketControl->SetKEAKeyBits(channelInfo.keaKeyBits);
+  socketControl->SetMACAlgorithmUsed(cipherInfo.macAlgorithm);
+
+  // Get the NPN value.
+  SSLNextProtoState state;
+  unsigned char npnbuf[256];
+  unsigned int npnlen;
+
+  if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen,
+                       AssertedCast<unsigned int>(ArrayLength(npnbuf))) ==
+      SECSuccess) {
+    if (state == SSL_NEXT_PROTO_NEGOTIATED ||
+        state == SSL_NEXT_PROTO_SELECTED) {
+      socketControl->SetNegotiatedNPN(
+          BitwiseCast<char*, unsigned char*>(npnbuf), npnlen);
+    } else {
+      socketControl->SetNegotiatedNPN(nullptr, 0);
+    }
+    mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state);
+  } else {
+    socketControl->SetNegotiatedNPN(nullptr, 0);
+  }
+
+  socketControl->SetPreliminaryHandshakeDone();
+}
+
+SECStatus CanFalseStartCallback(PRFileDesc* fd, void* client_data,
+                                PRBool* canFalseStart) {
+  *canFalseStart = false;
+
+  NSSSocketControl* infoObject = (NSSSocketControl*)fd->higher->secret;
+  if (!infoObject) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  infoObject->SetFalseStartCallbackCalled();
+
+  PreliminaryHandshakeDone(fd);
+
+  uint32_t reasonsForNotFalseStarting = 0;
+
+  SSLChannelInfo channelInfo;
+  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) != SECSuccess) {
+    return SECSuccess;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("CanFalseStartCallback [%p] failed - "
+             " KEA %d\n",
+             fd, static_cast<int32_t>(channelInfo.keaType)));
+    return SECSuccess;
+  }
+
+  // Prevent version downgrade attacks from TLS 1.2, and avoid False Start for
+  // TLS 1.3 and later. See Bug 861310 for all the details as to why.
+  if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("CanFalseStartCallback [%p] failed - "
+             "SSL Version must be TLS 1.2, was %x\n",
+             fd, static_cast<int32_t>(channelInfo.protocolVersion)));
+    reasonsForNotFalseStarting |= POSSIBLE_VERSION_DOWNGRADE;
+  }
+
+  // See bug 952863 for why ECDHE is allowed, but DHE (and RSA) are not.
+  if (channelInfo.keaType != ssl_kea_ecdh) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("CanFalseStartCallback [%p] failed - "
+             "unsupported KEA %d\n",
+             fd, static_cast<int32_t>(channelInfo.keaType)));
+    reasonsForNotFalseStarting |= KEA_NOT_SUPPORTED;
+  }
+
+  // Prevent downgrade attacks on the symmetric cipher. We do not allow CBC
+  // mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt
+  // design. See bug 1109766 for more details.
+  if (cipherInfo.macAlgorithm != ssl_mac_aead) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("CanFalseStartCallback [%p] failed - non-AEAD cipher used, %d, "
+             "is not supported with False Start.\n",
+             fd, static_cast<int32_t>(cipherInfo.symCipher)));
+    reasonsForNotFalseStarting |= POSSIBLE_CIPHER_SUITE_DOWNGRADE;
+  }
+
+  // XXX: An attacker can choose which protocols are advertised in the
+  // NPN extension. TODO(Bug 861311): We should restrict the ability
+  // of an attacker leverage this capability by restricting false start
+  // to the same protocol we previously saw for the server, after the
+  // first successful connection to the server.
+
+  Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING,
+                        reasonsForNotFalseStarting);
+
+  if (reasonsForNotFalseStarting == 0) {
+    *canFalseStart = PR_TRUE;
+    infoObject->SetFalseStarted();
+    infoObject->NoteTimeUntilReady();
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("CanFalseStartCallback [%p] ok\n", fd));
+  }
+
+  return SECSuccess;
+}
+
+static void AccumulateNonECCKeySize(Telemetry::HistogramID probe,
+                                    uint32_t bits) {
+  unsigned int value = bits < 512      ? 1
+                       : bits == 512   ? 2
+                       : bits < 768    ? 3
+                       : bits == 768   ? 4
+                       : bits < 1024   ? 5
+                       : bits == 1024  ? 6
+                       : bits < 1280   ? 7
+                       : bits == 1280  ? 8
+                       : bits < 1536   ? 9
+                       : bits == 1536  ? 10
+                       : bits < 2048   ? 11
+                       : bits == 2048  ? 12
+                       : bits < 3072   ? 13
+                       : bits == 3072  ? 14
+                       : bits < 4096   ? 15
+                       : bits == 4096  ? 16
+                       : bits < 8192   ? 17
+                       : bits == 8192  ? 18
+                       : bits < 16384  ? 19
+                       : bits == 16384 ? 20
+                                       : 0;
+  Telemetry::Accumulate(probe, value);
+}
+
+// XXX: This attempts to map a bit count to an ECC named curve identifier. In
+// the vast majority of situations, we only have the Suite B curves available.
+// In that case, this mapping works fine. If we were to have more curves
+// available, the mapping would be ambiguous since there could be multiple
+// named curves for a given size (e.g. secp256k1 vs. secp256r1). We punt on
+// that for now. See also NSS bug 323674.
+static void AccumulateECCCurve(Telemetry::HistogramID probe, uint32_t bits) {
+  unsigned int value = bits == 255   ? 29  // Curve25519
+                       : bits == 256 ? 23  // P-256
+                       : bits == 384 ? 24  // P-384
+                       : bits == 521 ? 25  // P-521
+                                     : 0;  // Unknown
+  Telemetry::Accumulate(probe, value);
+}
+
+static void AccumulateCipherSuite(Telemetry::HistogramID probe,
+                                  const SSLChannelInfo& channelInfo) {
+  uint32_t value;
+  switch (channelInfo.cipherSuite) {
+    // ECDHE key exchange
+    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+      value = 1;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+      value = 2;
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+      value = 3;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+      value = 4;
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+      value = 5;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+      value = 6;
+      break;
+    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+      value = 7;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+      value = 10;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+      value = 11;
+      break;
+    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+      value = 12;
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+      value = 13;
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+      value = 14;
+      break;
+    // DHE key exchange
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+      value = 21;
+      break;
+    case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+      value = 22;
+      break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+      value = 23;
+      break;
+    case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+      value = 24;
+      break;
+    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+      value = 25;
+      break;
+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+      value = 26;
+      break;
+    case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+      value = 27;
+      break;
+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+      value = 28;
+      break;
+    case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+      value = 29;
+      break;
+    case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+      value = 30;
+      break;
+    // ECDH key exchange
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+      value = 41;
+      break;
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+      value = 42;
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+      value = 43;
+      break;
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+      value = 44;
+      break;
+    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+      value = 45;
+      break;
+    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+      value = 46;
+      break;
+    // RSA key exchange
+    case TLS_RSA_WITH_AES_128_CBC_SHA:
+      value = 61;
+      break;
+    case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
+      value = 62;
+      break;
+    case TLS_RSA_WITH_AES_256_CBC_SHA:
+      value = 63;
+      break;
+    case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+      value = 64;
+      break;
+    case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA:
+      value = 65;
+      break;
+    case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
+      value = 66;
+      break;
+    case TLS_RSA_WITH_SEED_CBC_SHA:
+      value = 67;
+      break;
+    case TLS_RSA_WITH_AES_128_GCM_SHA256:
+      value = 68;
+      break;
+    case TLS_RSA_WITH_AES_256_GCM_SHA384:
+      value = 69;
+      break;
+    // TLS 1.3 PSK resumption
+    case TLS_AES_128_GCM_SHA256:
+      value = 70;
+      break;
+    case TLS_CHACHA20_POLY1305_SHA256:
+      value = 71;
+      break;
+    case TLS_AES_256_GCM_SHA384:
+      value = 72;
+      break;
+    // unknown
+    default:
+      value = 0;
+      break;
+  }
+  MOZ_ASSERT(value != 0);
+  Telemetry::Accumulate(probe, value);
+}
+
+void HandshakeCallback(PRFileDesc* fd, void* client_data) {
+  SECStatus rv;
+
+  NSSSocketControl* infoObject = (NSSSocketControl*)fd->higher->secret;
+
+  // Do the bookkeeping that needs to be done after the
+  // server's ServerHello...ServerHelloDone have been processed, but that
+  // doesn't need the handshake to be completed.
+  PreliminaryHandshakeDone(fd);
+
+  nsSSLIOLayerHelpers& ioLayerHelpers =
+      infoObject->SharedState().IOLayerHelpers();
+
+  SSLVersionRange versions(infoObject->GetTLSVersionRange());
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] HandshakeCallback: succeeded using TLS version range "
+           "(0x%04x,0x%04x)\n",
+           fd, static_cast<unsigned int>(versions.min),
+           static_cast<unsigned int>(versions.max)));
+
+  // If the handshake completed, then we know the site is TLS tolerant
+  ioLayerHelpers.rememberTolerantAtVersion(infoObject->GetHostName(),
+                                           infoObject->GetPort(), versions.max);
+
+  SSLChannelInfo channelInfo;
+  rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
+  MOZ_ASSERT(rv == SECSuccess);
+  if (rv == SECSuccess) {
+    // Get the protocol version for telemetry
+    // 1=tls1, 2=tls1.1, 3=tls1.2
+    unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
+    MOZ_ASSERT(versionEnum > 0);
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum);
+    AccumulateCipherSuite(infoObject->IsFullHandshake()
+                              ? Telemetry::SSL_CIPHER_SUITE_FULL
+                              : Telemetry::SSL_CIPHER_SUITE_RESUMED,
+                          channelInfo);
+
+    SSLCipherSuiteInfo cipherInfo;
+    rv = SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                                sizeof cipherInfo);
+    MOZ_ASSERT(rv == SECSuccess);
+    if (rv == SECSuccess) {
+      // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
+      Telemetry::Accumulate(infoObject->IsFullHandshake()
+                                ? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL
+                                : Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED,
+                            channelInfo.keaType);
+
+      if (infoObject->IsFullHandshake()) {
+        switch (channelInfo.keaType) {
+          case ssl_kea_rsa:
+            AccumulateNonECCKeySize(Telemetry::SSL_KEA_RSA_KEY_SIZE_FULL,
+                                    channelInfo.keaKeyBits);
+            break;
+          case ssl_kea_dh:
+            AccumulateNonECCKeySize(Telemetry::SSL_KEA_DHE_KEY_SIZE_FULL,
+                                    channelInfo.keaKeyBits);
+            break;
+          case ssl_kea_ecdh:
+            AccumulateECCCurve(Telemetry::SSL_KEA_ECDHE_CURVE_FULL,
+                               channelInfo.keaKeyBits);
+            break;
+          default:
+            MOZ_CRASH("impossible KEA");
+            break;
+        }
+
+        Telemetry::Accumulate(Telemetry::SSL_AUTH_ALGORITHM_FULL,
+                              channelInfo.authType);
+
+        // RSA key exchange doesn't use a signature for auth.
+        if (channelInfo.keaType != ssl_kea_rsa) {
+          switch (channelInfo.authType) {
+            case ssl_auth_rsa:
+            case ssl_auth_rsa_sign:
+              AccumulateNonECCKeySize(Telemetry::SSL_AUTH_RSA_KEY_SIZE_FULL,
+                                      channelInfo.authKeyBits);
+              break;
+            case ssl_auth_ecdsa:
+              AccumulateECCCurve(Telemetry::SSL_AUTH_ECDSA_CURVE_FULL,
+                                 channelInfo.authKeyBits);
+              break;
+            default:
+              MOZ_CRASH("impossible auth algorithm");
+              break;
+          }
+        }
+      }
+
+      Telemetry::Accumulate(infoObject->IsFullHandshake()
+                                ? Telemetry::SSL_SYMMETRIC_CIPHER_FULL
+                                : Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED,
+                            cipherInfo.symCipher);
+    }
+  }
+
+  PRBool siteSupportsSafeRenego;
+  if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_3) {
+    rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn,
+                                          &siteSupportsSafeRenego);
+    MOZ_ASSERT(rv == SECSuccess);
+    if (rv != SECSuccess) {
+      siteSupportsSafeRenego = false;
+    }
+  } else {
+    // TLS 1.3 dropped support for renegotiation.
+    siteSupportsSafeRenego = true;
+  }
+  bool renegotiationUnsafe = !siteSupportsSafeRenego &&
+                             ioLayerHelpers.treatUnsafeNegotiationAsBroken();
+
+  bool deprecatedTlsVer =
+      (channelInfo.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2);
+
+  uint32_t state;
+  if (renegotiationUnsafe || deprecatedTlsVer) {
+    state = nsIWebProgressListener::STATE_IS_BROKEN;
+  } else {
+    state = nsIWebProgressListener::STATE_IS_SECURE;
+    SSLVersionRange defVersion;
+    rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
+    if (rv == SECSuccess && versions.max >= defVersion.max) {
+      // we know this site no longer requires a version fallback
+      ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
+                                                infoObject->GetPort());
+    }
+  }
+
+  if (infoObject->HasServerCert()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("HandshakeCallback KEEPING existing cert\n"));
+  } else {
+    infoObject->RebuildCertificateInfoFromSSLTokenCache();
+  }
+
+  // Check if the user has added an override for a certificate error.
+  if (infoObject->HasUserOverriddenCertificateError()) {
+    state |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN;
+  }
+
+  infoObject->SetSecurityState(state);
+
+  // XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead,
+  // we should set a flag on the channel that higher (UI) level code can check
+  // to log the warning. In particular, these warnings should go to the web
+  // console instead of to the error console. Also, the warning is not
+  // localized.
+  if (!siteSupportsSafeRenego) {
+    NS_ConvertASCIItoUTF16 msg(infoObject->GetHostName());
+    msg.AppendLiteral(" : server does not support RFC 5746, see CVE-2009-3555");
+
+    nsContentUtils::LogSimpleConsoleError(
+        msg, "SSL"_ns, !!infoObject->GetOriginAttributes().mPrivateBrowsingId,
+        true /* from chrome context */);
+  }
+
+  infoObject->NoteTimeUntilReady();
+  infoObject->SetHandshakeCompleted();
+}
diff --git a/security/manager/ssl/nsNSSCallbacks.h b/security/manager/ssl/nsNSSCallbacks.h
new file mode 100644
index 0000000000..5ea898033f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCallbacks.h
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCallbacks_h
+#define nsNSSCallbacks_h
+
+#include "mozilla/Attributes.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/TimeStamp.h"
+#include "mozilla/Vector.h"
+#include "nspr.h"
+#include "nsString.h"
+#include "pk11func.h"
+#include "mozpkix/pkix.h"
+#include "mozpkix/pkixtypes.h"
+#include "nsIX509Cert.h"
+
+using mozilla::OriginAttributes;
+using mozilla::TimeDuration;
+using mozilla::Vector;
+
+class nsILoadGroup;
+
+char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg);
+
+void HandshakeCallback(PRFileDesc* fd, void* client_data);
+SECStatus CanFalseStartCallback(PRFileDesc* fd, void* client_data,
+                                PRBool* canFalseStart);
+
+mozilla::pkix::Result DoOCSPRequest(
+    const nsCString& aiaLocation, const OriginAttributes& originAttributes,
+    uint8_t (&ocspRequest)[mozilla::pkix::OCSP_REQUEST_MAX_LENGTH],
+    size_t ocspRequestLength, TimeDuration timeout,
+    /*out*/ Vector<uint8_t>& result);
+
+nsCString getKeaGroupName(uint32_t aKeaGroup);
+nsCString getSignatureName(uint32_t aSignatureScheme);
+
+#endif  // nsNSSCallbacks_h
diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp
new file mode 100644
index 0000000000..2a21400cb6
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertHelper.cpp
@@ -0,0 +1,99 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertHelper.h"
+
+#include <algorithm>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/Utf8.h"
+#include "mozilla/net/DNS.h"
+#include "nsCOMPtr.h"
+#include "nsIStringBundle.h"
+#include "nsNSSCertificate.h"
+#include "nsReadableUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "prerror.h"
+#include "prnetdb.h"
+#include "secder.h"
+
+using namespace mozilla;
+
+// To avoid relying on localized strings in PSM, we hard-code the root module
+// name internally. When we display it to the user in the list of modules in the
+// front-end, we look up the localized value and display that instead of this.
+const char* kRootModuleName = "Builtin Roots Module";
+const size_t kRootModuleNameLen = strlen(kRootModuleName);
+
+static nsresult GetPIPNSSBundle(nsIStringBundle** pipnssBundle) {
+  nsCOMPtr<nsIStringBundleService> bundleService(
+      do_GetService(NS_STRINGBUNDLE_CONTRACTID));
+  if (!bundleService) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  return bundleService->CreateBundle("chrome://pipnss/locale/pipnss.properties",
+                                     pipnssBundle);
+}
+
+nsresult GetPIPNSSBundleString(const char* stringName, nsAString& result) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  MOZ_ASSERT(stringName);
+  if (!stringName) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  nsCOMPtr<nsIStringBundle> pipnssBundle;
+  nsresult rv = GetPIPNSSBundle(getter_AddRefs(pipnssBundle));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  result.Truncate();
+  return pipnssBundle->GetStringFromName(stringName, result);
+}
+
+nsresult GetPIPNSSBundleString(const char* stringName, nsACString& result) {
+  nsAutoString tmp;
+  nsresult rv = GetPIPNSSBundleString(stringName, tmp);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  result.Assign(NS_ConvertUTF16toUTF8(tmp));
+  return NS_OK;
+}
+
+nsresult PIPBundleFormatStringFromName(const char* stringName,
+                                       const nsTArray<nsString>& params,
+                                       nsAString& result) {
+  MOZ_ASSERT(stringName);
+  MOZ_ASSERT(!params.IsEmpty());
+  if (!stringName || params.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  nsCOMPtr<nsIStringBundle> pipnssBundle;
+  nsresult rv = GetPIPNSSBundle(getter_AddRefs(pipnssBundle));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  result.Truncate();
+  return pipnssBundle->FormatStringFromName(stringName, params, result);
+}
+
+void LossyUTF8ToUTF16(const char* str, uint32_t len,
+                      /*out*/ nsAString& result) {
+  auto span = Span(str, len);
+  if (IsUtf8(span)) {
+    CopyUTF8toUTF16(span, result);
+  } else {
+    // Actually Latin1 despite ASCII in the legacy name
+    CopyASCIItoUTF16(span, result);
+  }
+}
diff --git a/security/manager/ssl/nsNSSCertHelper.h b/security/manager/ssl/nsNSSCertHelper.h
new file mode 100644
index 0000000000..453e2e21eb
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertHelper.h
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertHelper_h
+#define nsNSSCertHelper_h
+
+#ifndef INET6_ADDRSTRLEN
+#  define INET6_ADDRSTRLEN 46
+#endif
+
+#include "certt.h"
+#include "nsString.h"
+
+extern const char* kRootModuleName;
+extern const size_t kRootModuleNameLen;
+
+class nsIX509Cert;
+
+// If input is valid UTF-8, converts from UTF-8 to UTF-16. Otherwise,
+// converts from Latin1 to UTF-16.
+void LossyUTF8ToUTF16(const char* str, uint32_t len, /*out*/ nsAString& result);
+
+// Must be used on the main thread only.
+nsresult GetPIPNSSBundleString(const char* stringName, nsAString& result);
+nsresult GetPIPNSSBundleString(const char* stringName, nsACString& result);
+nsresult PIPBundleFormatStringFromName(const char* stringName,
+                                       const nsTArray<nsString>& params,
+                                       nsAString& result);
+
+#endif  // nsNSSCertHelper_h
diff --git a/security/manager/ssl/nsNSSCertTrust.cpp b/security/manager/ssl/nsNSSCertTrust.cpp
new file mode 100644
index 0000000000..f5855c92c6
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertTrust.cpp
@@ -0,0 +1,121 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertTrust.h"
+
+#include "certdb.h"
+
+void nsNSSCertTrust::AddCATrust(bool ssl, bool email) {
+  if (ssl) {
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+  if (email) {
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+}
+
+void nsNSSCertTrust::AddPeerTrust(bool ssl, bool email) {
+  if (ssl) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
+  if (email) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
+}
+
+nsNSSCertTrust::nsNSSCertTrust() { memset(&mTrust, 0, sizeof(CERTCertTrust)); }
+
+nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, unsigned int email) {
+  memset(&mTrust, 0, sizeof(CERTCertTrust));
+  addTrust(&mTrust.sslFlags, ssl);
+  addTrust(&mTrust.emailFlags, email);
+}
+
+nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust* t) {
+  if (t)
+    memcpy(&mTrust, t, sizeof(CERTCertTrust));
+  else
+    memset(&mTrust, 0, sizeof(CERTCertTrust));
+}
+
+nsNSSCertTrust::~nsNSSCertTrust() = default;
+
+void nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer, bool ca, bool tCA,
+                                 bool tClientCA, bool user, bool warn) {
+  mTrust.sslFlags = 0;
+  if (peer || tPeer) addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
+  if (ca || tCA) addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
+  if (tClientCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
+  if (user) addTrust(&mTrust.sslFlags, CERTDB_USER);
+  if (warn) addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
+}
+
+void nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer, bool ca, bool tCA,
+                                   bool tClientCA, bool user, bool warn) {
+  mTrust.emailFlags = 0;
+  if (peer || tPeer) addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
+  if (ca || tCA) addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
+  if (tClientCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
+  if (user) addTrust(&mTrust.emailFlags, CERTDB_USER);
+  if (warn) addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
+}
+
+void nsNSSCertTrust::SetValidCA() {
+  SetSSLTrust(false, false, true, false, false, false, false);
+  SetEmailTrust(false, false, true, false, false, false, false);
+}
+
+void nsNSSCertTrust::SetValidPeer() {
+  SetSSLTrust(true, false, false, false, false, false, false);
+  SetEmailTrust(true, false, false, false, false, false, false);
+}
+
+bool nsNSSCertTrust::HasAnyCA() {
+  if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
+      hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
+      hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
+    return true;
+  return false;
+}
+
+bool nsNSSCertTrust::HasPeer(bool checkSSL, bool checkEmail) {
+  if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  return true;
+}
+
+bool nsNSSCertTrust::HasAnyUser() {
+  if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
+      hasTrust(mTrust.emailFlags, CERTDB_USER) ||
+      hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
+    return true;
+  return false;
+}
+
+bool nsNSSCertTrust::HasTrustedCA(bool checkSSL, bool checkEmail) {
+  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
+                    hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
+                      hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  return true;
+}
+
+bool nsNSSCertTrust::HasTrustedPeer(bool checkSSL, bool checkEmail) {
+  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED))) return false;
+  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
+    return false;
+  return true;
+}
+
+void nsNSSCertTrust::addTrust(unsigned int* t, unsigned int v) { *t |= v; }
+
+bool nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) {
+  return !!(t & v);
+}
diff --git a/security/manager/ssl/nsNSSCertTrust.h b/security/manager/ssl/nsNSSCertTrust.h
new file mode 100644
index 0000000000..3f05d28993
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertTrust.h
@@ -0,0 +1,55 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertTrust_h
+#define nsNSSCertTrust_h
+
+#include "certt.h"
+
+/*
+ * Class for maintaining trust flags for an NSS certificate.
+ */
+class nsNSSCertTrust {
+ public:
+  nsNSSCertTrust();
+  nsNSSCertTrust(unsigned int ssl, unsigned int email);
+  explicit nsNSSCertTrust(CERTCertTrust* t);
+  virtual ~nsNSSCertTrust();
+
+  /* query */
+  bool HasAnyCA();
+  bool HasAnyUser();
+  bool HasPeer(bool checkSSL = true, bool checkEmail = true);
+  bool HasTrustedCA(bool checkSSL = true, bool checkEmail = true);
+  bool HasTrustedPeer(bool checkSSL = true, bool checkEmail = true);
+
+  /* common defaults */
+  /* equivalent to "c,c,c" */
+  void SetValidCA();
+  /* equivalent to "p,p,p" */
+  void SetValidPeer();
+
+  /* general setters */
+  /* read: "p, P, c, C, T, u, w" */
+  void SetSSLTrust(bool peer, bool tPeer, bool ca, bool tCA, bool tClientCA,
+                   bool user, bool warn);
+
+  void SetEmailTrust(bool peer, bool tPeer, bool ca, bool tCA, bool tClientCA,
+                     bool user, bool warn);
+
+  /* set c <--> CT */
+  void AddCATrust(bool ssl, bool email);
+  /* set p <--> P */
+  void AddPeerTrust(bool ssl, bool email);
+
+  CERTCertTrust& GetTrust() { return mTrust; }
+
+ private:
+  void addTrust(unsigned int* t, unsigned int v);
+  void removeTrust(unsigned int* t, unsigned int v);
+  bool hasTrust(unsigned int t, unsigned int v);
+  CERTCertTrust mTrust;
+};
+
+#endif  // nsNSSCertTrust_h
diff --git a/security/manager/ssl/nsNSSCertificate.cpp b/security/manager/ssl/nsNSSCertificate.cpp
new file mode 100644
index 0000000000..bd5f2ae759
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -0,0 +1,709 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificate.h"
+
+#include "CertVerifier.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "X509CertValidity.h"
+#include "certdb.h"
+#include "ipc/IPCMessageUtils.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/Span.h"
+#include "mozilla/TextUtils.h"
+#include "mozilla/Unused.h"
+#include "mozilla/ipc/TransportSecurityInfoUtils.h"
+#include "mozilla/ipc/IPDLParamTraits.h"
+#include "mozilla/net/DNS.h"
+#include "mozpkix/Result.h"
+#include "mozpkix/pkixnss.h"
+#include "mozpkix/pkixtypes.h"
+#include "mozpkix/pkixutil.h"
+#include "nsArray.h"
+#include "nsCOMPtr.h"
+#include "nsIClassInfoImpl.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsIX509Cert.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertTrust.h"
+#include "nsPK11TokenDB.h"
+#include "nsPKCS12Blob.h"
+#include "nsProxyRelease.h"
+#include "nsReadableUtils.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+#include "nsUnicharUtils.h"
+#include "nspr.h"
+#include "prerror.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#ifdef XP_WIN
+#  include <winsock.h>  // for htonl
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsNSSCertificate, nsIX509Cert, nsISerializable, nsIClassInfo)
+
+nsNSSCertificate::nsNSSCertificate() : mCert("nsNSSCertificate::mCert") {}
+
+nsNSSCertificate::nsNSSCertificate(CERTCertificate* cert)
+    : mCert("nsNSSCertificate::mCert") {
+  if (cert) {
+    mDER.AppendElements(cert->derCert.data, cert->derCert.len);
+    auto lock = mCert.Lock();
+    auto& maybeCert = lock.ref();
+    maybeCert.emplace(UniqueCERTCertificate(CERT_DupCertificate(cert)));
+  }
+}
+
+nsNSSCertificate::nsNSSCertificate(nsTArray<uint8_t>&& der)
+    : mDER(std::move(der)), mCert("nsNSSCertificate::mCert") {}
+
+UniqueCERTCertificate nsNSSCertificate::GetOrInstantiateCert() {
+  auto lock = mCert.Lock();
+  auto& maybeCert = lock.ref();
+  if (maybeCert.isSome()) {
+    return UniqueCERTCertificate(CERT_DupCertificate((*maybeCert).get()));
+  }
+
+  if (!EnsureNSSInitializedChromeOrContent()) {
+    return nullptr;
+  }
+
+  SECItem derItem = {siBuffer, mDER.Elements(),
+                     static_cast<unsigned int>(mDER.Length())};
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &derItem, nullptr, false, true));
+  if (!cert) {
+    return nullptr;
+  }
+  maybeCert.emplace(std::move(cert));
+
+  return UniqueCERTCertificate(CERT_DupCertificate((*maybeCert).get()));
+}
+
+nsresult nsNSSCertificate::GetCertType(uint32_t* aCertType) {
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  CERTCertTrust certTrust{0, 0, 0};
+  // If there is no stored trust information, CERT_GetCertTrust will return
+  // SECFailure. This isn't a failure. In this case, all trust bits will remain
+  // unset.
+  Unused << CERT_GetCertTrust(cert.get(), &certTrust);
+  nsNSSCertTrust trust(&certTrust);
+  if (cert->nickname && trust.HasAnyUser()) {
+    *aCertType = nsIX509Cert::USER_CERT;
+    return NS_OK;
+  }
+  if (trust.HasAnyCA()) {
+    *aCertType = nsIX509Cert::CA_CERT;
+    return NS_OK;
+  }
+  if (trust.HasPeer(true, false)) {
+    *aCertType = nsIX509Cert::SERVER_CERT;
+    return NS_OK;
+  }
+  if (trust.HasPeer(false, true) && cert->emailAddr) {
+    *aCertType = nsIX509Cert::EMAIL_CERT;
+    return NS_OK;
+  }
+  if (CERT_IsCACert(cert.get(), nullptr)) {
+    *aCertType = nsIX509Cert::CA_CERT;
+    return NS_OK;
+  }
+  if (cert->emailAddr) {
+    *aCertType = nsIX509Cert::EMAIL_CERT;
+    return NS_OK;
+  }
+  *aCertType = nsIX509Cert::UNKNOWN_CERT;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot) {
+  NS_ENSURE_ARG(aIsBuiltInRoot);
+
+  pkix::Input certInput;
+  pkix::Result rv = certInput.Init(mDER.Elements(), mDER.Length());
+  if (rv != pkix::Result::Success) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = IsCertBuiltInRoot(certInput, *aIsBuiltInRoot);
+  if (rv != pkix::Result::Success) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetDbKey(nsACString& aDbKey) {
+  static_assert(sizeof(uint64_t) == 8, "type size consistency check");
+  static_assert(sizeof(uint32_t) == 4, "type size consistency check");
+
+  pkix::Input certInput;
+  pkix::Result result = certInput.Init(mDER.Elements(), mDER.Length());
+  if (result != pkix::Result::Success) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  // NB: since we're not building a trust path, the endEntityOrCA parameter is
+  // irrelevant.
+  pkix::BackCert cert(certInput, pkix::EndEntityOrCA::MustBeEndEntity, nullptr);
+  result = cert.Init();
+  if (result != pkix::Result::Success) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  // The format of the key is the base64 encoding of the following:
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was
+  //                        never implemented)
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was
+  //                        never implemented)
+  // 4 bytes: <serial number length in big-endian order>
+  // 4 bytes: <DER-encoded issuer distinguished name length in big-endian order>
+  // n bytes: <bytes of serial number>
+  // m bytes: <DER-encoded issuer distinguished name>
+  nsAutoCString buf;
+  const char leadingZeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
+  buf.Append(leadingZeroes, sizeof(leadingZeroes));
+  uint32_t serialNumberLen = htonl(cert.GetSerialNumber().GetLength());
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&serialNumberLen),
+             sizeof(uint32_t));
+  uint32_t issuerLen = htonl(cert.GetIssuer().GetLength());
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&issuerLen),
+             sizeof(uint32_t));
+  buf.Append(BitwiseCast<const char*, const unsigned char*>(
+                 cert.GetSerialNumber().UnsafeGetData()),
+             cert.GetSerialNumber().GetLength());
+  buf.Append(BitwiseCast<const char*, const unsigned char*>(
+                 cert.GetIssuer().UnsafeGetData()),
+             cert.GetIssuer().GetLength());
+
+  return Base64Encode(buf, aDbKey);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetDisplayName(nsAString& aDisplayName) {
+  aDisplayName.Truncate();
+
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePORTString commonName(CERT_GetCommonName(&cert->subject));
+  UniquePORTString organizationalUnitName(CERT_GetOrgUnitName(&cert->subject));
+  UniquePORTString organizationName(CERT_GetOrgName(&cert->subject));
+
+  bool isBuiltInRoot;
+  nsresult rv = GetIsBuiltInRoot(&isBuiltInRoot);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Only use the nickname for built-in roots where we already have a hard-coded
+  // reasonable display name (unfortunately we have to strip off the leading
+  // slot identifier followed by a ':'). Otherwise, attempt to use the following
+  // in order:
+  //  - the common name, if present
+  //  - an organizational unit name, if present
+  //  - an organization name, if present
+  //  - the entire subject distinguished name, if non-empty
+  //  - an email address, if one can be found
+  // In the unlikely event that none of these fields are present and non-empty
+  // (the subject really shouldn't be empty), an empty string is returned.
+  nsAutoCString builtInRootNickname;
+  if (isBuiltInRoot) {
+    nsAutoCString fullNickname(cert->nickname);
+    int32_t index = fullNickname.Find(":");
+    if (index != kNotFound) {
+      // Substring will gracefully handle the case where index is the last
+      // character in the string (that is, if the nickname is just
+      // "Builtin Object Token:"). In that case, we'll get an empty string.
+      builtInRootNickname =
+          Substring(fullNickname, AssertedCast<uint32_t>(index + 1));
+    }
+  }
+  const char* nameOptions[] = {builtInRootNickname.get(),
+                               commonName.get(),
+                               organizationalUnitName.get(),
+                               organizationName.get(),
+                               cert->subjectName,
+                               cert->emailAddr};
+
+  for (auto nameOption : nameOptions) {
+    if (nameOption) {
+      size_t len = strlen(nameOption);
+      if (len > 0) {
+        LossyUTF8ToUTF16(nameOption, len, aDisplayName);
+        return NS_OK;
+      }
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress) {
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  if (cert->emailAddr) {
+    CopyUTF8toUTF16(MakeStringSpan(cert->emailAddr), aEmailAddress);
+  } else {
+    GetPIPNSSBundleString("CertNoEmailAddress", aEmailAddress);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetEmailAddresses(nsTArray<nsString>& aAddresses) {
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  uint32_t length = 0;
+  for (const char* aAddr = CERT_GetFirstEmailAddress(cert.get()); aAddr;
+       aAddr = CERT_GetNextEmailAddress(cert.get(), aAddr)) {
+    ++(length);
+  }
+
+  aAddresses.SetCapacity(length);
+
+  for (const char* aAddr = CERT_GetFirstEmailAddress(cert.get()); aAddr;
+       aAddr = CERT_GetNextEmailAddress(cert.get(), aAddr)) {
+    CopyASCIItoUTF16(MakeStringSpan(aAddr), *aAddresses.AppendElement());
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress,
+                                       bool* result) {
+  NS_ENSURE_ARG(result);
+  *result = false;
+
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  for (const char* aAddr = CERT_GetFirstEmailAddress(cert.get()); aAddr;
+       aAddr = CERT_GetNextEmailAddress(cert.get(), aAddr)) {
+    nsAutoString certAddr;
+    LossyUTF8ToUTF16(aAddr, strlen(aAddr), certAddr);
+    ToLowerCase(certAddr);
+
+    nsAutoString testAddr(aEmailAddress);
+    ToLowerCase(testAddr);
+
+    if (certAddr == testAddr) {
+      *result = true;
+      break;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetCommonName(nsAString& aCommonName) {
+  aCommonName.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePORTString commonName(CERT_GetCommonName(&cert->subject));
+  if (commonName) {
+    LossyUTF8ToUTF16(commonName.get(), strlen(commonName.get()), aCommonName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganization(nsAString& aOrganization) {
+  aOrganization.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePORTString organization(CERT_GetOrgName(&cert->subject));
+  if (organization) {
+    LossyUTF8ToUTF16(organization.get(), strlen(organization.get()),
+                     aOrganization);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName) {
+  aCommonName.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePORTString commonName(CERT_GetCommonName(&cert->issuer));
+  if (commonName) {
+    LossyUTF8ToUTF16(commonName.get(), strlen(commonName.get()), aCommonName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization) {
+  aOrganization.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePORTString organization(CERT_GetOrgName(&cert->issuer));
+  if (organization) {
+    LossyUTF8ToUTF16(organization.get(), strlen(organization.get()),
+                     aOrganization);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit) {
+  aOrganizationUnit.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePORTString organizationUnit(CERT_GetOrgUnitName(&cert->issuer));
+  if (organizationUnit) {
+    LossyUTF8ToUTF16(organizationUnit.get(), strlen(organizationUnit.get()),
+                     aOrganizationUnit);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganizationalUnit(nsAString& aOrganizationalUnit) {
+  aOrganizationalUnit.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePORTString orgunit(CERT_GetOrgUnitName(&cert->subject));
+  if (orgunit) {
+    LossyUTF8ToUTF16(orgunit.get(), strlen(orgunit.get()), aOrganizationalUnit);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSubjectName(nsAString& _subjectName) {
+  _subjectName.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  if (cert->subjectName) {
+    LossyUTF8ToUTF16(cert->subjectName, strlen(cert->subjectName),
+                     _subjectName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerName(nsAString& _issuerName) {
+  _issuerName.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  if (cert->issuerName) {
+    LossyUTF8ToUTF16(cert->issuerName, strlen(cert->issuerName), _issuerName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber) {
+  _serialNumber.Truncate();
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePORTString tmpstr(
+      CERT_Hexify(&cert->serialNumber, true /* use colon delimiters */));
+  if (tmpstr) {
+    _serialNumber = NS_ConvertASCIItoUTF16(tmpstr.get());
+    return NS_OK;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+nsresult nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint,
+                                              SECOidTag aHashAlg) {
+  aFingerprint.Truncate();
+
+  if (!EnsureNSSInitializedChromeOrContent()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsTArray<uint8_t> digestArray;
+  nsresult rv =
+      Digest::DigestBuf(aHashAlg, mDER.Elements(), mDER.Length(), digestArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  SECItem digestItem = {siBuffer, digestArray.Elements(),
+                        static_cast<unsigned int>(digestArray.Length())};
+
+  UniquePORTString fpStr(
+      CERT_Hexify(&digestItem, true /* use colon delimiters */));
+  if (!fpStr) {
+    return NS_ERROR_FAILURE;
+  }
+
+  aFingerprint.AssignASCII(fpStr.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha256Fingerprint(nsAString& aSha256Fingerprint) {
+  return GetCertificateHash(aSha256Fingerprint, SEC_OID_SHA256);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint) {
+  return GetCertificateHash(_sha1Fingerprint, SEC_OID_SHA1);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetTokenName(nsAString& aTokenName) {
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  UniquePK11SlotInfo internalSlot(PK11_GetInternalSlot());
+  if (!internalSlot) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIPK11Token> token(
+      new nsPK11Token(cert->slot ? cert->slot : internalSlot.get()));
+  nsAutoCString tmp;
+  nsresult rv = token->GetTokenName(tmp);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  aTokenName.Assign(NS_ConvertUTF8toUTF16(tmp));
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(
+    nsACString& aSha256SPKIDigest) {
+  aSha256SPKIDigest.Truncate();
+
+  if (!EnsureNSSInitializedChromeOrContent()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  pkix::Input certInput;
+  pkix::Result result = certInput.Init(mDER.Elements(), mDER.Length());
+  if (result != pkix::Result::Success) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  // NB: since we're not building a trust path, the endEntityOrCA parameter is
+  // irrelevant.
+  pkix::BackCert cert(certInput, pkix::EndEntityOrCA::MustBeEndEntity, nullptr);
+  result = cert.Init();
+  if (result != pkix::Result::Success) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  pkix::Input derPublicKey = cert.GetSubjectPublicKeyInfo();
+  nsTArray<uint8_t> digestArray;
+  nsresult rv = Digest::DigestBuf(SEC_OID_SHA256, derPublicKey.UnsafeGetData(),
+                                  derPublicKey.GetLength(), digestArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Base64Encode(nsDependentCSubstring(
+                        reinterpret_cast<const char*>(digestArray.Elements()),
+                        digestArray.Length()),
+                    aSha256SPKIDigest);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetRawDER(nsTArray<uint8_t>& aArray) {
+  aArray.SetLength(mDER.Length());
+  memcpy(aArray.Elements(), mDER.Elements(), mDER.Length());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetBase64DERString(nsACString& base64DERString) {
+  nsDependentCSubstring derString(
+      reinterpret_cast<const char*>(mDER.Elements()), mDER.Length());
+  nsresult rv = Base64Encode(derString, base64DERString);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+CERTCertificate* nsNSSCertificate::GetCert() {
+  UniqueCERTCertificate cert(GetOrInstantiateCert());
+  return cert.release();  // caller takes ownership
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetValidity(nsIX509CertValidity** aValidity) {
+  NS_ENSURE_ARG(aValidity);
+  pkix::Input certInput;
+  pkix::Result rv = certInput.Init(mDER.Elements(), mDER.Length());
+  if (rv != pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIX509CertValidity> validity = new X509CertValidity(certInput);
+  validity.forget(aValidity);
+  return NS_OK;
+}
+
+// NB: Any updates (except disk-only fields) must be kept in sync with
+//     |SerializeToIPC|.
+NS_IMETHODIMP
+nsNSSCertificate::Write(nsIObjectOutputStream* aStream) {
+  // This field used to be the cached EV status, but it is no longer necessary.
+  nsresult rv = aStream->Write32(0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = aStream->Write32(mDER.Length());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return aStream->WriteBytes(Span(mDER));
+}
+
+// NB: Any updates (except disk-only fields) must be kept in sync with
+//     |DeserializeFromIPC|.
+NS_IMETHODIMP
+nsNSSCertificate::Read(nsIObjectInputStream* aStream) {
+  auto lock = mCert.Lock();
+  auto& maybeCert = lock.ref();
+  if (!mDER.IsEmpty() || maybeCert.isSome()) {
+    return NS_ERROR_ALREADY_INITIALIZED;
+  }
+
+  // This field is no longer used.
+  uint32_t unusedCachedEVStatus;
+  nsresult rv = aStream->Read32(&unusedCachedEVStatus);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint32_t len;
+  rv = aStream->Read32(&len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = aStream->ReadByteArray(len, mDER);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+void nsNSSCertificate::SerializeToIPC(IPC::MessageWriter* aWriter) {
+  bool hasCert = !mDER.IsEmpty();
+  WriteParam(aWriter, hasCert);
+
+  if (!hasCert) {
+    return;
+  }
+
+  WriteParam(aWriter, mDER);
+}
+
+bool nsNSSCertificate::DeserializeFromIPC(IPC::MessageReader* aReader) {
+  auto lock = mCert.Lock();
+  auto& maybeCert = lock.ref();
+  if (!mDER.IsEmpty() || maybeCert.isSome()) {
+    return false;
+  }
+
+  bool hasCert = false;
+  if (!ReadParam(aReader, &hasCert)) {
+    return false;
+  }
+
+  if (!hasCert) {
+    return true;
+  }
+
+  if (!ReadParam(aReader, &mDER)) {
+    return false;
+  }
+  return true;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetInterfaces(nsTArray<nsIID>& array) {
+  array.Clear();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetScriptableHelper(nsIXPCScriptable** _retval) {
+  *_retval = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetContractID(nsACString& aContractID) {
+  aContractID.SetIsVoid(true);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassDescription(nsACString& aClassDescription) {
+  aClassDescription.SetIsVoid(true);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassID(nsCID** aClassID) {
+  *aClassID = (nsCID*)moz_xmalloc(sizeof(nsCID));
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetFlags(uint32_t* aFlags) {
+  *aFlags = nsIClassInfo::THREADSAFE;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) {
+  static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
+
+  *aClassIDNoAlloc = kNSSCertificateCID;
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertificate.h b/security/manager/ssl/nsNSSCertificate.h
new file mode 100644
index 0000000000..cec7331c6b
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificate.h
@@ -0,0 +1,50 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificate_h
+#define nsNSSCertificate_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "mozilla/DataMutex.h"
+#include "mozilla/Maybe.h"
+#include "nsCOMPtr.h"
+#include "nsIClassInfo.h"
+#include "nsISerializable.h"
+#include "nsIX509Cert.h"
+#include "nsStringFwd.h"
+
+class nsNSSCertificate final : public nsIX509Cert,
+                               public nsISerializable,
+                               public nsIClassInfo {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERT
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsNSSCertificate();
+  explicit nsNSSCertificate(CERTCertificate* cert);
+  explicit nsNSSCertificate(nsTArray<uint8_t>&& der);
+
+ private:
+  virtual ~nsNSSCertificate() = default;
+  nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg);
+  mozilla::UniqueCERTCertificate GetOrInstantiateCert();
+
+  nsTArray<uint8_t> mDER;
+  // There may be multiple threads running when mCert is actually instantiated,
+  // so it must be protected by a mutex.
+  mozilla::DataMutex<mozilla::Maybe<mozilla::UniqueCERTCertificate>> mCert;
+};
+
+#define NS_X509CERT_CID                              \
+  { /* 660a3226-915c-4ffb-bb20-8985a632df05 */       \
+    0x660a3226, 0x915c, 0x4ffb, {                    \
+      0xbb, 0x20, 0x89, 0x85, 0xa6, 0x32, 0xdf, 0x05 \
+    }                                                \
+  }
+
+#endif  // nsNSSCertificate_h
diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp
new file mode 100644
index 0000000000..3a760734b3
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -0,0 +1,1356 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificateDB.h"
+
+#include "CertVerifier.h"
+#include "CryptoTask.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "SharedSSLState.h"
+#include "certdb.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Services.h"
+#include "mozilla/Unused.h"
+#include "mozpkix/Time.h"
+#include "mozpkix/pkixnss.h"
+#include "mozpkix/pkixtypes.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICertificateDialogs.h"
+#include "nsIFile.h"
+#include "nsIMutableArray.h"
+#include "nsIObserverService.h"
+#include "nsIPrompt.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertTrust.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsPKCS12Blob.h"
+#include "nsPromiseFlatString.h"
+#include "nsProxyRelease.h"
+#include "nsReadableUtils.h"
+#include "nsThreadUtils.h"
+#include "nspr.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#ifdef XP_WIN
+#  include <winsock.h>  // for ntohl
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB)
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindCertByDBKey(const nsACString& aDBKey,
+                                    /*out*/ nsIX509Cert** _cert) {
+  NS_ENSURE_ARG_POINTER(_cert);
+  *_cert = nullptr;
+
+  if (aDBKey.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertificate cert;
+  rv = FindCertByDBKey(aDBKey, cert);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // If we can't find the certificate, that's not an error. Just return null.
+  if (!cert) {
+    return NS_OK;
+  }
+  nsCOMPtr<nsIX509Cert> nssCert = new nsNSSCertificate(cert.get());
+  nssCert.forget(_cert);
+  return NS_OK;
+}
+
+nsresult nsNSSCertificateDB::FindCertByDBKey(const nsACString& aDBKey,
+                                             UniqueCERTCertificate& cert) {
+  static_assert(sizeof(uint64_t) == 8, "type size sanity check");
+  static_assert(sizeof(uint32_t) == 4, "type size sanity check");
+  // (From nsNSSCertificate::GetDbKey)
+  // The format of the key is the base64 encoding of the following:
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was
+  //                        never implemented)
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was
+  //                        never implemented)
+  // 4 bytes: <serial number length in big-endian order>
+  // 4 bytes: <DER-encoded issuer distinguished name length in big-endian order>
+  // n bytes: <bytes of serial number>
+  // m bytes: <DER-encoded issuer distinguished name>
+  nsAutoCString decoded;
+  nsAutoCString tmpDBKey(aDBKey);
+  // Filter out any whitespace for backwards compatibility.
+  tmpDBKey.StripWhitespace();
+  nsresult rv = Base64Decode(tmpDBKey, decoded);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (decoded.Length() < 16) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  const char* reader = decoded.BeginReading();
+  uint64_t zeroes = *BitwiseCast<const uint64_t*, const char*>(reader);
+  if (zeroes != 0) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  reader += sizeof(uint64_t);
+  // Note: We surround the ntohl() argument with parentheses to stop the macro
+  //       from thinking two arguments were passed.
+  uint32_t serialNumberLen =
+      ntohl((*BitwiseCast<const uint32_t*, const char*>(reader)));
+  reader += sizeof(uint32_t);
+  uint32_t issuerLen =
+      ntohl((*BitwiseCast<const uint32_t*, const char*>(reader)));
+  reader += sizeof(uint32_t);
+  if (decoded.Length() != 16ULL + serialNumberLen + issuerLen) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  CERTIssuerAndSN issuerSN;
+  issuerSN.serialNumber.len = serialNumberLen;
+  issuerSN.serialNumber.data = BitwiseCast<unsigned char*, const char*>(reader);
+  reader += serialNumberLen;
+  issuerSN.derIssuer.len = issuerLen;
+  issuerSN.derIssuer.data = BitwiseCast<unsigned char*, const char*>(reader);
+  reader += issuerLen;
+  MOZ_ASSERT(reader == decoded.EndReading());
+
+  cert.reset(CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN));
+  return NS_OK;
+}
+
+SECStatus collect_certs(void* arg, SECItem** certs, int numcerts) {
+  nsTArray<nsTArray<uint8_t>>* certsArray =
+      reinterpret_cast<nsTArray<nsTArray<uint8_t>>*>(arg);
+
+  while (numcerts--) {
+    nsTArray<uint8_t> certArray;
+    SECItem* cert = *certs;
+    certArray.AppendElements(cert->data, cert->len);
+    certsArray->AppendElement(std::move(certArray));
+    certs++;
+  }
+  return (SECSuccess);
+}
+
+nsresult nsNSSCertificateDB::getCertsFromPackage(
+    nsTArray<nsTArray<uint8_t>>& collectArgs, uint8_t* data, uint32_t length) {
+  if (CERT_DecodeCertPackage(BitwiseCast<char*, uint8_t*>(data), length,
+                             collect_certs, &collectArgs) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+// When using the sql-backed softoken, trust settings are authenticated using a
+// key in the secret database. Thus, if the user has a password, we need to
+// authenticate to the token in order to be able to change trust settings.
+SECStatus ChangeCertTrustWithPossibleAuthentication(
+    const UniqueCERTCertificate& cert, CERTCertTrust& trust, void* ctx) {
+  MOZ_ASSERT(cert, "cert must be non-null");
+  if (!cert) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+  // NSS ignores the first argument to CERT_ChangeCertTrust
+  SECStatus srv = CERT_ChangeCertTrust(nullptr, cert.get(), &trust);
+  if (srv == SECSuccess || PR_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+    return srv;
+  }
+  if (cert->slot) {
+    // If this certificate is on an external PKCS#11 token, we have to
+    // authenticate to that token.
+    srv = PK11_Authenticate(cert->slot, PR_TRUE, ctx);
+  } else {
+    // Otherwise, the certificate is on the internal module.
+    UniquePK11SlotInfo internalSlot(PK11_GetInternalKeySlot());
+    srv = PK11_Authenticate(internalSlot.get(), PR_TRUE, ctx);
+  }
+  if (srv != SECSuccess) {
+    return srv;
+  }
+  return CERT_ChangeCertTrust(nullptr, cert.get(), &trust);
+}
+
+static nsresult ImportCertsIntoPermanentStorage(
+    const UniqueCERTCertList& certChain) {
+  bool encounteredFailure = false;
+  PRErrorCode savedErrorCode = 0;
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  for (CERTCertListNode* chainNode = CERT_LIST_HEAD(certChain);
+       !CERT_LIST_END(chainNode, certChain);
+       chainNode = CERT_LIST_NEXT(chainNode)) {
+    UniquePORTString nickname(CERT_MakeCANickname(chainNode->cert));
+    SECStatus srv = PK11_ImportCert(slot.get(), chainNode->cert,
+                                    CK_INVALID_HANDLE, nickname.get(),
+                                    false);  // this parameter is ignored by NSS
+    if (srv != SECSuccess) {
+      encounteredFailure = true;
+      savedErrorCode = PR_GetError();
+    }
+  }
+
+  if (encounteredFailure) {
+    return GetXPCOMFromNSSError(savedErrorCode);
+  }
+
+  return NS_OK;
+}
+
+nsresult nsNSSCertificateDB::handleCACertDownload(NotNull<nsIArray*> x509Certs,
+                                                  nsIInterfaceRequestor* ctx) {
+  // First thing we have to do is figure out which certificate we're
+  // gonna present to the user.  The CA may have sent down a list of
+  // certs which may or may not be a chained list of certs.  Until
+  // the day we can design some solid UI for the general case, we'll
+  // code to the > 90% case.  That case is where a CA sends down a
+  // list that is a hierarchy whose root is either the first or
+  // the last cert.  What we're gonna do is compare the first
+  // 2 entries, if the second was signed by the first, we assume
+  // the root cert is the first cert and display it.  Otherwise,
+  // we compare the last 2 entries, if the second to last cert was
+  // signed by the last cert, then we assume the last cert is the
+  // root and display it.
+
+  uint32_t numCerts;
+
+  x509Certs->GetLength(&numCerts);
+
+  if (numCerts == 0) return NS_OK;  // Nothing to import, so nothing to do.
+
+  nsCOMPtr<nsIX509Cert> certToShow;
+  uint32_t selCertIndex;
+  if (numCerts == 1) {
+    // There's only one cert, so let's show it.
+    selCertIndex = 0;
+    certToShow = do_QueryElementAt(x509Certs, selCertIndex);
+  } else {
+    nsCOMPtr<nsIX509Cert> cert0;    // first cert
+    nsCOMPtr<nsIX509Cert> cert1;    // second cert
+    nsCOMPtr<nsIX509Cert> certn_2;  // second to last cert
+    nsCOMPtr<nsIX509Cert> certn_1;  // last cert
+
+    cert0 = do_QueryElementAt(x509Certs, 0);
+    cert1 = do_QueryElementAt(x509Certs, 1);
+    certn_2 = do_QueryElementAt(x509Certs, numCerts - 2);
+    certn_1 = do_QueryElementAt(x509Certs, numCerts - 1);
+
+    nsAutoString cert0SubjectName;
+    nsAutoString cert1IssuerName;
+    nsAutoString certn_2IssuerName;
+    nsAutoString certn_1SubjectName;
+
+    cert0->GetSubjectName(cert0SubjectName);
+    cert1->GetIssuerName(cert1IssuerName);
+    certn_2->GetIssuerName(certn_2IssuerName);
+    certn_1->GetSubjectName(certn_1SubjectName);
+
+    if (cert1IssuerName.Equals(cert0SubjectName)) {
+      // In this case, the first cert in the list signed the second,
+      // so the first cert is the root.  Let's display it.
+      selCertIndex = 0;
+      certToShow = cert0;
+    } else if (certn_2IssuerName.Equals(certn_1SubjectName)) {
+      // In this case the last cert has signed the second to last cert.
+      // The last cert is the root, so let's display it.
+      selCertIndex = numCerts - 1;
+      certToShow = certn_1;
+    } else {
+      // It's not a chain, so let's just show the first one in the
+      // downloaded list.
+      selCertIndex = 0;
+      certToShow = cert0;
+    }
+  }
+
+  if (!certToShow) return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsICertificateDialogs> dialogs;
+  nsresult rv = ::getNSSDialogs(getter_AddRefs(dialogs),
+                                NS_GET_IID(nsICertificateDialogs),
+                                NS_CERTIFICATEDIALOGS_CONTRACTID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertificate tmpCert(certToShow->GetCert());
+  if (!tmpCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!CERT_IsCACert(tmpCert.get(), nullptr)) {
+    DisplayCertificateAlert(ctx, "NotACACert", certToShow);
+    return NS_ERROR_FAILURE;
+  }
+
+  if (tmpCert->isperm) {
+    DisplayCertificateAlert(ctx, "CaCertExists", certToShow);
+    return NS_ERROR_FAILURE;
+  }
+
+  uint32_t trustBits;
+  bool allows;
+  rv = dialogs->ConfirmDownloadCACert(ctx, certToShow, &trustBits, &allows);
+  if (NS_FAILED(rv)) return rv;
+
+  if (!allows) return NS_ERROR_NOT_AVAILABLE;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("trust is %d\n", trustBits));
+  UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get()));
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Created nick \"%s\"\n", nickname.get()));
+
+  nsNSSCertTrust trust;
+  trust.SetValidCA();
+  trust.AddCATrust(!!(trustBits & nsIX509CertDB::TRUSTED_SSL),
+                   !!(trustBits & nsIX509CertDB::TRUSTED_EMAIL));
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  SECStatus srv = PK11_ImportCert(slot.get(), tmpCert.get(), CK_INVALID_HANDLE,
+                                  nickname.get(),
+                                  false);  // this parameter is ignored by NSS
+  if (srv != SECSuccess) {
+    return MapSECStatus(srv);
+  }
+  srv =
+      ChangeCertTrustWithPossibleAuthentication(tmpCert, trust.GetTrust(), ctx);
+  if (srv != SECSuccess) {
+    return MapSECStatus(srv);
+  }
+
+  // Import additional delivered certificates that can be verified.
+
+  // build a CertList for filtering
+  UniqueCERTCertList certList(CERT_NewCertList());
+  if (!certList) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // get all remaining certs into temp store
+
+  for (uint32_t i = 0; i < numCerts; i++) {
+    if (i == selCertIndex) {
+      // we already processed that one
+      continue;
+    }
+
+    nsCOMPtr<nsIX509Cert> remainingCert = do_QueryElementAt(x509Certs, i);
+    if (!remainingCert) {
+      continue;
+    }
+
+    UniqueCERTCertificate tmpCert2(remainingCert->GetCert());
+    if (!tmpCert2) {
+      continue;  // Let's try to import the rest of 'em
+    }
+
+    if (CERT_AddCertToListTail(certList.get(), tmpCert2.get()) != SECSuccess) {
+      continue;
+    }
+
+    Unused << tmpCert2.release();
+  }
+
+  return ImportCertsIntoPermanentStorage(certList);
+}
+
+nsresult nsNSSCertificateDB::ConstructCertArrayFromUniqueCertList(
+    const UniqueCERTCertList& aCertListIn,
+    nsTArray<RefPtr<nsIX509Cert>>& aCertListOut) {
+  if (!aCertListIn.get()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  for (CERTCertListNode* node = CERT_LIST_HEAD(aCertListIn.get());
+       !CERT_LIST_END(node, aCertListIn.get()); node = CERT_LIST_NEXT(node)) {
+    RefPtr<nsIX509Cert> cert = new nsNSSCertificate(node->cert);
+    aCertListOut.AppendElement(cert);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportCertificates(uint8_t* data, uint32_t length,
+                                       uint32_t type,
+                                       nsIInterfaceRequestor* ctx) {
+  // We currently only handle CA certificates.
+  if (type != nsIX509Cert::CA_CERT) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsTArray<nsTArray<uint8_t>> certsArray;
+  nsresult rv = getCertsFromPackage(certsArray, data, length);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = nsArrayBase::Create();
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Now let's create some certs to work with
+  for (nsTArray<uint8_t>& certDER : certsArray) {
+    nsCOMPtr<nsIX509Cert> cert = new nsNSSCertificate(std::move(certDER));
+    nsresult rv = array->AppendElement(cert);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return handleCACertDownload(WrapNotNull(array), ctx);
+}
+
+/**
+ * Decodes a given array of DER-encoded certificates into temporary storage.
+ *
+ * @param certs
+ *        Array in which the decoded certificates are stored as arrays of
+ *        unsigned chars.
+ * @param temporaryCerts
+ *        List of decoded certificates.
+ */
+static nsresult ImportCertsIntoTempStorage(
+    nsTArray<nsTArray<uint8_t>>& certs,
+    /*out*/ const UniqueCERTCertList& temporaryCerts) {
+  NS_ENSURE_ARG_POINTER(temporaryCerts);
+
+  for (nsTArray<uint8_t>& certDER : certs) {
+    CERTCertificate* certificate;
+    SECItem certItem;
+    certItem.len = certDER.Length();
+    certItem.data = certDER.Elements();
+    certificate = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &certItem,
+                                          nullptr, false, true);
+
+    UniqueCERTCertificate cert(certificate);
+    if (!cert) {
+      continue;
+    }
+
+    if (CERT_AddCertToListTail(temporaryCerts.get(), cert.get()) ==
+        SECSuccess) {
+      Unused << cert.release();
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportEmailCertificate(uint8_t* data, uint32_t length,
+                                           nsIInterfaceRequestor* ctx) {
+  nsTArray<nsTArray<uint8_t>> certsArray;
+
+  nsresult rv = getCertsFromPackage(certsArray, data, length);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertList temporaryCerts(CERT_NewCertList());
+  if (!temporaryCerts) {
+    return NS_ERROR_FAILURE;
+  }
+
+  rv = ImportCertsIntoTempStorage(certsArray, temporaryCerts);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return ImportCertsIntoPermanentStorage(temporaryCerts);
+}
+
+nsresult nsNSSCertificateDB::ImportCACerts(nsTArray<nsTArray<uint8_t>>& caCerts,
+                                           nsIInterfaceRequestor* ctx) {
+  UniqueCERTCertList temporaryCerts(CERT_NewCertList());
+  if (!temporaryCerts) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = ImportCertsIntoTempStorage(caCerts, temporaryCerts);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return ImportCertsIntoPermanentStorage(temporaryCerts);
+}
+
+void nsNSSCertificateDB::DisplayCertificateAlert(nsIInterfaceRequestor* ctx,
+                                                 const char* stringID,
+                                                 nsIX509Cert* certToShow) {
+  if (!NS_IsMainThread()) {
+    NS_ERROR(
+        "nsNSSCertificateDB::DisplayCertificateAlert called off the main "
+        "thread");
+    return;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> my_ctx = ctx;
+  if (!my_ctx) {
+    my_ctx = new PipUIContext();
+  }
+
+  // This shall be replaced by embedding ovverridable prompts
+  // as discussed in bug 310446, and should make use of certToShow.
+
+  nsAutoString tmpMessage;
+  GetPIPNSSBundleString(stringID, tmpMessage);
+  nsCOMPtr<nsIPrompt> prompt(do_GetInterface(my_ctx));
+  if (!prompt) {
+    return;
+  }
+
+  prompt->Alert(nullptr, tmpMessage.get());
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportUserCertificate(uint8_t* data, uint32_t length,
+                                          nsIInterfaceRequestor* ctx) {
+  if (!NS_IsMainThread()) {
+    NS_ERROR(
+        "nsNSSCertificateDB::ImportUserCertificate called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsTArray<nsTArray<uint8_t>> certsArray;
+
+  nsresult rv = getCertsFromPackage(certsArray, data, length);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  SECItem certItem;
+
+  if (certsArray.IsEmpty()) {
+    return NS_OK;
+  }
+
+  certItem.len = certsArray.ElementAt(0).Length();
+  certItem.data = certsArray.ElementAt(0).Elements();
+
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &certItem, nullptr, false, true));
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert.get(), nullptr, ctx));
+  if (!slot) {
+    nsCOMPtr<nsIX509Cert> certToShow = new nsNSSCertificate(cert.get());
+    DisplayCertificateAlert(ctx, "UserCertIgnoredNoPrivateKey", certToShow);
+    return NS_ERROR_FAILURE;
+  }
+  slot = nullptr;
+
+  /* pick a nickname for the cert */
+  nsAutoCString nickname;
+  if (cert->nickname) {
+    nickname = cert->nickname;
+  } else {
+    get_default_nickname(cert.get(), ctx, nickname);
+  }
+
+  /* user wants to import the cert */
+  slot.reset(PK11_ImportCertForKey(cert.get(), nickname.get(), ctx));
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+  slot = nullptr;
+
+  {
+    nsCOMPtr<nsIX509Cert> certToShow = new nsNSSCertificate(cert.get());
+    DisplayCertificateAlert(ctx, "UserCertImported", certToShow);
+  }
+
+  rv = NS_OK;
+  if (!certsArray.IsEmpty()) {
+    certsArray.RemoveElementAt(0);
+    rv = ImportCACerts(certsArray, ctx);
+  }
+
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+  if (observerService) {
+    observerService->NotifyObservers(nullptr, "psm:user-certificate-added",
+                                     nullptr);
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::DeleteCertificate(nsIX509Cert* aCert) {
+  NS_ENSURE_ARG_POINTER(aCert);
+  UniqueCERTCertificate cert(aCert->GetCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Temporary certificates aren't on a slot and will go away when the
+  // nsIX509Cert is destructed.
+  if (cert->slot) {
+    uint32_t certType;
+    nsresult rv = aCert->GetCertType(&certType);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+    if (certType == nsIX509Cert::USER_CERT) {
+      SECStatus srv = PK11_Authenticate(cert->slot, true, nullptr);
+      if (srv != SECSuccess) {
+        return NS_ERROR_FAILURE;
+      }
+      srv = PK11_DeleteTokenCertAndKey(cert.get(), nullptr);
+      if (srv != SECSuccess) {
+        return NS_ERROR_FAILURE;
+      }
+    } else {
+      // For certificates that can't be deleted (e.g. built-in roots), un-set
+      // all trust bits.
+      nsNSSCertTrust trust(0, 0);
+      SECStatus srv = ChangeCertTrustWithPossibleAuthentication(
+          cert, trust.GetTrust(), nullptr);
+      if (srv != SECSuccess) {
+        return NS_ERROR_FAILURE;
+      }
+      if (!PK11_IsReadOnly(cert->slot)) {
+        srv = SEC_DeletePermCertificate(cert.get());
+        if (srv != SECSuccess) {
+          return NS_ERROR_FAILURE;
+        }
+      }
+    }
+  }
+
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+  if (observerService) {
+    observerService->NotifyObservers(nullptr, "psm:user-certificate-deleted",
+                                     nullptr);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::SetCertTrust(nsIX509Cert* cert, uint32_t type,
+                                 uint32_t trusted) {
+  NS_ENSURE_ARG_POINTER(cert);
+  nsNSSCertTrust trust;
+  switch (type) {
+    case nsIX509Cert::CA_CERT:
+      trust.SetValidCA();
+      trust.AddCATrust(!!(trusted & nsIX509CertDB::TRUSTED_SSL),
+                       !!(trusted & nsIX509CertDB::TRUSTED_EMAIL));
+      break;
+    case nsIX509Cert::SERVER_CERT:
+      trust.SetValidPeer();
+      trust.AddPeerTrust(trusted & nsIX509CertDB::TRUSTED_SSL, false);
+      break;
+    case nsIX509Cert::EMAIL_CERT:
+      trust.SetValidPeer();
+      trust.AddPeerTrust(false, !!(trusted & nsIX509CertDB::TRUSTED_EMAIL));
+      break;
+    default:
+      // Ignore any other type of certificate (including invalid types).
+      return NS_OK;
+  }
+
+  UniqueCERTCertificate nsscert(cert->GetCert());
+  SECStatus srv = ChangeCertTrustWithPossibleAuthentication(
+      nsscert, trust.GetTrust(), nullptr);
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::IsCertTrusted(nsIX509Cert* cert, uint32_t certType,
+                                  uint32_t trustType, bool* _isTrusted) {
+  NS_ENSURE_ARG_POINTER(_isTrusted);
+  *_isTrusted = false;
+
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  SECStatus srv;
+  UniqueCERTCertificate nsscert(cert->GetCert());
+  CERTCertTrust nsstrust;
+  srv = CERT_GetCertTrust(nsscert.get(), &nsstrust);
+  if (srv != SECSuccess) {
+    // CERT_GetCertTrust returns SECFailure if given a temporary cert that
+    // doesn't have any trust information yet. This isn't an error.
+    return NS_OK;
+  }
+
+  nsNSSCertTrust trust(&nsstrust);
+  if (certType == nsIX509Cert::CA_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedCA(true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedCA(false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } else if (certType == nsIX509Cert::SERVER_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedPeer(true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedPeer(false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } else if (certType == nsIX509Cert::EMAIL_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedPeer(true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedPeer(false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } /* user: ignore */
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType) {
+  NS_ENSURE_ARG(aFile);
+  switch (aType) {
+    case nsIX509Cert::CA_CERT:
+    case nsIX509Cert::EMAIL_CERT:
+      // good
+      break;
+
+    default:
+      // not supported (yet)
+      return NS_ERROR_FAILURE;
+  }
+
+  PRFileDesc* fd = nullptr;
+  nsresult rv = aFile->OpenNSPRFileDesc(PR_RDONLY, 0, &fd);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!fd) {
+    return NS_ERROR_FAILURE;
+  }
+
+  PRFileInfo fileInfo;
+  if (PR_GetOpenFileInfo(fd, &fileInfo) != PR_SUCCESS) {
+    return NS_ERROR_FAILURE;
+  }
+
+  auto buf = MakeUnique<unsigned char[]>(fileInfo.size);
+  int32_t bytesObtained = PR_Read(fd, buf.get(), fileInfo.size);
+  PR_Close(fd);
+
+  if (bytesObtained != fileInfo.size) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
+
+  switch (aType) {
+    case nsIX509Cert::CA_CERT:
+      return ImportCertificates(buf.get(), bytesObtained, aType, cxt);
+    case nsIX509Cert::EMAIL_CERT:
+      return ImportEmailCertificate(buf.get(), bytesObtained, cxt);
+    default:
+      MOZ_ASSERT(false, "Unsupported type should have been filtered out");
+      break;
+  }
+
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportPKCS12File(nsIFile* aFile, const nsAString& aPassword,
+                                     uint32_t* aError) {
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  nsPKCS12Blob blob;
+  rv = blob.ImportFromFile(aFile, aPassword, *aError);
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+  if (NS_SUCCEEDED(rv) && observerService) {
+    observerService->NotifyObservers(nullptr, "psm:user-certificate-added",
+                                     nullptr);
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ExportPKCS12File(
+    nsIFile* aFile, const nsTArray<RefPtr<nsIX509Cert>>& aCerts,
+    const nsAString& aPassword, uint32_t* aError) {
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  if (aCerts.IsEmpty()) {
+    return NS_OK;
+  }
+  nsPKCS12Blob blob;
+  return blob.ExportToFile(aFile, aCerts, aPassword, *aError);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509FromBase64(const nsACString& base64,
+                                            /*out*/ nsIX509Cert** _retval) {
+  if (!_retval) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  // Base64Decode() doesn't consider a zero length input as an error, and just
+  // returns the empty string. We don't want this behavior, so the below check
+  // catches this case.
+  if (base64.Length() < 1) {
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  nsAutoCString certDER;
+  nsresult rv = Base64Decode(base64, certDER);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return ConstructX509FromSpan(AsBytes(Span(certDER)), _retval);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509(const nsTArray<uint8_t>& certDER,
+                                  nsIX509Cert** _retval) {
+  return ConstructX509FromSpan(Span(certDER.Elements(), certDER.Length()),
+                               _retval);
+}
+
+nsresult nsNSSCertificateDB::ConstructX509FromSpan(
+    Span<const uint8_t> aInputSpan, nsIX509Cert** _retval) {
+  if (NS_WARN_IF(!_retval)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  if (aInputSpan.Length() > std::numeric_limits<unsigned int>::max()) {
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  SECItem certData;
+  certData.type = siDERCertBuffer;
+  certData.data = const_cast<unsigned char*>(
+      reinterpret_cast<const unsigned char*>(aInputSpan.Elements()));
+  certData.len = aInputSpan.Length();
+
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &certData, nullptr, false, true));
+  if (!cert)
+    return (PORT_GetError() == SEC_ERROR_NO_MEMORY) ? NS_ERROR_OUT_OF_MEMORY
+                                                    : NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIX509Cert> nssCert = new nsNSSCertificate(cert.get());
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+void nsNSSCertificateDB::get_default_nickname(CERTCertificate* cert,
+                                              nsIInterfaceRequestor* ctx,
+                                              nsCString& nickname) {
+  nickname.Truncate();
+
+  CK_OBJECT_HANDLE keyHandle;
+
+  if (NS_FAILED(BlockUntilLoadableCertsLoaded())) {
+    return;
+  }
+
+  CERTCertDBHandle* defaultcertdb = CERT_GetDefaultCertDB();
+  nsAutoCString username;
+  UniquePORTString tempCN(CERT_GetCommonName(&cert->subject));
+  if (tempCN) {
+    username = tempCN.get();
+  }
+
+  nsAutoCString caname;
+  UniquePORTString tempIssuerOrg(CERT_GetOrgName(&cert->issuer));
+  if (tempIssuerOrg) {
+    caname = tempIssuerOrg.get();
+  }
+
+  nsAutoString tmpNickFmt;
+  GetPIPNSSBundleString("nick_template", tmpNickFmt);
+  NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt);
+
+  nsAutoCString baseName;
+  baseName.AppendPrintf(nickFmt.get(), username.get(), caname.get());
+  if (baseName.IsEmpty()) {
+    return;
+  }
+
+  nickname = baseName;
+
+  /*
+   * We need to see if the private key exists on a token, if it does
+   * then we need to check for nicknames that already exist on the smart
+   * card.
+   */
+  UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert, &keyHandle, ctx));
+  if (!slot) return;
+
+  if (!PK11_IsInternal(slot.get())) {
+    nsAutoCString tmp;
+    tmp.AppendPrintf("%s:%s", PK11_GetTokenName(slot.get()), baseName.get());
+    if (tmp.IsEmpty()) {
+      nickname.Truncate();
+      return;
+    }
+    baseName = tmp;
+    nickname = baseName;
+  }
+
+  int count = 1;
+  while (true) {
+    if (count > 1) {
+      nsAutoCString tmp;
+      tmp.AppendPrintf("%s #%d", baseName.get(), count);
+      if (tmp.IsEmpty()) {
+        nickname.Truncate();
+        return;
+      }
+      nickname = tmp;
+    }
+
+    UniqueCERTCertificate dummycert;
+
+    if (PK11_IsInternal(slot.get())) {
+      /* look up the nickname to make sure it isn't in use already */
+      dummycert.reset(CERT_FindCertByNickname(defaultcertdb, nickname.get()));
+    } else {
+      // Check the cert against others that already live on the smart card.
+      dummycert.reset(PK11_FindCertFromNickname(nickname.get(), ctx));
+      if (dummycert) {
+        // Make sure the subject names are different.
+        if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual) {
+          /*
+           * There is another certificate with the same nickname and
+           * the same subject name on the smart card, so let's use this
+           * nickname.
+           */
+          dummycert = nullptr;
+        }
+      }
+    }
+    if (!dummycert) {
+      break;
+    }
+    count++;
+  }
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AddCertFromBase64(const nsACString& aBase64,
+                                      const nsACString& aTrust,
+                                      nsIX509Cert** addedCertificate) {
+  // Base64Decode() doesn't consider a zero length input as an error, and just
+  // returns the empty string. We don't want this behavior, so the below check
+  // catches this case.
+  if (aBase64.Length() < 1) {
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  nsAutoCString aCertDER;
+  nsresult rv = Base64Decode(aBase64, aCertDER);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return AddCert(aCertDER, aTrust, addedCertificate);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AddCert(const nsACString& aCertDER,
+                            const nsACString& aTrust,
+                            nsIX509Cert** addedCertificate) {
+  MOZ_ASSERT(addedCertificate);
+  if (!addedCertificate) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  *addedCertificate = nullptr;
+
+  nsNSSCertTrust trust;
+  if (CERT_DecodeTrustString(&trust.GetTrust(),
+                             PromiseFlatCString(aTrust).get()) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509Cert> newCert;
+  nsresult rv =
+      ConstructX509FromSpan(AsBytes(Span(aCertDER)), getter_AddRefs(newCert));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertificate tmpCert(newCert->GetCert());
+  if (!tmpCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // If there's already a certificate that matches this one in the database, we
+  // still want to set its trust to the given value.
+  if (tmpCert->isperm) {
+    rv = SetCertTrustFromString(newCert, aTrust);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    newCert.forget(addedCertificate);
+    return NS_OK;
+  }
+
+  UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get()));
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Created nick \"%s\"\n", nickname.get()));
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  SECStatus srv = PK11_ImportCert(slot.get(), tmpCert.get(), CK_INVALID_HANDLE,
+                                  nickname.get(),
+                                  false);  // this parameter is ignored by NSS
+  if (srv != SECSuccess) {
+    return MapSECStatus(srv);
+  }
+  srv = ChangeCertTrustWithPossibleAuthentication(tmpCert, trust.GetTrust(),
+                                                  nullptr);
+  if (srv != SECSuccess) {
+    return MapSECStatus(srv);
+  }
+  newCert.forget(addedCertificate);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert,
+                                           const nsACString& trustString) {
+  NS_ENSURE_ARG(cert);
+
+  CERTCertTrust trust;
+  SECStatus srv =
+      CERT_DecodeTrustString(&trust, PromiseFlatCString(trustString).get());
+  if (srv != SECSuccess) {
+    return MapSECStatus(srv);
+  }
+  UniqueCERTCertificate nssCert(cert->GetCert());
+
+  srv = ChangeCertTrustWithPossibleAuthentication(nssCert, trust, nullptr);
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP nsNSSCertificateDB::AsPKCS7Blob(
+    const nsTArray<RefPtr<nsIX509Cert>>& certList, nsACString& _retval) {
+  if (certList.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
+  if (!cmsg) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSCertificateDB::AsPKCS7Blob - can't create CMS message"));
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  UniqueNSSCMSSignedData sigd(nullptr);
+  for (const auto& cert : certList) {
+    // We need an owning handle when calling nsIX509Cert::GetCert().
+    UniqueCERTCertificate nssCert(cert->GetCert());
+    if (!sigd) {
+      sigd.reset(
+          NSS_CMSSignedData_CreateCertsOnly(cmsg.get(), nssCert.get(), false));
+      if (!sigd) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("nsNSSCertificateDB::AsPKCS7Blob - can't create SignedData"));
+        return NS_ERROR_FAILURE;
+      }
+    } else if (NSS_CMSSignedData_AddCertificate(sigd.get(), nssCert.get()) !=
+               SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("nsNSSCertificateDB::AsPKCS7Blob - can't add cert"));
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg.get());
+  if (NSS_CMSContentInfo_SetContent_SignedData(cmsg.get(), cinfo, sigd.get()) !=
+      SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSCertificateDB::AsPKCS7Blob - can't attach SignedData"));
+    return NS_ERROR_FAILURE;
+  }
+  // cmsg owns sigd now.
+  Unused << sigd.release();
+
+  UniquePLArenaPool arena(PORT_NewArena(1024));
+  if (!arena) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSCertificateDB::AsPKCS7Blob - out of memory"));
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  SECItem certP7 = {siBuffer, nullptr, 0};
+  NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(
+      cmsg.get(), nullptr, nullptr, &certP7, arena.get(), nullptr, nullptr,
+      nullptr, nullptr, nullptr, nullptr);
+  if (!ecx) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSCertificateDB::AsPKCS7Blob - can't create encoder"));
+    return NS_ERROR_FAILURE;
+  }
+
+  if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSCertificateDB::AsPKCS7Blob - failed to add encoded data"));
+    return NS_ERROR_FAILURE;
+  }
+
+  _retval.Assign(nsDependentCSubstring(
+      reinterpret_cast<const char*>(certP7.data), certP7.len));
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::GetCerts(nsTArray<RefPtr<nsIX509Cert>>& _retval) {
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = CheckForSmartCardChanges();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  UniqueCERTCertList certList(PK11_ListCerts(PK11CertListUnique, ctx));
+  if (!certList) {
+    return NS_ERROR_FAILURE;
+  }
+  return nsNSSCertificateDB::ConstructCertArrayFromUniqueCertList(certList,
+                                                                  _retval);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AsyncHasThirdPartyRoots(nsIAsyncBoolCallback* aCallback) {
+  NS_ENSURE_ARG_POINTER(aCallback);
+  nsMainThreadPtrHandle<nsIAsyncBoolCallback> callback(
+      new nsMainThreadPtrHolder<nsIAsyncBoolCallback>("AsyncHasThirdPartyRoots",
+                                                      aCallback));
+
+  return NS_DispatchBackgroundTask(
+      NS_NewRunnableFunction(
+          "nsNSSCertificateDB::AsyncHasThirdPartyRoots",
+          [cb = std::move(callback), self = RefPtr{this}] {
+            bool hasThirdPartyRoots = [self]() -> bool {
+              nsTArray<RefPtr<nsIX509Cert>> certs;
+              nsresult rv = self->GetCerts(certs);
+              if (NS_FAILED(rv)) {
+                return false;
+              }
+
+              for (const auto& cert : certs) {
+                bool isTrusted = false;
+                nsresult rv =
+                    self->IsCertTrusted(cert, nsIX509Cert::CA_CERT,
+                                        nsIX509CertDB::TRUSTED_SSL, &isTrusted);
+                if (NS_FAILED(rv)) {
+                  return false;
+                }
+
+                if (!isTrusted) {
+                  continue;
+                }
+
+                bool isBuiltInRoot = false;
+                rv = cert->GetIsBuiltInRoot(&isBuiltInRoot);
+                if (NS_FAILED(rv)) {
+                  return false;
+                }
+
+                if (!isBuiltInRoot) {
+                  return true;
+                }
+              }
+
+              return false;
+            }();
+
+            NS_DispatchToMainThread(NS_NewRunnableFunction(
+                "nsNSSCertificateDB::AsyncHasThirdPartyRoots callback",
+                [cb, hasThirdPartyRoots]() {
+                  cb->OnResult(hasThirdPartyRoots);
+                }));
+          }),
+      NS_DISPATCH_EVENT_MAY_BLOCK);
+}
+
+nsresult VerifyCertAtTime(nsIX509Cert* aCert,
+                          int64_t /*SECCertificateUsage*/ aUsage,
+                          uint32_t aFlags, const nsACString& aHostname,
+                          mozilla::pkix::Time aTime,
+                          nsTArray<RefPtr<nsIX509Cert>>& aVerifiedChain,
+                          bool* aHasEVPolicy,
+                          int32_t* /*PRErrorCode*/ _retval) {
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aHasEVPolicy);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  if (!aVerifiedChain.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *aHasEVPolicy = false;
+  *_retval = PR_UNKNOWN_ERROR;
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);
+
+  nsTArray<nsTArray<uint8_t>> resultChain;
+  EVStatus evStatus;
+  mozilla::pkix::Result result;
+
+  nsTArray<uint8_t> certBytes;
+  nsresult nsrv = aCert->GetRawDER(certBytes);
+  if (NS_FAILED(nsrv)) {
+    return nsrv;
+  }
+
+  if (!aHostname.IsVoid() && aUsage == certificateUsageSSLServer) {
+    result =
+        certVerifier->VerifySSLServerCert(certBytes, aTime,
+                                          nullptr,  // Assume no context
+                                          aHostname, resultChain, aFlags,
+                                          Nothing(),  // extraCertificates
+                                          Nothing(),  // stapledOCSPResponse
+                                          Nothing(),  // sctsFromTLSExtension
+                                          Nothing(),  // dcInfo
+                                          OriginAttributes(), &evStatus);
+  } else {
+    const nsCString& flatHostname = PromiseFlatCString(aHostname);
+    result = certVerifier->VerifyCert(
+        certBytes, aUsage, aTime,
+        nullptr,  // Assume no context
+        aHostname.IsVoid() ? nullptr : flatHostname.get(), resultChain, aFlags,
+        Nothing(),  // extraCertificates
+        Nothing(),  // stapledOCSPResponse
+        Nothing(),  // sctsFromTLSExtension
+        OriginAttributes(), &evStatus);
+  }
+
+  if (result == mozilla::pkix::Success) {
+    for (auto& certDER : resultChain) {
+      RefPtr<nsIX509Cert> cert = new nsNSSCertificate(std::move(certDER));
+      aVerifiedChain.AppendElement(cert);
+    }
+
+    if (evStatus == EVStatus::EV) {
+      *aHasEVPolicy = true;
+    }
+  }
+
+  *_retval = mozilla::pkix::MapResultToPRErrorCode(result);
+
+  return NS_OK;
+}
+
+class VerifyCertAtTimeTask final : public CryptoTask {
+ public:
+  VerifyCertAtTimeTask(nsIX509Cert* aCert, int64_t aUsage, uint32_t aFlags,
+                       const nsACString& aHostname, uint64_t aTime,
+                       nsICertVerificationCallback* aCallback)
+      : mCert(aCert),
+        mUsage(aUsage),
+        mFlags(aFlags),
+        mHostname(aHostname),
+        mTime(aTime),
+        mCallback(new nsMainThreadPtrHolder<nsICertVerificationCallback>(
+            "nsICertVerificationCallback", aCallback)),
+        mPRErrorCode(SEC_ERROR_LIBRARY_FAILURE),
+        mHasEVPolicy(false) {}
+
+ private:
+  virtual nsresult CalculateResult() override {
+    nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID);
+    if (!certDB) {
+      return NS_ERROR_FAILURE;
+    }
+    return VerifyCertAtTime(mCert, mUsage, mFlags, mHostname,
+                            mozilla::pkix::TimeFromEpochInSeconds(mTime),
+                            mVerifiedCertList, &mHasEVPolicy, &mPRErrorCode);
+  }
+
+  virtual void CallCallback(nsresult rv) override {
+    if (NS_FAILED(rv)) {
+      nsTArray<RefPtr<nsIX509Cert>> tmp;
+      Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE, tmp,
+                                              false);
+    } else {
+      Unused << mCallback->VerifyCertFinished(mPRErrorCode, mVerifiedCertList,
+                                              mHasEVPolicy);
+    }
+  }
+
+  nsCOMPtr<nsIX509Cert> mCert;
+  int64_t mUsage;
+  uint32_t mFlags;
+  nsCString mHostname;
+  uint64_t mTime;
+  nsMainThreadPtrHandle<nsICertVerificationCallback> mCallback;
+  int32_t mPRErrorCode;
+  nsTArray<RefPtr<nsIX509Cert>> mVerifiedCertList;
+  bool mHasEVPolicy;
+};
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AsyncVerifyCertAtTime(
+    nsIX509Cert* aCert, int64_t /*SECCertificateUsage*/ aUsage, uint32_t aFlags,
+    const nsACString& aHostname, uint64_t aTime,
+    nsICertVerificationCallback* aCallback) {
+  RefPtr<VerifyCertAtTimeTask> task(new VerifyCertAtTimeTask(
+      aCert, aUsage, aFlags, aHostname, aTime, aCallback));
+  return task->Dispatch();
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ClearOCSPCache() {
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);
+  certVerifier->ClearOCSPCache();
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertificateDB.h b/security/manager/ssl/nsNSSCertificateDB.h
new file mode 100644
index 0000000000..125bb32acd
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateDB.h
@@ -0,0 +1,71 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificateDB_h
+#define nsNSSCertificateDB_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "nsIX509CertDB.h"
+#include "nsString.h"
+
+class nsIArray;
+
+class nsNSSCertificateDB final : public nsIX509CertDB
+
+{
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTDB
+
+  // This is a separate static method so nsNSSComponent can use it during NSS
+  // initialization. Other code should probably not use it.
+  static nsresult FindCertByDBKey(const nsACString& aDBKey,
+                                  mozilla::UniqueCERTCertificate& cert);
+
+  static nsresult ConstructCertArrayFromUniqueCertList(
+      const mozilla::UniqueCERTCertList& aCertListIn,
+      nsTArray<RefPtr<nsIX509Cert>>& aCertListOut);
+
+ protected:
+  virtual ~nsNSSCertificateDB() = default;
+
+ private:
+  // Use this function to generate a default nickname for a user
+  // certificate that is to be imported onto a token.
+  static void get_default_nickname(CERTCertificate* cert,
+                                   nsIInterfaceRequestor* ctx,
+                                   nsCString& nickname);
+
+  static nsresult ImportCACerts(nsTArray<nsTArray<uint8_t>>& CACerts,
+                                nsIInterfaceRequestor* ctx);
+
+  static void DisplayCertificateAlert(nsIInterfaceRequestor* ctx,
+                                      const char* stringID,
+                                      nsIX509Cert* certToShow);
+
+  nsresult getCertsFromPackage(nsTArray<nsTArray<uint8_t>>& collectArgs,
+                               uint8_t* data, uint32_t length);
+  nsresult handleCACertDownload(mozilla::NotNull<nsIArray*> x509Certs,
+                                nsIInterfaceRequestor* ctx);
+  nsresult ConstructX509FromSpan(const mozilla::Span<const uint8_t> aInputSpan,
+                                 nsIX509Cert** _retval);
+};
+
+#define NS_X509CERTDB_CID                            \
+  { /* fb0bbc5c-452e-4783-b32c-80124693d871 */       \
+    0xfb0bbc5c, 0x452e, 0x4783, {                    \
+      0xb3, 0x2c, 0x80, 0x12, 0x46, 0x93, 0xd8, 0x71 \
+    }                                                \
+  }
+
+SECStatus ChangeCertTrustWithPossibleAuthentication(
+    const mozilla::UniqueCERTCertificate& cert, CERTCertTrust& trust,
+    void* ctx);
+
+#endif  // nsNSSCertificateDB_h
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
new file mode 100644
index 0000000000..737f94812d
--- /dev/null
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -0,0 +1,2769 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSComponent.h"
+
+#include "BinaryPath.h"
+#include "CryptoTask.h"
+#include "EnterpriseRoots.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "SSLTokensCache.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "cert.h"
+#include "cert_storage/src/cert_storage.h"
+#include "certdb.h"
+#include "mozilla/AppShutdown.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/EndianUtils.h"
+#include "mozilla/FilePreferences.h"
+#include "mozilla/PodOperations.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/ProfilerLabels.h"
+#include "mozilla/ProfilerMarkers.h"
+#include "mozilla/PublicSSL.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/Services.h"
+#include "mozilla/StaticMutex.h"
+#include "mozilla/StaticPrefs_security.h"
+#include "mozilla/StaticPtr.h"
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/TimeStamp.h"
+#include "mozilla/Unused.h"
+#include "mozilla/Vector.h"
+#include "mozilla/dom/Promise.h"
+#include "mozilla/net/SocketProcessParent.h"
+#include "mozpkix/pkixnss.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRT.h"
+#include "nsClientAuthRemember.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsICertOverrideService.h"
+#include "nsIFile.h"
+#include "nsILocalFileWin.h"
+#include "nsIOService.h"
+#include "nsIObserverService.h"
+#include "nsIPrompt.h"
+#include "nsIProperties.h"
+#include "nsISerialEventTarget.h"
+#include "nsISiteSecurityService.h"
+#include "nsITimer.h"
+#include "nsITokenPasswordDialogs.h"
+#include "nsIWindowWatcher.h"
+#include "nsIXULRuntime.h"
+#include "nsLiteralString.h"
+#include "nsNSSCertificateDB.h"
+#include "nsNSSHelper.h"
+#include "nsNetCID.h"
+#include "nsPK11TokenDB.h"
+#include "nsPrintfCString.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "nsXULAppAPI.h"
+#include "nss.h"
+#include "p12plcy.h"
+#include "pk11pub.h"
+#include "prmem.h"
+#include "secerr.h"
+#include "secmod.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#if defined(XP_LINUX) && !defined(ANDROID)
+#  include <linux/magic.h>
+#  include <sys/vfs.h>
+#endif
+
+#ifdef XP_WIN
+#  include "mozilla/WindowsVersion.h"
+#  include "nsILocalFileWin.h"
+
+#  include "windows.h"  // this needs to be before the following includes
+#  include "lmcons.h"
+#  include "sddl.h"
+#  include "wincrypt.h"
+#  include "nsIWindowsRegKey.h"
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+LazyLogModule gPIPNSSLog("pipnss");
+
+int nsNSSComponent::mInstanceCount = 0;
+
+// Forward declaration.
+nsresult CommonInit();
+
+// Take an nsIFile and get a UTF-8-encoded c-string representation of the
+// location of that file (encapsulated in an nsACString).
+// This operation is generally to be avoided, except when interacting with
+// third-party or legacy libraries that cannot handle `nsIFile`s (such as NSS).
+// |result| is encoded in UTF-8.
+nsresult FileToCString(const nsCOMPtr<nsIFile>& file, nsACString& result) {
+#ifdef XP_WIN
+  nsAutoString path;
+  nsresult rv = file->GetPath(path);
+  if (NS_SUCCEEDED(rv)) {
+    CopyUTF16toUTF8(path, result);
+  }
+  return rv;
+#else
+  return file->GetNativePath(result);
+#endif
+}
+
+void TruncateFromLastDirectorySeparator(nsCString& path) {
+  static const nsAutoCString kSeparatorString(
+      mozilla::FilePreferences::kPathSeparator);
+  int32_t index = path.RFind(kSeparatorString);
+  if (index == kNotFound) {
+    return;
+  }
+  path.Truncate(index);
+}
+
+bool LoadIPCClientCerts() {
+  // This returns the path to the binary currently running, which in most
+  // cases is "plugin-container".
+  UniqueFreePtr<char> pluginContainerPath(BinaryPath::Get());
+  if (!pluginContainerPath) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to get get plugin-container path"));
+    return false;
+  }
+  nsAutoCString ipcClientCertsDirString(pluginContainerPath.get());
+  // On most platforms, ipcclientcerts is in the same directory as
+  // plugin-container. To obtain the path to that directory, truncate from
+  // the last directory separator.
+  // On macOS, plugin-container is in
+  // Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/,
+  // whereas ipcclientcerts is in Firefox.app/Contents/MacOS/. Consequently,
+  // this truncation from the last directory separator has to happen 4 times
+  // total. Normally this would be done using nsIFile APIs, but due to when
+  // this is initialized in the socket process, those aren't available.
+  TruncateFromLastDirectorySeparator(ipcClientCertsDirString);
+#ifdef XP_MACOSX
+  TruncateFromLastDirectorySeparator(ipcClientCertsDirString);
+  TruncateFromLastDirectorySeparator(ipcClientCertsDirString);
+  TruncateFromLastDirectorySeparator(ipcClientCertsDirString);
+#endif
+  if (!LoadIPCClientCertsModule(ipcClientCertsDirString)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to load ipcclientcerts from '%s'",
+             ipcClientCertsDirString.get()));
+    return false;
+  }
+  return true;
+}
+
+// This function can be called from chrome or content or socket processes
+// to ensure that NSS is initialized.
+bool EnsureNSSInitializedChromeOrContent() {
+  static Atomic<bool> initialized(false);
+
+  if (initialized) {
+    return true;
+  }
+
+  // If this is not the main thread (i.e. probably a worker) then forward this
+  // call to the main thread.
+  if (!NS_IsMainThread()) {
+    nsCOMPtr<nsIThread> mainThread;
+    nsresult rv = NS_GetMainThread(getter_AddRefs(mainThread));
+    if (NS_FAILED(rv)) {
+      return false;
+    }
+
+    // Forward to the main thread synchronously.
+    mozilla::SyncRunnable::DispatchToThread(
+        mainThread,
+        NS_NewRunnableFunction("EnsureNSSInitializedChromeOrContent", []() {
+          EnsureNSSInitializedChromeOrContent();
+        }));
+
+    return initialized;
+  }
+
+  if (XRE_IsParentProcess()) {
+    nsCOMPtr<nsISupports> nss = do_GetService(PSM_COMPONENT_CONTRACTID);
+    if (!nss) {
+      return false;
+    }
+    initialized = true;
+    return true;
+  }
+
+  if (NSS_IsInitialized()) {
+    initialized = true;
+    return true;
+  }
+
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return false;
+  }
+
+  if (XRE_IsSocketProcess()) {
+    if (NS_FAILED(CommonInit())) {
+      return false;
+    }
+    // If ipcclientcerts fails to load, client certificate authentication won't
+    // work (if networking is done on the socket process). This is preferable
+    // to stopping the program entirely, so treat this as best-effort.
+    Unused << NS_WARN_IF(!LoadIPCClientCerts());
+    initialized = true;
+    return true;
+  }
+
+  if (NS_FAILED(mozilla::psm::InitializeCipherSuite())) {
+    return false;
+  }
+
+  mozilla::psm::DisableMD5();
+  mozilla::pkix::RegisterErrorTable();
+  initialized = true;
+  return true;
+}
+
+static const uint32_t OCSP_TIMEOUT_MILLISECONDS_SOFT_MAX = 5000;
+static const uint32_t OCSP_TIMEOUT_MILLISECONDS_HARD_MAX = 20000;
+
+void nsNSSComponent::GetRevocationBehaviorFromPrefs(
+    /*out*/ CertVerifier::OcspDownloadConfig* odc,
+    /*out*/ CertVerifier::OcspStrictConfig* osc,
+    /*out*/ uint32_t* certShortLifetimeInDays,
+    /*out*/ TimeDuration& softTimeout,
+    /*out*/ TimeDuration& hardTimeout) {
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(odc);
+  MOZ_ASSERT(osc);
+  MOZ_ASSERT(certShortLifetimeInDays);
+
+  // 0 = disabled
+  // 1 = enabled for everything (default)
+  // 2 = enabled for EV certificates only
+  uint32_t ocspLevel = StaticPrefs::security_OCSP_enabled();
+  switch (ocspLevel) {
+    case 0:
+      *odc = CertVerifier::ocspOff;
+      break;
+    case 2:
+      *odc = CertVerifier::ocspEVOnly;
+      break;
+    default:
+      *odc = CertVerifier::ocspOn;
+      break;
+  }
+
+  *osc = StaticPrefs::security_OCSP_require() ? CertVerifier::ocspStrict
+                                              : CertVerifier::ocspRelaxed;
+
+  *certShortLifetimeInDays =
+      StaticPrefs::security_pki_cert_short_lifetime_in_days();
+
+  uint32_t softTimeoutMillis =
+      StaticPrefs::security_OCSP_timeoutMilliseconds_soft();
+  softTimeoutMillis =
+      std::min(softTimeoutMillis, OCSP_TIMEOUT_MILLISECONDS_SOFT_MAX);
+  softTimeout = TimeDuration::FromMilliseconds(softTimeoutMillis);
+
+  uint32_t hardTimeoutMillis =
+      StaticPrefs::security_OCSP_timeoutMilliseconds_hard();
+  hardTimeoutMillis =
+      std::min(hardTimeoutMillis, OCSP_TIMEOUT_MILLISECONDS_HARD_MAX);
+  hardTimeout = TimeDuration::FromMilliseconds(hardTimeoutMillis);
+}
+
+nsNSSComponent::nsNSSComponent()
+    : mLoadableCertsLoadedMonitor("nsNSSComponent.mLoadableCertsLoadedMonitor"),
+      mLoadableCertsLoaded(false),
+      mLoadableCertsLoadedResult(NS_ERROR_FAILURE),
+      mMutex("nsNSSComponent.mMutex"),
+      mMitmDetecionEnabled(false) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ctor\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  MOZ_ASSERT(mInstanceCount == 0,
+             "nsNSSComponent is a singleton, but instantiated multiple times!");
+  ++mInstanceCount;
+}
+
+nsNSSComponent::~nsNSSComponent() {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  // All cleanup code requiring services needs to happen in xpcom_shutdown
+
+  PrepareForShutdown();
+  SharedSSLState::GlobalCleanup();
+  --mInstanceCount;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor finished\n"));
+}
+
+#ifdef XP_WIN
+static bool GetUserSid(nsAString& sidString) {
+  // UNLEN is the maximum user name length (see Lmcons.h). +1 for the null
+  // terminator.
+  WCHAR lpAccountName[UNLEN + 1];
+  DWORD lcAccountName = sizeof(lpAccountName) / sizeof(lpAccountName[0]);
+  BOOL success = GetUserName(lpAccountName, &lcAccountName);
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetUserName failed"));
+    return false;
+  }
+  char sid_buffer[SECURITY_MAX_SID_SIZE];
+  SID* sid = BitwiseCast<SID*, char*>(sid_buffer);
+  DWORD cbSid = ArrayLength(sid_buffer);
+  SID_NAME_USE eUse;
+  // There doesn't appear to be a defined maximum length for the domain name
+  // here. To deal with this, we start with a reasonable buffer length and
+  // see if that works. If it fails and the error indicates insufficient length,
+  // we use the indicated required length and try again.
+  DWORD cchReferencedDomainName = 128;
+  auto ReferencedDomainName(MakeUnique<WCHAR[]>(cchReferencedDomainName));
+  success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid,
+                              ReferencedDomainName.get(),
+                              &cchReferencedDomainName, &eUse);
+  if (!success && GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed"));
+    return false;
+  }
+  if (!success) {
+    ReferencedDomainName = MakeUnique<WCHAR[]>(cchReferencedDomainName);
+    success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid,
+                                ReferencedDomainName.get(),
+                                &cchReferencedDomainName, &eUse);
+  }
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed"));
+    return false;
+  }
+  LPTSTR StringSid;
+  success = ConvertSidToStringSid(sid, &StringSid);
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ConvertSidToStringSid failed"));
+    return false;
+  }
+  sidString.Assign(StringSid);
+  LocalFree(StringSid);
+  return true;
+}
+
+// This is a specialized helper function to read the value of a registry key
+// that might not be present. If it is present, returns (via the output
+// parameter) its value. Otherwise, returns the given default value.
+// This function handles one level of nesting. That is, if the desired value
+// is actually in a direct child of the given registry key (where the child
+// and/or the value being sought may not actually be present), this function
+// will handle that. In the normal case, though, optionalChildName will be
+// null.
+static nsresult ReadRegKeyValueWithDefault(nsCOMPtr<nsIWindowsRegKey> regKey,
+                                           uint32_t flags,
+                                           const wchar_t* optionalChildName,
+                                           const wchar_t* valueName,
+                                           uint32_t defaultValue,
+                                           uint32_t& valueOut) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ReadRegKeyValueWithDefault"));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("attempting to read '%S%s%S' with default '%u'",
+           optionalChildName ? optionalChildName : L"",
+           optionalChildName ? "\\" : "", valueName, defaultValue));
+  if (optionalChildName) {
+    nsDependentString childNameString(optionalChildName);
+    bool hasChild;
+    nsresult rv = regKey->HasChild(childNameString, &hasChild);
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to determine if child key is present"));
+      return rv;
+    }
+    if (!hasChild) {
+      valueOut = defaultValue;
+      return NS_OK;
+    }
+    nsCOMPtr<nsIWindowsRegKey> childRegKey;
+    rv = regKey->OpenChild(childNameString, flags, getter_AddRefs(childRegKey));
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open child key"));
+      return rv;
+    }
+    return ReadRegKeyValueWithDefault(childRegKey, flags, nullptr, valueName,
+                                      defaultValue, valueOut);
+  }
+  nsDependentString valueNameString(valueName);
+  bool hasValue;
+  nsresult rv = regKey->HasValue(valueNameString, &hasValue);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to determine if value is present"));
+    return rv;
+  }
+  if (!hasValue) {
+    valueOut = defaultValue;
+    return NS_OK;
+  }
+  rv = regKey->ReadIntValue(valueNameString, &valueOut);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to read value"));
+    return rv;
+  }
+  return NS_OK;
+}
+
+static nsresult AccountHasFamilySafetyEnabled(bool& enabled) {
+  enabled = false;
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("AccountHasFamilySafetyEnabled?"));
+  nsCOMPtr<nsIWindowsRegKey> parentalControlsKey(
+      do_CreateInstance("@mozilla.org/windows-registry-key;1"));
+  if (!parentalControlsKey) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't create nsIWindowsRegKey"));
+    return NS_ERROR_FAILURE;
+  }
+  uint32_t flags = nsIWindowsRegKey::ACCESS_READ | nsIWindowsRegKey::WOW64_64;
+  constexpr auto familySafetyPath =
+      u"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls"_ns;
+  nsresult rv = parentalControlsKey->Open(
+      nsIWindowsRegKey::ROOT_KEY_LOCAL_MACHINE, familySafetyPath, flags);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open parentalControlsKey"));
+    return rv;
+  }
+  constexpr auto usersString = u"Users"_ns;
+  bool hasUsers;
+  rv = parentalControlsKey->HasChild(usersString, &hasUsers);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(Users) failed"));
+    return rv;
+  }
+  if (!hasUsers) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("Users subkey not present - Parental Controls not enabled"));
+    return NS_OK;
+  }
+  nsCOMPtr<nsIWindowsRegKey> usersKey;
+  rv = parentalControlsKey->OpenChild(usersString, flags,
+                                      getter_AddRefs(usersKey));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to open Users subkey"));
+    return rv;
+  }
+  nsAutoString sid;
+  if (!GetUserSid(sid)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't get sid"));
+    return NS_ERROR_FAILURE;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("our sid is '%S'", static_cast<const wchar_t*>(sid.get())));
+  bool hasSid;
+  rv = usersKey->HasChild(sid, &hasSid);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(sid) failed"));
+    return rv;
+  }
+  if (!hasSid) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("sid not present in Family Safety Users"));
+    return NS_OK;
+  }
+  nsCOMPtr<nsIWindowsRegKey> sidKey;
+  rv = usersKey->OpenChild(sid, flags, getter_AddRefs(sidKey));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open sid key"));
+    return rv;
+  }
+  // There are three keys we're interested in: "Parental Controls On",
+  // "Logging Required", and "Web\\Filter On". These keys will have value 0
+  // or 1, indicating a particular feature is disabled or enabled,
+  // respectively. So, if "Parental Controls On" is not 1, Family Safety is
+  // disabled and we don't care about anything else. If both "Logging
+  // Required" and "Web\\Filter On" are 0, the proxy will not be running,
+  // so for our purposes we can consider Family Safety disabled in that
+  // case.
+  // By default, "Logging Required" is 1 and "Web\\Filter On" is 0,
+  // reflecting the initial settings when Family Safety is enabled for an
+  // account for the first time, However, these sub-keys are not created
+  // unless they are switched away from the default value.
+  uint32_t parentalControlsOn;
+  rv = sidKey->ReadIntValue(u"Parental Controls On"_ns, &parentalControlsOn);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't read Parental Controls On"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Parental Controls On: %u", parentalControlsOn));
+  if (parentalControlsOn != 1) {
+    return NS_OK;
+  }
+  uint32_t loggingRequired;
+  rv = ReadRegKeyValueWithDefault(sidKey, flags, nullptr, L"Logging Required",
+                                  1, loggingRequired);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to read value of Logging Required"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Logging Required: %u", loggingRequired));
+  uint32_t webFilterOn;
+  rv = ReadRegKeyValueWithDefault(sidKey, flags, L"Web", L"Filter On", 0,
+                                  webFilterOn);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to read value of Web\\Filter On"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Web\\Filter On: %u", webFilterOn));
+  enabled = loggingRequired == 1 || webFilterOn == 1;
+  return NS_OK;
+}
+#endif  // XP_WIN
+
+bool nsNSSComponent::ShouldEnableEnterpriseRootsForFamilySafety(
+    uint32_t familySafetyMode) {
+#ifdef XP_WIN
+  if (!(IsWin8Point1OrLater() && !IsWin10OrLater())) {
+    return false;
+  }
+  if (familySafetyMode != 2) {
+    return false;
+  }
+  bool familySafetyEnabled;
+  nsresult rv = AccountHasFamilySafetyEnabled(familySafetyEnabled);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+  return familySafetyEnabled;
+#else
+  return false;
+#endif  // XP_WIN
+}
+
+void nsNSSComponent::UnloadEnterpriseRoots() {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("UnloadEnterpriseRoots"));
+  MutexAutoLock lock(mMutex);
+  mEnterpriseCerts.clear();
+  setValidationOptions(false, lock);
+  ClearSSLExternalAndInternalSessionCache();
+}
+
+class BackgroundImportEnterpriseCertsTask final : public CryptoTask {
+ public:
+  explicit BackgroundImportEnterpriseCertsTask(nsNSSComponent* nssComponent)
+      : mNSSComponent(nssComponent) {}
+
+ private:
+  virtual nsresult CalculateResult() override {
+    mNSSComponent->ImportEnterpriseRoots();
+    mNSSComponent->UpdateCertVerifierWithEnterpriseRoots();
+    return NS_OK;
+  }
+
+  virtual void CallCallback(nsresult rv) override {
+    nsCOMPtr<nsIObserverService> observerService =
+        mozilla::services::GetObserverService();
+    if (observerService) {
+      observerService->NotifyObservers(nullptr, "psm:enterprise-certs-imported",
+                                       nullptr);
+    }
+  }
+
+  RefPtr<nsNSSComponent> mNSSComponent;
+};
+
+void nsNSSComponent::MaybeImportEnterpriseRoots() {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  bool importEnterpriseRoots = StaticPrefs::security_enterprise_roots_enabled();
+  uint32_t familySafetyMode = StaticPrefs::security_family_safety_mode();
+  // If we've been configured to detect the Family Safety TLS interception
+  // feature, see if it's enabled. If so, we want to import enterprise roots.
+  if (ShouldEnableEnterpriseRootsForFamilySafety(familySafetyMode)) {
+    importEnterpriseRoots = true;
+  }
+  if (importEnterpriseRoots) {
+    RefPtr<BackgroundImportEnterpriseCertsTask> task =
+        new BackgroundImportEnterpriseCertsTask(this);
+    Unused << task->Dispatch();
+  }
+}
+
+void nsNSSComponent::ImportEnterpriseRoots() {
+  MOZ_ASSERT(!NS_IsMainThread());
+  if (NS_IsMainThread()) {
+    return;
+  }
+
+  Vector<EnterpriseCert> enterpriseCerts;
+  nsresult rv = GatherEnterpriseCerts(enterpriseCerts);
+  if (NS_SUCCEEDED(rv)) {
+    MutexAutoLock lock(mMutex);
+    mEnterpriseCerts = std::move(enterpriseCerts);
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed gathering enterprise roots"));
+  }
+}
+
+nsresult nsNSSComponent::CommonGetEnterpriseCerts(
+    nsTArray<nsTArray<uint8_t>>& enterpriseCerts, bool getRoots) {
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  MutexAutoLock nsNSSComponentLock(mMutex);
+  enterpriseCerts.Clear();
+  for (const auto& cert : mEnterpriseCerts) {
+    nsTArray<uint8_t> certCopy;
+    // mEnterpriseCerts includes both roots and intermediates.
+    if (cert.GetIsRoot() == getRoots) {
+      nsresult rv = cert.CopyBytes(certCopy);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      // XXX(Bug 1631371) Check if this should use a fallible operation as it
+      // pretended earlier.
+      enterpriseCerts.AppendElement(std::move(certCopy));
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetEnterpriseRoots(
+    nsTArray<nsTArray<uint8_t>>& enterpriseRoots) {
+  return CommonGetEnterpriseCerts(enterpriseRoots, true);
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetEnterpriseIntermediates(
+    nsTArray<nsTArray<uint8_t>>& enterpriseIntermediates) {
+  return CommonGetEnterpriseCerts(enterpriseIntermediates, false);
+}
+
+NS_IMETHODIMP
+nsNSSComponent::AddEnterpriseIntermediate(
+    const nsTArray<uint8_t>& intermediateBytes) {
+  nsresult rv = BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  EnterpriseCert intermediate;
+  rv = intermediate.Init(intermediateBytes.Elements(),
+                         intermediateBytes.Length(), false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  {
+    MutexAutoLock nsNSSComponentLock(mMutex);
+    if (!mEnterpriseCerts.append(std::move(intermediate))) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  }
+
+  UpdateCertVerifierWithEnterpriseRoots();
+  return NS_OK;
+}
+
+class LoadLoadableCertsTask final : public Runnable {
+ public:
+  LoadLoadableCertsTask(nsNSSComponent* nssComponent,
+                        bool importEnterpriseRoots, uint32_t familySafetyMode,
+                        Vector<nsCString>&& possibleLoadableRootsLocations,
+                        Maybe<nsCString>&& osClientCertsModuleLocation)
+      : Runnable("LoadLoadableCertsTask"),
+        mNSSComponent(nssComponent),
+        mImportEnterpriseRoots(importEnterpriseRoots),
+        mFamilySafetyMode(familySafetyMode),
+        mPossibleLoadableRootsLocations(
+            std::move(possibleLoadableRootsLocations)),
+        mOSClientCertsModuleLocation(std::move(osClientCertsModuleLocation)) {
+    MOZ_ASSERT(nssComponent);
+  }
+
+  ~LoadLoadableCertsTask() = default;
+
+  nsresult Dispatch();
+
+ private:
+  NS_IMETHOD Run() override;
+  nsresult LoadLoadableRoots();
+  RefPtr<nsNSSComponent> mNSSComponent;
+  bool mImportEnterpriseRoots;
+  uint32_t mFamilySafetyMode;
+  Vector<nsCString> mPossibleLoadableRootsLocations;  // encoded in UTF-8
+  Maybe<nsCString> mOSClientCertsModuleLocation;      // encoded in UTF-8
+};
+
+nsresult LoadLoadableCertsTask::Dispatch() {
+  // The stream transport service (note: not the socket transport service) can
+  // be used to perform background tasks or I/O that would otherwise block the
+  // main thread.
+  nsCOMPtr<nsIEventTarget> target(
+      do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID));
+  if (!target) {
+    return NS_ERROR_FAILURE;
+  }
+  return target->Dispatch(this, NS_DISPATCH_NORMAL);
+}
+
+NS_IMETHODIMP
+LoadLoadableCertsTask::Run() {
+  Telemetry::AutoScalarTimer<Telemetry::ScalarID::NETWORKING_LOADING_CERTS_TASK>
+      timer;
+
+  nsresult loadLoadableRootsResult = LoadLoadableRoots();
+  if (NS_WARN_IF(NS_FAILED(loadLoadableRootsResult))) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("LoadLoadableRoots failed"));
+    // We don't return loadLoadableRootsResult here because then
+    // BlockUntilLoadableCertsLoaded will just wait forever. Instead we'll save
+    // its value (below) so we can inform code that relies on the roots module
+    // being present that loading it failed.
+  }
+
+  // Loading EV information will only succeed if we've successfully loaded the
+  // loadable roots module.
+  if (NS_SUCCEEDED(loadLoadableRootsResult)) {
+    if (NS_FAILED(LoadExtendedValidationInfo())) {
+      // This isn't a show-stopper in the same way that failing to load the
+      // roots module is.
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to load EV info"));
+    }
+  }
+
+  // If we've been configured to detect the Family Safety TLS interception
+  // feature, see if it's enabled. If so, we want to import enterprise roots.
+  if (mNSSComponent->ShouldEnableEnterpriseRootsForFamilySafety(
+          mFamilySafetyMode)) {
+    mImportEnterpriseRoots = true;
+  }
+  if (mImportEnterpriseRoots) {
+    mNSSComponent->ImportEnterpriseRoots();
+    mNSSComponent->UpdateCertVerifierWithEnterpriseRoots();
+  }
+  if (mOSClientCertsModuleLocation.isSome()) {
+    bool success = LoadOSClientCertsModule(*mOSClientCertsModuleLocation);
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("loading OS client certs module %s",
+             success ? "succeeded" : "failed"));
+  }
+  {
+    MonitorAutoLock rootsLoadedLock(mNSSComponent->mLoadableCertsLoadedMonitor);
+    mNSSComponent->mLoadableCertsLoaded = true;
+    // Cache the result of LoadLoadableRoots so BlockUntilLoadableCertsLoaded
+    // can return it to all callers later (we use that particular result because
+    // if that operation fails, it's unlikely that any TLS connection will
+    // succeed whereas the browser may still be able to operate if the other
+    // tasks fail).
+    mNSSComponent->mLoadableCertsLoadedResult = loadLoadableRootsResult;
+    mNSSComponent->mLoadableCertsLoadedMonitor.NotifyAll();
+  }
+  return NS_OK;
+}
+
+// Returns by reference the path to the desired directory, based on the current
+// settings in the directory service.
+// |result| is encoded in UTF-8.
+static nsresult GetDirectoryPath(const char* directoryKey, nsCString& result) {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  nsCOMPtr<nsIProperties> directoryService(
+      do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID));
+  if (!directoryService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not get directory service"));
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIFile> directory;
+  nsresult rv = directoryService->Get(directoryKey, NS_GET_IID(nsIFile),
+                                      getter_AddRefs(directory));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("could not get '%s' from directory service", directoryKey));
+    return rv;
+  }
+  return FileToCString(directory, result);
+}
+
+class BackgroundLoadOSClientCertsModuleTask final : public CryptoTask {
+ public:
+  explicit BackgroundLoadOSClientCertsModuleTask(const nsCString&& libraryDir)
+      : mLibraryDir(std::move(libraryDir)) {}
+
+ private:
+  virtual nsresult CalculateResult() override {
+    bool success = LoadOSClientCertsModule(mLibraryDir);
+    return success ? NS_OK : NS_ERROR_FAILURE;
+  }
+
+  virtual void CallCallback(nsresult rv) override {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("loading OS client certs module %s",
+             NS_SUCCEEDED(rv) ? "succeeded" : "failed"));
+    nsCOMPtr<nsIObserverService> observerService =
+        mozilla::services::GetObserverService();
+    if (observerService) {
+      observerService->NotifyObservers(
+          nullptr, "psm:load-os-client-certs-module-task-ran", nullptr);
+    }
+  }
+
+  nsCString mLibraryDir;
+};
+
+void AsyncLoadOrUnloadOSClientCertsModule(bool load) {
+  if (load) {
+    nsCString libraryDir;
+    nsresult rv = GetDirectoryPath(NS_GRE_BIN_DIR, libraryDir);
+    if (NS_FAILED(rv)) {
+      return;
+    }
+    RefPtr<BackgroundLoadOSClientCertsModuleTask> task =
+        new BackgroundLoadOSClientCertsModuleTask(std::move(libraryDir));
+    Unused << task->Dispatch();
+  } else {
+    UniqueSECMODModule osClientCertsModule(
+        SECMOD_FindModule(kOSClientCertsModuleName));
+    if (osClientCertsModule) {
+      SECMOD_UnloadUserModule(osClientCertsModule.get());
+    }
+  }
+}
+
+nsresult nsNSSComponent::BlockUntilLoadableCertsLoaded() {
+  MonitorAutoLock rootsLoadedLock(mLoadableCertsLoadedMonitor);
+  while (!mLoadableCertsLoaded) {
+    rootsLoadedLock.Wait();
+  }
+  MOZ_ASSERT(mLoadableCertsLoaded);
+
+  return mLoadableCertsLoadedResult;
+}
+
+#ifndef MOZ_NO_SMART_CARDS
+static StaticMutex sCheckForSmartCardChangesMutex MOZ_UNANNOTATED;
+static TimeStamp sLastCheckedForSmartCardChanges = TimeStamp::Now();
+#endif
+
+nsresult nsNSSComponent::CheckForSmartCardChanges() {
+#ifndef MOZ_NO_SMART_CARDS
+  {
+    StaticMutexAutoLock lock(sCheckForSmartCardChangesMutex);
+    // Do this at most once every 3 seconds.
+    TimeStamp now = TimeStamp::Now();
+    if (now - sLastCheckedForSmartCardChanges <
+        TimeDuration::FromSeconds(3.0)) {
+      return NS_OK;
+    }
+    sLastCheckedForSmartCardChanges = now;
+  }
+
+  // SECMOD_UpdateSlotList attempts to acquire the list lock as well, so we
+  // have to do this in three steps.
+  Vector<UniqueSECMODModule> modulesWithRemovableSlots;
+  {
+    AutoSECMODListReadLock secmodLock;
+    SECMODModuleList* list = SECMOD_GetDefaultModuleList();
+    while (list) {
+      if (SECMOD_LockedModuleHasRemovableSlots(list->module)) {
+        UniqueSECMODModule module(SECMOD_ReferenceModule(list->module));
+        if (!modulesWithRemovableSlots.append(std::move(module))) {
+          return NS_ERROR_OUT_OF_MEMORY;
+        }
+      }
+      list = list->next;
+    }
+  }
+  for (auto& module : modulesWithRemovableSlots) {
+    // Best-effort.
+    Unused << SECMOD_UpdateSlotList(module.get());
+  }
+  AutoSECMODListReadLock secmodLock;
+  for (auto& module : modulesWithRemovableSlots) {
+    for (int i = 0; i < module->slotCount; i++) {
+      // We actually don't care about the return value here - we just need to
+      // call this to get NSS to update its view of this slot.
+      Unused << PK11_IsPresent(module->slots[i]);
+    }
+  }
+#endif
+
+  return NS_OK;
+}
+
+// Returns by reference the path to the directory containing the file that has
+// been loaded as MOZ_DLL_PREFIX nss3 MOZ_DLL_SUFFIX.
+// |result| is encoded in UTF-8.
+static nsresult GetNSS3Directory(nsCString& result) {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  UniquePRString nss3Path(
+      PR_GetLibraryFilePathname(MOZ_DLL_PREFIX "nss3" MOZ_DLL_SUFFIX,
+                                reinterpret_cast<PRFuncPtr>(NSS_Initialize)));
+  if (!nss3Path) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nss not loaded?"));
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIFile> nss3File(do_CreateInstance(NS_LOCAL_FILE_CONTRACTID));
+  if (!nss3File) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't create a file?"));
+    return NS_ERROR_FAILURE;
+  }
+  nsAutoCString nss3PathAsString(nss3Path.get());
+  nsresult rv = nss3File->InitWithNativePath(nss3PathAsString);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't initialize file with path '%s'", nss3Path.get()));
+    return rv;
+  }
+  nsCOMPtr<nsIFile> nss3Directory;
+  rv = nss3File->GetParent(getter_AddRefs(nss3Directory));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't get parent directory?"));
+    return rv;
+  }
+  return FileToCString(nss3Directory, result);
+}
+
+// The loadable roots library is probably in the same directory we loaded the
+// NSS shared library from, but in some cases it may be elsewhere. This function
+// enumerates and returns the possible locations as nsCStrings.
+// |possibleLoadableRootsLocations| is encoded in UTF-8.
+static nsresult ListPossibleLoadableRootsLocations(
+    Vector<nsCString>& possibleLoadableRootsLocations) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  // First try in the directory where we've already loaded
+  // MOZ_DLL_PREFIX nss3 MOZ_DLL_SUFFIX, since that's likely to be correct.
+  nsAutoCString nss3Dir;
+  nsresult rv = GetNSS3Directory(nss3Dir);
+  if (NS_SUCCEEDED(rv)) {
+    if (!possibleLoadableRootsLocations.append(std::move(nss3Dir))) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  } else {
+    // For some reason this fails on android. In any case, we should try with
+    // the other potential locations we have.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("could not determine where nss was loaded from"));
+  }
+  nsAutoCString currentProcessDir;
+  rv = GetDirectoryPath(NS_XPCOM_CURRENT_PROCESS_DIR, currentProcessDir);
+  if (NS_SUCCEEDED(rv)) {
+    if (!possibleLoadableRootsLocations.append(std::move(currentProcessDir))) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("could not get current process directory"));
+  }
+  nsAutoCString greDir;
+  rv = GetDirectoryPath(NS_GRE_DIR, greDir);
+  if (NS_SUCCEEDED(rv)) {
+    if (!possibleLoadableRootsLocations.append(std::move(greDir))) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not get gre directory"));
+  }
+  // As a last resort, this will cause the library loading code to use the OS'
+  // default library search path.
+  nsAutoCString emptyString;
+  if (!possibleLoadableRootsLocations.append(std::move(emptyString))) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  return NS_OK;
+}
+
+nsresult LoadLoadableCertsTask::LoadLoadableRoots() {
+  for (const auto& possibleLocation : mPossibleLoadableRootsLocations) {
+    if (mozilla::psm::LoadLoadableRoots(possibleLocation)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("loaded CKBI from %s", possibleLocation.get()));
+      return NS_OK;
+    }
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not load loadable roots"));
+  return NS_ERROR_FAILURE;
+}
+
+// Table of pref names and SSL cipher ID
+typedef struct {
+  const char* pref;
+  int32_t id;
+  bool (*prefGetter)();
+} CipherPref;
+
+// Update the switch statement in AccumulateCipherSuite in nsNSSCallbacks.cpp
+// when you add/remove cipher suites here.
+static const CipherPref sCipherPrefs[] = {
+    {"security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
+     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     StaticPrefs::security_ssl3_ecdhe_rsa_aes_128_gcm_sha256},
+    {"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",
+     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     StaticPrefs::security_ssl3_ecdhe_ecdsa_aes_128_gcm_sha256},
+    {"security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256",
+     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+     StaticPrefs::security_ssl3_ecdhe_ecdsa_chacha20_poly1305_sha256},
+    {"security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256",
+     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+     StaticPrefs::security_ssl3_ecdhe_rsa_chacha20_poly1305_sha256},
+    {"security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384",
+     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     StaticPrefs::security_ssl3_ecdhe_ecdsa_aes_256_gcm_sha384},
+    {"security.ssl3.ecdhe_rsa_aes_256_gcm_sha384",
+     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     StaticPrefs::security_ssl3_ecdhe_rsa_aes_256_gcm_sha384},
+    {"security.ssl3.ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     StaticPrefs::security_ssl3_ecdhe_rsa_aes_128_sha},
+    {"security.ssl3.ecdhe_ecdsa_aes_128_sha",
+     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     StaticPrefs::security_ssl3_ecdhe_ecdsa_aes_128_sha},
+    {"security.ssl3.ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     StaticPrefs::security_ssl3_ecdhe_rsa_aes_256_sha},
+    {"security.ssl3.ecdhe_ecdsa_aes_256_sha",
+     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     StaticPrefs::security_ssl3_ecdhe_ecdsa_aes_256_sha},
+    {"security.ssl3.dhe_rsa_aes_128_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+     StaticPrefs::security_ssl3_dhe_rsa_aes_128_sha},
+    {"security.ssl3.dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+     StaticPrefs::security_ssl3_dhe_rsa_aes_256_sha},
+    {"security.tls13.aes_128_gcm_sha256", TLS_AES_128_GCM_SHA256,
+     StaticPrefs::security_tls13_aes_128_gcm_sha256},
+    {"security.tls13.chacha20_poly1305_sha256", TLS_CHACHA20_POLY1305_SHA256,
+     StaticPrefs::security_tls13_chacha20_poly1305_sha256},
+    {"security.tls13.aes_256_gcm_sha384", TLS_AES_256_GCM_SHA384,
+     StaticPrefs::security_tls13_aes_256_gcm_sha384},
+    {"security.ssl3.rsa_aes_128_gcm_sha256", TLS_RSA_WITH_AES_128_GCM_SHA256,
+     StaticPrefs::security_ssl3_rsa_aes_128_gcm_sha256},
+    {"security.ssl3.rsa_aes_256_gcm_sha384", TLS_RSA_WITH_AES_256_GCM_SHA384,
+     StaticPrefs::security_ssl3_rsa_aes_256_gcm_sha384},
+    {"security.ssl3.rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA,
+     StaticPrefs::security_ssl3_rsa_aes_128_sha},
+    {"security.ssl3.rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA,
+     StaticPrefs::security_ssl3_rsa_aes_256_sha},
+};
+
+// These ciphersuites can only be enabled if deprecated versions of TLS are
+// also enabled (via the preference "security.tls.version.enable-deprecated").
+static const CipherPref sDeprecatedTLS1CipherPrefs[] = {
+    {"security.ssl3.deprecated.rsa_des_ede3_sha", TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+     StaticPrefs::security_ssl3_deprecated_rsa_des_ede3_sha},
+};
+
+// This function will convert from pref values like 1, 2, ...
+// to the internal values of SSL_LIBRARY_VERSION_TLS_1_0,
+// SSL_LIBRARY_VERSION_TLS_1_1, ...
+/*static*/
+void nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
+                                         uint32_t minFromPrefs,
+                                         uint32_t maxFromPrefs,
+                                         SSLVersionRange defaults) {
+  rangeOut = defaults;
+  // determine what versions are supported
+  SSLVersionRange supported;
+  if (SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) !=
+      SECSuccess) {
+    return;
+  }
+
+  // Clip the defaults by what NSS actually supports to enable
+  // working with a system NSS with different ranges.
+  rangeOut.min = std::max(rangeOut.min, supported.min);
+  rangeOut.max = std::min(rangeOut.max, supported.max);
+
+  // convert min/maxFromPrefs to the internal representation
+  minFromPrefs += SSL_LIBRARY_VERSION_3_0;
+  maxFromPrefs += SSL_LIBRARY_VERSION_3_0;
+  // if min/maxFromPrefs are invalid, use defaults
+  if (minFromPrefs > maxFromPrefs || minFromPrefs < supported.min ||
+      maxFromPrefs > supported.max ||
+      minFromPrefs < SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+
+  // fill out rangeOut
+  rangeOut.min = (uint16_t)minFromPrefs;
+  rangeOut.max = (uint16_t)maxFromPrefs;
+}
+
+static void ConfigureTLSSessionIdentifiers() {
+  bool disableSessionIdentifiers =
+      StaticPrefs::security_ssl_disable_session_identifiers();
+  SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, !disableSessionIdentifiers);
+  SSL_OptionSetDefault(SSL_NO_CACHE, disableSessionIdentifiers);
+}
+
+nsresult CommonInit() {
+  SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
+  SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
+
+  nsresult rv = nsNSSComponent::SetEnabledTLSVersions();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  ConfigureTLSSessionIdentifiers();
+
+  SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION,
+                       StaticPrefs::security_ssl_require_safe_negotiation());
+  SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN);
+  SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true);
+  SSL_OptionSetDefault(SSL_ENABLE_HELLO_DOWNGRADE_CHECK,
+                       StaticPrefs::security_tls_hello_downgrade_check());
+  SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
+                       StaticPrefs::security_ssl_enable_false_start());
+  // SSL_ENABLE_ALPN also requires calling SSL_SetNextProtoNego in order for
+  // the extensions to be negotiated.
+  // WebRTC does not do that so it will not use ALPN even when this preference
+  // is true.
+  SSL_OptionSetDefault(SSL_ENABLE_ALPN,
+                       StaticPrefs::security_ssl_enable_alpn());
+  SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
+                       StaticPrefs::security_tls_enable_0rtt_data());
+  SSL_OptionSetDefault(SSL_ENABLE_POST_HANDSHAKE_AUTH,
+                       StaticPrefs::security_tls_enable_post_handshake_auth());
+  SSL_OptionSetDefault(
+      SSL_ENABLE_DELEGATED_CREDENTIALS,
+      StaticPrefs::security_tls_enable_delegated_credentials());
+
+  rv = InitializeCipherSuite();
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("Unable to initialize cipher suite settings\n"));
+    return rv;
+  }
+
+  DisableMD5();
+
+  mozilla::pkix::RegisterErrorTable();
+  SharedSSLState::GlobalInit();
+  SetValidationOptionsCommon();
+
+  return NS_OK;
+}
+
+void PrepareForShutdownInSocketProcess() {
+  MOZ_ASSERT(XRE_IsSocketProcess());
+  SharedSSLState::GlobalCleanup();
+}
+
+bool HandleTLSPrefChange(const nsCString& prefName) {
+  // Note that the code in this function should be kept in sync with
+  // gCallbackSecurityPrefs in nsIOService.cpp.
+  bool prefFound = true;
+  if (prefName.EqualsLiteral("security.tls.version.min") ||
+      prefName.EqualsLiteral("security.tls.version.max") ||
+      prefName.EqualsLiteral("security.tls.version.enable-deprecated")) {
+    Unused << nsNSSComponent::SetEnabledTLSVersions();
+  } else if (prefName.EqualsLiteral("security.tls.hello_downgrade_check")) {
+    SSL_OptionSetDefault(SSL_ENABLE_HELLO_DOWNGRADE_CHECK,
+                         StaticPrefs::security_tls_hello_downgrade_check());
+  } else if (prefName.EqualsLiteral("security.ssl.require_safe_negotiation")) {
+    SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION,
+                         StaticPrefs::security_ssl_require_safe_negotiation());
+  } else if (prefName.EqualsLiteral("security.ssl.enable_false_start")) {
+    SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
+                         StaticPrefs::security_ssl_enable_false_start());
+  } else if (prefName.EqualsLiteral("security.ssl.enable_alpn")) {
+    SSL_OptionSetDefault(SSL_ENABLE_ALPN,
+                         StaticPrefs::security_ssl_enable_alpn());
+  } else if (prefName.EqualsLiteral("security.tls.enable_0rtt_data")) {
+    SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
+                         StaticPrefs::security_tls_enable_0rtt_data());
+  } else if (prefName.EqualsLiteral(
+                 "security.tls.enable_post_handshake_auth")) {
+    SSL_OptionSetDefault(
+        SSL_ENABLE_POST_HANDSHAKE_AUTH,
+        StaticPrefs::security_tls_enable_post_handshake_auth());
+  } else if (prefName.EqualsLiteral(
+                 "security.tls.enable_delegated_credentials")) {
+    SSL_OptionSetDefault(
+        SSL_ENABLE_DELEGATED_CREDENTIALS,
+        StaticPrefs::security_tls_enable_delegated_credentials());
+  } else if (prefName.EqualsLiteral(
+                 "security.ssl.disable_session_identifiers")) {
+    ConfigureTLSSessionIdentifiers();
+  } else {
+    prefFound = false;
+  }
+  return prefFound;
+}
+
+void SetValidationOptionsCommon() {
+  // Note that the code in this function should be kept in sync with
+  // gCallbackSecurityPrefs in nsIOService.cpp.
+  bool ocspStaplingEnabled = StaticPrefs::security_ssl_enable_ocsp_stapling();
+  PublicSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
+  PrivateSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
+
+  bool ocspMustStapleEnabled =
+      StaticPrefs::security_ssl_enable_ocsp_must_staple();
+  PublicSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);
+  PrivateSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);
+
+  const CertVerifier::CertificateTransparencyMode defaultCTMode =
+      CertVerifier::CertificateTransparencyMode::TelemetryOnly;
+  CertVerifier::CertificateTransparencyMode ctMode =
+      static_cast<CertVerifier::CertificateTransparencyMode>(
+          StaticPrefs::security_pki_certificate_transparency_mode());
+  switch (ctMode) {
+    case CertVerifier::CertificateTransparencyMode::Disabled:
+    case CertVerifier::CertificateTransparencyMode::TelemetryOnly:
+      break;
+    default:
+      ctMode = defaultCTMode;
+      break;
+  }
+  bool sctsEnabled =
+      ctMode != CertVerifier::CertificateTransparencyMode::Disabled;
+  PublicSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
+  PrivateSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
+}
+
+namespace {
+
+class CipherSuiteChangeObserver : public nsIObserver {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  static nsresult StartObserve();
+
+ protected:
+  virtual ~CipherSuiteChangeObserver() = default;
+
+ private:
+  static StaticRefPtr<CipherSuiteChangeObserver> sObserver;
+  CipherSuiteChangeObserver() = default;
+};
+
+NS_IMPL_ISUPPORTS(CipherSuiteChangeObserver, nsIObserver)
+
+// static
+StaticRefPtr<CipherSuiteChangeObserver> CipherSuiteChangeObserver::sObserver;
+
+// static
+nsresult CipherSuiteChangeObserver::StartObserve() {
+  MOZ_ASSERT(NS_IsMainThread(),
+             "CipherSuiteChangeObserver::StartObserve() can only be accessed "
+             "on the main thread");
+  if (!sObserver) {
+    RefPtr<CipherSuiteChangeObserver> observer =
+        new CipherSuiteChangeObserver();
+    nsresult rv = Preferences::AddStrongObserver(observer.get(), "security.");
+    if (NS_FAILED(rv)) {
+      sObserver = nullptr;
+      return rv;
+    }
+
+    nsCOMPtr<nsIObserverService> observerService =
+        mozilla::services::GetObserverService();
+    observerService->AddObserver(observer, NS_XPCOM_SHUTDOWN_OBSERVER_ID,
+                                 false);
+
+    sObserver = observer;
+  }
+  return NS_OK;
+}
+
+// Enables or disabled ciphersuites from deprecated versions of TLS as
+// appropriate. If security.tls.version.enable-deprecated is true, these
+// ciphersuites may be enabled, if the corresponding preference is true.
+// Otherwise, these ciphersuites will be disabled.
+void SetDeprecatedTLS1CipherPrefs() {
+  if (StaticPrefs::security_tls_version_enable_deprecated()) {
+    for (const auto& deprecatedTLS1CipherPref : sDeprecatedTLS1CipherPrefs) {
+      SSL_CipherPrefSetDefault(deprecatedTLS1CipherPref.id,
+                               deprecatedTLS1CipherPref.prefGetter());
+    }
+  } else {
+    for (const auto& deprecatedTLS1CipherPref : sDeprecatedTLS1CipherPrefs) {
+      SSL_CipherPrefSetDefault(deprecatedTLS1CipherPref.id, false);
+    }
+  }
+}
+
+nsresult CipherSuiteChangeObserver::Observe(nsISupports* /*aSubject*/,
+                                            const char* aTopic,
+                                            const char16_t* someData) {
+  MOZ_ASSERT(NS_IsMainThread(),
+             "CipherSuiteChangeObserver::Observe can only be accessed on main "
+             "thread");
+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    NS_ConvertUTF16toUTF8 prefName(someData);
+    // Look through the cipher table and set according to pref setting
+    for (const auto& cipherPref : sCipherPrefs) {
+      if (prefName.Equals(cipherPref.pref)) {
+        SSL_CipherPrefSetDefault(cipherPref.id, cipherPref.prefGetter());
+        break;
+      }
+    }
+    SetDeprecatedTLS1CipherPrefs();
+    nsNSSComponent::DoClearSSLExternalAndInternalSessionCache();
+  } else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
+    Preferences::RemoveObserver(this, "security.");
+    MOZ_ASSERT(sObserver.get() == this);
+    sObserver = nullptr;
+    nsCOMPtr<nsIObserverService> observerService =
+        mozilla::services::GetObserverService();
+    observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID);
+  }
+  return NS_OK;
+}
+
+}  // namespace
+
+void nsNSSComponent::setValidationOptions(
+    bool isInitialSetting, const mozilla::MutexAutoLock& proofOfLock) {
+  // We access prefs so this must be done on the main thread.
+  mMutex.AssertCurrentThreadOwns();
+  MOZ_ASSERT(NS_IsMainThread());
+  if (NS_WARN_IF(!NS_IsMainThread())) {
+    return;
+  }
+
+  SetValidationOptionsCommon();
+
+  const CertVerifier::CertificateTransparencyMode defaultCTMode =
+      CertVerifier::CertificateTransparencyMode::TelemetryOnly;
+  CertVerifier::CertificateTransparencyMode ctMode =
+      static_cast<CertVerifier::CertificateTransparencyMode>(
+          StaticPrefs::security_pki_certificate_transparency_mode());
+  switch (ctMode) {
+    case CertVerifier::CertificateTransparencyMode::Disabled:
+    case CertVerifier::CertificateTransparencyMode::TelemetryOnly:
+      break;
+    default:
+      ctMode = defaultCTMode;
+      break;
+  }
+
+  // This preference controls whether we do OCSP fetching and does not affect
+  // OCSP stapling.
+  // 0 = disabled, 1 = enabled, 2 = only enabled for EV
+  uint32_t ocspEnabled = StaticPrefs::security_OCSP_enabled();
+
+  bool ocspRequired = ocspEnabled > 0 && StaticPrefs::security_OCSP_require();
+
+  // We measure the setting of the pref at startup only to minimize noise by
+  // addons that may muck with the settings, though it probably doesn't matter.
+  if (isInitialSetting) {
+    Telemetry::Accumulate(Telemetry::CERT_OCSP_ENABLED, ocspEnabled);
+    Telemetry::Accumulate(Telemetry::CERT_OCSP_REQUIRED, ocspRequired);
+  }
+
+  NetscapeStepUpPolicy netscapeStepUpPolicy = static_cast<NetscapeStepUpPolicy>(
+      StaticPrefs::security_pki_netscape_step_up_policy());
+  switch (netscapeStepUpPolicy) {
+    case NetscapeStepUpPolicy::AlwaysMatch:
+    case NetscapeStepUpPolicy::MatchBefore23August2016:
+    case NetscapeStepUpPolicy::MatchBefore23August2015:
+    case NetscapeStepUpPolicy::NeverMatch:
+      break;
+    default:
+      netscapeStepUpPolicy = NetscapeStepUpPolicy::AlwaysMatch;
+      break;
+  }
+
+  CRLiteMode defaultCRLiteMode = CRLiteMode::Disabled;
+  CRLiteMode crliteMode =
+      static_cast<CRLiteMode>(StaticPrefs::security_pki_crlite_mode());
+  switch (crliteMode) {
+    case CRLiteMode::Disabled:
+    case CRLiteMode::TelemetryOnly:
+    case CRLiteMode::Enforce:
+    case CRLiteMode::ConfirmRevocations:
+      break;
+    default:
+      crliteMode = defaultCRLiteMode;
+      break;
+  }
+
+  CertVerifier::OcspDownloadConfig odc;
+  CertVerifier::OcspStrictConfig osc;
+  uint32_t certShortLifetimeInDays;
+  TimeDuration softTimeout;
+  TimeDuration hardTimeout;
+
+  GetRevocationBehaviorFromPrefs(&odc, &osc, &certShortLifetimeInDays,
+                                 softTimeout, hardTimeout);
+
+  mDefaultCertVerifier = new SharedCertVerifier(
+      odc, osc, softTimeout, hardTimeout, certShortLifetimeInDays,
+      netscapeStepUpPolicy, ctMode, crliteMode, mEnterpriseCerts);
+}
+
+void nsNSSComponent::UpdateCertVerifierWithEnterpriseRoots() {
+  MutexAutoLock lock(mMutex);
+  MOZ_ASSERT(mDefaultCertVerifier);
+  if (NS_WARN_IF(!mDefaultCertVerifier)) {
+    return;
+  }
+
+  RefPtr<SharedCertVerifier> oldCertVerifier = mDefaultCertVerifier;
+  mDefaultCertVerifier = new SharedCertVerifier(
+      oldCertVerifier->mOCSPDownloadConfig,
+      oldCertVerifier->mOCSPStrict ? CertVerifier::ocspStrict
+                                   : CertVerifier::ocspRelaxed,
+      oldCertVerifier->mOCSPTimeoutSoft, oldCertVerifier->mOCSPTimeoutHard,
+      oldCertVerifier->mCertShortLifetimeInDays,
+      oldCertVerifier->mNetscapeStepUpPolicy, oldCertVerifier->mCTMode,
+      oldCertVerifier->mCRLiteMode, mEnterpriseCerts);
+}
+
+// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
+// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+nsresult nsNSSComponent::SetEnabledTLSVersions() {
+  // Keep these values in sync with all.js.
+  // 1 means TLS 1.0, 2 means TLS 1.1, etc.
+  static const uint32_t PSM_DEFAULT_MIN_TLS_VERSION = 3;
+  static const uint32_t PSM_DEFAULT_MAX_TLS_VERSION = 4;
+  static const uint32_t PSM_DEPRECATED_TLS_VERSION = 1;
+
+  uint32_t minFromPrefs = StaticPrefs::security_tls_version_min();
+  uint32_t maxFromPrefs = StaticPrefs::security_tls_version_max();
+
+  // This override should be removed some time after
+  // PSM_DEFAULT_MIN_TLS_VERSION is increased to 3.
+  bool enableDeprecated = StaticPrefs::security_tls_version_enable_deprecated();
+  if (enableDeprecated) {
+    minFromPrefs = std::min(minFromPrefs, PSM_DEPRECATED_TLS_VERSION);
+  }
+
+  SSLVersionRange defaults = {
+      SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MIN_TLS_VERSION,
+      SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MAX_TLS_VERSION};
+  SSLVersionRange filledInRange;
+  FillTLSVersionRange(filledInRange, minFromPrefs, maxFromPrefs, defaults);
+
+  SECStatus srv =
+      SSL_VersionRangeSetDefault(ssl_variant_stream, &filledInRange);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+#if defined(XP_WIN) || (defined(XP_LINUX) && !defined(ANDROID))
+// If the profile directory is on a networked drive, we want to set the
+// environment variable NSS_SDB_USE_CACHE to yes (as long as it hasn't been set
+// before).
+static void SetNSSDatabaseCacheModeAsAppropriate() {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  nsCOMPtr<nsIFile> profileFile;
+  nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                       getter_AddRefs(profileFile));
+  if (NS_FAILED(rv)) {
+    // We're probably running without a profile directory, so this is
+    // irrelevant.
+    return;
+  }
+
+  static const char sNSS_SDB_USE_CACHE[] = "NSS_SDB_USE_CACHE";
+  static const char sNSS_SDB_USE_CACHE_WITH_VALUE[] = "NSS_SDB_USE_CACHE=yes";
+  auto profilePath = profileFile->NativePath();
+
+#  if defined(XP_LINUX) && !defined(ANDROID)
+  struct statfs statfs_s;
+  if (statfs(profilePath.get(), &statfs_s) == 0 &&
+      statfs_s.f_type == NFS_SUPER_MAGIC && !PR_GetEnv(sNSS_SDB_USE_CACHE)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("profile is remote (and NSS_SDB_USE_CACHE wasn't set): "
+             "setting NSS_SDB_USE_CACHE"));
+    PR_SetEnv(sNSS_SDB_USE_CACHE_WITH_VALUE);
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("not setting NSS_SDB_USE_CACHE"));
+  }
+#  endif  // defined(XP_LINUX) && !defined(ANDROID)
+
+#  ifdef XP_WIN
+  wchar_t volPath[MAX_PATH];
+  if (::GetVolumePathNameW(profilePath.get(), volPath, MAX_PATH) &&
+      ::GetDriveTypeW(volPath) == DRIVE_REMOTE &&
+      !PR_GetEnv(sNSS_SDB_USE_CACHE)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("profile is remote (and NSS_SDB_USE_CACHE wasn't set): "
+             "setting NSS_SDB_USE_CACHE"));
+    PR_SetEnv(sNSS_SDB_USE_CACHE_WITH_VALUE);
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("not setting NSS_SDB_USE_CACHE"));
+  }
+#  endif  // XP_WIN
+}
+#endif  // defined(XP_WIN) || (defined(XP_LINUX) && !defined(ANDROID))
+
+static nsresult GetNSSProfilePath(nsAutoCString& aProfilePath) {
+  aProfilePath.Truncate();
+  nsCOMPtr<nsIFile> profileFile;
+  nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                       getter_AddRefs(profileFile));
+  if (NS_FAILED(rv)) {
+    NS_WARNING(
+        "NSS will be initialized without a profile directory. "
+        "Some things may not work as expected.");
+    return NS_OK;
+  }
+
+#if defined(XP_WIN)
+  // SQLite always takes UTF-8 file paths regardless of the current system
+  // code page.
+  nsCOMPtr<nsILocalFileWin> profileFileWin(do_QueryInterface(profileFile));
+  if (!profileFileWin) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("Could not get nsILocalFileWin for profile directory.\n"));
+    return NS_ERROR_FAILURE;
+  }
+  nsAutoString u16ProfilePath;
+  rv = profileFileWin->GetPath(u16ProfilePath);
+  CopyUTF16toUTF8(u16ProfilePath, aProfilePath);
+#else
+  rv = profileFile->GetNativePath(aProfilePath);
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("Could not get native path for profile directory.\n"));
+    return rv;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("NSS profile at '%s'\n", aProfilePath.get()));
+  return NS_OK;
+}
+
+#ifndef ANDROID
+// Given a profile path, attempt to rename the PKCS#11 module DB to
+// "pkcs11.txt.fips". In the case of a catastrophic failure (e.g. out of
+// memory), returns a failing nsresult. If execution could conceivably proceed,
+// returns NS_OK even if renaming the file didn't work. This simplifies the
+// logic of the calling code.
+// |profilePath| is encoded in UTF-8.
+static nsresult AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath) {
+  nsCOMPtr<nsIFile> profileDir = do_CreateInstance("@mozilla.org/file/local;1");
+  if (!profileDir) {
+    return NS_ERROR_FAILURE;
+  }
+#  ifdef XP_WIN
+  // |profilePath| is encoded in UTF-8 because SQLite always takes UTF-8 file
+  // paths regardless of the current system code page.
+  nsresult rv = profileDir->InitWithPath(NS_ConvertUTF8toUTF16(profilePath));
+#  else
+  nsresult rv = profileDir->InitWithNativePath(profilePath);
+#  endif
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  const char* moduleDBFilename = "pkcs11.txt";
+  nsAutoCString destModuleDBFilename(moduleDBFilename);
+  destModuleDBFilename.Append(".fips");
+  nsCOMPtr<nsIFile> dbFile;
+  rv = profileDir->Clone(getter_AddRefs(dbFile));
+  if (NS_FAILED(rv) || !dbFile) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = dbFile->AppendNative(nsAutoCString(moduleDBFilename));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // If the PKCS#11 module DB doesn't exist, renaming it won't help.
+  bool exists;
+  rv = dbFile->Exists(&exists);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // This is strange, but not a catastrophic failure.
+  if (!exists) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("%s doesn't exist?", moduleDBFilename));
+    return NS_OK;
+  }
+  nsCOMPtr<nsIFile> destDBFile;
+  rv = profileDir->Clone(getter_AddRefs(destDBFile));
+  if (NS_FAILED(rv) || !destDBFile) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = destDBFile->AppendNative(destModuleDBFilename);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // If the destination exists, presumably we've already tried this. Doing it
+  // again won't help.
+  rv = destDBFile->Exists(&exists);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // Unfortunate, but not a catastrophic failure.
+  if (exists) {
+    MOZ_LOG(
+        gPIPNSSLog, LogLevel::Debug,
+        ("%s already exists - not overwriting", destModuleDBFilename.get()));
+    return NS_OK;
+  }
+  // Now do the actual move.
+  // This may fail on, e.g., a read-only file system. This would be unfortunate,
+  // but again it isn't catastropic and we would want to fall back to
+  // initializing NSS in no-DB mode.
+  Unused << dbFile->MoveToNative(profileDir, destModuleDBFilename);
+  return NS_OK;
+}
+#endif  // ifndef ANDROID
+
+// Given a profile directory, attempt to initialize NSS. If nocertdb is true,
+// (or if we don't have a profile directory) simply initialize NSS in no DB mode
+// and return. Otherwise, first attempt to initialize in read/write mode, and
+// then read-only mode if that fails. If both attempts fail, we may be failing
+// to initialize an NSS DB collection that has FIPS mode enabled. Attempt to
+// ascertain if this is the case, and if so, rename the offending PKCS#11 module
+// DB so we can (hopefully) initialize NSS in read-write mode. Again attempt
+// read-only mode if that fails. Finally, fall back to no DB mode. On Android
+// we can skip the FIPS workaround since it was never possible to enable FIPS
+// there anyway.
+// |profilePath| is encoded in UTF-8.
+static nsresult InitializeNSSWithFallbacks(const nsACString& profilePath,
+                                           bool nocertdb, bool safeMode) {
+  if (nocertdb || profilePath.IsEmpty()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nocertdb mode or empty profile path -> NSS_NoDB_Init"));
+    SECStatus srv = NSS_NoDB_Init(nullptr);
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+    if (srv != SECSuccess) {
+      MOZ_CRASH_UNSAFE_PRINTF("InitializeNSSWithFallbacks failed: %d",
+                              PR_GetError());
+    }
+#endif
+    return srv == SECSuccess ? NS_OK : NS_ERROR_FAILURE;
+  }
+
+  // Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules.
+#ifndef ANDROID
+  PRErrorCode savedPRErrorCode1;
+#endif  // ifndef ANDROID
+  PKCS11DBConfig safeModeDBConfig =
+      safeMode ? PKCS11DBConfig::DoNotLoadModules : PKCS11DBConfig::LoadModules;
+  SECStatus srv = ::mozilla::psm::InitializeNSS(
+      profilePath, NSSDBConfig::ReadWrite, safeModeDBConfig);
+  if (srv == SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
+    return NS_OK;
+  }
+#ifndef ANDROID
+  savedPRErrorCode1 = PR_GetError();
+  PRErrorCode savedPRErrorCode2;
+#endif  // ifndef ANDROID
+  // That failed. Try read-only mode.
+  srv = ::mozilla::psm::InitializeNSS(profilePath, NSSDBConfig::ReadOnly,
+                                      safeModeDBConfig);
+  if (srv == SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r-o mode"));
+    return NS_OK;
+  }
+#ifndef ANDROID
+  savedPRErrorCode2 = PR_GetError();
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("failed to initialize NSS with codes %d %d", savedPRErrorCode1,
+           savedPRErrorCode2));
+#endif  // ifndef ANDROID
+
+#ifndef ANDROID
+  // That failed as well. Maybe we're trying to load a PKCS#11 module DB that is
+  // in FIPS mode, but we don't support FIPS? Test load NSS without PKCS#11
+  // modules. If that succeeds, that's probably what's going on.
+  if (!safeMode && (savedPRErrorCode1 == SEC_ERROR_LEGACY_DATABASE ||
+                    savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE ||
+                    savedPRErrorCode1 == SEC_ERROR_PKCS11_DEVICE_ERROR ||
+                    savedPRErrorCode2 == SEC_ERROR_PKCS11_DEVICE_ERROR)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("attempting no-module db init"));
+    // It would make sense to initialize NSS in read-only mode here since this
+    // is just a test to see if the PKCS#11 module DB being in FIPS mode is the
+    // problem, but for some reason the combination of read-only and no-moddb
+    // flags causes NSS initialization to fail, so unfortunately we have to use
+    // read-write mode.
+    srv = ::mozilla::psm::InitializeNSS(profilePath, NSSDBConfig::ReadWrite,
+                                        PKCS11DBConfig::DoNotLoadModules);
+    if (srv == SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("FIPS may be the problem"));
+      // Unload NSS so we can attempt to fix this situation for the user.
+      srv = NSS_Shutdown();
+      if (srv != SECSuccess) {
+#  ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+        MOZ_CRASH_UNSAFE_PRINTF("InitializeNSSWithFallbacks failed: %d",
+                                PR_GetError());
+#  endif
+        return NS_ERROR_FAILURE;
+      }
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("trying to rename module db"));
+      // If this fails non-catastrophically, we'll attempt to initialize NSS
+      // again in r/w then r-o mode (both of which will fail), and then we'll
+      // fall back to NSS_NoDB_Init, which is the behavior we want.
+      nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath);
+      if (NS_FAILED(rv)) {
+#  ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+        // An nsresult is a uint32_t, but at least one of our compilers doesn't
+        // like this format string unless we include the cast. <shruggie emoji>
+        MOZ_CRASH_UNSAFE_PRINTF("InitializeNSSWithFallbacks failed: %u",
+                                (uint32_t)rv);
+#  endif
+        return rv;
+      }
+      srv = ::mozilla::psm::InitializeNSS(profilePath, NSSDBConfig::ReadWrite,
+                                          PKCS11DBConfig::LoadModules);
+      if (srv == SECSuccess) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r/w mode"));
+        return NS_OK;
+      }
+      srv = ::mozilla::psm::InitializeNSS(profilePath, NSSDBConfig::ReadOnly,
+                                          PKCS11DBConfig::LoadModules);
+      if (srv == SECSuccess) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r-o mode"));
+        return NS_OK;
+      }
+    }
+  }
+#endif
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("last-resort NSS_NoDB_Init"));
+  srv = NSS_NoDB_Init(nullptr);
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+  if (srv != SECSuccess) {
+    MOZ_CRASH_UNSAFE_PRINTF("InitializeNSSWithFallbacks failed: %d",
+                            PR_GetError());
+  }
+#endif
+  return srv == SECSuccess ? NS_OK : NS_ERROR_FAILURE;
+}
+
+#if defined(NIGHTLY_BUILD) && !defined(ANDROID)
+// dbType is either "cert9.db" or "key4.db"
+void UnmigrateOneCertDB(const nsCOMPtr<nsIFile>& profileDirectory,
+                        const nsACString& dbType) {
+  nsCOMPtr<nsIFile> dbFile;
+  nsresult rv = profileDirectory->Clone(getter_AddRefs(dbFile));
+  if (NS_FAILED(rv)) {
+    return;
+  }
+  rv = dbFile->AppendNative(dbType);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+  bool exists;
+  rv = dbFile->Exists(&exists);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+  // If the unprefixed DB already exists, don't overwrite it.
+  if (exists) {
+    return;
+  }
+  nsCOMPtr<nsIFile> prefixedDBFile;
+  rv = profileDirectory->Clone(getter_AddRefs(prefixedDBFile));
+  if (NS_FAILED(rv)) {
+    return;
+  }
+  nsAutoCString prefixedDBName("gecko-no-share-");
+  prefixedDBName.Append(dbType);
+  rv = prefixedDBFile->AppendNative(prefixedDBName);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+  Unused << prefixedDBFile->MoveToNative(nullptr, dbType);
+}
+
+void UnmigrateFromPrefixedCertDBs() {
+  nsCOMPtr<nsIFile> profileDirectory;
+  nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                       getter_AddRefs(profileDirectory));
+  if (NS_FAILED(rv)) {
+    return;
+  }
+  UnmigrateOneCertDB(profileDirectory, "cert9.db"_ns);
+  UnmigrateOneCertDB(profileDirectory, "key4.db"_ns);
+}
+#endif  // defined(NIGHTLY_BUILD) && !defined(ANDROID)
+
+nsresult nsNSSComponent::InitializeNSS() {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::InitializeNSS\n"));
+  AUTO_PROFILER_LABEL("nsNSSComponent::InitializeNSS", OTHER);
+  AUTO_PROFILER_TRACING_MARKER("NSS", "nsNSSComponent::InitializeNSS", OTHER);
+
+  static_assert(
+      nsINSSErrorsService::NSS_SEC_ERROR_BASE == SEC_ERROR_BASE &&
+          nsINSSErrorsService::NSS_SEC_ERROR_LIMIT == SEC_ERROR_LIMIT &&
+          nsINSSErrorsService::NSS_SSL_ERROR_BASE == SSL_ERROR_BASE &&
+          nsINSSErrorsService::NSS_SSL_ERROR_LIMIT == SSL_ERROR_LIMIT,
+      "You must update the values in nsINSSErrorsService.idl");
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization beginning\n"));
+
+  nsAutoCString profileStr;
+  nsresult rv = GetNSSProfilePath(profileStr);
+  MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+#if defined(NIGHTLY_BUILD) && !defined(ANDROID)
+  if (!profileStr.IsEmpty()) {
+    UnmigrateFromPrefixedCertDBs();
+  }
+#endif
+
+#if defined(XP_WIN) || (defined(XP_LINUX) && !defined(ANDROID))
+  SetNSSDatabaseCacheModeAsAppropriate();
+#endif
+
+  bool nocertdb = StaticPrefs::security_nocertdb_AtStartup();
+  bool inSafeMode = true;
+  nsCOMPtr<nsIXULRuntime> runtime(do_GetService("@mozilla.org/xre/runtime;1"));
+  // There might not be an nsIXULRuntime in embedded situations. This will
+  // default to assuming we are in safe mode (as a result, no external PKCS11
+  // modules will be loaded).
+  if (runtime) {
+    rv = runtime->GetInSafeMode(&inSafeMode);
+    MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode));
+
+  rv = InitializeNSSWithFallbacks(profileStr, nocertdb, inSafeMode);
+  MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to initialize NSS"));
+    return rv;
+  }
+
+  PK11_SetPasswordFunc(PK11PasswordPrompt);
+
+  // Register an observer so we can inform NSS when these prefs change
+  Preferences::AddStrongObserver(this, "security.");
+
+  rv = CommonInit();
+
+  MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  nsCOMPtr<nsICertOverrideService> certOverrideService(
+      do_GetService(NS_CERTOVERRIDE_CONTRACTID));
+  nsCOMPtr<nsIClientAuthRememberService> clientAuthRememberService(
+      do_GetService(NS_CLIENTAUTHREMEMBERSERVICE_CONTRACTID));
+  nsCOMPtr<nsISiteSecurityService> siteSecurityService(
+      do_GetService(NS_SSSERVICE_CONTRACTID));
+  nsCOMPtr<nsICertStorage> certStorage(do_GetService(NS_CERT_STORAGE_CID));
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n"));
+
+  {
+    MutexAutoLock lock(mMutex);
+
+    // ensure we have initial values for various root hashes
+#ifdef DEBUG
+    mTestBuiltInRootHash.Truncate();
+    Preferences::GetCString("security.test.built_in_root_hash",
+                            mTestBuiltInRootHash);
+#endif
+    mMitmCanaryIssuer.Truncate();
+    Preferences::GetString("security.pki.mitm_canary_issuer",
+                           mMitmCanaryIssuer);
+    mMitmDetecionEnabled =
+        Preferences::GetBool("security.pki.mitm_canary_issuer.enabled", true);
+
+    // Set dynamic options from prefs.
+    setValidationOptions(true, lock);
+
+    bool importEnterpriseRoots =
+        StaticPrefs::security_enterprise_roots_enabled();
+    uint32_t familySafetyMode = StaticPrefs::security_family_safety_mode();
+    Vector<nsCString> possibleLoadableRootsLocations;
+    rv = ListPossibleLoadableRootsLocations(possibleLoadableRootsLocations);
+    MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    bool loadOSClientCertsModule =
+        StaticPrefs::security_osclientcerts_autoload();
+    Maybe<nsCString> maybeOSClientCertsModuleLocation;
+    if (loadOSClientCertsModule) {
+      nsAutoCString libraryDir;
+      if (NS_SUCCEEDED(GetDirectoryPath(NS_GRE_BIN_DIR, libraryDir))) {
+        maybeOSClientCertsModuleLocation.emplace(libraryDir);
+      }
+    }
+    RefPtr<LoadLoadableCertsTask> loadLoadableCertsTask(
+        new LoadLoadableCertsTask(this, importEnterpriseRoots, familySafetyMode,
+                                  std::move(possibleLoadableRootsLocations),
+                                  std::move(maybeOSClientCertsModuleLocation)));
+    rv = loadLoadableCertsTask->Dispatch();
+    MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    return NS_OK;
+  }
+}
+
+void nsNSSComponent::PrepareForShutdown() {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::PrepareForShutdown"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  PK11_SetPasswordFunc((PK11PasswordFunc) nullptr);
+
+  Preferences::RemoveObserver(this, "security.");
+
+  if (mIntermediatePreloadingHealerTimer) {
+    mIntermediatePreloadingHealerTimer->Cancel();
+    mIntermediatePreloadingHealerTimer = nullptr;
+  }
+
+  // Release the default CertVerifier. This will cause any held NSS resources
+  // to be released.
+  MutexAutoLock lock(mMutex);
+  mDefaultCertVerifier = nullptr;
+  // We don't actually shut down NSS - XPCOM does, after all threads have been
+  // joined and the component manager has been shut down (and so there shouldn't
+  // be any XPCOM objects holding NSS resources).
+}
+
+// The aim of the intermediate preloading healer is to remove intermediates
+// that were previously cached by PSM in the NSS certdb that are now preloaded
+// in cert_storage. When cached by PSM, these certificates will have no
+// particular trust set - they are intended to inherit their trust. If, upon
+// examination, these certificates do have trust bits set that affect
+// certificate validation, they must have been modified by the user, so we want
+// to leave them alone.
+bool CertHasDefaultTrust(CERTCertificate* cert) {
+  CERTCertTrust trust;
+  if (CERT_GetCertTrust(cert, &trust) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CERT_GetCertTrust failed"));
+    return false;
+  }
+  // This is the active distrust test for CA certificates (this is expected to
+  // be an intermediate).
+  if ((trust.sslFlags & (CERTDB_TRUSTED_CA | CERTDB_TERMINAL_RECORD)) ==
+      CERTDB_TERMINAL_RECORD) {
+    return false;
+  }
+  // This is the trust anchor test.
+  if (trust.sslFlags & CERTDB_TRUSTED_CA) {
+    return false;
+  }
+  // This is the active distrust test for CA certificates (this is expected to
+  // be an intermediate).
+  if ((trust.emailFlags & (CERTDB_TRUSTED_CA | CERTDB_TERMINAL_RECORD)) ==
+      CERTDB_TERMINAL_RECORD) {
+    return false;
+  }
+  // This is the trust anchor test.
+  if (trust.emailFlags & CERTDB_TRUSTED_CA) {
+    return false;
+  }
+  return true;
+}
+
+void IntermediatePreloadingHealerCallback(nsITimer*, void*) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("IntermediatePreloadingHealerCallback"));
+
+  if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("Exiting healer due to app shutdown"));
+    return;
+  }
+
+  // Get the slot corresponding to the NSS certdb.
+  UniquePK11SlotInfo softokenSlot(PK11_GetInternalKeySlot());
+  if (!softokenSlot) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PK11_GetInternalKeySlot failed"));
+    return;
+  }
+  // List the certificates in the NSS certdb.
+  UniqueCERTCertList softokenCertificates(
+      PK11_ListCertsInSlot(softokenSlot.get()));
+  if (!softokenCertificates) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PK11_ListCertsInSlot failed"));
+    return;
+  }
+  nsCOMPtr<nsICertStorage> certStorage(do_GetService(NS_CERT_STORAGE_CID));
+  if (!certStorage) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't get cert_storage"));
+    return;
+  }
+  Vector<UniqueCERTCertificate> certsToDelete;
+  // For each certificate, look it up in cert_storage. If there's a match, this
+  // is a preloaded intermediate.
+  for (CERTCertListNode* n = CERT_LIST_HEAD(softokenCertificates);
+       !CERT_LIST_END(n, softokenCertificates); n = CERT_LIST_NEXT(n)) {
+    if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("Exiting healer due to app shutdown"));
+      return;
+    }
+
+    nsTArray<uint8_t> subject;
+    subject.AppendElements(n->cert->derSubject.data, n->cert->derSubject.len);
+    nsTArray<nsTArray<uint8_t>> certs;
+    nsresult rv = certStorage->FindCertsBySubject(subject, certs);
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("FindCertsBySubject failed"));
+      break;
+    }
+    for (const auto& encodedCert : certs) {
+      if (encodedCert.Length() != n->cert->derCert.len) {
+        continue;
+      }
+      if (memcmp(encodedCert.Elements(), n->cert->derCert.data,
+                 encodedCert.Length()) != 0) {
+        continue;
+      }
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("found preloaded intermediate in certdb"));
+      if (!CertHasDefaultTrust(n->cert)) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("certificate doesn't have default trust - skipping"));
+        continue;
+      }
+      UniqueCERTCertificate certCopy(CERT_DupCertificate(n->cert));
+      if (!certCopy) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CERT_DupCertificate failed"));
+        continue;
+      }
+      // Note that we want to remove this certificate from the NSS certdb
+      // because it also exists in preloaded intermediate storage and is thus
+      // superfluous.
+      if (!certsToDelete.append(std::move(certCopy))) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("append failed - out of memory?"));
+        return;
+      }
+      break;
+    }
+    // Only delete 20 at a time.
+    if (certsToDelete.length() >= 20) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("found limit of 20 preloaded intermediates in certdb"));
+      break;
+    }
+  }
+  for (const auto& certToDelete : certsToDelete) {
+    if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("Exiting healer due to app shutdown"));
+      return;
+    }
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("attempting to delete preloaded intermediate '%s'",
+             certToDelete->subjectName));
+    if (SEC_DeletePermCertificate(certToDelete.get()) != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("SEC_DeletePermCertificate failed"));
+    }
+  }
+
+  // This is for tests - notify that this ran.
+  nsCOMPtr<nsIRunnable> runnable(NS_NewRunnableFunction(
+      "IntermediatePreloadingHealerCallbackDone", []() -> void {
+        nsCOMPtr<nsIObserverService> observerService =
+            mozilla::services::GetObserverService();
+        if (observerService) {
+          observerService->NotifyObservers(
+              nullptr, "psm:intermediate-preloading-healer-ran", nullptr);
+        }
+      }));
+  Unused << NS_DispatchToMainThread(runnable.forget());
+}
+
+nsresult nsNSSComponent::Init() {
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  MOZ_ASSERT(XRE_IsParentProcess());
+  if (!XRE_IsParentProcess()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  Telemetry::AutoScalarTimer<Telemetry::ScalarID::NETWORKING_NSS_INITIALIZATION>
+      timer;
+  uint32_t zero = 0;  // Directly using 0 makes the call to ScalarSet ambiguous.
+  Telemetry::ScalarSet(Telemetry::ScalarID::SECURITY_CLIENT_AUTH_CERT_USAGE,
+                       u"requested"_ns, zero);
+  Telemetry::ScalarSet(Telemetry::ScalarID::SECURITY_CLIENT_AUTH_CERT_USAGE,
+                       u"sent"_ns, zero);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
+
+  nsresult rv = InitializeNSS();
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("nsNSSComponent::InitializeNSS() failed\n"));
+    return rv;
+  }
+
+  rv = RegisterObservers();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = MaybeEnableIntermediatePreloadingHealer();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult nsNSSComponent::MaybeEnableIntermediatePreloadingHealer() {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("nsNSSComponent::MaybeEnableIntermediatePreloadingHealer"));
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (mIntermediatePreloadingHealerTimer) {
+    mIntermediatePreloadingHealerTimer->Cancel();
+    mIntermediatePreloadingHealerTimer = nullptr;
+  }
+
+  if (!StaticPrefs::security_intermediate_preloading_healer_enabled()) {
+    return NS_OK;
+  }
+
+  if (!mIntermediatePreloadingHealerTaskQueue) {
+    nsresult rv = NS_CreateBackgroundTaskQueue(
+        "IntermediatePreloadingHealer",
+        getter_AddRefs(mIntermediatePreloadingHealerTaskQueue));
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+              ("NS_CreateBackgroundTaskQueue failed"));
+      return rv;
+    }
+  }
+  uint32_t timerDelayMS =
+      StaticPrefs::security_intermediate_preloading_healer_timer_interval_ms();
+  nsresult rv = NS_NewTimerWithFuncCallback(
+      getter_AddRefs(mIntermediatePreloadingHealerTimer),
+      IntermediatePreloadingHealerCallback, nullptr, timerDelayMS,
+      nsITimer::TYPE_REPEATING_SLACK_LOW_PRIORITY,
+      "IntermediatePreloadingHealer", mIntermediatePreloadingHealerTaskQueue);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("NS_NewTimerWithFuncCallback failed"));
+    return rv;
+  }
+  return NS_OK;
+}
+
+// nsISupports Implementation for the class
+NS_IMPL_ISUPPORTS(nsNSSComponent, nsINSSComponent, nsIObserver)
+
+static const char* const PROFILE_BEFORE_CHANGE_TOPIC = "profile-before-change";
+
+NS_IMETHODIMP
+nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic,
+                        const char16_t* someData) {
+  // In some tests, we don't receive a "profile-before-change" topic. However,
+  // we still have to shut down before the storage service shuts down, because
+  // closing the sql-backed softoken requires sqlite still be available. Thus,
+  // we observe "xpcom-shutdown" just in case.
+  if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0 ||
+      nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("receiving profile change or XPCOM shutdown notification"));
+    PrepareForShutdown();
+  } else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    bool clearSessionCache = true;
+    NS_ConvertUTF16toUTF8 prefName(someData);
+
+    if (HandleTLSPrefChange(prefName)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HandleTLSPrefChange done"));
+    } else if (prefName.EqualsLiteral("security.OCSP.enabled") ||
+               prefName.EqualsLiteral("security.OCSP.require") ||
+               prefName.EqualsLiteral(
+                   "security.pki.cert_short_lifetime_in_days") ||
+               prefName.EqualsLiteral("security.ssl.enable_ocsp_stapling") ||
+               prefName.EqualsLiteral("security.ssl.enable_ocsp_must_staple") ||
+               prefName.EqualsLiteral(
+                   "security.pki.certificate_transparency.mode") ||
+               prefName.EqualsLiteral("security.pki.netscape_step_up_policy") ||
+               prefName.EqualsLiteral(
+                   "security.OCSP.timeoutMilliseconds.soft") ||
+               prefName.EqualsLiteral(
+                   "security.OCSP.timeoutMilliseconds.hard") ||
+               prefName.EqualsLiteral("security.pki.crlite_mode")) {
+      MutexAutoLock lock(mMutex);
+      setValidationOptions(false, lock);
+#ifdef DEBUG
+    } else if (prefName.EqualsLiteral("security.test.built_in_root_hash")) {
+      MutexAutoLock lock(mMutex);
+      mTestBuiltInRootHash.Truncate();
+      Preferences::GetCString("security.test.built_in_root_hash",
+                              mTestBuiltInRootHash);
+#endif  // DEBUG
+    } else if (prefName.Equals("security.enterprise_roots.enabled") ||
+               prefName.Equals("security.family_safety.mode")) {
+      UnloadEnterpriseRoots();
+      MaybeImportEnterpriseRoots();
+    } else if (prefName.Equals("security.osclientcerts.autoload")) {
+      bool loadOSClientCertsModule =
+          StaticPrefs::security_osclientcerts_autoload();
+      AsyncLoadOrUnloadOSClientCertsModule(loadOSClientCertsModule);
+    } else if (prefName.EqualsLiteral("security.pki.mitm_canary_issuer")) {
+      MutexAutoLock lock(mMutex);
+      mMitmCanaryIssuer.Truncate();
+      Preferences::GetString("security.pki.mitm_canary_issuer",
+                             mMitmCanaryIssuer);
+    } else if (prefName.EqualsLiteral(
+                   "security.pki.mitm_canary_issuer.enabled")) {
+      MutexAutoLock lock(mMutex);
+      mMitmDetecionEnabled =
+          Preferences::GetBool("security.pki.mitm_canary_issuer.enabled", true);
+    } else {
+      clearSessionCache = false;
+    }
+    if (clearSessionCache) {
+      ClearSSLExternalAndInternalSessionCache();
+    }
+
+    // Preferences that don't affect certificate verification.
+    if (prefName.Equals("security.intermediate_preloading_healer.enabled") ||
+        prefName.Equals(
+            "security.intermediate_preloading_healer.timer_interval_ms")) {
+      MaybeEnableIntermediatePreloadingHealer();
+    }
+  }
+
+  return NS_OK;
+}
+
+/*static*/
+nsresult nsNSSComponent::GetNewPrompter(nsIPrompt** result) {
+  NS_ENSURE_ARG_POINTER(result);
+  *result = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsSDRContext::GetNewPrompter called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIWindowWatcher> wwatch(
+      do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = wwatch->GetNewPrompter(0, result);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return rv;
+}
+
+nsresult nsNSSComponent::LogoutAuthenticatedPK11() {
+  nsCOMPtr<nsICertOverrideService> icos =
+      do_GetService("@mozilla.org/security/certoverride;1");
+  if (icos) {
+    icos->ClearValidityOverride("all:temporary-certificates"_ns, 0,
+                                OriginAttributes());
+  }
+
+  ClearSSLExternalAndInternalSessionCache();
+
+  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+  if (os) {
+    os->NotifyObservers(nullptr, "net:cancel-all-connections", nullptr);
+  }
+
+  return NS_OK;
+}
+
+nsresult nsNSSComponent::RegisterObservers() {
+  nsCOMPtr<nsIObserverService> observerService(
+      do_GetService("@mozilla.org/observer-service;1"));
+  if (!observerService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSComponent: couldn't get observer service\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: adding observers\n"));
+  // Using false for the ownsweak parameter means the observer service will
+  // keep a strong reference to this component. As a result, this will live at
+  // least as long as the observer service.
+  observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, false);
+  observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false);
+
+  return NS_OK;
+}
+
+nsresult DoesCertMatchFingerprint(const nsTArray<uint8_t>& cert,
+                                  const nsCString& fingerprint, bool& result) {
+  result = false;
+
+  if (cert.Length() > std::numeric_limits<uint32_t>::max()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  nsTArray<uint8_t> digestArray;
+  nsresult rv = Digest::DigestBuf(SEC_OID_SHA256, cert.Elements(),
+                                  cert.Length(), digestArray);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  SECItem digestItem = {siBuffer, digestArray.Elements(),
+                        static_cast<unsigned int>(digestArray.Length())};
+  UniquePORTString certFingerprint(
+      CERT_Hexify(&digestItem, true /* use colon delimiters */));
+  if (!certFingerprint) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result = fingerprint.Equals(certFingerprint.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::IsCertTestBuiltInRoot(const nsTArray<uint8_t>& cert,
+                                      bool* result) {
+  NS_ENSURE_ARG_POINTER(result);
+  *result = false;
+
+#ifdef DEBUG
+  MutexAutoLock lock(mMutex);
+  nsresult rv = DoesCertMatchFingerprint(cert, mTestBuiltInRootHash, *result);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+#endif  // DEBUG
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::IssuerMatchesMitmCanary(const char* aCertIssuer) {
+  MutexAutoLock lock(mMutex);
+  if (mMitmDetecionEnabled && !mMitmCanaryIssuer.IsEmpty()) {
+    nsString certIssuer = NS_ConvertUTF8toUTF16(aCertIssuer);
+    if (mMitmCanaryIssuer.Equals(certIssuer)) {
+      return NS_OK;
+    }
+  }
+
+  return NS_ERROR_FAILURE;
+}
+
+SharedCertVerifier::~SharedCertVerifier() = default;
+
+NS_IMETHODIMP
+nsNSSComponent::GetDefaultCertVerifier(SharedCertVerifier** result) {
+  MutexAutoLock lock(mMutex);
+  NS_ENSURE_ARG_POINTER(result);
+  RefPtr<SharedCertVerifier> certVerifier(mDefaultCertVerifier);
+  certVerifier.forget(result);
+  return NS_OK;
+}
+
+// static
+void nsNSSComponent::DoClearSSLExternalAndInternalSessionCache() {
+  SSL_ClearSessionCache();
+  mozilla::net::SSLTokensCache::Clear();
+}
+
+NS_IMETHODIMP
+nsNSSComponent::ClearSSLExternalAndInternalSessionCache() {
+  MOZ_ASSERT(XRE_IsParentProcess());
+  if (!XRE_IsParentProcess()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (mozilla::net::nsIOService::UseSocketProcess()) {
+    if (mozilla::net::gIOService) {
+      mozilla::net::gIOService->CallOrWaitForSocketProcess([]() {
+        Unused << mozilla::net::SocketProcessParent::GetSingleton()
+                      ->SendClearSessionCache();
+      });
+    }
+  }
+  DoClearSSLExternalAndInternalSessionCache();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::AsyncClearSSLExternalAndInternalSessionCache(
+    JSContext* aCx, ::mozilla::dom::Promise** aPromise) {
+  MOZ_ASSERT(XRE_IsParentProcess());
+  if (!XRE_IsParentProcess()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsIGlobalObject* globalObject = xpc::CurrentNativeGlobal(aCx);
+  if (NS_WARN_IF(!globalObject)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  ErrorResult result;
+  RefPtr<mozilla::dom::Promise> promise =
+      mozilla::dom::Promise::Create(globalObject, result);
+  if (NS_WARN_IF(result.Failed())) {
+    return result.StealNSResult();
+  }
+
+  if (mozilla::net::nsIOService::UseSocketProcess() &&
+      mozilla::net::gIOService) {
+    mozilla::net::gIOService->CallOrWaitForSocketProcess(
+        [p = RefPtr{promise}]() {
+          Unused << mozilla::net::SocketProcessParent::GetSingleton()
+                        ->SendClearSessionCache()
+                        ->Then(
+                            GetCurrentSerialEventTarget(), __func__,
+                            [promise = RefPtr{p}] {
+                              promise->MaybeResolveWithUndefined();
+                            },
+                            [promise = RefPtr{p}] {
+                              promise->MaybeReject(NS_ERROR_UNEXPECTED);
+                            });
+        });
+  } else {
+    promise->MaybeResolveWithUndefined();
+  }
+  DoClearSSLExternalAndInternalSessionCache();
+  promise.forget(aPromise);
+  return NS_OK;
+}
+
+namespace mozilla {
+namespace psm {
+
+already_AddRefed<SharedCertVerifier> GetDefaultCertVerifier() {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID));
+  if (!nssComponent) {
+    return nullptr;
+  }
+  nsresult rv = nssComponent->BlockUntilLoadableCertsLoaded();
+  if (NS_FAILED(rv)) {
+    return nullptr;
+  }
+  RefPtr<SharedCertVerifier> result;
+  rv = nssComponent->GetDefaultCertVerifier(getter_AddRefs(result));
+  if (NS_FAILED(rv)) {
+    return nullptr;
+  }
+  return result.forget();
+}
+
+// Helper for FindClientCertificatesWithPrivateKeys. Copies all
+// CERTCertificates from `from` to `to`.
+static inline void CopyCertificatesTo(UniqueCERTCertList& from,
+                                      UniqueCERTCertList& to) {
+  MOZ_ASSERT(from);
+  MOZ_ASSERT(to);
+  for (CERTCertListNode* n = CERT_LIST_HEAD(from.get());
+       !CERT_LIST_END(n, from.get()); n = CERT_LIST_NEXT(n)) {
+    UniqueCERTCertificate cert(CERT_DupCertificate(n->cert));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("      provisionally adding '%s'", n->cert->subjectName));
+    if (CERT_AddCertToListTail(to.get(), cert.get()) == SECSuccess) {
+      Unused << cert.release();
+    }
+  }
+}
+
+// Lists all private keys on all modules and returns a list of any corresponding
+// client certificates. Returns null if no such certificates can be found. Also
+// returns null if an error is encountered, because this is called as part of
+// the client auth data callback, and NSS ignores any errors returned by the
+// callback.
+UniqueCERTCertList FindClientCertificatesWithPrivateKeys() {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("FindClientCertificatesWithPrivateKeys"));
+
+  BlockUntilLoadableCertsLoaded();
+
+  UniqueCERTCertList certsWithPrivateKeys(CERT_NewCertList());
+  if (!certsWithPrivateKeys) {
+    return nullptr;
+  }
+
+  UniquePK11SlotInfo internalSlot(PK11_GetInternalKeySlot());
+
+  AutoSECMODListReadLock secmodLock;
+  SECMODModuleList* list = SECMOD_GetDefaultModuleList();
+  while (list) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("  module '%s'", list->module->commonName));
+    for (int i = 0; i < list->module->slotCount; i++) {
+      PK11SlotInfo* slot = list->module->slots[i];
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("    slot '%s'", PK11_GetSlotName(slot)));
+      // If this is the internal certificate/key slot or the slot on the
+      // builtin roots module, there may be many more certificates than private
+      // keys, so search by private keys (PK11_HasRootCerts will be true if the
+      // slot contains an object with the vendor-specific CK_CLASS
+      // CKO_NSS_BUILTIN_ROOT_LIST, which should only be the case for the NSS
+      // builtin roots module).
+      if (internalSlot.get() == slot || PK11_HasRootCerts(slot)) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("    (looking at internal/builtin slot)"));
+        if (PK11_Authenticate(slot, true, nullptr) != SECSuccess) {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("    (couldn't authenticate)"));
+          continue;
+        }
+        UniqueSECKEYPrivateKeyList privateKeys(
+            PK11_ListPrivKeysInSlot(slot, nullptr, nullptr));
+        if (!privateKeys) {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("      (no private keys)"));
+          continue;
+        }
+        for (SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privateKeys);
+             !PRIVKEY_LIST_END(node, privateKeys);
+             node = PRIVKEY_LIST_NEXT(node)) {
+          UniqueCERTCertList certs(PK11_GetCertsMatchingPrivateKey(node->key));
+          if (!certs) {
+            MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                    ("      PK11_GetCertsMatchingPrivateKey encountered an "
+                     "error "));
+            continue;
+          }
+          if (CERT_LIST_EMPTY(certs)) {
+            MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("      (no certs for key)"));
+            continue;
+          }
+          CopyCertificatesTo(certs, certsWithPrivateKeys);
+        }
+      } else {
+        // ... otherwise, optimistically assume that searching by certificate
+        // won't take too much time. Since "friendly" slots expose certificates
+        // without needing to be authenticated to, this results in fewer PIN
+        // dialogs shown to the user.
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("    (looking at non-internal slot)"));
+
+        if (!PK11_IsPresent(slot)) {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("    (not present)"));
+          continue;
+        }
+        // If this isn't a "friendly" slot, authenticate to expose certificates.
+        if (!PK11_IsFriendly(slot) &&
+            PK11_Authenticate(slot, true, nullptr) != SECSuccess) {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("    (couldn't authenticate)"));
+          continue;
+        }
+        UniqueCERTCertList certsInSlot(PK11_ListCertsInSlot(slot));
+        if (!certsInSlot) {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                  ("      (couldn't list certs in slot)"));
+          continue;
+        }
+        // When NSS decodes a certificate, if that certificate has a
+        // corresponding private key (or public key, if the slot it's on hasn't
+        // been logged into), it notes it as a "user cert".
+        if (CERT_FilterCertListForUserCerts(certsInSlot.get()) != SECSuccess) {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                  ("      (couldn't filter certs)"));
+          continue;
+        }
+        CopyCertificatesTo(certsInSlot, certsWithPrivateKeys);
+      }
+    }
+    list = list->next;
+  }
+
+  if (CERT_FilterCertListByUsage(certsWithPrivateKeys.get(), certUsageSSLClient,
+                                 false) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("  CERT_FilterCertListByUsage encountered an error - returning"));
+    return nullptr;
+  }
+
+  if (MOZ_UNLIKELY(MOZ_LOG_TEST(gPIPNSSLog, LogLevel::Debug))) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("  returning:"));
+    for (CERTCertListNode* n = CERT_LIST_HEAD(certsWithPrivateKeys);
+         !CERT_LIST_END(n, certsWithPrivateKeys); n = CERT_LIST_NEXT(n)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("    %s", n->cert->subjectName));
+    }
+  }
+
+  if (CERT_LIST_EMPTY(certsWithPrivateKeys)) {
+    return nullptr;
+  }
+
+  return certsWithPrivateKeys;
+}
+
+}  // namespace psm
+}  // namespace mozilla
+
+NS_IMPL_ISUPPORTS(PipUIContext, nsIInterfaceRequestor)
+
+PipUIContext::PipUIContext() = default;
+
+PipUIContext::~PipUIContext() = default;
+
+NS_IMETHODIMP
+PipUIContext::GetInterface(const nsIID& uuid, void** result) {
+  NS_ENSURE_ARG_POINTER(result);
+  *result = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("PipUIContext::GetInterface called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (!uuid.Equals(NS_GET_IID(nsIPrompt))) return NS_ERROR_NO_INTERFACE;
+
+  nsIPrompt* prompt = nullptr;
+  nsresult rv = nsNSSComponent::GetNewPrompter(&prompt);
+  *result = prompt;
+  return rv;
+}
+
+nsresult getNSSDialogs(void** _result, REFNSIID aIID, const char* contract) {
+  if (!NS_IsMainThread()) {
+    NS_ERROR("getNSSDialogs called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+
+  nsCOMPtr<nsISupports> svc = do_GetService(contract, &rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = svc->QueryInterface(aIID, _result);
+
+  return rv;
+}
+
+nsresult setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx) {
+  MOZ_ASSERT(slot);
+  MOZ_ASSERT(ctx);
+  NS_ENSURE_ARG_POINTER(slot);
+  NS_ENSURE_ARG_POINTER(ctx);
+
+  if (PK11_NeedUserInit(slot)) {
+    nsCOMPtr<nsITokenPasswordDialogs> dialogs;
+    nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
+                                NS_GET_IID(nsITokenPasswordDialogs),
+                                NS_TOKENPASSWORDSDIALOG_CONTRACTID);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    bool canceled;
+    nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot);
+    rv = dialogs->SetPassword(ctx, token, &canceled);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (canceled) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+  }
+
+  return NS_OK;
+}
+
+static PRBool ConvertBetweenUCS2andASCII(PRBool toUnicode, unsigned char* inBuf,
+                                         unsigned int inBufLen,
+                                         unsigned char* outBuf,
+                                         unsigned int maxOutBufLen,
+                                         unsigned int* outBufLen,
+                                         PRBool swapBytes) {
+  std::unique_ptr<unsigned char[]> inBufDup(new unsigned char[inBufLen]);
+  if (!inBufDup) {
+    return PR_FALSE;
+  }
+  std::memcpy(inBufDup.get(), inBuf, inBufLen * sizeof(unsigned char));
+
+  // If converting Unicode to ASCII, swap bytes before conversion as neccessary.
+  if (!toUnicode && swapBytes) {
+    if (inBufLen % 2 != 0) {
+      return PR_FALSE;
+    }
+    mozilla::NativeEndian::swapFromLittleEndianInPlace(
+        reinterpret_cast<char16_t*>(inBufDup.get()), inBufLen / 2);
+  }
+  return PORT_UCS2_UTF8Conversion(toUnicode, inBufDup.get(), inBufLen, outBuf,
+                                  maxOutBufLen, outBufLen);
+}
+
+namespace mozilla {
+namespace psm {
+
+nsresult InitializeCipherSuite() {
+  MOZ_ASSERT(NS_IsMainThread(),
+             "InitializeCipherSuite() can only be accessed on the main thread");
+
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Disable any ciphers that NSS might have enabled by default
+  for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    uint16_t cipher_id = SSL_ImplementedCiphers[i];
+    SSL_CipherPrefSetDefault(cipher_id, false);
+  }
+
+  // Now only set SSL/TLS ciphers we knew about at compile time
+  for (const auto& cipherPref : sCipherPrefs) {
+    SSL_CipherPrefSetDefault(cipherPref.id, cipherPref.prefGetter());
+  }
+
+  SetDeprecatedTLS1CipherPrefs();
+
+  // Enable ciphers for PKCS#12
+  SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+  SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+  SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+  SEC_PKCS12EnableCipher(PKCS12_AES_CBC_128, 1);
+  SEC_PKCS12EnableCipher(PKCS12_AES_CBC_192, 1);
+  SEC_PKCS12EnableCipher(PKCS12_AES_CBC_256, 1);
+  SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+  PORT_SetUCS2_ASCIIConversionFunction(ConvertBetweenUCS2andASCII);
+
+  // PSM enforces a minimum RSA key size of 1024 bits, which is overridable.
+  // NSS has its own minimum, which is not overridable (the default is 1023
+  // bits). This sets the NSS minimum to 512 bits so users can still connect to
+  // devices like wifi routers with woefully small keys (they would have to add
+  // an override to do so, but they already do for such devices).
+  NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 512);
+
+  // Observe preference change around cipher suite setting.
+  return CipherSuiteChangeObserver::StartObserve();
+}
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/nsNSSComponent.h b/security/manager/ssl/nsNSSComponent.h
new file mode 100644
index 0000000000..4fbcdb0359
--- /dev/null
+++ b/security/manager/ssl/nsNSSComponent.h
@@ -0,0 +1,168 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _nsNSSComponent_h_
+#define _nsNSSComponent_h_
+
+#include "nsINSSComponent.h"
+
+#include "EnterpriseRoots.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "mozilla/Monitor.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "nsIObserver.h"
+#include "nsNSSCallbacks.h"
+#include "nsServiceManagerUtils.h"
+#include "prerror.h"
+#include "sslt.h"
+
+#ifdef XP_WIN
+#  include <windows.h>  // this needs to be before the following includes
+#  include <wincrypt.h>
+#endif  // XP_WIN
+
+class nsIDOMWindow;
+class nsIPrompt;
+class nsISerialEventTarget;
+class nsITimer;
+
+namespace mozilla {
+namespace psm {
+
+[[nodiscard]] ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+GetDefaultCertVerifier();
+UniqueCERTCertList FindClientCertificatesWithPrivateKeys();
+
+}  // namespace psm
+}  // namespace mozilla
+
+#define NS_NSSCOMPONENT_CID                          \
+  {                                                  \
+    0x4cb64dfd, 0xca98, 0x4e24, {                    \
+      0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb \
+    }                                                \
+  }
+
+bool EnsureNSSInitializedChromeOrContent();
+bool HandleTLSPrefChange(const nsCString& aPref);
+void SetValidationOptionsCommon();
+void PrepareForShutdownInSocketProcess();
+
+// Implementation of the PSM component interface.
+class nsNSSComponent final : public nsINSSComponent, public nsIObserver {
+ public:
+  // LoadLoadableCertsTask updates mLoadableCertsLoaded and
+  // mLoadableCertsLoadedResult and then signals mLoadableCertsLoadedMonitor.
+  friend class LoadLoadableCertsTask;
+  // BackgroundImportEnterpriseCertsTask calls ImportEnterpriseRoots and
+  // UpdateCertVerifierWithEnterpriseRoots.
+  friend class BackgroundImportEnterpriseCertsTask;
+
+  nsNSSComponent();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSINSSCOMPONENT
+  NS_DECL_NSIOBSERVER
+
+  nsresult Init();
+
+  static nsresult GetNewPrompter(nsIPrompt** result);
+
+  static void FillTLSVersionRange(SSLVersionRange& rangeOut,
+                                  uint32_t minFromPrefs, uint32_t maxFromPrefs,
+                                  SSLVersionRange defaults);
+
+  static nsresult SetEnabledTLSVersions();
+
+  // This function does the actual work of clearing the session cache. It is to
+  // be used by the socket process (where there is no nsINSSComponent) and
+  // internally by nsNSSComponent.
+  // NB: NSS must have already been initialized before this is called.
+  static void DoClearSSLExternalAndInternalSessionCache();
+
+ protected:
+  virtual ~nsNSSComponent();
+
+ private:
+  nsresult InitializeNSS();
+  void PrepareForShutdown();
+
+  void setValidationOptions(bool isInitialSetting,
+                            const mozilla::MutexAutoLock& proofOfLock);
+  void GetRevocationBehaviorFromPrefs(
+      /*out*/ mozilla::psm::CertVerifier::OcspDownloadConfig* odc,
+      /*out*/ mozilla::psm::CertVerifier::OcspStrictConfig* osc,
+      /*out*/ uint32_t* certShortLifetimeInDays,
+      /*out*/ TimeDuration& softTimeout,
+      /*out*/ TimeDuration& hardTimeout);
+  void UpdateCertVerifierWithEnterpriseRoots();
+  nsresult RegisterObservers();
+
+  void MaybeImportEnterpriseRoots();
+  void ImportEnterpriseRoots();
+  void UnloadEnterpriseRoots();
+  nsresult CommonGetEnterpriseCerts(
+      nsTArray<nsTArray<uint8_t>>& enterpriseCerts, bool getRoots);
+
+  bool ShouldEnableEnterpriseRootsForFamilySafety(uint32_t familySafetyMode);
+
+  nsresult MaybeEnableIntermediatePreloadingHealer();
+
+  // mLoadableCertsLoadedMonitor protects mLoadableCertsLoaded.
+  mozilla::Monitor mLoadableCertsLoadedMonitor;
+  bool mLoadableCertsLoaded MOZ_GUARDED_BY(mLoadableCertsLoadedMonitor);
+  nsresult mLoadableCertsLoadedResult
+      MOZ_GUARDED_BY(mLoadableCertsLoadedMonitor);
+
+  // mMutex protects all members that are accessed from more than one thread.
+  mozilla::Mutex mMutex;
+
+  // The following members are accessed from more than one thread:
+
+#ifdef DEBUG
+  nsCString mTestBuiltInRootHash MOZ_GUARDED_BY(mMutex);
+#endif
+  RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier
+      MOZ_GUARDED_BY(mMutex);
+  nsString mMitmCanaryIssuer MOZ_GUARDED_BY(mMutex);
+  bool mMitmDetecionEnabled MOZ_GUARDED_BY(mMutex);
+  mozilla::Vector<EnterpriseCert> mEnterpriseCerts MOZ_GUARDED_BY(mMutex);
+
+  // The following members are accessed only on the main thread:
+  static int mInstanceCount;
+  // If the intermediate preloading healer is enabled, the following timer
+  // periodically dispatches events to the background task queue. Each of these
+  // events scans the NSS certdb for preloaded intermediates that are in
+  // cert_storage and thus can be removed. By default, the interval is 5
+  // minutes.
+  nsCOMPtr<nsISerialEventTarget> mIntermediatePreloadingHealerTaskQueue;
+  nsCOMPtr<nsITimer> mIntermediatePreloadingHealerTimer;
+};
+
+inline nsresult BlockUntilLoadableCertsLoaded() {
+  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (!component) {
+    return NS_ERROR_FAILURE;
+  }
+  return component->BlockUntilLoadableCertsLoaded();
+}
+
+inline nsresult CheckForSmartCardChanges() {
+#ifndef MOZ_NO_SMART_CARDS
+  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (!component) {
+    return NS_ERROR_FAILURE;
+  }
+  return component->CheckForSmartCardChanges();
+#else
+  return NS_OK;
+#endif
+}
+
+#endif  // _nsNSSComponent_h_
diff --git a/security/manager/ssl/nsNSSHelper.h b/security/manager/ssl/nsNSSHelper.h
new file mode 100644
index 0000000000..5f3f5ea9b4
--- /dev/null
+++ b/security/manager/ssl/nsNSSHelper.h
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSHelper_h
+#define nsNSSHelper_h
+
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "pk11func.h"
+
+// Implementation of an nsIInterfaceRequestor for use as context for NSS calls.
+class PipUIContext : public nsIInterfaceRequestor {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIINTERFACEREQUESTOR
+
+  PipUIContext();
+
+ protected:
+  virtual ~PipUIContext();
+};
+
+// Function to get the implementor for a certain set of NSS specific dialogs.
+nsresult getNSSDialogs(void** _result, REFNSIID aIID, const char* contract);
+
+// A function that sets the password on an unitialized slot.
+nsresult setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx);
+
+#endif  // nsNSSHelper_h
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
new file mode 100644
index 0000000000..1f740eb4c9
--- /dev/null
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -0,0 +1,1770 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSIOLayer.h"
+
+#include <algorithm>
+#include <utility>
+#include <vector>
+
+#include "NSSCertDBTrustDomain.h"
+#include "NSSErrorsService.h"
+#include "NSSSocketControl.h"
+#include "PSMRunnable.h"
+#include "SSLServerCertVerification.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "TLSClientAuthCertSelection.h"
+#include "keyhi.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/RandomNum.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/StaticPrefs_security.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/ipc/BackgroundChild.h"
+#include "mozilla/ipc/PBackgroundChild.h"
+#include "mozilla/net/SSLTokensCache.h"
+#include "mozilla/net/SocketProcessChild.h"
+#include "mozilla/psm/IPCClientCertsChild.h"
+#include "mozilla/psm/PIPCClientCertsChild.h"
+#include "mozpkix/pkixnss.h"
+#include "mozpkix/pkixtypes.h"
+#include "mozpkix/pkixutil.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsCRT.h"
+#include "nsCharSeparatedTokenizer.h"
+#include "nsClientAuthRemember.h"
+#include "nsContentUtils.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsISocketProvider.h"
+#include "nsISocketTransport.h"
+#include "nsIWebProgressListener.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsPrintfCString.h"
+#include "nsServiceManagerUtils.h"
+#include "prmem.h"
+#include "prnetdb.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslexp.h"
+#include "sslproto.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+using namespace mozilla::ipc;
+
+// #define DEBUG_SSL_VERBOSE //Enable this define to get minimal
+//  reports when doing SSL read/write
+
+// #define DUMP_BUFFER  //Enable this define along with
+//  DEBUG_SSL_VERBOSE to dump SSL
+//  read/write buffer to a log.
+//  Uses PR_LOG except on Mac where
+//  we always write out to our own
+//  file.
+
+namespace {
+
+// The NSSSocketInfo tls flags are meant to be opaque to most calling
+// applications but provide a mechanism for direct TLS manipulation when
+// experimenting with new features in the scope of a single socket. They do not
+// create a persistent ABI.
+//
+// Use of these flags creates a new 'sharedSSLState' so existing states for
+// intolerance are not carried to sockets that use these flags (and intolerance
+// they discover does not impact other normal sockets not using the flags.)
+//
+// Their current definitions are:
+//
+// bits 0-2 (mask 0x07) specify the max tls version
+//          0 means no override 1->4 are 1.0, 1.1, 1.2, 1.3, 4->7 unused
+// bits 3-5 (mask 0x38) specify the tls fallback limit
+//          0 means no override, values 1->4 match prefs
+// bit    6 (mask 0x40) was used to specify compat mode. Temporarily reserved.
+
+enum {
+  kTLSProviderFlagMaxVersion10 = 0x01,
+  kTLSProviderFlagMaxVersion11 = 0x02,
+  kTLSProviderFlagMaxVersion12 = 0x03,
+  kTLSProviderFlagMaxVersion13 = 0x04,
+};
+
+static uint32_t getTLSProviderFlagMaxVersion(uint32_t flags) {
+  return (flags & 0x07);
+}
+
+static uint32_t getTLSProviderFlagFallbackLimit(uint32_t flags) {
+  return (flags & 0x38) >> 3;
+}
+
+void getSiteKey(const nsACString& hostName, uint16_t port,
+                /*out*/ nsACString& key) {
+  key = hostName;
+  key.AppendLiteral(":");
+  key.AppendInt(port);
+}
+
+}  // unnamed namespace
+
+extern LazyLogModule gPIPNSSLog;
+
+void nsSSLIOLayerHelpers::Cleanup() {
+  MutexAutoLock lock(mutex);
+  mTLSIntoleranceInfo.Clear();
+  mInsecureFallbackSites.Clear();
+}
+
+namespace {
+
+enum Operation { reading, writing, not_reading_or_writing };
+
+int32_t checkHandshake(int32_t bytesTransfered, bool wasReading,
+                       PRFileDesc* ssl_layer_fd, NSSSocketControl* socketInfo);
+
+NSSSocketControl* getSocketInfoIfRunning(PRFileDesc* fd, Operation op) {
+  if (!fd || !fd->lower || !fd->secret ||
+      fd->identity != nsSSLIOLayerHelpers::nsSSLIOLayerIdentity) {
+    NS_ERROR("bad file descriptor passed to getSocketInfoIfRunning");
+    PR_SetError(PR_BAD_DESCRIPTOR_ERROR, 0);
+    return nullptr;
+  }
+
+  NSSSocketControl* socketInfo = (NSSSocketControl*)fd->secret;
+
+  if (socketInfo->IsCanceled()) {
+    PRErrorCode err = socketInfo->GetErrorCode();
+    PR_SetError(err, 0);
+    if (op == reading || op == writing) {
+      // We must do TLS intolerance checks for reads and writes, for timeouts
+      // in particular.
+      (void)checkHandshake(-1, op == reading, fd, socketInfo);
+    }
+
+    // If we get here, it is probably because cert verification failed and this
+    // is the first I/O attempt since that failure.
+    return nullptr;
+  }
+
+  return socketInfo;
+}
+
+}  // namespace
+
+static PRStatus nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
+                                    PRIntervalTime timeout) {
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] connecting SSL socket\n", (void*)fd));
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing)) return PR_FAILURE;
+
+  PRStatus status = fd->lower->methods->connect(fd->lower, addr, timeout);
+  if (status != PR_SUCCESS) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("[%p] Lower layer connect error: %d\n", (void*)fd, PR_GetError()));
+    return status;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Connect\n", (void*)fd));
+  return status;
+}
+
+void nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName,
+                                                    int16_t port,
+                                                    uint16_t tolerant) {
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    entry.tolerant = std::max(entry.tolerant, tolerant);
+    if (entry.intolerant != 0 && entry.intolerant <= entry.tolerant) {
+      entry.intolerant = entry.tolerant + 1;
+      entry.intoleranceReason = 0;  // lose the reason
+    }
+  } else {
+    entry.tolerant = tolerant;
+    entry.intolerant = 0;
+    entry.intoleranceReason = 0;
+  }
+
+  entry.AssertInvariant();
+
+  mTLSIntoleranceInfo.InsertOrUpdate(key, entry);
+}
+
+void nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
+                                            int16_t port) {
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+
+    entry.intolerant = 0;
+    entry.intoleranceReason = 0;
+
+    entry.AssertInvariant();
+    mTLSIntoleranceInfo.InsertOrUpdate(key, entry);
+  }
+}
+
+bool nsSSLIOLayerHelpers::fallbackLimitReached(const nsACString& hostName,
+                                               uint16_t intolerant) {
+  if (isInsecureFallbackSite(hostName)) {
+    return intolerant <= SSL_LIBRARY_VERSION_TLS_1_0;
+  }
+  return intolerant <= mVersionFallbackLimit;
+}
+
+// returns true if we should retry the handshake
+bool nsSSLIOLayerHelpers::rememberIntolerantAtVersion(
+    const nsACString& hostName, int16_t port, uint16_t minVersion,
+    uint16_t intolerant, PRErrorCode intoleranceReason) {
+  if (intolerant <= minVersion || fallbackLimitReached(hostName, intolerant)) {
+    // We can't fall back any further. Assume that intolerance isn't the issue.
+    forgetIntolerance(hostName, port);
+    return false;
+  }
+
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    if (intolerant <= entry.tolerant) {
+      // We already know the server is tolerant at an equal or higher version.
+      return false;
+    }
+    if ((entry.intolerant != 0 && intolerant >= entry.intolerant)) {
+      // We already know that the server is intolerant at a lower version.
+      return true;
+    }
+  } else {
+    entry.tolerant = 0;
+  }
+
+  entry.intolerant = intolerant;
+  entry.intoleranceReason = intoleranceReason;
+  entry.AssertInvariant();
+  mTLSIntoleranceInfo.InsertOrUpdate(key, entry);
+
+  return true;
+}
+
+void nsSSLIOLayerHelpers::adjustForTLSIntolerance(
+    const nsACString& hostName, int16_t port,
+    /*in/out*/ SSLVersionRange& range) {
+  IntoleranceEntry entry;
+
+  {
+    nsCString key;
+    getSiteKey(hostName, port, key);
+
+    MutexAutoLock lock(mutex);
+    if (!mTLSIntoleranceInfo.Get(key, &entry)) {
+      return;
+    }
+  }
+
+  entry.AssertInvariant();
+
+  if (entry.intolerant != 0) {
+    // We've tried connecting at a higher range but failed, so try at the
+    // version we haven't tried yet, unless we have reached the minimum.
+    if (range.min < entry.intolerant) {
+      range.max = entry.intolerant - 1;
+    }
+  }
+}
+
+PRErrorCode nsSSLIOLayerHelpers::getIntoleranceReason(
+    const nsACString& hostName, int16_t port) {
+  IntoleranceEntry entry;
+
+  {
+    nsCString key;
+    getSiteKey(hostName, port, key);
+
+    MutexAutoLock lock(mutex);
+    if (!mTLSIntoleranceInfo.Get(key, &entry)) {
+      return 0;
+    }
+  }
+
+  entry.AssertInvariant();
+  return entry.intoleranceReason;
+}
+
+bool nsSSLIOLayerHelpers::nsSSLIOLayerInitialized = false;
+PRDescIdentity nsSSLIOLayerHelpers::nsSSLIOLayerIdentity;
+PRDescIdentity nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity;
+PRIOMethods nsSSLIOLayerHelpers::nsSSLIOLayerMethods;
+PRIOMethods nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods;
+
+static PRStatus nsSSLIOLayerClose(PRFileDesc* fd) {
+  if (!fd) {
+    return PR_FAILURE;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Shutting down socket", fd));
+
+  // Take the owning reference from the layer. See the corresponding comment in
+  // nsSSLIOLayerAddToSocket where this gets set.
+  RefPtr<NSSSocketControl> socketInfo(
+      already_AddRefed((NSSSocketControl*)fd->secret));
+  fd->secret = nullptr;
+  if (!socketInfo) {
+    return PR_FAILURE;
+  }
+
+  return socketInfo->CloseSocketAndDestroy();
+}
+
+#if defined(DEBUG_SSL_VERBOSE) && defined(DUMP_BUFFER)
+// Dumps a (potentially binary) buffer using SSM_DEBUG.  (We could have used
+// the version in ssltrace.c, but that's specifically tailored to SSLTRACE.)
+#  define DUMPBUF_LINESIZE 24
+static void nsDumpBuffer(unsigned char* buf, int len) {
+  char hexbuf[DUMPBUF_LINESIZE * 3 + 1];
+  char chrbuf[DUMPBUF_LINESIZE + 1];
+  static const char* hex = "0123456789abcdef";
+  int i = 0;
+  int l = 0;
+  char ch;
+  char* c;
+  char* h;
+  if (len == 0) return;
+  hexbuf[DUMPBUF_LINESIZE * 3] = '\0';
+  chrbuf[DUMPBUF_LINESIZE] = '\0';
+  (void)memset(hexbuf, 0x20, DUMPBUF_LINESIZE * 3);
+  (void)memset(chrbuf, 0x20, DUMPBUF_LINESIZE);
+  h = hexbuf;
+  c = chrbuf;
+
+  while (i < len) {
+    ch = buf[i];
+
+    if (l == DUMPBUF_LINESIZE) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf));
+      (void)memset(hexbuf, 0x20, DUMPBUF_LINESIZE * 3);
+      (void)memset(chrbuf, 0x20, DUMPBUF_LINESIZE);
+      h = hexbuf;
+      c = chrbuf;
+      l = 0;
+    }
+
+    // Convert a character to hex.
+    *h++ = hex[(ch >> 4) & 0xf];
+    *h++ = hex[ch & 0xf];
+    h++;
+
+    // Put the character (if it's printable) into the character buffer.
+    if ((ch >= 0x20) && (ch <= 0x7e)) {
+      *c++ = ch;
+    } else {
+      *c++ = '.';
+    }
+    i++;
+    l++;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf));
+}
+
+#  define DEBUG_DUMP_BUFFER(buf, len) nsDumpBuffer(buf, len)
+#else
+#  define DEBUG_DUMP_BUFFER(buf, len)
+#endif
+
+namespace {
+
+uint32_t tlsIntoleranceTelemetryBucket(PRErrorCode err) {
+  // returns a numeric code for where we track various errors in telemetry
+  // only errors that cause version fallback are tracked,
+  // so this is also used to determine which errors can cause version fallback
+  switch (err) {
+    case SSL_ERROR_BAD_MAC_ALERT:
+      return 1;
+    case SSL_ERROR_BAD_MAC_READ:
+      return 2;
+    case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:
+      return 3;
+    case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:
+      return 4;
+    case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:
+      return 6;
+    case SSL_ERROR_NO_CYPHER_OVERLAP:
+      return 7;
+    case SSL_ERROR_UNSUPPORTED_VERSION:
+      return 10;
+    case SSL_ERROR_PROTOCOL_VERSION_ALERT:
+      return 11;
+    case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE:
+      return 13;
+    case SSL_ERROR_DECODE_ERROR_ALERT:
+      return 14;
+    case PR_CONNECT_RESET_ERROR:
+      return 16;
+    case PR_END_OF_FILE_ERROR:
+      return 17;
+    case SSL_ERROR_INTERNAL_ERROR_ALERT:
+      return 18;
+    default:
+      return 0;
+  }
+}
+
+bool retryDueToTLSIntolerance(PRErrorCode err, NSSSocketControl* socketInfo) {
+  // This function is supposed to decide which error codes should
+  // be used to conclude server is TLS intolerant.
+  // Note this only happens during the initial SSL handshake.
+
+  if (StaticPrefs::security_tls_ech_disable_grease_on_fallback() &&
+      socketInfo->GetEchExtensionStatus() == EchExtensionStatus::kGREASE) {
+    // Don't record any intolerances if we used ECH GREASE but force a retry.
+    return true;
+  }
+
+  SSLVersionRange range = socketInfo->GetTLSVersionRange();
+  nsSSLIOLayerHelpers& helpers = socketInfo->SharedState().IOLayerHelpers();
+
+  if (err == SSL_ERROR_UNSUPPORTED_VERSION &&
+      range.min == SSL_LIBRARY_VERSION_TLS_1_0) {
+    socketInfo->SetSecurityState(nsIWebProgressListener::STATE_IS_INSECURE |
+                                 nsIWebProgressListener::STATE_USES_SSL_3);
+  }
+
+  // NSS will return SSL_ERROR_RX_MALFORMED_SERVER_HELLO if anti-downgrade
+  // detected the downgrade.
+  if (err == SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT ||
+      err == SSL_ERROR_RX_MALFORMED_SERVER_HELLO) {
+    // This is a clear signal that we've fallen back too many versions.  Treat
+    // this as a hard failure, but forget any intolerance so that later attempts
+    // don't use this version (i.e., range.max) and trigger the error again.
+
+    // First, track the original cause of the version fallback.  This uses the
+    // same buckets as the telemetry below, except that bucket 0 will include
+    // all cases where there wasn't an original reason.
+    PRErrorCode originalReason = helpers.getIntoleranceReason(
+        socketInfo->GetHostName(), socketInfo->GetPort());
+    Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE,
+                          tlsIntoleranceTelemetryBucket(originalReason));
+
+    helpers.forgetIntolerance(socketInfo->GetHostName(), socketInfo->GetPort());
+
+    return false;
+  }
+
+  // When not using a proxy we'll see a connection reset error.
+  // When using a proxy, we'll see an end of file error.
+
+  // Don't allow STARTTLS connections to fall back on connection resets or
+  // EOF.
+  if ((err == PR_CONNECT_RESET_ERROR || err == PR_END_OF_FILE_ERROR) &&
+      socketInfo->GetForSTARTTLS()) {
+    return false;
+  }
+
+  uint32_t reason = tlsIntoleranceTelemetryBucket(err);
+  if (reason == 0) {
+    return false;
+  }
+
+  Telemetry::HistogramID pre;
+  Telemetry::HistogramID post;
+  switch (range.max) {
+    case SSL_LIBRARY_VERSION_TLS_1_3:
+      pre = Telemetry::SSL_TLS13_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS13_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_2:
+      pre = Telemetry::SSL_TLS12_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS12_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_1:
+      pre = Telemetry::SSL_TLS11_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS11_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_0:
+      pre = Telemetry::SSL_TLS10_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS10_INTOLERANCE_REASON_POST;
+      break;
+    default:
+      MOZ_CRASH("impossible TLS version");
+      return false;
+  }
+
+  // The difference between _PRE and _POST represents how often we avoided
+  // TLS intolerance fallback due to remembered tolerance.
+  Telemetry::Accumulate(pre, reason);
+
+  if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(),
+                                           socketInfo->GetPort(), range.min,
+                                           range.max, err)) {
+    return false;
+  }
+
+  Telemetry::Accumulate(post, reason);
+
+  return true;
+}
+
+// Ensure that we haven't added too many errors to fit.
+static_assert((SSL_ERROR_END_OF_LIST - SSL_ERROR_BASE) <= 256,
+              "too many SSL errors");
+static_assert((SEC_ERROR_END_OF_LIST - SEC_ERROR_BASE) <= 256,
+              "too many SEC errors");
+static_assert((PR_MAX_ERROR - PR_NSPR_ERROR_BASE) <= 128,
+              "too many NSPR errors");
+static_assert((mozilla::pkix::ERROR_BASE - mozilla::pkix::END_OF_LIST) < 31,
+              "too many moz::pkix errors");
+
+static void reportHandshakeResult(int32_t bytesTransferred, bool wasReading,
+                                  PRErrorCode err,
+                                  NSSSocketControl* socketInfo) {
+  uint32_t bucket;
+
+  // A negative bytesTransferred or a 0 read are errors.
+  if (bytesTransferred > 0) {
+    bucket = 0;
+  } else if ((bytesTransferred == 0) && !wasReading) {
+    // PR_Write() is defined to never return 0, but let's make sure.
+    // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_Write.
+    MOZ_ASSERT(false);
+    bucket = 671;
+  } else if (IS_SSL_ERROR(err)) {
+    bucket = err - SSL_ERROR_BASE;
+    MOZ_ASSERT(bucket > 0);  // SSL_ERROR_EXPORT_ONLY_SERVER isn't used.
+  } else if (IS_SEC_ERROR(err)) {
+    bucket = (err - SEC_ERROR_BASE) + 256;
+  } else if ((err >= PR_NSPR_ERROR_BASE) && (err < PR_MAX_ERROR)) {
+    bucket = (err - PR_NSPR_ERROR_BASE) + 512;
+  } else if ((err >= mozilla::pkix::ERROR_BASE) &&
+             (err < mozilla::pkix::ERROR_LIMIT)) {
+    bucket = (err - mozilla::pkix::ERROR_BASE) + 640;
+  } else {
+    bucket = 671;
+  }
+
+  uint32_t flags = socketInfo->GetProviderFlags();
+  if (!(flags & nsISocketProvider::IS_RETRY)) {
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_FIRST_TRY, bucket);
+  }
+
+  if (flags & nsISocketProvider::BE_CONSERVATIVE) {
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_CONSERVATIVE, bucket);
+  }
+
+  switch (socketInfo->GetEchExtensionStatus()) {
+    case EchExtensionStatus::kGREASE:
+      Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_ECH_GREASE, bucket);
+      break;
+    case EchExtensionStatus::kReal:
+      Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT_ECH, bucket);
+      break;
+    default:
+      break;
+  }
+  Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket);
+
+  if (bucket == 0) {
+    nsCOMPtr<nsITransportSecurityInfo> securityInfo;
+    if (NS_FAILED(socketInfo->GetSecurityInfo(getter_AddRefs(securityInfo))) ||
+        !securityInfo) {
+      return;
+    }
+    // Web Privacy Telemetry for successful connections.
+    bool success = true;
+
+    bool usedPrivateDNS = false;
+    success &= securityInfo->GetUsedPrivateDNS(&usedPrivateDNS) == NS_OK;
+
+    bool madeOCSPRequest = false;
+    success &= securityInfo->GetMadeOCSPRequests(&madeOCSPRequest) == NS_OK;
+
+    uint16_t protocolVersion = 0;
+    success &= securityInfo->GetProtocolVersion(&protocolVersion) == NS_OK;
+    bool usedTLS13 = protocolVersion == 4;
+
+    bool usedECH = false;
+    success &= securityInfo->GetIsAcceptedEch(&usedECH) == NS_OK;
+
+    // As bucket is 0 we are reporting the results of a sucessful connection
+    // and so TransportSecurityInfo should be populated. However, this isn't
+    // happening in all cases, see Bug 1789458.
+    if (success) {
+      uint8_t TLSPrivacyResult = 0;
+      TLSPrivacyResult |= usedTLS13 << 0;
+      TLSPrivacyResult |= !madeOCSPRequest << 1;
+      TLSPrivacyResult |= usedPrivateDNS << 2;
+      TLSPrivacyResult |= usedECH << 3;
+
+      Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_PRIVACY, TLSPrivacyResult);
+    }
+  }
+}
+
+// Check the status of the handshake. This is where PSM checks for TLS
+// intolerance and potentially sets up TLS intolerance fallback by noting the
+// intolerance, setting the NSPR error to PR_CONNECT_RESET_ERROR, and returning
+// -1 as the bytes transferred so that necko retries the connection.
+// Otherwise, PSM returns the bytes transferred unchanged.
+int32_t checkHandshake(int32_t bytesTransferred, bool wasReading,
+                       PRFileDesc* ssl_layer_fd, NSSSocketControl* socketInfo) {
+  const PRErrorCode originalError = PR_GetError();
+
+  // If the connection would block, return early.
+  if (bytesTransferred < 0 && originalError == PR_WOULD_BLOCK_ERROR) {
+    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+    return bytesTransferred;
+  }
+
+  // We only need to do TLS intolerance checking for the first transfer.
+  bool handleHandshakeResultNow = socketInfo->IsHandshakePending();
+  if (!handleHandshakeResultNow) {
+    // If we've encountered an error since the handshake, ensure the socket
+    // control is cancelled, so that getSocketInfoIfRunning will correctly
+    // cause us to fail if another part of Gecko (erroneously) calls an I/O
+    // function (PR_Send/PR_Recv/etc.) again on this socket.
+    if (bytesTransferred < 0) {
+      if (!socketInfo->IsCanceled()) {
+        socketInfo->SetCanceled(originalError);
+      }
+      PR_SetError(originalError, 0);
+    }
+    return bytesTransferred;
+  }
+
+  // TLS intolerant servers only cause the first transfer to fail, so let's
+  // set the HandshakePending attribute to false so that we don't try this logic
+  // again in a subsequent transfer.
+  socketInfo->SetHandshakeNotPending();
+  // Report the result once for each handshake. Note that this does not
+  // get handshakes which are cancelled before any reads or writes
+  // happen.
+  reportHandshakeResult(bytesTransferred, wasReading, originalError,
+                        socketInfo);
+
+  // If there was no error, return early. The case where we read 0 bytes is not
+  // considered an error by NSS, but PSM interprets this as TLS intolerance, so
+  // we turn it into an error. Writes of 0 bytes are an error, because PR_Write
+  // is never supposed to return 0.
+  if (bytesTransferred > 0) {
+    return bytesTransferred;
+  }
+
+  // There was some sort of error. Determine what it was and if we want to
+  // retry the connection due to TLS intolerance.
+  PRErrorCode errorToUse = originalError;
+  // Turn zero-length reads into errors and handle zero-length write errors.
+  if (bytesTransferred == 0) {
+    if (wasReading) {
+      errorToUse = PR_END_OF_FILE_ERROR;
+    } else {
+      errorToUse = SEC_ERROR_LIBRARY_FAILURE;
+    }
+    bytesTransferred = -1;
+  }
+  bool wantRetry = retryDueToTLSIntolerance(errorToUse, socketInfo);
+  // Set the error on the socket control and cancel it.
+  if (!socketInfo->IsCanceled()) {
+    socketInfo->SetCanceled(errorToUse);
+  }
+
+  if (wantRetry) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] checkHandshake: will retry with lower max TLS version",
+             ssl_layer_fd));
+    // Setting the error PR_CONNECT_RESET_ERROR causes necko to retry the
+    // connection.
+    PR_SetError(PR_CONNECT_RESET_ERROR, 0);
+  } else {
+    PR_SetError(originalError, 0);
+  }
+
+  return bytesTransferred;
+}
+
+}  // namespace
+
+static int16_t nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags,
+                                int16_t* out_flags) {
+  if (!out_flags) {
+    NS_WARNING("nsSSLIOLayerPoll called with null out_flags");
+    return 0;
+  }
+
+  *out_flags = 0;
+
+  NSSSocketControl* socketInfo =
+      getSocketInfoIfRunning(fd, not_reading_or_writing);
+
+  if (!socketInfo) {
+    // If we get here, it is probably because certificate validation failed
+    // and this is the first I/O operation after the failure.
+    MOZ_LOG(
+        gPIPNSSLog, LogLevel::Debug,
+        ("[%p] polling SSL socket right after certificate verification failed "
+         "or NSS shutdown or SDR logout %d\n",
+         fd, (int)in_flags));
+
+    MOZ_ASSERT(in_flags & PR_POLL_EXCEPT,
+               "Caller did not poll for EXCEPT (canceled)");
+    // Since this poll method cannot return errors, we want the caller to call
+    // PR_Send/PR_Recv right away to get the error, so we tell that we are
+    // ready for whatever I/O they are asking for. (See getSocketInfoIfRunning).
+    *out_flags = in_flags | PR_POLL_EXCEPT;  // see also bug 480619
+    return in_flags;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          (socketInfo->IsWaitingForCertVerification()
+               ? "[%p] polling SSL socket during certificate verification "
+                 "using lower %d\n"
+               : "[%p] poll SSL socket using lower %d\n",
+           fd, (int)in_flags));
+
+  socketInfo->MaybeDispatchSelectClientAuthCertificate();
+
+  // We want the handshake to continue during certificate validation, so we
+  // don't need to do anything special here. libssl automatically blocks when
+  // it reaches any point that would be unsafe to send/receive something before
+  // cert validation is complete.
+  int16_t result = fd->lower->methods->poll(fd->lower, in_flags, out_flags);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] poll SSL socket returned %d\n", (void*)fd, (int)result));
+  return result;
+}
+
+nsSSLIOLayerHelpers::nsSSLIOLayerHelpers(uint32_t aTlsFlags)
+    : mTreatUnsafeNegotiationAsBroken(false),
+      mTLSIntoleranceInfo(),
+      mVersionFallbackLimit(SSL_LIBRARY_VERSION_TLS_1_0),
+      mutex("nsSSLIOLayerHelpers.mutex"),
+      mTlsFlags(aTlsFlags) {}
+
+// PSMAvailable and PSMAvailable64 are reachable, but they're unimplemented in
+// PSM, so we set an error and return -1.
+static int32_t PSMAvailable(PRFileDesc*) {
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+  return -1;
+}
+
+static int64_t PSMAvailable64(PRFileDesc*) {
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+  return -1;
+}
+
+static PRStatus PSMGetsockname(PRFileDesc* fd, PRNetAddr* addr) {
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing)) return PR_FAILURE;
+
+  return fd->lower->methods->getsockname(fd->lower, addr);
+}
+
+static PRStatus PSMGetpeername(PRFileDesc* fd, PRNetAddr* addr) {
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing)) return PR_FAILURE;
+
+  return fd->lower->methods->getpeername(fd->lower, addr);
+}
+
+static PRStatus PSMGetsocketoption(PRFileDesc* fd, PRSocketOptionData* data) {
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing)) return PR_FAILURE;
+
+  return fd->lower->methods->getsocketoption(fd, data);
+}
+
+static PRStatus PSMSetsocketoption(PRFileDesc* fd,
+                                   const PRSocketOptionData* data) {
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing)) return PR_FAILURE;
+
+  return fd->lower->methods->setsocketoption(fd, data);
+}
+
+static int32_t PSMRecv(PRFileDesc* fd, void* buf, int32_t amount, int flags,
+                       PRIntervalTime timeout) {
+  NSSSocketControl* socketInfo = getSocketInfoIfRunning(fd, reading);
+  if (!socketInfo) return -1;
+
+  if (flags != PR_MSG_PEEK && flags != 0) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return -1;
+  }
+
+  int32_t bytesRead =
+      fd->lower->methods->recv(fd->lower, buf, amount, flags, timeout);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] read %d bytes\n", (void*)fd, bytesRead));
+
+#ifdef DEBUG_SSL_VERBOSE
+  DEBUG_DUMP_BUFFER((unsigned char*)buf, bytesRead);
+#endif
+
+  return checkHandshake(bytesRead, true, fd, socketInfo);
+}
+
+static int32_t PSMSend(PRFileDesc* fd, const void* buf, int32_t amount,
+                       int flags, PRIntervalTime timeout) {
+  NSSSocketControl* socketInfo = getSocketInfoIfRunning(fd, writing);
+  if (!socketInfo) return -1;
+
+  if (flags != 0) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return -1;
+  }
+
+#ifdef DEBUG_SSL_VERBOSE
+  DEBUG_DUMP_BUFFER((unsigned char*)buf, amount);
+#endif
+
+  if (socketInfo->IsShortWritePending() && amount > 0) {
+    // We got "SSL short write" last time, try to flush the pending byte.
+#ifdef DEBUG
+    socketInfo->CheckShortWrittenBuffer(static_cast<const unsigned char*>(buf),
+                                        amount);
+#endif
+
+    buf = socketInfo->GetShortWritePendingByteRef();
+    amount = 1;
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+            ("[%p] pushing 1 byte after SSL short write", fd));
+  }
+
+  int32_t bytesWritten =
+      fd->lower->methods->send(fd->lower, buf, amount, flags, timeout);
+
+  // NSS indicates that it can't write all requested data (due to network
+  // congestion, for example) by returning either one less than the amount
+  // of data requested or 16383, if the requested amount is greater than
+  // 16384. We refer to this as a "short write". If we simply returned
+  // the amount that NSS did write, the layer above us would then call
+  // PSMSend with a very small amount of data (often 1). This is inefficient
+  // and can lead to alternating between sending large packets and very small
+  // packets. To prevent this, we alert the layer calling us that the operation
+  // would block and that it should be retried later, with the same data.
+  // When it does, we tell NSS to write the remaining byte it didn't write
+  // in the previous call. We then return the total number of bytes written,
+  // which is the number that caused the short write plus the additional byte
+  // we just wrote out.
+
+  // The 16384 value is based on libssl's maximum buffer size:
+  //    MAX_FRAGMENT_LENGTH - 1
+  //
+  // It's in a private header, though, filed bug 1394822 to expose it.
+  static const int32_t kShortWrite16k = 16383;
+
+  if ((amount > 1 && bytesWritten == (amount - 1)) ||
+      (amount > kShortWrite16k && bytesWritten == kShortWrite16k)) {
+    // This is indication of an "SSL short write", block to force retry.
+    socketInfo->SetShortWritePending(
+        bytesWritten + 1,  // The amount to return after the flush
+        *(static_cast<const unsigned char*>(buf) + bytesWritten));
+
+    MOZ_LOG(
+        gPIPNSSLog, LogLevel::Verbose,
+        ("[%p] indicated SSL short write for %d bytes (written just %d bytes)",
+         fd, amount, bytesWritten));
+
+    bytesWritten = -1;
+    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+
+#ifdef DEBUG
+    socketInfo->RememberShortWrittenBuffer(
+        static_cast<const unsigned char*>(buf));
+#endif
+
+  } else if (socketInfo->IsShortWritePending() && bytesWritten == 1) {
+    // We have now flushed all pending data in the SSL socket
+    // after the indicated short write.  Tell the upper layer
+    // it has sent all its data now.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+            ("[%p] finished SSL short write", fd));
+
+    bytesWritten = socketInfo->ResetShortWritePending();
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] wrote %d bytes\n", fd, bytesWritten));
+
+  return checkHandshake(bytesWritten, false, fd, socketInfo);
+}
+
+static PRStatus PSMBind(PRFileDesc* fd, const PRNetAddr* addr) {
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing)) return PR_FAILURE;
+
+  return fd->lower->methods->bind(fd->lower, addr);
+}
+
+static int32_t nsSSLIOLayerRead(PRFileDesc* fd, void* buf, int32_t amount) {
+  return PSMRecv(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT);
+}
+
+static int32_t nsSSLIOLayerWrite(PRFileDesc* fd, const void* buf,
+                                 int32_t amount) {
+  return PSMSend(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT);
+}
+
+static PRStatus PSMConnectcontinue(PRFileDesc* fd, int16_t out_flags) {
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing)) {
+    return PR_FAILURE;
+  }
+
+  return fd->lower->methods->connectcontinue(fd, out_flags);
+}
+
+namespace {
+
+class PrefObserver : public nsIObserver {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  explicit PrefObserver(nsSSLIOLayerHelpers* aOwner) : mOwner(aOwner) {}
+
+ protected:
+  virtual ~PrefObserver() = default;
+
+ private:
+  nsSSLIOLayerHelpers* mOwner;
+};
+
+}  // unnamed namespace
+
+NS_IMPL_ISUPPORTS(PrefObserver, nsIObserver)
+
+NS_IMETHODIMP
+PrefObserver::Observe(nsISupports* aSubject, const char* aTopic,
+                      const char16_t* someData) {
+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    NS_ConvertUTF16toUTF8 prefName(someData);
+
+    if (prefName.EqualsLiteral(
+            "security.ssl.treat_unsafe_negotiation_as_broken")) {
+      bool enabled;
+      Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken",
+                           &enabled);
+      mOwner->setTreatUnsafeNegotiationAsBroken(enabled);
+    } else if (prefName.EqualsLiteral("security.tls.version.fallback-limit")) {
+      mOwner->loadVersionFallbackLimit();
+    } else if (prefName.EqualsLiteral("security.tls.insecure_fallback_hosts")) {
+      // Changes to the allowlist on the public side will update the pref.
+      // Don't propagate the changes to the private side.
+      if (mOwner->isPublic()) {
+        mOwner->initInsecureFallbackSites();
+      }
+    }
+  }
+  return NS_OK;
+}
+
+static int32_t PlaintextRecv(PRFileDesc* fd, void* buf, int32_t amount,
+                             int flags, PRIntervalTime timeout) {
+  NSSSocketControl* socketInfo = nullptr;
+
+  int32_t bytesRead =
+      fd->lower->methods->recv(fd->lower, buf, amount, flags, timeout);
+  if (fd->identity == nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity) {
+    socketInfo = (NSSSocketControl*)fd->secret;
+  }
+
+  if ((bytesRead > 0) && socketInfo) {
+    socketInfo->AddPlaintextBytesRead(bytesRead);
+  }
+  return bytesRead;
+}
+
+nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers() {
+  // mPrefObserver will only be set if this->Init was called. The GTest tests
+  // do not call Init.
+  if (mPrefObserver) {
+    Preferences::RemoveObserver(
+        mPrefObserver, "security.ssl.treat_unsafe_negotiation_as_broken");
+    Preferences::RemoveObserver(mPrefObserver,
+                                "security.tls.version.fallback-limit");
+    Preferences::RemoveObserver(mPrefObserver,
+                                "security.tls.insecure_fallback_hosts");
+  }
+}
+
+template <typename R, R return_value, typename... Args>
+static R InvalidPRIOMethod(Args...) {
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+  return return_value;
+}
+
+nsresult nsSSLIOLayerHelpers::Init() {
+  if (!nsSSLIOLayerInitialized) {
+    MOZ_ASSERT(NS_IsMainThread());
+    nsSSLIOLayerInitialized = true;
+    nsSSLIOLayerIdentity = PR_GetUniqueIdentity("NSS layer");
+    nsSSLIOLayerMethods = *PR_GetDefaultIOMethods();
+
+    nsSSLIOLayerMethods.fsync =
+        InvalidPRIOMethod<PRStatus, PR_FAILURE, PRFileDesc*>;
+    nsSSLIOLayerMethods.seek =
+        InvalidPRIOMethod<int32_t, -1, PRFileDesc*, int32_t, PRSeekWhence>;
+    nsSSLIOLayerMethods.seek64 =
+        InvalidPRIOMethod<int64_t, -1, PRFileDesc*, int64_t, PRSeekWhence>;
+    nsSSLIOLayerMethods.fileInfo =
+        InvalidPRIOMethod<PRStatus, PR_FAILURE, PRFileDesc*, PRFileInfo*>;
+    nsSSLIOLayerMethods.fileInfo64 =
+        InvalidPRIOMethod<PRStatus, PR_FAILURE, PRFileDesc*, PRFileInfo64*>;
+    nsSSLIOLayerMethods.writev =
+        InvalidPRIOMethod<int32_t, -1, PRFileDesc*, const PRIOVec*, int32_t,
+                          PRIntervalTime>;
+    nsSSLIOLayerMethods.accept =
+        InvalidPRIOMethod<PRFileDesc*, nullptr, PRFileDesc*, PRNetAddr*,
+                          PRIntervalTime>;
+    nsSSLIOLayerMethods.listen =
+        InvalidPRIOMethod<PRStatus, PR_FAILURE, PRFileDesc*, int>;
+    nsSSLIOLayerMethods.shutdown =
+        InvalidPRIOMethod<PRStatus, PR_FAILURE, PRFileDesc*, int>;
+    nsSSLIOLayerMethods.recvfrom =
+        InvalidPRIOMethod<int32_t, -1, PRFileDesc*, void*, int32_t, int,
+                          PRNetAddr*, PRIntervalTime>;
+    nsSSLIOLayerMethods.sendto =
+        InvalidPRIOMethod<int32_t, -1, PRFileDesc*, const void*, int32_t, int,
+                          const PRNetAddr*, PRIntervalTime>;
+    nsSSLIOLayerMethods.acceptread =
+        InvalidPRIOMethod<int32_t, -1, PRFileDesc*, PRFileDesc**, PRNetAddr**,
+                          void*, int32_t, PRIntervalTime>;
+    nsSSLIOLayerMethods.transmitfile =
+        InvalidPRIOMethod<int32_t, -1, PRFileDesc*, PRFileDesc*, const void*,
+                          int32_t, PRTransmitFileFlags, PRIntervalTime>;
+    nsSSLIOLayerMethods.sendfile =
+        InvalidPRIOMethod<int32_t, -1, PRFileDesc*, PRSendFileData*,
+                          PRTransmitFileFlags, PRIntervalTime>;
+
+    nsSSLIOLayerMethods.available = PSMAvailable;
+    nsSSLIOLayerMethods.available64 = PSMAvailable64;
+    nsSSLIOLayerMethods.getsockname = PSMGetsockname;
+    nsSSLIOLayerMethods.getpeername = PSMGetpeername;
+    nsSSLIOLayerMethods.getsocketoption = PSMGetsocketoption;
+    nsSSLIOLayerMethods.setsocketoption = PSMSetsocketoption;
+    nsSSLIOLayerMethods.recv = PSMRecv;
+    nsSSLIOLayerMethods.send = PSMSend;
+    nsSSLIOLayerMethods.connectcontinue = PSMConnectcontinue;
+    nsSSLIOLayerMethods.bind = PSMBind;
+
+    nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect;
+    nsSSLIOLayerMethods.close = nsSSLIOLayerClose;
+    nsSSLIOLayerMethods.write = nsSSLIOLayerWrite;
+    nsSSLIOLayerMethods.read = nsSSLIOLayerRead;
+    nsSSLIOLayerMethods.poll = nsSSLIOLayerPoll;
+
+    nsSSLPlaintextLayerIdentity = PR_GetUniqueIdentity("Plaintxext PSM layer");
+    nsSSLPlaintextLayerMethods = *PR_GetDefaultIOMethods();
+    nsSSLPlaintextLayerMethods.recv = PlaintextRecv;
+  }
+
+  loadVersionFallbackLimit();
+
+  // non main thread helpers will need to use defaults
+  if (NS_IsMainThread()) {
+    bool enabled = false;
+    Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken",
+                         &enabled);
+    setTreatUnsafeNegotiationAsBroken(enabled);
+
+    initInsecureFallbackSites();
+
+    mPrefObserver = new PrefObserver(this);
+    Preferences::AddStrongObserver(
+        mPrefObserver, "security.ssl.treat_unsafe_negotiation_as_broken");
+    Preferences::AddStrongObserver(mPrefObserver,
+                                   "security.tls.version.fallback-limit");
+    Preferences::AddStrongObserver(mPrefObserver,
+                                   "security.tls.insecure_fallback_hosts");
+  } else {
+    MOZ_ASSERT(mTlsFlags, "Only per socket version can ignore prefs");
+  }
+
+  return NS_OK;
+}
+
+void nsSSLIOLayerHelpers::loadVersionFallbackLimit() {
+  // see nsNSSComponent::SetEnabledTLSVersions for pref handling rules
+  uint32_t limit = 3;  // TLS 1.2
+
+  if (NS_IsMainThread()) {
+    limit = Preferences::GetUint("security.tls.version.fallback-limit",
+                                 3);  // 3 = TLS 1.2
+  }
+
+  // set fallback limit if it is set in the tls flags
+  uint32_t tlsFlagsFallbackLimit = getTLSProviderFlagFallbackLimit(mTlsFlags);
+
+  if (tlsFlagsFallbackLimit) {
+    limit = tlsFlagsFallbackLimit;
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("loadVersionFallbackLimit overriden by tlsFlags %d\n", limit));
+  }
+
+  SSLVersionRange defaults = {SSL_LIBRARY_VERSION_TLS_1_2,
+                              SSL_LIBRARY_VERSION_TLS_1_2};
+  SSLVersionRange filledInRange;
+  nsNSSComponent::FillTLSVersionRange(filledInRange, limit, limit, defaults);
+  if (filledInRange.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+    filledInRange.max = SSL_LIBRARY_VERSION_TLS_1_2;
+  }
+
+  mVersionFallbackLimit = filledInRange.max;
+}
+
+void nsSSLIOLayerHelpers::clearStoredData() {
+  MOZ_ASSERT(NS_IsMainThread());
+  initInsecureFallbackSites();
+
+  MutexAutoLock lock(mutex);
+  mTLSIntoleranceInfo.Clear();
+}
+
+void nsSSLIOLayerHelpers::setInsecureFallbackSites(const nsCString& str) {
+  MutexAutoLock lock(mutex);
+
+  mInsecureFallbackSites.Clear();
+
+  for (const nsACString& host : nsCCharSeparatedTokenizer(str, ',').ToRange()) {
+    if (!host.IsEmpty()) {
+      mInsecureFallbackSites.PutEntry(host);
+    }
+  }
+}
+
+void nsSSLIOLayerHelpers::initInsecureFallbackSites() {
+  MOZ_ASSERT(NS_IsMainThread());
+  nsAutoCString insecureFallbackHosts;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts",
+                          insecureFallbackHosts);
+  setInsecureFallbackSites(insecureFallbackHosts);
+}
+
+bool nsSSLIOLayerHelpers::isPublic() const {
+  return this == &PublicSSLState()->IOLayerHelpers();
+}
+
+class FallbackPrefRemover final : public Runnable {
+ public:
+  explicit FallbackPrefRemover(const nsACString& aHost)
+      : mozilla::Runnable("FallbackPrefRemover"), mHost(aHost) {}
+  NS_IMETHOD Run() override;
+
+ private:
+  nsCString mHost;
+};
+
+NS_IMETHODIMP
+FallbackPrefRemover::Run() {
+  MOZ_ASSERT(NS_IsMainThread());
+  nsAutoCString oldValue;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts", oldValue);
+  nsCString newValue;
+  for (const nsACString& host :
+       nsCCharSeparatedTokenizer(oldValue, ',').ToRange()) {
+    if (host.Equals(mHost)) {
+      continue;
+    }
+    if (!newValue.IsEmpty()) {
+      newValue.Append(',');
+    }
+    newValue.Append(host);
+  }
+  Preferences::SetCString("security.tls.insecure_fallback_hosts", newValue);
+  return NS_OK;
+}
+
+void nsSSLIOLayerHelpers::removeInsecureFallbackSite(const nsACString& hostname,
+                                                     uint16_t port) {
+  forgetIntolerance(hostname, port);
+  {
+    MutexAutoLock lock(mutex);
+    if (!mInsecureFallbackSites.Contains(hostname)) {
+      return;
+    }
+    mInsecureFallbackSites.RemoveEntry(hostname);
+  }
+  if (!isPublic()) {
+    return;
+  }
+  RefPtr<Runnable> runnable = new FallbackPrefRemover(hostname);
+  if (NS_IsMainThread()) {
+    runnable->Run();
+  } else {
+    NS_DispatchToMainThread(runnable);
+  }
+}
+
+bool nsSSLIOLayerHelpers::isInsecureFallbackSite(const nsACString& hostname) {
+  MutexAutoLock lock(mutex);
+  return mInsecureFallbackSites.Contains(hostname);
+}
+
+void nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(bool broken) {
+  MutexAutoLock lock(mutex);
+  mTreatUnsafeNegotiationAsBroken = broken;
+}
+
+bool nsSSLIOLayerHelpers::treatUnsafeNegotiationAsBroken() {
+  MutexAutoLock lock(mutex);
+  return mTreatUnsafeNegotiationAsBroken;
+}
+
+nsresult nsSSLIOLayerNewSocket(int32_t family, const char* host, int32_t port,
+                               nsIProxyInfo* proxy,
+                               const OriginAttributes& originAttributes,
+                               PRFileDesc** fd,
+                               nsITLSSocketControl** tlsSocketControl,
+                               bool forSTARTTLS, uint32_t flags,
+                               uint32_t tlsFlags) {
+  PRFileDesc* sock = PR_OpenTCPSocket(family);
+  if (!sock) return NS_ERROR_OUT_OF_MEMORY;
+
+  nsresult rv =
+      nsSSLIOLayerAddToSocket(family, host, port, proxy, originAttributes, sock,
+                              tlsSocketControl, forSTARTTLS, flags, tlsFlags);
+  if (NS_FAILED(rv)) {
+    PR_Close(sock);
+    return rv;
+  }
+
+  *fd = sock;
+  return NS_OK;
+}
+
+static PRFileDesc* nsSSLIOLayerImportFD(PRFileDesc* fd,
+                                        NSSSocketControl* infoObject,
+                                        const char* host, bool haveHTTPSProxy) {
+  // Memory allocated here is released when fd is closed, regardless of the
+  // success of this function.
+  PRFileDesc* sslSock = SSL_ImportFD(nullptr, fd);
+  if (!sslSock) {
+    return nullptr;
+  }
+  if (SSL_SetPKCS11PinArg(sslSock, infoObject) != SECSuccess) {
+    return nullptr;
+  }
+  if (SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject) !=
+      SECSuccess) {
+    return nullptr;
+  }
+  if (SSL_SetCanFalseStartCallback(sslSock, CanFalseStartCallback,
+                                   infoObject) != SECSuccess) {
+    return nullptr;
+  }
+
+  // Disable this hook if we connect anonymously. See bug 466080.
+  uint32_t flags = infoObject->GetProviderFlags();
+  SSLGetClientAuthData clientAuthDataHook = SSLGetClientAuthDataHook;
+  // Provide the client cert to HTTPS proxy no matter if it is anonymous.
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT && !haveHTTPSProxy &&
+      !(flags & nsISocketProvider::ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT)) {
+    clientAuthDataHook = nullptr;
+  }
+  if (SSL_GetClientAuthDataHook(sslSock, clientAuthDataHook, infoObject) !=
+      SECSuccess) {
+    return nullptr;
+  }
+
+  if (SSL_AuthCertificateHook(sslSock, AuthCertificateHook, infoObject) !=
+      SECSuccess) {
+    return nullptr;
+  }
+  if (SSL_SetURL(sslSock, host) != SECSuccess) {
+    return nullptr;
+  }
+
+  return sslSock;
+}
+
+// Please change getSignatureName in nsNSSCallbacks.cpp when changing the list
+// here. See NOTE at SSL_SignatureSchemePrefSet call site.
+static const SSLSignatureScheme sEnabledSignatureSchemes[] = {
+    ssl_sig_ecdsa_secp256r1_sha256,
+    ssl_sig_ecdsa_secp384r1_sha384,
+    ssl_sig_ecdsa_secp521r1_sha512,
+    ssl_sig_rsa_pss_sha256,
+    ssl_sig_rsa_pss_sha384,
+    ssl_sig_rsa_pss_sha512,
+    ssl_sig_rsa_pkcs1_sha256,
+    ssl_sig_rsa_pkcs1_sha384,
+    ssl_sig_rsa_pkcs1_sha512,
+#if !defined(EARLY_BETA_OR_EARLIER)
+    ssl_sig_ecdsa_sha1,
+#endif
+    ssl_sig_rsa_pkcs1_sha1,
+};
+
+static nsresult nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
+                                       bool haveProxy, const char* host,
+                                       int32_t port,
+                                       NSSSocketControl* infoObject) {
+  if (forSTARTTLS || haveProxy) {
+    if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  SSLVersionRange range;
+  if (SSL_VersionRangeGet(fd, &range) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Set TLS 1.3 compat mode.
+  if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("[%p] nsSSLIOLayerSetOptions: Setting compat mode failed\n", fd));
+  }
+
+  // setting TLS max version
+  uint32_t versionFlags =
+      getTLSProviderFlagMaxVersion(infoObject->GetProviderTlsFlags());
+  if (versionFlags) {
+    MOZ_LOG(
+        gPIPNSSLog, LogLevel::Debug,
+        ("[%p] nsSSLIOLayerSetOptions: version flags %d\n", fd, versionFlags));
+    if (versionFlags == kTLSProviderFlagMaxVersion10) {
+      range.max = SSL_LIBRARY_VERSION_TLS_1_0;
+    } else if (versionFlags == kTLSProviderFlagMaxVersion11) {
+      range.max = SSL_LIBRARY_VERSION_TLS_1_1;
+    } else if (versionFlags == kTLSProviderFlagMaxVersion12) {
+      range.max = SSL_LIBRARY_VERSION_TLS_1_2;
+    } else if (versionFlags == kTLSProviderFlagMaxVersion13) {
+      range.max = SSL_LIBRARY_VERSION_TLS_1_3;
+    } else {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+              ("[%p] nsSSLIOLayerSetOptions: unknown version flags %d\n", fd,
+               versionFlags));
+    }
+  }
+
+  if ((infoObject->GetProviderFlags() & nsISocketProvider::BE_CONSERVATIVE) &&
+      (range.max > SSL_LIBRARY_VERSION_TLS_1_2)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] nsSSLIOLayerSetOptions: range.max limited to 1.2 due to "
+             "BE_CONSERVATIVE flag\n",
+             fd));
+    range.max = SSL_LIBRARY_VERSION_TLS_1_2;
+  }
+
+  uint16_t maxEnabledVersion = range.max;
+  infoObject->SharedState().IOLayerHelpers().adjustForTLSIntolerance(
+      infoObject->GetHostName(), infoObject->GetPort(), range);
+  MOZ_LOG(
+      gPIPNSSLog, LogLevel::Debug,
+      ("[%p] nsSSLIOLayerSetOptions: using TLS version range (0x%04x,0x%04x)\n",
+       fd, static_cast<unsigned int>(range.min),
+       static_cast<unsigned int>(range.max)));
+
+  // If the user has set their minimum version to something higher than what
+  // we've now set the maximum to, this will result in an inconsistent version
+  // range unless we fix it up. This will override their preference, but we only
+  // do this for sites critical to the operation of the browser (e.g. update
+  // servers) and telemetry experiments.
+  if (range.min > range.max) {
+    range.min = range.max;
+  }
+
+  if (SSL_VersionRangeSet(fd, &range) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  infoObject->SetTLSVersionRange(range);
+
+  // when adjustForTLSIntolerance tweaks the maximum version downward,
+  // we tell the server using this SCSV so they can detect a downgrade attack
+  if (range.max < maxEnabledVersion) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] nsSSLIOLayerSetOptions: enabling TLS_FALLBACK_SCSV\n", fd));
+    // Some servers will choke if we send the fallback SCSV with TLS 1.2.
+    if (range.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+      if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, true)) {
+        return NS_ERROR_FAILURE;
+      }
+    }
+    // tell NSS the max enabled version to make anti-downgrade effective
+    if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  // Enable ECH GREASE if suitable. Has no impact if 'real' ECH is being used.
+  if (range.max >= SSL_LIBRARY_VERSION_TLS_1_3 &&
+      !(infoObject->GetProviderFlags() & (nsISocketProvider::BE_CONSERVATIVE |
+                                          nsISocketTransport::DONT_TRY_ECH)) &&
+      StaticPrefs::security_tls_ech_grease_probability()) {
+    if ((RandomUint64().valueOr(0) % 100) >=
+        100 - StaticPrefs::security_tls_ech_grease_probability()) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("[%p] nsSSLIOLayerSetOptions: enabling TLS ECH Grease\n", fd));
+      if (SECSuccess != SSL_EnableTls13GreaseEch(fd, PR_TRUE)) {
+        return NS_ERROR_FAILURE;
+      }
+      // ECH Padding can be between 1 and 255
+      if (SECSuccess !=
+          SSL_SetTls13GreaseEchSize(
+              fd, std::clamp(StaticPrefs::security_tls_ech_grease_size(), 1U,
+                             255U))) {
+        return NS_ERROR_FAILURE;
+      }
+      infoObject->UpdateEchExtensionStatus(EchExtensionStatus::kGREASE);
+    }
+  }
+
+  // Include a modest set of named groups.
+  // Please change getKeaGroupName in nsNSSCallbacks.cpp when changing the list
+  // here.
+  const SSLNamedGroup namedGroups[] = {
+      ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+      ssl_grp_ec_secp521r1,  ssl_grp_ffdhe_2048,   ssl_grp_ffdhe_3072};
+  if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups,
+                                         mozilla::ArrayLength(namedGroups))) {
+    return NS_ERROR_FAILURE;
+  }
+  // This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so
+  // that servers are less likely to use HelloRetryRequest.
+  if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 1)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // NOTE: Should this list ever include ssl_sig_rsa_pss_pss_sha* (or should
+  // it become possible to enable this scheme via a pref), it is required
+  // to test that a Delegated Credential containing a small-modulus RSA-PSS SPKI
+  // is properly rejected. NSS will not advertise PKCS1 or RSAE schemes (which
+  // the |ssl_sig_rsa_pss_*| defines alias, meaning we will not currently accept
+  // any RSA DC.
+  if (SECSuccess != SSL_SignatureSchemePrefSet(
+                        fd, sEnabledSignatureSchemes,
+                        mozilla::ArrayLength(sEnabledSignatureSchemes))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled();
+  if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  bool sctsEnabled = infoObject->SharedState().IsSignedCertTimestampsEnabled();
+  if (SECSuccess !=
+      SSL_OptionSet(fd, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, sctsEnabled)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) {
+    return NS_ERROR_FAILURE;
+  }
+
+#if defined(__arm__) && not defined(__ARM_FEATURE_CRYPTO)
+  unsigned int enabledCiphers = 0;
+  std::vector<uint16_t> ciphers(SSL_GetNumImplementedCiphers());
+
+  // Returns only the enabled (reflecting prefs) ciphers, ordered
+  // by their occurence in
+  // https://hg.mozilla.org/projects/nss/file/a75ea4cdacd95282c6c245ebb849c25e84ccd908/lib/ssl/ssl3con.c#l87
+  if (SSL_CipherSuiteOrderGet(fd, ciphers.data(), &enabledCiphers) !=
+      SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // On ARM, prefer (TLS_CHACHA20_POLY1305_SHA256) over AES when hardware
+  // support for AES isn't available. However, it may be disabled. If enabled,
+  // it will either be element [0] or [1]*. If [0], we're done. If [1], swap it
+  // with [0] (TLS_AES_128_GCM_SHA256).
+  // *(assuming the compile-time order remains unchanged)
+  if (enabledCiphers > 1) {
+    if (ciphers[0] != TLS_CHACHA20_POLY1305_SHA256 &&
+        ciphers[1] == TLS_CHACHA20_POLY1305_SHA256) {
+      std::swap(ciphers[0], ciphers[1]);
+
+      if (SSL_CipherSuiteOrderSet(fd, ciphers.data(), enabledCiphers) !=
+          SECSuccess) {
+        return NS_ERROR_FAILURE;
+      }
+    }
+  }
+#endif
+
+  // Set the Peer ID so that SSL proxy connections work properly and to
+  // separate anonymous and/or private browsing connections.
+  nsAutoCString peerId;
+  infoObject->GetPeerId(peerId);
+  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  uint32_t flags = infoObject->GetProviderFlags();
+  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, false) ||
+        SECSuccess != SSL_OptionSet(fd, SSL_NO_CACHE, true)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  return NS_OK;
+}
+
+SECStatus StoreResumptionToken(PRFileDesc* fd, const PRUint8* resumptionToken,
+                               unsigned int len, void* ctx) {
+  PRIntn val;
+  if (SSL_OptionGet(fd, SSL_ENABLE_SESSION_TICKETS, &val) != SECSuccess ||
+      val == 0) {
+    return SECFailure;
+  }
+
+  NSSSocketControl* infoObject = (NSSSocketControl*)ctx;
+  if (!infoObject) {
+    return SECFailure;
+  }
+
+  nsAutoCString peerId;
+  infoObject->GetPeerId(peerId);
+  if (NS_FAILED(
+          net::SSLTokensCache::Put(peerId, resumptionToken, len, infoObject))) {
+    return SECFailure;
+  }
+
+  return SECSuccess;
+}
+
+nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
+                                 nsIProxyInfo* proxy,
+                                 const OriginAttributes& originAttributes,
+                                 PRFileDesc* fd,
+                                 nsITLSSocketControl** tlsSocketControl,
+                                 bool forSTARTTLS, uint32_t providerFlags,
+                                 uint32_t providerTlsFlags) {
+  SharedSSLState* sharedState = nullptr;
+  RefPtr<SharedSSLState> allocatedState;
+  if (providerTlsFlags) {
+    allocatedState = new SharedSSLState(providerTlsFlags);
+    sharedState = allocatedState.get();
+  } else {
+    bool isPrivate = providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE ||
+                     originAttributes.mPrivateBrowsingId !=
+                         OriginAttributes().mPrivateBrowsingId;
+    sharedState = isPrivate ? PrivateSSLState() : PublicSSLState();
+  }
+
+  RefPtr<NSSSocketControl> infoObject(
+      new NSSSocketControl(nsDependentCString(host), port, *sharedState,
+                           providerFlags, providerTlsFlags));
+  if (!infoObject) {
+    return NS_ERROR_FAILURE;
+  }
+
+  infoObject->SetForSTARTTLS(forSTARTTLS);
+  infoObject->SetOriginAttributes(originAttributes);
+  if (allocatedState) {
+    infoObject->SetSharedOwningReference(allocatedState);
+  }
+
+  bool haveProxy = false;
+  bool haveHTTPSProxy = false;
+  if (proxy) {
+    nsAutoCString proxyHost;
+    nsresult rv = proxy->GetHost(proxyHost);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    haveProxy = !proxyHost.IsEmpty();
+    nsAutoCString type;
+    haveHTTPSProxy = haveProxy && NS_SUCCEEDED(proxy->GetType(type)) &&
+                     type.EqualsLiteral("https");
+  }
+
+  // A plaintext observer shim is inserted so we can observe some protocol
+  // details without modifying nss
+  PRFileDesc* plaintextLayer =
+      PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity,
+                           &nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods);
+  if (!plaintextLayer) {
+    return NS_ERROR_FAILURE;
+  }
+  plaintextLayer->secret = (PRFilePrivate*)infoObject.get();
+  if (PR_PushIOLayer(fd, PR_TOP_IO_LAYER, plaintextLayer) != PR_SUCCESS) {
+    plaintextLayer->dtor(plaintextLayer);
+    return NS_ERROR_FAILURE;
+  }
+  auto plaintextLayerCleanup = MakeScopeExit([&fd] {
+    // Note that PR_*IOLayer operations may modify the stack of fds, so a
+    // previously-valid pointer may no longer point to what we think it points
+    // to after calling PR_PopIOLayer. We must operate on the pointer returned
+    // by PR_PopIOLayer.
+    PRFileDesc* plaintextLayer =
+        PR_PopIOLayer(fd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    if (plaintextLayer) {
+      plaintextLayer->dtor(plaintextLayer);
+    }
+  });
+
+  PRFileDesc* sslSock =
+      nsSSLIOLayerImportFD(fd, infoObject, host, haveHTTPSProxy);
+  if (!sslSock) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = nsSSLIOLayerSetOptions(sslSock, forSTARTTLS, haveProxy, host,
+                                       port, infoObject);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Now, layer ourselves on top of the SSL socket...
+  PRFileDesc* layer =
+      PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLIOLayerIdentity,
+                           &nsSSLIOLayerHelpers::nsSSLIOLayerMethods);
+  if (!layer) {
+    return NS_ERROR_FAILURE;
+  }
+  // Give the layer an owning reference to the NSSSocketControl.
+  // This is the simplest way to prevent the layer from outliving the
+  // NSSSocketControl (otherwise, the layer could potentially use it in
+  // nsSSLIOLayerClose after it has been released).
+  // nsSSLIOLayerClose takes the owning reference when the underlying fd gets
+  // closed. If the fd never gets closed (as in, leaks), the NSSSocketControl
+  // will also leak.
+  layer->secret = (PRFilePrivate*)do_AddRef(infoObject).take();
+
+  if (PR_PushIOLayer(sslSock, PR_GetLayersIdentity(sslSock), layer) !=
+      PR_SUCCESS) {
+    layer->dtor(layer);
+    return NS_ERROR_FAILURE;
+  }
+  auto layerCleanup = MakeScopeExit([&fd] {
+    PRFileDesc* layer =
+        PR_PopIOLayer(fd, nsSSLIOLayerHelpers::nsSSLIOLayerIdentity);
+    if (layer) {
+      layer->dtor(layer);
+    }
+  });
+
+  // We are going use a clear connection first //
+  if (forSTARTTLS || haveProxy) {
+    infoObject->SetHandshakeNotPending();
+  }
+
+  infoObject->SharedState().NoteSocketCreated();
+
+  rv = infoObject->SetResumptionTokenFromExternalCache(sslSock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (SSL_SetResumptionTokenCallback(sslSock, &StoreResumptionToken,
+                                     infoObject) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Socket set up", (void*)sslSock));
+
+  (void)infoObject->SetFileDescPtr(sslSock);
+  layerCleanup.release();
+  plaintextLayerCleanup.release();
+  *tlsSocketControl = infoObject.forget().take();
+  return NS_OK;
+}
+
+already_AddRefed<IPCClientCertsChild> GetIPCClientCertsActor() {
+  PBackgroundChild* backgroundActor =
+      BackgroundChild::GetOrCreateForSocketParentBridgeForCurrentThread();
+  if (!backgroundActor) {
+    return nullptr;
+  }
+  RefPtr<PIPCClientCertsChild> actor =
+      SingleManagedOrNull(backgroundActor->ManagedPIPCClientCertsChild());
+  if (!actor) {
+    actor = backgroundActor->SendPIPCClientCertsConstructor(
+        new IPCClientCertsChild());
+    if (!actor) {
+      return nullptr;
+    }
+  }
+  return actor.forget().downcast<IPCClientCertsChild>();
+}
+
+extern "C" {
+
+const uint8_t kIPCClientCertsObjectTypeCert = 1;
+const uint8_t kIPCClientCertsObjectTypeRSAKey = 2;
+const uint8_t kIPCClientCertsObjectTypeECKey = 3;
+
+// This function is provided to the IPC client certs module so it can cause the
+// parent process to find certificates and keys and send identifying
+// information about them over IPC.
+void DoFindObjects(FindObjectsCallback cb, void* ctx) {
+  RefPtr<IPCClientCertsChild> ipcClientCertsActor(GetIPCClientCertsActor());
+  if (!ipcClientCertsActor) {
+    return;
+  }
+  nsTArray<IPCClientCertObject> objects;
+  if (!ipcClientCertsActor->SendFindObjects(&objects)) {
+    return;
+  }
+  for (const auto& object : objects) {
+    switch (object.type()) {
+      case IPCClientCertObject::TECKey:
+        cb(kIPCClientCertsObjectTypeECKey, object.get_ECKey().params().Length(),
+           object.get_ECKey().params().Elements(),
+           object.get_ECKey().cert().Length(),
+           object.get_ECKey().cert().Elements(), object.get_ECKey().slotType(),
+           ctx);
+        break;
+      case IPCClientCertObject::TRSAKey:
+        cb(kIPCClientCertsObjectTypeRSAKey,
+           object.get_RSAKey().modulus().Length(),
+           object.get_RSAKey().modulus().Elements(),
+           object.get_RSAKey().cert().Length(),
+           object.get_RSAKey().cert().Elements(),
+           object.get_RSAKey().slotType(), ctx);
+        break;
+      case IPCClientCertObject::TCertificate:
+        cb(kIPCClientCertsObjectTypeCert,
+           object.get_Certificate().der().Length(),
+           object.get_Certificate().der().Elements(), 0, nullptr,
+           object.get_Certificate().slotType(), ctx);
+        break;
+      default:
+        MOZ_ASSERT_UNREACHABLE("unhandled IPCClientCertObject type");
+        break;
+    }
+  }
+}
+
+// This function is provided to the IPC client certs module so it can cause the
+// parent process to sign the given data using the key corresponding to the
+// given certificate, using the given parameters.
+void DoSign(size_t cert_len, const uint8_t* cert, size_t data_len,
+            const uint8_t* data, size_t params_len, const uint8_t* params,
+            SignCallback cb, void* ctx) {
+  RefPtr<IPCClientCertsChild> ipcClientCertsActor(GetIPCClientCertsActor());
+  if (!ipcClientCertsActor) {
+    return;
+  }
+  ByteArray certBytes(nsTArray<uint8_t>(cert, cert_len));
+  ByteArray dataBytes(nsTArray<uint8_t>(data, data_len));
+  ByteArray paramsBytes(nsTArray<uint8_t>(params, params_len));
+  ByteArray signature;
+  if (!ipcClientCertsActor->SendSign(certBytes, dataBytes, paramsBytes,
+                                     &signature)) {
+    return;
+  }
+  cb(signature.data().Length(), signature.data().Elements(), ctx);
+}
+}  // extern "C"
diff --git a/security/manager/ssl/nsNSSIOLayer.h b/security/manager/ssl/nsNSSIOLayer.h
new file mode 100644
index 0000000000..c819889257
--- /dev/null
+++ b/security/manager/ssl/nsNSSIOLayer.h
@@ -0,0 +1,134 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSIOLayer_h
+#define nsNSSIOLayer_h
+
+#include "mozilla/Assertions.h"
+#include "mozilla/TimeStamp.h"
+#include "mozilla/UniquePtr.h"
+#include "nsCOMPtr.h"
+#include "nsIProxyInfo.h"
+#include "nsITLSSocketControl.h"
+#include "nsITlsHandshakeListener.h"
+#include "nsNSSCertificate.h"
+#include "nsTHashMap.h"
+#include "nsTHashtable.h"
+#include "sslt.h"
+
+namespace mozilla {
+class OriginAttributes;
+namespace psm {
+class SharedSSLState;
+}  // namespace psm
+}  // namespace mozilla
+
+const uint32_t kIPCClientCertsSlotTypeModern = 1;
+const uint32_t kIPCClientCertsSlotTypeLegacy = 2;
+
+using mozilla::OriginAttributes;
+
+class nsIObserver;
+
+// Order matters for UpdateEchExtensioNStatus.
+enum class EchExtensionStatus {
+  kNotPresent,  // No ECH Extension was sent
+  kGREASE,      // A GREASE ECH Extension was sent
+  kReal         // A 'real' ECH Extension was sent
+};
+
+class nsSSLIOLayerHelpers {
+ public:
+  explicit nsSSLIOLayerHelpers(uint32_t aTlsFlags = 0);
+  ~nsSSLIOLayerHelpers();
+
+  nsresult Init();
+  void Cleanup();
+
+  static bool nsSSLIOLayerInitialized;
+  static PRDescIdentity nsSSLIOLayerIdentity;
+  static PRDescIdentity nsSSLPlaintextLayerIdentity;
+  static PRIOMethods nsSSLIOLayerMethods;
+  static PRIOMethods nsSSLPlaintextLayerMethods;
+
+  bool mTreatUnsafeNegotiationAsBroken;
+
+  void setTreatUnsafeNegotiationAsBroken(bool broken);
+  bool treatUnsafeNegotiationAsBroken();
+
+ private:
+  struct IntoleranceEntry {
+    uint16_t tolerant;
+    uint16_t intolerant;
+    PRErrorCode intoleranceReason;
+
+    void AssertInvariant() const {
+      MOZ_ASSERT(intolerant == 0 || tolerant < intolerant);
+    }
+  };
+  nsTHashMap<nsCStringHashKey, IntoleranceEntry> mTLSIntoleranceInfo;
+  // Sites that require insecure fallback to TLS 1.0, set by the pref
+  // security.tls.insecure_fallback_hosts, which is a comma-delimited
+  // list of domain names.
+  nsTHashtable<nsCStringHashKey> mInsecureFallbackSites;
+
+ public:
+  void rememberTolerantAtVersion(const nsACString& hostname, int16_t port,
+                                 uint16_t tolerant);
+  bool fallbackLimitReached(const nsACString& hostname, uint16_t intolerant);
+  bool rememberIntolerantAtVersion(const nsACString& hostname, int16_t port,
+                                   uint16_t intolerant, uint16_t minVersion,
+                                   PRErrorCode intoleranceReason);
+  void forgetIntolerance(const nsACString& hostname, int16_t port);
+  void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
+                               /*in/out*/ SSLVersionRange& range);
+  PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port);
+
+  void clearStoredData();
+  void loadVersionFallbackLimit();
+  void setInsecureFallbackSites(const nsCString& str);
+  void initInsecureFallbackSites();
+  bool isPublic() const;
+  void removeInsecureFallbackSite(const nsACString& hostname, uint16_t port);
+  bool isInsecureFallbackSite(const nsACString& hostname);
+
+  uint16_t mVersionFallbackLimit;
+
+ private:
+  mozilla::Mutex mutex MOZ_UNANNOTATED;
+  nsCOMPtr<nsIObserver> mPrefObserver;
+  uint32_t mTlsFlags;
+};
+
+nsresult nsSSLIOLayerNewSocket(int32_t family, const char* host, int32_t port,
+                               nsIProxyInfo* proxy,
+                               const OriginAttributes& originAttributes,
+                               PRFileDesc** fd,
+                               nsITLSSocketControl** tlsSocketControl,
+                               bool forSTARTTLS, uint32_t flags,
+                               uint32_t tlsFlags);
+
+nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,
+                                 nsIProxyInfo* proxy,
+                                 const OriginAttributes& originAttributes,
+                                 PRFileDesc* fd,
+                                 nsITLSSocketControl** tlsSocketControl,
+                                 bool forSTARTTLS, uint32_t flags,
+                                 uint32_t tlsFlags);
+
+extern "C" {
+using FindObjectsCallback = void (*)(uint8_t type, size_t id_len,
+                                     const uint8_t* id, size_t data_len,
+                                     const uint8_t* data, uint32_t slotType,
+                                     void* ctx);
+void DoFindObjects(FindObjectsCallback cb, void* ctx);
+using SignCallback = void (*)(size_t data_len, const uint8_t* data, void* ctx);
+void DoSign(size_t cert_len, const uint8_t* cert, size_t data_len,
+            const uint8_t* data, size_t params_len, const uint8_t* params,
+            SignCallback cb, void* ctx);
+}
+
+#endif  // nsNSSIOLayer_h
diff --git a/security/manager/ssl/nsNSSModule.cpp b/security/manager/ssl/nsNSSModule.cpp
new file mode 100644
index 0000000000..ec62d25fc7
--- /dev/null
+++ b/security/manager/ssl/nsNSSModule.cpp
@@ -0,0 +1,107 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSModule.h"
+
+#include "ContentSignatureVerifier.h"
+#include "OSKeyStore.h"
+#include "OSReauthenticator.h"
+#include "PKCS11ModuleDB.h"
+#include "SecretDecoderRing.h"
+#include "mozilla/MacroArgs.h"
+#include "mozilla/ModuleUtils.h"
+#include "mozilla/SyncRunnable.h"
+#include "nsCertTree.h"
+#include "nsNSSCertificateDB.h"
+#include "nsPK11TokenDB.h"
+#include "nsRandomGenerator.h"
+#include "nsXULAppAPI.h"
+
+namespace mozilla {
+namespace psm {
+
+// Many of the implementations in this module call NSS functions and as a result
+// require that PSM has successfully initialized NSS before being used.
+// Additionally, some of the implementations have various restrictions on which
+// process and threads they can be used on (e.g. some can only be used in the
+// parent process and some must be initialized only on the main thread).
+// The following initialization framework allows these requirements to be
+// succinctly expressed and implemented.
+
+template <class InstanceClass, nsresult (InstanceClass::*InitMethod)()>
+MOZ_ALWAYS_INLINE static nsresult Instantiate(REFNSIID aIID, void** aResult) {
+  InstanceClass* inst = new InstanceClass();
+  NS_ADDREF(inst);
+  nsresult rv = InitMethod != nullptr ? (inst->*InitMethod)() : NS_OK;
+  if (NS_SUCCEEDED(rv)) {
+    rv = inst->QueryInterface(aIID, aResult);
+  }
+  NS_RELEASE(inst);
+  return rv;
+}
+
+enum class ThreadRestriction {
+  // must be initialized on the main thread (but can be used on any thread)
+  MainThreadOnly,
+  // can be initialized and used on any thread
+  AnyThread,
+};
+
+enum class ProcessRestriction {
+  ParentProcessOnly,
+  AnyProcess,
+};
+
+template <class InstanceClass,
+          nsresult (InstanceClass::*InitMethod)() = nullptr,
+          ProcessRestriction processRestriction =
+              ProcessRestriction::ParentProcessOnly,
+          ThreadRestriction threadRestriction = ThreadRestriction::AnyThread>
+static nsresult Constructor(REFNSIID aIID, void** aResult) {
+  *aResult = nullptr;
+
+  if (processRestriction == ProcessRestriction::ParentProcessOnly &&
+      !XRE_IsParentProcess()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!EnsureNSSInitializedChromeOrContent()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (threadRestriction == ThreadRestriction::MainThreadOnly &&
+      !NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  return Instantiate<InstanceClass, InitMethod>(aIID, aResult);
+}
+
+#define IMPL(type, ...)                                              \
+  template <>                                                        \
+  nsresult NSSConstructor<type>(const nsIID& aIID, void** aResult) { \
+    return Constructor<type, __VA_ARGS__>(aIID, aResult);            \
+  }
+
+// Components that require main thread initialization could cause a deadlock
+// in necko code (bug 1418752). To prevent it we initialize all such components
+// on main thread in advance in net_EnsurePSMInit(). Update that function when
+// new component with ThreadRestriction::MainThreadOnly is added.
+IMPL(SecretDecoderRing, nullptr)
+IMPL(nsPK11TokenDB, nullptr)
+IMPL(PKCS11ModuleDB, nullptr)
+IMPL(nsNSSCertificateDB, nullptr)
+IMPL(nsCertTree, nullptr)
+IMPL(ContentSignatureVerifier, nullptr)
+IMPL(nsRandomGenerator, nullptr, ProcessRestriction::AnyProcess)
+IMPL(OSKeyStore, nullptr, ProcessRestriction::ParentProcessOnly,
+     ThreadRestriction::MainThreadOnly)
+IMPL(OSReauthenticator, nullptr, ProcessRestriction::ParentProcessOnly,
+     ThreadRestriction::MainThreadOnly)
+#undef IMPL
+
+}  // namespace psm
+}  // namespace mozilla
diff --git a/security/manager/ssl/nsNSSModule.h b/security/manager/ssl/nsNSSModule.h
new file mode 100644
index 0000000000..85d2c74209
--- /dev/null
+++ b/security/manager/ssl/nsNSSModule.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSModule_h
+#define nsNSSModule_h
+
+#include "nsID.h"
+
+class nsISupports;
+
+namespace mozilla {
+namespace psm {
+template <typename T>
+nsresult NSSConstructor(const nsIID& aIID, void** aInstancePtr);
+}
+}  // namespace mozilla
+
+#endif  // nsNSSModule_h
diff --git a/security/manager/ssl/nsNSSVersion.cpp b/security/manager/ssl/nsNSSVersion.cpp
new file mode 100644
index 0000000000..4ad5046a96
--- /dev/null
+++ b/security/manager/ssl/nsNSSVersion.cpp
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSVersion.h"
+#include "nsString.h"
+#include "prinit.h"
+#include "nss.h"
+#include "nssutil.h"
+#include "ssl.h"
+#include "smime.h"
+
+NS_IMPL_ISUPPORTS(nsNSSVersion, nsINSSVersion)
+
+nsNSSVersion::nsNSSVersion() = default;
+
+nsNSSVersion::~nsNSSVersion() = default;
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSPR_Version(nsAString& v) {
+  v.AssignASCII(PR_GetVersion());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSS_Version(nsAString& v) {
+  v.AssignASCII(NSS_GetVersion());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSUTIL_Version(nsAString& v) {
+  v.AssignASCII(NSSUTIL_GetVersion());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSSL_Version(nsAString& v) {
+  v.AssignASCII(NSSSSL_GetVersion());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSMIME_Version(nsAString& v) {
+  v.AssignASCII(NSSSMIME_GetVersion());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSPR_MinVersion(nsAString& v) {
+  v.AssignLiteral(PR_VERSION);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSS_MinVersion(nsAString& v) {
+  v.AssignLiteral(NSS_VERSION);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSUTIL_MinVersion(nsAString& v) {
+  v.AssignLiteral(NSSUTIL_VERSION);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSSL_MinVersion(nsAString& v) {
+  v.AssignLiteral(NSS_VERSION);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSMIME_MinVersion(nsAString& v) {
+  v.AssignLiteral(NSS_VERSION);
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSVersion.h b/security/manager/ssl/nsNSSVersion.h
new file mode 100644
index 0000000000..de8dc15dd3
--- /dev/null
+++ b/security/manager/ssl/nsNSSVersion.h
@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NS_NSSVERSION_H_
+#define _NS_NSSVERSION_H_
+
+#include "nsINSSVersion.h"
+#include "mozilla/Attributes.h"
+
+class nsNSSVersion final : public nsINSSVersion {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSINSSVERSION
+
+  nsNSSVersion();
+
+ private:
+  ~nsNSSVersion();
+};
+
+#define NS_NSSVERSION_CID                            \
+  {                                                  \
+    0x23ad3531, 0x11d2, 0x4e8e, {                    \
+      0x80, 0x5a, 0x6a, 0x75, 0x2e, 0x91, 0x68, 0x1a \
+    }                                                \
+  }
+
+#endif
diff --git a/security/manager/ssl/nsNTLMAuthModule.cpp b/security/manager/ssl/nsNTLMAuthModule.cpp
new file mode 100644
index 0000000000..c943b35871
--- /dev/null
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@@ -0,0 +1,1040 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNTLMAuthModule.h"
+
+#include <time.h>
+
+#include "ScopedNSSTypes.h"
+#include "md4.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/CheckedInt.h"
+#include "mozilla/EndianUtils.h"
+#include "mozilla/Likely.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/StaticPrefs_network.h"
+#include "mozilla/Telemetry.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICryptoHash.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsNetCID.h"
+#include "nsUnicharUtils.h"
+#include "pk11pub.h"
+#include "prsystem.h"
+
+static mozilla::LazyLogModule sNTLMLog("NTLM");
+
+#define LOG(x) MOZ_LOG(sNTLMLog, mozilla::LogLevel::Debug, x)
+#define LOG_ENABLED() MOZ_LOG_TEST(sNTLMLog, mozilla::LogLevel::Debug)
+
+static void des_makekey(const uint8_t* raw, uint8_t* key);
+static void des_encrypt(const uint8_t* key, const uint8_t* src, uint8_t* hash);
+
+//-----------------------------------------------------------------------------
+// this file contains a cross-platform NTLM authentication implementation. it
+// is based on documentation from: http://davenport.sourceforge.net/ntlm.html
+//-----------------------------------------------------------------------------
+
+#define NTLM_NegotiateUnicode 0x00000001
+#define NTLM_NegotiateOEM 0x00000002
+#define NTLM_RequestTarget 0x00000004
+#define NTLM_Unknown1 0x00000008
+#define NTLM_NegotiateSign 0x00000010
+#define NTLM_NegotiateSeal 0x00000020
+#define NTLM_NegotiateDatagramStyle 0x00000040
+#define NTLM_NegotiateLanManagerKey 0x00000080
+#define NTLM_NegotiateNetware 0x00000100
+#define NTLM_NegotiateNTLMKey 0x00000200
+#define NTLM_Unknown2 0x00000400
+#define NTLM_Unknown3 0x00000800
+#define NTLM_NegotiateDomainSupplied 0x00001000
+#define NTLM_NegotiateWorkstationSupplied 0x00002000
+#define NTLM_NegotiateLocalCall 0x00004000
+#define NTLM_NegotiateAlwaysSign 0x00008000
+#define NTLM_TargetTypeDomain 0x00010000
+#define NTLM_TargetTypeServer 0x00020000
+#define NTLM_TargetTypeShare 0x00040000
+#define NTLM_NegotiateNTLM2Key 0x00080000
+#define NTLM_RequestInitResponse 0x00100000
+#define NTLM_RequestAcceptResponse 0x00200000
+#define NTLM_RequestNonNTSessionKey 0x00400000
+#define NTLM_NegotiateTargetInfo 0x00800000
+#define NTLM_Unknown4 0x01000000
+#define NTLM_Unknown5 0x02000000
+#define NTLM_Unknown6 0x04000000
+#define NTLM_Unknown7 0x08000000
+#define NTLM_Unknown8 0x10000000
+#define NTLM_Negotiate128 0x20000000
+#define NTLM_NegotiateKeyExchange 0x40000000
+#define NTLM_Negotiate56 0x80000000
+
+// we send these flags with our type 1 message
+#define NTLM_TYPE1_FLAGS                                            \
+  (NTLM_NegotiateUnicode | NTLM_NegotiateOEM | NTLM_RequestTarget | \
+   NTLM_NegotiateNTLMKey | NTLM_NegotiateAlwaysSign | NTLM_NegotiateNTLM2Key)
+
+static const char NTLM_SIGNATURE[] = "NTLMSSP";
+static const char NTLM_TYPE1_MARKER[] = {0x01, 0x00, 0x00, 0x00};
+static const char NTLM_TYPE2_MARKER[] = {0x02, 0x00, 0x00, 0x00};
+static const char NTLM_TYPE3_MARKER[] = {0x03, 0x00, 0x00, 0x00};
+
+#define NTLM_TYPE1_HEADER_LEN 32
+#define NTLM_TYPE2_HEADER_LEN 48
+#define NTLM_TYPE3_HEADER_LEN 64
+
+/**
+ * We don't actually send a LM response, but we still have to send something in
+ * this spot
+ */
+#define LM_RESP_LEN 24
+
+#define NTLM_CHAL_LEN 8
+
+#define NTLM_HASH_LEN 16
+#define NTLMv2_HASH_LEN 16
+#define NTLM_RESP_LEN 24
+#define NTLMv2_RESP_LEN 16
+#define NTLMv2_BLOB1_LEN 28
+
+//-----------------------------------------------------------------------------
+
+/**
+ * Prints a description of flags to the NSPR Log, if enabled.
+ */
+static void LogFlags(uint32_t flags) {
+  if (!LOG_ENABLED()) return;
+#define TEST(_flag)         \
+  if (flags & NTLM_##_flag) \
+  PR_LogPrint("    0x%08x (" #_flag ")\n", NTLM_##_flag)
+
+  TEST(NegotiateUnicode);
+  TEST(NegotiateOEM);
+  TEST(RequestTarget);
+  TEST(Unknown1);
+  TEST(NegotiateSign);
+  TEST(NegotiateSeal);
+  TEST(NegotiateDatagramStyle);
+  TEST(NegotiateLanManagerKey);
+  TEST(NegotiateNetware);
+  TEST(NegotiateNTLMKey);
+  TEST(Unknown2);
+  TEST(Unknown3);
+  TEST(NegotiateDomainSupplied);
+  TEST(NegotiateWorkstationSupplied);
+  TEST(NegotiateLocalCall);
+  TEST(NegotiateAlwaysSign);
+  TEST(TargetTypeDomain);
+  TEST(TargetTypeServer);
+  TEST(TargetTypeShare);
+  TEST(NegotiateNTLM2Key);
+  TEST(RequestInitResponse);
+  TEST(RequestAcceptResponse);
+  TEST(RequestNonNTSessionKey);
+  TEST(NegotiateTargetInfo);
+  TEST(Unknown4);
+  TEST(Unknown5);
+  TEST(Unknown6);
+  TEST(Unknown7);
+  TEST(Unknown8);
+  TEST(Negotiate128);
+  TEST(NegotiateKeyExchange);
+  TEST(Negotiate56);
+
+#undef TEST
+}
+
+/**
+ * Prints a hexdump of buf to the NSPR Log, if enabled.
+ * @param tag Description of the data, will be printed in front of the data
+ * @param buf the data to print
+ * @param bufLen length of the data
+ */
+static void LogBuf(const char* tag, const uint8_t* buf, uint32_t bufLen) {
+  int i;
+
+  if (!LOG_ENABLED()) return;
+
+  PR_LogPrint("%s =\n", tag);
+  char line[80];
+  while (bufLen > 0) {
+    int count = bufLen;
+    if (count > 8) count = 8;
+
+    strcpy(line, "    ");
+    for (i = 0; i < count; ++i) {
+      int len = strlen(line);
+      snprintf(line + len, sizeof(line) - len, "0x%02x ", int(buf[i]));
+    }
+    for (; i < 8; ++i) {
+      int len = strlen(line);
+      snprintf(line + len, sizeof(line) - len, "     ");
+    }
+
+    int len = strlen(line);
+    snprintf(line + len, sizeof(line) - len, "   ");
+    for (i = 0; i < count; ++i) {
+      len = strlen(line);
+      if (isprint(buf[i])) {
+        snprintf(line + len, sizeof(line) - len, "%c", buf[i]);
+      } else {
+        snprintf(line + len, sizeof(line) - len, ".");
+      }
+    }
+    PR_LogPrint("%s\n", line);
+
+    bufLen -= count;
+    buf += count;
+  }
+}
+
+/**
+ * Print base64-encoded token to the NSPR Log.
+ * @param name Description of the token, will be printed in front
+ * @param token The token to print
+ * @param tokenLen length of the data in token
+ */
+static void LogToken(const char* name, const void* token, uint32_t tokenLen) {
+  if (!LOG_ENABLED()) {
+    return;
+  }
+
+  nsDependentCSubstring tokenString(static_cast<const char*>(token), tokenLen);
+  nsAutoCString base64Token;
+  nsresult rv = mozilla::Base64Encode(tokenString, base64Token);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  PR_LogPrint("%s: %s\n", name, base64Token.get());
+}
+
+//-----------------------------------------------------------------------------
+
+// byte order swapping
+#define SWAP16(x) ((((x)&0xff) << 8) | (((x) >> 8) & 0xff))
+#define SWAP32(x) ((SWAP16((x)&0xffff) << 16) | (SWAP16((x) >> 16)))
+
+static void* WriteBytes(void* buf, const void* data, uint32_t dataLen) {
+  memcpy(buf, data, dataLen);
+  return (uint8_t*)buf + dataLen;
+}
+
+static void* WriteDWORD(void* buf, uint32_t dword) {
+#ifdef IS_BIG_ENDIAN
+  // NTLM uses little endian on the wire
+  dword = SWAP32(dword);
+#endif
+  return WriteBytes(buf, &dword, sizeof(dword));
+}
+
+static void* WriteSecBuf(void* buf, uint16_t length, uint32_t offset) {
+#ifdef IS_BIG_ENDIAN
+  length = SWAP16(length);
+  offset = SWAP32(offset);
+#endif
+  buf = WriteBytes(buf, &length, sizeof(length));
+  buf = WriteBytes(buf, &length, sizeof(length));
+  buf = WriteBytes(buf, &offset, sizeof(offset));
+  return buf;
+}
+
+#ifdef IS_BIG_ENDIAN
+/**
+ * WriteUnicodeLE copies a unicode string from one buffer to another.  The
+ * resulting unicode string is in little-endian format.  The input string is
+ * assumed to be in the native endianness of the local machine.  It is safe
+ * to pass the same buffer as both input and output, which is a handy way to
+ * convert the unicode buffer to little-endian on big-endian platforms.
+ */
+static void* WriteUnicodeLE(void* buf, const char16_t* str, uint32_t strLen) {
+  // convert input string from BE to LE
+  uint8_t *cursor = (uint8_t*)buf, *input = (uint8_t*)str;
+  for (uint32_t i = 0; i < strLen; ++i, input += 2, cursor += 2) {
+    // allow for the case where |buf == str|
+    uint8_t temp = input[0];
+    cursor[0] = input[1];
+    cursor[1] = temp;
+  }
+  return buf;
+}
+#endif
+
+static uint16_t ReadUint16(const uint8_t*& buf) {
+  uint16_t x = ((uint16_t)buf[0]) | ((uint16_t)buf[1] << 8);
+  buf += sizeof(x);
+  return x;
+}
+
+static uint32_t ReadUint32(const uint8_t*& buf) {
+  uint32_t x = ((uint32_t)buf[0]) | (((uint32_t)buf[1]) << 8) |
+               (((uint32_t)buf[2]) << 16) | (((uint32_t)buf[3]) << 24);
+  buf += sizeof(x);
+  return x;
+}
+
+//-----------------------------------------------------------------------------
+
+static void ZapBuf(void* buf, size_t bufLen) { memset(buf, 0, bufLen); }
+
+static void ZapString(nsString& s) { ZapBuf(s.BeginWriting(), s.Length() * 2); }
+
+/**
+ * NTLM_Hash computes the NTLM hash of the given password.
+ *
+ * @param password
+ *        null-terminated unicode password.
+ * @param hash
+ *        16-byte result buffer
+ */
+static void NTLM_Hash(const nsString& password, unsigned char* hash) {
+  uint32_t len = password.Length();
+  uint8_t* passbuf;
+
+#ifdef IS_BIG_ENDIAN
+  passbuf = (uint8_t*)malloc(len * 2);
+  WriteUnicodeLE(passbuf, password.get(), len);
+#else
+  passbuf = (uint8_t*)password.get();
+#endif
+
+  md4sum(passbuf, len * 2, hash);
+
+#ifdef IS_BIG_ENDIAN
+  ZapBuf(passbuf, len * 2);
+  free(passbuf);
+#endif
+}
+
+//-----------------------------------------------------------------------------
+
+/**
+ * LM_Response generates the LM response given a 16-byte password hash and the
+ * challenge from the Type-2 message.
+ *
+ * @param hash
+ *        16-byte password hash
+ * @param challenge
+ *        8-byte challenge from Type-2 message
+ * @param response
+ *        24-byte buffer to contain the LM response upon return
+ */
+static void LM_Response(const uint8_t* hash, const uint8_t* challenge,
+                        uint8_t* response) {
+  uint8_t keybytes[21], k1[8], k2[8], k3[8];
+
+  memcpy(keybytes, hash, 16);
+  ZapBuf(keybytes + 16, 5);
+
+  des_makekey(keybytes, k1);
+  des_makekey(keybytes + 7, k2);
+  des_makekey(keybytes + 14, k3);
+
+  des_encrypt(k1, challenge, response);
+  des_encrypt(k2, challenge, response + 8);
+  des_encrypt(k3, challenge, response + 16);
+}
+
+//-----------------------------------------------------------------------------
+
+static nsresult GenerateType1Msg(void** outBuf, uint32_t* outLen) {
+  //
+  // verify that bufLen is sufficient
+  //
+  *outLen = NTLM_TYPE1_HEADER_LEN;
+  *outBuf = moz_xmalloc(*outLen);
+
+  //
+  // write out type 1 msg
+  //
+  void* cursor = *outBuf;
+
+  // 0 : signature
+  cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
+
+  // 8 : marker
+  cursor = WriteBytes(cursor, NTLM_TYPE1_MARKER, sizeof(NTLM_TYPE1_MARKER));
+
+  // 12 : flags
+  cursor = WriteDWORD(cursor, NTLM_TYPE1_FLAGS);
+
+  //
+  // NOTE: it is common for the domain and workstation fields to be empty.
+  //       this is true of Win2k clients, and my guess is that there is
+  //       little utility to sending these strings before the charset has
+  //       been negotiated.  we follow suite -- anyways, it doesn't hurt
+  //       to save some bytes on the wire ;-)
+  //
+
+  // 16 : supplied domain security buffer (empty)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  // 24 : supplied workstation security buffer (empty)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  return NS_OK;
+}
+
+struct Type2Msg {
+  uint32_t flags;                    // NTLM_Xxx bitwise combination
+  uint8_t challenge[NTLM_CHAL_LEN];  // 8 byte challenge
+  const uint8_t* target;             // target string (type depends on flags)
+  uint32_t targetLen;                // target length in bytes
+  const uint8_t*
+      targetInfo;          // target Attribute-Value pairs (DNS domain, et al)
+  uint32_t targetInfoLen;  // target AV pairs length in bytes
+};
+
+static nsresult ParseType2Msg(const void* inBuf, uint32_t inLen,
+                              Type2Msg* msg) {
+  // make sure inBuf is long enough to contain a meaningful type2 msg.
+  //
+  // 0  NTLMSSP Signature
+  // 8  NTLM Message Type
+  // 12 Target Name
+  // 20 Flags
+  // 24 Challenge
+  // 32 targetInfo
+  // 48 start of optional data blocks
+  //
+  if (inLen < NTLM_TYPE2_HEADER_LEN) return NS_ERROR_UNEXPECTED;
+
+  const auto* cursor = static_cast<const uint8_t*>(inBuf);
+
+  // verify NTLMSSP signature
+  if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  cursor += sizeof(NTLM_SIGNATURE);
+
+  // verify Type-2 marker
+  if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  cursor += sizeof(NTLM_TYPE2_MARKER);
+
+  // Read target name security buffer: ...
+  // ... read target length.
+  uint32_t targetLen = ReadUint16(cursor);
+  // ... skip next 16-bit "allocated space" value.
+  ReadUint16(cursor);
+  // ... read offset from inBuf.
+  uint32_t offset = ReadUint32(cursor);
+  mozilla::CheckedInt<uint32_t> targetEnd = offset;
+  targetEnd += targetLen;
+  // Check the offset / length combo is in range of the input buffer, including
+  // integer overflow checking.
+  if (MOZ_LIKELY(targetEnd.isValid() && targetEnd.value() <= inLen)) {
+    msg->targetLen = targetLen;
+    msg->target = static_cast<const uint8_t*>(inBuf) + offset;
+  } else {
+    // Do not error out, for (conservative) backward compatibility.
+    msg->targetLen = 0;
+    msg->target = nullptr;
+  }
+
+  // read flags
+  msg->flags = ReadUint32(cursor);
+
+  // read challenge
+  memcpy(msg->challenge, cursor, sizeof(msg->challenge));
+  cursor += sizeof(msg->challenge);
+
+  LOG(("NTLM type 2 message:\n"));
+  LogBuf("target", msg->target, msg->targetLen);
+  LogBuf("flags",
+         mozilla::BitwiseCast<const uint8_t*, const uint32_t*>(&msg->flags), 4);
+  LogFlags(msg->flags);
+  LogBuf("challenge", msg->challenge, sizeof(msg->challenge));
+
+  // Read (and skip) the reserved field
+  ReadUint32(cursor);
+  ReadUint32(cursor);
+  // Read target name security buffer: ...
+  // ... read target length.
+  uint32_t targetInfoLen = ReadUint16(cursor);
+  // ... skip next 16-bit "allocated space" value.
+  ReadUint16(cursor);
+  // ... read offset from inBuf.
+  offset = ReadUint32(cursor);
+  mozilla::CheckedInt<uint32_t> targetInfoEnd = offset;
+  targetInfoEnd += targetInfoLen;
+  // Check the offset / length combo is in range of the input buffer, including
+  // integer overflow checking.
+  if (MOZ_LIKELY(targetInfoEnd.isValid() && targetInfoEnd.value() <= inLen)) {
+    msg->targetInfoLen = targetInfoLen;
+    msg->targetInfo = static_cast<const uint8_t*>(inBuf) + offset;
+  } else {
+    NS_ERROR("failed to get NTLMv2 target info");
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+static nsresult GenerateType3Msg(const nsString& domain,
+                                 const nsString& username,
+                                 const nsString& password, const void* inBuf,
+                                 uint32_t inLen, void** outBuf,
+                                 uint32_t* outLen) {
+  // inBuf contains Type-2 msg (the challenge) from server
+  MOZ_ASSERT(NS_IsMainThread());
+  nsresult rv;
+  Type2Msg msg{};
+
+  rv = ParseType2Msg(inBuf, inLen, &msg);
+  if (NS_FAILED(rv)) return rv;
+
+  bool unicode = (msg.flags & NTLM_NegotiateUnicode);
+
+  // There is no negotiation for NTLMv2, so we just do it unless we are forced
+  // by explict user configuration to use the older DES-based cryptography.
+  bool ntlmv2 = !mozilla::StaticPrefs::network_auth_force_generic_ntlm_v1();
+
+  // temporary buffers for unicode strings
+#ifdef IS_BIG_ENDIAN
+  nsAutoString ucsDomainBuf, ucsUserBuf;
+#endif
+  nsAutoCString hostBuf;
+  nsAutoString ucsHostBuf;
+  // temporary buffers for oem strings
+  nsAutoCString oemDomainBuf, oemUserBuf, oemHostBuf;
+  // pointers and lengths for the string buffers; encoding is unicode if
+  // the "negotiate unicode" flag was set in the Type-2 message.
+  const void *domainPtr, *userPtr, *hostPtr;
+  uint32_t domainLen, userLen, hostLen;
+
+  // This is for NTLM, for NTLMv2 we set the new full length once we know it
+  mozilla::CheckedInt<uint16_t> ntlmRespLen = NTLM_RESP_LEN;
+
+  //
+  // get domain name
+  //
+  if (unicode) {
+#ifdef IS_BIG_ENDIAN
+    ucsDomainBuf = domain;
+    domainPtr = ucsDomainBuf.get();
+    domainLen = ucsDomainBuf.Length() * 2;
+    WriteUnicodeLE(const_cast<void*>(domainPtr),
+                   static_cast<const char16_t*>(domainPtr),
+                   ucsDomainBuf.Length());
+#else
+    domainPtr = domain.get();
+    domainLen = domain.Length() * 2;
+#endif
+  } else {
+    NS_CopyUnicodeToNative(domain, oemDomainBuf);
+    domainPtr = oemDomainBuf.get();
+    domainLen = oemDomainBuf.Length();
+  }
+
+  //
+  // get user name
+  //
+  if (unicode) {
+#ifdef IS_BIG_ENDIAN
+    ucsUserBuf = username;
+    userPtr = ucsUserBuf.get();
+    userLen = ucsUserBuf.Length() * 2;
+    WriteUnicodeLE(const_cast<void*>(userPtr),
+                   static_cast<const char16_t*>(userPtr), ucsUserBuf.Length());
+#else
+    userPtr = username.get();
+    userLen = username.Length() * 2;
+#endif
+  } else {
+    NS_CopyUnicodeToNative(username, oemUserBuf);
+    userPtr = oemUserBuf.get();
+    userLen = oemUserBuf.Length();
+  }
+
+  //
+  // get workstation name
+  // (do not use local machine's hostname after bug 1046421)
+  //
+  rv = mozilla::Preferences::GetCString("network.generic-ntlm-auth.workstation",
+                                        hostBuf);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (unicode) {
+    CopyUTF8toUTF16(hostBuf, ucsHostBuf);
+    hostPtr = ucsHostBuf.get();
+    hostLen = ucsHostBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(hostPtr),
+                   static_cast<const char16_t*>(hostPtr), ucsHostBuf.Length());
+#endif
+  } else {
+    hostPtr = hostBuf.get();
+    hostLen = hostBuf.Length();
+  }
+
+  //
+  // now that we have generated all of the strings, we can allocate outBuf.
+  //
+  //
+  // next, we compute the NTLM or NTLM2 responses.
+  //
+  uint8_t lmResp[LM_RESP_LEN];
+  uint8_t ntlmResp[NTLM_RESP_LEN];
+  uint8_t ntlmv2Resp[NTLMv2_RESP_LEN];
+  uint8_t ntlmHash[NTLM_HASH_LEN];
+  uint8_t ntlmv2_blob1[NTLMv2_BLOB1_LEN];
+  if (ntlmv2) {
+    // NTLMv2 mode, the default
+    nsString userUpper, domainUpper;
+
+    // temporary buffers for unicode strings
+    nsAutoString ucsDomainUpperBuf;
+    nsAutoString ucsUserUpperBuf;
+    const void* domainUpperPtr;
+    const void* userUpperPtr;
+    uint32_t domainUpperLen;
+    uint32_t userUpperLen;
+
+    if (msg.targetInfoLen == 0) {
+      NS_ERROR("failed to get NTLMv2 target info, can not do NTLMv2");
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    ToUpperCase(username, ucsUserUpperBuf);
+    userUpperPtr = ucsUserUpperBuf.get();
+    userUpperLen = ucsUserUpperBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(userUpperPtr),
+                   static_cast<const char16_t*>(userUpperPtr),
+                   ucsUserUpperBuf.Length());
+#endif
+    ToUpperCase(domain, ucsDomainUpperBuf);
+    domainUpperPtr = ucsDomainUpperBuf.get();
+    domainUpperLen = ucsDomainUpperBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(domainUpperPtr),
+                   static_cast<const char16_t*>(domainUpperPtr),
+                   ucsDomainUpperBuf.Length());
+#endif
+
+    NTLM_Hash(password, ntlmHash);
+
+    mozilla::HMAC ntlmv2HashHmac;
+    rv = ntlmv2HashHmac.Begin(SEC_OID_MD5,
+                              mozilla::Span(ntlmHash, NTLM_HASH_LEN));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = ntlmv2HashHmac.Update(static_cast<const uint8_t*>(userUpperPtr),
+                               userUpperLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = ntlmv2HashHmac.Update(static_cast<const uint8_t*>(domainUpperPtr),
+                               domainUpperLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    nsTArray<uint8_t> ntlmv2Hash;
+    rv = ntlmv2HashHmac.End(ntlmv2Hash);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    uint8_t client_random[NTLM_CHAL_LEN];
+    PK11_GenerateRandom(client_random, NTLM_CHAL_LEN);
+
+    mozilla::HMAC lmv2ResponseHmac;
+    rv = lmv2ResponseHmac.Begin(SEC_OID_MD5, mozilla::Span(ntlmv2Hash));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = lmv2ResponseHmac.Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = lmv2ResponseHmac.Update(client_random, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    nsTArray<uint8_t> lmv2Response;
+    rv = lmv2ResponseHmac.End(lmv2Response);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (lmv2Response.Length() != NTLMv2_HASH_LEN) {
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    memcpy(lmResp, lmv2Response.Elements(), NTLMv2_HASH_LEN);
+    memcpy(lmResp + NTLMv2_HASH_LEN, client_random, NTLM_CHAL_LEN);
+
+    memset(ntlmv2_blob1, 0, NTLMv2_BLOB1_LEN);
+
+    time_t unix_time;
+    uint64_t nt_time = time(&unix_time);
+    nt_time += 11644473600LL;     // Number of seconds betwen 1601 and 1970
+    nt_time *= 1000 * 1000 * 10;  // Convert seconds to 100 ns units
+
+    ntlmv2_blob1[0] = 1;
+    ntlmv2_blob1[1] = 1;
+    mozilla::LittleEndian::writeUint64(&ntlmv2_blob1[8], nt_time);
+    PK11_GenerateRandom(&ntlmv2_blob1[16], NTLM_CHAL_LEN);
+
+    mozilla::HMAC ntlmv2ResponseHmac;
+    rv = ntlmv2ResponseHmac.Begin(SEC_OID_MD5, mozilla::Span(ntlmv2Hash));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = ntlmv2ResponseHmac.Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = ntlmv2ResponseHmac.Update(ntlmv2_blob1, NTLMv2_BLOB1_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = ntlmv2ResponseHmac.Update(msg.targetInfo, msg.targetInfoLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    nsTArray<uint8_t> ntlmv2Response;
+    rv = ntlmv2ResponseHmac.End(ntlmv2Response);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (ntlmv2Response.Length() != NTLMv2_RESP_LEN) {
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    memcpy(ntlmv2Resp, ntlmv2Response.Elements(), NTLMv2_RESP_LEN);
+    ntlmRespLen = NTLMv2_RESP_LEN + NTLMv2_BLOB1_LEN;
+    ntlmRespLen += msg.targetInfoLen;
+    if (!ntlmRespLen.isValid()) {
+      NS_ERROR("failed to do NTLMv2: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+  } else if (msg.flags & NTLM_NegotiateNTLM2Key) {
+    // compute NTLM2 session response
+    nsCString sessionHashString;
+
+    PK11_GenerateRandom(lmResp, NTLM_CHAL_LEN);
+    memset(lmResp + NTLM_CHAL_LEN, 0, LM_RESP_LEN - NTLM_CHAL_LEN);
+
+    nsCOMPtr<nsICryptoHash> hasher =
+        do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Init(nsICryptoHash::MD5);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(lmResp, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, sessionHashString);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    const auto* sessionHash = mozilla::BitwiseCast<const uint8_t*, const char*>(
+        sessionHashString.get());
+
+    LogBuf("NTLM2 effective key: ", sessionHash, 8);
+
+    NTLM_Hash(password, ntlmHash);
+    LM_Response(ntlmHash, sessionHash, ntlmResp);
+  } else {
+    NTLM_Hash(password, ntlmHash);
+    LM_Response(ntlmHash, msg.challenge, ntlmResp);
+
+    // According to http://davenport.sourceforge.net/ntlm.html#ntlmVersion2,
+    // the correct way to not send the LM hash is to send the NTLM hash twice
+    // in both the LM and NTLM response fields.
+    LM_Response(ntlmHash, msg.challenge, lmResp);
+  }
+
+  mozilla::CheckedInt<uint32_t> totalLen = NTLM_TYPE3_HEADER_LEN + LM_RESP_LEN;
+  totalLen += hostLen;
+  totalLen += domainLen;
+  totalLen += userLen;
+  totalLen += ntlmRespLen.value();
+
+  if (!totalLen.isValid()) {
+    NS_ERROR("failed preparing to allocate NTLM response: integer overflow?!?");
+    return NS_ERROR_FAILURE;
+  }
+  *outBuf = moz_xmalloc(totalLen.value());
+  *outLen = totalLen.value();
+
+  //
+  // finally, we assemble the Type-3 msg :-)
+  //
+  void* cursor = *outBuf;
+  mozilla::CheckedInt<uint32_t> offset;
+
+  // 0 : signature
+  cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
+
+  // 8 : marker
+  cursor = WriteBytes(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_TYPE3_MARKER));
+
+  // 12 : LM response sec buf
+  offset = NTLM_TYPE3_HEADER_LEN;
+  offset += domainLen;
+  offset += userLen;
+  offset += hostLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), lmResp, LM_RESP_LEN);
+
+  // 20 : NTLM or NTLMv2 response sec buf
+  offset += LM_RESP_LEN;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, ntlmRespLen.value(), offset.value());
+  if (ntlmv2) {
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2Resp,
+           NTLMv2_RESP_LEN);
+    offset += NTLMv2_RESP_LEN;
+    if (!offset.isValid()) {
+      NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2_blob1,
+           NTLMv2_BLOB1_LEN);
+    offset += NTLMv2_BLOB1_LEN;
+    if (!offset.isValid()) {
+      NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), msg.targetInfo,
+           msg.targetInfoLen);
+  } else {
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmResp,
+           NTLM_RESP_LEN);
+  }
+  // 28 : domain name sec buf
+  offset = NTLM_TYPE3_HEADER_LEN;
+  cursor = WriteSecBuf(cursor, domainLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), domainPtr, domainLen);
+
+  // 36 : user name sec buf
+  offset += domainLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, userLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), userPtr, userLen);
+
+  // 44 : workstation (host) name sec buf
+  offset += userLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, hostLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), hostPtr, hostLen);
+
+  // 52 : session key sec buf (not used)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  // 60 : negotiated flags
+  cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS);
+
+  return NS_OK;
+}
+
+//-----------------------------------------------------------------------------
+
+NS_IMPL_ISUPPORTS(nsNTLMAuthModule, nsIAuthModule)
+
+nsNTLMAuthModule::~nsNTLMAuthModule() { ZapString(mPassword); }
+
+nsresult nsNTLMAuthModule::InitTest() {
+  // disable NTLM authentication when FIPS mode is enabled.
+  return PK11_IsFIPS() ? NS_ERROR_NOT_AVAILABLE : NS_OK;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Init(const nsACString& serviceName, uint32_t serviceFlags,
+                       const nsAString& domain, const nsAString& username,
+                       const nsAString& password) {
+  MOZ_ASSERT((serviceFlags & ~nsIAuthModule::REQ_PROXY_AUTH) ==
+                 nsIAuthModule::REQ_DEFAULT,
+             "Unexpected service flags");
+
+  mDomain = domain;
+  mUsername = username;
+  mPassword = password;
+  mNTLMNegotiateSent = false;
+
+  static bool sTelemetrySent = false;
+  if (!sTelemetrySent) {
+    mozilla::Telemetry::Accumulate(mozilla::Telemetry::NTLM_MODULE_USED_2,
+                                   serviceFlags & nsIAuthModule::REQ_PROXY_AUTH
+                                       ? NTLM_MODULE_GENERIC_PROXY
+                                       : NTLM_MODULE_GENERIC_DIRECT);
+    sTelemetrySent = true;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::GetNextToken(const void* inToken, uint32_t inTokenLen,
+                               void** outToken, uint32_t* outTokenLen) {
+  nsresult rv;
+
+  // disable NTLM authentication when FIPS mode is enabled.
+  if (PK11_IsFIPS()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (mNTLMNegotiateSent) {
+    // if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1),
+    // then the NTLMSSP_CHALLENGE (type 2) is expected
+    if (inToken) {
+      LogToken("in-token", inToken, inTokenLen);
+      // Now generate the NTLMSSP_AUTH (type 3)
+      rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken, inTokenLen,
+                            outToken, outTokenLen);
+    } else {
+      LOG(
+          ("NTLMSSP_NEGOTIATE already sent and presumably "
+           "rejected by the server, refusing to send another"));
+      rv = NS_ERROR_UNEXPECTED;
+    }
+  } else {
+    if (inToken) {
+      LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?"));
+      rv = NS_ERROR_UNEXPECTED;
+    } else {
+      rv = GenerateType1Msg(outToken, outTokenLen);
+      if (NS_SUCCEEDED(rv)) {
+        mNTLMNegotiateSent = true;
+      }
+    }
+  }
+
+  if (NS_SUCCEEDED(rv)) LogToken("out-token", *outToken, *outTokenLen);
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Unwrap(const void* inToken, uint32_t inTokenLen,
+                         void** outToken, uint32_t* outTokenLen) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Wrap(const void* inToken, uint32_t inTokenLen,
+                       bool confidential, void** outToken,
+                       uint32_t* outTokenLen) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+//-----------------------------------------------------------------------------
+// DES support code
+
+// set odd parity bit (in least significant bit position)
+static uint8_t des_setkeyparity(uint8_t x) {
+  if ((((x >> 7) ^ (x >> 6) ^ (x >> 5) ^ (x >> 4) ^ (x >> 3) ^ (x >> 2) ^
+        (x >> 1)) &
+       0x01) == 0) {
+    x |= 0x01;
+  } else {
+    x &= 0xfe;
+  }
+  return x;
+}
+
+// build 64-bit des key from 56-bit raw key
+static void des_makekey(const uint8_t* raw, uint8_t* key) {
+  key[0] = des_setkeyparity(raw[0]);
+  key[1] = des_setkeyparity((raw[0] << 7) | (raw[1] >> 1));
+  key[2] = des_setkeyparity((raw[1] << 6) | (raw[2] >> 2));
+  key[3] = des_setkeyparity((raw[2] << 5) | (raw[3] >> 3));
+  key[4] = des_setkeyparity((raw[3] << 4) | (raw[4] >> 4));
+  key[5] = des_setkeyparity((raw[4] << 3) | (raw[5] >> 5));
+  key[6] = des_setkeyparity((raw[5] << 2) | (raw[6] >> 6));
+  key[7] = des_setkeyparity((raw[6] << 1));
+}
+
+// run des encryption algorithm (using NSS)
+static void des_encrypt(const uint8_t* key, const uint8_t* src, uint8_t* hash) {
+  CK_MECHANISM_TYPE cipherMech = CKM_DES_ECB;
+  PK11SymKey* symkey = nullptr;
+  PK11Context* ctxt = nullptr;
+  SECItem keyItem;
+  mozilla::UniqueSECItem param;
+  SECStatus rv;
+  unsigned int n;
+
+  mozilla::UniquePK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr));
+  if (!slot) {
+    NS_ERROR("no slot");
+    goto done;
+  }
+
+  keyItem.data = const_cast<uint8_t*>(key);
+  keyItem.len = 8;
+  symkey = PK11_ImportSymKey(slot.get(), cipherMech, PK11_OriginUnwrap,
+                             CKA_ENCRYPT, &keyItem, nullptr);
+  if (!symkey) {
+    NS_ERROR("no symkey");
+    goto done;
+  }
+
+  // no initialization vector required
+  param = mozilla::UniqueSECItem(PK11_ParamFromIV(cipherMech, nullptr));
+  if (!param) {
+    NS_ERROR("no param");
+    goto done;
+  }
+
+  ctxt =
+      PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT, symkey, param.get());
+  if (!ctxt) {
+    NS_ERROR("no context");
+    goto done;
+  }
+
+  rv = PK11_CipherOp(ctxt, hash, (int*)&n, 8, (uint8_t*)src, 8);
+  if (rv != SECSuccess) {
+    NS_ERROR("des failure");
+    goto done;
+  }
+
+  rv = PK11_DigestFinal(ctxt, hash + 8, &n, 0);
+  if (rv != SECSuccess) {
+    NS_ERROR("des failure");
+    goto done;
+  }
+
+done:
+  if (ctxt) PK11_DestroyContext(ctxt, true);
+  if (symkey) PK11_FreeSymKey(symkey);
+}
diff --git a/security/manager/ssl/nsNTLMAuthModule.h b/security/manager/ssl/nsNTLMAuthModule.h
new file mode 100644
index 0000000000..25a96a09d8
--- /dev/null
+++ b/security/manager/ssl/nsNTLMAuthModule.h
@@ -0,0 +1,33 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNTLMAuthModule_h__
+#define nsNTLMAuthModule_h__
+
+#include "nsIAuthModule.h"
+#include "nsString.h"
+
+class nsNTLMAuthModule : public nsIAuthModule {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIAUTHMODULE
+
+  nsNTLMAuthModule() : mNTLMNegotiateSent(false) {}
+
+  nsresult InitTest();
+
+  static void SetSendLM(bool sendLM);
+
+ protected:
+  virtual ~nsNTLMAuthModule();
+
+ private:
+  nsString mDomain;
+  nsString mUsername;
+  nsString mPassword;
+  bool mNTLMNegotiateSent;
+};
+
+#endif  // nsNTLMAuthModule_h__
diff --git a/security/manager/ssl/nsPK11TokenDB.cpp b/security/manager/ssl/nsPK11TokenDB.cpp
new file mode 100644
index 0000000000..d13f39fc18
--- /dev/null
+++ b/security/manager/ssl/nsPK11TokenDB.cpp
@@ -0,0 +1,287 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsPK11TokenDB.h"
+
+#include <string.h>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "mozilla/Logging.h"
+#include "nsISupports.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSComponent.h"
+#include "nsPromiseFlatString.h"
+#include "nsReadableUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "prerror.h"
+#include "secerr.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsPK11Token, nsIPK11Token)
+
+nsPK11Token::nsPK11Token(PK11SlotInfo* slot) : mUIContext(new PipUIContext()) {
+  MOZ_ASSERT(slot);
+  mSlot.reset(PK11_ReferenceSlot(slot));
+  mIsInternalCryptoToken =
+      PK11_IsInternal(mSlot.get()) && !PK11_IsInternalKeySlot(mSlot.get());
+  mIsInternalKeyToken = PK11_IsInternalKeySlot(mSlot.get());
+  mSeries = PK11_GetSlotSeries(slot);
+  mozilla::Unused << refreshTokenInfo();
+}
+
+nsresult nsPK11Token::refreshTokenInfo() {
+  if (mIsInternalCryptoToken) {
+    nsresult rv;
+    if (PK11_IsFIPS()) {
+      rv = GetPIPNSSBundleString("Fips140TokenDescription", mTokenName);
+    } else {
+      rv = GetPIPNSSBundleString("TokenDescription", mTokenName);
+    }
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else if (mIsInternalKeyToken) {
+    nsresult rv = GetPIPNSSBundleString("PrivateTokenDescription", mTokenName);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    mTokenName.Assign(PK11_GetTokenName(mSlot.get()));
+  }
+
+  CK_TOKEN_INFO tokInfo;
+  nsresult rv = mozilla::MapSECStatus(PK11_GetTokenInfo(mSlot.get(), &tokInfo));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Set the Manufacturer field
+  if (mIsInternalCryptoToken || mIsInternalKeyToken) {
+    rv = GetPIPNSSBundleString("ManufacturerID", mTokenManufacturerID);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    const char* ccManID =
+        mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(tokInfo.manufacturerID);
+    mTokenManufacturerID.Assign(
+        ccManID, strnlen(ccManID, sizeof(tokInfo.manufacturerID)));
+    mTokenManufacturerID.Trim(" ", false, true);
+  }
+
+  // Set the Hardware Version field
+  mTokenHWVersion.Truncate();
+  mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.major);
+  mTokenHWVersion.Append('.');
+  mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.minor);
+
+  // Set the Firmware Version field
+  mTokenFWVersion.Truncate();
+  mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.major);
+  mTokenFWVersion.Append('.');
+  mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.minor);
+
+  // Set the Serial Number field
+  const char* ccSerial =
+      mozilla::BitwiseCast<char*, CK_CHAR*>(tokInfo.serialNumber);
+  mTokenSerialNum.Assign(ccSerial,
+                         strnlen(ccSerial, sizeof(tokInfo.serialNumber)));
+  mTokenSerialNum.Trim(" ", false, true);
+
+  return NS_OK;
+}
+
+nsresult nsPK11Token::GetAttributeHelper(const nsACString& attribute,
+                                         /*out*/ nsACString& xpcomOutParam) {
+  // Handle removals/insertions.
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshTokenInfo();
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  xpcomOutParam = attribute;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenName(/*out*/ nsACString& tokenName) {
+  return GetAttributeHelper(mTokenName, tokenName);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetIsInternalKeyToken(/*out*/ bool* _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = mIsInternalKeyToken;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenManID(/*out*/ nsACString& tokenManufacturerID) {
+  return GetAttributeHelper(mTokenManufacturerID, tokenManufacturerID);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenHWVersion(/*out*/ nsACString& tokenHWVersion) {
+  return GetAttributeHelper(mTokenHWVersion, tokenHWVersion);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenFWVersion(/*out*/ nsACString& tokenFWVersion) {
+  return GetAttributeHelper(mTokenFWVersion, tokenFWVersion);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenSerialNumber(/*out*/ nsACString& tokenSerialNum) {
+  return GetAttributeHelper(mTokenSerialNum, tokenSerialNum);
+}
+
+NS_IMETHODIMP
+nsPK11Token::IsLoggedIn(bool* _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = PK11_IsLoggedIn(mSlot.get(), 0);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::Login(bool force) {
+  nsresult rv;
+  bool test;
+  rv = this->NeedsLogin(&test);
+  if (NS_FAILED(rv)) return rv;
+  if (test && force) {
+    rv = this->LogoutSimple();
+    if (NS_FAILED(rv)) return rv;
+  }
+  rv = setPassword(mSlot.get(), mUIContext);
+  if (NS_FAILED(rv)) return rv;
+
+  return mozilla::MapSECStatus(
+      PK11_Authenticate(mSlot.get(), true, mUIContext));
+}
+
+NS_IMETHODIMP
+nsPK11Token::LogoutSimple() {
+  // PK11_Logout() can fail if the user wasn't logged in beforehand. We want
+  // this method to succeed even in this case, so we ignore the return value.
+  mozilla::Unused << PK11_Logout(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::LogoutAndDropAuthenticatedResources() {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv = LogoutSimple();
+
+  if (NS_FAILED(rv)) return rv;
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv)) return rv;
+
+  return nssComponent->LogoutAuthenticatedPK11();
+}
+
+NS_IMETHODIMP
+nsPK11Token::Reset() {
+  return mozilla::MapSECStatus(PK11_ResetToken(mSlot.get(), nullptr));
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetNeedsUserInit(bool* aNeedsUserInit) {
+  NS_ENSURE_ARG_POINTER(aNeedsUserInit);
+  *aNeedsUserInit = PK11_NeedUserInit(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::CheckPassword(const nsACString& password, bool* _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  SECStatus srv =
+      PK11_CheckUserPassword(mSlot.get(), PromiseFlatCString(password).get());
+  if (srv != SECSuccess) {
+    *_retval = false;
+    PRErrorCode error = PR_GetError();
+    if (error != SEC_ERROR_BAD_PASSWORD) {
+      /* something really bad happened - throw an exception */
+      return mozilla::psm::GetXPCOMFromNSSError(error);
+    }
+  } else {
+    *_retval = true;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::InitPassword(const nsACString& initialPassword) {
+  const nsCString& passwordCStr = PromiseFlatCString(initialPassword);
+  // PSM initializes the sqlite-backed softoken with an empty password. The
+  // implementation considers this not to be a password (GetHasPassword returns
+  // false), but we can't actually call PK11_InitPin again. Instead, we call
+  // PK11_ChangePW with the empty password.
+  bool hasPassword;
+  nsresult rv = GetHasPassword(&hasPassword);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!PK11_NeedUserInit(mSlot.get()) && !hasPassword) {
+    return mozilla::MapSECStatus(
+        PK11_ChangePW(mSlot.get(), "", passwordCStr.get()));
+  }
+  return mozilla::MapSECStatus(
+      PK11_InitPin(mSlot.get(), "", passwordCStr.get()));
+}
+
+NS_IMETHODIMP
+nsPK11Token::ChangePassword(const nsACString& oldPassword,
+                            const nsACString& newPassword) {
+  // PK11_ChangePW() has different semantics for the empty string and for
+  // nullptr. In order to support this difference, we need to check IsVoid() to
+  // find out if our caller supplied null/undefined args or just empty strings.
+  // See Bug 447589.
+  return mozilla::MapSECStatus(PK11_ChangePW(
+      mSlot.get(),
+      oldPassword.IsVoid() ? nullptr : PromiseFlatCString(oldPassword).get(),
+      newPassword.IsVoid() ? nullptr : PromiseFlatCString(newPassword).get()));
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetHasPassword(bool* hasPassword) {
+  NS_ENSURE_ARG_POINTER(hasPassword);
+  // PK11_NeedLogin returns true if the token is currently configured to require
+  // the user to log in (whether or not the user is actually logged in makes no
+  // difference).
+  *hasPassword = PK11_NeedLogin(mSlot.get()) && !PK11_NeedUserInit(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::NeedsLogin(bool* _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = PK11_NeedLogin(mSlot.get());
+  return NS_OK;
+}
+
+/*=========================================================*/
+
+NS_IMPL_ISUPPORTS(nsPK11TokenDB, nsIPK11TokenDB)
+
+NS_IMETHODIMP
+nsPK11TokenDB::GetInternalKeyToken(nsIPK11Token** _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  mozilla::UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot.get());
+  token.forget(_retval);
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsPK11TokenDB.h b/security/manager/ssl/nsPK11TokenDB.h
new file mode 100644
index 0000000000..36f54354ad
--- /dev/null
+++ b/security/manager/ssl/nsPK11TokenDB.h
@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsPK11TokenDB_h
+#define nsPK11TokenDB_h
+
+#include "nsCOMPtr.h"
+#include "nsIPK11Token.h"
+#include "nsIPK11TokenDB.h"
+#include "nsISupports.h"
+#include "nsNSSHelper.h"
+#include "nsString.h"
+#include "pk11func.h"
+#include "ScopedNSSTypes.h"
+
+class nsPK11Token : public nsIPK11Token {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPK11TOKEN
+
+  explicit nsPK11Token(PK11SlotInfo* slot);
+
+ protected:
+  virtual ~nsPK11Token() = default;
+
+ private:
+  friend class nsPK11TokenDB;
+  nsresult refreshTokenInfo();
+
+  nsCString mTokenName;
+  nsCString mTokenManufacturerID;
+  nsCString mTokenHWVersion;
+  nsCString mTokenFWVersion;
+  nsCString mTokenSerialNum;
+  mozilla::UniquePK11SlotInfo mSlot;
+  // True if this is the "PKCS#11 token" that provides cryptographic functions.
+  bool mIsInternalCryptoToken;
+  // True if this is the "PKCS#11 token" where private keys are stored.
+  bool mIsInternalKeyToken;
+  int mSeries;
+  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
+  nsresult GetAttributeHelper(const nsACString& attribute,
+                              /*out*/ nsACString& xpcomOutParam);
+};
+
+class nsPK11TokenDB : public nsIPK11TokenDB {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPK11TOKENDB
+
+  nsPK11TokenDB() = default;
+
+ protected:
+  virtual ~nsPK11TokenDB() = default;
+};
+
+#define NS_PK11TOKENDB_CID                           \
+  {                                                  \
+    0xb084a2ce, 0x1dd1, 0x11b2, {                    \
+      0xbf, 0x10, 0x83, 0x24, 0xf8, 0xe0, 0x65, 0xcc \
+    }                                                \
+  }
+
+#endif  // nsPK11TokenDB_h
diff --git a/security/manager/ssl/nsPKCS11Slot.cpp b/security/manager/ssl/nsPKCS11Slot.cpp
new file mode 100644
index 0000000000..130e79033d
--- /dev/null
+++ b/security/manager/ssl/nsPKCS11Slot.cpp
@@ -0,0 +1,277 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsPKCS11Slot.h"
+
+#include <string.h>
+
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsIMutableArray.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSComponent.h"
+#include "nsPK11TokenDB.h"
+#include "nsPromiseFlatString.h"
+#include "nsComponentManagerUtils.h"
+#include "secmod.h"
+
+using mozilla::LogLevel;
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
+
+nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot) {
+  MOZ_ASSERT(slot);
+  mSlot.reset(PK11_ReferenceSlot(slot));
+  mIsInternalCryptoSlot =
+      PK11_IsInternal(mSlot.get()) && !PK11_IsInternalKeySlot(mSlot.get());
+  mIsInternalKeySlot = PK11_IsInternalKeySlot(mSlot.get());
+  mSeries = PK11_GetSlotSeries(slot);
+  mozilla::Unused << refreshSlotInfo();
+}
+
+nsresult nsPKCS11Slot::refreshSlotInfo() {
+  CK_SLOT_INFO slotInfo;
+  nsresult rv = mozilla::MapSECStatus(PK11_GetSlotInfo(mSlot.get(), &slotInfo));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Set the Description field
+  if (mIsInternalCryptoSlot) {
+    nsresult rv;
+    if (PK11_IsFIPS()) {
+      rv = GetPIPNSSBundleString("Fips140SlotDescription", mSlotDesc);
+    } else {
+      rv = GetPIPNSSBundleString("SlotDescription", mSlotDesc);
+    }
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else if (mIsInternalKeySlot) {
+    rv = GetPIPNSSBundleString("PrivateSlotDescription", mSlotDesc);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    const char* ccDesc =
+        mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.slotDescription);
+    mSlotDesc.Assign(ccDesc, strnlen(ccDesc, sizeof(slotInfo.slotDescription)));
+    mSlotDesc.Trim(" ", false, true);
+  }
+
+  // Set the Manufacturer field
+  if (mIsInternalCryptoSlot || mIsInternalKeySlot) {
+    rv = GetPIPNSSBundleString("ManufacturerID", mSlotManufacturerID);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    const char* ccManID =
+        mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.manufacturerID);
+    mSlotManufacturerID.Assign(
+        ccManID, strnlen(ccManID, sizeof(slotInfo.manufacturerID)));
+    mSlotManufacturerID.Trim(" ", false, true);
+  }
+
+  // Set the Hardware Version field
+  mSlotHWVersion.Truncate();
+  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.major);
+  mSlotHWVersion.Append('.');
+  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.minor);
+
+  // Set the Firmware Version field
+  mSlotFWVersion.Truncate();
+  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.major);
+  mSlotFWVersion.Append('.');
+  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.minor);
+
+  return NS_OK;
+}
+
+nsresult nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute,
+                                          /*out*/ nsACString& xpcomOutParam) {
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshSlotInfo();
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  xpcomOutParam = attribute;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetName(/*out*/ nsACString& name) {
+  if (mIsInternalCryptoSlot) {
+    if (PK11_IsFIPS()) {
+      return GetPIPNSSBundleString("Fips140TokenDescription", name);
+    }
+    return GetPIPNSSBundleString("TokenDescription", name);
+  }
+  if (mIsInternalKeySlot) {
+    return GetPIPNSSBundleString("PrivateTokenDescription", name);
+  }
+  name.Assign(PK11_GetSlotName(mSlot.get()));
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetDesc(/*out*/ nsACString& desc) {
+  return GetAttributeHelper(mSlotDesc, desc);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetManID(/*out*/ nsACString& manufacturerID) {
+  return GetAttributeHelper(mSlotManufacturerID, manufacturerID);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetHWVersion(/*out*/ nsACString& hwVersion) {
+  return GetAttributeHelper(mSlotHWVersion, hwVersion);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetFWVersion(/*out*/ nsACString& fwVersion) {
+  return GetAttributeHelper(mSlotFWVersion, fwVersion);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetToken(nsIPK11Token** _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot.get());
+  token.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetTokenName(/*out*/ nsACString& tokenName) {
+  if (!PK11_IsPresent(mSlot.get())) {
+    tokenName.SetIsVoid(true);
+    return NS_OK;
+  }
+
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshSlotInfo();
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  if (mIsInternalCryptoSlot) {
+    if (PK11_IsFIPS()) {
+      return GetPIPNSSBundleString("Fips140TokenDescription", tokenName);
+    }
+    return GetPIPNSSBundleString("TokenDescription", tokenName);
+  }
+  if (mIsInternalKeySlot) {
+    return GetPIPNSSBundleString("PrivateTokenDescription", tokenName);
+  }
+
+  tokenName.Assign(PK11_GetTokenName(mSlot.get()));
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetStatus(uint32_t* _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+  if (PK11_IsDisabled(mSlot.get())) {
+    *_retval = SLOT_DISABLED;
+  } else if (!PK11_IsPresent(mSlot.get())) {
+    *_retval = SLOT_NOT_PRESENT;
+  } else if (PK11_NeedLogin(mSlot.get()) && PK11_NeedUserInit(mSlot.get())) {
+    *_retval = SLOT_UNINITIALIZED;
+  } else if (PK11_NeedLogin(mSlot.get()) &&
+             !PK11_IsLoggedIn(mSlot.get(), nullptr)) {
+    *_retval = SLOT_NOT_LOGGED_IN;
+  } else if (PK11_NeedLogin(mSlot.get())) {
+    *_retval = SLOT_LOGGED_IN;
+  } else {
+    *_retval = SLOT_READY;
+  }
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)
+
+nsPKCS11Module::nsPKCS11Module(SECMODModule* module) {
+  MOZ_ASSERT(module);
+  mModule.reset(SECMOD_ReferenceModule(module));
+}
+
+// Convert the UTF8 internal name of the module to how it should appear to the
+// user. In most cases this involves simply passing back the module's name.
+// However, the builtin roots module has a non-localized name internally that we
+// must map to the localized version when we display it to the user.
+static nsresult NormalizeModuleNameOut(const char* moduleNameIn,
+                                       nsACString& moduleNameOut) {
+  // Easy case: this isn't the builtin roots module.
+  if (strnlen(moduleNameIn, kRootModuleNameLen + 1) != kRootModuleNameLen ||
+      strncmp(kRootModuleName, moduleNameIn, kRootModuleNameLen) != 0) {
+    moduleNameOut.Assign(moduleNameIn);
+    return NS_OK;
+  }
+
+  nsAutoString localizedRootModuleName;
+  nsresult rv =
+      GetPIPNSSBundleString("RootCertModuleName", localizedRootModuleName);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  moduleNameOut.Assign(NS_ConvertUTF16toUTF8(localizedRootModuleName));
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::GetName(/*out*/ nsACString& name) {
+  return NormalizeModuleNameOut(mModule->commonName, name);
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::GetLibName(/*out*/ nsACString& libName) {
+  if (mModule->dllName) {
+    libName = mModule->dllName;
+  } else {
+    libName.SetIsVoid(true);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval) {
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsresult rv = CheckForSmartCardChanges();
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* applications which allow new slot creation (which Firefox now does
+   * since it uses the WaitForSlotEvent call) need to hold the
+   * ModuleList Read lock to prevent the slot array from changing out
+   * from under it. */
+  mozilla::AutoSECMODListReadLock lock;
+  for (int i = 0; i < mModule->slotCount; i++) {
+    if (mModule->slots[i]) {
+      nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
+      rv = array->AppendElement(slot);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+  }
+
+  return array->Enumerate(_retval, NS_GET_IID(nsIPKCS11Slot));
+}
diff --git a/security/manager/ssl/nsPKCS11Slot.h b/security/manager/ssl/nsPKCS11Slot.h
new file mode 100644
index 0000000000..3f532d7064
--- /dev/null
+++ b/security/manager/ssl/nsPKCS11Slot.h
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsPKCS11Slot_h
+#define nsPKCS11Slot_h
+
+#include "ScopedNSSTypes.h"
+#include "nsIPKCS11Module.h"
+#include "nsIPKCS11Slot.h"
+#include "nsISupports.h"
+#include "nsString.h"
+#include "pk11func.h"
+
+class nsPKCS11Slot : public nsIPKCS11Slot {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11SLOT
+
+  explicit nsPKCS11Slot(PK11SlotInfo* slot);
+
+ protected:
+  virtual ~nsPKCS11Slot() = default;
+
+ private:
+  mozilla::UniquePK11SlotInfo mSlot;
+  // True if this is the "PKCS#11 slot" that provides cryptographic functions.
+  bool mIsInternalCryptoSlot;
+  // True if this is the "PKCS#11 slot" where private keys are stored.
+  bool mIsInternalKeySlot;
+  nsCString mSlotDesc;
+  nsCString mSlotManufacturerID;
+  nsCString mSlotHWVersion;
+  nsCString mSlotFWVersion;
+  int mSeries;
+
+  nsresult refreshSlotInfo();
+  nsresult GetAttributeHelper(const nsACString& attribute,
+                              /*out*/ nsACString& xpcomOutParam);
+};
+
+class nsPKCS11Module : public nsIPKCS11Module {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULE
+
+  explicit nsPKCS11Module(SECMODModule* module);
+
+ protected:
+  virtual ~nsPKCS11Module() = default;
+
+ private:
+  mozilla::UniqueSECMODModule mModule;
+};
+
+#endif  // nsPKCS11Slot_h
diff --git a/security/manager/ssl/nsPKCS12Blob.cpp b/security/manager/ssl/nsPKCS12Blob.cpp
new file mode 100644
index 0000000000..2814626cfc
--- /dev/null
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -0,0 +1,357 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsPKCS12Blob.h"
+
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Unused.h"
+#include "mozpkix/pkixtypes.h"
+#include "nsIFile.h"
+#include "nsIInputStream.h"
+#include "nsIX509CertDB.h"
+#include "nsNetUtil.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSHelper.h"
+#include "nsReadableUtils.h"
+#include "nsTArray.h"
+#include "nsThreadUtils.h"
+#include "p12plcy.h"
+#include "ScopedNSSTypes.h"
+#include "secerr.h"
+
+using namespace mozilla;
+extern LazyLogModule gPIPNSSLog;
+
+#define PIP_PKCS12_BUFFER_SIZE 2048
+#define PIP_PKCS12_NOSMARTCARD_EXPORT 4
+#define PIP_PKCS12_RESTORE_FAILED 5
+#define PIP_PKCS12_BACKUP_FAILED 6
+#define PIP_PKCS12_NSS_ERROR 7
+
+nsPKCS12Blob::nsPKCS12Blob() : mUIContext(new PipUIContext()) {}
+
+// Given a file handle, read a PKCS#12 blob from that file, decode it, and
+// import the results into the internal database.
+nsresult nsPKCS12Blob::ImportFromFile(nsIFile* aFile,
+                                      const nsAString& aPassword,
+                                      uint32_t& aError) {
+  uint32_t passwordBufferLength;
+  UniquePtr<uint8_t[]> passwordBuffer;
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  passwordBuffer = stringToBigEndianBytes(aPassword, passwordBufferLength);
+
+  // initialize the decoder
+  SECItem unicodePw = {siBuffer, passwordBuffer.get(), passwordBufferLength};
+  UniqueSEC_PKCS12DecoderContext dcx(
+      SEC_PKCS12DecoderStart(&unicodePw, slot.get(), nullptr, nullptr, nullptr,
+                             nullptr, nullptr, nullptr));
+  if (!dcx) {
+    return NS_ERROR_FAILURE;
+  }
+  // read input aFile and feed it to the decoder
+  PRErrorCode nssError;
+  nsresult rv = inputToDecoder(dcx, aFile, nssError);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (nssError != 0) {
+    aError = handlePRErrorCode(nssError);
+    return NS_OK;
+  }
+  // verify the blob
+  SECStatus srv = SEC_PKCS12DecoderVerify(dcx.get());
+  if (srv != SECSuccess) {
+    aError = handlePRErrorCode(PR_GetError());
+    return NS_OK;
+  }
+  // validate bags
+  srv = SEC_PKCS12DecoderValidateBags(dcx.get(), nicknameCollision);
+  if (srv != SECSuccess) {
+    aError = handlePRErrorCode(PR_GetError());
+    return NS_OK;
+  }
+  // import cert and key
+  srv = SEC_PKCS12DecoderImportBags(dcx.get());
+  if (srv != SECSuccess) {
+    aError = handlePRErrorCode(PR_GetError());
+    return NS_OK;
+  }
+  aError = nsIX509CertDB::Success;
+  return NS_OK;
+}
+
+static bool isExtractable(UniqueSECKEYPrivateKey& privKey) {
+  ScopedAutoSECItem value;
+  SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey.get(),
+                                       CKA_EXTRACTABLE, &value);
+  if (rv != SECSuccess) {
+    return false;
+  }
+
+  bool isExtractable = false;
+  if ((value.len == 1) && value.data) {
+    isExtractable = !!(*(CK_BBOOL*)value.data);
+  }
+  return isExtractable;
+}
+
+// Having already loaded the certs, form them into a blob (loading the keys
+// also), encode the blob, and stuff it into the file.
+nsresult nsPKCS12Blob::ExportToFile(nsIFile* aFile,
+                                    const nsTArray<RefPtr<nsIX509Cert>>& aCerts,
+                                    const nsAString& aPassword,
+                                    uint32_t& aError) {
+  nsCString passwordUtf8 = NS_ConvertUTF16toUTF8(aPassword);
+  uint32_t passwordBufferLength = passwordUtf8.Length();
+  aError = nsIX509CertDB::Success;
+  // The conversion to UCS2 is executed by sec_pkcs12_encode_password when
+  // necessary (for some older PKCS12 algorithms). The NSS 3.31 and newer
+  // expects password to be in the utf8 encoding to support modern encoders.
+  UniquePtr<unsigned char[]> passwordBuffer(
+      reinterpret_cast<unsigned char*>(ToNewCString(passwordUtf8)));
+  if (!passwordBuffer.get()) {
+    return NS_OK;
+  }
+  UniqueSEC_PKCS12ExportContext ecx(
+      SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr, nullptr));
+  if (!ecx) {
+    aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
+    return NS_OK;
+  }
+  // add password integrity
+  SECItem unicodePw = {siBuffer, passwordBuffer.get(), passwordBufferLength};
+  SECStatus srv =
+      SEC_PKCS12AddPasswordIntegrity(ecx.get(), &unicodePw, SEC_OID_SHA1);
+  if (srv != SECSuccess) {
+    aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
+    return NS_OK;
+  }
+  for (auto& cert : aCerts) {
+    UniqueCERTCertificate nssCert(cert->GetCert());
+    if (!nssCert) {
+      aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
+      return NS_OK;
+    }
+    // We can probably only successfully export certs that are on the internal
+    // token. Most, if not all, smart card vendors won't let you extract the
+    // private key (in any way shape or form) from the card. So let's punt if
+    // the cert is not in the internal db.
+    if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) {
+      // We aren't the internal token, see if the key is extractable.
+      UniqueSECKEYPrivateKey privKey(
+          PK11_FindKeyByDERCert(nssCert->slot, nssCert.get(), mUIContext));
+      if (privKey && !isExtractable(privKey)) {
+        // This is informative.  If a serious error occurs later it will
+        // override it later and return.
+        aError = nsIX509CertDB::ERROR_PKCS12_NOSMARTCARD_EXPORT;
+        continue;
+      }
+    }
+
+    // certSafe and keySafe are owned by ecx.
+    SEC_PKCS12SafeInfo* certSafe;
+    SEC_PKCS12SafeInfo* keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx.get());
+    bool useModernCrypto = Preferences::GetBool(
+        "security.pki.use_modern_crypto_with_pkcs12", false);
+    // We use SEC_OID_AES_128_CBC for the password and SEC_OID_AES_256_CBC
+    // for the certificate because it's a default for openssl an pk12util
+    // command.
+    if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
+      certSafe = keySafe;
+    } else {
+      SECOidTag privAlg =
+          useModernCrypto ? SEC_OID_AES_128_CBC
+                          : SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+      certSafe =
+          SEC_PKCS12CreatePasswordPrivSafe(ecx.get(), &unicodePw, privAlg);
+    }
+    if (!certSafe || !keySafe) {
+      aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
+      return NS_OK;
+    }
+    // add the cert and key to the blob
+    SECOidTag algorithm =
+        useModernCrypto
+            ? SEC_OID_AES_256_CBC
+            : SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
+    srv = SEC_PKCS12AddCertAndKey(ecx.get(), certSafe, nullptr, nssCert.get(),
+                                  CERT_GetDefaultCertDB(), keySafe, nullptr,
+                                  true, &unicodePw, algorithm);
+    if (srv != SECSuccess) {
+      aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
+      return NS_OK;
+    }
+  }
+
+  UniquePRFileDesc prFile;
+  PRFileDesc* rawPRFile;
+  nsresult rv = aFile->OpenNSPRFileDesc(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE,
+                                        0664, &rawPRFile);
+  if (NS_FAILED(rv) || !rawPRFile) {
+    aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
+    return NS_OK;
+  }
+  prFile.reset(rawPRFile);
+  // encode and write
+  srv = SEC_PKCS12Encode(ecx.get(), writeExportFile, prFile.get());
+  if (srv != SECSuccess) {
+    aError = nsIX509CertDB::ERROR_PKCS12_BACKUP_FAILED;
+  }
+  return NS_OK;
+}
+
+// For the NSS PKCS#12 library, must convert PRUnichars (shorts) to a buffer of
+// octets. Must handle byte order correctly.
+UniquePtr<uint8_t[]> nsPKCS12Blob::stringToBigEndianBytes(
+    const nsAString& uni, uint32_t& bytesLength) {
+  if (uni.IsVoid()) {
+    bytesLength = 0;
+    return nullptr;
+  }
+
+  uint32_t wideLength = uni.Length() + 1;  // +1 for the null terminator.
+  bytesLength = wideLength * 2;
+  auto buffer = MakeUnique<uint8_t[]>(bytesLength);
+
+  // We have to use a cast here because on Windows, uni.get() returns
+  // char16ptr_t instead of char16_t*.
+  mozilla::NativeEndian::copyAndSwapToBigEndian(
+      buffer.get(), static_cast<const char16_t*>(uni.BeginReading()),
+      wideLength);
+
+  return buffer;
+}
+
+// Given a decoder, read bytes from file and input them to the decoder.
+nsresult nsPKCS12Blob::inputToDecoder(UniqueSEC_PKCS12DecoderContext& dcx,
+                                      nsIFile* file, PRErrorCode& nssError) {
+  nssError = 0;
+
+  nsCOMPtr<nsIInputStream> fileStream;
+  nsresult rv = NS_NewLocalFileInputStream(getter_AddRefs(fileStream), file);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  char buf[PIP_PKCS12_BUFFER_SIZE];
+  uint32_t amount;
+  while (true) {
+    rv = fileStream->Read(buf, PIP_PKCS12_BUFFER_SIZE, &amount);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // feed the file data into the decoder
+    SECStatus srv =
+        SEC_PKCS12DecoderUpdate(dcx.get(), (unsigned char*)buf, amount);
+    if (srv != SECSuccess) {
+      nssError = PR_GetError();
+      return NS_OK;
+    }
+    if (amount < PIP_PKCS12_BUFFER_SIZE) {
+      break;
+    }
+  }
+  return NS_OK;
+}
+
+// What to do when the nickname collides with one already in the db.
+SECItem* nsPKCS12Blob::nicknameCollision(SECItem* oldNick, PRBool* cancel,
+                                         void* wincx) {
+  *cancel = false;
+  int count = 1;
+  nsCString nickname;
+  nsAutoString nickFromProp;
+  nsresult rv = GetPIPNSSBundleString("P12DefaultNickname", nickFromProp);
+  if (NS_FAILED(rv)) {
+    return nullptr;
+  }
+  NS_ConvertUTF16toUTF8 nickFromPropC(nickFromProp);
+  // The user is trying to import a PKCS#12 file that doesn't have the
+  // attribute we use to set the nickname.  So in order to reduce the
+  // number of interactions we require with the user, we'll build a nickname
+  // for the user.  The nickname isn't prominently displayed in the UI,
+  // so it's OK if we generate one on our own here.
+  //   XXX If the NSS API were smarter and actually passed a pointer to
+  //       the CERTCertificate* we're importing we could actually just
+  //       call default_nickname (which is what the issuance code path
+  //       does) and come up with a reasonable nickname.  Alas, the NSS
+  //       API limits our ability to produce a useful nickname without
+  //       bugging the user.  :(
+  while (1) {
+    // If we've gotten this far, that means there isn't a certificate
+    // in the database that has the same subject name as the cert we're
+    // trying to import.  So we need to come up with a "nickname" to
+    // satisfy the NSS requirement or fail in trying to import.
+    // Basically we use a default nickname from a properties file and
+    // see if a certificate exists with that nickname.  If there isn't, then
+    // create update the count by one and append the string '#1' Or
+    // whatever the count currently is, and look for a cert with
+    // that nickname.  Keep updating the count until we find a nickname
+    // without a corresponding cert.
+    //  XXX If a user imports *many* certs without the 'friendly name'
+    //      attribute, then this may take a long time.  :(
+    nickname = nickFromPropC;
+    if (count > 1) {
+      nickname.AppendPrintf(" #%d", count);
+    }
+    UniqueCERTCertificate cert(
+        CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname.get()));
+    if (!cert) {
+      break;
+    }
+    count++;
+  }
+  UniqueSECItem newNick(
+      SECITEM_AllocItem(nullptr, nullptr, nickname.Length() + 1));
+  if (!newNick) {
+    return nullptr;
+  }
+  memcpy(newNick->data, nickname.get(), nickname.Length());
+  newNick->data[nickname.Length()] = 0;
+
+  return newNick.release();
+}
+
+// write bytes to the exported PKCS#12 file
+void nsPKCS12Blob::writeExportFile(void* arg, const char* buf,
+                                   unsigned long len) {
+  PRFileDesc* file = static_cast<PRFileDesc*>(arg);
+  MOZ_RELEASE_ASSERT(file);
+  PR_Write(file, buf, len);
+}
+
+// Translate PRErrorCode to nsIX509CertDB error
+uint32_t nsPKCS12Blob::handlePRErrorCode(PRErrorCode aPrerr) {
+  MOZ_ASSERT(aPrerr != 0);
+  uint32_t error = nsIX509CertDB::ERROR_UNKNOWN;
+  switch (aPrerr) {
+    case SEC_ERROR_PKCS12_CERT_COLLISION:
+      error = nsIX509CertDB::ERROR_PKCS12_DUPLICATE_DATA;
+      break;
+    // INVALID_ARGS is returned on bad password when importing cert
+    // exported from firefox or generated by openssl
+    case SEC_ERROR_INVALID_ARGS:
+    case SEC_ERROR_BAD_PASSWORD:
+      error = nsIX509CertDB::ERROR_BAD_PASSWORD;
+      break;
+    case SEC_ERROR_BAD_DER:
+    case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
+    case SEC_ERROR_PKCS12_INVALID_MAC:
+      error = nsIX509CertDB::ERROR_DECODE_ERROR;
+      break;
+    case SEC_ERROR_PKCS12_DUPLICATE_DATA:
+      error = nsIX509CertDB::ERROR_PKCS12_DUPLICATE_DATA;
+      break;
+  }
+  return error;
+}
diff --git a/security/manager/ssl/nsPKCS12Blob.h b/security/manager/ssl/nsPKCS12Blob.h
new file mode 100644
index 0000000000..e764481999
--- /dev/null
+++ b/security/manager/ssl/nsPKCS12Blob.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsPKCS12Blob_h
+#define nsPKCS12Blob_h
+
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "nsCOMPtr.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "p12.h"
+#include "prerror.h"
+#include "ScopedNSSTypes.h"
+#include "seccomon.h"
+
+class nsIFile;
+class nsIX509Cert;
+
+// Class for importing/exporting PKCS#12 blobs
+class nsPKCS12Blob {
+ public:
+  nsPKCS12Blob();
+  ~nsPKCS12Blob() = default;
+
+  // PKCS#12 Import
+  nsresult ImportFromFile(nsIFile* file, const nsAString& password,
+                          uint32_t& error);
+
+  // PKCS#12 Export
+  nsresult ExportToFile(nsIFile* file,
+                        const nsTArray<RefPtr<nsIX509Cert>>& certs,
+                        const nsAString& password, uint32_t& error);
+
+ private:
+  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
+
+  // local helper functions
+  nsresult inputToDecoder(mozilla::UniqueSEC_PKCS12DecoderContext& dcx,
+                          nsIFile* file, PRErrorCode& nssError);
+  mozilla::UniquePtr<uint8_t[]> stringToBigEndianBytes(const nsAString& uni,
+                                                       uint32_t& bytesLength);
+  uint32_t handlePRErrorCode(PRErrorCode prerr);
+
+  static SECItem* nicknameCollision(SECItem* oldNick, PRBool* cancel,
+                                    void* wincx);
+  static void writeExportFile(void* arg, const char* buf, unsigned long len);
+};
+
+#endif  // nsPKCS12Blob_h
diff --git a/security/manager/ssl/nsRandomGenerator.cpp b/security/manager/ssl/nsRandomGenerator.cpp
new file mode 100644
index 0000000000..aee99e2536
--- /dev/null
+++ b/security/manager/ssl/nsRandomGenerator.cpp
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsRandomGenerator.h"
+
+#include "ScopedNSSTypes.h"
+#include "nsNSSComponent.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "secerr.h"
+
+NS_IMPL_ISUPPORTS(nsRandomGenerator, nsIRandomGenerator)
+
+NS_IMETHODIMP
+nsRandomGenerator::GenerateRandomBytes(uint32_t aLength, uint8_t** aBuffer) {
+  NS_ENSURE_ARG_POINTER(aBuffer);
+  *aBuffer = nullptr;
+
+  mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  auto buf = static_cast<uint8_t*>(moz_xmalloc(aLength));
+
+  SECStatus srv = PK11_GenerateRandomOnSlot(slot.get(), buf, aLength);
+  if (srv != SECSuccess) {
+    free(buf);
+    return NS_ERROR_FAILURE;
+  }
+
+  *aBuffer = buf;
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsRandomGenerator.h b/security/manager/ssl/nsRandomGenerator.h
new file mode 100644
index 0000000000..4ae3fc82f4
--- /dev/null
+++ b/security/manager/ssl/nsRandomGenerator.h
@@ -0,0 +1,29 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsRandomGenerator_h
+#define nsRandomGenerator_h
+
+#include "mozilla/Attributes.h"
+#include "nsIRandomGenerator.h"
+
+#define NS_RANDOMGENERATOR_CID                       \
+  {                                                  \
+    0xbe65e2b7, 0xfe46, 0x4e0f, {                    \
+      0x88, 0xe0, 0x4b, 0x38, 0x5d, 0xb4, 0xd6, 0x8a \
+    }                                                \
+  }
+
+#define NS_RANDOMGENERATOR_CONTRACTID "@mozilla.org/security/random-generator;1"
+
+class nsRandomGenerator final : public nsIRandomGenerator {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIRANDOMGENERATOR
+
+ private:
+  ~nsRandomGenerator() = default;
+};
+
+#endif  // nsRandomGenerator_h
diff --git a/security/manager/ssl/nsSSLSocketProvider.cpp b/security/manager/ssl/nsSSLSocketProvider.cpp
new file mode 100644
index 0000000000..41fa50add8
--- /dev/null
+++ b/security/manager/ssl/nsSSLSocketProvider.cpp
@@ -0,0 +1,46 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/BasePrincipal.h"
+#include "nsSSLSocketProvider.h"
+#include "nsNSSIOLayer.h"
+#include "nsError.h"
+
+using mozilla::OriginAttributes;
+
+nsSSLSocketProvider::nsSSLSocketProvider() = default;
+
+nsSSLSocketProvider::~nsSSLSocketProvider() = default;
+
+NS_IMPL_ISUPPORTS(nsSSLSocketProvider, nsISocketProvider)
+
+NS_IMETHODIMP
+nsSSLSocketProvider::NewSocket(int32_t family, const char* host, int32_t port,
+                               nsIProxyInfo* proxy,
+                               const OriginAttributes& originAttributes,
+                               uint32_t flags, uint32_t tlsFlags,
+                               PRFileDesc** _result,
+                               nsITLSSocketControl** tlsSocketControl) {
+  nsresult rv =
+      nsSSLIOLayerNewSocket(family, host, port, proxy, originAttributes,
+                            _result, tlsSocketControl, false, flags, tlsFlags);
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
+
+// Add the SSL IO layer to an existing socket
+NS_IMETHODIMP
+nsSSLSocketProvider::AddToSocket(int32_t family, const char* host, int32_t port,
+                                 nsIProxyInfo* proxy,
+                                 const OriginAttributes& originAttributes,
+                                 uint32_t flags, uint32_t tlsFlags,
+                                 PRFileDesc* aSocket,
+                                 nsITLSSocketControl** tlsSocketControl) {
+  nsresult rv = nsSSLIOLayerAddToSocket(
+      family, host, port, proxy, originAttributes, aSocket, tlsSocketControl,
+      false, flags, tlsFlags);
+
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
diff --git a/security/manager/ssl/nsSSLSocketProvider.h b/security/manager/ssl/nsSSLSocketProvider.h
new file mode 100644
index 0000000000..690c911bd5
--- /dev/null
+++ b/security/manager/ssl/nsSSLSocketProvider.h
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSSSLSOCKETPROVIDER_H_
+#define _NSSSLSOCKETPROVIDER_H_
+
+#include "nsISocketProvider.h"
+
+/* 217d014a-1dd2-11b2-999c-b0c4df79b324 */
+#define NS_SSLSOCKETPROVIDER_CID                     \
+  {                                                  \
+    0x217d014a, 0x1dd2, 0x11b2, {                    \
+      0x99, 0x9c, 0xb0, 0xc4, 0xdf, 0x79, 0xb3, 0x24 \
+    }                                                \
+  }
+
+class nsSSLSocketProvider : public nsISocketProvider {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISOCKETPROVIDER
+
+  // nsSSLSocketProvider methods:
+  nsSSLSocketProvider();
+
+ protected:
+  virtual ~nsSSLSocketProvider();
+};
+
+#endif /* _NSSSLSOCKETPROVIDER_H_ */
diff --git a/security/manager/ssl/nsSTSPreloadList.inc b/security/manager/ssl/nsSTSPreloadList.inc
new file mode 100644
index 0000000000..6a057c767d
--- /dev/null
+++ b/security/manager/ssl/nsSTSPreloadList.inc
@@ -0,0 +1,156063 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* nsSiteSecurityService.cpp, you shouldn't be #including it.                */
+/*****************************************************************************/
+
+#include <stdint.h>
+const PRTime gPreloadListExpirationTime = INT64_C(1716202214765000);
+%%
+0--1.de, 1
+0-0.io, 1
+0-0.lt, 1
+0-1.party, 1
+0-24.com, 1
+0-24.net, 1
+0-9.com, 1
+0.com.ms, 1
+0.sb, 1
+00.eco, 1
+00000000-0000-0000-0000-000000000000.xyz, 1
+00010110.nl, 1
+0007552.com, 1
+000814.com, 1
+000a1.com, 1
+000a2.com, 1
+000a3.com, 1
+000a5.com, 1
+000a6.com, 1
+000a7.com, 1
+000a8.com, 1
+000a9.com, 1
+000g.ru, 1
+000x2.com, 1
+0011011.xyz, 1
+00120012.net, 1
+00140014.net, 1
+00168365.com, 1
+0017552.com, 1
+0017d88.com, 1
+001yapan.com, 1
+002.ro, 0
+00228.am, 0
+00228555.com, 1
+00228999.com, 1
+00228vip5.com, 1
+00228vip6.com, 1
+00228vip8.com, 1
+00228vv.com, 0
+00228w.com, 1
+00228ww.com, 0
+00228x.com, 0
+00228xx.com, 0
+00228y.com, 0
+00228yy.com, 0
+00228z.com, 0
+00228zz.com, 0
+003.mx, 1
+00321365.com, 1
+00365t.com, 1
+0037552.com, 1
+003d88.com, 1
+003dyw.com, 1
+0047552.com, 1
+00484.com, 1
+0057552.com, 1
+0066.in, 1
+0067552.com, 1
+007d88.com, 1
+007kf.com, 1
+007sascha.de, 1
+0087552.com, 1
+00880088.net, 1
+008yingshi.com, 1
+009597.com, 0
+00971.net, 1
+0097552.com, 1
+009cc.com, 1
+009zl.com, 1
+00b31.com, 0
+00b58.com, 1
+00bet86.com, 1
+00c.org, 1
+00d88.com, 1
+00dani.me, 1
+00f.net, 1
+00ffaaa.com, 1
+00ffbbb.com, 1
+00ffccc.com, 1
+00ffddd.com, 1
+00ffeee.com, 1
+00fffaa.com, 1
+00fffbb.com, 1
+00fffcc.com, 1
+00fffdd.com, 1
+00fffee.com, 1
+00fffgg.com, 1
+00fffhh.com, 1
+00fffii.com, 1
+00fffjj.com, 1
+00fffkk.com, 1
+00fffll.com, 1
+00fffmm.com, 1
+00fffnn.com, 1
+00fffoo.com, 1
+00fffpp.com, 1
+00fffqq.com, 1
+00fffrr.com, 1
+00fffss.com, 1
+00ffftt.com, 1
+00fffuu.com, 1
+00fffvv.com, 1
+00fffww.com, 1
+00fffxx.com, 1
+00fffyy.com, 1
+00fffzz.com, 1
+00ffggg.com, 1
+00ffhhh.com, 1
+00ffiii.com, 1
+00ffjjj.com, 1
+00ffkkk.com, 1
+00fflll.com, 1
+00ffmmm.com, 1
+00ffnnn.com, 1
+00ffooo.com, 1
+00ffppp.com, 1
+00ffqqq.com, 1
+00ffrrr.com, 1
+00ffsss.com, 1
+00ffttt.com, 1
+00ffuuu.com, 1
+00ffvvv.com, 1
+00ffwww.com, 1
+00ffxxx.com, 1
+00ffyyy.com, 1
+00ffzzz.com, 1
+00o00.top, 1
+00wbf.com, 1
+01011970.xyz, 1
+010203.ru, 1
+01100010011001010111001101110100.com, 1
+01101000.xyz, 1
+01110000011100110111001001100111.ca, 1
+01110000011100110111001001100111.com, 1
+011101.xyz, 1
+0116288.com, 1
+011631.com, 1
+0117552.com, 1
+011ks.com, 1
+012345678365.com, 1
+0127552.com, 1
+01337.tech, 1
+013458.com, 1
+01365t.com, 1
+0137552.com, 1
+0138365.com, 0
+0139365.com, 0
+015kb.com, 1
+018663.com, 1
+018zl.com, 1
+019ks.com, 1
+019zl.com, 1
+01electronica.com.ar, 1
+01seguridad.com.ar, 1
+01smh.com, 1
+01tools.com, 1
+01up.co.za, 1
+021002.com, 1
+0222z6.com, 1
+022367.com, 1
+022391.com, 1
+022501.com, 1
+022503.com, 1
+022507.com, 1
+022571.com, 1
+022601.com, 1
+022609.com, 1
+022610.com, 1
+02327.net, 1
+02349898.xyz, 1
+02365t.com, 1
+02375.net, 1
+023sec.com, 1
+025500.xyz, 1
+02638.net, 1
+026637.com, 1
+026ks.com, 1
+027862.com, 1
+029637.com, 1
+02d88.net, 1
+02n.cn, 1
+02smh.com, 1
+03-09-2016.wedding, 1
+03012.net, 1
+03018.net, 1
+031373.com, 1
+0315z6.com, 1
+03170317.com, 1
+032ks.com, 1
+0335z6.com, 1
+035711630.xyz, 1
+0376z6.com, 1
+0377z6.com, 1
+038663.com, 1
+038799.com, 0
+038dev.nl, 1
+0391315.com, 1
+03region.ga, 1
+040552.com, 0
+041552.com, 0
+042230.com, 1
+042552.com, 0
+04365t.com, 1
+046552.com, 0
+046569.com, 1
+047329.com, 1
+048661.com, 1
+04911701.cn, 1
+049552.com, 0
+04d88.com, 1
+04d88.net, 1
+04pk.cn, 1
+04sun.com, 1
+050.ca, 1
+050a1.com, 1
+050a2.com, 1
+050a3.com, 1
+050a4.com, 1
+050a5.com, 1
+050a6.com, 1
+050ks.com, 1
+051014.com, 1
+0511315.net, 1
+0513z6.com, 1
+0514.chat, 1
+051552.com, 0
+0517z6.com, 1
+051ks.com, 1
+052ks.com, 1
+05365t.com, 1
+053ks.com, 1
+054552.com, 0
+055268.com, 1
+0553z6.com, 1
+0555z6.com, 1
+056687.com, 0
+056697.com, 0
+057180.com, 1
+0571z6.com, 1
+0575z6.com, 1
+0597z6.com, 1
+059958.com, 1
+06006.vip, 0
+060258.com, 1
+060579.com, 1
+060757.com, 1
+060796.com, 1
+060798.com, 1
+06091994.xyz, 1
+06365t.com, 1
+065l.com, 1
+066630.com, 1
+06804.com, 0
+0681a.com, 1
+0681h.com, 1
+068552.com, 0
+06d88.com, 1
+06d88.net, 1
+06se.com, 1
+070709.net, 1
+070930.com, 1
+0712z6.com, 1
+071552.com, 0
+071615.com, 1
+0737399.com, 1
+074696.com, 1
+074758.com, 1
+076.ne.jp, 1
+0760ks.com, 1
+078663.com, 1
+078895.com, 1
+0788yh.com, 1
+0792112.com, 1
+0798rcw.com, 0
+07d88.com, 1
+07d88.net, 1
+07f.de, 1
+08000113.nl, 1
+080261.com, 1
+081115.com, 1
+081481.com, 1
+081752.com, 1
+081763.com, 1
+081769.com, 1
+081783.com, 1
+081925.com, 1
+081927.com, 1
+081957.com, 1
+082157.com, 1
+082159.com, 1
+082167.com, 1
+082173.com, 1
+082175.com, 1
+082179.com, 1
+082192.com, 1
+082193.com, 1
+082195.com, 1
+082359.com, 1
+083321.com, 1
+083326.com, 1
+083329.com, 1
+08365t.com, 1
+083967.com, 1
+084552.com, 1
+084709.com, 1
+085035.com, 1
+085851.com, 0
+086486.com, 1
+08845.cc, 1
+089640.xyz, 1
+089818.com, 1
+08detaxe.fr, 1
+09.ag, 0
+09000113.nl, 1
+090124.xyz, 1
+090136.com, 1
+0906-clan.tk, 1
+09115.com, 0
+091630.com, 1
+091631.com, 1
+091634.com, 1
+091k8.com, 0
+092300.com, 1
+0935792342.tw, 1
+09365t.com, 1
+095598.cc, 1
+097712.com, 1
+098711.com, 1
+09892.net, 1
+0998z6.com, 1
+0999z6.com, 1
+09elektrik.com, 1
+09kanagawa.jp, 1
+0akarma.me, 1
+0au.de, 0
+0carbon.com, 1
+0cdn.ga, 1
+0cdn.net, 1
+0cean.tk, 1
+0chan.pl, 1
+0cp8778.com, 1
+0culus.tk, 1
+0d111.com, 1
+0day.agency, 1
+0dayexploits.gq, 1
+0des.com, 1
+0i0.nl, 1
+0ii0.cf, 1
+0iz.net, 1
+0knowledge.de, 1
+0milemarathon.com, 1
+0n3b1t.com, 1
+0nnn.top, 1
+0o0.edu.pl, 1
+0o0.ooo, 1
+0o0o.biz, 1
+0okmnbvcxzx.tk, 1
+0ooo0.xyz, 1
+0paste.com, 1
+0q0.eu, 1
+0r3.de, 1
+0rap.tk, 1
+0system.tk, 1
+0trust.cloud, 1
+0trust.pro, 1
+0ut3r.space, 1
+0verall.tk, 1
+0vi.org, 1
+0w.al, 1
+0w0.wiki, 1
+0wx.cat, 1
+0wx.es, 1
+0wx.eu, 1
+0wx.net, 1
+0wx.org, 1
+0x.cx, 1
+0x.lu, 1
+0x.sk, 1
+0x0.cloud, 1
+0x0.li, 1
+0x00c.de, 1
+0x00ff00ff.com, 1
+0x1.ink, 1
+0x12.de, 1
+0x15.ca, 1
+0x17.de, 1
+0x21.consulting, 1
+0x22.de, 1
+0x27.fr, 1
+0x28.de, 1
+0x2a.ninja, 1
+0x378.net, 1
+0x3a.net, 1
+0x41.us, 1
+0x52.net, 1
+0x52.org, 1
+0x53.de, 1
+0x5d.de, 1
+0x5f3759df.net, 1
+0x7.io, 1
+0x76.de, 1
+0x7d7b.net, 1
+0x7fffffff.net, 0
+0x80.org, 1
+0x90.io, 1
+0x90.space, 1
+0xaa55.me, 1
+0xacab.org, 1
+0xaf.tk, 1
+0xda.de, 1
+0xdc.io, 0
+0xdefaced.de, 1
+0xedward.io, 1
+0xee.eu, 1
+0xf00.ch, 1
+0xfc.de, 1
+0xff.se, 1
+0xfn.eu, 1
+0xheuts.nl, 1
+0xn.de, 1
+0xnotes.me, 0
+0xspa.de, 1
+0xword.com, 1
+0yen.org, 1
+1-2-3bounce.co.uk, 1
+1-800-mattress.com, 1
+1-ae.com, 1
+1-inv.com, 1
+1-news.net, 1
+1-pujcky-uvery.tk, 1
+1-x-bet.com, 1
+1-x-bet.ke, 1
+1-x-mirror.com, 1
+1-xbet-tj.com, 1
+1-xbet.ke, 1
+1-xbet13.com, 1
+1-xbet20.com, 1
+100-downloads.com, 1
+10000hits.tk, 1
+10000lab.net, 1
+10000rub.gq, 1
+10000spoons.tk, 1
+10001000.xyz, 1
+100048.com, 1
+1000cp5.cc, 1
+1000inf.ru, 1
+1000ps.at, 1
+1000ps.de, 1
+1000rubley.ml, 1
+1000serien.com, 1
+1000wordsevents.com, 0
+1001cachimbas.es, 1
+1001fonts.com, 1
+1001home.cf, 1
+1001kartini.com, 1
+1001mv.com, 1
+1001n.com, 1
+1001reasonstolearnspanish.com, 1
+1001telecommandes.com, 1
+1007337.com, 1
+10086.id, 1
+10086.ru, 1
+100baksov.tk, 1
+100ballov.tk, 1
+100beauty.com, 1
+100bib.ru, 1
+100fast.com, 1
+100fss.com, 1
+100fss.marketing, 1
+100k.eu, 1
+100kraz.ga, 1
+100kredite.de, 1
+100lib.ru, 1
+100mani.it, 1
+100nome.com, 1
+100onrainkajino.com, 1
+100pay.com, 1
+100pudov.tk, 1
+100reach.com, 1
+100refer.tk, 1
+100sapog.tk, 1
+100skidok.ga, 1
+100sovetov.info, 1
+100time.ru, 1
+100tur.tk, 1
+100up.de, 1
+100up.net, 1
+100up.org, 1
+100v.org, 1
+100visits.tk, 1
+100voprosov.tk, 1
+100zakladok.tk, 1
+10101.io, 1
+101010.hopto.org, 1
+101010.pl, 1
+101023.xyz, 1
+10198.com, 1
+101android.ru, 1
+101st-airborne.tk, 1
+101st.tk, 1
+101warehousing.com.au, 1
+1020310.com, 1
+1020311.com, 1
+1020312.com, 1
+1020313.com, 1
+1020314.com, 1
+1020316.com, 1
+1020318.com, 1
+1020319.com, 1
+1020320.com, 1
+10218.com, 1
+10218app10218.com, 1
+10218b.com, 0
+10218c.com, 0
+10218cj.com, 1
+10218d.com, 0
+10218e.com, 0
+10218f.com, 0
+10218g.com, 0
+10218h.com, 0
+10218i.com, 0
+1024.ee, 1
+1024.kr, 1
+1025.ga, 1
+10365e.com, 1
+10365f.com, 1
+10365h.com, 1
+1037thefoxrocks.com, 1
+104.ua, 1
+1040taxfirm.com, 1
+1041263497.rsc.cdn77.org, 1
+10414.org, 0
+10430.net, 1
+10435.net, 1
+10436.net, 1
+10438.net, 1
+10439.net, 1
+10453.net, 1
+104760.com, 1
+10495.net, 1
+105318.com, 1
+105861.com, 1
+106.hi.cn, 1
+10628.com, 1
+1068511.com, 1
+10705.ml, 1
+107996.com, 1
+1079fm.ga, 1
+10840.net, 1
+10961096.xyz, 1
+109k8.com, 1
+10er-friseur.de, 1
+10gbit.ovh, 1
+10hz.de, 1
+10ktotalent.com, 1
+10mach.com, 1
+10media.ru, 1
+10mijlvanijmuiden.tk, 1
+10milliondollarpage.com, 1
+10must.com, 1
+10news.com, 1
+10og.de, 1
+10pearls.com, 1
+10ppm.com, 1
+10seos.com, 1
+10site.ru, 1
+10ten.study, 1
+10tv.in, 1
+10ve.live, 1
+10web.io, 1
+10wtac.tk, 1
+10x.to, 1
+10xnation.com, 1
+1100.so, 1
+1100110.xyz, 1
+11018vip.com, 1
+11018xpj.com, 1
+11046.com, 1
+11082.com, 1
+110838.com, 1
+110cl.com, 1
+110na.com, 1
+111011.xyz, 1
+1111365t.com, 1
+111365t.com, 1
+11168365.com, 1
+111814.com, 1
+11182.com, 1
+11183.com, 1
+11185.com, 1
+111bet86.com, 1
+111novosti.tk, 1
+111plus.design, 1
+1120301.com, 1
+1120302.com, 1
+1120303.com, 1
+1120305.com, 1
+1120306.com, 1
+1120307.com, 1
+1120308.com, 1
+1120309.com, 1
+1120311.com, 1
+1120312.com, 1
+1120313.com, 1
+1120314.com, 1
+1120315.com, 1
+1120316.com, 1
+1120317.com, 1
+1120320.com, 1
+1120321.com, 1
+1120322.com, 1
+1120323.com, 1
+1120324.com, 1
+1120325.com, 1
+1120326.com, 1
+1120327.com, 1
+1120328.com, 1
+1120330.com, 1
+1120331.com, 1
+1120332.com, 1
+1120334.com, 1
+1120335.com, 1
+1120336.com, 1
+1120337.com, 1
+1120338.com, 1
+1120339.com, 1
+1120340.com, 1
+1120341.com, 1
+1120342.com, 1
+1120343.com, 1
+1120344.com, 1
+1120345.com, 1
+1120346.com, 1
+1120347.com, 1
+1120348.com, 1
+1120349.com, 1
+1120350.com, 1
+11221jz.com, 1
+11223837.com, 0
+1126.blog, 1
+112app.nl, 1
+112hz.com, 1
+112it.ro, 0
+112krimpen.tk, 1
+112madgamer.tk, 1
+11321365.com, 1
+11333837.com, 1
+11365t.com, 1
+113k8.com, 1
+113z6.com, 1
+11400.com, 1
+11443837.com, 0
+114514ss.com, 1
+114job.com, 1
+114online.com, 1
+115.one, 1
+115z6.com, 1
+11665835.com, 0
+1174healing.com, 1
+117766.xyz, 1
+1177z6.com, 1
+11792.com, 1
+118400.com, 1
+1190america.tk, 1
+1199bet.vip, 1
+11aaee.com, 1
+11aagg.com, 1
+11aajj.com, 1
+11aaqq.com, 1
+11aazz.com, 1
+11academianetworks.com, 1
+11b31.com, 0
+11b58.com, 1
+11bbjj.com, 1
+11bbpp.com, 1
+11bbqq.com, 1
+11bbss.com, 1
+11bbzz.com, 1
+11bet86.com, 1
+11ccee.com, 1
+11ccgg.com, 1
+11ccjj.com, 1
+11ccpp.com, 1
+11ccqq.com, 1
+11cctt.com, 1
+11cczz.com, 1
+11cloud.ch, 1
+11ddbb.com, 1
+11ddcc.com, 1
+11ddjj.com, 1
+11ddkk.com, 1
+11ddpp.com, 1
+11dzon.com, 1
+11eebb.com, 1
+11eegg.com, 1
+11eejj.com, 1
+11eeqq.com, 1
+11eess.com, 1
+11eexx.com, 1
+11eeyy.com, 1
+11eezz.com, 1
+11ffaaa.com, 1
+11ffbbb.com, 1
+11ffcc.com, 1
+11ffccc.com, 1
+11ffddd.com, 1
+11ffeee.com, 1
+11fffaa.com, 1
+11fffbb.com, 1
+11fffcc.com, 1
+11fffdd.com, 1
+11fffee.com, 1
+11fffgg.com, 1
+11fffhh.com, 1
+11fffii.com, 1
+11fffjj.com, 1
+11fffkk.com, 1
+11fffll.com, 1
+11fffmm.com, 1
+11fffnn.com, 1
+11fffoo.com, 1
+11fffpp.com, 1
+11fffqq.com, 1
+11fffrr.com, 1
+11fffss.com, 1
+11ffftt.com, 1
+11fffuu.com, 1
+11fffvv.com, 1
+11fffww.com, 1
+11fffxx.com, 1
+11fffyy.com, 1
+11fffzz.com, 1
+11ffggg.com, 1
+11ffhhh.com, 1
+11ffiii.com, 1
+11ffjjj.com, 1
+11ffkk.com, 1
+11ffkkk.com, 1
+11fflll.com, 1
+11ffmmm.com, 1
+11ffnnn.com, 1
+11ffooo.com, 1
+11ffppp.com, 1
+11ffqqq.com, 1
+11ffrr.com, 1
+11ffrrr.com, 1
+11ffsss.com, 1
+11fftt.com, 1
+11ffttt.com, 1
+11ffuuu.com, 1
+11ffvvv.com, 1
+11ffwww.com, 1
+11ffxx.com, 1
+11ffxxx.com, 1
+11ffyy.com, 1
+11ffyyy.com, 1
+11ffzz.com, 1
+11ffzzz.com, 1
+11ggbb.com, 1
+11ggcc.com, 1
+11ggee.com, 1
+11ggjj.com, 1
+11ggrr.com, 1
+11ggss.com, 1
+11ggyy.com, 1
+11ggzz.com, 1
+11hhee.com, 1
+11hhff.com, 1
+11hhgg.com, 1
+11hhqq.com, 1
+11hhrr.com, 1
+11hhzz.com, 1
+11it.ru, 1
+11jjaa.com, 1
+11jjcc.com, 1
+11jjrr.com, 1
+11jjyy.com, 1
+11jjzz.com, 1
+11kkee.com, 1
+11kkff.com, 1
+11men.tk, 1
+11ppbb.com, 1
+11ppee.com, 1
+11pphh.com, 1
+11ppjj.com, 1
+11ppqq.com, 1
+11ppss.com, 1
+11pptt.com, 1
+11ppyy.com, 1
+11ppzz.com, 1
+11qqbb.com, 1
+11qqdd.com, 1
+11qqgg.com, 1
+11qqhh.com, 1
+11qqpp.com, 1
+11qqss.com, 1
+11rrcc.com, 1
+11rree.com, 1
+11rrff.com, 1
+11rrhh.com, 1
+11rrjj.com, 1
+11rrkk.com, 1
+11rrqq.com, 1
+11rrss.com, 1
+11rrzz.com, 1
+11sshh.com, 1
+11ssjj.com, 1
+11sskk.com, 1
+11sspp.com, 1
+11ssqq.com, 1
+11ssrr.com, 1
+11sstt.com, 1
+11traders.com, 1
+11ttbb.com, 1
+11tthh.com, 1
+11ttpp.com, 1
+11ttqq.com, 1
+11ttxx.com, 1
+11ttzz.com, 1
+11tv.dp.ua, 1
+11u15.com, 1
+11urss.com, 1
+11yycc.com, 1
+11yydd.com, 1
+11yyee.com, 1
+11yyjj.com, 1
+11yykk.com, 1
+11yyqq.com, 1
+11zzkk.com, 1
+11zztt.com, 1
+12.ag, 1
+12.digital, 1
+1200.cf, 1
+12006.com, 1
+120percent-inc.com, 1
+1212.tk, 1
+1212873467.rsc.cdn77.org, 1
+1218641649.rsc.cdn77.org, 1
+1220310.com, 1
+1220321.com, 1
+1220322.com, 1
+1220323.com, 1
+1220324.com, 1
+1220325.com, 1
+1220326.com, 1
+1220327.com, 1
+1220328.com, 1
+1220329.com, 1
+1220330.com, 1
+1220331.com, 1
+1220332.com, 1
+1220334.com, 1
+1220335.com, 1
+1220336.com, 1
+1220337.com, 1
+1220338.com, 1
+1220339.com, 1
+1220340.com, 1
+1220342.com, 1
+1220343.com, 1
+1220344.com, 1
+1220345.com, 1
+1220346.com, 1
+1220347.com, 1
+1220348.com, 1
+1220349.com, 1
+1220350.com, 1
+1222z6.com, 1
+1223.tk, 1
+123-d.com, 1
+123-ticketsystem.com, 1
+123.chat, 1
+123.gg, 1
+123110.com, 1
+123365t.com, 1
+1234.link, 1
+123410.xyz, 1
+12345.lv, 1
+12345678365.com, 1
+123456789365.com, 1
+12345porn.com, 1
+12356.xyz, 1
+12365t.com, 1
+123apps.com, 1
+123birthdaygreetings.com, 1
+123comparer.be, 1
+123comparer.fr, 1
+123derivatives.com, 1
+123djdrop.com, 1
+123e.tk, 1
+123freebrushes.com, 1
+123freevectors.com, 1
+123gostovanje.si, 1
+123greeting.tk, 1
+123hpcom.co.uk, 1
+123midterm.com, 1
+123noticias.com.br, 1
+123nutricion.es, 1
+123pay.ir, 1
+123petitspas.com, 1
+123seo.ml, 1
+123site.tk, 1
+123sportpassion.com, 1
+123start.pl, 1
+123start.tk, 1
+123storage.com.au, 1
+123termpapers.com, 1
+123verhuislift.nl, 1
+123viajando.com, 1
+123writings.com, 1
+124133.com, 1
+1244.tk, 1
+1244546066.rsc.cdn77.org, 1
+125-rue.com, 1
+12517.com, 1
+12554.com, 1
+12557.com, 1
+12558.com, 1
+12559.com, 1
+12588.com, 1
+125colours.tk, 1
+125m125.de, 1
+127011.ch, 1
+127661.com, 1
+12778.com, 1
+1277bet.com, 1
+128012.com, 0
+128612.com, 1
+12877.com, 1
+1288366.com, 1
+128bitar.net, 1
+129.co, 1
+12ag8.com, 1
+12apostleshotel.com, 1
+12go.asia, 1
+12go.co, 1
+12gramu.cz, 1
+12grid.co.jp, 1
+12l.nl, 1
+12lasee.com, 1
+12nomos.tk, 1
+12photos.eu, 0
+12socialsmansa.tk, 1
+12train.com, 1
+12u15.com, 1
+12vpx.com, 1
+13-th.com, 1
+130.ua, 0
+1300.cf, 1
+130kb.com, 1
+130ks.com, 1
+130ks.net, 1
+131365a.com, 0
+131365qq.com, 1
+1313z6.com, 1
+13214.cc, 1
+132813.com, 1
+132kv.ch, 1
+133.casino, 1
+13318522.com, 1
+1333.cf, 1
+133335.xyz, 1
+1333z6.com, 1
+1337.ax, 1
+133769.xyz, 1
+1337ersprime.com, 1
+133ks.com, 1
+133ks.net, 1
+133z6.com, 1
+13411-111.com, 1
+134ks.net, 1
+1359826938.rsc.cdn77.org, 1
+135vv.com, 1
+135z6.com, 1
+136814.com, 0
+136book.com, 1
+137724.com, 1
+137kb.com, 1
+137z6.com, 1
+138.hk, 1
+13826145000.com, 1
+138z6.com, 1
+1395kj.com, 1
+139z6.com, 1
+13ad.de, 1
+13ag8.com, 1
+13cloudmike.duckdns.org, 1
+13th-dover.uk, 1
+13u15.com, 1
+140.social, 1
+14000.cz, 1
+141-94-142-218.xyz, 1
+141-95-156-101.xyz, 1
+141145.com, 0
+14159.gb.net, 1
+142552.com, 0
+142710.com, 1
+144-217-180-114.xyz, 1
+144chan.ml, 1
+1453914078.rsc.cdn77.org, 1
+1459.io, 1
+145ks.net, 1
+1464424382.rsc.cdn77.org, 1
+146552.com, 0
+1481481.com, 0
+1481486.com, 1
+1481486.net, 1
+148663.com, 1
+149481.com, 1
+14er.jp, 1
+14er.net, 1
+14erc.com, 1
+14ercooper.com, 1
+14fbr.com, 1
+14flags.de, 1
+14it.de, 1
+14u15.com, 1
+14x3.de, 1
+15-montorgueil.com, 1
+1511774230.rsc.cdn77.org, 1
+1517.ch, 1
+1517598.com, 1
+1517668.com, 1
+1517669.com, 1
+1517883.com, 1
+1517886.com, 1
+1517889.com, 1
+1520301.com, 1
+1520302.com, 1
+1520303.com, 1
+1520304.com, 1
+1520305.com, 1
+1520306.com, 1
+1520310.com, 1
+1520316.com, 1
+1520318.com, 1
+1520319.com, 1
+1520320.com, 1
+1520322.com, 1
+1520323.com, 1
+1520324.com, 1
+1520325.com, 1
+1520326.com, 1
+1520327.com, 1
+1520328.com, 1
+1520329.com, 1
+1520330.com, 1
+1520331.com, 1
+1520332.com, 1
+1520333.com, 1
+1520334.com, 1
+1520335.com, 1
+1520336.com, 1
+1520337.com, 1
+1520338.com, 1
+1520339.com, 1
+1520340.com, 1
+1520341.com, 1
+1520342.com, 1
+1520343.com, 1
+1520344.com, 1
+1520345.com, 1
+1520346.com, 1
+1520347.com, 1
+1520348.com, 1
+1520349.com, 1
+1520350.com, 1
+1527web.com, 1
+152z6.com, 1
+1536.cf, 1
+153z6.com, 1
+154379.com, 1
+154922.com, 0
+155175.com, 0
+155ks.net, 1
+155z6.com, 1
+156k66.com, 1
+156z6.com, 1
+157z6.com, 1
+158.nl, 1
+158306.com, 0
+158bg.com, 1
+1590284872.rsc.cdn77.org, 1
+159ks.net, 1
+159z6.com, 1
+15k.me, 1
+15montorgueil.com, 1
+15october.net, 1
+15ruemontorgueil.com, 1
+15u15.com, 1
+16-qw.tk, 1
+1600esplanade.com, 1
+161.sh, 1
+161233.com, 0
+161263.com, 0
+16164f.com, 1
+16195.com, 1
+1620301.com, 1
+1620302.com, 1
+1620303.com, 1
+1620304.com, 1
+1620305.com, 1
+1620306.com, 1
+1620307.com, 1
+1620308.com, 1
+1620309.com, 1
+1620310.com, 1
+1620311.com, 1
+1620312.com, 1
+1620313.com, 1
+1620314.com, 1
+1620315.com, 1
+1620316.com, 1
+1620317.com, 1
+1620318.com, 1
+1620319.com, 1
+1620320.com, 1
+1620321.com, 1
+1620323.com, 1
+1620324.com, 1
+1620325.com, 1
+1620326.com, 1
+1620328.com, 1
+1620329.com, 1
+1620330.com, 1
+1620331.com, 1
+1620332.com, 1
+1620333.com, 1
+1620334.com, 1
+1620335.com, 1
+1620336.com, 1
+1620337.com, 1
+1620338.com, 1
+1620339.com, 1
+1620340.com, 1
+1620341.com, 1
+1620342.com, 1
+1620343.com, 1
+1620349.com, 1
+1620350.com, 1
+162263.com, 0
+162361.com, 0
+162632.com, 1
+162cr.com, 1
+162ea.com, 1
+162jonesrd.ca, 1
+163.gd, 1
+163132.com, 0
+16321.tk, 1
+163pay.com, 1
+164.co, 1
+1644091933.rsc.cdn77.org, 1
+1650thefan.com, 1
+16561155.com, 1
+16561166.com, 1
+16561177.com, 1
+16561188.com, 1
+1661237.com, 1
+166166.com, 1
+166jk.cc, 1
+167clan.net, 1
+1682019.co, 1
+16836500.com, 1
+1683651.com, 1
+16836511.com, 1
+1683652.com, 1
+16836522.com, 1
+1683653.com, 1
+16836533.com, 1
+1683654.com, 1
+16836544.com, 1
+16836555.com, 1
+16836577.com, 1
+16836588.com, 1
+1683659.com, 1
+16836599.com, 1
+168365t.com, 1
+168esb.com, 1
+168z6.com, 1
+16974.cc, 1
+169xpj.com, 1
+16megablast.tk, 1
+16packets.com, 1
+16qw.tk, 1
+16region.tk, 1
+16u15.com, 1
+16valerienicolas.tk, 1
+171365a.com, 1
+171365b.com, 1
+171365c.com, 1
+171365d.com, 1
+171365e.com, 1
+171365f.com, 1
+171365g.com, 1
+171365h.com, 1
+171365i.com, 1
+171365j.com, 1
+171365k.com, 1
+171365m.com, 1
+171365n.com, 1
+171365p.com, 1
+171365q.com, 1
+171365r.com, 1
+171365s.com, 1
+171365t.com, 1
+171365u.com, 1
+171365v.com, 1
+171365w.com, 1
+171365x.com, 1
+171365y.com, 1
+171365z.com, 1
+17187q.com, 1
+17190.com, 1
+1720301.com, 1
+1720302.com, 1
+1720303.com, 1
+1720304.com, 1
+1720305.com, 1
+1720306.com, 1
+1720307.com, 1
+1720308.com, 1
+1720309.com, 1
+1720312.com, 1
+1720313.com, 1
+1720314.com, 1
+1720315.com, 1
+1720316.com, 1
+1720317.com, 1
+1720318.com, 1
+1720319.com, 1
+1720320.com, 1
+1720321.com, 1
+1720322.com, 1
+1720323.com, 1
+1720324.com, 1
+1720325.com, 1
+1720326.com, 1
+1720327.com, 1
+1720328.com, 1
+1720329.com, 1
+1720330.com, 1
+1720331.com, 1
+1720332.com, 1
+1720333.com, 1
+1720334.com, 1
+1720335.com, 1
+1720336.com, 1
+1720337.com, 1
+1720338.com, 1
+1720339.com, 1
+1720340.com, 1
+1720341.com, 1
+1720342.com, 1
+1720343.com, 1
+1720344.com, 1
+1720345.com, 1
+1720346.com, 1
+1720347.com, 1
+1720348.com, 1
+1720349.com, 1
+1720350.com, 1
+172792.com, 1
+173.studio, 1
+174.net.nz, 1
+174343.com, 1
+1750studios.com, 0
+175dt.com, 1
+175k8.com, 0
+17901.com, 1
+17920.com, 1
+17921.com, 1
+17kpw.cc, 1
+17kpw.com, 1
+17ta.com, 1
+17th-airborne.tk, 1
+17u15.com, 1
+17xile.com, 1
+1800-mattress.net, 1
+1800baskets.com, 1
+1800flowers.com, 1
+1800matress.net, 1
+1800mattress.co, 1
+1800mattress.net, 1
+1800petmeds.com, 1
+180btt.com, 1
+181k8.com, 1
+181z6.com, 1
+1820301.com, 1
+1820302.com, 1
+1820303.com, 1
+1820304.com, 1
+1820305.com, 1
+1820306.com, 1
+1820307.com, 1
+1820308.com, 1
+1820309.com, 1
+1820310.com, 1
+1820311.com, 1
+1820313.com, 1
+1820314.com, 1
+1820315.com, 1
+1820316.com, 1
+1820317.com, 1
+1820318.com, 1
+1820319.com, 1
+1820320.com, 1
+1820321.com, 1
+1820322.com, 1
+1820323.com, 1
+1820324.com, 1
+1820325.com, 1
+1820326.com, 1
+1820327.com, 1
+1820328.com, 1
+1820329.com, 1
+1820330.com, 1
+1820331.com, 1
+1820332.com, 1
+1820333.com, 1
+1820334.com, 1
+1820335.com, 1
+1820336.com, 1
+1820337.com, 1
+1820338.com, 1
+1820340.com, 1
+1820341.com, 1
+1820342.com, 1
+1820343.com, 1
+1820344.com, 1
+1820345.com, 1
+1820346.com, 1
+1820347.com, 1
+1820348.com, 1
+1820349.com, 1
+1820350.com, 1
+182wh.com, 1
+182zlong.com, 1
+1831365.com, 1
+1832365.com, 1
+1834365.com, 1
+1837365.com, 1
+183cm.tk, 1
+183zlong.com, 1
+184325.com, 1
+1844329061.rsc.cdn77.org, 1
+18521.com, 1
+185k8.com, 1
+186526.club, 1
+186526.xyz, 1
+186588.xyz, 1
+1869365.com, 0
+186ks.com, 1
+1876365.com, 0
+1876996.com, 1
+18836.com, 1
+1888zr.com, 0
+188cn-sb.com, 1
+188da.com, 0
+188wei.com, 1
+189fc.com, 1
+18f.gov, 1
+18f.gsa.gov, 1
+18kit.com, 1
+18onlypixel.com, 1
+18onlypixels.com, 1
+18pee.com, 1
+18pioners.tk, 1
+18teensporn.pro, 1
+18upchat.com, 1
+18vr.com, 1
+1901.cz, 1
+1911trust.com, 1
+1912x.com, 1
+1920.tk, 1
+1920301.com, 1
+1920302.com, 1
+1920303.com, 1
+1920304.com, 1
+1920305.com, 1
+192080.com, 1
+19216811-sifre.com, 1
+19216811.mobi, 1
+192168ll.repair, 1
+1921958389.rsc.cdn77.org, 1
+1939365.com, 1
+1941-45.ru, 1
+1965.ml, 1
+196flavors.com, 1
+19770620.xyz, 1
+1981365.com, 1
+1981612088.rsc.cdn77.org, 1
+1986ventures.ph, 1
+1989-bmw-e30-forsale-in-norcal.com, 1
+1989studio.tk, 1
+198wei.com, 1
+1990.ee, 1
+1994.io, 0
+1999.rs, 1
+19990bb.com, 1
+19990c.com, 1
+19990cc.com, 1
+19990d.com, 0
+19990dd.com, 1
+19990e.com, 1
+19990ee.com, 1
+19990ff.com, 1
+19990g.com, 1
+19990gg.com, 1
+19990h.com, 1
+19990hh.com, 1
+19990i.com, 1
+19990ii.com, 1
+19990j.com, 1
+19990jj.com, 1
+19990kk.com, 1
+19990ll.com, 1
+19990m.com, 1
+19990mm.com, 1
+19990o.com, 1
+19990oo.com, 1
+19990p.com, 1
+19990q.com, 1
+19990r.com, 1
+19990rr.com, 1
+19990s.com, 1
+19990ss.com, 1
+19990tt.com, 1
+19990u.com, 1
+19990uu.com, 1
+19990v.com, 1
+19990vv.com, 1
+19990ww.com, 1
+19990x.com, 1
+19990xx.com, 1
+19990y.com, 1
+19990yy.com, 0
+19990zz.com, 1
+199ks.com, 1
+19area.cn, 1
+19hundert84.de, 1
+1a-diamantscheiben.de, 1
+1a-hyp.de, 1
+1a-media.com, 1
+1a-werkstattgeraete.de, 1
+1ab-machinery.com, 1
+1abcicka.ru, 1
+1adda.tk, 1
+1ae86.com, 1
+1ago.be, 1
+1ahyp.de, 1
+1allhosting.com, 1
+1android.de, 1
+1apple.com, 1
+1art.tk, 1
+1atelie.ru, 1
+1autoparts.com, 1
+1aweb.de, 1
+1b1.pl, 1
+1baks.tk, 1
+1bha7uk0.com, 1
+1bitcoinprice.com, 1
+1blazing.cf, 1
+1bps.eu.org, 1
+1bps.io, 1
+1brd.com, 1
+1breadcrumb.com, 1
+1breadcrumb.com.au, 1
+1c-power.ru, 1
+1cbit.ru, 1
+1chan.pl, 1
+1codex.online, 1
+1cover.co.nz, 1
+1cover.com.au, 1
+1cprosto.tk, 1
+1cswd.com, 1
+1datatec.com, 1
+1day.cc, 0
+1day1ac.red, 1
+1dispatch.com, 1
+1dollar.ml, 1
+1dollarwebsite.gq, 1
+1dot1dot1dot1.cf, 1
+1dt.ltd, 1
+1dv.link, 1
+1e9.nl, 1
+1eanda.com, 1
+1earn.com, 1
+1er-secours.ch, 0
+1f123.net, 1
+1f616emo.xyz, 1
+1fastcourse.com, 1
+1fc0.org, 1
+1fresh.com, 1
+1g.gg, 1
+1gp.us, 1
+1hc.be, 1
+1heart.tk, 1
+1heiz-pellets.de, 1
+1hfree.tk, 1
+1huiszoeken.nl, 1
+1ii.im, 1
+1it.click, 1
+1js.de, 1
+1kando.com, 0
+1kdui.com, 1
+1ki174.com, 1
+1kilise.com, 1
+1kilise.net, 1
+1kilise.org, 1
+1kmi.co, 1
+1kv.com.pl, 1
+1lc1.com, 0
+1ll.uk, 1
+1lord1faith.com, 1
+1m.duckdns.org, 1
+1malaysian.tk, 1
+1masquepourtous.com, 1
+1me.cz, 1
+1mgt.ru, 1
+1montre.fr, 1
+1my.me, 1
+1naturalway.com, 1
+1nf.me, 1
+1nian.vip, 1
+1node.site, 1
+1nza.net, 1
+1on1on1.de, 1
+1on1on1.tv, 1
+1onehouse.com, 1
+1onestrong.com, 1
+1opochkah.ru, 1
+1p.cl, 1
+1p.ro, 0
+1pair.com, 1
+1panorama.ru, 1
+1para.net, 1
+1password.ca, 1
+1password.com, 1
+1password.community, 1
+1password.eu, 1
+1picture.hu, 1
+1plus.red, 1
+1pluss.ee, 1
+1profile.ru, 1
+1project.com, 1
+1pw.ca, 1
+1q2w.nl, 1
+1q365a.com, 1
+1r.is, 1
+1rs.nl, 1
+1rust.net, 1
+1sand0s.nl, 1
+1scope.com, 1
+1se.co, 0
+1se2or3.com, 1
+1secretaire.com, 1
+1serial.tv, 1
+1sociaaldomein.nl, 1
+1st-bounce.co.uk, 1
+1st-community.de, 1
+1st-online-academy.com, 1
+1st2bounce.com, 1
+1stav.dk, 1
+1stcalldfw.com, 1
+1stchoicelodging.com, 1
+1stchoicewaterproofing.com, 1
+1stclassbouncycastles.co.uk, 1
+1stforfun.co.uk, 1
+1stpeninsulabouncers.co.uk, 1
+1strecipes.com, 1
+1ststop.co.uk, 1
+1sttix.org, 1
+1ticks.com, 1
+1tip.com, 1
+1tomplumber.com, 1
+1u0m.com, 1
+1up.it, 1
+1uptick.com, 1
+1v1.xyz, 1
+1v9.im, 1
+1v9.io, 1
+1volcano.ru, 1
+1voz.org, 1
+1vpns.com, 1
+1vs2.by, 1
+1way.faith, 1
+1whw.co.uk, 1
+1whw.uk, 1
+1wirelog.de, 1
+1x-00.com, 1
+1x-01.com, 1
+1x-04.com, 1
+1x-bet-co.com, 1
+1x-bet-ua.com, 1
+1x-bet-uz.com, 1
+1x-bet.com, 1
+1x-bet.ke, 1
+1x-bet2021.com, 1
+1x-bet93432.world, 1
+1x-betua.com, 1
+1x-bit.mobi, 1
+1x-kor.com, 1
+1x-korbet.com, 1
+1x-krbet.com, 1
+1x-mirrors.com, 1
+1x-th.com, 1
+1x1.re, 1
+1x2020.xyz, 1
+1x2betwinner.com, 1
+1x2magazine.eu, 1
+1x88.net, 1
+1xaja.com, 1
+1xb88.net, 1
+1xbenar.com, 1
+1xbet-015.com, 1
+1xbet-66669.top, 1
+1xbet-china.com, 1
+1xbet-ro.com, 1
+1xbet-s.com, 1
+1xbet-se.com, 1
+1xbet-sw.com, 1
+1xbet-uz.com, 1
+1xbet-viet.com, 1
+1xbet.ac, 1
+1xbet.ae, 1
+1xbet.af, 1
+1xbet.bo, 1
+1xbet.cd, 1
+1xbet.cg, 1
+1xbet.ci, 1
+1xbet.cm, 1
+1xbet.co.ke, 1
+1xbet.co.ls, 1
+1xbet.co.mu, 1
+1xbet.co.rw, 1
+1xbet.co.zw, 1
+1xbet.com, 1
+1xbet.com.gh, 1
+1xbet.com.gn, 1
+1xbet.com.mx, 1
+1xbet.com.na, 1
+1xbet.com.tw, 1
+1xbet.com.zm, 1
+1xbet.cr, 1
+1xbet.do, 1
+1xbet.ec, 1
+1xbet.fi, 1
+1xbet.games, 1
+1xbet.gd, 1
+1xbet.gf, 1
+1xbet.global, 1
+1xbet.gm, 1
+1xbet.go.ug, 1
+1xbet.gq, 1
+1xbet.gs, 1
+1xbet.gt, 1
+1xbet.gw, 1
+1xbet.hk, 1
+1xbet.hn, 1
+1xbet.ht, 1
+1xbet.in, 1
+1xbet.ke, 1
+1xbet.kz, 1
+1xbet.lat, 1
+1xbet.mg, 1
+1xbet.mq, 1
+1xbet.mw, 1
+1xbet.na, 1
+1xbet.ne.ug, 1
+1xbet.net.za, 1
+1xbet.ng, 1
+1xbet.nu, 1
+1xbet.org.mw, 1
+1xbet.org.na, 1
+1xbet.pe, 1
+1xbet.ph, 1
+1xbet.pk, 1
+1xbet.pn, 1
+1xbet.ps, 1
+1xbet.rw, 1
+1xbet.sb, 1
+1xbet.sc, 1
+1xbet.sc.ug, 1
+1xbet.sh, 1
+1xbet.sl, 1
+1xbet.sn, 1
+1xbet.sr, 1
+1xbet.tc, 1
+1xbet.td, 1
+1xbet.tj, 1
+1xbet.tl, 1
+1xbet.to, 1
+1xbet.ug, 1
+1xbet.vg, 1
+1xbet.vu, 1
+1xbet1.com, 1
+1xbet101.com, 1
+1xbet102.com, 1
+1xbet105.com, 1
+1xbet12.com, 1
+1xbet13.com, 1
+1xbet14.com, 1
+1xbet15.com, 1
+1xbet2.com, 1
+1xbet26.com, 1
+1xbet27.com, 1
+1xbet3.com, 1
+1xbet359348.top, 1
+1xbet36.com, 1
+1xbet4.com, 1
+1xbet50.com, 1
+1xbet6.com, 1
+1xbet7.com, 1
+1xbet733390.top, 0
+1xbet8.com, 1
+1xbet82.com, 1
+1xbet84.com, 1
+1xbet88.net, 1
+1xbet9.com, 1
+1xbetasia2018.com, 1
+1xbetasia2018.net, 1
+1xbetasia2018.space, 1
+1xbetbk16.com, 1
+1xbetbk17.com, 1
+1xbetbk2.com, 1
+1xbetbk4.com, 1
+1xbetbk6.com, 1
+1xbetbola.com, 1
+1xbetet.com, 1
+1xbetga.com, 1
+1xbethp.com, 1
+1xbetjap.com, 1
+1xbetkk.com, 1
+1xbetkor.com, 1
+1xbetkr.com, 1
+1xbetkr1.com, 1
+1xbetmm.com, 1
+1xbetqq.com, 1
+1xbetsd.com, 1
+1xbetst.com, 1
+1xbetsz.com, 1
+1xbettz.com, 1
+1xbetua.com, 1
+1xbit.com, 1
+1xbit1.com, 1
+1xbit4.com, 1
+1xbit5.com, 1
+1xbk.mobi, 1
+1xbkbet3.com, 1
+1xbkbet4.com, 1
+1xcinta.com, 1
+1xde.com, 1
+1xfast.com, 1
+1xfifa.com, 1
+1xgames.online, 1
+1xgokil.com, 1
+1xir-red.com, 1
+1xj.net, 1
+1xjago.com, 1
+1xjkt.com, 1
+1xjuara.com, 1
+1xmakati.com, 1
+1xmalaysia.com, 1
+1xmaubix.com, 1
+1xmenang.com, 1
+1xmob1pl.top, 1
+1xmobi.com, 1
+1xmyanmar.net, 1
+1xpartners.com, 1
+1xraja.com, 1
+1xraya.com, 1
+1xrindu.com, 1
+1xsinga.com, 1
+1xslot-ua.com, 1
+1xslot.casino, 1
+1xslot.space, 1
+1xslot2.xyz, 1
+1xslot3.com, 1
+1xslot6.xyz, 1
+1xslot7.xyz, 1
+1xslot76161.com, 1
+1xslotpartners.com, 1
+1xslotspartners.com, 1
+1xsport.mobi, 1
+1xspport.mobi, 1
+1xstavka.ru, 1
+1xsukan.com, 1
+1xsultan.com, 1
+1xsultanah.com, 1
+1xtranslate.com, 1
+1xvhy.xyz, 1
+1zagon.tk, 1
+1zavse.si, 1
+1zwolle.nl, 1
+2-ae.com, 1
+2-euromuenzen.de, 1
+2-faktor-betaling.dk, 1
+2.pe, 1
+2.wtf, 1
+20-jahre-auslandsdienst.tk, 1
+200.ee, 1
+200.network, 1
+2000.is, 1
+2000feet.tk, 1
+2000meter.no, 0
+2001y.me, 0
+200201.xyz, 1
+2007-g8.tk, 1
+20071019780415.com, 1
+2007nea.tk, 1
+200fcw.com, 1
+200mmx.net, 1
+200pppp.com, 1
+2012review.tk, 1
+2013review.tk, 1
+20140301.xyz, 1
+2015review.tk, 1
+2016.ga, 1
+2016.tk, 1
+2018-frisuren.tk, 1
+2018.wales, 1
+2018fifaworldcup.tk, 1
+2020cadillac.com, 1
+2020spaces.com, 1
+2021.dog, 1
+2021bleibtsernst.at, 1
+2021sb.com, 1
+2022.dog, 1
+2022class1.ga, 1
+202jj.com, 0
+2030404.com, 1
+2030411.com, 1
+2033002.com, 1
+2033003.com, 1
+2033004.com, 1
+2033005.com, 1
+2033006.com, 1
+2033007.com, 1
+2033008.com, 1
+2033009.com, 1
+2033010.com, 1
+2033011.com, 1
+2033a.com, 1
+2033c.com, 1
+2033z.com, 1
+203700.com, 1
+204504byse.info, 1
+2048-spiel.de, 1
+207169.com, 1
+207708.com, 1
+208.es, 1
+2083236893.com, 1
+208930.com, 1
+208garfield.com, 1
+208medical.org, 1
+20at.com, 1
+20denier.com, 1
+20four7va.com, 1
+20gg.de, 1
+20plus.com, 1
+20sights.tk, 1
+21-school.ru, 1
+21.co.uk, 1
+2113.ch, 1
+2132vip.com, 1
+2137.eu, 1
+2138vip.com, 1
+213k8.com, 1
+21566365.com, 0
+215advisors.com, 0
+218strand.com, 1
+21ce.com, 1
+21domain.com, 1
+21done.ph, 1
+21eb.com, 1
+21er.com, 1
+21expo.com, 1
+21football.com, 1
+21god.com, 1
+21gou.com, 1
+21green.com, 1
+21jobs.com, 1
+21kampus.com, 1
+21lab.co, 1
+21love.com, 1
+21nurse.com, 1
+21ol.com, 1
+21photo.com, 1
+21risk.com, 0
+21run.com, 1
+21soccer.com, 1
+21stcenturycarpentry.com.au, 1
+21stcenturyoptics.com, 1
+21stnc.us, 1
+21tax.com, 1
+21up.com, 1
+21venture.com, 1
+22-bets.org, 1
+22007apply.gov, 1
+220220.de, 1
+220control.ru, 1
+2211.cf, 1
+22168365.com, 1
+221791.com, 1
+221b.store, 1
+222001.com, 1
+222138vip.com, 1
+222321365.com, 0
+2226321.com, 1
+2227552.com, 1
+222bet86.com, 1
+222k8.net, 1
+222tips.com, 1
+223742.com, 1
+225485.com, 1
+2255motion.com, 1
+225950.com, 1
+2264707.ru, 1
+2277bet.com, 1
+228668.com, 1
+2288422.com, 1
+2288499.com, 1
+22884a.com, 0
+22884b.com, 0
+22884c.com, 0
+22884d.com, 0
+22884e.com, 0
+22884f.com, 0
+22884g.com, 0
+22884h.com, 0
+2299411.com, 1
+2299422.com, 1
+2299433.com, 1
+2299455.com, 1
+2299466.com, 1
+2299477.com, 1
+2299488.com, 1
+22b58.com, 1
+22bet-top.com, 1
+22bet.co.ke, 1
+22bet.com, 1
+22bet.ng, 1
+22bet86.com, 1
+22betglobal.com, 1
+22betpartners.com, 1
+22bets.me, 1
+22ccaa.com, 1
+22d.io, 1
+22delta.com, 1
+22emesiecle.com, 1
+22ffaaa.com, 1
+22ffbbb.com, 1
+22ffccc.com, 1
+22ffddd.com, 1
+22ffeee.com, 1
+22fffaa.com, 1
+22fffbb.com, 1
+22fffcc.com, 1
+22fffdd.com, 1
+22fffee.com, 1
+22fffgg.com, 1
+22fffhh.com, 1
+22fffii.com, 1
+22fffjj.com, 1
+22fffkk.com, 1
+22fffll.com, 1
+22fffmm.com, 1
+22fffnn.com, 1
+22fffoo.com, 1
+22fffpp.com, 1
+22fffqq.com, 1
+22fffrr.com, 1
+22fffss.com, 1
+22ffftt.com, 1
+22fffuu.com, 1
+22fffvv.com, 1
+22fffww.com, 1
+22fffxx.com, 1
+22fffyy.com, 1
+22fffzz.com, 1
+22ffggg.com, 1
+22ffhhh.com, 1
+22ffiii.com, 1
+22ffjjj.com, 1
+22ffkkk.com, 1
+22fflll.com, 1
+22ffmmm.com, 1
+22ffnnn.com, 1
+22ffooo.com, 1
+22ffppp.com, 1
+22ffqqq.com, 1
+22ffrrr.com, 1
+22ffsss.com, 1
+22ffttt.com, 1
+22ffuuu.com, 1
+22ffvvv.com, 1
+22ffwww.com, 1
+22ffxxx.com, 1
+22ffyyy.com, 1
+22ffzzz.com, 1
+22hd.ru, 1
+22i.co.uk, 1
+22lc8.com, 0
+22momo.com, 1
+22nd.com, 0
+22ndcircuitil.gov, 1
+22ssbb.com, 1
+22ssjj.com, 1
+22sskk.com, 1
+22sstt.com, 1
+22tete.com, 1
+22times.com, 1
+22ttgg.com, 1
+22vetter.st, 1
+22xxjj.com, 1
+22xxyy.com, 1
+22yybb.com, 1
+22yydd.com, 1
+22yyii.com, 1
+22yyjj.com, 1
+22yykk.com, 1
+22yypp.com, 1
+22yyqq.com, 1
+22yyrr.com, 1
+22yyss.com, 1
+22yytt.com, 1
+22zt.com, 1
+230594.com, 1
+230beats.com, 1
+232192.com, 1
+233.be, 1
+233.land, 1
+233.services, 1
+2333.press, 1
+233333.ga, 1
+233356.xyz, 0
+2333blog.com, 1
+2333boy.com, 1
+2333hub.com, 1
+2333z6.com, 1
+23365t.com, 1
+233abc.com, 0
+233blog.com, 1
+233boy.com, 1
+233boy.net, 1
+233boy.org, 1
+233hub.com, 1
+233hub.net, 1
+233hub.org, 1
+233hugo.com, 1
+233image.land, 1
+233leyuan.top, 1
+233ss.net, 1
+233try.com, 1
+233v2.com, 1
+233vps.com, 1
+234.fi, 1
+2340365.com, 0
+2345.lgbt, 1
+2345666365.com, 0
+2345678365.com, 1
+23456789365.com, 0
+2346321.com, 1
+2347porthcawlatc.tk, 1
+235u.net, 1
+236530.com, 1
+236560.com, 1
+236570.com, 1
+238923.com, 1
+23andme.com, 1
+23andme.io, 1
+23ks.app, 1
+24-7.fi, 1
+24-7.jp, 1
+24-7intouch.com, 1
+24-restore.com, 1
+240525.com, 1
+240786.com, 1
+241552.com, 1
+242552.com, 1
+242846.com, 1
+243581.com, 1
+2444.cf, 1
+244821.com, 1
+245990.xyz, 1
+245meadowvistaway.com, 0
+246060.ru, 1
+247a.co.uk, 1
+247able.com, 1
+247analsex.com, 1
+247asiansex.com, 1
+247bar.fr, 1
+247bigboobs.com, 1
+247butts.com, 1
+247cumshots.com, 1
+247dns.net, 1
+247healthshop.com, 1
+247maturesex.com, 1
+247medplan.com, 1
+247megamart.com.au, 1
+247naijabuzz.com, 1
+247vision.com, 1
+247xchanger.com, 1
+248000.xyz, 1
+24848168.com, 0
+24848188.com, 0
+24848588.com, 0
+24848918.com, 0
+24848966.com, 0
+24848988.com, 0
+24848a.vip, 1
+24848b.vip, 1
+24848c.vip, 1
+24848d.vip, 1
+24848e.vip, 0
+24848h.vip, 0
+24848rr.com, 0
+24848v.vip, 0
+24848w.vip, 0
+24848x.vip, 0
+24848y.vip, 0
+24848z.vip, 0
+248663.com, 1
+2495dentalimplants.com, 1
+249722.com, 1
+249cq.com, 1
+24action.com, 1
+24active.com, 1
+24alarm.com, 1
+24ball.com, 1
+24beauty.com, 1
+24bel.ru, 0
+24chance.tk, 1
+24control.com, 1
+24fair.com, 1
+24fan.com, 1
+24gazette.ga, 1
+24gis.com, 1
+24go.me, 1
+24h.com.br, 0
+24hod.com, 1
+24hour-locksmithsanantonio.com, 1
+24hourcyclist.co.uk, 1
+24hourlocksmithdallastx.com, 1
+24hourlocksmithspring.com, 1
+24hrbrandbash.com, 1
+24images.com, 1
+24k.co.jp, 1
+24livene.com, 1
+24london.com, 1
+24meg.com, 1
+24monitor.com, 1
+24onlain.tk, 1
+24read.com, 1
+24see.com, 1
+24share.com, 1
+24slides.com, 1
+24slot.com, 1
+24status.com, 1
+24vod.com, 1
+24webservice.nl, 1
+24x7aircargoservices.co.in, 1
+2500.cf, 1
+2502.net, 1
+250708.com, 1
+2525admin.nl, 1
+253007.com, 1
+253325.com, 1
+254vc.ml, 1
+2555z6.com, 1
+256br.com, 1
+256k.me, 1
+258management.cf, 1
+258management.ga, 1
+258management.ml, 1
+259454.com, 1
+259885.com, 1
+25lotto.co.ke, 1
+25lotto.com, 1
+25may.tk, 1
+25oclock.com, 1
+25percent.me, 1
+25refer.tk, 1
+25reinyan25.net, 1
+2600edinburgh.org, 1
+2600hq.com, 1
+2601.de, 1
+260150.com, 1
+262569.com, 1
+263email.com, 1
+263mail.com, 1
+267326.com, 1
+269196.com, 1
+2698pacificave.com, 1
+26bbc.com, 1
+26ck.com, 1
+26uuu.mobi, 1
+26uuu.us, 1
+27.gay, 1
+27000.best, 1
+271624.com, 1
+2718282.net, 1
+272live.com, 1
+275004.com, 1
+275763.com, 1
+27728522.com, 1
+277z6.com, 1
+27lx.me, 1
+27skycake.com, 1
+28-industries.com, 1
+280.social, 1
+281180.de, 1
+281ks.com, 1
+282ks.com, 1
+283228.com, 1
+28365cn-365.com, 1
+283928.com, 1
+28428.com, 0
+284365.com, 1
+285128.com, 1
+285928.com, 1
+287328.com, 1
+287628.com, 1
+2881dh.com, 1
+288628.com, 0
+28865.de, 1
+288cn-563.com, 1
+288game.net, 1
+2890.ltd, 1
+289728.com, 1
+28spots.net, 1
+291167.xyz, 1
+2912.nl, 1
+293685.com, 1
+2948.ca, 1
+297computers.com, 1
+2991236.com, 1
+299zzz.com, 1
+29a.ch, 1
+29dejuniode1997.tk, 1
+29zw.com, 1
+2ae86.com, 1
+2b2b.pro, 1
+2b2t.fi, 1
+2bas.nl, 1
+2bcompany.ch, 0
+2bet86.com, 1
+2bis10.de, 1
+2bitboer.com, 1
+2bitout.com, 1
+2blazing.cf, 1
+2bu2t.online, 1
+2bu2t.ru, 1
+2buldzha2t.ru, 1
+2business.ml, 1
+2c-b.com, 1
+2c-d.com, 1
+2c-e.com, 1
+2c-t-2.com, 1
+2c-t-7.com, 1
+2c-t-8.com, 1
+2cars.com, 1
+2cat.cc, 1
+2cb.rocks, 1
+2chan.eu, 1
+2chan.jp, 1
+2chi1.com, 1
+2choose.com, 1
+2class.eu.org, 1
+2cv-co.be, 1
+2cvclubdepicardie.tk, 1
+2daysmood.asia, 1
+2daysmood.eu, 1
+2daysmood.nl, 1
+2daysmood.us, 1
+2diets.ru, 1
+2dk.info, 1
+2dns.com, 1
+2driver-ok.ml, 1
+2earn-online.com, 0
+2fa.directory, 1
+2finish.com, 1
+2fm.ie, 1
+2fm.radio, 1
+2fr3.com, 1
+2fraud.pro, 1
+2free.com, 1
+2g1s.net, 1
+2gallery.com, 1
+2gen.com, 1
+2gether.fr, 1
+2gisparser.tk, 1
+2h-nagoya.org, 1
+2habc.com, 1
+2handcar.com, 1
+2head.com, 1
+2heartsbookings.co.uk, 1
+2hypeenterprises.com, 1
+2img.net, 1
+2impact.com, 1
+2innovateit.com, 0
+2insights.com, 1
+2isk.in, 1
+2jhb.com, 1
+2jtech.net, 1
+2k2solutions.com, 1
+2k7.link, 1
+2kgwf.fi, 1
+2kinds.tk, 1
+2krueger.de, 1
+2ladd.com, 1
+2lafel.ro, 1
+2learncomputing.ga, 1
+2learncomputing.ml, 1
+2li.ch, 1
+2link.ga, 1
+2logical.net, 1
+2manydits.com, 1
+2mb.solutions, 1
+2mfitnessduo.com, 1
+2milebridge.com, 1
+2mileservice.com, 1
+2mir.com, 1
+2mkz.eu, 1
+2mp.ca, 1
+2nains.ch, 0
+2ndface.info, 1
+2ndmileservice.com, 1
+2ndtivertonscouts.tk, 1
+2nerds1bit.com, 1
+2nimpresores.es, 1
+2nodez.com, 1
+2of.me, 1
+2one.one, 1
+2or3.tk, 1
+2pi.finance, 1
+2pi.network, 1
+2rsc.com, 1
+2rsc.net, 1
+2sendai.net, 1
+2serious.com, 1
+2steel.com, 1
+2stv.net, 0
+2target.com, 1
+2tausend19.de, 1
+2th.me, 1
+2think.org, 1
+2travel8.world, 1
+2url.link, 1
+2ustyle.com, 1
+2value.com, 1
+2vnews.com, 1
+2vp-an.online, 1
+2wheel.com, 0
+2x.nu, 1
+2xgraphik.com, 1
+2y.fi, 1
+2y3x.com, 1
+2yar.tk, 1
+2yy.nl, 1
+3-ae.com, 1
+3.sb, 1
+30-v-minutu.ml, 1
+3000security.co.uk, 1
+30019cc.com, 1
+3007337.com, 1
+300jjjj.com, 1
+300m.com, 1
+301.moe, 1
+301.one, 0
+301.sh, 1
+301.technology, 1
+301334.com, 1
+30375500.com, 1
+30375533.com, 1
+3056999.com, 1
+305westendassistedliving.com, 1
+3078i.com, 0
+308274.com, 1
+3090.eu, 1
+30bet365.com, 1
+30daystosoc.com, 1
+30deagosto.tk, 1
+30for30podcasts.com, 1
+30minut.com, 1
+30nama1.tk, 1
+30region.tk, 1
+30ta.com, 1
+31-elagage.fr, 1
+31.to, 1
+3100.cf, 1
+3133bet.com, 1
+313xpj.com, 0
+314257.com, 1
+314553.com, 1
+315422.com, 1
+315xpj.com, 0
+317811111.com, 0
+317822222.com, 0
+31783333.com, 1
+317833333.com, 0
+317844444.com, 0
+317855555.com, 0
+31786666.com, 0
+317866666.com, 0
+3178666666.com, 1
+317877777.com, 0
+3178888888.com, 1
+31789999.com, 0
+317899999.com, 0
+3178b.com, 0
+3178c.com, 0
+3178dd.com, 1
+3178ddd.com, 0
+3178e.com, 0
+3178f.com, 0
+3178g.com, 0
+3178h.com, 0
+3178i.com, 0
+3178l.com, 0
+3178m.com, 0
+3178n.com, 0
+3178o.com, 0
+3178p.com, 0
+3178ppp.com, 0
+3178qqq.com, 0
+3178rrr.com, 0
+3178tt.com, 0
+3178ttt.com, 0
+3178uuu.com, 0
+3178vvv.com, 0
+3178ww.com, 0
+3178www.com, 0
+3178xx.com, 0
+3178xxx.com, 0
+3178yy.com, 0
+3178yyy.com, 1
+3178zzz.com, 0
+319064.com, 1
+319k3.com, 1
+319xpj.com, 1
+31fss.marketing, 1
+31fss.net, 1
+31fss.support, 1
+320281.net, 1
+321132.com, 0
+321666365.com, 1
+321live.nl, 1
+3233bet.com, 1
+323kkk.com, 1
+325fss.marketing, 1
+326243.com, 1
+3265623.com, 1
+32bet365.com, 1
+32h.de, 1
+32kk.edu.ee, 1
+33-couvreur.fr, 1
+33-elagage.fr, 1
+33-km.ru, 1
+3306.io, 1
+33132.com, 1
+33138app.com, 0
+33138vip.com, 1
+33168365.com, 1
+331977.com, 0
+3332444.com, 0
+333321365.com, 0
+3333365t.com, 1
+333365t.com, 1
+3333ylc.cc, 1
+3336321.com, 1
+333bet86.com, 1
+333capital.com, 1
+333capital.com.au, 1
+33445111.com, 1
+33445222.com, 1
+33445444.com, 1
+335a.cc, 0
+336yh.com, 1
+3389p.com, 1
+338da.com, 1
+338sa.com, 1
+339999.top, 1
+33acac.com, 1
+33b58.com, 1
+33devici.ml, 1
+33ffaaa.com, 1
+33ffbbb.com, 1
+33ffccc.com, 1
+33ffddd.com, 1
+33ffeee.com, 1
+33fffaa.com, 1
+33fffbb.com, 1
+33fffcc.com, 1
+33fffdd.com, 1
+33fffee.com, 1
+33fffgg.com, 1
+33fffhh.com, 1
+33fffii.com, 1
+33fffjj.com, 1
+33fffkk.com, 1
+33fffll.com, 1
+33fffmm.com, 1
+33fffnn.com, 1
+33fffoo.com, 1
+33fffpp.com, 1
+33fffqq.com, 1
+33fffrr.com, 1
+33fffss.com, 1
+33ffftt.com, 1
+33fffuu.com, 1
+33fffvv.com, 1
+33fffww.com, 1
+33fffxx.com, 1
+33fffyy.com, 1
+33fffzz.com, 1
+33ffggg.com, 1
+33ffhhh.com, 1
+33ffiii.com, 1
+33ffjjj.com, 1
+33ffkkk.com, 1
+33fflll.com, 1
+33ffmmm.com, 1
+33ffnnn.com, 1
+33ffooo.com, 1
+33ffppp.com, 1
+33ffqqq.com, 1
+33ffrrr.com, 1
+33ffsss.com, 1
+33ffttt.com, 1
+33ffuuu.com, 1
+33ffvvv.com, 1
+33ffwww.com, 1
+33ffxxx.com, 1
+33ffyyy.com, 1
+33ffzzz.com, 1
+33knkn.com, 1
+33zv.com, 0
+33zxzx.com, 1
+3400.cf, 1
+342960.com, 1
+3433bet.com, 1
+34365t.com, 1
+3444.cf, 1
+34536565.com, 0
+3455bet.com, 1
+345666365.com, 0
+3456666365.com, 0
+345678365.com, 1
+3456789365.com, 1
+3466bet.com, 1
+3473-wiki.de, 1
+347552.com, 1
+3477bet.com, 1
+348663.com, 1
+34bg.com, 1
+34ja.com, 1
+34jw.com, 1
+34metiza.ru, 0
+34nh.com, 1
+34nj.com, 1
+350.org, 1
+35089y.com, 1
+351079.com, 1
+351365.com, 0
+3539783.com, 1
+3555500.com, 1
+3559365.com, 1
+355fss.com, 1
+356338.com, 1
+356338a.com, 1
+356338b.com, 1
+357601.com, 1
+35898a.com, 1
+35898b.com, 1
+35898c.com, 1
+35898d.com, 1
+35898e.com, 1
+35898f.com, 1
+35898g.com, 1
+35898h.com, 1
+35898j.com, 1
+35898k.com, 1
+35898m.com, 1
+35898s.com, 1
+35898w.com, 1
+35898x.com, 1
+35898y.com, 1
+35mm.im, 1
+35uj.com, 1
+35wsolutions.com, 1
+360-ot.de, 1
+3602020.xyz, 1
+360365.com, 1
+360bcty.com, 1
+360cycling.com.br, 1
+360degreecloud.com, 1
+360dental.com, 1
+360dialog.com, 1
+360e-commerce.de, 1
+360e-commerce.net, 1
+360ecogroup.com, 0
+360ecommerce.de, 1
+360ecommerce.net, 1
+360faces.com, 1
+360gradus.com, 0
+360hosting.com.au, 1
+360islam.com, 1
+360kuvia.fi, 1
+360now.com, 1
+360organic.com, 1
+360primeview.ie, 1
+360prokuvat.fi, 1
+360rail.nl, 1
+360spider.com, 1
+360system.com, 1
+360tr.com, 1
+360trust.com, 1
+360videoshare.com, 1
+360vrs.com, 1
+361116.com, 1
+3615jacky.fr, 1
+364553.com, 1
+365.systems, 1
+36506088.com, 1
+36506099.com, 1
+3651145.com, 1
+3651147.com, 1
+3651149.com, 1
+3651201.com, 1
+3651202.com, 1
+3651203.com, 1
+3651204.com, 1
+3651205.com, 1
+3651267.com, 0
+3652389.com, 0
+36525.hk, 1
+36533c.com, 1
+36533d.com, 1
+36533e.com, 1
+36533f.com, 1
+36533h.com, 1
+36533i.com, 1
+36533j.com, 1
+36533k.com, 1
+36533l.com, 1
+36533m.com, 1
+36533n.com, 1
+36533o.com, 1
+36533r.com, 1
+36533s.com, 1
+36533t.com, 1
+36533u.com, 1
+365365.com, 1
+3653650000.com, 0
+3653651111.com, 1
+36536533.vip, 0
+3653654444.com, 1
+36536555.vip, 0
+36536566.vip, 0
+36536588.vip, 0
+36536599.vip, 0
+3655053.com, 1
+36554ll.com, 0
+3655612.com, 0
+3655623.com, 0
+3655634.com, 0
+3655645.com, 0
+365600dl.com, 1
+36565123.com, 0
+36565234.com, 0
+36565345.com, 0
+365654321.com, 0
+36565456.com, 0
+36565567.com, 0
+36565678.com, 1
+36565789.com, 0
+36565b.com, 1
+36565f.com, 0
+3656701.com, 0
+3656712.com, 0
+3656723.com, 0
+3656734.com, 0
+3656745.com, 0
+3656778.com, 0
+36587654321.com, 1
+365886.com, 1
+3658887654.com, 0
+36594a.com, 1
+36594b.com, 1
+36594c.com, 1
+3659868.com, 1
+3659869.com, 1
+3659980.com, 1
+365a1.com, 0
+365air.com, 1
+365beautyworld.com, 1
+365blog.com, 1
+365canvas.com, 1
+365check.com, 1
+365cn-288.com, 1
+365coupon.com, 1
+365eib.com, 1
+365eif.com, 1
+365eil.com, 1
+365eiq.com, 1
+365eis.com, 1
+365eiv.com, 1
+365eiw.com, 1
+365fast.com, 1
+365healthworld.com, 1
+365iosapp.com, 0
+365labs.cloud, 1
+365nnnn.com, 0
+365pet.com, 1
+365proxy.com, 1
+365q01.com, 1
+365r.co, 0
+365renovations.com, 1
+365sb-cn.com, 1
+365skulls.com, 1
+365vision.com, 1
+365y0.com, 0
+365y00.com, 0
+365y11.com, 0
+365y2.com, 0
+365y22.com, 0
+365y3.com, 0
+365y33.com, 1
+365y5.com, 0
+365y55.com, 0
+365y6.com, 0
+365y66.com, 0
+365y7.com, 0
+365y77.com, 0
+365y9.com, 0
+365y99.com, 0
+365yapan.com, 1
+365ypw.com, 1
+365zg.org, 1
+369369.xyz, 1
+369bin.com, 1
+369dp.com, 1
+369eq.com, 1
+369ex.com, 1
+369ra.com, 1
+369rr.com, 1
+36ga.com, 1
+36ja.com, 1
+36jn.com, 1
+36kn.com, 1
+36ky.com, 1
+36pd.com, 1
+36pg.com, 1
+36xk.com, 1
+36xn.com, 1
+36yf.com, 1
+370337.com, 1
+370385.com, 1
+371037.com, 1
+371137.com, 1
+371437.com, 1
+371cloud.com, 0
+372bbb.com, 1
+373.moe, 1
+373521.com, 1
+374161.com, 1
+375337.com, 1
+375realty.com, 1
+376064.com, 1
+376937.com, 1
+377625.com, 1
+377632.com, 1
+377837.com, 1
+377854.com, 1
+377ks.com, 1
+377zzz.com, 1
+378537.com, 1
+378837.com, 1
+37889658.com, 0
+378901.com, 1
+378902.com, 1
+379237.com, 1
+379437.com, 1
+379637.com, 1
+379700.com, 1
+379737.com, 1
+3798.com, 0
+37987.com, 1
+37987d.com, 1
+37987e.com, 0
+37987f.com, 0
+379937.com, 1
+379efss.com, 1
+37zk.com, 1
+37zw.com, 1
+3800.cf, 1
+380111000.com, 1
+380111777.com, 1
+380222444.com, 0
+380805.com, 1
+38138938.com, 1
+38317.tk, 1
+3837k.com, 0
+3837x.com, 0
+383838.plus, 1
+3839.ca, 1
+383aaa.com, 1
+384854.com, 1
+385833.com, 1
+387538.com, 1
+3880p.com, 1
+38888msc.com, 1
+388da.com, 1
+38irkutsk.tk, 1
+390539.com, 1
+390trains.com, 1
+391231.com, 1
+392365.com, 0
+393239.com, 1
+393335.ml, 0
+394553.com, 1
+395039.com, 1
+3957b.com, 1
+3957d.com, 1
+3957g.com, 1
+396039.com, 1
+396228.com, 0
+396301.com, 0
+396303.com, 0
+396304.com, 0
+396305.com, 0
+3963bb.com, 1
+3963cc.com, 0
+3963dd.com, 0
+396539.com, 1
+397039.com, 1
+3970a.com, 1
+3970aa.com, 1
+3970abc.com, 1
+3970b.com, 1
+3970bb.com, 1
+3970cc.com, 1
+3970ccc.com, 1
+3970d.com, 1
+3970dd.com, 1
+3970f.com, 1
+3970fa.com, 1
+3970ff.com, 1
+3970g.com, 1
+3970gg.com, 1
+3970go.com, 1
+3970h.com, 1
+3970hh.com, 1
+3970ii.com, 1
+3970j.com, 1
+3970jj.com, 1
+3970ku.com, 1
+3970l.com, 1
+3970ll.com, 1
+3970mm.com, 1
+3970n.com, 1
+3970o.com, 1
+3970oo.com, 1
+3970p.com, 1
+3970pp.com, 1
+3970q.com, 1
+3970qq.com, 1
+3970r.com, 1
+3970ss.com, 1
+3970tt.com, 1
+3970u.com, 1
+3970uu.com, 1
+3970v.com, 1
+3970vv.com, 1
+3970w.com, 1
+3970win.com, 1
+3970ww.com, 1
+3970xx.com, 1
+3970y.com, 1
+3970yes.com, 1
+3970ylc.com, 1
+3970yy.com, 1
+3970z.com, 1
+3970zz.com, 1
+397542.com, 1
+398039.com, 1
+399739.com, 1
+399839.com, 1
+39news.tk, 1
+39sihu.com, 0
+39w66.com, 1
+3aa365.com, 1
+3abnstore.com, 1
+3accounts.ml, 1
+3ae86.com, 1
+3aexpert.com.ua, 1
+3ags.de, 1
+3ameldaw.ml, 1
+3amtoolbox.se, 1
+3arena.ie, 1
+3b-concept.fr, 1
+3b.pm, 1
+3bb365.com, 1
+3bet86.com, 1
+3bigking.com, 1
+3blazing.cf, 1
+3candy.com, 1
+3cbalance.pl, 1
+3cc365.com, 1
+3changtrai.com, 1
+3countiescastlehire.co.uk, 1
+3creation.com, 1
+3cs.ch, 0
+3ct.group, 1
+3cup90.com, 1
+3d-animator.net, 1
+3d-glow.de, 1
+3d-station.fr, 1
+3d47.com, 1
+3dall.ro, 1
+3danimation.tk, 1
+3dapartment.com, 1
+3dc9.jp, 1
+3dcaipiao.com, 1
+3dcollective.es, 1
+3dcopy.com, 1
+3dd365.com, 1
+3degreedesign.co.uk, 1
+3deni.com, 1
+3dexpose.tk, 1
+3dfeel.com, 1
+3dfiguur.nl, 0
+3dflat.tk, 1
+3dflipbook.net, 1
+3dgep.com, 1
+3dinosaurs.com, 1
+3dissue.com, 1
+3djapan.com, 1
+3djava.ml, 1
+3dlab.team, 1
+3dlan.com, 1
+3dm.audio, 1
+3dmedium.de, 1
+3dmetalprinting.tk, 1
+3dmili.com, 1
+3dmusiclab.nl, 1
+3dnovedades.com, 0
+3do3dont.com, 1
+3down.com, 1
+3dprintedobjects.be, 1
+3dprintsondemand.eu, 1
+3dranger.com, 1
+3dreal.tk, 1
+3ds-max.org, 1
+3dscanners.co.uk, 1
+3dsites.tk, 1
+3dstandard.com, 1
+3dstore.dk, 1
+3dsupplies.be, 1
+3dtech.pt, 1
+3dvf.com, 1
+3dvisual.studio, 1
+3dzip.org, 1
+3ecpa.com.hk, 1
+3ecpa.com.my, 1
+3ecpa.com.sg, 1
+3ee365.com, 1
+3einfrastructure.com, 1
+3elife.vn, 0
+3em1.pt, 1
+3eyonetim.com, 1
+3ff365.com, 1
+3foto.at, 1
+3g-bandet.tk, 1
+3gdev.com, 1
+3gdu.tk, 1
+3gg365.com, 1
+3h-co.de, 1
+3haeuserprojekt.org, 1
+3haueserprojekt.org, 1
+3hh365.com, 1
+3huan.com, 1
+3i-infotech.com, 1
+3ieimpact.org, 1
+3ii365.com, 1
+3james.com, 1
+3jj365.com, 1
+3ks.pl, 1
+3link.com, 1
+3links.com, 1
+3lmnyblogger.ga, 1
+3logic.ru, 1
+3lot.ru, 1
+3marilynthemedia.cf, 1
+3mediaweb.com, 1
+3mind-solutions.com, 1
+3ml.org.uk, 0
+3newsnow.com, 1
+3niu007.com, 1
+3niu010.com, 1
+3niu111.com, 1
+3niu126.com, 1
+3niu161.com, 1
+3niu1688.com, 1
+3niu178.com, 1
+3niu186.com, 1
+3niu222.com, 1
+3niu226.com, 1
+3niu282.com, 1
+3niu333.com, 1
+3niu353.com, 1
+3niu388.com, 1
+3niu505.com, 1
+3niu568.com, 1
+3niu57.com, 1
+3niu58.com, 1
+3niu588.com, 1
+3niu599.com, 1
+3niu636.com, 1
+3niu64.com, 1
+3niu66.com, 1
+3niu666.com, 1
+3niu6666.com, 1
+3niu668.com, 1
+3niu67.com, 1
+3niu686.com, 1
+3niu699.com, 1
+3niu72.com, 1
+3niu727.com, 1
+3niu768.com, 1
+3niu770.com, 1
+3niu771.com, 1
+3niu777.com, 1
+3niu7777.com, 1
+3niu855.com, 1
+3niu868.com, 1
+3niu880.com, 1
+3niu885.com, 1
+3niu888.com, 1
+3niu89.com, 1
+3niu922.com, 1
+3niu99.com, 1
+3niusurl.com, 1
+3niuurls.com, 1
+3orod.ml, 1
+3os.ooo, 1
+3os.org, 1
+3pestki.org, 1
+3phase.pw, 1
+3pif.de, 1
+3pillarglobal.com, 1
+3plusdesign.gr, 1
+3pm.tw, 1
+3prn.com, 1
+3pro.ca, 1
+3proxy.org, 1
+3proxy.ru, 1
+3q.video, 1
+3queens.cz, 1
+3queens.io, 1
+3r.org.uk, 1
+3rabsite.tk, 1
+3rd.fi, 1
+3rr0r.com, 1
+3rr0r.net, 1
+3rr0r.org, 1
+3s-datasolution.de, 1
+3s-datasolutions.de, 1
+3s-ddns.de, 1
+3s-dns.de, 1
+3s-hosting.de, 1
+3s-mail.de, 1
+3scort.tk, 1
+3sd.it, 1
+3sdatasolution.de, 1
+3sdatasolutions.de, 1
+3sddns.de, 1
+3sdns.de, 1
+3shosting.de, 1
+3sisecurity.com, 1
+3sixtydutyfree.com, 1
+3smail.de, 1
+3speak.tv, 1
+3techjournal.cf, 1
+3tiers.xyz, 1
+3trees.tk, 1
+3u15.com, 1
+3v3s.tk, 1
+3v4l.org, 1
+3varta.com.ua, 0
+3vensen.no, 1
+3vlnaeet.cz, 1
+3w-solutions.fr, 1
+3wid.com.br, 1
+3wincorp.com, 1
+3xx.click, 1
+3xx.link, 1
+3zm-cheats.de, 1
+3zm-hacks.de, 1
+3zm.de, 1
+3zzbet.com, 1
+4-0-4.ga, 1
+4-ae.com, 1
+4.com.ms, 1
+4.sb, 1
+4000milestare.com, 1
+4000ok.com, 1
+4000sf.com, 1
+40010monogatari.com, 1
+4005365.com, 1
+4008810.com, 1
+400yaahc.gov, 1
+401go.com, 1
+401ksite.com, 1
+4025360.com, 1
+4025361.com, 1
+4025362.com, 1
+4025363.com, 1
+4025364.com, 1
+4025365.com, 1
+4025366.com, 1
+4025367.com, 1
+4025368.com, 1
+4025369.com, 1
+403.ch, 1
+403page.com, 1
+404.blue, 0
+404.city, 1
+404.guide, 1
+404888.xyz, 1
+4048kkk.com, 1
+4048v.com, 1
+404group.tk, 1
+404notfound.com.br, 1
+408663.com, 1
+409564.com, 1
+40acts.org.uk, 1
+40anospaguemenos.com.br, 1
+40daysnutrition.com, 1
+40percentpapermache.com, 1
+4100.cf, 1
+41199.com, 1
+413504.com, 1
+4144bet.com, 1
+414553.com, 1
+415.ai, 1
+4151365.com, 1
+418.im, 1
+418663.com, 1
+419213.com, 1
+419sport.tk, 1
+41southbar.com, 1
+420.nerdpol.ovh, 1
+420screen.com, 1
+420weedcenter.com, 1
+4222.cf, 1
+4233065.com, 1
+4233068.com, 1
+4233069.com, 1
+4233330.com, 1
+4233331.com, 1
+4233332.com, 1
+4233334.com, 1
+4233335.com, 1
+4233336.com, 1
+4233337.com, 1
+4233338.com, 1
+4233339.com, 1
+424102.com, 1
+4245pay.com, 1
+4251365.com, 0
+425degree.com, 1
+426773.com, 0
+4285533.com, 1
+428northampton.com, 1
+429637.com, 1
+42bit.io, 1
+42ch.com, 1
+42day.info, 1
+42degrees.com, 1
+42entrepreneurs.fr, 0
+42fss.us, 1
+42gears.com, 1
+42l.fr, 1
+42t.ru, 1
+4305design.com.au, 0
+432666365.com, 1
+4333.cf, 1
+434365.com, 1
+4344bet.com, 1
+4345.me, 0
+4351365.com, 0
+436773.com, 1
+437348.com, 1
+437844.com, 1
+438663.com, 1
+439050.com, 1
+439182.com, 1
+43klive.com, 1
+44-k.com, 1
+440313.com, 1
+44168365.com, 1
+443.one, 0
+443.org, 1
+443658.com, 0
+44365t.com, 1
+443782.com, 1
+444321365.com, 0
+4444.com.tw, 1
+4447552.com, 1
+444bet86.com, 1
+446072.com, 1
+44ada.pl, 1
+44bet86.com, 1
+44feelings.com, 1
+44ffaaa.com, 1
+44ffbbb.com, 1
+44ffccc.com, 1
+44ffddd.com, 1
+44ffeee.com, 1
+44fffaa.com, 1
+44fffbb.com, 1
+44fffcc.com, 1
+44fffdd.com, 1
+44fffee.com, 1
+44fffgg.com, 1
+44fffhh.com, 1
+44fffii.com, 1
+44fffjj.com, 1
+44fffkk.com, 1
+44fffll.com, 1
+44fffmm.com, 1
+44fffnn.com, 1
+44fffoo.com, 1
+44fffpp.com, 1
+44fffqq.com, 1
+44fffrr.com, 1
+44fffss.com, 1
+44ffftt.com, 1
+44fffuu.com, 1
+44fffvv.com, 1
+44fffww.com, 1
+44fffxx.com, 1
+44fffyy.com, 1
+44fffzz.com, 1
+44ffggg.com, 1
+44ffhhh.com, 1
+44ffiii.com, 1
+44ffjjj.com, 1
+44ffkkk.com, 1
+44fflll.com, 1
+44ffmmm.com, 1
+44ffnnn.com, 1
+44ffooo.com, 1
+44ffppp.com, 1
+44ffqqq.com, 1
+44ffrrr.com, 1
+44ffsss.com, 1
+44ffttt.com, 1
+44ffuuu.com, 1
+44ffvvv.com, 1
+44ffwww.com, 1
+44ffxxx.com, 1
+44ffyyy.com, 1
+44ffzzz.com, 1
+451.ooo, 1
+451365.com, 0
+452895.com, 1
+45365t.com, 1
+4544bet.com, 1
+4551365.com, 1
+4553.com, 1
+455327.com, 1
+455328.com, 1
+4553s.com, 1
+4553vip.com, 1
+455555.xyz, 1
+45636565.com, 1
+456365t.com, 1
+4566321.com, 1
+4567.plus, 1
+4567666365.com, 0
+4567989.com, 1
+457552.com, 1
+458663.com, 1
+45b.org, 1
+45min.ga, 1
+45secondes.fr, 1
+463855.com, 1
+4661049.com, 1
+467413.com, 1
+46bf.com, 1
+46bl.com, 1
+46fn.com, 1
+47.rs, 1
+476470.com, 1
+476773.com, 1
+47essays.com, 1
+47tech.com, 1
+47yr.com, 1
+47yt.com, 0
+480ptvseries.com, 1
+482449.com, 1
+483329.com, 1
+483610.com, 1
+48365365cn.com, 1
+48365cn-365.com, 1
+486662.xyz, 1
+486773.com, 1
+487511.com, 1
+487552.com, 1
+48coin.cf, 1
+48d88.com, 1
+48hr.com, 1
+48lipetsk.tk, 1
+48times.online, 1
+491783.com, 1
+491mhz.net, 1
+4927a.com, 0
+492977.com, 0
+492y.com, 0
+493455.com, 1
+497552.com, 0
+497891.com, 1
+49889.com, 1
+49948522.com, 1
+499ks.net, 1
+49ko.com, 1
+4ads.de, 1
+4ae86.com, 1
+4allpromos.com, 1
+4am.click, 1
+4armed.com, 1
+4b.gg, 1
+4baby.com.br, 1
+4beats.ml, 1
+4best.tk, 1
+4bet86.com, 1
+4bmt-vld.xyz, 1
+4budget.ga, 1
+4cavaleiros.com.br, 1
+4chairs.bg, 1
+4chan.com, 1
+4child.tk, 1
+4cloud.cf, 1
+4creative.net, 1
+4cut.tk, 1
+4d2.xyz, 1
+4daagse.nl, 1
+4dclub.com, 1
+4devs.com.br, 1
+4digital.it, 1
+4digitiq.nl, 1
+4dillusion.tk, 1
+4dimension.net, 1
+4dplay.com, 1
+4dsignworx.com, 1
+4dstyle.com, 1
+4e8.net, 1
+4everdosti.tk, 1
+4everproxy.com, 1
+4exchange.ru, 1
+4filtre.com, 1
+4filtre.com.tr, 1
+4fit.ro, 1
+4flex.info, 1
+4freepress.com, 1
+4freeprintable.com, 1
+4g-server.eu, 0
+4game.my.id, 1
+4garage.com.br, 1
+4gnews.pt, 1
+4grad.in.ua, 1
+4hmediaproductions.com, 1
+4host.ch, 1
+4hourcourse.com, 1
+4hourmini.com, 1
+4hw.ru, 1
+4hypo.cz, 1
+4investors.de, 1
+4iplatform.com, 1
+4iq.lt, 1
+4k3dyptt.com, 1
+4kpi.eu, 1
+4kprojektory.cz, 1
+4lados.tk, 1
+4lephants.tk, 1
+4list.ml, 1
+4loc.us, 1
+4lock.com.br, 1
+4mama.ua, 1
+4maniacos.tk, 1
+4meizu.ru, 0
+4mm.org, 1
+4motionsgmbh.de, 1
+4n3.net, 1
+4nature.com, 1
+4netguides.org, 1
+4nikola.de, 1
+4o.pw, 1
+4obgyne.com, 1
+4ourbest.tk, 1
+4pals.org, 1
+4peace.gent, 1
+4played.de, 1
+4played.vip, 1
+4project.co.il, 1
+4q-quartet.tk, 1
+4ree.tk, 1
+4screens.net, 1
+4season-flowers.com, 1
+4seasonz.co.nz, 1
+4seeds.co.za, 1
+4seo.ml, 1
+4server.ch, 1
+4share.tv, 1
+4sics.se, 1
+4sjnc.org, 1
+4smart.cz, 1
+4smart.house, 1
+4sun.cf, 1
+4tgw34.tk, 1
+4th-ave-studio.com, 1
+4thfebruary.tk, 1
+4thjdcar.gov, 1
+4true.com, 1
+4u.services, 0
+4u2ore.net, 1
+4uwatch.cf, 1
+4vector.com, 1
+4vf.de, 1
+4vio.com, 1
+4voip.ru, 1
+4web-hosting.com, 1
+4wrd.cc, 1
+4x.fi, 1
+4x4-27mc.nl, 1
+4x4.lk, 1
+4x4coatingen.nl, 1
+4x4tt.com, 1
+4y4.me, 1
+4y4a-arts.space, 1
+4yowipes10yo.gq, 1
+4yuz.net, 1
+50-ottenkov.tk, 1
+50.gy, 1
+5000164.com, 1
+5000164.jp, 1
+5000yz.com, 1
+5002888.com, 1
+5007999.com, 1
+500f500.com, 1
+500fcw.com, 1
+500k.nl, 1
+500wordessay.gq, 1
+501371.com, 1
+5017501.com, 1
+5017502.com, 1
+5017503.com, 1
+5017505.com, 1
+5017701.com, 1
+5017702.com, 1
+5017703.com, 1
+5017704.com, 1
+5017705.com, 1
+5017801.com, 1
+5017802.com, 1
+5017803.com, 1
+5017804.com, 1
+5017805.com, 1
+501stcl.tk, 1
+502312.com, 1
+502fss.marketing, 1
+5060711.com, 1
+5060715.com, 1
+50balles.com, 1
+50firstavenue.com.au, 1
+50hertz.tk, 1
+50lakeshore.com, 1
+50ma.xyz, 1
+50miners.tk, 1
+50plusdating.ml, 1
+50plusdating.tk, 1
+50plusmusikfestival.ch, 1
+50plusnet.nl, 1
+50refer.tk, 1
+50ten40.com, 1
+51-83-136-132.xyz, 1
+511.org, 1
+511in.org, 1
+5132vip.com, 1
+513651.com, 1
+51365a.com, 0
+51365aa.com, 1
+51365b.com, 0
+51365bb.com, 1
+51365c.com, 0
+51365cc.com, 1
+51365d.com, 0
+51365ee.com, 0
+513maximus.site, 1
+513x.cc, 1
+514-media.co.uk, 1
+514-media.com, 1
+514-media.de, 1
+514-media.fr, 1
+514.moe, 1
+514622.com, 1
+515188.xyz, 1
+5155bet.com, 1
+517vpn.cn, 1
+518.com.tw, 1
+518k8.com, 1
+5197aa.co, 1
+5197bb.co, 1
+5197cc.co, 1
+5197dd.co, 1
+5197dh.co, 0
+5197dns.com, 1
+5197ee.co, 1
+5197ff.co, 1
+5197gg.co, 1
+5197hd.co, 1
+5197hh.co, 1
+5197ii.co, 1
+5197jj.co, 1
+5197kk.co, 1
+5197ll.co, 1
+5197m.co, 1
+5197mm.co, 1
+5197n.co, 1
+5197nn.co, 1
+5197o.co, 1
+5197oo.co, 1
+5197p.co, 1
+5197pp.co, 1
+5197q.co, 1
+5197qq.co, 1
+5197r.co, 1
+5197rr.co, 1
+5197s.co, 1
+5197ss.co, 1
+5197t.co, 1
+5197tt.co, 1
+5197u.co, 1
+5197uu.co, 1
+5197v.co, 1
+5197vv.co, 1
+5197w.co, 1
+5197ww.co, 1
+5197x.co, 1
+5197xx.co, 1
+5197y.co, 1
+5197yy.co, 1
+5197z.co, 1
+5197zz.co, 1
+51acg.eu.org, 1
+51aifuli.com, 1
+51cls.tw, 1
+51club8.com, 1
+51dinghuo.com, 1
+51fish.com, 1
+51fishing.com, 1
+51flower.com, 1
+51flowers.com, 1
+51free.com, 1
+51fss.marketing, 1
+51guaq.com, 1
+51ku.com, 1
+51life.com, 1
+51logo.com, 1
+51motor.com, 1
+51photos.com, 1
+51pic.com, 1
+51pig.com, 1
+51pinpai.com, 1
+51power.com, 1
+51resume.com, 1
+51senluo.com, 1
+51share.com, 1
+51shoes.com, 1
+51space.com, 1
+51talk.ph, 1
+51tiaojiu.com, 1
+51train.com, 1
+51wear.com, 1
+51xiongmao.cn, 1
+52002a.com, 1
+52002b.com, 1
+52002c.com, 1
+52002d.com, 1
+52002e.com, 1
+52002f.com, 1
+52002g.com, 1
+52002h.com, 1
+52002i.com, 1
+52002j.com, 1
+52002k.com, 1
+52002l.com, 1
+52002m.com, 1
+52002n.com, 1
+52002o.com, 1
+52002p.com, 1
+52002q.com, 1
+52002r.com, 1
+52002s.com, 1
+52002t.com, 1
+52002u.com, 1
+52002v.com, 1
+52002w.com, 1
+52002x.com, 1
+52002y.com, 1
+5201365.com, 0
+52051.com, 1
+52051a.com, 1
+5205365.com, 0
+52062z.com, 1
+5206365.com, 0
+5209365.com, 0
+520xpjxpj.com, 0
+521.dog, 1
+5219.ml, 1
+521keyvista.com, 1
+5225sf.com, 1
+528sss.com, 1
+529kb.com, 1
+529sss.com, 1
+52b9.com, 1
+52b9.net, 1
+52danji.cc, 1
+52dashboard.com, 1
+52evar.com, 1
+52fanpai.com, 1
+52fish.com, 1
+52fss.com, 1
+52fss.marketing, 1
+52hentai.ml, 1
+52itt.com, 1
+52kb1.com, 1
+52kb365.com, 0
+52ncp.net, 1
+52pojie.cn, 1
+52sykb.com, 0
+52xuanmi.com, 1
+52yanhao.com, 1
+531k8.com, 1
+533sss.com, 1
+534365.com, 1
+535kb.com, 1
+5364b.com, 1
+5364c.com, 1
+5364d.com, 1
+5364jc.com, 1
+538507.com, 1
+53ningen.com, 0
+53pluk.cz, 1
+540interactive.com, 1
+541651.com, 1
+5454app.com, 1
+5455bet.com, 1
+545755.com, 0
+54below.com, 0
+54cuatro.com, 1
+5518k3.com, 1
+55321365.com, 0
+5533445.com, 1
+55365t.com, 1
+5536z.com, 1
+555321365.com, 0
+555554.xyz, 1
+5557552.com, 1
+555bet86.com, 1
+555btt.com, 1
+555kb.com, 1
+555w.org, 1
+555xl.com, 1
+555zlong.com, 1
+556185.com, 1
+5566bet.vip, 1
+556777.cc, 1
+557.pm, 1
+557bbb.com, 1
+558137.com, 1
+55bet86.com, 1
+55club.com, 1
+55ffaaa.com, 1
+55ffbbb.com, 1
+55ffccc.com, 1
+55ffddd.com, 1
+55ffeee.com, 1
+55fffaa.com, 1
+55fffbb.com, 1
+55fffcc.com, 1
+55fffdd.com, 1
+55fffee.com, 1
+55fffgg.com, 1
+55fffhh.com, 1
+55fffii.com, 1
+55fffjj.com, 1
+55fffkk.com, 1
+55fffll.com, 1
+55fffmm.com, 1
+55fffnn.com, 1
+55fffoo.com, 1
+55fffpp.com, 1
+55fffqq.com, 1
+55fffrr.com, 1
+55fffss.com, 1
+55ffftt.com, 1
+55fffuu.com, 1
+55fffvv.com, 1
+55fffww.com, 1
+55fffxx.com, 1
+55fffyy.com, 1
+55fffzz.com, 1
+55ffggg.com, 1
+55ffhhh.com, 1
+55ffiii.com, 1
+55ffjjj.com, 1
+55ffkkk.com, 1
+55fflll.com, 1
+55ffmmm.com, 1
+55ffnnn.com, 1
+55ffooo.com, 1
+55ffppp.com, 1
+55ffqqq.com, 1
+55ffrrr.com, 1
+55ffsss.com, 1
+55ffttt.com, 1
+55ffuuu.com, 1
+55ffvvv.com, 1
+55ffwww.com, 1
+55ffxxx.com, 1
+55ffyyy.com, 1
+55ffzzz.com, 1
+55fss.net, 1
+55goal.com, 1
+55k66.vip, 1
+55opt.org, 1
+56011s.com, 0
+56011v.com, 0
+5611.cf, 1
+5611bet.com, 1
+5622bet.com, 1
+562656.com, 1
+562956.com, 1
+563398.com, 1
+5633bet.com, 1
+56365t.com, 1
+5663.cc, 1
+5663.co, 1
+566380.com, 0
+56736565.com, 1
+5676321.com, 1
+567666365.com, 1
+5677.cf, 1
+5678666365.com, 0
+568756.com, 1
+572223.com, 1
+572kb.com, 1
+573sss.com, 1
+5758cp.com, 1
+5765.io, 1
+578064.com, 1
+5781.org, 1
+578173.com, 1
+578380.com, 1
+5792.org, 1
+579514.com, 1
+5795444.com, 1
+5795887.com, 1
+582303.com, 1
+582343.com, 1
+585380.com, 1
+588e.com, 1
+589174.com, 1
+589704.com, 1
+5898657.com, 1
+589team.com, 1
+592227.com, 1
+593380.com, 1
+593398.com, 1
+594795.com, 1
+595380.com, 1
+5981168.com, 1
+5981611.com, 1
+5981622.com, 1
+5981644.com, 1
+5981655.com, 1
+5981667.com, 1
+5981668.com, 1
+5981669.com, 1
+5981677.com, 1
+5981688.com, 1
+5981699.com, 1
+5981800.com, 1
+5981811.com, 1
+5981822.com, 1
+5981833.com, 1
+5981844.com, 1
+5981855.com, 1
+5981866.com, 1
+5981877.com, 1
+5981899.com, 1
+5981918.com, 1
+5981b.com, 1
+5981c.com, 1
+5981d.com, 1
+5981e.com, 1
+5981f.com, 1
+5981g.com, 1
+5981h.com, 1
+5981i.com, 1
+5981k.com, 1
+5981l.com, 1
+5981m.com, 1
+5981o.com, 1
+5981p.com, 1
+5981q.com, 1
+5981r.com, 1
+5981s.com, 1
+5981u.com, 1
+5981v.com, 1
+5981w.com, 1
+5981x.com, 1
+5981y.com, 0
+5981z.com, 1
+598598598.net, 1
+59859h.vip, 1
+59859j.vip, 1
+59859k.vip, 1
+59859l.vip, 1
+59859y.vip, 1
+5986fc.com, 1
+5997891.com, 0
+599980.com, 1
+59dcmi.gov, 1
+59rus.tk, 1
+59yanhao.com, 1
+5aelettroni.ga, 1
+5agks.com, 1
+5am.is, 1
+5apps.com, 1
+5baiwan.com, 1
+5bet86.com, 1
+5c1fd0f31022cbc40af9f785847baaf9.space, 1
+5ca.com, 1
+5cake.com, 1
+5ccapitalinvestments.com, 1
+5chat.it, 1
+5dm.link, 1
+5dm.one, 1
+5dm.tv, 1
+5drachenschule.de, 1
+5e.tools, 1
+5eki.jp, 0
+5elementostudio.co, 1
+5escorts.com, 1
+5fm.nu, 1
+5francs.com, 1
+5g.co.uk, 1
+5goglobal.com, 1
+5h0r7.com, 1
+5icsb.com, 1
+5ilg.com, 1
+5in.win, 0
+5long88.com, 1
+5minutemystery.com, 1
+5mustsee.com, 0
+5n.be, 1
+5net.ga, 1
+5ososea.com, 1
+5peciali5t.tk, 1
+5penazi.sk, 1
+5percentperweek.com, 1
+5pila.com, 1
+5snb.club, 1
+5sporn.com, 1
+5starcruises.com.au, 1
+5stardesigner.tk, 1
+5starexterior.com, 0
+5stars.tv, 1
+5startrucksales.us, 1
+5tar.jp, 1
+5tart.tk, 1
+5thchichesterscouts.org.uk, 1
+5thfloormedia.com, 1
+5thgenrams.com, 1
+5tiptop.com, 1
+5top.nl, 1
+5u15.com, 1
+5y.fi, 1
+5yeb.com, 0
+6-bros.com, 1
+6-d.cc, 1
+6.vu, 1
+600cao.com, 1
+600k8.com, 0
+604windswell.ca, 1
+6060fm.tk, 1
+6080.ga, 1
+608245.com, 1
+608325.com, 1
+608460.com, 1
+608854.com, 1
+608vets.com, 1
+60d.cn, 1
+60i.cn, 1
+60n13.com, 1
+60w.co, 1
+610.co, 1
+6132-vip.com, 1
+6132pk.com, 1
+6132vip.com, 1
+614989.com, 1
+616578.com, 1
+616675.com, 1
+616728.com, 0
+616758.com, 0
+616798.com, 1
+616btt.net, 1
+616f88.com, 1
+61730123.com, 0
+618034.xyz, 1
+61ag8.com, 1
+61d88.com, 1
+61fss.net, 1
+620207.com, 1
+620862.com, 1
+621424.com, 1
+621kb.com, 1
+621nn.com, 0
+6228800.com, 1
+6228811.com, 1
+625kb.com, 1
+626562.com, 1
+628062.com, 1
+628462.com, 1
+632017.com, 0
+632025.com, 1
+632026.com, 1
+632027.com, 1
+632035.com, 0
+632040.com, 1
+632045.com, 1
+632046.com, 1
+632047.com, 1
+6321000.com, 0
+6321007.com, 0
+6321008.com, 0
+6321009.com, 0
+6321222.com, 0
+6321333.com, 0
+632140.com, 1
+632143.com, 1
+632144.com, 1
+632148.com, 0
+632174.com, 0
+632365.com, 1
+633663.net, 1
+633663.vip, 1
+635-488.com, 0
+635-588.com, 0
+635-788.com, 0
+635-888.com, 1
+635-988.com, 1
+636051.com, 1
+637663.com, 1
+638566.com, 1
+6396000.com, 1
+63960000.com, 1
+63961111.com, 1
+639611111.com, 0
+6396222.com, 1
+63962222.com, 1
+639622222.com, 0
+6396333.com, 1
+63963333.com, 1
+639633333.com, 0
+6396444.com, 1
+63964444.com, 1
+639644444.com, 0
+63965555.com, 0
+639655555.com, 0
+639666666.com, 0
+63967777.com, 1
+639677777.com, 0
+63968888.com, 0
+639688888.com, 1
+63969999.com, 0
+639699999.com, 0
+6396aaa.com, 1
+6396bbb.com, 1
+6396ccc.com, 1
+6396ddd.com, 1
+6396eee.com, 0
+6396fff.com, 1
+6396iii.com, 0
+6396jjj.com, 0
+6396ooo.com, 0
+6396qqq.com, 0
+6396rrr.com, 0
+6396sss.com, 0
+6396ttt.com, 1
+6396vvv.com, 0
+6396www.com, 0
+6396xxx.com, 0
+6396yyy.com, 1
+6396zzz.com, 0
+63fg.com, 1
+63gaming.com, 1
+645ds.cn, 0
+645ds.com, 0
+64970.com, 1
+64bitgaming.de, 1
+64stacks.com, 1
+650.org, 1
+65131a.com, 1
+65131b.com, 1
+65131c.com, 1
+65131d.com, 1
+65131h.com, 1
+65131i.com, 1
+65131j.com, 1
+65131t.com, 1
+65131u.com, 1
+65131v.com, 1
+65131w.com, 1
+65131x.com, 1
+65131y.com, 1
+65131z.com, 1
+6541166.com, 1
+6542277.com, 1
+6543399.com, 1
+6547700.com, 1
+6547711.com, 1
+6547722.com, 1
+6547733.com, 1
+6547744.com, 1
+6547755.com, 1
+6547766.com, 1
+6548855.com, 1
+6548877.com, 1
+654pk.cn, 1
+655ks.com, 1
+656265.com, 1
+657660.com, 1
+658565.com, 1
+659265.com, 1
+65d88.com, 1
+6601.cf, 1
+6602.cf, 1
+6602p.com, 1
+6603.cf, 1
+6604.cf, 1
+6605.cf, 1
+6606.cf, 1
+6607.cf, 1
+6608.cf, 1
+6609.cf, 1
+6610.cf, 1
+6612.cf, 1
+6613.cf, 1
+661326.com, 1
+6614.cf, 1
+6615.cf, 1
+6616.cf, 1
+66168365.com, 1
+6616fc.com, 1
+6617.cf, 1
+6618.cf, 1
+6619.cf, 1
+661z6.com, 1
+6620.cf, 1
+6623.cf, 1
+6624.cf, 1
+6625.cf, 1
+6626.cf, 1
+6627.cf, 1
+66321365.com, 0
+6633445.com, 1
+663365666.com, 1
+663365777.com, 1
+663365888.com, 1
+663365a.vip, 1
+663365b.vip, 1
+663365c.vip, 1
+663365d.vip, 1
+663365e.vip, 1
+663365f.vip, 1
+663365g.vip, 1
+663365h.vip, 1
+663365i.vip, 1
+663365j.vip, 1
+663365k.vip, 1
+663651.com, 0
+664048.com, 0
+6660.cf, 1
+6660111.ru, 1
+6661.cf, 1
+666111bet.com, 1
+666222bet.com, 1
+666321365.com, 0
+666333bet.com, 1
+666365app.com, 0
+666365ios.com, 0
+666365iosapp.com, 0
+666365t.com, 1
+6664553.com, 1
+666668722.com, 1
+666689999.xyz, 1
+666777bet.com, 1
+666888bet.com, 1
+666999bet.com, 1
+666b58.com, 0
+666bet86.com, 1
+666btt.net, 1
+6677.us, 1
+6688.ovh, 1
+668825.vip, 1
+668k8.net, 1
+66b.com, 1
+66bet86.com, 1
+66bwf.com, 1
+66ffaaa.com, 1
+66ffbbb.com, 1
+66ffccc.com, 1
+66ffddd.com, 1
+66ffeee.com, 1
+66fffaa.com, 1
+66fffbb.com, 1
+66fffcc.com, 1
+66fffdd.com, 1
+66fffee.com, 1
+66fffgg.com, 1
+66fffhh.com, 1
+66fffii.com, 1
+66fffjj.com, 1
+66fffkk.com, 1
+66fffll.com, 1
+66fffmm.com, 1
+66fffnn.com, 1
+66fffoo.com, 1
+66fffpp.com, 1
+66fffqq.com, 1
+66fffrr.com, 1
+66fffss.com, 1
+66ffftt.com, 1
+66fffuu.com, 1
+66fffvv.com, 1
+66fffww.com, 1
+66fffxx.com, 1
+66fffyy.com, 1
+66fffzz.com, 1
+66ffggg.com, 1
+66ffhhh.com, 1
+66ffiii.com, 1
+66ffjjj.com, 1
+66ffkkk.com, 1
+66fflll.com, 1
+66ffmmm.com, 1
+66ffnnn.com, 1
+66ffooo.com, 1
+66ffppp.com, 1
+66ffqqq.com, 1
+66ffrrr.com, 1
+66ffsss.com, 1
+66ffttt.com, 1
+66ffuuu.com, 1
+66ffvvv.com, 1
+66ffwww.com, 1
+66ffxxx.com, 1
+66ffyyy.com, 1
+66ffzzz.com, 1
+66gal.com, 1
+66k66.vip, 1
+6700.ar, 1
+670102.com, 1
+671660.com, 1
+671990.com, 1
+672367.com, 1
+6729.co, 0
+672990.com, 0
+6729a.co, 1
+6729aa.co, 1
+6729aa.com, 1
+6729apk.com, 1
+6729app.com, 1
+6729b.co, 1
+6729bb.co, 1
+6729bb.com, 1
+6729c.co, 1
+6729c.com, 1
+6729cc.co, 1
+6729cc.com, 1
+6729d.co, 1
+6729d.com, 1
+6729dd.co, 1
+6729dd.com, 1
+6729dh.co, 1
+6729dns.com, 1
+6729e.co, 1
+6729e.com, 0
+6729ee.co, 1
+6729ee.com, 0
+6729f.co, 1
+6729f.com, 0
+6729ff.co, 1
+6729ff.com, 0
+6729g.co, 1
+6729g.com, 0
+6729gg.co, 1
+6729gg.com, 0
+6729h.co, 1
+6729h.com, 0
+6729hb.com, 0
+6729hh.co, 1
+6729hh.com, 0
+6729i.co, 1
+6729i.com, 0
+6729ii.co, 1
+6729ii.com, 0
+6729ipa.com, 1
+6729j.co, 1
+6729j.com, 1
+6729jj.co, 1
+6729jj.com, 1
+6729k.co, 1
+6729k.com, 0
+6729kk.co, 1
+6729kk.com, 0
+6729l.co, 1
+6729l.com, 0
+6729ll.co, 1
+6729ll.com, 1
+6729m.co, 1
+6729m.com, 0
+6729mm.co, 1
+6729mm.com, 0
+6729n.co, 1
+6729n.com, 0
+6729nn.co, 1
+6729nn.com, 0
+6729o.co, 1
+6729o.com, 1
+6729oo.co, 1
+6729oo.com, 0
+6729p.co, 1
+6729p.com, 1
+6729pp.co, 1
+6729pp.com, 1
+6729q.co, 1
+6729q.com, 1
+6729qq.co, 1
+6729qq.com, 0
+6729r.co, 1
+6729rr.co, 1
+6729rr.com, 1
+6729s.co, 1
+6729s.com, 0
+6729ss.co, 1
+6729ss.com, 0
+6729t.co, 1
+6729t.com, 0
+6729tt.co, 1
+6729tt.com, 0
+6729u.co, 1
+6729u.com, 0
+6729uu.co, 1
+6729uu.com, 0
+6729v.co, 1
+6729v.com, 0
+6729vv.co, 1
+6729vv.com, 0
+6729w.co, 1
+6729w.com, 1
+6729ww.co, 1
+6729ww.com, 0
+6729x.co, 1
+6729x.com, 1
+6729xx.co, 1
+6729xx.com, 0
+6729xy.com, 0
+6729y.co, 1
+6729y.com, 0
+6729yy.co, 1
+6729yy.com, 1
+6729z.co, 1
+6729z.com, 1
+6729zz.co, 1
+6729zz.com, 0
+672bbb.com, 1
+673395.com, 1
+673569.com, 1
+673660.com, 1
+673990.com, 1
+673bbb.com, 1
+676812.com, 1
+677314.com, 1
+677340.com, 1
+677341.com, 1
+677346.com, 1
+677347.com, 1
+677354.com, 1
+677364.com, 1
+677384.com, 1
+6777.cf, 1
+67836565.com, 1
+678365app.com, 0
+678365cc.com, 0
+678365t.com, 1
+678678365.com, 1
+67877777.com, 1
+6789666365.com, 0
+679470.com, 1
+67y7.com, 0
+682368.com, 1
+68277.me, 1
+683168.com, 1
+683968.com, 1
+684781.com, 1
+68522c.com, 1
+68522k.com, 1
+68522m.com, 1
+68522s.com, 1
+68622.com, 1
+68622a.com, 1
+68622b.com, 1
+68636.cc, 1
+68636.com, 1
+68636.vip, 1
+689368.com, 1
+68reg.tk, 1
+690469.com, 1
+690569.com, 1
+690669.com, 1
+692241.com, 1
+692269.com, 1
+692b8c32.de, 1
+693369.com, 1
+694640.com, 1
+695346.com, 1
+695660.com, 1
+6957.co, 1
+6957a.co, 1
+6957aa.co, 1
+6957apk.com, 1
+6957app.com, 1
+6957b.co, 1
+6957bb.co, 1
+6957c.co, 1
+6957cc.co, 1
+6957d.co, 1
+6957dd.co, 1
+6957dh.co, 1
+6957e.co, 1
+6957ee.co, 1
+6957f.co, 1
+6957ff.co, 1
+6957g.co, 1
+6957gg.co, 1
+6957h.co, 1
+6957hh.co, 1
+6957i.co, 1
+6957ii.co, 1
+6957j.co, 1
+6957jj.co, 1
+6957k.co, 1
+6957kk.co, 1
+6957l.co, 1
+6957ll.co, 1
+6957m.co, 1
+6957mm.co, 1
+6957n.co, 1
+6957nn.co, 1
+6957o.co, 1
+6957oo.co, 1
+6957p.co, 1
+6957pp.co, 1
+6957q.co, 1
+6957qq.co, 1
+6957r.co, 1
+6957rr.co, 1
+6957rr.com, 0
+6957s.co, 1
+6957ss.co, 1
+6957t.co, 1
+6957tt.co, 1
+6957u.co, 1
+6957uu.co, 1
+6957v.co, 1
+6957vv.co, 1
+6957vv.com, 0
+6957w.co, 1
+6957ww.co, 1
+6957x.co, 1
+6957xx.co, 1
+6957xy.com, 0
+6957y.co, 1
+6957yy.co, 1
+6957z.co, 1
+6957z.com, 1
+6957zz.co, 1
+69759.com, 0
+698134.com, 1
+6997896.com, 1
+69asmr.com, 1
+69butterfly.com, 1
+69games.xxx, 1
+69kzvm3f.com, 1
+69level.com, 1
+69mentor.com, 1
+69wasted.net, 1
+6a.nz, 1
+6b.com.au, 1
+6bet86.com, 1
+6bwcp.com, 1
+6dec.gc.ca, 1
+6f.com.au, 1
+6i.com.au, 1
+6ird.com, 0
+6lo.zgora.pl, 1
+6meter.tk, 1
+6play.fr, 1
+6t-montjoye.org, 1
+6thmarch.com, 1
+6wbz.com, 1
+7-it.ml, 1
+7-zip.de, 1
+700.az, 1
+700creditsolution.com, 1
+700dealer.com, 1
+700wns.com, 1
+701605.com, 1
+701squad.tk, 1
+702341.win, 1
+702342.win, 1
+702343.win, 1
+702344.win, 1
+702345.win, 1
+70365365.com, 0
+703700.com, 1
+703740.com, 1
+705994.com, 1
+708090.ru, 1
+70872.com, 0
+709611.com, 1
+70mpg.org, 1
+7100.cf, 1
+712kb.com, 1
+71365365.com, 0
+713kb.com, 1
+716176.com, 0
+7177bet.com, 1
+717966833.xyz, 1
+718113.com, 0
+7183.org, 0
+71fss.marketing, 1
+71tuiguang.com, 1
+7203.ru, 1
+7203.xn--p1ai, 1
+721010.xyz, 1
+721172.com, 1
+7214.cc, 1
+721aa.com, 0
+722201.com, 0
+723421.com, 1
+724go.com, 1
+724online.com, 1
+725134.com, 1
+725741.com, 1
+7261696e626f77.net, 1
+727877.com, 0
+727sss.com, 1
+730.no, 1
+732273.com, 1
+732473.com, 1
+732959.com, 1
+733575.com, 0
+73365365.com, 0
+733673.com, 1
+734365.com, 1
+734551.com, 1
+735973.com, 1
+736373.com, 1
+736416.com, 1
+736573.com, 1
+739373.com, 1
+739673.com, 1
+739973.com, 1
+73fy.com, 0
+740424.ml, 1
+740660.com, 1
+743365.com, 1
+74365365.com, 1
+7444.cf, 1
+746104.com, 1
+7478vip1.cc, 1
+7478vip2.cc, 1
+74d88.com, 1
+74dy.org, 1
+74th.jp, 1
+750275.com, 1
+750375.com, 1
+750475.com, 1
+751175.com, 1
+751930.com, 1
+753345.com, 1
+753375.com, 1
+7552001.com, 1
+7552002.com, 1
+7552005.com, 1
+7552006.com, 1
+7552008.com, 1
+7552009.com, 1
+7552010.com, 1
+7552011.com, 1
+7552012.com, 1
+7552013.com, 1
+755204.com, 1
+755243.com, 1
+755245.com, 1
+755246.com, 1
+755249.com, 1
+755274.com, 1
+755294.com, 0
+755364.com, 1
+755k3.com, 1
+756975.com, 1
+757409.com, 1
+758375.com, 1
+758393.com, 1
+759375.com, 1
+759419.com, 1
+759675.com, 1
+75codes.com, 1
+75refer.tk, 1
+76.to, 1
+761.com, 1
+761link.net, 1
+763361.com, 1
+76365365.com, 1
+7654654.xyz, 1
+7666321.com, 1
+76668.com, 1
+7666898.com, 1
+76669.com, 1
+766788.xyz, 1
+7699.org, 1
+769k.com, 0
+769sc.com, 0
+76networks.tk, 1
+76o.cn, 1
+77018dd.com, 0
+77018vip.com, 0
+77168365.com, 1
+77177.de, 1
+77321365.com, 0
+7733445.com, 1
+775018.com, 0
+777365t.com, 1
+7776321.com, 0
+777bet86.com, 1
+777coin.com, 1
+777mage.com, 1
+777tv.tv, 1
+77909a.com, 0
+77909b.com, 0
+77909c.com, 0
+77909d.com, 0
+77909dhz.com, 1
+77909e.com, 0
+77909f.com, 0
+77909g.com, 0
+77909h.com, 0
+77909i.com, 0
+77999xl.com, 1
+77b58.com, 1
+77bet86.com, 1
+77ffaaa.com, 1
+77ffbbb.com, 1
+77ffccc.com, 1
+77ffddd.com, 1
+77ffeee.com, 1
+77fffaa.com, 1
+77fffbb.com, 1
+77fffcc.com, 1
+77fffdd.com, 1
+77fffee.com, 1
+77fffgg.com, 1
+77fffhh.com, 1
+77fffii.com, 1
+77fffjj.com, 1
+77fffkk.com, 1
+77fffll.com, 1
+77fffmm.com, 1
+77fffnn.com, 1
+77fffoo.com, 1
+77fffpp.com, 1
+77fffqq.com, 1
+77fffrr.com, 1
+77fffss.com, 1
+77ffftt.com, 1
+77fffuu.com, 1
+77fffvv.com, 1
+77fffww.com, 1
+77fffxx.com, 1
+77fffyy.com, 1
+77fffzz.com, 1
+77ffggg.com, 1
+77ffhhh.com, 1
+77ffiii.com, 1
+77ffjjj.com, 1
+77ffkkk.com, 1
+77fflll.com, 1
+77ffmmm.com, 1
+77ffnnn.com, 1
+77ffooo.com, 1
+77ffppp.com, 1
+77ffqqq.com, 1
+77ffrrr.com, 1
+77ffsss.com, 1
+77ffttt.com, 1
+77ffuuu.com, 1
+77ffvvv.com, 1
+77ffwww.com, 1
+77ffxxx.com, 1
+77ffyyy.com, 1
+77ffzzz.com, 1
+77online.com, 1
+78-couvreur.fr, 1
+78-elagage.fr, 1
+78.to, 1
+780aa.com, 1
+781534.com, 1
+782354.com, 1
+783306.com, 1
+783346.com, 1
+78365b.com, 0
+783lab.com, 1
+787637.com, 1
+7877bet.com, 1
+787k3.com, 1
+787kb.com, 1
+7885765.com, 1
+7888815.com, 1
+788zzz.com, 1
+7891553.com, 1
+7891997.com, 1
+78936565.com, 0
+789365t.com, 1
+789zr.com, 0
+790951.com, 1
+792379.com, 1
+793703.com, 1
+795sss.com, 1
+797715.com, 1
+797sss.com, 1
+798392.com, 1
+798sss.com, 1
+799146.com, 1
+7992.org, 1
+799713.com, 1
+799ks.com, 1
+799z6.com, 1
+79ch.com, 1
+7across.com, 1
+7aga7.mk, 1
+7akawyna.tk, 1
+7bandarqq.com, 1
+7bet86.com, 1
+7daystodie.top, 1
+7delights.in, 1
+7dies.net, 1
+7eastgenetics.com, 0
+7emka.tk, 1
+7extranews.tk, 1
+7f.is, 1
+7gr.uk, 1
+7graus.pt, 1
+7hills.us, 1
+7hq.ru, 1
+7im.co.uk, 1
+7in0.me, 1
+7ki.photography, 1
+7kicks.com, 1
+7kovrikov.ru, 1
+7kvadratov.by, 1
+7l00p.com, 1
+7learnings.com, 1
+7links.com.br, 1
+7milesglobal.com, 1
+7money.co, 1
+7net.uk, 1
+7networking.com, 1
+7pets.net, 1
+7plus.com.au, 1
+7pm.studio, 1
+7proxies.com, 1
+7qly.com, 1
+7sdre.am, 1
+7sisters.tk, 1
+7sotok.info, 1
+7starhealth.ga, 1
+7th-heaven.me, 1
+7thcircledesigns.com, 1
+7url.ml, 1
+7x24servis.com, 1
+7x7cajalosandes.cl, 1
+7zet.ml, 1
+80001234.com, 1
+8000plus.si, 1
+8001d.com, 1
+8001d88.com, 1
+8003pay.com, 1
+8006d88.com, 1
+800999.xyz, 1
+800bar.com, 1
+800email.com, 1
+800ink.com, 1
+800live.com, 1
+800mattress.com, 1
+800perkins.com, 1
+800sports.com, 1
+800tea.com, 1
+800tutor.com, 1
+8010d88.com, 1
+8012d88.com, 1
+8017d88.com, 1
+8019d88.com, 1
+8021d.com, 1
+8022d.com, 1
+8027d.com, 1
+8028d.com, 1
+8029d.com, 1
+8029d88.com, 1
+803001.com, 1
+8032d88.com, 1
+8033d88.com, 1
+8035d88.com, 1
+80365365.com, 0
+8036d88.com, 1
+8038d88.com, 1
+803970.com, 1
+8039d.com, 1
+805084.com, 1
+8050d.com, 1
+8059d88.com, 1
+8060d88.com, 1
+80630.com, 1
+8069d88.com, 1
+8071d.com, 1
+807252.com, 1
+8077d.com, 1
+80780780.com, 1
+8078d.com, 1
+807software.com, 1
+808cleanups.org, 1
+808gutterking.com, 1
+808mao.com, 1
+809088.cc, 1
+8091.info, 1
+8092d88.com, 1
+8093d.com, 1
+8097d.com, 1
+80993.net, 1
+80bin.com, 1
+80motorsclub.tk, 1
+80thcork.com, 1
+81.cz, 1
+8100.cf, 1
+8102d.com, 1
+8102d88.com, 1
+8106365.com, 0
+8109d88.com, 1
+811121.com, 0
+8113d.com, 1
+8115d88.com, 1
+8116d88.com, 1
+811fsspentagon.com, 1
+8121d.com, 1
+8121d88.com, 1
+8128d.com, 1
+8130d88.com, 1
+8135d88.com, 1
+81365365.com, 0
+81365s.com, 1
+8139d.com, 1
+8151d.com, 1
+8153365.com, 0
+8156d.com, 1
+8159d88.com, 1
+815jz.com, 1
+8160d.com, 1
+8160d88.com, 1
+8161d.com, 1
+8161d88.com, 1
+8162d.com, 1
+8167365.com, 0
+816jz.com, 1
+817181.com, 1
+8171d.com, 1
+817209.com, 0
+8173d.com, 1
+817615.com, 1
+8176d.com, 1
+81818app.com, 0
+81818d.com, 1
+81818z.com, 1
+8181d88.com, 1
+8182d.com, 1
+8182d88.com, 1
+8183d.com, 1
+8183d88.com, 1
+8186d.com, 1
+818bwf.com, 1
+8190d88.com, 1
+819323.com, 1
+8193d.com, 1
+8193d88.com, 1
+8196d.com, 1
+8197d.com, 1
+8197d88.com, 1
+8198d.com, 1
+8198d88.com, 1
+81alarm.cz, 1
+81klima.cz, 1
+81klima.sk, 1
+81uc.com, 1
+8202d.com, 1
+8203d88.com, 1
+8206d.com, 1
+8207d88.com, 1
+8208d.com, 1
+8208d88.com, 1
+8210d88.com, 1
+8211d88.com, 1
+8216d.com, 1
+8216d88.com, 1
+8217d88.com, 1
+8218d88.com, 1
+8219d88.com, 1
+8221d88.com, 1
+8222d88.com, 1
+8225.com, 1
+8225d.com, 1
+8226d.com, 1
+8228d.com, 1
+8229d88.com, 1
+823582.com, 1
+82365a.com, 1
+82365b.com, 1
+82365c.com, 1
+82365d.com, 1
+82365e.com, 1
+82365f.com, 1
+82365g.com, 1
+82365h.com, 1
+82365i.com, 1
+82365j.com, 1
+82365k.com, 1
+82365l.com, 1
+82365m.com, 1
+82365n.com, 1
+82365o.com, 1
+82365p.com, 1
+82365q.com, 1
+82365r.com, 1
+82365s.com, 1
+82365t.com, 1
+82365u.com, 1
+82365v.com, 1
+82365w.com, 1
+82365x.com, 1
+82365y.com, 1
+82365z.com, 1
+824886.com, 1
+825148.com, 1
+825382.com, 1
+826282.com, 1
+826382.com, 1
+82781111.com, 0
+82783333.com, 0
+82784444.com, 0
+82785555.com, 0
+82786666.com, 0
+82789999.com, 0
+8278b.com, 0
+8278bb.com, 0
+8278ee.com, 0
+8278eee.com, 1
+8278ff.com, 0
+8278jj.com, 0
+8278jjj.com, 1
+8278kk.com, 0
+8278rr.com, 0
+8278tt.com, 0
+8278yy.com, 0
+829882.com, 1
+829917.com, 1
+82fss.marketing, 1
+82kb88.com, 1
+830891.com, 0
+830res.com, 1
+831783.com, 1
+83365365.com, 1
+833792.com, 0
+833z6.com, 1
+834365.com, 1
+8349822.com, 1
+835183.com, 1
+836436.com, 1
+838180.com, 1
+838888.net, 1
+83i.de, 1
+83ir2k8b.duckdns.org, 1
+83kb88.com, 1
+84036.ml, 1
+842844.com, 1
+8444.cf, 1
+846773.com, 1
+848jz.com, 1
+848sf.com, 1
+84ag.com, 1
+84aj.com, 1
+84an.com, 1
+84ar.com, 1
+84az.com, 1
+84bn.com, 1
+84bp.com, 1
+84cl.com, 1
+84cx.com, 1
+84dp.com, 1
+84dt.com, 1
+84ek.com, 1
+84et.com, 1
+84ew.com, 1
+84fe.com, 1
+84fi.com, 1
+84ft.com, 1
+84fz.com, 1
+84ga.com, 1
+84gf.com, 1
+84gi.com, 1
+84gk.com, 1
+84gt.com, 1
+84he.com, 1
+84hp.com, 1
+84hs.com, 1
+84ia.com, 1
+84jt.com, 1
+84kc.com, 1
+84kn.com, 1
+84kq.com, 1
+84lb.com, 1
+84pg.com, 1
+84rd.com, 1
+84rn.com, 1
+84sg.com, 1
+84tn.com, 1
+84tp.com, 1
+84tw.com, 1
+84tx.com, 1
+84xa.com, 1
+84xe.com, 1
+84xl.com, 1
+84xm.com, 1
+84xp.com, 1
+84yd.com, 1
+84yj.com, 1
+84yp.com, 1
+84yv.com, 1
+84yw.com, 1
+84zb.com, 1
+850226.com, 1
+8521.co, 0
+8522hk.com, 1
+8522ph.com, 1
+8522top.com, 1
+8522tw.com, 1
+8522usa.com, 1
+8560.be, 1
+8586cp.com, 1
+86001688.com, 1
+8602010.com, 1
+863479.com, 1
+864686.com, 1
+8649955.com, 1
+8649966.com, 1
+8649977.com, 1
+86606.com, 1
+866300.vip, 1
+866305.vip, 1
+866308.vip, 1
+8666321.com, 1
+867104.com, 1
+8688fc.com, 1
+868z6.com, 1
+869293.com, 1
+8699bet.com, 1
+86kb88.com, 1
+86metro.ru, 1
+870.cc, 0
+872291.com, 1
+8722ph.com, 1
+8722usa.com, 1
+872787.com, 1
+873394.com, 1
+87365365.com, 0
+877027.com, 0
+877287.com, 1
+877791.com, 1
+878365cn.com, 1
+878431.com, 1
+878989.com, 1
+8796.jp, 1
+8799bet.com, 1
+87kb88.com, 1
+8800.ru, 1
+880557.com, 1
+8806d.com, 1
+8809d.com, 1
+8809d88.com, 1
+8809ks.com, 1
+88168365.com, 1
+8816d88.com, 1
+88178.top, 1
+8817d88.com, 1
+8818k3.com, 1
+881z6.com, 1
+8826d.com, 1
+8826d88.com, 1
+88321365.com, 0
+8832ks.com, 1
+8833445.com, 1
+8835365.com, 0
+88365.net, 1
+88365t.com, 1
+88518.com, 0
+88522am.com, 1
+885287.com, 1
+8858ks.com, 1
+885kb.com, 1
+885z6.com, 1
+8860d.com, 1
+88661234.com, 1
+886666f.com, 0
+886666l.com, 0
+886666n.com, 1
+886666p.com, 1
+886666q.com, 1
+886666r.com, 0
+886666s.com, 1
+886666t.com, 0
+886666u.com, 0
+886666v.com, 0
+8866d88.com, 1
+8868ty8.com, 1
+8869ks.com, 1
+886k8.com, 0
+886z6.com, 1
+887.ag, 1
+8871d.com, 1
+8872d.com, 1
+88740b.com, 1
+88740e.com, 1
+88740f.com, 1
+88740i.com, 1
+88740j.com, 1
+88740k.com, 1
+88740l.com, 1
+88740m.com, 1
+88740n.com, 1
+88740o.com, 1
+88740p.com, 1
+88740q.com, 1
+88740r.com, 1
+88740s.com, 1
+88740t.com, 1
+88740u.com, 1
+88740v.com, 1
+88740w.com, 1
+88740x.com, 1
+88740z.com, 1
+8876d.com, 1
+887d.com, 1
+8881ks.com, 1
+888321365.com, 0
+8884553.com, 1
+8885asknick.com, 1
+8885ks.com, 1
+888666pj.com, 1
+888700.xyz, 1
+888789j.com, 1
+888806.xyz, 1
+888888722.com, 1
+88889822.com, 1
+888900.xyz, 1
+888bet86.com, 1
+888bwf.com, 1
+888casino-canada.com, 1
+888lots.com, 1
+888starz-5b.bet, 1
+888starz.bet, 1
+888starz22.bet, 1
+888xpjxpj.com, 0
+8890d.com, 1
+8891d.com, 1
+8891ks.com, 1
+8892d.com, 1
+8895d.com, 1
+8898ks.com, 1
+889999vip.com, 1
+889vip1.com, 1
+889vip10.com, 1
+889vip2.com, 1
+889vip3.com, 1
+889vip4.com, 1
+889vip5.com, 1
+889vip6.com, 1
+889vip7.com, 1
+889vip8.com, 1
+889vip9.com, 1
+889w889.com, 1
+889w889.net, 1
+88acesmaritime.com, 1
+88bet86.com, 1
+88bill.com, 1
+88cakescorner.com, 1
+88d.com, 1
+88djl.cc, 1
+88ffaaa.com, 1
+88ffbbb.com, 1
+88ffccc.com, 1
+88ffddd.com, 1
+88ffeee.com, 1
+88fffaa.com, 1
+88fffbb.com, 1
+88fffcc.com, 1
+88fffdd.com, 1
+88fffee.com, 1
+88fffgg.com, 1
+88fffhh.com, 1
+88fffii.com, 1
+88fffjj.com, 1
+88fffkk.com, 1
+88fffll.com, 1
+88fffmm.com, 1
+88fffnn.com, 1
+88fffoo.com, 1
+88fffpp.com, 1
+88fffqq.com, 1
+88fffrr.com, 1
+88fffss.com, 1
+88ffftt.com, 1
+88fffuu.com, 1
+88fffvv.com, 1
+88fffww.com, 1
+88fffxx.com, 1
+88fffyy.com, 1
+88fffzz.com, 1
+88ffggg.com, 1
+88ffhhh.com, 1
+88ffiii.com, 1
+88ffjjj.com, 1
+88ffkkk.com, 1
+88fflll.com, 1
+88ffmmm.com, 1
+88ffnnn.com, 1
+88ffooo.com, 1
+88ffppp.com, 1
+88ffqqq.com, 1
+88ffrrr.com, 1
+88ffsss.com, 1
+88ffttt.com, 1
+88ffuuu.com, 1
+88ffvvv.com, 1
+88ffwww.com, 1
+88ffxxx.com, 1
+88ffyyy.com, 1
+88ffzzz.com, 1
+88home9.com, 1
+88kb88.com, 1
+88laohu.cc, 1
+88laohu.com, 1
+88thpolarisscouts.ca, 1
+88yabo.com, 1
+88yule11.com, 1
+88yule112.com, 1
+88yule113.com, 1
+88yule12.com, 1
+88yule13.com, 1
+88yule15.com, 1
+88yule16.com, 1
+88yule7.com, 1
+88yule9.com, 1
+8900.cf, 1
+8900d.com, 1
+890238.com, 1
+8906d.com, 1
+890789d.com, 0
+8908d.com, 1
+8921d.com, 1
+8925d.com, 1
+8925d88.com, 1
+8926d88.com, 1
+8927d88.com, 1
+8929d88.com, 1
+893067.com, 0
+89386.com, 1
+89386b.com, 0
+89386d.com, 0
+89386e.com, 1
+89386l.com, 1
+8938885.com, 1
+893fm.com.au, 1
+894324.com, 1
+895865.com, 1
+8966bet.com, 1
+897774.com, 1
+8977bet.com, 1
+8989k3.com, 1
+899ks.com, 1
+8a.pw, 1
+8ack.de, 1
+8ag8.org, 1
+8b8888.com, 1
+8ballbombom.uk, 1
+8balls.nl, 1
+8bb.org, 1
+8bet86.com, 1
+8bit.ltd, 1
+8bitpickle.com, 1
+8bitsafe.com, 1
+8cent.com, 1
+8crafty.com, 1
+8dabet.com, 1
+8daysaweek.tk, 1
+8duhu.com, 1
+8e8z.com, 1
+8fit.com, 1
+8freeporn.com, 1
+8fs000.com, 1
+8fs111.com, 1
+8fs222.com, 1
+8fs333.com, 1
+8fs444.com, 1
+8fs555.com, 1
+8fs666.com, 1
+8fs777.com, 1
+8fs888.com, 1
+8fs999.com, 1
+8gaming.net, 1
+8gerd.tk, 1
+8hrs.net, 1
+8i3m2a67.com, 1
+8l.com.au, 1
+8link.com, 1
+8maerz.at, 1
+8me.nl, 1
+8mpay.com, 1
+8shequapp.com, 1
+8show.com, 1
+8t8.eu, 1
+8tech.com.hk, 1
+8thportsmouth.org.uk, 1
+8thstreetlatinas.com, 1
+8time.com, 1
+8tuffbeers.com, 1
+8ung.online, 1
+8xx888.com, 1
+8xxxxxxx.com, 1
+8y.network, 1
+8yabo.com, 0
+8yun.cf, 1
+8yun.ga, 0
+9-11commission.gov, 1
+9.lviv.ua, 1
+90.cx, 1
+9002.cf, 1
+9003.cf, 1
+9004.cf, 1
+9005.cf, 1
+9005424.com, 1
+9006.cf, 1
+9007.cf, 1
+9009019.com, 0
+900hosting.com, 1
+900pk.com, 1
+9011.cf, 1
+9012.cf, 1
+9013.cf, 1
+9014.cf, 1
+9015.cf, 1
+901543.com, 1
+9016.cf, 1
+9018.cf, 1
+9019.cf, 1
+902.gr, 1
+9020.cf, 1
+9021.cf, 1
+9021.io, 1
+9022.cf, 1
+9023.cf, 1
+9023n.com, 0
+9023w.com, 0
+9024.cf, 1
+9025.cf, 1
+9026.cf, 1
+9028.cf, 1
+9029.cf, 1
+9030.cf, 1
+9031.cf, 1
+9032.cf, 1
+9033.cf, 1
+9034.cf, 1
+9035.cf, 1
+9036.cf, 1
+9037.cf, 1
+9038.cf, 1
+9039.cf, 1
+9040.cf, 1
+9041.cf, 1
+9042.cf, 1
+9043.cf, 1
+9044.cf, 1
+9045.cf, 1
+9046.cf, 1
+9047.cf, 1
+9048.cf, 1
+9049.cf, 1
+9050.cf, 1
+9051.cf, 1
+9052.cf, 1
+9053.cf, 1
+9055.cf, 1
+9056.cf, 1
+9057.cf, 1
+9058.cf, 1
+9059.cf, 1
+9060.cf, 1
+9061.cf, 1
+9062.cf, 1
+9063.cf, 1
+9064.cf, 1
+9065.cf, 1
+9066.cf, 1
+9067.cf, 1
+9068.cf, 1
+9069.cf, 1
+9070.cf, 1
+9070989.com, 1
+9071.cf, 1
+9073.cf, 1
+9074.cf, 1
+9075.cf, 1
+9076.cf, 1
+9077.cf, 1
+9078.cf, 1
+907856.com, 1
+9079.cf, 1
+9080.cf, 1
+9081.cf, 1
+9082.cf, 1
+9085.cf, 1
+9086.cf, 1
+9087.cf, 1
+9088.cf, 1
+9090.cf, 1
+9091.cf, 1
+90920.cn, 1
+9093.cf, 1
+9094.cf, 1
+9095.cf, 1
+9096.cf, 1
+9097.cf, 1
+9098.cf, 1
+90daydiet.org, 1
+90minut.com, 1
+90r.jp, 1
+90splease.com, 1
+9100.cf, 1
+9100.ga, 1
+9100.gq, 1
+9100.ml, 1
+9101.cf, 1
+9102.cf, 1
+9103.cf, 1
+9104.cf, 1
+9105.cf, 1
+9106.cf, 1
+910635.com, 1
+9107.cf, 1
+9108.cf, 1
+9109.cf, 1
+911.gov, 1
+9111s.ru, 1
+911216.xyz, 1
+9113.cf, 1
+9114.cf, 1
+9115.cf, 1
+9116.cf, 1
+9117.cf, 1
+9118.com, 1
+9118.hk, 0
+9118.la, 1
+91181.cc, 1
+91186.cc, 1
+9118inc.com, 0
+911commission.gov, 1
+911dispatcheredu.org, 1
+9120.cf, 1
+9121.cf, 1
+912191.com, 1
+9122.cf, 1
+9123.cf, 1
+9124.cf, 1
+9125.cf, 1
+9126.cf, 1
+9127.cf, 1
+912791.com, 1
+912891.com, 1
+9129.cf, 1
+912912.xyz, 1
+9130.cf, 1
+9131.cf, 1
+9132.cf, 1
+913291.com, 1
+9133.cf, 1
+913391.com, 1
+9134.cf, 1
+9135.cf, 1
+9136.cf, 1
+913691.com, 1
+9137.cf, 1
+9139.cf, 1
+9140.cf, 1
+9141.cf, 1
+9142.cf, 1
+9143.cf, 1
+9144.cf, 1
+9145.cf, 1
+9146.cf, 1
+9147.cf, 1
+9148.cf, 1
+9149.cf, 1
+9150.cf, 1
+9151.cf, 1
+9152.cf, 1
+9153.cf, 1
+9154.cf, 1
+9155.cf, 1
+9156.cf, 1
+9157.cf, 1
+9159.cf, 1
+915991.com, 1
+9160.cf, 1
+9161.cf, 1
+9162.cf, 1
+916294.com, 1
+9164.cf, 1
+9165.cf, 1
+9166.cf, 1
+9167.cf, 1
+9168.cf, 1
+9169.cf, 1
+9170.cf, 1
+9171.cf, 1
+9172.cf, 1
+9173.cf, 1
+9174.cf, 1
+9175.cf, 1
+9176.cf, 1
+9177.cf, 1
+9179.cf, 1
+917991.com, 1
+9180.cf, 1
+9181.cf, 1
+918116.com, 1
+9181181.com, 1
+9181182.com, 1
+9181183.com, 1
+9181184.com, 1
+9181185.com, 1
+9181186.com, 1
+9181187.com, 1
+9181189.com, 1
+9182.cf, 1
+9182289.com, 1
+9183.cf, 1
+9184.cf, 1
+9185.cf, 1
+9186.fun, 1
+9186119.com, 1
+9187.cf, 1
+918991.com, 1
+918991a.com, 0
+918991b.com, 0
+918991c.com, 0
+918991d.com, 0
+918991dhz.com, 0
+918991e.com, 0
+918bbm.co, 1
+918bcf.co, 1
+918bcw.co, 1
+918bio.co, 1
+918bip.co, 1
+918bis.co, 1
+918dc04.com, 1
+918dc19.com, 1
+918kisse.com, 1
+918kissinw.com, 1
+9190.cf, 1
+919101.xyz, 1
+919102.xyz, 1
+919103.xyz, 1
+919104.xyz, 1
+919105.xyz, 1
+919106.xyz, 1
+919107.xyz, 1
+919108.xyz, 1
+919109.xyz, 1
+919110.xyz, 1
+9193.cf, 1
+919391.com, 1
+9194.cf, 1
+9195.cf, 1
+9197.cf, 1
+9198.cf, 1
+91bbr.com, 1
+91beauty.com, 1
+91d52.com, 1
+91d72.com, 1
+91d81.com, 1
+91d83.com, 1
+91d85.com, 0
+91dh.cc, 0
+91fashion.com, 1
+91fldz.com, 1
+91imh.com, 1
+91milk.net, 0
+91news.tk, 1
+91quanji.com, 1
+91tianmi.com, 0
+91tvg.com, 1
+9200.cf, 1
+9200.ml, 1
+9201.cf, 1
+9202.cf, 1
+9203.cf, 1
+920392.com, 1
+9204.cf, 1
+9205.cf, 1
+9206.cf, 1
+9207.cf, 1
+9208.cf, 1
+9209.cf, 1
+9210.cf, 1
+9212.cf, 1
+9214.cf, 1
+9215.cf, 1
+9216.cf, 1
+9217.cf, 1
+921792.com, 1
+9218.cf, 1
+921892.com, 1
+9219.cf, 1
+9220.cf, 1
+9221.cf, 1
+9223.cf, 1
+9224.cf, 1
+9225.cf, 1
+9226.cf, 1
+9227.cf, 1
+9228.cf, 1
+9230.cf, 1
+9231.cf, 1
+9232.cf, 1
+9233.cf, 1
+9234.cf, 1
+9235.cf, 1
+9236.cf, 1
+923601.com, 1
+9237.cf, 1
+9239.cf, 1
+9240.cf, 1
+9241.cf, 1
+9242.cf, 1
+9243.cf, 1
+9245.cf, 1
+924592.com, 1
+9246.cf, 1
+9247.cf, 1
+924892.com, 1
+924992.com, 1
+925892.com, 1
+925silverjewelry.com, 1
+926792.com, 1
+927092.com, 1
+927892.com, 1
+928092.com, 1
+928492.com, 1
+928592.com, 1
+929349.com, 1
+929592.com, 1
+9297.co, 1
+9297a.co, 1
+9297aa.co, 1
+9297b.co, 1
+9297bb.co, 1
+9297c.co, 1
+9297cc.co, 1
+9297d.co, 1
+9297dd.co, 1
+9297dh.co, 1
+9297dns.com, 1
+9297e.co, 1
+9297ee.co, 1
+9297f.co, 1
+9297ff.co, 1
+9297g.co, 1
+9297gg.co, 1
+9297h.co, 1
+9297hb.com, 0
+9297hd.co, 1
+9297hd.com, 1
+9297hh.co, 1
+9297i.co, 1
+9297ii.co, 1
+9297j.co, 1
+9297jj.co, 1
+9297k.co, 1
+9297kk.co, 1
+9297l.co, 1
+9297ll.co, 1
+9297m.co, 1
+9297mm.co, 1
+9297n.co, 1
+9297nn.co, 1
+9297o.co, 1
+9297oo.co, 1
+9297p.co, 1
+9297pp.co, 1
+9297q.co, 1
+9297qq.co, 1
+9297r.co, 1
+9297rr.co, 1
+9297s.co, 1
+9297ss.co, 1
+9297t.co, 1
+9297tt.co, 1
+9297u.co, 1
+9297uu.co, 1
+9297v.co, 1
+9297vv.co, 1
+9297w.co, 1
+9297ww.co, 1
+9297x.co, 1
+9297xx.co, 1
+9297y.co, 1
+9297yy.co, 1
+9297z.co, 1
+9297zz.co, 1
+92url.com, 1
+9301.cf, 1
+9302.cf, 1
+9303.cf, 1
+9304.cf, 1
+9305.cf, 1
+9306.cf, 1
+9307.cf, 1
+9308.cf, 1
+9309.cf, 1
+9310.cf, 1
+9311.cf, 1
+9312.cf, 1
+9313.cf, 1
+9314.cf, 1
+9315.cf, 1
+931593.com, 1
+9316.cf, 1
+9317.cf, 1
+9318.cf, 1
+9319.cf, 1
+9320.cf, 1
+9321.cf, 1
+9322.cf, 1
+9323.cf, 1
+9324.cf, 1
+9325.cf, 1
+9326.cf, 1
+9327.cf, 1
+9328.cf, 1
+9329.cf, 1
+932993.com, 1
+9330.cf, 1
+9331.cf, 1
+9332.cf, 1
+9334.cf, 1
+9335.cf, 1
+9336.cf, 1
+9337.cf, 1
+9338.cf, 1
+9339.cf, 1
+9340.cf, 1
+9341.cf, 1
+9342.cf, 1
+9343.cf, 1
+934365.com, 1
+9344.cf, 1
+9345.cf, 1
+9347.cf, 1
+9348.cf, 1
+9349.cf, 1
+9351.cf, 1
+9352.cf, 1
+9353.cf, 1
+9354.cf, 1
+9355.cf, 1
+9356.cf, 1
+9357.cf, 1
+9358.cf, 1
+9359.cf, 1
+935themix.com, 1
+9360.cf, 1
+9361.cf, 1
+9362.cf, 1
+9363.cf, 1
+9364.cf, 1
+93644a.com, 0
+93644b.com, 0
+93644c.com, 0
+93644d.com, 0
+93644x.com, 0
+93644y.com, 0
+93644z.com, 0
+9365.cf, 1
+9366.cf, 1
+9367.cf, 1
+9368.cf, 1
+9369.cf, 1
+9370.cf, 1
+937093.com, 1
+9371.cf, 1
+9372.cf, 1
+9373.cf, 1
+9374.cf, 1
+937493.com, 1
+9375.cf, 1
+9376.cf, 1
+937693.com, 1
+9377.cf, 1
+9378.cf, 1
+937893.com, 1
+9379.cf, 1
+9381.cf, 1
+938193.com, 1
+9382.cf, 1
+9383.cf, 1
+9384.cf, 1
+9385.cf, 1
+9386.cf, 1
+9387.cf, 1
+9388.cf, 1
+9389.cf, 1
+9390.cf, 1
+9391.cf, 1
+9392.cf, 1
+9393.cf, 1
+939394.org, 1
+939394.xyz, 1
+9395.cf, 1
+9396.cf, 1
+9397.cf, 1
+9397a.com, 1
+9397b.com, 1
+9397bb.com, 0
+9397c.com, 1
+9397dd.com, 0
+9397e.com, 1
+9397ee.com, 0
+9397g.com, 0
+9397hb.com, 1
+9397hd.com, 1
+9397i.com, 1
+9397jj.com, 0
+9397kk.com, 0
+9397m.com, 0
+9397nn.com, 0
+9397p.com, 1
+9397pp.com, 1
+9397q.com, 0
+9397qq.com, 0
+9397r.com, 1
+9397s.com, 0
+9397tt.com, 0
+9397u.com, 0
+9397vv.com, 0
+9397ww.com, 1
+9397x.com, 0
+9397xx.com, 0
+9397z.com, 0
+9397zz.com, 0
+9398.cf, 1
+939wns.com, 1
+93ag8.com, 1
+93cq.com, 1
+93jc.cn, 1
+9401.cf, 1
+9402.cf, 1
+9403.cf, 1
+9404.cf, 1
+9405.cf, 1
+9406.cf, 1
+9407.cf, 1
+9409.cf, 1
+9410.cf, 1
+9411.cf, 1
+9412220.de, 1
+9417k.cf, 1
+9417k.com, 1
+941988.cn, 1
+943359.com, 1
+9444.cf, 1
+9449-27a1-22a1-e0d9-4237-dd99-e75e-ac85-2f47-9d34.de, 1
+946773.com, 0
+947cq.com, 1
+9499060.com, 0
+9499066.com, 0
+9499068.com, 0
+9499113.com, 0
+9499115.com, 0
+9499118.com, 0
+9499125.com, 0
+9499137.com, 1
+9499151.com, 0
+9499212.com, 0
+9499232.com, 0
+9499238.com, 0
+9499263.com, 0
+9499278.com, 0
+9499343.com, 0
+9499369.com, 0
+9499399.com, 0
+9499403.com, 0
+9499459.com, 0
+9499518.com, 0
+9499558.com, 0
+9499565.com, 0
+9499568.com, 0
+9499575.com, 0
+9499668.com, 0
+9499676.com, 0
+9499682.com, 0
+9499737.com, 1
+9499757.com, 0
+9499835.com, 0
+9499855.com, 0
+9499869.com, 0
+9499958.com, 0
+9499jjj.com, 0
+9499l.com, 0
+9499mmmm.com, 1
+9499ttt.com, 0
+9499xxx.com, 0
+9499yl.com, 1
+95-the-mix.com, 1
+9500.cf, 1
+9501.cf, 1
+9502.cf, 1
+9503.cf, 1
+9504.cf, 1
+9505.cf, 1
+9506.cf, 1
+9507.cf, 1
+9508.cf, 1
+9509.cf, 1
+9510.cf, 1
+95105.com, 1
+95107.com, 1
+95108.com, 1
+9511.cf, 1
+9512.cf, 1
+9513.cf, 1
+9514.cf, 1
+9515.cf, 1
+951562.com, 1
+9516.cf, 1
+9517.cf, 1
+9519.cf, 1
+951thebull.com, 1
+9522.cf, 1
+9523.cf, 1
+9524.cf, 1
+9525.cf, 1
+9528.cf, 1
+9529.cf, 1
+9531.cf, 1
+9532.cf, 1
+9533.cf, 1
+9534.cf, 1
+9535.cf, 1
+9536.cf, 1
+9537.cf, 1
+9538.cf, 1
+9539.cf, 1
+9540.cf, 1
+9541.cf, 1
+9542.cf, 1
+9543.cf, 1
+9544.cf, 1
+9545.cf, 1
+9546.cf, 1
+9547.cf, 1
+9548.cf, 1
+9549.cf, 1
+9550.cf, 1
+95500.com, 1
+9551.cf, 1
+95518.com, 1
+95519.com, 1
+9552.cf, 1
+9553.cf, 1
+9554.cf, 1
+95544.com, 1
+95558.com, 1
+95559.com, 1
+9556.cf, 1
+95566.com, 1
+95568.com, 1
+9557.cf, 1
+95577.com, 1
+9558.cf, 1
+9559.cf, 1
+9560.cf, 1
+9561.cf, 1
+9562.cf, 1
+9564.cf, 1
+9565.cf, 1
+9566.cf, 1
+9567.cf, 1
+9568.cf, 1
+9569.cf, 1
+956jj.com, 0
+9570.cf, 1
+95700.com, 1
+9571.cf, 1
+9572.cf, 1
+9573.cf, 1
+9574.cf, 1
+9575.cf, 1
+9576.cf, 1
+9578.cf, 1
+9579.cf, 1
+9580.cf, 1
+95808.com, 1
+9581.cf, 1
+9582.cf, 1
+95828.com, 1
+9584.cf, 1
+9585.cf, 1
+9586.cf, 1
+95868457.xyz, 1
+9587.cf, 1
+9588.com.cn, 1
+9590.cf, 1
+9591.cf, 1
+9592.cf, 1
+9593.cf, 1
+9594.cf, 1
+9595.cf, 1
+9596.cf, 1
+959606.com, 1
+9597.cf, 1
+95996.com, 1
+9600.cf, 1
+96002.com, 0
+9601.cf, 1
+9602.cf, 1
+9603.cf, 1
+9604.cf, 1
+9605.cf, 1
+9606.cf, 1
+9607.cf, 1
+9608.cf, 1
+9609.cf, 1
+960server.net.co, 1
+9610.cf, 1
+9611.cf, 1
+9612.cf, 1
+9613.cf, 1
+9614.cf, 1
+9615.cf, 1
+9616.cf, 1
+9617.cf, 1
+9617818.com, 1
+9617818.net, 1
+9618.cf, 1
+96181.com, 1
+9619.cf, 1
+9620.cf, 1
+96200.com, 1
+9621.cf, 1
+9622.cf, 1
+96220.com, 1
+96229.com, 1
+9623.cf, 1
+9624.cf, 1
+9625.cf, 1
+9626.cf, 1
+9628.cf, 1
+9629.cf, 1
+9630.cf, 1
+9631.cf, 1
+96316.com, 1
+9632.cf, 1
+9633.cf, 1
+963696.com, 1
+96448.com, 1
+964515.com, 1
+96577.com, 1
+96605.com, 1
+96606.com, 1
+96607.com, 1
+96658.com, 1
+96658.la, 1
+9666ks.com, 1
+96678.com, 0
+96685.com, 1
+966kb.com, 1
+966ty.com, 1
+967606.com, 1
+967you.com, 1
+96896.com, 1
+96961.com, 1
+9697cp.com, 1
+9700.cf, 1
+9701.cf, 1
+9702.cf, 1
+9703.cf, 1
+9705.cf, 1
+9706.cf, 1
+9707.cf, 1
+9708.cf, 1
+9709.cf, 1
+970locksmithservices.tech, 0
+9710.cf, 1
+9711.cf, 1
+9712.cf, 1
+9714.cf, 1
+9716.cf, 1
+9717.cf, 1
+9718.cf, 1
+9719.cf, 1
+9720.cf, 1
+9721a.com, 0
+9721aa.com, 0
+9721b.com, 0
+9721bb.com, 0
+9721c.com, 0
+9721cc.com, 0
+9721d.com, 0
+9721dd.com, 0
+9721dh.com, 1
+9721e.com, 0
+9721ee.com, 0
+9721ff.com, 1
+9721g.com, 1
+9721gg.com, 0
+9721h.com, 0
+9721hd.com, 1
+9721hh.com, 0
+9721i.com, 0
+9721j.com, 1
+9721jj.com, 0
+9721k.com, 0
+9721l.com, 0
+9721ll.com, 1
+9721m.com, 0
+9721nn.com, 1
+9721o.com, 1
+9721oo.com, 0
+9721p.com, 0
+9721pp.com, 0
+9721q.com, 1
+9721qq.com, 1
+9721r.com, 0
+9721rr.com, 0
+9721s.com, 0
+9721ss.com, 0
+9721t.com, 1
+9721tt.com, 0
+9721u.com, 0
+9721uu.com, 0
+9721v.com, 0
+9721vv.com, 1
+9721w.com, 0
+9721ww.com, 1
+9721x.com, 1
+9721xx.com, 0
+9721z.com, 0
+9721zz.com, 0
+9722.cf, 1
+9723.cf, 1
+9724.cf, 1
+9725.cf, 1
+9726.cf, 1
+9727.cf, 1
+9728.cf, 1
+9728.com, 1
+9728a.co, 1
+9728aa.co, 1
+9728b.co, 1
+9728bb.co, 0
+9728c.co, 1
+9728cc.co, 1
+9728d.co, 1
+9728dd.co, 1
+9728dh.com, 1
+9728dns.com, 1
+9728dz.com, 1
+9728e.co, 1
+9728ee.co, 1
+9728f.co, 1
+9728ff.co, 1
+9728g.co, 1
+9728gg.co, 1
+9728h.co, 1
+9728hb.com, 0
+9728hd.com, 1
+9728hh.co, 1
+9728i.co, 1
+9728ii.co, 1
+9728j.co, 1
+9728jj.co, 1
+9728k.co, 1
+9728kk.co, 1
+9728l.co, 1
+9728ll.co, 1
+9728m.co, 1
+9728mm.co, 1
+9728n.co, 1
+9728nn.co, 1
+9728o.co, 1
+9728oo.co, 1
+9728p.co, 1
+9728pp.co, 1
+9728q.co, 1
+9728qq.co, 1
+9728r.co, 1
+9728rr.co, 1
+9728s.co, 1
+9728ss.co, 1
+9728sx.com, 1
+9728t.co, 1
+9728tt.co, 1
+9728u.co, 1
+9728uu.co, 1
+9728v.co, 1
+9728vv.co, 1
+9728w.co, 1
+9728ww.co, 1
+9728x.co, 1
+9728xx.co, 1
+9728y.co, 1
+9728yy.co, 1
+9728z.co, 1
+9728zz.co, 1
+9729.cf, 1
+972citizenjournalism.org, 1
+972mag.com, 1
+9730.cf, 1
+9731.cf, 1
+9732.cf, 1
+9733.cf, 1
+973325.com, 1
+9734.cf, 1
+9735.cf, 1
+9736.cf, 1
+9737.cf, 1
+9738.cf, 1
+9739.cf, 1
+9740.cf, 1
+9741.cf, 1
+9742.cf, 1
+9743.cf, 1
+9744.cf, 1
+9745.cf, 1
+9746.cf, 1
+9747.cf, 1
+9748.cf, 1
+9749.cf, 1
+9750.cf, 1
+9751.cf, 1
+9752.cf, 1
+9753.cf, 1
+9754.cf, 1
+9756.cf, 1
+9757.cf, 1
+9758.cf, 1
+9759.cf, 1
+976-tuna.com, 1
+9760.cf, 1
+9761.cf, 1
+9764.cf, 1
+9765.cf, 1
+9766.cf, 1
+9767.cf, 1
+97736.com, 1
+97738.com, 0
+977395.com, 1
+977kb.com, 1
+97bros.com, 1
+97m.cc, 1
+9800.cc, 1
+9801.cf, 1
+980709.xyz, 1
+9822.bz, 0
+9822am.com, 1
+9822cn.com, 1
+9822hk.com, 1
+9822ph.com, 1
+9822tw.com, 1
+9822usa.com, 1
+982zzz.com, 1
+984.ch, 1
+985684.com, 1
+9859365.com, 0
+985ccc.com, 1
+986ccc.com, 1
+9877bet.com, 1
+987987.com, 1
+987kisscountry.com, 1
+988.gov, 1
+9882258.com, 1
+988316.com, 1
+9883358.com, 1
+9884458.com, 1
+98877.com, 1
+98944448.com, 1
+98944449.com, 1
+98944555.com, 1
+98944666.com, 1
+98944888.com, 1
+98999555.com, 1
+98999666.com, 1
+98e.site, 1
+98laba.com, 0
+98laba.net, 0
+9901.cf, 1
+9901.ml, 1
+9902.cf, 1
+9902.ml, 1
+9903.cf, 1
+990313.xyz, 1
+9904.cf, 1
+9904.ml, 1
+9905.cf, 1
+9905.ml, 1
+9906.cf, 1
+9906.ml, 1
+9907.cf, 1
+9908.cf, 1
+9908.ml, 1
+9909.cf, 1
+9910.cf, 1
+9912.cf, 1
+9913.cf, 1
+9914.cf, 1
+9915.cf, 1
+9917.cf, 1
+9918.cf, 1
+9920.cf, 1
+9921.cf, 1
+9923.cf, 1
+9925.cf, 1
+9926.cf, 1
+9927.cf, 1
+9928.cf, 1
+992ccc.com, 1
+9930.cf, 1
+9931.cf, 1
+9932.cf, 1
+99321365.com, 0
+9933445.com, 1
+9934.cf, 1
+9935.cf, 1
+9936.cf, 1
+99365t.com, 1
+9937.cf, 1
+9938.cf, 1
+9939.cf, 1
+9940.cf, 1
+9941.cf, 1
+9941y.top, 1
+9942.cf, 1
+9943.cf, 1
+99456j.com, 0
+9946.cf, 1
+9947.cf, 1
+9948.cf, 1
+9949.cf, 1
+9950.cf, 1
+9951.cf, 1
+99511.fi, 1
+9952.cf, 1
+9953.cf, 1
+9954.cf, 1
+9957.cf, 1
+9958.cf, 1
+9959.cf, 1
+99599.fi, 0
+99599.net, 0
+995ccc.com, 1
+9961.cf, 1
+9962.cf, 1
+9963.cf, 1
+9964.cf, 1
+9965.cf, 1
+9967.cf, 1
+9968.cf, 1
+9968101.com, 0
+9968110.com, 0
+9968121.com, 0
+9968159.com, 0
+9968161.com, 0
+9968202.com, 0
+9968232.com, 0
+9968235.com, 0
+9968285.com, 0
+9968303.com, 0
+9968321.com, 0
+9968343.com, 1
+9968359.com, 0
+9968368.com, 0
+9968383.com, 0
+9968454.com, 0
+9968565.com, 0
+9968595.com, 0
+9968606.com, 0
+9968676.com, 1
+9968678.com, 0
+9968787.com, 0
+9968808.com, 0
+9968909.com, 0
+9968959.com, 0
+9968989.com, 0
+9968aaa.com, 1
+9968good.com, 0
+9968live.com, 0
+9968love.com, 0
+9968xl.com, 1
+9968xpj.com, 0
+9969.cf, 1
+9970.cf, 1
+9971.cf, 1
+9972.cf, 1
+9973.cf, 1
+9974.cf, 1
+9975.cf, 1
+9976.cf, 1
+9977432.com, 1
+9978.cf, 1
+9979.cf, 1
+997z6.com, 1
+9980.cf, 1
+9982.cf, 1
+9983.cf, 1
+9984.cf, 1
+9986.cf, 1
+998sa.com, 1
+998wei.com, 1
+998wns.com, 1
+999003.xyz, 1
+999004.xyz, 1
+999005.xyz, 1
+9990058.com, 1
+999006.xyz, 1
+999008.xyz, 1
+999011.xyz, 1
+999014.xyz, 1
+999015.xyz, 1
+999016.xyz, 1
+999017.xyz, 1
+999018.xyz, 1
+999019.xyz, 1
+999021.xyz, 1
+999023.xyz, 1
+999024.xyz, 1
+999025.xyz, 1
+999026.xyz, 1
+999027.xyz, 1
+999028.xyz, 1
+999029.xyz, 1
+999030.xyz, 1
+999031.xyz, 1
+999032.xyz, 1
+999033.xyz, 1
+999034.xyz, 1
+999035.xyz, 1
+999036.xyz, 1
+999037.xyz, 1
+999038.xyz, 1
+999040.xyz, 1
+999041.xyz, 1
+999042.xyz, 1
+999043.xyz, 1
+999044.xyz, 1
+999045.xyz, 1
+999046.xyz, 1
+999047.xyz, 1
+999048.xyz, 1
+999049.xyz, 1
+999050.xyz, 1
+999051.xyz, 1
+999052.xyz, 1
+999053.xyz, 1
+999054.xyz, 1
+999055.xyz, 1
+999056.xyz, 1
+999057.xyz, 1
+999058.xyz, 1
+999059.xyz, 1
+999060.xyz, 1
+999061.xyz, 1
+999062.xyz, 1
+999063.xyz, 1
+999064.xyz, 1
+999065.xyz, 1
+999067.xyz, 1
+999068.xyz, 1
+999070.xyz, 1
+999072.xyz, 1
+999073.xyz, 1
+999074.xyz, 1
+999075.xyz, 1
+999076.xyz, 1
+999078.xyz, 1
+999079.xyz, 1
+999080.xyz, 1
+999081.xyz, 1
+999082.xyz, 1
+999083.xyz, 1
+999084.xyz, 1
+999085.xyz, 1
+999086.xyz, 1
+999089.xyz, 1
+999092.xyz, 1
+999093.xyz, 1
+999094.xyz, 1
+999095.xyz, 1
+999096.xyz, 1
+999097.xyz, 1
+999098.xyz, 1
+9991.cf, 1
+9991158.com, 1
+9992258.com, 1
+999321365.com, 1
+9993358.com, 1
+999365t.com, 1
+9994.cf, 1
+9994553.com, 1
+9995558.com, 1
+999700.xyz, 1
+999814.com, 1
+9998722.com, 1
+9998k8.com, 1
+99998522.com, 1
+99999822.com, 1
+999998722.com, 1
+999bet86.com, 1
+999btt.net, 1
+999salon.co, 1
+999salon.com, 1
+999zlong.com, 1
+99bt.com, 1
+99buffets.com, 1
+99casinos.com, 1
+99dog.com, 1
+99ffaaa.com, 1
+99ffbbb.com, 1
+99ffccc.com, 1
+99ffddd.com, 1
+99ffeee.com, 1
+99fffaa.com, 1
+99fffbb.com, 1
+99fffcc.com, 1
+99fffdd.com, 1
+99fffee.com, 1
+99fffgg.com, 1
+99fffhh.com, 1
+99fffii.com, 1
+99fffjj.com, 1
+99fffkk.com, 1
+99fffll.com, 1
+99fffmm.com, 1
+99fffnn.com, 1
+99fffoo.com, 1
+99fffpp.com, 1
+99fffqq.com, 1
+99fffrr.com, 1
+99fffss.com, 1
+99ffftt.com, 1
+99fffuu.com, 1
+99fffvv.com, 1
+99fffww.com, 1
+99fffxx.com, 1
+99fffyy.com, 1
+99fffzz.com, 1
+99ffggg.com, 1
+99ffhhh.com, 1
+99ffiii.com, 1
+99ffjjj.com, 1
+99ffkkk.com, 1
+99fflll.com, 1
+99ffmmm.com, 1
+99ffnnn.com, 1
+99ffooo.com, 1
+99ffppp.com, 1
+99ffqqq.com, 1
+99ffrrr.com, 1
+99ffsss.com, 1
+99ffttt.com, 1
+99ffuuu.com, 1
+99ffvvv.com, 1
+99ffwww.com, 1
+99ffxxx.com, 1
+99ffyyy.com, 1
+99ffzzz.com, 1
+99firms.com, 1
+99furnitureideasandtips.gq, 1
+99furnitureideasexamples.ga, 1
+99laptops.com, 1
+99lib.net, 1
+99music.com, 1
+99naturalfoods.de, 1
+99perf.com, 1
+99qp.org, 1
+99rst.org, 1
+99sitedesign.com, 1
+99spokes.com, 1
+99wxt.com, 1
+9ag88.com, 1
+9articles.org, 1
+9bet86.com, 1
+9ccn.top, 1
+9de.net, 1
+9elements.com, 0
+9etl.com, 1
+9farm.com, 1
+9fruit.com, 1
+9fvip.net, 1
+9gag.com, 1
+9hosts.net, 1
+9i0.com, 1
+9iwan.net, 1
+9jajuice.com, 1
+9k262.com, 1
+9k267.com, 0
+9k268.com, 1
+9k269.com, 1
+9k282.com, 1
+9k285.com, 1
+9k323.com, 1
+9k329.com, 1
+9k337.com, 1
+9k339.com, 1
+9k373.com, 1
+9k376.com, 1
+9k379.com, 1
+9k387.com, 1
+9k388.com, 1
+9k389.com, 1
+9k392.com, 1
+9k393.com, 1
+9k397.com, 1
+9k562.com, 1
+9k566.com, 1
+9k568.com, 1
+9k569.com, 1
+9k572.com, 1
+9k573.com, 1
+9k585.com, 1
+9k586.com, 1
+9k587.com, 1
+9k626.com, 1
+9k632.com, 1
+9k636.com, 1
+9k638.com, 1
+9k653.com, 1
+9k658.com, 1
+9k662.com, 1
+9k663.com, 1
+9k665.com, 1
+9k667.com, 1
+9k668.com, 1
+9k669.com, 1
+9k675.com, 1
+9k682.com, 1
+9k686.com, 1
+9k689.com, 1
+9k693.com, 1
+9k696.com, 1
+9k698.com, 1
+9k823.com, 1
+9k825.com, 1
+9k826.com, 1
+9k828.com, 1
+9k829.com, 1
+9k832.com, 1
+9k833.com, 1
+9k835.com, 1
+9k836.com, 1
+9k837.com, 1
+9k852.com, 1
+9k855.com, 1
+9k857.com, 1
+9k858.com, 1
+9k859.com, 1
+9k862.com, 1
+9k865.com, 1
+9k866.com, 1
+9k867.com, 1
+9k869.com, 1
+9k872.com, 1
+9k873.com, 0
+9k875.com, 1
+9k877.com, 1
+9k879.com, 1
+9k883.com, 1
+9k885.com, 1
+9k886.com, 1
+9k889.com, 1
+9k892.com, 1
+9k893.com, 1
+9k895.com, 0
+9k896.com, 1
+9k897.com, 1
+9k898.com, 1
+9k899.com, 1
+9kb.xyz, 1
+9l.com.au, 1
+9lab.jp, 1
+9mp.ro, 1
+9nu.org, 0
+9ostech.com, 1
+9pkfz.com, 1
+9point6.com, 1
+9riddles.com, 1
+9ss6.com, 0
+9sw.de, 1
+9tailedkitsune.com, 1
+9tl.ru, 1
+9to5linux.com, 1
+9to5notes.in, 1
+9uelle.jp, 0
+9ungnir.xyz, 1
+9vx.org, 1
+9xbuddy.com, 1
+9xbuddy.xyz, 1
+9xmoviesapp.com, 1
+9yw.me, 1
+9zlatan9.tk, 1
+a-1waterproofing.com, 1
+a-allard.be, 0
+a-b.ee, 1
+a-better-planet.com, 0
+a-busty.com, 1
+a-care.net, 1
+a-classinflatables.co.uk, 1
+a-dish.com, 1
+a-frique.com, 1
+a-gokan.com, 1
+a-h-p.de, 1
+a-hitoduma.com, 1
+a-invest.de, 1
+a-ix.net, 1
+a-lexx.de, 1
+a-little-linux-box.at, 1
+a-louest.info, 1
+a-moe.com, 1
+a-oben.org, 1
+a-players.team, 1
+a-pools.com.ua, 0
+a-raven.corsica, 1
+a-shirouto.com, 1
+a-starbouncycastles.co.uk, 1
+a-systems.ru.com, 1
+a-up.info, 1
+a-wife.net, 1
+a.ac, 1
+a.tt, 1
+a.wtf, 1
+a00228.com, 1
+a04gameapp.com, 1
+a04webapp.com, 1
+a05webapp.com, 1
+a06.ch, 1
+a06.me, 1
+a06gameapp.com, 1
+a06webapp.com, 1
+a0print.nl, 1
+a1.ro, 1
+a11ybadges.com, 1
+a11ywatch.com, 1
+a122.cc, 1
+a12k.nz, 0
+a163.top, 1
+a1bouncycastlehire.com, 1
+a1cashforcar.com.au, 1
+a1cdrinks.com, 1
+a1cookingequipment.com.au, 1
+a1demolitionhauling.com, 1
+a1expresscarremoval.com.au, 1
+a1hypnosis.ga, 1
+a1jumpandbounce.co.uk, 1
+a1locksafeofnc.net, 1
+a1post.bg, 1
+a1qualityspareparts.com.au, 1
+a1scrapmetalrecyclers.com.au, 1
+a1scuba.com, 1
+a1seowebdirectory.com, 0
+a1solarstore.com, 1
+a1speedyrooter.com, 1
+a1websitepro.com, 1
+a210.online, 1
+a22z.xyz, 1
+a24dmng.de, 1
+a24help.ru, 1
+a2a.me, 1
+a2c-co.net, 1
+a2censo.com, 1
+a2ch.ru, 1
+a2g.io, 1
+a2gamer.com, 1
+a2n-expertise.com, 1
+a2ssrl.duckdns.org, 1
+a2zplumbing.com.au, 1
+a2zva.com, 1
+a30.tokyo, 0
+a340.com, 1
+a356.top, 1
+a36533.com, 1
+a365vip2.com, 0
+a365vip3.com, 0
+a365vip5.com, 0
+a365vip9.com, 0
+a3m.gmbh, 1
+a3mobile.com, 1
+a3sys-elodie.fr, 1
+a4.com, 1
+a4sound.com, 1
+a5197.co, 1
+a632079.me, 1
+a64.me, 1
+a66.la, 0
+a6619.com, 1
+a6621.com, 1
+a6623.com, 1
+a6627.com, 1
+a6631.com, 1
+a6651.com, 1
+a6652.com, 1
+a6657.com, 0
+a6659.com, 0
+a6671.com, 0
+a6672.com, 0
+a6673.com, 0
+a6675.com, 0
+a6682.com, 0
+a6683.com, 0
+a6687.com, 0
+a6691.com, 0
+a6692.com, 0
+a6695.com, 0
+a6729.co, 1
+a6729.com, 0
+a6957.co, 1
+a77018.com, 0
+a7m2.me, 1
+a7sa2eat.com, 1
+a82365.com, 1
+a8438pb3.com, 1
+a88fc.com, 1
+a899365.com, 0
+a9-9.top, 1
+a9297.co, 1
+a9721.com, 1
+a9728.co, 1
+aa00228.com, 0
+aa43d.cn, 1
+aa5197.co, 1
+aa6688.net, 0
+aa6729.co, 1
+aa6729.com, 0
+aa6957.co, 1
+aa793.com, 0
+aa9297.co, 1
+aa9397.com, 0
+aa9721.com, 0
+aa9728.co, 1
+aaa-racing.com, 1
+aaa-racing.net, 1
+aaa.ma, 1
+aaa.my, 1
+aaa.ua, 1
+aaablindfactory.com, 1
+aaacomms.com, 1
+aaahosting70.de, 1
+aaainfosystems.com, 1
+aaapl.com, 1
+aaaplumbers.com, 1
+aaapo.com.br, 1
+aaapucrio.com.br, 1
+aabanet.com.br, 1
+aabeltech.com, 1
+aabenjaminjewelry.com, 0
+aacbv.nl, 1
+aacc.ac, 1
+aachen-quiz.de, 1
+aacs-design.com, 1
+aad-gp.com, 1
+aadl.ga, 1
+aadv.com.br, 1
+aaflalo.me, 1
+aagetransport.no, 1
+aahhbali.com, 1
+aaic.ca, 1
+aajkakavi.in, 0
+aalalbayt.com, 1
+aalalbayt.net, 1
+aalaslearninglibrary.org, 1
+aalborgoutdoor.dk, 1
+aalen.tk, 1
+aalianbinhaider.ml, 1
+aaliyahclothing.com, 1
+aalright.org, 1
+aalstmotors-usedcars.be, 1
+aaltocapital.com, 1
+aaltocapital.de, 1
+aaltocapital.fi, 1
+aama.tk, 1
+aamlive.com, 1
+aamt.es, 1
+aan-shop.co.il, 1
+aandachtsmeditatie.nl, 1
+aandeautobody.com, 1
+aandkevents.co.uk, 1
+aanhuisgebakken.tk, 1
+aanlynskool.co.za, 1
+aanwp.com, 1
+aanyasri.com, 1
+aaogaragedoorrepairaustin.com, 1
+aaomidi.com, 1
+aaoth.xyz, 1
+aapant.org.au, 0
+aapifund.org, 1
+aapipower.org, 0
+aappb.org, 1
+aappe.fr, 0
+aaprotocol.tk, 1
+aarailfan.com, 1
+aardvarksoep.nl, 1
+aareptan.ch, 1
+aarestation.ch, 1
+aarhus-protein.dk, 1
+aarhusinside.dk, 1
+aariefhaafiz.com, 1
+aarisings.com, 1
+aarklendoia.com, 1
+aaron-gustafson.com, 0
+aaron-russell.co.uk, 1
+aaron-schaal.de, 1
+aaron-smith-cpa.com, 1
+aaronbonine.com, 1
+aaronburrows.com, 1
+aaronchiangmd.com, 1
+aaronfurtado.com, 1
+aaronhorler.com, 1
+aaronmaar.de, 1
+aaronosmani.com, 1
+aaronr.digital, 1
+aarons.law, 1
+aaronsilber.me, 1
+aaronspain.tk, 1
+aarontechnology.net, 1
+aarquiteta.com.br, 1
+aarsen.me, 1
+aarsunwoods.com, 0
+aartbouman.nl, 1
+aarvinproperties.com, 1
+aarwer.com, 1
+aarwer.jp, 1
+aasvets.co.uk, 1
+aatf.us, 1
+aati.be, 1
+aati.info, 1
+aattrans.com, 1
+aau.edu, 1
+aautoline.tk, 1
+aavaa.org, 1
+aave.com, 0
+aavienna.com, 1
+aawt.net.au, 0
+aax.com, 1
+aayan.com, 1
+aayub.xyz, 1
+ab-design.tk, 1
+ab-pflege.de, 1
+ab-solutepilates.com, 1
+ab-uk.com, 1
+ab-west.tk, 1
+ab288.com, 1
+ab2888.cn, 1
+ab2web.com, 1
+ab91corp.com, 1
+abaapplianceservice.com, 1
+abaaustin.com, 1
+ababyco.com.hr, 1
+abaca.bar, 1
+abaco.cr, 1
+abaconappliancerepairs.co.za, 1
+abacross.com, 1
+abacus-essen.de, 1
+abacus-marketing.uk, 1
+abacus.ai, 0
+abacus.com, 1
+abacusbouncycastle.co.uk, 1
+abacusfi.com, 1
+abacuslouisville.com, 1
+abacusnt.es, 1
+abacuste.ch, 1
+abacustech.co.jp, 1
+abacustech.jp, 1
+abacustech.net, 1
+abacustech.org, 1
+abadie-architecture.com, 1
+abaev.uk, 1
+abahanavillas.com, 1
+abalsa.tk, 1
+abambo.tk, 1
+abancommercials.com, 1
+abandoned-zone.tk, 1
+abandoned.tk, 1
+abandonedmines.gov, 1
+abanico.tk, 1
+abanilla.tk, 1
+abantoclub.com, 1
+abantos.tk, 1
+abaranov.cf, 1
+abaranov.gq, 1
+abarquinha.tk, 1
+abas-erp.com, 1
+abasalehngo.com, 1
+abashevo.ml, 1
+abashevo.tk, 1
+abasite.tk, 1
+abasky.net, 1
+abasteo.mx, 1
+abastor.tk, 1
+abateroad66.it, 1
+abattepeluqueriacitas.com, 1
+abay-today.tk, 1
+abbas.ch, 1
+abbaye-chaise-dieu.com, 1
+abbevillecountysc.gov, 1
+abbeycarefoundation.com, 1
+abbeyvetspets.co.uk, 1
+abbl.com, 1
+abborsjo.fi, 1
+abbotkinneys.com, 1
+abbottscastles.co.uk, 1
+abbreviated-adult-course.com, 1
+abbuc.de, 1
+abbyairsoft.tk, 1
+abbystrange.com, 1
+abbyvangrinsven.co.nz, 1
+abc-kinderbetreuung.at, 1
+abc-people.tk, 1
+abc-pneupascher.eu, 1
+abc-rz.de, 1
+abc.li, 1
+abc001.ga, 1
+abc123autumn.com, 1
+abc15.com, 1
+abcbouncyfactory.co.uk, 1
+abcc.dk, 1
+abccomputerservices.com, 0
+abcdreamusa.com, 1
+abcdthesis.net, 1
+abcensax.tk, 1
+abcfinance.co.uk, 0
+abcgruppen.se, 1
+abch2o.net, 1
+abcheck.se, 1
+abcideabased.com, 1
+abcine.tk, 1
+abckam.com, 1
+abclyrics.tk, 1
+abcode.ml, 1
+abcorporate-aviation.com, 1
+abcorporate-aviation.fr, 1
+abcpartyhire.com, 1
+abcprodutosvirtuais.com.br, 1
+abcrcm.com, 1
+abcstudio.com.au, 1
+abcsystem.ml, 1
+abctwenty.xyz, 1
+abcum.com, 1
+abdel.me, 1
+abdelali.tk, 1
+abdelalidev.ml, 1
+abdelaliezzyn.tk, 1
+abdelsater.net, 1
+abdened.tk, 1
+abdesign.tk, 1
+abdijmale.tk, 1
+abdl.link, 1
+abdsirketim.com, 1
+abdul.cloud, 1
+abdul.win, 1
+abdulawal.tk, 1
+abdulazizgolca.com, 1
+abdulkarimm.tk, 1
+abdullaeff.net, 1
+abdullahavci.com, 1
+abdullahavci.com.tr, 1
+abdullahavci.net.tr, 1
+abdullahavci.org.tr, 1
+abdullahzubayerofficial.ml, 1
+abdulraheem.org, 1
+abdulraheemalick.com, 1
+abdulrahman.eu, 1
+abdulwahaab.ca, 1
+abduramshad.ml, 1
+abdurrahmangazidis.tk, 1
+abdurrehman.tk, 1
+abe-elektro.de, 1
+abe-medical.jp, 1
+abecedarios.co, 1
+abecodes.net, 1
+abecon.com.br, 1
+abeervinum.it, 1
+abeestrada.com, 0
+abeilleduhain.be, 1
+abelbarretto.tk, 1
+abella.ro, 1
+abellagranitecountertops.com, 1
+abellao.com, 1
+abelles.cf, 1
+abelles.gq, 1
+abelles.ml, 1
+abelles.tk, 1
+abelrubio.me, 1
+abelsflooringandtile.com, 1
+abemarx.hu, 1
+abenteuer-ahnenforschung.de, 1
+abenteuerschule4u.eu, 1
+abenteuerteam.de, 1
+abeontech.com, 1
+aber.travel, 1
+aberdeenairportparking24.co.uk, 1
+aberdeenalmeras.com, 1
+aberdeencriticalmass.tk, 1
+aberon.pl, 1
+aberrantvascular.tk, 1
+aberson.nl, 1
+abetterdeath.com, 1
+abetterwichita.org, 1
+abeus.com, 1
+abfluss.com, 1
+abg.ninja, 1
+abgeo.ga, 1
+abgrafstenen.nl, 1
+abhaken.com, 1
+abhaldus.ee, 1
+abhayaranya.com, 1
+abhijit.today, 1
+abhijitvalluri.com, 1
+abhisharma.me, 1
+abhishekkabdijain.tk, 1
+abhy.net, 1
+abi-2017.tk, 1
+abi-fvs.de, 1
+abi95oha.de, 1
+abiapp.net, 1
+abibliasagrada.tk, 1
+abidinginhesed.com, 1
+abierta.cr, 1
+abigailfriedland.com, 1
+abigailstark.com, 1
+abigisp.com, 1
+abigruppe.de, 1
+abileneef.org, 1
+abilenemachine.com, 0
+abilities-inc.jp, 1
+abilityone.gov, 1
+abilix.tk, 1
+abilma.com, 1
+abilymp06.net, 1
+abilympics.org.au, 1
+abimelec.com, 0
+abinferis.com, 1
+abinmetall.ru, 1
+abinyah.com, 1
+abirmas.com, 1
+abitaspringsla.gov, 1
+abitech.tk, 1
+abitextra.eu, 1
+abitextra.org, 1
+abitidalavoro.roma.it, 1
+abitidasposa.roma.it, 1
+abiturient-test.tk, 1
+abivert-piscines.fr, 1
+abkhazianews.tk, 1
+abl.com, 1
+ablauf.com, 1
+ablebits.com, 1
+ablecha.tk, 1
+ablehorsehandlers.au, 1
+ablehorsehandlers.com, 1
+ablehorsehandlers.com.au, 1
+ablehorsehandlers.net.au, 1
+ablehorsetransport.au, 1
+ablehorsetransport.com, 1
+ablehorsetransport.com.au, 1
+ablehorsetransport.net.au, 1
+ableitungsrechner.net, 1
+ableofficeadmin.com, 1
+ableprop.net, 1
+abli.at, 1
+abli.eu, 1
+abli.info, 1
+abli.li, 1
+ablmultiservice.nl, 1
+abloop.com, 1
+ablx.de, 1
+abmackenzie.com, 1
+abmahnhelfer.de, 1
+abmc.gov, 1
+abmelden.com, 1
+abminiplex.in, 1
+abminv.com, 1
+abmledger.ca, 1
+abn-consultants.ie, 1
+abnamropensioenen.nl, 0
+abnarnro.com, 0
+abnbfcu.org, 1
+abnehmen-sport-fitness.de, 1
+abnobapetstore.co.uk, 1
+abnradiofm.tk, 1
+aboces.org, 1
+aboderenovation.co.uk, 0
+abogadoperu.com, 1
+abogadophd.com, 1
+abogadoscav.com, 1
+abogadosescobarysanchez.es, 1
+abogehad.tk, 1
+abol.us, 1
+abolicionistas.com, 1
+abolition.net, 1
+abolitionism.ca, 1
+abolitionism.co.uk, 1
+abolitionism.com, 1
+abolitionism.in, 1
+abolitionism.net, 1
+abolitionism.us, 1
+abolitionist-movement.com, 1
+abolitionist-project.com, 1
+abolitionist-society.com, 1
+abolitionist.ca, 1
+abolitionist.co.uk, 1
+abolitionist.com, 1
+abolitionist.in, 1
+abolitionist.net, 1
+abolitionist.us, 1
+abolitionistparty.com, 1
+abolitionistproject.com, 1
+abolitionistsociety.com, 1
+abolitionniste.com, 1
+abolitionofspeciesism.tk, 1
+abolizionista.com, 1
+abona24.de, 1
+abonegma.com, 1
+abonemnet.tk, 1
+abonentka.tk, 1
+abonilla.com, 0
+aborla.net, 1
+abormez.es, 1
+aborto.tk, 1
+abortopr.com, 1
+abos.eu, 0
+aboticaprodutosnaturais.com, 1
+abouncycastleman.co.uk, 1
+about-bangladesh.tk, 1
+about-e-bags.tk, 1
+about-it.pl, 1
+about-jewelry.tk, 1
+about-sects-and-cults.tk, 1
+about.gq, 1
+about.photos, 1
+aboutadhd.com, 1
+aboutajax.tk, 1
+aboutamit.com, 1
+aboutandroid.tk, 1
+aboutconstruction.ga, 1
+aboutconstruction.gq, 1
+aboutconstruction.ml, 1
+aboutdelphi.tk, 1
+aboutdiabetesinfo.gq, 1
+aboutearning.tk, 1
+aboutfranciscomartinez.tk, 1
+aboutgrills.tk, 1
+abouthistory.tk, 1
+abouthrm.nl, 1
+aboutict.nl, 1
+aboutislam.tk, 1
+aboutlaserremoval.com, 1
+aboutlegal.nl, 1
+aboutlevi.ga, 1
+aboutmarketing.ga, 1
+aboutmedia.nl, 1
+aboutmedicine.tk, 1
+aboutmoney.tk, 1
+aboutmusicals.tk, 1
+aboutmyip.info, 1
+aboutmyproperty.ca, 1
+aboutpublishers.nl, 1
+aboutrom.tk, 1
+aboutshakil.cf, 1
+aboutshakil.tk, 1
+aboutsk.tk, 1
+aboutsleep.com.ua, 1
+abouttablewares.tk, 1
+abouttime.gq, 1
+abouttravel.gq, 1
+aboutwealthcreation.tk, 1
+aboutyou.at, 1
+aboutyou.be, 1
+aboutyou.bg, 1
+aboutyou.ch, 1
+aboutyou.com, 1
+aboutyou.cz, 1
+aboutyou.de, 1
+aboutyou.dk, 1
+aboutyou.ee, 1
+aboutyou.es, 1
+aboutyou.fi, 1
+aboutyou.gr, 1
+aboutyou.hr, 1
+aboutyou.hu, 1
+aboutyou.ie, 1
+aboutyou.it, 1
+aboutyou.lt, 1
+aboutyou.lv, 1
+aboutyou.nl, 1
+aboutyou.no, 1
+aboutyou.pl, 1
+aboutyou.pt, 1
+aboutyou.ro, 1
+aboutyou.se, 1
+aboutyou.si, 1
+aboutyou.sk, 1
+aboveall.love, 1
+abovethefirehouse.com, 1
+abox-kb.com, 1
+abpages.com, 1
+abpis.hr, 1
+abplive.com, 1
+abplusz.hu, 1
+abr.ru, 1
+abracadabra.com, 1
+abracadabramagicas.com.br, 1
+abrah.am, 1
+abrahamboray.tk, 1
+abrahametalero.tk, 1
+abram-lab.ir, 1
+abramochkin.tk, 1
+abramovich.tk, 1
+abramowskimi.tk, 1
+abraofilho.blog.br, 1
+abrarahmed.tk, 1
+abraxan.pro, 1
+abraxas-apis.ch, 1
+abraxas-apps.ch, 1
+abre.cloud, 1
+abreactive.com, 1
+abreactive.net, 1
+abreactive.org, 1
+abrec.cf, 1
+abrec.ga, 1
+abrecenze.cz, 1
+abri29.com, 0
+abrilect.com, 1
+abritek.ca, 1
+abrody.com, 1
+abroferlendo.tk, 1
+abrolhosoctopus.com, 1
+abrupt.co, 1
+abruptgames.com, 1
+absat.tk, 1
+abschleppdienst-in-recklinghausen.de, 1
+abseher-technology.com, 1
+abseits.org, 0
+absentia.cf, 1
+absinsurance.com, 1
+absolab.xyz, 1
+absolem.cc, 1
+absoluav.com, 1
+absoluconseils.com, 1
+absolucopine.com, 1
+absolugroupe.com, 1
+absoluphoto.com, 1
+absolutebritney.com, 1
+absolutechristmas.com, 1
+absolutedouble.co.uk, 1
+absolutegames.ga, 1
+absolutepondcare.com, 1
+absoluterush.net, 1
+absoluteup.com.au, 1
+absolutezero.tk, 1
+absolution.ga, 1
+absolutperm.tk, 1
+absolutweb.tk, 1
+abssoft.tk, 1
+abstechs.ae, 1
+abstimmen.online, 1
+abstract27.com, 1
+abstractbarista.com, 1
+abstractbarista.net, 0
+abstractive.ai, 1
+abstudio.de, 1
+absurdia.tk, 1
+absurdopedia.wiki, 1
+absyscyborg.com, 1
+abteam.tk, 1
+abtech.link, 1
+abteutonia.de, 1
+abth.tk, 1
+abtherapy.co.uk, 1
+abthorpe.org, 1
+abtinheydari.tk, 1
+abu-auftrag.ch, 1
+abu-nour.tk, 1
+abuahmed.ga, 1
+abulanov.com, 1
+abun-motorsport.tk, 1
+abundent.com, 1
+abusamraphotography.tk, 1
+abuse.cat, 1
+abuse.ch, 1
+abuse.fi, 1
+abuse.io, 1
+abusive-host.tk, 1
+abuzihipnoterapi.com, 1
+abuziyadhsds.com, 1
+abvent.net, 0
+abvlbasketviganello.ch, 0
+aby-action.com, 1
+abyaction.net, 1
+abys.se, 1
+abysra.com, 1
+abyss.moe, 1
+abysse.tk, 1
+abyssinian.ga, 1
+abyssproject.net, 1
+abysswebsite.tk, 1
+abzarkosaran.ir, 1
+abzunraid.com, 1
+ac-admin.pl, 1
+ac-booster.net, 1
+ac-spain.tk, 1
+ac-town.com, 1
+ac-trust.ru, 1
+ac.id.au, 1
+ac.milan.it, 1
+ac0g.dyndns.org, 1
+ac8.es, 1
+acab.love, 1
+acachau.synology.me, 1
+acacia-gardens.co.uk, 1
+acaciab.com, 1
+academiacivilbalonmano.tk, 1
+academiacomercialalpina.com, 1
+academiadelmolino.com.uy, 1
+academiadeufologia.com.br, 1
+academiaeureka.tk, 1
+academiaofimage.com, 1
+academiasdemodelos.com, 0
+academic-master.com, 1
+academica.nl, 1
+academicassignmentexperts.com, 1
+academichealthscience.net, 1
+academichelp.gq, 1
+academie-angoumois.org, 1
+academie-de-police.ch, 0
+academika.tk, 1
+academkin.com, 1
+academy-awards.ml, 1
+academyonlinetoyou.tk, 1
+academyruins.com, 1
+academytv.com.au, 1
+acadiate.com, 1
+acaeum.com, 0
+acafellas.com, 1
+acalcio.ga, 1
+acallawayroofing.com, 1
+acaltair.com, 1
+acandroid.top, 1
+acani.xyz, 1
+acaonegocios.com.br, 1
+acapadena.co, 1
+acapana.com, 1
+acapara.net, 1
+acapellalanguage.tk, 1
+acapetahua.tk, 1
+acaptureservices.com, 1
+acara.edu.au, 1
+acasadavella.tk, 1
+acasadoprodutor.com.br, 1
+acaseta.com, 1
+acat.io, 1
+acatec.de, 1
+acatiimi.fi, 1
+acb.com.vn, 1
+acbcoop.com, 1
+acbrussels-used.be, 1
+acbug2018.com, 1
+accademia24.it, 1
+accademiacimarosa.tk, 1
+accademiadelgolden.com, 1
+accademiaditruccoblog.it, 1
+accademiaprati.tk, 1
+accademiapugilistica.it, 1
+accadia.academy, 1
+accalendar17.net, 1
+acccnyc.org, 0
+accedeainternet.gov, 1
+accedia-distribution.com, 1
+accedia.net, 1
+accelaway.com, 1
+acceldigital.com.au, 1
+acceleratedreading.cf, 1
+acceleratethesale.com, 1
+accelerateyourworld.org, 1
+accelerationsummit.com, 1
+accelerator.nyc, 1
+accelerator.tk, 1
+accelsnow.com, 1
+accent-homedecor.com, 1
+accentchair.net, 1
+accentsduterroir.fr, 1
+accentwebs.ie, 1
+acces-elevation.fr, 1
+accesloges.com, 1
+accesoriiutilaje.ro, 1
+access-board.gov, 1
+access-nl.org, 1
+access-not-allowed.gq, 1
+access-odata.com, 1
+access-token.tk, 1
+accessacab.co.uk, 1
+accessauto-occasions.be, 0
+accessauto.co.uk, 1
+accesseap.com.au, 1
+accessibility.gov, 1
+accessibilityguidelines.com, 1
+accessibletravelclub.com, 1
+accessingram.com, 1
+accessiware.com, 1
+accesskeycloning.com, 1
+accesslogisticgroup.com, 1
+accessmania.com, 0
+accessnetworks.com, 1
+accessoh.gov, 1
+accessoirescheveuxchic.com, 1
+accessoklahoma.gov, 1
+accessories-for-women.tk, 1
+accessoriesautoparts.tk, 1
+accessoripersmartphone.it, 1
+accesspress.org, 1
+accesstosystem.cf, 1
+acchan-fun.com, 1
+acchiappasognibedandbreakfast.it, 1
+accio.be, 1
+accionesyreacciones.com, 1
+accioninmobiliaria.tk, 1
+acclivity.pro, 1
+accme.co, 1
+accolade.com.br, 0
+accoladescreens.com.au, 1
+accomexico.com, 1
+accord-application.com, 1
+accordable.gq, 1
+accordimento.de, 1
+accordiondoor.com, 1
+accordius.com.au, 1
+accordproject.tk, 1
+account.bbc.com, 1
+account.gov.mo, 1
+account.gov.uk, 1
+accountancymanager.co.uk, 1
+accountingedu.org, 1
+accountmover.io, 1
+accountryclub.com, 1
+accounts.firefox.com, 1
+accounts.google.com, 1
+accountsfilingmadesimple.com, 1
+accpl.co, 1
+accpressurewashing.com, 1
+accreditamento.net, 1
+accreditedbuildingservices.com, 1
+accretech.vn, 1
+accrosoft.com, 1
+acct-affiliate.com, 1
+accubitsdemo.ml, 1
+accudemia.net, 1
+accueil-paysan.com, 1
+accueillons.org, 1
+acculex.co.uk, 1
+acculongrange.com, 1
+accuphotography.com, 1
+accuracast.com, 1
+accurateinfosolutions.in, 1
+accuride.com, 1
+accuritconsulting.com, 1
+accurx.nhs.uk, 1
+accurxinc.com, 1
+accustandard.com, 1
+accustomedicals.ga, 1
+accutint.com, 1
+accutone.com.mx, 1
+accwing.com, 1
+acd-c.ru, 1
+acdc-tech.eu, 1
+acdc-tech.lv, 1
+acdcbrasil.net, 1
+acdesignsolution.com, 1
+acdk2.de, 1
+ace-aegon.cloud, 1
+ace-clan.tk, 1
+ace-familydental.com, 1
+ace-translations.tk, 1
+ace-uk.net, 1
+ace-wiki.com, 1
+ace.one, 1
+ace0328.com, 1
+aceai.com, 1
+acealters.com, 0
+aceanswering.com, 1
+acebeam.com, 1
+acebovirtual.tk, 1
+acecardiologyclinic.com, 1
+acecerts.co.uk, 1
+acectamentit.tk, 1
+acedstudy.com, 1
+acefishing.tk, 1
+acefront.co.uk, 1
+aceinflatables.com, 1
+aceinstituteonline.com, 1
+acejunkpros.com, 1
+aceleracaodigital.com, 1
+aceleraguria.com.br, 1
+acelpb.com, 1
+acem.org.au, 1
+acemadeira.pt, 1
+acemobileforce.com, 1
+acemsa.ga, 1
+acemypaper.com, 1
+acen.edu.au, 1
+acendas.com, 1
+acendealuz.com.br, 1
+aceofdiamondspainting.com, 1
+aceofheartsgiftbaskets.com, 1
+aceparking.com, 1
+acepi.pt, 1
+acercapartners.com, 1
+acerosfortuna.com.mx, 1
+aceshop702.com, 1
+acetaiavaleri.it, 1
+acetudy.com, 1
+aceweb.ga, 1
+aceycity.ml, 1
+acftienda.tk, 1
+acfun.eu.org, 1
+acg.ac, 1
+acg.mn, 1
+acg.sb, 0
+acgaudio.com, 1
+acgc.nl, 1
+acgpiano.club, 1
+acgqwq.gq, 1
+acgroupvoyages.com, 1
+acgtalktw.com, 1
+acgxi.tk, 1
+achalay.org, 0
+achat-volets-roulants.fr, 1
+achatroom.co.uk, 1
+acheconcursos.com.br, 1
+achered.cf, 1
+acheter-ethylotest.fr, 1
+acheter-louer.fr, 1
+achicrip.org, 1
+achievablewellbeing.com, 1
+achievenewsfrance.tk, 1
+achiever.ga, 1
+achievingheightsacademy.com, 1
+achiksongs.tk, 1
+achildshome.com, 1
+achildshome.org, 1
+achill.org, 1
+achinsk.tk, 1
+achintyaesbee.tk, 1
+achireland.com, 1
+achkandiro.ml, 1
+achkandiro.tk, 1
+achl.fr, 1
+achlochan.tk, 1
+achmadfamily.com, 1
+achmazstore.ir, 1
+achmea.com.au, 1
+achousaude.com.br, 1
+achromatisch.de, 0
+acht-pfade.de, 1
+achtenhagen.me, 1
+achterblog.de, 1
+achterhoekseveiligheidsbeurs.nl, 1
+achtpfade.de, 1
+achtzehn.de, 1
+achtzehn.eu, 1
+achtzig20.de, 0
+aciclovir.ga, 1
+acidchrist.tk, 1
+acidoascorbico.com, 1
+acidtool.com, 1
+acierto.com, 1
+acihotel.vn, 1
+aciksite.com, 1
+acilicraft.cn, 1
+acina.fr, 1
+acingov.pt, 1
+acinq.co, 1
+acisms.es, 1
+ack.tax, 1
+ackermann.ch, 1
+ackermannevents.de, 1
+ackersplastering.co.uk, 1
+acklandstainless.com.au, 1
+acl.gov, 1
+aclandia.fr, 1
+aclhire.com, 1
+aclipt.com, 0
+acloud.one, 1
+acls13.fr, 1
+aclu.org, 0
+acm.vc, 1
+acmebookkeepingsolutions.com, 1
+acmilan.gq, 1
+acmilan.ml, 1
+acnenaturalhealing.com, 1
+acnj.gov, 1
+acnjpolice.gov, 1
+acnoventa.it, 1
+acobex.be, 1
+acodess.com, 1
+acodonline.be, 1
+acolicy.com, 1
+acomerygozar.cam, 1
+acompanhantes.com.pt, 1
+acomplia20mg.cf, 1
+acopatableware.com, 1
+acordes.online, 1
+acorespro.com, 1
+acorncastles.co.uk, 1
+acornmetal.com.au, 1
+acotadecalle.tk, 1
+acourse.io, 1
+acousticalsolutions.com, 1
+acousticandfire.co.uk, 1
+acoustics.network, 1
+acoustics.tech, 1
+acousticsoundrecords.com, 1
+acoustictabs.tk, 1
+acoustique-tardy.com, 0
+acovadamoura.tk, 1
+acp-integrative.fr, 1
+acpbenefit.gov, 1
+acpcoils.com, 0
+acperu.ch, 0
+acpinformatique.fr, 1
+acpny.com, 1
+acquadiparma.kr, 1
+acquaparrucchieri.it, 1
+acquari.roma.it, 1
+acquasuisse.tk, 1
+acquire.co.nz, 1
+acquirebpo.com, 1
+acquireit.com.au, 1
+acquisition.gov, 1
+acquisitiongateway.gov, 1
+acquistorealestate.com, 1
+acraftedpassion.com, 1
+acrealamendolara.tk, 1
+acreinfoco.com, 1
+acrepairgeorgetown.com, 1
+acrepairhutto.com, 1
+acrepairroundrocktx.com, 1
+acrhnc2020.dedyn.io, 1
+acriticismlab.org, 1
+acroaccounting.au, 1
+acroballe-circus.fr, 0
+acrobatic.cf, 1
+acrobatic.tk, 1
+acrolife.cz, 0
+acronis.com, 1
+acronis.events, 1
+acronis.org, 0
+acronis.work, 1
+acrorock.tk, 1
+across-community.tk, 1
+acrossgw.com, 1
+acroteam.tk, 1
+acroyoga-nuernberg.de, 1
+acrylbilder-acrylmalerei.de, 1
+acrylicstyle.xyz, 1
+acrylicwifi.com, 1
+acs-nettoyage-entretien-immeuble.com, 1
+acsb.ro, 0
+acsbbs.org, 1
+acsc.gov.au, 1
+acscargo.ca, 1
+acscbasket.com, 1
+acsd-az.gov, 1
+acse.net, 1
+acsemb.org, 1
+acsihostingsolutions.com, 0
+acsiresearch.com, 1
+acsmuhendislik.com.tr, 1
+acsports.ca, 1
+act-interactive.com, 1
+act-news.com, 1
+act-on.com, 1
+act-web-sa.com, 1
+actabg.net, 1
+actacapital.com.au, 1
+actaflytt.se, 1
+actc.org.uk, 1
+actelsershop.com, 1
+acteon.com, 1
+actexpo.com, 1
+actfleetforum.com, 1
+actforrights.com, 1
+actgruppe.de, 1
+actheater.com, 1
+acticu.com, 1
+actiefgeld.nl, 0
+actieplaza.tk, 1
+actifii.com, 1
+actifyleads.com, 1
+actigamer.pt, 1
+actilove.ch, 1
+actimap.ga, 1
+acting.by, 1
+actingcxo.com, 1
+action-education.org, 1
+action-intell.com, 1
+action-verite.fr, 1
+action.eu, 1
+action.nl, 1
+actioncameraaccessories.ga, 1
+actioncleaningnd.com, 1
+actioncovid.nl, 1
+actioncutprint.com, 1
+actionglasshouston.com, 1
+actionlabs.net, 1
+actionmadagascar.ch, 0
+actionminecraft.tk, 1
+actions.today, 1
+actionsack.com, 1
+actionsandreactions.com, 1
+actionsecuritycameras.com, 1
+actionverb.com, 1
+actiumhealth.com, 1
+activat3rs.com, 1
+activate.swiss, 1
+activatenow.com, 1
+activationkeys.co, 1
+activationkeys.org, 1
+activators.ml, 1
+active-english.tk, 1
+active247.info, 1
+activeaerogels.com, 1
+activecare-monitor.com, 0
+activeclearweb.com, 1
+activeexcavator.com, 0
+activegateball.tk, 1
+activehealth.com, 1
+activehire.co.uk, 1
+activeleisure.ie, 1
+activelife.travel, 1
+activenl.co.uk, 1
+activephysiohealth.com.au, 1
+activeplatesystem.ga, 1
+activeprospect.com, 1
+activespaceautomation.com, 1
+activespacetech.com, 1
+activetk.cf, 1
+activetk.jp, 1
+activexperts.com, 1
+activeyogi.tk, 1
+activism.cf, 1
+activiteithardenberg.nl, 1
+activitesaintnicaise.org, 1
+activiteschiens.be, 1
+activiti.alfresco.com, 1
+activities.rocks, 1
+activitycellsers.ga, 1
+activityhub.cloud, 1
+activityhub.xyz, 1
+activityinfo.org, 1
+activitypub.cyou, 1
+activityshelter.com, 1
+activlux.pt, 1
+activpilot.at, 1
+activs.ru, 1
+actom.cc, 1
+actonsoft.com, 1
+actonwoodworks.com, 1
+actopan.tk, 1
+actoragecheck.com, 1
+actoralcareprofessional.com, 1
+actoresonlinevenezuela.tk, 1
+actorsanthosh.tk, 1
+actorshop.co.uk, 1
+actransit.gov, 1
+actrices.tk, 1
+actris.ac.cy, 1
+actro.ga, 1
+actro.gq, 1
+actronx.tk, 1
+actserv.co.ke, 1
+actu-itech.cf, 1
+actualadmins.com, 1
+actualidad-rt.com, 1
+actualite-videos.com, 1
+actualizarapp.com, 0
+actualprogressivevotersguide.com, 1
+actualsizemusic.tk, 1
+actualsolutions.am, 1
+actus-banque.fr, 1
+actuse.tk, 1
+actzero.ai, 0
+acuarios.tk, 1
+acuarismo-iquique.tk, 1
+acuarius.tk, 1
+acuica.co.uk, 0
+acuityfinishing.com, 1
+acul.me, 1
+aculocity.com, 1
+acupofsalt.tv, 1
+acupuncture.ml, 1
+acupuncturecornwall.co.uk, 1
+acupuncturefoundation.com, 1
+acupuncturefoundation.org, 1
+acupuntura.coach, 1
+acupuntura.doctor, 1
+acupuntura.institute, 1
+acupunturamadrid.xyz, 1
+acupunturavalencia.xyz, 1
+acurapartswarehouse.com, 1
+acus.gov, 1
+acutane.cf, 1
+acutane.ga, 1
+acutane.gq, 1
+acutewealthadvisors.com, 1
+acutica.ro, 1
+acutron.net, 1
+acutron.org, 1
+acvan.net, 1
+acvilnius.tk, 1
+acwcerts.co.uk, 1
+acwdca.gov, 1
+acwi.gov, 1
+acworth-ga.gov, 1
+acy.com, 1
+acyclovir-cream.cf, 1
+acyclovir400mg.ml, 1
+acytec.cl, 1
+ad-bp.top, 1
+ad-disruptio.fr, 0
+ad-education.com, 1
+ad-notam.asia, 1
+ad-notam.ch, 1
+ad-notam.co.uk, 1
+ad-notam.com, 1
+ad-notam.de, 1
+ad-notam.fr, 1
+ad-notam.it, 1
+ad-notam.pt, 1
+ad-notam.uk, 1
+ad-notam.us, 1
+ad-s.cn, 1
+ad-web.tk, 1
+ad.nl, 1
+ad13.in, 1
+ad4tube.com, 1
+ada.eco, 1
+ada.gov, 1
+adab-mans.tk, 1
+adachi.work, 1
+adacomputerscience.org, 1
+adacprod.fr, 1
+adaera.com, 1
+adaeze-wolf.com, 1
+adagia.eu, 1
+adalis.org, 1
+adalite-staging-testnet.herokuapp.com, 1
+adalite.io, 1
+adam-ant.co.uk, 1
+adam-kostecki.de, 1
+adam.com, 1
+adam.id.au, 1
+adam.lgbt, 1
+adam.pt, 1
+adamabernathy.com, 1
+adamant.ua, 1
+adamante.com.br, 1
+adamas-magicus.ru, 1
+adamaveray.com.au, 1
+adambryant.ca, 0
+adamcarbonell.com, 1
+adamcoffee.net, 0
+adamdixon.co.uk, 1
+adamdorman.com, 1
+adame.io, 1
+adameveplus.com, 1
+adamevevod.com, 1
+adamfontenot.com, 1
+adamgian.com, 1
+adamh.us, 1
+adamj.eu, 1
+adamjoycegames.co.uk, 1
+adamkissee.com, 1
+adamkostecki.de, 1
+adamlevine.ga, 1
+adamliu.net, 0
+adamoutler.com, 1
+adamov.tk, 1
+adamradocz.com, 1
+adamraoof.tk, 1
+adamricheimer.com, 1
+adams-gonczi.fun, 1
+adams.dk, 1
+adams.es, 1
+adamscampcolorado.org, 1
+adamschmuck.de, 1
+adamscountyco.gov, 1
+adamscountycoelections.gov, 1
+adamscountyemsoh.gov, 1
+adamscountyil.gov, 1
+adamscountyne.gov, 1
+adamscountypa.gov, 1
+adamstas.com, 1
+adamsweb.tk, 1
+adamwallington.co.uk, 1
+adaoconde.art, 1
+adapt-elektronik.com, 1
+adapt-iq.co.nz, 1
+adapt-iq.com, 1
+adapti.de, 1
+adaptimmune.com, 1
+adaptiv.ltd, 1
+adaptivecenter.net, 1
+adaptiveexercisegroup.com, 1
+adaptiveicons.com, 1
+adaptivemechanics.edu.au, 1
+adaptivesite.cf, 1
+adaptivesite.gq, 1
+adaptiveu.io, 1
+adaptyourlifeacademy.com, 1
+adarixconsultores.com, 1
+adarshcloud.in, 1
+adarshthapa.org, 1
+adarsvidler.me, 1
+adasbench.com, 1
+adaselin.com, 1
+adata-c.kz, 1
+adata.kz, 1
+adatitleiii.com, 1
+adativos.com.br, 1
+adawolfa.cz, 1
+adbexcavation.ca, 1
+adbglobal.com, 1
+adblock.ee, 1
+adblockextreme.com, 1
+adblockextreme.net, 1
+adblockextreme.org, 1
+adbpub.com, 1
+adc-dentalcare.com, 1
+adc64.com, 1
+adceuta.tk, 1
+adclickmedia.com, 1
+adcnvs.com, 1
+adcoglazing.co.uk, 1
+adcpressurewashing.co.uk, 1
+add-image.tk, 1
+add-in-express.com, 1
+add-ons.co.uk, 1
+add.pics, 1
+adda.io, 1
+addag.de, 1
+addall.com, 1
+addax.com.tr, 1
+addbonus.ml, 1
+addcrazy.com, 1
+adder.ml, 1
+adderall.ml, 1
+adderall.space, 1
+addict.tk, 1
+addictedtotravel.pl, 1
+addiction-counselors.com, 1
+addictioncounsellors.co.nz, 1
+addictionsolutionsllc.com, 1
+addictlaw.com, 1
+addictless.ru, 1
+addictstore.it, 1
+addiko.net, 1
+addisoncrump.info, 1
+addisonwi.gov, 1
+additioacademy.com, 1
+addition.ml, 1
+addlink.ga, 1
+addlink.gq, 1
+addmefast.tk, 1
+addnewsite.tk, 1
+addnine.com, 0
+addon.watch, 1
+addones.org, 1
+addownit.com, 1
+addr.space, 1
+addresstobe.com, 1
+addscoop.ml, 1
+addstar.jp, 0
+addtelegrammember.com, 1
+addtoany.com, 1
+adducation.info, 1
+adduono.com, 1
+addurls.tk, 1
+addviseo.com, 1
+addy.io, 1
+addy.to, 1
+addydari.us, 1
+addymail.com, 1
+addyourlink.tk, 1
+addyto.me, 1
+ade-power.com, 1
+adea.mx, 1
+adeabramihza.com, 1
+adec-emsa.ae, 1
+adeelshahid.tk, 1
+adeex.co.uk, 1
+adeex.in, 1
+adeex.us, 1
+adeexaustralia.com, 1
+adelaidamountainresidences.ph, 1
+adelaidecoldlaser.com.au, 1
+adelaidefestivalsquare.com.au, 1
+adelapereira.com, 1
+adeldz-foot.cf, 1
+adelebeals.com, 1
+adelgace.top, 1
+adelicious.co, 1
+adelie.org.uk, 1
+adelightfulglow.com, 1
+adelina.com.br, 0
+adeline.mobi, 1
+adelonline.tk, 1
+adelphiawines.com, 1
+ademaulana.tk, 1
+adenhurra.cf, 1
+adenhurra.ml, 1
+adenoma.tk, 1
+adenopatia.com, 1
+adenos.in, 1
+adenplus1.com, 0
+adeon.ml, 1
+adept-elearning.com, 1
+adept.org.pl, 1
+adescb.ga, 1
+adese.es, 1
+adesex.in, 1
+adesignguy.co.uk, 1
+adespresso.com, 1
+adevel.eu, 1
+adevo.be, 1
+adex.network, 1
+adextremadurafs.tk, 1
+adf-safetytools.com, 1
+adf.gov, 1
+adfconsumer.gov.au, 1
+adfinternational.org, 1
+adfisicateca.org, 1
+adfs.pro, 1
+adftrasporti.it, 1
+adfyl.tk, 1
+adg-devochtspecialist.be, 1
+adg.is, 1
+adgh.ml, 1
+adgift.ro, 1
+adglue.io, 1
+adgreetz.com, 1
+adh.org.au, 1
+adhadse.com, 1
+adhd-explained.com, 1
+adhd-inattentive.com, 1
+adhdyoga.ca, 1
+adhigamindia.com, 1
+adhockery.ga, 1
+adhocracy.plus, 1
+adi.com.au, 1
+adi.net.au, 1
+adiamo.pl, 1
+adiaz.us, 1
+adib.family, 1
+adictosdominantescdls.tk, 1
+adidas-2020-spring.com, 1
+adiehard.party, 1
+adiesyndrome.tk, 1
+adigolifestyle.com, 1
+adiguezel-bau-gmbh.de, 1
+adihomes.com, 1
+adilsabri.tk, 1
+adimaja.com, 1
+adimo.com.pl, 1
+adimplere.com.br, 1
+adinaporter.com, 1
+adinfinitum.gq, 1
+adinternational.com.au, 1
+adiph.fr, 1
+adiph.org, 1
+adiprospero.it, 1
+adiraku.co.id, 1
+adiscorduser.com, 1
+adit.com, 1
+adityaes.eu.org, 1
+adityatelange.in, 1
+adiyamandanal.com, 1
+adiyamanhaberleri.tk, 1
+adje-fansite.tk, 1
+adjudicating.tk, 1
+adjustablebeds.ca, 1
+adjustablebeds.org, 1
+adjusterpro.com, 1
+adjutor.xyz, 1
+adkinvest.co.il, 1
+adler-international.pl, 1
+adlerneves.com, 1
+adlerneves.com.br, 1
+adlerosn.com, 1
+adlerosn.com.br, 1
+adlershop.ch, 1
+adlignum.se, 1
+adliomar.tk, 1
+adm-sarov.ru, 1
+admanmedia.fr, 1
+admglass.co.uk, 1
+admicos.cf, 1
+admin-gator.com, 1
+admin-gator.net, 1
+admin-serv.net, 1
+admin-wp.com, 1
+admin-wp.pl, 1
+admin.academy, 1
+admin.fedoraproject.org, 1
+admin.google.com, 1
+admin.se, 1
+admin.stg.fedoraproject.org, 1
+adminconnection.net, 1
+adminforge.de, 1
+admingator.net, 1
+admini.cl, 1
+administracionessaez.es, 1
+administradoresdefincasvalencia.net, 1
+administradorvalencia.es, 0
+administraitor.video, 1
+administrarmeusite.tk, 1
+administratiekantoorblom.nl, 1
+administrator.de, 1
+administratorhandal.cf, 1
+adminless.ovh, 1
+adminlinux.pl, 1
+admino.cz, 1
+adminova.tk, 1
+adminplus.bg, 1
+adminresurs.tk, 1
+adminrezo.fr, 0
+adminwells.com, 1
+admirable.pro, 0
+admody.com, 1
+admongo.gov, 1
+admstudio.co.uk, 1
+admus.pl, 1
+adn-recrutement.fr, 0
+adnanotoyedekparca.com, 1
+adndigital.com.br, 1
+adnempresa.es, 1
+adnexa.it, 1
+adnfiscal.com, 1
+adnolesh.com, 1
+adnotam.ch, 1
+adnscript.tk, 1
+adnseguros.es, 1
+adnsolutions.com, 1
+adoll.ml, 1
+adomani-italia.com, 1
+adomicilio.gt, 1
+adonairelogios.com.br, 1
+adondevamosmundo.com, 1
+adonis.hosting, 1
+adonisgrup.ro, 1
+adonizer.science, 1
+adonnante.com, 0
+adontenchambers.com, 1
+adoperator.com, 1
+adopt.tk, 1
+adoptabeehive.co.uk, 1
+adoptabeehive.com, 1
+adoptabeehive.org, 1
+adoptabeehive.org.uk, 1
+adoptas.org, 1
+adopting.tk, 1
+adoption.tk, 1
+adoptionpregnancycenter.com, 1
+adoptionpregnancycenter.net, 1
+adoptium.net, 1
+adorable-home.com, 1
+adorade.ro, 0
+adorai.tk, 1
+adoran.ga, 1
+adorecricket.com, 1
+adores.gq, 1
+adorez.tk, 1
+adoric.com, 1
+adorkable.eu, 1
+adorkable.social, 1
+adorned.ga, 1
+adotta.me, 1
+adoucishop.fr, 1
+adoxy.com.br, 1
+adpesp.org.br, 1
+adplist.org, 1
+adpot.xyz, 0
+adr-stock.com, 1
+adr.gov, 1
+adrabataille.fr, 0
+adrafinil.wiki, 1
+adreaminsteel.tk, 1
+adreana.com, 1
+adregain.com, 1
+adregain.ru, 1
+adrenalin.is, 1
+adrenalin.od.ua, 0
+adrenalinhunters.tk, 1
+adresse-ip-publique.fr, 1
+adressendata.nl, 1
+adresults.com, 1
+adresults.nl, 1
+adrian-riemer.tk, 1
+adrian.web.id, 1
+adrian2023.com, 1
+adrian2023.de, 1
+adrianadelrossi.com, 1
+adrianadelrossi.net, 1
+adrianagonzalez.tk, 1
+adrianajewelry.my, 1
+adrianasantos.me, 1
+adrianbechtold.de, 1
+adrianbotes.com, 1
+adrianbrad.com, 1
+adriancitu.com, 1
+adriancostin.ro, 1
+adrianfeliciano.com, 0
+adrianhardy.com, 1
+adrianiacobus.com, 1
+adrianjensen.com, 1
+adrianmejias.com, 1
+adrianobarbosa.xyz, 1
+adrianpetcu.tk, 1
+adrianpole.tk, 1
+adrianseo.ro, 0
+adrianspeyer.com, 1
+adriantwpmi.gov, 1
+adrianwalls.tk, 1
+adrianweb.ml, 1
+adriarae.xyz, 1
+adriatic.hr, 1
+adriatika.tk, 1
+adriatrans.ga, 1
+adrienfelsmann.fr, 1
+adrieng.fr, 1
+adrienkohlbecker.com, 1
+adriennekiss.net, 1
+adriennesmiles.com, 1
+adrinet.tk, 1
+adrino.cf, 1
+adrino.gq, 1
+adrino.ml, 1
+adrup.com, 1
+ads-kuwait.net, 1
+adsamcik.com, 1
+adsb.lol, 1
+adsbouncycastles.co.uk, 1
+adscambodia.com, 1
+adsense-arbitrage.com, 1
+adseye.tk, 1
+adsforcash.ga, 1
+adshooter.com, 1
+adsib.gob.bo, 1
+adsl2meg.fr, 1
+adsmarketing.tk, 1
+adsmobilefor.win, 1
+adsmodels.com, 1
+adsnn.com, 1
+adson.at, 1
+adson.cz, 1
+adson.de, 1
+adson.ee, 1
+adson.eu, 0
+adson.fi, 1
+adson.fr, 1
+adson.hu, 1
+adson.ie, 1
+adson.li, 1
+adson.lt, 1
+adson.lv, 1
+adson.nl, 1
+adson.no, 1
+adson.pt, 1
+adspire.tk, 1
+adspottest.tk, 1
+adspu.org, 1
+adst.dk, 1
+adstop.ga, 1
+adstop.ml, 1
+adstune.com, 1
+adsviews.gq, 1
+adswoo.com, 1
+adt.co.za, 1
+adt.pl, 1
+adtelligent.com, 1
+adtgroup.com, 1
+adti.pt, 0
+adubosvidere.com.br, 1
+adultbizz.eu, 1
+adultdvdparadise.com, 1
+adulteducation.org.uk, 1
+adultforum.gr, 1
+adultgames.pro, 1
+adultmalecontent.com, 1
+adultshop.com.au, 0
+adultwebcams1.com, 1
+aduro.com.tr, 1
+adurra.com, 1
+adutoras.com.br, 1
+adv.cr, 0
+advair-generic.ga, 1
+advairgeneric.ga, 1
+advairprice.ga, 1
+advaitghaisas.in, 1
+advaith.fun, 1
+advaith.io, 1
+advaith.link, 1
+advaithbot.xyz, 1
+advaithnikhi.ml, 1
+advaithnikhi.tk, 1
+advance.hr, 1
+advancealabama.gov, 1
+advanced-online.eu, 1
+advancedaquaticservice.com, 1
+advancedboilers.com, 1
+advancedbotoxclinic.com, 1
+advancedbuildings.com.au, 1
+advancedconcrete.construction, 1
+advanceddermmohssurgery.com, 1
+advanceddermtribeca.com, 1
+advanceddieselspokane.com, 0
+advanceddisposables.co.uk, 0
+advancedelectricalservicesqld.com.au, 1
+advancedfueladditives.com, 1
+advancedhealthmedical.com.au, 1
+advancedinteg.com, 1
+advancedmd.com, 1
+advancedmedicalcertification.com, 1
+advancednetflowtraining.com, 1
+advancedob-gyn.com, 1
+advancedoneroofing.com, 1
+advancedridertraining.co.uk, 1
+advancedroofingmuskoka.com, 1
+advancedseo.io, 1
+advancedsepticandpumping.com, 0
+advancedsurgicalconsultantsllc.com, 1
+advancedturf.tk, 1
+advancedurologyca.com, 1
+advancedurologyswla.com, 1
+advancedwriters.com, 1
+advancemoversnc.com, 1
+advanceoptical.com, 1
+advanceworx.com, 1
+advania.info, 1
+advanqi.se, 1
+advantagehomeinteriors.com, 1
+advantagemechanicalinc.com, 1
+advantageroofer.com, 1
+advantagetowing.com.au, 1
+advantis.ai, 1
+advantis.cf, 1
+advantis.ga, 1
+advantis.gq, 1
+advantis.tk, 1
+advantmed.com, 1
+advapacs.com, 1
+advara.com, 1
+advarra.com, 1
+advasa.jp, 1
+advasa.net, 1
+advbizintel.com, 1
+advenacs.com, 1
+advenacs.com.au, 1
+advenapay.com, 1
+advenspolska.pl, 1
+adventaholdings.com, 1
+adventalley.com, 1
+adventistai.lt, 1
+adventisthomemaker.com, 1
+advento.bg, 1
+adventry.tk, 1
+adventure-runner.tk, 1
+adventureally.com, 1
+adventurealpinetreks.com, 1
+adventurearts.tk, 1
+adventureboy.co.uk, 1
+adventurecorps.cf, 1
+adventurecorps.ga, 1
+adventurecorps.gq, 1
+adventurecorps.ml, 1
+adventurecreators.com, 1
+adventuredental.com, 1
+adventuredrives.com, 0
+adventureforest.co.nz, 1
+adventureforest.nz, 1
+adventuregamers.com, 1
+adventurenow.nl, 1
+adventureprooutdoors.com, 1
+adventureprovisionco.com, 1
+adventures.com, 1
+adventuretoursbend.com, 1
+adventuringup.com, 1
+adventurousway.com, 1
+adventus.space, 1
+advercarte.com, 1
+adverganda.com, 1
+adverganda.de, 1
+adversus-test.tk, 0
+adversus-web-staging.tk, 0
+advertise-ment.tk, 1
+advertising-design.tk, 1
+advertisingcompany.tk, 1
+advertisingindustry.ga, 1
+advertisingphonesest.ga, 1
+advertisment.ga, 1
+advery.tk, 1
+advice24.tk, 1
+advicepay.com, 1
+adviceprime.tk, 1
+adviesfactuur.nl, 1
+adviesgv.nl, 1
+advinix.fr, 1
+advirk.tk, 1
+advisercentre.com.au, 1
+adviserplus.com, 1
+advisorperspectives.com, 1
+advmaster.cf, 1
+advocaat-dejonge.be, 1
+advocaatzoeken.nl, 1
+advocatae.com, 1
+advocatburo.tk, 1
+advocatealliancegroup.com, 1
+advocateanakha.com, 1
+advocatechannel.com, 1
+advocatize.com, 1
+advocator.ca, 1
+advoervice.ga, 1
+advogadavaleria.com.br, 1
+advogatech.com.br, 1
+advokat-dtp.cf, 1
+advokat-dtp.ga, 1
+advokat-dtp.gq, 1
+advokat-dtp.ml, 1
+advokat-dtp.tk, 1
+advokat-malinovskii.ml, 1
+advokat-romanov.com, 1
+advokat-teigstad.no, 1
+advokat-vvp.com.ua, 1
+advokat73.gq, 1
+advokati-ceva.cz, 1
+advokatkonsult.cf, 1
+advokatmorgunov.ml, 1
+advokatonline.ml, 1
+advokatskoe-byuro.ml, 1
+advokaty-onlajn.cf, 1
+advokaty-onlajn.ga, 1
+advokaty-onlajn.gq, 1
+advokaty-onlajn.ml, 1
+advokaty-onlajn.tk, 1
+advokaty-yuristy.ga, 1
+advokaty-yuristy.ml, 1
+advokaty-yuristy.tk, 1
+advokaty.cf, 1
+advokaty.gq, 1
+advritujeph.in, 1
+advst.uk, 1
+advtran.com, 0
+adwallgate.com, 1
+adware.pl, 0
+adwokatkosterka.pl, 1
+adwokatzdunek.pl, 1
+adxperience.com, 1
+adygeya.cf, 1
+adzie.xyz, 1
+adzuna.at, 1
+adzuna.ca, 1
+adzuna.co.nz, 1
+adzuna.co.za, 1
+adzuna.com, 1
+adzuna.com.au, 1
+adzuna.com.br, 1
+adzuna.de, 1
+adzuna.fr, 1
+adzuna.in, 1
+adzuna.it, 1
+adzuna.nl, 1
+adzuna.pl, 1
+adzuna.ru, 1
+adzuna.sg, 1
+ae-dir.com, 1
+ae-dir.org, 1
+ae.com, 1
+ae.edu.rs, 1
+ae86.de, 1
+ae86.dog, 0
+ae86.in, 1
+ae86.plus, 0
+ae86.pro, 1
+ae86.pw, 1
+ae86.run, 0
+ae86.vip, 1
+ae86a.com, 1
+ae86c.com, 1
+ae86dy.com, 1
+ae86j.com, 1
+ae86k.com, 1
+ae86t.com, 1
+ae86tt.com, 1
+ae86u.com, 1
+ae86uu.com, 1
+ae86w.com, 1
+ae86x.com, 0
+ae86y.com, 1
+ae86yy.com, 1
+ae86zx.net, 1
+ae86zy.com, 1
+aeb.io, 1
+aebba.org, 1
+aebian.org, 1
+aebleskoven.dk, 1
+aec-security.eu, 1
+aece.ro, 1
+aechelon.net, 1
+aecis.org, 1
+aecnewstoday.com, 1
+aecom.digital, 1
+aecom.io, 1
+aedollon.com, 1
+aedus-design.ru, 1
+aegcl.co.in, 1
+aegeanmep.com, 1
+aegee-academy.eu, 1
+aegee-academy.org, 1
+aegee-utrecht.nl, 1
+aegee.eu, 1
+aegee.org, 1
+aegis.moe, 1
+aegisaccounting.co.uk, 1
+aegisalarm.co.uk, 1
+aegisalarm.com, 1
+aegisalarms.co.uk, 1
+aegisalarms.com, 1
+aegon.hu, 1
+aegrel.ee, 1
+aeh5134.cc, 1
+aeha.tk, 1
+aehe.us, 1
+aeis-api-stg.azurewebsites.net, 1
+aeis-api.azurewebsites.net, 1
+aeksantcugat.tk, 1
+aeksistem.com, 1
+aelgame.com, 1
+aelintx.com, 1
+aelisya.net, 0
+aelurus.com, 1
+aenes.com, 1
+aenmail.com, 1
+aeolservice.es, 1
+aeon.co, 0
+aeon.wiki, 0
+aeonc.com, 1
+aeonct.org, 1
+aeonian.live, 0
+aeonmall.global, 1
+aeperocovilha.pt, 1
+aeperodacovilha.pt, 1
+aequometer.de, 1
+aeradesign.com, 1
+aeradoresgaivota.com.br, 1
+aerandir.fr, 1
+aere.com, 1
+aereco.com, 1
+aerelon.de, 1
+aergia.eu, 1
+aerialawesome.com, 1
+aerialforce.co.uk, 1
+aerialworks.ddns.net, 1
+aerisnetwork.com, 1
+aerlux.md, 1
+aeroalbrook.com, 1
+aerobasegroup.com, 1
+aerobatt.com, 1
+aerobiconline.tk, 1
+aerobotz.com, 1
+aeroclub-tolhuin.tk, 1
+aeroelectronics.net, 1
+aeroequity.com, 1
+aeroexpress.tk, 1
+aerofarms.com, 1
+aeroflot.gq, 1
+aeroframe.tk, 1
+aeroglass.ml, 1
+aerogrill.tk, 1
+aeroklub.tk, 1
+aerolineasvenezolanas.net, 1
+aerolog.co, 0
+aeromot.com, 1
+aeron.aero, 1
+aeronautix.com, 1
+aeronote.net, 1
+aeroplan.tk, 1
+aeropole.de, 1
+aeropole.eu, 1
+aeroport.gq, 1
+aeropostale.com.ar, 1
+aerosail.fr, 1
+aerosoul.tk, 1
+aerospace-schools.com, 1
+aerospacearchives.tk, 1
+aerospacescience.ml, 1
+aerospeceng.com.au, 1
+aerotrans-service.eu, 1
+aerotrophy.fr, 1
+aerowillys.tk, 1
+aerozone.tk, 1
+aertel.ie, 1
+aerztezentrum.io, 1
+aes-freundeskreis.de, 0
+aes.org.pt, 1
+aesculapliterature.com, 1
+aeslifesciences.com, 1
+aesmoris.es, 1
+aesre.com, 1
+aesre.de, 1
+aesre.net, 1
+aessencia.com.br, 1
+aestheticsplus.xyz, 1
+aesthetikpiercing.de, 1
+aesthetix.icu, 1
+aesthetx.com, 1
+aesthway.com, 1
+aestore.by, 1
+aesvalanalys.com, 1
+aesyours.com, 1
+aeterna-ufa.ru, 1
+aeternus-darkermonument.tk, 1
+aeternus.tech, 1
+aether.industries, 1
+aetherc0r3.eu, 1
+aetherdigitalplatform.com, 1
+aethereahealth.com, 0
+aetherlink.de, 1
+aethernia.net, 1
+aethon.com, 1
+aethonan.pro, 1
+aethopy.ga, 1
+aetna-medicareplans.com, 1
+aevo-vergleich.de, 1
+aevpn.org, 1
+aextron.com, 1
+aextron.de, 1
+aextron.org, 1
+aezw.at, 1
+af-clan.tk, 1
+af.link, 1
+afadansedeparis.com, 1
+afadvantage.gov, 1
+afanasev.tk, 1
+afandou.com, 1
+afanias.org, 1
+afas-apps.nl, 1
+afasim.tk, 1
+afasstatus.nl, 1
+afbouw-gevelsupport.nl, 1
+afbrunswick.com, 1
+afc-capital.mx, 1
+afcmrstest.org, 1
+afd-bedburg.de, 1
+afd-bergheim.de, 1
+afd-elsdorf.de, 1
+afd-frechen.de, 1
+afd-huerth.de, 1
+afd-kerpen.de, 1
+afd-pulheim.de, 1
+afd-rheinerft.de, 1
+afdah.se, 1
+afdbedburg.de, 1
+afdbruehl.de, 1
+afdelsdorf.de, 1
+afderftstadt.de, 1
+afdfrechen.de, 1
+afdhuerth.de, 1
+afdkerpen.de, 1
+afdpulheim.de, 1
+afdrek.de, 1
+afdrhein-erft.de, 1
+afearlessventure.com, 1
+aferagetback.eu, 1
+aff1xstavka.com, 1
+aff1xstavka.top, 1
+affaire.com, 1
+affairefacile.net, 1
+affairemateriaux.fr, 1
+affairs.com, 1
+affarsnatverk.nu, 0
+affcreations.com, 1
+affect3d.com, 1
+affect3dstore.com, 1
+affectionate.tk, 1
+affengine.net, 1
+affibody.se, 1
+affidea.ie, 1
+affilatura.it, 1
+affilia.tk, 1
+affiliatebeeers.ga, 1
+affiliatebeest.ga, 1
+affiliatebitz.com, 1
+affiliatedphysicians.com, 1
+affiliatep.com, 1
+affiliateprogram.ga, 1
+affiliateprograms.cf, 1
+affiliateprograms.gq, 1
+affiliates-psychicsource.com, 1
+affiliates.trade, 1
+affine.space, 1
+affinipay.com, 1
+affinity.co, 1
+affinity.com, 1
+affinity.vc, 1
+affinitycu.ca, 1
+affinityplus.org, 1
+affinitysync.com, 1
+affinityweb.co, 1
+affissioni.roma.it, 1
+affittacamere.roma.it, 1
+affittialmare.it, 1
+affittibreviliguria.it, 1
+affittisalento.it, 1
+affle.com, 1
+afflictedquarter.tk, 1
+affordable.icu, 1
+affordableasphaltcompany.com, 1
+affordableautoglass.com, 1
+affordableblindsexpress.com, 1
+affordablecameras.tk, 1
+affordableconnectivity.gov, 1
+affordableelectronics.tk, 1
+affordablehealthquotesforyou.com, 1
+affordablepapers.com, 1
+affordableracingparts.com.au, 1
+affordablevaccinesest.ga, 1
+affordacode.com, 1
+affpa.top, 1
+affpass.com, 1
+affping.com, 1
+affproduct.com, 1
+affsoft.cc, 1
+affumico.it, 1
+affusio.com, 1
+afg-team.tk, 1
+afganistan.cf, 1
+afghan-media.tk, 1
+afghan-sites.tk, 1
+afghan.gq, 1
+afghandonia.tk, 1
+afghanen4life.tk, 1
+afghangreetings.tk, 1
+afghanlink.tk, 1
+afghanraps.tk, 1
+afghansite.tk, 1
+afgn.com.ua, 1
+afgphotographers.com, 1
+afgraphic.tk, 1
+afiador.com.br, 1
+afiawealth.com, 0
+aficards.com, 1
+aficionados.com.br, 1
+afilio.de, 1
+afinadoronline.com.br, 1
+afinaudio.com, 1
+afinterio.com, 1
+afishablogs.tk, 1
+afive.us, 1
+afiyetolsun.jp, 1
+aflam-online.tk, 1
+aflattr.com, 1
+aflebedevo.tk, 1
+afoikrali.gr, 1
+aforadearrastu.tk, 1
+aforism.tk, 1
+afp548.com, 1
+afrag.fr, 1
+afreelancersworld.com, 1
+afres.com, 1
+afreshperspective.com, 1
+africaclassifieds.ga, 1
+africaindemander.tk, 1
+africalebanon.tk, 1
+african-artmosphere.tk, 1
+africanbiblesafari.org, 1
+africanewstest0.ml, 1
+africangazda.tk, 1
+africangreyparrotscare.com, 1
+africanheritage.tk, 1
+africanhosting.ml, 1
+africankingsclothing.com, 1
+africankitchen.gallery, 1
+africanmangoforum.ga, 1
+africanmangoforum.gq, 1
+africansafaris.co.nz, 1
+africantourer.com, 1
+africaone-publishing.com, 1
+africaricecenter.org, 1
+afrijet.ga, 1
+afrilatest.com, 1
+afrimarket.ci, 1
+afrique.buzz, 1
+afriregister.com.ss, 1
+afriregister.et, 1
+afriregister.sn, 1
+afrodigital.uk, 1
+afrodisiac.tk, 1
+afrodita.tk, 1
+afroditafirm.tk, 1
+afroditehotel.tk, 1
+afrogospel.tk, 1
+afroludi.tk, 1
+afroto.com, 1
+afseguros.com, 1
+afslankstudiovelserbroek.nl, 1
+aftamurae.com, 1
+after-whoru.tk, 1
+afterblokrock.tk, 1
+afterburnerjs.com, 1
+afterdarklabs.net, 1
+afterdwi.info, 1
+afterfostercare.tk, 1
+afterhate.fr, 1
+afterhoursglass.com.au, 1
+aftermagic.com, 1
+aftermix.com, 1
+afternoonhereyes.tk, 1
+afteroblivion.tk, 1
+afterpay.com, 1
+afterschool.tk, 1
+afterskool.eu, 1
+afterstack.net, 1
+aftodioikisi.gr, 1
+aftonbladet.se, 1
+aftontickets.com, 1
+afute.fr, 1
+afuturewithoutfear.org, 1
+afuturewithoutfear.us, 1
+afva.net, 1
+afwd.international, 1
+afxsoft.ml, 1
+afzaalace.com, 1
+afzetbak.nl, 1
+ag066.vip, 1
+ag123.la, 1
+ag13842.com, 1
+ag1386.com, 1
+ag158.cc, 0
+ag1603.com, 0
+ag1604.com, 1
+ag1607.com, 1
+ag2.app, 1
+ag3.la, 1
+ag3232g.com, 1
+ag388.vip, 1
+ag399.vip, 1
+ag4.app, 0
+ag518518.net, 1
+ag6.im, 1
+ag6.pub, 1
+ag6.vc, 1
+ag6.vip, 1
+ag600.la, 1
+ag618.la, 1
+ag6215.com, 1
+ag6225.com, 1
+ag66321.com, 1
+ag666.vip, 1
+ag68ks.com, 1
+ag69000.com, 1
+ag72.vip, 1
+ag8-game.com, 1
+ag8.im, 1
+ag8.vip, 1
+ag80808.com, 1
+ag80880.com, 1
+ag812.tv, 1
+ag818.net, 1
+ag819.tv, 1
+ag82011.vip, 1
+ag82018.cc, 1
+ag82018.com, 1
+ag8500.com, 1
+ag8600.com, 1
+ag88.com, 1
+ag880.win, 1
+ag8808.com, 1
+ag88080.com, 1
+ag88110.com, 1
+ag8819-livechat.com, 1
+ag8859.com, 0
+ag8876.com, 1
+ag888818.com, 1
+ag889.com, 1
+ag8890.com, 1
+ag8891.com, 1
+ag88dc22.com, 1
+ag88ks.com, 1
+ag89000.com, 1
+ag898.cc, 1
+ag8vip.com, 1
+ag9.im, 0
+ag9100.com, 1
+ag918.cc, 1
+ag918.co, 1
+ag918.top, 1
+ag96.win, 1
+ag9757.com, 1
+ag98.tv, 0
+ag9800.com, 1
+ag9815.com, 1
+ag9835.com, 1
+ag98ks.com, 1
+ag9999.co, 1
+ag9ks.com, 1
+ag9vip.com, 1
+aga-eiken.tk, 1
+aga.gov.au, 1
+agabucheros.tk, 1
+agad.tk, 1
+agagent.vip, 1
+against.tk, 1
+againstgynexams.tk, 1
+againsttheneighbour.tk, 1
+againsttheodds.es, 1
+agalia.com, 1
+agalloch.tk, 1
+agambition.eu, 1
+agamsecurity.ch, 0
+agapelove.tk, 1
+agar.kr, 1
+agargiulo.com, 1
+agari-mj.com, 1
+agarioforum.ga, 1
+agas.com, 1
+agasport.nl, 0
+agastia.com, 1
+agatajanik.de, 1
+agate.pw, 1
+agateh.com.au, 1
+agaveandpine.com, 1
+agavesurgery.com, 1
+agbremen.de, 0
+agcdn.cc, 1
+agcdn.top, 1
+agceauditores.cl, 1
+agcegroup.cl, 1
+agcpapp.com, 1
+agdalieso.com.ba, 1
+agds.pw, 1
+agdsenice.cz, 1
+age-encryption.org, 1
+agearo.com, 1
+ageasagentessummit.pt, 1
+agechecker.net, 1
+agedcaredentistry.com.au, 1
+agedefying.net, 1
+agedgamer.com, 1
+agefriendlyri.org, 1
+ageg.ca, 1
+agehotel.com, 1
+ageless-world.tk, 1
+agelesscitizen.com, 1
+agelesscitizens.com, 1
+agellonia.com, 1
+agenbandarq.cf, 1
+agenbandarq.ga, 1
+agenbandarq.gq, 1
+agenbandarq.ml, 1
+agenbandarq.tk, 1
+agence-immobiliere-hossegor.com, 1
+agence-initiale.fr, 1
+agence-matrimoniale-paris.com, 1
+agence.tw, 1
+agenceimmoselect.com, 1
+agencelcinvestigations.com, 1
+agences-cegee.fr, 1
+agencesaintpierre.fr, 1
+agencestaff.fr, 1
+agencetourismemali.ml, 1
+agenciacanina.tk, 1
+agenciacoder.com, 1
+agenciacolors.com.br, 1
+agenciacorujadesign.com.br, 1
+agenciacrown.es, 1
+agenciafiscal.pe, 1
+agenciahangar.com.br, 1
+agenciaingenium.cl, 1
+agenciakarazai.com.br, 1
+agenciaonnmarketing.com, 1
+agenciaplanner.com.br, 1
+agenciarse.com, 1
+agenciarubik.com, 1
+agenciatecben.com.br, 1
+agenciazoe.com.br, 1
+agencja-interaktywna.ga, 1
+agencja-interaktywna.tk, 1
+agencxy.ga, 1
+agencybeam.com, 1
+agencyeve.com, 1
+agencygood.tk, 1
+agencyinmotion.com, 1
+agencymanager.be, 1
+agenda-loto.net, 0
+agenda21senden.de, 1
+agendadelvolo.info, 1
+agendamuslim.tk, 1
+agendaspectacles.fr, 1
+agendatelefonica.net, 1
+agendavalencia.es, 1
+agendominoq.tk, 1
+agenslot128.com, 1
+agent-007.tk, 1
+agent-grow.com, 1
+agent.sk, 1
+agent47.tk, 1
+agent4fl.com, 1
+agentabuseest.ga, 1
+agenter.cf, 1
+agenter.tk, 1
+agentesevillanocooper.tk, 1
+agentfirewall.com, 1
+agentpak.com, 1
+agentpatrolest.ga, 1
+agentpoint.website, 1
+agentprovocateur.com, 1
+agentrisk.com, 0
+agentsmith.tk, 1
+agentum.ga, 1
+agentur-pottkinder.de, 1
+agentz.ga, 1
+agenux.org, 1
+agenziaimmobiliarezeta.it, 1
+agenziapubblicitaria.milano.it, 1
+agenziapubblicitaria.roma.it, 1
+agenziefunebri.it, 1
+ageofreason.tk, 1
+agesofarda.net, 1
+agfmedia.com, 1
+agg097.com, 1
+agg88.com, 1
+aggielandtutoring.com, 1
+agglo-sion.ch, 1
+aggn.info, 1
+aggression.tk, 1
+aggressionpvp.com, 1
+aggressivecarwraps.com, 1
+aggtechconcrete.com, 1
+aghayeva-edler.de, 1
+aghtas.com, 1
+agiairini.cz, 1
+agic-geneve.ch, 1
+agiftinside.com, 1
+agilan.nl, 1
+agile.coach, 1
+agileacademy.technology, 1
+agilebits.com, 1
+agilebits.net, 0
+agilecoldstorage.com, 1
+agilecraft.com, 1
+agilee.io, 1
+agilepeopleopsframework.com, 1
+agileui.com, 0
+agilextra.com.au, 1
+agilicus.ca, 1
+agilicus.com, 1
+agility-westvlaanderen.tk, 1
+agilityconsulting.be, 1
+agill.me, 1
+agilob.net, 1
+agiloo.tk, 1
+agilusdiagnostics.com, 1
+aging.gov, 1
+agingstats.gov, 1
+agingstop.net, 1
+aginion.com, 1
+aginion.net, 1
+agioanmark.tk, 1
+agiosthomas.tk, 1
+agirc-arrco.fr, 1
+agirlknows.com, 1
+agitmedia.ru, 1
+agk.co.com, 1
+agks02.com, 1
+agks1.com, 1
+agks116.com, 1
+agks136.com, 1
+agks16.com, 1
+agks188.com, 1
+agks19.com, 1
+agks23.com, 1
+agks27.com, 1
+agks35.com, 1
+agks4.com, 1
+agks45.com, 1
+agks53.com, 1
+agks57.com, 1
+agks59.com, 1
+agks60.com, 1
+agks63.com, 1
+agks67.com, 1
+agks68.com, 1
+agks69.com, 1
+agks7.com, 1
+agks70.com, 1
+agks71.com, 1
+agks72.com, 1
+agks78.com, 1
+agks79.com, 1
+agks8.com, 1
+agks82.com, 1
+agks83.com, 1
+agks86.com, 1
+agks87.com, 1
+agks888.com, 0
+agks9.com, 1
+agks92.com, 1
+agktest1.ga, 1
+aglar.com.ec, 1
+aglar.tk, 1
+agleventis.com, 1
+aglow.nl, 1
+agm4545.com, 1
+agmarvels.com, 1
+agmuscle.com, 1
+agnconnect.com, 1
+agnesk.blog, 1
+agnesmatilda.tk, 1
+agnestakeaway.be, 1
+agneta.tk, 1
+agnosia.tk, 1
+agnosticism.tk, 1
+agnusbostel.tk, 1
+agocs.me, 1
+agora-energiewende.de, 1
+agora-soft.cf, 1
+agora-verkehrswende.de, 1
+agora.co.il, 1
+agora.ru, 1
+agorabet.com.br, 1
+agoracupom.com.br, 1
+agoradanza.tk, 1
+agoradesk.com, 1
+agorapulse.com, 1
+agoratek.fr, 1
+agoravm.tk, 1
+agoravox.it, 1
+agorism.eu.org, 1
+agoshop.de, 1
+agossearch.tk, 1
+agostonegro.tk, 1
+agouraelectrical.com, 1
+agouraelectrician.com, 1
+agouraexteriorlighting.com, 1
+agourahillselectric.com, 1
+agourahillselectrical.com, 1
+agourahillselectrician.com, 1
+agourahillsexteriorlighting.com, 1
+agourahillslandscapelighting.com, 1
+agourahillslighting.com, 1
+agourahillsoutdoorlighting.com, 1
+agouralandscapelighting.com, 1
+agouralighting.com, 1
+agouraoutdoorlighting.com, 1
+agowa338.de, 1
+agpandit.in, 1
+agpideas.com, 1
+agr.asia, 1
+agrabah.com, 1
+agradi.de, 1
+agradi.nl, 1
+agralines.tk, 1
+agrarking.com, 1
+agrarking.de, 1
+agrarkredit.de, 1
+agravery.com, 1
+agraw.tk, 1
+agregator.tk, 1
+agrekov.ru, 1
+agremo.com, 0
+agreor.com, 1
+agressief.com, 1
+agri-meet.com, 1
+agri.ee, 0
+agricult.tk, 1
+agricultural-technology.tk, 1
+agriculture-schools.com, 1
+agriculture.vic.gov.au, 1
+agrifoglio.com, 1
+agrifoodtoday.it, 1
+agrifutures.com.au, 1
+agrigentonotizie.it, 1
+agrikulturchic.com, 1
+agripartner.fr, 1
+agripick.com, 1
+agriportal.online, 1
+agrippa.tk, 1
+agriprofocus.com, 1
+agriresearch.tk, 1
+agrish.tk, 1
+agrisicilia.it, 0
+agritatrade.bg, 1
+agro-dom.solutions, 1
+agro-ferma.tk, 1
+agro-forestry.net, 1
+agro-market24.ru, 1
+agro-portal.info, 1
+agrobank.uz, 1
+agrobase.uz, 1
+agrobaza.com.ua, 1
+agrocare.tk, 1
+agroclan.tk, 1
+agroclimat.tk, 1
+agroconsultoraplus.com, 1
+agrodoki.hu, 1
+agrofind.com.br, 1
+agrogrup79.com, 1
+agroguia.com.co, 1
+agrohim.com, 1
+agroinsider.com, 1
+agrokomi.tk, 1
+agrokredit.ga, 1
+agroland.tk, 1
+agrolife.tk, 1
+agroma.com, 1
+agromotorsburzaco.com, 1
+agron.tk, 1
+agronomi.tk, 1
+agronomict.tk, 1
+agropark.tk, 1
+agroplas.cf, 1
+agropool.tk, 1
+agropotter.com.ua, 1
+agrosanus.pt, 0
+agrospan.ga, 1
+agrosvit.kz, 1
+agroteam.tk, 1
+agrotek.lt, 1
+agrotender.com.ua, 1
+agrotodo.com.co, 1
+agrotraktor.gq, 1
+agrowbio.com, 0
+agroyard.com.ua, 1
+agrus-wow.tk, 1
+agscapeslandscaping.com, 1
+agscinemas.com, 1
+agscinemasapp.com, 1
+agsun6.com, 1
+aguaazul.com.co, 1
+aguajero.com, 1
+aguantepimpinero.tk, 1
+aguarani.com.br, 1
+aguaviva.tk, 1
+aguiascarecas.org, 1
+aguidetolovelossanddesperation.com, 1
+agujetas.tk, 1
+agul.tk, 1
+agullo.tk, 1
+agung-furniture.com, 1
+agurskie-vodopadi.ru, 1
+agusandelsur.gov.ph, 1
+agusik.com.ua, 1
+agustian.tk, 1
+agusticarmona.tk, 1
+agustin.cf, 1
+agustin.ml, 1
+agusto.tk, 1
+aguz.tk, 1
+agviet88.com, 1
+agvins.fr, 1
+agvip1000.com, 1
+agvip168.com, 1
+agvip2001.com, 1
+agvip2008.com, 1
+agvip88.com, 0
+agvip986.com, 1
+agwa.name, 1
+agwin1.com, 0
+agwin7.com, 1
+agwin8.com, 1
+agwin9.com, 1
+agworkers.com, 1
+agzy.tw, 1
+agzy.vip, 1
+ahanet.tk, 1
+ahansen.is, 0
+ahbap.org, 1
+ahccmadison.com, 1
+ahccorleone.tk, 1
+ahcpb.com, 1
+ahcpr.gov, 1
+ahd.com, 0
+ahealthyjourney.ca, 1
+ahegaoroulette.com, 1
+ahelos.tk, 1
+ahezu.com, 1
+ahg-offices.fr, 1
+ahhcomfortshoes.com, 1
+ahidta.gov, 1
+ahiha-design.com, 1
+ahima.org, 1
+ahityayinlari.com, 1
+ahityayinlari.org, 1
+ahj.no, 1
+ahjy.com, 1
+ahl.gov.au, 0
+ahlac.tk, 1
+ahlaejaba.com, 1
+ahli-antenatv.tk, 1
+ahlibank.com.qa, 1
+ahlz.sk, 1
+ahm.com.au, 1
+ahmad.space, 1
+ahmadfathy.ml, 1
+ahmadjakfar.tk, 1
+ahmadmaher.tk, 1
+ahmadonline.tk, 1
+ahmadov.tk, 1
+ahmadrafiq.tk, 1
+ahmadramadan.tk, 1
+ahmed-alasadi.tk, 1
+ahmed-soliman.de, 1
+ahmed.tk, 1
+ahmedcorp.tk, 1
+ahmedelgamalanimations.tk, 1
+ahmedszaidi.com, 1
+ahmerjamilkhan.org, 1
+ahmetazgin.net, 1
+ahmetcadirci.com.tr, 1
+ahmetshina.tk, 1
+ahmt.net, 1
+ahmu.com, 1
+ahmud.net, 1
+ahoefer.de, 1
+ahoeheng.com, 1
+ahoj.email, 1
+ahoj.hu, 1
+ahomeconcept.com, 1
+ahorasalud.com, 1
+ahornblatt.org, 1
+ahosamuel.com, 1
+ahosenjoni.fi, 1
+ahosi.com, 1
+ahqf.com, 1
+ahroproject.org, 1
+ahrora.com, 1
+ahrq.gov, 1
+ahs.com, 1
+ahscarolinas.com, 1
+ahsinsaleem.tk, 1
+ahstrem.com, 1
+ahswarranty.com, 1
+ahsyg.com, 1
+ahtuxpk.ru, 1
+ahughes03.com, 1
+ahwah.net, 1
+ahwahnee.today, 1
+ai-english.jp, 1
+ai-genit.com, 1
+ai-powered-learning.com, 1
+ai-practitioners.com, 1
+ai-soft.co.jp, 1
+ai.gov, 1
+ai.gov.ae, 1
+ai.market, 1
+ai.moda, 1
+ai.mr, 0
+ai00.vip, 1
+ai1989.com, 1
+ai2-jp.com, 1
+ai5.me, 1
+aia-alkmaar.nl, 1
+aiaccinu.eu.org, 1
+aiaidaxue.com, 1
+aiaidou.com, 1
+aiainiu.com, 1
+aianetwork.net, 1
+aianipid.ee, 1
+aiasesoriainmobiliaria.com, 1
+aiat.net, 1
+aiatsis.gov.au, 1
+aibaoyou.com, 1
+aibes-staging.com, 1
+aibes.org, 1
+aibili.pt, 1
+aibiying.com, 1
+aibolit-apteka.tk, 1
+aibolit.ga, 1
+aibolit.md, 1
+aibolit.ml, 1
+aibolitik.tk, 1
+aibot.tk, 1
+aibsoftware.mx, 1
+aicampo.com, 1
+aiccc.com.au, 1
+aiccon.id, 1
+aiccorp.com, 1
+aicfb.in, 1
+aichat.io, 1
+aichat.site, 1
+aichi-tokko-shien.com, 1
+aichou.com, 1
+aicial.co.uk, 1
+aickelin.eu, 1
+aicr.org, 1
+aicv.io, 1
+aida.org.au, 1
+aidablanco.tk, 1
+aidaccess.org, 1
+aidanamavi.com, 1
+aidanapple.com, 1
+aidanmitchell.uk, 0
+aidanmontare.net, 1
+aidanpr.com, 1
+aidanpr.net, 1
+aidarikako.com, 1
+aidco.net, 1
+aide-hebergement.ca, 1
+aide-valais.ch, 1
+aide.com, 1
+aideenmonaghan.com, 1
+aidenlx.top, 1
+aidenoliver.au, 1
+aidhan.net, 1
+aidi-ahmi.com, 1
+aidliveers.ga, 1
+aido.gq, 1
+aidoc.com, 1
+aidoru.net, 1
+aids-dissidents.tk, 1
+aids.gov, 1
+aie.de, 1
+aiecosystem.com.au, 1
+aiesecarad.ro, 1
+aievaluare.ro, 1
+aifartsakh.com, 1
+aifob.tk, 1
+aifriccampbell.com, 1
+aifx.ml, 0
+aigcev.org, 1
+aigenpul.se, 1
+aigner-club.com, 1
+aigner-club.de, 1
+aignerimage.de, 1
+aignermunich.com, 1
+aignermunich.de, 1
+aignermunich.jp, 1
+aigu.io, 1
+aigua.it, 1
+aiguemarine-spa.fr, 1
+aiguilhe-querre.com, 1
+aiha.com, 1
+aihaamua.tk, 1
+aiho.stream, 1
+aihschgo.org, 1
+aiinsurance.xyz, 1
+aikareborn.com, 1
+aiken.golf, 1
+aikenpromotions.com, 1
+aiki.de, 1
+aiki.do, 1
+aiki.tk, 0
+aikido-club-limburg.de, 1
+aikido-kiel.de, 1
+aikido-linz.at, 1
+aikido-wels.at, 1
+aikidoaalst.tk, 1
+aikidoboskovice.cz, 1
+aikidoinfo.tk, 1
+aikidosaltadojo.tk, 1
+aikijutsu.tk, 1
+aikiva.com, 1
+aikoly.com, 1
+aila.org, 1
+aileenwatt.co.uk, 1
+ailife.blog, 1
+ailitonia.com, 1
+ailitonia.xyz, 1
+ailladearousa.com, 1
+aim.org.pt, 1
+aimara.com, 1
+aimare-web.tk, 1
+aimarketingdesk.com, 1
+aimax.com, 1
+aimaye.com, 1
+aimbot.games, 1
+aimdigital.tk, 1
+aimeeandalec.com, 1
+aimeisi.com, 1
+aimgroup.co.tz, 1
+aiminet.com, 1
+aimless.tk, 1
+aimlessempire.tk, 1
+aimmuneinstitute.org, 1
+aimoda.bid, 1
+aimoda.click, 1
+aimoda.cloud, 1
+aimoda.download, 1
+aimoda.info, 1
+aimoda.io, 1
+aimoda.life, 1
+aimoda.live, 1
+aimoda.loan, 1
+aimoda.lol, 1
+aimoda.ltd, 1
+aimoda.online, 1
+aimoda.shop, 1
+aimoda.solutions, 1
+aimoda.space, 1
+aimoda.store, 1
+aimoda.stream, 1
+aimoda.trade, 1
+aimoda.website, 1
+aimoda.wtf, 1
+aimoda.xyz, 1
+aimotive.com, 1
+aimrom.org, 1
+aina.moi, 1
+ainaishi.com, 1
+ainameals.com, 1
+ainamoroms.com, 1
+aine.com.br, 1
+ainfographie.com, 1
+aini99.club, 0
+ainong.com, 1
+ainrm.cn, 1
+ainsa.tk, 1
+ainutrition.co.uk, 1
+ainvest.de, 1
+ainzu.net, 1
+aioboot.com, 1
+aiois.com, 1
+aioj.ac, 1
+aiom.tk, 1
+aion.fi, 1
+aiosetups.com, 1
+aiot.pw, 1
+aipbarcelona.com, 1
+aipcardio.ai, 1
+aipcardio.com, 1
+aipcardio.hu, 1
+aipderm.com.mx, 1
+aipderm.eu, 1
+aipderm.mx, 1
+aipderm.ro, 1
+aipdev.kz, 1
+aipee.org, 1
+aiphyron.com, 1
+aipi.at, 1
+aipi.ch, 1
+aipi.de, 1
+aipi.tel, 1
+aipi.uk, 1
+aipor.pt, 0
+aipregnancy.com, 1
+aipregnant.com, 1
+aiqinggu.com, 1
+aiqingli.com, 1
+air-business.tk, 1
+air-clan.tk, 1
+air-flot.tk, 1
+air-planning.co.jp, 1
+air-rishon.tk, 1
+air-soft.ga, 1
+air-swift.com, 1
+air-techniques.fr, 1
+air-ticket.ga, 1
+airalarm.com, 1
+airaplus.ca, 1
+airbender.tk, 1
+airbnb.ae, 1
+airbnb.at, 1
+airbnb.be, 1
+airbnb.biz, 1
+airbnb.ca, 1
+airbnb.cat, 1
+airbnb.ch, 1
+airbnb.cl, 1
+airbnb.cn, 1
+airbnb.co.cr, 1
+airbnb.co.id, 1
+airbnb.co.il, 1
+airbnb.co.in, 1
+airbnb.co.kr, 1
+airbnb.co.nz, 1
+airbnb.co.uk, 1
+airbnb.co.ve, 1
+airbnb.com, 1
+airbnb.com.ar, 1
+airbnb.com.au, 1
+airbnb.com.bo, 1
+airbnb.com.br, 1
+airbnb.com.bz, 1
+airbnb.com.cn, 1
+airbnb.com.co, 1
+airbnb.com.ec, 1
+airbnb.com.gt, 1
+airbnb.com.hk, 1
+airbnb.com.hn, 1
+airbnb.com.hr, 1
+airbnb.com.kh, 1
+airbnb.com.mt, 1
+airbnb.com.my, 1
+airbnb.com.ni, 1
+airbnb.com.pa, 1
+airbnb.com.pe, 1
+airbnb.com.ph, 1
+airbnb.com.py, 1
+airbnb.com.sg, 1
+airbnb.com.sv, 1
+airbnb.com.tr, 1
+airbnb.com.tw, 1
+airbnb.com.ua, 1
+airbnb.com.vn, 1
+airbnb.cz, 1
+airbnb.de, 1
+airbnb.dk, 1
+airbnb.es, 1
+airbnb.fi, 1
+airbnb.fr, 1
+airbnb.gr, 1
+airbnb.gy, 1
+airbnb.hu, 1
+airbnb.ie, 1
+airbnb.is, 1
+airbnb.it, 1
+airbnb.jp, 1
+airbnb.la, 1
+airbnb.lu, 1
+airbnb.mx, 1
+airbnb.nl, 1
+airbnb.no, 1
+airbnb.org, 1
+airbnb.pl, 1
+airbnb.pt, 1
+airbnb.ru, 1
+airbnb.se, 1
+airbnb.tools, 1
+airbnbchina.cn, 1
+airborne-clan.tk, 1
+airborne-commando.tk, 1
+airborne-inflatables.co.uk, 1
+airborneexperience.com, 1
+airbossofamerica.com, 1
+airburners.com, 1
+airburners.com.au, 1
+airburners.net, 1
+airbusters.com, 1
+aircareair.tk, 1
+aircash.eu, 1
+aircharteradvisors.com, 1
+airchartervirginislands.com, 1
+aircheapfare.com, 1
+aircheapfares.com, 1
+aircomet.tk, 1
+aircompressormachine.com, 1
+airconditioning.tk, 1
+airconditioningcondensers.tk, 1
+airconditioningservicejohannesburg.co.za, 1
+airconsboksburg.co.za, 1
+airconservicingcapetown.co.za, 1
+airconsfourways.co.za, 1
+aircraft-database.com, 1
+aircraftnoisemodel.org, 1
+aircraftspruce.ca, 1
+aircraftspruce.com, 1
+aircs.racing, 1
+airday.tk, 1
+airdeer.com, 1
+airdropics.com, 1
+airdropkings.com, 1
+airductcleaninggrandprairie.com, 1
+airdur.eu, 1
+aireaseleaks.org, 1
+airedaleterrier.com.br, 1
+airensmuseum.com, 1
+aires-autoroute-areas.com, 1
+airesourcezone.com, 1
+airethilien.tk, 1
+airetvie.com, 0
+aireuropeflights.com, 1
+airez.tk, 1
+airfan.cf, 1
+airfareandcheap.com, 1
+airfarecheapdeal.com, 1
+airfarecheapeurope.com, 1
+airfarecompareprices.com, 1
+airfaredealstoindia.com, 1
+airfarefrom.com, 1
+airfarehonolulu.com, 1
+airfarehoteldeals.com, 1
+airfareinindia.com, 1
+airfaremexicocity.com, 1
+airfareorlando.com, 1
+airfaresdomestic.com, 1
+airfareseconomy.com, 1
+airfaresfrom.com, 1
+airfareshotels.com, 1
+airfarestoamerica.com, 1
+airfarestogermany.com, 1
+airfareticketsdeals.com, 1
+airfaretousa.com, 1
+airfaretracking.com, 1
+airfield.gq, 1
+airflightsdeals.com, 1
+airforce.com, 1
+airformosa.com, 1
+airfoto.tk, 1
+airfox.cf, 1
+airfox.gq, 1
+airgreen.com, 1
+airgun.tk, 1
+airgundepot.com, 1
+airhart.me, 1
+airhelp.com, 1
+airhorn.de, 1
+airi-tabei.com, 1
+airi.ga, 1
+airicy.com, 1
+airikai.com, 1
+airism.com, 1
+airit.de, 1
+airjet.cf, 1
+airjordan11.cc, 1
+airjordan1phatwhite.info, 1
+airjordan2017.site, 1
+airjordanpascher.tk, 1
+airjordansshoes.us, 1
+airjordanwholesale.us, 1
+airkiss.ga, 1
+airknowledge.gov, 1
+airlapse.net, 0
+airline-rabota.tk, 1
+airlineairlines.com, 1
+airlineairplane.com, 1
+airlineairports.com, 1
+airlineairways.com, 1
+airlineandhotels.com, 1
+airlineandtickets.com, 1
+airlinebe.com, 1
+airlineblue.com, 1
+airlinebookingtickets.com, 1
+airlinebuyticket.com, 1
+airlineby.com, 1
+airlinec.com, 1
+airlinecheapflightinternationalticket.com, 1
+airlinecheapflightticket.com, 1
+airlinecheapprices.com, 1
+airlinecheaptravel.com, 1
+airlinechicago.com, 1
+airlinedallas.com, 1
+airlinedenmark.com, 1
+airlinedomestic.com, 1
+airlineeconomy.com, 1
+airlinefarecheap.com, 1
+airlinefarediscount.com, 1
+airlinefarelow.com, 1
+airlinefareprices.com, 1
+airlinefarescompare.com, 1
+airlinefaresdiscount.com, 1
+airlinefee.com, 1
+airlinefirstclass.com, 1
+airlineflight.biz, 1
+airlineflightcheap.com, 1
+airlineflights.biz, 1
+airlineflightsdeals.com, 1
+airlineflightsdiscount.com, 1
+airlineflightsfares.com, 1
+airlineflightsinternational.com, 1
+airlineflightsprices.com, 1
+airlineflightsreservations.com, 1
+airlineflyingclub.tk, 1
+airlineforsale.com, 1
+airlinefr.com, 1
+airlinegermany.com, 1
+airlinehawaii.com, 1
+airlinekorea.com, 1
+airlinelondon.com, 1
+airlinenationwide.com, 1
+airlinenews.tk, 1
+airlinenewzealand.com, 1
+airlineoil.com, 1
+airlinep.com, 1
+airlineplanetickets.com, 1
+airlinesair.com, 1
+airlinesamsterdam.com, 1
+airlinesandhotel.com, 1
+airlinesandtickets.com, 1
+airlinesandtravel.com, 1
+airlinesargentina.com, 1
+airlinesau.com, 1
+airlinesaustralia.com, 1
+airlinesboston.com, 1
+airlinesbritish.com, 1
+airlinesbrussels.com, 1
+airlinesby.com, 1
+airlinesca.com, 1
+airlinescheapfare.com, 1
+airlinescheapflights.com, 1
+airlinescheapticket.com, 1
+airlineschicago.com, 1
+airlinescincinnati.com, 1
+airlinesdallas.com, 1
+airlinesdc.com, 1
+airlinesdetroit.com, 1
+airlinesdomestic.com, 1
+airlineseast.com, 1
+airlineseconomy.com, 1
+airlinesettlement.com, 1
+airlinesfirstclass.com, 1
+airlinesfleet.com, 1
+airlinesfrom.com, 1
+airlineshouston.com, 1
+airlinesincanada.com, 1
+airlinesingapore.com, 1
+airlinesinlasvegas.com, 1
+airlinesinsingapore.com, 1
+airlinesit.com, 1
+airlinesjordan.com, 1
+airlineslasvegas.com, 1
+airlineslosangeles.com, 1
+airlineslowfare.com, 1
+airlinesmiddleeast.com, 1
+airlinesname.com, 1
+airlinesnashville.com, 1
+airlinesnewyork.com, 1
+airlinesnorthamerica.com, 1
+airlinesnyc.com, 1
+airlinesofdubai.com, 1
+airlinesofmexico.com, 1
+airlinespackages.com, 1
+airlinesparis.com, 1
+airlinesphonenumber.com, 1
+airlinessa.com, 1
+airlinessanfrancisco.com, 1
+airlinesseating.com, 1
+airlinessingapore.com, 1
+airlinestexas.com, 1
+airlinesticketbooking.com, 1
+airlinesto.com, 1
+airlinestoalaska.com, 1
+airlinestoamerica.com, 1
+airlinestoatlanta.com, 1
+airlinestocanada.com, 1
+airlinestochicago.com, 1
+airlinestocostarica.com, 1
+airlinestoeurope.com, 1
+airlinestoflorida.com, 1
+airlinestofrance.com, 1
+airlinestogermany.com, 1
+airlinestoitaly.com, 1
+airlinestojapan.com, 1
+airlinestolasvegas.com, 1
+airlinestolosangeles.com, 1
+airlinestomiami.com, 1
+airlinestoorlando.com, 1
+airlinestophoenix.com, 1
+airlinestosingapore.com, 1
+airlinestoturkey.com, 1
+airlinestousa.com, 1
+airlinestovegas.com, 1
+airlinesturkey.com, 1
+airlinesunitedstates.com, 1
+airlinesvegas.com, 1
+airlinesvietnam.com, 1
+airlineti.com, 1
+airlinetic.com, 1
+airlineticketscheapflights.com, 1
+airlineticketsfrom.com, 1
+airlineticketspurchase.com, 1
+airlineticketswith.com, 1
+airlineto.com, 1
+airlinetocanada.com, 1
+airlinetohawaii.com, 1
+airlinetolasvegas.com, 1
+airlinetolondon.com, 1
+airlinetomiami.com, 1
+airlinetovegas.com, 1
+airlinetravelinternational.com, 1
+airlinetravelnetwork.com, 1
+airlinetx.com, 1
+airlinevegas.com, 1
+airlinewholesale.com, 1
+airm.aero, 1
+airmag.tk, 1
+airmail.cc, 0
+airman.cf, 1
+airmap.com, 1
+airmap.io, 1
+airmash.online, 1
+airmaxinflatables.com, 1
+airnet.tk, 1
+airnode.ga, 1
+airnow.gov, 1
+airparana.com.br, 1
+airpark-roissy.fr, 1
+airpbx.com, 1
+airplaneairline.com, 1
+airplanepictures.tk, 1
+airplanestatsers.ga, 1
+airplanestatsest.ga, 1
+airplanet.tk, 1
+airplanetic.com, 1
+airplanetick.com, 1
+airplaneticketcheap.com, 1
+airplay-inflatable-hire.co.uk, 1
+airplayradio.nl, 1
+airpoint-compressors.nl, 1
+airport-acap.eu, 1
+airport-car-rental.tk, 1
+airport-charlotte.com, 1
+airportairline.com, 1
+airportal.cn, 1
+airportbarking.eu, 1
+airportcdgparis.com, 1
+airportcoc.cf, 1
+airportcoc.ga, 1
+airportcoc.ml, 1
+airportcyprus.com, 1
+airportdc.com, 1
+airportfrankfurtgermany.com, 1
+airportgatwick.com, 1
+airportgrandhotel.com, 1
+airportguam.com, 1
+airportholiday.com, 1
+airporthotelsgatwick.com, 1
+airportinrome.com, 1
+airportknoxville.com, 1
+airportlas.com, 1
+airportnz.com, 1
+airportofdubai.com, 1
+airportparkingschiphol.nl, 1
+airportperth.com, 1
+airportsbarcelona.com, 1
+airportsdc.com, 1
+airportsflights.com, 1
+airportsflorida.com, 1
+airportsfo.com, 1
+airportstickets.com, 1
+airportstockholm.com, 1
+airportstuttgart.com, 1
+airportturkey.com, 1
+airportzo.net.in, 1
+airportzostage.in, 1
+airpurifierproductsonline.com, 1
+airquestion.org, 1
+airrestoration.ch, 1
+airscope.ae, 1
+airscorp.com, 1
+airsculpture.us, 1
+airsculptureballoonart.com, 1
+airsculptureballoonart.net, 1
+airsculptureballoonart.org, 1
+airsculptureballoons.com, 1
+airseatac.net, 1
+airship.com, 1
+airship.eu, 1
+airsial.com, 1
+airslate.com, 1
+airsoft.fr, 1
+airsofthub.fr, 1
+airsoftpark.cz, 1
+airsoftpinoso.tk, 1
+airstop.cz, 1
+airstrike.tk, 1
+airswap.io, 1
+airtable.com, 1
+airtame.cloud, 1
+airtec-france.fr, 1
+airtel.co.tz, 1
+airtel.com.ng, 1
+airterms.cf, 1
+airticketstravel.com, 1
+airtimerewards.co.uk, 0
+airtrain.gq, 1
+airtrolinc.com, 1
+airupdate.com, 1
+airventilation.ca, 1
+airventuri.com, 1
+airvida.sg, 1
+airvpn.org, 1
+airwayz.co, 1
+airweb.top, 0
+airwolf.tk, 1
+airwolfthemes.com, 1
+airwudhu.id, 1
+airzone.tk, 1
+airzox.com, 1
+aiscale.fr, 1
+aischepervers-porn.com, 1
+aisedomains.ga, 1
+aisera.com, 1
+aish.ml, 1
+aishatibetanterriers.ca, 1
+aisi316l.net, 1
+aisp.sg, 1
+aispirit.tk, 1
+aisrvs.net, 1
+aisselkolm.com, 1
+aistdent.ru, 1
+aisthesthai.tk, 1
+aistockcharts.com, 1
+aistrope.com, 1
+aistsist.ga, 1
+aistsist.tk, 1
+ait.com.ar, 1
+aita.global, 1
+aitanaedu.org, 1
+aitidings.com, 1
+aitindo.com, 1
+aitkincountymn.gov, 1
+aitokyolab.com, 1
+aitosoftware.com, 1
+aitrading.uk, 1
+aitrust.ro, 1
+aitsl.edu.au, 1
+aiui10.cn, 1
+aiutodomestico.ch, 0
+aiva.ai, 1
+aivan.ai, 1
+aivd.lol, 1
+aiwadubai.com, 1
+aiwo.ai, 1
+aiwosq.cn, 1
+aiwriter.tools, 1
+aixamfinancialservices.nl, 1
+aixlab.de, 1
+aixm.aero, 1
+aixploringprovence.com, 1
+aixue.net, 1
+aizhuan.com, 1
+aizxxs.com, 1
+aizxxs.net, 1
+aj-laixada.tk, 1
+ajansmanisa.com, 1
+ajansseo.com, 1
+ajarope.com, 1
+ajatelier.com, 1
+ajax-fanatics.tk, 1
+ajax-magazine.tk, 1
+ajaxboys.tk, 1
+ajaxed.net, 1
+ajaxfansforever.tk, 1
+ajaxfansite.tk, 1
+ajaxfansonly.tk, 1
+ajaxforever.tk, 1
+ajaxified.com, 1
+ajaxmasterdam.tk, 1
+ajaxmfs.com, 1
+ajaxnetwerk.tk, 1
+ajaxnow.tk, 1
+ajaxplaza.tk, 1
+ajaxposter.tk, 1
+ajaxsites.tk, 1
+ajaxtime.tk, 1
+ajaxtraining.tk, 1
+ajaxworld.tk, 1
+ajces.com, 1
+ajdiaz.me, 1
+ajedrezbolivia.tk, 1
+ajetaci.cz, 1
+ajeventhire.co.uk, 1
+ajfite.com, 0
+ajforum.tk, 1
+ajhstamps.co.uk, 1
+ajiboye.com, 1
+ajiloot.com, 1
+ajinabraham.com, 1
+ajitp.com, 1
+ajl.io, 1
+ajman-realty.ga, 1
+ajmanded.com, 1
+ajmanepay.ae, 1
+ajmanpay.gov.ae, 1
+ajmansewerage.ae, 1
+ajmara.pl, 1
+ajnah.net, 1
+ajnasz.hu, 1
+ajoke.eu, 1
+ajoliveira.com, 1
+ajoliveira.net, 1
+ajoliveira.org, 1
+ajoneuvokeskitys.fi, 1
+ajop.loan, 1
+ajramos.tk, 1
+ajsb85.com, 1
+ajscred.online, 1
+ajto.pro, 1
+ajvandeven.com, 1
+ajvco.com.hk, 1
+ajvco.net, 1
+ajvocab.com, 1
+ajwebsolutions.com, 1
+ak-design.tk, 1
+ak-online.tk, 1
+ak-varazdin.hr, 1
+ak-wohnen.de, 1
+ak.sb, 1
+ak2000.tk, 1
+ak47-miyamoto.spdns.org, 1
+ak68.tk, 1
+ak85.tk, 1
+ak96.tk, 1
+aka.ms, 1
+aka.pw, 1
+akabandokonlamierda.tk, 1
+akachanikuji.com, 1
+akachanwebsite.tk, 1
+akaconvention.org, 1
+akad.com.br, 1
+akademiaantykorupcyjna.pl, 1
+akademiawawer.pl, 1
+akademiawellbeing.pl, 1
+akademie-frankfurt.de, 1
+akadseguros.com.br, 0
+akagiauto.net, 1
+akaike.co.jp, 1
+akalashnikov.ru, 1
+akamaiseo.com, 1
+akamon.ac.jp, 1
+akamu.de, 1
+akaratasker.com, 1
+akari.net, 1
+akarisoftware.com, 1
+akaritakai.net, 1
+akaritaste.ch, 1
+akasa.red, 1
+akasha.world, 1
+akashdsouza.now.sh, 1
+akashi-kiharu.com, 1
+akashiya-b.com, 1
+akashstephen.com, 1
+akasi.cf, 1
+akasmedikal.com, 1
+akasmedikal.net, 1
+akaxaka.tk, 1
+akayu.com, 1
+akaziya.cf, 1
+akbam.co.uk, 1
+akbarsempoi.tk, 1
+akbas.tk, 1
+akblasch.com.au, 1
+akbtv.ru, 1
+akcenty.com.ua, 1
+akconciergerie.fr, 1
+akcs.one, 1
+akdenizim.tk, 1
+akdigitalegesellschaft.de, 0
+akdusekbudil.cz, 1
+akeenext.com, 1
+akeldam.tk, 1
+akelius.com, 1
+akemineko.tk, 1
+akemisp.com.br, 1
+akerberri.tk, 1
+akerboom.family, 1
+akerboom.me, 1
+akerboom.org, 1
+akeroh.com, 1
+akeroh.nl, 1
+akesinti.tk, 1
+aketzasantacoloma.tk, 1
+akfoundationindia.com, 1
+akhabar.tk, 1
+akhbaralam.cf, 1
+akhbareldesh.tk, 1
+akhbarmisr.tk, 1
+akhealthconnection.com, 0
+akhepcat.com, 1
+akhilindurti.com, 0
+akhomesforyou.com, 1
+akiadalia.com, 1
+akiakira-nsn.gov, 1
+akiba-server.info, 1
+akiba-souken.com, 1
+akiekintveld.com, 1
+akihi.ink, 1
+akihi.me, 1
+akihito.com, 1
+akijo.de, 1
+akikat.tk, 1
+akilli-devre.com, 1
+akillitelefon.com, 1
+akimeder.tk, 1
+akimitsu.co.jp, 1
+aking.com.my, 1
+akinix.com, 1
+akinokae.de, 1
+akiranet.tk, 1
+akisazame.tk, 1
+akita-boutique.com, 1
+akita-stream.com, 1
+akita.cloud, 1
+akitacyber.com, 1
+akitra.net, 1
+akiv.net, 1
+akiym.com, 1
+akj.io, 1
+akkerwinde.tk, 1
+akko.wtf, 1
+akkordy-skachat.ga, 1
+akkoremaji.club, 1
+akkorturizm.com, 1
+akl.city, 1
+aklagare.se, 1
+akmatrix.org, 1
+akmens.id, 1
+ako-world.com, 1
+akoben.cloud, 1
+akoch.net, 1
+akoestischafbouwen.nl, 1
+akonlineworks.tk, 1
+akoofs.com, 0
+akordeoiak.tk, 1
+akostecki.de, 1
+akouryy.net, 1
+akoya.fi, 1
+akp.photos, 1
+akplates.org, 1
+akpp1.com.ua, 1
+akr.io, 1
+akr.services, 1
+akracing.se, 1
+akramvet.tk, 1
+akrasa.com.au, 1
+akrasa.pro, 1
+akrasa.xyz, 1
+akrep.com, 1
+akrilikhavuz.com, 1
+akritikos.info, 1
+akrobat.cf, 1
+akrochem.com, 1
+akronhousing.gov, 1
+akronohiorescue.gov, 1
+akropolis-ravensburg.de, 1
+akrzon.com, 1
+aksehir.bel.tr, 1
+akselinurmio.fi, 1
+aksenov.tk, 1
+aksenovalexey.tk, 1
+aksesuarai.com, 1
+akshavitrends.com, 1
+akshay.in.eu.org, 1
+akshit.me, 1
+aksnapshots.com, 1
+aksnwn.com, 1
+aksot.com, 1
+aktaspompa.com, 1
+aktelectric.com.co, 1
+aktia.fi, 0
+aktin.cz, 1
+aktin.sk, 1
+aktion-vielfalt.ch, 1
+aktiv-naturheilmittel.at, 1
+aktiv-naturheilmittel.ch, 1
+aktiv-naturheilmittel.de, 1
+aktiv.pl, 1
+aktivace.eu, 1
+aktive-arbeitslose.at, 1
+aktivierungscenter.de, 1
+aktivitetatil.com, 1
+aktivpark-lumdatal.de, 1
+aktransmission.com, 1
+aktuel-urunler.com, 1
+aktuelfirsat.com, 1
+aktuelleprospekte.at, 1
+aktueller.com, 1
+aktuellsakerhet.se, 1
+akuislam.com, 1
+akuku-parkitka.pl, 1
+akumarjain.com, 1
+akumat.com.pl, 1
+akumat.eu, 1
+akumat.pl, 1
+akuntansilengkap.com, 1
+akupunktur-akupunktoer.dk, 1
+akupunktura.tk, 1
+akura.cf, 1
+akura.tk, 1
+akuston.eu, 1
+akustyka.tk, 1
+akutun.cl, 1
+akuvo.ai, 1
+akvakm.eu, 1
+akvaristika.cf, 1
+akvilon.tk, 1
+akvorrat.at, 1
+akyildiz.net, 1
+al-abdal.tk, 1
+al-bahrain.tk, 1
+al-capone.ga, 1
+al-capone.tk, 1
+al-craft.info, 1
+al-hekka.com.ua, 1
+al-monitor.com, 1
+al-salam.tk, 1
+al-wood.it, 1
+al-yawm.ga, 1
+al2schaos.tk, 1
+al3abmizo.com, 1
+al3ilm.com, 1
+al3ilm.net, 1
+al3xpro.com, 1
+alaattinkaraca.tk, 1
+alab.space, 1
+alabalaporto.tk, 1
+alabamaable.gov, 1
+alabamaag.gov, 1
+alabamabuys.gov, 1
+alabamacoastalradiology.com, 1
+alabamadebtrelief.org, 1
+alabamafurs.com, 1
+alabamanet.tk, 1
+alabamaonlinedivorce.com, 1
+alabamasoilandwater.gov, 1
+alabn.com, 1
+alaboard.com, 1
+alabordage.fr, 1
+alabuena.com, 1
+alacatim.cf, 1
+alachuacounty.gov, 1
+alachuacountyfl.gov, 1
+alachuacountyfla.gov, 1
+alachuacountyflorida.gov, 1
+alacriti.com, 1
+alacritylaw.com, 1
+aladdin.ie, 1
+aladdinschools.appspot.com, 1
+aladintechnologies.tk, 1
+alain-webcreator.cf, 1
+alainfrancois.eu, 1
+alainfrancois.nl, 0
+alainmargot.ch, 0
+alainodea.com, 1
+alainwolf.ch, 1
+alainwolf.net, 1
+alais.com.do, 1
+alajv.com, 1
+alalivre.cf, 1
+alamad.cf, 1
+alamalsahara.co, 1
+alamanceconstruction.com, 1
+alamancecountync.gov, 1
+alamanceinsulationllc.com, 1
+alamancetv.com, 1
+alamani.tk, 1
+alambazarmath.tk, 1
+alambique.tk, 1
+alamitosbaytraders.com, 1
+alamo-analytics.com, 1
+alamotownshipmi.gov, 1
+alamowellnessalliance.com, 1
+alan-lam.co.uk, 0
+alan-turnbull.co.uk, 1
+alana.com.ua, 1
+alanberger.me.uk, 1
+alanbleiweiss.com, 1
+alanburr.us.eu.org, 1
+alancabrera.com, 1
+alancat.ml, 1
+alancolephotography.com, 1
+aland.co.uk, 1
+alanet.org, 0
+alanhua.ng, 1
+alanhuang.name, 1
+alanina.com, 1
+alaninkenya.org, 1
+alaniz-law.com, 1
+alankardresswalla.tk, 1
+alankatona.com, 1
+alankritstories.com, 1
+alanokling.nl, 1
+alanonsantabarbara.info, 1
+alanpearce.eu, 1
+alanpearce.uk, 1
+alanrogers.com, 1
+alansilson.tk, 1
+alantica.ga, 1
+alanyaescmagazin.tk, 1
+alanyatur.tk, 1
+alaoui.eu.org, 1
+alapa-tatsuno.com, 1
+alapetite.fr, 1
+alarbnet.tk, 1
+alargarlavida.com, 1
+alarko-carrier.com.tr, 1
+alarmat.pl, 1
+alarme-bateau-yacht.com, 1
+alarmmessageest.ga, 1
+alarmnewengland.com, 1
+alarna.de, 1
+alas-negras.tk, 1
+alasdelalma.com.co, 1
+alasdupur.tk, 1
+alaska.com.tr, 1
+alaskabuylocal.org, 1
+alaskacapitol.gov, 1
+alaskacruises.com, 1
+alaskadentalcare.com, 1
+alaskafishinglodges.net, 1
+alaskafolkarts.tk, 1
+alaskajewelry.com, 1
+alaskanmalamute.tk, 1
+alasta.info, 1
+alastairs-place.net, 1
+alatest.com, 1
+alatienne.fr, 1
+alatkesehatan.tk, 1
+alaturkaonline.com, 0
+alaunus.com, 1
+alavieestbelle.be, 1
+alazaherah.net, 1
+alb-flirt.de, 1
+alb-media.tk, 1
+albaadani.com, 1
+albadon.tk, 1
+albaform.com, 1
+albagold.tk, 1
+albagora.nl, 1
+albakham.eu.org, 1
+albakos.tk, 1
+albaladejodelcuende.tk, 1
+albalatedelarzobispo.tk, 1
+albalew.is, 1
+albalinks.tk, 1
+albamiss.com, 1
+albamusic.tk, 1
+albaneselorenzo.com, 0
+albaniachat.tk, 1
+albaniaonline.tk, 1
+albanien.tk, 1
+albanildedios.tk, 1
+albanskpaskhare.tk, 1
+albanyca.gov, 1
+albanycountywy.gov, 1
+albanylaser.ca, 1
+albanyoregon.gov, 1
+albarius.ga, 1
+albaronventures.com, 1
+albarugby.tk, 1
+albatrosboat.it, 1
+albayan.ae, 1
+albemarlehistory.org, 1
+albendazole.ga, 1
+albendazole.ml, 1
+albergolafiorita.com, 1
+alberguecovadonga.es, 1
+albert-yu.com, 1
+albertathome.org, 1
+albertcuyp-markt.amsterdam, 1
+alberteinsteinbiography.tk, 1
+albertforfuture.de, 0
+albertgibb.tk, 1
+albertify.xyz, 1
+albertofarina.tk, 1
+albertolopezaroca.tk, 1
+albertosobrino.tk, 1
+albertovr.com, 1
+albertovr.net, 1
+albertpedersen.com, 1
+alberts-blatt.de, 0
+albertspahiu.tk, 1
+alberttwpmi.gov, 1
+albertvillemn.gov, 1
+albeso.ml, 1
+albhof-wasserfall.de, 1
+albi-tourisme.fr, 1
+albilaga.id, 1
+albinonderdelen.nl, 1
+albinvega.tk, 1
+albion2.org, 1
+albionfaeries.org.uk, 1
+albleuchten.de, 1
+albme.gov, 1
+albourne.com, 1
+albrocar.com, 1
+albstaedter-kids-cup.de, 1
+albufeira-car-hire.com, 1
+albuic.tk, 1
+albumsepeti.com.tr, 1
+alburquerquerock.tk, 1
+albuterol.ga, 1
+albuterolonline.ga, 1
+albuterolwithoutprescription.gq, 1
+albylane.com.au, 1
+alca31.com, 0
+alcalainos.tk, 1
+alcanaan.com, 1
+alcanaplata.com, 1
+alcantara.cf, 1
+alcapalis.tk, 1
+alcapone.gq, 1
+alcar.tk, 1
+alcaralifusi.tk, 1
+alcatelonetouch.us, 1
+alcatraz-webdesign.tk, 1
+alcatrazeast.com, 1
+alcatraztourtickets.com, 1
+alchakov.tk, 1
+alchemist-heaven.tk, 1
+alchemisten.tk, 1
+alchemiya.ru, 1
+alchemy.gr, 1
+alchiemy.com, 1
+alchimic.ch, 0
+alchimist-paulo-coelho.tk, 1
+alchosting.net, 0
+alcites.com, 1
+alcnutrition.com, 1
+alcobendas.tk, 1
+alcoclinica.ru, 1
+alcogolizmstop.ru, 1
+alcoholapi.com, 1
+alcoholia.tk, 1
+alcoholicbeverages.tk, 1
+alcoholismtreatment.tk, 1
+alcoleadetajo.tk, 1
+alcolecapital.com, 1
+alcor.tk, 1
+alcorncountyms.gov, 1
+alcove.cf, 1
+alcovidvaccine.gov, 1
+alctel.com.br, 0
+alcubillas.tk, 1
+aldanpa.gov, 1
+aldarcake.com, 1
+aldastv.tk, 1
+alday.de, 1
+aldeal.gq, 1
+aldealices.tk, 1
+aldebaranbm.com, 1
+aldersgatemontgomery.org, 1
+aldersgateumc.org, 1
+aldervets.co.uk, 1
+aldevadigital.com, 1
+aldien.com.br, 1
+aldino-redagno.com, 1
+aldipresscentre.co.uk, 1
+aldo-saputra.ga, 1
+aldo-shop.tk, 1
+aldolafontana.be, 1
+aldomedia.com, 1
+aldorlocal.gov, 1
+aldot.gov, 1
+aldous-huxley.com, 1
+aldridge-ringers.tk, 1
+aldridge.com, 1
+aldyputra.net, 1
+ale5000.altervista.org, 1
+alea-prevention.com, 1
+alea.xyz, 1
+aleax.me, 1
+alecel.de, 1
+alecpap.com, 1
+alecpapierniak.com, 1
+alecrimacessorios.com.br, 1
+alector.com, 1
+aledoil.gov, 1
+aledotx.gov, 1
+aleftinka.tk, 1
+alega.com.br, 0
+alegriafm.tk, 1
+alegromania.tk, 1
+alehinta.fi, 1
+alejandrocruz.es, 1
+alejandromateoconde.tk, 1
+alejandromunoz.es, 1
+alejandropernett.tk, 1
+alejandrophones.com.mx, 1
+alek.in, 1
+alekos2go.com, 1
+aleks.com, 1
+aleksa.ga, 1
+aleksa.tk, 1
+aleksac.me, 1
+aleksandar-vukmirovic.tk, 1
+aleksanderkilinski.tk, 1
+aleksanders.tk, 1
+alekseevaleksandr.cf, 1
+alekseevski.tk, 1
+aleksejjocic.tk, 1
+alelectricista.es, 1
+alelin.ml, 1
+alemagia.pl, 1
+alemangranada.tk, 1
+alemautos.com.co, 1
+alen.nl, 1
+alena.ga, 1
+alena.tk, 1
+alenafugueroa.tk, 1
+alenaserezhina.cf, 1
+alenbadel.com, 1
+alendronate.gq, 1
+alendronato.com, 1
+alentaja.com, 1
+alentaja.fi, 1
+alenvlahovljak.com, 1
+alenwich.com, 1
+alephindia.in, 1
+alerbon.net, 1
+aleromtrowbank.tk, 1
+alerque.com, 1
+alert-software.com, 1
+alertaenlinea.gov, 1
+alertaspopup.com, 1
+alertes.biz, 1
+alertlogic.com, 1
+alertmedia.com, 1
+alertoc.gov, 1
+alerts.sg, 1
+alertsclk.com, 1
+alertwire.com, 1
+alescan.it, 1
+alesha.tk, 1
+aless.io, 1
+alessandraoliva.tk, 1
+alessandrobasi.it, 1
+alessandrolapiana.com, 1
+alessandroonline.com.br, 1
+alessandrotravel.com, 1
+alessandroz.ddns.net, 1
+aletheia.moe, 1
+aletm.it, 0
+alevel.tech, 0
+alevi-forum.tk, 1
+alevi.tk, 1
+alevro.com, 1
+alex-n.net, 1
+alex-ross.co.uk, 1
+alex-werbung.de, 1
+alex-wohl.fr, 1
+alex.net.co, 1
+alex3.tk, 1
+alex97000.de, 0
+alexaconnect.tk, 1
+alexada.ms, 1
+alexadamsddns.com, 1
+alexalist.tk, 1
+alexaminers.gov, 1
+alexander-beck.eu, 1
+alexander-net.tk, 1
+alexander-van-nieuwenhoven.tk, 1
+alexander.dk, 1
+alexanderandwilks.co.uk, 1
+alexanderb.info, 1
+alexanderbernitz.eu, 1
+alexandererber.com, 0
+alexanderg.tk, 1
+alexanderiwan.de, 1
+alexanderjshapiro.com, 1
+alexanderkarstens-fotografie.de, 1
+alexanderkhen.tk, 1
+alexanderlau.ga, 1
+alexanderneng.de, 1
+alexandernorth.ch, 1
+alexanderpiatigorsky.tk, 1
+alexanderplatz.tk, 1
+alexanderpopov.tk, 1
+alexandersavvidis.de, 1
+alexandertechniquenow.com, 1
+alexandertutoring.com, 1
+alexanderwagner.tk, 1
+alexandra-schulze.de, 1
+alexandra-siegel.com, 1
+alexandraandnicolay.com, 1
+alexandraschick.at, 1
+alexandraschmidt.coach, 1
+alexandrastrauss.fr, 1
+alexandrawett.org, 1
+alexandre-acaries.fr, 1
+alexandre-barret.fr, 1
+alexandreguarita.com.br, 1
+alexandremottier.tk, 1
+alexandrepedrosa.com, 1
+alexandrevicente.net, 1
+alexandrianh.gov, 1
+alexandrin.com, 1
+alexandrite.cf, 1
+alexandros.io, 0
+alexandryimmobilier.fr, 1
+alexaprinting.tk, 1
+alexauto.tk, 1
+alexberts.ch, 1
+alexblanck.com, 1
+alexblock.io, 1
+alexbogovich.com, 0
+alexbosch.net, 1
+alexbresnahan.com, 1
+alexcoman.com, 1
+alexcpp.tk, 1
+alexdaniel.org, 1
+alexdelpiero.ru, 1
+alexdesigner.tk, 1
+alexdowns.tk, 1
+alexdutton.co.uk, 1
+alexdutton.com, 1
+alexeydrach.ru, 1
+alexeykamalov.tk, 1
+alexeykopytko.com, 1
+alexgaynor.net, 1
+alexgonzalez-online.tk, 1
+alexguti.com, 1
+alexhd.de, 1
+alexhodgkinson.tk, 1
+alexia.fr, 1
+alexia.lol, 1
+alexidls.com, 1
+alexio.ml, 1
+alexion.nl, 1
+alexisabarca.com, 1
+alexischaussy.xyz, 1
+alexiskoustoulidis.com, 1
+alexismeza.com.mx, 1
+alexismeza.dk, 1
+alexismeza.es, 1
+alexispoficial.tk, 1
+alexisquero.tk, 1
+alexisshaw.com, 1
+alexistexaspornstar.com, 1
+alexjsully.me, 1
+alexkuleshov.com, 1
+alexlambertz.de, 1
+alexlombardo.tk, 1
+alexlouden.com, 1
+alexmainz.com, 1
+alexmathews.blog, 1
+alexmedia.tk, 1
+alexmerkel.com, 1
+alexmerkel.me, 1
+alexmerkel.xyz, 1
+alexmods.com, 1
+alexmol.tk, 1
+alexmunroe.co.uk, 1
+alexn.org, 1
+alexnedea.ro, 1
+alexpavel.com, 1
+alexpetryk.com, 1
+alexpotter.net, 1
+alexridevski.net, 1
+alexridge.tk, 1
+alexs.de, 1
+alexsandrasverden.cf, 1
+alexsantos.tk, 1
+alexsavin.me, 1
+alexschokker.tk, 1
+alexschroeder.ch, 1
+alexsergeyev.com, 1
+alexserver.cloud, 1
+alexsexton.com, 0
+alexstudio.tk, 1
+alextaffe.com, 1
+alexthayne.co.uk, 1
+alextsang.net, 1
+alextweewielers.tk, 1
+alexustinoff.cf, 1
+alexvdveen.nl, 1
+alexveil.com, 1
+alexvetter.de, 0
+alexwardweb.com, 1
+alexweber.tk, 1
+alexyang.me, 1
+alexzeta.tk, 1
+aleymedya.ga, 1
+aleymedya.gq, 1
+aleymedya.ml, 1
+aleynadavetiye.com, 1
+aleynamasajsalonu.gq, 1
+alezinhababykids.com.br, 1
+alfa-auto.tk, 1
+alfa-books.ga, 1
+alfa-host.ml, 1
+alfa-music.tk, 1
+alfa-pack.com.ua, 1
+alfa-tech.su, 1
+alfaair.aero, 1
+alfabank-info.ru, 0
+alfabetajuega.com, 1
+alfabuster.com, 1
+alfacharlie.co, 1
+alfadecor.ml, 1
+alfadefiant.tk, 1
+alfafile.net, 1
+alfaforex.ru, 1
+alfagroupaluminium.com, 1
+alfalasteenyia.cf, 1
+alfamask.de, 1
+alfambra.tk, 1
+alfapack-shop.com, 1
+alfaproweb.fr, 1
+alfardanexchange.com, 1
+alfastone.com.ua, 1
+alfateks.com.ua, 1
+alfavipambulans.com, 1
+alfavit.cf, 1
+alfawedding.com, 1
+alfonso-baya.tk, 1
+alfonsostriano.it, 1
+alfordbenefits.com, 1
+alforto.nl, 0
+alfred-figge.de, 1
+alfred-g-fischer.de, 1
+alfred.co.in, 1
+alfredapp.com, 1
+alfredlin015.com, 1
+alfredo-misael.tk, 1
+alfredopotena.it, 1
+alfromuez.es, 1
+alfryadi.my.id, 1
+alftrain.com, 1
+alfu.rs, 1
+alg-fotografie.de, 1
+algarmatic-automatismos.pt, 1
+algarve-1.com, 1
+algarve-carhire.net, 1
+algarve-transfers.co.uk, 1
+algbee.com, 1
+algbra.com, 1
+alge.xyz, 1
+algebra-quiz.com, 1
+algercounty.gov, 1
+algerianportal.tk, 1
+algeriaweb.tk, 1
+algerie-music.tk, 1
+algerie360.com, 1
+alghadpowersolutions.com, 1
+alghanimcatering.com, 1
+algibranstore.id, 1
+algo-invest.in, 1
+algoarmada.com, 1
+algoentremanos.com, 1
+algoexplorer.io, 1
+algofactory.de, 1
+algolia.com, 1
+algonaiowa.gov, 1
+algopix.com, 1
+algorista.tk, 1
+algorithmic.ml, 1
+algorithms.guide, 1
+algoritm.gq, 1
+algoritmika.org, 1
+algoritmususpechu.cz, 1
+algorytm.tk, 1
+algotest.in, 1
+alhamedeia.tk, 1
+alhareth.net, 1
+alhomaidani.com, 1
+alhost.ml, 1
+alhs-archives.com, 1
+alhuqul-kh.com, 1
+ali-shariati.tk, 1
+ali360.com, 1
+alia-helianthi.tk, 1
+aliaakademi.com.tr, 1
+aliads.com, 1
+aliakpoyraz.com, 1
+alialkurdy.tk, 1
+aliamakeup.com, 1
+aliancadesentupidora.com.br, 1
+alianet.org, 1
+aliantsoft.pl, 1
+aliasbox.org, 1
+aliasbox.ovh, 1
+aliasinfoforums.tk, 1
+aliaswp.com, 1
+alibabau.tk, 1
+alibamu.com, 1
+alibamu.org, 1
+alibangash.com, 1
+alibi-ua.com.ua, 1
+alibiloungelv.com, 0
+alibip.de, 1
+alicante-spain.tk, 1
+alice-memorial.de, 1
+alice.tw, 1
+alicebaldenegro.tk, 1
+alicecastle.com, 1
+alicedepret.com, 1
+alicehairstyling.tk, 1
+alicehartley.com, 1
+alicekinkycat.net, 1
+alicekinkycat.org, 1
+alicestudio.it, 1
+alicetone.net, 1
+alicialab.org, 1
+alicjacezary.eu, 1
+alicomalimentari.com, 1
+alidanbao.com, 1
+aliefirfany.com, 1
+alieke.design, 1
+aliel.fr, 1
+alien-life.tk, 1
+alien.net.au, 1
+alienantfarm.tk, 1
+alienclicker.ml, 1
+alienemporium.tk, 1
+alienflight.com, 1
+alieninternet.be, 1
+alieninternet.eu, 1
+alieninvasion.fun, 1
+alienresidence.tk, 1
+alienslab.net, 1
+alienstat.com, 1
+alienstatsers.ga, 1
+aliexfantaisies.com, 1
+alifan.tk, 1
+alifarnam.ir, 1
+alifeadjacent.com, 1
+alifnasiya.uz, 1
+alighierirescaldina.it, 1
+alightwell.com, 1
+alignedchiro.org, 1
+alignedweb.com, 1
+alignminds.com, 1
+alignrs.com, 1
+alignthoughts.com, 1
+alihashemrasheed.com, 1
+aliibrahimov.tk, 1
+aliim.gdn, 1
+alikarslanov.tk, 1
+alikasimoglu.com, 1
+alikgriffin.com, 1
+alikhan.org, 1
+alikulov.me, 1
+alila.dog, 1
+alilepro.cf, 1
+alilialili.ga, 1
+alilog.com, 1
+alimahmood.com, 1
+alimanaka-rabesata.tk, 1
+alimate.com, 1
+aliment-covid19.com, 1
+alimentosmcf.com, 1
+alimentsduquebecaumenu.com, 1
+alimenty.tk, 1
+alimeta.it, 1
+alimtyaz.estate, 1
+alimwilliams.tk, 1
+alinalamour.com, 1
+alinasmusicstudio.com, 1
+alinatinen.cf, 1
+alinatinen.gq, 1
+aline-cannabis.com, 1
+alinecordeiro.adv.br, 1
+alineonline.tk, 1
+alingroove.com, 1
+alinneata.com, 1
+alinode.com, 1
+alio.lt, 1
+aliorange.com, 1
+aliosmanyuksel.com.tr, 1
+alireza2love.tk, 1
+alirezahesari.com, 1
+alis-test.tk, 1
+alisblog.ml, 1
+alisearch.com, 1
+aliseihotelspa.com, 1
+alishanova.tk, 1
+alisoft.gq, 1
+alisondavenport.ga, 1
+alisondemarco.com, 1
+alisonlitchfield.com, 1
+alisonmatter.tk, 1
+alisonswindles.com, 1
+alissa-group.com, 1
+alissagerhard.de, 1
+alissanoir.net, 1
+alisstyle.tk, 1
+alistaku.tk, 1
+alisync.com, 1
+alitabergert.tk, 1
+alitajran.com, 1
+alitec.it, 1
+alitpedia.ga, 1
+alittledelightful.com, 1
+aliv.biz, 1
+alix-board.de, 1
+alix.energy, 1
+aliyasin.org, 1
+alizah.id, 1
+alizeemedia.tk, 1
+aljaspod.ch, 1
+aljaspod.com, 1
+aljaspod.hu, 1
+aljaspod.net, 1
+aljaspod.org, 1
+aljoschairmer.com, 1
+aljullusims.tk, 1
+aljweb.com, 1
+alkaabi.io, 1
+alkacoin.net, 1
+alkamitech.com, 1
+alkanbelgelendirme.com.tr, 1
+alkel.info, 1
+alkemy.mx, 1
+alko-centr.ru, 1
+alko-stop.cf, 1
+alko-stop.ml, 1
+alkoferma.gq, 1
+alkogol.ga, 1
+alkopedia.tk, 1
+alkor.tk, 1
+all-bikes.fr, 1
+all-blogs.tk, 1
+all-bronza.ru, 1
+all-connect.net, 0
+all-credits.cf, 1
+all-ebooks.gq, 1
+all-eu-recruitment.com, 1
+all-fashion-schools.com, 1
+all-for-u.tk, 1
+all-gsm-solutions.tk, 1
+all-inhealth.com, 1
+all-music.ml, 1
+all-music.tk, 1
+all-pics.tk, 1
+all-rating.tk, 1
+all-seo.tk, 1
+all-star-autoglass.com, 1
+all-stuff.tk, 1
+all-tec.com.mx, 1
+all-things.tk, 1
+all-top.tk, 1
+all-waystraining.com.au, 1
+all-wot.ml, 1
+all.li, 1
+all4hardware4u.de, 1
+all4phones.de, 1
+all4running.nl, 1
+all4web.tk, 1
+all878.com, 1
+alla-famiglia-p-otto.de, 1
+alla.tk, 1
+allaboutcovers.co.za, 1
+allabouteyes.com, 1
+allabouteyesvet.com, 1
+allaboutfunuk.com, 1
+allaboutgoats.com, 1
+allaboutgreg.net, 1
+allabouthome.ml, 1
+allabouthtml.com, 1
+allaboutmadonna.tk, 1
+allaboutnothing.cf, 1
+allaboutnothing.ga, 1
+allaboutnothing.gq, 1
+allaboutreligions.tk, 1
+allaboutswing.co.uk, 1
+allaboutswing.com, 1
+allabouttechh.tk, 1
+allaboutthekink.org, 1
+allaboutyouspa.co.uk, 1
+allaccessglobal.tech, 1
+allaccountingcareers.com, 1
+allactioneventhire.co.uk, 1
+allactionsecurity.com, 1
+allamakee.k12.ia.us, 1
+allamericangutterprotection.com, 1
+allamericanprotection.net, 1
+allamericatrans.com, 1
+allandrich.ml, 1
+allandrichonline.tk, 1
+allangirvan.net, 1
+allanlopez.tk, 1
+allanta.be, 1
+allapresenter.com, 1
+allarmi.roma.it, 1
+allarticles.tk, 1
+allas.se, 1
+allas.tk, 1
+allasianpics.com, 1
+allattaremoda.com.br, 1
+allauthor.com, 1
+allazohealth.com, 1
+allbenjoy.de, 1
+allbestby.tk, 1
+allbetgame.cn, 1
+allbetgaming.com, 1
+allbetnet.com, 1
+allbets.tv, 1
+allboard.tk, 1
+allbookmark.cf, 1
+allbooks.cf, 1
+allbouncesurrey.co.uk, 1
+allboxes.ru, 1
+allboymodeling.com, 1
+allbrestby.tk, 1
+allbrestorg.tk, 1
+allbridges.tk, 1
+allbs.pt, 1
+allbuttpics.com, 1
+allcapa.org, 1
+allcarecorrectionalpharmacy.com, 1
+allcarepharmacy.com, 1
+allcarespecialty.pharmacy, 1
+allcelebs.tk, 1
+allchan.io, 1
+allcinema.net, 1
+allcitynews.net, 1
+allcleanservices.ca, 1
+allcloud.com, 1
+allcomic.com, 1
+allcompanycorp.com, 1
+allcooking.tk, 1
+allcountyins.com, 1
+allcourts.tk, 1
+allcoveredbyac.com, 1
+allcrimea.tk, 1
+allcumshotpics.com, 1
+alldewall.de, 1
+alldigitalsolutions.com, 1
+alldm.ru, 1
+alldogs.tk, 1
+alldrives.tk, 1
+alle-zonvakanties.nl, 1
+alle.bg, 1
+alle.com, 1
+allefrisuren.de, 1
+alleganyco.gov, 1
+allegiancemd.com, 1
+allegorymetal.tk, 1
+allegra.ga, 1
+allegra180.ga, 1
+allegra180mg.ga, 1
+allegrapark.ga, 1
+allegreto.com, 1
+allegrettoresort.com, 1
+allegrettoresortandvineyard.com, 1
+allegrettoresortandvineyardbyayres.com, 1
+allegrettovineyard.com, 1
+allegrettovineyardresort.com, 1
+allegrettovineyards.com, 1
+allegrettowine.com, 1
+allegrettowines.com, 1
+allemanniamarburg.at, 1
+allemoz.com, 1
+allemoz.fr, 1
+allenacampbell.tk, 1
+allenarchive.com, 1
+allencountyinvoters.gov, 1
+allencountykentucky.gov, 1
+allendalecounty.gov, 1
+allenivory.com, 1
+allensun.org, 1
+allentertainment.de, 0
+allentherapeuticmassage.com, 1
+allenturley.com, 1
+allenwillis.ga, 1
+allerbestefreunde.de, 1
+allergento.shop, 1
+allergento.store, 0
+allergictoidiots.tk, 1
+allergy.university, 1
+allergyweb.cf, 1
+allergyweb.ga, 1
+allerlei-havelte.nl, 1
+allerstorfer.at, 1
+allerzeiten.com, 1
+alles-kan.be, 1
+alles-nur-ge.cloud, 1
+alles.cx, 1
+allesisgezondheid.nl, 1
+allesisonline.nl, 1
+alleskan.gent, 1
+alleskomtgoed.org, 1
+allesley.com, 1
+allesmartphonehoesjes.nl, 1
+allesovercrypto.nl, 1
+allesoverdieren.tk, 1
+allesoverhondentraining.tk, 1
+allesoversport.nl, 1
+allesrocknroll.de, 1
+allesuitdekast.be, 1
+allesvoorbeton.be, 1
+allesvoorniets.tk, 1
+alletattoo.de, 1
+allette.com.au, 1
+allevamentoticinella.tk, 1
+allexpress.su, 1
+alleyread.com, 1
+allfaithsfoodbank.org, 1
+allfansleak.net, 1
+allfashionews.tk, 1
+allfatpics.com, 1
+allfaucet.ml, 1
+allfoodrecipes.ga, 1
+allforcreate.ru, 1
+allforex.ml, 1
+allforhon.tk, 1
+allforlocal.com, 1
+allfortips.com, 1
+allfreelancers.su, 0
+allfundsconnect.com, 1
+allfur.love, 1
+allgadgetsfree.tk, 1
+allgaragedoorandgates.com, 1
+allgaragefloors.com, 1
+allgemeinarzt-wenta-bralla.de, 1
+allglobal.net, 1
+allgooddeedshomes.com, 1
+allgrass.net, 1
+allgreek.tk, 1
+allgreenlawncare.ca, 1
+allhallows.tk, 1
+allhard.org, 1
+allhits.ml, 1
+allhonest.com, 1
+allhsa.com, 1
+alli-diet-pill.cf, 1
+alli-pills.cf, 1
+alliaancebiotech.com, 1
+alliance-immobilier-service-neuf.fr, 1
+alliance-psychiatry.com, 0
+allianceairlinesflights.com, 1
+allianceautomation.com.au, 1
+alliancebank.com, 1
+allianceblock.io, 1
+allianceborderservices.com, 1
+allianceforafreesociety.com, 1
+allianceforafreesociety.net, 1
+allianceforafreesociety.org, 1
+alliancehealthcareservices-us.com, 1
+alliances-globalsolutions.com, 0
+alliancetrading.ch, 1
+allianskyrkan.se, 1
+allianz-pro-schiene.de, 1
+allianzdirect.com, 1
+allianzdirect.de, 1
+allianzdirect.it, 1
+allianzdirect.nl, 1
+alliedartistswv.org, 1
+alliedmedia.org, 1
+allier-vichy-moulins-expert-comptable.fr, 1
+allincoin.shop, 1
+allindiacityguide.com, 1
+allindiajobs.ga, 1
+allindiatanzeem.ml, 1
+allindustriessolutions.com.au, 1
+allinform.ga, 1
+allinoutfits.com, 1
+allinpdf.com, 1
+allinsuranceinformation.com, 1
+allis.co.jp, 1
+allis.jp, 1
+allis.studio, 1
+allisonsite.tk, 1
+allitcrm.sytes.net, 1
+allius.de, 1
+alliymacorp.com, 1
+alljamin.com, 1
+alljokesaside.tk, 1
+alllaboutchickens.tk, 1
+alllatinapics.com, 1
+allline.shop, 1
+allmagic.tk, 1
+allmandlaw.com, 1
+allmaps.tk, 1
+allmaster.ga, 1
+allmba.cf, 1
+allmemy.com, 0
+allmen.tk, 1
+allmendenetz.de, 1
+allmessedup.tk, 1
+allmobilenews.tk, 1
+allmousepads.com, 1
+allmoviesonline.tk, 1
+allnaijagists.com.ng, 1
+allnations4christ.org, 1
+allnodes.com, 1
+allnovosibirsk.tk, 1
+allns.fr, 1
+allnumis.com, 1
+allo-credit.ch, 0
+allo-luxembourg.tk, 1
+allofthestops.com, 1
+allohol.de, 1
+alloldpics.com, 1
+allontanamentovolatili.it, 1
+allontanamentovolatili.milano.it, 1
+alloprof.qc.ca, 1
+allopurinal.tk, 1
+allopurinol.gq, 1
+allopurinol100mg.tk, 1
+allopurinol300mg.ml, 1
+alloutauto1.com, 1
+allpantypics.com, 1
+allpedia.tk, 1
+allpinouts.org, 1
+allpointsblog.com, 1
+allporn.pics, 1
+allporncomic.com, 1
+allpornvids.com, 1
+allpost.co, 1
+allprices.world, 1
+allprints.tk, 1
+allpropertyservices.com, 1
+allproptonline.com, 1
+allpussynow.com, 1
+allrad-buck.de, 1
+allram.info, 1
+allreptiles.tk, 1
+allresorts.tk, 1
+allright.tk, 1
+allriteseptic.com, 1
+allroundtechnology.com, 1
+allroundtechnology.nl, 1
+allsafemd.com, 1
+allsaints.church, 1
+allsaintspreschoolyj.com.au, 1
+allsarms.com, 1
+allscammers.exposed, 1
+allschool.com.ng, 1
+allscience.tk, 1
+allsearch.io, 1
+allseasons-cleaning.co.uk, 1
+allseasonschimney.com, 1
+allseasonswaterproofing.com, 1
+allset.ml, 1
+allshapes.co.nz, 1
+allshousedesigns.com, 0
+allsmart.gr, 1
+allsouls.co.za, 1
+allspinecare.com, 1
+allstakesupply.com.au, 1
+allstar-janitorial.com, 1
+allstarautokiaparts.com, 1
+allstarcustompools.com, 1
+allstargraphics.com.au, 1
+allstarink.com.au, 1
+allstarquilts.com, 1
+allstatedealerservices.com, 1
+allsun.online, 1
+allsurpl.us, 1
+allsurplus.com, 1
+allsync.com, 1
+allsync.nl, 1
+allthatblings.online, 1
+allthebots.com, 1
+allthefallen.moe, 1
+alltheplaces2go.com, 1
+alltherapies.tk, 1
+alltherooms.es, 1
+allthethings.co.nz, 1
+allthewaynorth.xyz, 1
+allthings.me, 0
+allthingshappen.com, 1
+allthingshealthy.org, 1
+allthingsroyal.nl, 1
+allthingzit.com, 1
+alltimespost.com, 1
+alltourism.tk, 1
+alltrade.ga, 1
+alltrippers.com, 1
+alltwwk.tk, 1
+alluance.nl, 1
+allucinati.tk, 1
+alluel.com, 1
+allur-club.cf, 1
+allurebikerental.com, 1
+allurechiro.com, 1
+allureclinic.pt, 1
+alluremedicalaesthetic.com, 1
+allurescarves.com, 1
+alluringdesigns.tk, 1
+alluvion.studio, 1
+allvideofoot.tk, 1
+allvips.ru, 1
+allwaterjet.com, 1
+allways.tk, 1
+allweatherheatingandairconditioning.com, 1
+allwebkeys.gr, 1
+allwebsites.tk, 1
+allwebtuts.com, 1
+allwiki.tk, 1
+allwithinmyhands.org, 1
+allwordpress.tk, 1
+allworld.ga, 1
+allwrestling.ga, 1
+allxon.com, 1
+allyachts.cf, 1
+allyachts.gq, 1
+allyfile.com, 1
+allyoucanstyle.de, 1
+allyweds.com, 1
+almaarkansas.gov, 1
+almaascosmetics.com, 1
+almaatlantica.com, 1
+almablanca.tk, 1
+almacenterwi.gov, 1
+almadaria.com, 1
+almadeviajante.com, 1
+almagalla.com, 1
+almajaniyate.ga, 1
+almamarket.com, 0
+almanea.email, 1
+almanea.family, 1
+almanea.net, 1
+almanea.org, 1
+almanilan.com, 1
+almanshood.com, 1
+almarail.tk, 1
+almargen.ga, 1
+almargen.tk, 1
+almarin.es, 1
+almasoft.ga, 1
+almastabriz.com, 1
+almasteb.com, 1
+almatinki.com, 1
+almatybusiness.gov.kz, 1
+almatytips.com, 1
+almayadeen.education, 1
+almayoreo.com.co, 1
+almaz-host.ml, 1
+almaz-host.tk, 1
+almaz-sait-rp.ml, 1
+almeera.online, 1
+almeerajtour.com, 1
+almeeraloyalty.com, 1
+almeezangroup.com, 1
+almeidaesilvaseguros.com.br, 1
+almenatownship.gov, 1
+almenrausch-pirkhof.de, 1
+almeriaplayer.tk, 1
+almette.pl, 1
+almeva.swiss, 1
+almhtnews.com, 1
+almirall.com, 1
+almiriatechstore.co.ke, 1
+almlab.tk, 1
+almlc.gov, 1
+almokhlifoud.com, 1
+almorafestival.com, 1
+almosis.tk, 1
+almost.cf, 1
+almost.fit, 1
+almost.gq, 1
+almostobjective.com, 1
+almudenallacer.com, 1
+almukhtar.se, 0
+almurtaqa.com, 1
+almusbahperfume.com, 1
+almushealth.com, 1
+almut-zielonka.de, 1
+almutawapharmacies.com.kw, 1
+almx.net, 1
+alnaierh.com, 1
+alng.me, 1
+alnilam.co.uk, 1
+alnitech.com, 0
+alnoorintl.com, 1
+aloalosalomao.com.br, 1
+alodavetiye.com.tr, 1
+alodokita.com, 1
+aloe-care.tk, 1
+aloe-vera-info.tk, 1
+aloemeda.de, 1
+aloesbienetre.be, 1
+aloesoluciones.com.ar, 1
+aloeveralisboa.pt, 1
+alofone.vn, 1
+alohapartyevents.co.uk, 1
+alohotel.com, 1
+alohotelorange.com, 1
+alohotels.com, 1
+alojadalu.com.br, 1
+alola.co.uk, 1
+alolabor.org, 1
+alomch.gq, 1
+alomendia.tk, 1
+alonaku.com, 1
+alonas.lv, 1
+aloneg.ovh, 1
+alonephoenix.tk, 1
+alonetone.com, 1
+alonsoluzgas.es, 1
+alonuocsuoi.com, 1
+aloo.ga, 1
+aloomic.com.au, 1
+aloop.cloud, 1
+alopezlawfirm.com, 1
+alorica.com, 0
+aloris-controle.fr, 1
+aloro.io, 1
+alotso.com, 1
+alottajava.com, 1
+alov.blog, 1
+aloys233.top, 1
+alp-eastlink-portal-model.azurewebsites.net, 1
+alp-samsungca-portal-model.azurewebsites.net, 1
+alp-spectrum-portal-model.azurewebsites.net, 1
+alp.od.ua, 1
+alpa.is, 1
+alpa.social, 1
+alpaca.haus, 1
+alpahandling.com, 1
+alpan.ml, 1
+alpan.tk, 1
+alpca.org, 1
+alpe-d-or.dyn-o-saur.com, 1
+alpencams.at, 1
+alpencams.ch, 1
+alpencams.com, 1
+alpencams.de, 1
+alpencams.fr, 1
+alpencams.it, 1
+alpencams.net, 1
+alpencams.nl, 1
+alpenguides.de, 1
+alpenhof-suedtirol.com, 1
+alpenjuice.com, 1
+alpenrose.de, 1
+alpenschmarrn.de, 1
+alpensternderl.de, 1
+alperenremziunal.me, 1
+alperozmen.kim, 1
+alpertron.com.ar, 1
+alpes-deis-tools.com, 1
+alpes-deis.fr, 1
+alpetrov.cf, 1
+alpha-ag.ru, 1
+alpha-assistant.com, 1
+alpha-associates.ch, 1
+alpha-bet.com.ua, 1
+alpha-centauri.tk, 1
+alpha-force.net, 0
+alpha-kamera.de, 1
+alpha-protein.de, 1
+alpha-shop.gr, 1
+alpha-showcase.com, 1
+alpha.ch, 1
+alpha91.co.za, 1
+alphaassurances.com, 1
+alphabet-z.xyz, 1
+alphabetsigns.com, 1
+alphabetworksheetsfree.com, 1
+alphabouncycastles.co.uk, 1
+alphabytes.uk, 0
+alphachannel.tk, 1
+alphachat.net, 1
+alphacity.tk, 1
+alphacodingskills.com, 1
+alphacomputersllc.com, 0
+alphaconsult.sk, 0
+alphacorp.tk, 1
+alphadance.tk, 1
+alphadefense.co.za, 1
+alphadetroit.com.au, 1
+alphadronten.tk, 1
+alphaetomega3d.fr, 1
+alphafoo.dk, 1
+alphagames.tk, 1
+alphageek.blog, 1
+alphahosting.hu, 1
+alphahunks.com, 1
+alphainflatablehire.com, 1
+alphakites.de, 1
+alphalab.tk, 1
+alphalibraries.com, 1
+alphamosa.fr, 1
+alphanodes.com, 1
+alphapengu.in, 1
+alphapoker.ru, 1
+alpharail.se, 1
+alpharettaga.gov, 1
+alpharoofga.com, 1
+alpharotary.com, 1
+alphasall.com, 0
+alphasoft-i.net, 1
+alphasolartech.com, 1
+alphassl.de, 1
+alphastrip.com, 1
+alphat.net, 1
+alphatam.com, 1
+alphatrading.tk, 1
+alphatrash.de, 1
+alphatv.cf, 1
+alphatv.ga, 1
+alphavit.ru, 1
+alphaworks.it, 1
+alphazure.co.uk, 1
+alphazure.com, 1
+alphera.nl, 1
+alphie.me, 1
+alphimedia.com, 1
+alphipneux.fr, 1
+alphline.com.sg, 1
+alphotelmilano.it, 1
+alpilean.com, 1
+alpinar.tk, 1
+alpinatours.nl, 1
+alpine-holiday.de, 1
+alpine-tuning.de, 1
+alpinebank.com, 1
+alpinedental.us, 1
+alpinedentalhealth.com, 1
+alpinehighlandrealty.com, 1
+alpineplanet.com, 1
+alpinepubliclibrary.org, 1
+alpinestarmassage.com, 1
+alpinewy.gov, 1
+alpis.fr, 1
+alplogopedia.it, 1
+alpparts.com, 1
+alquiler-de-coches.tk, 1
+alquiler-de-furgonetas.tk, 1
+alquran-online.tk, 1
+alrahman.ch, 1
+alrahman.de, 1
+alre-outillage.fr, 1
+alredho.com, 1
+alrehmantech.tk, 1
+alrioart.com, 1
+alrobotics.net, 1
+alroniks.com, 0
+alsaagency.tk, 1
+alsabil.tk, 1
+alsace-informatique.shop, 1
+alsetat.com, 1
+alshabab.tk, 1
+alshamil.tk, 1
+alsharkest.net, 1
+alskar.co, 1
+alsops.cf, 1
+alsteadnh.gov, 1
+alstertouch.com, 1
+alstertouch.de, 1
+alt-bookings.com, 1
+alt-pannekow.de, 1
+alt-three.com, 0
+alt-til-windows.dk, 1
+alt-wien.com, 1
+alt.org, 1
+alta-densidad.tk, 1
+alta-ict.nl, 1
+altabadia.com, 1
+altabadia.it, 1
+altabash.tk, 1
+altabg.com, 1
+altabib.me, 1
+altabooks.ga, 1
+altacomunicazione.tk, 1
+altahrim.net, 1
+altai-info.ga, 1
+altai-voyage.tk, 1
+altai-zemlya.cf, 1
+altai-zemlya.ga, 1
+altai-zemlya.ml, 1
+altai-zemlya.tk, 1
+altai22.tk, 1
+altair.com, 0
+altairfp.es, 1
+altairlyh.com, 1
+altaiscience.com, 1
+altaizemlya.cf, 1
+altaizemlya.ga, 1
+altaizemlya.ml, 1
+altaizemlya.tk, 1
+altana.com, 1
+altaplana.be, 1
+altasierra.co.uk, 1
+altavaldinon.com, 1
+altavoces.guru, 1
+altcoaching.fr, 1
+altcodes.nl, 1
+altcoinfiyatlari.com, 1
+altd.cz, 1
+altdforyou.tk, 1
+alte-wassermuehle-friesoythe.de, 1
+altea.it, 1
+alteah.com, 1
+altec.pl, 1
+altecgmbh.de, 1
+altedirect.com, 1
+altenagala.nl, 1
+altenheim.it, 1
+alteralife.eu, 1
+alteraro.com, 1
+alteraro.org, 1
+alterbaum.net, 1
+altered.network, 1
+altered.si, 1
+alterego.tk, 1
+alterenergy.tk, 1
+alterengine.tk, 1
+altergalaxy.tk, 1
+alteria.xyz, 1
+alterian.com, 1
+alterlinks.com, 1
+alterlinks.fr, 1
+alterlinks.it, 1
+alterlinks.nl, 1
+altermidya.net, 1
+altern-in-wuerde.com, 1
+alternador.com.br, 1
+alternahaircare.com, 1
+alternatieva.tk, 1
+alternatifin.com, 1
+alternativa-kaluga.ru, 1
+alternativagospel.tk, 1
+alternative-e-energy.tk, 1
+alternative-kultur.tk, 1
+alternative-reussite.org, 1
+alternative.hosting, 1
+alternativebit.fr, 1
+alternativedev.ca, 1
+alternativeenergy.tk, 1
+alternativefacts.cf, 1
+alternativehosting.ca, 1
+alternativehosting.com, 1
+alternativeinternet.ca, 1
+alternativet.party, 1
+alternativetomeds.com, 1
+alternativewireless.com, 1
+alternativnizivot.tk, 1
+alternatiwa.tk, 1
+alternatyv.ch, 0
+alternego.com, 1
+alternet.ml, 1
+alterspalter.de, 1
+altertek.org, 1
+altes-sportamt.de, 1
+altesses.eu, 1
+altestore.com, 1
+althacare.com, 1
+althi.nl, 1
+althistory.ga, 1
+alti-global.com, 1
+altidrabat.dk, 1
+altieresgomes.com.br, 1
+altijdleroy.nl, 1
+altijdleroy.online, 1
+altimetrique.ca, 1
+altimetry.com, 1
+altinea.fr, 1
+altinity.com, 1
+altinopoliscervejaria.com.br, 1
+altiplano.travel, 1
+altisnet.ga, 1
+altitude-dev.com, 1
+altitudeco.com.au, 1
+altitudehauling.com, 1
+altiup.ch, 0
+altiup.com, 0
+altius-europe.com, 1
+altius.com.pa, 1
+altiusconsulting.com, 1
+altiusconsulting.net, 1
+altiusondemand.com, 1
+altkia.com, 1
+altkremsmuensterer.at, 1
+altmaestrat.es, 1
+altmann-systems.de, 1
+altmedicine.tk, 1
+altoa.cz, 1
+altoona-wi.gov, 1
+altopartners.com, 0
+altopia.com, 1
+altoplan.de, 1
+altos.tk, 1
+altospam.net, 1
+altovalemarmoraria.com.br, 1
+altovoltaggio.tk, 1
+altoweb.tk, 1
+altphotos.com, 1
+altralamezia.tk, 1
+altramarsala.tk, 1
+altransport.ca, 1
+altratella.tk, 1
+altravita-ivf.ru, 1
+altrei.ch, 1
+altrui.st, 1
+altsdigital.com, 0
+altsetup.com, 1
+altspacex.com, 1
+altstadt-it.de, 1
+alttrackr.com, 1
+altunbas.info, 1
+altur.tk, 1
+alturiak.net, 1
+altusbiologics.com, 1
+altusgroup.com, 0
+altview.gq, 1
+altyazur.com, 1
+alua.com, 1
+aluchta.tk, 1
+alugha.com, 1
+aluguer-rodagigante.pt, 0
+alukard.gq, 1
+alukard.ml, 1
+alulasails.com, 1
+aluminaty.com, 1
+aluminium-giesserei.de, 1
+aluminumfencestlouis.com, 1
+alumni-kusa.jp, 1
+alumni-skensa.tk, 1
+alumni.education, 1
+alumnifire.com, 1
+alumnispecialers.ga, 1
+alumnivilleest.ga, 1
+alunara.eu, 1
+alunyc.gq, 1
+alupferd.de, 1
+aluroof.eu, 1
+alushta-vostorg.ml, 1
+alushta-vostorg.tk, 1
+alushta.tk, 1
+alusib.ga, 1
+alusim.ga, 1
+aluta.de, 1
+alvarez.tk, 1
+alvarezmorales.tk, 1
+alvaritoeresnuestradulcelocura.tk, 1
+alvaro-smith.link, 1
+alvarocastillo.net, 1
+alvarovega.tk, 1
+alvastonauto.fi, 1
+alves-avocat.com, 1
+alviano.com, 0
+alvicom.hu, 1
+alvimedika.com.ua, 1
+alvinalvelino.com, 1
+alvinaonline.com, 1
+alvinhu.com, 0
+alvirzy.tk, 1
+alvn.ga, 1
+alvordtx.gov, 1
+alvosec.com, 1
+alwaysdata.com, 1
+alwayshowher.tk, 1
+alwayslookingyourbest.com, 1
+alwaysmine.fi, 1
+alwayswanderlust.com, 1
+alwiam.info, 1
+alwistra.eu, 1
+alwuz.com, 1
+alxclub.tk, 1
+alxlegal.com, 1
+alxn-congress-2022.com, 1
+alxpresentes.com.br, 1
+alxu.ca, 1
+aly.pet, 1
+alykkelife.com, 1
+alyoung.com, 1
+alyssamilano.tk, 1
+alyusr.com.sa, 1
+alza.at, 1
+alza.co.uk, 1
+alza.cz, 1
+alza.de, 1
+alza.sk, 1
+alzashop.com, 1
+alzheimers.gov, 0
+alziamoiltetto.it, 1
+alzlogarforensics.com, 1
+alzon.cf, 1
+alzulej.pt, 1
+am-39.com, 1
+am-dd.com, 1
+am-executive-consulting.com, 1
+am-i-on-am-i-on-drugs-dot-com.com, 1
+am-i-on-drugs.com, 1
+am-liaotian.com, 0
+am-schlossgarten.haus, 1
+am-sonnenblick.de, 1
+am-sonnengarten.de, 1
+am-yu.jp, 1
+am190.com, 1
+am22i6xaf1m2a5m9k.xyz, 1
+am3.se, 1
+am5188.com, 1
+am7000.com, 1
+am8009.com, 1
+am8028.com, 1
+am8213.com, 1
+am8811.net, 1
+am8898.net, 1
+am8900.com, 1
+ama.ne.jp, 1
+amabiligranilhas.com, 1
+amac.tv, 1
+amademy.com, 1
+amadera.com, 1
+amaderforum.tk, 1
+amadeusproject.cf, 1
+amadin.tk, 1
+amadispa.com.br, 0
+amadoraslindas.com, 1
+amadorcounty.gov, 1
+amadvice.com, 1
+amaeruinc.com, 1
+amaforro.com, 1
+amagdic.com, 1
+amagical.net, 0
+amagraduates.tk, 1
+amagroup.io, 1
+amaisd.org, 1
+amaiz.com, 1
+amalbansode.com, 1
+amalfi5stars.com, 1
+amalfipositanoboatrental.com, 1
+amalgaamvrij.tk, 1
+amalgaamziekte.tk, 1
+amalgamma.ml, 1
+amalou-photografie.de, 1
+amambebe.com, 1
+amandablain.com, 1
+amandadamsphotography.com, 1
+amandahamilton.tk, 1
+amandamachado.nl, 1
+amandasage.ca, 1
+amandaworldstudies.com, 1
+amanduscommunication.com, 1
+amanet.ro, 1
+amango.se, 1
+amani-kinderdorf.de, 1
+amanmerceria.com, 1
+amansinghbhogal.com, 0
+amanydesignstudio.com, 1
+amapspa.it, 1
+amaranth.gq, 1
+amaranth.tk, 1
+amaranthinewanderlust.com, 1
+amaranthus.com.ph, 1
+amaresq.com, 1
+amarilio.com.mx, 1
+amarillosquare.com, 1
+amarinbabyandkids.com, 1
+amaris-pr.ru, 1
+amaris.com, 1
+amarrada.com, 1
+amarresdeamorconelbrujoguillermo.com, 1
+amarresperuanos.com, 1
+amarresydominio.com, 1
+amartaramitramandal.tk, 1
+amartours.pt, 1
+amaruddinmufid.com, 1
+amaruz.tk, 1
+amarylis.com, 1
+amasea.yachts, 1
+amasing.tk, 1
+amateku.jp, 1
+amateri.com, 1
+amateur-boxing.tk, 1
+amateur.cash, 1
+amateur.cf, 1
+amateur101.tk, 1
+amateureuro.com, 1
+amateurplayerstour.com, 1
+amateurradionotes.com, 1
+amateurs.ga, 1
+amateurs.gq, 1
+amateurtuning.tk, 1
+amateurvoicetalent.com, 1
+amati.solutions, 1
+amato.tk, 1
+amatoryasamak.tk, 1
+amatsu.xyz, 1
+amatutis.lt, 1
+amatya.co.uk, 1
+amauf.de, 1
+amaurijogos.tk, 1
+amavis.org, 1
+amavo.tk, 1
+amaxa.com, 1
+amaxautomotive.com.au, 1
+amazcode.ooo, 1
+amazdriver.com, 1
+amazetimberfurniture.com.au, 1
+amazinations.com, 1
+amazing-cars98.tk, 1
+amazing-castles.co.uk, 1
+amazing-maids.com, 1
+amazingraymond.com, 1
+amazingraymond.com.au, 1
+amazingribs.com, 1
+amazingstore.gq, 1
+amazingtattooideas.com, 1
+amazon, 1
+amazon.ae, 1
+amazon.at, 1
+amazon.care, 1
+amazon.com.tr, 1
+amazon.eg, 1
+amazon.pl, 1
+amazon.sa, 1
+amazon.se, 1
+amazonteckathon.com, 1
+amazstaff.com, 1
+amaztravail.com, 1
+amazwerk.com, 1
+amb.tf, 1
+ambarbyarihant.com, 1
+ambasador-dibo.pl, 1
+ambasady.cz, 1
+ambassadeurs.com, 1
+ambassadordayslevis2023.com, 1
+ambassify.com, 1
+ambassify.eu, 1
+ambc.es, 1
+amber-teething-necklace.com, 1
+amberba.tk, 1
+ambercaravalho.com, 1
+amberesdetective.be, 1
+amberhouse.cf, 1
+amberhouse.ga, 1
+amberhouse.gq, 1
+amberoad.tk, 1
+amberonline.tk, 1
+ambersafety.info, 1
+ambersoftware.co.uk, 1
+ambertears.tk, 1
+amberwiz.com, 1
+ambholding-usedcars.be, 1
+ambiancewindowcoverings.com, 1
+ambient.digital, 1
+ambient.wtf, 1
+ambiente.one, 1
+ambientskies.tk, 1
+ambigramasdecarmela.tk, 1
+ambion.am, 1
+ambisonia.com, 1
+ambitionbox.com, 1
+ambivalence.tk, 1
+amblin.com, 1
+ambor.com, 1
+ambor.org, 1
+ambouncyhire.com, 1
+ambra.net.nz, 1
+ambrosia.cafe, 1
+ambrosiamosaicos.co, 1
+ambrosio.tk, 1
+ambtpay.com, 1
+ambulanceplus.cz, 1
+ambulancieros.tk, 1
+ambulanza.it, 1
+ambulanza.milano.it, 1
+ambulanza.roma.it, 1
+ambulanzaprivata.roma.it, 1
+ambulari.cz, 1
+ambulatori.it, 1
+amburgo.com, 1
+amcanalense.tk, 1
+amcangroup.com, 1
+amcasia.com, 1
+amcchemical.com, 0
+amchainitiative.org, 1
+amcs.website, 0
+amdelisi.tk, 1
+amdental.lv, 1
+amdiving.ru, 1
+amdm.ru, 1
+amdrumors.com, 1
+amdukis-bordercollies.tk, 1
+ameba-capital.com, 1
+amebavirtual.tk, 1
+amebolounge.tk, 1
+amechancez.work, 1
+amecopress.net, 1
+amedeo.pro, 1
+ameego.com, 1
+ameego.it, 1
+ameego.net, 1
+ameego.nl, 1
+ameego.org, 1
+ameeradubai.com, 1
+amees.me, 0
+ameeventos.pt, 1
+amefrec.co.jp, 1
+ameho.me, 0
+ameinteriores.pt, 1
+ameisenbaer.tk, 1
+amelanchiers.tk, 1
+amelia-wedding.pl, 1
+amelia.network, 1
+amelielei.net, 1
+ameliemarieintokyo.com, 1
+amello.de, 1
+amemei-lists.top, 1
+amempire.tk, 1
+amendine.fr, 1
+ameninalaceira.com.br, 1
+amenoskuarto.tk, 1
+ameresco.com, 1
+ameri.capital, 1
+america.gov, 1
+america250.gov, 1
+americabiznews.tk, 1
+americafamilylawcenter.org, 1
+americafc.tk, 1
+americahealthcare.tk, 1
+americamilitar.com, 1
+american-automotive.tk, 1
+american-school-search.com, 1
+americanacrylicaward.com, 1
+americanartwarehouse.com, 1
+americanbooks.cf, 1
+americanbuzz.tk, 1
+americancasinoguide.shop, 1
+americancomfortexperts.com, 1
+americandisinfectingassociation.com, 1
+americandisinfectingassociation.org, 1
+americanews.ml, 1
+americanfan.com, 1
+americanflooring.co, 1
+americanflooringservicesinc.com, 1
+americanfootball.ml, 1
+americanfootball.tk, 1
+americanfreight.com, 1
+americangods.tk, 1
+americanimageawards.com, 1
+americanindiannursing.com, 1
+americaninsuranceplus.ml, 1
+americankickoff.ga, 1
+americanmessaging.net, 1
+americanpop.be, 1
+americanreservations.us, 1
+americans.cam, 1
+americanstrategic.com, 0
+americantowers.org, 0
+americanunicornparty.tk, 1
+americanwalkincoolers.com, 1
+americanwater.lk, 1
+americapitalfunding.com, 1
+americasbasementcontractor.com, 1
+americasdirector.com, 1
+americasgottalentauditions.com, 1
+americathebeautifulquarters.gov, 1
+americatracker.com, 1
+americavip.tk, 1
+americawiki.tk, 1
+americolorcorp.com, 1
+americorps.gov, 1
+americorpsoig.gov, 1
+amerigroup.com, 1
+amerigrouphealthyliving.com, 1
+ameriikanpoijat.org, 1
+amerikanloto.tk, 1
+amerikanpaketim.com, 1
+amerikasepetim.com, 1
+amerikeli.tk, 1
+amerimex.cc, 1
+amerimex.org, 1
+amerion.nl, 1
+ameriondental.nl, 1
+ameripacfund.com, 1
+ames-fzco.ae, 1
+amesagesse.com, 1
+amesgen.de, 1
+amessage.de, 1
+amessage.eu, 1
+amessage.info, 1
+amesvacuumrepair.com, 1
+amethystbodyart.co.za, 1
+amethystcards.co.uk, 1
+amethystdevelopment.co.uk, 1
+amethystwebsitedesign.com, 1
+ametinsurance.com, 1
+ametrin.biz, 1
+amevoice.com, 1
+amex.ua, 1
+amexemp.com, 1
+amf.to, 1
+amfelt.dk, 1
+amfiteatr.tk, 1
+amfora.gq, 1
+amforst.ddns.net, 1
+amgreatness.com, 1
+amh-entertainments.co.uk, 1
+ami-de-bastanes.fr, 1
+ami.com, 1
+amianto.milano.it, 1
+amianto.roma.it, 1
+amiatlanticare.com, 1
+amica-travel.com, 1
+amicalecanyon.ch, 0
+amicare.fr, 1
+amicipadrealdo.tk, 1
+amiciperibambini.org, 1
+amiciperlatesta.it, 1
+amicon.com, 1
+amicosauro.tk, 1
+amicus-webdesign.de, 1
+amicusjunior.ro, 1
+amie.so, 1
+amiez.com, 1
+amifoundation.net, 1
+amigatraktor.tk, 1
+amightyoakbedandbreakfast.com, 1
+amigodeltoro.tk, 1
+amigoenergy.com, 1
+amigosdelvalenciadeastorga.tk, 1
+amigosencanada.com, 1
+amigosgranada4050.tk, 1
+amigucrochet.com, 1
+amikton.ru, 1
+amilaresort.com, 1
+amilcalcados.com.br, 1
+amilesportes.com.br, 1
+amilum.org, 1
+amimi.tk, 1
+amin.one, 1
+aminafrance.com, 1
+amineamellouk.com, 1
+amineptine.com, 1
+aminfarhoodi.tk, 1
+aminformatica.ml, 1
+aminformatica.tk, 1
+aminko.ga, 1
+aminoro.de, 1
+aminos.tk, 1
+aminsabeti.com, 1
+aminullrouted.com, 1
+amion.com.ua, 1
+amionamiondrugsdotcom.com, 1
+amiondrugs.com, 1
+amionvpn.com, 1
+amir-nadlan.co.il, 1
+amir-tataloo.tk, 1
+amirarsalan.tk, 1
+amirasyraf.com, 0
+amirautos.com, 0
+amirhanova-a.ru, 1
+amirkaraj.tk, 1
+amirmahdy.com, 1
+amis-du-cinema.com, 1
+amis-sh.fr, 1
+amiserver.de, 1
+amisharingstuff.com, 1
+amishra.tk, 1
+amisoft.co.jp, 1
+amisoft.tk, 1
+amissing.link, 1
+amisun.com, 1
+amithvijayan.in, 1
+amitopia.tk, 1
+amitpatra.com, 0
+amitriptyline-hydrochloride.ga, 1
+amitriptyline25mg.cf, 1
+amitriptylineonline.tk, 1
+amitt.ga, 1
+amityvillepdny.gov, 1
+amitywebsitedesign.com, 1
+amiv.ch, 1
+amjaadabdullah.com, 1
+amjesusdespojado.tk, 1
+amjinc.ca, 1
+amlakzibakenar.com, 1
+amlameiras.pt, 0
+amleather.pl, 1
+amliorefemme.tk, 1
+amliyatdua.com, 0
+amlops.com.au, 1
+amm6e.com, 1
+ammanagingdirectors.com, 1
+ammex.com, 1
+amministratore.biz, 1
+amministratore.roma.it, 1
+amministratorecondominiale.it, 1
+amministratorecondominio.roma.it, 1
+amministratoredicondominio.roma.it, 1
+amministratoristabilitorino.tk, 1
+amministrazioni.roma.it, 1
+ammoland.com, 0
+ammsystems.pl, 1
+amnathrig.com, 1
+amnepal.ml, 1
+amnesia-zone.tk, 1
+amnesty.cf, 1
+amnesty.org.au, 1
+amnesy.fr, 1
+amnion.tk, 1
+amniotic.tk, 1
+amniowell.com, 1
+amnistiya.tk, 1
+amoatuaexistencia.com.br, 1
+amobileway.co.uk, 1
+amoc.org, 1
+amodeocarlo.com, 1
+amoderm.com, 1
+amogus.cloud, 1
+amokinio.com, 1
+amolaccum.tk, 1
+amolador.com.br, 1
+amolare.com.br, 1
+amoliogames.com, 1
+amollare.com.br, 1
+amon.tech, 1
+amondial.com, 1
+among-us.me, 1
+amongtheflora.com, 1
+amongus-guru.ru, 1
+amongusmerch.co, 1
+amoozesh98.ir, 1
+amoralizm.tk, 1
+amoraquatropatas.org, 1
+amordoce.com, 1
+amorfestival.com, 1
+amorgos-aegialis.com, 1
+amorgosrentandgo.gr, 1
+amorim.ca, 1
+amoroso-vivace.ch, 1
+amorph.aero, 1
+amorphis.tk, 1
+amorphsys.com, 1
+amorszexshop.hu, 1
+amortyzator.tk, 1
+amorxyoga.com, 1
+amorymerced.tk, 1
+amoryurgentcare.com, 1
+amos.ovh, 1
+amosca.tk, 1
+amotarget.com, 1
+amoursucre.com, 1
+amoxicillin-500mg.ga, 1
+amoxicillin.cf, 1
+amoxicillin.ga, 1
+amoxicillincapsules.tk, 1
+amoxicillinonline.tk, 1
+amoxil.cf, 1
+amoxil.ga, 1
+amoxil875.ga, 1
+amoxilonline.gq, 1
+amp-logistics.com, 1
+amp-wp.org, 1
+amp.chat, 1
+ampact.co, 1
+amped4ski.co.nz, 0
+ampedairsoft.com, 1
+amper.kharkov.ua, 1
+ampersandnbspsemicolon.com, 1
+ampersandsmallbusiness.com, 1
+ampetronic.com, 1
+ampflower.gay, 1
+amphetamines.org, 1
+amphibo.ly, 1
+amphora.jp, 1
+amphora.tk, 1
+amphost.tk, 1
+ampicillin.ga, 1
+ampicillin.ml, 1
+ampicillin24.com, 1
+ampicilliniv.tk, 1
+ampicillinonline.gq, 1
+amplead.com, 1
+ampledesigners.com, 1
+ampleinfographics.com, 1
+ampleitsolutions.com.au, 1
+ampleroads.com, 1
+amplifi.io, 1
+amplifiedit.com, 1
+amplifier-technics.tk, 1
+amplifire.com, 1
+ampparit.com, 1
+ampproject.com, 1
+ampproject.org, 1
+ampselectricsolar.com, 1
+ampullen.tk, 1
+amputated.tk, 1
+amputatedgenitals.tk, 1
+amr.de, 1
+amrealtypr.com, 1
+amref.org, 1
+amritps.com, 1
+amroelkhatib.fi, 1
+amroz.xyz, 1
+amrun-verlag.de, 1
+amruta.org, 1
+ams-web-qa.azurewebsites.net, 1
+ams.co.rs, 1
+amsconnectapp.com, 1
+amscrosscomp.nl, 1
+amsel305nc.ddnss.de, 1
+amsfoodhk.com, 1
+amsmart.hu, 1
+amsochile.cl, 1
+amstat.org, 0
+amstelradio.tk, 1
+amstelveentje.nl, 1
+amsterdam.nl, 1
+amsterdam4u.tk, 1
+amsterdam5.nl, 1
+amsterdamian.com, 1
+amsterdamtype.nl, 1
+amsterdamtypography.nl, 1
+amsuisse.com, 0
+amt-taxfrance.com, 1
+amtheone.com, 1
+amtrakoig.gov, 1
+amule.cf, 1
+amumtomum.com, 1
+amunanalytics.eu, 1
+amundi-ca-assurances.com, 1
+amundi-ee.com, 1
+amundi-tc.com, 1
+amundsensports.com, 1
+amunoz.org, 1
+amuq.net, 1
+amur-photo.ml, 1
+amur.tk, 1
+amusa.cl, 1
+amuzante.com, 1
+amva.it, 1
+amvip9.com, 1
+amvisor.com, 1
+amvisualgraphics.com, 1
+amwake.com, 1
+amwine.ru, 1
+amxm.aero, 1
+amxpj888.com, 0
+amy-nichols.ga, 1
+amyapets.tk, 1
+amyfoundhermann.com, 1
+amymabel.com, 1
+amyred.net, 1
+amyria.jp, 1
+amyrussellhair.com, 1
+amytuarez.ga, 1
+amytuarez.gq, 1
+amytuarez.ml, 1
+amywinehouseaddicted.tk, 1
+amyyeung.com, 1
+amz-tas.ba, 1
+amzik.tk, 1
+amzinfotech.com, 0
+amzn.com, 1
+amzn.rocks, 1
+amznworks.com, 1
+an-alles-gedacht.de, 1
+an0ns.ru, 0
+an0ns.tk, 1
+an7hrax.se, 1
+anaal-nathrakh.tk, 1
+anaaldea.tk, 1
+anaalmeisjes.tk, 1
+anaalnathrakh.tk, 1
+anaalontmaagd.tk, 1
+anaar.ml, 1
+anabarata.tk, 1
+anabecoaj.org, 1
+anabijou.com.br, 1
+anabolic-stresser.ga, 1
+anabolic.co, 1
+anabolickdieta.ga, 1
+anabolics.tk, 1
+anabolika.ga, 1
+anabolika.gq, 1
+anabolika.ml, 1
+anachristinarodriguez.com, 1
+anachronaeon.tk, 1
+anachronis.gq, 1
+anacom.pt, 1
+anacron.pl, 1
+anacruz.es, 1
+anadiuvo.fi, 1
+anadlelkheir.com, 1
+anaelog.com.au, 1
+anaethelion.fr, 1
+anafranil.cf, 1
+anafranil.ga, 1
+anagir.tk, 1
+anagramma.tk, 1
+anahitascribe.tk, 1
+anahtarfikir.com, 0
+anahwaftah.ga, 1
+anaiscoachpersonal.es, 1
+anaisfae.art, 1
+anak-pontianak.tk, 1
+anakart.tk, 1
+anakin.ca, 1
+anakliarmalam.ml, 1
+analbabsi.com, 1
+analebear.com, 1
+analfistula.com.sg, 1
+analgesia.ga, 1
+analgesia.net, 1
+analinsting.tk, 1
+analisi-grammaticale.biz, 1
+analisi-logica.it, 1
+analisi-periodo.it, 1
+analisi.roma.it, 1
+analitik.ml, 1
+analizator.tk, 1
+analogfreeers.ga, 1
+analogical.ga, 1
+analogist.net, 1
+analogman.com, 1
+analpantyhose.org, 1
+analpics.com, 1
+analyser-mon-site.fr, 1
+analystexamers.ga, 1
+analysts.com, 1
+analytics-media.com, 1
+analyticscanvas.com, 1
+analyticsinmotion.com, 1
+analyticsinsight.net, 1
+analyticum.at, 1
+analyticum.com, 1
+analyticum.de, 1
+analyticum.eu, 1
+analyticum.net, 1
+analytik.news, 1
+analyzemyfriends.com, 1
+analyzepoker.com, 1
+anamelikian.com, 1
+anamterminal.tk, 1
+ananas.gq, 1
+ananasposter.ru, 1
+anangeix.tk, 1
+anankecosmetics.com, 1
+anantshri.info, 1
+ananyagupta.tk, 1
+anaprieto.com, 1
+anapsi.tk, 1
+anar.biz, 1
+anarajaoui.ma, 1
+anarcasmetalicos.tk, 1
+anarchapulco.com, 1
+anarchie-in-lippe.tk, 1
+anarchie.tk, 1
+anarchista.top, 1
+anarchistfederation.net, 1
+anarchistischefoderation.de, 1
+anarchistischegroepnijmegen.nl, 0
+anarchistos.tk, 1
+anarchotv.tk, 1
+anarchy.eu.org, 1
+anarchyhax.ml, 1
+anarchyrp.life, 1
+anarchyweb.tk, 1
+anarhia.tk, 1
+anarhija.tk, 1
+anarhist.net, 1
+anarhist.org, 1
+anaricompras.com, 1
+anarka.org, 1
+anarkhe.net, 1
+anarky.tk, 1
+anarshist.tk, 1
+anarticle.gq, 1
+anasaci.com, 1
+anasahr.be, 1
+anassiriphotography.com, 0
+anastasiaweb.tk, 1
+anastasis.studio, 1
+anastasiyasivayeva.ru, 1
+anastore.com, 1
+anatoliarles.com, 1
+anatoly.tk, 1
+anatomized.tk, 1
+anatoray.com, 1
+anatorywap.gq, 1
+anaxios.ga, 1
+anaxvip-sp.gr, 1
+anayahuasca.com.br, 1
+anayarealm.com, 1
+anbaicreative.com, 1
+anbank.pl, 1
+anbigift.nl, 1
+anblife.com, 1
+anborn.tk, 1
+ancade.es, 1
+ancaebacia.pt, 1
+ancarda.net, 1
+ancardukids.tk, 1
+anccg.ca, 1
+ance.lv, 0
+ancentury.com, 1
+ancestramil.fr, 1
+ancestry.ca, 1
+ancestry.co.uk, 1
+ancestry.com, 1
+ancestry.com.au, 1
+ancestry.de, 1
+ancestry.fr, 1
+ancestry.mx, 1
+ancestry.se, 1
+ancestrycdn.com, 1
+ancestryinstitution.com, 1
+anchev.net, 1
+anchorbvfs.com, 1
+anchorit.gov, 1
+anchoritsg.com, 1
+anchovy.nz, 0
+anchr.io, 1
+anciennes-automobiles.fr, 1
+anciens.org, 1
+ancient-gates.de, 1
+ancientnorth.com, 1
+ancientnorth.nl, 1
+anclarma.fr, 1
+ancolies-andre.com, 0
+anconatoday.it, 1
+ancuong.com, 1
+and-stuff.nl, 1
+and-tax.jp, 1
+andain.com, 1
+andalosse.tk, 1
+andalucia.com, 1
+andaluciaboard.tk, 1
+andalusiaal.gov, 1
+andantepiano.studio, 1
+andefang.com, 1
+andel.info, 0
+anderbelt.com.br, 1
+anders.hamburg, 1
+anderskp.dk, 0
+andersoncountytn.gov, 1
+andersonenergy.com.au, 1
+andersonlegal.co, 1
+andersonmanufacturing.com, 1
+andersonpowerservices.com, 1
+andersonshatch.com, 1
+andersontownshipoh.gov, 1
+andersraagaard.dk, 1
+anderstoneel.tk, 1
+anderstornkvist.se, 1
+andesnevadotours.com, 1
+andesoftconsulting.com, 1
+andeticaret.com, 1
+andfaraway.tk, 1
+andfrankly.com, 1
+andhrawishesh.com, 1
+andibo.net, 1
+andiplusben.com, 1
+andisadhdspot.com, 1
+andiscyber.space, 1
+andnet.tk, 1
+andoaingo-gaztetxea.tk, 1
+andobil.com, 1
+andoms.fi, 1
+andonivr.com, 1
+andonix.com, 1
+andorraimperial.tk, 1
+andorrainsiders.com, 1
+andos.tk, 1
+andouillette-thierry.fr, 1
+andoyasuyuki.com, 1
+andr-mobile.tk, 1
+andradealbuquerque.pt, 1
+andragon.tk, 1
+andrasnagy.com, 1
+andrasnagy.eu, 1
+andrasnagy.net, 1
+andrazaharia.com, 1
+andre-ballensiefen.de, 1
+andre-baum.com, 1
+andre-otto.com, 1
+andre-schlichting.de, 1
+andrea-kiaora.de, 1
+andrea-m.me, 1
+andrea-wirthensohn.at, 0
+andreaalloway.com, 1
+andreaassenti.it, 1
+andreaboero.it, 0
+andreacarreno.com, 1
+andreadraghetti.it, 1
+andreae.nl, 1
+andreafruggi.it, 1
+andreagiusti.tk, 1
+andreagobetti.com, 1
+andreagourmet.it, 1
+andrealand.sk, 1
+andreamcnett.com, 1
+andreapalermo.tk, 1
+andreapavone.com, 1
+andreas-kluge.eu, 1
+andreas-kurtz.de, 1
+andreaseracleous.com, 0
+andreasfeusi.ch, 1
+andreashartmann.net, 1
+andreashellkvist.tk, 1
+andreasjanker.de, 1
+andreaskluge.eu, 1
+andreaskrasa.com, 1
+andreaslicht.nl, 1
+andreasolsson.se, 1
+andreasr.com, 1
+andreaswirth.com, 1
+andreasxp.me, 1
+andreatedeschi.it, 1
+andrecanuto.com.br, 1
+andrecarvalho.net.br, 1
+andredaus.com, 1
+andree.cloud, 1
+andreeapasat.ro, 1
+andreferreira.website, 1
+andrehartensveld.tk, 1
+andrehazeswinactie.nl, 1
+andreichira.ro, 1
+andreihodorog.com, 1
+andreina-atencio.com, 1
+andrejbenz.com, 1
+andrejstefanovski.com, 1
+andremaciel.pt, 1
+andrematosband.tk, 1
+andreoliveira.io, 1
+andreotti-furniture.com, 1
+andrepicard.de, 1
+andresbandb.tk, 1
+andrescuartas.tk, 1
+andresgarciapersonal.com, 1
+andresgarciapersonal.es, 1
+andresgarzon.net, 1
+andresguiarealtor.com, 1
+andrespaz.com, 1
+andrespr.es, 1
+andresrios.nl, 1
+andressaflores.com.br, 1
+andresvillanueva.mx, 1
+andreundnina.de, 1
+andrew-lazarev.com, 1
+andrew.fi, 1
+andrewbennett.ltd, 1
+andrewcountymo.gov, 1
+andrewdaws.co, 1
+andrewdaws.info, 1
+andrewdaws.io, 1
+andrewdaws.me, 1
+andrewdaws.tv, 1
+andrewensley.com, 1
+andrewfergusonbooks.com, 1
+andrewglucas.com, 1
+andrewglucas.net, 1
+andrewhowden.com, 0
+andrewimeson.com, 1
+andrewin.ru, 1
+andrewjphotography.com, 1
+andrewmcfarlane.tk, 1
+andrewmichaelsmith.com, 1
+andrewmichaud.me, 1
+andrewnet.net, 1
+andrewpeng.net, 1
+andrewpucci.com, 0
+andrewrdaws.com, 1
+andrewrgoss.com, 1
+andrewryno.com, 1
+andrews-waste.co.uk, 0
+andrewsfasteners.uk, 1
+andrewsfss.marketing, 1
+andrewsnc.gov, 1
+andrewsoutar.com, 1
+andrewsun.com, 1
+andrewtasso.com, 1
+andrewtaylor.eu, 1
+andrewtran.xyz, 1
+andrewwiggins.ca, 1
+andrey.red, 1
+andrey1p.ru, 1
+andreyborisov.cf, 1
+andreyjuravlev.ga, 1
+andreypopp.com, 1
+andreysmirnov.tk, 1
+andrian.ga, 1
+andrian.io, 1
+andrian.tk, 1
+andriano.net, 1
+andrianova.ml, 1
+andriekus.tk, 1
+andrienko.tk, 1
+andrija-i-andjelka.com, 1
+andro4all.com, 1
+androgain.in, 1
+android, 1
+android-10-inch-tablets.tk, 1
+android-center.tk, 1
+android-club.cf, 1
+android-gamers.tk, 1
+android-hit.ml, 1
+android-it.cf, 1
+android-soft.gq, 1
+android-tv.3utilities.com, 1
+android-tv.ml, 1
+android.com.pl, 1
+android.re, 1
+android1.co.id, 1
+androidcrunch.com, 1
+androide.com, 1
+androidfactory.io, 1
+androidfinal.com, 1
+androidgadgematic.com, 1
+androidgaming.tk, 1
+androidhack.tk, 1
+androidhry.cz, 1
+androidinfotech.com, 1
+androidioswindows18378.ml, 1
+androidkatalog.cz, 1
+androidlab.tk, 1
+androidmafia.ru, 1
+androidmarket.gq, 1
+androidmarketturkiye.tk, 1
+androidmax.tk, 1
+androidnovinky.cz, 1
+androidphones.ga, 1
+androidplanet.nl, 1
+androidplay.tk, 1
+androidru.ml, 1
+androidservicetool.com, 1
+androidtamer.com, 1
+androidtcpdump.com, 1
+androidtelefony.cz, 1
+androidtools.gq, 1
+androidtorrent.info, 1
+androidtotal.ml, 1
+androidwale.ga, 1
+androidwedakarayo.com, 1
+androidweekly.net, 1
+androidzone.me, 1
+androlab.tk, 1
+andromeda.se, 1
+andropia-online.fr, 1
+androscoggincountyema.gov, 1
+androtics.com, 1
+androtix.com, 1
+andrush.eu, 1
+andruvision.cz, 1
+andschwa.com, 1
+andsecure.ch, 0
+andsoul.nl, 1
+andthisismyodyssey.tk, 1
+anduril.de, 1
+anduril.eu, 1
+andy-hagans.tk, 1
+andyante.cz, 1
+andyattorney.com, 1
+andybrett.com, 1
+andycatteceur.tk, 1
+andyclark.io, 0
+andyconcreting.com.au, 1
+andycraftz.eu, 1
+andycrockett.io, 1
+andykenward.com, 1
+andymoore.info, 0
+andyscubepage.tk, 1
+andyseducation.com, 1
+andysmith.tk, 1
+andyson.at, 1
+andysroom.dynu.net, 1
+andysroom.net, 1
+andyt.eu, 1
+andythomasonline.tk, 1
+andythomsonbooks.ca, 1
+andytownsendphotography.com, 1
+andytsoi.nyc, 1
+andyvandermeyde.tk, 1
+andywalkeronline.tk, 1
+andywilliamsonline.tk, 1
+andzia.art.pl, 1
+anecuni-club.com, 1
+anecuni-rec.com, 1
+anedot-sandbox.com, 1
+anedot.com, 1
+anedot.space, 1
+anedot.xyz, 1
+aneducationuto.tk, 1
+anegabawa.com, 0
+anehost.com, 1
+anehtaconseil.com, 1
+aneirin.net, 1
+anekatempatwisata.com, 1
+anekdot-pr.tk, 1
+anekdotik.tk, 1
+anekdotiki.tk, 1
+anelik.tk, 1
+anelki.net, 0
+aneslix.com, 0
+anesmebeli.com, 1
+anessex.wedding, 1
+anesterov.xyz, 1
+anetaben.nl, 1
+anetofwellness.com, 1
+anetteolzon.tk, 1
+anewperspectiveconstruction.com, 1
+anex.us, 1
+anexperimentedblog.tk, 1
+anextraordinaryday.net, 1
+anfadern.com, 1
+anfalas.ddnss.de, 1
+anfarabic.com, 1
+anfei.com, 1
+anfloors.ru, 0
+anfr.fr, 1
+angablade.com, 1
+angazajamii.com, 1
+ange-de-bonheur444.com, 1
+angeben.com, 1
+angel-body.com, 1
+angel-jrk.com, 1
+angel-wing.jp, 1
+angel163.ru, 0
+angela.baby, 1
+angeladietrich.com, 1
+angelaheck.com, 1
+angelalombardo.it, 1
+angelarellano.tk, 1
+angelbulldog.tk, 1
+angelcastellanos.tk, 1
+angelcorpus.tk, 1
+angelcreations.tk, 1
+angeldjmix.tk, 1
+angelefloramendy.org, 1
+angelesdelabismo.com, 1
+angelesydemonios.es, 1
+angelfood.org, 1
+angelhaken.com, 1
+angelhammer.tk, 1
+angelic.icu, 1
+angelic47.com, 1
+angelicapanganibansite.tk, 1
+angelicare.co.uk, 1
+angelicsphynx.tk, 1
+angelikaclothing.com, 1
+angelinadevil.tk, 1
+angelinafilipski.tk, 1
+angelineroguel.com, 1
+angeliquewoudenberg.tk, 1
+angeljmadrid.com, 1
+angelkeepers.net, 1
+angelnumber.faith, 1
+angelnumber.one, 1
+angelo4ek.tk, 1
+angeloangioi.tk, 1
+angelok.ru, 1
+angeloroelen.tk, 1
+angelpowwow.com, 1
+angelremigene.com, 0
+angelsanctum.tk, 1
+angelsandairwaves.tk, 1
+angelsandfriends.com, 1
+angelschlesser.tk, 1
+angelsdecay.tk, 1
+angelsgirl.eu.org, 1
+angelsmile.tk, 1
+angelsmithphotography.com, 1
+angelspabeauty.co.uk, 1
+angelswar.ga, 1
+angelthump.com, 1
+angeltorri.tk, 1
+angelvisionary.com, 1
+angem.gq, 1
+angem.tk, 1
+angepsychedelices.tk, 1
+angeredmoon.tk, 1
+angermanalvorna.tk, 1
+angesehen.com, 1
+angestoepselt.de, 1
+angie-webdesign.ch, 0
+angiejones.com, 1
+angielynx.net, 1
+angiesite.tk, 1
+angiewickes.com, 1
+anginf.de, 1
+angiolinikids.it, 1
+angione.ca, 1
+angione.se, 1
+angisonline.cz, 1
+angkapaito.net, 1
+angkasa.net.id, 1
+anglais-angouleme.com, 1
+anglarsports.com, 1
+angleline.cn, 1
+anglersconservation.net, 1
+anglertanke.de, 1
+anglictina-sojcak.cz, 1
+anglictinasojcak.cz, 1
+anglingactive.co.uk, 0
+anglingnewfoundlandlabrador.com, 1
+anglirl.eu.org, 1
+anglogoldashanti.com, 1
+anglopoltransport.pl, 1
+angolo.com, 1
+angolo.ga, 1
+angora.id, 1
+angorarabbitsaspets.com, 1
+angristan.fr, 1
+angristan.xyz, 1
+angry-monk.com, 1
+angry.im, 1
+angryaf.com, 1
+angrybear.tk, 1
+angrybug.com, 1
+angrydragonproductions.com, 1
+angrymoulinex.tk, 1
+angrysnarl.com, 1
+angryteeth.net, 0
+angstakademie.com, 1
+angstrommold.com, 1
+angular-js.ga, 1
+anguloconsulting.com, 1
+angusandperthpgl.tk, 1
+angusbarn.com, 1
+anh-dv.com, 1
+anhaffen.lu, 1
+anhangabau.com, 1
+anhdvboot.com, 1
+anhdvshop.com, 1
+anhembi.br, 1
+anhqv.es, 1
+ani-man.de, 1
+aniababan.com, 1
+aniabuduje.pl, 1
+aniaimichal.eu, 1
+anian.ch, 0
+aniblizzard.tk, 1
+anichief.com, 1
+anievo.id, 1
+aniforprez.net, 1
+anightmareonelmstreet.tk, 1
+anihilated.tk, 1
+anihonetwallpaper.com, 1
+anikabyaabi.com, 1
+anikaras.ga, 1
+anikschwall.com, 1
+anilom.tk, 1
+anim.ee, 1
+anima.digital, 1
+anima.nz, 1
+animaalternative.it, 1
+animacionclub.tk, 1
+animadoc.cl, 1
+animaeducacao.com.br, 1
+animaemundi.be, 0
+animal-clothing.com, 1
+animal-liberation.com, 1
+animal-paris.fr, 1
+animal-rights.com, 1
+animal-world.cf, 1
+animal-world.tk, 1
+animalarkvets.co.uk, 1
+animalcenterunomas.tk, 1
+animalcrossingwiki.de, 1
+animalkingdom.cl, 1
+animalliberation.tk, 1
+animallog.tk, 1
+animalnutritionwizard.org, 1
+animalpetblog.ml, 1
+animalpetgroup.ml, 1
+animalpix.ch, 0
+animalplace.tk, 1
+animalratingsers.ga, 1
+animalratingsest.ga, 1
+animals-world.tk, 1
+animalshelter.tk, 1
+animalsphoto.tk, 1
+animalstropic.com, 1
+animaltesting.fr, 1
+animalworld.gq, 1
+animalz.ga, 1
+animalz.ml, 1
+animalz.tk, 1
+animamega.tk, 1
+animan.ca, 1
+animanganetwork.tk, 1
+animaproduksiyon.com.tr, 1
+animari.at, 1
+animari.ch, 1
+animari.de, 1
+animari.eu, 1
+animasencia.tk, 1
+animashka.tk, 1
+animataz.ga, 1
+animate.de, 1
+animatedtimes.com, 1
+animazul.tk, 1
+anime-and-manga-news.tk, 1
+anime-best.tk, 1
+anime-cafe.tk, 1
+anime-dragoon.tk, 1
+anime-drift.tk, 1
+anime-list.ga, 1
+anime-news.tk, 1
+anime-rg.com, 1
+anime-tip.com, 1
+anime-tv.tk, 1
+anime.my, 0
+anime1.me, 1
+anime1.moe, 1
+anime1.pw, 1
+anime74.ru, 1
+animeai.com, 1
+animebits.moe, 1
+animecasepremium.id, 1
+animecollective.com, 1
+animecreed.ga, 1
+animeday.ml, 1
+animeday.tk, 1
+animedescarga.ml, 1
+animedesuga.com, 1
+animedon.tk, 1
+animeelite.tk, 1
+animefire.net, 0
+animefluxxx.com, 1
+animefun.cf, 1
+animegroup.tk, 1
+animeheaven.ml, 1
+animehomeworld.tk, 1
+animeinsights.net, 1
+animekun.tk, 1
+animelandia.tk, 1
+animelatino.tk, 1
+animelesson.ga, 1
+animelily.com, 1
+animelime.ru, 1
+animelolipop.com, 1
+animemotivation.com, 1
+animeonsen.xyz, 1
+animeplus1.tk, 1
+animepower.gq, 1
+animepower.tk, 1
+animequest.tk, 1
+animeronews.tk, 1
+animeru.org, 1
+animes-portal.info, 1
+animesbrasil.tk, 1
+animesconsteemplee.tk, 1
+animesekken.tk, 1
+animesharp.com, 1
+animeshka.tk, 1
+animeslayer.ga, 1
+animeslayer.ml, 1
+animesoftcream.com, 1
+animestash.tk, 1
+animestreamingfr.fr, 1
+animesun.tk, 1
+animetosho.org, 1
+animetriad.com, 1
+animeuknews.net, 1
+animewallpapers.tk, 1
+animixplays.net, 1
+animmouse.com, 1
+animocreator.com, 1
+animofluteandpiano.co.uk, 1
+animonda.de, 1
+animotica.com, 1
+animoxavilorza.tk, 1
+aninews.tk, 1
+anip.icu, 1
+anipassion.com, 0
+aniplus.cf, 1
+aniplus.gq, 1
+anishnayak.com, 1
+anisimov.ml, 1
+anisotomatikkapi.com, 1
+anitaalbersen.nl, 1
+anitahebe.com, 1
+anitalk.dk, 1
+anitaxcph.dk, 1
+anitklib.ml, 1
+anitop.ga, 1
+anitop.tk, 1
+anitube-nocookie.ch, 1
+aniviasport.store, 1
+anivision.tk, 1
+aniwatch.me, 1
+aniwhen.com, 1
+aniya.moe, 1
+anja-vastgoed.nl, 1
+anjaliandthekid.com, 1
+anjanbiswas.in, 1
+anjara.eu, 1
+anjiurine.top, 1
+anjocerdena.com, 1
+anjoola.com, 1
+anjtransportsolutions.com.au, 1
+ankam.com, 1
+ankane.org, 1
+ankanetworks.net, 1
+ankaraarabakiralama.com.tr, 1
+ankaraarabakiralama.name.tr, 1
+ankaraarackiralama.name.tr, 1
+ankaraciftkabin.com, 1
+ankaracikma.com.tr, 1
+ankaracikmaparca.com.tr, 1
+ankaradaozelders.tk, 1
+ankaraevdenevenakliyat.name.tr, 1
+ankarafiziktedavimerkezi.com.tr, 1
+ankarajeneratorkiralama.com.tr, 1
+ankarakurumsalwebtasarim.com, 1
+ankaramotosikletyedekparca.com, 1
+ankaraotocikmaparca.com.tr, 1
+ankaraotokiralama.name.tr, 1
+ankaraotokiralama.tk, 1
+ankaraotomobilcikmaparca.com, 1
+ankaraotomobilcikmaparca.com.tr, 1
+ankaraotomobilyedekparca.com, 1
+ankaraotomobilyedekparca.com.tr, 1
+ankararentacar.name.tr, 1
+ankaraseo.name.tr, 1
+ankarasondajkuyusutemizleme.com, 1
+ankarauzmanlarnakliyat.com, 0
+ankarawebtasarim.name.tr, 1
+ankarawebtasarim.tk, 1
+ankarayedek.com.tr, 1
+anker-wladyslawowo.pl, 1
+anketlekazan.net, 1
+ankitha.in, 1
+ankitpati.in, 1
+ankiuser.net, 1
+ankiweb.net, 1
+ankos.cf, 1
+ankureurope.co.uk, 1
+ankurray.com, 1
+ankya9.com, 1
+anleitung-deutsch-lernen.de, 1
+anleitung-zum-flechten.de, 1
+anleitung-zum-haekeln.de, 1
+anleitung-zum-schreiben.de, 1
+anleitung-zum-schweissen.de, 1
+anleitung-zum-toepfern.de, 1
+anlikdoviz.co, 1
+anlikhaber.tk, 1
+anliting.com, 1
+anmelden.io, 1
+anmriers.ga, 1
+anna-beauty.ga, 1
+anna-beauty.gq, 1
+anna-center.tk, 1
+anna-dance.ru, 1
+anna-mai.net, 1
+anna.info, 1
+annaaurora.eu, 1
+annabelcinemas.com, 1
+annabelmassina.net, 1
+annabet.com, 1
+annadebrux.cf, 1
+annadebrux.ga, 1
+annadebrux.gq, 1
+annadebrux.ml, 1
+annaenemma.nl, 1
+annafiore.com.br, 1
+annainstitute.org, 1
+annalaudel.gallery, 1
+annaleon.tk, 1
+annalisefashion.ga, 1
+annalitvinova.pro, 1
+annalouise.tk, 1
+annaluizaferreira.com.br, 1
+annandaleonline.net, 1
+annandaleonline.org, 1
+annangela.cn, 1
+annangela.moe, 0
+annarborplasticsurgery.com, 1
+annarokina.com, 1
+annat.cf, 1
+annat.tk, 1
+annavissi.tk, 1
+annawagner.pl, 1
+annaweb.tk, 1
+annazweglinska.pl, 1
+anne-gb.ch, 1
+anne-marie.tk, 1
+annedaniels.co.uk, 1
+anneeden-porn.com, 1
+anneeden.com, 1
+annefit.ro, 1
+annefrank.org, 1
+annejan.com, 1
+annekleinert.de, 1
+annelida.com, 1
+annelies-monsere.tk, 1
+anneliesonline.nl, 1
+anneliesvanhoof.tk, 1
+annelisetouya.com, 1
+annema.biz, 1
+annemakeslovelycandles.co.uk, 1
+annemarielaponder.com, 1
+annesfotografie.de, 1
+annetardif.ca, 1
+annetta.com, 1
+annetta.net, 1
+annettewindlin.ch, 1
+annevankesteren.nl, 1
+annevankesteren.org, 1
+anney-life.com, 1
+anniangel-porn.com, 1
+annicascakes.nl, 1
+anniecloth.com, 1
+anniegagnonphotographie.com, 1
+anniesdollhouse.com, 1
+annihilation-squad.tk, 1
+annikarose-porn.com, 1
+annitrinity.com, 1
+annitrinity.net, 1
+anniversaryforumers.ga, 1
+annonasoftware.com, 1
+annoncer.ga, 1
+annonces-immobilier.tk, 1
+annonces-moto.org, 1
+annonces-vacances.info, 1
+annonces34.tk, 1
+annonseringonline.se, 1
+announcement.tk, 1
+annoyinggui.de, 1
+annoyingguide.de, 1
+annrusnak.com, 1
+anns.eu, 1
+annthegran.com, 1
+annu.tk, 1
+annuaire-auto-ecole.com, 1
+annuaire-express.tk, 1
+annual.ga, 1
+annuire.org, 1
+annuitycommunity.com, 1
+annuityequityers.ga, 1
+annulleret.tk, 1
+annunciationbvmchurch.org, 1
+annuncisesso.tk, 1
+annyaurora.net, 1
+annygraces.com, 1
+anodas.lt, 1
+anohana.org, 1
+anokacountybuys.gov, 1
+anol.loan, 1
+anomalous.eu, 1
+anomaly.tk, 1
+anon-gap.tk, 1
+anon-net.tk, 1
+anon-next.de, 1
+anon-tipz.tk, 1
+anon-ways.tk, 1
+anonaddy.com, 1
+anonaddy.me, 1
+anonase.com, 1
+anoncrypto.org, 1
+anoneko.com, 1
+anongoth.pl, 0
+anonhq.com, 1
+anonicloud.ch, 1
+anoniem-domein.nl, 1
+anonimizers.tk, 1
+anonmega.tk, 1
+anonofficial.tk, 1
+anonrea.ch, 1
+anons.fr, 0
+anonsearch.org, 1
+anonser.tk, 1
+anontekno.com, 1
+anonwonders.tk, 1
+anonybus.com, 1
+anonym-surfen.de, 0
+anonym-surfen.online, 1
+anonyme-spieler.at, 1
+anonymous.com.pt, 1
+anonymousbitcoinexchange.org, 1
+anonymousemail.me, 1
+anonymshare.com, 1
+anoopcnair.com, 1
+anopan.tk, 1
+anora.ai, 1
+anoracdn.net, 1
+anorak.tech, 1
+anordinaryhousewife.com, 1
+anorexia-nervosa.tk, 1
+anoservices.co.uk, 1
+another.ch, 1
+anotherfatgeek.net, 1
+anotherinvest.pl, 1
+anothermilan.net, 1
+anothermusic.tk, 1
+anotheronedead.tk, 1
+anothersupersite.com, 1
+anothersupersociety.com, 1
+anothervps.com, 1
+anoual-lycee.tk, 1
+anoujaa.com, 1
+anouncer.ga, 1
+anova.com, 1
+anowicki.pl, 1
+anoxinon.de, 1
+anoxinon.media, 1
+anpaju.gq, 1
+anpigabon.ga, 1
+anquankongjian.com, 1
+anrworldwide.com, 1
+ans-ge.ch, 0
+ans-solutions.com, 1
+ansas.net, 0
+ansdell.net, 1
+ansellchallenge.azurewebsites.net, 1
+anseo.ninja, 1
+ansermet.net, 0
+ansermfg.com, 1
+ansgar-sonntag.de, 1
+ansgar.tk, 1
+ansgarsonntag.de, 1
+anshar.eu, 1
+anshlag.co.il, 1
+ansibeast.net, 1
+ansichtssache.at, 1
+ansogning-sg.dk, 1
+anson.ru, 1
+ansoncountync.gov, 1
+ansperformance.eu, 1
+anstaskforce.gov, 1
+anster.org, 1
+anstorino.tk, 1
+answerbookstore.tk, 1
+answerconnect.co.uk, 1
+answerconnect.com, 1
+answerforce.com, 1
+answering365.com, 0
+answernow.cf, 1
+answers-online.ru, 1
+answersincme.com, 1
+antabuse.ga, 1
+antabuse500mg.ga, 1
+antabuskaufen1.gq, 1
+antagning-vn.se, 1
+antagning.se, 1
+antagonist1.tk, 1
+antalya-taxi.cf, 1
+antalya-turkey.tk, 1
+antalya-yesim.cf, 1
+antalyaduvarkagidi.com.tr, 1
+antalyaescmagazin.tk, 1
+antalyaescortyaren.tk, 1
+antalyahomes.com, 1
+antalyamasajsalonu.gq, 1
+antama.eu, 1
+antama.nl, 1
+antanavagefarbiarz.com, 1
+antani.cloud, 1
+antarcti.co, 1
+antarctida.tk, 1
+antaresmedia.com.py, 1
+antarktida.ru, 1
+antarktida.tk, 1
+antarlina.com, 1
+antavo.com, 1
+antcas.com, 0
+antechrista.tk, 1
+antecim.fr, 1
+antecipa.com, 1
+antelope.ai, 1
+antena.ga, 1
+antenaplay.ro, 1
+antenasmundosat.com, 1
+antenasmundosat.com.br, 1
+antenaweb.tk, 1
+antenna-lyubertsy.cf, 1
+antennajunkies.com, 1
+antennaweb.tk, 1
+antennekaart.nl, 1
+antennista.bari.it, 1
+antennista.catania.it, 1
+antennista.it, 1
+antennista.milano.it, 1
+antennista.pavia.it, 1
+antennista.roma.it, 1
+antennista.tv, 1
+antennistaroma.it, 1
+antennisti.milano.it, 1
+antennisti.roma.it, 1
+anteny.ml, 1
+antephaber.tk, 1
+anteros.shop, 1
+antfarm.cf, 1
+anthes.is, 1
+anthiago.com, 1
+anthisis.tv, 1
+anthony-bardon.eu, 1
+anthonychampagne.me, 1
+anthonydegrande.tk, 1
+anthonyellis.com, 1
+anthonyfontanez.com, 1
+anthonylaberge.tk, 1
+anthonyloop.com, 1
+anthonymineo.com, 0
+anthonytimbers.com, 1
+anthonytutorials.tk, 1
+anthonyvadala.me, 1
+anthrene-traitement.fr, 1
+anthro.asia, 1
+anthro.icu, 1
+anthrocon.com, 1
+anthrocon.net, 1
+anthrocon.org, 1
+anthroper.com, 1
+anthropoid.ca, 1
+anti-akw-ac.de, 1
+anti-bible.com, 1
+anti-civilisation.tk, 1
+anti-ddos.group, 1
+anti-depressants.tk, 1
+anti-doping.tk, 1
+anti-eniologia.ml, 1
+anti-eniologiya.ml, 1
+anti-gololed.ga, 1
+anti-iupac.tk, 1
+anti-lohotron.tk, 1
+anti-nsa.tk, 1
+anti-radar.org, 1
+anti-spy.net, 0
+anti-stop.cf, 1
+antiage.ml, 1
+antianti.nl, 1
+antiaz.com, 1
+antibanner.tk, 1
+antibioticaugmentin.cf, 1
+antibioticaugmentin.ml, 1
+antibioticaugmentin.tk, 1
+antibioticsadvice.cf, 1
+anticapitalist.party, 1
+anticensorship-russia.tk, 1
+antichat.tk, 1
+antichatresources.ga, 1
+anticipating.tk, 1
+anticonceptieportaal.nl, 1
+anticopyright.com, 1
+anticorruption.tk, 1
+antics.tk, 1
+antidayton.com, 1
+antidepressants.tk, 1
+antidopamine.com, 1
+antidope.tk, 1
+antidoping.tk, 1
+antidott.fr, 1
+antiekboerderijgraafland.nl, 1
+antielectoral.tk, 1
+antifa-bernau.tk, 1
+antifa.sh, 0
+antifabus.tk, 1
+antifake-funko.fr, 1
+antifaschistisch-reisen.tk, 1
+antifaschistische-linke.tk, 1
+antifaschistischeaktioncelle.tk, 1
+antifilter.network, 1
+antifraud.cf, 1
+antifraudcentre-centreantifraude.ca, 1
+antifurti.roma.it, 1
+antigravity.cf, 1
+antihelp-tomsk.tk, 1
+antihistaminico.com, 1
+antihistory.cf, 1
+antihistory.ga, 1
+antihistory.gq, 1
+antihistory.ml, 1
+antihype.space, 1
+antijob.tk, 1
+antik-trodelmarkt.de, 1
+antikeo.com, 1
+antikfloors.ga, 1
+antikfloors.gq, 1
+antikfloors.ml, 1
+antikpest.hu, 0
+antikvar-i-ya.tk, 1
+antikvar-net.tk, 1
+antikvariat22.cz, 1
+antikvarshop.tk, 1
+antilaserpriority.com, 1
+antiled.by, 1
+antimateri.com, 1
+antimaterie.tk, 1
+antimine.me, 1
+antiminutemen5.tk, 1
+antinatalism.com, 1
+antinatalists.com, 1
+antinazi.org, 1
+antincendio.it, 1
+antincendio.roma.it, 1
+antiochtechnologies.com, 1
+antipa.ch, 1
+antipodi.ga, 1
+antipolygraph.org, 1
+antiquario.roma.it, 1
+antique-pedalcars.ch, 1
+antiquecenter.gq, 1
+antiquefirearms.tk, 1
+antiquemotorcycle.org, 1
+antiquesinvestorsest.ga, 1
+antireklams.tk, 1
+antirepressionbayarea.com, 1
+antiseptik.me, 1
+antishell.ru, 1
+antisocialist.tk, 1
+antispamcloud.dk, 1
+antispeciesism.com, 1
+antispeciesist.com, 1
+antistarenie.tk, 1
+antistate.ch, 1
+antistatik.tk, 1
+antisystem.tk, 1
+antitabak.tk, 1
+antiuser.tk, 1
+antivandal.tk, 1
+antivigilancia.tk, 1
+antivirus.com, 1
+antivirus.cz, 1
+antivirusnet.tk, 1
+antivirusnik.tk, 1
+antivirusprotection.reviews, 1
+antiwarsongs.org, 1
+antize.tk, 1
+antizon.net, 1
+antlerprojects.com, 1
+antnetwork.tk, 1
+antocom.com, 1
+antoga.eu, 1
+antoinat.fr, 1
+antoine-data.tk, 1
+antoine-soscouverture.fr, 1
+antoined.fr, 0
+antoinedeschenes.com, 1
+antoinelounis.com, 1
+antoinelounis.xyz, 1
+antoineschaller.ch, 0
+anton-media.tk, 1
+anton-nb.com, 1
+antonchen.com, 1
+antonellabb.eu, 1
+antoni.xyz, 1
+antoniamaria.tk, 1
+antonianolocura.tk, 1
+antonimos.com.br, 1
+antonin.one, 1
+antoninocardillo.com, 1
+antonio-gartenbau.de, 0
+antoniojr.adv.br, 1
+antoniolatimore.com, 1
+antoniomarques.eu, 0
+antoniorodriguesadv.com.br, 1
+antonios.ch, 1
+antonioso.ng, 1
+antonioucabinets.com.au, 1
+antonis.cy, 1
+antonis.org, 1
+antonjuulnaber.dk, 1
+antonoff.tk, 1
+antonok.com, 1
+antonovka.ga, 1
+antonygeorge.tk, 1
+antonyraz.de, 1
+antopie.org, 1
+antoshka-net.tk, 1
+antota.lt, 1
+antragsgruen.de, 1
+antraxx.ee, 1
+antrimnh.gov, 1
+antrodiulisse.eu, 0
+antropico.com, 1
+antroposboutique.it, 1
+antroposofica.com.br, 1
+ants-and-me.ml, 1
+ants-carte-grise.fr, 1
+antstoolbox.com, 1
+antti.codes, 1
+antts.uk, 1
+antts.xyz, 1
+anturis.com, 1
+antwire.net, 1
+antyblokada.pl, 1
+antyware.pl, 1
+anubandarage.com, 1
+anubislinux.tk, 1
+anubisz.tk, 1
+anubixx.com, 1
+anujag.tk, 1
+anukaweb.com, 1
+anuke.eu.org, 1
+anulowano.pl, 1
+anunciosclasificados.co, 1
+anuntulmeu.tk, 1
+anunturitv.ro, 1
+anvilmetal.tk, 1
+anvilsales.tk, 1
+anvilsecure.com, 1
+anvish.in, 1
+anwalt-website.de, 1
+anwalt.us, 1
+anwarulislam.tk, 1
+anwarverdict.ml, 1
+anweshpatel.tk, 1
+anxietydisorderexplained.com, 1
+anxietyspace.com, 1
+anxiolytics.com, 1
+any-download.cf, 1
+any-download.ga, 1
+any-download.gq, 1
+any-download.ml, 1
+any-download.tk, 1
+any-id.be, 1
+any-id.eu, 1
+any-id.nl, 1
+any-id.online, 1
+any-id.store, 1
+any-link-page.de, 1
+any6.com, 1
+anya-carter.com, 1
+anya.moe, 1
+anyad.at, 1
+anyboat.com.au, 1
+anybus.com, 0
+anycoindirect.eu, 1
+anydaytour.cf, 1
+anyduchildren.tk, 1
+anyebooks.cf, 1
+anyebooks.ga, 1
+anyebooks.gq, 1
+anyebooks.ml, 1
+anyfood.fi, 1
+anyhobby.ga, 1
+anyi.in, 1
+anyid.be, 1
+anyid.uk, 1
+anyid.us, 1
+anyilin.cn, 1
+anyma.it, 1
+anymatch.ai, 1
+anyone.cf, 1
+anypeer.net, 1
+anyplant.ga, 1
+anyprime.net, 1
+anyquestions.govt.nz, 1
+anyradio.ga, 1
+anyrisk.ru, 1
+anyrose.ga, 1
+anysale.ga, 1
+anyshapemusic.com, 1
+anyshow.ga, 1
+anystack.xyz, 1
+anytimefitness.co.in, 1
+anytimefitness.co.uk, 1
+anytimefitness.nl, 1
+anytimefundingers.ga, 1
+anytimefundingest.ga, 1
+anytimeicon.io, 1
+anytimeoffices.ga, 1
+anytimesewerrepair.com, 1
+anytots.com, 1
+anyuta-mebel.tk, 1
+anywayanyday.com, 1
+anywhereworks.com, 1
+anz.co.nz, 1
+anzalikala.com, 1
+anzeiger.ag, 1
+anztb.org, 1
+ao-vivo.net, 1
+ao2.it, 1
+ao27.net, 1
+ao2law.com, 1
+ao6.works, 1
+aoa.gov, 1
+aoa2.ch, 1
+aoadatacommunity.us, 1
+aoaprograms.net, 1
+aobogo.com, 1
+aocai.com, 1
+aoconsultoria.com, 1
+aod-tech.com, 1
+aodisco.co.uk, 1
+aodnovel.com, 0
+aoe2de.com, 1
+aoe9.com, 1
+aoeuaoeu.com, 1
+aofusa.me, 1
+aofusa.net, 1
+aohao.com, 1
+aoicprobationil.gov, 1
+aoil.gr, 1
+aojf.fr, 1
+aok-bv.de, 0
+aokae.com, 1
+aoku3d.com, 0
+aolcollege.com, 1
+aomar-mohammedi.tk, 1
+aomi.com, 1
+aonedatasolution.com, 1
+aonhewitt.com.cy, 1
+aonhewitt.gr, 1
+aonsolutions.com.cy, 1
+aonsolutions.gr, 1
+aooobo.com, 1
+aopa.org, 1
+aopedeure.nl, 1
+aorangi-debt.co.nz, 1
+aorhan.com, 1
+aori.com, 1
+aorui.com, 1
+aosc.kz, 1
+aosclan.tk, 1
+aoshiya.com, 1
+aosika.com, 1
+aospa.co, 1
+aostacarnavals.it, 1
+aosus.org, 1
+aotearoa.maori.nz, 1
+aotearoafreepress.com, 1
+aotearoaleaks.org, 1
+aotopo.com, 1
+aotuo.com, 1
+aova.loan, 1
+aoyagi-farm.jp, 1
+aoyamacc.co.jp, 1
+aozora.moe, 1
+ap-bg.eu, 1
+ap.icu, 1
+ap314.com, 1
+apa-canal.ro, 1
+apac-fxcm.com, 1
+apache-portal.com, 1
+apachecountyaz.gov, 1
+apachehaus.de, 0
+apachelounge.com, 1
+apachetoday.com, 1
+apadmi.com, 0
+apadrinaunolivo.org, 1
+apadvantage.com, 1
+apaesthetics.com, 1
+apambiente.pt, 1
+apaniwebsite.xyz, 1
+apannpyaymedia.com, 1
+apapinspection.ca, 1
+aparaatti.org, 1
+aparistravel.com, 0
+apart-hotel-weimar.de, 1
+apartamentosenventaenplayadelcarmen.com, 1
+apartamentosenventaplayadelcarmen.com, 1
+apartamentoslostejos.tk, 1
+apartamentscalpatoi.cat, 1
+apartamentsvituri.com, 1
+apartmani-kamenik.com.hr, 1
+apartment-in-rijeka.com, 1
+apartment-market.ml, 1
+apartment.loans, 1
+apartmentkroatien.at, 1
+apartmentregister.com.au, 1
+apartments-promajna.tk, 1
+apartments.co.nz, 1
+apartrentrotterdam.nl, 1
+apartyakamoz.com, 1
+apasaja.tech, 1
+apassodarte.com, 1
+apatransport.com, 1
+apbassettsolicitors.co.uk, 1
+apbforum.tk, 1
+apbio.org, 1
+apbox.de, 1
+apcassistant.com, 1
+apcdistri.com, 1
+apcmc.pt, 1
+apcube.com, 1
+apcw.org, 1
+apdfawl.com, 0
+apdtalents.org.tw, 1
+apdx.com, 1
+apea.com, 1
+apeasternpower.com, 1
+apedreira.com, 1
+apef.ch, 0
+apefrog.tk, 1
+apeiri.de, 1
+apeironassets.com, 1
+apelsin.ml, 1
+apem.com, 1
+aperature.com, 1
+apercloud.es, 1
+aperioadvice.ga, 1
+aperiomoney.ga, 1
+aperiotaxation.ga, 1
+apert.be, 1
+aperta.ro, 1
+aperta.shop, 1
+apertis.org, 0
+aperto-nota.eu, 0
+aperto.de, 1
+apertura.tk, 1
+aperture-science.net, 1
+aperture.gr, 1
+apertureimaging.com, 1
+aperturelabs.tk, 1
+aperturescience.cf, 1
+aperturesciencelabs.de, 1
+apertvre.tk, 1
+apex-parts.com, 1
+apex-promotion.com, 1
+apex-writers.com, 1
+apex.ac, 1
+apex.aw, 1
+apexchain-dev.com, 1
+apexchimneyrepairs.com, 1
+apexconsulting.io, 1
+apexfacades.com.au, 1
+apexitsolutions.ca, 1
+apexnc.gov, 1
+apexperformancegym.com, 1
+apexpreciousmetals.com, 1
+apextrailers.co.za, 1
+apexxglobalevents.com, 1
+apfhaiti.org, 1
+apfm.fr, 1
+apfnxg.com, 1
+apgw.jp, 1
+aphantasiac.com, 1
+aphelionband.ga, 1
+aphelionentertainment.com, 1
+aphelis.net, 1
+aphorismen-archiv.de, 1
+api-agri.ga, 1
+api-bitrefill.com, 1
+api-hany.cf, 1
+api.biz.tr, 1
+api.lookout.com, 1
+api.recurly.com, 1
+api42.ch, 1
+api64.com, 1
+apiary.shop, 1
+apiary.supplies, 1
+apiary.supply, 1
+apicep.com, 1
+apico-fish.ru, 1
+apiculture.net, 1
+apienergisahomol.com, 1
+apiinfotech.com, 1
+apil.org.uk, 1
+apila.care, 1
+apiled.io, 1
+apilicens.nu, 1
+apimon.de, 1
+apimoveisorocaba.com.br, 1
+apinat.de, 1
+apination.com, 1
+apio.systems, 1
+apiordie.com, 1
+apiplus.fr, 1
+apipsandiego.ga, 1
+apipsandiego.gq, 1
+apipsandiego.ml, 1
+apirie.uk, 1
+apiris.fr, 1
+apis.blue, 1
+apis.google.com, 1
+apit-kovrov.ru, 1
+apitodemestre.com.br, 1
+apiu.me, 1
+apix.se, 1
+apix.uz, 1
+apixmessaging.com, 1
+apixplatform.com, 1
+apk-world.cf, 1
+apk.li, 1
+apk4fun.com, 1
+apkclup.com, 1
+apkcunk.com, 1
+apkdv.com, 0
+apkfame.com, 1
+apkfree.com, 1
+apkfuse.com, 1
+apkindirsene.com, 1
+apkmaze.com, 1
+apkmint.co, 1
+apkmodders.com, 0
+apkmody.io, 1
+apknut.com, 1
+apkoc.com, 1
+apkpokemongo.ga, 1
+apkpokemongo.gq, 1
+apkpokemongo.tk, 1
+apksdroid.com, 1
+apktechy.com, 1
+apkteen.com, 1
+apkxi.com, 1
+aplaceforpops.com, 1
+aplausse.tk, 1
+aplazame.com, 0
+aplcare.com, 1
+aplibrary.org, 1
+aplicaciones.ai, 1
+aplis-online.de, 0
+aplpackaging.co.uk, 1
+aplteam.tk, 1
+aplu.fr, 1
+aplus.mn, 1
+aplusdownload.com, 1
+aplusteachingresources.com.au, 1
+aplusz.nl, 1
+apm.com.tw, 1
+apn-dz.org, 1
+apn-einstellungen.de, 1
+apnagujarkhan.tk, 1
+apnakhattak.tk, 1
+apnanaudero.tk, 1
+apnee-sommeil.ml, 1
+apnews.com, 1
+apnic.network, 1
+apnisites.tk, 1
+apobot.de, 1
+apocalipsisdot.tk, 1
+apocalypseboard.tk, 1
+apocalypseclan.tk, 1
+apocalypsje.ga, 1
+apod.com.au, 1
+apod.ml, 1
+apogaea.com, 1
+apogeephoto.com, 1
+apoia.se, 1
+apoiocoletivo.com, 1
+apokalipsis.tk, 1
+apolitical.co, 1
+apollodiet.com, 1
+apollogames.cz, 1
+apolloheatingandair.com, 1
+apollointeractive.com, 1
+apollomobile.ga, 1
+apollomobile.gq, 1
+apollonas.tk, 1
+apollonia.tk, 1
+apollosoftware.pro, 1
+apollowallet.org, 1
+apollux.ro, 1
+apollyon.work, 1
+apoly.de, 1
+apometria.site, 1
+aponkral.com, 1
+aponkral.com.tr, 1
+aponkral.dev, 1
+aponkral.net, 1
+aponkral.net.tr, 1
+aponkral.org, 1
+aponkral.org.tr, 1
+aponte-systems.com, 1
+apopka.gov, 1
+apopov.tk, 1
+apordi.fr, 1
+aporter.xyz, 1
+aposan.de, 1
+aposke.com, 1
+aposke.net, 1
+aposke.org, 1
+apostalegal.com, 1
+apostalegal.pt, 1
+apostascomvalor.com, 1
+apostasdesportivas.tv, 1
+apostasolida.com, 1
+apostillelondon.com, 1
+apothecarydouglasville.com, 1
+apotheek-ict.nl, 1
+apotheke.social, 1
+apothekeonline.tk, 1
+apotom.tk, 1
+apoyoentareas.tk, 1
+apozitivenergiasport.hu, 1
+app, 1
+app-alp-cp-boost-model.azurewebsites.net, 1
+app-at.work, 1
+app-capacitymanager-v1-pro-crd-hd.azurewebsites.net, 1
+app-cinveninfostream-qa.azurewebsites.net, 1
+app-colissimo.fr, 1
+app-control-fcu.de, 1
+app-finanzas-services-v1-pro-ol.azurewebsites.net, 1
+app-internalapps-v1-uat-crd-hd.azurewebsites.net, 1
+app-online.cloud, 1
+app-scantech.com, 1
+app-scope.com, 1
+app-sharepoint-v1-pro-crd-hd.azurewebsites.net, 1
+app-uks-stg-projectb-website.azurewebsites.net, 1
+app.do, 1
+app.gp, 1
+app.lookout.com, 1
+app.ps, 1
+app.recurly.com, 1
+app.yinxiang.com, 0
+app00228.com, 1
+app11018.com, 1
+app2get.de, 1
+app3w.nl, 1
+app666365.com, 0
+app77018.com, 1
+appac.com.tr, 1
+appac.ltd, 1
+appagility.co.nz, 1
+apparatrechose.tk, 1
+apparatus.ga, 1
+apparelfashionwiki.com, 1
+apparelmusic.com, 1
+appartamento.tk, 1
+appartement-andrea.at, 1
+appartement-evolene.net, 0
+appartement-oostduinkerke.tk, 1
+appartementhaus-am-uke.de, 1
+appartementhaus-badria.de, 1
+appartementmarsum.nl, 1
+appartementspanje.tk, 1
+appartementvlissingen.tk, 1
+appartenfrance.com, 1
+appbet43.com, 1
+appbot.co, 1
+appbydl.com, 1
+appcoins.io, 1
+appcraver.com, 1
+appdrinks.com, 1
+appearinsequel.tk, 1
+appel-aide.ch, 1
+appelboom.com, 1
+appelboomdefilm.nl, 1
+appelerintrt.tk, 1
+appelhof.com, 1
+appemployees.tk, 1
+appen.com, 1
+appen.com.cn, 1
+appengine.google.com, 1
+appers.co, 1
+appetiser.com.au, 1
+appetitesanonymous.com, 1
+appfollow.io, 1
+appgeek.com.br, 1
+appgrowing.cn, 1
+appgrowing.net, 1
+appgrowth.com, 1
+appgurus.com.au, 1
+apphr.io, 1
+appian-cdn-gov.com, 1
+appian-cdn.com, 1
+appiancloud-dynamic.com, 1
+appiancloud-static.com, 1
+appiancloud.com, 1
+appify.org, 1
+appimlab.it, 1
+appingrove.com.au, 1
+appinplace.com.au, 1
+appinvalley.com.au, 1
+appjobs.com, 1
+applaus-kornwestheim.de, 1
+apple-droid.com, 1
+apple-droid.ru, 1
+apple-watch-zubehoer.de, 1
+apple.ax, 1
+apple.markets, 1
+apple.tf, 1
+apple.wf, 1
+apple77.net, 1
+applebee1558.com, 1
+applecare.cz, 1
+appledroid.ru, 1
+appleedu.com, 1
+appleexterminating.com, 1
+applefeel.com, 1
+appleglasscompany.com, 1
+applegun.com, 1
+appleii-box.de, 1
+applejacks-bouncy-castles.co.uk, 1
+applelp.com, 1
+applemaclover.tk, 1
+applemon.com, 1
+applemon.net, 1
+applemon.org, 1
+appleoosa.com, 1
+appleric.tk, 1
+applesaph.nl, 1
+applesencia.com, 1
+appleslayer.cf, 1
+applet.cyou, 1
+appletonmn.gov, 1
+appletonwi.gov, 1
+appletoy.com, 1
+appletree.is, 1
+appletreelanewm.com, 0
+appletreemedicalgroup.com, 1
+applevalleyca.gov, 1
+applewatch.co.nz, 1
+applian.com, 1
+appliancedoctorofwestmichigan.com, 1
+appliancepronwi.com, 1
+appliancerepairtime.com, 1
+appliances-for-home.tk, 1
+appliancist.com, 1
+applicablesecurity.net, 1
+application-travel.us.com, 1
+applicationmanager.gov, 1
+applicationtracker.com, 1
+applied-privacy.net, 1
+appliedbehavioranalysisedu.org, 1
+appliedbiomath.com, 1
+appliedmaths.lk, 1
+appliedtesting.com, 1
+applingcounty.gov, 1
+applique.co.jp, 0
+appliquette.com.au, 1
+appllio.com, 1
+apply-esta.us.com, 1
+apply-eta.org, 1
+apply-visa.us.com, 1
+apply.eu, 1
+apply55gx.com, 1
+applybe.com, 1
+applydirect.org, 1
+applythis.net, 1
+applytofaceblog.com, 1
+appmania.cf, 1
+appmania.gq, 1
+appmedia.tk, 1
+appmeucredito.com.br, 1
+appmobile.io, 1
+appninjas.com, 1
+appo.nl, 1
+appodeal.com, 1
+appoggiature.fr, 1
+appointible.com, 1
+appointment.ga, 1
+apponic.com, 1
+apponline.com, 1
+appopay.com, 1
+apppage.net, 1
+appperformance.com.br, 1
+appraf.com, 1
+appraisalroomest.ga, 1
+apprank.in, 1
+apprendre-le-russe-avec-ania.fr, 1
+apprenticedocs.com.au, 1
+apprenticeship.gov, 1
+apprenticeships.gov, 1
+apprentimillionnaire.com, 1
+approbo.com, 1
+approval-workflow.com, 1
+approve.me, 1
+approvedcashmax.com, 1
+approvedlawyersers.ga, 1
+approveme.com, 1
+apps.facebook.com, 0
+apps.fedoraproject.org, 1
+apps.stg.fedoraproject.org, 1
+apps4all.sytes.net, 1
+apps4inter.net, 0
+appsafrica.com, 1
+appsaraby.com, 1
+appsbd.com, 1
+appsbud.com, 1
+appscan360.com, 1
+appscan360.net, 1
+appscan360.org, 1
+appscem.mx, 1
+appscloudplus.com, 1
+appsecmonkey.com, 0
+appservice.ru, 1
+appshuttle.com, 1
+appsimplex.pt, 1
+appsmith.com, 1
+appsoda.net, 1
+appson.co.uk, 1
+appspcwiki.com, 1
+appsren.com, 1
+appstory.co.kr, 1
+appt.ch, 0
+appt.to, 1
+apptesters.com, 1
+apptio.com, 1
+apptoutou.com, 1
+appuals.com, 1
+appub.co.jp, 1
+appugo.tk, 1
+appui-de-fenetre.fr, 1
+appuntidallarete.com, 1
+appunwrapped.com, 1
+appveyor.com, 1
+appwardbeta.com, 1
+appworld.ga, 1
+appy.la, 1
+appy.us, 1
+appzoojoo.be, 1
+aprazivel.com.br, 1
+aprendadesign.com, 1
+aprendaingles123.com, 1
+aprendaviaweb.com.br, 1
+aprende.com, 1
+aprendejainternet.tk, 1
+aprenderexcel.com.br, 1
+aprenderjuntos.cl, 1
+aprendiendoforexhoy.com, 1
+apresski-pictures.tk, 1
+apresskistuntteam.tk, 1
+apretatuercas.es, 1
+apriadirect.com, 1
+apricavia.com, 1
+apricaviabranding.com, 1
+apricotactuaries.com.au, 1
+aprilagentur.de, 1
+aprileporte.it, 1
+aprilspecialsest.ga, 1
+aprimatic.msk.ru, 1
+aprofunda.art.br, 1
+apropotv.ro, 1
+apropotv.tk, 1
+aprovatotal.com.br, 1
+aprpullmanportermuseum.org, 0
+aprsdroid.org, 1
+apruvd.com, 1
+aprz.de, 1
+apsa.paris, 1
+apsb.cz, 1
+apsbengdubi.org, 1
+apse.ga, 1
+apsistemas.info, 1
+apsl.sk, 1
+apsnewcastle.com, 0
+apspayroll.com, 1
+apsportseditors.org, 1
+apsprofessions.gov.au, 1
+apsreform.gov.au, 0
+apsreview.gov.au, 1
+apssb.in, 1
+apssolucoesfinanceiras.online, 1
+apstats.tk, 1
+apstudynotes.org, 1
+apstylebook.com, 1
+apsua.tk, 1
+apt-one.com, 1
+aptcaust.com.au, 1
+aptechka.ga, 1
+apteka38.com, 1
+aptekakolska.pl, 1
+aptekas.tk, 1
+aptern.pt, 1
+apthesys.com, 1
+aptient.com, 1
+aptinjectiontraining.com, 1
+aptitudetests.org, 1
+aptive.co.uk, 1
+aptos.com, 1
+aptumseguros.mx, 1
+apu-board.de, 1
+apuestaes.tv, 1
+apuestalegal.com, 1
+apuestalegal.mx, 1
+apuestalegal.pe, 1
+apuestalegalchile.com, 1
+apunkt.dk, 1
+apur.org, 1
+apuraytravel.com, 1
+apuvalinetekniikka.fi, 1
+apuyou.io, 0
+apv-ollon.ch, 1
+apviz.io, 1
+apw-dortmund.de, 1
+aqarategypt.com, 1
+aqarbab.com, 1
+aqdance.com.sg, 1
+aqdlt.tv, 1
+aqdun.com, 0
+aqenglish.pk, 1
+aqlivia.com, 1
+aqqrate.com, 1
+aqsiq.net, 1
+aqu.com, 1
+aqua-academy.at, 1
+aqua-accelerator.com, 1
+aqua-dom33.ru, 1
+aqua-ferra.co.uk, 1
+aqua-fitness-nacht.de, 1
+aqua-fm.tk, 1
+aqua-fotowelt.de, 1
+aqua-minsk.tk, 1
+aqua-print.com.ua, 1
+aqua-richtig.de, 1
+aquababy.at, 1
+aquabio.ch, 0
+aquabiodesign.tk, 1
+aquablue.tk, 1
+aquabotanic.tk, 1
+aquabyte.co.uk, 1
+aquacapsule.cf, 1
+aquacitylands.com, 1
+aquaconcepts.be, 1
+aquadarts.tk, 1
+aquadecor.cf, 1
+aquadrom.cz, 1
+aquaexpo.com.ec, 1
+aquafc.com, 1
+aquafilm.cf, 1
+aquafirm.com, 1
+aquagino.nl, 1
+aquahill.net, 1
+aquaholic.tk, 1
+aquaist.com, 1
+aqualantic.de, 1
+aqualife.cf, 1
+aqualogis.co.uk, 1
+aqualysis.nl, 0
+aquamarin.icu, 1
+aquamart.tk, 1
+aquantia.com, 1
+aquapets.tk, 1
+aquaphor.com, 1
+aquaphor.ru, 1
+aquaplaning.tk, 1
+aquaplays.net, 1
+aquapoint.kiev.ua, 1
+aquaponics.ga, 1
+aquapool.es, 1
+aquapraat.tk, 1
+aquarel-games.tk, 1
+aquarel.tk, 1
+aquarelleren.tk, 1
+aquarillon.fr, 1
+aquariu.ms, 1
+aquarium-supplement.net, 1
+aquariumhobby.tk, 1
+aquariumhome.tk, 1
+aquariymist.tk, 1
+aquaron.tk, 1
+aquasaur.tk, 1
+aquascaping.tk, 1
+aquaselect.eu, 1
+aquasplash.ae, 1
+aquastudios.games, 1
+aquasun.pl, 1
+aquatherm72.ru, 1
+aquatiq.com, 1
+aquato.com.ua, 1
+aquatropical.tk, 1
+aquaviaspa.es, 1
+aquaworld.tk, 1
+aquedim.com, 1
+aqueducttech.com, 1
+aquienguate.com, 1
+aquila.co.uk, 1
+aquila.earth, 1
+aquimisa.com, 1
+aquiparoxetina.gq, 1
+aquivardenafilo.gq, 1
+aqwire.io, 1
+aqworlds.cf, 1
+ar-1xbet.com, 1
+ar-android.com, 1
+ar-informatique.ch, 0
+ar-oma.tk, 1
+ar-vernet.fr, 1
+ar.al, 1
+araadvocats.net, 1
+arab-btc.net, 1
+arab-romance.tk, 1
+arab1info.cf, 1
+arab2cam.com, 1
+arabafenicespa.com, 1
+arabakiralama.name.tr, 1
+arabam.com, 1
+arabapps.org, 1
+arabbook.ga, 1
+arabearthcommunity.ml, 1
+arabedia.tk, 1
+arabeyes.com, 1
+arabi-news.ml, 1
+arabi-online.net, 1
+arabia-news.gq, 1
+arabia.fi, 1
+arabian-gulf.tk, 1
+arabic-for-nerds.com, 1
+arabic-shirts.com, 1
+arabicbayan.tk, 1
+arabicdress.com, 1
+arabicpost.live, 1
+arabictranslation.tk, 1
+arabicxz.com, 1
+arabigolestan.tk, 1
+arabmusic.tk, 1
+arabschools.edu.sa, 1
+arabseed.cf, 1
+arabska.tk, 1
+arabskills.tk, 1
+arabstar.ml, 1
+arabstar.tk, 1
+arabstreamsystem.tk, 1
+arabtones.tk, 1
+arabwomen.ml, 1
+aracbul.com, 1
+arachnid.tk, 1
+arachnida.ml, 1
+arackiralama.name.tr, 1
+aradiantlife.org, 1
+aradiantlyhealthylife.com, 1
+arados.de, 1
+aradpulse.tk, 1
+aragotownshipmn.gov, 1
+arai21.net, 1
+arainfo.org, 1
+arais.com, 1
+arakanis.tk, 1
+arakomputer.com, 1
+aral.ml, 1
+araluenvalleyhotel.ga, 1
+aralys.com, 1
+aram-designs.com, 1
+aramido.de, 1
+aramloebmd.com, 1
+aramsco.com, 1
+aramyayinevi.com, 1
+aranchhomes.com, 1
+arandinacf.tk, 1
+arandomsite.tk, 1
+aranel.me, 1
+aranycsillag.net, 1
+aranykornyp.hu, 1
+arapahoeco.gov, 1
+arapahoesheriff.gov, 1
+arapahoevotes.gov, 1
+araqnid.org, 1
+ararat-rp.tk, 1
+araratour.com, 1
+arargo.cf, 1
+araro.ch, 0
+ararrl.com, 1
+ararrl.net, 1
+ararrl.org, 1
+arasozgun.net, 1
+aravitor.com, 1
+aravo.com, 1
+arawaza.info, 1
+araxis.com, 1
+araya.ga, 1
+arbaiten.tk, 1
+arbaswedan.id, 1
+arbat.media, 1
+arbautocare.com, 1
+arbavere.ee, 1
+arbeidsplassen.no, 1
+arbeiten.ga, 1
+arbeiterkammer.at, 1
+arbeitskraft.de, 1
+arbeitskreis-asyl-eningen.de, 1
+arbeitslosenverwaltung.de, 1
+arbejdsdag.dk, 1
+arbitrarion.com, 1
+arbitrary.ch, 1
+arbitrations.tk, 1
+arbitrazh.tk, 1
+arbobille.es, 1
+arboleda-hurtado.com, 1
+arbolesdenavidad.info, 1
+arbolesdenavidad.site, 1
+arbologic.nl, 1
+arborio.com.ua, 1
+arboristadvice.com, 1
+arboristic.de, 1
+arbounie.nl, 1
+arbousier.com, 1
+arbradio.com, 1
+arbschg.com, 1
+arbu.eu, 0
+arbucks.io, 1
+arc-relight.com, 1
+arc.run, 1
+arca.am, 1
+arca.info.ro, 1
+arca.live, 1
+arcada-company.com, 1
+arcadami.gov, 1
+arcadegame.ga, 1
+arcadegames.com, 1
+arcadia.com.ph, 1
+arcadiaca.gov, 1
+arcadiaeng.com, 1
+arcaik.net, 1
+arcana-noctis.tk, 1
+arcandadults.org, 1
+arcane.no, 1
+arcanefrost.de, 1
+arcanehardware.com, 1
+arcanetides.com, 1
+arcanoid.com, 1
+arcantel.ch, 1
+arcbouncycastles.co.uk, 1
+arcdesantmarti.net, 1
+arcenergy.co.uk, 1
+arcese.com, 1
+arch-design.com, 1
+archaeoadventures.com, 1
+archambault.paris, 1
+archangelbio.com, 1
+archbishop.ga, 1
+archdetal.com.ua, 1
+archeologicatoscana.it, 1
+archeologiegorinchem.com, 1
+archerconsulting.llc, 1
+archerlong.com, 1
+archerlongx.com, 1
+archerxlong.com, 1
+archery.land, 1
+archerytaghuren.be, 1
+archeton.ga, 1
+archframe.net, 1
+archi.ve.it, 1
+archibuilt.net.au, 1
+archief-ocmwgent.be, 1
+archina.ir, 1
+archined.nl, 1
+archion.ro, 1
+archispace.com.cn, 1
+archistart.net, 1
+archit.in, 1
+architect-cassiman.be, 1
+architectphd.tk, 1
+architectryan.com, 1
+architecturaldesignschool.com, 1
+architecture-colleges.com, 1
+architectureblog.ml, 1
+architectus.ga, 1
+architekt-website.de, 1
+architekt.tk, 1
+architekten.tk, 1
+architektur.ga, 1
+architektur.tk, 1
+architekturwiki.tk, 1
+archival-services.gov.ge, 1
+archive.gov.ge, 1
+archivero.es, 1
+archives.cf, 1
+archives.gov, 1
+archivesdelavieordinaire.ch, 1
+archivesfoundation.org, 1
+archivestesting.tk, 1
+archivi.ddns.net, 1
+archivistas.tk, 1
+archivium.biz, 1
+archivosmercury.com, 1
+archivosstl.com, 1
+archiweb.pl, 0
+archlinux.de, 1
+archlinux.org, 1
+archlinuxcn.org, 1
+archmacro.ga, 1
+archmirror.it, 1
+archoit.org, 0
+archphila.org, 1
+archsec.info, 1
+archtekton.com.ve, 1
+arcinapoli.it, 1
+arcj.es, 1
+arclookup.com, 1
+arcmarine.eu, 1
+arco.lu, 1
+arcobalabs.ca, 1
+arcogb.co, 1
+arcoidaho.gov, 1
+arcoiriscastellon.tk, 1
+arcolapdtx.gov, 1
+arcolasecurities.com, 1
+arcolatexas.gov, 1
+arcopay.io, 1
+arcosa.com, 1
+arcosdelallana.tk, 1
+arcosdequejana.com, 1
+arcourts1st.gov, 1
+arcourts6th.gov, 1
+arcovix.com, 1
+arcproject.org.uk, 1
+arcsar.eu, 1
+arcserv.com, 1
+arcskoru.com, 1
+arcthelad.com, 1
+arctic-charge.tk, 1
+arctic.ca, 1
+arctica.io, 0
+arcticfiber.net, 0
+arcticfox.email, 0
+arcticfoxes.net, 1
+arcticpolitics.com, 1
+arcticvillage.gov, 1
+arcticwolf.com, 1
+arctus-security.com, 1
+arcueil-cachan.fr, 0
+arcza.com, 1
+arcza.net, 0
+ardabil.tk, 1
+ardacar.com, 1
+ardadanal.com, 1
+ardakannews.tk, 1
+ardania.de, 1
+ardennes.com, 1
+ardenwolfsky.com, 1
+arditech.ml, 1
+ardmoreok.gov, 1
+ardo.tk, 1
+ardor.noip.me, 1
+ardtrade.ru, 1
+arduino.cc, 1
+are-you-experienced.tk, 1
+area.ge, 1
+area21.ga, 1
+area3.org, 1
+area4pro.com, 1
+area51.dyndns1.de, 1
+area51.social, 1
+area51bit.com, 1
+area51bit.it, 1
+areacinquentaeum.tk, 1
+areallyneatwebsite.com, 1
+arealsultan.ga, 1
+areanet.tk, 1
+areata.tk, 1
+areatrend.com, 1
+areavoipers.ga, 1
+areavoipest.ga, 1
+areawidepainting.com, 1
+areege.tk, 1
+arefidgetspinnersgay.com, 1
+arefly.com, 1
+aregus.tk, 1
+areins.com, 1
+areinsmuseum.com, 1
+arekatieandchrisgettingmarried.com, 1
+arekatieandchrisgettingmarried.today, 1
+arekatieandchrismarriedyet.com, 1
+arekkusu.net, 1
+arellak.de, 1
+areminder.co, 1
+arena-news.tk, 1
+arenaalbionu.pl, 1
+arenadagon.tk, 1
+arenaforum.ru, 1
+arenatennis.ga, 1
+arenda-auto.com, 0
+arenda-bez-agenta.ml, 1
+arenda247.by, 0
+arendabotov.tk, 1
+arendadoma.tk, 1
+arendakemper.by, 1
+arendakrana.tk, 1
+arendaskuterov.cf, 1
+arendburgers.nl, 1
+arenlor.com, 1
+arenlor.info, 1
+arenns.com, 1
+arenzana.org, 1
+arenzanaphotography.com, 1
+areproduktioqn.tk, 1
+areqgaming.com, 1
+ares.systems, 1
+ares.watch, 1
+aresico.cz, 1
+aresproject.org, 1
+arest.web.id, 1
+aresztowany.pl, 1
+aresztsledczy.pl, 1
+aret.eu.org, 1
+arete.net, 1
+aretemusic.tk, 1
+areteortho.com.sg, 1
+arezzonotizie.it, 1
+arforingenieria.com, 1
+arfycat.com, 1
+arg.zone, 1
+argama-nature.com, 1
+arganaddict.com, 1
+arganaddict.net, 1
+arganaderm.ch, 0
+arganwinkel.nl, 1
+argb.de, 1
+argekultur.at, 1
+argentinachat.tk, 1
+argentinatrabaja.org, 1
+argentinaxp.com, 1
+argentinetownship.gov, 1
+argentumonline.tk, 1
+argico.com, 1
+argilo.net, 1
+argo-vision.com, 1
+argo-vision.it, 1
+argo.vision, 1
+argocasino.com, 1
+argon2.online, 1
+argonmail.com, 1
+argonnewi.gov, 1
+argos.co.uk, 1
+argosasist.co.uk, 1
+argosrisk.com, 1
+argotplan.com, 1
+argovpay.com, 1
+argovpn.com, 1
+argrafiche.it, 1
+argumentative-essay.gq, 1
+argumentplus.ru, 1
+argus01.bg, 1
+argxentakato.me, 1
+argyrouminas.digital, 1
+argyrouminas.eu, 1
+arheh.com, 1
+arhgrille.com, 1
+arhipka.tk, 1
+arhivpalanka.rs, 1
+ari-web.xyz, 1
+ari.gg, 1
+aria-best.ru, 1
+aria-best.su, 1
+aria-sante.org, 1
+aria.be, 1
+aria2.cf, 1
+ariaartgallery.com, 1
+ariacres.ca, 1
+ariadermspa.com, 1
+ariag.tk, 1
+ariajourney.com, 0
+ariamag.com, 0
+ariaman.tk, 1
+arian.io, 1
+ariana.wtf, 1
+ariashii.tk, 1
+aribicara.tk, 1
+aric-assurances.fr, 1
+aricabus.tk, 1
+aricaluchalibre.tk, 1
+aridhia.com, 1
+aridhia.io, 1
+arielasher.cf, 1
+arieldiaz.codes, 1
+arielhr.ca, 1
+arielpereira.tk, 1
+ariens.com, 1
+ariensco.com, 1
+ariensco.uk, 1
+arienscohospitality.com, 1
+arienscompany.com, 1
+arienscompanydealer.com, 1
+ariensconordiccenter.com, 1
+arienscorp.com, 1
+ariensfamilyfoundation.org, 1
+ariensfoundation.org, 1
+ariensmuseum.com, 1
+ariensnordiccenter.com, 1
+ariensparts.com.au, 1
+arienssnotek.com, 1
+ariensstore.com, 1
+aries.it, 1
+ariesclark.com, 1
+arieswdd.com, 1
+arifarma.com, 1
+arifburhan.online, 1
+arifer.tk, 1
+arifp.me, 1
+arifrachmanhakim.tk, 1
+arigato-java.download, 1
+arihantabode.com, 1
+arihantarden.com, 1
+arihantbuildcon.com, 1
+arihantone.com, 1
+arihantone.in, 1
+arihantsouthwinds.com, 1
+arihunt.com.au, 1
+arij.net, 1
+arilto.com, 1
+arima.co.ke, 1
+arima.tk, 1
+arimarie.com, 1
+arina.is, 1
+arina.moscow, 1
+arinahashimoto.com, 1
+arinde.ee, 1
+arinflatablefun.co.uk, 1
+arionta.com, 1
+arious.uk, 1
+aripiprazolee.gq, 1
+arirabinowitz.com, 1
+arirex.me, 1
+aris.io, 1
+arisaka.tk, 1
+ariseconference.org.nz, 1
+arisevendor.net, 1
+arishastyle.tk, 1
+arissait.com, 1
+aristidebouix.cloud, 1
+aristocrates.co, 1
+aristokratia.tk, 1
+ariston-center.gq, 1
+aristotle.tk, 1
+aritec-la.com, 1
+arithmetic.ga, 1
+arithmetica.at, 1
+aritmetic.com, 1
+aritworld.tk, 1
+arivo.com.br, 1
+arizona-fake.tk, 1
+arizonaautomobileclub.com, 1
+arizonabondedtitle.com, 1
+arizonaonlinedivorce.com, 1
+arizonatech.tk, 1
+arjan.nl, 1
+arjandejong.eu, 1
+arjanenthijs.nl, 1
+arjansteevels.nl, 1
+arjanvaartjes.net, 1
+arjen-robben.tk, 1
+arjunasdaughter.pub, 0
+arjweb.co.uk, 1
+arkaan.tk, 1
+arkadaslik.tk, 1
+arkadelphia.gov, 1
+arkadiahill.tk, 1
+arkadian.tk, 1
+arkadien.com, 1
+arkadiyt.com, 1
+arkagis.com, 1
+arkagt.ir, 1
+arkaic.dyndns.org, 1
+arkantos.agency, 1
+arkenstone.ml, 1
+arkforum.de, 1
+arkfoundationrepair.com, 1
+arkhamasylum.tk, 1
+arkhangelsk.cf, 1
+arkhangelsk.gq, 1
+arkhangelsk.tk, 1
+arkholmevillage.ml, 1
+arkhvoid.xyz, 1
+arklow.io, 0
+arkm6.gq, 1
+arknights.work, 0
+arknodejs.com, 1
+arkomaok.gov, 1
+arkontechnologies.com, 1
+arkrowd.eu.com, 1
+arks.cards, 1
+arksan.com.tr, 1
+arkulagunak.com, 0
+arkutinofamilyresort.com, 1
+arlatools.com, 1
+arle.moe, 1
+arlenarmageddon.com, 1
+arlenitas.com, 1
+arleo.eu, 1
+arlingtonmn.gov, 1
+arlingtonva.gov, 1
+arlingtonwine.net, 1
+arllab.co.nz, 1
+arlon.com, 1
+arm.gov, 1
+arma3.com, 1
+armacom.tk, 1
+armadale.au, 1
+armadale.wa.gov.au, 1
+armadalelearningpathways.co.uk, 1
+armadaquadrat.com, 1
+armadateam.tk, 1
+armadilloscubatx.com, 1
+armado.tk, 1
+armageddonclan.tk, 1
+armahackers.tk, 1
+armamentevolved.com, 1
+armand-colin.com, 1
+armanddesign.com, 1
+armanddesign.nl, 1
+armandmusic.nl, 1
+armando.info, 1
+armandocorazones.tk, 1
+armandsdiscount.com, 1
+armanozak.com, 1
+armansazehradis.com, 1
+armaplatform.com, 1
+armarinhovirtual.com.br, 1
+armaselektronik.com, 1
+armateursderhum.fr, 1
+armatura.kiev.ua, 1
+armazemdaminiatura.com.br, 1
+armazemdeminasmg.com.br, 1
+armazone.tk, 1
+armbrust.me, 1
+armcar.ga, 1
+armchairwarlord.com, 1
+armchess.tk, 1
+armculturaltv.cf, 1
+armdirectoryers.ga, 1
+armdirectoryest.ga, 1
+armenia.cf, 1
+armeniaweb.tk, 1
+armeo.top, 1
+armeria.roma.it, 1
+armfilm.co, 1
+armhistory.tk, 1
+armiantichesanmarino.eu, 1
+armida.tk, 1
+armil.it, 1
+arminc.tk, 1
+arminpech.de, 1
+arminreiter.com, 1
+arminsure.com, 1
+armleads.com, 0
+armo.re, 1
+armo.sk, 1
+armoedebeleidgent.be, 1
+armond.tk, 1
+armorsoft.fr, 1
+armour.ventures, 1
+armourroofcolorado.com, 1
+armourroofinc.com, 1
+armsco.fr, 1
+armstrong.com.mx, 1
+armstrongremovals.com.au, 1
+armstrongsengineering.com, 1
+armtopnews.tk, 1
+army.ca, 1
+army.gov.lb, 1
+armyburza.cz, 1
+armycyberchallenge.xyz, 1
+armyholidays.com.au, 1
+armyofflyingmonkeys.com, 1
+armyrtf.com.au, 1
+armyuniversity.edu, 1
+armywear.ga, 1
+arn0.cc, 1
+arnados.tk, 1
+arnamur.be, 1
+arnaqueoufiable.com, 1
+arnaudb.net, 1
+arnaudlanna.com, 1
+arnaudligny.fr, 1
+arnaudminable.net, 1
+arne-gammelby.dk, 1
+arne.cool, 1
+arnesegers.be, 1
+arnested.dk, 1
+arnevankauter.com, 0
+arnews.nl, 1
+arniescastles.co.uk, 1
+arno-klein.com, 1
+arno-klein.de, 1
+arno-klein.eu, 1
+arno-klein.fr, 1
+arno-klein.it, 1
+arno-klein.net, 1
+arno.digital, 0
+arno.pm, 1
+arnoklein.eu, 1
+arnoklein.fr, 1
+arnoklein.it, 1
+arnold-schwarzenegger.tk, 1
+arnoldkontz-occasions.lu, 0
+arnonerba.com, 1
+arnor.org, 0
+arnottindustries.ga, 1
+arnoudraeven.nl, 0
+arnoudvandalen.nl, 1
+arnove.fr, 1
+arnove.net, 1
+arnoweterings.nl, 1
+arnstein.it, 1
+arny.ru, 1
+aroablog.tk, 1
+arobaz-informatique.org, 1
+arockets.ru, 1
+arod.tk, 1
+arofabric.com, 1
+arogov.com, 1
+arokha.com, 1
+aroma-therapy.tk, 1
+aroma-wave.com, 1
+aroma24.ml, 1
+aromachat.eu, 1
+aromacoffee.bg, 1
+aromacos.ch, 1
+aromacraft.uk, 1
+aromaecocandles.ca, 1
+aromahookah.gr, 0
+aromaimportado.com.br, 1
+aromaonlinestore-korat.com, 1
+aromateque.com.ua, 1
+aromatherapy.cf, 1
+aromatlas.com, 1
+aromatraining.com, 1
+aromex.ml, 1
+aroncull.de, 1
+aronsonrosenthal.com, 1
+aroofing.net, 1
+aroonchande.com, 0
+arooshi.website, 1
+aroramedicaleducation.co.uk, 1
+aros.pl, 1
+arose.io, 1
+around-tables.co.jp, 1
+arounddeal.com, 1
+arouparia.com, 1
+arouzing.xyz, 1
+arowsoft.tk, 1
+arox.eu, 1
+aroya.io, 1
+arp-arena.ml, 1
+arp-mb.de, 1
+arpa-h.gov, 1
+arpagian.com, 1
+arpah.gov, 1
+arpamip.org, 1
+arpasix.com, 1
+arpasix.email, 1
+arpasix.eu, 1
+arpasix.net, 1
+arpasix.org, 1
+arphotography.tk, 1
+arpnet.co.jp, 1
+arpnet.net, 1
+arpsel.de, 1
+arpsel.ws, 1
+arpteamdiabolo.tk, 1
+arpuff.eu, 1
+arqpericial.es, 1
+arqueo-ecuatoriana.ec, 1
+arquipielago.tk, 1
+arquitectura-ilimitada.tk, 1
+arquitet.com.br, 1
+arrakis.se, 1
+arrangeme.com, 1
+arraudi.be, 1
+arraudi.eu, 1
+array.io, 1
+arrazane.com.br, 1
+arrazola.org, 1
+arrestageinternational.com, 1
+arrival.com, 1
+arrive.by, 0
+arrivedconsulting.com, 1
+arrmaforum.com, 1
+arroba.digital, 1
+arrotatore.roma.it, 1
+arrow-api.nl, 1
+arrowad.com, 1
+arrowduty.ml, 1
+arrowfastener.com, 1
+arrowgrove.com, 0
+arrowsmithil.gov, 1
+arrowwebprojects.nl, 1
+arrt.xyz, 1
+ars-online.pl, 1
+arsake.cf, 1
+arsalba.com, 1
+arsalbania.tk, 1
+arschkrebs.org, 1
+arselvarol.com.tr, 1
+arsenal-of-wisdom.org, 1
+arsenal-trans.tk, 1
+arsenalestate.tk, 1
+arsenalperu.tk, 1
+arsenideas.ga, 1
+arsenyan.cf, 1
+arset.net, 1
+arshdeepsingh.tk, 1
+arshia.cf, 1
+arshidazarine.tk, 1
+arshina.su, 1
+arshispana.com, 1
+arsindecor.com, 1
+arsk1.com, 1
+arslankaynakmetal.com, 1
+arslonga.ovh, 1
+arsmagazine.tk, 1
+arsmedika.ru, 1
+arsmundi.de, 1
+arsmuseum.com, 1
+arsrenacer.com, 1
+arstudentloanhelp.com, 1
+art-athens.com, 1
+art-auction.jp, 1
+art-boeden.ch, 1
+art-creative.tk, 1
+art-design.tk, 1
+art-dolls.com.ua, 1
+art-et-psyche.com, 1
+art-et-tonneaux.fr, 1
+art-illustration.tk, 1
+art-khotyn.tk, 1
+art-kuchni.tk, 1
+art-news.tk, 1
+art-okno.com, 1
+art-online.tk, 1
+art-pix.de, 1
+art-pix.net, 1
+art-polynesien.com, 1
+art-rca.cf, 1
+art-school.tk, 1
+art-shinbi.com, 1
+art-vida.com, 1
+art-voronov.tk, 1
+art.art, 1
+art21tv-armenian.tk, 1
+art30.ro, 1
+art93.com, 1
+artabrian.com, 1
+artacadia.org, 1
+artadagroup.com, 1
+artakids.tk, 1
+artane.gq, 1
+artaurium.com, 1
+artbalsam.com, 1
+artbees.co.uk, 1
+artboja.com, 1
+artbygarr.com, 1
+artc.at, 1
+artcenter.tk, 1
+artclasscontent.com, 1
+artcommunity.tk, 1
+artcravers.in, 1
+artdeco-photo.com, 0
+artdecoration.tk, 1
+artdigital.tk, 1
+arte-actual.tk, 1
+artea.ga, 1
+arteaga.co.uk, 1
+arteaga.eu, 1
+arteaga.me, 1
+arteaga.tech, 1
+arteaga.uk, 1
+artebel.com.br, 1
+artecat.ch, 1
+artechip.net, 1
+artededition.tk, 1
+artedellavetrina.it, 1
+artedmachado.tk, 1
+artedona.com, 1
+artefeita.com.br, 1
+artefeitaessencias.com.br, 1
+arteinstudio.it, 1
+artel.od.ua, 1
+artelignum.tk, 1
+artelista.com, 1
+artem.se, 1
+artembusiness.tk, 1
+artemida-dot.tk, 1
+artemis-fowl.tk, 1
+artemisgroup.ga, 1
+artemislena.eu, 1
+artemiy-plus.com.ua, 1
+artemiz.tk, 1
+artemoon.ml, 1
+artemweb.tk, 1
+artepinas.tk, 1
+arteproducciones.tk, 1
+arteq.ga, 1
+artera.spb.ru, 1
+arteriamagazine.tk, 1
+arterienundvenen.ch, 1
+arterydb.ru, 1
+artesacraloreto.it, 1
+artesaniafenix.cl, 1
+artesaniascym.com.ar, 1
+artesaniastonalaytlaquepaque.com, 1
+arteseideias.com.pt, 1
+arteshesorkh.tk, 1
+arteshow.ch, 0
+artesial.com, 1
+artesoft.gr, 1
+artestetica.tk, 1
+artetbalade.tk, 1
+artetculture.tk, 1
+arteventinews.it, 1
+artevos.com, 1
+artevos.de, 1
+artex.com.br, 1
+artexhibition.jp, 1
+artextasia.com, 1
+arteya.net, 1
+artfabrics.com, 1
+artfullyelegant.com, 1
+artgaragecrewe.com, 1
+artgorod.tk, 1
+artgranit.tk, 1
+arthritisgrouppa.com, 1
+arthritisrheumaticdiseases.com, 1
+arthrosis.ml, 1
+arthur.cn, 1
+arthurdejong.org, 1
+arthurdev.cf, 1
+arthurhoefer.com, 1
+arthurlaw.ca, 1
+arthurlewis.me, 1
+arthuro.ca, 1
+arthuryidi.com, 1
+arti-group.ml, 1
+arti-islam.tk, 1
+articaexports.com, 1
+articlebyte.ga, 1
+articledaily.net, 1
+articlefr.cf, 1
+articlepub.ga, 1
+articlesplanet.tk, 1
+articlestack.tk, 1
+articlesutiles.cf, 1
+articu.no, 1
+articulo19.org, 1
+artifact.center, 1
+artifact.spb.ru, 1
+artifacthub.io, 1
+artifex.com, 1
+artifex21.fr, 1
+artifexnet.com, 1
+artifice.tk, 1
+artificethefilm.com, 1
+artificial.army, 1
+artificiala.gq, 1
+artificialaxis.com, 1
+artificialplants.tk, 1
+artificialpoetry.com, 1
+artifort.com, 1
+artifuse.ch, 1
+artigianociao.jp, 1
+artigoagency.com, 1
+artikel5ev.de, 1
+artikel9.com, 1
+artilect.studio, 1
+artinfo.tk, 1
+artintend.com, 0
+artioml.net, 1
+artionet.ch, 1
+artis-game.net, 1
+artisan-cheminees-poeles-design.fr, 0
+artisan-emmanuel.fr, 1
+artisan-ravalement-facade.fr, 1
+artisan.tk, 1
+artisanat2france.fr, 1
+artisanhd.com, 1
+artisanportrait.com, 1
+artisansbottega.com.au, 1
+artisansofstone.com, 1
+artisansoftaste.com, 1
+artisavotins.com, 1
+artishevski.com, 1
+artismist.com, 1
+artiso.pl, 1
+artistagenda.com, 1
+artistcorporation.com, 1
+artistedeparis.fr, 1
+artistieq.com, 1
+artistiquementvotre.tk, 1
+artistiqueweddingphotography.com.au, 1
+artistmovieers.ga, 1
+artistrunwebsite.com, 1
+artiwear.com.tw, 1
+artizlibranza.com, 1
+artj.jp, 1
+artk-co.ir, 1
+artlab.tk, 1
+artlantis.nl, 1
+artleading.ru, 1
+artlifeisgood.com, 1
+artlinestix.com.au, 1
+artlogo.biz, 1
+artlogo.cz, 1
+artlogo.sk, 1
+artmaker.kiev.ua, 1
+artmark.ro, 1
+artmarketingnews.com, 1
+artmaterials.com.ua, 1
+artmaxi.eu, 1
+artmo.com, 1
+arto.group, 1
+artofcode.co.uk, 1
+artofeyes.nl, 1
+artofhappyliving.com, 1
+artoflinesmd.ca, 1
+artofmonitoring.com, 0
+artofstonegardening.com, 1
+artofwhere.com, 1
+artofzoo.com, 1
+artomalu.tk, 1
+artomili.com, 1
+artouch.com, 1
+artozoul.fr, 1
+artplaneta-leto.by, 1
+artprojectsforkids.org, 1
+artpsd.com, 1
+artransparency.gov, 1
+artrapid.com, 1
+artratio.co.uk, 1
+artrofisio.com.br, 1
+artroom-design.com, 1
+artroot.jp, 1
+artroscopiaperlosport.it, 1
+artru.tk, 1
+arts-polynesiens.com, 1
+arts.gov, 1
+artsalon.tk, 1
+artsautomotive.com, 1
+artschmidtoptical.com, 1
+artsguide.ca, 1
+artslife.com, 1
+artsmagazine.com, 1
+artsmeet.com, 1
+artspac.es, 0
+artspark.tk, 1
+artstudioweb.tk, 1
+artsy.cloud, 1
+artsygrl.ca, 1
+artteacheredu.org, 1
+arttel-media.ru, 1
+artucation.eu, 1
+artup.company, 1
+artup.gallery, 1
+arturgaweda.de, 1
+arturkraak.duckdns.org, 1
+arturoemilio.tk, 1
+arturojimenez.es, 1
+arturrossa.de, 1
+arturszalak.com, 1
+arturweb.tk, 1
+artushak.ru, 1
+artuu.me, 1
+artuu.pl, 1
+artvaastu.ru, 1
+artvertising.tk, 1
+artvinhaberleri.tk, 1
+artwar.tk, 1
+artweby.cz, 1
+artwhale.ph, 1
+artwhoredistro.tk, 1
+artworkpath.com, 1
+artworks.gd, 1
+artworksthatlookgood.com, 0
+arty.name, 1
+artycoz.fr, 1
+artyengine.com, 1
+artyhouse.be, 0
+aruanaseguradora.com.br, 1
+arubasunsetbeach.com, 1
+arul.io, 1
+arunchullikkal.tk, 1
+arunjoshua.com, 1
+arunsunner.tk, 1
+arunyaresidenceklnorth.com, 1
+aruo.net, 1
+aruson.tk, 1
+arvadaco.gov, 1
+arvadafireco.gov, 1
+arveex.eu, 1
+arveron.ch, 0
+arviksa.co.uk, 1
+arvindhariharan.com, 1
+arvindhariharan.me, 1
+arvinovoyage.com, 1
+arvutiladu.ee, 1
+arvyncerezo.com, 1
+arw-bw.de, 1
+arw.me, 1
+arwensiberian.tk, 1
+arweth.com, 1
+arx-libertatis.org, 1
+arx.vg, 1
+arxarios.tk, 1
+aryalaroca.de, 1
+aryan-nation.com, 1
+aryani-fitriana.tk, 1
+aryasenna.net, 1
+aryescommercial.com, 1
+aryesgroup.net, 1
+arysports.ml, 1
+arytmicznie.pl, 1
+arz-florian.tk, 1
+arz-online.ml, 1
+arzid.com, 1
+arzinfo.pw, 1
+arzmercury.tk, 1
+arztpraxis-kubalok.de, 1
+arzua.gal, 1
+as.roma.it, 1
+as136964.com, 1
+as136964.net, 1
+as198768.eu.org, 1
+as200351.net, 1
+as202413.net, 1
+as203145.com, 1
+as204982.net, 1
+as205794.net, 1
+as207618.net, 1
+as207960.net, 1
+as211960.net, 1
+as212993.net, 1
+as216318.net, 1
+as400566.com, 1
+as400566.net, 1
+as41073.net, 1
+as41405.net, 1
+as6369.com, 1
+as6369.net, 1
+as8423.net, 1
+asaabforever.com, 1
+asabacortoscaseros.tk, 1
+asadatec.de, 1
+asaduddinowaisi.tk, 1
+asafaweb.com, 1
+asafilm.co, 1
+asafomba.com, 0
+asakoh.co.jp, 1
+asal.tk, 1
+asana.biz, 1
+asana.com, 1
+asana.plus, 1
+asananutrition.co.uk, 1
+asancharge.tk, 1
+asandu.eu, 1
+asankomara.tk, 1
+asansol.tk, 1
+asantosdev.com, 1
+asanuma-clinic.jp, 1
+asap-advice.com.au, 1
+asap-supplies.com, 1
+asap.gov, 1
+asapboardshop.com, 1
+asaphomeinspect.com, 1
+asapstory.com, 1
+asara.tk, 1
+asart.bg, 1
+asas-tn.org, 1
+asasesoria.cl, 1
+asatahvieh.com, 1
+asato-jewelry.com, 1
+asatys-partners.com, 1
+asb.edu.my, 1
+asba2023.jp, 1
+asbaces.com, 1
+asbestos-awareness.cf, 1
+asbestos-awareness.ga, 1
+asbestos-awareness.gq, 1
+asbestos-awareness.ml, 1
+asbestosthedarkarts.com, 1
+asbf-rambouillet.fr, 1
+asbito.de, 1
+asburyparkreporter.com, 1
+asbweb.org, 1
+asc.es, 1
+ascamo.tk, 1
+ascannes-non-officiel.tk, 1
+ascar.us, 1
+ascard.net, 1
+ascauctions.com, 1
+ascc.sg, 1
+asccontracts.com, 1
+ascenderhcm.com, 1
+ascendix.com, 1
+ascension.run, 1
+ascensiongt.com, 1
+ascensionnyc.org, 1
+ascensionparishla.gov, 1
+ascensori.biz, 1
+ascentlogistics.com, 1
+ascgathering.com, 1
+aschaefer.net, 0
+aschc.co.uk, 1
+aschismatic.com, 1
+aschool.kiev.ua, 1
+asciitable.tips, 1
+ascirno.com, 1
+ascl.org.uk, 1
+asco.com.mx, 0
+ascolibasi.tk, 1
+ascolympia.nl, 0
+ascom.vi.it, 1
+ascon-profi.ru, 1
+ascormovies.com, 1
+ascpaphilatelie.eu, 1
+ascra.pt, 1
+ascultaonlineradio.ml, 1
+asd.gov.au, 0
+asdchieti.tk, 1
+asdetrifolium.com, 1
+asdf.one, 1
+asdfqwerty.duckdns.org, 1
+asdwfwqd.com, 1
+asdyx.de, 1
+asec01.net, 1
+asecla.com, 1
+asecus.ch, 1
+asegem.es, 1
+aseglobal.com, 1
+aseint.com.co, 1
+aseith.com, 1
+aseityresearch.com, 1
+aselectionoffice.gov, 1
+aselo.org, 1
+asenaru.id, 1
+asennemedia.fi, 1
+asennestudio.fi, 1
+asenno.com, 1
+aseoblog.com, 1
+aserbx.ga, 1
+asersagua.es, 1
+aserver.eu, 1
+asesecours.com, 1
+asesinosdeltarot.tk, 1
+asesor.live, 1
+asesorialigorred.es, 1
+asessiglo21.es, 1
+asexualitat.cat, 1
+asfaleianet.gr, 1
+asfalteros.cz, 1
+asfalti.it, 1
+asfberbagi.org, 1
+asfono.gov, 1
+asg-egy.com, 1
+asgapps.co.za, 1
+asgard-engineering.com, 1
+asgeirolafs.com, 1
+asgrep.com, 1
+ashastalent.com, 0
+ashburnconsulting.com, 1
+ashburnr.com, 1
+ashbusters.net, 1
+ashbyhq.com, 1
+ashbymail.com, 1
+ashbyprd.com, 1
+ashbystg.com, 1
+ashcombe.surrey.sch.uk, 1
+ashd1.goip.de, 1
+ashd2.goip.de, 1
+ashd3.goip.de, 1
+ashdodisrael.com, 1
+ashenc.gov, 1
+ashenm.ml, 1
+asher.tools, 1
+asherosborne.com, 1
+asheroto.com, 1
+ashesheriff.gov, 1
+ashesi.edu.gh, 1
+ashevillemenshealth.com, 1
+ashfak.tk, 1
+ashfordcastle.com, 1
+ashgroveclinic.com.au, 1
+ashiba-kagu.com, 1
+ashikajewellers.com.au, 1
+ashimwe.com, 1
+ashisharma.tk, 1
+ashishchamoli.com, 1
+ashlandcountywi.gov, 1
+ashlee-club.tk, 1
+ashley.net.in, 1
+ashleyadum.com, 1
+ashleykaryl.com, 1
+ashleymadison.com, 1
+ashleynicholsboudoir.com, 1
+ashleythouret.com, 1
+ashlingonline.com, 1
+ashmportfolio.com, 1
+ashotofadrenaline.net, 1
+ashraful-islam.ml, 1
+ashtabulacountyprosecutoroh.gov, 1
+ashtar.tk, 1
+ashtech.tk, 1
+ashtonbromleyceramics.co.uk, 1
+ashtonc.ca, 1
+ashtoncityid.gov, 1
+ashtonid.gov, 1
+ashtonwealth.com, 1
+ashtronaut.space, 1
+ashucg.com, 1
+ashutoshmishra.org, 1
+ashutov.rocks, 0
+ashwainfo.in, 1
+ashwaubenon.gov, 1
+asia-fhjt.com, 1
+asia-fuhui.com, 1
+asiacan.com, 1
+asiaceo.com, 1
+asiadirect.co.th, 1
+asiafaninfo.net, 1
+asiafood-curator.com, 1
+asiagate.ga, 1
+asiagps.com, 1
+asiahabit.com, 1
+asiakartu.tk, 1
+asialeonding.at, 1
+asialivenewscafe.gq, 1
+asian-goku.tk, 1
+asian-industry.eu, 1
+asian-sexfree.com, 1
+asian-sirens.net, 1
+asianbeautywholesale.com, 1
+asianbusinesscards.com, 1
+asiancolor.com, 1
+asiandickfor.me, 1
+asiandubfoundation.tk, 1
+asianet.tk, 1
+asianetbroadband.in, 1
+asiangroceronline.com.au, 1
+asianinside.tk, 1
+asianmoney.biz, 1
+asianpavilion.com, 1
+asianray.com, 1
+asianshop.com.pe, 1
+asiansnus.com, 1
+asiansongs.tk, 1
+asianspa.co.uk, 1
+asiantube.tv, 1
+asianwebcams.webcam, 1
+asiaproductsdirect.tk, 1
+asiashop.com.br, 1
+asiasmi.tk, 1
+asiaticas.cf, 1
+asiaview.ml, 1
+asiaview.tk, 1
+asiaviews.com, 1
+asiayuan.com, 1
+asiba.com.au, 1
+asier.tk, 1
+asifinclusives.tk, 1
+asiiro.com, 1
+asikoo.com, 1
+asikoo.xyz, 1
+asikpasagazetesi.tk, 1
+asile-colis.fr, 1
+asilo.roma.it, 1
+asilomar.com, 1
+asinat.by, 1
+asinetasima.com, 1
+asisee.co.il, 1
+asistencialegal.tk, 1
+asistentecx.com, 1
+asitt.nl, 1
+asiyasia.tk, 1
+ask-thenutritionist.com, 1
+ask.fi, 1
+ask.stg.fedoraproject.org, 1
+ask1.org, 1
+askapkmod.com, 1
+askaret.cz, 1
+askart.com, 1
+askartza.com, 1
+askatrans.tk, 1
+askbill.org.uk, 1
+askcaisse.com, 1
+askcascade.com, 0
+askdeliver.tk, 1
+asker-massasje.no, 1
+askerweb.cf, 1
+askeverythingonline.com, 1
+askeygeek.com, 1
+askgamblers.com, 1
+askhow.co.il, 1
+askimsin.com, 1
+askindia.tk, 1
+askjan.org, 1
+askkaren.gov, 1
+asklyrics.com, 1
+askmagicconch.com, 0
+askme-events.vip, 0
+askme-fast.tk, 1
+askme24.de, 1
+askmetutoring.com, 1
+askmetutoring.org, 1
+asko-nabytek.cz, 1
+asko-nabytok.sk, 1
+askollelectric.bg, 1
+askpam.ai, 1
+asktanzania.com, 1
+askvg.com, 1
+askwhy.cz, 1
+askwhy.eu, 1
+asla.info, 1
+aslanadam.com, 1
+aslinfinity.com, 1
+asm.io, 1
+asm802.com, 1
+asm802.es, 1
+asmbsurvey.com, 1
+asmdz.com, 1
+asmeets.nl, 1
+asmess.com, 1
+asmgroup.rs, 1
+asmm.cc, 0
+asmobox.ga, 1
+asmood.net, 1
+asmpt.com, 1
+asmr-100.com, 1
+asmr-200.com, 1
+asmr-300.com, 1
+asmr.one, 1
+asmrbuluo.com, 0
+asmui.ml, 1
+asmuncandle.com, 1
+aso.com, 1
+asoagroca.com, 1
+asoccu.ga, 1
+asocedune.com, 1
+asociacionatlas.tk, 1
+asociaciones.tk, 1
+asociacionlarueda.tk, 1
+asokan.org, 1
+asonaderi2002.tk, 1
+asoul.tw, 1
+asoziales-netzwerk.net, 1
+asp-progress.tk, 1
+asp.net, 1
+aspatrimoine.com, 0
+aspectcontext.com, 1
+aspen.gov, 1
+aspencat.tk, 1
+aspenhillsdesign.com, 1
+aspenpsychologywy.com, 1
+aspenvocational.com, 1
+asperatechnology.com, 1
+asperatechnology.cz, 1
+asperatechnology.de, 1
+aspernallee.at, 1
+asperti.com, 1
+aspews.org, 1
+asphaltfruehling.de, 1
+asphaltsolutionsnc.com, 1
+asphyxia.su, 1
+aspi.cz, 1
+aspiechattr.me, 1
+aspietechygamer.tk, 1
+aspiracloud.com, 1
+aspirantum.com, 1
+aspirateur-anti-pollution.fr, 1
+aspirateur-univers.com, 1
+aspiration.marketing, 1
+aspire-dev2.com, 1
+aspirecig.bg, 1
+aspirevc-prod.com, 1
+aspirevc.com, 1
+aspisdata.com, 1
+aspjvm.com, 1
+asportnoy.com, 1
+aspr.gov, 1
+asprion.org, 1
+asprivacy.com, 1
+asprobet.com, 1
+asproni.it, 1
+asprose.com, 1
+asps.biz, 1
+aspviress.gq, 1
+asr.cloud, 1
+asr.li, 1
+asr.rocks, 1
+asr.solar, 1
+asr9k.de, 1
+asra.gr, 1
+asral7.com, 1
+asremanoto.tk, 1
+asri.org, 1
+asriyatno.tk, 1
+asrob.eu, 0
+asrtechnology.tk, 1
+ass.org.au, 1
+assaabloy-partnerportal.com, 1
+assaabloygaragedoors.ca, 1
+assafashowroom.com, 1
+assai.com.br, 1
+assamtenders.gov.in, 1
+assanti.com, 1
+assassinasian.tk, 1
+assdecoeur.org, 1
+assedo.tk, 1
+asseenfromthesidecar.org, 1
+asseenontvonline.ru, 1
+assegaimedia.com, 1
+asselin.fr, 1
+assemblage.gq, 1
+assemblee-copropriete.fr, 1
+assemblyai.com, 0
+assemblywithoutthewalls.org, 1
+assendelft.com, 1
+assens.dk, 1
+assentis.ch, 1
+assentis.com, 1
+assentis.de, 1
+assentis.net, 1
+assentooriginal.com.br, 1
+assertion.de, 1
+assertstack.com, 1
+assessmentpractitioner.co.za, 1
+assessments.careers, 1
+assessoriati.com.br, 1
+assessorindie.tk, 1
+asset-metrix.com, 1
+assetbacked.capital, 0
+asseti.co, 1
+assetinvesting.com, 1
+assets.schwarz, 1
+assetsec.io, 1
+assetsman-assetsvalue.com, 1
+assettocorsa.tk, 1
+assguidesporrentruy.ch, 0
+assicurare.it, 1
+assid.com, 1
+assignacii.ml, 1
+assignmenthelponline.co.uk, 1
+assignmenthelpservices.com, 1
+assignments4u.com, 1
+assikerujked.tk, 1
+assiplan.it, 1
+assis.partners, 1
+assist-team.co.il, 1
+assistance-personnes-agees.ch, 1
+assistanceinparadise.com, 1
+assistantdemocraticleader.gov, 1
+assistel.com, 1
+assistentesanitario.it, 1
+assistenzaferrodastiro.org, 1
+assistenzafrigorifero.org, 1
+assistenzamicroonde.org, 1
+assistere-a-casa.it, 1
+assistere-a-domicilio.it, 1
+assistere-in-famiglia.it, 1
+assistouest.fr, 1
+assistouest.net, 1
+assistouest.shop, 1
+assmb.ly, 1
+assmgp.com, 1
+asso.com.ua, 1
+associatedgamer.com, 1
+associationguillaume.com, 0
+associationhorizon.tk, 1
+associazionerimborsi.it, 1
+associazioneterra.it, 1
+assoft.co, 1
+assomydesk.fr, 1
+asspoop.com, 1
+assr-online.com, 1
+assta.ga, 1
+assumptionla.gov, 1
+assumptionoep-la.gov, 1
+assurance-emprunteur.bzh, 1
+assurances-brg.com, 1
+assured.se, 0
+assuredspc.com, 1
+assyriatwpmi.gov, 1
+ast-nabytek.cz, 1
+asta-bar.de, 0
+astacreative.nl, 0
+astal.rs, 1
+astana.cf, 1
+astanainform.tk, 1
+astanakz.tk, 1
+astaninki.com, 1
+astano.com, 1
+astano.tk, 1
+astaoffshore.com.au, 1
+astaraday.com, 1
+astarbouncycastles.co.uk, 1
+astarforu.com, 1
+astarfrommosul.cf, 1
+astarfrommosul.ga, 1
+astarfrommosul.ml, 1
+astarmathsandphysics.com, 1
+astateoftrance.tk, 1
+asteelflash.com, 1
+astekbet.com, 1
+astellaria.ee, 1
+astengox.com, 1
+astenotarili.online, 0
+astenretail.com, 1
+astera-led.com, 1
+astera.com, 1
+asterhu.com, 1
+asterix-obelix.ga, 1
+asterobot.net, 1
+asteronline.com, 1
+astettner.de, 1
+asthamishra.com, 1
+asthma-explained.com, 1
+asthowen.com, 1
+asthowen.fr, 1
+asthrdp.com, 1
+astiamministrazioni.it, 1
+asticon.de, 1
+asticonnectedservices.com, 1
+astifan.online, 1
+astigmatic.gq, 1
+astilleroslagos.es, 1
+astleyplumbing.com, 1
+astmatiki.ru, 1
+astolfo.cool, 1
+astonbysqli.com, 1
+astonishing.tk, 1
+astore.co.uk, 1
+astorfoodservice.com, 1
+astorhospitality.com, 1
+astormueble.tk, 1
+astorship.com, 1
+astour.ee, 1
+astqx.com, 1
+astra.software, 1
+astraalivankila.net, 0
+astrakhan-gorod.ga, 1
+astrakhan.cf, 1
+astrakhan.ga, 1
+astrakhan.gq, 1
+astrakhan.ml, 1
+astrakhan.tk, 1
+astral-imperium.com, 1
+astral-prime.com, 1
+astral.com.ar, 1
+astral.gq, 1
+astral.org.pl, 1
+astralrank.com, 1
+astralriders.tk, 1
+astralus.com, 1
+astralus.de, 1
+astramundo.com, 1
+astrategicedgecoaching.com, 1
+astrath.net, 1
+astrati.com.br, 1
+astrawebhost.com, 1
+astrea-voetbal-groningen.nl, 1
+astreaspa.com, 1
+astrid-stolz.de, 1
+astro-com.co.uk, 1
+astro22.com, 1
+astro4u.tk, 1
+astroalloys.com.au, 0
+astroanaliz.com, 1
+astrociencia.tk, 1
+astrogate.tk, 1
+astrogift.cf, 1
+astrogift.ga, 1
+astrogift.gq, 1
+astrogift.ml, 1
+astrogift.tk, 1
+astrograph.io, 1
+astrojunkies.com, 1
+astrolab.tk, 1
+astroloeches.tk, 1
+astrologeminesolakoglu.com, 1
+astrologerumesh.com, 1
+astrologic.cf, 1
+astrologics.in, 1
+astrologie12.tk, 1
+astrologify.com, 1
+astrology-for-beginners.com, 1
+astrology42.com, 1
+astrolojiyorumcusu.com, 1
+astroluna.cz, 1
+astroluxe.io, 1
+astrong.pl, 1
+astronomiadecolombia.tk, 1
+astronomija.cf, 1
+astronomija.tk, 1
+astronomygcse.cf, 1
+astropackgulf.com, 1
+astropar.tk, 1
+astroscopy.ch, 0
+astrosnail.pt.eu.org, 1
+astrosoc.ml, 1
+astrosociety.org, 1
+astrosofa.com, 1
+astrostart.tk, 1
+astroteam.tk, 1
+astrovandalistas.cc, 1
+astrumadvies.nl, 1
+astsummer.tk, 1
+astucas.com, 0
+astucedirecte.tk, 1
+astucewebmaster.com, 1
+astuna.de, 1
+astur.school, 1
+asturhackers.es, 1
+astutetm.com, 1
+astutikhonda.com, 1
+astutr.co, 1
+astyork.com, 1
+astypic.fr, 1
+asual.com, 1
+asuamaytinh.com, 1
+asuclassfinder.com, 1
+asucrews.com, 1
+asufte.com, 1
+asugsvsummit.com, 1
+asuikit.com, 1
+asukalangley.tk, 1
+asun.co, 1
+asuntospropios.com, 1
+asura.in.th, 1
+asurbernardo.com, 1
+asurgiant.ca, 1
+asuro.de, 1
+asustor.com, 1
+asustreiber.de, 1
+asvsa.ch, 0
+aswakbladi.com, 1
+asweetsmile.com, 1
+aswish.com, 1
+asws.nl, 1
+asyadexpress.com, 1
+asyaturk.org, 1
+asyikbelanja.com, 1
+asylbarn.no, 1
+asylinfo.no, 1
+asylumguild.tk, 1
+asynchrono.cf, 1
+asyotec.es, 1
+asystent-dzierzawy.pl, 1
+asztrologus.eu, 1
+aszurkolassport.com, 1
+at-consulting.pl, 1
+at.search.yahoo.com, 0
+at.vg, 1
+at2-architecten.be, 1
+at5.nl, 1
+at7s.me, 1
+atabekkoleji.k12.tr, 1
+ataber.pw, 1
+atabor.tk, 1
+atacado.com.vc, 1
+atacadocervejeiro.com.br, 1
+atacadoclube.com.br, 1
+atacadodesandalias.com.br, 1
+ataclogistics.com, 1
+atacul.ro, 1
+atafu-village.tk, 1
+atahualpa.com, 1
+atakac.com, 0
+atakac.net, 0
+atalantapsicologia.es, 1
+atallo.es, 1
+atanas.ch, 1
+atanet.it, 1
+atarinew.tk, 1
+atary.tk, 1
+ataton.ch, 0
+atayia.com, 1
+atc-fr.com, 1
+atc.cuneo.it, 1
+atc.io, 0
+atcg.cc, 0
+atchisonkspolice.gov, 1
+atchleyjazz.com, 1
+atchleyjazz.org, 1
+atchleylab.org, 1
+atclan.tk, 1
+atcreform.gov, 1
+atcstl.org, 1
+atcworldaviation.com, 1
+atds.ch, 0
+ateamsport.dk, 1
+atease-salon.jp, 1
+ateasesystems.net, 1
+atebaa.ga, 1
+atec.pt, 1
+ateli.com, 1
+atelier-aleph.fr, 1
+atelier-coiffure.ch, 0
+atelier-lebreton.fr, 1
+atelier-naruby.cz, 1
+atelier-rk.com, 1
+atelier-viennois-cannes.fr, 1
+atelier20.ch, 1
+atelieraphelion.com, 1
+atelierbw.com, 1
+atelierdelacreation.com, 1
+atelierdeloulou.fr, 1
+atelierdesflammesnoires.fr, 1
+atelierfantazie.sk, 1
+atelierferro.be, 1
+atelierhsn.com, 1
+atelierjs.com, 1
+atelierkuni.jp, 1
+atelierlk.art, 1
+ateliernaruby.cz, 1
+ateliernox.com, 1
+atelierssud.swiss, 1
+atelierverbeelding.nl, 1
+atenasconservadora.com.br, 1
+atencionbimbo.com, 0
+ateneumontbui.tk, 1
+ateneupalafrugell.tk, 1
+atenolol25mg.ga, 1
+atenolol50mg.ga, 1
+atentadocumbiero.tk, 1
+aterlectric.com, 1
+ateus.net, 1
+atev.tk, 1
+atf.gov, 1
+atfonline.gov, 1
+atfstudios.tk, 1
+atgnet.com, 1
+atgoetschel.ch, 0
+atgresultat.com, 0
+atgseed.co.uk, 1
+atgseed.uk, 1
+atgweb.es, 0
+ath0.org, 0
+atheatac.com, 1
+atheism.org, 1
+atheist-refugees.com, 1
+atheistfoundation.org.au, 1
+atheistfrontier.com, 1
+athekiu.com, 1
+athelstanewiclerk.gov, 1
+athemis.de, 1
+athena-security.net, 1
+athenainvestmentsystems.com, 1
+athenainvsys.com, 1
+athenainvsys.net, 1
+athenaspark.com, 1
+athenasystems.com, 1
+athenasystems.net, 1
+atheneum-partners.cn, 1
+athensdrunktour.com, 1
+athensil.gov, 1
+athenstn.gov, 1
+athensvantours.com, 1
+athensvantours.gr, 1
+athensvillageny.gov, 1
+athensvintagetours.com, 1
+athensvt.gov, 1
+atherosense.ga, 1
+athicart.com, 1
+athleticstore.bg, 1
+athlin.de, 1
+athome-nextcloud.ddns.net, 1
+athomedeco.fr, 1
+athorcis.ovh, 1
+athoris.net, 1
+athritisexplained.com, 1
+atide.cf, 1
+atigerseye.com, 1
+atik.kr, 0
+atiku2007.tk, 1
+atila.io, 1
+atilo.sh, 1
+atimba.com, 1
+atimo.dj, 1
+atinylittle.space, 1
+atis-ars.ru, 0
+atis.net, 1
+atishchenko.com, 1
+atisoft.biz.tr, 1
+atisoft.com.tr, 1
+atisoft.name.tr, 1
+atisoft.net, 1
+atisoft.net.tr, 1
+atisoft.web.tr, 1
+atisoftbarkodetiket.com.tr, 1
+atisoftseo.com, 1
+atisoftwebtasarim.com, 1
+atisoftwebyazilim.com, 1
+ativaplayfitness.com.br, 1
+ativapsicologia.com.br, 1
+atix.tk, 1
+atizanvip.com, 1
+atk-huolto.com, 1
+atk-nexus.tech, 1
+atk.me, 1
+atkinshealthcenter.com.au, 1
+atkstore.com, 1
+atl-paas.net, 0
+atlacademy.org, 1
+atlan.digital, 1
+atlan.nl, 1
+atlantacustomfab.com, 1
+atlantahealthcare.tk, 1
+atlantajewishconnector.com, 1
+atlantajewishlifefestival.com, 1
+atlantareroof.com, 1
+atlantatai.org, 1
+atlantclinical.com, 1
+atlantica.tk, 1
+atlanticbeachacademy.com, 1
+atlanticcitycasino.news, 1
+atlanticcitycasinonews.com, 1
+atlanticcityweekly.com, 1
+atlanticdatastream.ca, 1
+atlanticfcu.com, 1
+atlantichearingcare.com, 1
+atlantichomes.com.au, 1
+atlanticmarina.com, 1
+atlanticpediatricortho.com, 1
+atlanticradio.fr, 1
+atlanticwatches.ch, 1
+atlantida-amber.org, 1
+atlantik.ml, 1
+atlantik.tk, 1
+atlantikwall.ga, 1
+atlantischild.hu, 1
+atlantishop.si, 1
+atlantismd.com, 1
+atlantiswaterproofing.com, 0
+atlantium.tk, 1
+atlarytm1x.com, 1
+atlas-5.site, 1
+atlas-multimedia.de, 1
+atlas-sat.tk, 1
+atlas-staging.ml, 1
+atlas.computer, 1
+atlas.md, 1
+atlasams.com, 1
+atlasauthority.com, 1
+atlasbridge.com, 1
+atlasbrown.com, 1
+atlasbus.by, 1
+atlasbus.pl, 1
+atlasbus.ru, 1
+atlascloud.cn, 1
+atlascoffeeclub.com, 1
+atlascultural.com, 1
+atlasdev.io, 1
+atlasdev.nl, 1
+atlasdog.org, 1
+atlasescorts.com, 1
+atlasgaming.ma, 0
+atlasleeuwen.tk, 1
+atlaso.cz, 1
+atlasone.us, 1
+atlasrealestates.com, 1
+atlasreclame.nl, 1
+atlassen.com, 1
+atlassian.net, 1
+atlassignsandplaques.com, 1
+atlastax.ga, 1
+atlastaxi.eu, 1
+atlastravelvic.com.au, 1
+atlastube.com, 1
+atlasuno.com, 1
+atlaswu.com, 1
+atlcoaters.com, 1
+atletico-guacuano.tk, 1
+atleticocearense.com.br, 1
+atletika.hu, 1
+atletismomacotera.tk, 1
+atlon-nn.ru, 0
+atm-erasmus.com, 1
+atm.net, 1
+atmalta.com, 1
+atmelook.com, 1
+atmetalwork.com, 1
+atmi-zo.gr, 1
+atmilanomoda.com, 1
+atmind.nl, 1
+atmmantenimiento.co, 1
+atmmasterplan.eu, 1
+atmocdn.com, 0
+atmondigital.com, 0
+atmos.tk, 1
+atmosferno.cf, 1
+atmospheremarketingwy.com, 1
+atmox.eu, 1
+atmoz.tk, 1
+atmydesk.tech, 1
+atnis.com, 1
+atnteam.tk, 1
+atobtransfer.com, 1
+atolm.net, 1
+atom-china.org, 1
+atom86.net, 1
+atombase.org, 1
+atomeus.nl, 1
+atomic-bounce.com, 1
+atomic-corals.de, 1
+atomic.radio, 1
+atomicanet.tk, 1
+atomicbounce.co.uk, 1
+atomicecho.com, 1
+atomicheart.tk, 1
+atomichomehealth.com, 1
+atomickitteninternational.tk, 1
+atomictag.com, 1
+atomik.biz, 1
+atomism.com, 1
+aton-ensemble.tk, 1
+atonibai.com, 1
+atope.art, 1
+atopy-sendai.com, 1
+atorcidabrasileira.com.br, 1
+atovelin.gq, 1
+atovelin.tk, 1
+atozeventrentalsofpa.com, 1
+atp-autoteile.de, 1
+atplonline.co, 1
+atproducts.xyz, 1
+atpx.com, 1
+atraining.ru, 1
+atrands.com, 1
+atrasglobal.com, 1
+atresclick.com, 0
+atrevillot.com, 1
+atrexservices.com, 1
+atriaresort.ro, 1
+atrias.net, 1
+atriballi.com.br, 1
+atrinik.org, 1
+atris-qa.media, 1
+atris.media, 1
+atriumschool.gr, 1
+atrogi.com, 1
+atrs2023kobe.com, 1
+ats.net, 1
+atspeeds.com, 1
+att-lda.pt, 1
+attac.us, 1
+attanasioluigi.tk, 1
+attatroll.de, 1
+attawauganfirect.gov, 1
+attcleaning.com, 1
+atte.fi, 1
+attechnical.co.uk, 1
+attekaleva.fi, 1
+attendanceondemand.com, 1
+attendantdesign.com, 1
+attendhealth.com, 1
+attendu.cz, 1
+attengo.ga, 1
+attention.horse, 1
+attentionpleats.com.tw, 1
+attesawp.com, 1
+atthehelmins.com, 1
+attic-design.com, 1
+atticusblog.com, 1
+attilavandervelde.nl, 1
+attiliospagnolo.it, 1
+attinderdhillon.com, 1
+attireaccessories.com, 1
+attiremr.tk, 1
+attitudes-bureaux.fr, 1
+attivazioneveloce.it, 1
+attlane.fr, 1
+attoch.org, 1
+attogtech.com, 1
+attorneybiographies.ga, 1
+attorneybiographiesest.ga, 1
+attorneyrebeccawhittington.com, 1
+attosoft.tk, 1
+attractant.com, 1
+attractieparken.tk, 1
+attsavings.com, 1
+atttrainings.com, 1
+attuned.se, 1
+attwood.org, 1
+attyhub.com, 1
+atuallemoveis.ind.br, 1
+atuendomr.com, 1
+atugan.com, 1
+atunel.tk, 1
+atvirtual.at, 1
+atvlifesaver.net, 1
+atvsafety.gov, 1
+atwatermn.gov, 1
+atwel.de, 1
+atwey.fr, 1
+atwk.io, 1
+atwonline.org, 1
+atworktechnology.com.au, 1
+atxchirocoverage.com, 1
+atyourleisureculinary.com, 1
+atyourprice.net, 1
+atyourscreen.com, 1
+atyourscreen.events, 1
+atypicom.es, 1
+atypicom.it, 1
+atypicom.pt, 1
+atyuan.me, 1
+atyuan.one, 1
+atyum.com, 1
+atzenchefin.de, 1
+atzeneta.tk, 1
+atzzz.com, 1
+au-be.net, 1
+au-inter.net, 1
+au.by, 1
+au.search.yahoo.com, 0
+au.zj.cn, 1
+au2pb.net, 1
+au2pb.org, 1
+aubassadeurs-airfly.fr, 1
+aubassadeurs.fr, 1
+aubay.it, 1
+aubcon.com, 1
+aubepine-restaurant.com, 1
+aubergegilly.ch, 0
+aubio.org, 1
+auburn-housekeeper.com, 1
+auburnma.gov, 1
+auburnmi.gov, 1
+auburnpub.com, 1
+auc.ch, 1
+aucarresainteloi.com, 1
+aucc.org.nz, 1
+aucem.com, 1
+aucielrose.com, 1
+auckland-lawyer.co.nz, 1
+auckland-painter.co.nz, 1
+aucklandadventurejet.co.nz, 1
+aucklandcastles.co.uk, 1
+aucoindubloc.com, 1
+aucoindufruit.fr, 1
+auction.com, 1
+auctionbv.tk, 1
+audatopaz.com, 1
+aude-mdb-hypnose.fr, 1
+audencia.com, 0
+audian.com, 1
+audible, 1
+audiclubbahrain.com, 1
+audifs.com, 1
+audilio.it, 1
+audio-extractor.net, 1
+audio-joiner.com, 1
+audio.servemp3.com, 1
+audiobit.es, 1
+audioblackmagic.com, 1
+audiobone.com, 1
+audiobookstudio.com, 1
+audioboom.com, 1
+audioboomers.ga, 1
+audiocd.tk, 1
+audiocinemateca.com, 1
+audioconspiracy.tk, 1
+audiofrases.com, 1
+audiohub.com, 1
+audiohub.de, 1
+audiohub.fr, 1
+audiokinetic.com, 1
+audiolibri.org, 1
+audiologistdirectory.com, 1
+audiolot.com, 1
+audiomedica.com, 1
+audiomind.tk, 1
+audiomir.tk, 1
+audion.cc, 1
+audionamix.com, 1
+audionpack.de, 1
+audioonly.stream, 1
+audioplugin.deals, 1
+audiorental.net, 1
+audios.tk, 1
+audioscenic.co.uk, 1
+audioscenic.uk, 1
+audioschoolonline.com, 1
+audiosciencereview.com, 1
+audioslave.tk, 1
+audiotrace.tk, 1
+audiovegas.com, 1
+audiovisualmurciano.tk, 1
+audisto.com, 1
+audit.one, 1
+audit.ovh, 1
+auditingfirm.tk, 1
+audition-radio.tk, 1
+auditiontapes.co.uk, 1
+auditmatrix.com, 1
+auditore-host.tk, 1
+auditorwashingtoncountyohio.gov, 1
+auditos.com, 1
+auditsquare.com, 1
+audleyconstruction.tk, 1
+audreyhossepian.fr, 0
+audreyjudson.com, 1
+auenhof-agrar.de, 1
+auerbach-verlag.de, 1
+auf-feindgebiet.de, 1
+aufeergroup.eu, 1
+aufeerjob.cz, 1
+aufildemesidees.fr, 1
+aufmerksamkeitsstudie.com, 1
+aufprise.de, 1
+aufschieben.com, 1
+aufwachzeit.at, 1
+aufwachzeit.com, 1
+aufwecken.dynu.net, 1
+augehost.com, 1
+augendre.info, 1
+augenklappe.com, 1
+augenlaser-chemnitz.de, 1
+augenlaser-dresden.de, 1
+augenlasercenter-dresden.de, 1
+augenlaserzentrum-dresden.com, 1
+augenlaserzentrum-dresden.de, 1
+augenlaserzentrum-dresden.eu, 1
+augeo.pt, 1
+augesen.tk, 1
+augix.net, 1
+augmedia.com, 1
+augmedix.com, 1
+augmentable.de, 0
+augmentin.ga, 1
+augmentin.gq, 1
+augmentines600.ga, 1
+augredutemps.ca, 1
+augur.us, 1
+auguri-shop.ro, 1
+august-hoegn.tk, 1
+august.me, 1
+augusta-apotheke.nrw, 1
+augustaky.gov, 1
+augustanews.tk, 1
+augustian-life.cz, 1
+augustiner-kantorei-erfurt.de, 1
+augustiner-kantorei.de, 1
+augustus.lt, 1
+auk.hopto.org, 1
+aukanaw.tk, 1
+aukaraoke.su, 1
+aukcioon-domenov.cf, 1
+aukcioon-domenov.gq, 1
+aukcioon-domenov.ml, 1
+aukhygiene.com, 1
+auksnest.ca, 1
+aulacaribemar.com, 1
+auladerepaso.com, 0
+aulaschrank.gq, 1
+aulasprofdanilo.com.br, 1
+aulialaundry.cf, 1
+aulica-conseil.com, 1
+aultcolorado.gov, 1
+aum.edu.kw, 1
+aumigona.com, 1
+aumilieudumonde.gf, 1
+aunali1.com, 1
+auntiesnorkel.com, 1
+auntmia.com, 1
+aunto.xyz, 1
+aupadenis.com, 1
+aupair.com, 1
+aupapa.com, 1
+aupaysdesanes.com, 1
+auplidespages.fr, 1
+auqi.com, 1
+aur.rocks, 1
+aura.moe, 1
+aura7chakr.com, 1
+aurabasketball.com, 1
+aurabasketball.fr, 1
+aurabeautyhub.com, 1
+aurac.org.nz, 1
+aurahiemis.tk, 1
+auralia.cloud, 1
+auralia.net, 1
+auraliafirst.com, 1
+auraliamusic.com, 1
+auralinna.blog, 1
+aurantis.it, 1
+aurbrowser.tk, 1
+aurelharmoniebeaute.fr, 1
+aureliavelvet.org, 1
+aurelie-valognes.com, 1
+aurelieburn.fr, 1
+aureliecharlesguillot.com, 1
+aurelien-duchene.fr, 1
+aurelienaltarriba.fr, 1
+aurelvoica.ro, 1
+aureshotels.com, 1
+auribus.io, 1
+auricblue.com, 1
+auricom.tk, 1
+auriga.com, 1
+aurigaapp.org, 1
+aurigadebtadvice.org.uk, 1
+aurigafuel.co.uk, 1
+aurigaservicesapp.co.uk, 1
+aurika.ag, 1
+auriko-games.de, 1
+auristelasaavedra.tk, 1
+aurnik.com, 1
+aurobindodash.tk, 1
+auronfencing.com.au, 1
+aurora-nexus.org, 1
+aurora.net.au, 0
+aurora403.com, 1
+aurora911.net, 1
+auroracloud.com.au, 1
+auroramarionvillepd-mo.gov, 1
+auroranianoxx.net, 1
+auroraofficefurniture.com.au, 1
+aurorarecordings.com, 1
+auroravtc.com, 1
+aurory.io, 1
+auroz.video, 1
+aurtho.com, 1
+aurumkoins.tk, 1
+ausat.net, 1
+ausbildung-rbg.de, 1
+ausbildungsmesse-digital.de, 1
+ausbrightfacilities.com.au, 1
+auscanalliancecorp.com, 1
+auscert.org.au, 1
+auscube.tk, 1
+auscultador.com, 1
+auscultador.net, 1
+auscultador.org, 1
+auscultadores.net, 1
+auscultadores.org, 1
+auseal.au, 1
+ausec.ch, 0
+auservicedeschiens.com, 1
+ausfin.com, 1
+ausfinex.com, 1
+ausgesprochen.com, 1
+ausielogistics.com.au, 1
+auskast.com, 1
+auskate.tk, 1
+auskunftsbegehren.at, 1
+ausmwoid.de, 1
+ausncp.gov.au, 1
+auspicacious.org, 1
+ausruestungen.com, 1
+aussagen.com, 1
+ausschreibungen-suedtirol.it, 1
+ausset.me, 1
+aussiebum.com, 1
+aussiefinances.com.au, 1
+aussiefunadvisor.com, 0
+aussiemilfs.com, 1
+aussieofficefitout.com.au, 1
+aussieofficefurniture.com, 1
+aussieservicedown.com, 1
+aussiesmostlifted.com.au, 1
+aussiesnus.com, 1
+aussiestoresonline.com, 0
+austcm.com.au, 1
+austenplumbing.com, 1
+austercita.tk, 1
+austin-pearce.com, 1
+austin-security-cameras.com, 1
+austinbestdjs.com, 1
+austincardiac.com, 1
+austinchase.com, 1
+austincosmetic.com, 1
+austinhartzheim.me, 1
+austinlaw.co.uk, 1
+austinonline.tk, 1
+austinoverheaddoorcompany.com, 1
+austinsutphin.com, 1
+austinuniversityhouse.com, 1
+australiabusinessblog.com, 1
+australiadaily.ga, 1
+australiaday.com.au, 1
+australiainvest.info, 1
+australiajetcharter.com, 1
+australian.dating, 1
+australian.tk, 1
+australianairbrushedtattoos.com, 1
+australianairbrushedtattoos.com.au, 1
+australianattractions.com.au, 1
+australiancattle.dog, 1
+australiancurriculum.edu.au, 1
+australianhimalayanfoundation.org.au, 1
+australianhomemade.com, 1
+australianimmigrationadvisors.com.au, 1
+australianjewishnews.com, 1
+australianonlineappliances.ga, 1
+australianpropertyanalytics.ga, 1
+australiantales.com, 0
+australiantemporarytattoos.com, 1
+australiantemporarytattoos.com.au, 1
+australien-tipps.info, 1
+austriablog.de, 0
+austriaguide.tk, 1
+austriahikingtours.tk, 1
+austriantekken.tk, 1
+austriatravel.tk, 1
+austromorph.space, 1
+auszeit-lanzarote.com, 1
+auszeit-walsrode.de, 1
+auszeit.bio, 1
+autantic.fr, 1
+auteldesbrumes.com, 1
+autenticismo.tk, 1
+autenticoperfumes.com.br, 1
+autereband.tk, 1
+auth.adult, 1
+auth.mail.ru, 1
+authanet.ga, 1
+authcom.ca, 1
+authcom.com, 1
+authenteak.com, 1
+authenticate.be, 1
+authenticate.computer, 1
+authentication.directory, 1
+authentick.cloud, 1
+authentick.online, 1
+authentick.systems, 1
+authic.io, 1
+authinfo-bestellen.de, 1
+authinity.com, 0
+authland.com, 1
+author-it.com, 1
+author.cn, 1
+author24.biz, 1
+author24.info, 1
+authorise.computer, 1
+authorise.network, 1
+authoritysolutions.com, 1
+authorize.computer, 1
+authorize.network, 1
+authorwise.com, 1
+authress.io, 1
+authsrv.nl.eu.org, 1
+autism-explained.com, 1
+autisme-france.fr, 1
+autismewoerden.nl, 1
+autista.roma.it, 1
+autisten.club, 1
+autistici.org, 1
+auto-albrecht.de, 1
+auto-anleitung.de, 1
+auto-arsenal.tk, 1
+auto-borse.tk, 1
+auto-dealership-news.com, 1
+auto-delchev.com, 1
+auto-ecole-remparts.fr, 1
+auto-help.tk, 1
+auto-i-dat.ch, 1
+auto-market.tk, 1
+auto-none.com, 1
+auto-parts-store.tk, 1
+auto-plus.tn, 1
+auto-profy.com.ua, 1
+auto-quote.ga, 1
+auto-rahbari.de, 1
+auto-reklame.tk, 1
+auto-res.ru, 1
+auto-skills.ru, 1
+auto1.fi, 1
+auto10dacte.com, 1
+auto2019.net, 1
+auto365haiphong.com, 1
+autoaccident.com, 1
+autoambulanza.it, 1
+autoamor.com.br, 1
+autoangels.ga, 1
+autoankaufen.com, 1
+autoapk.com, 1
+autoarena.fr, 1
+autoauctionsarizona.com, 1
+autoauctionsohio.com, 1
+autoauctionsvirginia.com, 1
+autoaudio.pt, 0
+autobarn.co.nz, 1
+autobazarcentrum.cz, 1
+autobedrijfgarant.nl, 1
+autobella-hurtownia.pl, 1
+autobelle.it, 1
+autobelt.com, 1
+autobiz.tk, 1
+autoblog-de.com, 1
+autoblogs.ml, 1
+autobot.com.ua, 1
+autobourcier.com, 1
+autobraga.ru, 1
+autobus.roma.it, 1
+autobuseros4ever.tk, 1
+autobusesonline.tk, 1
+autobusiness.ml, 1
+autocadperfmon.azurewebsites.net, 1
+autocardesign.org, 1
+autocartruck.com, 1
+autocashmachine.tk, 1
+autocenters.ca, 1
+autocheck.co.nz, 1
+autocirkel.tk, 1
+autoclassics.com, 1
+autocmall.com, 1
+autocoder.chat, 1
+autoconcept.ga, 1
+autoconcept.tk, 1
+autocorner.com, 1
+autocross.tk, 1
+autocrossfoto.tk, 1
+autocrossonline.tk, 1
+autocrossteam-martens.tk, 1
+autocrossteam-monein.tk, 1
+autocrossteam.tk, 1
+autocrypt.org, 1
+autodach.com, 1
+autodalas.com, 1
+autodeal.com.ph, 1
+autodekor.com, 1
+autodemolizioni.roma.it, 1
+autodidactic.ai, 1
+autodidacticstudios.com, 1
+autodidacticstudios.net, 1
+autodidacticstudios.org, 1
+autodocument.tk, 1
+autodynamics.tk, 1
+autoecoledumontblanc.com, 1
+autoeet.cz, 1
+autoelettricaperbambini.com, 1
+autoentrepreneurinfo.com, 1
+autoepc.ro, 1
+autoescolapontual.com.br, 1
+autoeshop.eu, 1
+autoexprez.com, 1
+autofficina.roma.it, 1
+autofinancing.ga, 1
+autofornal.pl, 1
+autofresh.tk, 1
+autogarag.ru, 1
+autogear.ga, 1
+autoglascenter.com, 1
+autoglass.com.my, 1
+autohaus-brueggemann.de, 1
+autohausmf-nord.de, 1
+autohaussued.de, 0
+autohaussued.gmbh, 1
+autohero.com.au, 1
+autohit.ro, 1
+autohomehub.com, 1
+autohunt.ga, 1
+autohut.ca, 1
+autohuttruckcenter.ca, 1
+autoi.ch, 1
+autoidc.com, 1
+autoinfa.tk, 1
+autoinkoop.tk, 1
+autoinsurancehavasu.com, 1
+autojur.com.br, 1
+autokasko.tk, 1
+autokino-sachsen.de, 1
+autoklub.cz, 1
+autoknife.cf, 1
+autokontinent.ml, 1
+autokovrik-diskont.ru, 1
+autokredit.org, 1
+autolackierung-sadiki.de, 1
+autolatex.cf, 1
+autolawetawroclaw.pl, 1
+autoleaders.gr, 1
+autoledky.sk, 1
+autolet.tk, 1
+autologix.io, 1
+automaatic.com, 1
+automacity.com, 1
+automacro.com, 1
+automagischeberegening.nl, 1
+automasrl.it, 1
+automastercastlerock.com, 1
+automatentest.de, 1
+automaticmsp.com, 1
+automation-tools.stream, 1
+automationpro.me, 1
+automationstore.ga, 1
+automatyczna-identyfikacja.pl, 1
+automechanicschooledu.org, 1
+automeeting.com, 1
+automekano.com, 0
+automekbromma.se, 1
+automiata.de, 1
+automir.online, 1
+automobile-detail.com, 1
+automobile-gadgets.ru, 1
+automobile-propre.com, 1
+automobileescrowers.ga, 1
+automobileescrowest.ga, 1
+automods.com.au, 1
+automodulegods.com, 1
+automotive.org.ua, 1
+automotiveabundant.ga, 1
+automotiveadaptive.ga, 1
+automotiveagenda.ga, 1
+automotiveamazing.ga, 1
+automotiveanchor.ga, 1
+automotiveappeal.ga, 1
+automotivearrow.ga, 1
+automotiveatlantic.ga, 1
+automotiveavatar.ga, 1
+automotivebad.ga, 1
+automotiveblaster.ga, 1
+automotiveboulevard.ga, 1
+automotivebounce.ga, 1
+automotivebrands.tk, 1
+automotivebrowse.ga, 1
+automotivebuller.ga, 1
+automotivecarnival.ga, 1
+automotivecaster.ga, 1
+automotivecharm.ga, 1
+automotivecheapest.ga, 1
+automotivecircus.ga, 1
+automotivecity.tk, 1
+automotiveclassy.ga, 1
+automotiveclearance.ga, 1
+automotiveclient.ga, 1
+automotivecommission.ga, 1
+automotiveconnect.tk, 1
+automotivecorporation.ga, 1
+automotivecrawler.ga, 1
+automotivecrunch.ga, 1
+automotivecurious.ga, 1
+automotivedelta.ga, 1
+automotivedepot.ga, 1
+automotivedesigning.ga, 1
+automotivedestination.ga, 1
+automotivedodge.ga, 1
+automotivedollar.ga, 1
+automotiveduck.ga, 1
+automotiveeagle.ga, 1
+automotiveeastside.ga, 1
+automotiveepic.ga, 1
+automotiveexcel.ga, 1
+automotivefame.ga, 1
+automotivefeature.ga, 1
+automotiveflag.ga, 1
+automotiveflower.ga, 1
+automotivegang.ga, 1
+automotivegecko.ga, 1
+automotivegeo.ga, 1
+automotiveglory.ga, 1
+automotivego.tk, 1
+automotivegoddess.ga, 1
+automotivegorilla.ga, 1
+automotivegrace.ga, 1
+automotivegratis.ga, 1
+automotivegroove.ga, 1
+automotivegroup-usedcars.be, 1
+automotivegun.ga, 1
+automotivehands.ga, 1
+automotivehard.ga, 1
+automotivehotrod.ga, 1
+automotiveinfo.tk, 1
+automotiveintergrity.ga, 1
+automotivejackpot.ga, 1
+automotivejewel.ga, 1
+automotivejoker.ga, 1
+automotiveknight.ga, 1
+automotiveletter.ga, 1
+automotivelightning.ga, 1
+automotiveloco.ga, 1
+automotivelucky.ga, 1
+automotivemain.ga, 1
+automotivemanagementnetwork.com, 1
+automotivemarks.ga, 1
+automotivemeasure.ga, 1
+automotivemechanic.org, 0
+automotivemessenger.ga, 1
+automotivemeta.ga, 1
+automotivemetric.ga, 1
+automotivemillions.ga, 1
+automotivenano.ga, 1
+automotivenatural.ga, 1
+automotivenature.ga, 1
+automotivenetwork.tk, 1
+automotivenight.ga, 1
+automotivenobel.ga, 1
+automotivenormal.ga, 1
+automotiveocity.ga, 1
+automotiveoffline.ga, 1
+automotiveomatic.ga, 1
+automotiveonline.tk, 1
+automotiveopedia.ga, 1
+automotiveopplis.ga, 1
+automotiveoriginal.ga, 1
+automotiveouter.ga, 1
+automotivephase.ga, 1
+automotivepirates.ga, 1
+automotiveplatinum.ga, 1
+automotivepositive.ga, 1
+automotiveprecision.ga, 1
+automotivepremium.ga, 1
+automotivepriority.ga, 1
+automotivepronto.ga, 1
+automotivepure.ga, 1
+automotiverainforest.ga, 1
+automotiverapid.ga, 1
+automotiverater.ga, 1
+automotiverates.ga, 1
+automotiveraven.ga, 1
+automotivereadset.ga, 1
+automotivereps.ga, 1
+automotiverex.ga, 1
+automotiverings.ga, 1
+automotiveroom.tk, 1
+automotiverunners.ga, 1
+automotivescapes.ga, 1
+automotivescribe.ga, 1
+automotivesedona.ga, 1
+automotivesession.ga, 1
+automotiveshake.ga, 1
+automotiveshuffle.ga, 1
+automotivesleuth.ga, 1
+automotivesource.tk, 1
+automotivesouthbeach.ga, 1
+automotivespicy.ga, 1
+automotivesplash.ga, 1
+automotivesprint.ga, 1
+automotivestick.ga, 1
+automotivestore.tk, 1
+automotivestreaming.ga, 1
+automotivestyle.tk, 1
+automotivesugar.ga, 1
+automotivesunflower.ga, 1
+automotivesurprise.ga, 1
+automotivesustain.ga, 1
+automotivethunder.ga, 1
+automotivetimes.tk, 1
+automotivetreat.ga, 1
+automotiveturbo.ga, 1
+automotiveuk.tk, 1
+automotiveultra.ga, 1
+automotiveurban.ga, 1
+automotivevariety.ga, 1
+automotivevector.ga, 1
+automotivevisual.ga, 1
+automotivewidget.ga, 1
+automotivewish.ga, 1
+automotiveworth.ga, 1
+automotiveyankee.ga, 1
+automoto-tom.net, 1
+automuovifix.fi, 1
+automuse.com, 1
+autonewsreview.com, 1
+autonewssite.com, 1
+autonoleggio.milano.it, 1
+autonome-treinen.tk, 1
+autoofficina.it, 1
+autopacking.com, 1
+autopapo.com.br, 1
+autopark-ost-fichtner.de, 1
+autoparts-for-foreigncars.tk, 1
+autoparts-russia.ru, 1
+autoparts.im, 1
+autoparts.sh, 1
+autoparts.wf, 1
+autopartso.com, 1
+autopartsprime.com, 1
+autopaulito.pt, 1
+autopilotapp.com, 1
+autopistadelitata.cl, 1
+autopocket.co, 1
+autopod.com, 1
+autoporn.com, 1
+autoportal.tk, 1
+autopril.com, 1
+autoprogconsortium.ga, 1
+autopsy.com, 1
+autopsyhouston.com, 1
+autorabit.com, 1
+autorai.nl, 1
+autorama.cf, 1
+autorecoveryandtowing.com, 1
+autorefuellings.com, 1
+autorefuellings.ru, 1
+autoreinigung-noack.de, 1
+autorepguide.com, 1
+autorepmans.com, 1
+autoresponderilimitado.tk, 1
+autoreview.ml, 1
+autorijschooljohanbos.nl, 1
+autorijschoolrichardschut.nl, 1
+autorisweb.com, 1
+autorizaciones.com, 1
+autos-mertens.com, 1
+autos-motos.fr, 1
+autosalesmachine.net, 1
+autosalone.roma.it, 1
+autosan-vykup.ru, 1
+autosbodyest.ga, 1
+autoschade-mosman.nl, 1
+autoschadeschreuder.nl, 1
+autoschadevdberg.tk, 1
+autoschool.ga, 1
+autoscoops.tk, 1
+autoscreens.com.au, 1
+autoscuola.roma.it, 1
+autosdsg.ca, 1
+autosecurityfinance.com, 1
+autoshopsolutions.com, 0
+autosiero.nl, 1
+autoskolaplzen.cz, 1
+autosneed.com, 1
+autosoftdms.com, 1
+autosolution.tk, 1
+autosprint.tk, 1
+autospurghi.milano.it, 1
+autospurgo.com, 1
+autospurgo.it, 1
+autospurgo.milano.it, 1
+autospurgo.name, 1
+autosrivada.com, 0
+autostationsest.ga, 1
+autostodulky.cz, 1
+autostop-occasions.be, 1
+autostrady.tk, 1
+autostramites.com, 1
+autostramites.com.ar, 1
+autosupirkimas.tk, 1
+autoteched.com, 1
+autoteplo.org, 1
+autoterminus-used.be, 0
+autotimez.com, 1
+autotitleloansnu.ga, 1
+autoto.hr, 1
+autotonic.tk, 1
+autotrac.com.br, 1
+autotransportquoteservices.com, 1
+autotras.com, 1
+autotriumph.ru, 1
+autouncle.at, 1
+autouncle.co.uk, 1
+autouncle.com, 1
+autouncle.de, 1
+autouncle.dk, 1
+autouncle.fi, 1
+autouncle.fr, 1
+autouncle.it, 1
+autouncle.pl, 1
+autouncle.pt, 1
+autouncle.ro, 1
+autouncle.se, 1
+autoverhuur-tilburg.nl, 0
+autovesti.cf, 1
+autovesti.tk, 1
+autoviral.cf, 1
+autoviral.ga, 1
+autoviral.gq, 1
+autoviral.ml, 1
+autoviral.tk, 1
+autowallpapers.tk, 1
+autowatch.tk, 1
+autoweek.nl, 1
+autowerkstatt-puchheim.de, 1
+autozaz.ml, 1
+autozen.com.co, 1
+autozuki.com, 1
+autres-talents.fr, 1
+autumnhungary.tk, 1
+autumnmanor.com, 1
+autya.ga, 1
+auverdrift.ovh, 1
+auvernet.org, 1
+auversum.com, 1
+auvicom.nl, 1
+auvidos.ru, 1
+auviewpoint.tk, 1
+aux-arts-de-la-table.com, 1
+aux-bonnes-affaires-by-alf.fr, 1
+aux-scape.tk, 1
+auxbrinstresses.fr, 1
+auxessenceselfiques.fr, 1
+auxiliame.com, 1
+auxilius.be, 1
+auxmode.com, 1
+av-dnepr.com.ua, 1
+av-planet.si, 1
+av-th.net, 1
+av-yummy.com, 1
+av01.tv, 1
+av0ndale.de, 1
+av163.cc, 1
+ava-creative.de, 0
+ava-sky.ga, 1
+ava-software.at, 1
+avaamo.com, 1
+avaaz.org, 1
+avacariu.me, 1
+avacatossiu.tk, 1
+avaclub.ga, 1
+avacourcelles.com, 1
+avaemr-development-environment.ca, 1
+avaeon.com, 1
+avagroup.ga, 1
+avai.la, 1
+available.direct, 1
+availablecastles.com, 1
+availablereportsest.ga, 1
+avakore.com, 0
+avalancha.tk, 1
+avaland.tk, 1
+avalaunchmedia.com, 1
+avalon-ami.tk, 1
+avalon-rpg.com, 1
+avalon-studios.de, 1
+avalonaccess.com, 1
+avalonartstudio.com, 1
+avalonbelltown.com, 0
+avalondevelopment.tk, 1
+avalontechsv.com, 1
+avalyuan.com, 1
+avamax.cz, 1
+avaminoo.com, 1
+avamix.com, 1
+avanad.biz, 1
+avanad.com, 1
+avanade-consulting.com, 1
+avanade.biz, 1
+avanade.ca, 1
+avanade.cm, 1
+avanade.co.in, 1
+avanade.com.br, 1
+avanade.com.es, 1
+avanade.com.sg, 1
+avanade.consulting, 1
+avanade.in, 1
+avanade.info, 1
+avanade.jobs, 1
+avanade.name, 1
+avanade.net, 1
+avanade.org, 1
+avanadeblog.com, 1
+avanadeconsulting.com, 1
+avanadeonline.com, 1
+avancen.com, 1
+avangard-bg.com, 1
+avangard-tovar.tk, 1
+avangard.tk, 1
+avangardmobile.ru, 1
+avanguardia.tk, 1
+avangvpn.ga, 1
+avanovum.de, 1
+avansyourself.nl, 1
+avantagetaxi.ru, 1
+avantcoequipment.com, 1
+avantcoice.com, 1
+avantcorefrigeration.com, 1
+avanteinversiones.es, 1
+avantikachair.com, 1
+avanza.ps, 0
+avanzagrupo.com, 1
+avaralar.tk, 1
+avarcom.tk, 1
+avarie.ru, 1
+avariya.tk, 1
+avarom.ir, 1
+avarty.com, 1
+avastantivirus.ro, 1
+avasu.com, 1
+avatarka.tk, 1
+avatedu.com, 1
+avaxprices.com, 1
+avay.vn, 1
+avcipets.com, 1
+avclub.com, 1
+avdagic.net, 1
+avday.tv, 1
+ave.zone, 1
+aveamcorp.com, 1
+aveapps.com, 0
+aveclunettesoleil.fr, 1
+avedesk.org, 0
+avelecollege.edu.ws, 1
+avelengo.org, 1
+avelinodiaz.gal, 1
+avellinotoday.it, 1
+aveloair.com, 1
+avelon.cloud, 1
+avelux.ru, 1
+avenad.com, 1
+avenad.net, 1
+avenade.com, 1
+avenade.net, 1
+avenade.org, 1
+avengepet.eu.org, 1
+avengersonline.ml, 1
+avengersonlinemovie.ga, 1
+avenir-now.at, 1
+avenir-now.ch, 1
+avenir-now.com, 1
+avenir-now.de, 1
+avensure.com, 1
+aventure-chasse-peche.com, 1
+avenue5.com, 1
+avenuedesbebes.com, 1
+avepoint.com, 1
+avepol.cz, 1
+avepol.eu, 1
+averageinspired.com, 1
+averen.co.uk, 1
+averin.pro, 1
+avernis.de, 1
+avertoni.ru, 1
+avery.com, 1
+averywinters.org, 1
+aves.asso.fr, 1
+avestagames.tk, 1
+avevad.com, 1
+avexon.com, 1
+avexongroup.com, 1
+avexonsecurity.com, 1
+avg.club, 1
+avg7.de, 1
+avgindiantech.com, 1
+avi-web.com, 1
+avi12.com, 0
+avi9526.pp.ua, 1
+avia-krasnoyarsk.ru, 0
+avia-ufa.ru, 0
+aviabilet.tk, 1
+avianbrands.com, 1
+aviandirectory.uk, 1
+avianotravel.com, 1
+aviaphoto.tk, 1
+aviapic.com, 1
+aviapic.eu, 1
+aviapic.fr, 1
+aviapic.info, 1
+aviapic.net, 1
+aviapic.org, 1
+aviareis.tk, 1
+aviarycourthotel.co.uk, 1
+aviasales.gq, 1
+aviasalon.spb.ru, 1
+aviasg.com, 1
+aviaskan.ru, 1
+aviationcareerpal.com, 1
+aviationmilitaire.tk, 1
+aviationonline.tk, 1
+aviations-engineering.tk, 1
+aviationsafetywiki.org, 1
+aviationstrategies.aero, 1
+aviationstrategy.aero, 1
+aviationweather.gov, 1
+aviationzone.tk, 1
+aviconverter.tk, 1
+avidmode-dev.com, 1
+avidmode-staging.com, 1
+avidmode.com, 1
+avilas-style.com, 1
+avilauto.com.es, 1
+avilauto.net, 1
+avincouture.de, 1
+avinguard.com, 1
+avinilo.com, 1
+avintivmedia.com, 1
+avio.rest, 1
+aviodrome.nl, 1
+aviokarte.rs, 1
+avionicbooks.tk, 1
+avions.ga, 1
+aviprime.by, 1
+aviraantivirusreviews.com, 1
+aviruptribedi.com, 1
+avisbabes.com, 1
+avishanx.com, 1
+avisodeprivacidad.info, 1
+avisofi-credit-immobilier.fr, 1
+avisoshuaraz.tk, 1
+avisoversigten.dk, 1
+avispl.com, 1
+avitahealth.org, 1
+avitus.hu, 1
+aviv-group.at, 1
+avivanuestroscorazones.com, 1
+avivaplasticsurgery.com, 1
+aviweisfogelinfo.org, 1
+avlasov.tk, 1
+avlhostel.com, 1
+avlover.com, 1
+avm-multimedia.com, 1
+avm99963.com, 1
+avmemo.com, 1
+avmtn.net, 1
+avmup.com, 1
+avn-buses.tk, 1
+avnet.ws, 1
+avninternational.tk, 1
+avo.lt, 0
+avoandco.com, 1
+avocad.studio, 1
+avocadooo.stream, 1
+avocadopress.ru, 0
+avocadostore.at, 1
+avocadostore.de, 1
+avocat-alina-szilaghi.ro, 1
+avocat-bourgogne.fr, 1
+avocat-divort-constanta.ro, 1
+avocat-droit-du-travail.org, 1
+avocat-karsenti.fr, 1
+avocatcivil.net, 1
+avocatpenal.net, 1
+avocatro.net, 1
+avodart.ml, 1
+avogel-company.ch, 1
+avogel.ca, 1
+avogel.ch, 1
+avogel.co.uk, 1
+avogel.de, 1
+avogel.gr, 1
+avogel.ie, 1
+avogel.nl, 1
+avogel.pt, 1
+avogel.si, 1
+avogelusa.com, 1
+avoids-troops.gq, 1
+avoinna24.fi, 1
+avondaleestatesga.gov, 1
+avonindiana.gov, 1
+avonlearningcampus.com, 1
+avontuurlijk-natuurlijk.be, 1
+avonvets.co.uk, 1
+avoonix.com, 1
+avounossoupes.be, 1
+avp-emobility.de, 1
+avpres.net, 0
+avptp.org, 1
+avqueen.cn, 0
+avrilhouse.tk, 1
+avrilshine.tk, 1
+avris.it, 1
+avrora-nov.ru, 1
+avroramine.tk, 1
+avrrom.com, 1
+avstack.io, 1
+avt-ukraine.com, 1
+avtecmedia.com, 0
+avtek.pl, 1
+avthelsinki.fi, 1
+avto-bazar.tk, 1
+avto-signal.cf, 1
+avto-signal.ga, 1
+avto-signal.gq, 1
+avto-signal.ml, 1
+avtochip.tk, 1
+avtodoki.tk, 1
+avtodot.tk, 1
+avtoforex.ru, 1
+avtogara-isperih.com, 1
+avtojurist.ml, 1
+avtojurist.tk, 1
+avtomaniya.ml, 1
+avtomaniya.tk, 1
+avtomarket.ru, 1
+avtoobzor.tk, 1
+avtoritet78.ru, 1
+avtorspb.ru, 1
+avtoshini.md, 1
+avtostolica.tk, 1
+avtoucheba.tk, 1
+avtours.gr, 1
+avtoveles.by, 1
+avtovikup.ml, 1
+avtovokzaly.ru, 1
+avtoyurist.cf, 1
+avtoyurist.ga, 1
+avtoyurist.gq, 1
+avtoyurist.ml, 1
+avtoyurist.tk, 1
+avus-automobile.com, 1
+avv.li, 1
+avvaterra.ch, 1
+avvisatore.it, 1
+avvocato.bologna.it, 1
+avvocatoinlinea.it, 1
+avvoka.com, 1
+avweb.tk, 1
+aw.gov.pl, 1
+aw.net, 1
+awac.com, 1
+awakenaija.com, 1
+awakengr.com, 0
+awakening-guild.com, 1
+awakenplace.tk, 1
+awakenplace.top, 1
+awakenwow.ga, 1
+awakinn.co.in, 1
+awangardaszkola.pl, 1
+awanteverde.tk, 1
+award.ga, 1
+aware.org.sg, 0
+awaremi-tai.com, 1
+awarenessadvisor.ga, 1
+awarenessadvisorest.ga, 1
+awaresec.com, 1
+awaresec.no, 1
+awareservices.com, 0
+awarify.io, 1
+awarify.me, 1
+awarity.be, 1
+awarner.co.uk, 1
+awaro.net, 1
+awaua.nl, 0
+awaybot.com, 1
+awaygroundguide.com, 1
+awayword.cf, 1
+awe130.com, 1
+awebsome.fr, 1
+awei.pub, 1
+awena.me, 1
+awersomecreatorfromrussia.tk, 1
+awesome-coconut-software.fr, 1
+awesomelifedeals.today, 1
+awesomenamegenerator.com, 1
+awesomesit.es, 0
+awf0.xyz, 1
+awfulsport-news.tk, 1
+awh.ink, 1
+awk.tw, 1
+awksolutions.com, 1
+awlonline.tk, 1
+awmb.uk, 1
+awningcleaningchicago.com, 1
+awningpressurewashing.com, 1
+awningsaboveus.com, 1
+awo-bremen.de, 1
+awo-sh.de, 1
+awoau.com.au, 1
+awomansplacenj.com, 1
+awrd.cz, 1
+awsbs.de, 1
+awscloudrecipes.com, 1
+awsl.blog, 1
+awsl.tech, 0
+awsmdev.de, 1
+awsnuke.com, 1
+awsome-books.co.uk, 1
+awsumchan.org, 1
+awtogid.com, 1
+awwwcats.com, 1
+awxg.com, 1
+awxg.email, 1
+awxg.eu.org, 1
+awxg.net, 1
+awxg.org, 1
+awxg.zone, 1
+ax.mk, 1
+ax25.org, 1
+ax4health.nl, 1
+axa.ch, 1
+axa.de, 1
+axavalon.tk, 1
+axchap.ir, 1
+axcient.com, 1
+axe-formation.com, 1
+axe.io, 1
+axeapi.au, 1
+axel-faure.eu, 1
+axel-fischer.net, 0
+axel-fischer.science, 1
+axel-stettner.de, 1
+axel-voss.eu, 0
+axel.red, 1
+axelcalle.com, 1
+axeldavid.fr, 1
+axeligence.com, 1
+axelname.ru, 1
+axelr.me, 1
+axeltheune.de, 1
+axelvoss.eu, 0
+axenhus.com, 1
+axeonline.tk, 1
+axessgroup.com, 1
+axesslab.com, 1
+axesslab.se, 1
+axg.io, 1
+axialhouse.cf, 1
+axiam-pc.co.uk, 1
+axiams.co.uk, 1
+axidocepabid.tk, 1
+axin888.vip, 1
+axiniteguitars.ca, 1
+axiniteguitars.com, 1
+axioinvest.com, 1
+axiom-networks.org, 1
+axiom4.net, 1
+axiomecpa.com, 1
+axiomer.com, 1
+axiomtechnologies.tk, 1
+axios.tk, 1
+axiosint.com, 1
+axis-of-evil.tk, 1
+axis-stralis.co.uk, 1
+axis.kiev.ua, 1
+axis2ofevil.com, 1
+axiscapital.com, 0
+axisdesignarchitects.co.uk, 1
+axisdesignarchitects.com, 1
+axishw.com, 1
+axisinteriors.net, 1
+axislinx.com, 1
+axisortho.com.sg, 1
+axispara-bg.com, 1
+axist.com.co, 1
+axisunderwriting.com.au, 1
+axl.net, 1
+axmedmessi.tk, 1
+axoftglobal.com, 1
+axoftglobal.ru, 1
+axolotagencia.com, 1
+axon-toumpa.gr, 1
+axon.link, 1
+axoncoho.tk, 1
+axone-computers.fr, 0
+axonholdingse.eu, 1
+axre.de, 1
+axrec.de, 1
+axstet.de, 1
+axton.ink, 0
+axtux.tk, 1
+axx.ax, 1
+axxemble.nl, 1
+axxeptinq.tk, 1
+axxess-marine.com, 1
+axxial.tk, 1
+axyl.cloud, 1
+axzq.com, 1
+ay-net.jp, 1
+ayahya.me, 0
+ayakatenshi.tk, 1
+ayamchikchik.com, 1
+ayanomimi.com, 1
+ayatosuzuki.com, 1
+aycasac.com, 1
+aycomba.de, 1
+aydacosmetics.com, 1
+aydesignco.com, 1
+aydinescmagazin.tk, 1
+aydinhaberleri.tk, 1
+aye.sh, 1
+ayersanaheim.com, 1
+ayerscoronaeast.com, 1
+ayersgroup.net, 1
+ayershawthorne.com, 1
+ayershotelsealbeach.com, 1
+ayerslagunawoods.com, 1
+ayersorange.com, 1
+ayerssuites.com, 1
+ayerssuitesmillsmall.com, 1
+ayesh.win, 1
+ayhankaraman.com, 1
+ayj.solutions, 1
+aykiri.com.tr, 1
+aykutcevik.com, 1
+aykyamultifest.com, 1
+aylak.com, 1
+aylesburycastlehire.co.uk, 1
+aylett.co.uk, 1
+ayltoninacio.com.br, 1
+aymerick-dupouey.fr, 1
+aymericlagier.com, 1
+aymhome.top, 0
+ayoa.com, 1
+ayomi.com, 1
+ayon-games.tk, 1
+ayothemes.com, 1
+ayovaksindinkeskdi.id, 1
+ayresalpine.com, 1
+ayresanaheim.com, 1
+ayresapline.com, 1
+ayresbarstow.com, 1
+ayresboutiquesuites.com, 1
+ayrescalabasas.com, 1
+ayrescares.com, 1
+ayreschinohills.com, 1
+ayreschulavista.com, 1
+ayrescommercial.com, 1
+ayresconstructioncompany.com, 1
+ayrescoronaeast.com, 1
+ayrescoronawest.com, 1
+ayrescostamesa.com, 1
+ayresdevelopment.com, 1
+ayresdiamondbar.com, 1
+ayresfountainvalley.com, 1
+ayresgroup.net, 1
+ayreshawthorne.com, 1
+ayreshotel.com, 1
+ayreshotelanaheim.com, 1
+ayreshotelbarstow.com, 1
+ayreshotelchulavista.com, 1
+ayreshotelgroup.com, 1
+ayreshotellagunawoods.com, 1
+ayreshotelmanhattanbeach.com, 1
+ayreshotelmillenia.com, 1
+ayreshotelmorenovalley.com, 1
+ayreshotelorange.com, 1
+ayreshotelrialto.com, 1
+ayreshotels.com, 1
+ayreshotelsealbeach.com, 1
+ayreshotelvista.com, 1
+ayreshr.com, 1
+ayresinnorange.com, 1
+ayreslagunawoods.com, 1
+ayreslodgealpine.com, 1
+ayresmillenia.com, 1
+ayresmillsmall.com, 1
+ayresmissionviejo.com, 1
+ayresmissionviejospa.com, 1
+ayresmorenovalley.com, 1
+ayresolympiclodge.com, 1
+ayresontario.com, 1
+ayresontarioairport.com, 1
+ayresontariomillsmall.com, 1
+ayresorange.com, 1
+ayrespasorobles.com, 1
+ayresredlands.com, 1
+ayresresortandvineyard.com, 1
+ayresrialto.com, 1
+ayressealbeach.com, 1
+ayresselfstorage.com, 1
+ayresspamorenovalley.com, 1
+ayressuites.com, 1
+ayressuitescoronawest.com, 1
+ayressuitescostamesa.com, 1
+ayressuitesdiamondbar.com, 1
+ayressuitesmissionviejo.com, 1
+ayressuitesmorenovalley.com, 1
+ayressuitesontario.com, 1
+ayressuitesontarioairport.com, 1
+ayressuitesyorbalinda.com, 1
+ayressupport.com, 1
+ayresvista.com, 1
+ayresyorbalinda.com, 1
+ayrohq.com, 1
+ayrshirebouncycastlehire.co.uk, 1
+ayruu.com, 1
+ayselonia.onl, 1
+ayshaflix.com.br, 1
+aysima.com, 1
+ayubesportes.com.br, 1
+ayudacloud.com, 1
+ayudaconmibanco.gov, 1
+ayudalabs.com, 1
+ayudamineduc.cl, 1
+ayudamutua.red, 1
+ayudapreview.com, 1
+ayudaprogramacion.net, 1
+ayudasocialmex.com, 1
+ayumi.network, 1
+ayumindev.net, 1
+ayumix3.xyz, 1
+ayuntamientoarenoso.gob.do, 1
+ayuntamientoazua.gob.do, 1
+ayuntamientobocachica.gob.do, 1
+ayur-veda.tk, 1
+ayurveda-france.com, 0
+ayuwidodari.my.id, 1
+ayvalikgezgini.com, 1
+ayyildizgrup.com, 1
+ayyz66.cc, 1
+ayz.ai, 1
+az-flag.com, 1
+az-forum.ga, 1
+az-moga.bg, 1
+az-raven.com, 1
+az-vinyl-boden.de, 1
+az.net.au, 1
+az.search.yahoo.com, 0
+az.st, 1
+az.support, 1
+az11018.com, 1
+azadblog.tk, 1
+azadliq.info, 1
+azadliq.online, 1
+azairline.com, 1
+azaleos.com, 1
+azaleos.net, 1
+azalhavayolu.com.tr, 1
+azallon.com.br, 1
+azami.com, 1
+azaria.blog, 1
+azarkepic.com, 1
+azartmania.ga, 1
+azartmania.tk, 1
+azarus.ch, 1
+azarweb.tk, 1
+azbuka-bp.ru, 1
+azcensus2020.gov, 1
+azcontech.com, 1
+azdailysun.com, 1
+azdevsmartviewwebportal.azurewebsites.net, 1
+aze.dk, 1
+azehosting.net, 1
+azemardstephanie.com, 1
+azenot.com, 0
+azeo.com, 1
+azeo.fr, 1
+azerbelarbi.tk, 1
+azerigenocide.tk, 1
+azeriinfo.tk, 1
+azeriland.tk, 1
+azerinews.ga, 1
+azerinews.tk, 1
+azeronline.tk, 1
+azertyjobs.com, 1
+azfreaks.tk, 1
+azh-kunden.de, 1
+azhamevents.com, 1
+azhapasa.com, 1
+azhappytails.com, 1
+azhibo18.com, 1
+azia.info, 0
+azianpride.tk, 1
+aziatki.tk, 1
+azienda-tv.tk, 1
+azimech.net, 1
+azimut.fr, 1
+azimuth-ast.ru, 1
+azingostar.tk, 1
+azinmadaar.com, 1
+azinmahab.com, 1
+azirevpn.com, 1
+azithromycin.ga, 1
+azithromycinbuy.ga, 1
+azithromycine.gq, 1
+azitromicina.gq, 1
+azizfirat.com, 0
+azizidevelopments.com, 1
+azjlbc.gov, 1
+azkunazentroa.eus, 1
+azl-app.be, 1
+azl.ink, 1
+azlink.tk, 1
+azlk-team.ru, 1
+azmt.de, 1
+azmun.com, 1
+aznaetelivy.ru, 1
+azoang.com, 1
+azoft.com, 1
+azon.gr, 1
+azonicinfotech.com, 1
+azoogi.com.au, 1
+azora.cf, 1
+azorin.tk, 1
+azort.com, 1
+azotobacter.nl, 1
+azoulaygroup.org, 1
+azplayersclub.com, 1
+azpogomap.com, 1
+azquality.com, 1
+azrangers.gov, 1
+azrazalea.net, 1
+azreal.com, 1
+azredistricting.gov, 1
+azrevolutionizingckd.com, 1
+azrhymes.com, 1
+azs-nw.ru, 1
+azsalud.gov, 1
+azsec.biz, 1
+azso.pro, 1
+azsoriginal.pw, 0
+azsupport.com, 1
+azsupport.host, 1
+azsupport.org, 1
+aztecahome.com, 1
+aztekium.com, 1
+aztestsmartviewwebapp.azurewebsites.net, 1
+azton.tk, 1
+aztraslochi.it, 1
+aztrix.me, 1
+aztummytuck.com, 1
+azu-l.com, 0
+azu-l.jp, 0
+azudream.tk, 1
+azuki.cloud, 1
+azul-elijah.tk, 1
+azula.tk, 1
+azulweb.tk, 1
+azur.ovh, 1
+azure, 1
+azure-informatique.cloud, 1
+azurecraft.ga, 1
+azurecrimson.com, 1
+azurecup.cz, 1
+azurecup.online, 1
+azurefabric.com, 1
+azuriasky.com, 1
+azuriasky.net, 1
+azuriom.com, 1
+azurlane.cool, 1
+azurpedia.cf, 1
+azuxul.fr, 1
+azvirtualschool.com, 0
+azvpn.tk, 1
+azzorti.co, 1
+azzurrapelletterie.it, 1
+b-angel.info, 1
+b-b-law.com, 1
+b-coal.com, 0
+b-cyclesshop.ch, 0
+b-designer.tk, 1
+b-digital.cf, 1
+b-digital.ga, 1
+b-digital.gq, 1
+b-entropy.com, 1
+b-freerobux.ga, 1
+b-honey.gr, 1
+b-institute.ml, 1
+b-landia.net, 1
+b-root-force.de, 1
+b-services.net, 0
+b-swiss.com, 1
+b-ticket.ch, 1
+b-tje.nl, 1
+b-tree.be, 1
+b-utstore.com, 1
+b-wartburg.de, 1
+b.ee, 1
+b.wtf, 1
+b00de.ga, 1
+b03aa.com, 0
+b03cc.com, 0
+b0hr.ai, 1
+b0k.org, 1
+b0r.ch, 1
+b0rk.com, 1
+b1.work, 1
+b1031.com, 1
+b11p.com, 1
+b131000.com, 0
+b17turkiye.com, 1
+b1c1l1.com, 1
+b1drivers.com, 1
+b1ggi.ovh, 1
+b1nzy-pinged.me, 1
+b1r0d4l0m.com, 1
+b1rd.tk, 1
+b24.pt, 1
+b2b-leads.nl, 1
+b2b-nestle.com.br, 1
+b2bchiemihara.com, 1
+b2bhint.com, 1
+b2binpay.com, 1
+b2bmail.ga, 1
+b2bpoke.com, 1
+b2btaz.com, 1
+b2markt.de, 1
+b2music.asia, 1
+b2socials.com, 1
+b3.nu, 1
+b3103.com, 0
+b31aa.com, 0
+b31cc.com, 0
+b31dd.com, 0
+b31ee.com, 0
+b31ff.com, 0
+b3390.com, 0
+b33app.com, 0
+b36512.com, 0
+b3b4.com, 1
+b3bra.win, 1
+b3pacific.com, 1
+b3tec.fr, 1
+b422edu.com, 1
+b4bouncycastles.co.uk, 1
+b4ckbone.de, 1
+b4ifund.it, 1
+b4lint.hu, 1
+b4r7.de, 1
+b4z.eu, 1
+b5189.com, 0
+b5197.co, 1
+b5901.com, 0
+b5902.com, 1
+b5903.com, 0
+b5904.com, 0
+b5906.com, 1
+b5907.com, 1
+b5908.com, 0
+b5909.com, 1
+b5910.com, 0
+b5dev.com, 1
+b5i.net, 1
+b61688.com, 1
+b62aa.com, 1
+b62b.com, 1
+b62bb.com, 1
+b62cc.com, 1
+b62d.com, 1
+b62dd.com, 1
+b62ee.com, 1
+b64.club, 1
+b6701.com, 1
+b6703.com, 1
+b6704.com, 1
+b6705.com, 1
+b6729.co, 1
+b67701.com, 1
+b67702.com, 1
+b67703.com, 1
+b67704.com, 1
+b67705.com, 1
+b67801.com, 1
+b67802.com, 1
+b67803.com, 1
+b67805.com, 1
+b67901.com, 0
+b67902.com, 0
+b67903.com, 0
+b67904.com, 0
+b67905.com, 0
+b6957.co, 1
+b70301.com, 1
+b70302.com, 1
+b70305.com, 1
+b70661.com, 1
+b70663.com, 1
+b70664.com, 1
+b70884.com, 1
+b70885.com, 1
+b70991.com, 1
+b70992.com, 1
+b70993.com, 1
+b70994.com, 1
+b70995.com, 1
+b72.com, 1
+b72.net, 1
+b7306.com, 0
+b73bb.com, 0
+b73dd.com, 0
+b767.net, 1
+b82365.com, 1
+b86255.com, 1
+b8831.com, 0
+b88vip1.com, 1
+b88vip10.com, 1
+b88vip2.com, 1
+b88vip3.com, 1
+b88vip4.com, 1
+b88vip5.com, 1
+b88vip6.com, 1
+b88vip7.com, 1
+b88vip8.com, 1
+b88vip9.com, 1
+b899365.com, 1
+b89gg.com, 0
+b89hh.com, 1
+b8a.me, 1
+b9168.com, 1
+b9297.co, 1
+b9498.com, 1
+b9586.net, 1
+b9588.net, 1
+b95888.net, 1
+b9589.net, 1
+b96899.com, 1
+b9728.co, 1
+b979365.com, 0
+b979666.com, 1
+b9883.net, 1
+b9884.net, 1
+b9885.net, 1
+b9886.com, 1
+b9886.net, 1
+b9887.net, 1
+b9888.net, 0
+b98886.com, 1
+b9889.net, 1
+b99011.com, 0
+b99022.com, 1
+b99033.com, 1
+b9904.com, 0
+b99044.com, 1
+b9905.com, 0
+b99055.com, 1
+b99066.com, 1
+b99077.com, 1
+b99088.com, 1
+b99099.com, 1
+b99118.com, 0
+b9912.com, 0
+b99218.com, 0
+b9930.com, 1
+b99318.com, 1
+b99418.com, 1
+b9951.com, 0
+b99518.com, 0
+b9954.com, 1
+b9957.com, 0
+b9961.com, 0
+b99618.com, 0
+b9962.com, 0
+b9970.com, 0
+b99718.com, 1
+b9973.com, 0
+b9976.com, 0
+b99818.com, 0
+b99881.com, 1
+b99882.com, 1
+b99883.com, 1
+b99885.com, 1
+b99886.com, 1
+b99918.com, 0
+b9999ff.com, 0
+b9999hh.com, 0
+b9999ii.com, 0
+b9999jj.com, 0
+b9999ll.com, 0
+b9999mm.com, 0
+b9999nn.com, 0
+b9999oo.com, 1
+b9999pp.com, 1
+b9999qq.com, 0
+b9999tt.com, 1
+b9999vv.com, 1
+b9999ww.com, 0
+b9999yy.com, 1
+b9999zz.com, 0
+b99iosapp.com, 0
+b9winner.com, 1
+ba7jcm.live, 1
+ba7jcm.top, 1
+ba7rain.tk, 1
+baaam.se, 1
+baac-dewellmed.com, 1
+baaiai.com, 1
+baalajimaestro.me, 1
+baams.tk, 1
+baang.eu, 1
+baaradvies.nl, 1
+baas-becking.biology.utah.edu, 1
+baas-sabiogroup.com, 1
+baas.agency, 1
+baatar.idv.hk, 1
+baazee.de, 1
+baba.wiki, 1
+babacasino.net, 1
+babacloud.ddns.net, 1
+babacsalogato.hu, 0
+babacuhocica.tk, 1
+babadag.tk, 1
+babaei.net, 1
+babaei.org, 1
+babaganousha.net, 1
+babai.ru, 1
+babakhanalia.tk, 1
+babakortane.ga, 1
+babakshaabani.tk, 1
+babamamatermek.hu, 1
+babarkata.com, 1
+babaroxi4j2.com, 0
+babaseo.ml, 1
+babavan.ga, 1
+babayaga-bg.ga, 1
+babb.is, 1
+babbel.tk, 1
+babbelchat.tk, 1
+babblefeed.tk, 1
+babeeclothingandoutfits.com, 1
+babehunt.tk, 1
+babekids.tk, 1
+babel.es, 1
+babeleo.com, 1
+babelfisch.eu, 1
+babelfish.money, 1
+babes.com, 1
+babesnetwork.com, 1
+babet365.com, 1
+babetta.tk, 1
+babettelandmesser.de, 0
+babevr.com, 1
+babia.to, 1
+babibonami.tk, 1
+babichsteriliser.com.au, 1
+babico.name.tr, 1
+babineaux.zone, 1
+babitaji.tk, 1
+babki-mgnovenno.ga, 1
+babki-mgnovenno.ml, 1
+babkitut.ga, 1
+bablodel.biz, 1
+bablodel.com, 1
+babo.ooo, 1
+babo.tk, 1
+babolsar.tk, 1
+baboo.com.br, 1
+babsbibs.com, 1
+babuccu.com, 1
+baburhat.tk, 1
+babursahvizeofisi.com, 1
+babushkin-mir.tk, 1
+baby-bath-tub.com, 1
+baby-doll.tk, 1
+baby-massage.tk, 1
+baby-skin-care.ga, 1
+baby-tester.tk, 1
+babyandchild.ae, 1
+babyandmoms.tk, 1
+babyappear.com, 1
+babyatacado.com.br, 1
+babybed.tk, 1
+babyboom.pl, 1
+babyboomer.org, 1
+babyboomer.ro, 1
+babybuddah.ga, 1
+babybunnypictures.tk, 1
+babycaring.com, 1
+babycat.tk, 1
+babycezi.ro, 1
+babychou.me, 1
+babyfights.tk, 1
+babyfotograf-schweiz.ch, 1
+babygearlab.com, 1
+babygirlholidaydresses.tk, 1
+babyinthehouse.com.br, 1
+babykappy.com, 1
+babylonclub.cf, 1
+babylonplast.com, 1
+babymall.hk, 1
+babymasaze.cz, 1
+babymozg.ga, 1
+babynamen.nl, 1
+babynames.net, 1
+babynoise.tk, 1
+babynow.org, 1
+babypaparadise.com, 0
+babypharm.ga, 1
+babyphototime.com, 1
+babypibu.com, 1
+babypoppen.tk, 1
+babyportal.net, 1
+babyprice.fr, 0
+babysafety.tk, 1
+babysdishes-bowls.tk, 1
+babysface.com, 1
+babyshopsupport.com.au, 1
+babyshower.cf, 1
+babystrollers.ml, 1
+babyvillagegt.com, 1
+babyz.tk, 1
+babyzen.tk, 1
+babyzoet.com, 1
+bac-fiches.tk, 1
+bacamanga.id, 1
+bacanal-intruder.tk, 1
+bacanaskincare.com, 1
+bacaneriahlg.com, 1
+bacanora.tk, 1
+bacanovel.id, 1
+bacardi.cf, 1
+bacardicola.tk, 1
+baccarat.tk, 1
+bacchus.report, 1
+baccredomatic.voyage, 1
+bacgp.com, 1
+bacgroup.digital, 1
+bacgroupdigital.com, 1
+bacgroupinc.com, 1
+bacgrouppublishing.com, 1
+bach-frederiksen.dk, 1
+bachata.berlin, 1
+bachata.info, 1
+bache-barre.fr, 1
+bache-bulle.fr, 1
+bache-de-piscine.fr, 1
+bache-ete-piscine.com, 1
+bache-hiver-piscine.com, 1
+bache-hivernage.com, 1
+bachelorampel.de, 1
+bachelornation.com, 1
+baches-piscines.com, 1
+bachlongbeach.com, 1
+bachlongmobile.com, 1
+bachmannyachts.com, 1
+bachmatt-baar.ch, 1
+bachokiro.com, 1
+bachoodesign.com, 1
+bachweid-baar.ch, 1
+baciu.ch, 0
+back-links.ga, 1
+back-stage.tk, 1
+back-streets.tk, 1
+back-yard.tk, 1
+backd00red.org, 1
+backenmachtgluecklich.de, 0
+backfront.com, 1
+background-checks-systems.com, 1
+background-checks.asia, 1
+background-checks.biz, 1
+background-checks.mobi, 1
+backgroundscreenersofamerica.com, 1
+backgroundz.net, 1
+backingtrackbrasil.com, 1
+backinstockalerts.com, 1
+backjump.tk, 1
+backlashband.tk, 1
+backlink-builder.tk, 1
+backlinkboss.com, 1
+backlinktr.tk, 1
+backlog.jp, 1
+backlogapp.io, 1
+backlogs.org, 1
+backmark.tk, 1
+backmigo.com, 1
+backmitra.com, 1
+backmitra.mx, 1
+backmitra.nl, 1
+backpacken.org, 1
+backpackinglight.com, 1
+backpackingtours.com, 1
+backpacktour.ru, 1
+backpagegals.com, 1
+backporchartists.com, 1
+backrestored.gq, 1
+backrip.tk, 1
+backscattering.de, 0
+backschues.com, 1
+backschues.de, 1
+backschues.net, 1
+backseatbandits.com, 1
+backslash-n.com, 1
+backsliderz.uk, 1
+backspace.dev, 1
+backspace.rocks, 1
+backstage.click, 1
+backstienkboys.tk, 1
+backstreetbrasil.tk, 1
+backstreets-corner.tk, 1
+backterris.com, 1
+backtest.org, 1
+backtheeffup.com, 1
+backtobed.com, 1
+backup-kurumsal.com, 1
+backupassist.de, 1
+backupauthentication.com, 1
+backwardsalphabet.tk, 1
+backwpup.com, 1
+backyardaddict.com, 1
+backyardbella.com, 1
+backyardchickens.com, 1
+backyardtaco.com, 1
+baclofen.ga, 1
+baclofen.gq, 1
+bacom1.com, 1
+bacon-monitoring.org, 1
+baconismagic.ca, 0
+baconsultores.co, 1
+bacoux.com, 1
+bacq.pro, 1
+bacri.eu, 1
+bacsmegye.hu, 1
+bacteri.com, 1
+bacteriakit.com, 1
+bactrim-antibiotic.gq, 1
+bactrim-antibiotic.ml, 1
+bactrim-ds.ga, 1
+bactrim-medicine.ml, 1
+bactrim.ga, 1
+bactrim.gq, 1
+bactrimds.cf, 1
+bactrimprice.tk, 1
+bacula.jp, 1
+bacus.ga, 1
+bad-homburg.tk, 1
+bad-influence.rocks, 1
+bad.horse, 1
+bad.pet, 1
+bad.spdns.de, 1
+badaa.info, 1
+badante.it, 1
+badanteinfamiglia.it, 1
+badaparda.com, 1
+badass-women.club, 1
+badassdallascondo.com, 1
+badassfantastico.tk, 1
+badasslistings.com, 1
+badbee.cc, 1
+badbird.tk, 1
+badblock.fr, 1
+badboy-club.tk, 1
+badboyz.org, 1
+badboyzclub.de, 1
+badcarma.tk, 1
+badcomputer.tk, 1
+baddrones.llc, 1
+badeand.net, 1
+badekappen.com, 1
+badeurlaub.tk, 1
+badf00d.de, 1
+badge.rs, 1
+badges.fedoraproject.org, 1
+badges.stg.fedoraproject.org, 1
+badgirlfoto.ga, 1
+badgirlsbible.com, 1
+badhabits.tk, 1
+badhusky.com, 0
+badkamerconcurrent.be, 1
+badkamerconcurrent.nl, 1
+badkamermarkt.be, 1
+badkamermarkt.com, 1
+badkamermarkt.net, 1
+badkamermarkt.nl, 1
+badkeys.info, 1
+badmania.fr, 1
+badmessage.tk, 1
+badmice.tk, 1
+badminton-forum.tk, 1
+badmintonargentina.tk, 1
+badmintonbeersheva.co.il, 1
+badmintonclubwaarschoot.tk, 1
+badmintonoverdag.tk, 1
+badmintonracketreview.com, 1
+badmonkey.fr, 1
+badmood.tk, 1
+badmusic.tk, 1
+badnails.tk, 1
+badnat.tk, 1
+badnjar.rs, 1
+badodds.ga, 1
+badoinkvr.com, 1
+badoo.com, 1
+badoo.com.ar, 1
+badoo.de, 1
+badoo.eu, 1
+badoo.us, 1
+badpinguin.gq, 1
+badpreachers.tk, 1
+badrap.io, 1
+badreichenhall.tk, 1
+badreligion.tk, 1
+badrequest.me, 1
+badri-taxi-vtc.com, 1
+badrock.tk, 1
+badseacoffee.com, 1
+badsl.nl, 1
+badstar.tk, 1
+badudeal.lk, 1
+badules.tk, 1
+badwi.com, 1
+badwolf.tk, 1
+bae.st, 1
+baebronx.com, 1
+baecker-know-how.de, 1
+baeconhills.tk, 1
+baeder-luboss.de, 1
+baederlacke.eu, 0
+baehost.com, 1
+baells.tk, 1
+baer-concepts.de, 1
+baer-holger.de, 1
+baer.com, 1
+baer.space, 1
+baerkarrer.ch, 1
+baevserver.ddns.net, 1
+bafito.com, 1
+baframedya.tk, 1
+bafus.ru, 1
+bag.bg, 1
+bagdagul.tk, 1
+bagelbrands.com, 1
+bagelsbakery.com, 0
+baggy.me.uk, 1
+bagheera.me.uk, 1
+baghtelecom.net, 1
+baginfo.com, 1
+bagiobella.com, 1
+bagirahome.bg, 1
+bagleytownshipmi.gov, 1
+bagni-chimici.roma.it, 1
+bagnichimici.milano.it, 1
+bagnichimici.roma.it, 1
+bagnichimici.veneto.it, 1
+bagol.tk, 1
+bagsbanny.de, 1
+bagshop.ua, 1
+bagso.bg, 1
+bagsofbounce.co.uk, 1
+bagspecialist.nl, 1
+bagssale.ga, 1
+bagtobag.com.gr, 1
+bagu.biz, 1
+bagu.fr, 1
+bagui.com, 1
+bagwrap.com, 1
+bah.im, 0
+bahadirh.ml, 1
+bahaiprayers.io, 1
+bahami.com, 1
+bahana.net, 1
+baharmusic24.tk, 1
+bahcehavuz.com, 1
+bahisbonus.work, 1
+bahnenimbild.de, 1
+bahnenimbild.eu, 1
+bahnhelden.de, 1
+bahninrotweissrot.at, 1
+bahnmagazine.de, 1
+bahrain.gq, 1
+bahraincredit.com.bh, 1
+bahrainmarina.bh, 1
+bahrainonline.tk, 1
+bahrep.com, 1
+bahri.sa, 1
+bai-bao.fr, 1
+baiask.com, 1
+baichi.cf, 1
+baichi.ml, 1
+baidu-s.com, 0
+baiduo.com, 1
+baier-michels.com, 1
+baif.hr, 1
+baifubao.com, 1
+baikal.cf, 1
+baikalfond.ml, 1
+baikalppk.tk, 1
+baiki.ch, 1
+baildonbouncycastles.co.uk, 1
+baildonhottubs.co.uk, 1
+baileebee.com, 1
+baileyh.xyz, 1
+baileyladders.com.au, 1
+baileysafetyconsultants.com, 1
+baileysharborwi.gov, 1
+bailiang.com, 1
+bailleux.be, 1
+bailodromo.tk, 1
+bailong.kr.ua, 1
+bailonga.com, 1
+baimail.com, 1
+baimed.com.au, 1
+bainba.com, 1
+baindayman.com, 1
+baindetoile.fr, 1
+baipay.com, 1
+baircentral.com, 1
+bairuo.net, 0
+bairuo.top, 0
+bairwell.com, 1
+baise.cf, 1
+baise.ml, 1
+baise3x.com, 1
+baishitie.com, 1
+bait55.ru, 0
+baitable.ml, 1
+baitapsgk.com, 1
+baithuti.com, 1
+baitulongbaycruises.com, 1
+baixadordemusica.tk, 1
+baixarbluray.tk, 1
+baixarvideosgratis.com.br, 1
+baiyangliu.com, 0
+bajacalifornia.tk, 1
+bajajplasticsurgery.com, 1
+bajalotodo.tk, 1
+bajanowski-fotografie.de, 0
+bajaprogramas.tk, 1
+bajarjuegos.com, 1
+bajic.ch, 1
+bajiotec.com, 1
+bajj.de, 1
+bajofondoradio.tk, 1
+bajominimos.tk, 1
+bajune.tk, 1
+bak.my.id, 0
+baka-gamer.net, 1
+baka.ms, 1
+baka.network, 1
+baka.org.cn, 1
+baka.red, 1
+bakabt.info, 1
+bakanin.ru, 1
+bakaproxy.moe, 1
+bakbi.tk, 1
+bakchich.biz, 1
+bakcor.com, 1
+baker-street.tk, 1
+bakerbasements.com, 1
+bakercity.gov, 1
+bakercitypd.gov, 1
+bakercosheriffor.gov, 1
+bakercounty911or.gov, 1
+bakercountyor.gov, 1
+bakercountysheriffor.gov, 1
+bakersafari.co, 1
+bakersfieldhomeoffer.com, 1
+bakerviewdentalcentre.com, 1
+bakerymazowsze.co.uk, 1
+bakesy.shop, 1
+bakeup.be, 1
+bakibal.com, 1
+bakira.eu, 1
+bakivaxti.az, 1
+bakj.com, 1
+bakkerij-janschrieks.nl, 1
+bakkerinjebuurt.be, 1
+bakkersmolen.tk, 1
+bakkerstraatfeesten.tk, 1
+bakkus.tk, 1
+bakla.ml, 1
+baklavabg.com, 1
+bakoma.pl, 1
+bakongcondo.com, 1
+bakrypt.io, 1
+baks.cf, 1
+baksclub.cf, 1
+baksclub.gq, 1
+baku-club.tk, 1
+baku.news, 1
+bakubest.tk, 1
+bakupka.de, 1
+bakuze.net, 1
+bakxnet.com, 0
+balaam-black.tk, 1
+balabarsakhtemani.com, 1
+balade-commune.ch, 0
+baladecommune.ch, 0
+balador.io, 1
+balafon.cloud, 1
+balaganlimited.cf, 1
+balaganoff.tk, 1
+balagne-corsica.com, 1
+balakovo-news.tk, 1
+balala.com, 1
+balancascia.com.br, 1
+balance.courses, 1
+balance.education, 1
+balance.equipment, 1
+balance.technology, 1
+balanceadosmendoza.com, 1
+balancecreamers.ga, 1
+balancecreamest.ga, 1
+balancedbrawl.net, 1
+balancehairrestoration.com, 1
+balancehits.com.br, 1
+balancenaturalhealthclinic.ca, 1
+balancer.gq, 1
+balancingbird.net, 1
+balancingbirthbaby.com, 1
+balanda.ga, 1
+balashiha-podmoskovie.ml, 1
+balasingandaru.cf, 1
+balaskas.gr, 1
+balatarin.com, 1
+balatonlelleapartman.tk, 1
+balboa.io, 1
+balboa.org.uk, 1
+balboacapital.com, 1
+balbus.tk, 1
+balca.ga, 1
+balcaonet.com.br, 1
+balconnr.com, 1
+balconsverdun.com, 0
+balcony.cf, 1
+baldinger.tk, 1
+baldolinitraslochiroma.it, 1
+baldpreventioners.ga, 1
+baldvinringsted.com, 1
+baldwin-mania.tk, 1
+baleen.us, 1
+baleinesendirect.org, 1
+balelabs.id, 1
+balerma.tk, 1
+balesetvedelem.hu, 1
+balester.com, 1
+balezovolley.fr, 1
+balhamrm.co.uk, 1
+balia.de, 1
+balicekzdravi.cz, 0
+balicyclingtours.id, 1
+balikesireftotoekspertiz.com, 1
+balikesirhaberleri.tk, 1
+baliklar.tk, 1
+balikturleri.com, 1
+balilingo.ooo, 0
+balimoves.com, 1
+balingwiredirect.com, 1
+balintjanvari.com, 1
+balirentalku.com, 1
+balist.es, 1
+balita.net.ph, 1
+balivacationhomes.com, 1
+balivakantiewoning.nl, 1
+balivillassanur.com, 0
+baliwebsitedesign.info, 1
+balkannightlife.ga, 1
+balkanpharmstore.com, 1
+balkenbushmechanical.com, 1
+balkoni.gq, 1
+balkonien.org, 1
+balkonov.com.ua, 1
+ball-bizarr.com, 1
+ball-bizarr.de, 1
+ball3d.es, 1
+ball4training.com, 1
+ballajuraafc.com, 1
+ballamor.com, 1
+ballarin.cc, 1
+ballast.tk, 1
+ballbusting-cbt.com, 1
+ballcancan.tk, 1
+ballejaune.com, 1
+ballensiefen.net, 1
+ballerkneipe.com, 1
+ballettstudio-ost.de, 1
+ballinw.com, 1
+ballisticbrass.tk, 1
+ballitolocksmith.com, 1
+ballmusikband.de, 1
+ballonnenopdakpannen.tk, 1
+balloon.gq, 1
+ballotapi.com, 1
+ballparkbuns.com, 0
+ballpythonsaspets.com, 1
+ballroompages.com, 1
+balluncar.tk, 1
+balneariodearchena.com, 1
+baloch-intelligence.tk, 1
+balochism.tk, 1
+balogkrisztian.hu, 1
+baloncestoarqueros.tk, 1
+baloncestolliria.tk, 1
+balopal.tk, 1
+balsamaiso.es, 1
+balsara.com, 1
+balski.com, 1
+balslev.io, 1
+balt.net, 1
+balter.com, 1
+baltialcoholicos.tk, 1
+baltimorecashflow.com, 1
+baltimorecitybnmd.gov, 1
+baltimorecolonrectal.com, 1
+baltimorejetcharter.com, 1
+baltimoreroofingservices.com, 1
+baltlex.de, 1
+baltoe.com, 0
+baluarte.com, 1
+bam.com.gt, 1
+bamaland.org, 1
+bamberger-maelzerei.de, 1
+bambergerdatenschutz.de, 1
+bamboehof.nl, 1
+bamboo-team.online, 1
+bambooagile.eu, 1
+bambooforest.nl, 1
+bamboohr.co.uk, 1
+bamboohr.com, 1
+bambooplywood.com, 1
+bamboorose.com, 1
+bamboostage.com, 1
+bambrick.com.au, 0
+bambuitalia.it, 1
+bambukshop.ml, 1
+bambulab.com, 1
+bambumania.com.br, 1
+bambusushibar.com, 0
+bamfacts.tk, 1
+bamifm.tk, 1
+bamily.rocks, 1
+baming.com, 1
+bammatta.ch, 1
+bampers.tk, 1
+ban-list.gq, 1
+banabarka.tk, 1
+banajanitorialservices.com, 1
+bananabeer.xyz, 1
+banananet.work, 1
+bananathrash.tk, 1
+bananatreenews.today, 1
+bananatrunkingprotocol.com, 1
+bananavapes.com, 1
+bananenbr0t.de, 1
+bananice.moe, 1
+banatearab.tk, 1
+banbaog.com, 1
+bancacrs.it, 1
+bancamiga.com, 1
+bancastato.ch, 1
+bancatransilvania.ro, 1
+banch.io, 1
+banchungcu.com, 1
+bancoagricola.com, 1
+bancobai.ao, 0
+bancobica.com.ar, 1
+bancobpm.it, 1
+bancoctt.pt, 1
+bancodeloja.fin.ec, 1
+bancontinental.com.py, 1
+bancosdominicanos.net, 1
+bancoserfinanza.com, 1
+bancosol.com.bo, 1
+band.us, 1
+banda-car-service.com, 1
+bandaancha.eu, 1
+bandademusicacarrion.tk, 1
+bandadestino.tk, 1
+bandally.net, 1
+bandamirandadeebro.tk, 1
+bandarifamily.com, 1
+bandaronline.ml, 1
+bandarqonline.ga, 1
+bandarqonline.ml, 1
+bandaumnikov.ru, 1
+bandbattle.tk, 1
+bandbelievo.tk, 1
+bandbwestport.com, 1
+bandeaux.com, 1
+bandeira1.com.br, 1
+bandeiraimoveisitu.com.br, 1
+bandeirasnacionais.com, 1
+banderas-mundo.es, 1
+banderasdelmundo.xyz, 1
+banderatx.gov, 1
+banderol.tk, 1
+bandhanbank.com, 1
+bandidosmc.com, 1
+bandiere-mondo.it, 1
+bandiga.it, 1
+bandirmaevdenevenakliyat.tk, 1
+bandmentor.com, 1
+bandnames.tk, 1
+bando.de, 1
+bandolino-bewind.nl, 1
+bandoom.tk, 1
+bandtcollections.com.au, 1
+bandures.tk, 1
+bandvideos.tk, 1
+bandwagon.tk, 1
+bandwagonok.tk, 1
+bandwh.com, 1
+bandymasarna.tk, 1
+baneh-academic.com, 1
+banerka.tk, 1
+banes.ch, 1
+banffcanmorespeedskating.ca, 1
+banfieldentertowin.com, 0
+banfieldtravel.it, 1
+banfun.org, 1
+bang.com.au, 1
+bangabandhu.tk, 1
+bangaichi.no-ip.org, 0
+bangandscrew.com, 1
+bangbangboys.tk, 1
+bangberlin.tk, 1
+bangdaiviet.tk, 1
+bangkok-thailand.org, 1
+bangkokcookingclass.com, 1
+bangkokflightservices.com, 1
+bangkoklife.com, 1
+bangku.tk, 1
+bangladesimagi.tk, 1
+banglahotstory.tk, 1
+banglargolpo.tk, 1
+banglatec.tk, 1
+banglatypography.com, 1
+banglets.com, 1
+bangsparks.com, 1
+bangujero.tk, 1
+bangyu.wang, 1
+banh.am, 1
+banham.co.uk, 0
+banham.com, 1
+banhphongtomquangtran.com, 1
+bani-hashem.tk, 1
+banimarket.by, 0
+baniuliuukis.lt, 1
+banja-kulasi.ga, 1
+banjonelson.tk, 1
+bank, 1
+bank-credit.org, 1
+bank-laan.dk, 0
+bank-yahav.co.il, 1
+bank34.ua, 1
+banka.space, 0
+bankanswers.gov, 1
+bankassafa.com, 1
+bankasubeleri.tk, 1
+bankbranchlocator.com, 1
+bankcardoffer.com, 1
+bankcustomer.gov, 1
+bankcustomerassistance.gov, 1
+bankeasternct.com, 1
+bankee.us, 1
+bankera.com, 1
+banket-furshet-spb.ru, 1
+banketbesteld.nl, 1
+bankffin.kz, 0
+bankfreeoffers.com, 1
+bankheadvegetables.com, 1
+bankhelp.gov, 1
+banki-finance-credit.ru, 1
+bankid.com, 1
+bankimsk.cf, 1
+banking-services.tk, 1
+bankingheralders.ga, 1
+bankinter.pt, 1
+bankio.se, 1
+bankiros.ru, 1
+bankislami.com.pk, 1
+bankitt.network, 1
+bankja.net, 1
+bankmno.ga, 1
+bankmoney.cf, 1
+banknet.gov, 1
+banknews.ga, 1
+banknn.ru, 1
+bankofdenton.com, 1
+bankofguilin.com, 1
+bankofharbin.com, 1
+bankofireland.com, 1
+bankofrealty.review, 1
+bankofshaanxi.com, 1
+bankpolicies.com, 1
+bankrbk.kz, 1
+bankruptcy.ky, 1
+banksite.ga, 1
+banksmalaysia.com, 1
+banksouthern.com, 0
+bankstownapartments.com.au, 1
+banksulselbar.co.id, 1
+banktatigebon.cf, 1
+banktender.ga, 1
+banktool.com, 1
+bankvanbreda.be, 1
+bankwithfidelity.com, 1
+banland.net, 1
+banlinhdanong.com, 0
+banmapvn.com, 1
+banned-bitches.tk, 1
+banner-design.tk, 1
+banner.ga, 1
+bannerbangbang.com.au, 1
+bannercountyne.gov, 1
+bannerexchange.tk, 1
+bannermarquees.ie, 1
+bannerpagina.tk, 1
+bannerrealty.com, 1
+bannervaners.ga, 1
+bannerworld.co.uk, 1
+banning.gq, 1
+banningca.gov, 1
+banninglibraryca.gov, 1
+bannisbierblog.de, 1
+bannockcounty.gov, 1
+bannockcountyidaho.gov, 1
+bannsecurity.com, 1
+banquevanbreda.be, 1
+banri.me, 1
+bans.info, 1
+bantaihost.com, 1
+bantchev.com, 1
+bantchev.net, 1
+bantenmien.tk, 1
+banter.city, 1
+bantik.by, 1
+bantiki.ga, 1
+bantoa.com, 1
+bantuanteknis.id, 1
+banuakodi.com, 1
+banyan-advantech.com, 1
+banyarukami.ru, 1
+banzay.ml, 1
+banzhuti.com, 1
+bao-in.net, 1
+baobabgroup.com, 1
+baobaoquming.net, 0
+baobiao.com, 1
+baocheng.tech, 1
+baofuzhuan.com, 1
+baogao.store, 1
+baoge55.com, 1
+baogiathicongnoithat.com, 1
+baogougou.com, 0
+baokhangfood.com, 1
+baoqiang.com, 1
+baoshun.com, 1
+baoxue5.com, 0
+bapco.com, 1
+bapeel.tk, 1
+bapha.be, 1
+baptiste-peugnez.fr, 1
+baptistecabrera.com, 1
+baptisteplanckaert.tk, 1
+baptistesale.tk, 1
+bar-event.tk, 1
+bar-rique.de, 1
+bar-valhalla.tk, 1
+bar38.tk, 1
+baraboowi.gov, 1
+barabrume.fr, 1
+baracca.es, 1
+barakayu.com, 1
+baraklava.com, 1
+baran-shop.ga, 1
+baransys.com, 1
+baranyavar.hu, 1
+barao.tk, 1
+barataeletrica.tk, 1
+baratzegrowshop.com, 1
+baravalle.com, 1
+baraxolka.ga, 1
+baraxolka.ml, 1
+barbaderespeito.com.br, 1
+barbara-fuchs-gruene-fuerth.de, 1
+barbarabowersrealty.com, 1
+barbarabryce.com, 1
+barbaraedanielsantos.ga, 1
+barbarafabbri.com, 1
+barbarafeldman.com, 1
+barbaramoorman.tk, 1
+barbarareynoldsphotography.com, 1
+barbarasymmons.com, 1
+barbarianbear.art, 1
+barbarians.com, 0
+barbaros.info, 1
+barbate.fr, 1
+barberscorner.tk, 1
+barbershop-harmony.org, 0
+barbershopbabo.com, 1
+barbiecollectorjapan.cf, 1
+barbiecollectorjapan.ga, 1
+barbiecollectorjapan.gq, 1
+barbieforteza.tk, 1
+barbinlaw.com, 1
+barbonnetje.nl, 1
+barborakucerova.cz, 1
+barbosha.ru, 1
+barbourcountyal.gov, 1
+barbourcountyhdwv.gov, 1
+barbu.family, 1
+barburas.com, 1
+barca-movie.jp, 1
+barcamp.koeln, 1
+barcelonapremium.es, 1
+barcelonapremiummini.es, 1
+barcelonatours.net, 1
+barcelonawinewalk.com, 1
+barchetta.org, 1
+barcicuvele.tk, 1
+barcitizen.eu, 1
+barclaybonitaranch.com, 1
+barclays.net, 1
+barcodelookup.com, 1
+barcoder.tk, 1
+barcodewiz.com, 1
+bard-college.com, 1
+bard-college.net, 1
+bardak.ga, 1
+bardcollege.net, 1
+bardcollege.org, 1
+bardes.org, 1
+bardfarm.org, 1
+bardian.net, 1
+bardian.org, 1
+bardiharborow.com, 1
+bardtech.com, 1
+barduschinamusic.org, 1
+barefoodinrome.it, 1
+barelias.tk, 1
+barentsz.co, 1
+barer.me, 1
+barexam.jp, 1
+bargaindentistsers.ga, 1
+bargaindentistsest.ga, 1
+bargainsettelement.com, 1
+bargainusa.tk, 1
+barganhanaweb.ml, 1
+bargenarenji.com, 1
+bargerveen.tk, 1
+bargfeldt.de, 1
+bargrill.ga, 1
+bargroup.ga, 1
+barhan-sarykum.ru, 1
+bariatricsurgerynewjersey.com, 1
+barichara.com, 1
+barihandin.tk, 1
+barikell.be, 1
+barinasknot.tk, 1
+barinov.ga, 1
+barinov.ml, 1
+barinov.tk, 1
+baripedia.org, 0
+baris-sagdic.com, 1
+bariseau-mottrie.be, 1
+barisi.me, 1
+baristabetter.com, 1
+baristador.com, 1
+baritoday.it, 1
+barke-schaltanlagen.de, 1
+barkerandstonehouse.co.uk, 1
+barkerjr.xyz, 1
+barkingspidersaspets.com, 1
+barkio.com, 1
+barklanepets.com, 0
+barkstop.net, 1
+barkysupplies.com, 1
+barlettaviva.it, 1
+barlex.pl, 1
+barleyandbirch.com, 1
+barlijst.net, 1
+barlotta.net, 1
+barlow-media.club, 1
+barm.io, 1
+barmenteros.com, 1
+barmusic.tk, 1
+barnabasgolf.org, 1
+barnabycolby.io, 1
+barnacional.com.au, 1
+barnaul-altai.tk, 1
+barnesvilleohio.gov, 1
+barneveldcentrum.nl, 1
+barney-media.com, 1
+barneydavey.com, 1
+barnflix.net, 1
+barnhomega.com, 1
+barnumiidev.com, 1
+barnunnwy.gov, 1
+barnvaensveitarfelog.is, 1
+barnvets.co.uk, 1
+barnwellcountysc.gov, 1
+barobax.tk, 1
+baroccofashion.it, 1
+baroclean.fr, 1
+barok.tk, 1
+baroloboys.de, 1
+baron14.be, 1
+baronbunny.cn, 1
+baronet.cf, 1
+baronspices.com, 1
+baroquemath.net, 1
+baroqueworksstudio.com, 1
+barpodsosnami.pl, 1
+barprive.com, 1
+barqo.co, 1
+barr.com.au, 1
+barrack.cf, 1
+barrack.ga, 1
+barrack.gq, 1
+barrack.tk, 1
+barracuda.blog, 1
+barracuda.com.tr, 0
+barracudaswimmingclub.tk, 1
+barrahome.org, 1
+barrancos.tk, 1
+barrankest.ga, 1
+barranquillero.tk, 1
+barratennis.com.br, 1
+barreiroappraisals.com, 1
+barrencountyky.gov, 1
+barrenwuffett.com, 1
+barricader.com, 1
+barricader.network, 1
+barrierefreie-medien.info, 1
+barrierpestservices.com, 1
+barrikade.tk, 1
+barro.ga, 1
+barruntos.tk, 1
+barrydenicola.com, 1
+barrymarkus.tk, 1
+barrytownshipmn.gov, 1
+barsashop.com.br, 1
+barsgroup.com, 1
+barsleaks.com, 1
+barsopen.ga, 1
+barsukas.net, 1
+bart-f.com, 1
+bart-f.net, 1
+bart1ebee.com, 1
+barta.me, 1
+bartavi.nl, 1
+bartbania.com, 1
+bartcoppens.be, 1
+bartdaelman.tk, 1
+bartdesign.tk, 1
+bartekbv.be, 1
+bartel.ws, 1
+bartelt.name, 1
+barter.me, 1
+barter.vg, 1
+bartershift.com, 1
+bartg95.nl, 1
+barth-herzberger.de, 1
+barth.services, 1
+bartholf.nu, 1
+bartlamboo.nl, 1
+bartlettil.gov, 1
+bartoliconsulting.com, 1
+bartolomebellido.com, 1
+bartonmohealth.gov, 1
+bartowcountyga.gov, 1
+bartula.de, 1
+bartvandamme.tk, 1
+baruch.me, 1
+barwaldesigns.com, 1
+barwave.com, 1
+barzallof.com, 1
+barzza.tk, 1
+bas.bio, 1
+bas.codes, 1
+bas.coffee, 1
+bas.surf, 1
+bas.work, 1
+basar-horrheim.de, 1
+basauristudios.com, 1
+basaveshwaraborewells.tk, 1
+basculasconfiables.com, 1
+basdferty.cf, 1
+base-autonome-durable.com, 0
+base-people.ml, 1
+base-radio.cf, 1
+base2face.tk, 1
+base48.systems, 1
+basebalance.net, 1
+baseballcrank.com, 1
+baseballjapan.org, 1
+baseballpitchingmachine.tk, 1
+baseballsapka.hu, 1
+baseballsavings.com, 1
+basebyte.nl, 1
+basecamp.cf, 1
+baseconvert.com, 1
+based.gr, 1
+basedonline.nl, 1
+basedriver.com, 1
+baseerapp.com, 1
+basel-gynaecology.com, 1
+basel-gynaekologie.ch, 1
+basel-onlinemarketing.de, 1
+baselang.com, 1
+baselnazifrei.info, 0
+basement961.co.nz, 1
+basementdefender.net, 1
+basementdoctorwestvirginia.com, 1
+basementfinishingohio.com, 1
+basementwaterproofingasheville.com, 1
+basementwaterproofingdesmoines.com, 1
+basementwaterproofingknoxvilletn.com, 1
+basementwaterproofingsaintlouis.com, 1
+basementwaterproofingwi.com, 1
+basenio.de, 1
+baserverz.ga, 1
+basetherm.com, 1
+basetruck.cn, 1
+baseweb.design, 1
+basf-vcar.com, 1
+bash.news, 1
+bashari.tk, 1
+bashc.at, 0
+bashhack.cf, 1
+bashkimi.com, 1
+bashkiri.cf, 1
+bashkiria.cf, 1
+bashkiria.ga, 1
+bashkiria.ml, 1
+bashkirlife.tk, 1
+bashoutter.link, 1
+bashsoftware.tk, 1
+bashstreetband.co.uk, 1
+bashtel.tk, 1
+basic.is, 1
+basic.space, 1
+basicapparel.de, 1
+basicattentiontoken.org, 1
+basicguitarlessons.com, 1
+basicknowledge101.com, 1
+basiclimits.tk, 1
+basicports.com, 1
+basicports.eu, 1
+basicports.net, 1
+basicports.org, 1
+basics.domains, 1
+basics.net, 1
+basicskillstest.co.uk, 1
+basictools.tk, 1
+basicwallpapers.tk, 1
+basilicaknights.org, 1
+basilicproduction.fr, 1
+basilm.co, 1
+basilsys.com, 1
+basis-online.eu, 1
+basisbedarf.de, 1
+basisofcare.com, 1
+basisonline.nl, 1
+basisonlinefiles.nl, 1
+basisschoolhundelgem.be, 1
+basisvaardigheden.nl, 1
+basitplan.com, 1
+basket-ballworld.fr, 1
+basket-malaunay.fr, 1
+basket-sint-truiden.tk, 1
+basketball-malavan.tk, 1
+basketballnewz.tk, 1
+basketcase.shop, 1
+basketforex.com, 1
+basketsandmore.bg, 1
+baskibu.com, 0
+baskideposu.com.tr, 1
+baskingalkin.tk, 1
+basllp.co.uk, 1
+basmacioglu.com, 1
+basmp.ml, 1
+basnachtegaal.tk, 1
+basnoslovno.ru, 1
+basonlinemarketing.nl, 0
+basradio.tk, 1
+bass-pro.ru, 1
+bassanova.tk, 1
+bassbase.tk, 1
+bassblog.net, 1
+bassculture.tk, 1
+bassdentistry.com, 1
+basse-chaine.info, 1
+bassethound.tk, 1
+bassguy.tk, 1
+bassislandline.com.au, 1
+basskickers.tk, 1
+bassment.org, 1
+bassment.ph, 1
+bassotto.it, 1
+bassresource.com, 1
+bassrhymeposse.tk, 1
+bassrider.eu, 1
+bassstraitmaritimecentre.com.au, 1
+bassys.com.co, 1
+bastakka.eu, 0
+bastanet.tk, 1
+bastardator.tk, 1
+bastelstu.be, 1
+basteltips.tk, 1
+bastelwelt.ch, 1
+bastelzauberwelt.de, 1
+bastenhorst.de, 1
+bastionadvokat.ml, 1
+bastionentifo.tk, 1
+bastiv.com, 1
+bastivmobile.com, 1
+bastolino.de, 1
+bastter.com, 1
+bastun.com, 1
+basuramarina.com, 1
+baswetter.photography, 1
+basyrova.ml, 1
+basysconsulting.com, 1
+basyspro.net, 1
+batacas.com, 1
+batailleros.tk, 1
+bataminnovationhub.com, 1
+bataviail.gov, 1
+bataviaoh.gov, 1
+batca.ca, 1
+batcave.tech, 1
+batch.com, 0
+batdongsancongnghiep.vn, 0
+bateaux-sans-permis.com, 0
+batelco.com, 1
+baterias.com, 1
+baterioverolety.cz, 1
+batescountymo.gov, 1
+batesvillearkansas.gov, 1
+batextiles.tk, 1
+bath.limited, 1
+bath.ltd.uk, 1
+bath.men, 1
+bathbodyshop.tk, 1
+bathcountyva.gov, 1
+bathok.tk, 1
+bathost.net, 1
+bathrobes.tk, 1
+bathroomremodelinggeorgia.com, 1
+bathroomsinkcabinet.tk, 1
+bathscobensraker.ga, 1
+bati-alu.fr, 1
+batiburrillo.net, 1
+batiim.co.il, 1
+batipiscine.com, 1
+batipresta.ch, 0
+batiweb.tv, 1
+batiwebgroup.com, 0
+batka-stealer.tk, 1
+batkhonjon.com, 1
+batkonjon.com, 1
+batmanvsupermanfullmovie.ga, 1
+batmod.com, 1
+batoit.gq, 1
+batonchik.tk, 1
+batonger.com, 1
+bats.gov, 1
+batten-family.uk, 1
+batten.eu.org, 1
+batterie-au-top.com, 1
+batterman.ch, 1
+battery-center.fr, 1
+batteryboys.ca, 1
+batteryboys.com, 1
+batterymax.org, 1
+batteryreconditioning.ml, 1
+batterystaple.pw, 1
+battle-arena.tk, 1
+battle-game.com, 1
+battlefield1942.tk, 1
+battleforkhashuri.tk, 1
+battlefrontoldschool.cf, 1
+battleguard.net, 1
+battleofthegridiron.com, 1
+battlerealms.cc, 1
+battlerite.tk, 1
+battletech.tk, 1
+battreil.tk, 1
+batucadastore.nl, 1
+batucilegon.com, 1
+batukhan.tk, 1
+batulicin.tk, 1
+batwatt.com, 1
+bau.ua, 1
+baubau.bg, 1
+bauchtanz.tk, 1
+bauer-plus.de, 1
+bauer-reininghorses.com, 1
+bauer.network, 0
+bauernhof-koch-edingen.de, 1
+bauernhof-lercher.at, 1
+bauernmarkt-fernitz.at, 1
+baufi-express.ag, 1
+baufi-express.biz, 1
+baufi-express.com, 1
+baufi-express.de, 1
+baufi-express.eu, 1
+baufi-express.info, 1
+baufi-express.net, 1
+baufi-express.org, 1
+baufi24.de, 0
+baufiexpress.ag, 1
+baufiexpress.biz, 1
+baufiexpress.com, 1
+baufiexpress.de, 1
+baufiexpress.eu, 1
+baufiexpress.info, 1
+baufiexpress.net, 1
+baufiexpress.org, 1
+baugelitt.eu, 1
+baugemeinschaftbernstein.de, 1
+baugeshite.de, 1
+bauhaus.cz, 1
+bauhaus.sk, 1
+baukebies.nl, 1
+baukelek.tk, 1
+baumannfabrice.com, 1
+baumansound.com, 1
+baumbet.ro, 1
+baumfreund.ch, 1
+baumkletterschule.de, 1
+baumkuchen-aus-dresden.de, 0
+baummer.com.br, 1
+baur.de, 1
+bausep.de, 1
+bausparkassen.tk, 1
+baustils.com, 1
+bauthier-occasions.be, 0
+bautizodelucia.com, 1
+bav.com, 1
+bavaria-feuerloeschershop.de, 1
+bavaropuntacanahotels.com, 1
+bavarovillage.com, 1
+bavartec.de, 1
+bavi.tk, 1
+bavoogi.com, 1
+bawag.at, 1
+bawbby.com, 1
+bawsiebezpiecznie.pl, 1
+baxir.fr, 1
+baxleyga.gov, 1
+baxomilowa.tk, 1
+baxtercountyar.gov, 1
+baxterstorey.online, 1
+baxterstoreyirelandonline.com, 1
+baxx.eu.org, 1
+bayanbennett.com, 1
+bayanradio.tk, 1
+bayarea.ga, 1
+bayarea.gq, 1
+bayarea.ml, 1
+bayarea.tk, 1
+bayareagynecology.com, 1
+bayareamustangs.tk, 1
+bayareaplasticsurgery.com, 1
+bayashi.net, 1
+bayburtgazetecilercemiyeti.org.tr, 1
+bayburtmanset.com, 1
+baycialis.net, 1
+baycitymi.gov, 1
+baycountyfltax.gov, 1
+bayden.com, 1
+baydreamer.tk, 1
+bayer-stefan.com, 1
+bayer-stefan.de, 1
+bayer-stefan.eu, 1
+bayer.earth, 1
+bayerhazard.de, 1
+bayernwaage.de, 1
+bayerstefan.com, 1
+bayerstefan.de, 1
+bayerstefan.eu, 1
+bayfly.net, 1
+bayhauling.net, 1
+bayherbalist.com, 1
+bayilelakiku.com, 1
+bayliss.aero, 1
+bayliss.co.uk, 1
+bayliss.uk, 1
+bayly.eu, 1
+baymard.com, 1
+baymark.com, 1
+bayofseo.com, 1
+bayou.energy, 1
+bayraklar.info, 1
+bayramov.tk, 1
+bayrampasa.bel.tr, 1
+bayrisch-fuer-anfaenger.de, 1
+bayscollisionrepairs.co.nz, 1
+bayshore.ca, 1
+baysidefamilydentist.com.au, 1
+baysidemedicalgroup.net, 1
+baysidephotography.ga, 1
+bayt.com, 1
+baytalebaa.com, 1
+baytobayaircon.com.au, 1
+bayvotesfl.gov, 1
+baywatbemacom.cf, 1
+baywatch.io, 1
+bayyanainmuebles.com, 1
+bayz.de, 0
+baz.nl, 1
+baza-gai.com.ua, 1
+bazaarbhaav.com, 1
+bazaarcompass.com, 1
+bazaart.me, 1
+bazaclub.ru, 0
+bazaleev.ru, 1
+bazar-online.tk, 1
+bazar-pc.tk, 1
+bazar.bg, 0
+bazardunet.tk, 1
+bazarfds.com.br, 1
+bazari.com.pl, 1
+bazarmag.ir, 1
+bazarotehijos.com, 1
+bazdell.com, 0
+bazdidaval.ir, 1
+baze.cz, 1
+bazel.build, 1
+bazhan.wang, 1
+bazinga-events.nl, 1
+bazos.at, 1
+bazos.cz, 1
+bazos.pl, 1
+bazos.sk, 1
+bazziergraphik.com, 1
+bb-aroundtheworld.se, 1
+bb.church, 1
+bb00228.com, 0
+bb057.com, 0
+bb087.com, 0
+bb168.cc, 0
+bb2-group.com, 1
+bb37roma.it, 1
+bb5197.co, 1
+bb6729.co, 1
+bb6729.com, 1
+bb6957.co, 1
+bb9297.co, 1
+bb9721.com, 0
+bb9728.co, 1
+bbaccademia.it, 1
+bbalposticino.it, 1
+bbamsch.com, 0
+bbb1991.me, 0
+bbbb.loan, 1
+bbbff.net, 1
+bbc.co.uk, 0
+bbc.com, 0
+bbc67.fr, 1
+bbcastles.com, 1
+bbcincorp.com, 1
+bbclyra.tk, 1
+bbcomcdn.com, 1
+bbcsuk.co.uk, 1
+bbcustomremodeling.com, 1
+bbfandom.com, 1
+bbfxtraders.com, 1
+bbg.org, 1
+bbgeschenke.ch, 0
+bbh-kreislauf.de, 1
+bbhsolutions.com, 1
+bbimarketing.com, 1
+bbinsure.com, 0
+bbiny.edu, 1
+bbk365m.com, 1
+bbk365t.com, 1
+bbk365zz.com, 1
+bbka.co.uk, 1
+bbka.org.uk, 1
+bbkanews.co.uk, 1
+bbkanews.com, 1
+bbkanews.org, 1
+bbkanews.uk, 1
+bbkworldwide.jp, 1
+bblsa.ch, 0
+bbmagnagrecia.it, 0
+bbmak.tk, 1
+bbmsarauniteam.com, 1
+bbnx.net, 1
+bbp.ng, 1
+bbpnas.win, 1
+bbqs-algarve.com, 1
+bbrassart.fr, 1
+bbrigittae.hu, 1
+bbrmonza.it, 1
+bbrp.org, 1
+bbs-buchholz.com, 1
+bbs-buchholz.eu, 1
+bbs.lc, 1
+bbschat.tk, 1
+bbsec.xyz, 1
+bbtk.com, 1
+bbunits.de, 1
+bbusa.tk, 1
+bbw-wrestling.com, 1
+bbwanalsex.com, 1
+bbwhale.org, 1
+bbwmovies.com, 1
+bbwpictures.com, 1
+bbwpornpics.com, 1
+bbwpussytube.com, 1
+bbwsexclips.com, 1
+bbwteens.org, 1
+bbx.bike, 1
+bbxin9.net, 1
+bc-bd.org, 0
+bc-cdc.org, 1
+bc-diffusion.com, 1
+bcabs.com, 1
+bcaf.uk, 1
+bcakuwait.com, 1
+bcalabsokc.com, 1
+bcalles.dk, 1
+bcalles.eu, 1
+bcallesen.dk, 1
+bcallesen.eu, 1
+bcansw.com.au, 1
+bcarpentrypro.com, 1
+bcbsfepvision.com, 1
+bcbudonline.com, 1
+bcccremeno.it, 1
+bccx.eu.org, 1
+bccxo.com, 1
+bcdiesel.ca, 1
+bcdn.me, 1
+bcdonadio.com, 1
+bcdonadio.com.br, 1
+bcdonadio.org, 1
+bceaf.org, 1
+bcfp.gov, 1
+bcgefatap.com, 1
+bchep.com, 1
+bcis.co.uk, 0
+bck-koethen.de, 1
+bck-lelystad.nl, 1
+bckl.me, 1
+bclserver.se, 1
+bcmguide.com, 1
+bcmhire.co.uk, 1
+bcn.cv, 1
+bcnation.com, 1
+bcnet.com.hk, 1
+bcoffices.com.mx, 1
+bcomm.com.au, 1
+bconcept.be, 1
+bcpc-ccgpfcheminots.com, 1
+bcrnews.tk, 1
+bcrook.com, 1
+bcrypt.online, 1
+bcs-talk.com, 1
+bcschool.cn, 1
+bcsnygroup.com, 1
+bcsytv.com, 0
+bcu.ac.uk, 1
+bcubeanalytics.com, 1
+bcutah.gov, 1
+bcvps.com, 1
+bcyw56.live, 0
+bcyw56.top, 1
+bczeeland.tk, 1
+bd-friend.com, 1
+bd-media.tk, 1
+bd.foundation, 1
+bda-boulevarddesairs.com, 0
+bdbe.ga, 1
+bdbxml.net, 1
+bdcdev.in, 1
+bdd.fi, 1
+bddam.fr, 1
+bddam.one, 1
+bdeducator.com, 1
+bdeep.org, 1
+bdew.net, 1
+bdfriends.tk, 1
+bdgroup-lab.com, 1
+bdix.link, 1
+bdli.de, 1
+bdmusic25.us, 1
+bdo-tools.jp, 1
+bdocfurniture.com, 1
+bdpachicago.tech, 1
+bdpestsolutionsstlouis.com, 1
+bdpn.ru, 1
+bdragon.com, 1
+bdrmedia.rs, 1
+bdsdonghanh.com, 1
+bdsmbibliothek.net, 1
+bdsmcontrol.com, 1
+bdsmdating.tk, 1
+bdsmwiki.hu, 1
+bdsu-connect.de, 1
+bdsu-kongress.de, 1
+bdsu.de, 1
+bdtc.com.bd, 1
+bdtd.nl, 1
+bdtechnews.tk, 1
+be-craft.de, 1
+be-free.gq, 1
+be-nice.digital, 1
+be-real.life, 0
+be-sigsol.fr, 1
+be-up-developpement.com, 1
+be-wear.ch, 1
+be-webdesign.com, 1
+be.ax, 1
+be.search.yahoo.com, 0
+be.st, 1
+be2cloud.de, 1
+be9418.com, 1
+be9418.info, 1
+be9418.net, 1
+be9418.org, 1
+be9458.net, 0
+be9458.org, 0
+be958.info, 1
+be958.org, 1
+be9966.com, 1
+bea.expert, 0
+bea.gov, 1
+beabadoartesanato.com.br, 1
+beable.com, 1
+beacham.online, 1
+beachcitiestaxandaccounting.com, 1
+beachcitybody.com, 1
+beachcitycastles.com, 1
+beachcruisers.tk, 1
+beachlife4life.cf, 1
+beachmonster.tk, 1
+beachpoint.tk, 1
+beachsmile.com, 1
+beachsoccer.tk, 1
+beachvolley.tk, 1
+beachvolleyball.tk, 1
+beachworldchampion.tk, 1
+beacinsight.com, 1
+beaconcart.com, 1
+beaconfed.org, 1
+beaconhealthoptions.com, 1
+beaconhouse.org.uk, 1
+beaconny.gov, 1
+beaconstac.com, 1
+beadaptive.ca, 1
+beadare.com, 1
+beadare.nl, 1
+beadedcouture.tk, 1
+beadings.tk, 1
+beadseh.ca, 1
+beager.ga, 1
+beagles.tk, 1
+beaglesaspets.com, 1
+beaglesecurity.com, 1
+beagstudio.ie, 1
+beakbirds.com, 1
+beaker.coffee, 1
+beal.edu, 1
+bealcreative.com.au, 1
+bealefss.marketing, 1
+bealeslandscaping.co.uk, 1
+bealpha.pl, 1
+beam-life.tk, 1
+beam-to.me, 1
+beama.org, 1
+beambdi.com, 1
+beamitaly.tk, 1
+beamitapp.com, 1
+beamy-lake.com, 1
+beanbot.party, 1
+beanboygames.com, 1
+beancount.io, 1
+beanilla.com, 1
+beanjuice.me, 1
+beansgalore.com.au, 1
+beaoriflame.hu, 1
+beapieceofart.com, 1
+beaquarium.com, 1
+bearbonesenterprises.com, 1
+bearcosports.com.br, 1
+bearcreekcubschildcare.com, 1
+bearcreektownshipmi.gov, 1
+beard.se, 1
+beardboys.co.za, 1
+bearded.sexy, 1
+bearden.io, 1
+beardic.cn, 0
+beardsome.me, 1
+bearfactory.tk, 1
+bearfarm.tk, 1
+beargarden.club, 1
+beargorilla.com, 1
+bearings.tk, 1
+bearingworks.com, 1
+bearlakelife.com, 1
+bearrecords.tk, 1
+bearrun.com, 1
+bearsunderland.com, 1
+bearzoutdoor.com, 1
+beasel.biz, 1
+beast-books.com, 1
+beast.rent, 1
+beastiejob.com, 1
+beastlog.tk, 1
+beastnet.works, 1
+beastnet.xyz, 1
+beastowner.com, 1
+beastowner.li, 1
+beatachoroszynska.pl, 1
+beatbreaker.tk, 1
+beatday.com, 1
+beatfeld.de, 1
+beatfreaks.tk, 1
+beatle.tk, 1
+beatmaker.ml, 1
+beatmalaria.org, 1
+beaton.tk, 1
+beatquantum.com, 1
+beatrice-nightscout.herokuapp.com, 1
+beatrice-raws.org, 1
+beatricedailysun.com, 1
+beatriz-urbano-vega.tk, 1
+beatrizaebischer.ch, 0
+beatrizmartinez.tk, 1
+beatsaberchampionship.eu, 1
+beatsdope.com, 1
+beatsearch.net, 0
+beatsnbits.nl, 1
+beatsta.tk, 1
+beatthebastards.tk, 1
+beatuprobot.net, 1
+beatzone.tk, 1
+beau.cat, 1
+beaufortcastawaycharter.com, 1
+beaufortcountync.gov, 1
+beauhilton.com, 1
+beaulieu.ch, 1
+beaumontcabusiness.gov, 1
+beaute-eternelle.ch, 0
+beautiful-lingerie.tk, 1
+beautiful.ai, 1
+beautifulart.ml, 1
+beautifulplaces.tk, 1
+beautifulreflectionsmedspa.com, 1
+beautifulrussianwomen.cf, 1
+beautifulsouth.tk, 1
+beauty-blog.gq, 1
+beauty-form.ir, 1
+beauty-haircare.tk, 1
+beauty-salon-lino.com, 1
+beauty-stories.tk, 1
+beauty-style.ml, 1
+beauty-town.tk, 1
+beauty-woman.tk, 1
+beauty-yan-enterprise.com, 1
+beauty.moe, 0
+beauty24.de, 1
+beauty2home.net, 1
+beauty77.ch, 1
+beautyandboutique.tk, 1
+beautyandfashionadvice.com, 1
+beautyandthebeast.tk, 1
+beautyanna.ga, 1
+beautyanna.gq, 1
+beautyarticles.tk, 1
+beautybism.com, 1
+beautybox.ro, 1
+beautyboxes.net, 1
+beautyby.tv, 1
+beautycarepack.com.ng, 1
+beautycom.club, 1
+beautycon.ir, 1
+beautyeyewear.ga, 1
+beautyfitnessblog.com, 1
+beautyforce.bg, 1
+beautyforceacademy.bg, 1
+beautyindistress.tk, 1
+beautyinweb.net, 1
+beautyisfine.tk, 1
+beautykatherin.com, 1
+beautykiss.com, 1
+beautylookz.nl, 1
+beautyoverture.com, 1
+beautyschool.od.ua, 1
+beautyseasons.ru, 1
+beautyspaceshop.com, 1
+beautyspacestore.com, 1
+beautyspot.tk, 1
+beaver-creek.ga, 1
+beaver.com.br, 1
+beaverdamautos.com, 1
+beaverheadcountymt.gov, 1
+beavertails.com, 1
+beavertales.ca, 1
+beavillabea.it, 1
+beavivo.de, 0
+bebaspedia.com, 1
+bebbiboni.tk, 1
+bebe2luxe.fr, 1
+bebeautiful.business, 1
+bebecar.com, 1
+bebechegou.com, 1
+bebechegou.com.br, 1
+bebef.de, 1
+bebefofuxo.com.br, 1
+bebemamae.com, 1
+bebes.uno, 1
+bebesreborns.com, 1
+bebest.gov, 1
+bebetrotteur.com, 1
+bebidasrd.com, 1
+bebodywise.com, 1
+beboldpr.com, 1
+bebout.domains, 1
+bebout.pw, 1
+bebr.loan, 1
+bebra.ai, 1
+bebra.loan, 1
+bebrenok.trade, 1
+bebrev.trade, 1
+bebrik.men, 1
+bebrina.date, 1
+bebrochka.loan, 1
+bec.dk, 0
+becallgroup.com, 1
+because.co.il, 1
+becausecapitalism.org, 1
+beccaanne.photography, 1
+beccajoshwedding.com, 1
+bech32.net, 1
+beck.pl, 1
+beckdesign.tk, 1
+becker-annika.de, 1
+becker.wales, 1
+beckerpumps.com, 1
+becklove.cn, 1
+beckmandxapps.com, 1
+beckmanngmbh.de, 1
+beckylicious.tk, 1
+beclan.tk, 1
+becleverwithyourcash.com, 1
+becli.com, 1
+beclick.co.il, 1
+becoairandheat.com, 1
+becollective.com, 1
+become-a-bounty-hunter.com, 1
+become-lucky.com, 1
+becomeaparalegal.org, 1
+becomebravehorsemanship.nl, 1
+becomewebdeveloper.tk, 1
+beconnect.cf, 1
+beconstructive.com, 1
+becquerelgroup.com, 1
+becs.ch, 0
+becubed.co, 0
+becydog.cz, 1
+bed-and-breakfast-elz.de, 1
+bedamedia.com, 1
+bedandbreakfast.dk, 1
+bedandbreakfasteuropa.com, 1
+bedandbreakfasthoekvanholland.com, 1
+bedavainternet.club, 1
+bedavakodlar.com, 1
+bedavaoyunkod.com, 1
+beddingexperts.com, 1
+bede.fr, 1
+bedeiah.tk, 1
+bedels.nl, 1
+bedenica.hr, 1
+bedford911.com, 1
+bedfordnissanparts.com, 1
+bedful.com, 1
+bedienungsanleitung24.de, 1
+bedinfo.com, 1
+bedlingtonterrier.com.br, 1
+bedofcorpses.tk, 1
+bedouille.com, 1
+bedrijfs-feesten.nl, 1
+bedrijfsfeesten.tk, 1
+bedrijfsfotoreportages.nl, 1
+bedrijfswasmachine.nl, 1
+bedrockcommunity.ml, 1
+bedrocklinux.org, 1
+bedstecasinobonusser.dk, 1
+bedtimeflirt.com, 1
+bedum-blues.tk, 1
+bedwettingyoungsters.tk, 1
+bee-creative.nl, 1
+bee-line.org.uk, 1
+bee-removal-dublin.com, 1
+bee.tools, 1
+beebeads.ga, 1
+beebruh.bid, 1
+beebuy.online, 1
+beebuy.restaurant, 1
+beecambio.com.br, 1
+beecare.ch, 1
+beechwoodindustrial.com, 1
+beedsolyjas.tk, 1
+beeebraa.download, 1
+beefclan.tk, 1
+beeg.hu, 1
+beegarage.com, 1
+beehive.govt.nz, 1
+beehive.systems, 1
+beehive42.com, 1
+beehive42.eu, 1
+beehive42.net, 1
+beehive42.nl, 1
+beehive42.org, 1
+beekbier.nl, 1
+beekeeper.supply, 1
+beekeeper.tools, 1
+beekeepingfiji.com, 1
+beeksnetwork.nl, 1
+beeldbankgent.be, 1
+beeliarspirit.org, 1
+beeline.am, 1
+beelit.com, 0
+beeming.co.za, 1
+beeming.net, 1
+beemprimelogistics.com, 1
+beeone.nl, 1
+beepcar.ru, 1
+beeportfolio.com, 1
+beer-sheva.city, 1
+beer9.com, 1
+beerbruhs.com, 1
+beercast.co.uk, 1
+beeremovaljohannesburg.co.za, 1
+beeremovalpretoria.co.za, 1
+beeremovalspretoria.co.za, 1
+beergifts.tk, 1
+beerglasses.tk, 1
+beerhouse.tk, 1
+beerians.com, 1
+beerians.info, 1
+beerjet.bg, 1
+beerloga.tk, 1
+beernews.ga, 1
+beerradar.no, 1
+beerradar.party, 1
+beerre.com, 1
+beersandco.ch, 1
+beersconf.com, 1
+beersheba.co.il, 1
+beersheva.city, 1
+beersheva.co.il, 1
+beerview.ga, 1
+beerwallpa.com, 1
+beerxa.cz, 1
+beescloud.com, 1
+beesco.us, 1
+beesex.xyz, 1
+beesnoosa.com, 1
+beestar.it, 1
+beestation13.com, 1
+beestech.fr, 1
+beeswarmrehoming.com.au, 1
+beesweethoney.co.za, 1
+beet-und-balkonpflanze-des-jahres.de, 1
+beetech.global, 1
+beetgroup.id, 1
+beethoveninlove.com, 1
+beetsforyou.xyz, 1
+beeutifulparties.co.uk, 1
+beeweighed.co.uk, 1
+beezkneezcastles.co.uk, 1
+beeznest.com, 1
+befantasy.tk, 1
+befoodsafe.gov, 1
+beforeafter.gq, 1
+beforethedawn.tk, 1
+beforeyoueatoc.com, 1
+befreewifi.info, 1
+befunddolmetscher.de, 1
+befundonline.de, 1
+bega-dc.gov, 1
+begabungsfoerderung.info, 1
+begemoth.tk, 1
+begethost.cf, 1
+begin-motorcycling.co.uk, 1
+beginnercampingguide.top, 1
+begleitung-zuhause.at, 1
+begonias.tk, 1
+begoth.boutique, 1
+begovel.shop, 1
+begravningsbyranhumana.se, 1
+begundal.tk, 1
+behamepresrdce.sk, 1
+behamzdarma.cz, 1
+behar-selimi.tk, 1
+behatech.tk, 1
+behavenet.com, 1
+behavhealth.ml, 1
+behaving.tk, 1
+behaviorchangeimpact.org, 1
+behead.de, 1
+behealthandrehab.com, 1
+behealthoncologia.com, 1
+behealthyeveryday.eu, 1
+behemoth.cf, 1
+beherit.pl, 1
+behinam.co.il, 1
+behind-the-mask.tk, 1
+behindenemyminds.be, 1
+behindenemyminds.eu, 1
+behindertenagentur.de, 1
+behindthedesk.tk, 1
+behindthemars.de, 1
+behleem.tk, 1
+behoerden-online-dienste.de, 1
+behold.gq, 1
+behomewithlove.com.br, 1
+behoreal.cz, 1
+behrami.com, 1
+behrer.se, 1
+beiduofu.com, 1
+beiersdorf-svz.ch, 1
+beijing.bj, 1
+beijinglug.club, 1
+beijiquan.com, 1
+beikeil.de, 1
+beimchristoph.de, 1
+beinad.com, 1
+beinad.ru, 1
+beinghuman.tk, 1
+beinghumanpsychotherapy.com.au, 1
+beingmad.org, 1
+beinsports.pro, 1
+beinsured.cloud, 0
+beinteractive.pl, 1
+beiqilai.com, 1
+beira.pt, 1
+beiramar.tk, 1
+beirel.ru, 1
+beitmidrashrambam.com, 1
+beizsoft.co.uk, 1
+bejago.com, 1
+bejarano.io, 1
+bejbi.net, 1
+bejo.be, 0
+bejo.bg, 0
+bejo.by, 0
+bejo.cl, 0
+bejo.cn, 0
+bejo.com, 0
+bejo.com.au, 0
+bejo.com.br, 0
+bejo.com.mx, 0
+bejo.cz, 0
+bejo.es, 0
+bejo.hr, 0
+bejo.jp, 0
+bejo.kz, 0
+bejo.ma, 0
+bejo.nl, 0
+bejo.pl, 0
+bejo.pt, 0
+bejo.ro, 0
+bejo.ru, 0
+bejo.sk, 0
+bejo.ua, 0
+bejo.vn, 0
+bejoandes.cl, 0
+bejogt.com, 0
+bejoindia.in, 0
+bejoindonesia.com, 0
+bejoitalia.it, 0
+bejosamen.de, 0
+bejoseeds.com, 0
+bekabazar.cz, 1
+bekeltetes.hu, 1
+beklenengazete.com, 1
+bekmekci.tk, 1
+beko.co.uk, 1
+beko.ie, 1
+bekolite.com, 1
+bekoplc.com, 1
+bel-air1998.com, 1
+bel-assainissement-service.fr, 1
+bel-snegirek.ru, 0
+belacapa.com.br, 1
+belacine.com, 1
+belafonte.co, 1
+belajarcarabelajar.com, 1
+belajarpsikology.tk, 1
+belanews.tk, 1
+belani.eu, 1
+belanja.express, 1
+belaradio.tk, 1
+belarbykora.tk, 1
+belardoinstrumentos.tk, 1
+belarto.es, 1
+belarto.pl, 1
+belarus-mtz.gq, 1
+belarus.tk, 1
+belarusmemorials.com, 1
+belarustoday.tk, 1
+belarustravel.tk, 1
+belastingdienst-in-beeld.nl, 1
+belastingmiddeling.nl, 1
+belayarus.tk, 1
+belcanto.cz, 1
+beldet.be, 1
+beleadsteam.com, 1
+belebey.city, 1
+beleefheemstede.nl, 1
+beleggingspanden-financiering.nl, 0
+belegit.org, 1
+belezadateresa.com.br, 1
+belezashopping.com.br, 1
+belf.ml, 1
+belfastbounce.co.uk, 1
+belfastjujitsu.tk, 1
+belfastlocks.com, 1
+belfasttechservices.co.uk, 1
+belfix.be, 1
+belfor-probleme.de, 1
+belga.tk, 1
+belge.rs, 1
+belger.tk, 1
+belgers.com, 1
+belgia.tk, 1
+belgian-investor.be, 1
+belgian-naturists.tk, 1
+belgian-swimmers-united.tk, 1
+belgianbirdalerts.be, 1
+belgianfilipinolovers.be, 1
+belgiantennis.tk, 1
+belgianwaffleironstore.com, 1
+belgianwesthoekclassic.tk, 1
+belgicaservices.be, 1
+belgie-postcodes.be, 1
+belgischekeizer.nl, 1
+belgischerijpony.tk, 1
+belgiumwi.gov, 1
+belgive.by, 1
+belgorod-host.cf, 1
+belgorod.ml, 1
+belgrademt.gov, 1
+belgradestatebank.com, 1
+belgraver.email, 1
+belgraver.eu, 1
+belgraver.xyz, 1
+belhopro.be, 1
+belic.net, 1
+belichtungswert.de, 1
+belics.com, 1
+belidi.tk, 1
+belidzs.hu, 0
+belieber.tk, 1
+belien-tweedehandswagens.be, 1
+believablebook.com, 0
+believeinyourmind.com, 1
+beliishko.tk, 1
+belindaweb.tk, 1
+belinks.tk, 1
+belinsky.tk, 1
+beliyo.tk, 1
+belizemap.tk, 1
+belk.io, 1
+belka.online, 1
+belki.tk, 1
+belknapcounty.gov, 1
+belkys.net, 0
+bell.id.au, 1
+bella-abyssinia.tk, 1
+bella-klein.org, 1
+bella.network, 1
+bellaaroma.com.tw, 1
+bellacasarealtyaz.com, 1
+belladeluxxe.net, 1
+bellafashion.tk, 1
+bellaireroofinginc.com, 1
+bellamama.biz, 1
+bellamodeling.com, 1
+bellamy.cloud, 1
+bellamy.md, 1
+bellanews.tk, 1
+bellaslokal.de, 1
+bellassubsandpizza.com, 1
+bellastate.ca, 1
+bellatight.com, 1
+bellavistaoutdoor.com, 1
+bellcarrington.com, 1
+bellcomp.co.uk, 1
+belle-bete.ca, 1
+belle-epoque-toys.com, 1
+belle-lingerie.co.uk, 0
+bellebakes.blog, 1
+bellebaum.eu, 1
+bellecarmen.tk, 1
+bellehorizon.co.za, 1
+bellenews.com, 1
+bellenundballern.de, 1
+belleplaineiowa.gov, 1
+belleplainemn.gov, 1
+bellesetrebelles.tk, 1
+bellevilleboot.com, 1
+bellevueduilawyers.com, 1
+bellezanatural.life, 1
+bellezon-shop.com, 1
+bellezzasenzalimiti.it, 1
+bellflowerlactation.com, 1
+bellhowell.net, 1
+bellissime.tk, 1
+bellmeadtx.gov, 1
+belloo.date, 1
+bellop.top, 1
+belloweb.tk, 1
+bellowsafs.marketing, 1
+belloy.net, 0
+bellpi.com, 0
+bellreguard.tk, 1
+bellsweets.com, 1
+bellthrogh.com, 1
+belltownfarms.com, 1
+belltownpower.com, 1
+bellware.io, 0
+bellyaccessoriesest.ga, 1
+belmontgoessolar.org, 1
+belmontnh.gov, 1
+belmontsheriffohio.gov, 1
+belmount.com.br, 1
+belmundo.org, 1
+belocallyseo.com, 1
+beloevino.ml, 1
+belouga.org, 1
+belovedbumps.sg, 1
+belowaverage.tk, 1
+belowzero.tk, 1
+belquant.cf, 1
+belrosstrakh.tk, 1
+belrybalka.cf, 1
+bels-lijntje.nl, 1
+belsat.be, 1
+belsilos.com, 1
+belt.black, 1
+beltanelabrosse.tk, 1
+beltar.nl, 1
+beltbuckle.pw, 1
+beltman-shipping.tk, 1
+beltramifashion.be, 1
+belug.de, 1
+belugadev.ml, 1
+belveb24.by, 1
+belvidereil.gov, 1
+belviderepoliceil.gov, 1
+belvideretownshipmi.gov, 1
+belvitajoreggelt.hu, 1
+belvo.com, 1
+belvoc.be, 1
+belvoirbouncycastles.co.uk, 1
+belwederczykow.eu, 1
+belzlongroup.com, 1
+bembee.tk, 1
+bemcorp.de, 1
+bemergroup.com, 1
+bemindly.com, 1
+bempensadoconsul.com.br, 1
+bemsoft.pl, 1
+bemvindoaolar.com.br, 1
+ben-deneme.gq, 1
+ben-energy.com, 0
+ben-stock.de, 1
+ben.org.uk, 1
+ben2.co.il, 1
+benabbott.nz, 1
+benabrams.it, 1
+benadryl.ml, 1
+benadryld.tk, 1
+benaldirma.net, 1
+benary.org, 1
+benas.tk, 1
+benatarfanclub.com, 1
+benatherton.com, 1
+benatskezrkadla.sk, 1
+benazir-reaction.tk, 1
+benbalter.com, 1
+benbenben.loan, 1
+benbozsa.ca, 1
+benc.io, 1
+benceskorka.com, 1
+bencheetham.me.uk, 1
+benchling.com, 1
+benchmark-dental.com, 1
+benchmark-ip.com, 1
+benchmarkmonument.com, 1
+benclarkphotography.com.au, 1
+bencrump.com, 1
+bendechrai.com, 0
+bendemaree.com, 1
+bender.ga, 1
+benderssportsandspirits.com, 0
+bendingtheending.com, 1
+bendjadid.com, 1
+bendminding.com, 1
+bendwebs.com, 1
+bendyworks.com, 1
+beneathvt.com, 1
+beneazy.cf, 1
+benedetti.ca, 1
+benedict.tk, 1
+benedicthanshenwang.com, 1
+benedictoaguilar.tech, 1
+benedikto.tk, 1
+benee-awraham.nl, 1
+benefeds.com, 1
+benefitboys.com, 1
+benefitharbor.com, 1
+benefits.gov, 1
+benefitsbookcase.com, 1
+benefitsystems.ro, 1
+benefitz.cf, 1
+benefitz.ga, 1
+benefitz.gq, 1
+benefitz.ml, 1
+benekill.tk, 1
+benemortasia.com, 1
+benemortasia.eu, 1
+benemortasia.nl, 1
+benemortasia.us, 1
+benepla.com, 1
+benetcasablancas.tk, 1
+benevisim.com, 1
+benevita.bio, 1
+benevita.life, 1
+benevita.live, 1
+benevita.organic, 1
+benewahcountyid.gov, 1
+bengalcat.tk, 1
+bengalcatscare.com, 1
+bengaldisom.tk, 1
+bengalen.tk, 1
+bengalifake.tk, 1
+bengaltourism.ml, 1
+bengalurugifts.com, 1
+bengaratei.com, 1
+bengcao.com, 1
+bengisureklam.com, 1
+bengkelkeramik.tk, 1
+bengou.tk, 1
+bengt.org, 1
+benhammoutex.com, 1
+benhamplateau.tk, 1
+benhaney.com, 1
+benhartmann.de, 0
+benhavenarchives.org, 1
+benhocking.com, 1
+benhoeg.com, 0
+benia.cz, 1
+beniajan.tk, 1
+benicee.com, 1
+benidormcd.tk, 1
+benify.com, 1
+benify.se, 1
+benimseom.com, 0
+benimsetin.com, 1
+benimsetin.org, 1
+beninca.link, 1
+beniskala.com, 1
+benjamin-horvath.com, 1
+benjamin-suess.de, 1
+benjamin-thomsen.de, 1
+benjaminbedard.com, 1
+benjaminblack.net, 1
+benjamindietrich.com, 1
+benjamindietrich.de, 1
+benjaminfox.net, 1
+benjaminjurke.com, 1
+benjaminkopelke.com, 1
+benjaminleupold.com, 1
+benjaminpiquet.fr, 0
+benjaminprevot.fr, 1
+benjaminrancourt.ca, 1
+benjamins.com, 1
+benjaminvasel.de, 1
+benjamorphism.com, 1
+benjii.me, 1
+benjijaldoner.nl, 1
+benjilopez.com, 1
+benjonline.tk, 1
+benkelmed.com, 1
+benken.tk, 1
+benleb.de, 1
+benleemd.com, 1
+benleggiero.me, 1
+benmack.net, 1
+benmarron.co.uk, 1
+benmatthews.com.au, 1
+benmedia.nl, 1
+bennet.org, 0
+bennettsbouncycastlehire.co.uk, 1
+bennettshire.co.uk, 1
+benni1.eu, 1
+bennie.com, 1
+bennierobinson.com, 1
+benningtonne.gov, 1
+benningtontownshipmi.gov, 1
+bennink.me, 1
+benno.frl, 1
+bennygommers.nl, 1
+bennythink.com, 1
+benobi.one, 0
+benoit.jp.net, 1
+benoitchantre.com, 1
+benprisby.com, 1
+benpro.fr, 1
+benq.com, 1
+benq.eu, 1
+benrogers.tk, 1
+bensbouncycastles.co.uk, 1
+benschnarr.com, 1
+benscobie.com, 1
+benshoof.org, 1
+bensinflatables.co.uk, 1
+bensjamtracks.com, 1
+bensokol.com, 1
+bensonvermont.gov, 1
+benstevinson.com, 1
+bensvpn.com, 1
+bensvriend.tk, 1
+bent-nails.com, 1
+bentallgreenoak.com, 0
+bentaylorforcroydonsouth.online, 1
+bentcreekfarm.us, 1
+bentek.fr, 1
+bentertain.de, 0
+benthanhtourist.com, 1
+bentina.com, 1
+bentley.blog, 1
+bentley.link, 1
+bentleyks.gov, 1
+bento-kurumaya.co.jp, 1
+bentoncountyia.gov, 1
+bentoncountyor.gov, 1
+bentoncountywa.gov, 1
+bentongroup.co.uk, 1
+bentonweatherstone.co.uk, 1
+bentonwi.gov, 1
+bentpunk.tk, 1
+bentrask.com, 1
+benu.cz, 1
+benu.rs, 1
+benuapotheek.nl, 1
+benulekaren.sk, 1
+benunapredpis.cz, 1
+benwoo.org, 1
+benz-hikaku.com, 1
+benzblog.tk, 1
+benzi.io, 1
+benzieco.gov, 1
+benzin.tk, 1
+benzonestore.tk, 1
+benzou-space.com, 1
+beonas.ddns.net, 1
+beonline.ml, 1
+beornish.com, 1
+beospain.tk, 1
+bep.gov, 1
+bepayd.com, 1
+bephoenix.org.uk, 0
+bepick.blog, 1
+bepiratedo.gay, 1
+bepositive.ml, 1
+beptutotnhat.com, 1
+bepzi.com, 1
+beq.cc, 1
+bequ1ck.com, 1
+bequeen.re, 1
+bequiia.com, 1
+berakal.com, 1
+beran.tk, 1
+berandalcorp.tk, 1
+beranovi.com, 1
+beraru.tk, 1
+berasavocate.com, 1
+beraten-entwickeln-steuern.de, 1
+beratungswelt.dvag, 1
+berbatov.ga, 1
+berbervandenberg.tk, 1
+berchtesgaden-hilft.de, 1
+berdan.tk, 1
+berdu.id, 1
+bereaplumber.co.za, 1
+bereelcorporation.com, 1
+bereginy.com.ua, 1
+bereginya-lada.ru, 1
+beregite-zdorovje.ru, 1
+beregusha.com, 1
+bereikbaargent.be, 1
+berekenen.nl, 1
+berekenhet.nl, 1
+berend.tk, 1
+bereregisdental.co.uk, 1
+beresbalazs.tk, 1
+berete.de, 1
+beretinec.hr, 1
+berg-tal.com, 1
+berg.social, 1
+berge.tk, 1
+bergelevrad.tk, 1
+bergencountyclerk.gov, 1
+bergenfieldnj.gov, 1
+bergerandgreen.com, 1
+bergevoet-fa.nl, 0
+bergfex.at, 1
+bergfex.ch, 1
+bergfex.com, 1
+bergfex.de, 1
+bergfex.it, 1
+berggeit.tk, 1
+berghof-foundation.org, 1
+berghuus.ch, 1
+berglust-pur.de, 1
+bergmanbeachproperties.com, 1
+bergside.pl, 1
+bergsjomannen.tk, 1
+bergstoneware.com, 1
+bergvallsmassage.se, 1
+bergwandercamp.de, 1
+bergwandercamp.eu, 1
+bergwandercamp.info, 1
+berhampore-gateway.tk, 1
+berichtsheft-vorlage.de, 1
+berighthere.com, 1
+berightthere.eu, 1
+berikod.ru, 1
+beris.us, 1
+beritalaptop.com, 1
+beritamotor.tk, 1
+beritanow.tk, 1
+beritatopbanten.com, 0
+beritavirall.com, 1
+berjadagar.is, 1
+berjou.me, 1
+berk.tk, 1
+berkadia.com, 1
+berkat-luqs.ddns.net, 1
+berkbrands.com, 1
+berkeleyca.gov, 1
+berkeleypolitical.review, 1
+berkhills.com, 1
+berksabstract.com, 1
+berksestateplanning.com, 1
+berkshire.com, 1
+berkshireesupply.com, 0
+berkspa.gov, 1
+berkswatertech.com, 1
+berkvensgm.nl, 1
+berlin-cuisine.com, 1
+berlin-flirt.de, 1
+berlin-hotel.tk, 1
+berlin-starlight-orchestra.de, 1
+berlinal.gov, 1
+berlincreators.de, 1
+berlinct.gov, 1
+berlindecouverte.fr, 1
+berlingeriresort.it, 1
+berlinnhpd.gov, 1
+berlintwpioniami.gov, 1
+berlintwpmi.gov, 1
+berlinvt.gov, 1
+berluga.com, 1
+berluskoni.tk, 1
+bermatrix.hu, 1
+bermeitinger.eu, 0
+bermellar.tk, 1
+bermos.net, 1
+bermudabathtub-retard.cf, 1
+bermytraq.bm, 1
+bern.bz, 1
+berna.fr, 1
+bernack.ga, 1
+bernadette.tk, 1
+bernadetteanderes.ch, 0
+bernadettehermsen.nl, 1
+bernama.com.my, 1
+bernar.do, 1
+bernard-securite-protection.fr, 1
+bernard.fr, 1
+bernardbeneito.com, 1
+bernardcontainers.be, 0
+bernardez-photo.com, 1
+bernarditadiaz.tk, 1
+bernardocoelho.com.br, 1
+bernardsville.gov, 1
+bernardwatch.com, 1
+bernat.ch, 1
+bernat.im, 1
+bernayslab.com, 1
+bernbrucher.com, 0
+bernbrucher.de, 0
+berncoclerk.gov, 1
+bernd-leitner-fotodesign.com, 1
+bernd-leitner-fotodesign.de, 1
+bernd-leitner.de, 1
+bernd-ungerer.com, 0
+berndartmueller.com, 0
+berndtgen.org, 1
+bernerland.cf, 1
+bernerland.tk, 1
+bernersennen.tk, 1
+bernhard-eicher.ch, 1
+bernhard-seidenspinner.de, 1
+bernhardluginbuehl.ch, 1
+bernhardluginbuehl.com, 1
+bernie.lol, 1
+bernie.pics, 1
+bernieware.de, 1
+bernius.eu, 1
+bernius.xyz, 1
+bernmail.ch, 1
+bernoldi.com.ar, 1
+berntmuurling.nl, 1
+bernyweb.net, 1
+beroepenhuis.gent, 1
+berr.yt, 1
+berra.se, 0
+berria.fi, 1
+berriabot.com, 1
+berriabot.fi, 1
+berriacast.com, 1
+berriacast.fi, 1
+berriainfo.com, 1
+berriainfo.fi, 1
+berriencountyga.gov, 1
+berries.com, 1
+berrnd.net, 1
+berrus.com, 1
+berry.cat, 1
+berrycheapers.ga, 1
+berryevent.es, 0
+berryvillear.gov, 1
+berrywan.com, 1
+bersatu.com.my, 1
+berserk.gq, 1
+berserk.tk, 1
+bersier.net, 1
+bersierservices.ch, 0
+berst.cz, 1
+bert-dijkink.tk, 1
+bert.org, 1
+bertaudarthur.fr, 1
+bertbrockham.org.uk, 1
+bertgroup.com, 1
+berthabailey.com, 1
+berthaphil.com, 1
+berthaundcarlbenzpreis.de, 1
+berthelier.me, 1
+berthoudeconomicdevelopment.com, 1
+bertlight.com, 1
+bertold.org, 1
+bertoliniodontoiatria.it, 1
+bertr.am, 1
+bertrand.bio, 0
+bertrandkeller.info, 0
+bertrell.com, 1
+bertsmithvwparts.com, 1
+bertusengelbrecht.com, 1
+berwickpa.gov, 1
+berz.one, 1
+berzkalne.co.uk, 1
+besanowsky.de, 1
+besarfe.com, 0
+besb66.club, 1
+besb66.me, 1
+besb66.ninja, 1
+besb66.rocks, 1
+besb66.us, 1
+bescoutednow.com, 1
+bescover.com, 1
+besdev.uk, 1
+besedovichi.tk, 1
+besensi.com, 1
+besiconstruct.be, 1
+besidemetal.tk, 1
+besikta.se, 1
+besiktasmtsk.com, 1
+besir.com, 1
+beskiden.com, 1
+besnard.me, 1
+besnik.de, 0
+besnik.tk, 1
+besole.ch, 1
+besolov.tk, 1
+besonderheit.com, 1
+besonders-s.at, 1
+besox.be, 1
+bespaarbazaar.nl, 1
+bespaarenergie.click, 1
+bespaarnu.click, 1
+bespoiled.nl, 1
+bespokebathrooms.com.au, 1
+bespokespeaker.uk, 1
+bespredel.tk, 1
+bessels.tk, 1
+bessems.com, 1
+bessems.eu, 1
+besser-beissen.de, 1
+besser-golfen.tk, 1
+besslavnye-ublyudki.tk, 1
+bessmertie.ml, 1
+best-accounting-schools.com, 1
+best-art-colleges.com, 1
+best-book.gq, 1
+best-business-colleges.com, 1
+best-cat.tk, 1
+best-cats.tk, 1
+best-chiter.tk, 1
+best-community-colleges.com, 1
+best-education-schools.com, 1
+best-engineering-colleges.com, 1
+best-essay-service.com, 1
+best-games.cf, 1
+best-graduate-programs.com, 1
+best-hvac-schools.com, 1
+best-lutheran-colleges.com, 1
+best-management-schools.com, 1
+best-marketing-schools.com, 1
+best-mum.fr, 1
+best-nursing-colleges.com, 1
+best-of-bounce.co.uk, 1
+best-party.ru, 1
+best-pdf.com, 1
+best-photobooth.ro, 1
+best-seminar.gq, 1
+best-seminar.ml, 1
+best-software.tk, 1
+best-stroy.ru, 1
+best-ticket.it, 1
+best-tickets.co.uk, 1
+best-tickets.com.au, 1
+best-trucking-schools.com, 1
+best-wedding-quotes.com, 1
+best10resumewriters.com, 1
+best66.me, 1
+besta.tk, 1
+bestaction.tk, 1
+bestafricaradio.tk, 1
+bestallgame.co, 1
+bestappliancedoctor.com, 1
+bestarts.tk, 1
+bestasquadradas.org, 1
+bestatos.com, 1
+bestatter.de, 1
+bestattungen-kammerer.de, 1
+bestattungshaus-kammerer.de, 0
+bestaucasinosites.com, 1
+bestaustraliancasinosites.com, 1
+bestautoinsurance.com, 1
+bestbatteriesonline.com, 1
+bestbefore.com, 1
+bestbestbitcoin.com, 1
+bestbonuses.co.uk, 1
+bestbookmark.cf, 1
+bestbookmark.gq, 1
+bestbookmark.ml, 1
+bestboot.cf, 1
+bestbox.be, 1
+bestbrakes.com, 1
+bestbudseedbank.com, 1
+bestbuyzone.com, 1
+bestcamshow.tk, 1
+bestcanvaswallart.com, 1
+bestcarscyprus.com, 1
+bestcasinositesonline.com, 1
+bestchoicehomeinspections.com, 1
+bestclassifiedsusa.com, 1
+bestclix.ml, 1
+bestcms.tk, 1
+bestcreditcards.biz, 1
+bestcreditcards.me, 1
+bestcreditcards.news, 1
+bestcreditcards.tv, 1
+bestcreditcards.xyz, 1
+bestcriminallawyerinsingapore.com, 1
+bestcrossbowguide.com, 1
+bestdatingsite.ml, 1
+bestdatingsite.tk, 1
+bestdeal.co.in, 1
+bestdealstrips.com, 1
+bestdiabeteshealth.com, 1
+bestdlsites2.tk, 1
+bestdownloadscenter.com, 1
+bestdslrcameras.tk, 1
+bestecbdolie.com, 1
+bestech.de, 1
+bestechgadgets.tk, 1
+besteckliste.com, 1
+bestedeal.nl, 1
+besteenergieleverancier.com, 1
+bestehen.com, 1
+bestehostingproviders.nl, 1
+bestelhetmaar.nl, 1
+bestellipticalmachinereview.info, 1
+bestelsportprijzen.nl, 1
+bestemailmarketingsoftware.org, 1
+bestenlogin.com, 1
+bestertagderwelt.de, 1
+bestesb.net, 1
+bestescortmallorca.com, 1
+bestescortsdirectory.com, 1
+bestessayhelp.com, 1
+bestestquote.com, 1
+bestethereumcasinos.io, 1
+besteto.cz, 1
+besteto.sk, 1
+besteuitvaartverzekering.com, 1
+bestfacts.ru, 1
+bestfewo.de, 1
+bestfitnesswatchreview.info, 1
+bestforexeasy.com, 1
+bestfornutrition.com, 1
+bestfotostudio.com, 1
+bestfriend.ga, 1
+bestfriendsequality.org, 1
+bestgardener.info, 1
+bestgiftever.ca, 1
+bestgolftrips.ca, 1
+bestgriefbooks.com, 1
+besthemes.tk, 1
+besthobi.com, 1
+besthorsebedding.com, 0
+besthost.cz, 1
+besthouse.co.il, 1
+besthumorsite.tk, 1
+besti.it, 1
+bestiahosting.com, 1
+besties4life.ml, 1
+bestincservices.com, 1
+bestinductioncooktop.us, 1
+bestinsider.net, 0
+bestinsulatedwaterbottle.tk, 1
+bestinver.es, 0
+bestitwork.tk, 1
+bestjigsawreview.net, 1
+bestjumptrampolines.be, 1
+bestkbeauty.com, 1
+bestkenmoredentists.com, 1
+bestkeys.ga, 1
+bestladyshaver.co.uk, 0
+bestlawabundant.tk, 1
+bestlawafter.tk, 1
+bestlawamazing.tk, 1
+bestlawanchor.tk, 1
+bestlawarrow.tk, 1
+bestlawatlantic.tk, 1
+bestlawavatar.tk, 1
+bestlawbattle.tk, 1
+bestlawblaster.tk, 1
+bestlawblod.tk, 1
+bestlawbody.tk, 1
+bestlawbounce.tk, 1
+bestlawbrite.tk, 1
+bestlawbrowse.tk, 1
+bestlawbrowser.tk, 1
+bestlawbuddies.tk, 1
+bestlawbuller.tk, 1
+bestlawbunny.tk, 1
+bestlawcache.tk, 1
+bestlawcalculator.tk, 1
+bestlawcamel.tk, 1
+bestlawcaptive.tk, 1
+bestlawcarnival.tk, 1
+bestlawcatch.tk, 1
+bestlawcatcher.tk, 1
+bestlawcellar.tk, 1
+bestlawcharm.tk, 1
+bestlawcharte.tk, 1
+bestlawcharts.tk, 1
+bestlawcheaper.tk, 1
+bestlawconstruct.tk, 1
+bestlawcorporation.tk, 1
+bestlawcounty.tk, 1
+bestlawcreativity.tk, 1
+bestlawcrunch.tk, 1
+bestlawcrystal.tk, 1
+bestlawctktom.tk, 1
+bestlawcupid.tk, 1
+bestlawcuriotk.tk, 1
+bestlawdepot.tk, 1
+bestlawdesigning.tk, 1
+bestlawdestination.tk, 1
+bestlawdivine.tk, 1
+bestlawdodge.tk, 1
+bestlawdollars.tk, 1
+bestlawdowntown.tk, 1
+bestlawduck.tk, 1
+bestlaweagle.tk, 1
+bestlawebony.tk, 1
+bestlawecho.tk, 1
+bestlawecono.tk, 1
+bestlawelectra.tk, 1
+bestlawenvy.tk, 1
+bestlawepic.tk, 1
+bestlawfalcon.tk, 1
+bestlawfame.tk, 1
+bestlawfighter.tk, 1
+bestlawflavor.tk, 1
+bestlawfolder.tk, 1
+bestlawgang.tk, 1
+bestlawgecko.tk, 1
+bestlawgeo.tk, 1
+bestlawglamour.tk, 1
+bestlawglory.tk, 1
+bestlawgoddess.tk, 1
+bestlawgorilla.tk, 1
+bestlawgrab.tk, 1
+bestlawgrabber.tk, 1
+bestlawgrace.tk, 1
+bestlawgram.tk, 1
+bestlawgratis.tk, 1
+bestlawgroove.tk, 1
+bestlawgrow.tk, 1
+bestlawguerilla.tk, 1
+bestlawguerrilla.tk, 1
+bestlawgun.tk, 1
+bestlawhands.tk, 1
+bestlawhandsome.tk, 1
+bestlawhandy.tk, 1
+bestlawhard.tk, 1
+bestlawhotrod.tk, 1
+bestlawhtkky.tk, 1
+bestlawice.tk, 1
+bestlawimagine.tk, 1
+bestlawintergrity.tk, 1
+bestlawiron.tk, 1
+bestlawjackpot.tk, 1
+bestlawjewel.tk, 1
+bestlawjoker.tk, 1
+bestlawjtkt.tk, 1
+bestlawkayak.tk, 1
+bestlawkiss.tk, 1
+bestlawknight.tk, 1
+bestlawlast.tk, 1
+bestlawlastminute.tk, 1
+bestlawlegacy.tk, 1
+bestlawless.tk, 1
+bestlawlightning.tk, 1
+bestlawlimited.tk, 1
+bestlawlion.tk, 1
+bestlawlittle.tk, 1
+bestlawloco.tk, 1
+bestlawlowprice.tk, 1
+bestlawlucky.tk, 1
+bestlawmain.tk, 1
+bestlawmarks.tk, 1
+bestlawmatche.tk, 1
+bestlawmeasure.tk, 1
+bestlawmember.tk, 1
+bestlawmessenger.tk, 1
+bestlawmeta.tk, 1
+bestlawmetric.tk, 1
+bestlawmillions.tk, 1
+bestlawminer.tk, 1
+bestlawmtkcle.tk, 1
+bestlawmystical.tk, 1
+bestlawnano.tk, 1
+bestlawnational.tk, 1
+bestlawnations.tk, 1
+bestlawnatural.tk, 1
+bestlawnight.tk, 1
+bestlawnobel.tk, 1
+bestlawnormal.tk, 1
+bestlawnorthamerican.tk, 1
+bestlawnumber.tk, 1
+bestlawocity.tk, 1
+bestlawoffline.tk, 1
+bestlawoftheday.tk, 1
+bestlawomatic.tk, 1
+bestlawomega.tk, 1
+bestlawoneday.tk, 1
+bestlawopedia.tk, 1
+bestlawopplis.tk, 1
+bestlaworama.tk, 1
+bestlaworiginal.tk, 1
+bestlawother.tk, 1
+bestlawouter.tk, 1
+bestlawover.tk, 1
+bestlawyernear.com, 1
+bestleftwild.com, 1
+bestliege.be, 1
+bestlifek9training.com, 1
+bestlyrics.tk, 1
+bestmasterofscienceinnursing.com, 1
+bestmastersinpsychology.com, 1
+bestmattressabout.com, 1
+bestmattresses.tk, 1
+bestmaturepics.com, 1
+bestmedsmmj.com, 1
+bestmodels.ua, 1
+bestmotherfucking.website, 1
+bestmotorcyclehelmets.net, 1
+bestnetentcasino.info, 1
+bestnetflowanalyzer.com, 1
+bestnewsmag.com, 1
+bestnovelbooks.ga, 1
+bestnursingdegree.com, 1
+bestnursingmasters.com, 1
+besto.cf, 1
+besto.ga, 1
+besto.tk, 1
+bestofbooks.gq, 1
+bestofdate.com, 1
+bestofjazz.org, 1
+bestofnuevovallarta.com, 1
+bestoldmusic.tk, 1
+bestoliveoils.com, 1
+bestomania.tk, 1
+bestonlinestuffs.com, 1
+bestparking.com, 1
+bestpartyhire.com, 1
+bestpig.fr, 1
+bestplus.ml, 1
+bestplus.tk, 1
+bestporn.pics, 1
+bestporn2022.com, 1
+bestpornclip.com, 1
+bestporngirls.com, 1
+bestpornpictures.com, 1
+bestportablegeneratorratings.com, 1
+bestpost.org, 1
+bestpressurewashingchicago.com, 1
+bestprofessionalchainsaw.com, 1
+bestpsychologydegrees.com, 1
+bestpsychologydegrees.org, 1
+bestreleases.tk, 1
+bestremote.io, 1
+bestroofinginkansascity.com, 1
+bestroutes.net, 1
+bestsatoshifaucet.ga, 1
+bestschools.io, 1
+bestseo4u.co.uk, 1
+bestsextoys.com, 1
+bestshoesmix.com, 1
+bestshopping.ga, 1
+bestshops.ga, 1
+bestsidelka.ru, 1
+bestsingingbowls.com, 1
+bestsiteporn.com, 1
+bestsolution.at, 1
+beststock.kr, 1
+beststudio.ru, 1
+besttechnews.ml, 1
+besttipsntricks.tk, 1
+besttrade.tk, 1
+besttrannytube.com, 1
+besttraveluk.ga, 1
+bestvape.ie, 1
+bestvpns.co.uk, 0
+bestvpnsoftware.org, 1
+bestwebcams.ga, 1
+bestwebcams.ml, 1
+bestwebsite.gallery, 1
+bestweleenbeetje.nl, 0
+bestwigs.ga, 1
+bestwirelessdoorbell.ml, 1
+bestwriterjobs.tk, 1
+bestzoo.tk, 1
+besured.nl, 1
+besv.com, 1
+beszerzokozpont.hu, 1
+bet-platform.com, 1
+bet031.com, 0
+bet03vip.com, 0
+bet064.com, 0
+bet06vip.com, 1
+bet074.com, 0
+bet08vip.com, 1
+bet166111.com, 1
+bet166333.com, 1
+bet166444.com, 1
+bet166555.com, 1
+bet166888.com, 1
+bet1668888.com, 1
+bet166999.com, 1
+bet166b.com, 1
+bet166bbb.com, 1
+bet166c.com, 1
+bet166ddd.com, 1
+bet166uu.com, 1
+bet166ww.com, 1
+bet166yy.com, 1
+bet1x-th.com, 1
+bet1x-thai.com, 1
+bet1x-thailand.com, 1
+bet333111.com, 1
+bet333123.com, 1
+bet333222.com, 1
+bet333321.com, 0
+bet333345.com, 0
+bet333432.com, 0
+bet333444.com, 1
+bet333456.com, 1
+bet333567.com, 1
+bet333666.com, 1
+bet333678.com, 1
+bet333789.com, 0
+bet333876.com, 0
+bet333987.com, 0
+bet333h.com, 1
+bet333k.com, 0
+bet333l.com, 1
+bet333m.com, 1
+bet333n.com, 1
+bet333o.com, 1
+bet333p.com, 0
+bet333q.com, 1
+bet333r.com, 0
+bet333s.com, 1
+bet333t.com, 1
+bet333u.com, 1
+bet333w.com, 0
+bet333x.com, 1
+bet333y.com, 1
+bet333z.com, 1
+bet338c.com, 1
+bet3639.com, 0
+bet365-fixed-matches.com, 1
+bet365bc.net, 1
+bet365bet2020.com, 1
+bet365cn-casino.com, 1
+bet365cn-game.com, 1
+bet365cn-keno.com, 1
+bet365cn-livecasino.com, 1
+bet365cn-poker.com, 1
+bet365cn-sports.com, 1
+bet365cn-vegas.com, 1
+bet365cnq.com, 1
+bet365cnr.com, 1
+bet365cnt.com, 1
+bet365cnu.com, 1
+bet365cnv.com, 1
+bet365cnw.com, 1
+bet365cnx.com, 1
+bet365cny.com, 1
+bet365cnz.com, 1
+bet365g8.com, 1
+bet365n1.com, 1
+bet365n2.com, 1
+bet365n6.com, 1
+bet365n8.com, 1
+bet365n9.com, 1
+bet365q0.com, 1
+bet365q6.com, 1
+bet365q8.com, 1
+bet365q9.com, 1
+bet365r8.com, 1
+bet365vip1.com, 0
+bet365vip2.com, 1
+bet365vip2020.com, 0
+bet365vip7.com, 1
+bet365x0.com, 1
+bet365x1.com, 1
+bet365x2.com, 1
+bet365x3.com, 1
+bet365x6.com, 1
+bet365x9.com, 1
+bet391.com, 0
+bet392.com, 0
+bet397.com, 0
+bet3xx.com, 1
+bet3zz.com, 1
+bet43app.com, 1
+bet44410.com, 1
+bet444403.com, 0
+bet444424.com, 0
+bet444425.com, 0
+bet444426.com, 0
+bet444429.com, 0
+bet444430.com, 1
+bet5119.com, 1
+bet5234.com, 1
+bet531.com, 0
+bet5757.com, 1
+bet600.co.uk, 1
+bet631.com, 0
+bet66.com, 1
+bet66669999.com, 1
+bet666888.vip, 1
+bet7234.com, 1
+bet819.com, 0
+bet86ah.com, 1
+bet86am.com, 1
+bet86cq.com, 1
+bet86fj.com, 1
+bet86gs.com, 1
+bet86gx.com, 1
+bet86gz.com, 1
+bet86hlj.com, 1
+bet86hn.com, 1
+bet86jl.com, 1
+bet86js.com, 1
+bet86jx.com, 1
+bet86ln.com, 1
+bet86nmg.com, 1
+bet86nx.com, 1
+bet86qh.com, 1
+bet86sc.com, 1
+bet86sd.com, 1
+bet86sh.com, 1
+bet86sx.com, 1
+bet86tj.com, 1
+bet86tw.com, 1
+bet86xj.com, 1
+bet86xz.com, 1
+bet86yn.com, 1
+bet86zj.com, 1
+bet909.com, 1
+beta-cell.com, 1
+beta-site-staging.azurewebsites.net, 1
+beta.pw, 0
+betaa0.com, 1
+betaa2.com, 1
+betaa3.com, 1
+betaa5.com, 1
+betaa6.com, 1
+betaa8.com, 1
+betaa9.com, 1
+betaal.my, 1
+betaams.net, 1
+betabar.dk, 1
+betacalc.com, 1
+betaclouds.net, 1
+betacommand.tk, 1
+betadesign.dk, 1
+betahyp.de, 1
+betalingsservice.dk, 1
+betandslots.com, 1
+betandyou.com, 1
+betandyou.mobi, 1
+betandyou1.com, 1
+betanoapp.com, 1
+betaoptimize.com, 1
+betaprofiles.com, 1
+betasozluk.com, 1
+betata.tk, 1
+betatester.ml, 1
+betawi.com, 1
+betaworx.de, 1
+betaworx.eu, 1
+betb33.com, 0
+betb73.com, 0
+betbed.ml, 1
+betbravo.et, 1
+betc.com, 1
+betcn-mart.com, 1
+betecnet.de, 1
+betel.tk, 1
+betelnatural.com, 1
+betemyja.tk, 1
+betenemy.com, 1
+beteroud.nl, 1
+betexperts.tk, 1
+betfair.com.co, 1
+betformular.com, 1
+bethanyhome.org, 1
+bethanymo.com, 1
+bethanytownshipmi.gov, 1
+bethatkinson.tk, 1
+bethelparkpa.gov, 1
+bethelparkpapolice.gov, 1
+betheltwplebanon.gov, 1
+bethematch.org, 1
+bethematchclinical.org, 1
+betheredge.us, 1
+bethlehemnj.gov, 1
+bethlehempa.org, 1
+bethlehemwv.gov, 1
+bethpage.net, 1
+bethphageanimalclinic.com, 1
+bethulietourism.co.za, 1
+bethzone.tk, 1
+beticaret.com, 1
+betingsite.com, 1
+betish.tk, 1
+betkorea1.com, 1
+betleakbot.com, 1
+betmobilenigeria.com, 1
+betobaccofree.gov, 1
+betolerant.fr, 1
+beton-vloer.nl, 1
+beton.ie, 1
+betonbewerkingsmachines.be, 1
+betondrew.com, 1
+betongereedschap.be, 1
+betoniera.org, 1
+betonline.bz, 1
+betonmachines.be, 1
+betonmarkets.info, 1
+betonsport.ga, 1
+betonvloerpolijsten.com, 1
+betop-lab.com, 1
+betor.cz, 1
+betor.sk, 1
+betordertr.com, 1
+betoskip.tk, 1
+betpokies.com, 1
+betrifft-mich-dsgvo.ch, 1
+betrimus.xyz, 1
+betrisey.net, 1
+betrouwbarewifi.nl, 1
+bets.de, 1
+betsafe.lt, 1
+betseven.pt, 1
+betseybuckheit.com, 1
+betsfortoday.com, 1
+betsharpangles.com, 1
+betshoot.com, 1
+betsonlinefree.com.au, 1
+betspin.com, 1
+betstop.gov.au, 1
+betsys.de, 1
+bett1.at, 1
+bett1.ch, 1
+bett1.de, 1
+bett1.fr, 1
+bett1.pl, 1
+bettaline.com.au, 1
+bettashoerepairs.com.au, 1
+bettendorf.gov, 1
+better.com, 0
+better.fyi, 1
+betterbaseball.com, 1
+betterbedding.com, 1
+betterbladders.com, 1
+betterboards.net, 1
+betterbuiltbasements.com, 1
+betterbuiltkitchensandbathrooms.com, 1
+bettercallsully.com, 1
+bettercareclinic.co.uk, 1
+bettercleaningcompany.co.uk, 1
+bettercommunication.org.uk, 1
+bettercrypto.org, 1
+betterdecoratingbible.com, 1
+betterhealthatworkaward.org.uk, 1
+betterhelp.co.il, 1
+betterhelp.com, 1
+betterhelp.com.au, 1
+betterhelporg.com, 1
+betterhelpteens.com, 1
+betterhome.ml, 1
+betterjapanese.blog, 1
+betterjapanese.org, 1
+betterjapanese.xyz, 1
+betterlifekidsclub.com, 1
+betterlovestore.com, 1
+betterna.me, 1
+betternews.eu, 1
+betteroffed.com, 1
+betterplace.restaurant, 1
+betterscience.org, 1
+bettersecurity.co, 1
+bettersocialmedia.co.uk, 1
+betterteam.com, 1
+bettertech.pt, 1
+bettertechsoftware.com, 1
+bettertest.it, 1
+bettertime.jetzt, 1
+betterviewrentals.com, 1
+betterworlded.org, 1
+bettflaschen.ch, 1
+bettie.tk, 1
+betting-magic.com, 1
+bettingbangladesh.online, 1
+bettingbasket.com, 1
+bettingbusiness.ru, 1
+bettingmalaysia.online, 1
+bettingonaverage.com, 1
+bettingphilippines.online, 1
+bettolinokitchen.com, 1
+betty-baloo.com, 1
+bettyblue.tk, 1
+bettysseafoodshack.com, 1
+betulashop.ch, 1
+betus.tk, 1
+betvisa.com, 1
+betweenthehills.be, 1
+betweenthesheets.tk, 1
+betwin9.net, 0
+betwinner-india.com, 1
+betwinner-ua.com, 1
+betwinner-zerkalo.ru, 1
+betwinner.cm, 1
+betwinner.co.it, 1
+betwinner.co.ug, 1
+betwinner.co.zm, 1
+betwinner.com.gh, 1
+betwinner.de.com, 1
+betwinner.ng, 1
+betwinner1.com, 1
+betwinner2.com, 1
+betwinner5.mobi, 1
+betwinnerbahis.net, 1
+betwinnerfrance.net, 1
+betwinnerkenya.com, 1
+betwinnerlive.com, 1
+betwinnermobileapp.com, 1
+betwinnernigeria.com, 1
+betwinnerperu.com, 1
+betwinnerportugal.com, 1
+betwinnerpromocode.net, 1
+betwinners.in, 1
+betwinnertanzania.com, 1
+betwinneruganda.com, 1
+betxx1.com, 1
+betxx2.com, 1
+betza.online, 1
+betzgmbh.de, 1
+betzwhite.com, 1
+beudelbingers.nl, 1
+beugelbekkie.tk, 1
+beulahparks.com, 1
+beulen.email, 1
+beulen.link, 1
+beulen.pro, 1
+beurettes-en-chaleur.tk, 1
+beurteilt.com, 1
+beus.ink, 1
+beuteugeu.com, 1
+beutner.de, 1
+beuty-flowers.tk, 1
+bevallarta.com, 1
+bevcrushesit.ca, 1
+bevedo.cz, 1
+bevedo.sk, 1
+beveiligingscamerawestland.nl, 1
+bevelbeer.com, 1
+bevelpix.com, 1
+beveragemobileest.ga, 1
+beverb.org, 1
+beverhof.nl, 1
+beverley.tk, 1
+beverleycounselling.co.uk, 1
+beverleymoneyman.com, 1
+beverly.tk, 1
+beverlydrive.tk, 1
+beverlyhillstx.gov, 1
+beverlyhospital.org, 1
+beverlyinternational.com, 1
+bevestor.de, 1
+bevhost.com, 1
+bevif.com, 1
+bevinco2020.com, 1
+bevinsco.org, 1
+bevmoir.com, 1
+bevnut.com, 1
+bewaredevapi.azurewebsites.net, 1
+bewegigsruum.ch, 1
+bewegtes-lagern.at, 1
+bewegtes-lagern.ch, 1
+bewegtes-lagern.com, 1
+bewegtes-lagern.de, 1
+bewegteslagern.ch, 1
+bewegteslagern.com, 1
+bewegteslagern.de, 1
+bewegungsfluss.com, 0
+bewerbung.net, 1
+bewerbungsfibel.de, 1
+bewerbungsfoto-deinfoto.ch, 1
+bewildered.gq, 1
+beworksite.com, 1
+bewustwinkelen.nl, 1
+bexit-hosting.nl, 1
+bexit-security.eu, 1
+bexit-security.nl, 1
+bexit.nl, 1
+bexithosting.nl, 1
+bexleycastles.co.uk, 1
+bexx-engineering.co.uk, 0
+bey.io, 1
+beybiz.com, 1
+beybladesource.tk, 1
+beyer-on-it.com, 1
+beyer-on-it.de, 1
+beyerautomation.com, 1
+beyerm.de, 1
+beylkin.tk, 1
+beyond-destiny.tk, 1
+beyond-infinity.org, 0
+beyond-rational.com, 1
+beyond.com.br, 0
+beyond3dview.com, 1
+beyond3dviews.com, 1
+beyondalderaan.net, 1
+beyondauth.io, 1
+beyondbounce.co.uk, 1
+beyondfrosting.com, 1
+beyondgameplay.com, 1
+beyondinfinite.com, 1
+beyondmydoor.com, 1
+beyonds.fr, 1
+beyondthecode.io, 1
+beyondthecreek.com, 1
+beyondthefive.org, 0
+beyondthemoments.com, 1
+beyondthepitch.net, 1
+beyondtherealm.tk, 1
+beyondthisrealm.com.au, 1
+beyondtrust.com, 1
+beyondtv.ga, 1
+beyondweb.net, 1
+beyondzeroacademy-reservations.fr, 1
+beyonsolutions.com, 1
+bezagentstva.cf, 1
+bezahlbare-praemien.ch, 1
+bezbik.tk, 1
+bezdech.tk, 1
+bezdomny.tk, 1
+bezin.ga, 1
+bezoek-benidorm.tk, 1
+bezoomnyville.com, 1
+bezopasna-rabota.tk, 1
+bezpaliuk.com, 1
+bezpecnostsiti.cf, 1
+bezpieczny.pl, 1
+bezpiecznyiphone.pl, 1
+bezpiecznykierowca.info, 1
+bezposrednio.net.pl, 1
+bezpredel.tk, 1
+bf-foto.eu, 1
+bf2statistics.eu, 1
+bfam.tv, 1
+bfas237blog.com, 1
+bfbet365.com, 1
+bfbs.com, 1
+bfc-expertcomptable.com, 1
+bfcgermania88.de, 1
+bfelob.gov, 1
+bfem.gov, 1
+bferal.cl, 1
+bffr.wtf, 1
+bfh.science, 1
+bfharrison.com, 1
+bfi.is, 1
+bfkcloud.ddns.net, 1
+bflix.tv, 0
+bflw.pl, 1
+bfly.tech, 1
+bfob.gg, 1
+bfoliver.com, 1
+bforb.sk, 1
+bfp-mail.de, 1
+bfpg.org, 1
+bfrailwayclub.cf, 1
+bfsasia.com, 1
+bft-media.com, 0
+bfw-online.de, 1
+bg-1xbet.com, 1
+bg-sexologia.com, 1
+bg2kuj.com, 1
+bgbaby.net, 1
+bgbet365.com, 1
+bgbhsf.top, 1
+bgd-info.tk, 1
+bgdesign.de, 0
+bgemi.net, 1
+bgeo.io, 1
+bget.org.uk, 1
+bgetfuel.co.uk, 1
+bgfashion.net, 1
+bggcapital.com, 1
+bghddevelopment.com, 1
+bghope.com, 1
+bghost.xyz, 1
+bgjargon.com, 1
+bgkoleda.bg, 1
+bglobal.com, 1
+bglsingles.de, 1
+bgm.bg, 1
+bgmall.tk, 1
+bgmedia.tk, 1
+bgmn.me, 1
+bgmontaggi.com, 1
+bgmringtonedownload.com, 1
+bgmsquad.com, 1
+bgp.co, 1
+bgr34.cz, 1
+bgs-game.com, 1
+bgtraffic.tk, 1
+bh-oberland.de, 1
+bh.sb, 1
+bhacit.com, 0
+bhaiben.com, 1
+bhameshwarigraphics.com, 1
+bhanaphotography.co.nz, 1
+bharat-media.tk, 1
+bharatanatyam-dancer.tk, 1
+bharath-g.in, 1
+bharatskills.gov.in, 1
+bhat.vn, 1
+bhatia.at, 1
+bhavansvidyamandir.tk, 1
+bhaweshkumar.com, 1
+bhbet365.com, 1
+bhcarroll.edu, 1
+bhf.im, 1
+bhfseo.com, 1
+bhi.consulting, 1
+bhiglu.com, 1
+bhitnews.tk, 1
+bhitti.in, 1
+bhodisoft.com, 1
+bhogavati.tk, 1
+bhosted.nl, 1
+bhpropco.com, 1
+bhrenovations.com, 1
+bhserralheria.com.br, 1
+bhtechconnection.com, 0
+bhtelecom.ba, 1
+bhub.tk, 1
+bhuntr.com, 1
+bhuvanreddy.space, 1
+bhvapers.com, 1
+bhxch.moe, 1
+bi-fazlasi.com, 1
+bi-in-beeld.nl, 1
+bi-jenny.net, 1
+bi-medien.de, 1
+bi.search.yahoo.com, 0
+bi1gif.radio, 1
+bi3e.ma, 1
+bi4sb.com, 1
+bi8cku.club, 1
+bi8cku.tech, 1
+bia.gov, 1
+bia3consultores.es, 1
+biaform.be, 1
+biagiowineandspirits.com, 1
+biahposter.com, 1
+bialamydlarnia.pl, 0
+biancadark.tk, 1
+biancapulizie.it, 1
+biancasalgueiro.tk, 1
+biancavandenberg.nl, 1
+biancazapatka.com, 1
+bianco-band.tk, 1
+bianinapiccanovias.com, 1
+biano-ai.com, 1
+biantai.cf, 1
+biantai.ml, 1
+biantti.md, 1
+bianyanan.xyz, 1
+bianys.org, 1
+biaoxiong.com, 1
+biaozi.cf, 1
+biaozi.ml, 1
+biarritzboys.tk, 1
+biaservice.cz, 1
+biasmath.es, 1
+biathloncup.ru, 1
+biaxin.cf, 1
+biaxin.ml, 1
+bibanks.com, 1
+biber-bike.de, 1
+biberonshop.bg, 1
+bibet365.com, 1
+bibi-xxx.com, 1
+bibica.net, 1
+bibimanga.com, 1
+bibit.id, 1
+bibitbunga.com, 1
+bible-maroc.com, 1
+bible.ru, 1
+bible4u.net, 1
+biblebrainhealth.com, 1
+bibleforchildren.ru, 1
+bibleinsiderest.ga, 1
+bibleonline.ru, 1
+biblereadlist.com, 1
+biblesearch.tw, 1
+biblesignposts.com, 1
+bibleversesfordailyliving.com, 1
+biblia.es, 1
+bibliaon.com, 1
+bibliatodo.com, 1
+biblicalbeliefs.org, 1
+biblicalcounseling.com, 1
+biblicaudio.org, 1
+biblico.tk, 1
+biblicom.org, 1
+biblinfo.com, 1
+bibliobaldur.tk, 1
+biblioblog.fr, 1
+bibliobus.ch, 1
+bibliomarkt.ch, 1
+biblionaut.net, 1
+biblionix.com, 1
+biblionix.info, 1
+biblionix.net, 1
+biblionix.org, 1
+biblionix.us, 1
+biblioporn.com, 1
+bibliotecadeseguranca.com.br, 1
+bibliotecaguate.ml, 1
+bibliotecasantaoliva.tk, 1
+bibliotecaumana.it, 1
+biblioteka-online.tk, 1
+biblioteka17.tk, 1
+bibliotekasnow.org, 1
+bibliotheka.tk, 1
+bibloteka.com, 1
+biblura.com, 1
+biboran.ga, 1
+bibra.bid, 1
+bibuch.com, 1
+bibun.gq, 1
+bicaraviral.com, 1
+bicecontracting.com, 1
+bicestore.cl, 1
+bicha.net, 1
+bichonfrise.com.br, 1
+bichonmaltes.com.br, 1
+bicicletassym.com, 1
+bicignet.ga, 1
+bicommarketing.com, 1
+bicranial.io, 0
+bicromoestudio.com, 1
+bicstone.me, 1
+bicubic.tk, 1
+bicycle-events.com, 1
+bicyclesoftheworld.com, 1
+bidaah.tk, 1
+bidadari.my, 1
+bidc.ltd, 1
+biddl.com, 1
+biddle.co, 1
+biddr.com, 1
+biddulphinbloom.org.uk, 1
+bidenstopdeportations.com, 1
+bidlab.org, 1
+bidmachine.io, 1
+bidman.cz, 1
+bidman.eu, 1
+bidoluindirim.com, 1
+bidonline.tk, 1
+bidviewmarketing.com, 1
+bie.edu, 1
+bieg.tk, 1
+biegal.ski, 1
+biegi.tk, 1
+biegner-technik.de, 1
+biehlsoft.info, 1
+biekos.com, 1
+bielefailed.de, 1
+bielemenklen.tk, 1
+bien-etre-beaute.fr, 1
+bien-etre-sante.info, 1
+bienbailao.com, 1
+biene.rocks, 1
+bienenfreunde.tk, 1
+bienestarinmobiliarioyaliadas.com, 1
+bienhacerlimpiezas.es, 1
+bienici.com, 1
+bienoubien.org, 1
+biensenvue.com, 1
+bienstar.tv, 1
+biensup.com, 1
+biensur.ch, 1
+bienvenidoamerica.com, 1
+bienvenue.tk, 1
+bier-brothers.tk, 1
+bier.law, 1
+bier.legal, 1
+bierbaumer.net, 1
+bierbringer.at, 1
+bierbrouwerijderoos.nl, 1
+bieresamanger.fr, 1
+bierlegal.com, 1
+bierochs.org, 1
+bierwebshop.be, 1
+bieser.ch, 1
+biester.pro, 1
+bietigheim-digital.tk, 1
+bietinidesign.be, 1
+bietthudangcap.vn, 0
+bieville-beuville.fr, 1
+biewen.me, 0
+biffo.com, 1
+biflosgknm.tk, 1
+bifrost.cz, 1
+bifrostwallet.com, 1
+biftin.net, 1
+big-black.de, 1
+big-books.gq, 1
+big-brother.ga, 1
+big-file.tk, 1
+big-music.tk, 1
+big-office.lviv.ua, 1
+big-orange.com.ua, 1
+big-papa.tk, 1
+big-tits-video.ru, 1
+big-travel.tk, 1
+big.ua, 1
+big.wtf, 1
+big80s.tk, 1
+bigalba.ga, 1
+bigambitions.co.za, 1
+bigart.tk, 1
+bigassmonster.com, 1
+bigasstubes.com, 1
+bigband-a.com, 1
+bigband.tk, 1
+bigbarbe.com, 1
+bigbearkh.com, 0
+bigbearlakecoins.com, 1
+bigbeats.tk, 1
+bigbeautysecrets.tk, 1
+bigbendcoffeeroasters.com, 0
+bigbendguide.com, 1
+bigbendsentinel.com, 1
+bigbenny.tk, 1
+bigbit.tk, 1
+bigblockmotors.ru, 1
+bigblue.co.il, 1
+bigbluecomputers.tk, 1
+bigbluedoor.net, 1
+bigboard.tk, 1
+bigboobporn.com, 1
+bigbooty.tv, 1
+bigbootytube.net, 1
+bigboris.tk, 1
+bigbouncebouncycastles.co.uk, 1
+bigbouncetheory.co.uk, 1
+bigbounceuk.com, 1
+bigbroeyes.com, 1
+bigbuild.vic.gov.au, 1
+bigbunce.ru, 0
+bigbyte.com.np, 1
+bigcakes.dk, 1
+bigchance.tk, 1
+bigchris.tk, 1
+bigcitylife.fr, 1
+bigclassaction.com, 1
+bigcomputerchair.gq, 1
+bigcorestintas.com.br, 1
+bigcountry.com.br, 1
+bigdaddyslash.tk, 1
+bigdatatop.cf, 1
+bigdayproductions.biz, 1
+bigdesiresolutions.co.za, 1
+bigdiff.co.uk, 1
+bigdiscounts.tk, 1
+bigeaglesacademy.gq, 1
+bigeasyfences.com, 1
+bigeasygrille.com, 0
+bigfreebielist.tk, 1
+biggernews.gq, 1
+biggerpicture.agency, 1
+biggerpockets.com, 1
+biggive.org, 1
+biggles.io, 1
+biggsconstruction.com, 1
+bighams.co.uk, 1
+bighams.com, 1
+bighappy.com, 1
+bighome.ml, 1
+bighorn.co.jp, 1
+bighugbotanicals.com, 1
+bigid.com, 1
+bigideachallenge.org, 1
+bigio.com.br, 1
+bigland.com, 1
+biglapa.ru, 1
+biglistofporn.com, 1
+biglu.eu.org, 1
+bigmoney.nu, 1
+bigmonsters.tk, 1
+bigmountainmail.com, 1
+bigmuff.duckdns.org, 1
+bignaturals.com, 1
+bignet.bid, 0
+bignudetits.com, 1
+bigone.com, 1
+bigorangelab.com, 1
+bigpage.tk, 1
+bigpanparties.co.uk, 1
+bigphilsrubbishremoval.com, 1
+bigpicturerecords.com, 1
+bigprintinglasvegas.com, 1
+bigpurse.tk, 1
+bigrapidstownshipmi.gov, 1
+bigrender.tk, 1
+bigrivercn.com, 1
+bigriverintl.com, 1
+bigriverjp.com, 1
+bigriverservs.com, 1
+bigsam.us, 1
+bigseo.ml, 1
+bigseo.tk, 1
+bigshare.ga, 1
+bigshopper.com, 1
+bigshort.org, 1
+bigsister.tk, 1
+bigskyhomebuyers.com, 1
+bigskylifestylerealestate.com, 1
+bigskymontanalandforsale.com, 1
+bigsmallhosting.com, 1
+bigsolar.com, 1
+bigspark.it, 1
+bigstonecounty.gov, 1
+bigthree.ga, 1
+bigthunder.ca, 1
+bigtimeiq.com, 1
+bigtitsmilf.com, 1
+bigtix.io, 0
+bigtown.tk, 1
+bigtstexasbbq.com, 1
+bigudi.ee, 1
+bigudi.eu, 1
+bigwaterut.gov, 1
+bigzoo.com.br, 1
+biigtigconsulting.ca, 1
+bij-juud.nl, 1
+bijlesbart.nl, 1
+bijlesportal.nl, 1
+bijloke.gent, 1
+bijlokesite.be, 1
+bijlokesite.gent, 1
+bijou.be, 1
+bijoux-fantaisies.eu, 1
+bijoux.com.br, 1
+bijouxbrasil.com.br, 1
+bijouxcherie.com, 1
+bijuteria-venetia.ro, 1
+bijuteriavenetia.ro, 1
+bijzonderekoorprojecten.nl, 1
+bike-kurse.ch, 1
+bike-liptov.tk, 1
+bike-shack.com, 1
+bike-style.tk, 1
+bikebay.it, 1
+bikebristol.com, 1
+bikeclub.tk, 1
+bikehistory.org, 1
+bikemaniacs.tk, 1
+bikemi.com, 1
+bikemod.de, 1
+biker.dating, 1
+bikerawardsers.ga, 1
+bikerawardsest.ga, 1
+bikerebel.com, 1
+bikerestart.com, 1
+bikersclub.tk, 1
+bikersmadrid.es, 1
+bikerteeshop.com, 1
+bikesandbits.tk, 1
+bikeshopitalia.com, 1
+bikesquadron.com, 1
+bikestream.tk, 1
+bikesupermarket.it, 1
+biketalk.ga, 1
+biketrainer.tk, 1
+bikhof.com, 1
+biki.com, 1
+bikini-shop.tk, 1
+bikini.tk, 1
+bikinibich.tk, 1
+bikinis.ga, 1
+bikinis.tk, 1
+bikiniseli.com, 1
+bikkelbroeders.com, 0
+bikkelbroeders.nl, 0
+biknet.tk, 1
+bikroay.com, 1
+bikyaku.fun, 1
+bilalozdemir.me, 1
+bilanca.com.hr, 1
+bilar.tk, 1
+bilbao.tk, 1
+bilbud.tk, 1
+bilder-designs.de, 1
+bilderload.com, 1
+bildermachr.de, 1
+bilderrahmen-baer.de, 1
+bilderrahmen-schluechtern-sinntal.de, 1
+bildiri.ci, 1
+bildkomponist.de, 1
+bildschirmflackern.de, 1
+bildung-mv.de, 0
+bilecikhaberleri.tk, 1
+biletkesfet.com, 1
+biletru.net, 1
+biletturk.tk, 1
+biletvkrym.ga, 1
+biletyplus.by, 1
+biletyplus.com, 1
+biletyplus.ru, 1
+biletyplus.ua, 1
+bilgehan.net, 1
+bilgiliksel.com, 1
+bilgireis.com, 1
+bilgisayarkursu.tk, 1
+bilgo.com, 1
+bilhos.com.tr, 1
+bilibili.link, 1
+bilibili.party, 1
+bilimal.kz, 1
+bilimoe.com, 1
+bilingualunit.tk, 1
+bilirrubina.com, 1
+bilisimdanismani.com, 1
+biliwind.com, 1
+biljettmonster.se, 1
+bilke.org, 1
+bilkovita.bg, 1
+bilkovitinkturi.bg, 1
+billarpool.cl, 1
+billaud.eu, 1
+billaud.eu.org, 1
+billboard-panama.ml, 1
+billbuddy.co.uk, 1
+billchen.win, 1
+billcompare.ga, 1
+billcomparison.ga, 1
+billetes.gov, 1
+billets-avion.tk, 1
+billetto.co.uk, 1
+billetto.dk, 1
+billetto.eu, 1
+billetto.it, 1
+billetto.se, 1
+billfazz.com, 1
+billgatos.tk, 1
+billgoldstein.name, 1
+billgradywebdesign.com, 1
+billhartzer.com, 1
+billiardmaster.com.ua, 1
+billiebikes.com, 1
+billigastehemsidan.se, 1
+billiger-mietwagen.de, 1
+billigerfinder.de, 1
+billigesommerhuse.nu, 1
+billigflug.tk, 1
+billigpoker.dk, 1
+billigtech.tk, 1
+billingsgazette.com, 1
+billingsgroup.com, 0
+billingsmtpublicworks.gov, 1
+billionaire.ml, 1
+billionaire365.com, 1
+billionkiaparts.com, 1
+billkochman.com, 1
+billo.life, 1
+billogram.com, 1
+billpay.com, 1
+billpro.com.au, 1
+billrobinson.io, 1
+billusherwood.com, 1
+billview.com.au, 1
+billwebb.com.au, 1
+billwerk.com, 1
+billy.pictures, 1
+billybluerecords.com, 1
+billybob.tk, 1
+billyjamrecords.com, 1
+billykwok.me, 1
+billyoh.com, 1
+billywig.stream, 1
+biloxihistoricalsociety.org, 0
+biloxisportfishing.com, 1
+bilsho.com, 1
+bim.physio, 1
+bim0s.com, 1
+bimacitizen.com, 1
+bimatoprostrx.com, 1
+bimbingan.tk, 1
+bimbobakeriesusa.com, 0
+bimedis.com, 1
+bimhomes.vn, 1
+bimibroccoli.co.uk, 1
+bimibroccoli.com, 1
+bimibroccoli.dk, 1
+bimibroccoli.it, 1
+bimibroccoli.nl, 1
+bimibroccoli.se, 1
+bimibrocoli.es, 1
+bimibrocoli.fr, 1
+bimibrokkoli.de, 1
+bimigroup.org, 1
+bimmerlabs.com, 1
+bimoge.tk, 1
+bimsynergistics.com, 1
+bin-laden.org, 1
+bin95.com, 1
+bina.az, 1
+binaa.co.il, 1
+binafarma.com.br, 1
+binairy.com, 1
+binairy.nl, 1
+binam.center, 0
+binans.com, 1
+binans.com.tr, 1
+binans.io, 1
+binans.net, 1
+binaries.fr, 1
+binaries.tk, 1
+binarization.net, 1
+binary.house, 1
+binary.ninja, 1
+binaryabstraction.com, 1
+binaryappdev.com, 1
+binarycom.ch, 1
+binarycreations.scot, 1
+binaryevolved.com, 1
+binarypuzzle.nl, 1
+binarystud.io, 1
+binaryvision.tk, 1
+binbaz.org.sa, 1
+binbin9.com, 1
+binbo.cz, 1
+binbo.sk, 1
+bind.ch, 1
+bindb.com, 1
+binding-problem.com, 1
+binds.co, 1
+bindsolutions.com, 1
+binezalohar.tk, 1
+binf.tk, 1
+bing, 1
+bing-cdn.com, 1
+bing-cdn.xyz, 1
+bing.com, 1
+bingcheung.com, 1
+bingchunmoli.com, 1
+bingebooks.com, 1
+binggun.com, 1
+binghamcountyid.gov, 1
+binghamid.gov, 1
+bingning.com, 1
+bingo-wear.com, 1
+bingo9.net, 1
+bingobank.org, 1
+bingoblue.com, 1
+bingoclub.ga, 1
+bingocounterers.ga, 1
+bingoela.com, 1
+bingofriends.com, 1
+bingohalls.ca, 1
+bingoporno.com, 1
+bingospelen.tk, 1
+bingothemesers.ga, 1
+bingothemesest.ga, 1
+bingyou.com, 1
+binhdang.me, 0
+binhex.net, 1
+binhminhpc.com, 1
+binimo.com, 1
+biniou.net, 1
+binkanhada.biz, 1
+binkconsulting.be, 1
+binkert-treuhand.ch, 1
+binnacle.mx, 1
+binnen-buten.de, 1
+binnenmeer.de, 1
+binoculars.ga, 1
+binoqlo.com, 1
+binoro.de, 1
+binpress.com, 1
+binson-museum.tk, 1
+binsp.net, 1
+bintach.com, 1
+bintanglautplatinum.com, 1
+bintangtop.com, 1
+bintelligence.cl, 1
+bintelligence.info, 1
+bintelligence.nl, 1
+bintra.directory, 1
+bintube.com, 1
+bio-disinfestazione.it, 1
+bio-dolt-aveyron.fr, 1
+bio-farma.net, 1
+bio-feed.org, 1
+bio-place.com, 1
+bio-verzeichnis.de, 1
+bio24.si, 0
+bioadva.com, 1
+bioarc.com.au, 1
+bioarchlinux.org, 1
+bioatrium.com, 1
+bioblog.tk, 1
+biobone.net, 1
+biobuttons.ch, 1
+biocal.eu, 1
+biocal.nl, 1
+biocarbonregistry.com, 1
+biocentricinc.com, 1
+biochart.ga, 1
+biocheminee.com, 1
+bioclaudia.it, 1
+biocrafting.net, 0
+biodaan.com, 1
+biodieselbr.com, 1
+biodieseldata.com, 1
+biodieselpumps.com, 1
+biodit.com, 0
+biodobavki.tk, 1
+biodots.at, 1
+biodots.eu, 1
+biodots.info, 1
+biodots.it, 1
+bioedilizia.roma.it, 1
+bioemsan.cz, 0
+bioenergie-eferding.at, 1
+bioenergy-solutions.eco, 1
+bioequivalence.design, 1
+bioetco.ch, 1
+bioexistencialismo.tk, 1
+bioexploratorium.pl, 1
+biofattorietoscane.it, 1
+biofeedback-luzern.ch, 1
+biofizpribor.ru, 1
+bioforce.tk, 1
+biogaspuxin.es, 1
+biogecho.ch, 0
+biogeist.de, 1
+biogenius.ca, 0
+biogiardinaggio.it, 1
+biographyseriesers.ga, 1
+biographyseriesest.ga, 1
+biohappiness.com, 1
+bioharmony.ca, 1
+biohazardland.tk, 1
+biohazardonline.tk, 1
+biohazardous.tk, 1
+biohof-paas.de, 0
+bioinfo-diag.fr, 1
+bioinformaticsweb.tk, 1
+biointelligence-explosion.com, 1
+biokal-labsystems.eu, 1
+biokal-labsystems.nl, 1
+biokal.com, 1
+biokal.eu, 1
+biokal.nl, 1
+biokemonline.com, 1
+bioknowme.com, 1
+biokoxomodding.tk, 1
+biol.moscow, 1
+biol.spb.ru, 1
+biolack.cf, 1
+biolact.tk, 1
+bioleev.sklep.pl, 1
+biolegsanonims.tk, 1
+bioligo.ch, 0
+biolika.ua, 1
+biolingzhipro.my.id, 1
+biolink.vn, 1
+biolinky.co, 1
+biolmarket.ru, 1
+biologiaygeologia.tk, 1
+biologie-seite.de, 1
+biologis.ch, 1
+biologo.club, 1
+biology-colleges.com, 1
+biologymusicvideos.com, 1
+biologynest.com, 1
+biomarket24.pl, 1
+biomassinfo.jp, 1
+biomathalliance.org, 1
+biomax-mep.com.br, 1
+biomechanics.tk, 1
+biomechanoid.tk, 1
+biomed-hospital.ch, 1
+biomed-sparepart.com, 1
+biomed.ch, 1
+biomedsciinstrum.org, 1
+biomedyczne.pl, 1
+biometriccoe.gov, 1
+biometrics.gov, 1
+biomin.co.uk, 1
+biomod.tk, 1
+biomodra.cz, 1
+bionic-karnage.tk, 1
+bionicman.name, 1
+bionovanaturalpools.com, 1
+biontech24.pl, 1
+biontechworld.com, 1
+biopreferred.gov, 1
+biopro-st.com, 1
+biopsychiatry.com, 1
+bioreference.com, 1
+bioresonanz-ibiza.com, 1
+biosafe.ch, 0
+biosalts.it, 1
+biosbits.org, 1
+bioscience.co.uk, 1
+biosearch.tk, 1
+bioseguridad.gob.pa, 1
+bioselect.com.cy, 1
+bioshine.com.sg, 1
+bioshome.de, 1
+biosignalanalytics.com, 1
+biosky.tk, 1
+biospw.com, 1
+biostar.com.tw, 1
+biosuit.ga, 1
+biosupplyalliance.com, 1
+biot.tk, 1
+biotal.ua, 1
+biotanquesbts.com, 1
+biotec.tk, 1
+biotecommunity.com, 1
+bioteebook.com, 1
+biotin.ch, 1
+biotin24.cf, 1
+biotorrents.de, 1
+biotraxx.com, 1
+biouhli.com, 1
+biouhli.cz, 1
+biouhli.sk, 1
+bioweingut-baumann.de, 1
+biowtage.cf, 1
+biowtage.gq, 1
+bip-online.tk, 1
+bip.gov.sa, 0
+bipart.eu, 1
+bipartisanreport.com, 1
+bipedecurieux.com, 1
+bipolardisorderexplained.com, 1
+bipolargeek.com, 1
+bipolargeek.net, 1
+bipolargeek.org, 1
+bipolarworld.us, 1
+bippassistant.com, 1
+birahugo.tk, 1
+birchbarkfurniture.ch, 1
+birchbarkfurniture.com, 0
+birchbarkfurniture.fr, 0
+birchtree.me, 1
+bird-tech.co.uk, 1
+bird.engineer, 1
+birdbrowser.com, 1
+birdbutt.com, 1
+birdgifs.nz, 1
+birdiehosting.nl, 1
+birdist.com, 1
+birdrave.com, 1
+birdsite.ga, 1
+birdslabel.com, 1
+birdsnow.com, 1
+birdwatchireland.ie, 1
+birdymanbestreviews.com, 1
+birebirvilla.com, 1
+birenbaum.se, 1
+birgit-rydlewski.de, 1
+birgitandmerlin.com, 1
+birjdid.tk, 1
+birkanpusa.com.tr, 1
+birkengarten.ch, 1
+birkenstab.de, 1
+birkhoff.me, 0
+birkilise.com, 1
+birkilise.net, 1
+birkilise.org, 1
+birkman.com, 0
+birlikdayanisma.com, 1
+birman.tk, 1
+birminghamairportparking24.co.uk, 1
+birminghamal911.gov, 1
+birminghammoneyman.com, 1
+birminghamorthospine.com, 1
+birminghamsunset.com, 1
+birnenhain.de, 1
+birobidjan.tk, 1
+birone.tk, 1
+bironthemes.com, 1
+birosuli.hu, 1
+birra.tk, 1
+birrapenombra.tk, 1
+birtamode.tk, 1
+birthday-to-you.com, 1
+birthdayapp.io, 1
+birthdayapp.today, 1
+birthdaybuzz.org, 1
+birthdayinsiderest.ga, 1
+birthlight-austria.com, 1
+birthright.host, 1
+birtles.blog, 1
+birulevo.tk, 1
+birwa.tk, 1
+birzan.org, 1
+birzman.ga, 1
+bis-jeddah.com, 1
+bis.gov, 1
+bisa-sis.net, 1
+bischoff-mathey.family, 1
+biscuit.town, 1
+biscuitcute.com.br, 1
+biscuitflatsopenhouse.com, 1
+biscuits-rec.com, 1
+biscuits-shop.com, 1
+biser-borisov.eu, 1
+biser.online, 1
+biserica-antiohia.ro, 1
+bishopscourt-hawarden.co.uk, 1
+bishopston.net, 1
+bishoptx.com, 1
+bisik.ml, 1
+bisix.tk, 1
+bismantova.tk, 1
+bismarck-tb.de, 1
+bismarcktribune.com, 1
+bismi.solutions, 0
+bismuth.it, 1
+bisnis.com, 1
+bisnisesteen.tk, 1
+bisnisinternetgratis.tk, 1
+bisnismuda.id, 1
+bisnisonlinecerdas.tk, 1
+biso.ga, 1
+bisoga.ga, 1
+bisq.chat, 1
+bisq.community, 1
+bisq.markets, 1
+bisq.ninja, 1
+bisq.services, 1
+bisq.wiki, 1
+bisrockloverclan.tk, 1
+bisrockonline.tk, 1
+bissalama.org, 1
+bisschopssteeg.nl, 1
+bissokush.cf, 1
+bistro-dengi.ml, 1
+bistrocean.com, 0
+bistrodeminas.com, 1
+bistrozaim.ml, 1
+bit-cloud.de, 1
+bit-flex.com, 1
+bit-rapid.com, 0
+bit-saar.de, 1
+bit-sentinel.com, 1
+bit.li, 1
+bit8.com, 0
+bitaccelerate.com, 1
+bitace.com, 0
+bitazza.com, 1
+bitbank.cc, 1
+bitbank.cf, 1
+bitbincomputers.com, 1
+bitbonus.cf, 1
+bitbonusss.tk, 1
+bitbotster.com, 1
+bitbox.me, 1
+bitbroker.exchange, 1
+bitbucket.com, 1
+bitbucket.io, 1
+bitbucket.org, 1
+bitburner.de, 1
+bitcalt.eu.org, 1
+bitcalt.ga, 1
+bitchesabroad.com, 1
+bitchyjana.com, 1
+bitclusive.de, 1
+bitcoin-2go.de, 1
+bitcoin-about.tk, 1
+bitcoin-casino-no-deposit-bonus.com, 1
+bitcoin-casino.monster, 1
+bitcoin-class.com, 1
+bitcoin-daijin.com, 1
+bitcoin-exchange.ga, 1
+bitcoin-fauset.cf, 1
+bitcoin-india.net, 1
+bitcoin-india.org, 1
+bitcoin-news.info, 1
+bitcoin-newsbiz.com, 1
+bitcoin-now.ga, 1
+bitcoin-only.com, 1
+bitcoin-wizards.com, 1
+bitcoin-youtube.net, 1
+bitcoin.asia, 1
+bitcoin.ch, 1
+bitcoin.co.nz, 1
+bitcoin.de, 1
+bitcoin.foundation, 1
+bitcoin.im, 1
+bitcoin.info, 1
+bitcoin.ninja, 1
+bitcoin.org, 1
+bitcoin.us, 1
+bitcoinapi.de, 1
+bitcoinbitcoin.com, 1
+bitcoinbot.cf, 1
+bitcoinbot.ga, 1
+bitcoinbot.tk, 1
+bitcoincasino.link, 1
+bitcoincasino.monster, 1
+bitcoincasino.tech, 1
+bitcoincasino.today, 1
+bitcoincasinos.pro, 1
+bitcoincore.org, 1
+bitcoineffect.ml, 1
+bitcoinfaucet.tech, 1
+bitcoinfax.net, 1
+bitcoinfees.net, 1
+bitcoinforthe.lol, 1
+bitcoinforthe.world, 1
+bitcoinfy.net, 1
+bitcoingambling.pro, 1
+bitcoingames.world, 1
+bitcoingroup.ga, 1
+bitcoinheaders.net, 1
+bitcoinheaders.org, 1
+bitcoinindy.com, 1
+bitcoinissafe.com, 1
+bitcoinjpn.com, 1
+bitcoinkaufen.me, 1
+bitcoinkaufen.news, 1
+bitcoinkurs.news, 1
+bitcoinkurs.world, 1
+bitcoinnews.digital, 1
+bitcoinnews.guru, 1
+bitcoinnews.world, 1
+bitcoinprice.buzz, 1
+bitcoinprice.international, 1
+bitcoinprice.news, 1
+bitcoinprice.pizza, 1
+bitcoinprice.rocks, 1
+bitcoinprice.world, 1
+bitcoinreserve.com, 1
+bitcoinseed.net, 1
+bitcoinset.pl, 1
+bitcoinslots.info, 1
+bitcoinstandard.jp, 1
+bitcoinstock.ga, 1
+bitcointask.net, 1
+bitcointech.ga, 1
+bitcointransfer.tk, 1
+bitcointv.com, 1
+bitcoinwalletscript.tk, 1
+bitcoinx.ro, 1
+bitcork.io, 1
+bitcrazy.org, 1
+bitdefender.de, 1
+bitdelta.com, 1
+bitdizzle.xyz, 1
+bitdocs.xyz, 1
+bitdynamics.au, 1
+bitech-ec.com, 1
+bitedu.pt, 1
+bitehazard.cz, 1
+bitenose.com, 1
+bitenose.org, 1
+bitewinggames.com, 1
+bitex.la, 1
+bitfarm-archiv.com, 1
+bitfarm-archiv.de, 1
+bitfasching.de, 0
+bitfashion.pt, 1
+bitfehler.net, 1
+bitfinder.nl, 1
+bitforge.tk, 1
+bitforming.com, 1
+bitfortune.fund, 1
+bitfuse.net, 1
+bitga.in, 1
+bitgarant.tk, 1
+bitgo.com, 1
+bithosting.pt, 1
+bititrain.com, 1
+bitix.tk, 1
+bitjunkiehosting.com, 1
+bitkan.com, 1
+bitkiselreyonum.com, 1
+bitkub-app.com, 1
+bitkub-int.com, 1
+bitlair.nl, 1
+bitlaunch.io, 1
+bitlink.id, 1
+bitljettnu.gq, 1
+bitlo.com, 1
+bitlo.com.tr, 1
+bitlo.io, 1
+bitlo.org, 1
+bitloco.net, 1
+bitmag.ml, 1
+bitmaincare.com.ua, 1
+bitmaincare.ru, 1
+bitmainwarranty.com.ua, 1
+bitmainwarranty.ru, 1
+bitmarket.net, 1
+bitmart.com, 1
+bitmart.cool, 1
+bitmessage.ch, 1
+bitmexin.com, 1
+bitmidi.com, 1
+bitmine.gq, 1
+bitmix.biz, 1
+bitmoe.com, 1
+bitmoji.com, 1
+bitms.tk, 1
+bitname.it, 1
+bitnoder.com, 1
+bitnoise.nl, 1
+bitnovo.com, 1
+bito3d.com.br, 1
+bitovayatehn.tk, 1
+bitpod.de, 1
+bitpoll.org, 1
+bitpumpe.net, 1
+bitradius.com, 1
+bitrate.tk, 1
+bitredirixe.top, 1
+bitref.com, 1
+bitrefill.com, 1
+bitrefill.info, 1
+bitrefill.me, 1
+bitrush.nl, 1
+bits-hr.de, 0
+bitsafe.com.my, 1
+bitsalt.com, 1
+bitsellx.com, 1
+bitseo.ga, 1
+bitseo.tk, 1
+bitshaker.net, 1
+bitsight.net, 1
+bitsimnow.com, 1
+bitsimnow.se, 1
+bitsite.com, 1
+bitski.com, 1
+bitsler.ie, 1
+bitso.com, 1
+bitsoffreedom.nl, 1
+bitspaceonline.ml, 1
+bitstage.uk, 1
+bitstorm.nl, 1
+bitstorm.org, 1
+bitsync.nl, 1
+bitten.pw, 1
+bittentechsolutions.in, 1
+bitterley.org.uk, 1
+bitterspringscabins.com.au, 1
+bittersweetcandybowl.com, 1
+bittervault.xyz, 1
+bittimaatti.fi, 1
+bittiraha.fi, 1
+bitton.com.au, 1
+bittounsi.com, 1
+bittrend.ga, 1
+bittrust.com, 1
+bittylicious.com, 1
+bitunit.tk, 1
+bitvest.io, 1
+bitvise.com, 1
+bitwarden.com, 1
+bitwardit.com, 1
+bitwards.io, 1
+bitwardsdev.com, 1
+bitwoci.pt, 1
+bitwolk.nl, 1
+bitwrought.net, 1
+bitxel.com.co, 1
+bityes.org, 1
+biupay.com.br, 1
+biurokarier.edu.pl, 1
+biuropulawy.pl, 1
+bivg.ru, 1
+bivvy.com, 1
+bixbasement.com, 1
+bixbydevelopers.com, 1
+bixservice.com, 1
+biysk.ml, 1
+biz-academy.it, 1
+biz-pak.ml, 1
+biz-secrety.cf, 1
+biz-secrety.ga, 1
+biz-secrety.gq, 1
+biz-secrety.ml, 1
+biz-seecrets.gq, 1
+biz4solutions.com, 1
+biz4x.com, 0
+bizapps.lv, 1
+bizarrefuture.cf, 1
+bizbelarus.tk, 1
+bizboatest.ga, 1
+bizcalcs.com, 1
+bizcatalyst360.com, 1
+bizcope.com, 1
+bizdemevcut.com.tr, 1
+bizdir.tk, 1
+bizeau.ch, 1
+bizedge.co.nz, 1
+bizfavor.ml, 1
+bizgo.nl, 1
+bizify.co.uk, 1
+bizlatinhub.com, 1
+bizleal.com, 1
+bizmonthly.com, 1
+biznes-bum.tk, 1
+biznes-sekrety.gq, 1
+biznes-sekrety.tk, 1
+biznes.cf, 1
+biznes4you.ml, 1
+biznesone.ga, 1
+biznesonline.info, 1
+biznesowe.pl, 1
+biznet.tk, 1
+bizniskatalog.mk, 1
+biznotes.ru, 1
+biznpro.ru, 1
+bizoneplan.com, 1
+bizontrip.com, 1
+bizophub.com, 1
+bizopia.com, 1
+bizor.tk, 1
+bizpay.su, 1
+bizprom.ga, 1
+bizstart.ga, 1
+bizstarter.cz, 1
+bizsugar.ga, 1
+bizteam.ga, 1
+biztera.com, 1
+biztok.eu, 1
+biztositok.com, 1
+biztouch.work, 1
+biztrend.ru, 1
+bizuteria-laoni.tk, 1
+bizuteria-naprezent-szczecin.ml, 1
+bizzdesign.com, 1
+bizzix.tk, 1
+bizzseo.tk, 1
+bizzvisor.site, 0
+bizzybee.buzz, 1
+bizzysites.gr, 1
+bj-caffe.tk, 1
+bja.gov, 1
+bjargradakerfi.is, 1
+bjarnerest.de, 0
+bjarno.xyz, 1
+bjbybbs.com, 1
+bjc.hu, 1
+bjcw.com, 1
+bjecard.buzz, 1
+bjelimici.com, 1
+bjerregaard.me, 1
+bjfuli.com, 1
+bjgwyj.com, 1
+bjjmississauga.com, 1
+bjl688.cc, 1
+bjm-gembas.be, 1
+bjmgeek.science, 1
+bjoern-thoroe.de, 1
+bjolanta.pl, 1
+bjordanov.com, 1
+bjorknet.com, 0
+bjornerastrefelling.no, 1
+bjornhelmersson.se, 1
+bjornjohansen.no, 1
+bjrn.io, 1
+bjs.com.au, 1
+bjs.gov, 1
+bjsbouncycastles.com, 1
+bjshare.com, 1
+bjsms.de, 1
+bjtxl.cn, 1
+bjugard.io, 1
+bjut.photos, 1
+bjxx.com, 1
+bk-art.ru, 1
+bk-info.lt, 1
+bk1x.mobi, 1
+bk1xbet.mobi, 1
+bk27.ru, 1
+bk622.com, 1
+bk725.com, 1
+bka.li, 1
+bkentertainments.co.uk, 1
+bkgatl.com, 1
+bkhonnun.is, 1
+bkhpilates.co.uk, 1
+bkin-15340.space, 1
+bkin-15451.space, 1
+bkin-15530.website, 1
+bkin-15777.website, 1
+bkin-16490.space, 1
+bkin-16543.website, 1
+bkin-16836.space, 1
+bkin-17242.website, 1
+bkin-18126.website, 1
+bkin-18399.space, 1
+bkin-18734.top, 1
+bkin-18822.space, 1
+bkin-18825.space, 1
+bkin-18888.space, 1
+bkin-19138.website, 1
+bkin-19335.website, 1
+bkin-19342.space, 1
+bkin-19827.space, 1
+bkin-20245.space, 1
+bkin-20467.website, 1
+bkin-20855.space, 1
+bkin-21332.website, 1
+bkin-21703.space, 1
+bkin-21882.website, 1
+bkin-22350.website, 1
+bkin-22808.website, 1
+bkin-22962.space, 1
+bkin-23261.website, 1
+bkin-23612.space, 1
+bkin-23658.website, 1
+bkin-23906.website, 1
+bkin-24119.space, 1
+bkin-24239.space, 1
+bkin-24456.space, 1
+bkin-25297.space, 1
+bkin-25798.website, 1
+bkin-25982.xyz, 1
+bkin-26191.top, 1
+bkin-26470.xyz, 1
+bkin-27135.xyz, 1
+bkin-27185.xyz, 1
+bkin-27262.xyz, 1
+bkin-27733.top, 1
+bkin-27825.space, 1
+bkin-28035.xyz, 1
+bkin-28589.xyz, 1
+bkin-28659.xyz, 1
+bkin-28749.xyz, 1
+bkin-28767.space, 1
+bkin-28946.xyz, 1
+bkin-29253.xyz, 1
+bkin-29349.xyz, 1
+bkin-29531.xyz, 1
+bkin-29696.xyz, 1
+bkin-29957.space, 1
+bkin-29993.xyz, 1
+bkin-30246.xyz, 1
+bkin-30429.xyz, 1
+bkin-30668.xyz, 1
+bkin-30794.xyz, 1
+bkin-30845.xyz, 1
+bkin-30862.xyz, 1
+bkin-30883.xyz, 1
+bkin-31087.website, 1
+bkin-31170.xyz, 1
+bkin-31436.xyz, 1
+bkin-31447.xyz, 1
+bkin-31656.xyz, 1
+bkin-31789.xyz, 1
+bkin-31972.xyz, 1
+bkin-32482.xyz, 1
+bkin-32486.xyz, 1
+bkin-32744.xyz, 1
+bkin-32863.xyz, 1
+bkin-33383.xyz, 1
+bkin-33544.xyz, 1
+bkin-33740.xyz, 1
+bkin-33813.xyz, 1
+bkin-33970.xyz, 1
+bkin-34233.xyz, 1
+bkin-34299.xyz, 1
+bkin-34456.xyz, 1
+bkin-34797.xyz, 1
+bkin-35189.xyz, 1
+bkin-35365.xyz, 1
+bkin-35372.xyz, 1
+bkin-35499.xyz, 1
+bkin-35692.xyz, 1
+bkin-36700.xyz, 1
+bkin-36749.xyz, 1
+bkin-37699.xyz, 1
+bkin-37873.xyz, 1
+bkin-37968.xyz, 1
+bkin-38134.xyz, 1
+bkin-38325.xyz, 1
+bkin-38877.xyz, 1
+bkin-39139.xyz, 1
+bkin-39933.xyz, 1
+bkin-40545.xyz, 1
+bkin-41419.xyz, 1
+bkin-41934.xyz, 1
+bkin-41976.xyz, 1
+bkin-42525.xyz, 1
+bkin-42740.xyz, 1
+bkin-43450.xyz, 1
+bkin-46680.xyz, 1
+bkk24.de, 1
+bkkf.at, 1
+bkkposn.com, 1
+bklaindia.com, 1
+bkmexpress.com.tr, 1
+bkms-system.com, 1
+bkositspartytime.co.uk, 1
+bkphcoop.com, 1
+bkpm.tj, 1
+bksites.tk, 1
+bkt.to, 1
+bl-builder.tk, 1
+bl0ck.org, 1
+bl4ckb0x.biz, 1
+bl4ckb0x.com, 1
+bl4ckb0x.de, 1
+bl4ckb0x.eu, 1
+bl4ckb0x.info, 1
+bl4ckb0x.net, 1
+bl4ckb0x.org, 1
+blaa-arme.tk, 1
+blaarmeersen.be, 1
+blaasmuziek-laarbeek.nl, 1
+blaauwgeers.pro, 1
+blaauwgeers.wiki, 1
+blabber.im, 1
+blabla.rocks, 0
+blablacar.co.uk, 1
+blablacar.com, 1
+blablacar.com.br, 1
+blablacar.com.tr, 1
+blablacar.com.ua, 1
+blablacar.cz, 1
+blablacar.de, 1
+blablacar.es, 1
+blablacar.fr, 1
+blablacar.hr, 1
+blablacar.hu, 1
+blablacar.in, 1
+blablacar.it, 1
+blablacar.mx, 1
+blablacar.nl, 1
+blablacar.pl, 1
+blablacar.pt, 1
+blablacar.ro, 1
+blablacar.rs, 1
+black-air-rpg.com, 1
+black-diamonds.cf, 1
+black-flirt.de, 1
+black-friday.org.il, 1
+black-ghost.tk, 1
+black-hair-extension.tk, 1
+black-holes.org, 1
+black-magic-love-spells.com, 1
+black-mail.nl, 1
+black-market.ga, 1
+black-pool.net, 1
+black-rider-studio.eu, 1
+black-rosella.tk, 1
+black-side.tk, 1
+black.dating, 1
+blackandblond.tk, 1
+blackandwhite.tk, 1
+blackapron.com.br, 1
+blackarch.org, 1
+blackarts.co.za, 1
+blackashstudio.com, 1
+blackassassins.tk, 1
+blackbag.nl, 1
+blackbam.at, 1
+blackbbwvideos.com, 1
+blackbean.tk, 1
+blackbird-whitebird.com, 1
+blackbirdproperties.tk, 1
+blackbox.earth, 1
+blackboxcity.tk, 1
+blackbrookwi.gov, 1
+blackbyrne.com, 1
+blackbyte.it, 1
+blackcastle.tk, 1
+blackcat.ca, 1
+blackcatcard.com, 1
+blackcatinformatics.ca, 1
+blackcatinformatics.com, 1
+blackcatwanderlust.com, 1
+blackchristmas.tk, 1
+blackchrome.com.au, 1
+blackcicada.com, 1
+blackco.ga, 1
+blackcountrymusicband.co.uk, 1
+blackdiam.net, 1
+blackdoordc.com, 1
+blackdown.de, 1
+blackdragoninc.org, 1
+blackeaglenet.tk, 1
+blackedbyte.com, 1
+blackenedsoil.com, 1
+blackestdespondency.tk, 1
+blackeyes.gq, 1
+blackeyes.tk, 1
+blackfeather.in, 1
+blackfire.io, 1
+blackfirecrew.tk, 1
+blackforeststheoriginal.cf, 1
+blackforeststheoriginal.ga, 1
+blackforeststheoriginal.ml, 1
+blackforlife.me, 1
+blackfridaynew.com, 1
+blackgamelp.de, 1
+blackgoat.tk, 1
+blackhail.tk, 1
+blackhat.dk, 1
+blackhat.nz, 1
+blackhawk.io, 1
+blackheads.tk, 1
+blackheartbar.com, 1
+blackhelicopters.net, 1
+blackhillsinfosec.com, 1
+blackhistorymonth.gov, 1
+blackidfound.org, 1
+blackisbetter.com, 1
+blackjackballroomcasino.info, 1
+blackjackprogramest.ga, 1
+blackjaguar.tk, 1
+blackjaxamity.com, 1
+blackkeg.ca, 1
+blackl.net, 1
+blacklane.com, 1
+blacklava.tk, 1
+blacklightparty.be, 1
+blacklist.support, 1
+blacklodge.tk, 1
+blacklotusaudio.com, 1
+blackmagick-candles.com, 1
+blackmagickwitch.com, 1
+blackmagicshaman.com, 1
+blackmaleme.com, 1
+blackmark.me, 1
+blackmaskpro.gq, 1
+blackmesa.com, 1
+blackmetalencyclopedia.tk, 1
+blackmetalist.tk, 1
+blackmetaller.tk, 1
+blackmilftube.com, 1
+blackminds.tk, 1
+blackmistery.tk, 1
+blackmodelsusa.tk, 1
+blackoutzone.tk, 1
+blackpapermoon.de, 1
+blackpayment.ru, 1
+blackphantom.de, 1
+blackphoenix.de, 1
+blackpi.dedyn.io, 1
+blackpooltransport.com, 1
+blackportal.tk, 1
+blackpurl.com, 1
+blackriverfalls.tk, 1
+blackriverfallswi.gov, 1
+blackrockvet.ie, 1
+blackroses.tk, 1
+blacksamantha.tk, 1
+blackscytheconsulting.com, 1
+blackseals.net, 1
+blacksega.ga, 1
+blacksentry.io, 1
+blackshark.cf, 1
+blackslots.club, 1
+blacksniffer.tk, 1
+blackspark.tk, 1
+blackspider.tk, 1
+blacksport.ru, 1
+blacksprut.com, 1
+blackstoneone.net, 1
+blackstonepress.tk, 1
+blackstonetubrefinishers.ca, 1
+blackstrapsecurity.com, 1
+blackstudio.fr, 1
+blackstump.xyz, 1
+blacksuitmedia.com, 0
+blacksvets.co.uk, 1
+blackswan.tk, 1
+blackswirl.com, 1
+blackteam.org, 1
+blacktemplars.tk, 1
+blacktown.eu, 1
+blacktownbuildingsupplies.com.au, 1
+blacktube.tv, 1
+blacktubes.cf, 1
+blacktubes.ga, 1
+blacktubes.ml, 1
+blacktype.bet, 1
+blackvinegarcollection.com, 1
+blackwaterlounge.com, 1
+blackwaterutilities.tk, 1
+blackwellsupport.com, 1
+blackwidow.tk, 1
+blackwire.tk, 1
+blackwoodrugby.tk, 1
+blackwoodseventcenter.com, 1
+blackwoodsprotector.co.nz, 1
+blackworld.ga, 1
+blackwot.ru, 1
+blackyau.cc, 0
+blackys-chamber.de, 0
+blackzebra.audio, 1
+blade-online.tk, 1
+bladencountync.gov, 1
+blaetter.de, 1
+blaeu.com, 1
+blagger.tk, 1
+blaggo.com, 1
+blago-sostoyanie.ga, 1
+blago-sostoyanie.gq, 1
+blago-sostoyanie.ml, 1
+blago.tk, 1
+blagomed.by, 1
+blagosvet.ml, 1
+blague.tk, 1
+blahaj.eu, 1
+blaindalefarms.com, 1
+blainecosheriff-ok.gov, 1
+blairmitchelmore.com, 1
+blairtalbotmotors.com, 1
+blairtownshipmi.gov, 1
+blaise.io, 1
+blaizer.tk, 1
+blake-thickbroom.co.uk, 1
+blakecoin.org, 1
+blakecommagere.com, 1
+blakekhan.com, 1
+blakenichols.com, 1
+blakescrepes.com, 1
+blakezone.com, 1
+blako-squad.tk, 1
+blakylle.de, 1
+blan.tk, 1
+blanboom.org, 1
+blancamartinez.com, 1
+blanchardandcalhoun.com, 1
+blanchardla.gov, 1
+blanchardvillewi.gov, 1
+blancoltd.co.uk, 1
+blanickymanifest.eu, 1
+blankersfamily.com, 1
+blanket.technology, 1
+blankhang.com, 1
+blankpage.link, 1
+blanksreload.com, 1
+blankstore.com.pe, 1
+blankstyle.com, 1
+blantik.net, 1
+blantr.com, 1
+blanx.de, 1
+blanzastore.com.br, 1
+blasdelamo.es, 1
+blaser.com, 1
+blasflittchen.net, 1
+blasorchester-runkel.de, 1
+blastentertainment.co.nz, 1
+blastentertainment.com.au, 1
+blastersklan.com, 1
+blastoffbuisness.in, 1
+blastofftherapy.com, 1
+blastoise186.co.uk, 1
+blasunafotocadadia.com, 1
+blathinwheatens.tk, 1
+blatino.com, 1
+blatnic.eu, 1
+blatnice.cf, 1
+blatnice.fun, 1
+blatnice.ga, 1
+blatnice.gq, 1
+blatnice.ml, 1
+blatnice.online, 1
+blatnice.tk, 1
+blau-weiss-stolberg.de, 1
+blaudev.es, 1
+blauesschwarz.de, 0
+blauglockenbaum.de, 1
+blaumedia.com, 1
+blautiefe.de, 1
+blauwereigercoaching.nl, 1
+blauwgras.nl, 1
+blauwwit.be, 1
+blavandbike.de, 1
+blavandbike.dk, 1
+blavaty.tk, 1
+blayne.me, 0
+blayneallan.com, 0
+blazebd.com, 1
+blazeeria.com, 1
+blazefire.tk, 1
+blazeweb.ml, 1
+blazing.cz, 1
+blazingsaddles.ga, 1
+blazingsuns.tk, 1
+blazor.nl, 1
+blbet365.com, 1
+blblblblbl.fr, 0
+blc.net.au, 1
+blcandleco.com, 1
+bleachbattalion.tk, 1
+bleaching-tipps.de, 1
+bleaklyrics.tk, 1
+bleatingsheep.org, 1
+bleche-onlineshop.at, 1
+bleche-onlineshop.de, 1
+blechschmidt.saarland, 1
+bledina.com, 1
+bleedingcool.com, 1
+bleedmoneyest.ga, 1
+bleekerenbleeker.nl, 1
+bleep.zone, 1
+blegalservicespty.com, 1
+blekingeopen.tk, 1
+blend.works, 1
+blender.io, 1
+blenderinsider.com, 1
+blenderrecipereviews.com, 1
+blendessencial.com, 1
+blending.kr, 1
+blendle.com, 1
+blendle.nl, 1
+blenneros.net, 0
+blero.tk, 1
+blessedgeeks.org, 1
+blessedgeeks.social, 1
+blessedguy.com, 1
+blessings24x7.com, 1
+blessingtransportbromoijen.com, 1
+bleta.io, 1
+bleuwire.com, 1
+blevinstirepros.com, 1
+blewebprojects.com, 1
+bleyershoes.com, 1
+blheritage-tours.com, 0
+blic-zajm.gq, 1
+blichmann.eu, 1
+blicy.net, 1
+blideobames.com, 1
+blids.nl, 1
+blidz.com, 0
+blieque.co.uk, 1
+bliesener.com, 1
+blijfbij.com, 1
+blijfbij.eu, 1
+bliker.ga, 1
+blikund.swedbank.se, 1
+blindaryproduction.tk, 1
+blindenfreizeiten.de, 1
+blindfold.cf, 1
+blindfold.ga, 1
+blindler.net, 1
+blindpigandtheacorn.com, 1
+blindscribblings.com, 1
+blindsjoburg.com, 1
+blingbusinessest.ga, 1
+blingsparkleshine.com, 1
+blink-security.com, 1
+blink.mortgage, 1
+blinkdir.tk, 1
+blinkdrivex.com, 1
+blinken.co, 1
+blinkenlight.com.au, 1
+blinking.life, 1
+blinking.ml, 1
+blinkspeed.eu, 1
+blinniza.tk, 1
+blinq.me, 1
+blio.tk, 1
+blippr.com, 1
+blissbox.com, 1
+blissdrive.com, 1
+blissfulsmile.com, 1
+blissplan.com, 1
+blissso.com, 1
+blissway.tk, 1
+blissy.com.br, 1
+blist.xyz, 1
+blisterreview.com, 1
+blistertrackandtrace.com, 1
+blitz-idee24.de, 1
+blitzarena.io, 1
+blitzga.me, 1
+blitzkrieg.tk, 1
+blitzlotto.tk, 1
+blitzpaintball.net, 1
+blitztesting.com, 1
+blitzvendor.com, 1
+blivawesome.dk, 1
+blivdj.dk, 1
+blivvektor.dk, 1
+blix.tk, 1
+blixpage.tk, 1
+blixtv.com, 1
+blizhost.com, 1
+blizhost.com.br, 1
+blizko.tk, 1
+blk-intern.ch, 1
+blk-kriens.ch, 1
+blkbx.eu, 1
+blkj.com, 1
+bllb.ru, 0
+bllmnn.de, 1
+blm.gov, 1
+blm36.cc, 1
+blm69.cc, 1
+blnc.gov, 1
+blnsoftware.com, 1
+blo-melchiorshausen.de, 1
+blobby.com, 1
+blobemoji.com, 1
+blobfolio.com, 1
+blobfox.coffee, 1
+blobs.gg, 1
+block-planet.xyz, 1
+block-this.com, 1
+block.xyz, 1
+block65.com, 1
+blockchain.com, 1
+blockchain.info, 1
+blockchain.poker, 1
+blockchainaiintegra.com, 1
+blockchainbulteni.com.tr, 1
+blockchaincasinos.online, 1
+blockchainreporter.net, 1
+blockchaintech.ga, 1
+blockcheck.network, 1
+blockcreams.com, 1
+blocked.fun, 1
+blocked.icu, 1
+blockedservers.com, 1
+blockedyourcar.com, 1
+blockedyourcar.net, 1
+blockedyourcar.org, 1
+blockhost.net, 1
+blockified.io, 1
+blockinx.com, 1
+blockmetry.com, 1
+blockmomsest.ga, 1
+blocksettle.com, 1
+blockshopauto.com, 1
+blockstream.com, 1
+blockstream.info, 1
+blockstudio.it, 1
+blocktab.io, 1
+blockthis.xyz, 1
+blockvideo.live, 1
+blockwatch.cc, 0
+blockxit.de, 1
+blodeuyn.com, 1
+bloemenbesteld.nl, 1
+bloemendaalsamen.nl, 1
+bloemendal.me, 1
+blog-gpt.pl, 1
+blog-investimenti.it, 1
+blog-ludmily.ml, 1
+blog-page.tk, 1
+blog-preview.ml, 1
+blog-sat.com, 1
+blog-story.tk, 1
+blog-trawnikowy.pl, 1
+blog.fo, 1
+blog.gov.uk, 1
+blog.gparent.org, 1
+blog.gt, 1
+blog.je, 1
+blog.torproject.org, 0
+blog.vu, 1
+blogabout.ru, 1
+blogabouthealthy.tk, 1
+blogabr.it, 1
+blogaid.net, 1
+bloganchoi.com, 1
+blogaram.tk, 1
+blogarts.net, 1
+blogbegin.xyz, 1
+blogbookcassiopee.fr, 1
+blogbooker.com, 1
+blogbrew.org, 1
+blogbuz.org, 1
+blogcast.com, 0
+blogclouds.com, 1
+blogcosmeticsurgeon.ga, 1
+blogcrimesnews.tk, 1
+blogcuaviet.com, 1
+blogdelgloton.com, 1
+blogdelosjuguetes.com, 1
+blogdeyugioh.com, 1
+blogdieconomia.it, 1
+blogdimoda.com, 1
+blogdimotori.it, 1
+blogdiva.org, 1
+blogdosimoveis.com.br, 1
+blogexpress.org, 1
+blogext.com, 1
+blogfeng.tk, 1
+blogforprofit.tk, 1
+bloggermobile.tk, 1
+bloggermoney.ml, 1
+bloggermumofthreeboys.com, 1
+bloggerse.com, 1
+bloggersonlinetrainings.tk, 1
+bloggervent.com, 1
+bloggerzarausa.ga, 1
+blogging-life.com, 1
+bloggingfusion.com, 1
+bloggingkits.org, 1
+bloggingqna.com, 1
+bloggingtriggers.com, 1
+bloggingwithchildren.com, 1
+blogguitar.tk, 1
+bloggyaani.com, 1
+bloggymoms.com, 1
+bloggytalky.com, 1
+bloghogger.tk, 1
+blogidol.tk, 1
+bloginformatique.ml, 1
+blogit.fi, 1
+blogke.cn, 1
+bloglogistics.com, 1
+blogman.com, 1
+blognews.cf, 1
+blognik.pl, 1
+blognone.com, 1
+blogofapps.com, 1
+blogom.at, 1
+blogotomia.tk, 1
+blogpark.tk, 1
+blogpress.co.il, 1
+blogpronto.com.br, 1
+blogpsy.net, 1
+blogreen.org, 1
+blogsnote.xyz, 1
+blogspasest.ga, 1
+blogssl.com, 0
+blogstar.tk, 1
+blogtechnologiczny.pl, 1
+blogthedata.com, 1
+blogtienao.com, 1
+blogtroterzy.pl, 1
+bloguerrilla.it, 1
+bloguser.ru, 1
+blogvadim.ga, 1
+blogworm.eu, 1
+blokino.org, 0
+blokmap.be, 1
+blokuhaka.fr, 1
+blomberg.name, 1
+blomberguk.com, 1
+bloms.de, 1
+blonde-hexe.net, 1
+blondish.net, 0
+bloobasket.com, 1
+blood-kirsche.tk, 1
+blood4pets.tk, 1
+bloodandbones.tk, 1
+bloodandhonourcentral.tk, 1
+bloodhaven.tk, 1
+bloodhunt.eu, 1
+bloodmeter.com, 1
+bloodmine.ga, 1
+bloodmissionsest.ga, 1
+bloodpop.tk, 1
+bloodsports.org, 1
+bloodteam.tk, 1
+bloody-hosting.tk, 1
+bloody.pw, 1
+bloodybiz-news.tk, 1
+bloodycraft.ml, 1
+bloodyhawks.tk, 1
+bloom.sh, 1
+bloomberg.com, 0
+bloombergadria.com, 1
+bloomberglp.com, 0
+bloombergtv.mn, 1
+bloomfield-investment.com, 1
+bloomingbit.io, 1
+bloomingpink.in, 1
+bloomingtonelectionsil.gov, 1
+bloomingtonil.gov, 1
+bloomingwoods.tk, 1
+bloomnail.net, 1
+bloomppm.com, 1
+bloomscape.com, 1
+blopezabogado.es, 1
+blorbo.link, 1
+bloscheck.com, 1
+bloscheck.de, 1
+bloscheck.eu, 1
+bloscheck.net, 1
+bloscheck.org, 1
+blossomtexas.gov, 1
+blountsherifftn.gov, 1
+blounttn.gov, 1
+blowingrock.gov, 1
+blrjmt.com, 1
+blsattestation.com, 1
+blsgermanyvisa.com, 1
+blsindiavisa-uae.com, 1
+blt-avocat-nantes.fr, 1
+bltc.co.uk, 1
+bltc.com, 1
+bltc.net, 1
+bltc.org, 1
+bltc.org.uk, 1
+bltdirect.com, 1
+bluavido.ml, 1
+blubop.fr, 1
+blubracket.com, 1
+blubux.tk, 1
+blucoat.com, 1
+bluconductor.com, 1
+blucouriers.com.au, 1
+bludiode.com, 1
+bludnykoren.ml, 1
+blue-gmbh-erfahrungen.de, 1
+blue-gmbh.de, 1
+blue-olive.co.za, 1
+blue-pool.de, 1
+blue-python.tk, 1
+blue2purple.com, 1
+blueangel.org.tw, 1
+blueatlasmarketing.com, 1
+bluebahari.gq, 1
+bluebird.com, 1
+bluebirdservice.us, 1
+bluebnc.com, 1
+blueboybernie.com, 1
+bluecam.com, 1
+bluecanvas.io, 1
+bluecat.tk, 1
+bluecatnetworks.com, 1
+bluecherry.tk, 1
+bluecoastelectric.com, 1
+bluecoatnetflowsupport.com, 1
+bluecollarfetishwear.com, 1
+bluecosmetics.tk, 1
+bluecrossmn.com, 1
+blued.moe, 1
+bluedeck.org, 1
+bluedivision.tk, 1
+bluedog-security.com, 1
+blueenergy.tk, 1
+blueeyesworld.tk, 1
+bluefieldwv.gov, 1
+bluefieldwvpd.gov, 1
+blueflare.org, 1
+blueflow.pl, 1
+bluefrontier.co.uk, 1
+bluefurniturerentals.com, 1
+bluefuzz.nl, 1
+bluegifts.ro, 1
+bluegoat.jp, 1
+bluegolf.com, 1
+bluegorilla.es, 1
+bluehillme.gov, 1
+blueimp.net, 1
+blueinc.com.au, 1
+blueisafety.com, 1
+bluejeans.com, 1
+blueknights6.eu, 1
+bluekrypt.com, 1
+bluelighter.tk, 1
+bluelily.ga, 1
+bluelime.it, 1
+bluemail24.com, 0
+bluemango-studios.com, 1
+bluemonte.com, 0
+bluemoonrescue.org, 1
+bluemosh.com, 1
+bluemoundtexas.gov, 1
+bluemountain-ms.gov, 1
+bluemtnrentalmanagement.ca, 1
+bluenetworks.xyz, 1
+blueneuron.tk, 1
+blueoakart.com, 1
+blueoceanbrain.com, 1
+blueparrotpainting.com, 1
+bluepearl.tk, 1
+blueperil.de, 1
+blueplanet.social, 1
+blueport.com, 0
+bluepostbox.de, 1
+blueprintrealtytn.com, 1
+blueprintsdogstudio.com, 1
+bluepromocode.com, 1
+blueprotocol-cn.com, 1
+bluerange.io, 1
+blueride.se, 1
+blueridge.social, 1
+blueridgemachinery.com, 1
+blueridgeplans.com, 1
+bluerootsmarketing.com, 1
+blues-and-pictures.com, 1
+blues.at, 1
+bluesbarn.tk, 1
+bluesbuyers.com, 1
+bluescape.com, 1
+bluescape.io, 1
+blueshouse.ro, 1
+blueskiesmassage.com, 1
+bluesky-it.uk, 1
+blueskybrokerage.tk, 1
+blueskycantina.com, 1
+blueskycoverage.com, 1
+blueskyinsure.com, 1
+blueskywebdesign.net, 1
+bluesnews.tk, 1
+bluesoap.com.au, 1
+bluespace.ng, 1
+bluespirit.com, 1
+bluestarbus.co.uk, 1
+bluestardiabetes.com, 1
+bluestoneconstruction.com, 1
+bluestrigger.tk, 1
+bluesunhotels.com, 1
+blueswandaily.com, 1
+bluesystem.tk, 1
+bluetape.com, 1
+bluetape.tk, 1
+bluetexservice.com, 1
+bluetime.com, 1
+bluetoothlasersers.ga, 1
+bluetoothspecialist.ga, 1
+bluetrout.nl, 0
+bluewire.ca, 1
+bluewizardart.net, 1
+bluex.im, 1
+bluex.info, 1
+bluex.net, 1
+bluex.org, 1
+blueyonder.com, 1
+bluffcitytn.gov, 1
+bluffplumber.co.za, 1
+bluffsbyowner.com, 1
+bluheron.ca, 1
+blui.co, 1
+blui.ml, 0
+bluiandaj.ml, 1
+bluicraft.tk, 1
+bluimedia.com, 1
+blumagine.de, 1
+blumando.de, 1
+blumen-garage.de, 1
+blumenbasteln.ml, 1
+blumenfeldart.com, 1
+blumenversand.tk, 1
+blumiges-fischbachtal.de, 0
+blummedia.de, 1
+blundell.wedding, 1
+bluntandsnakes.com, 1
+bluprintoncology.com, 1
+bluproducts.com.es, 1
+blur.io, 1
+blurbhack.com, 1
+blurringexistence.net, 1
+blurt.cf, 1
+blushbymounika.com, 1
+blushingweb.tk, 1
+blusmurf.net, 1
+blutooth.ga, 1
+blutspende.de, 1
+bluware.com, 1
+bluxus.com, 1
+bluzone.io, 1
+blv38.fr, 1
+blw-eschwege.de, 1
+blw.moe, 0
+blyat.science, 1
+blyth.me.uk, 1
+blythwood.com, 1
+bm-academy.fr, 1
+bm-dataprotect.ch, 1
+bm-i.ch, 0
+bm-pc.ddns.net, 1
+bm-trading.nl, 1
+bm1.nl, 1
+bmac.cloud, 1
+bmak.me, 1
+bmak.xyz, 1
+bmbfiltration.com, 1
+bmblawfirm.com, 1
+bmelecevolution.com, 1
+bmhglobal.com.au, 1
+bmipestcontrol.com, 1
+bmjphotography.tk, 1
+bmk-kramsach.at, 1
+bmm.com.co, 1
+bmoattachments.org, 1
+bmoe.eu.org, 1
+bmone.net, 1
+bmotorsports.com, 1
+bmr.ar, 1
+bmriv.com, 1
+bmros.com.ar, 1
+bmskibaru.com, 1
+bmsupermercados.es, 1
+bmw-motorradclub-seefeld.de, 1
+bmwcolors.com, 1
+bmwhocking.com, 1
+bmwhocking.nz, 1
+bmwpartsdeal.com, 1
+bmyjacks.cn, 0
+bmzm.nl, 0
+bnb-buddy.nl, 1
+bnbhome.com, 1
+bnboy.cn, 1
+bnbsinflatablehire.co.uk, 1
+bnc.sh, 1
+bnct.us, 1
+bnd.house, 1
+bnews.vn, 1
+bnext.tech, 1
+bngdigital.com, 1
+bngs.pl, 1
+bngsecure.com, 1
+bnin.org, 1
+bnjscastles.co.uk, 1
+bnkconsulting.info, 1
+bnnuy.com, 1
+bnpl.kz, 1
+bnpparibas-am.com, 0
+bnpparibas.be, 1
+bnpparibas.bg, 1
+bnpparibas.co.uk, 1
+bnpparibas.com.hk, 1
+bnpparibas.de, 1
+bnpparibas.es, 1
+bnpparibas.it, 1
+bnpparibas.lu, 1
+bnpparibas.no, 1
+bnpparibas.pt, 1
+bnpparibas.ru, 0
+bnpparibascardif.com.ar, 1
+bnrailstories.com, 1
+bnssigns.com, 1
+bnstree.com, 0
+bnty.net, 1
+bnwrdil.gov, 1
+bo-1xbet.com, 1
+bo-rad.de, 1
+bo.ke, 1
+bo1689.com, 0
+bo4tracker.com, 1
+boa.rw, 1
+boam.nu, 1
+boanastudio.com, 1
+board-portal.org, 1
+board-room.ca, 1
+boardcloud.org, 1
+boardfree.tk, 1
+boardgameforces.com, 1
+boardgamegeeks.de, 1
+boardgameshots.com, 1
+boardingschoolreview.com, 1
+boardlinks.gov.au, 1
+boardroommind.com, 1
+boards.ie, 1
+boardsoftware.net, 1
+boardspot.com, 1
+boardusersers.ga, 1
+boat-engines.eu, 1
+boathut.com.au, 1
+boatmanwindsor.com, 1
+boats.com, 0
+boatsandoats.com, 1
+boatsdonated.com, 1
+boatseller.org, 1
+boatsforveterans.org, 1
+boattour.ru, 1
+boattrader.com.au, 1
+boatyardx.com, 1
+boauganda.com, 0
+boazwi.gov, 1
+bob-dylan.tk, 1
+bob-fuchs.de, 1
+bob.nl, 1
+bob.pe, 1
+bobaly.es, 0
+bobancoamigo.com, 1
+bobandbrians.com.au, 1
+bobandducky.com, 0
+bobaobei.net, 1
+bobaobei.org, 1
+bobasy.pl, 1
+bobazar.com, 1
+bobbyfischer.tk, 1
+bobbyhensley.com, 1
+bobbyoriginal.tk, 1
+bobbyrobinson.tk, 1
+bobcat.com, 1
+bobcoffee.com.br, 1
+bobcopeland.com, 1
+bobek.cz, 1
+bobep.ru, 1
+bobet.it, 1
+bobfilm.ml, 1
+bobigames.com, 1
+bobiji.com, 0
+bobijoel.ml, 1
+bobkidbob.com, 1
+boblog.tk, 1
+boboboboboaji.xyz, 1
+bobobox.net, 1
+bobotie.ga, 1
+bobra.bid, 1
+bobruysk.tk, 1
+bobsfhairstyles.ga, 1
+bobstenancycleaning.co.uk, 1
+bobstikkers.be, 1
+bobstronomie.fr, 1
+bobvincent.com, 1
+bocaaboca.ml, 1
+bocabeats.tk, 1
+bocada.com, 1
+bocahkampus.com, 1
+bocal.cf, 1
+bocamo.it, 1
+bocawa.es, 1
+bocbot.tk, 1
+boccabell.com, 0
+bocciatitanium.com, 1
+bochs.info, 1
+bocloud.eu, 1
+boctok.space, 1
+bocusedormauritius.com, 1
+bodas.com.mx, 1
+bodas.net, 1
+bodascartagena.com, 1
+bodclansite.tk, 1
+boddunan.com, 1
+bodegademuebles.com, 1
+bodegagarces.tk, 1
+bodegasvirei.com, 0
+bodemplaten4x4.nl, 1
+boden.co.uk, 1
+boden.com, 1
+boden.eu, 1
+boden.fr, 1
+bodenclothing.com.au, 1
+bodendirect.at, 1
+bodendirect.de, 1
+bodenpreview.co.uk, 1
+bodenpreview.com, 1
+bodenpreview.de, 1
+bodenusa.com, 1
+bodesi.com, 1
+bodhi.fedoraproject.org, 1
+bodhionline.com, 1
+bodin.cz, 1
+bodivo.vn, 1
+bodixite.com, 1
+bodlsc.com, 1
+bodrumescmagazin.tk, 1
+bodrumfarm.com, 1
+bodrus.com, 1
+bodsch.com, 1
+bodusod.bg, 1
+body-demo.tk, 1
+bodyblockarcade.com, 1
+bodyblog.nl, 1
+bodybuilding.com, 0
+bodybuilding.events, 1
+bodybuilding.nl, 1
+bodybuildingstyle.tk, 1
+bodybuildingsupplementsexplained.com, 1
+bodybuildingworld.com, 1
+bodycare.cn, 1
+bodyecology.com, 1
+bodygearguide.com, 1
+bodyhealthcare.tk, 1
+bodymassage.cf, 1
+bodymfr.com, 1
+bodymod.tk, 1
+bodymusclejournal.com, 1
+bodypad.com, 1
+bodypainting.waw.pl, 1
+bodyshaping.ml, 1
+bodyshopnews.net, 1
+bodytechautomotive.com.au, 1
+bodyweb.com.br, 1
+bodyweightsolution.com, 1
+boealpinelounge.it, 1
+boegli.tk, 1
+boehm.sh, 1
+boehs.org, 1
+boeing747.tk, 1
+boeleo.ru, 1
+boelsen.net, 1
+boem.gov, 1
+boensite.tk, 1
+boenyc.gov, 1
+boerandolphcountyga.gov, 1
+boerderijspel.nl, 1
+boeren.de, 0
+boerger.com, 1
+boesckens.de, 1
+boese.one, 1
+boevik.ml, 1
+boew.de, 1
+bof.fo, 1
+bofashion.site, 1
+boffin.tk, 1
+bofn.com.tr, 1
+bofoxdesign.com, 0
+bogatyizhenih.tk, 1
+bogdanbiris.com, 1
+bogdancornianu.com, 1
+bogdanepureanu.ro, 1
+bogdanov.ga, 1
+bogdanow.tk, 1
+bogdatrend.ml, 1
+bogenexten.com, 1
+bogner.sh, 1
+bogolyandras.com, 1
+bogosity.tv, 1
+bogoslov.tk, 1
+bogozi.com, 1
+bogs.de, 1
+bogtom.tk, 1
+bogus.ltd, 1
+bogwitch.tk, 1
+bohaishibei.com, 1
+bohemiantooers.ga, 1
+bohramt.de, 1
+bohyn.cz, 1
+boikhor.com, 1
+boilermechhr.com, 1
+boilesen.com, 0
+boiliai.lt, 1
+boilingpoint.net, 1
+boimmobilier.ch, 0
+boingboing.net, 1
+boingo00.wtf, 1
+bointon.com, 1
+boip.in, 1
+boira.tk, 1
+boisebirthdoula.com, 1
+boizeau.fr, 1
+bojan.tk, 1
+bojanowskiszkolka.pl, 1
+bojiu99.cc, 1
+bojoproductions.tk, 1
+bokaldo.com, 1
+bokatas.tk, 1
+boke112.com, 1
+bokehandbows.ca, 1
+bokentau-company.kz, 1
+bokhaldari.is, 1
+bokhylle.eu, 1
+bokkeriders.com, 1
+bokkun.jp, 1
+bokov.gq, 1
+boksburgplumbing.co.za, 1
+bokutake.com, 1
+bol.io, 1
+bolalocobrews.co.uk, 1
+bolaodarico.com.br, 1
+bolbilisim.com, 1
+bolchettabolsos.es, 1
+boldare.com, 1
+boldbeau.pt, 1
+bolderly.com, 1
+boldhaus.de, 1
+boldinsight.co.uk, 0
+boldinsight.com, 0
+boldium.com, 1
+boldogsagadni.hu, 1
+boldorion.com, 1
+boldsmartlock.com, 0
+bolehvpn.net, 1
+bolektro.de, 1
+bolele.org, 1
+boleleboyz.org, 1
+boleros.tk, 1
+boletosdeavionbaratos.tk, 1
+boleyn.su, 1
+bolgarnyelv.hu, 1
+bolgarus.ru, 0
+bolha.one, 1
+bolicforum.com, 1
+bolid.tk, 1
+bolivar-circuit-clerk.ms, 1
+bolivar80.com, 0
+bolivarchurch.tk, 1
+bolivarfm.com.ve, 1
+boliviaverde.tk, 1
+bolivin.ga, 1
+bollervilla.de, 1
+bolli.tech, 1
+bollymarket.com, 1
+bollywoodacapellas4djs.tk, 1
+bollywoodfans.tk, 1
+bollywoodgk.tk, 1
+bollywoodhdsongs.tk, 1
+bollywoodstrot.tk, 1
+bologna-disinfestazioni.it, 1
+bolognatoday.it, 1
+bolognatsrmpstrp.it, 1
+bologoe.tk, 1
+bololo.fun, 1
+bolonapps.com, 1
+bolos.tk, 1
+bolosbatiente.tk, 1
+bolsa.tk, 1
+bolsasbellagio.com.br, 1
+bolshevik.tk, 1
+bolshoi.tk, 1
+bolshoy.tk, 1
+bolt.cm, 0
+bolt.com, 1
+bolte.org, 1
+boltmobile.ca, 1
+bolton-consulting.org, 1
+boltonct.gov, 1
+boltreplassen.no, 1
+boluhaberleri.tk, 1
+bolur.is, 1
+boluwebtasarim.cf, 1
+bolverin.tk, 1
+bolzano-bozen.it, 1
+bolzanoavvocati.it, 1
+bolzanoinfo.it, 1
+boma.ml, 1
+bomanufacture.com, 1
+bombard.ga, 1
+bombe-lacrymogene.fr, 1
+bomberosceuta.tk, 1
+bomberus.de, 1
+bombgame.tk, 1
+bombgirls.cf, 1
+bombgirls.ga, 1
+bombgirls.gq, 1
+bombgirls.ml, 1
+bombiaturkiye.cf, 1
+bombo.xyz, 1
+bomboniere.roma.it, 1
+bomenzoeker.nl, 1
+bomhard.de, 1
+bomhard.net, 1
+bomhard.org, 1
+bomnet.tk, 1
+bompus.com, 1
+bon-appetit-wesel.de, 1
+bonaccordpestcontrol.co.uk, 1
+bonaccorso.eu, 1
+bonaemi.ga, 1
+bonami.cz, 1
+bonami.hr, 1
+bonami.hu, 1
+bonami.lt, 1
+bonami.lv, 1
+bonami.pl, 1
+bonami.ro, 1
+bonami.si, 1
+bonami.sk, 1
+bonami.tech, 1
+bonamihome.ro, 1
+bonanzateam.tk, 1
+bonaparte.com.co, 1
+bonapati.tk, 1
+bonapeti.ml, 1
+bonapp.restaurant, 0
+bonaselect.lv, 1
+bonawehouse.co.uk, 1
+bonbonka.best, 1
+bonbonmania.com, 1
+bonbonshop.ro, 1
+bonchaboncha.com.tw, 1
+bondagefetishstore.com, 1
+bondarenko.dn.ua, 1
+bondarenko.tk, 1
+bondcountyil.gov, 1
+bondcountysa.gov, 1
+bondcouponers.ga, 1
+bondingwithbaby.ca, 1
+bondlink.com, 1
+bondmaster.tk, 1
+bondpro.gov, 1
+bondscript.tk, 1
+bondvigilantes.com, 1
+boneanu.tk, 1
+bonebreakers.tk, 1
+bonebunny.de, 1
+boneros.tk, 1
+bonesserver.com, 1
+bonexio.tk, 1
+bonfi.net, 1
+bonfire.co.uk, 1
+bonfireleads.com, 0
+bong--brothers.tk, 1
+bongbong-irl.com, 1
+bongbongirl.com, 1
+bongbongmarcos.com, 1
+bonghuyn.com, 1
+bongit.de, 1
+bongjukim.com, 1
+bongloy.com, 1
+bongo.cat, 1
+bongocams.webcam, 1
+bongoland.tk, 1
+bongoo.fr, 1
+bonic.tk, 1
+bonifatius-friedrich.de, 1
+bonify.de, 1
+bonita.com.br, 1
+bonitadesax.com, 1
+bonitamacas.tk, 1
+bonitaslecturas.ml, 1
+bonitasoft.com, 1
+bonitech.co.uk, 1
+bonito.pl, 1
+bonjourimmo.tv, 1
+bonjourlulu.com.ar, 1
+bonjourmademoiselle.fr, 1
+bonk.pw, 1
+bonkleagues.ml, 1
+bonkotsua.net, 1
+bonn.digital, 1
+bonneannee.tk, 1
+bonnepart.fr, 1
+bonnetmoda.com, 1
+bonnevillecountyidaho.gov, 1
+bonniecoloring.com, 1
+bonniedraw.com, 1
+bonniekitchen.com, 1
+bonnieradvocaten.nl, 1
+bonniestylez.net, 1
+bonnsustainabilityportal.de, 1
+bonnydevil.com, 1
+bono3.ir, 1
+bonobo.cz, 1
+bonprix.co.uk, 1
+bonra.com, 1
+bonsai-uk.cf, 1
+bonsaiclubkengai.tk, 1
+bonsaiclubsanvi.tk, 1
+bonsaicrm.com, 1
+bonsaimedia.nl, 1
+bonsaitree.tv, 1
+bonsaj.tk, 1
+bonte.tk, 1
+bonukset.cf, 1
+bonukset.tk, 1
+bonus-club.gq, 1
+bonus-kran.tk, 1
+bonus.ca, 1
+bonus.net.nz, 1
+bonusdigital.id, 1
+bonusov.tk, 1
+bonusup.tk, 1
+bonviveur.com, 1
+bonvorur.is, 1
+bonwari.com, 1
+boo, 1
+boobsgirls.com, 1
+boodmo.com, 1
+boof.com, 0
+boogiedown.tk, 1
+booglobal.com, 1
+boogschutters-perk.tk, 1
+boojiboysbasement.tk, 1
+book-excursion.com, 1
+book-in-hotel.com, 1
+book-online.tk, 1
+book-sites.cf, 1
+book24.ru, 1
+bookameeting.se, 1
+bookb.com, 1
+bookbazar.co.in, 1
+bookcheapairline.com, 1
+bookchums.com, 1
+bookcreator.com, 1
+bookfirm.com, 1
+bookgeek.ga, 1
+bookginawest.com, 1
+bookingdjparis.fr, 1
+bookingplacecostarica.com, 1
+bookingpressplugin.com, 1
+bookingready.com, 1
+bookingslog.com, 1
+bookingsrit.tk, 1
+bookingtool.com, 1
+bookingtool.net, 1
+bookingworldspeakers.com, 1
+bookitlive.net, 1
+bookmaker.expert, 1
+bookmark.gq, 1
+bookmarkblog.tk, 1
+bookmarkclub.ga, 1
+bookmarkclub.gq, 1
+bookmarkclub.tk, 1
+bookmarked.cf, 1
+bookmarking.ml, 1
+bookmarkingyourbusiness.ga, 1
+bookmarklive.cf, 1
+bookmarklive.tk, 1
+bookmarkseo.gq, 1
+bookmarkseo.tk, 1
+bookmarkup.gq, 1
+bookmarkup.ml, 1
+bookmarkup.tk, 1
+bookmysplash.com, 1
+booknooktutor.com, 1
+bookourdjs.com, 1
+bookposh.com, 1
+bookreport.ga, 1
+books-dowload.tk, 1
+books-ru.tk, 1
+books.co.ua, 1
+booksales.tk, 1
+booksandcoffee.ml, 1
+bookshopofindia.com, 1
+booksinthefridge.at, 1
+booksjar.com, 1
+booksky.com, 1
+bookslibrarybooks.gq, 1
+booksoncamping.com, 1
+bookstores.gq, 1
+bookstrap.ga, 1
+booksy.com, 1
+booktruestorys.com, 1
+bookvuz.tk, 1
+bookwear.com, 1
+bookworld.gr, 1
+bookwormstory.social, 1
+bookwritingbureau.com, 1
+bookyourdata.com, 1
+bookzaga.com, 1
+bool.be, 1
+booldamm.llc, 1
+boom2.network, 1
+boombangcreditos.tk, 1
+boomboomboat.com, 1
+boomcloud.net, 1
+boomerangwater.com, 1
+boomersurf.com, 1
+boomfestival.org, 1
+boomfinity.xyz, 1
+boomingnewtech.com, 1
+boomingofthings.com, 1
+boomshadow.net, 1
+boomshine.de, 1
+boomsocial.com, 1
+boomstyle.com, 1
+boomsual.com, 1
+boomtheme.com, 1
+boomtownevents.com, 1
+boomvm.pw, 1
+boonecountyfpdmo.gov, 1
+boonecountyil.gov, 1
+boonecountyne.gov, 1
+boonecountywv.gov, 1
+boonecsdia.gov, 1
+booneiowa.gov, 1
+boonemo.gov, 1
+boonshoft.com, 1
+booox.biz, 1
+booox.cc, 1
+booox.net, 1
+booox.org, 1
+booox.pw, 1
+boop.gq, 1
+boop.icu, 1
+booq.org, 1
+booquiz.com, 1
+booshka.ga, 1
+boosinflatablegames.co.uk, 1
+boosman.nu, 1
+boosmanpoolservice.com, 1
+boost-collective.com, 0
+boost.ink, 1
+boostdesign.tk, 1
+boostermachine.com, 1
+boostertonbusiness.com, 1
+boostgame.win, 1
+boostitco.com, 1
+boostplm.com, 1
+boostport.com, 1
+boostport.com.au, 1
+boostroom.com, 1
+boostup.com.tr, 1
+booths.cyou, 1
+bootlesshacker.com, 1
+boots-shop.tk, 1
+bootsa.ga, 1
+bootsa.tk, 1
+bootstrapcollab.com, 1
+bootswinter.tk, 1
+bootsy.org, 1
+bootytube.net, 1
+boozinyan.com, 1
+bopiweb.com, 1
+bopyx.com, 0
+boraarat.com, 1
+boraboraphotos.com, 0
+boracay.tk, 1
+boraclub.com, 1
+boraescolher.com.br, 1
+borafalardeguito.com, 1
+borahan.net, 0
+boranco.tk, 1
+borasol.tk, 1
+borba-umov.tk, 1
+borche-imm.eu, 1
+borchers-media.de, 1
+borchers.ninja, 1
+bordadoenpedreria.com, 1
+borde.network, 1
+bordeiu.ro, 1
+bordelique.tk, 1
+bordercolli.tk, 1
+bordercollie.tk, 1
+bordercolliesworkingdogs.tk, 1
+bordercrossingux.com, 1
+borderfever.cf, 1
+borderfever.ga, 1
+borderfever.ml, 1
+borderlens.com, 1
+borderless.ro, 1
+borderless360.com, 0
+borderpatroledu.org, 1
+bordersbuses.co.uk, 1
+borderzoo.tk, 1
+bordes.me, 1
+bordo.com.au, 1
+bordoeurope.com, 1
+bordonisport.com, 1
+borduurcadeau.tk, 1
+borduurpatronen.tk, 1
+borduurshophengelo.nl, 1
+bore.lt, 1
+borealis.gg, 1
+borealis.su, 1
+boredhackers.com, 1
+boredhoard.com, 1
+boredhousewifeconfessions.cf, 1
+boredhousewifeconfessions.ga, 1
+boredhousewifeconfessions.ml, 1
+borein.cf, 1
+boreo.si, 1
+boresmail.ru, 1
+borfin.com, 1
+borgcube.com, 1
+borgmann-krankenfahrten.de, 1
+borgmestervangen.xyz, 1
+borgoaureo.com, 1
+borgodigatteraia.it, 1
+borgshof.tk, 1
+borhunter.pl, 0
+boringnews.tk, 1
+boringpoll.com, 1
+boringsmith.com, 1
+borisenko-alexander.com, 1
+borisenko.by, 1
+borislam.tk, 1
+borisof.tk, 1
+borja.io, 1
+borjaacost.com, 1
+borjalucero.es, 1
+borlangefk.tk, 1
+borman.biz, 1
+born2bounce.co.uk, 1
+born2dance.tk, 1
+bornandgrazed.com, 1
+borneodictionary.com, 1
+bornfiber.dk, 1
+bornhack.dk, 1
+bornreality.tk, 1
+borntobetogether.eu, 1
+borntocover.pl, 1
+borntoraid.com, 1
+boros.tk, 1
+borowski.pw, 1
+borraxeiros.tk, 1
+borriquillacuenca.tk, 1
+borsa2k.com.tr, 1
+borsodsakk.hu, 1
+bortebest.no, 1
+borygoai.org, 1
+borysek.net, 1
+borysenko.se, 1
+borzamalta.com.mt, 1
+borzaresearch.com, 1
+borzov.tk, 1
+bosabosa.org, 0
+bosanski-forum.com, 1
+bosanskinovi.tk, 1
+bosattondskap.tk, 1
+bosburyhistoryresource.org.uk, 1
+boscawennh.gov, 1
+boschee.net, 1
+boschhirtshals.dk, 1
+boschveldtuin.nl, 1
+boscobelwi.gov, 1
+bosconation.tk, 1
+boscoyacht.ch, 0
+boscq.fr, 1
+bosdubica.tk, 1
+bosekarmelitky.cz, 1
+bosengineering.be, 1
+bosiquanao.vn, 1
+boskant.tk, 1
+bosnia-online.tk, 1
+bosniaks.com, 1
+bosonogka.tk, 1
+bospiraat.tk, 1
+bospor.tk, 1
+bosquedelasimagenes.tk, 1
+boss.az, 1
+bossefors.tk, 1
+bossurl.tk, 1
+bostan.com, 1
+boston-molly.tk, 1
+boston-sailing.com, 1
+bostonadvisors.com, 0
+bostonaoii.com, 1
+bostonblockchainassociation.org, 1
+bostonews.tk, 1
+bostonfast.com, 1
+bostonivy.co, 1
+bostonmedicalgroup.com, 1
+bostonsportsmedicinemd.com, 1
+bosun.io, 1
+boswellboropd-pa.gov, 1
+bot-manager.pl, 1
+botanical.house, 1
+botanicoved.com, 1
+botanischkunstenaarsnederland.nl, 1
+botarticle.ga, 1
+botbrother.ml, 1
+botcore.ai, 1
+botdiril.com, 1
+botelegram.tk, 1
+botguard.net, 1
+bothive.io, 1
+boticadiservicio.com, 1
+botija.tk, 1
+botika.online, 1
+botikadiservisio.com, 1
+botipedia.tk, 1
+botlabs.host, 1
+botmaker.tk, 1
+botmanager.pl, 1
+botmedia.cf, 1
+botnam.com, 1
+botoes-primor.pt, 1
+botoks.tk, 1
+botox.bz, 1
+botpago.cl, 1
+botsa.com, 1
+botschaften-an-das-volk-gottes.de, 0
+botserver.de, 1
+botsindiscord.me, 1
+botstack.host, 1
+botticelli.tk, 1
+bottinquebec.com, 1
+bottke.berlin, 1
+bottle.li, 1
+bottlecapsbev.com, 1
+bottleking.com, 1
+bottlerockshuttles.com, 1
+bottly.in, 1
+bottom9clothing.com, 1
+bottomfeedings.tk, 1
+bou.cloud, 1
+bou.ke, 1
+bouah.net, 0
+bouallaoui.tk, 1
+boubyranol-biere.com, 1
+bouchard-mathieux.com, 1
+boucherie-charcuterie.ca, 1
+boucherie-restaurant-les-provinces.fr, 1
+bouchonville-knifemaker.com, 1
+bouckaert-usedcars.be, 0
+bouckaert.co, 1
+boudah.pl, 1
+bouffartigue.fr, 1
+bougeer.gent, 1
+bougepourtoi.tk, 1
+bougeret.fr, 1
+bougerpourmasante.com, 1
+bougharios.com, 1
+boughariosbros.com, 1
+bouldercounty.gov, 1
+bouldercountyassessor.gov, 1
+bouldercountydronepilot.com, 1
+bouldercountyhhs.gov, 1
+bouldercountynavigatingdisaster.gov, 1
+bouldercountyrecovery.gov, 1
+bouldercountytreasurer.gov, 1
+bouldercountyvotes.gov, 1
+boulderdowntown.com, 1
+boulderodm.gov, 1
+bouldersheriff.gov, 1
+boulderswap.com, 1
+boulderwagonroad.org, 1
+boulebar.duckdns.org, 1
+boulevard-ruijschenbergh.nl, 1
+boulstory.ru, 1
+boulzicourt.fr, 1
+boumstudio.com, 1
+bounce-a-roo.co.uk, 1
+bounce-abouts.com, 1
+bounce-n-go.co.uk, 1
+bounce-on.co.uk, 1
+bounce-r-us.co.uk, 1
+bounce-xtreme.co.uk, 1
+bounce4fun.co.uk, 1
+bounce4kidz.com, 1
+bounce4less.ie, 1
+bouncea-bout.com, 1
+bounceaboutnewark.co.uk, 1
+bounceaboutsussex.co.uk, 1
+bouncealotnorthwest.co.uk, 1
+bounceapp.com, 1
+bouncearoundinflatable.com, 1
+bouncearoundsheffield.co.uk, 1
+bounceawaycastles.com, 1
+bouncebackcastles.co.uk, 1
+bouncebookings.com.au, 1
+bouncecrazy.ie, 1
+bouncemaniaevents.co.uk, 1
+bouncemaniainflatables.co.uk, 1
+bouncenortheast.co.uk, 1
+bouncenpaint.co.uk, 1
+bounceroos-bouncycastles.co.uk, 1
+bounceroosevents.co.uk, 1
+bouncers-bouncycastlehire.co.uk, 1
+bouncesquad.co.uk, 1
+bouncetasticuk.co.uk, 1
+bouncetheparty.co.uk, 1
+bouncetothebeat.tk, 1
+bounceunlimited.co.uk, 1
+bouncewithbovells.com, 0
+bouncincastles.co.uk, 1
+bouncing4joy.co.uk, 1
+bouncingbuzzybees.co.uk, 1
+bouncinghigher.co.uk, 1
+bouncingscotland.com, 1
+bouncourseplanner.net, 1
+bouncy-castles-surrey.co.uk, 1
+bouncy-tots.co.uk, 1
+bouncybaileys.co.uk, 1
+bouncyball.eu, 1
+bouncyballs.org, 1
+bouncybouncyboocastlehire.co.uk, 1
+bouncycastle.net.au, 1
+bouncycastlehire-norwich.com, 1
+bouncycastlehire.co.uk, 1
+bouncycastlehireauckland.co.nz, 1
+bouncycastlehirebexley.co.uk, 1
+bouncycastlehirechelmsford.org.uk, 1
+bouncycastlehirehull.co.uk, 1
+bouncycastlehirelouth.co.uk, 1
+bouncycastlehiremalvern.co.uk, 1
+bouncycastlehiresurrey.co.uk, 1
+bouncycastlehirewinchester.co.uk, 1
+bouncycastleman.co.uk, 1
+bouncycastleparade.com, 1
+bouncycastlesgalway.com, 1
+bouncycastleshire.co.uk, 1
+bouncycastlesin.co.uk, 1
+bouncycastlesinderby.co.uk, 1
+bouncycastlesisleofwight.co.uk, 1
+bouncycastlesmonaghan.com, 1
+bouncycastlesperth.net, 1
+bouncycastlessheerness.co.uk, 1
+bouncydays.co.uk, 1
+bouncygiggles.com.au, 1
+bouncyhigher.co.uk, 1
+bouncykingdom.co.uk, 1
+bouncykings.co.uk, 1
+bouncykingsnortheast.co.uk, 1
+bouncykingsofleicester.co.uk, 1
+bouncymacs.co.uk, 1
+bouncyrainbows.co.uk, 1
+bouncytime.co.uk, 1
+bound2bounce.co.uk, 1
+boundaryford.com, 1
+boundaryvets.co.uk, 1
+boundladies.ga, 1
+boundless-designs.com, 1
+bounouh.tk, 1
+bountiful.gov, 1
+bounty.fund, 1
+bounty.software, 1
+bountyfactory.io, 0
+bountyhunter.tk, 1
+bountyhunteredu.org, 1
+bountyhuntermetaldetector.tk, 1
+bourasse.fr, 1
+bourbo.net, 1
+bourbonridgeretreat.com, 1
+bourestonmedia.com, 1
+bourgeoisdoor.com, 1
+bourgeoisdoorco.com, 1
+bourhis.info, 1
+bourne-ma.gov, 1
+bournefun.co.uk, 1
+bourrasque-info.org, 1
+bourrelier.be, 1
+bourse-aux-jouets.org, 0
+bourse-aux-vetements.org, 0
+bourse-puericulture.org, 0
+bourseauxservices.com, 1
+bourtalm.fr, 1
+boutique.be, 1
+boutiquedecanetas.com.br, 1
+boutiquedelhogar.cl, 1
+boutiquedoartista.com.br, 1
+boutiqueguenaelleverdin.com, 1
+boutiqueinove.com.br, 1
+boutiquesette.bg, 1
+boutoncoupdepoing.fr, 1
+bouvier-des-flanders.com, 1
+bouville.fr, 1
+bouw.live, 1
+bouwbedrijfdesmet.be, 1
+bouwbedrijfjstam.nl, 1
+bouwbedrijfkorstanje.nl, 1
+bouwma.nl, 1
+bouwplaatscheckin.nl, 1
+bouwstenen.com, 1
+bouzouada.com, 1
+bouzouks.net, 1
+bovenwebdesign.nl, 1
+bovileva.com.ua, 1
+bovworkplacepensions.com, 1
+bowdens.me, 1
+bowdoinmaine.gov, 1
+bowelcontroltherapy.com, 1
+bowhill.me, 1
+bowhunter-ahorn.de, 0
+bowlcake.fr, 1
+bowldirectoryest.ga, 1
+bowlfed.com, 1
+bowlidex.com, 1
+bowling.com, 1
+bowmanwilliams.com, 0
+bowmar.gov, 1
+bownhpd.gov, 1
+bowntycdn.net, 1
+bowwowinsurance.com.au, 1
+box.bz, 1
+box2.cz, 1
+boxalouer78.fr, 1
+boxbuttecountyne.gov, 1
+boxclaw.com, 1
+boxclub-marburg.de, 1
+boxcritters.wiki, 1
+boxcryptor.com, 0
+boxdevigneron.fr, 1
+boxdroplacrosse.com, 1
+boxeomexicano.tk, 1
+boxer-shorts.net, 1
+boxerdogdiaries.com, 1
+boxerdogsaspets.com, 1
+boxhall.co.uk, 1
+boxing-kangaroo.ga, 1
+boxing-videos.com, 1
+boxing247.com, 1
+boxingclubduval.com, 1
+boxingnews.co, 1
+boxingnews24.com, 1
+boxingrankings.co, 1
+boxingschedule.co, 1
+boxintense.com, 0
+boxiruem.ru, 1
+boxlegal.es, 1
+boxmail.cn, 1
+boxmania.tk, 1
+boxofficebengal.tk, 1
+boxofficefunding.com, 1
+boxofninjas.ca, 1
+boxoptions.com, 1
+boxpark.co.uk, 1
+boxpirates.to, 0
+boxsite.ga, 1
+boxtreeclinic.com, 1
+boxtub.com, 1
+boxturtlesaspets.com, 1
+boxview.com, 1
+boyard.tk, 1
+boycewire.com, 1
+boydcorp.com, 1
+boydstree.com, 1
+boydwi.gov, 1
+boygirl.tk, 1
+boyhost.cn, 1
+boyinglanguage.com, 1
+boykovo.tk, 1
+boylecountyky.gov, 1
+boyo.cloud, 1
+boyscoutcampcars.cf, 1
+boyscouts.tk, 1
+boyscoutschile.tk, 1
+boyson.tech, 1
+boysontech.com, 1
+boysorebro.tk, 1
+boywife.space, 1
+bozdech.eu, 1
+bozenadusseau.tk, 1
+bozhok.tk, 1
+bozit.com.au, 1
+bp-app.de, 1
+bp-systems.ovh, 1
+bpa.gov, 1
+bpadvisors.eu, 1
+bparlay.com, 1
+bpastudies.org, 1
+bpbdpadangsidimpuan.id, 1
+bpd.nl, 1
+bphostels.com, 1
+bpinvest.ch, 1
+bpisites.eu, 1
+bplan.tk, 1
+bpm-free.de, 1
+bpo.ovh, 1
+bpol-forum.de, 1
+bpreguica.com.br, 1
+bpsdev.org.uk, 1
+bpsis.fr, 1
+bpvgoncalves.com, 1
+bpvr.ddns.net, 1
+bpvr.nl, 1
+bqcp.net, 1
+bqp.io, 0
+bqr.ch, 0
+bqtoolbox.com, 1
+br-1xbet.com, 1
+br-hq.net, 1
+br-miyamoto.spdns.org, 1
+br.search.yahoo.com, 0
+br.to, 1
+br1334shop.com.br, 1
+br3in.nl, 0
+br7.ru, 1
+br8.pl, 1
+bra-horapparat.se, 1
+bra360.com, 1
+braathe.no, 1
+brabantia.com, 1
+braccialini.tk, 1
+bracebridgechiro.com, 1
+bracelet-chakras.com, 1
+braces-supports.tk, 1
+bracesbyberry.com, 1
+bracesjourney.com, 1
+brachotelborak.com, 1
+bracken.jp, 1
+bracket.land, 1
+bracketofficial.com, 1
+brackets-salad.com, 1
+brackettvilletx.gov, 1
+bracknellvets.co.uk, 1
+bractwogothica.ml, 1
+brad.fi, 1
+bradeales.com, 1
+bradentonfl.gov, 1
+bradfordcountypa.gov, 1
+bradfordhottubhire.co.uk, 1
+bradfordwoods.gov, 1
+bradler.net, 0
+bradturveyofficial.tk, 1
+bradyosborne.com, 1
+bradypatterson.com, 1
+braemer-it-consulting.de, 1
+bragasoft.com.br, 0
+bragaweb.com.br, 1
+braggalabel.cf, 1
+bragis.nl, 1
+brahammn.gov, 1
+brahma.world, 1
+brahmins.com, 1
+braiampeguero.xyz, 1
+braidice.ga, 1
+brailsford.xyz, 1
+brain-club.info, 1
+brain-e.co, 1
+brain-force.ch, 1
+brain-storm.ml, 1
+brain.gov, 1
+brainatwork.it, 1
+brainball.fr, 0
+brainbashers.com, 1
+brainboxai.com, 1
+brainburger101.tk, 1
+brainbus.com, 1
+braincandy.com, 1
+braincorebismarck.com, 1
+brainefive.com, 1
+brainfeed.nl, 1
+brainfirm.com, 1
+brainguru.co.in, 1
+brainguru.in, 1
+brainhealth.gov, 1
+brainhub.nl, 1
+brainit.at, 1
+brainjuice.tk, 1
+brainmade.tk, 1
+brainmanager.io, 1
+brainobeat.com, 1
+brainotony.com, 1
+brainoutlevel.com, 1
+brainporteindhoven.com, 1
+brainps.org, 1
+brainrush.ga, 1
+brainserve.ch, 0
+brainserve.com, 0
+brainserve.swiss, 0
+brainshare.tk, 1
+brainshit.fr, 1
+brainsik.net, 1
+brainsoftict.nl, 1
+brainspawn.tk, 1
+brainstache.com, 1
+brainstew.tk, 1
+brainstormproductions.tk, 1
+braintensive.com, 1
+braintonus.tk, 1
+braintreevt.gov, 1
+brainup-clinic.com, 1
+brainvation.de, 1
+brainware-india.com, 1
+brakebills.org, 1
+brakemanpro.com, 1
+brakomecov.tk, 1
+brallog.tk, 1
+bralnik.com, 1
+bramberheights.com, 1
+brambevers.tk, 1
+bramblerealestate.com, 1
+brambles.com, 1
+brambleski.com, 1
+bramburek.net, 1
+bramfri.dk, 1
+bramhallsamusements.com, 1
+bramhopetails.uk, 1
+bramois.tk, 1
+bramptonaikikai.tk, 1
+bramptonscrapcarremoval.com, 1
+bramsikkens.be, 1
+bramstaps.nl, 1
+bramvanaken.be, 1
+bramygrozy.pl, 1
+bran.cool, 1
+bran.land, 1
+bran.pw, 1
+bran.soy, 1
+bran.to, 1
+branaher.cz, 1
+branch-bookkeeper.com, 1
+branch.ga, 1
+branchchristianschool.org.uk, 1
+branchenbuch-potsdam.com, 1
+branchrvparktexas.com, 1
+branchtobox.com, 1
+branchtrack.com, 1
+brand-design.studio, 1
+brandabaski.tk, 1
+brandand.co.uk, 1
+brandarkitekt.com, 1
+brandathon.be, 1
+brandathon.nl, 1
+brandbags.gr, 1
+brandbastion.com, 1
+brandbook.io, 1
+brandcodestyle.com, 0
+brandfactory.ml, 1
+brandfeatured.com, 1
+brandfolder.com, 1
+brandfoto.com, 1
+brandhost.tk, 1
+brandhout-b-tree.be, 1
+brandingclick.com, 1
+brandingcoapps.com, 1
+brandingforthepeople.com, 1
+brandinspiration.fr, 1
+brandjapan.com, 1
+brandketers.com, 1
+brandmixer.ru, 1
+brandmovers.co, 1
+brandnous.ca, 1
+brandnucreations.com, 1
+brando753.xyz, 1
+brandon-manilow.tk, 1
+brandon.so, 0
+brandonbonine.com, 1
+brandoncricket.tk, 1
+brandondivorcelawyer.com, 1
+brandongevallen.tk, 1
+brandongomez.me, 1
+brandonhaynesmd.com, 1
+brandonhubbard.com, 1
+brandonjacksonphoto.com, 1
+brandonlin.me, 1
+brandonlui.com, 1
+brandonlui.ml, 1
+brandons.site, 1
+brandontaylor-black.com, 1
+brandonwalker.me, 1
+brandosvault111.ca, 1
+brandrocket.dk, 1
+brands-clothings.tk, 1
+brands-polo.cf, 1
+brands-polo.gq, 1
+brands-sports.com, 1
+brandsafe.io, 1
+brandsclub.tk, 1
+brandstead.com, 1
+brandt.tech, 1
+brandtechdesign.co.uk, 1
+brandtrapselfie.nl, 1
+brandweer-almelo.tk, 1
+brandweer-sgravendeel.tk, 1
+brandweerbarboek.nl, 1
+brandweercapcodes.tk, 1
+brandweeredam.tk, 1
+brandweerfraneker.nl, 1
+brandweergent.be, 1
+brandweergrijpskerk.tk, 1
+brandweerhalsteren.tk, 1
+brandweermodelbouw.tk, 1
+brandweerpuch.tk, 1
+brandweerrooster.nl, 1
+brandweertrainingen.nl, 1
+brandweeruitgeest.nl, 1
+brandweerweb.tk, 1
+brandwizo.com, 1
+branefive.com, 1
+branemusic.com, 1
+braniebananie.nl, 1
+brank.as, 1
+brankor.net, 1
+brankor.rs, 1
+branobratoz.tk, 1
+bransive.com.au, 1
+bransonwestmo.gov, 1
+brantleycounty-ga.gov, 1
+branw.xyz, 0
+brard.it, 1
+brasas.ec, 1
+brasco.tk, 1
+brasdir.com, 1
+brashear.me, 1
+brasil66.tk, 1
+brasilandia.tk, 1
+brasilcheats.tk, 1
+brasilduino.tk, 1
+brasiliademinasnet.tk, 1
+brasilianskbikini.se, 1
+brasillifeoficial.tk, 1
+brasilmatamata.ml, 1
+brasilmedia.com, 1
+brasilmobi.cf, 1
+brasiltopnews.tk, 1
+brasilwear.biz, 1
+brasilweb.tk, 1
+braslet-bianshi.tk, 1
+braspetdf.com.br, 1
+brasrede.com.br, 1
+brass.host, 1
+brassbandwarmond.tk, 1
+brasseursdubois.com, 1
+brasshow.com.br, 1
+brasspipedreams.org, 1
+bratan.ga, 1
+bratkartoffelking.de, 1
+bratstvo.tk, 1
+bratt.tk, 1
+bratteng.com, 0
+bratteng.me, 1
+bratteng.solutions, 1
+brattleboro.gov, 1
+bratunaconline.tk, 1
+brau-ingenieur.de, 1
+braudoktor.de, 1
+brauer-augenoptik.de, 1
+brauingenieur.de, 1
+braun-russia.ru, 1
+braunbergerfreelance.com, 1
+braunsteinpc.com, 1
+braunwarth.info, 0
+brausch.co.nz, 1
+brauschtrucking.co.nz, 1
+brausestube.de, 1
+brave-foods.ch, 0
+brave-foods.com, 0
+brave.com, 1
+braveagency.com.au, 1
+bravebaby.com.au, 1
+bravebiz-news.tk, 1
+bravegk.com.ua, 1
+bravelittlesquirrel.com, 1
+bravelocation.com, 1
+bravelychoc.com, 1
+bravenboer.tk, 1
+bravewiki.tk, 1
+bravga.com, 1
+bravica.tk, 1
+bravo.bi, 1
+bravoasociados.com, 1
+bravobet.et, 1
+bravodeal.com, 1
+bravodescuento.es, 1
+bravogutschein.at, 1
+bravogutschein.de, 1
+bravokorting.nl, 1
+bravokupony.pl, 1
+bravopromo.be, 1
+bravopromo.fr, 1
+bravosconto.it, 1
+bravovoucher.co.uk, 1
+bravurabusinessconsulting.com, 1
+bravurasolutions.com, 1
+brawin.cf, 1
+brawlstarsitalia.com, 1
+braxtoncountywv.gov, 1
+braxtonehle.com, 1
+braychappell.com, 1
+brayden.gq, 1
+braynblog.ml, 1
+brazenfol.io, 1
+brazilh2.com.br, 1
+brazilian-human-hair-extension.tk, 1
+brazilian.dating, 1
+brazilianbikinishop.com, 1
+braziliantop.com, 1
+braziliaskincare.com, 1
+brazillens.com, 1
+brazoriacountyclerktx.gov, 1
+brazzers.com, 1
+brazzersnetwork.com, 1
+brazzersvod.com, 1
+brb.city, 1
+brba.nl, 1
+brbt.eu, 1
+brbt.net, 1
+brc.fj.cn, 1
+brck.nl, 1
+brcshipsupply.com, 1
+breachdata.io, 1
+breachlock.com, 1
+breachmedia.ca, 0
+bread.fish, 1
+breadandlife.org, 0
+breadheads.net, 1
+breadmash.tk, 1
+breadpirates.chat, 1
+breakberlin.tk, 1
+breakcraft.tk, 1
+breakdancer.tk, 1
+breakerlink.com, 1
+breakeven.tk, 1
+breakfastcafe.tk, 1
+breakfree.tk, 1
+breakingdeal.fr, 1
+breakingnewskenya.tk, 1
+breakingthesilence.org.il, 1
+breakinoutpr.com, 1
+breakmaps.net, 1
+breakofdawn.tk, 1
+breakpoint.at, 1
+breaksome.tech, 1
+breakthroughenergy.org, 1
+breakwall.ml, 1
+breaky.de, 1
+breard.tf, 1
+breastaugmentationky.com, 1
+breastbuysers.ga, 1
+breastbuysest.ga, 1
+breastdensitynj.com, 1
+breastenlargement.gq, 1
+breathe-easy.tk, 1
+breathedreamgo.com, 0
+breathingblanket.com, 0
+breathingsound.ml, 1
+breathingspace.scot, 1
+breathlesssheranda.tk, 1
+brechadigital.tk, 1
+brecht.ch, 1
+breckle.com.ua, 1
+brecknell.biz, 1
+brecknell.com, 1
+brecknell.info, 1
+brecknell.name, 1
+brecknell.net, 1
+brecknell.org, 1
+breda.computer, 1
+bredabeds.com, 1
+bredahooligans.tk, 1
+bredband.fi, 1
+breechdepot.com, 1
+breederpodcast.com, 1
+breederworld.dog, 1
+breen.com.br, 1
+breezyapp.hu, 1
+breezypointmn.gov, 1
+breffa.pl, 1
+brefy.com, 1
+brege.org, 1
+bregmanfance.com, 1
+bregnedal.dk, 1
+bregnedalsystems.dk, 1
+bregroup.com, 1
+brehoni.cz, 0
+breinify.ai, 1
+breinify.com, 1
+breitband.bz.it, 1
+breizh.pm, 1
+breizhetho.com, 1
+breizhpuffy.org, 1
+breket.ml, 1
+brelin.tk, 1
+brellich.eu, 1
+breloque.com, 1
+bremen-restaurants.de, 1
+bremensaki.com, 1
+bremerfriedensforum.de, 1
+breml.com, 1
+bremsscheiben.com, 1
+brenbarnes.com, 1
+brenbarnes.com.au, 0
+brendabecker.com, 1
+brendanbatliner.com, 1
+brendancroker.tk, 1
+brendanfarmer.ga, 1
+brendanreev.es, 1
+brendanscherer.com, 1
+brendasartstudio.com, 1
+brentalbright.tk, 1
+brentfieldschools.cf, 1
+brentnewbury.com, 1
+brentonico.com, 1
+brentsoslibraries.org.uk, 1
+bresciatoday.it, 1
+breshka.be, 1
+bressem.com, 0
+brest-bel.tk, 1
+brest-biz-belarus.tk, 1
+brest-brest.tk, 1
+brest-master.tk, 1
+brest-news.tk, 1
+brest-region.tk, 1
+brest.fr, 0
+brest24.tk, 1
+brestnews.tk, 1
+brestradio.tk, 1
+brestshop.tk, 1
+bretcarmichael.com, 1
+breteuilcommerceartisanat.com, 1
+breton.pm, 1
+bretonhouse.ca, 1
+bretonstripe.com, 1
+brett.ml, 1
+brettabel.com, 1
+brettcornwall.com, 1
+bretti.net, 1
+brettlawyer.com, 1
+brettlfohra.tk, 1
+brettpostin.com, 1
+brettw.xyz, 1
+bretzner.fr, 0
+brevboxar.se, 1
+breve-tufvassons.ru, 1
+brevent.sh, 1
+brew.fi, 1
+brew.sh, 1
+brewcentralny.com, 1
+brewin.ml, 1
+brewit.online, 1
+brewmovers.com, 1
+brewsouth.com, 1
+brewspark.co, 0
+brex.money, 1
+brex.pw, 1
+brexit.tk, 1
+breyerslakeshoreresort.com, 1
+breyerslakesideresort.com, 1
+breyersresort.com, 1
+brezani.tk, 1
+breznet.com, 0
+brf-tradgarden.se, 1
+brferramentas.com.br, 1
+brfvh24.se, 1
+brg.to, 1
+brgins.com, 1
+brgsmartcity.com, 1
+brguk.com, 1
+brhanhaki.org, 1
+bri.fyi, 1
+bri.net.br, 1
+brian-ormond.tk, 1
+brian.gq, 0
+brianalaway.com, 1
+brianalawayconsulting.com, 1
+briandwells.com, 0
+brianfanzo.com, 1
+brianfoshee.com, 1
+briangarcia.ga, 1
+brianjohnson.co.za, 1
+brianjosephdavis.tk, 1
+briankanode.com, 1
+briankavanaugh.com, 1
+brianlachapelle.tk, 1
+brianlanders.us, 1
+brianleejackson.com, 1
+brianleemarketing.com, 1
+brianm.com, 1
+brianmwaters.net, 1
+brianna.tk, 1
+brianoost.com, 1
+brianpagan.net, 1
+brianregan.com, 0
+brianroadifer.com, 1
+briansemrau.com, 1
+briansmith.org, 1
+briantafoya.com, 1
+brianum.de, 1
+brianum.net, 1
+brianvalente.tk, 1
+brianwesaala.com, 0
+brianwilson.tk, 1
+briarcliffmanor.gov, 1
+briarpatchfrenchiesandpugs.com, 1
+briarproject.org, 1
+bribriescolawfirm.com, 1
+brickadia.com, 1
+brickell.com, 1
+brickfilmfestival.tk, 1
+brickftp.com, 1
+brickland.tk, 1
+bricks-clicks.com, 1
+bricks4kidzelearn.com, 1
+bricksandmotor.co.uk, 1
+brickstreettrio.com, 1
+brickvortex.com, 1
+brickweb.co.uk, 1
+brickwerks.io, 1
+bricmon.tk, 1
+bricolajeux.ch, 0
+bricomag-media.com, 1
+bricomium.com, 1
+brid.gy, 0
+bridal.tk, 1
+bridalfabrics.ru, 1
+bridalgallerysalem.com, 1
+bridalreflections.com, 1
+bridalshoes.com, 1
+bridalweddingshow.ga, 1
+bride.vn, 1
+bridebook.com, 1
+bridesbouquet.ml, 1
+bridestarco.com, 1
+bridge-online.cloud, 1
+bridge-to-knowledge.nl, 1
+bridge-xs.com, 1
+bridge.nl, 1
+bridgecitytx.gov, 1
+bridgecon.com.au, 1
+bridgedigest.cf, 1
+bridgedigest.tk, 1
+bridgedigestest.ga, 1
+bridgedirectoutreach.com, 1
+bridgefield.de, 1
+bridgeforcefinancial.com, 1
+bridgeitsolutions.com.au, 1
+bridgemanualest.ga, 1
+bridgement.com, 1
+bridgeout.com, 1
+bridgepayday.ph, 1
+bridgeportlaboratory.tk, 1
+bridgeportne.gov, 1
+bridgeportwv.gov, 1
+bridgercanyonfiremt.gov, 1
+bridges.ml, 1
+bridgesinbelize.org, 1
+bridgethailand28chidlom.com, 1
+bridgetmcauliffe.ie, 1
+bridgetonmo.gov, 1
+bridgetownrecords.tk, 1
+bridgetroll.org, 1
+bridgewaterma.gov, 1
+bridholm.se, 1
+bridozia.com, 1
+briefassistant.com, 1
+briefbiz-news.tk, 1
+briefly.ru, 1
+briefs.in.th, 1
+briefvorlagen-papierformat.de, 1
+briellenj.gov, 1
+briffoud.fr, 1
+brigadasazules.tk, 1
+brigady.tk, 1
+brigantinebeach.org, 1
+briggsandlittle.com, 1
+briggsleroux.com, 1
+brighouse-leisure.co.uk, 1
+bright-s.net, 1
+brightback.com, 1
+brightbiz-news.tk, 1
+brightblue.cf, 1
+brightbock.co.uk, 1
+brightbock.com, 1
+brightbock.net, 1
+brightbock.org, 1
+brightbock.tw, 1
+brightbock.uk, 1
+brightday.bz, 1
+brightendofleasecleaning.com.au, 0
+brighterimagelab.com, 1
+brightfuturemadebyme.com, 1
+brightgk.com, 1
+brightideaspromotional.co.uk, 1
+brightmachines.com, 1
+brightmls.com, 1
+brightmovers.com, 1
+brightonbank.com, 1
+brightonbouncycastles.net, 1
+brightonchilli.org.uk, 1
+brightonfc.tk, 1
+brightongrowlights.ga, 1
+brightonncmachine.com, 1
+brightonvt.gov, 1
+brightonvt.org, 1
+brightpool-markets.com, 1
+brightside.com, 1
+brightsparks.com.sg, 1
+brightsport-news.tk, 1
+brighttax.com, 1
+brighttomorrowproductions.com, 1
+brightvalley.com.au, 1
+brightview.net.cn, 1
+brightwakeintranet.co.uk, 1
+brightzonecleaning.com.au, 1
+brightzoneofficecleaning.com.au, 1
+brigidaarie.com, 1
+brigittaseasons.com, 1
+brigittaspromise.org, 1
+brigittebutt.tk, 1
+brigittefontaine.tk, 1
+brignier.com, 1
+brilalux.pe, 1
+brileytownshipmi.gov, 1
+briliant.tk, 1
+brilliancesecuritymagazine.com, 1
+brilliant-minds.tk, 1
+brilliant.plumbing, 1
+brilliantbouncyfun.co.uk, 1
+brilliantproductions.co.nz, 1
+brillie.tk, 1
+brillio.com, 1
+brillionwi.gov, 1
+brillionworks.com, 1
+brimspark.com, 1
+brimspark.systems, 1
+brindabantheatre.tk, 1
+brindesgrafica.com.br, 1
+brindisireport.it, 1
+brindocorp.tk, 1
+bring-heaven.com, 1
+bringfido.com, 1
+bringform.ml, 1
+bringonbusiness.com, 1
+brinker.com, 1
+brinkhu.is, 1
+brinksurl.com, 1
+brinokidzonline.tk, 1
+brio-shop.ch, 1
+brio-ukraine.store, 1
+brio.news, 1
+briograce.com.mx, 1
+brioukraine.store, 1
+brisamar8.de, 1
+brisbanecashforcars.com.au, 1
+brisbanelogistics.com.au, 1
+brisbanerecordbar.com.au, 1
+brisbine.cloud, 1
+brisceremony.com, 1
+brisignshop.com.au, 1
+brisp.nl, 1
+brisq.design, 1
+bristebein.com, 1
+bristolandwestonsuperbounce.com, 1
+bristolctwatersewer.gov, 1
+bristolmoneyman.com, 1
+bristowpoliceok.gov, 1
+brit-thoracic.org.uk, 1
+britania.tk, 1
+britanicasalud.com.ar, 1
+britannia-jewellery.co.uk, 1
+britannia.no, 1
+britanniapandi.com, 1
+britanniawellness.com, 1
+britelocate.com, 1
+british-assessment.co.uk, 1
+britishairlinesflights.com, 1
+britishbee.org.uk, 1
+britishbee.uk, 1
+britishbeef.com, 1
+britishbeekeepers.com, 1
+britishbeekeepers.net, 1
+britishbeekeepers.org, 1
+britishbeekeepers.org.uk, 1
+britishbeekeepers.uk, 1
+britishbeekeepersassociation.org.uk, 1
+britishbookmakers.co.uk, 1
+britishbullshitfoundation.cf, 1
+britishbullshitfoundation.ga, 1
+britishbullshitfoundation.ml, 1
+britishchronicles.com, 1
+britishgeneralelection.cf, 1
+britishgeneralelection.ga, 1
+britishgeneralelection.ml, 1
+britishgroupsg.com, 1
+britishmeat.com, 1
+britishpearl.com, 1
+britishpropoliss.my.id, 1
+britishrafting.com, 1
+britishsfaward.org, 1
+britishsnoring.co.uk, 1
+britney-galaxy.com, 1
+britneyclause.com, 1
+britneymanias.tk, 1
+britneyuniverse.com, 1
+britofootball.com, 1
+britsoc.co.uk, 1
+brittainconsulting.ca, 1
+brittany.com.ph, 1
+brittanyferriesnewsroom.com, 1
+brittas-world.tk, 1
+brivawn.com, 1
+brix-central.tk, 1
+brixxonline.nl, 1
+brizawen.com, 1
+brizzo.net, 1
+brk-t.com, 1
+brk-t.org, 1
+brk.dk, 1
+brk.st, 1
+brkt.cc, 1
+brkt.church, 1
+brktkiliseleri.com, 1
+brktkiliseleri.org, 1
+brlcontracting.com.au, 1
+brmascots.com, 1
+brmnn.de, 1
+brmsalescommunity.com, 1
+brn.by, 1
+brn.is, 0
+brnogame.com, 1
+brnogame.cz, 1
+brnogame.online, 1
+brnohra.com, 1
+brnohra.cz, 1
+brnohra.online, 1
+brnojebozi.cz, 1
+brnr.link, 1
+brnrx.com, 1
+broadax.ml, 1
+broadbandchoices.co.uk, 1
+broadbandexposed.co.uk, 1
+broadbandmap.gov, 1
+broadbiz-news.tk, 1
+broadcastlistingers.ga, 1
+broadcastlistingest.ga, 1
+broadcastrealtimeest.ga, 1
+broadcasttowerers.ga, 1
+broadfoundation.org, 1
+broadjournalest.ga, 1
+broadleft.org, 1
+broadsheet.com.au, 1
+broadstreetalerts.com, 1
+broadwayfamilydentalpc.com, 1
+broadwaytravel.com, 1
+broadwayva.gov, 1
+broadwayvets.co.uk, 1
+broansunited.tk, 1
+broca.dk, 1
+broca.io, 0
+brock.guide, 1
+brockenhurstguide.com, 1
+brockenhurstonline.com, 1
+brockwayministorage.com, 1
+brockwaytwpmn.gov, 1
+brocos.io, 1
+brodahose.com.au, 0
+brodowski.cc, 1
+brody.digital, 1
+brody.ninja, 1
+broe.ie, 1
+broedersvanliefde.be, 1
+broemp.de, 1
+broerbv.nl, 0
+broersma.com, 1
+broerweb.nl, 1
+broeselei.at, 0
+broilertrade.com, 1
+brojagraphics.de, 1
+broke.network, 1
+brokeinkorea.tk, 1
+brokenbiz-news.tk, 1
+brokenbowokpd.gov, 1
+brokencityllc.ga, 1
+brokendollsmuseum.com, 1
+brokenhands.io, 1
+brokenminds.tk, 1
+brokenneckgang.com, 1
+brokenrevolution.com, 1
+brokenships.com, 1
+brokensword.tk, 1
+brokentoaster.tk, 1
+broker4u.com, 1
+brokerdecredite.ro, 1
+brokerlink.ca, 1
+brokernews.com.au, 1
+brokernotes.co, 1
+brokerstalk.com, 1
+brokeryouers.ga, 1
+brokeryouest.ga, 1
+brokfolio.com, 1
+brokgency.com, 1
+brollopsfotografkalmar.com, 1
+brols.eu, 1
+bromfietsman.tk, 1
+bromideas.ga, 1
+bromo.com, 1
+bromonetwork.com, 1
+brompton-cocktail.com, 1
+bronco-atodogalope.tk, 1
+bronevichok.ru, 1
+brontech.com, 1
+bronwynlewis.com, 1
+bronx-ny-dentist.com, 1
+bronya.moe, 1
+broochwithme.com, 1
+broodbesteld.nl, 1
+broodingblogger.com, 1
+brookecountywv.gov, 1
+brookfordnc.gov, 1
+brookframework.org, 1
+brooklakeevents.com, 1
+brooklinenh.gov, 1
+brooklyn-drain-queens-sewer.com, 1
+brooklynboyblues.cf, 1
+brooklynboyblues.ga, 1
+brooklynboyblues.ml, 1
+brooklyncentermn.gov, 1
+brooklyndecker.tk, 1
+brooklynentdoc.com, 1
+brooklynparkmn.gov, 1
+brooklynrealestateblog.com, 1
+brooklyntheborough.com, 1
+brooklyntownwashburnwi.gov, 1
+brooklynveinandvascular.com, 1
+brookscountyga.gov, 1
+brookshirebrothers.com, 1
+brooksideas.ga, 1
+brookskolb.com, 1
+brooksrents.com, 1
+brookstonelc.com, 1
+brookvillepoliceny.gov, 1
+brookz.nl, 1
+broomcastle.com, 1
+broomcastle.eu, 1
+broomcastle.net, 1
+broomcastle.org, 1
+broomcastle.social, 1
+broomorchard.com, 1
+brosay-legko.ml, 1
+brossman.it, 1
+brossmanit.com, 1
+brotaufstriche.com, 1
+brother.com.hk, 1
+brothersinbeetles.tk, 1
+brottsfiltret.tk, 1
+brotwurz.de, 1
+brou.com.uy, 1
+brouillard.ch, 0
+brouskat.be, 1
+brouwer-greonterp.nl, 1
+brouwerijdeblauweijsbeer.nl, 0
+brovary-eda.kiev.ua, 1
+brovelton.com, 0
+browardvotes.gov, 1
+browfai.casa, 1
+brown-bros.ca, 1
+brownacres.nz, 1
+brownandjoseph.com, 1
+brownavto-news.tk, 1
+browncoil.gov, 1
+browncountyne.gov, 1
+browncountytx.gov, 1
+browndeerwi.gov, 1
+brownforces.desi, 1
+brownforces.org, 1
+brownie.plus, 1
+brownpipe.app.br, 1
+brownstownmi.gov, 1
+brownsville360.org, 1
+brownsvillewi.gov, 1
+browntiger.tk, 1
+browntowncountryclub.com, 1
+brownwolfstudio.com, 0
+brownwoodnews.cf, 1
+browsbybecca.ca, 1
+browse-china.com, 1
+browse-tutorials.com, 1
+browselog.com, 1
+browsemycity.com, 1
+browser.style, 1
+browserleaks.com, 1
+brpmanuals.com, 1
+brq.com, 1
+brr.fyi, 1
+brrr.fr, 1
+brsvcs.in, 1
+brtve.tk, 1
+bru6.de, 1
+brubaker.ac, 1
+brubaker.cc, 1
+brubakerairconditioningrepair.com, 1
+brubankv1-staging.azurewebsites.net, 1
+bruce-springsteen.tk, 1
+brucebenes.com, 1
+bruceleeitems.com, 1
+brucemines.ca, 1
+bruckner.li, 1
+brudevelopments.ca, 1
+brudkista.nu, 1
+brudkista.se, 1
+brudkistan.nu, 1
+brudkistan.se, 1
+bruechner.net, 1
+brueggers.com, 1
+brueggi.tk, 1
+brueser-gmbh.de, 1
+brugerklub.info, 1
+brugia.com, 1
+brugpensioen.tk, 1
+bruhcontent.ru, 1
+bruidstaarten.tk, 1
+bruitparif.fr, 1
+brujoincaperuano.com, 1
+bruk2fa.no, 1
+brukalai.lt, 1
+brulewi.gov, 1
+brun-despagne.com, 1
+brun.rocks, 1
+bruna-cdn.nl, 1
+brunamarquezine.tk, 1
+brunanet.tk, 1
+brunchandmatch.be, 1
+bruneaufamily.digital, 1
+brunella.tk, 1
+brunetderochebrune.com, 0
+brunettipesco.com, 1
+brunhild.com, 1
+brunhilde.ml, 1
+brunner.ninja, 1
+bruno-pelletier.tk, 1
+brunoamaral.eu, 1
+brunobattaglia.tk, 1
+brunobeauvoir.com, 1
+brunocesarlima.com.br, 1
+brunodomingos.com, 1
+brunohenc.from.hr, 1
+brunolt.nl, 1
+brunoperetti.com.br, 1
+brunoramos.com, 0
+brunoreno.be, 1
+brunoriguzzi.io, 1
+brunosampaioblog.com, 1
+brunroom.tk, 1
+brunswick.com, 0
+brunswickcove.com, 1
+brunswickncsheriff.gov, 1
+brush.ninja, 1
+brushcreekyachts.com, 1
+brushscene.de, 1
+brushyourideas.com, 1
+brusselsbe.tk, 1
+brusselsexpolive.ga, 1
+brusselsexpoloft.ga, 1
+brusselsexpostudio.ga, 1
+brusselslouisepenthouse.ga, 1
+brusselslouisestudio.ga, 1
+brusselsmidiapartment.ga, 1
+brusselsmidistudio.ga, 1
+brusselspackagesers.ga, 1
+brusselspackagesest.ga, 1
+brusselswestapartment.ga, 1
+brust-zentrum.ch, 1
+brutal.systems, 1
+brutalica.tk, 1
+brutality.cf, 1
+brutdecom.fr, 1
+brutecloud.com, 1
+brutosanetos.com, 1
+brutosshopping.com, 1
+brutus2.ga, 0
+bruun.co, 1
+bruxserv.net, 1
+bruyerre.eu, 1
+brw-shop.by, 1
+brweb.tk, 1
+brwebsolutions.tk, 1
+brwn.loan, 1
+brws.to, 1
+bryanarmijomd.com, 1
+bryancastillo.site, 1
+bryancountyga.gov, 1
+bryandesrosiers.com, 1
+bryandrakedrivingschool.co.nz, 1
+bryandunnewald.com, 1
+bryanfalchuk.com, 1
+bryankaplan.com, 1
+bryanley.com, 1
+bryanquigley.com, 1
+bryanski.tk, 1
+bryantluk.com, 1
+bryantx.gov, 1
+bryceml.us, 1
+bryggebladet.dk, 1
+bryte-rp.tk, 1
+brzc.st, 1
+brztec.com, 1
+bs-facilityservice.ch, 0
+bs-network.net, 1
+bs-security.com, 1
+bs.sb, 1
+bs.to, 1
+bs2k.me, 1
+bsa-dom.ru, 1
+bsa157.org, 1
+bsaab.se, 1
+bsaft.ml, 1
+bsale.com.au, 1
+bsalyzer.com, 1
+bsapack564.org, 1
+bsatroop1003.com, 1
+bsatroop3.com, 1
+bsatroop794.org, 1
+bsbet365.com, 1
+bsbnet.nl, 1
+bsc-rietz.at, 1
+bsc01.dyndns.org, 1
+bscc.support, 1
+bscquimicos.com.br, 1
+bscyb.ch, 1
+bsd-box.net, 1
+bsd-sec.com, 1
+bsd-unix.org, 1
+bsd.com.ro, 1
+bsd.gay, 1
+bsdbox.de, 1
+bsdex.de, 1
+bsdfreak.dk, 0
+bsdguru.net, 1
+bsdly.net, 1
+bsdracing.ca, 1
+bsdug.org, 1
+bsdunix.xyz, 1
+bsee.gov, 1
+bserved.de, 0
+bsf-knowledgecity.com, 1
+bsg.ro, 1
+bsgamanet.ro, 1
+bsgcredit.com, 1
+bsgcredit.ro, 1
+bsgexchange.ro, 1
+bsid-clan.com, 1
+bsidesf.com, 1
+bsidesf.org, 1
+bsidessf.com, 1
+bskhq.tk, 1
+bsktweetup.info, 1
+bslim-e-boutique.com, 1
+bslinguistics.co.uk, 1
+bslnow.co.uk, 1
+bslnowsigns.co.uk, 1
+bsmsl.com, 1
+bsn.cloud, 1
+bsnedu.org, 1
+bsociabl.com, 1
+bsod.me, 1
+bsp-southpool.com, 1
+bspecialfx.nl, 1
+bsq1492.com, 1
+bsrueti.ch, 1
+bss-solutions.net, 1
+bss-systems.net, 1
+bss.com.ph, 1
+bss.net.ph, 1
+bss.solutions, 1
+bss.systems, 1
+bss01.de, 1
+bsskorcz.pl, 1
+bssolvfagen-pre-storeswa-wap.azurewebsites.net, 1
+bsstainless.com, 1
+bst-brandschutz.at, 1
+bsteele.tk, 1
+bstoked.net, 1
+bsuess.de, 1
+bsurfcr.com, 1
+bsuru.xyz, 1
+bsw-solution.de, 1
+bswears.com, 1
+bsystem.net, 0
+bszoft.hu, 1
+bt-kc.de, 1
+bt121.com, 0
+bt123.xyz, 1
+bt3655.com, 0
+bt3657.com, 0
+bt3658.com, 0
+bt780.com, 1
+bt85.cn, 0
+bt9.cc, 0
+btarts.com.br, 1
+btbb.net, 1
+btc-alpha.com, 1
+btc-doge.ga, 1
+btc-wallet.tk, 1
+btcanalyse.com, 1
+btcarg.com.ar, 1
+btcarmory.com, 1
+btclients.tk, 1
+btcp.space, 1
+btcpop.co, 1
+btcrit.com, 1
+btcwip.com, 1
+btcx.com, 1
+btddd.com, 1
+btdirect.uk, 1
+btdproductions.tk, 1
+btea.online, 1
+btec.ae, 1
+bth.dance, 1
+bth.wtf, 1
+bticoin3king.cf, 1
+btid.tk, 1
+btine.tk, 1
+btleasing.md, 1
+btleasing.ro, 1
+btln.cloud, 1
+btln.de, 1
+btmic.ro, 1
+btnissanparts.com, 1
+btool.eu.org, 1
+btorrent.xyz, 1
+btrade.io, 1
+btrans.by, 1
+btraviswright.com, 1
+btraviswrightmps.com, 1
+btraviswrightmps.org, 1
+btrb.ml, 1
+btrfs.no, 1
+btsapem.com, 1
+btsline.co.id, 1
+btsoft.eu, 1
+btsou.org, 1
+btsource.tk, 1
+btsous.org, 1
+btsresearch.com, 1
+btssiou.xyz, 1
+btsybt.com, 0
+btt-39.com, 1
+btt-59.com, 1
+btt882.com, 1
+btta13.com, 1
+btta16.com, 1
+btth.live, 1
+btth.pl, 1
+bttorj45.com, 1
+bttrade.com, 1
+bturboo.com, 1
+btvw.de, 1
+btwj.com, 1
+btwsa.tk, 1
+btxchange.io, 1
+bu-e.com, 1
+buai.cf, 1
+buai.gq, 1
+buai.ml, 1
+buai.tk, 1
+buatcvonline.com, 1
+buayacorp.com, 1
+bubalova.com, 1
+bubba.cc, 1
+bubbelwafel.nl, 1
+bubblebuttpics.com, 1
+bubbleclips.com, 1
+bubbleclips.net, 1
+bubbleclips.org, 1
+bubbleclipsnetwork.com, 1
+bubblegumblog.com, 1
+bubblelist.tk, 1
+bubblemedia.com, 1
+bubblesco.tk, 1
+bubblespetspa.com, 1
+bubblin.io, 1
+bubhub.io, 1
+bubnovsky.org, 1
+bubok.com.ar, 1
+bubok.es, 1
+bubra.stream, 1
+bubsngrubs.com.au, 1
+bubty.com, 1
+bubu1.eu, 1
+bubulazi.com, 0
+bubulazy.com, 0
+bucapositano.it, 1
+bucek.cz, 1
+buch-angucken.de, 1
+buchanancountyvirginia.gov, 1
+buchananga.gov, 1
+buchanantwpmi.gov, 1
+buchangroupinc.com, 1
+bucharestbachelorparty.com, 1
+buchdata.it, 1
+buchelstore.com.br, 0
+buchhaltung-muehelos.de, 1
+buchhammer.tk, 1
+buchholz-coaching.de, 1
+buchkatalog.de, 1
+buchwegweiser.com, 1
+buck-hydro.de, 1
+buck.com, 1
+buckenmaier.xyz, 1
+bucket.tk, 1
+buckethead.tk, 1
+buckfast.tk, 1
+buckglobal.com, 1
+bucklinmo.gov, 1
+buckmans.com, 1
+buckscounty.gov, 1
+bucksfund.com, 1
+buckthorn.ml, 1
+buckypaper.com, 1
+buda.com, 1
+budapestairport.tk, 1
+budapestgraphics.hu, 1
+budapestjazzclub.hu, 1
+budapesttaxi.de, 0
+budapesttaxi.fr, 0
+budapesttaxi.nl, 0
+budapesttaxi.uk, 1
+budatx.gov, 1
+budbringerne.tk, 1
+buddhas.tk, 1
+buddhism.cf, 1
+buddhismedia.com, 1
+buddhistische-weisheiten.org, 1
+buddie5.com, 1
+buddiescomputers.com.au, 1
+buddingoptimist.com, 1
+buddlycrafts.com, 1
+buddobot.com, 1
+buddy-acceptance-authentication-frontend.azurewebsites.net, 1
+buddy-acceptance-backoffice-frontend.azurewebsites.net, 1
+buddy-acceptance-web-frontend.azurewebsites.net, 1
+buddy-development-backoffice-webapp.azurewebsites.net, 1
+buddy-development-rabodirectconnect-api.azurewebsites.net, 1
+buddy-locator.com, 1
+buddy.net, 1
+buddyme.me, 1
+budeanu.com, 1
+buderus-family.be, 1
+budget-cuts.tk, 1
+budget.gouv.fr, 1
+budget.gov, 1
+budget.ie, 1
+budget.ovh, 1
+budgetimize.com, 1
+budgetlob.gov, 1
+budgetlovers.nl, 1
+budgetrf.tk, 1
+budidayatani.com, 1
+budilnik.ml, 1
+budofjoy.com, 1
+budolangnau.ch, 1
+budolfs.de, 1
+budomalsch.de, 1
+budpolimer.com, 0
+budpop.com, 1
+buehler.rocks, 1
+bueltge.de, 1
+buena.me, 1
+buenavistawinery.com, 1
+buenosairesconnect.com, 1
+buenosproductos.net, 1
+buentaller.com, 1
+bueny.com, 1
+bueny.net, 1
+buergerwehr-ettlingen.de, 1
+buerliag.ch, 1
+buero13-design.de, 1
+buesiforquo.cf, 1
+buettgens.net, 1
+buetzer.ch, 1
+bufete.tk, 1
+bufeteesquire.com, 1
+buff-buff.tk, 1
+buff360.xyz, 1
+buffalo-ny-gay-chat.com, 1
+buffaloautomation.com, 1
+buffalobakeriesers.ga, 1
+buffalobakeriesest.ga, 1
+buffalobill.idv.tw, 1
+buffalocountywi.gov, 1
+buffalodrycleanerers.ga, 1
+buffalodrycleanerest.ga, 1
+buffalogaptx.gov, 1
+buffalohomerepairs.com, 1
+buffalojewishfederation.org, 1
+buffalonews.com, 1
+buffaloturf.com.au, 0
+buffandtan.com, 1
+buffetbouc.com, 1
+buffl.co, 1
+buffup.media, 1
+buffus.cz, 1
+bufla.net, 1
+bufo.tk, 1
+bug.blue, 1
+bug.ee, 1
+bug321.com, 1
+bugalert.org, 1
+bugbounty.ch, 1
+bugbountytip.tech, 1
+bugcrowd.com, 0
+bugfender.com, 1
+bugfuzz.com, 1
+buggiano.com, 1
+bugginslab.co.uk, 1
+buggy777.me, 1
+buggymaven.com, 1
+buggywonderland.tk, 1
+bugprove.com, 1
+bugraseyhan.tk, 1
+bugrayildiz.av.tr, 1
+bugreader.com, 1
+bugs.chromium.org, 1
+bugwie.com, 1
+bugzilla.mozilla.org, 1
+buharkeyf1.com, 1
+buhayprincipal.com, 1
+buhsantoandre.vip, 1
+buhunov.tk, 1
+buicha.social, 1
+buick1958.tk, 1
+build-up.tk, 1
+build.chromium.org, 1
+build.gov, 1
+buildbackbetter.gov, 1
+buildbytes.com, 1
+buildconcierge.ga, 1
+buildcor.com.au, 1
+builddesygner.xyz, 1
+buildersdiscount.net, 1
+buildersofthesilentcities.tk, 1
+buildfood.com, 1
+buildgp.com, 1
+buildherers.ga, 1
+buildherest.ga, 1
+building-cost-estimators.com, 1
+building-materials.tk, 1
+buildingbitcoin.org, 1
+buildingchemistry.tk, 1
+buildingcleaningchicago.com, 1
+buildingcostestimators.co.uk, 1
+buildingdesign.tk, 1
+buildinginspectionmandurah.ga, 1
+buildingmaterials.tk, 1
+buildingpassport.com, 1
+buildingpoint.pt, 1
+buildingpointne.com, 1
+buildingprojectsswanseama.gov, 1
+buildingqueries.com, 1
+buildingresiliency.org, 1
+buildkite.com, 1
+buildmate.ml, 1
+buildmorebuslanes.com, 1
+buildnews.tk, 1
+buildplease.com, 1
+builds.gg, 1
+buildstaging.com, 1
+buildwealth.uk, 1
+buileo.com, 1
+builterra2.azurewebsites.net, 1
+builtin.com, 1
+builtinaustin.com, 1
+builtinboston.com, 1
+builtinchicago.org, 1
+builtincolorado.com, 1
+builtingym.com, 1
+builtinla.com, 1
+builtinnyc.com, 1
+builtinseattle.com, 1
+builtinsf.com, 1
+builtinvacuum.com, 1
+builtory.my, 1
+builttosell.com, 1
+builtvisible.com, 1
+builtwith.com, 1
+buissonchardin.fr, 1
+buitenposter.nl, 1
+buitex.lt, 1
+buitrong.net, 1
+buka.jp, 1
+buketnevesti.cf, 1
+bukiko.net, 1
+bukinist.tk, 1
+bukiskola.hu, 1
+bukkenfan.jp, 1
+bukn.uk, 1
+bukowski.se, 1
+bukowski.tk, 1
+bukpcszerviz.hu, 1
+buksu.edu.ph, 1
+bukularis.ga, 1
+bul3seas.eu, 1
+bulario.com, 1
+bulario.net, 1
+bularmas.com, 1
+bulatlat.com, 1
+bulatlat.org, 1
+bulavki.tk, 1
+bulbagram.ml, 1
+bulbcompare.com, 1
+bulbidea.com, 1
+bulbonidos.tk, 1
+bulbuly.tk, 1
+buldogueingles.com.br, 1
+bulentcirakli.tk, 1
+bulgakov.ga, 1
+bulgakov.ml, 1
+bulgakov.tk, 1
+bulgariablog.tk, 1
+bulgarianhouse.tk, 1
+bulgarianproperties.com, 1
+bulgariya.cf, 1
+bulhost.com, 1
+bulindir.tk, 1
+bulkowespacerkowo.nl, 1
+bull.id.au, 0
+bulldog-buss.tk, 1
+bulldog-hosting.de, 0
+bulldogdriveways.com, 1
+bulldogfrances.tk, 1
+bulldogkennel.tk, 1
+bulldogmarketinggroup.com, 1
+bulldogs-sipoo.tk, 1
+bulledair-savons.ch, 0
+bulledart.ga, 1
+bullesdeculture.com, 1
+bullesdelaube.com, 1
+bulletbabu.com, 0
+bulletfrog.tk, 1
+bulletpoint.cz, 1
+bullettags.com, 1
+bullfitta.tk, 1
+bullfrogpooltilecleaning.com, 1
+bulli.tk, 1
+bullish.com, 1
+bullmarketing.nl, 1
+bullockcountyal.gov, 1
+bullpendaily.com, 1
+bullshitmail.nl, 1
+bullterrierspain.tk, 1
+bullvalleyil.gov, 1
+bullyprotection.ml, 1
+bulmanat.tk, 1
+bulmastife.com.br, 1
+bultdatabasen.se, 1
+bulten.com, 1
+bultink.tk, 1
+bulutkey.com, 1
+bulvar.tk, 1
+bumble.com, 1
+bumblebee.cf, 1
+bumblebee.co.za, 1
+bumblebeekids.uk, 1
+bumenn.is, 1
+bumirc.tk, 1
+bummelwelt.ch, 1
+bummelwelt.com, 1
+bummelwelt.de, 1
+bumpi.gq, 1
+bumsbesuch.com, 1
+bumsbuero.com, 1
+bumsbus.com, 1
+bunadarbankinn.is, 1
+bunaken.tk, 1
+bunbun.be, 1
+bunburydad.tk, 1
+buncombecounty.org, 1
+bundesamtsozialesicherung.de, 1
+bundesanzeieger.com, 1
+bundespolizei-forum.de, 1
+bundesverband-krisenintervention.de, 1
+bundesverbandkrisenintervention.de, 1
+bundesvvehr.de, 1
+bundle.tools, 1
+bundlejs.com, 1
+bune.city, 1
+bungalowseljardin.com, 0
+bungeeireland.tk, 1
+bungotai.ga, 1
+buniq.com.br, 1
+bunix.de, 0
+bunker307.tk, 1
+bunkerhilltx.gov, 1
+bunkyo-life.com, 1
+bunlarateist.space, 1
+bunny-rabbits.com, 1
+bunny.tk, 1
+bunnybloythost.com, 1
+bunnycarenotes.com, 1
+bunnydiamond.de, 1
+bunnymaxim.com, 1
+bunnymud.com, 1
+bunnyvishal.com, 1
+bunnyworld.xyz, 1
+bunq.love, 1
+buns.cc, 1
+bunsnbagels.com, 1
+bunto-import.tk, 1
+buongiornolatina.it, 1
+buonventosbt.eu, 1
+bupa.com.au, 1
+bupamedical.com.au, 1
+bupamedicalvisaservices.com.au, 1
+bupamvs.com.au, 1
+buphachat.com, 1
+bupropion.com, 1
+bupropionhclsr.ga, 1
+buqi.cc, 1
+buquesdeguerra.tk, 1
+burakuckun.com, 1
+burakurer.com, 1
+buralteria.tk, 1
+buratino.tk, 1
+buratiya.tk, 1
+burb.social, 1
+burbaguena.tk, 1
+burbankdental.com, 1
+burberry-outlet.cf, 1
+burberrysunglasses.us, 1
+burcevo.info, 1
+burchfabrics.com, 0
+burdurhaber.tk, 1
+burdursondakika.tk, 1
+bureaubolster.nl, 0
+bureaubraam.nl, 0
+bureaudirectoryers.ga, 1
+bureauzelfstandigenfryslan.nl, 1
+burenvoorburen.gent, 1
+burevestnik.tk, 1
+burewala.com, 1
+burewala.tk, 1
+burewalanews.tk, 1
+burg-esslingen.de, 1
+burg-hohnstein.com, 0
+burg-hohnstein.info, 0
+burgas.bg, 1
+burgawnc.gov, 1
+burger.eu.org, 1
+burger.fitness, 1
+burgerbudget.gent, 1
+burgerking.eu.org, 1
+burgernet.nl, 0
+burgers.io, 1
+burgesspetcare.com, 1
+burghardt-neumann.de, 1
+burghardt.pl, 1
+burghtstam.tk, 1
+burgoslacrosse.tk, 1
+burguesinhas.com.br, 1
+burhan-autosattlerei.de, 1
+burhanionlinestore.com, 1
+buricloud.fr, 1
+burienergy.com, 1
+burina.net, 1
+buriramradio.com, 1
+burke.services, 1
+burkebarclaylawoffice.com, 1
+burkhardt.at, 0
+burkitech.com, 1
+burkoff.tk, 1
+burkow.ru, 1
+burlaka.net, 1
+burlapsac.ca, 1
+burlesonconstructioninc.com, 1
+burlesontx.gov, 1
+burling.cz, 1
+burma-we-care.tk, 1
+burmalin.ml, 1
+burmania.tk, 1
+burmeister-gmbh.de, 1
+burmesecatscare.com, 1
+burmesepythonpet.com, 1
+burncorp.org, 1
+burndyt3.com, 1
+burnedyouers.ga, 1
+burnedyouest.ga, 1
+burner.gay, 1
+burnerfitness.com, 1
+burnettcountywi.gov, 1
+burnimage.co.uk, 1
+burning-team.tk, 1
+burning-wheels.tk, 1
+burningbase.com, 0
+burningbooks.org, 1
+burningducks.com, 1
+burningflame.tk, 1
+burningflipside.com, 0
+burningseries.co, 1
+burningseries.cx, 1
+burningseries.sx, 1
+burnit.tk, 1
+burnsland.com, 1
+burntfish.com, 1
+burnus.net, 1
+burnworks.com, 0
+buro86.be, 1
+buronducouderc.fr, 1
+buronewsmobilya.com, 1
+buronwater.com, 1
+burr.is, 1
+burree.xyz, 1
+burreli.tk, 1
+burritosalsa.com, 1
+burritosband.tk, 1
+burroughsid.com, 1
+bursamusik.tk, 1
+bursapartner.tk, 1
+burstequity.com, 1
+burstequity.net, 1
+burstequity.org, 1
+burstsocial.com, 1
+burstsocial.net, 1
+burstsocial.org, 1
+burtai.com, 1
+burtcheboyganmi.gov, 1
+burtcountyne.gov, 1
+burtrum.family, 1
+burtrum.me, 1
+burtrum.name, 1
+burtrum.org, 1
+burtsbees.ca, 1
+burttownshipcheboyganmi.gov, 1
+burunucu.ga, 1
+buryat-mongol.cf, 1
+buryatia.tk, 1
+burybox.co.uk, 1
+burz.eu.com, 1
+burz.net, 1
+burz.one, 1
+burz.ro, 1
+burzcast.com, 1
+burzcast.media, 1
+burzgroup.com, 1
+burzmali.com, 1
+burzmedia.ro, 1
+burzstudios.com, 1
+burzum.ch, 1
+bus-hit.me, 1
+bus2talent.eu, 1
+busanhs.bid, 1
+buscaaviena.com, 1
+buscacpf.se, 1
+buscaebooks.tk, 1
+buscagenealogia.tk, 1
+buscahost.com, 1
+buscalotodo.com, 1
+buscandolosmejores.com, 1
+buscatea.com, 1
+buscatodo.tk, 1
+buschavdar.tk, 1
+buscolu.tk, 1
+buselefante.tk, 1
+buserror.cn, 1
+buses.co.uk, 1
+busesurbanoschile.tk, 1
+busflag.tk, 1
+bush41library.gov, 1
+bushbaby.com, 1
+bushbeats.com, 1
+bushcraftfriends.com, 1
+bushfirerecovery.gov.au, 1
+bushingsandbars.com, 1
+bushland.tk, 1
+busindre.com, 1
+business-creators.ru, 1
+business-events.org.uk, 1
+business-explosion-fortune.tk, 1
+business-garden.com, 1
+business-institute.sk, 1
+business-network.or.jp, 1
+business-secreti.cf, 1
+business-secreti.ga, 1
+business-secreti.gq, 1
+business-secreti.tk, 1
+business-swiss.ch, 0
+business.facebook.com, 0
+business.gov, 0
+business.medbank.com.mt, 1
+business.vic.gov.au, 1
+business4all.gr, 1
+business4beginners.co.uk, 1
+business808.com, 1
+businessactivities.tk, 1
+businessadaptive.ga, 1
+businessadvance.tk, 1
+businessafter.ga, 1
+businessamongus.com, 1
+businessanalyst.ml, 1
+businessarrow.ga, 1
+businessbad.ga, 1
+businessbasecamp.eu, 1
+businessbetter.tk, 1
+businessblod.ga, 1
+businessbody.ga, 1
+businessbrite.ga, 1
+businessbrowse.ga, 1
+businessbuller.ga, 1
+businessbunny.ga, 1
+businesscards4free.tk, 1
+businesscaster.ga, 1
+businesscellar.ga, 1
+businesscentermarin.ch, 0
+businesscharm.ga, 1
+businesscharts.ga, 1
+businesscircus.ga, 1
+businesscisco.tk, 1
+businesscloud.co.uk, 1
+businesscollect.ga, 1
+businesscollections.ga, 1
+businesscolor.ga, 1
+businesscommission.ga, 1
+businessconnect.ml, 1
+businesscorp.tk, 1
+businesscorporation.ga, 1
+businesscourier.ga, 1
+businesscrafter.ga, 1
+businesscupcake.ga, 1
+businesscupid.ga, 1
+businesscurious.ga, 1
+businesscutter.com, 1
+businessdelta.ga, 1
+businessdevelopmentagency.tk, 1
+businessdevelopmentarea.tk, 1
+businessdevelopmentasia.tk, 1
+businessdevelopmentinfo.tk, 1
+businessdevelopmentnews.tk, 1
+businessdevelopmentsystem.tk, 1
+businessdirect.ml, 1
+businessdodge.ga, 1
+businessdollar.ga, 1
+businessdollars.ga, 1
+businessdragon.ga, 1
+businessdrive.biz, 1
+businessduck.ga, 1
+businesseagle.ga, 1
+businesseastside.ga, 1
+businessecho.ga, 1
+businesselectra.ga, 1
+businessenterpriseteam.com, 1
+businessepic.ga, 1
+businessethics.ml, 1
+businessetmarketing.com, 1
+businessexcel.ga, 1
+businessfactors.de, 1
+businessfalcon.ga, 1
+businessfame.ga, 1
+businessfeature.ga, 1
+businessfeedback.ga, 1
+businessfiesta.ga, 1
+businessfighter.ga, 1
+businessflag.ga, 1
+businessfleet.ga, 1
+businessflower.ga, 1
+businessfurs.info, 1
+businessgang.ga, 1
+businessgoddess.ga, 1
+businessgold.no, 1
+businessgrace.ga, 1
+businessgroove.ga, 1
+businessgrowth.ga, 1
+businessgrowthleaders.com, 1
+businessgun.ga, 1
+businesshandsome.ga, 1
+businesshome.ml, 1
+businesshosting.nl, 0
+businesshotrod.ga, 1
+businesshub.cz, 0
+businessideaarea.tk, 1
+businessideaasia.tk, 1
+businessideacompany.tk, 1
+businessideadevelopment.tk, 1
+businessideainfo.tk, 1
+businessideainfonews.tk, 1
+businessideainsurancenews.tk, 1
+businessideal.tk, 1
+businessimmigration-eu.com, 1
+businessimmigration-eu.ru, 1
+businessinaustin.ga, 1
+businessinboston.ga, 1
+businessinchicago.ga, 1
+businessinchicago.tk, 1
+businessincolumbus.ga, 1
+businessincolumbus.tk, 1
+businessindallas.ga, 1
+businessindallas.tk, 1
+businessindenver.ga, 1
+businessindenver.tk, 1
+businessindetroit.ga, 1
+businessindetroit.tk, 1
+businessindia.tk, 1
+businessinelpaso.ga, 1
+businessinelpaso.tk, 1
+businessinfonews.tk, 1
+businessinfortworth.ga, 1
+businessinfortworth.tk, 1
+businessinhouston.ga, 1
+businessinindianapolis.ga, 1
+businessinjacksonville.ga, 1
+businessinjacksonville.tk, 1
+businessinlosangeles.tk, 1
+businessinmemphis.ga, 1
+businessinmemphis.tk, 1
+businessinnashville.ga, 1
+businessinnashville.tk, 1
+businessinnewyork.ga, 1
+businessinphiladelphia.ga, 1
+businessinphoenix.ga, 1
+businessinsanantonio.ga, 1
+businessinsandiego.ga, 1
+businessinsandiego.tk, 1
+businessinsanfrancisco.ga, 1
+businessinsanfrancisco.tk, 1
+businessinsanjose.ga, 1
+businessinseattle.ga, 1
+businessinside.ml, 1
+businessinsider.id, 1
+businessinsurancemanagement.tk, 1
+businessinvest.cf, 1
+businessinvestment.tk, 1
+businessinwashington.ga, 1
+businessk.ml, 1
+businesskanada.tk, 1
+businesskayak.ga, 1
+businesskiss.ga, 1
+businessknight.ga, 1
+businesslabs.space, 1
+businesslead.tk, 1
+businessleader.co.uk, 1
+businessleadsworld.com, 1
+businesslegacy.ga, 1
+businessless.ga, 1
+businesslion.ga, 1
+businesslite.pl, 1
+businessloanconnection.org, 0
+businessloco.ga, 1
+businesslondon.tk, 1
+businesslowprice.ga, 1
+businessmarks.ga, 1
+businessmetric.ga, 1
+businessmind.ml, 1
+businessmystical.ga, 1
+businessnames.ga, 1
+businessnations.ga, 1
+businessnatural.ga, 1
+businessnet.cf, 1
+businessnetworks.tk, 1
+businessnews-nigeria.com, 1
+businessnewsera.tk, 1
+businessnight.ga, 1
+businessoftheday.ga, 1
+businessomatic.ga, 1
+businessomega.ga, 1
+businessoneday.ga, 1
+businessones.tk, 1
+businessopedia.ga, 1
+businessopplis.ga, 1
+businessother.ga, 1
+businessouter.ga, 1
+businessparis.tk, 1
+businesspart.ga, 1
+businesspartner.tk, 1
+businesspassport.ga, 1
+businesspatch.ga, 1
+businesspeace.ga, 1
+businesspearl.ga, 1
+businesspersonal.ga, 1
+businessphase.ga, 1
+businesspicker.ga, 1
+businesspipe.ga, 1
+businessplanidea.tk, 1
+businessportal.tk, 1
+businesspremium.ga, 1
+businesspride.ga, 1
+businesspure.ga, 1
+businessquality.ml, 1
+businessrainforest.ga, 1
+businessraven.ga, 1
+businessreborn.tk, 1
+businessremarkable.ga, 1
+businessreps.ga, 1
+businessrequest.ga, 1
+businessrex.ga, 1
+businessrhino.ga, 1
+businessroll.ga, 1
+businessrunners.ga, 1
+businesssalzburg.tk, 1
+businessscapes.ga, 1
+businesssend.ga, 1
+businessshoot.ga, 1
+businessslide.ga, 1
+businesssonic.ga, 1
+businesssouthbeach.ga, 1
+businesssparkle.ga, 1
+businessspicy.ga, 1
+businesssplash.ga, 1
+businessstamp.ga, 1
+businessstudent.com, 1
+businesssupportbywilma.nl, 1
+businesssurreal.ga, 1
+businesstalking.tk, 1
+businesstexas.tk, 1
+businessthunder.ga, 1
+businesstimes.ga, 1
+businesstool.no, 1
+businesstravelmelbourne.ga, 1
+businesstrip.ml, 1
+businessunder.ga, 1
+businessup.tk, 1
+businessuprise.com, 1
+businessusa.gov, 1
+businessusa.tk, 1
+businessvalue.com, 1
+businessvisual.ga, 1
+businesswaterfront.ga, 1
+businesswebadmin.com, 1
+businesswish.ga, 1
+businessworth.ga, 1
+businessx.in, 1
+businesszachod.pl, 1
+businka.tk, 1
+busit.be, 1
+busiteyiengelle.com, 1
+buskompass.de, 1
+busmaster.com.ua, 1
+busned.tk, 1
+busnews.tk, 1
+busold.ws, 1
+buspark.com, 1
+buspark.cz, 1
+buspatrol.com, 1
+busphotos.tk, 1
+busqnet.com, 1
+bussi.at, 1
+bussinesconsulting.tk, 1
+bussinesinsurance.tk, 1
+bussinesman.tk, 1
+bussinesnews.tk, 1
+bussinessofware.tk, 1
+bussinessupport.tk, 1
+busstation.tk, 1
+bustabit.com, 1
+bustadice.com, 1
+bustany.org, 1
+bustaura.lt, 1
+bustepaga.it, 1
+buster.me.uk, 1
+bustickets.ph, 1
+bustillodeloro.tk, 1
+bustimes.org, 1
+bustmold.com, 1
+bustmovesest.ga, 1
+busty-milf.net, 1
+bustyarchive.com, 1
+bustymilftube.com, 1
+bustypassion.com, 1
+bustypics.com, 1
+bustyrack.com, 1
+busuan.com, 1
+busuttil.org.uk, 1
+buswiki.ml, 1
+busyon.cloud, 1
+but-it-actually.work, 1
+but-its-not-your.business, 1
+butarque.es, 1
+butcherboymarket.com, 1
+butcherpaxtattoo.com, 1
+butenhofbomster.com, 1
+buter-petersen.dk, 1
+butfirstkoffee.in, 1
+butik-mechty.tk, 1
+butikk-nesoddkatten.no, 1
+butikvip.ru, 1
+butl.nl, 1
+butlaroo.com, 1
+butlercountyne.gov, 1
+butlerdisposal.com, 1
+butlerfm.dk, 1
+butlins.com, 1
+butongshidai.com, 1
+butorvasarlas.hu, 1
+butowka.tk, 1
+butsa.tk, 1
+butserdocumentary.tk, 1
+butt.repair, 0
+buttedesmortssd1wi.gov, 1
+butter.horse, 1
+butter.ml, 1
+butterhost.ga, 1
+buttermilk.cf, 1
+butternutbox.com, 1
+buttertea.shop, 1
+buttertrick.com, 1
+buttgun-tattoo.de, 1
+buttonizer.pro, 1
+buttonline.ch, 1
+buttonsmashers.tk, 1
+butts-are.cool, 1
+butttexters.ga, 1
+butunoyunlar.net, 1
+butyric.com, 1
+butz.cloud, 1
+butzies.ddnss.org, 1
+buumibar.fi, 1
+buurtbusboskoop.nl, 1
+buurtgenotencollectief.nl, 1
+buurtkeukens.nl, 1
+buurtpreventiefraneker.nl, 1
+buurtschapdemarkt.tk, 1
+buvik.gov.in, 1
+buvocastings.nl, 1
+buxru.tk, 1
+buxum-communication.ch, 0
+buy-aleve.gq, 1
+buy-amitriptyline.tk, 1
+buy-amoxil.ml, 1
+buy-an-essay.gq, 1
+buy-apartment.tk, 1
+buy-avodart.ga, 1
+buy-camera-cases.ga, 1
+buy-cozaar.tk, 1
+buy-decadron.tk, 1
+buy-deltasone.tk, 1
+buy-essay-online.ga, 1
+buy-express-vpn.asia, 1
+buy-human-hair-extension.tk, 1
+buy-indocin.cf, 1
+buy-invertor.shop, 1
+buy-jeansbiz.tk, 1
+buy-lasix-without-a-doctor-s-prescription.ga, 1
+buy-lingerie.tk, 1
+buy-lipitor.tk, 1
+buy-prednisolone.ga, 1
+buy-premarin.ml, 1
+buy-robaxin.gq, 1
+buy-rumalaya.gq, 1
+buy-seroquel.tk, 1
+buy-skelaxin.ml, 1
+buy-stuffed-toys.tk, 1
+buy-terramycin.gq, 1
+buy-topamax.tk, 1
+buy-zimulti.ga, 1
+buy-zofran.ga, 1
+buyaccessible.gov, 1
+buyaccutane.gq, 1
+buyacompliaonline.ga, 1
+buyalbendazole.cf, 1
+buyalbuterolonline.ga, 1
+buyallopurinol.tk, 1
+buyamerican.gov, 1
+buyamoxicillin875mg.tk, 1
+buyamoxil.ml, 1
+buyantabuse.gq, 1
+buyasheep.tw, 1
+buyatarax.gq, 1
+buyazithromycin.gq, 1
+buybaclofen.ga, 1
+buybitmain.com, 1
+buybuspar.ga, 1
+buybutton.store, 1
+buycafergot.ml, 1
+buycbd.store, 1
+buycheapandlow.tk, 1
+buycialissmx.tk, 1
+buycitalopram.ga, 1
+buyclaritin.ml, 1
+buycook.shop, 1
+buycostarica.tk, 1
+buycultureboxesers.ga, 1
+buydataonline.tk, 1
+buydeltasone.ga, 1
+buydeltasone.ml, 1
+buydiamox.cf, 1
+buydiflucan.ga, 1
+buydiflucan.ml, 1
+buydissertations.com, 1
+buyeba.xyz, 1
+buyebooks.tk, 1
+buyeffexor.tk, 1
+buyer.pro, 1
+buyessay.org, 1
+buyessays.net, 1
+buyessayscheap.com, 1
+buyfluoxetineonline.gq, 1
+buyharpoon.com, 1
+buyhydrochlorothiazide.ml, 1
+buyingstatus.com, 1
+buyingtvsers.ga, 1
+buyingtvsest.ga, 1
+buyiptv.tech, 1
+buyitmalta.online, 1
+buyjewel.shop, 1
+buylasix.ml, 1
+buylevaquin.tk, 1
+buymetforminonline.tk, 1
+buymobic.ml, 1
+buymyvoip.com, 1
+buynairobi.com, 1
+buyneurontin.ml, 1
+buyonmov.online, 1
+buyorbye.com.au, 1
+buyornot.tk, 1
+buyorsellcampers.com, 1
+buypal.com.pe, 1
+buypapercheap.net, 1
+buypersonalproxy.com, 1
+buyplore.com, 1
+buyplussize.shop, 1
+buyprednisolone24h.ml, 1
+buyprednisoloneonline.ga, 1
+buyprilosec.tk, 1
+buyprofessional.shop, 1
+buypropecia.cf, 1
+buyproperty.az, 1
+buyproscaronlinecanada.ga, 1
+buyprovera.tk, 1
+buyprozac.cf, 1
+buypurenature.ga, 1
+buyr.com, 1
+buyretinamicro.cf, 1
+buyrimonabant.cf, 1
+buyrogaine.ga, 1
+buyru.net, 1
+buyselldonothing.com, 1
+buyshine.com, 1
+buyshoe.org, 1
+buysildenafil.ml, 1
+buystromectol.cf, 1
+buystromectol.ml, 1
+buysuisse.shop, 1
+buytermpaper.com, 1
+buytetracycline.cf, 1
+buytramadol.ga, 1
+buytramadol.ml, 1
+buyucoin.com, 1
+buyusa.gov, 1
+buyventolin.cf, 1
+buyventolininhaler.ga, 1
+buywellbutrinonline.gq, 1
+buywifi.tk, 1
+buywood.shop, 1
+buyzithromax.ga, 1
+buyzithromaxonline.ml, 1
+buyzofranonline.tk, 1
+buyzoloft.cf, 1
+buziaczki.pl, 1
+buzinessmarket.ml, 1
+buzko.pl, 1
+buzt.cn, 0
+buzzage.fr, 1
+buzzard.org, 1
+buzzclub.com.br, 1
+buzzconcert.com, 1
+buzzcontent.com, 1
+buzzeditora.com.br, 1
+buzzenginegroup.com, 1
+buzzfeast.com, 1
+buzzhub.tk, 1
+buzzman.ga, 1
+buzzpost.tk, 1
+buzzprint.it, 1
+buzzsmithmusic.com, 1
+buzzspace.net, 1
+buzztalk.tk, 1
+buzzthemuddypyrador.com, 1
+buzztrending.tk, 1
+buzzword24.de, 1
+buzzworld.tk, 1
+buzzworthy.biz, 1
+buzzybites.com, 1
+bv-driver.tk, 1
+bv-ferreiradozezere.pt, 1
+bvb.moe, 0
+bvblaboratory.hu, 1
+bvbmedia.nl, 1
+bvdp-saturn-prod.appspot.com, 1
+bvexplained.co.uk, 1
+bvfz.pt, 1
+bvgg.eu, 1
+bvgt.org, 1
+bvionline.eu, 1
+bviphotovideo.com, 1
+bvlos.com.pl, 1
+bvlp.com, 1
+bvng.nl, 1
+bvonesource.com, 1
+bvop.org, 1
+bvr-nsn.gov, 1
+bvrd.com.do, 1
+bvrlodge.com, 1
+bvrlodge.ro, 1
+bvrpd-pa.gov, 1
+bvv-europe.eu, 1
+bvwphotography.com, 1
+bw.codes, 1
+bwa.wroc.pl, 1
+bwanglab.com, 1
+bwashing.tk, 1
+bwasoimoveis.net, 1
+bwcscorecard.org, 1
+bweston.ga, 1
+bwf11.com, 1
+bwf55.com, 1
+bwf6.com, 0
+bwf77.com, 1
+bwf99.com, 1
+bwfc.nl, 1
+bwgjms.com, 1
+bwgjms.net, 1
+bwgjms.org, 1
+bwh1.net, 0
+bwhbwh.net, 1
+bwigroup.com.au, 1
+bwilkinson.co.uk, 1
+bwin18.cc, 0
+bwin2288.com, 1
+bwin369.cc, 1
+bwin58.cc, 1
+bwinvestments.com.au, 1
+bwired.ca, 1
+bwl-earth.club, 1
+bwmcnc.com, 1
+bwmlaser.com, 1
+bwmovies.tk, 1
+bws16.de, 1
+bwsolar.com.au, 1
+bx-n.de, 1
+bx.ee, 1
+bx49.cc, 1
+bxctrust.com, 1
+bxdj3.com, 1
+bxin.de, 1
+bxp40.at, 1
+by-g.ch, 1
+by-pixcl.com, 1
+by-robyn.nl, 1
+by-the-sword.com, 1
+by-yesilbag.com, 1
+by.city, 1
+by.cx, 0
+by.place, 1
+by1u.com, 1
+byalexia.gr, 1
+byanabelen.com, 1
+byange.pro, 1
+byanjushka.com, 0
+byatte.com, 1
+byblog.tk, 1
+bybym.ml, 1
+bycafeonline.com, 1
+bycatch.com, 1
+bycialis.com, 1
+bycorefi.com, 1
+bydik.com, 1
+bydisk.com, 0
+bydoora.com, 1
+byedzhang.tk, 1
+byemediaers.ga, 1
+byemediaest.ga, 1
+byemedsers.ga, 1
+byeskille.no, 1
+byfare.com, 1
+byfeldt.dk, 1
+byggindrustrin.ga, 1
+byggonline.ga, 1
+bygningsregistrering.dk, 1
+bygogmiljoe.dk, 1
+bygonegames.com, 1
+bygoselink.nl, 1
+byhenryvera.com, 1
+byhoag.com, 1
+byjamesrush.com, 1
+byji.com, 1
+byjudasarrieta.tk, 1
+byjus.com, 1
+byjuschennai.com, 1
+byken.cn, 1
+byll.de, 1
+byluthier.com, 1
+bylz.me, 1
+bymike.co, 1
+bymogarna.se, 1
+bynder.com, 1
+bynono.pt, 1
+bynumlaw.net, 1
+byootify.com, 1
+bypass-link.ga, 1
+bypass.kr, 1
+bypass.sh, 1
+bypassgfw.tk, 1
+bypetula.cz, 1
+byraje.com, 1
+byrddogpaving.com, 1
+byredo.com, 1
+byrest.com, 1
+byrko.sk, 1
+byronkg.us, 1
+byrtz.de, 1
+byrut.org, 1
+byrutor.org, 1
+bysb.net, 0
+byshep.com, 1
+byshop.tk, 1
+byskafasi.com, 1
+byst.by, 1
+bystryj-zajm.gq, 1
+bystryj-zajm.tk, 1
+byte-lab.tk, 1
+byte.nl, 1
+byte.surf, 1
+byte128.com, 0
+bytebodega.com, 1
+bytebolt.at, 1
+bytebucket.org, 1
+bytecrafter.net, 0
+bytelink.pro, 1
+bytema.cz, 1
+bytema.eu, 1
+bytema.re, 1
+bytema.sk, 1
+bytemethod.ca, 1
+bytemix.cloud, 1
+bytenews.org, 1
+byteofdev.com, 1
+bytepen.com, 1
+bytes.co, 1
+bytes.com, 1
+bytes.fyi, 1
+bytesec.net, 1
+byteshift.ca, 1
+bytesign.de, 1
+bytesizedalex.com, 1
+bytesofcode.de, 1
+bytesoftech.ml, 1
+bytesund.biz, 1
+byteswave.cl, 1
+bytesystems.com, 1
+bytetechy.com, 1
+bytetime.net, 0
+byteultra.com, 1
+bytexd.com, 1
+bytez.tk, 1
+bytheglass.gr, 1
+bythen.cn, 0
+bytheswordinc.com, 1
+bytrain.net, 1
+byuro.org, 1
+byw.cymru, 1
+bywencke.nl, 1
+byzhihuo.com, 1
+bzbet365.com, 1
+bzfit.ru, 1
+bzh.tf, 1
+bzhserv.ovh, 1
+bzhub.bid, 1
+bziaks.xyz, 1
+bzik.cf, 1
+bzkj.de, 1
+bzsparks.com, 0
+bztech.com.br, 1
+bztech.ru, 1
+bzv-fr.eu, 1
+c-137.me, 1
+c-14.de, 1
+c-3po.fr, 1
+c-aeroconsult.com, 1
+c-c-europeen.org, 1
+c-chaud.com, 1
+c-data.nl, 0
+c-dome.com, 1
+c-g-h.net, 1
+c-ma-copro.com, 1
+c-ovidiu.tk, 1
+c-resource.tech, 0
+c-rpg.eu, 1
+c-rtx.com, 1
+c-sagaseru.com, 1
+c-shock.org, 1
+c-solarcity.com, 1
+c-style.net, 0
+c-three.jp, 1
+c-world.co.uk, 1
+c.cc, 1
+c.im, 1
+c.lu, 1
+c.sl, 1
+c.wtf, 1
+c00ke.com, 1
+c057cl7.com, 1
+c0mplicated.tk, 1
+c0nfigurati0n.com, 1
+c0rn3j.com, 1
+c10.cz, 1
+c16t.uk, 0
+c19adoption.com, 1
+c19aspirin.com, 1
+c19bromhexine.com, 1
+c19budesonide.com, 1
+c19colchicine.com, 1
+c19curcumin.com, 1
+c19early.com, 1
+c19early.org, 1
+c19favipiravir.com, 1
+c19fluvoxamine.com, 1
+c19hcq.com, 1
+c19hcq.org, 1
+c19ic.com, 1
+c19ivermectin.com, 1
+c19ivermectin.org, 1
+c19ivm.org, 1
+c19legacy.com, 1
+c19ly.com, 1
+c19melatonin.com, 1
+c19mp.com, 1
+c19nitazoxanide.com, 1
+c19ns.com, 1
+c19probiotics.com, 1
+c19proxalutamide.com, 1
+c19pvpi.com, 1
+c19quercetin.com, 1
+c19regn.com, 1
+c19rmd.com, 1
+c19study.com, 1
+c19sv.com, 1
+c19vitaminc.com, 1
+c19vitamind.com, 1
+c19zinc.com, 1
+c1cdn.com, 1
+c21first.co.il, 1
+c2athletics.com, 1
+c2lab.net, 1
+c2o2.xyz, 1
+c3.io, 1
+c3.pm, 1
+c35.design, 1
+c36533.com, 1
+c3boc.com, 1
+c3hv.cn, 1
+c3kidspace.de, 1
+c3sinc.com, 1
+c3soc.de, 1
+c3speak.com, 1
+c3speak.de, 1
+c3stream.de, 1
+c3vo.de, 0
+c3w.at, 1
+c3wien.at, 1
+c4164.com, 1
+c41ee55a-da20-4cff-8075-24afd0f22aac.com, 1
+c4539.com, 1
+c4b.tools, 1
+c4k3.net, 1
+c4me.online, 1
+c5197.co, 1
+c5h8no4na.net, 1
+c5y.moe, 1
+c6729.co, 1
+c6729.com, 0
+c6957.co, 1
+c7dn.com, 1
+c7n.ch, 1
+c7ra.com, 1
+c82365.com, 1
+c86255.com, 1
+c899365.com, 0
+c9297.co, 1
+c9397.com, 0
+c9721.com, 0
+c9728.co, 1
+c9n.xyz, 1
+ca-canovelles.tk, 1
+ca-els.com, 1
+ca-immobilier.fr, 1
+ca-key.de, 1
+ca-saintdie.fr, 1
+ca.gparent.org, 1
+ca.search.yahoo.com, 0
+ca3ahhet.tk, 1
+ca5.de, 1
+caa.ca, 1
+caalmn.org, 1
+caarecord.org, 1
+caasd.org, 1
+caasda.tk, 1
+caasz.com, 1
+cabaladada.org, 0
+cabale.fr, 1
+cabalistic.tk, 1
+caball.com, 1
+caballeroalba.cf, 1
+caballerosdeltablero.tk, 1
+cabanactf.com, 1
+cabaretadanowskyfan.tk, 1
+cabazon-tu.com, 1
+cabbage.software, 1
+cabcard.services, 1
+cabeceirasdebasto.pt, 0
+cabecera-descendimiento.tk, 1
+cabelgrano.tk, 1
+cabenoap.com.br, 1
+cabezadeframontanos.tk, 1
+cabezadelcaballo.tk, 1
+cabina-photobooth.ro, 1
+cabincrewcareercenter.com, 1
+cabineritten.nl, 1
+cabinet-bedin.com, 0
+cabinet-life.fr, 0
+cabinet-voyance-orca.tk, 1
+cabinetlm.com, 1
+cabinetm.com, 1
+cabinetmtc.com, 1
+cabinetoumaima.tk, 1
+cabinetselect.com, 1
+cable.ru, 1
+cableatierra.tk, 1
+cablebustersllc.com, 1
+cablefibreoptique.fr, 1
+cablehighspeed.net, 1
+cablemadrid.tk, 1
+cablemod.com, 1
+cables-pro.com, 1
+cablesandkits.com, 1
+cablogrammes.fr, 1
+cabodream.ml, 1
+caboleisurerealestate.com, 1
+cabooneconstruction.com, 1
+cabosaferide.com, 1
+cabotagem.com, 1
+caboverde.tk, 1
+cabphysio.ch, 1
+cabr.al, 1
+cabrachicagritona.tk, 1
+cabrils.com, 1
+cabvertising.it, 1
+cac-ua.com, 1
+cacao-chocolate.com, 1
+cacao-gang.ml, 1
+cacao.supply, 1
+cacaolalina.com, 1
+cacareerzone.org, 1
+cacaumidade.com.br, 1
+caccc.com, 1
+cachacasantaterezinha.com.br, 1
+cachaceros.tk, 1
+cache-checker.com, 1
+cachecounty.gov, 1
+cachecrawler.com, 1
+cachedview.nl, 1
+cachesheriff.gov, 1
+cachetur.no, 1
+cackette.com, 0
+cackl.io, 1
+cacko.tk, 1
+cacnverslavingszorg.nl, 1
+cacombos.com, 1
+cacommenceavecmoi.ca, 1
+cacoriccionline.tk, 1
+cacr.pw, 1
+cacrm.com, 1
+cactus-search.com, 1
+cactusarium.tk, 1
+cactusdentrepair.com, 1
+cactusgreen.com.br, 1
+cactuspedia.cf, 1
+cactuspedia.ga, 1
+cactuspedia.gq, 1
+cactuspedia.ml, 1
+cactusplumbingandair.com, 1
+cad-noerdlingen.de, 1
+cadafalso.tk, 1
+cadams.io, 0
+cadastroloteamento.com.br, 1
+cadaunoescomoes.tk, 1
+cadaver.tk, 1
+cadavre-exquis-musical.tk, 1
+cadconcrete.ca, 1
+cadcrowd.com, 1
+caddo.gov, 1
+caddr.org, 1
+caddyfashionshop.com, 1
+cadeaux-anniversaires.net, 1
+cadeauxfolies.fr, 1
+cadecobots.com, 1
+cadeengineering.com, 1
+cadeirasparaescritorio.ind.br, 1
+cadenadereferidos.tk, 1
+cadencescience.com, 1
+cadetsge.ch, 0
+cadflow.pt, 1
+cadiar.tk, 1
+cadici.ga, 1
+cadifit.ga, 1
+cadillacfairview.com, 1
+cadillacitalia.it, 1
+cadiskitchen.ca, 1
+cadmail.nl, 1
+cadman.pw, 1
+cadman.uk, 1
+cadmechanic.com, 1
+cadonau.net, 1
+cadoneghe.com, 1
+cadonet.tk, 1
+cadooz.com, 1
+cadovod.tk, 1
+cadra.nl, 1
+cadre.com, 1
+cadreok.com, 1
+cadsys.net, 1
+caduceuslane.com, 1
+cadusilva.com, 1
+caduta-capelli.tk, 1
+cadvending.ch, 1
+cadwalk.de, 1
+cady-jennifer.tk, 1
+cadynce.com, 1
+caenergyprograms.com, 1
+caerostris.com, 1
+caesar.today, 1
+caesarkabalan.com, 1
+caetanobenet.es, 1
+caetanoflotas.es, 1
+caetanoformula.es, 1
+caetanoformulacadiz.es, 1
+caetanoformulagalicia.es, 1
+caetanomotorsmalaga.es, 1
+caetanoreicomsa.es, 1
+caetanotec.pt, 1
+cafe-bg.com, 1
+cafe-cliche.tk, 1
+cafe-georges.cf, 1
+cafe-hamlet.fr, 1
+cafe-musica.org, 1
+cafe-pauline.de, 1
+cafe-service.ru, 0
+cafead.de, 1
+cafeamazon.tk, 1
+cafeapple.com, 1
+cafebab.com, 1
+cafebeauty.com, 1
+cafebeirut.tk, 1
+cafecentraal.tk, 1
+cafecentral.tk, 1
+cafechesscourt.com, 1
+cafechroma.tk, 1
+cafecobus.tk, 1
+cafedelcielo.co, 1
+cafedesignbooks.com, 1
+cafedospescadores.tk, 1
+cafedupont.be, 1
+cafedupont.co.uk, 1
+cafedupont.de, 1
+cafedupont.nl, 1
+cafefacil.com.br, 1
+cafehaventje.tk, 1
+cafeimsueden.de, 1
+cafeitalia.tk, 1
+cafekleuskens.tk, 1
+cafelandia.net, 1
+cafemadrid.tk, 1
+cafemandala.hu, 0
+cafemodi.cz, 0
+cafenix.tk, 1
+cafenoorderzon.tk, 1
+cafeobscura.nl, 1
+cafeplacedumarche.ch, 1
+cafepress.com.au, 1
+cafermin.com, 1
+cafesangtao.com, 1
+cafesforonda.com, 1
+cafetaste.com, 1
+cafeterya.tk, 1
+cafethevibes.com, 1
+cafethrive.co.uk, 1
+cafevelo.org, 1
+caffe.ga, 1
+caffect.com, 1
+caffein.cf, 1
+caffeinate.co.uk, 1
+caffeineandconcrete.com, 1
+caffeinebookly.com, 1
+caffeinefiend.org, 1
+caffelatte.tk, 1
+cafferata.tk, 1
+caffeservice.hu, 1
+caffewasyl.pl, 1
+cafled.org, 1
+caflou.com, 1
+caflou.cz, 1
+cafpatronato.it, 1
+caftan.tk, 1
+cagalogluhamami.com.tr, 1
+cagao.com, 1
+cagbuzau.ro, 1
+cageworld.tk, 1
+cagir.eu, 1
+cagivaclub.tk, 1
+caglarcakici.com, 1
+cagranollers.tk, 1
+cagrierdogdu.com, 1
+cagrimerkezinumarasi.com, 1
+cahfee.com, 1
+cahn-achn.ca, 1
+cahuilla-nsn.gov, 1
+caian.com, 1
+caiben.org, 1
+caibi.io, 1
+caic.com.sg, 1
+caidao.com, 1
+caifan.com, 1
+caihuan.com, 1
+caijunyi.net, 0
+caikuai.com, 1
+caillou.eu, 1
+cailoli.com, 1
+caimin.com, 1
+caindelhi.in, 1
+cainesjannif.com, 1
+cainiao.moe, 1
+caio.moe, 1
+caipai.fm, 1
+caipiao.com.cn, 1
+caipsnotes.com, 1
+caiqu.com, 1
+caiqueparrot.com, 1
+cairan.com, 1
+cairnterrier.com.br, 1
+cairohost.ml, 1
+cairokebab.com, 1
+cairui.com, 1
+cais.de, 1
+caise.tk, 1
+caissefrancaisedefinancementlocal.fr, 1
+caivps.com, 1
+caiwenjian.xyz, 1
+caixiange.com, 1
+caixideal-serralharia.pt, 1
+caiyi.com, 1
+caiyou.com, 1
+caizx.com, 0
+caj-eichstaett.de, 1
+caja-pdf.es, 0
+cajadecoloreshome.com, 1
+cajadelparque.tk, 1
+cajamarca.blog, 1
+cajaregionalserrana.com.mx, 1
+cajas.zone, 1
+cajio.ru, 1
+cak.nl, 1
+cakalnedobe.si, 1
+cake-n-go.com, 1
+cakearific.com, 1
+cakedeliver.com, 1
+cakedeveloperers.ga, 1
+cakedeveloperest.ga, 1
+cakelaces.com, 1
+cakeoffencesact.uk, 1
+cakes.ga, 1
+cakes.tk, 1
+cakesbyzoey.com, 1
+cakeshop.xyz, 1
+cakesoverseas.com, 1
+cakessl.com, 1
+cakestandscarriers.tk, 1
+caketoindia.com, 1
+cakeup.in.ua, 1
+cakingandbaking.com, 1
+cakir.info.tr, 1
+cakko.ml, 1
+caknowledge.com, 1
+cal-pacpainting.com, 1
+cal.goip.de, 1
+cal9000.com, 1
+calaad.net, 1
+calabasaselectric.com, 1
+calabasaselectrical.com, 1
+calabasaselectrician.com, 1
+calabasasexteriorlighting.com, 1
+calabasaslandscapelighting.com, 1
+calabasaslighting.com, 1
+calabasasoutdoorlighting.com, 1
+calaborlawnews.com, 1
+calabozo.tk, 1
+caladan.tk, 1
+calaficirecords.cf, 1
+calaix.click, 1
+calamidad.tk, 1
+calamp.com, 1
+calancamassages.ch, 0
+calandrahosting.tk, 1
+calantonieta.tk, 1
+calasiaoplantcoop.com.ph, 1
+calaverascounty.gov, 1
+calaverasmedicalcannabis.com, 1
+calcasieu.gov, 1
+calcasieuclerk.gov, 1
+calcasieuparish.gov, 1
+calcasieusheriff.gov, 1
+calcedge.com, 1
+calcettomania.com, 1
+calcinacci.com, 1
+calcinacci.roma.it, 1
+calcionews24.com, 1
+calcioragusa.tk, 1
+calcioweb.eu, 1
+calconcontractors.com, 1
+calcoolator.pl, 1
+calcsoft.tk, 1
+calculadora-de-derivadas.com, 1
+calculadora-de-integrales.com, 1
+calculadoraconversor.com, 1
+calcularis.ch, 1
+calculate.co.kr, 1
+calculateaspectratio.com, 1
+calculates.org, 1
+calculator-app.com, 1
+calculator-imt.com, 1
+calculator.aws, 1
+calculator.tf, 1
+calculatorspace.com, 1
+calculatortvers.ga, 1
+calculatortvest.ga, 1
+calcworkshop.com, 1
+caldaia.roma.it, 1
+caldaro.de, 1
+caldaro.org, 1
+caldecotevillagehall.co.uk, 1
+calderagallery.com, 1
+calderasgranada.cf, 1
+caldercenter.org, 1
+caldervets.co.uk, 1
+caldoletto.com, 1
+caldwell.com, 1
+caleaders.cf, 1
+caleatoxic.org, 1
+caledoniaoh.gov, 1
+caledonie.tech, 1
+calefones-electricos.com, 1
+calendar.cf, 0
+calendar.google.com, 1
+calendarinspiration.com, 1
+calendariodecorrida.com.br, 1
+calendarpensers.ga, 1
+calendarpensest.ga, 1
+calendarr.com, 1
+calendarsnow.com, 1
+calendly.com, 1
+calendriergn.ch, 1
+calendriergratuit.fr, 1
+caletka.cz, 1
+caletka.nl, 1
+calgarydermatologisters.ga, 1
+calhoun.tk, 1
+calhouncityms.gov, 1
+calhouncountyfl.gov, 1
+calhouncountyflsheriff.gov, 1
+calhouncountyil.gov, 1
+calhounfalls.gov, 1
+calhounmi911.gov, 1
+caliber.to, 1
+calibermind.com, 1
+calibrationrecall.com, 1
+calibreapp.com, 1
+calibso.net, 1
+calidadbio.com, 1
+calidoinvierno.com, 1
+californiabalsamic.com, 1
+californiabudgetfinance.tk, 1
+californiabuilding.ma, 1
+californiahairmd.com, 0
+californiahealth.tk, 1
+californiahumanrights.tk, 1
+californiakingsnakepet.com, 1
+californialemonlaw-lawyers.com, 1
+californiamusicacademy.com, 1
+californianet.tk, 1
+californiaonlinedivorce.com, 1
+californiapa.gov, 1
+californiavalues.cf, 1
+calim.com.ar, 1
+calimero.tk, 1
+calindairy.com, 1
+calinetworks.com, 1
+caliph.one, 1
+calisteniaperu.ga, 1
+calisthenicroutines.com, 1
+calitateavietii-ardeal.ro, 1
+call.me, 1
+call2counter.com, 0
+calla.pl, 1
+callabs.net, 1
+callahancountytx.gov, 1
+callan.com, 1
+callanenglish.tk, 1
+callanetica.ru, 1
+callanjg.co.uk, 1
+callantonia.com, 1
+callawaymn.gov, 1
+callawayracing.se, 0
+callaworker.ml, 1
+callbackform.tk, 1
+callbell.eu, 1
+callcenterdeluxecalls.nl, 1
+callcriteria.com, 1
+callear.org, 1
+callerid4u.com, 1
+callerstrom.se, 1
+calleveryday.com, 1
+callflex.com.br, 1
+callfordataspeakers.com, 1
+callforkunst.de, 0
+callfunc.com, 1
+callhappyhive.com, 1
+callhippo.com, 1
+callhome.link, 1
+callhub.io, 1
+calliesalls.com, 1
+calligraph.gq, 1
+calligraphychic.com, 1
+callisabel.fr, 1
+callmebetty.com, 1
+callmewhatever.com, 1
+callmewhatever.de, 1
+callmewhatever.net, 1
+calloway.us, 1
+callowaycountyky.gov, 1
+callrail.com, 0
+callsign.com, 0
+callsigns.ca, 1
+calltoar.ms, 1
+callum.au, 1
+callummoore.au, 1
+callumsilcock.me, 1
+calluro.hr, 1
+callvip.tk, 1
+callwork.tk, 1
+cally.tk, 1
+callychat.tk, 1
+calmaririshmusicfestival.tk, 1
+calmer-cloud.de, 1
+calminteractive.fr, 1
+calomel.org, 1
+calonmahasiswa.com, 1
+calotte-academy.com, 1
+calpaterson.com, 1
+calposa.ml, 1
+calref.ca, 1
+calref.cc, 0
+calsense.net, 1
+calu.me, 1
+calucon.de, 1
+caluette.com, 1
+calumcrawford.com, 1
+calumetcounty.gov, 1
+calvario.tk, 1
+calvaryhospital.org, 1
+calverleyparish.church, 1
+calvertcityky.gov, 1
+calverttx.gov, 1
+calvin.my, 1
+calvusconsultancy.nl, 1
+calystral.com, 1
+calyxinstitute.org, 1
+calzadonline1.com, 1
+camago.dk, 1
+camagro.com, 1
+camaradecomerciosiguatepeque.hn, 1
+camaras.uno, 1
+camarilla.tk, 1
+camarilloelectric.com, 1
+camarilloelectrical.com, 1
+camarilloexteriorlighting.com, 1
+camarillolandscapelighting.com, 1
+camarillolighting.com, 1
+camarillooutdoorlighting.com, 1
+camaronazo.com, 1
+camarzanadetera.tk, 1
+camashop.de, 1
+camastowncar.com, 1
+cambados.tk, 1
+cambait.tk, 1
+camberford.com, 1
+cambiamenti-climatici.it, 1
+cambiamos.tk, 1
+cambiata.io, 1
+cambier.org, 1
+cambioeuro.es, 1
+cambioeuro.it, 1
+cambiowatch.ch, 0
+cambodiainfo.tk, 1
+cambopost.tk, 1
+cambramanresa.cat, 1
+cambridge-security.com, 1
+cambridgeanalytica.cz, 1
+cambridgeanalytica.net, 1
+cambridgemoneyman.com, 1
+cambridgesecuritygroup.org, 1
+cambridgetutors.com, 1
+cambuslangharriers.org, 1
+camconn.cc, 0
+camdenhistory.com, 1
+camdennj.gov, 1
+camdenny.gov, 1
+camdenpaws.com.au, 1
+camdesign.pl, 1
+camel2243.com, 1
+camelcrush.cf, 1
+camelflight.tk, 1
+camelforensics.com, 1
+camelia-poezii.tk, 1
+camelia.bg, 1
+camelion.tk, 1
+camella.com.ph, 1
+camelservers.com, 1
+camenisch.ws, 1
+cameo-membership.uk, 0
+cameo.ee, 1
+cameos.bo, 1
+camera-podvod.tk, 1
+camerahire.com.au, 1
+cameraman.tk, 1
+cameramark.nl, 1
+camerashot.tk, 1
+cameraslyphotography.tk, 1
+camerata.com, 1
+cameraviva.com.br, 1
+camerawisata.com, 1
+cameria.tk, 1
+cameriere.it, 1
+cameroncountytx.gov, 1
+cameronherold.com, 1
+cameronphotographyok.com, 1
+cameronsiguenza.com, 1
+cameronstar.tk, 1
+cameronwince.com, 1
+cameronwv.gov, 1
+cameroonlounge.com, 1
+camerweb.es, 1
+camfire.family, 1
+camfire.school, 1
+camfire.team, 1
+camgirl-info.net, 1
+camgirl.ga, 1
+camgo.org, 1
+camhavuz.com, 1
+camilamoreno.tk, 1
+camilaporto.tk, 1
+camilat.tk, 1
+camileonline.tk, 1
+camilia.io, 1
+caminoneocatecumenal.tk, 1
+caminosalavida.com, 1
+caminreal.tk, 1
+camionerosdecoslada.tk, 1
+camionesdesegundamano.net, 1
+camipress.ga, 1
+camisa12store.com.br, 1
+camisado.tk, 1
+camisantiago.tk, 1
+camisetas-bones.com.br, 1
+camisetas4fun.com.br, 1
+camisetasbichopreguica.com.br, 1
+camisetasmalwee.com.br, 1
+camisetasparatodos.tk, 1
+camit.tk, 1
+camixo.tk, 1
+camjackson.net, 0
+cammamam.gq, 1
+camnews.tk, 1
+camolist.com, 1
+camon.si, 1
+camouflaged.tk, 1
+camp-pleinsoleil.ch, 0
+campaign-ad.com, 1
+campaign-center.net, 1
+campaign.gov.scot, 1
+campaign.gov.uk, 1
+campaigner.gq, 1
+campaignlake.com, 1
+campaignwiki.org, 1
+campaignzee.com, 1
+campalhilal.org, 1
+campamentos.info, 1
+campamerika.de, 1
+campanhamamypoko.com.br, 1
+campbellcountywy.gov, 1
+campcambodia.org, 1
+campcar-location.com, 1
+campdesante.com, 1
+campdetarragona.tk, 1
+campeonatoalemao.com.br, 1
+camperdays.de, 1
+camperdirectoryers.ga, 1
+camperdirectoryest.ga, 1
+camperlist.com, 1
+campermanaustralia.com, 1
+campertrailerfinance.com.au, 1
+camperverzekerd.nl, 1
+campfire.moe, 1
+campfiretails.org, 1
+campfourpaws.com, 0
+campguaikinima.com, 1
+camping-aupigeonnier.fr, 1
+camping-chantemerle.com, 1
+camping-dulac-dordogne.com, 1
+camping-everywhere.fun, 1
+camping-le-pasquier.com, 1
+camping-seilershof.de, 1
+camping-trentino.it, 1
+camping.it, 1
+campingbuffs.com, 1
+campingcarlovers.com, 1
+campingdebergboer.tk, 1
+campingfontanelle.it, 1
+campinggadgetest.ga, 1
+campinghuntingshooting.com, 1
+campingpasseiermeran.com, 1
+campingprofessionalsest.ga, 1
+campingshop.pl, 1
+campingwatchest.ga, 1
+campistry.net, 1
+camplaza.tk, 1
+campmackinaw.com, 1
+campo-salado.com, 1
+campofant.com, 1
+campogrande.ms, 1
+campograndenews.com.br, 1
+campolivillagebakery.com, 1
+campona.hu, 1
+camposolillo.tk, 1
+camppisos.com.br, 1
+camprunamutt.dog, 1
+campsite-explorer.top, 1
+campsoulfestival.com, 1
+campstuffs.com, 1
+camptonnh.gov, 1
+camptuk.org, 1
+campula.cz, 1
+campus-finance.com, 1
+campuscom.jp, 1
+campuscore.eu, 1
+campusdrugprevention.gov, 1
+campuskota.com, 1
+campuspodsers.ga, 1
+campuspodsest.ga, 1
+campvana.com, 1
+camrecord.ml, 1
+camreviews.org, 1
+camrosewebservices.com, 1
+camsexia.com, 1
+camsexia.net, 1
+camsexia.org, 1
+camshort.com, 1
+camshowhub.com, 1
+camsky.de, 0
+camslurp.com, 1
+camslurp.net, 1
+camslurp.org, 1
+camsupplier.ml, 1
+camsupplierers.ga, 1
+camtor.ml, 1
+camuri.com, 1
+camview.nz, 1
+camworld.com, 1
+camzroofing.ca, 0
+can-amchains.com, 1
+can-fleet.com, 1
+can-tran.com, 1
+canabeinternacional.com, 1
+canada-tourisme.ch, 0
+canadaabroad.com, 0
+canadacloudpharmacy.com, 1
+canadaclub.tk, 1
+canadacommunity.org, 1
+canadacouncil.ca, 1
+canadafactcheck.ca, 0
+canadagoosejacketscanada.ca, 1
+canadahustle.com, 0
+canadalife.de, 1
+canadamails.tk, 1
+canadapet.club, 1
+canadapets.club, 1
+canadapost-postescanada.ca, 1
+canadapropertyexpert.ca, 1
+canadianatheists.ca, 1
+canadianatheists.com, 1
+canadianbusiness.com, 1
+canadianfriendsofyadsarah.com, 1
+canadianlandscapeart.ca, 1
+canadianlawyermag.com, 1
+canadianmetalworking.com, 1
+canadianmilitaryspouse.tk, 1
+canadianoutdoorequipment.com, 1
+canadianpharmacyonline.com, 1
+canadianpointerclub.tk, 1
+canadiansinternet.com, 1
+canadiansrit.tk, 1
+canadiantouristboard.com, 1
+canae.org, 1
+canajoana.eu, 1
+canal-onanismo.org, 1
+canal4.com.ni, 1
+canalbpv.com, 1
+canalcienciascriminais.com.br, 1
+canalconfidencial.com.br, 1
+canaldeintegridade.com.br, 1
+canaldelaespartera.tk, 1
+canalecontracting.com, 1
+canalescape.tk, 1
+canalinterativo.cf, 1
+canalinterativo.ml, 1
+canalinterativo.tk, 1
+canalpatriotas.tk, 1
+canalrivertrust.org.uk, 1
+canalspa.cl, 1
+canaltrece.com.co, 1
+canamo-solidario.tk, 1
+canaresidences.com, 1
+canaria.ga, 1
+canariasport.com, 0
+canariculturacolor.com, 1
+canaryaspets.com, 1
+canarymod.net, 1
+canarypower.tk, 1
+canarys.cf, 1
+canastasderegalointernacionales.com, 1
+canavilage.com, 1
+canavillage.net, 1
+canavillagepuntacana.com, 1
+canavillageresidences.com, 1
+canberraoutletcentre.com.au, 1
+canberrarunners.org.au, 1
+cancan.ml, 1
+cancer-info.org, 1
+cancer.gov, 1
+canceraid.coach, 1
+canceraid.com, 1
+canceraid.com.au, 1
+canceraid.io, 1
+cancerdata.nhs.uk, 1
+cancersintomas.com, 1
+cancertherapy.tk, 1
+cancomputers.hn, 1
+cancunhealthers.ga, 1
+cancunvacationexperts.com, 1
+candaceplayforth.com, 1
+candas.tk, 1
+candelaguatemala.tk, 1
+candex.com, 1
+candicecity.com, 0
+candidasa.com, 1
+candidateexperiencemarketing.nl, 1
+candidatlibre.net, 1
+candidcard.ga, 1
+candidcarders.ga, 1
+candidcardest.ga, 1
+candinya.com, 1
+candinya.me, 1
+candlcastles.co.uk, 1
+candlelightchallenge.tk, 1
+candlelightediting.com, 1
+candlemakingexplained.com, 1
+candlepro.cf, 1
+candlevn.com, 1
+candorhealthed.org, 1
+candy-pop.tk, 1
+candyalexa.net, 1
+candyboulevard.tk, 1
+candybouquet.tk, 1
+candybygrant.com, 1
+candydol.xyz, 1
+candydoll11.com, 1
+candydoll12.com, 1
+candydoll13.com, 1
+candydoll14.com, 1
+candydoll15.com, 1
+candydoll3.com, 1
+candydoll7.com, 1
+candydoll8.com, 1
+candydoll9.com, 1
+candyflavor.com, 1
+candykidsentertainment.co.uk, 1
+candykurs.ru, 1
+candylion.rocks, 1
+candypalace.tk, 1
+candysailing.ml, 1
+candysamira.org, 1
+candytip.ru, 1
+candyxs.org, 1
+canecorsodogguide.com, 1
+canek.es, 0
+canelaimobiliaria.com.br, 1
+canellayachts.com, 1
+canetelareal.tk, 1
+canfazz.com, 1
+canfield.gov, 1
+canfleet.ca, 1
+canfleet.com, 1
+canfleet.info, 1
+canfleetglobal.com, 1
+canfleetlogistics.com, 1
+cangku.in, 1
+cangurin.com, 1
+canhas.report, 1
+canhazip.com, 1
+canhq.tk, 1
+canhtuaone.com, 0
+cani-compostelle.fr, 1
+canibrowse.net, 1
+canidelite-toulouse.fr, 1
+canihavesome.coffee, 0
+canile.it, 1
+caninecompilation.com, 1
+caninejournal.com, 1
+caniuse.email, 1
+canjo.gov, 1
+cankado.com, 1
+canker.org, 1
+cankhon.tk, 1
+cankirihaber.tk, 1
+cankutahya.com.tr, 1
+canlidiziizlesene.org, 1
+canliradyodinle.fm, 1
+canlitelefonhatti.ga, 1
+canlom.tk, 1
+canmipai.com, 1
+canmypet.net, 1
+cannabis-marijuana.com, 1
+cannabisdiscounter.ca, 1
+cannabishouseyeg.com, 1
+cannabislegality.info, 1
+cannabisoffers.net, 1
+cannabisreports.org, 1
+cannabistraininguniversity.com, 1
+cannabiz.tk, 1
+cannabytes.net, 1
+cannacards.ca, 1
+cannagoals.com, 1
+cannamaca.com, 1
+cannamx.online, 1
+cannaseedsonline.com, 1
+cannature.eu, 1
+cannedcyberlabs.org, 1
+cannellecitron86-biomonde.fr, 1
+canningcityfc.org.au, 1
+canningpartners.com.au, 1
+cannoli.london, 1
+cannon.org.cn, 1
+cannoncountytn.gov, 1
+cannonriverwatershedmn.gov, 1
+canntinas.com, 0
+cannyfoxx.me, 1
+canobag.es, 1
+canondrivers-support.com, 1
+canondrivers.org, 1
+canonisti.fi, 1
+canoonic.se, 1
+canopy.ninja, 1
+canopycleaning.com.au, 1
+canopycleaningmelbourne.com.au, 1
+canopyservicing.com, 1
+canopytax.com, 1
+canossagardens.org.au, 0
+canossahospital.org.au, 1
+canovamedical.co.uk, 1
+canovamedical.com, 1
+canperclinicaveterinaria.com, 1
+canrarantra.tk, 1
+canstar.co.nz, 1
+canstar.com.au, 1
+canstarblue.co.nz, 1
+canstarblue.com.au, 1
+cantaloupe.ga, 1
+cantalupo.tk, 1
+cantando.nl, 1
+cantarefacile.com, 1
+cantarella.tk, 1
+cantatio.ch, 0
+cantautores.tk, 1
+cantdecidename.com, 1
+canterbury.ws, 1
+canterburybouncycastlehire.co.uk, 1
+canterburycrest.org, 1
+canterburynh.gov, 1
+canters.tk, 1
+cantinhodabia.com, 1
+cantongroup.com, 1
+cantonmi.gov, 1
+cantonmopolice.gov, 1
+cantonms.gov, 1
+cantoo.fr, 1
+cantor.cloud, 1
+cantosdisidentes.tk, 1
+cantrack.com, 1
+cantstopart.com, 1
+canukseeds.com, 1
+canuluduz.tk, 1
+canv4s.com, 1
+canva-dev.com, 1
+canva-staging.cn, 1
+canva-staging.com, 1
+canva.cn, 1
+canva.com, 1
+canvas-art.tk, 1
+canvaspersonalized.com, 1
+canveganseat.com, 1
+canyoncreekjeep.com, 1
+canyonisd.net, 1
+canyonshoa.com, 1
+canyontx.gov, 1
+canyou.ai, 1
+canyou.com.au, 1
+canyoupwn.me, 1
+cao.bi, 1
+cao.gov, 1
+cao.la, 1
+caocao.cf, 1
+caodecristachines.com.br, 0
+caodesantohumberto.com.br, 1
+caos.ch, 0
+caoshanhu.com, 1
+caoshe.com, 1
+caostura.com, 1
+caoyao.com, 1
+caozuo.com, 1
+cap-study.com, 1
+cap21-lrc.fr, 1
+cap73.fr, 1
+cap75.com, 1
+capa.digital, 1
+capacityproject.org, 1
+capari.co, 1
+caparicasurfing.com, 1
+caparis.nl, 1
+capeannpediatrics.com, 1
+capebretonpiper.com, 1
+capecanaveral.gov, 1
+capecod.gov, 1
+capecoral.gov, 1
+capecycles.co.za, 1
+capehipandknee.co.za, 1
+capekeen.com, 1
+capellan.pe, 1
+capellen.tk, 1
+capeprivacy.com, 0
+capetown.travel, 1
+capetownelite.co.za, 1
+caph.info, 1
+caphane.com, 1
+caphapupolas.ga, 1
+caphapupolas.ml, 1
+caphefin.com, 1
+capicibera.tk, 1
+capike.cf, 1
+capillary.io, 1
+capimlimaoflores.com.br, 1
+capitainebaggy.ch, 0
+capitains.tk, 1
+capital-electronics.ml, 1
+capital-match.com, 1
+capitalcap.com, 1
+capitalcollections.org.uk, 1
+capitalcounselor.com, 1
+capitalendurancegroup.com, 1
+capitalibre.com, 1
+capitalindustrygroup.com.au, 1
+capitalise.ai, 1
+capitalism.party, 1
+capitalism.rip, 1
+capitalist.cf, 1
+capitalmarkets.online, 1
+capitalmatters.cf, 1
+capitalmatters.ga, 1
+capitalmatters.gq, 1
+capitalmatters.ml, 1
+capitalmediaventures.co.uk, 1
+capitalmedicals.co.nz, 1
+capitalnativenations.org, 1
+capitaloneshopping.com, 1
+capitalontap.com, 1
+capitalp.jp, 1
+capitalpay.ml, 1
+capitalpipeline.tech, 1
+capitalquadatv.org.nz, 1
+capitalrooms.ga, 1
+capitalroomsers.ga, 1
+capitalscum.tk, 1
+capitalsejours.fr, 1
+capitalspiderers.ga, 1
+capitalstakepool.info, 1
+capitaltruepartner.hk, 1
+capitaltruepartnertechnology.cn, 1
+capitalwin.com, 1
+capitan.ml, 1
+capitanbeilinson.tk, 1
+capitapeskanova.tk, 1
+capitein.tk, 1
+capitolavenue62.co.in, 1
+capitolcounseling.net, 1
+capitolnational.com, 1
+capitolpathways.org, 1
+capitolrisk.tk, 1
+capitoltrades.com, 1
+capitone.fr, 1
+caplinbouncycastles.co.uk, 1
+caponte.io, 1
+caporalmktdigital.com.br, 1
+capota.tk, 1
+capper.de, 1
+cappp.cz, 1
+capradip.in, 0
+capriccio.to, 1
+caprichosdevicky.com, 1
+caprigo.ru, 1
+capris.cr, 0
+capro.global, 1
+caps-hats.tk, 1
+caps.equipment, 1
+caps.is, 1
+caps.solutions, 1
+caps.systems, 1
+capseo.id, 1
+capsicle.tk, 1
+capslock.ch, 1
+capsogusto.com, 1
+capstansecurity.co.uk, 1
+capstansecurity.com, 1
+capsuladigital.tk, 1
+capsulafinanciera.com, 1
+capsule.org, 0
+capsulekitchen.co, 1
+capsulezone.tk, 1
+captain-dandelion.com, 1
+captain-droid.com, 1
+captainark.net, 1
+captainchef.net, 1
+captainclaw.tk, 1
+captainjanks.tk, 1
+captainratnesh.tk, 1
+captainsavage.lt, 1
+captainscarlet.tk, 1
+captainsinn.com, 1
+captainsonic.com, 1
+captainsunshine.tk, 1
+captalize.com, 1
+captivationscience.com, 1
+captivationtheory.com, 1
+capturebilling.com, 1
+captured-symphonies.com, 1
+capturelead.tk, 1
+capturis.com, 1
+capuchinox.com, 1
+caputo.com, 1
+capybaraowner.com, 1
+car-alarm.tk, 1
+car-clean-nord.de, 1
+car-diagnose.com, 1
+car-dismantling.tk, 1
+car-expresso.com, 1
+car-forums.com, 1
+car-hire-lisbon.com, 1
+car-keys.tk, 1
+car-market.tk, 1
+car-seats-store.ga, 1
+car-speed.tk, 1
+car-touch.tk, 1
+car.info, 1
+car24portal.de, 1
+car3d.gq, 1
+car4rent.fr, 1
+cara-bisnis.tk, 1
+cara-mudah-hidup-sehat.tk, 1
+carabin.cf, 1
+caraccidentlawyersaltlake.com, 1
+caraccidentslawyer.tk, 1
+caraccio.li, 1
+caracterizacion.tk, 1
+caradaftarakun.ga, 1
+caragame.id, 1
+carajas.tk, 1
+caralarm.cf, 1
+caralarm.tk, 1
+caraliadeluxe.net, 1
+caralina.com, 1
+caramelldansen.com, 1
+caramellespinell.tk, 1
+caramplifier.com, 1
+caratennison.net, 1
+carauctionnetwork.com, 1
+carauctionsalabama.com, 1
+carauctionscarolina.com, 1
+carauctionsgeorgia.com, 1
+carauctionsillinois.com, 1
+carauctionsnewyork.com, 1
+caraudiostore.tk, 1
+caravaca.tk, 1
+caravansciences.tk, 1
+caravelairclub.tk, 1
+caraz.tk, 1
+carballeira.tk, 1
+carbaza.ru, 1
+carberra.io, 1
+carberra.xyz, 1
+carbeso.site, 1
+carbgrent.com, 1
+carbon-project.org, 1
+carbon.coop, 1
+carbon12.org, 1
+carbon12.software, 1
+carbonadvantage.tk, 1
+carbonaphta.com, 1
+carboncountypa.gov, 1
+carboncountywy.gov, 1
+carbondix.com, 1
+carboneventsupport.be, 1
+carboneventsupport.lu, 1
+carbonholic.org, 1
+carbonkiller.org, 1
+carbonlib.com, 0
+carbonmapper.org, 1
+carbonmonoxidelawyer.net, 1
+carbonnel.me, 0
+carbono.uy, 1
+carbonopuro.es, 0
+carbonswap.exchange, 1
+carbonswap.finance, 1
+carbontv.com, 1
+carbonvision.cn, 0
+carcare.net.au, 1
+carcatron.org, 1
+carceloinfierno.tk, 1
+carcheck123.com, 1
+carck.co.uk, 1
+carcleannord.de, 1
+carcloud.ch, 1
+carcluesest.ga, 1
+carcrushe.rs, 1
+carcrushers.cc, 1
+cardanalysisers.ga, 1
+cardano.eco, 1
+cardbouns.tk, 1
+cardcaptorsakura.jp, 1
+cardcollectors.ch, 1
+carddelivery.com, 1
+cardexaminerers.ga, 1
+cardexaminerest.ga, 1
+cardiagnose.nl, 1
+cardiagnostics.tk, 1
+cardiffmoneyman.com, 1
+cardinauto.fr, 1
+cardingforum.co, 1
+cardington.tk, 1
+cardinus.com, 1
+cardioagainstcancer.nl, 1
+cardiology.academy, 1
+cardiology.gq, 1
+cardios.srv.br, 1
+cardiosportsilvinadelgado.com, 0
+cardiothinklab.com, 1
+cardity.de, 1
+cardliquidatorsers.ga, 1
+cardloan-center.jp, 1
+cardloan-manual.net, 1
+cardmarketersers.ga, 1
+cardmarketersest.ga, 1
+cardmart.tk, 1
+cardmates.com.br, 1
+cardmates.net, 1
+cardmates.org, 1
+cardmates.ru, 1
+cardmates.ua, 1
+cardmetricsers.ga, 1
+cardmetricsest.ga, 1
+cardoni.net, 1
+cardpaymentoptions.com, 1
+cardpyramiders.ga, 1
+cardranking.jp, 1
+cardrecovery.fr, 1
+cards4jobs.com, 1
+cardschat.com, 1
+cardsolutionsbh.com.br, 1
+cardstesting.tk, 1
+cardstream.com, 1
+cardswith.love, 1
+cardtrekers.ga, 1
+cardtrekest.ga, 1
+cardtronics.com, 1
+cardwar.tk, 1
+cardwars.hu, 1
+care-pack.eu, 1
+care-q.net, 1
+care4all.com, 1
+care4homecare.nl, 1
+careapp.com.au, 1
+carear.com, 1
+carecm.de, 1
+career-conduct.jp, 1
+career-guidance.com, 1
+careerandjobsearch.tk, 1
+careercapital.co.za, 1
+careerdiary.co.uk, 1
+careergigo.com, 1
+careergo.org, 1
+careernet.in, 1
+careeroptionscoach.com, 1
+careerpower.co.in, 1
+careersinpsychology.org, 1
+careertransformed.com, 1
+carefix.pro, 1
+carefree-creative.com, 1
+carefy.ph, 1
+carehomejob.co.uk, 1
+careium.co.uk, 1
+carekleen.com.au, 1
+carelancerportfolio.ga, 1
+careloco.tk, 1
+caremad.io, 1
+carepan.ga, 1
+carepassport.com, 1
+caresco.nl, 1
+careshields.sg, 1
+carespot.com, 1
+carespottravelmedicine.mobi, 1
+caretaker.com, 1
+carethehealth.com, 1
+caretoyou.com, 1
+caretta.co.uk, 1
+carevan.org, 1
+carevic.eu, 1
+carevo.id, 1
+careyohio.gov, 1
+careyolsen.com, 1
+carezza.net, 1
+carfamily.com, 1
+carfashion.com.mx, 1
+carfax.ca, 1
+carfaxcanadaappgateway.azurewebsites.net, 1
+carfinancehelp.com, 1
+carfinans.ru, 1
+carforme.gr, 1
+carfraemill.co.uk, 1
+cargo.build, 1
+cargobas.com, 1
+cargobay.net, 1
+cargoio.com, 1
+cargomaps.com, 1
+cargorestraintsystems.com.au, 1
+cargosapiens.com.br, 1
+cargotariff.ml, 1
+cargotransinfo.ru, 1
+carhunters.cz, 1
+caribank.org, 1
+caribbeancinemas.com, 1
+caribbeansolutionslab.com, 1
+caribeeficiente.com.co, 1
+caribuku.tk, 1
+caricature.fr, 1
+caricatureavenue.com, 1
+carien.eu, 1
+carif-idf.net, 0
+carigami.fr, 1
+cariki.gq, 1
+carikiv.gq, 1
+carillon.tk, 1
+carinaklijn.nl, 1
+carine.ml, 1
+caringkitsforkids.org.uk, 1
+caringmedicine.ga, 1
+caringpups.com, 1
+carinsuranceliveest.ga, 1
+carinthia.eu, 1
+carioca-romania.ro, 1
+cariocabelos.com.br, 1
+cariproperti.com, 1
+carisenda.com, 1
+carium.com, 1
+carkeysanantonio.com, 1
+carkeysystem.com, 1
+carl-blum-haus.tk, 1
+carl-topham.com, 0
+carl.land, 1
+carlansell.co.uk, 1
+carlaschiavone.tk, 1
+carlasecrets.com, 1
+carlcsaposs.com, 1
+carlelo.com, 1
+carlesribot.tk, 1
+carleycounselingservices.com, 1
+carlgo11.com, 1
+carlicahn.com, 1
+carlife-at.jp, 1
+carlijnottens.nl, 1
+carlili.fr, 1
+carlingfordapartments.com.au, 1
+carlingforddental.com.au, 1
+carlinmack.com, 1
+carlislebrass.com, 1
+carlislecounty.gov, 1
+carlite.at, 1
+carlitoxxpro.com, 1
+carlmjohnson.net, 0
+carloancalculator.tk, 1
+carlobiagi.de, 1
+carlocksmith--dallas.com, 1
+carlocksmithbaltimore.com, 1
+carlocksmithcarrollton.com, 1
+carlocksmithellicottcity.com, 1
+carlocksmithfallbrook.com, 1
+carlocksmithkey.com, 1
+carlocksmithlewisville.com, 1
+carlocksmithmesquite.com, 1
+carlocksmithsjohannesburg.co.za, 1
+carlocksmithtucson.com, 1
+carloelectrical.com, 1
+carlolacana.tk, 1
+carlons.cf, 1
+carlos-moreira.com, 1
+carlosabarbamd.com, 1
+carlosbronze.com.br, 1
+carloscar.art, 1
+carloscar.co, 1
+carloscar.com, 1
+carloscar.se, 1
+carloscolina.com, 1
+carlosfelic.io, 1
+carlosgago.tk, 1
+carlosguadian.tk, 1
+carloshmm.com, 1
+carloshmm.stream, 1
+carloshmoreira.com, 1
+carlosjeurissen.com, 1
+carlosjeurissen.nl, 1
+carlospiga.fr, 1
+carlosvelezmarketing.com, 1
+carlot-j.com, 1
+carls-fallout-4-guide.com, 1
+carlsbadluxuryhotels.ga, 1
+carlshamnbageri.com, 1
+carlshamnbageri.se, 1
+carlshamnmejeri.com, 1
+carlshamnmejeri.se, 1
+carlshamnsvaxtrike.se, 1
+carlshamnvaxtrike.se, 1
+carlsonfonder.se, 1
+carlsonfund.de, 1
+carlsonfunds.com, 1
+carlsonsw.com, 1
+carltoncountymn.gov, 1
+carltonelitetravel.ga, 1
+carltontownfc.tk, 1
+carlvanderlaan.com, 1
+carlysgarden.net, 1
+carmageddon.tk, 1
+carmarthenradiocontrolledcarclub.tk, 1
+carmela.tk, 1
+carmelrise.co.uk, 1
+carmelss.edu.hk, 1
+carmeltownship-mi.gov, 1
+carmen1996.com, 1
+carmengrayfanclub.tk, 1
+carmeni.tk, 1
+carmeny.org, 1
+carminemastropierro.com, 1
+carna.tk, 1
+carnageheart.tk, 1
+carnagevisors.tk, 1
+carnaticalifornia.com, 1
+carnavaldeltoro.tk, 1
+carnavales.tk, 1
+carnavalinrothem.tk, 1
+carnedelmercado.com, 1
+carnell.com, 1
+carnet-du-voyageur.com, 1
+carnetdeconducir.club, 1
+carni.tk, 1
+carnica.tk, 1
+carniceriaserrador.es, 1
+carnildo.com, 1
+carnivalcostumes.tk, 1
+carnivalkingsupplies.com, 1
+carnivorediet.gr, 1
+carnivorousplants.co.uk, 1
+carobme.de, 1
+carocream.org, 1
+caroffer.ch, 1
+carohq.com, 1
+caroinstitute.cf, 1
+carol-lambert.com, 1
+carolcestas.com, 1
+caroli.biz, 1
+caroli.com, 1
+caroli.info, 1
+caroli.name, 1
+caroli.net, 1
+carolicious.tk, 1
+carolina.cz, 1
+carolinaharboe.baby, 1
+carolinaharboe.com, 1
+carolinaoliveira.tk, 1
+carolinarice.com, 1
+carolinasaddictionfellows.com, 1
+carolinashoe.com, 1
+carolinavarletaarriagada.tk, 1
+carolineball.com, 1
+carolinebazin.fr, 1
+carolineeball.com, 1
+carolinegirvan.com, 1
+carolinehanania.com, 1
+carolinehoule.com, 1
+carolinelanglois.fr, 1
+carolineovercash.com, 1
+carolinepleuvret.fr, 1
+carolmolinari.tk, 1
+carontetourist.hr, 1
+carontetouristisoleminori.it, 1
+carottage-beton.com, 1
+carousel.ga, 1
+carouselbuses.co.uk, 1
+carouselinsights.com, 1
+carp-world.tk, 1
+carp-zeeland.tk, 1
+carp4life.tk, 1
+carparo.net, 0
+carpeleo.com, 1
+carpeleo.mobi, 1
+carpeleo.se, 1
+carpentersvilleil.gov, 1
+carpet24.gr, 1
+carpetandhardwoodflooringpros.com, 1
+carpetcleanerswilmington.com, 1
+carpetcleaning-cypress.com, 1
+carpetcleaningtomball.com, 1
+carpetcobblers.ga, 1
+carpio.tk, 1
+carplus.es, 1
+carplus.net, 1
+carportus.com, 1
+carpostal.com, 1
+carprice.auction, 1
+carprice.ru, 1
+carproof.com, 1
+carpticon.tk, 1
+carpuya.ga, 1
+carrabiners.tk, 1
+carraboucrafts.com, 1
+carre-jardin.com, 1
+carre-lutz.com, 1
+carre.nl, 1
+carrelageetmosaique.fr, 1
+carreraspopularescalendario.com, 1
+carrgroup.co.nz, 1
+carrgroup.com.au, 1
+carriage.fun, 1
+carriedin.com, 1
+carrier.tools, 1
+carrieunderwood.tk, 1
+carrion.tk, 1
+carrmachines.co.nz, 1
+carrmachines.com.au, 1
+carrnorthamerica.com, 1
+carroattrezzi.it, 1
+carroattrezzi.lazio.it, 1
+carroattrezzimilanodaluiso.it, 1
+carroceriascarluis.com, 1
+carrolcountyohioelections.gov, 1
+carrollcotne911.gov, 1
+carrollcountyil.gov, 1
+carrollcountyiowa.gov, 1
+carrollcountynh.gov, 1
+carrollcountynhdeeds.gov, 1
+carrolltontx.gov, 1
+carroseletricosbh.com.br, 1
+carrosserie-delaval.be, 1
+carrouselcompany.fr, 1
+carrozzeria.roma.it, 1
+carrozziere.roma.it, 1
+carrumhealth.com, 1
+carry.luxe, 1
+carryvanbruggen.tk, 1
+cars-project.ru, 1
+cars4salecy.com, 1
+carsandstars.com.au, 1
+carseatchecks.ca, 1
+carshippingcarriers.com, 1
+carsinsuranceis.com, 1
+carsmate.com, 1
+carsoft.tk, 1
+carson-matthews.co.uk, 1
+carsonca.gov, 1
+carsonkoziol.com, 1
+carsonmorrow.com, 1
+carsoug.com, 1
+carspicture.tk, 1
+carspneu.cz, 1
+carsreborn.com, 1
+carstar.com.ua, 1
+carstub.com, 1
+carsurance.net, 1
+carsworld.cf, 1
+cartadeviajes.cl, 1
+cartadeviajes.co, 1
+cartadeviajes.com, 1
+cartadeviajes.com.ar, 1
+cartadeviajes.com.ve, 1
+cartadeviajes.de, 1
+cartadeviajes.ec, 1
+cartadeviajes.es, 1
+cartadeviajes.fr, 1
+cartadeviajes.mx, 1
+cartadeviajes.pe, 1
+cartadeviajes.uk, 1
+cartago.co.cr, 1
+cartaisapre.com, 1
+cartaodigi.com, 1
+carte-resident.ci, 1
+cartegrise.com, 1
+cartegrise.xyz, 1
+carteles.tk, 1
+cartelloni.roma.it, 1
+carteltec.com, 1
+cartercountymo.gov, 1
+carterdan.net, 1
+carterjonas.co.uk, 1
+carterkosturos.com, 1
+carterstad.se, 1
+cartertonscouts.org.nz, 1
+cartes-voyance.fr, 1
+cartesfrance.fr, 1
+cartesy.de, 1
+cartfilm.tk, 1
+cartft.com, 1
+carthagecement.com.tn, 1
+carthedral.com, 1
+cartierplan.ga, 0
+cartomancieperso.tk, 1
+cartongesso.roma.it, 1
+cartons-cheap.tk, 1
+cartooncastles.ie, 1
+cartooncollections.com, 1
+cartoonlists.com, 1
+cartoonstock.com, 1
+cartoontube69.com, 1
+cartoonvibe.com, 1
+cartoonwap.tk, 1
+cartoradio.fr, 1
+cartorio4oficiojuazeiro.com.br, 1
+cartorios.tk, 1
+cartoservice.tk, 1
+cartouche24.eu, 1
+cartridge.bg, 1
+cartridge.gq, 1
+cartridgereviewers.ga, 1
+cartridgereviewsers.ga, 1
+cartridgereviewsest.ga, 1
+cartridgesave.co.uk, 1
+cartturbo.com, 1
+cartucce24.it, 1
+cartuchoonline.com.br, 1
+cartunings.tk, 1
+cartwrightrealestate.com, 1
+carty.bg, 1
+carun.us, 0
+carunion.nl, 1
+carus.com, 1
+carver.tk, 1
+carvercountymn.gov, 1
+carvoeiro-car-hire.com, 1
+carwashdruten.nl, 1
+carwashkampen.nl, 1
+carwreckcowboy.com, 1
+caryl.fr, 1
+carymedicalgroup.com, 1
+caryvilletn.gov, 1
+cas-chauxdefonds.ch, 0
+cas-ebbers.nl, 1
+casa-app.de, 0
+casa-brel.ml, 1
+casa-carla.it, 1
+casa-due-pur.com, 1
+casa-due-pur.de, 1
+casa-due.com, 1
+casa-familia.com, 0
+casa-indigo.com, 1
+casa-laguna.net, 1
+casa-lunch-break.de, 1
+casa-lunchbreak.de, 1
+casa-mea-inteligenta.ro, 1
+casa-prince.tk, 1
+casaasia.cat, 1
+casaasia.es, 1
+casaasia.eu, 1
+casabella.com.tw, 1
+casacampolima.com, 1
+casacapalbio.com, 1
+casacazoleiro.com, 1
+casachameleonhotels.com, 1
+casachronicles.com, 1
+casacochecurro.com, 1
+casacoleccionistagaldar.tk, 1
+casacolosseo.com, 1
+casacomcharme.com.br, 1
+casacoscolo.tk, 1
+casadasmolas.tk, 1
+casadedios.tk, 1
+casadegomes.com, 1
+casadelasvinas.com, 1
+casadetiteres.tk, 1
+casadoarbitro.com.br, 1
+casadomarketingdigital.com.br, 1
+casadopulpo.com, 1
+casaessencias.com.br, 1
+casafina.tk, 1
+casagami.ga, 1
+casagyn.com.br, 1
+casajeannine.tk, 1
+casalacabra.com, 1
+casalborgo.it, 1
+casalcrevillent.tk, 1
+casaledibuccole.it, 1
+casalinghedisperate.ga, 1
+casalopez.tk, 1
+casalor.ro, 1
+casalunchbreak.de, 1
+casamariano.es, 1
+casamentos.com.br, 1
+casamentos.pt, 1
+casamiento.com.uy, 1
+casamientos.com.ar, 1
+casandraemge.tk, 1
+casanuova.tk, 1
+casaoggidomani.it, 1
+casapalla.com.br, 1
+casapedra.tk, 1
+casaplorer.com, 1
+casaruralsantamaria.tk, 1
+casasbandeirantes.com.br, 1
+casasensunbridge.com, 1
+casashops.com, 1
+casasparaperross.com, 1
+casasuara.com, 1
+casasuleletrodomesticos.com.br, 1
+casatendeiro.tk, 1
+casavacanze.estate, 1
+casavaleria.tk, 1
+casavlas.ro, 1
+casbia.info, 0
+casbuijs.nl, 1
+casburggraaf.com, 0
+casc.cz, 1
+casca.tk, 1
+cascadenos.tk, 1
+cascadewindows.com, 1
+cascadinglounge.tk, 1
+cascavelle.fr, 1
+cascavelle.nl, 1
+cascd.pt, 1
+case-vacanza-salento.com, 1
+case3d.ro, 1
+case4you.bg, 1
+case4you.ro, 1
+casecandy.in, 1
+casecurity.org, 1
+caseform.de, 1
+caseificio.roma.it, 1
+caselemnbarat.ro, 1
+casemaka.com, 1
+caseof.fr, 1
+casepariurionline.ro, 1
+caseplus-daem.de, 1
+casertanews.it, 1
+cases.lu, 1
+casetech.com, 1
+casewarecloud.com, 1
+caseycapitalpartners.com, 1
+casgp.com, 0
+cash-bot.tk, 1
+cash-generator.tk, 1
+cash-pos.com, 1
+cash.app, 1
+cash.me, 1
+cash.nyc, 1
+cashamerican.tk, 1
+cashati.com, 1
+cashbackcow.us, 1
+cashbacksummit.com, 1
+cashblog.ga, 1
+cashbook.co.tz, 1
+cashbot.sk, 1
+cashbuild.co.za, 1
+cashcode.ga, 1
+cashcoin.tk, 1
+cashconverters.co.uk, 1
+cashconverters.com, 1
+cashconverters.com.au, 1
+cashdo.co.il, 1
+cashdrop.ga, 1
+cashenvoy.com, 1
+cashewmanufacturers.com, 1
+cashflowstrategist.com, 0
+cashforcarremovalsipswich.com.au, 1
+cashfortulsahouses.com, 1
+cashline.tk, 1
+cashlink.de, 0
+cashlogic.ch, 0
+cashmanagerbg.com, 1
+cashmaxtexas.com, 1
+cashortrade.org, 1
+cashper.de, 1
+cashplk.com, 1
+cashregistry.tk, 1
+cashsector.ga, 1
+cashservices.com.au, 1
+cashwave.com, 1
+cashworks.ga, 1
+cashworks.tk, 1
+cashyourcar.sydney, 1
+casian.ir, 1
+casillasdecoria.tk, 1
+casino-apps.dk, 1
+casino-cash-flow.com.ru, 1
+casino-cash-flow.info, 1
+casino-cash-flow.pro, 1
+casino-cash-flow.ru, 1
+casino-cash-flow.su, 1
+casino-cashflow.ru, 1
+casino-hero.de, 0
+casino-online.info, 1
+casino-r.com, 1
+casino-spelletjes.com, 1
+casino-trio.com, 1
+casino-z-top.ru, 1
+casino.guide, 1
+casino.org, 1
+casinobonus360.de, 1
+casinobonuscodes365.com, 1
+casinobuyersguide.com, 1
+casinocashflow.ru, 1
+casinocashflow.su, 1
+casinochecking.com, 0
+casinocity.africa, 1
+casinocity.ag, 1
+casinocity.am, 1
+casinocity.ar, 1
+casinocity.asia, 1
+casinocity.ax, 1
+casinocity.ba, 1
+casinocity.bg, 1
+casinocity.bi, 1
+casinocity.bj, 1
+casinocity.bz, 1
+casinocity.ci, 1
+casinocity.cl, 1
+casinocity.cm, 1
+casinocity.co, 1
+casinocity.co.at, 1
+casinocity.co.bw, 1
+casinocity.co.hu, 1
+casinocity.co.il, 1
+casinocity.co.im, 1
+casinocity.co.na, 1
+casinocity.co.nl, 1
+casinocity.co.tz, 1
+casinocity.com.au, 1
+casinocity.com.br, 1
+casinocity.com.by, 1
+casinocity.com.de, 1
+casinocity.com.gr, 1
+casinocity.com.jm, 1
+casinocity.com.ng, 1
+casinocity.com.ni, 1
+casinocity.com.pa, 1
+casinocity.com.pr, 1
+casinocity.com.ru, 1
+casinocity.com.tt, 1
+casinocity.com.ve, 1
+casinocity.cr, 1
+casinocity.cy, 1
+casinocity.cz, 1
+casinocity.dj, 1
+casinocity.do, 1
+casinocity.ee, 1
+casinocity.es, 1
+casinocity.eu, 1
+casinocity.fi, 1
+casinocity.fr, 1
+casinocity.gd, 1
+casinocity.ge, 1
+casinocity.gp, 1
+casinocity.gs, 1
+casinocity.gt, 1
+casinocity.gy, 1
+casinocity.hk, 1
+casinocity.hn, 1
+casinocity.hr, 1
+casinocity.ie, 1
+casinocity.im, 1
+casinocity.in, 1
+casinocity.it, 1
+casinocity.jp, 1
+casinocity.ke, 1
+casinocity.kr, 1
+casinocity.la, 1
+casinocity.lc, 1
+casinocity.li, 1
+casinocity.lk, 1
+casinocity.lt, 1
+casinocity.ltd.uk, 1
+casinocity.lu, 1
+casinocity.lv, 1
+casinocity.ma, 1
+casinocity.md, 1
+casinocity.me, 1
+casinocity.mk, 1
+casinocity.ms, 1
+casinocity.mt, 1
+casinocity.mu, 1
+casinocity.mw, 1
+casinocity.mx, 1
+casinocity.no, 1
+casinocity.nz, 1
+casinocity.pe, 1
+casinocity.ph, 1
+casinocity.pl, 1
+casinocity.pt, 1
+casinocity.re, 1
+casinocity.ro, 1
+casinocity.rs, 1
+casinocity.sb, 1
+casinocity.sc, 1
+casinocity.se, 1
+casinocity.sg, 1
+casinocity.si, 1
+casinocity.sk, 1
+casinocity.sl, 1
+casinocity.sn, 1
+casinocity.st, 1
+casinocity.sx, 1
+casinocity.tg, 1
+casinocity.tv, 1
+casinocity.ug, 1
+casinocity.uy, 1
+casinocity.vc, 1
+casinocity.vn, 1
+casinocity.vu, 1
+casinocity.web.za, 1
+casinocity.ws, 1
+casinocitytimes.com, 1
+casinocosmopol.se, 1
+casinocrit.com, 1
+casinofollower.com, 1
+casinohex.co.nz, 1
+casinohex.co.za, 1
+casinohex.org, 1
+casinohex.se, 1
+casinoindex.io, 1
+casinoleader.com, 1
+casinolegal.pt, 1
+casinolistings.com, 1
+casinologinaustralia.com, 1
+casinomucho.com, 1
+casinomucho.org, 1
+casinomucho.se, 1
+casinonieuws.nl, 1
+casinoonlineprova.com, 1
+casinoportugal.pt, 1
+casinopromote.com, 1
+casinoreal.com, 1
+casinorewards.info, 1
+casinorobots.com, 1
+casinosanalyzer.com, 1
+casinosblockchain.io, 1
+casinoscout.ca, 1
+casinoscout.nl, 1
+casinoscryptos.com, 1
+casinoslotsww.com, 1
+casinosnederland.com, 1
+casinospesialisten.net, 1
+casinotokelau.tk, 1
+casinotop10.net, 1
+casinotopplistan.com, 1
+casinotopplisten.com, 1
+casinotopsonline.com, 1
+casinoua.club, 1
+casinovendors.com, 1
+casio-caisses-enregistreuses.fr, 1
+casio.bg, 0
+casitawn.cf, 1
+casjay.cloud, 0
+casjay.com, 0
+casjay.info, 0
+casko-insurance.tk, 1
+casman.tk, 1
+casnoviatownshipmi.gov, 1
+caso.co.jp, 1
+casovi.cf, 1
+casperfect.com, 1
+casperpanel.com, 1
+caspi.org.il, 1
+caspianrentcar.com, 1
+caspicards.com, 1
+casscoroadmi.gov, 1
+casscountyia.gov, 1
+casscountyil.gov, 1
+casscountymn.gov, 1
+casscountyne.gov, 1
+cassembly.fr, 1
+cassia.gov, 1
+cassies.com.au, 1
+cassilandianoticias.com.br, 1
+cassimo.com, 0
+cassini.ro, 1
+casso.ml, 1
+casso.tk, 1
+cassvilletwpwi.gov, 1
+cassvillevlgwi.gov, 1
+cast-london.co.uk, 1
+castagnino.net, 1
+castagnola.tk, 1
+castagnonavocats.com, 1
+castalie.tk, 1
+castaneatownshippa.gov, 1
+castaneda.tk, 1
+castedart.com, 1
+castelflowers.it, 1
+castella.tk, 1
+castellet.tk, 1
+castelletto.tk, 1
+castelli-media.de, 1
+casteloinformatica.com.br, 1
+castelsardo.tk, 1
+casterleyrock.com, 1
+castglobal-china.biz, 1
+casthull.co.uk, 1
+castiana.xyz, 1
+castible.de, 1
+castiel.cf, 1
+castilla-comunera.tk, 1
+castillo.club, 1
+castillosohail.es, 1
+casting-vote.tk, 1
+castingallaitaliana.com, 1
+castingfrancais.com, 1
+castingnetworks.com, 1
+castings.tk, 1
+castit.biz, 1
+castlabs.com, 0
+castle-emarketing.com, 1
+castle-engine.io, 1
+castlebuilder.com, 1
+castlecapers.com.au, 1
+castlehack.ga, 1
+castlekingdomstockport.co.uk, 1
+castlekingkent.co.uk, 1
+castlemania.tk, 1
+castleoblivion.tk, 1
+castles-in-the-sky.co.uk, 1
+castleswa.com.au, 1
+castlevaniaspain.tk, 1
+castorio.tk, 1
+castrillodelavalduerna.tk, 1
+castrillodelavega.tk, 1
+castrillodevillavega.tk, 1
+castroverde.tk, 1
+castrovirreyna.tk, 1
+casualclubdating.ml, 1
+casualiswebs.com, 1
+casuallab.com, 1
+casuallyblue.xyz, 1
+casualtime.ga, 1
+casusgrillcaribbean.com, 1
+cat-encyclopedia.ml, 1
+cat-problems.ml, 1
+cat.casa, 1
+cat.fo, 1
+cat.ne, 1
+cat.net, 1
+cataclysmal.org, 1
+catagec.com, 1
+catalog-bookinist.tk, 1
+catalog-clothing.tk, 1
+catalog-lingerie.tk, 1
+catalog-lingeries.tk, 1
+catalog-serverov.ml, 1
+catalog-serverov.tk, 1
+catalog-underwear.tk, 1
+catalogador.ml, 1
+catalogcomputerhardware.tk, 1
+catalogingpro.com, 1
+catalogobiblioteca.com, 1
+catalogobiblioteca.net, 1
+catalogosvirtualesonline.com, 1
+catalogueau.com, 1
+catalojic.tk, 1
+catalonia.tk, 1
+catalyseurs-territoriaux.org, 1
+catalyst-ecommerce.com, 1
+catalystapp.co, 1
+catandmoonalchemy.com.au, 1
+cataniatoday.it, 1
+catanzarotoday.it, 1
+catapa.com, 1
+catapultgroup.ca, 1
+catarrhalfuns.tk, 1
+catartofsweden.se, 1
+catastrofy.tk, 1
+catatanviral.com, 1
+catatau.tk, 1
+catawiki.com, 1
+catawiki.de, 1
+catawiki.net, 1
+catawiki.nl, 1
+catb.on.ca, 1
+catbat.rocks, 1
+catbeautifulanimal.tk, 1
+catbold.space, 1
+catbop.com, 1
+catbox.moe, 1
+catbull.com, 1
+catcafe.gg, 1
+catcat.cc, 1
+catcatnya.com, 1
+catchall.tw, 1
+catchers.cc, 1
+catchhimandkeephim.com, 1
+catchief.com, 1
+catchteamca.gov, 1
+catchup-enschede.tk, 1
+catcontent.cloud, 1
+catcoxx.com, 1
+catcut.com, 1
+catechese-ressources.com, 1
+catedraderechonotarial.es, 1
+catedraloscura.tk, 1
+catedralsantodomingo.org, 1
+catego.info, 1
+catenacondos.com, 1
+caterbing.com, 1
+catering-fantasia.tk, 1
+catfish.gq, 1
+catfishworld.tk, 1
+catflap.org, 1
+catfood.cf, 1
+catfood.ga, 1
+catfooddispensersreviews.com, 1
+catfoto.cf, 1
+catfun-foto.de, 1
+catgarden.tk, 1
+catgirl.center, 1
+catgirl.cloud, 1
+catharinalingeries.com.br, 1
+catharinaparkieten.tk, 1
+catharinaziekenhuis.nl, 1
+cathcartandwinn.com, 1
+cathcartconsulting.com.au, 1
+cathedralappointments.co.uk, 1
+cathedralofsatan.tk, 1
+cathelp.cf, 1
+cathelp.cn, 1
+cathelp.xyz, 1
+catherinejf.com, 1
+catherinesarasin.com, 1
+catherinesofpartick.co.uk, 0
+catholic8964.org, 1
+catholicjobs.com, 1
+catholicprayers.tk, 1
+catholicteuchtar.cf, 1
+catholicteuchtar.ga, 1
+catholicteuchtar.ml, 1
+cathosa.nl, 1
+cathosting.org, 1
+cathouse.me, 1
+cathrine.tk, 1
+cathy.best, 1
+cathy.guru, 1
+cathy.legal, 1
+cathy.lgbt, 1
+cathy.link, 1
+cathy.website, 1
+cathyfitzpatrick.com, 1
+cathyjf.ca, 1
+cathyjf.com, 1
+cathyjf.net, 1
+cathyjf.org, 1
+cathyjfitzpatrick.com, 1
+cathylean.tk, 1
+cativa.net, 1
+catl.st, 1
+catland.club, 1
+catlettsburgky.gov, 1
+catlicking.com, 1
+catlive.com, 1
+catlovingcare.com, 1
+catmash.tk, 0
+catmatchers.org, 1
+catme.org, 1
+catmonad.xyz, 1
+catmoose.ca, 1
+catmoz.fr, 1
+catnetworks.co.jp, 1
+catnmeow.com, 1
+catphysics.com, 1
+catpic.xyz, 1
+catplay.tk, 1
+catprincess.com.tw, 1
+catprint.com, 1
+catpumpsonline.com, 1
+catram.org, 1
+catransportation.net, 1
+catrins-kunst.de, 1
+cats-dom.ru, 1
+catscreativecakes.ga, 1
+catskillselfstorage.com, 1
+catsmagic.pp.ua, 1
+catsnow.com, 1
+catsofcapetown.com, 1
+catsoft.me, 1
+catstv.tk, 1
+cattaingroup.com, 1
+cattellar.tk, 1
+cattery-mundilfari.tk, 1
+cattery.work, 1
+catterydelmoria.tk, 1
+catterydumagasin.tk, 1
+cattiau.com, 1
+cattleplay.gq, 1
+catto.win, 1
+cattsgym.co.uk, 1
+catu-bikes.se, 1
+catus.moe, 1
+catvibers.me, 1
+catvsmice.com, 1
+catwilliford.com, 1
+catylist.com, 1
+catz-productions.tk, 1
+caucasusandmercury.com, 1
+caucus.fr, 1
+caueteam.tk, 1
+caughtredhanded.co.nz, 1
+caulacbonuochoa.tk, 1
+caulfieldeastapartments.com.au, 1
+caulkingexperts.com, 1
+caulong-ao.net, 1
+caumont-normandie.fr, 1
+cauquenes.tk, 1
+cavac.at, 1
+cavalassur.com, 1
+cavaleirocity.com.br, 1
+cavaliernd.gov, 1
+cavallochiropractic.com, 1
+cavalryscout.com, 1
+cave-reynard.ch, 1
+cave-vet-specialists.co.uk, 1
+cavecreekaz.gov, 1
+cavediverharry.com, 1
+cavemax.com, 1
+cavenderhill.com, 1
+caviarmultimedia.com, 1
+cavinesswealth.com, 1
+cavisson.com, 1
+cavistenancy.fr, 1
+cavzodiaco.com.br, 1
+caw.be, 1
+cawagiras.ga, 1
+caxaa.mx, 1
+caycehouse.com, 1
+caymart.com, 1
+cazadordebuenaonda.com, 1
+cazaviajes.es, 1
+cazes.info, 1
+cazfire.gov, 1
+cazinoz.ru, 1
+cazizi.com, 1
+cazoo-dev.co.uk, 1
+cazoo-dev.com, 1
+cazoo-test.co.uk, 1
+cazoo-test.com, 1
+cazoo.co.uk, 1
+cazoo.com, 1
+cb-crochet.com, 1
+cb1388.com, 1
+cb1588.com, 1
+cb96net.ru, 1
+cba.gov.pl, 1
+cbaamaga.com, 1
+cbbio.fr, 1
+cbc-hire.co.uk, 1
+cbca.gov, 1
+cbcembalagens.com.br, 1
+cbcentelles.tk, 1
+cbcf.info, 1
+cbcnet.co.za, 1
+cbcnet.info, 1
+cbd-natural.de, 1
+cbd-world-online.com, 1
+cbd.supply, 1
+cbd181.com, 1
+cbd2050.com, 1
+cbdbflo.com, 1
+cbdbonplan.com, 1
+cbdcontact.eu, 1
+cbdcontact.pl, 1
+cbdd.eu.org, 1
+cbddo.gov.tr, 1
+cbdecoshop.lt, 1
+cbdev.de, 1
+cbdication.com, 1
+cbdlession.com, 1
+cbdoilcures.co, 1
+cbdtelegram.com, 1
+cbecrft.net, 1
+cbet.lt, 1
+cbflleida.cat, 1
+cbh.org, 1
+cbhcfl.gov, 1
+cbhq.net, 1
+cbi-epa.gov, 1
+cbin168.com, 1
+cbintermountainrealty.com, 1
+cbiq.com.iq, 1
+cbk.kg, 1
+cbl.sk, 1
+cblocallocksmiths.co.uk, 1
+cbmanager.dk, 1
+cbmc.store, 1
+cbmusa.com, 1
+cbnegocial.com.br, 1
+cboard.ml, 1
+cboard.net, 1
+cboost.nl, 1
+cboss.xyz, 1
+cbpay.com, 1
+cbpridecenter.org, 1
+cbr-rcb.ca, 1
+cbr-xml-daily.ru, 1
+cbrbuildingrepairs.com.au, 1
+cbrtrainer.com, 1
+cbs-engineering.com, 1
+cbs-engineering.it, 0
+cbs.nl, 1
+cbs3design.it, 1
+cbt.quest, 1
+cbt.tj, 1
+cbtest.de, 1
+cbw.sh, 1
+cbxp.in, 1
+cby.im, 0
+cc-customer.de, 1
+cc.ag, 1
+cc.hn, 1
+cc00228.com, 0
+cc5197.co, 1
+cc6729.co, 1
+cc6729.com, 0
+cc6957.co, 1
+cc8822.cc, 1
+cc8833.cc, 1
+cc9297.co, 1
+cc9397.com, 0
+cc9728.co, 1
+cc98.eu.org, 1
+cca.ky, 1
+ccaa.gg, 1
+ccaag.link, 1
+ccaag.me, 1
+ccaag.mx, 1
+ccaag.net, 1
+ccaag.us, 0
+ccac.gov, 1
+ccad.edu, 1
+ccaguavivadonaciones.org, 1
+ccaj.io, 1
+ccak.training, 1
+ccarps.com, 1
+ccatpracticetest.com, 1
+ccatpracticetests.com, 1
+ccattestprep.com, 1
+ccautomobil.de, 1
+ccayearbook.com, 1
+ccb.gov, 1
+ccbin.tk, 1
+ccc-ch.ch, 1
+ccc-checker.cn, 1
+ccc-cloud.de, 1
+ccc-ffm.de, 1
+ccc.eu, 1
+ccc.gov, 1
+ccc.org, 1
+ccc.xxx, 1
+cccc.loan, 1
+cccleaner.tk, 1
+cccp-o.tk, 1
+cccpublishing.com, 1
+cccwien.at, 1
+ccdcoe.org, 0
+ccddos.club, 1
+ccdgaia.pt, 0
+ccdiscussion.com, 1
+ccdlab.ooo, 1
+ccdnederland.org, 1
+ccdohnj.gov, 1
+cceifame.com, 1
+ccelectricaldrafting.ca, 1
+cceputnam360.com, 1
+ccestaque.tk, 1
+ccgx.de, 1
+cchat.de, 1
+cchim.ca, 1
+cciiblog.tk, 1
+cciofficial.com, 1
+cck-law.com, 1
+ccl776o.tk, 0
+cclasabana.com.co, 1
+ccli.com, 1
+ccmg.com, 1
+ccnadesdecero.com, 1
+ccnbikes.com, 1
+ccnda.net, 1
+ccnda.org, 0
+ccnexus.global, 1
+ccnm.cc, 1
+ccoo.cat, 1
+ccorca.org, 1
+ccover.ru, 1
+ccpaas.net, 1
+ccparishwilmington.org, 1
+ccpdata.org, 1
+ccpe.net, 1
+ccpgmpo.gov, 1
+ccpinturas.com, 1
+ccpinvestments.com, 1
+ccplot.org, 1
+ccprwebsite.org, 1
+ccrun.tk, 1
+ccsaposs.com, 1
+ccshire.ga, 1
+ccsk.training, 1
+ccskills.org.uk, 1
+ccslt.org.nz, 1
+ccsrv.eu, 1
+ccsys.com, 1
+cctld.com, 1
+cctv-camera.cf, 1
+cctv-supraveghere.ro, 1
+cctv-systems.tk, 1
+cctvlaw.ga, 1
+cctvsecurityjohannesburg.co.za, 1
+cctvview.info, 0
+ccu.plus, 1
+ccuanj.gov, 1
+ccv-deutschland.de, 0
+ccv.eu, 0
+ccv.nl, 0
+ccvr6smarthome.de, 1
+ccwallet.io, 1
+ccwebdevelopment.com, 1
+ccxperience.com, 1
+cd-shopware.de, 1
+cd-sport.com, 1
+cd.net.tr, 1
+cd.search.yahoo.com, 0
+cd89.com, 1
+cda-aigle.ch, 0
+cdaid.gov, 1
+cdaldeano.tk, 1
+cdasiaonline.com, 0
+cdasphalt.com, 1
+cdavis.xyz, 1
+cdawoerden.org, 1
+cdbp.pro, 1
+cdbtech.com, 1
+cdc-security.com, 1
+cdc.cx, 1
+cdc.gov, 1
+cdcflix.xyz, 1
+cdconnect.net, 1
+cdcpartners.gov, 1
+cdd.go.th, 0
+cdda.ch, 0
+cdeeply.com, 1
+cdf-neuville.com, 1
+cdf-neuville.fr, 1
+cdf.fyi, 1
+cdf.wiki, 1
+cdfnature2019.fr, 1
+cdg30.fr, 1
+cdga.org, 1
+cdhb.health.nz, 1
+cdhome.ga, 1
+cdhqt.com, 1
+cdigitale.com, 1
+cdirectory.tk, 1
+cdkeyprices.com, 1
+cdkpatterns.com, 1
+cdkrot.me, 1
+cdlandb1.com, 1
+cdlaserena.tk, 1
+cdlinares.tk, 1
+cdm.guru, 1
+cdmdisinfestazioni.it, 1
+cdmhp.org.nz, 1
+cdmon.tech, 1
+cdn-reichelt.de, 1
+cdn.ampproject.org, 1
+cdn.ink, 1
+cdn1.com.br, 1
+cdnaval.tk, 1
+cdncompanies.com, 1
+cdndepo.com, 1
+cdnjs.com, 1
+cdnpkg.com, 1
+cdnrecords.com, 1
+cdnsys.net, 1
+cdny.de, 1
+cdnya.com, 1
+cdo.gov, 1
+cdocs.ml, 1
+cdom.de, 1
+cdp-poznan.pl, 1
+cdpn.io, 1
+cdrom.ch, 1
+cds-infra.de, 1
+cds-inquirer.tk, 1
+cdscsuc.gq, 1
+cdseditora.com.br, 1
+cdsf.tk, 1
+cdsfinancial.ca, 1
+cdshining.com, 0
+cdsportal.uk, 1
+cdt.cz, 1
+cdt.org, 0
+cdusapps.eu.org, 1
+cduspages.eu.org, 1
+cdvl.org, 1
+ce-agentur.de, 0
+ce-na.ru, 1
+ce-tuifrance.com, 1
+ce-webdesign.de, 1
+cea.ru, 1
+ceafinney.com, 1
+ceannard.net, 1
+cearaagora.com.br, 1
+cearl.cc, 1
+ceatheneum.com, 1
+ceaunulbunicii.ro, 1
+ceba-cuec.ca, 1
+cebolinha-imaginaria.com, 1
+cebrita.tk, 1
+cec.org.es, 1
+cec.org.pt, 1
+cecalivo.tk, 1
+cecame.ch, 1
+cecamericas.com, 1
+cecilandlou.com, 1
+ceciledekock.tk, 1
+cecilga.gov, 1
+cecilia-online.nl, 1
+ceciliacolombara.com, 1
+cecilsheriffmd.gov, 1
+cecilstatesattorneymd.gov, 1
+cecilwalker.com.au, 0
+cecipu.gob.cl, 1
+ceco.cf, 1
+ced-services.nl, 1
+ceda-fi.tk, 1
+cedarcitydining.com, 1
+cedarcityut.gov, 1
+cedarcountyne.gov, 1
+cedarcoveassistedliving.com, 1
+cedarmanagementgroup.com, 1
+cedarrockalliance.com, 1
+cedric-garcia.tk, 1
+cedricbonhomme.org, 1
+cedriccassimo.ch, 0
+cedriccassimo.com, 0
+cedricpim.com, 1
+cedsp.fr, 1
+cee3.net, 1
+ceebee.com, 1
+ceecosmetic.com.br, 1
+ceefaastresources.com, 1
+ceenic.ltd, 1
+ceet.biz, 1
+ceetzie.net, 1
+ceew.in, 1
+cefi.work, 1
+cefonline.com, 1
+cegfw.com, 1
+ceiba.com.co, 1
+ceicer.eu, 1
+ceidf-vie-cooperative.fr, 1
+ceiexam.sg, 1
+ceifx.com, 1
+ceilimoss.tk, 1
+ceilingpac.org, 1
+ceinorme.it, 1
+ceiphr.com, 1
+cejgsd.org, 1
+cejhon.cz, 0
+cejky.cz, 1
+cekabajio.com, 1
+cekgacor.com, 1
+cekgacor.net, 1
+celadas.tk, 1
+celarsports.fr, 1
+celayix.com, 1
+celcelulares.com, 1
+celcomhomefibre.com.my, 1
+cele.bi, 1
+celebavirus.com, 1
+celebcritics.com, 1
+celebdaily.ga, 1
+celebi-forest.tk, 1
+celebjacket.com, 1
+celebjury.com, 1
+celebmasta.com, 1
+celebrasianconference.com, 1
+celebrate-creativity.com, 1
+celebratesportsnetwork.com, 1
+celebratingloveministry.com, 1
+celebrationoflifeplanning.co.uk, 1
+celebratoday.com, 0
+celebraze.tk, 1
+celebrex.ga, 1
+celebrex100mg.cf, 1
+celebritiesblog.tk, 1
+celebritydailynews.ml, 1
+celebrityfakes.tk, 1
+celebritynakeds.com, 1
+celebritypic.tk, 1
+celebritypics.club, 1
+celebrityscope.net, 1
+celebritysrit.tk, 1
+celebritytoob.com, 1
+celebritytopnews.tk, 1
+celebxx.com, 1
+celectro-pro.com, 1
+celendo.ga, 1
+celeraindustries.tk, 1
+celestia.tk, 1
+celestialdental.com, 1
+celestialenergies.com.au, 1
+celestialmusic.tk, 1
+celex-machinery.tk, 1
+celexa365.tk, 1
+celiac.com, 1
+celinaohiopd.gov, 1
+celine-patisserie.fr, 1
+celineitalia.tk, 1
+celinepsychotherapie.com, 1
+celinesrecipes.com, 1
+cellboost.cf, 1
+cellebrite.com, 1
+cellecci.com, 1
+cellgames.com, 1
+celliberate.co.uk, 1
+cellnatsci.com, 1
+cellopasorobles.com, 1
+cellrg.org, 1
+cellsheet.me, 1
+cellsites.nz, 1
+celltek-server.de, 1
+celltick.com, 1
+celltraders.ga, 1
+cellufit.ga, 1
+cellul19.com, 1
+cellulare.tk, 1
+cellulit.tk, 1
+celluliteorangeskin.com, 1
+celluliteremovaldiet.com, 1
+cellulitetreatment.tk, 1
+cellypso.com, 1
+celseven.com, 1
+celsoazevedo.com, 1
+celtacad.tk, 1
+celti.ie.eu.org, 1
+celti.name, 1
+celticangel.org, 1
+celticconnections.com, 1
+celticdream.tk, 1
+celtigafutbolclub.com, 1
+celulares.com, 1
+celuliteonline.com, 1
+cemac.int, 1
+cemarks.com, 1
+cemcerkez.com, 1
+cementplas.es, 0
+cementscience.com, 1
+cemetary.tk, 1
+ceml.ch, 1
+cemporcentocliente.com.br, 1
+cemregulveren.com, 1
+cenatorium.pl, 1
+cendata.co.uk, 1
+cendi.gov, 1
+cendis.cz, 1
+cennelley.com, 1
+cennelly.com, 1
+cennetfm.tk, 1
+cennetforum.tk, 1
+censamatil.net, 1
+censeo-financial.com, 1
+censored.ml, 1
+censurfridns.dk, 1
+censurfridns.nu, 1
+censys.io, 1
+centariuss.ga, 1
+centella.tw, 1
+centenariodeuncampeon.tk, 1
+centenera.tk, 1
+centennialrewards.com, 1
+center-elite.ml, 1
+center-mts.ru, 1
+center-strategy.ru, 1
+centeragro.com.br, 1
+centerforamericangreatness.com, 1
+centerforcreativeconsciousness.com, 1
+centergate.se, 0
+centerhancockin.gov, 1
+centerharbornh.gov, 1
+centermk.ru, 1
+centeronhunger.org, 1
+centerperson.org, 1
+centerpoint.ovh, 1
+centerpointwest.com, 1
+centerpointwestapartments.com, 1
+centervilleutah.gov, 1
+centio.bg, 1
+centipedegraphics.com, 1
+centolos.tk, 1
+centos.pub, 1
+centr.dn.ua, 1
+central-apartman.tk, 1
+central4.me, 1
+centralbank.ae, 1
+centralbank.ie, 0
+centralbetsers.ga, 1
+centralbetsest.ga, 1
+centralcityjuniorkindergarten.com, 1
+centralclinic.science, 1
+centralcoasthomeloans.com.au, 1
+centralconvergence.com, 1
+centralcountiesservices.org, 0
+centraldegovernanca.com.br, 1
+centraldeseguro.com.br, 1
+centraldoencanador.com.br, 1
+centrale-vapeur.pro, 1
+centralebigmat.eu, 1
+centralegedimat.eu, 1
+centralesnucleaires.fr, 1
+centralex.io, 1
+centralfor.me, 1
+centralhome.com, 1
+centralhq.tk, 1
+centralisgroup.com, 1
+centralitasbaratas.es, 1
+centralkladno.cz, 1
+centrallaketownshipmi.gov, 1
+centrallead.net, 1
+centrallondonaesthetics.co.uk, 0
+centralmarket.com, 1
+centralmissourifoundationrepair.com, 1
+centralnic.com, 1
+centralnicregistry.com, 1
+centralpaellera.com, 1
+centralpay.eu, 1
+centralpinesnc.gov, 1
+centralsite.tk, 1
+centralsoft.tk, 1
+centralspyers.ga, 1
+centralstatecu.org, 1
+centralstor.ga, 1
+centraltoken.io, 1
+centralvalleyharness.org, 1
+centralvoice.org, 1
+centrationgame.com, 1
+centre-commercial.fr, 1
+centre-equestre.net, 1
+centre-maiakovski.fr, 1
+centreagree.com, 1
+centreal.gov, 1
+centrecountyvotes.gov, 1
+centreimageriedunord.com, 1
+centremanagement.eu, 1
+centrenationaldulivre.fr, 1
+centrepointorguk-dev.azurewebsites.net, 1
+centrepresseaveyron.fr, 1
+centretownshipin.gov, 1
+centricagency.co.uk, 1
+centricient.com, 1
+centrmebeli.by, 0
+centroavant.com, 1
+centroculturalostuncalco.tk, 1
+centrodavida.com.br, 1
+centrodeeportesbarco.tk, 1
+centrodefisioterapia.com.br, 1
+centrodemediacionconcepcion.cl, 1
+centrodememoriahistorica.gov.co, 1
+centrodemioma.com.br, 1
+centroecuestrecastellar.com, 1
+centrofotostudija.lt, 1
+centrolavoro.org, 1
+centromedico.tk, 1
+centrooftalmologicomg.com.br, 1
+centropagina.it, 1
+centros.ml, 1
+centros.tk, 1
+centrosocialferrel.pt, 1
+centrselstroy.ru, 1
+centrum-bz.it, 1
+centrum-edukacji.tk, 1
+centrum.church, 1
+centrumgarten.de, 1
+centrumhodinek.cz, 1
+centrumkulturyslowianskiej.pl, 1
+centrumpieknairelaksu.pl, 1
+centrumpodpora.pl, 1
+centruvechisv.ro, 1
+centsay.info, 1
+centsay.io, 0
+centsay.net, 1
+centsay.org, 1
+centsi.io, 1
+centsiwallet.com, 1
+centumail.com, 1
+centura.de, 1
+centuria.co.nz, 1
+centuria.com.au, 1
+centurialeonina.com, 1
+centurion-consulting-cie.eu, 1
+centurion-consulting.eu, 1
+centurion-consulting.net, 1
+centurion-consulting.tech, 1
+centurion-it.site, 1
+centurion-meet.site, 1
+centurion.ovh, 1
+centurioninfosec.com, 0
+centurionlaboratories.com.ua, 1
+centurionunderground.com, 1
+century21.es, 1
+century21.pt, 1
+centuryfighters.tk, 1
+centuryforum.tk, 1
+centurykiaparts.com, 1
+centurylink.cf, 1
+centurystudios.com, 1
+ceo-consulting.eu, 1
+ceomonthlyest.ga, 1
+ceopedia.org, 1
+cephalexin.ga, 1
+cephalexincapsules.ml, 1
+cephalexincapsules.tk, 1
+cephalexine.gq, 1
+cepheid.com, 0
+cephx.com, 1
+cepmarket.com.tr, 0
+ceprenomnexistepas.ovh, 1
+cepsychologie.com, 1
+cepxuo.tk, 1
+ceramahit.ru, 1
+ceramic-glazes.com, 1
+ceramica.roma.it, 1
+ceramiche.roma.it, 1
+ceramicoatingspecialists.com, 1
+cerammind.com, 1
+ceranity.au, 1
+cerastar.com, 1
+cerber.re, 1
+cerberusecurity.com, 1
+cerberusftp.com, 1
+cerbos.cloud, 1
+cerbottana.dedyn.io, 1
+cerbottana.duckdns.org, 1
+cercanos.co, 1
+cercidiana.pt, 0
+cercle-duclos.fr, 1
+cercle-helvetia.ch, 0
+cerda-avocats.com, 1
+cerebelo.info, 1
+cerebrosano.gov, 1
+cerecup.com, 0
+ceredowv.gov, 1
+ceremonial-magic.com, 1
+ceremonialcastings.tk, 1
+ceremonialvirtualphd.com, 1
+ceremonybydesign.com.au, 1
+cerena-silver.ru, 0
+ceres-corp.org, 1
+cerezacomunicacion.com, 1
+cerfid.com.pe, 1
+cerivo.co.uk, 1
+cermak.photos, 1
+cernac.cz, 1
+cernakova.eu, 1
+cernalistina.eu, 1
+cernko.de, 1
+cerok.cl, 1
+ceroresiduo.com, 0
+cerovica.tk, 1
+cerpus-course.com, 1
+cerquitamio.com, 1
+cerrajeriaamericadelquindio.com, 1
+cerrajeriaenvillavicencio.com, 1
+cerritosca.gov, 1
+cerstve-korenie.sk, 1
+cerstvekorenie.sk, 1
+cert.ee, 0
+cert.govt.nz, 1
+cert.je, 1
+cert.or.id, 1
+cert.se, 1
+certain.com, 0
+certainbiz-news.tk, 1
+certaintelligence.com, 1
+certaireland.ie, 1
+certasenergy.co.uk, 1
+certbus.com, 1
+certcenter.com, 0
+certevia.com, 1
+certfa.com, 1
+certfica4u.com, 1
+certidao-nascimento-pt.org, 1
+certidaonc.com.br, 1
+certificados.edu.do, 1
+certificatedetails.com, 1
+certificateoflogistics.ga, 1
+certificateofpurchasing.ga, 1
+certificatespending.com, 1
+certificatetools.com, 0
+certificationacademy.com, 1
+certificationmap.com, 1
+certificato-prevenzione-incendi.it, 1
+certificazione.it, 1
+certificazioni-energetiche.it, 0
+certified-parts.com, 1
+certifiedbb.com, 1
+certifiedfieldassociate.com, 1
+certifiedmerchandiseest.ga, 1
+certifiednurses.org, 1
+certifix.eu, 1
+certifylogin.com, 1
+certiquali.fr, 1
+certivac.ch, 1
+certly.co, 1
+certnazionale.it, 1
+certo-escrow.com, 1
+certprep.fr, 0
+certpro.uk, 1
+certready.tk, 1
+certreg.eu, 1
+certsign.fr, 1
+certspotter.com, 1
+certspotter.org, 1
+certum.cn, 1
+certusquartz.com, 1
+certyhukil.ga, 1
+cervejista.com, 1
+cervek.me, 1
+cervellomorto.tk, 1
+cerveny.ch, 1
+cervenyjezek.eu, 1
+cervera.com.br, 1
+ces-ltd.co.uk, 0
+cesar-hector.tk, 1
+cesarecirugiaplastica.com, 1
+cesarfotos.com.br, 1
+cesarparedespacora.com, 1
+cesarpinto.com, 1
+cesarteixeiraimoveis.com.br, 1
+cesboard.com, 1
+cescfortuny.tk, 1
+cesclam.org, 1
+cesdb.com, 1
+cesenatoday.it, 1
+cesibo.com, 1
+cesipagano.com, 1
+cesium.ml, 1
+ceska-polygraficka.cz, 1
+ceska-polygraficka.eu, 1
+ceskaexpedice.org, 1
+ceskepivnesety.sk, 1
+ceskepivnisety.cz, 1
+cesobaly.cz, 1
+cesonia.io, 1
+cespedes.fr, 1
+cestasdepresente.com.br, 1
+cestasedelicias.com.br, 1
+cestaswmonline.com.br, 1
+cestlaviegeorgia.com, 1
+cestpasviolent.com, 1
+cestujnamiru.cz, 1
+cestujtenamiru.cz, 1
+cestunamiru.cz, 1
+cesurteknikservis.com, 1
+cesusc.edu.br, 1
+cetak.com.my, 1
+cetamol.com, 1
+cetelon.tk, 1
+ceti.ga, 1
+cetorebe.tk, 1
+ceu.edu, 0
+ceu.edu.ph, 1
+ceva-dsp.com, 1
+cevaplari.net, 1
+ceverett.io, 0
+cevin.at, 1
+cevo.com.hr, 1
+cevpu.com, 1
+cevrimicidiyet.com, 1
+cevt.ar, 1
+cewek.ml, 1
+cewood.xyz, 1
+cexplorer.io, 1
+ceyizlikelisleri.com, 1
+ceylontea.org, 1
+cezdent.com, 1
+cf-connect.nl, 1
+cf-ide.de, 1
+cf-tm.net, 1
+cf11.de, 0
+cfa.gov, 1
+cfaimpact.com, 1
+cfan.space, 1
+cfar.org, 1
+cfasync.ga, 1
+cfbenchmarks.com, 1
+cfc-swc.gc.ca, 1
+cfcbigideas.com, 1
+cfchiropractic.com, 1
+cfcpestcontrol.com, 1
+cfcproperties.com, 1
+cfda.gov, 1
+cfdata.lol, 1
+cfdcre5.org, 1
+cfdtrading.com, 1
+cfenns.ath.cx, 1
+cfent.xyz, 1
+cfgllc.us, 1
+cfh.com, 1
+cfigura.com, 1
+cflblaw.com, 1
+cfnmpics.com, 1
+cfno.org, 0
+cfo.gov, 1
+cfotech.asia, 1
+cfotech.co.nz, 1
+cfotech.com.au, 1
+cfpa-formation.fr, 1
+cfpa.gov, 1
+cfpb.gov, 1
+cfr-culturism.tk, 1
+cfrench.cc, 1
+cfse.biz, 1
+cfsh.tk, 1
+cfsrportal.org, 1
+cfst.eu.org, 1
+cftc.gov, 1
+cfurl.cf, 1
+cfxdesign.com, 1
+cg-consult.fr, 1
+cg-design.tk, 1
+cg-n.fr, 1
+cg.al, 1
+cg.search.yahoo.com, 0
+cgal.org, 1
+cgan.de, 1
+cgan.pw, 1
+cgbassurances.ch, 0
+cgbf.org, 1
+cgbh3.gq, 1
+cgbproduction.tk, 1
+cgbunch.com, 1
+cgconsulting.digital, 1
+cgdct.moe, 1
+cgdquizzes.com, 1
+cgelves.com, 1
+cges.xyz, 1
+cgestiona.com, 1
+cgha.us, 1
+cgionline.tk, 1
+cgiq.ca, 1
+cgise.com, 1
+cgknieuwpoort.nl, 1
+cglib.xyz, 1
+cgmbacklot.com, 1
+cgminc.net, 1
+cgmllc.net, 1
+cgmote.com, 1
+cgo-it.de, 1
+cgp.moe, 1
+cgpa-de.org, 1
+cgpcollective.com, 1
+cgplumbing.com, 1
+cgpn.fr, 1
+cgsmart.com, 1
+cgsmotors.com, 1
+cgstprayagraj.gov.in, 1
+cgt-univ-nantes.fr, 1
+cgtcaixabank.es, 1
+cgtips.org, 1
+cgtsoft.com, 1
+cgtv.ml, 1
+cgtx.us, 1
+cgu-ingenieria.tk, 1
+cgunited.com, 1
+ch-ariege-couserans.fr, 1
+ch-axlesthermes.fr, 1
+ch-investor.tk, 1
+ch-laborit.fr, 1
+ch-poitiers.fr, 1
+ch-stjunien.fr, 1
+ch.bzh, 1
+ch.search.yahoo.com, 0
+ch225.com, 1
+ch341.com, 1
+ch47f.com, 1
+ch4bb.org, 1
+cha-ta.com, 1
+chaacantik.tk, 1
+chaacker.tk, 1
+chabliscadillac.com, 1
+chaboisseau.net, 1
+chacoonline.com.py, 1
+chacraexperimental.com.py, 1
+chad-online.tk, 1
+chad.ch, 1
+chadis.com, 1
+chadlenz.ca, 1
+chadpugsley.com, 1
+chadslive.com, 1
+chadstoneapartments.com.au, 1
+chadtaljaardt.com, 1
+chagahq.com, 0
+chaghi.tk, 1
+chaghionline.tk, 1
+chagrindads.com, 1
+chahal.blog, 1
+chaidu.com, 1
+chaifeng.com, 1
+chaikaclub.tk, 1
+chaikinanalytics.com, 1
+chain-reaction.org.au, 1
+chainataun.ru, 1
+chainedunion.info, 1
+chainels.com, 0
+chainex.io, 1
+chainge-re.com, 1
+chaingpt.org, 1
+chainlinkfencestlouis.com, 1
+chainslayer.com, 1
+chainwhy.com, 0
+chainz.tk, 1
+chaip.org, 1
+chairtech-yellowpages.ga, 1
+chaise-de-gamer.fr, 1
+chaisystems.net, 1
+chaitanyapandit.com, 1
+chaizhikang.com, 1
+chakanaherb.be, 1
+chalanbiltv.net, 1
+chaldal.com, 1
+chalet-gerard.com, 1
+chalet-maubuisson.tk, 1
+chaletapartmentrentals.com, 1
+chaletdemontagne.org, 1
+chaletmanager.com, 1
+chaletpierrot.ch, 0
+chaletsusi.it, 1
+chaletverzekeringen.nl, 1
+challenge-magazine.org, 1
+challenge.gov, 1
+challengerinvestors.tk, 1
+challenges.gov, 1
+challengeskins.com, 1
+chalons-agglo.fr, 1
+chalonsenchampagne.fr, 1
+chalov.ml, 1
+chamartin.tk, 1
+chamath.co.uk, 1
+chamath.eu, 1
+chamath.ie, 1
+chamath.link, 1
+chamath.lk, 1
+chamath.no, 1
+chamath.uk, 1
+chamathinfotech.com, 1
+chamathj.com, 1
+chambas.com.mx, 1
+chamber.sa, 1
+chamberlinfoundation.org, 1
+chambermeansbusiness.com, 1
+chamberscountytx.gov, 1
+chameleon-ents.co.uk, 1
+chameleon.io, 1
+chameth.com, 1
+chamicro.com, 1
+chaminadeonline.org, 1
+chamonixcamera.cn, 1
+champagne-guilleminot.fr, 1
+champagneandcoconuts.com, 1
+champagneandcoffeestains.com, 0
+champaigncountyclerkil.gov, 1
+champaigncountyil.gov, 1
+champdogs.co.uk, 1
+champdogs.com, 1
+championbet.ug, 1
+championcastles.ie, 1
+championnat-romand-cuisiniers-amateurs.ch, 1
+champions.co, 1
+championsofpowerfulliving.com, 0
+championsofregnum.com, 1
+championweb.co.nz, 0
+championweb.com, 0
+championweb.com.au, 0
+championweb.com.sg, 0
+championweb.nz, 0
+championweb.sg, 0
+champsglobal.org, 1
+champslearning.co.uk, 1
+champw.com, 1
+chamsocdidong.com, 1
+chamsocial.com, 1
+chamudi.lk, 1
+chamudi.net, 1
+chamurliyski.com, 1
+chanakyanewz.com, 1
+chanchi.idv.hk, 1
+chanddriving.co.uk, 1
+chanderson.com.au, 1
+chandlerazpd.gov, 1
+chandr1000.ga, 1
+chandracenter.com, 1
+chandradeepdey.com, 1
+chandramani.tk, 1
+change10000lives.com.ph, 1
+changeactivation.com, 1
+changeanalytics.us, 1
+changecopyright.ru, 1
+changeforfuture.cf, 1
+changemywifipassword.com, 1
+changenow.io, 1
+changeplan.co, 1
+changesfor.life, 1
+changethislater.com, 1
+changetowellness.com, 1
+changeupinc.com, 1
+changing-cities.org, 1
+chanhassenmn.gov, 1
+chankin.tk, 1
+channalinflatables.com, 1
+channel, 1
+channel-7.net, 1
+channelingranny.com, 1
+channelist.tk, 1
+channellife.asia, 1
+channellife.co.nz, 1
+channellife.com.au, 1
+channelpro.es, 1
+channingmotorsport.tk, 1
+chantage.tk, 1
+chantalguggenbuhl.ch, 0
+chantellbeauty.co.uk, 1
+chantuong.org, 1
+chanz.com, 1
+chaos-darmstadt.de, 1
+chaos-wg.net, 1
+chaos.run, 1
+chaos.stream, 1
+chaoschemnitz.de, 1
+chaoscommunication.camp, 1
+chaoscycle.tk, 1
+chaosdorf.de, 1
+chaosfield.at, 1
+chaosncookies.com, 1
+chaospott.de, 1
+chaosprocess.com, 1
+chaoticevil.tk, 1
+chaoticgamers.net, 1
+chaotichive.com, 1
+chaoticlab.io, 1
+chaoticonline.tk, 1
+chaouby.com, 0
+chaowan.cf, 1
+chaoxi.io, 1
+chaoxi.link, 1
+chaoyansuo.com, 1
+chaparral.com.au, 1
+chapatuweb.com, 1
+chapek9.com, 1
+chapel.tk, 1
+chapelaria.tf, 1
+chapelfordbouncers.co.uk, 1
+chapelhillobgyn.com, 1
+chapelhousevet.co.uk, 1
+chapelle.co.uk, 1
+chapellerie-traclet.com, 1
+chapiteauxduleman.fr, 1
+chapleau.ca, 1
+chapmanstreeservice.com, 1
+chapnews.id, 1
+chapstick.life, 1
+chaqueteros.tk, 1
+char.press, 1
+character-count.com, 1
+charbonnel.eu, 1
+charcoal-se.org, 1
+charcoalvenice.com, 1
+chardik.tk, 1
+charge.ga, 1
+charge.gq, 1
+chargebacks911.com, 1
+chargeover.com, 1
+chargifi.com, 1
+chargify.com, 1
+chariots.tk, 1
+charisma.ai, 1
+charismadesign.ie, 1
+charity.cz, 1
+chariz.com, 1
+charl.eu, 1
+charlageneral.tk, 1
+charleliphile.tk, 1
+charlenevondell.com, 1
+charleroi-duty-free.com, 1
+charles-darwin.com, 1
+charles-migaud.fr, 1
+charlesbordet.com, 1
+charlesbwise.com, 1
+charlescwcooke.com, 1
+charlesdickens.tk, 1
+charlesmarsan.com, 1
+charlesperkinsacademy.com.au, 1
+charlesrogers.co.uk, 1
+charlestonfacialplastic.com, 1
+charlestonpersonalinjurylawyer.com, 1
+charlestonsecuritysystems.net, 1
+charlevoixtownship.gov, 1
+charley.tk, 1
+charlie-liveshow.com, 0
+charlie.im, 1
+charlie2alpha.org, 1
+charlie4change.com, 1
+charliebighams.co.uk, 1
+charliebighams.com, 1
+charlieblog.tk, 1
+charliedillon.com, 1
+charliegarrod.com, 1
+charlieharbourtattoos.tk, 1
+charliehr.com, 1
+charliejonas.co.uk, 1
+charliejonas.com, 1
+charlientoi.fr, 1
+charlierogers.co.uk, 1
+charlierogers.com, 1
+charliescomputerservice.com, 1
+charliez0.cf, 1
+charliez0.ga, 1
+charliez0.gq, 1
+charliez0.ml, 1
+charliez0.tk, 1
+charliez0sp.cf, 1
+charliez0sp.ga, 1
+charliez0sp.gq, 1
+charliez0sp.ml, 1
+charliez0sp.tk, 1
+charlotte-touati.ch, 1
+charlotteanne.tk, 1
+charlottecountyva.gov, 1
+charlottejulienne.com, 1
+charlottemi.gov, 1
+charlottesvillegolfcommunities.com, 1
+charlottesvillehorsefarms.com, 1
+charlotteswimmingpoolbuilder.com, 1
+charlubermensch.com, 1
+charlws.com, 1
+charlylou.de, 1
+charmander.me, 1
+charmanterelefant.at, 0
+charmcitytech.com, 1
+charming-powers.tk, 1
+charmingarsehole.tk, 1
+charmingsaul.com, 1
+charmpets.ru, 1
+charnego.tk, 1
+charon.tk, 1
+charonsecurity.com, 1
+charpy.cc, 1
+charqawi.tk, 1
+charset.org, 1
+chartafzar.com, 1
+chartbox.tk, 1
+charteredsurveyorinlondon.co.uk, 1
+charteroak.org, 1
+charthop.com, 1
+chartkick.com, 1
+chartlands.org, 1
+chartmogul.com, 1
+chartpixel.com, 1
+chartsy.de, 1
+charuga.com.au, 1
+charuni.ru, 1
+charuru.moe, 1
+chasalin.nl, 1
+chascrazycreations.com, 1
+chase.co.nz, 1
+chaseandzoey.de, 1
+chasecorp.com, 1
+chasecountyne.gov, 1
+chasetrails.co.uk, 1
+chaskafire.gov, 1
+chaskamn.gov, 1
+chaskapolice.gov, 1
+chasoslov.tk, 1
+chasse-au-tresor.eu, 1
+chasse-maree.com, 1
+chasseurdetruites.com, 1
+chastitybelts.tk, 1
+chat-buddy.com, 1
+chat-cam.tk, 1
+chat-edu.org.uk, 1
+chat-libera.com, 1
+chat-porc.eu, 1
+chat.cz, 1
+chat2.cf, 1
+chat36.ga, 1
+chat40.net, 1
+chat4me.tk, 1
+chataberan.cz, 1
+chatacademies.org.uk, 1
+chataynazz.ga, 1
+chatbarran.tk, 1
+chatbelgie.eu, 1
+chatbo.ai, 1
+chatbo.de, 1
+chatbot.one, 1
+chatbotclic.com, 1
+chatbotclick.com, 1
+chatbots.email, 1
+chatbots.systems, 1
+chatcentral.tk, 1
+chatcontrol.se, 1
+chatcuck.com, 1
+chatdoguaxinim.tk, 1
+chatdrop.org, 1
+chateau-belvoir.com, 1
+chateau-de-fresnois.com, 1
+chateau-de-fresnois.fr, 1
+chateau-dela-salle.fr, 1
+chateau-patris.com, 1
+chateauderoncourt.fr, 1
+chateaudestrainchamps.com, 0
+chateaulabrede.com, 1
+chateaulacordeliere.fr, 1
+chatedit.org.uk, 1
+chatelaine.com, 1
+chateroids.com, 1
+chatforskning.no, 1
+chatfreespeech.com, 1
+chatgayitalia.it, 1
+chatgen.ai, 1
+chatgptv.net, 1
+chatgptwith.me, 1
+chatgratis40.it, 1
+chatgtd.net, 1
+chathamcountync.gov, 1
+chathamil.gov, 1
+chathund.de, 1
+chatify.com, 1
+chatinsieme.it, 1
+chatkisskiss.tk, 1
+chatkitty.com, 1
+chatline.cf, 1
+chatline.ga, 1
+chatline.ml, 1
+chatlol.org, 1
+chatloupe.org, 1
+chatmaus.ml, 1
+chatnederland.eu, 1
+chatomg.com, 1
+chatons.org, 1
+chatopia.tk, 1
+chatounerie.com, 1
+chatovod.tk, 1
+chatphp.com, 1
+chatpoint.tk, 1
+chatreplay.stream, 1
+chatroomfans.tk, 1
+chatshort.com, 1
+chatsupport.co, 1
+chatsworthil.gov, 1
+chattahoocheefl.gov, 1
+chattergallery.com, 1
+chatteron.io, 1
+chatticketsers.ga, 1
+chattogether.tk, 1
+chattomania.it, 1
+chatu.io, 1
+chatu.me, 1
+chatucomputers.com, 1
+chatup.cf, 1
+chaturbate.com, 1
+chaturbate.eu, 1
+chaturbate.global, 1
+chaturbates.org, 1
+chaturfier.com, 1
+chatvizor.tk, 1
+chatweb.online, 1
+chatzimanolis.com, 0
+chatzimanolis.gr, 1
+chaudierecogeneration.com, 1
+chauffage-budget.fr, 1
+chaumiere.ddns.net, 0
+chaurocks.com, 1
+chaussenot.net, 1
+chaussurerunning.fr, 1
+chautauquacountyks.gov, 1
+chaveirogrimaldi.com, 1
+chaverde.org, 1
+chazalet.fr, 0
+chbs.me, 1
+chcblog.tk, 1
+chcemradost.sk, 1
+chch.it, 1
+chcheaptech.nz, 1
+chcisezeptat.cz, 1
+chckr.co, 1
+chcoc.gov, 1
+chcuscojungle.com, 1
+chda.fr, 1
+chdg.gq, 1
+chdg.tk, 1
+chdgaming.xyz, 1
+cheap-airtickets.ru, 1
+cheap-colleges.com, 1
+cheap-mattresses.co.uk, 1
+cheapacyclovir.ml, 1
+cheapairfarefrom.com, 1
+cheapairfaresdeals.com, 1
+cheapairfaresticket.com, 1
+cheapairlinesuk.com, 1
+cheapairplaneticket.biz, 1
+cheapalarmparts.com.au, 0
+cheapandbesthosting.com, 1
+cheapautoinsuranceblog.com, 1
+cheapbloggingers.ga, 1
+cheapchiaplotting.com, 1
+cheapessay.net, 1
+cheapestdirectdebit.co.uk, 1
+cheapestgamecards.com, 1
+cheapestwaytofly.com, 1
+cheapestwordpress.com, 1
+cheapexpenseers.ga, 1
+cheapexpenseest.ga, 1
+cheapfarestouk.com, 1
+cheapfarestousa.com, 1
+cheapfareto.com, 1
+cheapflightatlanta.com, 1
+cheapflightla.com, 1
+cheapflightmexico.com, 1
+cheapflightsengland.com, 1
+cheapflightsticketstoindia.com, 1
+cheapflightsunitedstates.com, 1
+cheapgeekts.com, 0
+cheapiesystems.com, 1
+cheapinternationalair.com, 1
+cheaplasix.tk, 1
+cheaplookers.ga, 1
+cheaplookest.ga, 1
+cheapmarina.com, 1
+cheapmessengersers.ga, 1
+cheapmessengersest.cf, 1
+cheapmessengersest.ga, 1
+cheapmixesers.ga, 1
+cheapnolvadex.ml, 1
+cheapsmall.tk, 1
+cheapspecialistsers.ga, 1
+cheapspecialistsest.ga, 1
+cheapsshop.tk, 1
+cheapsslsecurity.com, 1
+cheapsslsecurity.com.au, 1
+cheapsslsecurity.com.ph, 1
+cheapsyrupers.ga, 1
+cheaptadalafil.tk, 1
+cheapticket.in, 1
+cheapticketsfrom.com, 1
+cheaptucsoners.ga, 1
+cheaptucsonest.ga, 1
+cheapvaltrex.ml, 1
+cheapwarrantsers.ga, 1
+cheapwebcallsers.ga, 1
+cheapwebcallsest.ga, 1
+cheapwipesest.ga, 1
+cheapwritinghelp.com, 1
+cheapwritingservice.com, 1
+cheat-files.ml, 1
+cheatengine.ml, 1
+cheatengine.pro, 1
+cheaterbios.ga, 1
+cheatersanonymousers.ga, 1
+cheathamcountyclerk.gov, 1
+cheathax.com, 1
+cheatmasters.tk, 1
+cheatomania.tk, 1
+cheatraiders.tk, 1
+cheats.is, 1
+cheatsupreme.com, 1
+cheazey.co, 1
+cheazey.net, 1
+cheazey.org, 1
+chebotarevkk.tk, 1
+chebwebb.com, 1
+checalaweb.com, 1
+chechencity.tk, 1
+check-redirect.com, 1
+check.torproject.org, 0
+checkandreportlive.com, 1
+checkblau.de, 1
+checkbot.ml, 1
+checkccnumber.tk, 1
+checkchina.org, 1
+checkda.be, 1
+checkdithuis.nl, 1
+checkecert.nl, 1
+checkercab.tk, 1
+checkfreescore.com, 1
+checkfresh.com, 1
+checkiday.com, 1
+checkissuing.com, 1
+checkjehuis.be, 1
+checkjehuis.gent, 1
+checkjelinkje.nl, 1
+checklistbuilder.herokuapp.com, 1
+checkmack.cf, 1
+checkmack.ga, 1
+checkmack.gq, 1
+checkmarket.com, 1
+checkmarx.com, 1
+checkme.gq, 1
+checkme.ml, 1
+checkmedia.org, 1
+checkmin.cf, 1
+checkmk.com, 1
+checkmyhttps.net, 1
+checkmypsoriasis.com, 1
+checknetworks.com.au, 1
+checkngo.com, 0
+checkout.google.com, 1
+checkr.com, 0
+checkra.in, 1
+checkras.tk, 1
+checkrente.nl, 1
+checkreview.in, 1
+checkrobin.com, 1
+checkrz.com, 1
+checkspf.net, 1
+checktls.nl, 0
+checktype.com, 1
+checkui.com, 1
+checkurinsurance.com, 1
+checkusernames.com, 1
+checkyourmath.com, 1
+checkyourprivilege.org, 1
+checkyourreps.org, 1
+checookies.com, 1
+cheddarpayments.com, 1
+cheekboss.com, 1
+cheekycharliessoftplay.co.uk, 1
+cheela.org, 1
+cheem.co.uk, 1
+cheems.rip, 1
+cheers.bio, 1
+cheese-storeroom.tk, 1
+cheeseemergency.co.uk, 1
+cheesefusion.com, 1
+cheeseginie.com, 1
+cheeth.am, 1
+cheetham.me.uk, 1
+cheetham.social, 1
+cheez.systems, 1
+cheezflix.uk, 1
+chefaa.com, 1
+chefcuisto.com, 1
+chefdehome.com, 1
+chefdondari.com, 1
+chefforaday.it, 1
+chefkoch.de, 1
+cheflindseyfarr.com, 1
+chefnardulli.com, 1
+chefpablito.tk, 1
+chefscraftgourmet.com, 0
+chefshooba.com, 1
+chefstricks.info, 1
+chefsuccess.com, 1
+cheftasy.com, 1
+cheguevaraclub.tk, 1
+chehalemgroup.com, 1
+cheholchik.tk, 1
+cheibegaudi.ch, 1
+cheiloplasty.tk, 1
+chekhov.gq, 1
+chel.ga, 1
+cheladmin.ru, 1
+chelema.xyz, 1
+chellame.fr, 1
+chellescourt.tk, 1
+chelmsz.ml, 1
+chelpogoda.tk, 1
+chelsea98.com, 1
+chelseafs.co.uk, 1
+chelseagroton.com, 1
+chelseahgaul.com, 1
+chelseaok.gov, 1
+cheltenhambouncycastles.co.uk, 1
+cheltenhampa.gov, 1
+cheltik.ru, 1
+chelyaba.tk, 1
+chema.ga, 1
+chemapool.bg, 1
+chemaxon.com, 1
+chemgenes.com, 1
+chemical-shark.de, 1
+chemicalcrux.org, 1
+chemicalguys-ruhrpott.de, 1
+chemicalpharm.com, 1
+chemicalromance.tk, 1
+chemie-schule.de, 0
+cheminsderando.fr, 0
+chemiphys.com, 0
+chemistry-schools.com, 1
+chemolak.pl, 1
+chenangocountyny.gov, 1
+chenapartment.com, 1
+chenbo.tk, 1
+chendhurcollections.com, 1
+chenequawi.gov, 1
+cheneypartners.com, 1
+cheng.pet, 1
+chengfayun.com, 1
+chenghao360.top, 1
+chengl.com, 1
+chengmach.com, 1
+chengren.cf, 1
+chengren.ml, 1
+chengta-money.com.tw, 1
+chengxindong.com, 1
+chengyutrading.com, 1
+chenky.com, 1
+chenna.me, 1
+chennai.nic.in, 1
+chennaimetrorail.org, 1
+chennaiskills.cf, 1
+chennien.com, 1
+chennuo.xyz, 1
+chenpei.org, 1
+chenqiang.com, 1
+chentianyi.cn, 1
+chenui.design, 1
+chenx221.cyou, 0
+chenx221.ml, 1
+chenx221.xyz, 1
+chenx2210.xyz, 1
+chenyin.work, 1
+chenzhi.idv.hk, 1
+chenzhipeng.com.cn, 1
+cheque-transitionactive.fr, 1
+chequeo.de, 1
+chequeraccounting.com.au, 1
+cheratocono.tk, 1
+cherbourg.website, 1
+cherevoiture.com, 0
+cherhenri.com, 1
+cherie-belle.com, 1
+cherienoir.net, 1
+cheriny.com, 1
+cherkasskiy.ml, 1
+cherkassy.ml, 1
+cherkes.tk, 1
+cherkess.tk, 1
+chernikova.tk, 1
+chernogoriya.tk, 1
+chernyak.id.au, 1
+cherokee.net.br, 1
+cherokeecountyga.gov, 1
+cherrett.digital, 0
+cherry-green.ch, 1
+cherry-handmade.ml, 1
+cherryband.space, 1
+cherrybread.net, 1
+cherrycountyne.gov, 1
+cherrycredits.com, 1
+cherrycreeknorth.com, 1
+cherryjimbo.sucks, 1
+cherryonit.com, 0
+cherryq.com.my, 1
+cherubicsoft.com, 1
+cheryls.com, 1
+cheryltweedy.tk, 1
+cherysunzhang.com, 1
+chesapeakecluttercontrol.com, 1
+chesapeakeopticallab.com, 1
+chesapeakewv.gov, 1
+chescommessa.it, 1
+cheshirex.com, 0
+chess.katowice.pl, 1
+chesslovin.com, 1
+chessmatesny.com, 1
+chesspoint.ch, 1
+chessresult.ru, 1
+chesstempo.com, 1
+chesstouring.com, 1
+chessustron.pl, 1
+chessveterinary.co.uk, 1
+chesswiki.org, 1
+chesterbennington.tk, 1
+chestercountypediatrics.com, 1
+chestercountysc.gov, 1
+chesterfieldmayfair.com, 1
+chesterultimatefrisbee.tk, 1
+chestnut.cf, 1
+chetin-orlov.ga, 1
+cheto.io, 1
+chetori.tk, 1
+chetu.com, 1
+chetwood.se, 1
+cheviron.org, 1
+chevius.tk, 1
+chevroletitalia.com, 1
+chevychaseviewmd.gov, 1
+chewey.de, 1
+chewey.org, 1
+chewinggumremovalchicago.com, 1
+cheyannism.tk, 1
+chez-gaillard.fr, 1
+chez-janine.de, 1
+chez-merlin.com, 1
+chez-oim.org, 1
+chezbernard.tk, 1
+cheztitine.tk, 1
+chfr.search.yahoo.com, 0
+chg.codes, 1
+chhlayban.tk, 1
+chhory.com, 1
+chhy.at, 1
+chialab.eu, 1
+chialab.info, 1
+chialab.io, 1
+chialab.it, 1
+chialab.net, 1
+chialab.srl, 1
+chiamami.online, 1
+chiamatehot.com, 1
+chiangdao.com, 1
+chiangli.ml, 1
+chiangmaimontessori.com, 1
+chianti2002.jp, 1
+chiapasfutbol.com, 1
+chiara.net.au, 1
+chiaraiuola.com, 0
+chiasang.tk, 1
+chiaseek.com, 1
+chiavistello.it, 1
+chiboard.co, 1
+chiboost.net, 1
+chibr.eu, 1
+chic-leather.com, 1
+chicago-mold.com, 1
+chicagobasementblog.com, 1
+chicagobreastaugdrs.com, 1
+chicagoconcretecleaning.com, 1
+chicagoemergencyclosings.com, 1
+chicagoillinois.gq, 1
+chicagopowercleaning.com, 1
+chicagopowerwashing.net, 1
+chicagopowerwashingservices.com, 1
+chicagopressurewashing.net, 1
+chicagopressurewashingservices.com, 1
+chicagoprivatejets.com, 1
+chicagostudentactivists.org, 1
+chicaman.tk, 1
+chicas.tk, 1
+chicasgo.ga, 1
+chicasloca.com, 1
+chichi-cats.com, 1
+chichijane.com, 1
+chichoverboard.online, 1
+chicinttim.gq, 1
+chicjrajeevalochana.com, 1
+chick-goo-ewe-farm.com, 1
+chickencentral.tk, 1
+chickencoop.ml, 1
+chickenfarms.tk, 1
+chickenpeanut.com, 1
+chickensaladchick.com, 1
+chicki.tk, 1
+chickteam.tk, 1
+chicofc.tk, 1
+chicorec.gov, 1
+chicospanico.tk, 1
+chicurrichi.com, 1
+chief.tools, 1
+chieffamilyofficer.info, 1
+chiefworks.com, 1
+chielonline.tk, 1
+chiemgauflirt.de, 1
+chienluoc.tk, 1
+chiesanuova.nl, 1
+chietitoday.it, 1
+chifeng.com.tw, 1
+chiffrer.info, 1
+chifumi.net, 1
+chihuahuaalinstante.com, 1
+chijb.cc, 1
+chikahaku1001vr.jp, 1
+chikan-beacon.net, 1
+chikenweb.jp, 1
+chiki.tk, 1
+chikory.com, 1
+chilapaweb.tk, 1
+chilbert.co, 1
+child-theater-bs.co.il, 1
+childcare.gov, 1
+childcarealgoma.ca, 1
+childcaremanagementcompany.ga, 1
+childcaresolutionscny.org, 1
+childchaos.cf, 1
+childchaos.ga, 1
+childchaos.ml, 1
+childchaos.tk, 1
+childcounseling.org, 1
+childish.wtf, 1
+childno.de, 1
+children-toys.tk, 1
+children1st.jp, 1
+childrenandmedia.org.au, 1
+childrenfirstalways.org, 1
+childreninadversity.gov, 1
+childrenoftheshadow.org, 1
+childrens-museum.org, 1
+childrens-room.com, 1
+childrensdentalranch.com, 1
+childrensentertainmentleicester.co.uk, 1
+childrensfurniture.co.uk, 1
+childrensheartfoundation.org, 1
+childrensmentalhealthcampaign.org, 1
+childrensrecipes.tk, 1
+childstats.gov, 1
+childswear.tk, 1
+childtaxcredit.gov, 1
+childwelfare.gov, 1
+chile.tk, 1
+chileprevencion.cl, 1
+chiletrenes.tk, 1
+chilhowieva.gov, 1
+chili.ml, 1
+chilian.de, 1
+chilihosting.eu, 1
+chilikin.pro, 1
+chilimathwords.com, 1
+chilio.net, 1
+chilipy.ga, 1
+chilis.com, 1
+chill-house.ga, 1
+chill.bet, 1
+chillcicada.com, 1
+chillebever.nl, 1
+chillhop.com, 1
+chillipadi.tk, 1
+chilliwackchurchofgod.com, 1
+chillpay.co, 1
+chillplanet.nl, 1
+chillybin.co, 1
+chillybin.com.sg, 1
+chiloesinpuente.tk, 1
+chiltanfm88.tk, 1
+chilternfarming.com, 1
+chiltonwi.gov, 1
+chimaeraconsulting.eu, 1
+chimaira.tk, 1
+chimcanhcut.tk, 1
+chime.com, 1
+chimebank.com, 1
+chimera.sh, 1
+chimeratool.com, 1
+chimerity.com, 1
+chimm.cc, 1
+chimpanzee.cf, 1
+chimpanzee.net, 1
+chimpmatic.com, 1
+china-midas.net, 1
+china-online-news.tk, 1
+chinabank.ph, 1
+chinabelt.com, 1
+chinablows.com, 1
+chinacdn.org, 1
+chinacheers.com, 1
+chinadream404.com, 1
+chinafree.online, 1
+chinafree.site, 1
+chinaglobalsecurities.cn, 1
+chinahealthcareblog.cf, 1
+chinahitech.com, 1
+chinaicpower.org, 0
+chinaindexfund.cn, 1
+chinajingkun.com, 1
+chinalosers.com, 1
+chinamallonlin.com, 1
+chinamediaproject.org, 1
+chinaoptionsfund.cn, 1
+chinaoptionsfund.com, 1
+chinasearch.tk, 1
+chinastory.tk, 1
+chinasucksass.com, 1
+chinati.org, 1
+chinavegan.com, 1
+chinawatchinstitute.org, 1
+chinawhale.com, 1
+chinchillas.tk, 1
+chinees.restaurant, 1
+chinefrancophonie.fr, 1
+chinen-hs41.com, 1
+chinese-fuhui.com, 1
+chinese-fxcm.com, 1
+chinese.sc, 1
+chinesebrides.ml, 1
+chinesedishes.tk, 1
+chinesepen.org, 1
+chinesephones.tk, 1
+chineseplease.moe, 1
+chinfolk.tk, 1
+ching.tv, 1
+chiniiki.com, 1
+chinohills.gov, 1
+chinookmt.gov, 1
+chinookwebdesign.ca, 1
+chinovalleyaz.gov, 1
+chinplugins.com, 1
+chinplugins.net, 1
+chinplugins.xyz, 1
+chintaparthi.tk, 1
+chintaparthihome.tk, 1
+chinwag.im, 1
+chip.icu, 1
+chipdig.com, 1
+chipollinko.com.ua, 1
+chippewa.com, 1
+chippewacountywi.gov, 1
+chippy.ch, 0
+chips-scheduler.de, 1
+chips.gov, 1
+chipset.no, 1
+chipsfuck.fish, 1
+chiquian.tk, 1
+chirality.de, 1
+chiralsoftware.com, 1
+chireiden.me, 1
+chiriri.top, 1
+chirkunov.tk, 1
+chiro-doctor.com, 1
+chiro-merksplas.tk, 1
+chiro.org, 1
+chiroharbalorifa.tk, 1
+chiroherne.tk, 1
+chirointellect.com, 0
+chirojap.tk, 1
+chirolokalenfonteintjekoersel.be, 1
+chiromeisjes-boxberg.tk, 1
+chiron.care, 0
+chiropractic.gr, 1
+chiropracticwpb.com, 0
+chiropractorlongmontgpa.com, 1
+chiropraktik-riemann.de, 1
+chiropraktik-wildner.de, 0
+chirotestelt.tk, 1
+chirototem.tk, 1
+chirowij.tk, 1
+chirpset.com, 1
+chiru.no, 1
+chirurgoplastico.roma.it, 1
+chisagocountymn.gov, 1
+chiselgems.com, 1
+chispita.tk, 1
+chistesdesebas.tk, 1
+chistim.info, 1
+chit.search.yahoo.com, 0
+chita.cf, 1
+chita.tk, 1
+chitaem.tk, 1
+chitashop.ml, 1
+chitchok.com, 1
+chitinfo.tk, 1
+chitlar.ml, 1
+chitraltune.tk, 1
+chittagongtextile.tk, 1
+chiucainlaw.co.nz, 1
+chiusa-klausen.com, 1
+chiva-ariege.fr, 1
+chizouworld.tk, 1
+chizra.com, 1
+chk-ccs.com, 1
+chklocal.com, 1
+chkmkt.com, 1
+chkserv.com, 0
+chksite.com, 1
+chl.la, 1
+chliine.ch, 1
+chlo-products.biz, 1
+chlo-products.net, 1
+chloehorler.com, 1
+chloes.gr, 1
+chloescastles.co.uk, 1
+chloeting.com, 1
+chlopes.com, 1
+chlorca.es, 1
+chlth.com, 1
+chmfin.com, 1
+chmielarz.it, 1
+chmsoft.com.ua, 1
+chmsoft.ru, 1
+chmurakotori.ml, 1
+chndrb.in, 1
+chnj.gov, 1
+chnlib.com, 1
+chobble.com, 1
+chobitool.com, 1
+choccychox.com, 1
+chochos.tk, 1
+choco-championship.jp, 1
+choco.run, 1
+chocoband.cf, 1
+chocodecor.com.br, 1
+chocolah.com.au, 0
+chocolat-lp2.com, 1
+chocolat-suisse.ch, 0
+chocolat.work, 1
+chocolate-express.co.uk, 1
+chocolate.wiki, 1
+chocolatesandhealth.com, 1
+chocolateslim.gq, 1
+chocolatesonline.com, 1
+chocolatier-tristan.ch, 0
+chocolatier.co.uk, 0
+chocolatos.tk, 1
+chocolay.gov, 1
+chocolytech.info, 1
+chocope-peru.tk, 1
+chocudan.tk, 1
+chodaczek.pl, 1
+choe.fi, 1
+choesfirm.tk, 1
+chofan.tk, 1
+choice-design.com.tw, 1
+choiceautoloan.com, 1
+choiceuniontown.org, 1
+choirofbeirut.cf, 1
+choisirmoneau.blog, 1
+chokladfantasi.net, 1
+cholleria.es, 1
+chollima.pro, 1
+chollospain.cf, 1
+choloforo.tk, 1
+chonghe.org, 1
+chonglang.cfd, 1
+chongming.tk, 1
+chongthamsika.tk, 1
+chongwukong.com, 1
+choochooworld.com, 0
+choootto.net, 1
+choosealicense.com, 1
+choosemypc.net, 1
+chooserealleather.cn, 1
+choosetech.com.br, 1
+choosevalley.co.uk, 1
+chooseyourdesinty.tk, 1
+chopnotch.com, 1
+chopper-parts.ru, 1
+chopperdesign.com, 1
+chopperforums.com, 1
+chopradionet.tk, 1
+chordify.net, 1
+chordmag.com, 1
+chordpage.com, 1
+choreographytogo.com, 1
+chorkley.co.uk, 1
+chorkley.com, 1
+chorkley.me, 1
+chorkley.uk, 1
+chorleycaninesolutions.co.uk, 1
+chornobyl.tk, 1
+chorpinkpoemps.de, 1
+choruru.jp, 1
+choruscall.com, 1
+chorverband-region-kocher.de, 1
+chosenofstarclan.com, 1
+chosenos.tk, 1
+chosenplaintext.org, 1
+choservices.com, 1
+chosting.dk, 1
+chou-chinois.com, 1
+chouchouweb.com, 1
+chovancova.sk, 1
+chowchowugo.com, 1
+chowtime.chat, 1
+choylifut.tk, 1
+choyri.com, 1
+chpa.org, 1
+chpwmedicare.org, 1
+chr0me.sh, 1
+chrawrizard.org, 1
+chrestos.de, 1
+chrg-server.de, 1
+chris-edwards.net, 1
+chris-siedler.at, 1
+chris.land, 1
+chrisahrweileryoga.com, 1
+chrisaitch.com, 1
+chrisandian.com, 1
+chrisb.me, 0
+chrisb.xyz, 0
+chrisbrockdiving.com, 1
+chrisbrowntherapies.co.uk, 1
+chrisbryant.me.uk, 1
+chrisburnell.com, 1
+chriscarey.com, 1
+chriscelkins.com, 1
+chriscutts.uk, 1
+chrisdasie.com, 1
+chrisdecairos.ca, 1
+chriseldon.com, 1
+chrisfinazzo.com, 0
+chrisgieger.com, 1
+chrisirwin.ca, 1
+chrisjean.com, 1
+chriskthomas.com, 1
+chrislane.com, 1
+chrislauderback.com, 1
+chrislauderback.net, 1
+chrislauderback.org, 1
+chrisliebaer.de, 1
+chrisluen.com, 1
+chrismax89.com, 1
+chrismcclendon.com, 1
+chrismckee.co.uk, 1
+chrismiller.xyz, 1
+chrismorgan.info, 1
+chrismurray.co.uk, 1
+chrismurrayfilm.com, 1
+chrisnekarda.com, 1
+chrisogedengbe.org, 1
+chrispaul.ml, 1
+chrispontius.tk, 1
+chrisrude.com, 1
+chrisshort.me, 1
+chrisshort.net, 1
+chrisspencercreative.com, 1
+chrisspencermusic.com, 1
+chrissx.de, 1
+chrissx.eu, 1
+chrissx.ga, 1
+chrissytechaira.tk, 1
+christ.cm, 1
+christadelphians.eu, 1
+christcostum.tk, 1
+christec.net, 1
+christengroei.tk, 1
+christensenplace.us, 1
+christerwaren.com, 1
+christerwaren.fi, 1
+christiaanconover.com, 1
+christian-folini.ch, 1
+christian-gredig.de, 1
+christian-host.com, 1
+christian-laubender.de, 1
+christian-liebel.com, 1
+christian-oette.de, 1
+christian-stadelmann.de, 1
+christianadventurecamps.org, 1
+christianaknudsen.com, 1
+christianbecker.name, 1
+christianblog.ml, 1
+christianbro.gq, 1
+christianbsl.com, 1
+christianchat.ml, 1
+christiancleva.com, 1
+christiancoleman.info, 1
+christianconcepts.cf, 1
+christianconcepts.ga, 1
+christianconcepts.gq, 1
+christiancountyil.gov, 1
+christiandiorsneakers.shop, 1
+christiandiscourse.net, 1
+christiangaro.com, 1
+christiangaro.email, 1
+christiangaro.info, 1
+christiangaro.me, 1
+christiangaro.us, 1
+christiangehring.org, 1
+christianhaugen.tk, 1
+christianhendrickson.com, 1
+christianhoffmann.info, 0
+christianimweb.tk, 1
+christianitas.ga, 1
+christianitas.gq, 1
+christianitas.tk, 1
+christianjens.com, 1
+christianleedunn.tk, 1
+christianliebel.com, 1
+christianlis.org.uk, 1
+christianlis.uk, 1
+christianmoore.me, 1
+christianmorales.tk, 1
+christianoliff.com, 1
+christianotero.co, 1
+christianplumbingservices.com, 1
+christianr.me, 1
+christianrasch.de, 1
+christianreimold.de, 1
+christiansayswords.com, 1
+christiansburgva.gov, 1
+christiansciencevancouverwa.org, 1
+christiansrit.tk, 1
+christianwenz.de, 1
+christianwitts.tech, 1
+christiehawkes.com, 1
+christinabjoern-nilsson.dk, 1
+christinacrawford.cf, 1
+christinacrawford.ga, 1
+christinacrawford.gq, 1
+christinacrawford.ml, 1
+christinarosenvinge.tk, 1
+christinasattler.com, 1
+christine-kraemer.de, 0
+christineandcie.fr, 1
+christineblachford.com, 1
+christinecloma.com, 1
+christineglaeser.de, 1
+christinehameline.com, 1
+christineprayon.de, 1
+christmasinelmhurst.org, 1
+christmasloansvet.com, 1
+christmaspages.tk, 1
+christmaspartyhire.co.uk, 1
+christmasrecipe.tk, 1
+christo.ga, 1
+christoph.media, 1
+christophbartschat.com, 1
+christophe-dubois.tk, 1
+christophebarbezat.ch, 1
+christophedavid.tk, 1
+christopheduverger.fr, 1
+christopher-simon.de, 0
+christopher-wright.com, 1
+christopher-zentgraf.de, 1
+christopher.sh, 0
+christopherbillo.com, 1
+christopherburg.com, 1
+christophercolumbusfoundation.gov, 1
+christopherd.me, 1
+christophergowerjohnson.com, 1
+christopherjferguson.com, 1
+christopherkardas.me, 1
+christopherkennelly.com, 1
+christopherpritchard.co.uk, 1
+christopherterryweddings.co.uk, 1
+christophertruncer.com, 1
+christopherzoukis.com, 1
+christophfink.com, 1
+christophheich.me, 1
+christophkranebitter.at, 1
+christophkreileder.com, 1
+christophsackl.de, 1
+christreformedchurchdfw.org, 1
+christthegoodshepherd.org, 1
+christthekingparish.net, 1
+christtheredeemer.us, 1
+christtheshepherdvineland.org, 1
+christwaycounseling.com, 1
+christysstampingspot.com, 1
+chrisupjohn.xyz, 1
+chrisvannooten.tk, 1
+chriswald.com, 1
+chriswarbo.tk, 1
+chriswarrick.com, 1
+chriswbarry.com, 0
+chriswells.io, 1
+chriswiggin.cf, 1
+chriswiggin.ga, 1
+chriswiggin.gq, 1
+chriswiggin.ml, 1
+chriswilding.co.uk, 1
+chriswservers.com, 1
+chrisx.xyz, 1
+chriszarb.tk, 1
+chrixonline.tk, 1
+chromaitaly.com, 1
+chromaphile.tk, 1
+chromarea.fr, 1
+chromaryu.net, 0
+chromcraft-revington.com, 1
+chrome, 1
+chrome-devtools-frontend.appspot.com, 1
+chrome-stats.com, 1
+chrome.com, 1
+chrome.google.com, 1
+chrome.pt, 1
+chromebookchart.com, 1
+chromebookcompare.com, 1
+chromebooksforwork.com, 1
+chromereporting-pa.googleapis.com, 1
+chromestatus.com, 1
+chromiumbugs.appspot.com, 1
+chromiumcodereview.appspot.com, 1
+chromopho.be, 1
+chronic101.xyz, 1
+chronicals.de, 1
+chronicbuilt.com, 1
+chronicled.tk, 1
+chronicles.tk, 1
+chronik-kramsach.at, 1
+chronoc.de, 1
+chronocarpe.com, 1
+chronocolis.ml, 1
+chronodelivery.com, 1
+chronology.no, 1
+chronoshop.cz, 1
+chronotech.fr, 1
+chrony.tk, 1
+chroot.co.uk, 1
+chrpaul.de, 0
+chrsmtc.com, 1
+chrstn.eu, 1
+chrstngr.cm, 1
+chrt-tcdp.gc.ca, 1
+chrudim-city.cz, 1
+chrxw.com, 1
+chrysanthos.net, 1
+chryslerbuilding.tk, 1
+chrystajewelry.com, 1
+chrystofer.com, 0
+chrystus.pl, 1
+chsamuel.net, 1
+chsh.moe, 0
+chshealthcare.co.uk, 1
+chshouyu.com, 1
+chsmedical.com, 1
+chsterz.de, 1
+chstrategies.com.au, 1
+chsvotes.gov, 1
+chtj.uk, 1
+chtodelat.ga, 1
+chtsi.uk, 1
+chtyvo.tk, 1
+chuangyi.com, 1
+chubbygirlpics.com, 1
+chubr.cf, 1
+chubuhokenservice.com, 1
+chuckame.fr, 1
+chuckecheese.com, 1
+chuckmckinnon.com, 1
+chuckval.tk, 1
+chudnov.tk, 1
+chuhe.xyz, 1
+chukardin.tk, 1
+chukcha.ru, 1
+chukotka.ml, 1
+chukou.cf, 1
+chukou.ga, 1
+chukou.gq, 1
+chukou.ml, 1
+chukou.tk, 1
+chukwunyere-chambers.org, 1
+chulinkuei.org.tw, 1
+chun.pro, 1
+chunabhatti.tk, 1
+chundelac.com, 1
+chunga.tk, 1
+chungachyan.ga, 1
+chunghwamc.com, 1
+chungnguyenblog.tk, 1
+chungsir.com.pa, 1
+chunk.science, 1
+chunkeat.cyou, 1
+chunkeat.me, 1
+chunkeat.ml, 1
+chuongle.com, 1
+chupacabra-drift.pl, 1
+chupadelfrasco.com, 1
+chupanhcotrang.com, 1
+chuppa.com.au, 1
+chur-arosa-bahn.de, 1
+chur-arosa-bahn.nl, 1
+churakov.tk, 1
+church360.co.ke, 1
+churchaid.ml, 1
+churchforeveryone.info, 1
+churchforum.tk, 1
+churchhouse.io, 1
+churchill.co.za, 1
+churchillcountynv.gov, 1
+churchlinkpro.com, 1
+churchlw.tk, 1
+churchm.ag, 1
+churchofchrist.tk, 1
+churchofcyprus.org.cy, 1
+churchofsaintbenedict.com, 1
+churchofsmyrna.com, 1
+churchofsmyrna.org, 1
+churchplaza.com, 1
+churchssja.org, 1
+churchsuite.com, 1
+churchthemes.com, 1
+churchwebcanada.ca, 1
+churchwebsupport.com, 1
+churnfree.com, 1
+chuskocity.tk, 1
+chuspace.com, 1
+chutingstar.com, 1
+chutisant.tk, 1
+chutoriaru.com, 1
+chuvash-republic.tk, 1
+chuvash.tk, 1
+chuvashia.tk, 1
+chuvashiya.tk, 1
+chuyentien247.com.vn, 1
+chwempower.com, 1
+chwilrank.pl, 1
+chytraauta.cz, 1
+chziq.com, 1
+ci-fo.org, 1
+ci-suite.com, 1
+ci.com.br, 1
+ci5.me, 1
+cia-gaming.de, 1
+cia-landlords.co.uk, 1
+ciaagentedu.org, 1
+ciagutek.pl, 1
+ciahalim.tk, 1
+ciai.cf, 1
+ciai.ga, 1
+ciai.gq, 1
+ciai.ml, 1
+ciai.tk, 1
+cialde.it, 1
+cialis-trial.gq, 1
+cialisfreetrial.ga, 1
+cialismarketim.net, 1
+cialismarketing.net, 1
+cialisonlinee.com, 0
+cialisusapills.com, 1
+cialisvtr.com, 1
+cialisworld.net, 1
+cialisworld.org, 1
+ciallo.work, 1
+cianmawhinney.me, 1
+cianmawhinney.xyz, 1
+ciao.ro, 1
+ciaracode.com, 1
+ciaran.tk, 1
+ciasademunt.com, 0
+ciat.no, 0
+cibcclearygull.com, 1
+cibdol.com, 1
+cibdol.nl, 1
+cibercat.tk, 1
+cibercheck.com, 1
+cibernicola.es, 1
+cica.es, 1
+cicavkleci.cz, 1
+ciceksohbet.com, 1
+ciceron.cloud, 1
+cicerony.gov, 1
+ciceronypd.gov, 1
+cicery.com, 1
+cichol.com, 1
+ciclimattio.com, 1
+ciclista.roma.it, 1
+ciclodekrebs.com, 1
+ciclodelcarbono.com, 1
+ciclohidrologico.com, 1
+cidbot.com, 1
+cidcca.com, 1
+cidersus.com.ec, 1
+cidgomes.com.br, 1
+cidikit.tk, 1
+cidones.tk, 1
+cie-theatre-montfaucon.ch, 0
+ciekwestronki.cf, 1
+ciekwestronki.ga, 1
+ciekwestronki.gq, 1
+ciekwestronki.ml, 1
+ciel.coffee, 1
+ciel.luxe, 1
+ciel.si, 1
+cielo-thefilm.com, 1
+cienciasempresariais.pt, 1
+cienegaspa.com, 1
+cierreperimetral.com, 1
+cifop-numerique.fr, 1
+ciftkabincikmaparca.com.tr, 1
+ciftkabinyedekparca.com.tr, 1
+ciftlikesintisi.com, 1
+cigar-cartel.com, 1
+cigarafterten.com, 1
+cigarette-electronique.tk, 1
+cigarettes-electronik.fr, 1
+cigarterminal.com, 0
+cigdelivery.com, 1
+cign.nl, 1
+cigniti.com, 1
+cignium.com, 1
+cigotracker.com, 1
+cigrowthhack.com, 0
+cihanmedya.ga, 1
+cihar.com, 1
+cihr-irsc.gc.ca, 1
+cihucm.com, 1
+ciicutini.ro, 1
+ciktikyola.com, 1
+cilacapnews.ml, 1
+cile.cf, 1
+cile.tk, 1
+cilipa.com, 1
+cilkamail.cloud, 1
+cilkanet.cloud, 1
+cilloc.be, 1
+cilt.tk, 1
+ciltskillnet.ie, 0
+cim.se, 1
+cima-alfa.com, 1
+cima-idf.fr, 1
+cimaroom.com, 1
+cimbalino.org, 1
+cimballa.com, 1
+cimfax.com, 1
+cimtools.net, 1
+cin.net.au, 1
+cinafilm.com, 1
+cinay.pw, 1
+cinccapital.com, 1
+cincinnati.gov, 1
+cincinnaticasinonight.com, 1
+cincosf.com, 1
+cincy.gov, 1
+cincydeckandpatio.com, 1
+cindey.io, 1
+cine-music.de, 1
+cine-passion16.fr, 1
+cine.to, 1
+cinecat.de, 1
+cinedarkwolf.tk, 1
+cinefilia.tk, 1
+cineforge.com, 1
+cinefun.net, 1
+cinegore.tk, 1
+cinejoia.tv, 1
+cinelandia.tk, 1
+cinema-rulem.tk, 1
+cinemaclub.co, 1
+cinemadoma.tk, 1
+cinemafrix.cf, 1
+cinemaperto.tk, 1
+cinemarxism.com, 1
+cinemaschool.by, 1
+cinemasetfree.com, 1
+cinematherapy.org, 1
+cinematic.asia, 1
+cinematriz.cl, 1
+cinemaz.to, 1
+cinemaza.tk, 1
+cinemotion.by, 1
+cinemysticism.com, 1
+cinenote.link, 1
+cineping.com, 1
+cineplex.my, 1
+cinet.jp, 1
+cineterror.tk, 1
+cineworld.co.in, 1
+cinexilio.tk, 1
+cinfin.com, 0
+cinicloud.com, 1
+cinicostudio.com, 1
+cinicsystems.tk, 1
+cinikestetik.com, 1
+ciniticket.com, 1
+ciniticket.in, 1
+cink.hu, 1
+cinkciarz.pl, 1
+cinn.ml, 1
+cinnagar.tk, 1
+cinnamon.bot, 1
+cinnamon.gq, 1
+cinnamonsnail.com, 1
+cinnamonspiceandeverythingnice.com, 1
+cinq-elements.com, 0
+cinq-elements.net, 1
+cinquecentoclubholland.tk, 1
+cinqueportsvets.co.uk, 1
+cins.rs, 1
+cinsels.com, 1
+cint.com, 1
+cintactimber.com, 1
+cintamanilingerie.co.uk, 1
+cintapersonalizada.es, 1
+cintaraso.es, 1
+cinteo.com, 1
+cinthia.tk, 1
+cio-spirit.de, 1
+cio.gov, 1
+cionir.fr, 1
+cioscloud.com, 1
+cioudways.pro, 1
+cioxhealth.com, 1
+cip.md, 1
+cipa.com.co, 0
+cipartyhire.co.uk, 1
+cipf.ca, 0
+ciph.zone, 1
+cipher.team, 1
+cipherboy.com, 1
+cipherli.st, 0
+ciphermail.com, 1
+ciphersuite.info, 1
+ciphertech.com.tw, 1
+ciplerli.st, 1
+cippus.tk, 1
+cipri.com, 1
+cipri.net, 1
+cipri.nl, 1
+cipri.org, 1
+cipria.no, 1
+ciproantibiotic.gq, 1
+ciprofloxacin.cf, 1
+ciprofloxacin.ga, 1
+ciprogeneric.gq, 1
+cipy.com, 1
+cir.is, 1
+cira.email, 1
+cirasul.com, 1
+cirasync.com, 1
+circady.com, 1
+circara.com, 1
+circle-people.com, 1
+circlebox.rocks, 1
+circleci.com, 1
+circlelytics.com, 1
+circleofhealthlongmont.com, 1
+circlepluscircle.me, 1
+circlevilleoh.gov, 1
+circolopizza.es, 1
+circu.ml, 0
+circues.com, 1
+circuit.co.uk, 1
+circuitcityelectricaladelaide.com.au, 1
+circuitclerkmarioncountyms.gov, 1
+circular.fashion, 1
+circularity.id, 1
+circulosocial77.com, 1
+circumstances.ir, 1
+circus-maximus.de, 1
+circusdays.tk, 1
+circuses.tk, 1
+cirdcil.gov, 1
+cirfi.com, 1
+cirocunato.tk, 1
+cirriton.de, 1
+cirro.io, 1
+cirroenergy.com, 1
+cirruslab.ch, 0
+cirruslabs.ch, 0
+cirugiaplasticahn.com, 1
+cirurgicagervasio.com.br, 1
+cirurgicalucena.com.br, 1
+cirurgicasaopaulo.com.br, 1
+cirurgicavirtual.com.br, 1
+cisa.gov, 1
+cisabroad.com, 0
+cisco-training.net, 1
+ciscoasanetflow.com, 1
+ciscobrewers.com, 1
+ciscocyberthreatdefense.com, 1
+ciscodude.net, 0
+ciscom.tk, 1
+cisconetflowleader.com, 1
+cisconetflowpartners.com, 1
+cisconetflowreporting.com, 1
+cisconetflowsupport.com, 1
+cisi.org, 1
+cisin.com, 1
+cisincometax.ca, 1
+cisindia.tk, 1
+ciso.social, 1
+cisoaid.com, 1
+cisofy.com, 1
+cisopoland.org, 1
+cisowianki.tk, 1
+cisprague.org, 1
+ciss.ltd, 1
+cissofitness.com, 1
+cistenikoberculiberec.net, 1
+cistit.tk, 1
+cistoaracnoide.org, 1
+cisum-cycling.com, 1
+cisylik.gq, 1
+citacatastro.es, 1
+citace.com, 1
+citacepro.com, 1
+citadelpark.be, 1
+citadni.online, 1
+citae.ga, 1
+citafogasa.es, 1
+citafun.tk, 1
+citakon.cz, 1
+citalopram-20-mg.ml, 1
+citalopram20.ga, 1
+citalopramgeneric.ga, 1
+citalopramhbr.ga, 1
+citans.tk, 1
+citap.gov, 1
+citaprevia-medico.es, 1
+citas-adultas.com, 1
+citationgurus.com, 1
+citations.tk, 1
+citazioni.tk, 1
+citfin.cz, 1
+citharas.org, 1
+citidirect.com, 1
+cities.cl, 1
+citiledger.ga, 1
+citimarinestore.com, 0
+citiswich.com.au, 1
+citius.gal, 1
+citizen428.net, 1
+citizenewatch.tk, 1
+citizenkevin.com, 0
+citizenpatriotresponse.org, 1
+citizens.pt, 1
+citizensbank.net, 1
+citizensbankal.com, 1
+citizenscience.gov, 1
+citizensgbr.org, 1
+citizenside.fr, 1
+citizenslasvegas.com, 1
+citizensleague.org, 1
+citizentruth.org, 1
+citizing.org, 1
+citos.ga, 1
+citoyen.eu, 1
+citroner.blog, 1
+citrusbocc.gov, 1
+citruscounty.gov, 1
+citruspi.com, 1
+citruspi.io, 1
+citsc.de, 1
+citti.de, 1
+cittinfo.com, 1
+citto.ru, 1
+city-adm.lviv.ua, 1
+city-glas.com, 1
+city-home.tk, 1
+city-nn.com, 1
+city-online.tk, 1
+city-spin.site, 1
+city-walks.info, 1
+city.kharkov.ua, 1
+cityapparels.com, 1
+citybusexpress.com, 0
+citycalculator.ml, 1
+citycardgand.com, 1
+citycardgante.com, 1
+citycardgent.be, 1
+citycardgent.com, 1
+citycardghent.com, 1
+citycarremovals.com.au, 1
+citycell.ml, 1
+cityconsultants.tk, 1
+citycreek.studio, 1
+citycricket.tk, 1
+cityfacialplastics.com, 1
+cityhide.tk, 1
+cityhotel.tk, 1
+cityjam.tk, 1
+citylift.com.ua, 1
+citylocal.cf, 1
+citymagazine.si, 1
+citymeats.com, 1
+cityofadelga.gov, 1
+cityofallisonia.gov, 1
+cityofaltonil.gov, 1
+cityofamoryms.gov, 1
+cityofarcolatx.gov, 1
+cityofaudubonmn.gov, 1
+cityofbambergsc.gov, 1
+cityofbathmaine.gov, 1
+cityofbayardnm.gov, 1
+cityofbaylakefl.gov, 1
+cityofbayminetteal.gov, 1
+cityofbinghamton.gov, 1
+cityofblairwi.gov, 1
+cityofblancotx.gov, 1
+cityofboydtx.gov, 1
+cityofbridgetonnj.gov, 1
+cityofbristowok.gov, 1
+cityofbrodheadwi.gov, 1
+cityofbrookings-sd.gov, 1
+cityofbrookwoodal.gov, 1
+cityofburnsor.gov, 1
+cityofcarsonca.gov, 1
+cityofcharlottetn.gov, 1
+cityofchinagrovetx.gov, 1
+cityofclare.gov, 1
+cityofclintoniowa.gov, 1
+cityofconroe.gov, 1
+cityofcottonwoodmn.gov, 1
+cityofcrandonwi.gov, 1
+cityofdelafieldwi.gov, 1
+cityofdelcity.gov, 1
+cityofdixonca.gov, 1
+cityofeastpointemi.gov, 1
+cityofeatonrapids.gov, 1
+cityofellisks.gov, 1
+cityofelynv.gov, 1
+cityoferintn.gov, 1
+cityofeuporams.gov, 1
+cityoffergusonky.gov, 1
+cityofflorencesc.gov, 1
+cityofgibraltarmi.gov, 1
+cityofgigharborwa.gov, 1
+cityofgirardoh.gov, 1
+cityofglasgowcollege.ac.uk, 1
+cityofglendora.gov, 1
+cityofgolden.gov, 1
+cityofgrandblancmi.gov, 1
+cityofgrossepointemi.gov, 1
+cityofguttenbergia.gov, 1
+cityofhackensackmn.gov, 1
+cityofherculaneum.gov, 1
+cityofhughsonca.gov, 1
+cityofioneoregon.gov, 1
+cityofirvineca.gov, 1
+cityofithacany.gov, 1
+cityofjuneauwi.gov, 1
+cityofkandiyohimn.gov, 1
+cityofkasaanak.gov, 1
+cityofkewauneewi.gov, 1
+cityoflakebuenavistafl.gov, 1
+cityoflakegeneva.gov, 1
+cityoflancasterca.gov, 1
+cityoflancasterpa.gov, 1
+cityoflfp.gov, 1
+cityoflodiwi.gov, 1
+cityoflompoc.gov, 1
+cityoflorettotn.gov, 1
+cityoflouisvillems.gov, 1
+cityofmadera.gov, 1
+cityofmanchestertn.gov, 1
+cityofmargaretalabama.gov, 1
+cityofmarionia.gov, 1
+cityofmaysvilleky.gov, 1
+cityofmaywoodparkor.gov, 1
+cityofmebanenc.gov, 1
+cityofmerced.gov, 1
+cityofminatarene.gov, 1
+cityofmitchellsd.gov, 1
+cityofmonroewi.gov, 1
+cityofmorgantonga.gov, 1
+cityofmte.gov, 1
+cityofmusic.be, 1
+cityofnewbuffalomi.gov, 1
+cityofnewkirkok.gov, 1
+cityofnewman.gov, 1
+cityofnichollsga.gov, 1
+cityofnovi.gov, 1
+cityofocontowi.gov, 1
+cityofpagedalemo.gov, 1
+cityofpalmdaleca.gov, 1
+cityofpearidgear.gov, 1
+cityofpeople.gent, 1
+cityofperris.gov, 1
+cityofpetersburgwv.gov, 1
+cityofpevelymo.gov, 1
+cityofpinconningmi.gov, 1
+cityofpinebluff-ar.gov, 1
+cityoframseymn.gov, 1
+cityofredding.gov, 1
+cityofrobertsidaho.gov, 1
+cityofroncevertewv.gov, 1
+cityofroyaltonmn.gov, 1
+cityofsacramento.gov, 1
+cityofsalemky.gov, 1
+cityofsanmateoca.gov, 1
+cityofsantamariaca.gov, 1
+cityofsebastopol.gov, 1
+cityofsenatobiams.gov, 1
+cityofsourlake.gov, 1
+cityofspoonerwi.gov, 1
+cityofthorp.gov, 1
+cityoftitans.com, 1
+cityoftulsa.gov, 1
+cityoftybee.gov, 1
+cityofvacaville.gov, 1
+cityofvermilionohio.gov, 1
+cityofwadley-ga.gov, 1
+cityofwakefieldmi.gov, 1
+cityofwashburnwi.gov, 1
+cityofwasilla.gov, 1
+cityofwaterfordca.gov, 1
+cityofwauchula.gov, 1
+cityofwhitneytx.gov, 1
+cityofwinonamo.gov, 1
+cityofwoodland.gov, 1
+cityofwoodward-ok.gov, 1
+cityonfire.com, 1
+citypress.cf, 1
+citypress.ga, 1
+citypress.gq, 1
+citypro.tk, 1
+cityradiusmaps.com, 1
+cityscapeinsurance.com, 1
+cityseeker.com, 1
+citysmile.ro, 1
+cityspin.org, 1
+citysportapp.com, 0
+cityspot.us, 1
+citysquarenews.tk, 1
+citysteambrewery.com, 1
+citytaxiandtours.ga, 1
+citytel.ga, 1
+citytoday.it, 1
+citytourgirls.com, 1
+cityuproject.com, 1
+cityutilities.com, 1
+cityvets.co.uk, 1
+cityview.tk, 1
+cityvision.co.nz, 1
+cityvision.net.nz, 1
+cityvision.nz, 1
+cityvision.org.nz, 1
+citywalkr.com, 1
+citywidealarms.com, 1
+citywisdom.tk, 1
+cityworksonline.com, 1
+ciubotaru.tk, 1
+ciuci.us, 1
+ciuciucadou.ro, 1
+ciudadanosbo.com, 1
+ciudadrealtrabaja.com, 1
+ciulea.ro, 1
+civey.com, 1
+civfund.org, 1
+civic-europe.eu, 1
+civicamente.cl, 1
+civicconnectiongroup.com, 1
+civicforum.pl, 1
+civicphotos.com, 1
+civics.us, 1
+civics.world, 1
+civictech.ngo, 1
+civicunicorn.com, 1
+civicunicorn.us, 1
+civil-works-sri.com, 1
+civilbikes.com, 1
+civilconcretellc.com, 1
+civilengineeringhandbook.tk, 1
+civilhost.tk, 1
+civillines.nl, 1
+civilsociety.su, 1
+civiltoday.com, 1
+civilunfold.com, 1
+civilvirus.tk, 1
+civmob.com, 1
+cizgikod.ga, 1
+cizz.uk, 1
+cj-espace-vert.fr, 1
+cj-jackson.com, 1
+cj26.club, 1
+cj8.de, 1
+cjc.org.es, 1
+cjcanarias.es, 1
+cjdby.net, 1
+cjdpenterprises.com, 1
+cjdpenterprises.com.au, 1
+cjean.fr, 0
+cjenni.ch, 1
+cjey.me, 1
+cjfinance.fr, 1
+cjhzp.net, 1
+cjimmobilier.com, 1
+cjis.gov, 1
+cjr.host, 1
+cjr.is, 1
+cjri.uk, 1
+cjs8866.cc, 1
+cjswoodworking.com, 1
+cjwagner.net, 1
+ck-energy.info, 1
+ck-la.tk, 1
+ck-pms.com, 1
+ck.cx, 1
+ck0.eu, 1
+ck1020.cc, 1
+ck12.org, 1
+ckbc.com.sg, 1
+ckcameron.net, 1
+ckcg.tk, 1
+ckeke.com, 1
+ckenel.com, 1
+ckenell.com, 1
+ckenelley.com, 1
+ckenelly.com, 1
+ckenely.com, 1
+ckennel.com, 1
+ckenneley.com, 1
+ckennell.com, 1
+ckennelley.com, 1
+ckennelly.com, 1
+ckennely.com, 1
+ckgr.me, 1
+cklie.de, 1
+ckliemann.com, 1
+ckliemann.net, 1
+ckna.ca, 1
+ckostecki.de, 1
+ckp.ie, 1
+ckpl.io, 1
+ckpl.us, 1
+ckprofessionalbookkeeping.ca, 1
+ckrobotics.tk, 1
+cktennis.com, 1
+ckyalliancefinland.tk, 1
+cl-1xbet.com, 1
+cl-automotive.com, 1
+cl-cloud.spdns.org, 1
+cl.search.yahoo.com, 0
+cl0ud.hopto.org, 1
+cl0ud.space, 0
+claarycherry.com, 1
+clacetandil.com.ar, 1
+clactonfencingsupplies.co.uk, 1
+clad.cf, 1
+clague.moe, 1
+claibornecountyms.gov, 1
+claibornecountytn.gov, 1
+claim-justice.com, 1
+claimconnect.us, 1
+claimflights.at, 1
+claimflights.co.uk, 0
+claimflights.com, 0
+claimflights.de, 0
+claimflights.it, 0
+claimflights.pl, 0
+claimflights.ro, 0
+claimit.ml, 1
+claimitar.gov, 1
+claimittexas.gov, 1
+claimnote.com, 1
+claimpilot.com, 1
+claimspharmacy.services, 1
+clairebabai.nl, 1
+clairegold.com, 1
+clairelefort-architectes.com, 1
+clairescastles.co.uk, 1
+clairette-de-die-lantheaume.fr, 1
+clairevoyance.tk, 1
+claitec.com, 1
+clak.io, 1
+clalbit-checknet.co.il, 1
+clallamcountywa.gov, 1
+clamatohalloffame.com, 1
+clan-afa.tk, 1
+clan-behh.tk, 1
+clan-destin.tk, 1
+clan-doom.tk, 1
+clan-finaldestination.tk, 1
+clan-hosting.tk, 1
+clan-ogm.tk, 1
+clan-ready4war.tk, 1
+clan-wars.ml, 1
+clan-ww.com, 1
+clan-zone.dk, 1
+clancrazy.tk, 1
+clandarkworld.tk, 1
+clanebouncycastles.com, 1
+claneros.tk, 1
+clankron.tk, 1
+clanlaw.tk, 1
+clanlegends.tk, 1
+clanmacbran.tk, 1
+clanrose.org.uk, 1
+clansty.com, 1
+clantemplates.tk, 1
+clanto.shop, 1
+clantonal.gov, 1
+clanwarz.com, 1
+clanwub.dk, 1
+clapbacks.com, 1
+clapcafe.com, 1
+clapping-rhymes.com, 1
+claptrap.tk, 1
+clara-solis.eu, 1
+clara.de, 1
+claraanalytics.com, 1
+clarachampbell.com, 1
+clarasegura.tk, 1
+clare3dx.com, 1
+claremontyachtclub.org.au, 1
+clarendon.network, 1
+clarendonvt.gov, 1
+claresderibota.tk, 1
+claretandbluearmy.tk, 1
+clarilog.com, 1
+clarinet.ga, 1
+clarinexonline.gq, 1
+clario.co, 1
+clarionpolicepa.gov, 1
+clarisights.com, 0
+clarisonicmiareview.tk, 1
+clariti-health.com, 1
+claritician.com, 1
+claritin.gq, 1
+claritin.ml, 1
+clarity-c2ced.appspot.com, 1
+claritydesignworks.com, 1
+clarityskin.com, 1
+clark.de, 1
+clarkassociatesinc.biz, 1
+clarkcoky.gov, 1
+clarkcommagere.com, 1
+clarkcountyar.gov, 1
+clarkcountynv.gov, 1
+clarkcountywi.gov, 1
+clarkecoenergy.com, 1
+clarkelectricalservices.com.au, 1
+clarkfoodserviceequipment.biz, 1
+clarkhowell.com, 1
+clarkinc.biz, 1
+clarkltl.com, 1
+clarkmerrick.com, 1
+clarknationalaccounts.com, 1
+clarkpro.biz, 1
+clarksburgma.gov, 1
+clarksmeathouse.com, 1
+clarkstatecontract.com, 1
+clarkstown.gov, 1
+clarksvilletn.gov, 1
+clarkturnkey.com, 1
+clarktwpmi.gov, 1
+clarkwinkelmann.com, 1
+clarotvpromocao.com.br, 1
+claroty.com, 1
+clarr.tk, 1
+clasa-mea.tk, 1
+clase3.tk, 1
+clash-movies.de, 1
+clashclans.pl, 1
+clashersrepublic.com, 1
+clashoflights.ga, 1
+class-zone.tk, 1
+class.com.au, 1
+class66.tk, 1
+classbasic.com, 1
+classcreator.io, 1
+classdesignhome.com, 1
+classdojo.com, 1
+classentials.com, 1
+classic-diva.cf, 1
+classic-diva.ga, 1
+classic-diva.ml, 1
+classicalchaos.tk, 1
+classicalpilates.ca, 1
+classicbakes.com, 1
+classiccrew.tk, 1
+classiccrewhaiti.tk, 1
+classiccutstupelo.com, 1
+classicdriver.com, 1
+classicfg.com.au, 1
+classichits.tk, 1
+classichorrormovie.tk, 1
+classichorrornetwork.tk, 1
+classichost.gq, 1
+classicmagazine.ml, 1
+classicnova.com, 1
+classicnovaandperformance.com, 1
+classics.io, 1
+classicstories.tk, 1
+classictheatrecumbria.co.uk, 0
+classificadostodaoferta.tk, 1
+classifiedspoint.tk, 1
+classiques-garnier.com, 1
+classlastsforever.co.nz, 1
+classpoint.cz, 1
+classroom.google.com, 1
+classroomconductor.com, 1
+classsitterers.ga, 1
+classsitterest.ga, 1
+classx.tk, 1
+classyng.com, 1
+claster.it, 1
+clatsopcounty.gov, 1
+claude.me, 1
+claude.photo, 1
+claudeleveille.com, 0
+claudia-halfter.de, 1
+claudia-makeup.com, 1
+claudiahalfter.de, 1
+claudiasnederlandsehangoordwergjes.tk, 1
+claudiney.eti.br, 1
+claudiney.info, 1
+claudiohdz.com, 1
+claumarservice.com, 1
+claunchdesign.com, 1
+claus-bahr.de, 1
+claus-cremer.tk, 1
+clausematch.com, 1
+clauseriksen.net, 0
+clausewitz-gesellschaft.de, 1
+claustrofobia.tk, 1
+clautopieces.fr, 1
+clav1d.com, 1
+clavit4.zone, 1
+clawe.de, 1
+clawedfrogs.tk, 1
+clawington.com, 1
+claycountyne.gov, 1
+clayelections.gov, 1
+claygregory.com, 1
+claypenblanks.com, 1
+clayprints.com, 1
+claytonca.gov, 1
+claytoncapolice.gov, 1
+claytoncondon.com, 1
+claytonjunior.tk, 1
+claytonkendall.com, 1
+claytwpmi.gov, 1
+clb.org.hk, 1
+clbmconsultancy.com, 1
+clco.fr, 1
+clcv-brest.fr, 1
+cldejessey.com, 1
+cldfile.com, 1
+cldinc.com, 1
+cldly.com, 1
+clean-cubes.com, 1
+clean-mailbox.com, 1
+clean-servicee.com, 1
+clean-water-and-sanitation.tk, 1
+cleanclearwater.co.uk, 1
+cleandetroit.org, 1
+cleandrains.com.au, 1
+cleanenergy.gov, 1
+cleanenergywire.org, 1
+cleaner-en.com, 1
+cleaner.tk, 1
+cleanertoday.com, 1
+cleanertool.co.uk, 1
+cleanfacesest.ga, 1
+cleanforce.ca, 1
+cleanhortihigienizados.com.br, 1
+cleaningbyrosie.com, 0
+cleaningcarpet.ga, 1
+cleaningservicejulai.com, 1
+cleaningsolutioncorp.com, 1
+cleaningwarehouse.ie, 1
+cleankey.jp, 0
+cleanmycurtains.ie, 1
+cleanmyfloor.ie, 1
+cleanmymattress.ie, 1
+cleanmyupholstery.ie, 1
+cleanrun.com, 1
+cleansheetsaz.com, 1
+cleanshield99.com, 1
+cleanspeak.com, 1
+cleansweepaa.com, 1
+cleanuri.com, 1
+cleanway.dk, 1
+cleanweb.solutions, 1
+cleanzer.id, 1
+clear-eyes.se, 1
+clearbit.com, 1
+clearbooks.co.uk, 1
+clearbookscdn.uk, 1
+clearbrand.com, 1
+clearbreezesecuritydoors.com.au, 1
+clearchatsandbox.com, 1
+clearcreekcountyco.gov, 1
+clearcreekcountydronepilot.com, 1
+cleared.io, 1
+clearer.cloud, 1
+clearfieldcountypa.gov, 1
+clearfieldpa.gov, 1
+cleargage.com, 1
+cleargoals.com, 1
+cleargrain.com.au, 1
+cleargrowshine.com, 1
+clearhumor.tk, 1
+clearip.com, 1
+clearlakechildrenscenter.com, 1
+clearlawinstitute.com, 1
+clearmatics.com, 1
+clearpay.co.uk, 1
+clearsafetalk.com, 1
+clearsoftcomputacion.com, 1
+clearspringinsurance.com, 1
+clearstep.health, 1
+clearstoneip.com, 1
+cleartheear.co.uk, 1
+clearview-creative.com, 1
+clearviewok.gov, 1
+clearviewwealthprojector.com.au, 1
+clearvoice.com, 1
+clearvoice.org, 0
+clearvoice1.com, 1
+clearvoiceu.com, 0
+clearwateragency.com.au, 1
+clearwaterbidets.com, 1
+clearwatercountyid.gov, 1
+clearwatercountymn.gov, 1
+clearwaterseries.tk, 1
+clearwatersexhealth.com, 1
+cleary.xyz, 1
+cleelandspecialists.com.au, 1
+cleelum.gov, 1
+clegc-gckey.gc.ca, 1
+clemdesign.eu, 1
+clemency.com, 1
+clemens-bartz.de, 1
+clemensbartz.de, 1
+clemenscompanies.com, 1
+clemenshermanns.de, 1
+clement-gruin.fr, 1
+clementavenue.co.uk, 1
+clementfevrier.fr, 1
+clementlodge.co.uk, 1
+clementluck.com, 1
+clementsfamily.co, 1
+clendeninwv.gov, 1
+cleo.com, 1
+cleocinonline.gq, 1
+cleova.com, 1
+cles-asso.fr, 1
+cles.jp, 1
+clevelandheights.gov, 1
+clevelandokla.com, 1
+clever-datenschutz.de, 1
+clever-invest.cf, 1
+clever-invest.ga, 1
+clever-invest.gq, 1
+clever-reisen.tk, 1
+cleverbots.ru, 1
+cleverbowling.com, 1
+clevercoaching.nl, 1
+cleverdarts.com, 1
+cleverdeal.tk, 1
+cleverlance.de, 1
+cleverlance.es, 1
+cleverlance.sk, 1
+clevermatch.com, 1
+clevermemo.com, 1
+clevermo.gov, 1
+cleveroad.com, 1
+cleveronmobility.com, 1
+cleverskateboard.com, 1
+clevertarget.ru, 1
+cleververmarkten.com, 1
+cleververmarkten.de, 1
+clevisto.com, 1
+clevon.com, 1
+clevon.us, 1
+clevoninvestors.com, 1
+clevvi.com.au, 0
+clevyr.ai, 1
+clevyr.biz, 1
+clevyr.careers, 1
+clevyr.co, 1
+clevyr.com, 1
+clevyr.email, 1
+clevyr.expert, 1
+clevyr.info, 1
+clevyr.me, 1
+clevyr.mobi, 1
+clevyr.ninja, 1
+clevyr.org, 1
+clevyr.shop, 1
+clevyr.store, 1
+clevyr.us, 1
+clevyr.work, 1
+clevyrapps.com, 1
+clevyrcares.com, 1
+clevyrcreative.com, 1
+clevyrgames.com, 1
+clevyrhosting.com, 1
+clevyrhub.com, 1
+clevyrlabs.com, 1
+clevyrnode.com, 1
+clevyrnodejs.com, 1
+clevyrstream.com, 1
+clevyrstreamjs.com, 1
+clevyrstudios.com, 1
+clevyrvr.com, 1
+cleysense.com, 0
+clic-music.com, 1
+clic29.fr, 1
+clica.net, 1
+click-7979.com, 1
+click-cat.tk, 1
+click-generator.com, 1
+click2affiliate.xyz, 1
+click4click.ga, 1
+clickapro.com, 1
+clickbasin.co.uk, 1
+clickcell.tk, 1
+clickclickfish.com, 1
+clickclickmalware.com, 1
+clickclickphish.com, 1
+clickclickvirus.com, 1
+clickclock.cc, 1
+clickcollect.boutique, 1
+clickdebateest.ga, 1
+clickdefense.io, 1
+clickdocs.ca, 1
+clickenergy.com.au, 1
+clickfinger.net, 1
+clickforum.cf, 1
+clickfreescore.com, 1
+clickhelp.com, 1
+clickheretobegin.tk, 1
+clickhost.com.au, 1
+clickhouse.tech, 1
+clickinfo.tk, 1
+clickingmad.com, 1
+clickipo.com, 1
+clickkon.ml, 1
+clickmeeting.com, 1
+clickpeak.digital, 1
+clickphobia.ga, 1
+clickpress.tk, 1
+clickrecados.tk, 1
+clickrising.com, 1
+clicks.co.za, 1
+clicks24.cf, 1
+clicksacolas.com, 1
+clickseek.in, 1
+clicksengage.com, 1
+clickspeedtest.net, 1
+clickstart.ml, 1
+clicktenisdemesa.com.br, 0
+clicktest.cf, 1
+clicktheright.top, 1
+clicktodiscount.com, 1
+clicktolinkb.gq, 1
+clicktrans.com, 1
+clicktrans.de, 1
+clicktrans.es, 1
+clicktrans.it, 1
+clicktrans.pl, 1
+clickzone.ga, 1
+clicoclick.com, 1
+clien.net, 1
+client.coach, 0
+client.photos, 1
+client24.tk, 1
+clientboss.com, 1
+clientcms.co.uk, 1
+clientify.com, 1
+clientpay.com, 0
+clientportal.com, 1
+clientportal.photo, 1
+cliff-rilly-website.tk, 1
+cliffbreak.de, 1
+cliffburton.tk, 1
+clifflu.net, 1
+cliftonaz.gov, 1
+cliftonheritage.net, 1
+clik.ga, 1
+clima.vip, 1
+climaencusco.com, 1
+climaffaires.com, 1
+climamulti.com.br, 1
+climate.biz, 1
+climatecrafters.com, 1
+climatejustice.nyc, 1
+climatgate.tk, 1
+climaticequipment.tk, 1
+climatizzatore.it, 0
+climatizzatore.roma.it, 1
+climatizzatoriprezzi.it, 1
+climaventa.net, 1
+climaverde.gr, 1
+climb4achild.org, 1
+climbernews.com, 1
+climbing.tk, 1
+climbinggear.info, 1
+climbsoill.com, 1
+climeradar.com, 1
+clinchcountyga.gov, 1
+clindamycin-150mg.ga, 1
+clindamycin-phosphate.ga, 1
+clindamycin.gq, 1
+clindamycinantibiotic.cf, 1
+clindamycinantibiotic.ga, 1
+clindamycinantibiotic.gq, 1
+clindamycinantibiotic.tk, 1
+clindamycinprice.tk, 1
+clindoeilmontagne.com, 0
+clingout.com, 1
+clinic-manager.academy, 1
+clinic-narcom.ru, 1
+clinica.zapto.org, 1
+clinicaarques.es, 1
+clinicadentalados.com, 1
+clinicadentalayomunoz.com, 1
+clinicadentalhome.com, 1
+clinicaeiger.cl, 1
+clinicaeliana.com, 1
+clinicaesteticabhprime.com.br, 1
+clinicaferrusbratos.com, 0
+clinicalrehabilitation.info, 1
+clinicalstats.ga, 1
+clinicaltrialpodcast.com, 1
+clinicaltrials.gov, 1
+clinicamagdalena.com.co, 1
+clinicamargot.com, 1
+clinicarayanelacerda.com.br, 1
+clinicaresplandecer.com.br, 1
+clinicasantodomingo.cl, 1
+clinicaschirmer.com, 1
+clinicasesteticas.com.br, 1
+clinicasmedicas.com.br, 1
+clinicasveterinarias.info, 1
+clinicatorino.com.br, 1
+clinicortinascali.com, 1
+clinicos.cl, 1
+cliniko.com, 1
+clinique-ser.ca, 1
+cliniquecomplementaire.com, 1
+cliniquedacupuncturelajeunesse.com, 1
+cliniquevethuy.be, 1
+clinlife.com, 1
+clinlife.de, 1
+clinlife.us, 1
+clinpharm.vn, 1
+clinsoftcsd.com, 1
+clinstatdevice.com, 1
+clintburnett.com, 1
+clinthorne.com, 1
+clintonbloodworth.com, 1
+clintoncomo.gov, 1
+clintoncountyin.gov, 1
+clintoncountyny.gov, 1
+clintoncountypa.gov, 1
+clintonlibrary.gov, 1
+clintonoh.gov, 1
+clintonohfire.gov, 1
+clintonsavings.com, 1
+clintontwpnj.gov, 1
+clintonvillewi.gov, 1
+clio-dev2.com, 1
+cliomi.gov, 1
+clip.cafe, 1
+clipchamp.com, 1
+clipclip.com, 1
+clips.ga, 1
+cliqit.com.au, 1
+cliquetis.ddns.net, 1
+cliqz.com, 1
+clirnet.com, 1
+clive.io, 1
+cliveptr.cc, 1
+clkbw.com, 1
+clkdmg.site, 1
+clmbr.ch, 0
+clmde.de, 1
+clmz.nl, 1
+clnc.to, 1
+clnlboard.co.uk, 1
+clnnet.ch, 1
+clnshrk.club, 0
+cloaked.ch, 0
+clochix.net, 1
+clock3.com, 1
+clockcaster.com, 1
+clockka.com, 1
+clockka.it, 1
+clocklab.design, 1
+clocklink.com, 1
+clockster.com, 0
+clodo.it, 1
+clodoteam.ga, 1
+cloeri.com, 1
+clojurefactory.io, 1
+clojurescript.ru, 1
+clokdways.com, 1
+clomid100mg.ga, 1
+clomid50mg.cf, 1
+clomid50mg.ml, 1
+clomidformen.tk, 1
+clomidonline.tk, 1
+clomiphene.gq, 1
+cloneprint.com, 1
+cloneuniverse.com, 1
+cloneuniverse.de, 1
+clonidine-hydrochloride.ga, 1
+clonix.tk, 1
+clonoe.tk, 1
+clonyitaly.tk, 1
+clooi.tk, 1
+cloppenburg-autmobil.com, 1
+cloppenburg-automobil.com, 1
+cloppenburg-gruppe.de, 1
+clorinda.tk, 1
+clorophilla.net, 1
+cloroxpro.com, 1
+closecross.com, 1
+closeli.cn, 1
+closeli.com, 1
+closelinksecurity.co.uk, 1
+closelinksecurity.com, 1
+closernow.tk, 1
+closetedsoul.com, 1
+closets-cheap.tk, 1
+closingholding.com, 1
+closingthegap.gov.au, 1
+closrr.cloud, 1
+closrr.com, 1
+clothes-for-school.tk, 1
+clothilde-wattelier.fr, 1
+clothing-2010.tk, 1
+clothing-for-women.tk, 1
+clothingforcamping.com, 1
+clothingjeans.tk, 1
+clothoff.io, 1
+cloud-glaeser.dedyn.io, 1
+cloud-hair.jp, 1
+cloud-lines.ml, 1
+cloud-screen.com, 1
+cloud-world.tk, 1
+cloud.bugatti, 1
+cloud.fail, 1
+cloud.google.com, 1
+cloud.gov, 1
+cloud1.nl, 1
+cloud10.io, 1
+cloud10solutions.technology, 1
+cloud24.kz, 1
+cloud24x7.us, 1
+cloud255.com, 1
+cloud42.ch, 0
+cloud9bouncycastlehire.com, 1
+cloud9vets.co.uk, 1
+cloudads.ga, 1
+cloudads.ml, 1
+cloudalice.com, 1
+cloudalice.net, 1
+cloudandco.co, 1
+cloudapps.digital, 1
+cloudatabases.com, 1
+cloudatedge.com, 1
+cloudav.pt, 1
+cloudbees.ai, 1
+cloudbees.com, 1
+cloudbees.io, 1
+cloudberlin.goip.de, 1
+cloudbleed.info, 1
+cloudboard.fr, 1
+cloudbool.com, 1
+cloudbreaker.net, 1
+cloudbrothers.info, 0
+cloudbytesconnect.com, 1
+cloudcaprice.net, 1
+cloudcastles.xyz, 1
+cloudcert.org, 1
+cloudchart.site, 1
+cloudcloudcloud.cloud, 1
+cloudcomputingtechnologies.com, 1
+cloudcybersecure.com, 1
+clouddark.xyz, 1
+clouddaten.de, 1
+clouddesk.co.uk, 1
+clouddog.com.br, 1
+clouddomain.tk, 1
+clouddownloader.net, 1
+cloudeezy.com, 1
+cloudengage.com, 1
+cloudera.com, 1
+cloudevolutionforum.com.br, 1
+cloudey.net, 1
+cloudfast.cf, 1
+cloudfilecomputer.ga, 1
+cloudfiles.at, 1
+cloudfinders.cf, 1
+cloudfit.tech, 1
+cloudflare-dns.com, 1
+cloudflare.com, 1
+cloudflare.irish, 1
+cloudflareonazure.com, 1
+cloudforce.com, 1
+cloudfree.shop, 1
+cloudfree.top, 1
+cloudfudge.com, 1
+cloudhero.ai, 1
+cloudia.org, 1
+cloudily.com, 1
+cloudimproved.com, 1
+cloudimprovedtest.com, 1
+cloudindex.io, 1
+cloudinfinit.com, 1
+cloudinnovation.design, 1
+cloudit.co, 1
+cloudix.cf, 1
+cloudlessdreams.com, 0
+cloudlfront.net, 1
+cloudlight.biz, 1
+cloudmagz.com, 1
+cloudmanagedbuilding.com, 1
+cloudmanagedbuildings.com, 1
+cloudmarathi.work, 1
+cloudmarket.com.br, 0
+cloudmax.es, 1
+cloudmigrator365.com, 1
+cloudmoney.tk, 1
+cloudmyhome.site, 1
+cloudmyhome.top, 1
+cloudnexusit.com, 1
+cloudninelandscapedesign.com, 1
+cloudnote.cc, 1
+cloudnovi.com, 1
+cloudns.net, 1
+cloudofertas.com.br, 1
+cloudoptimizedsmb.com, 1
+cloudoptimus.com, 1
+cloudpagesforwork.com, 1
+cloudpengu.in, 1
+cloudplan.nl, 1
+cloudpole.de, 1
+cloudpublic.pro, 1
+cloudrive.cf, 1
+cloudsavvyit.com, 1
+cloudscribe.com, 1
+cloudse.co.uk, 1
+cloudsec.tk, 1
+cloudsecurityalliance-europe.org, 1
+cloudsecurityalliance.ai, 1
+cloudsecurityalliance.ca, 1
+cloudsecurityalliance.cloud, 1
+cloudsecurityalliance.cn, 1
+cloudsecurityalliance.com, 1
+cloudsecurityalliance.events, 1
+cloudsecurityalliance.info, 1
+cloudsecurityalliance.net, 1
+cloudsecurityalliance.org, 1
+cloudsecurityalliance.social, 1
+cloudsecurityalliance.training, 1
+cloudsecurityalliancelabs.com, 1
+cloudsecuritycommunity.org, 1
+cloudsecuritycongress.net, 1
+cloudsecuritycongress.org, 1
+cloudseptam.fr, 1
+cloudsharp.io, 1
+cloudshiftgroup.co.uk, 1
+cloudsign.jp, 1
+cloudskill.in, 1
+cloudsmart.tech, 1
+cloudsmith.com, 0
+cloudsms.com, 1
+cloudspace-analytics.com, 1
+cloudspeedy.net, 1
+cloudspire.net, 1
+cloudstoragecompare.com, 1
+cloudstored.nl, 1
+cloudstress.ga, 1
+cloudsweeper.com, 1
+cloudsweeper.de, 1
+cloudsys.dnsalias.net, 1
+cloudteam.de, 1
+cloudtelemanagement.com, 1
+cloudtensolutions.com, 1
+cloudtocloud.ddns.net, 0
+cloudtocloud.tk, 1
+cloudtropia.de, 1
+cloudtskr.com, 1
+cloudturing.chat, 1
+cloudturing.com, 1
+cloudu.de, 1
+cloudup.com, 1
+cloudvoor.eu, 1
+cloudvoor.net, 1
+cloudvoor.nl, 1
+cloudwajs.com, 1
+cloudwalk.io, 0
+cloudwave.fr, 1
+cloudwayc.com, 1
+cloudwayds.com, 1
+cloudwayq.com, 1
+cloudways.cm, 1
+cloudwebservices.nl, 1
+cloudwellmarketing.com, 1
+cloudwithlightning.net, 1
+cloudzentechnologies.com, 1
+clouglobal.com, 0
+cloutcloset.ga, 1
+clouvways.com, 1
+clouwways.com, 1
+clouz.de, 1
+clover-sendai.com, 1
+cloverleafmoving.com, 1
+cloversonoma.com, 1
+clovertwo.com, 1
+clovisoncology.com, 1
+clovisplumbingservices.com, 1
+clovorin.gq, 1
+clowd.haus, 1
+clowd.ovh, 1
+clown-clan.tk, 1
+clown-workshop.de, 1
+clown-zappo.de, 1
+clownish.co.il, 1
+cloxy.com, 1
+cloydnco.com, 1
+cloydnco.com.jm, 1
+cloydncojamaica.com.jm, 1
+cloyes.com, 1
+cloze.com, 1
+clpoule.nl, 1
+clr3.com, 1
+cls.im, 1
+clsimage.com, 1
+clsmalta.eu, 1
+clsoft.ch, 1
+clu-in.org, 1
+cluadmin.de, 1
+club-adulti.ro, 1
+club-creole.com, 1
+club-dieta.ru, 1
+club-dresses.cf, 1
+club-duomo.com, 1
+club-eclipse.tk, 1
+club-ed.com, 1
+club-leondehuanuco.tk, 1
+club-nautique-sainte-maxime.fr, 1
+club-night.tk, 1
+club-no4.de, 1
+club-oz.tk, 1
+club-premiere.com, 1
+club-reduc.com, 1
+club-slow.jp, 1
+club-soul.tk, 1
+club-transformation-digitale.com, 1
+club.zj.cn, 1
+club10x.com, 1
+clubanimal.cl, 1
+clubapk.com, 1
+clubarbuz.ru, 1
+clubatleticonacionalpotosi.tk, 1
+clubbers-comtois.tk, 1
+clubcollinssquare.com.au, 1
+clubcompetition.co.uk, 1
+clubcorolla.cf, 1
+clubcorsavenezuela.com, 0
+clubcupido.com.br, 1
+clubdeportivocieza.tk, 1
+clubdeslecteurs.net, 1
+clubeamizade.com, 1
+clubeamizade.com.pt, 1
+clubeamizade.pt, 1
+clubedalutashop.com, 1
+clubedaquimica.tk, 1
+clubedegeografia.tk, 1
+clubedoberloque.com.br, 1
+clubedohardware.com.br, 1
+clubedores.com.br, 1
+clubeflor.com.br, 1
+clubegls.com, 1
+clubegls.com.pt, 1
+clubegolfpt.com, 1
+clubeighteen.tk, 1
+clubempleos.com, 1
+clubeohara.com, 1
+cluberiks.cf, 1
+cluberiks.ga, 1
+cluberiks.gq, 1
+clubetravel.biz, 1
+clubetravel.com, 1
+clubetravel.com.br, 1
+clubetravel.com.pt, 1
+clubetravel.net, 1
+clubetravel.org, 1
+clubexpress.com, 1
+clubfactory.ml, 1
+clubfailed.tk, 1
+clubfamily.de, 1
+clubforce.com, 1
+clubfunday.ga, 1
+clubgalileo.com.ec, 1
+clubgenesis.tk, 1
+clubgls.com, 1
+clubhouseohio.org, 1
+clubhousetownhomes.com, 0
+clubic.com, 1
+clubinhodobaby.com.br, 1
+clubkalinka.tk, 1
+clubkuzmich.ru, 1
+clublevelsports.com, 1
+clublibertad.tk, 1
+clublime.com.au, 1
+clubmacadamia.com, 1
+clubmacadamia.net, 1
+clubmacadamia.org, 1
+clubmagellan.tk, 1
+clubmahindra.com, 1
+clubmania.tk, 1
+clubmarina.store, 1
+clubmate.rocks, 1
+clubmini.jp, 1
+clubminimansiones.tk, 1
+clubnature.tk, 1
+clubni.tk, 1
+clubnoetig-ink2g.de, 1
+cluboc.site, 1
+clubon.space, 1
+clubpes.tk, 1
+clubpeugeot405.tk, 1
+clubrubionu.com, 1
+clubserveers.ga, 1
+clubsuccessjapan.com, 1
+clubtamarugal.tk, 1
+clubtecknocore.tk, 1
+clubtraining.com.au, 1
+clubtravel.com.pt, 1
+clubtur.dk, 1
+clubvodoley.ru, 1
+clubvttlesloupsdemaixe.tk, 1
+clubvwgolf.com, 1
+clubzap.org, 1
+clubzero.co, 1
+clubzul.com, 1
+cluedosenvivo.com, 1
+cluefluest.ga, 1
+clueless.ga, 1
+clueless.tk, 1
+cluelesscraft.com, 1
+cluin.org, 1
+cluj.apartments, 1
+cluj.help, 1
+clun.top, 1
+clush.pw, 1
+cluster.biz.tr, 1
+cluster446.fr, 1
+clusterfuck.nz, 1
+clustermaze.net, 1
+clutch.ua, 1
+clvr.sh, 1
+clvs7.com, 0
+clweb.ch, 1
+clwrota.com, 1
+clycat.ru, 1
+clyde-tx.gov, 1
+clydewi.gov, 1
+cm-agueda.pt, 1
+cm-funchal.pt, 1
+cm-law.eu, 1
+cm-loures.pt, 1
+cm-penalvadocastelo.pt, 1
+cm-pombal.pt, 1
+cm-portimao.pt, 1
+cm-ribeiragrande.pt, 1
+cm-terrasdebouro.pt, 0
+cm-valenca.pt, 0
+cm-vpaguiar.pt, 1
+cm1xbet.com, 1
+cm3.pw, 0
+cmaa.it, 1
+cmadeangelis.it, 1
+cmalet-avocat.fr, 1
+cmavs.com, 1
+cmbeautiful.com, 1
+cmbs.loans, 1
+cmc.pt, 0
+cmcbank.co.in, 1
+cmcc.network, 1
+cmcjanuary.in, 1
+cmcressy.ch, 1
+cmd2021acm.com, 1
+cme-colleg.de, 1
+cmediaplayer.com, 0
+cmetana.tk, 1
+cmf.qc.ca, 1
+cmfaccounting.com, 0
+cmfcuro.com, 1
+cmftech.com, 1
+cmfuchs.de, 1
+cmhcinc.org, 1
+cmi.no, 1
+cmillrehab.com, 1
+cmkr.at, 1
+cmlachapelle.ch, 1
+cmlcpa.ca, 1
+cmlex.com, 1
+cmlignon.ch, 1
+cmmcinfo.org, 1
+cmn-group.com, 0
+cmn-groupe.com, 0
+cmngroup.com, 0
+cmngroupe.com, 0
+cmonlien.fr, 1
+cmperalta.tk, 1
+cmplainpalais.ch, 1
+cmrconstructions.com.au, 1
+cmrlink.org, 1
+cmrnw.com, 1
+cms-mania.tk, 1
+cms-service24.de, 1
+cms-weble.jp, 1
+cms-world.co.jp, 1
+cmsasia.co, 1
+cmscompany.de, 1
+cmsdca.gov, 1
+cmserviscz.cz, 0
+cmskeyholding.co.uk, 1
+cmskeyholding.com, 1
+cmskh.co.uk, 1
+cmsnl.com, 1
+cmsonline.com, 1
+cmsua.ca, 1
+cmtportal.co.uk, 1
+cmtso.com, 1
+cmv.gr, 1
+cmveraopersonalizados.com.br, 1
+cmweb.xyz, 1
+cmweller.com, 1
+cn.search.yahoo.com, 0
+cn2euportugal.com, 1
+cn8522.com, 1
+cna-ecuador.com, 1
+cna.com.br, 1
+cnabogota.tk, 1
+cnairgroupstore.com, 1
+cnam-idf.fr, 1
+cnatraining.network, 1
+cnb.ie, 1
+cnb1901.com, 1
+cnbs.ch, 1
+cnc-lehrgang.de, 1
+cncexplorer.com, 1
+cncfraises.fr, 1
+cnclp.org.uk, 1
+cncn3.cn, 1
+cncollege.tk, 1
+cncr.ga, 1
+cncs.gov.pt, 1
+cnetw.xyz, 1
+cnews.ru, 1
+cnexchange.com, 1
+cnfei.com, 1
+cnfree.xyz, 1
+cngvp.org, 1
+cni-certing.it, 1
+cni.net.id, 1
+cniec.com, 1
+cnil.fr, 1
+cnitdog.com, 1
+cnki.com, 1
+cnlic.com, 1
+cnlongtex.com, 1
+cnmi.gov, 1
+cnmilaw.gov, 1
+cnnet.in, 1
+cnns.co.uk, 1
+cnnumerique.fr, 1
+cnocsp.com, 1
+cnopera.com, 1
+cnpkg.org, 1
+cnpy.gdn, 1
+cnslub.ru, 1
+cnss.gob.do, 1
+cntraveller.com, 1
+cnvt.fr, 1
+cnxiangxian.com, 1
+co-construisonsdemain.org, 1
+co-founder-stuttgart.de, 1
+co-store.com, 1
+co-yutaka.com, 1
+co.fo, 1
+co.lu, 1
+co.search.yahoo.com, 0
+co.td, 1
+co2eco.cn, 0
+co2fr.ee, 0
+co3app.com, 1
+coa.gov.ph, 1
+coach-enligne.fr, 1
+coach-hpe.ch, 0
+coach.org.uk, 1
+coachablebyabel.nl, 1
+coachbakery.com, 1
+coaches-website.de, 1
+coachinfopreneur.com, 1
+coaching-aus-leidenschaft.com, 1
+coaching-harmonique.fr, 1
+coaching-impulse.ch, 0
+coachingforleaders.com, 1
+coachingmillenium.com, 1
+coachingsantcugat.cat, 1
+coachjehond.nl, 1
+coachment.dk, 1
+coactive.ai, 1
+coag.gov.au, 1
+coagclinic.com, 1
+coalanews.com, 1
+coalitieduurzamedigitalisering.nl, 1
+coalition.tk, 1
+coalmen.ga, 1
+coalpointcottage.com, 1
+coalvillebasketball.tk, 1
+coaojarlos.tk, 1
+coasa.me, 1
+coassessment.com, 1
+coast.tk, 1
+coastalmotorcoach.com, 1
+coastalpayroll.net, 1
+coastalphysie.com, 1
+coastalpointe.com, 1
+coastalsignsplus.com, 1
+coastline.net.au, 1
+coastnews.cf, 1
+coathangastrangla.com, 1
+coathangastrangler.com, 1
+coathangerstrangla.com, 1
+coathangerstrangler.com, 1
+coating-equipment.com, 1
+coats-and-jackets.tk, 1
+coatsandcocktails.org, 1
+cobaka.tk, 1
+cobaltia.org, 1
+cobb-ranch.com, 1
+cobbcountygeorgia.ml, 1
+cobitis.net, 1
+cobiz.nl, 1
+coboxviagens.com.br, 1
+cobracastles.co.uk, 1
+cobralelie.nl, 1
+cobranzasimg.com, 1
+coc.de, 1
+cocaine.ninja, 1
+cocaine.wiki, 1
+cocalc.com, 1
+cocareonline.com, 1
+coccinellaskitchen.com, 1
+coccinellaskitchen.de, 1
+coccinellaskitchen.it, 1
+coccinellepratas.com.br, 1
+coccolebenessere.it, 1
+cochem-zell-online.de, 1
+cochem-zell.de, 1
+cocheriagori.com.ar, 1
+cochesaescala.tk, 1
+cochesteledirigidos.net, 1
+cochin-brahma.tk, 1
+cochise.gov, 1
+cochranwriting.com, 1
+cocina.guru, 1
+cocinaconalegria.shop, 1
+cocinandoenelsalnes.com, 1
+cocinasazahara.tk, 1
+cocinerosmxporelmundo.com, 1
+cocinoyo.com, 1
+cock.lt, 1
+cockedey.in, 1
+cockerspanielamericano.com.br, 1
+cockerspanielingles.com.br, 1
+cockfile.com, 1
+cockmonkey.tk, 1
+cocktail.network, 1
+cockybot.com, 1
+coco-01.gq, 1
+coco-apo.de, 1
+coco-cool.fr, 1
+coco-line.ch, 1
+coco.one, 1
+cocoa-job.jp, 1
+cocoafl.gov, 1
+cocoamexico.com, 1
+cocobollo-sallanches.com, 1
+cocobrother.ddnss.de, 1
+cocodroid.com, 0
+cocogoat.work, 1
+cocogolfcarts.com, 1
+cocokmobi.ga, 1
+cocolink.jp, 1
+cocomelody.com, 0
+cocomelody.de, 1
+cocomelody.jp, 1
+coconutguy.gq, 1
+coconutoil.ml, 1
+coconuts-fashion.gr, 1
+cocopah.gov, 1
+cocopipeline-br-development.herokuapp.com, 1
+cocoscastles.co.uk, 1
+cocosunbeds.co.uk, 1
+cocounty.org, 1
+cocowine.com, 1
+cocresa.tk, 1
+cocservice.top, 1
+cocula.net, 1
+cocyou.ooo, 1
+cocytus.services, 1
+cod-ggw.ml, 1
+cod88.cc, 1
+coda-erfurt.de, 1
+coda.io, 1
+coda.world, 1
+coda18.gov, 1
+coda23.gov, 1
+codabix.com, 1
+codabix.de, 1
+codandn.com, 1
+code-35.com, 0
+code-de-la-route-gratuit.net, 1
+code-in-plate.tk, 1
+code-judge.tk, 1
+code-maze.com, 1
+code-poets.co.uk, 1
+code-server.host, 1
+code-vikings.de, 1
+code-well.com, 1
+code.cool, 1
+code.facebook.com, 0
+code.fm, 1
+code.google.com, 1
+code.gov, 1
+code4.hk, 1
+code9000.be, 1
+codeandpeace.com, 1
+codeandsupply.co, 1
+codeberg.org, 1
+codebot.tk, 1
+codebrahma.com, 0
+codebrasileiro.tk, 1
+codebreak.tk, 1
+codebreakers.it, 1
+codecatalyst.aws, 1
+codeclouds.com, 1
+codeclub.gq, 1
+codecolliders.com, 1
+codecommunity.io, 1
+codecool.com, 1
+codecrew.us, 1
+codectron.com, 1
+codedbyjim.nl, 1
+codedelarouteenligne.fr, 1
+codedo.info, 0
+codedump.net, 1
+codeeclipse.com, 1
+codefaq.org, 1
+codefather.ml, 1
+codeferm.com, 1
+codefionn.eu, 1
+codefive.co.uk, 1
+codefordus.de, 1
+codefordus.nrw, 1
+codefoundry.it, 0
+codegirl.tk, 1
+codeguided.com, 1
+codehangar.io, 1
+codehelper.ml, 1
+codeheroes.fr, 1
+codehupy.org.py, 1
+codehz.one, 1
+codeidea.ga, 1
+codeine.co.uk, 1
+codeit.guru, 1
+codeit.pro, 1
+codeit.us, 1
+codejumper.ml, 1
+codekk.com, 1
+codelinchpin.com, 1
+codeloop.pw, 1
+codemahrt.com, 1
+codemperium.com, 1
+codename-infinity.de, 1
+codename-infinity.org, 1
+codename24.tk, 1
+codenamelungo.tk, 1
+codenetwork.com, 1
+codeninja.me, 1
+codenlife.kr, 1
+codenlife.xyz, 1
+codenode.io, 1
+codeofhonor.tech, 1
+codeparva.com, 1
+codepen.com, 1
+codepen.io, 1
+codepoint.ml, 1
+codepoints.net, 0
+codepref.com, 1
+codeprotocols.com, 1
+codeproxy.net, 1
+codepwn.win, 1
+codercross.com, 1
+codered.sh, 1
+coderema.de, 1
+coderema.eu, 1
+coderescue.com, 1
+codereview.appspot.com, 1
+codereview.chromium.org, 1
+coderhangout.com, 1
+coderjesus.com, 1
+coderme.com, 1
+codero.com, 1
+coderofdreams.com, 1
+coderoute-enligne.com, 1
+coderpad.io, 1
+codersatlas.co, 1
+codersatlas.xyz, 1
+coderus.com, 1
+codes.pk, 1
+codesgroup.tk, 1
+codeslaw.com, 1
+codesplain.in, 1
+codesport.io, 1
+codesquad.com.au, 1
+codestats.net, 1
+codestudies.net, 1
+codetahiche.com, 1
+codetheweb.blog, 1
+codetheworld.com, 1
+codetrack.se, 1
+codetricked.com, 1
+codetripping.net, 1
+codeupstudios.com, 1
+codeux.com, 1
+codeux.info, 1
+codeux.net, 1
+codev.com.tr, 1
+codevat.com, 1
+codewaifu.com, 1
+codewild.de, 1
+codewitchbella.com, 0
+codewithalisha.ga, 1
+codewithlove.blog, 1
+codewrecks.com, 1
+codex.online, 1
+codezenith.com, 1
+codezeno.com.au, 1
+codific.com, 1
+codifique.tk, 1
+codigodelbonusbet365.com, 1
+codigoexactodearea.com, 1
+codigojose.com, 1
+codigomusical.tk, 1
+codigosddd.com.br, 1
+codigosmart.com, 1
+coding-aloud.nz, 1
+coding-basic.tk, 1
+coding-treff.de, 1
+coding.lv, 1
+coding.net, 1
+codingale.com, 1
+codingame.com, 1
+codingame.eu, 1
+codingblog.org, 1
+codingforspeed.com, 1
+codingfromhell.net, 1
+codinginfinity.me, 1
+codingissimple.com, 1
+codingnbb.com, 1
+codish.ml, 1
+codista.com, 1
+cododigital.co.uk, 1
+codowned.com, 1
+coduca88.com, 1
+codulrutier.tk, 1
+coduzion.com, 1
+cody.sh, 1
+codydostal.com, 1
+codywy.gov, 1
+coeburnva.gov, 1
+coecho.net, 1
+coedpictures.com, 1
+coefficient.com.au, 1
+coeminna.edu.ng, 0
+coenjutte.tk, 1
+coens.me.uk, 1
+coentropic.com, 1
+coenzima.com, 1
+coequals.tk, 1
+cofense.at, 1
+cofetaria-narcisa.ro, 1
+coffee-break.cc, 1
+coffee-like.com, 1
+coffee-webstore.com, 1
+coffee.co.uk, 1
+coffeebean.cf, 1
+coffeebeanstudios.tk, 1
+coffeebiz.co.nz, 1
+coffeebreak.bg, 1
+coffeechi.ir, 1
+coffeeciel.com, 1
+coffeeciel.com.tr, 1
+coffeeholic.tk, 1
+coffeehousewriters.com, 1
+coffeemoment.nl, 1
+coffeeplazahamburg.com, 1
+coffeeruta.ru, 1
+coffeestain.ltd, 1
+coffeestory.in.ua, 1
+coffeetom.de, 1
+coffeist.com, 1
+coffstotalroofing.com.au, 1
+cofidis-group.com, 1
+cofidur.com, 1
+cofigs.com, 1
+cofinco.nl, 1
+cofob.ru, 1
+cofradiaqueimada.tk, 1
+cogent.cc, 1
+cogetop.com.br, 1
+coggeshall.io, 1
+coggeshall.us, 1
+coggin.church, 1
+coggle.it, 1
+coginti.tk, 1
+cogknockers.com, 1
+cogknockers.net, 1
+cognac-oenologie.com, 1
+cognac-tasting-tour.com, 0
+cognigennetwork.tk, 1
+cognitip.com, 1
+cognitiveapplications.net, 1
+cognitivehealthintl.com, 1
+cognitohq.com, 0
+cognixia.us, 1
+cognosweb.net, 1
+cogolloelegante.com, 1
+cogsquad.house, 1
+cogstate.com, 1
+cogumelosmagicos.org, 1
+coharushika.com, 1
+cohassetfirema.gov, 1
+cohassetma.gov, 1
+cohassetpolicema.gov, 1
+cohenandcohen.net, 1
+cohere.io, 1
+cohob.de, 1
+coiffbot.fr, 1
+coiffeurschnittstelle.ch, 1
+coiffure-website.de, 1
+coil.gov, 1
+coimmvest.com, 1
+coin-exchange.cz, 1
+coin-group.com, 1
+coin-miners.info, 1
+coin-money.tk, 1
+coin.dance, 1
+coin.space, 1
+coinamount.com, 0
+coinauctionshelp.com, 1
+coinbase.com, 1
+coinbit.trade, 0
+coincabin.io, 1
+coincalc.tk, 1
+coincap.news, 1
+coinchapter.com, 1
+coincircle.com, 1
+coincity.ga, 1
+coinclickz.fun, 1
+coincoele.com.br, 1
+coincoin.eu.org, 1
+coinf.it, 1
+coinflux.com, 1
+coinfundit.com, 1
+coingate.com, 1
+coinjar-sandbox.com, 1
+coinjar.com, 1
+coinlend.org, 1
+coinliq.com, 1
+coinloan.io, 1
+coinmarketturkiye.com, 1
+coinmotion.com, 1
+coinnewspulse.com, 1
+coinpaprika.com, 1
+coinpedia.org, 1
+coinplay.com, 1
+coinroom.com, 1
+coins2001.ru, 1
+coinsales.net, 1
+coinscatalog.net, 1
+coinsconnect.co.uk, 1
+coinsmat.com, 1
+coinsuggest.com, 1
+cointosh.jp, 1
+coinwind.vip, 1
+coinx.pro, 1
+coiracom.net, 1
+cojam.ru, 1
+cojo.eu, 1
+cok.hu, 1
+cokebar.info, 0
+coker.com.au, 1
+cokestudiosongs.tk, 1
+cokisiregar.com, 1
+cokomi.com, 1
+col.la, 0
+cola-host.tk, 1
+colaborame.tk, 1
+colaborativa.tv, 1
+colaboratorija.lt, 1
+colabore.com, 1
+colabug.com, 1
+colafoodcritic.com, 1
+colah.com.au, 1
+colapsys.net, 1
+colarelli.ch, 1
+colarose.tk, 1
+colazxk.xyz, 1
+colbert.ml, 1
+colburnadamswi.gov, 1
+colchesterglobal.co.nz, 1
+colchesterglobal.com, 1
+colchesterglobal.com.au, 1
+colcomm.com, 1
+coldcardwallet.com, 1
+coldcaserecords.gov, 1
+coldecan.edu.co, 1
+colder.one, 1
+coldfff.com, 1
+coldfusion.co.jp, 1
+coldhak.ca, 0
+coldice.tk, 1
+coldjetconnect.com, 1
+coldlasers.org, 1
+coldpaste.com, 1
+coldspegll.gq, 1
+coldspringsrancheria.gov, 1
+coldsteelsolutions.com, 1
+coldstreamcreekfarm.com, 1
+coldtomato.ga, 1
+coldtomatoest.ga, 1
+coldwater.tk, 1
+coldwateraustin.com, 1
+colearning.world, 1
+colecountymo.gov, 1
+colectivaradio.tk, 1
+colectivo.tk, 1
+colectivomackandal.tk, 1
+colectivovictorjara.tk, 1
+coleg.gov, 1
+colegiocuauhtzin.com.mx, 1
+colegiojaimebalmes.es, 1
+colegiorecanto.com, 1
+colegios.net, 1
+colegiosantaursula.com.br, 1
+colegiotalenti.com, 1
+colegiotavera.tk, 1
+colemak.com, 1
+colengo.com, 1
+colerainemn.gov, 1
+coletrain.com, 1
+colfaxcountyne.gov, 1
+colfaxia.gov, 1
+colibriexpress.tk, 1
+coligo.fr, 1
+colinasdog.com.br, 1
+colincogle.name, 1
+colinespinas.com, 0
+colinhouston.com, 1
+colink.fi, 1
+colinobrien.online, 1
+colinsnaith.co.uk, 1
+colinstark.ca, 1
+colinyoung.scot, 1
+colis-collecte.re, 1
+colisfrais.com, 0
+collab.ddnss.org, 1
+collabora-office.com, 1
+collabora.ca, 0
+collabora.co.kr, 1
+collabora.co.uk, 1
+collabora.com, 1
+collabora.kr, 1
+collabora.ninja, 0
+collabora.social, 0
+collabora.uk, 0
+collaboracloudsuite.com, 0
+collaboraoffice.co.uk, 1
+collaboraoffice.com, 1
+collaboration.cafe, 1
+collaborativedrug.com, 0
+collaborativehealthpsychology.com, 1
+collabornation.net, 1
+collacott.org, 1
+collaction.hk, 1
+collada.org, 1
+collage.me, 1
+collagecrafting.com, 1
+collagepartners.com, 1
+collalloc.com, 1
+collapsed.de, 1
+collar.place, 1
+collard.tk, 1
+collare.com.mx, 1
+collare.mx, 1
+collarslab.com, 1
+collateral360.com, 1
+collateralmurder.com, 1
+collbox.co, 0
+colleadimari.com, 1
+collectaction.com, 1
+collectdocs.com, 1
+collecter.tk, 1
+collectfood.com, 1
+collectiblebeans.com, 1
+collectibles.tk, 1
+collectif-laicite-yallah.be, 1
+collectif85.com, 1
+collectifpinceoreilles.com, 1
+collectionru.com, 1
+collective-incubator.de, 1
+collectivedg.com, 1
+collectiverecyclers.com, 1
+collectivesupply.com, 1
+collector.cf, 1
+collectorknives.net, 1
+collectorscorner.com, 1
+collectorsystems.com, 1
+college-chagall.tk, 1
+collegeeducation.ml, 1
+collegegirlhd.com, 1
+collegeinlouisiana.com, 1
+collegeinoklahoma.com, 1
+collegeinoregon.com, 1
+collegeinpennsylvania.com, 1
+collegematchmaking.org, 1
+collegemate.eu, 1
+collegemoccassin.com, 1
+collegenavigator.gov, 1
+collegepaperworld.com, 1
+collegephysicsanswers.com, 1
+collegeprospectsofcentralindiana.com, 1
+collegereligionandphilosophy.com, 1
+collegesecretary.cn, 1
+collegesecretary.com, 1
+collegesexvid.com, 1
+collegesidekick.com, 1
+collegesrit.tk, 1
+collegestationhomes.com, 1
+collegetimes.co, 1
+collegetownstudios.tk, 1
+collepietra.it, 1
+collerosso.com, 1
+collettando.it, 1
+colley.tk, 1
+collezione.it, 1
+collideascope.co, 1
+collierlunaire.fr, 1
+colliervotes.gov, 1
+collin.xyz, 1
+collinel-hossari.com, 1
+collinelhossari.com, 1
+collinklippel.com, 0
+collinlove.ca, 1
+collinlove.ch, 1
+collinlove.co.uk, 1
+collinlove.com, 1
+collinlove.de, 1
+collinlove.net, 1
+collinlove.nl, 1
+collinlove.org, 1
+collinlove.se, 1
+collinlove.uk, 1
+collinlove.us, 1
+collinlove.xyz, 1
+collinmbarrett.com, 1
+collins.kg, 1
+collins4mayor.co.nz, 1
+collins4mayor.nz, 1
+collins4mayor.org, 1
+collins4mayor.org.nz, 1
+collinsdictionary.com, 1
+collinssquare.com.au, 1
+collinssquarecatering.com.au, 1
+collinswyatt.com, 1
+collobrieres.restaurant, 1
+colloquio.tk, 1
+colloquy.mobi, 1
+colmena.biz, 1
+colo-tech.com, 1
+colocolochile.tk, 1
+coloffmedia.com, 1
+cololi.moe, 1
+colombiajobstoday.com, 1
+colombian.cam, 1
+colombianas.webcam, 1
+colombianbride.net, 1
+colombyinai.ga, 1
+coloniae.de, 1
+colonialbeachva.gov, 1
+colonialfilings.com, 1
+colonialfurniturestripping.com, 1
+colonize.africa, 1
+coloquiocentrooeste.mat.br, 1
+color-mixer.tk, 1
+color01.net, 1
+colorado-locksmith.com, 1
+coloradobluebook.gov, 1
+coloradochildrep.gov, 1
+coloradoer.tk, 1
+coloradofamli.gov, 1
+coloradolottery.com, 1
+coloradorangers.gov, 1
+coloradoseodesign.com, 1
+coloradosos.gov, 1
+colorblindfilms.com, 1
+colorblindprogramming.com, 1
+colorcodedlyrics.com, 1
+colorcomm.com, 1
+colorfularchive.eu.org, 1
+colorfulcloud.eu.org, 1
+colorfuldots.com, 0
+colorfulworld.ru, 1
+colorguni.com, 1
+colorhexa.com, 1
+colorideas.net, 1
+coloristcafe.com, 1
+colorjungle.co.za, 1
+colorlib.com, 0
+colorline.com.br, 1
+colorpalette.org, 1
+colorpicker.fr, 1
+colorsbycarin.com, 1
+colortronic.tk, 1
+colorunhas.com.br, 1
+colorwow.cf, 1
+colorwow.ga, 1
+colossean.com, 1
+colosseumticket.cz, 1
+colostral.com, 1
+colotimes.com, 1
+colourblast.com.au, 1
+colourfulcastles.co.uk, 1
+colourmanagementpro.com, 1
+colourmeren.com, 1
+colourtohtml.tk, 1
+colpatriaws.azurewebsites.net, 1
+colposcopy.com.sg, 1
+colquittcountyga.gov, 1
+colquittga.gov, 1
+colson-occasions.be, 0
+coltellisurvival.com, 1
+coltonrb.com, 1
+columbiacountyor.gov, 1
+columbiacountywi.gov, 1
+columbiail.gov, 1
+columbialawreview.org, 1
+columbiamemorialhealth.org, 1
+columbiamspd.gov, 1
+columbiaproemergencymovers.com, 1
+columbiascaffolding.com, 1
+columbiathreadneedle.com, 1
+columbiatwpmi.gov, 1
+columbuscoffeefest.com, 1
+columbushydroxide.com, 1
+columbushydroxide.net, 1
+columbushydroxide.org, 1
+columbusks.gov, 1
+columbustelegram.com, 1
+columbusunderground.com, 1
+columbuswi.gov, 1
+colwichks.gov, 1
+colwyn.me, 1
+colwynfm.com, 1
+colyakoomusic.com, 1
+com-b.vn, 1
+com-news.io, 1
+com-tic.africa, 1
+com.cc, 1
+com.com.tr, 1
+com.fo, 1
+com4.no, 0
+comactor.com, 1
+comactor.fr, 1
+comagexinvoice.com, 1
+comalia.com, 1
+comanchecountyks.gov, 1
+comanchenationpolice.gov, 1
+comanchetexas.gov, 1
+comaporter.com, 1
+comarcadelaranda.tk, 1
+comarch.com, 1
+comarch.es, 1
+comarch.pl, 1
+comarch.ru, 1
+comarkinstruments.cloud, 1
+comarkinstruments.net, 1
+comasystem.dk, 1
+combatix.io, 1
+combattrecellulite.com, 1
+combidarlehen.de, 1
+combigo.com, 1
+combineconquer.com, 1
+combloux.com, 1
+combos-2020.tk, 1
+combron.be, 1
+combron.co.uk, 1
+combron.com, 1
+combron.nl, 1
+combustion.tk, 1
+comcenter.com, 1
+comchezmeme.com, 1
+comcol.nl, 1
+comdirect.de, 1
+comdmedias.fr, 1
+comdotgame.com, 1
+comdurav.com, 1
+come.ga, 1
+come2cook.com, 1
+comealong.org, 1
+comeals.com, 1
+comebookmark.cf, 1
+comebookmark.ga, 1
+comebookmark.ml, 1
+comedimagrire.it, 1
+comedonchisciotte.org, 1
+comedy.co.uk, 1
+comedyhuis.nl, 1
+comedyillusions.com, 1
+comedykellner-spasskellner.de, 1
+comefareper.online, 1
+comelibro.org, 1
+comenc.ddns.net, 1
+comengpt.com, 1
+comenityremediation.com, 1
+comeoishii.com, 1
+comeoneileen.tk, 1
+comeratope.com, 1
+comercialcolombia.tk, 1
+comercialmattos.com, 1
+comercialroxana.com, 1
+comercialtrading.eu, 1
+comeros.be, 1
+comestoarra.com, 1
+comet-pct.com, 1
+comet-xray.com, 1
+comet.eu.org, 1
+comet.tech, 1
+cometbot.cf, 1
+cometcache.com, 1
+comete-electricite.fr, 1
+cometer.co, 1
+cometer.io, 1
+cometonovascotia.ca, 1
+comevius.com, 1
+comevius.org, 1
+comevius.xyz, 1
+comfandivirtual.com.co, 1
+comff.net, 1
+comfintouch.com, 0
+comfis.nl, 1
+comfitsweets.co.uk, 1
+comflores.com.br, 1
+comfortablelife.tk, 1
+comfortsolutionsair.com, 1
+comfriesland.tk, 1
+comfun.net, 1
+comfuzztible.tk, 1
+comfy-court.com, 1
+comfy.cafe, 0
+comfyliving.net, 1
+comhack.com, 1
+comical.ml, 1
+comicbooktreasury.com, 1
+comicborgs.com, 1
+comiccrusaders.com, 1
+comicsans.tk, 0
+comicsanshouse.ddns.net, 1
+comicslate.org, 1
+comicspornos.com, 1
+comicspornow.com, 1
+comicspornoxxx.com, 1
+comicsymanga.com, 0
+comicwiki.dk, 1
+comidasaludablehoy.com, 1
+comidasperuanas.net, 0
+comidina.com, 1
+comingto.icu, 1
+comiq.io, 1
+comistar.ee, 1
+comita.ru, 1
+comita.su, 1
+comite-des-fetes-neuville.com, 1
+comitedal974.re, 1
+comiteexpertes.gc.ca, 1
+comitesaustria.at, 0
+comlipa.gq, 1
+comm-works.com, 1
+comm.cx, 1
+commagere.com, 1
+command53.fr, 1
+commandeleven.com, 1
+commander-seo.com, 1
+commanderone.net, 1
+commanderx.cf, 1
+commanderx.ml, 1
+commanderx.tk, 1
+commania.co.kr, 1
+commbox.io, 1
+commboxtest.com, 1
+commco.nl, 1
+commencepayments.com, 1
+commentgagnerdelargentsurlenet.com, 1
+commentjaichangedevie.fr, 1
+comments.app, 1
+commentutiliser.com, 1
+commerce.gov, 1
+commercega.gov, 1
+commercegurus.com, 1
+commercepartnerhub.com, 1
+commercetwpmi.gov, 1
+commercia.srl, 1
+commercial.lviv.ua, 1
+commercialfinancepartners.com, 1
+commercialfundinggroupllc.us, 1
+commercialstainless.com, 1
+commercialzone.cf, 1
+commercialzone.ga, 1
+commercialzone.ml, 1
+commeunamour.com, 1
+commeunefleche.com, 1
+commfortchat.tk, 1
+commhealthcollab.com, 1
+commissaris-vraagbaak.nl, 1
+commissionagenda.com, 1
+commissionaires.ca, 1
+commissioner.tk, 1
+commitsandrebases.com, 1
+commlabindia.com, 0
+commloan.com, 1
+commonapp.org, 1
+commoncode.com.au, 1
+commoncode.io, 0
+commoncog.com, 1
+commoncore4kids.com, 1
+commongoodit.com, 1
+commongrave.tk, 1
+commoninf.com, 1
+commons-mayflower.tk, 1
+commonsenseamericanpolitics.com, 1
+commonsensedivorce.ca, 0
+commonsenseinactie.nl, 1
+commonstock.com, 1
+commonsubdoc.com, 1
+commonsubdoc.io, 1
+commonvoice.tk, 1
+commonwarest.ga, 1
+commonwealthsl.com, 1
+communalconsulting.org, 1
+communebouteille.org, 1
+communi.biz, 1
+communic.tk, 1
+communicate2lead.com, 1
+communication-services.tk, 1
+communications-major.com, 1
+communiques.info, 1
+communiquons.org, 1
+communist-party.tk, 1
+community-pro.de, 1
+community-pro.net, 1
+community-services.cz, 0
+communityaligned.com, 1
+communitybangladesh.tk, 1
+communitybridgesaz.org, 1
+communitycodeofconduct.com, 1
+communitycollegereview.com, 1
+communitydirectory.tk, 1
+communitydriving.com, 1
+communityflow.info, 1
+communityfunded.com, 1
+communitylivingalgoma.org, 1
+communityparentsinc.com, 1
+communitypowernh.gov, 1
+communitypreventionpartnership.org, 1
+communote.net, 1
+commuty.net, 1
+commvnion.com, 1
+como-se-escribe.com, 1
+comoaliviareldolor.de, 1
+comocomprarumcarro.tk, 1
+comoculosdesol.pt, 1
+comodastore.com, 1
+comodio.com, 0
+comodo.nl, 1
+comodosslstore.com, 1
+comoentrenarperros.tk, 1
+comohacerblog.net, 1
+comohacerpara.com, 1
+comoimportar.net, 1
+comomoraremportugal.ga, 1
+comomurio.info, 1
+comoperdonar.tk, 1
+comoreconquistaroex.com, 1
+comorecuperaratumujerpdf.com, 1
+comosecarabarriga.com, 1
+comosediceesto.com, 1
+comoseduzir.net, 1
+comosefazisto.com.br, 1
+comosehace.online, 1
+comovenderpelowhatsapp.com.br, 1
+comoviajarcontumascota.com, 1
+comp4u.de, 1
+compact.pt, 1
+compactador-vendetta.tk, 1
+compagnidimerenda.tk, 1
+compagniecoupable.fr, 1
+compagniedesateliers.com, 1
+compagniedesvoyageurs.com, 1
+compagniemartin.com, 0
+compalliance.com, 1
+companion-web.net, 1
+company-bike.com, 1
+company-info-plugins.nl, 1
+companyaneksta.tk, 1
+companycam.com, 1
+companycleaninghome.com, 1
+comparai.com.br, 1
+comparatif-moto.fr, 1
+compare-energie.fr, 1
+compareairfaredeals.com, 1
+compareandrecycle.co.uk, 0
+compareceleb.com, 1
+compareer.com, 1
+compareleasedlines.co.uk, 1
+comparemymobile.com, 1
+comparendossimit.com, 0
+compareshow.com, 1
+comparesoft.com, 1
+comparetheproject.com, 1
+comparewatch.com, 1
+compareweddinginsurance.org.uk, 1
+comparexcloudcenter.com, 1
+comparic.pl, 1
+compartirtrenmesaave.com, 1
+compassbest.com, 1
+compassdirectportal.com, 1
+compassfinance.com, 1
+compassintladv.com, 1
+compassionandchoices.org, 0
+compassionate-biology.com, 1
+compasslos.com, 1
+compassregroup.com, 1
+compasstransport.nl, 1
+compdermcenter.com, 1
+compdev.ru, 1
+compelloid-staging-client-b2c.azurewebsites.net, 1
+compensadosbello.com.br, 1
+compeon.de, 1
+competencyassessment.ca, 1
+competis.cf, 1
+competitor.com, 1
+compeuphoria.com, 1
+compibus.fr, 1
+compilenix.org, 0
+complaint.tk, 1
+complang.se, 1
+complasplasticos.com.br, 1
+compleet.com, 1
+complete-concrete-concise.com, 1
+complete-privacy.tk, 1
+completeanon.tk, 1
+completecareair.com, 1
+completecase.com, 1
+completecomps.au, 1
+completecontrol.tk, 1
+completed.com, 1
+completehub.com, 1
+completeonlinepharmacy.com, 1
+completeprivacy.tk, 1
+completesecurityessex.co.uk, 1
+completesecurityessex.com, 1
+completewordsest.ga, 1
+complex-kaspiy.tk, 1
+complex-news.com, 1
+complex-organization.com, 1
+complexart.ro, 1
+complexcoral.ro, 1
+complexorganization.com, 1
+complexsystems.fail, 1
+compliance-risk.com, 1
+compliance-systeme.de, 1
+compliancebox.co, 1
+compliancedictionary.com, 1
+complianceinsight.ca, 1
+compliancerisksoftware.co.uk, 1
+complianz.io, 1
+compliment.cf, 1
+complt.xyz, 1
+complyadvantage.com, 1
+complycheck.co, 1
+componentcore.com, 1
+composersforum.org, 1
+composite-isfahan.ir, 1
+compositedevtec.tk, 1
+compostelle-bouddha.fr, 1
+compoundc.eu, 1
+compoundingrxusa.com, 1
+compra-deuna.com, 1
+compraapartamentomoema.com.br, 1
+comprachida.com, 1
+compraenpijama.com, 1
+comprafasil.com, 1
+comprajuguete.com, 1
+comprando.tk, 1
+compraporinternet.online, 1
+comprar.club, 1
+comprarefiereygana.com, 1
+comprarpapelhigienico.online, 1
+comprascuba.online, 1
+comprauncelular.com, 1
+comprax.nl, 1
+comprebrindes.com.br, 1
+compree.com, 1
+comprehensiveihc.com, 1
+compressor.io, 1
+comprising.de, 1
+comprofacil.es, 1
+compromis-promesse-vente.fr, 1
+compservice.in.ua, 1
+comptoir-hardware.com, 1
+comptoirducycle.com, 1
+comptonslespetitescroix.tk, 1
+comptrollerofthecurrency.gov, 1
+comptu.com, 1
+compu-ofertas.tk, 1
+compubench.com, 1
+compucastell.ch, 1
+compucorner.mx, 1
+compucorner.tk, 1
+compudoc.tk, 1
+compunet.biz, 1
+compunetics.com, 1
+compunetix.com, 1
+compusrit.tk, 1
+compustore.pe, 1
+compustuff.tk, 1
+computec.ch, 1
+computel.nl, 0
+computer-acquisti.com, 1
+computer-forensics-recruiter.com, 1
+computer-kleinmachnow.de, 1
+computer-menschen.de, 1
+computer-science-schools.com, 1
+computer-service-24.de, 1
+computer-service.ch, 1
+computer-world.pro, 1
+computer-worlds.tk, 1
+computer4me.tk, 1
+computeradvance.tk, 1
+computerbas.nl, 1
+computerbase.de, 1
+computerforum.tk, 1
+computerforums.net, 1
+computerhelpbutton.com, 1
+computerhilfe-feucht.de, 1
+computerinfobits.com, 1
+computerjet.ru, 1
+computernerd.es, 1
+computernetwerkwestland.nl, 1
+computernetwork.be, 1
+computerpackages.com, 1
+computerpoint.net, 1
+computerscience.guide, 1
+computersforlearning.gov, 1
+computersneversleep.art, 1
+computersoftware.tk, 1
+computersolutions.cn, 1
+computersystems.guru, 0
+computertechreviews.com, 1
+computerthings.net, 1
+computertips.tk, 1
+computerwerk.org, 1
+computexrio.com, 1
+computime.com, 1
+computing.land, 1
+computingaustralia.com.au, 1
+computingaustralia.group, 1
+computingessentials.tk, 1
+computingsociety.co.uk, 1
+computingwarehouse.com, 1
+computop.com, 1
+computron.ga, 1
+comquadro.com.br, 1
+comquestmed.com, 1
+comradesofmight.tk, 1
+comswp.com, 1
+comtex.com.au, 1
+comtois.hk, 1
+comumlab.org, 1
+comunal.co, 1
+comunate.com, 1
+comune.palermo.it, 1
+comunic.io, 1
+comunicat.global, 1
+comunicazionenellaristorazione.it, 1
+comunidadmontepinar.es, 1
+comunidadreparando.com, 1
+comunidadvegetariana.com, 1
+comuniondelucia.com, 1
+comunismo.tk, 1
+comunistas.tk, 1
+comunitas.com, 1
+comunitateonline.tk, 1
+comunityflashgame.cf, 1
+comvert.com, 1
+comw.cc, 1
+comwwwcomcom.com, 1
+comyuno.com, 0
+con-con.nl, 1
+con-vivencia.es, 1
+conall.io, 1
+conalpedis.tk, 1
+conbida.co, 1
+conbrio.tk, 1
+concealoutfitters.com, 1
+concellodoparamo.tk, 1
+concepcion-futbol-club.tk, 1
+concept-web.ch, 0
+concept4photography.com, 1
+concept5.co.il, 1
+conceptatelier.de, 1
+conceptec.de, 1
+conceptfontaines.fr, 1
+conceptfoundation.org, 1
+conceptground.com, 1
+conceptual.ga, 1
+concern.cloud, 1
+concert.ga, 1
+concertcrushers.ga, 1
+concertengine.com, 1
+concertparkingest.ga, 1
+concerts-metal.ch, 0
+concertsenboite.fr, 1
+concertsponent.tk, 1
+concertsto.com, 1
+conciencianimal.tk, 1
+concierge.diet, 1
+conciertoscolombia.tk, 1
+concilioderivendel.tk, 1
+conciliumnotaire.ca, 1
+conclave.gq, 1
+conclave.rocks, 1
+conclave.tk, 1
+conclude.ga, 1
+conclusion.nl, 0
+conclusive.co.za, 1
+concor.ne.jp, 1
+concord.sh, 1
+concordance.bible, 1
+concrefy.com, 1
+concretedreamsoftexas.com, 1
+concretehermit.com, 0
+concretemachines.be, 1
+concretepressurewashing.com, 1
+concreterepairatlanta.com, 1
+concreterepairconcreteleveling.com, 1
+concreterepairconcreteraising.com, 1
+concreteworksohio.com, 1
+concreteworksplus.com, 1
+concurseirosdeplantao.com.br, 1
+concursocultural.com.br, 0
+concursos.com.br, 1
+concursosabertos.com.br, 1
+concursuri.biz, 0
+condecom.com.br, 1
+condemnity.net, 1
+condenast.co.uk, 1
+condensacion.com, 1
+condignum.com, 1
+condit.cf, 1
+condit.gq, 1
+condit.ml, 1
+conditionyellowacademy.com, 1
+condizionatore.roma.it, 1
+condo.do, 1
+condolencemessages.net, 1
+condominiosi.it, 1
+condominioweb.com, 1
+condonescadistas.tk, 1
+condonline.app.br, 1
+condosforcash.com, 1
+condroz-motors.be, 0
+coneall.com, 1
+conectada.tk, 1
+conectadev.com, 1
+conectens.com, 1
+conectumfinanse.pl, 1
+conejicos.tk, 1
+conejovalleyelectrical.com, 1
+conejovalleyelectrician.com, 1
+conejovalleyexteriorlighting.com, 1
+conejovalleylandscapelighting.com, 1
+conejovalleylighting.com, 1
+conejovalleyoutdoorlighting.com, 1
+coneo.eu, 1
+coneser2gl.com, 1
+conesin.com, 1
+conews.ml, 1
+conexionok.com, 1
+conexiontransporte.com, 1
+conexionvegana.com, 1
+conexresearch.com, 1
+coney.tk, 1
+conf.tn, 1
+confer.ch, 1
+conference-expert.eu, 1
+conference.cafe, 1
+conference.dnsfor.me, 1
+conferencemanager.ch, 1
+conferencemanager.co.uk, 1
+conferencemanager.de, 1
+conferencemanager.dk, 1
+conferencemanager.es, 1
+conferencemanager.fr, 1
+conferencemanager.lt, 1
+conferencemanager.lv, 1
+conferencemanager.nl, 1
+conferencemanager.se, 1
+conferencemanager.uk, 1
+conferencemanager.us, 1
+conferencemanagerpro.com, 1
+conferencemonkey.org, 1
+conferenciaepiscopal.es, 1
+confettidogs.com, 1
+confianza.pe, 1
+confidentielsn.com, 1
+confidentliving.gq, 1
+confidentliving.tk, 1
+config.schokokeks.org, 1
+configcat.com, 1
+configpoint.group, 1
+configserverfirewall.com, 1
+configurat.cf, 1
+configurat.tk, 1
+configwizard.xyz, 1
+confio.gmbh, 0
+confio.pt, 1
+confirmit.ca, 1
+confirmit.com.au, 1
+confirmit.de, 1
+confiscate.ga, 1
+confiscation.tk, 1
+confiwall.de, 1
+conflictspecialist.com, 1
+conflidentliving.cf, 1
+confluent.cloud, 1
+conformat.com, 1
+conformax.com.br, 1
+conformist.jp, 1
+conformitykills.tk, 1
+confort-bebe.fr, 1
+confort-sante.com, 1
+conftree.com, 1
+confucio.cl, 1
+confused.com, 1
+confusion-band.ch, 1
+confygo.com, 1
+congafasdesol.com, 1
+congdongnhatviet.com, 0
+congelado.tk, 1
+congenio.com, 0
+congenio.de, 0
+congineer.com, 1
+congnghe.so, 1
+congoproject.tk, 1
+congregacionmitacol.org, 0
+congresistas-ap.tk, 1
+congresodermatologia2019.com, 1
+congressmankirk.com, 1
+congresso.tk, 1
+congye.com, 1
+coniectoinvestments.com, 1
+coniglione.tk, 1
+conju.cat, 0
+conjugacao.com.br, 1
+conjunctions.com, 1
+conjurer.tk, 1
+conjurosamarresytrabajosespirituales.com, 1
+conjurosyhechizosfuertes.com, 1
+conkret.ch, 1
+conkret.co.uk, 1
+conkret.eu, 1
+conkret.mobi, 1
+conmatic.tk, 1
+connect-ed.network, 1
+connect-me.com, 1
+connect.facebook.net, 1
+connect.gov, 1
+connect.net.pk, 1
+connecta.store, 1
+connectaimpianti.it, 1
+connectall.tk, 1
+connectavid.com, 1
+connectedbynexus.com, 1
+connectedinvestors.com, 1
+connectedmind.me, 1
+connectfss.com, 1
+connecticare.com, 1
+connecticutnet.tk, 1
+connectika.io, 1
+connectingrentals.com, 1
+connectingup.org, 1
+connection-sggz.nl, 1
+connectionplanet.nl, 1
+connectionstrings.com, 1
+connective.com.au, 1
+connectivia.it, 0
+connectivityparty.tk, 1
+connectmath.com, 1
+connectme.com.mx, 1
+connectmy.car, 1
+connectnow.nl, 1
+connecto.group, 1
+connectthedoc.com, 1
+connectto.com, 1
+connectum.eu, 1
+connectusa.com, 0
+connelink.fr, 1
+connell.co.nz, 1
+conner.work, 1
+conneropticals.ga, 1
+connexas.eu, 1
+connexio.digital, 1
+connext.de, 1
+connictro.de, 1
+connies-diner.de, 1
+conniesacademy.com, 1
+connor.nl, 1
+connorhatch.com, 1
+connorjc.io, 1
+connorlim.net, 1
+connornoddin.com, 1
+conntrack.com, 1
+connyandthecrazydogs.com, 1
+connyduck.art, 0
+connyduck.at, 1
+conocchialidasole.it, 1
+conocedordigital.com, 1
+conoha.vip, 1
+conorboyd.info, 1
+conorjwryan.com, 1
+conory.com, 1
+conotoxia.com, 1
+conova.com, 1
+conpins.nl, 1
+conpsy.ro, 1
+conpulpademanzana.es, 1
+conpunk.tk, 1
+conqi.net, 1
+conque.sk, 1
+conquistar30dias.com.br, 1
+conrad-kostecki.de, 1
+conrad.am, 1
+conradcartagena.com, 1
+conradkostecki.de, 1
+conradkroencke.com, 1
+conrads.it, 1
+conrail.blue, 1
+conrasd.tk, 1
+conrazon.me, 1
+cons.one, 1
+consagracionamariasantisima.org, 1
+conscia.com, 1
+consciente.ch, 1
+consciente.ngo, 1
+consciente.ong, 1
+conscientia.com.mx, 1
+consegnafioridomicilio.net, 1
+consegne.it, 1
+conseildesarts.ca, 1
+conseils-immo.fr, 1
+consejoescolardecanarias.org, 1
+conselljoventutillesbalears.org, 1
+consens.us.org, 1
+consensoprivacy.it, 1
+consertodeeletrodomesticosembh.com, 1
+conservadoraembh.com.br, 1
+conservaschato.com, 1
+conservationfreedivers.com, 1
+conservationgeography.com, 1
+conserviengenharia.com.br, 1
+consideratio.blog, 1
+consideratio.ch, 1
+consideratio.cloud, 1
+consideratio.de, 1
+consideratio.net, 1
+consideratio.shop, 1
+consideratio.tax, 1
+consiglidisalute.com, 1
+consilio.com, 1
+consilium-ifa.co.uk, 1
+consilium-vitae.ch, 1
+consiliumvitae.ch, 1
+consill.com, 1
+consoe.com, 1
+console.rest, 1
+consolemania.com, 1
+consoletech.tk, 1
+consoleuniverse.tk, 1
+consolezone.tk, 1
+consommation-locale.fr, 1
+consonare.de, 1
+consoom.soy, 1
+consorcionacionalideal.com.br, 1
+consortium.chat, 1
+consortiumhealthplans.com, 1
+consorzio.org, 1
+conspiracionweb.tk, 1
+conspiracy.gq, 1
+conspiracytheorypal.com, 1
+conssales.com, 1
+constablevilleny.gov, 1
+constant-rough.de, 1
+constant.ga, 1
+constantinocontabilidade.com, 1
+constantinschreiber.me, 1
+constcorrect.com, 1
+constellatio.com, 1
+constellationinternational.ml, 1
+constellations.ga, 1
+constern.de, 1
+consteval.org, 1
+constexpr.org, 1
+constinit.org, 1
+constipationrecords.tk, 1
+constitution.website, 0
+construccionesceyve.com, 1
+construct.net, 1
+constructexpres.ro, 1
+construction-colleges.com, 1
+construction-digitale.fr, 0
+construction-group.ga, 1
+constructionstudent.uk, 1
+constructive.men, 1
+constructoraisaba.com, 1
+construguia.co, 1
+construred.tk, 1
+construyetuempresa.com, 1
+consul-coton.ru, 1
+consul-novocherkassk.ml, 1
+consul.io, 0
+consuldat.com, 1
+consulenteambientale.it, 1
+consulentedellavoro.it, 1
+consulenza.pro, 1
+consulplan.net, 1
+consult-altius.co.uk, 1
+consultadepsicoterapia.com, 1
+consultancyistanbul.com, 1
+consultation.ai, 1
+consultation.biz.tr, 1
+consultaveiculopelaplaca.com.br, 1
+consultcelerity.com, 1
+consultimator.com, 1
+consultimedia.de, 1
+consulting-brokerage.tk, 1
+consultinghero.es, 1
+consultinghouse.tk, 1
+consultinghousenet.tk, 1
+consultingnurseest.ga, 1
+consultor.marketing, 1
+consultoresrey.cl, 1
+consultoriadeseguranca.com.br, 1
+consultoriadigital.pt, 1
+consultoriosodontologicos.com.br, 1
+consultorseobr.com.br, 1
+consultpetkov.com, 1
+consultum.com, 1
+consulvation.com, 1
+consumer.ee, 1
+consumer.gov, 1
+consumer.gov.au, 1
+consumer.gq, 1
+consumer.org.nz, 1
+consumeraction.gov, 1
+consumerattorneys.com, 1
+consumerbureau.gov, 1
+consumerdatastandards.gov.au, 1
+consumerfiles.com, 1
+consumerfinance.gov, 1
+consumerfinancial.gov, 1
+consumerfinancialprotectionbureau.gov, 1
+consumerindex.ga, 1
+consumerlaw.gov.au, 1
+consumerprotectionbureau.gov, 1
+consumersentinel.gov, 1
+consumertesting.com, 1
+consumidor.gov, 1
+consumptionjunction.com, 1
+consuwijzer.nl, 1
+consyltec.de, 1
+contabilidadebhpampulha.com.br, 1
+contabilidadebrooklin.com.br, 1
+contact-checker.tk, 1
+contact.inc, 1
+contact.xyz, 1
+contactaffix.com, 1
+contactangle.com, 1
+contactbadger.com, 1
+contactelus88.fr, 1
+contactmcr.com, 0
+contactsrl.it, 1
+contadorespublicos.co, 1
+contagiousaf.com, 1
+contailor.de, 1
+contaminatie.nl, 1
+contango.xyz, 1
+contato.vip, 1
+contemplativeeducation.org, 1
+contemptevoke.com, 1
+contenedoresdereciclaje.online, 1
+contenized.com, 0
+contentcreatorsource.com, 1
+contentmarathon.com, 1
+contentq.nl, 1
+contents.ga, 1
+contermis.com, 1
+contessa32experience.com, 0
+contestreviewest.ga, 1
+contextolog.cf, 1
+conti-profitlink.co.uk, 1
+continental-landscapes.co.uk, 1
+continuernom.tk, 1
+continuousinksupplysystem.com.au, 1
+continuum.memorial, 0
+continuumdesign.net, 1
+continuumm-tech.com, 1
+contiprint.com.ec, 0
+contortion.tk, 1
+contos.cz, 1
+contotudo.online, 1
+contrabass.net, 1
+contracostacr.gov, 1
+contracostacre.gov, 1
+contracostavote.gov, 1
+contractalerters.ga, 1
+contractdigital.co.uk, 0
+contractdirectory.gov, 1
+contractormountain.com, 1
+contractorswestga.com, 1
+contractstore.com, 1
+contractwriters.com, 1
+contrafactos.tk, 1
+contralaespeculacioninmobiliaria.tk, 1
+contralegem.it, 1
+contrarianoutlook.com, 1
+contrarreforma.tk, 1
+contraspin.co.nz, 1
+contrastchecker.online, 1
+contrastecolombia.com, 1
+contrastly.com, 1
+contrastsecurity.com, 1
+contratderatisation.com, 1
+contratti.it, 1
+contrebande-metz.fr, 1
+contreraslandscaping.com, 1
+contributopia.org, 1
+contributor.google.com, 1
+contro.cf, 1
+contro.ga, 1
+contro.gq, 1
+contro.ml, 1
+contro.tk, 1
+controlautocom.com.br, 1
+controlbooth.com, 1
+controle-exportations.fr, 1
+controle-technique-ales.fr, 1
+controleer-maar-een-ander.nl, 1
+controleert.nl, 1
+controlewiki.be, 1
+controlit.eu, 1
+controllertech.com, 1
+controlpad.com, 1
+controlshiftlabs.com, 1
+controlsystemscanada.com, 1
+controltvpodcast.tk, 1
+controlup.com, 1
+controlvisitas.com.mx, 1
+controsoffitti.milano.it, 1
+controversialrisks.com, 1
+controversialrisks.se, 1
+contucara.tk, 1
+contuestilo.tk, 1
+contunda.de, 0
+conv2pdf.com, 1
+convecteurs.net, 1
+convent-mensing.de, 1
+convention-nationale-nantes2023.fr, 1
+convergence.fi, 1
+convergencela.com, 1
+convergent.tn, 1
+convergnce.com, 1
+conversationexchange.com, 1
+conversatis.cf, 1
+conversechucktaylor.us, 1
+converser.tk, 1
+conversionsciences.com, 1
+convert.im, 1
+convert.io, 1
+convert2sql.com, 1
+converter.ml, 1
+convertire-documenti.it, 1
+convertkit.com, 1
+convertr.io, 1
+conveyance.pro, 1
+convicted-driver-insurance.com, 1
+conviction.org.uk, 1
+convierteenabudancia.com, 1
+convocatoriafundacionpepsicomexico.org, 0
+convoluted.solutions, 1
+convoyin.com, 1
+conwaymedicalcenter.com, 1
+conwaymi.gov, 1
+conwaypdnh.gov, 1
+conwayregional.org, 0
+conwaysc.gov, 1
+conxcon.de, 1
+cooalliance.com, 1
+coochiehacks.io, 1
+coocook.org, 1
+cooferro.tk, 1
+cooink.net, 0
+cook-maestro.com, 1
+cook.gg, 1
+cookcountyclerkil.gov, 1
+cookcountysheriffil.gov, 1
+cookescastles.co.uk, 1
+cookgem.com, 1
+cookicons.co, 1
+cookie-directive.cf, 1
+cookie4.com, 1
+cookieandkate.com, 1
+cookiecorner.com, 1
+cookiecrook.com, 1
+cookiedatabase.org, 1
+cookielaw.org, 1
+cookiepedia.co.uk, 1
+cookiepro.com, 1
+cookiesmoquirida.com.br, 1
+cookiesoft.de, 1
+cookiestudies.cf, 1
+cooking-food.cf, 1
+cookingandme.com, 1
+cookingaround.town, 1
+cookingbooks.es, 1
+cookingcrusade.com, 1
+cookingiseasy.tk, 1
+cookingperfected.com, 1
+cookingperformancegroup.com, 1
+cookingreporter.com, 1
+cookinsumos.com, 1
+cooko.at, 1
+cooks.house, 1
+cooksite.tk, 1
+cooktoprepairaustin.com, 1
+cookwithmanali.com, 1
+cool-parties.co.uk, 1
+cool-wallpapers.jp, 1
+cool110.tk, 1
+cool110.xyz, 1
+coolabaroo.com.au, 1
+coolagent-dokumenty.cz, 1
+coolansplanet.com, 1
+coolattractions.co.uk, 1
+coolblockschool.org, 1
+coolboys.ga, 1
+coolcamping.com, 1
+coolcloud.tk, 1
+coolcomputers.info, 1
+cooldan.com, 1
+cooldomains.tk, 1
+cooldown.club, 1
+coole-fete.de, 1
+coolefehler.de, 1
+coolerssr.space, 1
+coolexpo.com, 1
+coolfilm.cf, 1
+coolgeography.co.uk, 1
+coolgifs.de, 1
+coolink.pub, 1
+cooljs.me, 1
+cooljv.com, 1
+coolkidsbouncycastles.co.uk, 1
+coolleader.com, 1
+coolmaterial.com, 1
+coolmath.cf, 1
+coolpi.nl, 1
+coolplaces.co.uk, 1
+coolplus.com, 1
+coolprylar.se, 1
+cools.tech, 1
+coolsculptingmanhattanbeach.com, 1
+coolshirt.tk, 1
+coolsochi.ru, 1
+coolsoftware.tk, 1
+coolspeak.com, 1
+cooltang.ooo, 1
+coolutils.com, 1
+coolvox.com, 1
+coolweirdfacts.ga, 1
+coombsinc.com, 1
+coomonte.tk, 1
+coonelnel.net, 1
+coonlink.fun, 1
+coop-land.ru, 1
+coop.com.py, 1
+coopal.jp, 1
+coopcoa.pt, 1
+coopemep.live, 0
+cooperativecogohio.gov, 1
+coopercity.gov, 1
+coopercityfl.gov, 1
+coopermais.tk, 1
+coor.info, 1
+coordonnees-gps.fr, 1
+coore.jp, 1
+coorpacademy.com, 1
+coosbayor.gov, 1
+cooznacza.pl, 1
+copa.cf, 1
+copabarena.tk, 1
+copacabanafc.tk, 1
+copadata.be, 1
+copasulassessoria.com.br, 1
+copdfoundation.org, 1
+copdrop.ga, 1
+cope.finance, 1
+copedeportes.tk, 1
+cophumouraustralia.com, 1
+copiermarket.com, 1
+copiisiparinti.ro, 1
+copilotgps.com, 1
+copilotpro.com, 1
+copper.co, 1
+copperart.ca, 1
+copperexports.tk, 1
+copperheados.com, 1
+copperlantern.tk, 1
+coppermein.co.za, 1
+coppermine-kickers.tk, 1
+copperplate.tk, 1
+coppidesentupidora.com.br, 1
+coprotag.com, 1
+coprotag.fr, 1
+coptkm.cz, 1
+copurhoca.com, 1
+copybysophie.com.au, 1
+copycats.tk, 1
+copycaught.co, 1
+copycaught.xyz, 1
+copycenter.cf, 1
+copycrafter.net, 1
+copyfast.cf, 1
+copygeneral.pl, 1
+copyhandler.com, 1
+copymundo.cr, 1
+copypoison.com, 1
+copyright-watch.org, 1
+copyright.gov, 1
+copyrightclaimsboard.gov, 1
+copyrightcoins.com, 1
+copyrightcoins.help, 1
+copyrighted.com, 0
+copyrighter.tk, 1
+copyrightforabout.tk, 1
+copyrightservice.co.uk, 1
+copyshrug.ca, 1
+copysyncest.ga, 1
+copytext.ml, 1
+copywriting-on-demand.tk, 1
+coral-study.eu, 1
+coral.tech, 1
+coralenergy.gr, 1
+coralpress.com, 1
+coralreef.blue, 1
+coralreef.tk, 1
+coralsprings.gov, 1
+coralspringsfl.gov, 1
+coramdeoclassical.com, 1
+corarain.me, 1
+coratxa.tk, 1
+corazoncaliente.tk, 1
+corazondemelon.es, 1
+corbax.com, 1
+corbettparadise.com, 1
+corbi.net.au, 1
+corbuloacademyofmilitaryscience.com, 1
+corbusier.gq, 1
+corcoranmn.gov, 1
+cord-blood.tk, 1
+cordalife.com, 1
+cordeirosolutions.ga, 1
+cordejong.nl, 0
+cordelia.tk, 1
+cordemar.info, 1
+corder.tech, 1
+corderosa.tk, 1
+corderoscleaning.com, 0
+cordeydesign.ch, 0
+cordis.io, 1
+cordlessdog.com, 1
+corduroyproducts-velvetjackets.tk, 1
+core-concepts.de, 0
+core-networks.de, 1
+core.md, 1
+core.mx, 1
+core.org.pt, 1
+core300.org, 1
+core3k.biz, 1
+core3k.com, 1
+core3k.info, 1
+core3k.mobi, 1
+core3k.net, 1
+core3k.org, 1
+core3k.us, 1
+coreapm.com, 1
+coreapm.org, 1
+corebit.nl, 1
+corecdn.org, 1
+corecore.com, 1
+cored.al, 1
+coredna.com, 1
+coredns.rocks, 1
+coredrive.com, 1
+coredroid.com, 1
+corefy.com, 1
+coreg.tk, 1
+corehealthberks.com, 1
+corehealthcare.com.au, 1
+corelationinc.com, 1
+coreless-initiative.net, 1
+coreless-stretchfilm.com, 1
+coremcnetwork.ml, 1
+coremedia.co.id, 1
+coremicro.com, 1
+coremove.tk, 1
+corentin-et-rosalie.fr, 1
+corepacks.tk, 1
+corepartners.com.ua, 1
+corephysicians.org, 1
+corerad.net, 1
+corescientific.com, 1
+coresos.com, 1
+corestack.io, 1
+coresystems.hu, 1
+coretechnology.ie, 1
+coretema.eu, 1
+coreum.ca, 1
+coreup.de, 1
+corevetconnect.co.uk, 1
+corexpert.com, 1
+coreyjmahler.com, 1
+coreylmartin.com, 1
+corfuny.gov, 1
+corgal.com, 1
+corgi.party, 1
+corgiaspets.com, 1
+corgiclub.art, 1
+corgspace.com, 1
+corhellemons.tk, 1
+cori.tk, 1
+coribi.com, 1
+corima.it, 1
+corinastefan.ro, 1
+corinnanese.de, 1
+corinsamsterdam.com, 1
+corintech.net, 1
+corinthfilms.com, 1
+corisu.co, 1
+corkcityfc.tk, 1
+corkedwinebar.com, 1
+corky.tk, 1
+corleoncatering.com, 1
+corlija.com, 1
+corlinde.nl, 1
+cormed-heverlee.tk, 1
+corn.az, 1
+cornday.org, 1
+cornel1801.com, 1
+cornelia-kaufmann.tk, 1
+corner-cabinets.tk, 1
+corner-marburg.de, 1
+corneranimal.com, 1
+cornercafe.tk, 1
+cornercircle.co.uk, 1
+cornergarage.coop, 0
+cornerperk.com, 1
+cornerstone.network, 1
+cornerstone.photography, 1
+cornerstone.rocks, 1
+cornerstoneefree.org, 1
+cornerstonefoundationrepairllc.com, 1
+cornerstonenorthwest.com, 1
+cornertoyshop.ga, 1
+corniche.com, 1
+corningcu.org, 1
+cornips.nl, 1
+cornitek.tk, 1
+cornmachine.com, 1
+cornodo.com, 1
+cornut.fr, 1
+cornwallct.gov, 1
+cornwallda.co.uk, 1
+coroas10.tk, 1
+coroimagen.tk, 1
+corona-data.eu, 1
+corona-renderer.cloud, 1
+corona-renderer.com, 1
+corona-stats.online, 0
+coronacheck.nl, 1
+coronasafe.network, 1
+coronastationphotography.com, 1
+coronavaccinatiedatum.nl, 1
+coronavirus-19.es, 1
+coronavirus-journal.fr, 1
+coronavirus.de, 1
+coronavirus.gov, 1
+coronavirusfortbend.gov, 1
+coronavirustesting.gov, 1
+coronersconnect.co.uk, 1
+cororocierodebelen.tk, 1
+corovan.com, 1
+corp.goog, 1
+corpfin.net, 1
+corpheuss.ga, 1
+corpio.nl, 1
+corplex.com, 1
+corpoflow.nl, 1
+corpomotriztokio.com, 1
+corpora.ga, 1
+corpora.tk, 1
+corporate-advisory.com, 1
+corporate-electric.ky, 1
+corporateclash.net, 1
+corporatecompany.cz, 1
+corporatecomputingsolutions.com, 1
+corporategift.com, 1
+corporatehitech.com.au, 1
+corporateinbound.com, 1
+corporatevisions.com, 1
+corporativoarval.info, 1
+corposeditora.tk, 1
+corpsepaint.life, 1
+corpulant.coffee, 1
+corpulantcoffee.com, 1
+corpulent.coffee, 1
+corpulentcoffee.com, 1
+corpuschristisouthriver.org, 1
+corpuschristitx.gov, 1
+corpusslayer.com, 1
+corrales-sanchez.tk, 1
+correct.cf, 1
+correctconstructions.com.au, 1
+correcthorse.cf, 1
+correcthorse.pw, 1
+correctionalofficer.org, 1
+correctionalofficeredu.org, 1
+correctiv.org, 1
+correctlydesign.com, 1
+corrector.com.ua, 1
+corredorampr.com, 1
+correo-e.mx, 1
+correo.club, 1
+correotemporal.org, 1
+correspond.gq, 1
+correspondent.ga, 1
+corrick.io, 1
+corride.at, 1
+corridorsands.com.au, 1
+corriere.roma.it, 1
+corrieresalentino.it, 1
+corrigan.xyz, 1
+corrupt-republicans.com, 1
+corruptcatz.com, 1
+corruptos.tk, 1
+cors-proxy.cf, 1
+corsa-b.uk, 1
+corsac.nl, 1
+corsectra.com, 1
+corsepro.com, 1
+corservsolutions.com, 1
+corsetacademy.tk, 1
+corsi.tk, 1
+corsica.ovh, 1
+corsicalaw.com, 1
+corsicanatx.gov, 1
+corsihaccpsicurezzalavoro.it, 1
+corsisicurezza.it, 1
+corso.cf, 1
+corsohaccp.roma.it, 1
+corsorspp.roma.it, 1
+cortadoradeplasma.online, 1
+cortadorplasma.com, 1
+cortapelos.site, 1
+corte.tk, 1
+cortealcastello.it, 1
+cortege.cf, 1
+cortemadera.gov, 1
+cortep.fr, 1
+cortestesisat.net, 1
+cortex-development.de, 1
+cortezco.gov, 1
+cortezsanitation.gov, 1
+corthouts.pl, 1
+cortino.ga, 1
+cortis-consulting.ch, 1
+cortizo.com.ar, 1
+cortizocampillo.com.mx, 1
+cortlandcountyny.gov, 1
+cortlandreview.com, 1
+cortlandvoice.com, 1
+cortonaeranieri.com.br, 1
+corum.fr, 1
+corus-xuam.eu, 1
+corus.lt, 1
+corvaglia.com, 1
+corvax.kiev.ua, 1
+corvetto.tk, 1
+corvus.eu.org, 1
+corvuscorax.info, 1
+corvuscorax.xyz, 1
+coryadum.com, 1
+coryellcountytx.gov, 1
+corykoz.com, 1
+coryluba.com, 1
+corytennison.net, 1
+cos.rent, 1
+cosasnuevas.tk, 1
+cosasque.com, 1
+cosavederein1giorno.it, 1
+cosavederein5giorni.it, 1
+cosec.cn, 0
+coshima.cf, 1
+coshima.ga, 1
+coshima.gq, 1
+coshima.tk, 1
+cosirex.com, 1
+coskun.tk, 1
+coslinker.com, 0
+cosmasiakraft.tk, 1
+cosmeagardens.com, 1
+cosmekaitori.jp, 0
+cosmetic-surgery-prices.co.uk, 1
+cosmeticasimple.com, 1
+cosmeticenter.com.br, 1
+cosmeticosdelivery.com.br, 1
+cosmeticosfuerth.de, 1
+cosmeticosnet.com.br, 1
+cosmeticosprofissionais.com.br, 1
+cosmeticsurgeon.ga, 1
+cosmetify.com, 1
+cosmetiq.tk, 1
+cosmetix-ndsf.fr, 1
+cosmiatria.pe, 1
+cosmic-relations.co.jp, 1
+cosmic-service.com, 1
+cosmicdrifters.com, 1
+cosmichpc.com, 1
+cosmichpc.systems, 1
+cosmick9.net, 1
+cosmicnetworks.cf, 1
+cosmictourist.de, 1
+cosmicworlds.mobi, 1
+cosmocode.de, 1
+cosmodacollection.com, 1
+cosmohit.ua, 1
+cosmohost.info, 0
+cosmohosting.site, 1
+cosmoiler.com, 1
+cosmonaut.tk, 1
+cosmos-indirekt.de, 1
+cosmos-ink.net, 1
+cosmos-software.tk, 1
+cosmoschaos.net, 1
+cosmosdogbakery.com, 1
+cosmosearch-azerbaijan.tk, 1
+cosmosenalerta.tk, 1
+cosmosmkt.com.mx, 1
+cosmoz.ga, 1
+cosms.com, 1
+cosmundi.de, 1
+cosmv.org, 1
+cosni.co, 1
+cosos.gov, 1
+cosplayer.com, 1
+cospol.ch, 0
+cosset.com.tw, 1
+costa-ballena.tk, 1
+costablancavoorjou.com, 1
+costalinux.tk, 1
+costarellos.com, 1
+costaricanvillas.com, 1
+costazulinmobiliaria.com, 1
+costco.co.jp, 1
+costco.co.kr, 1
+costco.co.nz, 1
+costco.co.uk, 1
+costco.com.au, 1
+costco.com.mx, 1
+costco.com.tw, 1
+costco.is, 1
+costcoinsider.com, 1
+costel.tk, 1
+costelino.tk, 1
+costellofc.co.uk, 0
+costflow.ga, 1
+costi.cf, 1
+costi.eu, 1
+costinesti.tk, 1
+costoflipitor.gq, 1
+costplusdrugs.com, 1
+costravel.ru, 1
+costreportdata.com, 0
+costruzioni.milano.it, 1
+costum-for-men.tk, 1
+costumestylesers.ga, 1
+costurin.com, 1
+cosude.org.pe, 1
+cosumnescsd.gov, 1
+cosuno.com, 1
+cosy-interior.com, 1
+cosyden.tk, 1
+cotak.gov, 1
+cotandoseguro.com, 1
+coteax.com, 1
+coteax.nl, 1
+cotehy.com, 1
+cotejardin.gent, 1
+cotennis.net, 1
+coteouestmedia.com, 1
+coth.ml, 1
+cothurnes.fr, 1
+cotofoto.tk, 1
+coton.tk, 1
+cotonni.tk, 1
+cotrugli.social, 1
+cotsworth.com, 1
+cotta.dk, 1
+cottagegroveor.gov, 1
+cottagelife.com, 1
+cottier-angeli.swiss, 1
+cottonage.tk, 1
+cottonwoodcountymn.gov, 1
+cottonwoodimprovement.gov, 1
+cotwe-ge.ch, 0
+coubron-escrime.fr, 1
+couchidiomas.com, 1
+couchscreen.de, 1
+cougar-bordeaux.fr, 1
+cougargrades.io, 1
+cougarlyon.fr, 1
+coughlan.de, 1
+could.jp, 1
+couleur-lavande.com, 1
+couleursorgue.tk, 1
+coun.be, 1
+counseling4students.com, 1
+counselingforstudents.com, 1
+counsellingtime.co.uk, 1
+counsellingtime.com, 1
+counsellink.net, 1
+counstellor.com, 0
+counter-strike.net.cn, 1
+countercloud.com, 1
+counterenlol.com, 1
+counterespionage.com, 1
+countermats.net, 1
+countermentors.com, 1
+counterstrikeonline.org, 1
+countertopapothecary.com, 1
+countertrade.com, 0
+countexact.com, 1
+countingdues.com, 1
+countingup.com, 1
+countrify.net, 1
+country-candles.co.uk, 1
+country-creativ.de, 1
+country-dancers.tk, 1
+country-games.tk, 1
+country-house.ga, 1
+country-muziek.nl, 1
+countrybrewer.com.au, 1
+countrylife.cz, 1
+countrymountaininn.com, 1
+countryoutlaws.ca, 1
+countrysaloon.tk, 1
+countryshopradio.tk, 1
+countrysidebar.tk, 1
+countrysidemarquees.co.uk, 1
+countrysmile.org, 0
+county10.com, 1
+countybankdel.com, 1
+countyjailinmatesearch.com, 1
+countyofbarton.gov, 1
+countyofkingsca.gov, 1
+countyofmonterey.gov, 1
+countyofmontereyca.gov, 1
+coup-dun-soir.ch, 1
+coupa.com, 1
+coupedevils.tk, 1
+coupestanley.com, 1
+couplay.org, 1
+couplesapp.co, 1
+couponarea.com, 1
+couponava.com, 1
+couponchief.com, 0
+couponcodefind.com, 1
+couponcodesme.com, 1
+couponfollow.co.uk, 1
+couponsale.tk, 1
+couponzil.com, 1
+cour4g3.me, 1
+courage-sachsen.org, 1
+courage.cf, 1
+courageoushumanity.click, 1
+couraqe.tk, 1
+courier.lk, 1
+couriergrey.com, 1
+couriersrs.com, 1
+couriertrackers.com, 1
+coursables.com, 1
+coursdejaponais.com, 1
+course5i.com, 0
+courseconfidence.com, 1
+coursehero.com, 1
+coursehero.ph, 1
+coursehunter.net, 1
+courselore.org, 1
+courseorbit.com, 1
+coursera.org, 1
+coursereleases.com, 1
+courses.nl, 1
+coursesanswer.com, 1
+coursesidekick.com, 1
+coursesweb.net, 1
+courseworkbank.info, 1
+coursingweb.tk, 1
+coursocean.co, 1
+courstoujours.be, 1
+court1tickets.co.uk, 1
+court1tickets.com, 1
+court23taylormi.gov, 1
+courthousedirect.com, 1
+courtlandtwpmi.gov, 1
+courtonetickets.co.uk, 1
+courtonetickets.com, 1
+courtreporteredu.org, 1
+courttranscriptontario.ca, 1
+courvix.com, 1
+couscous.recipes, 1
+cousine.tk, 1
+cousins.tk, 1
+couteauxsurvie.fr, 1
+couverture-barre.fr, 1
+couverture-saint-nazaire.fr, 1
+couvreur-hinault.fr, 1
+covar.com.co, 1
+covbounce.co.uk, 1
+cove.chat, 1
+covechat.xyz, 1
+covenantbattle.net, 1
+covenco.com, 1
+coventry.com, 1
+coventrycollege.ac.uk, 1
+coventryfdri.gov, 1
+coventrymoneyman.com, 1
+coventryuk.tk, 1
+cover-fashion.de, 1
+coverage-db.org, 1
+coveragecareservices.co.uk, 1
+coveragent.de, 1
+covercrust.com, 1
+covercupboard.co.uk, 1
+coveredinspiders.com, 1
+covering.com.py, 1
+covermusik-band.de, 1
+covermytrip.com.au, 1
+covers.com, 1
+covershousing.nl, 1
+covert.sh, 1
+coveteur.com, 1
+coviacorp.com, 1
+covid-19.nhs.uk, 1
+covid-19advice.com, 1
+covid.gov, 1
+covid19-tracing.ch, 1
+covid19.gov.ph, 1
+covid19.govt.nz, 1
+covid19.melbourne, 1
+covid19.nhs.uk, 1
+covid19dataportal.si, 1
+covid19resilience.org, 1
+covid19responsepod.com, 1
+covid19scotland.co.uk, 0
+covid19statstracker.com, 1
+covidactnow.org, 1
+covidcoldfacts.com, 1
+coviddiary.live, 1
+coviddrawings.org.uk, 1
+covidfreeathome.org, 1
+covidinfo.com.br, 1
+covidlive.com.au, 1
+covidmodel.net, 1
+covidpppstore.co.za, 1
+covidservicepoint.de, 1
+covidstats.gr, 1
+covidtest.gov, 1
+covidtesthonolulu.org, 1
+covidtests.gov, 1
+covidtracker.fr, 1
+covisa.cl, 1
+covisian.com, 1
+covybrat.cz, 1
+cow-ims.herokuapp.com, 1
+cowbird.org, 1
+cowcreek-nsn.gov, 1
+cowleycountyks.gov, 1
+cowleysexeter.co.uk, 1
+cowlitzwa.gov, 1
+coworkanywhere.ch, 1
+coworking-luzern.ch, 1
+coworking-space.tk, 1
+coxcapitalmanagement.com, 1
+coxhealthfoundation.com, 1
+coxxs.me, 1
+coxxs.moe, 1
+coya.tw, 1
+coyo.tl, 1
+coyocloud.com, 1
+coyote.cf, 1
+coyote105.com, 1
+cozanne.fr, 1
+coze.zone, 1
+cozinharaz.com, 1
+cozmerce.com, 1
+cozmoapp.com, 1
+cozmoyachts.com, 1
+cozo.me, 1
+coztacukrzyca.pl, 1
+cozumelairlines.com, 1
+cozumelflight.com, 1
+cozy.town, 1
+cozyeggdesigns.com, 1
+cozynergy.com, 1
+cozzack.com, 1
+cp-st-martin.be, 1
+cp015.com, 0
+cp017.com, 0
+cp061.com, 0
+cpacharge.com, 1
+cpadollar.cf, 1
+cpagray.com, 0
+cpanels.us, 1
+cpaneltips.com, 1
+cpap.com, 1
+cpaporttraining.org, 0
+cpars.gov, 1
+cparta.pro, 1
+cpaspecialisters.ga, 1
+cpasperdu.com, 1
+cpatoday.club, 1
+cpbanq.com, 1
+cpcbegin.tk, 1
+cpchur.ch, 0
+cpd-education.co.uk, 1
+cpd.org.au, 1
+cpe-colleg.de, 1
+cpe-registry.com, 1
+cpe-registry.net, 1
+cpe-registry.org, 1
+cpegypt.tk, 1
+cpeip.cl, 1
+cpelighting.tk, 1
+cperegistry.com, 1
+cperegistry.net, 1
+cperegistry.org, 1
+cpfpa.com, 1
+cpfrancophonie.org, 1
+cpfs-group.com, 1
+cpfurni.com, 0
+cpg.de, 1
+cpgiiaragon.es, 1
+cphollywoodproduct.ml, 1
+cphpvb.net, 1
+cpifilters.com, 1
+cpish.id.au, 1
+cplconsult.com, 1
+cpls.me, 1
+cpm-steuerberater.de, 1
+cpm-steuerberater.pro, 1
+cpm-steuerberater.support, 1
+cpme-industrial.com, 1
+cpost.com.tr, 1
+cppaste.org, 1
+cppressinc.com, 1
+cpro.pt, 1
+cprportal.com, 1
+cps-sante.ml, 1
+cpsa.co.uk, 1
+cpsc.gov, 1
+cpsecureapp.com, 1
+cpsq.fr, 1
+cpstest.live, 1
+cpstest.org, 1
+cpsurvey.com, 1
+cptoon.com, 1
+cptvl.de, 1
+cpu.biz.tr, 1
+cpu.wiki, 1
+cpucheu.com, 1
+cpufanshop.ga, 1
+cpws.gov, 1
+cpxz.nl, 1
+cpy.pt, 1
+cqep.com, 1
+cqfuchen.com, 1
+cqoicebordel.tk, 1
+cqradio.tk, 1
+cqre.business, 1
+cqswxx.com, 1
+cqvradio.ddns.net, 0
+cr.search.yahoo.com, 0
+cr05.fr, 1
+cr8haven.com, 1
+cr9499.com, 1
+cra-bank.com, 1
+cra-search.net, 1
+cra-zy.tk, 1
+crabfactory.com.my, 1
+crabo3d.de, 1
+crabrave.space, 1
+crabtreestore.nl, 1
+cracedkey.com, 1
+crackajack.cf, 1
+crackbros.com, 1
+crackcat.de, 1
+crackedlink.com, 1
+crackedsoftware.cf, 1
+cracker.in.th, 1
+crackerjohn.tk, 1
+crackheros.site, 1
+crackhomes.com, 1
+cracklab.tk, 1
+crackle.io, 1
+crackpfer.de, 1
+cracksarkariexam.com, 1
+cracksarkarinaukri.com, 1
+crackserialkey.co, 1
+cracksnet.tk, 1
+crackspro.co, 1
+crackstation.net, 1
+cracky-chan.com, 1
+cracky.art, 1
+cracky.win, 1
+crackychan.net, 1
+crackychan.org, 1
+crackyhouse.com, 1
+crackypedia.uk, 1
+crackzoom.com, 1
+cradio.tk, 1
+cradleaccounting.com, 1
+cradleofaviation.org, 1
+cradletocareer.org.uk, 1
+craft-beer.life, 1
+craft-me-in.com, 1
+craft.eu.org, 1
+craftandbuild.de, 1
+craftbyhand.com, 1
+craftcms.com, 1
+crafted.cat, 1
+crafterbase.de, 1
+crafters.co.jp, 1
+craftfocus.com, 1
+craftgalore.com.au, 1
+craftination.net, 1
+craftinghand.com, 0
+craftist.de, 1
+craftmachinec.com, 1
+craftmenu.ru, 1
+craftmeow.com, 1
+craftmeow.support, 1
+craftngo.hu, 1
+craftottawa.ca, 1
+craftshiponline.tk, 1
+craftsmandruggets.com, 1
+craftsmany.net, 1
+craftsofcleo.com, 1
+crafttalk.tk, 1
+craftutor.com, 1
+craftwarehouse.com, 1
+craftwmcp.xyz, 1
+craftydev.design, 1
+craftyguy.net, 0
+craftyphotons.net, 1
+craftyun.cn, 1
+craig-mullins.com, 1
+craigary.net, 0
+craigbates.co.uk, 0
+craigdavis.ga, 1
+craigfrancis.co.uk, 1
+craigheadcountyar.gov, 1
+craigleclaireteam.com, 1
+craignewmarkphilanthropies.org, 0
+craigphillips-work.cf, 1
+craigrouse.com, 1
+craigsaper.com, 1
+craigwfox.com, 0
+cramersoft.com, 1
+cran-automobiles.fr, 1
+cranems.com.ua, 1
+cranenburgh.nl, 1
+cranenburgh.tk, 1
+cranepedia.com, 1
+cranes.ga, 1
+cranforddental.com, 1
+crangasi.tk, 1
+cranioo.nl, 1
+crankshaft.space, 1
+cranstonri.gov, 1
+craphound.com, 1
+crapitalism.biz, 1
+crapmail.tk, 1
+crapouill.es, 1
+crash-de-1929-et-grande-depression.tk, 1
+crash.net, 1
+crashbolsa.com, 1
+crashcomputer.tk, 1
+crashcoursecenter.com, 1
+crashcrafter.de, 1
+crashday.tk, 1
+crashdummy.tk, 1
+crashedata.tk, 1
+crashgambler.io, 1
+crashpaint.cf, 1
+cratedb-dev.cloud, 1
+cratedb.cloud, 1
+cratedb.net, 1
+crates-io.cn, 1
+cratexcalgary.com, 1
+cratexedm.com, 1
+cratexind.com, 1
+cratitadelicioasa.ro, 1
+cratss.co.uk, 1
+cravatar.cn, 0
+cravecraftonline.com, 1
+crawcial.de, 1
+crawdadrepublic.com, 1
+crawford.cloud, 1
+crawfordcountyin.gov, 1
+crawfordcountyohioboe.gov, 1
+crawfordcountytcc.org, 1
+crawfordcountywi.gov, 1
+crawfordtx.gov, 1
+crawler.ninja, 1
+crax.tube, 1
+craxpro.io, 1
+crayon.co, 1
+craytos.jp, 1
+crazedknitters.com, 1
+crazilyeverafter.com, 1
+crazy-cake.tk, 1
+crazy-coders.com, 1
+crazy-fox.cf, 1
+crazy-project.ml, 1
+crazyachmed.de, 1
+crazybear-underground.tk, 1
+crazycastles.ie, 1
+crazycen.com, 0
+crazychicken.tk, 1
+crazycouple.ml, 1
+crazycube.fr, 1
+crazycube.tk, 1
+crazydrivers.tk, 1
+crazydude.tk, 1
+crazyfly.tk, 1
+crazyfrog.biz, 1
+crazyfrog.com, 1
+crazygifts.cf, 1
+crazyhost.ga, 1
+crazyhost.tk, 1
+crazymadness.tk, 1
+crazymarvin.com, 1
+crazymeeshu.com, 1
+crazymonkey.gq, 1
+crazynetwork.it, 1
+crazypaul.com, 1
+crazypellas.tk, 1
+crazypete.ga, 1
+crazypong.tk, 1
+crazypotato.tk, 1
+crazysavings.ga, 1
+crazysexpics.com, 1
+crazystories.tk, 1
+crazytunaaz.com, 1
+crbug.com, 1
+crc-bank.com, 1
+crc-online.nl, 1
+crc-search.com, 1
+crc.net.br, 1
+crc32.online, 1
+crca911co.gov, 1
+crcdatatech.com, 1
+crcncc.org, 1
+crcr.pw, 0
+cre8iveco.com, 1
+cre8ivedeals.com, 1
+cre8studios.net, 1
+crea-etc.net, 0
+crea-shops.ch, 0
+crea-that.fr, 1
+crea.bg, 1
+crea.me, 1
+creacioneslri.com, 1
+creacode.tech, 1
+creactivatecomfandi.com, 1
+creadoc.fr, 1
+creadordenoticias.com, 1
+creadstudy.com, 1
+creafitchile.cl, 1
+creaintel.net, 1
+creaketing.com, 1
+crealabs.it, 1
+crealogix-online.com, 1
+creamcastles.co.uk, 1
+creamfields.com, 1
+creamless.com, 1
+creampiepornvids.com, 1
+creampiepussytube.com, 1
+creamsoft.com, 1
+creamyfox.com, 1
+creandoydesarrollando.com, 1
+crear-webs-baratas.com, 0
+creared.edu.co, 1
+crearesiteweb.tk, 1
+creareup.com, 1
+creartcol.tk, 1
+creartsynergy.org, 1
+creasetheband.tk, 1
+creastic.com, 1
+create-it.cz, 1
+create-ls.jp, 1
+create-website.ga, 1
+create2.be, 1
+createbeauty.tk, 1
+createbeing.com, 1
+createbot.ml, 1
+createcode.pt, 1
+createconline.de, 1
+createcpanama.com, 1
+creategyx.ga, 1
+creately.com, 1
+createme.com.pl, 1
+createmvp.com, 1
+createstudios.com.au, 0
+createwithcynthia.com, 1
+creati.me, 1
+creatiefcoaching.nl, 1
+creatieven.com, 1
+creatingchange.us, 1
+creation-photos.com, 1
+creationfox.gq, 1
+creations-edita.com, 1
+creationsgate.com, 1
+creative-wave.fr, 1
+creative2.ru, 1
+creativeangles.in, 1
+creativeartifice.com, 1
+creativebaccha.ga, 1
+creativebathroomsandinteriors.com.au, 1
+creativebenefits.ca, 1
+creativebitsandpieces.com, 1
+creativebloq.tk, 1
+creativechili.com, 1
+creativecityofmusic.be, 1
+creativecommons.gr, 1
+creativecommonscatpictures.com, 1
+creativeconceptsvernon.com, 1
+creativeconsult.com, 1
+creativedijital.com.tr, 1
+creativeeducation.tk, 1
+creativeexpertdesigner.com, 1
+creativefocus.com, 1
+creativegraphix.com, 1
+creativeground.com, 1
+creativeground.com.au, 1
+creativeideasagency.com, 1
+creativeink.de, 1
+creativekitchens.co.nz, 1
+creativekkids.com, 1
+creativelaw.eu, 1
+creativeliquid.com, 1
+creativelysustainable.com, 1
+creativemarket.com, 1
+creativematters.ch, 0
+creativemindslms.tk, 1
+creativenz.govt.nz, 1
+creativepatterns.io, 1
+creativephs.com, 1
+creativephysics.ml, 1
+creativeqc.com, 1
+creativescastle.com, 1
+creativescorpio.tk, 1
+creativesectors.tk, 1
+creativestories.me, 1
+creativevietnam.com.vn, 1
+creativeweb.biz, 1
+creativewolf.net, 1
+creativeworks.com.hk, 1
+creativika.it, 1
+creativityalliance.com, 1
+creativlabor.ch, 1
+creatix.tk, 1
+creatixx-network.de, 0
+creatormetrics.io, 1
+creators-design.com, 1
+creators.direct, 1
+creatorswave.com, 1
+creattic.tk, 1
+creatuasociacion.es, 1
+creayes.com, 1
+crebita.de, 1
+crecips.com, 1
+crecman.fr, 1
+credello.com, 1
+credentsys.cloud, 0
+credex.bg, 1
+credify.tech, 1
+credigo.io, 1
+credimax.com.bh, 1
+credin.com.tr, 1
+credit-10.com, 1
+credit-default-swaps.tk, 1
+credit-mgmt.biz, 1
+credit.in.th, 1
+creditcard.run, 1
+creditcardgenerator.money, 1
+crediteurope.ru, 1
+credithelpinfo.com, 1
+creditif.tk, 1
+creditjunkie.com, 1
+creditkarma.ca, 1
+creditkarma.com, 1
+creditkarma.pro, 1
+creditoconsolidado.pt, 1
+creditopessoal.pt, 1
+creditor.ga, 1
+creditor.tk, 1
+creditorapido.pt, 1
+creditos-rapidos.com, 1
+creditozen.es, 0
+creditozen.mx, 0
+creditreport.tk, 1
+creditriskmonitor.com, 1
+creditsaint.com, 1
+creditscoresmart.com, 1
+creditshanghai.com, 1
+creditshop.com, 1
+creditsummerevent.eu, 1
+creditxpert.com, 1
+credityes.com, 1
+crednox.com, 1
+credot.ru, 1
+creekie.me, 1
+creeks-coworking.com, 1
+creeksidebiblechurch.org, 1
+creeksidecentre.org.uk, 1
+creeksideduluth.com, 1
+creelandgow.com, 1
+creep.tk, 1
+creepnt.stream, 1
+creepycraft.nl, 1
+creepypastas.com, 1
+creepystories.tk, 1
+creer-mon-business-plan.fr, 1
+creer-une-boutique-en-ligne.com, 1
+creermonsite-wp.com, 1
+creerunblog.net, 1
+cremalleradenuria.tk, 1
+crematory.tk, 1
+cremedigital.com, 1
+cremicro.com, 0
+crena.ch, 1
+crepa.ch, 0
+crepusculofansmexico.tk, 1
+crescendo.ai, 1
+crescent-moon.tk, 1
+crescentchc.org, 1
+cresoweb.it, 1
+cresserons.fr, 1
+cressetcapital.com, 1
+crest.com, 1
+crestalepropiedades.com.ar, 1
+crestaproject.com, 1
+crestasantos.com, 1
+crestataustin.com.my, 1
+crestaurant.com.au, 1
+crestdatasys.com, 1
+crestoncottage.com, 0
+crestor20mg.ml, 1
+crestorgeneric.ml, 1
+crestresearch.ac.uk, 1
+crestrockadvisors.com, 1
+crestron.com, 1
+crestwoodky.gov, 1
+cretdupuy.com, 0
+creteangle.com, 1
+cretica.no, 1
+creusalp.ch, 0
+crew.moe, 1
+crewextension.com, 1
+crewnetwork.com, 1
+crewresourcesinternational.group, 1
+crewsing.tk, 1
+crewvision.pt, 1
+crex24.com, 1
+crfcap.org, 0
+crgalvin.com, 1
+crgm.net, 1
+crh.org, 0
+cria.jp, 1
+criadomorro.com.br, 1
+criandosites.com.br, 1
+crianma.com, 0
+criaraposta.com.br, 1
+crias.fr, 1
+criativedesign.com.br, 1
+cribboker.net, 1
+cribcore.com, 1
+cric-grenoble.info, 1
+cricheroes.in, 1
+cricket-betting-online.in, 1
+cricketarena.ml, 1
+cricketnmore.com, 1
+cricketwatch.org, 1
+crickey.eu, 1
+crickits.co.uk, 1
+cricklewood.condos, 1
+cricmela.com, 1
+cricpa.com, 1
+crictechs.com, 1
+cridem.org, 1
+cridigital.net, 1
+criena.com, 1
+criena.net, 1
+crigler-najjar.fr, 1
+criglernajjarday.com, 1
+criktrik.com, 1
+crimalelov.gq, 1
+crimeadsers.ga, 1
+crimeadsest.ga, 1
+crimeainspire.com, 1
+crimeamet.ml, 1
+crimean-wines.tk, 1
+crimeandwar.com, 1
+crimefreeliving.com, 1
+crimemuseum.org, 1
+crimesceneinvestigatoredu.org, 1
+crimethincx.tk, 1
+crimewatch.net, 1
+crimewatchfl.com, 1
+crimewatchpa.com, 1
+crimewatchus.com, 1
+criminal-attorney.ru, 1
+criminal-market.ml, 1
+criminal-news.tk, 1
+criminal.enterprises, 1
+criminalcasecheats.ml, 1
+criminaljusticeprograms.com, 1
+criminaljusticeprogramsonline.com, 1
+criminallawyerjobdescription.ga, 1
+criminallawyerjobdescription.gq, 1
+criminallawyerjobdescription.ml, 1
+criminallawyersingapore.com, 1
+criminalminds.tk, 1
+criminalnote.tk, 1
+criminalskin.tk, 1
+criminologia.or.cr, 1
+crimsh.com, 0
+crimson.no, 0
+crimsonconnect.co.uk, 1
+crimsoncoward.com, 1
+crimsondragoncosplay.tk, 1
+crimsoninators.ga, 1
+crimsonlettersmusic.com, 1
+crimsonmedia.co.uk, 1
+crimtan.com, 1
+crinesdanzantes.be, 1
+crioestaminal.pt, 1
+crip-usk.ba, 1
+criptex.tk, 1
+criptocert.com, 1
+criptofy.com, 1
+criptoinvest.pt, 1
+criptomonedas365.com, 1
+criptomonedasworld.com, 1
+criptomonedaz.com, 1
+criptomoneylite.tk, 1
+criptozoologia.tk, 1
+cris.org.in, 1
+cris2006.com, 1
+crisantacademy.com, 1
+crisisactual.com, 1
+crisisclubers.ga, 1
+crisisdelos40.tk, 1
+crisisnextdoor.gov, 1
+crismar-flora.tk, 1
+crismatthews.com, 1
+crisp.chat, 1
+crisp.email, 1
+crisp.help, 1
+crisp.im, 1
+crisp.nl, 1
+crisp.watch, 1
+crispinplasticsurgery.com, 1
+crispinusphotography.com, 1
+crispybacon.ml, 1
+crisssmanmix.tk, 1
+cristaleslitios.com.mx, 1
+cristalgema.ga, 1
+cristalid.com, 1
+cristals.ga, 1
+cristaltercos.com.br, 1
+cristau.org, 1
+cristenberens.tk, 1
+cristiaen.nl, 1
+cristian-alexander.tk, 1
+cristiandumitru.tk, 1
+cristianhares.com, 1
+cristianonascimento.ml, 1
+cristianuibar.com, 1
+cristiengoller.ga, 1
+cristiengoller.gq, 1
+cristina.tk, 1
+cristinafigueroa.tk, 1
+cristnasar.tk, 1
+cristomisina.tk, 1
+cristomoradocusco.tk, 1
+critcola.com, 1
+criteriaproducciones.tk, 1
+criterion.ga, 1
+criterionsystems.co.uk, 1
+critfc.org, 1
+critical-scientists.net, 1
+critical.software, 1
+criticalcaredvm.com, 1
+criticalculture.cf, 1
+criticalculture.gq, 1
+criticalculture.ml, 1
+criticalgenesis.tk, 1
+criticalmention.com, 1
+criticalmetalscorp.com, 1
+criticalminerals.gov, 1
+criticalrace.org, 1
+criticalsurveys.co.uk, 1
+criticcoos.tk, 1
+criticizetheworld.tk, 1
+critiker.com, 1
+critiquejeu.info, 1
+critiquejeu.org, 1
+critterculture.com, 1
+crivitz.gov, 1
+crixto.io, 1
+crizin.io, 1
+crl-autos.com, 1
+crlna.com, 1
+crm-dialog.com, 1
+crm-dialog.de, 1
+crm-gestion-relation-client.com, 1
+crm.onlime.ch, 0
+crm114d.com, 1
+crmall.com, 1
+crmdumariage.com, 1
+crmforce.mil, 1
+crmot.com, 1
+crmplace.com, 1
+crmtaxi.ml, 1
+crmzz.com, 1
+crnajobsite.com, 1
+crobeauty.com, 1
+croceverdevb.it, 1
+crocheteursdefrance.fr, 1
+crochetkim.com, 1
+crocia.com, 1
+crockettdoodles.com, 0
+crockettmyers.com, 1
+crocky.tk, 1
+crocop.tk, 1
+crocuscoaching.co.uk, 1
+croeder.net, 1
+croftsvetsurgery.co.uk, 1
+croissant.casa, 1
+cromavista.tk, 1
+cromefire.de, 1
+cromefire.myds.me, 1
+cromosceltavigo.tk, 1
+cromosomax.com, 1
+cromwell-intl.com, 1
+cromwellarc.co.uk, 1
+cromwellvets.co.uk, 1
+cron.com, 1
+cron.uz, 1
+cronberg.ch, 1
+croncron.io, 1
+cronenberg.cc, 1
+cronicademuro.tk, 1
+cronix.cc, 1
+cronjob.de, 1
+cronobox.one, 1
+cronologie.de, 1
+cronometer.com, 1
+cronoscentral.be, 1
+crookcountyor.gov, 1
+crookedcru.tk, 1
+crookedtower.com, 1
+crooklibraryor.gov, 1
+crookpublichealthor.gov, 1
+crop-alert.com, 1
+cropdiagnosis.com, 1
+cropwizarders.ga, 1
+croquetgolf.tk, 1
+croquis.tk, 1
+crosbug.com, 1
+cross-culture.tk, 1
+cross-games.tk, 1
+cross-led-sign.com, 1
+cross-x.com, 1
+crossair.tk, 1
+crosschq.com, 1
+crosscom.ch, 1
+crossconnected.co.uk, 1
+crossdresscontest.com, 1
+crossedwires.net, 1
+crossfiremovies.tk, 1
+crossfitbesafe.com, 1
+crossformer.com, 1
+crossfunctional.com, 1
+crosslifenutrition.co.uk, 0
+crosslimit.ga, 1
+crosslink.ae, 1
+crossorange.jp, 1
+crossover.tk, 1
+crossoverit.com, 1
+crosspeakoms.com, 1
+crossplainstn.gov, 1
+crosspointmn.org, 1
+crossriver.com, 0
+crossroads-gmbh.ch, 1
+crossroadsdentalgroup.org, 1
+crosstitch.com, 1
+crossuniverse.net, 1
+crossway.nl, 1
+crosswayz.tk, 1
+crosswordarchive.org, 1
+crosty.tk, 1
+crotchrockets.tk, 1
+crow.tw, 1
+crowcloud.com, 1
+crowdamp.live, 1
+crowdbank.jp, 1
+crowdbox.net, 1
+crowdcloud.be, 1
+crowdfavorite.com, 1
+crowdfiber.com, 1
+crowdfundingdream.com, 1
+crowdfundinggent.be, 1
+crowdpress.it, 1
+crowdsim3d.com, 1
+crowdstack.com, 1
+crowdstack.io, 1
+crowdsupply.com, 1
+crowleybrynn.com, 1
+crown-beverage.com, 1
+crown-building.com, 1
+crown-trading.ru, 1
+crownaffairs.ch, 1
+crowncastles.co.uk, 1
+crownchessclub.com, 1
+crownedhijab.com, 1
+crownednetwork.com, 1
+crownmarqueehire.co.uk, 1
+crownpoint.com, 0
+crownsterling.io, 1
+crowter.li, 1
+crowwing.gov, 1
+croxu.com, 1
+croydonapartments.com.au, 1
+croydonbouncycastles.co.uk, 1
+crrapi.cf, 1
+crrapi.xyz, 1
+crrev.com, 1
+crsngthsswthy.com, 1
+crsoresina.it, 1
+crsserviceogkloak.dk, 1
+crstat.ru, 1
+crsvina.com, 1
+crt.cloud, 1
+crt.sh, 1
+crt2014-2024review.gov, 1
+crtalleres.com, 1
+crti.dz, 1
+crti.tech, 1
+crtified.me, 1
+crucerosplus.com, 1
+crucial.com, 1
+crucial.de, 1
+crucial.es, 1
+crucial.fr, 1
+crucial.in, 1
+crucial.jp, 1
+crucial.tw, 1
+cruelalice.net, 1
+cruelcarbon.tk, 1
+cruelgirls.tk, 1
+crufad.org, 0
+cruicky.co.uk, 1
+cruicky.uk, 1
+cruiseamerica.com, 1
+cruisecheap.com, 1
+cruisecontrolnovels.com, 1
+cruisefashion.tk, 1
+cruiseguy.com, 1
+cruiselookout.com, 1
+cruisemoab.com, 1
+cruisemongers.com, 1
+cruisequotes.com, 1
+cruises.tk, 1
+cruisezoom.com, 1
+crumbcontrol.com, 1
+crumbscorkscrews.com, 1
+crumobr.com, 1
+crunchopedia.com, 1
+crunchr.com, 1
+crunchrapps.com, 1
+crunchy.rocks, 1
+crunchybetty.com, 1
+crunchybridge.com, 1
+crushthelsatexam.com, 1
+crushthepmexam.com, 1
+crushxp.tk, 1
+crustytoothpaste.net, 1
+crute.me, 1
+crutic.gq, 1
+cruzadamorada.tk, 1
+crvegas.com, 1
+crvenikrst.tk, 1
+cry-sys.de, 0
+cryne.me, 1
+cryo-fit.com, 1
+cryoflesh.com, 1
+cryogeni.fr, 1
+cryosite.com, 1
+cryothanasia.com, 1
+cryovex.com, 1
+cryozenic.com, 1
+cryp.no, 1
+crypt-app.net, 1
+crypt0cloud.ddns.net, 0
+cryptcex.com, 0
+cryptcheck.fr, 1
+cryptearth.de, 1
+crypted.chat, 0
+crypteianetworks.com, 1
+cryptenet.com, 1
+crypterium.com.br, 1
+cryptex.net, 1
+crypticdeath.tk, 1
+crypticface.tk, 1
+crypticonseattle.com, 1
+crypticstench.tk, 1
+cryptii.com, 0
+cryptingup.com, 1
+cryptitan.live, 1
+cryptme.in, 1
+crypto-ads.ga, 1
+crypto-clix.xyz, 1
+crypto-gambling.tv, 1
+crypto-gaming.tk, 1
+crypto-trade.org, 1
+crypto-unveil.com, 1
+crypto-wiki.tk, 1
+crypto.cat, 1
+crypto.graphics, 1
+crypto.is, 0
+cryptoafternoon.com, 1
+cryptoanarchist.tk, 1
+cryptoarabsolar.tk, 1
+cryptobells.com, 0
+cryptobet.guru, 1
+cryptobin.co, 1
+cryptobonus.ga, 1
+cryptobonus.tk, 1
+cryptobot.dk, 1
+cryptoclix.website, 1
+cryptocon.org, 1
+cryptocurrencylatestnews.today, 1
+cryptocurrencynews.today, 1
+cryptocurrencyservices.com, 1
+cryptodogsnft.com, 1
+cryptodore.com, 1
+cryptodredge.org, 1
+cryptoearnblog.xyz, 1
+cryptoeighty.com, 1
+cryptofacilities.co.uk, 1
+cryptofacilities.com, 1
+cryptofan.org, 1
+cryptofinance.ai, 1
+cryptofomo.capital, 1
+cryptofomocapital.com, 1
+cryptoforo.com, 1
+cryptofox.nl, 1
+cryptogazette.com, 1
+cryptography.blue, 1
+cryptography.ch, 1
+cryptography.io, 1
+cryptoguidemap.com, 1
+cryptohinge.com, 1
+cryptoinvoke.com, 1
+cryptoisnotacrime.org, 1
+cryptojacks.io, 1
+cryptoki.fr, 1
+cryptolab.tk, 1
+cryptoleed.com, 1
+cryptolinchpin.com, 1
+cryptolingo101.com, 1
+cryptolocalatm.com, 1
+cryptology.ch, 1
+cryptolot.ru, 1
+cryptomail.nl, 1
+cryptomaniaks.com, 1
+cryptomining.mobi, 1
+cryptomixer.io, 0
+cryptomkt.com, 1
+cryptomonnaies.io, 1
+crypton.academy, 1
+crypton.help, 1
+crypton.vercel.app, 1
+crypton.wiki, 1
+crypton.xyz, 1
+cryptonaire.ga, 1
+cryptonit.cf, 1
+cryptonom.org, 1
+cryptonym.com, 1
+cryptool.org, 1
+cryptop.ml, 1
+cryptoparty.at, 1
+cryptoparty.dk, 1
+cryptoparty.in, 1
+cryptoparty.tv, 1
+cryptopartynewcastle.org, 1
+cryptopartyutah.org, 1
+cryptopaste.org, 1
+cryptophobia.nl, 1
+cryptopuk.com, 1
+cryptopuppers.co, 1
+cryptorival.com, 1
+cryptoruay.com, 1
+cryptoscope.io, 1
+cryptoseb.pw, 1
+cryptosender.io, 1
+cryptoshot.pw, 1
+cryptosolicitations.com, 1
+cryptostarz.online, 1
+cryptostorm.is, 1
+cryptotabworks.ml, 1
+cryptotoken.site, 1
+cryptotrendclub.com, 1
+cryptoviet.com, 1
+cryptowat.ch, 1
+cryptowhitelists.com, 1
+cryptoya.io, 1
+cryptozoologyguide.com, 1
+cryptpad.cz, 1
+cryptsetup.com, 1
+cryptsus.com, 1
+cryptulo.com, 1
+crys.cloud, 1
+crys.email, 1
+crys.hu, 1
+crys.me, 1
+crys.ovh, 1
+crys.pw, 1
+crys.tv, 1
+crystal-media.tk, 1
+crystal-zone.com, 1
+crystal.com.co, 1
+crystalapp.ca, 1
+crystalball.photo, 1
+crystalblockchain.com, 1
+crystalcave.nl, 0
+crystalcaves.tk, 1
+crystalchandelierservices.com, 1
+crystalcherryonline.tk, 1
+crystalcleaningservicing.com, 1
+crystalcube.tk, 1
+crystaldesign.tk, 1
+crystaldown.de, 0
+crystalglass.ml, 1
+crystallake.tk, 1
+crystalprinting.com.au, 1
+crystalsdollz.tk, 1
+crystalsky.tk, 1
+crystalspringsms.gov, 1
+crystone.me, 1
+cryz.ru, 1
+cs-algeria.tk, 1
+cs-bot.tk, 1
+cs-colorscreed-betongulve.dk, 1
+cs-escom.tk, 1
+cs-ice.tk, 1
+cs-lite.tk, 1
+cs-mania.tk, 1
+cs-master.tk, 1
+cs-nri.com, 1
+cs-powa.tk, 1
+cs-top.tk, 1
+cs-tops.tk, 1
+cs-unlimited.tk, 1
+cs-westside.tk, 1
+cs.money, 1
+cs2.ac.cn, 1
+cs2.chat, 1
+cs2.net.cn, 1
+cs2.org.cn, 1
+cs2.pub, 1
+cs2.ren, 1
+csa-clan.tk, 1
+csa-library.org, 1
+csa.co.za, 1
+csa.support, 1
+csaapac.com, 1
+csaapac.org, 1
+csab.nic.in, 1
+csabg.org, 1
+csabinext.dyndns.org, 1
+csachapter.io, 1
+csacloudbytes.com, 1
+csacloudtrustsummit.com, 1
+csacongress.com, 1
+csacongress.org, 1
+csacongress.us, 1
+csadc.org, 1
+csaemeacongress.com, 1
+csaemeasummit.com, 1
+csaerotherm.com, 1
+csafederalsummit.com, 1
+csale.co.il, 1
+csapa.com, 1
+csaposs.com, 1
+csasummit.net, 1
+csasummit.org, 1
+csatestdomain.com, 1
+csaurl.org, 1
+csb-consultancy.com, 1
+csbs.org, 1
+csbya.com, 1
+csc-muenchen.de, 1
+cscau.com, 0
+cscholz.io, 1
+cschreiber.llc, 1
+cschristmas.com.au, 1
+csci571.com, 1
+cscmotors.com, 1
+cscred.online, 1
+csd-sevnica.si, 1
+csd-slovenije.si, 1
+csdacadcv.ga, 1
+csdcab.ca, 1
+csdcareerday.com, 1
+csdisco.com, 1
+csds.md, 1
+cse-uniserve.com.au, 1
+csedsp.fr, 1
+csedu.com, 1
+csehnyelv.hu, 1
+cselzer.com, 1
+csengle.de, 1
+csevolution.tk, 1
+csexy.ml, 1
+csfcloud.com, 1
+csfd.cz, 1
+csfd.sk, 1
+csfm.com, 1
+csgbusiness.co.uk, 1
+csghomedesignbuild.com, 1
+csgo-roulette.ru, 1
+csgo.ac.cn, 1
+csgo.help, 1
+csgo.net, 1
+csgo.su, 1
+csgoba.cn, 1
+csgoempire.com, 1
+csgoempire.gg, 1
+csgofile.tk, 1
+csgofinder.eu, 1
+csgomtr.com, 1
+csgostash.com, 1
+csgoswap.com, 1
+csgotwister.com, 1
+csgoyournal.com, 1
+csharp.love, 1
+csharpfactory.io, 1
+csharpmarc.net, 1
+cshe.de, 1
+cshive-img.com, 1
+cshive-static.com, 1
+cshm-schm.ca, 1
+cshostorg.tk, 1
+csilies.de, 1
+csillagoszpumi.se, 1
+csirt.ee, 0
+csitarz.com, 1
+cskentertainment.co.uk, 1
+cskt.gov, 1
+cslbuild.com, 1
+csmainframe.com, 1
+csn3366.ga, 1
+csnet.live, 1
+csodaorszagovoda.hu, 1
+csokolozos-jatekok.tk, 1
+csolar.com, 1
+csorncss.ca, 1
+csosa.gov, 1
+csowt.gq, 1
+csp-tohoku.co.jp, 1
+csper.io, 1
+cspeti.hu, 1
+cspvalidator.org, 1
+csreturn.com.au, 1
+csrichter.com, 1
+csroot.cf, 1
+csrtci.com, 1
+csrtech.com, 1
+csrtech.support, 1
+csru.net, 1
+css-krebs.ch, 1
+css-tricks.com, 1
+css-tricks.tk, 1
+css.direct, 1
+cssai.eu, 1
+cssbmb.gov, 1
+csspsverify.com, 1
+csspublic.tk, 1
+csssr.com, 1
+csszamotuly.pl, 1
+cst-vbg.ru, 0
+cst188.cc, 1
+cstanley.net, 1
+cstevens.cc, 1
+cstg.com, 1
+cstmadrid.tk, 1
+cstmo.org, 1
+cstoredecisions.com, 1
+cstp-marketing.com, 1
+cstromblad.com, 1
+csty.ltd, 1
+csu.st, 1
+csub.edu, 1
+csuchen.com, 1
+csulb-cmp-eir.com, 1
+csumathtutor.com, 1
+csupe.hu, 1
+csusop.gov, 1
+csuw.net, 1
+csvalpha.nl, 1
+csvlombardia.it, 1
+csvplot.com, 1
+csw.cn, 1
+cswapps.com, 1
+cswatch.org, 1
+csx.co.za, 1
+csy.hu, 1
+ct-static.com, 1
+ct-watches.dk, 0
+ct.search.yahoo.com, 0
+ctafo.com, 0
+ctauditors.gov, 1
+ctcloud.ml, 1
+ctcom-peru.com, 1
+ctcp.pt, 1
+ctd.to, 1
+ctdi.pl, 1
+ctech.cf, 1
+ctes.cz, 1
+ctet.nic.in, 1
+ctf-albstadt.de, 1
+ctf-archive.com, 0
+ctf.link, 1
+cthomas.work, 1
+cthulhuden.com, 1
+ctir.gov.br, 1
+ctj.im, 1
+ctjk.com, 1
+ctknight.me, 1
+ctkwwri.org, 1
+ctl.fi, 1
+ctliu.com, 1
+ctm.community, 1
+ctmlightning.co.uk, 1
+ctmportal.co.uk, 1
+ctmrepository.com, 1
+ctnguyen.de, 1
+ctnguyen.net, 1
+ctns.de, 0
+ctoin.tw, 1
+ctonovenkogo.tk, 1
+ctoresms.com, 1
+ctpe.info, 1
+ctpe.net, 1
+ctpro.net, 1
+ctr-sante.eu, 1
+ctrl.blog, 1
+ctrl.gr, 0
+ctrlaltstream.com, 1
+ctrlcvz.tk, 1
+cts-companies.com, 1
+ctsl.net, 1
+ctspcallao.org.pe, 1
+ctsu.org, 1
+cttso.gov, 1
+ctu.cz, 1
+ctyrisinkneri.cz, 1
+cu247secure.ie, 1
+cua911.gov, 1
+cuarentagrados.tk, 1
+cuaresmaysemanasanta.tk, 1
+cuartetocontinental.tk, 1
+cuartob.tk, 1
+cuasotinhyeu.vn, 1
+cuatroporcuatro.tk, 1
+cuatroymedia.com, 1
+cuban.wiki, 1
+cubanas-shoes.com, 1
+cubanchino.tk, 1
+cubanda.de, 1
+cubatel.com, 1
+cubatravel.cu, 1
+cubazineers.ga, 1
+cubazineest.ga, 1
+cube-cloud.com, 1
+cube-filing.com, 1
+cube.builders, 1
+cube.guide, 1
+cube.scot, 1
+cube64128.xyz, 1
+cubebik.com, 1
+cubebuilders.net, 1
+cubecraft.net, 1
+cubecraftcdn.com, 1
+cubecraftstore.net, 1
+cubefreak.tk, 1
+cubegame.tk, 1
+cubeinfo.tk, 1
+cubekrowd.net, 1
+cubela.tech, 1
+cubepasses.com, 1
+cubeperformancecentre.com.au, 1
+cubestudio.website, 1
+cubetech.co.jp, 1
+cubex.ltd, 1
+cubflaica.it, 1
+cubia.com, 1
+cubia4.com, 1
+cubic-lynx.com, 1
+cubicempire.com, 1
+cubicle.tk, 1
+cubiest.com, 1
+cubigames.tk, 1
+cubikus.fr, 1
+cubile.xyz, 1
+cubilo.fi, 1
+cubing.net, 1
+cubistmediagroup.com, 1
+cublick.com, 1
+cubocell.com, 1
+cubotabacaria.com.br, 1
+cuboxmovies.ga, 1
+cubrebocas.tk, 1
+cubsbestteaminbaseball.com, 1
+cubsradio.tk, 1
+cubyhome.com, 1
+cubyn.com, 1
+cuc-cayman.com, 1
+cucabot.tk, 1
+cucaracha.tk, 1
+cuchichi.es, 1
+cuckoo.ee, 1
+cuckoohallacademy.org.uk, 1
+cucumber.io, 1
+cuddlecat.io, 1
+cuddlecomfort.com, 1
+cuddlingyaks.com, 1
+cuddlybeardaycare.org, 1
+cudesa.gq, 1
+cudesyb.tk, 1
+cudoo.de, 1
+cueca.com.br, 1
+cuecasonline.com.br, 1
+cuegee.com, 1
+cuentadias.cl, 1
+cuentamecomopaso.es, 1
+cuentas-gratis.ga, 1
+cues.org.uk, 1
+cuesplus.com, 1
+cuestiondetiempo.tk, 1
+cuetoems.com, 1
+cuevafelina.tk, 1
+cufe.com.au, 1
+cufoon.com, 1
+cugetliber.ro, 1
+cuhadardokuma.com, 1
+cuhawaii.com, 1
+cuidade.fr, 1
+cuio.net, 1
+cuir-lipari.fr, 1
+cuisine-ultime.fr, 1
+cuitrau.tk, 1
+cujanovic.com, 1
+cujo.com, 1
+cukrinelape.com, 0
+cukurbag.ml, 1
+culan.dk, 0
+culetto.at, 1
+culha.net, 1
+culinary.ga, 1
+culpoilu.tk, 1
+cult.games, 1
+cultivariable.com, 1
+cultofperf.org.uk, 1
+cultrix.co.uk, 1
+cultrixdigital.co.uk, 1
+culturaanarquista.tk, 1
+culturaarabe.tk, 1
+culturabrasilia.tk, 1
+culturaeuropea.tk, 1
+culturagenial.com, 1
+culturahack.tk, 1
+culturaldistrict.org, 1
+culturaldiversity.tk, 1
+culturalmaninhos.tk, 1
+culturalparadiso.tk, 1
+culturalsabotage.cf, 1
+culturama.tk, 1
+cultureetsoft.tk, 1
+cultureforward.online, 1
+culturehatti.com, 1
+culturelivresque.fr, 1
+culturerain.com, 1
+culturesgames.tk, 1
+cultureshift.co, 1
+culturesouthwest.org.uk, 1
+culturestraveled.com, 1
+culturevision.com, 1
+culturism.ml, 1
+cultuur.gent, 1
+cultuurinonderwijs.be, 1
+cumberlandcoil.gov, 1
+cumberlandcountyhealthnj.gov, 1
+cumberlandcountyme.gov, 1
+cumberlandcountync.gov, 1
+cumberlandcountynj.gov, 1
+cumberlandcountypa.gov, 1
+cumberlandrivertales.com, 1
+cumberlink.com, 1
+cumbiaperuana.tk, 1
+cumbreamazonica.tk, 1
+cumfiesta.com, 1
+cuminas.com, 1
+cumingcountyne.gov, 1
+cumlaudegent.be, 1
+cumman.life, 1
+cumnock.name, 1
+cumnock.org, 1
+cumplegenial.com, 1
+cumseface.eu, 1
+cumsext.me, 1
+cumshots-video.ru, 1
+cumtd.com, 1
+cumulogranite.fr, 1
+cumulonembo.com, 1
+cumulus.photo, 1
+cungnhauhoctap.tk, 1
+cunha.be, 1
+cunninghamfs.ie, 1
+cunova.cf, 1
+cunova.tk, 1
+cuo.net, 1
+cuoc.org.uk, 1
+cuongthach.com, 1
+cuongthach.net, 1
+cuoredesigns.tk, 1
+cuorineri.tk, 1
+cupabonita.com, 1
+cupcake.com, 0
+cupcake.io, 1
+cupcake.pt, 1
+cupcakestatus.com, 1
+cupcakestatus.net, 1
+cupcao.gov, 1
+cupclub.com, 0
+cupdunarea.ro, 1
+cupertino.gov, 1
+cupid789.co, 1
+cupie.tk, 1
+cupoane-reducere.net, 1
+cupom.net, 1
+cupomia.com.br, 1
+cuponesmasdescuentos.tk, 1
+cuppen.de, 1
+cuppen.marketing, 1
+cuppen.me, 1
+cuppen.pro, 1
+cuppen.support, 1
+cuppycakes.fi, 1
+cur.by, 1
+curacao.tk, 1
+curacaodiveguide.com, 1
+curamail.co.uk, 1
+curamcare.ml, 1
+curaprox.co.th, 1
+curareldolordeespalda.com, 1
+curatednews.xyz, 1
+curatednow.ca, 1
+curationsblog.com, 1
+curbsoftware.com, 1
+curbza.com, 1
+cureatr.com, 1
+cureine.com, 1
+cureyou.com.tw, 1
+curieux.digital, 0
+curinline.com, 1
+curio-shiki.com, 1
+curio.lk, 1
+curio.nl, 1
+curiocity.com, 1
+curiocity.tk, 1
+curiosidadeanimal.cf, 1
+curiosity-driven.org, 1
+curiositytrained.com, 1
+curiosoando.com, 1
+curiouscast.ca, 1
+curiousduck.com, 1
+curiousspoonfoods.com, 1
+curioustea.com, 1
+curiozitate.com, 1
+curis-health.com, 1
+curl.tw, 0
+curlie.tk, 1
+curlify.com, 1
+curlingbelgium.tk, 1
+curlingclass.com, 1
+curlingclubpwa.tk, 1
+curly-hair-extentions.tk, 1
+curlybracket.co.uk, 1
+curlyhumanhairextensions.tk, 1
+currency-one.com, 1
+currency-strength.com, 1
+currency-toolkit.com, 1
+currencyfreaks.com, 1
+currencyreader.gov, 1
+currencyreaderapplication.gov, 1
+current-ip.com, 1
+current.com, 0
+currentbitcoin.news, 1
+currentchaos.tk, 1
+currentcryptocurrency.news, 1
+currentcryptocurrencynews.com, 1
+currenthaus.com, 1
+currentlystreaming.com, 1
+currentos.foundation, 1
+currycountynm.gov, 1
+currycountyor.gov, 1
+currynissanmaparts.com, 1
+currytech.cn, 1
+cursedpine.studio, 1
+curseus.com, 1
+cursillosdezaragoza.tk, 1
+cursoalia.com, 0
+cursoandroid.com, 1
+cursocatolico.com, 1
+cursocomunicacionnoverbal.com, 1
+cursodehipnosis.tk, 1
+cursodememorizacao.ml, 1
+cursointeractivo.com, 1
+cursomente.online, 1
+cursorcam.tk, 1
+cursos-trabajadores.net, 1
+cursos.com, 1
+cursosdeinglesmexico.com, 1
+cursosemmaus.es, 1
+cursosforex.com, 1
+cursosgratuitos.pe, 1
+cursosingles.com, 1
+cursosprogramacion.online, 1
+cursossena.co, 1
+cursosypostgrados.com, 1
+curtacircuitos.com.br, 0
+curtis-ne.gov, 1
+curtis-smith.me.uk, 1
+curtis-smith.uk, 1
+curtisint.com, 0
+curtisleejones.tk, 1
+curtispope.com, 0
+curtissmith.me.uk, 1
+curtissmith.uk, 1
+curts-showcars.com, 1
+curva.co, 0
+curvaverde02.tk, 1
+curvemedia.co, 1
+curveprotect.cz, 1
+curvissa.co.uk, 1
+curvyjessi.com, 1
+curvysarah.com, 1
+cuscoloko.com.br, 1
+cusfit.com, 1
+cusgpwoerden.nl, 1
+cushlaofgullion.com, 1
+cushytushiediapers.com, 1
+custer.tk, 1
+custercounty-co.gov, 1
+custercountymt.gov, 1
+custercountymttransit.gov, 1
+custercountyne.gov, 1
+custify.com, 1
+custodiamobili.roma.it, 1
+custodian.nl, 1
+custodyxchange.com, 1
+custom-wear.ua, 1
+customanarchy.tk, 1
+custombps.com, 1
+custombrokers.com.au, 1
+custombuttonco.com, 1
+customcircuitsltd.co.uk, 1
+customcraft.tk, 1
+customdissertation.com, 1
+customeessay.com, 1
+customerfocus.co.za, 1
+customerservicemanager.com, 1
+customerservicepal.com, 1
+customerware.com.au, 0
+customessaystation.gq, 1
+customfiberglasscoaches.com, 1
+customfoodtruckgraphics.com, 1
+customhealthplans.com, 1
+customhomerealty.com, 1
+customisable.net, 0
+customizedcelebrations.co.uk, 1
+customizeyourshower.com, 0
+customleads.net, 1
+customlogoit.com, 1
+custommadecasino.com, 1
+custommadegolfevents.com, 1
+custompainted.ca, 1
+custompapers.com, 1
+custompoolsbydesign.com, 1
+customradio.tk, 1
+customromlist.com, 1
+customsandals.tk, 1
+customshort.link, 1
+customsportsocks.com, 1
+customtel.com.au, 1
+customwebsitesplus.com, 1
+customwritings.com, 1
+customwritingservice.com, 1
+customwritten.com, 1
+custosd.com, 1
+custosd.io, 1
+custosd.net, 1
+custosd.org, 1
+cut-piehler.de, 1
+cutads.ml, 1
+cutaneon.com, 1
+cutaquigusa.com, 1
+cute-urls.ml, 1
+cute2u.com, 1
+cuteboibutt.ml, 1
+cutehost.ga, 1
+cutemodel.ml, 1
+cutephil.com, 1
+cuthe.re, 1
+cutie-viewty.tk, 1
+cuties.chat, 1
+cutimbo.ovh, 1
+cutlinks.ml, 1
+cutme.fr, 1
+cutmylink.gq, 1
+cutner.co, 1
+cutout.ml, 1
+cutpasteprofit.tk, 1
+cutter.li, 1
+cuttingedgedoorandtrim.com, 1
+cuttingedgeoptronics.com, 0
+cuttingedgeperiodontist.com, 1
+cuttingedges.tk, 1
+cuubconsultancy.com, 1
+cuvantul.tk, 1
+cuve-ibc.be, 1
+cuvva.co, 1
+cuvva.co.uk, 1
+cuvva.com, 1
+cuvva.eu, 1
+cuvva.insure, 1
+cuvva.io, 1
+cuvva.it, 1
+cuvva.me, 1
+cuvva.net, 1
+cuvva.org, 1
+cuvva.uk, 1
+cuvva.us, 1
+cuwcd.gov, 1
+cuxpool.club, 1
+cuxpool.net, 1
+cuyahogacommunitycollege.tk, 1
+cuyahogacountyvotesoh.gov, 1
+cvalda.tk, 1
+cvazquez.es, 1
+cvbp.nl, 1
+cvc.digital, 1
+cvdeexpo.com, 1
+cvdesignr.com, 1
+cve-le-carrousel.ch, 0
+cvec.org, 1
+cvedetails.com, 1
+cvetpodokonnik.tk, 1
+cvglobal.cf, 1
+cvgt.com.au, 1
+cvhunter.hu, 1
+cvj.me, 1
+cvjd.me, 0
+cvlibrary.co.uk, 1
+cvmatch.me, 1
+cvmu.jp, 1
+cvninja.pl, 1
+cvpartner.com, 1
+cvps.top, 0
+cvrn.cc, 1
+cvsec.org, 1
+cvsmash.io, 1
+cvtemplatemaster.com, 1
+cvtenerife.tk, 1
+cvv.cn, 1
+cvwdwater.gov, 1
+cvwrfut.gov, 1
+cw-bw.de, 0
+cw.center, 1
+cw3.fr, 1
+cwa-online.nl, 1
+cwaclub.tk, 1
+cwage.com, 0
+cwalla.com, 1
+cwallpapersheb.tk, 1
+cwaurora.top, 1
+cwbc-bearing.com, 1
+cwbrtrust.ca, 1
+cwc.gov, 1
+cwchristerw.com, 1
+cwchristerw.fi, 1
+cweagans.net, 1
+cwebdesign.tk, 1
+cwgallery.de, 0
+cwgaming.co.uk, 1
+cwglass.pl, 1
+cwgpllc.com, 1
+cwi.fi, 1
+cwinfo.eu, 1
+cwinfo.fi, 1
+cwinfo.net, 1
+cwinfo.org, 1
+cwmart.in, 1
+cwmcpe.tk, 1
+cwo.fi, 1
+cwp.com.sg, 1
+cwr.gov, 1
+cwrau.com, 1
+cwrau.de, 1
+cwrau.info, 1
+cwrau.io, 1
+cwrau.rocks, 1
+cwtrade.co.uk, 0
+cwtsamplecenter.com, 1
+cwwise.com, 1
+cx100.io, 1
+cxbmystore.com, 1
+cxense.com, 1
+cxfund.com.cn, 1
+cxologic.com, 1
+cxologic.io, 1
+cxologic.net, 1
+cxologic.org, 1
+cxorisks.com, 1
+cxotrustsummit.com, 1
+cy.ax, 1
+cy.technology, 1
+cyanhexagon.com, 1
+cybbh.space, 1
+cybeautiful.com.br, 1
+cybelesoft.com, 1
+cyber-anon.tk, 1
+cyber-article.tk, 1
+cyber-computer.club, 1
+cyber-core.co.uk, 1
+cyber-links.tk, 1
+cyber-m.net, 1
+cyber-mech.tk, 1
+cyber-party.tk, 1
+cyber-resear.ch, 1
+cyber-shield.de, 0
+cyber-swiat.pl, 1
+cyber-travel.com, 1
+cyber-world.tk, 1
+cyber-yaroslavl.tk, 1
+cyber.cl, 1
+cyber.gov, 1
+cyber.info, 1
+cyber.je, 1
+cyber72.com, 1
+cyberab.org, 1
+cyberalternance.com, 1
+cyberark.com, 1
+cyberarmy.cc, 1
+cyberassurance.run, 1
+cyberattackincidentresponse.com, 1
+cyberautomobile.tk, 1
+cyberbangla.com, 1
+cyberblog.cn, 1
+cyberbook.ml, 1
+cyberbotx.com, 1
+cyberboy.tk, 1
+cyberburek.tk, 1
+cybercareers.gov, 1
+cybercat-tver.tk, 1
+cybercic.com, 1
+cyberclaw.tk, 1
+cybercloud.cc, 0
+cybercrew.cc, 1
+cybercrew.rocks, 1
+cybercrime-forschung.de, 1
+cybercrime.gov, 1
+cybercustodian.com, 1
+cyberdean.fr, 1
+cyberdevelopment.es, 1
+cyberdiscoverycommunity.uk, 1
+cyberdns.com, 1
+cyberdog.ch, 1
+cyberdragon.tk, 1
+cyberduck.io, 1
+cyberdyne.ie, 1
+cyberdyne.llc, 1
+cyberexplained.info, 1
+cyberfebrio.tk, 1
+cyberfla.me, 1
+cyberforensics.com, 1
+cyberforge.ml, 1
+cyberfruit.tk, 1
+cybergame-host.tk, 1
+cybergordon.com, 1
+cybergroup.cf, 1
+cyberhaus.ch, 1
+cyberhelden.nl, 1
+cyberhipsters.nl, 1
+cyberhost.uk, 1
+cyberianhusky.com, 0
+cyberislam.tk, 1
+cyberium-planet.cf, 1
+cyberjake.xyz, 1
+cyberknife-sigulda.com, 1
+cyberkov.com, 0
+cyberlab.team, 1
+cyberlinchpin.com, 1
+cyberlocos.tk, 1
+cyberlounge.ga, 1
+cyberlux.cz, 1
+cybermall.ga, 1
+cybermaniac.tk, 1
+cybermaretique.fr, 1
+cybermatrixone.tk, 1
+cyberme.sh, 1
+cybermeldpunt.nl, 1
+cybermonday.org.il, 1
+cybermotives.com, 1
+cybern.tk, 1
+cybernews.com, 1
+cybernode.host, 1
+cyberogism.com, 1
+cyberon.it, 1
+cyberoptic.de, 1
+cyberoptions.ca, 1
+cyberpanel.cf, 1
+cyberpanelsetup.com, 1
+cyberpathogen.me, 1
+cyberpcforum.com, 1
+cyberpedia.wiki, 1
+cyberphoenix.tk, 1
+cyberplus.net.id, 1
+cyberpoint.az, 1
+cyberpro.club, 1
+cyberproducciones.tk, 1
+cyberprogramming.tk, 1
+cyberpuerta.mx, 1
+cyberpunk.guru, 1
+cyberquest.cf, 1
+cyberregister.nl, 1
+cyberregister.org, 1
+cyberrepair.de, 1
+cyberresilience.io, 1
+cyberry.eu, 1
+cybersafesolutions.com, 0
+cybersafetn.gov, 1
+cybersails.co.za, 1
+cybersamurai.tk, 1
+cyberscan.io, 1
+cyberschmiede.at, 1
+cyberschmiede.com, 1
+cyberschmiede.de, 1
+cybersec.help, 1
+cybersecurite-info.fr, 1
+cybersecurity.gov, 1
+cybersecurity.gr, 1
+cybersecurity.nz, 1
+cybersecurity.run, 1
+cybersecuritychallenge.be, 0
+cybersecuritydefence.co.uk, 1
+cybersecuritydegreeguide.com, 1
+cybersecurityeducationguides.org, 1
+cybersecurityforum.com.br, 1
+cybersecurityguide.in, 1
+cybersecurityincidentresponse.com, 1
+cybershark.space, 1
+cybershot.tk, 1
+cybersins.com, 1
+cyberskyline.com, 1
+cybersmart.co.uk, 1
+cybersmartdefence.com, 1
+cybersolution.tk, 1
+cybersound.tk, 1
+cyberspace.community, 1
+cyberspect.com, 1
+cyberspect.io, 1
+cyberspot-ci.net, 1
+cyberstatus.de, 1
+cybertalents.com, 1
+cyberteam.info, 1
+cybertinus.nl, 1
+cybertn.gov, 1
+cybertorsk.org, 1
+cybertrinity.co.uk, 1
+cybertron.cf, 1
+cybertronics.tk, 1
+cybertu.be, 1
+cyberwandelendetakjes.tk, 1
+cyberwarhq.com, 1
+cyberwars.dk, 1
+cyberwebeyeos.com, 1
+cyberweightloss.com, 1
+cyberwire.nl, 1
+cyberworldexpert.tk, 1
+cyberxpert.nl, 1
+cyberzone.ml, 1
+cyberzones.gq, 1
+cybiko123.com, 1
+cyborgtheory.tk, 1
+cybozu.cn, 1
+cybozu.com, 1
+cybrient.com, 1
+cybrix.io, 1
+cybrossec.com, 1
+cyburbia.org, 1
+cycc.cloud, 1
+cyclamen.tk, 1
+cyclecoach.co.za, 1
+cycledownunder.com, 1
+cyclehackluxembourgcity.lu, 1
+cyclemasters.com, 1
+cycleshop.com.ua, 1
+cycleterrace.jp, 1
+cycling74.com, 1
+cyclingmonthlyest.ga, 1
+cyclisjumper.gallery, 1
+cyclize.cf, 1
+cyclonedesign.ca, 1
+cyclonemetals.com, 1
+cyclop-editorial.fr, 1
+cyclos.org, 1
+cycomm.ro, 1
+cyconet.org, 1
+cydetec.com, 1
+cydogbrowser.com, 1
+cyelint.com, 1
+cyesec.com, 1
+cyfly.org, 1
+cygnaltech.com, 1
+cygnan.com, 1
+cygnatus.com, 1
+cygnius.net, 1
+cyjm.com, 1
+cykelbanor.se, 1
+cyklistika24.cz, 1
+cylex-italia.it, 1
+cylex.noip.me, 1
+cyllos.me, 1
+cynchealth.org, 1
+cynetco.com, 1
+cynicaloptimist.me, 1
+cynology.ga, 1
+cynop.me, 1
+cynrgie.fr, 1
+cynthiacherry.com, 1
+cyon.ch, 1
+cyoubook.com, 1
+cype.dedyn.io, 1
+cyph.com, 1
+cyph.healthcare, 1
+cyph.ws, 1
+cyphar.com, 1
+cypherbot.org, 1
+cypherpunk.observer, 1
+cypherpunk.ws, 1
+cypressca.gov, 1
+cypressinheritancesaga.com, 1
+cypresslegacy.com, 1
+cyprus-company-for.gr, 1
+cyprus-company-service.com, 1
+cyptechost.co.ke, 1
+cyqual.com, 1
+cyraco.com, 1
+cyrenianhouse.com, 1
+cyrex.tech, 0
+cyrians.com, 1
+cyril-leytsihovich.ml, 1
+cyriletsophie.fr, 1
+cyrilmurphy.com, 1
+cyrilstoll.ch, 1
+cyrix-systems.tk, 1
+cyroco.fr, 1
+cyrokx.com, 1
+cyrozap.com, 1
+cyrusdaily.tk, 1
+cysecure.co, 1
+cysi.in, 1
+cyson.tech, 1
+cytat.tk, 1
+cytech.com.tr, 1
+cytegic-update-packages.com, 1
+cytn.xyz, 1
+cytophil.com, 1
+cyumus.com, 1
+cyvault.io, 1
+cyware.com, 1
+cz.ma, 1
+cz.nl, 1
+czakey.net, 1
+czarni-czarne.tk, 1
+czaw.org, 1
+czbix.com, 1
+czbtm.com, 1
+czc.cz, 1
+czdoll2.com, 1
+czdoll4.com, 1
+czdoll5.com, 1
+czdoll6.com, 1
+czdoll7.com, 1
+czdoll8.com, 1
+czdoll9.com, 1
+czebox.cz, 1
+czech.is, 1
+czechcrystals.co.uk, 1
+czechglaskralen.nl, 1
+czechhunter.com, 1
+czechpoint.cz, 1
+czechps.cz, 1
+czechvirus.cz, 1
+czeh.us, 1
+czewo-data.de, 1
+czihak.at, 0
+czirnich.org, 1
+czk.mk, 1
+czl.net, 0
+czlx.co, 0
+cznburak.co.uk, 1
+czprothz.tk, 1
+czqu.cc, 1
+czqu.net, 1
+czqu.xyz, 1
+czteryporyroku.edu.pl, 1
+czwartybrat.pl, 1
+czymamdzisimieniny.pl, 1
+czzs.org, 1
+d-20.fr, 1
+d-consultant.ru, 1
+d-cuba.com, 1
+d-day.tk, 1
+d-eisenbahn.com, 1
+d-influencers.com, 1
+d-ku.de, 1
+d-macindustries.com, 1
+d-mind.de, 1
+d-shed.tk, 1
+d-soft.tk, 1
+d-solutions.com.au, 1
+d-systems.tk, 1
+d-tousei.co.jp, 1
+d-toys.com.ua, 1
+d-training.de, 1
+d-uhlig.de, 1
+d-va.cf, 1
+d-vision-create.com, 1
+d.ac, 1
+d.nf, 1
+d.nr, 1
+d00228.com, 0
+d00d.de, 1
+d0g.cc, 1
+d0xq.net, 1
+d10ses.com, 1
+d166.net, 1
+d1b2k93bahaw3s.cloudfront.net, 1
+d1gital.org, 1
+d1iwhdc6scsqsn.cloudfront.net, 1
+d1pbyafuxn3mkm.cloudfront.net, 1
+d1pyhxxwnnp9rt.cloudfront.net, 1
+d1qvlbepn0kduz.cloudfront.net, 1
+d1v7neu4o1h4vp.cloudfront.net, 1
+d2.gg, 1
+d21laxujm54z8h.cloudfront.net, 1
+d24zgh0u05bzjw.cloudfront.net, 1
+d25sxbgdpzj1st.cloudfront.net, 1
+d2evs.net, 1
+d2ph.com, 1
+d2toledo.com, 1
+d2trade.tk, 1
+d2woj1dt0tk6sn.cloudfront.net, 1
+d36533.com, 1
+d36594.com, 1
+d39rl9amo4q27v.cloudfront.net, 1
+d3a.xyz, 1
+d3d3.tk, 1
+d3dev.cf, 1
+d3lab.net, 1
+d3scene.org, 1
+d3x.pw, 1
+d3xt3r01.tk, 1
+d4done.com, 1
+d4fx.de, 1
+d4h.live, 1
+d4insight.com, 1
+d4wson.com, 1
+d4x.de, 1
+d500world.tk, 1
+d5197.co, 1
+d58beu28.com, 1
+d5k.one, 1
+d64.nl, 1
+d6729.co, 1
+d6729.com, 0
+d6957.co, 1
+d6c5yfulmsbv6.cloudfront.net, 1
+d8.io, 1
+d8181.com, 1
+d82365.com, 1
+d88.ag, 1
+d88.cc, 0
+d88.cn.com, 1
+d88118.com, 1
+d8812.com, 1
+d8814.com, 1
+d8816.com, 1
+d8819.com, 1
+d8834.com, 1
+d883vip.com, 1
+d8845.com, 1
+d8846.com, 1
+d8847.com, 1
+d884vip.com, 1
+d8859.com, 1
+d885vip.com, 1
+d886vip.com, 1
+d8870.net, 1
+d8874.com, 1
+d8878.com, 1
+d887vip.com, 1
+d88818.com, 1
+d8886.net, 1
+d88869.com, 1
+d8891.net, 1
+d88agent.com, 1
+d88siteintro.com, 1
+d898.app, 1
+d899365.com, 0
+d8studio.net, 1
+d9297.co, 1
+d9397.com, 1
+d9721.com, 0
+d9728.co, 1
+d9and10sports.com, 1
+da-schaewel.de, 1
+da-tex.com.ua, 1
+da-tixe.ml, 1
+da-tixe.tk, 1
+da42foripad.com, 1
+da4colorado.gov, 1
+daadn.cn, 0
+daaje-und-andre.de, 1
+daallexx.eu, 1
+daanbanaan.tk, 1
+daanial.tk, 1
+daann-wch.com.tw, 1
+daaxit.com, 1
+dabai.cf, 1
+dabai.club, 1
+dabai.ga, 1
+dabai.ml, 1
+dabai.photo, 1
+dabasstacija.lv, 1
+dabbagam.tk, 1
+dabhand.studio, 1
+dabi.tk, 1
+dabrecords.co.uk, 1
+dabro.tk, 1
+dabuzz.tk, 1
+dacada-porn.com, 1
+dacangku.com, 1
+daceurope.co.uk, 1
+dacgroup.com, 1
+dacha-letom.ml, 1
+dacha.today, 0
+dachb0den.net, 1
+dachdecker-ranzenberger.de, 1
+dachdeckerei-hagen.de, 0
+dachdeckermeister-egon-weiss.de, 1
+dachdeckermeister-moeller.de, 1
+dachet.com, 1
+dachlaeufer.com, 1
+dachnie-reshenia.ru, 1
+dachnyvopros.info, 1
+dachshundsaspets.com, 1
+dachshundtalk.com, 1
+daciaforum.nl, 1
+daciamodellen.nl, 1
+daconsult.uk, 1
+dacsanchatviet.com, 1
+dacsansach.com, 1
+dad, 1
+dad256.tk, 1
+dada.is, 0
+dadafterforty.be, 1
+dadcentral.ca, 1
+daddarios.tk, 1
+daddybio.com, 1
+daddyfinger.me, 1
+daddyhax.ml, 1
+daddylive.link, 1
+daddylonglegs.tk, 1
+daddyschickenshack.com, 1
+daddysfranchising.com, 1
+daddysluder.net, 1
+dadecityfl.gov, 1
+dadecountymo911.gov, 1
+dado.cloud, 1
+dado.fr, 1
+dado.me, 1
+dado.virtual.museum, 1
+dadoilustrado.pt, 1
+dadons-laserdiscs.com, 1
+dadoresanguepsiria.pt, 1
+dadosch.de, 0
+dadrian.io, 1
+dadsarmy.tk, 1
+daduke.org, 1
+daemen.org, 1
+daemon-hentai.tk, 1
+daemon.xin, 1
+daemons.ml, 1
+daemonslayer.net, 1
+daemus.ro, 1
+daemwool.ch, 1
+daer.cloud, 1
+daevel.com, 1
+daevel.fr, 1
+daevel.net, 1
+dafater.sa, 1
+dafe2021.ee, 1
+dafengche.com, 1
+dafengding.com, 1
+daffodilusa.org, 1
+dafmeyda.com, 1
+dafong.com, 1
+dafont.com, 1
+dafricapress.com, 1
+daft.ie, 1
+dafunda.com, 1
+dafuq.xyz, 1
+dafyddcrosby.com, 1
+dag-berlin.tk, 1
+dag-konsult.com, 1
+dag-ogni.tk, 1
+dagallemaal.be, 1
+daganghalal.com, 1
+daganzo.tk, 1
+dagbestedingwarrie.nl, 1
+dagensannonser.se, 1
+dagestan-guide.ru, 1
+dagestan.cf, 1
+dagestanci.tk, 1
+dagestanec.tk, 1
+daggas.life, 1
+daggastest.com, 1
+dagirl.uno, 1
+dagjetreinen.nl, 1
+daglar-domany.tk, 1
+dagmar2018.cz, 1
+dagmarhamalova.cz, 1
+dagrs.se, 1
+dagsell.ga, 1
+dahaboffers.tk, 1
+dahl-pind.dk, 1
+dahlberg.cologne, 1
+dahlem.info, 1
+dahobo.tk, 1
+dai.top, 0
+daidogei.com, 1
+daidothi.vn, 1
+daidr.me, 1
+daie-inc.com, 1
+daijin.com, 1
+daikonsystems.com, 1
+daikoz.com, 1
+daili.eu, 1
+daily-puzzle.tk, 1
+daily-solution.pro, 0
+daily-sudoku.tk, 1
+daily.it, 1
+dailyalerts.ga, 1
+dailybihar.com, 1
+dailybits.be, 1
+dailyblocks.com, 1
+dailyblogged.com, 1
+dailybusiness.tk, 1
+dailycricnews.tk, 1
+dailydealika.com, 1
+dailydodge.com, 1
+dailydote.com, 1
+dailydoze.com, 1
+dailyfish.ru, 1
+dailyhealthylife.ml, 1
+dailyhealthylife.tk, 1
+dailyjigsawpuzzles.net, 1
+dailyjoy.com, 1
+dailykos.com, 1
+dailykosbeta.com, 1
+dailylime.kr, 1
+dailylviv.com, 1
+dailymailindia.com, 1
+dailymedicalinfo.com, 1
+dailymotion.com, 1
+dailynewsclubs.ga, 1
+dailynewsfrommedjugorje.ml, 1
+dailyotovinfast.com.vn, 1
+dailyphototips.com, 0
+dailypop.ru, 1
+dailypost.ng, 1
+dailyprogress.com, 1
+dailyreels.ga, 1
+dailyrenewblog.com, 1
+dailyroverr.com, 1
+dailysomething.site, 1
+dailysuperheroes.com, 1
+dailytrip.de, 1
+dailyusbusiness.tk, 1
+dailywarteg.com, 1
+dailywealth.com, 1
+dailywork.ga, 1
+dailyxenang.com, 1
+daimonikos.com, 1
+dairikab.go.id, 1
+daisidaniels.co.uk, 1
+daisuki.pw, 1
+daisy-peanut.com, 1
+daisydevbi.net, 1
+daisydollyandme-dev.com, 1
+daisydollyandme.com, 1
+daisyindia.org, 1
+daisypeanut.com, 1
+daisypeel.com, 1
+daisyscars.cf, 1
+daiwa-union.jp, 0
+daja.ml, 1
+dajaks.tk, 1
+dajaskincare.nl, 1
+daji.ba, 1
+dajiale.org, 1
+dajjal.org, 1
+dak.org, 1
+dakartmarket.com, 1
+dakcess.net, 1
+daken.hu, 1
+daki-host.tk, 1
+dakin.nyc, 1
+dakindesign.com, 1
+daknam.tk, 1
+daknob.net, 1
+dakota-fanning.tk, 1
+dakota-spain.tk, 1
+dakota911mn.gov, 1
+dakotacil.org, 1
+dakotas.com, 1
+dakotavalleyrecyclingmn.gov, 1
+dal-loop.xyz, 1
+dal.net.sa, 1
+dalagore.com, 1
+dalaran.city, 1
+dalb.in, 1
+dalbar.com, 1
+dalbarsqm.com, 1
+dalbitresb.com, 1
+daldropsbb.com, 1
+daleanddollops.com, 1
+dalecountyal.gov, 1
+dalek.co.nz, 1
+dalevuelta.tk, 1
+daleworley.com, 1
+dalfsennet.nl, 1
+dali-boli.me, 1
+dalianbbq.com, 1
+dalil.tk, 1
+dalingk.com, 1
+dalkhola-city.tk, 1
+dalkhola.tk, 1
+dalkholaphotos.tk, 1
+dallapartedeltorto.tk, 1
+dallas.gov, 1
+dallas.lu, 1
+dallascaraccidentlawyers.net, 1
+dallascowboys.tk, 1
+dallasfire.gov, 1
+dallaslu.com, 1
+dallaslu.eu.org, 1
+dallasobgynpa.com, 1
+dallasor.biz, 1
+dallaspolice.gov, 1
+dallastexas.ml, 1
+dallaswater.gov, 1
+dallaswestinternational.ga, 1
+dallatana.tk, 1
+dallemon.dk, 1
+dalliard.ch, 1
+dallinbryce.com, 1
+dallincooper.com, 1
+dallmeier.net, 0
+dallydushigrill.com, 0
+dalmacijahost.com, 0
+dalmatiandream.com, 0
+dalmatians.tk, 1
+dalsin.ir, 1
+daltoncraven.com, 1
+daltonohio.gov, 1
+daltons.tk, 1
+dalux.com, 1
+dalycity.gov, 1
+damadam.pk, 1
+damades.com, 1
+damag.net, 1
+damag.org, 1
+damaged.org, 1
+damanlu.com, 1
+damanlv.com, 1
+damarsarkilar.tk, 1
+damasgonzalezabogados.com, 1
+damassimo.bg, 1
+dambachpeacebuilderfellowships.org, 1
+dambo.tk, 1
+dame.cf, 1
+damedrogy.cz, 1
+dameeq.cf, 1
+dameisports.com, 0
+damgan.com, 1
+damgoodmedia.com, 1
+damianmalrechauffe.tk, 1
+damianus.hr, 1
+damibaby.com.br, 1
+damicris.ro, 1
+damienchicotphotographe.fr, 1
+damienduhamel.tk, 1
+damiengobron.com, 1
+damienoreilly.org, 1
+damifph.com, 1
+damirsystems.com, 1
+damjanovic.work, 1
+dammekens.be, 1
+dammu.tk, 1
+damnation.tk, 1
+damnednation.tk, 1
+damngoodpepper.com, 0
+damnkid.ml, 1
+damnmodz.com, 1
+damonline.dk, 1
+dampedia.com, 1
+dampfbahn-leverkusen.com, 1
+dampfbahn-leverkusen.de, 1
+dampferchef.ch, 1
+dampoo.com, 1
+damsafety.co.nz, 1
+damscheid.de, 1
+damuhan.tk, 1
+damvdolg.gq, 1
+dan-bureau.com, 1
+dan-informacijske-varnosti.si, 1
+dan-maskiner.tk, 1
+dan-saba.com, 1
+dan.me.uk, 1
+dan124.com, 1
+dana-hilliot.tk, 1
+danaandnathan.com, 1
+danadameson.tk, 1
+danads.com, 1
+danalina.by, 0
+danalpay.com, 1
+danalytics.com.pe, 1
+danamica.dk, 1
+danandkatiegetmarried.com, 1
+danandrum.com, 1
+danarozmarin.com, 1
+danashamsters.tk, 1
+danasweed.com, 1
+danbailey.com, 1
+danbaldwinart.com, 1
+danbao.com, 1
+danbarrett.com.au, 0
+danbergen.com, 1
+danbolig.dk, 1
+danca.com, 1
+dance-colleges.com, 1
+dance-school.tk, 1
+dancechart.tk, 1
+dancefm.tk, 1
+dancehome.com, 1
+dancehubsa.com.au, 1
+danceonline.fi, 1
+danceordienet.tk, 1
+danceproducciones.com, 1
+dancerzone.tk, 1
+danceworld.tk, 1
+danchen.org, 1
+danchestertonphoto.co.uk, 1
+dancingangels.tk, 1
+dancingcubs.co.uk, 1
+danclassroom.com, 1
+dandan101.com, 1
+danddy.eu, 1
+dandelikaliadventure.com, 1
+dandelion-seeds.com, 1
+dandelionjunkqueens.tk, 1
+dandenongroadapartments.com.au, 1
+danderco.in, 1
+dandia.ro, 1
+dandie.tk, 1
+dandsplumbers.com, 1
+danduran.me, 1
+dandymodz.tk, 1
+dandymrsb.com, 1
+danecounty.gov, 1
+danejones.com, 1
+danelska.pl, 1
+danelski.pl, 1
+danesara.com, 1
+daneshtools.tk, 1
+danfromit.co.uk, 1
+danfromit.com, 1
+dangeredwolf.com, 1
+dangerscience.com, 1
+dangmai.tk, 1
+dangr.zone, 0
+danhalliday.com, 1
+danhotels.co.il, 1
+danhotels.com, 1
+dania.gq, 1
+dania.ml, 1
+daniel-ayala.tk, 1
+daniel-baumann.ch, 1
+daniel-beilharz.com, 1
+daniel-beilharz.de, 1
+daniel-cholewa.de, 1
+daniel-leblanc.tk, 1
+daniel-milnes.co.uk, 1
+daniel-milnes.uk, 1
+daniel-monaghan.co.uk, 1
+daniel-ruf.de, 1
+daniel-san.de, 1
+daniel-stahl.net, 1
+daniel-topalov.ga, 1
+daniel.priv.no, 1
+daniel.sb, 1
+danielacocco.it, 1
+danielacorahansson.com, 1
+danieladentista.com, 1
+danielaeichberger.com, 1
+danielaferpe.tk, 1
+danielalvarez.net, 1
+danielaswish.org, 1
+danielbankhead.com, 1
+danielbarros.com.br, 1
+danielbeilharz.com, 1
+danielbeilharz.de, 1
+danielbeltejar.es, 1
+danielcardoso.net, 1
+danielcolquitt.com, 1
+danieldavies.co.uk, 1
+danielderidderfansite.tk, 1
+danieldevine.tk, 1
+danielduran.tk, 1
+daniele.tech, 1
+danielehniss.de, 0
+danieleluttazzi.tk, 1
+danieleoneta.it, 0
+danielepestilli.com, 0
+danielg0.co.uk, 1
+danielg0.com, 1
+danielgil.pt, 1
+danielgorr.de, 1
+danielgray.email, 1
+danielgray.me, 1
+danielgraziano.ca, 1
+danielguttfreundphd.net, 1
+danielh.cc, 1
+danielh.codes, 1
+danielhammond.tk, 1
+danielheal.net, 0
+danielhinterlechner.eu, 1
+danielhurley.com, 1
+danielhurley.eu, 1
+danielhurley.ie, 1
+danielhurley.info, 1
+danielhurley.org, 1
+danielittlewood.xyz, 1
+danielj.tk, 1
+danieljamesscott.org, 1
+danielkanchev.com, 1
+danielkoster.nl, 1
+daniellecavazos.com, 1
+danielleskosky.com, 1
+daniellespringer.tk, 1
+daniellesteel.com, 1
+danielluisrodriguezs.com, 1
+danielmartin.de, 1
+danielmicay.ca, 1
+danielmicay.com, 1
+danielmoch.com, 1
+danielmorales917.com, 1
+danielmorell.com, 1
+danielnaaman.org, 1
+danielnet.co, 1
+danielparker.com.au, 1
+danielpeukert.cz, 1
+danielportfolio.es, 1
+danielran.com, 1
+danielroelsontwerp.nl, 1
+danielrozenberg.com, 1
+danielruiz.tk, 1
+danielsblog.org, 1
+danielshaw.co.nz, 1
+danielshealth.com.au, 1
+danielstach.cz, 1
+danielstiner.me, 1
+danielt.co.uk, 0
+danielthompson.info, 1
+danieltollot.de, 0
+danielvaduva.tk, 1
+danielve.ga, 1
+danielverlaan.nl, 1
+danielwayman.co.uk, 1
+danielwelty.com, 1
+danielwildhaber.ch, 1
+danielzuzevich.com, 1
+danifabi.eu, 1
+danilapisarev.com, 1
+danilov-abrosimov.org.ua, 1
+danish.cf, 1
+danish.events, 1
+danishbytes.club, 1
+danishiqbal.tk, 1
+danispage.tk, 1
+danituuu7.tk, 1
+daniweb.com, 1
+daniya.tk, 1
+danjesensky.com, 1
+dankburritofranchise.com, 1
+danke.moe, 1
+dankeroni.de, 1
+dankevich.ru, 1
+dankie.com.br, 1
+dankim.de, 0
+dankojunasevic.tk, 1
+dankrpg.xyz, 1
+danla.nl, 1
+danlockton.tk, 1
+danloona.nl, 1
+danmaby.com, 1
+danmarksbedstefredagsbar.dk, 1
+danmassarano.com, 1
+danminkevitch.com, 0
+danmoldovan.tk, 1
+danndorf.com, 0
+dannemora.tk, 1
+dannhanks.com, 1
+dannicholas.net, 1
+danniellealbrechtdesigns.com, 1
+dannon.com, 1
+danny-rohde.de, 1
+danny.fm, 1
+dannycairns.com, 0
+dannycavanagh.tk, 1
+dannydiamondsconcrete.com, 1
+dannygaidateraelgar.com, 1
+dannyhoekstra.tk, 1
+dannyjota.tk, 1
+dannymoran.com, 1
+dannyoficial.tk, 1
+dannyroh.de, 1
+dannyrohde.de, 1
+dannyscloud.tk, 1
+dannystevens.co.uk, 1
+dannytemming.tk, 1
+dannyvanwamelen.tk, 1
+danoji.cf, 1
+danone.es, 1
+danonenorthamerica.com, 0
+danonsecurity.com, 1
+danotage.tv, 1
+danovamix.com.br, 1
+danpiel.net, 1
+danq.me, 1
+danramer.tk, 1
+dansage.co, 0
+dansasphaltmaintenance.com, 1
+dansaunders.me, 1
+dansedesalonsaintave.fr, 1
+danselibre.net, 1
+danselibre.org, 1
+dansemacabre.tk, 1
+danseressen.nl, 1
+dansk8bit.dk, 1
+danske.events, 1
+danskemedier.dk, 1
+danskoya.com, 1
+danslan.org, 1
+danslavieyadescactus.ch, 1
+danstillman.com, 1
+danstoncu.be, 1
+dantana.de, 1
+dantesinferno.tk, 1
+danthecloudman.com, 1
+dantikap.tk, 1
+danux.co.uk, 1
+danvillein.gov, 1
+danvillevt.gov, 1
+danw.io, 1
+danwaibel.com, 1
+danwelty.co, 1
+danwelty.me, 1
+danwelty.net, 1
+danwelty.org, 1
+danwillenberg.com, 1
+danwin1210.de, 1
+danwise.online, 1
+danwolff.se, 1
+danya.ml, 1
+danzavila.com, 1
+danzenyogadaycare.com, 1
+danzka.tk, 1
+dao.spb.su, 1
+daofficers.com, 1
+daojian.com, 1
+daole.com, 1
+daomo.com, 1
+daoplattunhien.com.vn, 1
+daoro.net, 0
+daoudi.it, 1
+dapasten.com, 1
+daphne.informatik.uni-freiburg.de, 1
+dapoxetinagenerico.cf, 1
+dapoxetine.gq, 1
+dapperdom.net, 1
+dapps.earth, 1
+dappui.com, 1
+daprint.tk, 1
+dapss-ut.gov, 1
+dapurosyom.com, 1
+dapursolo.tk, 1
+daqq.com, 1
+daracokorilo.com, 1
+darador.net, 0
+darajambili.com, 1
+daramad-telegram.ga, 1
+darani.ch, 1
+daravk.ch, 1
+darbi.org, 1
+darc-mak.de, 1
+darci.tech, 1
+darcyinspired.com, 1
+darcymarshall.com, 1
+dare.deals, 1
+darean.ml, 1
+daredorm.com, 1
+dareechayhome.com.pk, 1
+darenc.gov, 1
+darenet.org, 1
+daresay.games, 1
+daresay.studio, 1
+daresaygames.com, 1
+daretogain.com, 1
+darf.nl, 1
+darfurwall.org, 1
+dari.wiki, 1
+daricaun.com, 1
+dariela.tk, 1
+darientownwi.gov, 1
+darienvillagewi.gov, 1
+dario.gq, 1
+darioclip.com, 1
+dariosirangelo.me, 1
+darioturchetti.me, 1
+darioush.com, 0
+dariusheghbali.tk, 1
+darix.tk, 1
+dark-ages.tk, 1
+dark-crystal.tk, 1
+dark-dreams.tk, 1
+dark-infection.de, 1
+dark-lake.com, 1
+dark-legion.tk, 1
+dark-nova.me, 1
+dark-nova.tk, 1
+dark-programs.com, 1
+dark-vision.cz, 1
+dark-wolf.tk, 1
+dark.direct, 1
+dark.fail, 1
+darkag.ovh, 1
+darkartstudios.tk, 1
+darkbin.net, 1
+darkbit.gr, 1
+darkboysmedia.com, 1
+darkbyte.com, 1
+darkcelebration.tk, 1
+darkcodes.icu, 1
+darkcores.net, 1
+darkct.com, 1
+darkcure.tk, 1
+darkdestiny.ch, 1
+darkengine.io, 1
+darkengine.net, 1
+darkenluster.space, 1
+darkerlystormy.com, 0
+darkerstormy.com, 0
+darkestproductions.net, 1
+darkfeeling.tk, 1
+darkfilm.tk, 1
+darkfire.ch, 1
+darkfirestudios.tk, 1
+darkforceofhappiness.tk, 1
+darkgames.cf, 1
+darkgrid.eu, 1
+darkhall.tk, 1
+darkhuntersworld.tk, 1
+darkinvasion.tk, 1
+darkishgreen.com, 1
+darkkeepers.tk, 1
+darklang.com, 1
+darklaunch.com, 1
+darkleia.com, 1
+darklite.ml, 1
+darklybasic.com, 1
+darkmail.cf, 1
+darkmanthra.tk, 1
+darkmattertechnology.com, 1
+darkmattertechnology.net, 1
+darkmemo.com, 1
+darkmilknyeremeny.hu, 1
+darkness-and-light.tk, 1
+darkness.sk, 1
+darknessflickers.com, 0
+darknessinme.tk, 1
+darknight.blog, 1
+darkoctoberseance.com, 1
+darkoff.tk, 1
+darkotip.tk, 1
+darkovepredmety.cz, 1
+darkpassionsite.tk, 1
+darkperu.tk, 1
+darkphantom.tk, 1
+darkprince.tk, 1
+darkrain.nl, 1
+darkrisks.com, 1
+darkscience.tk, 1
+darksecret.dk, 1
+darkserver.fedoraproject.org, 1
+darkserver.stg.fedoraproject.org, 1
+darksideprod.tk, 1
+darksignsgame.tk, 1
+darkskymap.com, 1
+darksoilcbd.com, 1
+darksonic.tk, 1
+darkspacelab.com, 1
+darkspike.tk, 1
+darkstar-digital.com, 1
+darksystems.tk, 1
+darktechnology.tk, 1
+darktide.tk, 1
+darktime.ru, 1
+darkwater.info, 1
+darkwater.tk, 1
+darkweb.wtf, 1
+darkwebkittens.xyz, 0
+darkwoods.tk, 1
+darkx.me, 1
+darkxxxtube.com, 1
+darlehen-ratgeber.de, 1
+darlen.com, 1
+darlene.hu, 1
+darlenenbocek.com, 1
+darlingdownscoffee.com.au, 1
+darlington.tk, 1
+darlingtonia.nl, 1
+darlingtonwi.gov, 1
+darmowy-tarot.pl, 1
+darnashop.fr, 1
+darom.jp, 1
+darosen.eu, 1
+darpa.mil, 1
+darrenflemingphotography.co.uk, 1
+darrenlines.uk, 1
+darrenm.net, 1
+darrouzettisd.gov, 1
+darshanalytics.com, 1
+dart-tanke.com, 1
+dart-tanke.de, 1
+dartagnan.com, 1
+dartbeginners.tk, 1
+dartcarrousel.tk, 1
+dartcode.org, 0
+dartdriving.com, 1
+dartergroup.com, 1
+darthbraden.com, 1
+dartmold.com, 1
+dartmouth-health.org, 1
+dartmouth-hitchcock.org, 1
+dartnallministorage.com, 1
+dartstart.tk, 1
+dartydiscount.fr, 1
+darululum.ga, 1
+darwinkel.net, 1
+darwinpark.tk, 1
+darwinport.com.au, 1
+darwinsearch.org, 1
+darxx.com, 1
+darya.tk, 1
+daryl-wilcher.tk, 1
+daryl.moe, 1
+darylcumbo.net, 1
+darylwilcher.tk, 1
+darysvet.ru, 1
+das-clanpage.tk, 1
+das-efx.tk, 1
+das-forum24.de, 1
+das-maennermagazin.com, 1
+das-mediale-haus.de, 1
+das-pna.ao, 1
+das-sommercamp.de, 1
+das.nl, 1
+dasabomobil.de, 1
+dasble.com, 1
+dascan.com.br, 1
+dasdanny.de, 1
+daseinsfreu.de, 1
+daservajesus.com, 1
+daservajesus.net, 1
+dasfest.com, 1
+dasgeestig.nl, 1
+dashboard.gov.ph, 1
+dashboard.run, 1
+dashboardph.com, 1
+dashboardphilippines.com, 1
+dashdoc.eu, 1
+dashdrive.net, 1
+dasher.co.za, 1
+dashice.com, 1
+dashipping.com, 1
+dashlane.com, 1
+dashofmedia.com, 1
+dashofting.com, 1
+dashwebconsulting.com, 1
+dasignsource.com, 1
+dasinternetluegt.at, 1
+daskirschhaus.com, 1
+dasler.eu, 1
+dasolindustrialpark.tk, 1
+dastchin.live, 1
+dastchin.shop, 1
+dasteichwerk.at, 0
+dastelefonbuch.de, 1
+dastomize.com, 1
+dasug.de, 1
+data-access-point.com, 1
+data-analyse.nl, 1
+data-detox.de, 1
+data-exchange.tk, 1
+data-jt.de, 1
+data-loader.com, 1
+data-mail.tk, 1
+data-mining.co.uk, 1
+data-privacy.tk, 1
+data-reader.de, 1
+data-replicator.cloud, 1
+data-replicator.com, 1
+data-servers.com, 1
+data-wing.ga, 0
+data.gov, 1
+data.govt.nz, 1
+data.haus, 1
+data.world, 1
+data18.com, 1
+data3w.nl, 1
+dataadvantage.se, 1
+database-excel-integration.com, 1
+database-word-integration.com, 1
+database.com, 1
+databasedrivers.cloud, 1
+databasez.net, 1
+databeam.de, 0
+databiz.ga, 1
+datablender.nl, 1
+databutlr.com, 1
+databutlr.net, 1
+datacalle.com, 1
+datacaptive.com, 1
+datacave.is, 1
+datacenterbrasil.ga, 1
+datacenternews.asia, 1
+datacenternews.co.nz, 1
+datacenternews.us, 1
+datacentrenews.eu, 1
+datacentresupport.com, 1
+datacloud.gq, 1
+datacomm.com, 1
+datacommissioner.gov.au, 0
+datacool.tk, 1
+datadoghq.com, 1
+datadorf.de, 1
+datadraugen.no, 1
+datadyne.technology, 1
+dataentry.top, 1
+datafarms.com, 1
+datafloq.com, 1
+dataformers.at, 0
+datagate.com.br, 1
+datagir.ir, 0
+datagrail.io, 1
+datagrid.ga, 1
+dataguidance.com, 1
+dataguru.lv, 1
+dataharvest.at, 1
+datahaus.construction, 1
+datahoarder.xyz, 1
+datahove.no, 1
+datainvest.pl, 1
+datakick.org, 1
+datakl.com, 1
+datalich.com, 1
+datalife.gr, 1
+datalift.io, 0
+dataloft.tk, 1
+datalogistics.lt, 1
+datalok.de, 1
+datalysis.ch, 0
+dataman.ml, 1
+datamationgroup.com, 1
+datamish.com, 1
+datapiped.com, 1
+dataprivacyframework.gov, 1
+dataprivacysolution.com, 1
+dataproject.com, 1
+datapun.ch, 1
+datarails.com, 1
+dataregister.info, 1
+datarobot.com, 1
+dataroom-online.org, 1
+datarooms-advisor.org, 1
+datasat.solutions, 1
+datascience.cafe, 1
+datasciencedojo.com, 1
+datasciocean.tech, 1
+datashock.com, 1
+datasite.com, 1
+dataskydd.net, 1
+datasourcenj.org, 1
+dataspace.pl, 1
+datastack.design, 1
+datastar.net, 1
+datastream.org, 1
+datastream.re, 0
+datastudio.google.com, 1
+datasubject.com, 1
+datasubjects.com, 1
+datasunrise.com, 1
+datasupporthub.com, 1
+dataswamp.org, 1
+datatekniikka.fi, 0
+datateknologsektionen.se, 0
+datatips.cl, 1
+datatree.nl, 1
+datatrics.com, 1
+datatruckers.com, 1
+datatruckers.email, 1
+datatruckers.eu, 1
+datatruckers.net, 1
+datatruckers.nl, 1
+datatruckers.org, 1
+datatruckers.social, 1
+datatube.tk, 1
+datatypes.net, 1
+dataunion.com, 1
+datavitec.com, 1
+datavizable.org, 1
+datavoiceoptions.com, 1
+datawar.tk, 1
+datawrkz.com, 1
+datax-cloud.de, 1
+dataxl.net, 1
+datazoo.asia, 1
+datazoo.com, 1
+datdt.com, 1
+date-hijri.net, 1
+dateien.at, 1
+dateierweiterung.com, 1
+datelligent.com, 1
+datema.no, 1
+datememe.com, 1
+datenbitch.org, 0
+datengrab.ws, 1
+datengrab.xyz, 1
+datenightmovies.com, 1
+datenkeks.de, 1
+dateno1.com, 1
+datenreiter.cf, 1
+datenreiter.gq, 1
+datenretter.tk, 1
+datensalat.info, 1
+datenschutz-gruenwald.de, 1
+datenschutz-individuell.de, 1
+datenschutz-isny.de, 1
+datenschutz-leutkirch.de, 1
+datenschutz-luebbecke.de, 1
+datenschutz-oberschwaben.de, 1
+datenschutz-ravensburg.de, 1
+datenschutz-recht-medizin.de, 1
+datenschutz-wangen.de, 1
+datenschutz-weingarten.de, 1
+datenschutzgrundverordnung.de, 1
+datenschutztag.org, 1
+datenschutzzentrum.de, 1
+datenwerkstatt.net, 1
+datessrit.tk, 1
+dating.wedding, 1
+datingadvice.gq, 1
+datingbedrog.tk, 1
+datingblog.tk, 1
+datingfakecheck.com, 1
+datinglocalgirls.com, 1
+datingonlinecheck.com, 1
+datingopportunitiesest.ga, 1
+datingru.ml, 1
+datingru.tk, 1
+datingsite.ml, 1
+datingsrit.tk, 1
+datingswagger.ga, 1
+datingticino.ch, 0
+datingwebsitesforteenagers.cf, 1
+datingyourmate.ga, 1
+datj.net, 1
+datmancrm.com, 1
+datnenhamiltongarden.com, 1
+datomize.com, 1
+datorb.com, 1
+datorhjalp-stockholm.se, 1
+datorhjalpen.link, 1
+datorhjalptaby.se, 1
+datos-quimsaitw.es, 1
+datosfreak.tk, 1
+datovy-portal.cz, 1
+datovy-portal.sk, 1
+datovyaudit.cz, 1
+datovyportal.cz, 1
+datovyportal.sk, 1
+dattelking.com, 1
+dattelking.de, 1
+datumplus.co.uk, 1
+datumstudio.jp, 1
+dature.cloud, 1
+datustribe.tk, 1
+datutoday.tk, 1
+datutorials.tk, 1
+daubecity.de, 1
+daubehosting.de, 1
+dauenhauer.de, 1
+daughertyplasticsurgery.com, 1
+daughtridgeenergy.com, 1
+daugoitot.com, 1
+daum-group.de, 1
+daunatotala.ro, 1
+daunt.link, 1
+dauphincounty.gov, 1
+dausendschoen.de, 1
+davalochki.tk, 1
+davar1.co.il, 1
+davd.cf, 1
+dave-pearce.com, 1
+daveaglick.com, 0
+daveaustin.xyz, 1
+davebelton.com, 1
+davebodnar.tk, 1
+davebuis.tk, 1
+davecardwell.com, 1
+daveedave.de, 1
+davelucia.com, 1
+davemusic.tk, 1
+davenportok.gov, 1
+daveoc64.co.uk, 1
+davep.uk, 1
+davepearce.com, 1
+davepermen.net, 1
+davepullig.co.uk, 1
+daveredfern.com, 1
+daveroverts.nl, 0
+davesasphalt.com, 1
+davesharpe.com, 1
+davesplace.tk, 1
+davesskinks.com, 1
+davetempleton.com, 1
+davewardle.com, 1
+daveyconstructions.com, 1
+davichete.me, 1
+david-almeida.co.uk, 1
+david-andrawos.fr, 1
+david-beckham-online.tk, 1
+david-clarke.id.au, 1
+david-corry.com, 1
+david-edu.com, 1
+david-hinschberger.me, 1
+david-jeffery.co.uk, 1
+david-merkel.de, 1
+david-nextcloud.ddns.net, 1
+david-osipov.me, 1
+david-osipov.vision, 1
+david-pearce.com, 1
+david-reess.de, 1
+david-schiffmann.de, 1
+david.kitchen, 1
+davidadrian.org, 1
+davidalbert.me, 1
+davidandersson.se, 1
+davidbach.com, 1
+davidband.com.au, 1
+davidbranco.me, 1
+davidbrito.tech, 1
+davidbrookes.me, 0
+davidbyrne.tk, 1
+davidcityne.gov, 1
+davidcraft.de, 1
+davidcrousehouse.com, 1
+davidczihak.at, 0
+daviddesberg.com, 1
+daviddietrich.com, 1
+davidebaraglia.it, 1
+davidebasile.tk, 1
+davidelstob.com, 1
+davideonlain.tk, 1
+davidepalma.it, 1
+davidereinato.tk, 1
+davidetmagali.fr, 1
+davidfarland.com, 1
+davidfindlay.org, 1
+davidforward.net, 1
+davidfuentes.es, 1
+davidgouveia.net, 1
+davidgreig.uk, 1
+davidgroup.co.id, 1
+davidgroup.id, 1
+davidgrudl.com, 1
+davidhanle.com, 1
+davidinteriors.tk, 1
+davidje13.com, 1
+davidjktofan.com, 1
+davidjusto.com, 1
+davidkatz.tk, 1
+davidkeane.com, 1
+davidkennardphotography.com, 1
+davidking.xyz, 1
+davidknoll.me.uk, 1
+davidkyburz.ch, 1
+davidlamprea.com, 1
+davidlamprea.eu, 1
+davidlane.io, 0
+davidlemler.me, 1
+davidlillo.com, 1
+davidlindekilde.dk, 1
+davidlouisedelman.com, 1
+davidlyness.com, 1
+davidmanouchehri.com, 1
+davidmcevoy.org.uk, 1
+davidmessenger.co.uk, 1
+davidmgarvin.com, 1
+davidmlujan.com, 1
+davidmocq.com, 1
+davidn.cz, 1
+davidnadaski.com, 1
+davidnoren.com, 0
+davidops.com, 0
+davidorsot.com, 1
+davidovskakreu.tk, 1
+davidpatrickwilson.us, 1
+davidpearce.com, 1
+davidpearce.org, 1
+davidpescarolo.it, 1
+davidrichardson.com, 1
+davidritchie.tk, 1
+davidrteixeira.com, 1
+davids.online, 1
+davidsanker.com, 1
+davidschadlich.com, 1
+davidscherzer.at, 1
+davidsdika.com, 1
+davidsimner.me.uk, 1
+davidson-berquist.com, 1
+davidsonberquist.com, 1
+davidsopas.com, 0
+davidstark.name, 1
+davidstrickler.net, 1
+davidstuff.net, 1
+davidsun.info, 1
+davidsun.name, 1
+davidtiffany.com, 1
+davidtorres4congress.com, 1
+davidvilla.tk, 1
+davidzarza.tk, 1
+davidzeegers.nl, 1
+davidzimmerman3.com, 1
+davie3.com, 1
+daviesscountyin.gov, 1
+daviesscountyinsheriff.gov, 1
+davimun.org, 1
+davinamccall.tk, 1
+davinciwaldorfschool.org, 1
+davisboroga.gov, 1
+daviscannabisco.com, 1
+daviscountyelectionsutah.gov, 1
+daviscountyiowa.gov, 1
+davisdieselandautorepair.com, 1
+davisgrana.tk, 1
+davison.tech, 1
+davisontwp-mi.gov, 1
+davisvision.com, 1
+davmimer-mercerie.ro, 1
+davorin.cf, 1
+davosalestax.com, 1
+davros.eu, 1
+davros.ru, 1
+davulcuyuz.com, 1
+davy-server.com, 1
+davyatletiek.tk, 1
+davyjonesatacado.com.br, 1
+davypropper.com, 1
+dawaai.pk, 1
+daware.io, 1
+dawgs.ga, 1
+dawidpotocki.com, 1
+dawidwrobel.com, 1
+dawnbringer.eu, 1
+dawnbringer.net, 1
+dawnbyte.ch, 1
+dawnlydialnyc.com, 1
+dawnofhope.tk, 1
+dawnson.is, 1
+dawnzine.com, 1
+dawonmedax.com, 1
+dawprogram.org, 1
+dawrimiz.com, 1
+dawson-floridavilla.co.uk, 1
+dawsoncountyga.gov, 1
+dawsoncountyne.gov, 1
+dawsonmt.gov, 1
+dax.do, 1
+dax.guide, 1
+daxenexpress.com, 1
+daxis.io, 1
+daxisweb.net, 1
+daxo.io, 1
+daxoptimizer.com, 1
+daxos.tk, 1
+daxpatterns.com, 1
+daxperience.eu, 1
+daxrunbase.com, 1
+day, 1
+day-of-battlecats.blog, 1
+day.marketing, 1
+daybreaklearning.com.au, 1
+daybuy.tw, 1
+daycomtech.com, 1
+daycontactlens.com, 1
+daycubrem.com, 1
+daydream.team, 1
+dayekelly.com, 1
+dayesh.tk, 1
+daygametraining.com, 1
+daylafit.com, 1
+daylightpirates.org, 1
+daymail.io, 1
+dayman.net, 1
+daymarksi.com, 1
+daymi.co, 1
+daymprove.life, 1
+daynia.net, 1
+daynightdrugs.com, 1
+dayoadetiloye.com, 1
+dayofdays.be, 1
+dayofthegirl.gc.ca, 1
+dayslater.tk, 1
+daysnews.tk, 1
+daysoftheyear.com, 1
+dayswithnostabbings.ca, 1
+daytonahealthsolutions.com, 1
+daytonaparadise.tk, 1
+daytonpcrepair.com, 1
+dayuse-hotels.it, 1
+dayuse.co.uk, 1
+dayuse.com, 1
+dayuse.com.hk, 1
+dayuse.cz, 1
+dayuse.de, 1
+dayuse.es, 1
+dayuse.fr, 1
+dayuse.se, 1
+dayvillefire.gov, 1
+daywind.com, 1
+daywindmusicgroup.com, 1
+daywindrecordingstudio.com, 1
+daywindrecords.com, 1
+daywindworship.com, 1
+dayz.com, 1
+daz8activator.com, 1
+dazenelevator.ph, 1
+dazz.it, 1
+dazzit.ca, 1
+dazzit.com, 1
+dazzit.io, 1
+dazzit.net, 1
+dazzit.org, 1
+dazzit.xyz, 1
+dazzledrive.tk, 1
+dazzlepulse.tk, 1
+dazzlestart.com, 1
+dazzleworks.tk, 1
+db-sanity.com, 1
+db-works.nl, 1
+db.ci, 1
+dba-support.nl, 1
+dbapress.org, 1
+dbaron.org, 1
+dbas.cz, 1
+dbase.cf, 1
+dbautoservice.nl, 1
+dbb.wtf, 1
+dbcartography.com, 1
+dbeilharz.com, 1
+dbeilharz.de, 1
+dbeilharz.eu, 1
+dbentertainment.co.uk, 1
+dbfopraga-pn.waw.pl, 1
+dbgames.info, 1
+dbhome.org, 1
+dbhouse.tk, 1
+dbic.ro, 1
+dbildungscloud.de, 1
+dbinderbilling.com, 1
+dbjc.tk, 1
+dbjg.com, 1
+dblabsite.net, 1
+dblcastles.co.uk, 1
+dbldub.net, 1
+dblfree.com, 0
+dblsuretybonds.com, 1
+dbmiller.org, 1
+dbmnet.be, 1
+dbnext.de, 1
+dboptical.com, 1
+dborcard.com, 0
+dbox.ga, 1
+dbpkg.com, 0
+dbplanview.com, 1
+dbq.com, 1
+dbradley771.com, 1
+dbrand.com, 0
+dbrgn.ch, 1
+dbs.cl, 0
+dbsalon.beauty, 1
+dbsbeautystore.cl, 1
+dbsinergy.tk, 1
+dbt3ch.com, 1
+dbtechreviews.com, 1
+dbtest5.com, 1
+dbtotalnet.tk, 1
+dbtsai.com, 0
+dbtunder.tk, 1
+dbushell.com, 1
+dbw678.com, 1
+dc-acupuncture.com, 0
+dc-design.tk, 1
+dc-elektro.com, 1
+dc-elektro.de, 1
+dc-elektro.eu, 1
+dc-forum.tk, 1
+dc-occasies.be, 1
+dc-service.by, 1
+dc-solutions.at, 1
+dc-texas.com, 1
+dc-zone.com, 1
+dc7342.im, 1
+dcain.me, 1
+dcampusbd.com, 1
+dcards.in.th, 1
+dcareer.tk, 1
+dcave.net, 1
+dcbouncycastles.co.uk, 1
+dcc.cat, 1
+dcc.moe, 1
+dcc.name, 1
+dccdurgor1nbl.cloudfront.net, 1
+dccode.gov, 1
+dccomputerrepair.com, 1
+dccwiki.com, 0
+dcdestetica.it, 1
+dcgprecisionpainters.co.nz, 1
+dchatelain.ch, 0
+dchauriga.com, 0
+dchest.org, 1
+dci.com.br, 1
+dcimpianti.it, 1
+dckd.nl, 1
+dcklvr.fr, 1
+dcl.re, 1
+dclaisse.fr, 1
+dclm.org, 1
+dclmwp.com, 1
+dcm.com, 1
+dcmarvelunited.com, 1
+dcmcleanair.com, 1
+dcmediahosting.com, 1
+dcmeventmanagement.com, 1
+dcmt.co, 1
+dcnews.jp, 1
+dcnews.ro, 1
+dco.sg, 1
+dcomedieta.it, 1
+dcoremassagechairs.com, 1
+dcparts.com.br, 1
+dcpl.bt, 1
+dcpower.eu, 1
+dcpro.pt, 1
+dcpudwa.gov, 1
+dcrdev.com, 1
+dcs.pp.ua, 1
+dcso.de, 1
+dcsoky.gov, 1
+dctrl.ch, 1
+dcustody.xyz, 1
+dcvc.com, 1
+dcw.io, 1
+dcyph.de, 1
+dd-groupinc.com, 1
+dd.art.pl, 1
+dd.center, 1
+dd00228.com, 0
+dd11d.net, 1
+dd202d.com, 1
+dd207d.com, 1
+dd214.gov, 1
+dd215d.com, 1
+dd23project.com, 1
+dd33d.net, 1
+dd3ah.de, 1
+dd5197.co, 1
+dd6729.co, 1
+dd6729.com, 0
+dd6957.co, 1
+dd9297.co, 1
+dd9721.com, 0
+dd9728.co, 1
+dda.gov.ae, 1
+ddatsh.com, 1
+ddays2008.org, 1
+ddcakedeliveryservice.co.uk, 1
+dddd.loan, 1
+dddmelbourne.com, 1
+ddeaejwa.ml, 1
+ddel.de, 1
+dden.ca, 0
+dden.website, 1
+dderyce.com, 1
+ddf.net, 1
+ddhlawyers.com, 1
+ddhosted.com, 0
+ddi.one, 1
+ddiaz.tk, 1
+ddinox.be, 1
+ddjia.com, 0
+ddjlawtampa.com, 1
+ddk.dn.ua, 1
+ddkdoradztwo.pl, 1
+ddkkitchens.com, 1
+ddma.nl, 1
+ddmail.se, 1
+ddmeportal.com, 1
+ddns-anbieter.de, 1
+ddns-test.de, 1
+ddnsip.cn, 1
+ddnsweb.com, 0
+ddog-gov.com, 1
+ddos-mitigation.co.uk, 1
+ddos-mitigation.info, 1
+ddosguard.cf, 1
+ddosolitary.org, 1
+ddproxy.cf, 1
+ddracepro.net, 1
+ddraum.de, 1
+ddsdiscounts.com, 1
+ddy.tw, 1
+de-basiliek.tk, 1
+de-ella.com, 1
+de-google-ify.org, 1
+de-groot.it, 1
+de-haas.dk, 1
+de-kramers.nl, 1
+de-lucadesigns.com.au, 1
+de-medici.nl, 1
+de-mossadeq.tk, 1
+de-ooyevaar.be, 1
+de-ooyevaar.com, 1
+de-ooyevaar.de, 1
+de-ooyevaar.nl, 1
+de-osopanda.com, 1
+de-penaranda.be, 1
+de-rwa.de, 1
+de-servers.de, 1
+de-spil.be, 1
+de.gt, 1
+de.ls, 1
+de.md, 1
+de.search.yahoo.com, 0
+de.vg, 1
+dea.gov, 1
+dead-letter.email, 1
+deadbeef.ninja, 1
+deadboyskilling.tk, 1
+deadbybeats.tk, 1
+deadc0de.re, 1
+deadcoderssociety.tk, 1
+deadescape.tk, 1
+deadhead.tk, 1
+deadlift.tk, 1
+deadlockcoaching.com, 1
+deadpixel.tk, 1
+deadpoolonline.ga, 1
+deadpulse.com, 1
+deadpvp.eu, 1
+deadroot.tk, 1
+deadsamaritan.tk, 1
+deadsea.tk, 1
+deadshortaudio.com, 1
+deadspin.com, 1
+deaecom.gov, 1
+deaf.eu.org, 1
+deafsound.tk, 1
+deaktualisierung.org, 0
+deal-runners.cf, 1
+deal45.ga, 1
+dealandgo.co.il, 1
+dealapp.nl, 1
+dealbanana.no, 1
+dealchip.tk, 1
+dealcoupons.in, 1
+dealcruiser.nl, 1
+dealdump.nl, 1
+dealerselectric.com, 1
+dealerwriter.com, 1
+dealinflatables.co.uk, 1
+dealjumbo.com, 1
+deallix.com, 1
+dealogic.com, 1
+dealpost.it, 1
+dealproject.org.au, 1
+dealroom.co, 1
+dealschief.com, 1
+dealsfinders.blog, 1
+dealsfromheaven.com, 1
+dealsinaz.com, 1
+dealsmagnet.com, 1
+dealsomart.com, 1
+dealsoncart.com, 1
+dealsonhealth.net, 1
+dealstreet.fr, 1
+dealzme.com, 1
+deamonmail.tk, 1
+deamsterdam.ml, 1
+deanandnatalia.co.za, 1
+deanbank.com, 1
+deanconsultancy.co.uk, 1
+deano-s.co.uk, 1
+deanvending.com, 1
+dear-children.ga, 1
+dear-olivia.com, 1
+dearborn.gov, 1
+dearbornheightsmi.gov, 1
+dearburma.com, 1
+dearktiel.nl, 1
+deasserstadsloop.nl, 1
+deasyvow.com, 1
+death.social, 1
+deathberry.ddns.net, 1
+deathclub.eu, 1
+deathcult.fun, 1
+deathlords.tk, 1
+deathmarch.tk, 1
+deathofspring.com, 0
+deathrockstar.tk, 1
+deathsdomain.com, 1
+deathwar.tk, 1
+deathwarrior.tk, 1
+deathy.ro, 1
+deavel.com, 1
+deavel.fr, 1
+deavel.net, 1
+deavon.tk, 1
+debacker.biz, 1
+debarbas.com, 1
+debarkader34.tk, 1
+debarras-diogene.paris, 1
+debarrasantony.com, 1
+debarrasasnieressurseine.com, 1
+debarrasboulognebillancourt.com, 1
+debarrasclichy.com, 1
+debarrascolombes.com, 1
+debarrasnanterre.com, 1
+debashishsahu.com, 1
+debateisland.com, 1
+debats.tk, 1
+debattinnlegg.no, 1
+debatyun.jp, 0
+debauchery.ml, 1
+debbiesblog.nl, 1
+debbiessieraden.tk, 1
+debedstedanskecasinoer.dk, 1
+debeer.tech, 1
+debelareabogados.es, 1
+debelicd.tk, 1
+debesiukas.lt, 1
+debesteaedwinkel.nl, 1
+debesteehbodoos.nl, 1
+debewaker.tk, 1
+debian.link, 1
+debianizzati.org, 1
+debigare.com, 1
+debijloke.be, 1
+debijloke.gent, 1
+debitcloud.com, 1
+debitterballetjes.tk, 1
+deblender.be, 1
+deblender.shop, 1
+deblier.dynv6.net, 1
+deblocking.ga, 1
+deboekaniers.be, 1
+debofnight.com, 1
+deboo.info, 1
+debora-singkreis.de, 1
+deborahkaty.tk, 1
+deborahmarinelli.eu, 1
+debostero.tk, 1
+deboutpourlemali.ml, 1
+debraj.in, 1
+debraj.xyz, 0
+debraydesign.com.au, 1
+debricked.com, 1
+debrunet.nl, 1
+debruns.ie, 1
+debt-consolidation-reviews.org, 1
+debtmetricest.ga, 1
+debtpaypro.com, 1
+debtrecycling.com.au, 1
+debtsolution.cf, 1
+debtsolution.tk, 1
+debtsupportcentre.co.uk, 1
+debtsy.com, 1
+debuemon.com, 1
+debugging.tk, 1
+deburen.tk, 1
+debut-mebel.ru, 1
+debutaredead.tk, 1
+debuyer.com, 1
+debyte.com, 1
+debzsh.tk, 1
+dec-ced.gc.ca, 1
+dec6.gc.ca, 1
+decadentdvices.com, 1
+decal-times.com, 1
+decalquai.ch, 0
+decamidea.it, 1
+decarrouseloss.nl, 1
+decathlon.ca, 1
+decathlon.co.il, 1
+decathlon.com.co, 1
+decathlon.in, 1
+decathlon.lt, 1
+decathlon.lv, 1
+decathlon.my, 1
+decathlon.ph, 1
+decathlon.vn, 1
+decaturcountyiowa.gov, 1
+decaturcountytn.gov, 1
+decaturhistory.com, 1
+decaturish.com, 1
+deceasedonline.com, 1
+decentrala.org, 1
+dechan.com, 1
+dechat.nl, 1
+decherdtn.gov, 1
+dechetor.fr, 1
+dechow.ddns.net, 1
+decibelnewmusic.com, 1
+decide.hopto.org, 1
+decidetreatment.org, 1
+decima.bg, 1
+decimatechnologies.eu, 1
+decimation.tk, 1
+decipe.com, 1
+decis.fr, 1
+decisionssometimes.ml, 1
+decisiontime.online, 0
+decisivetactics.com, 1
+deciso.eu, 1
+decisora.com, 1
+deckerville-mi.gov, 1
+deckfix.co.nz, 1
+deckshop.pro, 1
+declarando.es, 1
+declarativ.ga, 1
+declivitas.com, 1
+declutteringmymess.com, 1
+deco-parisienne.fr, 1
+decoating.pl, 1
+decock-usedcars.be, 1
+decode.ga, 1
+decodeanddestroy.com, 1
+decofire.pl, 0
+decokeuken.nl, 1
+decologisticsgh.com, 1
+decompression.tk, 1
+decompressneuroma.com, 1
+deconstructind.ro, 1
+decopros.fr, 1
+decor-anna.com, 1
+decor-essentials.com, 1
+decor-live.ru, 1
+decor-prazdnik.ru, 1
+decorahia.gov, 1
+decoral.org, 1
+decoratingadvice.co.uk, 1
+decorations-elmotamaiz.com, 1
+decoratiunidulci.ro, 1
+decorativeconcretewa.com.au, 1
+decorativecosmetics.tk, 1
+decorator.uk, 1
+decoratore.roma.it, 1
+decorestilo.com.br, 1
+decorlux.bg, 1
+decorluxmuebles.com, 1
+decormiernissanparts.com, 1
+decorno.tk, 1
+decorpol-renovation.fr, 1
+decorsolucionesgraficas.es, 1
+decorumcomics.com, 1
+decosoftware.com, 1
+decotax.com, 1
+decotonic.com, 1
+decotrend.ro, 1
+decoyoctopus.tk, 1
+decrousaz-ceramique.ch, 0
+decrypt.co, 1
+decrypto.net, 1
+decs.es, 1
+decstasy.de, 1
+decsys.work, 1
+decubex.com, 1
+dedal.store, 0
+dedede.ro, 1
+dedelta.net, 1
+dedeo.tk, 1
+dedg3.com, 1
+dedge.org, 1
+dedicatedservers.cf, 1
+dedicatedtowomenobgyn.com, 1
+dedmoroz.ga, 1
+dedmoroz.gq, 1
+dedmorozrzn.ru, 0
+dedns.com, 1
+dedoho.pw, 1
+dedoles.at, 1
+dedoles.com, 1
+dedoles.cz, 1
+dedoles.de, 1
+dedoles.hu, 1
+dedoles.pl, 1
+dedoles.ro, 1
+dedoles.sk, 1
+deduijventil.nl, 1
+dedurpsidioten.tk, 1
+dedyk.gq, 1
+dee.pe, 1
+dee.su, 1
+deechtebakkers.nl, 1
+deedixservice.com, 1
+deedoo.com, 1
+deeds.com, 1
+deedyinc.com, 1
+deeezy.com, 1
+deegeeinflatables.co.uk, 1
+deejayladen.de, 1
+deejayz.tk, 1
+deelmee.nl, 1
+deelmijnreis.nl, 1
+deelodge.art, 0
+deemasfashion.co.uk, 1
+deemasfashion.com, 1
+deemasfashion.us, 1
+deemlove.com, 1
+deenergiecentrale.be, 1
+deenergiecentrale.gent, 1
+deeonix.eu, 1
+deep-core.tk, 1
+deep-labs.com, 1
+deep-wave-hair-extensions.tk, 1
+deep6.ai, 1
+deepaero.com, 1
+deeparamaraj.com, 1
+deepbluecrafting.co.uk, 1
+deepblueemail.com, 1
+deepbuy.tech, 1
+deepcreampie.com, 1
+deepgame.tk, 1
+deephill.com, 1
+deephustlellc.com, 1
+deepid.com, 1
+deepinnov.com, 1
+deepinsight.io, 1
+deepl.com, 1
+deeplink-medical.com, 1
+deepmountains.tk, 1
+deepnote.com, 1
+deeps.cat, 1
+deepserve.info, 1
+deepset.ai, 1
+deepset.com, 1
+deepsingh.tk, 1
+deepsky.tk, 1
+deepsoulutions.cf, 1
+deepsoulutions.ga, 1
+deepsoulutions.gq, 1
+deepsoulutions.ml, 1
+deepspace.dedyn.io, 1
+deepu-mathew.tk, 1
+deepumathew.tk, 1
+deepvalley.tech, 1
+deepwoodshop.com, 1
+deerfieldknoll.com, 1
+deeringnh.gov, 1
+deerlycke.tk, 1
+deesse-gaia.fr, 1
+deezeno.com, 1
+def-pos.ru, 1
+defamiliehagen.com, 1
+defaultisafault.com, 1
+defcon.org, 1
+defcongame.tk, 1
+defcongroups.org, 1
+defectivebydesign.org, 1
+defeestboek.nl, 1
+defeestridders.tk, 1
+defelo.de, 1
+defelo.ml, 1
+defence.pk, 1
+defencemilcis2022.com.au, 1
+defend2.org, 1
+defendanimals.com, 1
+defender-pro.com, 1
+defendinnovation.org, 1
+defendtheweb.co.uk, 1
+defendtheweb.net, 1
+defenestrazionedipra.ga, 1
+defensefrontit.com, 1
+defenseweapon.tk, 1
+defensie.tk, 1
+defensivefirearmsinstruction.org, 1
+defensoresunidos.tk, 1
+defero.io, 1
+defesa.gov.br, 1
+defesaaereanaval.com.br, 1
+deffo.com.au, 0
+defi-metier.com, 0
+defi-metier.fr, 0
+defi-metier.org, 0
+defi-metiers.com, 0
+defi-metiers.org, 0
+defiant.com, 1
+defichain.com, 1
+defietsambassade.be, 1
+defietsambassade.gent, 1
+defietsambassadegent.be, 1
+defifa.ga, 1
+defile.ml, 1
+defiler.tk, 1
+defimetier.fr, 0
+defimetier.org, 0
+defimetiers.com, 0
+defimetiers.fr, 0
+define-atheism.com, 1
+define-atheist.com, 1
+defineatheism.com, 1
+defineatheist.com, 1
+definethenoise.tk, 1
+definingterms.com, 1
+definitely.cn, 0
+definitions360.com, 1
+definitivepressurewashing.com, 1
+defis-franciliens.fr, 1
+defiscalisation.ml, 1
+defiscan.live, 0
+defisolutions.ch, 0
+defkey.com, 1
+deflumeri.com, 1
+deflumeriker.com, 1
+defme.eu, 1
+defont.nl, 1
+defreecefinancial.com, 1
+defreitas.no, 1
+defriesezaak.nl, 1
+deftek.com, 1
+defterikebir.tk, 1
+deftig-und-fein.de, 1
+defunct-engineers.ml, 1
+defuse.ca, 1
+degala.tk, 1
+degasten.tk, 1
+dege.me, 1
+degeberg.com, 1
+degeberg.dk, 1
+degeeks.xyz, 1
+degen-elektrotechnik.de, 1
+degenerativediscdiseaseexplained.com, 1
+degens.io, 1
+degentseflikkenzoekenu.be, 1
+degeo.cf, 1
+degeo.ml, 1
+degestamptepot.nl, 1
+degewonegezondemeid.nl, 1
+degilde.tk, 1
+degirmenkasi.tk, 1
+degit.de, 1
+dego.biz.id, 0
+degoeiewebsite.cf, 1
+degooglisons-internet.com, 1
+degooglisons-internet.fr, 1
+degooglisons-internet.org, 1
+degooglisons.org, 1
+degooglisonsinternet.org, 1
+degooglize.org, 1
+degoulet.net, 1
+degraafschapdierenartsen.nl, 1
+degracetechnologie.com, 1
+degradarium.com, 1
+degraissagehotte.fr, 1
+degrasboom.org, 1
+degravel.net, 1
+degreecollege.tk, 1
+degreeducation.tk, 1
+degreequalified.com, 1
+degreesofcomfort.com, 1
+degreesonline.com, 1
+degressif.com, 1
+degroetenvanrosaline.nl, 1
+degrootenslot.nl, 0
+degrootsteshop.nl, 1
+degustuju.cz, 1
+dehaagsehogeschool.nl, 1
+dehaanadvocatenkantoor.nl, 1
+dehaancaravans.nl, 1
+dehippeouder.nl, 1
+dehkade3.ml, 1
+dehoga-reisen.de, 1
+dehop.re, 1
+dehopre.com, 1
+dehumanizer.com, 1
+deiaprint.com, 1
+deidee.nl, 1
+deimos.gq, 1
+dein-baumdienst.de, 1
+dein-trueffel.de, 1
+dein.mx, 1
+deinballon.de, 1
+deindeal.ch, 1
+deineagentur.de, 1
+deinelakaien.tk, 1
+deinewebsite.de, 1
+deinhardt.com, 1
+deinjoghurt.de, 1
+deinsparen24.de, 1
+deionized.ga, 1
+deisedigital.com, 1
+deitec-global.com, 1
+deitti.net, 1
+deja-lu.de, 1
+dejandayoff.com, 1
+dejaren80.tk, 1
+dejavu.ml, 1
+dejected.ga, 1
+dejfcold.cz, 1
+dejie.com, 1
+dejiren.com, 1
+dejmidarek.cz, 1
+dejon-whirlpools.de, 1
+dejongonline.eu, 1
+dejorisenkeesshow.tk, 1
+dejoylandschools.com, 1
+dejure.org, 0
+dejuzconsults.com, 1
+dekalbcountyclerkil.gov, 1
+dekalbcountymo.gov, 1
+dekampioenen.tk, 1
+dekasegi-kansai.com, 1
+dekasegifuzoku.com, 1
+dekasseguiempregos.com, 1
+dekel.co.il, 1
+dekeurslagers.nl, 1
+dekinai.moe, 1
+dekko.io, 1
+dekoh-shouyu.com, 0
+dekonijnenburcht.tk, 1
+dekorasyonu.net, 1
+dekoration.cf, 1
+dekoration.gq, 1
+dekoration.ml, 1
+dekoration.tk, 1
+dekordiyon.com, 1
+dekulk.nl, 0
+del-ex.de, 1
+delahrzolder.nl, 1
+delam.site, 1
+delamoreretirement.com.au, 1
+delanomn.gov, 1
+delaquila.com.co, 1
+delartouducocon.com, 1
+delasamericas.tk, 1
+delavega.ua, 1
+delavska-hranilnica.si, 1
+delavska.si, 1
+delawarehealth.tk, 1
+delawarenation-nsn.gov, 1
+delawaretwpmi.gov, 1
+delay-dengi.cf, 1
+delaydengy.tk, 1
+delaysoft.tk, 1
+delbecqvo.be, 1
+delcan.ga, 1
+delcan.gq, 1
+delcan.ml, 1
+delcity.gov, 1
+delcopa.gov, 1
+delcopalandbank.gov, 1
+deldadegan.tk, 1
+delduca.casa, 1
+deleesanghers.tk, 1
+delegao.moe, 1
+deleidscheflesch.nl, 1
+delete.cf, 1
+deletebin.com, 1
+deletebin.org, 1
+delfi.ee, 1
+delfi.lt, 1
+delfi.net, 1
+delfic.org, 1
+delfinus.tk, 1
+delftstudy.nl, 1
+delhi-escorts.in, 1
+delhi.edu, 1
+delhicleanairforum.tk, 1
+delhitourism.gov.in, 1
+delhitownshipmi.gov, 1
+deli-fuzoku.jp, 1
+deliacreates.com, 1
+deliandiver.org, 1
+delicaclubphils.tk, 1
+delicadosonico.tk, 1
+delicale.com.br, 1
+delicatewonders.com, 1
+delici.art.br, 1
+deliciascomercial.com, 1
+delicious-audio.com, 1
+delicious.gq, 1
+deliciousmedia.co.uk, 1
+deliciousmedia.net, 1
+delicioustable.com, 1
+delicon.jp, 1
+delijan24.ir, 1
+delika.io, 1
+delikom.de, 1
+delio.tk, 1
+delirio.tk, 1
+delistudio.cf, 1
+delitefully.com, 1
+delitto.top, 1
+deliuksta.lt, 1
+deliverability.guru, 1
+delivereasy.tk, 1
+delivery.it, 1
+deliveryman.site, 1
+delivr.com, 1
+deljeconiah.com, 1
+delker.com, 1
+delkomrockdrill.com, 1
+dellacasapizzasemassas.com.br, 1
+dellamorte.tk, 1
+dellasano.com, 1
+dellie.com, 1
+dellipaoli.com, 1
+dellirium.tk, 1
+delmarsumter.nl, 0
+delofderonvolmaaktheid.tk, 1
+delogo.nl, 1
+delontewest.tk, 1
+delorenzi.dk, 1
+deloretta.com, 1
+delosgaia.nl, 1
+delpark.de, 1
+delphia.ai, 1
+delphia.com, 1
+delphibasics.tk, 1
+delphij.net, 1
+delphinarabic.tk, 1
+delphine.dance, 1
+delprete.me, 1
+delpuertohealth.gov, 1
+delrayengineering.ca, 1
+delsfranchise.com, 1
+delsolphotography.com, 1
+delta-data.ch, 1
+delta-electric.net, 1
+delta-games.tk, 1
+delta-hawks.tk, 1
+delta-host.ml, 1
+delta-market.ru, 1
+delta.ai, 1
+delta.ru, 1
+delta24.ml, 1
+deltacity.net, 1
+deltacomputer.com, 1
+deltacomputer.de, 1
+deltacountyco.gov, 1
+deltacountymi.gov, 1
+deltacountymi.org, 1
+deltadentalmo.com, 1
+deltadentalsc.com, 1
+deltafm.tk, 1
+deltaloja.com.br, 1
+deltamusik.tk, 1
+deltamvcd.gov, 1
+deltanio.nl, 0
+deltaonlineguards.com, 1
+deltaphiepsilon.tk, 1
+deltaprise-events.de, 1
+deltarisk.com, 0
+deltaserat.tk, 1
+deltaservers.blog.br, 1
+deltaservers.com.br, 1
+deltasigmachi.org, 1
+deltasigmaxi1971.tk, 1
+deltasul.com.br, 1
+deltasuprimentos.com.br, 1
+deltav.ml, 1
+deltava.org, 1
+deltawolf.net, 1
+deltaworkssecurity.com, 1
+deltaworkssecurity.nl, 1
+delugarnenhum.com, 1
+delugerpg.com, 1
+delunee.co, 1
+deluxe-bot.tk, 1
+deluxe-dubai.com, 1
+deluxeblogtips.com, 1
+deluxecar.fr, 1
+delvemagazine.ca, 1
+delvinoadegas.com.br, 1
+delycate.com, 1
+delycate.fr, 1
+delzottolink.com, 1
+demaison.pro, 1
+demandbase.com, 1
+demander.tk, 1
+demandmatrix.com, 1
+demannen.tk, 1
+demarestnj.gov, 1
+demarit.fi, 1
+demascotas.es, 0
+demedx.at, 1
+demenagement-chalon.fr, 1
+demenagement-sfd.fr, 1
+demenagementagb.com, 1
+dementiafactsexplained.com, 1
+dementiapraecox.de, 1
+dementieva-pennetta.tk, 1
+dementievriendelijk.gent, 1
+dementievriendelijkgent.be, 1
+demes.tk, 1
+demesos.tk, 1
+demetra-site.com.ua, 1
+demeubelmakelaar.nl, 1
+demeyere-usedcars.be, 1
+demfloro.ru, 1
+demicon.biz, 1
+demijn.nl, 1
+demilletech.net, 1
+demilovatomexico.tk, 1
+demine.freeboxos.fr, 1
+deminormaastricht.tk, 1
+demiranda.com, 1
+demirdokum.tk, 1
+demisch-tim.de, 1
+demischtim.de, 1
+demish.tk, 1
+demmakina.com, 1
+demmarket.ru, 1
+demmer.one, 1
+demo-awl.com, 1
+demo-ferma.ga, 1
+demo.com.my, 1
+demo.sb, 1
+demo.swedbank.se, 1
+demobiliteitfinancier.nl, 1
+democracy-news.tk, 1
+democracy.cf, 1
+democracychronicles.com, 1
+democracydirect.com, 1
+democracyineurope.eu, 1
+democratherald.com, 1
+democratie.tk, 1
+democraziaineuropa.eu, 1
+demografia.tk, 1
+demohubglobal.com, 1
+demokisisel.tk, 1
+demokrasi.tk, 1
+demolandia.net, 1
+demolitetuto.fr, 1
+demomanca.com, 1
+demonbuster.tk, 1
+demondms.com, 1
+demonforums.tk, 1
+demonicademorte.tk, 1
+demonicresurrection.tk, 1
+demonics.tk, 1
+demonized.tk, 1
+demonmassacre.tk, 1
+demonoid.is, 1
+demonstrably.live, 1
+demontage.tk, 1
+demonwav.com, 1
+demonwithin.tk, 1
+demonwolfdev.com, 1
+demopanel.tk, 1
+demorgen.be, 1
+demostweb.ga, 1
+demotivatorbi.ru, 1
+demoussage-drone.fr, 1
+dempe.tk, 1
+dempsters.ca, 0
+demsh.org, 1
+demshoesdoh.com, 0
+demuzere.be, 1
+demuzere.eu, 1
+demuzere.net, 1
+demuzere.org, 1
+demxausa.com, 1
+den-fi.com, 1
+den.vc, 1
+dena.pro, 1
+denabot.pw, 1
+denachtegaalferwert.tk, 1
+denaehula.com, 1
+denali.net, 1
+denarium.com, 1
+denatured.tk, 1
+denbar.org, 1
+dencel.lv, 1
+denchik.tk, 1
+dendi.tk, 1
+dendibanget.tk, 1
+dendra.io, 1
+dendrite.fail, 1
+denegka-mgnovenno.cf, 1
+denegmnogo.tk, 1
+denejki.tk, 1
+denet.pro, 0
+denformlab.lt, 1
+dengg.name, 1
+dengidoma24.ml, 1
+dengisrazu.tk, 1
+dengivdolg.ml, 1
+dengivdolg.tk, 1
+dengivdom.tk, 1
+dengjunhui.cn, 1
+dengyt.net, 1
+denhartogracing.com, 1
+denhotels.com, 1
+denied.gr, 1
+denieuwenederlandsevlag.tk, 1
+denimtoday.com, 1
+denince.net, 1
+denisaadolfova.com, 1
+denisadinu.com, 1
+denisdftnewyorklife.com, 1
+denisdimoski.tk, 1
+denisewakeman.com, 1
+denisglobal.com, 1
+denisgrandverger.de, 1
+denismusic.ga, 1
+denisontx.gov, 1
+denispiknjac.com, 1
+denissalignat.fr, 1
+denissealatinsoul.com, 1
+denistruffaut.fr, 0
+denisyakovlev.ga, 1
+denisyakovlev.ml, 1
+denisyan.ml, 1
+deniszczuk.pl, 1
+deniz.uk, 1
+denizdesign.co.uk, 1
+denizkutan.com, 1
+denizlicilingir.org, 1
+denizlihaber.tk, 1
+denizlihaberleri.tk, 1
+denizlisohbet.tk, 1
+denizuydur.nl, 1
+denk-it.be, 1
+denkeandersblog.de, 1
+denker.tk, 1
+denkerstube.net, 1
+denkit.com, 1
+denkmalagentur.ch, 1
+denkmalsetzung.at, 1
+denknowles.com, 1
+denkorolev.ga, 1
+denkubator.de, 1
+denner.ch, 1
+denninger.jp, 1
+denningny.gov, 1
+dennis-carpenter.com, 1
+dennisang.com, 1
+denniscsl.com, 1
+dennishenrique.com.br, 1
+dennishzg.com, 1
+denniskoot.nl, 1
+dennislicht.tk, 1
+dennismurphy.biz, 1
+dennisrubin.tk, 1
+dennisswiers.tk, 1
+dennistyfus.tk, 1
+dennisvandenbos.nl, 1
+dennmart.me, 1
+dennogumi.org, 1
+deno.com, 1
+denous.nl, 1
+denovo.energy, 1
+denovocorp.com, 1
+denrei.com, 1
+densmirnov.com, 1
+densocean.net, 1
+dent-academ.ru, 1
+dent.uy, 1
+denta-ua.com, 1
+dentad.com.ua, 1
+dentadir.com, 0
+dental-cloud.eu, 1
+dental-colleges.com, 1
+dental-fitness.co.jp, 1
+dental.gq, 1
+dentalcareerfinder.com, 1
+dentalcareersedu.org, 1
+dentalcolleges.tk, 1
+dentalimplantscost.com.au, 1
+dentaloptimizer.com, 1
+dentalqore.com, 1
+dentalqoretemp.com, 1
+dentalreklamlari.tk, 1
+dentals.cf, 1
+dentalsupportuk.com, 1
+dentalturism.com, 1
+dentalunion.ru, 1
+dentcountyhealth.gov, 1
+dentdelion-plugin.com, 1
+dented.gq, 1
+dentelegan.com, 1
+dentisalut.com, 1
+dentislabor.lt, 1
+dentist-profi.ga, 1
+dentistaaroma.com, 1
+dentistabarbarajaqueline.com.br, 1
+dentistalagoasanta.com.br, 1
+dentistesdarveauetrioux.com, 1
+dentistquezoncity.com, 1
+dentistree.in.ua, 1
+dentistsgainesvillega.com, 1
+dentistslilburnga.com, 1
+dentoncounty.gov, 1
+dentoncountysheriffjobs.gov, 1
+dentonolab.lt, 1
+dentrassi.de, 1
+dentsugrantgroup.com, 1
+dentystabirmingham.co.uk, 1
+denuevestore.com, 1
+denugka-vezde.gq, 1
+denugka-vezde.tk, 1
+denunzieren.tk, 1
+denver-design.cf, 1
+denver.show, 1
+denver.tk, 1
+denver7.com, 1
+denverautoinsurancecompany.com, 1
+denverclassifieds.net, 1
+denverescorts.net, 1
+denverilluminations.com, 1
+denvernews.ml, 1
+denverroot.com, 1
+denvillenj.gov, 1
+denvillepolice.gov, 1
+denydarko.tk, 1
+deobandi.tk, 1
+deobandimazhab.tk, 1
+deonlineassistente.nl, 1
+deonlinedrogist.nl, 1
+deontology.com, 1
+deoostfrees.com, 1
+deooyevaar.be, 1
+deooyevaar.com, 1
+deooyevaar.de, 1
+deooyevaar.es, 1
+deooyevaar.fr, 1
+deooyevaar.nl, 0
+deoxy.org, 1
+depaco.com, 1
+depak.de, 1
+depannage-traceur.fr, 1
+depapboeren.tk, 1
+deparis.me, 1
+departamentos.top, 1
+departamentosenventaen.com, 1
+departamentosenventaentulum.com, 1
+departamentoslosolivos.tk, 1
+departmentofdefense.tk, 1
+departmentofoncology.com, 1
+departureboard.io, 1
+depaulmanorestate.com.au, 0
+depcoa.date, 1
+depcompower.com, 1
+depd.rocks, 1
+depdesign.com, 1
+depeche.ga, 1
+depechemode-live.com, 1
+depechemode.de, 1
+deped.blog, 0
+deped.io, 1
+depedcommons.com, 1
+depedcommons.org, 1
+depedept.com, 0
+depedsurigaodelnorte.com, 1
+depedtambayan.blog, 0
+depedtambayan.net, 1
+depedtayo.ph, 1
+depelos.co, 1
+depelteau.com, 1
+dependonplus.com, 1
+dependopolis.com, 1
+deperewi.gov, 1
+depicus.com, 1
+depijl-mz.nl, 0
+depijp.tk, 1
+depilazione.roma.it, 1
+depilestil.es, 1
+depiratas.com.es, 0
+depistage-bejune.ch, 1
+depleteduranium.tk, 1
+deplis.fr, 0
+deplorablesdaily.com, 1
+depokcity.tk, 1
+depolauncher.cf, 1
+depone.net, 0
+depop.com, 1
+deported.ml, 1
+deportes.in, 1
+deportescr.net, 1
+deportestalcahuano.tk, 1
+deportivo-pasto.tk, 1
+depositart.com, 1
+depositomerci.it, 1
+depositomobili.it, 1
+depository.ml, 1
+depotaraf.com.tr, 1
+depotchronicle.com, 1
+depotronik.com, 1
+depotsquarekerrville.com, 1
+depotter-usedcars.be, 1
+deprecate.de, 1
+depressionadvice.gq, 1
+deprobe.pro, 1
+deprofundis.tk, 1
+deps.com.br, 1
+depthsofdepravity.tk, 1
+depuberteit.tk, 1
+depuratore.it, 1
+dequemurio.com, 1
+dequency.io, 1
+der-bank-blog.de, 1
+der-beste-schumpeter-vortrag.de, 1
+der-elite.blog, 1
+der-gardinenmann.de, 1
+der-lan.de, 1
+derailer.org, 1
+derakkers.tk, 1
+derango.tk, 1
+deratisation-prix.fr, 1
+deratisation.maison, 1
+deratisation.paris, 1
+derattizzare.it, 1
+derattizzazione.name, 1
+derattizzazioni.biz, 1
+derattizzazioni.it, 1
+derattizzazioni.milano.it, 1
+derattizzazioni.org, 1
+derbuntering.de, 1
+derby.ge, 1
+derbybouncycastles.com, 1
+derbymoneyman.com, 1
+derbyshire-language-scheme.co.uk, 1
+derbysound.com, 1
+derbyware.com, 1
+derchris.me, 1
+derdevel.de, 1
+derdewereldrommelmarkt.nl, 1
+derechosanimales.tk, 1
+dereddingsklos.nl, 1
+dereferenced.net, 1
+derejilla.online, 1
+derekbarnes.consulting, 1
+derekgendron.com, 1
+derekheld.com, 1
+derekkent.com, 1
+dereklow.co, 1
+derekseaman.com, 1
+derekseaman.studio, 1
+deremeavocats.be, 1
+derewonko.com, 1
+derf.fr, 1
+derfritz.at, 1
+dergon.club, 1
+derguns.town, 1
+derhaeuptling.de, 1
+derhil.de, 1
+derinsular.tk, 1
+derivative-calculator.net, 1
+derivativeshub.pro, 1
+derive.cc, 0
+derive.cf, 1
+derkach.io, 1
+derkarl.tk, 1
+derkbarten.nl, 1
+derkuki.de, 1
+derlux.tk, 1
+dermacarecomplex.com, 1
+dermafeelstudio.com, 1
+dermaldistinction.com, 1
+dermalenzburg.ch, 1
+dermapaz.net, 1
+dermaprocollagen.com, 1
+dermapuur.nl, 1
+dermarollerbest.com, 1
+dermato.floripa.br, 1
+dermatolog-ivanova.com, 1
+dermatologie-morges.ch, 0
+dermatologistmumbai.com, 1
+dermatologyandlasergroup.com, 1
+dermax.tk, 1
+dermedia.tk, 1
+dermediq.nl, 1
+dermnet.ai, 1
+dermody.ga, 1
+dermopigmentista.it, 1
+dermot.org.uk, 1
+dermscc.com, 1
+dermsf.com, 1
+dermu.ai, 1
+deroo.org, 1
+deroo.tk, 1
+derou.com, 1
+derp.army, 1
+derp.chat, 1
+derpibooru.org, 1
+derpicdn.net, 1
+derpy.pp.ua, 1
+derre.fr, 1
+derreichesack.com, 1
+derricofinancialservices.com, 1
+derrybasketball.tk, 1
+dersimizmatematik.cf, 1
+dersoundhunter.de, 1
+derssonu.com, 1
+derstulle.de, 1
+derventzis.gr, 1
+derw.pw, 1
+derwaldschrat.net, 1
+derze.cloud, 1
+des-hommes-et-des-clous.com, 1
+desacanggu.id, 1
+desafiomovilidadsustentable.com, 1
+desagaz.com, 1
+desakatorock.tk, 1
+desalas.org, 1
+desanctispro.com, 1
+desant.com, 1
+desapego.com.br, 1
+desarrollamosweb.com, 1
+descargapormega.ml, 1
+descargar-apk.org, 1
+descobrim.com, 1
+desconfiats.tk, 1
+descopera.ro, 1
+descubre.ml, 1
+descuentomi.es, 1
+desec.io, 1
+desecsecurity.com, 1
+deseneonline.tk, 1
+desensitized.tk, 1
+desenvolvimentolocalvfa.com.br, 1
+deseosvip.tk, 1
+desergo.com, 1
+desert.cf, 1
+desertbloomplasticsurgery.com, 0
+desertbloomskincare.com, 1
+desertbluffs.com, 1
+desertfiredesigns.com, 1
+desertfury.tk, 1
+desertgrove.com, 1
+deserti.tk, 1
+desertlinealuminium.com, 1
+desertlinegroup.com, 1
+desertmedaesthetics.com, 1
+desertnaturals.me, 1
+desertofoldies.tk, 1
+desertsounds.org, 1
+desgenst.ch, 1
+desguacesbarcelonacat.com, 1
+desguacesdecamiones.es, 1
+deshalb.de, 1
+deshevle-net.com, 1
+deshobi.cloud, 1
+desic-sl.com, 1
+desiderantes.tk, 1
+desideriushogeschool.be, 1
+design-in-bad.eu, 1
+design-n-art.tk, 1
+design-production.jp, 1
+design-tooning.de, 1
+design-tricks.gq, 1
+design-your-life.info, 1
+design2u.eu, 1
+designacademy.ru, 1
+designanyware.com.br, 1
+designarea.tk, 1
+designartepublicidad.com, 1
+designbro.com, 1
+designburners.com, 1
+designbymargot.com, 1
+designbymargot.fr, 1
+designbymargot.pro, 1
+designcanada.com, 1
+designdecoration.info, 1
+designdecorativ.ro, 1
+designdept.com.au, 1
+designengineering.com, 1
+designer-drug.com, 1
+designer.cn, 1
+designerjoe.gq, 1
+designerrateest.ga, 1
+designeus.ga, 1
+designeus.gq, 1
+designeus.tk, 1
+designforchangetaiwan.org, 1
+designformanufacturability.net, 1
+designgraphic.fr, 1
+designgurus.org, 0
+designhill.com, 1
+designhoheit.de, 1
+designhuddle.com, 1
+designmodernideas.tk, 1
+designnprint.nl, 1
+designpro.tk, 1
+designrhome.com, 1
+designsbyjanith.com, 1
+designsbyscott.ca, 1
+designsite.tk, 1
+designsociety.tk, 1
+designstripe.com, 1
+designsystem.gov.scot, 1
+designtagebuch.com, 1
+designtrc.com, 1
+designville.cz, 1
+designville.sk, 1
+desimpelaere.eu, 1
+desinfectantemanos.org, 1
+desinfection-gale.fr, 1
+desinfectionfrance.com, 1
+desingslash.tk, 1
+desinsectisation-punaise-de-lit.com, 1
+desinsectisation.paris, 1
+desiplex.tk, 1
+desire-host.tk, 1
+desirememory.cf, 1
+desish.cf, 1
+desitorrents.tv, 1
+desivideos.tk, 1
+desize.com, 1
+desk-yogi.com, 1
+deskaservices.com, 1
+deskdesign.nl, 1
+deskeen.fr, 1
+desktopcentral.ath.cx, 1
+desktopd.eu.org, 0
+desktopfibra.com, 1
+desktopfx.net, 0
+desktopia.tk, 1
+desktopsolos.tk, 1
+deskture.com, 1
+deskvip.com, 1
+desmo.gg, 1
+desmon.blog, 1
+desmu.fr, 1
+desna.tk, 1
+desonnemannen.tk, 1
+desormiers.com, 1
+despachomariscal.com, 1
+desperate.solutions, 1
+desperatesailors.com, 1
+despertarparavida.org, 1
+desplainesil.gov, 1
+despoina-vandi.tk, 1
+despondentrock.tk, 1
+despora.de, 1
+desportvriendenoverijse.tk, 1
+despotika.de, 1
+desserteagleselvenar.tk, 1
+dessinemoilademocratie.ch, 0
+dest-gottskar-nidingen.se, 1
+destcyr.com, 1
+destech.nl, 1
+desteniiprocess.com, 1
+desteptarea.com, 1
+desterman.ru, 1
+desterproducts.nl, 1
+desterrada.tk, 1
+destguides.com, 1
+destileria.net.br, 1
+destilteomarmd.be, 1
+destinattorneyjohngreene.com, 1
+destinomistico.com, 1
+destinopiriapolis.com, 0
+destinotecnologico.ml, 1
+destinyofthephoenix.me, 0
+destinypedia.com, 1
+destinytemplates.tk, 1
+destock-poitou.fr, 1
+destom.be, 1
+destreekboer.ml, 1
+destroyed.ga, 1
+destroyed.tk, 1
+destroysilence.cf, 1
+destroysilence.ga, 1
+destroysilence.gq, 1
+destroysilence.ml, 1
+destruction-frelon-asiatique.com, 1
+destructive-revolution.tk, 1
+destructoradepapel.com.es, 1
+destudio.org.ua, 1
+destuurmanskolk.nl, 1
+destyntek.com, 1
+desu.ne.jp, 1
+desuchan.eu, 1
+desuchan.org, 1
+desucla.com, 1
+desvan.tk, 1
+deswaffelaars.tk, 1
+desy.tk, 1
+desyatnichenko.ml, 1
+desygner.com, 1
+desynced.rocks, 1
+det-te.ch, 1
+detailedimage.com, 1
+detailingsp.com, 1
+detakhukum.com, 1
+detalika.ru, 1
+detao.org, 1
+detc.tk, 1
+detceptam.com, 1
+detdom-48.ru, 1
+detdom.tk, 1
+detecte-fuite.ch, 0
+detecte.ch, 0
+detectefuite.ch, 0
+detectify.com, 1
+detectivedesk.com.au, 1
+detectiveedu.org, 1
+deteken.be, 1
+detekenmuze.nl, 1
+detektywtd24.pl, 0
+determapp.de, 1
+determinatie.tk, 1
+detfagligehus.dk, 1
+dethemium.com, 1
+deti-online.com, 1
+deti.ga, 1
+detiklife.com, 1
+detiks.cf, 1
+detishki.ga, 1
+detki.cf, 1
+detki24.ru, 0
+detodojuegos.com, 1
+detoxic.vn, 1
+detoxtorehab.com, 1
+detrapdoor.com, 1
+detrazioni.it, 1
+detreannamaria.tk, 1
+detrimental.tk, 1
+detroit-english.de, 1
+detroit.gov, 1
+detroitfastest.org, 1
+detroitlocksmiths.net, 1
+detroitnews.tk, 1
+detroitzoo.org, 1
+detsad.ml, 1
+detsad.tk, 1
+detski.center, 1
+detskie-avto-kresla.tk, 1
+detskysad.com, 1
+detuinmuze.nl, 1
+detusmascotas.com, 1
+detweedekans.tk, 1
+detyamobuv.tk, 1
+detyobuv.tk, 1
+detype.nl, 1
+deu.sh, 1
+deuchnord.fr, 1
+deude.de, 1
+deuelcountyne.gov, 1
+deunanube.com, 1
+deurenfabriek.nl, 1
+deuro.net, 1
+deurwaarderhelmond.nl, 1
+deustech-media.tk, 1
+deustech.tk, 1
+deutex.fr, 1
+deutsche-finanzagentur.de, 1
+deutsche-tageszeitungen.de, 1
+deutschebusiness.com, 0
+deutscheibank.com, 1
+deutscher-bericht.de, 1
+deutscherquidditchbund.de, 1
+deutscheshoponline.com, 0
+deutschland-dsl.de, 1
+deutschlandreport.com, 1
+deux.solutions, 1
+deuxfleurs.fr, 1
+deuxsol.co, 1
+deuxsol.com, 1
+dev, 1
+dev-advancedservicesportal.com, 1
+dev-brandywineglobal.com, 1
+dev-digibtw.nl, 1
+dev-gutools.co.uk, 1
+dev-lab.net.pl, 1
+dev-mail.net, 1
+dev-pmcc.net, 1
+dev-soft.pl, 1
+dev-tek.de, 1
+dev-test.nl, 1
+dev-vip.com, 1
+dev-woenenn-node-server.herokuapp.com, 1
+dev-ylinternal.com, 1
+dev.moe, 1
+dev.tw, 1
+dev.vu, 1
+devafterdark.com, 1
+devagency.fr, 1
+devahi.gq, 1
+devalbert.com, 1
+devalkincentives.nl, 1
+devalps.eu, 1
+devanstavern.tk, 1
+devapi.pro, 1
+devastacion.tk, 1
+devbay.cc, 1
+devcf.com, 1
+devcftc.gov, 1
+devchuli.ml, 1
+devcourseweb.com, 1
+devdeb.com, 1
+devdesco.com, 1
+devdiggers.com, 1
+devdomain.cf, 1
+devdoodle.net, 1
+deve.software, 1
+devel.cz, 1
+develify.co, 1
+develmaster.tk, 1
+develope.cz, 1
+developedbygayuh.my.id, 1
+developer.android.com, 1
+developer.moe, 1
+developer.mydigipass.com, 0
+developerdan.com, 1
+developerinsider.co, 1
+developers.facebook.com, 0
+developingtheworkforce.co.uk, 1
+developmentsites.melbourne, 1
+developnorthportfl.gov, 1
+developpeur-freelance.io, 1
+developpeur-web.tech, 0
+developpeur-web2.com, 1
+develops.co.il, 1
+develoself.ga, 1
+develotica.com, 1
+develoupe.com, 1
+develux.net, 1
+devendradox.ml, 1
+devendrameena.tk, 1
+devenirconseillerbienetre.com, 1
+devensys.com, 1
+devenv.ml, 1
+devet-slunci.cz, 1
+devflop.fr, 1
+devgo.ca, 1
+devh.de, 1
+devh.net, 1
+devhjz.com, 1
+deviant.email, 1
+deviante.com, 1
+deviation.tk, 1
+devicebattle.ai, 1
+devicenow.com, 1
+devicom.mx, 1
+devignstudios.co.uk, 1
+devil-may-cry.tk, 1
+devil-radio.tk, 1
+devil.wtf, 1
+devilbyte.tk, 1
+devildog.tk, 1
+devillers-occasions.be, 0
+devilmaycry.ga, 1
+devilmaycry.tk, 1
+devilrecords.tk, 1
+devils-co.tk, 1
+devils-point.de, 1
+devilshakerz.com, 1
+devilsophie.net, 1
+devindavid.com, 1
+devinfo.net, 0
+devinite.com, 1
+devinlasarre.com, 1
+devinslick.com, 1
+devirc.net, 1
+devise-host.com, 1
+devisnow.fr, 1
+devksingh.com, 1
+devlabroid.com, 1
+devlist.tk, 1
+devlogr.com, 1
+devloope.com, 1
+devmanagersest.ga, 1
+devmode.fm, 1
+devnet.ma, 1
+devnet.tk, 1
+devnull.team, 1
+devnull.win, 1
+devnull.zone, 1
+devoc.net, 1
+devochki.ga, 1
+devolution.ws, 1
+devoncycles.co.uk, 1
+devonport.tas.gov.au, 1
+devonportairport.com.au, 1
+devonsawatzky.ca, 1
+devonvintagechina.co.uk, 1
+devoo.tn, 1
+devopedia.org, 1
+devopers.com.br, 1
+devops-playtest.net, 1
+devops.co.za, 1
+devopsish.com, 1
+devos.ml, 1
+devoted-atheist.tk, 1
+devoteschlampe.net, 1
+devotional.tk, 1
+devpage.lv, 1
+devpost.com, 1
+devpp.com.br, 1
+devpsy.info, 1
+devragu.com, 1
+devrekarti.com, 1
+devrekgazetesi.com, 0
+devries.frl, 1
+devries.one, 1
+devrijejansenist.nl, 1
+devrim.io, 1
+devs-from.asia, 1
+devs.men, 1
+devs4.com, 1
+devsectools.com, 1
+devsjournal.com, 1
+devskyport.com, 1
+devslash.net, 1
+devsrvr.ru, 1
+devstarops.com, 1
+devstores.io, 1
+devstroke.io, 1
+devsurveyorcloud.com, 1
+devswag.io, 1
+devtambayan.com, 1
+devtea.cz, 1
+devtechgroup.com, 1
+devtestfan1.gov, 1
+devtoys.ru, 1
+devtty.org, 1
+devuan.org, 0
+devurandom.tk, 1
+devushki.cf, 1
+devvg.co.uk, 1
+devyanijayakar.com, 1
+devz.life, 1
+devzero.io, 0
+dewalch.net, 1
+dewapress.com, 1
+dewberry.com, 0
+dewblog.ml, 1
+dewereldvankina.be, 1
+dewereldwerktthuis.com, 1
+dewereldwerktthuis.eu, 1
+dewereldwerktthuis.net, 1
+dewereldwerktthuis.nl, 1
+dewereldwerktthuis.org, 1
+dewerveling.tk, 1
+deweybeachpolice.gov, 1
+dewijkpraktijk.nl, 1
+dewingerdfreinet.be, 1
+dewittcountyil.gov, 1
+dewittmi.gov, 1
+dewka.tk, 1
+dewolden.nl, 0
+dexalo.de, 1
+dexauto.fr, 1
+dexcellentesidees.tk, 1
+dexerto.com, 1
+dexerto.es, 1
+dexerto.fr, 1
+dexie.space, 1
+dexign.ro, 1
+dexigner.com, 1
+dexlex.nl, 1
+dexon.ws, 1
+dexonservicedeskws.azurewebsites.net, 1
+dextermarket.com, 1
+dextra.tk, 1
+deyute.com, 1
+dezea.net, 1
+dezeregio.nl, 1
+dezet-ev.de, 1
+dezevenster.com, 1
+dezinsekcija.online, 1
+dezshop.com.ua, 1
+dezzoroofing.co.za, 1
+df-clan.tk, 1
+df-team.tk, 1
+df1nif.de, 1
+df1paw.de, 1
+df3313.com, 1
+df3314.com, 1
+df3315.com, 1
+df3316.com, 1
+df3317.com, 1
+df3318.com, 1
+df3319.com, 1
+df5.se, 1
+df5104.com, 1
+df5aa.com, 1
+df5bb.com, 1
+df5cc.com, 1
+df5dd.com, 1
+df63.cc, 0
+dfafacts.gov, 1
+dfagent.com, 0
+dfc.gov, 1
+dfc52.com, 0
+dfctaiwan.org, 1
+dfg.re, 1
+dfilip.click, 1
+dflcares.com, 1
+dfm.ae, 0
+dfmn.berlin, 1
+dfmvf.org, 1
+dfpblog.com, 1
+dfranke.com, 1
+dfspdfl.gov, 1
+dfstoryteller.com, 1
+dfwm.vote, 1
+dfwmv.com, 1
+dfwmv.org, 1
+dfwmv.us, 1
+dfwmv.vote, 1
+dfwork.lt, 1
+dfwrvroofmasters.com, 1
+dfwwp.com, 1
+dfzone.tk, 1
+dg-1.jp, 1
+dg-hyp.ag, 1
+dg-hyp.biz, 1
+dg-hyp.eu, 1
+dg-hyp.info, 1
+dg-hyp.net, 1
+dg-hyp.org, 1
+dg-komm.com, 1
+dg-pic.tk, 1
+dg1-test.com, 1
+dg1.com, 1
+dg1.services, 1
+dg1298.com, 0
+dg1jp-test.com, 1
+dg68.cc, 0
+dgangsta.net, 1
+dgap.org, 1
+dggb.co.in, 1
+dghyp-immobrief.de, 1
+dghyp-kiel.de, 1
+dghyp-press.de, 1
+dghyp.ag, 1
+dghyp.at, 1
+dghyp.biz, 1
+dghyp.com.tw, 1
+dghyp.info, 1
+dghyp.net.cn, 1
+dgli.org, 1
+dgmedia.tk, 1
+dgmenergy.com, 1
+dgmutual.co.uk, 1
+dgn.de, 1
+dgo.co.il, 1
+dgou.de, 1
+dgpot.com, 1
+dgpro.click, 1
+dgr-wpg.de, 1
+dgries.de, 1
+dgroups.org, 1
+dgschell.com, 1
+dgt-portal.de, 1
+dgtakano.co.jp, 0
+dgtcitaprevia.es, 1
+dgtl.hosting, 1
+dgtl.tools, 1
+dgtl.work, 1
+dgund.com, 1
+dh-leasing.si, 1
+dh.si, 1
+dh26a.com, 0
+dh6729.com, 1
+dh75975.com, 0
+dh9397.com, 1
+dh9721.com, 1
+dha.gov.ae, 1
+dhakabankltd.com, 1
+dhamdhamaanchalikcollege.tk, 1
+dhammacitta.org, 1
+dhanushtechno.in, 1
+dharma-clinic.com, 1
+dharveydev.com, 1
+dhautefeuille.eu, 1
+dhauwer.nl, 1
+dhavalvira.com, 1
+dhaynes.xyz, 1
+dhconcept.ch, 0
+dhde.de, 1
+dhdmdkd.com, 1
+dheart.net, 1
+dhelixnet.de, 1
+dhemant.de, 1
+dhhs.gov, 1
+dhiraagu.com.mv, 1
+dhirendrayadav.com, 1
+dhit.pl, 1
+dhl-smart.ch, 1
+dhlcotizadorexpo-qa.azurewebsites.net, 1
+dhlinux.org, 1
+dhlkh.com, 1
+dhlparcel.nl, 1
+dhome.at, 1
+dhrupad.tk, 1
+dhruv.nz, 1
+dhtr.pw, 1
+dhuboeuf.be, 1
+dhurbabaral.com.np, 1
+dhuy.net, 1
+dhwx.de, 1
+dhxxls.com, 1
+di-basketballscouting.com, 1
+di2pra.com, 0
+di2pra.fr, 0
+dia-de.com, 1
+dia.com.br, 1
+diaakademi.com, 1
+diabetessucks.net, 1
+diableros.tk, 1
+diables-noirs.tk, 1
+diablescastell.tk, 1
+diabline.tk, 1
+diablocarpet.com, 1
+diablos-obon.tk, 1
+diabolic.chat, 1
+diabolique.pt, 1
+diadiemdangsong.com, 1
+diadora-media.hr, 1
+diadorafitness.es, 1
+diadorafitness.it, 1
+diagilev.ml, 1
+diagnocentro.cl, 1
+diagnoseo.com, 1
+diagnoseo.se, 1
+diagnosingfiction.com, 1
+diagnost-auto.com, 1
+diagnostics.stream, 1
+diagnostix.org, 1
+diai.cf, 1
+diai.gq, 1
+diai.ml, 1
+diai.tk, 1
+diaiai.com, 1
+diakonie-michaelshoven.de, 1
+dial.directory, 1
+dialadigger.net.au, 1
+dialectic-og.com, 1
+dialoegue.com, 1
+dialog.co, 1
+dialogtour.de, 1
+dialogue.co, 1
+dialoguecorp.com, 1
+dialoguecorp.eu, 1
+dialradio24.tk, 1
+dialybiendong.tk, 1
+diamant.family, 1
+diamant.nyc, 1
+diamante.ro, 1
+diamantiques.com, 1
+diamantovaburza.cz, 1
+diamgroup.pl, 1
+diamond-cutting.kiev.ua, 1
+diamond-hairstyle.dk, 1
+diamondblueair.com, 1
+diamondbluffwi.gov, 1
+diamondcargotrailers.org, 1
+diamondcarpetcleaning.co.uk, 1
+diamondcontent.com, 1
+diamondgoldmarkcity.cf, 1
+diamondgrid.ga, 1
+diamondit.com.au, 1
+diamondsystem.ro, 1
+diamondyacca.co.uk, 1
+diamorphine.com, 1
+diamwall.com, 1
+dian7la.space, 1
+diana-und-aaron.de, 1
+dianaconsultancy.com, 1
+dianaconta.pt, 1
+dianadeluxe.net, 1
+dianadrive.com, 0
+dianafaraj.de, 0
+dianakaarina.tk, 1
+diananeves.pt, 0
+dianaqueeny.tk, 1
+dianas.sk, 1
+dianaundaaron.de, 1
+dianavanderplas.tk, 1
+dianchoi.vn, 1
+diane-marstboom.tk, 1
+dianefriedli.ch, 0
+diankou.cn, 1
+diankou.com, 1
+diankou.com.cn, 1
+diankpi.com, 1
+diankpi.ws, 1
+dianoxofficiel.tk, 1
+dianshangyi.net, 1
+dianshuju.com, 1
+diansung.com, 1
+diaoyu8.com, 1
+diapazon.kz, 1
+diapuls.ru, 1
+diare-na-miru.cz, 1
+diario-egipto.com, 1
+diariocibao.com, 1
+diariodearaxa.com.br, 1
+diariodebalsas.com.br, 1
+diariodicucina.it, 1
+diarionet.tk, 1
+diarionoticia.pe, 1
+diariopergaminoaustral.tk, 1
+diariosurnoticias.com, 1
+diaroma.it, 1
+diaryspace.tk, 1
+diasdasemana.com, 1
+diasporan.cf, 1
+diasporan.ga, 1
+diasporan.gq, 1
+diasporan.ml, 1
+diaspordc.com, 1
+diatechusa.com, 1
+diatr.us, 1
+diatrofi-ygeia.gr, 1
+diaweb.nl, 1
+diazpubli.tk, 1
+diba.org.cn, 1
+dibacode.com, 1
+dibal.ua, 1
+dibiphp.com, 1
+dibo-ambasador.pl, 1
+dic.ae, 1
+dicaprio.tk, 1
+dicasgostosas.com, 1
+diccionarioabierto.com, 1
+diccionariodedudas.com, 1
+diccionariomexico.com, 1
+diccionarioperu.com, 1
+diccionarqui.com, 1
+dice.ml, 1
+dice.tokyo, 1
+dicelab-rhul.org, 1
+dicelab.co.uk, 1
+dicemer.com, 1
+dicesites.com, 1
+dicgaming.net, 1
+dichvuchuyentien247.com, 1
+dichvudangkygiayphep.com, 1
+dicio.com.br, 1
+dicionario.org, 1
+dicionariodegirias.com.br, 1
+dicionariodelatim.com.br, 1
+dicionariodenomesproprios.com.br, 1
+dicionariodesimbolos.com.br, 1
+dicionarioetimologico.com.br, 1
+dicionariofinanceiro.com, 1
+dicionariopopular.com, 1
+dicionarios.cc, 1
+dicipa.com.mx, 1
+dick.red, 1
+dickord.cloud, 1
+dickp.it, 1
+dickpics.ru, 1
+dicksakowicz.com, 1
+diclofenac-75mg.ga, 1
+diclofenacgel.cf, 1
+diclofenacgel.ml, 1
+diclofenacgel1.tk, 1
+diclofenaconline.gq, 1
+diclofenactopical.ga, 1
+diclofenactopical.tk, 1
+dico-charentais.tk, 1
+dicoado.org, 1
+dicoeste.com, 1
+dicomed.tk, 1
+dicomsoftware.com, 1
+diconium.biz, 1
+diconium.com, 0
+diconium.de, 1
+diconium.jobs, 1
+diconium.org, 1
+diconium.pt, 1
+diconium.wtf, 1
+diconium42.com, 1
+diconium42.de, 1
+dictators-encyclopedia.tk, 1
+dictatronics.com, 1
+dictionarybook.org, 1
+dictionaryofsydney.org, 1
+dictionarypro.net, 1
+dictum-gardentools.com, 1
+dictum-gartenwerkzeug.de, 1
+dictzone.com, 1
+dida.xin, 1
+didactic.ml, 1
+didaktik4you.de, 1
+didc.cz, 1
+didche.net, 0
+diddens.de, 1
+diddlworld.tk, 1
+dideeducacion.com, 1
+didefamilia.com, 1
+didelikarpiai.lt, 1
+didesalud.com, 1
+didi-online.tk, 1
+dididiamond.net, 1
+didier-equipereussite.com, 1
+didierfle-decibel.fr, 1
+didierfle-latelier.fr, 1
+didierfle.com, 1
+didierghez.com, 0
+didierlaumen.be, 1
+didigotoffer.com, 1
+didiwinata.com, 1
+didiwinata.my.id, 1
+didtrumpopengovernmentyet.com, 1
+die-bergfuehrer.de, 1
+die-besten-weisheiten.de, 1
+die-blahuts.de, 1
+die-borts.ch, 1
+die-gruenen-teufel.de, 1
+die-herrenschneider.com, 1
+die-machons.de, 1
+die-partei-reutlingen.de, 1
+die-pizzabaeckerei.de, 1
+die-seide.de, 1
+die-seiler.de, 1
+die-sinlosen.de, 1
+die-speisekammer-reutlingen.de, 1
+die.de, 1
+die.one, 1
+diebasis-partei.de, 1
+diecieventi.com, 1
+diecke.nu, 1
+diecourier.co.za, 1
+diedenhofen.tk, 1
+diedesigntante.de, 1
+diedrich.co, 1
+dieecpd.org, 1
+dieetfabels.tk, 1
+dieffe.tech, 1
+diefotogruppe.de, 1
+diegelernten.de, 1
+diegentlemenbittenzurkasse.tk, 1
+diegerbers.de, 1
+diegobarrosmaia.com.br, 1
+diegocastagna.com, 1
+diegoforlan.tk, 1
+diegogelin.com, 0
+diegogranada.tk, 1
+diegoisla.ga, 1
+diegomeza.tk, 1
+diegosalgado.tk, 1
+diegott.ddns.net, 1
+diegovasconcelos.com.br, 1
+diegovisual.tk, 1
+diehildebrands.de, 1
+diehumanisten.de, 1
+diekleinekartenfabrik.de, 1
+diekperaiwseis.gr, 1
+dielinke-igb.de, 1
+diem25.org, 1
+diemattels.at, 1
+diemperu.com, 1
+dienaturbinderei.at, 1
+dienchaninstitute.com, 1
+diengiolachoa.com, 1
+dienkenijboer.nl, 1
+dienmattroichonthanh.com, 1
+dienna.nl, 1
+diennhienshop.com, 1
+diennobi.com, 1
+dienstplan.cc, 1
+dierabenmutti.de, 1
+dieradvies.nl, 1
+dierenartsdeconinck.be, 1
+dierenpagina.tk, 1
+dierenrijk.nl, 1
+dierenschilderijen.tk, 1
+dierenwiki.nl, 1
+diesdasananas.spdns.de, 1
+dieselanimals.lt, 1
+dieselfiltersonline.com, 1
+dieselndust.com, 1
+dieselor.bg, 1
+dieselor.com, 1
+diesicheremail.de, 1
+dieslowhtx.com, 1
+diesse.nl, 0
+diet-hack.bg, 1
+dieta-figura.tk, 1
+dieta-vita.com, 1
+dietandexercises.tk, 1
+dietaryguidelines.gov, 1
+dietbrand.eu, 1
+dieter.one, 1
+dieterglas.de, 1
+dietfordiabetics.tk, 1
+dietherapie.tirol, 1
+diethood.com, 1
+dieti-natura.com, 1
+dieti.ga, 1
+dieti.gq, 1
+dieti.net, 1
+dietitianmeetsmom.com, 1
+dietitiansidehustle.com, 1
+dietlein.tech, 1
+dietlist.ga, 1
+dietmoikiensinh.tk, 1
+dietolog.gq, 1
+dietpi.com, 1
+dietrich-bonhoeffer.net, 1
+dietrich.cx, 1
+dieumfrage.com, 1
+dievozodis.lt, 1
+dievturi.lv, 1
+difc.ae, 0
+diferenca.com, 1
+diferenciador.com, 1
+different.cz, 1
+differenta.ro, 1
+differentgirleveryday.ml, 1
+differenziare.it, 1
+difficulty.ga, 1
+diffnow.com, 1
+diflucangeneric.ml, 1
+diflucanonline.tk, 1
+diflucanpill.ga, 1
+difon.tk, 1
+difusionesnocomerciales.tk, 1
+difusionmetalera.tk, 1
+difuzevox.com, 0
+dig.cat, 1
+digaloahidigital.com, 1
+digar.ee, 1
+digbin.com.br, 1
+digchip.com, 1
+digchip.info, 1
+digchip.net, 1
+digchip.org, 1
+digchips.com, 1
+digdata.de, 1
+diggerlandusa.com, 1
+digginsmo.gov, 1
+dighans.com, 1
+digi-typ.fi, 1
+digi-typa.fi, 1
+digiaika.com, 1
+digiaika.fi, 1
+digiarc.net, 1
+digibean.com.au, 0
+digibild.ch, 1
+digiboxx.com, 1
+digibtw.nl, 1
+digibull.email, 1
+digibull.gmbh, 1
+digibull.link, 1
+digicamchart.com, 1
+digicelidgy.com, 1
+digicert-support.com, 1
+digicert.com.ru, 1
+digicert.nl, 0
+digichefs.com, 1
+digicode.hu, 1
+digicomtel.com.br, 1
+digicy.cloud, 1
+digidaigaku.com, 1
+digidroom.be, 1
+digifloat.io, 1
+digikol.net, 1
+digilabs.fr, 1
+digiland.tk, 1
+digilicious.com, 1
+digilirapay.com, 1
+digilock.com, 1
+digimaat.agency, 1
+digimagical.com, 0
+digimedia.cd, 0
+digimen.cn, 1
+digimen.icu, 1
+digimen.love, 1
+digimen.store, 1
+digimen.top, 1
+digimen.xyz, 1
+digimind-evolution.com, 1
+digimobee.info, 1
+digimoncard.io, 1
+digimortals.nl, 1
+digino.jp, 1
+digino.us, 1
+digino.xyz, 1
+digiparse.com, 1
+digipartindex.ch, 1
+digipassos.com, 1
+digipeak.org, 1
+digipitch.com, 1
+digipolis.gent, 1
+digipost.no, 1
+digirechnung.de, 1
+digirence.org, 1
+digiriik.ee, 1
+digiscrap.nl, 1
+digiscrap.plus, 0
+digiscrap.shop, 1
+digisecmalta.com, 1
+digisfil.fr, 1
+digisign.tk, 1
+digit.ec, 1
+digitaal-atelier.tk, 1
+digitaaltalent.be, 1
+digitador.tk, 1
+digitai.net, 1
+digital-agency360.com, 1
+digital-artefakt.me, 1
+digital-compounds.com, 1
+digital-cs.tk, 1
+digital-e-library.tk, 1
+digital-eastside.de, 1
+digital-echo.io, 1
+digital-garden.us, 1
+digital-home.tk, 1
+digital-insurance-engine.com, 1
+digital-insurance-engine.de, 1
+digital-insurance-platform.com, 1
+digital-insurance-platform.de, 1
+digital-insure.fr, 1
+digital-liberal.ch, 1
+digital-mu.tk, 1
+digital-park.de, 1
+digital-rainbow-dolls.tk, 1
+digital-sculpture.org, 1
+digital-sky.it, 1
+digital-vorwaerts.de, 1
+digital-watchdog.com, 1
+digital.democrat, 1
+digital.gov, 1
+digital.govt.nz, 1
+digital1st.co.uk, 1
+digital4starazagora.com, 1
+digitaladl.com.au, 1
+digitalagencynetwork.com, 1
+digitalakatsuki.com, 1
+digitalalektioner.se, 1
+digitalallies.co.uk, 1
+digitalandsocialmediaacademy.com, 1
+digitalarchitecture.com, 1
+digitalbang.gr, 1
+digitalbd.tk, 1
+digitalbeachbrasil.com.br, 1
+digitalbitbox.com, 1
+digitalblood.eu, 1
+digitalbox.jp, 0
+digitalbuero.eu, 1
+digitalcanvas.com.br, 0
+digitalcarbide.com, 1
+digitalcash.cf, 1
+digitalcashpalace.com, 1
+digitalch.ng, 1
+digitalchange.coach, 1
+digitalchurch.ng, 1
+digitalcitizen.life, 1
+digitalcoffeepodcast.com, 1
+digitalcomponents.de, 1
+digitalcompudev.biz, 1
+digitalcompudev.com, 1
+digitalcourage.de, 1
+digitalcraftmarketing.co.uk, 1
+digitalcrisis.com, 1
+digitalcrisis.us, 1
+digitaldashboard.gov, 1
+digitaldeli.com, 1
+digitaldeli.org, 1
+digitaldeli.tv, 1
+digitaldeli.us, 1
+digitaldeliarchive.com, 1
+digitaldem.it, 1
+digitaldesign.ga, 1
+digitaldisaster.tk, 1
+digitaldruck.info, 1
+digitale-afvalscheiding.nl, 1
+digitale-ausleihe.de, 1
+digitale-bibliothek.tk, 1
+digitale-oekonomie.ch, 1
+digitaleducationarea.tk, 1
+digitaleducationpro.tk, 1
+digitalehandtekeningen.nl, 1
+digitaleplus.fr, 1
+digitalerror.net, 1
+digitaletanker.com, 1
+digitaletelevisie.tk, 1
+digitalewelten.de, 1
+digitalexpertsdirectory.com.au, 1
+digitalezukunft-hagen.de, 1
+digitalezukunft.nrw, 1
+digitalfoodbook.com, 1
+digitalforensicsdubai.com, 1
+digitalfortress.tech, 1
+digitalfoster.org, 1
+digitalfury.co.uk, 1
+digitalgeckos.com, 1
+digitalgeek.social, 1
+digitalgenius.com, 1
+digitalgov.gov, 1
+digitalgyan.org, 1
+digitalgymnastics.tk, 1
+digitalhabitat.io, 1
+digitalhack.ro, 1
+digitalhands.tk, 1
+digitalhealth.gov.au, 1
+digitalheart.tk, 1
+digitalhurricane.io, 0
+digitaliandm.com, 1
+digitalid-sandbox.com, 1
+digitalid.com, 1
+digitalid.com.au, 1
+digitalillusion.pt, 1
+digitalimpactlab.org, 1
+digitalindiatalent.com, 1
+digitalis.fr, 1
+digitalistan.tk, 1
+digitalizer.my.id, 1
+digitalizzazioneverona.it, 0
+digitalkashmir.ml, 1
+digitalkey.pro, 1
+digitalkoran.com, 1
+digitalks.com.br, 1
+digitallife.tk, 1
+digitallink.be, 1
+digitalliteracy.gov, 1
+digitallolitayume.tk, 1
+digitalmahleracademy.com, 1
+digitalmanager.guru, 1
+digitalmaniac.co.uk, 1
+digitalmarketingindallas.com, 1
+digitalmarketingnetic.com, 1
+digitalmind.su, 1
+digitalmn.net, 1
+digitalmove.co.uk, 1
+digitalninja.tk, 1
+digitalnomadsunderground.com, 1
+digitalphone.tk, 1
+digitalphoto.group, 1
+digitalphoto.tech, 1
+digitalpiloten.org, 1
+digitalplayground.com, 1
+digitalplaygroundnetwork.com, 1
+digitalplaymakers.co.uk, 1
+digitalpocketpedometer.tk, 1
+digitalposition.com, 1
+digitalproduct.ga, 1
+digitalproductivity.online, 1
+digitalprojects.com.au, 1
+digitalradio.ie, 1
+digitalrealitybbs.com, 1
+digitalreborn.com, 1
+digitalredshirts.com, 0
+digitalrhino.eu, 1
+digitalrights.center, 1
+digitalroma.tk, 1
+digitalsearchgroup.ie, 1
+digitalsearchlab.com, 1
+digitalservices.lk, 1
+digitalside.com.br, 1
+digitalsignagedisplay.com, 1
+digitalskillswap.com, 1
+digitalsolutionsonline.co.uk, 1
+digitalsphere.tk, 1
+digitalsuply.com.br, 1
+digitalsupporter.ml, 1
+digitalsurge.io, 1
+digitaltbyra.no, 1
+digitaltcertifikat.dk, 1
+digitaltech.vip, 1
+digitaltechupdates.com, 1
+digitaltechviews.com, 1
+digitaltry.tk, 1
+digitalupcoming.tk, 1
+digitalvag.tk, 1
+digitalwasteland.net, 1
+digitalworkplaceforum.com.br, 1
+digitalzenworks.com, 1
+digitalzylinder-shop.com, 1
+digite.com, 1
+digitec.ch, 1
+digitecgalaxus.ch, 1
+digitechseo.com, 1
+digitecno.com, 1
+digitese.pt, 1
+digithub.tk, 1
+digitise.io, 0
+digitium.fr, 1
+digitkon.com, 1
+digitogy.com, 1
+digitoimistopipeline.fi, 1
+digitoucan.com, 1
+digitra.com, 1
+digitreads.com, 1
+digityp.fi, 1
+digitypa.fi, 1
+digivan.ml, 1
+digminecraft.com, 1
+dignilog.com, 1
+dignited.com, 1
+dignity.tk, 1
+digpubdev.org, 1
+digpubprd.org, 1
+digpubqa.org, 1
+digsys.bg, 1
+digwiz.biz, 0
+digwp.com, 1
+dih-technology.com, 1
+dih-technology.info, 1
+dih-technology.net, 1
+dih-technology.org, 1
+dih.email, 1
+dihinternational.com, 1
+dihinternational.info, 1
+dihinternational.net, 1
+dihinternational.org, 1
+dihmedical.info, 1
+dihmedical.net, 1
+dihmedical.org, 1
+dihydrotestosteron.pl, 1
+diipoo.com, 1
+diirekt.de, 1
+diis.plus, 1
+dijispin.com, 1
+dijitaller.com, 1
+dijitalsaray.com, 1
+dijitalzade.com, 1
+dijks.com, 1
+dijks.nl, 1
+dijoncter.info, 1
+dik-manusch.tk, 1
+dikkevettescania.tk, 1
+diktatur.tk, 1
+dilation.party, 1
+dild.loan, 1
+dildoexperten.se, 1
+dilibel.be, 1
+diligence.cloud, 1
+diligo.ch, 0
+dillewijnzwapak.nl, 1
+dillon-mcnamara.com, 1
+dillonco.gov, 1
+dillonm.io, 1
+dillynbarber.com, 0
+dilmahtea.com, 1
+dilmahtea.me, 1
+dilmarames.com, 1
+dima.pm, 0
+dimagrimentoincorso.it, 1
+dimamergel.com, 1
+dimanss47.net, 1
+dimaweb.tk, 1
+dimdata.com, 1
+dime-staging.com, 1
+dimension-pc.com, 1
+dimensionjapon.tk, 1
+dimensions-ohs.com, 1
+dimensionweb.tk, 1
+dimeponline.com.br, 1
+dimesanmedical.com, 1
+dimeven.tk, 1
+dimez.ru, 1
+dimiskovska.de, 1
+dimism.eu, 1
+dimitri-papadimitriou.com, 1
+dimitri-papadimitriou.eu, 1
+dimitri-papadimitriou.gr, 1
+dimitris.tk, 1
+dimitrovi.tk, 1
+dimmak.com, 0
+dimmersagourahills.com, 1
+dimmerscalabasas.com, 1
+dimmersdosvientos.com, 1
+dimmershiddenhills.com, 1
+dimmerslakesherwood.com, 1
+dimmersnewburypark.com, 1
+dimmersoakpark.com, 1
+dimmersthousandoaks.com, 1
+dimmerswestlakevillage.com, 1
+dimo-analytics.fr, 1
+dimo-crm.fr, 1
+dimo-dematerialisation.com, 1
+dimo-tresorerie.fr, 1
+dimomaint.com, 1
+dimomaint.de, 1
+dimomaint.es, 1
+dimonz.com, 1
+dimosoftware.fr, 1
+dimseklubben.dk, 1
+dimspith.com, 1
+dinamikarosta.ml, 1
+dinamofilms.cl, 1
+dinarys.com, 1
+dincemlakmerkez.ga, 1
+dind.one, 1
+dinda.tk, 1
+dindarkocer.tk, 1
+dindludovic.design, 0
+dineniagara.ca, 1
+dinepont.fr, 1
+dinerolibre.tk, 1
+dinerroboticurology.com, 1
+dinevigroup.bg, 1
+ding.com.co, 1
+ding.gent, 1
+dingcc.com, 1
+dingcc.me, 1
+dingdong-shop.ru, 1
+dingelbob-schuhcreme.gq, 1
+dingeldein-messtechnik.de, 1
+dinghuo.com, 1
+dinglecottage.co.uk, 1
+dinglishuzi.com, 1
+dingos.tk, 1
+dingsbums.shop, 1
+dingss.com, 1
+dinheirolucrar.com, 1
+dinimizislam.tk, 1
+dinira-bg.com, 1
+dinitabir.tk, 1
+dinkoreskolesilkeborg.dk, 0
+dinkoreskoleviborg.dk, 1
+dinmtb.dk, 1
+dinnerandmurder.com, 1
+dinnerclub.tk, 1
+dinocarrozzeria.com, 1
+dinos-mag.tk, 1
+dinotv.at, 1
+dintrafic.net, 1
+diodo.me, 1
+dioesfoto.com, 1
+diogbatech.tk, 1
+diogeneshoy.com, 1
+diogof.pt, 1
+diogofmedeiros.com, 1
+dionera.com, 1
+dionmirrors.nl, 1
+dionysos-ios.gr, 1
+dioris.net, 1
+dios.ga, 1
+diospersonal.tk, 1
+diouf.tk, 1
+dioxido.com.ar, 1
+diozoid.com, 1
+dip.digital, 1
+dipakgajjar.com, 1
+dipalma.me, 1
+dipanshuparashar.ml, 1
+dipietro.id.au, 1
+dipling.de, 1
+diplom-ru.tk, 1
+diplomatcruises.co.uk, 1
+diplomatiegabon.ga, 1
+dipnot.tv, 1
+dipro.id, 1
+dipsytroller.com, 1
+dipuma.com, 1
+dir2epub.com, 1
+dir2epub.org, 1
+dirch.tk, 1
+dirdet.co.uk, 1
+dirdur.cf, 1
+direc-tory.tk, 1
+direct-sel.com, 1
+direct.cz, 0
+direct2trade.co.nz, 1
+direct365.es, 1
+directadmin.com, 1
+directairlineflights.com, 1
+directb2b.ca, 1
+directcouriers.com.au, 1
+directelectricalltd.co.uk, 1
+directfinance.cz, 1
+directfitnesssolutions.com, 1
+directholidaysme.com, 0
+directholidaysuae.com, 1
+directhomeremodelinginc.com, 1
+directinspectionskc.com, 1
+directions.ee, 1
+directlendingsolutions.com, 1
+directlinkfunding.co.uk, 1
+directlook.tk, 1
+directly.ga, 1
+directmailctr.com, 1
+directmedica.fr, 1
+directnews.be, 1
+directnic.com, 1
+directories.cf, 1
+directorioempresarial.com.co, 1
+directoriomedico.com.co, 1
+directorios.tk, 1
+directorioweb.co, 1
+directorioz.com, 1
+directorwebseo.tk, 1
+directory-aldo.tk, 1
+directory-ecco.tk, 1
+directory-sunglasses.tk, 1
+directorydashboard.ga, 1
+directorydisc.cf, 1
+directorydisc.ga, 1
+directoryworld.tk, 1
+directpaydayloansonline.ga, 1
+directright.ca, 1
+directright.com, 1
+directright.net, 1
+directrightcartage.com, 1
+directspa.fr, 1
+directstreet.tk, 1
+directtwo.solutions, 1
+directtwosolutions.org, 0
+directvacations.com, 1
+directverify.in, 1
+directview.ddns.net, 1
+direitonovo.com, 0
+direj.tk, 1
+direktundonline.de, 1
+direktvermarktung-schmitzberger.at, 1
+diretonoponto.gq, 1
+direwolfsoftware.ca, 1
+dirhami.com, 1
+dirigentesdigital.com, 1
+dirk-dogs.tk, 1
+dirk-weise.de, 1
+dirkdavid.org, 1
+dirki.tk, 1
+dirkjonker.nl, 1
+dirkkok.nl, 1
+dirkmurschall.de, 1
+dirko.net, 0
+dirkwolf.de, 0
+dirot7.co.il, 1
+dirt-street.tk, 1
+dirtcraft.ca, 1
+dirtinmyshoes.com, 1
+dirty-tina.net, 1
+dirtyboyreviews.com, 1
+dirtycat.ru, 1
+dirtycode.tk, 1
+dirtycosplay.com, 1
+dirtygeek.ovh, 1
+dirtygirl.ml, 1
+dirtyherri.de, 1
+dirtymusic.tk, 1
+dirtyporno.tk, 1
+dirtypretties.cf, 1
+dirtypretties.ga, 1
+dirtypretties.gq, 1
+dirtypretties.ml, 1
+dirtyprettyartwear.com, 1
+dirtypriscilla.com, 1
+dirtysindy.com, 1
+dirtytiles.xyz, 1
+dirtywoman.tk, 1
+dirtywork.net, 1
+dirunreddy.tk, 1
+disability-card.com, 1
+disability.gov, 1
+disabilitydischarge.com, 1
+disabilityscoop.com, 1
+disabled-world.com, 1
+disabled.gay, 1
+disableipv4.se, 1
+disabuse.cf, 1
+disadattamentolavorativo.it, 1
+disain.tk, 1
+disassemble.website, 1
+disasterrific.tk, 1
+disastertalkest.ga, 1
+disavowfile.com, 1
+disboard.org, 1
+disbug.io, 1
+disc.uz, 1
+discarica.bari.it, 1
+discarica.bologna.it, 1
+discarica.firenze.it, 1
+discarica.it, 1
+discarica.milano.it, 1
+discarica.napoli.it, 1
+discarica.roma.it, 1
+discarsl.com, 1
+discdash.ga, 1
+discdash.tk, 1
+discgolf.com, 1
+disch.com.de, 1
+disciples.io, 1
+disciplescloud.com, 1
+disciplesmakingdisciples.ca, 1
+disco-crazy-world.de, 1
+discodoener.de, 1
+discofitta.com, 1
+discohook.org, 1
+discomix.com, 1
+disconformity.net, 1
+disconnect.tk, 1
+disconter.tk, 1
+discord-chan.net, 1
+discord.com, 1
+discord.gg, 1
+discord.gift, 1
+discord.me, 1
+discord4j.com, 1
+discordapp.com, 1
+discordapp.gay, 1
+discordbee.com, 1
+discordextremelist.xyz, 1
+discordghost.space, 1
+discordhome.com, 1
+discordjs-japan.org, 1
+discordservers.com, 1
+discordsworld.tk, 1
+discotheque.tk, 1
+discount-course.com, 1
+discountdimmers.com, 1
+discountforelectronics.tk, 1
+discountisolatie.nl, 1
+discounto.de, 1
+discountoffice.be, 1
+discountoffice.nl, 1
+discountpark.fr, 1
+discountpokale.at, 1
+discountpokale.de, 1
+discountpowertx.com, 1
+discountravel.tk, 1
+discover-mercure.com, 1
+discover-shaken.com, 1
+discoverapp.com, 1
+discoveraustralia.tk, 1
+discoverbrampton.co.uk, 1
+discoverchinanow.cf, 1
+discoverchinanow.ga, 1
+discoverchinanow.gq, 1
+discoverchinanow.ml, 1
+discoverfloridasprings.com, 1
+discoverglo.com, 1
+discovergy.com, 1
+discoverhealthage.com, 0
+discoveringdocker.com, 1
+discoverkeesler.com, 1
+discoverkeesler.marketing, 1
+discoverlutruwita.com, 1
+discovermodus.com, 1
+discovernavajo.com, 1
+discoverradiance.com, 1
+discoverthetech.com, 1
+discoverthreejs.com, 1
+discoverucg.co.uk, 1
+discoveryaima.com, 1
+discoveryballoon.org, 1
+discoverybehavioralhealth.com, 1
+discoveryottawa.ca, 1
+discrede.tk, 1
+discrypt.ca, 1
+discshop.co.nz, 1
+disctranulis.gq, 1
+discus-communications.dk, 1
+discuss-data.net, 1
+discuzturkiye.tk, 1
+disengaged.tk, 1
+disenialia.com, 1
+disenian.com, 1
+disenowebakus.net, 1
+disenowebgalicia.tk, 1
+disenowebseoolmisur.com, 1
+disepho.cl, 1
+diseworth.uk, 1
+disfigured.tk, 1
+disgruntledcode.com, 1
+disguise.cf, 1
+dishcrawl.com, 0
+dishwashermagic.tk, 1
+dishwasherrepair-austin.com, 1
+disidencia.tk, 1
+disinclined.org, 1
+disinfectingassociation.com, 1
+disinfectingassociation.org, 1
+disinfectingdoctor.com, 1
+disinfectingdoctors.com, 1
+disinfectiondoctor.com, 1
+disinfectiondoctors.com, 1
+disinfesta.it, 1
+disinfestando.info, 1
+disinfestatore.roma.it, 1
+disinfestatori.com, 1
+disinfestazione-roma.org, 1
+disinfestazione.brescia.it, 1
+disinfestazione.napoli.it, 1
+disinfestazione.roma.it, 1
+disinfestazione.torino.it, 1
+disinfestazione.venezia.it, 1
+disinfestazione.verona.it, 1
+disinfestazione24.it, 1
+disinfestazioneblatte.it, 1
+disinfestazionecimici.napoli.it, 1
+disinfestazionecimici.roma.it, 1
+disinfestazionemilano.it, 1
+disinfestazionezanzare.it, 1
+disinfestazioni-sardegna.org, 1
+disinfestazioni-umbria.it, 1
+disinfestazioni.bari.it, 1
+disinfestazioni.bergamo.it, 1
+disinfestazioni.cagliari.it, 1
+disinfestazioni.caserta.it, 1
+disinfestazioni.catania.it, 1
+disinfestazioni.co, 1
+disinfestazioni.firenze.it, 1
+disinfestazioni.genova.it, 1
+disinfestazioni.gorizia.it, 1
+disinfestazioni.info, 1
+disinfestazioni.it, 1
+disinfestazioni.milano.it, 1
+disinfestazioni.modena.it, 1
+disinfestazioni.napoli.it, 1
+disinfestazioni.net, 1
+disinfestazioni.padova.it, 1
+disinfestazioni.rimini.it, 1
+disinfestazioni.roma.it, 1
+disinfestazioni.torino.it, 1
+disinfestazioni.treviso.it, 1
+disinfestazioni.udine.it, 1
+disinfestazioni.venezia.it, 1
+disinfestazioni.verona.it, 1
+disinfestazioni.viterbo.it, 1
+disinfestazioni24.it, 1
+disinfestazionivespe.milano.it, 1
+disinfestazionizanzare.milano.it, 1
+disinfestazionizanzare.roma.it, 1
+disinisharing.com, 1
+disisto-schiesser.com, 1
+disisto.de, 1
+disisto.nl, 1
+diskbit.com, 1
+diskbit.nl, 1
+diskdoctors.tk, 1
+disketa.cf, 1
+disketteetikette.tk, 1
+diskgem.info, 1
+disking.co.uk, 1
+diskonsepatu.ga, 1
+diskotekflashback.dk, 1
+diskusi.cf, 1
+diskusi.tk, 1
+diskussionsbereich.de, 1
+dislepsia.tk, 1
+dismail.de, 1
+dismed.fr, 1
+disney-stitch.com, 1
+disneywallpapers.tk, 1
+disobey.net, 1
+disoluto.tk, 1
+disostruzioni.it, 1
+disougstroy.com.ua, 1
+disparada.com.br, 1
+dispatched.tk, 1
+dispel-photo.com, 1
+dispensarygta.com, 1
+displayrd.com, 1
+displaysandholders.com, 1
+disposable.link, 1
+dispur.nic.in, 1
+dispute.cn, 1
+disroot.org, 1
+disrupters.ch, 0
+disruptglobal.com, 1
+disruption.tk, 1
+dissertationhelp.com, 1
+dissidence.ovh, 1
+dissident.host, 1
+dissieux.com, 1
+dissolution-sci.com, 1
+dist-it.com, 1
+dist.torproject.org, 0
+distance-learning-courses.co.uk, 1
+distancelove.cf, 1
+distancelove.ml, 1
+distancelove.tk, 1
+distant.land, 1
+distekinc.com, 1
+distelbentelo.nl, 1
+distempered.tk, 1
+disti.com, 1
+distiduffer.org, 1
+distilleren.tk, 1
+distinctdesign2009.com, 1
+distinguishedlegal.com, 1
+distinguishedprisoner.com, 1
+disto.tk, 1
+distopias.tk, 1
+distortionx.tk, 1
+distract09.be, 1
+distract09.gent, 1
+distracteddriving.gov, 1
+distraction.gov, 1
+distraction.tk, 1
+distractors.tk, 1
+distratus.com, 1
+distri.com.ua, 1
+distribucionmayorista.online, 1
+distribuidoracristal.com.br, 1
+distribuidoradecierres.com, 1
+distribuidoraplus.com, 1
+distribuidorguarani.com.br, 1
+distribuidormaster.com.br, 1
+distribute.gov.sg, 1
+distributed.cafe, 1
+distributedsource.com, 1
+distributedsystems.science, 1
+distributordd.com, 1
+distributore.it, 1
+distributori.roma.it, 1
+district08cnca.org, 1
+district09.be, 1
+district09.gent, 1
+districtcourtislamabad.tk, 1
+distrigenosa.tk, 1
+distrikia.com.co, 0
+distrilogservices.com, 1
+distrim.pt, 1
+distrim2.pt, 1
+distritoae.com, 1
+distritotres.tk, 1
+distritoxic.tk, 1
+distro.fr, 1
+distro.re, 0
+distrophy-grind.tk, 1
+distrust.co, 1
+disturbedwarriors.tk, 1
+disturbmenot.co, 1
+dit.moe, 1
+ditdot.hr, 1
+ditec.sk, 1
+diterzafra.tk, 1
+ditex.ddns.net, 1
+ditfiorinicamargo.com.ar, 0
+dities.tk, 1
+ditissaskia.nl, 1
+dittvertshus.no, 1
+div.energy, 1
+div12.org, 1
+divacresent.tk, 1
+divanogiusto.it, 1
+divari.nl, 1
+divas.joburg, 1
+divatri.tk, 1
+divcoder.com, 1
+dive-japan.com, 1
+divedigital.id, 1
+divegearexpress.com, 1
+divegearexpress.net, 1
+diveidc.com, 1
+diveleasia.tk, 1
+divelement.ro, 1
+divelyon.fr, 1
+diveplan.org, 1
+diver-equipment.eu, 1
+divergences.eu.org, 1
+divernet.com, 1
+diverscott.com, 1
+diversificarte.com, 1
+diversify.cf, 1
+diversify.ga, 1
+diversity-otherwise.tk, 1
+diversityflags.com.au, 1
+diversityflags.nz, 1
+diversitywatch.asia, 0
+diversitywatch.co.nz, 1
+diversovariable.tk, 1
+diversual.com, 1
+divertidores.tk, 1
+divestos.org, 1
+divewithfrank.com, 1
+divicar.com.br, 1
+dividedstates.tk, 1
+dividendosfiis.com.br, 1
+dividendz.net, 1
+divider.tk, 1
+divienna.nl, 1
+diviflash.com, 1
+divigear.com, 1
+divihosting.nl, 1
+divinaoracion.com, 0
+divinasaiamodas.com.br, 1
+divineangel.tk, 1
+divinedecay.tk, 1
+divinefeminineyoga.com, 1
+divinegames.studio, 1
+divinemercyparishvld.com, 1
+divinemercyparishvlds.com, 1
+divinerooms.com, 1
+divinglive.ru, 1
+divinho.com.br, 1
+divinitas.tk, 1
+divinoafeto.com.br, 1
+divinoaffetto.com.br, 1
+divisuite.com, 1
+diviworx.com, 1
+divizja.tk, 1
+divjak.at, 1
+divo-remont.tk, 1
+divorce.com, 1
+divorceattorneyschicago.com, 1
+divorceattorneyshouston.com, 1
+divorceformsfiller.com, 1
+divorcelawyer365.com, 1
+divorcemortgage.com, 1
+divorceonline.com, 1
+divort.org, 1
+divstack.io, 1
+divviup.org, 1
+divvy.tk, 1
+divxonline.ro, 1
+diwei.vip, 1
+dixa.tech, 1
+dixeo.fr, 1
+dixibox.com, 1
+dixiepest.com, 1
+dixieweld.com, 1
+dixifuar.com, 1
+dixoncountyne.gov, 1
+dixonfireca.gov, 1
+dixonmo.gov, 1
+dixonpoliceca.gov, 1
+dixuant.com, 1
+diy-business-marketing.co.za, 1
+diy-kitchens.com, 1
+diyadinnet.com, 1
+diyanetruya.tk, 1
+diyarbakirescmagazin.tk, 1
+diycc.org, 1
+diycraft.ga, 1
+diycrafts.ml, 1
+diyeat.com, 1
+diyeta.cf, 1
+diyeventhire.co.nz, 1
+diygeek.com, 1
+diymediahome.org, 1
+diysec.tk, 1
+diysolarforum.com, 0
+diysonline.com, 1
+diyzealot.com, 1
+dizainkyhni.ml, 1
+dizayn-cheloveka.ru, 1
+dizayner.tk, 1
+dizhome.net, 1
+dizihastasi.com, 1
+dizirix.net, 1
+dizkartes.nl, 1
+dizkofloor.com, 1
+dizlexiqa.tk, 1
+dizmatt.tk, 1
+dizzidecalz.com.au, 1
+dizzie.org, 1
+dizzyskills.tk, 1
+dizzythewizard.co.uk, 1
+dj-damm.tk, 1
+dj-dfo.tk, 1
+dj-eran.tk, 1
+dj-guillaume.tk, 1
+dj-iliri.tk, 1
+dj-jackson.tk, 1
+dj-kupidon.gq, 1
+dj-leszwolle.nl, 1
+dj-morfu.tk, 1
+dj-ocean.tk, 1
+dj-phil.fr, 1
+dj-wout.tk, 1
+dj-x.info, 1
+dj16888a.com, 1
+dj16888b.com, 1
+dj16888c.com, 1
+dj16888d.com, 1
+dj62.tk, 1
+djaad.tk, 1
+djabad.tk, 1
+djafe.tk, 1
+djakil.tk, 1
+djakuza.tk, 1
+djalberto.tk, 1
+djalessandrobrain.tk, 1
+djamelkokene.com, 1
+djamiroquai.tk, 1
+djang.tk, 1
+django.baby, 1
+django.city, 1
+django.cyou, 1
+djangobirthday.com, 0
+djangogolf.com, 1
+djangoproject.com, 1
+djangoproject.tk, 1
+djangosnippets.org, 1
+djangowebstudio.com, 1
+djanneli.tk, 1
+djarman.tk, 1
+djattack.com, 1
+djav.org, 1
+djawabna.ga, 1
+djax.tk, 1
+djazair.ml, 1
+djazair.tk, 1
+djazim.tk, 1
+djbardhi.tk, 1
+djbell.tk, 1
+djbessi.tk, 1
+djbobbytables.com, 1
+djboi.tk, 1
+djboomarang.tk, 1
+djboris.com, 1
+djbrixx.tk, 1
+djcaz.tk, 1
+djcezar.tk, 1
+djcheka.tk, 1
+djcirce.tk, 1
+djconde.tk, 1
+djconker.tk, 1
+djcontact.tk, 1
+djcritikal.tk, 1
+djcursuszwolle.nl, 1
+djdan.tk, 1
+djdarkz.tk, 1
+djdavid98.art, 1
+djddt.tk, 1
+djdebayanofficial.ga, 1
+djdennis.tk, 1
+djdiego.tk, 1
+djduckie.tk, 1
+djefsane.tk, 1
+djembeforum.tk, 1
+djerba-tunisie.tk, 1
+djfafafa.com, 1
+djfantum.com, 1
+djfaruk.tk, 1
+djfed.tk, 1
+djfede.tk, 1
+djfelix.tk, 1
+djfilms.tk, 1
+djfrenchy.com, 1
+djfunkyju.de, 1
+djgarcia.tk, 1
+djh-nordmark.de, 1
+djharun.tk, 1
+djhooligan.tk, 1
+djhouse.tk, 1
+djhozby.tk, 1
+djhypnoticstate.tk, 1
+djichtus.tk, 1
+djieno.com, 1
+djinstinct.tk, 1
+djjacs.tk, 1
+djjck.com, 1
+djjck.net, 1
+djjonimix.tk, 1
+djkemal.tk, 1
+djkhalid.tk, 1
+djkonor.tk, 1
+djl188.cc, 1
+djl63.com, 1
+djl63001.com, 1
+djleon.net, 1
+djlifemusic.tk, 1
+djlinux.cz, 1
+djlive.ga, 1
+djlmk.tk, 1
+djlogic.tk, 1
+djlove.tk, 1
+djluca.tk, 1
+djmafia.tk, 1
+djmania.es, 1
+djmanikbd.gq, 1
+djmathew.tk, 1
+djmetrix.tk, 1
+djmilad.tk, 1
+djmissynthia.tk, 1
+djmullet.tk, 1
+djmus.tk, 1
+djnandoalmenara.tk, 1
+djnash.tk, 1
+djnefret.tk, 1
+djnext.tk, 1
+djogani.tk, 1
+djoiasoficial.com.br, 1
+djoos.de, 1
+djosu.tk, 1
+djoszee.tk, 1
+djovanov.tk, 1
+djpatrik.tk, 1
+djpiere.tk, 1
+djpippoalpar.tk, 1
+djpromo.tk, 1
+djpyerr.tk, 1
+djramage.tk, 1
+djrider.tk, 1
+djrizwan.tk, 1
+djrofex.tk, 1
+djroynomden.nl, 1
+djrunaway.tk, 1
+djrush134.tk, 1
+djsamurai.tk, 1
+djsciencecollege.tk, 1
+djsearch.tk, 1
+djselo.tk, 1
+djsetitalia.tk, 1
+djshivbabu.tk, 1
+djshox.tk, 1
+djsina.tk, 1
+djsk.nl, 1
+djskippy.tk, 1
+djslash.tk, 1
+djsm.ga, 1
+djspacies.com, 1
+djt-vom-chausseehaus.de, 1
+djtavo.tk, 1
+djthibodeau.com, 1
+djtiago.tk, 1
+djtime.fr, 1
+djtourist.tk, 1
+djurensvanner.tk, 1
+djurklinikenangelholm.se, 1
+djursland-psykologen.dk, 1
+djvampire.tk, 1
+djviks-rap.tk, 1
+djvintagevinyl.com, 1
+djvintagevinyl.de, 1
+djvintagevinyl.nl, 1
+djvirus.tk, 1
+djwaynepryke.com, 1
+djwilson.tk, 1
+djyaman.tk, 1
+djyoungcruse.tk, 1
+dk-kromeriz.cz, 1
+dk.com, 1
+dk.search.yahoo.com, 0
+dk1818.cc, 1
+dkay.me, 1
+dkay.xyz, 1
+dkbilliards.com, 1
+dkcoks.gov, 1
+dkcomputers.com.au, 1
+dkdigital.tk, 1
+dkds.us, 1
+dkec2.space, 1
+dkgamers.tk, 1
+dkids.com.br, 1
+dkim-validator.com, 1
+dkma.dk, 1
+dknoops.xyz, 1
+dko-steiermark.ml, 1
+dkonline.tk, 1
+dkos10.com, 1
+dkos2.com, 1
+dkos3.com, 1
+dkos4.com, 1
+dkos5.com, 1
+dkos6.com, 1
+dkos7.com, 1
+dkos8.com, 1
+dkos9.com, 1
+dkproducts.nl, 1
+dkravchenko.su, 0
+dksh.com, 1
+dksinger.tk, 1
+dksoft-2130.ddns.net, 1
+dksoft.online, 1
+dkstage.com, 1
+dkweb.ml, 1
+dkweb.tk, 1
+dkwedding.gr, 1
+dl-navigator.by, 1
+dl-protect.tk, 1
+dl.google.com, 1
+dl444.net, 1
+dlaces.it, 1
+dlagos.com, 1
+dlagoss.com, 1
+dlandroid24.com, 1
+dlatego.com, 1
+dlazmyslow.pl, 1
+dlbouncers.co.uk, 1
+dlcompare.co.uk, 1
+dlcompare.com, 1
+dlcompare.de, 1
+dlcompare.fr, 1
+dlcompare.it, 1
+dlcompare.pt, 1
+dlcompare.ru, 1
+dlcwilson.com, 1
+dlde.ru, 1
+dleet.com, 1
+dleger.space, 1
+dler.at, 1
+dlevans.com, 1
+dlf.exchange, 1
+dlfsymposium.nl, 1
+dlg.im, 1
+dlgf.com, 1
+dlitz.net, 1
+dll4free.com, 1
+dlld.biz, 1
+dlld.com, 1
+dlld.org, 1
+dlld.us, 1
+dllsearch.net, 1
+dlmarket.jp, 1
+dlmeto.com, 1
+dlmixcloud.com, 1
+dlouwrink.nl, 0
+dlp-demo.com, 1
+dlrg-cux-ohz.de, 0
+dlscomputers.com.au, 1
+dlsolutions-inc.com, 1
+dlt.green, 1
+dlttrading.com, 1
+dluxelab.com, 1
+dlv-registry.com, 1
+dlv-registry.net, 1
+dlyabega.tk, 1
+dlyaribalki.tk, 1
+dlyatepla.ml, 1
+dlyl888.com, 1
+dm-0.com, 1
+dm-918kiss.com, 1
+dm-drogeriemarkt.at, 1
+dm-drogeriemarkt.ba, 1
+dm-drogeriemarkt.bg, 1
+dm-drogeriemarkt.cz, 1
+dm-drogeriemarkt.de, 1
+dm-drogeriemarkt.hr, 1
+dm-drogeriemarkt.hu, 1
+dm-drogeriemarkt.it, 1
+dm-drogeriemarkt.mk, 1
+dm-drogeriemarkt.ro, 1
+dm-drogeriemarkt.rs, 1
+dm-drogeriemarkt.si, 1
+dm-drogeriemarkt.sk, 1
+dm-ppp.jp, 1
+dm-tools.co.uk, 1
+dm.at, 1
+dm.cw, 1
+dm.cz, 1
+dm.de, 1
+dm.hr, 1
+dm.hu, 1
+dm.mk, 1
+dm.pl, 1
+dm.ro, 1
+dm.rs, 1
+dm.si, 1
+dm1.in, 1
+dm4productions.com, 1
+dm6.co, 1
+dm7ds.de, 1
+dm8.link, 1
+dmaglobal.com, 1
+dmarc-hd.org, 1
+dmarc.dk, 1
+dmarc.io, 1
+dmarcian.com, 1
+dmarcpal.com, 1
+dmartpreneur.com, 1
+dmautomek.no, 1
+dmc-cc.de, 1
+dmc-commerce-consultants.de, 1
+dmc.ae, 1
+dmc.cc, 1
+dmc030.de, 1
+dmccommerceconsultants.de, 1
+dmclix.com, 1
+dmcw.de, 1
+dmd.lv, 1
+dmdata.jp, 1
+dmdc.mil, 1
+dmdd.org.uk, 1
+dmdiamonds.tk, 1
+dme.net, 1
+dme.web.id, 1
+dmehub.com, 1
+dmesg.sk, 1
+dmfd.net, 1
+dmfj.io, 1
+dmforcesupport.com, 1
+dmforcesupport.marketing, 1
+dmfss.com, 1
+dmfss.tv, 1
+dmg.st, 1
+dmhomedesign.pl, 1
+dmhoteles.pe, 1
+dmhy.com, 1
+dmi.es, 1
+dmi.gov.lb, 1
+dmiapis.id, 1
+dmilb.org, 1
+dmillerlaw.com, 1
+dmitryg.name, 1
+dmitrysnotes.ru, 1
+dmitrysyrov.com, 1
+dmix.ca, 1
+dmlaser.nl, 1
+dmlive.wiki, 1
+dmma.be, 1
+dmmedya.com, 1
+dmmkenya.co.ke, 0
+dmn.sh, 1
+dmni.my, 1
+dmoj.ca, 1
+dmosk.ru, 1
+dmparish.com, 1
+dmr446.fr, 1
+dmrhub.cloud, 1
+dmrhub.net, 1
+dmrhub.network, 1
+dmshynk.com, 1
+dmslog.com, 1
+dmslog.com.br, 1
+dmtcustoms.co.za, 1
+dmu.ac.ae, 1
+dmvhomesgroup.com, 1
+dmvivienda.pe, 1
+dmwall.cn, 1
+dmwaste.com, 0
+dmwclan.tk, 1
+dmx.xyz, 1
+dmxclan.tk, 1
+dmz.rs, 1
+dmze.tk, 1
+dmzlab.se, 1
+dn3s.me, 1
+dn42.us, 1
+dna-technology.ua, 1
+dna.li, 0
+dnabler.eu, 1
+dnadk.com, 1
+dnalounge.com, 1
+dnapagamentos.com.br, 1
+dnapizza.com, 1
+dnash.tk, 1
+dnastaffinginc.com, 1
+dnb.co.in, 1
+dnb.dk, 1
+dnb.no, 1
+dnb.se, 1
+dnbbedrift.no, 1
+dnbfeed.no, 1
+dnbfinans.se, 1
+dnbfonder.se, 1
+dnbgroup.lu, 1
+dnbnor.co.uk, 1
+dnbnor.com, 1
+dnbnor.com.cn, 1
+dnbnor.no, 1
+dnbnor.se, 1
+dnbnorbedrift.no, 1
+dnbnord.com, 1
+dnbnorfinance.eu, 1
+dnbnorfinans.com, 1
+dnbnorfinans.eu, 1
+dnbnorfinans.no, 1
+dnbnorfond.no, 1
+dnbnorkort.no, 1
+dnbnorprivat.no, 1
+dnbprivat.no, 1
+dnbung.no, 1
+dnc.org.nz, 1
+dndblog.tk, 1
+dnddobbelstenen.nl, 1
+dndtools.net, 1
+dnel.me, 1
+dneprfilm.top, 1
+dnepropetrovck.tk, 1
+dneprovski.tk, 1
+dnestr.tk, 1
+dnevnichok.club, 1
+dnfc.rocks, 1
+dnfsb.gov, 1
+dngrexplorer.cf, 1
+dngsnl.com, 1
+dnhome.net, 0
+dnhome.uk, 0
+dnjwpa.com.pl, 1
+dnk.company, 1
+dnmlab.it, 1
+dnns.no, 1
+dnplegal.com, 1
+dnpprogramstudies.com, 1
+dnratthee.me, 1
+dnrt-esports.nl, 1
+dns-check.nl, 0
+dns-control.eu, 1
+dns-free.link, 1
+dns-swiss.ch, 1
+dns.expert, 1
+dns.google.com, 1
+dns.gov, 1
+dns.sb, 1
+dns.sh, 1
+dnsaio.com, 1
+dnsbird.org, 1
+dnsbl-servers.org, 1
+dnscaa.com, 1
+dnscrawler.com, 1
+dnscrypt-blacklist.tk, 1
+dnscrypt.info, 1
+dnscrypt.nl, 1
+dnscurve.io, 1
+dnsdns.today, 1
+dnsecho.net, 1
+dnsecho.org, 1
+dnshallinta.fi, 1
+dnshelper.com, 1
+dnshotel.dk, 1
+dnsinfo.ml, 1
+dnsipv6.srv.br, 0
+dnskeep.com, 1
+dnskeeper.com, 1
+dnslog.com, 1
+dnslow.me, 1
+dnslytics.com, 1
+dnsman.se, 1
+dnsmate.net, 1
+dnsnox.com, 1
+dnspod.ml, 1
+dnspropagation.net, 1
+dnsrate.com, 1
+dnsrevolve.com, 1
+dnsscience.org, 1
+dnssecandipv6.se, 1
+dnssecunsigned.com, 1
+dnssex.com, 1
+dnsspeed.com, 1
+dnstwister.report, 1
+dnsvrfy.com, 1
+dnsvrfy.eu, 1
+dnsvrfy.net, 1
+dnsvrfy.org, 1
+dnswarden.com, 0
+dnt1egh97ehxx.cloudfront.net, 1
+dnvod.ml, 1
+do-do.tk, 1
+do-it-service.de, 1
+do-not.click, 1
+do-prod.com, 0
+do.gd, 1
+do.ne, 1
+do.search.yahoo.com, 0
+do13.net, 1
+do67.de, 1
+do67.net, 1
+doanhai.tk, 1
+doanhnhankhanhhoa.vn, 0
+dob46.mazowsze.pl, 1
+dobavki.club, 1
+dobbshvac.com, 1
+dobledemichaeljackson.tk, 1
+doblejewel.shop, 1
+dobleseo.pro, 1
+dobookmark.ml, 1
+doboszynski.com, 1
+dobramagia.pl, 1
+dobraprace.cz, 0
+dobrekupony.cz, 1
+dobrekupony.pl, 1
+dobrekupony.sk, 1
+dobreoknaszczecin.pl, 1
+dobrev.family, 1
+dobrinya.tk, 1
+dobrisan.ro, 1
+dobrisan.uk, 1
+dobro.ml, 1
+dobrodar.tk, 1
+dobrodruzi.tk, 1
+dobrynyastyle.ru, 1
+dobryprezident.sk, 1
+doc-baza.tk, 1
+doc.ai, 1
+doc.new, 1
+doc.python.org, 1
+doc8643.com, 1
+docabo.ch, 1
+docbox.ch, 1
+docbrown.dk, 1
+doccafe.com, 1
+docdoc.tel, 1
+docedic.com, 1
+docemeldoces.com, 1
+docertify.com, 0
+docesmartini.com.br, 1
+docguide.com, 1
+docha.tk, 1
+dochimera.com, 1
+dochub.com, 1
+dock-bar.com, 1
+dock.tech, 1
+dock23.de, 1
+dockerbook.com, 0
+dockerm.com, 1
+dockerup.net, 1
+dockflow.com, 1
+dockmastersonline.com, 1
+dockstarter.com, 1
+dockysearch.com, 1
+doclassworks.com, 1
+docline.gov, 1
+docloudu.info, 1
+doclub.uz, 1
+doclures.com, 1
+docmartinchiropractic.com, 1
+docmode.org, 1
+docogo.ga, 1
+docplexus.com, 1
+docpost.ml, 1
+docs-kelis.fr, 1
+docs.google.com, 1
+docs.moe, 0
+docs.python.org, 1
+docs.tw, 1
+docsend.com, 1
+docsity.com, 1
+docsrev-aws.io, 1
+docsunited.net, 1
+docswallet.com, 1
+doctabaila.com, 1
+doctaforum-diferidos.com, 1
+doctaforum-events.org, 1
+doctaforum-test.com, 1
+docteur-delorme.fr, 1
+doctoblog.fr, 1
+doctor-locks.co.uk, 1
+doctorbini.com, 1
+doctorcalefon.com, 1
+doctordabbah.com, 1
+doctordangond.com, 1
+doctorebonie.com, 1
+doctorfox.co.uk, 1
+doctoriko.tk, 1
+doctoripfix.com, 1
+doctorkaraca.com, 1
+doctorlab.am, 1
+doctormahamudul.tk, 1
+doctormartinclavo.tk, 1
+doctornaima.ml, 1
+doctornet.ml, 1
+doctorofnursingpracticednp.org, 1
+doctorpage.info, 1
+doctorperu.com, 1
+doctorpower.ga, 1
+doctorpup.com, 1
+doctorradio.tk, 1
+doctorsarfarazdo.ga, 1
+doctorshealthfund.com.au, 1
+doctorsinternet.com, 1
+doctorswithoutborders.org, 1
+doctorwho.cz, 1
+doctour.eu, 1
+doctour.fr, 1
+doctrine.fr, 1
+docu.io, 1
+docubox.info, 1
+docucopies.com, 1
+docufiel.com, 0
+docugate.cloud, 1
+docugatetest.cloud, 1
+documaniatv.com, 1
+document-translation-nationwide.com, 1
+documentalista.cat, 1
+documentat.ga, 1
+documentations-sociales.com, 1
+documentationsite.net, 1
+documentforce.com, 1
+documentnode.io, 1
+documods.com, 1
+docupaymentuat.xyz, 1
+docupub.com, 1
+docusearch.com, 1
+docusend.biz, 1
+docusign.ca, 1
+docusign.co.uk, 1
+docusign.com, 1
+docusign.com.au, 1
+docusign.com.br, 1
+docusign.com.es, 1
+docusign.de, 1
+docusign.fr, 1
+docusign.in, 1
+docusign.jp, 1
+docusign.mx, 1
+docusign.nl, 1
+docutayho.com, 1
+docxtemplater.com, 1
+doczlo.tk, 1
+doda.space, 1
+dodacommunity.tk, 1
+dodard.link, 1
+doddridgecountywv.gov, 1
+dodds.cc, 1
+doddy.tk, 1
+dodecaedro.tk, 1
+dodgecountymn.gov, 1
+dodgecountyne.gov, 1
+dodgevillewi.gov, 1
+dodi-alhelo.tk, 1
+dodi-repacks.site, 1
+dodiedods.fr, 1
+dodikod.tk, 1
+dodolle.co.uk, 1
+dodotool.ru, 1
+dodylesmana.com, 1
+doedelzakken-jsh.tk, 1
+doegirls.com, 1
+doehle-group.com, 1
+doeleman.nl, 1
+doencadobeijo.com, 1
+doener-curator.com, 1
+doenets.lk, 1
+doenjoylife.com, 1
+doeprojects.com, 1
+doerz.com, 1
+doesburg-comp.nl, 1
+doesinfotech.com, 1
+doesmycodehavebugs.today, 1
+doetwat.nl, 1
+dof.gov.ph, 1
+dofashion.tk, 1
+dofedex.com, 1
+dofus-aide.tk, 1
+dofus.market, 1
+dofux.org, 1
+dog-likeeyes.tk, 1
+doga.tk, 1
+dogadostuambalaj.com, 1
+dogaicincal.com, 1
+dogalsoyamumu.com, 1
+dogan.ch, 0
+doganoglu.net, 1
+dogcat.vn, 1
+dogchina.com, 1
+dogcratereview.info, 1
+dogday.tk, 1
+dogdayafternoons.biz, 1
+doge-fa.tk, 1
+dogear.ch, 0
+dogecdn.wtf, 1
+dogecoinnews.net, 1
+dogecoinnews.org, 1
+dogespeed.gq, 1
+dogespeed.ml, 1
+dogfights.tk, 1
+dogforum.de, 1
+dogfriendly.co.uk, 1
+dogfriendlyplaces.eu, 1
+dogft.com, 1
+doggingclub.tk, 1
+doggo-staging.herokuapp.com, 1
+doggo.cloud, 1
+doggo.email, 1
+doggroomingcourse.com, 0
+doghandling.tk, 1
+doghousedigital.com, 1
+doginaflat.com, 1
+dogingtonpost.com, 1
+dogite.org, 1
+doglifejacket.tk, 1
+doglist.ga, 1
+doglog.com, 1
+dogma.it, 1
+dogma2000.tk, 1
+dogmagic.tk, 1
+dogmap.jp, 1
+dogmazic.net, 1
+dogodki.today, 1
+dogofwar.tk, 1
+dogoo.com, 1
+dogpawstudio.com, 1
+dogprograms.net, 1
+dogrupara.com, 1
+dogscare.tk, 1
+dogsforfun.tk, 1
+dogsite.tk, 1
+dogsnaturallymagazine.com, 1
+dogsnow.com, 1
+dogsport.org, 1
+dogtoetreads.com, 1
+dogtowneastpowell.com, 1
+dogtrack.tk, 1
+dogtrainingnaples.com, 1
+dogualp.com, 1
+dogvolution.com, 1
+dogwoodceramics.com, 1
+dogworld.com.br, 1
+doh.pub, 1
+doh.sb, 1
+dohanews.co, 1
+dohertyconsulting.tk, 1
+doi.org, 1
+doihavetoputonpants.com, 1
+doinaruscior.eu, 1
+doineedanmdm.com, 1
+doinwp.com, 1
+doist.com, 1
+doit-intl.com, 1
+doit.com, 1
+doitauto.de, 1
+doj.gov.in, 1
+doja-cat.ru, 1
+dojah.io, 1
+dojifish.space, 1
+dojihomes.vn, 1
+dojin.nagoya, 1
+dojki.cf, 1
+dojki.ga, 1
+dojki.gq, 1
+dojmt.gov, 1
+dojocasts.com, 1
+dojodigital.co.uk, 1
+dojozendebourges.fr, 1
+dokanline.com, 1
+dokcar.com.br, 1
+dokee.cn, 1
+dokelio-idf.fr, 1
+dokipy.no, 1
+doklinik.com, 1
+dokonline.tk, 1
+dokspot.cf, 1
+dokspot.ga, 1
+doktererectie.com, 1
+doktorplyusheva.ml, 1
+doku-gilde.de, 1
+dokuboard.com, 1
+dokuev.ga, 1
+dokument.tk, 1
+dokuraum.de, 1
+dokutech.fr, 1
+dolbyatmosmusiclist.com, 1
+dolce-vita-mia.tk, 1
+dolcesalatoweb.it, 1
+dolceuvita.com, 1
+dolchhut.tk, 1
+dolci-delizie.de, 1
+dolciariasimonini.com, 1
+dolciterapie.com, 1
+doldersumenzoon.tk, 1
+doleta.gov, 1
+dolezalpartners.com, 1
+dolfotransport.com, 1
+dolg.cf, 1
+dolg.ga, 1
+dolg.gq, 1
+dolg.ml, 1
+dolg.tk, 1
+dolgopolova.ga, 1
+dolgorukovo.cf, 1
+dolice.net, 1
+dolinathome.com, 1
+dolkfm.tk, 1
+doll.gq, 1
+doll.ml, 1
+dollarads.cf, 1
+dollarads.ga, 1
+dollareast.tk, 1
+dollarhero.ga, 1
+dollarprofit.tk, 1
+dollarrp.pl, 1
+dollarweb.cf, 1
+dolle-shop.com.ua, 1
+dolledout.co.ke, 1
+dollemore.com, 1
+dollestieren.tk, 1
+dollhouseaustralia.com, 1
+dolliesmaker.tk, 1
+dolly.ga, 1
+dollylox.tk, 1
+dollz-world.tk, 1
+dollz.tk, 1
+dolmencleanroom.com, 1
+dolmenejecutores.com, 1
+dolmeningenieria.com, 1
+dolmentree.tk, 1
+dolnolinevo.tk, 1
+dolo.tk, 1
+dolomititour.com, 1
+dolonki.beauty, 1
+dolorism.com, 1
+dolph.de, 1
+dolphin-cloud.com, 1
+dolphin-hosting.com, 1
+dolphin-it.de, 1
+dolphinbraces.com, 1
+dolphins.tk, 1
+dolphyserver.tk, 1
+dolys.fr, 1
+dom-byt.tk, 1
+dom-desertov.tk, 1
+dom-riviere.tk, 1
+dom.blog, 1
+dom2news.gq, 1
+dom2news.tk, 1
+dom2seychelles.tk, 1
+dom2tnt.tk, 1
+doma.in, 1
+domacikavarna.cz, 1
+domadillo.com, 1
+domagovic.tk, 1
+domain-comparison.com, 1
+domain-ermittlung.de, 1
+domain-skachat.cf, 1
+domain-speicher.com, 0
+domain-swiss.ch, 1
+domain.ch, 1
+domaine-aigoual-cevennes.com, 1
+domaine-de-garbelle.com, 1
+domaine-de-vermoise.fr, 1
+domainedemanville.fr, 1
+domainevanina.fr, 1
+domainexpress.de, 0
+domainforfree.gq, 1
+domainhostingcompany.tk, 1
+domainics.ml, 1
+domainify.ca, 1
+domainlions.com, 1
+domainmonitor.net, 1
+domainoo.com, 0
+domainoo.fr, 1
+domainops.gov, 1
+domainproactive.com, 1
+domainresidential.com.au, 1
+domains-hoarden-ist-ein-ernstes-problem-suchen-sie-sich-hilfe.jetzt, 1
+domains.google.com, 1
+domains.lt, 1
+domainsearchindia.com, 1
+domainservice.cf, 1
+domainsetup.email, 1
+domainsilk.com, 1
+domainspeicher.com, 0
+domainstaff.com, 1
+domaintm.in, 1
+domainvoider.cf, 1
+domakidis.com, 1
+domarkperu.com, 1
+domashnij-pk.ru, 1
+domashnijpk.ru, 1
+domashniy-server.tk, 1
+domaxpoker.com, 1
+domaza.gq, 1
+domaza.ml, 1
+domcc.tel, 1
+domeconseil.fr, 1
+domein-direct.com, 1
+domein-direct.nl, 1
+domeindns.nl, 1
+domeinhub.nl, 1
+domekklimkowka.com, 1
+domen-reg.ru, 1
+domenaru.ga, 1
+domenic.me, 1
+domenicam.com, 1
+domenick-lieneweg.de, 1
+domenico.lviv.ua, 1
+domenicods.tk, 1
+domhaase.me, 1
+domharmonia.bg, 1
+domhos.tk, 1
+domialt.de, 1
+domian.cz, 1
+dominanta-law.com, 1
+dominateyourmarket247.com, 1
+dominationgame.co.uk, 1
+dominatorauckland.co.nz, 1
+dominctheroofguy.com, 1
+dominguezchiropractic.com, 1
+dominicana-lux.cf, 1
+dominicandfelixroco.tk, 1
+dominicanisimo.tk, 1
+dominicanosenpr.com, 1
+dominichoward.tk, 1
+dominicinc.com, 1
+dominicjackson.cf, 1
+dominicjackson.ga, 1
+dominicjackson.gq, 1
+dominicself.co.uk, 1
+dominicself.com, 1
+dominicself.uk, 1
+dominictaylor.co.uk, 1
+dominik-bergmann.de, 1
+dominik-steiner.at, 1
+dominik.st, 1
+dominikaner-vechta.de, 1
+dominikconrads.de, 1
+dominikriedig.de, 1
+dominioanimal.com.br, 1
+dominionlending.ca, 1
+dominionpayroll.net, 1
+dominiopruebados.ml, 1
+dominiostk.tk, 1
+dominique-haas.fr, 0
+domino.com.ge, 1
+domino99.ml, 1
+domino99.tk, 1
+dominobot.ir, 1
+dominobreaker.ml, 1
+dominoknihy.cz, 0
+dominolessons.ga, 1
+dominomatrix.com, 1
+dominoqq.asia, 1
+dominoz.tk, 1
+domitori.tk, 1
+domix.fun, 1
+domizx.de, 1
+domjh.com, 1
+domkiwgrodku.pl, 1
+domlist.tk, 1
+dommaster.info, 1
+dommistrza.pl, 1
+dommod.tk, 1
+domnaslonecznej.pl, 1
+domob.eu, 1
+domodeco.fr, 1
+domofon.io, 0
+domokode.ru, 1
+domop.org, 1
+domoplus.ca, 1
+domostroiy.tk, 1
+domostroydon.ru, 1
+domostroynn.ru, 1
+domostroyrf.ru, 1
+domotics101.com, 1
+domovik-magz.tk, 1
+domovitae.io, 1
+domowe-potrawy.pl, 1
+domowejroboty.pl, 1
+domowezrodlozdrowia.pl, 1
+domp.pl, 1
+domparts.com.au, 1
+dompetdhuafa.org, 1
+domprojects.com, 1
+domps.fr, 1
+domreg.lt, 1
+domsamogona.ru, 1
+domscripting.com, 1
+domt.com, 1
+domu.ro, 1
+domucmayintainha.com.vn, 1
+domus-global.com, 1
+domus-global.cz, 1
+domus-rely.com, 1
+domyassignments.com, 1
+domycasestudy.com, 1
+domycoding.com, 1
+domycoursework.com, 1
+domycreativewritings.com, 1
+domydissertations.com, 1
+domyessay.net, 1
+domyhomework123.com, 1
+domyhomeworks.net, 1
+domyiadaptacje.pl, 1
+domynetwork.com, 1
+domypapers.com, 1
+domyresearchpaper.com, 1
+domyreview.net, 1
+domyspeech.com, 1
+domytermpaper.com, 1
+domythesis.net, 1
+domyzitrka.cz, 1
+domznak.ru, 1
+don-news.tk, 1
+donabeneko.jp, 1
+donacarlota.net.br, 1
+donacije.rs, 1
+donaciondeorganos.gov, 1
+donalblaney.cf, 1
+donalblaney.ga, 1
+donalblaney.gq, 1
+donaldduck.nl, 1
+donaldtrump.ga, 1
+donaldwarner.com, 1
+donamflor.com, 1
+donarmany.online, 1
+donat.cloud, 1
+donate-streamer.com, 1
+donate.lol, 1
+donateabox.org, 1
+donateaday.net, 1
+donatellapratas.com.br, 1
+donation.ph, 1
+donationexecutor.com, 1
+donazione.it, 1
+doncastermoneyman.com, 1
+dondiabolo.com, 1
+donec.tk, 1
+donedeal.co.uk, 1
+donedeal.ie, 1
+donedealtest.com, 1
+doneinteriorerp.com, 1
+donera.tk, 1
+donewhen.email, 1
+donewhen.eu, 1
+donewhen.net, 1
+donewhen.nl, 1
+donewhen.org, 1
+donfelino.tk, 0
+donga.tk, 1
+dongbd.com, 1
+dongcdn.com, 1
+dongchenyue.art, 1
+donge.fr, 1
+donghanh.com.vn, 1
+donghochinhhang.store, 1
+donghua-europe.com, 1
+donghuapiandaquan.com, 1
+dongjian.com, 1
+dongkepu.com, 1
+dongor.tk, 1
+donhoward.org, 0
+doninformatico.ga, 1
+doniramdoni.tk, 1
+donislawdev.com, 1
+donkerslootjes.nl, 1
+donkeytrekkingkefalonia.com, 1
+donnaandscottmcelweerealestate.com, 1
+donnabrothers.com, 1
+donnacha.blog, 1
+donnachie.net, 1
+donnahay.com.au, 1
+donnapepe.tk, 1
+donner-reuschel.de, 0
+donnerhollenconstruction.com, 1
+donnerwetter.tk, 1
+donngle.com, 1
+donnons.org, 0
+donnoval.ru, 0
+donorscape.com, 1
+donostiweb.tk, 1
+donotcall.gov, 1
+donotdepart.com, 1
+donpanda.cz, 1
+donpi.it, 1
+donpietraos.tk, 1
+donplafon.ru, 1
+donpomodoro.com.co, 1
+donquix.nl, 1
+donsremovals.com.au, 1
+dont.re, 1
+dont.watch, 1
+dontasktoask.com, 1
+dontbeevil.com, 1
+dontbreakme.com, 1
+dontbubble.me, 1
+dontcageus.org, 1
+donteaetcrayons.tk, 1
+donteffwithmyvote.com, 1
+donteffwithmyvote.org, 1
+donteffwithmyvote.us, 1
+dontefwithmyvote.com, 1
+dontefwithmyvote.org, 1
+dontefwithmyvote.us, 1
+dontenedor.com, 1
+dontfuckwithmy.vote, 1
+dontfuckwithmyvote.com, 1
+dontfuckwithmyvote.net, 1
+dontfuckwithmyvote.org, 1
+dontfuckwithmyvote.us, 1
+dontfwithmy.vote, 1
+dontfwithmyvote.com, 1
+dontfwithmyvote.net, 1
+dontfwithmyvote.org, 1
+dontfwithmyvote.us, 1
+donthedragonwilson.com, 1
+dontkeylog.me, 1
+dontkillspike.tk, 1
+dontpayfull.com, 1
+dontstopcoffee.com, 1
+dontvisit.me, 1
+dontwastethewood.com, 1
+donumanimo.pl, 1
+donutcompany.co.jp, 1
+donwhen.com, 1
+donwhen.email, 1
+donwhen.eu, 1
+donwhen.net, 1
+donwhen.nl, 1
+donwhen.org, 1
+donwilkssculptor.com, 1
+doo.is, 1
+dooby.fr, 1
+doodle.com, 1
+doodlecorn.com, 1
+doodlegames.tk, 1
+doolac.com, 1
+dooleylabs.com, 1
+doomsdaymag.tk, 1
+doomsworld.com, 1
+doomtech.net, 1
+doonvalleytrail.co.uk, 1
+doooooops.com, 1
+doop.im, 1
+doorchaser.tk, 1
+doordash.com, 1
+doordash.news, 1
+doordash.red, 1
+doordecor.bg, 1
+doorframe.com, 1
+doorin.tk, 1
+doorlinekktc.tk, 1
+doornmore.com, 1
+doors-and-windows.tk, 1
+doorservice.ml, 1
+doorsystemsweden.se, 1
+doortodoor.ml, 1
+doottrucks.com.au, 1
+dopamine.tk, 1
+dopefile.cf, 1
+dopefile.tk, 1
+dopei.com, 1
+dopeillustrators.com, 1
+dopesoft.de, 1
+dopewars.tk, 1
+dopfer-fenstertechnik.de, 1
+dopiatku.pl, 1
+doppeleinhorn.de, 1
+doppenpost.nl, 1
+doppler.com, 1
+doppler.team, 1
+dor-tak.com, 1
+dor-tak.ru, 1
+dora.cat, 1
+dora.moe, 1
+dorados.tk, 1
+doradoscampeon.tk, 1
+doraemonchile.tk, 1
+dorama.gq, 1
+doramamusic.gq, 1
+doramiru.com, 1
+doranobi-fansub.id, 1
+dorcelvision.com, 1
+dorco.be, 1
+dordtpas.nl, 1
+doremy.be, 1
+dorfbrunnen.eu, 0
+dorfkultur.net, 1
+dorfpark-falkenburg.de, 1
+dorfzittig.de, 1
+doriangardes.fr, 1
+doriangirod.ch, 0
+dorianharmans.nl, 1
+dorianmuthig.com, 1
+doridian.com, 1
+doridian.de, 1
+doridian.net, 1
+doridian.org, 1
+dorier-digiplace.com, 1
+dorisdeluxe.com, 1
+dorizonline.tk, 1
+dorkface.tk, 1
+dormi.hu, 1
+dormilaine.fr, 1
+dorminyeremenyjatek.hu, 1
+dormirmucho.com, 0
+dormitengernyikaland.hu, 1
+dormiu.com, 1
+dormiu.com.br, 1
+dormkitty.com, 1
+dorogaminina.tk, 1
+dorpshuis-dwarsgracht.nl, 1
+dorpsoverlegboskoop.nl, 1
+dorpsparade.tk, 1
+dorquelle.com, 1
+dorrtownshipmi.gov, 1
+dorsavi.com, 1
+dorsaycreative.com, 1
+dorsetentertainments.co.uk, 1
+dorsetthotels.com, 1
+dorth.nl, 1
+dortmund.de, 1
+dortmund.directory, 1
+dorwartsgarage.com, 1
+dorys.ga, 1
+dos-team.tk, 1
+dosavor.com, 1
+dosbox.tk, 1
+dosdiasenlavida.es, 1
+dosei.net, 1
+dosenkiwi.at, 1
+dosenpendidikan.co.id, 1
+dosenpintar.com, 1
+dosensosiologi.com, 1
+doserres.tk, 1
+dosevue.com, 1
+dosgame.club, 1
+dosgratus.tk, 1
+dosimabag.com, 1
+dosimapress.com, 1
+dosite.gq, 1
+dosje.org, 1
+doska.by, 1
+doska.cf, 1
+doska.ru, 1
+doskapozora.tk, 1
+dosomeworks.biz, 1
+dossierbaudet.nl, 1
+dossierweb.tk, 1
+dostal.co, 0
+dostalsecurity.com, 1
+dostat.de, 1
+dostav.tk, 1
+dostavkakurierom.ru, 1
+dostips.com, 1
+dostkuijper.nl, 1
+dosug.gq, 1
+dosug.so, 1
+dosugru.gq, 1
+dosvientoselectric.com, 1
+dosvientoselectrical.com, 1
+dosvientoselectrician.com, 1
+dosvientosexteriorlighting.com, 1
+dosvientoslandscapelighting.com, 1
+dosvientoslighting.com, 1
+dosvientosoutdoorlighting.com, 1
+doswap.com, 1
+doswo-design.at, 1
+dosyaa.tk, 1
+dosyanet.cf, 1
+dosyanet.tk, 1
+doszkocs-zsuzsa.hu, 1
+dot.la, 1
+dot.sb, 1
+dota2expert.ru, 0
+dota2free.tk, 1
+dotadotaman.tk, 1
+dotatic.com, 1
+dotbox.org, 1
+dotcircle.co, 1
+dotcomdesigns.biz, 1
+dotcomtest02-single.azurewebsites.net, 1
+dotconnor.com, 0
+dotfile.tk, 1
+dotgov.gov, 1
+dothaneagle.com, 1
+dotheevolution.tk, 1
+dothegangnamstyle.tk, 1
+dotjesper.com, 1
+dotjesper.dk, 1
+dotjesper.net, 1
+dotjs.party, 1
+dotker.com, 1
+dotkniseandroida.cz, 1
+dotkod.pl, 1
+dotlab.net, 1
+dotlab.nl, 1
+dotlakevillagecouncil-nsn.gov, 1
+dotlaw.co, 1
+dotless.tk, 1
+dotlight.ga, 1
+dotlimino.tk, 1
+dotneko.net, 1
+dotnetdocs.ir, 1
+dotnetfoundation.org, 0
+dotnetsandbox.ca, 1
+dotnext.co.za, 1
+dotovh.ovh, 1
+dotphoto.com, 1
+dotplex.com, 1
+dotpoint.ga, 1
+dotprime.by, 1
+dotrel.com, 0
+dotridmeto.cz, 1
+dotrox.net, 1
+dotshule.ug, 1
+dotsiam.co.th, 1
+dotsiam.com, 1
+dotsiam.in.th, 1
+dotsmesh.com, 1
+dottore.roma.it, 1
+dottormarc.it, 1
+dotweb.com, 1
+dotxyz.lol, 1
+dotya.ml, 1
+dotyk-snov.tk, 1
+dotyk.me, 1
+dotzauer-stb.de, 1
+douai.me, 1
+douban.city, 1
+double20.gg, 1
+doublearm.in, 1
+doubleaste.com, 0
+doublebass-solo.com, 1
+doubled.ml, 1
+doubledranch.tk, 1
+doublefun.net, 1
+doublejack.online, 1
+doubleness.gq, 1
+doublespeak.chat, 1
+doublestat.me, 1
+doubletex.de, 1
+doubleup.com.au, 1
+doubleupgaming.tk, 1
+doublewide.tk, 1
+doublewood.tk, 1
+doubllexchange.com, 1
+doubllexchange.site, 1
+doubllexchange.website, 1
+doubly.tk, 1
+doubtaboutwill.org, 1
+douceurcarlet.com, 1
+doucheba.gs, 0
+doughseeker.com, 1
+doughstory.cf, 1
+douglas-ma.gov, 1
+douglascounty-oregon.gov, 1
+douglascountybar.com, 1
+douglascountycolorado.gov, 1
+douglascountyga.gov, 1
+douglascountyil.gov, 1
+douglascountymn.gov, 1
+douglascountyor.gov, 1
+douglascovotes.gov, 1
+douglascuddletoy.com, 1
+douglascustodio.com.br, 1
+douglasgreenberg.org, 1
+douglasmi.gov, 1
+douglasresende.tk, 1
+douglasrumbaugh.com, 0
+douglassimons.com, 1
+douglegomovie.tk, 1
+dougley.com, 1
+dougsnugs.love, 1
+doujin-domain.cz, 1
+doujin.nagoya, 1
+doujinrepublic.com, 1
+doujinshi.info, 1
+doujinspot.com, 1
+douzer.de, 1
+douzer.earth, 1
+douzer.industries, 1
+dovebuttare.it, 1
+doveconviene.it, 1
+dovecraft.com.ua, 1
+doveholesband.co.uk, 1
+dovemoe.com, 1
+dovenzorgmalawi.nl, 1
+doverfcu.com, 1
+doveriestom.com, 1
+doverma.gov, 1
+dovermotion.com, 1
+doverye.tk, 1
+doveskyger.site, 1
+doveskyger.tk, 1
+dovetailapp.com, 1
+doveweekend.com, 1
+dovizborsa.com, 1
+dovolena-ihned.cz, 1
+dowell.media, 1
+dowhatmakegood.de, 1
+dowhatyoucannow.com, 1
+dowin.at, 1
+dowina.com, 1
+dowling.nz, 1
+dowling.tk, 1
+down-load.dynu.net, 1
+down.pm, 1
+downalarm.cz, 1
+downalarm.sk, 1
+downandouts.tk, 1
+downbook.org, 1
+downestan.ga, 1
+downfall-records.tk, 1
+downfreak.tk, 1
+downgratis.tk, 1
+download-image.ga, 1
+download-knigi.gq, 1
+download-lagu-mp3.com, 1
+downloadabc.cf, 1
+downloadapkpokemongo.ga, 1
+downloadapkpure.tk, 1
+downloadasik.com, 1
+downloadcounter-strike16.com, 1
+downloadfestival.co.uk, 1
+downloadfiles.cf, 1
+downloadforum.ml, 1
+downloadforum.tk, 1
+downloadhindimovie.net, 1
+downloadhindimovies.net, 1
+downloadmoremousepad.ml, 1
+downloads.zdnet.com, 1
+downloadsoftwaregratisan.com, 1
+downloadvipgames.tk, 1
+downrightcute.com, 1
+downset.tk, 1
+downthebayoucharters.com, 1
+downtoagony.tk, 1
+downtoearthjewelry.com, 1
+downtownafrica.com, 1
+downtownboise.org, 1
+downtowncharm.is, 1
+downtownindy.org, 1
+downtownla.com, 1
+downtownmesa.com, 1
+downtownpdx.dog, 1
+downtownraleigh.org, 1
+downtownsuiteliving.com, 1
+downtowntucson.org, 1
+downtownvernon.com, 1
+downunderporn.com, 1
+downwithchina.com, 1
+dowow.tv, 1
+dox-box.eu, 1
+doxa.tk, 1
+doxal.ro, 1
+doxepin1.gq, 1
+doxepinonline.gq, 1
+doxyciclin.ga, 1
+doxyciclin.gq, 1
+doxyciclin.tk, 1
+doxycyclin.gq, 1
+doxycycline-online.cf, 1
+doxycycline1.gq, 1
+doxycyclinehyclate100mgcap.cf, 1
+doxycyclineprices.cf, 1
+doyarki.ga, 1
+doylesalewski.ca, 1
+doylestownborough.net, 1
+doyo.email, 1
+doyo.tech, 1
+doyogawithlina.com, 1
+doyoucheck.com, 0
+doyoulyft.com, 1
+doyoutax.com, 0
+doypacky.cz, 1
+doze-cloud.tech, 1
+dozecloud.com, 1
+dozor.ga, 1
+dozor.gq, 1
+dozor.tk, 1
+dp-clan.tk, 1
+dp-films.de, 1
+dp.cx, 1
+dp7.ro, 1
+dpangerl.de, 0
+dpanosian.com, 1
+dpasn-afpa.fr, 1
+dpatyk.com, 1
+dpc-pca.org, 1
+dpc-software.de, 1
+dpc.ae, 1
+dpcp.fr, 1
+dpd.com.pl, 1
+dpecuador.com, 1
+dpereira.net, 1
+dperson.net, 1
+dpeter.me, 1
+dpfsolutionsfl.com, 1
+dpg.no, 1
+dphipartner.com, 1
+dpi-design.de, 1
+dpim.org.my, 1
+dpinse.com, 1
+dpisecuretests.com, 1
+dpjuse.tk, 1
+dpk.es, 1
+dpkk.ph, 1
+dplpmtud.com, 1
+dpmr446.fr, 1
+dpoairport.au, 1
+dpoairport.com.au, 1
+dpomax.com.br, 1
+dponapratica.com.br, 1
+dpower.tk, 1
+dppstar.com, 1
+dprb.biz, 1
+dpress24.it, 1
+dprmp.org, 1
+dps.srl, 1
+dpsengineers.com.au, 1
+dpsg-hohenlinden.de, 1
+dpsmassage.nl, 1
+dpucarriersma.gov, 1
+dpwsweeps.co.uk, 1
+dqempresas.es, 1
+dqfilesonline.com, 1
+dr-amar.tk, 1
+dr-beyer.de, 1
+dr-dedet.com, 1
+dr-detailing.com, 1
+dr-diffusion.fr, 1
+dr-ermilov.com, 1
+dr-feldman.com, 1
+dr-it.co.uk, 0
+dr-karagenska.com, 1
+dr-kissler.de, 1
+dr-laber.at, 1
+dr-maike-juergens.de, 1
+dr-mgeorgieva.com, 1
+dr-nope.de, 1
+dr-nosrat.tk, 1
+dr-notemann.de, 1
+dr-schlamminger.de, 1
+dr-schuessler.de, 1
+dr-vlasak.cz, 1
+dr-www.de, 1
+dr.mg, 1
+dr2dr.ca, 1
+draadloos-besturen.nl, 1
+draadloze-noodstop.nl, 1
+draagmerriecentrale.nl, 1
+draakjefosfor.be, 1
+drabbin.com, 1
+drabim.org, 1
+drace.biz, 1
+drach.xyz, 1
+dracheisolation.tk, 1
+drachenchronik.com, 1
+drachenleder.de, 1
+dracisvet.cz, 1
+dracoon.team, 1
+dracox.com, 0
+dracula.city, 1
+drafatimagarcia.com, 1
+draftguru.com.au, 1
+drafton.com, 1
+draftposts.com, 1
+dragcave.net, 1
+dragdroplearning.com, 1
+dragfiles.com, 1
+draghive.asia, 1
+draghive.ca, 1
+draghive.co.uk, 1
+draghive.com, 1
+draghive.net, 0
+draghive.org, 1
+draghive.tv, 1
+dragon-aspect.com, 1
+dragon-ballz.tk, 1
+dragon-chem.eu, 1
+dragon-craft.tk, 1
+dragon-hearts.co.uk, 1
+dragon-hearts.com, 1
+dragon-hearts.net, 1
+dragon-team.tk, 1
+dragon.nu, 1
+dragon00.com, 1
+dragon26.com, 1
+dragon95.com, 1
+dragon98.com, 1
+dragonballzfigures.com, 1
+dragonballzstore.com, 1
+dragonbike.by, 1
+dragonboatfestival.tk, 1
+dragonbox.de, 1
+dragoncave.me, 1
+dragoncityhack.tips, 1
+dragonclean.gr, 1
+dragonclicker.ml, 1
+dragonesymazmorras.tk, 1
+dragonfly.co.uk, 0
+dragonflycms.cf, 1
+dragonfosfor.be, 1
+dragonheartsrpg.com, 1
+dragonhill.tk, 1
+dragonkin.net, 1
+dragonlord.tk, 1
+dragonmoviesz.ga, 1
+dragonoid.tk, 1
+dragonpi.ga, 1
+dragonprogrammer.com, 1
+dragonqueen.fi, 1
+dragonradar.tk, 1
+dragonraja.tk, 1
+dragonreal.estate, 1
+dragonroost.tk, 1
+dragonscale.tk, 1
+dragonsgate.ml, 1
+dragonshare.tk, 1
+dragonsorcerers.tk, 1
+dragonsunited.at, 1
+dragonsunited.be, 1
+dragonsunited.ch, 1
+dragonsunited.de, 1
+dragonsunited.eu, 1
+dragonsunited.info, 1
+dragonsunited.li, 1
+dragonsunited.lu, 1
+dragonsunited.net, 1
+dragonsunited.org, 1
+dragontail.tk, 1
+dragonwolfpackaquaria.com, 1
+dragonwork.me, 1
+dragowebdesign.com, 0
+drahcro.uk, 1
+drainagedirect.com, 1
+drainwllc.com, 1
+drak.tk, 1
+drake.partners, 1
+drakecommercial.com, 1
+drakencan.gq, 1
+drakenprospero.com, 0
+drakenson.de, 1
+drakfot.se, 1
+drakia.com, 1
+drakiada.tk, 1
+drakkarbilbao.com, 1
+draknet.eu, 1
+draliabadi.com, 0
+draljarallah.com, 1
+dralucilavolasco.com.br, 1
+drama-live.tv, 1
+drama.tk, 1
+dramacooltv.org, 1
+dramakorea.tk, 1
+dramaquarter.com, 1
+dramaqueer.ch, 1
+dramaslayer.ga, 1
+dramatherapie.tk, 1
+dramaticpeople.com, 1
+dramyalderman.com, 1
+dranderle.com, 1
+drandrewarnold.com, 1
+drandrewlofman.com, 1
+dranik.ga, 1
+dranik.ml, 1
+drankenweb.tk, 1
+drankkoning.nl, 1
+drantonov.bg, 1
+drap-pa.org, 1
+drapeauxdespays.fr, 1
+draper.wtf, 1
+draperutah.gov, 1
+dras.hu, 1
+drastik.cz, 1
+drasyl.org, 0
+drata.com, 1
+drathaisdentista.com.br, 1
+dratini0.hu, 1
+draughts64.org, 1
+draugr.de, 1
+draup.com, 1
+draussen.tk, 1
+draw-bonus.ml, 1
+draw.uy, 1
+drawbridgeconnect.com, 1
+drawchan.org, 1
+drawesome.uy, 1
+drawguess.fun, 1
+drawing.tk, 1
+drawingcode.net, 1
+drawtwo.gg, 1
+drawvesly.ovh, 1
+drawxp.com, 1
+drawzit.com, 1
+draycotthotel.com, 0
+drbadnick.tk, 1
+drbanerjeecures.in, 1
+drbarnabus.com, 0
+drbaxter.com, 1
+drbenbarry.com, 1
+drbet.it, 1
+drblend.com, 1
+drblog.tk, 1
+drbonine.com, 1
+drbresnick.com, 1
+drcardiofit.com, 1
+drcarolynquist.com, 1
+drchapin.com, 1
+drchrislivingston.com, 1
+drchristaengelbrecht.com, 1
+drchrono.com, 1
+drclub.tk, 1
+drcommodore.it, 1
+drcorderocirujanoplastico.com, 1
+drdca.gov, 1
+drdeath.tk, 1
+drdegenhart.de, 1
+drdenisvincenzi.com.br, 1
+drdibbus.nl, 1
+drdipilla.com, 1
+drdispatch.com, 1
+drdripplumbingsydney.com.au, 1
+drduru.com, 1
+dreadd.org, 1
+dreadfully.cf, 1
+dreadfulsanity.com, 1
+dreadlocks.tk, 1
+dreadlord.tk, 1
+dreadnews.ga, 1
+dream-design.tk, 1
+dream-domain.tk, 1
+dream-factory.tk, 1
+dream-pools.cf, 1
+dreamaholic.club, 1
+dreamawake.tk, 1
+dreambbs.tk, 1
+dreambed.com, 1
+dreamboxpro.com, 1
+dreamcartransport.be, 1
+dreamcast-world.tk, 1
+dreamcatchers-events.com, 1
+dreamcrack.tk, 1
+dreamcraft.su, 1
+dreamdivers.com, 1
+dreamelegant.ml, 1
+dreamersgiftshopec.com, 1
+dreamfm.gr, 1
+dreamhostremixer.com, 1
+dreamimd.com, 1
+dreaminformatique.tk, 1
+dreaming.solutions, 1
+dreaminjewelz.tk, 1
+dreamkids-bysiska.com, 1
+dreamlab.co.jp, 1
+dreamlandmagic.com, 1
+dreamlandsdesign.com, 1
+dreamlifeproperty.cf, 1
+dreamlight.cloud, 1
+dreamlinks.tk, 1
+dreamlordpress.it, 1
+dreamlux.cz, 1
+dreamlux.sk, 1
+dreamms.gg, 1
+dreamofice.cn, 1
+dreamoza.com, 1
+dreampages.tk, 1
+dreampointech.com, 1
+dreamqueen.tk, 1
+dreamrae.net, 1
+dreamreality.tk, 1
+dreams-2-reality.com, 1
+dreamsbythelake.com, 0
+dreamsea.tk, 1
+dreamsindigital.tk, 1
+dreamsjob.cf, 1
+dreamsofalostsoul.tk, 1
+dreamsolution.nl, 1
+dreamsphere.tk, 1
+dreamstarter.ml, 1
+dreamstudio.com, 1
+dreamstudios.tk, 1
+dreamsubmitting.tk, 1
+dreamswelcome.com, 1
+dreamsxxl.com, 1
+dreamsystems.tk, 1
+dreamtapestry.ga, 1
+dreamtechie.com, 1
+dreamweavers.live, 1
+dreamwork.financial, 1
+dreamworldstudio.tk, 1
+dreamy-flat-lyon.fr, 1
+dreamytheatre.com, 1
+dreamz-staging.zone, 1
+dreamz.com, 1
+dreatho.com, 1
+dreax.win, 1
+drechsel.xyz, 1
+dredwerkz.tk, 1
+dreemurr.com, 1
+drehabkhalifa.com, 1
+drehpartner-werden.net, 1
+drei01.com, 1
+drei01.de, 1
+drei01.technology, 1
+dreibock.com, 1
+dreid.org, 1
+dreieich.schule, 1
+dreifaltigkeitsgemeinde-leipzig.de, 1
+dreifaltigkeitskirchgemeinde-leipzig.de, 1
+dreifaltigkeitskirchgemeinde.de, 1
+dreigold.de, 1
+dreischneidiger.de, 1
+dreizwosechs.de, 0
+drema.tk, 1
+drendermobilyaservisi.com, 1
+drenergysaveror.com, 1
+drenergysaverpdx.com, 1
+drenergysaverpnw.com, 1
+dresden-kaffee-24.de, 1
+dresden-kaffeeroesterei.de, 1
+dresdener-mandelstollen.de, 0
+dresdens-pfefferkuchenprinzessin.de, 0
+dresdner-christstollen-von-reimann.de, 1
+dresdner-kaffeeroesterei.de, 1
+dresdner-mandelstollen.de, 0
+dresdner-stollen.shop, 0
+dress-cons.com, 1
+dressabelle.tk, 1
+dresscodeny.com, 1
+dressesbal.tk, 1
+dressestore.tk, 1
+dressify.in, 1
+dressingmaternity.fr, 1
+dressshopboutique.com, 1
+dresstique.in, 1
+dreumesshakira.tk, 1
+drevoline.com.ua, 1
+drew.beer, 1
+drew.ga, 1
+drewapianostudio.com, 1
+drewfuller.tk, 1
+drewsilcock.co.uk, 1
+drewtransportllc.com, 1
+drewzar.com, 1
+drexelwood.com, 1
+dreyfussplasticsurgery.com, 1
+drezzy.it, 1
+drfirst.com, 1
+drfranciscofonseca.com.br, 1
+drfrey.ch, 0
+drfuhrman.com, 1
+drgabrielschmitt.com, 1
+drgeadsdavinci.com, 1
+drghomi.com, 1
+drglassgyn.com, 1
+drgn.li, 1
+drgn.no, 1
+drguyfacialplastics.com, 1
+drhathazi.hu, 1
+drheibel.com, 1
+drherndonent.com, 1
+drhildebrand.net, 1
+drhopeson.com, 1
+drhosting.com, 1
+drhowardaubert.com, 1
+drhyler.com, 1
+drianpublishing.tk, 1
+drica.tk, 1
+dricka.tk, 1
+driesjtuver.nl, 1
+driessoftsec.tk, 1
+driestwegkerk.nl, 1
+driftdude.nl, 1
+drifter.tk, 1
+driftingruby.com, 1
+driftkikker.tk, 1
+driftsjournal.dk, 1
+drikaartesanato.com, 1
+drikuansvarligt.dk, 1
+drill.st, 1
+drillcalendar.ga, 1
+drillingsupply.info, 1
+drillingsupplystore.com, 1
+drillion.net, 1
+drillshackresort.com, 1
+drillster.ai, 1
+drillster.be, 1
+drillster.biz, 1
+drillster.cn, 1
+drillster.co, 1
+drillster.co.in, 1
+drillster.co.za, 1
+drillster.com, 1
+drillster.com.br, 1
+drillster.de, 1
+drillster.es, 1
+drillster.eu, 1
+drillster.fr, 1
+drillster.info, 1
+drillster.it, 1
+drillster.mobi, 1
+drillster.net, 1
+drillster.nl, 1
+drillster.org, 1
+drillster.ro, 1
+drillster.se, 1
+drillster.us, 1
+drilster.com, 1
+drilster.nl, 1
+dring.tf, 1
+drink-team.tk, 1
+drinkablegifts.com, 1
+drinkcontrolapp.com, 1
+drinkgo.vn, 1
+drinking.tk, 1
+drinklife.tk, 1
+drinkplanet.eu, 1
+drinks.my, 1
+drinksontap.co.uk, 1
+drinkvhemp.com, 1
+dripflow.co, 1
+dripnaija.com, 1
+dripshop.live, 1
+drishtiias.com, 1
+drison.com, 1
+drissner.me, 0
+driv.io, 1
+drive.google.com, 1
+driveandpark.com, 1
+driveandpark.de, 1
+driveandpark.nl, 1
+drivebespokelab.media, 1
+drivebolt.co.uk, 1
+drivechat.com.au, 1
+drivecrestwood.com, 1
+drivedannyherman.com, 1
+drivedavis.com, 1
+drivedmbowman.com, 1
+drivedvv.ru, 1
+driveelectric.gov, 1
+driveexport.com, 1
+driveforadtransport.com, 1
+driveforartur.com, 1
+driveincleveland.com, 1
+drivemorganvanlines.com, 1
+driven2shine.eu, 1
+drivenes.net, 1
+driventheatre.com, 1
+driventoday.com, 1
+driveoakleytransport.com, 1
+drivepaultransportation.com, 1
+driver.ru, 1
+driveral.com, 1
+driveral.hu, 1
+driverhome.com, 1
+drivermerkezi.tk, 1
+driversandsoftware.com, 1
+driverscollection.com, 1
+drivestarfreight.com, 1
+drivetonortheast.com, 1
+drivewaygateopener.com, 1
+drivewaymaintenance.repair, 1
+driveyouradblockcounterup.com, 1
+driving-lessons.co.uk, 1
+drivingacademy.tk, 1
+drivingcalculator.ga, 1
+drivinginstruction.tk, 1
+drivio.co.uk, 1
+drivio.uk, 1
+drivya.be, 1
+drivya.ch, 1
+drivya.com, 1
+drivya.nl, 1
+driwch.tk, 1
+drixn.com, 0
+drixn.info, 1
+drixn.net, 1
+drizz.com.br, 0
+drjacquesmalan.com, 1
+drjaensch.de, 1
+drjaisejoy.com, 1
+drjart.com, 0
+drjoaquimserraodecastro.com.br, 1
+drjoe.ca, 1
+drjosebarrera.com, 1
+drjulianneil.com, 1
+drjungspine.com, 1
+drk-blutspende.de, 1
+drkashany.ir, 1
+drkazim.com, 1
+drkbri.ru, 1
+drkhsh.at, 1
+drksachsen.de, 1
+drleoplasticsurgery.com, 1
+drlevi.cf, 1
+drlevi.ga, 1
+drlinkcheck.com, 1
+drlp.link, 1
+drlynnehinkle.com, 1
+drmartindentistry.com, 1
+drmarwanbaroud.com, 1
+drmcdaniel.com, 1
+drminev.com, 1
+drms.us, 1
+drmtransit.com, 1
+drmvl.org, 1
+drnatura.fr, 1
+drnjewels.com, 1
+drobina.top, 1
+drogaleste.com.br, 1
+drogariasnovafarma.com.br, 1
+drogoz.moe, 1
+drohnen-camp.de, 1
+droid101.com, 1
+droidafrica.net, 0
+droidandy.com, 1
+droidapp.nl, 1
+droidchart.com, 1
+droidguide.ga, 1
+droidhere.com, 1
+droidific.com, 1
+droidtrix.ga, 1
+droidwars.tk, 1
+droidwiki.de, 1
+droitalecole.org, 1
+droitdunet.fr, 1
+dromax.hu, 1
+dromotique.com, 1
+dronalti.fr, 1
+drone-it.net, 0
+drone-laws.com, 1
+drone-mapping.expert, 1
+drone-traveller.com, 1
+drone33.fr, 1
+dronebase.cf, 1
+dronebl.org, 1
+dronedeploy.com, 1
+droneland.nl, 1
+dronepanorama.net, 1
+dronepanorama.nl, 1
+dronepilotgeorgia.com, 1
+dronepit.dk, 1
+droneservices.com.fj, 1
+droneshield.com.br, 1
+droneson.com.br, 1
+dronesquadcoptersales.ga, 1
+droneup.pl, 1
+dronevlaming.be, 1
+droneways.tech, 1
+dronix.tk, 1
+dronografia.es, 1
+droom.in, 1
+droomhuis-in-zuid-holland-kopen.nl, 1
+drop-zone.tk, 1
+drop.com, 1
+dropbox.com, 1
+dropboxer.net, 1
+dropchat.cf, 1
+dropchat.ga, 1
+dropchat.ml, 1
+dropcop.com, 1
+dropden.com, 1
+droperplus.com, 1
+dropeverythingrecords.com, 1
+droply.host, 1
+dropmb.com, 1
+droppia.io, 1
+dropq.nl, 1
+dropscloud.spdns.de, 1
+dropsdesign.tk, 1
+dropshare.cloud, 1
+dropshell.net, 1
+dropshipp.site, 1
+dropshippers.gq, 1
+dropsite.com.au, 1
+droso.dk, 1
+drosophila.tk, 1
+drost.la, 1
+drought.gov, 1
+drpetervoigt.ddns.net, 1
+drpetervoigt.de, 1
+drpico.com.au, 1
+drpil.nl, 1
+drponciano.com, 1
+drpure.top, 1
+drpush.ru, 1
+drrachellemeaux.com, 1
+drradin.com, 1
+drricardofretes.com, 1
+drros.ru, 1
+drrr.chat, 1
+drrr.com, 1
+drrr.wiki, 1
+drryanstanton.com, 1
+drsajjadian.com, 1
+drsamkelojiyana.co.za, 1
+drsamuelkoo.com, 1
+drsejf.cz, 1
+drshadankabiri.com, 1
+drshefalibatra.com, 1
+drsimonematousek.com, 1
+drsiv.com, 1
+drsoul.band, 1
+drspiro.com, 1
+drsports.bet, 1
+drstephanieteotia.com, 1
+drsteveart.com, 1
+drstevenwarnock.com, 1
+drsturgeonfreitas.com, 1
+drt.org.nz, 1
+drtanyaescobedo.com, 1
+drthalhammer.at, 1
+drthiagopinheiro.com.br, 1
+drthiagorighetto.com.br, 1
+drtimmarch.com, 1
+drtimothysteel.com.au, 1
+drtimothysteeljournal.com, 1
+drtimothysteelnetwork.com, 1
+drtimothysteelresults.com, 1
+drtimothysteelscholarship.com.au, 1
+drtimothysteelvideos.com, 1
+drtragency.com, 1
+drtsaiclinic.com, 1
+drtti.io, 1
+drturner.com.au, 1
+drubn.de, 1
+druckerei-huesgen.de, 1
+druckerfehlermeldungen.de, 1
+drugenforcementedu.org, 1
+drugfreeworkplaces.com, 1
+druggist.uk, 1
+drugpromosers.ga, 1
+drugrehabjohannesburg.co.za, 1
+drugs.com, 1
+drugsindustry.tk, 1
+drugstore.bg, 1
+drugtestingcourses.com, 1
+drugwars.tk, 1
+drugzone.tk, 1
+druides.tk, 1
+druidry.org, 1
+druids.site, 1
+druidwebdesign.com, 1
+druko.cf, 1
+druko.ga, 1
+druko.gq, 1
+drum-majo-ijsselstrand.tk, 1
+drum.tk, 1
+drumbe.at, 1
+drummachines.ga, 1
+drummer.cf, 1
+drummondframing.com, 1
+drumnbass.tk, 1
+drunkcalc.com, 1
+drunkendropkes.tk, 1
+drupal.org, 1
+drupalfr.be, 1
+drusantia.net, 1
+drusillas.co.uk, 1
+druwe.net, 1
+druznek.rocks, 1
+druznek.xyz, 1
+druzya.store, 1
+drvanessaphua.com, 1
+drwang.group, 0
+drweissbrot.com, 1
+drweissbrot.de, 1
+drweissbrot.net, 1
+drwilfredbrown.com, 1
+drwongsuni.com.sg, 1
+drwoods.com, 1
+dry-cleaning.tk, 1
+dryashplasticsurgery.com, 1
+dryasinakgul.com, 1
+drybjed.net, 1
+drybms.org, 1
+drybysuperior.com, 1
+drycreekphoto.com, 1
+drydensfairfax.com, 1
+dryerrepairaustin.com, 1
+dryerventcleaningarlington.com, 1
+dryerventcleaningcarrollton.com, 1
+drymx.cn, 1
+dryskin.cf, 1
+dryskin.ga, 1
+dryskin.gq, 1
+dryskin.ml, 1
+dryskin.tk, 1
+dryusdan.space, 1
+drywallresponse.gov, 1
+dryzgov.tk, 1
+drzhnn.com, 1
+drziyayavuz.com, 1
+ds-networks.at, 1
+ds-networks.eu, 1
+ds-srv.net, 1
+ds-statistik.de, 1
+ds-ultimate.de, 1
+ds.lol, 1
+ds.me, 1
+ds1.io, 1
+ds138.cc, 1
+ds28s.com, 1
+ds388.cc, 1
+ds67.de, 1
+ds915.com, 1
+dsa.cy, 1
+dsac.gov, 1
+dsad209.ml, 1
+dsaengineering.com, 1
+dsanborndesign.com, 1
+dsar.info, 1
+dsbc.tk, 1
+dsblog.biz, 1
+dscharrer.com, 1
+dschwarzachtaler.de, 1
+dscjobs.org, 1
+dscsigncert.com, 1
+dsdomains.com, 1
+dsds-ltd.com, 0
+dse-assessments.co.uk, 0
+dse.com.bd, 1
+dsebastien.net, 1
+dsebd.org, 1
+dsecure.me, 1
+dseg.org, 1
+dsektionen.se, 0
+dsfc.net, 1
+dsfzsq.com, 1
+dsg.ac.cn, 1
+dsg.gd.cn, 1
+dsg.lol, 1
+dsgnet.hu, 1
+dsgnwrld.com, 1
+dsgv.de, 1
+dsgvo-addon.eu, 1
+dsgvo-analyse.de, 1
+dsgvo.name, 1
+dsh.io, 1
+dshield.org, 1
+dsimonitor.online, 1
+dsiteam.in, 1
+dsjbvba.be, 1
+dskbank.bg, 1
+dskrecords.tk, 1
+dslz.tk, 1
+dsm5.com, 1
+dsmjs.com, 1
+dsmnet.org, 1
+dsn-it.com, 1
+dsn-k.com, 1
+dsnine.org, 1
+dso-izlake.si, 1
+dsobook.club, 1
+dsol.hu, 1
+dsorter.com.ng, 1
+dsouzamusic.com, 1
+dspace.pl, 1
+dspbz.ro, 1
+dspnor.com, 1
+dspretoria.co.za, 1
+dspropertyservicesltd.co.uk, 1
+dsreal.de, 1
+dssresearch.com, 1
+dsswise.org, 1
+dstamou.de, 1
+dsteiner.at, 1
+dstnutec.in, 1
+dstvnearme.co.za, 1
+dsu4.ru, 1
+dsuinnovation.com, 1
+dsv-gruppe.de, 1
+dsv-salesmanager.de, 1
+dsy4567.cf, 1
+dsysav.com, 1
+dsysav.lol, 1
+dsysav.xyz, 1
+dsysav01.com, 1
+dsyunmall.com, 1
+dt-privacyportal-ui.azurewebsites.net, 1
+dt2rmc.pt, 1
+dtbouncycastles.co.uk, 1
+dtbw.eu, 1
+dtbw.net, 1
+dtbw.org, 1
+dtconsoles.tk, 1
+dtdi.com, 1
+dtdsh.com, 1
+dte.vn, 1
+dtf.digital, 1
+dtg-fonds.com, 1
+dtg-fonds.de, 1
+dtg-fonds.net, 1
+dtgmns.com, 1
+dtguide.ga, 1
+dths.dk, 1
+dtinel.org, 1
+dtk-vom-chausseehaus.de, 1
+dtleague.eu, 1
+dtmbnl.com, 1
+dtmbx.com, 1
+dtmbx.email, 1
+dtmbx.eu, 1
+dtmbx.net, 1
+dtmbx.nl, 1
+dtmbx.org, 1
+dtmedia.se, 1
+dtmf.io, 1
+dtmlnp.com, 1
+dtngny.com, 1
+dtnx.email, 1
+dtnx.eu, 1
+dtnx.net, 1
+dtnx.org, 1
+dtnx.social, 1
+dtnxny.com, 1
+dtrifonov.cf, 1
+dtsdschoolboard.com, 1
+dtuaarsfest.dk, 1
+dtune.me, 1
+dtx.sk, 1
+du-alex.ru, 1
+dual-aspect.com, 1
+dual-universe.ga, 1
+dual.cat, 1
+dual.pw, 0
+dualascent.com, 1
+dualbix.com, 1
+dualcore.tk, 1
+dualexistence.xyz, 1
+dualias.xyz, 0
+dualize.io, 1
+dualuniverse.game, 1
+duama.top, 1
+duan-dky.me, 1
+duanemorrisinstitute.com, 1
+duanre.tk, 1
+duanyong.com, 1
+duarteeleiteconsultoria.com.br, 1
+dubai-fashions.com, 1
+dubai-realestate.space, 1
+dubaiaerospace.com, 1
+dubaiaward.link, 1
+dubaibliss.com, 1
+dubaicourses.com, 1
+dubaifitnesschallenge.com, 1
+dubaigrandsale.com, 1
+dubaiprivatejetcharter.com, 1
+dubairanking.com, 1
+dubairun.com, 1
+dubaisc.ae, 1
+dubaishoppingcity.com, 1
+dubaistudiocity.ae, 1
+dubaitourism.gov.ae, 1
+dubaivisa.net, 1
+dubaizone.cf, 1
+dubawa.org, 1
+dubboskills.com.au, 1
+dubcowa.tk, 1
+dubex.de, 1
+dubious-website.com, 1
+dubl.tk, 1
+dublinguide.ie, 1
+dublinrail.tk, 1
+dublinseocompany.ie, 1
+duboeuf.com, 1
+duboisinternational.com, 1
+duboisinvestissements.com, 1
+dubolom.tk, 1
+dubrava.tk, 1
+dubreuilville.ca, 1
+dubridgeweb.be, 1
+dubrovnik.tours, 1
+dubrovnikfoodtours.com, 1
+dubrovskiy.cf, 1
+dubrovskiy.net, 1
+dubrovskiy.pro, 1
+dubslow.tk, 1
+dubstep.fr, 1
+dubtrack.fm, 1
+dubuquecountyiowa.gov, 1
+dubyou.tw, 1
+ducadu.com, 0
+ducalendars.com, 1
+duch.cloud, 1
+duchyoffeann.com, 1
+ducite.ga, 1
+ducius.net, 1
+duckbase.com, 1
+duckblade.com, 1
+duckcorp.org, 1
+duckduckstart.com, 1
+duckeight.win, 1
+duckerings.com, 1
+duckeringstransport.biz, 1
+duckeringstransport.com, 1
+duckfam.us, 1
+duckfx.tk, 1
+duckhub.io, 1
+duckinc.net, 0
+duckman.tk, 1
+duckmapr.com, 1
+duckonthepond.com, 1
+duckside.tk, 1
+ducksify.com, 1
+ducksoft.fi, 1
+duckstad.net, 1
+duckyubuntu.com, 1
+duckyubuntu.tk, 1
+ductcare.com, 1
+dudedood.tk, 1
+dudeexpert.cf, 1
+dudesunderwear.com.br, 0
+dudleypolicema.gov, 1
+dudushu.com, 1
+due-diligence-security.com, 1
+dueback.com, 1
+duediligencedataroom.com, 1
+duelhost.dk, 1
+duelingaces.com, 1
+duellin.tv, 1
+duelsow.eu, 1
+duenas.cat, 1
+duepuntozero.tk, 1
+duerlund-falkenberg.dk, 1
+duerlundfalkenberg.dk, 1
+duerme.net, 1
+dues-eckert.com, 1
+duesee.org, 1
+duesseldorf.tk, 1
+duesseldorferheineburschenschaft.tk, 1
+duesterhus.eu, 1
+duewestsc.gov, 1
+duffau.net, 1
+duffdignity.tk, 1
+duffel.com, 1
+dufortassociates.com, 1
+dufrei.com, 1
+dug.net.pl, 1
+dugehstonline.de, 1
+duggtec.com, 1
+dugle80.com, 1
+dugnet.io, 0
+dugnet.net, 0
+dugnet.tech, 0
+dugongo.tk, 1
+dugoutsports.com, 1
+dugunedavet.com, 1
+duh.se, 1
+duhanic.com, 1
+duhanic.de, 1
+duhivip.ml, 1
+duhurensohn.de, 1
+duhy.sk, 1
+duijf.info, 1
+duijf.io, 1
+duijfathome.nl, 1
+duiker101.tk, 1
+duitse-herders.tk, 1
+duizhangs.tk, 1
+duka.bg, 1
+duka.com.gr, 1
+duka.com.ro, 1
+dukan-recepty.ru, 1
+duke-nukem.tk, 1
+dukeandduchessdrivingschool.co.uk, 1
+dukefox.com, 0
+dukegat.de, 0
+dukeipai.org, 0
+dukeofmetal.tk, 1
+dukers-baelemans.nl, 0
+dukes-london.com, 1
+dukes.ca, 1
+dukhanstore.com, 1
+dukin.tk, 1
+dukkanacmak.com, 1
+dukun.de, 1
+dulanic.com, 1
+dulce-reverie.ro, 1
+dulcehome.ch, 1
+dulceysalado.tk, 1
+dulcinea.eu.org, 1
+dulcinea.tk, 1
+dulei.si, 1
+duleos.com.br, 1
+duloxetinbestellen.gq, 1
+duloxetine.gq, 1
+dulse.fr, 1
+dulurtekno.co.id, 1
+dulux.co.nz, 1
+dulux.com.au, 1
+dum.moe, 1
+dum.tw, 1
+dumax.fr, 1
+dumb-laws.net.ru, 1
+dumbcryptopunks.com, 1
+dumbdrinker.com, 1
+dumbeartech.com, 1
+dumberger-bau.de, 1
+dumbfunded.co.uk, 1
+dumbmeta.com, 1
+dumek.com, 1
+dumek.it, 0
+dumeng.org, 1
+dumfriespropertyservices.co.uk, 1
+dummo.tk, 1
+dumnezeu.tk, 1
+dumping.tk, 1
+dumpper.ch, 1
+dumpper.com, 1
+dumpsterdudez.com, 1
+dumspiro.ch, 1
+dunamiscommunity.com, 1
+dunangel.com, 1
+dunassyn.com, 1
+dunatos.tk, 1
+dunbarboropa.gov, 1
+dunbarmoving.com, 1
+dunberghof.tk, 1
+duncancmt.com, 1
+duncanfamilytrust.org, 1
+duncanwinfrey.com, 1
+dunce.cf, 1
+duncm.com, 1
+dundalk.ie, 0
+dundalkdonnie.com, 1
+dundalkskillnet.ie, 1
+dundeeutility.tk, 1
+dunedot.tk, 1
+dunesadventure.net, 1
+dunescorporation.tk, 1
+dungbui.co, 0
+dungbui.net, 1
+dungchata.com, 1
+dungeon-bbs.de, 1
+dungeoncity.com, 1
+dungeonedraghi.it, 1
+dungeonfire.tk, 1
+dungeonline.com, 1
+dunia-news.tk, 1
+dunkelmann.eu, 1
+dunkerhosting.nl, 1
+dunkirkin.gov, 1
+dunklau.fr, 1
+dunkle-seite.org, 1
+dunlaptn.gov, 1
+dunmanelectric.com, 1
+dunmanpoolandspa.com, 1
+dunneworthy.com, 1
+dunningtonaudio.co.uk, 1
+dunyahalleri.com, 1
+duo-tauceti.com, 1
+duo.com, 1
+duobus.nl, 1
+duocircle.com, 0
+duodeno.tk, 1
+duoduocha.com, 1
+duoduodazhe.com, 1
+duohao.xyz, 0
+duolife.us, 1
+duoluodeyu.com, 1
+duonganhtuan.com, 1
+duoqichina.cn, 1
+duoqichina.com, 1
+duoquadragintien.fr, 1
+duoyin.com, 1
+dupagecounty.gov, 1
+dupagecourts.gov, 1
+dupageresults.gov, 1
+dupfx.com, 1
+duplicazionechiavi.it, 1
+dupontdentistry.com, 1
+dupuis.xyz, 1
+duquess.com.br, 1
+duquoinil.gov, 1
+dura.si, 1
+durabletravailler.tk, 1
+durad.in.rs, 1
+duraes.pt, 0
+durakinesis.tk, 1
+duramaximportaciones.com, 1
+duranceofhate.com, 1
+durand.com.br, 1
+durand.tf, 1
+durand.tk, 1
+durandeau.org, 1
+durandwi.gov, 1
+durangoaldezaharra.tk, 1
+durangoenergyllc.com, 1
+durastudio.com, 1
+durcal.tk, 1
+durchblick-shop.de, 1
+durcoin.org, 1
+duredo.com, 1
+dureuil.info, 1
+durexwinkel.nl, 1
+durfteparticiperen.nl, 1
+durganews.com, 1
+durhammaine.gov, 1
+durhammoneyman.com, 1
+durhamnh.gov, 1
+duria.de, 1
+duriemas.com, 1
+duroterm.ro, 1
+durtk.com, 1
+durvalpereira.com.br, 0
+durys.be, 1
+dusablemuseum.org, 1
+dushu.cat, 1
+duskraven.tk, 1
+dusmomente.com, 1
+dusnan.com, 1
+dust.tk, 1
+dust4you.tk, 1
+dustandsand.com, 1
+dustbox.tk, 1
+dustinbrett.com, 1
+dustindecker.com, 1
+dustman.tk, 1
+dustpla.net, 1
+dustplanet.de, 1
+dustri.org, 1
+dustshop.tk, 1
+dusty.gr, 1
+dustycloth.com, 1
+dustygroove.com, 1
+dustyro.se, 1
+dustyspokesbnb.ca, 1
+dusupov.gq, 1
+dutabisniz.com, 0
+dutch-alliance.tk, 1
+dutch-physiotherapy.com, 1
+dutch.desi, 1
+dutch1.nl, 1
+dutchassistancedogs.nl, 1
+dutchavifauna.nl, 1
+dutchbeautyacademy.nl, 1
+dutchbeercollective.nl, 1
+dutchbird.tk, 1
+dutchbirdalerts.nl, 1
+dutchbirding.nl, 1
+dutchbodybuilding.com, 1
+dutchcariblaw.nl, 0
+dutchcichlidplanet.tk, 1
+dutchconcreations.com, 1
+dutchdungeon.tk, 1
+dutchessuganda.com, 1
+dutchfoodie.nl, 1
+dutchforkrunners.com, 1
+dutchglover.tk, 1
+dutchie.info, 1
+dutchmobilityinnovations.com, 1
+dutchpentathlon.nl, 1
+dutchperformanceproducts.nl, 1
+dutchplayers.com, 1
+dutchrocksite.tk, 1
+dutchsailors.com, 1
+dutchwanderers.nl, 1
+dutchwaredesign.nl, 1
+dutify.com, 1
+dutkoteam.com, 1
+dutrac.co.id, 1
+dutton.uk, 1
+duttonmt.gov, 1
+dutyfreeperfumes.tk, 1
+duurzaamgww.nl, 1
+duv.al, 1
+duval.info, 1
+duval.li, 1
+duval.ovh, 1
+duval.paris, 1
+duval.pm, 1
+duval.re, 1
+duvalelections.gov, 1
+duvalo.eu, 1
+duvalo.info, 1
+duvalo.net, 1
+duvalo.org, 1
+duvalo.sk, 1
+duvessa.tk, 1
+duwitmu.com, 1
+duxbow.de, 1
+duxbury-ma.gov, 1
+duxi-s-feromonami.ga, 1
+duysondang.name.vn, 1
+duzavo.cz, 1
+duzcehaberleri.tk, 1
+duzcesondakika.tk, 1
+dv-project.ru, 1
+dv.cn, 1
+dvbris.co.uk, 1
+dvbris.com, 1
+dvbtmap.eu, 1
+dvclub.tk, 1
+dvd.wtf, 1
+dvdassistanceers.ga, 1
+dvdforum.ga, 1
+dvdinmotion.com, 1
+dvdland.com.au, 1
+dvdmania.ga, 1
+dvdmusic.ga, 1
+dvdrein.net, 1
+dvds.casa, 1
+dveretti.com, 1
+dveri-lugansk.tk, 1
+dvgsites.com, 1
+dvhosting.be, 1
+dvipadmin.com, 1
+dvkg.de, 1
+dvminsight.com, 1
+dvmmoving.com, 1
+dvn.pt, 1
+dvnatura.ch, 0
+dvor.ml, 1
+dvorek-karlin.cz, 1
+dvorekkarlin.cz, 1
+dvoretsvramoni.ru, 1
+dvorupotocnych.sk, 1
+dvotx.org, 1
+dvpc.net, 1
+dvu.com.tr, 1
+dvwc.org, 1
+dvx.cloud, 1
+dw-connect.org, 1
+dw-loewe.de, 0
+dw-software.de, 1
+dw6.cn, 1
+dwarf.com.tw, 1
+dweb.link, 1
+dweilorkest-frederikshaven.tk, 1
+dwgeneralcontractors.com, 1
+dwgf.xyz, 1
+dwienzek.de, 1
+dwightd.com, 1
+dwightgunning.com, 1
+dwihn.org, 1
+dwiminneapolislawyer.com, 1
+dwipakharismamitra.com, 1
+dwnld.me, 1
+dwood.store, 1
+dworzak.ch, 1
+dwservice.net, 1
+dwt-inc.com, 1
+dwt-onderwijsencoaching.nl, 1
+dwtonline.com, 0
+dww.hu, 1
+dwwt.eu, 1
+dwwt.net, 1
+dwwt.nl, 1
+dwwt.org, 1
+dwz-solutions.com, 1
+dwz-solutions.de, 0
+dwz-solutions.eu, 0
+dwz-solutions.net, 0
+dwz.wtf, 1
+dx-revision.com, 1
+dxa.io, 0
+dxcv.net, 1
+dxfootball.tk, 1
+dxgl.info, 1
+dxgl.org, 1
+dxm.no-ip.biz, 1
+dxsigner.com, 1
+dxzl.org, 1
+dxzsj.cn, 1
+dy.express, 1
+dy.me, 0
+dy1d.com, 1
+dyachenko.ml, 1
+dyarakotijobs.com, 1
+dybuster.at, 1
+dybuster.ch, 1
+dybuster.com, 1
+dybuster.de, 1
+dybuster.es, 1
+dybuster.it, 1
+dybuster.se, 1
+dycoa.com, 1
+dydesign.space, 1
+dyeager.org, 1
+dyedurhamterrain.com, 1
+dyingflame.tk, 1
+dykebaby.tk, 1
+dyktig.as, 1
+dylan-motorcross.tk, 1
+dylancl.cf, 1
+dylancl.fr, 1
+dylandeconinck.cf, 1
+dylandulaney.com, 1
+dylanhansch.net, 1
+dylankatz.com, 1
+dylanknoll.ca, 1
+dylanlogan.xyz, 1
+dylansevier.com, 1
+dylanspcrepairs.com, 1
+dylantjb.com, 1
+dylanuwr.pl, 1
+dylanwise.net, 1
+dylanwolff.com, 1
+dylmye.me, 1
+dylnuge.com, 1
+dym.asia, 1
+dym2012.com, 1
+dym2013.com, 1
+dym2014.com, 1
+dym2017.com, 1
+dyma.fr, 1
+dymdajce.ovh, 1
+dyme.com, 1
+dymension-uat.co.uk, 1
+dymension.co.uk, 1
+dymfbbs.com, 1
+dymmo.tk, 1
+dymmovie.com, 1
+dymond.net, 1
+dymov.tk, 1
+dymovskiy.ru, 1
+dymowski.de, 0
+dyn-dnhensel.de, 1
+dyn-nserve.net, 1
+dyn.net, 1
+dynabob.tk, 1
+dynacast.com, 1
+dynacrop.space, 1
+dynadns.de, 1
+dynah.net, 1
+dynalab.pl, 1
+dynaloop.net, 0
+dynamic-movie.com, 1
+dynamic-networks.be, 1
+dynamicalsystem.work, 1
+dynamicasoft.com, 1
+dynamicathletes.ga, 1
+dynamicbusinessconsultants.ga, 1
+dynamicdesignuk.com, 1
+dynamicdiesupply.com, 1
+dynamicenergy.co, 1
+dynamicentertainmentdjs.com, 1
+dynamicini.org, 1
+dynamiclogodesigns.com, 1
+dynamicpl.us, 1
+dynamicplus.it, 1
+dynamicsdays.info, 1
+dynamicservers.co.uk, 1
+dynamicsnetwork.net, 1
+dynamicsretailnotes.com, 1
+dynamictesting.co.uk, 1
+dynamictostatic.com, 1
+dynamicyou.co.uk, 1
+dynamis.tk, 1
+dynamitejobs.com, 1
+dynamix-tec.com, 1
+dynamixsolutions.com, 1
+dynamofanforum.de, 1
+dynasend.com, 1
+dynasoft.co.ke, 1
+dynastic.co, 1
+dynasty-warriors.net, 1
+dynastydr.com, 1
+dynastyredzone.com, 1
+dynatos-cloud.com, 1
+dyncdn.me, 1
+dyncdn2.com, 1
+dyneco.io, 1
+dynet.ru, 1
+dynn.be, 0
+dynorphin.com, 1
+dynorphins.com, 1
+dynsoundmax.tk, 1
+dynts.pro, 1
+dynx.pl, 1
+dypromed.com, 1
+dyregrave.dk, 1
+dyremyhr.no, 1
+dyrenesverden.no, 1
+dyreplassen.no, 1
+dyrkar.se, 1
+dysautonomia-postsyndrome.com, 1
+dyscalculia-blog.com, 1
+dysco.tk, 1
+dysgucymraeg.cymru, 1
+dyslexicfish.com, 1
+dyslexicfish.net, 1
+dysthymia.com, 1
+dyuimovochka.tk, 1
+dyve.me, 1
+dyykkarit.tk, 1
+dyyn.de, 1
+dyz.pw, 1
+dz6729.com, 1
+dz68.cc, 1
+dz6957.com, 1
+dz7337.com, 1
+dzar.nsupdate.info, 1
+dzeina.ch, 0
+dzet.de, 1
+dzhyp.ag, 1
+dziaduch.pl, 1
+dziecismoka.pl, 1
+dziekonski.com, 1
+dzimchuk.net, 1
+dzingel-personaldienst.de, 1
+dziscover.com, 1
+dziura.email, 0
+dziurdzia.pl, 1
+dziv.net, 1
+dzivniekubriviba.lv, 0
+dzmonarchie.tk, 1
+dzndk.com, 1
+dzndk.net, 1
+dzndk.org, 1
+dzogchentoday.org, 1
+dzomo.org, 0
+dzpc3.site, 1
+dzsi.bi, 0
+dzsibi.com, 1
+dzsula.hu, 1
+dzu.fund, 1
+dzu.life, 1
+dzuka.sk, 1
+dzus.tk, 1
+dzworld.com, 1
+dzyabchenko.com, 0
+dzyszla.pl, 1
+e-account.by, 1
+e-alink.com, 1
+e-antikvar.tk, 1
+e-arteria.pl, 1
+e-bags.tk, 1
+e-balloons.tk, 1
+e-bap.net, 1
+e-baraxolka.ru, 1
+e-belgia.tk, 1
+e-bikesdirect.co.uk, 1
+e-bodybuilding.tk, 1
+e-boekhouden.nl, 1
+e-bookshelf.de, 1
+e-borneoshop.com, 1
+e-boss.tk, 1
+e-branchekoden.dk, 1
+e-buro.tk, 1
+e-classroom.tk, 1
+e-coexist.com, 1
+e-colle.info, 1
+e-copys.com, 1
+e-cottage.com.br, 1
+e-dechet.com, 1
+e-dengi.tk, 1
+e-diabolo.tk, 1
+e-diapers.tk, 1
+e-diasporan.cf, 1
+e-diasporan.ga, 1
+e-diasporan.gq, 1
+e-diasporan.ml, 1
+e-dnevnik.hr, 1
+e-driver.fr, 1
+e-dv.eu, 1
+e-e.icu, 1
+e-emploi.be, 1
+e-enterprise.gov, 1
+e-estonia.com, 0
+e-estonians.ee, 1
+e-facture.net, 1
+e-farm.com, 1
+e-fireplaces.tk, 1
+e-fishing.tk, 1
+e-fitnes.tk, 1
+e-flotila.cz, 1
+e-frontier.systems, 1
+e-games-board.tk, 1
+e-gc.de, 1
+e-generator.tk, 1
+e-geologia.tk, 1
+e-goi.com, 1
+e-gso.com, 1
+e-guestbooks.com, 1
+e-guvence.com, 1
+e-hair.tk, 1
+e-havenotime.tk, 1
+e-homebiz.tk, 1
+e-house.tk, 1
+e-id.ee, 1
+e-ideamagazine.ga, 1
+e-informatyk.tk, 1
+e-instalator.pl, 1
+e-interactivenet.tk, 1
+e-interview.tk, 1
+e-islam.tk, 1
+e-jackets.tk, 1
+e-jasiecki.pl, 1
+e-jewelrys.tk, 1
+e-kartinki.tk, 1
+e-klempir.cz, 1
+e-knitting.tk, 1
+e-knitwear.tk, 1
+e-kultura.tk, 1
+e-lambre.com, 1
+e-lamp.tk, 1
+e-launch.nl, 1
+e-learningbs.com, 1
+e-lexia.com, 1
+e-lifetechnology.com, 1
+e-loshadka.tk, 1
+e-loukidis.gr, 1
+e-mak.eu, 1
+e-massage.tk, 1
+e-matras.ua, 1
+e-medicines.tk, 1
+e-mieszkania.org.pl, 1
+e-migration.ch, 0
+e-nail.tk, 1
+e-name.tk, 1
+e-nanum.kr, 1
+e-nature.tk, 1
+e-networks.jp, 1
+e-node.ru, 1
+e-ops.bg, 1
+e-otdyx.tk, 1
+e-peeling.tk, 1
+e-peets.tk, 1
+e-petition-petitions.net, 1
+e-petition-support-us.net, 1
+e-petition.net, 1
+e-petitions.by, 1
+e-placement.tk, 1
+e-planshet.tk, 1
+e-plus-m.de, 1
+e-pns.com, 1
+e-pokupki.eu, 1
+e-polygraphy.tk, 1
+e-privat.info, 1
+e-promotion.tk, 1
+e-ptn.com, 1
+e-quip.cz, 1
+e-random.com, 1
+e-receta.cl, 1
+e-recruitment.tk, 1
+e-redes.pt, 1
+e-referendum.cz, 1
+e-repairs.tk, 1
+e-resident.gov.ee, 1
+e-resident.me, 1
+e-rest.tk, 1
+e-rober.tk, 1
+e-sauna.tk, 1
+e-scraper.com, 1
+e-sell.tk, 1
+e-servicerms.com, 1
+e-shobai.com, 1
+e-shonai.com, 1
+e-sisyu.com, 0
+e-sklep.biz, 1
+e-slots.tk, 1
+e-smile.tk, 1
+e-sneakers.tk, 1
+e-standardstore.org, 1
+e-streams.tv, 1
+e-student.tk, 1
+e-styling.tk, 1
+e-sweaters.tk, 1
+e-tables.tk, 1
+e-tablets.tk, 1
+e-tarotlasky.cz, 1
+e-teacher.pl, 1
+e-tech-solution.com, 1
+e-tech-solution.net, 1
+e-technology.tk, 1
+e-techsolution.com, 1
+e-techsolutions.net, 1
+e-ticaret.site, 1
+e-tires.tk, 1
+e-tmf.org, 0
+e-top.uz, 1
+e-traceur-france.fr, 1
+e-transformer.tk, 1
+e-trucking.tk, 1
+e-typ.eu, 1
+e-umbrellas.tk, 1
+e-underwear.tk, 1
+e-uteplitel.ru, 1
+e-vau.de, 0
+e-verify.gov, 1
+e-virtus.blog, 1
+e-virtus.com, 1
+e-vykladkaret.cz, 1
+e-walks.tk, 1
+e-wish.tk, 1
+e-wishlist.net, 1
+e-worksmedia.com, 0
+e-yachts.tk, 1
+e-zine.tk, 1
+e.gg, 1
+e.mail.ru, 1
+e00228.com, 0
+e02.cn, 1
+e15r.co, 1
+e1e0.net, 0
+e27.co, 1
+e2b.com.au, 1
+e2ebrindes.com.br, 1
+e2ee-meet.de, 1
+e2epartners.org, 1
+e2essentialelements.com, 0
+e2feed.com, 1
+e2save.com, 1
+e30.ee, 1
+e30gruppe.com, 1
+e34club.com.ua, 1
+e365.vip, 1
+e36533.com, 1
+e3lan.net, 1
+e4.chat, 1
+e42.org, 0
+e4a.org, 1
+e4mc.link, 1
+e4work.com.br, 1
+e5197.co, 1
+e5tv.hu, 1
+e5xbps.com, 1
+e621.download, 1
+e6729.co, 1
+e6729.com, 1
+e6957.co, 1
+e6e.io, 1
+e6web.com, 1
+e7180.com, 1
+e7d.io, 1
+e7fun.net, 1
+e82365.com, 1
+e899365.com, 0
+e8bet.net, 1
+e8space.co.nz, 1
+e8space.com, 1
+e8space.nz, 1
+e901.com, 0
+e9297.co, 1
+e9397.com, 0
+e9582.com, 1
+e9728.co, 1
+ea-lateleassistance.com, 1
+ea-ru.org, 1
+ea2drocks.com, 1
+eaa-online.org, 1
+eaanderson.com, 1
+eac.gov, 1
+eac0517.com, 1
+eac0810.com, 1
+eac0812.com, 1
+eac0813.com, 1
+eac0816.com, 1
+eac0817.com, 1
+eac0818.com, 1
+eac0819.com, 1
+eac0826.com, 1
+eac0827.com, 1
+eac0830.com, 1
+eac0831.com, 1
+eac0832.com, 1
+eac0833.com, 1
+eac0834.com, 1
+eac0835.com, 1
+eac0836.com, 1
+eac0837.com, 1
+eac0838.com, 1
+eac0839.com, 1
+eac0840.com, 1
+eac0851.com, 1
+eac0852.com, 1
+eac0853.com, 1
+eac0854.com, 1
+eac0855.com, 1
+eac0856.com, 1
+eac0857.com, 1
+eac0858.com, 1
+eac0859.com, 1
+eac0870.com, 1
+eac0871.com, 1
+eac0872.com, 1
+eac0873.com, 1
+eac0874.com, 1
+eac0875.com, 1
+eac0876.com, 1
+eac0877.com, 1
+eac0878.com, 1
+eac0879.com, 1
+eac0881.com, 1
+eac0883.com, 1
+eac0886.com, 1
+eac0887.com, 1
+eac0888.com, 1
+eac0890.com, 1
+eac0891.com, 1
+eac0898.com, 1
+eac0899.com, 1
+eac0910.com, 1
+eac0911.com, 1
+eac0952.com, 1
+eac222.com, 1
+eac333.com, 1
+eac444.com, 1
+eac555.com, 1
+each.tk, 1
+ead-italia.it, 1
+eadea.net, 1
+eaganmn.gov, 1
+eagar.com.au, 1
+eagenda.com.br, 1
+eagle-yard.de, 1
+eaglecounty.gov, 1
+eaglecountyco.gov, 1
+eaglecrest.us, 1
+eaglecustomapparel.com, 1
+eaglefireid.gov, 1
+eaglegrove.gov, 1
+eaglehaslended.com, 1
+eaglelakefl.gov, 1
+eagleled.us, 1
+eaglemessaging.com, 1
+eaglemtn.com, 0
+eaglenation.net, 1
+eaglenusa.my.id, 1
+eagleofpa.com, 1
+eaglepasstx.gov, 1
+eagleplanners.agency, 1
+eagler.tk, 1
+eagleriverwi.gov, 1
+eagleseven.com, 1
+eaglesightproperties.tech, 1
+eagletechz.com.br, 1
+eaglevilletn.gov, 1
+eaglewreck.info, 1
+eagleyecs.com, 1
+eahea.org, 1
+eaimty.com, 1
+eajmail.com, 1
+eakes.com, 1
+ealadel.com, 0
+ealarm-safemode.ch, 1
+ealekseyev.ml, 1
+ealev.de, 1
+eali.com.ph, 1
+eamadit.com, 1
+eames-clayton.us, 1
+eamigo.com, 1
+eamproperties.com, 1
+eamrfid.com, 1
+eandata.com, 1
+eanraig.top, 1
+eaofarlington.com, 1
+eaofaustin.com, 1
+eaofcarrollton.com, 1
+eaofdallas.com, 1
+eaofdfw.com, 1
+eaoffrisco.com, 1
+eaofhouston.com, 1
+eaofirving.com, 1
+eaoftarrantcounty.com, 1
+earfolds.com, 1
+earl-plak.de, 1
+earlsttech.ca, 1
+early-etudes.com, 1
+earlychildhoodteacher.org, 1
+earlytime.com, 1
+earlyvoting.cf, 1
+earlyvoting.gq, 1
+earlyvoting.ml, 1
+earlyyearshub.com, 1
+earmarks.gov, 1
+earnet.tk, 1
+earni.fi, 1
+earningsgames.tk, 1
+earningthatis.tk, 1
+earnosethroat.co.za, 1
+earpconsult.co.uk, 1
+earth-quake.tk, 1
+earthbound.tk, 1
+earthbox.com, 1
+earthcam.com, 1
+earthcam.net, 1
+earthcore.com, 1
+earthcorporation.cf, 1
+eartheld.tk, 1
+earthiq.news, 1
+earthjustice.org, 1
+earthlink.net, 1
+earthpixz.com, 1
+earthpoints.org, 1
+earthshotprize.org, 1
+earthsocialism.org, 1
+earthsolidarity.org, 1
+earthsong.co.za, 1
+earthsystemprediction.gov, 1
+earthvoice.ru, 1
+earthwatch.org, 1
+earthytales.in, 1
+eas.ee, 0
+easaccounting.com, 1
+ease.io, 1
+easew.com, 1
+easez.net, 1
+eashwar.com, 1
+easiest-way.de, 1
+easlerlaw.com, 1
+easol.com, 1
+eason-yang.com, 0
+east-line.su, 1
+east-westlogistics.com, 1
+east.baby, 1
+eastafricafeed.ga, 1
+eastarm.net, 1
+eastblue.org, 1
+eastcairo-egypt.com, 1
+eastchesternyfd.gov, 1
+eastcoastbubbleandbounce.co.uk, 1
+eastcoastexports.tk, 1
+eastcobbhoa.com, 1
+eastcottvets.co.uk, 1
+eastdream.tk, 1
+eastendonline.tk, 1
+eastendtastemagazine.com, 1
+easternbreezes.com, 1
+easternmontanafair.gov, 1
+easternskatesupply.com, 1
+eastfordct.gov, 1
+eastgreenwichnews.com, 1
+eastgrmi.gov, 1
+easthaddamct.gov, 1
+easthamptonctha.gov, 1
+easthaven-ct.gov, 1
+eastheaven.ml, 1
+eastlandcountytexas.gov, 1
+eastleigh.online, 1
+eastlothianbouncycastles.co.uk, 1
+eastmaintech.com, 1
+eastman.com, 1
+eastmedo.pl, 1
+eastnatfoods.com, 1
+eastnorschool.co.uk, 1
+easton.ga, 1
+eastonpaxtongolf.com, 1
+eastpeoria-il.gov, 1
+eastpershingdental.com, 1
+eastping.com, 1
+eastplan.co.kr, 1
+eastportcorp.tk, 1
+eastprovidenceri.gov, 1
+easts.in, 1
+eastshare.ml, 1
+eastshore.xyz, 1
+eastside.tk, 1
+eastsidecottages.co.uk, 1
+eastspace.org.uk, 1
+eastspencer.gov, 1
+eaststudios.net, 1
+easttamakiauto.co.nz, 1
+easttea.com, 1
+easttowereg.com, 1
+eastvalleyendo.com, 1
+eastvalleywater.gov, 1
+eastwashingtonpa.gov, 1
+eastwindsorhistory.tk, 1
+eastyorkshirebuses.co.uk, 1
+easukasbestos.co.uk, 1
+easy-affiliations.tk, 1
+easy-company.tk, 1
+easy-design.tk, 1
+easy-drop.co, 1
+easy-factures.fr, 1
+easy-feedback.com, 0
+easy-feedback.de, 0
+easy-katka.ga, 1
+easy-pornvideos.com, 1
+easy-rpg.org, 1
+easy2bathe.co.uk, 1
+easy4ssl.com, 1
+easyaddress.io, 1
+easyadsnbanners.tk, 0
+easybank.at, 1
+easybaufi.com, 1
+easybill.de, 1
+easybiztech.co.za, 1
+easybom.com, 1
+easybot.tk, 1
+easybranches.com, 1
+easybrazilianrecipes.com, 1
+easycater.com, 1
+easycoding.org, 1
+easycom.tk, 1
+easyconstat.com, 1
+easycontentplan.com, 1
+easycrochet.tk, 1
+easydmarc.am, 1
+easydonate.tk, 1
+easydrawingguides.com, 1
+easydumpsterrental.com, 0
+easyenrollment.net, 1
+easyescortwebsites.com, 1
+easyfiles.ch, 1
+easyfiles.gq, 1
+easyfoto.tk, 1
+easygenerator.com, 1
+easygrow.tk, 1
+easyhome.org, 1
+easyhomebiz.tk, 1
+easyhousing.dk, 1
+easyhtml.tk, 1
+easyishare.com, 1
+easyit.ga, 1
+easyit.tk, 1
+easyjumping.tk, 1
+easykitchens.co.in, 1
+easykonto.de, 0
+easylinker.tk, 1
+easylogics.tk, 1
+easymarketing.uk, 1
+easymeditation.tk, 1
+easymotionskin-japan.jp, 1
+easymun.com, 1
+easynm.cn, 1
+easynotary.ch, 1
+easyocm.hu, 1
+easyonlinetest.tk, 1
+easypay.bg, 1
+easypayment.cf, 1
+easypaymentnow.com, 1
+easypayments.pro, 1
+easypets.fr, 0
+easypost.com, 1
+easypricebook.com, 1
+easypv.ch, 1
+easyqr.codes, 0
+easyradio.gq, 1
+easyreal.ru, 1
+easyretro.io, 1
+easyrpg.org, 1
+easyshare.gq, 1
+easysignup.com, 1
+easyska.tk, 1
+easyslide.be, 1
+easysoft.tk, 1
+easysubmit.tk, 1
+easytamil.tk, 1
+easytap.sv, 1
+easytechguides.com, 1
+easytestonline.tk, 1
+easytext.ga, 1
+easytfa.com, 1
+easytokill.tk, 1
+easytrackghana.com, 1
+easytube.ga, 1
+easywebhosting.tk, 1
+easyweenies.com, 1
+easywin.ml, 1
+easywio.com, 1
+easywrite.com.tw, 1
+eat, 1
+eat-sleep-code.com, 1
+eat-that.tk, 1
+eat-the-world.ch, 1
+eat-vegan.rocks, 1
+eatandsleep.jp, 1
+eatdrinktalk.net, 1
+eatechled.com, 1
+eatery.co.il, 1
+eatfitoutlet.com.br, 1
+eatingasturias.com, 1
+eatinglinks.tk, 1
+eatmebudapest.hu, 1
+eatmportal.eu, 1
+eaton-daitron.jp, 1
+eaton-works.com, 1
+eatonbrowncountywi.gov, 1
+eatry.io, 1
+eats.soy, 1
+eatsleeprepeat.net, 1
+eatson.com, 1
+eatwith.com, 1
+eatz-and-treatz.com, 1
+eauclairecounty.gov, 1
+eaucube.com, 1
+eaugenethomas.cf, 1
+eauto-cash.de, 1
+eautocash.de, 1
+eautocollision.com, 1
+eautolease.com, 1
+eauxdevienne.fr, 1
+eava.ga, 1
+eazy.gr, 1
+eazyfreight.co.uk, 1
+eazyg.tk, 1
+eazyinvoice.tk, 1
+eazyproject.net, 1
+eazytailors.ga, 1
+eazzy.tk, 1
+eb-net.de, 1
+eb66.com, 1
+eb7.jp, 1
+eba.com.au, 1
+eba.com.ua, 1
+ebagroup.tk, 1
+ebakery.de, 1
+eban.bzh, 1
+ebanca.com, 0
+ebanking.indovinabank.com.vn, 1
+ebanking.raiffeisen.ch, 1
+ebankingabersicher.ch, 1
+ebankingbutsecure.ch, 1
+ebankingentoutesecurite.ch, 1
+ebankingmasicuro.ch, 1
+ebarer.com, 1
+ebas.ch, 1
+ebashim.tk, 1
+ebassradiante.cl, 1
+ebataw.com, 1
+ebatech-energiemanagement.nl, 1
+ebatech.be, 1
+ebatech.eu, 1
+ebatech.net, 1
+ebatech.nl, 1
+ebatech.org, 1
+ebatechenergiedisplay.nl, 1
+ebatechenergiemanagement.nl, 1
+ebayinc.com, 1
+ebcfx.com, 1
+ebci-nsn.gov, 1
+ebcired-nsn.gov, 1
+ebdaa-business.com, 1
+eben18.net, 1
+ebenda.org, 1
+ebenisterie-de-villenouvelle.fr, 1
+ebenvloedaanleggen.nl, 1
+eberharter-steine.at, 1
+eberspacher-rus.ru, 1
+ebertlang.com, 0
+eberwe.in, 1
+ebest.co.jp, 1
+ebetbananom.tk, 1
+ebics.cz, 1
+ebics.hu, 1
+ebics.sk, 1
+ebikeanswers.com, 1
+ebikemod.de, 1
+ebilanzplus.de, 1
+ebino.pl, 1
+ebiografia.com, 1
+ebiografias.com.br, 1
+ebis.cloud, 1
+ebis.info, 1
+ebisee.com, 1
+ebizarts.com, 1
+ebiznespro.pl, 1
+ebjork.se, 1
+ebki-nsn.gov, 1
+eblan.gq, 1
+eblandscaping.com.au, 1
+eblog.cf, 1
+eblog.ink, 1
+eboardsolutions.com, 1
+ebola-hosting.cz, 1
+ebola.cz, 1
+ebolacharts.ga, 1
+ebolavirus.tk, 1
+ebony.social, 1
+ebonyfantasies.com, 1
+ebonylog.com, 1
+ebonymgp.com, 1
+ebonymilftube.com, 1
+ebonyriddle.com, 1
+ebonytube.tv, 1
+eboocker.de, 1
+ebookabc.tk, 1
+ebookdep.com, 1
+ebookdrive.tk, 1
+ebooki.eu.org, 1
+ebooknetworking.net, 1
+ebookpdf.com, 1
+ebooks-pdf.cf, 1
+ebooks4all.tk, 1
+ebooks4gate.tk, 1
+ebooksbag.com, 1
+ebooksgratis.tk, 1
+ebooksgratuits.org, 1
+ebooksinfocus.com, 1
+ebookspy.tk, 1
+ebookweb.gq, 1
+ebop.ch, 1
+eboxgroup.tk, 1
+eboxtenders.com, 1
+ebpc.com.au, 1
+ebrahimhadimarket.com, 1
+ebrdbusinessguide.com, 1
+ebrea.ch, 1
+ebrnd.de, 1
+ebrofoods.es, 0
+ebru-gundes.tk, 1
+ebrununkasnagi.com, 1
+ebs.to, 1
+ebscomedical.com, 1
+ebuha.ga, 1
+ebuku.tk, 1
+eburg.ml, 1
+ec-baran.de, 1
+ec-current.com, 1
+ec.ath.cx, 1
+ec.mine.nu, 1
+ec2software.com, 1
+eca.nb.ca, 1
+ecamisetas.com.br, 1
+ecampusontario.ca, 1
+ecard.ml, 1
+ecardoo.com, 1
+ecardoo.de, 1
+ecardoo.net, 1
+ecardoo.org, 1
+ecargo.co.nz, 1
+ecarscash.com, 1
+ecat.ua, 1
+ecaterina.tk, 1
+ecbt.co.il, 1
+ecc.ee, 1
+ecchidreams.com, 1
+eccma.org, 1
+ecco-verde.at, 1
+ecco-verde.com, 1
+ecco-verde.de, 1
+ecco-verde.it, 1
+eccoholiday.com, 1
+eccoilmenu.it, 1
+eccologic.net, 1
+eccouncil.org, 1
+eccu.edu, 1
+ecdn.cz, 1
+ece-inc.net, 1
+ecelembrou.ovh, 1
+ecency.com, 1
+ecenglishlive.com, 1
+ecenter.bg, 1
+ecetechsol.com, 1
+ecetiner.com, 1
+ecfunstalls.com, 1
+ecgclic.fr, 1
+echarity.ae, 1
+echbay.com, 1
+echi.pw, 1
+echidna-usa.com, 1
+echidna.com.au, 1
+echidnalock.com.au, 1
+echima.ca, 1
+echinus.solutions, 1
+echo-in.info, 1
+echo-n.nz, 0
+echo-security.co, 1
+echo.cc, 1
+echoanalytics.com, 1
+echobridgepartners.com, 1
+echocolate.xyz, 1
+echodio.com, 1
+echoeshq.com, 0
+echofoxtrot.co, 1
+echoit.net, 1
+echoit.net.au, 1
+echoit.services, 1
+echomail.org, 1
+echopaper.com, 1
+echorecovery.org, 1
+echosearch.co, 1
+echoserver.org, 1
+echoship.com, 1
+echosixmonkey.com, 1
+echosystem.fr, 1
+echotango.fr, 1
+echoteam.eu.org, 1
+echoteam.gq, 1
+echoteam.ml, 1
+echotone.tk, 1
+echovintage.com.br, 1
+echowave.io, 1
+echt.ga, 1
+echtcache.ga, 1
+echtebbq.nl, 1
+echternach-immobilien.de, 1
+echtes-hutzelbrot.de, 1
+ecirtam.net, 0
+eciso.io, 1
+ecity.hu, 1
+eck.cologne, 1
+eckel-edv.de, 1
+eckel-kieser-gbr.de, 1
+eckel.co, 1
+eckerl.org, 1
+eckerle-gruppe.com, 1
+eckfordtownshipmi.gov, 1
+eckindustries.com, 1
+eckler.ca, 1
+eckotech.fr, 1
+eckstein.tech, 1
+eclectic-al.gov, 1
+eclecticbeaver.com, 1
+eclectiv.com, 1
+eclipse-cross.info, 1
+eclipse4academia-startups.com, 1
+eclipseforum.tk, 1
+eclipsegame.tk, 1
+eclipseide.org, 1
+eclipseinspectionservices.co.uk, 1
+eclipsesuite.com, 1
+ecn.ir, 1
+ecnetworker.com, 1
+eco-derattizzazione.it, 1
+eco-doors.co.uk, 1
+eco-price.ru, 1
+eco-solu.co.jp, 1
+eco-web.com, 1
+eco-wiki.com, 1
+eco-work.it, 1
+eco2u.ru, 1
+eco69.com, 1
+eco69.eu, 1
+eco69.pl, 1
+ecobalispa.com, 1
+ecobunker.co.uk, 1
+ecobunkerusa.com, 1
+ecocanada.jobs, 1
+ecoceutics.com, 1
+ecoconut.org, 1
+ecocreativity.org, 1
+ecocuisinedesign.com, 1
+ecodedi.com, 1
+ecodepur.co.ao, 1
+ecodepur.fr, 1
+ecodesign-labo.jp, 1
+ecodesigns.nl, 1
+ecoeat.ru, 1
+ecoefficience.com, 1
+ecoelectricsandiego.com, 1
+ecoeuropa.cf, 1
+ecofinancing.com, 1
+ecofoolad.com, 1
+ecoformeurope.com, 1
+ecofriendlytravels.com, 1
+ecogarden.design, 1
+ecogen.com.au, 1
+ecogen.net.au, 1
+ecohaus-pinklao-salaya.com, 0
+ecoheatcool.co.uk, 1
+ecohimdv.tk, 1
+ecohomebuild.org, 1
+ecohostingservices.uk, 1
+ecoindia.tk, 1
+ecojob.ga, 1
+ecolala.my, 1
+ecolan37.ru, 1
+ecole-attalens.ch, 0
+ecole-du-digital.com, 1
+ecole-eac.com, 1
+ecole-iaf.fr, 0
+ecole-parfum.com, 1
+ecole-saint-yves-rennes.fr, 1
+ecoledusabbat.org, 0
+ecolelacime.be, 1
+ecolemathurincordier.com, 0
+ecolenotredame.tk, 1
+ecolequebec.com, 1
+ecoles-conde.com, 1
+ecolive.pl, 1
+ecologeek.tk, 1
+ecologiahoy.com, 1
+ecologiapolitica.info, 1
+ecologic-france.com, 1
+ecologica.it, 1
+ecologistasenaccion.org, 1
+ecologiya.tk, 1
+ecoloriptv.tk, 1
+ecombustibil.ro, 0
+ecometal.bg, 1
+ecometalsrl.com, 1
+ecomgigs.com, 1
+ecomia.dk, 1
+ecommerce-bikinsistem.tk, 1
+ecommerce-optimizer.com, 1
+ecommercedb.com, 1
+ecommercenews.asia, 1
+ecommercenews.co.nz, 1
+ecommercenews.com.au, 1
+ecommerceuropa.eu, 1
+ecompen.co.za, 1
+ecomuuu.com, 1
+ecomweb.ro, 1
+ecomycie.com, 1
+econativa.pt, 1
+econfia.cf, 1
+econmarketingdigital.com, 1
+economia.cl, 1
+economias.pt, 1
+economic-sanctions.com, 1
+economicnews.ga, 1
+economics-colleges.com, 1
+economie.gouv.fr, 1
+economie2.alsace, 1
+economie2.fr, 1
+economiefidu.ch, 0
+economies.ch, 0
+economixportal.tk, 1
+economycarrentalscyprus.com, 1
+economydiva.com, 1
+economyroofingco.com, 1
+econsorzio.com, 1
+econstitution.bg, 1
+econsumer.gov, 1
+ecoo.top, 1
+ecoon.net, 1
+ecopak.org, 1
+ecopark.asia, 1
+ecopark.co, 1
+ecopark.tv, 1
+ecopowerenginewash.com, 1
+ecopy.ir, 1
+ecorak.de, 1
+ecored.pl, 1
+ecoresina.com, 1
+ecorp-australia.tk, 1
+ecorp.cc, 0
+ecos-ev.de, 1
+ecosas.org, 1
+ecoscanapp.eu, 1
+ecosdesociedad.tk, 1
+ecosfti.tk, 1
+ecoshare.info, 1
+ecosial.org, 1
+ecoskif.ru, 1
+ecosoftconsult.com, 0
+ecostarfoam.com, 1
+ecostroika.ru, 1
+ecostruxureit.com, 1
+ecosuds.co.uk, 1
+ecosystem.atlassian.net, 1
+ecosystemmanager-uat1.azurewebsites.net, 1
+ecotecelevator.com, 1
+ecotrade-disinfestazioni.it, 1
+ecotur.org, 1
+ecoturismo.tk, 1
+ecounselling.nic.in, 1
+ecoupakovka.ga, 1
+ecourbano.tk, 1
+ecoute.tv, 1
+ecovetawindoors.com, 1
+ecowater.com, 1
+ecowoman-armenian.tk, 1
+ecowoman-bengalian.tk, 1
+ecowoman-indonezian.tk, 1
+ecowoman-turkey.tk, 1
+ecowoman-ukraine.tk, 1
+ecozip.it, 1
+ecozona.tk, 1
+ecpc.org, 1
+ecpic.gov, 1
+ecpl.ru, 1
+ecr-test-partnapp.azurewebsites.net, 1
+ecredits-dev-app-backoffice01.azurewebsites.net, 1
+ecredits-dev-app-partner01.azurewebsites.net, 1
+ecrehabandwellness.com, 1
+ecrehou.com, 1
+ecrequipamientos.com, 1
+ecriminalrecords.com, 1
+ecrownoffire.com, 1
+ecrums.gov, 1
+ecsafety.com, 1
+ecscoutgroup.cf, 1
+ecstaticentertainment.com, 1
+ecsupplyinc.com, 1
+ect-cpg.com, 1
+ect-telecoms.com, 1
+ectora.com, 1
+ectpro.co.th, 1
+ecuadorbienesraices.com, 1
+ecuadorlibrered.tk, 1
+ecuadorwillana.com, 1
+ecuashop.ec, 1
+ecubr.com, 1
+ecup.mx, 1
+ecupcafe.com, 0
+ecv.fr, 1
+ecvma.fr, 1
+ecvtd.gov, 1
+ecxforum.com, 1
+ecyy.net, 1
+eczacionline.com, 1
+ed-medications.ml, 1
+ed-studios.tk, 1
+ed.gs, 1
+ed394jed.fr, 1
+eda.cooking, 1
+eda.gov, 1
+eda72.com, 1
+edalat.tk, 1
+edanalytics.org, 1
+edapt.org.uk, 1
+edas.info, 0
+edatech.com, 1
+edb.cz, 1
+edb.eu, 1
+edb.gov.sg, 1
+edcaptain.com, 1
+edcdn.net, 1
+edchart.com, 1
+edd-miles.com, 1
+eddesign.ch, 1
+eddi.org.au, 1
+eddie.website, 1
+eddmil.es, 1
+eddokloosterman.com, 1
+eddriesen.tk, 1
+eddsworld.tk, 1
+eddyn.net, 0
+eddysystem.tk, 1
+eddyworld.tk, 1
+edeals.co.com, 1
+edeals.com.co, 1
+edeca.net, 1
+ededdeddy.tk, 1
+edegembicycleclub.tk, 1
+edegulkoyu.tk, 1
+edehsa.com, 1
+edeka-peper.de, 1
+edel-suff.de, 1
+edelveiys.tk, 1
+edelvivesdigital.com, 1
+edelvivesdigitalplus.com, 1
+edelweiskapel.tk, 1
+edelweiss-pinzolo.com, 1
+edelweissalternatives.com, 1
+eden-project-insight.tk, 1
+eden.bz, 1
+eden.co.uk, 1
+edenaya.com, 0
+edencollie.com, 1
+edenfactory.tk, 1
+edenming.info, 1
+edennc.gov, 1
+edenprairiemn.gov, 1
+edenpureheater.tk, 1
+edenredbenefits.com, 1
+eder-steiner.at, 1
+ederasrl.it, 1
+edesseglabor.hu, 1
+edevletkapisi.org, 1
+edfdentalcenter.tk, 1
+edfinancial.com, 1
+edgar.mx, 1
+edgarcountyillinois.gov, 1
+edgarpierre.fr, 1
+edgarsmission.org.au, 1
+edgarsonderwaterwereld.tk, 1
+edgartamarit.com, 1
+edgarwi.gov, 1
+edgarz.tk, 1
+edge12bar.com, 1
+edgebilisim.com, 1
+edgecase.ru, 1
+edgeconnectnj.net, 1
+edgecustomersportal.com, 1
+edgedynasty.com, 1
+edgeimpulse.com, 1
+edgeless.pp.ua, 0
+edgelogs.com, 1
+edgemagazine.net, 1
+edgemasterspaint.com, 1
+edgeofnoservers.com, 1
+edgerton.us, 1
+edgeservices.co.uk, 1
+edgetalk.net, 1
+edgetechig.co.uk, 0
+edgewaterco.gov, 1
+edging.tech, 1
+edh.email, 1
+edholm.pub, 1
+edi-gate.com, 1
+edi-gate.de, 1
+edianyuan.online, 1
+edianyuan.site, 1
+edianyuan.xyz, 1
+edibarcode.com, 1
+ediberto.tk, 1
+edibleforest.co, 1
+edicct.com, 1
+edicionescrimentales.tk, 1
+edihair.com, 1
+edik.tk, 1
+edikacomptabilite.com, 1
+edilane.com, 1
+edilane.de, 1
+ediliovo.com, 1
+edilondon.com, 1
+edilservizivco.it, 1
+edinburghcastle.scot, 1
+edinburghcyclehire.co.uk, 1
+edinburghcyclehire.com, 1
+edinburghopenworkshop.co.uk, 1
+edirnehaber.tk, 1
+edirnehaberleri.tk, 1
+edisonchee.com, 1
+edisongroup.ru, 1
+edisonlee55.com, 1
+edisonluiz.com, 1
+edisonnj.gov, 1
+edisonstreet.com, 1
+edist.ro, 1
+edit.co.uk, 1
+edit.org, 1
+edit.yahoo.com, 0
+edited.at, 1
+edited.be, 1
+edited.ch, 1
+edited.cz, 1
+edited.de, 1
+edited.nl, 1
+edited.pl, 1
+edithlouw.tk, 1
+edithouse.dk, 1
+edition-sonblom.de, 0
+editions-campanile.fr, 1
+editionsnoiretrouge.com, 1
+editionsz.com, 1
+editorakanope.com.br, 1
+editorialexpress.com, 1
+editorialnew.com, 1
+editorsguild.com, 1
+editspace.tk, 1
+editus.it, 1
+edje.com, 1
+edjo.us, 1
+edl.com.ph, 1
+edlinger.at, 1
+edlinger.mobi, 1
+edman007.com, 1
+edmates.com, 1
+edmedications.tk, 1
+edmedsonline.tk, 1
+edmilia.tk, 1
+edmoncu.com, 1
+edmondok.gov, 1
+edmundcelis.com, 1
+edmundy.tk, 1
+edmwaves.org, 1
+ednarstore.com, 1
+edocperso.fr, 1
+edocr.com, 1
+edok.com.br, 1
+edopomoga.gov.ua, 1
+edoss.co.za, 0
+edp.com, 1
+edpgassu.pt, 1
+edpnc.com, 1
+edpr.com, 1
+edpubs.gov, 1
+edr-d.expert, 1
+edragneainpuscarie.ro, 1
+edremith.com, 1
+edremitweb.site, 1
+edrepay.com, 1
+edrgroup.nl, 1
+edri.org, 1
+edrosd.cf, 1
+edrost.tk, 1
+edrtravel.com, 1
+edsby.com, 0
+edscha.com, 1
+edscolors.com, 1
+edservicing.com, 1
+edshogg.co.uk, 1
+edsm.net, 1
+edstem.org, 1
+edstep.com, 1
+edsys.com.au, 1
+edtech-hub.com, 1
+edtech.ee, 1
+edtechwebb.com, 1
+edtravel.ga, 1
+edu-kingdom.com, 1
+edu3w.at, 1
+edu6.cloud, 1
+eduanimal.tk, 1
+eduard-dopler.de, 1
+eduardbaas.com, 1
+eduardnikolenko.com, 1
+eduardochang.tk, 1
+eduardofranco-luthier.tk, 1
+eduardomaio.net, 1
+eduardosuarez.tk, 1
+eduart.tk, 1
+eduba.se, 1
+edubase.link, 1
+edubase.net, 1
+edubirdie.com, 1
+edublognews.tk, 1
+educa2.es, 1
+educabis.tk, 1
+educacionit.com, 1
+educacionnm.ml, 1
+educacionvirtual.com.ar, 1
+educaestado.com, 1
+educanada.in, 1
+educard.co.at, 1
+educasis.tk, 1
+educatek.es, 1
+educatie.tk, 1
+education-colleges.com, 1
+education-info.cf, 1
+education4paper.tk, 1
+educationarea.tk, 1
+educationboard.ml, 1
+educationconnect.tk, 1
+educationdegree.com, 1
+educationdepartment.ml, 1
+educationet.tk, 1
+educationfirst.ml, 1
+educationgov.tk, 1
+educationhighquality.ml, 1
+educationism.tk, 1
+educationmalaysia.co.uk, 1
+educationone.ml, 1
+educationportal.ga, 1
+educationportal.tk, 1
+educationstandards.nsw.edu.au, 1
+educationstatistic.tk, 1
+educationstudent.tk, 1
+educationsupport.org.uk, 0
+educationtopics.tk, 1
+educationtree.tk, 1
+educationtrust.tk, 1
+educationweek.tk, 1
+educative.io, 1
+educator-one.com, 1
+educatorretirementsolutions.com, 1
+educators.co.nz, 1
+educatoys.com.br, 1
+educbook.ga, 1
+educheck.tech, 1
+educlove.com, 1
+educourse.nl, 1
+edudaddy.net, 0
+edudip-next.com, 1
+edudip.com, 1
+edudip.de, 1
+edufever.com, 1
+edufever.in, 1
+eduflow.at, 1
+edugeton.com, 1
+edugram.com, 1
+eduhub.lol, 1
+eduhub.ml, 1
+eduid.se, 1
+eduif.nl, 0
+eduium.io, 1
+eduki.com, 1
+edukle.com, 0
+edularidea.com, 1
+edularism.com, 1
+edulayer.net, 1
+edulinks.ml, 1
+edumanage.tk, 1
+edumaritime.net, 1
+edumerson.com, 1
+edunaut.com.au, 1
+edunet.gq, 1
+edunet.training, 1
+edunian.com, 1
+edunoor.tk, 1
+eduoneschool.tk, 1
+edupay.co.at, 1
+edupesa.com, 1
+eduproject.tk, 1
+eduproquality.tk, 1
+eduqfix.com, 1
+eduradiadores.com.br, 1
+eduresultbd.com, 1
+eduroam.no, 1
+eduroam.uy, 1
+edusanjal.com, 1
+eduschool.ml, 1
+edusektor.de, 0
+edusercontent.com, 1
+eduson.pl, 1
+eduspot.co.uk, 1
+edusson.com, 1
+edusuite.at, 1
+edutour.ml, 1
+edutrum.com, 1
+eduxon.in, 1
+eduxpro.com, 1
+eduzaurus.com, 1
+edv-biela.de, 1
+edv-lehrgang.de, 1
+edv-ringhofer.de, 1
+edv-schmittner.de, 1
+edvan.com.br, 1
+edvestinu.com, 1
+edvgarbe.de, 1
+edvision.ga, 1
+edvmesstec.de, 1
+edward-tagle.tk, 1
+edwardbrowninvestment.tk, 1
+edwarddekker.nl, 1
+edwardkong.top, 1
+edwards.me.uk, 1
+edwardscommercialcleaning.com, 1
+edwardsgrounds.co.uk, 1
+edwardwall.me, 1
+edware.ga, 1
+edweb.tk, 1
+edwellbrook.com, 1
+edwinlinda.tk, 1
+edwinlugo.gq, 1
+edwinmattiacci.com, 1
+edwinroelvink.tk, 1
+edxg.de, 0
+edxn.de, 1
+edyhenry.tk, 1
+edyou.org, 0
+edytabania.com, 1
+edzo.dk, 1
+edzo.fr, 1
+ee-terminals.com, 1
+ee00228.com, 0
+ee362.com, 0
+ee367.com, 0
+ee372.com, 0
+ee396.com, 0
+ee397.com, 0
+ee5197.co, 1
+ee6729.co, 1
+ee6729.com, 0
+ee6957.co, 1
+ee9297.co, 1
+ee9397.com, 0
+ee951.com, 0
+ee9721.com, 0
+ee9728.co, 1
+ee973.com, 0
+eeagrants.cz, 1
+eebt.hu, 1
+eeeb.loan, 1
+eeeeeeeeee.de, 1
+eeehh.com, 1
+eeetrust.org, 1
+eegaming.org, 1
+eegaming.tk, 1
+eehitus.ee, 1
+eeia.com, 1
+eeiletudiant.com, 1
+eekelen.net, 1
+eelabs.eu, 1
+eelcapone.nl, 1
+eellak.gr, 1
+eelsden.net, 1
+eelzak.nl, 1
+eemcevn.com, 1
+een-eenvoudige-test-voor-de-maximum-lengte-van-een-nederlandse.nl, 1
+een.com, 1
+eenfotowaard.nl, 1
+eenmailsturen.nl, 0
+eennieuwepc.nl, 1
+eentweevijf.be, 1
+eenvren.com, 1
+eenvxing.com, 1
+eeqj.com, 1
+eer.io, 1
+eeri.org, 1
+eerstemaanlanding.tk, 1
+eery.de, 1
+eet.nu, 1
+eetestingcenter.com, 1
+eetimestv.com, 1
+eevie.io, 1
+eevpn.com, 1
+eewna.org, 1
+eeyo.uk, 1
+eez.ee, 0
+ef.gy, 1
+efaas.nl, 1
+efag.com, 1
+efamilycare.com, 1
+efcpharma.com, 1
+efcross.com, 1
+efectococuyo.com, 0
+efeel.info, 1
+efeen.nl, 1
+efeindonesia.com, 1
+efektfoto.cz, 1
+efektyvnist.pro, 1
+eferro.ca, 1
+efeso.co.nz, 1
+efeso.nz, 1
+efeso.org.nz, 1
+efeso4mayor.co.nz, 1
+efeso4mayor.nz, 1
+efeso4mayor.org, 1
+efeso4mayor.org.nz, 1
+efesocollins.org, 1
+efesocollins.org.nz, 1
+efesoformayor.co.nz, 1
+efesoformayor.nz, 1
+efesoformayor.org, 1
+efesoformayor.org.nz, 1
+eff.org, 1
+effdocs.com, 1
+effe.ch, 0
+effecotto.it, 1
+effective-altruist.com, 1
+effectivecommunication.tk, 1
+effectiveconsulting.ca, 1
+effectivepapers.com, 1
+effectory.com, 1
+effectpointphotography.cf, 1
+effectualness.co.za, 1
+effectualness.web.za, 1
+effelzburgfilms.com, 1
+effer.me, 1
+effex.ru, 1
+effexorgeneric.ml, 1
+effiasoft.com, 0
+effic.es, 1
+efficientip.com, 0
+efficientsolutions.tk, 1
+effigos.com, 1
+effigos.de, 1
+effinfun.com, 1
+effinghamcountyil.gov, 1
+efflam.net, 1
+effmio.de, 1
+effortlesshr.com, 1
+effortlesshr.net, 1
+effra.pl, 1
+efi.com, 0
+eficsolar.com, 1
+efiglobal.com, 1
+efiledcsuperiorcourt.gov, 1
+efirma.com, 1
+eflorashop.be, 1
+eflorashop.ch, 1
+eflorashop.co.uk, 1
+eflorashop.com, 1
+eflorashop.de, 1
+eflorashop.es, 1
+eflorashop.fr, 1
+eflorashop.it, 1
+eflorashop.mx, 1
+eflorashop.net, 1
+eflorashop.us, 1
+efmcredentialing.org, 1
+efmo.de, 1
+efoood.org, 1
+efootball4u.es, 1
+eformost.ca, 1
+eforw.com, 1
+efp.nl, 1
+efran-eliyev.gq, 1
+efsanesi.tk, 1
+eft.boutique, 1
+eftcorp.biz, 1
+eftelingcraft.net, 1
+efterfest.tk, 1
+eftotoekspertizbalikesir.com, 1
+efutbol.tk, 1
+eg-dev.net, 1
+eg22.com, 1
+eg7.co.jp, 1
+eg7.jp, 1
+egablo.black, 1
+egabroaventuras.tk, 1
+egais.ml, 1
+egarden.it, 1
+egb.at, 0
+egbert.net, 1
+egbertsen.tk, 1
+egc.ink, 1
+egdsk.ru, 1
+egegesh.ru, 1
+egekbb.org, 1
+egeozcan.com, 0
+egestor.com.br, 1
+egevpare.tk, 1
+egfl.org.uk, 1
+egg-ortho.ch, 1
+eggblast.com, 1
+egge.com, 0
+eggel.ch, 1
+eggen.dk, 1
+eggendorfer.at, 1
+eggendorfer.be, 1
+eggendorfer.biz, 1
+eggendorfer.ch, 1
+eggendorfer.co.uk, 1
+eggendorfer.de, 1
+eggendorfer.info, 1
+eggendorfer.it, 1
+eggendorfer.li, 1
+eggendorfer.name, 1
+eggendorfer.net, 1
+eggendorfer.online, 1
+eggendorfer.org, 1
+eggendorfer.pro, 1
+eggendorfer.rocks, 1
+eggendorfer.tv, 1
+eggendorfer.uk, 1
+eggendorfer.us, 1
+eggendorfer.wine, 1
+eggertsvillefiredistrict.gov, 1
+egglestonyouthcenter.org, 1
+eggman.tk, 1
+eggplantsoftware.com, 1
+eggqvq.com, 1
+eggrolls.ml, 1
+eggy.com.au, 0
+eggzr.com, 1
+egh.ir, 1
+egiftcards.be, 1
+egilopaseryh.tk, 1
+egins.tk, 1
+egipet-tiz.tk, 1
+egiptwakacje.tk, 1
+egitim.academy, 1
+egitimpusulam.com, 1
+egito.pl, 1
+egittophilia.tk, 1
+eglantier.eu, 1
+egles.eu, 1
+eglinlife.net, 1
+egliseclichy92.fr, 1
+eglisedenantes.fr, 1
+egm-sakura.com, 1
+ego4u.com, 1
+ego4u.de, 1
+egoclan.tk, 1
+egold-keeper.com, 1
+egomania.tk, 1
+egomaniaque.tk, 1
+egonews.ga, 1
+egonix.de, 1
+egophobia.tk, 1
+egorazarkevich.ga, 1
+egorka.ml, 1
+egoroskope.tk, 1
+egos-online.com, 1
+egoscolumn.tk, 1
+egotickets.com, 1
+egotripproductions.org, 1
+egov.digital, 1
+egov4.ch, 1
+egproduction.com, 1
+egreensvape.com, 1
+egregius.be, 0
+egres.xyz, 1
+egretail.no, 0
+egrojsoft.info, 1
+egrouen.net, 1
+egroupware.org, 1
+egrow.io, 1
+egt-bg.com, 1
+egt-digital.com, 1
+egt.ee, 0
+egvilparks.gov, 1
+egw-ceramica.de, 1
+egy-boy.tk, 1
+egypt-tourism.ga, 1
+egypt-tours.tk, 1
+egypt-turism.ru, 1
+egyptcrops.com, 1
+egypte.tk, 1
+egyptenet.tk, 1
+egypteweb.tk, 1
+egyptexposed.tk, 1
+egypthomemaintenance.com, 1
+egyptian.gq, 1
+egyptianeuphoria.com, 1
+egyptianhak.tk, 1
+egytimes.tk, 1
+egzekucija.tk, 1
+egzotique.com, 1
+eh-huebner-stiftung.de, 1
+ehaccp.it, 1
+ehazi.hu, 1
+ehbsecuritydavy.be, 1
+ehcommerce.com, 1
+ehcommerce.org, 1
+ehdata.net, 1
+ehealth.gov.au, 1
+ehealth.kg, 1
+eheartspecialist.com, 1
+eheliche-disziplin.schule, 1
+eheya.net, 1
+ehipaa.com, 1
+ehlers-net.de, 1
+ehlersdanlos.dk, 1
+ehlersdanlos.tk, 1
+ehliyetsinavsorulari.org, 1
+ehmsen.nu, 1
+ehmtheblueline.com, 1
+ehne.de, 1
+ehome.im, 1
+ehometools.com, 1
+ehomusicgear.com, 1
+ehorizon.jp, 1
+ehpad-ariege.fr, 1
+ehr.bg, 1
+ehr.gov, 1
+ehrby.se, 1
+ehrdata.com, 1
+ehrenburg.info, 1
+ehrlichesbier.de, 1
+ehsehk.com.ph, 1
+ehtgov.org, 1
+ehtp.pt, 1
+ehtu.tk, 1
+ehub.cz, 1
+ehub.hu, 1
+ehub.pl, 1
+ehub.sk, 1
+ehuber.info, 1
+ei-bo.org, 1
+eiacampoguamal.com, 1
+eiao.me, 1
+eiber.net, 1
+eibich.de, 1
+eichel.eu, 1
+eichendorffschule.online, 1
+eichenrund.de, 1
+eichinger-stelzl.com, 1
+eichinger-stelzl.de, 1
+eichler.work, 1
+eickhof.co, 1
+eickhof.us, 1
+eickhofcolumbaria.com, 1
+eidelpes.info, 1
+eientei.org, 1
+eifach.top, 1
+eifel.website, 1
+eiffage.com, 1
+eiga.com, 1
+eigenaardig.tk, 1
+eigenbubi.de, 1
+eigenetiket.tk, 1
+eigenpul.se, 1
+eigenpulse.com, 1
+eigentech.com, 1
+eigenvector.space, 1
+eigenvector.systems, 1
+eightballde.luxe, 1
+eightvirtues.tk, 1
+eighty-aid.com, 1
+eightyfour.ca, 1
+eightysoft.de, 1
+eigpropertyauctions.co.uk, 1
+eihaikyo.com, 1
+eihei.net, 1
+eiji.fr, 1
+eikenskaden.tk, 1
+eikentafels.nl, 1
+eiklandenergy.com, 1
+eiko-dch.ac.jp, 1
+eikoh.nsw.edu.au, 1
+eikones.tk, 1
+eikounoayumi.jp, 1
+eileen.ml, 1
+eilhan.com, 1
+eim.one, 1
+eimacs.com, 1
+eimeko.ch, 1
+eimmigration.com, 1
+ein-itin.com, 1
+einarkallevig.tk, 1
+einaros.is, 1
+eindex.me, 1
+eine-andere-welt.org, 1
+einfach-fitz.at, 1
+einfachkiss.at, 1
+einheizpreis.de, 1
+einhorn.space, 1
+einmonolog.de, 1
+einreiseanmeldung.de, 1
+einrichtenonline.com, 1
+einsatzstiefel.info, 1
+einstein-themanandhismind.net, 1
+einsteinathome.org, 1
+einsteinbros.com, 1
+einsteinium.fr, 1
+einsteinmishra.com, 1
+einsteins.tk, 1
+einstokbeer.com, 1
+eintageinzug.de, 1
+eintoepfe-bruchsal.de, 1
+eintracht-rodde.de, 1
+einvestment.com, 1
+einwie.com, 1
+eipione.com, 1
+eirastudios.co.uk, 1
+eirb.fr, 1
+eirgroup.com.au, 1
+eirik.eu, 1
+eirikyrolae.tk, 1
+eis.org.uk, 1
+eisaev.ru, 1
+eisblau.org, 1
+eisei-iinkai.com, 1
+eisen-biomed.ch, 1
+eisenbahnfreunde-lengerich.de, 1
+eisenberg.co.za, 1
+eisenhowerlibrary.gov, 1
+eisenhut.family, 1
+eisenstark.de, 1
+eisernes-kreuz.tk, 1
+eiskratzer-bedrucken.de, 0
+eit-solutions.com.au, 1
+eit-web.de, 0
+eitbtaldea.eus, 1
+eivanec.com, 1
+eiyoushi-shigoto.com, 1
+ej.gov, 1
+ej.uz, 1
+ejabi-infosec.com, 1
+ejbelectrical.com, 1
+ejcabinets.com, 1
+ejderrapgott.de, 1
+ejdv-anmeldung.de, 1
+ejelectrical-qld.com.au, 1
+ejerciciosmemoria.com, 1
+ejit.eu, 1
+ejkathome.nl, 1
+ejkatwork.nl, 1
+ejkenergie.nl, 1
+ejkgemist.nl, 1
+ejkgroep.nl, 1
+ejkholding.nl, 1
+ejkhosting.nl, 1
+ejkinternet.nl, 1
+ejkitservices.nl, 1
+ejkmedia.nl, 1
+ejkmuseum.nl, 1
+ejknet.nl, 1
+ejknieuws.nl, 1
+ejkproducties.nl, 1
+ejkradio.nl, 1
+ejkrail.nl, 1
+ejkrailshop.nl, 1
+ejksport.nl, 1
+ejktelecom.nl, 1
+ejktv.nl, 1
+ejkuniversiteit.nl, 1
+ejkweb.nl, 1
+ejkwebdesign.nl, 1
+ejsc.co.jp, 1
+ek-networks.de, 0
+ekalisch.de, 1
+ekamfoundationmumbai.org, 1
+ekamus.tk, 1
+ekatalendra.com, 1
+ekatavirghost.com, 1
+ekati.ru, 1
+ekawaiishop.com, 1
+ekb-avia.ru, 0
+ekcomp.com, 1
+ekcrags.ru, 1
+ekd.de, 1
+ekdoseis.gr, 1
+ekeblock.com, 1
+ekedc.com, 1
+ekedp.com, 1
+ekf.ee, 1
+ekfgroup.com, 1
+ekgh.dk, 1
+ekhabar.ml, 1
+ekho.tk, 1
+ekimaeseitai.com, 1
+ekimma.com, 1
+ekiphost.com, 1
+eklepka.com, 1
+eklitzke.org, 1
+ekmanager.tk, 1
+eko-vitalis.ru, 1
+eko69.pl, 1
+ekobudisantoso.net, 1
+ekocleaningllc.com, 1
+ekoclin.com, 1
+ekocyber.com, 1
+ekogroszekpieklo.pl, 1
+ekokpandm.tk, 1
+ekol-2001.tk, 1
+ekol.com, 1
+ekologie.tk, 1
+ekologija.tk, 1
+ekonbenefits.com, 1
+ekonomika.tk, 1
+ekonomipolitik.tk, 1
+ekonomival.se, 1
+ekonomska.tk, 1
+ekophone.bg, 1
+ekopromet.com, 1
+ekosaltis.lt, 1
+ekosf.ru, 1
+ekospajzka.cz, 1
+ekostecki.de, 1
+ekouniejow.pl, 1
+ekowibowo.com, 1
+ekozercy.pl, 1
+ekpj.jp, 1
+ekranoplan-lun.ru, 1
+ekranos.me, 1
+ekre.club, 1
+ekron.at, 1
+eks.news, 1
+eksibition.org, 1
+eksik.com, 0
+eksisozluk.com, 0
+ekspert.tk, 1
+ekspertemerytalny.pl, 1
+eksploraz.com, 1
+ekspress.ee, 1
+ektefa.sa, 1
+ekvastra.in, 1
+ekwador.com, 1
+ekyu.moe, 1
+ekzcrosstour.ch, 1
+ekzotika.tk, 1
+el-cell.com, 1
+el-hossari.com, 1
+el-masri.bg, 1
+el-mass.com, 1
+el-mundo.tk, 1
+el-tatwer.tk, 1
+ela-n.de, 1
+elaax.de, 0
+elabib.com, 1
+elad.wtf, 1
+eladalfassa.com, 1
+eladerezo.com, 1
+eladgames.com, 1
+elahejalilvand.com, 1
+elaheze.com, 0
+elahuehuete.art, 1
+elainerock.com, 1
+elakiri.cf, 1
+elalmibar.com, 1
+elana.lt, 1
+elandador.com.mx, 1
+elanterna.ro, 1
+elanusparts.com, 1
+elanza.nl, 0
+elaon.de, 0
+elar.tk, 1
+elarcoreu.com, 0
+elariannews.ml, 1
+elartedelaguerra.tk, 1
+elartedelapaz.org, 1
+elarvee.xyz, 1
+elasten.eu, 1
+elastiekschieten.tk, 1
+elatinoamericano.tk, 1
+elauricielo.tk, 1
+elaxy-online.de, 1
+elayog.bt, 1
+elazafran.com, 1
+elazighaber.tk, 1
+elb500ttl.nl, 1
+elba-elba.tk, 1
+elba-hotel.tk, 1
+elbaal.gov, 1
+elbersdometechniek.tk, 1
+elbetech.net, 1
+elbiaadmin.sk, 1
+elbiahosting.sk, 1
+elbir.tk, 1
+elbitsystems.com, 1
+elblogdezoe.es, 1
+elbrus360.ru, 1
+elbrutoconeloso.tk, 1
+elburnfire.gov, 1
+elbvision.de, 1
+elbwiese.de, 1
+elcactus.tk, 1
+elcajon.gov, 1
+elcambioavanza.co, 1
+elcanonjusto.tk, 1
+elcarajo.tk, 1
+elchamandelaprosperidad.org, 1
+elcheapoflags.com, 1
+elcient.com, 1
+elcigaro.bg, 1
+elcin.tk, 1
+elcirculo.mx, 1
+elcontadorsac.com, 1
+elcontrol.tk, 1
+elcosmos.tk, 1
+elcosteno.tk, 1
+elcozinante.com, 1
+elcuadernodefilosofia.tk, 1
+eldarom.ro, 1
+eldeneleokuldaneveoyun.com, 1
+eldercare.gov, 1
+elderdevelopmentgroup.com, 1
+elderindex.org, 1
+elderjustice.gov, 1
+elderplan.org, 1
+elderreviews.gq, 1
+elderscrolls.tk, 1
+eldevo.com, 1
+eldiedesign.com, 1
+eldisagjapi.de, 1
+eldoradocylinders.com, 1
+eldoradoil.gov, 1
+eldrid.ge, 1
+ele-sm.com, 1
+eleanorleightrio.com, 1
+elearningi.pl, 1
+elearningpilot.com, 1
+eleather.it, 1
+elecbuz.com, 0
+eleconomista.com.ar, 1
+electerious.com, 1
+electicofficial.com, 0
+electionpresidentiellegabon2009.ga, 1
+electionrunners.com, 1
+elections.ca, 1
+elections.nz, 1
+electionsbycounty.com, 1
+electionsdatabase.com, 1
+electionsshelbytn.gov, 1
+electmikewaters.com, 1
+electr0sheep.com, 1
+electra.co.nz, 1
+electragirl.com, 1
+electras.cf, 1
+electrastart.nz, 1
+electric-clippers.tk, 1
+electric-samara.tk, 1
+electric-vault.co.uk, 1
+electricagoura.com, 1
+electricagourahills.com, 1
+electrical-schools.com, 1
+electrical.cn, 1
+electricalagoura.com, 1
+electricalagourahills.com, 1
+electricalandelectronicsengineerinformation.ga, 1
+electricalcalabasas.com, 1
+electricalcamarillo.com, 1
+electricalconejovalley.com, 1
+electricaldosvientos.com, 1
+electricalengineers.tk, 1
+electricalhiddenhills.com, 1
+electricallakesherwood.com, 1
+electricalmalibu.com, 1
+electricalmoorpark.com, 1
+electricalnewburypark.com, 1
+electricaloakpark.com, 1
+electricalpacificpalisades.com, 1
+electricalsimivalley.com, 1
+electricalthousandoaks.com, 1
+electricalwestlakevillage.com, 1
+electricannihilation.tk, 1
+electricbeast.co, 1
+electriccalabasas.com, 1
+electriccamarillo.com, 1
+electriccitysf.com, 1
+electriccoin.co, 1
+electricconejovalley.com, 1
+electricdosvientos.com, 1
+electricdreams.xyz, 1
+electricfencingpinetown.co.za, 1
+electricfireplaces.tk, 1
+electricgatemotoralberton.co.za, 1
+electricgatemotorboksburg.co.za, 1
+electricgatemotorgermiston.co.za, 1
+electricgatemotorshillcrest.co.za, 1
+electricgatemotorsroodepoort.co.za, 1
+electricgypsies.nl, 1
+electrichiddenhills.com, 1
+electrichome.fr, 0
+electricianagoura.com, 1
+electricianagourahills.com, 1
+electriciancalabasas.com, 1
+electriciancamarillo.com, 1
+electricianconejovalley.com, 1
+electriciandosvientos.com, 1
+electricianforum.co.uk, 1
+electricianhiddenhills.com, 1
+electricianlakesherwood.com, 1
+electricianmalibu.com, 1
+electricianmoorpark.com, 1
+electriciannewburypark.com, 1
+electricianoakpark.com, 1
+electricianpacificpalisades.com, 1
+electricianpretoria24-7.co.za, 1
+electricians-roodepoort.co.za, 1
+electricianschooledu.org, 1
+electriciansimivalley.com, 1
+electricianthousandoaks.com, 1
+electricianwestlakevillage.com, 1
+electricienasnieres.fr, 1
+electricimagination.co.uk, 1
+electricity.tk, 1
+electricityplans.com, 1
+electriclakesherwood.com, 1
+electricmalibu.com, 1
+electricmoorpark.com, 1
+electricnewburypark.com, 1
+electrico.tk, 1
+electricoakpark.com, 1
+electricpower.tk, 1
+electricsimivalley.com, 1
+electricthousandoaks.com, 1
+electricwestlakevillage.com, 1
+electricwokstore.com, 1
+electriczone.tk, 1
+electrobraid.com, 1
+electrocity.ie, 0
+electrocomplect.com.ua, 1
+electrodomesticos.tk, 1
+electrodomesticosmiro.com, 1
+electroforum.tk, 1
+electrofreakz.tk, 1
+electrogenic.co.uk, 1
+electrohelp.ga, 1
+electrolandia.tk, 1
+electrolivefest.spb.ru, 1
+electromagnetichealth.org, 1
+electromagnetism.gq, 1
+electromec.biz, 1
+electromec.eu, 1
+electromec.info, 1
+electromec.net, 1
+electromec.org, 1
+electromenager.tk, 1
+electrominati.com, 1
+electromotor.tk, 1
+electroneek.com, 1
+electronic-ignition-system.com, 1
+electronicafacil.net, 1
+electronicaripol.es, 1
+electronicfasteners.com, 0
+electronicssrit.tk, 1
+electronictucuman.com, 1
+electroniko.cf, 1
+electronis.ru, 1
+electronmag.tk, 1
+electronsweatshop.com, 1
+electroschematics.com, 1
+electrosoftcloud.com, 0
+electrostatics.com, 1
+electrostore.com.ec, 1
+electrotainment.com, 1
+electroyclima.es, 1
+electrum.org, 1
+eled.io, 1
+elefanten-cup.de, 1
+elefsisport.gr, 0
+elegance-lingerie.com, 1
+elegance-sm.com, 1
+elegance96.tk, 1
+elegancecement.com, 1
+elegansia-piscine.fr, 1
+elegant-design.tk, 1
+elegant-techno.com, 1
+eleganta.ga, 1
+elegantanal.com, 1
+elegantbrows.com, 1
+elegantfamilyhotelsandresorts.com, 1
+elegantlacebridal.com, 1
+elegantlatex.tk, 1
+elegantly-clean.co.uk, 1
+eleganza.ga, 1
+elegro.cz, 1
+eleicoes2018.com, 1
+elejordemarketingconsultancy.com, 1
+eleken.jp, 1
+elekner.tk, 1
+elektiriklidireksiyontamiri.com, 1
+elektiriktasarruf.tk, 1
+elektriker-notdienst-zentrale.de, 1
+elektrikumraniye.com, 1
+elektrikvesukesintileri.com, 1
+elektrilevi.com, 1
+elektrilevi.ee, 1
+elektrilevi.eu, 1
+elektro-adam.de, 1
+elektro-diehm.de, 1
+elektro-doerr.com, 1
+elektro-feichtner.at, 1
+elektro-hammes.net, 1
+elektro-hofmann-gmbh.de, 1
+elektro-hornetz.de, 1
+elektro-koehl.de, 1
+elektro-liebeskind.de, 1
+elektro-metz.de, 1
+elektro-pfeiffer.de, 1
+elektro-praha10.cz, 1
+elektro-reibsch.de, 1
+elektro-stock.de, 1
+elektro-wandelt.de, 1
+elektro-woerdehoff.de, 1
+elektrobusch.com, 1
+elektroclub.tk, 1
+elektroepilation-stuttgart.de, 1
+elektrofinke.de, 1
+elektroistrument.tk, 1
+elektrokarges.de, 1
+elektrolety.com, 1
+elektrolety.cz, 1
+elektromet.com.pl, 1
+elektromet.pl, 1
+elektrometz.de, 1
+elektromobil-zubehoer.de, 1
+elektromosev.cz, 1
+elektromotor.tk, 1
+elektron-elektrotechnik.de, 1
+elektronickakancelar.cz, 1
+elektroniksigarasehri1.com, 1
+elektronische-post.org, 1
+elektronix.tk, 1
+elektronomi.com, 1
+elektropartner.nu, 1
+elektropost.org, 1
+elektroprom.tk, 1
+elektrosety.com.ua, 1
+elektrotango.tk, 1
+elektrotechnik-heisel.de, 1
+elektrotechnik-kaetzel.de, 1
+elektrotechnik-schreck.de, 1
+elektrotechniker-beck.de, 1
+elektrownie-tanio.net, 1
+elektryczka.pl, 1
+elelenin.cf, 1
+elemanpersonelalimi.com, 1
+elemenop.tk, 1
+element.hr, 1
+element.io, 1
+elemental.software, 1
+elementalengine.com, 1
+elementalengine.org, 1
+elementalengines.com, 1
+elementalengines.org, 1
+elementalrobotics.com, 1
+elementalsoftware.net, 1
+elementalsoftware.org, 1
+elementarewatson.it, 1
+elementarium.cf, 1
+elementarium.ga, 1
+elementarywave.com, 1
+elementblend.com, 1
+elementbookings.com, 1
+elementedigitale.ro, 1
+elementmea.com, 1
+elementorfa.ir, 1
+elements-space-time.com, 1
+elements.guide, 1
+elementshop.co.uk, 1
+elementsoftware.tk, 1
+elemistlarp.com, 1
+elena-paparizou.tk, 1
+elena-risteska.tk, 1
+elena-soset.cf, 1
+elena-soset.ga, 1
+elena-soset.ml, 1
+elena-soset.tk, 1
+elenagherta.ga, 1
+elenapulizieroma.it, 1
+elenaristeska.tk, 1
+elenaristeskaweb.tk, 1
+elenashilko.ga, 1
+elenaskincarespa.com, 1
+elenatranslations.nl, 1
+elenatroncone.tk, 1
+elenavoce.cf, 1
+elenayulkina.ru, 1
+elencantotecate.com, 1
+elencinar.tk, 1
+eleni.no, 1
+elenorsmadness.org, 1
+elenta.lt, 1
+eleonardo.tk, 1
+eleonora.gay, 1
+eleonoraanzini.tk, 1
+eleonoramazzola.com, 1
+eleonorapapallo.tk, 1
+eleonorengland.com, 1
+eleonrp.tk, 1
+elephant-orchestra.com, 1
+elephant-orchestra.cz, 1
+elephantartonline.com, 1
+elephantbasslab.tk, 1
+elephantia.cf, 1
+elephantorchestra.cz, 1
+elephants.net, 1
+elephants.tk, 1
+eleplant.fi, 1
+elepover.com, 1
+elesconditedelola.com, 1
+eletminosegert.ro, 1
+eletom.pl, 1
+eletor.com, 1
+eletor.pl, 1
+eletrati.com, 1
+eletromaxautopecas.com.br, 1
+eletrotel.com, 1
+elettrauto.roma.it, 1
+elettricista-roma.it, 1
+elettricista-roma.org, 1
+elettricista.roma.it, 1
+elettricisti.roma.it, 1
+elettrodomestici.roma.it, 1
+elettrolinkimpianti.it, 1
+elettronew.com, 1
+eleusis-zur-verschwiegenheit.de, 1
+elev8fashion.ca, 1
+elevacionesrama.com, 1
+elevanhairdressing.co.uk, 1
+elevatewebdesigns.com, 1
+elevationcreative.net, 1
+elevationplumbingandheating.com, 1
+elevationxstudios.com, 1
+elevator.ee, 1
+elevatoraptitudetest.com, 1
+elevaweb.cl, 1
+elevelo.eu, 1
+elevenbeta.tk, 1
+elevenensemble.tk, 1
+elevenpaths.com, 1
+eleventhhouraltar.com, 1
+eleventhhourwatch.com, 1
+elexel.ru, 1
+elexon.co.uk, 1
+elexprimidor.com, 1
+elfe.de, 1
+elfejoyeux.com, 1
+elfi.com, 1
+elfix.sk, 1
+elforat.tk, 1
+elforno.gr, 1
+elforo.tk, 1
+elfranco.tk, 1
+elfrancotirador.tk, 1
+elfring.eu, 1
+elfussports.com, 1
+elgancho.tk, 1
+elgargajo.tk, 1
+elgenero.com, 1
+elgin.ga, 1
+elgin.tk, 1
+elgintexas.gov, 1
+elgoog.im, 1
+elgraffo.tk, 1
+elgrecohotel.gr, 1
+elguillatun.cl, 1
+elgustdecreixer.cat, 1
+elgustodecrecer.es, 1
+elhall.pro, 0
+elhamadimi.com, 1
+elhim-iskra.com, 1
+elhombrepez.tk, 1
+elhorizontal.com, 1
+elhossari.com, 1
+elhuesero.com, 1
+eliamakingmemories.co.nz, 1
+eliamakingmemories.com, 1
+eliang.tk, 1
+elias-erdmann.tk, 1
+eliasfgabriel.com, 1
+eliasfox.com, 1
+eliasfranklinn.tk, 1
+eliasojala.me, 1
+eliasong.com, 0
+eliaswendt.com, 0
+eliaustvarjaspomine.si, 1
+eliav.tk, 1
+elibidore.ml, 1
+elicdn.com, 1
+elie.net, 1
+elielaloum.com, 1
+elifelabs.com, 1
+elifesciences.org, 1
+elifo.com.cn, 1
+eligasht.com, 1
+eligibilis.com, 1
+eligibility.com, 1
+eligibleapi.com, 1
+eligrey.com, 1
+eliis.eu, 1
+elijahbrown.tk, 1
+elijahgrey.com, 1
+elikers.ml, 1
+elimidrol.com, 1
+eliminations.tk, 1
+eliminercellulite.com, 1
+elimit.eu, 1
+elimitecreamforsale.ga, 1
+elimperiolatino.com, 1
+elina.pp.ua, 1
+elinaflower.com, 1
+eline168.com, 1
+elinevanhaaften.nl, 1
+elinformatico.tk, 1
+elink.io, 1
+elinks.tk, 1
+elinspector.tk, 1
+elinternadolagunanegra.tk, 1
+eliolita.com, 1
+eliomotors.com, 1
+eliotchs.org, 1
+eliott.cc, 1
+eliottlavier.com, 1
+elisa.ee, 1
+elisabeth-kostecki.de, 1
+elisabeth-raendel.de, 1
+elisabeth-strunz.de, 1
+elisabethbegle.at, 1
+elisabethborgermans.com, 1
+elisabethcasanova.ch, 1
+elisabethkostecki.de, 1
+elisabethrene.com, 1
+eliseadams.com.au, 1
+elisechristie.com, 1
+eliseshivamber.com, 1
+elisetriestocook.com, 1
+elisity.com, 1
+eliskamyskova.cz, 1
+elit-fitnes.tk, 1
+elit-host.tk, 1
+elit-logistic.ru, 1
+elit.ro, 1
+elitatasehirescort.com, 1
+elite-design.tk, 1
+elite-enc.tk, 1
+elite-forums.tk, 1
+elite-magazin.de, 1
+elite-nakhodka.tk, 1
+elite-porno.ru, 1
+elite-tools.tk, 1
+elite-units.tk, 1
+elite.memorial, 1
+elitebasementsohio.com, 1
+elitebike.com.co, 1
+elitecleaningservices.com.cy, 1
+eliteco.tk, 1
+elitecontentmarketer.com, 1
+elitedns.info, 1
+elitedns.org, 1
+elitefintechglobal.com, 1
+elitegameservers.net, 1
+elitegaragedoors247.com, 1
+eliteholidaylights.com, 1
+elitehouse.tk, 1
+eliteimsolutions.com, 1
+elitelandscapedesigns.ca, 1
+elitemdsupply.com, 1
+elitemud.tk, 1
+elitenovice.tk, 1
+eliteny.com, 1
+elitephysiotherapy.com.au, 1
+eliteprofit.fr, 1
+elitepsychiatryandwellness.com, 1
+elitepumps.net, 1
+eliterequestboard.tk, 1
+elitesim.ga, 1
+elitesquadmodz.tk, 1
+elitetopic.com, 1
+elitetoy.com.br, 1
+elitewealth.in, 1
+elitexcomputing.com, 1
+elitexxx.com, 1
+elithus.se, 1
+elitrahealth.com, 1
+elitsa.gr, 1
+elivenet.com, 1
+elixi.re, 1
+elixir.bzh, 1
+elixirfactory.io, 1
+elizabethcitync.gov, 1
+elizabethgreenfield.com, 1
+elizabethrominski.com, 1
+elizabethtaderera.me, 1
+elizabethtown-ny.gov, 1
+elizafranklin.com, 1
+elizaminami.com.br, 1
+eljay.cc, 1
+eljef.me, 1
+elk.moe, 1
+elka-piter.ga, 1
+elkampeuzo-musique.tk, 1
+elkarizan.com, 1
+elkgroveil.gov, 1
+elkhaus.de, 1
+elki-musik.ch, 1
+elkmontal.gov, 1
+elkmotel.at, 1
+elkodaily.com, 1
+elkonsults.com, 1
+elkovplus.cz, 1
+elkpointmasonry.com, 1
+elkvalley-nsn.gov, 1
+ell-net.tokyo, 1
+ella-kwikmed.com, 0
+ellak.gr, 1
+ellanurse.co.il, 1
+ellas-haarshop.nl, 1
+ellasbubbles.com, 1
+ellatotal.com, 1
+elle-fanning.info, 1
+elle-weine.de, 1
+elle.se, 1
+elleaura.fr, 1
+elledecor.tk, 1
+ellegaard.dk, 1
+ellemental.me, 1
+ellencorddry.com, 1
+ellendalend.gov, 1
+ellenkesters.be, 1
+ellenpage.tk, 1
+ellensburgwa.gov, 1
+ellesoft-freeware.tk, 1
+ellevate.com, 1
+ellhofen-peccioli.de, 1
+elliboettcher.de, 1
+ellierider.com, 1
+elligre.tk, 1
+elliman.com, 1
+ellinaras.tk, 1
+ellingworth.co.uk, 1
+elliot.cat, 1
+elliotbrandwein.com, 1
+elliotlewisms.com, 1
+elliottbernstein.com, 1
+elliottgaming.ga, 1
+elliottinsuranceservices.com, 1
+elliottwoodworking.com, 1
+ellipsoid.cf, 1
+ellipticalmachine.tk, 1
+elliquiy.com, 1
+ellisamusements.co.uk, 1
+elliscoscanner.com, 1
+ellisleisure.co.uk, 1
+ellisvanlaarhoven.tk, 1
+elliteshop.vn, 1
+elliyoung.com, 1
+elloadingjr.ga, 1
+ellty.com, 1
+ellyscakes.com, 1
+elmaci.net, 1
+elmagdclean.com, 1
+elmahost.net, 1
+elmandria.com, 1
+elmarchive.ir, 1
+elmejorcortapelos.com, 1
+elmejordance.tk, 1
+elmenreich.tk, 1
+elmerboroughnj.gov, 1
+elmermx.ch, 1
+elmeson.tk, 1
+elmion.cloud, 1
+elmolar.tk, 1
+elmolist.tk, 1
+elmoro.mx, 1
+elmresan.ir, 1
+elmundodeloso.tk, 1
+elmwoodmi.gov, 1
+elnan.do, 1
+elnegocioperfecto.tk, 1
+elnodiacademy.com, 1
+elo-forum.org, 1
+elo-rocket.com, 1
+elobservador.tk, 1
+eloca.ls, 1
+elocals.me, 1
+elodees.com, 1
+elodieclerc.ch, 1
+elodrias.de, 1
+elog.tokyo, 1
+eloge.se, 1
+elohellp.com, 0
+eloiseponnau.com, 1
+elok.eu.org, 1
+elon.gov, 1
+elona-wvw.de, 1
+elonaspitze.de, 1
+elonbase.com, 1
+elonma.gov, 1
+elontime.de, 1
+elopementsnashville.com, 1
+elorbe.com, 1
+elosoavila.tk, 1
+elosrah.com, 0
+elovip.com.br, 1
+eloxt.com, 1
+elpac.info, 1
+elpactest.com, 1
+elpactest.eu, 1
+elpactest.info, 1
+elpactest.org, 1
+elpandemonio.tk, 1
+elpcnc.com, 1
+elpellejodelabreva.tk, 1
+elperdigon.tk, 1
+elphnt.io, 1
+elpincho.tk, 1
+elpitazo.net, 1
+elplugins.xyz, 1
+elpo.net, 1
+elposconflicto.org, 1
+elpreciosostud.com, 1
+elprincipevegeta.tk, 1
+elprofeshows.com, 1
+elpromaucae.tk, 1
+elpueblo.com.do, 1
+elquintoas.tk, 1
+elradiobuffet.tk, 1
+elradix.be, 1
+elradix.eu, 1
+elranchofeliz.org, 1
+elrealsw.com, 1
+elrebollar.tk, 1
+elrenook.gov, 1
+elreportero.tk, 1
+elri.blog, 1
+elrincondelotaku.tk, 1
+elrinconderovica.com, 1
+elron.ee, 0
+elrubio.tk, 1
+elsadonaire.tk, 1
+elsas.tk, 1
+elsassdestination.fr, 0
+elsbouslanostraaficio.tk, 1
+elsector7.tk, 1
+elsemanariodesalamanca.tk, 1
+elsenzhafen.de, 1
+elsg.co.uk, 1
+elshop1eu.com, 1
+elshou.com, 1
+elstravato.com, 1
+elsuccionador.com, 1
+elsvanderlugt.nl, 1
+elsvanmerhaeghe.be, 1
+elsword.moe, 0
+elsylist.com, 1
+elta.com.ua, 1
+eltair.com, 1
+eltar.pl, 1
+eltconsultants.com.mx, 1
+eltec.es, 1
+eltern-verein.ch, 1
+elternbeiratswahl.online, 1
+elternverein-utzenstorf.ch, 1
+elternzimmer.de, 1
+eltip.click, 1
+eltjon.duckdns.org, 1
+eltlaw.com, 1
+elto.ch, 0
+eltonpastilha.me, 1
+eltormo.tk, 1
+eltoroweakly.com, 1
+eltransportquevolem.org, 1
+eltron.com.ua, 1
+eltuito.tk, 1
+eluancm.net, 1
+elucron.com, 1
+eluhome.de, 1
+elusivetranslations.com, 1
+eluvade.com, 1
+eluvio.com, 1
+elvac.eu, 1
+elvalordelsaliments.cat, 1
+elvcino.com, 0
+elverdaderoamor.tk, 1
+elvikom.co.uk, 1
+elviraszabo.com, 1
+elvis-atouchofgold.com, 0
+elvis-presley.tk, 1
+elvismania.tk, 1
+elvispresley.net, 1
+elvisvrconnect.co.uk, 1
+elvonet.hr, 1
+elvorti.bg, 1
+elvorti.com, 1
+elvtr.com, 0
+elwave.org, 1
+elweronete.tk, 1
+elwix.com, 1
+elyazmusic.com, 1
+elycoin.io, 0
+elysiandigital.co, 1
+elysiria.fr, 1
+elysium-team.tk, 1
+elysium.coop, 1
+elysiumware.com, 1
+em-biotek.cz, 0
+em-racing.com, 1
+em-racing.de, 1
+em888.vip, 0
+emabot.tk, 1
+emacitylife.com, 1
+emad7.tk, 1
+emagazine.com, 1
+emaging-productions.fr, 1
+emaging.fr, 1
+email-pipeline.xyz, 1
+email-verifier.tk, 1
+email.repair, 0
+email24.cf, 1
+email4u.at, 1
+emailable.com, 1
+emailablev.com, 1
+emailalaperformance.fr, 1
+emailalias.nl, 1
+emailbusters.tk, 1
+emailconfiguration.com, 1
+emailexpress.ga, 1
+emailfreeshop.tk, 1
+emailgonderim.tk, 1
+emailhunter.co, 1
+emailing.alsace, 1
+emailing.ga, 1
+emaillagebaingenial.ca, 1
+emailmasker.nl, 1
+emailmeform.com, 1
+emailprivacytester.com, 1
+emailprocessorpro.gq, 1
+emailpursuits.com, 1
+emailroundup.com, 1
+emailservers.tk, 1
+emailspedia.com, 1
+emailtemporal.org, 0
+emakicms.com, 1
+emaks.tk, 1
+emalm.com, 1
+emamiltd.in, 1
+emancipator.com, 1
+emanol.co.uk, 1
+emanuel.photography, 1
+emanuela-gabriela.co.uk, 0
+emanuelachiriaco.tk, 1
+emanuelduss.ch, 1
+emanuelemazzotta.com, 1
+emaps.tk, 1
+emaratalyoum.com, 1
+emarhotel.bg, 1
+emarketingmatters.com, 1
+emas-beja.pt, 1
+emater.com, 1
+emavending.club, 1
+emavok.eu, 1
+emaygroup.co, 1
+emazrin.tk, 1
+emazzanti.net, 1
+embarcados.com.br, 1
+embassycargo.eu, 1
+embawood.az, 1
+embedded.com, 1
+embelgium.org, 1
+embelize.com, 1
+embellir-aroma.com, 1
+embellir-kyujin.com, 1
+embellishop.com, 1
+ember.co, 1
+emberit.com, 1
+emberlife.com, 1
+embien.co, 1
+embodiaacademy.com, 1
+embodiaapp.com, 1
+embodied.vision, 1
+embonus.dk, 1
+emboque.tk, 1
+embouts-et-bouchons.fr, 1
+embox.net, 1
+embracecontext.com, 1
+embracer.com, 1
+embracethedarkness.co.uk, 1
+embracezine.tk, 1
+embraco.com, 0
+embryologist.info, 1
+embryooptions.com, 1
+emby.cloud, 1
+emby.live, 1
+emccglobal.org, 1
+emceemanic.tk, 1
+emcentrix-com-site-mvc.azurewebsites.net, 1
+emcloud.io, 1
+emcspotlight.com, 1
+emdadkhodrokaraj.ir, 1
+emdadulislam.tk, 1
+emdbonlinehelp.tk, 1
+emdep.com, 1
+emdesigns.tk, 1
+emdrupholm.dk, 1
+emdvcorasia.com, 1
+emdynint.io, 1
+emed.com, 0
+emeetattd.ddns.net, 1
+emeklifinans.com, 1
+emeliecrystal.net, 1
+emeliefalk.se, 1
+emeliemai.com, 1
+emelies-inspiration.tk, 1
+ememsei.com, 1
+emenaspa.com, 1
+emenshop.cf, 1
+emenshop.ga, 1
+emenshop.ml, 1
+emenshop.tk, 1
+emeralda.tk, 1
+emeraldcbdshop.com, 0
+emeraldcoastrideshare.com, 1
+emeraldcoasturgentcare.com, 1
+emeraldheights.tk, 1
+emeraldshield.com, 1
+emeres.tk, 1
+emergency-broadcast-system.tk, 1
+emergency-federal-register.gov, 1
+emergencycommand.us, 1
+emergencymanagementedu.org, 1
+emergencyportal.tk, 1
+emergenzaduepuntozero.it, 1
+emergingafricagroup.com, 1
+emergingindustryprofessionals.com, 1
+emero.de, 0
+emersoncanada.ca, 1
+emersonreview.tk, 1
+emersya.com, 1
+emex.ro, 1
+emffren.com.tr, 1
+emi.im, 1
+emielraaijmakers.nl, 1
+emigrantes.tk, 1
+emigratieplanner.com, 1
+emil-dein-baecker.com, 1
+emil-dein-baecker.de, 1
+emil-reimann.com, 1
+emil-reimann.de, 1
+emil.click, 0
+emil.one, 0
+emilecourriel.com, 1
+emileon.gr, 1
+emilianomaccaferri.com, 1
+emiliaperkkola.fi, 1
+emiliaromagnaeconomy.it, 1
+emiliederavinspain.tk, 1
+emiliehouse.net, 1
+emiliendevos.be, 1
+emilieporte.fr, 1
+emilio.media, 1
+emilioadani.com, 1
+emiliopj.es, 1
+emiliops.com, 1
+emilong.com, 1
+emilreimann.de, 1
+emils-1910.de, 1
+emils-chemnitz.de, 1
+emils1910.de, 1
+emilsleker.no, 1
+emilstahl.com, 1
+emilstahl.de, 1
+emilstahl.dk, 1
+emilstahl.eu, 1
+emilstahl.se, 1
+emilvanderwal.tk, 1
+emilvarga.com, 1
+emily-website.tk, 1
+emily.moe, 1
+emilybellydance.com.au, 1
+emilymarques.ga, 1
+emilypennock.co.uk, 1
+emilypennock.com, 1
+emilysweet.com, 1
+emilywufaith.tk, 1
+emina-arapovic.tk, 1
+eminafans.tk, 1
+emindweb.com, 1
+eminem.kim, 1
+eminencepools.com, 1
+emirates247.com, 1
+emiratesairline.co.uk, 1
+emirefek.net, 1
+emirichardson.com, 1
+emisia.com, 1
+emisoralavozdedios.tk, 1
+emissionsgroup.com, 1
+emissionssafe.org, 1
+emita.ee, 1
+emivauthey.com, 0
+emkan-furniture.com, 1
+emkanrecords.com, 0
+emkode.pl, 1
+emla.info, 1
+emlcloud.com, 1
+emls.fr, 1
+emma-central.tk, 1
+emma-o.com, 1
+emma-secret.com, 1
+emma-und-felix-heiraten.de, 1
+emmababy420.com, 1
+emmadreams.net, 1
+emmagarland.com, 1
+emmajayne.tk, 1
+emmalegalnurse.com, 1
+emmaliddell.com, 0
+emmanuelle-et-julien.ch, 1
+emmanuelorocker.com, 1
+emmaowl.com, 1
+emmastarr.net, 1
+emmaste.edu.ee, 1
+emmastree.com, 1
+emmauspa.gov, 1
+emmawatsonking.tk, 1
+emmawatsononline.tk, 1
+emmdy.com, 0
+emmedicom.ml, 1
+emmedicom.tk, 1
+emmepole.tk, 1
+emmerdale.me.uk, 1
+emmetcountyia.gov, 1
+emmilein.com, 1
+emmiwelentain.com, 1
+emmynet.de, 1
+emo-poris.com, 1
+emo.ie, 1
+emocionado.com, 1
+emocionypensamiento.com, 1
+emocje.com, 1
+emoforum.tk, 1
+emoji-meaning.org, 1
+emoji.web.tr, 1
+emojikeyboard.top, 1
+emojiteka.pl, 1
+emojiterra.com, 1
+emolafarm.com, 1
+emolar.com, 1
+emond-usedcars.net, 0
+emoneycircle.com, 1
+emonovo.com, 1
+emonsarkar.tk, 1
+emopics.com, 1
+emotality.com, 1
+emote.bot, 1
+emotebank.com, 1
+emotebot.com, 1
+emotionalonlinestorytelling.com, 1
+emotionsanonymous.org, 1
+emotionsgroup.kz, 1
+emotive.productions, 1
+emoxie.com, 0
+empathogen.com, 1
+empathogens.com, 1
+empathy.ca, 1
+empathyband.tk, 1
+empatico.xyz, 1
+empatify.com, 1
+empatify.pl, 1
+empatos.cf, 1
+empeltd.com, 1
+emperola.com, 1
+emperor-penguin.com, 1
+emperor-penguins.com, 1
+emperoranimeindo.tk, 1
+emperors.net, 1
+empfrm.com, 1
+empherino.net, 1
+empietraining.com, 1
+empire-forum.tk, 1
+empire-group.co.nz, 1
+empire-univ.com, 1
+empire24.co, 1
+empireauto-2000.com, 1
+empiredenham.ga, 1
+empirehall.com.ua, 1
+empireking.us, 1
+empirelevel.eu, 1
+empireliverfoundation.org, 1
+empirestatejazzcafe.com, 1
+empiria.site, 1
+emplifi.io, 1
+emploi-collectivites.fr, 0
+emploi-international.net, 1
+emploi-saintefoytarentaise.fr, 1
+employeeexpress.gov, 1
+employeemanual.com.au, 1
+employer.gov, 1
+employer411.com, 1
+employeradmin.com, 1
+employersolutionsgroup.com, 1
+employersupport.co.uk, 1
+employflorida.com, 1
+employmax.co.za, 1
+employmaxcampus.co.za, 1
+employmaxetd.co.za, 1
+employment-applicant.com, 1
+employment-solutions.ca, 1
+employment.uk.com, 1
+employmentguide.com, 1
+employmenttracking.ga, 1
+emporiaks.gov, 1
+emporikonathenshotel.com, 1
+emporioarchitect.com, 1
+emporiodiamelia.com.br, 1
+emporiodosperfumes.com.br, 1
+emporioguarani.com.br, 1
+emporioonline.com.br, 1
+emporiopurochile.com.br, 1
+emporium-italy.com, 1
+emporiumbeverages.com, 1
+empoweraces.com, 1
+empowerdb.com, 1
+empowered-decision.com.au, 1
+empoweren.com, 1
+empoweringdifferences.com, 1
+empowernation.org, 1
+empowersimcoe.ca, 1
+empoweryou.ca, 1
+emprechtinger.com, 1
+emprego.pt, 1
+empregosrj.com, 1
+empreinte.ca, 1
+emprendecausa.com, 1
+emprendeconchrisfx.com, 1
+emprendedoresdesevilla.es, 1
+emprendimientoweb.co, 1
+emprendimientoyformacion.com, 1
+empresa365.com, 1
+empresautil.tk, 1
+emprestimodedinheiro.com, 1
+emprestimosemcomprovar.com, 1
+emprunterlivre.ci, 1
+empsi-sup.com, 1
+emptiness.cf, 1
+empty.host, 1
+emptyarcade.com, 1
+emptybox.org, 1
+emptypath.com, 1
+emptysmile.tk, 1
+empyreanrule.com, 1
+emq.io, 1
+emrah.io, 1
+emrawi.org, 1
+emreaydinfan.tk, 1
+emrecicekmuhendislik.com, 1
+emresaglam.com, 1
+emrgnc.co.uk, 1
+emrullahsahin.com, 1
+ems.gov, 1
+emsa-casm.ca, 1
+emsd.tw, 1
+emsdinghies.com, 1
+emse.fr, 1
+emsliespharmacy.com.au, 1
+emsnow.com, 1
+emsrealfood.nl, 0
+emta.ee, 0
+emtex.at, 1
+emtex.co.jp, 1
+emtofis.com, 1
+emtpigging.com, 1
+emtpigging.my, 1
+emtradingacademy.com, 1
+emu.dk, 1
+emu.land, 1
+emulation-archive.org, 1
+emulationking.com, 1
+emulator.ml, 1
+emulator.wtf, 1
+emulatronic.tk, 1
+emulefans.com, 1
+emulovers.com, 1
+emulsifier.ga, 1
+emunet.net, 1
+emurom.net, 1
+emuser.tk, 1
+emusicuz.tk, 1
+emvoiceapp.com, 1
+emw3.com, 1
+emxvn.co.za, 1
+emyr.net, 1
+emyself.org, 1
+emystars.tk, 1
+emzi0767.com, 1
+emzy.de, 1
+en-crypt.me, 1
+en-maktoob.search.yahoo.com, 0
+en-wp.com, 1
+en-wp.org, 1
+en0.io, 1
+en4rab.co.uk, 1
+en4u.org, 1
+enaah.de, 1
+enable-javascript.com, 1
+enableyourlife.com, 1
+enabling.ga, 1
+enactor.co, 1
+enactus.org, 1
+enactusteesside.org, 1
+enagramm.com, 1
+enalean.com, 1
+enam.gov.in, 1
+enamae.net, 1
+enamelpin.club, 1
+enaminestore.com, 1
+enamonada.com, 1
+enattendantpauline.ca, 1
+enaturelive.com, 1
+enbecom.net, 1
+enboarder.com, 1
+enbulleiugnen.com, 1
+enby.army, 1
+encd.life, 1
+encelaya.com.mx, 1
+encfs.win, 1
+enchantedcode.co.uk, 1
+enchantedcottage.tk, 1
+enchong.com, 1
+encinitastrainer.com, 1
+encircleapp.com, 1
+encode.host, 1
+encodecloud.net, 1
+encontra-me.org, 1
+encontreumagp.com, 1
+encontro.online, 1
+encontroespiritadeinverno.com.br, 1
+encore.tech, 1
+encoreglobal.com, 1
+encoro.org, 1
+encotentin.fr, 1
+encountercss.com, 1
+encouragemarketing.com, 1
+encredible.de, 0
+encredible.org, 0
+encres-nelly.fr, 1
+encretplomb.ch, 0
+encryp.ch, 1
+encrypt.cf, 1
+encrypt.my.id, 1
+encrypted.at, 1
+encrypted.google.com, 1
+encryptedaudience.com, 1
+encryptedconnection.net, 1
+encryptionweb.tk, 1
+encryptmy.site, 1
+encryptmycard.com, 1
+encryptographs.com, 1
+encuentra-todo.tk, 1
+encuentra.tk, 1
+encuentraapoyo.gov, 1
+encuestaspagadas.com.mx, 1
+encuestaspagadas.org, 1
+encurta.ml, 1
+encycarpedia.com, 1
+end.tf, 1
+endangeredwatch.com, 1
+endavantstap9b.tk, 1
+endbegins.tk, 1
+endbox.email, 1
+endcottagevets.co.uk, 1
+ende-x.com, 1
+endeal.nl, 1
+endean.com, 1
+endeavourbiz.com, 1
+endee.de, 1
+endeksa.com, 1
+endener.com, 1
+ender.co.at, 1
+ender.fr, 1
+ender.moe, 1
+ender3.info, 1
+enderandrew.com, 1
+enderbycamping.com, 0
+enderdrachelp.ddns.net, 1
+enderhost.tk, 1
+enderle.cloud, 1
+enderman.eu, 1
+enderszone.com, 0
+endiana.cf, 1
+endiana.ga, 1
+endiana.gq, 1
+endiana.ml, 1
+endingthedocumentgame.gov, 1
+endless.pet, 1
+endlessdiy.ca, 1
+endlessfashion.tk, 1
+endlessgrind.com, 1
+endlesshorizons.info, 1
+endlessvideo.com, 1
+endlesswebsite.tk, 1
+endofevolution.com, 1
+endofinternet.goip.de, 1
+endoflife.date, 1
+endofodo.goip.de, 1
+endoftenancycleaninglondon.co.uk, 1
+endohaus.us, 1
+endometriu.ml, 1
+endondehay.com, 1
+endoscope.bg, 1
+endpipe.com, 1
+endplasticwaste.org, 1
+endpointclinical.com, 1
+endrinas.com, 1
+endrust.com.au, 1
+endspamwith.us, 1
+enduranceseries.ca, 1
+enduroxtrem.tk, 1
+endustriyelfirinlar.com, 1
+endviolence.gc.ca, 1
+enecivilela.com, 1
+enefit.com, 1
+enefit.ee, 1
+enefitconnect.ee, 1
+enefitgreen.ee, 1
+enefitgreen.lt, 1
+enefitgreen.lv, 1
+enefitvolt.com, 1
+enefix.eu, 1
+eneko.com, 1
+enekogarrido.com, 0
+enel.com, 1
+enelgreenpower.com, 1
+enemybase.tk, 1
+enemyofman.com, 1
+enemyterritory.tk, 1
+energaia.de, 1
+energetic.cc, 1
+energetica.ga, 1
+energeticafemenina.com, 1
+energetikasmuzejs.lv, 1
+energialibre.tk, 1
+energianuclear.tk, 1
+energiatalgud.ee, 1
+energiaurbana.tk, 1
+energicertifikat.fi, 1
+energie-sante.ch, 0
+energiecentrale.gent, 1
+energieconsultonline.nl, 1
+energiekeurplus.nl, 1
+energielabelbinneneenweek.nl, 1
+energiemines.ma, 1
+energiewende.com.br, 1
+energikompetens.se, 1
+energizer.eu, 1
+energoproff.com, 1
+energoset-spb.ru, 1
+energozrouti.cz, 0
+energy-drink-magazin.de, 1
+energy-fm.tk, 1
+energy-healings.com, 1
+energy-in-balance.eu, 0
+energy-robotics.com, 1
+energy.eu, 1
+energyatlas.com, 1
+energyaupair.dk, 1
+energyaupair.nl, 1
+energyaupair.no, 1
+energyaupair.se, 1
+energybooster.ml, 1
+energybooster.tk, 1
+energycodes.gov, 1
+energycommunities.gov, 1
+energyconsultonline.nl, 1
+energycrewing.com, 1
+energydrinkblog.de, 1
+energyefficientservices.com, 1
+energyelephant.com, 1
+energyforum.tk, 1
+energygenie.com.au, 1
+energygroup.gq, 1
+energygroup.tk, 1
+energyguru.tk, 1
+energyhomeservice.ca, 1
+energyhybrid.ga, 1
+energylink.com, 1
+energylocal.com.au, 1
+energylocals.au, 1
+energylocals.com, 1
+energylocals.com.au, 1
+energylocals.org, 1
+energymedia.tk, 1
+energysaveroregon.com, 1
+energysite.tk, 1
+energystar.gov, 1
+energysystems.com, 1
+energytrust.tk, 1
+energyuse.net, 1
+energywisdom.tk, 1
+enerity.eu, 1
+enerity.io, 1
+enerot.com, 1
+eneroths.se, 1
+enerpac.com, 1
+enersaveapp.org, 1
+enerte.ru, 1
+enerypa.tk, 1
+enescrackmerkezi.tk, 1
+enet-navigator.de, 1
+enet.eu, 1
+eneti-inc.com, 1
+enett.team, 1
+enewspapers.tk, 1
+enfant.tk, 1
+enfants-terribles.tk, 1
+enfantsdelarue.ch, 1
+enfasyperfumarias.com, 1
+enfermedaddelbeso.com, 1
+enfieldheightsacademy.org.uk, 1
+enflow.nl, 1
+enforcement-trends-dev.azurewebsites.net, 1
+enforcement-trends-test.azurewebsites.net, 1
+enforcement-trends.azurewebsites.net, 1
+eng-erlangen.de, 0
+eng3corp.com, 1
+eng4arab.tk, 1
+engageapp.net, 1
+engagelogic.com, 1
+engagewarnerrobinsga.gov, 1
+engagewell.com, 1
+engagingmuscles.com, 1
+engagio.com, 1
+engalego.tk, 1
+enganchesevilla.es, 1
+engbers.com, 1
+engelandautohuur.nl, 1
+engeldasein.at, 1
+engeldasein.com, 1
+engelk.de, 1
+engelmann.com, 0
+engelorchester.de, 1
+engelsism.tk, 1
+engelundlicht.ch, 1
+engelzicht.com, 1
+engen.co.za, 0
+engg.ca, 1
+enggar.tk, 1
+enghero.com, 1
+engie-laadpalen.nl, 1
+engima.nl, 1
+engineer-kobe.ga, 1
+engineer-route.com, 1
+engineer.org.my, 0
+engineeringclicks.com, 1
+engineeringidea.ga, 1
+engineertaplin.co.uk, 1
+enginefirefighter.com, 1
+enginemoves.com, 1
+engineowning.com, 1
+enginepit.com, 1
+enginsight.com, 1
+enginx.net, 1
+enginytech.com, 1
+engione.com, 1
+engl-amps.com, 1
+engl-amps.net, 1
+engl-customshop.com, 1
+engl-customshop.de, 1
+engl-customshop.net, 1
+engl-distribution.com, 1
+engl-distribution.de, 1
+engl-distribution.net, 1
+engl-server.de, 1
+engl-systems.de, 1
+england-fixed-matches.com, 1
+englandairportcars.com, 1
+englandbeach.com, 1
+englandlearn.com, 1
+englandschool.tk, 1
+englesh.org, 1
+english-e-reader.net, 1
+english-to-russian-translation.tk, 1
+english-training.tk, 1
+english.events, 1
+englishbulgaria.net, 1
+englishcast.com.br, 1
+englishclassworksheets.com, 1
+englishclub.com, 1
+englishcompany-mobile.jp, 1
+englishcompany.jp, 1
+englishdirectory.de, 1
+englishfamilyzone.tk, 1
+englishll.com, 1
+englishlol.com, 1
+englishouse.tk, 1
+englishprovence.com, 1
+englishschoolforkids.com.ua, 1
+englishteacheredu.org, 1
+englishtofrench.eu, 1
+englishyamal.ru, 0
+engodnat.dk, 1
+engraffo.com, 1
+engrama.tk, 1
+engrepair.com, 1
+engrish.ml, 1
+engso-education.eu, 1
+engso.com, 1
+engso.eu, 1
+engsoyouth.eu, 1
+engsubjav.com, 1
+engution.biz, 0
+engvid.com, 1
+engweld.co.uk, 1
+engym.com.tw, 1
+engz.icu, 1
+enhanced-mail.tk, 1
+enhancemedia.co.uk, 1
+enia.com, 1
+enigheten.tk, 1
+enigma.swiss, 0
+enigmacpt.com, 0
+enigmamusic.tk, 1
+enigmatry-website-test.azurewebsites.net, 1
+enigmatry.com, 1
+enigmavault.io, 1
+enip2.ru, 1
+enitso.de, 1
+enity.tk, 1
+eniwa-eye.com, 1
+enixgaming.com, 0
+eniyicrmprogramlari.tk, 1
+enizioshop.com, 1
+enji-sendai.com, 1
+enjieding.com, 1
+enjin.io, 1
+enjin.zone, 1
+enjincoin.io, 1
+enjinwallet.io, 1
+enjoy-drive.com, 1
+enjoybeer.dk, 1
+enjoymaloy.info, 1
+enjoytransferitalia.com, 1
+enka-works.com, 1
+enka-works.jp, 1
+enka-works.net, 1
+enkelanmalan.se, 1
+enkelpaamelding.no, 1
+enker.tk, 1
+enkolaysertifika.com, 1
+enkrypt.com, 1
+enky.be, 1
+enlacesgranotas.tk, 1
+enlamochiladeadri.com, 1
+enlasnubes.tk, 1
+enlaztravel.com, 1
+enlightenspeech.com, 1
+enlightio.com, 1
+enlightsec.se, 1
+enlnf.link, 1
+enloestatebank.com, 1
+enlyft.com, 0
+enmieux.be, 1
+enmowe.co.ke, 1
+enmowe.tech, 1
+ennd.com, 1
+enno.mom, 0
+ennori.jp, 1
+ennova.com, 0
+enoahinc.com, 1
+enodais.gr, 1
+enoenergy.com, 1
+enofmusic.com, 1
+enoisdaturma.tk, 1
+enolalingerie.com, 1
+enomada.net, 1
+enoou.com, 1
+enosiseurotrade.com, 1
+enosistrade.com, 1
+enot32.ru, 1
+enotar.ch, 1
+enoteca.do, 1
+enoteca.roma.it, 1
+enotecabortone.it, 1
+enotecastore.it, 1
+enotefile.com, 1
+enotovil.ru, 1
+enotrosmundos.tk, 1
+enpalmademallorca.info, 1
+enpasenerji.com.tr, 1
+enputu.tk, 1
+enquetebeteiligung.de, 1
+enquos.com, 1
+enrack.tk, 1
+enrega.com, 1
+enrich.email, 1
+enrichdata.ai, 1
+enriched.news, 1
+enrique-monroy.tk, 1
+enrique.wtf, 1
+enriqueamaro.com, 1
+enriqueferreira.com, 1
+enriquepiraces.com, 1
+enriquezdomenech.ninja, 1
+enroll2control.com, 1
+enrollapp.com, 1
+enroo-tech.com, 1
+enrouleur-bache.fr, 1
+enroutedeliveryservice.com, 1
+ensage.io, 1
+ensaladasvinagreta.com, 1
+ensap.gouv.fr, 1
+ensayistas.org, 1
+ensemble-conseils-et-services.fr, 1
+ensemble-rubato.de, 1
+enshin-karate.tk, 1
+ensightpharma.com, 1
+ensightsolutions.us, 1
+ensilencio.tk, 1
+ensingpodotherapie.nl, 1
+enskat.de, 1
+enslavedplantationclub.com, 1
+ensley.tech, 1
+ensma.fr, 1
+ensons.de, 1
+ensonyan.com, 1
+enstep.ru, 1
+enstroga.at, 1
+ensured.com, 1
+ensured.nl, 1
+ensurtec.com, 1
+ensy.cz, 1
+ent.cat, 1
+entabe.com, 1
+entabe.jp, 1
+entactogen.com, 1
+entactogens.com, 1
+entasyonline.com, 1
+entdeckertouren.com, 1
+enteente.com, 1
+entegrations.io, 1
+enter.co, 1
+enter.eco, 1
+enteratesoria.tk, 1
+enterclaim.com, 1
+enterdev.co, 1
+enterdown.com, 1
+enteronline.tk, 1
+enterprise-hr.com, 1
+enterprisecloudservices.inc, 1
+enterprisenetworksecurity.net, 1
+enterpriseoregon.gov, 1
+enterpriset.cf, 1
+enterprisey.enterprises, 1
+entersoftsecurity.com, 1
+entersynapse.com, 1
+entertaiment-news.tk, 1
+entertainerzone.tk, 1
+entertainmentblog.tk, 1
+entertainmentmesh.com, 1
+entertainmentsrit.tk, 1
+enterthehollow.com, 1
+enteweb.tk, 1
+enthasso.gr, 1
+entheo-worldeyes.org, 1
+entheogens.com, 1
+entheorie.net, 1
+enthrallinggumption.com, 1
+entityelevation.com, 1
+entityfiling.com, 1
+entomologia.it, 1
+entorangecounty.com, 1
+entouchgo.com, 1
+entpe.fr, 1
+entradacaminitorey.com, 1
+entrainchat.it, 1
+entrainr.com, 1
+entranceinfo.tk, 1
+entranz.nl, 1
+entreamigos.tk, 1
+entrecieletpierres.com, 0
+entregarapida.cf, 1
+entremass.com, 1
+entrenossocialinfo.com, 1
+entreprenet.gq, 1
+entrepreneuraj.com, 1
+entrepreneuretlibre.com, 1
+entrepreneurialopensource.org, 1
+entrepreneurnight.com, 1
+entreprise-innovante.fr, 1
+entreprises.gouv.fr, 1
+entreterse.com.br, 1
+entretien-roche.fr, 1
+entreutilidades.com.br, 1
+entrevistadesucesso.ga, 1
+entrezdansladanse.fr, 1
+entronica.co.th, 1
+entropy.su, 1
+entropyofdelicatewonders.com, 1
+entropytcg.com, 1
+entruempelung-berlin.de, 1
+entrup.io, 1
+entryboss.cc, 1
+entryscape.at, 1
+entryscape.ch, 1
+entryscape.com, 1
+entryscape.de, 1
+entryscape.net, 1
+entryscape.se, 1
+entserv.eu, 0
+entwickler.land, 1
+entwicklung.center, 1
+entzoneplan.com, 1
+enuchi.com, 1
+enuchi.jp, 1
+enumasecurity.com, 1
+enuygun.com, 1
+enuygunaucakbileti.com, 1
+envaldemoro.com, 1
+envant.co.uk, 1
+envelope.co.nz, 1
+envelopeartisans.com, 1
+envelopegroup.com, 1
+enveloppenopmaat.nl, 1
+enverid.com, 1
+envescent.com, 1
+envia.com.gt, 1
+enviam.de, 1
+enviarcurriculumvitae.com, 0
+enviartucurriculumvitae.com, 1
+enviatufoto.com, 0
+envide.no, 1
+enviesdeville.fr, 1
+enviodedinero.online, 1
+enviosnegocios.tk, 1
+envir.ee, 0
+envirhom.com, 1
+enviro-clear.co.uk, 1
+enviroli.ch, 1
+enviroli.co.nz, 1
+enviroli.co.uk, 1
+enviroli.cz, 1
+enviroli.dk, 1
+enviroli.eu, 1
+enviroli.li, 1
+enviroli.org.uk, 1
+enviroli.ro, 1
+enviroli.se, 1
+enviroli.uk, 1
+environcom.co.uk, 1
+environment.ai, 1
+environmental-colleges.com, 1
+environmentaljustice.gov, 1
+environmentalscience.org, 1
+envirotecstructures.com.au, 1
+envirotivity.com, 1
+envisionmedicalgroup.com, 0
+envisionsproperty.com, 1
+envisolarvind.tk, 1
+envistacu.com, 1
+enviyatar.tk, 1
+envoie.moi, 1
+envoyair.com, 1
+envoybrain.com, 1
+envoyez.moi, 1
+envoyglobal.com, 1
+envoypresents.com, 1
+envydesigns.tk, 1
+envygeeks.io, 1
+envysmile.com, 1
+enweb.ml, 1
+enwikipedia.tk, 1
+enwillyado.tk, 1
+enwo.co, 1
+enwo.io, 1
+enxadahost.com, 1
+enzofardone.ga, 1
+enzosoares.com, 1
+enzyme-sensor.net, 1
+eo-literaturo.tk, 1
+eoa.live, 1
+eocservices.co.uk, 1
+eod.su, 1
+eohima.org, 0
+eol-team.tk, 1
+eola.co, 1
+eoliennedetoit.com, 1
+eomnneo.cz, 1
+eon.tech, 1
+eonclub.tk, 1
+eongame.tk, 1
+eonhive.com, 1
+eons.io, 1
+eonwavesstudio.com, 1
+eooe.me, 1
+eoonglobalresources.jp, 1
+eopac.net, 1
+eoperth.com.au, 1
+eos-croatia.com, 0
+eos-utvalget.no, 0
+eosagonline.ru, 1
+eoscryptocurrency.com, 1
+eosguru.ru, 1
+eosinofilos.com, 1
+eosol.de, 1
+eosol.net, 1
+eosol.services, 1
+eotvosoh.hu, 0
+eov2.com, 1
+ep-cortex.com, 1
+ep-plus.jp, 1
+epa.com.es, 1
+epagos.com.ar, 1
+epal.pt, 1
+epaoig.gov, 1
+epasar.my, 0
+epaslaugos.lt, 1
+epavape.eu, 1
+epave.paris, 1
+epawnatl.com, 1
+epay.bg, 1
+epaygateway.net, 1
+epcomputacion.com.ar, 1
+epcreation.nl, 1
+epcwd-ca.gov, 1
+epdemo.selfip.com, 1
+epdeveloperchallenge.com, 1
+epdiekirch.tk, 1
+epdigital.biz, 1
+ephemia.com, 1
+ephesusbreeze.com, 1
+epi.one, 0
+epic-semiconductors.com, 1
+epic-vistas.com, 1
+epic-vistas.de, 1
+epic.ca, 1
+epic.gl, 1
+epic.org, 1
+epica.tk, 1
+epicapos.cz, 1
+epicawesomemods.com, 1
+epicdesign1.tk, 1
+epicdesign2.tk, 1
+epicdowney.com, 1
+epicentar.mk, 1
+epicenter.ga, 1
+epicenter.work, 1
+epicentre-amsterdam.tk, 1
+epicentre.works, 1
+epicerie-raccourci.com, 1
+epicfail.be, 1
+epicforums.tk, 1
+epicginger.fi, 1
+epichouse.net, 0
+epicinflatables.co.uk, 1
+epiclawnpro.com, 1
+epiclegends.ml, 1
+epicmoney.tk, 1
+epicmusicradio.ml, 1
+epicpages.com, 1
+epicridesbahamas.com, 1
+epicsecure.de, 1
+epicserver.ru, 1
+epicsoft.de, 1
+epicteam.tk, 1
+epicteller.com, 0
+epicvideofactory.com, 1
+epicvistas.com, 1
+epicvistas.de, 1
+epidastudio.com, 1
+epidauros.be, 1
+epieos.com, 1
+epigrafes-led-farmakeia.gr, 1
+epikchat.com, 1
+epilis.gr, 1
+epinesdeparadis.com, 1
+epiphaniusmacar.com, 1
+epiphanyofourlordchurch.com, 1
+episails.com, 1
+episkevh-plaketas.gr, 1
+episode.tk, 1
+epistas.com, 1
+epistas.de, 1
+epistula.com, 1
+epitafija.ru, 1
+epitelial.com, 1
+epitesti.ro, 1
+epitesz.co, 1
+epiteugma.com, 1
+epizentrum.work, 1
+epizentrum.works, 1
+epl.ee, 1
+eplayer.cz, 1
+eplayer.sk, 1
+eplenet.tk, 1
+epliar.com, 1
+eplus.group, 1
+epm-bg.com, 1
+epmcentroitalia.it, 1
+epmonthly.com, 1
+epoch-film.ml, 1
+epochcg.pt, 1
+epolitiker.com, 1
+epos.az, 1
+eposbirmingham.co.uk, 1
+eposbrighton.co.uk, 1
+eposbristol.co.uk, 1
+eposcardiff.co.uk, 1
+eposig.net, 1
+eposkent.co.uk, 1
+eposleeds.co.uk, 1
+eposleicester.co.uk, 1
+eposliverpool.co.uk, 1
+eposlondon.co.uk, 1
+eposmidlands.co.uk, 1
+eposnottingham.co.uk, 1
+eposreading.co.uk, 1
+epossheffield.co.uk, 1
+epossussex.co.uk, 1
+eposswansea.co.uk, 1
+epost.pub, 1
+epost.tw, 1
+epostplus.li, 1
+eposyork.co.uk, 1
+eposzilos.nl, 1
+epoxyfloor.com.my, 1
+epoxyflooringperth.com.au, 1
+eppelblei.lu, 1
+eppelduerferjugend.lu, 1
+eppelpress.lu, 1
+eprdco.gov, 1
+epreskripce.cz, 1
+eprezto.com, 1
+eprimego.com, 1
+eprint-grimsby.co.uk, 1
+eprom.cf, 1
+eprosto.cf, 1
+eprzybornik.pl, 1
+epsamsg.com, 1
+epsi.io, 1
+epsilontel.com, 1
+epsmil.it, 1
+epsomnhpolice.gov, 1
+epson.ru, 1
+epsonstore.ae, 1
+epspolymer.com, 1
+epublibre.org, 1
+epvd.tk, 1
+epyonsuniverse.net, 1
+eq-serve.com, 1
+eqassociates.com, 1
+eqbal.org, 1
+eqibank.com, 1
+eqlplayground.io, 1
+eqrx.net, 1
+eqs.com, 1
+equalifica.com.br, 1
+equalone.co.jp, 1
+equalscollective.com, 1
+equans-kaelte.de, 1
+equasea.com, 0
+equate.net.au, 1
+equatetechnologies.com.au, 0
+equeim.ru, 0
+equestrianvaulting.co.uk, 1
+equi.ac, 1
+equiac.com, 1
+equicom.com, 1
+equidam.com, 1
+equifaxobjection.com, 1
+equilibratura.roma.it, 1
+equilibrium.med.br, 1
+equilibriumx.com, 0
+equine-dentistry-endoscope.com, 1
+equine-dentistry-scope.com, 1
+equinenow.com, 1
+equinetherapy.ca, 1
+equinox.io, 1
+equinoxe.de, 1
+equip.cz, 1
+equipamentosparapostos.com.br, 1
+equipandoloja.net.br, 1
+equipecarriere.ca, 1
+equipedefrance.tv, 0
+equipedefrente.tk, 1
+equipeferramentas.com.br, 1
+equipment-pool.tk, 1
+equipomorado.tk, 1
+equipoweb.info, 1
+equippers.de, 1
+equipsys.net, 1
+equisa-verpackung.com, 1
+equisecu.com, 1
+equitable-igwm.com, 1
+equitazionepertutti.it, 1
+equity.today, 1
+equitybank.com, 1
+equityelevate.com, 1
+equityloupe.ru, 1
+equityyes.org, 1
+equivid.ga, 1
+equmeniakyrkanhallunda.se, 1
+equt.cloud, 1
+er-mgmt.com, 1
+er-music.com, 1
+er.pl, 1
+er.tl, 1
+era.fi, 1
+eradoom.net, 1
+erafat.com, 1
+eraiescrow.com, 1
+erandymoreira.cf, 1
+erandymoreira.ga, 1
+erandymoreira.gq, 1
+erandymoreira.ml, 1
+erapotensia.com, 1
+erasmo.info, 1
+erasmusantoine.tk, 1
+erasmusbari.tk, 1
+erasmusplusrooms.com, 1
+erasure.tk, 1
+erasyou.com, 1
+erate.fi, 1
+eraterm.com, 1
+eravurnet.tk, 1
+erb.org, 1
+erboristeria.milano.it, 1
+erboristeria.roma.it, 1
+erbt.tk, 1
+ercio.com, 1
+erciyesspor.tk, 1
+erclab.kr, 1
+erclaim.com, 1
+erctra.com, 1
+erda.gov, 1
+erdekesseg.com, 1
+erdethamburgeronsdag.no, 1
+ereader.uno, 1
+erebuildings.com, 1
+erechimimoveis.com.br, 1
+erectiepillenwinkel.nl, 1
+erector.cf, 1
+erector.tk, 1
+eredmenye.xyz, 1
+erefredag.se, 1
+eregma.tk, 1
+erektion1.gq, 1
+eremex.ru, 1
+erenvakfi.org, 1
+erethon.com, 1
+erfgoedeisden.tk, 1
+erfolgsmaschine.ch, 0
+ergaomnes.cz, 1
+ergaran.tk, 1
+ergobaby.com, 1
+ergobyte.eu, 1
+ergobyte.gr, 1
+ergodark.com, 1
+ergometrics.org, 1
+ergonomic-products.com, 1
+ergoseo.com, 1
+ergotopia.de, 1
+ergovita.com.br, 1
+erhvervsposten.dk, 1
+erhydro.com, 1
+eric-huber.de, 1
+eric-kolelas.tk, 1
+eric-masters.tk, 1
+eric.gg, 1
+eric1932.tk, 1
+ericabrahamsen.net, 1
+ericacastano.com, 1
+ericaftereric.top, 1
+ericairwin.com, 1
+ericccheng.com, 1
+ericdiao.com, 1
+ericdobson.com, 1
+ericfm.tk, 1
+ericfo.cf, 1
+ericfra.nz, 1
+erich-lessing-theater.tk, 1
+erichoekstra.com, 1
+erichoekstra.nl, 1
+erichorstmanshof.nl, 1
+erichuber.de, 1
+erichware.tk, 1
+ericisaweso.me, 0
+ericjohnltd.com, 1
+erick.blog, 1
+ericksonvasquez.com, 1
+ericksonvilleta.com, 1
+ericktello.tk, 1
+ericleuthardt.com, 1
+ericleuthardtphotography.club, 1
+ericloud.tk, 1
+erico-hm.com, 1
+ericoc.com, 1
+erics.email, 1
+erics.site, 1
+ericsaadeonline.tk, 1
+ericseankennedy.com, 1
+ericsilva.me, 1
+ericsilva.org, 1
+ericspeidel.de, 1
+ericvantijn.tk, 1
+ericwie.se, 0
+eridan.me, 1
+eridanus.uk, 1
+eridas.ml, 1
+erider.bg, 1
+eriecountyohioboe.gov, 1
+erigrid.eu, 1
+eriix.org, 1
+erik-stomp.de, 1
+erik.dedyn.io, 1
+erik1erik1.com, 1
+erikaepedro.ga, 1
+erikdslater.com, 1
+erikheemskerk.nl, 1
+erikhubers.nl, 1
+erikkruithof.nl, 1
+erikrji.me, 1
+eriksen.com, 1
+eriksen.im, 1
+erikserver2.tk, 1
+erikswan.com, 1
+erinaceinae.com, 1
+erinandken.net, 1
+erincarmody.cf, 1
+eriner.me, 1
+eringmaguire.com, 1
+erinias.net, 1
+erinmyers.us, 1
+eris-bj.com, 1
+erisa.uk, 1
+erisinfo.com, 1
+eristajanmutka.com, 1
+erisws.com, 1
+erisys.net, 1
+erito.com, 1
+eritonetwork.com, 1
+eritropoyetina.com, 1
+erium.fr, 1
+erkaelderbarenaaben.dk, 1
+erkeklersoruyor.com, 1
+erkenntniswen.de, 1
+erkiss.club, 1
+erkiss.live, 1
+erkiss12.com, 1
+erkkiaronen.fi, 1
+erlebe-salsa.de, 1
+erlebnisarchaeologie-bayern.de, 1
+erli.pl, 1
+ermak.tk, 1
+erman.ga, 1
+ermeglio.com, 1
+ermitano.cf, 1
+ernal.net, 1
+ernelit.com.br, 1
+ernest.ly, 1
+ernotek.se, 1
+ernst-fuchs.tk, 1
+ero-like.online, 1
+ero-video.net, 1
+ero.ink, 0
+erodvd.com, 0
+erogen.org, 1
+erogen.su, 1
+eroimatome.com, 1
+erokat.ga, 1
+erolib.ga, 1
+eromanga.com, 1
+eromasajes.com, 1
+eron.info, 1
+eropics.to, 1
+erosbeautyandwellness.com, 1
+eroscomixitalia.tk, 1
+erosofia.tk, 1
+eroticjuggs.com, 1
+eroticmassagevegas.com, 1
+eroticom.hr, 1
+erotiksexgeschichten.net, 1
+erotikstahrtseite.cf, 1
+erotikstahrtseite.ga, 1
+erotikstahrtseite.gq, 1
+erotikstahrtseite.tk, 1
+erotismo.co, 1
+erozine.jp, 1
+erp-band.ru, 1
+erp.band, 1
+erpband.ru, 1
+erpcargo.com, 0
+erpcloud.systems, 1
+erpelstolz.at, 1
+erperium.com, 1
+erperium.nl, 1
+erpid.info, 1
+erpollo.com, 1
+erpsolutionsmart.com, 1
+erraen.org.ua, 1
+erreguete.gal, 1
+errekaweb.tk, 1
+errietta.me, 1
+errlytics.com, 1
+errolmarkland.com, 1
+errolstambler.com, 1
+erronort.com, 1
+error.fail, 1
+error.org, 1
+error418.nl, 1
+errror.org, 1
+ersa-shop.com, 1
+ersankaucuk.com, 1
+ersdfaredsaeem.tk, 1
+ersei.net, 1
+erseni.net, 1
+ershiwo.com, 1
+ersinbiltekin.tk, 1
+ersinerce.com, 0
+erspro.net, 1
+erste-hilfe-sbh.de, 1
+erste.guru, 1
+erstehilfeprodukte.at, 1
+ert.ovh, 1
+ertel.xyz, 0
+erthisa.tk, 1
+ertvag.no, 1
+eru.cz, 1
+eru.im, 1
+erudicia.com, 1
+erudicia.de, 1
+erudicia.es, 1
+erudicia.fr, 1
+erudicia.it, 1
+erudicia.nl, 1
+erudicia.se, 1
+erudicia.uk, 1
+erudikum.cz, 1
+erudio-usluge.hr, 1
+erulezz.nl, 1
+eruzione.us, 1
+ervirmaison.tk, 1
+erwannlaflute.tk, 1
+erwerbslosenforum.de, 1
+erwin.saarland, 1
+erwinmi.gov, 1
+erwinonline.tk, 1
+erwinpaal.nl, 1
+erwinschmaeh.ch, 1
+erwinsite.tk, 1
+erwinwensveen.nl, 1
+erythromycinonline.gq, 1
+erythroxylum-coca.com, 1
+eryxmail.de, 1
+erzaehlwerkstatt-heilbronn.de, 1
+erzbistum-bamberg.de, 1
+es-geenen.de, 1
+es-ostan.tk, 1
+es-ramonage.fr, 1
+es-sharing.eu, 1
+es-sicherheit.ch, 1
+es-tools.at, 1
+es-tools.com, 1
+es-tools.de, 1
+es-vps.eu, 1
+es.ax, 1
+es.search.yahoo.com, 0
+es8888.net, 1
+es888999.com, 1
+esaborit.ddns.net, 0
+esadnext.cloud, 1
+esagente.com, 1
+esajokinen.net, 1
+esale.co, 1
+esalesclub.com, 1
+esalinity.com, 1
+esame-di-professione-cinestetica.ch, 1
+esamsur.tk, 1
+esarp.com, 1
+esasafe.com, 1
+esasite.com, 1
+esatn.gov, 1
+esautotech.com.au, 1
+esb1314.net, 1
+esb1668.com, 1
+esb16888.com, 1
+esb369.com, 0
+esb518.com, 1
+esb556.com, 1
+esb5889.com, 1
+esb688.com, 1
+esb68888.com, 1
+esb777.me, 1
+esb777.us, 1
+esb888.net, 1
+esb8886.com, 1
+esb999.com, 1
+esb999.info, 1
+esb999.us, 1
+esba11.cc, 1
+esba11.com, 1
+esba11.in, 1
+esball.in, 0
+esball.online, 1
+esball888.net, 1
+esbuilders.co.nz, 0
+esc-romania.tk, 1
+esc-turkey.tk, 1
+esc18.net, 1
+esc3.net, 1
+esc9.net, 1
+escae.ml, 1
+escael.org, 1
+escalando.tk, 1
+escale-communication.bzh, 0
+escale33bienetre.fr, 1
+escalesensorielle.com, 1
+escambiacountyal.gov, 1
+escanabatownshipmi.gov, 1
+escancia.tk, 1
+escaparate.tk, 1
+escape-house.be, 1
+escapeforyou.com, 1
+escapejunk.com, 1
+escapely.com, 1
+escapeplaza.de, 1
+escaperoomla.com, 1
+escaperoompsl.com, 1
+escapio.com, 1
+escarpe.com, 1
+escavador.com, 1
+escg.digital, 1
+escif.com, 1
+esclinux.tk, 1
+escmatrix.com, 1
+escobarservice7000.com, 1
+escoben.tk, 1
+escogitasrls.com, 1
+escoladejudo.com.br, 1
+escoladepilota.tk, 1
+escolamais.com.br, 1
+escolanacionaldejudo.com.br, 1
+escolatop.com.br, 1
+escolibri.com, 1
+escondido.gov, 1
+escondidoca.gov, 1
+escontact.ch, 0
+escordilla.tk, 1
+escort-fashion.com, 1
+escortaccess.net, 1
+escortbee.com, 1
+escortcreampie.com, 1
+escortdelhi.net, 1
+escortdisplay.com, 1
+escortes.xyz, 1
+escortjessy.tk, 1
+escortlistings.ca, 1
+escortlistings.eu, 1
+escortlistings.fr, 1
+escortlistings.ph, 1
+escortlistingsuk.co.uk, 1
+escorts.works, 1
+escortslittleblackbook.com, 1
+escortz.gq, 1
+escoteiros.tk, 1
+escovator-records.tk, 1
+escritoresdelcomahue.tk, 1
+escriva.org, 1
+escrocratie.tk, 1
+escrowalliance.com, 1
+escspain.tk, 1
+escuelabiblica.com, 1
+escueladego.tk, 1
+escueladelsabor.com, 1
+escueladeministerioytecnologia.com, 1
+escuelagobierno.org, 1
+escuelaparapapas.tk, 1
+escuelasargento.tk, 1
+escuelitasansebastian.cl, 1
+escuelotika-online.tk, 1
+escursione.it, 1
+escyr.top, 0
+esdacademy.eu, 1
+esdarat.ml, 1
+esden.com, 1
+esdenera.com, 1
+esdiscuss.org, 1
+eseances.ch, 1
+esecuredata.com, 1
+esemtia.com, 1
+esenaskincare.com, 1
+eservices-greece.com, 1
+eset.ml, 1
+esexchange.ga, 1
+esfiledecrypter.com, 1
+esg-abi2001.de, 1
+esgen.org, 1
+esgforum.com.br, 1
+esgr.in, 1
+esh.ink, 1
+esher.ac.uk, 1
+eshoeft.com, 1
+eshop-prices.com, 1
+eshop-ptz.ru, 1
+eshoprzd.ru, 1
+eshotsaatleri.com, 1
+eshtapay.com, 1
+esicia.rw, 1
+esideshop.com, 1
+esignandpay.net, 1
+esignering.se, 1
+esignprod.herokuapp.com, 1
+esigtorg.ru, 0
+esiliati.org, 1
+esilva.me, 1
+esite.ch, 1
+esj.org, 1
+eskapi.fr, 1
+eskdale.net, 1
+eskiceviri.cf, 1
+eskiegaming.com, 1
+eskimosboards.ga, 1
+eskimuzikatolyesi.org, 1
+eskisehirhaberleri.tk, 1
+esko.bar, 1
+eskriett.com, 0
+eskritt.ca, 1
+eskypartners.com, 1
+eslamahmed.tk, 1
+eslbuzz.com, 1
+esleme.com, 1
+eslgrammar.org, 1
+eslightinghire.co.uk, 1
+eslint.org, 0
+eslteacheredu.org, 1
+eslutt.cc, 1
+esm.run, 1
+esmalglass-itaca.com, 0
+esmart.ro, 1
+esmejor.tk, 1
+esmincg2t1.com, 1
+esmoker.bg, 1
+esmtp-mx.com, 1
+esnekkaucuk.com, 1
+esnlpr.fi, 1
+eso-database.com, 1
+eso-skillfactory.com, 1
+eso3.eu.org, 1
+esoa.net, 1
+esocite.la, 1
+esoko.eu, 1
+esolcourses.com, 1
+esolitos.com, 1
+esomeprazole1.gq, 1
+eson.eu, 1
+esono.de, 1
+esopticallabs.com, 1
+esote.net, 1
+esoteric.website, 1
+esoterik.link, 1
+esoterikerforum.de, 1
+espace-caen.fr, 0
+espace-gestion.fr, 1
+espace-habitat-francais.fr, 1
+espace-orenda.ch, 0
+espace-vet.fr, 1
+espace.network, 1
+espace.spb.ru, 0
+espacefragil.be, 1
+espacejabugo.com, 0
+espacepiscine51.fr, 1
+espaceroseauteinturiers.fr, 0
+espacetemps.ch, 0
+espacetendance.fr, 0
+espacetheosophie.fr, 1
+espachavo.tk, 1
+espacioantiguo.com, 1
+espacioseideas.mx, 1
+espacioweb.tk, 1
+espacoalimentoesaude.com.br, 1
+espacoentreletras.com.br, 1
+espacosaudesuplementos.com.br, 1
+espaiblancandorra.ga, 1
+espaiblancandorra.gq, 1
+espaiblancandorra.ml, 1
+espaider.com.br, 1
+espairecer.pt, 1
+espanol.search.yahoo.com, 0
+espanyoldebarna.tk, 1
+espass.gq, 1
+espci.fr, 1
+especials.co.za, 1
+especificosba.com.ar, 1
+espectro.tk, 1
+espectrometria.com, 1
+espejo.tk, 1
+espejocofrade.tk, 1
+espeleogel.tk, 1
+espen.cz, 1
+espenandersen.no, 1
+espeo.eu, 1
+esperantio.tk, 1
+esperanto.co, 1
+espgg.org, 1
+espigol.org, 1
+espiragen.com, 1
+espiritismo.tk, 1
+espirituracer.com, 1
+espiv.net, 1
+espivblogs.net, 1
+esplendorecosmeticos.com.br, 1
+espocada.com, 1
+espoonkumi.fi, 0
+esport-agency.fr, 1
+esport-brande.dk, 1
+esporters.it, 1
+esportsbattles.ga, 1
+espower.com.sg, 1
+espressonews.gr, 1
+espressoservicesplus.com.au, 1
+esprihealth.com, 1
+espub.org, 1
+esq, 1
+esquelario.tk, 1
+esquirebrotherhood.tk, 1
+esquirelaw.com, 1
+esquirelawfirm.com, 1
+esquirelawservices.com, 1
+esra.gq, 1
+esrarengizkasabahd.tk, 1
+esrhd.com, 1
+esrinfo.com, 1
+esrs.gov, 1
+ess-ecologica.cat, 1
+essaandmore.com.au, 1
+essay-writing-topics-fce.tk, 1
+essayads.com, 1
+essaybrand.com, 1
+essaychat.com, 1
+essaycoupons.com, 1
+essaydirectory.com, 0
+essayforsale.net, 1
+essayforum.com, 1
+essayhave.com, 1
+essayjob.com, 1
+essaykeeper.com, 1
+essaylib.com, 1
+essaymaker.gq, 1
+essaynews.com, 1
+essaypro.net, 1
+essayscam.org, 1
+essayservices.org, 1
+essayshark.com, 1
+essaytalk.com, 1
+essaywebsite.com, 1
+essecharlie.com, 1
+essenah.com, 1
+essencesdeprana.org, 1
+essencespresso.es, 0
+essenciasparis.com.br, 1
+essentialfoods.pt, 1
+essentialinteriors.ga, 1
+essentialliving.co.uk, 1
+essentialoils.co.za, 1
+essentialoils.nl, 1
+essentialsource.net, 1
+essentiapura.com, 1
+essentiate.com, 1
+essentiel-du-mariage.com, 1
+essentiel-physique.com, 1
+essentry.com, 1
+essentta.com, 1
+essenttamarketplace-essenttamarketplaceqa.azurewebsites.net, 1
+esseriumani.com, 1
+essex.cc, 1
+essexcountyvermont.gov, 1
+essexelectricaltraining.co.uk, 1
+essexgardenstudios.co.uk, 1
+essexhighways.org, 1
+essexmoneyman.com, 1
+essexregionalnj.gov, 1
+essextimbercraft.co.uk, 1
+essilorpse.com, 1
+essilorpse.net, 1
+essite.net, 1
+essjayericsson.com, 1
+esslm.sk, 1
+esslym.com, 1
+essnet.co.jp, 1
+essoduke.org, 1
+essplusmed.org, 1
+essr.org.uk, 1
+essteebee.ch, 0
+esswp.com, 1
+est-it.de, 1
+est8.ai, 1
+establo.pro, 1
+estada.ch, 1
+estadoreclamos.com, 1
+estafallando.es, 1
+estafallando.mx, 1
+estahl.dk, 1
+estallidodigital.cl, 1
+estampascriativas.com.br, 1
+estampille-paris.fr, 1
+estanciasgauchas.com.br, 1
+estate360.co.tz, 1
+estatebud.com, 1
+estateczech-eu.ru, 1
+estateways.com, 1
+estcequemonordinateurestallume.fr, 1
+estcequemontelephoneestallume.fr, 1
+estcequonmetenprodaujourdhui.info, 1
+esteban-abadahs.tk, 1
+estebanborges.com, 1
+estebanoria.net, 1
+estedafah.com, 1
+esteladigital.com, 1
+estelarix.com, 1
+estellaequipment.com, 1
+estenio.com.mx, 1
+esteniomexico.com, 1
+esteria.eu, 0
+esteriliza-me.org, 1
+esterilizacion-perros.es, 1
+estespr.com, 0
+estet.tk, 1
+estetica-bilbao.com, 1
+estetica.host, 1
+esteticamicali.com.ar, 1
+esteticanorte.com.br, 1
+esteticaprofana.it, 1
+estetici.com, 1
+esteticka-chirurgie-nohy.cz, 1
+estetista.net, 1
+esthe-zukan.com, 1
+esthergoh.com, 1
+estherlew.is, 1
+esthesoleil.jp, 1
+estheticianedu.org, 1
+estila.co, 1
+estiloelevadores.com.br, 1
+estilopack-loja.com.br, 1
+estimateone.com, 1
+estintori.roma.it, 1
+estlat.eu, 0
+estoense.com, 1
+estomp.de, 1
+estonia.ee, 0
+estonia.net, 1
+estoniananonymous.tk, 1
+estoniantrade.ee, 1
+estonoentraenelexamen.com, 1
+estopero.tk, 1
+estradatech.org, 1
+estradiolbestellen.gq, 1
+estrasol.com.mx, 1
+estrategiasfm.net, 1
+estreetshuffle.com, 1
+estrella.tk, 1
+estrietoit.com, 0
+estrogenonline.gq, 1
+estrogens.gq, 1
+estruendo.tk, 1
+estuarystudent.tv, 1
+estudantetorcedor.com.br, 1
+estudiarparaser.com, 1
+estudiarseguridadprivada.es, 0
+estudiaryaprenderingles.com, 1
+estudiemosvirtualmente.com, 1
+estudio21pattern.com, 0
+estudioaany.com.br, 1
+estudiogarcia-rada.com, 1
+estudiomantis.tk, 1
+estudionale.com, 1
+estudios-biblicos.tk, 1
+estudiosalmogavares.tk, 1
+estudiosmart.com, 1
+estudosnacionais.com, 1
+esu.dog, 1
+esu.moe, 1
+esu.wiki, 1
+esu.zone, 1
+esunapena.tk, 1
+esunenin.tk, 1
+esuretynew.azurewebsites.net, 1
+esurveynordic.com, 1
+esv.se, 1
+esvaco.cf, 1
+esw.com, 1
+esy.nl, 1
+esyno.nl, 1
+esyoil.com, 1
+esys.ga, 1
+esystems.tk, 1
+eszkola.pl, 1
+et-inf.de, 1
+et.al, 1
+et420nrw.tk, 1
+etablissement.com, 1
+etaes.eu, 1
+etajerka-spb.ru, 1
+etajerka.spb.ru, 1
+etaldelune.fr, 1
+etalent.net, 1
+etalentos.com.br, 1
+etalktome.com, 1
+etanol.tk, 1
+etarskaikozmetickaulja.rs, 1
+etath.com, 1
+etaxigraz.com, 1
+etccooperative.org, 0
+etch.co, 1
+etcivil.com, 1
+etctop.tk, 1
+etdcampus.com, 1
+etdp.co.za, 1
+etech-solution.com, 1
+etech-solution.net, 1
+etech-solutions.com, 1
+etech.com.my, 1
+etechsolution.net, 1
+eteradia.dynv6.net, 1
+eternal-chaos.tk, 1
+eternal-con.de, 1
+eternal-dementia.tk, 1
+eternal-warriors.de, 1
+eternalabyss.int.eu.org, 1
+eternalaugust.com, 1
+eternalflame.cn, 1
+eternalflame.info, 1
+eternalguild.tk, 1
+eternalmountains.tk, 1
+eternalparking.com, 1
+eternalparking.eu, 1
+eternalparking.net, 1
+eternalparking.org, 1
+eternalsymbols.com, 1
+eternegy.co, 1
+eternit.roma.it, 1
+eternitdesio.it, 1
+eternl.io, 1
+etestyonline.tk, 1
+etf.nu, 1
+etf2l.org, 1
+etfacta.com, 0
+etfcentral.com, 1
+etflife.com, 1
+eth-news.info, 1
+eth-services.de, 1
+eth0.nl, 0
+etha.nz, 1
+ethaligan.fr, 1
+ethan-hanlon.xyz, 1
+ethan.pm, 1
+ethanjones.me, 1
+ethanlew.is, 1
+ethanopp.com, 0
+ethanrjones.name, 1
+ethansailant.com, 1
+ethanyoo.com, 1
+ethelbrooks.es, 1
+ether.school, 1
+etherandir.com, 1
+etherapeut.de, 1
+ethercalc.net, 1
+etherderbies.com, 1
+etherdream.com, 1
+ethereal-skies.tk, 1
+ethereal.games, 1
+etherealcollapse.tk, 1
+ethereum-news.info, 1
+ethereumnews.best, 1
+ethereumnews.digital, 1
+ethereumnews.io, 1
+ethereumnews.live, 1
+ethereumnews.news, 1
+ethereumnews.site, 1
+ethereumnews.xyz, 1
+ethergeist.de, 1
+etheria-software.tk, 1
+etherium.design, 1
+etherium.org, 0
+ethermine.org, 1
+ethernium.fun, 1
+etheron.com, 1
+etherpad.nl, 1
+etherpoap.xyz, 1
+ethiack.com, 1
+ethicalconsumer.org, 1
+ethicaldata.co.uk, 1
+ethicalescorts.com, 1
+ethicallogistics.com, 1
+ethicalmarketingsolutions.com, 1
+ethicalpolitics.org, 1
+ethicaltek.com, 0
+ethics.org, 1
+ethicsburg.gov, 1
+ethicsfirst.org, 1
+ethicsforhumans.org, 1
+ethika.com, 1
+ethil-faer.fr, 1
+ethioconsulate-la.org, 1
+ethiqueadvisory.com, 1
+ethitter.com, 1
+ethnews.today, 1
+ethniki-antistasi-dse.gr, 1
+ethnopsychoanalyse.tk, 1
+ethosinfo.com, 1
+ethotupala.tk, 1
+ethpool.org, 1
+ethzero.uk, 1
+eticket.cr, 1
+etienne.cc, 1
+etiennes.work, 1
+etigold.com, 1
+etiketten.tk, 1
+etikus-hacker.hu, 1
+etil.wtf, 1
+etincelle.ml, 1
+etincelle.tk, 1
+etindustries.com, 1
+etiqa.tk, 1
+etisrl.net, 1
+etkarle.de, 1
+etlaq.com, 1
+etmtobik.eu, 1
+etnis.id, 1
+etnoforum.tk, 1
+etnoria.com, 1
+etny.nl, 0
+etoile-rc.jp, 1
+etoile-usedcars.com, 0
+etopa.de, 1
+etoro-openbook.tk, 1
+etororeviews.com, 1
+etos.tk, 1
+etowahwaterga.gov, 1
+etrades.tk, 1
+etre-belle.tk, 1
+etre-vivant.fr, 0
+etrecosmeticderm.com, 1
+etresmant.es, 1
+etrolleybizstore.com, 1
+ets-etos.azurewebsites.net, 1
+ets-software.de, 1
+etsduova.dedyn.io, 1
+etselquemenges.cat, 1
+etsmarconi.be, 0
+etspuka.de, 1
+etsradio.org, 1
+etsu.edu, 1
+ettbattreinternet.se, 1
+etterforsker1.no, 1
+etterretningstjenesten.no, 1
+ettgottliv.com, 1
+ettip.com, 1
+ettlinger-tor.de, 1
+ettoday.org, 1
+ettoremirarchifilms.it, 1
+ettyproject.org, 1
+etudepresse.tk, 1
+etudes.ru, 1
+etudesbibliques.fr, 0
+etudesbibliques.net, 0
+etudesbibliques.org, 0
+etula.ga, 1
+etulasin.tk, 1
+etury.online, 1
+etutsplus.com, 1
+etv.cx, 1
+etyd.org, 1
+etyka.cz, 1
+eu-darlehen-finanzierung.de, 1
+eu-datenbank.de, 1
+eu-election.eu, 1
+eu-gamers.com, 1
+eu-prodaja.com, 1
+eu-secured.com, 1
+eu-stellenangebot.de, 1
+eu.ax, 1
+eu4ua.org, 1
+euaaaio.ru, 1
+euanbarrett.com, 1
+euassisti.com.br, 1
+euc.world, 1
+euchance.hu, 1
+euchre.us, 1
+eucimen.com, 0
+euclidian.com, 1
+eucollegetours.com, 1
+eucustody.com, 1
+eucybernet.eu, 0
+eudiakok.hu, 1
+eudore.org, 1
+eufair.com, 1
+eugenegamelan.org, 1
+eugenekay.com, 0
+eugeneorourke.com, 1
+eugenesia.org, 1
+eugenics.org, 1
+eugeniocorso.com, 1
+eugenioperez.tk, 1
+eugostodefilmesbrasileiros.tk, 1
+eugster.se, 1
+eujobs.hu, 1
+eujobsgmbh.de, 1
+eujobshrgroup.com, 1
+eujobshrgroup.hu, 1
+eujuicers.bg, 1
+eujuicers.com, 1
+eujuicers.com.hr, 1
+eujuicers.com.tr, 1
+eujuicers.com.ua, 1
+eujuicers.cz, 1
+eujuicers.de, 1
+eujuicers.es, 1
+eujuicers.fr, 1
+eujuicers.hu, 1
+eujuicers.it, 1
+eujuicers.pl, 1
+eujuicers.pt, 1
+eujuicers.ro, 1
+eujuicers.rs, 1
+eujuicers.ru, 1
+eujuicers.si, 1
+eujuicers.sk, 1
+eule82.de, 1
+eulen.com, 1
+eulenberg.com, 1
+eulenschmiede.de, 1
+euleres.tk, 1
+eulessplumbers.com, 1
+euman.ml, 1
+eumananc.ro, 1
+eumk6.ml, 1
+eung.ga, 1
+eunicetan.com, 1
+eunomy.io, 1
+eunow.com, 1
+eupay.de, 1
+euphoriaonline.tk, 1
+eupm.org, 1
+euporos.ch, 0
+euprapeace.org, 1
+eurasierwelpen.tk, 1
+eurazeo.com, 1
+eurban.life, 1
+eurbanos.tk, 1
+eurekaca.gov, 1
+eurekagames.tk, 1
+eurekanetwork.org, 1
+eurekatech.eti.br, 1
+eurekatownshipmi.gov, 1
+eurelectric.org, 1
+euren.se, 1
+eurmarketing.com, 1
+euro-cdm.org, 1
+euro-construction.co.uk, 1
+euro-issues.tk, 1
+euro-servers.de, 1
+euro.se, 1
+euroairport.com, 1
+euroalter.com, 1
+euroasia-tm.com, 1
+eurobattle.tk, 1
+eurobeaute.be, 1
+eurobilltracker.tk, 1
+eurocertificazione.it, 1
+eurocleanfrance.fr, 1
+eurococos.com.ua, 1
+eurocom.bg, 1
+eurocomcompany.cz, 1
+euroconti.com, 1
+eurocontrol.aero, 1
+eurocontrol.eu, 1
+eurocontrol.lu, 1
+eurocontrol.me, 1
+eurocure.com, 1
+eurodanceperu.tk, 1
+eurodata.sk, 1
+eurodentaire.com, 1
+eurodesk.eu, 1
+eurodontic.co.uk, 0
+euroecho.com, 1
+euroenergy.tk, 1
+euroestetica.ec, 1
+euroexpres.info, 1
+eurofinance.com, 1
+eurofire.tk, 1
+euroflora.com, 1
+euroflora.mobi, 1
+euroflorist.cf, 1
+euroflorist.ga, 1
+euroflorist.tk, 1
+eurofoods.gr, 1
+eurofoot.cf, 1
+eurofrank.eu, 1
+eurofunk.at, 1
+eurofunk.com, 1
+eurogarden-parts.de, 1
+eurogarden.be, 1
+eurogarden.com, 1
+eurogarden.nl, 1
+eurohell-design.com, 1
+eurohell-design.de, 1
+euroherp.com, 1
+eurohouse.tk, 1
+eurokid.com, 1
+eurokiss.com, 1
+eurolink.tk, 1
+eurolocarno.es, 1
+eurologix.com, 1
+euromalha.com.br, 1
+euroman.ga, 1
+euromas.com, 1
+euromexde.com, 1
+euromuseumcoins.com, 1
+euronic.fi, 1
+eurookna.tk, 1
+europa-passage.de, 1
+europabio.org, 1
+europack.kiev.ua, 1
+europainchemnitz.de, 1
+europapier.net, 1
+europarts-sd.com, 1
+europastudien-chemnitz.de, 1
+europastudien.de, 1
+europatour2005.tk, 1
+europatrans.com.tr, 1
+europavilion.com, 1
+european-accreditation.org, 1
+european-agency.org, 1
+european-alternatives.eu, 1
+european-hospital.ga, 1
+european-hospital.ml, 1
+european-hospital.tk, 1
+european-village.com, 1
+europeananomalouswave.tk, 1
+europeancuisine.tk, 1
+europeancupinline.eu, 1
+europeangaming.eu, 1
+europeanpolice.net, 1
+europeanpreppers.com, 1
+europeanstudies-chemnitz.de, 1
+europeantransportmanagement.com, 1
+europeluxuryweddings.com, 1
+europeonline.tk, 1
+europeontrack.org, 1
+europesearbeiders.be, 1
+europesrit.tk, 1
+europetraveler.tk, 1
+europetravelservice.co.uk, 1
+europop.com, 1
+europrise.ie, 0
+europrojekti.com, 0
+euroregister.com, 1
+euroroad17.dk, 1
+euroscot.de, 1
+euroshop.or.at, 1
+euroshop.tk, 1
+eurosight.com, 1
+euroskano.nl, 1
+euroskulpa.de, 1
+eurosos.com, 1
+eurospecautowerks.com, 1
+eurosquad.tk, 1
+eurostoc.ro, 1
+eurostrategy.vn.ua, 1
+eurosun.tk, 1
+euroswapper.tk, 1
+euroteam.tk, 1
+eurotechme.com, 1
+eurotechnology-group.com, 1
+eurotest.tk, 1
+eurotop.net.pl, 1
+eurotour.tk, 1
+eurotracs.com, 1
+eurotramp.com, 0
+eurousa.us, 1
+eurovision-romania.tk, 1
+eurovision.ie, 1
+eurowave.com, 1
+eurowijskids.nl, 0
+eurowish.com, 1
+eurseo.com, 1
+euruni.edu, 1
+eusalesman.hu, 1
+eusarse.tk, 1
+eusebiu.com, 1
+euskalstakepool.win, 1
+euskaltzaleak.tk, 1
+eusou.ml, 1
+eustaquio.tk, 1
+eustomamc.net, 1
+eusv.net, 1
+eusystemic.com, 1
+eutawal.gov, 1
+euterpiaradio.ch, 1
+eutotal.com, 1
+euvo.tk, 0
+euwid.de, 1
+euzissima.com.br, 1
+ev-zertifikate.de, 1
+eva-briegel-fanpage.tk, 1
+eva.cz, 1
+eva24h.tk, 1
+eva42.com, 1
+evaali.fi, 1
+evaalordiah.tk, 1
+evaberg.net, 1
+evacs.net, 1
+evacs.org, 1
+evacuumstore.com, 1
+evadi.ca, 1
+evafernandez.tk, 1
+evafojtova.cz, 1
+evaisanta-mariaalmudever.tk, 1
+evaisanta.tk, 1
+evaks.az, 1
+evakuator-kharkov.kh.ua, 1
+evakuator-tut.by, 1
+evakuator.ltd, 1
+evalcom.co, 1
+evalcorp.com, 1
+evalesc.com, 1
+evalinux.com, 1
+evalopezzz.org, 1
+evaluasi.com, 1
+evaluation.gov, 1
+evalueit.eu, 1
+evaluer2.pl, 1
+evamachkova.cz, 0
+evamathil.de, 1
+evamlakar.si, 1
+evanbaker.xyz, 1
+evanescenceisfallen.tk, 1
+evanescencenorge.tk, 1
+evanescenceturkey.tk, 1
+evanfiddes.com, 1
+evang.at, 1
+evange.co.jp, 1
+evangelicalmagazine.com, 1
+evangelicalplatform.com, 1
+evangelietuin.tk, 1
+evangelionmagi.tk, 1
+evangelise.asia, 1
+evangersdogfood.com, 1
+evanreev.es, 1
+evansfmm.org, 1
+evansfox.com, 1
+evanspoliceny.gov, 1
+evanstonnow.com, 0
+evansville-wy.gov, 1
+evansvillewi.gov, 1
+evantageglobal.com, 1
+evanwang0.com, 1
+evaolson.se, 1
+evar2.com, 1
+evaria-network.fr, 1
+evasioncreole.com, 1
+evasionteam.tk, 1
+evasovova.cz, 1
+evatantricmassagelondon.uk, 1
+evavolfova.cz, 1
+evbox.com, 1
+evdenevenakliyatankara.name.tr, 1
+evdenevenakliyatistanbul.gen.tr, 1
+evdeneyapilir.com, 1
+eve-online-com.ru, 1
+eve-ua.com, 1
+eve.tax, 1
+eve0s.com, 1
+eveandi.health, 1
+eveapk.com, 1
+eveaz.com, 1
+eveco-mebel.ga, 1
+evedanjailbreak.com, 1
+eveetcie.com, 1
+evehryday.com, 1
+eveil-et-savoirs.com, 1
+evelethpd.gov, 1
+evelienuitvaartverzorging.nl, 1
+evelienzorgt.nl, 1
+evelin.tk, 1
+evelyn.com, 1
+evenbijproaten.online, 1
+evendesign.com, 1
+evendesign.gq, 1
+evenimenteromania.tk, 1
+eveningstar.tk, 1
+eveningtaxservices.com, 1
+evenstar-gaming.com, 1
+evenstargames.com, 1
+event-blick.de, 1
+event-fullyyours.com, 1
+event-reisen.tk, 1
+event-trac.com, 1
+event-tyrlig.no, 1
+event1teamstore.com, 0
+event4fun.no, 1
+event64.ru, 1
+eventact.com, 0
+eventaro.com, 1
+eventblog2017.tk, 1
+eventcore.tk, 1
+eventdata.co.uk, 1
+eventdata.uk, 1
+eventdays.tk, 1
+eventex-rentals.com, 1
+eventfoto.com, 1
+eventfun.tk, 1
+eventide.space, 1
+eventive.org, 0
+eventlista.no, 1
+eventlocation2.de, 1
+eventmake.es, 1
+eventnature.de, 1
+eventnexus.co.uk, 1
+eventosbgp.com, 1
+eventosdeluchalibre.tk, 1
+eventosenmendoza.com.ar, 1
+eventosformativos.tk, 1
+eventospremium.es, 0
+eventpark.cz, 1
+eventpay.jp, 1
+eventplanner.be, 1
+eventplanner.co.uk, 1
+eventplanner.de, 1
+eventplanner.es, 1
+eventplanner.fr, 1
+eventplanner.ie, 1
+eventplanner.lu, 1
+eventplanner.net, 1
+eventplanner.nl, 1
+eventprazdnik.ru, 1
+events.bt, 1
+events1.co.il, 1
+eventsbytma.com, 1
+eventseeker.com, 1
+eventservicestockholm.se, 1
+eventsforyou.fr, 1
+eventsframe.com, 1
+eventtech.com, 0
+eventticketscenter.com, 1
+eveonline.com, 1
+ever.sale, 0
+ever4cats.de, 1
+everaerts.eu, 1
+everain.me, 1
+everand.com, 1
+everberg.tk, 1
+evercheck.com, 1
+everdivemarine.com, 1
+everestbankltd.com, 1
+everettduiattorneys.com, 1
+everettsautorepair.com, 0
+everfine.com.tw, 1
+everfreecoloring.com, 1
+evergarden.cn, 1
+evergladesfarmequipment.com, 1
+everglow.co.jp, 1
+evergreenal.gov, 1
+evergreenilder.tk, 1
+evergreenlangladewi.gov, 1
+evergreentlc.com, 1
+evergrowthdc.com, 1
+everhome.cloud, 1
+everhome.de, 1
+everichspice.com, 1
+everifile.com, 1
+everify.gov, 1
+everisland.com, 1
+everitoken.io, 1
+everling.lu, 1
+everlong.org, 1
+everly.market, 1
+evermade.fi, 1
+evermed.au, 1
+evermed.com.au, 1
+evernaut.com, 1
+everpcpc.com, 1
+everready.tk, 1
+everride.com, 1
+everseo.tk, 1
+eversightwealth.com, 1
+evertonarentwe.com, 1
+evertradeelectronics.com, 1
+evertz.com, 1
+evervitjuice.com, 1
+everwaking.com, 0
+everwinter.tk, 1
+every-day-life.com, 0
+everyarti.st, 1
+everycorneroftheworld.cf, 1
+everycorneroftheworld.de, 1
+everycorneroftheworld.ml, 1
+everycorneroftheworld.tk, 1
+everyday.eu.org, 1
+everydaycaitfitness.com, 1
+everydaydishes.com, 1
+everydaygary.com, 1
+everydaylifeinsurance.com, 1
+everydaypower.com, 1
+everydaypsychology.org, 1
+everydaytherich.com, 1
+everydaywot.com, 1
+everyex.com, 1
+everyeye.it, 1
+everyfad.com, 1
+everyhq.com, 1
+everykidoutdoors.gov, 1
+everymail.me, 1
+everymanandhisdogvineyard.com, 1
+everyoneadmins.tk, 1
+everyonefit.com, 1
+everysaving.ae, 1
+everysaving.ca, 1
+everysaving.co.uk, 1
+everysaving.com, 1
+everysaving.com.au, 1
+everysaving.ie, 1
+everysaving.sg, 1
+everystudent.bg, 1
+everystudent.com.tw, 1
+everysync.co.jp, 1
+everything-as-code.com, 1
+everything-everywhere.com, 1
+everything-mdaemon.com, 1
+everythingaccess.com, 1
+everythingcovid-19.com, 1
+everythingfree.tk, 1
+everythinginoneblog.gq, 1
+everythinglidia.com, 1
+everythinq.com, 1
+everytrycounts.gov, 1
+everyveterancountsohio.gov, 1
+eveshaiwu.com, 1
+eveshamglass.co.uk, 1
+eveswell.com, 1
+evetdermisin.com, 1
+evetech.net, 1
+evezqurbanli.tk, 1
+evga.com, 1
+evhoeft.com, 1
+eviction.cf, 1
+evidecor.com.br, 1
+evidenceusa.com.br, 1
+evidencija.ba, 1
+evies.tk, 1
+evil-empire.tk, 1
+evilbeasts.ru, 1
+evilbrood.tk, 1
+evilcodes.tk, 1
+evildarkness.tk, 1
+evilduck.tk, 1
+evilla.ru, 0
+evilmartians.com, 1
+evilmoisture.tk, 1
+evilnolo.tk, 1
+evilofsociety.tk, 1
+evilolive.tk, 1
+evilsay.com, 0
+evilscience.tk, 1
+evilsite.cf, 1
+eviltricks.tk, 1
+evilways.tk, 1
+evin.ml, 1
+evin.tk, 1
+evisa.us.com, 1
+evisky.com, 1
+evisos.cl, 1
+evisos.com, 1
+evisos.com.ar, 1
+evisos.com.mx, 1
+evisos.es, 1
+eviz.co, 1
+evkitdigital.com.br, 1
+evl.one, 1
+evlilikilan.com, 1
+evlqa1sp1tzb05zo-reoo0vhj9a1t5pousfudnkg.com, 0
+evntage.com, 1
+evobox.store, 1
+evocate.com.au, 1
+evoco.vc, 1
+evodation.com, 1
+evodation.org, 1
+evojska.tk, 1
+evokeearlylearning.com.au, 1
+evolucioneducativa.com.ec, 1
+evolucionestudios.com.bo, 1
+evolucionradio.tk, 1
+evolution-gaming.tk, 1
+evolution-host.ga, 1
+evolution-x.org, 1
+evolution.codes, 1
+evolutionbiote.com, 1
+evolutioninflatables.co.uk, 1
+evolutionlending.co.uk, 1
+evolutionosteopathy.co.uk, 1
+evolutive-records.tk, 1
+evoluxion.co, 1
+evoluzione.fr, 0
+evolve-mma.com, 1
+evolve-university.com, 1
+evolve-vacation.com, 1
+evolve.com, 1
+evolvedevlabs.de, 1
+evolvetechnologies.co.uk, 1
+evolvicity.org, 1
+evolvingseo.com, 1
+evolvingthoughts.net, 1
+evonet.co.za, 1
+evony.eu, 1
+evonys.com, 1
+evopack.net, 1
+evoplay.gq, 1
+evoqion.se, 1
+evosyn.com, 1
+evote-ch.ch, 1
+evotec.pl, 1
+evoting-test.ch, 1
+evoting.ch, 1
+evri.com, 1
+evrial.com, 1
+evromandie.ch, 1
+evronews.ga, 1
+evropaedu.ru, 1
+evscicats.com, 1
+evscstudentwifi.com, 1
+evsinemasistemleri.tk, 1
+evstatus.com, 1
+evtasima.name.tr, 1
+evthing.se, 0
+evtripping.com, 1
+evu-pe.tk, 1
+evulka.eu, 1
+evv.ee, 1
+evxp.it, 1
+evyn.eu, 1
+evz.ro, 1
+ewa-hayward.co.uk, 1
+ewacforum.tk, 1
+ewaf.club, 1
+ewaipiotr.pl, 1
+ewananga.ac.nz, 1
+ewanm89.co.uk, 1
+ewanm89.com, 1
+ewanm89.uk, 1
+ewansinclair.tk, 1
+ewanto.de, 1
+ewaroeng.com, 1
+ewatchers.org, 1
+ewddlacity.com, 1
+ewebcreative.com, 1
+ewelinagrochowina.pl, 1
+ewen-bara.com, 1
+ewesparky.com, 1
+ewgri.gov, 1
+ewhitehat.com, 1
+ewie.name, 1
+ewigetrauringe.de, 1
+ewighost.com, 1
+ewinstore.com, 1
+ewizmo.com, 1
+ewon.biz, 0
+eworkflow.ca, 1
+eworksmedia.com, 0
+eworldmedia.ml, 1
+eworldmedia.tk, 1
+ewoutpool.tk, 1
+ewritingservice.com, 1
+ewsfeed.com, 1
+ewtl.es, 1
+ewuchuan.com, 1
+ewycena.pl, 1
+ex-deli.jp, 1
+ex-links.net, 1
+ex.co, 1
+ex2technology.com, 1
+ex78.com, 1
+exabike.com, 1
+exablue.de, 1
+exact-distribution.com, 1
+exact-online-apps-by-invantive.com, 1
+exact.realty, 1
+exactlibris.com, 1
+exactlyinfinite.com, 1
+exactphilosophy.net, 1
+exactrealty.co.uk, 1
+exactrealty.no, 1
+exactrealty.us, 1
+exactverify.com, 1
+exadime.net, 1
+exaduosport.fr, 1
+exagoni.com, 1
+exagoni.com.au, 1
+exagoni.com.my, 1
+exalthost.com, 1
+exam4.us, 1
+exambot.cf, 1
+exambot.ga, 1
+exambot.gq, 1
+exambot.tk, 1
+examedge.com, 1
+examesrush.com, 0
+examesrush.com.br, 0
+examhq.net, 1
+examika.ru, 1
+examity.com, 1
+examly.io, 1
+examone.com, 1
+exampaperarchive.com, 1
+example.li, 1
+exampleessays.com, 1
+examroll.fr, 1
+examroo.nl, 0
+examsite.tk, 1
+examsmate.in, 1
+examsoft.com, 1
+examsplanner.in, 1
+examticket.tk, 1
+exaplac.com, 1
+exarcheia.com, 1
+exarcheia.link, 1
+exarcheia.online, 1
+exarcheia.ru, 1
+exarius.org, 1
+exashop.tn, 1
+exatmiseis.net, 0
+excaliburmatrix.tk, 1
+excaliburtitle.com, 0
+excavation.ga, 1
+exceed-clan.tk, 1
+exceed.global, 1
+excel-mechanical.com, 1
+excelbroadcast.com, 1
+exceldatapro.com, 1
+excelenteawards.com, 1
+exceleron.in, 1
+excelgum.ca, 1
+excelindonesia.com, 1
+excelindonesia.id, 1
+excelkursdirekt.eu, 1
+excellarate.com, 1
+excellence-eventos.com, 1
+excellence-redefined.org, 1
+excellence.corsica, 1
+excellenceriviera.com, 1
+excellentrencontrer.tk, 1
+excellentsurferers.ga, 1
+excellentsurferest.ga, 1
+excellentweb.site, 1
+excelnutritional.com.br, 1
+excelsiorcomics.com.br, 0
+excelsis.rs, 1
+exceltechoman.com, 1
+exceltobarcode.com, 1
+excentos.com, 1
+exceptionalfirm.com, 1
+exceptionalservices.us, 1
+exceptionalstack.com, 1
+exceptionnotfound.net, 1
+excess-baggage.com, 1
+excessive-software.tk, 1
+exchangedobem.com, 1
+exchangemarketplace.com, 1
+exchanger.ml, 1
+exchanger.tk, 1
+exchangeratingest.ga, 1
+exchangesolutions.com, 1
+exchangetrading.tk, 1
+exchangeview.ga, 1
+exchangevisits.tk, 1
+exchaser.com, 1
+excimerlaser.com, 1
+excite.co.id, 1
+exciters.tk, 1
+excitingbulgaria.com, 0
+excitoninteractive.com, 1
+exclaimer.com, 1
+exclusivacademy.com, 1
+exclusive-okno.ru, 1
+exclusive-world.tk, 1
+exclusivedesignz.com, 1
+exclusivelyuk.co.uk, 1
+exclusivemilf.com, 1
+exclusiveresorts.com, 1
+excluzive.ml, 1
+excoins.biz, 1
+excontinuum.de, 1
+excursiones.tk, 1
+exdomo.com, 1
+exe-boss.tech, 1
+execbar.com, 1
+exechip.com, 1
+execom68.tk, 1
+execupharm.jp, 1
+execution.biz.tr, 1
+executivemarketing.co.za, 1
+executiveseatsers.ga, 1
+executivoshotel.com.br, 1
+exedo.nl, 1
+exeest.com, 1
+exegese.ch, 0
+exegol.co.uk, 1
+exehack.net, 1
+exeintel.com, 1
+exemplarypainting.com, 1
+exemples-de-stands.com, 1
+exentio.sexy, 1
+exentrify.com, 1
+exercisekingers.ga, 1
+exercisekingest.ga, 1
+exerforge.net, 1
+exerph.com, 1
+exerpm.tk, 1
+exescan.net, 1
+exesoft.ml, 1
+exeterfit.com, 1
+exeunt.tk, 1
+exexcarriers.com, 1
+exeypanteleev.com, 1
+exforo.tk, 1
+exfuga.com, 1
+exhalewell.com, 1
+exhumationindia.tk, 1
+exiahost.com, 1
+exiled.land, 1
+exiled.world, 1
+exiletattoo.net, 1
+exiletower.tk, 1
+eximbank.gov.tr, 1
+exip.ga, 1
+exipure.com, 1
+exira.com, 1
+exitooutdoor.com, 1
+exitoseguro.tk, 1
+exitreality.tk, 1
+exizent.com, 1
+exizent.tk, 1
+exline.pro, 1
+exmart.ng, 1
+exmoe.com, 1
+exo-chanyeol.tk, 1
+exodiac.ph, 1
+exodium.tk, 1
+exodus-net.pl, 1
+exodus.com, 1
+exodus.io, 1
+exogenous.ga, 1
+exomind.cf, 1
+exomind.gq, 1
+exon.io, 1
+exonip.de, 1
+exonovov.tk, 1
+exordiumconcepts.com, 1
+exosama.com, 1
+exoscale.ch, 1
+exoscale.com, 1
+exoten-spezialist.de, 1
+exotic-animals.tk, 1
+exotic-bengal-cattery.ml, 1
+exotic.report, 1
+exoticads.com, 1
+exotical.tk, 1
+exoticaz.to, 1
+exotictravel.tk, 1
+exousiakaidunamis.pw, 1
+exousiamg.com, 1
+exoweb.ca, 1
+exp.gg, 1
+exp4all.com, 1
+expancio.com, 0
+expanda.org, 0
+expandabil.cf, 1
+expanddigital.media, 1
+expandor.cz, 1
+expansehost.de, 1
+expansion-lidl.es, 1
+expansive.info, 1
+expart.com, 1
+expatads.com, 1
+expatfinancial.com.hk, 1
+expatinpoland.com, 1
+expatmortgage.uk, 1
+expatriate.pl, 0
+expatwealthatwork.com, 1
+expe.voyage, 1
+expectful.com, 0
+expecting.com.br, 1
+expediteplus-asia.com, 1
+expediteplus.biz, 1
+expediteplus.ca, 1
+expediteplus.com, 1
+expediteplus.com.mx, 1
+expediteplus.info, 1
+expediteplus.mobi, 1
+expediteplus.mx, 1
+expediteplus.net, 1
+expediteplus.org, 1
+expediteplus.pro, 1
+expediteplus.us, 1
+expeditiegrensland.nl, 0
+expedition247.com.au, 1
+expelliarmus.tk, 1
+expensify.com, 1
+expensivejewelsest.ga, 1
+exper.gr, 1
+experience.com, 1
+experiencealula.com, 1
+experienceoutdoors.org.uk, 1
+experienceoz.com.au, 1
+experiment-626.tk, 1
+experimentalguruji.cf, 1
+experimentaltheatreclub.tk, 1
+experimentator.cz, 1
+experimentoscongaseosa.tk, 1
+experimentrak.com, 1
+experimetrix.com, 1
+experise.fr, 1
+experpento.tk, 1
+expert-batiment-rouen.fr, 1
+expert-comptable-vichy-moulins-allier.fr, 1
+expert-korovin.ru, 1
+expert-market.com, 1
+expert-voronezh.tk, 1
+expert.cz, 1
+expert96.cf, 1
+expertclub.tk, 1
+expertcomics.ca, 1
+experteasy.com.au, 1
+expertembeleza.com, 1
+expertembeleza.com.br, 1
+expertestate.org, 1
+experthive.co.za, 1
+expertly.com, 1
+expertmarketer.ro, 1
+expertmarktrg.com, 1
+expertofficefitouts.com.au, 1
+expertowears.com, 1
+expertpaintersvt.com, 1
+expertpanel.gc.ca, 1
+expertpensions.co.uk, 1
+expertplumbingandsolarservicesbathurst.com.au, 1
+experts-united.tk, 1
+expertvagabond.com, 1
+expertviolinteacher.com, 1
+expicare.com, 1
+expii.com, 1
+expireddomains.net, 1
+expis.tk, 1
+expiscor.solutions, 1
+explane.org, 1
+explode.tk, 1
+explodie.org, 1
+exploflex.com.br, 1
+exploit.cz, 0
+exploit.party, 1
+exploit.ph, 1
+exploited.cz, 1
+exploithe.net, 1
+exploitit.com.au, 1
+exploodo.rocks, 1
+explorance.com, 1
+exploraturuta.com, 1
+exploravacations.in, 1
+explore-being-human.org, 1
+explore-hvar.com, 0
+explore-malaysia.ga, 1
+explore-visions.com, 1
+explore.beer, 1
+explorea1a.com, 1
+explorebigideas.com, 1
+explorecrack.com, 1
+exploreeurope.de, 1
+exploregulf.ga, 1
+exploreit.online, 1
+exploretock.com, 1
+exploretsp.gov, 1
+exploring-memory.org, 1
+exploringmorocco.tours, 1
+exploristics.com, 1
+explorium.tk, 1
+explosion-cs.tk, 1
+explosionstereo.tk, 1
+expo58.tk, 1
+expoavanza.com, 1
+expobeds.com, 1
+expocom.online, 1
+expoconsulting.com.br, 1
+expodat.com, 1
+expodom.hu, 1
+expodom.ro, 1
+expodom.sk, 1
+expodum.cz, 1
+expoesiavisual.tk, 1
+expoexports.tk, 1
+expomac.tk, 1
+exponential.fi, 1
+exponentialnews.net, 1
+exponentialsoft.cf, 1
+exponentialsoft.ga, 1
+exponentialsoft.gq, 1
+exponline.ga, 1
+exponline.tk, 1
+expoort.co.uk, 1
+expoort.com, 1
+expoort.com.br, 1
+expoort.es, 1
+expopodium.com, 1
+expoprime.tk, 1
+expopro24.ru, 1
+exporta.cz, 1
+exposedcasting.com, 1
+exposethetruth.tk, 1
+exposurecompensation.co.uk, 1
+exposurethrash.tk, 1
+expouniverse.tk, 1
+expoxl.nl, 1
+express-delivery.co.il, 1
+express-hosting.org, 1
+express-shina.ru, 1
+express-shop.tk, 1
+express-vpn.com, 1
+express1040.com, 1
+expressarte.tk, 1
+expressdebanat.ro, 1
+expressemotion.net, 1
+expressglobal.co.kr, 1
+expresshosting.org, 1
+expresshsp.com, 1
+expressinfo.cz, 1
+expressinfo.sk, 1
+expressionexpress.net, 1
+expressionfunerals.co.nz, 1
+expressivee.com, 1
+expressmarket.ru, 1
+expressodasilhas.cv, 1
+expresspak.co.nz, 1
+expressramps.com, 1
+expressstairliftssw.co.uk, 1
+expressstore.ga, 1
+expressvpn.com, 1
+expressvpn.net, 1
+expressvpn.works, 1
+expressvpn.xyz, 1
+expresvpn-private-analytics.net, 1
+exprimo.tk, 1
+expungement.law, 1
+expxkcd.com, 1
+exquisique.tk, 1
+exquisito.tk, 1
+exs.lv, 1
+exside.com, 1
+exstirpo.com, 1
+extact.com, 1
+extelicast.com, 1
+extendedteam.co, 1
+extendedteam.net, 1
+extendet.tk, 1
+extendresources.com, 0
+extendwings.com, 1
+extenselizzembalagens.com.br, 1
+extensia.it, 1
+extensibility.biz.tr, 1
+extensibleweb.org, 1
+extensiblewebmanifesto.org, 1
+extensiblewebsummit.org, 1
+extensionciglia.roma.it, 1
+extensions-chrome.ru, 1
+extensionschallenge.com, 1
+extensionworkshop.com, 1
+exteriorlightingagoura.com, 1
+exteriorlightingagourahills.com, 1
+exteriorlightingcalabasas.com, 1
+exteriorlightingcamarillo.com, 1
+exteriorlightingconejovalley.com, 1
+exteriorlightingdosvientos.com, 1
+exteriorlightinghiddenhills.com, 1
+exteriorlightinglakesherwood.com, 1
+exteriorlightingmoorpark.com, 1
+exteriorlightingnewburypark.com, 1
+exteriorlightingoakpark.com, 1
+exteriorlightingsimivalley.com, 1
+exteriorlightingthousandoaks.com, 1
+exteriorlightingwestlakevillage.com, 1
+exteriorroofwindowguttercleaning.com, 1
+exteriorservices.io, 1
+exterminateur-punaise-de-lit.fr, 1
+exterminateur-quebec.ca, 1
+exterminator.com.ua, 1
+external-share.com, 1
+externalapps.com, 1
+externalfb.com, 1
+externer-datenschutzbeauftragter-bochum.de, 0
+externeverslaggeving.nl, 1
+externevoorzitter.nl, 1
+extienso.com, 1
+extinctionrebellion.de, 1
+extirosli.ga, 1
+extmatrix.com, 0
+extrabits.pt, 1
+extrabusiness.tk, 1
+extract.me, 1
+extracting.tk, 1
+extradesktops.com, 0
+extradiely.sk, 1
+extradivers-worldwide.com, 1
+extraeasycash.com, 1
+extraefficiency.tk, 1
+extraefficient.tk, 1
+extrafrei.at, 1
+extrafuerdich.tk, 1
+extrainsiderest.ga, 1
+extraloud.tk, 1
+extrapagetab.com, 1
+extraspaces.co.uk, 1
+extratext.at, 1
+extratv.com, 1
+extraupdate.com, 1
+extreemhost.nl, 1
+extreme-addicts.tk, 1
+extreme-gaming.de, 1
+extreme-gaming.us, 1
+extreme.co.th, 1
+extremebaking.com, 1
+extremeforces.tk, 1
+extremelawsers.ga, 1
+extremelawsest.ga, 1
+extremeleadprogram.com, 1
+extremelycorporate.ca, 0
+extrememusclepump.com, 1
+extremepeptides.com, 1
+extremeprojects.tk, 1
+extremeservicesandrestoration.com, 1
+extremesports.tk, 1
+extremetreeandlandscape.com, 1
+extremetunedcars.tk, 1
+extremfrank.tk, 1
+extrolife.ml, 1
+extromail.de, 1
+extstore.com, 1
+extua.pw, 1
+exudestudios.tk, 1
+exum.tk, 1
+exusi.ai, 1
+exvisits.tk, 1
+exvs.org, 1
+exwaiti.com, 1
+exway.com, 1
+exxoncannabis.com, 1
+exxpozed-image.de, 1
+exxpozed.ch, 1
+exxpozed.co.uk, 1
+exxpozed.com, 1
+exxpozed.de, 1
+exxpozed.eu, 1
+exzibit.net, 1
+eyasc.nl, 1
+eye-move.nl, 1
+eye.do, 1
+eye.security, 1
+eyeandfire.com, 1
+eyebagdoctor.com.sg, 1
+eyeball.ml, 1
+eyebrowsmicroblading.co.uk, 1
+eyecandy.gr, 1
+eyecon.gr, 1
+eyedea.ga, 1
+eyedesignuniversity.com, 1
+eyeglasses.com, 0
+eyelash-mc.com, 1
+eyelash-navi.com, 1
+eyelash.tk, 1
+eyelashconcept.com, 1
+eyelashextensions.tk, 1
+eyelidsphoenix.com, 1
+eyemagic.net, 1
+eyemedica.de, 0
+eyeniyasam.com, 1
+eyenote.gov, 1
+eyeonid.com, 0
+eyep.me, 0
+eyeratereviews.com, 1
+eyes-berg.com, 0
+eyesandearsrescue.org, 1
+eyesaveopticalinc.com, 1
+eyescratch.tk, 1
+eyesee.fr, 1
+eyesfans.com, 1
+eyeshield-informatique.tech, 1
+eyesome.com, 1
+eyespecialistsofla.com, 1
+eyestrainexplained.com, 1
+eyesurgery.tk, 1
+eyetelligence.nl, 1
+eyetooth.ga, 1
+eyfari.com, 1
+eyktasarim.tk, 1
+eylog.co.uk, 1
+eylulsohbet.net, 1
+eynio.com, 1
+eyona.com, 1
+eyoo.link, 1
+eyps.net, 1
+eytosh.net, 1
+eyy.co, 1
+eyyit.com, 0
+eyyubyilmaz.com, 1
+ezabalium.tk, 1
+ezakazivanje.rs, 1
+ezalba.com, 0
+ezcater.com, 1
+ezcater.io, 1
+ezcesspoollongisland.com, 1
+ezcourseonline.com, 1
+ezdog.press, 1
+ezec.com.tw, 1
+ezee-fix.co.uk, 1
+ezekia.com, 1
+ezeviral.com, 1
+ezgif.com, 1
+ezhub.de, 1
+ezidox.com, 1
+ezifin.com, 1
+ezik-ido.tk, 1
+ezinezone.tk, 1
+ezinternet.com.au, 1
+ezitech.com, 1
+ezmob.com, 1
+ezmoddingz.tk, 1
+ezochat.com, 1
+ezorgportaal.nl, 1
+ezoterizm.info, 1
+ezpb.com, 1
+ezprints.com, 0
+ezpublish-france.fr, 1
+ezrent.tk, 1
+ezsavers.ga, 1
+ezsaversers.ga, 1
+ezsaversest.ga, 1
+ezscrapbooksest.ga, 1
+ezshopper.co.uk, 1
+ezsun.co, 1
+ezvolt.com.br, 1
+ezwebsearch.com, 1
+ezybook.co.nz, 1
+ezybook.net, 1
+ezyfitdoors.com.au, 1
+ezygentechnology.com, 1
+ezz-drops.tk, 1
+ezzhole.net, 1
+f-401.com, 1
+f-centre.ru, 1
+f-csc.org, 1
+f-droid.org, 0
+f-hd.net, 1
+f-mebel-na-zakaz.ru, 1
+f-sulzmann.de, 1
+f-thie.de, 1
+f-u-c-k.wien, 1
+f00228.com, 1
+f00f.org, 1
+f0x.es, 1
+f1-onlineliga.com, 1
+f1318.net, 1
+f1bigpicture.com, 1
+f1classement.com, 0
+f1collection.com, 1
+f1distribution.com, 1
+f1ex.org, 1
+f1fever.co.uk, 1
+f1fever.net, 1
+f1grandprix.tk, 1
+f1ltr0.com, 1
+f1minute.com, 1
+f1nal-lap.be, 1
+f1nalboss.de, 1
+f1nn.space, 1
+f1pr.com, 1
+f1report.net, 1
+f1sh.de, 1
+f1simulator.tk, 1
+f1solutionslb.com, 1
+f1sport.tk, 1
+f1worldwide.tk, 1
+f2h.io, 1
+f2pool.com, 1
+f36533.com, 1
+f3m.pt, 1
+f3r.xyz, 1
+f42.net, 1
+f43.me, 1
+f45challenge.com, 1
+f45training.com, 1
+f4bkv.net, 1
+f4jsl.fr, 1
+f5.hk, 1
+f51365.com, 0
+f5197.co, 1
+f6729.co, 1
+f6729.com, 0
+f6957.co, 1
+f6queer.org, 1
+f82365.com, 1
+f88288.com, 1
+f8842.com, 1
+f88fine.com, 1
+f88good.com, 1
+f88ll.com, 1
+f88qin.com, 1
+f88vip1.com, 1
+f88vip101.com, 1
+f88vip102.cc, 1
+f88vip107.com, 1
+f88vip108.com, 1
+f88vip29.com, 1
+f88vip8.com, 1
+f88vip804.com, 1
+f88vip851.com, 1
+f88vip878.com, 1
+f88vip895.com, 1
+f88yule111.com, 1
+f88yule122.com, 1
+f88yule7.com, 1
+f88yule9.com, 1
+f8906.com, 1
+f8908.com, 1
+f8921.com, 1
+f899365.com, 0
+f8cp1.com, 0
+f8cp2.com, 0
+f8cp3.com, 0
+f8cp5.com, 0
+f8cp6.com, 0
+f8cp7.com, 0
+f8cp8.com, 0
+f8s.co, 1
+f9297.co, 1
+f9297.com, 0
+f9397.com, 0
+f9721.com, 0
+f9728.co, 1
+f9852.com, 0
+f9883.com, 0
+f9884.com, 1
+f9885.com, 0
+fa-fa.tk, 1
+faapart107certifiedpilot.com, 1
+faaq.ru, 1
+faasviddy.nl, 1
+faazmusic.com, 1
+fabao.in, 1
+fabarm.fr, 1
+fabbro-roma.org, 1
+fabbro.roma.it, 1
+fabconvert.com, 1
+fabelturen.tk, 1
+faber.org.ru, 0
+faberoclub.tk, 1
+fabfrenchinsurance.com, 1
+fabian-fingerle.de, 1
+fabian-klose.com, 1
+fabian-klose.de, 1
+fabian-klose.net, 1
+fabian-kluge.de, 1
+fabian-praschl.de, 1
+fabian-zoske.de, 1
+fabian.gq, 1
+fabianackle.ch, 1
+fabianbeiner.com, 0
+fabianbeiner.de, 0
+fabianegli.ch, 1
+fabianfranke.de, 1
+fabiankoeppen.com, 1
+fabianni.tk, 1
+fabickcat.com, 1
+fabien-eigenmann.ch, 1
+fabien-hebuterne.fr, 0
+fabienbaker.com, 1
+fabienne-roux.org, 1
+fabil.id, 1
+fabilnatural.co.id, 1
+fabilpages.com, 1
+fabim.de, 1
+fabiobier.com, 1
+fabiokrug.de, 1
+fabiolamolinastore.com, 1
+fabiooliveirapr.com.br, 1
+fabiopaiva.pt, 1
+fabledsolutions.com, 1
+fableforge.nl, 1
+fableheartmedia.com, 1
+fabpilot.com, 1
+fabricademonstros.com.br, 1
+fabricalaser.com.br, 1
+fabricandoclientes.com.br, 1
+fabriceleroux.com, 0
+fabricemannuelphotography.fr, 1
+fabricio.adv.br, 1
+fabricio.eti.br, 1
+fabriciomoreira.ga, 1
+fabrik.de, 1
+fabrika-jaluzi.ru, 1
+fabrikafilmes.com.br, 1
+fabriknet.de, 1
+fabrilec.tk, 1
+fabrinet.co.th, 1
+fabriziofaniello.tk, 1
+fabriziorocca.it, 1
+fabriziorocca.tk, 1
+fabrykazabawy1.pl, 1
+fabse.net, 1
+fabseal.de, 1
+fabslabour.uk, 1
+fabtechexpo.com, 1
+fabulosa.com.br, 0
+fabulous.com, 1
+fabulouseventsmiami.com, 1
+fabulousfarmgirl.com, 1
+fabulouslyyouthfulskin.com, 1
+fabulouslyyouthfulskineyeserum.com, 1
+fabuye.cf, 1
+fabuye.ga, 1
+fabuye.gq, 1
+fabuye.ml, 1
+fabuye.tk, 1
+fac.fi, 1
+fac.gov, 1
+faca.gov, 1
+facaca.com, 1
+facadatabase.gov, 1
+facan-godollo.hu, 1
+facanabota.com, 1
+facanabota.com.br, 1
+facarospauls.com, 1
+facchinaggio.it, 1
+facchinaggio.milano.it, 1
+facchinaggio.roma.it, 1
+facchinetti.cloud, 1
+facchino.it, 1
+face-art.tk, 1
+face-fashion.de, 1
+face.yoga, 1
+face2faith-vechta.de, 1
+facealacrise.fr, 0
+facebeautyhq.com, 1
+facebook-atom.appspot.com, 1
+facebook-program.com, 1
+facebook.ax, 1
+facebook.com, 0
+facebookcareers.com, 1
+facebookenterprise.com, 1
+facebookmail.com, 1
+facebookrecruiting.com, 1
+faceboom.tk, 1
+facebylouise.co.uk, 1
+facedaily.tk, 1
+facedeplook.tk, 1
+faceegypt.tk, 1
+faceitsalon.com, 1
+facekhande.tk, 1
+facelimousin.fr, 1
+facemashclone.com, 1
+facemaze.io, 1
+facenews.ml, 1
+facepainting.gr, 1
+facepalmsecurity.com, 1
+faces4watch.com, 1
+facescertification.com, 1
+facesdr.com, 1
+faceside.com, 1
+facesnf.com, 1
+facevietpro.tk, 1
+facevitalityers.ga, 1
+fach-journalist.de, 1
+fachfusspflege-exner.de, 1
+fachim.tk, 1
+fachinformatiker.com, 1
+fachiri.tk, 1
+fachowisko.pl, 1
+fachschaften.org, 0
+fachschaftslisten.at, 1
+fachschaftslisten.org, 1
+fachversand-hennes.de, 1
+facialcare.tk, 1
+facialexercising.com, 1
+facialparalysisnetwork.ga, 1
+facialplasticsurgeryofaustin.com, 1
+facil.services, 0
+facilecommebonjour.com, 1
+facilit-info.fr, 1
+facilities.fr, 1
+facilitiessurvey.org, 1
+facilitrak.com, 1
+facilitron.com, 1
+facility-service-muenchen.de, 1
+fackovcova.cz, 1
+fackovcova.eu, 1
+fackovcova.fun, 1
+fackovcova.online, 1
+fackovcova.sk, 1
+fackovec.cz, 1
+fackovec.eu, 1
+fackovec.fun, 1
+fackovec.online, 1
+fackovec.sk, 1
+facorne.com, 1
+fact.cat, 1
+factbros.com, 1
+factbusterers.ga, 1
+factbusterest.ga, 1
+factbytefactbox.com, 1
+facteurcheval.com, 1
+factis.com, 1
+factor.cc, 0
+factorchave.com, 1
+factoriadifacil.com, 1
+factorio.tools, 1
+factoriobin.com, 1
+factoriotools.com, 1
+factoriotools.net, 1
+factoriotools.org, 1
+factorit.fr, 1
+factorway.com, 1
+factory-f.net, 1
+factoryalimentos.com.br, 1
+factorypark.com, 1
+factorypartsdirect.com, 1
+factozia.tk, 1
+facts-about-bees.ml, 1
+factslider.tk, 1
+factsvision.sr, 1
+factua.nl, 1
+factum-info.net, 1
+facturama.pt, 1
+facturare.online, 1
+factureenlinea.com, 0
+factuur.pro, 1
+factuursturen.be, 1
+factuursturen.nl, 1
+facty.com, 1
+factys.do, 1
+factys.es, 1
+facucosta.com.ar, 1
+facvest.com, 1
+fadaex.org, 1
+fadaru.ml, 1
+fadecloud.com, 1
+fadedave.com, 1
+fadednet.com, 0
+fademusic.tk, 1
+fadergs.edu.br, 1
+faderweb.de, 1
+fadhlan.web.id, 0
+fads-center.online, 1
+fae.watch, 1
+faedefencesociety.com, 1
+faedefensesociety.com, 1
+faehler.de, 1
+faehling.space, 1
+faelix.ch, 1
+faelix.eu, 1
+faelix.fr, 1
+faelix.im, 1
+faelix.net, 1
+faelix.uk, 1
+faerb.it, 1
+faeriebabe.com, 1
+faeriecakes.be, 1
+faeservice.eu, 1
+faeton.tk, 1
+fafarishoptrading.com, 1
+fafers.tk, 1
+fafscloud.com, 0
+fagdag.dk, 1
+faggut.gg, 1
+fagor.com, 1
+fagor.eus, 1
+fagott.pw, 1
+fagus.hopto.org, 1
+fahadbook.com, 1
+fahnamporn.com, 1
+fahrenwal.de, 1
+fahrenwalde.de, 1
+fahrradreisen-wanderreisen.de, 1
+fahrschule-laux.de, 1
+fahrwerk.io, 1
+fahrzeug-talk.de, 1
+fai.gov, 1
+faidanoi.it, 1
+faidatefacile.it, 1
+faieurope.it, 1
+fail.cf, 1
+failed-banks.com, 1
+failforward.tech, 1
+failover.de, 1
+failover.eu, 1
+failoverplan.it, 1
+failstats.net, 0
+faimdevoyages.com, 1
+faimmobiliare.it, 1
+fainlogistics.com, 1
+fairbairnrealty.com, 1
+fairbill.com, 1
+fairbot.cf, 1
+fairbot.gq, 1
+fairbot.ml, 1
+fairbot.tk, 1
+fairbroker.com, 1
+fairchildband.tk, 1
+fairchildfun.com, 0
+fairchildfun.marketing, 1
+fairchildfun.tv, 1
+fairchildstx.gov, 1
+fairdata.ga, 1
+fairedeseconomies.info, 1
+fairelements.net, 1
+faireum.win, 1
+fairewindenergie-sh.de, 1
+fairfaxcountypartners.gov, 1
+fairfaxsc.gov, 1
+fairfield-me.gov, 1
+fairfieldcountyohioworkforcecenter.gov, 1
+fairfieldmt.gov, 1
+fairfieldschool.tk, 1
+fairfieldtexas.gov, 1
+fairfieldtwplenaweemi.gov, 1
+fairfly.com, 1
+fairgaming.ml, 1
+fairgaming.tk, 1
+fairgolfteams.com, 1
+fairhavenvt.gov, 1
+fairleevt.gov, 1
+fairlesslaw.com, 1
+fairline.com, 1
+fairmates.tk, 1
+fairmontnc.gov, 1
+fairmonttamarak.cf, 1
+fairmonttamarak.ga, 1
+fairmonttamarak.ml, 1
+fairmountfireco.gov, 1
+fairplanner.net, 1
+fairplay-trading.com, 1
+fairplay.im, 1
+fairprice.com.sg, 1
+fairssl.dk, 1
+fairssl.se, 1
+fairtrade010.nl, 1
+fairtradegemeentegent.be, 1
+fairview.ca, 0
+fairviewcounseling.org, 1
+fairviewevents.ca, 0
+fairviewfarmacy.com, 1
+fairviewfcss.com, 0
+fairviewheightsil.gov, 1
+fairviewmotel-simcoe.com, 1
+fairwork.gov.au, 1
+fairyani.me, 1
+fairyballet.ga, 1
+fairydust.space, 1
+fairyth.tk, 1
+faisia.tk, 1
+faithadvisorers.ga, 1
+faithadvisorest.ga, 1
+faithbulletin.tk, 1
+faithcentercogop.net, 1
+faithfuladvisor.com, 1
+faithfulcounseling.com, 1
+faithfulfaye.nl, 1
+faithfully.tk, 1
+faithfulroad.org, 1
+faithleaks.org, 0
+faixaazul.com, 1
+faizan.net, 1
+faizanullah.com, 0
+fajarafriansh.cf, 1
+fajarilahi.sch.id, 1
+fajasreductoras.top, 1
+fajita.party, 1
+fajnshop.sk, 1
+fajode.net, 1
+fakat.tk, 1
+fake-show.ga, 1
+fake.creditcard, 1
+fakeaddress.net, 1
+fakeapple.nl, 1
+fakebusters.club, 1
+fakecheck.com, 1
+faked.org, 1
+fakeemergency.com, 1
+fakeframes.ga, 1
+fakeframesers.ga, 1
+fakeframesest.ga, 1
+fakehouse.tk, 1
+fakehub.com, 1
+fakel.ga, 1
+fakemoney.ga, 1
+fakeroses.tk, 1
+fakes-ru.tk, 1
+faketaxi.com, 1
+fakhrudin.tk, 1
+fakinga.tk, 1
+fakt.tk, 1
+faktenfaktenfakten.tk, 1
+faktotum.tech, 1
+fakturi.com, 1
+faktury.co, 0
+fal.moe, 1
+falaeapp.org, 1
+falbros.com, 1
+falcatus-dalmatians.hu, 1
+falce.in, 1
+falcema.com, 1
+falchion.tk, 1
+falck.dk, 1
+falcn.io, 1
+falconcrest-lippert.com, 1
+falconerny.gov, 1
+falconfrag.com, 1
+falconi.com, 1
+falconicapital.com, 1
+falconieri.it, 1
+falconinsurance.com.hk, 1
+falconstap.tk, 1
+falconvintners.com, 0
+falcoz.net, 1
+faldoria.de, 1
+fale.io, 1
+falegname-roma.it, 1
+falegname.roma.it, 1
+falegnameria.milano.it, 1
+falixnodes.net, 1
+falkenthal.org, 1
+falkentyre.com, 1
+falkus.net, 1
+fall.ga, 1
+fallen-evolution.com, 1
+fallenangeldrinks.co.uk, 1
+fallenangeldrinks.com, 0
+fallenangeldrinks.eu, 1
+fallenangelspirits.co.uk, 1
+fallenangelspirits.com, 1
+fallenlondon.wiki, 1
+fallenmoons.nl, 1
+fallens-home.de, 1
+fallenspirits.co.uk, 1
+fallfishtenkara.com, 0
+falling.se, 1
+fallingbrick.co.uk, 1
+fallofthecitadel.com, 1
+fallonarrocho.tk, 1
+fallout-craft.ru, 1
+fallout-tattoo.de, 1
+fallout4london.com, 1
+fallriverbiblechapel.tk, 1
+fallriverma.gov, 1
+fallspa.gov, 1
+fallvegermdfharder.gq, 1
+falmouthpublicsafetyma.gov, 1
+falmouthretirementma.gov, 1
+falscher-kellner.de, 1
+false.in.net, 1
+falsepattern.com, 1
+falsesecurity.org, 1
+falsterhus.de, 1
+falsterhus.dk, 1
+falstoneshow.com, 1
+falsum.net, 1
+fam-borsch.de, 1
+fam-kreibich.de, 1
+fam-roos.com, 1
+fam-stemmer.de, 0
+famacweb.no, 1
+famcloud.de, 1
+famdouma.nl, 1
+fameng.nl, 1
+famep.gov, 1
+fameska.com, 1
+fameslook.tk, 1
+fameus.fr, 1
+fameuxhosting.co.uk, 1
+famgdigital.com, 1
+famigliafiorini.it, 1
+familialchercher.tk, 1
+familiaperez.net, 0
+familie-keil.de, 1
+familie-kruithof.nl, 1
+familie-kupschke.de, 1
+familie-mischak.de, 1
+familie-monka.de, 1
+familie-mueller.com.de, 1
+familie-oberlander.de, 1
+familie-poeppinghaus.de, 1
+familie-remke.de, 1
+familie-sprink.de, 0
+familie-witzik.eu, 1
+familiearchivaris.nl, 1
+familiebaehr.eu, 1
+familiebies.nl, 1
+familiedelwicheferrari.tk, 1
+familiekiekjes.nl, 1
+familiekusch.de, 1
+familienoase-koenigstein.de, 1
+familienportal.de, 1
+familienrat.com, 1
+familienzone.at, 1
+familiereimann.com, 0
+familieretshuset.dk, 1
+familietandarts.nl, 1
+familievisscher.tk, 1
+familjenm.se, 1
+familjenosterlund.se, 1
+familleenfete.fr, 1
+familleseux.net, 1
+familleshilton.com, 1
+family-clinic.tk, 1
+familyclinicstl.com, 1
+familyconventioners.ga, 1
+familyd-c.com, 1
+familydoctor.ru, 1
+familyframeworks.com, 1
+familyhookups.com, 1
+familyparties.co.uk, 1
+familyrecipe.co.uk, 1
+familysinners.com, 1
+familystockexchangeers.ga, 1
+familytreehq.com, 1
+familytrees.net, 1
+familytreewebinars.com, 1
+familyworld.gr, 0
+familyzone.ga, 1
+famion.eu, 1
+famlefeber.nl, 1
+famonitor.com, 1
+famosas.cf, 1
+famous-models.tk, 1
+famousandfaded.com, 1
+famousbirthdays.com, 1
+famousit.nl, 1
+famousmodels.tk, 1
+famouspdf.gq, 1
+famre.de, 1
+famschaefer.ddns.net, 1
+famvsomeren.nl, 1
+fan-sport.com, 1
+fan-sport25.com, 1
+fan.gov, 1
+fan4all.de, 1
+fanart.ru, 1
+fanaticamandafans.tk, 1
+fanaticosdehectorlavoeenperu.tk, 1
+fanatka.tk, 1
+fanbike.de, 1
+fanboi.ch, 1
+fanbooster.com, 1
+fancars.ru, 1
+fanclubblackhills.tk, 1
+fanclubmariaciobanu.tk, 1
+fanclubs.tk, 1
+fancy-bridge.com, 1
+fancy.org.uk, 1
+fancygaming.dk, 1
+fancypanty.cf, 1
+fancywow.com, 1
+fandars.com, 1
+fandeev.tk, 1
+fander.it, 1
+fandt.me, 1
+fanera.tk, 1
+fanescu.ro, 1
+faneuil.com, 1
+fanfareokselaar.tk, 1
+fanfiction.tk, 1
+fanflix.co, 1
+fang-den-sommer.de, 1
+fangan.com, 1
+fangbing.me, 1
+fangd.net, 1
+fangjingdian.com, 1
+fangkehou.tk, 1
+fangs.ink, 1
+fangshu.com, 1
+fanidrakopoulou.tk, 1
+fanjingbo.com, 1
+fanmerchstore.com, 1
+fanniemaeloans.tk, 1
+fanning.tk, 1
+fannyips.tk, 1
+fanohus.de, 1
+fanohus.dk, 1
+fanorama.tk, 1
+fanosak.tk, 1
+fans-darkangel.tk, 1
+fans-lily-allen.tk, 1
+fansale.de, 1
+fansdefoot.fr, 1
+fanshenzhiyi.com, 1
+fansport.space, 1
+fansta.jp, 1
+fanstuff.ru, 1
+fantacast.it, 1
+fantasiatravel.hr, 1
+fantasmma.tk, 1
+fantasticcleaners.com.au, 1
+fantasticcleanersbristol.co.uk, 1
+fantasticgrassers.ga, 1
+fantasticgrassest.ga, 1
+fantastichandymanmelbourne.com.au, 1
+fantastici.de, 1
+fantasticservices.com, 1
+fantasticservicesgroup.com.au, 1
+fantastictricks.gq, 1
+fantastictricks.tk, 1
+fantasy-football.org, 1
+fantasy-judo.com, 1
+fantasyadventures.tk, 1
+fantasybarsers.ga, 1
+fantasybarsest.ga, 1
+fantasybet.co, 1
+fantasycastles.co.uk, 1
+fantasycdn.com, 1
+fantasychronicleonline.com, 1
+fantasydreams.tk, 1
+fantasyempires.net, 1
+fantasyempires.nl, 1
+fantasyescortsbirmingham.co.uk, 1
+fantasyfoot.gq, 1
+fantasyfoot.tk, 1
+fantasyforever.tk, 1
+fantasymina.de, 1
+fantasypartyhire.com.au, 1
+fantasypartyrental.com, 1
+fantasyprojections.com, 1
+fantasyspectrum.com, 1
+fantasysports.tk, 1
+fantasysportsnews.org, 1
+fantgames.com, 1
+fantinisfantasy.cf, 1
+fantinishop.com, 1
+fantraxhq.com, 1
+fanty-online.com, 0
+fanyue123.tk, 1
+fanz.pro, 1
+fanzade.com, 1
+fanzapers.ga, 1
+fanzhuang.com, 1
+fanzine-nimbus.tk, 1
+fanzlive.com, 1
+fap.link, 1
+fap.no, 1
+fapcoholic.com, 1
+fapiis.gov, 1
+fapplejuice.com, 1
+fapplepie.com, 1
+fapplesauce.com, 1
+fapzone.tk, 1
+faq.ie, 1
+faqbite.com, 1
+faqexchangeest.ga, 1
+faqin-hr.info, 1
+faqiteam.tk, 1
+faqprivacyincidentleasing.ca, 1
+faqprivacyincidentmortgages.ca, 1
+far-east.tk, 1
+far3link.tk, 1
+fara.gov, 1
+faradji.nu, 1
+faradome.ws, 1
+faradrive.ir, 1
+farafaratodonuevoleon.com, 1
+farallonesrentacar.com, 1
+faraloda.tk, 1
+faraonplay5.com, 1
+faraonplay7.com, 1
+faraonplay8.com, 1
+faraslot8.com, 1
+faraslot8.net, 1
+faraso.org, 1
+farb-tabelle.de, 1
+farberplasticsurgery.com, 1
+farbyin10.com, 1
+farcecrew.de, 0
+farcon.com, 1
+farda.gov, 1
+fardinarafat.tk, 0
+fareast.cf, 1
+fareast.ga, 1
+fareast.gq, 1
+fareast.tk, 1
+fareinternational.com, 1
+farenheit.net, 1
+faresair.com, 1
+farescan.com, 1
+faresfrom.com, 1
+fareto.com, 1
+faretravel.co.uk, 1
+fareuntrasloco.it, 1
+farexpress.it, 0
+farfallapets.com.br, 1
+farfallina.nl, 1
+farfor.tk, 1
+farhadexchange.com, 1
+farhamaghdasi.ir, 1
+farhandanish.tk, 1
+farian.tk, 1
+faribanx-porn.com, 1
+faribanx-xxx.com, 1
+faridathaimassage.com.au, 1
+farikaporselen.com, 1
+farisre.com, 1
+farizhan.com, 1
+farizizhan.com, 0
+farizstore.tk, 1
+farkas.ws, 1
+farleybrass.com.au, 1
+farleymetals.com.au, 1
+farlezz.de, 1
+farlitesolutions.com, 1
+farm-catalog.ga, 1
+farm-dogecoin.tk, 1
+farm-vacations.com, 1
+farm24.co.uk, 1
+farmaceuticainternazionale.it, 1
+farmacia.pt, 1
+farmaciacomunalelacchiarella.it, 1
+farmaciadejaime.es, 1
+farmacovigilancia-exeltis.com.mx, 0
+farmako.net, 1
+farmakon.tk, 1
+farmasimahaganesha.ac.id, 1
+farmaspeed.it, 1
+farmauna.com, 1
+farmbureauinsurance-mi.com, 1
+farmer-miniaturen.tk, 1
+farmerfairness.gov, 1
+farmers.gov, 1
+farmersfridge.com, 0
+farmersgirlkitchen.co.uk, 1
+farming.co.uk, 1
+farmingtonlaxwi.gov, 1
+farmkazuto.com, 1
+farmmaximizer.com, 1
+farmocracy.in, 1
+farmqa.com, 1
+farmscbdoil.com, 1
+farmtogether.com, 1
+farmvilleva.gov, 1
+farnboroughairshow.com, 1
+faro-car-hire.co.uk, 1
+faro.com, 1
+farodistribuidora.com.br, 1
+faroes.net, 1
+faroes.org, 1
+faroit.tk, 1
+faroitalia.it, 1
+farol.cz, 1
+faros-studio.gr, 1
+farouk.com, 1
+faroutsolutions.com, 0
+farrel-f.cf, 1
+farrel-f.id, 1
+farrel-f.tk, 1
+farrelf.blog, 1
+farrelly.nz, 1
+farringtonfoundation.org, 1
+farringtongurneyvillagehall.org, 1
+farsil.eu, 1
+fart.cafe, 1
+fartoclose.tk, 1
+fartypants.com, 1
+farukcesur.com.tr, 1
+faryaz.tk, 1
+fasab-portcenter.se, 1
+fasad.eu, 1
+fasam.edu.br, 1
+fascat.com, 1
+fashion-buttons.tk, 1
+fashion-family.cf, 1
+fashion-hunters.pl, 1
+fashion-swimwear.tk, 1
+fashion-world.tk, 1
+fashion.bg, 1
+fashionactivation.com, 1
+fashionadvice.tk, 1
+fashionagent.tk, 1
+fashionblogs.tk, 1
+fashioncatalogues.tk, 1
+fashionchanel.tk, 1
+fashioncourses.tk, 1
+fashiondaily.tk, 1
+fashiondays.bg, 1
+fashiondays.hu, 1
+fashiondays.ro, 1
+fashiondesign.ml, 1
+fashiondistrict.org, 1
+fashiondock.de, 0
+fashiondot.ga, 1
+fashioneditor.gr, 1
+fashionflavorph.com, 1
+fashionforward.tk, 1
+fashionforyou.ga, 1
+fashionfreaks.tk, 1
+fashionfuture.tk, 1
+fashionhome.tk, 1
+fashioninitaly.tk, 1
+fashionlink.tk, 1
+fashionlistify.tk, 1
+fashionmagazine.com, 1
+fashionmagz.tk, 1
+fashionmasala.tk, 1
+fashionmovie.tk, 1
+fashionone.tk, 1
+fashionoutlets.tk, 1
+fashionplus.ml, 1
+fashionrecovery.co.nz, 1
+fashionreview.ml, 1
+fashionstylenews.tk, 1
+fashionsuits.tk, 1
+fashionsummer.tk, 1
+fashiontrendsetter.com, 1
+fashionunited.at, 1
+fashionunited.be, 1
+fashionunited.ch, 1
+fashionunited.cl, 1
+fashionunited.cn, 1
+fashionunited.co, 1
+fashionunited.co.uk, 1
+fashionunited.com, 1
+fashionunited.com.ar, 1
+fashionunited.com.br, 1
+fashionunited.com.pe, 1
+fashionunited.de, 1
+fashionunited.es, 1
+fashionunited.fi, 1
+fashionunited.fr, 1
+fashionunited.hk, 1
+fashionunited.hu, 1
+fashionunited.ie, 1
+fashionunited.in, 1
+fashionunited.info, 1
+fashionunited.it, 1
+fashionunited.jp, 1
+fashionunited.lu, 1
+fashionunited.mx, 1
+fashionunited.nl, 1
+fashionunited.no, 1
+fashionunited.nz, 1
+fashionunited.pl, 1
+fashionunited.pt, 1
+fashionunited.ru, 1
+fashionunited.se, 1
+fashionunited.uk, 1
+fashionusa.gq, 1
+fashionweb.ml, 1
+fashionweek.tk, 1
+fashionweekweb.com, 1
+fashionworlds.ml, 1
+fashionxmas.gq, 1
+fasigbrooks.com, 1
+fasmaritime.com, 1
+faspirits.co.uk, 1
+faspirits.com, 1
+faspsych.com, 1
+fasqu.com, 1
+fassaden-selleng.de, 1
+fassadenverkleidung24.de, 1
+fassi-sport.it, 1
+fassiportugal.pt, 1
+fast-cargo.ml, 1
+fast-drops.cf, 1
+fast-events.eu, 1
+fast-host.gq, 1
+fast-host.net, 1
+fast-mobile.tk, 1
+fast-pro.co.jp, 1
+fast-rabbit.tw, 1
+fast-silver.tk, 1
+fast4ever.tk, 1
+fastaim.de, 1
+fastamundi.com, 1
+fastandtuning.tk, 1
+fastbackmbg.be, 1
+fastbackmbm.be, 1
+fastbet.it, 1
+fastblit.com, 1
+fastblob.com, 1
+fastbob.cf, 1
+fastbob.ga, 1
+fastbob.gq, 1
+fastbob.ml, 1
+fastbob.tk, 1
+fastbuilder.pro, 1
+fastcash.com.br, 1
+fastcast.ga, 1
+fastcats.tk, 1
+fastcdn.info, 1
+fastcloud.ge, 1
+fastcommerce.org, 1
+fastconfirm.com, 1
+fastcp.top, 1
+fastcup.net, 1
+fastcustomboxes.com, 1
+fastdronespro.com, 1
+fastener.tk, 1
+fastensorozo.hu, 1
+faster-disinfestazioni.it, 1
+faster.cz, 1
+fasterblogsers.ga, 1
+fasterblogsest.ga, 1
+fasterci.com, 1
+fasterfront.com, 1
+fasterfront.com.br, 1
+fasternie.tk, 1
+fastestknowntime.com, 1
+fastfast.click, 1
+fastfix.nl, 1
+fastfloorscreed.ie, 1
+fastforwardsociety.nl, 1
+fastforwardthemes.com, 1
+fastfox.tk, 1
+fastfwd.co.za, 1
+fastgamingro.tk, 1
+fasthost.com.br, 1
+fastighetsekonomi.com, 0
+fastknighki.ga, 1
+fastknigi.ml, 1
+fastmail.com, 0
+fastme.co, 1
+fastmeet.tk, 1
+fastmetrics.com, 1
+fastonline.ro, 1
+fastopen.ml, 1
+fastos.com, 1
+fastos.de, 1
+fastpaper.gq, 1
+fastpeoplesearch.com, 1
+fastphox.com, 1
+fastpresence.com, 1
+fastproxycat.ml, 1
+fastproxyforfree.gq, 1
+fastrocket.pl, 1
+fastscanapp.com, 1
+fastserv.pl, 1
+faststage.ch, 1
+fasturl.ml, 1
+fastvanya.com, 1
+fastvelocityers.ga, 1
+fastvelocityest.ga, 1
+fastvisit.tk, 1
+fastvistorias.com.br, 1
+fastworx.com, 1
+faszination-fankurve.de, 1
+fatal-beauty.tk, 1
+fatal.ga, 1
+fatalchat.tk, 1
+fatalerrorcoded.eu, 1
+fatalityimmortals.ga, 1
+fatalsunrise.com, 1
+fatassbooty.com, 1
+fatcat.tk, 1
+fate-srd.com, 0
+fatecdevday.com.br, 1
+fatemaalhabsi.com, 1
+fates.online, 1
+fatetx.gov, 1
+fatfueled.com, 1
+fatherhood.gov, 1
+fatidique.com, 1
+fatig.com, 1
+fatiguesyndrome.com, 1
+fatihingemisi.com, 1
+fatimamoldes.com.br, 1
+fatlabwebsupport.com, 1
+fatmixx.com, 1
+fator25.com.br, 1
+fatowltees.com, 1
+fatpussytube.com, 1
+fattailcall.com, 0
+fattoriabio.jp, 1
+fattorino.it, 1
+fatturegeko.eu, 1
+fattyink.com, 1
+fatumagro.bg, 1
+fatvalley.at, 1
+fatzebra.com.au, 1
+fau-bremen.tk, 1
+fau8.ml, 1
+fauceton.cf, 1
+fauceton.tk, 1
+faucetslist.tk, 1
+faulhaber.com, 1
+faulkner2020.com, 1
+faulknercountyar.gov, 1
+faultyserver.com, 1
+faunahotel.cl, 1
+faunathreads.com, 1
+faunatrek.com, 1
+faure.link, 1
+fauteuil-bebe.fr, 1
+fauvettes.be, 1
+fauwater.com, 1
+fauxcams.com, 1
+fauxil.shop, 1
+fauxreal.com, 1
+favalart.com, 1
+favarica.com, 1
+favicone.com, 1
+favirei.com, 1
+favorai.com, 1
+favorit-stroy-snab.ru, 1
+favorita.digital, 1
+favoritenewspaperers.ga, 1
+favoritenewspaperest.ga, 1
+favoritestudent.ml, 1
+favoritestudenters.ga, 1
+favoritestudentest.ga, 1
+favoritetechers.ga, 1
+favouritequotations.ca, 1
+favourperfect.com.au, 1
+favro.com, 1
+favrotest.com, 1
+faw-club.cf, 1
+fawong.com, 1
+fawter.online, 1
+fawx.news, 1
+faxfarmers.ga, 1
+faxfarmest.ga, 1
+faxreader.net, 1
+faxvorlagen-druckvorlagen.de, 1
+fayalove.com, 1
+fayamovies.tk, 1
+fayettecountyillinois.gov, 1
+fayettecountyoh.gov, 1
+fayettecountytn.gov, 1
+fayettecountywv.gov, 1
+fayettemopd.gov, 1
+fayettevilleflyer.com, 1
+fayettevillewv.gov, 1
+fayffersons.com, 1
+fayfilms.com, 1
+fayntic.com, 1
+faysalabdi.fi, 1
+fazal.tv, 1
+fazet.tk, 1
+fazhion.tk, 1
+fazo.gq, 1
+fazrin.tk, 1
+fazz.fun, 1
+fazz.id, 1
+fb.audio, 1
+fb.gg, 1
+fb.me, 1
+fb.watch, 1
+fb88.com, 0
+fbaun.dk, 1
+fbausch.de, 1
+fbcdn.net, 1
+fbcfairburn.com, 1
+fbcopy.com, 1
+fbctx.gov, 1
+fbe.to, 1
+fbf.gov, 1
+fbfwd.email, 1
+fbi.gov, 1
+fbiagentedu.org, 1
+fbigame.com, 1
+fbihr.gov, 1
+fbiic.gov, 1
+fbijobs.gov, 1
+fbilab.gov, 1
+fbk.moe, 1
+fbmedia-ckl.com, 1
+fbo.gov, 1
+fbo.network, 1
+fboerman.nl, 1
+fbrief.org, 1
+fbsbx.com, 1
+fbscontenttest.com, 1
+fbthirdpartypixel.com, 1
+fburl.com, 1
+fbwat.ch, 1
+fbwifi.com, 1
+fc-corvinul.tk, 1
+fc-rostov.ru, 1
+fc8882.net, 1
+fca-tools.com, 1
+fcapartsdb.com, 1
+fcapollo.tk, 1
+fcarrascosa.es, 1
+fcbarcelona.cz, 1
+fcbasel.info, 1
+fcblueboys.be, 1
+fcbrasov.tk, 1
+fccaracciolo-solution.tk, 1
+fccarbon.com, 0
+fcd.im, 1
+fcdauwendaele-dames.tk, 1
+fcdekampioenen.tk, 1
+fcdemuis.tk, 1
+fcdenhaag-holi.tk, 1
+fcdg.com.br, 1
+fcdordrecht.tk, 1
+fcforum.net, 1
+fcg.fyi, 1
+fcgmd.gov, 1
+fcht.fr, 1
+fcic.gov, 1
+fcijobportalodisha.com, 1
+fcingolstadt.de, 0
+fcit-tems.org, 1
+fcitasc.com, 1
+fcm.org.co, 1
+fcmoorsel.tk, 1
+fcode.tk, 1
+fcosinus.com, 1
+fcporto.ws, 1
+fcprovadia.com, 1
+fcrrijswijk.nl, 1
+fcs-embedded.com, 1
+fcsarajevo.tk, 1
+fcsic.gov, 1
+fcsm.gov, 1
+fcts.ml, 1
+fd-telecom.ru, 1
+fd.gov, 1
+fdalawboston.com, 1
+fdaregs.com, 1
+fdereplace.tk, 1
+fdevs.ch, 1
+fdfz.edu.cn, 1
+fdg-98.de, 1
+fdicig.gov, 1
+fdicoig.gov, 1
+fdimmo24.com, 1
+fdis.net.cn, 1
+fdj.fr, 1
+fdkm.eu, 1
+fdlibre.eu, 1
+fdlp.gov, 1
+fdlpl.org, 1
+fdltcc.edu, 1
+fdmg.nl, 1
+fdms.gov, 1
+fdnsc.net, 1
+fdp-alsdorf.de, 1
+fdp-heinsberg.de, 1
+fdpbrig.ch, 1
+fdresearch.ca, 1
+fdsys.gov, 1
+fdx-insurance.com, 1
+feac.us, 1
+feaden.me, 1
+feandc.com, 1
+fear-crowd.tk, 1
+fearedcreation.tk, 1
+fearfactory.tk, 1
+fearghus.org, 1
+fearlessmusic.tk, 1
+fearnley.uk, 1
+fearstyle.tk, 1
+fearunknown.tk, 1
+feast-day.tk, 1
+feast.info, 1
+feastofplants.com, 1
+feastr-dev.de, 1
+feastr.de, 1
+feastr.io, 1
+feastshare.com, 1
+feat.agency, 1
+feataccess.in, 1
+feath.net, 1
+featherfan.io, 1
+feathermc.com, 1
+feathersbtq.com, 1
+featherweightlabs.com, 1
+feature-branch.nl, 1
+featured.tk, 1
+featuredcarders.ga, 1
+featuredmen.com, 1
+feb.gov, 1
+febeditora.com.br, 1
+febooti.com, 1
+fed-shashek.spb.ru, 1
+fed51.com, 1
+fedbizopps.gov, 1
+fedcenter.gov, 1
+fedefutbol.tk, 1
+fedel.tk, 1
+fedema.com, 1
+federacaoanarquista.com.br, 1
+federacaofutebolmesa.pt, 1
+federacaomatraquilhos.pt, 1
+federacaoportuguesafutebolmesa.pt, 1
+federaciocatalanapipaclubs.tk, 1
+federacionanarquista.net, 1
+federalbus.ga, 1
+federalbusers.ga, 1
+federalbusest.ga, 1
+federalcalendarest.ga, 1
+federalcriminaldefenseattorney.com, 1
+federalinvestments.gov, 1
+federaljob.net, 1
+federaljobs.gov, 1
+federallawenforcement.org, 1
+federalprisonforums.com, 1
+federalregister.gov, 1
+federalreserve.gov, 1
+federalreserveconsumerhelp.gov, 1
+federalsignal.com, 1
+federasco.ga, 1
+federatedbank.com, 1
+federation.gov.au, 1
+federica.tk, 1
+federico.ro, 1
+federicomigliavacca.it, 1
+fedextrackingservices.com, 1
+fedidcard.gov, 1
+fedifeed.net, 1
+fedinvest.gov, 0
+fedistatus.com, 1
+fedistatus.eu, 1
+fedistatus.net, 1
+fedistatus.org, 1
+fedistatus.social, 1
+fediver.city, 1
+fediver.com, 1
+fediver.eu, 1
+fediver.net, 1
+fediver.org, 1
+fediver.social, 1
+fedivercity.com, 1
+fedivercity.eu, 1
+fedivercity.net, 1
+fedivercity.org, 1
+fedivercity.social, 1
+fediverse.observer, 1
+fedjobs.gov, 1
+fedlocatorers.ga, 1
+fedlocatorest.ga, 1
+fedn.it, 1
+fednat.com, 1
+fedorahosted.org, 1
+fedoralinux.or.kr, 1
+fedoranews.org, 1
+fedorapeople.org, 1
+fedoraproject.org, 1
+fedorblog.tk, 1
+fedpartnership.gov, 1
+fedramp.gov, 1
+fedres.gov, 1
+fedrigoni.com, 1
+fedrooms.gov, 1
+fedrtc.org, 1
+fedshat.space, 1
+fedshirevets.gov, 1
+feeblebridges.nl, 1
+feecotec.com, 1
+feed-back.com, 1
+feedback-project.eu, 1
+feedbackproduction.tk, 1
+feedbin.com, 0
+feedetailsers.ga, 1
+feedetailsest.ga, 1
+feedfall.com, 1
+feedhq.org, 1
+feedinghouse.tk, 1
+feedingmethodsers.ga, 1
+feedingmethodsest.ga, 1
+feedingmynewbaby.com, 1
+feedkovacs.hu, 1
+feedmail.org, 1
+feedough.com, 1
+feedstringer.com, 1
+feedthefood.com, 1
+feedthefuture.gov, 1
+feedthegreek.tk, 1
+feedtube.com, 1
+feedvisor.com, 1
+feeg-wage.gc.ca, 1
+feegg.com.br, 1
+feehla.com, 1
+feek.org, 1
+feel-events.com, 1
+feel.aero, 1
+feelamazing.com.au, 1
+feelbycubanas.com, 1
+feeld.cloud, 1
+feelerfolg.com, 1
+feelgood-workouts.de, 1
+feelgood.com.tw, 1
+feelgoodcasino.com, 1
+feeling.com.mx, 1
+feelingdesperate.net, 1
+feelingdesperate.org, 1
+feelmingo.com, 1
+feelnet.top, 1
+feeltennis.net, 1
+feelya.com, 1
+feen.us, 1
+feepod.com, 1
+feeriedesign-event.com, 1
+feest.com, 1
+feestbierfusten.nl, 1
+feestfactory.tk, 1
+feestgids.nl, 1
+feetek.net, 1
+feetnesclub.tk, 1
+feetpa.ws, 1
+feezlinkz.com.ng, 1
+feezmodo.com, 1
+fef.moe, 1
+fefacaram.com.br, 1
+fefelovalex.ru, 1
+feg-wge.gc.ca, 1
+fegame.eu, 1
+fegame.mobi, 1
+fegame.net, 1
+fegame.nl, 1
+fegc-wgec.gc.ca, 1
+fegli.gov, 1
+fehlerqultur.net, 1
+fehngarten.de, 1
+fehr-online.eu, 1
+fehrm.gov, 1
+feigling.net, 0
+feignandfolly.tk, 1
+feiki.tk, 1
+feikuai.tv, 1
+feildel.fr, 1
+feilen.de, 1
+feilestrokestown.com, 1
+feinform.com, 1
+feip.co, 1
+feirlane.org, 0
+feiromo.com, 1
+feistore.com.tw, 1
+feistyduck.com, 1
+feisworld.com, 0
+feitam.es, 1
+feixiang.eu.org, 1
+feixiang.pp.ua, 1
+feiya.ng, 1
+fejervar.hu, 1
+fejo.dk, 1
+fekepp.net, 1
+fekir.info, 1
+felcas.com.co, 1
+feld.saarland, 1
+feldbogenclub-hamburg.de, 1
+feldgut.de, 1
+feldkirchen.tk, 1
+feldmangallery.com, 1
+felett.es, 1
+felger-times.fr, 1
+felgitscher.xyz, 1
+felicifia.org, 1
+felid.gay, 1
+felidas.net, 1
+felin.es, 1
+feline.ro, 1
+felinefriend.co.uk, 1
+felinepc.com, 1
+felipesexto.tk, 1
+felipesuri.com, 0
+feliratok.eu, 1
+felis.com.mx, 1
+feliscatus.tk, 1
+felistirnavia.sk, 1
+felix-amez.tk, 1
+felix-hirner.de, 1
+felixbarta.de, 1
+felixbrand.de, 1
+felixbroekhuizen.tk, 1
+felixc.at, 1
+felixcabrol.com, 1
+felixcrux.com, 1
+felixgerschau.com, 1
+felixharo.es, 0
+felixhollitzer.de, 1
+felixkauer.de, 1
+felixklenner.de, 1
+felixlatscha.ch, 1
+felixmendez.com, 1
+felixsanchez.tk, 1
+felixschuermeyer.de, 1
+felixseele.de, 1
+felixsworld.tk, 1
+felixturgeon.ca, 1
+felixvelarde.com, 1
+felixweb.tk, 1
+feliz.tk, 1
+fellas.com.tr, 1
+felmodrj.com, 1
+felonymath.com, 1
+felonymath.net, 1
+felonymath.org, 1
+felsare3.com, 1
+felsefe.tk, 1
+felsenheimer.tk, 1
+feltencie.com, 1
+feltons.me, 0
+feluck.de, 1
+female-costumes.tk, 1
+femalecare.tk, 1
+femalefoodie.com, 1
+femalehumorers.ga, 1
+femalehumorest.ga, 1
+femaleteamest.ga, 1
+femastudios.com, 1
+femboy.clothing, 1
+femboy.fan, 1
+femboys.pics, 1
+femcompany.nl, 1
+femik.net, 1
+femina.se, 1
+feminina.eu, 1
+feminina.pt, 1
+feminique.tk, 1
+feministreview.cf, 1
+feministreview.ga, 1
+feministreview.gq, 1
+feministreview.ml, 1
+feministspectrum.org, 1
+feminteligencia.com, 1
+femiwiki.com, 1
+femme.fitness, 1
+femmes-women.gc.ca, 1
+femmes.gc.ca, 1
+femmesaupluriel.com, 1
+femtomind.com, 1
+fena.jp, 1
+fenagav.ga, 1
+fenatrigo.com.br, 1
+fence-stlouis.com, 1
+fencebutlers.com, 1
+fencekirkwood.com, 1
+fencestlouis.co, 1
+fencestlouis.com, 1
+fencethisyard.com, 1
+fencingmarters.ga, 1
+fencingmartest.ga, 1
+feng.si, 1
+feng18.vip, 0
+feng68.vip, 0
+feng88.vip, 0
+fengchuiyudaqu.ml, 1
+fenghuangcheng.tk, 1
+fengrui.me, 0
+fengyadi.com, 1
+fengyi.tel, 1
+fengying.co, 1
+fenhl.net, 1
+fenichelar.com, 1
+fenitriatnica.tk, 1
+fenix-site.tk, 1
+fenix-zone.tk, 1
+fenixcorporative.tk, 1
+fenixmetal.tk, 1
+fenixonlinevirtual.com.br, 1
+fenj.nl, 1
+fenn.moe, 1
+fennec.wtf, 1
+fennech.io, 1
+fennet.rentals, 1
+fenns.co.za, 1
+fennville.gov, 1
+fennydewit.nl, 1
+fenom.ga, 1
+fenotipo.com, 1
+fenris.ovh, 1
+fenritec.eu, 1
+fenritec.fr, 1
+fense.cf, 1
+fense.ml, 1
+fenster-bank.at, 1
+fenster-bank.de, 1
+fensterbau-mutscheller.de, 1
+fenwickisland-de.gov, 1
+fenzas.com, 1
+feodosiya.cf, 1
+feodosiya.tk, 1
+feras-alhajjaji.com, 1
+feraz.com.mx, 1
+ferc.gov, 1
+ferchup.com, 1
+ferenczi.ch, 1
+ferestre-bucuresti.ro, 1
+fereum.com, 1
+ferfer.ga, 1
+fergtm.com, 1
+fergusfallsmn.gov, 1
+fergusoncastle.com, 0
+fergusonroofing.com, 1
+ferhatsurer.com, 1
+feriadelvellon.tk, 1
+feribotlines.com, 1
+feridun.tk, 1
+feriehus-danmark.no, 1
+ferien-haus-mittelpunkt.de, 1
+ferien-netzwerk.de, 1
+ferien-zweibruecken.tk, 1
+ferienhaeuser-krummin.de, 1
+ferienhaus-danemark-hund.de, 1
+ferienhaus-danemark-privat.de, 1
+ferienhaus-laesoe.de, 1
+ferienhaus-montenegro.tk, 1
+ferienhaus-polchow-ruegen.de, 0
+ferienhaus-urlaub-danemark.de, 1
+ferienhausprovence.ch, 1
+ferienwohnung-hafeninsel-stralsund.de, 1
+ferienwohnung-ruegen.tk, 1
+ferienwohnung-wiesengrund.eu, 1
+ferienwohnung-wilmersdorf.de, 1
+ferienwohnungen-lastminute.de, 1
+ferienwohnungen-willingen.de, 1
+ferienwohnunglanger.de, 1
+ferieservice.dk, 1
+ferio-fuu.tk, 1
+ferlc.org, 1
+ferluxilluminazione.it, 1
+fermabel.com.br, 1
+fermanacuratampaparts.com, 1
+fermanaghomagh.com, 1
+fermani.ar, 1
+fermani.com.ar, 1
+fermastore.cf, 1
+fermastore.tk, 1
+fermateh.com.ua, 1
+fermemarineau.com, 1
+fermenteana.com, 1
+fermier-mag.ro, 1
+fernandes.org, 1
+fernandezvilar.es, 1
+fernandoalonso.tk, 1
+fernandob.com, 1
+fernandobarata.pt, 1
+fernandobarillas.com, 1
+fernandolucas.info, 1
+fernandomiguel.net, 1
+fernandomorientes-zone.tk, 1
+fernandosuarez.cf, 1
+fernatura.tk, 1
+ferngas.de, 1
+fernheim.com.py, 1
+fernhowe.co.uk, 0
+fernland.com.au, 1
+fernvenue.com, 1
+fernweh.tk, 1
+ferociousmass.tk, 1
+feross.net, 1
+feross.org, 1
+ferozes.com.br, 1
+ferrada.org, 0
+ferrari.com, 1
+ferrariadvisor.it, 1
+ferrariale.tk, 1
+ferrarichat.fr, 1
+ferreh.com, 1
+ferreira.ovh, 1
+ferreteriaferreiro.com, 1
+ferrets.tk, 1
+ferretslife.com, 1
+ferriday.gov, 1
+ferrikomm.de, 1
+ferrin.tk, 1
+ferrisfox.me, 1
+ferriswheelofficial.us, 1
+ferro-design.tk, 1
+ferrodata.de, 1
+ferrousmoon.com, 1
+ferrovial.com, 1
+ferrumformat.com, 1
+ferrybig.me, 1
+fersedo.mk, 1
+fersumalin.cf, 1
+fersumalin.ga, 1
+fersumalin.gq, 1
+fersumalin.ml, 1
+fersumalin.tk, 1
+ferticare.pt, 1
+fertigehecke.de, 1
+fertile.fund, 1
+fertilityquick.ga, 1
+fertilityquickers.ga, 1
+fertilityquickest.ga, 1
+fertilityspace.io, 1
+fertilitytreatmentcenter.com, 1
+fertilizers.tk, 1
+ferwor.studio, 1
+ferydoonzandi.tk, 1
+fes.at, 1
+fescuesodsouthernindiana.com, 1
+feseev.ml, 1
+fesne.com, 1
+festaprylar.se, 1
+festar.tk, 1
+festasdosenhordocalvario.pt, 1
+festesuniversitaries.tk, 1
+festfabriken.se, 1
+festin.tk, 1
+festival-tipps.com, 1
+festival365.ml, 1
+festivalcarpark.com.au, 1
+festivaldays.tk, 1
+festivaldecinedemallorca.tk, 1
+festivaldelumieresgand.be, 1
+festivaldelumieresgand.com, 1
+festivaldimouamaroussiou.gr, 1
+festivalfumo.tk, 1
+festivalgourmet.com, 1
+festivaljapon.com, 1
+festivalplaza.com.au, 1
+festivalpopayan.tk, 1
+festivalsalmondeoro.tk, 1
+festivalsquare.com.au, 1
+festivalsrit.tk, 1
+festivaltower.au, 1
+festivaltower.com.au, 1
+festmaniastore.com.br, 1
+festo.net, 1
+festo.online, 1
+festrentcar.pl, 1
+festusmo.gov, 1
+festx.co.za, 1
+fetanbus.com, 1
+fetawerelddans.tk, 1
+fetchease.com, 1
+fetchmag.com, 1
+fetchmonitors.com, 1
+fetclips.se, 1
+fethtv.com, 1
+fetichedecaramelo.tk, 1
+fetih1453.tk, 1
+fetish-x.com, 1
+fetishbazar.cz, 1
+fetishblend.com, 1
+fetishzone.org, 1
+fetlife.com, 1
+fetlinks.ga, 1
+fettbrot.tk, 1
+fettings.com, 1
+feudalisten.de, 1
+feudaltactics.com, 1
+feuerhuhn.de, 1
+feuerloescher-test.de, 1
+feuerwehr-dachaufsetzer.de, 1
+feuerwehr-e-learning.de, 1
+feuerwehr-gebirge.de, 1
+feuerwehr-heiligenberg.de, 1
+feuerwehr-mehring.de, 1
+feuerwehr-offenbach-bieber.de, 0
+feuerwehr-solms.de, 1
+feuerwehr-vechta.de, 1
+feuerwerksmanufaktur.de, 1
+feuerwolke.spdns.de, 1
+feuetgloire.com, 0
+feurich.tk, 1
+fever.ch, 1
+fevo.us, 1
+fevolden.com, 1
+fewo-groden.de, 1
+fewo-hafeninsel-stralsund.de, 1
+fewo-thueringer-wald.de, 1
+fewo-wildrosenpfad.de, 1
+fewo.plus, 1
+fewo.reise, 1
+fewo32.de, 1
+fexopay.com, 1
+fey-web.tk, 1
+feyenoordrotterdam.tk, 1
+feyenoordsite.tk, 1
+feyenoordvakz.tk, 1
+fezbet.net, 1
+fezlee.com, 1
+ff-bad-hoehenstadt.de, 1
+ff-bg.xyz, 1
+ff-koenigstein-opf.de, 1
+ff-obersunzing-niedersunzing.de, 1
+ff-tostedt.de, 1
+ff15.ddns.net, 1
+ff326.com, 0
+ff5197.co, 1
+ff5g.com, 1
+ff6729.co, 1
+ff6729.com, 1
+ff6957.co, 1
+ff9297.co, 1
+ff9397.com, 1
+ff9721.com, 0
+ff9728.co, 1
+ff976.com, 0
+ffaaa00.com, 1
+ffaaa11.com, 1
+ffaaa22.com, 1
+ffaaa33.com, 1
+ffaaa44.com, 1
+ffaaa55.com, 1
+ffaaa66.com, 1
+ffaaa77.com, 1
+ffaaa88.com, 1
+ffaaa99.com, 1
+ffamranteatime.com, 1
+ffb.gov, 1
+ffbans.org, 1
+ffbbb00.com, 1
+ffbbb11.com, 1
+ffbbb22.com, 1
+ffbbb33.com, 1
+ffbbb44.com, 1
+ffbbb55.com, 1
+ffbbb66.com, 1
+ffbbb77.com, 1
+ffbbb88.com, 1
+ffbbb99.com, 1
+ffbsee.net, 0
+ffc-gerlingen.de, 1
+ffccc00.com, 1
+ffccc11.com, 1
+ffccc22.com, 1
+ffccc33.com, 1
+ffccc44.com, 1
+ffccc55.com, 1
+ffccc66.com, 1
+ffccc88.com, 1
+ffccc99.com, 1
+ffddd00.com, 1
+ffddd11.com, 1
+ffddd22.com, 1
+ffddd33.com, 1
+ffddd44.com, 1
+ffddd55.com, 1
+ffddd66.com, 1
+ffddd77.com, 1
+ffddd88.com, 1
+ffddd99.com, 1
+ffeee00.com, 1
+ffeee11.com, 1
+ffeee22.com, 1
+ffeee33.com, 1
+ffeee44.com, 1
+ffeee55.com, 1
+ffeee66.com, 1
+ffeee77.com, 1
+ffeee88.com, 1
+ffeee99.com, 1
+fff-du.de, 1
+fffaa00.com, 1
+fffaa11.com, 1
+fffaa22.com, 1
+fffaa33.com, 1
+fffaa44.com, 1
+fffaa55.com, 1
+fffaa66.com, 1
+fffaa77.com, 1
+fffaa88.com, 1
+fffaa99.com, 1
+fffbb00.com, 1
+fffbb11.com, 1
+fffbb22.com, 1
+fffbb33.com, 1
+fffbb44.com, 1
+fffbb55.com, 1
+fffbb66.com, 1
+fffbb77.com, 1
+fffbb88.com, 1
+fffbb99.com, 1
+fffbhv.de, 1
+fffcc00.com, 1
+fffcc11.com, 1
+fffcc22.com, 1
+fffcc33.com, 1
+fffcc44.com, 1
+fffcc55.com, 1
+fffcc66.com, 1
+fffcc77.com, 1
+fffcc88.com, 1
+fffcc99.com, 1
+fffdd00.com, 1
+fffdd11.com, 1
+fffdd22.com, 1
+fffdd33.com, 1
+fffdd44.com, 1
+fffdd55.com, 1
+fffdd66.com, 1
+fffdd77.com, 1
+fffdd88.com, 1
+fffdd99.com, 1
+fffdm.com, 1
+fffee00.com, 1
+fffee11.com, 1
+fffee22.com, 1
+fffee33.com, 1
+fffee44.com, 1
+fffee55.com, 1
+fffee66.com, 1
+fffee77.com, 1
+fffee88.com, 1
+fffee99.com, 1
+fffgg00.com, 1
+fffgg11.com, 1
+fffgg22.com, 1
+fffgg33.com, 1
+fffgg44.com, 1
+fffgg55.com, 1
+fffgg66.com, 1
+fffgg77.com, 1
+fffgg88.com, 1
+fffgg99.com, 1
+fffhh00.com, 1
+fffhh11.com, 1
+fffhh22.com, 1
+fffhh33.com, 1
+fffhh44.com, 1
+fffhh55.com, 1
+fffhh66.com, 1
+fffhh77.com, 1
+fffhh88.com, 1
+fffhh99.com, 1
+fffii00.com, 1
+fffii11.com, 1
+fffii22.com, 1
+fffii33.com, 1
+fffii44.com, 1
+fffii55.com, 1
+fffii66.com, 1
+fffii77.com, 1
+fffii88.com, 1
+fffii99.com, 1
+fffjj00.com, 1
+fffjj11.com, 1
+fffjj22.com, 1
+fffjj33.com, 1
+fffjj44.com, 1
+fffjj55.com, 1
+fffjj66.com, 1
+fffjj77.com, 1
+fffjj88.com, 1
+fffjj99.com, 1
+fffkk00.com, 1
+fffkk11.com, 1
+fffkk22.com, 1
+fffkk33.com, 1
+fffkk44.com, 1
+fffkk55.com, 1
+fffkk66.com, 1
+fffkk77.com, 1
+fffkk88.com, 1
+fffkk99.com, 1
+fffll00.com, 1
+fffll11.com, 1
+fffll22.com, 1
+fffll33.com, 1
+fffll44.com, 1
+fffll55.com, 1
+fffll66.com, 1
+fffll77.com, 1
+fffll88.com, 1
+fffll99.com, 1
+fffmm00.com, 1
+fffmm11.com, 1
+fffmm22.com, 1
+fffmm33.com, 1
+fffmm44.com, 1
+fffmm55.com, 1
+ffiec.gov, 1
+ffis.me, 0
+ffl123.com, 1
+fflone.com, 1
+ffmradio.de, 1
+ffmv.de, 1
+ffnm.org, 1
+ffp-survey.com, 1
+ffprofile.com, 1
+ffrev.de, 1
+ffsociety.nl, 1
+fftech.se, 1
+fftechnology.pt, 1
+fftimes.com, 1
+ffty2.com, 1
+ffw-zeven.de, 1
+ffwd-it.nl, 1
+ffxiv-eureka.com, 1
+ffxiv-tools.jp, 1
+ffzeven.de, 1
+fgdc.gov, 1
+fgeiger.dnshome.de, 1
+fggpay.com, 1
+fgidu.com, 1
+fgsv-kongress.de, 1
+fgtsolutions.com, 1
+fgui.de, 1
+fh-apac.com, 1
+fh-chinese.com, 1
+fh-chn.com, 1
+fh-jituan.com, 1
+fh-wechat.com, 1
+fh-x.de, 1
+fh-zh.com, 1
+fh169.cc, 1
+fh6lfwyn.com, 1
+fh70.com, 0
+fhappcp.com, 1
+fhar.be, 1
+fharbe.com, 1
+fharbe.de, 1
+fharbe.net, 1
+fhasiacorp.com, 1
+fhasiacorporate.com, 1
+fhba.com.au, 1
+fhcdn.xyz, 1
+fhdhelp.de, 0
+fhdhilft.de, 0
+fhersoberanes.tk, 1
+fhfaoig.gov, 1
+fhfuhui.com, 1
+fhglobal-zh.com, 1
+fhglobal-zhs.com, 1
+fhglobalcn.com, 1
+fhgroup-chn.com, 1
+fhgroup-cn.com, 1
+fhgroup-zh.com, 1
+fhgroup-zhs.com, 1
+fhgroupcn.com, 1
+fhgroupzhs.com, 1
+fhi.nl, 1
+fhjituan-cn.com, 1
+fhjituan-zh.com, 1
+fhjituan-zhs.com, 1
+fhjituancn.com, 1
+fhjituanzhs.com, 1
+fhjt-apac.com, 1
+fhjt-zh.com, 1
+fhjtapac.com, 1
+fhjtchn.com, 1
+fhjtcn.com, 1
+fhjtglobal.com, 1
+fhjtzh.com, 1
+fhjtzhs.com, 1
+fhm.duckdns.org, 1
+fhmarkets.com, 1
+fhmkh.cn, 1
+fhome.ch, 1
+fhope.org, 1
+fhsseniormens.club, 1
+fhstation.com, 1
+fhstatus-chinese.com, 1
+fhtrader.com, 1
+fhv-waldhausen.de, 1
+fhwechat.com, 1
+fhzhs.com, 1
+fi.google.com, 1
+fi.se, 1
+fi.search.yahoo.com, 0
+fiam.me, 1
+fiamtorino.eu, 1
+fianna.tk, 1
+fianoromano.news, 1
+fiasgo.dk, 1
+fiataldivat.hu, 1
+fibank.bg, 1
+fiberoptikz.tk, 1
+fiberxl.com, 1
+fibery.io, 1
+fibogroup.com, 1
+fibrasynormasdecolombia.com, 1
+fibraworks.com, 1
+fibrefly.co.uk, 1
+fibrenttech.co.za, 1
+fibretv.co.nz, 1
+fibretv.tv, 1
+fibroarrendacaseton.mx, 0
+fibromuebles.com, 1
+fibu.email, 1
+fibune.com, 1
+fibutest.de, 1
+fic.is, 1
+fichajes.com, 1
+fichier-pdf.fr, 0
+fickfreundinnen.net, 1
+fickweiler.nl, 1
+ficlab.com, 1
+fico.com, 1
+ficor.gov, 1
+fictionaltruths.com, 1
+ficus.io, 0
+fid-elite.ch, 0
+fidanza.eu, 1
+fiddle.to, 1
+fiddlesaw.com, 1
+fiddlestickstoys.com.au, 1
+fidelapp.com, 1
+fidelis-it.ch, 1
+fidelis-it.net, 1
+fidelitybank.com.gh, 1
+fidelityhomestead.com, 1
+fidelitysound.es, 1
+fidell.com.ua, 1
+fides.ch, 1
+fideschile.tk, 1
+fidesic.com, 0
+fidgetbox.co.uk, 1
+fidhouriet.ch, 1
+fidlar.com, 1
+fidmmuseum.org, 1
+fidoo.com, 1
+fiduciaire-ratio.ch, 0
+fiducoldex.com.co, 1
+fiedelaks-landbarf.de, 1
+fieggen.eu, 1
+fieggen.net, 1
+fiekeoffringa.nl, 1
+fieldcrafts.com, 1
+fieldeffect.com, 1
+fieldsgynroboticsurgery.com, 1
+fieldworkbrewing.com, 1
+fienaliri.tk, 1
+fierman.eu, 0
+fierman.net, 0
+fierman.us, 0
+fierscleaning.nl, 1
+fiery.me, 0
+fieryaura.eu, 1
+fierykitchen.pl, 1
+fiesta-mk5-limited-edition.nl, 1
+fiestasalquezar.tk, 1
+fiet.cat, 1
+fietsambassade.be, 1
+fietsambassade.gent, 1
+fietsambassadegent.be, 1
+fietsennaarbarcelona.tk, 1
+fietsherstel.gent, 1
+fietsvakman.nl, 1
+fietsvierdaagsen.nl, 1
+fifaaddict.com, 1
+fifacup.ga, 1
+fifadimensions.tk, 1
+fifafans.tk, 1
+fifastars.tk, 1
+fifatournament.tk, 1
+fifaultimatemod.tk, 1
+fifauteam.com, 1
+fifehg.org.uk, 1
+fifemedicalgroup.co.uk, 1
+fiff.de, 0
+fifi.club, 1
+fifr.nl, 1
+fifthwall.com, 1
+fiftynorth.eu, 1
+fiftyseven.media, 1
+fiftyshadesofgreyfullmovie.ga, 1
+fiftyshadesofluca.ml, 1
+fig.ms, 1
+figaroparrucchiere.it, 1
+figbert.com, 1
+figbytes.biz, 1
+figbytes.com, 1
+fighribali.tk, 1
+fightape.cf, 1
+fightape.ga, 1
+fightape.gq, 1
+fightape.ml, 1
+fighter-planes.tk, 1
+fighting-turtle.tk, 1
+fightingshit.tk, 1
+fightsupplies.co.uk, 1
+figl.net, 1
+figliasons.com, 1
+figma.com, 1
+figmalover.com, 1
+figshare.com, 1
+figsrugbyleague.com.au, 1
+figura.cz, 1
+figuras.tk, 1
+figurasdelinguagem.com.br, 1
+figure.com, 1
+figure.nz, 1
+figuro.la, 0
+figuurzagers.nl, 0
+fihatest.ml, 1
+fiilr.com, 1
+fiix.io, 1
+fija.org, 1
+fijibutterflyfishcount.com, 1
+fijimarinas.com, 1
+fijiresortforsale.com, 1
+fijisharkcount.com, 1
+fijnefeestdageneneengelukkignieuwjaar.nl, 1
+fijnewoensdag.nl, 1
+fiken.no, 1
+fikirtasarim.net, 1
+fikong.com, 1
+fikrinet.tk, 1
+fikriwildannugraha.com, 1
+fiksem-it.nl, 1
+fil-tec-rixen.com, 1
+fil.fi, 0
+filamentia.nl, 1
+filanthropystar.org, 1
+filantropikum.com, 1
+filapanel.com, 1
+filaretihairlove.gr, 1
+filcosplay.tk, 1
+file-cloud.eu, 1
+file.ac, 1
+file24.tk, 1
+filebox.one, 1
+filecopa.com, 1
+filedesc.com, 1
+filedoom.ml, 1
+filehash.de, 1
+filehippo.com, 1
+filehippo.jp, 1
+filehorsefile.com, 1
+fileio.io, 1
+filejet.io, 1
+filejo.com, 1
+filek.ga, 1
+fileon.com, 1
+fileplanet.com, 1
+fileport.io, 1
+filequit.xyz, 1
+files.com, 0
+files.from-me.org, 1
+files.to, 1
+filesense.com, 1
+fileservicios.com.ar, 1
+fileshare.party, 1
+filesharingshop.com, 1
+filesoup.io, 1
+filestar.io, 1
+filestartest.io, 1
+filesuffix.com, 1
+filetransfer.one, 1
+filezilla-project.org, 1
+filhodohomem.com, 1
+filhomes.ph, 1
+fili.com, 1
+filidorwiese.nl, 1
+filigrana.tk, 1
+filiio.com, 1
+filiotech.com, 1
+filiotech.pl, 1
+filip-prochazka.com, 0
+filipadamczak.com, 1
+filipi.no, 1
+filipinasdailynews.tk, 1
+filipinochinese.tk, 1
+filipinostaff.uk, 1
+filipn.cz, 1
+filippo.io, 1
+filippoberio.co.uk, 1
+filippodanesi.it, 0
+filipstaffa.net, 1
+filizaker.tk, 1
+filleritemsindia.com, 1
+fillmorecountyne.gov, 1
+fillmysuitca.se, 1
+fillo.com.tr, 1
+fillu.de, 1
+film-colleges.com, 1
+film-op-tv.nl, 1
+film-storyboards.com, 0
+film-storyboards.fr, 0
+film-tutorial.com, 1
+film.ru, 1
+filmarchiv-sachsen.de, 0
+filmatiporno.xxx, 1
+filmbabasi.net, 1
+filmbasar.com, 1
+filmbest.tk, 1
+filmcorner.tk, 1
+filmdates.co.uk, 1
+filme-onlines.com, 1
+filmedonstage.com, 1
+filmezzunk.hu, 1
+filmfestivalflix.com, 1
+filmfog.cf, 1
+filmfog.ga, 1
+filmimpact.com, 1
+filmisfun.com, 1
+filmisfun.net, 1
+filmizleindir.tk, 1
+filmkode.com, 1
+filmnet.pl, 1
+filmnetz.tk, 1
+filmoffice.pl, 1
+filmosliw.cf, 1
+filmotekaplus.pl, 1
+filmovka.pl, 1
+filmowanie-dronem.com.pl, 1
+filmphotograph.com, 1
+filmpornofrancais.fr, 1
+filmpronet.in, 1
+filmsearch.tk, 1
+filmserver.de, 1
+filmsidan.tk, 1
+filmsite-studio.com, 1
+filmsleague.com, 1
+filmtheaternieuwegein.tk, 1
+filmwallpapers.ml, 1
+filmyporno.net, 1
+filmzwesela.online, 1
+filobot.xyz, 1
+filokiralama.name.tr, 1
+filosofare.tk, 1
+filosofia.tk, 1
+filpromer.com, 1
+filstop.com, 1
+filter-kiev.com, 1
+filterlists.com, 1
+filtershekanha.com, 1
+filthyapartmenters.ga, 1
+filthyapartmentest.ga, 1
+filtr.me, 1
+filworx.com, 1
+fimc-biodiversityportal.org, 1
+fimfiction.net, 1
+fimozin.ga, 1
+fimp.pt, 1
+fimsquad.com, 1
+fin-ware.ru, 1
+fin.ee, 0
+fina-foxy.com, 1
+finagosolo.com, 1
+finaktiv.tk, 1
+final-expense-quotes.com, 1
+final-rest.co.uk, 1
+final-x.com, 1
+final.ac, 1
+finalashes.tk, 1
+finalesuperuser.com, 1
+finalfate.tk, 1
+finalfoursteam.tk, 1
+finalfourstream.tk, 1
+finalgambit.band, 1
+finalleopard.tk, 1
+finalmenteazul.pt, 1
+finalonline.tk, 1
+finalrewind.org, 1
+finalweapon.net, 1
+finalworkdriesstef.tk, 1
+finalx.nl, 1
+finanalysis.com, 1
+finance-colleges.com, 1
+finance-consulting.ga, 1
+finance-devils.com, 1
+finance-equation.co.uk, 1
+finance-news.ga, 1
+financeaffiliateprograms.com, 1
+financecontrol.tk, 1
+financedepth.com, 1
+financedraft.com, 1
+financeforafrica.com, 1
+financeguest.com, 1
+financehindi.com, 1
+financeinterface.tk, 1
+financejobs.ch, 1
+financelong.com, 1
+financemagnates.com, 1
+financemain.com, 1
+financenews.tk, 1
+financepen.com, 1
+financeplush.com, 1
+financepre.com, 1
+financestead.com, 1
+financethrive.com, 1
+financetwenty.com, 1
+financewhile.com, 1
+financewithcromulent.com, 1
+financial-law.tk, 1
+financial-standby.de, 1
+financialfreedomaus.com, 1
+financialfrolicker.com, 1
+financialhost.org, 1
+financialmoveers.ga, 1
+financialmoveest.ga, 1
+financialnews.today, 1
+financialopticshq.com, 0
+financialplannerworld.com, 1
+financniexperti.sk, 1
+finansa.no, 1
+finansified.com, 1
+finansinspektionen.se, 1
+finanskredirehberi.com, 0
+finanstilsynet.dk, 1
+finansy.tk, 1
+finanz-planer.net, 1
+finanzasydinero.com, 1
+finanzconsult.org, 1
+finanzen-az.com, 1
+finanzen-weblog.de, 1
+finanzierung-sofortzusage.de, 1
+finanztime.com, 1
+finanzwende-recherche.de, 1
+finaster.com.br, 1
+finax.eu, 1
+finbio.cf, 1
+fincabank.kg, 1
+fincarebank.com, 1
+fincas-ruiz.com, 1
+fincent.xyz, 1
+finch.am, 1
+finch.ga, 1
+finchkeeper.com, 1
+finchnest.co.uk, 1
+finchtechie.com, 1
+fincities.tk, 1
+find-mba.com, 1
+findahero.com.au, 1
+findairconditioningers.ga, 1
+findairconditioningest.ga, 1
+findallgames.com, 0
+findanengineer.com, 1
+findapinball.com, 1
+findautoloan.ml, 1
+findbalancedliving.com, 1
+findcanary.com, 1
+findcbdoilnearme.com, 1
+findcep.com, 0
+finddecisionsest.ga, 1
+findedeinencoach.net, 1
+findelahistoria.com, 1
+finder.bike, 1
+findete.tk, 1
+findeth.io, 1
+findheim.at, 0
+findhow.org, 1
+findingawesome.com, 1
+findinggenius.com, 1
+findingimagesers.ga, 1
+findingimagesest.ga, 1
+findingkorea.com, 0
+findingneverlandthemusical.com, 1
+findings.co, 1
+findingtheuniverse.com, 1
+findingturkeyers.ga, 1
+finditez.com, 1
+findlayohio.gov, 1
+findlimitsers.ga, 1
+findlocalproduce.co.uk, 1
+findmail.ga, 1
+findmassmoney.gov, 1
+findme.partners, 1
+findmentalhealth.co.uk, 1
+findmespot.com, 1
+findmybottleshop.com.au, 1
+findmycare.ca, 1
+findmyfamily.org, 1
+findmytricks.com, 0
+findnhmoney.gov, 1
+findolino.at, 1
+findoon.de, 1
+findoutlyrics.com, 1
+findprivateinvestor.com, 1
+findrejsepartner.dk, 1
+findsalmonest.ga, 1
+findscan.me, 1
+findschool.ge, 1
+findsingledating.ml, 1
+findstorenearme.ca, 1
+findstorenearme.co.uk, 1
+findstorenearme.us, 1
+findsupport.gov, 1
+findthatnude.com, 1
+findthere.net, 1
+findtrain.tk, 1
+findtreatment.gov, 1
+findyour.diet, 1
+findyourdreams.tk, 1
+findyouridealpartner.com, 1
+findyourstores.com, 1
+findyourvoice.ca, 1
+fine-services.paris, 1
+fineartbead.de, 1
+fineartbyjames.co.uk, 1
+finecocoin.io, 1
+finecraft.cc, 1
+finefriends.nl, 1
+finefriends.social, 1
+finefriendsapp.com, 1
+finehealth.ru, 0
+finehomesource.com, 1
+finelineaestheticstx.com, 0
+finenet.com.tw, 1
+fineshare.tk, 1
+finesio.sk, 1
+finesoon.net, 1
+finestblingers.ga, 1
+finestblingest.ga, 1
+finestrabatalera.tk, 1
+finestreview.cf, 1
+finet.se, 1
+finex.by, 1
+finexo.ch, 1
+finfleet.id, 1
+finfocus.today, 1
+finform.ch, 1
+finfowe.com, 1
+fingerlakesgaming.com, 1
+fingerprint.com, 0
+fingerprintjs.com, 1
+fingerscrossed.style, 1
+fingertight.ga, 1
+finhelp.ga, 1
+fini-de-jouer.ch, 0
+finicity.com, 1
+finilaviolence.gc.ca, 1
+finion.com, 1
+finishingpasteers.ga, 1
+finishingpasteest.ga, 1
+finishmaster.com, 1
+finisron.in, 1
+finkelstein.fr, 1
+finlandcook.online, 1
+finlandcook.top, 1
+finlaylloyd.com, 1
+finlib.in, 1
+finlito.tk, 1
+finmozg.ru, 1
+finn-svoboda.cf, 1
+finn-thorben.me, 1
+finn.io, 1
+finnclass.cz, 1
+finndel.no, 1
+finnhjelpemidler.no, 1
+finnishclothing.tk, 1
+finnishconsulting.com, 1
+finnjumping.tk, 1
+finnkupongkoder.no, 1
+finnwea.com, 0
+finom.co, 1
+finovate.com, 1
+finpomosh.gq, 1
+finprison.net, 1
+finpt.com, 0
+finqk.nl, 1
+finqueslaromanica.com, 1
+finr.fr, 1
+fins.money, 1
+finscan.com, 1
+finsecurity.eu, 1
+finsight.com, 1
+finsprings.org, 1
+finst.com, 1
+finstererlebnis.de, 1
+fintechaccelerate.com, 1
+fintechnics.com, 0
+finteo.de, 1
+fintracker.ca, 1
+fintry.ca, 0
+finturio.de, 1
+finvantage.com, 1
+finvantive.com, 1
+finvantive.nl, 1
+finverse.com, 1
+finwarriors.tk, 1
+finwe.info, 1
+finzy.com, 1
+fionahengartner.ch, 1
+fionamcbride.com, 1
+fionna.io, 1
+fiore31.fr, 1
+fiorellaweddings.com, 1
+fiorenzaperfumhome.com.br, 1
+fioriepiante.info, 1
+fioristionline.it, 1
+fioristionline.net, 1
+fiosgenomics.com, 1
+fioulmarket.fr, 1
+fipackaging.com, 1
+fiphfp.fr, 1
+fipo.life, 1
+fipq.tk, 1
+fir.ch, 1
+firatcakir.com.tr, 1
+firatnews.com, 1
+firatofm.tk, 1
+firaun.tk, 1
+firc.de, 1
+fire, 1
+fire-eyes.tk, 1
+fire-places.tk, 1
+fire-schools.com, 1
+fire-science-schools.com, 1
+firealarms.gq, 1
+fireballsteven.tk, 1
+firebaseio.com, 1
+firebirdrangecookers.com, 1
+firebounty.com, 1
+fireboxfood.com, 1
+firebrandchurch.com, 1
+firecask.com, 1
+firechip.cc, 1
+firecity.tk, 1
+firecore.com, 1
+firecry.org, 1
+firedemons.tk, 1
+firedo.de, 1
+firedup4success.com, 1
+fireeye.tk, 1
+firefart.at, 0
+firefense.com, 1
+firefightergarage.com, 1
+fireflygatlinburg.com, 1
+fireglow.de, 1
+fireinthedeep.com, 1
+fireintheholevideos.tk, 1
+fireleadership.gov, 1
+firelinkshrine.xyz, 1
+firemail.de, 1
+firemaker.tk, 1
+firenews.cf, 1
+firenza.org, 1
+firenzetoday.it, 1
+fireoakstrategies.com, 1
+fireperformerstoronto.com, 1
+fireplacerepairlasvegas.com, 1
+fireplex.co.uk, 1
+fireportal.cz, 1
+fireportal.sk, 1
+fireradio.tk, 1
+firerain.me, 1
+fireservicerota.co.uk, 1
+fireshellsecurity.team, 1
+firesofheaven.org, 1
+firesolutionsinc.com, 1
+firestart.tk, 1
+firestarter.fi, 1
+firestickhacks.com, 1
+firestuff.org, 1
+firetotheprisons.org, 1
+firetrunk.com, 1
+fireurboss.tk, 1
+firevap.org, 1
+firewall.net.za, 1
+firewallremoval.cf, 1
+firewallremovalers.ga, 1
+fireware.tk, 1
+fireworksshowvr.com, 1
+firexarxa.de, 1
+firexfly.com, 1
+firexp.tk, 1
+firingsquad.tk, 1
+firma-cerny.cz, 1
+firma-offshore.com, 1
+firmador.cloud, 1
+firmador.online, 1
+firmaet.com, 1
+firmajulegaver.dk, 1
+firmale.com, 1
+firmament.space, 1
+firmament.tk, 1
+firmanali.com, 1
+firmant.me, 1
+firmapi.com, 1
+firmennie-crossovki.tk, 1
+firmenwerbung-vermarktung.de, 1
+firmfoundationsconsulting.com, 0
+firmkernel.tk, 1
+firmware.science, 1
+firobe.fr, 1
+firouz.tk, 1
+firsov.gq, 1
+first-aid-kit.net, 0
+first-house.no, 1
+first-hyp.de, 1
+first-legion.eu, 1
+first-money.tk, 1
+first-ns.com, 0
+first-time-offender.com, 1
+first-wishes.com, 1
+first.org, 1
+first4it.com, 1
+firstbankkansas.com, 1
+firstbaptistchurchofchrist.org, 1
+firstbooks.ml, 1
+firstbus.co.uk, 1
+firstcallnc.com, 1
+firstcapitalfcu.com, 1
+firstcentralsavings.com, 1
+firstchoicebouncycastlehire.co.uk, 1
+firstchoicefriseur.at, 1
+firstchoicejunkservice.com, 1
+firstchurchmn.org, 1
+firstcitizensbank.com, 1
+firstclass.com.kh, 1
+firstclasscastles.com, 1
+firstclassleisure.co.uk, 1
+firstclassnuisance.tk, 1
+firstclinic.tk, 1
+firstcoastsir.com, 1
+firstcoastteaco.com, 1
+firstcolonyengraving.com, 1
+firstcommunity.com, 1
+firstcontact.cf, 1
+firstdry.com.br, 1
+firstechpayments.com, 1
+firstfinanceit.com, 1
+firstfinca.de, 1
+firstgov.gov, 1
+firstgradeframeofmind.com, 1
+firstimpressionsecuritydoors.com, 1
+firstlab.com, 1
+firstlayout.net, 1
+firstlegal.group, 1
+firstlightinspirations.tk, 1
+firstload.tk, 1
+firstmall.de, 1
+firstmarket.tech, 1
+firstname.tk, 1
+firstnet.gov, 1
+firstnetwork.cf, 1
+firstnetworksouth.com, 1
+firstorion.com, 1
+firstperformance.ro, 1
+firstphilec.com, 1
+firstplace.ga, 1
+firstq.xyz, 1
+firstqa.com, 1
+firstresponder.gov, 1
+firstserviceplumbing.com, 1
+firstshowing.net, 1
+firstsiteguide.tk, 1
+firsttimer.tk, 1
+firsttimeround.tk, 1
+firsttimeshopperers.ga, 1
+firsttimeshopperest.ga, 1
+firstup.io, 1
+firstversionist.com, 1
+firstwebring.tk, 1
+firstwordpharma.com, 1
+firthidaho.gov, 1
+firtreetechnology.co.uk, 1
+fis.io, 1
+fisa.net.za, 1
+fiscalidadresiduos.org, 1
+fiscalitatresidus.org, 1
+fischbacher-reisebuero.de, 1
+fischer-group.com, 1
+fischer-immoteam.de, 1
+fischer-its.com, 0
+fischer-kundendienst.de, 1
+fischer-programmierung.ch, 0
+fischer-wasels-medizin.de, 1
+fischerfutureheat.de, 1
+fischerp.net, 1
+fischers.srv.br, 1
+fischersports.com, 1
+fiscoeconti.it, 1
+fish-hook.ru, 1
+fish-n-chips.uk, 1
+fish2.me, 1
+fish24.bg, 1
+fishbattle.io, 1
+fishbattle.net, 1
+fishbrain.com, 1
+fishcorp.dk, 1
+fishergo.ml, 1
+fishergo.tk, 1
+fishermailbox.net, 1
+fisherman-union.ml, 1
+fishermansbend.apartments, 1
+fishermansbendcorporation.com.au, 1
+fishermansbendtownhouses.com.au, 1
+fishersin.gov, 1
+fishfive.top, 1
+fishgen.no, 1
+fishingworld.tk, 1
+fishingzone.bg, 1
+fishlanestudios.com, 1
+fishman.idv.tw, 1
+fishoftheday.tv, 1
+fishoilsafety.com, 1
+fishport.cloud, 1
+fishserver.net, 1
+fishtacos.blog, 1
+fishtank.ga, 1
+fishycam.com, 1
+fishygames.ml, 1
+fishyscans.tk, 1
+fishystuff.cf, 1
+fisinfomanagerdr.com, 1
+fisio-clinics.com, 1
+fisiobox.eu, 1
+fisiodomiciliargoiania.com.br, 1
+fisioterapia-online.com, 1
+fisioterapiaalquimia.com, 1
+fisioterapialanchares.com, 1
+fisioterapista.roma.it, 1
+fisiotohome.com, 1
+fiskelures.se, 1
+fission.moe, 1
+fistingtogether.com, 1
+fisvo.org, 0
+fit-4u.ch, 0
+fit-mit-nina.com, 1
+fit-mit-system.eu, 1
+fit-portal.ru, 1
+fit365.jp, 0
+fit81.com, 1
+fit81.it, 1
+fitandfightrijswijk.nl, 1
+fitanu.com, 1
+fitas.store, 1
+fitasdobonfim.com, 1
+fitbase.cf, 1
+fitbase.fitness, 1
+fitbodyestetica.com.br, 1
+fitbylo.com, 1
+fitcamp.fitness, 1
+fitch.group, 1
+fitchannel.com, 1
+fitchconnect-stg.com, 1
+fitchconnect.com, 1
+fitchpeople.nl, 1
+fitcoachion.com, 1
+fitcrewhn.com, 1
+fitculator.com, 1
+fite.family, 0
+fitecleaningservices.com, 1
+fitekin.com, 1
+fitequilibrio.com.br, 1
+fitflaop.ga, 1
+fitfocusau.com.au, 1
+fitfoodfab.nl, 1
+fitfoodrecipe.com, 1
+fitikafo.com, 1
+fitint.ro, 1
+fitleads.nl, 1
+fitlinewellnesscoach.com, 1
+fitmeat.at, 1
+fitmommyinheels.com, 1
+fitmybike.eu, 0
+fitness-challenge.co.uk, 1
+fitness-world.ga, 1
+fitness.edu.au, 1
+fitness.gov, 1
+fitnessbenefit.com, 1
+fitnessbest.com, 1
+fitnessbond.com, 1
+fitnessfoodguide.com, 1
+fitnesshaber.com, 1
+fitnessimage.com.au, 1
+fitnesskarate.club, 1
+fitnessmaus.com, 1
+fitnessplanet.best, 1
+fitnessstudio-website.de, 1
+fitnesstotal.com.br, 1
+fitnesstrainer-website.de, 1
+fitnessunder50.com, 1
+fitnessup.fr, 1
+fitnessupay.com, 1
+fitnessupreme.com, 1
+fitnessvocab.com, 1
+fitnessvolt.com, 1
+fitnetion.com, 1
+fitnhot.com, 1
+fitnur.com, 1
+fitnutkatie.com, 1
+fitnutricode.pt, 1
+fito.tk, 1
+fitodifesa.it, 1
+fitotovar.ru, 1
+fitpass.co.in, 1
+fitrecepty.info, 1
+fitrospective.com, 1
+fitspo.net, 1
+fitspring.com, 1
+fittelo.cz, 1
+fitxxxsandy.net, 1
+fitzsim.org, 1
+fiu.ee, 0
+fius.de, 1
+five.sh, 1
+fiveboosts.xyz, 1
+fivecrm.com, 1
+fivefortheroad.com, 1
+fivegraces.com, 1
+fiveminute.tk, 1
+fivepb.me, 1
+fivepedia.tk, 1
+fiveslice.pizza, 1
+fivestar.et, 1
+fivestartrader.com, 1
+fivetecnologia.com, 1
+fivethirtyeight.com, 1
+fiveyearsahead.com, 1
+fix-boredom.ml, 1
+fix-css.com, 1
+fix-ru.ga, 1
+fix-the-timeline.com, 1
+fix-the-timeline.org, 1
+fix.mk, 1
+fixedfeeplacements.co.uk, 1
+fixedgear.tk, 1
+fixedmatch.bet, 1
+fixedtoday.com.au, 1
+fixerra.tech, 1
+fixfd.com, 1
+fixfix.ch, 1
+fixfm.tk, 1
+fixforce.nl, 1
+fixi.dk, 1
+fiximage.net, 1
+fixingscrews.co.uk, 1
+fixmobile.online, 1
+fixmyalarmpanel.co.uk, 1
+fixmyglitch.com, 1
+fixodent-fr-fr-swapper.azurewebsites.net, 1
+fixodent.fr, 1
+fixorg.ru, 1
+fixpart.de, 1
+fixpart.nl, 1
+fixpix.gq, 1
+fixplusflex.de, 1
+fixpoint.co.at, 1
+fixpoint.systems, 1
+fixthetimeline.com, 1
+fixthetimeline.org, 1
+fixturemundial.com, 1
+fixupx.com, 1
+fixverkaufen.de, 1
+fiyatgrafik.com, 1
+fiyatinedir.net, 1
+fizadvocaten.nl, 1
+fizeau.com, 1
+fiziktedavi.name.tr, 1
+fizjo-strefa.com, 1
+fizjonell.pl, 1
+fizjoterapia.uk, 1
+fizjourogeek.pl, 1
+fizmix.lv, 1
+fizyonetistanbul.com, 1
+fizyoterapi.name.tr, 1
+fizz.buzz, 1
+fizz.cloud, 1
+fizz.space, 1
+fizz.studio, 1
+fizz.systems, 1
+fizz.team, 1
+fizz.technology, 1
+fizz.tools, 1
+fizz.zone, 1
+fizzcharts.com, 1
+fizzcompetitions.com, 1
+fizzcoronationstreetdied.cf, 1
+fizzcreativemedia.com, 1
+fizzstudio.org, 1
+fj.je, 1
+fj.search.yahoo.com, 0
+fjallbackacamping.se, 1
+fjallconnections.com, 1
+fjant.tk, 1
+fjco.alsace, 1
+fjerhammer.dk, 1
+fjewellery.co.uk, 1
+fjharcu.com, 1
+fjkl.uk, 1
+fjnuacm.top, 1
+fjordboge.dk, 1
+fjordenpaard.tk, 1
+fjordtorsk.se, 1
+fjsb.com, 1
+fjugstad.com, 1
+fjzone.org, 1
+fkbae.to, 1
+fkcdn.de, 1
+fkfev.de, 1
+fkgfw.men, 1
+fklegal.com, 1
+fkmt-server.net, 1
+fkosquad.moe, 1
+fkraiem.org, 1
+fktpm.ru, 1
+fl-ad.com, 1
+fl-catering.ru, 1
+fl.ru, 1
+fl3xx.com, 1
+flabacinov.ga, 1
+flabutelov.tk, 1
+flacandmp3.ml, 1
+flacon.tk, 1
+flacsoandes.edu.ec, 1
+fladnag.net, 1
+flaeskeklubben.dk, 1
+flaeskeklubben.eu, 1
+flagburningworld.com, 1
+flagcdn.com, 1
+flagfox.net, 1
+flaggorvarlden.se, 1
+flaggrimsby.co.uk, 1
+flagi-panstw.pl, 1
+flagipanstw.info.pl, 1
+flagipanstw.pl, 1
+flagistrany.ru, 1
+flaglercounty.gov, 1
+flaglerelections.gov, 1
+flaglermosquito.gov, 1
+flagma-no.com, 1
+flagma.biz.tr, 1
+flagma.by, 1
+flagma.de, 1
+flagma.es, 1
+flagma.hu, 1
+flagma.pl, 1
+flagma.ua, 1
+flagma.uz, 1
+flagpedia.asia, 1
+flagpedia.net, 1
+flagriculture.gov, 1
+flagspot.net, 0
+flagstone-magazin.ro, 0
+flagthis.com, 1
+flagyl-500-mg.ga, 1
+flair.nl, 1
+flaite.com, 1
+flakytest.com, 1
+flam.studio, 1
+flaman-h7a.fr, 1
+flamehaze.tk, 1
+flamencoexplained.com, 0
+flamencoshoes.tk, 1
+flamengopi.tk, 1
+flamentecnic.tk, 1
+flameofthoughts.tk, 1
+flameport.com, 1
+flamer-scene.com, 0
+flamet.eu, 0
+flameviper.tk, 1
+flamingcow.tv, 1
+flaminggorgefireandems.gov, 1
+flamingkeys.com, 1
+flamingogroup.vn, 1
+flamingoroute.tk, 1
+flamingowomenspavilion.com, 1
+flamme-von-anor.de, 1
+flammy.tk, 1
+flamoes.be, 1
+flamtky.de, 1
+flana.com, 1
+flanadot.com, 1
+flanagan.tk, 1
+flanderslaw.com, 1
+flandersmake.be, 1
+flanga.io, 0
+flanigan.tk, 1
+flapoverspeed.com, 1
+flapperistic.tk, 1
+flare.cloud, 1
+flareian.com, 1
+flaretechnologies.io, 1
+flarewalker.com, 1
+flarewalker.eu, 1
+flarewalker.net, 1
+flarewalker.org, 1
+flareweb.it, 1
+flart.tk, 1
+flarumtr.com, 1
+flasaki.gr, 1
+flash-games.tk, 1
+flashback.org, 1
+flashbackband.tk, 1
+flashbeat.tk, 1
+flashcardsmobile.com, 1
+flashcover.com.br, 1
+flasheschile.tk, 1
+flashgamedev.tk, 1
+flashgamesplayer.com, 1
+flashgot.net, 1
+flashigra.tk, 1
+flashingblinkylights.com, 1
+flashissue.com, 1
+flashkeysers.ga, 1
+flashlightchart.com, 1
+flashpegasus.com.br, 1
+flashscores.tk, 1
+flashset.tk, 1
+flashuk.com, 1
+flassetlocators.com, 1
+flaszka.com, 1
+flat-cdn.com, 1
+flat-embed.com, 1
+flat-tire.biz, 1
+flat.io, 1
+flatart.pl, 1
+flatbellyreview.com, 1
+flatbook.one, 1
+flatcast.tk, 1
+flatcoated.tk, 1
+flatheadelectric.com, 1
+flathome.co.jp, 1
+flaticons.net, 1
+flatlandchurch.com, 0
+flatmail.net, 1
+flatmail.pl, 1
+flatmatehub.com.au, 1
+flatpackmates.co.uk, 1
+flatplanet.tk, 1
+flatrate.com, 0
+flatreviews.co.nz, 1
+flatrooms-chiemgau.de, 1
+flatsomestudio.ir, 1
+flatsurfers.eu, 1
+flattie.cz, 1
+flatwoodsky.gov, 1
+flauschig.net, 1
+flavelappliances.com, 1
+flaviao.com, 1
+flavinha.tk, 1
+flavinus.fr, 1
+flaviu.co.uk, 1
+flavo.io, 1
+flavorblogers.ga, 1
+flavorblogest.ga, 1
+flawed.world, 1
+flawedworld.com, 1
+flawless-gaming.tk, 1
+flawlesscowboy.xyz, 1
+flawlessly.tk, 1
+flawlessweddings.nl, 1
+flayla.tk, 1
+flblog.top, 0
+flcatering.com, 1
+flcgil.it, 1
+flcma.gov, 1
+flcourts.gov, 1
+flcttn.com, 1
+fldjj.gov, 1
+fldsmdfr.nl, 1
+flealab.it, 1
+flechatec.net.br, 0
+fleche-ardennaise.be, 1
+flect.net, 1
+fleeb.xyz, 1
+fleep.io, 1
+fleeps.co, 0
+fleesty.dynv6.net, 1
+fleet-group.com, 1
+fleet-search.com, 1
+fleet.gov, 1
+fleetcomplete.com, 1
+fleetcor.at, 1
+fleetcor.ch, 1
+fleetcor.cz, 1
+fleetcor.de, 1
+fleetcor.fr, 1
+fleetcor.hu, 1
+fleetcor.lu, 1
+fleetcor.nl, 1
+fleetcor.pl, 1
+fleetcor.sk, 1
+fleetcorcards.be, 1
+fleetlinkatlascopco.com, 1
+fleetofhope.tk, 1
+fleetsmith.com, 1
+fleetssl.com, 1
+fleettools.tk, 1
+fleetyards.net, 1
+flehm.de, 1
+fleisch.club, 1
+fleischkaes.de, 1
+fleki.hu, 1
+flemberg.com, 1
+fleming.de, 1
+flemingmccullagh.com, 1
+flemingtonaudiparts.com, 1
+flemishopelclub.tk, 1
+flens.dance, 1
+flensburg-hilft-flensburg.de, 1
+flerstourisme.fr, 1
+fleshtone.tk, 1
+fleshwound.tk, 1
+fletcherdigital.com, 1
+fletcherdoescrime.com, 1
+fletchmusic.tk, 1
+fletchto99.com, 1
+fletesymudanzasbaratas.com, 1
+flets-ms.com, 1
+fleurdelune.it, 1
+fleurenplume.fr, 1
+fleurette.me, 1
+fleuriste-cannes.fr, 1
+fleuromance.ga, 1
+fleursdesoleil.fr, 0
+fleursdujour.ph, 1
+fleuryfleury.com, 1
+flevoland.nl, 1
+flex-one.fr, 1
+flex1solutions.com, 1
+flexalert.org, 1
+flexapplications.se, 1
+flexartsocial.com, 1
+flexbpo.com.br, 1
+flexcube.ch, 1
+flexdesign.fr, 1
+flexdrukker.nl, 1
+flexforcemonkey.com, 1
+flexgs.ca, 1
+flexgs.net, 1
+flexhyp.de, 1
+flexi-dance.pl, 1
+flexiblenetflow.com, 1
+flexibsd.com, 1
+flexicano.nl, 1
+flexicurity.tk, 1
+fleximus.org, 0
+flexingpro.com, 1
+flexinsurance.com.au, 1
+flexinvesting.fi, 0
+flexitanq.es, 0
+flexman.tk, 1
+flexmedia.tk, 1
+flexopus.com, 1
+flexphonesest.ga, 1
+flexpoint.com.br, 1
+flexport.com, 1
+flexsocialbox.com, 1
+flexsuplementos.com.br, 1
+flextrades.com, 1
+flextribly.xyz, 1
+flextudo.com, 1
+flextypes.com, 1
+flexundfix.de, 1
+flexve.com, 1
+flexworkhero.de, 1
+flfl.de, 1
+flgaming.gov, 1
+flhealthcharts.gov, 1
+fliacuello.com.ar, 1
+flibanserina.com, 1
+flicerdowneh.cf, 1
+flickcritter.com, 1
+flickdirect.com, 1
+flicke.red, 1
+flickingercenter.com, 1
+flickor.tk, 1
+flicks2click.com, 1
+flie.co.jp, 1
+flieger-funk-runde.de, 1
+fliesen-waldschmidt.de, 1
+flight.school, 1
+flightacademy-memmingen.com, 1
+flightairport.com, 1
+flightcheapfares.com, 1
+flightdiary.cf, 1
+flightdiary.ga, 1
+flightdiary.gq, 1
+flightfaretoindia.com, 1
+flightfrankfurt.com, 1
+flighthonolulu.com, 1
+flightjackets.tk, 1
+flightrights.gov, 1
+flightscarhire.com, 1
+flightschoolbooking.com, 1
+flightschoolcandidates.gov, 1
+flightschoolxxi.com, 1
+flightstimes.com, 1
+flightstoheathrow.com, 1
+flightti.com, 1
+flightticketsto.com, 1
+flightzero.cf, 1
+fliino.com, 1
+fliino.eu, 1
+fliino.info, 1
+fliino.net, 1
+fliino.org, 1
+flikmsg.co, 1
+flimnet.tk, 1
+flinch.io, 1
+fling.dating, 1
+flingflong.com, 1
+flinny.org, 1
+flintstones.tk, 1
+flip-flop.tk, 1
+flip.kim, 1
+flip.lease, 1
+flipflop.rs, 1
+flipin.ga, 1
+flipmusic.tk, 1
+flipneus.net, 1
+flipnhotdeals.com, 1
+flipos.be, 0
+flipperkast.tk, 1
+flippers-leuven.be, 1
+flipphotography.ga, 1
+flipping.land, 0
+flipsidevr.com, 1
+flipsnack.com, 1
+fliptable.org, 1
+flipthebrain.com, 1
+flipthescripts.org, 1
+flipweb.tk, 1
+flirt-norden.de, 1
+flirtbox.tk, 1
+flirtee.net, 1
+flirtitup.com, 1
+flirtline.tk, 1
+flirtlu.com, 1
+flirtlu.net, 0
+flirtlu.org, 1
+flirtportalcheck24.de, 1
+flirty.tk, 1
+flissinger.com, 1
+flixcheck.com, 1
+flixcheck.de, 1
+flixcost.com, 1
+flixed.io, 1
+flixflex.tk, 1
+flixone.com, 1
+flixpatrol.com, 1
+flixports.com, 1
+flixstats.com, 1
+flmedicaidmanagedcare.com, 1
+floart.tk, 1
+floatapp.com, 1
+floatationlocations.com, 1
+floaternet.com, 1
+floatifnghotel.cf, 1
+floatifnghotel.ga, 1
+floatifnghotel.tk, 1
+flockbox.club, 1
+flocktofedora.org, 1
+floersheimer-openair.de, 1
+floffi.media, 1
+flofr.gov, 1
+floify.com, 1
+floir.gov, 1
+floj.tech, 1
+flokinet.is, 1
+flokinet.social, 1
+flokinet.to, 1
+flokkr.com, 1
+floline.fr, 1
+flom.fi, 1
+flomax385.tk, 1
+flomedia.pl, 1
+flomeyer.de, 1
+floneo.fr, 1
+flonharmonymassage.space, 1
+floobits.com, 1
+floodboss.ml, 1
+flooddoctorva.com, 1
+floodguypro.com, 1
+floodheroessaltlakecity.com, 1
+floodsmart.gov, 1
+floogulinc.com, 1
+flooood.tk, 1
+floor3.co.uk, 1
+floorballphilippines.tk, 1
+floorhoursers.ga, 1
+floorhoursest.ga, 1
+flooringbidest.ga, 1
+flooringnightmares.com, 1
+flooringsourcetx.com, 1
+floors4lessbay.com, 1
+floort.net, 1
+floosak.co, 1
+flooz.trade, 0
+flop.tk, 1
+floppa.com.br, 1
+floppomoppo.ml, 1
+floppy.tk, 1
+flora-nova.tk, 1
+floraclick.net, 1
+florademurcia.tk, 1
+floraexpress.it, 1
+florafaunafavourites.co.uk, 1
+floragarden.tk, 1
+floralin.se, 1
+floralworkshopsers.ga, 1
+floranext.com, 1
+florante.com, 1
+florasite.tk, 1
+florausa.net, 0
+floravan.com, 1
+floravino.de, 1
+florealatelier.com, 1
+floreg.com, 1
+florencecountywi.gov, 1
+florenceutilitieswi.gov, 1
+florencewi.gov, 1
+florenciaextrema.tk, 1
+florenciasabio.com, 1
+florent-tatard.fr, 1
+floresastrid.tk, 1
+floresdocesfloricultura.com.br, 1
+floresgioiellishop.com, 1
+floresvilleedc.org, 0
+florevit.com, 1
+florhamparknj.gov, 1
+floria.online, 1
+florian-bachelet.fr, 1
+florian-knorn.com, 1
+florian-thie.de, 1
+florian2833z.de, 1
+florianartisans.com, 1
+florianbecker.it, 1
+florianbouchet.fr, 1
+floriankarmen.com, 1
+florianmitrea.uk, 1
+florianschmitt.ca, 1
+florianschmitt.tech, 1
+florianstroeger.com, 1
+florianstroeger.tk, 1
+floriantanner.ch, 1
+florianysantiago.com, 1
+florida-estetica.com, 1
+florida-immigration.com, 1
+florida-online.tk, 1
+florida-prep.org, 1
+floridaagriculture.gov, 1
+floridabrightfutures.gov, 1
+floridaconsumerhelp.gov, 1
+floridados.gov, 1
+floridaethics.gov, 1
+floridafabrication.net, 1
+floridafieros.org, 1
+floridafx.gov, 1
+floridahealthcareconnections.gov, 1
+floridaimigracao.com, 1
+floridalegion.org, 1
+floridaplasticsurgery.com, 1
+floridapowermanagement.com, 1
+floridarrc.com, 1
+floridasexhealth.com, 1
+floridastadium.ga, 1
+floridastadiumers.ga, 1
+floridastadiumest.ga, 1
+floridastatefair.com, 1
+floridastatefair.net, 1
+floridastatefairag.com, 1
+floridastatefairauthority.com, 1
+floridasturnpike.com, 1
+floridaweightlossdoctors.com, 1
+floriebriand.com, 0
+floriimorii.tk, 1
+floris.tk, 1
+florisbrunet.com, 1
+florismouwen.com, 1
+florismouwen.nl, 1
+floristavirtual.com.br, 1
+florisvdk.net, 1
+florix.tk, 1
+florlola.com, 1
+florp.social, 1
+flortal.de, 1
+flosch.at, 0
+floseed.fr, 1
+flossexanten.de, 1
+flosuretechnologies.com, 1
+floth.at, 1
+flothost.com, 1
+flothow.com, 1
+flourishdx.com, 0
+flourishgrazingevents.co.uk, 1
+flourishtogether.com, 1
+flow-serv.com, 1
+flow.su, 1
+flowair24.ru, 1
+flowalizer.com, 1
+flowalyzer.com, 1
+flowauditor.com, 1
+flowbuk.me, 1
+flowcount.xyz, 1
+flowcrypt.com, 1
+flowdise.com, 1
+flower5.org, 1
+flowercare.tk, 1
+flowercityflavor.com, 0
+flowerdelivery.tk, 1
+flowerdesign.tk, 1
+flowermound.gov, 1
+flowerpassword.com, 1
+flowerpictures.tk, 1
+flowers-city.com.ua, 0
+flowers-shops.tk, 1
+flowers.sumy.ua, 1
+flowers2moscow.com, 1
+flowersandplantsco.com, 1
+flowersbylegacy.com, 1
+flowerscaffe.com, 1
+flowersquito.com, 1
+flowerstateest.ga, 1
+flowerstopetersburg.com, 1
+flowerstoukraine.com, 1
+flowerstver.ru, 1
+flowerwholesale.com, 1
+flowfest.com, 1
+flowgate.net, 1
+flowgo.tk, 1
+flowhcm.com, 1
+flowheater.net, 1
+flowhopper.com, 1
+flowinformer.com, 1
+flowingdata.com, 1
+flowinity.com, 1
+flowinity.eu.org, 1
+flowinity.host, 1
+flowinvoice.com, 1
+flowio.cz, 1
+flowith.io, 1
+flowlytics.host, 1
+flowmagazine.com, 1
+flowmagazine.nl, 1
+flownonfiction.com, 1
+flownty.com, 1
+flowoodpolice.gov, 1
+flowreplicator.com, 1
+flowscale.com, 1
+flowstars.tk, 1
+flowstateyoga.com.au, 1
+flowstudios.com, 1
+flowtex.tk, 1
+floydcountyga.gov, 1
+floydcova.gov, 1
+floydsofleadville.com, 1
+floyt.com, 1
+flp-pushkar.info, 1
+flpd.gov, 1
+flpd6.gov, 1
+flra.gov, 1
+flsa6.gov, 1
+flsbanners.com, 1
+flslawyer.com, 1
+flst.link, 1
+flstaging.cloud, 1
+flubio.de, 1
+flubiostudios.com, 1
+flubiostudios.de, 1
+fluconazole.gq, 1
+fluencytech.com, 1
+fluessiggas.de, 1
+fluff.im, 1
+fluffy.tools, 1
+fluffycat.ga, 1
+fluffycloud.de, 1
+fluggesellschaft.de, 1
+flughafenairport.com, 1
+fluglektuere.com, 1
+flugplatz-edvc.de, 1
+flugplatzmanager.de, 1
+flugrueckerstattung.de, 1
+flugsimulatorfrankfurt.com, 1
+fluidattacks.co, 1
+fluidattacks.com, 1
+fluidbb.co.uk, 1
+fluidpicturesinc.com, 1
+fluids.ac.uk, 1
+fluidsignal.com, 1
+fluig.com, 1
+fluitbeurt.nl, 1
+flukestar.tk, 1
+flumble.nl, 1
+flunschi.goip.de, 1
+fluoxetin.ga, 1
+fluoxetin.gq, 1
+fluoxetin.tk, 1
+fluoxetine.ml, 1
+fluoxetine.net, 1
+fluoxetine2.ru, 1
+flushlife.com, 1
+flusszs.tk, 1
+fluteandpianoteaching.co.uk, 1
+flutterappdev.com, 1
+flutterfactory.io, 1
+flux.today, 1
+fluxforge.com, 1
+fluxi.fi, 1
+fluxnet.tk, 1
+fluxo.space, 1
+fluxoid.com, 1
+flvs.net, 0
+flvyingeagle.ga, 1
+flws.cl, 1
+fly, 1
+fly-fjends.dk, 1
+fly.moe, 1
+flyantvirtual.tk, 1
+flyavantar.com, 1
+flyawayart.tk, 1
+flyawaybirds.ga, 1
+flybar.tk, 1
+flybis.net, 1
+flyboarder.tk, 1
+flyboyfpv.com, 1
+flydoc.org, 1
+flyer-homes.com, 1
+flyer.tools, 1
+flyerdatabase.tk, 1
+flyfifer.co.uk, 1
+flyforpoints.com, 1
+flyforsinkelse.dk, 1
+flyforsinkelser.no, 1
+flygexpo.tk, 1
+flygforsening.se, 1
+flygon.pink, 1
+flygplanering.se, 1
+flyhealthy.gov, 1
+flying-angels.tk, 1
+flying-dudes.de, 1
+flying-press.com, 1
+flyingangels.cf, 1
+flyingbasicsest.ga, 1
+flyingcolours.tk, 1
+flyingdoggy.net, 1
+flyingdreamers.com, 1
+flyingdutchman.tk, 1
+flyinghigh.co.jp, 1
+flyinghigh.tk, 1
+flyinglions.tk, 1
+flyingmonkeys.tk, 1
+flyingpackets.net, 1
+flyingpotatoes.tk, 1
+flyingspaghettimonsterdonationsfund.nl, 1
+flyingtutorsers.ga, 1
+flylcpa.gov, 1
+flylvia.com, 1
+flymns.fr, 1
+flymsy.com, 1
+flyn43.com, 1
+flynn.io, 1
+flynnhub.com, 1
+flynowpaylater.com, 1
+flyp.me, 1
+flypenge.dk, 1
+flyplay.com, 1
+flypuntoazul.gq, 1
+flyserver.co.il, 1
+flyspace.ga, 1
+flyspace.ml, 1
+flyssh.net, 1
+flyswoop.com, 1
+flyt.online, 1
+flytedek.com, 1
+flythecopter.tk, 1
+flytoadventures.com, 1
+flytrap.in, 1
+flyupture.com, 1
+flywind.ml, 1
+flyxll.com, 1
+flyzold.com, 1
+flyzone.tk, 1
+flyzoomattzir.com, 1
+fm-digitize.de, 1
+fm-online.tk, 1
+fm-panel.tk, 1
+fm.ie, 1
+fmamfg.org, 1
+fmanet.org, 1
+fmarchal.fr, 1
+fmbfirefl.gov, 1
+fmbilder.se, 1
+fmbonline.com, 1
+fmc.gov, 1
+fmc.hk, 1
+fmcs.gov, 1
+fmcsa.fr, 1
+fmfp.eu, 1
+fmi.gov, 1
+fminsight.net, 1
+fmjansen.com, 1
+fmjd64.com, 1
+fmjd64.org, 1
+fmlife.tk, 1
+fmm-creative.com, 1
+fmn.nl, 1
+fmo.ca, 0
+fmorales.com, 0
+fmorales.com.ni, 0
+fmpilot2.com, 1
+fmportal.biz, 1
+fmpuertomadero.cf, 1
+fmsforestry.com, 1
+fmslovakia.com, 1
+fmstr.ml, 0
+fmt-live.de, 1
+fmussatmd.com, 1
+fnacdarty.com, 1
+fnbava.com, 1
+fnbnokomis.com, 1
+fnbofks.com, 1
+fnbot.shop, 1
+fnckfashion.com, 1
+fndho.ca, 1
+fndout.com, 1
+fneon.eu, 1
+fnerk.org, 1
+fnet.gr, 1
+fnet.org, 1
+fnews.tk, 1
+fnfmods.net, 1
+fnka.de, 1
+fnkr.net, 1
+fnlcontent.nl, 1
+fno.cz, 1
+fnof.ch, 1
+fnordserver.eu, 1
+fnpro.eu, 1
+fnpvenues.com, 1
+fnrs.nl, 1
+fnscatania.tk, 1
+fnwiki.com, 1
+fnz.com, 1
+foair.me, 0
+foairbus.fr, 0
+foairbussas.fr, 0
+foamfortress.tk, 1
+foard.biz, 1
+foard.us, 1
+fob-china-moscow.ru, 1
+fob-china.ru, 1
+fob-india.ru, 1
+fob-iran.ru, 1
+focalforest.com, 1
+focalpoint.tk, 1
+focanamoda.com.br, 1
+focanocliente.com.br, 1
+focored.com, 1
+focus2career.com, 0
+focus2move.com, 1
+focusbet-api.com, 1
+focusbet.cc, 1
+focusbet.io, 1
+focuscomic.com, 1
+focusdemolition.com.au, 1
+focusgroup.tk, 1
+focushm.com, 1
+focusministries1.org, 1
+focusnews.in, 1
+focusoptimization.com, 1
+focusproductions.tk, 1
+focustec.tk, 1
+focusti.com.br, 1
+focustuningclub.tk, 1
+fodder.ga, 1
+foehl.de, 1
+foej-aktiv.de, 1
+foej.net, 1
+foepwned.com, 1
+foerderverein-horrheim.de, 1
+fof-clan.tk, 1
+foggi.cf, 1
+foggi.ml, 1
+foggiatoday.it, 1
+fognini-depablo.eu, 1
+fogu.com, 1
+foguest.com.br, 1
+fogway.net, 1
+foi.se, 1
+foiaonline.gov, 1
+foilhat.tk, 1
+foixet.com, 1
+fojing.com, 1
+fojt.cz, 1
+fojtova.cz, 1
+fojtovi.cz, 1
+fok.nl, 1
+fokan.be, 1
+fokan.ch, 1
+fokep.no, 1
+fokos.de, 0
+fokus.ag, 1
+fol.tf, 1
+folar.ga, 1
+folclore.tk, 1
+foldcle.com, 1
+foldertips.com, 1
+foldnfly.com, 1
+folf.codes, 1
+foliencenter24.com, 1
+folife.nl, 1
+folio.no, 1
+foljeton.dk, 0
+folk.as, 1
+folk.tk, 1
+folkdance.tk, 1
+folkfests.org, 1
+folkmusicworld.com, 1
+folkofolk.se, 1
+folkperu.tk, 1
+folkrace.tk, 1
+folktalerecords.tk, 1
+folktellers.tk, 1
+folkweb.net, 1
+follandviolins.com, 1
+follow-the-leader.tk, 1
+follower98.ir, 1
+followgrown.com, 1
+followlearning.com, 1
+followme.com, 1
+followmystaff.com, 1
+followpharma.com, 1
+followthatpage.com, 1
+followthecult.de, 1
+followtheevidence.me, 1
+followthepin.com, 1
+follygardens.com, 1
+folszyb.pl, 1
+foluomeng.net, 1
+folwark.krakow.pl, 1
+folwia.pl, 1
+foma.ru, 1
+foma.tk, 1
+fomo.af, 1
+fomo.exposed, 1
+fomo.trading, 1
+fomobremen.info, 1
+fomopop.com, 1
+foncorbeta.com, 1
+fondation-afnic.fr, 1
+fondation-vinci.com, 1
+fondationdesterritoires.org, 1
+fondationgus.com, 1
+fondationo2.ch, 1
+fondationwiggli.ch, 1
+fondbaikal.ml, 1
+fonds-dieter.be, 1
+fondy.ua, 1
+fondzee.cz, 1
+foneapk.com, 1
+fonga.ch, 1
+fonix.tk, 1
+fonline.tk, 1
+fono.jp, 0
+fonrouge.tk, 1
+fonseguin.ca, 1
+fontainebleau.tk, 1
+fontanaca.gov, 1
+fontawesome.com, 1
+fonte-trading.com, 1
+fontein.de, 1
+fontela.es, 1
+fontnegar.ir, 1
+fontocean.com, 1
+fontplus.jp, 1
+fonts4free.net, 1
+fontsinuse.com, 1
+fontstand.com, 1
+fonzone.it, 0
+foo, 1
+foo.fo, 1
+foo.hamburg, 1
+food-animall.ro, 1
+food4healthybones.com, 1
+food4me.in, 1
+foodadaptive.ga, 1
+foodafter.ga, 1
+foodagenda.ga, 1
+foodanchor.ga, 1
+foodandseeds.com, 1
+foodarrow.ga, 1
+foodatlantic.ga, 1
+foodattitude.ch, 0
+foodauthority.ga, 1
+foodavatar.ga, 1
+foodbad.ga, 1
+foodbeast.ga, 1
+foodblod.ga, 1
+foodbody.ga, 1
+foodbounce.ga, 1
+foodboy.com, 1
+foodbrowse.ga, 1
+foodbrowser.ga, 1
+foodbuddies.ga, 1
+foodbuller.ga, 1
+foodcamel.ga, 1
+foodcaster.ga, 1
+foodcheaper.ga, 1
+foodcheapest.ga, 1
+foodclearance.ga, 1
+foodclient.ga, 1
+foodcollections.ga, 1
+foodcollector.ga, 1
+foodcorporation.ga, 1
+foodcourier.ga, 1
+foodcowgirls.com, 1
+foodcrafter.ga, 1
+foodcreativity.ga, 1
+foodcrystal.ga, 1
+foodculinaryusa.tk, 1
+foodcupcake.ga, 1
+foodcurious.ga, 1
+fooddeliverypartners.cz, 1
+fooddeliverypartners.online, 1
+fooddivine.ga, 1
+fooddodge.ga, 1
+fooddollar.ga, 1
+fooddollars.ga, 1
+fooddowntown.ga, 1
+foodeastbay.ga, 1
+foodecono.ga, 1
+foodepic.ga, 1
+foodescrow.ga, 1
+foodev.de, 1
+foodexcel.ga, 1
+foodfalcon.ga, 1
+foodfeature.ga, 1
+foodfirefriends.com, 1
+foodflower.ga, 1
+foodfriek.nl, 1
+foodgecko.ga, 1
+foodglamour.ga, 1
+foodglory.ga, 1
+foodgoddess.ga, 1
+foodgratis.ga, 1
+foodgroove.ga, 1
+foodgrow.ga, 1
+foodguerilla.ga, 1
+foodguerrilla.ga, 1
+foodhandy.ga, 1
+foodhotrod.ga, 1
+foodhusky.ga, 1
+foodieso.com, 1
+foodintergrity.ga, 1
+foodiron.ga, 1
+foodiron.tk, 1
+foodjoker.ga, 1
+foodkayak.ga, 1
+foodlast.ga, 1
+foodless.ga, 1
+foodlicious.ml, 1
+foodlightning.ga, 1
+foodlimited.ga, 1
+foodlist.net, 1
+foodloader.net, 1
+foodlobers.com, 1
+foodloco.ga, 1
+foodlover.restaurant, 1
+foodlucky.ga, 1
+foodmatche.ga, 1
+foodmeasure.ga, 1
+foodmillions.ga, 1
+foodminer.ga, 1
+foodnachos.com, 1
+foodnations.ga, 1
+foodnature.ga, 1
+foodnature.tk, 1
+foodnight.ga, 1
+foodo.cz, 1
+foodoffline.ga, 1
+foodomega.ga, 1
+foodonbook.com, 1
+foodoneday.ga, 1
+foodopplis.ga, 1
+foodoriginal.ga, 1
+foodother.ga, 1
+foodouter.ga, 1
+foodovernight.ga, 1
+foodpart.ga, 1
+foodpearl.ga, 1
+foodpermanent.ga, 1
+foodplatinum.ga, 1
+foodplum.ga, 1
+foodpresident.ga, 1
+foodprestige.ga, 1
+foodpronto.ga, 1
+foodquantum.ga, 1
+foodrainforest.ga, 1
+foodrapid.ga, 1
+foodrates.ga, 1
+foodremarkable.ga, 1
+foodrex.ga, 1
+foodrhino.ga, 1
+foodrings.ga, 1
+foodrips.com, 1
+foods.pe, 1
+foodsafety.gov, 1
+foodsafetyjobs.gov, 1
+foodsafetyworkinggroup.gov, 1
+foodsavers.gent, 1
+foodsaversgent.be, 1
+foodsedona.ga, 1
+foodseurope.com, 1
+foodshuffle.ga, 1
+foodsignature.ga, 1
+foodsilk.ga, 1
+foodsleuth.ga, 1
+foodsoldier.ga, 1
+foodsonic.ga, 1
+foodsoul.pro, 1
+foodsparkle.ga, 1
+foodsplash.ga, 1
+foodspring.co.uk, 1
+foodspring.de, 1
+foodspring.es, 1
+foodspring.fr, 1
+foodspring.it, 1
+foodsreborn.com, 1
+foodsunflower.ga, 1
+foodsuperhero.ga, 1
+foodsupplyiq.com, 1
+foodsurprise.ga, 1
+foodsurreal.ga, 1
+foodsustain.ga, 1
+foodtable.at, 1
+foodtimeline.org, 1
+foodtrekker.tk, 1
+foodtruck.ai, 1
+foodtruckconnections.com, 1
+foodtrucksnorthwest.com, 1
+foodtummy.com, 1
+foodurban.ga, 1
+foodusa.cf, 1
+foodusa.ga, 1
+foodusa.gq, 1
+foodverde.ga, 1
+foodwaterfront.ga, 1
+foodwidget.ga, 1
+foodwish.ga, 1
+foodyankee.ga, 1
+foodzpace.com, 1
+foogle.cf, 1
+fooishbar.org, 0
+fool.im, 1
+fooladi.tk, 1
+foolip.org, 1
+foolproofcomics.tk, 1
+foonly.fi, 1
+foorack.com, 1
+fooster.io, 1
+foot-direct.com, 1
+foot.fr, 1
+foot2rue.tk, 1
+foot4live.com, 1
+footasse.com, 1
+football-news.gq, 1
+football-world.tk, 1
+footballcelebrationsers.ga, 1
+footballexpress.co.uk, 1
+footballforum.de, 1
+footballfoundation.org.uk, 1
+footballmessi.tk, 1
+footballnews.net, 1
+footballrussia.cf, 1
+footballscores.ga, 1
+footballsrit.tk, 1
+footballtips.tk, 1
+footbolka.tk, 1
+footbolki.ml, 1
+footchronique.tk, 1
+footdoctorpodiatristnyc.com, 1
+footloose.co.uk, 1
+footmercato.net, 1
+footparisien.com, 1
+footstepsinthegambia.com, 1
+foottube.com, 1
+footvillewi.gov, 1
+footwear-catalogue.tk, 1
+footytalk.tk, 1
+for-testing.tk, 1
+for.care, 1
+forabrokenrobot.tk, 1
+forallgifts.com, 1
+forat.tk, 1
+foray-jero.me, 1
+foraz.tk, 1
+forberedt.no, 1
+forbes.com, 1
+forbeser.com, 1
+forbiddenhistory.info, 1
+forbiddenshelf.com, 1
+forbole.com, 1
+forcamp.ga, 1
+force-shadow.tk, 1
+force-unleashed.com, 1
+force-unleashed.de, 1
+force-user-content.com, 1
+force.com, 1
+force4racing.co.uk, 1
+force4racing.com, 1
+forcebasements.com, 1
+forcecompanies.com, 1
+forcelink.eu, 1
+forcelink.nl, 1
+forcelinkamerica.com, 1
+forcelinkamerica.nl, 1
+forcemasonry.net, 1
+forcemasonryinc.com, 1
+forcemat.fr, 1
+forcenet.gov.au, 1
+forces.army, 1
+forceusercontent.com, 1
+forcewaterproofing.com, 1
+forcewave.com, 1
+forchildren.tk, 1
+ford-mustang.tk, 1
+ford-shop.by, 1
+fordeetv.com, 1
+fordlibrarymuseum.gov, 1
+fordpartsgiant.com, 1
+fordpartsprime.com, 1
+fordsbranch.church, 1
+fordservicetraining.com, 1
+fordshop.by, 0
+fordtrac.com.br, 1
+foreammatti.fi, 1
+forecastapp.net, 1
+forecastcity.com, 1
+foreclosurecitiesers.ga, 1
+foredata.fi, 1
+forefront.dental, 1
+forefrontcloud.com, 1
+foreign-language-colleges.com, 1
+foreignaffairsmotorsports.com, 1
+foreignassistance.gov, 1
+foreignpharmacydirectory.com, 1
+foremail.tk, 1
+foreningssparbanken.se, 1
+forenschmiede.tk, 1
+forensic-system.com, 0
+forensicpsychologyedu.org, 1
+forensicpsychologyonline.com, 1
+forensicsciencecentral.tk, 1
+forensicsinfo.ga, 1
+forensicsinfoest.ga, 1
+forensischepsychiatrie.tk, 1
+forers.com, 1
+foresdon.jp, 1
+foresightbusinessservices.co.uk, 1
+foresite.com, 1
+forest-cl.com, 1
+forest-remote-control.com, 1
+forest-soft.xyz, 1
+forestairllc.com, 1
+forestcermegresik.com, 1
+forestcountypa.gov, 1
+forestdeclaration.org, 1
+forestersfriendlysociety.co.uk, 1
+foresthaven.tk, 1
+forestparkga.gov, 1
+forestraven.net, 1
+forestsprings.com.au, 1
+forestsystems.com, 1
+foresttownrcwi.gov, 1
+forestvets.com, 1
+forever.gq, 1
+foreverbreak.com, 1
+foreverpontiac.com, 1
+foreverreem.com, 1
+foreverssl.com, 1
+forevertoday.nl, 1
+foreverydream.com, 1
+forewordreviews.com, 1
+forex-arabia.tk, 1
+forex-trading-tutorial.tk, 1
+forex-up.cf, 1
+forex.ee, 1
+forexbrokerinspect.com, 1
+forexchef.de, 1
+forexcity.cf, 1
+forexcomreview.co, 1
+forexee.com, 1
+forexexchange.tk, 1
+forexinthai.com, 0
+forexlive.com, 1
+forexmarketsm.tk, 1
+forexnew.org, 1
+forexpattern.tk, 1
+forexplay.com, 1
+forextickler.com, 1
+forexwine.com, 1
+forexworld.cf, 1
+forfeit.ga, 1
+forfeiture.gov, 1
+forfortcollins.com, 1
+forfunssake.co.uk, 1
+forge.my.id, 1
+forgejo.cloud, 1
+forgemedia.io, 1
+forgetfulmomma.com, 1
+forgetme.ga, 1
+forgetme.gq, 1
+forgetme.tk, 1
+forgetmenot.care, 1
+forgetwp.com, 1
+forgottenho.me, 1
+forgottenrealms.tk, 1
+forgottenworld.it, 1
+forhealth.org, 1
+forhims.co.uk, 1
+forhosting.nl, 1
+forix.agency, 1
+forixcommerce.com, 1
+forixecommerce.com, 1
+forixseo.com, 1
+fork-portal.ml, 1
+forkfeeds.com, 1
+forkknifeswoon.com, 1
+forklift.name.tr, 1
+forklifttire.com, 1
+forksales.com, 1
+forkurd.ml, 1
+forlitoday.it, 1
+form100.de, 1
+formador.tk, 1
+formafantasma.com, 1
+formalgrammar.tk, 1
+formalistgallery.com, 1
+formality.de, 1
+formality.one, 0
+forman.store, 1
+formand.ru, 1
+formapi.io, 1
+formassembly.com, 1
+format-paysage.ch, 0
+format.ua, 1
+formation-assureur.com, 1
+formation-astro.com, 1
+formation-colmar.tk, 1
+formation-commissaire-justice.fr, 1
+formation-cqp-ssiap-paris.fr, 1
+formation-hauteur.com, 1
+formation-iade.tk, 1
+formation-intergeneration.com, 1
+formation-russe-paris.com, 1
+formation.ai, 1
+formation.tech, 1
+formationaumagnetisme.fr, 1
+formatmydoc.co.nz, 1
+formforger.com, 1
+formhub.ru, 1
+formi9.com, 1
+formidium.com, 1
+formingequipment.tk, 1
+formini.dz, 1
+formio.nl, 1
+formodernkids.com, 1
+formommiesbymommy.com, 1
+formopinionest.ga, 1
+formotherrussia.tk, 1
+forms.gov, 1
+formsbyair.com, 1
+formsite.com, 1
+formsmarts.com, 1
+formsmarts.net, 1
+formue.com, 1
+formula-busines.ru, 1
+formula-ot.ru, 1
+formula.cf, 1
+formulacionquimica.com, 1
+formulastudent.de, 1
+formulaveevictoria.com.au, 1
+formup.com.pl, 1
+formworkcontractorssydney.com, 1
+fornarisandres.com, 1
+fornata.it, 1
+fornaxmall.com, 1
+fornoreason.net.au, 1
+foro-coopfuture.tk, 1
+foro.io, 0
+foroaranda.com, 1
+forocachacero.tk, 1
+forocbmollet.tk, 1
+forocio.tk, 1
+forocoches.com, 1
+forocristiano.tk, 1
+forodebanfield.tk, 1
+forodieta.com, 0
+foroenguera.tk, 1
+forojovensanfernando.tk, 1
+forologikidilosi.com.gr, 1
+foromasters.tk, 1
+foropl.com, 0
+forosdelmisterio.tk, 1
+forourselves.com, 1
+forowarhammer.tk, 1
+forrestheller.com, 1
+forrestwalkbarbershop.com.au, 1
+forrettabarinn.is, 1
+forro.berlin, 1
+forro.info, 1
+forsaken.tk, 1
+forsakenplanet.tk, 1
+forsakenstoners.tk, 1
+forsakringsarkivet.se, 1
+forsaleacameras.tk, 1
+forsaleelectronics.tk, 1
+forsaleinedmonton.ca, 1
+forsat.ga, 1
+forsbenin.org, 1
+forschbach-janssen.de, 1
+forsi.xyz, 0
+forskolin.gq, 1
+forstbetrieb-hennecke.de, 1
+forstprodukte.de, 1
+forsure.tk, 1
+forsvarsmakten.se, 1
+forsyth.cc, 1
+forsythco.com, 1
+forsythcountync.gov, 1
+forsythmo.gov, 1
+forsyththeatre.com, 1
+fort.eu, 1
+fortabletoys.com, 1
+fortatkinsonia.gov, 1
+fortatkinsonwi.gov, 1
+fortawesome.org, 1
+fortbendisd.gov, 1
+fortcommunity.com, 1
+fortdeposital.gov, 1
+fortdodgeradio.com, 1
+fortebet.rw, 1
+fortebet.ug, 1
+fortepiano.tk, 1
+fortesanshop.it, 1
+forthenrycustomknives.com, 1
+forthvalleykeswick.co.uk, 1
+fortifydiy.com, 1
+fortigate.es, 1
+fortipartner.co.uk, 1
+fortipartner.com, 1
+fortipartner.dk, 1
+fortipartner.net, 1
+fortipartner.nl, 1
+fortipartner.pl, 1
+fortipartner.se, 1
+fortipartner.uk, 1
+fortisadhesives.com.au, 1
+fortknoxster.com, 1
+fortlauderdaleaircharter.com, 1
+fortmatic.com, 1
+fortnet.online, 1
+fortnightlyofeugene.org, 1
+fortnitedb.com, 1
+fortnitemagic.ga, 1
+fortoglethorpega.gov, 1
+fortress.no, 1
+fortress.sk, 1
+fortresslinux.com, 1
+fortresslinux.nl, 1
+fortresslinux.org, 1
+fortricks.in, 1
+fortuna-apotheke-lahnstein.de, 1
+fortuna-loessnitz.de, 1
+fortuna-s.com, 1
+fortunabuilders.tk, 1
+fortunacigarettes.tk, 1
+fortunahamburg.tk, 1
+fortune-healing.com, 1
+fortunebazar.tk, 1
+fortuneinvestments.ga, 1
+fortunenames.ga, 1
+fortunenamesers.ga, 1
+fortunenamesest.ga, 1
+fortunetireusa.com, 1
+fortwinn.gov, 1
+forty-two.ml, 1
+forty.sh, 1
+forty8creates.com, 1
+fortygordy.com, 1
+fortytwo.cloud, 1
+fortytwo.tk, 1
+forum-4.de, 1
+forum-batteries.com, 1
+forum-egypte.tk, 1
+forum-expert.tk, 1
+forum-finansowo.pl, 1
+forum-gilee.cf, 1
+forum-goszakaz.ru, 1
+forum-kinozal-tv.appspot.com, 1
+forum-mercury.tk, 1
+forum-noginska.tk, 1
+forum-reklamowe.cf, 1
+forum-tutorapide.ml, 1
+forum-tw.tk, 1
+forum-washington.tk, 1
+forum24.ml, 1
+forumblanes.tk, 1
+forumblockchain.com.br, 1
+forumcarriocity.tk, 1
+forumchiase.com, 1
+forumcondominio.it, 1
+forumconstruire.com, 1
+forumdabeleza.com.br, 1
+forumderelacionamento.com.br, 1
+forumderschan.de, 1
+forumdimo.fr, 1
+forumfeeers.ga, 1
+forumfi.com, 1
+forumhsbm.tk, 1
+forumhub.org, 1
+forumirc.net, 1
+forumistudentore.tk, 1
+forumix.tk, 1
+forummobile.com.br, 1
+forumoff.com, 1
+forumofld.in, 1
+forumotion.cf, 1
+forumotomobil.com, 0
+forumpakistan.tk, 1
+forumpenaguru.com, 1
+forumrowerowe.org, 1
+forums4everyone.tk, 1
+forumsampdoria.tk, 1
+forumsaudedigital.com.br, 1
+forumsearch.tk, 1
+forumsig.net, 1
+forumsrussia.ga, 1
+forumstandaardisatie.nl, 1
+forumtruthest.ga, 1
+forumtv.pro, 1
+forumvardbyggnad.se, 1
+forve.cf, 1
+forvisualdesign.com, 0
+forward-fly-fishing.ch, 0
+forward-proxy.email, 1
+forward.lc, 1
+forwardemail.net, 1
+forwardfever.tk, 1
+forwardfinancingest.ga, 1
+forwardkredit.de, 1
+forwardtogether.org, 1
+foryoumer.com, 1
+foryourhealthybody.com, 1
+forza-milan.tk, 1
+forzasette.tk, 1
+fos-apps.org, 1
+fos-games.org, 1
+fosaudit.com, 1
+foscamcanada.com, 1
+fosdem.org, 1
+foselectro.ru, 1
+fosgreece.com, 1
+foshanshequ.com, 0
+fossagarrafoni.tk, 1
+fossbots.org, 1
+fossboxen.com, 1
+fossboxen.net, 1
+fossboxen.org, 1
+fossewayflowers.co.uk, 1
+fossewayflowers.com, 1
+fossildlp.com, 1
+foster.ga, 1
+fosteringconsultant.com, 1
+fosters.ky, 1
+fosterwiki.com, 1
+fotbal-dubina.tk, 1
+fotbalclubcaracal.tk, 1
+foter.tk, 1
+fotikpro.ru, 1
+foto-bilder.ch, 1
+foto-forum.tk, 1
+foto-gallery.tk, 1
+foto-huwi.ch, 1
+foto-janvanaefst.nl, 1
+foto-leitner.com, 1
+foto-leitner.de, 1
+foto-na-doc.ru, 1
+foto-robitsch.at, 1
+foto-roma.ru, 1
+foto-verslui.lt, 1
+foto-znakomstva.ml, 1
+foto.by, 1
+foto.com, 1
+fotoallerlei.com, 1
+fotoatis.biz, 1
+fotoballon.com, 1
+fotoblog.nrw, 1
+fotobodyart.nl, 1
+fotobrinke.de, 1
+fotochip.tk, 1
+fotocoach.pl, 1
+fotocopiatrici.roma.it, 1
+fotofaerie.net, 1
+fotofast.tk, 1
+fotoflits.net, 1
+fotofofftein.de, 0
+fotofon.tk, 1
+fotofreunde-telegram.eu, 1
+fotograf-mario.de, 1
+fotograf-website.de, 1
+fotografechristha.nl, 1
+fotografessa.pl, 1
+fotografiadellalucerossa.com, 1
+fotografiamakro.pl, 1
+fotografiarte.com.es, 1
+fotografies.tk, 1
+fotografija.tk, 1
+fotografoivanalmeida.com.br, 1
+fotografy-help.de, 1
+fotohiking.com, 1
+fotohome.dk, 1
+fotokorner.com, 1
+fotokurskalmar.se, 1
+fotolectura.tk, 1
+fotoleitner.com, 1
+fotoleitner.de, 1
+fotomodel.cf, 1
+fotomodels.tk, 1
+fotomonza.com, 1
+fotontechnik.pl, 1
+fotonza.ru, 1
+fotoobraznaplatne.sk, 1
+fotopalacedigitalstudio.tk, 1
+fotopro.tk, 1
+fotorecull.tk, 1
+fotostravestisbr.com, 1
+fotostrobo.ch, 1
+fotostudio-leitner.com, 1
+fotostudio-leitner.de, 1
+fotostudio-schweiz.ch, 1
+fotostudiobasic.tk, 1
+fotosubmarina.tk, 1
+fotoszkolenia.pl, 1
+fototjansterkalmar.se, 1
+fototutorial.tk, 1
+fotovsibiri.ml, 1
+fotowand.ml, 1
+fotowettbewerb.co, 0
+fotowolfy.com, 1
+fotozakazka.cz, 1
+fotozone.tk, 1
+fotp.com, 1
+fotrino.com, 1
+foucheplumbers.com, 1
+foudufafa.de, 0
+fougereettralala.fr, 1
+fougner.co, 1
+foulabook.com, 1
+found.com, 1
+found.website, 1
+foundationassure.com, 1
+foundationdevices.com, 1
+foundationmaintenance.com, 1
+foundationprogramme.nhs.uk, 1
+foundationrepairannarbor.com, 0
+foundationrepairasheville.com, 1
+foundationrepairbasementwaterproofingtn.com, 1
+foundationrepairchicagoil.com, 1
+foundationrepairnebraska.com, 1
+foundationspecialisteast.com, 1
+foundationspecialistmi.com, 1
+foundationsupplementstampa.com, 1
+foundchurch.co.uk, 1
+founded.ml, 1
+founderinvestors.tk, 1
+founderio.net, 1
+foundland.com, 1
+foundrehotels.com, 1
+foundries.io, 1
+foundsounds.me, 1
+fountainco.gov, 1
+fountainvalley.gov, 1
+fountainvalleyseniorcare.us, 1
+fourashesgolfcentre.uk, 1
+fourbrothers.tk, 1
+fourcask.com, 1
+fourchetteverte.ch, 1
+fourcornerscb.com, 1
+fourdesignstudio.com, 1
+fourfivecbd.co.za, 1
+fourfri.es, 1
+fouriemc.com, 1
+fourmidabel.tk, 1
+fourmies.fr, 1
+fournarisopenday.com, 1
+fournisseur-des-collectivites.com, 1
+fourpeaks.com, 1
+fourscore.ga, 1
+foursight.io, 0
+fourstrategy.de, 1
+fourwaysplumber24-7.co.za, 1
+fousekis.tk, 1
+fousetmoney.tk, 1
+foutras.com, 1
+foutrelis.com, 1
+fovndry.com, 1
+fowesolutions.net, 1
+foweyretreat.co.uk, 1
+fowlmanor.tk, 1
+fowlsmurf.net, 1
+fowos.de, 1
+fox-zulu.de, 1
+fox.my, 0
+fox13now.com, 1
+fox17online.com, 1
+fox47news.com, 1
+fox4now.com, 1
+foxandfish.be, 1
+foxart.com.tr, 1
+foxbenjaminfox.com, 1
+foxbnc.uk, 1
+foxcav.es, 1
+foxcloud.tk, 1
+foxcon.tk, 1
+foxdemos.ml, 1
+foxdev.co, 1
+foxdirectory.tk, 1
+foxes.no, 1
+foxeworks.net, 1
+foxghoul.com, 1
+foxgirl.land, 1
+foxholehq.net, 1
+foxing.club, 1
+foxite.me, 1
+foxlawfresno.com, 1
+foxly.de, 1
+foxmailer.ml, 1
+foxmay.co.uk, 1
+foxo.blue, 0
+foxontheinter.net, 1
+foxpad.tk, 1
+foxpia.no, 1
+foxpointwi.gov, 1
+foxquill.com, 0
+foxscribbler.com, 1
+foxstreetcomms.co.za, 0
+foxstyle.gq, 1
+foxtransportables.com.au, 1
+foxtrials.com, 1
+foxtrotcharlie.ovh, 1
+foxtrotfm.tk, 1
+foxtwomodels.com, 1
+foxus.lt, 1
+foxxylove.net, 1
+foxycredit.com, 1
+foxygf.com, 1
+foxyslut.com, 1
+foxytubes.com, 1
+foyale.io, 1
+foylelegal.com, 1
+fozzie.co.uk, 1
+fozzie.space, 1
+fpalzira.es, 1
+fpasca.com, 1
+fpc.gov, 1
+fpcdn.io, 1
+fpds.gov, 1
+fpersona.com, 1
+fpf.org, 1
+fpgamania.com, 1
+fpjscdn.net, 1
+fpki.sh, 1
+fpline.jp, 1
+fpnet.tk, 1
+fpnpmcdn.net, 1
+fprinnovaciones.es, 1
+fprl39.ru, 1
+fprojects.lv, 1
+fps.ac.cn, 1
+fps168.com, 1
+fps73.ru, 1
+fpsclasico.de, 1
+fpsclasico.eu, 1
+fpsclassico.com, 1
+fpsjp.org, 1
+fpstest.org, 1
+fpsturk.net, 1
+fpsv.de, 1
+fpt.icu, 1
+fptbb.com, 0
+fpu.sk, 1
+fpy.cz, 1
+fqcstandard.com.tr, 1
+fr-fotopage.tk, 1
+fr.search.yahoo.com, 0
+fr33tux.org, 1
+fr3qradio.tk, 1
+fra.bg, 1
+fraai.agency, 1
+fracasados.tk, 1
+frack.nl, 0
+fracreazioni.it, 1
+fractieplanner.nl, 1
+fractionalciso.com, 1
+fracturedfx.com, 1
+fracturedperspective.com, 1
+fraeuleinmeerbackt.de, 1
+fragara.com, 1
+fragbite.se, 1
+fragclub.tk, 1
+fragdenstaat.de, 1
+frageboegen-martini-klinik.de, 1
+fragilesolar.cf, 1
+fragmanhotel.com, 1
+fragment.com, 1
+fragmentation.ml, 1
+fragments.ga, 1
+fragmentspuren.de, 1
+fragmentus.tk, 1
+fragnation.tk, 1
+fragnet.net, 1
+fragolabs.com, 1
+fragstore.net, 1
+fragzona.tk, 1
+fraho.eu, 1
+frahub.com, 1
+frail.gq, 1
+fralef.me, 0
+fralippolippi.tk, 1
+frama.link, 1
+frama.site, 1
+frama.wiki, 1
+framabag.org, 1
+framabee.org, 1
+framabin.org, 1
+framablog.org, 1
+framaboard.org, 1
+framabook.org, 1
+framabookin.org, 1
+framacalc.org, 1
+framacarte.org, 1
+framaclic.org, 1
+framacolibri.org, 1
+framadate.org, 1
+framadrive.org, 1
+framadrop.org, 1
+framadvd.org, 1
+framadventure.no, 1
+framaestro.org, 1
+framaform.org, 1
+framaforms.org, 1
+framagames.org, 1
+framagenda.org, 1
+framagit.org, 1
+framago.de, 1
+framakey.org, 1
+framalab.org, 1
+framalang.org, 1
+framalibre.org, 0
+framalistes.org, 1
+framandroid.org, 1
+framanews.org, 1
+framanote.org, 1
+framanotes.org, 1
+framapack.org, 1
+framapad.org, 1
+framapiaf.org, 1
+framapic.org, 1
+framasite.org, 1
+framasites.org, 1
+framaslides.org, 1
+framasoft.net, 1
+framasoft.org, 1
+framasphere.org, 1
+framastart.org, 1
+framastats.org, 1
+framastory.org, 1
+framatalk.org, 1
+framateam.org, 1
+framatube.org, 1
+framavectoriel.org, 1
+framavox.org, 1
+framawiki.org, 1
+framazic.org, 1
+framboise314.fr, 1
+framedog.tk, 1
+framedpaws.com, 1
+framemo.org, 1
+framer.com, 1
+framer.live, 1
+framer.website, 1
+framerjs.com, 1
+frames-eyelash.com, 1
+frames-hair-design.com, 1
+framesi.cz, 1
+framindmap.org, 1
+framinetest.org, 1
+framinghampd.gov, 1
+frammenti.tk, 1
+fran.cr, 1
+francabellarsi.tk, 1
+francaispornofilm.com, 1
+france-cartouches.fr, 1
+france-cyber-maritime.eu, 1
+france-hotellerie-restauration.com, 1
+france-news.cf, 1
+france-orchidees.org, 1
+france-serres.com, 1
+france-volontaires.org, 1
+franceactivetravel.cf, 1
+franceactivetravel.ml, 1
+francebattery.com, 1
+francelight.fr, 1
+francenum.gouv.fr, 1
+francepandi.fr, 0
+francerent.com, 1
+frances8.com, 1
+francesca-and-lucas.com, 1
+francescocozza.it, 1
+francescopalazzo.com, 1
+francescopandolfibalbi.it, 1
+francescorandazzo.tk, 1
+francescorenna.tk, 1
+francescosbistro.com, 1
+francescosiciliano.tk, 1
+francesfluente.cf, 1
+franceskivillas.tk, 1
+francetraceur.fr, 1
+franchini.email, 1
+franchini.engineer, 1
+franchisebarrelhousepub.com, 1
+franchisechaodoi-cambodia.com, 1
+franchiseguide.ga, 1
+franchisehive.com, 1
+franchiseportal.de, 1
+franchisesports.co.uk, 1
+francinebelanger.network, 1
+francineverbiest.nl, 1
+francis.ph, 1
+franciscadelasllagasvirtual.com, 1
+franciscoeduardocruz.tk, 1
+franciscolapa.eu, 1
+francisgoethals.be, 1
+francishouserecovery.org, 1
+francisplaza.com, 1
+franckgirard.net, 1
+francocasimirri.tk, 1
+francodev.com, 1
+francodev.com.br, 1
+francoexpeditionperu.com, 1
+francofunghi.tk, 1
+francois-occasions.be, 1
+francoisbelangerboisclair.com, 1
+francoiscarrier.com, 1
+francoise-janssens.be, 1
+francoise-paviot.com, 1
+francoisharvey.ca, 1
+francoislaude.fr, 1
+francoislepage.com, 0
+franconia.space, 1
+francosuaga.es, 1
+francotecnologia.com, 1
+francotecnologia.com.br, 1
+francovital.com, 1
+francoz.me, 1
+francs-tireurs.tk, 1
+frand.tk, 1
+frandor.co.uk, 1
+frandroid.com, 1
+frandymvp.tk, 1
+franekerweer.tk, 1
+franfoto.com, 0
+frangipane.tk, 1
+frank-america.com, 1
+frank-gcc.com, 1
+frank-lastia.tk, 1
+frank-vincent.nl, 0
+frank-wendy.tk, 1
+frank.fyi, 1
+frankbellamy.co.uk, 1
+frankcare.shop, 1
+frankdufaux.com, 1
+franke-chemie.de, 1
+frankellawfirm.com, 1
+frankelod.com, 1
+frankenfresh.de, 1
+frankenlehrmittel.de, 1
+frankenweb.tk, 1
+frankeschenfelder.de, 1
+frankeurope.com, 1
+frankferrari.tk, 1
+frankfu.ltd, 0
+frankfurtergirl.net, 1
+frankhaala.com, 1
+frankhaarlem.tk, 1
+frankiebdj.com, 1
+frankieburkeactor.tk, 1
+frankierfachmann.de, 1
+frankierprofi.de, 1
+frankierstar.de, 1
+frankieylosmatadores.tk, 1
+frankland.tk, 1
+franklin-townshipohio.gov, 1
+franklincountyflorida.gov, 1
+franklincountyia.gov, 1
+franklincountyms.gov, 1
+franklincountync.gov, 1
+franklincountyne.gov, 1
+franklincountyny.gov, 1
+franklincountywa.gov, 1
+franklinct.gov, 1
+franklindelco-ny.gov, 1
+franklinhua.com, 1
+franklinmo.gov, 1
+franklintonnc.gov, 1
+franklintownshipcarbonpa.gov, 1
+franklintwpbeavercopa.gov, 1
+franklinvillagemi.gov, 1
+frankmungoattorney.com, 1
+franksgreatoutdoors.com, 1
+franksiler.com, 1
+frankslaughterinsurance.com, 0
+frankthetank.biz, 1
+frankvision.se, 1
+frankwei.xyz, 0
+frankyan.com, 1
+frankychen.net, 1
+frankydo.com, 1
+franmerino.tk, 1
+franqois.id, 1
+franqois.my.id, 1
+franquiadia.com.br, 1
+franquiadickeys.com.br, 1
+fransebulldog-cadeaushop.tk, 1
+franta.biz, 1
+franta.email, 1
+frantajaros.cz, 1
+frantic1048.com, 1
+frantorregrosa.me, 1
+franz-vatter.de, 1
+franz.beer, 1
+franzen.tk, 1
+franziska-pascal.de, 1
+franziskaherbert.de, 1
+franzknoll.de, 1
+franzoni.eu, 1
+franzt.ovh, 1
+franzters.tk, 1
+frappant.cc, 1
+frappant.net, 1
+frappe.cloud, 1
+frappe.io, 1
+frappecloud.com, 1
+frappeframework.com, 1
+frarossi.tk, 1
+fraselab.ru, 1
+fraserengineco.com, 1
+fraserleonardart.com, 1
+frasermurray.scot, 1
+fraservalleyhotdog.com, 1
+frasesconemocion.com, 1
+frasesdodia.com, 1
+frasesdodia.net, 0
+frasesparaface.com.br, 1
+frasestop.com, 1
+frasestop.com.br, 1
+frasesytarjetas.com, 1
+frasicelebri.it, 1
+frasys.group, 1
+frasys.shop, 1
+fratellisbt.it, 1
+fratelliscarrone.com, 1
+fratellistomboli.it, 1
+fraterbolivia.tk, 1
+fraternityfriendsest.ga, 1
+fraternitynetworkest.ga, 1
+fraternityphotosers.ga, 1
+fraternityphotosest.ga, 1
+fratia.com, 1
+fratiicazanoi.ro, 1
+fratreunioners.ga, 1
+fratreunionest.ga, 1
+frattaroli.org, 1
+frau-pusteblu.me, 1
+frau-sucht-bauer.de, 1
+frau.gq, 1
+fraudpoders.ga, 1
+fraudpodest.ga, 1
+fraudswatch.tk, 1
+fraudtoken.com, 1
+frauen-etappenrennen.de, 1
+frauenaerztin-wedel.de, 1
+frauenarztin-wedel.de, 1
+frauenlob.rocks, 0
+fraulen.ru, 1
+fraurichter.net, 1
+frax.finance, 1
+fraye.net, 1
+frazell.net, 1
+frazeysburg.gov, 1
+frazi.tk, 1
+frbracch.it, 1
+frc.gov, 1
+frc.gov.au, 1
+frc.us.com, 1
+frccsgo.tk, 1
+frcdr.org, 1
+frdbarchive.org, 1
+freak-show.tk, 1
+freak-team.tk, 1
+freak-waves.de, 1
+freak-zone.tk, 1
+freakdoodle.com, 1
+freakguitars.tk, 1
+freakinstream.com, 1
+freaksites.dk, 0
+freaksports.com.au, 0
+freakyawesome.agency, 1
+freakyawesome.art, 1
+freakyawesome.band, 1
+freakyawesome.business, 1
+freakyawesome.ca, 1
+freakyawesome.co, 1
+freakyawesome.co.uk, 1
+freakyawesome.design, 1
+freakyawesome.fm, 1
+freakyawesome.in, 1
+freakyawesome.lgbt, 1
+freakyawesome.net, 1
+freakyawesome.org, 1
+freakyawesome.solutions, 1
+freakyawesome.world, 1
+freakyawesome.yoga, 1
+freakyhappenings.tk, 1
+freakymatesers.ga, 1
+freakymatesest.ga, 1
+freave.co, 0
+frebi.org, 1
+frebib.co.uk, 1
+frebib.com, 1
+frebib.me, 1
+frebib.net, 1
+freckles.bg, 1
+fred-dresken.nl, 1
+fred26.fr, 1
+fredbarboo.cf, 1
+fredbarboo.ga, 1
+fredbarboo.gq, 1
+fredbarboo.ml, 1
+freddieleeman.nl, 1
+freddieonfire.tk, 0
+freddo.tk, 1
+freddyhasderyk.tk, 1
+freddyjs.com, 1
+freddythechick.net, 1
+freddyvasquez.com, 1
+freddyxvasquez.com, 1
+fredericfrancois.com, 1
+frederickearlstein.com, 1
+frederickmd.gov, 1
+fredericksburg.com, 1
+frederictonrealestate.com, 1
+frederieknelissen.nl, 1
+frederikbethkeviolins.com, 1
+frederikugarte.tk, 1
+frederikvig.com, 1
+fredhook.tk, 1
+fredjanssen.tk, 1
+fredloya.com, 1
+frednet.tk, 1
+fredoniaaz.gov, 1
+fredoniaiowa.gov, 1
+fredoniawi.gov, 1
+fredoum.fr, 1
+fredriksslaktforskning.se, 1
+fredriksslekt.se, 1
+freds4buildings.com, 1
+fredtec.ru, 1
+fredz.eu, 1
+free-apply.com, 1
+free-barcode-generator.net, 1
+free-bitco.ml, 1
+free-cms.tk, 1
+free-generate.tk, 1
+free-lancer.ml, 1
+free-nation.tk, 1
+free-obmen.ml, 1
+free-ppp.jp, 1
+free-printablehq.com, 1
+free-printablemap.com, 1
+free-quotes.info, 1
+free-rein.net, 1
+free-seo.ml, 1
+free-seo.tk, 1
+free-sql-query-tool.com, 1
+free-ss.site, 1
+free-tarot.net, 1
+free-watching.ga, 1
+free-webtv.tk, 1
+free.com.tw, 1
+free4allsw.com, 1
+free6to12yo.gq, 1
+free8.xyz, 1
+freeadvertisingexchange.com, 1
+freeaf.gq, 1
+freeagent.tk, 1
+freeartico.ga, 1
+freeassange.net, 1
+freeasyshop.com, 1
+freeauction.tk, 1
+freeauroraoperations.tk, 1
+freebacklinksforyoudirectory.tk, 1
+freebasics.com, 1
+freebcard.com, 1
+freebegames.tk, 1
+freebetoffers.co.uk, 1
+freebetonthegrandnational.com, 1
+freebettingreviews.com, 1
+freebiofuels.ga, 1
+freebiofuelsers.ga, 1
+freebirdairlines.com, 1
+freebit.ch, 1
+freebitcoinfaucet.org, 1
+freebookdomain.tk, 1
+freebookslibrary.gq, 1
+freebornfinancial.ca, 1
+freeboson.org, 1
+freebsd.la, 1
+freebsdbrasil.com.br, 1
+freebus.org, 1
+freebusinessideas.net, 1
+freecam-sex.com, 1
+freecam2cam.site, 1
+freecatz.pe.kr, 1
+freechatlines.com, 1
+freecloud.at, 1
+freeclubpenguin.tk, 1
+freecn.xyz, 1
+freecorner.tk, 1
+freecottage.fr, 1
+freecoursepage.net, 1
+freecourses.pro, 0
+freecourseweb.com, 1
+freecrypt.ga, 1
+freedatesite.ml, 1
+freedatesites.cf, 1
+freedatingonline.ml, 1
+freedeals4u.ga, 1
+freedev.cz, 1
+freedgb.com, 1
+freediomatiq.com, 0
+freedirectory.tk, 1
+freedogecrypt.tk, 1
+freedom-substitute.fr, 1
+freedom.nl, 1
+freedom.press, 1
+freedom35.org, 0
+freedomains4all.tk, 1
+freedomdujour.com, 1
+freedomfinanceuat.azurewebsites.net, 1
+freedomflotilla.org, 1
+freedomfrontier.tk, 1
+freedomhk.info, 1
+freedomhkg.info, 1
+freedomhouse.org, 1
+freedomisslavery.tk, 1
+freedomkiaparts.com, 1
+freedomonline.bg, 1
+freedomonthenet.org, 1
+freedomperception.com, 1
+freedomsaukwi.gov, 1
+freedomscam.com, 1
+freedomtoolkit.com, 1
+freedomvote.nl, 1
+freedomwill.tk, 1
+freedomworldoutreach.com, 1
+freeebooksblog.com, 1
+freeenglishhelp.com, 1
+freeexampapers.com, 1
+freefallproductions.tk, 1
+freefilesync.org, 1
+freefincal.com, 1
+freeflightstoitaly.ngo, 1
+freefonts.ga, 1
+freeform4u.de, 1
+freefuckvids.com, 1
+freegame-mugen.jp, 1
+freegutters.com, 1
+freehdporn.tv, 1
+freehorseracingtv.com, 1
+freehotline.ru, 1
+freehouse.video, 1
+freehqporno.com, 1
+freeiconspng.com, 0
+freeimage.host, 1
+freeimageclub.com, 1
+freeinet.cf, 1
+freeinet.tk, 1
+freeinfos.fr, 1
+freeinoutboard.com, 1
+freekdevries.nl, 1
+freelance-webdesign.co.uk, 1
+freelance.boutique, 1
+freelance.nl, 1
+freelanceessaywriters.com, 1
+freelancehunt.com, 1
+freelancejobs.org.uk, 1
+freelancemw.com, 0
+freelancerim.ml, 1
+freelanceunited.co.uk, 1
+freelancewebprogrammer.com, 1
+freeliferp.de, 1
+freeloadfinance.com, 1
+freemagi.ga, 1
+freeman-online.tk, 1
+freemania.nl, 1
+freemanlogistics.com, 1
+freemans.com, 1
+freemanwealth.com, 0
+freemason.pt, 1
+freemazes.tk, 1
+freemchosting.tk, 1
+freeme.gq, 1
+freemilf.org, 1
+freemilfpics.com, 1
+freeminecraftmaps.tk, 1
+freeministryresources.org, 1
+freemomhugs.org, 1
+freemor.ca, 1
+freemotion.tk, 1
+freemovieonline.ga, 1
+freend.me, 0
+freenet.com.ng, 1
+freenetflow.com, 1
+freenetproject.org, 1
+freenft.com, 1
+freenome.com, 1
+freenome.net, 1
+freenomyoulilb.tk, 1
+freeo.cf, 1
+freeonlinearticles.tk, 1
+freeonlinegames.gq, 1
+freeonplate.com, 1
+freeparks.co.uk, 1
+freepastlife.com, 1
+freepatternsarea.com, 1
+freepedia.cf, 1
+freepeopledirectory.com, 1
+freephonefinder.cf, 1
+freeplace.tk, 1
+freepluginoffer.com, 1
+freepoints.us, 1
+freepornhunt.com, 1
+freepornomovies.info, 1
+freepornovideos.me, 1
+freepornpics.net, 1
+freepornvideos.life, 1
+freepornxxxvids.com, 1
+freeportbakery.com, 1
+freeporttx.gov, 1
+freeprintabletm.com, 1
+freepro.com, 1
+freepro.fr, 1
+freepron.xyz, 1
+freeradical.zone, 1
+freereal.ml, 1
+freerealincest.com, 1
+freergform.org, 1
+freeride-dragobrat.com, 1
+freeroughporn.com, 1
+freerun.cn, 0
+freesat.cn, 1
+freeschool.cf, 1
+freescorefast.com, 1
+freesexvideo.pro, 1
+freesexvidz.com, 1
+freeshell.de, 1
+freeshipping.com, 1
+freeskateparks.com, 1
+freeslots.guru, 0
+freesmile.tk, 1
+freesms-online.de, 1
+freesocialbookmarkingsites.tk, 1
+freesoft-board.to, 1
+freesoftlab.com, 1
+freesolitaire.win, 1
+freesourcestl.org, 1
+freespace.info, 1
+freespanlift.com, 1
+freespeech.org, 1
+freesports.ml, 1
+freesteam.net, 1
+freesteam.org, 1
+freestylemartialarts.tk, 1
+freesunday.tk, 1
+freetagboards.tk, 1
+freetamco.com, 1
+freetaxusa.com, 1
+freetelegraph.ga, 1
+freetelegraphers.ga, 1
+freetext.org, 1
+freethecape.org.za, 1
+freethetv.ie, 1
+freethinker.org, 1
+freethinkers.org, 1
+freethought.org, 1
+freetimefun.tk, 1
+freetokill.tk, 1
+freetranslations.org, 1
+freetrung.tk, 1
+freetsa.org, 1
+freeunitconverter.online, 1
+freeuseporn.org, 1
+freevideoproxy.com, 1
+freeview.in, 1
+freevisits.tk, 1
+freevstplugins.net, 1
+freewarez.org, 1
+freewaywarehouse.com, 1
+freewebh0st.tk, 1
+freewoman.club, 1
+freewoodfactory.com, 1
+freexmovie.com, 1
+freexxxmovies.biz, 1
+freeyourmusic.com, 1
+freeza.cf, 1
+freeza.tk, 1
+freezander.tk, 1
+freezaworld.com, 1
+freezemea.com, 1
+freezerrepairaustin.com, 1
+freezion.com, 1
+freezoneplan.com, 1
+freezvon.ru, 1
+freibesetzt.tk, 1
+freiboth.ddns.net, 1
+freie-software.net, 1
+freifahrt.de, 1
+freifall.tk, 1
+freifunk-burgaltendorf.de, 1
+freifunk-duesseldorf.de, 1
+freifunk-in-solingen.de, 1
+freifunk-lindlar.net, 1
+freifunk-luenen.de, 1
+freifunk-myk.de, 1
+freifunk-remscheid.de, 1
+freight-broker.ru, 1
+freight-news.ru, 1
+freightcenter.com, 1
+freinetmiddenschool.gent, 1
+freitas.org, 1
+freitasm.com, 1
+freitasul.com.br, 1
+freitasul.io, 1
+freiwurst.net, 1
+freizeitpark.tk, 1
+freizeitplaza.de, 1
+frejasdal.dk, 1
+frekans.tk, 1
+frekat.tk, 1
+fremontcountyco.gov, 1
+fremontcountyia.gov, 1
+fremontcountyid.gov, 1
+fremontfire.gov, 1
+fremonthills.gov, 1
+fremontmi.gov, 1
+fremontsmilesdentistry.com, 1
+fremonttribune.com, 1
+frences.tk, 1
+french.tk, 1
+frenchbluecottage.com, 1
+frenchcreekcog.org, 1
+frenchcreekroofing.com, 1
+frenchmac.com, 1
+frenchtownmi.gov, 1
+frenchvandal.com, 0
+frendamos-roleplay.ml, 1
+frendle.tech, 1
+frenetic.lv, 1
+frenger.co.uk, 1
+frenger.com.au, 1
+frente-popular.tk, 1
+frenzel.dk, 1
+frequence-turf.fr, 1
+frequencebanane.ch, 0
+frequencymc.cc, 1
+frequentlyaskedquestions.cf, 1
+frequenttraveller.com.au, 1
+freres-marchand.fr, 1
+fresadorasytornos.com, 1
+fresar-engineering.nl, 1
+frescafit.com, 1
+frescamezcla.tk, 1
+fresco.ph, 1
+frescobol.tk, 1
+frescocooks.com, 1
+fresh-hotel.org, 1
+fresh-info.cf, 1
+fresh-info.gq, 1
+fresh-info.tk, 1
+fresh-networks.net, 1
+fresh.co.il, 1
+fresh4.co.uk, 1
+fresh4trash.io, 1
+freshbean.club, 1
+freshbooks.com, 0
+freshcode.nl, 1
+freshdesk-apps-by-invantive.com, 1
+fresheetmusic.com, 1
+freshempire.gov, 1
+freshersworld.ml, 1
+fresherwalkins.tk, 1
+freshfinder.com.au, 1
+freshfishdelivery.com, 1
+freshgreenhouse.net, 1
+freshhosting.tk, 1
+freshinsport.fr, 1
+freshjoomlatemplates.com, 1
+freshman.tech, 1
+freshmans-pizza.de, 1
+freshmusicsheets.com, 1
+freshpatio.com, 1
+freshplus62.com, 0
+freshporno.net, 1
+freshpounds.com, 1
+freshproducemusic.tk, 1
+freshsexpics.com, 1
+freshsheetmusic.com, 1
+freshtest.tk, 1
+freshuk.co.il, 1
+freshwave.gr, 1
+fresno.tk, 1
+fresnofloodcontrol.gov, 1
+fresnois.com, 1
+freso.dk, 1
+fretboardforever.com, 1
+fretpal.online, 1
+fretscha.com, 1
+frettboard.com, 1
+frettennet.tk, 1
+freundeskreis-tarjan.de, 1
+freundinnen-ausflug.de, 0
+freundinnen-kurzurlaub.de, 0
+freundinnen-urlaub.de, 0
+freundinnenausflug.de, 0
+frfghtr.com, 1
+frfi.io, 1
+fribourgviking.net, 1
+fricassea.com, 1
+frickelboxx.de, 1
+frickelmeister.de, 1
+frickenate.com, 1
+frida.se, 1
+fridakahlofans.com, 1
+fridaybot.tk, 1
+fridaybridge.tk, 1
+fridayfoucoud.ma, 1
+fridaynightskate.tk, 1
+fridaysforfuture-bremen.de, 1
+fridge.dk, 1
+fridgesearchest.ga, 1
+fridolinka.cz, 1
+fried.tk, 1
+friedberg2020.de, 1
+friedbergdirectfx.ca, 1
+friederes.lu, 1
+friedhelm-wolf.de, 1
+friedli.info, 1
+friedrich-foto-art.de, 1
+friedrichshafen.tk, 1
+friedsamphotography.com, 1
+friedstechnology.com, 1
+friedstechnology.nl, 1
+friedstechnology.online, 1
+friedzombie.nl, 1
+friedzombie.online, 1
+friendbot.ml, 1
+friendick.jp, 1
+friendindeed.com, 1
+friendku.tk, 1
+friendly.pe, 1
+friendlybearlabs.com, 1
+friendlydabs.com, 1
+friendofpaws.com, 1
+friendofthehoneybee.co.uk, 1
+friendofthehoneybee.org, 1
+friendofthehoneybee.org.uk, 1
+friendowment.us, 1
+friends-online.tk, 1
+friends.cafe, 1
+friendscapital.co.uk, 1
+friendsforeverrecords.tk, 1
+friendshipismagicsquad.com, 1
+friendsnew.com, 1
+friendsnomore.tk, 1
+friendsofgfwpc.org, 1
+friendsofmagnacarta.tk, 1
+friendsofoldstthomas.org, 1
+friendsofthehoneybee.co.uk, 1
+friendsofthehoneybee.com, 1
+friendsofthehoneybee.org, 1
+friendsofthehoneybee.org.uk, 1
+friendsofthehoneybee.uk, 1
+friendsoftheriverfront.org, 1
+friendsonline.com, 1
+friendsonline.tk, 1
+friendspoint.tk, 1
+friendsvilletn.gov, 1
+friendswoodtx.gov, 1
+friendtech.tk, 1
+friesvredesplatform.tk, 1
+friet.org, 1
+frietbesteld.nl, 1
+frietzombie.nl, 1
+friezy.ru, 1
+frightmare.tk, 1
+frigi.ch, 0
+frign.de, 1
+frigochaco.com.py, 1
+frigolit.net, 1
+frikandellenmoord.nl, 1
+frikandelmoord.nl, 1
+friker.tk, 1
+frikilinks.tk, 1
+frikimasters.es, 1
+frikipedia.tk, 1
+frikiteca.tk, 1
+frikizone.tk, 1
+frikotv.tk, 1
+frilima.com.br, 1
+friller.com.au, 1
+frillip.com, 0
+fringeintravel.com, 1
+frinkiac.com, 1
+frino.de, 1
+frioelectrica.com, 1
+friplay.host, 1
+fripoune.fr, 1
+fripper.tk, 1
+frisaga.com, 1
+frisaga.me, 1
+frisaga.net, 1
+frisaga.org, 1
+frisaga.travel, 1
+friscorodandgun.com, 1
+friseur-foerder.de, 1
+friseur.website, 1
+friseure-website.de, 1
+friss.com, 0
+frissenootjes.tk, 1
+frisuren.tk, 1
+friteuseairchaud.com, 1
+fritravelapp.com, 1
+fritteli.ch, 1
+fritz-koehne-schule.de, 1
+fritzbox-forum.tk, 1
+friv-2018.ga, 1
+frizo.com, 1
+frlcnews.com, 1
+frlt.one, 1
+frmbike.net, 1
+fro.ge, 1
+frodriguez.xyz, 1
+froehliche-hessen.de, 1
+frog.industries, 1
+frogatto.com, 1
+frogeducation.com, 1
+frogeye.fr, 1
+froggitt.com, 1
+froginfra.net, 1
+froglms.net, 1
+frogos.net, 1
+frogplay.net, 1
+frogsonamission.de, 1
+frogstage.com, 1
+frogtest.co.uk, 1
+frogtown.capital, 1
+froh-s.com, 1
+froh.co.jp, 1
+froicorp.com, 1
+frokenblomma.se, 1
+frolova.org, 1
+from-the-net.com, 1
+from.network, 0
+from.tk, 1
+fromager.net, 1
+fromageriedepeisey.com, 1
+fromages-freres-marchand.com, 1
+fromages-freres-marchand.fr, 1
+fromages-marchand.com, 1
+fromages-marchand.fr, 1
+fromix.de, 1
+fromlemaytoz.com, 1
+fromlifephoto.com, 1
+fromm-projects.de, 1
+frommars.tk, 1
+frommyhands.tk, 1
+fromoldbooks.org, 1
+fromrestaurants.tk, 1
+fromscratch.rocks, 1
+fromtheboxoffice.com, 1
+fromthecave.tk, 1
+fromthecountsplace.tk, 1
+fromthemonks.com, 1
+fromthesoutherncross.com, 1
+fromthetopsalonnh.com, 1
+fromwithin.tk, 1
+fronhadeseda.com.br, 1
+front.com, 1
+frontbaydevices.tk, 1
+frontconcept.com.my, 1
+fronteers.nl, 0
+fronteimoveis.com.br, 1
+frontendmentor.io, 1
+fronterasblog.tk, 1
+frontier.bet, 1
+frontierbrasil.tk, 1
+frontierclimate.com, 0
+frontiernav.net, 1
+frontiernetworks.co.uk, 1
+frontiers.nl, 1
+frontiersinflight.com, 1
+frontigate.com, 1
+frontline.cloud, 1
+frontline6.com, 0
+frontlinepolicies.com, 1
+frontrouge.fr, 1
+frontrunneragency.com, 1
+froogo.co.uk, 1
+frosinonetoday.it, 1
+frostedgame.xyz, 1
+frostexpert.ru, 1
+frostfire.tk, 1
+frostplatform.com, 1
+frostprotection.co.uk, 1
+frostwarning.com, 1
+frostwolf.tk, 1
+frosty-gaming.xyz, 1
+frosty.sk, 1
+frosty.style, 1
+frostymr.com, 1
+frostysummers.com, 1
+frothy285.com, 1
+froufe.com, 0
+frowin-base.de, 1
+frowin-stemmer.de, 0
+frown.town, 1
+frownonline.co.uk, 1
+froyomio.com, 1
+frozen-gaming.tk, 1
+frozen-geek.net, 1
+frozen-solid.net, 1
+frozencuisine.ga, 1
+frozencuisineers.ga, 1
+frozencuisineest.ga, 1
+frozendurian.club, 1
+frozenpennies.com, 1
+frp-roleplay.de, 1
+frpg.gov, 1
+frprn.com, 1
+frprn.es, 1
+frprn.xxx, 1
+frrfb.org.au, 1
+frsecure.com, 1
+frshminds.com, 1
+frsnpwr.net, 1
+frsra.ml, 1
+frtib.gov, 1
+frtn.com, 1
+frtr.gov, 1
+frtrains.com, 0
+fruchtikus.net, 1
+frugaldateest.ga, 1
+frugalfamily.co.uk, 1
+frugalfamilyhome.com, 1
+frugalfarmwife.com, 1
+frugalmatic.com, 1
+frugro.be, 1
+fruit-farm.tk, 1
+fruit.ga, 1
+fruit.ml, 1
+fruitbouquets.com, 1
+fruitdiva.com, 1
+fruitfits.com, 1
+fruitfulenglish.com, 1
+fruition.co.jp, 1
+fruitjuicetab.ch, 1
+fruitlandmi.gov, 1
+fruitlawers.ga, 1
+fruitmoose.com, 1
+fruits-passion.com, 1
+fruitscale.com, 1
+fruitsfromchile.com, 1
+fruitybeauty.tk, 1
+fruitycasinos.com, 1
+fruityloop.tk, 1
+fruityten.co.uk, 1
+frutasyvejetales.com, 1
+frutidump.tk, 1
+frutuozo.com.br, 1
+fruturaproduce.com, 1
+fruxh.moe, 1
+fruxnux.net, 1
+frwmb.gov, 1
+fry.at, 1
+frydrychit.cz, 1
+fryfiredistrictaz.gov, 1
+fs-d.org, 1
+fs-fitness.eu, 1
+fs-g.org, 1
+fs-m.org, 1
+fs-maistadt.de, 1
+fs-rozmarija.tk, 1
+fs-w.org, 1
+fs-world.org, 1
+fs1.hopto.org, 1
+fsalmeron.tk, 1
+fsapubs.gov, 0
+fsavc.org.uk, 1
+fsbn.eu, 1
+fsbpaintrock.com, 1
+fsch2009.com, 1
+fsck.cz, 1
+fsck.jp, 0
+fsconline.info, 1
+fscott.de, 1
+fsd.gov, 1
+fselka.is, 1
+fseo.tk, 1
+fsfi.is, 1
+fsg.one, 1
+fsgeek.ca, 1
+fsharpfactory.io, 1
+fsinf.at, 1
+fsinsight.com, 1
+fsk.fo, 0
+fsky.info, 1
+fsma.pl, 1
+fsmi.in, 1
+fsnb.com, 1
+fspk.pro, 1
+fsps.ch, 1
+fsrs.gov, 1
+fsscms.com, 1
+fssolutions.com, 1
+fssp-bordeaux.fr, 1
+fsst-nsn.gov, 1
+fstatic.io, 1
+fstm.tk, 1
+fstpn.at, 1
+fstpn.blog, 1
+fstpn.ch, 1
+fstpn.cloud, 1
+fstpn.com, 1
+fstpn.de, 1
+fstpn.es, 1
+fstpn.eu, 1
+fstpn.info, 1
+fstpn.io, 1
+fstpn.it, 1
+fstpn.link, 1
+fstpn.media, 1
+fstpn.net, 1
+fstpn.network, 1
+fstpn.org, 1
+fstpn.pt, 1
+fstpn.shop, 1
+fstpn.si, 1
+fstpn.uk, 1
+fsty.uk, 1
+fsub.de, 1
+fsvoboda.cz, 1
+fsvt.ch, 0
+fsxxi.com, 1
+ft.com, 0
+ftang.de, 1
+ftapi.com, 0
+ftc.gov, 1
+ftccomplaintassistant.gov, 1
+ftcefile.gov, 1
+ftcscout.org, 1
+ftfgroup.us, 1
+ftg-ru.ga, 1
+ftgeufyihreufheriofeuozirgrgd.tk, 1
+ftgho.com, 1
+fthat.link, 1
+ftl-gaming.tk, 1
+ftl13.com, 1
+ftlparksprojects.com, 1
+ftm.wiki, 1
+ftmc.tk, 1
+ftmwiki.com, 1
+ftmwiki.net, 1
+ftmwiki.org, 1
+ftmyersdogtraining.com, 1
+ftng.se, 1
+ftpmovement.tk, 1
+ftpporto.com, 1
+ftptest.net, 1
+ftrac.com.br, 1
+ftrfnd.me, 1
+ftth.eu.org, 0
+ftv.re, 1
+ftworthhousekeeper.com, 1
+ftx.io, 1
+ftx.tech, 1
+ftxtr.com, 0
+fu110.de, 1
+fu666.de, 1
+fu898.top, 1
+fuantaishenhaimuli.net, 1
+fuas.cl, 1
+fucajz.cz, 1
+fuchs-informatik.de, 1
+fuchsy.com, 1
+fuciam.com.co, 1
+fuck-your-false-positive.de, 1
+fuckar.ch, 1
+fuckcf.cf, 1
+fuckedintraffic.com, 1
+fuckimm.com, 1
+fucknazis.cf, 1
+fucknazis.tk, 1
+fuckobr.com, 1
+fuckobr.net, 1
+fuckobr.org, 1
+fuckobr.su, 1
+fuckssl.com, 1
+fucktory.tk, 1
+fuckup.dk, 1
+fuckwhatyouthink.tk, 1
+fuckxiaozhan.com, 0
+fuckxichina.com, 1
+fuckyou.monster, 1
+fuckyoupaypal.me, 1
+fuckz.net, 1
+fudaoyuan.com, 1
+fuddittu.tk, 1
+fudgeapps.co.uk, 1
+fudgeapps.uk, 1
+fudie.net, 1
+fudsend.com, 1
+fuego.tech, 1
+fuegocruzado.tk, 1
+fuegoenlasangre.tk, 1
+fuegosalsapower.tk, 1
+fueko.net, 1
+fuelbyte.sg, 1
+fuelcycle.com, 1
+fuelgalicia.tk, 1
+fuelingfilms.com, 1
+fuembellida.tk, 1
+fuenf-sterne.de, 1
+fuenferrada.tk, 1
+fuentesdeenergia.org, 1
+fuentesdeleon.tk, 1
+fuer-gerechte-steuern.at, 1
+fuerzaazul.tk, 1
+fuessenaktuell.de, 1
+fufu.dance, 1
+fugaku.cloud, 1
+fuge-specialisten.dk, 1
+fugioninc.com, 0
+fuglar.tk, 1
+fugle.de, 1
+fuglede.dk, 1
+fugu.lol, 1
+fuhe-psy.com, 1
+fuhui-apac.com, 1
+fuhui-asia.com, 1
+fuhui-baike.com, 1
+fuhui-chinese.com, 1
+fuhui-chn.com, 1
+fuhui-global.com, 1
+fuhui-status.com, 1
+fuhui-web.com, 1
+fuhui-zhs.com, 1
+fuhuiapps.com, 1
+fuhuicorporate.com, 1
+fuhuifinance.com, 1
+fuhuigupiao.com, 1
+fuhuihub.com, 1
+fuhuijt.com, 1
+fuhuilab.com, 1
+fuhuimarkets.com, 1
+fuhuimobile.com, 1
+fuhuionline.com, 1
+fuhuiso.com, 1
+fuhuistation.com, 1
+fuhuistocks.com, 1
+fuhuitoutiao.com, 1
+fuhuitouzi.com, 1
+fuhuitrade.com, 1
+fuhuitrading.com, 1
+fuhuiwechat.com, 1
+fuhuizh.com, 1
+fuhuizhihu.com, 1
+fuinhas.tk, 1
+fuite.ch, 0
+fuitedeau.ch, 0
+fuites-eau-charente.com, 1
+fuites.ch, 0
+fuiveningent.be, 1
+fujianshipbuilding.com, 1
+fujieb.com, 1
+fujifilm-connect.com, 1
+fujijin.co.jp, 1
+fujikatu.tk, 1
+fujikochan.tk, 1
+fujimurado.com, 1
+fujiwarashinzo.com, 1
+fujiyakimono.com, 1
+fukabori-kaidora.com, 1
+fukase-seed.com, 1
+fukikaeru.com, 1
+fukn.jp, 1
+fuku-fashion.nl, 1
+fukuiedu.com, 1
+fukuko.biz, 1
+fukuko.xyz, 1
+fukushima-fun.com, 1
+fukushimacoffee.com, 1
+fulcrumanalytics.com, 1
+fulcrumdigital.com, 1
+fulda.tk, 1
+fulfil.io, 1
+fulfillmentcostsers.ga, 1
+fulfillmentcostsest.ga, 1
+fulfilmentcrowd.com, 1
+fulgentoncology.com, 1
+fulgenzis.com, 1
+fulisex.com, 1
+fuliwang.info, 1
+full-hd.info, 1
+full-stack.ninja, 1
+full.eu.org, 1
+fullautomotivo.com.br, 1
+fullaw.in, 1
+fullblast.tk, 1
+fullbulla.tk, 1
+fullbundle.com, 1
+fullcirclestudio.nl, 1
+fullcolors7.com, 1
+fulldw.com, 1
+fullerlife.org.uk, 1
+fullertonne.gov, 1
+fullfilez.com, 1
+fullfillery.com, 1
+fullhost.com, 1
+fullhotfilm.co, 1
+fullhouseresorts.com, 1
+fullhub.ru, 1
+fullinsiderers.ga, 1
+fullinsiderest.ga, 1
+fullintel.com, 1
+fullmetalconsulting.tk, 1
+fullmoondesignhouse.tk, 1
+fullmoonhentai.tk, 1
+fullpaisa.com, 1
+fullsize.ml, 1
+fullsizefordclub.tk, 1
+fulltextarchive.com, 1
+fulltxt.ml, 1
+fully-covered.tk, 1
+fully-hair.tk, 1
+fullzest.com, 1
+fultoncountyar.gov, 1
+fultoncountyil.gov, 1
+fultoncountyilelections.gov, 1
+fultoncountyky.gov, 1
+fultondaleal.gov, 1
+fulup.com, 1
+fumblers.ca, 1
+fumerolles.ch, 0
+fumerx.com, 1
+fumify.tk, 1
+fumilink.com, 1
+fumotousa.com, 1
+fun-baby.ru, 1
+fun-bounce.co.uk, 1
+fun-day.tk, 1
+fun-life.com.tw, 0
+fun-tasia.co.uk, 1
+fun4ubouncycastles.co.uk, 1
+funadiq.com, 1
+funadvisor.ca, 0
+funadvisorfrance.com, 1
+funaiwhistle.com, 1
+funandfriends.tk, 1
+funandlearning.es, 1
+funatic.nl, 1
+funatic.tk, 1
+funboards.cz, 1
+funboat.tk, 1
+funbuynet.com.br, 1
+funchal.cf, 1
+funchal.ga, 1
+funchal.gq, 1
+funchal.pt, 1
+functions-online.com, 1
+functionx.io, 1
+functori.com, 1
+funcustomshirts.com, 1
+fundacaoeveris.com.br, 1
+fundacion.in, 1
+fundacionfade.org, 1
+fundacionfranciscofiasco.org, 1
+fundacionindigo.tk, 1
+fundacionlaboral.org, 1
+fundacionminutodigital.org, 1
+fundacionsiempreadelante.org, 1
+fundacionsilverina.org, 1
+fundacjamatkiewy.pl, 1
+fundaekhaya.co.za, 1
+fundamentt.com, 1
+fundayltd.com, 1
+fundedschools.ml, 1
+fundelva.com, 1
+fundex.id, 1
+fundhawk.com, 1
+fundiggitydog.co.nz, 1
+funding-zone.com, 1
+fundingoptions.com, 1
+fundingpartner.dk, 1
+fundingpartner.no, 1
+fundingpartner.se, 1
+fundkyapp.com, 1
+fundmylegalclaim.co.uk, 1
+fundort.ch, 1
+fundpress.org, 0
+funds.ddns.net, 1
+fundstuecke.de, 1
+fundwave.com, 1
+funenhobby.nl, 1
+funeral-doom.tk, 1
+funeralforafriend.tk, 1
+funeralshowers.ga, 1
+funeralshowest.ga, 1
+funerare-cazacu.com, 1
+funerare24.ro, 1
+funerariaalarcon.cl, 1
+funfa.nl, 1
+funfactorleeds.co.uk, 1
+funfacts.cz, 1
+funfm.tk, 1
+fungalforager.com, 1
+fungame.eu, 1
+fungame.fr, 1
+fungit.org, 0
+fungomoscow.cf, 1
+fungosdemexico.tk, 1
+funguana.com, 1
+funhiking.tk, 1
+funhotdate.com, 1
+funhouse-inflatables.co.uk, 1
+funhunt.es, 1
+funideas.org, 1
+funidelia-tr.com, 1
+funidelia.at, 1
+funidelia.be, 1
+funidelia.bg, 1
+funidelia.ca, 1
+funidelia.ch, 1
+funidelia.cl, 1
+funidelia.co, 1
+funidelia.co.il, 1
+funidelia.co.nz, 1
+funidelia.co.uk, 1
+funidelia.com, 1
+funidelia.com.ar, 1
+funidelia.com.au, 1
+funidelia.com.br, 1
+funidelia.com.ua, 1
+funidelia.cz, 1
+funidelia.de, 1
+funidelia.dk, 1
+funidelia.ee, 1
+funidelia.es, 1
+funidelia.fi, 1
+funidelia.fr, 1
+funidelia.gr, 1
+funidelia.hk, 1
+funidelia.hr, 1
+funidelia.hu, 1
+funidelia.id, 1
+funidelia.ie, 1
+funidelia.in, 1
+funidelia.is, 1
+funidelia.it, 1
+funidelia.kr, 1
+funidelia.lt, 1
+funidelia.lu, 1
+funidelia.lv, 1
+funidelia.mx, 1
+funidelia.my, 1
+funidelia.nl, 1
+funidelia.no, 1
+funidelia.ph, 1
+funidelia.pt, 1
+funidelia.ro, 1
+funidelia.rs, 1
+funidelia.ru, 1
+funidelia.se, 1
+funidelia.sg, 1
+funidelia.si, 1
+funidelia.sk, 1
+funidos.tk, 1
+funinfo.tk, 1
+funinthesunboating.com, 1
+funio.com, 1
+funkazoid-radio.com, 1
+funken-networks.de, 1
+funkfernbedienung-industrie.de, 1
+funkimforst.de, 1
+funknotaus.de, 1
+funkogames.com, 1
+funkshop.tk, 1
+funksteckdosen24.de, 0
+funkstyles.tk, 1
+funktdesign.eu, 1
+funktionel.co, 1
+funktionevents.co.uk, 1
+funky-emulation.net, 1
+funkydealz.no, 1
+funkyflo.tk, 1
+funkysims.tk, 1
+funline.tk, 1
+funlook.ga, 1
+funlook.tk, 1
+funmobiles.tk, 1
+funmountaincanyon.com, 1
+funnelsforbricks.io, 1
+funnelw3b.com, 1
+funniestclip.com, 1
+funny-boy.tk, 1
+funny-rates.tk, 1
+funny-wedding.ga, 1
+funnyanimalvideos.ml, 1
+funnybee.tk, 1
+funnybubu.ro, 1
+funnychristianjokes.tk, 1
+funnycommercials.ga, 1
+funnylinks.cf, 1
+funnymedia.tk, 1
+funnymetals.com, 1
+funnypicz.cf, 1
+funnyprankvideo.ga, 1
+funnypromotions.tk, 1
+funnytimes.cf, 1
+funnyvideoclips.cf, 1
+funnyvideoclips.tk, 1
+funoverip.net, 1
+funpakistan.tk, 1
+funpartytips.com, 1
+funphone.tk, 1
+funplaza.tk, 1
+funprode.org, 1
+funprogramming.tk, 1
+funreaktor.com, 1
+funshemale.com, 1
+funshirts.tk, 1
+funsite.tk, 1
+funsmsmailing.tk, 1
+funsoup.tk, 1
+funtastic-basketball.de, 1
+funtastic.ie, 1
+funtime-inflatables.co.uk, 1
+funtime.com.ua, 1
+funtime.kiev.ua, 1
+funtimesbouncycastles.co.uk, 1
+funtimeusabiloxi.com, 1
+funtimez.cf, 1
+funtimez.ga, 1
+funtimez.gq, 1
+funto.tk, 1
+funtonez.tk, 1
+funy.eu.org, 1
+funyirotraktor.hu, 1
+funzack.cf, 1
+fur-shop.tk, 1
+fur.city, 1
+fur.mt, 1
+fur.red, 1
+furaffrate.net, 1
+furbooru.org, 1
+furca.ca, 1
+furcdn.net, 1
+furcity.me, 1
+fureais.com, 1
+furgetmeknot.co.za, 1
+furgetmeknot.org, 1
+furgetmeknot.org.za, 1
+furgo.love, 1
+furi.ga, 1
+furiacelesteiquique.tk, 1
+furiaot.com, 1
+furik.me, 1
+furisode-sendai.com, 1
+furisode-yamaguchiya.com, 1
+furiya.tk, 1
+furkanahsap.com, 1
+furkankose.ml, 1
+furkanmudanyali.com, 1
+furkot.com, 1
+furkot.de, 1
+furkot.es, 1
+furkot.fi, 1
+furkot.fr, 1
+furkot.it, 1
+furkot.pl, 1
+furkot.ro, 1
+furlan.co, 0
+furlan.tk, 1
+furlog.it, 1
+furmap.fr, 1
+furnace-zero.tk, 1
+furnfurs.com, 1
+furnishedproperty.com.au, 1
+furniteco.com, 1
+furniture-for-home.tk, 1
+furniture-warehouse.co.za, 1
+furnitureconcept.co.uk, 1
+furniturefashion.com, 1
+furnitureforlife.com, 1
+furnitureforlifeboulder.com, 1
+furniturefromthebarn.com, 1
+furnitureproduction.tk, 1
+furnituresolutions.tk, 1
+furniturezoneboone.com, 1
+furnu.org, 1
+furorcanario.tk, 1
+furoretferrum.tk, 1
+furosemide-lasix.tk, 1
+furosemide.gq, 1
+furries-united.de, 1
+furry.codes, 1
+furry.cool, 1
+furry.dk, 1
+furry.gay, 1
+furrybot.co, 1
+furrycdn.org, 1
+furrycraft.ga, 1
+furrytech.network, 1
+furs.town, 1
+fursandfur.tk, 1
+furseo.co, 1
+fursho.ws, 1
+furshows.org, 1
+furtodo.at, 1
+furtodo.com, 1
+furtodo.cz, 1
+furtodo.de, 1
+furtodo.eu, 1
+furtodo.hu, 1
+furtodo.pl, 1
+furtodo.sk, 1
+furtodobox.com, 1
+furtodobox.cz, 1
+furtodobox.eu, 1
+furtodobox.sk, 1
+furtodoit.com, 1
+furu-sato.com, 1
+furukawabenn.com, 1
+furuse-shika.com, 1
+furuy.com, 0
+furworks.de, 1
+fusacity.tk, 1
+fusacovi.cf, 1
+fuselight.nl, 1
+fuseos.net, 1
+fuseyahoken.com, 1
+fushee.com, 1
+fusi.tk, 1
+fusico.be, 1
+fusico.com, 1
+fusico.digital, 1
+fusion-lamps.com, 1
+fusionapps.com, 1
+fusionapps.net, 1
+fusionarmenia.tk, 1
+fusionas.tk, 1
+fusionauth.io, 1
+fusionbd.net, 1
+fusionespeluqueria.es, 1
+fusionfactory.tk, 1
+fusiongaming.de, 1
+fusionpatrol.com, 0
+fusionplatter.eu, 1
+fusions.co.jp, 1
+fusionstudios.tk, 1
+fusionvr.in, 1
+fuso.com.py, 1
+fuso.net, 1
+fussball-xxl.de, 1
+fussballmanager.de, 1
+fussballpiraten.com, 1
+fussballtransfers.com, 1
+fussboden-manufaktur.de, 0
+fussbodenmanufaktur.de, 0
+fussell.io, 1
+fussfetisch.tk, 1
+fussphotography.com.au, 1
+fussy.ee, 1
+fussycats.com, 1
+fussycats.uk, 1
+fuszara.eu, 1
+fut21gen.com, 1
+futa.agency, 1
+futa.wiki, 1
+futaba-works.com, 1
+futacockinside.me, 1
+futarara.ga, 1
+futaritomo.tk, 1
+futaroulette.com, 1
+futbito.com, 1
+futbol-tv.tk, 1
+futbolcba.com, 1
+futbolmodesto.tk, 1
+futbolus.tk, 1
+futbomb.com, 1
+futebolatualizado.tk, 1
+futebolbrasileirosnes.tk, 1
+futeboleapostasonline.com, 1
+futhark24.com, 1
+futhark24.eu, 1
+futhark24.net, 1
+futhark24.org, 1
+futharkhorde.tk, 1
+futieltextiel.be, 1
+futo.biz, 1
+futone.com.br, 1
+futos.de, 1
+futrou.com, 0
+futsalnews24.com, 1
+futunk.com, 1
+futunk.eu, 1
+futunk.nl, 1
+futurageindia.com, 1
+futurains.com, 1
+futurama-il.tk, 1
+futurama-latino.org, 1
+future-dance.tk, 1
+future-telecom.com, 1
+futureappin.com.au, 1
+futureaudiographics.com, 0
+futurecharcoal.com, 1
+futurefive.asia, 1
+futurefive.co.nz, 1
+futurefive.com.au, 1
+futureforward.coop, 1
+futurefuels.com.au, 1
+futurefund.com, 1
+futurefund.gov.au, 1
+futurefundapp.com, 1
+futuregaming.io, 1
+futuregrowthva.com, 1
+futureimmigration.net, 1
+futurenda.com, 1
+futurenewsforyou.com, 1
+futureofyoucdc.sg, 1
+futureplan.de, 1
+futureplanet.tk, 1
+futuresinmarketing.co.uk, 1
+futuresonline.com, 0
+futuresound.tk, 1
+futurestyletiling.com.au, 1
+futuretechtrends.co.uk, 1
+futurethinkers.org, 1
+futureville.city, 1
+futurewithoutfear.com, 1
+futurewithoutfear.org, 1
+futurewithoutfear.us, 1
+futureyouhealth.com, 1
+futurezone.at, 1
+futuristicarchitectures.tk, 1
+futuristicjobs.sk, 1
+futurity.ml, 1
+futurygames.com, 1
+fuulle.com, 1
+fuvelis.com, 1
+fuwafuwa.moe, 1
+fuwafuwatime.moe, 1
+fuwashima.moe, 1
+fuxgames.com, 1
+fuyu.moe, 1
+fuzenet.net, 1
+fuzigames.com, 1
+fuzion.co.th, 1
+fuzoku-sodan.com, 1
+fuzoku.jp, 1
+fuzzbucket.tk, 1
+fuzzi.es, 1
+fuzzing-project.org, 1
+fuzzlemann.de, 1
+fuzzy.domains, 1
+fuzzylogic.tk, 1
+fvap.gov, 1
+fvb.world, 1
+fvdm.com, 1
+fveevaete.com, 1
+fvformation.fr, 0
+fvg.io, 1
+fw-einsatz.de, 1
+fwaux.de, 1
+fwba.hopto.org, 1
+fwdx.net, 1
+fwest.ovh, 1
+fwest98.nl, 1
+fwest98.ovh, 1
+fwg.sk, 1
+fwkart.de, 1
+fwo.gov.au, 1
+fwpda.gov, 1
+fwr.cz, 1
+fws.gov, 1
+fwt99.com, 1
+fwt999.com, 1
+fwtapp.com, 1
+fwtewm.com, 1
+fwtpic.com, 1
+fwup.org, 1
+fwupd.org, 1
+fx-rating.com, 1
+fxbrokerreview.org, 1
+fxcg-education.com, 1
+fxcm-arabic.com, 1
+fxcm-asia.com, 1
+fxcm-chn.com, 1
+fxcm-global.com, 1
+fxcm-markets.com, 1
+fxcm-online.com, 1
+fxcm.com.tw, 1
+fxcm.com.vn, 1
+fxcm.eu, 1
+fxcm.my, 1
+fxcm.vn, 1
+fxcmaffiliates.com, 1
+fxcmapps-asia.com, 1
+fxcmapps.com, 1
+fxcmbullion.com, 1
+fxcmchn.com, 1
+fxcmglobal.com, 1
+fxcmhub.com, 1
+fxcmidn.com, 1
+fxcmportal.com, 1
+fxcmzh.com, 1
+fxcopierpro.com, 1
+fxeuropa.com, 1
+fxexplained.co.uk, 1
+fxgame.online, 1
+fxiaoke.com, 1
+fxislamic.com, 1
+fxnotch.com, 1
+fxopen.co.uk, 1
+fxopen.com, 1
+fxopen.com.au, 1
+fxopen.com.br, 1
+fxopen.com.mx, 1
+fxopen.my, 1
+fxopen.ru, 1
+fxp.at, 1
+fxp.co.il, 1
+fxperk.com, 1
+fxpig-ib.com, 1
+fxpunch.com, 1
+fxrates.com, 1
+fxstatus-chinese.com, 1
+fxstock.eu, 1
+fxstrategics.com, 1
+fxtalk.cn, 0
+fxtrade-lab.com, 1
+fxtwitter.com, 1
+fxwebstudio.com.au, 0
+fydjbsd.cn, 1
+fyfywka.com, 1
+fyllehack.se, 1
+fyllingen-elinst.no, 1
+fylm.ai, 1
+fyn.nl, 1
+fyn.software, 1
+fynbo.io, 1
+fyndiq.se, 1
+fyol.pw, 1
+fyp-aiman.com, 1
+fyphb.com, 1
+fyptt.to, 1
+fyrebox.guru, 1
+fyrehost.net, 0
+fyrfalkcontent.se, 1
+fyroeo.fr, 0
+fysio-ict.nl, 1
+fysiotherapie-ict.nl, 1
+fysiotherapie.tk, 1
+fysiotherapieapeldoornzuid.nl, 1
+fysiotherapiesimons.nl, 1
+fyss.ga, 1
+fysuite.com, 1
+fytorio-pasxalis.gr, 1
+fyziotonka.sk, 1
+fzhyzamt.com, 1
+fzoske.de, 1
+fzx750.ru, 1
+fzxx.eu.org, 1
+fzxx.xyz, 1
+g-c-z.cc, 1
+g-center.tk, 1
+g-dart.com, 1
+g-ds.de, 1
+g-electricity.ml, 1
+g-equip.ru, 1
+g-fruit.gr, 1
+g-lab.xyz, 1
+g-m-w.eu, 1
+g-p-design.com, 1
+g-printec.com, 1
+g-rom.net, 1
+g-tea.ml, 1
+g.co, 0
+g00228.com, 1
+g01.in.ua, 1
+g0158.com, 1
+g0881.com, 1
+g0man.com, 1
+g1.ie, 1
+g10e.ch, 1
+g15ubezpieczenia.pl, 1
+g1reeds.com, 1
+g2-inc.com, 1
+g2fdistribuidora.com.br, 1
+g2jp.uk, 1
+g2links.com, 0
+g2llc.com, 1
+g2pla.net, 1
+g2soft.net, 0
+g36533.com, 1
+g36594.com, 1
+g3circuit.com, 1
+g3d.ro, 1
+g3hardcore.tk, 1
+g3homefoods.com, 1
+g47.web.id, 1
+g4v.in, 1
+g4w.co, 1
+g5.gov, 1
+g51365.com, 1
+g5197.co, 1
+g5yss.uk, 1
+g6666g.tk, 1
+g6729.co, 1
+g6957.co, 1
+g6957.com, 0
+g72020.gov, 1
+g7campdavid.gov, 1
+g7liveseafood.com.sg, 1
+g7usa.gov, 1
+g82365.com, 1
+g8energysolutions.co.uk, 1
+g9297.co, 1
+g9721.com, 0
+g9728.co, 1
+ga-2.it, 0
+ga-digitazion.com, 1
+ga-part.ru, 1
+gaasuper6.com, 1
+gabaldon.eu, 1
+gabaldon.nl, 1
+gabapentin.gq, 1
+gabare-loire.com, 1
+gabbeh.jp, 1
+gabby-online.tk, 1
+gabby.vn, 0
+gabbyer.ga, 1
+gabbyer.gq, 1
+gabbyer.ml, 1
+gabe.download, 1
+gabe.house, 1
+gabe.pics, 1
+gabe.watch, 1
+gabe565.com, 1
+gabecook.com, 1
+gabed.net, 1
+gabelli.com, 1
+gabethebabetv.com, 1
+gabigold.net, 1
+gabijazava.com, 1
+gabinet-okulistyczny.tk, 1
+gabiocs.com, 1
+gabiz.tk, 1
+gablermade.com, 1
+gablesplasticsurgery.com, 1
+gablesportsga.com, 0
+gablesvets.co.uk, 1
+gably.net, 1
+gabnotes.org, 1
+gabodesign.tk, 1
+gaborg.hu, 1
+gabraham.tk, 1
+gabriel.to, 1
+gabrielaebruno.cf, 1
+gabrielafriasfanclub.tk, 1
+gabrielcury.tk, 1
+gabriele-kluge.de, 1
+gabrielemarino.tk, 1
+gabrielflores.tk, 1
+gabrielg.es, 1
+gabrielgn.com.br, 0
+gabriella.cf, 1
+gabriellabastos.tk, 1
+gabriellearruda.com, 1
+gabrielrm.dynu.net, 1
+gabrielsimonet.ch, 1
+gabrielsteens.nl, 1
+gabrielyin.com, 0
+gabryjeluk.tk, 1
+gabskent.de, 1
+gabtitui.gov.au, 1
+gabucho.tk, 1
+gabyclark.com, 1
+gabyminneboo.tk, 1
+gabysoft.tk, 1
+gabz.net, 1
+gachea.cl, 1
+gachimuchi.ru, 1
+gachiyase.com, 1
+gachter.name, 0
+gaci88play.com, 1
+gacirenin.cf, 1
+gacirenin.tk, 1
+gackowski.tk, 1
+gadabit.pl, 1
+gadaj.eu, 1
+gadalkindom.ru, 1
+gadanie.cf, 1
+gadanie.ml, 1
+gadatel.ml, 1
+gaddiblog.com, 1
+gaddini.it, 1
+gadecs.com, 1
+gadget-freak.cf, 1
+gadget-hat.tk, 1
+gadget-tips.com, 1
+gadgetflashers.ga, 1
+gadgetflip.com, 1
+gadgetfreak.cf, 1
+gadgetgi.ga, 1
+gadgetguideonline.com, 1
+gadgethacks.com, 1
+gadgetick.com, 1
+gadgetinfo.ga, 1
+gadgetized.net, 1
+gadgetmaker.tk, 1
+gadgetmaniac.tk, 1
+gadgets-cars.com.es, 1
+gadgets-mall.com, 1
+gadgetsandwearables.com, 1
+gadgetsgigabytesandgoodwill.com, 1
+gadgetshome.ml, 1
+gadgetslab.tk, 1
+gadgettendency.com, 1
+gadingpromosindo.tk, 1
+gadkiy-farm.tk, 1
+gadsdensoefl.gov, 1
+gadse.games, 1
+gadzilla.tk, 1
+gaeldst.dk, 1
+gaelico.tk, 1
+gaemsofyesterday.com, 1
+gaengler.com, 1
+gaestehaus-leipzig.de, 1
+gaestehaus-monika.com, 1
+gaetanosonline.com, 1
+gafachi.com, 1
+gafan.cf, 1
+gaff-rig.co.uk, 1
+gaflooring.com, 1
+gafrecomex.com, 1
+gag101.com, 1
+gaganenterprises.in, 1
+gagarin.ga, 1
+gagecountyne.gov, 1
+gagekroljic.com, 1
+gagesmith.tk, 1
+gagne.tk, 1
+gagnerenfant.tk, 1
+gagop.org, 1
+gagor.pl, 0
+gagramore.cf, 1
+gagygnole.ch, 0
+gaheztexab.com, 1
+gaiafood.co, 1
+gaijin.network, 1
+gailfellowsphotography.com, 1
+gaines-sodiamex.fr, 0
+gainesborotn.gov, 1
+gainesvillega.gov, 1
+gainingadvantage.com, 1
+gainnet.ru, 1
+gaio-automobiles.fr, 1
+gaireg.de, 1
+gais.tk, 1
+gaitandmobility.com, 1
+gaitasenlavereda.tk, 1
+gaite.me, 0
+gaitrehabilitation.com, 1
+gaitresearch.com, 1
+gaitzmemorials.com, 1
+gajabhindi.cf, 1
+gajabhindi.tk, 1
+gajas18.com, 1
+gajda.cz, 1
+gajowniczek.eu, 1
+gajqc.gov, 1
+gakkainavi-epsilon.net, 1
+gakki.photos, 1
+gaku-architect.com, 1
+gaku-nkc.net, 1
+gala.im, 1
+gala.kiev.ua, 0
+galabands.info, 1
+galact.tk, 1
+galaksidot.tk, 1
+galaktika-znakomstv.tk, 1
+galaltosalento.it, 1
+galama.tk, 1
+galamusik-band.de, 1
+galamusikband.de, 1
+galanight.cz, 1
+galapagos.cx, 1
+galapagosbig15.com, 1
+galasin.cf, 1
+galasin.ga, 1
+galatabazaar.com, 1
+galavanmoskou.tk, 1
+galaw.gov, 1
+galax.tech, 1
+galax.us, 1
+galaxieblog.com.my, 0
+galaxit.ch, 1
+galaxus.at, 1
+galaxus.ch, 1
+galaxus.com, 1
+galaxus.de, 1
+galaxus.eu, 1
+galaxus.fr, 1
+galaxy.edu.pe, 1
+galaxyaudiobook.com, 1
+galaxyeuropemusic.com, 1
+galaxymedia.tk, 1
+galaxyofebooks.com, 1
+galaxyplex.tk, 1
+galaxyscientific.com, 1
+galaxystaking.space, 1
+galaxysweeper.com, 1
+galaxytracker.tk, 1
+galecommercial.com, 1
+galefacialplastics.com, 1
+galenguyer.com, 1
+galenreasoner.com, 1
+galenzoski.com, 1
+galepaal.tk, 1
+galeria-reisen.de, 1
+galeria42.com, 1
+galeriabunkers.tk, 1
+galeriakobylarz.pl, 1
+galeriarr.pl, 1
+galerias-xamoralarte.cf, 1
+galerias-xamoralarte.ga, 1
+galerie-claudia-walz-nagold.tk, 1
+galerie-com.com, 1
+galerie-saintgermain.fr, 1
+galeries.photo, 0
+galeriesimple.fr, 1
+galexlee.com, 1
+galfarma.cl, 1
+galgamer.eu.org, 1
+galgamer.moe, 1
+galganoboutique.com, 1
+galgoafegao.com.br, 1
+galgoingles.com.br, 1
+galgopersa.com.br, 1
+galhristova.com, 1
+galia.bg, 1
+galiciamaxica.eu, 0
+galiciasensual.tk, 1
+galickidigital.ie, 1
+galilahiskye.com, 1
+galilei.tk, 1
+galileicompara.com, 1
+galileo.io, 1
+galileohealth.com, 1
+galim.org.il, 1
+galina.ga, 1
+galinas-blog.de, 1
+galinkltd.com, 1
+galinos.gr, 1
+galip.nl, 1
+galiuzvejoti.org, 1
+galive.ga, 1
+galizae-sports.tk, 1
+galj.info, 1
+gallagherperformance.com, 1
+gallaghertownshippa.gov, 1
+gallant.tk, 1
+gallatinhousecleaning.com, 1
+galle.cz, 1
+galleonwaymedical.com.au, 1
+galleriacontinua.com, 1
+gallerify.eu, 1
+gallery-easysolution.tk, 1
+gallery-kaze.jp, 1
+galleryinfo.ga, 1
+gallerywestframeplant.com, 1
+gallesproperties.com, 1
+gallest.cf, 1
+gallest.ga, 1
+galleyfoods.com, 1
+gallifordtry.co.uk, 1
+gallifreyan-koala.tech, 1
+gallifreyapp.co.uk, 1
+gallifreypermaculture.com.au, 1
+gallmeyer-consulting.com, 1
+gallopingkylin.com, 1
+gallun-shop.com, 1
+galoforo.it, 1
+galoserver.org, 1
+galpsafetytalks-portal-preprod.azurewebsites.net, 1
+galpsafetytalks-portal-production.azurewebsites.net, 1
+galtelligence.com, 1
+galton.sk, 1
+galtonbrands.com, 1
+galtonbrands.es, 1
+galtondev.com, 1
+galvincdn.com, 1
+galvingao.com, 1
+galvinism.ink, 1
+galwaytooughterardgreenway.ie, 1
+galwew.ga, 1
+gamadomesticos.com, 1
+gamagam.gq, 1
+gamalawadforum.tk, 1
+gamalhamza.tk, 1
+gamanlu.com, 1
+gambarian.com, 1
+gamberorosso.menu, 1
+gamberorotto.com, 1
+gambetti.fr, 1
+gambiafishing.tk, 1
+gambiapagina.tk, 1
+gambinotrasporti.it, 1
+gambisti.de, 1
+gambit.pro, 1
+gambitnash.co.uk, 1
+gambitnash.com, 1
+gambitprint.com, 1
+gamblersgaming.eu, 1
+gamblerspick.com, 1
+gambling-business.club, 1
+gamblingaffiliatevoice.com, 1
+gamblingconsulting.expert, 1
+gamburger.tk, 1
+gamcore.com, 1
+game-club.me, 1
+game-designers.net, 1
+game-developers.org, 1
+game-dominion.tk, 1
+game-files.net, 0
+game-gentle.com, 1
+game-net.ml, 1
+game-plex.com, 1
+game-repack.site, 1
+game.es, 1
+game.gal, 1
+game4less.com, 1
+game818play.com, 1
+game88play.com, 1
+gameanalytics.com, 1
+gameapexlegends.com, 1
+gamebase.tk, 1
+gamebillingcentre.com, 1
+gamebits.net, 0
+gameblabla.nl, 1
+gameboyarchive.com, 1
+gamebrott.com, 1
+gamecarddelivery.com, 1
+gamecdn.com, 0
+gameclimax.cf, 1
+gameclimax.tk, 1
+gameclue.jp, 1
+gamecollector.be, 1
+gameconservation.org.uk, 1
+gameconsole.co.nz, 1
+gamecs.tk, 1
+gamecss.ml, 1
+gamedaim.com, 1
+gameday.org.uk, 1
+gamedealsnow.com, 1
+gamedware.com, 1
+gameexpress.tk, 1
+gamefarm.ru, 1
+gamefear.ga, 1
+gamefear.tk, 1
+gameflip.com, 1
+gamefoster.com, 1
+gamefreek.tk, 1
+gamegainlx.cf, 1
+gamegear.club, 0
+gamegix.com, 1
+gamegoddess.cf, 1
+gamegoddess.tk, 1
+gamegoone.tk, 1
+gamegrad.tk, 1
+gameharbor.eu, 1
+gamehighquality.tk, 1
+gameimani.ga, 1
+gameindustry.eu, 1
+gameisbest.jp, 1
+gamejobs.co, 1
+gamekaitori.jp, 0
+gamekb.gq, 1
+gamekeepers.cz, 1
+gamekeybox.tk, 1
+gamekiller.ga, 1
+gamelarix.com, 1
+gamelink.com, 1
+gameloft.ga, 1
+gamelok.ga, 1
+gamemakers.tk, 1
+gamenerd.net, 1
+gamenew.tk, 1
+gameofbooks.de, 1
+gameonespirit.tk, 1
+gameoveronline.tk, 1
+gamepad.com.br, 1
+gameplaysforkids.com, 1
+gameplus.win, 1
+gamepokies.ml, 1
+gameportalmoz.tk, 1
+gamepower.tk, 1
+gamepres.org, 1
+gamepunel.cf, 1
+gamepunel.tk, 1
+gamepunelita.cf, 1
+gamepunelita.tk, 1
+gamepuzzleinfo.tk, 1
+gamer-vip.com, 1
+gameracinginfo.tk, 1
+gamerankings.com, 1
+gamerant.com, 1
+gamercredo.com, 1
+gamereactor.asia, 1
+gamereactor.cn, 1
+gamereactor.de, 1
+gamereactor.dk, 1
+gamereactor.es, 1
+gamereactor.eu, 1
+gamereactor.fi, 1
+gamereactor.fr, 1
+gamereactor.it, 1
+gamereactor.no, 1
+gamereactor.pt, 1
+gamereactor.se, 1
+gamerepository.ga, 1
+gamerepublic.hu, 0
+gameres.com, 1
+gamering.cf, 1
+gamerkings.tk, 1
+gamers-community.tk, 1
+gamers-paradise.tk, 1
+gamersedge.tk, 1
+gamersflix.com, 0
+gamersgrill.com, 1
+gamersheaven.tk, 1
+gamersplace.tk, 1
+gamerspost.ga, 1
+gamerstudiozinc.tk, 1
+gamersuniverse.tk, 1
+gamersweb.ga, 1
+gamertelligence.com, 1
+gamertrashers.ga, 1
+gamerturk.tk, 1
+gamerwelfare.com, 1
+gamerzdot.com, 1
+games-rt.ru, 1
+games-station.tk, 1
+games2kids.net, 1
+games4theworld.org, 1
+gamesandcasino.com, 1
+gamesaviour.com, 1
+gamesbap.com, 1
+gamescore.tk, 1
+gamescum.ru, 1
+gamesdepartment.co.uk, 0
+gamesector.tk, 1
+gameserver-admin.ga, 1
+gameserver-sponsor.me, 1
+gameserver.fun, 1
+gamesgalaxy.it, 1
+gamesgate.tk, 1
+gameshack.io, 1
+gameship.ga, 1
+gameshopsrbija.com, 1
+gameshowchallenge.ie, 1
+gamesmagic.tk, 1
+gamesone.tk, 1
+gamespark.ga, 1
+gamespark.tk, 1
+gamespider.tk, 1
+gamesplanet.com, 1
+gamesplanet.tk, 1
+gamesputnik.ru, 1
+gamestand.net, 1
+gamester.tv, 1
+gamesunited.tk, 1
+gamesweek.melbourne, 1
+gametainment.net, 1
+gametilt.com, 1
+gametium.com, 1
+gametium.es, 1
+gametowndev.tk, 1
+gametube.website, 1
+gameview.tk, 1
+gamewarden.org, 1
+gamewardenedu.org, 1
+gamewayz.online, 1
+gamewinninggoal.com, 1
+gameworldcdr.tk, 1
+gamezero.nl, 1
+gamezon.ga, 1
+gamezon.tk, 1
+gamezsmack.com, 1
+gamhealth.net, 1
+gamifi.co.uk, 1
+gamilab.no, 1
+gaming-club.tk, 1
+gaming-dice.tk, 1
+gaming-life.tk, 1
+gaming-news.tk, 1
+gaming-online.tk, 1
+gamingaktier.com, 1
+gamingblogx.com, 1
+gamingboard.eu, 1
+gamingchairmaster.com, 1
+gamingdirectory.com, 1
+gamingdose.com, 1
+gamingerox.com, 1
+gamingexodus.com, 1
+gamingexperts.ga, 1
+gamingforecast.com, 1
+gaminggear.bg, 1
+gaminghost.ml, 1
+gaminglaptop.deals, 1
+gaminglessonest.ga, 1
+gamingmeets.com, 1
+gamingmonitortest.com, 1
+gamingph.com, 1
+gamingregulation.com, 1
+gamingtech.es, 1
+gamingterritory.com, 1
+gamingtilltheend.cf, 1
+gamingtoday.ga, 1
+gamingtopbox.ga, 1
+gamingwesters.ga, 1
+gamingwithcromulent.com, 1
+gamingx.tk, 1
+gamingzoneservers.com, 1
+gamishijabsyari.com, 1
+gamishou.fr, 1
+gamivo.com, 1
+gamize.com, 1
+gamma-travel.fr, 1
+gammabeyond.com, 1
+gammaboxtech.com, 1
+gammabrossfrance.fr, 1
+gammaknife.com, 1
+gammaphibeta.tk, 1
+gammonvillage.com, 1
+gamrenovation.ca, 1
+gamv.eu, 1
+gan.wtf, 1
+ganado.org, 0
+ganaha.org, 1
+ganardinerillo.tk, 1
+ganasoku.net, 1
+gancedo.com.es, 1
+gandalfcz.tk, 1
+gandalfservice.com, 1
+gandalfthefeline.com, 1
+gandmfamilydental.com, 1
+gandmltd.co.uk, 1
+gangbangs.tk, 1
+gangbangteen.net, 1
+ganggalbichler.at, 1
+ganglioslinfaticos.com, 1
+gangnamcool.com, 1
+gangnamoffices.com, 1
+gangrulz.tk, 1
+gangstafier.tk, 1
+gangstaflow.tk, 1
+gangsterz.tk, 1
+ganintegrity.com, 0
+gankel.nl, 1
+ganneff.de, 1
+gannett-cdn.com, 1
+gannettinnovation.com, 1
+ganodermatiendaonline.com, 1
+gant.tk, 1
+ganyouxuan.com, 1
+gao.rocks, 1
+gao4.pw, 1
+gaodebo.com, 1
+gaoice.top, 1
+gaoinnovation.gov, 1
+gaoinnovationlab.gov, 1
+gaoinnovations.gov, 1
+gaojianli.me, 1
+gaojianli.tk, 1
+gaon.network, 1
+gaoqirun.com, 1
+gaos.org, 1
+gap150.jp, 1
+gapfa.ro, 1
+gaphag.ddns.net, 1
+gapmechanical.com, 1
+gaponov.tk, 1
+garage-leone.com, 1
+garage.click, 1
+garage042.bg, 1
+garage15.com.ua, 1
+garagechief.com, 1
+garagedejan.ch, 1
+garagedoorrepaircedarhilltx.com, 1
+garageenginuity.com, 1
+garagemhermetica.org, 1
+garagen-crew.de, 1
+garagenet.com, 1
+garageportcenter.se, 1
+garagerogge.be, 1
+garanteasy.com, 1
+garantieabschluss.de, 1
+garantplus.kz, 1
+garaventa.com, 1
+garbage-juice.com, 1
+garbarinocatalogo.com, 1
+garbuszus.de, 1
+garbuz.ga, 1
+garcia-leplus.com, 1
+garciacarrion.com, 0
+garcialeplus.com, 1
+garciam.gt, 1
+garciaortiz.com, 1
+garco.co, 1
+garda-see.mobi, 1
+gardarika.tk, 1
+garden-land.ga, 1
+garden-life.org, 1
+garden-view.com, 1
+garden4less.co.uk, 1
+gardenblog.tk, 1
+gardencentreshopping.co.uk, 1
+gardencityal.gov, 1
+gardengameshireuk.com, 1
+gardeninggroot.com, 1
+gardenofads.com, 1
+gardenplantslife.com, 1
+gardenroomsdirect.co.uk, 1
+gardenstatecakes.com, 1
+gardensuperstore.com.au, 1
+garder.me, 1
+gardikagigih.com, 1
+gardinenzubehoer.tk, 1
+gardinia.ae, 1
+gardinpets.com, 1
+gardis.ua, 1
+gardnerlawyers.com, 1
+gardonslecap-covid19.ch, 1
+garduri-electrice-animale.ro, 1
+gardurialuminiuiasi.ro, 1
+garethbowker.com, 1
+garethbowker.uk, 1
+garethkirk.com, 1
+garethkirkreviews.com, 1
+garethrhugh.es, 1
+garfieldairlines.tk, 1
+garfieldcountyne.gov, 1
+garfieldcountywa.gov, 1
+garfieldsmithlegal.com, 1
+gargantuan.tk, 1
+gargantuan.wang, 1
+gargas.ml, 1
+gargazon.net, 1
+gargola.tk, 1
+garibaldi.gov, 1
+gariganshi.ml, 1
+garip.me, 1
+garito3pa.tk, 1
+garlandcountyar.gov, 1
+garmonia.ml, 1
+garmonia.tk, 1
+garnetnv.com, 1
+garnix-openair.de, 1
+garnuch-immo.de, 1
+garnuchbau.de, 1
+garo.email, 1
+garo.ninja, 1
+garochristian.us, 1
+garona.ru, 1
+garonna.com.ua, 1
+garotadeestilo.tk, 1
+garotastop10.tk, 1
+garotos.gq, 1
+garotos.tk, 1
+garp.org, 1
+garrafastermicas.net.br, 1
+garrardcountyky.gov, 1
+garrettcornwell.tk, 1
+garrettcountymd.gov, 1
+garrettmotion.com, 1
+garrettpopcorn.com, 1
+garrettrasel.com, 1
+garrigan.info, 1
+garrigan.nyc, 1
+garriganenterprises.com, 1
+garriganenterprises.net, 1
+garriganenterprisesinc.com, 1
+garriganenterprisesinc.net, 1
+garron.net, 1
+garrow.se, 1
+garrowdigitalmedia.com, 1
+garrowmediallc.com, 1
+garryserver.de, 1
+garsio.com, 1
+gartanien.de, 1
+garten-diy.de, 1
+gartenbaur.de, 1
+gartengutachter.org, 1
+gartenplanung-brendes.de, 1
+gartmaninsurance.net, 1
+garudam.info, 1
+gary.gov, 1
+garycarmell.com, 1
+garyjones.co.uk, 1
+garyrh.com, 1
+garystallman.com, 1
+garywhittington.com, 0
+gas-boilers.tk, 1
+gas-proekt.tk, 1
+gasar.com, 1
+gasbarkenora.com, 1
+gasenergy.kz, 1
+gasesdelaguajira.com, 1
+gashalot.com, 1
+gasherde.tk, 1
+gasinstallationsjohannesburg.co.za, 1
+gasmar.cl, 1
+gasometria.com, 1
+gaspard-ulliel.tk, 1
+gasparesganga.com, 1
+gasscc.id, 1
+gassero.com, 0
+gasslerorourke.com, 0
+gassouthkenticoqa.azurewebsites.net, 1
+gassycat.be, 1
+gassycat.co.uk, 1
+gassycat.eu, 1
+gassycat.uk, 1
+gassyukumenkyoguide.com, 1
+gastarbajter.tk, 1
+gastepress.com, 1
+gasthausbauernhof.ch, 1
+gasthaustalacher.ch, 1
+gastonvietto.tk, 1
+gastouderbureausnoesje.nl, 1
+gastoudererenda.nl, 1
+gastro-dino.de, 1
+gastroalianza.es, 1
+gastroboom.kz, 1
+gastroboss.cz, 1
+gastrodino.com, 1
+gastrodino.de, 1
+gastroenterologen.no, 1
+gastrolab.tk, 1
+gastromedicalcenter.com.br, 1
+gastronom.ga, 1
+gastronomias.com.pt, 1
+gastrosfera.info, 1
+gastrotiger.at, 1
+gastrotiger.de, 1
+gatapro.net, 0
+gate.sc, 1
+gate2home.com, 1
+gate4you.com, 1
+gatehub.net, 1
+gatekiller.co.uk, 1
+gatemaster.ga, 1
+gatemotorsbedfordview.co.za, 1
+gatemotorskyalami.co.za, 1
+gatemoves.com, 1
+gatenz-panel.com, 1
+gatesstlouis.com, 1
+gatestoaesgaard.tk, 1
+gateway-cart.com, 1
+gatewaybridal.com, 1
+gatewayfurniture.com, 1
+gatewayp.com, 1
+gatewaytire.com, 1
+gatewaytrial.com, 1
+gatewaytrust.org.uk, 1
+gathegi.ga, 1
+gatherling.com, 1
+gatherlyapp.com, 1
+gatherup.com, 1
+gathu.co.ke, 1
+gatilagata.com.br, 1
+gatilhoarmas.com.br, 1
+gatlink.tk, 1
+gatoland.es, 1
+gatolovers.es, 1
+gatomix.net, 1
+gator34.com, 1
+gatoslivres.org, 1
+gattomatto.tk, 1
+gatturkey.com, 1
+gauche.com, 1
+gaudeamus-folklor.cz, 1
+gaudeamuschoir.tk, 1
+gaudere.co.jp, 1
+gaudernconstruction.com, 1
+gaudi-renove.com, 1
+gaumenverfuehrer.de, 1
+gaurl.ga, 1
+gautam-iiith.tk, 1
+gautam-k.tk, 1
+gautengplumber24-7.co.za, 1
+gauthier.dk, 1
+gauthier.tel, 1
+gauting.de, 1
+gavarny.be, 1
+gavilanz.ddnsfree.com, 1
+gavin.sh, 1
+gavinbrown.ca, 1
+gavingreer.com, 1
+gavinnewsom.com, 1
+gavins.stream, 1
+gavintang.me, 1
+gavlix.se, 1
+gavr.space, 1
+gaw.sh, 1
+gay-chat.it, 1
+gay-jays.com, 1
+gay-personal-ads.com, 1
+gay.systems, 1
+gayadultwebmasterresources.com, 1
+gayauthors.org, 1
+gaycafe.lt, 1
+gaychatrooms.tk, 1
+gaycock4u.com, 1
+gaycum.de, 0
+gayfeedr.com, 1
+gayga.gov, 1
+gaygay.pro, 1
+gaygeeks.de, 1
+gayglobaltravel.com, 0
+gayhotmovies.com, 1
+gaymen.pictures, 1
+gaymer.network, 1
+gaymerx.org, 1
+gaynight.tk, 1
+gayonly.ch, 1
+gaypornvideos.xxx, 1
+gaysexpositions.guide, 1
+gayspress.com, 1
+gaytor.rent, 1
+gaytorrent.ru, 1
+gaytubec.com, 1
+gayuhtri.my.id, 1
+gayukai.net, 1
+gaz-connect.ru, 1
+gazapos.ga, 1
+gazaryan.tk, 1
+gazbonicacidmc.ga, 1
+gazeta-n1.ru, 1
+gazete.org, 1
+gazetefutbol.de, 1
+gazette.govt.nz, 1
+gazettengr.com, 1
+gazi.edu.tr, 1
+gazik.com.ua, 1
+gazizov.tk, 1
+gazobeton-don.ru, 1
+gazoneo.fr, 1
+gazor.tk, 1
+gazoz.ga, 1
+gazst.ru, 1
+gazza.tk, 1
+gb-bilder.com, 1
+gb-repair.com, 1
+gba.ge, 1
+gba.gob.ar, 1
+gbatroid.com, 1
+gbcdigitalmarketing.com, 1
+gbcomm.tk, 1
+gbcsummercamps.com, 1
+gbdavisplasticsurgery.com, 1
+gbes.com, 1
+gbfoundation.org, 1
+gbhem.org, 1
+gbi-etalon.ru, 1
+gbinsta.com, 1
+gbiotech.tk, 1
+gbk-host.de, 1
+gbk-teamplan.de, 1
+gbkom.de, 1
+gbl.selfip.net, 0
+gboys.net, 0
+gbp.com.ph, 1
+gbpayments.io, 1
+gbpicshd.com, 1
+gbquotes.com, 1
+gbrand.com.au, 1
+gbsapri.it, 1
+gbscience.com, 1
+gbsvelasco.com, 1
+gbusercontent.com, 1
+gc-event-manager.com, 1
+gc-hartberg.tk, 1
+gc-mc.de, 1
+gc-pfalz.de, 1
+gc.ru.net, 1
+gc22.xyz, 1
+gc4hr.org, 1
+gcabrasives.co.uk, 1
+gcaresolutions.com, 1
+gcb.com.my, 1
+gcbit.dk, 1
+gcc-globalclimatechange.com, 1
+gccfoodstuff.com, 0
+gcdamp.gov, 1
+gcfadvisors.com, 1
+gcgeeks.com.au, 1
+gcgroup.io, 1
+gchp.ie, 0
+gchq.lol, 1
+gchq.wtf, 1
+gclegal.com.au, 1
+gclpower.com, 1
+gcode.space, 1
+gcoded.de, 1
+gcolomboart.com, 1
+gconcept.tk, 1
+gconstruction.org, 1
+gcoption.pro, 1
+gcorevape.ca, 1
+gcqd.fr, 1
+gcrm.jp, 1
+gcs-ventures.com, 1
+gcschool.tk, 1
+gcsepod.com, 1
+gcsm-qc.ca, 1
+gcso.gov, 1
+gcstechnologies.com, 1
+gctdtx.gov, 1
+gcuf.edu.pk, 1
+gcwatx.gov, 1
+gcwcid1tx.gov, 1
+gd-ots.com, 1
+gd1214b.icu, 0
+gdacs.org, 1
+gdax.com, 1
+gdb.re, 1
+gddzqg.com, 1
+gdedoma.ru, 1
+gdesemena.ru, 1
+gdhzcgs.com, 1
+gdiary.net, 1
+gdit.com, 1
+gdkn0.gq, 1
+gdm.cl, 1
+gdngs.de, 1
+gdoce.es, 0
+gdomusicaeventi.tk, 1
+gdpr-pohotovost.cz, 1
+gdpr.fr, 1
+gdretrofunk.cf, 1
+gdtd.info, 1
+gdufe.top, 1
+gdv.me, 0
+gdwservices.com, 1
+gdz.tv, 1
+gdz4you.com, 1
+ge1.me, 0
+ge3k.net, 1
+geafworks.tk, 1
+geaiai.com, 1
+gealot.com, 1
+geansunter.com, 1
+gear-acquisition-syndrome.community, 1
+gear4music.ch, 1
+gear4music.com, 1
+gear4music.de, 1
+gear4music.dk, 1
+gear4music.es, 1
+gear4music.fr, 1
+gear4music.ie, 1
+gear4music.it, 1
+gear4music.nl, 1
+gear4music.no, 1
+gear4music.se, 1
+gearallnews.com, 1
+gearbot.rocks, 1
+gearboxhero.com, 1
+gearev.net, 1
+gearfinder.nl, 1
+gearnews.tk, 1
+gearset.com, 1
+gearsupply.com, 0
+geaskb.nl, 0
+geass.xyz, 1
+geauxdns.com, 1
+geba-online.de, 1
+gebaeude-braun.de, 1
+gebaeudebilanzierung.de, 1
+gebaeudeklima-schweiz.ch, 1
+gebeliktakibim.com, 1
+geben.digital, 1
+gebiert.de, 1
+gebn.co.uk, 1
+gebn.uk, 1
+geborgen-wachsen.de, 1
+gebpow.com, 1
+gebruikershandleiding.com, 1
+gebrvoit.de, 1
+gecem.org, 1
+gechr.io, 1
+geckler-ee.de, 0
+geckoroutes.com, 1
+geckos-geocaching.de, 1
+geckosurfschool.com, 1
+gecosan.com, 1
+gedachtekaarsje.nl, 1
+gedankenworks.com, 0
+geder.at, 1
+gedichtensite.tk, 1
+gediga.net, 1
+gedlingcastlehire.co.uk, 1
+gedlingtherapy.co.uk, 1
+geecrat.com, 1
+geek-hub.de, 1
+geek-rooms.tk, 1
+geek.ch, 1
+geek.com.tr, 1
+geek1.de, 1
+geekabit.nl, 1
+geekanatomy.com, 1
+geekandi.com, 1
+geekariom.com, 0
+geekashell.tk, 1
+geekattitude.org, 1
+geekbundle.org, 1
+geekcore.tk, 1
+geekcreations.co.uk, 1
+geekdama.com.br, 1
+geekdocs.de, 0
+geekdoit.com, 1
+geekedin.ga, 1
+geekelectronico.com, 1
+geekgear.tk, 1
+geekgirltech.com, 1
+geekhelpline.com.au, 1
+geekium.me, 1
+geeklair.net, 1
+geeklan.co.uk, 1
+geekles.net, 1
+geekmagazine.com.br, 1
+geeknik.com, 1
+geekofeminin.com, 1
+geekowl.com, 1
+geekpad.com, 1
+geekplay.fr, 1
+geekport.net, 1
+geekpost.net, 1
+geeks.berlin, 1
+geeks.lgbt, 0
+geeks.one, 0
+geeksforrent.com, 1
+geeksontap.com.au, 1
+geekspace.gq, 1
+geeksquadforums.tk, 1
+geekstreet.fr, 1
+geekstuff.tk, 1
+geektarven.com, 1
+geektechsolutions.com.au, 1
+geektechypro.tk, 1
+geektopia.es, 1
+geekurl.cf, 1
+geekwhack.org, 1
+geekwithabudget.com, 1
+geekwu.org, 1
+geekyboi.co.uk, 1
+geekymansion.com, 1
+geekynutritionist.com, 1
+geekystudios.us, 1
+geekzone.co.nz, 1
+geekzone.fr, 1
+geele.co.th, 1
+geemprestimos.com, 1
+geenspam.net, 1
+geentsefeesten.be, 1
+geeq.ch, 1
+geerdsen.net, 1
+geertdegraaf.nl, 1
+geertjanvanhest.nl, 1
+geertswei.nl, 1
+geestelijkgezondgent.be, 1
+geesthof.de, 1
+gefinances.com, 1
+gefolge.org, 1
+gegeco.ch, 0
+gegevensdelen.nl, 1
+geh.li, 1
+gehirn.co.jp, 1
+gehirn.jp, 1
+gehirnapis.jp, 1
+gehirnstatus.jp, 1
+gehopft.de, 1
+gehrdencarre.de, 1
+gehrke.cloud, 1
+gehrke.in, 1
+gehrke.nrw, 1
+gehsicht.de, 1
+geico.com, 1
+geigr.de, 1
+geilefrauen.pics, 1
+geileverhalen.tk, 1
+geiser-family.ch, 1
+geishamika.com, 1
+geisten.net, 1
+geistlib.xyz, 1
+geitenijs.com, 1
+gekko.tk, 1
+gekkoldprom.com, 1
+gekleurdverleden.be, 1
+geko.cf, 1
+gelaendermanufaktur.de, 1
+gelan.nl, 1
+gelanc.ml, 1
+gelaterista.de, 1
+gelb-computer.de, 1
+gelcocktail.fr, 1
+geld-im-blick.de, 1
+geld-magazin.info, 1
+geldimblick.de, 1
+geldmaat.nl, 1
+geldoderleben.tk, 1
+geldspelletjes.net, 1
+geldteveel.eu, 1
+geldvoorelkaar.nl, 1
+geleenbeekdal.nl, 1
+geleia-real.com, 1
+geli-graphics.com, 1
+gelijk.cf, 1
+gelisimakademi.com.tr, 1
+gellis12.com, 1
+gelmostop.tk, 1
+geloft.cf, 1
+geloft.gq, 1
+gelog-software.de, 0
+gelonghui.com, 1
+geloofindemocratie.nl, 1
+geloven-enzo.nl, 1
+gelsey.com, 1
+geluidsstudio.com, 1
+geluidstechniek.tk, 1
+geluidsverwachting.nl, 1
+gelukkigehonden.nl, 1
+geluleminceur.fr, 1
+gelvetika.cf, 1
+gem-forex.org, 1
+gem-forex.pro, 1
+gem-info.fr, 0
+gemahui.su, 1
+gemails.eu, 1
+gemaskeerd.nl, 1
+gemawardian.com, 1
+gemax-online.de, 1
+gembet99.com, 1
+gemeentedevesting.nl, 1
+gemeentestein.nl, 1
+gemeinde-luederitz.de, 1
+gemeinde-sonnen.de, 1
+gemeinderatswahl2020.de, 1
+gemeinfreie-lieder.de, 1
+gemelen.net, 1
+gemforex.pro, 1
+gemforex.top, 1
+gemgroups.in, 1
+gemhunter.pro, 1
+gemik.com, 1
+gemini.com, 1
+geminicorp.be, 0
+geminifm.tk, 1
+gemmproductions.com, 1
+gemmy.cf, 1
+gemonite.com, 1
+gempak.com, 1
+gempool.ie, 1
+gemquery.com, 1
+gemstn.com, 1
+gemstones.com, 1
+gemwerx.com, 1
+gen53.org, 1
+genbars.jp, 1
+genbrugge.tk, 1
+genchev.io, 0
+genclikdunyasi.com, 1
+genclikotobusu.com, 1
+gencnet.tk, 1
+gend.moe, 1
+gend.work, 1
+gender-summit.com, 1
+gendergp.com, 1
+genderidentiteit.nl, 1
+genderreveal.nl, 1
+genderrevealshop.nl, 1
+gendrin.com, 1
+gendundrupa.ch, 0
+gene-drive.com, 1
+gene-drives.com, 1
+geneacdn.net, 1
+genealog.fr, 1
+genealog.ong.br, 1
+genealogiegazet.nl, 1
+genealogieonline.nl, 1
+genealogiewerkbalk.nl, 1
+genealogy-beyers.tk, 1
+genealorand.com, 1
+geneanet.org, 1
+geneastar.org, 1
+geneau.net, 1
+geneawiki.com, 1
+geneeskrachtig.com, 1
+genehightower.com, 1
+genehome.com.au, 1
+genejournal.blog, 1
+genelhaberler.tk, 1
+genemesservwparts.com, 1
+genemon.at, 1
+genen.ga, 1
+generace-id.org, 1
+generacionmoderatto.tk, 1
+generador-electrico.com, 1
+generadorminecraft.tk, 1
+general-anaesthesia.com, 1
+general-anaesthetics.com, 1
+general-anesthesia.com, 1
+general-insurance.tk, 1
+generalautocheck.com, 1
+generalcustomshop.com.br, 1
+generali-investments-portal.cz, 1
+generali-worldwide.com, 1
+generali.com.tr, 1
+generalinsuranceagencies.com.au, 1
+generalinsuranceservices.com, 1
+generalliabilityinsure.com, 1
+generalpsych.cf, 1
+generalshale.com, 1
+generalsync.com, 1
+generaltitlewebui-stage.azurewebsites.net, 1
+generaly.ga, 1
+generateurdapplis.fr, 1
+generateurdesmiley.tk, 1
+generatevelocity.com, 1
+generation-clic.net, 1
+generation-free.org, 1
+generation247.nl, 1
+generationgoat.com, 1
+generationnext.pl, 0
+generationr.nl, 1
+generationsweldom.com, 1
+generator-energy.ru, 1
+generatorcountry.com, 1
+generatorkodowkreskowych.pl, 1
+generatormusic.tk, 1
+generatorreview.pro, 1
+generators-pro.ru, 1
+generic-noroxin.ml, 1
+generic-plavix.ga, 1
+generic-sildenafil-citrate.cf, 1
+generic-tadalafil.cf, 1
+generic-tenormin.gq, 1
+genericabana.gq, 1
+genericaccutaneonline.ml, 1
+genericaceon.tk, 1
+genericacomplia.ga, 1
+genericadvaironline.ml, 1
+genericazithromycin.tk, 1
+genericazulfidine.gq, 1
+genericcalan.gq, 1
+genericcelebrex.tk, 1
+genericclaritin.ga, 1
+genericcolchicine.ml, 1
+genericdevelopment.nl, 1
+genericdutasteride.cf, 1
+genericflagyl.ga, 1
+genericforavodartmedication.tk, 1
+genericforflagyl.cf, 1
+genericlevaquin.tk, 1
+genericlexaprocost.cf, 1
+genericlexaprocost.tk, 1
+generico.in, 0
+genericprevacidlansoprazole.tk, 1
+genericrhinocort.ga, 1
+genericuroxatral.gq, 1
+genericvytorin.ml, 1
+generix.biz, 1
+generujdata.cz, 1
+geneseecountymi.gov, 1
+geneseetwpmi.gov, 1
+genesis-a-fresh-translation-from-hebrew-to-english.com, 1
+genesisblock.com, 1
+genesiscoding.net, 1
+genesiseureka.com, 1
+genesisgold.com, 1
+genesisgrade.com, 1
+genesismachina.ca, 1
+genesisplay.tk, 1
+genesistoday.org, 1
+genesys-uk.com, 1
+genetargetsolutions.com.au, 1
+genetidyne.com, 1
+genetworx.com, 1
+geneuse.ai, 1
+genevaal.gov, 1
+genevablogers.ga, 1
+genevablogest.ga, 1
+genevachauffeur.com, 1
+genevacountyal.gov, 1
+geneve.guide, 1
+genevoise-entretien.ch, 0
+genfaerd.dk, 1
+gengcerita.tk, 1
+genghan.com, 1
+genia-life.de, 1
+genial.ly, 1
+genie.tk, 1
+genieall.com, 1
+geninspira.com, 1
+geniodonna.it, 1
+geniofinanciero.org, 1
+genioideal.com, 1
+geniosport.com, 1
+genious.co, 1
+genious.world, 1
+genioyfigura.tk, 1
+geniusclan.tk, 1
+geniuses.gq, 1
+geniussis.com, 1
+geniusteacher.in, 1
+geniuswin.it, 1
+geniuszone.biz, 1
+genkihub.com, 1
+genlack.com, 0
+genmab.co.jp, 1
+gennaroabete.duckdns.org, 1
+gennerator.com, 1
+gennet.com, 1
+geno-hyp.de, 1
+geno-hypo.de, 1
+geno-invest.com, 1
+geno4links.ml, 1
+genocidediary.org, 1
+genocideofua.org, 1
+genodeftest.de, 1
+genohyp.com, 1
+genohyp.de, 1
+genohyp.net, 1
+genohypo.de, 1
+genom.by, 1
+genome-reform.com, 1
+genome.eu, 1
+genome.gov, 0
+genomedia.jp, 1
+genomelink.io, 1
+genomequestlive.com, 1
+genomesoft.systems, 1
+genometrik.de, 1
+genomicsinc.com, 1
+genomicslab.in, 1
+genomicsplc.com, 0
+genoog.com, 1
+genophore.com, 1
+genoplot.com, 1
+genossen.ru, 1
+genossenwiese.ch, 1
+genotix.eu, 1
+genotix.nl, 1
+genovatoday.it, 1
+genoveve.de, 1
+gensenwedding.jp, 1
+genshiken-itb.org, 1
+gensicke.de, 1
+gensleiten.de, 1
+genslerapps.com, 1
+genslerwisp.com, 1
+gensokyo.cafe, 1
+gensokyo.chat, 0
+gensokyo.re, 1
+gensonline.eu, 1
+gentapps.com, 1
+gentas.se, 1
+gentbereikbaar.be, 1
+gentblogt.be, 1
+gentbrugsemeersen.be, 1
+gentcdn.com, 1
+gentcityofmusic.be, 1
+gentcongres.be, 1
+gentcongres.com, 1
+gentcongres.eu, 1
+gentcongres.org, 1
+gentcreativecityofmusic.be, 1
+gentec.cz, 1
+gentengarde.be, 1
+gentevenement.be, 1
+gentfietst.be, 1
+gentgezondestad.be, 1
+gentgreenkey.be, 1
+gentholidayland.be, 1
+gentholidayland.com, 1
+gentianes.ch, 0
+gentinvest.be, 1
+gentklimaatstad.be, 1
+gentlecollies.tk, 1
+gentledance.ch, 1
+gentledance.net, 1
+gentledentalcaregroup.co.uk, 1
+gentleentuit.be, 1
+gentlemanwithin.com, 1
+gentlent.biz, 1
+gentlent.blog, 1
+gentlent.cn, 1
+gentlent.co, 1
+gentlent.com, 1
+gentlent.eu, 1
+gentlent.group, 1
+gentlent.help, 1
+gentlent.info, 1
+gentlent.io, 1
+gentlent.net, 1
+gentlent.org, 1
+gentlent.tech, 1
+gentlent.uk, 1
+gentlent.us, 1
+gentlent.xyz, 1
+gentlentapis.com, 1
+gentlentgroup.com, 1
+gentlentssl.com, 1
+gentlichtfestival.be, 1
+gentlichtfestival.com, 1
+gentlivinglab.be, 1
+gentmuziekstad.be, 1
+gentoo-blog.de, 0
+gentooblog.de, 1
+gentoocn.org, 1
+gentryarkansaspd.gov, 1
+gentrydeng.cn, 1
+gentrydeng.com, 1
+gentse-ondernemersdagen.be, 1
+gentsefeesten.be, 1
+gentsefeesten.gent, 1
+gentseondernemersdagen.be, 1
+gentsklimaatverbond.be, 1
+gentslimopweg.be, 1
+genttegenarmoede.be, 1
+gentverwent.be, 1
+genuineppe.co.uk, 1
+genunlimited.ga, 1
+genunlimited.tk, 1
+genusbag.com, 1
+genutax.ca, 1
+genuxtsg.com, 1
+genxreviewest.ga, 1
+genzdx.xyz, 1
+genzia.ga, 1
+geo-files.tk, 1
+geo-industrie.fr, 1
+geo-portale.it, 1
+geoactivism.org, 1
+geoarchive.tk, 1
+geobluestudents.com, 0
+geocaching.hu, 1
+geocar.com, 1
+geocell.website, 1
+geocod.tk, 1
+geocoin2016.dk, 1
+geocommunicator.gov, 1
+geocompass.at, 1
+geoconcretsa.com, 1
+geoconvention.ga, 1
+geodatasource.com, 1
+geodesic-tents.com, 1
+geodesign.tk, 1
+geoenvironconsult.ga, 1
+geofabrika.ru, 1
+geoffanderinmyers.com, 1
+geoffmyers.com, 1
+geoffreymmoore.pw, 1
+geoffreyrichard.com, 1
+geoffsec.org, 1
+geofit.ru, 1
+geoflowerstudio.com, 1
+geoforex.ro, 1
+geofox.eu, 1
+geofox.org, 1
+geogas.com.au, 1
+geografia-peru.tk, 1
+geographique.tk, 1
+geography-schools.com, 1
+geohashing.site, 1
+geoip-js.com, 1
+geoip.fedoraproject.org, 1
+geoip.stg.fedoraproject.org, 1
+geojs.io, 1
+geokeys.cf, 1
+geolex.tk, 1
+geolite.info, 1
+geologist.tk, 1
+geology-schools.com, 1
+geolonia.com, 1
+geomac.gov, 1
+geomadrid.ga, 1
+geomagne.tk, 1
+geoman.tk, 1
+geomancy.net, 1
+geomatic.tk, 1
+geometra.roma.it, 1
+geometra24.it, 1
+geometri.tk, 1
+geometriya-dash.online, 1
+geon.nl, 1
+geonice.ga, 1
+geonot.es, 1
+geophysicsjournal.com, 1
+geopixeles.cl, 1
+geopoetico.tk, 1
+geoponika.gr, 1
+georadar-algerie.com, 1
+georg-ledermann.de, 1
+george-brighton.co.uk, 1
+george-orwell.com, 1
+george.black, 1
+george.com.tw, 1
+george.id.au, 1
+george.ooo, 1
+georgebeverlysheamemorial.org, 1
+georgeblack.me, 1
+georgebrighton.co.uk, 1
+georgeclaghorn.com, 1
+georgeclooney.tk, 1
+georgecolgrove.com, 1
+georgedesign.ch, 1
+georgegachara.tk, 1
+georgehotz.tk, 1
+georgekaraoglanis.tk, 1
+georgelucas.tk, 1
+georgemaschke.com, 1
+georgemaschke.net, 1
+georgemudie.com, 1
+georgenad.duckdns.org, 1
+georgepancescu.ro, 1
+georges-sadeler.com, 1
+georges.nu, 1
+georgesand.be, 1
+georgeshobeika.cf, 1
+georgeslasaucisse.fr, 1
+georgetownohio.gov, 1
+georgetowntexas.gov, 1
+georgewatson.me, 1
+georgewbushlibrary.gov, 1
+georgiaaccess.gov, 1
+georgiaautoglass.net, 1
+georgiacriminaldefense.com, 1
+georgiaglassrepair.com, 1
+georgiainfo.ga, 1
+georgiajetcharter.com, 1
+georgian.io, 1
+georgianews.ml, 1
+georgiangames.gq, 1
+georgianhistory.tk, 1
+georgiaparks.org, 1
+georgiastuartyoga.co.uk, 0
+georgiawrestling.tk, 1
+georgie.cc, 1
+georgiebailey.com, 1
+georgiedann.ga, 1
+georgiedann.gq, 1
+georgiedann.ml, 1
+georginabouzova.tk, 1
+georginikolov.com, 1
+georgioskontaxis.com, 1
+georgioskontaxis.net, 1
+georgioskontaxis.org, 1
+georgiosnetworks.com, 1
+georglauterbach.com, 1
+georglauterbach.de, 1
+georgmayer.eu, 1
+geosales.tk, 1
+geoscout.uk, 1
+geoserves.com, 1
+geosever.cz, 1
+geosno.com, 1
+geospecialsers.ga, 1
+geostems.com, 1
+geoswohnen.de, 1
+geotabgov.us, 1
+geotec-weilrod.de, 1
+geotech.tk, 1
+geotextil.ec, 1
+geothermalproducts.info, 1
+geotrust.com.ru, 1
+geotruth.net, 1
+geourl.me, 1
+geovanni-rabarison.fr, 1
+geowest.tk, 1
+gep.ch, 1
+gepassociati.cloud, 1
+gepe.ch, 1
+gepgroup.gr, 1
+gepps.de, 1
+geppy.im, 1
+gera-haushaltsaufloesung.de, 1
+gerainano.com, 1
+geraintwhite.co.uk, 1
+gerald-zojer.com, 1
+geranium.dk, 1
+gerard-klooster.net, 1
+gerardinden.nl, 1
+gerardmccabe.com.au, 1
+gerardozamudio.mx, 1
+gerards-abenteuer.de, 1
+gerbang-singkolo.ga, 1
+gerber-construction.com, 1
+gerbil.tk, 1
+gerbils.tk, 1
+gerbyte.co.uk, 1
+gerbyte.com, 1
+gerbyte.uk, 1
+gerd-frank.com, 1
+gereedschapmuseumdehobbyzolder.tk, 1
+gerenciaconsultor.com, 1
+geret.cl, 1
+gergoladi.me, 1
+geriartriya.ru, 1
+gerimileva.com, 1
+gerinet.pl, 1
+gerkevangarderen.nl, 1
+germain.cc, 1
+germaintechnologies.com, 1
+german242.com, 1
+germanclarkoh.gov, 1
+germancoding.com, 1
+germancoding.de, 1
+germancorbo.com, 1
+germancraft.net, 1
+germandarknes.net, 1
+germanicvs.tk, 1
+germaniumsoft.com, 1
+germanmasterpainters.nz, 1
+germanophobia.tk, 1
+germanpavilion.com, 1
+germanpay.com, 1
+germanrojas.ga, 1
+germansoldiers.net, 1
+germanssky.de, 1
+germantolobis.lt, 1
+germantownpolicewi.gov, 1
+germantownwi.gov, 1
+germantrip.tk, 1
+germanymade.com, 1
+germanypay.com, 1
+germanytravel.ga, 1
+germanytravelguide.ml, 1
+germanzero-nv.de, 1
+germfr.ee, 1
+germinalekeren.tk, 1
+germistry.com, 1
+gernert-server.de, 1
+gero.io, 1
+geroiplavska.tk, 1
+geropa.it, 1
+gerris.tk, 1
+gerrit078.nl, 1
+gerritcodereview.com, 1
+gers-authentique.com, 1
+gerstbauer.tk, 1
+gerstner.it, 1
+gertjan-tamerus.tk, 1
+gertrudeco.com, 1
+gertrudentor.de, 1
+gerum.dynv6.net, 0
+gerwinvanderkamp.nl, 1
+ges-bo.de, 1
+gesamenvat.nl, 1
+gesath.co, 1
+gesath.com, 1
+geschenkkoerbeversand.de, 1
+geschenkkorb-ideen.de, 1
+geschenkly.de, 1
+geschichtscheck.de, 1
+geschichtswerkstatt.tk, 1
+geschmackspiloten.de, 0
+geschwinder.net, 1
+geseduc.cl, 1
+gesentorno.tk, 1
+gesetz.tk, 1
+gesica.cloud, 1
+gesmav-trier.de, 1
+gesnerfigueiredo.com.br, 1
+gesnex.com, 1
+gessettirotti.it, 1
+gestaoclub.com.br, 1
+gestion-de-contact.fr, 1
+gestionadministrativevirtuelle.ca, 1
+gestionadministrativevirtuelle.ch, 1
+gestione-certificazioni.it, 1
+gestionth.com, 1
+gestorehotel.com, 1
+gestorestecnologicos.com, 1
+gestus.tk, 1
+gesuiti.it, 1
+gesundessen.at, 1
+gesundessen.ch, 1
+gesundessen.de, 1
+gesundheit-ifg-muenchen.de, 1
+gesundheitmassage.com, 1
+gesundheitswelt24.de, 1
+gesundimmund.de, 1
+get-a-wingman.com, 1
+get-asterisk.ru, 1
+get-baaam.com, 1
+get-erp.ru, 1
+get-express-vpn.com, 1
+get-maurice.com, 1
+get-my-report.com, 1
+get-quick-bits-fast-2018.pw, 1
+get-refer.com, 1
+get-x-web-link2.com, 1
+get-your-business.tk, 1
+get.design, 1
+get.gov, 1
+get.how, 1
+getabear.com, 1
+getacrane.co.uk, 1
+getahearing.com, 1
+getaldea.com, 1
+getalink.ga, 1
+getalitools.ru, 1
+getanresources.com, 1
+getanswer.ga, 1
+getar.tk, 1
+getaskoll.at, 1
+getawaycab.tk, 1
+getawayline.com, 1
+getback.ch, 1
+getbellhop.co, 1
+getbodysmart.com, 1
+getboomerangwater.com, 1
+getbootstrap.com, 1
+getboubou.com, 1
+getbox.me, 1
+getbrain.tk, 1
+getbreadcrumbs.com, 1
+getbrowink.com, 1
+getbutterfly.com, 1
+getcabal.com, 1
+getcare.com, 1
+getcarina.com, 1
+getchip.cc, 1
+getcloak.com, 1
+getclubsoda.com, 1
+getcodelove.com, 1
+getcolq.com, 1
+getcontact.com, 1
+getcookie.ml, 1
+getcreditscore.com.au, 1
+getcyber.me, 1
+getcyber.org, 1
+getdash.io, 1
+getdeclutter.com, 1
+getdinghy.com, 1
+getdirectcredit.com, 1
+getdishnow.tk, 1
+getdoc.com.br, 1
+getdoges.tk, 1
+getdownon.it, 1
+getdumpsterdash.com, 1
+getecoins.shop, 1
+geteducation.tk, 1
+geteduroam.no, 1
+getelectronics.tk, 1
+getemail.io, 1
+geterp.ru, 1
+getescrowest.ga, 1
+getestudio.com, 1
+getevidenceers.ga, 1
+getexipure.com, 1
+getfastanswer.com, 1
+getfedora.org, 1
+getfit.md, 1
+getfitbee.com, 1
+getfitwithkip.com, 1
+getflip.com, 0
+getflorence.co.uk, 0
+getfreeelectricity.tk, 1
+getfreeltc.ml, 1
+getgeek.dk, 1
+getgeek.ee, 1
+getgeek.es, 1
+getgeek.fr, 1
+getgeek.io, 1
+getgeek.no, 1
+getgeek.nu, 1
+getgeek.pl, 1
+getgeek.se, 1
+getgreencarpetct.com, 1
+gethere.gq, 1
+gethotspotshield.com, 1
+gethow.org, 1
+gethttpsforfree.com, 1
+gethvac.pro, 1
+gethyas.com, 1
+geti2p.com, 1
+getidee.com, 1
+getidee.de, 1
+getidmcc.com, 1
+getinfoleads.tk, 1
+getinshape.today, 1
+getinsuranceanywhere.com, 1
+getinternet.gov, 1
+getintopcfile.com, 1
+getintra.org, 1
+getitpeople.com, 1
+getjadedlocal.com, 1
+getjms.com, 1
+getlaminas.org, 1
+getlantern.org, 0
+getlawnbuddy.com, 1
+getlawyered.com.au, 1
+getleanflorida.gov, 1
+getlessgivemore.com, 1
+getlibrary.com, 1
+getmango.com, 1
+getmarksvoice.com, 1
+getmdl.io, 1
+getme.cf, 1
+getmeback.ru, 1
+getmello.org, 1
+getmeloan.org, 1
+getmerch.eu, 1
+getmetech.com, 0
+getmimo.com, 0
+getmonero.cz, 1
+getmybosslife.com, 1
+getnetset.com, 1
+getnew.tk, 1
+getnews360.com, 1
+getnib.com, 1
+getnikola.com, 1
+getontop.club, 1
+getonyx.com, 1
+getoxley.com, 1
+getpagespeed.com, 1
+getpaidclub.tk, 1
+getpaidtocode.com, 1
+getpaidtodesign.com, 1
+getpaidtodev.com, 1
+getpanelapp.com, 1
+getpavedmidmichigan.com, 1
+getpdf.in, 1
+getpet.lt, 1
+getplus.com.au, 1
+getpro.plumbing, 1
+getprohealth.com, 1
+getpromo.cf, 1
+getpublii.com, 1
+getready2dance.tk, 1
+getreadyforever.tk, 1
+getrelish.com, 1
+getresilience.org, 1
+getresults.co.za, 1
+getriebeservice-gse.de, 1
+getroman.com, 1
+getsamegoal.com, 1
+getscif.com, 1
+getsecure.nl, 1
+getserm.com, 1
+getserum.xyz, 1
+getsession.org, 1
+getsetbounce.co.uk, 1
+getsilknow.com, 1
+getsimone.online, 1
+getsmartlife.in, 1
+getsocreative.com, 1
+getspaces.com, 1
+getstark.co, 1
+getstat.net, 1
+getstream.io, 1
+getsubs.net, 1
+getswadeshi.com, 1
+getsweep.com, 1
+getteamninja.com, 1
+gettext.tk, 1
+getthefriendsyouwant.com, 1
+getthejobicanhelp.com, 1
+gettheworldmoving.com, 1
+getticker.com, 1
+gettingtvers.ga, 1
+gettodoing.com, 1
+gettonline.com, 1
+gettopquality.com, 1
+gettravelista.com, 1
+gettrust.com, 1
+getts.ro, 1
+getts.shop, 1
+gettwo.ml, 1
+getupandbounce.co.uk, 1
+getupdat.es, 1
+getupwakeclub.com, 1
+getvalidate.com, 1
+getvdownloader.com, 1
+getveer.io, 1
+getwemap.com, 1
+getwokegobroke.xyz, 1
+getword.com, 1
+getwork.tk, 1
+getwsodo.com, 1
+getyou.onl, 0
+getyour.nz, 1
+getyoureuro.tk, 1
+getyourlifestraight.com, 1
+getyournurse.de, 1
+getyourphix.tk, 1
+geulis.tk, 1
+geus-okna.eu, 1
+gevara.cz, 1
+gevelreinigingtiel.nl, 1
+gevme.com, 1
+gevo.gg, 1
+gew.is, 1
+gewasteelt.ga, 1
+gewel.io, 1
+gewerbe-fix.ag, 1
+gewerbe-fix.at, 1
+gewerbe-fix.ch, 1
+gewerbe-fix.com, 1
+gewerbe-fix.de, 1
+gewerbe-fix.eu, 1
+gewerbe-fix.info, 1
+gewerbe-fix.net, 1
+gewerbe-fix.org, 1
+gewerbefix.ag, 1
+gewerbefix.at, 1
+gewerbefix.biz, 1
+gewerbefix.ch, 1
+gewerbefix.com, 1
+gewerbefix.de, 1
+gewerbefix.eu, 1
+gewerbefix.info, 1
+gewerbefix.net, 1
+gewerbefix.org, 1
+gewinn.tk, 1
+gewis.nl, 1
+gexobiz.tk, 1
+geyduschek.be, 0
+geytabir.cf, 1
+gezakekazeg.tk, 1
+gezginsolar.com, 1
+gezinnenhilton.com, 1
+gezondetips.nl, 0
+gezondheidsfondsenvoorrookvrij.nl, 1
+gezondheidszorg-ict.nl, 1
+gezondheidszorg-it.nl, 1
+gf-franken.de, 1
+gf0.ltd, 1
+gf5fcalc.com, 1
+gfac.ru, 1
+gfahnen.de, 1
+gfast.ru, 1
+gfc.scot, 1
+gfcleisure.co.uk, 1
+gfcnieuws.com, 1
+gfe.link, 1
+gfestival.fo, 1
+gfetechs.com, 1
+gfgmmarketing.com, 1
+gfishbone.com, 1
+gfk-kunststoff-luebben.de, 1
+gfleaks.com, 1
+gfmp.com.pl, 1
+gfms.ru, 1
+gfnetfun.cf, 1
+gforce.ninja, 1
+gforex.pro, 1
+gforex.top, 1
+gfoss.gr, 1
+gfourmis.co, 1
+gfournier.ca, 1
+gfrevenge.com, 1
+gfronline.tk, 1
+gfsolucoesdigitais.com, 1
+gfsolucoesdigitais.com.br, 1
+gfx.cards, 1
+gfxbench.com, 1
+gfxviet.net, 1
+gfxworld.tk, 1
+gfycat.com, 1
+gg.ax, 1
+gg.co.uk, 1
+gg.world, 1
+gg5197.co, 1
+gg6729.co, 1
+gg6729.com, 1
+gg6957.co, 1
+gg9297.co, 1
+gg9397.com, 1
+gg9721.com, 1
+gg9728.co, 1
+ggb.world, 1
+ggbet.me, 1
+ggcp.com, 1
+ggdcpt.com, 1
+ggdghorkennisnet.nl, 1
+ggdrop.com, 1
+ggdrop.top, 1
+gge16.ru, 1
+ggg.re, 1
+gggg.loan, 1
+gginin.today, 1
+ggiveilig.nl, 1
+ggld.net, 1
+gglks.com, 1
+ggmmontascale.it, 1
+ggobbo.com, 1
+ggs-marschallstrasse.de, 1
+ggs.jp, 1
+ggservers.com, 1
+ggss.cf, 1
+ggworld.ga, 1
+gh-sandanski.com, 1
+gh16.com.ar, 1
+gha.st, 1
+ghada.blog, 1
+ghafatzayed.com, 1
+ghanaculture.tk, 1
+ghanapremiumconsultant.com, 1
+ghanitechnologies.com, 1
+gharbala.com, 1
+ghayegh.org, 1
+ghazals.tk, 1
+ghazi.im, 1
+ghbtns.com, 1
+ghcci.com, 1
+ghcoaching.mx, 1
+ghcpl.in, 1
+gheestore.in, 0
+ghentcityofmusic.be, 1
+ghentcreativecityofmusic.be, 1
+ghentfilmoffice.be, 1
+ghentholidayland.be, 1
+ghentlichtfestival.be, 1
+ghentlichtfestival.com, 1
+ghentlightfestival.be, 1
+ghentlightfestival.com, 1
+ghentlivinglab.be, 1
+gheorghe-sarcov.ga, 1
+gheorghesarcov.ga, 1
+gheorghesarcov.tk, 1
+ghereben.xyz, 1
+ghettonetflix.de, 1
+ghgkhalsaschool.com, 1
+ghi.gov, 1
+ghil.de, 1
+ghimaging.com, 1
+ghini.com, 1
+ghiro.tk, 1
+ghlinks.com.gh, 1
+ghllc.com, 1
+ghn.vn, 1
+ghnewslive.com, 1
+ghobcars.com, 1
+ghobot.ai, 1
+ghobusers.com, 1
+ghostarmy.tk, 1
+ghostarrow.com, 1
+ghostbusters.tk, 1
+ghostbustersuk.tk, 1
+ghostcarve.ml, 1
+ghostcir.com, 0
+ghostdesign.tk, 1
+ghostdog.ga, 1
+ghostdragon.tk, 1
+ghostfam.com, 1
+ghostfam.win, 1
+ghostfiregaming.com, 1
+ghostgaminggg.live, 1
+ghostgimbals.com, 1
+ghostlight.tk, 1
+ghostmarket.io, 1
+ghostnight.ga, 1
+ghostpi.pro, 1
+ghostpin.ga, 1
+ghostplanet.tk, 1
+ghostrealms.tk, 1
+ghostridersclan.tk, 1
+ghostruler.com, 1
+ghosts-to-you.tk, 1
+ghostsnote.tk, 1
+ghostsquad.tk, 1
+ghostutils.tk, 1
+ghostwritershigh.com, 1
+ghotokbaba.com, 1
+ghou.me, 1
+ghowell.io, 1
+ghpastor.com, 1
+ghprinter.com.br, 1
+ghprinting.net, 1
+ghsix.com.br, 1
+ghwconline.org, 1
+ghyvelde.fr, 1
+gi-plant.shop, 1
+giac.net, 1
+giac.org, 1
+giacomodebidda.com, 1
+giacomopelagatti.it, 1
+giakki.eu, 1
+gialai.gov.vn, 1
+gialupa.tk, 1
+giamcanhieuqua.vn, 1
+giancarlomarino.com, 1
+giangma.tk, 1
+giannakis.tk, 1
+gianproperties.com, 1
+giant-panda.com, 1
+giant-tortoise.com, 1
+giantratesers.ga, 1
+giantratesest.ga, 1
+giantslipandslide.co.uk, 1
+giantsquid.cf, 1
+giantsquid.ga, 1
+giantsquid.gq, 1
+giantsquid.tk, 1
+gianttree.de, 1
+gianturl.net, 1
+giaohangtietkiem.vn, 1
+giardinaggio.milano.it, 1
+giardinaggio.napoli.it, 1
+giardinaggio.roma.it, 1
+giardiniblog.it, 1
+giardiniere.bologna.it, 1
+giardiniere.milano.it, 1
+giardiniere.roma.it, 1
+giardinoperfetto.com, 1
+giatrakos.com, 1
+giaydepvnn.com, 1
+gibberfish.org, 1
+gibbon.tk, 1
+gibbonedu.org, 1
+gibkoesteklo.ml, 1
+gibraltar-jobs.com, 1
+gibraltarwi.gov, 1
+gibranhernandez.tk, 1
+gibsonmemorial.ca, 1
+gibsonsecurity.co.uk, 1
+gicasport.it, 1
+gichigamigames.com, 1
+gickelskerb.de, 1
+gidapgs.cf, 1
+giddyaunt.net, 1
+gideonbot.com, 1
+gidive.com, 1
+gidro-dom.ru, 1
+gidro.tech, 1
+gidroponica.ml, 1
+giebel.it, 1
+giedrioukis.lt, 1
+gielectrical.com.au, 0
+giemsa.com, 1
+gierds.de, 1
+gieschke.de, 1
+gietvloergarant.nl, 1
+gif-avatars.com, 1
+gif.tips, 0
+giff.com.mx, 1
+giffard.com, 1
+gifhelittlestars.co.uk, 1
+giford.com, 1
+gifsonline.tk, 1
+gift4ever.tk, 1
+giftbaskets.ru, 1
+giftbasketsoverseas.com, 1
+giftbit.com, 1
+giftcard.net, 1
+giftcardgranny.com, 1
+giftcardstarz.com, 0
+giftedconsortium.com, 1
+giftedmodels.com, 1
+giftex.cz, 1
+giftexperts.com, 1
+giftfavorite.tk, 1
+giftfocus.com, 1
+giftlist.guru, 1
+giftnix.com, 1
+giftofsquare.net, 1
+giftofsquare.org, 1
+giftpoint.io, 1
+gifts.best, 1
+giftscop.com, 1
+giftsenda.com, 1
+giftsforaspecialoccasion.com, 1
+giftsholidays.tk, 1
+giftsofsquare.com, 1
+giftsofsquare.net, 1
+giftsofsquare.org, 1
+gifudodo.com, 1
+gifuxuk.tk, 1
+gifzilla.net, 0
+gig.com, 1
+gig.ru, 0
+gig40.com, 1
+giga.nl, 1
+gigabitz.pw, 1
+gigachad.net, 1
+gigacloud.org, 1
+gigacloud.ua, 0
+gigacomputer.cz, 1
+gigagroup.cf, 1
+giganet.tk, 1
+gigantar.com, 1
+gigantino.net, 1
+gigantism.com, 1
+gigantron.com, 1
+gigaone.pl, 1
+gigarange.org, 1
+gigarange.xyz, 1
+gigasoft.tk, 1
+gigatags.tk, 1
+gigatop.ga, 1
+gigatron.tk, 1
+gigawa.lt, 1
+gigawattz.com, 1
+gigaway.com, 1
+giggear.com.au, 1
+gigharborwa.gov, 1
+gigindia.in, 1
+gigis-pizzeria.de, 1
+gigiscloud.servebeer.com, 1
+giglink.club, 1
+gigloog.tk, 1
+gigpam.com, 1
+gigs.com, 1
+gigseekr.com, 1
+gijonshiro.tk, 1
+gikovatelojavirtual.com.br, 1
+gil.gg, 1
+gilandrad.tk, 1
+gilangcp.com, 1
+gilbert-schmalriede.de, 1
+gilbertosimoni.tk, 1
+gilbertsvilleny.gov, 1
+gildenhost.de, 1
+gileadpac.com, 1
+gilescountytn.gov, 1
+gilion.tk, 1
+gill-cote-bistro.fr, 1
+gill-swerts.tk, 1
+gill-temptation.tk, 1
+gillesmorelle.com, 0
+gillespetrotey.com, 1
+gillettepromociones.com, 1
+gillfamily.de, 1
+gillmanandsoame.co.uk, 1
+gillsco.com, 1
+gilmanwi.gov, 1
+gilmasocial.ga, 1
+gilme.net, 1
+gilnet.be, 0
+gilpincountydronepilot.com, 1
+gilsanchez2009.com, 1
+gilsum-nh.gov, 1
+giltedge.travel, 1
+gim-app.tk, 1
+gim.ac.in, 1
+gimahhot.com, 1
+gimbal.ca, 1
+gimme.money, 1
+gimmickbots.com, 1
+gimmickmedia.de, 1
+gimnazija-skofjaloka.si, 1
+gimnazija.tk, 1
+gimnazijapg.me, 1
+gimnaziya.ga, 1
+gimnaziya.tk, 1
+gimnazjum-miloslaw.tk, 1
+gimpware.tk, 1
+gina-architektur.design, 1
+ginabaum.com, 1
+ginatony.com, 1
+ginen.xyz, 0
+ginepolice.gov, 1
+ginev.tk, 1
+gingerray.co.uk, 1
+gingersutton.com, 1
+gingerxumd.com, 1
+ginionusedcars.be, 1
+ginitaly.it, 1
+ginnegappen.nl, 1
+ginniemae.gov, 1
+ginnungagap.space, 1
+gintaresdental.lt, 1
+gintian.com, 1
+gintonic.tk, 1
+ginx.tv, 1
+ginza-viola.com, 1
+ginzago.ru, 1
+ginzaj.com, 1
+gio-abbigliamento.it, 1
+giochistars.it, 1
+giochistem.it, 1
+giocolive.com, 1
+gioielleriamolena.com, 1
+gion-ent.co.jp, 1
+gion.io, 1
+giopiu.it, 1
+giordan.com, 1
+giordano.com, 1
+giordanomultiservice.it, 1
+giorgia.tk, 1
+giorgiosite.tk, 1
+giornalisportivi.online, 1
+giovannarossi.tk, 1
+giovannibattistadagnino.eu, 1
+giovannisantini.tk, 1
+giovinco.tk, 1
+gip-carif-idf.net, 1
+gip-carif-idf.org, 1
+gipelpsb.fr, 1
+giper.ga, 1
+giperfast.tk, 1
+gipernn.ru, 1
+gipl.tk, 1
+gipsic.com, 1
+gipsplitka.ru, 1
+gipuzkoabasket.tk, 1
+giradiscos.com, 1
+giraffeduck.com, 1
+giraffenland.de, 1
+giraffes.org, 1
+gircimediterranee.fr, 1
+giresunhaberleri.tk, 1
+giri.co, 1
+girishkumar.tk, 1
+girl.click, 1
+girl.science, 1
+girlan.net, 1
+girlandhermoon.com, 0
+girlbaito.jp, 1
+girlboss.ceo, 1
+girlcock.ceo, 1
+girldevelopit.com, 1
+girldick.gay, 1
+girlfriend.gq, 1
+girliciousbeauty.com, 1
+girlie.tk, 1
+girlingsdiamond.co.uk, 1
+girlinthetiara.com, 1
+girlisme.com, 1
+girljacket.com, 1
+girls-heaven.com, 1
+girlsaloudcity.tk, 1
+girlsbar-navi.jp, 1
+girlschandigarh.in, 1
+girlsfucked.com, 1
+girlsgenerationgoods.com, 1
+girlsgetpied.com, 1
+girlsglimpse.cf, 1
+girlsglimpse.ga, 1
+girlsglimpse.gq, 1
+girlshealth.gov, 1
+girlshere.tk, 1
+girlsnet.work, 1
+girlswhonerd.com, 1
+girltendance.fr, 1
+girlunfinished.com, 1
+girlz.jp, 1
+gironde-tourisme.fr, 1
+gironiforum.fr, 1
+giroskuter.ga, 1
+girsedesign.de, 1
+girvas.ru, 1
+gis.ee, 1
+gisa.gv.at, 1
+gisac.org, 1
+gisauto.ru, 1
+gisbornecabs.com.au, 1
+gisellapiano.tk, 1
+gisher.news, 1
+gisher.org, 1
+gisher.video, 1
+gishiko.net, 1
+gishpo.tk, 1
+gisma.tk, 1
+gistr.io, 1
+giswi.com, 1
+git-stuff.tk, 1
+git-top-repos.net, 1
+git.ac.cn, 1
+git.co, 1
+git.market, 1
+git.nl.eu.org, 1
+git.org.il, 0
+git.sb, 1
+git.tt, 0
+gitar.io, 1
+gitarist.tk, 1
+gitarren-akademie-online.de, 1
+gitch.xyz, 1
+gite-ambleteuse.tk, 1
+gite-bouvines.fr, 1
+gite-le-pascaud.fr, 1
+gitecolombedesbois.com, 1
+gitelermitage.be, 1
+gitep.org.uk, 1
+gites-melaual.fr, 1
+gitgaattreaty.ca, 1
+github.blog, 1
+github.com, 1
+github.partners, 1
+githubapp.com, 1
+githubconstellation.com, 1
+githubengineering.com, 1
+githubindia.com, 1
+githubnext.com, 1
+giti.com.sg, 1
+gitlab-apps.com, 1
+gitns.com, 1
+gitns.dev, 1
+gitns.io, 1
+gitns.net, 1
+gitns.nl, 1
+gitns.org, 1
+gitstuff.tk, 1
+gittigidiyor.com, 1
+gittr.ch, 1
+gitvibe.com, 1
+giuem.com, 1
+giuliabonati.com, 1
+giuliano.design, 1
+giuliawylde.com, 1
+giulliamodas.com.br, 1
+giunchi.net, 1
+giuristifriburgo.ch, 1
+giuseppebuccheri.it, 1
+giuseppemacario.it, 1
+giuseppemacario.men, 1
+giusyesabatino.it, 1
+give.net, 1
+give2charity.co, 1
+give2charityapp.com, 1
+giveasquare.com, 1
+giveasquare.net, 1
+giveasquare.org, 1
+giveattheoffice.org, 0
+givecfc.org, 1
+givelab.com, 1
+givemeaverse.com, 1
+givemebeer.tk, 1
+givemeyour.cc, 1
+givemylife.cf, 1
+givemylife.ga, 1
+givemylife.gq, 1
+givemylife.ml, 1
+given2.blog, 1
+given2.com, 1
+given2.me, 1
+given2.us, 1
+given4.it, 1
+givepenny.com, 1
+givery.cz, 1
+givery.sk, 1
+givesunlight.com, 1
+giveuselife.org, 1
+givingassistant.org, 0
+givingnexus.org, 0
+givingpledge.org, 1
+givingtools.com, 1
+givip.eu, 1
+gix.net.pl, 1
+gixtools.co.uk, 1
+gixtools.com, 1
+gixtools.net, 1
+gixtools.uk, 1
+gizemlibilgi.com, 1
+gizitalk.com, 1
+gizlicekim.tk, 1
+gizmo.ovh, 1
+gizmocrazed.com, 1
+gizmodo.com, 1
+gizmodo.es, 1
+gizmodo.in, 1
+gizmogrind.com, 1
+gj-bochum.de, 1
+gj-cham.tk, 1
+gj6.top, 0
+gjan.in, 1
+gjan.info, 1
+gjan.io, 1
+gjanaconstruction.com, 1
+gjcampbell.co.uk, 1
+gjengset.com, 1
+gjnoonan.co.uk, 1
+gjung.com, 1
+gkb2.ru, 1
+gkbm.com, 1
+gkconsultancy.tk, 1
+gkdforum.eu.org, 1
+gkdk.se, 1
+gkdworld.com, 1
+gkdworld.eu.org, 1
+gkepm.com, 1
+gkhull.com, 1
+gklparis.fr, 1
+gkmusicindia.tk, 1
+gknews.tk, 1
+gkoenig-innenausbau.de, 1
+gkq.co.in, 1
+gkralik.eu, 1
+gkrru4v.xyz, 1
+gkstyle.net, 0
+gku-winterling.de, 1
+gkv-gorinchem.nl, 1
+gkvharidwar.org, 1
+gkvsc.de, 1
+gkzmengineering.com, 1
+gl-operacion.com.mx, 1
+gl.search.yahoo.com, 0
+glabiatoren-kst.de, 1
+glacialexperience.is, 1
+glaciercountymt.gov, 1
+glacierviewfire.gov, 1
+glad.com, 1
+gladala.tk, 1
+gladiac.duckdns.org, 1
+gladiator.tf, 1
+gladiators-clan.tk, 1
+gladiatorshop.nl, 1
+gladiium.store, 1
+gladosdan.com, 1
+gladstonemi.gov, 1
+gladwellentertainments.co.uk, 1
+gladwork.tk, 1
+gladysstrickland.com, 1
+glahcks.com, 1
+glamadelaide.com.au, 1
+glamcambabes.com, 1
+glamdaldyreklinikk.no, 1
+glami.com.tr, 1
+glaminati.com, 0
+glamlivesex.com, 1
+glammybabes.com, 1
+glamorousgoat.nl, 1
+glamorously-built.tk, 1
+glamour4you.de, 1
+glamourandgains.com, 1
+glamourdaze.com, 1
+glamourhair.tk, 1
+glamourmagazine.co.uk, 1
+glamourtime.tk, 1
+glamur-video.com, 1
+glance.gr, 1
+glanzodergarnicht.com, 1
+glas-systeme.eu, 1
+glasdon.com, 1
+glase.shop, 1
+glaserceramics.com, 1
+glasfaser-im-hanseviertel.de, 1
+glasgestaltung.biz, 1
+glasgowfilm.org, 0
+glasgowlife.org.uk, 1
+glashandelwolf.nl, 0
+glasiko.tk, 1
+glasner.photo, 1
+glass-blaster.com, 1
+glass.google.com, 1
+glass.photo, 1
+glassact.com, 1
+glasschmuck-millefiori.de, 1
+glassellparkschool.org, 1
+glassemployees.com, 1
+glassfoxowo.com, 1
+glassicasino.in, 1
+glasslikes.com, 1
+glassnebula.com, 1
+glassner.org, 1
+glassochchoklad.se, 1
+glassofdirt.tk, 1
+glassofgrape.com, 1
+glassportpapd.gov, 1
+glassrainbowtrust.org.je, 1
+glassrepairsperth.com.au, 1
+glassrom.org, 1
+glassrom.pw, 1
+glasssculpture.org, 1
+glasstechnics.be, 1
+glasswall.com, 1
+glassweb.com.mx, 1
+glassworld.tk, 1
+glastenbury.com, 1
+glaston.com, 1
+glaswerk-mellenbach.de, 1
+glaswolsite.tk, 1
+glatfelter.com, 1
+glauca.digital, 1
+glauca.space, 1
+glaucoma.uk, 1
+glavfundament.ru, 0
+glavny-yurist.ru, 1
+glavred.info, 0
+glazedmag.fr, 1
+glazkova.ga, 1
+glbaumaulwurf.de, 1
+glbins.com, 1
+glbth.com, 1
+glcastlekings.co.uk, 1
+gld.re, 1
+gle, 1
+gleam.tk, 1
+gleanview.com, 1
+glebov.tk, 1
+gleeband.com, 1
+gleentech.com, 1
+gleesongs.tk, 1
+gleich-aluminium-shop.de, 1
+gleisner.io, 1
+gleisner.legal, 1
+gleki.com, 1
+glemtpassord.dep.no, 1
+glenatlasmd.com, 1
+glenavy.tk, 1
+glenbeulahwi.gov, 1
+glencambria.com, 1
+glencarbonil.gov, 1
+glencoveny.gov, 1
+glendalewv.gov, 1
+glendarraghbouncycastles.co.uk, 1
+glenderan.com, 1
+glendivemt.gov, 1
+glenhuntlyapartments.com.au, 1
+glenmarieproperties.com, 0
+glenmarkpharma.sk, 1
+glenmorewisconsin.gov, 1
+glennfitzpatrick.com, 1
+glennhamers.nl, 1
+glennvillega.gov, 1
+glennwilson.co.uk, 1
+glenshere.com, 1
+glenwhitememorial.com, 1
+glenwoodpark.com, 1
+glesbymarks.com, 1
+glevolution.com, 1
+glexia.com, 1
+glgclan.tk, 1
+gli.sh, 1
+gliagrumi.it, 1
+glibmarket.in, 1
+glickman-consulting.com, 1
+glidestep.com, 1
+glidingshop.cz, 1
+glidingshop.de, 1
+glidingshop.eu, 1
+glieroidelcalcio.com, 1
+gliihc.net, 1
+glimhome.com, 1
+glimpses.tk, 1
+glini.net, 1
+glit.sh, 1
+glitchcomic.tk, 1
+glitched.online, 1
+glitery.com, 1
+glitter-graphics.com, 1
+glitterblast.uk, 1
+glitteringmariah.tk, 1
+glittersjabloon.nl, 1
+glitzerstuecke.de, 1
+glitzybingo.co.uk, 1
+glixee.com, 1
+glk.academy, 1
+glloq.org, 0
+glm.io, 1
+glnpo.gov, 1
+global-adult-webcams.com, 1
+global-business-solutions.cf, 1
+global-carbonsolutions.com, 1
+global-content.net, 1
+global-electronic-music.tk, 1
+global-factory.co.jp, 1
+global-fh.com, 1
+global-free-classified-ads.com, 1
+global-monitoring.com, 1
+global-motherboard.com, 1
+global-office.com, 0
+global-qanoon.gq, 1
+global-scg.org, 1
+global-share.org, 1
+global-topsecret.tk, 1
+global-trance.tk, 1
+global-village.koeln, 1
+global-wire.eu, 1
+global-wire.fi, 1
+global-wire.net, 1
+global.my.id, 1
+global1.gg, 1
+global66.com, 1
+globalacademicgroup.com, 1
+globalaccountservice.com, 1
+globalamend.com, 1
+globalautomation.com.co, 1
+globalbix.com, 1
+globalbridge-japan.com, 1
+globalbusiness.tk, 1
+globalbusinessinfoaccomodation.tk, 1
+globalbusinessinfoasia.tk, 1
+globalbusinessinfoera.tk, 1
+globalbusinessinfographic.tk, 1
+globalbusinessinfoinsurance.tk, 1
+globalbusinessinfonews.tk, 1
+globalbusinessinfouk.tk, 1
+globalbusinessinfousa.tk, 1
+globalbusinessnews.tk, 1
+globalbusinessrisk.com, 1
+globalcancer.tk, 1
+globalchemlab.ga, 1
+globalconsultant.tk, 1
+globalconsulting.ml, 1
+globaldataline.ml, 1
+globaldefensa.tk, 1
+globaldestruction.tk, 1
+globaled.org.uk, 1
+globalenergyinterconnection.com, 0
+globalentertainment.ga, 1
+globalenv.online, 1
+globalepsilon.com, 1
+globalformat.de, 1
+globalfuhui.com, 1
+globalfuture.eu, 1
+globalgate.cc, 1
+globalgivingtime.com, 1
+globalgovernancewatch.org, 1
+globalgrowth.group, 1
+globalhealth.gov, 1
+globalhealthstrategiesnetwork.com, 1
+globalhealthstrategiesnetwork.info, 1
+globalhealthstrategiesnetwork.net, 1
+globalhealthstrategiesnetwork.org, 1
+globalhomeautomation.ca, 1
+globalhomicideers.ga, 1
+globalhorses.de, 1
+globalimmigrationafrica.co.za, 1
+globalimmigrationvisa.com, 1
+globalink.tk, 1
+globalipaction.ch, 1
+globalisierung-fakten.de, 1
+globalitac.com, 1
+globalizationpedia.com, 1
+globalkwizz.tk, 1
+globalmarketrade.com, 1
+globalmasonryers.ga, 1
+globalmasonryest.ga, 1
+globalmaster.com.mx, 1
+globalmed.tk, 1
+globalmethane.org, 1
+globalmetropolis.tk, 1
+globalmobilityjourneys.com, 1
+globalnewsdaily.cf, 1
+globalnewsdaily.tk, 1
+globalnewsnetwork.tk, 1
+globalnewssystems.tk, 1
+globalno.me, 1
+globalnomadvintage.com, 1
+globalobuv.tk, 1
+globalopsgame.tk, 1
+globalpandemictools.com, 1
+globalpediatriciansest.ga, 1
+globalperspectivescanada.com, 1
+globalpolarbear.com, 1
+globalproduction.ga, 1
+globalprojetores.com.br, 1
+globalradio.tk, 1
+globalrussia.tk, 1
+globalsecuritydatabase.com, 1
+globalsecuritydatabase.io, 1
+globalsecuritydatabase.net, 1
+globalsecuritydatabase.org, 1
+globalsens.com, 1
+globalsensationsers.ga, 1
+globalsensationsest.ga, 1
+globalseo.ga, 1
+globalseo.ml, 1
+globalseostrategy.com, 1
+globalshippinglimited.ga, 1
+globalsign.com.ru, 1
+globalspeed.tk, 1
+globalstar.com, 1
+globalstrike.tk, 1
+globalthermoforming.com, 1
+globaltiendat.com, 1
+globaltravel.cf, 1
+globaltravel.ga, 1
+globaltravel.tk, 1
+globaltrucking.uk, 1
+globalventil.com, 0
+globalvision.co, 1
+globalvisions-events.ch, 1
+globalvisions-events.com, 1
+globalvoice.ga, 1
+globalwarmingis.science, 1
+globalwebtrend.com, 1
+globalwidemedia.com, 1
+globalwire.fi, 1
+globalwitness.org, 0
+globalzone.tk, 1
+globaz.ch, 1
+globe-brasil.tk, 1
+globe.gov, 1
+globedx.exchange, 1
+globegazette.com, 1
+globeinform.com, 1
+globelink-group.com, 1
+globemilk.nl, 1
+globemusic.es, 1
+globeprotocol.be, 1
+globeprotocol.com, 1
+globeprotocol.de, 1
+globeprotocol.es, 1
+globeprotocol.eu, 1
+globeprotocol.fr, 1
+globeprotocol.io, 1
+globeprotocol.it, 1
+globeprotocol.nl, 1
+globeprotocolecosystem.nl, 1
+globereservationsest.ga, 1
+globetalent.nl, 1
+globetrotting.com.au, 1
+globologic.com, 1
+globotech.be, 1
+globotur.de, 1
+globowood.ml, 1
+globuli-info.de, 1
+globus-plus.ml, 1
+globustrust.tk, 1
+glocesterri.gov, 1
+glocken-apotheke.info, 1
+gloeckle-gruppe.de, 1
+glofox.com, 1
+glonee.live, 1
+gloning.name, 1
+glont.net, 1
+gloomy.tk, 1
+glorenza.org, 1
+gloria-home.co.uk, 1
+gloria-mundi.eu, 1
+gloria.tv, 1
+gloriousbride.com, 1
+gloriousfoods.co.uk, 1
+glorycambodia.com, 1
+glorycamrealty.com, 1
+gloryhealthcarellc.com, 1
+gloryholefucking.com, 1
+glorymark.com, 1
+gloryofloveband.tk, 1
+gloryofmusic.tk, 1
+gloryrise.tk, 1
+glorystar.ml, 1
+glosiko.cn, 1
+glosiko.com, 1
+glosiko.com.cn, 1
+glosiko.net, 1
+glosiko.org, 1
+glossar.tk, 1
+glossowiki.ml, 1
+glossyfied.com, 1
+glotechrepairs.co.uk, 1
+glotte-trotters.fr, 1
+glotter.com, 1
+gloucesterva.gov, 1
+glovementor.com, 1
+glowfic.com, 1
+glowmedspaencino.com, 1
+glowskins.my.id, 1
+glpreparation.com, 1
+glsauto.com, 1
+glucometros.net, 1
+glue.tk, 1
+gluechapter.ga, 1
+glueck-im-norden.de, 1
+gluecksgriff-taschen.de, 1
+glueckskindter.de, 1
+gluecksmomente.boutique, 1
+gluedtomusic.com, 1
+gluglu.jp, 1
+gluit.de, 1
+glumac.com, 1
+glutenfreefoods.net, 1
+glutenfreehomemaker.com, 1
+glutenfreelife.co.nz, 1
+glutenfreeonashoestring.com, 0
+glutenfreevr.com, 1
+gluto.tk, 1
+gluware.com, 1
+gluwee.com, 1
+glxnet.com, 1
+glyam.nl, 1
+glyburidemetformin.tk, 1
+glykofridis.nl, 1
+glyph.ws, 1
+glyphosat.com, 1
+glyptodon.com, 1
+glz.ca, 1
+gm-assicurazioni.it, 1
+gm-net.jp, 1
+gm.search.yahoo.com, 0
+gm207.com, 0
+gm5.com.br, 1
+gmaetk.com, 1
+gmail, 1
+gmail.com, 0
+gman.bot, 1
+gmanlabs.com, 1
+gmanukyan.com, 1
+gmao.com, 1
+gmasil.de, 1
+gmavsg.org, 1
+gmbh-kiekin.de, 1
+gmc-mca.org, 1
+gmc-roma.it, 1
+gmc.uy, 1
+gmcbm.net, 1
+gmcd.co, 1
+gmdu.net, 1
+gmfumaria.com, 1
+gmgard.com, 1
+gmgcyouth.org, 1
+gmhdrivingschool.co.uk, 1
+gmhostingservices.co.uk, 1
+gmimarkets.com, 1
+gmind.ovh, 1
+gmit.com.ar, 1
+gmkdetailing.cz, 1
+gml4d2.ml, 1
+gmo-cybersecurity.com, 1
+gmod.de, 1
+gmopconsortium.org, 1
+gmpark.dk, 1
+gmpartsdb.com, 1
+gmpartsgiant.com, 1
+gmpartsprime.com, 1
+gms-marine.com, 1
+gmslaw.com, 1
+gmslparking.co.uk, 1
+gmsociety.tk, 1
+gmsurveyingms.com, 1
+gmta.gov, 1
+gmta.nl, 1
+gmtaccounting.co.uk, 1
+gmtm.com, 1
+gmtplus.co.za, 1
+gmuh.fr, 0
+gmundner.africa, 1
+gmw-hannover.de, 1
+gmw-ingenieurbuero.de, 1
+gmx.at, 1
+gmx.ch, 1
+gmx.co.uk, 1
+gmx.com, 1
+gmx.de, 1
+gmx.es, 1
+gmx.fr, 1
+gmx.net, 1
+gmz.cx, 1
+gn00.com, 1
+gnagismen.tk, 1
+gnaptracker.tk, 1
+gnawa-diffusion.tk, 1
+gnax.jp, 0
+gncbilgi.com, 1
+gnetwork.eu, 1
+gnezdo.tk, 1
+gnfb.be, 1
+gnfrazier.me, 1
+gnhe.ca, 1
+gnhub.org, 1
+gnida.tk, 1
+gnihm.ac.in, 1
+gnilebein.de, 1
+gnk.io, 1
+gnmlive.com, 1
+gnom.me, 1
+gnomania.ml, 1
+gnomen.tk, 1
+gnomon-transport.com.ng, 1
+gnrinfo.tk, 1
+gns.gov.pt, 1
+gnu.style, 1
+gnuand.me, 1
+gnucashtoqif.us, 1
+gnuher.de, 1
+gnulinux.gq, 1
+gnulinuxforum.tk, 1
+gnupi.tk, 1
+gnuplus.me, 1
+gnush.cf, 1
+gnush.ga, 1
+gnush.gq, 1
+gnusocial.jp, 1
+gnuworldorder.ml, 1
+gnylf.com, 1
+gnzsnz.com, 1
+go-away.xyz, 1
+go-cqhttp.org, 1
+go-dove.com, 1
+go-down.tk, 1
+go-embedded.de, 1
+go-go.link, 1
+go-hijra.com, 1
+go-kuwait.tk, 1
+go-life.com.tw, 1
+go-mail.me, 1
+go-propiedades.cl, 1
+go-site.co.uk, 1
+go-sprout.de, 1
+go-srx.tk, 1
+go-zh.org, 1
+go.exchange, 1
+go.microsoft.com, 1
+go.ne, 1
+go2archive.nl, 1
+go2biz.com, 1
+go2mob.tk, 1
+go2sh.de, 1
+go2store.com, 1
+go2ubl.nl, 1
+go4games.ro, 1
+go4golfreizen.nl, 1
+go4it.ro, 1
+go4rest.de, 1
+go6.si, 1
+go6lab.si, 0
+go889w.com, 1
+goabase.com, 1
+goabase.net, 1
+goaddress.co.ke, 1
+goaheadireland.ie, 1
+goalac.org, 1
+goalbookapp.com, 1
+goalgrass.com, 1
+goalie1998.duckdns.org, 1
+goalup.com.br, 1
+goanalyse.co.uk, 1
+goapunks.net, 0
+goarnlms.org, 1
+goatbot.xyz, 1
+goathub.io, 1
+goatlord.tk, 1
+goatstore.ca, 1
+goavio.rest, 1
+gobarrelroll.com, 1
+gobeline.com, 1
+gobetweenfilms.com, 1
+gobi.tk, 1
+gobiernousa.gov, 1
+gobig.gg, 1
+goblackwood.co.uk, 1
+goblintears.com, 1
+gobouncy.co.uk, 1
+gobouncy.com, 1
+gobugfree.com, 1
+gobytedesign.uk, 1
+gocardless.com, 1
+gocareserv.com, 1
+gocct.com, 1
+gociicii.com, 1
+gockelsee.de, 1
+gockhuatsuky.tk, 1
+goclark.at, 1
+gocleanandsafe.nz, 1
+goclix.ml, 1
+goconstruct.org, 1
+gocornwallbus.co.uk, 1
+gocpa.space, 1
+gocphongthuy.net, 1
+god-clan.hu, 1
+godalivetpalandet.tk, 1
+godall.tk, 1
+godan.tech, 1
+godanriver.com, 1
+godark.uk, 1
+godating.tk, 1
+godattributes.com, 1
+godaxen.tv, 1
+godblessus.com, 1
+godbo9.com, 0
+godclan.hu, 1
+goddamnwinnebago.com, 1
+goddess.name, 1
+goddesslena.com, 1
+godesigner.ru, 1
+godestination-morocco.com, 1
+godfilm.tk, 1
+godiscovers.com, 1
+godisgreat.africa, 1
+godish.com, 1
+godles.pl, 1
+godloveme.com, 1
+godmusicapp.com, 1
+godns.ru, 1
+godofredo.ninja, 1
+godoter.cn, 1
+godoza.tk, 1
+godrealms.com, 1
+godrive.ga, 1
+godsofhell.com, 1
+godsofhell.de, 1
+godsowncountry.tk, 1
+godsrollercoaster.co.uk, 1
+godstoghosts.com, 1
+godsunchained.com, 1
+godswila.be, 1
+godswill.tk, 1
+godwithusalinaitwefoundation-ugandalimited.com, 1
+godyo.com, 1
+godzillaencastellano.tk, 1
+goecomp.com, 1
+goeddesoundandlight.com, 1
+goedeke.ml, 1
+goedekers.com, 1
+goedekortingscodes.be, 1
+goedekortingscodes.nl, 1
+goedkoopparkeren.nl, 1
+goedkoopstecartridges.nl, 1
+goedkope-bestelautoverzekeringen.nl, 1
+goedkope-scooterverzekeringen.nl, 1
+goedkopecartridgeskopen.nl, 1
+goedkopeonesies.nl, 1
+goedkopetaxiservice.nl, 1
+goedkopetonerkopen.nl, 1
+goehler-baumpflege.de, 1
+goeikan.life, 1
+goenea.com, 1
+goenova.com, 1
+goerdeler-alumni-club.de, 1
+goergetown.tk, 1
+goerlitz-zgorzelec.org, 1
+goerres2014.de, 1
+goetec.ac.uk, 1
+goetemp.de, 1
+goethe-gymnasium-stolberg.de, 1
+goetheschule-giessen.de, 1
+goetic.space, 1
+goetteesbarbershop.com, 1
+goettinger-katzenschutz.de, 1
+goetzinger-web.de, 1
+gofabcnc.com, 1
+goffrie.com, 1
+gofigure.fr, 0
+gofile.io, 1
+gofile.link, 1
+goflix.cf, 1
+goflo.net, 1
+gofobo.com, 1
+gofoiayourself.org, 1
+gofoodieonline.com, 1
+gofoodservice.com, 1
+goforcex.top, 0
+gofriends.cf, 1
+gofront.com, 1
+gofundhourly.tk, 1
+gofundme.com, 1
+goge.ml, 1
+gogebic.gov, 1
+gogeeks.com.au, 1
+gogem.in, 1
+gogetssl.com, 0
+gogle-analytics-srv2456.com, 1
+gogle-analytics.com, 1
+gogleapis.com, 1
+gogo.mn, 1
+gogocarto.fr, 1
+gogocharters.com, 1
+gogogirl.vip, 1
+gogolino.tk, 1
+gogomail.ga, 1
+gogonano.com, 1
+gogracego.com, 0
+gogreece.dk, 1
+gogroopie.com, 1
+gogs.ca, 1
+gogsat.com, 1
+gogu.ma, 1
+goguarded.com, 1
+gohanrecords.tk, 1
+gohelixit.com, 1
+gohhaksu.sg, 1
+gohon.org, 1
+gohost.kz, 1
+gohvac.pro, 1
+gohyer.com, 1
+going-dutch.tk, 1
+going.com, 1
+goingawesomeplaces.com, 1
+goinggreenshow.gq, 1
+goingreen.com.au, 1
+goiymua.com, 1
+goizalde.tk, 1
+gojoebean.com, 1
+gokazakhstan.com, 1
+gokgids.nl, 1
+gokhankesici.com, 1
+gokmenguresci.com, 1
+gokoururi.com, 1
+goksu.in, 1
+goktoday.com, 1
+gokyrgyzstan.com, 1
+golan.ml, 1
+golang.org, 1
+golaw.ua, 1
+golayamadam.tk, 1
+gold-bird.tk, 1
+gold-diamondltd.tk, 1
+gold-fm.ml, 1
+gold9999.com, 1
+goldankauf1875.at, 1
+goldband.tk, 1
+goldbar.com.hk, 1
+goldbio.com, 1
+goldbug.ga, 1
+goldcard.cz, 1
+goldchip.com, 1
+goldclubcasino.com, 1
+goldcoast-plumbing.com.au, 1
+goldcoastasian.com, 1
+goldcoastit.com.au, 1
+goldcoastphotographycourses.com, 1
+goldcoastplumbingcompany.com.au, 1
+goldcreek.tk, 1
+golddeer.com, 1
+golden-beef.fr, 1
+golden-kamuy.com, 1
+golden-sea.tk, 1
+goldenage.tk, 1
+goldenagefoundation.tk, 1
+goldenbadger.de, 0
+goldenberg.tk, 1
+goldencircle.ga, 1
+goldenclub.ga, 1
+goldencoil.pl, 1
+goldendawnapersonalaffair.com, 1
+goldendogs.tk, 1
+goldeneggs.club, 1
+goldeneyesantafe.com, 1
+goldenfawz.com, 1
+goldenglow.fans, 1
+goldenhillsoftware.com, 1
+goldenhost.ca, 1
+goldenhouse.ga, 1
+goldeninvestmentbarcelona.com, 1
+goldenjoy.com, 1
+goldenkeys.io, 1
+goldenoaksgolfclub.com, 1
+goldenpi.com, 1
+goldenplate.com.sg, 1
+goldenravengifts.com, 1
+goldenretrieverspets.com, 1
+goldenruleemail.com, 1
+goldenshiny.com, 1
+goldensunmfg.com, 1
+goldentech.ca, 1
+goldentechelectronics.net, 1
+goldentip.cf, 1
+goldentriangletourindia.com, 1
+goldenwolrd.tk, 1
+goldenworldec.com, 1
+goldenyacca.co.uk, 1
+goldenyacca.net, 1
+goldenyacca.org, 1
+goldequipment.com.br, 1
+goldex.tk, 1
+goldfavela.com, 1
+goldfingermusic.tk, 1
+goldfm1031.tk, 1
+goldfmromania.ro, 1
+goldhabour.com, 1
+goldhill.ml, 1
+goldkid.com, 1
+goldloeckchen159.net, 1
+goldmanpropertygroup.com, 1
+goldminer.ga, 1
+goldpreisfinder.at, 1
+goldround.com, 1
+goldschmiede-suessenguth.de, 1
+goldsilver.org.ua, 1
+goldsmithwest.com, 1
+goldspace.tk, 1
+goldstandardtrust.tk, 1
+goldstein.rs, 1
+goldstein.tel, 1
+goldtits.com, 1
+goldwater.gov, 1
+goldwaterfoundation.gov, 1
+goldwaterscholarship.gov, 1
+goldwish.com, 1
+goldysoptic.bg, 1
+goldytechspecialists.com, 1
+goldzilla.eu, 1
+gole.ms, 1
+golearn.gov, 1
+golestanehali.ir, 1
+golezi.com, 1
+golf-alto-adige.com, 1
+golf-supplies.tk, 1
+golfandfashion.dk, 1
+golfbeautyers.ga, 1
+golfbeautyest.ga, 1
+golfbettingsystem.co.uk, 1
+golfbroadcasterers.ga, 1
+golfbroadcasterest.ga, 1
+golfburn.com, 1
+golfbyzipers.ga, 1
+golfbyzipest.ga, 1
+golfcabrio.de, 1
+golfcleanerers.ga, 1
+golfcleanerest.ga, 1
+golfcleanersers.ga, 1
+golfcleanersest.ga, 1
+golfdeviceers.ga, 1
+golfedumorbihan56.com, 1
+golfhausmallorca.com, 1
+golfinbritishcolumbia.com, 1
+golfinclusiveers.ga, 1
+golfingbeters.ga, 1
+golfingbetest.ga, 1
+golfinginjuriesers.ga, 1
+golfio.com, 1
+golfkulur.is, 1
+golfmagic.com, 1
+golfplus.fr, 1
+golfrange-ffm.de, 1
+golfscape.com, 1
+golfshirtsjohannesburg.co.za, 1
+golfshirtwholesalejohannesburg.co.za, 1
+golftournamentgifts.tk, 1
+golikes.ml, 1
+golink.co, 0
+golnet.hu, 1
+goloa.fr, 1
+goloaninsurance.tk, 1
+goloborodko.net, 1
+golootlo.pk, 1
+golosbots.tk, 1
+golosok.ml, 1
+golosovanye4you.tk, 1
+golser-schuh.at, 1
+golser.info, 1
+golyatsec.com, 1
+gomarket33.com, 1
+gomasa.net, 1
+gomasy.jp, 1
+gomasy.net, 1
+gomdl.com, 1
+gomega.vn, 1
+gomel.chat, 1
+gomel.city, 1
+gomelagromashplus.by, 1
+gomelchat.com, 1
+gomelphoto.com, 1
+gomer.tk, 1
+gometa.link, 1
+gomeya.com, 1
+gomezhvac.com, 1
+gomezites.tk, 1
+gomicrophone.ml, 1
+gomine.tk, 1
+gommista.roma.it, 1
+gomods.link, 1
+gomoon.com, 1
+gomorrabeach.tk, 1
+gomovein.com, 1
+gomtz.gq, 1
+gon.nl, 1
+gon45.com, 1
+gonadotropina.com, 1
+gonalops.gq, 1
+goncalofontoura.tk, 1
+goncalves-admredes.cf, 1
+gonce.io, 1
+goncharov.cf, 1
+goncharov.ml, 1
+goncharov.tk, 1
+gondawa.com, 1
+gondola-parkinson.com, 0
+gondon.tk, 1
+gonebald.tk, 1
+gonenli.com, 1
+gonepal.com, 1
+gonerogue.ml, 1
+gongik.info, 1
+gongjianwei.com, 1
+gongjuhao.com, 1
+gonintendo.com, 1
+gonitro.com, 1
+gonoodle.com, 1
+gonortheast.co.uk, 1
+gonorthwest.co.uk, 1
+gonumber.ga, 1
+gonx.dk, 0
+gonz0.com.ar, 1
+gonzalesca.gov, 1
+goo.gl, 1
+goo4it.nl, 1
+gooch.io, 1
+good-cd.ml, 1
+good-course.ga, 1
+good-know.gq, 1
+good-linux.cf, 1
+good-luck3500.ga, 1
+good-wishes-4-u.ga, 1
+gooday.life, 1
+goodbargin.com, 1
+goodbenefit.com, 1
+goodbits.tech, 1
+goodbody.ie, 0
+goodbriar.com, 1
+goodcas.ca, 1
+goodcas.com, 1
+goodchoiceflowers.com, 1
+goodcoat.com, 1
+goodcollection.com, 1
+goodcotton.com, 1
+gooddatingsites.ml, 1
+goodday.finance, 1
+gooddayatwork.co.uk, 1
+gooddomainna.me, 1
+goodearth.com.tw, 1
+goodeditor.com, 1
+goodenglish.ga, 1
+goodenvironment.com, 1
+goodesign.su, 1
+goodface.com, 1
+goodfame.com, 1
+goodfarm.com, 1
+goodfeels.net, 1
+goodfoodrussia.com, 1
+goodfundsgateway.com, 1
+goodfundslending.com, 1
+goodhealthgateway.com, 1
+goodhopemedical.com, 1
+goodhotel.co, 1
+goodhuecountymn.gov, 1
+goodiesnet.ca, 0
+goodingcountyid.gov, 1
+goodjobs.gov, 1
+goodkino.ga, 1
+goodlandks.gov, 1
+goodlink.ml, 1
+goodlosersest.ga, 1
+goodmailing.tk, 1
+goodmanwi.gov, 1
+goodmood.co.uk, 1
+goodmood.fr, 1
+goodmoodsocken.de, 1
+goodmorningapril.com, 1
+goodok.eu, 1
+goodopportunity.ga, 1
+goodpeople.tk, 1
+goodproof.com, 1
+goodryb.top, 1
+goodschain.com, 1
+goodseed.nl, 1
+goodsex4all.com.br, 1
+goodsey.com, 1
+goodshepherdmv.com, 1
+goodshuffle.com, 1
+goodsite.ga, 1
+goodspeaker.tk, 1
+goodsrepublic.com, 1
+goodstorage.com.br, 1
+goodsync.com, 1
+goodteach.com, 1
+goodth.ink, 1
+goodthing2.com, 1
+goodtrader.tk, 1
+goodtrip.kr, 1
+goodvibesblog.com, 1
+goodway.tv, 1
+goodwhois.com, 1
+goodwillbusiness.org, 1
+goodwillnfp.org, 1
+goodwin43.ru, 0
+goodyearsotn.co.uk, 1
+goofy.gr, 1
+google, 1
+google-analytics.com, 1
+google-and.tk, 1
+google-lunettes.fr, 1
+google-opinie.pl, 1
+google.ax, 1
+googleadvies.nl, 1
+googleandroid.cz, 1
+googlecom.gq, 1
+googlehits.com, 1
+googlekun.tk, 1
+googlemail.com, 0
+googleplex.com, 1
+googlerecetas.com, 1
+googleseo.pw, 1
+googleshortcuts.org, 1
+googlesource.com, 1
+goola.it, 1
+goolnk.com, 1
+goombi.fr, 1
+goondocks.io, 1
+goonersworld.co.uk, 1
+goonfleet.com, 1
+goontu.be, 1
+gooodnews.ga, 1
+goooo.info, 1
+goosecreeksc.gov, 1
+goosementor.com, 1
+goosip.tk, 1
+gootax.pro, 0
+gooty.ru, 1
+gooutdoorskansas.com, 1
+gopass-dev.com, 1
+gopass.health, 1
+gopher.tk, 1
+gophoto.it, 1
+gopigment.com, 1
+gopkg.link, 1
+gopnikman.cf, 1
+gopornovideo.com, 1
+goppold.net, 1
+gopri.tk, 1
+gopro-qa.com, 1
+gopro-staging.com, 1
+gopro.com, 1
+goproallaccess.com, 1
+gopronow.ga, 1
+gopuntaisla.com, 1
+gopwhip.gov, 1
+goquiq.com, 1
+goquiqstatus.com, 1
+gorakhpurclassifieds.tk, 1
+goranrango.ch, 1
+gorazde.tk, 1
+gorbatschow.tk, 1
+gorbilet.com, 1
+gorbov.tk, 1
+gorby.tk, 1
+gorce.com, 1
+gorchakov.org, 1
+gordas.cf, 1
+gordeijnsbouw.nl, 1
+gordillo.legal, 1
+gordion.tk, 1
+gordon-reid.com, 1
+gordonbeeming.com, 1
+gordonbeeming.xyz, 1
+gordoncountyga.gov, 1
+gordonhamilton.com, 1
+gordonquarter.org.au, 1
+gordontrading.co.nz, 1
+gordvorets.tk, 1
+gordyf.com, 1
+gordyforty.com, 1
+gorebayairport.ca, 1
+gorebayairport.com, 1
+goremotely.net, 1
+gorenje-ru.ru, 1
+gorepriest.tk, 1
+gorf.club, 1
+gorgeousb.com, 1
+gorgeouslyflawed.com, 1
+gorgeouspizza.co.nz, 1
+gorgias.me, 1
+goriki.tk, 1
+goringdogsitting.co.uk, 1
+gorki.tk, 1
+gorky.media, 1
+gorlani.com, 1
+gorlani.net, 1
+gormanprojects.com, 1
+gorn.ch, 1
+goroboted.com, 0
+gorodabakan.cf, 1
+gorodabakan.ga, 1
+gorodabakan.gq, 1
+gorodabakan.ml, 1
+gorodabakan.tk, 1
+gorodivanovo.tk, 1
+gorodrabot.by, 1
+gorodrabot.kz, 1
+gorodrabot.ru, 1
+gorodrostov.tk, 1
+gorodruza.tk, 1
+gorodyaroslavl.tk, 1
+goroscop.ga, 1
+goroscop.ml, 1
+goroscop.tk, 1
+goroscope2011.tk, 1
+goroskop-sovmestimosti-znakov.tk, 1
+goroskop-sovmestimosti.ml, 1
+goroskop.gq, 1
+goroskopnew.tk, 1
+gorschenin.com, 1
+gorstom.ml, 1
+gortaniza.tk, 1
+gorymoon.se, 1
+gosaavd.tk, 1
+gosarh.tk, 1
+gosarhiv.tk, 1
+goscg.com, 1
+gosch.de, 1
+goshawkdb.io, 1
+goshin-group.co.jp, 1
+goshop.pl, 1
+goshopnow.co.za, 1
+gosia-banaszkiewicz.com, 1
+gosiberia.ru, 1
+gosimpler.com, 1
+goskills.com, 1
+gosling-gov.tk, 1
+gosling-mod.tk, 1
+goslot.com, 1
+gosnipe.com, 1
+gosolockpicks.com, 1
+gospeldesign.tk, 1
+gospelidea.com, 1
+gospellifewc.com, 1
+gospelmusic.io, 1
+gospelnarrative.com, 0
+gospelsmusic.uk, 1
+gospelstreamingsermons.com, 1
+gospelunited.tk, 1
+gospelvestcination.de, 1
+gospelzone.ga, 1
+gospence.com, 1
+gospercountyne.gov, 1
+gospiritus.com, 1
+gosq.co, 1
+gosq.com, 1
+gossiptimes.tk, 1
+gost-energo.ru, 1
+gostaffer.com, 1
+gostargazing.co.uk, 1
+gostartkit.com, 1
+gostatera.com, 1
+gosti-dom.ga, 1
+gostica.com, 1
+gostomaisdecarrosdoquechocolates.com, 1
+gostudy.net, 1
+gosu.pro, 1
+gosupps.com, 1
+goswak.com, 1
+goszakupki.tk, 1
+got-tty.de, 1
+gotajikistan.com, 1
+gotchaphotos.net.au, 1
+gotcounterers.ga, 1
+gotcounterest.ga, 1
+goteamproclean.com, 1
+goteleport.com, 1
+gotepisodes.tk, 1
+gotforumers.ga, 1
+gotgeeks.nl, 1
+gotgenes.com, 0
+gothailand.cf, 1
+gothamcateringnyc.com, 1
+gothic-world.tk, 1
+gothiclandscape.com, 1
+gothicmarketing.tk, 1
+gothicsite.tk, 1
+gotikadesaldos.tk, 1
+gotirupati.com, 0
+gotit.com.tw, 1
+gotit.network, 1
+gotmilk.ml, 1
+gotmuebles.com, 1
+gotnet.tk, 1
+goto.google.com, 1
+goto.world, 1
+goto10.se, 1
+gotobooks.ml, 1
+gotobrno.cz, 1
+gotoexam.tk, 1
+gotohomerepair.com, 1
+gotolinux.ru, 1
+gotomap.com, 1
+gotomi.info, 0
+gotomojo.com, 1
+gotonet.tk, 1
+gotonline.ml, 1
+gotonline.tk, 1
+gotorussia.tk, 1
+gotovilekovi.tk, 1
+gotovka.ga, 1
+gotovka.tk, 1
+gotowebstore.com, 1
+gotoxy.at, 1
+gotrail.fr, 1
+gotransferdr.com, 1
+gotravel.blog, 1
+gotravel.hu, 1
+gotravel.us, 1
+gotravelmexico.com.mx, 1
+gotrek.com.au, 1
+gotreksperu.com, 1
+gotrendier.com.co, 1
+gotrendier.mx, 1
+gotriage.tk, 1
+gotstreamingers.ga, 1
+gott-it.dk, 1
+gottagohack.fr, 0
+gottasketchemall.com, 1
+gottcar.com, 1
+gottfridsberg.org, 1
+gottika.com, 1
+goturkmenistan.com, 1
+gotvax.us, 1
+gotver.tk, 1
+gotzg.de, 1
+goudenharynck.be, 1
+goudenlaantje.nl, 1
+goudronblanc.com, 1
+goudsbloemonline.nl, 1
+goudt.nl, 1
+gouforit.com, 1
+goug0.com, 1
+gougeaway.tk, 1
+gougeul.org, 1
+goukon.ru, 1
+gouplinkit.com, 1
+gourgouli.com, 1
+gourmetfestival.de, 1
+gourmetsditalie.com, 1
+gourmetspalencia.com, 1
+gourmetvitamins.ga, 1
+goushuang.com, 1
+goutsmits-tegelwerken.nl, 1
+gouwdata.nl, 1
+gouwen.com, 1
+gov.md, 1
+gov.tc, 1
+gov.uk, 0
+govape.tk, 1
+govecountyks.gov, 1
+governikus.de, 1
+governmentjob.gq, 1
+governmentjobs.gov, 1
+governmentphoneservice.com, 1
+governorhub.com, 1
+govindagiri.tk, 1
+goviralnow.ml, 1
+govloans.gov, 1
+govmi.gov, 1
+govno-site.tk, 1
+govnohosting.cf, 1
+govnosite.tk, 1
+govotecolorado.gov, 1
+govotetn.gov, 1
+govquarter.gq, 1
+govsales.gov, 1
+govtjobs.blog, 1
+govtnaukrinews.com, 1
+govtrack.us, 1
+govvacationrewards.com, 1
+govype.com, 1
+gow220.ru, 1
+gowager.co.uk, 1
+gowaianapanapa.com, 1
+gowancommunications.com, 1
+gowatermarkdesign.com, 1
+gowe.wang, 0
+goweraesthetics.co.uk, 1
+gowervets.co.uk, 1
+gowikings.dk, 1
+gowildrodeo.co.uk, 1
+gowin.ae, 1
+gowithflo.de, 1
+gowlingwlg.com, 1
+goworld.gq, 1
+gowpcare.com, 1
+goxyshuk.duckdns.org, 0
+goyahkles-spirit-to.tk, 1
+goyoyo.com, 1
+goyumoilexpeller.com, 1
+gozadera.es, 1
+gp-lightstone.de, 1
+gpalabs.com, 1
+gpatrading.com, 1
+gpbdev.ru, 1
+gpccp.cc, 1
+gpcp.org, 1
+gpcs.ml, 1
+gpcsolutions.fr, 1
+gpdp.it, 1
+gpfclan.de, 1
+gpforum.tk, 1
+gpga.cf, 1
+gpgscoins.com, 1
+gphalt.com, 1
+gphalt.de, 1
+gpio.gq, 1
+gpl25.ml, 1
+gplans.us, 1
+gplintegratedit.com, 1
+gpltimes.club, 1
+gpltimes.com, 0
+gpltimes.org, 1
+gplvilla.com, 1
+gpnotebook.com, 0
+gpo.gov, 0
+gpodev.gov, 1
+gpolanco.com, 1
+gpony.fr, 1
+gppro.com, 0
+gpremium.cl, 1
+gps-fleettracking.ga, 1
+gps-track-sys.info, 1
+gps.com.br, 1
+gps4net.com, 1
+gps4net.eu, 1
+gpsarena.ro, 1
+gpsbag.com, 1
+gpsblackbox.com, 1
+gpsfix.cz, 1
+gpskoordinaten.de, 1
+gpsmith.tech, 1
+gpsnavigator.tk, 1
+gpsolarpanels.com, 1
+gpspolis.nl, 1
+gpsroomers.ga, 1
+gpstrackersaustralia.com, 1
+gpsvideocanada.com, 1
+gpswebsoft.ml, 1
+gptmeaningai.com, 1
+gpu.nu, 1
+gpwaconference.com, 1
+gpwatimes.org, 1
+gpwih.com, 1
+gpwmd-portal.org, 1
+gpz500s.tk, 1
+gq-magazine.co.uk, 1
+gqms.com, 1
+gqyyingshi.com, 0
+gr.search.yahoo.com, 0
+gra-gcc.com, 1
+gra2.com, 1
+graasp.net, 0
+grabacabpa.com, 1
+grabadolasermonterrey.com, 1
+graberbooks.gq, 1
+grabi.ga, 1
+grabnews.ga, 1
+grabnews.tk, 1
+grabyourfreeleadshere.tk, 1
+grace-wan.com, 1
+gracealexwatch.org, 1
+gracebaking.com, 0
+graceclinic.com.tw, 1
+gracecommunity.school, 1
+gracecounselingcos.com, 1
+gracedaycorea.com, 1
+gracedays.org, 1
+gracedonors.co.uk, 1
+gracedonors.co.za, 1
+gracedonors.com, 1
+graceharborapps.net, 1
+gracelawoffice.com, 1
+graceradio.tk, 1
+gracereminder.com, 1
+gracethrufaith.com, 1
+gracetini.com, 1
+grachten.museum, 1
+gracia-club.tk, 1
+graciasmarvin.tk, 1
+gracodesign.eu, 1
+gradedblue.com, 1
+gradelink.com, 1
+gradenotify.com, 1
+gradgreenhouse.com, 1
+gradienthosting.co.uk, 1
+gradients.com, 1
+gradientthemes.com, 1
+gradinacufluturi.ro, 1
+gradingcontractornc.com, 1
+gradinitasamariteanulcluj.ro, 1
+gradintel.com, 1
+gradity.eu, 1
+gradle.com, 1
+gradle.org, 1
+grads360.org, 1
+gradsgateway.com, 1
+graduados.tk, 1
+gradualgram.com, 1
+graduatenursingedu.org, 1
+graduatewriter.com, 1
+graecum.org, 1
+graeskmad.dk, 1
+graetgossip.com, 1
+graetintelligence.com, 1
+graetnew.com, 1
+graetnewsnetwork.com, 1
+graetreport.com, 1
+graf-igor.ch, 1
+graf.re, 1
+grafana.com, 1
+grafcaps.com, 1
+grafenberg.tk, 1
+graffiti-street-art-ebook.tk, 1
+graffitinetwerk.nl, 1
+graffitiwall.tk, 1
+graffprint.pl, 1
+grafia.ink, 1
+graficagesa.com.br, 1
+graficanocera.com, 1
+graficasantana.com.br, 1
+graficoywebvalencia.tk, 1
+grafik.gq, 1
+grafimagenpublicidad.com, 1
+grafittikontroll.cf, 1
+grafmag.pl, 1
+grafmark.art, 1
+grafmurr.de, 1
+grafologia.tk, 1
+grafos.ml, 1
+grafoterapia.tk, 1
+grafphoto.com, 1
+graft.community, 1
+graft.spb.ru, 1
+graftoncountynh.gov, 1
+graftonglobe.cf, 1
+graftonglobe.tk, 1
+graftonnd.gov, 1
+graftworld.pw, 1
+grafuroam.com, 1
+grahambaggett.com, 1
+grahambaker.ca, 1
+grahamcarruthers.co.za, 1
+grahamcluley.com, 0
+grahamedgecombe.com, 1
+grahamleeonline.com, 1
+grahamsmith.tech, 1
+grailians.com, 1
+grailify.com, 1
+grain-feature-branch.co, 1
+grain-staging.co, 1
+grain.com, 1
+graine-de-cafe.com, 1
+graingert.co.uk, 1
+graliv.net, 0
+grallersdegegants.tk, 1
+gramati.com.br, 1
+grammar.co.id, 1
+grammar.hu, 1
+grammarhouse.me, 0
+grammofono.gr, 0
+grammysgrid.com, 1
+gramtarang.org.in, 1
+gran-hermano.tk, 1
+granalacant.tk, 1
+granary-demo.appspot.com, 0
+granaturov.mk.ua, 1
+granby404.eu, 1
+grancargo.com.br, 0
+grancellconsulting.com, 1
+grancordobahoy.com.ar, 1
+grand-books.cf, 1
+grand-certification.kz, 1
+grand-challenge.org, 1
+grand-design.tk, 1
+grand-house.gq, 1
+grand-knighki.gq, 1
+grand-sity.ru, 1
+grandalfa.co.nz, 1
+grandblanctwpmi.gov, 1
+grandcabin.md, 1
+grandcafeatpark.nl, 1
+grandcanyon.tk, 1
+grandcanyonmore.com, 1
+grandcanyonmoretours.com, 1
+grandcapital.cn, 1
+grandcapital.id, 1
+grandcapital.net, 1
+grandcapital.ru, 1
+grandchene.ch, 0
+grandchutewi.gov, 1
+grandcountydronepilot.com, 1
+grande-rock.tk, 1
+grande.coffee, 1
+grandepresion.com, 1
+grandesign.pt, 1
+grandesmaisons.fr, 1
+grandeurgifts.in, 1
+grandfallscamp.com, 1
+grandfieldok.gov, 1
+grandfoodandcateringservices.com.au, 0
+grandfootball.tk, 1
+grandhomemx.com, 1
+grandi-books.gq, 1
+grandisco.tk, 1
+grandiscontionline.com, 1
+grandislandne.gov, 1
+grandmasfridge.org, 0
+grandmass.com, 1
+grandmasternetwork.com, 1
+grandmusiccentral.com.au, 1
+grandpachy.tk, 1
+grandpad.biz, 1
+grandpad.net, 1
+grandpadusercontent.com, 1
+grandrapidsmn.gov, 1
+grandrapidswi.gov, 1
+grandstarcourier.ml, 1
+grandtiresers.ga, 1
+grandviewgynecology.ca, 1
+grandviewheights.gov, 1
+grandwailea.com, 1
+grandwill.com, 1
+grandworldnghiduong.com, 0
+grandx86.pl, 1
+granfort.es, 0
+granfutbol.com, 1
+grangecon.tk, 1
+grangette.eu, 1
+grani.gq, 1
+granian.pro, 1
+granica.tk, 1
+granigroup.ru, 1
+granishe.com, 1
+granit-capital.ga, 1
+graniteedvance.org, 1
+graniteescrow.com, 1
+graniteind.com, 1
+granitestateproductions.tk, 1
+grannynude.tv, 1
+grannypussy.net, 1
+grannypussy.tv, 1
+grannypussypics.com, 1
+grannys-stats.com, 1
+grannytitty.com, 1
+grannytube.net, 1
+grannytube.tv, 1
+grannytubes.com, 1
+granool.ga, 1
+granotamaniacos.tk, 1
+granpoder-islacristina.tk, 1
+gransfors354.com, 1
+granstoqueatacadista.com.br, 1
+granstor.com, 0
+granstrom.tk, 1
+grantashqg.com, 1
+grantcountyne.gov, 1
+grantdb.ca, 1
+granthamnh.gov, 1
+grantmorrison.net, 1
+grantsmasters.com, 1
+grantsolutions.gov, 1
+granttwpstclairmi.gov, 1
+granulate.io, 1
+graonatural.com.br, 0
+grapee.jp, 1
+grapeintentions.com, 1
+grapevine.is, 1
+graph.org, 1
+graphe.gq, 1
+graphene.software, 1
+graphenecompany.com, 1
+grapheneenergy.com, 1
+grapheneengine.com, 1
+grapheneos.ca, 1
+grapheneos.com, 1
+grapheneos.info, 1
+grapheneos.net, 1
+grapheneos.org, 1
+grapheneos.ovh, 1
+grapheneos.social, 1
+graphenepower.com, 1
+graphic-schools.com, 1
+graphic-shot.com, 1
+graphicbuffet.co.th, 1
+graphicdesignresources.net, 1
+graphicdream.tk, 1
+graphicinfo.com, 1
+graphicmemory.com, 1
+graphicnab.com, 1
+graphicps.com, 1
+graphicspace.tk, 1
+graphicwallet.com, 1
+graphicz.ml, 1
+graphiste-freelance-rouen.fr, 1
+graphite.org.uk, 1
+graphiteconnect.com, 1
+grapholio.net, 1
+graphpaper.studio, 1
+graphviewer.tk, 1
+grapixo.com, 1
+grapplinginsider.com, 1
+grasboom35plus.nl, 1
+grasdealer.com, 1
+grasengroenkunstgras.nl, 1
+grasmark.com, 1
+grasp24.pl, 1
+grasrijk.tk, 1
+grassau.com, 1
+grasscity.com, 0
+grassenberg.de, 1
+grasshoppervape.com, 1
+grasski.net, 0
+grassreinforcement.com.au, 1
+grassroots.org.nz, 1
+grast.jp, 1
+graszoden.tk, 1
+gratelin.ga, 1
+gratis-hosting.cf, 1
+gratis.market, 1
+gratis4u.tk, 1
+gratisfotos.nl, 1
+gratisfullalbum.tk, 1
+gratishandy.tk, 1
+gratisliste.de, 1
+gratismuziek.tk, 1
+gratisonlinespel.tk, 1
+gratisparati.tk, 1
+gratitudeabundancepassion.com, 1
+gratius.tk, 1
+gratiz.nl, 1
+grattan.co.uk, 1
+grattecenne.com, 1
+gratuitweb.tk, 1
+graumeier.de, 1
+gravedad-zero.tk, 1
+gravedigger.tk, 1
+gravelshooters.com, 1
+gravelshooters.net, 1
+gravelshooters.org, 1
+gravely-dealers.com, 1
+gravely.com, 1
+gravelylawn.com, 1
+gravelymower.com, 1
+gravensteengent.be, 1
+gravescountyky.gov, 1
+gravilink.com, 1
+gravira.ru, 1
+gravirovshik.ru, 1
+gravitascreative.net, 1
+gravitational.co, 1
+gravitational.com, 1
+gravitational.io, 1
+gravitco.com, 1
+gravitechthai.com, 1
+gravitlauncher.ml, 1
+graviton.work, 1
+gravity-inc.net, 1
+gravityformspdfextended.com, 1
+gravityledger.com, 1
+gravitypdf.com, 1
+gravityresearchgroup.cf, 1
+gravityresearchgroup.ga, 1
+gravityresearchgroup.gq, 1
+gravityresearchgroup.tk, 1
+gravitysupplychain.com, 1
+gravix.dk, 1
+gravytrain.tk, 1
+grawe-blog.at, 1
+gray.network, 1
+grayarrow.com, 1
+graybroughton.com, 1
+graycat.ml, 1
+grayhatter.com, 1
+graymuzzlesociety.org, 1
+grayowlworks.com, 1
+grayphics.com, 1
+grayrectangle.com, 1
+grayslakeadvisors.com, 1
+grayson.sh, 1
+graysonsmith.co.uk, 1
+graysquare.com, 1
+grayville-il.gov, 1
+grazhdanskij-advokat.tk, 1
+grbrt.com, 1
+grc.com, 0
+grd.cx, 1
+grday.com, 1
+grdnlife.site, 1
+great-ajax.tk, 1
+great-mom.tk, 1
+great.nagoya, 1
+greatagain.gov, 1
+greataltrock.tk, 1
+greatamericaneu.com, 1
+greatamericanuk.com, 1
+greatbarrierisland.nz, 1
+greatbeginningsmi.com, 1
+greatdane.com, 1
+greatdanegrp.com, 1
+greatdanemowers.com, 1
+greatepier.tk, 1
+greatergood.com, 0
+greatergoods.com, 1
+greaterzion.com, 1
+greatestcampsest.ga, 1
+greatestwallsest.ga, 1
+greatfallsmt.gov, 1
+greatfire.org, 1
+greatgooglymoogly.tk, 1
+greathairtransplants.com, 1
+greathillpartners.com, 1
+greatlakesden.net, 1
+greatlakesintegrativemed.com, 1
+greatlakestechdiving.com, 1
+greatlifeinsurancegroup.com, 1
+greatlms.com, 1
+greatnetsolutions.com, 1
+greatnews.ro, 1
+greatoceanroadbrewhouse.com.au, 1
+greatplains.io, 1
+greatplainsaustralia.com.au, 1
+greatrenumbering.tk, 1
+greatrichmond.com, 1
+greatsankeypc.org.uk, 1
+greatscholars.tk, 1
+greatscience.tk, 1
+greatsittersers.ga, 1
+greatsittersest.ga, 1
+greatsurfersers.ga, 1
+greatsurfersest.ga, 1
+greatvacation.tk, 1
+greatwebdesign.uk, 1
+grechutaszkolenia.pl, 1
+greciahora.com, 1
+greeblehaus.com, 1
+greedy-it.de, 1
+greek-islands-hotels.tk, 1
+greeklish.gr, 1
+greekmusic.academy, 1
+greeknewspapers.tk, 1
+greeks.tk, 1
+greekweb.tk, 1
+greeleycountyne.gov, 1
+green-adn.com, 1
+green-anarchy.tk, 1
+green-attitude.be, 1
+green-aura.ru, 0
+green-clean.at, 1
+green-factory.gq, 1
+green-factory.ml, 1
+green-gardens.fr, 1
+green-laser.ga, 1
+green-laser.ml, 1
+green-light.cf, 1
+green-light.co.nz, 0
+green-light.ga, 1
+green-light.gq, 1
+green-light.ml, 1
+green-paradise.tk, 1
+green-smart.com, 1
+green-snake.com, 1
+green-version.com, 1
+green-wood.com, 1
+green.com.do, 1
+greenacrescannabisgroup.com, 1
+greenaddress.it, 1
+greenangels.com.ua, 1
+greenapproach.ca, 1
+greenartistsswiss.ch, 1
+greenassembly.fr, 1
+greenbat57.fr, 1
+greenbeauty.in, 1
+greenbuildingsystemsllc.com, 1
+greenburghny.gov, 1
+greencapital.gent, 1
+greencbd.com, 1
+greencircleplantnursery.com.au, 1
+greencircleplantnursery.net.au, 1
+greenclouddefense.com, 1
+greencocktail.ga, 1
+greencoconutresort.cf, 1
+greencoconutresort.ga, 1
+greencoconutresort.gq, 1
+greencoconutresort.ml, 1
+greencross.cf, 1
+greencyprus.com, 1
+greendaylivecrew.tk, 1
+greendesserters.ga, 1
+greendessertest.ga, 1
+greendiscussionsers.ga, 1
+greendotcc.com, 1
+greendotcredit.com, 1
+greendragonsearch.tk, 1
+greendrive.tk, 1
+greendvorik.com.ua, 1
+greenearthlawns.com, 0
+greenecountyny.gov, 1
+greenecountyohio.gov, 1
+greenecountytn.gov, 1
+greenecountytnsheriffsdept.gov, 1
+greenetwpclintonpa.gov, 1
+greenews.ga, 1
+greenex.pro, 1
+greenfever.pl, 1
+greenfieldlaxwi.gov, 1
+greenfieldwi.gov, 1
+greenflashforensics.com, 1
+greenforum.tk, 1
+greenfoxadventures.com, 1
+greenfunder.co.uk, 1
+greengarden.tk, 1
+greengates.co.uk, 1
+greengoblindev.com, 1
+greengorych.io, 1
+greengorych.ru, 1
+greengov.gov, 1
+greengrocery.tk, 1
+greenhandy.com, 1
+greenhats.de, 1
+greenhillhosting.com, 1
+greenholiday.tk, 1
+greenhollowbowmen.tk, 1
+greenhous-technology.tk, 1
+greenice.net, 1
+greeningsremovalsandstorage.co.uk, 1
+greenislandgroupny.com, 1
+greenit.eco, 1
+greenkey.gent, 1
+greenkitchen.tk, 1
+greenlakecountywi.gov, 1
+greenland-estate.tk, 1
+greenleft.org.au, 1
+greenlifecannabis.com, 1
+greenlifetour.tk, 1
+greenlighttreeservices.com, 1
+greenline.financial, 1
+greenliquidsystem.com, 1
+greenliv.pl, 1
+greenmesg.org, 1
+greenmind.tk, 1
+greenmoon.tk, 1
+greenmountainenergy.com, 1
+greenopedia.com, 1
+greenopeningsers.ga, 1
+greenopeningsest.ga, 1
+greenpal.jp, 1
+greenpanda.de, 1
+greenpartyofnewmilford.org, 1
+greenpaws.ee, 1
+greenpeace.community, 1
+greenplanet.tk, 1
+greenplanetgrass.com.au, 1
+greenridgemo.gov, 1
+greenroach.ru, 1
+greenroom.tk, 1
+greenrushdaily.com, 1
+greensad36.ru, 1
+greensboro.com, 1
+greensborosecuritycameras.com, 1
+greensborovt.gov, 1
+greensidevetpractice.co.uk, 1
+greensilllatam.com, 1
+greensmartplanet.com.my, 1
+greensmartplanet.my, 1
+greensph.tk, 1
+greensquare.tk, 1
+greenstation.no, 1
+greensurpriseers.ga, 1
+greensurpriseest.ga, 1
+greenswimmingers.ga, 1
+greenswimmingest.ga, 1
+greentea.gq, 1
+greentea.ml, 1
+greentea.tk, 1
+greenteamtwente.nl, 1
+greentechhvac.in, 1
+greenthought.tk, 1
+greentop.tk, 1
+greenupchdky.gov, 1
+greenux.cloud, 1
+greenux.cz, 1
+greenville.k12.sc.us, 1
+greenware.tk, 1
+greenway-moskva.ru, 1
+greenwaylog.net, 1
+greenwhitearmy.tk, 1
+greenwichbiosciences-influence-beta.azurewebsites.net, 1
+greenwiki.ca, 1
+greenwithdecor.com, 1
+greenwood-it.co.uk, 1
+greenwoodne.gov, 1
+greenwoodny.gov, 1
+greenwoodtwpcrawfordpa.gov, 1
+greenytimes.com, 1
+greenyway.com, 1
+greenzved.tk, 1
+greer.ru, 1
+greetabl.com, 1
+greetingcdsers.ga, 1
+greetingcdsest.ga, 1
+greffe-de-cheveux-turquie.com, 1
+greg.red, 1
+gregbrimble.com, 1
+gregdf.com, 1
+greger.me, 1
+greghouse.tk, 1
+gregmartyn.com, 1
+gregmarziomedia-staging.com, 1
+gregmarziomedia.co.za, 1
+gregmarziomedia.com, 1
+gregmc.ru, 1
+gregmckeown.com, 1
+gregmilton.com, 1
+gregmilton.org, 1
+gregmote.com, 1
+grego.pt, 1
+gregoirow.be, 1
+gregorians.org, 1
+gregorkofler.com, 1
+gregory-kramer.fr, 1
+gregory-thibault.com, 1
+gregorydorrifourt.fr, 1
+gregoryhammond.ca, 1
+gregorykelleher.com, 1
+gregoryrealestategroup.com, 1
+gregorywiest.com, 1
+gregproffit.com, 1
+gregscloud.com, 1
+greizer.tk, 1
+grekiskagudar.tk, 1
+grekos.com.pl, 1
+gremagol.xyz, 1
+gremlinsmountain.tk, 1
+grenade.ga, 1
+grenadiercorps-kaarst.de, 1
+grenadiere-kaarst.de, 1
+grenadierkorps-kaarst.de, 1
+grenadierkorps.de, 1
+grend.gq, 1
+grenfell.org.au, 1
+grenfellinternetcentre.com.au, 1
+grengine.ch, 1
+grenlan.com, 1
+grenoblepartners.com, 1
+grepable.com, 1
+grepular.com, 1
+gresak.io, 0
+gresik.info, 1
+gresrewop.ca, 1
+gresrewop.com, 1
+greta-birkner.de, 1
+greta-fischer-schule.de, 1
+gretathemes.com, 1
+gretch.space, 1
+gretchensbridalgallery.com, 1
+greuel.online, 1
+greutmann.net, 1
+grevenagreece.gr, 1
+grevesgarten.de, 1
+grexx.today, 1
+grey-cat.tk, 1
+greybullwy.gov, 1
+greycentre.com, 1
+greycrane.net, 1
+greydesign.tk, 1
+greyhackcentral.gq, 1
+greyhash.se, 1
+greyheads.cat, 1
+greyline.tk, 1
+greymatteroffline.tk, 1
+greymattertechs.com, 1
+greymuzzlemanor.org, 1
+greypanel.com, 1
+greyrectangle.com, 1
+greyskymedia.com, 1
+greysolonballroom.com, 1
+greystonesmovement.com, 1
+greystonesscouts.tk, 1
+greywalker.tk, 1
+greywolf.cz, 1
+grfinefoods.co.uk, 1
+grfnhousing.org, 1
+grg.de, 1
+grh.am, 0
+grhhosting.com, 1
+griassdi-reseller.de, 1
+gricargo.com, 1
+grickle.org, 1
+grid.is, 1
+gridcatalyst.org, 1
+gridfuse.com, 1
+gridgain.com, 1
+gridgames.tk, 1
+gridgroup.com.tr, 1
+gridironelitetraining.com, 1
+gridlab.de, 1
+gridly.nl, 1
+gridspace.ca, 1
+gridtennis.net, 1
+gridvis.cloud, 1
+griechische-pfoetchen.de, 1
+griefheart.com, 1
+grieg-gaarden.no, 1
+grieg.net, 1
+grieg.no, 1
+grieg.org, 1
+grieglogistics.no, 1
+griegshipbrokers.no, 1
+griendencollege.tk, 1
+grienenberger.eu, 1
+griesser2.de, 1
+griffin.com, 1
+griffinmuseum.org, 1
+griffinsrfc.tk, 1
+griffithobs.org, 1
+griffithobservatory.org, 1
+griffophotography.tk, 1
+grifomarchetti.com, 1
+grifone.tk, 1
+griftersnet.com, 1
+grigo.ga, 1
+grigo.tk, 1
+grigoraslaw.com, 1
+grigorev.tk, 1
+grijalba.tk, 1
+grijpskerk500.tk, 1
+grillboxtaxi.de, 1
+grillen-darf-nicht-gesund-sein.de, 1
+grillfocused.com, 1
+grillidellostretto.tk, 1
+grilllness.com, 1
+grilltanksplus.com, 1
+grimdarkterrain.com, 1
+grimetoshinecleaners.co.uk, 1
+grimm.cz, 1
+grimmhome.com, 1
+grimmonolith.tk, 1
+grimorium.tk, 1
+grimsby.ac.uk, 1
+grimsbydns.com, 1
+grimsbymoneyman.com, 1
+grinday.tk, 1
+grindgore.tk, 1
+grinmore.com, 1
+grinned.tk, 1
+grinnellplanes.com, 1
+grinnellplans.com, 1
+grinpis.tk, 1
+gripcoat.jp, 1
+gripeffect.nl, 1
+gripeh1n1.com, 1
+gripencrossfit.cf, 1
+gripencrossfit.gq, 1
+gripnijmegen.rip, 1
+gripopit.nl, 1
+gripvol.nl, 1
+gripwenab.cf, 1
+grishavirus.cf, 1
+grissianerhof.com, 1
+griswoldia.gov, 1
+grit3.com, 1
+gritsany.hopto.org, 1
+griyadenature.tk, 1
+griyo.online, 1
+grizz.gdn, 1
+grizzenergygum.com, 1
+grizzlys.com, 0
+grizzlys.tk, 1
+grm.com.co, 1
+grnbank.com, 1
+groaccess.com, 1
+groben-itsolutions.de, 1
+grockradio.ga, 1
+grocock.me.uk, 1
+groenaquasolutions.nl, 1
+groenemoskeeen.nl, 0
+groeneoldtimer.nl, 1
+groenlinks.nl, 1
+groentebesteld.nl, 1
+groenteclub.nl, 0
+groentefruitzeep.com, 1
+groentefruitzeep.nl, 1
+groepjam-usedcars.be, 1
+groepper-it.de, 1
+groestlcoin.org, 1
+groetzner.net, 1
+grog.pw, 1
+grokker.com, 1
+groklearning.com, 1
+grolimur.ch, 0
+grolleau.fr, 1
+gromasikov.tk, 1
+gromovphotography.tk, 1
+gronau-it-cloud-computing.de, 1
+grondius.com, 1
+grondwerkencooreman.be, 1
+groningerkustvaart.tk, 1
+groomershop.ru, 0
+groomlake.tk, 1
+groomscroft.co.uk, 1
+groomscroft.com, 1
+grooove.pl, 1
+grootinadvies.nl, 1
+groots.com, 1
+groove3.com, 1
+grooveguard.tk, 1
+groover.com.br, 1
+groovie.tk, 1
+groovyboove.co.uk, 1
+groovydiscountsers.ga, 1
+groovydiscountsest.ga, 1
+groovydisk.com, 1
+groovygoldfish.org, 1
+gropar.ch, 1
+gropar.com, 1
+gropp.org, 1
+grosirfashion.online, 1
+gross.business, 1
+grossberger-ge.org, 0
+grosser.io, 1
+grossiste-en-ligne.com, 1
+grossiste-vanille.fr, 1
+grossmisconduct.news, 1
+grossorders.com, 1
+groszek.pl, 1
+grotesk.tk, 1
+groth.im, 1
+groth.xyz, 1
+grothem.cf, 1
+grothem.gq, 1
+grothoff.org, 1
+grottalchemica.it, 1
+grottenthaler.eu, 1
+grouchysysadmin.com, 1
+ground-control.de, 1
+groundball.tk, 1
+groundfm.tk, 1
+groundmc.net, 1
+groundsdirect.com, 1
+groundspan.com, 1
+groundthumpingmotors.com, 1
+groundthumpingmotors.net, 1
+groundthumpinmotors.com, 1
+groundthumpinmotors.net, 1
+group-digitcom.com, 1
+group-galore.com, 1
+group-project.xyz, 1
+group4layers.net, 1
+groupama.hu, 1
+groupama.sk, 1
+groupamadirekt.hu, 1
+groupdcc.com, 1
+groupe-accedia.org, 1
+groupe-cassous.com, 1
+groupe-erige.com, 1
+groupe-goddi.com, 1
+groupe-neurologique-nord.lu, 0
+groupeaccedia.biz, 1
+groupeaccedia.com, 1
+groupeaccedia.fr, 1
+groupeaccedia.info, 1
+groupeaccedia.net, 1
+groupeconseilera.com, 1
+groupekabowd.com, 1
+groupeleven.com, 1
+groupeonepoint.com, 1
+groupeperrier.com, 1
+grouperacinecotedesbar.fr, 1
+groupescr.fr, 0
+groupghistelinck-cars.be, 1
+groupkoufopoulou.gr, 1
+groupleavingcards.com, 1
+groupmallers.ga, 1
+groupmallest.ga, 1
+groupme.com, 1
+groupouts.com, 1
+grouppassers.ga, 1
+groups.google.com, 1
+groupsgyani.com, 1
+groupsh.ca, 1
+groupsite.blue, 1
+groupx.tk, 1
+groutandseal.co.nz, 1
+grove-archiv.de, 1
+grovecity.cf, 1
+grovecity.ga, 1
+grovecity.gq, 1
+grovecity.ml, 1
+grovecrypto.com, 1
+grovefinancialgroup.com.au, 1
+groveland.place, 1
+grovelandmi.gov, 1
+grovesales.co.uk, 1
+growatiopex.com, 1
+growblocks.com, 1
+growbydata.com, 1
+growbyrabbit.com, 1
+growcamp.com.br, 1
+growebmarketing.com, 0
+growers.social, 1
+growery.com, 1
+growery.net, 1
+growery.org, 1
+growidentity.com, 1
+growingallthings.co.uk, 1
+growinghumankindness.com, 1
+growingsearch.com, 1
+growitsecure.com, 1
+growledlamp.fr, 1
+growledlamp.it, 0
+growme.gq, 1
+growth-rocket.com, 1
+growth.design, 1
+growthagent.com, 1
+growthandrenewal.ca, 1
+growthinbusiness.com, 1
+growthlab.com.my, 1
+growthlytics.co.uk, 1
+growthoutpatient.com, 1
+growthseedconsulting.com, 1
+growthservicesinc.com, 1
+growthsimulationest.ga, 1
+growthtoysers.ga, 1
+growthtoysest.ga, 1
+growwithdaylight.co.uk, 1
+growy.ch, 0
+grozdanov.tk, 1
+grozter.se, 1
+grpformations.cloud, 1
+grplusbd.cf, 1
+grsecurity.net, 1
+grsglaciere13.asso.fr, 1
+grtc.today, 1
+grthomes.com, 1
+grtmmail.com, 1
+grtp02.com, 1
+gruaskmsa.cl, 1
+gruasllanos.cl, 1
+gruber-software.com, 0
+gruble.de, 1
+gruca.com.br, 1
+gruebebraeu.ch, 1
+grueberstein.de, 1
+gruelang.org, 1
+gruenderlehrstuhl.de, 1
+gruene-im-rvr.de, 1
+gruene-linde-schwimmen.tk, 1
+gruene-wattenscheid.de, 1
+gruener-salon-bochum.de, 1
+gruenerpass.co.at, 1
+gruenes-wp.de, 1
+gruenhagenlaw.com, 1
+gruenprint.de, 1
+gruenwedels-restaurant.de, 1
+gruenwedels.de, 1
+gruhn.email, 1
+grummittgroundworks.co.uk, 1
+grumpie.tk, 1
+grumpy.fr, 1
+grumpygamers.com, 1
+grumpyguy.ga, 1
+grundig.co.uk, 1
+grundlage.fi, 1
+grundschulratgeber.de, 1
+grundskoleboken.ga, 1
+grundskoleboken.gq, 1
+grundskoleboken.tk, 1
+grundycountyil.gov, 1
+grundycountyiowa.gov, 1
+grunion.tk, 1
+grunlab.net, 1
+grunttoziemia.pl, 1
+grunwaldzki.center, 1
+grunwasser.fr, 1
+grupatvogzivota.tk, 1
+grupdedansa.tk, 1
+gruphepsi.tk, 1
+grupo-famia.tk, 1
+grupo-zoom.com, 1
+grupoauxteclic.com, 1
+grupobit.net, 1
+grupocata.com, 1
+grupocb.com.br, 1
+grupodcasa.tk, 1
+grupodecoroinhaspnsa.tk, 1
+grupodepasajeros.tk, 1
+grupodes.com.br, 1
+grupoeitb.eus, 1
+grupoellatu.tk, 1
+grupoenelcolombia.com, 1
+grupoeurodesign.com, 1
+grupofarmavip.pt, 1
+grupoharbour.com, 1
+grupoice.com, 1
+grupoiwana.tk, 1
+grupolegalsgf.com, 1
+grupomacroex.com, 1
+grupomanquecura.tk, 1
+grupomedlegal.com, 1
+grupomonti.com.ar, 1
+grupomwr.com, 1
+grupoparco.com, 1
+grupoproabienesraices.com.mx, 1
+grupos.cf, 1
+gruposanjose.tk, 1
+gruposiit.com.mx, 1
+grupovendap.com, 1
+grupovisabeira.com, 0
+gruppa.ml, 1
+gruppa.net, 1
+gruppakolibri.ml, 1
+gruppe-casablanca.tk, 1
+grupposiciliaviola.tk, 1
+gruppotac.com, 1
+grurez.com, 1
+gruta.website, 1
+gruveo.com, 1
+gruver.de, 1
+gruwa.net, 1
+gruz0.ru, 1
+gruzchiki.ml, 1
+gruzchiki74.tk, 1
+gruzinfo.tk, 1
+gruzmt.ru, 1
+gruzoperevozki.ml, 1
+gruzoperevozki.tk, 1
+grwebdesigns.gr, 1
+gryffin.ga, 1
+gryffin.ml, 1
+gryffin.tk, 1
+gryphzia.cf, 1
+gryte.tk, 1
+grytics.com, 1
+grzegorzchomutowski.pl, 1
+grzesiak.com, 1
+gs-pflege.de, 1
+gs93.de, 1
+gsa-online.de, 1
+gsa.gov, 1
+gsaadvantage.gov, 1
+gsaauctions.gov, 1
+gsafleet.gov, 1
+gsaj114.net, 1
+gsatest2.gov, 1
+gsaxcess.gov, 1
+gscgh.com, 1
+gscloud.xyz, 1
+gsd.id, 1
+gsded.com, 1
+gse.space, 1
+gservera.com, 1
+gsfreak.pt, 1
+gshoes.bg, 1
+gsilva.org, 1
+gsimagebank.co.uk, 1
+gsiw.be, 1
+gsiw.gent, 1
+gslabnet.org, 1
+gslate.com, 0
+gsm-info.tk, 1
+gsmbrick.com, 1
+gsmkungen.com, 1
+gsmmedia.tk, 1
+gsmpreview.com, 1
+gsmsale.nl, 1
+gsmtool.tk, 1
+gsmvermist.tk, 1
+gsp.com, 1
+gspcreations.com, 1
+gspilar.tk, 1
+gsrc.io, 1
+gst.name, 1
+gst.priv.at, 1
+gstackrankers.com, 1
+gstehlik.com, 1
+gstrans.bg, 1
+gt-himmel.com, 1
+gta-arabs.com, 1
+gta5redux.com, 1
+gtacoop.com, 1
+gtacty.co, 1
+gtaforum.nl, 1
+gtagames.nl, 1
+gtalenders.ca, 1
+gtanalytics.com, 1
+gtapg.net, 1
+gtb-nsn.gov, 1
+gtbeyes.com, 1
+gtbgames.com, 1
+gtbprivacy.com, 1
+gtc.com.gt, 0
+gtcountymi.gov, 1
+gtcprojects.com, 1
+gtd.cloud, 1
+gtdnordic.fi, 1
+gtek.com.br, 1
+gtgcloudservices.com, 1
+gti.cx, 1
+gtk-tim.ru, 1
+gtlaun.ch, 0
+gtlcenter.org, 1
+gtld.fyi, 1
+gtm-server.com, 1
+gtmetrix.com, 1
+gtmhub.com, 1
+gtn-pravda.ru, 1
+gtonline.ml, 1
+gtopala.com, 1
+gtopala.net, 1
+gtreasury.com, 1
+gtrwebdesign.nl, 0
+gts-tradgard.se, 1
+gts-varmepumpar.se, 1
+gtsb.io, 1
+gtsoftware.gr, 1
+gttglobal.com, 1
+gtupgrade.eu, 1
+gtxmail.de, 1
+gtxthere.tk, 1
+gtzq.com, 1
+gu153gx.uk, 1
+guadagnare.info, 1
+guadagnosicuro.tk, 1
+guadalinfoconlaroja.tk, 1
+guadaluperoses.co, 1
+guadalupetx.gov, 1
+guajars.cl, 1
+guamcourts.gov, 1
+guanggaonet.com, 1
+guangjiangk.com, 1
+guannan.net.cn, 0
+guanzhong.ca, 1
+guapcoinswap.finance, 1
+guapi.ml, 1
+guaranteedexchangeers.ga, 1
+guaranteedexchangeest.ga, 1
+guaranteedfitdanceshoes.com, 1
+guaranteedfittangoshoes.com, 1
+guardando.tk, 1
+guardedbox.com, 1
+guardedbox.es, 1
+guarderiajackson.tk, 1
+guardiabermellon.tk, 1
+guardian-codex.tk, 1
+guardian-heliotrope.tk, 1
+guardian360.nl, 1
+guardianangelportraits.com, 1
+guardiancodewebservices.com, 1
+guardianerm.net, 1
+guardiapretoriana.tk, 1
+guardreserves.com, 1
+guarever.tk, 1
+guarrato.tk, 1
+guategmala.ga, 1
+guateradio.tk, 1
+guatzessen.at, 1
+guayaquil-consort.tk, 1
+gubagoo.com, 1
+gubagoo.io, 1
+gubea.org, 0
+gubernia37.ml, 1
+gubka.ga, 1
+gudaman.com, 1
+gudangpangan.id, 1
+gudbrand.no, 1
+guddaff.de, 1
+gudini.net, 1
+gudostudio.tk, 1
+gudrow.com, 1
+gudrun.ml, 1
+gudrun.tk, 1
+gudrunsleiter.it, 1
+gueckgueck.tk, 1
+guegan.de, 1
+guejarsierra.tk, 1
+guelo.ch, 1
+guelphhydropool.com, 1
+guendra.dedyn.io, 1
+guenstiger-it-support.ch, 1
+guenstigparken.de, 1
+guenther-freitag.tk, 1
+guenthereder.at, 1
+guerard.info, 1
+guercioarchitecture.com, 1
+guerillastocktrading.com, 1
+guernica1913.tk, 1
+guernseycounty.gov, 1
+guerra-civil.tk, 1
+guerra24.net, 1
+guerracivilencaceres.tk, 1
+guerrasgalacticas.tk, 1
+guerrilla-marketing.cf, 1
+guerrillaradio.tk, 1
+guerrillas.tk, 1
+guesclin.com, 1
+guessmatch.com, 1
+guestandmore.de, 1
+guestby.tk, 1
+guesthouse-namaste.com, 1
+guesthouse.tk, 1
+guestnetscript.tk, 1
+guestofhonor.tk, 1
+gueules-cassees.asso.fr, 1
+guevener.de, 1
+gufen.ga, 1
+gufen.gq, 1
+guffr.it, 1
+gufolev.tk, 1
+gugaltika-ipb.org, 0
+gugcstudentguild.com.au, 0
+guge.ch, 1
+gugert.net, 1
+gugli3d.com, 1
+gugs.tk, 1
+gugu-game.tk, 1
+gugucnn.tk, 1
+gugumu.com, 1
+guhei.net, 1
+guhenry3.tk, 1
+guiabroker.com, 1
+guiacg.com, 0
+guiaextra.com, 1
+guiahotelera.com.co, 1
+guialegal.co, 1
+guiaminhasaude.net, 1
+guiaprofesional.co, 1
+guiarestobar.com.co, 1
+guiascliente.com, 1
+guiasdemexico.tk, 1
+guiasescapate.tk, 1
+guiasuteis.com.br, 1
+guiatelefone.com, 1
+guiaturismovallarta.com, 1
+guiaturisticanuevayork.com, 1
+guid2steamid.com, 1
+guid2steamid.pw, 1
+guidaditalia.com, 1
+guiddy.fr, 1
+guide-ecole.ch, 1
+guide-peche-cantal.com, 0
+guide-voyage.ga, 1
+guidebook.co.tz, 1
+guidecbd.fr, 1
+guidechecking.com, 1
+guidedesventes.fr, 1
+guidedogs.org.uk, 1
+guidedselling.net, 1
+guidedsteps.com, 0
+guidegr.com, 1
+guidehouseinsights.com, 1
+guideline-pro.com, 1
+guideline.com, 1
+guideline.gov, 1
+guideline.io, 1
+guidelines.gov, 1
+guidemaroc.tk, 1
+guideo.ch, 0
+guidepointsecurity.com, 1
+guideposts.org, 0
+guides-peche64.com, 1
+guidesacademe.com, 1
+guidesiracusa.tk, 1
+guidesorbetiere.com, 1
+guidethailande.tk, 1
+guidetourism.tk, 1
+guidoclub.fr, 1
+guidopedia.ga, 1
+guikemarijwielhandel.nl, 1
+guild.xyz, 1
+guilda.gg, 1
+guilded.gg, 1
+guildgearscore.cf, 1
+guildnet.tk, 1
+guilfordct.gov, 1
+guilfordvt.gov, 1
+guillaume-briand.fr, 1
+guillaumecote.me, 1
+guillaumematheron.fr, 1
+guillaumesworld.com, 1
+guille.tk, 1
+guillemagullo.tk, 1
+guillembosch.es, 1
+guillen.tk, 1
+guillouf.com, 1
+guiltyfox.ca, 1
+guiltyfox.com, 1
+guim.co.uk, 1
+guinaliu.tk, 1
+guineapig101.com, 1
+guineapigmustach.es, 1
+guinel-johnson.fr, 1
+guinguetteclovis.com, 1
+guirossler.com.br, 1
+guise.tk, 1
+guitar-strings-online.tk, 1
+guitarangel.tk, 1
+guitards.tk, 1
+guitare-rumba-congolaise-school.com, 1
+guitarefacile.tk, 1
+guitarfreak.tk, 1
+guitarraclasica.tk, 1
+guitarreria.tk, 1
+guitarristaluisquintero.com, 1
+guitarristas.info, 1
+guitartrader.international, 1
+gujarat.tk, 1
+gujinfo.com, 1
+gujun-sky.com, 1
+guki.me, 1
+gulabovski.ga, 1
+gulchuk.com, 1
+gulcinulutuna.com, 1
+guldhaug.org, 1
+guldkorn.dk, 1
+gule.loan, 1
+gulenbase.no, 1
+gulfcoastwaterauthoritytx.gov, 1
+gulfstream.ru, 0
+gulfvestors.com, 1
+gulizaroztemel.av.tr, 1
+gulkhannasir.tk, 1
+gulliversfun.co.uk, 1
+gulliwer.tk, 1
+gulllakeview.com, 1
+gulphora.tk, 1
+gulsot.tk, 1
+guma.cf, 1
+guma.ml, 1
+gumag.tk, 1
+gumbles.tk, 1
+gumbo-millennium.nl, 1
+gumbo.gq, 1
+gumbo.nu, 1
+gumeyamall.jp, 1
+gumi.ca, 1
+gummibande.noip.me, 0
+gummientchen.net, 1
+gumtree.ie, 1
+gunarchive.com, 1
+gunauc.net, 1
+gunbot.com, 1
+gunbrig.com, 0
+gundemguncel.tk, 1
+gunerds.com.br, 1
+gunfighterj.com, 1
+gunhunter.com, 1
+guninstructionsers.ga, 1
+guninstructionsest.ga, 1
+gunisifiyatlari.com, 1
+gunlaketribe-nsn.gov, 1
+gunners.cf, 1
+gunnlawfirm.com, 1
+gunstatus.net, 1
+gunturnovizal.tk, 1
+gununsesi.info, 1
+gununsesi.org, 1
+gununsesiaz.info, 1
+gunvaluesboard.com, 1
+gunwatch.co.uk, 1
+gunworld.com.au, 1
+gunz.net, 1
+gunziefolleto.tk, 1
+gunzreplays.com, 1
+guochang.fun, 1
+guoda.art, 1
+guogetv.com, 1
+guohuageng.com, 1
+guoke.com, 1
+guolaoban.xyz, 1
+guolaw.ca, 1
+guomai.com, 1
+guozeyu.com, 1
+gura.moe, 1
+gurbetilan.com, 1
+gurges.xyz, 1
+guri.ml, 1
+gurl.eu.org, 1
+gurleyal.gov, 1
+gurmel.ru, 1
+gurselcetin.com, 1
+gurty.tk, 1
+guru-naradi.cz, 1
+guruakuntansi.co.id, 1
+guruarchive.com, 1
+gurucomi.com, 1
+gurufox.ai, 1
+gurugamer.com, 1
+gurumobile.tk, 1
+gurunanakdarvar.tk, 1
+gurunanakhospitals.com, 1
+gurunpa.com, 1
+gurupendidikan.co.id, 1
+gururi.com, 1
+gurutraveltraining.com, 1
+guruworld.tk, 1
+gus.moe, 1
+gusar.by, 1
+gusli.net, 1
+guso.gq, 1
+gust.edu.kw, 0
+gust.org.pl, 1
+gustaff.de, 1
+gustarfsberg.cf, 1
+gustarfsberg.ga, 1
+gustarfsberg.gq, 1
+gustarfsberg.tk, 1
+gustavapp.com, 1
+gustaveeiffel-arruda.pt, 1
+gustavo-lima.ml, 1
+gustavoleiloeiro.lel.br, 1
+gustavomolina.com, 1
+gustavopalitos.com.br, 0
+gustavovelasco.ml, 1
+gustavscelmins.tk, 1
+gustaw.net.pl, 1
+gusted.xyz, 1
+gustiaux.com, 0
+gustimaulan.com, 1
+gusto.com, 1
+gustom.io, 0
+gusuraman.tk, 1
+gutegutscheine.at, 1
+gutegutscheine.ch, 1
+gutegutscheine.de, 1
+gutenburger-marburg.de, 1
+gutendag.ga, 1
+gutetexte.tk, 1
+guthabenkarten-billiger.de, 1
+gutieli.com, 1
+gutierrezvidal.tk, 1
+gutmeister.ch, 1
+gutools.co.uk, 1
+guts.me, 1
+guts.moe, 1
+gutscasino.ml, 1
+gutschein-spezialist.de, 1
+gutscheineplus.de, 1
+gutscheingeiz.de, 1
+gutscheinpony.de, 1
+gutstein.ch, 1
+gutterbus.com, 1
+gutterdogs.com, 1
+gutterguardcharlotte.com, 1
+gutterguardsystems.com, 1
+guttergurugeelong.com.au, 1
+gutterpupper.com, 1
+guttershutter.biz, 1
+guttertex.com, 1
+gutuia.blue, 1
+guug.ml, 1
+guus-thijssen.nl, 1
+guvernalternativa.ro, 1
+guwowo.com, 1
+guyeskens.be, 1
+guykokken.tk, 1
+guymenje.com, 1
+guypearce.co.uk, 1
+guyretreaters.ga, 1
+guyretreatest.ga, 1
+guys-reviews.ml, 1
+guysauto.com, 1
+guysroulette.com, 1
+guytarrant.co.uk, 1
+guythomasevans.co.uk, 0
+guzdek.co, 1
+guzelforum.tk, 1
+guzelkadinlar.tk, 1
+guzellikmerkezleri.tk, 1
+guzelresim.tk, 1
+guzelsozlerim.tk, 1
+guzelvideo.tk, 1
+guzemarkets.com, 1
+guzey.me, 1
+guzgu.me, 1
+guzlewski.pl, 1
+gv-kirchberg.ch, 1
+gv-neumann.de, 1
+gv-salto.nl, 1
+gvaa.nl, 1
+gvatas.in, 1
+gvc-it.tk, 1
+gvchannel.xyz, 1
+gvdn.cz, 1
+gveh.de, 1
+gvenglish.com, 1
+gvh.hu, 1
+gvip.xyz, 0
+gvitebsk.cf, 1
+gvobgyn.ca, 1
+gvoetbaldagenalcides.nl, 1
+gvoh-ny.gov, 1
+gvt2.com, 1
+gvt3.com, 1
+gvvsicilia.tk, 1
+gvwgroup.cloud, 1
+gvwgroup.com, 1
+gvwparts.com, 1
+gw-uks-app-test-coreapi-02.azurewebsites.net, 1
+gw.fi, 1
+gw.lu, 1
+gw2efficiency.com, 1
+gw2treasures.com, 1
+gw66.cc, 0
+gwandalancobras.com.au, 0
+gwbet99.cc, 1
+gwennyeeckels.com, 1
+gwenolakaigre.tk, 1
+gwerder.net, 1
+gwg-march.ch, 1
+gwinnettcounty.gov, 1
+gwinteriors.com.au, 1
+gwmean.tk, 1
+gwnmarketing.com, 1
+gwo24.pl, 1
+gworld.cf, 1
+gwrr.com, 1
+gwrtech.com, 1
+gwy15.com, 1
+gwynfryncottages.com, 1
+gxdesign.tk, 1
+gxgx.org, 1
+gxm5.com, 1
+gxmyqy.net, 1
+gyaanprasaar.tk, 1
+gyanchowk.com, 1
+gyannews.ga, 1
+gyas.nl, 1
+gybagardlin.tk, 1
+gycis.me, 1
+gyefund.com, 1
+gyefund.org, 1
+gyertyalang.hu, 1
+gyjbyev.ga, 1
+gyllander.tk, 1
+gylly.net, 1
+gyllyngvase.com, 1
+gymagine.ch, 1
+gymbase.ml, 1
+gymbunny.de, 1
+gymguyzclearwater.com, 1
+gymguyzstpete.com, 1
+gymguyztampa.com, 1
+gymhero.me, 1
+gymjokesers.ga, 1
+gymjokesest.ga, 1
+gymkirchenfeld.ch, 1
+gymnaserenens.ch, 0
+gymnasium-farmsen.de, 1
+gymnasium-hittfeld.de, 1
+gymnasium56.tk, 1
+gymnastic.cf, 1
+gymnastic.ga, 1
+gymnastic.gq, 1
+gymnastic.ml, 1
+gymnastic.tk, 1
+gymnasticbodies.com, 1
+gymnastikfitness.se, 1
+gymnchod.cz, 1
+gymonlondon.com, 1
+gympap.de, 1
+gympass.com, 1
+gymvilla.nl, 1
+gynaecology.co, 1
+gynaeinfertility.com.sg, 1
+gynaemd.com.sg, 1
+gynaemdclementi.com.sg, 1
+gynaeovariancyst.com.sg, 1
+gynas.co.uk, 1
+gyongyosi.ga, 1
+gyoriedes.hu, 1
+gyoza.beer, 1
+gypsiebylouise.com, 1
+gypso-sendai.com, 1
+gypsybloom.co.uk, 1
+gypsymama.cz, 1
+gypsyreel.com, 1
+gyre.ch, 0
+gyrenens.ch, 0
+gyroscopicinvesting.com, 1
+gyrusclinic.com, 1
+gyu-raku.jp, 1
+gyx.one, 1
+gyy.me, 1
+gz-architekten.de, 1
+gz-benz.com, 1
+gz-bmw.com, 1
+gza.jp, 1
+gzitech.com, 1
+gzitech.net, 1
+gzitech.org, 1
+gzlivre.org, 1
+gzom.ru, 1
+gzonemu.ga, 1
+gztelli.ch, 1
+h-advisors.global, 1
+h-gac.gov, 1
+h-gen.to, 1
+h-jo.net, 1
+h-maxton.de, 1
+h-node.org, 1
+h-server.myfirewall.org, 1
+h-var.com, 1
+h.fo, 1
+h001.ru, 0
+h07.cn, 1
+h09.eu, 1
+h0r.st, 1
+h0stb3rry.org, 1
+h0u5er.com, 1
+h10l.com, 1
+h10s.net, 1
+h11.io, 1
+h11.moe, 1
+h1b.tech, 1
+h1ctf.com, 1
+h1z1swap.com, 1
+h2.com.sg, 1
+h2.style, 1
+h2020faros.eu, 1
+h24.org, 1
+h2b.cz, 1
+h2cclipboard.com, 1
+h2cdn.cloud, 1
+h2gonc.gov, 1
+h2hc.email, 1
+h2ole.com, 1
+h2omusic.tk, 1
+h2ox.io, 1
+h2rul.eu, 1
+h2u.tv, 1
+h36533.com, 1
+h3artbl33d.nl, 1
+h3x.jp, 0
+h3z.jp, 1
+h51365.com, 1
+h5197.co, 1
+h5q.net, 1
+h6729.co, 1
+h6729.com, 1
+h6957.co, 1
+h6p.de, 1
+h82365.com, 1
+h8p.de, 1
+h9297.co, 1
+h9397.com, 0
+h9728.co, 1
+h9j.com.br, 1
+ha-kunamatata.de, 1
+ha.com, 1
+ha2hva1n.com, 1
+ha3.eu, 1
+ha34.com, 1
+ha6.ru, 1
+haagsebubbel.tk, 1
+haakonbecker.de, 1
+haaldesignpro.com, 1
+haancommunity.cf, 1
+haaog.com, 1
+haar-trifft-medizin.de, 1
+haar.gq, 1
+haarbosch.net, 1
+haarigerrattenarsch.com, 1
+haarlemsesaxofoonschool.nl, 1
+haartrifftmedizin.de, 1
+haas.co.uk, 1
+haasonline.tk, 1
+haavard.me, 1
+hab.dynu.net, 1
+habahaba.tk, 1
+habarimail.com, 1
+habarisoft.com, 1
+habarovsk.ml, 1
+habbixed.tk, 1
+habbocore.tk, 1
+habboinside.tk, 1
+habbolibres.tk, 1
+habbstars.org, 1
+habbzohotel.tk, 1
+habedieeh.re, 1
+habeeba.tk, 1
+habenafilm.cz, 1
+habercininyeri.com, 1
+haberer.me, 1
+haberlandconsulting.com, 1
+haberlanddesign.com, 1
+haberlanddigital.com, 1
+haberlandgroup.com, 1
+haberlandpartners.com, 1
+haberlandpodcasts.com, 1
+haberledik.com, 1
+habermatik.net, 1
+habermatik.tk, 1
+habernet.tk, 1
+habersitesikur.tk, 1
+haberton.com, 1
+habesha.bet, 1
+habibi-fit.com, 1
+habilcondominios.com.br, 1
+habitable.ga, 1
+habitarte.com.mx, 1
+habitat-domotique.fr, 1
+habitatberks.org, 1
+habitiss.be, 1
+hable.kr, 1
+hablemosdenutricion.com, 1
+habnubis.es, 1
+habr.ee, 1
+habrastorage.org, 1
+habsmack.tk, 1
+habtium.es, 1
+hac2er.net, 1
+hacc.top, 1
+haccp.bergamo.it, 1
+haccp.milano.it, 1
+haccp.roma.it, 1
+hacertest.com, 1
+hachette-collections.com, 1
+hachettepartworks.com, 1
+hachimijiogan.info, 1
+hachre.de, 0
+hacifadilogullari.com.tr, 1
+hacihusrevyikim.tk, 1
+hack-bang.com, 1
+hack-forum.ml, 1
+hack-net.gq, 1
+hack.fi, 1
+hackablestuff.cf, 1
+hackadena.com, 1
+hackamac.tk, 1
+hackathonjr.tw, 1
+hackathontwjr.ml, 0
+hackattack.com, 1
+hackbarth.guru, 1
+hackbeil.name, 1
+hackbubble.me, 1
+hackcess.net, 1
+hackclubmauritius.nl, 1
+hackcraft.net, 1
+hackdown.eu.org, 1
+hackdown.tech, 1
+hackdra.io, 1
+hackeado.tk, 1
+hacked.com, 1
+hackedaf.com, 1
+hackedthe.net, 1
+hackendoz.com, 1
+hackengine.ga, 1
+hackenkunjeleren.nl, 1
+hackenturet.dk, 1
+hacker.deals, 1
+hacker.holiday, 1
+hacker.im, 1
+hacker.one, 1
+hacker1.com, 1
+hacker101.com, 1
+hacker8.cn, 0
+hackercommunity.org, 1
+hackereyes.com, 1
+hackerfa.tk, 1
+hackerflare.com, 1
+hackerforums.tk, 1
+hackergateway.com, 1
+hackerhotel.nl, 1
+hackerinfo.ml, 1
+hackerman.nu, 1
+hackernews.ddns.net, 1
+hackernewsuk.cf, 1
+hackernoon.com, 0
+hackerone-ext-content.com, 1
+hackerone-user-content.com, 1
+hackerone.at, 1
+hackerone.blog, 1
+hackerone.com, 1
+hackerone.events, 1
+hackerone.live, 1
+hackerone.net, 1
+hackerone.org, 1
+hackeronte.tk, 1
+hackers-networks.tk, 1
+hackersclothing.com, 1
+hackerspace.rocks, 1
+hackerstory.tk, 1
+hackersw0rld.tk, 1
+hackerzbug.tk, 1
+hackettrecipes.com, 1
+hackforgood.com, 1
+hackgunny.tk, 1
+hackhouse.sh, 1
+hackingand.coffee, 0
+hackingdh.com, 1
+hackingdumpdrive.org, 1
+hackingfever.tk, 1
+hackingwithswift.com, 1
+hackintosh.eu, 1
+hackintosh.social, 1
+hackmd.io, 1
+hackmeifyoucan.site, 1
+hacknet-bar.cn, 1
+hackney.tk, 1
+hackops.tk, 1
+hackreone.com, 1
+hackrepreneur.com, 1
+hackrigs.com, 1
+hacksecu.re, 1
+hacksoc.co.uk, 1
+hackthat.tk, 1
+hackthehacker.ml, 1
+hackthissite.org, 1
+hacktivis.me, 1
+hacktivitycon.com, 1
+hacktober.dk, 1
+hackworx.com, 0
+hackyourfaceoff.com, 1
+hackzogtum-coburg.de, 1
+hacp.gov, 1
+hadaly.fr, 1
+hadassah.moscow, 1
+haddos.tk, 1
+haderecker.me, 1
+hadesblack.com, 1
+hadetlachapelle.com, 1
+hadibut.fr, 1
+hadika.tk, 1
+hadin.tk, 1
+hadleyluker.com, 1
+hadoora.hu, 1
+hadopi.fr, 1
+hadotifpc.in, 1
+hadouk.in, 1
+hadouken.tk, 1
+hadoverde.com, 1
+hadrons.org, 1
+hadudonura.tk, 1
+hady.boutique, 1
+hady.fr, 1
+hadzaproperty.com, 1
+haefligermedia.ch, 1
+haegele.consulting, 1
+haehnel.xyz, 1
+haehnlein.at, 1
+haemka.de, 1
+haemmerle.net, 1
+haemonetics.com, 1
+haens.li, 1
+haerwu.biz, 1
+hafcareclinic.com, 1
+haferman.net, 1
+haferman.org, 1
+haffen.com, 1
+hafizkadir.tk, 1
+hafling.net, 1
+haflingers.tk, 1
+hafniatimes.com, 1
+hag27.com, 1
+hagalaz-design.de, 1
+hagbergmedia.se, 1
+hagen-bauer.de, 0
+hagenkleinert.de, 1
+haggisofnorway.tk, 1
+hagiati.gr, 1
+hagix.tk, 1
+hagleitner.com, 1
+hagoyvivo.com, 1
+hagskold.se, 1
+hagtingius.nl, 1
+haguichi.net, 1
+haha-raku.com, 1
+haha.moe, 1
+haha.nl, 0
+hahahahaha.cf, 1
+hahapo.com, 1
+hahn-trafo.com, 1
+haiawan.de, 1
+haiboxu.com, 1
+haichuang.com, 1
+haiduc.tk, 1
+haifaworld.tk, 1
+haifengz.com, 0
+haigle.com, 1
+haileyuantoy.com, 0
+hails.info, 1
+hailstorm.nl, 1
+hailstormproject.tk, 1
+haimablog.ooo, 1
+hainanstar.cc, 1
+haineshilton.com, 1
+hair-and-makeup-artist.com, 1
+hair-care-guide.com, 1
+hair-carekit.tk, 1
+hair-dressing.tk, 1
+hair-extension.tk, 1
+hair-extensions.tk, 1
+hairbrushes.tk, 1
+haircareblog.tk, 1
+haircarebrazil.com, 1
+haircode.gr, 1
+hairconventioners.ga, 1
+hairconventionest.ga, 1
+haircrazy.com, 1
+haircutideas.gq, 1
+hairdrezzersonfire.com, 1
+hairextensionjakarta.com, 1
+hairextensionsaustralia.tk, 1
+hairextensionshop.tk, 1
+hairextensionstore.tk, 1
+hairextensionsuk.tk, 1
+hairfitwolvega.nl, 1
+hairgrowth.cf, 1
+hairgrowth.gq, 1
+hairgrowth.ml, 1
+hairhardstyle.tk, 1
+hairhumanextensions.tk, 1
+hairlossadvice.tk, 1
+hairmitage.pl, 0
+hairphoto.tk, 1
+hairpins.tk, 1
+hairsalon-wish.com, 1
+hairstyles-salon.tk, 1
+hairyfilm.com, 1
+hairymilfpics.com, 1
+hairypussyvideos.net, 1
+hairyteenpics.com, 1
+hairytouch.com, 1
+hairytube.tv, 1
+hairywomen.tv, 1
+hairywomenpics.com, 1
+haislipcorp.com, 1
+haitaka.cc, 1
+haitang.com, 1
+haitangsoshu.com, 1
+haitangsoushu.com, 1
+haititan.com, 1
+haititransfert.com, 1
+haitou.tk, 1
+haitrieu.com, 1
+haixihui.cn, 1
+haixingyun.com, 1
+haizs.com, 1
+haizs.net, 1
+haizum.pro, 1
+hajekdavid.cz, 1
+hajekj.com, 1
+hajekj.cz, 1
+hajnzic.at, 1
+hak-lab.com, 1
+hak-zona.tk, 1
+hak.edu.ee, 1
+haka.se, 1
+hakama-sendai.com, 1
+hakanpeker.tk, 1
+hakaru.org, 1
+hakase.pw, 1
+hakasia.tk, 1
+hakatabijin-mind.com, 1
+hakatemia.fi, 0
+hake.me, 1
+haker24.tk, 1
+hakerzona.tk, 1
+hakiminvestment.com, 1
+hakimova.tk, 1
+hakkarihaberi.tk, 1
+hakkarihaberleri.tk, 1
+hakkariradyo.tk, 1
+hakkasan.com, 1
+hakkasannightclub.com, 1
+hakon.lol, 1
+haku.vn, 1
+hakugin.me, 1
+hakurei.ga, 1
+hakurei.win, 1
+hal-9th.space, 1
+halacs.hu, 1
+halagroup.ml, 1
+halalbooking.com, 1
+halatik.com.ua, 1
+halbbit.eu, 1
+halberstadt.tk, 1
+halbich.design, 1
+halcraft.tk, 1
+halcyonsbastion.com, 1
+haleluyah-asuubabi.ga, 1
+halepetdoorsofaz.com, 1
+halescornerswi.gov, 1
+haleyandlucas.tk, 1
+half-logic.eu.org, 1
+half.ga, 1
+half.host, 1
+half.in.th, 1
+halfbeasters.ga, 1
+halfbeastest.ga, 1
+halfhosting.de, 1
+halfmba.com, 1
+halfords.com, 1
+halfords.ie, 1
+halfreal.tk, 1
+halgap.ga, 1
+haliava.tk, 1
+halic.tk, 1
+halifaxboropdpa.gov, 1
+halifaxma.gov, 1
+halifaxmoneyman.com, 1
+halifaxsailingclub.org.uk, 1
+halilova.ga, 1
+halilova.ml, 1
+halilova.tk, 1
+halilweb.tk, 1
+halilyagcioglu.tk, 1
+halimjr.com, 0
+halkakoop.com, 1
+halkbank.mk, 1
+halkoyu.org, 1
+halkyon.net, 1
+hall1c.com, 1
+hallanalysis.com, 1
+hallcopainting.com, 1
+hallelujahsoftware.com, 1
+hallettxn.com, 1
+halli.tk, 1
+halliday.work, 1
+halligan.tk, 1
+hallighof.de, 1
+halligladen.de, 1
+hallmanmemorials.net, 1
+hallmarkbusiness.com, 1
+hallmarkestates.ca, 1
+halloffameapartments.com, 1
+hallofoddities.tk, 1
+hallofworlds.online, 1
+hallopstyling.com, 1
+halloway.tk, 1
+halloweencostumesideas101.com, 1
+halloweenmusic.org, 1
+hallspumpandwellservice.net, 1
+halltrends.tk, 1
+hallucineer.com, 1
+hallucinogen.com, 1
+hallucinogens.org, 1
+hallways.tk, 1
+halneff.ga, 1
+halo.fr, 1
+halocredit.pl, 0
+halogen.city, 1
+halogen.vip, 1
+halogenos.org, 1
+halongbaybackpackertour.com, 1
+haloobaloo.com, 1
+halopedia.org, 1
+haloperidol.cf, 1
+halovanic.org, 1
+halpin.tk, 1
+halseyor.gov, 1
+halterner-tc.de, 1
+halukaka.net, 1
+halv.me, 1
+halvalla.tk, 1
+halyul.com, 1
+hamacho-kyudo.com, 1
+hamali.bg, 1
+hamamatsu-kotsu.co.jp, 1
+hamarimarriage.tk, 1
+hamartrophy.cf, 1
+hamasu.com, 1
+hamave.nl, 1
+hamburg40grad.de, 1
+hamburgcode.com, 1
+hamburgerbesteld.nl, 1
+hamburgerland.tk, 1
+hamburgobgyn.com, 1
+hamdenct.gov, 1
+hamdiscussions.com, 1
+hamedfans.tk, 1
+hamelneinfachonline.de, 0
+hamelnpsychotherapie.de, 1
+hamerslag.tk, 1
+hamgamweb.com, 1
+hamha.tk, 1
+hamibot.cn, 1
+hamibot.com, 1
+hamiltonatlnj.gov, 1
+hamiltoncountyil.gov, 1
+hamiltoncountyne.gov, 1
+hamiltone-clearance.co.uk, 1
+hamiltone.co.uk, 1
+hamiltonil.gov, 1
+hamiltonpdnj.gov, 1
+hamiltonsalestraining.com, 1
+hamiltonvotesfl.gov, 1
+hamiltonweather.ca, 1
+hamiltonzinelibrary.cf, 1
+hamiltonzinelibrary.ga, 1
+hamiltonzinelibrary.gq, 1
+hamiltonzinelibrary.ml, 1
+hamking.tk, 1
+hamkorbank.uz, 1
+hamletstudio.tk, 1
+hammacklawfirm.com, 1
+hammann-services.de, 1
+hammed.tk, 1
+hammer-schnaps.com, 1
+hammer-sms.com, 1
+hammercast.fm, 1
+hammered.tk, 1
+hammerhead.tk, 1
+hammernews.tk, 1
+hammerofdamnation.tk, 1
+hammerofthor-india.com, 1
+hammerstorm.ga, 1
+hamminga.nl, 1
+hammondwi.gov, 1
+hamoominim.tk, 1
+hampelmd.com, 1
+hampl.tv, 1
+hampshiretechservices.co.uk, 1
+hamptonandrhodes.com, 1
+hamptonrhodes.com, 1
+hamptonroads.gov, 1
+hampus.lol, 1
+hampuskraft.com, 1
+hamsaranjavan.tk, 1
+hamsokhan.tk, 1
+hamsterchines.tk, 1
+hamsteriousgift.com, 1
+hamsternetwork.com, 1
+hamstersenanos.tk, 1
+hamsterworld.tk, 1
+hamsystems.eu, 1
+hamtwpfcoh.gov, 1
+hamwan.nl, 0
+hamza.estate, 1
+hamzahamry.ga, 1
+han-nas.com, 1
+hana-groupsac.com, 1
+hana.ondemand.com, 1
+hanabi.fan, 0
+hanacademy.us, 1
+hanakaru.tk, 1
+hanako-health.com, 1
+hanako-health.de, 1
+hanakohealth.com, 1
+hanakohealth.de, 1
+hanan.cz, 1
+hanatan.net, 1
+hanazono.tokyo, 1
+hanbing.it, 1
+hancevillewateral.gov, 1
+hancockcountyia.gov, 1
+hancockcountyky.gov, 1
+hancockcountymaine.gov, 1
+hancockcountyohioelections.gov, 1
+hancockcountywv.gov, 1
+hancockin.gov, 1
+hancocklawfl.com, 1
+hand-made24.de, 1
+hand.community, 1
+hand2h.com, 1
+handballinside.de, 1
+handballmania.tk, 1
+handbrake.fr, 1
+handcity.com, 1
+handelsbanken.co.uk, 1
+handelsbanken.com, 1
+handelsbanken.dk, 1
+handelsbanken.fi, 1
+handelsbanken.no, 1
+handelsbanken.se, 1
+handheldsound.com, 1
+handhockeyers.ga, 1
+handhockeyest.ga, 1
+handicap-job.com, 1
+handicappingsportsers.ga, 1
+handicappingsportsest.ga, 1
+handicapzero.org, 1
+handicraftsman.tk, 1
+handicraftsmarble.com, 1
+handigehannie.nl, 1
+handleidingkwijt.com, 1
+handlekrypto.com, 1
+handles.tech, 1
+handlingcosters.ga, 1
+handlingcostest.ga, 1
+handlungsleitfaden.de, 1
+handmade-club.tk, 1
+handmade-workshop.de, 1
+handmadehechoamano.com, 1
+handmadeselling.com, 1
+handmadetutorials.ro, 1
+handphones.tk, 1
+handpiece.com, 1
+handpresso.com, 1
+hands.net, 1
+handsaccounting.com, 1
+handsender-express.com, 1
+handsome-samurai.jp, 1
+handsomeabel.tk, 1
+handsonscience.com.au, 1
+handstandstudio.ga, 1
+handsup.dance, 1
+handwerk-digital-steinfurt.de, 1
+handwerker4u.de, 1
+handwerkwebseiten.de, 0
+handy-fun.tk, 1
+handy-page.tk, 1
+handy.lc, 1
+handymanbibleers.ga, 1
+handymanbibleest.ga, 1
+handymanbypolli.com, 1
+handymanlondonplease.co.uk, 1
+handynummer-info.ch, 1
+handyoutdoorgoods.com, 1
+handyschaft.de, 1
+handysex.live, 1
+handyticket.de, 1
+hanfoot.tk, 1
+hanfox.co.uk, 0
+hanfverband-erfurt.de, 1
+hang333.moe, 1
+hangar4.es, 1
+hangarbox.de, 1
+hangardasaves.com.br, 1
+hangargeek.ml, 1
+hangcapnach.com, 1
+hangkei.com, 1
+hangout, 1
+hangouts.google.com, 1
+hangryum.com, 1
+hangtenseo.com, 1
+hangw.xyz, 1
+hanhardt.org, 1
+hanhtrinhxanh.org, 1
+haniasitek.com, 1
+hanimat.pl, 1
+hanisirfan.cf, 1
+hanjl.com, 0
+hanjuapp.com, 1
+hanke.se, 1
+hankoreas.com, 1
+hankr.com, 1
+hanksservice.com, 1
+hanky2.com, 1
+hanlonconcrete.com, 1
+hanmandalu.com, 1
+hanmandao.com, 1
+hanmandaohang.com, 1
+hanmangu.com, 1
+hanmanlou.com, 1
+hanmanshijie.com, 1
+hanmanxia.com, 1
+hanmofu.life, 1
+hannaandersson.com, 1
+hannagroup.ca, 1
+hannah.link, 1
+hannahbarrettyoga.com, 1
+hannaljungberg.tk, 1
+hannehovi.fi, 1
+hannekroencke.com, 1
+hannes.paris, 1
+hannit.de, 1
+hannoluteijn.nl, 1
+hannover-96.tk, 1
+hannover-reisen.tk, 1
+hannywbarek.com, 1
+hanoibuffet.com, 1
+hanoicapital-tanvn.tk, 1
+hanomag-tractors.tk, 1
+hanpenblog.com, 1
+hanrobado.com, 1
+hansa-flex.com.ua, 1
+hansa.org.ru, 1
+hansahome.ddns.net, 1
+hansanders.nl, 1
+hansashop.fi, 1
+hansbruis.tk, 1
+hanschventures.com, 1
+hansee.com, 1
+hansen-kronshagen.de, 1
+hansen.hn, 1
+hansgoes.it, 1
+hansgoes.nl, 1
+hansgoesit.nl, 1
+hanshosting.nl, 1
+hanshow.com, 1
+hansinternational.com.au, 1
+hansklok.tk, 1
+hansminten.com, 1
+hansmund.com, 1
+hansmunt.nl, 1
+hansolrella.com, 1
+hansonian.com, 1
+hanspaulske-cteni.tk, 1
+hanspetersteiger.ch, 1
+hansvaneijsden.com, 1
+hansvaneijsden.nl, 1
+hant.se, 1
+hantera.fi, 1
+hantse.com, 0
+hanwhalife.com, 1
+hanxv.pw, 1
+hanys.xyz, 1
+hanzcollection.online, 1
+hanzubon.jp, 1
+hao-zhang.com, 1
+haofeng.com, 1
+haoke.com, 1
+haoming.com, 1
+haorenka.co, 1
+haoz.tk, 1
+haozhexie.com, 1
+haozi.me, 1
+hapfox.de, 1
+hapiao.com, 1
+hapijs.cn, 1
+hapissl.com, 1
+hapivm.com, 1
+hapless.tk, 1
+happeopleindonesia.id, 1
+happiestoutdoors.ca, 1
+happii.dk, 1
+happiness.solutions, 1
+happist.com, 1
+happity.co.uk, 1
+happu-dinero.tk, 1
+happy-end-shukatsu.com, 1
+happy-face.tk, 1
+happy-family.tk, 1
+happy-finance.tk, 1
+happy-space.tk, 1
+happy-wans.com, 1
+happy-watches.com, 1
+happy2hub.eu, 1
+happyagain.de, 1
+happyagain.se, 1
+happyandrelaxeddogs.com, 1
+happyanimalsshop.com, 1
+happybabyhappymama.nl, 1
+happybeerdaytome.com, 1
+happybirthdaywisher.com, 1
+happybounce.co.uk, 1
+happychat.io, 1
+happychungus.tk, 1
+happychurch.com, 1
+happycoder.net, 0
+happycoders.eu, 1
+happycolors.us, 1
+happycompany.fi, 1
+happycore.ml, 1
+happycrashers.ga, 1
+happycrashest.ga, 1
+happycustomer360.pt, 1
+happydad.tk, 1
+happydays.cat, 1
+happydoghosting.net, 1
+happydoq.ch, 0
+happydota.ga, 1
+happydreamsz.com, 1
+happyexwife.ga, 1
+happyfoolss.com, 1
+happyfun.tk, 1
+happyfuture.tk, 1
+happygadget.me, 1
+happygardencenter.com.br, 1
+happygreats.ml, 1
+happygreats.tk, 1
+happyhumans.com, 1
+happyindia.ml, 1
+happylearning.com, 1
+happylifestyle.com, 1
+happymine.nl, 1
+happymonday.ua, 1
+happymondayclub.com, 1
+happymoney.com, 1
+happymothersday.tk, 1
+happynight.tk, 1
+happyplantparent.com, 1
+happyretail.ai, 1
+happyrunning.tk, 1
+happyschnapper.com, 1
+happyscore.nl, 1
+happyscubadiving.tk, 1
+happyteamlabs.com, 1
+happytestings.com, 1
+happytime.gq, 1
+happytours.cf, 1
+happytoys.com.br, 1
+happytugs.com, 1
+happyukgo.com, 1
+happywater.my, 1
+happyweekend.ga, 1
+happywheels1.online, 1
+hapronailz.tk, 1
+haproxy.tech, 1
+hapsana.nl, 1
+hapsfordmill.co.uk, 1
+haptemic.com, 1
+hapticmedia.com, 1
+hapticmedia.io, 1
+hapvm.com, 1
+haqrpatrol.com, 1
+har5.com, 1
+harabar.ga, 1
+harabar.gq, 1
+harabar.ml, 1
+harabe.ga, 1
+harahanla.gov, 1
+harajiplastic.ir, 1
+harakahdaily.net, 1
+harald-d.dyndns.org, 1
+harald-nyborg.dk, 1
+harald-pfeiffer.de, 1
+harambo.cf, 1
+harapanrakyat.com, 1
+harapecorita.com, 1
+harapjunk.hu, 1
+harasov.tk, 1
+harbecke.cloud, 1
+harbecke.me, 1
+harbecke.net, 1
+harbecke.org, 1
+harbecke.xyz, 1
+harbor.com, 1
+harborhillsdaycamp.com, 1
+hard-drive-recovery-blog.tk, 1
+hard.email, 1
+hardatack.tk, 1
+hardcore-bodybuilding.nl, 1
+hardcore-hooligans.tk, 1
+hardcore-toys.com, 1
+hardcoreincest.net, 1
+hardcorejokeers.ga, 1
+hardcorejokeest.ga, 1
+hardcorepost.com, 1
+hardeecountyfl.gov, 1
+hardeeflvotes.gov, 1
+hardeman.nu, 1
+hardenburghny.gov, 1
+hardenize.com, 1
+hardergayporn.com, 1
+hardesec.com, 1
+hardfalcon.net, 1
+hardfloorcleaninglondon.co.uk, 1
+hardforum.com, 1
+hardgame.tk, 1
+hardgospelcafe.tk, 1
+hardh.at, 0
+hardhat.io, 1
+hardhatengineer.com, 1
+hardies.nl, 1
+hardinal.com, 1
+hardincountyil.gov, 1
+hardincountyky.gov, 1
+hardincountyohio.gov, 1
+hardjump.tk, 1
+hardmetal.tk, 1
+hardmine.ru, 1
+hardnet.cz, 1
+hardnode.org, 1
+hardnoiser.tk, 1
+hardpay.com, 1
+hardrain980.com, 1
+hardrock.tk, 1
+hardrocksportsbook.com, 1
+hardscience.games, 1
+hardscience.io, 1
+hardstation.tk, 1
+hardstyleclothes.tk, 1
+hardtec.tk, 1
+hardtfrieden.de, 1
+hardtime.tk, 1
+hardtimeszine.tk, 1
+hardwake.tk, 1
+hardwareforum.ga, 1
+hardwarelog.in, 1
+hardwarelogin.com, 1
+hardwarelogin.rocks, 1
+hardwareschotte.de, 1
+hardwick-ma.gov, 1
+hardwickvt.gov, 1
+hardworm.tk, 1
+hardy.bz, 1
+hardyboyplant.com, 1
+hardyhaberland.com, 1
+hardzone.es, 1
+harem.tk, 1
+harery.com, 1
+harfordpark.org, 1
+harfordvotes.gov, 1
+hargaindo.com, 1
+hargamobilmu.com, 0
+harghita.com, 1
+hargita.com, 1
+hari-katha.tk, 1
+hari-tech.com, 1
+harianjogja.com, 1
+haribilalic.com, 1
+harigovind.org, 1
+hariharnagar.tk, 1
+hariji.tk, 1
+haringtwpmi.gov, 1
+harishgoyal.tk, 1
+harithsankalpa.com, 1
+haritsa.co.id, 1
+hariz.ga, 1
+harkenzconstruction.com, 1
+harlan.cc, 1
+harlem-mt.gov, 1
+harlemeverafter.com, 1
+harleyclassifieds.com, 1
+harleysvillegroup.com, 1
+harlim.tk, 1
+harlingentx.gov, 1
+harlor.de, 1
+harmfarm.nl, 1
+harmim.cz, 1
+harmlesspeopleers.ga, 1
+harmlesspeopleest.ga, 1
+harmoney.com, 1
+harmonicasireland.com, 1
+harmonizely.com, 0
+harmony.co.id, 1
+harmonyeg.net, 1
+harmonyhomeaidservices.co.uk, 1
+harmonylife.ro, 1
+harmonyroomspa.com, 1
+harmreductionwa.org, 1
+harms.io, 1
+harmsboone.org, 1
+harnettcountync.gov, 1
+harneycountyor.gov, 1
+harno.ee, 0
+harnov.dk, 0
+harodeportivo.tk, 1
+haroldkip.nl, 1
+haroldkramer.tk, 1
+haroldsharpe.com, 1
+harp.gov, 1
+harpen.de, 1
+harpersvilleal.gov, 1
+harplingemark.se, 1
+harpoonlarsen.tk, 1
+harpreetrakhra.ca, 1
+harputlugil.com, 1
+harrachovskyapartman.cz, 1
+harray.tk, 1
+harrcostl.com, 1
+harriedrecords.tk, 1
+harrietjohnston.tk, 1
+harrimantn.gov, 1
+harringtonca.com, 1
+harrisandharris.com.au, 1
+harrisconsulting.ie, 1
+harrisexteriors.com, 1
+harrisonar.gov, 1
+harrisonassessments.asia, 1
+harrisonassessments.co.id, 1
+harrisonassessments.co.in, 1
+harrisonassessments.co.uk, 1
+harrisonassessments.com.au, 1
+harrisonassessments.com.hk, 1
+harrisonassessments.com.tw, 1
+harrisonassessments.de, 1
+harrisonassessments.eu, 1
+harrisoncareerguide.com, 1
+harrisoncountymo.gov, 1
+harrisoncountyms.gov, 1
+harrisoncountymschanceryclerk.gov, 1
+harrisonsdirect.co.uk, 1
+harrisontownshipmi.gov, 1
+harrisrealestate.com, 1
+harrogatemoneyman.com, 1
+harry-baker.com, 1
+harry-hk.tk, 1
+harryagustiana.tk, 1
+harryanddavid.com, 1
+harryandharrison.com, 1
+harrychristensen.tk, 1
+harrymcgee.tk, 1
+harrymclaren.co.uk, 1
+harryosborn.tk, 1
+harrypotterclan.tk, 1
+harrypottereditor.com, 1
+harrypottereditor.net, 1
+harrypottervenezuela.tk, 1
+harrysmallbones.co.uk, 1
+harryvapoteur.com, 1
+harryvrancken.nl, 1
+harryxxjohnson.ga, 1
+harryyy.me, 0
+harshani.ga, 1
+harshee.ml, 1
+hartan.to, 1
+hartfordct.gov, 1
+hartfordschools.org, 0
+hartfordtwpwipd.gov, 1
+hartie95.de, 1
+hartleighclyde.com.au, 1
+hartlep.email, 1
+hartleycountytx.gov, 1
+hartlieb.me, 1
+hartmancpa.com, 1
+hartmann-hartmann.eu, 1
+hartmannindustries.com, 1
+hartpsychologen.nl, 1
+hartsfieldrock.tk, 1
+hartslagnu.nl, 1
+hartstart.info, 1
+hartvannike.tk, 1
+hartwellga.gov, 1
+hartwickny.gov, 1
+hartzer.com, 1
+haru-restaurant.tk, 1
+haruhi.org.ua, 1
+harukakikuchi.com, 1
+harukawa.moe, 1
+harumi-cl.jp, 1
+harunafilez.tk, 1
+haruto.zone, 1
+harvard-ma.gov, 1
+harvardil.gov, 1
+harvestapp.com, 1
+harvester.fr, 1
+harvestfellowshipchurch.net, 1
+harvestgospelministries.org, 1
+harvestmoon.ga, 1
+harvestmoon.ml, 1
+harveyauzorst.com, 1
+harveyplum.com, 1
+harveysautoservice.net, 1
+harveysproducts.co.nz, 1
+harwoeck.group, 1
+haryana.gov.in, 1
+harz.cloud, 0
+harzin.tk, 1
+harzlaender.de, 1
+has-no-email-set.de, 1
+has.gy, 1
+has.report, 1
+has.work, 1
+hasabig.wang, 1
+hasalittle.wang, 1
+hasandeniz.uk, 1
+hasandurmus.com, 1
+hasanmtech.com, 1
+hasansaribas.com, 1
+hasanyildiz.com, 1
+hasas-automatizari.ro, 1
+hasas-cnc.ro, 1
+hasbara.tk, 1
+haschrebellen.de, 1
+hasdf.de, 1
+hasecuritysolutions.com, 1
+hasel.news, 1
+haselsteiner.me, 1
+hasenmueller.de, 1
+hasgeek.com, 1
+hash.works, 1
+hashcat.net, 1
+hashedin.com, 1
+hashemian.com, 1
+hashes.com, 1
+hashes.org, 1
+hashi.dk, 0
+hashi.icu, 1
+hashi.sbs, 1
+hashiconf.com, 0
+hashicorp.com, 0
+hashimah.ca, 1
+hashimoto-jimusho.com, 1
+hashinteractive.com, 0
+hashish.net, 1
+hashiura.jp, 1
+hashmart.io, 1
+hashnode.com, 0
+hashplex.com, 1
+hashru.nl, 1
+hashsters.com, 1
+hashsters.io, 1
+hashulchan.co.il, 1
+hashworks.net, 1
+hashxp.org, 1
+hasilkeluaransgp.com, 1
+hasilocke.de, 1
+hasjob.co, 1
+haskellcountytx.gov, 1
+haskovec.com, 1
+hasmoralsers.ga, 1
+hasmoralsest.ga, 1
+hassan-kuordish.tk, 1
+hassanhardware.com, 1
+hassans.tk, 1
+hassclan.tk, 1
+hasselbach-dellwig.de, 1
+hassellunden.ga, 1
+hassiba-abderaouf.tk, 1
+hassra.org.uk, 1
+hasstopped.com, 1
+hastadoktor.com, 1
+hastaneurunleri.com.tr, 1
+hastati.tk, 1
+hastavem.com, 1
+hastingsapplianceservice.com.au, 1
+hastingsdirect.com, 1
+hastingsmi.gov, 1
+hastingsne.gov, 1
+hastmassage.tk, 1
+hastyllc.com, 1
+hasx.me, 1
+hasznosithato.tk, 1
+haszon.hu, 1
+hatake.tk, 1
+hatakekaigi.com, 1
+hataonline.tk, 1
+hatarisecurity.co.ke, 1
+hatcher.cloud, 1
+hatchutah.gov, 1
+hate.ga, 1
+hate.tk, 1
+hatemarga.tk, 1
+hatematerial.tk, 1
+hatethe.uk, 1
+hatfieldgroup.co.za, 1
+hathai.org, 1
+hathawaydinwiddie.com, 1
+hatierchinois.fr, 1
+hatinyhouse.com, 1
+hatori.tk, 1
+hatpakha.com, 1
+hatraters.ga, 1
+hatratest.ga, 1
+hatsnet.io, 1
+hatsthings.com, 1
+hatsuharu.tk, 1
+hatsukoi-seikotsu.com, 1
+hatter.ink, 1
+hattori-hanzo.tk, 1
+hattricksites.tk, 1
+hatul.info, 1
+haucke.xyz, 1
+haughtonla.gov, 1
+hauller.ch, 1
+haulpackaging.com, 1
+hauntedcastle.tk, 1
+hauntedhouserecords.co.uk, 1
+hauntedtruth.tk, 1
+hauora.fyi, 1
+hauora.tech, 1
+haus-garten-test.de, 1
+haus-henne.de, 1
+haus-maritchen.at, 1
+haus-mittelpunkt.de, 1
+haus-momo.ch, 1
+haus.bio, 1
+hausarzt-nw.de, 1
+hausarzt-nw.info, 1
+hausdorf.ru, 1
+hausfoto.cz, 1
+hausfrauficken.com, 1
+haushaltsaufloesung-vor-ort.de, 1
+haushaltsaufloesung-zentrum.de, 1
+haushenne.de, 1
+hausjugo.de, 1
+hausmann-versorgungstechnik.de, 1
+hausmeister-website.de, 1
+hauspie.fr, 1
+hausresidential.com.au, 1
+haust.tk, 1
+haustechnik-breu.de, 1
+hausverbrauch.de, 1
+hausverwaltung-motsch.de, 1
+hautarztzentrum.ch, 1
+hautehorlogerie.org, 1
+hautemontagne.com, 1
+hautescimesone.ch, 1
+hauteslatitudes.com, 0
+hautsache-friesoythe.de, 1
+hautsdefrance.fr, 1
+havaci.tk, 1
+havaguncel.com, 1
+havana-club.com, 1
+havanaheritage.org, 1
+havarijna-sluzba-bratislava.sk, 1
+havasuinsurance.com, 1
+havasuopenhouse.com, 1
+havasutacohacienda.com, 1
+havator.fi, 1
+have-it.tk, 1
+have.jp, 1
+haveabounce.co.uk, 1
+havedicewillsave.com, 1
+haveforeningen-enghaven.dk, 1
+havefunbiking.com, 1
+haveg.ru, 1
+haveibeenpwned.be, 1
+haveibeenpwned.com, 1
+havellab.de, 1
+havells.com, 1
+haven-staging.cloud, 1
+havencyber.com, 1
+havenstar.com, 1
+havenstudios.com, 1
+haverford.com, 1
+havernbenefits.com, 1
+haverplastics.co.uk, 1
+havetherelationshipyouwant.com, 1
+havi-engel.de, 1
+havivdriver.co.il, 1
+havohravo.com, 1
+havuzkapinda.com, 1
+hawaiiafro.tk, 1
+hawaiianchoice.com, 1
+hawaiianlion.cf, 1
+hawaiianlion.ga, 1
+hawaiianlion.gq, 1
+hawaiifamilydental.com, 1
+hawaiiforbernie.com, 1
+hawaiinet.tk, 1
+hawaiipolice.gov, 1
+hawaindustrial.com, 1
+hawat.cz, 1
+hawawa.kr, 1
+hawickvets.co.uk, 1
+hawit-steuerberatung.de, 1
+hawit-steuerberatung.support, 1
+hawk-la.com, 1
+hawk.pl, 1
+hawkargentina.com, 1
+hawkbiosystems.com, 0
+hawkeyeia.gov, 1
+hawkeyeinsight.com, 1
+hawkins.plus, 1
+hawkinsonkiaparts.com, 1
+hawkofgeorgia.com, 1
+hawkon.dk, 1
+hawkrovers.tk, 1
+hawksguild.com, 0
+hawle-service.at, 1
+hawler.tk, 1
+hawo.academy, 1
+hawrerahimi.nl, 0
+hax.to, 1
+haxland.tk, 1
+haxor.one, 1
+haxx.hu, 1
+hay.email, 1
+hayai.space, 1
+hayalgucu.net, 1
+hayashi-rin.net, 1
+hayatmurat.tk, 1
+haydenal.gov, 1
+haydenbleasel.com, 0
+haydenfranklin.com, 1
+haydenjames.io, 1
+hayestwpclaremi.gov, 1
+hayestwpotsegomi.gov, 1
+hayfordoleary.com, 1
+hayl.me.uk, 1
+hayleywestenra.tk, 1
+hayobethlehem.nl, 1
+hayonik.com, 1
+hayrivertownship.gov, 1
+haysc.tech, 1
+hayssuperclean.com, 1
+haystack.tk, 1
+haystackrenovation.com.au, 1
+haystravel.co.uk, 1
+hayvanlar.net, 1
+hayvid.com, 1
+hayvid.net, 1
+hayward.uk.com, 1
+haywoodtn.gov, 1
+hazalturesan.tk, 1
+hazana.ovh, 1
+hazara-online.tk, 1
+hazaristan.asia, 1
+haze-productions.com, 1
+haze.productions, 1
+hazeldeanfamilydentalcentre.com, 1
+hazelhof.nl, 1
+hazelkid.tk, 1
+hazeover.com, 1
+hazimdesign.tk, 1
+hazit.co.il, 1
+hazlocheaters.com, 1
+hazloconlapix.com, 1
+hazyhosting.tk, 1
+hazytales.com, 1
+hazza.net, 1
+hb.by, 1
+hb5197.com, 0
+hb6729.com, 1
+hb8522.com, 1
+hb9397.com, 1
+hba1crechner.de, 1
+hbaa.ml, 1
+hbag.org, 1
+hbauer.net, 0
+hbbet.com, 1
+hbcm70.fr, 1
+hbcu-colleges.com, 1
+hbfisioeesthetic.com.br, 1
+hbgshop.cf, 1
+hbh.sh, 1
+hbility.eu, 0
+hbl-stahl.de, 1
+hblwrk.de, 1
+hbo-center.com, 1
+hboeck.de, 1
+hbomaxaustralia.com, 1
+hbpro.pt, 1
+hbr.link, 1
+hbs-it-gmbh.de, 1
+hbsslaw.co.uk, 1
+hbsslaw.com, 1
+hbsvzos.nl, 1
+hbudd.com, 0
+hbvip.com, 1
+hbweb.io, 1
+hbxianghang.com, 0
+hby.cx, 1
+hc-sc.gc.ca, 0
+hcahealthcare.co.uk, 1
+hcamag.com, 1
+hcaptcha.com, 1
+hcasino.it, 1
+hcaz.io, 1
+hcc-s.de, 1
+hcc-server.de, 1
+hccnet.org, 1
+hcdatn.gov, 1
+hcdonbass.com, 1
+hceu-performance.com, 1
+hcfeye.com.au, 1
+hcfl.gov, 1
+hcfoodpantry.org, 1
+hcg24.com, 1
+hcgallia.tk, 1
+hcie.pl, 0
+hclsw.at, 0
+hclsw.ch, 0
+hclsw.de, 0
+hclu.co, 1
+hcmuehlethurnen.ch, 1
+hcnh.gov, 1
+hco4.com, 1
+hcqmeta.com, 1
+hcr.io, 0
+hcs.land, 1
+hcscrusaders.com, 1
+hcsoffshore.com, 1
+hctegelhandel.tk, 1
+hctr002.tk, 1
+hcv.cz, 1
+hcv.ind.in, 1
+hcvp.com.pt, 1
+hcwels.at, 1
+hd-offensive.at, 0
+hd-olimpo.club, 1
+hd-only.org, 1
+hd-outillage.com, 1
+hd4arab.tk, 1
+hd6729.com, 1
+hd6957.com, 1
+hd9397.com, 1
+hd9721.com, 1
+hdaccess.info, 1
+hdatraining.ma, 1
+hdbigass.com, 1
+hdbits.org, 1
+hdblackporn.com, 1
+hdbooty.com, 1
+hdc.sg, 1
+hdcoupler.com.au, 1
+hddrecovery.net.au, 1
+hdeaves.uk, 1
+hdepic.com, 1
+hdert.com, 1
+hdevent.net, 1
+hdfreeizle.com, 1
+hdfreex.com, 1
+hdgrannytube.com, 1
+hdguru.com, 1
+hdhoang.space, 1
+hdhomelift.com, 1
+hdlooks.tk, 1
+hdm-bogensport.at, 1
+hdmatureporn.com, 1
+hdmaturetube.com, 1
+hdmaturetube.tv, 1
+hdmilfporn.com, 1
+hdmixfilim.com, 1
+hdml.kr, 1
+hdmomtube.com, 1
+hdmovierulz.co, 1
+hdnakedgirls.com, 1
+hdnastudio.com, 1
+hdporno.tv, 1
+hdpornose.com, 1
+hdpornpics.com, 1
+hdpornpicture.com, 1
+hdrams.com, 1
+hdrcomercio.com.br, 1
+hdrezka2018.tk, 1
+hdrip.info, 1
+hdrtranscon.com, 0
+hds-lan.de, 1
+hdscheduleers.ga, 1
+hdscheduleest.ga, 1
+hdsengine.ml, 1
+hdsexxx.net, 1
+hdsinemax.com, 1
+hdtvblogsers.ga, 1
+hdtvblogsest.ga, 1
+hdtvboarders.ga, 1
+hdtvboardest.ga, 1
+hdv.paris, 1
+hdv12.horse, 1
+hdview.co.uk, 1
+hdwallpapers.net, 1
+hdwetpussy.com, 1
+hdxvideosporns.com, 1
+hdxxxpics.net, 1
+hdy.nz, 1
+hdz.org, 1
+hdzineers.ga, 1
+hdzineest.ga, 1
+he-sb.cf, 1
+he-sb.eu.org, 1
+he-sb.top, 1
+he.kg, 1
+heaaart.com, 1
+head-hunters.tk, 1
+head.org, 1
+head.ru, 1
+heade.cf, 1
+headed2.com, 1
+headforcloud.com, 1
+headhuntercolombia.com, 1
+heading2australia.ga, 1
+headinsider.net, 0
+headlight.tech, 1
+headlineclub.gr, 1
+headlinepublishing.be, 1
+headofhair.pl, 1
+headphonesinear.tk, 1
+headshotharp.de, 1
+headsmackskatepark.tk, 1
+headstartkernow.org.uk, 1
+headstogether.org.uk, 1
+headstrong.de, 1
+headsuphealth.com, 1
+headwall-hosting.com, 1
+headwayapp.co, 1
+healdsburg.gov, 1
+healinfoods.com, 1
+healingfoundation.org.au, 1
+healingriverscounseling.net, 1
+healingthenaturalway.cf, 1
+healingthenaturalway.ga, 1
+healingthenaturalway.gq, 1
+healingwell.com, 1
+healingwithvibrationsummit.com, 1
+healinlife.com, 1
+healmyhearttoday.ga, 1
+healmynation.com, 1
+healtbeautyturkey.tk, 1
+health-and-beauty-news.net, 1
+health-ashlandcounty-oh.gov, 1
+health-e.org.za, 1
+health-ecore.com, 1
+health-in-mind.org.uk, 1
+health-match.com.au, 1
+health-plan-news.com, 1
+health-road.ga, 1
+health-toolbox.com, 1
+health-tourism.com, 1
+health.gd, 1
+health.gov, 1
+health.graphics, 1
+health.mil, 1
+health24.ml, 1
+health24world.ml, 1
+health360.bh, 1
+health4all.tk, 1
+health4food.com, 1
+health4life.tk, 1
+healthabundant.ga, 1
+healthactive.co, 0
+healthadaptive.ga, 1
+healthalbuquerque.tk, 1
+healthalternativemedicine.tk, 1
+healthamazing.ga, 1
+healthand.ml, 1
+healthandfitnessover40.co.uk, 1
+healthandglow.tk, 1
+healthandskinbeauty.com, 1
+healtharlington.tk, 1
+healtharrow.ga, 1
+healthasociation.tk, 1
+healthatlanta.tk, 1
+healthatlantic.ga, 1
+healthatlantic.tk, 1
+healthawareness.cf, 1
+healthbanfield.tk, 1
+healthbank.io, 1
+healthbeltsville.tk, 1
+healthbinghamton.tk, 1
+healthbit.com.br, 1
+healthblender.ga, 1
+healthblod.ga, 1
+healthbolton.tk, 1
+healthbordelonville.tk, 1
+healthboston.tk, 1
+healthboulevard.ga, 1
+healthbounce.ga, 1
+healthbrisbane.tk, 1
+healthbrite.ga, 1
+healthbrochures.info, 1
+healthbunny.ga, 1
+healthcalculator.site, 1
+healthcanal.ga, 1
+healthcaptive.ga, 1
+healthcare.gov, 0
+healthcare4ppl.com, 1
+healthcareadministrationedu.org, 1
+healthcareagency.tk, 1
+healthcareareainfo.tk, 1
+healthcareconnexion.com, 1
+healthcarediversion.org, 1
+healthcaredrugs.tk, 1
+healthcareera.tk, 1
+healthcareinfonews.tk, 1
+healthcaremedicine.tk, 1
+healthcarenutrition.tk, 1
+healthcarepathway.com, 1
+healthcareresearch.tk, 1
+healthcarereviews.tk, 1
+healthcarestaffingacademy.com, 1
+healthcaresystemcareersedu.org, 1
+healthcatch.ga, 1
+healthcentralasia.tk, 1
+healthcentralmedicine.tk, 1
+healthcentralnews.tk, 1
+healthcentralstore.tk, 1
+healthcentraltreatment.tk, 1
+healthcharte.ga, 1
+healthchecks.io, 1
+healthchillicothe.tk, 1
+healthchoice.tk, 1
+healthcise.com, 1
+healthclassy.ga, 1
+healthclearance.ga, 1
+healthclyman.tk, 1
+healthcode.cf, 1
+healthcollect.ga, 1
+healthcolumbia.tk, 1
+healthcolumbus.tk, 1
+healthcommission.ga, 1
+healthcompany.tk, 1
+healthconfluence.tk, 1
+healthconstruct.ga, 1
+healthcostinstitute.org, 0
+healthcounty.ga, 1
+healthcourier.ga, 1
+healthcrafter.ga, 1
+healthcrawler.ga, 1
+healthcrown.cf, 1
+healthcrown.ga, 1
+healthcrystal.ga, 1
+healthculloden.tk, 1
+healthcultureexpo.com, 1
+healthcupid.ga, 1
+healthcurious.ga, 1
+healthdaily.cf, 1
+healthdaily.ga, 1
+healthdallas.tk, 1
+healthdata.gov, 1
+healthdelta.ga, 1
+healthdenver.tk, 1
+healthdesigning.ga, 1
+healthdestination.ga, 1
+healthdetroit.tk, 1
+healthdigitalstore.tk, 1
+healthdodge.ga, 1
+healthdowntown.ga, 1
+healthdraw.ga, 1
+healtheagle.ga, 1
+healtheffectsofasbestos.com, 1
+healthekids.tk, 1
+healthemden.tk, 1
+healthessence.ga, 1
+healthfalcon.ga, 1
+healthfame.ga, 1
+healthfiesta.ga, 1
+healthfinder.gov, 1
+healthfitapp.com, 1
+healthfitstore.com, 1
+healthflavor.ga, 1
+healthfleet.ga, 1
+healthfortwaltonbeach.tk, 1
+healthfortworth.tk, 1
+healthfrederick.tk, 1
+healthfreeport.tk, 1
+healthful.eu.org, 1
+healthglamour.ga, 1
+healthgoddess.ga, 1
+healthgrace.ga, 1
+healthgrad.com, 1
+healthgrandrapids.tk, 1
+healthguerilla.ga, 1
+healthguerrilla.ga, 1
+healthhair.ru, 1
+healthhard.ga, 1
+healthharrisburg.tk, 1
+healthhelena.tk, 1
+healthhendersonville.tk, 1
+healthhosts.com, 1
+healthhuntsville.tk, 1
+healthhusky.ga, 1
+healthi.ch, 1
+healthierweight.co.uk, 1
+healthimagine.ga, 1
+healthintergrity.ga, 1
+healthiraq.ga, 1
+healthiron.ga, 1
+healthit.gov, 1
+healthjackpot.ga, 1
+healthjarrettsville.tk, 1
+healthjoker.ga, 1
+healthkaro.tk, 1
+healthkaty.tk, 1
+healthkayak.ga, 1
+healthknight.ga, 1
+healthlable.com, 1
+healthlabs.com, 1
+healthlar.com, 1
+healthleadsusa.org, 1
+healthlesson.tk, 1
+healthlifeforyou.tk, 1
+healthlightning.ga, 1
+healthlincoln.tk, 1
+healthloco.ga, 1
+healthlongwood.tk, 1
+healthlowprice.ga, 1
+healthlucky.ga, 1
+healthmagazines.tk, 1
+healthmanager.ml, 1
+healthmanchester.tk, 1
+healthmatchapp.com, 1
+healthmeasure.ga, 1
+healthmedcost.com, 1
+healthmedicineasia.tk, 1
+healthmedicinebiology.tk, 1
+healthmedicinedrug.tk, 1
+healthmedicinestore.tk, 1
+healthmedicineus.tk, 1
+healthmedicineworld.tk, 1
+healthmeta.ga, 1
+healthmetric.ga, 1
+healthmiami.tk, 1
+healthmillions.ga, 1
+healthmilwaukee.tk, 1
+healthmilwaukie.tk, 1
+healthmotivation.ml, 1
+healthmountolive.tk, 1
+healthmuscle.ga, 1
+healthmuscle.tk, 1
+healthmystical.ga, 1
+healthnano.ga, 1
+healthnational.ga, 1
+healthnobel.ga, 1
+healthnorman.tk, 1
+healthnorthamerican.ga, 1
+healthnorthgreenbush.tk, 1
+healthnutrition.tk, 1
+healthnutritionfood.tk, 1
+healthnutritiongrowth.tk, 1
+healthnutritioninfo.tk, 1
+healthnutritioninfonews.tk, 1
+healthnutritioninjury.tk, 1
+healthnutritionpregnancy.tk, 1
+healthnutritionpublic.tk, 1
+healthnutritionusa.tk, 1
+healthnweight.tk, 1
+healthoakland.tk, 1
+healthocity.ga, 1
+healthoffline.ga, 1
+healthoneday.ga, 1
+healthonplanet.com, 1
+healthoptions.tk, 1
+healthpaducah.tk, 1
+healthpeace.ga, 1
+healthpeach.ga, 1
+healthpersonal.ga, 1
+healthpert.com, 1
+healthphase.ga, 1
+healthpickup.ga, 1
+healthpirates.ga, 1
+healthplansamerica.org, 1
+healthplatinum.ga, 1
+healthpremier.ga, 1
+healthprestige.ga, 1
+healthpriority.ml, 1
+healthproconsulting.com, 1
+healthquality.tk, 1
+healthquantum.ga, 1
+healthquest.com.au, 1
+healthrail.ga, 1
+healthrangely.tk, 1
+healthrapid.ga, 1
+healthraven.ga, 1
+healthreadset.ga, 1
+healthremarkable.ga, 1
+healthreno.tk, 1
+healthrequest.ga, 1
+healthrish.com, 1
+healthrivergrove.tk, 1
+healthrule.ga, 1
+healthrunners.ga, 1
+healths-tips.ml, 1
+healthsacramento.tk, 1
+healthsalvage.ga, 1
+healthsample.ga, 1
+healthsanantonio.tk, 1
+healthsanjose.tk, 1
+healthsanluisobispo.tk, 1
+healthsantaana.tk, 1
+healthsantaclara.tk, 1
+healthscience.tk, 1
+healthseason.ga, 1
+healthseattle.tk, 1
+healthservicediscounts.com, 1
+healthsession.ga, 1
+healthshadow.ga, 1
+healthsleuth.ga, 1
+healthslide.ga, 1
+healthsomerset.tk, 1
+healthsone.com, 1
+healthsouthfield.tk, 1
+healthsparkle.ga, 1
+healthspencer.tk, 1
+healthspringfield.tk, 1
+healthstar-dev.io, 1
+healthstar.io, 1
+healthstrick.ga, 1
+healthstudy.tk, 1
+healthstyletips.ml, 1
+healthsunflower.ga, 1
+healthsustain.ga, 1
+healthsyndrome.tk, 1
+healthtacoma.tk, 1
+healthtimes.ga, 1
+healthtips4you.ml, 1
+healthtoledo.tk, 1
+healthtreats.ga, 1
+healthtrio.com, 1
+healthtrust.tk, 1
+healthturbo.ga, 1
+healthultra.ga, 1
+healthunique.ga, 1
+healthurban.ga, 1
+healthvacancies.tk, 1
+healthvariety.ga, 1
+healthvariety.tk, 1
+healthveedersburg.tk, 1
+healthvision.ml, 1
+healthwarior.tk, 1
+healthwausau.tk, 1
+healthwealthtime.org, 1
+healthwichita.tk, 1
+healthy-map.com, 1
+healthy-shoko.com, 1
+healthy.io, 1
+healthyaging-digital.com, 1
+healthyalabama.tk, 1
+healthyalaska.tk, 1
+healthyankee.ga, 1
+healthyarizona.tk, 1
+healthyarkansas.tk, 1
+healthybeauty365bn.com, 1
+healthyburn.tk, 1
+healthychoices.tk, 1
+healthyclinic.tk, 1
+healthycolorado.tk, 1
+healthyfitfood.com, 1
+healthyflorida.tk, 1
+healthyfoodanddrink.tk, 1
+healthygeorgia.tk, 1
+healthyhomesofmichigan.com, 0
+healthyhomeventilation.com.au, 1
+healthyhours.tk, 1
+healthyindiana.tk, 1
+healthykansas.tk, 1
+healthykitchen101.com, 1
+healthymaine.tk, 1
+healthymen.ml, 1
+healthyminnesota.tk, 1
+healthymississippi.tk, 1
+healthynewjersey.tk, 1
+healthynutritionguide.info, 1
+healthyoregon.tk, 1
+healthypennsylvania.tk, 1
+healthypeople.gov, 1
+healthyrecipes101.com, 1
+healthyrun.tk, 1
+healthysanfrancisco.org, 1
+healthysouthdakota.tk, 1
+healthyspirituality.org, 1
+healthystore.my.id, 1
+healthystyle.tk, 1
+healthysuperhuman.com, 1
+healthyteame.com, 1
+healthytipsdiet.tk, 1
+healthyweblife.tk, 1
+healthywyoming.tk, 1
+healthyyou.ml, 1
+healtmainwp.tk, 1
+healtyersworld.tk, 1
+heap.zone, 1
+heapsofheaven.com, 1
+heardcountyathletics.com, 1
+hearfool.cc, 1
+hearingbydesign.co.nz, 1
+hearingshofar.com, 1
+hearkener.com, 1
+heart-cartoons.tk, 1
+heart-valve-surgery.com, 1
+heartbeat24.de, 1
+heartbomb.co.jp, 1
+heartbound.wiki, 1
+heartcard.tk, 1
+heartchating.tk, 1
+heartcomms.com.au, 1
+heartgames.pl, 1
+hearthealing.ca, 1
+hearthstonehungary.hu, 1
+hearthustlebrands.com, 1
+heartlandbiomed.com, 1
+heartlandbraidedrugs.com, 1
+heartlandcocacola.com, 1
+heartlandrentals.com, 1
+heartlandtownandcountry.tk, 1
+heartofenglandfirstaidtraining.com, 1
+heartofgod.tk, 1
+heartofthepeace.com, 0
+heartonmysleevegreetings.com, 1
+heartsintrueharmony.com, 1
+heartsucker.com, 0
+hearttruth.gov, 1
+heartview.com.br, 1
+heartwoodart.com, 1
+heartwoodrefuge.org, 0
+hearty.blog, 1
+hearty.eu.org, 0
+hearty.ga, 1
+hearty.gift, 1
+hearty.gq, 1
+hearty.ink, 1
+hearty.me, 1
+hearty.ml, 1
+hearty.ooo, 1
+hearty.org.tw, 1
+hearty.sg, 1
+hearty.taipei, 1
+hearty.tech, 1
+hearty.tw, 1
+heartyapp.com, 1
+heartyapp.tw, 1
+heartymail.com, 1
+hearusa.com, 1
+heaslip-aluminium-smelter-engineering.com, 1
+heat-press.com.au, 1
+heat-ua.pt, 1
+heat.gov, 1
+heatcheck.security, 1
+heatcleanerers.ga, 1
+heatcleanerest.ga, 1
+heatershop.co.uk, 1
+heatgeek.com, 1
+heatherbells.tk, 1
+heatherleysephotography.com, 1
+heathersmithcommercial.com, 1
+heathersnotes.com, 1
+heathrowairportparking24.co.uk, 1
+heatingequipment.tk, 1
+heaven-boutique.de, 0
+heavenlybeauty.tk, 1
+heavenlylanka.com.au, 1
+heavenlynails.pl, 1
+heavenlyseals.com, 1
+heavenlysmokenc.com, 1
+heavennewsers.ga, 1
+heavennewsest.ga, 1
+heavensattic.co.uk, 1
+heavensolutions.com.br, 1
+heaventurizm.com.tr, 1
+heavyart.pl, 0
+heavycaliber.com, 1
+heavycoupleers.ga, 1
+heavycoupleest.ga, 1
+heavyequipments.org, 0
+heavyhymnal.com, 1
+heavylord.tk, 1
+heavysounds.tk, 1
+hebamme-cranio.ch, 1
+hebamme-ebersberg.de, 1
+hebamme-sabine.eu, 1
+hebbelabi.tk, 1
+hebe.stream, 1
+heber.tk, 1
+hebersprings.gov, 1
+heberut.gov, 1
+hebikhiv.nl, 1
+hebin.cf, 1
+hebmexico.tk, 1
+hebrew.ga, 1
+hebronnh.gov, 1
+hec-espace-entreprise.ch, 0
+hec.global, 1
+hecco.io, 1
+heccubus.tk, 1
+hechaocheng.ga, 1
+hechaocheng.ml, 1
+hechaocheng.tk, 1
+hechizosymagianegra.es, 1
+hechno.com, 1
+heckelektro.de, 1
+heckhome.com, 1
+hecking.tk, 1
+heckmann.photos, 1
+hectorama.tk, 1
+hectorfiorini.com.ar, 0
+hectorlima.tk, 1
+hedd.audio, 1
+heddoun.com, 1
+hedefhalk.com, 1
+hedefkompresor.com, 1
+hedenskrig.tk, 1
+hederaconsulting.com, 1
+hederawinkel.nl, 0
+hedge.fi, 1
+hedgedoc.net, 1
+hedgedoc.org, 1
+hedgehogs.tk, 1
+hedgesafeers.ga, 1
+hedgesafeest.ga, 1
+hedgeschool.ie, 1
+hedgetube.ga, 1
+hedinghamandchambers.co.uk, 1
+hedman.tk, 1
+hedonics.org, 1
+hedonism.org, 1
+hedonistai.org, 1
+hedonistic-imperative.com, 1
+hedonistic.org, 1
+hedonisticimperative.com, 1
+hedonium.com, 1
+hedoujia.tw, 1
+hedronarchive.com, 1
+hedweb.co.uk, 1
+hedweb.com, 1
+hedweb.net, 1
+hedweb.org, 1
+hedweb.uk, 1
+hedys.de, 1
+hee.ink, 1
+heeftmijnwebsitehttpsnodig.nl, 1
+heeler.red, 1
+heello.es, 1
+heerenveenlokaal.nl, 1
+heesenyachts.com, 0
+heethealthcare.com, 1
+hefengautoparts.com, 1
+heficed.com, 1
+heftfilme.com, 1
+hefty.cloud, 1
+heg.ge, 1
+hegdahl.tk, 1
+hegdahl.xyz, 1
+hegocre.com, 1
+heh.ee, 1
+heha.co, 0
+hehecams.com, 1
+hehechat.com, 1
+heheparty.com, 1
+heheparty.net, 1
+heheparty.org, 1
+hehn.de, 1
+hehome.xyz, 0
+heiaheia.com, 1
+heibel.tk, 1
+heibobo.cf, 1
+heibobo.com, 1
+heibobo.ga, 1
+heibobo.gq, 1
+heibobo.ml, 1
+heibobo.tk, 1
+heic.nz, 1
+heictoany.com, 1
+heid.ws, 1
+heidarilawgroup.com, 1
+heidegg.ch, 1
+heidelbergengineering.com, 1
+heiden-wir-helfen.de, 1
+heidifuller.com, 1
+heidihills.com, 1
+heidinousiainen.com, 1
+heidirange.tk, 1
+heidisheroes.org, 1
+heidns.cn, 1
+heighton.com.au, 1
+heightselectrical.com.au, 1
+heigl-care.de, 1
+heihaha.com, 1
+heihei.cf, 1
+heijblok.com, 1
+heijdel.nl, 1
+heijmans.blog, 1
+heijmans.io, 1
+heijmans.org, 1
+heijmans.pm, 1
+heijmans.tech, 1
+heikal.tk, 1
+heikegastmann.com, 1
+heikki-mikkola.tk, 1
+heiko-zimmermann.com, 1
+heiko.ph, 1
+heikomauel.de, 1
+heikoopminiaturen.nl, 1
+heiland.io, 1
+heilbronn.tk, 1
+heiliao.in, 1
+heiligebirmanen.tk, 1
+heiliger-gral.info, 1
+heilpflanzenmagie.de, 1
+heilpraktiker-maxdorf.de, 1
+heimatverein-eitensheim.de, 1
+heimdallsensors.com, 1
+heimnetze.org, 0
+heimonen.eu, 1
+heimstaden.dk, 1
+heina.net, 1
+heineken.co.za, 1
+heino-peters.de, 1
+heinonen.cc, 1
+heinrich1.de, 1
+heinrich5991.de, 1
+heinvanhemert.nl, 1
+heinzdekat.tk, 1
+heinzencastellano.tk, 1
+heiraten-gardasee.de, 1
+heiraten-venedig.de, 1
+heirloom-grove.com, 1
+heise.cf, 1
+heise.ml, 1
+heisenberg.co, 1
+heishop.com.br, 1
+heishop.mx, 1
+heist-clan.tk, 1
+heistheguy.com, 1
+heitepriem.info, 1
+heiwa-valve.co.jp, 1
+hejazultra.org, 1
+heka.ai, 1
+hekat.sk, 1
+hekate.com.mx, 1
+hekatija.com, 1
+hekeki.com, 1
+hekoro.ml, 1
+hektenkairez.com, 1
+hekwerken.tk, 1
+helabet.com, 1
+helabet.ng, 1
+heladospipos.ga, 1
+helagotaland.ga, 1
+helagotaland.gq, 1
+helali.me, 1
+helbreath.tk, 1
+helcim.com, 1
+helco.xyz, 1
+helden-spielen.de, 1
+heldenhalde.de, 1
+heldmayer.com, 1
+heldtech.services, 1
+heldundsexgott.de, 1
+helebce.tk, 1
+heleendebruyne.be, 1
+helemduruth.com, 1
+helena-loos.de, 1
+helenair.com, 1
+helenakmiec.pl, 1
+helenapaparizouspainfanclub.tk, 1
+helenatownshipmi.gov, 1
+helendoe.uk, 1
+helendoron.fr, 1
+helene-conway.com, 1
+helenekurtz.com, 1
+helenelefauconnier.com, 1
+helenevanwunnik.tk, 1
+helenkellersimulator.org, 1
+helenlim.pw, 1
+helenmarie.ie, 1
+helensmithpr.co.uk, 1
+helenssjoholm.cf, 1
+helenssjoholm.ga, 1
+helenvalsj.tk, 1
+helenwade.tk, 1
+heleus.it, 1
+helfordriversc.co.uk, 1
+helga-fest.tk, 1
+helgaschultz.de, 1
+helgeklein.com, 1
+helhetsframtradande.se, 1
+helia.com.au, 1
+helichat.de, 1
+heliconservices.com, 1
+heligrandcanyon.com, 1
+helijobs.net, 1
+helikopter.ml, 1
+helikopterman.tk, 1
+helikopters.tk, 1
+helioanodyne.eu, 1
+heliobil.fr, 1
+heliocentrism.jp, 1
+helion.ch, 0
+helioring.com, 1
+helios4.com, 1
+heliosbot.net, 1
+heliosnet.com, 1
+heliosvoting.org, 0
+heliport-moscow.ru, 1
+helisimmer.com, 1
+heliumtech.tk, 1
+helix.am, 1
+helixagencyservices.com, 1
+helkyn.eu, 1
+helkyn.fr, 1
+helkyn.org, 1
+hell-o.net, 1
+hell.rodeo, 0
+hell.sh, 1
+hellband.tk, 1
+hellblade.tk, 1
+hellblast.tk, 1
+hellboundhackers.org, 1
+hellendumanrealty.com, 1
+hellenicagora.co.uk, 1
+hellenicmusicacademy.com, 1
+hellerarko.de, 1
+hellfreak.tk, 1
+hellhammer.tk, 1
+hellhavens.tk, 1
+hello-aioi.com, 1
+hello-papaye.com, 1
+hello-products.com, 1
+helloacm.com, 1
+helloafrica.ga, 1
+helloappservices.com, 1
+hellobarestore.com, 1
+hellobee.com, 1
+hellobetter.de, 1
+hellobrian.me, 1
+hellocash.business, 1
+hellocat.cf, 1
+hellocentral.ga, 1
+hellocoding.de, 1
+hellodesign.tk, 1
+hellodollface.com, 1
+helloemailers.ga, 1
+helloemailest.ga, 1
+helloexit.com, 1
+hellofilters.com, 1
+helloheadsup.com, 1
+helloindia.tk, 1
+hellokashmir.tk, 1
+hellolove.sg, 1
+hellomookie.com, 1
+hellomouse.cf, 1
+hellomouse.net, 1
+hellomouse.tk, 1
+hellomunnar.in, 1
+hellomyword.tk, 1
+hellonews.cf, 1
+hellonews.ga, 1
+helloo.com.br, 1
+hellopandaphoto.com, 1
+hellopowerserg.com, 1
+hellopredict.com, 1
+hellorory.com, 1
+hellorussia.ga, 1
+hellosalmon.com, 1
+hellosells.com, 1
+hellosixpackabs.com, 1
+helloskip.com, 0
+hellosmoove.com, 1
+hellotandem.com, 1
+hellotars.com, 1
+helloteen.tk, 1
+hellothematic.com, 1
+hellothought.net, 1
+hellotwist.com, 1
+hellov.in, 1
+helloverify.com, 1
+hellovillam.com, 1
+helloworldhost.com, 0
+hellpc.net, 1
+hellpizza.nz, 1
+hellraid.com, 1
+hellseeker.tk, 1
+hellsinkivampires.tk, 1
+hellsoldiers.tk, 1
+hellven.net, 1
+hellvis.tk, 1
+hellyeahbeer.tk, 1
+helm-pokale.at, 1
+helm-pokale.de, 1
+helm-trophy.com, 1
+helmethouse.com, 1
+helminger-lrs.at, 1
+helmscapital.co.uk, 1
+helochic.com, 1
+heloisamarra.com, 1
+helooo.com, 1
+helorobo.com, 1
+help-me.today, 1
+help207.me, 1
+help24.be, 0
+help911.com, 1
+helpamericavote.gov, 1
+helpatmyhome.com, 1
+helpc.eu, 1
+helpcalculator.tk, 1
+helpcapital.ru, 1
+helpcomp.tk, 1
+helpconnect.com.au, 1
+helpcrm.co.uk, 1
+helpekwendenihospital.com, 1
+helpinghandspartners.org, 1
+helpingupromo.com, 1
+helpkoil.com, 1
+helplightning.com, 1
+helpline.com.ua, 1
+helpmecovid.com, 1
+helpmij.cf, 1
+helpnet.ro, 1
+helpout.us, 1
+helpowl.com, 1
+helppc.com.ua, 1
+helprb.ru, 1
+helpscoutdocs.com, 1
+helptasker.com, 1
+helptasker.net, 1
+helptasker.org, 1
+helptasker.ru, 1
+helpticket.ml, 1
+helpticket.tk, 1
+helpwaarbenik.nl, 1
+helpwiki.nl, 1
+helpwise.io, 1
+helpwithadoption.com, 1
+helpwithinreach.com, 1
+helpwithmybank.gov, 1
+helpwithmycheckingaccount.gov, 1
+helpwithmycreditcard.gov, 1
+helpwithmycreditcardbank.gov, 1
+helpwithmymortgage.gov, 1
+helpwithmymortgagebank.gov, 1
+helsenorge.no, 1
+helsi.me, 1
+helsingfors.guide, 1
+helsinginlaakariyhdistys.fi, 1
+helsinki-systems.de, 1
+helst.org, 1
+heluna.tk, 1
+helvatech.ch, 1
+helvetic.finance, 1
+hemagon.com, 1
+hemanklerehab.com, 1
+hemaroids.tk, 1
+hematoonkologia.pl, 1
+hemdal.se, 0
+hemdian.com, 1
+hemmens.eu, 1
+hemmersbach.com, 1
+hemnet.se, 1
+hemorroi.ga, 1
+hemp.com, 1
+hemphopper.eu, 1
+hempoffset.com, 1
+hempsteadcitytx.gov, 1
+hemrin.com, 1
+hems.si, 1
+hemtest.com, 1
+hen.ee, 1
+hen.ne.ke, 1
+hendersoncountyil.gov, 1
+hendersonky.gov, 1
+hendersonvalleyautomotive.co.nz, 1
+hendersonwomenscare.com, 1
+henderz.tk, 1
+hendrickx.be, 1
+hendrik.li, 1
+hendrinortier.nl, 1
+hendrix.com.ng, 1
+hendrix.tk, 1
+hendryelections.gov, 1
+hengelsportjansenlommel.tk, 1
+hengstumone.com, 1
+henhenlu.com, 0
+henkboelman.com, 1
+henke-home.eu, 1
+henker.net, 1
+henkibeer.com, 1
+henko-consulting.com, 1
+henkpille.tk, 1
+henkverlinde.com, 0
+henley-computer-repairs.co.uk, 1
+henleybouncycastles.co.uk, 1
+henlich.de, 1
+hennecke-forstbetrieb.de, 1
+henneke.me, 1
+hennepincounty.gov, 1
+hennepintheatretrust.org, 1
+hennes-haan.de, 1
+hennes-pokalshop.de, 1
+hennes-shop.de, 1
+henneshaan.de, 1
+hennessey.com, 1
+hennesshop.de, 1
+hennessy.tk, 1
+hennies.org, 1
+hennikernh.gov, 1
+henningkerstan.de, 1
+henningkerstan.org, 1
+henradplumbing.co.uk, 1
+henri-feuillade.tk, 1
+henri.moe, 1
+henrichaussade.fr, 1
+henrico.gov, 1
+henrieta-nagyova.tk, 1
+henriettatownshipmi.gov, 1
+henrik-sachse.de, 1
+henrikjosefsson.net, 1
+henrikjuvonen.fi, 1
+henriknoerr.com, 1
+henriksachse.com, 1
+henriksachse.de, 1
+henriksoderlund.com, 1
+henrikwelk.de, 1
+henrilammers.nl, 1
+henrri.net, 1
+henry.gg, 1
+henryalanbrown.com, 1
+henrybelk.com, 1
+henrybrown0.com, 1
+henryclub.tk, 1
+henryco911tn.gov, 1
+henrycountyga.gov, 1
+henrycountyohio.gov, 1
+henrycountysheriffga.gov, 1
+henryctyil.gov, 1
+henryford.tk, 1
+henryhouse.wales, 1
+henryhugo.tk, 1
+henryishax.com, 1
+henryluker.com, 1
+henrymercado.tk, 1
+henrymintzberg.nl, 1
+henryocallaghan.com, 1
+hentai-paradise.fr, 1
+hentai.it, 1
+hentaigogo.com, 1
+hentaimaster.net, 1
+hentaipornography.com, 1
+hentaipros.com, 1
+hentaiprosnetwork.com, 1
+hentairead.com, 1
+hentairoulette.com, 1
+hentaishit.com, 1
+hentaiworld.cc, 0
+hentaizm.cf, 1
+hentamanga.tk, 1
+hentavfall.no, 1
+hentschke-bau.de, 1
+hentschke-betonfertigteilwerk.de, 1
+hentschke-invest.de, 1
+henzenhoning.nl, 1
+henzy.cloud, 1
+hepfree.nyc, 1
+hepha.ch, 1
+hephzibahga.gov, 1
+hepla.de, 0
+heppler.net, 1
+heptafrogs.de, 1
+heptagonsystems.com, 1
+heptner24.de, 1
+hepuer.com, 1
+hepworthwakefield.org, 1
+her-life.ru, 1
+her.porn, 1
+her123.win, 1
+heraa.top, 1
+heracasinos.com, 1
+herald-review.com, 1
+herald.ga, 1
+heraldcourier.com, 1
+heraldik-wiki.de, 1
+heraldmakassar.com, 1
+herasoft.com, 1
+heratnews.tk, 1
+herba-belgie.be, 1
+herbacom.ro, 1
+herbalcart.com, 1
+herbalhouse.tk, 1
+herbalife.ru, 1
+herbalifereport.tk, 1
+herbalkanker.tk, 1
+herbalproducts.com, 1
+herbarex.bg, 1
+herbarium.cf, 1
+herberichfamily.com, 1
+herbers.tk, 1
+herbertjanvandinther.nl, 1
+herbertmouwen.nl, 1
+herbiez.com, 1
+herbigass.com, 1
+herbisan.pl, 1
+herbnal.com, 1
+herbreathonglass.tk, 1
+herbsociety.org, 1
+herbsupplements.co.uk, 1
+herbweb.net, 1
+herbweb.org, 1
+herbymiast.waw.pl, 1
+herculesca.gov, 1
+herculex.fi, 1
+herderradio.ml, 1
+herdingcatshere.com, 1
+herdwilliam.ml, 1
+herdwilliam.tk, 1
+here.ml, 1
+herealways.tk, 1
+herecafe.com, 1
+heredapoxetine.gq, 1
+herefordlighthouse.org, 0
+heren.fashion, 1
+herenstraatvoorburg.tk, 1
+hereplus.me, 1
+hereporn.com, 1
+heretic-guild.com, 1
+hereticle.com, 1
+hereticmaniacs.tk, 1
+hereticofficial.com, 1
+hereticpreist.tk, 1
+herez.fr, 1
+hergeandtintin.tk, 1
+herila.ml, 1
+heringer.tk, 1
+heritagehandicraft.com, 1
+heritagereformed.tk, 1
+heritagetea.tk, 1
+heritagetechnologies.net, 1
+herizon.cf, 1
+herjj.com, 1
+herkam.pl, 1
+herkel.email, 1
+herkel.media, 1
+herkelmedia.com, 1
+herkelmedia.de, 1
+herkimercountyny.gov, 1
+herlimit.com, 1
+hermanbrouwer.nl, 1
+hermandadblanca.org, 0
+hermandevries.com, 1
+hermann-hesse-kolleg.de, 1
+hermann.in, 1
+hermanoscarrera.tk, 1
+hermes-net.de, 1
+hermes-servizi.it, 1
+hermessenger.fr, 1
+hermetas.org, 1
+hermetien.tk, 1
+hermietkreeft.site, 0
+herminghaus24.de, 1
+hermiston.gov, 1
+hermitant.fr, 1
+hermiu.com, 1
+hermodesign.com, 1
+hermonmaine.gov, 1
+hermosaseagirt.com, 1
+hernandovotes.gov, 1
+hernanygerman.tk, 1
+herndl.org, 1
+herne-kupony.sk, 1
+herni-kupony.cz, 1
+herniaclinic.com.sg, 1
+hernikgames.tk, 1
+hernn.com, 1
+heroblog.info, 1
+herocentral.de, 1
+heroco.xyz, 1
+herod.tk, 1
+heroes3stat.tk, 1
+heroesofthenorth.com, 1
+heroesorchestra.com, 1
+herofil.es, 1
+herogaming.net, 1
+herohealth.com, 1
+heroiclove.com, 1
+heroicpixel.com, 1
+herold.me, 1
+herold.space, 1
+heromlabs.tk, 1
+heromuster.com, 1
+heronhallacademy.org.uk, 1
+heroplusgroup.com, 0
+heroway.com, 1
+heroxin.com, 1
+herp.careers, 1
+herp.top, 1
+herpderpderpderp.com, 1
+herpes-no.com, 1
+herr-webdesign.de, 1
+herrald-skeeleren.tk, 1
+herramientasbazarot.com, 1
+herrderzeit.de, 1
+herregruppa.no, 1
+herrenblut.tk, 1
+herrenmuehle-wein.de, 1
+herreriamauricio.com.ar, 1
+herreriaorozco.com, 1
+herrfirm.com, 1
+herriman.gov, 1
+herriman.net, 1
+herringadvancemachine.com, 1
+herringboneeats.com, 1
+herringsresidence.be, 1
+herritage.ga, 1
+herrkal.eu, 1
+herrman.tk, 1
+herrns.cloud, 1
+herrschaftlich-durch-dresden.de, 1
+herrsmith.com, 1
+herrtxbias.net, 1
+herrtxbias.org, 1
+hersdorf-eifel.de, 1
+hersheyfeis.com, 1
+hersmartchoice.com, 1
+herthaloewen.tk, 1
+hertie.de, 1
+hertsbouncycastles.com, 1
+heru.tk, 1
+herumixer.ga, 1
+herus.net.pl, 1
+hervegranger.fr, 1
+hervia.com, 1
+hervormdweeshuiszwolle.nl, 1
+herwz.com, 1
+herychreality.cz, 1
+herza.id, 1
+herzberg.site, 1
+herzfuersoziales.at, 1
+herzig.cc, 1
+herzpfa.de, 1
+herzwacht.de, 1
+herzzuherz.de, 1
+hes.com.cy, 1
+hesabcenter.com, 1
+hesago.store, 1
+hesama.tk, 1
+hesaplama.net, 1
+hesbayefrost.be, 1
+hesbenergie.be, 1
+hescos.tk, 1
+heshamelsawah.clinic, 1
+heshamselim.tk, 1
+hessen-liebe.de, 1
+hessen.de, 1
+hessen.social, 1
+hessenheim.tk, 1
+hessherrera.com, 1
+hessis.xyz, 1
+hessischer-landtag.de, 1
+hesslag.com, 1
+hestaheimur.is, 1
+hestegrovvaren.dk, 1
+hestervanderheijden.nl, 1
+hestia-systeme.be, 1
+hestia-systeme.com, 1
+hestia-systeme.eu, 1
+hestia-systeme.fr, 1
+hestonlawfirm.com, 1
+hesyifei.com, 1
+het-klaverblad.nl, 1
+hetchie.com, 1
+hetcoronalab.nl, 1
+hetdebat.tk, 1
+hetene.nl, 1
+hetfundament.team, 1
+hetgetouw.be, 1
+hethely.ch, 1
+hetmanrecovery.com, 1
+hetmedialab.nl, 1
+hetmeisjeachterpauw.nl, 1
+hetmer.cz, 1
+hetoefenpunt.be, 1
+hetushu.com, 1
+hetveurtheater.nl, 1
+hetvezercsarda.hu, 1
+hetwalhalla.nl, 1
+heureetka.fr, 1
+heureka.fi, 1
+heureka2.com, 1
+heute-kaufen.de, 1
+heute.training, 1
+heutger.de, 1
+heutger.net, 1
+hev.edu.ee, 1
+heveacom.com, 1
+hevenerfeld.de, 1
+hevertonfreitas.com.br, 1
+hevo.io, 1
+hevoapp.com, 1
+hevodata.com, 1
+hevoiq.com, 1
+hevolus.it, 1
+hevrishut.cf, 1
+hewavitharanamv.tk, 1
+hewlettbayparkny.gov, 1
+hewlettharbor.gov, 1
+hex.nl, 1
+hexagon-e.com, 1
+hexagonengg.com, 1
+hexalinq.com, 1
+hexane.cf, 1
+hexapt.com, 1
+hexashore.tn, 1
+hexasoft.com.my, 1
+hexatech.gq, 1
+hexatech.tk, 1
+hexaunits.com, 1
+hexaware.com, 1
+hexaweb.tk, 1
+hexcel.com, 1
+hexcode.in, 1
+hexhu.com, 1
+hexhu.net, 1
+hexiaohu.cn, 0
+hexid.me, 0
+hexieshe.com, 1
+hexo.ink, 0
+hexo.io, 0
+hexobind.com, 1
+hexoff.com, 1
+hexony.com, 1
+hexr.org, 1
+hexsafe.io, 1
+hexstream.expert, 1
+hexstream.net, 1
+hexstream.xyz, 1
+hexstreamsoft.com, 1
+hexure.com, 1
+hexxagon.com, 1
+hey-staging.com, 1
+hey.com, 1
+hey.pw, 1
+heyblogging.com, 0
+heybookmark.ga, 1
+heybookmark.gq, 1
+heybritney.tk, 1
+heybyrdie.com, 1
+heydorff.duckdns.org, 1
+heyfiesta.com, 1
+heyghost.io, 1
+heyitgirl.com, 1
+heyitsfree.net, 1
+heyjoecoffee.com, 1
+heyjoflyer.win, 1
+heyjournal.com, 1
+heyomg.com, 1
+heyplay.eu.org, 1
+heysora.net, 1
+heytrade.com, 1
+heyvilleers.ga, 1
+heyvilleest.ga, 1
+heywise.com, 1
+heywood.cloud, 1
+hezzit.net, 1
+hf-rpg.ml, 1
+hf51-domeinen.nl, 1
+hf51.nl, 1
+hfa3.org, 1
+hfholidays.co.uk, 1
+hfikq8.cf, 1
+hflsdev.org, 0
+hfox.org, 1
+hfsa.org, 1
+hfsctx.gov, 1
+hfsg-habicht.at, 1
+hfvuejq.pro, 1
+hfx405.de, 1
+hg.eu, 1
+hg.python.org, 1
+hg0086.la, 0
+hg71839.com, 1
+hgb.club, 1
+hgc.solutions, 1
+hgc369.com, 1
+hgcityca.gov, 1
+hgfa.fi, 1
+hghanbarimd.com, 1
+hgmaranatha.nl, 1
+hgpowerglue.nl, 1
+hgseo.me, 1
+hgseo.net, 1
+hgtwa.com.au, 1
+hguandl.com, 1
+hgvnet.de, 1
+hgyo.me, 1
+hgyoseo.com, 1
+hgzw.com, 0
+hh-host.de, 1
+hh-massage.de, 1
+hh-medic.com, 1
+hh-ri.com, 1
+hh-wolke.dedyn.io, 1
+hh5197.co, 1
+hh6729.co, 1
+hh6729.com, 0
+hh6957.co, 1
+hh9297.co, 1
+hh9397.com, 1
+hh9721.com, 0
+hh9728.co, 1
+hhank.com, 1
+hhdelfland.nl, 1
+hhdy3.com, 1
+hhhdb.com, 1
+hhristov.tk, 1
+hhs.gov, 1
+hhsrocketry.tk, 1
+hhxiaozhan.ml, 1
+hi-million.ga, 1
+hi-million.ml, 1
+hi-newspaper.ml, 1
+hi-res.cloud, 1
+hi-res.com.cn, 1
+hi-res.vip, 1
+hi-techcrimes.net, 1
+hialatv.com, 1
+hiatoconteudodigital.com.br, 1
+hiaus.net.au, 1
+hibanaworld.com, 1
+hibbingmn.gov, 1
+hibin.tk, 1
+hibiscuscoastfinancialservices.com.au, 1
+hibrid-turf.com, 1
+hiccupsandjuice.co.uk, 1
+hickmancountytn.gov, 1
+hickoryrecord.com, 1
+hickorywinecellar.com, 1
+hicksvilleohio.gov, 1
+hicl.org, 1
+hicoria.com, 1
+hicts.nl, 1
+hiczp.com, 1
+hidalgoad.org, 1
+hidashin.co.jp, 1
+hidayatullah.com, 1
+hidbo.de, 1
+hidden.gq, 1
+hidden.nyc, 1
+hiddenbyleaves.tk, 1
+hiddencafebcn.com, 0
+hiddendragon.ml, 1
+hiddenempire.tk, 1
+hiddenhand.finance, 1
+hiddenhillselectric.com, 1
+hiddenhillselectrical.com, 1
+hiddenhillselectrician.com, 1
+hiddenhillsexteriorlighting.com, 1
+hiddenhillslandscapelighting.com, 1
+hiddenhillslighting.com, 1
+hiddenhillsoutdoorlighting.com, 1
+hiddenimage.ml, 1
+hiddenmalta.net, 1
+hiddenpalms.tk, 1
+hiddenredknights.tk, 1
+hiddenrefuge.eu.org, 1
+hiddens.tk, 1
+hiddenvalley.com, 1
+hiddout.com, 1
+hide-in.cloud, 1
+hide.me, 1
+hideallip.com, 1
+hideandseek.org, 1
+hidedd.com, 1
+hidelinkz.com, 1
+hideo54.com, 1
+hideouswebsite.com, 1
+hidetagu2021.net, 1
+hideuri.com, 1
+hidon.hu, 1
+hidra.tk, 1
+hidrolimpiadora.com.es, 1
+hidrolimpiadorasprofesionales.org, 1
+hidroshoping.com.br, 1
+hieisuki.ga, 1
+hielscher.com, 1
+hien.cf, 1
+hierden-bosch.nl, 1
+hierer.com, 1
+hietbrink.tk, 1
+hietegerrekes.tk, 1
+hieucd.com, 1
+hif.red, 1
+hif88.com, 1
+hifala.de, 1
+hiffen.tk, 1
+hiffo.de, 1
+hifiaudio.sk, 1
+hifiphile.com, 1
+hifly.aero, 1
+hifly.com.tw, 1
+hifrds.com, 1
+hifrnds.in, 1
+hig.gov, 1
+higeniqcleaning.com.au, 1
+higentexpo.com, 1
+higginsroofing.com.au, 1
+higgsboson.tk, 1
+high-flying.co.uk, 1
+high-ground.org, 1
+high-heels.se, 1
+high-school-atka.ga, 1
+high-solar.com, 1
+high-tech.tk, 1
+high-way.me, 1
+highaltitudearchery.com, 0
+highburycorp.com, 1
+highcalorierecipes.com, 1
+highcbdoildrops.com, 1
+highchair.tk, 1
+highdaseo.ml, 1
+highdefinitionnetworksers.ga, 1
+highdefinitionnetworksest.ga, 1
+highdensityheadache.tk, 1
+highdeserttinyhomes.com, 1
+highdonate.tk, 1
+higheducation.ml, 1
+highenergy.tk, 1
+higherairspace.eu, 1
+higherpress.org, 1
+highftp.tk, 1
+highgravityconsulting.com, 1
+highground.com, 1
+highheeltamia.com, 1
+highintegrity.tk, 1
+highinthemid80s.com, 1
+highkick.jp, 1
+highland-webcams.com, 1
+highlanddancing.tk, 1
+highlandheights-ky.gov, 1
+highlandparkcog.org, 1
+highlandpublicschool.co.in, 1
+highlandsclerkfl.gov, 1
+highlandsfl.gov, 1
+highlandsmode.nl, 1
+highlatitudestravel.com, 0
+highlevelwoodlands.com, 1
+highlightsfootball.com, 1
+highlightsfootball.net, 1
+highlnk.com, 1
+highnation.ml, 1
+highperfection.com, 1
+highperformance.ie, 1
+highplainssiding.com, 1
+highpressuretech.com, 1
+highproject.site, 1
+highproxies.com, 1
+highqappliance.com, 1
+highrank.cf, 1
+highrank.ga, 1
+highrank.tk, 1
+highship-industries.com, 1
+highsightroofing.com, 1
+highskilled.tk, 1
+highsky.ir, 1
+highspeed-arnsberg.de, 1
+highspeedinternetservices.ca, 1
+highspenfc.tk, 1
+highsprings.gov, 1
+highstage.com, 1
+highstakesdb.com, 1
+hightech.construction, 1
+hightechbrain.net, 1
+hightechone.cf, 1
+hightechreviews.ga, 1
+highthcahempflower.com, 1
+hightimes.com, 1
+hightop.com, 0
+highway11north.tk, 1
+highway54.tk, 1
+highway71autoparts.com, 1
+highwaytohoell.de, 1
+highwayzen.org, 1
+highworldnet.ga, 1
+higilimpmaringa.com.br, 1
+higilopocht.li, 1
+higsegeirl.com, 1
+higueras.tk, 1
+hii.or.th, 1
+hiig.edu.ee, 1
+hiitrepublic.com.au, 1
+hiiumeretuulepark.ee, 1
+hiiw.cloud, 1
+hiiw.de, 1
+hijabfashion.shop, 1
+hijyen-belgesi.com, 1
+hik-cloud.com, 1
+hikagestudios.com, 1
+hikarinet.tk, 1
+hikawa.top, 1
+hike.pics, 1
+hikeinrio.com, 1
+hiker.cool, 1
+hikerone.com, 1
+hiking-site.nl, 1
+hikingmonthlyers.ga, 1
+hikingmonthlyest.ga, 1
+hikka.ru, 1
+hikyu.it, 0
+hilahdih.cz, 1
+hilalnews.ga, 1
+hilaolu.com, 1
+hilarious.ga, 1
+hilaryhutler.com, 0
+hilarymundial.tk, 1
+hilbertwi.gov, 1
+hilde.link, 1
+hiledge.com, 1
+hilelipc.com, 0
+hilfe-bei-krebs-vechta.de, 1
+hilinecreators.tk, 1
+hill.selfip.net, 1
+hillcottagessuffolk.co.uk, 1
+hillcountryoralsurgery.com, 1
+hillcrestplumber.co.za, 1
+hillenbrand.com, 1
+hillexplorer.com, 1
+hillhiker.com, 1
+hillier-swift.co.uk, 1
+hilllodgingcompany.com, 1
+hillner.eu, 1
+hillroadgarage.tk, 1
+hills-selfstorage.co.uk, 1
+hillsandsaunders.com, 1
+hillsboroccpa.org, 1
+hillsboroughchristian.org, 1
+hillsclerk.com, 1
+hillsdalecounty.gov, 1
+hillshandymate.com, 1
+hillsphotosoc.tk, 1
+hillstohome.com, 1
+hillstrak.com.au, 1
+hillstrakwpg.com.au, 1
+hilltopcellar.com, 1
+hilltopsurgicalhospital.ga, 1
+hilnu.com, 1
+hilomrm.com, 1
+hiltonfoundation.org, 1
+hiltonhylandluxurycondos.com, 1
+hiltonsedonaresort.com, 1
+hilunetan.tk, 1
+himalaya-masala.at, 1
+himarijuana.tk, 1
+himawari-scanlator.tk, 1
+himawari-shika.org, 1
+himbamcky.com, 1
+himcy.ga, 1
+himens.com, 0
+himg.eu, 1
+himic.ru, 0
+himiku.com, 1
+himj.de, 1
+himmi.ru, 1
+himnosycanticos.org, 1
+himpler.com, 0
+himprom.com, 1
+hin10.com, 1
+hinaryazan.com, 1
+hinata-hidetoshi.com, 1
+hinatayamagolf.jp, 1
+hindenburgring.com, 1
+hindenburgring.de, 1
+hindibaba.tk, 1
+hindigalaxy.com, 1
+hindikibindi.tk, 1
+hindimeseekhe.tk, 1
+hindimoviedownload.net, 1
+hindu-temple.tk, 1
+hinduradio.tk, 1
+hindustantimes.ml, 1
+hinduworld.tk, 1
+hindweb.tk, 1
+hingehealth.com, 0
+hingle.me, 1
+hinhanhykhoa.com, 1
+hinit.no, 1
+hinkel.tk, 1
+hinketsujyoshi-no-torisetsu.com, 1
+hinsdaledental.com, 1
+hintergedanken.com, 0
+hinterposemuckel.de, 1
+hinto.com.au, 1
+hintss.pw, 0
+hinyari.net, 1
+hiob.fr, 0
+hiorth.tk, 1
+hiparish.org, 1
+hipcircles.tk, 1
+hipecompany.tk, 1
+hipeople.com.br, 1
+hiper-humor.tk, 1
+hipercultura.com, 1
+hipermenu.com, 1
+hipersuli.hu, 1
+hiphop.ren, 1
+hiphopall.tk, 1
+hiphopbolivia.tk, 1
+hiphopdates.de, 1
+hiphopfashion.tk, 1
+hipkneeortho.com.sg, 1
+hipnos.net, 1
+hipnosisypsicoterapia.com, 1
+hipnotista.tk, 1
+hipo.pt, 1
+hipocampo.org, 1
+hipodromcasusu.tk, 1
+hippiekiller.net, 1
+hippies.com.br, 1
+hippler.cloud, 1
+hippogriffhaven.com, 1
+hippogriffhaven.net, 1
+hippolini-herold.de, 1
+hippomovers.com, 1
+hippopotamuses.org, 1
+hips.com, 1
+hipstermamaproductions.com, 1
+hipsterpixel.co, 1
+hiptwist.tk, 1
+hipuranyhou.cz, 1
+hiq.co.za, 1
+hiq.sh, 1
+hirake55.com, 1
+hiramoto-ph.com, 1
+hiramvlgohio.gov, 1
+hiranosayuri-piano.com, 1
+hiratake.xyz, 1
+hireabouncycastle.net, 1
+hirechrisfinazzo.com, 1
+hirecities.cf, 1
+hirecities.ml, 1
+hirecitiesers.ga, 1
+hirecitiesest.ga, 1
+hirecto.io, 1
+hireinsight.io, 1
+hirel.gq, 1
+hireprofs.com, 1
+hirerecruiters.io, 1
+hireshield.com, 1
+hiresteve.ca, 1
+hirevets.gov, 1
+hirevo.eu, 1
+hirevue.com, 1
+hirewiz.tk, 1
+hirezzportal.com, 1
+hiring-process.org, 1
+hiringopps.com, 1
+hiringprocess.careers, 1
+hirisejanitorial.com, 0
+hirobbie.com, 1
+hiromi-dental.tokyo, 1
+hiromi.eu.org, 1
+hiromuogawa.com, 1
+hirorock.tk, 1
+hirosehp.jp, 1
+hirotaka.org, 1
+hirsch-lawyer.tk, 1
+hirschbergertal.de, 1
+hirschl.eu, 1
+hirtz.pm, 1
+hirtzfr.eu, 1
+hiru.top, 1
+hirumo.com, 1
+hirunet.ml, 1
+hiruthicsha.com, 1
+his.com, 1
+hisax.de, 1
+hisbrucker.net, 1
+hiseplast.com.br, 0
+hishirikka.com, 1
+hisingensck.se, 1
+hiskill.ru, 1
+hisoft.pk, 1
+hispadent.com.do, 1
+hispalazarus.tk, 1
+hispania-valencia.com, 1
+hispania.ml, 1
+hispanidad.tk, 1
+hispasat.es, 1
+hispashare.org, 1
+hispasonic.com, 1
+hispro.co, 1
+hisregistries.net, 1
+hisregistries.org, 1
+hisscentralen.se, 1
+hisscraft.se, 1
+hissgruppen.com, 1
+histalek.de, 1
+histhist.ru, 1
+histicle.com, 1
+histkult.ml, 1
+histkult.tk, 1
+histogames.com, 1
+histoires.tk, 1
+historia-arte.com, 1
+historiadebagua.tk, 1
+historiaeculturaguarani.org, 1
+historiarte.tk, 1
+historiasdepueblo.es, 1
+historiasyrelatos.tk, 1
+historiasztuki.tk, 1
+historicengland.org.uk, 1
+historichousesghent.be, 1
+historicizam.tk, 1
+historischehuizengent.be, 1
+history-schools.com, 1
+history-vision.tk, 1
+history.google.com, 1
+history.gov, 1
+history.pe, 1
+historymuseumsb.org, 1
+hit-electronics.com, 1
+hit.moe, 1
+hitchcockcountyne.gov, 1
+hitchen.net, 1
+hitchens.tk, 1
+hitchpin.com, 1
+hitchunion.org, 1
+hitech-news.ml, 1
+hitech-zone.com, 0
+hitekcomputing.net, 1
+hitel.tk, 1
+hiteshchandwani.com, 1
+hitflow.fr, 1
+hitflow.net, 1
+hitfm.ml, 1
+hitfm.tk, 1
+hithai.net, 1
+hitham.tk, 1
+hithouse.tk, 1
+hitiles.tk, 1
+hitimewine.net, 1
+hititgunesi-tr.com, 1
+hititleers.ga, 1
+hititleest.ga, 1
+hitkey.tk, 1
+hitleap.com, 1
+hitmaker.ga, 1
+hitmaker.tk, 1
+hitmanstat.us, 1
+hitmen.tk, 1
+hitmix.tk, 1
+hitmyheart.tk, 1
+hitn.at, 1
+hitocom.net.br, 1
+hitokoto-mania.com, 1
+hitokoto.cn, 1
+hitomecha.com, 1
+hitori-inc.com, 1
+hitpatrolers.ga, 1
+hitpatrolest.ga, 1
+hitpointer.tk, 1
+hitpt.com, 0
+hitrecord.org, 1
+hitrek.ml, 1
+hitrow-move.ga, 1
+hitrueauthentic.com, 1
+hitsk.in, 1
+hitter-lauzon.com, 1
+hitter.family, 1
+hitterfamily.com, 1
+hittop.tk, 1
+hittra.eu, 1
+hiv-symptome.de, 1
+hiv.com.tw, 1
+hiv.gov, 1
+hivaids.tk, 1
+hivatal-info.hu, 1
+hivault.cf, 1
+hive.gov, 1
+hive101.info, 1
+hivekey.eu, 1
+hivekey.io, 1
+hivelocity.net, 1
+hivemind.org, 1
+hivemindsystems.com, 1
+hiveopolis.eu, 1
+hiverlune.net, 0
+hivesigner.com, 1
+hiwannz.com, 1
+hiwebsite.tk, 1
+hiwiki.tk, 1
+hix.fi, 1
+hiyacar.co.uk, 1
+hiyuki2578.net, 1
+hizakura.nl, 1
+hizhina-hagrida.ru, 1
+hj-mosaiques.be, 1
+hj.rs, 1
+hj111777.com, 0
+hj2375.com, 0
+hj3586.com, 0
+hj3639.com, 0
+hj5386.com, 0
+hj555.cc, 1
+hj556.cc, 1
+hj6298.com, 0
+hj6929.com, 0
+hj9379.com, 1
+hj99111.com, 1
+hj99333.com, 0
+hjallboscoutkar.se, 1
+hjalpmig.nu, 1
+hjaltespizza.dk, 1
+hjartasmarta.se, 1
+hjbw-sterken.nl, 1
+hjdiaz.com, 1
+hjelmqvist-it.se, 1
+hjelpemiddeldatabasen.no, 1
+hjes.com.ve, 1
+hjkbm.cn, 1
+hjmag.com, 0
+hjorslev.com, 1
+hjort.land, 1
+hjosh.com, 1
+hjoworld.tk, 1
+hjphoto.co.uk, 1
+hjtky.cn, 1
+hjyl.org, 1
+hjyl.xn--fiqs8s, 0
+hjyl1999.com, 0
+hjyl2828.com, 0
+hjyl299.com, 0
+hjyl699.com, 0
+hjyl7999.com, 0
+hjyl9898.com, 0
+hk-shuttle.net, 1
+hk.search.yahoo.com, 0
+hk130.com, 1
+hkamran.com, 1
+hkas.org.hk, 1
+hkconcept.lu, 1
+hkgix.net, 1
+hkl-gruppe.de, 1
+hklbgd.org, 1
+hkmap.co, 1
+hkmap.com, 1
+hkmap.live, 1
+hkmap.net, 1
+hkmusz.cn, 1
+hkno.it, 1
+hkoreatv.gq, 1
+hkp-usa.com, 1
+hkr.at, 1
+hks.pw, 1
+hksapientia.org, 1
+hkskhf.dk, 1
+hkspeed.com, 1
+hktech.link, 1
+hktkl.com, 1
+hktss.pp.ua, 1
+hkustmbajp.com, 1
+hkvi.nl, 1
+hl8id.club, 1
+hl8id.vip, 1
+hl8th.vip, 1
+hlavacek.us, 1
+hlavi.hu, 1
+hlebopekarna.com, 1
+hledejlevne.cz, 1
+hledejpravnika.cz, 1
+hlfh.space, 1
+hlg88.cc, 1
+hlidani-tornado.cz, 1
+hlinformatics.nl, 1
+hllr.xyz, 1
+hlm.wtf, 1
+hln.be, 1
+hloe0xff.ru, 1
+hlopokshop.ru, 1
+hlp.group, 1
+hlpublicidad.com, 1
+hls-tutorial.tk, 1
+hlsblog.com, 1
+hlsjgw.com, 1
+hlsmandarincentre.com, 1
+hlstory.tk, 1
+hltdos.com, 1
+hltk.fi, 1
+hltv.org.cn, 1
+hlucas.de, 1
+hlx66.cc, 1
+hlx86.cc, 1
+hly0928.com, 1
+hlz.mn, 1
+hm-notes.ru, 1
+hm.ee, 0
+hm.seg.br, 1
+hm1ch.com, 1
+hm1ch.ovh, 1
+hmarchat.tk, 1
+hmbana.org, 1
+hmcdj.cn, 1
+hmcreations.us, 1
+hme360.com, 1
+hmgym.ru, 1
+hmka.com, 0
+hmlpoc.com.br, 1
+hmnd.io, 1
+hmodapk.com, 1
+hmp.sc, 1
+hmri.org.au, 1
+hms-networks.com, 0
+hms-zentrum.de, 1
+hmshost.com, 1
+hmsotel.com, 1
+hmsplatform.tk, 1
+hmtransfer.ir, 1
+hmv.com, 1
+hn.search.yahoo.com, 0
+hn122.cc, 1
+hnbyalitim.com, 1
+hndmd.com, 1
+hnfertilizermachine.com, 1
+hnmd9.gq, 1
+hnn.net.br, 1
+hno-arzt-thomitzek.de, 1
+hno-norderstedt.de, 1
+hnojik.cz, 1
+hnsseed.com, 1
+hntuin.nl, 1
+hny.co, 1
+hnyp.hu, 1
+hoaas.no, 1
+hoahau.org, 1
+hoahop.tk, 1
+hoanghaiauto.vn, 1
+hoangvangioi.com, 1
+hoaphathomes.com, 1
+hoardit.ml, 1
+hoathienthao.com, 1
+hoathienthao.vn, 1
+hobartok.gov, 1
+hobbiesworld.tk, 1
+hobby-drechselei.de, 1
+hobby-lover.com, 1
+hobby4geek.com, 1
+hobbybrauer.de, 1
+hobbydo.cf, 1
+hobbydo.ga, 1
+hobbydo.gq, 1
+hobbyvogue.com, 1
+hobbyweeklyers.ga, 1
+hobbyweeklyest.ga, 1
+hoberg.ch, 1
+hobiliga.mk, 1
+hobindesign.com, 1
+hobo.video, 1
+hoboken.tk, 1
+hobokenpdnj.gov, 1
+hobokenrecords.tk, 1
+hobonline.tk, 1
+hobroefterskole.dk, 1
+hoc-bv.nl, 1
+hochatown.gov, 1
+hochhaus.us, 1
+hochimins.org, 1
+hochland.pl, 1
+hochoukikikiraku.com, 1
+hochuvrotik.cf, 1
+hochyi.com, 0
+hochzeit-ap.de, 1
+hochzeit-cm.at, 1
+hochzeit-dana-laurens.de, 1
+hochzeit-saufzeichnungen.tk, 1
+hochzeitsplaner-rodgau.de, 1
+hochzeitsplanerin-hamburg.de, 1
+hochzeitsregion.at, 1
+hochzeitstypen.de, 1
+hockey.academy, 1
+hockeyalertest.ga, 1
+hockeyapp.ch, 1
+hockeycircles.com, 1
+hockeymotion.ch, 0
+hockingfamily.net, 1
+hockingfamily.nz, 1
+hockinghills.com, 1
+hockinghillscabins.com, 1
+hocoma.com.mx, 1
+hocoma.eu, 1
+hocoma.net, 1
+hocoma.org, 1
+hoctienganhgiaotiep.ga, 1
+hodeis.ga, 1
+hodes.tk, 1
+hodgeman.gov, 1
+hodgephotography.com, 1
+hodi.dk, 1
+hodi.host, 1
+hoe.re, 1
+hoegl.com, 0
+hoeheterobenjij.nl, 1
+hoejetaastrupprovsti.dk, 1
+hoelty.network, 1
+hoerbuecher-und-hoerspiele.de, 1
+hoeren.club, 1
+hoerspielbox.de, 1
+hoesnelwasik.nl, 1
+hoest.it, 1
+hoeveiligismijn.nl, 1
+hoewler.ch, 0
+hof-imbiss-lieske.de, 1
+hof-mulin.ch, 1
+hofapp.de, 1
+hofbraeu-muenchen.de, 1
+hoferdach.de, 1
+hoffmancorporation.com, 1
+hoffmanig.com, 1
+hoffmannresearch.ca, 1
+hoffmanns-ballonshop.de, 1
+hoffmeyer.me, 1
+hoffnungdeutschland.de, 1
+hofgut.net, 1
+hofiprojekt.cz, 1
+hofmannenhofmann.nl, 1
+hofmeisterkink.com, 1
+hofor.dk, 1
+hofpleinlijn.nl, 1
+hofstaetter.io, 1
+hoga.fr, 1
+hogamail.fr, 1
+hogar.gt, 1
+hoge.se, 1
+hogepad.com, 0
+hogerduinen.tk, 1
+hogeslagolst.nl, 1
+hogl.dk, 1
+hogrebe.de, 0
+hogren.cf, 1
+hogren.ga, 1
+hogren.gq, 1
+hogvorts.tk, 1
+hogwarts.io, 1
+hogwartshome.org.ua, 1
+hoh.com.sg, 1
+hohenleimbach.de, 1
+hohenpoelz.de, 1
+hohlhupe.de, 1
+hohlhupen.de, 1
+hohm.in, 1
+hohma.tk, 1
+hohnet.com, 0
+hohny.gov, 1
+hoikin.tk, 1
+hoiku-map.tokyo, 0
+hoiku-navi.com, 0
+hoing.io, 1
+hoistsdirect.com, 1
+hojalatero.tk, 1
+hojat.tk, 1
+hojoworks.com, 1
+hoka.com, 1
+hoken-okazaki.com, 1
+hoken-wakaru.jp, 1
+hokende.com, 1
+hokenselect.jp, 1
+hokioisecurity.com, 1
+hokkaido.tk, 1
+hokko.de, 1
+hokqbet88.co, 1
+hokuin.co.jp, 1
+hokung.xyz, 1
+holacannx.com, 1
+holacbdoils.com, 1
+holad.de, 1
+holadinero.es, 0
+holadinero.mx, 0
+holainternet.tk, 1
+holbrookaz.gov, 1
+holdengreene.com, 1
+holdenmaine.gov, 1
+holdenmo.gov, 1
+holderbekebvba.be, 1
+holdiers.tk, 1
+holdingcelebrations.tk, 1
+holdinghandsbrazil.com, 1
+holdmybeer.io, 0
+holdmymeme.com, 1
+holdperson.tk, 1
+holebedeljek.hu, 1
+holeboom.com, 1
+holgapanama.tk, 1
+holger-schwarze.de, 1
+holgergruenhagen.com, 1
+holgerlehner.com, 1
+holgr.com, 1
+holi-coresdaindia.com.br, 1
+holiday-home-baer.de, 1
+holidayacademy.co.uk, 1
+holidaycity.org, 1
+holidayclub.tk, 1
+holidayformula.ru, 1
+holidayincotswolds.co.uk, 1
+holidayland.gent, 1
+holidaylocal.ga, 1
+holidaylocalers.ga, 1
+holidaylocalest.ga, 1
+holidays-info.com, 1
+holidaytable.tk, 1
+holidaytours.tk, 1
+holine.studio, 1
+holini.com, 0
+holisticacupuncture.com.au, 1
+holisticdevelopmentagency.ml, 1
+holistichealer.in, 1
+holisticon.de, 1
+holisticwebsolutions.co.uk, 1
+holiy.jp, 1
+hollabanken.cf, 1
+holladayut.gov, 1
+holland-sailing.de, 1
+hollandco.com, 0
+hollanderclub.tk, 1
+hollandersleepproducts.com, 1
+hollandhouse.info, 1
+hollandsewolken.nl, 1
+hollandskroon.nl, 1
+hollandsweb.com, 1
+hollandwi.gov, 1
+hollermann.eu, 1
+hollinsbookstore.com, 1
+hollistermo.gov, 1
+hollisters.servepics.com, 1
+hollmann.international, 1
+hollomanfss.marketing, 1
+hollowman.ml, 1
+hollowrap.com, 1
+hollowwinds.xyz, 1
+holly.lgbt, 1
+hollybanks.net, 1
+hollybonnerdesigns.com, 1
+hollyforrest.ca, 1
+hollyforrestphotography.ca, 1
+hollyloless.com, 1
+hollyloless.net, 1
+hollyloless.org, 1
+hollyspringsms.gov, 1
+hollywoodbios.com, 1
+hollywoodsmilesfl.com, 1
+hollywoodstars.tk, 1
+hollyworks.com, 1
+holmenwi.gov, 1
+holmes.ie, 0
+holmeselectionsfl.gov, 1
+holmesian.org, 1
+holmeslaw.ie, 1
+holmesworkholding.co.uk, 1
+holmium-laser.ru, 0
+holmq.dk, 1
+holmqvist.tk, 1
+holo.host, 1
+holo.ovh, 1
+holocron.one, 1
+holod-servis777.tk, 1
+holofox.ru, 1
+holori.com, 1
+holostyak.tk, 1
+holowaty.me, 1
+holoxplor.space, 1
+holstein.tk, 1
+holtcountyne.gov, 1
+holtkampfinancieeladvies.nl, 0
+holtslander.ca, 1
+holubowski.com, 1
+holundersberg.de, 1
+holvonix.com, 1
+holychaos.tk, 1
+holycrosscatholics.org, 1
+holycrossphl.org, 1
+holycrossrockporttx.org, 1
+holycrossverobeach.org, 1
+holydevils.tk, 1
+holydragoon.jp, 1
+holydumplings.net, 1
+holyfamilyrussell.org, 1
+holyghost-church.org, 1
+holygrove.tk, 1
+holyhiphopdatabase.com, 1
+holymartyrschurch.org, 1
+holyoake.org.au, 1
+holyriders.cf, 1
+holyrosary.com.au, 1
+holyscriptur.es, 1
+holyspiritpalmyra.com, 1
+holyspiritweb.org, 1
+holyszko.com, 1
+holytransaction.com, 1
+holyubofficial.net, 1
+holywhite.com, 1
+holywr.it, 1
+holzbau-lepski.de, 1
+holzed.com, 1
+holzschutz-holzbearbeitung.de, 1
+holzspielzeug-shop.ch, 1
+holzstueckwerk.de, 1
+holzundgarten.de, 1
+homa.website, 0
+homake.cf, 1
+homatism.com, 1
+homd.xyz, 1
+home-design.bg, 1
+home-hunts.com, 1
+home-insurance-quotes.tk, 1
+home-manicure.tk, 1
+home-ncj.com, 1
+home-page.xyz, 1
+home-portal.tk, 1
+home-remedies.tk, 1
+home-sagita.tk, 1
+home.saxo, 1
+home24bank.com, 1
+homeable.io, 1
+homeadore.com, 1
+homeadvice.ga, 1
+homeadvice.tk, 1
+homeandliving.it, 1
+homebank.kg, 1
+homebar.ml, 1
+homebasedbusinessopportunity.tk, 1
+homebattle.ga, 1
+homeblaster.ga, 1
+homebrew.tk, 1
+homebrewshop.be, 1
+homebrewworm.tk, 1
+homebuilder.tk, 1
+homebutton.tk, 1
+homecache.ga, 1
+homecareassociatespa.com, 1
+homecaring.com.au, 1
+homecaster.ga, 1
+homecatch.ga, 1
+homecharte.ga, 1
+homechase.ga, 1
+homechase.tk, 1
+homecheck.gr, 1
+homecinema-fr.com, 1
+homeclient.ga, 1
+homecollections.ga, 1
+homecoming.city, 1
+homecompost.in, 1
+homecpr.com.au, 1
+homecrawler.ga, 1
+homecreatives.net, 1
+homedecorclassic.tk, 1
+homedecorspecialists.com, 1
+homedesignabilene.tk, 1
+homedesignakron.tk, 1
+homedesignalbuquerque.tk, 1
+homedesignamarillo.tk, 1
+homedesignanaconda.tk, 1
+homedesignanchorage.tk, 1
+homedesignarlington.tk, 1
+homedesignarvada.tk, 1
+homedesignathens.tk, 1
+homedesignatlanta.tk, 1
+homedesignaugusta.tk, 1
+homedesignaustin.tk, 1
+homedesignbabbitt.tk, 1
+homedesignbakersfield.tk, 1
+homedesignbatonrouge.tk, 1
+homedesignbirmingham.tk, 1
+homedesignboise.tk, 1
+homedesignboston.tk, 1
+homedesignbouldercity.tk, 1
+homedesignbuckeye.tk, 1
+homedesignbuffalo.tk, 1
+homedesigncaliforniacity.tk, 1
+homedesigncapecoral.tk, 1
+homedesigncary.tk, 1
+homedesigncasagrande.tk, 1
+homedesignchandler.tk, 1
+homedesignchattanooga.tk, 1
+homedesignchesapeake.tk, 1
+homedesignchicago.tk, 1
+homedesigncincinnati.tk, 1
+homedesigncleveland.tk, 1
+homedesignclinton.tk, 1
+homedesignclovis.tk, 1
+homedesigncolorado.tk, 1
+homedesigncolumbus.tk, 1
+homedesigncompany.co.nz, 1
+homedesigncorona.tk, 1
+homedesigncorpuschristi.tk, 1
+homedesigncusseta.tk, 1
+homedesigndayton.tk, 1
+homedesigndesmoines.tk, 1
+homedesigndetroit.tk, 1
+homedesigndowney.tk, 1
+homedesigndurham.tk, 1
+homedesignedison.tk, 1
+homedesignedmond.tk, 1
+homedesignellsworth.tk, 1
+homedesignelpaso.tk, 1
+homedesignelreno.tk, 1
+homedesignera.tk, 1
+homedesigneugene.tk, 1
+homedesignfayetteville.tk, 1
+homedesignfontana.tk, 1
+homedesignfresno.tk, 1
+homedesignfrisco.tk, 1
+homedesigngarland.tk, 1
+homedesigngeorgetown.tk, 1
+homedesigngilbert.tk, 1
+homedesignhartford.tk, 1
+homedesignhartsville.tk, 1
+homedesignhayward.tk, 1
+homedesignirvine.tk, 1
+homedesignjacksonville.tk, 1
+homedesignjonesboro.tk, 1
+homedesignjuneau.tk, 1
+homedesignknoxville.tk, 1
+homedesignlasvegas.tk, 1
+homedesignlexington.tk, 1
+homedesignlincoln.tk, 1
+homedesignlubbock.tk, 1
+homedesignlynchburg.tk, 1
+homedesignmacon.tk, 1
+homedesignmadison.tk, 1
+homedesignmesa.tk, 1
+homedesignmiami.tk, 1
+homedesignmidland.tk, 1
+homedesignmilwaukee.tk, 1
+homedesignmobile.tk, 1
+homedesignmontgomery.tk, 1
+homedesignnews.tk, 1
+homedesignnewyork.tk, 1
+homedesignnewyorkcity.tk, 1
+homedesignnightmute.tk, 1
+homedesignnorman.tk, 1
+homedesignoakland.tk, 1
+homedesignohio.tk, 1
+homedesignomaha.tk, 1
+homedesignontario.tk, 1
+homedesignorlando.tk, 1
+homedesignoxnard.tk, 1
+homedesignpaterson.tk, 1
+homedesignpeoria.tk, 1
+homedesignphoenix.tk, 1
+homedesignplano.tk, 1
+homedesignportland.tk, 1
+homedesignraleigh.tk, 1
+homedesignrichmond.tk, 1
+homedesignsandiego.tk, 1
+homedesignsanfrancisco.tk, 1
+homedesignsantaana.tk, 1
+homedesignseattle.tk, 1
+homedesignstamford.tk, 1
+homedesigntacoma.tk, 1
+homedesigntampa.tk, 1
+homedesigntoledo.tk, 1
+homedesigntucson.tk, 1
+homedesigntulsa.tk, 1
+homedesignventura.tk, 1
+homedesignwashington.tk, 1
+homedev.cf, 1
+homedeveloper.cf, 1
+homedeveloper.ga, 1
+homedeveloper.gq, 1
+homedeveloper.ml, 1
+homedeveloper.tk, 1
+homedirectory.ml, 1
+homedizz.top, 1
+homedollar.ga, 1
+homedollars.ga, 1
+homeduck.ga, 1
+homeeagle.ga, 1
+homeehome.com, 1
+homeer.com, 1
+homeexperience.tk, 1
+homefacialpro.com, 0
+homefarmhealesville.com.au, 1
+homeflag.ga, 1
+homefolder.ga, 1
+homeforeveryone.tk, 1
+homeforfamily.tk, 1
+homeformula.ga, 1
+homeforum.tk, 1
+homegang.ga, 1
+homegardendecoration.tk, 1
+homegardengift.com, 1
+homegardeningforum.com, 1
+homegardenresort.nl, 1
+homegeo.ga, 1
+homegreenmark.com, 1
+homegreens.eu, 1
+homegrounds.co, 1
+homegrowncannabisco.com, 1
+homegun.ga, 1
+homehealthbookshelf.co.nz, 1
+homeideasanddesigns.tk, 1
+homeimagician.com.au, 1
+homeimprovement.ga, 1
+homeimprovementinfo.tk, 1
+homeimprovementnews.tk, 1
+homeindiainfratech.com, 1
+homeinet.tk, 1
+homeinformation.tk, 1
+homeinformationpackages.com, 1
+homeinspired.tk, 1
+homeinteriorasia.tk, 1
+homeinteriorcanada.tk, 1
+homeinteriorebuild.tk, 1
+homeinterioritaly.tk, 1
+homeinteriorremodel.tk, 1
+homeinterioruk.tk, 1
+homeinteriorusa.tk, 1
+homeinvasion.tk, 1
+homeinvention.tk, 1
+homejapanese.ml, 1
+homekiss.ga, 1
+homelab.farm, 1
+homelabquotes.com, 1
+homeland.ie, 1
+homelandsecurity.gov, 1
+homelandsecurityedu.org, 1
+homeletter.ga, 1
+homelib.cf, 1
+homelion.ga, 1
+homeloanprequalify.com, 1
+homelove.tk, 1
+homelovehome.tk, 1
+homemadetips.ga, 1
+homemadetipsers.ga, 1
+homemadetipsest.ga, 1
+homemarks.ga, 1
+homematicblog.de, 1
+homemediadb.org, 1
+homemember.ga, 1
+homemessenger.ga, 1
+homen.in, 1
+homenature.tk, 1
+homenewsdesign.tk, 1
+homenight.ga, 1
+homensdeouro.com.br, 1
+homenumber.ga, 1
+homeodynamics.com, 1
+homeoesp.org, 1
+homeofbeer.nl, 1
+homeofceline.tk, 1
+homeofjones.net, 1
+homeologyla.com, 1
+homeomatic.ga, 1
+homeopathie.tk, 1
+homeopathieridderspoor.nl, 1
+homeoperator.net, 1
+homeopplis.ga, 1
+homeorama.ga, 1
+homeostase.pt, 1
+homeover.ga, 1
+homeownersinsurancenv.com, 1
+homepage-nach-preis.de, 1
+homepal.cf, 1
+homepal.ga, 1
+homepal.gq, 1
+homepassport.ga, 1
+homepatch.ga, 1
+homephonelookup.tk, 1
+homeprivate.de, 1
+homeprivate.net, 1
+homepropertyera.tk, 1
+homepropertyinfo.tk, 1
+homepropertynews.tk, 1
+homepropertyunique.tk, 1
+homepropertyworld.tk, 1
+homeprotech.com, 1
+homequality.tk, 1
+homerail.ga, 1
+homerally.ga, 1
+homerecording.com, 1
+homerepairsideas.tk, 1
+homerequest.ga, 1
+homerex.ga, 1
+homero.tk, 1
+homesbyayres.com, 1
+homeschoolinkorea.tk, 1
+homesconnect.com, 1
+homeseguridad.com, 1
+homeseller.com, 1
+homeserve.es, 1
+homeserver-kp.de, 1
+homeservices.ro, 1
+homesforaustralia.ga, 1
+homesfordinner.ca, 1
+homeshow.ml, 1
+homeshowoff.com, 1
+homesonic.ga, 1
+homesport.es, 1
+homespunhouse.tk, 1
+homespure.com, 1
+homestamp.ga, 1
+homestay.id, 0
+homestead-honey.com, 1
+homesteadfarm.org, 1
+homesteadserver.cloud, 1
+homesteadtwpmi.gov, 1
+homestick.ga, 1
+homestreaming.ga, 1
+homestuck.ml, 1
+homesugar.ga, 1
+homesuite.tk, 1
+homesweethouse.tk, 1
+hometeenorgy.com, 1
+hometown.ml, 1
+hometrust.ca, 0
+hometunnel.de, 0
+homeunder.ga, 1
+homeunion.tk, 1
+homeview.ga, 1
+homevisual.ga, 1
+homewatt.co.uk, 1
+homewebnews.tk, 1
+homewidget.ga, 1
+homewinner.ga, 1
+homewish.ga, 1
+homewood.com, 1
+homeworkacers.com, 1
+homeworksuite.com, 1
+homeworld.ga, 1
+homeyou.com, 1
+homeyx.cf, 1
+homezlog.com, 1
+homitov.tk, 1
+hommecontemporain.org, 1
+homnest.fr, 0
+homo.ga, 1
+homofo.tk, 1
+homoglyph.net, 1
+homointerneticus.tk, 1
+homokfuvo.com, 1
+homoo.social, 1
+homophobia.tk, 1
+homophones.ml, 1
+homowank.com, 1
+hompimpaa.id, 1
+hompus.nl, 0
+homs.design, 1
+homunyan.com, 1
+homyak.gq, 1
+homyhomee.com, 1
+homyremedies.com, 1
+honaragah.com, 1
+honbin.tw, 1
+honda2wheelersindia.com, 1
+honda2wheelersindia.in, 1
+hondaactivindia.com, 1
+hondaarabia.com, 1
+hondabigwing.in, 1
+hondacustomerserviceexperience.com, 1
+hondadigitalevent.com, 1
+hondago-bikerental.jp, 1
+hondainamerica.com, 1
+hondaindiafoundation.org, 1
+hondapartsnow.com, 1
+hondapowerproducts.ph, 1
+hondaracingindia.com, 1
+hondasancarlos.com, 1
+hondaswap.com, 1
+hondengedragscentrumfriesland.nl, 1
+hondensnacks.shop, 1
+hondudiario.tk, 1
+honest.ga, 1
+honestblogers.ga, 1
+honestblogest.ga, 1
+honestworknmoney.tk, 1
+honesty.com.pl, 1
+honey-whale.com, 1
+honey.beer, 1
+honey.is, 1
+honeybhealthyliving.com, 1
+honeybrooklibrary.org, 1
+honeycomb.io, 1
+honeycombcreative.com, 1
+honeycome-recruit.com, 0
+honeycreeper.com, 1
+honeycrypt.com, 1
+honeyfact.com, 1
+honeygirl.tk, 1
+honeyspot.de, 1
+honeysucklewhite.com, 1
+honeytracks.com, 1
+honeyuniversity.net, 1
+honeyxlips.com, 1
+hong.com.br, 1
+hongbomiao.com, 1
+honghan.tw, 1
+hongjun.li, 1
+hongki.tk, 1
+hongkongliberate.com, 1
+hongkongwillwin.com, 1
+hongnguyen.tk, 1
+hongo-ganka.com, 1
+hongocha.tk, 1
+hongorw.tk, 1
+hongosdemexico.tk, 1
+honguyensy.tk, 1
+hongyun-rent.com, 1
+honigconte.com, 1
+honigkuchenpferdeher.de, 1
+honkai.sr, 1
+honkhonk.net, 1
+honkion.net, 1
+honnedechuju.com, 1
+honoka-seitai.jp, 1
+honolulubws.gov, 1
+honovere.de, 1
+hontint.com, 1
+hontoir.eu, 1
+honzakulig.com, 1
+hoo.lt, 1
+hooapp.lt, 1
+hood-epc.xyz, 1
+hoodiessouthafrica.com, 1
+hoodoo.io, 1
+hoodoo.tech, 1
+hoodrivercounty.gov, 1
+hoodsite.com, 1
+hoofdredacteuren.nl, 1
+hoofexplorer.com, 1
+hoofexplorer.de, 1
+hoogdam.tk, 1
+hoogelandzorg.nl, 1
+hoogeveen.nl, 0
+hooghiemstrazelf.nl, 1
+hoogstraatseschaakclub.tk, 1
+hoogveen.tk, 1
+hookah-uae.com, 1
+hookahfoil.ru, 1
+hookandloom.com, 1
+hookbin.com, 1
+hookedoncraftswaterford.ie, 1
+hookercountyne.gov, 1
+hookshotdesign.com, 1
+hoolibit.com, 1
+hooliganka.tk, 1
+hooliganz.tk, 1
+hoon.tk, 1
+hoooc.com, 1
+hoop.la, 1
+hooperlabs.xyz, 1
+hoopertechnicalsolutions.com, 1
+hooprelief.tk, 1
+hoopweb.org, 1
+hooray.beer, 1
+hoorig.de, 1
+hoorr.com, 1
+hoos.cf, 1
+hoosa.de, 1
+hooshop.lt, 1
+hootv.lt, 1
+hootworld.net, 0
+hoovism.com, 1
+hop.exchange, 1
+hope.com, 1
+hopeandhealing.cz, 1
+hopeforlorn.tk, 1
+hopeforukraine.org.uk, 1
+hopefultexas.com, 1
+hopeland.com.br, 1
+hopemeet.info, 1
+hopemeet.me, 1
+hopepartnershipproject.com, 1
+hopesanddreams.org.uk, 1
+hopeworld.pro, 1
+hopf.de, 1
+hopglass.eu, 1
+hopglass.net, 1
+hopi.com.tr, 1
+hopital-tarascon09.fr, 1
+hopitaux-ariege.fr, 1
+hopkintonpolice-ri.gov, 1
+hopkintonri.gov, 1
+hoplongtech.com, 1
+hopo.design, 1
+hoponmedia.de, 1
+hops-and-ashes.de, 1
+hopscotch.cz, 1
+hopscotchmodel.com, 1
+hor.rent, 1
+hor.website, 1
+horablanquiazul.tk, 1
+horaceli.com, 1
+horaciolopez.pro, 1
+horackova.info, 1
+horaenpunto.com, 1
+horairetrain.be, 1
+horairetrain.ch, 1
+horairetrain.fr, 1
+horairetrain.lu, 1
+horairetrain.nl, 1
+horamesianica.tk, 1
+horcajadadelatorre.tk, 1
+horclan.tk, 1
+hord.ca, 1
+horde-entertainment.tk, 1
+horecatiger.eu, 1
+horeco.com, 1
+horgenberg.com, 1
+horiconwi.gov, 1
+horikawa-cement.co.jp, 1
+horionimoveis.com.br, 1
+horizon.ne.jp, 1
+horizonlawncare.tk, 1
+horizonmail.ga, 1
+horizonresourcesinc.com, 1
+horizonshypnosis.ca, 0
+horizonsmilestx.com, 1
+horizonsocial.media, 1
+horizontalsystems.io, 1
+horizonveterinaryservices.com, 1
+horkel.cf, 1
+horkel.tk, 1
+hormet.tk, 1
+hormigonimpreso.biz, 1
+hormonetrackerers.ga, 1
+hormonetrackerest.ga, 1
+horn.co, 1
+hornbach-holding.de, 1
+hornblower.tk, 1
+hornburg.io, 1
+horne.com, 1
+hornet.pl, 1
+hornetsecurity.com, 1
+horneytownbrewing.com, 1
+horngyihyangped.com.tw, 1
+horntec.at, 1
+hornwiesen-grundschule.de, 1
+horny-gay-dragons.com, 1
+hornyaf.com, 1
+hornybank.com, 1
+hornyforhanzo.com, 1
+hornyhostel.com, 1
+horoca.net, 1
+horochx.org, 0
+horodance.dk, 1
+horoscope-sound-healing.com, 1
+horoscopimages.tk, 1
+horoscopist.com, 1
+horoscopo.ml, 1
+horotoday.tk, 1
+horozo.com, 1
+horrell.ca, 1
+horrendous-servers.com, 1
+horror-forum.de, 1
+horrordor.eu.org, 1
+horrordor.tk, 1
+horrorfreaks.tk, 1
+horrormovies.gr, 1
+horrorserv.com, 1
+horrycountysc.gov, 1
+hors.coffee, 1
+horsa.cc, 1
+horsa.io, 1
+horsa.xyz, 1
+horsebreeding.cf, 1
+horsebreeding.ga, 1
+horsebreeding.gq, 1
+horsebreeding.tk, 1
+horsegateway.com, 1
+horsehead.tk, 1
+horsehunter.co.uk, 1
+horsellscouts.org.uk, 1
+horsellscoutsandguides.com, 1
+horsemanshipdentistry.com, 1
+horsemanshipdentistryschool.com, 1
+horseplanet.tk, 1
+horsewithnoname.com, 1
+horsgroup.com, 1
+horsky.me, 1
+horstfuchs.tk, 1
+horstmanshof.eu, 1
+horstmanshof.nl, 1
+hortencollection.com, 1
+hortico.rs, 1
+horton-brasses.com, 1
+horus.com.br, 1
+horusrc.com, 1
+horvat.info, 0
+horvat.tk, 1
+horvath.ooo, 1
+horvathd.eu, 1
+horvatia.tk, 1
+horvatnyelvkonyv.hu, 1
+hory.me, 1
+horza.org, 1
+hosch.co.nz, 1
+hose.ga, 1
+hosentaschenblog.org, 1
+hoshi-sr.com, 1
+hoshimaq.com.br, 1
+hoshimaquinas.com.br, 1
+hoshinplan.com, 1
+hosiery.tk, 1
+hosieryexpoers.ga, 1
+hosieryexpoest.ga, 1
+hosifuri.net, 1
+hosimiyasio.com, 0
+hosoi-tax.com, 1
+hosomoitruong.top, 1
+hospiceandcommunitycare.com, 1
+hospiceandcommunitycare.net, 1
+hospiceandcommunitycare.org, 1
+hospicecommunity.net, 1
+hospicecommunity.org, 1
+hospiceconnect.org, 1
+hospicelights.org, 1
+hospiceoflancaster.com, 1
+hospiceoflancaster.org, 1
+hospicepathofremembrance.org, 1
+hospiceprofessional.org, 1
+hospicespringfling.org, 1
+hospicewebsite.org, 1
+hospicewise.org, 1
+hospimedia.fr, 1
+hospitalcmq.com, 1
+hospitalcruzvermelha.pt, 1
+hospitaldaluz.pt, 1
+hospitaldebarcelona.cat, 1
+hospitaldelaconcepcion.com, 1
+hospitality-colleges.com, 1
+hospitalsanjuandedios.es, 1
+hospitalsineachstate.com, 1
+hospitalviladaserra.com.br, 1
+hossi.pro, 0
+hossien.tk, 1
+host-heberg.com, 1
+host-morezar.ml, 1
+host-stage.net, 1
+host.ax, 1
+host.com.tw, 1
+host1oc.eu.org, 1
+host24.com.pk, 1
+hostadvice.com, 1
+hostalk.net, 1
+hostalsanmarcos.tk, 1
+hostarea51.com, 1
+hostathome.fr, 1
+hostaz.net, 1
+hostbility.com, 1
+hostboxonline.com, 1
+hostcloud.ml, 1
+hostcoz.com, 1
+hostcsr.com, 1
+hostdaddyhn.com, 1
+hostdns.com, 1
+hosteasy.nl, 0
+hosted-power.com, 1
+hostedcomments.com, 1
+hosteddatabase.in, 1
+hostedghost.eu, 1
+hostedghost.net, 1
+hostedghost.nl, 1
+hostedghost.org, 1
+hostedtalkgadget.google.com, 1
+hostelacion.com, 1
+hostelaciones.com, 1
+hosteleriauno.es, 1
+hostelio.com, 1
+hostelxaxid.si, 1
+hosteons.com, 1
+hostesstrainingers.ga, 1
+hostesstrainingest.ga, 1
+hostfact.nl, 1
+hostfission.com, 1
+hostfree12.tk, 1
+hosthum.com, 1
+hostiberi.com, 1
+hostidn.com, 1
+hostido.net.pl, 1
+hostiko.com.ua, 1
+hosting-fast.com, 1
+hosting-rus.tk, 1
+hosting-swiss.ch, 1
+hostingactive.it, 0
+hostingalternative.com, 0
+hostingdesignweb.com, 0
+hostingdiario.com, 1
+hostingdirect.nl, 1
+hostingdirectory.ga, 1
+hostingedominio.com, 1
+hostingelite.tk, 1
+hostingfirst.nl, 1
+hostingforyou.online, 1
+hostinghaus.tk, 1
+hostinghelp.guru, 1
+hostinginnederland.nl, 1
+hostingmedia.cl, 1
+hostingorservers.com, 1
+hostingphp.ch, 1
+hostingsolutions.cz, 1
+hostingsupremo.com, 1
+hostingsvizzera.com, 1
+hostingtg.com, 1
+hostingtipps.eu, 1
+hostingweb.pe, 1
+hostinkos.com, 1
+hostinvest.tk, 1
+hostitforcheap.com, 1
+hostix.de, 1
+hostixo.com, 1
+hostker.com, 1
+hostker.net, 1
+hostlev.com, 1
+hostma.ma, 1
+hostmijnpagina.nl, 1
+hostmodern.com.au, 1
+hostmore.com.br, 1
+hostonssd.ga, 1
+hostpoint-static.ch, 1
+hostpoint.ch, 1
+hostprior.ro, 1
+hostreputation.com, 1
+hostripples.com, 1
+hostripples.in, 1
+hosts.cf, 0
+hostsall.com, 1
+hostup.se, 0
+hostux.network, 1
+hostwella.com, 1
+hostwinds.com, 1
+hosuronline.com, 1
+hosuto.nl, 1
+hot-and-new.gr, 1
+hot-games.gq, 1
+hot-models.tk, 1
+hot-sex-photos.com, 1
+hot-spa.ch, 0
+hot.in.th, 1
+hot101fm.tk, 1
+hotaircoldlove.tk, 1
+hotaru.tk, 1
+hotbabe.ml, 1
+hotbabesplus.com, 1
+hotbeats.tk, 1
+hotbella.net, 1
+hotblondepussy.com, 1
+hotbox.fun, 1
+hotbustymoms.com, 1
+hotcandlestick.com, 1
+hotcars.com, 1
+hotchillibox.co.za, 1
+hotchillibox.com, 1
+hotcoder.tk, 1
+hotcursosrio.com.br, 1
+hotdates18.dk, 1
+hotdates18.fi, 1
+hotdishes.tk, 1
+hotdoc.com.au, 1
+hotdogscoolcats.net, 1
+hotdogwheel.tk, 1
+hotdresses.ga, 1
+hote-inox.ro, 1
+hotearth.de, 1
+hotebonytube.com, 1
+hotel-4-stelle.it, 1
+hotel-altabadia.com, 1
+hotel-arabba.net, 1
+hotel-aubrac.fr, 1
+hotel-bella-muerte.tk, 1
+hotel-bolzano.org, 1
+hotel-bruneck.net, 1
+hotel-brunico.net, 1
+hotel-du-parc-allevard.fr, 1
+hotel-fleuralp.it, 1
+hotel-garni-letizia.it, 1
+hotel-gruenwald.it, 1
+hotel-gschwendt.it, 1
+hotel-kontorhaus.de, 1
+hotel-kornwestheim.de, 1
+hotel-kronjuwel.de, 1
+hotel-kyiv.com.ua, 1
+hotel-le-vaisseau.ch, 0
+hotel-leda.com, 1
+hotel-navis.hr, 1
+hotel-promyk.pl, 1
+hotel-rosner.at, 1
+hotel-rosskopf.it, 1
+hotel-selva-gardena.net, 1
+hotel-valgardena.net, 1
+hotel-vipiteno.net, 1
+hotel-vivendi.de, 1
+hotel-waldheim.eu, 1
+hotelalpino.com, 1
+hotelandplace.com, 1
+hotelarevalo.com, 1
+hotelastor.com, 1
+hotelbird.com, 1
+hotelbiz.cf, 1
+hotelbiz.ga, 1
+hotelbiz.gq, 1
+hotelbretagne.dk, 1
+hotelcarril.com, 1
+hotelconsulado.com.br, 1
+hotelcorporate.codes, 1
+hotelcorporatecodes.com, 1
+hoteldahu.it, 1
+hoteldel.com, 1
+hoteldimorae.it, 1
+hoteldvorik.ml, 1
+hotelelaphusabrac.com, 1
+hotelerika.net, 1
+hotelesterobeach.com, 1
+hotelfloresta.tk, 1
+hotelfloridachaco.com, 1
+hotelflow.com.br, 1
+hotelident.de, 1
+hoteliers.com, 1
+hotelitalia.tk, 1
+hotelite.tk, 1
+hotelkeihan.co.jp, 1
+hotellalucciola.net, 1
+hotellamm.it, 1
+hotellaserenella.it, 1
+hotelmap.com, 1
+hotelmariasas.it, 1
+hotelmarinaadria.com, 1
+hotelmonal.in, 1
+hotelnagarkotparadise.tk, 1
+hotelplazataranto.com, 1
+hotelponcowinatan.com, 1
+hotelpromo.codes, 1
+hotelreis.com.br, 1
+hotels-insolites.com, 1
+hotels-resorts-in-crimea.tk, 1
+hotels3d.com, 1
+hotels4teams.com, 1
+hotelsalzberg.ga, 1
+hotelsalzberg.gq, 1
+hotelsalzberg.ml, 1
+hotelsantalibera.tk, 1
+hotelsfares.com, 1
+hotelsinbuxton.com, 1
+hotelsinformer.com, 1
+hotelsingaporeairport.com, 1
+hotelsinncoventry.com, 1
+hotelsonline.tk, 1
+hotelsrejber.cz, 1
+hotelsrit.tk, 1
+hotelsthisweekend.com, 1
+hotelv.com, 1
+hotelvalena.com, 1
+hotelvisegrad.hu, 1
+hotelzapse-aurora.tk, 1
+hotesb.net, 1
+hotfiesta.ml, 1
+hotgirl.tv, 1
+hotglue.me, 1
+hothag.com, 1
+hothardware.com, 1
+hothbricks.com, 0
+hotheart.ru, 1
+hothub.net, 1
+hotiii.ga, 1
+hotiks.tk, 1
+hotlinenum.com, 1
+hotlinetohell.cf, 1
+hotlog.tk, 1
+hotmail, 1
+hotmango.tk, 1
+hotmann.de, 1
+hotmart.com, 1
+hotmilfphotos.com, 1
+hotmmagirls.com, 1
+hotmom.tv, 1
+hotmomsvideos.com, 1
+hotmovies.com, 1
+hotmoviesforher.com, 1
+hotnews-today.com, 1
+hotnewsnl.tk, 1
+hotnow.live, 1
+hotnudeteen.com, 1
+hoto.us, 1
+hoton.in, 1
+hotornot.com, 1
+hotperiscope.tk, 1
+hotpinkbraces.com, 1
+hotplate.co.nz, 1
+hotpopky.cf, 1
+hotpornfilms.com, 1
+hotporngirl.com, 1
+hotporntubes.com, 1
+hotpornvideos.tv, 1
+hotproxy.gq, 1
+hotpussypics.com, 1
+hotpussytube.com, 1
+hotrender.com, 1
+hotroviettel.vn, 1
+hotrowordpress.com, 0
+hotschneckchen.net, 1
+hotscripting.tk, 1
+hotsex.tv, 1
+hotsexvids.net, 1
+hotshira.com, 1
+hotshotsleeves.com, 1
+hotsmi.cf, 1
+hotsoft.com.br, 1
+hotsolarsolutions.com, 1
+hotspot.cl, 1
+hotspotshield.com, 1
+hotspringsar.gov, 1
+hotsvenja.com, 1
+hottaro.com, 1
+hottchic.com, 1
+hottestguyoftech.com, 1
+hottestwebcamgirls.org, 1
+hottheme.net, 1
+hottie.at, 1
+hotting.nl, 1
+hottoys.tk, 1
+hotvehs.com, 1
+hotvideosgalleries.com, 1
+hotwaterspecialist.com.au, 1
+hotwifer.com, 1
+hotyoyo.ga, 1
+hotzheipoe.com, 1
+houdah.com, 1
+houdenvanhonden.nl, 1
+houhuayuan.com, 1
+houlang.ac.cn, 1
+houldsworthmill.com, 1
+hourai.gg, 1
+houraiteahouse.net, 1
+hourlyearning.tk, 1
+hourlyringtonesers.ga, 1
+hourlyringtonesest.ga, 1
+hoursofoperation.biz, 1
+hourspent.com, 1
+house-cleaning-howtos.com, 1
+house-sparrow.com, 1
+houseandgarden.co.uk, 1
+houseareacanada.tk, 1
+houseareaitaly.tk, 1
+housebar.tk, 1
+housecarty.com, 1
+housedesigninfo.tk, 1
+housedesignnews.tk, 1
+houseepropiedadraiz.com, 1
+houseforce.biz, 1
+household-appliances.tk, 1
+householdheroes.com.au, 1
+householdjournalers.ga, 1
+householdjournalest.ga, 1
+householdofmercy.org, 1
+houseinfonews.tk, 1
+housekeeperlondon.co.uk, 1
+houseliving.hr, 0
+houselocal.co.uk, 1
+housemart.company, 1
+housemates.uk.com, 1
+housemouse.tk, 1
+houseofaceonline.com, 1
+houseofhipsters.com, 1
+houseofmusic.co.uk, 1
+houseofpertijs.com, 1
+houseofpheromones.com, 1
+houseoftutors.co.uk, 1
+houseofyee.com, 1
+housepartyradio.net, 1
+houseplant.tk, 1
+houser.lu, 1
+houseracko.com, 1
+houseremodels.tk, 1
+houseroxrecords.com, 1
+housese.at, 1
+housesmartdecore.tk, 1
+housesumo.com, 1
+housetories.com, 1
+housevertising.nl, 1
+housing.com, 1
+housingauctions.net, 1
+housingcenter.com, 1
+housinglincolncountyor.gov, 1
+housingloan.jp, 1
+housingokc.gov, 1
+housten.com, 1
+houston-building-maintenance.com, 1
+houston-probate-law.com, 1
+houstonaudubon.org, 1
+houstonauthorizedrepair.com, 1
+houstonbestmaidservice.com, 1
+houstoncenterforvaluedliving.com, 1
+houstoncosoal.gov, 1
+houstoncountyal.gov, 1
+houstongaragedoorsrepair.com, 1
+houstonhomerevival.com, 1
+houstonhughes.tk, 1
+houstonjetcharter.com, 1
+houstonlake.gov, 1
+houstonlockout.com, 1
+houstonmethodist.org, 1
+houtar.eu.org, 1
+houthandelbunskoek.nl, 1
+houthandeljacobs.nl, 1
+houtinee.com, 1
+hovala.tk, 1
+hovelaar.nl, 1
+hoverboardbarato.com, 1
+hovia.com, 1
+hovset.net, 1
+how-to-build-computer.tk, 1
+how-to-simply.com, 1
+how-to-write-a-book.cf, 1
+how-to-write-a-book.ga, 1
+how-to-write-a-book.gq, 1
+how-to-write-a-book.ml, 1
+how2dev.tools, 1
+how2smart.com, 1
+howa-n.net, 0
+howandroidhelp.com, 1
+howandwhys.com, 1
+howardchippewawi.gov, 1
+howardcounty-mo.gov, 1
+howardcountyne.gov, 1
+howardcountysheriffmo.gov, 1
+howardhannava.com, 1
+howardkaplanbooks.com, 1
+howardscholars.org, 1
+howardsgrovewi.gov, 1
+howardshaw.com, 1
+howarh.com, 0
+howdo.nl, 1
+howdoesmycode.work, 1
+howdoyousaythis.com, 1
+howdybikes.com, 1
+howellaccounts.co.uk, 1
+howellcountymo911.gov, 1
+howellpolicenj.gov, 1
+howesky.com, 1
+howgoodwasmysex.com, 1
+howieisawesome.com, 1
+howlers.tk, 1
+howlinhawk.tk, 1
+howlonghaswilliambeenwaitingforhislicence.uk, 1
+howmanymilesfrom.com, 1
+howmanypeoplearethereinthe.world, 1
+howmanypeoplearethereintheworld.com, 0
+howmuch.cf, 1
+howmuch.ga, 1
+howoldisjava8.today, 1
+howoldistheinter.net, 1
+howonce.cn, 1
+howonce.com, 1
+howonce.com.cn, 1
+howonce.net, 1
+howonce.org, 1
+howopen.net, 1
+howpchub.com, 1
+howsecureismypassword.net, 1
+howsmyssl.com, 1
+howsmytls.com, 1
+howto-outlook.com, 1
+howtobehealthy.tk, 1
+howtoboy.com, 1
+howtodesignwebsite.com, 1
+howtofixwindows.com, 1
+howtofreelance.com, 1
+howtogeek.com, 1
+howtogeekpro.com, 1
+howtogosolar.org, 0
+howtohomepage.tk, 1
+howtohow.org, 1
+howtoinstall.co, 1
+howtomakefriends.tk, 1
+howtomanagedevices.com, 1
+howtomediacenter.com, 1
+howtomovetheneedle.com, 1
+howtoplayguitarlikeapro.com, 1
+howtopreventvulnerabilities.com, 1
+howtorunfasterandlonger.com, 1
+howtoslapsomeonethroughtheinternet.com, 1
+howtostopsnoring.tk, 1
+howtoteachviolin.com, 1
+howtotech.com, 1
+howtotech.de, 1
+howtrainyourdog.ml, 1
+howtutu.click, 1
+howtutu.com, 1
+howtutu.email, 1
+howtutu.eu, 1
+howtutu.info, 1
+howtutu.link, 1
+howtutu.net, 1
+howtutu.org, 1
+howtutu.social, 1
+howudoin.tk, 1
+howunadeydoam.ng, 1
+howwhy.tw, 1
+hoxo.fr, 1
+hoychivilcoy.tk, 1
+hoyenapple.com, 1
+hoyosdelespino.tk, 1
+hoz-pack.com.ua, 1
+hozana.si, 0
+hozinga.de, 1
+hozio.com, 1
+hozio.net, 1
+hozkomurcu.com, 1
+hp-67.com, 1
+hp-lexicon.org, 1
+hp42.de, 1
+hpac-portal.com, 1
+hpage.com, 1
+hpbn.co, 1
+hpc.mil, 1
+hpccsystems.com, 0
+hpeditor.tk, 1
+hpfxd.com, 1
+hphp.ga, 1
+hpic.net, 1
+hpisavageforum.com, 1
+hpk.edu.ee, 1
+hpkp-faq.de, 1
+hplace.com.br, 1
+hpm.pt, 1
+hpneo-conseil.com, 1
+hpruehl.de, 1
+hpsdigital.hu, 1
+hpsldc.com, 1
+hpv-info.ee, 1
+hpvtimmerwerken.nl, 1
+hq.marketing, 1
+hq77.ru, 1
+hqblog.cn, 0
+hqproductreviews.com, 1
+hqsy.net, 1
+hqteas.com, 1
+hqtrannytube.com, 1
+hquest.pro.br, 1
+hqwebhosting.tk, 0
+hqy.moe, 1
+hqy2000.com, 1
+hr-automation.eu, 1
+hr-books.shop, 1
+hr-clan.tk, 1
+hr-nielsen.tk, 1
+hr-praemien-santander.de, 1
+hr-tech.shop, 1
+hr-toys.shop, 1
+hr98.tk, 1
+hrabogados.com, 1
+hraesvelg.net, 1
+hrafnkellbaldurs.com, 1
+hrafnsholl.is, 1
+hrajhry.sk, 1
+hrajme.tk, 1
+hranicka.cz, 1
+hravatar.com, 1
+hrbanen.nl, 1
+hrbatypes.cz, 1
+hrblnrdx.org.cn, 1
+hrbrt.co, 1
+hrbrt.nl, 0
+hrcdn.net, 1
+hrcigroup.com, 1
+hrcrew.com.au, 1
+hrd-sec.com, 1
+hrd.pl, 1
+hrdns.de, 1
+hreflang.info, 1
+hrejterzy.com, 1
+hrgt.eu, 1
+hristijanspirovski.tk, 1
+hristos.com, 1
+hriveralaw.com, 1
+hrjfeedstock.org, 1
+hrjob.ml, 1
+hrjob.tk, 1
+hrk.aero, 1
+hrka.cc, 0
+hrkfamilylaw.com, 1
+hrknuddel.de, 1
+hrlab.de, 1
+hrlive.ga, 1
+hrmafia.ga, 1
+hrmcms.com, 1
+hrmg.agency, 1
+hrmny.sh, 1
+hrndz.io, 1
+hrnk.org, 1
+hro.to, 1
+hrobert.hu, 1
+hroc.co.uk, 1
+hrodna.life, 1
+hroling.nl, 1
+hromaticworld.tk, 1
+hroschyk.cz, 1
+hrpage.ml, 1
+hrprofessionals.tk, 1
+hrreporter.com, 1
+hrsa.gov, 1
+hrseoservice.com, 1
+hrstapps-dev.com, 1
+hrtechnologypro.cf, 1
+hrtpova.gov, 1
+hru.gov, 1
+hrumka.net, 1
+hrw66.cc, 1
+hrwsba.gov, 1
+hrxkauppa.fi, 1
+hryniewski.net, 1
+hryx.net, 1
+hrzblt.eu, 1
+hs-flensburg.de, 1
+hs-group.net, 1
+hs-hire.co.uk, 1
+hs7imports.com.br, 1
+hsappstatic.net, 1
+hsbc-zertifikate.de, 1
+hsbs.com.sg, 1
+hsbuild.com, 1
+hsc.com.vn, 1
+hsc.gd.cn, 1
+hschen.top, 0
+hscomposites.co.nz, 1
+hse-dev.com, 1
+hse-online.com, 1
+hse-reglementaire.com, 1
+hselectricalservices.com, 1
+hsex.tv, 0
+hsg-lumdatal.de, 1
+hsgms.de, 1
+hsi.health, 1
+hsivonen.com, 1
+hsivonen.fi, 1
+hsivonen.iki.fi, 1
+hsjdzaragoza.es, 1
+hskernel.com, 1
+hskin.top, 1
+hskprep.com, 1
+hsm-eldesafio.tk, 1
+hsmithsmithfield.co.uk, 1
+hsmr.cc, 1
+hsn-tsn.com, 1
+hsn.com, 1
+hsog.tk, 1
+hsprotection.net, 1
+hsr.gov, 1
+hsreformas.es, 1
+hsselite.com, 1
+hst.tc, 1
+hstoyanov.com, 1
+hsts-preload-test.xyz, 1
+hsts.eu, 1
+hsts.eu.org, 1
+hsts.me, 1
+hsts.ovh, 1
+hstsbadnosniff.com, 1
+hstspreload.appspot.com, 1
+hstspreload.com, 1
+hstspreload.de, 1
+hstspreload.me, 1
+hstspreload.org, 1
+hstudio.tk, 1
+hsturan.com, 1
+hsutilitiesms.gov, 1
+hszemi.de, 1
+ht.mk, 1
+htaccessbook.com, 1
+htaps.com, 1
+htb-email.co, 1
+htb-email.com, 1
+htb-email.uk.com, 1
+htb.click, 1
+htb.co.uk, 1
+htbap.net, 1
+htbemail.co, 1
+htbemail.co.uk, 1
+htbemail.com, 1
+htbemail.net, 1
+htbemail.org, 1
+htbplc.co.uk, 1
+htcclan.tk, 1
+htdcomputer.vn, 1
+hte.ovh, 1
+hti.digital, 1
+htikeagkyaw.com, 1
+htl-anmeldung.at, 1
+htl.wiki, 1
+htlball.at, 1
+htljobs.at, 1
+htm-partners.com, 1
+htmag.co.il, 1
+htmanager.fr, 1
+htmdom.com, 1
+html-builder.tk, 1
+html-code-generator.com, 1
+html-css.tk, 1
+html5.org, 1
+htmlacademy.ru, 1
+htmlandcss.tk, 1
+htmlcssphp.ga, 1
+htmlcssphp.gq, 1
+htmlcssphp.ml, 1
+htmlcssphp.tk, 1
+htmlnet.tk, 1
+htmltemplated.com, 1
+htmlvalidator.com, 1
+htmlweb.ml, 1
+htmlyse.com, 1
+htmue.org, 1
+htp2.top, 1
+htt.pe, 1
+http.codes, 1
+http.dog, 1
+http.garden, 1
+http.gs, 1
+http.pizza, 1
+http2.com.cn, 1
+http2.eu, 1
+http2.pro, 1
+http3-hosting.de, 1
+http3.ch, 1
+http3.pro, 1
+http418.org, 1
+httpcats.com, 1
+httpd.gq, 1
+httpducks.com, 1
+httpgoats.com, 1
+httpguides.com, 1
+https-rulesets.org, 1
+https.com.tw, 1
+https.dk, 1
+https.gs, 1
+https.jetzt, 1
+httpsalarm.com, 1
+httpsarnemergan.ml, 1
+httpsecured.net, 1
+httpsecurityreport.com, 1
+httpsiseasy.com, 1
+httpsispisseasy.com, 1
+httpsnow.com, 1
+httpsnow.org, 1
+httpstaak.tk, 1
+httpstest.eu, 1
+httpstest.nl, 1
+httpswatch.ca, 1
+httpswatch.eu, 1
+httpswatch.nl, 1
+htvoutlet.com, 1
+htxnet.biz, 1
+htzopremasrbija.co.rs, 1
+hu-1xbet.com, 1
+hu-a-u.com, 1
+hu.search.yahoo.com, 0
+hua-in.net, 1
+huabianwa.com, 0
+huachuang.com, 1
+huagati.com, 1
+huang.nu, 1
+huangban.org.cn, 1
+huangguancq.com, 1
+huangh.com, 1
+huangjia71.com, 1
+huangjia72.com, 1
+huangjia73.com, 1
+huangjia74.com, 1
+huangjia75.com, 1
+huangjia76.com, 1
+huangjia777.com, 1
+huangjia78.com, 1
+huangjia79.com, 1
+huangjiaint.com, 1
+huangjingjing.com, 1
+huangqifu.com, 1
+huangshuo.net, 1
+huangzenghao.cn, 0
+huangzenghao.com, 1
+huangzjnet.gq, 1
+huanqiu1988.com, 1
+huanta.tk, 1
+huanvm.com, 1
+huanwei.com, 1
+huanyu.com, 1
+huapood.com, 1
+huaqian.art, 1
+huashan.co.uk, 1
+huashang.tk, 1
+huawenyy.com, 1
+huaxueba.com, 1
+hub24.com.au, 1
+hub385.com, 1
+hubanero.cz, 1
+hubapi.com, 1
+hubbardhouseugrrmuseum.org, 1
+hubbaworld.tk, 1
+hubbell.com, 1
+hubblogging.com, 1
+hubchain.com, 1
+hubchain.com.br, 1
+hubchain.fr, 1
+hubchain.io, 1
+hubchain.org, 1
+huber-informatik.de, 1
+hublaagram.ml, 1
+hubnet.fr, 1
+hubok.net, 1
+huboo.co.uk, 1
+huboo.com, 1
+hubovra.nl, 1
+hubrecht.at, 1
+hubsaveers.ga, 1
+hubsaveest.ga, 1
+hubspot.com, 1
+hubspot.de, 1
+hubspot.es, 1
+hubspot.fr, 1
+hubspot.jp, 1
+hubux.tk, 1
+hubx.co, 1
+huchet.me, 0
+hucklebucks.com, 1
+huckletree.com, 0
+hudaa.us, 1
+huddlecamhd.com, 1
+hudebnibazarmixer.cz, 1
+hudeem-vmeste.ml, 1
+hudhaifahgoga.co.za, 1
+hudhomestore.gov, 1
+hudobniny.net, 1
+hudognik.com, 1
+hudrydum.cz, 1
+hudsonlifting.co.uk, 1
+hudsonregional.gov, 1
+hudsonsolutions.com, 1
+hudsonwi.gov, 1
+huduser.gov, 1
+huecomundo.tk, 1
+huehnerartikel.de, 1
+huelgajusticiaextremadura.tk, 1
+huellasfestival.com, 1
+huelvatrabaja.com, 1
+huemanpesolutions.com, 1
+huemeyraophelia.com, 1
+huemul.studio, 1
+huepfburggiessen.de, 1
+huertoydesamparados.tk, 1
+hues-in-lee.de, 1
+huesers.de, 1
+huesitos.tk, 1
+hueterecruiters.com, 1
+hufelare.tk, 1
+huffduffer.com, 1
+huffingtonwire.com, 1
+huffsinsurance.com, 1
+hug0.cz, 1
+hugebeasters.ga, 1
+hugebeastest.ga, 1
+hugetits.tv, 1
+huggies.com.au, 1
+huggy.moe, 1
+hughfitzgerald.com, 1
+hugi.is, 1
+huglen.info, 1
+hugobarral.me, 1
+hugochilemme.com, 1
+hugocurado.info, 1
+hugolegrand.fr, 1
+hugolynx.fr, 0
+hugomilano.ga, 1
+hugonote.cf, 1
+hugonote.ga, 1
+hugonote.gq, 1
+hugonote.ml, 1
+hugonote.ovh, 1
+hugonote.tk, 1
+hugotech.vn, 1
+hugovr.nl, 1
+hugoyugou.com, 1
+hugs.ua, 1
+huhao.tk, 1
+huhu.cf, 1
+huibrotladen.com, 1
+huicui.com, 1
+huiguniang.com, 1
+huiketang.com, 1
+huimin.com, 1
+huimou.com, 1
+huininga.com, 1
+huininga.nl, 1
+huininga.org, 1
+huirongis.me, 1
+huis-en-tuin.be, 1
+huisaandecosta.nl, 1
+huisartsen-ict.nl, 1
+huisartsenpraktijkheemraadssingel.nl, 1
+huisartsenpraktijksonmezer.nl, 1
+huisartsenpraktijkzonnehoed.nl, 1
+huisartsenpraktijkzwalm.be, 1
+huisdierfotografie-nederland.nl, 1
+huisdierinfopunt.tk, 1
+huiser.nl, 1
+huisjeboompje-baby.nl, 1
+huislaw.com, 1
+huislijn.nl, 1
+huissier-vosges.com, 1
+huit.re, 1
+huitaodang.com, 1
+huk-autoservice.de, 1
+hukkatavara.com, 1
+hukuhauchi.com, 1
+hulaginswoodworking.com, 1
+hulet.tech, 1
+hulii.com, 1
+hulii.com.au, 1
+hulkbay.tk, 1
+hulkweb.tk, 1
+hullmoneyman.com, 1
+hullscp.co.uk, 1
+hullseals.space, 1
+huloveyou.com, 1
+hulpbijmarketing.nl, 1
+hulpertechsite.tk, 1
+hulpmiddelenshop.nl, 1
+hulpverleningszonecentrum.be, 1
+hulsoft.co.uk, 1
+hultrid.hopto.org, 1
+hululkitab.co, 1
+huma-auto.club, 0
+human-centricity.com, 1
+human-clone.com, 1
+human-dev.io, 1
+human-parasites.tk, 1
+human-shinri.com, 1
+humana-medicaresupplement.com, 1
+humanamente.tk, 1
+humanbeing.tk, 1
+humanenrich.com, 1
+humanesdemadrid.tk, 1
+humanewolf.com, 1
+humanexperiments.com, 1
+humanhairgo.tk, 1
+humanhealth.pl, 1
+humanidad.tk, 1
+humaninterest.com, 1
+humanistgruppen.tk, 1
+humanit.com.au, 1
+humanity.com, 1
+humanize.security, 1
+humanlocation.net, 1
+humanresources.gq, 1
+humanresourcesedu.org, 1
+humanresourcesmanager.de, 1
+humanrights.gov.au, 1
+humanrights.tk, 1
+humansense.nl, 1
+humanservicesedu.org, 1
+humanshiftpaper.com, 1
+humantouchmassagechairs.com, 1
+humanvidas.com.br, 1
+humanzee.com, 1
+humara.tk, 1
+humass.nl, 1
+humbaur.com, 1
+humbble.fr, 1
+humblebee.at, 1
+humblebee.be, 1
+humblebee.bg, 1
+humblebee.ch, 1
+humblebee.co.uk, 1
+humblebee.cz, 1
+humblebee.dk, 1
+humblebee.es, 1
+humblebee.eu, 1
+humblebee.foundation, 1
+humblebee.fr, 1
+humblebee.gr, 1
+humblebee.hu, 1
+humblebee.ie, 1
+humblebee.it, 1
+humblebee.nz, 1
+humblebee.pl, 1
+humblebee.uk, 1
+humblebee.us, 1
+humblebeeshop.ca, 1
+humblebeeshop.com.au, 1
+humblecraft.tk, 1
+humbledot.com, 0
+humblenano.africa, 1
+humblenano.io, 1
+humboldt-wi.gov, 1
+humboldtcavotes.gov, 1
+humboldtcountyca.gov, 1
+humboldtcountynv.gov, 1
+humboldtcsi.com, 1
+humboldthomeguide.com, 1
+humboldtmfg.com, 1
+humdata.org, 1
+humdruma-recordingz.tk, 1
+humer-it.com, 0
+humexe.com, 1
+humeydi.tk, 1
+humi.ca, 1
+humio.com, 1
+humm90.com, 1
+hummel.tk, 1
+hummingbird.co, 0
+hummy.tk, 1
+hummy.tv, 1
+humo.be, 1
+humor-life.tk, 1
+humor-web.tk, 1
+humor.cf, 1
+humor.ga, 1
+humorbest.tk, 1
+humorcheck.ga, 1
+humorcheckers.ga, 1
+humorcheckest.ga, 1
+humored.gq, 1
+humorojo.com, 1
+humpen.se, 1
+humphreyscountytn.gov, 1
+humpydumpy.tk, 1
+humuluslupulus.de, 1
+humus.tk, 1
+hunanbank.com, 1
+hund.io, 1
+hund.ml, 1
+hundamosantena3.tk, 1
+hundedekken.tk, 1
+hundeschule.tk, 1
+hundestudios.tk, 1
+hundhausen.de, 1
+hundimiento.com, 1
+hundlee.tk, 1
+hundter.com, 1
+hundur.tk, 1
+hunedoara.tk, 1
+hungarian-united-church.tk, 1
+hungarianeducationagency.com, 1
+hungaryz.ml, 1
+hungnm.me, 1
+hungryas.tk, 1
+hungryginie.com, 1
+hungryhealthyhappy.com, 1
+hunhold.at, 1
+hunhold.biz, 1
+hunhold.ch, 1
+hunhold.com, 1
+hunhold.de, 1
+hunhold.eu, 1
+hunhold.it, 1
+hunhold.net, 1
+hunhold.org, 1
+huniverse.co, 1
+hunngard.com, 1
+hunqz.com, 1
+hunstoncanoeclub.co.uk, 1
+hunter-read.com, 1
+hunter.io, 1
+hunter32.ru, 1
+hunterjohnson.io, 1
+huntersandprops.tk, 1
+hunterscreekapartments.net, 1
+hunterscrolls.tk, 1
+huntertrade.com.br, 1
+huntexpired.com, 0
+huntflow.ai, 1
+hunting.ml, 1
+huntingdonlifesciences.com, 1
+huntingdonsmithfieldpa.gov, 1
+huntingnewfoundlandlabrador.com, 1
+huntingtonestateproperties.com, 1
+huntingtonnow.com, 1
+huntingtonwv.gov, 1
+huntreminder.com, 1
+huntsvillealtransit.gov, 1
+huntsvillecottage.ca, 1
+huntvac.com, 1
+huny.eu.org, 1
+hunzai.tk, 1
+huoduan.com, 1
+huohu-sports.com, 1
+huohuo.cf, 1
+huohuo.ml, 1
+huon.fyi, 1
+huonit.com.au, 1
+huoqibaike.club, 1
+huoyankan.com, 1
+huoyou.com, 1
+huozhen.com, 1
+hup.hu, 0
+hupeng.me, 1
+hupoyunlar.com, 1
+hurbascooter.com, 1
+hurbo.com, 1
+hurdafiyatlari.site, 1
+hurinkazan2020.com, 1
+hurleyhomestead.com, 1
+huron.tk, 1
+huronsd.gov, 1
+hurra-blog.tk, 1
+hurricanecarroll.com, 1
+hurricanelabs.com, 0
+hurricaneplaneers.ga, 1
+hurricaneplaneest.ga, 1
+hurricanewv.gov, 1
+hurricanewvpd.gov, 1
+hurriyetseriilan.tk, 1
+hurstbourneacresky.gov, 1
+hurstiharrell.tk, 1
+hurtigrabat.dk, 1
+hurtigtinternet.dk, 1
+husakbau.at, 1
+hushbabysleep.com, 1
+hushfile.it, 1
+hushpuppiesobuv.ru, 1
+husic.net, 0
+husky-in-nood.tk, 1
+huskyeye.de, 1
+huskygifts.com, 1
+huskyinc.us, 0
+husmann.tech, 1
+husqvarnamoped.se, 1
+hussam.eu.org, 1
+hussehrana.com, 1
+hustlerstate.tk, 1
+hutavaterstetten.de, 1
+hutchinsonmn.gov, 1
+huthacks.com, 1
+huto.ml, 1
+huttotxedc.gov, 1
+huurwoordenaar.nl, 1
+huuto.tk, 1
+huutonauru.net, 1
+huwcbjones.uk, 1
+huwjones.me, 1
+huwshepheard.com, 1
+huxcoconstruction.com, 1
+huxixs.com, 1
+huxley.net, 1
+huynhviet.com, 1
+huyvu.nl, 1
+huzurmetal.net, 1
+huzurpansiyonfirtinavadisi.com, 1
+hv-2020.de, 1
+hv-2020.online, 1
+hv-anmeldung.de, 1
+hv-huset.no, 1
+hv-portal.de, 1
+hv.se, 1
+hva.cl, 1
+hvac-distributing.com, 1
+hvac-distributing.xyz, 1
+hvacschool.org, 1
+hvanmeldung.de, 1
+hvanmeldung.online, 1
+hvcoksvote.gov, 1
+hvdbox.de, 0
+hvenetworks.cf, 1
+hveradistributions.com, 1
+hverdagogkink.no, 1
+hvh.no, 1
+hvhdct.gov, 1
+hvhercules.tk, 1
+hvhindia.in, 1
+hvllucinvtion.tk, 1
+hvorschool.tk, 1
+hvr.co.il, 1
+hvrint.de, 1
+hvtuananh.com, 1
+hvylya.net, 1
+hw8.eu, 1
+hwag-pb.de, 1
+hwasung.com.vn, 1
+hwe.nz, 1
+hwholdsworth.com.au, 1
+hwinfo.tk, 1
+hwjkk.com, 1
+hwnd.io, 1
+hwsw.io, 1
+hwvv.nl, 1
+hwx8.com, 0
+hx-sun.com, 1
+hx36.net, 0
+hx53.de, 1
+hx678.cc, 1
+hx77.cc, 0
+hxit.cn, 1
+hxkvm.com, 1
+hxkvm.net, 1
+hxp.io, 1
+hxr404.cf, 1
+hxsrz.eu.org, 1
+hy1.com, 1
+hyacinthus.tk, 1
+hyatt.com, 1
+hyb7.com, 1
+hybrd.is, 1
+hybrid-crescent.tk, 1
+hybriden.cf, 1
+hybriden.tk, 1
+hybridiyhdistys.fi, 1
+hybridklubben.fi, 1
+hybridragon.net, 1
+hybridscript.tk, 1
+hybridsounds.tk, 1
+hybridworld.tk, 1
+hybridworx.com, 1
+hybridworx.de, 1
+hybridworx.eu, 1
+hybridworx.net, 1
+hybridworx.org, 1
+hybrydowe-samochody.pl, 1
+hybula.com, 1
+hycken.com, 1
+hyckenberg.com, 1
+hyderabaddccb.org, 1
+hyderabadonlinegifts.com, 1
+hydra-interactive.com, 1
+hydra.az, 1
+hydrabit.nl, 1
+hydrante.ch, 0
+hydras.tk, 1
+hydrazin.pw, 1
+hydro17.com, 1
+hydroagro.pl, 1
+hydroaralen.com, 1
+hydrochlorothiazide.gq, 1
+hydrochlorothiazide125.ga, 1
+hydrocloud.net, 1
+hydrocontrolsystems-janssenwaterproofing.com, 1
+hydrocontrolsystems.com, 1
+hydrogel.tk, 1
+hydrogenplatform.com, 1
+hydrographicsocietybenelux.eu, 1
+hydroid.tk, 1
+hydrolifehottubs.co.uk, 1
+hydrolyze.tk, 1
+hydromech.com.au, 1
+hydrometrixtechnologies.com, 1
+hydronicheatingaustralia.com.au, 1
+hydronium.cf, 1
+hydronium.ga, 1
+hydronium.ml, 1
+hydronium.tk, 1
+hydroposev.com, 1
+hydrosaat.ch, 1
+hydrosight.com, 1
+hydrosila.com, 0
+hydroturbine.info, 0
+hydrozen.io, 1
+hydrozone.fr, 1
+hyds.com, 1
+hyec.jp, 1
+hygieneproclean.co.nz, 1
+hygienet.be, 1
+hygo.com, 1
+hygraph.com, 1
+hyk.me, 1
+hyland.com, 1
+hylark.com, 1
+hylians.com, 1
+hyllie.net, 1
+hymn.com, 1
+hymnal.net, 1
+hymnsandverses.com, 1
+hync.io, 1
+hyncice.com, 1
+hyndax.com.ar, 0
+hynek.me, 1
+hyodyntamaton.site, 0
+hyoi.de, 1
+hypar.io, 1
+hyparia.fr, 1
+hyparia.org, 1
+hypehub.tech, 1
+hypelifemagazine.com, 1
+hypemgmt.com, 1
+hyper-fit.nl, 1
+hyper-matrix.org, 1
+hyper-network.de, 1
+hyper-text.org, 0
+hyper.ai, 1
+hyper.lol, 1
+hyperalgesia.com, 1
+hyperautomotive.com.au, 1
+hyperblast-universe.tk, 1
+hyperbolic-mayonnaise-interceptor.ovh, 1
+hyperc.club, 1
+hypercdn.de, 1
+hypercritical.co, 1
+hyperd.sh, 1
+hyperdesign.com, 1
+hyperhidrose.tk, 1
+hyperion-project.org, 1
+hyperion.gmbh, 0
+hyperion.io, 1
+hyperionms.com, 1
+hyperjewel.com, 1
+hyperjit.com, 1
+hyperlocal.co.za, 1
+hypermonkey.tk, 1
+hypernode.com, 1
+hyperonline.tk, 1
+hyperplanning.fr, 1
+hyperreal.chat, 1
+hyperreal.info, 1
+hypershell.tk, 1
+hypersomnia.com, 1
+hyperspace.tk, 1
+hyperstack.org, 1
+hypertaut.com, 1
+hypertensionexplained.com, 1
+hypertesto.me, 1
+hyperthymia.com, 1
+hypervsn.com, 1
+hypetrix.com, 1
+hypexstore.tk, 1
+hyphen.co.za, 1
+hyphenpda.co.za, 1
+hypixelstudios.com, 1
+hypno-thera.fr, 1
+hypnobb.com, 1
+hypnos.hu, 1
+hypnose-hennigsdorf.de, 1
+hypnose-nimes.fr, 1
+hypnoseduction.tk, 1
+hypnoside.tk, 1
+hypnosis.edu, 1
+hypnotistanbul.com, 1
+hypnotizedgirls.ml, 1
+hypnovir.us, 1
+hypo-fix.com, 1
+hypo-fix.de, 1
+hypo-light.de, 1
+hypo-x.de, 1
+hypo4u.de, 1
+hypocretins.com, 1
+hypocrites.tk, 1
+hypofax.de, 1
+hypofix-web.de, 1
+hypofix.com, 1
+hypofix.de, 1
+hypofixweb.de, 1
+hypofixx.de, 1
+hypogeal.com, 1
+hypokalkulacka.sk, 1
+hypolife.de, 1
+hypolineweb.de, 1
+hypotheca.ca, 1
+hypotheekbond.nl, 1
+hypothekenbank.ag, 1
+hypotheques24.ch, 1
+hypothermia.tk, 1
+hypothes.is, 1
+hypothyroidmom.com, 1
+hypowelt.com, 1
+hypr.ee, 1
+hyr.mn, 0
+hyra.tk, 1
+hyrin.tk, 1
+hyrius.net, 1
+hyrulekingdom.tk, 1
+hys-te-ria.tk, 1
+hyser.com.ua, 1
+hysh.jp, 1
+hysh.net, 1
+hysh.org, 1
+hystats.net, 1
+hysupchile.cl, 1
+hytale.com, 1
+hytzongxuan.com, 1
+hytzongxuan.top, 1
+hyunbridge.com, 1
+hyundaifinance.de, 0
+hyundaipartsdeal.com, 1
+hyundaisrilanka.lk, 1
+hyunjoonkim.net, 1
+hyvinvointineuvoja.fi, 1
+hyy.ch, 1
+hyy.chat, 1
+hyychat.com, 1
+hyyen.com, 1
+hyyperchat.com, 1
+hyze.fr, 1
+hyzy.fr, 1
+hz601.org, 1
+hzbk.org, 0
+hzib.com, 1
+hzmpower.com, 1
+hzsx.com, 1
+hztgzz.com, 1
+i--b.com, 1
+i-0v0.in, 1
+i-3c.co.jp, 1
+i-am-cjc.tech, 1
+i-am-seo.co.uk, 1
+i-cite.es, 1
+i-connect.ie, 0
+i-cyber.gov.ua, 1
+i-experts.nl, 1
+i-fastnet.net, 1
+i-forum.ga, 1
+i-house.gq, 1
+i-hoz.ru, 1
+i-lab.ml, 1
+i-li.com, 1
+i-like-hits.tk, 1
+i-logic.co.jp, 1
+i-logic.net, 1
+i-make-love.tk, 1
+i-make.com, 1
+i-make.fr, 1
+i-med.com.au, 1
+i-model.org, 1
+i-motor.nl, 1
+i-office.com.vn, 1
+i-on.by, 1
+i-panic.com, 1
+i-pinged-everyone.today, 1
+i-port-voice.com, 1
+i-prince.tk, 1
+i-proswiss.com, 0
+i-r-a.tk, 1
+i-readycentral.com, 1
+i-red.info, 1
+i-scream.space, 1
+i-sports.cz, 1
+i-stream2watch.com, 1
+i-telligence.de, 0
+i-tm.com.tw, 1
+i-tools.ru, 1
+i-verbi.it, 1
+i-vignette.com, 1
+i-volve.net, 1
+i-voting.pl, 1
+i.hosting, 1
+i00.eu, 1
+i00228.com, 1
+i0856.com, 0
+i0day.com, 1
+i10z.com, 1
+i1430.com, 0
+i24.host, 1
+i2capmark.com, 1
+i2education.com, 1
+i2itherapy.com, 1
+i2pgit.org, 0
+i36533.com, 1
+i365365.com, 1
+i36588.com, 1
+i3o.me, 1
+i49.net, 1
+i4cu.uk, 1
+i4net.eu, 1
+i4ware.fi, 1
+i51365.com, 0
+i5197.co, 1
+i5y.co.uk, 1
+i5y.org, 1
+i6729.co, 1
+i6729.com, 0
+i6957.co, 1
+i7.io, 1
+i7sas.tk, 1
+i82365.com, 1
+i879.com, 1
+i88i.gq, 1
+i8cp.com, 1
+i9297.co, 1
+i9397.com, 0
+i9721.com, 1
+i9728.co, 1
+i9s.in, 1
+ia.ca, 1
+ia.net, 1
+ia1000.com, 1
+iaa.ee, 1
+iaata.info, 1
+iab-diva.ru, 1
+iabot.tk, 1
+iacee.org, 1
+iacitywebdesigner.com, 1
+iaco.li, 1
+iacono.com.br, 0
+iactu.info, 1
+iadb.org, 1
+iadminify.com, 1
+iadore.tk, 1
+iadttaveras.com, 1
+iae.one, 1
+iaeste.or.jp, 1
+iaf.gov, 1
+iaf.nu, 1
+iafd.com, 1
+iaforum.com.br, 1
+iafss2023.com, 1
+iain.tech, 1
+iainsimms.co.uk, 1
+iainsimms.com, 1
+iainsimms.me, 1
+ialternatywne.pl, 1
+iam.lc, 0
+iam.soy, 1
+iamafricacampaign.com, 1
+iamafricacampaign.org, 1
+iamaileen.com, 1
+iamanewme.com, 1
+iambhatti.tk, 1
+iamcloud.de, 1
+iamconnected.eu, 1
+iamhealthystore.com, 1
+iaminashittymood.today, 1
+iamjoshellis.com, 1
+iamkate.com, 1
+iamlearning.co.uk, 1
+iamlegend.ml, 1
+iamlife.com, 1
+iamlzh.com, 0
+iamokay.nl, 1
+iamovement.org, 1
+iamsadmax.ga, 1
+iamsainknight.tk, 1
+iamsamaskom.tk, 1
+iamtheib.me, 1
+iamthelife.io, 1
+iamthesweetspot.com, 1
+iamtonyarthur.com, 1
+iamtrainsafe.co.uk, 1
+iamusingtheinter.net, 0
+iamyourpillow.com, 1
+ian-barker.co.uk, 1
+ian.sh, 0
+ian678.com, 1
+ian678.tk, 1
+ianbeuchel.ddnss.de, 1
+ianbrault.com, 1
+iancu.me, 1
+iandouglasscott.com, 1
+iane-ccs.com, 1
+ianix.com, 1
+ianklug.com, 1
+iankmusic.com, 1
+ianmooreis.me, 1
+ianmoriarty.com.au, 1
+ians.lu, 1
+iansyst.co.uk, 1
+ianthompsonbooks.com, 1
+ianwalsh.org, 0
+iapro.com, 1
+iapws.com, 0
+ias-gruppe.net, 1
+ias.ua, 1
+iassess.eu, 1
+iaswc.org, 1
+iatfei.com, 1
+iaudited.com, 1
+iav.com, 1
+iav.de, 1
+iawx.net, 1
+iaxx.eu, 1
+ib-kreindl.at, 1
+ib-wedler.de, 1
+ib-zentrale.de, 1
+iba.community, 1
+iba.gov.au, 1
+ibacktraced.it, 1
+ibadboy.net, 1
+iban.com, 1
+ibaoger.com, 1
+ibavaro.com, 1
+ibb.co, 1
+ibb.co.com, 1
+ibb.istanbul, 1
+ibbit.ro, 1
+ibc-container.be, 1
+ibc.com, 1
+ibcl.us, 1
+ibcmed.com, 1
+ibcmed.net, 1
+ibcmed.org, 1
+ibe.de, 1
+ibeep.com, 0
+ibei.ru, 1
+ibemember3.com, 1
+ibericaderedes.es, 1
+ibericarbenet.es, 1
+ibericarcuzco.es, 1
+ibericarcuzcomini.es, 1
+ibericarformula.es, 1
+ibericargestoso.es, 1
+ibericarmotors.es, 1
+ibericarmotorsmalaga.es, 1
+ibericarmovilcentro.es, 1
+ibericarmovilsur.es, 1
+ibericarreicomsa.es, 1
+ibericartechnik.es, 1
+ibesa.com, 1
+ibetora.com, 1
+ibex.co, 1
+ibexmultiday.com, 1
+ibexpackaging.com, 1
+ibexrepair.co.uk, 0
+ibhgospel.com, 1
+ibi.mt, 1
+ibidyoupeace.com, 1
+ibiki-boushi-makura.net, 1
+ibin.co, 1
+ibinex.news, 1
+ibiu.xyz, 0
+ibiz.mk, 1
+ibizads.tk, 1
+ibizaluxuryachts.com, 1
+ibk.at, 1
+iblackfriday.ro, 1
+iblog.pk, 1
+iblowdry.com, 1
+iblsoft.com, 1
+ibm.gov.in, 1
+ibm3.com, 1
+ibmaspera.com, 1
+ibmix.de, 1
+ibo-chemnitz.de, 1
+iboat.eu, 1
+ibodyiq.com, 1
+ibon.org, 1
+iboy1069.com, 0
+iboysoft.com, 1
+ibpegasus.tk, 1
+ibpsrecruitment.co.in, 1
+ibq.life, 1
+ibra.org.uk, 1
+ibrainmedicine.org, 1
+ibraphotography.com, 1
+ibrom.eu, 1
+ibron.co, 0
+ibroshop.com, 1
+ibsasport.org, 1
+ibsglobal.co.za, 1
+ibsis.org, 1
+ibstyle.tk, 1
+ibtime.org, 1
+ibu.ca, 1
+ibug.io, 1
+ibuildings.com, 1
+ibuildings.nl, 1
+ibuki.run, 1
+ibuprofens.gq, 1
+iburgs.com, 1
+ibuzz.tk, 1
+ibwc.gov, 1
+ibyen.com, 1
+ibykos.com, 1
+ibz.be, 1
+ic3.gov, 1
+icafecash.com, 1
+icagency.it, 1
+icams-portal.gov, 1
+icanhazpass.com, 1
+icanseeyou.tk, 1
+icap.my, 1
+icardistry.com, 1
+icaremoving.ca, 1
+icaremoving.com, 1
+icareofficesolutions.com, 1
+icarlos.net, 1
+icas-nsn.gov, 1
+icasas.mx, 1
+icasnetwork.com, 1
+icastgo.ca, 1
+icastgo.com, 1
+icasture.top, 1
+icatt.nl, 1
+icbemp.gov, 0
+icca-chem.org, 1
+iccorporateinteriors.com.au, 1
+iccupplatoon.tk, 1
+icddd.pl, 1
+icdisinfection.com.au, 1
+icdp.org.ua, 1
+ice.org.uk, 1
+icebat.dyndns.org, 1
+iceberg.academy, 0
+iceberg.cyou, 1
+iceberg.ddns.me, 1
+icebike.org, 1
+icebook.co.uk, 1
+icebound.cc, 1
+icebound.win, 1
+iceboxstudio.tk, 1
+icecars.net, 0
+icecodenew.tk, 1
+icecontrol.ro, 1
+icecreamandclara.co.uk, 1
+icecreamika.tk, 1
+icecutethings.com, 1
+icedox.ga, 1
+icedre.am, 1
+icedream.tech, 0
+icedterminal.com, 1
+icedterminal.me, 1
+icedude.tk, 1
+iceewind.com, 1
+iceflow.tk, 1
+icefoxtee.com, 1
+iceheart.tk, 1
+icehost.cf, 1
+icekiller.ga, 1
+icelandic.cf, 1
+icelook.tk, 1
+icemakerrepairaustin.com, 1
+icemedia.com.au, 0
+icemoto.tk, 1
+icemyworld.tk, 1
+icenter.ee, 1
+icentury.ca, 1
+icepharmaceuticals.com, 1
+icerinkwarehouse.com, 1
+icerockproperties.com, 1
+iceshadow.tk, 1
+icetechworld.com, 1
+icetiger.eu, 1
+icetravellers.com, 0
+icewood-bois.com, 1
+icfree.com, 1
+ich-finde-wikipedia-toll.tk, 1
+ich-hab-die-schnauze-voll-von-der-suche-nach-ner-kurzen-domain.de, 1
+ich-tanke.de, 1
+icharme.fr, 1
+ichasco.com, 1
+ichbinein.org, 1
+ichbinhuebi.de, 1
+ichbinkeinfreier.com, 1
+ichbinkeinreh.de, 1
+ichglaubesbackt.de, 1
+ichibanfansub.com.br, 1
+ichibot.trade, 1
+ichibot.vip, 1
+ichigo.university, 1
+ichijoh.co.jp, 1
+ichisound.ml, 1
+ichitaka.tk, 1
+ichitaso.com, 1
+ichtroje.tk, 1
+ichuck.rocks, 1
+ici-freewares.tk, 1
+ici.ac.nz, 1
+ici.ms, 1
+ici.net.au, 1
+icie.info, 1
+icieducation.ca, 1
+icieducation.co.uk, 1
+icieducation.ie, 1
+icims.ca, 1
+icims.com, 1
+icims.eu, 1
+icims.io, 1
+icims.us, 1
+icisontdesdragons.fr, 1
+ickerseashop.com, 1
+icl82.systems, 1
+iclart.com, 1
+iclb.be, 1
+iclg.com, 1
+iclinic-mrt.ru, 1
+iclinic.ua, 1
+icloud.com, 1
+icloud.st, 1
+icloudlogin.com, 1
+icmarket.com, 1
+icmtx.com, 1
+icnc.ga, 1
+icnsk.ru, 1
+icnsoft.org, 1
+icodeconnect.com, 1
+icojapan.tokyo, 1
+icollezionisti.com, 1
+icolorpalette.com, 1
+icomputeconsulting.com, 1
+icomuk.co.uk, 1
+icon-art.nl, 1
+icon-programming.tk, 1
+icone-one.fr, 1
+iconexperience.com, 1
+iconintegration.com.au, 1
+iconique-menuiserie.be, 1
+iconmale.com, 1
+iconoarte.tk, 1
+iconomi.net, 1
+iconparkingsystems.com, 1
+icons4free.tk, 1
+iconsiam.com, 1
+iconsuppstore.com, 1
+iconworld.ml, 1
+iconx.ml, 1
+iconz.tk, 1
+icounseling.com, 1
+icountnm.gov, 1
+icowhitepapers.co, 1
+icpb.com.my, 1
+icpc2016.in.th, 1
+icpcorp.com, 1
+icpe.nl, 1
+icq-project.net, 1
+icq-world.tk, 1
+icq.com, 1
+icr-box.ddns.net, 1
+icrc.org, 1
+icreative.nl, 1
+icruise.com, 1
+ics-blitz.me, 1
+icsolutions.nl, 1
+icst.tk, 1
+icsti.org, 1
+ict-concept.nl, 1
+ict-oldehove.nl, 1
+ict-radar.com, 0
+ict-radar.nl, 0
+ict.govt.nz, 1
+ictbaneninnederland.nl, 1
+ictcareer.ch, 1
+ictergezocht.nl, 1
+ictfreak.nl, 1
+ictinforensics.org, 1
+ictkaisha.be, 1
+ictl.eu, 1
+ictoniolopisa.it, 1
+ictradar.com, 0
+icts.gov, 1
+icttindia.org, 0
+icusignature.com, 1
+icustomboxes.com, 1
+icy.aq, 1
+icyapril.com, 1
+icycanada.com, 1
+icydestiny.com, 0
+icyeurope.com, 1
+icyhealth.com, 0
+icyheroes.com, 1
+icyrock.com, 1
+icytales.com, 1
+icywhiz.com, 1
+iczc.cz, 1
+icze4r.co, 1
+icze4r.com, 1
+icze4r.net, 1
+icze4r.online, 1
+icze4r.org, 1
+iczelion.tk, 1
+iczer.one, 1
+iczer.org, 1
+id-blog.ch, 0
+id-fxcm.com, 1
+id.atlassian.com, 0
+id.fedoraproject.org, 0
+id.mayfirst.org, 0
+id.search.yahoo.com, 0
+id.wine, 1
+id0.gr, 1
+id3global.com, 1
+id5-sync.com, 1
+id7.fr, 0
+idaeus.eu, 1
+idahoansforliberty.net, 1
+idahofalls.gov, 1
+idahohealth.tk, 1
+idahomushroomclub.org, 1
+idanie.cf, 1
+idar-oberstein.de, 0
+idaspis.com, 1
+idatalabs.com, 0
+idatownshipmi.gov, 1
+idawallen.com, 1
+idblab.tk, 1
+idbm.ch, 1
+idbs.com, 1
+idc-business.be, 0
+idc.yn.cn, 1
+idc95.com, 0
+idcat.cat, 1
+idcrawl.com, 1
+idcrushermachine.ga, 1
+idctechnologies.com, 1
+idcwr.com, 1
+iddaatahmin11.com, 1
+iddaatahminleri.com.tr, 1
+iddconnect.com, 1
+iddconnect.org, 1
+iddportugal.pt, 1
+idea.ws, 1
+ideadozz.hu, 1
+ideageek.net, 1
+ideagenpentana.com, 1
+ideahub.tk, 1
+ideahubnepal.org, 1
+ideaklinik.com, 1
+ideaklinikbursa.com, 1
+ideaktiv.com, 1
+ideal-reality.com, 1
+ideal-social.com, 1
+ideal.shop, 1
+idealabs.tk, 1
+idealadvogadosbh.com.br, 1
+idealbet.it, 1
+idealbody.cf, 1
+idealbody.gq, 1
+idealcontabilidade.net, 0
+idealdedetizadorabh.com.br, 1
+idealimobiliariabh.com.br, 1
+idealize.ml, 1
+idealmature.com, 1
+idealmilf.com, 1
+idealnastrona.pl, 1
+idealni-hypoteka.cz, 1
+idealog.id, 1
+idealresponse.co.uk, 1
+idealsegurancaeletronica.com.br, 1
+idealserralheriabh.com.br, 1
+idealtruss.com, 1
+idealtruss.com.tw, 1
+idealucedifilippi.it, 1
+idealwhite.space, 1
+idealwifes.com, 1
+ideaplex.ca, 1
+ideas.com, 0
+ideasdigitales2025.es, 1
+ideasenfoto.com, 0
+ideashop.com, 1
+ideasinlab.com, 1
+ideau.pl, 1
+ideaweb.de, 1
+ideaweblab.com, 0
+idec.com, 1
+idee-geschenk.eu, 1
+idee-lq.at, 1
+idee-lq.ch, 1
+idee-lq.com, 1
+idee-lq.de, 1
+idee-lq.net, 1
+ideefactory.de, 1
+ideericette.it, 1
+ideesrecettes.net, 1
+idehvector.com, 1
+ideiasefinancas.com.br, 1
+ideice.gob.do, 1
+idemo.in, 1
+iden-tt.com, 1
+iden-tt.net, 1
+iden-tt.org, 1
+idenamaislami.com, 1
+idensys.nl, 1
+ident-clinic.be, 1
+identa.io, 1
+identassist.com, 1
+identeco.de, 1
+identifyme.net, 1
+identifytag.com, 1
+identigraf.center, 1
+identity-hash.online, 1
+identity-inspector.com, 0
+identity-project.com, 1
+identity.aero, 1
+identity.plus, 1
+identityexperts.co.uk, 1
+identityflashmob.com, 1
+identitykrisis.com, 1
+identitysandbox.gov, 1
+identityswapers.ga, 1
+identityswapest.ga, 1
+identitytheft.gov, 1
+ideologiaycultura-ap.tk, 1
+ideorealm.tk, 1
+idered.net, 1
+ides.co.jp, 1
+idesign.tk, 1
+idesoft.cloud, 1
+idesoft.com, 1
+idesoft.eu, 1
+idesoft.info, 1
+idesoft.net, 1
+idesoftinnovacion.com, 1
+idesoftinnovacion.es, 1
+idev-hub.com, 1
+idev.games, 1
+idevicesinc.com, 1
+idexxpublicationportal.com, 1
+idf64.com, 1
+idf64.org, 1
+idfc.gov, 1
+idgr.de, 1
+idheastudio.com, 1
+idhl.fr, 1
+idhosts.co.id, 1
+idigovs.com, 0
+idinby.dk, 1
+idiomasdelmundo.tk, 1
+idiomasdominados.tk, 1
+idioteque.tk, 1
+idjnow.com, 1
+idkidknow.com, 1
+idleleo.com, 1
+idlemon.net, 1
+idlethoughtsandramblings.com, 1
+idlewildflowers.com, 1
+idlxb.com, 1
+idmanagement.gov, 1
+idmaster.ml, 1
+idmobile.co.uk, 1
+idmod.org, 1
+idn.gov.pt, 0
+idndomain.tk, 1
+idndx.com, 1
+idnic.net, 1
+idohost.tk, 1
+idol-bikes.ru, 1
+idolf.dk, 1
+idolfap.com, 1
+idolish7.fun, 0
+idoljp.com, 1
+idonthaveawebsite.tk, 1
+idontplaydarts.com, 1
+idoparadoxon.hu, 1
+idoxus.de, 1
+idp.onl, 1
+idraetsmusik.dk, 1
+idratherbequilting.com, 1
+idraulico-roma.it, 1
+idraulico.roma.it, 1
+idream-solutions.co.uk, 0
+idrissi.eu, 1
+idroot.us, 1
+idropulsoredentale.shop, 1
+idsafe.co.za, 1
+idsc.com.tw, 1
+idsconsulting.co.nz, 1
+idstudio.tk, 1
+idta.com.au, 1
+idtechnowizard.com, 1
+idtheft.gov, 1
+idtrkarnal.com, 1
+iduntownshipmn.gov, 1
+idvchile.cl, 1
+idventure.de, 1
+idvl.de, 1
+idweblog.com, 1
+idwebsitehosting.com, 1
+idwebtools.tk, 1
+idxforza.com, 1
+idyl.fr, 1
+idysse.com, 1
+ie.edu, 1
+ie.search.yahoo.com, 0
+ieach.com, 1
+ieeesb.nl, 1
+ieeesbe.nl, 1
+ieeespmb.org, 1
+iegat.com, 1
+iegatpracticetest.com, 1
+ieiscccuba.tk, 1
+ieji.de, 1
+iemail.eu.org, 1
+iemb.cf, 1
+iemc.pt, 1
+iemsamex.com, 1
+ienakacs.jp, 1
+ienakanote.com, 0
+ienekolife.net, 1
+ienergizer.com, 1
+ieomidi.com, 1
+iepaiement.fr, 1
+iepanywhere.com, 1
+ieros.it, 1
+ies-italia.it, 0
+iesonline.co.in, 1
+iesucreipi.edu.co, 1
+iet.co.za, 1
+ieti.eu, 1
+ieval.ro, 1
+ievgenialehner.com, 1
+iewar.com, 1
+iexaminer.org, 1
+iexpats.com, 1
+if-sikkerhet.no, 1
+if0.ru, 1
+ifacservice.be, 1
+ifadian.club, 1
+ifailed.tk, 1
+ifailedlife.tk, 1
+ifaisalmukhtar.tk, 1
+ifam-erfurt.de, 1
+ifan.ch, 0
+ifan.ws, 1
+ifangpei.cn, 1
+ifangpei.com.cn, 1
+ifasfest2022.com, 1
+ifbagro.in, 1
+ifcfg.jp, 1
+ifconfig.tk, 1
+ifdb.org, 1
+ifdif.com, 1
+ifederalland.com, 1
+ifelse.io, 1
+ifengge.cn, 1
+iffk.in, 1
+ifgcdn.com, 1
+ifh.cc, 1
+ifibe.com, 1
+ifisher.xyz, 1
+ifleurs.com, 1
+iflixtv.ga, 1
+iflscience.com, 1
+ifmilitaria.tk, 1
+ifmsa-lahore.tk, 1
+ifnet.fr, 1
+ifnulltrue.com, 1
+ifoa.it, 1
+ifohancroft.com, 1
+ifolder.ga, 1
+iforced.net, 1
+iformbuilder.com, 0
+ifort.fr, 1
+ifosep.fr, 0
+ifoss.me, 1
+ifpe.edu.br, 1
+ifrabb.fr, 1
+iframefinancement.be, 1
+ifreemax.ml, 1
+ifreetion.cn, 1
+ifreetion.com, 1
+ifriend.tk, 1
+ifsaalemi.tk, 1
+ifsac.org, 1
+ifsh.me, 1
+ift.cx, 1
+iftarsaati.org, 1
+iftcentre.com, 1
+iftrue.de, 0
+ifur.ga, 1
+ifwhenhow.org, 1
+ifworlddesignguide.com, 1
+ifxd.bid, 1
+ifxnet.com, 1
+ifyou.live, 1
+ig-plastik.tk, 1
+ig.com, 1
+ig.me, 1
+ig.solutions, 1
+iga-semi.jp, 1
+igad.int, 1
+igaku.com, 1
+igame.ml, 1
+igamingaffiliateprograms.com, 1
+igamingdirectory.com, 1
+igamingnews.com, 1
+igamingnyheder.dk, 1
+igamingpocketdirectory.com, 1
+igamingsuppliers.com, 1
+igarage.nl, 0
+igc.in.th, 1
+igdb.com, 1
+igdn.de, 1
+igenuinebeauty.co.jp, 1
+igforum.tk, 1
+igfwd.email, 1
+iggies.tk, 1
+igglabs.com, 1
+iggprivate.com, 1
+iggsoft.com, 1
+iggsoftware.com, 1
+igi-2.com, 1
+igi.codes, 0
+igiftcards.de, 1
+igiftcards.nl, 1
+igimusic.com, 0
+igiugig.gov, 1
+igiveyouthisday.com, 1
+igk.nz, 0
+igkabel.cf, 1
+igkabel.ga, 1
+igkabel.gq, 1
+igkabel.ml, 1
+igkabel.tk, 1
+iglesiabelen.tk, 1
+iglesiaquecamina.tk, 1
+igln.fr, 1
+igloballaw.com, 1
+iglobus.cz, 0
+igloocommunities.com, 1
+igloodigitalworkplace.ca, 1
+igloodigitalworkplace.com, 1
+igloodigitalworkplaces.ca, 1
+igloopartnerportal.com, 1
+igloopreview.ca, 1
+igloosandbox.com, 1
+iglosujemy.pl, 1
+igmedia.ir, 1
+igmus.org, 1
+ign-proprete.fr, 1
+ignace72.eu, 1
+ignaciolacruz.com, 1
+ignacjanskiednimlodziezy.pl, 1
+ignat-mag.com, 1
+ignat-torcov.tk, 1
+ignat.by, 1
+ignatij.tk, 1
+ignatovich.by, 1
+ignatovich.me, 1
+ignet.gov, 1
+ignite-reading.com, 1
+ignite.cz, 1
+ignitedmindz.in, 1
+igniteenergy.co.uk, 1
+igniteheatcool.com.au, 1
+ignytebrands.com, 1
+igocarwraps.com, 1
+igor-hristenko.tk, 1
+igor-usov.tk, 1
+igorandandre.com, 1
+igorlink.com, 1
+igorrealestate.com, 1
+igorshishkin.com, 1
+igorshishkin.ru, 1
+igorskyflyer.me, 1
+igorville.gov, 1
+igorvisi.com, 1
+igorvlasov.tk, 1
+igorvracar.com, 1
+igorw.org, 1
+igotoffer.com, 0
+igpwned.com, 1
+igra-prestol.tk, 1
+igra3k.tk, 1
+igram.io, 1
+igramming.com, 1
+igranit.md, 1
+igraonicalara.tk, 1
+igrarium.com.ua, 0
+igrek.co.jp, 1
+igrivi.com, 1
+igrodrom-kvest.tk, 1
+igromasikov.tk, 1
+igrovoi-klub.tk, 1
+igrun.com, 1
+igrun80.com, 1
+igrun88.com, 1
+igrunplay.com, 1
+igry-onlayn.ru, 1
+igryalawar.tk, 1
+igshop.ir, 1
+igsmgmt.com, 1
+igsoc.org, 1
+igt.com, 1
+igualdaton.org, 1
+iguanacruda.tk, 1
+iguru.gr, 1
+igust4u-archive.ga, 1
+igva.or.kr, 1
+ih8sn0w.com, 1
+iha6.com, 1
+ihacares.com, 1
+ihackear.com, 1
+ihacker.ai, 1
+ihakkitekin.com, 1
+ihatereceipts.com, 1
+ihatethissh.it, 1
+ihc.im, 1
+ihcprofile.com, 1
+ihdev.party, 1
+ihe-europe.net, 1
+iheartguys.com, 1
+iheartguys.net, 0
+iheartguys.org, 1
+iheatwithoil.com, 1
+ihempz.cz, 0
+ihersua.es, 1
+ihk-onlinewahl2021.de, 1
+ihkk.net, 1
+ihls.world, 0
+ihmc.us, 1
+ihmmarketing.com, 1
+ihmphila.org, 1
+ihmsp.org, 1
+ihonk.com, 1
+ihoofs.com, 1
+ihorizon.jp, 1
+ihorvorotnov.com, 1
+ihost.md, 1
+ihostup.net, 1
+ihouseu.com, 1
+ihr-finanzcockpit.de, 1
+ihr-hausarzt-kleinmachnow.de, 1
+ihre-ernaehrung.de, 1
+ihre-pflege-sachsen.de, 1
+ihrhost.com, 1
+ihri.ca, 1
+ihsangans.my.id, 1
+ihwanburhan.com, 1
+ii-vi.com, 1
+ii.cx, 1
+ii5197.co, 1
+ii6729.co, 1
+ii6729.com, 0
+ii6957.co, 1
+ii9297.co, 1
+ii9397.com, 0
+ii9721.com, 1
+ii9728.co, 1
+iid.sg, 1
+iidb.org, 1
+iideaz.org, 1
+iiet.pl, 1
+iig-order.com, 1
+iii-coalition.us, 1
+iiii.gq, 1
+iiii.loan, 1
+iiii.ml, 1
+iiij.ml, 1
+iiit.pl, 1
+iimarckus.org, 1
+iinehp.com, 1
+iinf.in, 1
+iinfin.org, 1
+iinix.com, 1
+iino-iina.co.jp, 1
+iiong.com, 1
+iipaynationofsantaysabel-nsn.gov, 1
+iipvapi.com, 1
+iipython.cf, 1
+iir.com, 1
+iis.net, 1
+iisjy.cn, 1
+iispeed.com, 1
+iisuss.gq, 1
+iitneetprep.com, 1
+iitowns.ir, 1
+iitranslation.com, 1
+iitrust.lk, 1
+iiwbr.org, 1
+ij.rs, 1
+ijaa.tn, 1
+ijemin.com, 1
+ijianli.cn, 1
+ijm.com, 1
+ijmondlijn.nl, 1
+ijmuiderstrand.tk, 1
+ijnokmpl.cf, 1
+ijohan.nl, 1
+ijsbaanwitten.nl, 1
+ijsblokjesvormen.nl, 1
+ijsclubtilburg.nl, 1
+ijsselglas.nl, 1
+ijubt.cf, 1
+ijunohana.jp, 1
+ijustwanttomeetmyheroes.com, 1
+ijzerwarenhandel.nu, 1
+ika.monster, 1
+ikachalife.com, 1
+ikall.com, 1
+ikama.cz, 1
+ikara.social, 1
+ikari-san.tk, 1
+ikaria.com.gr, 1
+ikaros.tk, 1
+ikarus-itkurs.de, 1
+ikasgela.com, 1
+ikazumitsu.tk, 1
+ikbenrichie.nl, 1
+ikeacareers.co.uk, 1
+ikebuku.ro, 1
+ikedaquotes.org, 1
+ikenmeyer.com, 1
+ikenmeyer.eu, 1
+ikerepc.tk, 1
+ikeyless.com, 1
+ikfloreer.nu, 1
+ikhwanfillah.com, 1
+ikikiv.com, 1
+ikiler.com, 1
+ikimo9.com, 1
+ikinokori-marketing.com, 1
+ikisser.de, 1
+ikiteker.org.tr, 1
+ikk-classic.de, 0
+ikk.me, 1
+ikkakujuku.work, 0
+ikkatsu-satei.jp, 1
+ikke-coach.nl, 1
+ikkev.de, 0
+ikkoku.de, 1
+iklan-baris.gq, 1
+iklan.tk, 1
+iklanbaris.tk, 1
+ikmx.net, 1
+iknowd.org, 1
+iknowthatgirl.com, 1
+ikoreg.nl, 1
+ikra24.in.ua, 1
+ikrab.club, 1
+iks.moe, 1
+iksi.cc, 1
+iksi.me, 1
+iksworld.kr, 1
+iktisatbank.com, 0
+ikudo.top, 1
+ikumi.us, 1
+ikutin.id, 1
+ikvts.de, 1
+ikwildjworden.com, 1
+ikwileendomein.tk, 1
+ikx.me, 1
+ikzoekeengoedkopeauto.nl, 1
+ikzoektim.nl, 1
+il12thcourt.gov, 1
+il2eu.com, 1
+ila.tw, 1
+ilab.health, 1
+ilac101.com, 1
+ilacrehberi.com, 1
+ilag.gov, 1
+ilamparas.at, 1
+ilamparas.co.uk, 1
+ilamparas.com, 1
+ilamparas.com.co, 1
+ilamparas.com.ve, 1
+ilamparas.mx, 1
+ilard.fr, 1
+ilasoft.net, 1
+ilaunch.co.za, 1
+ilawgix.com, 1
+ilazycat.com, 1
+ilbiglietto24.eu, 1
+ilbiscottificiodipamparato.it, 1
+ilc552.com, 1
+ilc553.com, 1
+ilchaos.com, 1
+ilconiglioblu.it, 1
+ilcorrieredellacitta.com, 1
+ilcourthelp.gov, 1
+ilctucson.com, 1
+ildepu.tk, 1
+ildigitale.it, 1
+ildisagio.tk, 1
+ildomani.it, 1
+ile-kalorii.pl, 1
+ile-sapporo.jp, 1
+ilearned.eu, 1
+ilearningengines.com, 1
+ileat.com, 1
+ileci.de, 1
+ileduguesclin.fr, 1
+ilektronika-farmakeia-online.gr, 1
+ilemonrain.com, 1
+ileonidze.tk, 1
+ilericikadinlar.org, 1
+iletisimmakinesi.com, 1
+ilformichiere.com, 1
+ilfumoshop.ru, 1
+ilg.ink, 1
+ilgazhaliyikama.com, 1
+ilgisaglik.com, 1
+ilhan.name, 1
+ilhansubasi.com, 1
+ilhombek.ml, 1
+iliad78.net, 1
+iliamna.media, 1
+iliastsi.net, 1
+ilienonline.com, 1
+ilife.bg, 1
+iligang.cn, 1
+iligang.com, 1
+iligang.com.cn, 1
+iligang.link, 1
+iligang.net, 1
+iligang.xin, 1
+ilikepenguins.tk, 1
+ilikezo.tk, 1
+ilimar.tk, 1
+ilimitar.tk, 1
+ilin.dk, 1
+ilin.xyz, 1
+iliny.hu, 1
+ilionsky.com, 1
+iljadr.be, 1
+ilkeakyildiz.com, 1
+illaadventure.com, 1
+illadrodimerendine.it, 1
+illafuture.com, 1
+illambias.ch, 0
+illange.info, 1
+illative.net, 1
+illavobuempliz.ch, 1
+illegalpornography.com, 1
+illegalpornography.me, 1
+illerzell.de, 1
+illich.cz, 1
+illicitart.ca, 1
+illicopresto.net, 1
+illimitmail.com, 1
+illinitechservice.com, 0
+illinoiscaselaw.com, 1
+illinoiscourtscommission.gov, 1
+illinoiseagle.com, 0
+illinoishealth.tk, 1
+illjinx.info, 1
+illnation.tk, 1
+illogical-gaming.at, 1
+illorenese.fr, 1
+illsley.org, 1
+illu.ee, 1
+illubel.com, 1
+illumed.net, 1
+illumepgh.com, 0
+illuminated-security.com, 1
+illuminatelife.tk, 1
+illuminaten.tk, 1
+illuminationis.com, 1
+illuminatisocietyworldwide.org, 1
+illuminatiwatcher.com, 1
+illumini.io, 1
+illumis.com, 0
+illusia.tk, 1
+illusionephemere.com, 0
+illusionsdoptique.com, 1
+illusionsix.com, 1
+illusionunlimited.com, 1
+illusiveshop.com, 1
+illustrate.biz, 1
+illuxat.com, 1
+ilmaestro.net, 1
+ilmainensanakirja.fi, 1
+ilmanifesto.it, 0
+ilmcorp.com, 1
+ilmiogiardiniere.it, 1
+ilmubahasainggris.com, 1
+iloft.xyz, 1
+iloli.name, 1
+ilona-france.tk, 1
+ilondres.es, 1
+ilonewolfs.com, 1
+ilonpolku.fi, 1
+ilouis.cn, 0
+ilove.fish, 1
+ilovecomputering.com, 1
+ilovefanyi.win, 1
+ilovefun.tk, 1
+iloveherb.ru, 1
+ilovelwy.com, 1
+iloveporn.ml, 1
+ilovesamara.tk, 1
+ilovesnow.ml, 1
+ilovestickers.gr, 1
+ilovethiscampsite.com, 1
+ilovewallpaper.tk, 1
+iloveyoutoo.tk, 1
+ilovias-farm.fr, 1
+ilpapaverodermohn.it, 1
+ilpescara.it, 1
+ilpiacenza.it, 1
+ilpuntosano.it, 1
+ilrg.com, 1
+ils-savaient.fr, 1
+ils.lt, 1
+ilsalvagente.it, 1
+ilsaperedelgusto.it, 1
+ilsedelangeforum.tk, 1
+iltec.ru, 1
+iltis.live, 1
+iltis.rocks, 1
+iltombolo.tk, 1
+iltuogiardino.org, 1
+ilug-ktm.tk, 1
+iluman.tk, 1
+ilumantio.tk, 1
+ilunion.tk, 1
+ilusionesopticas.net, 1
+ilusionistas.tk, 1
+ilusionphoto.com, 1
+ilusoesopticas.com, 1
+ilustradanuvem.pt, 1
+ilya-potemin-domain.tk, 1
+ilya.pp.ua, 1
+ilyabakhlin.com, 1
+ilyatsykunov.com, 1
+im-a.cricket, 1
+im-alter-daheim.ch, 0
+im-c-shop.com, 1
+im-haus-sonnenschein.de, 1
+im-in.space, 1
+im-internet-geld-verdienen.tk, 1
+im-razmakh.ru, 1
+im-s.net, 1
+im4h.de, 1
+im4h.eu, 1
+im4h.info, 1
+im66.net, 1
+ima-solutions.fr, 1
+imadalin.ro, 1
+image-cdn.co.uk, 1
+image-drive.de, 1
+image.hosting, 1
+image.ie, 1
+image.tf, 1
+image4arab.tk, 1
+imagealbums.tk, 1
+imagebin.ca, 1
+imagecom.tk, 1
+imagefu.com, 1
+imagen891.tk, 1
+imagenesdedibujosalapizfacilesdehacer.com, 1
+imageproductions.ga, 1
+imagequix.com, 1
+imagerecall.tk, 1
+imagerestorationcenter.com, 1
+imagerive.ch, 0
+imageshare.web.id, 1
+imagetostl.com, 1
+imagevillage.ir, 1
+imageworld.tk, 1
+imagex.graphics, 1
+imaginair.es, 1
+imaginarium.tk, 1
+imaginary.ca, 1
+imaginary.stream, 1
+imaginarymakings.me, 1
+imaginationpathway.com, 1
+imagine-programming.com, 1
+imaginebelfast.com, 1
+imaginelab.club, 1
+imagineokla.gov, 1
+imaginescape.tk, 1
+imaginethatevent.com, 1
+imaginethefloor.tk, 1
+imaginetricks.com, 1
+imagingstudio.co.uk, 0
+imagisphe.re, 1
+imajavm.com, 1
+imajjeans.com, 1
+imakash.gq, 1
+imakeyougreatagain.com, 1
+imakin.nl, 1
+imamenu.com, 1
+imamiyadental.jp, 1
+imanageproducts.co.uk, 1
+imanageproducts.com, 1
+imanageproducts.uk, 1
+imanolbarba.net, 1
+imanoles.ddns.net, 1
+imap.support, 1
+imap2imap.de, 1
+imaple.net, 1
+imaple.org, 1
+imara-reiki.de, 1
+imaret.com.tr, 1
+imarkethost.co.uk, 1
+imarketing.pe, 1
+imarketly.com, 1
+imask.ml, 1
+imask.tk, 1
+imatraelekter.ee, 1
+imawasn-consulting.com, 1
+imaya.tk, 1
+imbd-pro.net, 1
+imbdagency.com, 1
+imbianchino.roma.it, 1
+imbit.tk, 1
+imboom.tk, 1
+imbrian.org, 1
+imbunatatiri-logan.tk, 1
+imbushuo.net, 1
+imck.ml, 1
+imcsi.cn, 1
+imdaadapp.com, 1
+imdb, 1
+imdb-pro.com, 1
+imdb-pro.net, 1
+imdb.com, 1
+imdb.me, 1
+imdb.pro, 1
+imdbpro.com, 1
+imdbresume.com, 1
+imdcc.net, 1
+ime-a-tolerancia-eredmenye.club, 1
+ime.moe, 1
+imed.com.pt, 1
+imed.pt, 1
+imedhospital.es, 1
+imedi.it, 1
+imediabay.com, 1
+imediafly.com, 1
+imediato.pt, 1
+imediatoonline.com, 1
+imedikament.de, 1
+imeria.tk, 1
+imerys-mineraux-decoratifs.com, 1
+imesh-light.tk, 1
+imex-dtp.com, 1
+imexm.mx, 1
+imexmed.com.gt, 1
+imfacademy.com, 1
+imfblog.com, 1
+imforza.com, 1
+img.cm, 1
+img.mg, 1
+img.ovh, 1
+img.ren, 1
+imgaa.com, 1
+imgbb.com, 1
+imgen.top, 1
+imgencrypt.com, 1
+imgg.es, 1
+imgmodels.com, 1
+imgo.ga, 1
+imgo.tk, 1
+imgup.co, 1
+imguploaden.nl, 1
+imhua.com, 1
+imi-rhapsody.eu, 0
+imibo.com, 1
+imicroscope.tk, 1
+imidge.com.ua, 1
+imigrasilampung.co.id, 1
+imin.co, 1
+imine.ru, 1
+iminshell.com, 0
+imirhil.fr, 1
+imis.com.br, 1
+imisa.com.mx, 1
+imisto.net, 1
+imitationjewelry.tk, 1
+imitza.com, 0
+imjo.in, 1
+imjustcreative.com, 1
+imkan.tours, 1
+imkero.net, 1
+imkerverein-moenchswald.de, 1
+imkindofabigdeal.com, 1
+imksk.com, 1
+imlbp.com, 1
+imlbp.eu.org, 1
+imlec.net, 1
+imlhx.com, 1
+imlinan.cn, 1
+imlinan.info, 1
+imlinan.net, 1
+imlloyd.yt, 1
+imlonghao.com, 1
+imls.gov, 1
+immanuellutheranmedia.org, 1
+immarypoppinsyall.tk, 1
+immaterium.de, 1
+immbruxelles.com, 1
+immedia.net, 1
+immedicohospitalario.es, 1
+immense.ly, 1
+immersa.co.uk, 1
+immersionclub.tk, 1
+immersionwealth.com, 1
+immersivewebportal.com, 1
+immiboards.com, 1
+immigrantdad.com, 1
+immigration-lawyers.co.nz, 1
+immigrationdirect.com.au, 1
+immijobs.co.uk, 1
+immo-agentur.com, 1
+immo-express.ag, 1
+immo-express.biz, 1
+immo-express.info, 1
+immo-israel.ltd, 1
+immo-les-allees.com, 1
+immo-ment.eu, 1
+immo-passion.net, 0
+immo-spezial.eu, 1
+immo-spezial.org, 1
+immoaval.mobi, 1
+immobiliarecolazzo.it, 1
+immobilien-badlippspringe.de, 1
+immobilien-in-istanbul.de, 1
+immobilien-schrammek.de, 1
+immobilien-suedtirol.bz.it, 1
+immobilien-uster.ch, 1
+immobilien-wallat.de, 1
+immobilien-zirm.de, 1
+immobiliengutachter-holland.de, 1
+immobilienmakler-berlin-biesdorf.de, 1
+immobilienmakler-berlin-kaulsdorf.de, 1
+immobilienmakler-berlin-mahlsdorf.de, 1
+immobiliensachverstaendiger-ludwigsburg.de, 1
+immobiliensachverstaendiger-waiblingen.de, 1
+immobilienservice-website.de, 1
+immobilier-realiste.fr, 1
+immobilier-swiss.ch, 1
+immobilier.org.il, 1
+immobilier92.net, 1
+immobilierlibourne.com, 1
+immobilo.de, 1
+immocompar.com, 1
+immoel101.com, 1
+immoexpress.org, 1
+immoisrael.agency, 1
+immoisrael.be, 1
+immoisrael.ch, 1
+immoisrael.co.il, 1
+immoisrael.com, 0
+immoisrael.de, 1
+immoisrael.eu, 1
+immoisrael.fr, 1
+immoisrael.ltd, 1
+immoisrael.lu, 1
+immoisrael.net, 1
+immoisrael.nl, 1
+immoisrael.org, 1
+immoisrael.org.il, 1
+immomydesk.fr, 1
+immoraldoctors.tk, 1
+immortal-it.tk, 1
+immortal.org.in, 1
+immortal.run, 1
+immortalcorporation.tech, 1
+immortallove.tk, 1
+immortec.com, 1
+immortol.tech, 1
+immortuos.live, 1
+immospezial.info, 1
+immovisual.be, 1
+immtel.co, 1
+immtel.com, 1
+immune.cf, 1
+immunoboost.be, 1
+immutable.com, 1
+imoads.com, 1
+imobile3.com, 1
+imobiliare.tk, 1
+imobiliariaemblumenau.com.br, 1
+imobiliariamax.com.br, 1
+imobiliariamoema.com.br, 1
+imobiliariaprofit.com.br, 1
+imobiliariarealdream.com.br, 1
+imobilien.tk, 1
+imoe.fun, 0
+imokuri123.com, 1
+imolights.com, 1
+imolights.net, 1
+imolog.cl, 1
+imoner.com, 1
+imoner.ga, 1
+imoneynet.com, 1
+imorano.it, 1
+imosthailand.com, 1
+imouto.ru, 1
+imouyang.com, 0
+imoveisavenda.rio.br, 1
+impact-lyon.fr, 1
+impact-visual.tk, 1
+impact.com, 1
+impact.health.nz, 1
+impactartstudy.com, 1
+impactcomics.com.au, 1
+impactdepth.com, 1
+impacter.eu, 1
+impactovenezuela.com, 1
+impactparcels.co.uk, 1
+impactparcels.com, 1
+impactpub.ch, 0
+impactyou-academy.nl, 1
+impactyou.nl, 1
+impakho.com, 1
+impalaparts.com, 1
+imparat.de, 0
+imparostobene.it, 1
+impartner.com, 1
+impas.se, 1
+impec-cable.com, 1
+impeka.in, 1
+impelup.com, 1
+impendulo.org, 1
+imperator-janssens.tk, 1
+imperdin.com, 1
+imperdintechnologies.com, 1
+imperial-legrand.com, 1
+imperialcounty.org, 1
+imperialearth.com, 1
+imperialfenceinc.com, 1
+imperialfencestlouis.com, 1
+imperialism.rip, 1
+imperialmetalproducts.com, 1
+imperialne.gov, 1
+imperials.family, 1
+imperialteam.tk, 1
+imperialwrestling.tk, 1
+imperiodamodamiranda.com.br, 1
+imperiodeleones.cl, 1
+imperiodigital.online, 1
+imperiodosvinhos.com.br, 1
+imperioth.com, 1
+imperiumnova.info, 1
+imperivm-romanvm.com, 1
+imperiyashop.tk, 1
+impermeabilisationqc.com, 1
+impex.com.bd, 1
+impexul.de, 1
+impf.site, 1
+impfung.cf, 1
+impfung.site, 1
+imphotep.net, 1
+impianti.it, 1
+impiantistica.org, 1
+impiantofotovoltaico.roma.it, 1
+impiricus.com, 1
+implantologiadentalgt.com, 1
+implosion.tk, 1
+implude.com, 0
+impns.org, 1
+imponet.com.ar, 1
+import-shopping.de, 1
+importanteducation.tk, 1
+importsagt.com, 1
+importsem.com, 1
+importsign.com, 1
+imposingoods.com, 1
+impossible.org, 1
+impossiblechoisir.tk, 1
+impossiblehq.com, 1
+impossiblenutrition.com, 1
+impossiblex.com, 1
+impotsimple.ca, 1
+imppac-schmuck.de, 1
+imppac.de, 1
+impreg-group.com, 1
+imprenditore.it, 1
+imprendo.co, 1
+imprendo.pro, 1
+imprensaglobal.com.br, 1
+imprensaglobal.org, 1
+imprenta-es.com, 1
+imprenta.bg, 1
+imprentamanonelles.com, 1
+impresa-di-pulizie.milano.it, 1
+impresa-di-pulizie.org, 1
+impresa-pulizie.it, 1
+impresadipulizia.milano.it, 1
+impresadipulizia.roma.it, 1
+impresadipulizie.roma.it, 1
+impresadipulizieantonella.com, 1
+impresaedile.roma.it, 1
+impresaitalia.info, 1
+impresapulizia.milano.it, 1
+impresapuliziacleanproject.it, 1
+impresapulizie.firenze.it, 1
+impresapulizie.it, 1
+impresapulizie.milano.it, 1
+impresapulizie.roma.it, 1
+impresapuliziebergamo.it, 1
+impressao3d.ml, 1
+impressivebison.eu, 0
+impressivetitle.tk, 1
+imprezer.tk, 1
+imprezzor.com, 1
+imprimante-3d-store.fr, 1
+improbo-group.com, 1
+improd.works, 1
+improfestival.ee, 1
+improv.ee, 1
+improvebusinessonline.info, 1
+improved-madness.de, 1
+improvenerg.com, 1
+improvetoyourself.ga, 1
+improveyourvision.tk, 1
+improvingsleepnaturally.com, 1
+imprumutdeurgenta.ro, 1
+impudence.tk, 1
+impuls.tk, 1
+impulse-clan.de, 1
+impulsewebdesign.nl, 1
+impulsionsa.com, 0
+impulsocristiano.com, 1
+imququ.com, 1
+imranc.ca, 1
+imranhossen.ml, 1
+imransarwar.com, 1
+imrbq.com, 1
+imreh.net, 1
+imro.ie, 1
+imrozrum.k12.tr, 1
+imrunner.com, 1
+imrunner.ru, 1
+ims-sargans.ch, 1
+imsace.tk, 1
+imstocker.com, 1
+imtec-rohr.de, 1
+imtikai.ml, 1
+imtikaib.ml, 1
+imtools.gq, 1
+imunify360.com, 1
+imusionforum.tk, 1
+imwalking.de, 1
+imy.rs, 0
+imyjy.cn, 1
+imzhu.com, 1
+imzye.me, 1
+in-1xbet.com, 1
+in-bachelor.de, 1
+in-books.tk, 1
+in-crypto.tk, 1
+in-depth.wiki, 1
+in-depthoutdoors.com, 1
+in-flame-team.com, 1
+in-flames.com, 1
+in-line.ru, 1
+in-love.tk, 1
+in-star.com.ua, 1
+in-ua.com, 1
+in.search.yahoo.com, 0
+in.xero.com, 0
+in10tion.com, 0
+inaji.com, 1
+inakasoftware.com, 1
+inakipsikologoa.com, 1
+inalvittile.cf, 1
+inalvittile.ga, 1
+inalvittile.ml, 1
+inalvittile.tk, 1
+inanaji.ga, 1
+inanam.tk, 1
+inanan.cf, 1
+inandoutcarwashcharleston.com, 1
+inanec.gq, 1
+inaned.ga, 1
+inaproc.id, 1
+inara.cz, 1
+inares.org, 1
+inarizona.tk, 1
+inawisdom.com, 1
+inbetweenathome.nl, 1
+inbitcoin.it, 1
+inblank.tk, 1
+inbound.tk, 1
+inbounder.io, 0
+inbox.google.com, 1
+inboxceo.com, 1
+inboxen.org, 1
+inboxsms.tk, 1
+inboxxme.com, 1
+inc-news.ru, 1
+incarceratedwombats.com, 1
+incarter.ga, 1
+incaweb10.es, 1
+ince.tools, 1
+inceif.edu.my, 1
+incels.is, 1
+incels.wiki, 1
+inceneritore.ga, 1
+incent-fit.co, 1
+incent-fit.com, 1
+incent.fit, 1
+incent.fitness, 1
+incentafit.co, 1
+incentea.com, 1
+incentefit.co, 1
+incentehealth.com, 1
+incentfitness.com, 1
+incentifit.co, 1
+incentihealth.com, 1
+incentivefit.com, 1
+incentivi.it, 1
+incentofit.com, 1
+inceptionband.tk, 1
+incert.cn, 1
+incertint.com, 1
+inchargeus.net, 1
+inchcape-fleet-autobid.co.uk, 1
+inchenaim.com, 1
+inchidi.id, 1
+incident.dk, 1
+incidentresponsesolution.com, 1
+incidentresponsesystem.com, 1
+includesubdomains.preloaded.test, 1
+includesubdomains2.preloaded.test, 1
+inclusion.tn, 1
+inclusionhcpa.org, 1
+inclusiv.nl, 0
+incnjp.com, 1
+incognito.org.uk, 1
+incoherent.ch, 1
+income-earnings.tk, 1
+incomeestatellc.com, 1
+incomeplus.tk, 1
+incometaxbengaluru.org, 1
+incometaxindia.gov.in, 1
+incometricks.tk, 1
+incomewithdraw.tk, 1
+incomfinance.tk, 1
+incommon.io, 1
+incompliance.de, 1
+inconkz.com, 1
+inconsciente.tk, 1
+incontactmetjezelf.nl, 1
+inconvietnam.vn, 1
+incore.com, 1
+incorp.asia, 1
+incorporatedstyle.com, 1
+incowrimo.org, 1
+incpak.com, 1
+incredibilis.tk, 1
+incrediblenews.tk, 1
+incrediblez.tk, 1
+increment.com, 1
+incrementation.net, 0
+increso.it, 1
+increyble.com, 1
+incrom.com, 0
+inculate.tk, 1
+incurvy.de, 1
+ind.ie, 1
+indamail.hu, 1
+indata42.nl, 1
+indatable.com, 1
+indecente.tk, 1
+indeika.ml, 1
+indeksonline.tk, 1
+indemer.mc, 1
+indenturaswork.lt, 1
+independenceia.gov, 1
+independenceliveers.ga, 1
+independenceliveest.ga, 1
+independencerecovery.com, 1
+independent-bank.com, 1
+independent-operators.com, 1
+independent-photo.com, 1
+independentadvicefinancial.ga, 1
+independentbookshopers.ga, 1
+independentbookshopest.ga, 1
+independentfinancial.ga, 1
+independentmoneyadvice.ga, 1
+independentpartyofamerica.tk, 1
+independenttravelcats.com, 1
+independenttribune.com, 1
+independenza.tk, 1
+independesk.com, 1
+indevelopment.tk, 1
+index-education.com, 1
+index-education.net, 1
+index-games.com, 1
+index.law, 1
+indexbase.ru, 1
+indexcesmad.cz, 1
+indexhost.tk, 1
+indexmarket.ga, 1
+indexmarket.gq, 1
+indexmod.gq, 1
+indexpert.es, 1
+indexsalaire.be, 1
+india-1xbet.com, 1
+india-ennenga.ga, 1
+india-export.com.ua, 1
+indiada.ru, 1
+indiaexamresult.in, 1
+indiaexport.com.ua, 1
+indiaflowermall.com, 1
+indiafm.tk, 1
+indiainteriors.in, 1
+indiainvestments.wiki, 1
+indiamistress.tk, 1
+indian-elephant.com, 1
+indian-health-news.com, 1
+indianaberry.com, 0
+indianacareerconnect.com, 1
+indianaffairs.gov, 1
+indianahealth.tk, 1
+indianajail.gov, 1
+indianapolismet.org, 1
+indianapolisnews.ml, 1
+indianapolispsychologistsers.ga, 1
+indianapolispsychologistsest.ga, 1
+indianapolisrestorations.com, 1
+indianareflux.com, 1
+indianawaterdamagerepairpros.com, 1
+indianbank.in, 1
+indianbeauty.ml, 1
+indianbridalservices.com, 1
+indianbrides.cf, 1
+indiancreekvillagepdfl.gov, 1
+indianculture.gov.in, 1
+indiandramasonline.tk, 1
+indianengineer.tk, 1
+indianet.tk, 1
+indiangamingreport.com, 1
+indianhairextension.tk, 1
+indianhelpline.in, 1
+indianhill.gov, 1
+indianlakepa.gov, 1
+indianmasala4u.tk, 1
+indianporn2.xxx, 1
+indianrelaypodcast.com, 1
+indianriver.gov, 1
+indiantechhunter.tk, 1
+indianvirginhumanhair.tk, 1
+indianwarriors.tk, 1
+indianwellsca.gov, 1
+indianwomen.cf, 1
+indiapost.com, 1
+indiapostgdsonline.gov.in, 1
+indiatechblogger.cf, 1
+indiatourhelp.tk, 1
+indiatravel.ml, 1
+indiaviral.ga, 1
+indiavotekar.com, 1
+indiawise.co.uk, 1
+indiaworlddigital.tk, 1
+indicatifs.fr, 1
+indico.tk, 1
+indicodata.ai, 1
+indicure.com, 1
+indie.dog, 1
+indiecat.tk, 1
+indieethos.com, 0
+indiemovementers.ga, 1
+indiemovementest.ga, 1
+indiereview.tk, 1
+indievelopment.nl, 1
+indieweb-endpoints.cc, 1
+indieweb.rocks, 1
+indigartbeading.ca, 1
+indigartbeading.com, 1
+indigenous.gov.au, 1
+indigestiblesuppuration.tk, 1
+indignes-strasbourg.tk, 1
+indigo.pet, 1
+indigo.tk, 1
+indigobooks.gq, 1
+indigojewelers.com, 1
+indigopaints.be, 1
+indigosakura.com, 1
+indigterms.com, 1
+indihome.co.id, 1
+indika.pe, 1
+indilens.com, 1
+indimike.tk, 1
+indioca.gov, 1
+indir2017.tk, 1
+indirhadi.tk, 1
+indirimkuponumarketim.com, 1
+indironline.com, 1
+inditip.com, 1
+inditoot.com, 1
+indivicloud.me, 0
+individualobligation.com, 1
+individuals.tk, 1
+indiwebawards.tk, 1
+indiwtf.com, 1
+indiya-kino.gq, 1
+indiya-land.ru, 1
+indlish.ga, 1
+indnews.ga, 1
+indo-wiki.fr, 1
+indo4life.tk, 1
+indobo.com, 1
+indobrains.id, 1
+indochinatravel.tk, 1
+indodax.com, 1
+indoetis-surneli.ga, 1
+indoface.ga, 1
+indofountain.tk, 1
+indogenius.org, 1
+indogermantrade.de, 1
+indoglobenews.co.id, 1
+indoidnews.ga, 1
+indoittraining.com, 0
+indonesiatrip.tk, 1
+indonesiax.co.id, 1
+indoor-kletterwald.de, 1
+indoorlandmarks.com, 1
+indopress.tk, 1
+indorepack.com, 1
+indospot.ml, 1
+indospot.tk, 1
+indotravels.tk, 1
+indovinabank.com.vn, 1
+indovision.tk, 1
+indramas.tk, 1
+indramdhani.net, 0
+indranesia.tk, 1
+indraq.tk, 1
+indreams.me, 1
+indtwpmi.gov, 1
+induehorse.co.uk, 1
+indumar.com, 1
+indumentaria-arabe.tk, 1
+indusap.com, 1
+indusfastremit-us.com, 1
+indust.me, 1
+industreiler.com.br, 1
+industriafranchini.com, 1
+industrial-remote-control.com, 1
+industrial-ventilation.eu, 1
+industrialalpinism.tk, 1
+industrialcalibration.co.uk, 1
+industrialcomputers.com, 1
+industrialcontainer.com, 1
+industrialgassprings.com, 1
+industrialprecisionmfg.com, 1
+industrilokal.com, 1
+industrydecarbonization.com, 1
+industryoutlaws.tk, 1
+industryskillsaustralia.org.au, 1
+indyandmeskincare.com.au, 1
+indybay.org, 1
+indyperio.com, 1
+indyroom.tk, 1
+indyscouts.tk, 1
+ineardisplay.com, 0
+inebula.it, 1
+ineedmore.domains, 1
+ineffect.net, 1
+inefin.tk, 1
+ineight.com, 1
+inertianetworks.com, 1
+inery.io, 1
+inesfinc.es, 1
+inesnutricion.com, 1
+inessoftsec.be, 1
+inet.se, 1
+inetdesign.tk, 1
+inethost.eu, 1
+inetinfo.io, 1
+inetol.net, 1
+inetserver.eu, 1
+inetsoftware.de, 1
+inetuser.tk, 1
+inetworking.it, 1
+ineuron.ai, 1
+inevitavelbrasil.com.br, 1
+inevo.com, 1
+inevo.no, 1
+inews.bg, 1
+inewsten.com, 1
+inex.one, 0
+inexlog.fr, 1
+inexpensivecomputers.net, 1
+ineztheminiatureelephant.com, 1
+inf-fusion.ca, 1
+inf-it.com, 1
+inf0sec.nl, 1
+infalaw.com, 1
+infamousguild.tk, 1
+infans.be, 1
+infantry.org.ua, 1
+infarktniki.ru, 1
+infarmbureau.com, 1
+infcloud.com, 1
+infectedvoice.tk, 1
+infecyon.tk, 1
+infelix.tk, 1
+infelko.ru, 1
+inference.biz.tr, 1
+inferencium.net, 1
+inferiousbypasser.cf, 1
+infermiere.roma.it, 1
+inferse.com, 1
+infertilitycure.tk, 1
+inffin-portal.com, 1
+inffin-portal.de, 1
+infhosting.com.au, 1
+inficom.org, 1
+infidel.org, 1
+infidels.me, 1
+infidels.org, 1
+infidia.tk, 1
+infiernoalgecireno.tk, 1
+infihow.com, 1
+infinan.ru, 1
+infineon-bipolar.com, 1
+infinether.net, 1
+infinifit.store, 1
+infinipharm.com, 1
+infinite.com, 1
+infiniteautomation.com.au, 1
+infiniteid.com, 1
+infinitelightofbeing.org, 1
+infinitenews.cf, 1
+infinitenews.ml, 1
+infinitescript.com, 1
+infiniteserieslabs.com, 1
+infinitiofallentownparts.com, 1
+infinitiofaugustaparts.com, 1
+infinitioflynnwoodparts.com, 0
+infinitiofmarinparts.com, 1
+infinitipartsdeal.com, 1
+infinito.tk, 1
+infinitomarca.com, 1
+infinitoporciento.tk, 1
+infinity-computer-systems.com, 1
+infinitybas.com, 1
+infinitybc.se, 1
+infinitybooksindia.in, 1
+infinitybots.gg, 1
+infinitycleaningsolutionsfl.com, 1
+infinityels.com, 1
+infinityengine.org, 1
+infinityepos.co.uk, 1
+infinityfaces.tk, 1
+infinityname.tk, 1
+infinityonce.ml, 1
+infinityrecruitinggroup.com, 1
+infinityvr.net, 1
+infinityweb.com.au, 1
+infinoe.fr, 1
+infinum.com, 1
+infirmieredevie.ch, 0
+infirmiers-montpellier.fr, 1
+infla-tables.tk, 1
+inflammatory.tk, 1
+inflanev.com, 1
+inflatablehire-scotland.co.uk, 1
+inflatablesny.com, 1
+inflatamania.com, 1
+inflate-a-bubbles.co.uk, 1
+inflatiecalculator.nl, 1
+inflationstation.net, 1
+inflexa.com, 1
+inflexsys.com, 0
+infloat.de, 1
+influencemobile.services, 1
+influencestaging.services, 1
+influentsolutions.ch, 1
+influo.com, 1
+influxus.com, 0
+info-beamer.com, 1
+info-bolivia.tk, 1
+info-compusciencetech.tk, 1
+info-days.tk, 1
+info-eolien.fr, 1
+info-free.ml, 1
+info-it.tk, 1
+info-kiwi.tk, 1
+info-o-zbozi.cz, 1
+info-obzor.ga, 1
+info-obzor.ml, 1
+info-reason.cf, 1
+info-screen.me, 1
+info-sell.ml, 1
+info-sys.tk, 1
+info-tech.tk, 1
+info-thailand.ru, 1
+info-usaha.tk, 1
+info.go.th, 1
+info.gov, 1
+info2all.nl, 1
+info4camper.com, 1
+infoaboutlawyers.com, 1
+infoamin.com, 1
+infoapis.net, 1
+infobae.com, 1
+infobalkans.com, 1
+infobanglanet.tk, 1
+infobasquet.tk, 1
+infobiznes.cf, 1
+infobiznes.ga, 1
+infobiznes.tk, 1
+infoblogs.pl, 1
+infoblox.com, 0
+infobot.email, 1
+infobot.eu, 1
+infobot.nl, 1
+infobrain.net, 1
+infobrest.tk, 1
+infobusinessnews.tk, 1
+infocanada.tk, 1
+infocanicatti.tk, 1
+infocapsol.com, 1
+infocision.com, 1
+infocoin.es, 1
+infocommsociety.com, 1
+infocrypto.pl, 1
+infocus.company, 1
+infocusvr.net, 1
+infodesigners.eu, 1
+infodesk.at, 1
+infodis.com, 1
+infoduv.fr, 1
+infoeccos.com, 1
+infofamouspeople.com, 1
+infoflora.ch, 1
+infofp.tk, 1
+infogai.tk, 1
+infogamesports.tk, 1
+infogate.ga, 1
+infogram.com, 1
+infogress.tk, 1
+infogrfx.com, 1
+infogroups.ml, 1
+infogym.com, 1
+infohas.ma, 1
+infohunter.education, 1
+infoiinfo.tk, 1
+infoindia.tk, 1
+infoiptv.tk, 1
+infoislamharian.tk, 1
+infojeunes.fr, 1
+infojmp.com, 1
+infokesehatan.ga, 1
+infokik.com, 1
+infoland.ml, 1
+infolatin.com, 1
+infolead.tk, 1
+infolibertaire.net, 1
+infomail-online.ml, 1
+infomalin.fr, 1
+infomarradi.it, 1
+infomatricula.pt, 1
+infomax.gr, 1
+infomeddnews.com, 1
+infomexico.tk, 1
+infomikulcice.cz, 1
+infomir.eu, 1
+infomir.store, 0
+infomoney.com.br, 1
+infonet.fr, 1
+infopaperiguatemi.com.br, 1
+infopedia.tk, 1
+infopercept.com, 1
+infopreneur.blog, 1
+infoprofuse.com, 1
+infopulse.com, 1
+infopuntzorg.nl, 0
+inforabota.tk, 1
+inforata.com, 1
+inforegister.ee, 1
+inforeviews.ru, 1
+inforge.tk, 1
+inform.kz, 1
+informace-zbozi.cz, 1
+informaciondeciclismo.com, 1
+informacionsexual.com, 1
+informalflowers.com, 1
+informasidumay.gq, 1
+informassist10.fr, 1
+informat.ga, 1
+informaticapremium.com, 0
+informaticien.tk, 1
+informaticmousset.tk, 1
+informaticoalicante.tk, 1
+informaticolamancha.tk, 1
+informatiger.net, 1
+informatik-handwerk.de, 1
+informationdoor.ga, 1
+informationdoorers.ga, 1
+informationdoorest.ga, 1
+informationinhindi.tk, 1
+informationliteracy.gov, 1
+informationntechnology.com, 1
+informationrx.org, 1
+informations-echafaudages.com, 1
+informations-reglementees-sfil.fr, 1
+informationsarchiv.net, 1
+informationsaveers.ga, 1
+informationsaveest.ga, 1
+informatique-13.com, 1
+informatiquenevers.fr, 1
+informator.tk, 1
+informelles.tk, 1
+informnapalm.org, 1
+informspb.tk, 1
+inforok.tk, 1
+inforopub.tk, 1
+infortheride.com, 1
+infosactu.com, 1
+infoschool.ml, 1
+infosec-handbook.eu, 0
+infosec.exchange, 0
+infosec.md, 1
+infosec.mv, 1
+infosec.pizza, 1
+infosec.wiki, 1
+infoseccenter.ro, 1
+infosecchicago.com, 1
+infosecdecompress.com, 1
+infosecsw.ca, 1
+infosectek.io, 1
+infosectekniques.com, 1
+infosective.org, 1
+infosenior.ch, 0
+infoserp.net.pe, 1
+infosolution.biz, 1
+infosoph.org, 1
+infostor.com, 1
+infosubasta.es, 1
+infosystem.cf, 1
+infotabla.si, 1
+infotax24.com.pl, 1
+infotectsecurity.com, 1
+infoteka.cf, 1
+infotekno.co.id, 1
+infoternet.com.pl, 1
+infotics.es, 1
+infotune.nl, 1
+infotv.io, 1
+infotype.ga, 1
+infouspekh.ru, 1
+infovb.org, 1
+infoventas.store, 1
+infovision-france.com, 1
+infowaywebsolutions.com, 1
+infoweb.ee, 1
+infowheels.tk, 1
+infoworm.org, 1
+infra-se.com, 1
+infra-voice.hu, 1
+infra.beer, 1
+infra.land, 1
+infra.press, 1
+infraball.com, 1
+infrabeep.com, 1
+infrabeta.com, 1
+infrabind.com, 1
+infrabold.com, 1
+infrabond.com, 1
+infraboom.com, 1
+infraclass.com, 1
+infraclip.com, 1
+infracron.com, 1
+infradart.com, 1
+infradeep.com, 1
+infradio.am, 1
+infradisk.com, 1
+infradive.com, 1
+infradot.com, 1
+infradrop.com, 1
+infraedifice.com, 1
+infrafile.com, 1
+infrafind.com, 1
+infrafire.com, 1
+infraflip.com, 1
+infraflux.com, 1
+infrafuse.com, 1
+infrafusion.com, 1
+infraget.com, 1
+infralicht.nl, 0
+infralira.com, 1
+infralist.com, 1
+infraloon.com, 1
+inframake.com, 1
+inframeet.com, 1
+inframenu.com, 1
+inframetro.com, 1
+inframint.com, 1
+infraname.com, 1
+infranest.com, 1
+infranium.com, 1
+infranium.eu, 1
+infranium.info, 1
+infranium.net, 1
+infranium.org, 1
+infranotes.com, 1
+infranoto.com, 1
+infranox.com, 1
+infrapass.com, 1
+infrapedia.ch, 1
+infrapeer.com, 1
+infrapilot.com, 1
+infraping.com, 1
+infrapirtis.lt, 1
+infrapixel.com, 1
+infraplot.com, 1
+infraplushk.com, 1
+infrarank.com, 1
+infrarate.com, 1
+infrareader.com, 1
+infraredradiant.com, 1
+infras.fr, 1
+infrasend.com, 1
+infraspin.com, 1
+infrastat.com, 1
+infrastatic.com, 1
+infratank.com, 1
+infratask.com, 1
+infrathink.com, 1
+infratrip.com, 1
+infravibe.com, 1
+infravideo.com, 1
+infravoce.com, 1
+infravoice.com, 1
+infraware.com, 1
+infrazine.com, 1
+infruction.com, 1
+infstudios.nl, 1
+infuse-mn.gov, 1
+infusemedia.com, 1
+ing, 1
+ing-buero-junk.de, 1
+ing.dk, 1
+ingalabs.hu, 1
+ingatlanjogaszok.hu, 1
+ingatlanneked.hu, 1
+ingbusiness.pl, 1
+inge-deco.com, 1
+inge-r.nl, 1
+ingebroer.com, 1
+ingegnereambientale.tk, 1
+ingemmologie.com, 1
+ingenesis.com, 1
+ingeni.ink, 1
+ingenieriaclinica.org, 1
+ingenieure-website.de, 1
+ingenious-development.tk, 1
+ingenium.si, 1
+ingeniumsociety.tk, 1
+ingenius.ws, 1
+ingenuitycloudservices.com, 1
+ingerhy.com, 1
+ingermany.ml, 1
+ingersolltwpmi.gov, 1
+inges-kattehjem.dk, 1
+ingeseratlantica.es, 1
+ingestion.life, 1
+ingfreelancer.com, 1
+ingfss.ru, 1
+inghamcountymi.gov, 1
+ingilizceturkce.gen.tr, 1
+ingjobs.ch, 1
+ingleandrhode.co.uk, 1
+inglebycakes.co.uk, 1
+inglesencanada.cf, 1
+inglesfoco.com.br, 1
+inglesideonthebaytx.gov, 1
+inglesnarede.com.br, 1
+inglessantacruz.tk, 1
+inglestotal.tk, 1
+ingo-schlueter.de, 1
+ingoschlueter.de, 1
+ingrain-ed.com, 1
+ingrammicrocloud.com, 1
+ingresatupedido.com, 1
+ingresosautomaticos.tk, 1
+ingresospasivosyafiliados.online, 1
+ingridbai.me, 1
+ingridvanderveen.com, 1
+ingticos.com, 1
+ingushetia.tk, 1
+ingwaz.org, 1
+inhabitgroup.com, 1
+inhale.it, 1
+inhaltsangabe.de, 1
+inhere.cf, 1
+inherfeet.ml, 1
+inhoff.eu, 1
+inhomedesign.ro, 1
+inhouseents.co.uk, 1
+inhousehr.nl, 1
+iniiter.com, 1
+iniitian.com, 1
+inilabs.xyz, 1
+inima.org, 1
+inimicalpart.com, 1
+inin.gq, 1
+init.blog, 1
+init.ink, 1
+init3.cn, 1
+initblogger.com, 1
+initiative20x20.org, 1
+initq.net, 1
+initramfs.io, 1
+initrandom.com, 1
+injerry.com, 1
+injigo.com, 0
+injurylawyers.com, 1
+injurylawyersphoenixaz.com, 1
+injust.cf, 1
+injust.ga, 1
+injust.gq, 1
+injust.me, 1
+injust.ml, 1
+injust.tk, 1
+inkandtonerni.co.uk, 1
+inkbeau.com, 1
+inkblogdb.com, 1
+inkblot.art, 1
+inkbunny.net, 1
+inkburners.ga, 1
+inkburnest.ga, 1
+inkdawgz.com, 1
+inkdrop.co.za, 0
+inkeliz.com, 1
+inkerotic.com, 1
+inkerz.com.br, 1
+inkforall.com, 1
+inkhor.se, 1
+inkhub.com.au, 1
+inkjets-inks.tk, 1
+inkliners.tk, 1
+inkognito.cf, 1
+inkognito.ga, 1
+inkognito.gq, 1
+inkognito.ml, 1
+inkomensafhankelijkehuurverhoging.nl, 1
+inkopers.org, 1
+inkor.tk, 1
+inkpay.com, 1
+inksay.com, 1
+inkteeshop.com, 1
+inkthemes.com, 1
+inkthreadable.co.uk, 1
+inkubatori.tk, 1
+inkurz.de, 1
+inkvisual.tk, 1
+inlabo.de, 1
+inlimiters.ga, 1
+inlimitest.ga, 1
+inline-online.tk, 1
+inline-sport.cz, 1
+inlinea.ch, 1
+inlineskates.tk, 1
+inlink.ee, 1
+inlink.ltd, 1
+inlocon.de, 1
+inlt.com, 1
+inlumi.com, 1
+inmaaa.cf, 1
+inmamaskitchen.com, 1
+inmaps.xyz, 1
+inmatefinancial.com, 1
+inmateintake.com, 1
+inmedic.pl, 1
+inmemoria.tk, 1
+inmemorium.tk, 1
+inmemoryofdaniella.com, 1
+inmigracion-florida.com, 1
+inmobanking.com.gt, 1
+inmobiliaria-sanpablo.cl, 1
+inmobiliariamarino.com, 0
+inmobiliariaredimido.com, 1
+inmobillium.fr, 1
+inmonteblandinio.be, 1
+inmoodforsex.com, 1
+inmoterrenas.com, 1
+inmotionmktg.com, 1
+inmoveskates.com, 1
+inmucrom.com, 1
+inmucrom.es, 1
+inmuseworld.tk, 1
+inmusicfestival.com, 1
+inmyhead.tk, 1
+innainnaki.net, 1
+innatocol.com, 1
+inncoaching.nl, 1
+inner-change-mastery.com, 1
+inner-vision.tk, 1
+innerdarkside.tk, 1
+innerfence.com, 1
+innerlife.company, 1
+innerlifeskills.com, 1
+innerlightcrystals.co.uk, 1
+innermarkerranch.com, 1
+innermindpsychology.com.au, 1
+innermostparts.org, 1
+innerpeace.tk, 1
+innersafe.com, 1
+innerspace.ae, 1
+innertrip.co.kr, 1
+innico.cf, 1
+inniger.be, 1
+innio.com, 1
+innisfildental.com, 1
+inno.ch, 0
+innocence.org.cn, 0
+innocenceseekers.net, 1
+innogames.com, 1
+innogames.de, 1
+innohb.com, 1
+innolabfribourg.ch, 1
+innoloop.com, 0
+innopharmaeducation.com, 1
+innopharmatechnology.com, 1
+innosol.hu, 1
+innosysdelft.com, 1
+innot.net, 1
+innotec.security, 1
+innoteil.com, 1
+innoteknology.com, 1
+innov.in, 1
+innova-online.at, 1
+innova-scape.info, 1
+innova360.com.mx, 1
+innovacoachgroup.com, 1
+innovae.eu, 0
+innovairservices.ch, 0
+innovamag.com, 1
+innovaptor.at, 1
+innovaptor.com, 1
+innovasistemas.com, 1
+innovate-indonesia.com, 1
+innovateohio.gov, 1
+innovateohioplatform.gov, 1
+innovation-workshop.ro, 1
+innovation.gov, 1
+innovationbranding.ga, 1
+innovationbrandingers.ga, 1
+innovationbrandingest.ga, 1
+innovationrealtygrp.com, 1
+innovative-trading.tk, 1
+innovativeactors.com, 1
+innovativebuildingsolutions.co.za, 1
+innovativeideaz.org, 1
+innovativetrials.com, 1
+innovativeunderwriters.com, 1
+innoventity.in, 1
+innover.se, 1
+innoviahome.com, 0
+innovomuebles.com, 1
+innovum.cz, 1
+innowire.tk, 1
+innsaimonitor.com, 1
+innsalzachsingles.de, 1
+innvisiondesign.net, 1
+innwan.com, 1
+inoa8.com, 1
+inoapps.com, 1
+inocelda.com, 1
+inoio.de, 1
+inomics.com, 1
+inondation.ch, 0
+inorbit.io, 1
+inorden.se, 1
+inoreader.com, 1
+inoruhana.com, 1
+inosek.com, 1
+inostudio.com, 1
+inostudio.ru, 0
+inotecsoftware.com, 1
+inourtime.cn, 1
+inovalon.com, 1
+inovalon.global, 1
+inovasirumahku.tk, 1
+inovatec.ca, 1
+inovatec.com, 1
+inovatecapi.com, 1
+inovatecsystems.com, 1
+inovigo.ro, 1
+inovitec.ro, 1
+inox-deurtrekkers.be, 1
+inoxandco.com, 1
+inparkmagazine.com, 1
+inpas.co.uk, 1
+inpasa.com.br, 1
+inpdp.tk, 1
+inpector.de, 1
+inpresso.pl, 1
+inprode.com, 1
+inprosy.com, 1
+inpsyde.com, 1
+inpulsetech.io, 1
+input.sh, 1
+inputdriven.com, 1
+inputmodes.com, 1
+inqorp.ca, 1
+inquant.de, 1
+inquisicion.tk, 1
+inquisition.is, 1
+inrage.fr, 0
+inrilan.tk, 1
+ins-jpn.com, 1
+ins-kreativ.de, 1
+ins.to, 0
+ins1gn1a.com, 1
+insame.space, 1
+insanb.com, 1
+insancendekiams.sch.id, 1
+insane.zone, 1
+insaneair.co.uk, 1
+insanedevs.com, 1
+insanepyro.tk, 1
+insanity.zone, 1
+insblauehinein.nl, 1
+inschrijfformulier.com, 1
+inscom.events, 1
+inscribe.ai, 1
+inscribeinternal.com, 1
+inscribeusercontent.com, 1
+inscripcionessena.com, 1
+inscriu.ro, 1
+insecret.ua, 1
+insecure.org.je, 1
+insegne.roma.it, 1
+inserior.com, 1
+inserta.tk, 1
+insertcoins.net, 1
+insertcredit.com, 1
+insertface.com, 1
+inshapenutrition.com.br, 1
+inshared.nl, 1
+inshop.hu, 1
+insiberia.tk, 1
+inside-m2m.de, 1
+inside-the-outside.com, 1
+insideastronomy.tk, 1
+insideaudit.com, 1
+insidebeach.com.br, 1
+insidebedroom.com, 0
+insideevs.com, 1
+insideevs.com.ar, 1
+insideevs.com.tr, 1
+insideevs.de, 1
+insideevs.fr, 1
+insideevs.ru, 1
+insidegnss.com, 1
+insidehook.com, 1
+insideofgaming.de, 1
+insideperu.tk, 1
+insideprisonbreak.tk, 1
+insider-invest.tk, 1
+insiderateers.ga, 1
+insiderateest.ga, 1
+insidergazette.com, 1
+insiderpie.de, 1
+insiders.ga, 1
+insiderx.com, 1
+insidethefirewall.tk, 1
+insidetheigloo.com, 1
+insideview.com, 1
+insighti.com, 1
+insights.plus, 1
+insightsoftware.com, 1
+insignificant.space, 1
+insinuator.net, 1
+insistel.com, 1
+insolent.ch, 1
+insolved.com, 1
+insomnia-isterica.tk, 1
+insomniac.pl, 1
+insomniac.ro, 1
+insomniachelp.com, 1
+insono.no, 1
+insotech.eu, 1
+insouciant.org, 1
+inspektre.com, 0
+inspektre.io, 1
+inspirascholen.be, 1
+inspiration.gr, 1
+inspirationalstories.com, 1
+inspirationalstories.tk, 1
+inspire-av.com, 1
+inspire2rise.com, 1
+inspired-builds.co.uk, 1
+inspired-creations.co.za, 1
+inspired-lua.org, 1
+inspiredbyannefrank.com, 1
+inspiredelements.co.uk, 1
+inspiredhousewife.com, 1
+inspiredlife.fun, 1
+inspireplanner.com, 1
+inspiresurgery.com, 1
+inspirez-vous-sophro.com, 1
+inspiringtips.com, 1
+inspirithealth.ca, 1
+insportline.lt, 1
+inspreeveryone.ga, 1
+insrt.uk, 0
+insside.net, 1
+insst.es, 1
+insta-viewer.ml, 1
+instacart.careers, 1
+instacart.com, 1
+instachina.ru, 1
+instacredito.pt, 1
+instadapp.io, 1
+instafind.nl, 1
+instaforex.com.ng, 1
+instagc.com, 1
+instagrabber.ru, 1
+instagram-atom.appspot.com, 1
+instagram.com, 0
+instagramdeposu.com, 1
+instagrammernews.com, 1
+instagramtweet.com, 1
+instagraph.cn, 1
+instahub.net, 1
+instalamosyreformamos.es, 1
+installation-hotte-cuisine.com, 1
+installation-of-xenon.tk, 1
+installer-borne-electrique.fr, 1
+installgentoo.net, 1
+instances.social, 1
+instanse.nl, 1
+instant-clearance-sale.co.uk, 1
+instant-hack.com, 1
+instant-hack.io, 1
+instant-hack.to, 1
+instant-thinking.de, 0
+instant.io, 1
+instantessay.tk, 1
+instantfinishers.ga, 1
+instantfinishest.ga, 1
+instantinsightinc.com, 1
+instantintegrationers.ga, 1
+instantintegrationest.ga, 1
+instantkhabar.com, 1
+instantluxe.com, 1
+instantluxe.de, 1
+instantmoron.com, 1
+instantpage.tk, 1
+instantphotocamera.com, 1
+instantphotoprinter.com, 1
+instantprint.co.uk, 1
+instantreplay.tk, 1
+instantsiteaudit.com, 1
+instava.cz, 1
+instawi.com, 1
+instawierszyki.pl, 1
+instead.com.au, 1
+insteagle.com, 1
+instelikes.com.br, 1
+instem.jp, 1
+instics.com, 1
+instinct-nature.fr, 1
+instinctive-archery.de, 0
+institutadios.com, 0
+institutchroma.fr, 1
+instituto18denoviembre.tk, 1
+institutoclaro.org.br, 1
+institutoconsulplan.org.br, 1
+institutodyn.com, 1
+institutoessencia.com, 1
+institutofacial.com, 1
+institutogiuseppe.com, 1
+institutogiuseppe.com.ar, 1
+institutoliderar.edu.co, 1
+institutomaritimocolombiano.com, 1
+institutulcultural.ro, 1
+instocktho.cc, 1
+instructorcarders.ga, 1
+instrukci.tk, 1
+instrumart.ru, 0
+instrumentalevening.tk, 1
+instrumentalverein-tueddern.de, 1
+instrumentodepaz.com, 1
+instylecollection.tk, 1
+instytut.tk, 1
+instytutwellsense.pl, 1
+insulationchicagoil.com, 1
+insulations.ga, 1
+insulectro.com, 1
+insult.es, 1
+insultband.tk, 1
+insultniki.ru, 1
+insurance, 1
+insurance-companies.tk, 1
+insurance24.online, 1
+insurancebloggingers.ga, 1
+insurancebloggingest.ga, 1
+insurancebonzer.ga, 1
+insurancebusinessmag.com, 1
+insuranceclassic.ga, 1
+insurancecompanylive.tk, 1
+insurancehotline.com, 1
+insuranceleep.ga, 1
+insurancenews.gq, 1
+insurancequotes.tk, 1
+insurancesaman.tk, 1
+insurancesquaders.ga, 1
+insurancesquadest.ga, 1
+insurancevlog.in, 1
+insuranceweb.ga, 1
+insurebot.com.au, 1
+insurebuysers.ga, 1
+insurebuysest.ga, 1
+insured-event.tk, 1
+insuredcloud.ga, 1
+insuredonline.in, 1
+insuremycar.ru, 1
+insureon.com, 1
+insurethebox.tk, 1
+insurgent.tk, 1
+insurgo.cloud, 1
+insurrectosdelbosque.tk, 1
+insyde.cloud, 1
+insyde.com, 1
+insydesw.com, 1
+inszu.com, 0
+int-ext-design.fr, 1
+int-refer.nhs.uk, 1
+int64software.com, 1
+intab.io, 1
+intafe.co.jp, 1
+intakesync.com, 1
+intakings.tk, 1
+intal.info, 1
+intalink.org.uk, 1
+intarweb.ca, 1
+intasky.cz, 1
+intasky.sk, 1
+inte.ru, 1
+inteapuestas.com, 1
+intechdaybcp.com, 1
+inteforge.com, 1
+integ.jp, 1
+integra-belgium.be, 1
+integrafin.co.uk, 1
+integrahealth.com.mx, 1
+integral-calculator.com, 1
+integral-calculator.ru, 1
+integralblue.com, 1
+integralcare.org, 1
+integralkk.com, 1
+integralrechner.de, 1
+integralschool.ru, 1
+integrammes.fr, 1
+integratedbms.co.za, 1
+integratedmedicalonline.com, 1
+integratedphysio.com.au, 1
+integratedtec.net, 1
+integration-mouvements-oculaires.com, 1
+integrativepsychiatry.co.il, 1
+integrator.io, 1
+integrisaviation.com, 1
+integritet.com.se, 1
+integritree.ca, 1
+integrity.gov, 1
+integritydetail.com, 1
+integrityfirstloans.com, 1
+integrityglobal.com, 1
+integrityhomecontractors.com, 1
+integritykrakow.pl, 1
+integrityline.com, 1
+integritymedicalwaste.com, 1
+integrityokc.com, 1
+integrityoklahoma.com, 1
+integromat.com, 1
+integroof.com, 1
+integsystem.com, 1
+intel.gov, 1
+intel69.cf, 1
+intelalumni.org, 1
+intelcapital.com, 1
+intelekta.es, 1
+intelhost.com.br, 1
+intelics.com.au, 1
+intelius.cf, 1
+intellar.com, 1
+intellect-ls.com, 1
+intellecta.is, 1
+intellective.us, 1
+intellectmoney.ru, 1
+intellego.de, 1
+intellek.io, 1
+intellektuaalomand.ee, 1
+intelliance.eu, 1
+intellicore.cl, 1
+intelligence-explosion.com, 1
+intelligenceia.fr, 1
+intelligenetics.com, 0
+intelligentnegotiator.com, 1
+intelligentrics.com, 1
+intelligentwaves.com, 1
+intelligista.tk, 1
+intelligizedigital.com, 1
+intelligroup360.com, 1
+intellihr.io, 1
+intellimatica.se, 1
+intellimax.ir, 1
+intellinetixvibration.com, 1
+intellio.pl, 1
+intellior.ag, 1
+intellitonic.com, 1
+intellium.io, 1
+intelly.kr, 1
+intelly.nl, 1
+intelly365.nl, 1
+intelrealsense.com, 1
+inteltechniques.com, 1
+intelx.io, 1
+intencje.pl, 1
+intenirphoto.tk, 1
+intensify.pictures, 1
+intensiveintervention.org, 1
+intensivpflege-sachsen.de, 1
+inter-culinarium.com, 1
+inter-design.sk, 1
+inter-news.tk, 1
+interabbit.co, 1
+interabbit.com, 1
+interacademybrazil.com.br, 1
+interacthindu.tk, 1
+interactiveanddesign.com, 1
+interactivebrokersreview.co, 1
+interactivedigesters.ga, 1
+interactivedigestest.ga, 1
+interactiveliterature.org, 1
+interactivetheatrecollective.tk, 1
+interad.com, 1
+interaffairs.com, 1
+interagencystandingcommittee.org, 1
+interaktiva.fi, 1
+interallied.org, 1
+interbanco.com.gt, 1
+interbank.pe, 1
+interbec.com, 1
+interblink.tk, 1
+interc0der.tk, 1
+intercariforef.org, 1
+interceptorproject.hr, 1
+interchangehq.com, 1
+interchanges.io, 1
+intercol.com.br, 1
+intercom-attachments-1.com, 1
+intercom-attachments-5.com, 1
+intercom-attachments-6.com, 1
+intercom-attachments-9.com, 1
+intercom-attachments.com, 1
+intercom-attachments.eu, 1
+intercom-language.training, 1
+intercom-mail.com, 1
+intercom-mail.eu, 1
+intercom-sheets.com, 1
+intercom.com, 1
+intercom.io, 1
+intercomcdn.com, 1
+intercomcdn.eu, 1
+intercomp-cbu.ru, 1
+intercomp.ru, 1
+intercomunicador.org, 1
+intercomunicadores.org, 1
+interconlarp.org, 1
+intercop.es, 1
+intercrosse.tk, 1
+interday.net, 1
+interdc.com, 1
+interdc.nl, 1
+interdescargas.tk, 1
+interdez.com.ua, 1
+interesnyimir.com, 1
+interessengemeinschaft-pregelstrasse.tk, 1
+interesting.ac.cn, 1
+interestingfacts.gq, 1
+interface-systems.de, 1
+interfloraservices.co.uk, 1
+interflores.com.br, 1
+interfug.de, 1
+intergenx.co.uk, 1
+intergenx.com, 1
+intergenx.org, 1
+intergenx.org.uk, 1
+intergermania.com, 1
+intergraphix.com.ar, 1
+interguard.net, 1
+interguardian.de, 1
+interhealthcare.com.au, 1
+interiery-waters.cz, 1
+interieursud.fr, 1
+interimnorge.no, 1
+interior-design-colleges.com, 1
+interior16.cf, 1
+interiorai.com, 1
+interiorcarpentryqatar.com, 1
+interiorcheapo.com, 1
+interiorcolors.tk, 1
+interiorsnmore.com, 1
+interisaudit.com, 1
+interitus.tk, 1
+interlapse.tk, 1
+interleasing.co.nz, 1
+interleasing.com.au, 1
+interlecwa.com, 0
+interlijn.nl, 1
+interlingvo.biz, 1
+interlink-jp.com, 1
+interlinked.us, 1
+interlogos.bg, 1
+intermac.nl, 1
+intermarche.pt, 1
+intermezzo-emmerich.de, 1
+intermezzo-emmerich.nl, 1
+interminsk.tk, 1
+intern.tax, 1
+internacionalista.tk, 1
+internaldisfunction.tk, 1
+internalfb.com, 1
+internalframebackpack.tk, 1
+internalkmc.com, 1
+internally.ga, 1
+internalportal.net, 1
+international-books.org, 1
+international-business-world.com, 1
+international-friends.net, 1
+international-genealogy-services.com, 1
+international.expert, 1
+internationalairlinestickets.com, 1
+internationalbussines.tk, 1
+internationaldelight.com, 1
+internationaldesigncomp.com, 1
+internationalepolitik.de, 1
+internationalfashionjobs.com, 1
+internationalflightstickets.com, 1
+internationalfm.tk, 1
+internationalfrom.com, 1
+internationalgse.com, 1
+internationaljoustingleague.tk, 1
+internationalrelationsedu.org, 1
+internationalrugsdallas.com, 1
+internationalschool.it, 1
+internationaltercumeburosu.com.tr, 1
+internationaltranslating.com, 1
+internationalweekly.tk, 1
+internect.co.za, 1
+internet-aukcion.info, 1
+internet-drive.tk, 1
+internet-gazeta.ga, 1
+internet-hypothekenbank.de, 1
+internet-israel.com, 1
+internet-tv4u.tk, 1
+internet.org, 1
+internet42.tk, 1
+internet4all.gov, 1
+internetauction.tk, 1
+internetbank.swedbank.se, 1
+internetbloger.tk, 1
+internetbugbounty.com, 1
+internetbugbounty.org, 1
+internetbusiness-howto.com, 1
+internetcom.jp, 1
+internetdagarna.se, 1
+internetface.tk, 1
+internetfonden.se, 1
+internetforall.gov, 1
+internethediyesi.com, 1
+internethypothekenbank.de, 1
+internetinhetbuitengebied.nl, 1
+internetional.nl, 1
+internetk.tk, 1
+internetkunskap.se, 1
+internetline.tk, 1
+internetmagaz.tk, 1
+internetmarketingprofitscenter.com, 1
+internetmarkets.net, 1
+internetmedia.si, 1
+internetmineers.ga, 1
+internetmineest.ga, 1
+internetmuseum.se, 1
+internetnz.nz, 1
+internetofdon.gs, 1
+internetoffensive.fail, 1
+internetofinsecurethings.com, 1
+internetoskol.tk, 1
+internetovehazardnihry.cz, 1
+internetowykantor.pl, 1
+internetpasoapaso.com, 1
+internetpoem.com, 1
+internetpro.me, 1
+internetprofitspro.com, 1
+internetslapfights.com, 1
+internetstaff.com, 1
+internetstiftelsen.se, 1
+internetstones.com, 1
+internetsubsidie.tk, 1
+internetthreatcenter.com, 1
+internetthreatscenter.com, 1
+internettoday.ga, 1
+internettradie.com.au, 0
+internetwealthresource.com, 1
+internetzaim.tk, 1
+internetzentrale.net, 1
+internews24.com, 1
+internist.ru, 1
+interparcel.com, 1
+interphoto.by, 1
+interplex.com, 1
+interpol.gov, 1
+interpretacjawynikowbadan.info.pl, 1
+interprete.tk, 1
+intersectionconsultancy.co.uk, 1
+interseguro.pe, 1
+interseller.io, 1
+intersexualite.tk, 1
+interslang.tk, 1
+intersolar.co.in, 1
+intersolute.de, 1
+interspar.at, 1
+intersport.com.kw, 1
+intersportks.com, 1
+interspot.nl, 1
+interssl.com, 1
+interstateremovalists.sydney, 1
+interstellardabs.com, 1
+intersun.es, 1
+intersun.fr, 1
+intersun.pt, 1
+intersys.uy, 1
+interterranfed.org, 1
+intertime.services, 1
+intertrans.tk, 1
+interval-training-timer.ru, 1
+intervalzero.com, 1
+intervention.io, 1
+interview-suite.com, 0
+interview-test-taker.com, 1
+interviewme.pl, 1
+interviewpipeline.co.uk, 1
+interviewstarsers.ga, 1
+interviewstarsest.ga, 1
+intervista-rh.fr, 1
+interways.de, 1
+interwebz-cheats.com, 1
+interwebz.nz, 1
+interwerk.de, 1
+intesis.com, 0
+intestclub.tk, 1
+inthechair.com, 1
+inthechileanwoods.tk, 1
+inthepicture.com, 1
+inthevip.com, 1
+inthouse.cloud, 1
+intifx.com, 1
+intigriti.com, 0
+intihalprogrami.com, 1
+intim-24.tk, 1
+intim-ru.tk, 1
+intima-mente.com, 1
+intimastoreatacado.com.br, 1
+intimatecollision.com, 1
+intimidad.tk, 1
+intimznakomstvo.tk, 1
+intmissioncenter.org, 0
+into-the-mountain.com, 1
+intomsk.tk, 1
+inton.biz, 1
+intoparking.fi, 1
+intor.fi, 1
+intosec.nl, 1
+intotraffic.nl, 1
+intouchgames.co.uk, 1
+intoxicate.tk, 1
+intpb.com.au, 0
+intpforum.com, 1
+intr0.cf, 1
+intr0.com, 1
+intr0.tk, 1
+intracdf.net, 1
+intracellulartherapies.com, 1
+intrack.net.au, 1
+intracom.com, 0
+intradayseasonals.com, 1
+intrador.com, 1
+intrafi.com, 1
+intranet.dvag, 1
+intranetcity.ch, 1
+intranetcrowd.com, 1
+intraobes.com, 1
+intrasac.com, 1
+intraxia.com, 1
+intrdate.us, 1
+intrepidmedia.tk, 1
+intrepy.com, 1
+intrigue3d.com, 1
+intrixgroup.com, 1
+intro.management, 1
+intron.pw, 1
+intropickup.ru, 1
+intropika.tk, 1
+intrstd.in, 1
+intrum-credit-information-ws.ch, 1
+intstyle.com.ua, 1
+intsys.fi, 1
+intux.be, 0
+intvonline.com, 1
+intxt.net, 1
+inu.nl, 1
+inuevostiempos.es, 1
+inumcoeli.com.br, 1
+inusasha.de, 1
+inuyasha-petition.tk, 1
+invadecafe.tk, 1
+invaded.ga, 1
+invadelabs.com, 1
+invalida.ru, 1
+invantive-apps-for-dynamics-crm.com, 1
+invantive-apps-for-magento.com, 1
+invantive-apps-for-nmbrs.com, 1
+invantive-apps-for-salesforce.com, 1
+invantive-apps-for-stackoverflow.com, 1
+invantive-apps-voor-exact-online.nl, 1
+invantive-apps-voor-loket.nl, 1
+invantive-apps-voor-xml-auditfiles.nl, 1
+invantive.be, 1
+invantive.cloud, 1
+invantive.co.uk, 1
+invantive.com, 1
+invantive.es, 1
+invantive.eu, 1
+invantive.net, 1
+invantive.nl, 1
+invantive.org, 1
+invasion.com, 1
+invasivespeciesinfo.gov, 0
+invata-ma.ro, 1
+invenio.software, 1
+inventarioti.serveftp.net, 1
+inventati.org, 1
+inventify.com, 1
+inventionjudgeers.ga, 1
+inventionjudgeest.ga, 1
+inventions-home.tk, 1
+inventionsteps.com.au, 1
+inventix.nl, 1
+invento.tk, 1
+inventortesters.ga, 1
+inventortestest.ga, 1
+inventorybase.co.uk, 1
+inventorybase.com, 1
+inventoryimages.co.uk, 1
+inventorylab.com, 1
+inventos.tk, 1
+inventoseinventores.com, 1
+inventum.cloud, 1
+inveny.fr, 1
+inverness.gov, 1
+inversegravity.net, 1
+inverselink-user-content.com, 1
+inverselink.com, 1
+inversion.travel, 1
+inversionesgalindo.com, 1
+invertiaweb.com, 1
+invertir.gov, 1
+invespex.com, 1
+invest-stroj.tk, 1
+invest.gov, 1
+investa.ph, 1
+investactiv.tk, 1
+investarholding.nl, 1
+investasiku.tk, 1
+investasimudah.tk, 1
+investasipasti.tk, 1
+investbeneficios.com.br, 1
+investcorp.com, 1
+investelogo.com.br, 1
+investgold.ml, 1
+investgold.tk, 1
+investgroop.ml, 1
+investia.ca, 1
+investigace.cz, 1
+investigatemalware.com, 1
+investigatingmalware.com, 1
+investigations-nbi.com, 1
+investigatore.it, 1
+investigatore.milano.it, 1
+investigatore.roma.it, 1
+investigatore.torino.it, 1
+investigazione.milano.it, 1
+investigazione.roma.it, 1
+investinamerica.gov, 1
+investinestonia.com, 0
+investingdiary.cn, 1
+investinginamerica.gov, 1
+investingnews.com, 1
+investingoal.com, 1
+investingoutlook.co, 1
+investingtrader.net, 1
+investintech.com, 1
+investinweed.com, 1
+investion.cf, 1
+investir.ch, 0
+investirdanslancien.fr, 1
+investire.biz, 0
+investirenisrael.fr, 1
+investirfazbem.com.br, 1
+investirsolidaire.fr, 1
+investisiya.az, 1
+investisseur-nomade.fr, 1
+investisseur-or-matieres.com, 1
+investlatam.com, 1
+investment-adh.com, 1
+investment.com, 1
+investmentrankingsers.ga, 1
+investmentrankingsest.ga, 1
+investmonitor.tk, 1
+investnext.com, 1
+investnorthernontario.com, 1
+investonline.cf, 1
+investor-academy.jp, 1
+investor.com.tr, 1
+investor.gov, 1
+investoren-beteiligung.de, 1
+investorforms.com, 1
+investorloanshub.com, 1
+investorplace.com, 1
+investorrightsnetwork.com, 1
+investors.pl, 1
+investosure.com, 1
+investpay.ru, 1
+investpsp.ca, 1
+investpsp.com, 1
+investresolve.com, 1
+investservis.eu, 1
+inviaworld.tk, 1
+invicta.fr, 1
+invicti.com, 1
+invictuscapital.com, 1
+invidious.rocks, 1
+invidis.de, 1
+invincia.com, 1
+invinoaustria.cz, 1
+invisible-college.com, 1
+invisible.io, 1
+invisibledrain.com, 1
+invisiblehat.ventures, 1
+invisiblejiujitsu.co.uk, 1
+invisibles.ch, 0
+invisionary.tech, 1
+invisionary.tk, 1
+invisitone.com, 1
+invitation-factory.tk, 1
+invitationtrackerers.ga, 1
+invitationtrackerest.ga, 1
+invitebiz.tk, 1
+invitepeople.com, 1
+invitescafe.com, 1
+invitia.net, 1
+invito.tk, 1
+invoiced.com, 1
+invoicely.com, 1
+invokingspirits.tk, 1
+involic.com, 1
+involve.asia, 1
+invuite.com, 1
+invuite.com.au, 1
+inwebo.net, 1
+inwepo.co, 1
+inwit.tk, 1
+inwonderofit.com, 1
+inycia.com, 1
+inyo.gov, 1
+inyourowntime.zone, 1
+inyr.hu, 0
+inzdr.com, 1
+inzeitinteractive.tk, 1
+inzelabs.com, 1
+inzeni.pl, 1
+inzernettechnologies.com, 1
+inzestfreunde.de, 1
+inzichtmeditatie.nl, 1
+inzidenz.eu, 1
+inzite.com, 1
+io.kg, 1
+io.nl.eu.org, 1
+io88.win, 1
+ioactive.com, 1
+ioanamateas.ro, 1
+ioanavisan.tk, 1
+iobint.com, 1
+iocbc.com, 1
+iochen.com, 1
+iocorp.jp, 1
+iocp.org, 0
+ioctl.cc, 1
+iocurrents.com, 0
+iodb.ru, 1
+iodu.re, 1
+ioga.tk, 1
+iogamers.org, 1
+iogm-official.id, 1
+iograficathemes.com, 1
+ioh.lol, 1
+iolabs.io, 1
+ioliver.co.uk, 1
+iololi.com, 1
+iolpodcast.com, 1
+iomedia.ch, 1
+iompost.com, 1
+iomstamps.com, 1
+ionc.ca, 1
+ioncubedecode.xyz, 1
+iondrey.cf, 1
+iondrey.fr, 1
+iondrey.ga, 1
+iondrey.gq, 1
+iondrey.ml, 1
+iondrey.tk, 1
+ione.net.nz, 1
+iongroup.com, 1
+ionhowto.com, 1
+ionicframework.com, 1
+ionicshop.xyz, 1
+ionize.cloud, 1
+ionlabs.kr, 1
+ionline.ml, 1
+ionovia.de, 1
+ionspin.com, 0
+ionstudio.pe, 1
+ionutnica.ro, 1
+ionx.co.uk, 1
+iop.intuit.com, 1
+iopex.com, 1
+iopool.us, 1
+iorgroup.org, 1
+ioriogioielli.com, 1
+ios.fm, 1
+ios11018.com, 1
+iosartstudios.gr, 1
+iosco.org, 1
+iosecurity.co.za, 1
+iosgeekblog.com, 1
+iosjailbreakiphone.com, 0
+ioslo.net, 0
+iosme.ga, 1
+iosolutions.cl, 1
+iosprivacy.com, 1
+iossearch.tk, 1
+iostream.by, 1
+iosxr.de, 1
+iot-alliances.com, 1
+iotac.xyz, 1
+iotanodes.org, 1
+iotbusinessforum.com.br, 1
+iotekha.tv, 1
+iotfen.com, 1
+iotmu.com, 1
+iotportal.tk, 1
+iotrasloco.it, 1
+iotsms.io, 1
+ioville.com, 1
+iovo.consulting, 1
+iowa80.com, 1
+iowacolonytx.gov, 1
+iowacorncountry.com, 1
+iowadol.gov, 1
+iowaintex.gov, 1
+iowamissingpersons.gov, 1
+iowaneedsanewkim.com, 1
+iowaschoolofbeauty.com, 1
+iowasmokefreeair.gov, 1
+iowastem.gov, 1
+iowaworks.gov, 1
+iowaworksforveterans.gov, 1
+iowawx.com, 1
+iowxy.com, 1
+iox.is, 1
+ioxio-dataspace.com, 1
+ioxio-showroom.com, 1
+ip-addr.es, 1
+ip-audio.org, 1
+ip-cam-pro-cz.com, 1
+ip-generation.de, 1
+ip-hahn.de, 0
+ip-kameri.com, 1
+ip-life.net, 1
+ip-tanz.com, 1
+ip.dog, 1
+ip.gt, 1
+ip.or.at, 1
+ip.sb, 1
+ip3.world, 1
+ip3office.com, 0
+ip40.com, 1
+ip4unlocked.tk, 1
+ip6.li, 1
+ipaddress.my, 1
+ipaddressreputation.com, 1
+ipadizate.com, 1
+ipadizate.es, 1
+ipadkaitori.jp, 0
+ipal.im, 1
+ipal.name, 1
+ipal.tel, 1
+ipanchev.com, 1
+iparenda.tk, 1
+iparkki.com, 1
+ipcc-wg3.gov, 1
+ipcim.com, 1
+ipclabs.tk, 1
+ipcmali.ml, 1
+ipcom.com.br, 0
+ipconsulting.se, 1
+ipcontolsite.ga, 1
+ipcontolsite.tk, 1
+ipcstore.com, 1
+ipdental.tk, 1
+ipdfreedom.me, 1
+ipdgroup.com.au, 1
+ipemcomodoro.com.ar, 1
+iperconnessi.it, 1
+iperon.ru, 1
+ipetecperu.org, 1
+ipetitions.by, 1
+ipfire.org, 1
+ipfirebox.de, 1
+ipfixcalculator.com, 1
+ipfixcollector.com, 1
+ipfixifies.com, 1
+ipfixify.com, 1
+ipfixinator.com, 1
+ipfixreplicator.com, 1
+ipfs.io, 1
+ipgeolocation.io, 1
+ipggroup.com, 1
+ipgrabbed.rip, 1
+iphone.fashion, 1
+iphone6.ro, 1
+iphonebatarya.net, 1
+iphonechina.net, 0
+iphoned.nl, 1
+iphonekaitori.tokyo, 0
+iphonemobile.ro, 1
+iphonerepairbolton.co.uk, 1
+iphonesoft.fr, 1
+iphoneunlock.nu, 1
+iphostreputation.com, 1
+ipid.me, 1
+ipidkun.com, 1
+ipigri.tk, 1
+ipinfo.tw, 1
+ipioneer.ga, 1
+ipirangaparafusos.com.br, 1
+ipl.pt, 1
+iplabs.de, 0
+iplaycraft.ru, 1
+iplayradio.net, 0
+ipleak.net, 1
+ipledgeonline.org, 0
+iplog.info, 0
+iplookup.tk, 1
+ipmatic.ga, 1
+ipmkts.com, 1
+ipmotion.ca, 1
+ipmscoutek.com, 0
+ipnoze.com, 1
+ipnrt.net, 1
+ipoac.nl, 1
+ipokabu.net, 1
+ipomue.com, 1
+ipon.hu, 1
+ipon.ro, 1
+iposm.net, 0
+ipost.rocks, 1
+ipoteka.az, 1
+ipow.tk, 1
+ipperde.tk, 1
+ipplans.com, 1
+ippo-juku.com, 1
+ippo.org.uk, 1
+ippowerhouse.com, 1
+iprcenter.gov, 1
+iprep.it, 0
+ipresent.com, 1
+iprice.co.id, 1
+iprice.hk, 1
+iprice.my, 1
+iprice.ph, 1
+iprice.sg, 1
+iprice.vn, 1
+ipricethailand.com, 1
+iprisk.info, 1
+iproducemusic.com, 1
+iproductrepair.com, 1
+iproskills.com, 1
+iprpetitiondenied.com, 1
+ips-consult.nl, 1
+ips-sachsen.de, 1
+ips.com.my, 1
+ipschool.spb.ru, 1
+ipsculemborg.nl, 1
+ipsecurelink.com, 1
+ipsilon-project.org, 1
+ipso.paris, 1
+ipssl.li, 1
+ipstoragesolutions.com, 1
+ipsubscription.store, 1
+ipsum.dk, 1
+ipswitch.com.tw, 1
+iptechnology.tk, 1
+iptoasn.com, 1
+iptops.com, 1
+iptv.ge, 1
+iptvcanada.biz, 1
+iptvfriend.ga, 1
+iptvzoom.xyz, 1
+ipty.de, 1
+ipuservicedesign.com, 1
+ipushmail.tk, 1
+ipv4.cf, 1
+ipv4.cy, 1
+ipv4.gr, 1
+ipv4.party, 1
+ipv4.rip, 1
+ipv6-adresse.dk, 1
+ipv6-handbuch.de, 1
+ipv6.bible, 1
+ipv6.cool, 1
+ipv6.cy, 1
+ipv6.gr, 1
+ipv6.jetzt, 0
+ipv6.pictures, 1
+ipv64.net, 0
+ipv6ioffentligsektor.se, 1
+ipv6vpn.net, 1
+ipvbook.com, 0
+ipview.tk, 1
+ipwho.site, 1
+iqcybersolutions.com, 1
+iqmarketing.nl, 1
+iqor.com, 1
+iqos.ml, 1
+iqphone.cf, 1
+iqphone.ga, 1
+iqr2.com, 1
+iqraskolan.se, 1
+iqreview.ru, 1
+iqsecurity.eu, 1
+iqsmn.org, 1
+iqtechportal.com, 1
+iqtek.solutions, 1
+iqwst.com, 1
+ir.to, 1
+iraanswersers.ga, 1
+iraanswersest.ga, 1
+iraf.de, 1
+iragoldreview.com, 1
+irajsingh.tk, 1
+irakturkleri.org, 1
+iramellor.com, 1
+iran-best.cf, 1
+iran-oil.tk, 1
+iran-speedex.tk, 1
+iranactua.tk, 1
+irancenter.tk, 1
+iranconnect.tk, 1
+irandex.ga, 1
+irandex.gq, 1
+irando.co.id, 1
+irandroid.ml, 1
+iranettelecom.com.br, 1
+iranfilmcity.tk, 1
+iranfreshfruit.cf, 1
+irangeodesy.tk, 1
+iranian.lgbt, 1
+iranjeunesse.com, 1
+iranjob.tk, 1
+iranlinks.tk, 1
+iranonline.tk, 1
+iranophiles.com, 1
+iranophiles.net, 1
+iranophiles.org, 1
+iranpedia.tk, 1
+iranrebate.com, 1
+iranturkey.info, 1
+iranwiki.ovh, 1
+irap.org, 1
+iraq2u.tk, 1
+iraq4u.tk, 1
+iraqinews.ga, 1
+iraqmartialarts.tk, 1
+iraqtop.tk, 1
+irareturners.ga, 1
+irasandi.com, 1
+irasingh.tk, 1
+iratechwatch.com, 1
+iratten.de, 1
+irayo.net, 1
+irbot.com.br, 1
+ircica.org, 1
+ircmett.de, 1
+ircnet.de, 1
+ircnow.org, 0
+ircoholik.ml, 1
+ircom.com.ar, 1
+ircpad.com, 1
+ircsapiklari.tk, 1
+irdll.com, 1
+ireaco.com, 1
+iready.ro, 1
+iredellcountync.gov, 1
+iregister.al, 1
+ireiguam.org, 1
+ireis.fr, 1
+ireland.gq, 1
+irelandforukraine.ie, 1
+irelandinternetstuffs4u.tk, 1
+irelandondemand.ie, 1
+irelandremembers.com, 1
+irelandremembers.ie, 1
+irelandremembers.org, 1
+irelandstats.com, 1
+iren.gov, 1
+irenefellner.com, 1
+irenekauer.com, 1
+irenelove.com, 1
+ireneskralen.tk, 1
+irenictherapy.com, 1
+irentcar.com.tw, 1
+ireps.gov.in, 1
+iresineworld.tk, 1
+irf2.pl, 1
+irfanweb.cf, 1
+irfs.org, 1
+irgit.pl, 1
+iricky.art, 1
+iridiumbrowser.de, 1
+irina-beauty.de, 1
+irinaf.tk, 1
+irioka.be, 1
+irion-edm.com, 1
+iris-design.info, 1
+iris-elements-development.co.uk, 1
+iris-elements-development.com, 1
+iris-elements-staging.co.uk, 1
+iris-elements-staging.com, 1
+iris-elements-testing.co.uk, 1
+iris-elements-testing.com, 1
+iris-elements.co.uk, 1
+iris-elements.com, 1
+iris-insa.com, 1
+iris.co.uk, 1
+irische-segenswuensche.info, 1
+irisdesideratum.com, 1
+irisdesign.com, 1
+irisfansite.tk, 1
+irish.radio, 1
+irishcasinohex.com, 1
+irishdancing.tk, 1
+irishdenetwork.org, 1
+irishlifehealth.ie, 1
+irishmusic.nu, 0
+irishradioplayer.radio, 1
+irishub.co.uk, 1
+irishwool.ru, 1
+irisinclusiva.pt, 0
+irisinfo.net, 1
+irismq.fr, 1
+irisopenspace.co.uk, 1
+irisws-development.co.uk, 1
+irisws-staging.co.uk, 1
+irisws-testing.co.uk, 1
+iritual.ru, 1
+irkfap.com, 1
+irkutsk-studygood.ga, 1
+irkutsk38.tk, 1
+irland-firma.com, 1
+irlfp.com, 1
+irlpack.pl, 1
+irlprable.tk, 1
+irma-gadalka.tk, 1
+irmag.ru, 1
+irmakprefabrik.com, 1
+irmgard-woelfle.de, 1
+irmgardkoch.com, 1
+irmo.hr, 1
+irmonline.tk, 1
+irob.co.jp, 1
+iroiroaruyo.net, 1
+iroise.ch, 1
+iroisedh.fr, 1
+iron-infos.cf, 1
+iron.io, 1
+ironarch.net, 1
+ironbarnyc.com, 1
+ironbelly.pro, 1
+ironbow.com, 0
+ironbowhealthcare.com, 0
+ironcage.tk, 1
+ironcladapp.com, 1
+ironcross.tk, 1
+irondequoit.gov, 1
+ironfistdesign.com, 1
+ironfittings.com.br, 1
+irongym.tk, 1
+ironitekstil.com, 1
+ironmagma.tk, 1
+ironmaidenbootleghub.tk, 1
+ironmongery.cf, 1
+ironmongery.ga, 1
+ironmongeryexperts.co.uk, 1
+ironpeak.be, 1
+ironraven.ch, 1
+ironraven.ml, 1
+ironridgewi.gov, 1
+ironscales.com, 0
+ironstar.tk, 1
+irontigers.ga, 1
+irontigers.gq, 1
+irontigers.ml, 1
+ironwaytransport.com, 1
+ironwind.ga, 1
+ironwolftechnology.com, 1
+ironwoodmi.gov, 1
+ironycats.net, 1
+iroomz.co.uk, 1
+iroquoiscountyil.gov, 1
+irpadafrique.ml, 1
+irr52.ru, 0
+irr59.ru, 1
+irrational.net, 1
+irrewilse.se, 1
+irrigation.zone, 1
+irscouponsers.ga, 1
+irscouponsest.ga, 1
+iruarts.ch, 1
+iruca.co, 1
+iruniruten.tk, 1
+iruoy.com, 1
+irvinekentucky.gov, 1
+irvingtonnj.gov, 1
+irvingtonva.gov, 1
+irvingtx.gov, 1
+irweb.io, 1
+irwincounty-ga.gov, 1
+irwinvalera.com, 1
+iryodatumoguide.com, 1
+irzumshafiq.tk, 1
+is-a-furry.org, 1
+is-and.com, 1
+is-in-hyper.space, 1
+is-news.today, 1
+is-real.xyz, 1
+is-rocket.science, 1
+is-socket.tk, 1
+isa357.com, 1
+isa4310.com, 1
+isa5417.com, 1
+isaaccomputerscience.org, 1
+isaaccs.org, 1
+isaacdgoodman.com, 1
+isaacgolding.com, 1
+isaackabel.cf, 1
+isaackabel.ga, 1
+isaackabel.gq, 1
+isaackabel.ml, 1
+isaackabel.tk, 1
+isaackhor.com, 1
+isaacman.tech, 1
+isaacmorneau.com, 1
+isaacperez.tk, 1
+isaacphysics.org, 1
+isaaczais.com, 1
+isaaya.com, 1
+isab.run, 1
+isabelaflores.com, 1
+isabelcaviedes.com, 1
+isabellahoopsentertainment.com, 1
+isabellainlove.com, 1
+isabellavandijk.nl, 1
+isabelle-delpech.com, 0
+isabellehogarth.co.uk, 1
+isabellzaloof.ga, 1
+isabellzaloof.gq, 1
+isabelmurillo-ordonez.com, 0
+isabelvalfer.com, 1
+isacyberinsure.com, 1
+isacybersecurity.com, 1
+isadamlari.tk, 1
+isaeus.nl, 1
+isakow.cf, 1
+isakow.gq, 1
+isamay.es, 1
+isamiok.com, 1
+isantv.com, 1
+isara.com, 1
+isaropiping.fr, 1
+isastylish.com, 1
+isavanderbrugge.nl, 1
+isavings.com, 1
+isbagla.com, 1
+isbaseballstillon.com, 1
+isbk.de, 0
+isbndirect.com, 0
+isbpanel.com, 1
+isc.org, 1
+isc2.org, 0
+isc2estoniachapter.ee, 1
+iscert.org, 1
+ischia2.it, 1
+ischool.co.jp, 1
+iscontrol.com.mx, 1
+iscultas.pp.ua, 1
+isdecolaop.nl, 1
+isdn.jp, 1
+isdown.cz, 1
+isecrets.se, 1
+iseecure.be, 1
+isekaimaid.xyz, 1
+isense.tw, 1
+isentek.com, 1
+iseriemandopkantoor.nl, 1
+isering.com, 1
+isernogiemandopkantoor.nl, 1
+iservicio.mx, 1
+iseulde.com, 1
+isexu.ga, 1
+isg-one.com, 0
+isg-tech.com, 1
+isgp-studies.com, 1
+ishadow.com, 1
+ishamf.com, 1
+ishet.al, 1
+ishigurodo.com, 1
+ishiharaken.com, 1
+ishii.blog, 1
+ishimen.co.jp, 1
+ishiro.me, 1
+ishland.com, 1
+ishopforpowerserg.com, 1
+ishtamar.fr, 1
+ishtyl.com, 1
+isidore.uk, 1
+isikdolls.com, 1
+isiklitabela.tk, 1
+isil.fi, 1
+isimonbrown.co.uk, 1
+isimonline.tk, 1
+isincheck.com, 1
+ising.pl, 1
+isiponline.ca, 1
+isis.cloud, 1
+isiso.com.tr, 1
+isistomie.com, 0
+isitan.com, 0
+isitchristmas.com, 1
+isitcoffeetime.com, 1
+isitdoneyet.gov, 1
+isitef.com, 1
+isitnuclearwaryet.com, 1
+isitpatchtuesday.com, 1
+isitrest.info, 1
+isizedconsult.com.ng, 1
+iska.plus, 0
+iskanderbroere.nl, 1
+iskaron.de, 1
+iskaz.rs, 1
+iskconbd.org, 1
+iskconperth.com, 1
+iskin.xyz, 0
+iskkk.com, 1
+iskkk.net, 1
+iskorka.tk, 1
+iskra.world, 0
+iskurturkiye.cf, 1
+iskurturkiye.ga, 1
+iskurturkiye.gq, 1
+islam-2day.tk, 1
+islam-azeri.tk, 1
+islam-doc.tk, 1
+islam-net.tk, 1
+islam.az, 1
+islam.si, 1
+islam4all.tk, 1
+islam4congo.tk, 1
+islamabadcourt.tk, 1
+islamantarih.tk, 1
+islambolivia.tk, 1
+islamdersi.tk, 1
+islamdin.com, 1
+islamerkantho.com, 0
+islamfirst.ml, 1
+islamicacademy.tk, 1
+islamicarchitecturalheritage.com, 1
+islamicnews.tk, 1
+islamicsolution.tk, 1
+islaminbremen.de, 0
+islamipages.tk, 1
+islamisgreat.tk, 1
+islamiyet.gen.tr, 0
+islamiyet.tk, 1
+islamnews.ga, 1
+islamnewss.tk, 1
+islamo.tk, 1
+islamonline.net, 1
+islamparafriendsclub.ml, 1
+islamqa.info, 1
+islamspread.tk, 1
+islamvictory.com, 1
+islamvictory.net, 1
+islamvictory.org, 1
+island-cruises.tk, 1
+island-line.net, 1
+island-line.nl, 1
+island.is, 1
+islandbuses.info, 1
+islandchillfiji.com.my, 1
+islandcityoregon.gov, 1
+islandheightsborough.gov, 1
+islandhosting.com, 1
+islandinthenet.com, 1
+islandlakeil.gov, 1
+islandmenshealth.com, 1
+islandpumpandtank.com, 0
+islandsbanki.is, 1
+islandsofgreenturtles.tk, 1
+islasvirgenes.org, 1
+islatortuga.eu, 1
+islcustomsbrokers.com, 1
+islekyapi.com, 1
+islensktlambakjot.is, 1
+isleofman.tk, 1
+isletech.net, 1
+isletmenlikkursuankara.tk, 1
+isliada.org, 1
+islide-powerpoint.com, 1
+islief.com, 1
+islightdown.today, 1
+islikimas.lt, 1
+islipny.gov, 1
+islykaithecutest.cf, 1
+islykaithecutest.ml, 1
+ismail-biber.tk, 1
+ismailtoraman.com, 1
+ismailtoraman.com.tr, 1
+ismat.com, 0
+ismekkurs.com, 1
+ismena.bg, 1
+isminc.com, 1
+ismywebsitepenalized.com, 1
+isn.cz, 1
+isn.education, 1
+isnot.ai, 1
+iso.fr, 1
+iso27001.dk, 1
+iso27032.com, 1
+isobook.ml, 1
+isofartak.com, 1
+isogg.org, 1
+isognattori.com, 1
+isoip.org, 1
+isolatiehal.nl, 1
+isolation-exterieure-thermique.fr, 1
+isolde.com, 1
+isole-lofoten.it, 1
+isolta.com, 1
+isolta.de, 1
+isolta.ee, 1
+isolta.fi, 1
+isolta.lv, 1
+isolta.se, 1
+isopres.de, 1
+isopro.info, 1
+isoroc-nidzica.pl, 1
+isosat.net, 1
+isotope.gov, 1
+isovideo.com, 1
+isowebtech.com, 1
+ispactivo.com, 1
+ispanika.tk, 1
+ispaniola.ga, 1
+ispanskijshuanom.ru, 1
+ispanyadahayat.com, 1
+ispartahaber.cf, 1
+ispartahaber.gq, 1
+ispartahaber.tk, 1
+ispc-synergies.org, 1
+ispfontela.es, 1
+ispmedipv6.se, 1
+isportsfab.com, 1
+ispro-ng.com, 1
+ispsoft.pro, 1
+isputinstillpresident.com, 1
+ispymissions.ga, 1
+isra-mag.com, 1
+israel-alma.org, 1
+israel-in-color.com, 1
+israel-nadlan.com, 1
+israel-real.estate, 1
+israel-web.com, 1
+israel21c.org, 1
+israelandantisemitism.com, 1
+israelandhome.com, 1
+israelbiblicalstudies.com, 1
+israelcareersers.ga, 1
+israelcareersest.ga, 1
+israelflorist.com, 1
+israelitas.tk, 1
+israelitopbox.ga, 1
+israelmesianico.tk, 1
+israelnewswire.tk, 1
+israelpalestinenews.org, 1
+israelportalk.cf, 1
+israelportalk.ga, 1
+israelportalk.gq, 1
+israelportalk.ml, 1
+israelportalk.tk, 1
+israkurort.com, 1
+isramedia.tk, 1
+isreedyinthe.uk, 1
+isreedyinthe.us, 1
+isreedyintheuk.com, 1
+isrib.com, 1
+issa.eu.org, 1
+issaias.net, 0
+issaquah.cam, 1
+issasfrissa.se, 1
+isscouncil.com, 1
+issea.wiki, 1
+issforum.org, 1
+issho.jp, 1
+issio.net, 1
+isslshop.com, 1
+issnet.cf, 1
+issnet.ga, 1
+issnet.gq, 1
+issuerconsulting.com, 1
+issues.email, 1
+issuetrak.com, 1
+issundries.com, 1
+ist-analys.com, 1
+ist-analyse.com, 1
+ist-intim.de, 1
+ist-toll.xyz, 1
+ista-vdm.at, 1
+istagb.ga, 1
+istanbul.systems, 1
+istanbulblog.tk, 1
+istanbulbogazicienstitu.com, 1
+istanbuleskort.tk, 1
+istanbulhaberleri.tk, 1
+istanbulhomes.com, 1
+istanbulmasajsalonu.tk, 1
+istanbulweb.gen.tr, 1
+istdas.lol, 1
+istec.com.ua, 1
+istech.com.tr, 1
+istekparcam.com, 1
+istekparcam.com.tr, 1
+isterfaslur.com, 1
+isthatarabic.com, 1
+istheapplestoredown.com, 1
+istheapplestoredown.de, 1
+isthedoorlocked.com, 1
+isthefieldcontrolsystemdown.com, 1
+istheinternetonfire.com, 1
+istherrienstillcoach.com, 1
+istheservicedown.co.uk, 1
+istheservicedown.com, 1
+istheservicedowncanada.com, 1
+isthisarabic.com, 1
+isthisus.org, 1
+isthnew.com, 1
+istimdead.today, 1
+istitutoimballaggio.org, 1
+istitutoricci.com, 1
+istitutoricci.it, 1
+istitutovivaldi.it, 1
+istkurznochkanzler.at, 1
+istogether.com, 1
+istories.media, 1
+istorija-balkana.tk, 1
+istormsolutions.co.uk, 1
+istorrent.is, 1
+istratov.tk, 1
+istrosec.com, 1
+istrosec.org, 1
+istschonsolangeinrente.de, 1
+istsi.org, 1
+istudentpro.ml, 1
+istudio.one, 1
+isuggi.com, 1
+isultov.tk, 1
+isutils.com, 1
+isv.online, 1
+isvbscriptdead.com, 1
+isvsecwatch.org, 1
+isvstar.com, 1
+isvw.nl, 0
+iswag.se, 1
+iswapgh.com, 1
+isystem.cf, 1
+isystem.ga, 1
+isystem.gq, 1
+isystem.tk, 1
+isyu.xyz, 1
+iszy.cc, 1
+iszy.xyz, 1
+it-academy.sk, 1
+it-actual.ru, 1
+it-actually.work, 1
+it-altstadt.de, 1
+it-biznes.com, 1
+it-blog.cf, 1
+it-boss.ro, 1
+it-com.ga, 1
+it-connect.fr, 1
+it-cooking.com, 1
+it-ebook.ml, 1
+it-enthusiasts.tech, 1
+it-expert.tk, 1
+it-inside.ch, 1
+it-inzhener.com, 1
+it-ip-rudnick.de, 1
+it-jobbank.dk, 1
+it-lobster.com, 1
+it-maker.eu, 1
+it-ngo.com, 1
+it-novosti.tk, 1
+it-perm.tk, 1
+it-rotter.de, 1
+it-seems-to.work, 1
+it-service24.com, 1
+it-stack.de, 1
+it-stek.ru, 1
+it-support-stockholm.se, 1
+it-tainment.de, 1
+it-tekniker.nu, 1
+it-ti.me, 1
+it-volgograd.tk, 1
+it-wars.com, 1
+it-web-entwicklung.de, 1
+it-world.eu, 0
+it-xperts.be, 1
+it-zt.at, 1
+it.com.eg, 0
+it.search.yahoo.com, 0
+it1b.com, 1
+it4sure.nl, 1
+it76.tk, 1
+it82.com, 1
+ita2a.it, 1
+itabenar.tk, 1
+itactiq.com, 1
+itactiq.info, 1
+itad.top, 1
+itaiferber.net, 1
+itaja.com, 1
+ital-gamma.be, 0
+italbavaro.com, 1
+italdesign.it, 1
+italentado.ml, 1
+italia-facile.ru, 1
+italiaeconomy.it, 1
+italiale.tk, 1
+italian-shoes.tk, 1
+italiana-lacrima.tk, 1
+italianerd.com, 1
+italianerd.it, 1
+italianettepizza.com, 1
+italianfoodonlinestores.com, 1
+italianforkids.com.au, 1
+italianhelper.com, 1
+italianluxuryinter.cf, 1
+italianluxuryinter.ga, 1
+italianluxuryinter.gq, 1
+italiano-bello.com, 1
+italianpillow.com, 1
+italianracingteam.tk, 1
+italiansrent.com, 1
+italiansrit.tk, 1
+italianweddingmusicians.com, 1
+italianweddingvideographers.com, 1
+italiasera.it, 1
+italiataxi.ru, 1
+italiatopnews.tk, 1
+italiensk-tolk.dk, 1
+italik.co.uk, 1
+italjet-tuning.tk, 1
+italk.ml, 1
+italserrande.it, 1
+italyinspires.com, 1
+italyisbeautiful.com, 1
+italyspecialty.coffee, 1
+itamservices.nl, 1
+itap.gov, 0
+itape.com, 0
+itaro.bot, 1
+itaro.ee, 1
+itaro.eu, 1
+itascacountymn.gov, 1
+itasis.com.br, 1
+itasolution.it, 1
+itb-online.co.uk, 1
+itbog.org, 1
+itbolagmedipv6.se, 1
+itbrief.asia, 1
+itbrief.co.nz, 1
+itbrief.com.au, 1
+itbrouwerij.be, 1
+itc-lucke.com, 1
+itcamefromtheunderground.tk, 1
+itcbuerobedarf.de, 1
+itcentroamerica.com, 1
+itchy.nl, 1
+itchybrainscentral.com, 1
+itcinfotech.com, 1
+itcloud.ca, 1
+itclubonline.tk, 1
+itcommodities.club, 1
+itcompanies.net, 1
+itconsulting-wolfinger.de, 1
+itcoolie.in, 1
+itcreative.ro, 1
+itcs.services, 1
+itcyber.pl, 1
+itcybersecurity.gr, 1
+itdashboard.gov, 1
+itdata.tk, 1
+itdoneproperly.com, 1
+itds-consulting.com, 1
+itds-consulting.eu, 1
+itdutchie.com, 1
+itechbrand.com, 1
+itechfast.tk, 1
+itechpros.com.au, 1
+itecor.net, 0
+iteecafe.hu, 1
+itefix.net, 1
+itefix.no, 1
+iteha.de, 1
+iteke.ml, 1
+iteke.tk, 1
+iteks.fr, 1
+iteksys.ru, 1
+item.no, 1
+itemcreator.tk, 1
+itemmc.com, 1
+itempathy.com, 1
+iteon.pl, 1
+iteracy.com, 1
+iternova.net, 1
+itero.eu, 1
+iterror.co, 1
+itexpert12.tk, 1
+itexplaineders.ga, 1
+itexplainedest.ga, 1
+itezu.ml, 1
+itfall.tk, 1
+itfh.eu, 0
+itfirmaet.dk, 1
+itfix.org.uk, 1
+itgeeks.nl, 1
+itgoesup.com, 1
+itgoesupent.com, 1
+itgoesupentertainment.com, 1
+ithakama.com, 1
+ithakama.cz, 1
+ithenrik.com, 1
+ithillel.ua, 1
+ithinc.net, 1
+ithjalpforetag.se, 1
+ithmaarbank.com, 1
+ithriveedinburgh.org.uk, 1
+ithuthuat.vn, 1
+itidying.com, 1
+itikon.com, 1
+itilo.de, 0
+itinerance.ca, 1
+itinero.xyz, 1
+itioc10.tk, 1
+itis.gov, 1
+itis4u.ch, 1
+itisjustnot.cricket, 1
+itisyourmoney.co.uk, 1
+itiweb.tk, 1
+itk.se, 1
+itleaked.gq, 1
+itlg.ru, 1
+itlife.tk, 1
+itlitera.com, 1
+itlog.tk, 1
+itlogic.com.au, 1
+itludens.com, 1
+itmastersupport.tk, 1
+itmatournai.tk, 1
+itmax.ua, 1
+itmedicinai.lt, 1
+itmindscape.com, 1
+itmustbee.com, 1
+itmx.cc, 0
+itnet.com.ua, 1
+itnota.com, 1
+itnsusa.com, 1
+itoady.com, 1
+itochan.jp, 1
+itoezichtprotocol.nl, 1
+itoma.tech, 1
+itondersteuning.eu, 1
+itotalaccess.net, 1
+itouriria.com, 1
+itoxic.tk, 1
+itpanda.pl, 1
+itparty.tk, 1
+itpaukku.tk, 1
+itpedia.nl, 1
+itperm.tk, 1
+itpol.dk, 1
+itportal.io, 1
+itpress.fi, 0
+itpro.ua, 1
+itprotect.pl, 1
+itradeit.in, 1
+itradenetwork.com, 1
+itraffic.cf, 1
+itraffic.tk, 1
+itraincalisthenic.com, 1
+itraveille.fr, 1
+itravelbg.com, 1
+itraveller.net, 1
+itreboot.co.nz, 1
+itrendbuzz.com, 1
+itrew.ru, 1
+itrezzo.com, 1
+itrio.pet, 1
+itrodeo.com, 1
+itrollskogens.tk, 1
+itruss.com.tw, 1
+itruth.tk, 1
+its-aeth.tk, 1
+its-em.ma, 1
+its-gutachten.de, 1
+its-not-your.business, 1
+its-schindler.de, 1
+its-taxi.nl, 1
+its-v.de, 1
+its.gov, 1
+its420somewhere.com, 1
+its4living.com, 1
+its5oclock.eu, 1
+itsabouncything.com, 1
+itsacheckmate.com, 1
+itsakerhetspodden.se, 1
+itsalan.tk, 1
+itsallmath.org, 1
+itsanicedoor.co.uk, 1
+itsaw.de, 1
+itsayardlife.com, 1
+itsbananas.life, 1
+itsbrightly.com, 1
+itsburning.nl, 1
+itscalculator.com, 1
+itscc.kr, 1
+itsch-itsche.com, 1
+itsdcdn.com, 1
+itsec.link, 1
+itsecblog.de, 1
+itsecboecker.de, 1
+itsecrnd.com, 1
+itsecuritycoach.com, 1
+itseeze.com, 1
+itservis.org, 1
+itsevann.com, 1
+itsevident.com, 1
+itsforu.de, 1
+itsgottabedark.com, 1
+itsgreener.com, 1
+itshamradio.com, 1
+itshka.rv.ua, 1
+itsig-faq.de, 1
+itsloution.tk, 1
+itsm.tools, 1
+itsmeaxel.ovh, 1
+itsmycode.com, 1
+itsmyparty.ie, 1
+itsnotnot.tk, 1
+itsnotquitethehilton.com, 0
+itsnudi.com.br, 1
+itsoft.ru, 1
+itsok.de, 1
+itsok.link, 1
+itsoluciones.com.co, 1
+itspartytimeonline.co.uk, 1
+itspartytimesweetinflations.com, 1
+itspersonalizeders.ga, 1
+itspersonalizedest.ga, 1
+itspersonaltraining.nl, 1
+itsquiet.org, 1
+itsrana.com, 1
+itssolidest.ga, 1
+itsstefan.eu, 1
+itstartswithme.ca, 1
+itstatic.tech, 1
+itsuitsyou.co.za, 1
+itsuka-world.com, 1
+itsundef.in, 0
+itsupport24.tk, 1
+itsupportguys.com, 1
+itswincer.com, 1
+itsynergy.co.uk, 1
+itt-shop.bg, 1
+itt-shop.com, 1
+itt-us.com, 1
+ittgame.tk, 1
+ittreservations.com, 1
+ittykins.com, 1
+itunesgiftcard.in.th, 1
+itur.co.il, 1
+itvaatlik.ee, 1
+itvia.email, 1
+itvia.eu, 1
+itvia.net, 1
+itvia.org, 1
+itviec.com, 1
+itvirtual.tk, 1
+itw.com, 1
+itweak.tk, 1
+itwebentwicklung.de, 1
+itwell.cz, 1
+itwofm.com, 1
+itwolfcl.tk, 1
+itworks.nyc, 1
+itwozi.com, 1
+itx.no, 1
+itxartu.tk, 1
+itxlatam.com, 1
+itxn.cn, 0
+itxnorge.no, 1
+itxuc.com, 1
+ityug247.com, 1
+itzahammer.tk, 1
+itzamnaxelahomestay.tk, 1
+itzap.com.au, 1
+itzer.de, 1
+itzine.ru, 1
+itzkavin.tk, 1
+itzlive.tk, 1
+iubuniversity.tk, 1
+iurisnovagestion.es, 0
+iusedtobelieve.com, 1
+iuspenal.com, 1
+iv-vr.com, 1
+iv-well.com, 1
+iv.pl, 0
+iv4kiso.com, 1
+ivahbbiz.tk, 1
+ivampiresp.com, 0
+ivan-maliy.tk, 1
+ivan-popov.tk, 1
+ivan-tadej.tk, 1
+ivan-varga.tk, 1
+ivan1874.cf, 1
+ivan1874.dynu.net, 1
+ivan770.me, 1
+ivana-models-escortservice.de, 0
+ivanaleksandrov.com, 1
+ivanbenito.com, 1
+ivancacic.com, 0
+ivandafish.net, 1
+ivanderevianko.com, 1
+ivanesalud.com, 1
+ivanilla.org, 1
+ivanime.com, 1
+ivankuchin.tk, 1
+ivanmeade.com, 1
+ivanov.icu, 1
+ivanovka.ga, 1
+ivanovocity.tk, 1
+ivanovolive.ru, 1
+ivanpolchenko.com, 1
+ivantedesco.tk, 1
+ivanwolf.ga, 1
+ivanya.tk, 1
+ivanzorin.cf, 1
+ivdnt.org, 1
+ivelop.me, 0
+ivendi.com, 1
+iventishirts.com, 1
+ivermectin.gq, 1
+ivermectinc19.com, 1
+ivertubani.com, 1
+ivetazivot.cz, 1
+ivetebolos.com.br, 1
+ivfausland.de, 1
+ivi.cx, 1
+ivifashion.tk, 1
+ivioschool.nl, 1
+ivisa.ga, 1
+ivisitkorea.com, 1
+ivisitorinsurance.com, 1
+ivixor.ru, 1
+ivjose.com, 0
+ivkom.com, 1
+ivkymppi.fi, 1
+ivmmeta.com, 1
+ivmstatus.com, 1
+ivn555.tk, 1
+ivn777.tk, 1
+ivn888.tk, 1
+ivn999.com, 0
+ivnext.org, 1
+ivo-ouwerkerk.nl, 1
+ivo.co.za, 1
+ivocopro.com, 1
+ivocotec.com, 1
+ivoid.cf, 1
+ivopetkov.com, 1
+ivor.io, 1
+ivor.is, 1
+ivorvanhese.com, 1
+ivorvanhese.nl, 1
+ivory.com, 1
+ivoryandgrace.com, 1
+ivoryhomes.com, 1
+ivoryonsunset.com, 1
+ivotemahdi.com, 1
+ivoucher-kuwait.com, 1
+ivpbot.tk, 1
+ivpn.net, 1
+ivr.fi, 1
+ivre.rocks, 1
+ivrn.net, 1
+ivs-tech.ru, 1
+ivsign.net, 1
+ivtherapyclinic.ru, 1
+ivy-league-colleges.com, 1
+ivyandrose.co, 1
+ivyhelpers.com, 1
+ivypanda.com, 1
+ivyseeds.cf, 1
+iwalton.com, 1
+iwant.cz, 1
+iwantexchange.com, 1
+iwantpayments.com, 1
+iwanttrack.com, 1
+iwantyoutocomment.tk, 1
+iwascoding.com, 1
+iwascoding.de, 1
+iwasfit.com, 1
+iwashealthy.com, 1
+iwatchcops.com, 1
+iwatchcops.org, 1
+iwatchla.net, 1
+iwate-shien-r5.com, 1
+iwate-tabipro-ver4.jp, 1
+iwatt.sk, 1
+iwch.tk, 1
+iwd.gc.ca, 1
+iwebdna.com, 1
+iwebing.tk, 1
+iweblab.it, 1
+iwebolutions.com, 1
+iwebsolution.tk, 1
+iwec.pk, 1
+iwex.swiss, 1
+iwf.sport, 1
+iwhite.tk, 1
+iwiki.net, 1
+iwismer.ca, 1
+iwmf.ir, 1
+iwonder.tw, 1
+iwp.ch, 1
+iwtsd.gov, 1
+iww.me, 1
+iww.mx, 1
+iww.org.au, 1
+iww.org.nz, 1
+ix.run, 1
+ix8.ru, 0
+ixiaqu.com, 0
+ixir.gen.tr, 1
+ixit.cz, 1
+ixn.com, 1
+ixoso.com, 1
+ixplayer.com, 1
+ixquick-proxy.com, 1
+ixquick.co.uk, 1
+ixquick.com, 1
+ixquick.de, 1
+ixquick.eu, 1
+ixquick.fr, 1
+ixquick.info, 1
+ixquick.nl, 1
+ixtan.ga, 1
+ixware.de, 1
+ixxat.com, 0
+ixypsilon.net, 1
+iy.uy, 1
+iyadalkassab.com, 1
+iyan.es, 1
+iyanmv.com, 1
+iyassu.com, 1
+iyc.web.tr, 1
+iyiarastir.com, 1
+iyibul.net, 1
+iyinolaashafa.com, 1
+iymark.com, 1
+iyn.me, 1
+iyouewo.com, 1
+iyoumu.top, 1
+iyspanel.com, 1
+iyume.top, 1
+iz8mbw.net, 1
+izabava.tk, 1
+izabel.tk, 1
+izamulhakeem.tk, 1
+izana.com.br, 1
+izanagi52.ddns.net, 1
+izapi4.fr, 1
+izavel.com, 1
+izb.se, 1
+izbirateli.com, 1
+izecubz.me, 1
+izemporium.com, 1
+izi-agency.com, 1
+izipik.gq, 1
+izkustvo.com, 1
+izleorg2.org, 1
+izm.ovh, 1
+izmail-invertor.com.ua, 1
+izmailovo.tk, 1
+izmir-media.cf, 1
+izmir-media.ga, 1
+izmir-media.gq, 1
+izmir-organizasyon.tk, 1
+izmirarabakiralama.name.tr, 1
+izmirarackiralama.name.tr, 1
+izmirescort.tk, 1
+izmireskortlari.tk, 1
+izmirotokiralama.name.tr, 1
+izmirprotestan.org, 1
+izmirrentacar.name.tr, 1
+izmirtemizlik.tk, 1
+izodiacsigns.com, 1
+izolpoznan.pl, 1
+izone.ua, 1
+izs.me, 1
+izttech.com, 1
+izuba.info, 0
+izumi-hirodental.com, 1
+izumi-ryokan.com, 1
+izumrudniy.tk, 1
+izvorul-bucovinei.ro, 1
+izxxs.com, 1
+izxxs.net, 1
+izxzw.net, 1
+izzardink.com, 1
+izzqz.me, 1
+izzy.is, 1
+izzycat.net, 1
+izzymendosa.net, 1
+izzyontour.tk, 1
+j-annonce.co.il, 1
+j-harrison-media.co.uk, 1
+j-harrison.co.uk, 1
+j-library.com, 1
+j-maxton.de, 1
+j-ph.ovh, 1
+j-robertson.com, 1
+j00228.com, 1
+j05.cn, 1
+j0bs.org, 1
+j0e.com, 1
+j0hn.net, 0
+j0hndball.com, 1
+j0m.de, 1
+j0s.eu, 1
+j15h.nu, 1
+j1visahealthinsurance.com, 1
+j2ee.cz, 1
+j2h.de, 1
+j3.cn, 1
+j32663.com, 1
+j32665.com, 1
+j32773.com, 1
+j32774.com, 1
+j32b.com, 1
+j365.me, 1
+j36533.com, 1
+j3dpd.com, 1
+j3e.de, 1
+j4m.xyz, 1
+j5197.co, 1
+j5lx.de, 1
+j5lx.eu, 1
+j5lx.io, 1
+j5s7.de, 1
+j5y.de, 1
+j605.tk, 1
+j6729.co, 1
+j6729.com, 1
+j6957.co, 1
+j6957.com, 0
+j70111.com, 0
+j70222.com, 0
+j70333.com, 0
+j70444.com, 0
+j70555.com, 0
+j82365.com, 1
+j8jp.com, 0
+j9.ag, 0
+j9297.co, 1
+j9507.com, 0
+j9508.com, 0
+j9514.com, 0
+j95app.com, 0
+j95bb.com, 0
+j95cc.com, 0
+j95dd.com, 0
+j95ee.com, 0
+j95ios.com, 0
+j95ss.com, 0
+j95xx.com, 0
+j95zz.com, 0
+j9721.com, 1
+j9728.co, 1
+ja-hypnose.de, 1
+ja-jirei-ienohikari.com, 1
+ja-no-me.ru, 1
+ja-sobstvennik.tk, 1
+ja-tay.sr, 1
+ja-youth.jp, 1
+ja-zur-gs.de, 1
+ja1deijssel.tk, 1
+jaago-pakistan.tk, 1
+jaajko.com, 1
+jaajko.eu, 1
+jaajko.fi, 1
+jaajko.me.uk, 1
+jaajko.site, 1
+jaajko.xyz, 1
+jaakkohannikainen.fi, 1
+jaalits.com, 1
+jaamaa.com, 1
+jaanikese.edu.ee, 1
+jaarverslagveere.nl, 1
+jaaxypro.com, 1
+jab-graphics.com, 1
+jaba.hosting, 1
+jababu.cz, 1
+jabagly.com, 1
+jabal-aqel-albab.tk, 1
+jabba.homelinux.org, 1
+jabbari.io, 1
+jabbas.eu, 1
+jabber.at, 1
+jabber.uk, 1
+jabberd.org, 1
+jabberdog.tk, 1
+jabberfr.org, 1
+jabbers.one, 1
+jabberster.tk, 1
+jabboworld.tk, 1
+jaberg-rutschi.ch, 1
+jabergrutschi.ch, 1
+jabjab.de, 1
+jabou.co.uk, 1
+jabramson.com, 1
+jabramson.net, 1
+jabsolutions.tk, 1
+jacaranda-deutschland.org, 1
+jaccblog.com, 1
+jacek.pro, 1
+jacekowski.org, 1
+jachtbouw.eu, 1
+jachtypruszynski.pl, 1
+jacik.cz, 1
+jack-daw.com, 1
+jack-p2.tech, 1
+jack.fr.eu.org, 1
+jack2celebrities.com, 1
+jackafur.net, 1
+jackal-cogito.tk, 1
+jackandrascals.com, 1
+jackarmail.eu, 1
+jackass-as.com, 1
+jackassofalltrades.org, 1
+jackbauer.tk, 1
+jackblues.tk, 1
+jackdanielssauces.com, 1
+jackdawphoto.co.uk, 1
+jacket-coat.tk, 1
+jacketars.com, 1
+jackets-coats.tk, 1
+jackets-coatsplus.tk, 1
+jackets-for-men.tk, 1
+jackf.me, 1
+jackgames.net, 1
+jackgreiner.ca, 1
+jackhammerinteractive.com, 1
+jackhoodtransportation.com, 1
+jackienguyen.dk, 1
+jackiestp.com, 1
+jackingramnissanparts.com, 1
+jackinmybox.com, 1
+jackjack.ga, 1
+jackmail.tk, 1
+jackmcgregor.uk, 1
+jackmechanic.com, 1
+jackob.tk, 1
+jackops.com, 1
+jackpothappy.com, 1
+jackripper.tk, 1
+jackrussel.tk, 1
+jackrusselterrier.com.br, 1
+jacksanalytics.com, 1
+jacksball.com, 1
+jacksfeestverhuur.nl, 1
+jackson-quon.com, 1
+jacksonchen666.com, 1
+jacksoncountyfl.gov, 1
+jacksoncountyor.gov, 1
+jacksoncountytn.gov, 1
+jacksoncountywi.gov, 1
+jacksonfdwi.gov, 1
+jacksongoo.de, 1
+jacksonportwi.gov, 1
+jacksonsykes.com, 1
+jacksontwpclermontoh.gov, 1
+jacksontwpfranklinoh.gov, 1
+jacksontwpmcpa.gov, 1
+jacksonville.gov, 1
+jacksonvilleal.gov, 1
+jacksonvillebeach.gov, 1
+jacksorrell.com, 1
+jackspub.net, 1
+jackstone.tk, 1
+jacksutton.info, 1
+jacktor.com, 1
+jackvaley.com, 1
+jackwarren.info, 1
+jackwilli.com, 1
+jackwu.net, 1
+jackylawless.net, 1
+jackyliao.me, 1
+jackyliao123.tk, 1
+jackyyf.com, 0
+jaco.by, 0
+jacobamunch.com, 1
+jacobenjogchum.tk, 1
+jacobey.net, 1
+jacobi-server.de, 1
+jacobian.org, 1
+jacobjangles.com, 1
+jacobo.tk, 1
+jacobsenarquitetura.com, 1
+jacobsmeubels.nl, 1
+jacobspctuneup.tk, 1
+jacobtamassiaadvocacia.adv.br, 1
+jacobtaylor.id.au, 1
+jacool.tk, 1
+jacopo.tk, 1
+jacopomolina.me, 1
+jacquant.be, 1
+jacquelinebellefontaine.co.uk, 1
+jacquelinesdream.tk, 1
+jacquesdedixmude.eu, 1
+jacquesfrantz.com, 1
+jaculus.eu, 0
+jad.so, 1
+jadara.info, 1
+jadchaar.me, 1
+jadedmonkey.tk, 1
+jadehairstyle.nl, 1
+jadelsbach.de, 1
+jadesong.cn, 1
+jadesong.net, 1
+jadid-alwadifa.com, 1
+jadidgroup.com, 1
+jadiercms.cf, 1
+jadopado.com, 1
+jadox.com, 1
+jaduniv.cf, 1
+jae.su, 1
+jae.zone, 1
+jaeger.link, 1
+jaehyeon.it, 1
+jaenparaisointerior.es, 1
+jaepinformatica.com, 1
+jaetech.org, 1
+jafarmehdipor.ga, 1
+jag-meccar.tk, 1
+jaga-me.com, 1
+jagad.id, 1
+jagadhatrionline.co.in, 1
+jagaimo.works, 1
+jagan.be, 1
+jagar.com.pl, 1
+jagatreview.com, 1
+jagbouncycastles.co.uk, 1
+jagerkin.tk, 1
+jagerman.com, 1
+jagogame.tk, 1
+jags.tk, 1
+jagspecialisters.ga, 1
+jagspecialistest.ga, 1
+jagsttalschule.de, 1
+jaguar-network.com, 1
+jaguarkuda.com, 1
+jaguarlandrover-asse.be, 1
+jaguarlandrover-occasions.be, 1
+jahanaisamu.com, 1
+jahidhasanmurad.tk, 1
+jahimees.ee, 1
+jahit.tk, 1
+jahner.xyz, 1
+jahubar.tk, 1
+jaialdi.tk, 1
+jaiho-zeetoz1server.ga, 1
+jailbait.ml, 1
+jailbreakingisnotacrime.org, 1
+jailfood.ga, 1
+jailfooders.ga, 1
+jailfoodest.ga, 1
+jailstorm.ml, 1
+jaimechanaga.com, 1
+jainmantras.com, 1
+jaion.tech, 1
+jaion.xyz, 1
+jaipurescort.club, 1
+jaipurescortagency.com, 1
+jairoenfrancien.tk, 1
+jaisiam.co.th, 1
+jaisin.com, 1
+jaispirit.com, 1
+jaiyen.com, 1
+jaiyun.tk, 1
+jajce.tk, 1
+jajojababy.com, 1
+jajycycojota.cf, 1
+jakarta.ee, 1
+jakartaone.org, 1
+jakartaurbanhosting.com, 1
+jakdelatseo.cz, 1
+jake.eu.org, 1
+jake.ml, 1
+jake.nom.za, 1
+jake.rodeo, 1
+jakegyllenhaal.ga, 1
+jakemansfield.com, 1
+jakereynolds.co, 1
+jakeross.me, 1
+jakerullman.com, 0
+jakeslab.tech, 1
+jakewales.com, 1
+jakincode.army, 1
+jako.tk, 1
+jakob-server.tk, 1
+jakobczyk.org, 1
+jakobejitblokaci.cz, 1
+jakobhildebrand.de, 1
+jakobkrigovsky.com, 1
+jakobs.systems, 1
+jakobssystems.net, 1
+jakpost.net, 1
+jakpremyslet.cz, 1
+jakse.fr, 1
+jaksi.io, 1
+jaktang.com, 1
+jakub-boucek.cz, 1
+jakubarbet.eu, 1
+jakubboucek.cz, 1
+jakubklimek.com, 1
+jakubsindelar.cz, 1
+jakubvrba.cz, 1
+jakumammy.pl, 1
+jakzostacmilionerem.biz, 1
+jal-ja.com, 1
+jala.tech, 0
+jalebiyat.tk, 1
+jaleesa.sa, 1
+jaleo.cn, 1
+jaliscolindo.tk, 1
+jall.com.br, 1
+jallatte.fr, 1
+jallenfabric.com, 1
+jaloozone.ml, 1
+jalopnik.com, 1
+jaluzelemoderne.ro, 1
+jaluziperde.tk, 1
+jamaat.hk, 1
+jamaica.gq, 1
+jamaicabeachtx.gov, 1
+jamally.co.za, 1
+jambapp.org, 1
+jambb.nu, 1
+jamberry.com.mx, 1
+jambihackerlink.tk, 1
+jambing.cn, 1
+jamboree.online, 1
+jambox.ca, 1
+jambox.pl, 1
+jamcyberinc.com, 1
+jamdro.id, 1
+jamelhammoud.com, 1
+james-bell.co.uk, 1
+james-parker.com, 0
+james.cyou, 1
+james.je, 1
+james.pub, 1
+jamesachambers.com, 1
+jamesaimonetti.com, 1
+jamesandeverett.com, 1
+jamesbillingham.com, 1
+jamesbromberger.com, 1
+jamesbrown.cn, 1
+jamesbrown.us, 1
+jameschorlton.co.uk, 1
+jamesconroyfinn.com, 0
+jamesdorf.com, 1
+jamesedition.com, 1
+jamesevans.is, 1
+jamesgarrigan.info, 1
+jamesgarrigan.nyc, 1
+jamesgreenfield.com, 1
+jameshawk.pl, 1
+jamesheald.com, 1
+jameshenderson.online, 1
+jameshost.net, 1
+jameside.com, 1
+jamesj.me, 0
+jamesjboyer.com, 1
+jamesjj.net, 1
+jamesknd.uk, 0
+jamesl.tk, 1
+jameslahey.com, 1
+jamesmarsh.net, 1
+jamesmcnee.co.uk, 1
+jamesmcnee.com, 1
+jamesmorrison.me, 1
+jamesmurphy.tk, 1
+jamesplumbingcompanypasadenatx.com, 1
+jamesredmond.tk, 1
+jamesrobertson.net, 1
+jamesrobertson.sh, 1
+jamesross.name, 1
+jamesrtyrrell.com, 1
+jamessliu.com, 1
+jamessmith.me.uk, 1
+jamestgh.com, 1
+jamestilburg.nl, 1
+jamestmart.in, 1
+jamestown.de, 0
+jamestowncando-nc.gov, 1
+jamesturnerstickley.com, 1
+jameswarp.com, 1
+jameswhite.tech, 1
+jamesxu.com, 1
+jameszero.net, 1
+jamfm.tk, 1
+jamhost.org, 1
+jamie-read-photography.com, 1
+jamie.cymru, 1
+jamie.wales, 1
+jamieb.org, 1
+jamiehansonyoga.com, 1
+jamiehenrybrown.co.uk, 1
+jamiejones.cymru, 1
+jamiejones.wales, 1
+jamielinux.com, 1
+jamiemagee.co.uk, 1
+jamiemagee.dk, 1
+jamiematthews.ml, 1
+jamiepleasants.com, 1
+jamiesnape.io, 1
+jamieweb.net, 1
+jamiiforums.com, 1
+jaminidesign.com, 1
+jamiviz.com, 1
+jamjestsimon.pl, 1
+jamloop.com, 1
+jammucake.com, 1
+jammy4312.me, 1
+jammysplodgers.co.uk, 1
+jamonesrute.com, 1
+jamonsilva.com, 1
+jamstatic.fr, 0
+jamukmod.com, 1
+jamusa.tk, 1
+jamyeprice.com, 0
+jan-and-maaret.de, 1
+jan-becker.com, 1
+jan-bretschneider.de, 1
+jan-bucher.ch, 1
+jan-daniels.de, 1
+jan-graca.tk, 1
+jan-hill.com, 1
+jan-melcher.de, 1
+jan-reiss.de, 1
+jan-rieger.de, 1
+jan-roenspies.de, 1
+jan-von.de, 1
+jan.gl, 1
+jana-rambusch.net, 1
+janada.cz, 1
+janaundgeorgsagenja.eu, 1
+janavish.tk, 1
+janbennink.com, 1
+janbilek.cz, 1
+janbretschneider.de, 1
+janbruckner.de, 1
+jancosales.com, 1
+jandenhertog.nl, 1
+jandenul.com, 1
+jandesign.at, 1
+jandev.de, 1
+jandj.yachts, 0
+jandonkers.com, 1
+jandrliquidations.com, 1
+jandroegehoff.de, 1
+janduchene.ch, 1
+janelauhomes.com, 1
+janelle-jamer.tk, 1
+janellequintana.tk, 1
+janenwouter.tk, 1
+janes.com, 0
+janesaddiction.org, 1
+janetandjohns.tk, 1
+janetedkins.com, 1
+janeweeber.com, 1
+janey.cf, 1
+janeymac.com, 1
+janfennell.tk, 1
+jangl.com, 1
+janheidler.dynv6.net, 1
+janhermann.cz, 1
+janhuelsmann.com, 1
+jani.media, 1
+janik.cz, 1
+janikrabe.com, 1
+janilowski.pl, 1
+janime.top, 1
+janine-und-johannes.de, 1
+janjoris.nl, 1
+jankamp.com, 1
+janker.me, 1
+janklokman.tk, 1
+jann.is, 1
+jannehonkonen.tk, 1
+jannekekaasjager.nl, 1
+jannes-althoff.de, 1
+jannesmeyer.com, 0
+jannetaflorist.com, 1
+jannhaber.de, 1
+jannis-goeing.de, 1
+jannisfink.de, 1
+janokacer.sk, 1
+janome.club, 1
+janome.com.ua, 1
+janonis.com, 1
+janoshida.hu, 1
+janostheil.de, 1
+janphilip-bernius.de, 1
+jans.cloud, 1
+janschaumann.de, 1
+jansendermatografie.nl, 1
+janservfl.com, 1
+janslab.pl, 1
+janssen.fm, 1
+janterpstra.eu, 1
+jantinaboelens.nl, 1
+january.com, 1
+janujani.com, 1
+janulkowedomki.pl, 1
+janus-it.pl, 1
+janv.it, 1
+janvanmechelen.tk, 1
+janvari.com, 1
+janvaribalint.com, 1
+janvidresearch.com, 1
+janw.me, 1
+janwern.com, 1
+jao-collection.com, 1
+jaot.info, 1
+jaotusvork.ee, 1
+japan-forum.nl, 1
+japan-tent.com, 1
+japan-xxxtube.com, 1
+japanasonic.ru, 1
+japanchiropractic.com.br, 1
+japanduhoc.com, 1
+japanese-cuisine.com, 1
+japanese-dominatrix.com, 1
+japanese-imperialism971.tk, 1
+japanese-tantra-escort.com, 1
+japaneseacupuncture.london, 1
+japaneseemoticons.org, 0
+japanesekeyboard.net, 1
+japanesemusic.tk, 1
+japanesephotosite.tk, 1
+japanesque.ru, 1
+japaniac.de, 1
+japanknives.tk, 1
+japannext.co.jp, 1
+japanphilosophy.com, 0
+japanporns.pro, 1
+japanroll.cf, 1
+japansepuzzel.tk, 1
+japantravel.tk, 1
+japanwatches.xyz, 1
+japanwowsex.com, 1
+jape.today, 1
+japico.or.jp, 1
+japlin.io, 1
+japlin.tk, 1
+japonskonamiru.cz, 1
+japonyol.net, 1
+japornpics-video.com, 1
+japornpics.com, 1
+jappleng.com, 1
+jaquelin.tk, 1
+jaquishbiomedical.com, 1
+jar.cool, 1
+jaraizaboli.tk, 1
+jaramilloconstrucciones.pe, 1
+jardelatacadao.com.br, 1
+jardigital.com.au, 1
+jardinderline.ch, 1
+jardineras.online, 1
+jardinesimperiales.com, 1
+jaredfernandez.com, 1
+jaredkunz.com, 1
+jaredonline.tk, 1
+jaresourcehub.org, 1
+jarett-lee.com, 1
+jaris.fi, 1
+jarkkorahkonen.fi, 1
+jarl.ninja, 1
+jarlette.com, 1
+jarlstrom.com, 1
+jarmandental.com, 1
+jarmatys.pl, 1
+jarmix.fi, 1
+jarniashop.se, 1
+jarno.rocks, 1
+jarnobogaert.xyz, 1
+jarnskog.tk, 1
+jarods.org, 0
+jarofthread.com, 1
+jarondl.net, 1
+jaroslavc.eu, 1
+jarovske-udoli.cz, 1
+jarovskeudoli.cz, 1
+jarquedelaval.tk, 1
+jarrettgraham.com, 1
+jarritos.com.sg, 1
+jarritos.es, 1
+jarritosaustralia.com.au, 1
+jarritoseurope.eu, 1
+jarritosfrance.com, 1
+jarroba.com, 1
+jarrods.tech, 1
+jarry.io, 1
+jarsater.com, 0
+jarski.eu, 1
+jas-ac.com, 1
+jas-team.net, 1
+jasasewaspg.com, 1
+jasawebbisnis.com, 0
+jasch.tk, 1
+jaschaa.de, 1
+jasco.gov, 1
+jaseng.ga, 1
+jasewhite.com, 1
+jashinchan.cn, 1
+jasik.xyz, 1
+jasl.works, 1
+jasm1nii.xyz, 1
+jasminedirectory.com, 1
+jasminefields.net, 1
+jasminka.cz, 1
+jasminlive.cam, 1
+jasminum.uk, 1
+jasmyn.tk, 1
+jasomill.at, 1
+jason-isaacs.tk, 1
+jason.red, 1
+jasonamorrow.com, 0
+jasonchampagne.fr, 1
+jasoncosper.com, 1
+jasoncs.eu.org, 1
+jasongreenwell.com, 1
+jasonhardin.me, 1
+jasonisclever.com, 1
+jasonmili.online, 1
+jasonreadinglandscapes.com.au, 1
+jasonricketts.me, 1
+jasonsansone.com, 1
+jasonsplecoscichlids.com, 1
+jasonthai.me, 0
+jasonvillein.gov, 1
+jasonwei.nctu.me, 1
+jasonwongwr.com, 1
+jasper.link, 1
+jasper.pt, 1
+jasperhammink.com, 0
+jasperhugo.com, 1
+jasperhuttenmedia.com, 1
+jaspernbrouwer.nl, 1
+jasperpatterson.com, 1
+jasperpatterson.me, 1
+jasperpatterson.net, 1
+jaspersreef.com, 1
+jaspertn.gov, 1
+jasperyang.cn, 1
+jaspven.net, 1
+jaspyrbooks.com, 1
+jassecharlie.com, 1
+jastrow.me, 1
+jaszbereny-vechta.eu, 1
+jatekjatek.hu, 1
+jateng.press, 1
+jatiwahidfurniture.com, 0
+jatransportadora.com, 1
+jaumepons.net, 1
+jav.st, 1
+java-fan.tk, 1
+java-for-minecraft.com, 1
+java-tracking.gq, 1
+javaanalysisers.ga, 1
+javaanalysisest.ga, 1
+javabahia.tk, 1
+javabc.com, 1
+javabot.ml, 1
+javacakegames.com, 1
+javachinna.com, 1
+javaexpert.tk, 1
+javafactory.io, 1
+javafiles.tk, 1
+javafluers.ga, 1
+javafluest.ga, 1
+javan.de, 1
+javanguiano.mx, 0
+javapost.tk, 1
+javasaranamitrasejati.com, 1
+javascriptlab.fr, 1
+javaweb.site, 1
+javaxxz.com, 1
+javedali.tk, 1
+javedhasrat.com, 1
+javfree.me, 1
+javi-soleil.tk, 1
+javierbalvin.com, 1
+javierbarrio.com, 1
+javierfalcon.tk, 1
+javierflorescastillero.es, 1
+javiergddw.com, 1
+javierguandalini.com, 1
+javierjurado.tk, 1
+javiermascherano.tk, 1
+javiersanchez.tk, 1
+javiscoffee.com, 1
+javitron.tk, 1
+javleech.com, 1
+javorina.tk, 1
+javsod.top, 1
+jawharati.tk, 1
+jawo2008.pl, 1
+jaxfstk.com, 1
+jaxxnet.co.uk, 1
+jaxxnet.org, 1
+jay4.is, 1
+jay6.tech, 1
+jayanthreddy.ml, 1
+jayantkageri.in, 1
+jaybeez.tk, 1
+jaybrokers.com, 1
+jayf.de, 1
+jayfreestone.com, 1
+jayharkess.uk, 1
+jayharris.ca, 1
+jayhost.cf, 1
+jayhost.tk, 1
+jayjardine.cf, 1
+jayjardine.ga, 1
+jayjardine.gq, 1
+jayjardine.ml, 1
+jaykuhns.com, 1
+jaylewis.us, 1
+jaylineko.com, 1
+jaymecd.rocks, 1
+jaypandit.me, 1
+jaypark.gq, 1
+jaypeeaman.in, 1
+jaypeeonline.tk, 1
+jayrl.com, 1
+jaysanart.com, 0
+jaysaw.me, 1
+jayschulman.com, 1
+jayspage.tk, 1
+jaytauron.xyz, 1
+jaytx.com, 1
+jayveel.nl, 1
+jayxon.com, 1
+jayxu.com, 1
+jazerxx.com, 1
+jazminguaramato.com, 1
+jazz-alliance.com, 1
+jazz-alliance.org, 1
+jazzab-online.tk, 1
+jazzanet.com, 1
+jazzapart.tk, 1
+jazzband.tk, 1
+jazzfeet.co.uk, 1
+jazzindeck.com, 1
+jazzman.tk, 1
+jazzy-feet.com, 1
+jazzy.id.au, 1
+jazzy.pro, 1
+jazzysumi.com, 1
+jazzyvsart.com, 1
+jb-pixel.tk, 1
+jb0.de, 1
+jb138.cc, 1
+jballelectronics.com, 1
+jbarzoutfitters.com, 1
+jbayetsecretariat.be, 1
+jbbd.fr, 1
+jbbdev.com, 1
+jbc88.cc, 1
+jbcharleston.com, 1
+jbcharlestonfss.tv, 1
+jbctransport.ca, 1
+jbdesignfoundations.com, 1
+jbdillon.com, 1
+jberlife.com, 1
+jberlife.marketing, 1
+jbeta.is, 1
+jblackweb.com, 1
+jbloomphotography.com, 1
+jbmechanics.com, 1
+jbnetwork.org, 1
+jboats.com, 1
+jboho.com, 1
+jbond.tk, 1
+jbootsma.com, 1
+jbradaric.me, 1
+jbridal.com.au, 1
+jbs-jardins.ch, 0
+jbs.com.br, 1
+jbsinternational.com, 1
+jbsoftware.ca, 1
+jbspeakr.cc, 1
+jbt-stl.com, 1
+jc6.xyz, 1
+jc666.xyz, 1
+jcadg.com, 1
+jcaicedo.com, 1
+jcaicedo.tk, 1
+jcb.com, 1
+jcbaterias.com.br, 1
+jcbgolfandcountryclub.com, 1
+jcblagri.in, 1
+jccars-occasions.be, 1
+jcchen.art, 1
+jcchouinard.com, 1
+jccrew.org, 1
+jcdenast.tk, 1
+jcdesign.sk, 1
+jcelectronics.com.au, 1
+jcf-office.com, 1
+jchn.be, 1
+jci.bio, 1
+jci.care, 1
+jci.cc, 1
+jci.charity, 1
+jci.chat, 1
+jci.coach, 1
+jci.community, 1
+jci.contact, 1
+jci.direct, 1
+jci.domains, 1
+jci.education, 1
+jci.exchange, 1
+jci.fail, 1
+jci.fyi, 1
+jci.gallery, 1
+jci.gives, 1
+jci.graphics, 1
+jci.group, 1
+jci.guide, 1
+jci.how, 1
+jci.institute, 1
+jci.life, 1
+jci.live, 1
+jci.marketing, 1
+jci.me.uk, 1
+jci.media, 1
+jci.mobi, 1
+jci.name, 1
+jci.ooo, 1
+jci.org.uk, 1
+jci.photography, 1
+jci.pictures, 1
+jci.place, 1
+jci.productions, 1
+jci.promo, 1
+jci.pub, 1
+jci.studio, 1
+jci.systems, 1
+jci.tips, 1
+jci.university, 1
+jci.watch, 1
+jci.wiki, 1
+jci.works, 1
+jci.zone, 1
+jcinet.cc, 1
+jcinet.net, 1
+jcit.xyz, 1
+jclayton.com, 1
+jcleon.tk, 1
+jclp.cf, 1
+jclynne.com, 1
+jcmo.gov, 1
+jcmunz.com, 1
+jcode.gov, 1
+jcontspoord.nl, 1
+jcor.me, 0
+jcoscia.com, 1
+jcphotography.dk, 1
+jcra.net, 1
+jcrhcdwy.gov, 1
+jcrobin56.fr, 1
+jcsava.gov, 1
+jcsolutions.tk, 1
+jcus.co, 1
+jcvignoli.com, 1
+jcwebtechnologies.com, 1
+jcwodan.nl, 1
+jd-group.co.uk, 0
+jd-trust.com, 1
+jd1.de, 1
+jd777.vip, 1
+jdc.io, 1
+jdcdirectsales.com, 1
+jdcdirectsales.com.ph, 1
+jdd888.cc, 1
+jdecommastermind.com, 1
+jdefreitas.com, 1
+jdelgado.fr, 1
+jdhigh.com, 1
+jdhouse.com.br, 1
+jdjamescorp.com, 1
+jdjohnsonmedia.com, 1
+jdjohnsonwaterproofing.com, 1
+jdlt.co.uk, 1
+jdm.elk.pl, 1
+jdm.pl, 1
+jdmgarage.com.au, 1
+jdoi.pw, 1
+jdpleisure.co.uk, 1
+jdscastlehire.co.uk, 1
+jdsecurity.com.au, 1
+jdtangney.com, 1
+jdtic.com, 1
+jdtrust.net, 1
+jdtrust.one, 1
+jduarte.xyz, 1
+je-vends.fr, 0
+je-voyage.net, 1
+je.net.cn, 1
+je2050.de, 1
+jealousy.tk, 1
+jean-luc.org, 1
+jean-remy.ch, 1
+jeancafe.ddns.net, 1
+jeancampa.com, 1
+jeancardeno.com, 1
+jeancarlos.tk, 1
+jeanclaudegolvin.com, 1
+jeandanielfaessler.ch, 1
+jeanettevanrookhuizen.nl, 1
+jeangalea.com, 1
+jeangarcia.tk, 1
+jeaninformatico.tk, 1
+jeankygourmet.com, 1
+jeanmarieayer.ch, 1
+jeanmichelaudet.com, 1
+jeanmusic.tk, 1
+jeannecalment.com, 1
+jeannedekkers.tk, 1
+jeannekunst.tk, 1
+jeannelucienne.fr, 1
+jeannette-py.fr, 1
+jeanniegraefe.tk, 1
+jeannotbel.tk, 1
+jeannotjeux.fr, 1
+jeanphilippe.io, 1
+jeans-butik.tk, 1
+jeans-moda.tk, 1
+jeans-shopping.tk, 1
+jeans-stores.tk, 1
+jeansbutik.tk, 1
+jeansdemodacol.com, 1
+jeanslee.tk, 1
+jeansmoda.tk, 1
+jeansstyle.tk, 1
+jeanstastytreats.co.za, 1
+jeayalar.com, 1
+jec-dekrone.be, 1
+jecho.cn, 1
+jecjacshop.com, 1
+jecnetwork.gq, 1
+jed.site, 1
+jeda.ch, 1
+jeda.im, 1
+jedatw.com, 1
+jedayoshi.me, 1
+jedayoshi.tk, 1
+jedcg.com, 1
+jeddahlyn.nl, 1
+jedepannetonordi.ch, 0
+jedepannetonordi.com, 0
+jedepannetonordi.fr, 0
+jedi-master.tk, 1
+jedi-online.tk, 1
+jedicouncil.tk, 1
+jedilukmas.tk, 1
+jedora.com, 0
+jeek.jp, 0
+jeemain.org, 1
+jeep-diagnost.ml, 1
+jeep4ik.com, 1
+jeepeg.com, 1
+jeepspares.com.au, 1
+jeeptourpocos.com.br, 1
+jeeran.com, 1
+jeeranservices.com, 1
+jeetwin.com, 1
+jeevanmag.tk, 1
+jeevanpaul.in, 0
+jef.yt, 1
+jefaisducafe.mywire.org, 1
+jefcorlabs.com, 1
+jeff-dom.ovh, 1
+jeff.win, 1
+jeffcasavant.com, 0
+jeffcloninger.net, 1
+jeffcom911co.gov, 1
+jeffdaviscountyga.gov, 1
+jeffersoncountyks.gov, 1
+jeffersoncountyne.gov, 1
+jeffersoncountyny.gov, 1
+jeffersoncountyor.gov, 1
+jeffersoncountypa.gov, 1
+jeffersonknoxohio.gov, 1
+jeffersonkyattorney.gov, 1
+jeffersonohio.gov, 1
+jeffersonregan.co.uk, 1
+jeffersonregan.com, 1
+jeffersonregan.net, 1
+jeffersonregan.org, 1
+jeffersonsbourbon.com, 1
+jeffersonvillepdin.gov, 1
+jeffhoy.us, 1
+jeffhoyphotography.com, 1
+jeffhuxley.com, 1
+jeffok.com, 1
+jeffpenchoff.com, 1
+jeffreyhaferman.com, 1
+jeffri.me, 1
+jeffsanders.com, 1
+jeflix.stream, 1
+jefrydco.id, 1
+jefsweden.eu, 1
+jegkorongszovetseg.hu, 1
+jegos.tk, 1
+jehende.fr, 1
+jehjf.com, 1
+jehovahsays.net, 1
+jej.cz, 1
+jej.sk, 1
+jekadvantage.com, 1
+jekhar.com, 1
+jel-tech.com, 0
+jelena-adeli.com, 1
+jelena-karleusa.tk, 1
+jelenkovic.rs, 1
+jell.ie, 1
+jellebo.dk, 1
+jelleluteijn.com, 1
+jelleluteijn.eu, 1
+jelleluteijn.net, 1
+jelleluteijn.nl, 1
+jelleluteijn.pro, 1
+jelleraaijmakers.nl, 1
+jellybeanpress.com, 1
+jellyfin.spdns.eu, 1
+jellyfish.co, 1
+jellyfishlivewire.co.uk, 1
+jellynails.tk, 1
+jellypepper.com, 1
+jellysquid.me, 1
+jelmer.co.uk, 1
+jelmer.uk, 1
+jelmoli-shop.ch, 1
+jelmyto.com, 0
+jelo.tk, 1
+jelobox.tk, 1
+jelocalise.fr, 1
+jem.gov, 1
+jem.style, 1
+jembatankarir.com, 1
+jemezdravo.eu, 1
+jemezsprings-nm.gov, 1
+jemnezymy.com, 1
+jemoreng.tk, 1
+jemputan-karyawan.site, 1
+jems-il.gov, 1
+jemshoes.com, 1
+jemyzdrowo.pl, 1
+jena-fans-aurich.tk, 1
+jena.de, 1
+jena.space, 0
+jencshiny-org.tk, 1
+jendela360.com, 1
+jendialmeditation.com, 1
+jendies.com, 1
+jenelle.ml, 1
+jeneratorkiralama.name.tr, 1
+jenever.amsterdam, 1
+jeney.eu, 1
+jenin.ml, 1
+jenkinscountyga.gov, 1
+jenkinsry.fi, 1
+jenn-pro-graphics.com, 1
+jennahunt.net, 1
+jenne.com, 1
+jennethaarfotografie.nl, 1
+jennette.tk, 1
+jennierobinson.com, 1
+jenniferbuslerinteriors.com, 1
+jenniferchan.id.au, 1
+jenniferehle.tk, 1
+jenniferengerwingaantrouwen.nl, 1
+jenniferfontaine.fr, 1
+jenniferhudsonshow.com, 1
+jenniferjoos.de, 1
+jenniferlucia.com, 1
+jennifermason.eu, 1
+jennifermorrisonart.com, 1
+jennifersauer.nl, 1
+jenniferschmidt.com.au, 1
+jennifertilly.tk, 1
+jenniwiltz.com, 1
+jennyjones.tk, 1
+jennymovies.com, 1
+jennysarl.ch, 0
+jennysbakery.com.au, 1
+jennysource.tk, 1
+jennystella.net, 1
+jennythebaker.com, 1
+jeno.cf, 1
+jenolson.net, 1
+jens-prangenberg.de, 1
+jens.hk, 1
+jensdesmeyter.be, 1
+jenskliewer.de, 1
+jensrex.dk, 1
+jents.ro, 1
+jenyak.com, 1
+jeoffrey-sanchez.ovh, 1
+jeon.cf, 0
+jepa.si, 1
+jepcraft.ddns.net, 1
+jeproteste.info, 1
+jeps.fi, 1
+jeremiahbenes.com, 1
+jeremiahlee.com, 1
+jeremiebt.com, 1
+jeremy-chen.org, 1
+jeremy-gautier.com, 1
+jeremy.hu, 1
+jeremyatwoodlaw.com, 1
+jeremybentham.com, 1
+jeremybloomfield.co.uk, 1
+jeremyc.ca, 0
+jeremycantu.com, 1
+jeremycrews.com, 1
+jeremyfaton.me, 1
+jeremyhodges.uk, 1
+jeremynally.com, 1
+jeremyness.com, 1
+jeremyrobinlyons.com, 1
+jeremysermersheim.com, 1
+jeremywinn.com, 1
+jeremywinn.xyz, 1
+jerichoproject.org, 1
+jerisandoval.tk, 1
+jermann.biz, 1
+jeroendeneef.com, 1
+jeroened.be, 1
+jeroenensanne.wedding, 1
+jeroenstekelenburg.nl, 1
+jerome-r.tk, 1
+jerome.to, 1
+jeromecountyid.gov, 1
+jeromequezel.fr, 1
+jerometejano.tk, 1
+jerret.de, 1
+jerridoswell.tk, 1
+jerryabrams.com, 0
+jerrybustillo.tk, 1
+jerrychacon.com, 1
+jerrysretailstores.com, 1
+jerrytindell.com, 1
+jerryweb.org, 1
+jerryyu.ca, 1
+jersec.com, 1
+jerseybikehire.co.uk, 1
+jerseycounty-il.gov, 1
+jerseycountyclerk-il.gov, 1
+jerseyink.net, 1
+jerseyjumpingbeans.co.uk, 1
+jerseylvi2013.org, 1
+jerseywater.je, 1
+jerusalem.estate, 1
+jerusalempersonals.ml, 1
+jerusalempersonalsers.ga, 1
+jerusalempersonalsest.ga, 1
+jerusalemplus.tv, 1
+jesec.cn, 1
+jesec.io, 1
+jesen.org, 1
+jesiensredniowiecza.pl, 1
+jesmatboutique.com, 1
+jesmh.de, 1
+jesolo.tk, 1
+jesperandersson.tk, 1
+jespersen.tk, 1
+jessacharlie.com, 1
+jesscharlie.com, 1
+jesseblum.com, 1
+jessebollinger.com, 1
+jessecharley.com, 1
+jessecharli.com, 1
+jessecharlie.com, 1
+jessecharlie.info, 1
+jessecharlie.net, 1
+jessecharlie.org, 1
+jessecharlienaser.com, 1
+jesseerbach.com, 1
+jessekaufman.com, 1
+jesseklaver.nl, 1
+jessem.fr, 1
+jessenaser.com, 1
+jessenaser.net, 1
+jessenaser.org, 1
+jesseonline.tk, 1
+jessesjumpingcastles.co.uk, 1
+jessetorrenga.nl, 1
+jessetrebil.com, 1
+jessetrebilfoundationsystems.com, 1
+jessevictors.com, 1
+jessica-weller.de, 1
+jessicabarends.nl, 1
+jessicabenedictus.nl, 0
+jessicaevrard.com, 1
+jessicahrehor.com, 1
+jessicasmith3d.com, 1
+jessicharlie.com, 1
+jessieabraham.tk, 1
+jessiecharlie.com, 1
+jessihod.com, 1
+jessika-atelier.nl, 1
+jesslynfietje.com, 1
+jesspryles.com, 1
+jessycharlie.com, 1
+jesters-court.net, 1
+jestre.org, 1
+jestyc.com, 1
+jesucristo.ga, 1
+jesuisadmin.fr, 1
+jesuisunpapageek.fr, 1
+jesuiszen.fr, 1
+jesus-rock.tk, 1
+jesuscapitan.tk, 1
+jesuscnasistente.com, 1
+jesusda.tk, 1
+jesusdenazaret.com, 1
+jesusnazarenobaena.tk, 1
+jesusplusnothing.com, 1
+jesusthegoodshepherd.org, 1
+jesusvasquez.tk, 1
+jet.su, 1
+jetable.org, 1
+jetapi.org, 1
+jetbbs.com, 1
+jetcard.co.uk, 1
+jetchartercanada.com, 1
+jetchartereurope.com, 1
+jetcost.com, 1
+jetcraft.tk, 1
+jetdrywallinteriors.com, 1
+jetfirenetworks.com, 1
+jetflex.de, 1
+jethash.io, 1
+jetkittens.co.uk, 1
+jetmirshatri.com, 0
+jetmusic.tk, 1
+jetpack.com.ar, 1
+jetsadabetchoke77.com, 0
+jetsetretiree.com, 1
+jetshare.co.nz, 1
+jetsieswerda.nl, 1
+jetsome.co, 0
+jetson.tk, 1
+jetstudio.ch, 0
+jettenbommelaer.nl, 1
+jettenjachtbouw.eu, 1
+jettlarue.com, 1
+jettshome.org, 1
+jetular.com, 1
+jetular.net, 1
+jetwhiz.com, 1
+jetzt-elektromobil.de, 1
+jeugdbrandweerbladel.tk, 1
+jeugdclubjia.tk, 1
+jeugdharmonie-geluwe.tk, 1
+jeugdkans.nl, 1
+jeugdraad.gent, 1
+jeurissen.co, 1
+jeuxerotiques.net, 1
+jevalide.ca, 1
+jevel-mag.tk, 1
+jevisite.ca, 1
+jewadvert.ml, 1
+jewaedv.de, 1
+jewelcaddesigns.com, 1
+jewellerynet.com, 1
+jewelleryoutlook.com, 1
+jewelry-directories.tk, 1
+jewelrycoverers.ga, 1
+jewishboston.com, 1
+jewishboyscouts.com, 1
+jewishfed.org, 1
+jewishjourneys.org, 1
+jewishmusic.tk, 1
+jewishphilanthropies.org, 1
+jewishphoenix.com, 1
+jewishquotations.com, 1
+jexler.net, 1
+jey-line.de, 1
+jez.nl, 1
+jezebel.com, 1
+jezebelsromance.com, 1
+jezeravillage.com, 1
+jezero.tk, 1
+jezura.cz, 1
+jezzicat.org, 1
+jf-beco.pt, 1
+jf-fotos.de, 1
+jf-igrejanovadosobral.pt, 1
+jf-madalena.tk, 1
+jf886.cc, 1
+jfbst.net, 1
+jfcare.dk, 1
+jfgselbitztal.tk, 1
+jfhr.de, 1
+jfhr.me, 1
+jfjtransport.com, 1
+jfklibrary.gov, 1
+jfmdevelopment.ml, 1
+jfml.lu, 1
+jfr.im, 1
+jfreitag.de, 1
+jfroyalelogistics.com.ng, 1
+jftn.nl, 1
+jftw.org, 1
+jfuturist.com, 1
+jfvaccountants.nl, 1
+jfy.is, 1
+jfy.jp, 1
+jg-skid.me, 1
+jg-tc.com, 1
+jg078.com, 1
+jgambard.me, 1
+jgeverest.com, 1
+jgid.de, 1
+jgke.fi, 1
+jgmenterprises.ca, 1
+jgoldbergmd.com, 1
+jgoldgroup.com, 1
+jgomezweb.es, 1
+jgpeterson.com, 1
+jgregory.co.uk, 1
+jgregory.uk, 1
+jgsbrickwork.co.uk, 1
+jgwb.de, 1
+jgwb.eu, 1
+jh-group.net, 1
+jh4.eu, 1
+jhandke.de, 1
+jhatpatjobs.com, 1
+jhaudio.com, 1
+jhaveri.net, 1
+jhburton.co.uk, 1
+jhcommunitysports.co.uk, 1
+jhe.li, 1
+jhfunerals.com.au, 1
+jhill.de, 1
+jhj.jp, 1
+jhmrcm.com, 1
+jhonesmarcos.tk, 1
+jhonmurillo.ml, 1
+jhost.gq, 1
+jhuang.me, 1
+jhw3d.com, 1
+jiacl.com, 1
+jiahao.codes, 1
+jiai.cf, 1
+jiai.gq, 1
+jiai.ml, 1
+jiai.tk, 1
+jialiangkang.com, 1
+jiami.dog, 0
+jianbin.wang, 1
+jiangmei.ml, 1
+jiangmen.tk, 1
+jiangshiart.com, 1
+jiangwu.eu, 1
+jianhuo.cf, 1
+jianhuo.ml, 1
+jianny.me, 1
+jianren.cf, 1
+jianren.ml, 1
+jianwei.wang, 1
+jianyu.io, 1
+jianyuan.art, 1
+jianyuan.pro, 1
+jianzhan.com, 1
+jiaoliuben.com, 0
+jiaoyu8.cn, 1
+jiaqiang.vip, 1
+jiatingtrading.com, 1
+jiaty.com, 1
+jiaxitian.com, 1
+jiayi.eu.org, 1
+jiayi.life, 1
+jiazhao.ga, 0
+jibe.com, 1
+jibeapply.com, 1
+jibecdn.com, 1
+jibungoto.jp, 1
+jicaivvip.com, 1
+jichi.io, 1
+jichi.nz, 1
+jiehun.com.cn, 1
+jieshangwei.com, 1
+jieyang2016.com, 1
+jif.gc.ca, 1
+jigsawplanet.com, 1
+jiguang.com, 1
+jigyoushoukei.co.jp, 1
+jiheng.tk, 1
+jiid.ga, 1
+jiji.co.ci, 1
+jiji.co.ke, 1
+jiji.co.ma, 1
+jiji.co.rw, 1
+jiji.co.tz, 1
+jiji.com.bd, 1
+jiji.com.et, 1
+jiji.com.gh, 1
+jiji.ke, 1
+jiji.lk, 1
+jiji.ng, 1
+jiji.sn, 1
+jiji.ug, 1
+jijistatic.com, 1
+jikegu.com, 1
+jikei-reha.com, 1
+jikken.de, 0
+jilaninteraktif.tk, 1
+jilking.ga, 1
+jillamy.com, 1
+jillvirus.tk, 1
+jilworldwide.org, 1
+jimautoservice.pl, 1
+jimbeam-welcomesessions.at, 1
+jimbiproducts.com, 1
+jimbosprint.com, 1
+jimbrown.org, 1
+jimbutlerkiaparts.com, 1
+jimcoggeshall.com, 1
+jimconacher.pro, 1
+jimdorf.com, 1
+jime-hlavou.cz, 1
+jimeaton.com, 1
+jimezdrave.cz, 1
+jimfranke.com, 1
+jimfranke.nl, 1
+jimgarrigan.info, 1
+jimgarrigan.nyc, 1
+jiminny.com, 0
+jimisfanvan.nl, 1
+jimizhou.xyz, 1
+jimjh.com, 1
+jimkanabar.fr, 1
+jimkimmel.com, 1
+jimmiestore.com, 1
+jimmycai.com, 1
+jimmycarterlibrary.gov, 1
+jimmycn.com, 1
+jimmydomingo.tk, 1
+jimmykey.com, 0
+jimmynelson.com, 1
+jimmyrickenbacker.com, 1
+jimobbs.tk, 1
+jimpl.com, 1
+jimsheatandcool.com, 1
+jimslop.nl, 1
+jimucho.online, 1
+jimvophotography.tk, 1
+jimwhitesell.com, 1
+jimwoodrealty.com, 1
+jimwoodrealty.help, 1
+jin-design.si, 1
+jinancy.fr, 1
+jinanshen.com, 1
+jinbbq.com, 1
+jinbijin.nl, 1
+jinbo123.com, 0
+jinbowiki.org, 1
+jinbuguo.com, 1
+jinduoduo369.com, 1
+jinduoduo666.com, 1
+jinduoduo888.com, 1
+jinfbmanagement.com, 1
+jing-in.net, 1
+jingbo.fan, 1
+jinglebugs.co.nz, 1
+jingmi.com.tw, 1
+jinhaagency.com, 1
+jinhaagency1.com, 1
+jinja.ai, 1
+jinjafx.io, 1
+jinkou.cf, 1
+jinkou.ga, 1
+jinkou.gq, 1
+jinkou.ml, 1
+jinliming.ml, 1
+jino.gq, 1
+jinshabu.net, 1
+jintaiyang123.org, 1
+jiogo.com, 1
+jip2011.jp, 1
+jira.com, 1
+jirehlov.cn, 1
+jirehlov.com, 1
+jiretvariedades.com, 1
+jiri-vincour.cz, 1
+jiriholy.cz, 1
+jirkanch-ayollar.ga, 1
+jirkanch-ayollar.ml, 1
+jisai.net.cn, 1
+jisaudavel.com.br, 1
+jischool.org, 1
+jiserack.com, 1
+jisnashville.gov, 1
+jitendrapatro.me, 1
+jitprod.com, 1
+jitsipatapoe.ddns.net, 0
+jittruckparts.com, 1
+jiudao.com, 1
+jiveinvestments.com, 1
+jix.im, 1
+jixing.one, 1
+jixun.eu, 1
+jixun.moe, 1
+jixun.uk, 1
+jiyou.pw, 0
+jiyuu-ni.com, 1
+jiyuu-ni.net, 1
+jizhazha.com, 1
+jizzoh.com, 1
+jizzoh.net, 1
+jizzoh.org, 1
+jj5197.co, 1
+jj6729.co, 1
+jj6729.com, 0
+jj6957.co, 1
+jj9297.co, 1
+jj9397.com, 1
+jj9721.com, 0
+jj9728.co, 1
+jjfxz.com, 1
+jjj.blog, 1
+jjjj.loan, 1
+jjlandscapedesign.com, 1
+jjlvk.nl, 1
+jjonaws.com, 1
+jjphotographyia.com, 1
+jjsguitarpickups.com, 1
+jjsmaccountants.com, 1
+jjspartyhire.co.uk, 1
+jjsummerboatparty.co.uk, 1
+jjzmaj.tk, 1
+jk-forensics.de, 1
+jk-regeltechnik.de, 1
+jk-rjevka.gq, 1
+jkarteaga.tk, 1
+jkbfabrics.com, 0
+jkbizsolutions.org, 1
+jkessen.de, 1
+jkest.cc, 1
+jkfasham.com.au, 1
+jkg.tw, 1
+jki.io, 1
+jkinteriorspa.com, 1
+jkloli.tk, 1
+jkmoving.com, 0
+jkng.eu, 1
+jkrippen.com, 0
+jkts.tk, 1
+jktu.cc, 1
+jkuu.org, 1
+jkv-media.cloud, 1
+jkws2.nl, 1
+jkyuan.tk, 1
+jl-dns.eu, 1
+jl-dns.nl, 1
+jl-exchange.nl, 1
+jl-k.com, 1
+jl-mail.nl, 1
+jl-picard.tk, 1
+jlbleakley.com, 1
+jld.paris, 1
+jldrenergysaver.com, 1
+jliu.xyz, 1
+jlkhosting.com, 1
+jlmintegrated.com.au, 1
+jlmirall.es, 1
+jlmunn.com, 1
+jloh.co, 1
+jloh.codes, 1
+jlot.org, 1
+jlpn.eu, 1
+jlpn.nl, 1
+jlponsetto.com, 1
+jlqwer.com, 1
+jlr-luxembourg.com, 1
+jls.idv.tw, 1
+jltcsecuritygroup.com, 1
+jltctech.com, 1
+jlulug.org, 1
+jlwagner.net, 1
+jm73umh.pw, 1
+jm9.co, 1
+jmanalansan.com, 1
+jmango360.com, 1
+jmap.support, 1
+jmarciniak.it, 1
+jmarineau.com, 1
+jmb-jetshades.com, 1
+jmb.lc, 1
+jmbmexico.com, 1
+jmbproject.ga, 1
+jmcataffo.com, 1
+jmce.eu, 1
+jmcleaning.services, 1
+jmdekker.it, 1
+jmedesign.tk, 1
+jmedved.com, 1
+jmeno.eu, 1
+jmentertainment.co.uk, 1
+jmf-clan.tk, 1
+jmg3.dynu.net, 1
+jmha.live, 1
+jmisern.com, 1
+jmk.hu, 1
+jmlegrand.com, 1
+jmm.io, 1
+jmn.pl, 1
+jmob.loan, 1
+jmonagas-portfolio.ml, 1
+jmorahan.net, 1
+jmp.chat, 1
+jmpb.hu, 1
+jms8.net, 1
+jmservices.pro, 1
+jmsjms.cc, 1
+jmsjms.me, 1
+jmsjms.org, 1
+jmsjms.xyz, 1
+jmsmarcelo.tk, 1
+jmsolodesigns.com, 1
+jmsquall.tk, 1
+jmssg.jp, 1
+jmstfv.com, 1
+jmsystems.sk, 1
+jmtk.co, 1
+jmtrv.com.co, 1
+jmwsquared.com, 1
+jmy.fyi, 1
+jmzo.nl, 0
+jn1.me, 1
+jnaprojects.co.za, 1
+jnaroofing.co.za, 1
+jnathatchers.co.za, 1
+jncie.eu, 1
+jnewhook.ca, 1
+jnjdj.com, 1
+jnjpolymer.com, 1
+jnko.cz, 1
+jnktn.tv, 1
+jnm-art.com, 1
+jnmpainting.co, 1
+jnmusicgroup.com, 1
+jnr-industry.tk, 1
+jns.org, 1
+jnssnfotografie.nl, 1
+jnsz.hu, 1
+jnx.dk, 1
+jo-2016.tk, 1
+jo-jo-koi.tk, 1
+jo3-w3b-d3v.com, 1
+joa-ebert.com, 1
+joa.fr, 1
+joachimvanrossenberg.com, 1
+joanmoreira.tk, 1
+joannechtler.com, 1
+joannekemarchal.nl, 1
+joanofarcmtcarmel.org, 1
+joansoy.com, 1
+joaobautista.com, 0
+joaojunior.com, 1
+joaoorvalho.com, 1
+joaosampaio.com, 1
+joaosampaio.com.br, 1
+joaquimfialfotografia.com, 1
+job-acasa.tk, 1
+job-chocolat.jp, 1
+job-goo.com, 1
+job-jobs.pl, 1
+job-promotion.jp, 1
+job-uber.com, 1
+job.biz.tr, 1
+job2day.com.ua, 1
+jobadx.com, 1
+jobalicious.nl, 1
+jobanzeigen.de, 1
+jobassadeurs.fr, 1
+jobbkk.com, 1
+jobbnorge.no, 1
+jobbsafari.no, 0
+jobbsafari.se, 1
+jobcenter.tk, 1
+jobcie.com, 1
+jobcorps.gov, 1
+jobcorpsy2y.com, 0
+jobers.co.zw, 1
+jobflyapp.com, 0
+jobfresh.ga, 1
+jobfury.com, 1
+jobgenic.com, 1
+jobhouse.jp, 1
+jobie.tk, 1
+jobig.co.il, 1
+jobin.care, 1
+jobindex.dk, 1
+jobit.gr, 1
+joblife.co.za, 1
+joblover.ml, 1
+jobmarkt21.com, 1
+jobnas.com, 1
+joboutlook.gov.au, 1
+jobrus.ga, 1
+jobrus.ml, 1
+jobs-in-the-middle-east.tk, 1
+jobs-it.tk, 1
+jobs.gov.scot, 1
+jobs.schwarz, 1
+jobs.su, 1
+jobs.ua, 1
+jobs4sales.ch, 1
+jobsboard24.com, 1
+jobscan.co, 1
+jobsconnected.com, 1
+jobscore.com, 1
+jobscout24.ch, 1
+jobseeker.com, 1
+jobseekeritalia.it, 1
+jobsindemedia.nl, 1
+jobsineachstate.com, 1
+jobsisbrown.com, 1
+jobsjj.com, 1
+jobskilled.co.za, 1
+jobsknowlgee.tk, 1
+jobsmali.ml, 1
+jobsmarthasvineyard.com, 1
+jobsmnc.co.id, 1
+jobsnearme.london, 1
+jobsoid.com, 1
+jobsportalbookmarking.tk, 1
+jobsuchmaschine.ch, 1
+jobtools.tk, 1
+jobtread.com, 1
+jobulk.com, 1
+joburgplumbing.co.za, 1
+jobwinner.ch, 1
+jobynet.tk, 1
+jobzcorner.tk, 1
+jocafil.com, 1
+jocata.com, 1
+jocelynjenkins.com, 1
+jochem.cc, 1
+jochem.sh, 1
+jock2go.eu, 1
+jockbusuttil.co.uk, 1
+jockbusuttil.com, 1
+jockbusuttil.uk, 1
+jocomo.gov, 1
+jocuri-noi.tk, 1
+jocurionline.eu, 1
+jodaniels.photography, 1
+jodaviesscountyil.gov, 1
+jodlajodla.si, 1
+jodyboucher.com, 0
+joe-st.de, 1
+joe262.com, 1
+joearodriguez.com, 1
+joecod.es, 1
+joed.tk, 1
+joedavison.me, 1
+joedeblasio.com, 1
+joedight.net, 1
+joedoyle.us, 1
+joedroll.com, 1
+joefixit.co, 1
+joefixit.co.uk, 1
+joehenry.co.uk, 1
+joejacobs.me, 1
+joel-mayer.de, 1
+joel.coffee, 1
+joelandersen.me, 1
+joelengel.com, 1
+joelfries.com, 1
+joelgugler.com, 1
+joelito.tk, 1
+joelj.org, 1
+joelkoen.com, 1
+joelle.me, 1
+joelleandpeter.co.uk, 1
+joelleisthatbitch.tk, 1
+joellelew.is, 1
+joellev.nl, 1
+joellimberg.com, 1
+joellombardo.com, 0
+joelmunch.com, 1
+joelving.dk, 0
+joeon.systems, 1
+joepitt.co.uk, 0
+joerg-wellpott.de, 1
+joergschneider.com, 1
+joerss.at, 1
+joeseago.com, 0
+joeshare.info, 1
+joeshimkus.com, 1
+joeskup.com, 1
+joesmotorpool.fr, 1
+joesniderman.com, 1
+joesniderman.net, 1
+joesniderman.org, 1
+joespaintingpgh.com, 1
+joeteach.us, 1
+joettecalabrese.com, 1
+joetyson.io, 1
+joetyson.me, 1
+joeyfelix.com, 1
+joeyhoer.com, 1
+joeysglassbaytown.com, 1
+joeysmith.com, 0
+joeyvanvenrooij.nl, 1
+joeyvilaro.com, 1
+jofel-kinderkleding.tk, 1
+jofogas.hu, 1
+jogg.nl, 1
+joggers.tk, 1
+joggingtips.ga, 1
+jogi-server.de, 1
+jogjacar.com, 1
+jogjakarta.tk, 1
+joglopark.com, 1
+jogorama.com.br, 0
+jogosdeanimais.org, 1
+jogosecodes.com, 0
+jogosfutebolhoje.pt, 1
+jogoshoje.com, 1
+jogoshoje.io, 0
+jogwitz.de, 1
+johan-koffeman.tk, 1
+johand.io, 1
+johanlog.com, 1
+johann.tk, 1
+johanna-besmier.fr, 1
+johanna.gallery, 1
+johannabest.com, 1
+johannaojanen.com, 1
+johannavarmala.fi, 1
+johannes-bauer.com, 1
+johannes-schaefer.de, 1
+johannes-sprink.de, 0
+johannes-zinke.de, 1
+johannes.io, 1
+johannes.wtf, 1
+johannesen.tv, 1
+johannfritsche.de, 1
+johanpeeters.com, 1
+johansf.tech, 0
+johego.org, 1
+johlmike.com, 1
+john2point0.com, 1
+johnabraham.net, 1
+johnathanhasty.com, 1
+johnball.co, 1
+johnbeerens.com, 1
+johnbeil.com, 1
+johnblackbourn.com, 1
+johnblotsky.tk, 1
+johnbpodcast.com, 1
+johncam.tk, 1
+johncleary.me, 1
+johncook.co.uk, 1
+johncook.ltd.uk, 1
+johndball.co, 1
+johndball.com, 1
+johndball.info, 1
+johndball.net, 1
+johndball.org, 1
+johndeisher.com, 1
+johndonmoyer.com, 1
+johnex.se, 1
+johnfulgenzi.com, 1
+johngmchenrymd.com, 1
+johngreatwood.com, 1
+johnhenderson-god.com, 1
+johniii.co, 1
+johninwood.com, 1
+johnjayro.com, 1
+johnjohnsons.tk, 1
+johnkastler.net, 1
+johnkraal.com, 1
+johnlewis.com, 1
+johnload.tk, 1
+johnmac.cn, 1
+johnmalloneemd.com, 0
+johnmcc.net, 1
+johnmcintosh.pro, 1
+johnmellison.com, 1
+johnmichel.org, 1
+johnmillerdesign.com, 0
+johnmirenda.com, 1
+johnno.be, 1
+johnnybegood.tk, 1
+johnnybet.com, 1
+johnnybsecure.com, 1
+johnnydoe.tk, 1
+johnnyofans.com, 1
+johnnysandaire.com, 1
+johnocallaghan.tk, 1
+johnocera.com, 1
+johnopdenakker.com, 1
+johnroberts.me, 1
+johnrockefeller.net, 1
+johnrosen.xyz, 1
+johnrosen1.com, 1
+johnrosewicz.com, 1
+johnscottcbe.com, 1
+johnsoncowy.gov, 1
+johnsongenealogy.net, 1
+johnsonho.net, 1
+johnsonroofingltd.co.nz, 1
+johnsons.tk, 1
+johnsonsca.com, 1
+johnsonsuk.com, 1
+johnspion.tk, 1
+johnstownpa.gov, 1
+johnstownrockcowi.gov, 1
+johnswarbrick.com, 1
+johnthenerd.com, 1
+johntomasowa.com, 1
+johntrujillomd.com, 1
+johnvanhese.nl, 1
+johnwinter.tk, 1
+johny.tv, 1
+johnyytb.be, 1
+johutha.ch, 1
+joi-dhl.ch, 0
+joi.onl, 1
+join-aomori.jp, 1
+join.com, 1
+joinamericacorps.gov, 1
+joinamericorps.gov, 1
+joincahoot.com, 1
+joinclyde.com, 1
+joindiaspora.com, 1
+joinentre.com, 1
+joinet.com, 1
+joinfear.tk, 1
+joingy.com, 1
+joingy.net, 1
+joingy.org, 1
+joinmobilizon.org, 1
+joinpeertube.org, 1
+jointheunseen.com, 1
+jointotem.com, 1
+jointsache.com, 1
+joinus-outfits.nl, 1
+joj.sk, 1
+jojo-kiss.com, 1
+jojo-pieism.tk, 1
+jokateszunk.hu, 1
+jokedalderup.nl, 1
+jokerme.com, 1
+jokersro.tk, 1
+jokertv.ovh, 1
+jokesbykids.com, 1
+jokewignand.nl, 1
+joksara.tk, 1
+jolette-hernandez.tk, 1
+joletteperu.tk, 1
+jolienoir.net, 1
+joliet.gov, 1
+joliettech.com, 1
+jolihi.de, 1
+joline.me, 1
+jolinebrussel.nl, 1
+jollausers.de, 1
+jolle.io, 1
+jollyfun.tk, 1
+jollygoodspudz.ca, 1
+jollykidswobbleworld.co.uk, 1
+jollytotschildminder.com, 1
+jollytur.com, 1
+jolo.software, 1
+jolokia.ch, 1
+jomactransport.com, 1
+jomagus.de, 1
+jomibe.de, 1
+jomjohor.my, 1
+jomla.ae, 1
+jomo.tv, 1
+jomsolat.tk, 1
+jonadamich.tk, 1
+jonahburke.com, 1
+jonahperez.com, 1
+jonahtheprophet.tk, 1
+jonandnoraswedding.com, 1
+jonark.co, 1
+jonas-thelemann.de, 1
+jonas.me, 0
+jonasberger.com, 1
+jonasbrothers-la-jonaticas.tk, 1
+jonasdiego.tk, 1
+jonasgregersen.com, 1
+jonasgroth.se, 0
+jonasherkel.de, 1
+jonaskarlssonfoto.se, 1
+jonaskjodt.com, 1
+jonaskoeritz.de, 1
+jonaskruckenberg.de, 0
+jonaslovatouniverse.tk, 1
+jonasvdc.info, 1
+jonasvildmark.com, 1
+jonaswitmer.ch, 1
+jonatan.gq, 1
+jonathan-apps.com, 1
+jonathan-himmelreich.de, 1
+jonathancarter.org, 1
+jonathandaleswindle.com, 1
+jonathandowning.uk, 0
+jonathanisaac.com, 1
+jonathanlara.com, 1
+jonathanmassacand.ch, 1
+jonathanrobichaud.ca, 1
+jonathanrys.com, 1
+jonathansanchez.pro, 1
+jonathansomoza.it, 1
+jonathanwisdom.com, 1
+jonba.tk, 1
+jonbarron.cf, 1
+jonblankenship.com, 1
+jondarby.com, 1
+jondevin.com, 1
+jondowdle.com, 0
+jonesborostatebank.com, 0
+jonescountyiowa.gov, 1
+jonescountyiowaelections.gov, 1
+jonescreektx.gov, 1
+jonesfor.men, 1
+joneslymma.com, 1
+jonesopolis.xyz, 1
+jonestowntx.gov, 1
+jonestrading.com, 1
+jonferwerda.net, 1
+jonfor.net, 1
+jong030.nl, 1
+jongbloed.nl, 1
+jongcaxent.tk, 1
+jongenstromp.tk, 1
+jongenwijs.gent, 1
+jongerenkring.tk, 1
+jongpay.com, 1
+jongtonghapkido.tk, 1
+jonilar.com, 1
+jonin.tk, 1
+jonin2.tk, 1
+jonincharacter.com, 1
+jonipuhakka.fi, 1
+jonizatorywody24.pl, 1
+jonkerkamman.tk, 1
+jonkermedia.nl, 0
+jonkpl.com, 1
+jonlabelle.com, 1
+jonlu.ca, 1
+jonnasbeauty.com, 1
+jonnichols.info, 1
+jonny5.ru, 1
+jonnybarnes.uk, 1
+jonnyflash.tk, 1
+jonnygreenwood.tk, 1
+jonoalderson.com, 1
+jonohewitt.com, 1
+jonola.com, 1
+jonpavelich.com, 1
+jons.org, 1
+jonscaife.com, 1
+jonsey.co, 1
+jonshelton.com, 1
+jonslife.tk, 1
+jonssheds.com, 1
+jonstar.tk, 1
+jony.tk, 1
+joo.ru, 1
+joodari.fi, 1
+joogle.at, 1
+jooksuratas.ee, 1
+jooli.tk, 1
+joom.com, 1
+joomag.com, 1
+joomanji.fr, 1
+joomearaweb.tk, 1
+joomla-leipzig.com, 1
+joomladeveloper.ru, 1
+joomlaguru.pl, 1
+joompress.biz, 1
+joona.pw, 1
+joonstudios.com, 1
+joopzy.com, 1
+joorshin.ir, 1
+joostdeheer.nl, 1
+joostmaglev.nl, 1
+joostvanderlaan.nl, 1
+jootshop.ga, 1
+joovy.com, 1
+jopestkil.com, 0
+jophson.tk, 1
+joqi4.gq, 1
+joran.org, 1
+jorcus.com, 1
+jordan-armstrong.tk, 1
+jordan-collector.tk, 1
+jordan-jungk.de, 1
+jordancards.com, 1
+jordandevelopment.com, 1
+jordanhamilton.me, 1
+jordanlys.com, 1
+jordanmetal.tk, 1
+jordanmlu.nl, 1
+jordannight.net, 1
+jordanp.engineer, 1
+jordanpark.com, 0
+jordanprice.ml, 1
+jordanprogrammer.tk, 1
+jordans.co.uk, 1
+jordanscorporatelaw.com, 1
+jordansfiles.tk, 1
+jordansmovies.tk, 1
+jordansrequests.tk, 1
+jordanstrustcompany.com, 1
+jordhy.com, 1
+jordibelgraver.email, 1
+jordibelgraver.eu, 1
+jordibelgraver.xyz, 1
+jordioller.com, 1
+jordjord.com, 1
+jorexenterprise.com, 1
+jorgelopezorquesta.tk, 1
+jorgemarquez.es, 1
+jorgenegrete.tk, 1
+jorgenson-peninsula.com, 1
+jorisdalderup.nl, 1
+joriz.tk, 1
+jormulti.tk, 1
+jornadahypera.com.br, 1
+jornalalerta.com.br, 1
+jornalaquidf.com.br, 1
+jornalero.tk, 1
+jorsev.com, 1
+jos-verstappen-fan.tk, 1
+josaa.nic.in, 1
+josannedesign.tk, 1
+josc.com.au, 1
+joscares.com, 1
+jose-alexand.re, 1
+jose-latino.tk, 1
+jose-lesson.com, 1
+jose-manuel-benito-alvarez.tk, 1
+joseenriquegonzalez.tk, 1
+joseetesser.nl, 1
+josef-lotz.de, 1
+josefernandomorilloardila.tk, 1
+josefinagrau.tk, 1
+josefjanosec.com, 1
+joseflegal.com, 1
+josefottosson.se, 1
+josefranca.pt, 0
+josejorques.tk, 1
+joseluisberrocal.tk, 1
+josemariavazquez.com, 1
+josenastrid.tk, 1
+josepbel.com, 1
+josephalexander.media, 1
+josephanthony.tk, 1
+josephbleroy.com, 1
+josephcz.com, 1
+josephcz.win, 0
+josephcz.xyz, 1
+josephmarino.net, 1
+josephojo.com, 1
+josephpinder.com, 1
+josephsniderman.com, 1
+josephsniderman.net, 1
+josephsniderman.org, 1
+josephv.website, 1
+josephwright.co.uk, 1
+josephziegler.com, 0
+joserafaelsosa.tk, 1
+joserecetas.com, 1
+josericaurte.com, 1
+josestiller.de, 1
+joseventos.com, 1
+josh.life, 1
+joshanders.com, 1
+joshbyrne.com.au, 1
+joshcaluette.com, 1
+joshdiamant.com, 1
+joshfoley.co.uk, 1
+joshgroban.tk, 1
+joshharmon.me, 1
+joshhoffer.com, 1
+joshimedical.com, 1
+joshking.com, 1
+joshlovephotography.co.uk, 1
+joshparker.blog, 1
+joshparker.uk, 1
+joshrickert.com, 1
+joshruppe.com, 1
+joshs.domains, 1
+joshs.guide, 1
+joshs.photos, 1
+joshschmelzle.com, 1
+joshspage.ltd, 1
+joshspage.ltd.uk, 1
+joshthewanderer.com, 1
+joshu.am, 1
+joshua-kuepper.de, 1
+joshua.law, 1
+joshuadiamant.com, 1
+joshuagoss.com, 1
+joshuajohnson.ca, 1
+joshuamessick.com, 1
+joshuanishimura.xyz, 1
+joshuaschmitt.us, 1
+joshuastock.net, 1
+joshygeo.tk, 1
+josiekellys.com, 1
+josiemccoy.co.uk, 1
+josien.fr, 1
+josien.net, 1
+josineto.art, 1
+josipovicstevo.tk, 1
+josisummer.net, 1
+josmith.co.za, 1
+joso.tk, 1
+josoansi.de, 1
+josprox.ovh, 0
+jostle.us, 1
+josueteconecta.mx, 1
+josvir.sytes.net, 1
+jot.works, 1
+jotbe.io, 1
+jotes-creations.de, 1
+jotoho.de, 1
+jotoma.de, 1
+joubinkhorsandmd.com, 1
+jouetspetitechanson.com, 1
+jouleperformance.ch, 0
+jouleperformance.de, 0
+jouonline.nl, 1
+jouons-aux-echecs.be, 1
+jourbook.cf, 1
+jourdain.pro, 1
+jourdespa.fr, 1
+journaldesvoisins.com, 0
+journaldufumeur.ch, 1
+journales.com, 1
+journalgameers.ga, 1
+journalgameest.ga, 1
+journalism-schools.com, 1
+journalism.org, 1
+journaliste.tk, 1
+journalisticapp.com, 1
+journalnow.com, 1
+journals.ru, 1
+journalstar.com, 1
+journaltimes.com, 1
+journaway.com, 1
+journeedesfilles.gc.ca, 1
+journey.study, 1
+journeyfriday.rocks, 1
+journeying.ca, 1
+journeyofmymothersson.com, 1
+journeyrent.com, 1
+journeytofi.com, 1
+journeytomastery.net, 1
+joustsec.com, 1
+jouw-job.nl, 1
+jouwbuis.nl, 1
+jouwpaardenbak.nl, 1
+jouwsongteksten.tk, 1
+jouwzorgjob.be, 1
+jovanmarkovic.ga, 1
+jovenescontraelaburrimiento.tk, 1
+jovic.hamburg, 1
+jovisa.com.tw, 1
+jowm-jo.com, 1
+joworld.net, 0
+joy-ride.yokohama, 1
+joyas.gt, 0
+joybuggy.com, 1
+joyce.tk, 1
+joycejamiewedding.com, 1
+joycemachine.com, 1
+joychetry.com, 1
+joycosmetics.ch, 1
+joydivision.tk, 1
+joydream.tk, 1
+joyfulevents.tk, 1
+joyfulhealthyeats.com, 1
+joyinteractive.tk, 1
+joyinverse.com, 1
+joyjohnston.ca, 0
+joymaxiptv.com, 1
+joymepass.com, 1
+joyouscare.co.uk, 1
+joyousisle.com, 1
+joyqi.com, 1
+joysinventingblog.com, 1
+joystickblog.tk, 1
+jozefjabczun.com, 1
+jozefkvasnica.tk, 1
+jozefmichalmintal.com, 1
+jozefmutis.com, 1
+jozefmutis.sk, 1
+jp.kg, 1
+jp.md, 1
+jp404.com, 1
+jpan007.com, 1
+jpanetta.tk, 1
+jparts.su, 1
+jpaudio.org, 1
+jpbe-network.de, 1
+jpbe.de, 1
+jpc-design.com, 1
+jpcases.com.au, 1
+jpcorriganlaw.com, 1
+jpcrochetapparel.com, 1
+jpdineroasi.com, 1
+jpeg.io, 1
+jpegd.io, 1
+jpekkala.com, 1
+jperformance.nl, 1
+jpg.am, 1
+jpg.fr, 1
+jpgangbang.com, 1
+jpgtopdfc.com, 1
+jphev.de, 1
+jphost.ml, 1
+jpilan.com, 1
+jpinfo.tk, 1
+jpixta.com, 1
+jplennard.com, 1
+jpm-inc.jp, 1
+jpmelos.com, 1
+jpmelos.com.br, 1
+jpmguitarshop.com.br, 1
+jpngamerswiki.com, 1
+jpope.org, 1
+jppc.net, 1
+jppcadvertising.com, 1
+jpph.org, 0
+jpr.io, 1
+jpralves.net, 1
+jpram.net, 1
+jproducts.nl, 1
+jproxx.com, 1
+jps-selection.co.uk, 1
+jps-selection.com, 1
+jps-selection.eu, 1
+jpshop.ru, 1
+jpsinflatables.co.uk, 1
+jpst.it, 1
+jpvermogensregie.com, 1
+jpvfinanceira.net, 1
+jpvisual.com, 1
+jqlin.com, 1
+jqlsql.com, 1
+jqpowerwash.com, 1
+jqrecycling.com, 1
+jquery.wtf, 1
+jr-signalisation.fr, 1
+jr5devdoug.xyz, 1
+jr5devdouglas.xyz, 1
+jr5proxdoug.xyz, 1
+jrabasco.me, 1
+jrc.cz, 1
+jrc9.ca, 0
+jrchaseify.xyz, 1
+jreb.nl, 1
+jreiff.de, 1
+jreinert.com, 1
+jrflorian.com, 1
+jrfortune.com, 1
+jrjuristen.nl, 0
+jrlopezoficial.com, 1
+jrmora.com, 0
+jrock.tk, 1
+jrock.us, 1
+jross.me, 1
+jrroofinglancs.co.uk, 1
+jrrw.de, 1
+jrstehlik.com, 1
+jrstehlik.cz, 1
+jrt.ovh, 1
+jrtapsell.co.uk, 1
+jrtransportedemotos.com.br, 1
+jrucomsoc.tk, 1
+jrulka.ru, 1
+jrwu.win, 1
+jrxpress.com, 1
+jrzapis.com, 1
+jrzhong.com, 1
+jrzid.com, 1
+jrzly.com, 1
+js-etiketten.de, 1
+js-web.eu, 1
+js-webcoding.de, 1
+js5203344.com, 1
+js6868.cc, 1
+js86.de, 0
+js889.com, 1
+js93029.com, 1
+jsautomation.co.za, 1
+jsbentertainment.nl, 1
+jsberrylaw.com, 1
+jsbevents.nl, 1
+jsblights.nl, 1
+jsc.mx, 1
+jschumacher.info, 1
+jscsshtml.com, 1
+jsd-aach.de, 1
+jsd-cog.org, 1
+jsdelivr.com, 1
+jsdelivr.net, 1
+jsdesign.mx, 1
+jselby.net, 1
+jsem.fun, 1
+jsemonjr.tech, 1
+jsfloydlaw.com, 0
+jsg.hk, 1
+jsh918.com, 1
+jsidefox.de, 1
+jsjfact.com, 1
+jsjohnsononline.com, 1
+jsjs.net, 1
+jsk26.ru, 1
+jskier.com, 1
+jslots.dk, 1
+jsme.cz, 1
+jsme.fun, 1
+jsn.one, 1
+jsnfwlr.com, 0
+jsnfwlr.io, 0
+jsnguyenlieu.com, 1
+jso-crescendo.ch, 1
+json.download, 1
+json.id, 0
+jsonsinc.com, 1
+jsonvalidator.tk, 1
+jsourcery.com, 1
+jsp-cloud.de, 1
+jspartnersinc.com, 1
+jsphys.org.cn, 1
+jspp2023.jp, 1
+jsproxy.tk, 0
+jsre-kinki.jp, 1
+jss6868.cc, 1
+jstanleyasphaltpaving.com, 1
+jsteward.moe, 1
+jstore.ch, 1
+jsvr.tk, 0
+jswebbdevelopment.com, 1
+jswn9945.xyz, 1
+jsx.jp, 1
+jsxc.ch, 1
+jt-evolution.tk, 1
+jtafla.com, 1
+jtcat.com, 1
+jtconsultancy.sg, 1
+jtfew.co.uk, 1
+jtkconstructiongroup.com, 1
+jtl-software.com, 1
+jtl-software.de, 1
+jtownacademy.com, 1
+jtp.id, 1
+jtrocinski.com, 1
+jtrojanowska.pl, 1
+jts3servermod.com, 1
+jttech.se, 1
+jtxdev.my.id, 1
+jtxmail.org, 1
+ju-edu.tk, 1
+ju-rex.eu, 1
+juabcounty.gov, 1
+jualkambing.tk, 1
+juancadc.es, 1
+juancamos.com, 1
+juancarloscubeiro.com, 1
+juancarlosflores.tk, 1
+juancarlosgalvez.tk, 1
+juancarlosllaque.com, 1
+juancatalangomez.es, 1
+juanfrancisco.tech, 1
+juanherranz.com, 1
+juanhub.com, 1
+juanitia.com, 1
+juanitofatas.com, 1
+juanjomontecinos.tk, 1
+juanmanuel.tk, 1
+juanmapauso.tk, 1
+juanmasuarez.tk, 1
+juanmazzetti.com, 1
+juanmoreno.tk, 1
+juanpena.tk, 1
+juanrodriguezofficial.tk, 1
+juansebastianveron.tk, 1
+juanxt.ddns.net, 1
+jub0bs.com, 1
+jubelmart.ga, 1
+jubileum.online, 0
+jucca-nautica.si, 1
+jucelo.de, 1
+jucktehkeinen.de, 1
+jucocauca.tk, 1
+judc-ge.ch, 1
+jude.eu.org, 1
+judge.ga, 1
+judge.tk, 1
+judge2020.com, 1
+judi-online.ga, 1
+judi.ga, 1
+judi.tk, 1
+judiciary.gov.ph, 1
+judidominokiukiu.ga, 1
+judidominokiukiu.ml, 1
+judithsargentini.nl, 1
+judo2point0.com, 1
+judobasicsers.ga, 1
+judobasicsest.ga, 1
+judochaters.ga, 1
+judochatest.ga, 1
+judoprodeti.cz, 1
+judosaintdenis.fr, 1
+judybai.me, 1
+judykatura.pl, 1
+juegosycodigos.mx, 1
+juejin.com, 1
+juergaperu.tk, 1
+juergen.tk, 1
+juergenklieber.de, 1
+juergenspecht.com, 1
+juergenspecht.de, 1
+juergmeier.ch, 1
+jufem.tk, 1
+jugendfeuerwehr-vechta.de, 1
+jugendforum-schaafheim.de, 1
+jugendhackt.org, 1
+jugendpresse-hessen.de, 1
+jugendpresse.de, 1
+jugendsuenden.info, 1
+jugh.de, 1
+jugoncalv.es, 1
+jugwallonie.be, 1
+juhakoho.com, 1
+juhanihakala.fi, 1
+juice.cf, 1
+juice.codes, 1
+juicebox.com.au, 1
+juicipattiesfranchising.com, 1
+juicycrones.org.uk, 1
+juicydesigns.co.za, 1
+juicyforum.com, 1
+jujutsuoulu.fi, 1
+jukebox-manuals.tk, 1
+jukkakivi.fi, 1
+jukkakivimaki.fi, 1
+jukovka.tk, 1
+juku-wing.jp, 1
+julb.de, 1
+julditec.com, 1
+jule-spil.dk, 1
+julenetxaniz.eus, 1
+julenlanda.com, 0
+julesfrans.be, 1
+julesroovers.nl, 1
+julia-clarete.tk, 1
+julia-jones.org, 1
+julia-spriggs.fr, 1
+julia.school, 1
+juliajuice.net, 1
+juliakieser.de, 1
+julian-miller.de, 1
+julian-post.de, 0
+julian-uphoff.de, 1
+julian-weigle.de, 1
+julian.tech, 1
+julianaedouglas.ga, 1
+julianatoma.com.br, 1
+julianbarske.de, 1
+julianbh.com, 1
+julianbroadway.com, 1
+julianestrada.es, 1
+juliangonggrijp.com, 1
+juliangramajo.tk, 1
+julianickel.de, 1
+juliankraemer.de, 1
+julianmeyer.de, 1
+julianozucare.tk, 1
+juliansimioni.com, 1
+julianskitchen.ch, 0
+julianvmodesto.com, 1
+julianwallmeroth.de, 1
+julianweigle.de, 1
+julianxhokaxhiu.com, 1
+juliaoantiguidades.com.br, 1
+julias.zone, 1
+juliasugar.net, 1
+juliawebber.co.za, 1
+juliazeengardendesign.co.uk, 1
+julibear.com, 1
+julie-and-stevens-wedding.com, 1
+juliedecubber.com, 1
+juliekoubova.com, 1
+juliekoubova.cz, 1
+juliekoubova.name, 1
+juliekoubova.net, 1
+juliekproperties.com, 1
+juliemaurel.fr, 1
+julien-demare.com, 1
+julien-noyelle.com, 1
+julien.expert, 1
+julienc.io, 1
+juliendoco.com, 1
+julienmotheron.tk, 1
+julienpaterne.com, 0
+juliens.tk, 1
+julienschmidt.com, 1
+julienstalder.ch, 0
+julientartarin.com, 1
+juliepetit.com, 1
+julier.com.br, 1
+julieskitchensf.com, 1
+julieskyhigh.net, 1
+juliet-squad.tk, 1
+julietous.be, 1
+julietta-sanchez.org, 1
+juliettesinteriors.co.uk, 1
+julio.jamil.nom.br, 1
+juliofreitas.com, 1
+juliohernandezgt.com, 1
+juliusklein.tk, 1
+jullensgroningen.com, 1
+julm.de, 1
+julmer.tk, 1
+juls.cloud, 0
+jult.net, 0
+jultube.de, 1
+july52.ru, 1
+jumardotaekwondo.tk, 1
+jumbo-air.de, 1
+jumbopan.net, 1
+jumbopeters.tk, 1
+jumbster.com, 0
+jumeirashoes.com, 1
+jumelagevezin-vezins.tk, 1
+jumellesvision.fr, 1
+jumibow.com, 1
+jumio.com, 1
+jummedia.com.au, 1
+jump4funinflatables.co.uk, 1
+jumpalitan.tk, 1
+jumpandbounce.co.uk, 1
+jumpandjivechildrensparties.co.uk, 1
+jumparoundbouncycastles.co.uk, 1
+jumparty.co.uk, 1
+jumpbuttonnorth.com, 1
+jumpeasy.com.au, 1
+jumperke.be, 1
+jumperweb.tk, 1
+jumping4all.com, 1
+jumping4all.info, 1
+jumping4all.nl, 1
+jumpingcastlesonline.com.au, 1
+jumpingdeliege-vip.be, 1
+jumpingforall.com, 1
+jumpingforall.nl, 1
+jumpingjacksbouncycastles.co.uk, 1
+jumpintogreenerpastures.com, 1
+jumpman-iphone-design.de, 1
+jumpnplay.co.uk, 1
+jumpnplay.com.au, 1
+jumprun.com, 1
+jumpseller.cl, 1
+jumpseller.com, 1
+jun-e-jay.com, 1
+junbread.win, 1
+junco.nl, 1
+junctioncitywisconsin.gov, 1
+jundongwu.com, 0
+juneau.gov, 1
+juneaucountywi.gov, 1
+junebo.net, 1
+junebo.nu, 1
+junebo.se, 1
+juneereccentre.com.au, 1
+junefolkhogskola.se, 1
+junethack.net, 1
+junfk.shop, 1
+junge-linke.tk, 1
+jungefreiheit.de, 1
+jungelinke.tk, 1
+junger-chor-marienburg.de, 1
+jungesforumkonstanz.de, 1
+junggesellmuc.de, 1
+junglaurbana.tk, 1
+jungle-forums.tk, 1
+jungleducks.ca, 0
+junglejackscastles.co.uk, 1
+junglelab.io, 1
+junglememories.co.uk, 1
+jungleworks.com, 1
+junglist.org, 1
+jungschuetzen.tk, 1
+jungundwild-design.de, 1
+jungyonghwa.tk, 1
+juniet.net, 1
+juniku.tk, 1
+juniorchamber.international, 1
+juniorhandball.com, 1
+juniornasim.cf, 1
+juniorsambo.tk, 1
+juniorsbook.com, 1
+juniorsplanet.in, 1
+juniperroots.ca, 1
+junix.systems, 1
+junjie.pro, 1
+junjun-web.net, 0
+junk-bear.com, 1
+junkcarboys.ca, 1
+junkdrome.org, 0
+junkersparadise.tk, 1
+junkfoodcafe.com, 1
+junkguy.tk, 1
+junkiedownload.tk, 1
+junkracing.tk, 1
+junksleep.com, 1
+junktojewels.com.au, 1
+junkyardtuning.tk, 1
+junomessenger.cf, 1
+junshinkai.ed.jp, 1
+junte.tk, 1
+juntos.gov, 1
+juntosfmc.com.br, 1
+junyan.ga, 1
+junyangz.com, 1
+junyu33.me, 1
+juozasveza.lt, 1
+jupiteram.com, 1
+jupiterfy.com, 1
+juppy.tk, 1
+jura-reiseschutz.de, 1
+jura-versicherungen.de, 1
+juragan.ga, 1
+juraganhp.com, 1
+juragantembakau.com, 1
+jurancic.com, 1
+jurassicbarkharrogate.co.uk, 1
+jurassicworldfilmen.cf, 1
+jurat.online, 1
+jurcic-prpic.hr, 1
+jurena.sk, 1
+jurex-cup.cz, 1
+jurex.cz, 1
+jurexcup.cz, 1
+jurgenfranse.nl, 1
+jurgens.tk, 1
+jurgis.tk, 1
+jurislex.tk, 1
+jurisprudentacedo.com, 1
+jurist-website.de, 1
+jurist.gq, 1
+juristech.io, 1
+juristique.fr, 1
+juristique.info, 1
+juristique.org, 1
+juristique.us, 1
+jurjendevries.com, 0
+jurkomp.ru, 1
+jurnalfm.md, 1
+jurnalilmiah.com, 1
+jurposluga.tk, 1
+jurquestion.tk, 1
+jurriaan.ninja, 1
+jusfitness.com.au, 1
+juspay.in, 1
+jusquauxdents.tk, 1
+just-a-clanpage.de, 1
+just-bees.de, 1
+just-heberg.fr, 1
+just-keep-swimming.tk, 1
+just-muh.de, 1
+just-pools.co.za, 1
+just-vet-and-drive.fr, 1
+just-webdesign-berlin.de, 1
+just.nl, 1
+just3preety.com, 1
+just6f.com, 1
+justacoupleofclarkes.co.uk, 1
+justacrazygirl.com, 1
+justalternativeto.com, 1
+justanorganizedhome.com, 1
+justanothercompany.name, 1
+justanotherday.tk, 1
+justasdelish.com, 1
+justbelieverecoverypa.com, 1
+justbooktransfers.com, 0
+justboom.co, 1
+justbraces.com.sg, 1
+justbydesign.com, 1
+justcall.io, 1
+justcalm.tk, 1
+justcams.tv, 1
+justchunks.net, 1
+justement.ch, 1
+justf.tk, 1
+justfencingcheshire.co.uk, 1
+justfoodfordogs.com, 1
+justformen.org, 1
+justforschools.co.uk, 1
+justforsunn.com, 1
+justfresh.com, 1
+justfunerals.co.nz, 1
+justgalak.com, 1
+justgalak.org, 1
+justgamblers.com, 1
+justgardenoffices.co.uk, 1
+justgayvideo.com, 1
+justgiving.com, 1
+justice-rains-from-above.tk, 1
+justice.gc.ca, 1
+justice.gov, 1
+justiceforjameela.org, 1
+justifinetwork.com, 1
+justifyloans.com, 1
+justin-p.me, 1
+justin-tech.com, 1
+justin3d.nl, 1
+justindianporn.me, 1
+justinellingwood.com, 1
+justinfreid.com, 1
+justinho.com, 1
+justinmanders.nl, 1
+justinritter.de, 1
+justinsinkula.com, 1
+justinstago.com, 1
+justinstandring.com, 1
+justkidsdental.com, 1
+justknigi.gq, 1
+justlovecoffeefranchise.com, 1
+justmade.com.br, 1
+justmensgloves.com, 1
+justmyblog.net, 1
+justmysocks.xyz, 1
+justnajoua.tk, 1
+justneworleans.com, 1
+justninja.com, 1
+justnu.se, 0
+justor.ru, 1
+justpass.co.uk, 1
+justpass.uk, 1
+justpaste.it, 1
+justpdf.cf, 1
+justpractice.ca, 1
+justquoteme.ga, 1
+justrighthsc.com, 1
+justsa.co.za, 1
+justsandro.tk, 1
+justsellmycar.com, 1
+justshare.tk, 1
+justt-watch-now.xyz, 1
+justupdate.me, 1
+justweather.org, 1
+justwikipedia.com, 1
+justwizards.me, 1
+justyy.com, 1
+justzz.xyz, 1
+juszczak.io, 1
+juszkiewicz.com.pl, 1
+jutella.de, 0
+jutlander-netbank.dk, 1
+jutrainingdiet.fr, 1
+juttaheitland.com, 1
+juul-iversen.dk, 1
+juul.xyz, 0
+juurussuo.tk, 1
+juusujanar.eu, 0
+juvenile-studios.de, 1
+juventudevareira.tk, 1
+juventusmania1897.com, 1
+juventusnews24.com, 1
+juweldot.tk, 1
+juwelier-schmuck.de, 1
+juwelierstoopman.nl, 0
+juweliervanwillegen.nl, 1
+juzgadocaldas.com, 1
+juzz.io, 1
+jv-projects.be, 1
+jvanerp.nl, 1
+jvbouncycastlehire.co.uk, 1
+jvdham.nl, 1
+jvdz.nl, 1
+jvega.me, 1
+jvianes.ddns.net, 1
+jvlfinance.cz, 1
+jvmcomunicacao.com.br, 1
+jvphotoboothhire.co.uk, 1
+jvspin.com, 1
+jvspin13135.top, 1
+jvspinapp.com, 1
+jw-services-stg.org, 1
+jw-services.org, 1
+jw.fail, 1
+jw1.ca, 1
+jwala.diamonds, 1
+jwatt.org, 1
+jwatt.uk, 1
+jwb.red, 1
+jwbrown.cn, 1
+jwbrown.com, 1
+jwbrown.nl, 1
+jwbrown.ru, 1
+jwchords.org, 1
+jwds.blog, 1
+jwds.ca, 1
+jwe.nl, 1
+jweditions.co.uk, 1
+jwhite.network, 1
+jwilsson.com, 0
+jwjwjw.com, 1
+jwmmarketing.com, 1
+jwod.gov, 1
+jwolt-lx.com, 1
+jwompa.com, 1
+jwplay.ml, 1
+jwpoore.com, 1
+jwr.me, 1
+jwroberts.com, 1
+jwschuepfheim.ch, 1
+jwz.org, 1
+jxcad.com.cn, 1
+jxdsp.com, 1
+jxir.de, 1
+jxltom.com, 1
+jxm.in, 1
+jxs.ch, 1
+jxsmodafeminina.com.br, 1
+jybrid.com, 1
+jyllandsakvariet.dk, 1
+jyoba.co.jp, 1
+jyoti-fairworks.org, 0
+jysecurity.com, 1
+jyvaskylantykkimies.fi, 1
+jz.lc, 1
+jzagorulko.com, 1
+jzbk.org, 0
+jzeb.co, 1
+jzminimalist.com, 1
+jztkft.hu, 1
+jzwebdesign.ie, 1
+jzz.cool, 1
+jzzfyw.com, 1
+k-45.ru, 1
+k-amenix.co.jp, 1
+k-bone.com, 1
+k-collab.com, 1
+k-designstudio.com, 1
+k-h-c.ru, 1
+k-homes.net, 1
+k-labs.be, 1
+k-linkcarecenter.com, 1
+k-matsudaclinic.com, 1
+k-moto.sk, 1
+k-netz.de, 1
+k-pan.com, 1
+k-s-edition.ru, 0
+k-sails.com, 1
+k-scr.me, 1
+k-system.de, 1
+k-tube.com, 0
+k-will.tk, 1
+k.tt, 1
+k1024.org, 1
+k123123.com, 1
+k1chn.com, 0
+k2.works, 1
+k234234.com, 1
+k258059.net, 1
+k29.ee, 1
+k2industrial.com, 1
+k2velosi.com, 1
+k36533.com, 1
+k38.cc, 1
+k3a.me, 1
+k3nny.fr, 1
+k3t.net, 1
+k4law.com, 1
+k4nzi.duckdns.org, 1
+k51365.com, 1
+k5197.co, 1
+k55655.com, 1
+k60d.com, 1
+k66.ag, 1
+k665.vip, 1
+k6729.co, 1
+k6729.com, 1
+k6957.co, 1
+k6957.com, 0
+k7add.com, 1
+k7azx.com, 1
+k7cl.com, 1
+k8.com, 1
+k80608.com, 1
+k8082.com, 1
+k82.org, 1
+k82365.com, 1
+k8268.com, 1
+k85.app, 0
+k86.app, 1
+k86681.com, 1
+k86690.com, 0
+k86853.com, 1
+k869.co, 0
+k86921.com, 0
+k86929.com, 0
+k86930.com, 1
+k86967.com, 0
+k87.app, 1
+k87073.com, 0
+k87074.com, 0
+k87075.com, 0
+k87076.com, 0
+k87077.com, 0
+k87079.com, 0
+k87080.com, 0
+k87119.com, 0
+k87121.com, 0
+k87126.com, 0
+k87131.com, 0
+k87133.com, 0
+k87136.com, 0
+k87210.com, 1
+k873.co, 0
+k873.com, 1
+k875.co, 0
+k88107.com, 1
+k88110.com, 0
+k88116.com, 0
+k88127.com, 0
+k88172.com, 1
+k88256.com, 1
+k88257.com, 1
+k88259.com, 1
+k88262.com, 1
+k88269.com, 0
+k88270.com, 1
+k88271.com, 1
+k88272.com, 1
+k88273.com, 1
+k88275.com, 1
+k88276.com, 1
+k88277.com, 1
+k88285.com, 1
+k88302.com, 0
+k88306.com, 1
+k88312.com, 0
+k88313.com, 1
+k88327.com, 1
+k886.co, 1
+k88670.com, 0
+k88672.com, 0
+k889.co, 1
+k8892.com, 1
+k89.app, 1
+k8dalao.com, 1
+k8didi.com, 1
+k8gege.com, 1
+k8jiejie.com, 1
+k8laosiji.com, 1
+k8meimei.com, 1
+k8meinv.com, 1
+k8n.de, 1
+k8r.eu, 1
+k8v27.com, 0
+k8vn.com, 0
+k9297.co, 1
+k9728.co, 1
+k9bhh.net, 1
+k9erp.com, 1
+k9lady.ml, 1
+k9life.cf, 1
+k9life.gq, 1
+k9life.ml, 1
+k9swx.com, 1
+ka-28022.xyz, 1
+ka-kousin.co.jp, 1
+ka4aka.tk, 1
+ka4ka-ru.tk, 1
+ka4ka.cf, 1
+ka4ka.ml, 1
+kaalberry.com, 0
+kaamoscreations.com, 1
+kaamosmail.com, 1
+kaandorpfietsen.nl, 1
+kaanhaa.com, 0
+kaaniche.xyz, 1
+kaany.io, 1
+kaaraali.fr, 1
+kaas.wtf, 1
+kaasbesteld.nl, 1
+kaatha-kamrater.se, 0
+kaatsen.tk, 1
+kab-s.de, 1
+kabachok.tk, 1
+kabal.tk, 1
+kabardinka.ga, 1
+kabardino-balkariya.ml, 1
+kabel.cf, 1
+kabel.ga, 1
+kabel.gq, 1
+kabel.ml, 1
+kabeldiertje.nl, 1
+kabellegger.nl, 1
+kabeltv.co.nz, 1
+kabeuchi.com, 1
+kabide.net, 1
+kabinett.cz, 1
+kabir.cf, 1
+kabir.tk, 1
+kablo.tk, 1
+kabluchek.tk, 1
+kabluchok.tk, 1
+kabodo.com, 1
+kaboommagazine.ga, 1
+kaboommagazine.gq, 1
+kaboommagazine.ml, 1
+kabos.art, 1
+kabu-abc.com, 1
+kabuka.jp.net, 1
+kabuki-inc.co.jp, 1
+kabukpsikoloji.com, 1
+kabulboy.tk, 1
+kabulpress.org, 1
+kabushiki.jp, 1
+kabyle.com, 1
+kacanews.com, 1
+kacang-bali.com, 1
+kacgal.com, 1
+kachaem-knigi.gq, 1
+kachat.io, 1
+kachelfm.nl, 1
+kachka.cf, 1
+kachlikova2.cz, 1
+kack.website, 1
+kackyreloaded.com, 1
+kacy-kisha.com, 1
+kada.lk, 1
+kadalove.net, 1
+kaddex.xyz, 1
+kaddify.de, 1
+kadeatwood.com, 1
+kadenafss.com, 1
+kadenba.ch, 1
+kadence.tk, 1
+kadenlegion.com, 1
+kadet.net.ru, 1
+kadett-c-club-limburg.tk, 1
+kadhal-kirukkan.tk, 1
+kadidak.com, 0
+kadifeli.com, 1
+kadinbonesulsel.id, 1
+kadinhaber.tk, 1
+kadinhayati.com, 1
+kadinisci.org, 1
+kadinsaglikhaber.tk, 1
+kadinvesaglik.tk, 1
+kadix.com.br, 0
+kado-ya.jp, 1
+kadolis.com, 1
+kadro.com.pl, 1
+kadvi.tk, 1
+kadykchanskiy.ml, 1
+kaedehara.xyz, 1
+kaeme.com, 1
+kaeptns-sechser.de, 1
+kaeru-seitai.com, 1
+kaese-journal.ch, 1
+kaesehagen.nl, 1
+kafel-ufa.tk, 1
+kafeline.com, 1
+kaffad.site, 1
+kaffeekrone.de, 1
+kaffeepflanze-pflege.de, 1
+kaffeeringe.de, 1
+kaffeesud.org, 1
+kaffeklubben.tk, 1
+kaffeluckan.se, 1
+kafgoldenbearsbor.tk, 1
+kafoom.de, 1
+kagami.tk, 1
+kagata-kids.com, 1
+kagebyvyre.tk, 1
+kagel.ch, 1
+kagelmacher.ch, 1
+kages.at, 1
+kaggle.com, 1
+kagi.com, 1
+kagicomb.org, 1
+kagithanemantolama.com, 1
+kagl.me, 1
+kagomesashi.tk, 1
+kaguramea.fr, 1
+kaha.co.id, 1
+kahane.org, 1
+kahmad.in, 1
+kahoot.it, 1
+kahvakiekkotalkoot.fi, 1
+kai-i.com, 1
+kai-justin.de, 1
+kai-ratzeburg.de, 1
+kai-ruecker.tk, 1
+kaiahealth.com, 1
+kaibinyang.com, 1
+kaibinyang.tk, 1
+kaibo.cz, 1
+kaibo.eu, 1
+kaiche.com, 1
+kaida-rybak.ru, 1
+kaidoblogi.eu, 1
+kaigojj.com, 1
+kaihipay.jp, 1
+kaijo-physics-club.work, 1
+kaik.io, 1
+kaik.vn, 1
+kaika-facilitymanagement.de, 1
+kaikaibrai.com, 1
+kaikei7.com, 1
+kaikrups.com, 1
+kaileymslusser.com, 0
+kaimassagechairs.com, 1
+kaimi.io, 0
+kainelaw.com, 1
+kainetsoft.com, 1
+kainsanders.com, 1
+kainz.be, 1
+kaiod.tk, 1
+kaioken.bar, 1
+kaion.vn, 1
+kaipel.de, 1
+kairion.de, 0
+kairuitan.com, 0
+kais08.com, 1
+kaisanord.org, 1
+kaiser.ga, 1
+kaiser.wf, 1
+kaiseraerospace.tk, 1
+kaiserinformativo.com, 1
+kaisev.net, 1
+kaishi009.com, 1
+kaishi555.com, 1
+kaisto.net, 0
+kaisyo.co.jp, 1
+kaitol.click, 1
+kaitseministeerium.ee, 0
+kaity-sun.com, 1
+kaiu-sport.de, 1
+kaiusaltd.com, 0
+kaiva.cl, 1
+kaiwritings.com, 1
+kaiwu.xyz, 1
+kaiy.moe, 1
+kaizencraft.ga, 1
+kaizendigitalstudios.live, 1
+kaizenjuku.org, 1
+kaizenreporting.com, 1
+kaizeronion.com, 1
+kaizoku-dmc.com, 1
+kajak.land, 1
+kajalkumar.tk, 1
+kajasafe.fi, 1
+kajirakuda.com, 1
+kajlovo.cz, 1
+kajzonnebeke.tk, 1
+kak-pohudet-legko.ml, 1
+kaka.farm, 0
+kakabo.vn, 1
+kakacon.nz, 1
+kakan.ml, 1
+kakaravaara.fi, 1
+kakatu.ru, 1
+kakazai.com, 1
+kakdolgonline.cf, 1
+kakdoma-23.ru, 1
+kakeru.cf, 1
+kaketang.com, 0
+kakkerlakken.tk, 1
+kakofotmitzaim.cf, 1
+kakofotmitzaim.ga, 1
+kakofotmitzaim.gq, 1
+kakofotmitzaim.ml, 1
+kakofotmitzaim.tk, 1
+kakoo-media.nl, 1
+kakoomedia.nl, 1
+kakpoluchitzaim.cf, 1
+kakpoluchitzaim.ga, 1
+kakpoluchitzaim.gq, 1
+kakpoluchitzaim.ml, 1
+kakpoluchitzaim.tk, 1
+kaktus-tour.cf, 1
+kaktuskola.se, 1
+kakuch.com, 0
+kakvzyatdolg.ga, 1
+kakvzyatdolg.ml, 1
+kakvzyatzaim.cf, 1
+kakvzyatzaim.gq, 1
+kakvzyatzaim.tk, 1
+kal05.tk, 1
+kalababy.bg, 1
+kalabhavashricreations.com, 1
+kaladarb.com, 0
+kalaharifeis.com, 1
+kalakarclub.com, 1
+kalambur.gq, 1
+kalambur.ml, 1
+kalami.nl, 1
+kalamos-psychiatrie.be, 1
+kalamos.tk, 1
+kalamotownship-mi.gov, 1
+kalapatec.id, 1
+kalashnikov.ml, 1
+kalaskvintetten.tk, 1
+kalaspuffar.se, 1
+kalastus.com, 1
+kaldewei.com, 1
+kaleidoscope.co.uk, 1
+kalek.eu, 1
+kalendarabiturienta.tk, 1
+kalender.com, 1
+kalender.goip.de, 1
+kalerne.tk, 1
+kalhufvudet.se, 1
+kaliaa.fi, 1
+kalian.cz, 1
+kaliboairport.tk, 1
+kaliboys.com, 1
+kaliforniya.tk, 1
+kalimantan.tk, 1
+kalimari.tk, 1
+kalimat.gq, 1
+kalina.ml, 1
+kaliningrad.gq, 1
+kaliningrad.ml, 1
+kalinka-shop.tk, 1
+kaliocommerce.com, 1
+kalisch.eu, 1
+kalisilat.tk, 1
+kalk-shop.nl, 1
+kalkaskavillagemi.gov, 1
+kalkulacka-havarijni.cz, 1
+kallanda.com, 1
+kalleanka.tk, 1
+kalligo.ga, 1
+kalligraf.tk, 1
+kallisto.io, 1
+kalmarbilder.se, 1
+kalmbach.com, 1
+kalmservices.ca, 1
+kalmykia.cf, 1
+kalmykia.tk, 1
+kalogeropoulos-st.com, 1
+kalohan.tk, 1
+kaloix.de, 1
+kalombo.ru, 1
+kalompaturi.com, 1
+kalpavriksh.org, 1
+kalsa.ga, 1
+kalsbouncies.com, 1
+kaltenbrunner.it, 1
+kalterersee.ch, 1
+kaltoft.net, 0
+kaluga.cf, 1
+kaluga.gq, 1
+kalugadeti.ru, 1
+kalugin.tk, 1
+kaluja.fi, 1
+kalwak.cr, 1
+kalwestelectric.com, 1
+kalyangupta.ml, 1
+kalyanmatka.guru, 1
+kalyazin-online.tk, 1
+kam-serwis.pl, 1
+kamalame.co, 1
+kamandula.tk, 1
+kamanja.io, 1
+kamareddine.tk, 1
+kamasutra-training.gq, 1
+kamata-saisyuusyou.com, 1
+kamata-shinkyu-seikotsu.jp, 1
+kamataryo.com, 1
+kamatoycleaner.com, 1
+kamazuri.art, 1
+kambistories.com, 1
+kamchatkatravel.tk, 1
+kamchatkawinter.tk, 1
+kamcolorectal.com, 1
+kamel.social, 1
+kameldesign.com, 1
+kameliya.tk, 1
+kamen-master.ru, 1
+kamennyj-pisatel.tk, 1
+kameno-news.tk, 1
+kamer.nl, 1
+kamerakun.com, 1
+kamerpower.com, 1
+kamery.top, 1
+kameryzababku.sk, 1
+kamey-steuerberatung.de, 1
+kami-riha.com, 1
+kamien-ogrodowy.tk, 1
+kamienie-migdalkowe.pl, 1
+kamikami.eu, 1
+kamikatse.net, 1
+kamikatzerl.net, 1
+kamikazeweb.tk, 1
+kamildrozd.tk, 1
+kamilla.ml, 1
+kamilmagdziak.pl, 1
+kamilsevi.com, 0
+kamin-island.ru, 1
+kaminbau-laub.de, 1
+kaminholz.eu, 1
+kaminoke.info, 0
+kaminoweb.com, 1
+kaminy-msk.ru, 0
+kamio.co.uk, 1
+kamisato-ent.com, 1
+kamistik.com, 1
+kamitech.ch, 1
+kamiyo.tk, 1
+kamlunglelystad.tk, 1
+kamnob.com, 1
+kamp-kisten.nl, 1
+kampanyaradar.com, 1
+kampffische.tk, 1
+kampfsportschule-einherjar.de, 1
+kampova.sk, 1
+kamppailusali.fi, 1
+kampungcyber.tk, 1
+kampunginggris-ue.com, 1
+kampusku.tk, 1
+kamrad.tk, 1
+kamranmirhazar.com, 1
+kamui.co.uk, 1
+kamuniang.org, 1
+kan-ken.fr, 1
+kan.bi, 1
+kan3.de, 1
+kana-mono.biz, 1
+kana.me, 1
+kanabun.top, 1
+kanaete-uranai.com, 1
+kanag.pl, 1
+kanal-c.net, 1
+kanal-schaefer.de, 1
+kanal-tv-haensch.de, 0
+kanalasal.id, 0
+kanalbutikken.no, 1
+kanali.info, 1
+kanapa.gq, 1
+kanariesite.tk, 1
+kanatsuki.tk, 1
+kanava.tk, 1
+kancelyaria.com.ua, 1
+kancolle.me, 1
+kanctovary.tk, 1
+kandalife.com, 1
+kandelaberi.tk, 1
+kanden-com-reform.com, 1
+kandhamal.org, 1
+kandianshang.com, 1
+kandkforwarding.com, 1
+kandofu.com, 1
+kandr.net, 1
+kandra.com.br, 1
+kandrahechiceravudu.com, 1
+kandrive.gov, 1
+kanduit.live, 1
+kanecastles.com, 1
+kanecountyhospitalut.gov, 1
+kanecountyil.gov, 1
+kanehisa.xyz, 1
+kanehusky.com, 0
+kanetix.ca, 1
+kanganer.com, 1
+kangaroo-bouncycastle.co.uk, 1
+kangarooislandholidayaccommodation.com.au, 1
+kangaroojacks.co.uk, 1
+kangaroos.org, 1
+kangaroosgardencentre.ca, 1
+kangavar.tk, 1
+kangbo.com, 1
+kangdaniel.cn, 1
+kangkai.me, 1
+kangkang.net, 1
+kangkang.org, 1
+kangliortho.com, 1
+kangoeroeteam.tk, 1
+kangouroo.ch, 1
+kangutingo.com, 1
+kangzaber.com, 1
+kaninchenartikel.de, 1
+kanis.ag, 1
+kanitha.sk, 1
+kankakeecountyclerk.gov, 1
+kankerpannekoek.nl, 1
+kankfn.com, 1
+kankimaru.com, 1
+kanna.cf, 1
+kannabia.com, 1
+kannata.ml, 1
+kano.fan, 0
+kano.tk, 1
+kanootours.com, 1
+kanosuki.com, 0
+kanotijd.nl, 1
+kanoumokuzai.co.jp, 1
+kanpian369.com, 1
+kanru-clinic.com.tw, 1
+kansai-ramen-derby.com, 1
+kansascityzoo.org, 0
+kansasconstruction.ga, 1
+kansashealth.tk, 1
+kansashighwaypatrol.gov, 1
+kansasnet.tk, 1
+kansasvaccine.gov, 1
+kansasvoterinfo.gov, 1
+kanshutan.com, 1
+kantankye.nl, 1
+kantoorartikelen.nl, 1
+kantoorboel.nl, 1
+kantora-ivanova.com, 1
+kantora-plovdiv.com, 1
+kantorad.io, 1
+kantorosobisty.pl, 1
+kantrok.com, 1
+kantube.tk, 1
+kanui.ml, 1
+kanuking.de, 1
+kanuvu.de, 1
+kanvasbaski.tk, 1
+kanz.jp, 1
+kanzashi.com, 1
+kanzshop.com, 1
+kaohongshu.blog, 1
+kaora.cz, 1
+kaosintesta.tk, 1
+kap-kirche.de, 1
+kap.pe, 1
+kapaci.com, 1
+kapanlagi.gq, 1
+kapelya.gq, 1
+kapilarya.com, 1
+kapiorr.duckdns.org, 1
+kapital-kredit.cf, 1
+kapitalsprung.com, 1
+kapitany.tk, 1
+kapiteintje.tk, 1
+kaplan.se, 1
+kaplanco.com, 1
+kaplanprofessional.edu.au, 1
+kaplatzis.com, 1
+kapparhokappa.tk, 1
+kappenstein.org, 0
+kappharn.com, 1
+kappit.dk, 1
+kappow.co.uk, 1
+kapri.dn.ua, 1
+kaproseo.com, 1
+kapsalonlinds.nl, 1
+kapseli.net, 1
+kapsouro-ksimeromata.eu, 1
+kaptadata.com, 1
+kaptamedia.com, 1
+kapui.net, 1
+kapukoaldizkaria.tk, 1
+kapulakennel.tk, 1
+kapunet.tk, 1
+kaputt.com, 1
+kaputtendorf.tk, 1
+kaputtzich.duckdns.org, 1
+kara-fabian.com, 1
+kara-fabian.de, 1
+karabah.cf, 1
+karabah.tk, 1
+karabas.com, 1
+karabukhaber.tk, 1
+karachay.tk, 1
+karacommagere.com, 1
+karada.live, 1
+karadenizhaberleri.tk, 1
+karajonline.tk, 1
+karakafa.net, 1
+karamanev.me, 1
+karamel69.ru, 1
+karamomo.net, 1
+karand.me, 1
+karanjthakkar.com, 1
+karanlyons.com, 1
+karantyn.pro, 1
+karaoglanis-info.tk, 1
+karaoglanis.tk, 1
+karaokerentalcalgary.com, 1
+karaokerentaledmonton.com, 1
+karaokerentalmontreal.com, 1
+karaokerentalottawa.com, 1
+karaokerentaltoronto.com, 1
+karaokeyboards.tk, 1
+karapatan.org, 1
+karapuzz.tk, 1
+karasev-stroy.ru, 1
+karasevm.ru, 1
+karasik.by, 1
+karatecabes.tk, 1
+karateclub-waregem.tk, 1
+karatepunkslaroca.tk, 1
+karatesamurai.tk, 1
+karawane.tk, 1
+karaz.ps, 1
+karbox.de, 1
+kardia-bordeauxdoggen.tk, 1
+kardize24.pl, 1
+kardjali.bg, 1
+kardla.edu.ee, 1
+kareenaworld.tk, 1
+karel-dingeldey.de, 1
+karel-it.be, 1
+karelgol.tk, 1
+karelia.cf, 1
+karelia.ga, 1
+karelia.ml, 1
+karelin.tk, 1
+kareltrans.tk, 1
+karelvanhecke.com, 1
+karen-homestay.tk, 1
+karencatering.com, 1
+karenerdos.com.au, 1
+karenvien.ga, 1
+karewan.ovh, 1
+kargas.cf, 1
+kargl.net, 1
+karguine.in, 1
+karhukamera.com, 1
+karikatur.cf, 1
+karikatur.ga, 1
+karikatur.ml, 1
+karikatur.tk, 1
+karimova.tk, 1
+karimsaadati.tk, 1
+karina.gd, 1
+karinahh.net, 1
+karinheinenmaassen.nl, 1
+karinwerner.com, 1
+karit.nz, 1
+kariyermemur.com, 1
+karkey.in, 1
+karkkilandemarit.fi, 1
+karlbowden.com, 1
+karlic.net, 1
+karliekloss.tk, 1
+karlin.run, 1
+karlis-kavacis.id.lv, 1
+karlis.tk, 1
+karlislab.com, 1
+karlogavric.com, 1
+karloluiten.nl, 1
+karloskontana.tk, 1
+karlov.tk, 1
+karlproctor.co.uk, 1
+karlskronajk.tk, 1
+karlsmithmn.org, 1
+karlson.gq, 1
+karlswift.com, 0
+karlzotter.com, 1
+karmaassurance.ca, 1
+karmadee.com, 1
+karmaflux.com, 1
+karmaful.de, 1
+karmagroup.com, 1
+karmainsurance.ca, 1
+karmalighting.com, 1
+karmatrend.cf, 1
+karmelava.tk, 1
+karmil.tk, 1
+karn.nu, 1
+karnage.eu, 1
+karneid.info, 1
+karniz.ml, 1
+karo.pc.pl, 1
+karoche.ga, 1
+karodos.pl, 1
+karolak.fr, 0
+karolaschinkel.de, 1
+karolbiskup.pl, 1
+karolinamed.ru, 1
+karopapier.de, 1
+karopc.pl, 1
+karorally.tk, 1
+karoverwaltung.de, 1
+karpanhellas.com, 0
+karperontspanning.tk, 1
+karperpagina.tk, 1
+karpets.gq, 1
+karpo.tk, 1
+karppaamo.fi, 1
+karr.ga, 1
+karramba.tk, 1
+karriharju.tk, 1
+karrot.world, 1
+karryfishing.com, 1
+karsiyakacilingir.biz.tr, 1
+karsofsystems.com, 1
+karstenhelmbold.de, 1
+karstjewellery.co.uk, 1
+karstransport.tk, 1
+karta-baikala.ml, 1
+karta-mira.com, 1
+karta-paliwowa.pl, 1
+kartacha.com, 1
+kartalvincisletmeciligi.com, 1
+kartar.net, 0
+kartec.com, 1
+kartenmarie.de, 1
+kartenplanet.ch, 1
+kartikmohta.com, 1
+karting-normandie.fr, 1
+kartoffel-stampfer.com, 1
+kartoffel-tobi.de, 1
+kartonki.tk, 1
+kartonmodellbau.org, 1
+kartpower.tk, 1
+karula.org, 0
+karupp-did.net, 1
+karussell.com.tr, 0
+kas.ie, 1
+kasad.com, 1
+kasamatsu-sogo-hoken.com, 1
+kasanikares.com, 1
+kasasaprotect.com, 1
+kasaysayan.tk, 1
+kasei.im, 1
+kasettilamerit.fi, 1
+kashbet.net, 1
+kashbontravels.com, 1
+kashflowcoupon.co.uk, 1
+kashflowpromocode.co.uk, 1
+kashifmajid.tk, 1
+kashifshah.tk, 1
+kashinavi.com, 1
+kashis.com.au, 1
+kashmash.com, 1
+kashmirartquest.tk, 1
+kashousing.tk, 1
+kashta-svgeorgi.com, 1
+kasiafricagroup.org, 1
+kasinobonus.com, 1
+kasinoilmanrekisteroitymista.io, 0
+kasinonetti.com, 1
+kasinopartio.com, 1
+kasis.nl, 1
+kaskadee.eu, 1
+kasko.io, 1
+kaskocdn.com, 1
+kaskocloud.com, 1
+kaskodev.com, 1
+kaskojs.com, 1
+kaskoqa.com, 1
+kasparovru.ml, 1
+kasparovru.tk, 1
+kasper-team.tk, 1
+kasperstad.dk, 1
+kass-media.com, 1
+kassa.at, 1
+kassa.com, 1
+kassa.expert, 1
+kassa24.kz, 1
+kasse.at, 1
+kasse.pro, 1
+kassemmal.at, 1
+kassen-zero.net, 1
+kassianoff.fr, 1
+kassola.tk, 1
+kastamonuhaberleri.tk, 1
+kastankaoffice.cz, 1
+kastas.com, 1
+kastas.com.tr, 1
+kastelruth.biz, 1
+kastemperaturen.ga, 1
+kastgroup.com, 1
+kastmedia.com, 1
+kastorsky.ru, 0
+kastrupvinduet.dk, 1
+kastuvas-tau.lt, 1
+kasu.ga, 1
+kasvall.com, 1
+kasyna-internetowe.com, 1
+kasynoanalyzer.com, 1
+kat.cat, 1
+kat4at.tk, 1
+katachistore.com, 1
+katagena.com, 1
+kataiszilveszter.hu, 0
+katalog-parfyum.tk, 1
+katalog-serverof.ml, 1
+katalog-serverov.cf, 1
+katalog-serverov.ga, 1
+katalog-serverov.tk, 1
+katalog-tovarov.tk, 1
+katalogbutikker.dk, 1
+katalogharga.cf, 1
+katalogkapsli.pl, 1
+katan-stroi.tk, 1
+katapult-impuls.com, 1
+katapult.es, 0
+katapult.tk, 1
+katarios.tk, 1
+katarpilar.com, 1
+katarsis.lt, 1
+katarsisuib.no, 1
+katartika.tk, 1
+katazuketai.net, 1
+katc.com, 1
+kate-beckinsale.tk, 1
+kate-hurst.com, 1
+katedra.de, 1
+kateduggan.com, 1
+kateduggan.net, 1
+katekligys.com, 1
+katemihalikova.cz, 1
+katenka.tk, 1
+katerinaverbovskaya.com, 1
+katerman.cf, 1
+katerman.ga, 1
+katerman.gq, 1
+katerman.ml, 1
+kateryan.tk, 1
+kateryantv.tk, 1
+katesymmans.co.nz, 1
+katewrightmba.com, 1
+katex.org, 1
+kateysagal.tk, 1
+katfitness.co.uk, 1
+kathakkachakkar.com, 1
+kathardt.de, 1
+katherineandkegan.love, 1
+katherineswynford.tk, 1
+kathleendeisher.com, 1
+kathmandupost.com, 1
+kathrin-maren-enders.de, 1
+kathrynbernardo.tk, 1
+kathy.best, 1
+kathy.lgbt, 1
+kathy.link, 1
+kathyekaan.com, 1
+kathyschlitzer.com, 1
+kati-raumplaner.de, 1
+kati0.com, 1
+katiebenson.tk, 1
+katiechai.xyz, 1
+katiemadethat.shop, 1
+katiepears.net, 1
+katieriker.com, 1
+katieskandy.co.uk, 1
+katieskastles.co.uk, 1
+katio.net, 1
+katiusha.tk, 1
+kativa.it, 1
+katja-nikolic-design.de, 1
+katjapratschke.de, 1
+katka.info, 1
+katmccormick.com, 1
+katnunn.co.uk, 1
+kato-yane.com, 1
+katoikos.world, 1
+katolickaseznamka.cz, 1
+katom.com, 1
+katowice2021.eu, 1
+katrelleonline.tk, 1
+katretter.de, 1
+katrin.tk, 1
+katrinakaifphotos.tk, 1
+katrinasevilla.com, 1
+katrinjanke.de, 0
+katscastles.co.uk, 1
+katsiavarasorthopedics.gr, 1
+katsunet.com, 1
+katsushikacity-cashless.jp, 1
+kattelans.de, 1
+kattelans.eu, 1
+kattelus.tk, 1
+kattens.tk, 1
+katushka.cf, 1
+katushka.ga, 1
+katycollection.com, 0
+katyl.info, 0
+katyusha.net, 1
+katzei.fr, 1
+katzenbrunnen-test.de, 1
+katzensklave.me, 1
+katzrkool.xyz, 1
+kau-boys.com, 1
+kau-boys.de, 1
+kaufberatung.community, 1
+kaufhausdesaffen.com, 1
+kaufkraftkiel.de, 1
+kaufleute-sbh.de, 1
+kaukauna.gov, 1
+kauper.de, 1
+kauperwood.ovh, 1
+kaushal.tk, 1
+kausharach.tk, 1
+kausta.me, 1
+kaustubhk.com, 1
+kavalasite.gr, 1
+kavatasygarety.tk, 1
+kavelruilonline.nl, 1
+kaverti.com, 1
+kavik.no, 1
+kavin.rocks, 0
+kavinchauhan.in, 1
+kavitech.vn, 1
+kavithai.tk, 1
+kavkaz-info.tk, 1
+kavkaz.cf, 1
+kavli-express.gr, 1
+kavovary-kava.cz, 1
+kavshipping.com, 1
+kawabeest.tk, 1
+kawadoart.com, 1
+kawaii-dollies.tk, 1
+kawaii.su, 1
+kawaiicon.org, 1
+kawaiiku.com, 1
+kawaiiku.de, 1
+kawaiilo.li, 1
+kawamura-inc.jp, 1
+kawandegroup.com, 1
+kawasakipartsonline.co.uk, 1
+kawayii.com, 1
+kawigraphics.com, 1
+kawnation.gov, 1
+kawuk.com, 1
+kay.la, 1
+kay.moe, 1
+kayakaventura.tk, 1
+kayakcastro.tk, 1
+kayakpolouniversidades.tk, 1
+kaydan.io, 1
+kayipkiliseler.com, 1
+kayisir.com, 1
+kayit.co.uk, 1
+kayleen.net, 1
+kaylielaw.com, 1
+kayne.com, 1
+kayon.cf, 1
+kayscs.com, 1
+kayseri.bel.tr, 1
+kayserihaberleri.tk, 1
+kaysville.gov, 1
+kaysvillechurch.com, 1
+kayteedidquiltsandmore.com, 1
+kayture.com, 1
+kazakov.lt, 1
+kazan-tury.ml, 1
+kazanasolutions.de, 1
+kazand.lt, 1
+kazandaemon.ru, 1
+kazangoforums.tk, 1
+kazanusadba.cf, 1
+kazap.co.uk, 1
+kazard.co.za, 1
+kazarmy.tk, 1
+kazeso.kz, 1
+kazigk.me, 1
+kazino5.tk, 1
+kazna.ml, 1
+kaznice.art, 1
+kaznur.tk, 1
+kazoohr.com, 1
+kaztest.tk, 1
+kazu-techlab.com, 1
+kazu.click, 1
+kazuhirohigashi.com, 1
+kazumi-clinic.com, 1
+kazumi.ooo, 1
+kazumi.ro, 1
+kazuno-jc.or.jp, 1
+kazvel.com, 1
+kazvet.ru, 1
+kazwolfe.io, 1
+kazy111.info, 1
+kb-psy.fr, 1
+kb096.com, 1
+kb1000.de, 1
+kb1313.com, 1
+kb2121.com, 1
+kb283.com, 1
+kb35.net, 1
+kb38.net, 1
+kb481.com, 0
+kb5050.com, 1
+kb5151.com, 1
+kb5757.com, 1
+kb7070.com, 1
+kb82.net, 1
+kb88dc05.com, 1
+kb88dc12.com, 1
+kb88dc15.com, 1
+kb88dc16.com, 1
+kb88dc17.com, 1
+kb88dc26.com, 1
+kb930.com, 1
+kb9797.com, 1
+kb9988.com, 1
+kba-online.de, 1
+kbb-ev.de, 1
+kbbouncycastlehire.co.uk, 1
+kbc.be, 0
+kbcjiolotterywinners.com, 1
+kbco.net, 1
+kbcr.gov, 1
+kbet168.com, 1
+kbhfuge.dk, 1
+kbit.dk, 1
+kbjorklu.com, 1
+kbkstudio.cz, 1
+kbleventhire.co.uk, 1
+kbmhawaii.com, 1
+kboosting.com, 1
+kbsinflatablekingdom.co.uk, 1
+kbst.se, 0
+kbtairmont.com, 1
+kbtit.jp, 1
+kbz.fr, 1
+kc-holzfaeller.de, 1
+kc-hrubeho.cz, 1
+kc-leeuwarden.tk, 1
+kc1hbk.com, 1
+kc3.moe, 1
+kc5mpk.com, 1
+kcc8.com, 1
+kcfiradio.com, 1
+kchanews.com, 1
+kcire.me, 1
+kck-online.tk, 1
+kckarchitects.com, 1
+kcmak.net, 1
+kcmicapital.com, 1
+kcnawatch.org, 1
+kcnexp.eu.org, 1
+kcnwallet.com, 1
+kcnxp.com, 1
+kcomi.com, 1
+kcpredict.com, 1
+kcptun.com, 1
+kcsconstructioncompany.com, 1
+kcsh.men, 1
+kcshipping.co.uk, 1
+kcsonline.biz, 1
+kcsordparticipation.org, 1
+kcsprayfoam.com, 1
+kcucs.com, 1
+kd-23.ru, 1
+kd-event.de, 1
+kd.net.nz, 1
+kdarawandekar.tk, 1
+kdb.uz, 1
+kdcinfo.com, 1
+kdcompany.ru, 1
+kde-je-skladem.cz, 1
+kdiender.nl, 1
+kdistech.nz, 1
+kdizain.ru, 1
+kdjsa.com, 1
+kdk.com.my, 1
+kdl-group.pl, 1
+kdo-vola.cz, 1
+kdonkers.com, 1
+kdoslavi.cz, 1
+kdpmgi.com, 1
+kdproduction.cz, 1
+kdrama.cc, 1
+kdramaholic.com, 1
+kdrive.tk, 1
+kduggan.net, 1
+kdw.cloud, 1
+kdyby.org, 0
+ke.fo, 1
+ke.ke, 1
+ke8gtp-vf.herokuapp.com, 1
+kea.dk, 1
+keaipublishing.com, 1
+keala.services, 1
+keane.space, 1
+keaneokelley.com, 1
+kearney.io, 1
+kearneycountyne.gov, 1
+kearneyhub.com, 1
+kearnyaz.gov, 1
+keatsandchapman.ie, 1
+keaysmillwork.com, 1
+keb.com.au, 1
+keb.net.au, 1
+kebab.bg, 1
+kebabbesteld.nl, 1
+kebabbruce.com, 0
+kebhanamyanmar.com, 1
+kebo.xyz, 1
+kech-immobilier.com, 1
+kecht.at, 1
+kecrily.me, 1
+kedarastudios.com, 1
+kedero.com, 1
+kedi.tk, 1
+kedinox.com, 1
+kediri.win, 1
+keditor.biz, 1
+kedungombo.tk, 1
+kedv.es, 1
+kee.fi, 1
+kee.pm, 1
+keeb.supplies, 1
+keeb.supply, 1
+keechain.io, 1
+keeckee.ml, 1
+keeforcecloud.com, 1
+keekmix.nl, 1
+keelandlong.com, 1
+keeleandfinchdentaloffice.com, 1
+keeley.net, 1
+keeleysam.com, 1
+keelove.net, 1
+keemail.me, 1
+keematdekho.com, 1
+keenenh.gov, 1
+keengamer.com, 1
+keep-smiling.tk, 1
+keep.id, 1
+keep.moe, 1
+keepa.com, 1
+keepagree.gq, 1
+keepclean.me, 0
+keeperapp.com, 1
+keeperklan.com, 0
+keepersecurity.com, 1
+keepersecurity.com.au, 1
+keepersecurity.eu, 1
+keepersecurity.jp, 1
+keepersecurity.us, 1
+keepingtheplot.co.uk, 1
+keepiteasy.eu, 1
+keepitsecure24.com, 1
+keepitsimplebitcoin.com, 1
+keepitweedy.com, 1
+keepleft.gr, 1
+keeprunning.fun, 1
+keepsakedna.com, 1
+keepsight.org.au, 1
+keepsolid.com, 1
+keesmartens.tk, 1
+keesslop.nl, 1
+keestalkstech.com, 1
+keetfm.tk, 1
+keevault.pm, 1
+keeweb.info, 1
+keez.cf, 1
+keezin.ga, 1
+kefucha.de, 1
+kegan.lol, 1
+keganthorrez.com, 1
+kegelschiene.net, 1
+kehalcpa.ca, 1
+kehez.com, 1
+kehlenbach.net, 1
+kehrle.xyz, 1
+keian.tk, 1
+keibablood.com, 1
+keiebijters.nl, 1
+keifel.de, 1
+keigakusha.co.jp, 1
+keiju.ee, 1
+keiju.fi, 1
+keijuriini.fi, 1
+keikadreamland.fun, 1
+keil-web.de, 1
+keilycosmetics.com, 1
+kein-fidget-spinner-werden.de, 1
+kein-hindernis.de, 1
+kein-vergessen.tk, 1
+keinanung.nl, 1
+keinefilterblase.de, 1
+keio-bizplaza.jp, 1
+keio-formula.com, 1
+keioni.com, 1
+keiralewis.co.uk, 1
+keirna.com, 1
+keisaku.org, 1
+keishi.co.jp, 1
+keishiando.com, 1
+keishicho-mirai-method.jp, 1
+keisinger.name, 1
+keitaro.io, 1
+keith.pro, 1
+keithazzopardi.tk, 1
+keithcwood.com, 1
+keithmcmillen.com, 1
+keiths.ml, 1
+keithstaxis.co.uk, 1
+keithws.net, 1
+keiyuki.com, 1
+keizeror.gov, 1
+kejpop.pl, 1
+kekaoxing.com, 1
+kekarimi.com, 1
+keke-shop.ch, 1
+kekku.li, 0
+kekoskee.gov, 1
+keks.loan, 1
+kelamanproduction.tk, 1
+kelamb.com, 1
+kelantan.tk, 1
+kelantanmudah.com, 0
+kelax.tk, 1
+kelcible.fr, 1
+kelcotool.com, 1
+keldan.fo, 1
+kelder.tk, 1
+kelderro.nl, 1
+kelinda.tk, 1
+kelio.io, 1
+kelis.fr, 1
+kell.tk, 1
+kell3r.ch, 1
+kellansite.com, 1
+keller-aarau.ch, 1
+keller-sports.at, 1
+keller-sports.be, 1
+keller-sports.ch, 1
+keller-sports.co.uk, 1
+keller-sports.com, 1
+keller-sports.de, 1
+keller-sports.dk, 1
+keller-sports.es, 1
+keller-sports.fr, 1
+keller-sports.it, 1
+keller-sports.nl, 1
+keller-sports.se, 1
+keller-x.at, 1
+keller-x.ch, 1
+keller-x.com, 1
+keller-x.de, 1
+keller-x.fr, 1
+keller-x.nl, 1
+keller-x.se, 1
+kellercore.tk, 1
+kellerencompass.com, 1
+kellerlan.org, 0
+kelleylatino.tk, 1
+kelleymcchesney.us, 1
+kellimacconnell.com, 1
+kellyandantony.com, 1
+kellygrenard.com, 1
+kellyosbourne.tk, 1
+kellyskastles.co.uk, 1
+kellyswordshop.com, 1
+kellyvoice.tk, 1
+kellywebcam.tk, 1
+kelm.me, 1
+kelme.com, 1
+keln.net, 1
+kelp.agency, 0
+kelsa.io, 0
+kelsall39.com, 1
+kelteks.com, 1
+kelts.tk, 1
+kelvinchung.tk, 1
+kelvinfichter.com, 0
+kelyan.fr, 1
+kelyon.info, 1
+kemahtx.gov, 1
+kemanai.akita.jp, 1
+kemand.com, 1
+kemba.com, 1
+kemeha.tk, 1
+kemerovo.gq, 1
+kemerovo.ml, 1
+kemerovo.tk, 1
+kemerovo42.tk, 1
+kemet.co.uk, 1
+kemhan.go.id, 1
+kemian.de, 1
+kemmerer-net.de, 0
+kemono.su, 1
+kempkens.io, 1
+kempnertx.gov, 1
+kemptechnologies.com, 0
+kemptonparkplumbing.co.za, 1
+kemptown.co.uk, 1
+kemptown.com, 1
+kemptown.net, 1
+kemsa.ga, 1
+kemsamnhatban.cf, 1
+kemsamnhatban.ga, 1
+kemsamnhatban.gq, 1
+kemsamnhatban.ml, 1
+kemsamnhatban.tk, 1
+ken-electric.com.br, 1
+ken.fm, 1
+kenbillionsyuan.tk, 1
+kenbonny.net, 0
+kendall.productions, 1
+kendallcountyil.gov, 1
+kendallvillein.gov, 1
+kendermore.it, 1
+kendernet.com, 1
+kendev.com, 1
+kendigawards.com, 1
+kendle.tk, 1
+kendrick.tk, 1
+kendu.si, 0
+kenduct.net, 1
+kenedytx.gov, 1
+kenedytxedc.gov, 1
+kenforeman.com, 1
+kenhhomestay.com, 1
+keniasfamilychildcare.com, 1
+keniff.gq, 1
+kenlewis.com, 1
+kennebec.gov, 1
+kennedy.cf, 1
+kennedy.ie, 1
+kennedyinsurancesolutions.com, 1
+kenners.org, 0
+kennethaasan.no, 1
+kennethandersen.com, 1
+kennethlim.me, 1
+kennethsentillas.com, 1
+kennewell.tk, 1
+kennfixx.com, 1
+kennfixx.de, 1
+kennis.ga, 1
+kennisnetwerkparkeren.nl, 1
+kenny-peck.com, 1
+kenny.technology, 1
+kennychan.xyz, 1
+kennynet.co.uk, 1
+keno.im, 1
+keno.tk, 1
+kenockeetownshipmi.gov, 1
+kenokallinger.at, 1
+kenoschwalb.com, 1
+kenpobolivia.tk, 1
+kenpotalca.tk, 1
+kenrick95.org, 1
+kens.pics, 0
+kensbouncycastles.co.uk, 1
+kenshingakuen.or.jp, 1
+kensho-everyday.com, 1
+kensingtonsqca.com, 1
+kentcountyde.gov, 1
+kentdalevets.co.uk, 1
+kentec.net, 0
+kenteipay.jp, 1
+kenterlis.gr, 1
+kentlove.com, 1
+kento.nl, 1
+kentradioaeromodelers.com, 1
+kentut.xyz, 1
+kenvix.com, 0
+kenw.ca, 1
+kenwood-electronics.co.uk, 1
+kenwood.de, 1
+kenwood.eu, 1
+kenx5.eu.org, 1
+kenyachildrencentres.com, 1
+kenyons.info, 1
+kenzelmann.eu, 1
+kenzelmann.name, 1
+kenzie.com.br, 1
+keops-spine.fr, 1
+keos.ga, 1
+keos.tk, 1
+kep-sbt.hu, 1
+kepak.tk, 1
+kepinski.ch, 0
+kepkonyvtar.hu, 1
+kepleruniklinikum.at, 1
+keponews.com, 1
+kepoper.com, 1
+keppler.tk, 1
+kepppi.com, 1
+kepsbt.hu, 1
+keralamurals.in, 1
+keramed.ga, 1
+keramed.gq, 1
+keramikaopava.cz, 1
+kerautretvian.fr, 1
+kerb-grossauheim.de, 1
+kerb.com, 1
+kerbin.org, 1
+kercovaparty.tk, 1
+kerdry.com, 1
+kerebro.com, 1
+keridos.de, 1
+kerijacoby.com, 1
+keritial.eu.org, 1
+kerkdienststream.nl, 1
+kerkeslager.com, 1
+kerkukkitapcisi.com, 1
+kerkukvakfi.org, 1
+kermadec.com, 1
+kermadec.net, 1
+kermisgeluiden.nl, 1
+kermispagina.tk, 1
+kernel-error.com, 1
+kernel-error.de, 1
+kernel-panik.me, 1
+kernel-video-sharing.com, 1
+kernel.nz, 1
+kernelone.com, 1
+kernelpanics.nl, 1
+kernelprogrammer.com, 0
+kernet.com.ar, 1
+kernkompas.nl, 1
+kerocristais.pt, 0
+kerozenn.net, 1
+kerp.se, 0
+kerpen-renovieren.de, 1
+kerrcountytx.gov, 1
+kerrnel.com, 1
+kerroscale.in, 1
+kerryconsulting.com, 1
+kerrydavisguitars.tk, 1
+kersmexico.com, 1
+kerstboomkantenklaar.nl, 1
+kerstpagina.tk, 1
+kersvers.agency, 1
+kertis.tk, 1
+kerus.net, 1
+kervive.com, 1
+kescher.at, 1
+kescher.gay, 1
+kescher.site, 1
+keschi.at, 1
+kesef.org.il, 1
+kesen.news, 1
+kesen.wang, 1
+keshankang.com, 1
+keshankang.org, 1
+keshausconsulting.com, 1
+keshav.cc, 1
+keshavnet.com, 1
+kesifasya.com, 1
+kesinidulu.com, 1
+keskikorpimotorsport.fi, 1
+keskkonnaamet.ee, 0
+keskraamatukogu.ee, 1
+kessa.com, 1
+kesse.ru, 1
+kessel-runners.com, 1
+kesselrun.goip.de, 1
+kesslerandsons.com, 1
+kesslerwine.com, 1
+kesteren.org, 1
+ketamine.co.uk, 1
+ketamine.uk, 1
+ketchcdn.com, 1
+ketchikan.gov, 1
+ketemulagi.com, 1
+ketgioisu.tk, 1
+ketoanvietnam.tk, 1
+ketocanine.ca, 1
+ketoconazole.gq, 1
+ketoliv.dk, 1
+ketotadka.com, 1
+kett.email, 1
+kettererholmes.tk, 1
+kettinggeleider.be, 1
+kettlemetalbbq.com, 1
+kettmail.com, 1
+kettner.com, 1
+kettsy.com, 1
+ketty-voyance.com, 0
+ketulgpatel.tk, 1
+ketzer.tk, 1
+keukenhof.nl, 1
+keukenstudio.tk, 1
+keurigbestprice.tk, 1
+keuvelaar.nl, 1
+keuze.nl, 1
+kevansizemore.com, 1
+kevay.nl, 1
+kevchia.com, 1
+keventajat.fi, 1
+kevertje.net, 1
+kevhosting.com, 1
+kevin-darmor.eu, 1
+kevin-emo.com, 1
+kevin-neirynck.tk, 1
+kevin-ta.com, 1
+kevin.tw, 0
+kevinackford.uk, 1
+kevinapease.com, 1
+kevinaud.io, 1
+kevinbardot.alwaysdata.net, 1
+kevinbauer.ca, 1
+kevinbowers.me, 1
+kevinchang.me, 1
+kevincox.ca, 1
+kevincoynepage.tk, 1
+kevincramer.net, 1
+kevinfigueroamusic.tk, 1
+kevinfoley.org, 1
+kevinfumbles.com, 1
+kevingsky.com, 1
+kevinhill.nl, 1
+kevinhq.com, 1
+kevinji.com, 1
+kevinkla.es, 1
+kevinlocke.name, 1
+kevinloganelectrical.co.nz, 1
+kevinmathiesen.tk, 1
+kevinmeijer.nl, 1
+kevinmo.com, 0
+kevinmoreland.com, 1
+kevinmorssink.nl, 1
+kevinn.nl, 1
+kevinpirnie.com, 1
+kevinrandles.com, 0
+kevinroebert.de, 1
+kevinrousseeuw.be, 1
+kevinschoenmakers.tk, 1
+kevinvanderperren.tk, 1
+kevinvermassen.be, 1
+kevyn.lu, 1
+kewauneeco.gov, 1
+kexingqing.com, 1
+key-content.com, 1
+key-tracker.de, 1
+key.sa, 1
+key1111.com, 1
+key4.com.ua, 1
+keybase.io, 1
+keyblock.ga, 1
+keyblock.gq, 1
+keyblock.tk, 1
+keyboard-monkeys.net, 1
+keybored.co, 1
+keycat.de, 1
+keycdn.com, 1
+keycdn.xyz, 1
+keycodingjohannesburg.co.za, 1
+keycontainers.co.za, 1
+keydelay.tk, 1
+keyerror.com, 1
+keyesrobot.cn, 1
+keyestudio.com, 1
+keyfortech.com, 1
+keygen.sh, 1
+keyhani.tk, 1
+keyholdingservices.co.uk, 1
+keyhomechecker.com, 1
+keyihao.cn, 1
+keyinfo.io, 1
+keykong.io, 1
+keylength.com, 1
+keymaster.lookout.com, 0
+keymicrosystems.com, 1
+keynes.id.au, 1
+keyoxide.org, 1
+keyphotojs.cf, 1
+keypoint.edu.au, 1
+keypublishing.com, 1
+keys.fedoraproject.org, 1
+keyscore.me, 1
+keyscouts.com, 1
+keyserver.sexy, 0
+keysigma.co.uk, 1
+keysix.com, 1
+keysmedspa.com, 1
+keysofart.com, 1
+keysso.net, 1
+keystoimagination.com, 0
+keystone-europe.com, 1
+keysy.com, 0
+keytoenergy.com, 1
+keytomyq.com, 1
+keyua.org, 1
+keyworth-meadow.tk, 1
+keyyek.com, 0
+keziah.de, 1
+kezmanweb.tk, 1
+kf-slot.com, 1
+kf005.com, 0
+kf199.com, 0
+kf2525.com, 1
+kf6636.com, 1
+kf66888.com, 0
+kf6820.com, 1
+kf688.com, 1
+kf7676.com, 0
+kf88666.com, 1
+kf8954.com, 0
+kf8955.com, 0
+kf8956.com, 0
+kf8957.com, 0
+kfassessment.eu, 1
+kfbl.cc, 1
+kfc.bike, 1
+kfgleasing.pl, 1
+kfirba.me, 1
+kfm.ink, 0
+kfmhf.ca, 1
+kfoundation.org, 1
+kfsys.cc, 1
+kfv-kiel.de, 1
+kfvullnetari-uck.tk, 1
+kfz-hantschel.de, 1
+kfz-sachverstand.de, 1
+kfz-service-wachtmann.de, 1
+kfz.nl, 1
+kfzjeugd.nl, 1
+kg7.pl, 1
+kgdev.fr, 1
+kgk-cgc.ch, 1
+kgk.gov.tr, 1
+kgky.cc, 1
+kgm-irm.be, 1
+kgmediafactory.com, 1
+kgnk.ru, 0
+kgs-neviges.de, 1
+kgt10.ru, 1
+kgun9.com, 1
+kgunion.com, 1
+kgv-zappendorf.tk, 1
+kh.pub.sa, 1
+khab03.ru, 1
+khabar24.tk, 1
+khachhangvietnam.tk, 1
+khadishalatina.com, 1
+khakasiya.ml, 1
+khakasiya.tk, 1
+khakassia.cf, 1
+khakassia.ga, 1
+khakassia.gq, 1
+khakassia.tk, 1
+khaki.ga, 1
+khakiblossom.com, 1
+khakim.gq, 1
+khakim.tk, 1
+khaledalsabt.com, 1
+khaledkhan.ml, 1
+khaleesi.tk, 1
+khalid-kanouf.com, 1
+khalidalnajjar.com, 1
+khalidmail.tk, 1
+khaliinfo.tk, 1
+khalti.com, 1
+khampha.vn, 0
+khanacademy.org, 1
+khanh.land, 1
+khankandi.tk, 1
+khanovaskola.cz, 1
+khaotipthai.se, 1
+kharatinoil.ml, 1
+kharkiv.tk, 1
+kharkov.tk, 1
+khas.co.uk, 1
+khatoco.com, 1
+khayal-3d.com, 1
+khda.gov.ae, 1
+khdestiny.tk, 1
+khebranet.tk, 1
+khepri.uk, 1
+kheshtar.pl, 1
+khetzal.info, 1
+khey-tv.fr, 1
+khg-orchester.de, 1
+khimno.com, 1
+khipu.com, 1
+khm.v.ua, 1
+khmb.ru, 0
+khmerios.tk, 1
+khmerlive.cf, 1
+khmrynok.com.ua, 1
+khoasweb.tk, 1
+khodromedic.com, 1
+khojhealth.com, 1
+khonaka.com, 1
+khorne.me, 1
+khoteyev.tk, 1
+khouloud.de, 1
+khoury-dulla.ch, 0
+khouryalexandre.com, 0
+khoxuongchothuegiare.vn, 1
+khramtsov.org, 1
+khristov.com, 1
+khronos.org, 1
+khs1994.com, 1
+khslaw.com, 1
+khste-ceciliamoorsel.tk, 1
+khudothiswanpark.vn, 1
+khukhrain.tk, 1
+khusal.tk, 1
+khwezifinancialservices.co.za, 1
+khwiki.com, 1
+ki-management.ch, 1
+ki.ki, 1
+ki6rbv.com, 1
+kiacatherine.sg, 1
+kiadoapartman.hu, 1
+kiahalchemy.com, 1
+kialo-edu.com, 1
+kialo-pro.com, 1
+kialo.com, 1
+kiamehr.tk, 1
+kiano.net, 0
+kiapartsnow.com, 1
+kiapps.ovh, 1
+kiarayoga.com, 1
+kiarey.net, 1
+kiasarnews.tk, 1
+kiasystems.com, 1
+kibea.net, 1
+kibibit.net, 1
+kibickas.lt, 1
+kibizoid.tk, 1
+kibonnu.com, 1
+kichemalamut.tk, 1
+kick-in.nl, 1
+kickasscanadians.ca, 1
+kickasspoker.com, 1
+kickback-studios.com, 1
+kickedmycat.com, 1
+kickex.com, 1
+kickico.com, 1
+kickitfootball.com.au, 1
+kicksecure.com, 1
+kickshack.tk, 1
+kicktipp.at, 1
+kicktipp.ch, 1
+kicktipp.co.uk, 1
+kicktipp.com, 1
+kicktipp.com.br, 1
+kicktipp.de, 1
+kicktipp.es, 1
+kicktipp.it, 1
+kicktipp.nl, 1
+kicktipp.pl, 1
+kicktipp.pt, 1
+kickzy.nl, 1
+kicou.info, 1
+kiczeklaw.com, 1
+kiczela.eu, 1
+kidalt.tk, 1
+kidaptive.com, 1
+kidbacker.com, 1
+kidcentraltn.com, 1
+kidderminster.ac.uk, 1
+kiddies.tk, 1
+kiddieskingdom.tk, 1
+kiddocom.org, 1
+kiddoscape.eu, 1
+kiddyboom.ua, 1
+kiddyland.co.jp, 1
+kidfitseries.com.au, 1
+kidis.lt, 1
+kidisov.tk, 1
+kidm4k.com, 1
+kidney.ca, 1
+kidneydonation.com, 1
+kidneyst.one, 1
+kido-dc.jp, 1
+kidonng.me, 1
+kids-castles.com, 1
+kids-ok.com, 1
+kids-world.dk, 1
+kids.gov, 1
+kids2day.in, 1
+kids360pediatrics.com, 1
+kidsbits.cc, 1
+kidsblock.cc, 1
+kidsclub.photos, 1
+kidsdaysout.co.uk, 1
+kidsdinefree.com, 1
+kidsdj.co.uk, 1
+kidsforsavingearth.org, 1
+kidsgoga.ga, 1
+kidsinwoods-interfacesouth.org, 1
+kidslearners.com, 1
+kidslearningchannel.wiki, 1
+kidsmark.net, 1
+kidsneversleep.com, 0
+kidsontheyard.com, 1
+kidspaper.nl, 1
+kidsplace.tk, 1
+kidsplanner.fr, 1
+kidsplaybouncycastles.co.uk, 1
+kidstraysers.ga, 1
+kidstraysest.ga, 1
+kidswear.ml, 1
+kidswear.tk, 1
+kidswithguns.tk, 1
+kidtoyshop.ru, 1
+kidwater4ut.gov, 1
+kidzonet.io, 1
+kidzpartiesllp.co.uk, 1
+kidzsmile.co.uk, 1
+kiebel.de, 1
+kiedys.net, 1
+kiefnersoftware.com, 1
+kiehost.tk, 1
+kiekin.org, 1
+kiekko.pro, 1
+kielux.de, 1
+kielwi.gov, 1
+kienlen.org, 1
+kientrucphunguyen.com, 1
+kienviethung.com, 1
+kieran-mcguire.uk, 1
+kieran.de, 1
+kieranjones.uk, 1
+kieranpotts.com, 1
+kieranweightman.me, 1
+kierlandgolf.com, 0
+kierweb.co.uk, 1
+kiesjeplek.nl, 1
+kiesmedia.com, 0
+kiesuwarbeidsrechtadvocaat.nl, 1
+kiesuwkerstkaart.nl, 1
+kietblog.tk, 1
+kieutruong.com, 1
+kiev-live.tk, 1
+kievanrus.tk, 1
+kievholod.in.ua, 1
+kievkiralikotel.com, 1
+kievlove.tk, 1
+kif.rocks, 0
+kiffmarks.com, 1
+kifid.nl, 1
+kigurumi-party.ru, 1
+kiinanharjakoirat.tk, 1
+kiinteistot-lidl.fi, 1
+kiiteyo.net, 1
+kijkmeaanwanneerik.com, 1
+kik-info.com, 1
+kik-textilien.sk, 1
+kik.at, 1
+kik.cz, 1
+kik.de, 1
+kik.ee, 0
+kik.es, 1
+kik.eu, 1
+kik.hr, 1
+kik.hu, 1
+kik.nl, 1
+kik.pl, 1
+kik.pt, 1
+kik.ro, 1
+kik.si, 1
+kikbb.com, 1
+kiki-voice.jp, 1
+kikikanri.biz, 1
+kikivega.net, 1
+kikki.io, 1
+kiku.pw, 1
+kilian.gallery, 1
+kilianvalkhof.com, 1
+kiliframework.org, 1
+kilimstyle.com, 1
+kilkennyaccountingservices.ie, 1
+kilkimzaibu.tk, 1
+killallsudoers.cloud, 1
+killaraapartments.com.au, 1
+killarnee.org, 1
+killborn.tk, 1
+killdeer.com, 1
+killedbynlp.com, 1
+killeenhardware.co.uk, 1
+killer-fashion.tk, 1
+killergreen.tk, 1
+killerrabb.it, 1
+killerrobots.com, 1
+killerwebsites.com.au, 1
+killharmonic.tk, 1
+killme.rocks, 1
+killmebaby.ml, 1
+killmenow.tk, 1
+killtv.me, 1
+killua-website.tk, 1
+killymoonbouncycastles.com, 1
+kilo-files.tk, 1
+kilobyte22.de, 1
+kilogram.nl, 1
+kilomberosugar.co.tz, 1
+kilometertje.nl, 1
+kilosorunum.com, 1
+kiloton.tk, 1
+kilpiapp.com, 1
+kilte.tk, 1
+kim-coiffure.fr, 1
+kimai.cloud, 1
+kimama-protein.jp, 1
+kimbal.co.uk, 1
+kimballcountyne.gov, 1
+kimballwi.gov, 1
+kimballwv.gov, 1
+kimberleythomson.tk, 1
+kimberlitewaxmelts.co.uk, 1
+kimberlyal.gov, 1
+kimberlycaprice.com, 1
+kimbunlar.tk, 1
+kimdotcom.tk, 1
+kimdumaine.com, 1
+kimerald.tk, 1
+kimgirard.com, 1
+kimherala.xyz, 1
+kimicar.de, 1
+kimino-school.com, 1
+kimiris.com, 0
+kimis.gr, 1
+kimisia.net, 1
+kimitang.com, 1
+kimmel.com, 0
+kimmel.in, 0
+kimmientje.tk, 1
+kimochi.info, 1
+kimono-furuya.com, 1
+kimono-hishiya.jp, 1
+kimono-yamaguchiya.com, 1
+kimonocloud.com, 1
+kimonoplatform.com, 1
+kimotodental.com, 1
+kimphattai.vn, 1
+kimsesizlereumutol.tk, 1
+kimsufi-jordi.tk, 1
+kimtran.kim, 1
+kimtstore.com, 1
+kimverly.no, 1
+kimxxx.org, 1
+kin-mail.at, 1
+kin-mail.de, 1
+kin-mail.net, 1
+kinaesthetics-begleitung-zuhause.at, 1
+kinaesthetics-forschung.net, 1
+kinaesthetics-net.at, 1
+kinaesthetics-net.ch, 1
+kinaesthetics-net.de, 1
+kinaesthetics-net.eu, 1
+kinaesthetics-net.it, 1
+kinaesthetics-verein.de, 1
+kinaesthetics.at, 1
+kinaesthetics.ba, 1
+kinaesthetics.by, 1
+kinaesthetics.ch, 1
+kinaesthetics.de, 1
+kinaesthetics.dk, 1
+kinaesthetics.es, 1
+kinaesthetics.ge, 1
+kinaesthetics.hr, 1
+kinaesthetics.it, 1
+kinaesthetics.li, 1
+kinaesthetics.net, 1
+kinaesthetics.pl, 1
+kinaesthetics.ro, 1
+kinaesthetics.ru, 1
+kinaesthetik-verein.de, 1
+kinamedia.se, 1
+kinanart.com, 1
+kinanbudotenero.tk, 1
+kinandcarta.com, 1
+kinautas.com, 1
+kindan.net, 1
+kindapoth.com, 1
+kindcompany.com.br, 1
+kinde.com, 1
+kinden-giankyou.jp, 1
+kinden-kizuna.com, 1
+kinder-garten.tk, 1
+kinderarzt-berlin-zia.de, 1
+kinderarzt-traunstein.de, 1
+kinderballett-frankfurt.de, 1
+kinderbasar-luhe.de, 1
+kinderbuecher-kostenlos.de, 1
+kinderchirurgie-muenchen.de, 1
+kinderchor-bayreuth.de, 1
+kinderevents-sehnde.de, 1
+kindergarten.vic.gov.au, 1
+kinderhaus-kunterbunt-priestewitz.de, 1
+kinderjugendfreizeitverein.de, 1
+kinderkleding.news, 1
+kinderlachen.ro, 1
+kindermarket.bg, 1
+kindernothilfe.de, 1
+kinderopvang.gent, 1
+kinderopvangthuis.nl, 1
+kinderosteopathie-osteopathie.de, 1
+kinderpneumologie.ch, 1
+kindertagespflege-rasselbande-halle.de, 1
+kinderzorg.tk, 1
+kindesfreude.ch, 1
+kindfotografie.nl, 1
+kindle, 1
+kindler-design.ch, 1
+kindler.xyz, 1
+kindlezs.com, 1
+kindredcode.com, 1
+kindredcode.net, 1
+kindredcode.org, 1
+kindredspirits.tk, 1
+kindspace.ca, 1
+kine-duthil.fr, 1
+kinebamps.be, 1
+kinebioquimica.com, 1
+kinecenter.ec, 1
+kinecle.com, 1
+kinencoin-tv.com, 1
+kinepolis-studio.ga, 1
+kinescopecdn.net, 1
+kinesiologie.tk, 1
+kinesiologikerteminde.dk, 1
+kinesiologiodense.dk, 1
+kinesiologiskolen-syd.dk, 1
+kinesiologiuddannelsen.dk, 1
+kineticsdrive.com, 1
+kinetikos.com.au, 1
+kinetiq.com, 1
+kinfule.tk, 1
+king-of-the-castles.com, 1
+kingandmcgaw.com, 1
+kingant.net, 1
+kinganywhere.eu, 1
+kingbot.tk, 1
+kingchess.vip, 1
+kingclass.cn, 1
+kingcourriel.fr, 1
+kingdirectionaldrilling.com, 1
+kingdomcitymo.gov, 1
+kingdomcrawlers.tk, 1
+kingdominnergy.com, 1
+kingdoms.gg, 1
+kingdomshow.mx, 1
+kingedwardvii.co.uk, 1
+kingfast.cc, 1
+kingfast.eu.org, 1
+kingfin.com, 1
+kingfisherhallacademy.org.uk, 1
+kingiescastles.co.uk, 1
+kingjamesbibleonline.org, 1
+kingkongxo.com, 1
+kinglier.ga, 1
+kingliey.ga, 1
+kingmakers.academy, 1
+kingofshooting.com, 1
+kingofthecastlecoventry.co.uk, 1
+kingofthecastlesentertainments.co.uk, 1
+kingofthecastlesouthwales.co.uk, 1
+kingofthecastlesrhyl.co.uk, 1
+kingpay.com, 1
+kingpincages.com, 1
+kingsaft.net, 1
+kingsblueblue.com, 0
+kingsfoot.com, 1
+kingsfordmi.gov, 1
+kingshome.gr, 1
+kingsley.cc, 1
+kingsolomoncages.com, 1
+kingsound.tk, 1
+kingstake.network, 1
+kingston-fear.com, 1
+kingstonga.gov, 1
+kingstonma.gov, 1
+kingsvilletexas.com, 1
+kingtech8.tk, 1
+kingtreeexperts.com, 1
+kini24.ru, 1
+kinison.com, 1
+kinja.com, 1
+kinjerboerebroelof.tk, 1
+kinkenonline.com, 1
+kinklist.me, 0
+kinksecrets.ga, 1
+kinkvr.com, 1
+kinky-books.com, 1
+kinkyinlaws.com, 1
+kinmunity.com, 1
+kinnerfisch.cn, 1
+kinnettmemorial.org, 1
+kinnikinnick.com, 0
+kino-boom.tk, 1
+kino-dom.tk, 1
+kino-doma.tk, 1
+kino-room.ga, 1
+kino-zavr.tk, 1
+kinobag.tk, 1
+kinobarashka.ga, 1
+kinoblik.tk, 1
+kinocheck.com, 1
+kinocheck.de, 1
+kinodrom.kiev.ua, 1
+kinodrom.tk, 1
+kinofest.tk, 1
+kinofile.tk, 1
+kinofilmionline.tk, 1
+kinogold.tk, 1
+kinograd.tk, 1
+kinohi.tk, 1
+kinoks.fr, 1
+kinokub.tk, 1
+kinolex.ml, 1
+kinology.tk, 1
+kinomagia.cf, 1
+kinomangas.ml, 1
+kinomangas.tk, 1
+kinomaniac.tk, 1
+kinomoto.ovh, 0
+kinoplex.com.br, 1
+kinoprostor.tv, 1
+kinos.nl, 0
+kinoscope.tk, 1
+kinoserver.ml, 1
+kinosha.tk, 1
+kinoshkahd.tk, 1
+kinoshki.ga, 1
+kinovam.tk, 1
+kinovsem.ml, 1
+kinowork.tk, 1
+kinozone.tk, 1
+kinschots.eu, 1
+kinsei.jp, 1
+kinshipnd.com, 1
+kintanalodge.fr, 1
+kintawifi.com, 1
+kinter.media, 1
+kinto.pro, 1
+kintone.com, 1
+kintore.tv, 1
+kintsugi-beauty.com, 0
+kintsugispace.com, 1
+kinualive.com, 1
+kinvault.com, 1
+kinyued.store, 1
+kiocloud.com, 0
+kiokoman.eu.org, 0
+kiomara.com, 1
+kiomoda.com, 1
+kionetworks.com, 0
+kionetworks.es, 1
+kioskcomedy.org, 1
+kiosque-famille.net, 1
+kiosquefamille.fr, 1
+kiot.eu, 1
+kiousis.me, 1
+kiow.com, 1
+kip-ribbetjes-bestellen.be, 1
+kipa.at, 1
+kiparchive.org, 1
+kipcrepair.com, 1
+kipi.si, 1
+kipiradio.com, 1
+kiplelive.com, 1
+kippenbart.gq, 1
+kipriakipita.gr, 1
+kiprinform.com, 1
+kiprotect.com, 1
+kiprusoffsummers.tk, 1
+kipwells32.com, 1
+kiraboshi.xyz, 1
+kiragameforum.net, 1
+kirahvi.me, 1
+kirainmoe.com, 1
+kirakorosi.tk, 1
+kiraku.co, 1
+kiralikjeneratorankara.tk, 1
+kirana.studio, 1
+kiraqueen.net, 1
+kirarie-kusatsu.com, 1
+kirbear.com, 1
+kirbyvt.gov, 1
+kirche-bamberg.de, 1
+kirchen-im-web.de, 0
+kirchenchor-olzheim.de, 1
+kirchengemeinde-markt-erlbach.de, 1
+kirchner.social, 1
+kircp.com, 1
+kirei.se, 1
+kiret.tk, 1
+kirgistan.tk, 1
+kiriani.me, 1
+kirie-photos.tk, 1
+kirikira.moe, 1
+kirill.ws, 1
+kirillaristov.com, 1
+kirina.nl, 1
+kirinas.com, 1
+kirka.ga, 1
+kirkae.com, 1
+kirkforcongress.com, 1
+kirkforsenate.com, 1
+kirkify.com, 1
+kirkintillochbc.co.uk, 1
+kirkkonummenavhkerho.net, 1
+kirkovsky.com, 1
+kirkwood-smith.com, 1
+kirkwoodfencing.com, 1
+kirkwoodoutdoors.com, 1
+kirmizipill.com, 1
+kiropraktoristockholm.se, 1
+kirov.ml, 1
+kirovcity.tk, 1
+kirovgrad.tk, 1
+kirrie.pe.kr, 1
+kirs.is, 1
+kirsch-gestaltung.de, 1
+kirschbaum.cloud, 1
+kirsehir.tk, 1
+kirsehirhaber.tk, 1
+kirstenbos.ca, 1
+kirstengillibrand.com, 1
+kirstycouture.co.uk, 1
+kirstygreenwoodartist.ga, 1
+kirus.de, 1
+kirwandigital.com, 1
+kisakazan.ml, 1
+kisallatorvos.hu, 1
+kisaragi.fund, 1
+kisaragi.works, 1
+kisaragihayato.com, 1
+kiseimarriage.com, 1
+kisel.org, 1
+kish-takhfif.com, 1
+kishcar.co, 1
+kishenya.ua, 1
+kisiselveri.com, 1
+kiskeedeesailing.com, 1
+kislovodsk-zamok.tk, 1
+kisma.de, 1
+kismy.ga, 1
+kismy.tk, 1
+kismyder.tk, 1
+kissanime.moe, 1
+kisser.name, 1
+kissesb.net, 1
+kissgyms.com, 1
+kissima-gakou.ml, 1
+kissimmee.gov, 1
+kissmateszabolcs.hu, 1
+kissmycreative.com, 1
+kissoft.ro, 1
+kisspeptin.com, 1
+kistenmacher.net, 0
+kistipro.tk, 1
+kisulki.tk, 1
+kisumuterraceapartments.tk, 1
+kisvasut.tk, 1
+kit.com, 1
+kita-freie-schule.de, 1
+kita-mfg.com, 1
+kita-sun.com, 1
+kita.moe, 1
+kitabgaul.com, 0
+kitabnamabayi.com, 1
+kitacoffee.com, 1
+kitagawa-internal-medicine-clinic.com, 1
+kitaharima-ikiiki.com, 1
+kitchen-design.cf, 1
+kitchen-design.tk, 1
+kitchenguides.org, 1
+kitchenkettle.com, 1
+kitchenlove.tk, 1
+kitchenpad.biz, 1
+kitchenpad.co.uk, 1
+kitchenpad.info, 1
+kitchenpad.net, 1
+kitchenpad.org, 1
+kitchenpad.us, 1
+kitchenpadtimer.com, 1
+kitchenvile.com, 1
+kitchenware.ml, 1
+kitchenware.tk, 1
+kitchenwarehouseltd.com, 1
+kitchenwarestore.xyz, 1
+kitchfurnit.tk, 1
+kitconcept.com, 1
+kitconcept.de, 1
+kitdealoevera.com, 1
+kite-surf.tk, 1
+kite-surfen.tk, 1
+kiteboard-selbstbau.tk, 1
+kitebowl.ru, 1
+kitenation.com, 1
+kiteschoolamsterdam.nl, 1
+kiteschooledam.nl, 1
+kiteschoolnoordwijk.nl, 1
+kiteschoolofkenpo.co.uk, 1
+kitesurfen.tk, 1
+kitevalley.tk, 1
+kitgratos.tk, 1
+kitke.de, 1
+kitkit.cf, 1
+kitkit.tk, 1
+kitpara.shop, 1
+kits-graphiques-shop.tk, 1
+kits-graphiques.tk, 1
+kitsap.gov, 1
+kitscan.com, 1
+kitseliit.ee, 1
+kitspersonal.tk, 1
+kitsplumbingandheating.com, 1
+kitsquid.de, 1
+kitsuna.eu, 1
+kitta.tk, 1
+kittatinny5.org, 1
+kitten-advice-forum.cf, 1
+kittenexchangeers.ga, 1
+kittenexchangeest.ga, 1
+kittentoob.com, 1
+kittitascounty.gov, 1
+kittleapps.com, 1
+kittmedia.com, 0
+kittnerbg.com, 1
+kittpress.com, 0
+kitty-core.org, 1
+kittyblair.org, 1
+kittygalore.nl, 1
+kittyhacker101.tk, 0
+kittyknickers.com.au, 1
+kittymagician.com, 0
+kittypryde.tk, 1
+kittystar.com, 1
+kittywilder.com, 1
+kivacontainer.com, 1
+kivitelezesbiztositas.hu, 1
+kivitv.com, 1
+kiwee.eu, 1
+kiweeagentur.de, 1
+kiwi.com, 1
+kiwi.global, 1
+kiwi.ki, 1
+kiwibird.tokyo, 1
+kiwicoworking.com, 1
+kiwideo.ro, 1
+kiwiflowershop.com.ua, 1
+kiwilove.es, 1
+kiwing.ddns.net, 1
+kiwipayment.com, 1
+kiwipedia.sk, 1
+kiwiplace.com, 0
+kiwisouvenirs.com, 1
+kiwitastic.com, 1
+kiwiz.co.uk, 1
+kix.moe, 1
+kizetroniko.tk, 1
+kizkulesi.tk, 1
+kizomba.info, 1
+kiztarafi.net, 1
+kizunaai.eu.org, 1
+kizzedbykelz.com, 1
+kizzycode.de, 1
+kj1396.net, 1
+kjaer.io, 1
+kjall.me, 1
+kjarni.cc, 1
+kjarrval.is, 1
+kjccradio.tk, 1
+kjcdaily.xyz, 1
+kjchernov.info, 1
+kjellner.com, 1
+kjellvn.net, 1
+kjfaudio.com, 1
+kjkesklinna.edu.ee, 1
+kjkmail.de, 1
+kjmedia.dk, 1
+kjnotes.com, 1
+kjrh.com, 1
+kjv.fan, 1
+kk-bs.de, 1
+kk-gruppe.net, 1
+kk.gt, 1
+kk.in.th, 1
+kk.sb, 0
+kk5197.co, 1
+kk575757.com, 1
+kk6729.co, 1
+kk6729.com, 0
+kk6957.co, 1
+kk9297.co, 1
+kk9721.com, 1
+kk9728.co, 1
+kka.vc, 1
+kkangeli.tk, 1
+kkaramela.eu, 1
+kkc.com, 1
+kkcinemas.in, 1
+kkcomcon.com, 1
+kkdesignsco.com, 1
+kke8tt.top, 1
+kkforwarding.com, 1
+kkgn.nl, 1
+kki.org, 1
+kkiskra.tk, 1
+kkk0011.com, 0
+kkk101.com, 0
+kkk102.com, 0
+kkk104.com, 0
+kkk106.com, 0
+kkk109.com, 0
+kkk201.com, 0
+kkk202.com, 0
+kkk203.com, 0
+kkk204.com, 0
+kkk208.com, 0
+kkk209.com, 0
+kkkkk.click, 1
+kklb.de, 1
+kknapredak-rubin.tk, 1
+kkpig.cn, 0
+kkpp.ga, 1
+kkr-bridal.net, 1
+kkren.me, 0
+kks.ch, 1
+kksg-sulzbach.de, 1
+kksg.com, 0
+kksshop.com, 1
+kkws.co, 1
+kkyy.me, 1
+kkzxak47.com, 1
+kl008888.com, 1
+klaasvantornout.tk, 1
+klabnik.cz, 1
+klabnikova.cz, 1
+klacki.de, 1
+klackingtownshipmi.gov, 1
+klad.tk, 1
+kladionice.tv, 1
+kladson.com, 1
+kladzdor.ga, 1
+kladzdor.tk, 1
+klamathrestoration.gov, 1
+klamathtribalhealth.gov, 1
+klanggut.at, 1
+klankenkast.nl, 1
+klanklichaam.be, 1
+klapib.ee, 1
+klapsinakis.gr, 1
+klapty.com, 1
+klares-licht.de, 1
+klarheit.at, 1
+klarika.com, 1
+klarmobil-empfehlen.de, 1
+klart.se, 1
+klassen.tk, 1
+klassenfahrt-tirol.at, 1
+klassiekballet.tk, 1
+klassika.cf, 1
+klassika.tk, 1
+klatschreime.de, 1
+klaudialeszczynska.pl, 1
+klauke-enterprises.com, 0
+klaukegear.eu, 1
+klaus-pforte.de, 1
+klausapp.com, 0
+klausbrinch.dk, 1
+klausen.dk, 1
+klausfischer.info, 1
+klausfoerster.tk, 1
+klauspforte.de, 1
+klauswissmann.com, 1
+klautshop.com, 1
+klavarog.tk, 1
+klaver.it, 1
+klaverjassen.tk, 1
+klavierhaus-klavins.de, 1
+klavierwunsch.de, 1
+klaxon.ml, 1
+klaymemez.com, 1
+kle.cz, 1
+klea.tk, 1
+kleaning.by, 1
+kleebauerhof.com, 1
+kleen.tk, 1
+kleidertauschpartys.de, 1
+kleim.fr, 1
+kleinblogje.nl, 0
+kleine-dingen.nl, 1
+kleine-strandburg-heringsdorf.de, 0
+kleine-strandburg.com, 0
+kleine-strolche-lich.de, 1
+kleine-viecherei.de, 1
+kleineanfragen.de, 1
+kleineserver.nl, 1
+kleinestrandburg-heringsdorf.de, 0
+kleinestrandburg-usedom.de, 0
+kleinfein.co, 1
+kleinhamilton.co.uk, 1
+kleinhaneveld.tk, 1
+kleinhapl.com, 1
+kleinhelena.dynv6.net, 1
+kleinreich.de, 1
+kleins-hutorok.de, 1
+kleinserienproduktion.com, 1
+kleinsys.com, 1
+kleintransporte.net, 0
+kleinwenner.eu, 1
+kleise.gr, 1
+kleki.com, 1
+klementijgerta.tk, 1
+klemkow.net, 1
+klemkow.org, 1
+klempin.co.uk, 1
+klempin.me, 1
+klempin.net, 1
+klempin.org, 1
+klempin.se, 1
+klempin.uk, 1
+klen.ua, 1
+klenc.eu, 1
+kleor.com, 1
+kleteckova.cz, 1
+kletsenenproeven.nl, 1
+kletskoek.com, 1
+kleurbkennen.nl, 1
+kleuro.nl, 1
+klev.tk, 1
+klever.com.mk, 1
+kleverltd.ru, 1
+kli.is, 1
+klickinvite.com, 1
+klickstdu.com, 1
+kliemann.me, 1
+klik3.nl, 0
+klikacc.com, 0
+klikarnia.pl, 1
+kliki.tk, 1
+klikket.dk, 0
+kliklinks.tk, 1
+klikmarket.tk, 1
+klikweb.id, 1
+klima.com, 1
+klimaanlage-fehler.net, 1
+klimaatkids.be, 1
+klimaatstad.gent, 1
+klimacamp-sterkraderwald.de, 1
+klimafakten.de, 1
+klimakamp.nu, 1
+klimakomplekt.com, 1
+klimalaan.no, 1
+klimalan.no, 1
+klimaloven.no, 1
+klimapartner.de, 0
+klimapartner.net, 1
+klimaplattform-milch.de, 1
+klimatt.com, 1
+klimchuk.by, 0
+klimeck.com, 1
+klinesignals.com, 1
+klingeletest.de, 1
+klingenundmesser.com, 1
+klinik-fuer-aesthetische-zahnheilkunde.de, 1
+klinikac.co.id, 0
+klinikasoyuz.ru, 1
+klinikatlantis.com, 1
+klinikum-oldenburg.de, 1
+klinkenberg.ws, 1
+klinkenbergschoenen.nl, 1
+klinkersnab.ru, 1
+klinknetz.de, 1
+klinkov.tk, 1
+klipa.tk, 1
+klishyn.com, 1
+klitmoeller.de, 1
+klitmoeller.dk, 1
+klitoris.com.tr, 1
+kliu.io, 0
+klj-beveren.tk, 1
+klj-kruibeke.tk, 1
+klj-walshoutem.tk, 1
+kll.li, 1
+klm-huisjes.nl, 1
+klmgewinnspiel.de, 1
+klmhouses.com, 1
+klocast.com, 1
+klocksnack.se, 0
+kloclabs.com, 1
+klogeschichten.net, 1
+kloia.com, 1
+klokhuis.nl, 1
+klokkenluidersvg.nl, 1
+kloop.kg, 1
+klop.info, 1
+klose.family, 1
+klosko.net, 1
+kloudstack.me, 0
+klover-avantages.fr, 1
+klover-cse.fr, 1
+kloza.tk, 1
+kls-desk.com, 0
+kls-platform.com, 1
+klssn.com, 1
+klu.io, 1
+klub-zajmov.ga, 1
+klub.tk, 1
+klubcajovna.cz, 1
+kluberphoto.hu, 1
+klubfitness.pl, 1
+klubgerlach.sk, 1
+klubwsl.tk, 1
+kluck.me, 1
+kludge.eu, 1
+klugemedia.de, 1
+klumba.org, 1
+klumppcompanies.com, 1
+klumpprealty.com, 1
+klusbedrijfdupau.nl, 1
+klushka.cf, 1
+klushnikova.tk, 1
+klustermedia.com, 1
+klusweb-merenwijk.nl, 1
+klutchcard.com, 1
+klute.spdns.de, 1
+kluzza.nl, 1
+klva.cz, 1
+km8.co, 1
+kma.ua, 1
+kmartgifted.com.au, 1
+kmb-chat.de, 1
+kmch.com, 1
+kmdarkmaster.tk, 1
+kmdevelop.com, 1
+kmecnc.com, 1
+kmhesaplama.com, 1
+kmk.hu, 1
+kmkz.jp, 1
+kmov.cc, 1
+kmpropertyfunds.com, 1
+kmpropertyfunds.com.au, 1
+kmrgroup.com, 1
+kmsk.tk, 1
+kmsm.com.au, 1
+kmzs123.cn, 1
+kn007.net, 1
+kn40la.com, 1
+kn4ivj.com, 1
+kn4ola.com, 1
+kn6olc.org, 1
+knabden.co.za, 1
+knabstrup-autoophug.dk, 1
+knallfrosch.ddnss.de, 1
+knapenzutendaal.tk, 1
+knapp.noip.me, 1
+knapp.pro, 1
+knapp.servehttp.com, 1
+knarcraft.net, 1
+knarkkorven.tk, 1
+knarzkopf.de, 1
+knashaug.com, 1
+knauf.com, 1
+knautiluz.net, 0
+knbbw-frnab.tk, 1
+kncg.pw, 1
+kndrd.io, 1
+kneblesauto.com, 1
+knecht.ca, 1
+knechtology.com, 1
+kneerux.de, 1
+kneginec.hr, 1
+knegten-agilis.com, 1
+kneli.co.il, 1
+knep.me, 0
+kneppe.me, 1
+knetterbak.nl, 1
+kngk-transavto.ru, 1
+kngkng.com, 1
+knhchula.com, 1
+kniga-ru.tk, 1
+kniga.market, 0
+knigareceptov.cf, 1
+knigareceptov.tk, 1
+knighki-knighki.ml, 1
+knighkidoma.tk, 1
+knightsblog.de, 1
+knightsbridge.net, 1
+knightsbridgewine.com, 1
+knightsweep.com, 0
+knighulki.cf, 1
+knigi-free.cf, 1
+knigi-market.ml, 1
+knigi-na-dom.cf, 1
+knigi-zdes.gq, 1
+knigifast.ga, 1
+knigiunass.tk, 1
+knihovnajablonne.cz, 1
+knitfarious.com, 1
+knitted-hats.tk, 1
+knitted-things.tk, 1
+knitting-lace.tk, 1
+knitting.cz, 1
+knittingmallers.ga, 1
+knittingmallest.ga, 1
+knittingstory.cf, 1
+knivesandblades.co.uk, 1
+kniwweler.com, 1
+knize.tech, 1
+knizhniy.com, 1
+knjazevac.tk, 1
+knjizevic.at, 0
+knkv.nl, 1
+knmv.nl, 1
+knnet.ch, 1
+knop.info, 0
+knorrnet.de, 1
+knotenpunkt-nbg.de, 1
+knottcountyky.gov, 1
+know.cf, 1
+know2protect.gov, 1
+knowbook.org, 1
+knowdebt.org, 1
+knowledge-base.info, 0
+knowledgeforce.com, 1
+knowledgehook.com, 1
+knowledgematters.com, 1
+knowledgesuccess.org, 1
+knowlevillagecc.co.uk, 1
+knowmoreplatform.com, 1
+knownsec.cf, 1
+knowrentalsers.ga, 1
+knowrentalsest.ga, 1
+knowthebus.cf, 1
+knowthebus.ga, 1
+knowthebus.gq, 1
+knowuproxy.com, 1
+knowyour.place, 1
+knowyourday.ai, 1
+knowyourteam.com, 1
+knoxcountyil.gov, 1
+knoxcountyne.gov, 1
+knoxcountytn.gov, 1
+knoxvilleautosalesers.ga, 1
+knoxvilleautosalesest.ga, 1
+knoxvilleimplants.com, 1
+knoxvilletnpolice.gov, 1
+knrt.de, 1
+knrt.eu, 1
+knsrv.ml, 1
+knthost.com, 0
+kntt.lt, 1
+kntxt7.de, 0
+knuckles.tk, 1
+knulla.me, 1
+knulle.me, 1
+knurps.de, 1
+knuterikskare.no, 1
+knuthildebrandt.de, 0
+knuwiki.tk, 1
+knxstore.cz, 1
+knyawningrenovation.com, 1
+knygos.lt, 1
+knzb.nl, 1
+ko80.com, 1
+koaa.com, 1
+koala-pension.de, 1
+koala.one, 0
+koalapress.fr, 0
+koalarong.com, 1
+koalas.org, 1
+koba.jp, 1
+kobalux.com, 1
+kobb.tk, 1
+kobejet.com, 1
+koberl.com, 1
+kobet.tk, 1
+kobezda.net, 1
+kobieta.guru, 1
+kobietydokodu.pl, 1
+kobil.com, 1
+kobly.com, 1
+kobofarm.com, 1
+koboldcraft.ch, 1
+koboldmalade.fr, 1
+kobovec.tk, 1
+kobrin.tk, 1
+kobtsev.tk, 1
+kobudo49.fr, 1
+koc.hu, 1
+kocaelihaber.tk, 1
+kocaeliyiseyret.com, 1
+koccoo.ga, 1
+koch-wro.pl, 1
+koch.com.au, 1
+kochadaiyaan.tk, 1
+kochbar.de, 1
+kochcommunity.com, 1
+kochdigital.dk, 1
+kocherev.org, 1
+kochereva.com, 1
+kocheshkov.cf, 1
+kochhar.net, 1
+kochi-death.ml, 1
+kochinke.com, 1
+kochinke.us, 1
+kochrezepte.tk, 1
+kochura.tk, 1
+kocka.cf, 1
+kockanakocko.si, 1
+kocovi.cz, 0
+kod13.com, 1
+kod5.com, 1
+kodak-ism.com, 1
+kodama-dorayaki.co.jp, 1
+kodambroker.com, 1
+kodar.tk, 1
+kodden.com.br, 1
+kode-it.de, 1
+kode.ch, 0
+kodeholic.me, 1
+kodes.com.tr, 1
+kodexplorer.ml, 1
+kodifirestick.info, 1
+kodify.net, 1
+kodigo.me, 1
+kodineuerleben.eu, 1
+kodioso.com, 1
+kodkollen.com, 1
+kodkollen.se, 1
+kodnistudio.com, 1
+koe.dk, 1
+koe.hn, 1
+koe.kr, 0
+koebbes.de, 1
+koecollege.com, 1
+koeeusa.org, 1
+koef.nl, 1
+koehlhoff.de, 1
+koehn.com, 1
+koelbli.ch, 1
+koeldezomerdoor.nl, 1
+koelnerkarneval.de, 1
+koelnmafia.de, 1
+koenberkhout.nl, 1
+koenig-pflueger.de, 1
+koenigsbrunner-tafel.de, 1
+koenleemans.nl, 1
+koenrh.com, 1
+koenrh.net, 1
+koenrh.nl, 1
+koenzk.nl, 1
+koerperkult.ch, 1
+koertner-muth.com, 1
+koertner-muth.de, 1
+koethen-markt.de, 1
+koetjesenkanker.nl, 1
+koez-mangal.ch, 1
+koffie-enzo.com, 1
+koffiekoeken.tk, 1
+koffiekompaan.nl, 1
+koffiezine.nl, 1
+kofler.info, 1
+kogak.ninja, 1
+kogax.com, 0
+kogi.fr, 1
+kogotok.gq, 1
+kogotok.ml, 1
+kogudesi.com, 1
+kohaku.love, 1
+kohana.fi, 1
+kohlchan.net, 1
+kohlchan.top, 1
+kohlmajer.de, 1
+kohlpharma.com, 1
+kohparadise.com, 1
+koi-lexikon.de, 1
+koidulag.edu.ee, 1
+koifish.org, 1
+koing.de, 1
+koirala.email, 1
+koiro.fi, 1
+koishi.pro, 1
+koj.co, 1
+koji-tsujitani.net, 1
+kojiishikawa.com, 1
+kojipkgs.fedoraproject.org, 1
+koka-shop.de, 1
+kokakiwi.net, 1
+koketteriet.se, 1
+kokk.loan, 1
+kokoiroworks.com, 1
+kokomo.com.au, 1
+kokomoislandfiji.com, 1
+kokomoprivateisland.com, 1
+kokomoresorts.com, 1
+kokona.ch, 1
+kokona.link, 1
+kokoroheart.cf, 1
+kokoronomori.jp, 1
+kokteili.tk, 1
+koktelparty.tk, 1
+kokumoto.com, 1
+kokuryu.ch, 1
+kokuyo.co.th, 1
+kokuyocamlin.com, 1
+kokwatersport.nl, 1
+kokyu-caba.com, 1
+kol7sry.news, 1
+kolabtree.com, 1
+kolaci.tech, 1
+kolaczek.cz, 1
+koladeogunleye.com, 1
+kolakamal.tk, 1
+kolania.com, 1
+kolania.de, 1
+kolania.net, 1
+kolaprestaurant.com, 0
+kolas.in, 1
+kolbeck.tk, 1
+kolbeinsson.se, 1
+kolcsey.eu, 1
+koldanews.com, 0
+kolfan.tk, 1
+kolhozik.ml, 1
+kolibri.dk, 1
+kolibrikapp.com, 1
+kolibrisolutions.nl, 1
+kolin.org, 1
+kolizaskrap.bg, 1
+kolja-engelmann.de, 1
+kolkataflowermall.com, 1
+kolkatamatrimandir.tk, 1
+kolkinn.no, 1
+kollandsrud.tk, 1
+kollawat.me, 1
+kollega.it, 1
+kollegamenti.it, 1
+kollner.com, 1
+kollross.io, 1
+kolmann.at, 1
+kolmann.eu, 1
+kolmeya.com.br, 1
+kolodec-pod-kluch.ru, 1
+kolonie-am-stadtpark.de, 1
+kolonie.turystyka.pl, 1
+kolorado.tk, 1
+koloradskij-zhuk.tk, 1
+kolorkids.pt, 1
+kolorwell.tk, 1
+kolotsainaskoto.tk, 1
+kolpingsfamilie-vechta-maria-frieden.de, 1
+kolrami.com, 1
+kolsandpeers.com, 1
+koltozzbe.hu, 1
+kolue.com, 1
+koluke.co, 1
+koluke.com, 1
+kolukylaselts.ee, 1
+kolyapetrov.tk, 1
+kom.pe, 1
+komalgandhi.tk, 1
+komall.net, 1
+komarex.pl, 1
+komarh.tk, 1
+komasan.net, 1
+komatsuforklift.com, 1
+kombikredit.de, 1
+komehyo.co.jp, 1
+komelin.com, 0
+kometia.com, 1
+komfort-doma.by, 1
+komfort.kh.ua, 1
+komichcapital.com, 1
+komicloud.com, 1
+komidoc.com, 1
+komikstation.co, 1
+kominfo.go.id, 0
+kominki-sauny.pl, 1
+komintek.ru, 1
+komintern43.tk, 1
+komischkeszeug.de, 1
+komitur.tk, 1
+komlangs.nl, 1
+kommaer.dk, 1
+komment.ml, 1
+kommerciya.cf, 1
+kommerciya.ml, 1
+kommotiv.nl, 0
+kommunalkredit.de, 1
+kommunermeddnssec.se, 1
+kommunermedipv6.se, 1
+kommunikation-czw.de, 1
+kommunistienliitto.tk, 1
+kommx.de, 1
+komodolabs.com, 1
+komoju.com, 1
+komok.co.uk, 1
+komoraoze.cz, 1
+komornikmroczek.pl, 1
+komp-plus.tk, 1
+komp247.pl, 1
+kompanen.nl, 1
+kompaniya-vasya.tk, 1
+kompetenzkurs.de, 1
+kompiwin.com, 1
+komplekt.gq, 1
+komplet.sk, 1
+komplexlysimple.com, 0
+kompliant.nu, 1
+kompotik.tk, 1
+komputer-net.tk, 1
+komshi.ge, 1
+komsija.tk, 1
+komsomolka.works, 1
+komun.me, 1
+kon-sil.de, 1
+kon.cat, 1
+konaki.net, 1
+konata.tech, 1
+konbantsan.com.tr, 1
+koncertbooking.com, 1
+koncertit.com, 1
+koncertomania.pl, 1
+kondakov.link, 1
+kondakovgorin.us, 1
+kondakovvg.com, 1
+kondi-flex.biz, 1
+kondi-flex.de, 1
+kondi-flex.net, 1
+kondi-flex.org, 1
+kondi-save.biz, 1
+kondi-save.de, 1
+kondiflex.de, 1
+kondiflex.eu, 1
+kondisave.biz, 1
+kondo-kougei.co.jp, 1
+konducars.nl, 1
+konectbus.co.uk, 1
+konetsu.tk, 1
+konf.ga, 1
+konfekcjonowanie.com, 1
+konference.tech, 1
+konfiskator.online, 1
+konflikthaus.de, 1
+konfliktklaerer.de, 1
+konfrontation.tk, 1
+kong.ink, 1
+kongar.org, 1
+kongjie.cf, 1
+kongjie.ml, 1
+kongress-hostessen.de, 1
+koniecfica.sk, 0
+konijnen-knaagdieren.tk, 1
+koningerik.nl, 1
+konings.it, 0
+koningsdag-arnhem.nl, 1
+koningslust.tk, 1
+koninkrijk.net, 1
+konjunktion.tk, 1
+konkai.store, 1
+konkanitv.ga, 1
+konklone.com, 1
+konkurs.ba, 1
+konnai.jp, 1
+konnex-it.de, 1
+konnitanaka.com, 1
+konoex.com, 1
+konoka.top, 1
+kononenko.ml, 1
+konopizza.at, 1
+konpyuta.nl, 1
+konser.co.uk, 1
+konsertoversikt.no, 1
+konservy.tk, 1
+konskowola.info.pl, 1
+konsol.pro, 1
+konst.se, 1
+konstanz.tk, 1
+konstitucia.com, 1
+konstructdigital.com, 1
+konsul.ga, 1
+konsul.tk, 1
+konsultacii-buhgaltera.ga, 1
+konsultaciya-astrologa.cf, 1
+konsultaciya-astrologa.ga, 1
+konsultaciya-astrologa.gq, 1
+konsultaciya-astrologa.ml, 1
+konsultaciya-astrologa.tk, 1
+konsultacje-elektryczne.pl, 1
+konsultation.nu, 1
+konsultermedipv6.se, 1
+kontabilitet.tk, 1
+kontaxis.org, 1
+kontenido.net, 1
+kontent.ai, 1
+kontikifinance.com, 0
+kontikiindustries.tk, 1
+kontist.com, 1
+kontorhaus-stralsund.de, 1
+kontracrew.tk, 1
+kontrapolis.info, 1
+kontrastonline.tk, 1
+kontrolapovinnosti.cz, 1
+kontur-buh.ru, 1
+kontur-extern.ru, 0
+kontur.tk, 1
+konturalco.ru, 1
+konus.tk, 1
+konventa.net, 1
+konwerter-online.pl, 1
+konyadireksiyonservisi.com, 1
+konyadireksiyontamiri.com, 1
+konyahaber.tk, 1
+konyalian.com, 1
+konyhaelektronika.hu, 1
+konzaross.tk, 1
+konzepttreu.de, 1
+konzertheld.de, 1
+kood13.com, 1
+koodaklife.com, 1
+koodimasin.ee, 1
+koodimasin.eu, 1
+kooer.org, 1
+koof.win, 1
+kooibeds.com, 0
+kooky.org, 1
+koolauwomenshealthcare.com, 1
+koole.eu, 1
+kooli.ee, 1
+koolikatsed.ee, 1
+koolisw.tk, 1
+koolitee.ee, 1
+kooliveeb.ee, 1
+koolkool.tk, 1
+koomaldreaming.com.au, 0
+kooner.io, 1
+koood13.com, 1
+koopdomeinnaam.nl, 1
+koophost.nl, 1
+kooplokaal.gent, 1
+koopmansamenwerking.nl, 1
+koopraoulu.ddns.net, 1
+koora-lives.tv, 1
+kooranaps.wa.edu.au, 1
+kooratalk.ga, 1
+koot.nl, 1
+koowde.nl, 1
+kooxdiving.com, 1
+koozal.de, 1
+kopany.tk, 1
+kopatych.tk, 1
+kopeechka.ml, 1
+koperry.com, 1
+kopeyka.cf, 1
+kopfgeld.tk, 1
+kopfkrieg.org, 0
+kopfsalat.eu, 0
+kopfschaschlik.de, 1
+kopieid.be, 1
+kopijosari.com, 1
+kopipasta.cf, 1
+kopisee.tk, 1
+kopitekno.com, 1
+kopjethee.nl, 0
+koplancpa.com, 1
+koplax-online.com, 1
+koppbilling.com, 1
+koppelvlak.net, 1
+kopretka.cz, 1
+kopsinc.com, 1
+koptev.ru, 1
+kopteva.ru, 1
+kopular.com, 1
+kopyandsonslandscaping.com, 1
+kopykatz.org, 0
+kor.ovh, 1
+kor1xbet.com, 1
+kora-go.tk, 1
+korabi.tk, 1
+korablino.tk, 1
+korancode.tk, 1
+koranseruya.com, 1
+korbel-loziska.cz, 1
+korben.info, 1
+kordamed.ee, 1
+kordamentha.com, 1
+kordamentha.com.au, 1
+kordut.tk, 1
+korea-1xbet.com, 1
+korea-dpr.org, 1
+korea-onlinecasino.com, 1
+korea1x-bet.com, 1
+koreabestood.ga, 1
+koreaboo.com, 1
+koreanfashion.tk, 1
+koreanhouse.tk, 1
+koreankiosk.ru, 1
+koreanland.ml, 1
+koreanpearls.tk, 1
+koreanrandom.com, 1
+koreanrandom.ru, 1
+koreantextil.com.br, 1
+koreanure.tk, 1
+koreashop24.com, 1
+koredia.com, 1
+koreisai.tech, 1
+koresageart.com, 1
+korespondent.tk, 1
+koretech.nl, 1
+korfbal.nl, 1
+korfballeague.nl, 1
+korfezemlak.com, 1
+korhonen.cc, 1
+korikart.com, 1
+korikart.net, 1
+korkortet.tk, 1
+korkortonline.se, 1
+korn-klan.tk, 1
+korofilms.com, 1
+koroleva.ml, 1
+korolevstvo-movie.ml, 1
+koroli.tk, 1
+korona-m.bg, 1
+korona-m.eu, 1
+korona-serial.net, 1
+koroshkabir.tk, 1
+korrelzout.nl, 1
+korsordsvar.com, 1
+korst.tk, 1
+korstanjebouw.nl, 1
+korstanjetimmerwerken.nl, 1
+kortarsmagyarfesto.tk, 1
+kortgebyr.dk, 1
+korund.tk, 1
+kos4all.com, 1
+kos9078.com, 1
+kosaki.moe, 1
+kosara.bg, 1
+kosato.co.jp, 1
+koscielniak-nieruchomosci.pl, 1
+kose.edu.ee, 1
+koseven.ga, 1
+kosgebkredisi.com, 1
+koshakovo.ga, 1
+koshaq.net, 1
+koshechka.tk, 1
+koshercutleryers.ga, 1
+koshercutleryest.ga, 1
+koshereducationers.ga, 1
+koshereducationest.ga, 1
+kosherfoodreviews.com, 1
+kosherjava.com, 1
+kosherlunchers.ga, 1
+kosherlunchest.ga, 1
+koshkonongwi.gov, 1
+koshturada.by, 1
+koshvolt.com, 1
+kosinc.org, 1
+kosmetykifm.pl, 1
+kosmonavt.tk, 1
+kosmopoisk-orel.tk, 1
+kosmoprolet.tk, 1
+kosmosfestival.tk, 1
+kosmosjournal.org, 1
+kosmosol.it, 1
+kosmosradio.tk, 1
+koso.me, 1
+kosovitolinks.tk, 1
+kosovo.gq, 1
+kost-magazin.de, 1
+kostarikanamiru.cz, 1
+kostavro.eu, 1
+kostecka.org, 1
+kostecki.com, 1
+kostecki.org, 1
+kostecki.tel, 1
+kostenloses-forum.tk, 1
+kosterenpartners.com, 1
+kostlyn.com, 1
+kostroma-city.tk, 1
+kostroma.cf, 1
+kostroma.gq, 1
+kostroma.ml, 1
+kostroma.tk, 1
+kostube.tk, 1
+kostya.ws, 1
+kostyumi.tk, 1
+kosupayoi.com, 1
+kosuzu.moe, 1
+koszmetics.com, 1
+kotaartsklan.com, 1
+kotaev.tk, 1
+kotajakarta.info, 1
+kotak.us, 1
+kotakanimeid.com, 1
+kotakoo.id, 1
+kotaku.com, 1
+kotaraanglican.org.au, 1
+kotatgent.be, 1
+kother.org, 1
+kotilinkki.fi, 1
+kotisivukone.fi, 1
+kotka.ml, 1
+kotlinfactory.io, 1
+kotly-marten.com.ua, 1
+kotmale.com, 1
+kotobox.net, 1
+kotobuki-healing.com, 1
+kotoishihear.tk, 1
+kotok.tk, 1
+kotomei.moe, 1
+kotonoha.cafe, 1
+kotonozaka.xyz, 1
+kotoopros.tk, 1
+kotori.love, 1
+kotori.style, 1
+kotorimusic.ga, 1
+kottbulle.net, 1
+kotthaus-bs.de, 1
+kottur.is, 1
+kotuwa.tk, 1
+kotydomowe.com, 1
+kouberacing.com.br, 1
+koubova.net, 1
+kougeihin.jp, 1
+koujiao.ml, 1
+koujiao.net, 1
+koujo-soukohonpo.com, 1
+koumakan.cc, 1
+kourin.cf, 1
+koushinjo.org, 1
+kouwenhoven.xyz, 1
+kov.space, 1
+kovachica.tk, 1
+kovacia.com, 1
+koval.io, 1
+kovaldo.ru, 1
+kovered.net, 1
+kovnsk.net, 1
+kovrik-tm.com.ua, 1
+kovspace.com, 1
+kovu.es, 1
+kovuthehusky.com, 1
+kowalmik.tk, 1
+kowalski7.cc, 1
+kowalski7cc.xyz, 1
+kowalstwo.com.pl, 1
+kowarschick.de, 1
+kowas.net, 1
+kowu.ru, 1
+koyaanisqatsi.tk, 1
+koyo.kr, 1
+koyou-nara.com, 1
+kozackibazar.pl, 1
+kozak.cloud, 1
+kozakmateusz.ovh, 1
+kozamac.com, 1
+kozansa.net, 1
+kozarac.tk, 1
+kozbox.com, 1
+kozentic.com, 1
+kozgi.com, 1
+kozhzamenitely.tk, 1
+kozitsyn.name, 1
+kozlekedes.info, 1
+kozlov.cf, 1
+kozmetikatrend.hu, 1
+kozmetikus.tk, 1
+kozuch.biz, 1
+kozuna.it, 1
+kozune.com, 1
+kp-opt.ru, 1
+kp-walsh.com, 1
+kp0808.cc, 1
+kp0809.com, 1
+kp45.ru, 1
+kpfanworld.com, 1
+kpinterface.com, 1
+kpinvest.eu, 1
+kpizlog.rs, 1
+kplastics.in, 1
+kplasticsurgery.com, 1
+kplnet.net, 1
+kpmgccc.co.nz, 0
+kpmgclientcollab.co.nz, 0
+kpntdolive.nl, 1
+kpnthings.com, 1
+kpo.fi, 1
+kpop.re, 1
+kpop.ro, 1
+kpopsource.com, 1
+kppnmataram.com, 1
+kprem.com, 1
+kprf-school74.tk, 1
+kproferm.com, 1
+kpumuk.info, 1
+kpx1.de, 1
+kqh.me, 1
+kqrm.co.jp, 1
+kr-beratungscoach.de, 1
+kr-labs.com.ua, 1
+kr.cm, 1
+kr.search.yahoo.com, 0
+kr0n.dk, 1
+kra.ee, 0
+kra2laiz.eu, 1
+kraakgeluiden.tk, 1
+krabathor.tk, 1
+krabbelsisters.tk, 1
+krabbit.tw, 1
+krachbumm.de, 1
+krachtinverbinding.nl, 1
+krafciarka.pl, 1
+kraft.blog, 1
+kraft.im, 1
+kraft.lol, 1
+kraftek.cf, 1
+kraftfahrtversicherungen24.de, 1
+kraftway.ru, 1
+kraftzeiten.de, 1
+krag.be, 1
+kraga.sk, 1
+krakato.tk, 1
+kraken-ttt.com, 1
+kraken.com, 1
+kraken.io, 0
+krakenfutures.com, 1
+krakenrobotik.de, 1
+krakenventures.com, 1
+krakozyabra.ga, 1
+krakozyabra.gq, 1
+krakozyabra.tk, 1
+kralenparadijs.tk, 1
+kralik.io, 1
+kralovskapradelna.cz, 1
+kram.nz, 1
+kram.tec.br, 1
+kramer-edelstahl.de, 1
+kramersworld.tk, 1
+kramesondemand.com, 1
+kramsj.uk, 1
+kran.ga, 1
+krang.org.uk, 1
+kranjnakolo.ml, 1
+krankenpflege-haushaltshilfe.de, 1
+krankenpflege.ch, 1
+kranservice-alzey.tk, 1
+krapiva.tk, 1
+krasa.at, 1
+krasa.au, 1
+krasa.com.au, 1
+krasa.tk, 1
+krasavchik.by, 1
+kraski.tk, 1
+krasnaya-nit.ga, 1
+krasnodar-pravoved.ru, 1
+krasnodar.one, 1
+krasnodar24.tk, 1
+krasnodarkrai.tk, 1
+krasnoyarsk-24.tk, 1
+krasnoyarsk24.tk, 1
+krasotkafirm.tk, 1
+krasotki.ml, 1
+kratochvilovi.net, 1
+krauseent.com, 0
+krautomat.com, 1
+kraynik.com, 1
+kraz.tk, 1
+krazykastles.co.uk, 1
+krazykoolkastles.com, 1
+krazyphotobooths.co.uk, 1
+krbzh.ch, 1
+krc.link, 1
+krch.tk, 1
+krd93.ru, 1
+kreanoid-clientportal-aus-dev.azurewebsites.net, 1
+kreanoredact-portal-aus-dev.azurewebsites.net, 1
+kreasim32.co.id, 1
+kreationnext.com, 1
+kreativbande.com, 1
+kreativelabs.ch, 0
+kreativenerds.com.ng, 1
+kreativklinik.at, 1
+kreativoweb.tk, 1
+kreativstrecke.de, 1
+kreatura.tk, 1
+kreatywni.co, 1
+kredi-hesaplama.com, 1
+kredibanka.net, 1
+kredigram.com, 1
+kredit-abzocke.com, 1
+kredit-galerie.de, 1
+kredit-kenntnis.de, 1
+kredit-mit-negativer-schufa.com, 1
+kredit-negative-schufa.de, 1
+kredit-ohne-schufa.de, 1
+kredit-schule.de, 1
+kredit-zeit.de, 1
+kredit24.de, 1
+kredita.dk, 1
+kreditkarta.ml, 1
+kreditkarten-forum.de, 1
+kreditkoll.nu, 1
+kredito.pt, 1
+kreditonline.ml, 1
+kreditor.gq, 1
+kreditovnet.tk, 1
+kreditsystem.net, 1
+kreditvergleich.org, 1
+kreditzirkus.de, 1
+krednal.ru, 1
+kredobank.com.ua, 1
+kredytzen.pl, 0
+kreen.org, 1
+krefindo.de, 1
+kreft.tk, 1
+kreftprzewieda.pl, 1
+krehak.com, 1
+kreideseetaucher.de, 1
+kreidl.org, 0
+kreidlernet.tk, 1
+kreiglaw.com, 1
+kreisau.com, 1
+krelln.net, 1
+kremalicious.com, 1
+kremer-sonnenschutzsysteme.de, 1
+kremi.org, 0
+kreno.tech, 1
+krenstetter.at, 1
+kreolis.net, 1
+krepmarket.ru, 1
+kresimir-blazevic.tk, 1
+krestanskydarek.cz, 1
+kretaforum.dk, 1
+kretschmann.consulting, 1
+kretschmann.it, 1
+kreuzbergflieger.de, 1
+kreuzpfadfinder.de, 1
+kreuzwortraetsellosungen.com, 1
+kreweofneptune.org, 1
+krey.is, 1
+kreyolgym.fr, 1
+krezimizik.com, 1
+kridtvejsplanter.dk, 1
+kriechel.de, 1
+kriegserinnerungen.tk, 1
+kriegskindernothilfe.de, 1
+kriener.photography, 1
+kriis.ee, 0
+krik.rs, 1
+krillz.se, 1
+krilotek.com, 1
+krilov.tk, 1
+krimikiosk.de, 1
+krimisound.com, 1
+krimisound.it, 1
+krimzeta.com, 1
+krinetzki.de, 0
+kringla.xyz, 1
+kringloopwinkels.tk, 1
+krinnovations.ie, 1
+kripa.tk, 1
+kriptodede.com, 1
+kriptokereso.com, 0
+kriptokoin.com, 1
+kriptomat.io, 1
+kriptopod.com, 1
+kriptopodgon.tk, 1
+kriptosec.com, 1
+krisboeckmans.tk, 1
+krise-chance.ch, 1
+krisenintervention-deutschland.de, 1
+kriseninterventiondeutschland.de, 1
+krisftp.fr, 1
+krishin.tk, 1
+krishnakalisaha.com, 1
+krishnendu.com, 1
+krishnenduayur.org, 1
+krishofer.com, 1
+kriskonaturopathic.com, 1
+kriskras99.nl, 1
+krismurray.co.uk, 1
+krisp.ai, 1
+krispeinture.be, 1
+krispymods.com, 1
+krisstarkey.co.uk, 1
+krist.club, 1
+kristall-energie.at, 0
+kristall.tk, 1
+kristall.xyz, 1
+kristenpaigejohnson.com, 1
+kristiehill.com, 1
+kristina-lari.ru, 1
+kristineskitchenblog.com, 1
+kristjanrang.eu, 0
+kristofba.ch, 1
+kristofdv.be, 0
+kristoffer.is, 1
+kriston.tk, 1
+kristv.com, 1
+kristymiley.com, 1
+kristyvonkashyyyk.net, 1
+kriswauters.tk, 1
+kritik.com.br, 1
+kriyayoga.fr, 1
+kriyayoga.mx, 1
+krizevci.info, 1
+krizialim.tk, 1
+krk-gaming.de, 0
+krmela.com, 1
+krmeni.cz, 0
+kroati.de, 1
+kroczynski.net, 1
+kroell.net, 1
+kroenland.at, 1
+kroenland.com, 1
+kroenland.design, 1
+kroglice.si, 1
+krok.gq, 1
+krokedil.se, 1
+kroldata.com, 1
+kroliczki.tk, 1
+kroll.tk, 1
+kromamoveis.com.br, 1
+kromati.co, 1
+kromberg.tk, 1
+kromciri.gq, 1
+krome.sg, 1
+kromonos.net, 1
+kromozottrud.hu, 1
+kroms.org, 1
+krona.ddns.net, 1
+kronanshopping.se, 1
+kroneaustralia.com.au, 1
+kronengruppe.de, 1
+kronofogden.se, 1
+kronopolo.com, 1
+kronosproject.tk, 1
+kronospsi.es, 1
+krony.de, 1
+kronych.cz, 1
+kroo.com, 1
+kroon.email, 1
+kroonika.ee, 1
+kropkait.pl, 1
+krosovki-nike.tk, 1
+krossakorven.tk, 1
+krossvordy.com, 1
+krouzkyliduska.cz, 0
+krovat.ru, 1
+krovatka.tk, 1
+krovlya911.ru, 1
+krozilla.tk, 1
+krpaforum.org, 1
+krsaustralia.com.au, 1
+krsvrs.nl, 1
+krti.com.ua, 1
+krtl.eu.org, 1
+krtl.top, 1
+krubik.tk, 1
+kruchefssensors.azurewebsites.net, 1
+kruchheartbeatdev.azurewebsites.net, 1
+kruchsensorsdev.azurewebsites.net, 0
+krudel.tk, 1
+kruemelundkruemel.de, 1
+krug-munroe.wedding, 1
+krugerengelbrecht.co.za, 1
+krugermillions.org, 1
+krugernationalpark.org.za, 1
+krugersdorpplumber24-7.co.za, 1
+krugoval.hr, 0
+krugson.net, 1
+kruidenboeket.be, 1
+kruin.net, 1
+kruindy.com, 1
+kruis.tk, 1
+kruisselbrink.com, 1
+kruk.co, 1
+krukaze.tk, 1
+krumovgrad.eu, 1
+krumpf.de, 0
+kruno.ooo, 1
+krup.com.ua, 1
+krupa.net.pl, 0
+krusesec.com, 1
+krusic22.com, 1
+krustyland.net, 1
+krutilka.ga, 1
+krutka.cz, 1
+kruu.de, 1
+kruvesh.tk, 1
+krx1bet.com, 1
+kry.no, 1
+kry.se, 1
+krymp.no, 1
+kryolansaudi.com, 1
+krypmonet.com, 1
+krypsys.com, 1
+krypt.com, 1
+kryptera.se, 1
+krypterz.com, 1
+kryptix.eu, 1
+kryptix.net, 1
+krypto-webdesign.de, 1
+kryptoforce.com, 1
+kryptologie.tk, 1
+kryptomech.com, 1
+kryptomodkingz.com, 1
+kryptonowosci.pl, 1
+kryptorebels.com, 1
+kryptosekken.no, 1
+kryptux.xyz, 1
+kryshodel.ml, 1
+krystal-framework.ml, 1
+krystalrsimpson.com, 0
+krytykawszystkiego.com, 1
+krytykawszystkiego.pl, 1
+krzeslaonline.pl, 1
+ks-19.com, 1
+ks-39.com, 1
+ks-59.com, 1
+ks-79.com, 1
+ks-89.com, 1
+ks-niceman.tk, 1
+ks-watch.de, 1
+ks.kr.ua, 1
+ks0098.com, 1
+ks015.com, 1
+ks017.com, 1
+ks0318.com, 1
+ks038.com, 1
+ks058.com, 1
+ks0618.com, 1
+ks0660.com, 1
+ks068.com, 0
+ks0877.com, 1
+ks0886.com, 1
+ks0888.com, 1
+ks0977.com, 1
+ks0990.com, 1
+ks16.net, 1
+ks168158.net, 1
+ks17.net, 1
+ks18.cc, 1
+ks182.com, 1
+ks1athome.co.uk, 1
+ks202.com, 1
+ks2020.vip, 1
+ks206.com, 1
+ks208.com, 1
+ks2235.com, 1
+ks298.com, 1
+ks299.com, 1
+ks299.net, 0
+ks330.com, 1
+ks335.com, 1
+ks337.com, 1
+ks337.net, 1
+ks339.com, 1
+ks35.cc, 0
+ks3533.com, 1
+ks3536.com, 1
+ks3636.com, 1
+ks3737.com, 1
+ks380.com, 1
+ks381.com, 1
+ks386.com, 1
+ks3888.com, 1
+ks5000.com, 1
+ks515.com, 1
+ks516.com, 1
+ks549.com, 1
+ks5525.com, 1
+ks5528.com, 1
+ks5529.com, 1
+ks5531.com, 1
+ks5532.com, 1
+ks5822.com, 1
+ks5888.com, 1
+ks5888.net, 1
+ks597.com, 1
+ks6225.com, 1
+ks637.com, 1
+ks6522.com, 1
+ks6535.com, 1
+ks657.com, 1
+ks6600.com, 1
+ks668.com, 1
+ks6687.com, 1
+ks680.com, 1
+ks6887.com, 1
+ks79.app, 1
+ks8.net, 1
+ks8112.com, 1
+ks8113.com, 1
+ks8115.com, 0
+ks8128.com, 1
+ks8129.com, 1
+ks8135.com, 1
+ks8152.com, 1
+ks8176.com, 1
+ks8177.com, 1
+ks8211.com, 1
+ks8218.com, 1
+ks8225.com, 1
+ks8265.com, 1
+ks8266.com, 1
+ks8278.com, 1
+ks8802.com, 1
+ks8805.com, 1
+ks8831.com, 1
+ks8836.com, 1
+ks8862.com, 1
+ks8883.com, 0
+ks8886.com, 1
+ks8915.com, 1
+ks9122.com, 1
+ks920.com, 0
+ks960.com, 1
+ks9696.com, 1
+ks9888.com, 0
+ks99.app, 1
+ksa-lawfirm.com, 1
+ksa.mx, 1
+ksa511.com, 1
+ksabconline.gov, 1
+ksamaps.com, 1
+ksar.tk, 1
+ksato.fr, 0
+ksauhs-med.com, 1
+ksbkrasnodar.ru, 1
+kscarlett.com, 1
+kscds.gov, 1
+kschool.co.in, 1
+ksdot.gov, 1
+kselenia.ee, 1
+kselien.gov, 1
+ksem.tk, 1
+kseniya.tk, 1
+kseniyakoroleva.tk, 1
+ksenomorf.tk, 1
+ksero.info, 1
+ksero.wroclaw.pl, 0
+kserownia.eu, 1
+ksexec.gov, 1
+ksg.edu.ee, 1
+ksgamerz.ga, 1
+kshb.com, 1
+kshlm.in, 1
+kshop.gr, 1
+kshpage.in, 1
+ksiegarniabk.pl, 1
+ksiegowosc.pro, 1
+ksk-raduga.tk, 1
+ksm.co.in, 1
+ksnl.net, 1
+ksoc.com, 0
+ksoftware.tk, 1
+ksopp.si, 1
+ksp-spb.com, 0
+kspndanautoba.id, 1
+ksrevenue.gov, 1
+ksrv.jp, 1
+kss.com.au, 1
+ksst.by, 1
+ksstille.de, 1
+kst-dlvr.tk, 1
+kst-service.tk, 1
+kstdlvr.by, 1
+kstitleers.ga, 1
+kstitleest.ga, 1
+kstr.us, 1
+kstservice.by, 1
+ksu.kz, 1
+ksukelife.com, 1
+ksuu.loan, 1
+ksv-friesland.nl, 1
+ksvehicles.gov, 1
+ksvip02.com, 1
+ksvip09.com, 1
+ksvoterinfo.gov, 1
+ksw.hr, 1
+kswebtags.gov, 1
+kswork.life, 1
+kt-events.de, 1
+kt-motors.com, 1
+kt-studio.com.ua, 0
+kt.tc, 1
+kt3i.com, 1
+ktateeb.com, 1
+ktbuniversity.com, 1
+kteatras.tk, 1
+ktgy.com, 1
+kthnxbai.xyz, 1
+ktk-pc.de, 1
+ktm-troxler.de, 1
+ktnv.com, 1
+ktty.net, 1
+ktube.yt, 1
+ktuluweb.tk, 1
+ktupad.web.id, 1
+ktw.lv, 0
+ku-7.club, 1
+ku-niederwinkling.de, 1
+ku.ag, 1
+kua.com, 0
+kuaforumden.com, 1
+kuairead.com, 0
+kuaishou.cf, 1
+kuaitiyu.org, 1
+kuaiyaojing.com, 1
+kuaiyun.com, 1
+kualo.co.uk, 1
+kualo.com, 1
+kualo.in, 1
+kuba-erlebnisreisen.de, 1
+kuba-orlik.name, 1
+kubabrussel.be, 1
+kubalok.de, 1
+kubanitoscali.com, 1
+kubeofficebooth.com, 1
+kuberkaitseliit.ee, 1
+kuberm.com, 1
+kubern.at, 1
+kubevocalbooth.com, 1
+kubica.ch, 1
+kubierecki.pl, 1
+kubik-rubik.de, 1
+kubit.ai, 1
+kubit.co, 1
+kubit.us, 1
+kubkprf.ru, 1
+kublis.ch, 1
+kubmeta.com, 1
+kubnews.ru, 1
+kubopro.com, 1
+kubopro.cyou, 1
+kubota.co.nz, 1
+kubota.com.au, 1
+kubotapower.com.au, 1
+kubotek3d.com, 1
+kubrakov.ml, 1
+kubrick.tk, 1
+kubritalk.com, 1
+kubusadvocaten.nl, 1
+kuchen-am-stiel.de, 1
+kuchugury.ru, 1
+kucnibudzet.com, 1
+kucukayvaz.com, 0
+kucukcekmececilingir.gen.tr, 1
+kucukkaymakli.tk, 1
+kudelskisecurity.com, 1
+kudetours.co.za, 1
+kudinilam.tk, 1
+kuditel.net, 1
+kudofoto.com, 1
+kudoran.tk, 1
+kudoway.com, 1
+kuechler.info, 1
+kuehndel.org, 1
+kuehnel-online.eu, 1
+kuemmling.eu, 1
+kuenstler-website.de, 1
+kuepper.tk, 1
+kueri.tech, 1
+kuestensiegel.de, 1
+kugelblitz.co, 1
+kuhakukawa.ml, 1
+kuhio.net, 1
+kuhlecloud.co.za, 1
+kuhn-elektrotechnik.de, 1
+kuhne-electronic.de, 1
+kuhnerts.eu, 1
+kuinin.tk, 1
+kuisus.com, 1
+kuitunenguthrie.tk, 1
+kujalichildrenscentre.or.ke, 1
+kukaidh.com, 0
+kukal.cz, 1
+kukeri-karlovo.tk, 1
+kuketz-blog.de, 1
+kuketz-security.de, 1
+kukiulpindo.com, 1
+kukla.club, 1
+kukla.io, 1
+kuko-crews.org, 1
+kukuku.fun, 1
+kukuma.tk, 1
+kukutza.tk, 1
+kul.ee, 0
+kulakov.cf, 1
+kulakov.tk, 1
+kulde.net, 1
+kuldeepg.tk, 1
+kuliahbahasainggris.com, 1
+kuliahwisatahati.com, 1
+kulikov.tk, 1
+kulinarika.net, 1
+kulinaristi.fi, 1
+kulinariya.tk, 1
+kulivps.com, 1
+kulshe.com, 1
+kultamuseo.net, 1
+kultham.ml, 1
+kulthist.tk, 1
+kultmobil.se, 1
+kultur-werkstatt-wulfen.tk, 1
+kultur1.se, 1
+kulturbanause.de, 1
+kulturbiljetter.se, 1
+kulturistika.tk, 1
+kulturmel.ch, 1
+kultus-mv.de, 1
+kuma-it.de, 1
+kumacdn.club, 1
+kumalog.com, 1
+kumanovo.tk, 1
+kumaraguruparan.tk, 1
+kumi.website, 1
+kumilasvegas.com, 1
+kumina.nl, 1
+kumiskiri.com, 1
+kumo.tk, 1
+kumoricon.org, 1
+kumpali.com, 1
+kumpula.tk, 1
+kumu.live, 1
+kumuwiki.de, 1
+kunadomowa.pl, 1
+kunaki.com, 1
+kunalchakate.tk, 1
+kunaldesai.blog, 1
+kunashir.tk, 1
+kuncrypto.com, 1
+kunda.ovh, 1
+kundenerreichen.com, 1
+kundenerreichen.de, 1
+kundenvertrag.de, 1
+kundesjekk.no, 1
+kundo.se, 1
+kungfudirect.com, 1
+kungsangen.com, 0
+kungsangsgymnasiet.se, 1
+kunitomo.jp, 1
+kunnen.tech, 1
+kunri.tk, 1
+kunsanfss.com, 1
+kunst-im-kokon.de, 1
+kunst-na-arbeid.tk, 1
+kunstcentraal.nl, 0
+kunstdrucke-textildruck.de, 1
+kunsten.be, 1
+kunstenkracht1919.tk, 1
+kunsthandel-augustus-rex.de, 1
+kunstmuseum-moritzburg.de, 1
+kunstundkulturradioschoepfwerk.tk, 1
+kunstundunrat.de, 1
+kunugi-inc.com, 1
+kunze-medien.de, 0
+kuoruan.com, 1
+kuotiva.com, 1
+kup-sluzbu.cz, 1
+kupaa.ink, 1
+kupferschmids.ch, 1
+kupferstichshop.com, 1
+kupi-ceresit.ru, 1
+kupid.com, 1
+kupidon-rt.ru, 1
+kupil.ru, 1
+kupinska.pl, 1
+kupipled.cf, 1
+kupislivki.tk, 1
+kupitmtz.gq, 1
+kupitnedorogo.com, 0
+kupitraktor.gq, 1
+kupittraktormtz.gq, 1
+kupka.tech, 1
+kupkabn.de, 1
+kupleno.com, 1
+kuplukover.by, 1
+kupoholik.rs, 1
+kupon-proxy6.ru, 1
+kupone.com.br, 1
+kuponmail.tk, 1
+kuponydoher.cz, 1
+kuppingercole.com, 1
+kupriy-coach.ru, 1
+kupschke.net, 1
+kupsluzbu.cz, 1
+kupu.maori.nz, 1
+kupujemprodajem.com, 1
+kura.gg, 1
+kurafuto.homeip.net, 1
+kuralink.se, 1
+kuralreklam.com, 1
+kurani.tk, 1
+kuraraynoritake.eu, 1
+kurashino-mall.com, 1
+kurd-yogurt.tk, 1
+kurdigrafya.com, 1
+kurdinfo.tk, 1
+kurdishcommunityofottawa.tk, 1
+kurdishphotography.tk, 1
+kurdjokes.tk, 1
+kurenivka.tk, 1
+kurer-sreda.ru, 1
+kuretru.com, 1
+kurgan-city.tk, 1
+kurgan.cf, 1
+kurgancity.cf, 1
+kurido-anime.tk, 1
+kurierwilenski.lt, 1
+kurirplus.tk, 1
+kuritsa.tk, 1
+kurnia.tk, 1
+kurniadwin.to, 1
+kuroha.co.uk, 1
+kuroinu.jp, 1
+kuroisalva.xyz, 0
+kuroit.com, 1
+kurona.ga, 1
+kuronarupolyphenol.jp, 1
+kuronekogaro.com, 1
+kuropatina.tk, 1
+kurosawa-yakkyoku.com, 1
+kurrende.nrw, 0
+kurs-dron.pl, 1
+kurs-elektryka.pl, 1
+kurs-fotowoltaika.pl, 1
+kurserne.dk, 1
+kursk-otoplenie.ru, 1
+kursk.cf, 1
+kurssertifikasi.com, 1
+kurswahl-online.de, 1
+kursy-sep.com.pl, 1
+kursyjezykowelublin.pl, 1
+kursypolska.pl, 1
+kurszielnull.de, 1
+kurt-und-herma-roemer-stiftung.de, 1
+kurtdeutscher.com, 1
+kurtisfranklin.com, 1
+kurtki-moda.tk, 1
+kurtlarvadisi-pusu-1.tk, 1
+kurtneuweiler.com, 1
+kurtosys.com, 1
+kurtschlatzer.com, 1
+kurtschleinbeck.com, 1
+kurumsalseo.com.tr, 1
+kurungkurawal.id, 1
+kuruppa.xyz, 1
+kuruwi.net, 1
+kurz.pw, 1
+kurzly.de, 1
+kurztrip-fuer-verliebte.de, 0
+kurzurlaub.tk, 1
+kusadasiescmagazin.tk, 1
+kusadasihaber.ga, 1
+kusadasihaber.tk, 1
+kusasa.biz, 1
+kuscheln.com, 1
+kuschku.de, 1
+kuscu.de, 1
+kushner-cpa.co.il, 1
+kushwanthreddy.in, 1
+kuslink.tk, 1
+kusmuhendisi.com, 1
+kusochi.eu, 1
+kustarnik.tk, 1
+kustod.io, 1
+kustom-kitchens.com, 1
+kustomcorner.com.au, 1
+kustomer.com, 1
+kustosija.tk, 1
+kustus.com.br, 1
+kustvissen.tk, 1
+kusunokitomori.com, 1
+kutahyaciniyapitasarim.com.tr, 1
+kutaisi.it, 1
+kutalek.cz, 1
+kutalin.com, 1
+kutekeiki.com, 1
+kuti.hu, 1
+kutinsoft.com, 1
+kutombawewe.net, 1
+kutsankaplan.com, 1
+kuttler.eu, 1
+kutvonen.net, 1
+kutyabarathelyek.hu, 1
+kutyamacskashop.hu, 1
+kuudere.moe, 1
+kuukkanen.net, 1
+kuunlamaailm.ee, 1
+kuwago.io, 1
+kuwaitmegadeals.com, 1
+kuwichitagastro.com, 1
+kuwichitaim.com, 1
+kuzbass-pwl.ru, 1
+kuzelky-cb.cz, 1
+kuzeyegehaber.com, 1
+kuzh.me, 1
+kuzh.tk, 1
+kuzik.tk, 1
+kuzinea.tk, 1
+kuzmik.net, 1
+kuzmik.org, 1
+kuzmiks.com, 1
+kuznica.tk, 1
+kuzov-plus.tk, 1
+kuzovkin.ml, 1
+kv-genebos.tk, 1
+kvadratnimeter.si, 1
+kvadru.cz, 1
+kvalhe.im, 1
+kvalita-1a.cz, 0
+kvalitetsaktiepodden.se, 1
+kvalitetskatalog.tk, 1
+kvarta.tk, 1
+kvartira-grad.tk, 1
+kvartiragrad.tk, 1
+kvasta.se, 1
+kvdb.io, 1
+kvdekolk.tk, 1
+kvest-v-moskve.ga, 1
+kvestiks.ru, 1
+kvetinymilt.cz, 1
+kvetinyumarkety.cz, 1
+kvetuvplotu.cz, 1
+kvhile.com, 1
+kvhv-brussel.be, 1
+kvilt.dk, 1
+kviskoteka.tk, 1
+kvitlyr.tk, 1
+kvm.ovh, 1
+kvmcloud.net, 0
+kvn.tf, 1
+kvnsport.ru, 1
+kvrapi.com, 1
+kvrwines.com, 1
+kvs-demo.com, 1
+kvso.tk, 1
+kvspannum.tk, 1
+kvsplayer.com, 1
+kvsrot.cz, 1
+kvt.berlin, 0
+kw.gt, 1
+kwadraadtevredenheid.nl, 1
+kwakkelglas.nl, 0
+kwalifikacje.gov.pl, 1
+kwc.gov, 1
+kwcolville.com, 1
+kweb.ml, 1
+kwedo.com, 1
+kwench.com, 1
+kwieben.com, 1
+kwik.cx, 1
+kwikmed.eu, 0
+kwjx2.ga, 1
+kwl.com.au, 1
+kwnet.info, 1
+kwoll.de, 0
+kwonghei.net, 1
+kwonjiyong.cn, 1
+kwork-garand.tk, 1
+kwx.gg, 1
+kwyxz.org, 1
+kxah35.com, 1
+kxbot.ru, 1
+kxc.inc, 1
+kxnrl.com, 1
+kxxv.com, 1
+ky.rs, 1
+kyaba-kura.jp, 1
+kyahimt.gov, 1
+kyango.com, 1
+kyanjames.com, 1
+kyaru.net, 1
+kyau.net, 1
+kyaulabs.com, 1
+kybalion.info.pl, 1
+kyberna.xyz, 1
+kybi.sk, 1
+kycisrael.com, 1
+kydara.com, 1
+kyfiat.com, 1
+kyj250.com, 1
+kyj322.com, 1
+kyj33.com, 1
+kyj4.com, 1
+kyj44.com, 1
+kyj511.com, 1
+kyj522.com, 1
+kyj544.com, 1
+kyj55.com, 1
+kyj56.com, 1
+kyj57.com, 1
+kyj577.com, 1
+kyj59.com, 1
+kyj599.com, 1
+kyj622.com, 1
+kyj633.com, 1
+kyj644.com, 1
+kyj65.com, 1
+kyj655.com, 1
+kyj67.com, 1
+kyj677.com, 1
+kyj76.com, 1
+kyke.tech, 1
+kylacoin.com, 1
+kylacoin.eu.org, 1
+kylby.com, 1
+kyle-s.com, 1
+kyle.place, 0
+kylebaldw.in, 0
+kyledgoodwin.com, 1
+kyleggiero.me, 1
+kylegislature.gov, 1
+kylegough.co.uk, 1
+kylegutschow.com, 1
+kylehaka.la, 1
+kylehakala.com, 1
+kylelaker.com, 1
+kylelovell.com, 1
+kylepet.co, 1
+kylewentworth.com, 1
+kylianvermeulen.com, 0
+kylianvermeulen.nl, 1
+kylie-pomada.tk, 1
+kylinj.com, 0
+kylinseating.in, 1
+kylvaja.fi, 1
+kymcojp.com, 1
+kymta.com, 1
+kyn.be, 1
+kynaston.org.uk, 1
+kynastonwedding.co.uk, 1
+kyncostyle.com, 1
+kynd.com.au, 0
+kyne.cn, 1
+kyne.wang, 1
+kynect.gov, 1
+kynjatshai.com, 1
+kyobostory-events.com, 1
+kyobusiness.com, 1
+kyochon.fr, 1
+kyoox.ch, 1
+kyoox.io, 1
+kyorei.or.jp, 1
+kyosaku.org, 1
+kyoto-sake.net, 1
+kyoto-sowa.co.jp, 1
+kyoto-tomoshibi.jp, 1
+kyrabanx.org, 1
+kyrgizion.tk, 1
+kyrjy.com, 1
+kyrylych.tk, 1
+kysepticservice.com, 1
+kysil.org, 1
+kytkintienautomaalaamo.fi, 1
+kyujin-office.net, 1
+kyunyuki.com, 1
+kyusyu.org, 1
+kyvosinsights.com, 1
+kyzyl-senir.ml, 1
+kz.search.yahoo.com, 0
+kzar.co.uk, 1
+kzforce.tk, 1
+kzsdabas.hu, 1
+kztv10.com, 1
+l-a-b-a.com, 1
+l-a-b-a.ru, 1
+l-atelier-c.com, 1
+l-i-r.tk, 1
+l-ink.eu.org, 1
+l-lab.org, 1
+l-poya.ch, 1
+l.td, 1
+l.tt, 1
+l0re.com, 1
+l17r.eu, 1
+l2.ai, 1
+l214.com, 1
+l2dragonland.tk, 1
+l2guru.ru, 1
+l2kl.com, 1
+l2news.ga, 1
+l2relax.ml, 1
+l2support.tk, 1
+l33roy.com, 1
+l33te.net, 1
+l36533.com, 1
+l4s.me, 1
+l51365.com, 0
+l5197.co, 1
+l6729.co, 1
+l6729.com, 1
+l6957.co, 1
+l7plumbing.com.au, 1
+l7world.com, 1
+l82365.com, 1
+l8x.tech, 1
+l9.fr, 1
+l9297.co, 1
+l9397.com, 1
+l9721.com, 0
+l9728.co, 1
+la-baldosa.fr, 0
+la-bonne-cuisine.fr, 1
+la-boutique-langlois.fr, 1
+la-casa.tk, 1
+la-com.org, 1
+la-compagnie-des-elfes.fr, 1
+la-fenice-neheim.de, 1
+la-france-ressuscitee.fr, 1
+la-grande-jaugue.fr, 1
+la-kaz-a-velo.fr, 1
+la-laitonnerie.com, 1
+la-maison-neuve.com, 1
+la-paco.tk, 1
+la-petite-entreprise.com, 1
+la-petite-epicerie.fr, 1
+la-ruche.net, 1
+la-sc.com, 1
+la-tourmaline.ch, 1
+la-verite.tk, 1
+la-ville-aux-dames-auto-ecole.com, 1
+la-vraie-histoire.fr, 1
+laa.gov.ly, 1
+laab.gv.at, 1
+laac.io, 1
+laagenciaespacial.com, 1
+laakevahinko.fi, 1
+laanius.dk, 1
+laarroceriacolombiana.com, 1
+laassari.me, 0
+laatikko.io, 1
+laatjeniethackmaken.nl, 1
+lab-advancedservicesportal.com, 1
+lab-oborud.com, 1
+lab-recherche-environnement.org, 1
+laba.ua, 1
+labacanisima.tk, 1
+labadusa.com, 1
+labambi.pl, 1
+labandadeases.es, 1
+labandadelamente.tk, 1
+labandadelexpreso.tk, 1
+labande-annonce.fr, 1
+labanochjonas.se, 1
+labanskoller.se, 1
+labanskollermark.se, 1
+labassist.lt, 1
+labaugmbh.de, 1
+labayru.eus, 1
+labcenter.com, 1
+labcoat.jp, 1
+label-octopus.org, 1
+labeled.vn, 1
+labelfactory.nl, 1
+labels.co.ke, 1
+labequipvn.com, 1
+laberkosmos.tk, 1
+labiblioafronebrulepas.com, 0
+labin.tk, 1
+labina.com.tr, 1
+labinator.com, 1
+labinsights.com, 1
+labirint.cf, 1
+lablaser.tk, 1
+lablic-beta.work, 1
+lablnet.tk, 1
+lablue.ch, 1
+lablue.de, 1
+labmakelaar.com, 1
+labmakelaar.eu, 1
+labms.com.au, 1
+labobooks.com, 1
+labodeguitamigueltorres.cl, 1
+labogue.info, 1
+laboiteanem.fr, 1
+laboiteare.fr, 0
+laboiteasous.com, 1
+laboni.design, 1
+labor-augsburg-mvz.de, 1
+laboratoria.pro, 1
+laboratoriodemarketingb3.com, 1
+laboratorioespressobz.it, 1
+laboratoriomolina.tk, 1
+laborbluesers.ga, 1
+laborbluesest.ga, 1
+labordayauction.org, 1
+labordude.com, 1
+laborriquita.tk, 1
+labortogether.com, 1
+labostark.fr, 1
+labottegafinedistillates.it, 1
+labouncycastlehire.co.uk, 1
+labourmarketinsights.gov.au, 1
+laboutiquedejuliette.com, 1
+laboutiquedeluminia.fr, 1
+laboutiquemarocaineduconvoyeur.com, 1
+laboutiquemarocaineduconvoyeur.ma, 1
+labrat.mobi, 1
+labroma.tk, 1
+labs-is.com, 1
+labs.directory, 1
+labs.lgbt, 1
+labsector.com, 1
+labsitserviss.lv, 1
+labsys.xyz, 1
+labtalleraudiovisual.tk, 1
+labtechsupplyco.com, 0
+labussola.site, 1
+labworking.lt, 1
+labworks.org, 1
+laby.link, 1
+laby.me, 1
+labyrinthinetool.de, 1
+labyrinthus.tk, 1
+lacaey.se, 1
+lacahsa.gov, 1
+lacalderera.tk, 1
+lacallas.tk, 1
+lacantine.xyz, 1
+lacapsule.org, 1
+lacargo.az, 1
+lacarniceria.tk, 1
+lacarretica.cr, 1
+lacasadelmaniqui.net, 1
+lacasadelours.fr, 1
+lacaserita.org, 1
+lacasseroy.com, 1
+lacavedesergio.fr, 1
+lacaveducinquantenaire.com, 1
+lacazadora.tk, 1
+lacebeauty.it, 1
+laceleste.it, 1
+lacellbedding.com, 1
+lacentral.com, 0
+lacera.gov, 1
+lacetsroses.ch, 1
+laceysfarm.ie, 1
+lacfm.cf, 1
+lachain.io, 1
+lachainedesentrepreneurs.fr, 1
+lachaussettedebrasparts.fr, 1
+lachlan-harris.com, 1
+lachlan.com, 1
+lachlanallison.com, 0
+lachlanb.me, 1
+lachyoga-schwieberdingen.de, 1
+laciana.tk, 1
+lacicloud.net, 1
+lacienciadelpanico.tk, 1
+lacity.gov, 1
+lackan.tk, 1
+lackawannanypolicecorruption.org, 1
+lackfer.tk, 1
+lackierereischmitt.de, 1
+laclaque.ch, 0
+lacledelareussite.com, 0
+lacledeslan.com, 1
+lacledeslan.org, 1
+lacledor.ch, 0
+lacnesidlo.sk, 1
+lacoast.gov, 1
+lacochinacounselor.com, 1
+laconcepcion.tk, 1
+laconiapdnh.gov, 1
+lacontrevoie.fr, 1
+lacoquette.gr, 1
+lacorteimoveis.com.br, 1
+lacoste.net, 1
+lacragamerpanel.ml, 1
+lacrimosa.tk, 1
+lacrosselocatorers.ga, 1
+lacrosselocatorest.ga, 1
+lacrossemortgageers.ga, 1
+lacrossemortgageest.ga, 1
+lacrossetribune.com, 1
+lacrossewi.gov, 1
+lacroy.com.br, 1
+lactatiekundigemanouk.nl, 1
+lacuartaorden.tk, 1
+lacuerba.com, 1
+lacuisine.tk, 1
+lacuna-vermoegen.de, 1
+lacyc3.eu, 1
+lacylynn.net, 1
+lad-china.com, 0
+lada-granta.tk, 1
+lada-plus.tk, 1
+ladadate.com, 1
+ladakhtrip.tours, 1
+ladanivabelgium.tk, 1
+ladanmokhtari.tk, 1
+ladbroke.net, 1
+ladder.sport, 1
+ladderfinance.com.au, 0
+ladeboks.dk, 1
+ladedu.com, 1
+ladelicateparenthese.com, 1
+ladenzeile.at, 1
+ladenzeile.de, 1
+ladepeche.fr, 1
+ladies-shoes.tk, 1
+ladiescode.tk, 1
+ladiesrapide.tk, 1
+ladinvestment.ml, 1
+ladisko.tk, 1
+ladislav-antos.cz, 1
+ladislavbrezovnik.com, 0
+lado.ltd, 1
+lado.site, 1
+ladobe.com.mx, 1
+ladocdn.com, 1
+ladocs.tk, 1
+ladocu.cf, 1
+ladotech.cn, 1
+ladotech.com, 1
+ladraiglaan.com, 1
+ladrones.tk, 1
+ladurbo.tk, 1
+lady-blog.ga, 1
+lady-len.com, 1
+lady-sadieann.co.uk, 1
+lady-wishlist.my.id, 1
+ladyangelina.org, 1
+ladyanja.org, 1
+ladybird.tk, 1
+ladybirdeducation.co.uk, 1
+ladyblack.tk, 1
+ladyblackdiamoond.com, 1
+ladyboy.tv, 1
+ladyboyfiles.com, 1
+ladyboyreports.com, 1
+ladyboytube.tv, 1
+ladybugjam.com, 1
+ladybugjunction.com, 1
+ladyestelle.org, 1
+ladyisabell666.com, 1
+ladykarame.org, 1
+ladylakefl.gov, 1
+ladylatoria.net, 1
+ladylucks.co.uk, 1
+ladymadd.fr, 1
+ladymakeup.com.ua, 1
+ladymart.ng, 1
+ladymayonline.tk, 1
+ladymeli.org, 1
+ladyofhopeparish.org, 1
+ladyofsongstv.com, 1
+ladyoxytocin.com, 1
+ladysecrets.cf, 1
+ladysecrets.ga, 1
+ladysybella.net, 1
+ladytron.tk, 1
+ladyvampira.com, 1
+ladyvictoriavalente.com, 1
+ladywishlist.my.id, 1
+laecosmetic.com, 1
+laecosmetics.es, 1
+laedia.com, 1
+laegemiddelstyrelsen.dk, 1
+laembajadamexico.com, 1
+laemiliafutbol.tk, 1
+laempresa.tk, 1
+laencina.tk, 1
+laer.ai, 1
+laerdal.com, 1
+laerepenger.no, 1
+laerted.ga, 1
+laeryn.com, 0
+laesisvefurinn.is, 1
+laetitia-hypnocoach.fr, 1
+laettnercamps.com, 1
+laetusinpraesens.org, 1
+laeva.edu.ee, 1
+laextra.mx, 1
+lafansite.tk, 1
+lafantasticatravel.com, 1
+lafattoriabiologica.com, 1
+lafattoriadiclotilde.it, 1
+lafayette-rushford.com, 1
+lafayettechippewawi.gov, 1
+lafayetteco.gov, 1
+lafayettecountymo.gov, 1
+lafayettemalleg.com, 1
+lafayettetnfd.gov, 1
+lafayettewcwi.gov, 1
+lafcoar.gov, 1
+lafeemam.fr, 1
+lafeepraline.fr, 1
+lafermegourmande.fr, 1
+laffer.tk, 1
+laffgaff.com, 1
+lafika.ddns.net, 1
+lafillepolyvalente.ca, 1
+lafillepolyvalente.com, 1
+lafka.org, 1
+laflanelle.fr, 1
+laflash.com, 1
+lafleur-salon.tk, 1
+laforgia.xyz, 1
+lafr4nc3.xyz, 1
+lafraia.com, 1
+lafraia.com.br, 1
+lafsc.co.uk, 1
+lafuentespain.com, 1
+lafuriadelguardiancelta.tk, 1
+lag-fan.tk, 1
+lag-gbr.gq, 1
+lagaleria-ag.com, 1
+lagalerieduchanvre.fr, 1
+lagencerie.fr, 1
+lagendijk.org, 1
+lagerauftrag.info, 1
+laget.se, 1
+laghiinitalia.com, 1
+lagier.xyz, 1
+lagin.cz, 1
+laginghanda.gov.ph, 1
+lagit.in, 0
+laglab.org, 0
+lagloriadehuampani.com, 1
+lagodny.eu, 1
+lagoonrealty.com, 1
+lagos-car-hire.com, 1
+lagoscooperativecollege.com, 1
+lagotto.tk, 1
+lagout.org, 1
+lagovistatexas.gov, 1
+lagracia.com.br, 1
+lagrangiandesign.com, 1
+lagriffeduservice.fr, 1
+lagriot.com, 1
+lagrollabz.it, 1
+lagrotta.pizza, 1
+lagrottabergenopzoom.nl, 1
+lagroza.tk, 1
+lagsoftware.com, 0
+laguiadeliman.com.ar, 1
+laguiadelpapa.com, 1
+laguiainmobiliaria.com.co, 1
+laguinguette.fr, 0
+lagunadiosdalmatians.tk, 1
+lagunakitchenandbath.com, 1
+lagunaklub.tk, 1
+laguscei.com, 1
+laguterbaru.gq, 1
+lahabra.gov, 1
+lahacker.net, 1
+lahaine.org, 1
+lahalte-buvette.fr, 1
+lahermandad.tk, 1
+lahirusblog.tk, 1
+lahmer.ma, 1
+lahoguera.tk, 1
+lahoratunante.tk, 1
+lai.is, 1
+lailabanx.org, 1
+lailai.link, 1
+lain.at, 1
+lain.la, 1
+lain.wiki, 1
+laindonleisure.co.uk, 1
+lainoa.eus, 1
+laipert.com, 1
+lairdutemps-bbe.fr, 1
+laisk.ru, 1
+laity.gq, 1
+laiweiyi.com, 1
+lajarana.tk, 1
+lajauria.tk, 1
+lajessaofrancisco.com.br, 1
+lajetlingerie.nl, 1
+laji.fi, 1
+lajijonencadebarbera.com, 1
+lajme-shqip.gq, 1
+lajornadafilipina.com, 1
+lajusta.tk, 1
+lak-berlin.de, 0
+lak.li, 1
+lakabina.tk, 1
+lakatos.tk, 1
+lakatrop.com, 1
+lake-baikal.ml, 1
+lakeandriverrestoration.com, 1
+lakearthurnm.gov, 1
+lakecity-obgyn.com, 1
+lakeclerkfl.gov, 1
+lakecountyclerkfl.gov, 1
+lakecountyco.gov, 1
+lakecountytn.gov, 1
+lakedeltonwi.gov, 1
+lakeee.com, 1
+lakegenevanews.net, 1
+lakehavasuhouserentals.com, 1
+lakeheadfreight.biz, 1
+lakeheadlions.com, 1
+lakelafayettemo.gov, 1
+lakelandbank.com, 1
+lakemary-doctor.com, 1
+lakemillsiowa.gov, 1
+lakenheathfss.com, 1
+lakenheathfss.marketing, 1
+lakenheathfss.support, 1
+lakepoint.gov, 1
+lakerfreight.ca, 1
+lakerfreight.com, 1
+lakersview.com, 1
+lakesaintlouismo.gov, 1
+lakesherwoodelectric.com, 1
+lakesherwoodelectrical.com, 1
+lakesherwoodelectrician.com, 1
+lakesherwoodexteriorlighting.com, 1
+lakesherwoodlandscapelighting.com, 1
+lakesherwoodlighting.com, 1
+lakesherwoodoutdoorlighting.com, 1
+lakeshiremo.gov, 1
+lakesideweb.design, 1
+lakestreetministorage.com, 1
+lakesviewrobina.com.au, 1
+laketanglewoodtx.gov, 1
+laketontwpmi.gov, 1
+laketownmn.gov, 1
+lakeview.photography, 1
+lakevotes.gov, 1
+lakewaccamawnc.gov, 1
+lakewinnipegdatastream.ca, 1
+lakewoodco.gov, 1
+lakewoodcomputerservices.com, 1
+lakewoodcourtoh.gov, 1
+lakewoodoh.gov, 1
+lakewylietax.com, 1
+lakichat.fi, 1
+lakkt.de, 1
+lakle.com, 1
+lakonia.com.br, 1
+lakorona.tk, 1
+laksa.life, 1
+lakupaavi.tk, 1
+lalagunachalate.tk, 1
+lalaloe.be, 1
+lalaog.com, 1
+lalarosas.com, 1
+lalaserniagara.ca, 1
+lalaya.fr, 1
+laled.ch, 0
+laleggepertutti.it, 1
+lalegria.tk, 1
+lalelal.me, 1
+laleli.biz, 1
+lalerou.com, 1
+lalettrepatriote.com, 0
+lalibella.co.uk, 1
+lalokura.tk, 1
+lalucepulsata.it, 1
+lalucha.tk, 1
+lalucioledigitale.com, 0
+lalunedangkor.com, 0
+lalyre-corcelles.ch, 0
+lamafioso.com, 1
+lamai-crochets.fr, 1
+lamaisondufort.fr, 1
+lamaisonfantastique.fr, 1
+lamakat.de, 1
+lamalapalabra.tk, 1
+lamaletademano.com, 1
+lamaline.tk, 1
+lamalleauxsaveurs-aubigny.com, 1
+lamanchelibre.fr, 1
+lamanzanamordida.net, 1
+lamarieealhonneur.com, 0
+lamasacre.tk, 1
+lamaskill.com, 1
+lamaturitadidaniele.ml, 1
+lambassadors.com, 1
+lambauer.com, 1
+lambda.sx, 1
+lambdajournal.com, 1
+lambdaof.xyz, 1
+lambertshealthcare.co.uk, 1
+lambertz.xyz, 1
+lamblogs.com, 1
+lamboo.be, 1
+lamborghi.ni, 1
+lamchannang.com, 1
+lamclam.site, 1
+lamcondaugia-khacdaugia.com, 1
+lamconnect.com, 1
+lamdav.com, 1
+lameco.com, 1
+lamed.cz, 1
+lamedog.tk, 1
+lamedubois-parquet.fr, 0
+lamei-group.com, 1
+lamergameryt.xyz, 1
+lamet-kher.tk, 1
+lameusame.be, 1
+lamigoshevora.pt, 1
+laminaatdealer.nl, 1
+laminine.info, 1
+laminsaho.tk, 1
+lamisionband.tk, 1
+lamleybrothers.co.uk, 1
+lammersmarketing.com, 1
+lammertbies.com, 1
+lammertbies.nl, 1
+lamminhquang.com, 1
+lamnea.se, 1
+lamontre.ru, 1
+lamorera.tk, 1
+lamorralla.tk, 1
+lamp.re, 0
+lampandlight.eu, 1
+lamparassevilla.com, 1
+lampbooks.gq, 1
+lampco.com, 1
+lampeetlumiere.fr, 1
+lampenlicht.be, 1
+lampenlicht.nl, 1
+lampenundleuchten.de, 1
+lamper-design.nl, 1
+lampertheimer-zeitung.de, 1
+lamplightvideo.com, 1
+lampposthomeschool.com, 1
+lamppostpublishing.com, 1
+lampsh.ml, 1
+lampsi.ru, 1
+lampyiswiatlo.pl, 1
+lamsa.tk, 1
+lamudi.ga, 1
+lamuixeranga.tk, 1
+lamujerquesoy.com, 0
+lan-der.de, 1
+lan-der.net, 1
+lan-divy.com, 1
+lan-divy.fr, 1
+lan-x.no, 1
+lan.biz.tr, 1
+lan.re, 1
+lanabello.com.br, 1
+lanaengel.com, 1
+lanagiselle.net, 1
+lanahallen.com, 1
+lanaturedaure.com, 1
+lanausea.tk, 1
+lanbroa.eu, 1
+lancashirebeekeepers.org.uk, 1
+lancashirecca.org.uk, 1
+lancastercountysc.gov, 1
+lancasterma.gov, 1
+lancastertableandseating.com, 1
+lancastervillageny.gov, 1
+lance.com.br, 1
+lancea.pl, 1
+lancejames.com, 1
+lancelafontaine.com, 1
+lancelhoff.com, 1
+lancelucido.tk, 1
+lancemanion.com, 1
+lancerm.com, 1
+lancertactical.eu, 1
+lanceyip.com, 1
+lanchong.tk, 1
+lanconstruct.be, 1
+lancyvbc.ch, 0
+land.nrw, 0
+landart.tk, 1
+landassessmentservices.com, 1
+landbouwpowers.tk, 1
+landc.com.ua, 1
+landchecker.com.au, 1
+landcomputer.hu, 1
+landegge.nl, 1
+landell.ml, 1
+landeseiten-optimieren.de, 1
+landfinity.com, 1
+landflirt.de, 1
+landforsale.co.il, 1
+landfrauen-hermetschwil.ch, 1
+landgoeddorrebeek.be, 1
+landgorilla.com, 1
+landindex.io, 1
+landinfo.no, 1
+landingtransport.com, 1
+landkind.com, 1
+landkreis-augsburg.de, 1
+landloperfm.tk, 1
+landlordy.com, 1
+landmatrix.org, 0
+landofelves.net, 0
+landofmerlin.tk, 1
+landofoz.dynu.net, 1
+landoftherisingson.com, 0
+landoftile.com, 1
+landolakeswi.gov, 1
+landoncreekapartments.com, 1
+landonkhull.ddns.net, 1
+landoverhillsmd.gov, 1
+landroverexpo.com.au, 1
+landroveruganda.club, 1
+landscape-photography.org, 1
+landscapelightingagoura.com, 1
+landscapelightingagourahills.com, 1
+landscapelightingcalabasas.com, 1
+landscapelightingcamarillo.com, 1
+landscapelightingconejovalley.com, 1
+landscapelightingdosvientos.com, 1
+landscapelightinghiddenhills.com, 1
+landscapelightinglakesherwood.com, 1
+landscapelightingmalibu.com, 1
+landscapelightingmoorpark.com, 1
+landscapelightingnewburypark.com, 1
+landscapelightingoakpark.com, 1
+landscapelightingpacificpalisades.com, 1
+landscapelightingsimivalley.com, 1
+landscapelightingthousandoaks.com, 1
+landscapelightingwestlakevillage.com, 1
+landscapeloaners.ga, 1
+landscapeloanest.ga, 1
+landscapephotography.org.au, 1
+landscaping-montreal.com, 1
+landscaping.ga, 1
+landscaping.gq, 1
+landscapingrepairers.ga, 1
+landsearch.com, 1
+landsforsale.co.il, 1
+landshaftnic.ru, 1
+landslide.tk, 1
+landtrack.com.au, 1
+landverliebt.de, 1
+landware.cf, 1
+landzicht.tk, 1
+lane.computer, 1
+lanefinder.com, 1
+lanehealth.com, 0
+lanetix.com, 1
+lanforalla.se, 1
+lang-php.com, 1
+langadeduero.tk, 1
+langages-programmation.tk, 1
+langapi.com, 1
+langatang.com, 1
+langauto.hu, 1
+langbein.org, 1
+langcom.org, 1
+langenberg.tk, 1
+langenu.tk, 1
+langer-bauwerk.de, 1
+langgasse-baar.ch, 1
+langhun.me, 1
+langley.tk, 1
+langleyok.gov, 1
+langleyporter.com, 1
+langlois-chateau.fr, 1
+langly.fr, 1
+langrock.info, 0
+langthaler.cc, 1
+langtonsant.es, 1
+languageatplay.de, 1
+languagecert.org, 1
+languagecourse.net, 1
+languageeducation.ml, 1
+languageguesser.com, 1
+languageio.com, 1
+languagekeyboard.net, 1
+languages.services, 1
+languagesandnumbers.com, 1
+languageterminal.com, 1
+langworth.com, 0
+langzeit-reisen.com, 1
+langzijn.nl, 0
+lanhhuyet510.tk, 1
+lanhydrockap.co.uk, 1
+lanispa.com, 1
+lankana.tk, 1
+lankarkivet.tk, 1
+lankatongtravel.lk, 1
+lanlaog.com, 1
+lanmail.tk, 1
+lanna.io, 1
+lannainnovation.com, 1
+lannamontessori.com, 1
+lannatefl.com, 1
+lanny.ga, 1
+lanodan.eu, 1
+lanomina.net, 1
+lanostrasalute.it, 1
+lanoticia.com, 0
+lanourotteguiry.fr, 1
+lanparty.si, 1
+lanroamer.de, 1
+lansdell.family, 1
+lanselot.com, 1
+lansenou.com, 1
+lansilesia.tf, 1
+lansingtwpmi.gov, 1
+lansingvotes.gov, 1
+lansink.it, 1
+lansociety.org, 1
+lansoft.site, 1
+lansoftware.eu, 1
+lanternalauth.com, 1
+lanternhealth.org, 1
+lantian.pub, 1
+lanturtle.com, 1
+lanuitshanghai.ca, 1
+lanuovariviera.it, 1
+lanx.com.br, 1
+lanyang.tk, 1
+lanyards.com.au, 1
+lanyardsfactory.com.au, 0
+lanyundev.com, 1
+lanzalex.com, 1
+lanzamientovirtual.es, 1
+lanzarote.com, 1
+lanzastil.com, 1
+lao.dog, 1
+laobayy.com, 1
+laoctavadireccion.tk, 1
+laodongkynghi.info, 1
+laohei.org, 0
+laolaweb.tk, 1
+laoliang.ml, 1
+laonawatersewerwi.gov, 1
+laonawi.gov, 1
+laoriginalfm.com, 1
+laorquestadelamemoria.tk, 1
+laospage.com, 1
+laostiaradio.tk, 1
+laotravoz.tk, 1
+laowang.run, 1
+laoying.tv, 1
+laozhu.me, 1
+lapageamelkor.org, 1
+lapaginadejuanjo.tk, 1
+lapaksulawesi.tk, 1
+lapakus.com, 1
+lapapeleriadelola.com, 1
+laparcela.tk, 1
+lapari.gr, 0
+laparoscopyhospital.com, 1
+lapasticcerianaturale.store, 1
+lapatiala.com, 1
+lapazsheriff.org, 1
+lapcameradongnai.com, 1
+lapcamerahochiminh.com, 1
+lapcoversers.ga, 1
+lapcoversest.ga, 1
+lapdance.tk, 1
+lapeercountymi.gov, 1
+laperfumista.es, 1
+laperla-chemnitz.de, 1
+laperladelduero.tk, 1
+laperreraflamenca.tk, 1
+lapesbaldai.lt, 1
+lapetitefontaine.restaurant, 1
+lapicena.eu, 1
+lapina.tk, 1
+lapinas.com, 1
+lapinator.net, 1
+lapinmalin.tk, 1
+lapismagico.com, 1
+lapix.com.co, 1
+laplace.chat, 1
+laplace.live, 0
+laplace.network, 1
+laplacesicherheit.de, 1
+lapland.shop, 1
+laplasadalsol.tk, 1
+laplazita.tk, 1
+lapluma.tk, 1
+lapolvora.ga, 1
+lapoly.ga, 1
+laponder.online, 1
+laponders.com, 1
+laporantercepat.com, 1
+laportedufutur.org, 1
+lapparente-aise.ch, 0
+lappari.com, 1
+lappersfort.tk, 1
+lapps.es, 1
+laprairiewi.gov, 1
+laprensadelasagradafamilia.org, 1
+lapseofsanity.net, 1
+lapshore.com, 1
+laptop-sewamurah.com, 1
+laptophub.net, 1
+laptopnaive.com, 1
+laptopnewbie.eu.org, 1
+laptoppowerjackinc.com, 1
+laptopsperu.com, 0
+laptopuri.tk, 1
+laptopvideo2go.com, 1
+laptopworld.dk, 1
+lapublicpress.org, 1
+lapulgaflamenco.com, 1
+laqira.io, 1
+laquestionviterepondue.com, 1
+lara-eu.org, 1
+larabergmann.de, 1
+larabouillere.fr, 1
+laracode.eu, 1
+laracumkitten.org, 1
+laradiorespuestas.tk, 1
+laraemarcos.ga, 1
+laraeph.com, 1
+larafabian.tk, 1
+larafoxx.org, 1
+laralove.org, 1
+laramewa.tk, 1
+laramiecountywy.gov, 1
+laramiedental.com, 1
+laranjada.org, 1
+larasm.tk, 1
+laravel.software, 1
+laravelcommunity.asia, 1
+larawoodarts.com, 1
+larax.tk, 1
+larbertbaptist.org, 1
+larcaenviro.com, 1
+larch.gq, 1
+larche.org.pl, 1
+larchmontbuzz.com, 1
+larchmontny.gov, 1
+larcs.co.uk, 1
+lareclame.fr, 1
+lared-vps.ovh, 1
+lareduction.be, 1
+lareduction.ch, 1
+lareduction.fr, 1
+lareginetta.com, 1
+larepenger.no, 1
+larepublicacultural.es, 1
+larete.ch, 1
+large-print.ru, 1
+largerpweor.uk, 1
+largescaleforums.com, 1
+largest-soldiers.cf, 1
+largeviewer.com, 1
+laricameche.com, 0
+larifari.ch, 1
+larigami.de, 1
+larimarhomes.ca, 1
+larimer.gov, 1
+larimercolorado.gq, 1
+lariscus.eu, 1
+lariviereaux7pierres.com, 1
+larkenshine.com, 1
+larkeydesign.com, 1
+larkinkerluke.cf, 1
+larkleclear.com, 1
+larmenta.tk, 1
+laro.tk, 1
+larobba.ddns.net, 1
+laromlab.tk, 1
+larondenet.tk, 1
+larondinedisinfestazione.com, 1
+larosadelosvientos.tk, 1
+larotative.info, 1
+larousse-edu.fr, 1
+larpkalender.ch, 1
+larptreff.de, 1
+larry.buzz, 1
+larryandprisca.it, 1
+larryli.cn, 1
+larrysalibra.com, 1
+lars-kusch.de, 1
+lars-mense.de, 1
+lars-mielke.de, 0
+lars.cloud, 1
+lars.moi, 1
+lars.software, 1
+larsartmann.com, 1
+larsberglund.tk, 1
+larsentransfer.com, 1
+larser.tk, 1
+larseriksson.es, 1
+larsi.org, 1
+larsklene.nl, 1
+larsklint.com, 1
+larsm.org, 1
+larsnittve.tk, 1
+larsvontrier.tk, 1
+lartduportrait.fr, 1
+laruecountyky.gov, 1
+laruralevolution.gov, 1
+larver.tk, 1
+larvps.com, 1
+las-chichis.tk, 1
+las.so, 1
+las7verticales.tk, 1
+lasabina.it, 1
+lasalle.org.co, 1
+lasallecountyil.gov, 1
+lasandwicheriamedellin.com, 1
+lasanious.com, 1
+lasarmas.com, 1
+lasavonnerieducroisic.fr, 1
+lascana.co.uk, 1
+laschoolpolice.gov, 1
+lascruces.gov, 1
+lasdelgadas.tk, 1
+lasept.com.ua, 1
+laser-toners.tk, 1
+lasercareestetica.com.br, 1
+lasercloud.ml, 1
+laserena.tk, 1
+lasereyess.net, 1
+laserhealthsolutions.com, 1
+laserplaza.de, 1
+laserplaza.net, 1
+laserpunch.tk, 1
+lasersolutions.tk, 1
+lasertel.com.pk, 1
+lasfolladoras.com, 1
+lasik-safely.com, 1
+lasinfusiones.com, 0
+lasiodora.tk, 1
+lasittellecosmetiques.com, 1
+lasix-medication.cf, 1
+lasix-medication.gq, 1
+lasix-medication.tk, 1
+lask.in, 1
+laslilas.tk, 1
+laslo-hauschild.eu, 1
+lasmallbizonline.gov, 1
+lasmesas.tk, 1
+lasmoarquitectos.com, 1
+lasmorfianapoletana.com, 1
+lasofertas.tk, 1
+lasourisglobe-trotteuse.tk, 1
+laspalmerasdelnorte.tk, 1
+laspeligrosas.tk, 1
+laspeludas.tk, 1
+laspequenassemillas.com, 1
+laspirale.tk, 1
+laspoesias.com, 1
+lasrecetasdeguada.com, 1
+lasse-boberg.tk, 1
+lasse-it.dk, 0
+lasseaktiv.art, 1
+lasseaktiv.com, 1
+lasseaktiv.es, 1
+lasseleegaard.com, 1
+lasseleegaard.dk, 1
+lasseleegaard.net, 1
+lasseleegaard.org, 1
+lassencanyonnursery.com, 1
+lassencoe.gov, 1
+lassesworld.com, 1
+lassesworld.se, 1
+lassovideos.com, 1
+lasst-uns-beten.de, 1
+last-strike.org, 1
+lastallaexotics.com, 1
+lastbooks.gq, 1
+lastcast.bg, 1
+lastenrad-gifhorn.de, 1
+lasthome.co.uk, 1
+lastingmarksers.ga, 1
+lastingmarksest.ga, 1
+lastingsmiles.org, 1
+lastkaj14.tk, 1
+lastlowtest.tk, 1
+lastmile.ml, 1
+lastminutehealthcare.com, 1
+lastmohicans.tk, 1
+lastorder.icu, 1
+lastorderguild.tk, 1
+lastorders.tk, 1
+lastoriadellecose.tk, 1
+lastpass.com, 0
+lastrada.tk, 1
+lastrik.ch, 1
+lastsunset.tk, 1
+lasttootinaws.com, 1
+lasttweetinaws.com, 1
+lastville.com, 1
+lastwill.ie, 1
+lasvegascasinonews.com, 1
+lasvegasdiscountattractions.com, 1
+lasvegasfit.org, 1
+lasvegasnevada.gov, 1
+laszlo.sh, 1
+laszloinstitute.com, 1
+laszlotamas.hu, 1
+lat.sk, 1
+lata.my, 1
+latabledebry.be, 1
+latahcountyid.gov, 1
+latakuta.com, 1
+latanadelpolpo.it, 1
+latardeurbana.cf, 1
+latardeurbana.ga, 1
+latardeurbana.gq, 1
+latardeurbana.ml, 1
+latardeurbana.tk, 1
+latchplus.com, 1
+late.am, 0
+lateams.ml, 1
+latecnosfera.com, 1
+latedeals.co.uk, 1
+latedecisioners.ga, 1
+latedecisionest.ga, 1
+latefeeking.com, 1
+latefeeking.net, 1
+latefeeking.org, 1
+latelatetoyshow.ie, 1
+lateliercantaldeco.fr, 1
+lateliercreationbougie.fr, 1
+latemarch.com, 1
+laten.tk, 1
+latenitefilms.com, 0
+latentviewanalytics.com, 1
+lateral.dog, 1
+lateralsecurity.com, 0
+lateraltrust.com, 1
+laterremotodealcorcon.tk, 1
+latestairfaredeals.com, 1
+latestbitcoinnews.io, 1
+latestbitcoinnews.org, 1
+latestcoin.tk, 1
+latestimmigrationnews.today, 1
+latestjobhub.in, 1
+latestmobiles.tk, 1
+latestnewsonworld.tk, 1
+latestnewstelugu.com, 1
+latestpornvideos.com, 1
+latestsonglyrics.ml, 1
+latetrain.cn, 1
+latexmattress.com, 1
+latexspuitenspecialist.nl, 1
+lathamlabs.com, 1
+lathamlabs.net, 1
+lathamlabs.org, 1
+lathamwatkinsplatform.com, 1
+latherjacket.com, 1
+latia.tk, 1
+latiamona.com, 1
+latiendawapa.com, 1
+latifolia.com, 1
+latinacon.com, 1
+latinapress.it, 1
+latinatoday.it, 1
+latinmusiccollection.tk, 1
+latinoguysporn.com, 1
+latintoy.com, 0
+latinwomen.tk, 1
+latitudesign.com, 0
+latka.tk, 1
+latnetwork.com, 1
+latoken.com, 1
+latos.tk, 1
+latour-managedcare.ch, 1
+latourist.com, 1
+latremebunda.com, 1
+latrobefinancial.com.cn, 1
+latrynchera.tk, 1
+lattyware.co.uk, 1
+lattyware.com, 1
+latuadro.ga, 1
+latviaonline.tk, 1
+laubacher.io, 1
+laube-school.com, 1
+laubo.tk, 1
+lauchundei.at, 1
+laud.io, 1
+laudableapps.com, 1
+laudablesites.com, 1
+laudon.nl, 1
+laudwein.fr, 1
+laufpix.de, 1
+lauftreff-himmelgeist.de, 0
+laugarvatn.com, 1
+laughinggrapepublishing.com, 1
+laughingloon.com, 1
+laughlinfss.com, 1
+laughlinfss.marketing, 1
+laukstein.com, 1
+laultimaestacion.tk, 1
+launchfinderers.ga, 1
+launchfinderest.ga, 1
+launchgroup.com.au, 1
+launchindonesia.com, 1
+launchpad-app2.com, 1
+launchpadder2.com, 1
+laundrylessonsers.ga, 1
+laundrylessonsest.ga, 1
+laupapk.edu.ee, 1
+laura.network, 1
+lauraandwill.wedding, 0
+laurable.com, 1
+lauradavis.net, 1
+lauraenvoyage.fr, 1
+laurahausmann.de, 1
+laurainnes.tk, 1
+laurakashiwase.com, 1
+lauralaurant.tk, 1
+lauralinde.de, 1
+lauraohagan.com, 1
+laurasplacefamilysupport.org.au, 1
+laurateen.net, 1
+lauravaindumentaria.com, 1
+laureadesigns.com, 1
+laureaty.tk, 1
+laurelcountycorrectionsky.gov, 1
+laurelcountysheriff.gov, 1
+laurelmd.gov, 1
+lauren.gq, 1
+laurenball.com, 1
+laurencball.com, 1
+laurenceandumehltd.com, 1
+laurencesmits.com, 0
+laurenell.com, 1
+laurenleesmith.tk, 1
+laurenlobue.com, 1
+laurenslatest.com, 1
+laurensvanderblom.nl, 1
+laurentfinance.com, 1
+laurentianlanes.com, 1
+lauresta.lt, 1
+lauresta.lv, 1
+lauretta.io, 1
+lauriane-garcia.avocat.fr, 1
+laurikari.net, 1
+laurindale.tk, 1
+laurineprice.com, 1
+laurinhaepaulo.ga, 1
+lauriuc.sk, 1
+lausannedentiste.ch, 0
+lausannelovers.ch, 0
+laut.digital, 1
+lautremode.com, 0
+lauxarchitekten.com, 1
+lauxincost.cf, 1
+lauzon-hitter.com, 1
+lava.moe, 1
+lavabit.com, 1
+lavabit.no, 1
+lavaggio.it, 1
+lavaggista.it, 1
+lavaldostana.es, 1
+lavalledelgusto.it, 1
+lavalon.tk, 1
+lavamine.tk, 1
+lavamob.com, 1
+lavamobiles.com, 1
+lavanderia.it, 1
+lavanderia.roma.it, 1
+lavarex.co.jp, 1
+lavasing.eu.org, 1
+lavavetri.it, 1
+lavdiazofficial.tk, 1
+laveg.edu.ee, 1
+lavenderx.org, 1
+laventura.tk, 1
+lavhire.tk, 1
+laviaregia.com, 1
+laviedalex.ovh, 1
+lavinaec.com, 1
+lavinya.net, 1
+laviro.tk, 1
+lavish.co.id, 1
+lavita.de, 1
+lavitagarden.tk, 1
+lavka.cf, 1
+lavkafreida.ru, 1
+lavkatsvetov.ru, 0
+lavki.tk, 1
+lavndor.net, 1
+lavocedelviolino.it, 1
+lavochka.tk, 1
+lavoieducoeur.be, 1
+lavoiepharmd.com, 1
+lavoixdesmigraineux.fr, 1
+lavolte.net, 0
+lavoniaga.gov, 1
+lavontx.gov, 1
+lavote.gov, 1
+lavozdelamusicachilena.tk, 1
+lavozderanquil.tk, 1
+lavril.fr, 1
+law-ag.com, 1
+law-colleges.com, 1
+law-moshkovich.co.il, 1
+law-peters.de, 1
+law-profile.com, 1
+law-zur.co.il, 1
+law.co.il, 1
+law.kg, 1
+law22.com, 1
+lawabidingcactus.com, 1
+lawandtheworkplace.com, 1
+lawcancer.cf, 1
+lawcer.com, 1
+lawcover.com.au, 1
+lawda.ml, 1
+lawdepot.ca, 1
+lawebdeljose.tk, 1
+lawebnobasta.tk, 1
+lawebstar.it, 1
+lawenforcementedu.net, 1
+lawfirmyashajustice.co.id, 1
+lawflaws.com, 1
+lawguidesingapore.com, 1
+lawhery.com, 1
+lawinorder.com, 1
+lawinorder.com.au, 1
+lawlessenglish.com, 1
+lawlessfrench.com, 1
+lawlessitalian.com, 1
+lawlessspanish.com, 1
+lawluxury.com, 1
+lawma.one, 1
+lawmint.com, 1
+lawn-seeds.com, 1
+lawnandordercs.com, 1
+lawnenvyva.com, 1
+lawnkitsers.ga, 1
+lawnkitsest.ga, 1
+lawnlessonsers.ga, 1
+lawnlessonsest.ga, 1
+lawnsearchers.ga, 1
+lawnsearchest.ga, 1
+lawnuk.com, 1
+lawpay.com, 1
+lawportal.com.ua, 1
+lawrad.com, 1
+lawrenca.com, 1
+lawrence-institute.com, 1
+lawrence.one, 1
+lawrencebaker.me, 1
+lawrenceberg.nl, 1
+lawrenceclarkemd.com, 1
+lawrencecountyboe-ohio.gov, 1
+lawrencecountyky.gov, 1
+lawrencecountymo.gov, 1
+lawrencecountymo911.gov, 1
+lawrencecountypa.gov, 1
+lawrencecountysd.gov, 1
+lawrencemurgatroyd.com, 1
+lawrencewhiteside.com, 1
+lawrencewi.gov, 1
+lawsoner.tk, 1
+lawsuit.tk, 1
+lawsuitconsultanters.ga, 1
+lawsuitconsultantest.ga, 1
+lawtimesnews.com, 1
+lawton-is.com, 1
+lawvize.com, 1
+lawyer.cf, 1
+lawyerboksburg.co.za, 1
+lawyerdigital.co.bw, 1
+lawyeredu.org, 1
+lawyermidrand.co.za, 1
+lawyerscredentialsers.ga, 1
+lawyerscredentialsest.ga, 1
+lawyerscreenerers.ga, 1
+lawyerscreenerest.ga, 1
+lawyersofmissouri.com, 1
+lawzakon.tk, 1
+lawzana.com, 1
+lawzava.com, 1
+laxaf.com, 1
+laxxl.com, 1
+layan-luxurylighting.com, 1
+layazc.com, 1
+laycock.org.uk, 1
+layer.it, 1
+layermesh.net, 1
+layers.media, 1
+layflamso.tk, 1
+laylo.io, 1
+laylo.nl, 1
+laymans911.info, 1
+layoutsatzunddruck.de, 1
+layt.org, 1
+laythetable.com, 1
+layxw.com, 1
+lazarus.es, 1
+lazarusalliance.com, 1
+lazell.de, 1
+lazell.uk, 1
+lazer.cf, 1
+lazerepilasyonankara.tk, 1
+lazerinitiative.org, 1
+lazerus.net, 1
+lazerus.pw, 1
+lazibeach.tk, 1
+lazionews24.com, 1
+lazisbaiturrahman.org, 1
+lazismuprovgorontalo.or.id, 0
+lazistance.com, 1
+lazo.futbol, 1
+lazonacartagena.tk, 1
+lazonita.tk, 1
+lazorgun.com, 1
+lazosamericaunida.org, 1
+lazosargentina.tk, 1
+lazoscollection.com, 1
+lazowik.pl, 1
+lazownik.pl, 1
+lazudi.com, 1
+lazulu.com, 1
+lazurit.com, 0
+lazyboston.com, 1
+lazyframe.com, 1
+lazyhelp.com, 1
+lazynap.com, 1
+lazysoftware.fr, 1
+lazytapir.com, 1
+lazytux.org, 1
+lazywaves.tk, 1
+lazzo.ml, 1
+lazzzy.com, 1
+lb-music.tk, 1
+lb-toner.de, 1
+lb366.cc, 1
+lba-rpg.tk, 1
+lbarrios.es, 1
+lbayer.com, 1
+lbbw-markets.de, 1
+lbc-podcast.tk, 1
+lbc.gr, 1
+lbda.net, 1
+lbhpartners.com, 1
+lbi-pg.fr, 1
+lbihrhelpdesk.com, 1
+lbio.nl, 1
+lbj.tw, 1
+lbjlibrary.gov, 1
+lbk.vn, 1
+lbls.me, 0
+lbofrance.com, 1
+lbpc.pro, 0
+lbrlh.tk, 1
+lbrli.tk, 1
+lbrls.tk, 1
+lbsgroup.co.uk, 1
+lbwl.com, 1
+lc-cs.com, 0
+lc-promiss.de, 1
+lc-suites.gr, 1
+lc040.com, 1
+lc08080.com, 1
+lc18.vip, 1
+lc3720.com, 0
+lc3736.com, 1
+lc3744.com, 1
+lc3745.com, 1
+lc3759.com, 1
+lc50000.com, 0
+lc58588.com, 0
+lc6601.com, 1
+lc6603.com, 1
+lc6607.com, 1
+lc6632.com, 1
+lc6656.com, 1
+lc6659.com, 1
+lc6665.com, 1
+lc6686.com, 1
+lc7.fun, 1
+lc8005.com, 1
+lc80802.com, 1
+lc80805.com, 1
+lc80806.com, 1
+lc80807.com, 1
+lc80810.com, 1
+lc80811.com, 1
+lc80812.com, 1
+lc80814.com, 1
+lc80815.com, 1
+lc80816.com, 1
+lc80817.com, 1
+lc80820.com, 1
+lc859.com, 0
+lc862.com, 1
+lc863.com, 1
+lc869.com, 1
+lc871.com, 0
+lc873.com, 0
+lc875.com, 0
+lc879.com, 0
+lc8812.com, 1
+lc8820.com, 0
+lc8839.com, 1
+lc8841.com, 1
+lc8881.com, 0
+lc8885.com, 0
+lc8887.com, 0
+lc891.com, 0
+lc897.com, 1
+lc8c.com, 1
+lc8guidance.com, 1
+lc9108.com, 1
+lc9256.com, 0
+lc98.net, 1
+lc9852.com, 1
+lc9862.com, 1
+lc9899.com, 1
+lc9900.com, 1
+lc9910.com, 1
+lc9920.com, 1
+lc9930.com, 1
+lc9940.com, 1
+lc9950.com, 1
+lca.gov, 1
+lcacommons.gov, 0
+lcaonline.tk, 1
+lccwillcounty.gov, 1
+lcdchart.com, 1
+lcdf.education, 1
+lce-events.com, 1
+lcemsami.gov, 1
+lcfwasa.gov, 1
+lcgaj.com, 1
+lcht.ch, 0
+lchtraf.com, 1
+lcistit.ru, 1
+lclarkpdx.com, 1
+lclnet.de, 1
+lcnwallet.com, 1
+lcnxp.com, 1
+lcr94.org, 1
+lcrehlingen.de, 1
+lcrmscp.gov, 1
+lcs.wiki, 1
+lcsoftware.tk, 1
+lcsomo.gov, 1
+lcti.biz, 1
+lcvip5.com, 1
+lcvip6.com, 1
+lcvip8.com, 1
+lcwater.com.tw, 1
+lcwc911pa.gov, 1
+lcwebsite.cn, 1
+lcx.cc, 1
+lcy.cat, 1
+lcy.moe, 1
+ld-begunjscica.si, 1
+ldcraft.pw, 1
+lddr.io, 1
+ldemb.com, 1
+ldesignweb.com, 1
+ldgardenservices.co.uk, 1
+ldiesel.ca, 1
+ldjb.jp, 1
+ldlcorrentes.com.br, 1
+ldlorangecountylocksmith.com, 0
+ldm2468.com, 1
+ldsvoicesoftherestoration.com, 1
+ldtborovina.cz, 1
+ldts.es, 1
+ldts.us, 1
+ldtv.top, 1
+ldvsoft.net, 0
+ldwiki.ml, 1
+ldx.design, 1
+le-13.fr, 1
+le-bar.org, 1
+le-caprice.co.uk, 1
+le-clos-st-loup.fr, 1
+le-club.co, 1
+le-controle-parental.fr, 1
+le-creux-du-van.ch, 0
+le-drive-de-just-vet.fr, 1
+le-forum.tk, 1
+le-fumoir.com, 1
+le-h.de, 1
+le-marais.be, 1
+le-page.info, 0
+le-palantir.com, 1
+le-parrain-boursorama.fr, 1
+le-reso.com, 1
+le-romien.tk, 1
+le-stroke-of-genius.com, 1
+le-tempo.com, 1
+le-therapeute.com, 1
+le-traiteur-parisien.fr, 0
+le-upfitter.com, 1
+le-vario.net, 1
+le0n.ddns.net, 1
+le0yn.ml, 1
+le130rb.com, 1
+le20dinant.be, 1
+le42mars.fr, 1
+lea.pet, 0
+lead2022.academy, 1
+leadbook.ru, 1
+leadbox.cz, 1
+leadcricket.com, 1
+leadercreative.ga, 1
+leaderfreight.tk, 1
+leadergamer.com.tr, 1
+leaderinnetflow.com, 1
+leaderoftheresistance.com, 0
+leaderoftheresistance.net, 0
+leadersaudit.ga, 1
+leadership-insight.nz, 1
+leadgem.co.uk, 1
+leadgenie.me, 1
+leadinforce.com, 0
+leadmusic.nl, 1
+leadnxt.co.in, 1
+leadnxt.com, 1
+leadonvale-stemcell.co.uk, 1
+leadplan.ru, 0
+leadplus.com.au, 1
+leadplusdev.com.au, 1
+leadquest.nl, 1
+leadsformoney.tk, 1
+leadsonline.com, 1
+leadvales.com, 1
+leaf-nail.com, 1
+leafandseed.co.uk, 1
+leafans.tk, 0
+leafbodhi.com, 1
+leafinote.com, 1
+leafinote.net, 1
+leafland.co.nz, 1
+leafletdistributionmanchester.com, 1
+leafos.org, 1
+leaftracker.org, 1
+leaguecitytexas.gov, 1
+leak.media, 1
+leakbrasil.tk, 1
+leakcontroltherapy.com, 1
+leakeandersson.com, 1
+leakedbabes.tv, 1
+leakedminecraft.net, 1
+leakfix.nl, 1
+leaknet.tk, 1
+leales.org, 1
+lealove.net, 1
+lealuestern.com, 1
+lean-consulting.cf, 1
+leandoo.com, 1
+leandre.cn, 1
+leandrebergeron.com, 1
+leandri-campana-avocat.fr, 1
+leandromarcolino.tk, 1
+leandromoreno.co, 1
+leanheat.fi, 1
+leanovent.cloud, 1
+leanovent.de, 1
+leanrtech.com, 1
+leansixsigmadefinition.com, 1
+leaodarodesia.com.br, 1
+leap-it.be, 0
+leap-mission.com, 1
+leapandjump.co.uk, 1
+leapday.us, 1
+leapworks.io, 1
+leapxx.pro, 1
+lear.com.br, 1
+lear.com.ua, 1
+leardev.de, 1
+learn-everything.info, 1
+learn-freely.com, 1
+learn-smart.uk, 1
+learn-this.tk, 1
+learn2fly.training, 1
+learnapp.com, 1
+learnatf.gov, 1
+learnattack.de, 1
+learncoding.tk, 1
+learncrypto.live, 1
+learncrypto.show, 1
+learndoj.gov, 1
+learnedhacker.com, 1
+learnerdriving.com, 1
+learnforestry.com, 1
+learnhowtoplayguitar.tk, 1
+learning-id.com, 1
+learningaboutcarinsurance.com, 1
+learningis1.st, 1
+learningladderacademy.net, 1
+learninglaw.com, 1
+learningman.top, 1
+learningsolution.tk, 1
+learnjapanesedaily.com, 1
+learnk12.org, 1
+learnlux.com, 1
+learnosity.com, 1
+learnoutlive.com, 1
+learnpedestal.com, 1
+learnpianogreece.com, 1
+learnpine.com, 0
+learnplayground.com, 1
+learnpythonthehardway.org, 1
+learnsafe.com, 1
+learnspace.co.za, 1
+learntamil.tk, 1
+learnthetruth.tk, 1
+learntobeonline.com, 1
+learntofly.tk, 1
+learntosurfcaparica.com, 1
+learntosurflisbon.com, 1
+learntotradethemarket.com, 1
+learntube.cz, 0
+learnupon.com, 1
+learnwelsh.cymru, 1
+learnwithcorne.com, 1
+learso.com.ua, 1
+leasecar.uk, 1
+leaseit24.com, 1
+leaselink.pl, 1
+leasenow.tk, 1
+leaseourthings.com, 1
+leaseplanbank.de, 1
+leaseplanbank.nl, 1
+leasing.my, 1
+leasing.sos.pl, 1
+leasit.de, 1
+leastsignificantbit.de, 1
+leather-underwear.tk, 1
+leather.io, 1
+leathercollection.co.uk, 1
+leathercollection.de, 1
+leathercollection.es, 1
+leathercollection.fr, 1
+leatherfur.tk, 1
+leatherfurnitureexpo.com, 1
+leathergoods.tk, 1
+leathership.co, 1
+leathersofacleaning.co.uk, 1
+leatherstreet.tk, 1
+leatherwill.com.ua, 1
+leauda.fr, 1
+leavealink.tk, 1
+leavenworthcounty.gov, 1
+leaving.africa, 1
+lebabyfoot.fr, 1
+lebal.se, 1
+lebanesearmy.gov.lb, 1
+lebaneseastronomygroup.tk, 1
+lebanoncountypa.gov, 1
+lebanondodgewi.gov, 1
+lebanonfireoregon.gov, 1
+lebanonoregon.gov, 1
+lebarbatruc.com, 1
+lebarmode.fr, 1
+lebarmy.gov.lb, 1
+lebeachvillage.com, 1
+lebedovskiy.tk, 1
+leben-pflegen.ch, 1
+lebendige-heilkunst.de, 1
+lebenpflegen-march.ch, 1
+lebenpflegen.ch, 1
+lebens-fluss.at, 1
+lebenshilfe-hannover.de, 1
+lebensinselparaguay.tk, 1
+lebensmittelwarnung.de, 1
+lebesis.tk, 1
+lebihan.pl, 1
+lebkuchen-schmidt.com, 1
+leblanc.io, 0
+leblancq.ca, 1
+leblob.fr, 1
+lebonheurdesgens.com, 1
+lebourgeo.is, 1
+lebozec.org, 1
+lebureau.tk, 1
+lebuys.ca, 1
+lebv.org, 1
+lecandide.info, 1
+lecannabis.at, 1
+lecannabiste.com, 1
+lecannabiste.fr, 1
+lecatal.ca, 1
+leccamilafi.ga, 1
+lecceprima.it, 1
+lecciculturadelvino.it, 1
+leccotoday.it, 1
+lecercleguimard.fr, 1
+lechateaurestaurant.com, 1
+lechaudrondupertuis.ch, 1
+lecheng.in, 1
+lecheng2.com, 1
+lecheng3.com, 1
+lecheng5288.com, 1
+lecheng7.com, 1
+lecheng88.com, 1
+lecheng88.net, 0
+lechenietravami.cf, 1
+lechim-prosto.ru, 1
+lechite.ga, 1
+lechocolatier.com, 1
+lechompenchaine.fr, 1
+lechrismaran.com, 1
+lecken.tk, 1
+leclaire.com.br, 1
+lecoinchocolat.com, 1
+lecoindufeuhabitat.com, 1
+leconnecteur-biarritz.fr, 1
+lecourriercauchois.fr, 1
+lecrayondemarz.com, 0
+lecreative.tk, 1
+lecteurs.com, 0
+lectormanga.top, 1
+lecturaweb.tk, 1
+lecul.site, 1
+led-sk.ru, 1
+led.xyz, 0
+ledburyvets.co.uk, 1
+leddeluxe.ml, 1
+leddingplasticsurgery.com, 1
+ledebergleeft.be, 1
+ledecologie.com.br, 1
+ledeguisement.com, 1
+ledensite.com, 1
+lederjackekaufen.tk, 1
+ledgerscope.net, 0
+ledigajobb.se, 1
+ledlampor365.se, 1
+ledlight.com, 1
+lednavi.de, 1
+ledpartyfloors.com, 1
+ledscontato.com.br, 1
+ledshop.mx, 1
+ledspadova.eu, 1
+leducq.eu, 1
+leducq.name, 1
+leduquwiki.cf, 1
+ledvalgustid.ee, 1
+ledwit.ru, 1
+lee.in, 1
+lee.net, 1
+leeaaronsrealestate.com, 1
+leebiblestudycenter.co.uk, 1
+leebiblestudycenter.com, 1
+leebiblestudycentre.com, 1
+leebiblestudycentre.net, 1
+leebiblestudycentre.org, 1
+leebladon.com, 1
+leebruce.tk, 1
+leech.ga, 1
+leech.tk, 1
+leeclemens.net, 0
+leecountyfl.gov, 1
+leecountyil.gov, 1
+leecountync.gov, 1
+leedsmoneyman.com, 1
+leee.eu.org, 1
+leefbaargijzegem.be, 1
+leefbaarkrimpen.nl, 0
+leefgratis.tk, 1
+leefindlow.com, 1
+leefjongeren.nl, 1
+leefl.gov, 1
+leekimball.com, 1
+leekspin.ml, 1
+leekspin.tk, 1
+leelanautownshipmi.gov, 1
+leelaylay.com, 1
+leelou.wedding, 1
+leeman.nl, 1
+leen.io, 0
+leena.ai, 1
+leenaluhtanen.net, 1
+leendebroekertfonds.nl, 1
+leere.me, 1
+leerkotte.eu, 1
+leerliga.de, 1
+leerob.io, 1
+leerox.co, 1
+leertipp.de, 1
+leeryan.tk, 1
+leesilvey.com, 0
+leet2.com, 1
+leetbunny.tk, 1
+leetcode.com, 1
+leetcode.net, 1
+leetizia.net, 1
+leetsuliangkkproduction.tk, 1
+leevealdc.com, 1
+leeyoungaeph.tk, 1
+lefaivre-ferry.ca, 1
+lefarsankids.com.br, 1
+lefcoaching.nl, 1
+lefebvristes.com, 1
+lefebvristes.fr, 1
+lefevre-ec.fr, 1
+lefichier.net, 1
+lefilradio.fr, 1
+leflorecountyok.gov, 1
+leflox.cf, 1
+lefonddeloeil.com, 0
+lefreka.fr, 1
+left-baggage.co.uk, 1
+left.it, 1
+leftbrainsolutions.com.au, 1
+leftclick.cloud, 1
+leftcoasthauling.com, 1
+lefthandwater.gov, 1
+leftronic.com, 1
+lefucine.com, 1
+lega-dental.com, 1
+legacktem.com, 1
+legacy.bank, 1
+legacydriving.co.za, 1
+legacyfarmstx.com, 1
+legacygame.ga, 1
+legacygame.gq, 1
+legacyofkain.tk, 1
+legacysoft.ml, 1
+legacyumc.org, 1
+legadental.com, 1
+legadosindumentaria.com.ar, 1
+legaillart.fr, 1
+legal-aid.tk, 1
+legal-eye.co.uk, 1
+legalagenda.ga, 1
+legalanchor.ga, 1
+legalatlanta.com, 1
+legalatlantic.ga, 1
+legalband.club, 1
+legalbeagles.info, 1
+legalbeast.ga, 1
+legalbetcanada.com, 1
+legalcalculator.ga, 1
+legalcanal.ga, 1
+legalcellar.ga, 1
+legalcircus.ga, 1
+legalclearance.ga, 1
+legalco.tk, 1
+legalcollector.ga, 1
+legalconnect.com, 1
+legalconstruct.ga, 1
+legalcorner.com, 1
+legalcorporation.ga, 1
+legalcrunch.ga, 1
+legalcrystal.ga, 1
+legalcustom.ga, 1
+legaldelta.ga, 1
+legaldish.ga, 1
+legaldodge.ga, 1
+legalebony.ga, 1
+legalecasinosnederland.nl, 1
+legalepic.ga, 1
+legaleus.co.uk, 1
+legalfalcon.ga, 1
+legalfighter.ga, 1
+legalflavor.ga, 1
+legalglamour.ga, 1
+legalglory.ga, 1
+legalgoddess.ga, 1
+legalgrace.ga, 1
+legalhandy.ga, 1
+legalhotrod.ga, 1
+legalhusky.ga, 1
+legalintergrity.ga, 1
+legalis.pl, 1
+legalisierung.tk, 1
+legalit.es, 1
+legaliz.ml, 1
+legalizeit.tk, 1
+legaljewel.ga, 1
+legaljobs.io, 1
+legaljoker.ga, 1
+legalloco.ga, 1
+legallowprice.ga, 1
+legalmatche.ga, 1
+legalmillions.ga, 1
+legalnations.ga, 1
+legalne-kasyna.com, 1
+legalnews.cf, 1
+legalnews.ml, 1
+legalnorthamerican.ga, 1
+legaloriginal.ga, 1
+legalphase.ga, 1
+legalpicker.ga, 1
+legalpickup.ga, 1
+legalplace.fr, 1
+legalplatinum.ga, 1
+legalpremier.ga, 1
+legalprestige.ga, 1
+legalpro.tk, 1
+legalpronto.ga, 1
+legalrapid.ga, 1
+legalrazor.ga, 1
+legalremarkable.ga, 1
+legalrobot-uat.com, 1
+legalrobot.com, 1
+legalrule.ga, 1
+legalsample.ga, 1
+legalsearch.nl, 1
+legalservicespanel.gov.au, 1
+legalsoldier.ga, 1
+legalsouthbeach.ga, 1
+legalsrit.tk, 1
+legalsustain.ga, 1
+legalthunder.ga, 1
+legaltings.com, 1
+legaltip.eu, 1
+legaltity.com, 1
+legaltreasure.ga, 1
+legalunique.ga, 1
+legalverde.ga, 1
+legalwaterfront.ga, 1
+legalyankee.ga, 1
+legamedamore.net, 1
+legato.marketing, 1
+legatofmrc.fr, 1
+legatrace.com, 1
+legba.in, 1
+legeaz.net, 1
+legen.sk, 1
+legend-of-pirates.tk, 1
+legendblogers.ga, 1
+legendblogest.ga, 1
+legendesdechine.ch, 0
+legendgrafix.tk, 1
+legendofkrystal.com, 1
+legendofmi.com, 1
+legends-game.ru, 0
+legendtourism.com, 1
+legendwiki.com, 1
+legentic.com, 1
+leger-voertuigen.tk, 1
+leggyeggy.ga, 1
+legible.es, 1
+legilimens.de, 1
+legiofte.com, 1
+legioiedifrancy.com, 1
+legion.ge, 1
+legionisci.com, 1
+legioniv.org, 1
+legions.tk, 1
+legionwood.tk, 1
+legiscontabilidade.com.br, 1
+legislationupdateservice.co.uk, 1
+legit.nz, 1
+legitedelaguiole.com, 1
+legitedeprecy.com, 1
+legkie-recepty.tk, 1
+legko-pohudet.cf, 1
+legko-pohudet.ml, 1
+legko-pohudet.tk, 1
+legna.roma.it, 1
+legnami24.it, 1
+legoktm.com, 1
+legoutcheznous.com, 1
+legoutdesplantes.be, 1
+legow.tk, 1
+legowerewolf.net, 1
+legrand-ia.gov, 1
+legrandvtc.fr, 1
+legro.tk, 1
+legrub.net, 1
+legtech.lu, 1
+legterm.cz, 1
+leguano-barfusspark.eu, 1
+legyenkianegykereked.hu, 1
+lehifibernetwork.gov, 1
+lehighcountypa.gov, 1
+lehighvalleypeds.com, 1
+lehmanns.de, 1
+lehmitz-weinstuben.de, 1
+lehnc.ddns.net, 1
+lehnen.xyz, 1
+lehokolo.eu, 1
+lehollandaisvolant.net, 1
+lehrgang-zum-brandschutzhelfer.de, 1
+lehu.in, 1
+lehvyn.org, 0
+leia.cc, 1
+leibniz-gymnasium-altdorf.de, 1
+leibniz-trifft.de, 1
+leibniztrifft.de, 1
+leicabiosystems.com, 1
+leicester.bike, 1
+leicesterastronomicalsociety.co.uk, 1
+leicestervt.gov, 1
+leidegoncalves.com, 0
+leideninternationalreview.com, 1
+leier.ml, 1
+leighneithardt.com, 1
+leignier.org, 1
+leilaelu.com.br, 1
+leilakaleva.fi, 1
+leilautourdumon.de, 1
+leilonorte.com, 1
+leiming.co, 1
+leipzig.photo, 1
+leipziger-triathlon.de, 1
+leism.com, 1
+leism.de, 1
+leism.eu, 1
+leism.net, 1
+leism.org, 1
+leismail.com, 1
+leismann.sbs, 1
+leismann.tel, 1
+leismann.uk, 1
+leisure-blog.com, 1
+leisure-supplies-show.co.uk, 1
+leisure.cf, 1
+leisure.ga, 1
+leisure.tk, 1
+leisurecooker.co.uk, 1
+leisurecooker.ie, 1
+leisurevip.com, 1
+leit.kr, 1
+leiyinan.com, 1
+lejardindesmesanges.fr, 1
+lejlax.com, 1
+lejournaldublog.com, 1
+lekarkabajkopisarka.pl, 1
+lekarz-wizyty.pl, 1
+lekasedgar.com, 1
+lekitable.fr, 1
+lekkergoings.nl, 1
+leko.tk, 1
+lekota.co.uk, 1
+leksi.si, 1
+lektier.cf, 1
+lel.lol, 1
+leladesign.it, 1
+lelehei.com, 1
+leleimports.store, 1
+leliekerk.nl, 1
+leliveld.nl, 1
+leliveld.org, 1
+lellek.at, 1
+lellyboi.ml, 1
+lelo.com.pl, 1
+lelubre.info, 1
+lelulove.net, 1
+lelux.net, 1
+lelux.site, 1
+lem0n.eu.org, 1
+lemarcheelagrandeguerra.it, 1
+lemarquier.com, 1
+lemasdupalus.com, 1
+lemat.de, 1
+lemazol.fr, 1
+lemberg.ml, 1
+lemco.dk, 1
+lemedecin.fr, 1
+lemediajustice.fr, 1
+lemediateur-creditagricole-nord-est.com, 1
+lemefly.com, 1
+lemeridienchambers.com, 1
+lemgstudio.com, 1
+lemieuxproducts.com, 1
+leminhduong.com, 1
+lemitron.fr, 1
+lemitti.com, 1
+lemler.family, 1
+lemmamedia.com, 1
+lemmy.cafe, 1
+lemmy.name, 1
+lemmyfund.org, 1
+lemni.top, 1
+lemoine.at, 1
+lemonadefashion.com, 1
+lemonardo.ga, 1
+lemoncloud.eu.org, 1
+lemoniax.com, 1
+lemonpic.ga, 1
+lemonpool.com.tr, 1
+lemonrfx.com, 1
+lemonrockbiketours.com, 1
+lemonrotools.com, 1
+lemonsociety.cf, 1
+lemonsoftware.eu.org, 1
+lemontownshippa.gov, 1
+lemonwater.tk, 1
+lemr.fr, 1
+lemzarcapital.com, 0
+lena-klein.de, 1
+lena-klein.eu, 1
+lena-nitro.org, 1
+lenagroben.de, 1
+lenalio.fr, 1
+lenamorino.net, 1
+lenaneva.ru, 0
+lenardoips.tk, 1
+lenasophie.net, 1
+lence.net, 1
+lencia.ga, 1
+lenczewski.ddns.net, 1
+lendahandmissionteams.org, 1
+lendera.mx, 1
+lendingmate.ca, 1
+lendingpoint.com, 1
+lendinvest.com, 1
+lendme.com.au, 1
+lendme.dk, 1
+lenemes.tk, 1
+lenergietoutcompris.fr, 1
+lengby.com, 1
+lengoo.com, 1
+lengua-alemana.tk, 1
+lenguajecoloquial.com, 1
+lenguajecoloquial.es, 1
+lenguajedeprogramacion.com, 1
+lenguasgermanicas.tk, 1
+lengyelnyelvoktatas.hu, 1
+lengyelul.hu, 1
+lenhatthanh.com, 1
+lenhotec.pt, 1
+lenidh.de, 1
+lenifuchs.net, 1
+lenii.com, 1
+lenina72.tk, 1
+leninalbertop.com.ve, 1
+lenit.nl, 1
+lenkeran.tk, 1
+lenkunz.me, 1
+lenn-blaschke.com, 1
+lennard-indlekofer.de, 1
+lennard.tk, 1
+lennard0711.eu, 1
+lennartoldenburg.de, 1
+lennox.cf, 1
+lennoxsd.gov, 1
+lennusadam.eu, 1
+lennybruce.tk, 1
+lennyendewespen.tk, 1
+lennyobez.be, 1
+lennyrodriguez.com, 1
+lenoblpech.ru, 1
+lenoirnc.gov, 1
+lenord.fr, 1
+lenorefan.tk, 1
+lenostech.gr, 1
+lenou.nl, 1
+lenovovietnam.net, 1
+lenqiue.com, 0
+lenr-experiment.tk, 1
+lenr-forum.com, 1
+lens.google.com, 1
+lenseshop.tk, 1
+lenspirations.com, 1
+lenstamiri.com, 1
+lenstore.co.uk, 1
+lensual.space, 0
+lenta-ru.tk, 1
+lentanews.ml, 1
+lentesbrasil.com, 1
+lents.xyz, 1
+lentusaudio.nl, 1
+lenuagebauche.org, 1
+lenumerozero.info, 1
+lenyip.com, 1
+lenyip.works, 1
+leo-boutique.fr, 1
+leo-music.tk, 1
+leo-translate.com.ua, 1
+leo.gov, 1
+leoandpeto.com, 1
+leob.in, 0
+leoburnett.com, 1
+leocollo.com, 1
+leodraxler.at, 1
+leojweda.com, 1
+leokoo.com, 1
+leola.cz, 1
+leola.sk, 1
+leolabs.space, 1
+leolawi.gov, 1
+leomarcou.fr, 1
+leomax.ru, 1
+leominstercu.com, 0
+leomwilson.com, 0
+leon-16255.space, 1
+leon-tec.co.jp, 1
+leon-tech.com, 1
+leon.wtf, 1
+leonard.io, 0
+leonardaccessories.com, 1
+leonardcamacho.me, 1
+leonardcyber.com, 0
+leonardlorenz.de, 1
+leonardocontreras.com, 1
+leonardocremonesi.it, 1
+leonardoealessandra.com, 1
+leonardofavio.tk, 1
+leonardoferrera.com, 1
+leonardoneiva.com.br, 1
+leonardostart.tk, 1
+leonardtheologicalcollege.com, 1
+leonauto.de, 1
+leonbania.com, 1
+leonbuitendam.nl, 1
+leoncss.ml, 1
+leongalin.tk, 1
+leonhooijer.nl, 0
+leonidas-dovido.tk, 1
+leoniepur-porn.com, 1
+leonieroessler.com, 1
+leonklingele.de, 1
+leonpa.gov, 1
+leonplast.tk, 1
+leontiekoetter.de, 1
+leontworzy.pl, 1
+leontyev.tk, 1
+leonvermunt.com, 1
+leonvermunt.nl, 1
+leonvotes.gov, 1
+leonyork.com, 1
+leopardstudio.tk, 1
+leoseguin.fr, 1
+leoservicosetc.com.br, 1
+leoservicosetc.email, 1
+leoservicosetc.live, 1
+leoservicosetc.online, 1
+leoservicosetc.rio.br, 1
+leoservicosetc.store, 1
+leoservicosetc.world, 1
+leosopenmind.com, 1
+leosty.com, 1
+leovanna.co.uk, 1
+leowkahman.com, 1
+lep.gov, 1
+lepalierjuridique.com, 1
+lepallec.tv, 1
+lepartiecomemoracoes.com.br, 1
+lepat.es, 1
+lepblog.tk, 1
+lepenis.fr, 0
+leper.ga, 1
+lepetitendroit.fr, 1
+lepetitkids.com.br, 1
+lephilnet.tk, 1
+lepidum.jp, 1
+leping.com, 1
+lepka.tk, 1
+lepkov.ru, 1
+leplus.net, 1
+leplus.org, 1
+leporem.com.br, 1
+leportschools.com, 1
+leppis-it.de, 1
+lepraconsf.com, 1
+leprekon.tk, 1
+lepressoir-info.org, 1
+leps.fr, 1
+lepsos.com, 0
+leptotrichia.tk, 1
+lepuyenvelay-tourisme.fr, 1
+lequerceagriturismo.com, 1
+lequest.dk, 1
+lequocthai.com, 1
+ler3.com, 1
+lerameau.fr, 1
+lerefuge.xyz, 1
+lerika.tk, 1
+lerks.blog, 1
+lerku.com, 1
+lernenamsee.ch, 1
+lernerspersonalinjury.ca, 0
+lernorteuropa.com, 1
+lernorteuropa.de, 1
+lernorteuropa.eu, 1
+lernpfad.ch, 1
+leros.bg, 1
+leroytwp-calhounmi.gov, 1
+lerryn.net, 1
+lertsiritravel.net, 1
+les-aides.fr, 1
+les-ateliers-de-melineo.be, 0
+les-epris.fr, 1
+les-explos.com, 1
+les-formations.fr, 1
+les-inoxydables.com, 1
+les-pipelettes-de-narbonne.com, 1
+les-pros-du-drone.com, 1
+lesa-kiev.biz.ua, 1
+lesa.biz.ua, 1
+lesa.boutique, 1
+lesacredescouleurs.fr, 1
+lesalpinistes.com, 1
+lesamisdelaroumanie.com, 1
+lesamoureuxdangelique.ovh, 1
+lesargentinas.tk, 1
+lesartisanes.fr, 1
+lesas.tk, 1
+lesbea.com, 1
+lesbi-porno-video.ru, 1
+lesbianlovers.tk, 1
+lesbicas.com.pt, 1
+lesblogueuses.fr, 1
+lesbonzoms.alwaysdata.net, 1
+lesborgestv.cat, 1
+lesbrillantsdaristide.com, 1
+lescarnetsderoutedesophie.com, 1
+leschamoisduvercors.fr, 1
+lescommunes.com, 1
+lescomptoirsdepierrot.com, 1
+lesconcours.tk, 1
+lescoquetteriesdenais.fr, 1
+lescouturesdisa.fr, 1
+lescrieursduweb.com, 1
+lesdeuxfilles.be, 1
+lesdouceursdeliyana.com, 1
+leseditionsbraquage.com, 1
+lesershop24.de, 1
+lesformations.net, 0
+lesfouines.com, 1
+lesgarianes.com, 1
+lesgitesdusapey.fr, 0
+lesgoodnews.fr, 1
+leshok.tk, 1
+leshop.ch, 1
+lesin.tk, 1
+lesitederencontre.fr, 1
+lesjardinsdemathieu.net, 0
+leskei.ru, 1
+leskompi.com, 1
+leslhassadeluminia.fr, 1
+leslie.horse, 1
+lesmamy.ch, 0
+lesmatinesdheres.fr, 1
+lesmills-redirect-test.azurewebsites.net, 1
+lesmontagne.net, 1
+lesnet.co.uk, 1
+lesnoticiesdensergialarcon.site, 1
+lesours.in, 1
+lesparqueteurs.xyz, 1
+lespatriotes.tk, 1
+lespecialiste-pradelexcellence.com, 1
+lesperlesdunet.tk, 1
+lespinasse.org, 1
+lesplatanes.ch, 0
+lesportmusic.tk, 1
+lesprofsplacotent.com, 1
+lesptitspasdelyne.fr, 1
+lesptitstutos.fr, 1
+lesquatredauphins.fr, 0
+lesrivesdegaronne.com, 1
+lessavonnables.fr, 1
+lesschwab-privacyportal-ui.azurewebsites.net, 1
+lessets-graphiques.com, 1
+lessiamia.net, 1
+lessing.consulting, 1
+lessis.moe, 1
+lessonsofacto.com, 1
+lesspass.com, 1
+lestanzedelgattopardo.it, 1
+lesterchan.net, 1
+lesterrassesdusoleil.ch, 0
+lestravauxduparticulier.fr, 1
+lestrokeofgenius.com, 1
+lestudiopecot.fr, 1
+lesummeira.is, 1
+lesvertsmaroc.tk, 1
+lesy.eu, 1
+lesycr.cz, 1
+lesyndicat.info, 0
+leszonderstress.nl, 1
+letableaunoir.fr, 1
+letaman.tk, 1
+letao18.com, 0
+letchikleha.tk, 1
+letdownloads.tk, 1
+leteckedarky.cz, 1
+letemps.ch, 1
+letempsdujasmin.fr, 1
+leter.io, 0
+leterroirdesvignobles.fr, 1
+letgodbetrue.com, 1
+lethalgaming.tk, 1
+lethalhardcore.com, 1
+lethosdesigns.co.uk, 1
+lethosdesigns.com, 1
+leticia.com.tw, 1
+leticia.ml, 1
+letiloulous.fr, 1
+letipweb.tk, 1
+letitfleet.io, 1
+letitfly.me, 1
+letiziamx.com, 0
+letmdesigncommercial.com, 1
+letmebet.de, 1
+letmepost.com, 1
+letnik.tk, 1
+leto12.xyz, 0
+letocar.com, 1
+letopise.com, 1
+letote.com, 0
+letraba.com, 1
+letranif.net, 1
+letras.com, 1
+letras.mus.br, 1
+letras10.co, 1
+letraschile.com, 1
+lets-go-acoustic.de, 0
+lets.nu, 0
+letsbrand-holding.com, 1
+letsbrand-holding.nl, 1
+letsbrandholding.com, 1
+letsbrandholding.nl, 1
+letscahoot.net, 1
+letscrackit.ml, 1
+letsdebug.net, 1
+letsdevelop.com.br, 1
+letsdocode.com, 1
+letsdoeit.com, 1
+letsdothatagain.gq, 1
+letsdothatagain.ml, 1
+letsdothatagain.tk, 1
+letselhulpservice.nl, 1
+letsencrypt-for-cpanel.com, 1
+letsflyinto.space, 1
+letsgame.nl, 1
+letsgetintouch.com, 1
+letsgo.icu, 1
+letsgomaldives.com, 1
+letsgowhilewereyoung.com, 1
+letsknow.ga, 1
+letsknow.tk, 1
+letsmakeiteasy.tech, 1
+letson.me, 1
+letsorganise.uk, 1
+letspartyrugby.co.uk, 1
+letsplayourgameagain.gq, 1
+letsrave.tk, 1
+letstalk.video, 1
+letstryanal.com, 1
+lette.tk, 1
+letterbox-online.de, 1
+letterrill.gq, 1
+lettersblogatory.com, 1
+lettings101.org, 0
+letto.ru, 1
+lettori.club, 1
+lettragetattoo.tk, 1
+lettrefrancophile.ga, 1
+lettres-motivation.net, 1
+lettucegeek.com, 1
+letturaveloce.tk, 1
+letusdothehomework.com, 1
+letustravel.tk, 1
+letvikar.dk, 1
+letweedoo.com, 1
+letyro.pl, 1
+letzi-immobilien.ch, 1
+leuchtmann.ch, 1
+leucothea.org, 1
+leuenhagen.com, 1
+leukert.org, 1
+leulu.com, 1
+leusemiamusic.tk, 1
+leuthardtfamily.com, 1
+leutransporteur.com, 1
+leuvensefilmclub.tk, 1
+lev103.com, 1
+levabilligt.com, 1
+levans.fr, 0
+levantage.tk, 1
+levante.net.nz, 1
+levaomat.com, 1
+levaquin750.ga, 1
+levati.name, 1
+level33.com.sg, 1
+level37.tk, 1
+level4.parts, 1
+level5-drywall.com, 1
+level6.me, 1
+levelaccordingly.com, 1
+levelninehvac.com, 1
+levelrankings.com, 1
+levels.one, 1
+levelsoft.ml, 1
+levelum.com, 1
+levelupdisability.com.au, 1
+leveluplv.com, 1
+leveluprankings.com, 1
+levelx.team, 1
+levendwater.org, 1
+levensbron.nl, 1
+leventismotors.com.ng, 1
+leverj.io, 1
+levermann.eu, 1
+leviaan.nl, 1
+leviathan-studio.com, 1
+leviathanfan.tk, 1
+leviathanstory.tk, 1
+levico.tk, 1
+levida.ca, 1
+levidromelist.com, 1
+levineteamestates.com, 1
+levinus.de, 1
+levis.fun, 1
+levis.name, 1
+levischuck.com, 1
+levisenlaw.com, 1
+levitate.ro, 0
+levitatingx.com, 1
+levitation.tk, 1
+levlagom.com, 1
+levna-knihovna.cz, 1
+levolor.com, 1
+levonet.sk, 1
+levothyroxineonline.gq, 1
+levs.tk, 1
+levy.org, 1
+levyinstitute.com, 1
+levyinstitute.net, 1
+levyinstitute.org, 1
+levymultiplier.com, 1
+levymultiplier.org, 1
+levyntgard.tk, 1
+lew.im, 1
+lewdawson.com, 0
+lewdgamer.com, 1
+leweslivingstreets.tk, 1
+lewiatan.opole.pl, 1
+lewis-sharp.com, 1
+lewiscollard.com, 1
+lewiscountyny.gov, 1
+lewiscountytn.gov, 1
+lewisdatasecurity.com, 0
+lewisjuggins.co.uk, 1
+lewismcyoutube.uk, 1
+lewistonutah.gov, 1
+lewt.me, 1
+lex-legal.com.ua, 1
+lex18.com, 1
+lexapro-price.ga, 1
+lexautoservice.nl, 1
+lexblogplatform.com, 1
+lexblogplatformthree.com, 1
+lexch.com, 1
+lexdavicont.ro, 1
+lexdigital.pl, 1
+lexe.club, 1
+lexeri.com, 1
+lexgo.be, 1
+lexgo.lu, 1
+lexic.co, 1
+lexico.pt, 1
+lexicography.online, 1
+lexicore.ga, 1
+lexifax.ga, 1
+lexikon24.tk, 1
+lexington-credit-repair.com, 1
+lexingtonil.gov, 1
+lexingtonok.gov, 1
+lexinter.net, 1
+lexiprof.com, 1
+lexis.ml, 1
+lexitthemovie.tk, 1
+lexjunkie.xyz, 1
+lexmedia.ro, 1
+lexmondcommunications.com, 1
+lexpartsofac.com, 1
+lexpert.ca, 1
+lexreception.com, 1
+lexsc.gov, 1
+lexum.com, 1
+lexuspartsnow.com, 1
+lexvademecum.com, 1
+lexway.pk, 1
+leyaonline.com, 1
+leybelsgarden.cf, 1
+leyendaluzrenacer.com, 1
+leyeslaboralesdecolorado.gov, 1
+leyfutmex.com, 1
+leylalips.org, 1
+leymaritima.com, 1
+leytron.tk, 1
+lez.gent, 1
+lez2020.be, 1
+lez2020.gent, 1
+lezbomovies.com, 1
+lezdomsm.com, 1
+lezen.tk, 1
+lezgetreal.com, 1
+lezhang.top, 1
+leziblog.cn, 1
+lezwatchtv.com, 0
+lezzetyurdu.com.tr, 1
+lf-space.com, 1
+lfashion.eu, 1
+lfc.com.pl, 1
+lfcnsv.de, 1
+lff.club, 1
+lffweb.ga, 1
+lfg.com.ph, 1
+lfgss.com, 1
+lfi-mv.de, 0
+lfmosqueira.com.br, 1
+lfn.moe, 1
+lfnaturopathie.com, 1
+lforum.tk, 1
+lfrconseil.com, 1
+lfyhokk.tk, 1
+lg-obchod.cz, 1
+lg-store.sk, 1
+lg-world.cz, 1
+lg.gz.cn, 1
+lg0.site, 1
+lg2.com, 1
+lgam.com, 1
+lgbt-colleges.com, 1
+lgbt.io, 1
+lgbt.ventures, 1
+lgbtqtherapyspace.com, 1
+lgbtventures.com, 1
+lgbusiness.es, 0
+lgelectric.cz, 1
+lgelectric.eu, 1
+lgerman.de, 1
+lgesteticaautomotiva.com.br, 1
+lghfinancialstrategy.ch, 0
+lgiswa.com.au, 1
+lgmars.xyz, 1
+lgmotors.cz, 1
+lgnsh.fr, 1
+lgobchod.cz, 1
+lgp.go.th, 1
+lgrs.com.au, 1
+lgscripts.com.br, 1
+lgsg.us, 1
+lgstore.cz, 1
+lgstore.sk, 1
+lgsystem.cz, 1
+lgsystems.cz, 1
+lgv-france.com, 1
+lgworld.cz, 1
+lhajn.cz, 1
+lhakustik.se, 1
+lhasaapso.com.br, 1
+lhconsult.tk, 0
+lheinrich.org, 1
+lhffinanceira.online, 1
+lhm.de, 1
+lhokseumawekota.go.id, 1
+lhost.su, 1
+lhp-creation.com, 1
+lhp-creation.fr, 1
+lhr.wiki, 1
+lhsj28.com, 1
+lhsj68.com, 1
+lhsj78.com, 1
+lhv.nl, 1
+li-de.tk, 1
+li-ke.co.jp, 1
+li-n.net, 1
+li-project.com, 1
+li.fi, 1
+li.gz.cn, 1
+li.search.yahoo.com, 0
+li1436-89.members.linode.com, 1
+li985.com, 0
+lia-fox.org, 1
+liaengel.com, 1
+liaiai.com, 1
+lialash.pro, 1
+lialeone.org, 1
+lialion.de, 1
+liam-is-a-nig.ga, 1
+liam-le-may.fr, 1
+liam-w.io, 1
+liam.ovh, 1
+liambaron.com, 1
+liamelliott.me, 1
+liamlin.me, 1
+lian-in.net, 1
+liana.site, 1
+lianand.com, 1
+liangbi.ml, 1
+liange.com, 1
+liangfaner.com, 1
+lianglongcredit.com, 1
+liangxingai.com, 1
+liangyichen.net, 1
+lianhe.art, 1
+lianid.com, 1
+lianka.eu, 1
+lianka.pl, 1
+lianka.uk, 1
+lianwen.kim, 1
+lianxin.com, 1
+liaozheqi.cn, 1
+liar.wiki, 1
+lib.pm, 1
+lib.rs, 1
+lib64.net, 1
+libanswers.com, 1
+libanswers.net, 1
+libapps.com, 0
+libapps.net, 1
+libart.so, 1
+libauth.com, 1
+libbitcoin.org, 1
+libble.eu, 1
+libcal.com, 1
+libcal.net, 1
+libchat.com, 1
+libchat.net, 1
+libcip.org, 1
+libcmodbus.org, 1
+libconnect.com, 1
+libconnect.net, 1
+libcrc.org, 1
+libcrm.com, 1
+libcrm.net, 1
+libelle.nl, 1
+libellezomerweekexposanten.nl, 1
+libelulaweb.tk, 1
+liberad.fr, 1
+liberal.ru, 1
+liberalartsedu.org, 1
+liberale-demokraten.de, 1
+liberalis.tk, 1
+liberapay.com, 1
+liberategrace.com, 1
+liberation2020.com, 1
+liberationgroup.com, 1
+liberationtek.com, 0
+liberatupotencial.site, 1
+liberda.nl, 1
+liberdademg.com.br, 1
+liberecstehovani.cz, 1
+libermoto.fr, 1
+liberta-me.org, 1
+libertacao.tk, 1
+libertadgreen.tk, 1
+libertarian-party.com, 1
+libertas-tech.com, 1
+libertas.co.jp, 1
+liberte-toujours.tk, 1
+libertino.tk, 1
+libertis.ga, 1
+liberty-city.tk, 1
+liberty-host.tk, 1
+liberty-med.ru, 1
+liberty-univers.art, 1
+liberty-universe.art, 1
+liberty.co.uk, 1
+libertybaptistmn.org, 1
+libertycountyflsoe.gov, 1
+libertydentalplan.com, 1
+libertyga.tk, 1
+libertygrovewi.gov, 1
+libertyhillssewer.gov, 1
+libertylakewapd.gov, 1
+libertyland.tk, 1
+libertylasereye.com, 1
+libertylondon.com, 1
+libertyreversemortgage.com, 1
+libertystation.com, 1
+libertytereconoce.com, 1
+libertytwpadamspa.gov, 1
+libertyvault.us, 1
+libertywines.co.uk, 0
+libertywines.ie, 0
+libertyxpress.tk, 1
+libfins.org, 1
+libgame.com, 1
+libget.com, 1
+libgraphe.me, 1
+libguides.com, 0
+libguides.net, 1
+libhttp.org, 1
+libinsight.com, 1
+libinsight.net, 1
+libivis.com, 1
+liblogo.com, 1
+libmpq.org, 1
+libnull.com, 1
+libot.eu.org, 1
+libpdf.org, 1
+libportal.cf, 1
+libractes.tk, 1
+libraideos.tk, 1
+librairiez.ca, 1
+librairiez.com, 1
+librairiezbookstore.com, 1
+libramedia.ru, 1
+libranet.eu, 1
+libraries.vic.gov.au, 1
+librarika.com, 1
+librarium.tk, 1
+library-quest.com, 1
+library.nhs.uk, 1
+libraryh3lp.com, 1
+libraryofcode.org, 1
+libraryofcode.us, 1
+librarytapes.tk, 1
+librarytools.com, 1
+libravatar.org, 1
+librazy.org, 1
+libre-innovation.org, 1
+libre-service.de, 1
+libre.cr, 1
+libre.university, 1
+libreboot.org, 1
+librebox.de, 1
+libredns.eu, 1
+libreduca.com, 1
+libreexpresion.tk, 1
+libreho.st, 1
+librelamp.com, 1
+libremail.nl, 1
+librematrix.com, 1
+libremedia.video, 1
+librends.org, 1
+libreoffice.ee, 1
+libreofficefromcollabora.com, 1
+libreplanet.org, 1
+libreria-ouroboros.tk, 1
+libreriaelzocalo.cl, 1
+librervac.org, 1
+libresoft.ml, 1
+libressobooks.sk, 1
+libreview.ru, 1
+librisulibri.it, 1
+librosantimateria.com, 1
+librosdelasteroide.com, 1
+librosdescargas.club, 1
+librosgratisnet.tk, 1
+librosparareinventarse.es, 1
+libruis.com, 0
+libscpi.org, 1
+libskia.so, 1
+libslack.org, 1
+libsodium.org, 1
+libstaffer.com, 1
+libstaffer.net, 1
+libstick.org, 1
+libstock.si, 1
+libwizard.com, 1
+libwizard.net, 1
+libyanexpert.ml, 1
+lic39.ru, 1
+licence-registry.com, 1
+licencja-na-drona.pl, 1
+licencja-na-drony.pl, 1
+licensecrack.com, 1
+licensediscovery.io, 1
+licenseplates.cc, 1
+licenzacalcio.tk, 1
+liceoc9.tk, 1
+licesisters.com, 1
+licey369.ru, 1
+lichess.org, 1
+lichnyj-astrolog.cf, 1
+lichnyj-astrolog.ga, 1
+lichnyj-astrolog.gq, 1
+lichnyj-astrolog.ml, 1
+lichnyj-astrolog.tk, 1
+lichtbild.nrw, 1
+lichtbildfotos.de, 1
+lichtcam.ddns.net, 0
+lichtfestival.be, 1
+lichtfestival.gent, 1
+lichtfestivalgent.be, 1
+lichtfestivalgent.com, 1
+lichtfestivalgent.tv, 1
+lichtfestivalghent.be, 1
+lichtfestivalghent.com, 1
+lichtjesavondkoedijk.nl, 1
+lichtmetzger.de, 0
+lichtplatformnsvv.nl, 1
+lichtschatten.tk, 1
+lichtsturm.net, 1
+lichttechnik-tumler.com, 1
+lichtval.tk, 1
+licia-music.com, 1
+lickd.co, 1
+lickingcounty.gov, 1
+licloud.homeip.net, 1
+licoreseugenioavila.com, 1
+licx.ml, 1
+licx.ru, 1
+lida-vets.co.uk, 1
+lidarwindtechnolog.cf, 1
+lidarwindtechnolog.ga, 1
+lidaumba.com, 1
+lidavidm.me, 1
+lidel.org, 1
+lidernaturascarlettbados.com, 1
+liderok.tk, 1
+lidkoping.se, 1
+lidl-gewinnspiel.de, 1
+lidl-holidays.com, 1
+lidl-immobilien.de, 1
+lidl-kochen.de, 1
+lidl-shop.be, 1
+lidl-shop.cz, 1
+lidl-shop.nl, 1
+lidl-shop.sk, 1
+lidl-sklep.pl, 1
+lidl-stikeez.si, 1
+lidl-vins.fr, 1
+lidl.at, 1
+lidl.be, 1
+lidl.de, 1
+lidl.es, 1
+lidlonline.es, 1
+lidlovajogurteka.si, 1
+lidodecor.com, 1
+lidogr.com, 1
+lidong.me, 1
+lidosparesort.com, 1
+lidtkemotors.com, 1
+liduan.net, 0
+lieba.ch, 1
+liebel.org, 1
+lieben.tk, 1
+lieberwirth.biz, 1
+liecomiribea.cf, 1
+lied8.eu, 1
+liegveld.nl, 1
+liehuojun.com, 1
+liella.me, 1
+liemen.net, 1
+liena.be, 0
+liendar-silver.com, 1
+lienhuyghebaert.tk, 1
+lier.link, 1
+lier.tk, 1
+lieren4x4.nl, 1
+lierohell.tk, 1
+liesbethkeijzer.nl, 1
+lieuu.com, 0
+lifamily.xyz, 1
+lifanov.com, 1
+lifars.com, 0
+lifco-industrie.com, 1
+life-emotions.pt, 1
+life-experiment.com, 1
+life-in-hell.tk, 1
+life-is-riddle.tk, 1
+life-mastery-tv.com, 1
+life-style.tk, 1
+life-tec.tk, 1
+life-time.nl, 1
+life24korea.com, 1
+life29.com, 1
+life360.com, 1
+life4net.tk, 1
+lifeandhealthtips.tk, 1
+lifeandhowtosurviveit.com, 1
+lifeartstudios.net, 1
+lifeasgame.tk, 1
+lifeatthemax.graphics, 1
+lifeatthemax.marketing, 1
+lifeatthemax.us, 1
+lifebymargot.co.uk, 1
+lifecare.org, 1
+lifecism.com, 1
+lifecoach.tw, 1
+lifecoachkatrien.be, 1
+lifeconnections.ro, 1
+lifecraft.cf, 1
+lifedrops.com.au, 1
+lifefoto.de, 1
+lifegoesonsojustsmile.tk, 1
+lifehacker.com, 1
+lifeinheart.com, 1
+lifeinhellfansite.tk, 1
+lifeinhex.com, 1
+lifeinsurancepro.org, 1
+lifeintwentys.com, 1
+lifeisabug.com, 1
+lifeismmo.com, 1
+lifeispain.tk, 1
+lifeisqi.nl, 1
+lifekeycounsel.com, 1
+lifekirov.tk, 1
+lifekiss.ru, 1
+lifelessandcalm.com, 1
+lifelineanimal.org, 1
+lifelinespublishing.com, 1
+lifelinesupport.org, 1
+lifelinksystems.com, 1
+lifelock.ml, 1
+lifelovers.tk, 1
+lifemalayalam.com, 1
+lifematenutrition.com, 1
+lifemcserver.com, 1
+lifemstyle.com, 1
+lifenews24.tk, 1
+lifenexto.com, 1
+lifengoal.com, 1
+lifepathdoc.com, 1
+lifereset.it, 1
+lifesafety.com.br, 1
+lifesaverhindi.tk, 1
+lifesavvy.com, 1
+lifesavvymedia.com, 1
+lifeseatsers.ga, 1
+lifeseatsest.ga, 1
+lifeset.pp.ua, 1
+lifesettlements.com, 1
+lifeskills-education.co.uk, 0
+lifeslice.online, 1
+lifeslonglist.com, 1
+lifesoccer.tk, 1
+lifestorage.com, 0
+lifestyle.bg, 1
+lifestyle7788.com, 1
+lifestyledoctor.in, 1
+lifestylefoodies.com, 1
+lifestyler.me, 1
+lifestylexplocial.tk, 1
+lifetech.com.my, 1
+lifetimefitness.tk, 1
+lifetimemedsers.ga, 1
+lifetimemedsest.ga, 1
+lifetimetraining.co.uk, 1
+lifetoolscdc.com, 1
+lifetree.network, 1
+lifeupgame.fr, 1
+lifewithdyna.com, 1
+lifexpert.tk, 1
+lifi.digital, 1
+lifi.is, 1
+liftagacademy.com, 1
+liftedpixel.net, 1
+liftie.info, 1
+liftingchat.com, 1
+liftntake.com, 1
+liftyourgame.com, 1
+lig.ink, 0
+liga.ng, 1
+liga99.tk, 1
+ligacontrachetos.tk, 1
+ligadegamers.com, 1
+ligadelconsorcista.org, 1
+ligadosgames.com, 1
+ligare-fp.com, 1
+ligaro.nl, 1
+light-realty.com, 1
+light.law, 1
+light.mail.ru, 1
+lightandvideo.com, 1
+lightbearer.tk, 1
+lightbluelearning.com, 1
+lightbox.co, 1
+lightcp.com, 1
+lightcraftmc.tk, 1
+lightdark.xyz, 1
+lightfestivalghent.be, 1
+lightfestivalghent.com, 1
+lightfoot.co.uk, 1
+lighthouse-rbg.de, 1
+lighthouseglobal.com, 1
+lighthouseguild.org, 1
+lighthouseinstruments.com, 1
+lighthousepointfl.gov, 1
+lightingagoura.com, 1
+lightingagourahills.com, 1
+lightingcalabasas.com, 1
+lightingconejovalley.com, 1
+lightingdosvientos.com, 1
+lightinghiddenhills.com, 1
+lightinglakesherwood.com, 1
+lightingmalibu.com, 1
+lightingmoorpark.com, 1
+lightingnewburypark.com, 1
+lightingoakpark.com, 1
+lightingpacificpalisades.com, 1
+lightingsimivalley.com, 1
+lightingthousandoaks.com, 1
+lightingwestlakevillage.com, 1
+lightme.us, 1
+lightmere.com, 1
+lightning.com, 1
+lightning.community, 1
+lightning.engineering, 1
+lightningcollectors.com, 1
+lightningpatrolers.ga, 1
+lightningpatrolest.ga, 1
+lightningprotocol.finance, 1
+lightnings.tk, 1
+lightningseed.net, 1
+lightningwirelabs.com, 1
+lightoflifehomoeopathyclinic.com, 1
+lightography.com, 1
+lightonelectrical.com.au, 1
+lightpod.com.au, 1
+lightquantum.moe, 1
+lightrun.com, 1
+lights0123.com, 1
+lightscale.com, 1
+lightsfromspace.com, 0
+lightsheep.no, 0
+lightsouts.com, 1
+lightsoverlapland.com, 1
+lightsproject.com, 1
+lightstands.xyz, 1
+lighttp.com, 0
+lightupcollective.co.uk, 1
+lightweighthr.com, 1
+lightwitch.org, 0
+lightworks.tk, 1
+lightyear.no, 1
+ligiptv.tk, 1
+ligmadrive.com, 1
+ligneclaire.tk, 1
+lignemalin.com, 1
+lignite.com, 1
+lignoma.com, 1
+ligonier.com, 1
+ligustinus.tk, 1
+lihaoyu.cn, 1
+lihi-home.co.il, 1
+lihj.eu.org, 1
+lihj.me, 1
+lihuenjardin.com, 1
+liikluslab.ee, 1
+liisauusitaloarola.fi, 1
+liivimeretuulepark.ee, 1
+lijana.rs, 1
+lijero.co, 1
+liji.ru, 1
+lijie.org, 1
+lijstbob.nl, 1
+lijstje.be, 1
+lijstje.nl, 1
+likans.tk, 1
+like-boss.ga, 1
+like-rabota.tk, 1
+likeable.com, 1
+likeablehub.com, 1
+likeageek.tk, 1
+likeany.com, 1
+likebee.gr, 1
+likebot.ml, 1
+likecrabwalkslowly.ml, 1
+likedobrasil.com, 1
+likefast.tk, 1
+likefluence.com, 1
+likegeeks.com, 1
+likehifi.de, 1
+likemovies.de, 1
+likenewhearing.com.au, 1
+likenosis.com, 1
+likere.com, 1
+likesec.net, 1
+likesec.se, 1
+likesforinsta.com, 1
+likesolidaria.com.co, 1
+likestudio.com.ua, 1
+likewatercs.com, 1
+likhner.com, 1
+likme.tv, 1
+likui.me, 1
+lilai107.com, 1
+lilai116.com, 0
+lilai18.ph, 1
+lilai2211.com, 1
+lilai3366.com, 1
+lilai5566.com, 0
+lilai634.com, 1
+lilai6616.com, 1
+lilai6677.com, 1
+lilai6688.com, 0
+lilai777.com, 1
+lilai838.com, 1
+lilai8866.com, 0
+lilai9966.com, 1
+lilaplus.com.tr, 1
+lilawadee.tk, 1
+lile.cl, 1
+lilianejuchli.ch, 1
+liliang.moe, 1
+lilicloth.com, 1
+lilidarcek.sk, 0
+lilie.fr, 1
+lilievabien.fr, 1
+lilighazaryan.tk, 1
+lilimusic.tk, 1
+lilisg.tk, 1
+lilith-magic-molds.com, 1
+lilith-magic.com, 1
+lilithfund.org, 1
+lilithqueisser.de, 1
+lilium.com, 1
+liliwarrior.com, 1
+liliweb.tk, 1
+lillalisa.tk, 1
+lillaparken.se, 1
+lillbrothers.com, 1
+lille.ml, 1
+lillenordmann.no, 1
+lillieprivat.org, 1
+lilly-lil.net, 1
+lilly-lil.org, 1
+lillylove.net, 1
+lillywhitehotelgroup.com.au, 1
+lilola.de, 1
+lilou-sportswear.com, 1
+lilousportswear.com, 1
+lilpwny.com, 1
+lilstarry.com, 1
+liltv.media, 1
+lily-bearing.com, 0
+lily-inn.com, 1
+lily-luv.com, 1
+lily.flowers, 1
+lilyallenlife.ga, 1
+lilylasvegas.com, 1
+lilypadwikisecret.tk, 1
+lilysbouncycastles.com, 1
+lilyvet.com, 1
+lim-light.com, 1
+lim.gr, 1
+limanhaber.net, 1
+limaohio.gov, 1
+limap.ch, 1
+limatolavvocati.it, 1
+limatownshipmi.gov, 1
+limawi.io, 1
+limbaido.tk, 1
+limberg.me, 1
+limbo-online.tk, 1
+limbra.tk, 1
+limburg.nl, 1
+limc.me, 1
+lime-host.cf, 1
+lime-host.tk, 1
+limechain.tech, 1
+limecho.net, 1
+limehost.com, 1
+limehotel.tk, 1
+limelightnashville.cf, 1
+limelightnashville.ga, 1
+limelightnashville.gq, 1
+limenaria-beach.tk, 1
+limenotlemon.com, 1
+limepot.xyz, 1
+limescapes.com.au, 1
+limesparrow.cf, 1
+limestart.cn, 1
+limestonecleaningchicago.com, 1
+limestonemechanical.ca, 1
+limetee.cz, 1
+limetorrent.gq, 1
+limetw.eu.org, 1
+limewtea.com, 0
+limingtonmaine.gov, 1
+limitbreak.com, 1
+limitdropers.ga, 1
+limitdropest.ga, 1
+limitededitioncomputers.com, 1
+limitededitionsolutions.com, 1
+limitlex.com, 1
+limitshareers.ga, 1
+limitshareest.ga, 1
+limiturls.ga, 1
+limnt.cn, 1
+limo.pl, 0
+limo.sh, 1
+limoairporttoronto.net, 1
+limoforsale.com, 1
+limoshka.ru, 1
+limousine.milano.it, 1
+limousineservicezurich.com, 0
+limouzines.cf, 1
+limouzy-combi.com, 1
+limpiadordeporos.online, 1
+limpid.nl, 1
+limsia.co, 1
+limsia.com, 1
+limstash.com, 1
+limules.ch, 0
+limx.win, 1
+lin.fi, 1
+linafernandez.com.co, 1
+linaklein.de, 1
+linalove.net, 1
+linalynn.com, 1
+linamila.net, 1
+linan.info, 1
+linan.site, 1
+linaproclinic.com, 1
+linawinter.com, 1
+linawinter.net, 1
+lincasonline.tk, 1
+lincdavis.com, 1
+lince-bonares.tk, 1
+lincolnadamscountywi.gov, 1
+lincolnbrokerage.com, 1
+lincolncountyga.gov, 1
+lincolncountyid.gov, 1
+lincolncountymoclerk.gov, 1
+lincolncountync.gov, 1
+lincolncountyne.gov, 1
+lincolncountysd.gov, 1
+lincolncountysheriffok.gov, 1
+lincolncountytn.gov, 1
+lincolncountywy.gov, 1
+lincolnfinewines.com, 1
+lincolnil.gov, 1
+lincolnimps.tk, 1
+lincolnmoneyman.com, 1
+lincolnparkpressurewashing.com, 1
+lincolnri.gov, 1
+lincolnshirefdil.gov, 1
+lincolnstreetband.tk, 1
+lincolntownshipnewaygocountymi.gov, 1
+lincolnzoo.org, 1
+lincore.ru, 1
+lindajahn.de, 1
+lindakloenreizen.nl, 1
+lindalap.fi, 1
+lindalush.net, 1
+lindamadu.com.br, 1
+lindanblog.com, 1
+lindaolsson.com, 1
+lindazi.com, 1
+lindbladcruises.com, 1
+lindeal.com, 0
+linden-nj.gov, 1
+linden.me, 0
+linden.tk, 1
+lindenfd-nj.gov, 1
+lindenlibrary-nj.gov, 1
+lindentx.gov, 1
+lindependant.fr, 1
+lindependant.ml, 1
+lindernational.com, 1
+lindeskar.se, 1
+lindgrenracing.tk, 1
+lindipendente.online, 1
+lindler.rocks, 1
+lindner-architektur.ruhr, 1
+lindner-edv.at, 1
+lindnerhof-taktik.de, 1
+lindnerhof.info, 1
+lindnerova.cz, 1
+lindo.ru, 1
+lindogdahl.dk, 1
+lindon.gov, 1
+lindon.pw, 1
+lindoors.tk, 1
+lindows.tk, 1
+lindquistnet.us, 1
+lindsay-lohan.tk, 1
+lindsaygorski.com, 1
+lindsborgks.gov, 1
+lindseyadelman.com, 1
+lindseyfansite.tk, 1
+lindskogen.se, 1
+lindung.pp.ua, 1
+line.biz, 1
+line.co.nz, 0
+line.me.uk, 1
+linea-nova.be, 1
+lineaesse5.it, 1
+lineageos.org, 1
+lineamortal.tk, 1
+linebet.com, 1
+linebet02489q.com, 1
+linebet17654d.com, 1
+linebooks.cf, 1
+linedance.tk, 1
+lineinchina-enterprise.tw, 1
+linejuby.dk, 1
+lineman.edu, 1
+lineru.com, 1
+lineshop.ml, 1
+linestep.jp, 1
+lineto.com, 1
+linext.cn, 0
+linfadenopatia.com, 1
+linfamilygc.com, 1
+linge-ma.ro, 1
+lingerie.com.br, 1
+lingeriecollect.ga, 1
+lingeriesilhouette.com, 1
+lingolia.com, 0
+lingros-test.tk, 1
+lingshan.tk, 1
+lingua-arabica.org, 1
+lingua.tk, 1
+lingualeo.com, 1
+linguamilla.com, 1
+linguarama.com, 1
+linguaromanica.tk, 1
+linguatrip.com, 1
+lingvist.com, 1
+linhaoyi.com, 0
+linherest.tk, 1
+linhim.de, 1
+linhua.org, 1
+linjerry.tk, 1
+link-group.tk, 1
+link-knighki.cf, 1
+link-list.tk, 1
+link-live.com, 1
+link-man.net, 1
+link-medital.com, 1
+link-net.ga, 1
+link-sanitizer.com, 1
+link.co.uk, 1
+link.com, 1
+link24.tk, 1
+link26.tk, 1
+link2link.tk, 1
+link2serve.com, 1
+link2u.tk, 1
+link9.net, 1
+linkagencia.co, 1
+linkat4.cz, 1
+linkatak.ga, 1
+linkbong.tk, 1
+linkbooks.ga, 1
+linkbot1.com, 1
+linkcat.tk, 1
+linkdesign.tk, 1
+linkdolar.tk, 1
+linkdr.uk, 1
+linke-kommunalpolitik.de, 1
+linked.fm, 1
+linkedpipes.com, 1
+linkenheil.org, 1
+linker-wenzel.com, 1
+linkersconnect.com, 1
+linkgiamgia.com, 1
+linkie.vn, 1
+linkinbooks.gq, 1
+linkindex.net, 1
+linking.ml, 1
+linkinpark4ever.tk, 1
+linkinparkoutpost.tk, 1
+linkio.ru, 1
+linkla.ma, 1
+linklocker.co, 1
+linkmauve.fr, 1
+linkmycyber.training, 1
+linknaarlinux.tk, 1
+linknavigator.tk, 1
+linko-pomoika.tk, 1
+linkonaut.net, 1
+linkopia.com, 1
+linkportal.tk, 1
+linkposts.tk, 1
+linkrehberi.tk, 1
+linkriver.io, 1
+linkroll.cf, 1
+links22.com, 1
+linksafe.ga, 1
+linksanitizer.com, 1
+linksbridge.com, 1
+linkscloud.org, 1
+linksecure.nl, 1
+linksextremist.at, 1
+linksite.tk, 1
+linksmatrix.tk, 1
+linkspace.tk, 1
+linksphotograph.com, 1
+linkst.co, 0
+linkstagr.am, 1
+linkthis.me, 1
+linkthis.ml, 1
+linkthisstatus.ml, 1
+linkto.cf, 1
+linku.com, 1
+linkurio.us, 1
+linkurious.com, 1
+linkuva.tk, 1
+linkview.tk, 1
+linkware.it, 1
+linkwater.org, 1
+linkwheel.tk, 1
+linky.tk, 1
+linkycat.com, 1
+linmania.tk, 1
+linmarrdavao.com, 1
+linnaeusgroup.co.uk, 1
+linncfs.top, 1
+linncosomo.gov, 1
+linncounty-ia.gov, 1
+linncountyelections-ia.gov, 1
+linncountyiowa.gov, 1
+linncountyor.gov, 1
+linngde.com, 1
+lino.cooking, 1
+linocolombo.tk, 1
+linocomm.com, 1
+linocomm.net, 1
+linocomm.nl, 1
+linomass.com, 1
+linomass.nl, 1
+linonin.tk, 1
+linoplan.be, 1
+linoplan.com, 1
+linoplan.dk, 1
+linoplan.eu, 1
+linoplan.fr, 1
+linoplan.info, 1
+linoplan.net, 1
+linoplan.nl, 1
+linoscan.com, 1
+linoscan.nl, 1
+linoskin.com, 1
+linoskin.nl, 1
+linostassi.net, 1
+linostor.com, 1
+linostor.nl, 1
+linoszpadel.tk, 1
+linotrac.com, 1
+linotrac.nl, 1
+linotype.tk, 1
+linpx.com, 0
+linqhost.nl, 1
+linserto.it, 1
+linshiyouxiang.com, 1
+linss.com, 1
+lintmx.com, 1
+linu.gq, 1
+linuq.org, 1
+linusdrop.tips, 1
+linuslagerhjelm.se, 1
+linusruckstuhl.ch, 1
+linux-admin-california.com, 1
+linux-admin.tk, 1
+linux-audit.com, 1
+linux-florida.com, 1
+linux-help.org, 1
+linux-mint-czech.cz, 1
+linux-pc.ml, 1
+linux-share.tk, 1
+linux-taganrog.tk, 1
+linux-techie.com, 1
+linux-tips.us, 1
+linux-vme.org, 1
+linux.cn, 0
+linux.conf.au, 1
+linux.fi, 1
+linux.im, 1
+linux.pizza, 1
+linux3.org, 1
+linux4.de, 1
+linux4all.tk, 1
+linuxarequipa.tk, 1
+linuxbabe.com, 1
+linuxbg.eu, 1
+linuxbierwanderung.com, 0
+linuxbloc.tk, 1
+linuxbsd.tk, 1
+linuxcbt.com, 1
+linuxcommand.ru, 1
+linuxdashboard.com, 1
+linuxdays.cz, 1
+linuxdoc.org, 1
+linuxforu.tk, 1
+linuxforum.ch, 1
+linuxforwindows.com, 1
+linuxgiggle.com, 1
+linuxguru.tk, 1
+linuxhandbook.com, 1
+linuxhostingdelhi.com, 1
+linuxhostingindia.in, 1
+linuxhostsupport.com, 1
+linuxiac.com, 1
+linuxil.org, 1
+linuxincluded.com, 1
+linuxinfo.com.br, 1
+linuxiuvat.de, 1
+linuxkompis.se, 1
+linuxlatbot.tk, 1
+linuxlounge.net, 1
+linuxmalta.tk, 1
+linuxnews.de, 1
+linuxonline.tk, 1
+linuxproject.net, 1
+linuxsecurity.expert, 1
+linuxtage.at, 1
+linuxwerkstatt.net, 1
+linuz.it, 1
+linvosges.com, 1
+linx.net, 1
+linxmind.eu, 1
+linxtter.com, 1
+linyunbin.com, 1
+linz.eu.org, 1
+linz.host, 1
+linzyjx.com, 1
+liodex.com, 1
+lion-log.com, 1
+lion3star.store, 1
+lionchita.tk, 1
+lionessport.com, 0
+lionhosting.nl, 1
+lionland.tk, 1
+lionpa.ws, 1
+lions.gr.jp, 1
+lionsk.tk, 1
+lioraaja.com, 1
+liorggi.ga, 1
+lip.pt, 1
+lipacom.ga, 1
+lipartydepot.com, 1
+lipator.cf, 1
+lipeck.ga, 1
+lipeck.tk, 1
+lipetsk-centralniy.cf, 1
+lipetsk48.tk, 1
+lipex.com, 1
+lipighor.com, 1
+lipighor.xyz, 1
+lipnihezron.tk, 1
+lipo.lol, 1
+lipoabaltimore.org, 1
+lipovka.tk, 1
+lipowebsite.tk, 1
+lippu1.fi, 1
+lips.ne.jp, 1
+liptor.gq, 1
+lipturess.tk, 1
+liq.com.br, 1
+liqd.net, 1
+liqiang.com, 1
+liqiuyu.com, 1
+liqueur.wiki, 1
+liquid.cz, 1
+liquid.network, 1
+liquid.place, 1
+liquidation.tk, 1
+liquidbounce.tk, 1
+liquidcorp.fr, 1
+liquidflash.ml, 1
+liquidhost.co, 1
+liquidinternet.co, 1
+liquidradio.pro, 1
+liquidwarp.net, 1
+liquidweb.tk, 1
+liquipedia.net, 1
+liquiritia.tk, 1
+liquorice.co.za, 1
+lirc572.com, 1
+lirelesgens.com, 1
+liress.gq, 1
+liri.ie, 1
+lirico.ca, 1
+lirion.de, 1
+lirlandais.ch, 0
+lirnberger.com, 1
+lirui.org, 1
+lirui.tech, 1
+lis-na-plasty.cz, 1
+lis.koeln, 1
+lisa-mainz.tk, 1
+lisa.xyz, 1
+lisabel.ca, 1
+lisadelbo.tk, 1
+lisahh-jayne.com, 0
+lisahutson.co.uk, 1
+lisaloves.tk, 1
+lisamaffia.tk, 1
+lisanotes.com, 1
+lisanshizmetleri.com, 1
+lisapinder.com, 1
+lisapo.info, 1
+lisas.ml, 1
+lisasack.net, 1
+lisasc.gq, 1
+lisasworkshop.co.uk, 1
+lisavrobinson.tk, 1
+lisaweilandt.com, 1
+lisbon-pre-1755-earthquake.org, 1
+lisbonwi.gov, 1
+lisburnhottubnbounce.co.uk, 1
+lishayut-prav.cf, 1
+lishayut-prav.ga, 1
+lishayut-prav.gq, 1
+lishayut-prav.ml, 1
+lishayut-prav.tk, 1
+lishup.com, 1
+lisiano.eu, 1
+lisieuxarquitetura.com.br, 1
+lisinphotography.com, 1
+lisius.ga, 1
+liskgdt.net, 1
+lislan.org.uk, 1
+lisowski-development.com, 0
+lisowski-photography.com, 1
+lissabon.tk, 1
+lissabonsite.tk, 1
+lissajouss.tk, 1
+lissauer.com, 1
+lisslonglegs.com, 1
+lissongallery.com, 1
+list-gymnasium.de, 1
+list1.tk, 1
+listach.tk, 1
+listahu.org, 1
+listapp.uz, 1
+liste.net.tr, 1
+listekdo.fr, 1
+listen.dk, 1
+listener.ga, 1
+listening-skills.eu, 1
+listenkj.com, 1
+listenup.study, 1
+lister-kirchweg.de, 1
+listerplace.co.uk, 1
+listerventures.com, 0
+listiclepal.com, 1
+listim.com, 0
+listinfinity.net, 1
+listing.gq, 1
+listisima.com, 1
+listkeeper.io, 0
+listminut.be, 1
+listoffreeware.com, 1
+listratenkov.com, 1
+lists.fedoraproject.org, 1
+lists.mayfirst.org, 0
+lists.stg.fedoraproject.org, 1
+listsothebysrealtyhk.com, 1
+lit-verlag.de, 1
+litaphoenix.net, 1
+litarvan.com, 1
+litcc.com, 1
+litchfieldpark.gov, 1
+litchidova.nl, 1
+litcomphonors.com, 1
+lite-1x0801165.top, 1
+lite-1x132537.top, 1
+lite-1x378220.top, 1
+lite-1x389463.top, 1
+lite-1x4720786.top, 1
+lite-1x562968.top, 1
+lite-1x563355.top, 1
+lite-1x5942934.top, 1
+lite-1x605138.top, 1
+lite-1x6274108.top, 1
+lite-1x682393.top, 1
+lite-1x7814040.top, 1
+lite-1x8343697.top, 1
+lite-1x9264112.top, 1
+lite-1x9866970.top, 1
+lite-chat.tk, 1
+liteanalytics.com, 1
+litebit.de, 1
+litebit.eu, 1
+litebit.nl, 1
+litebitcdn.eu, 1
+litebits.com, 1
+litebooks.gq, 1
+litecache.de, 1
+litecloud.ml, 1
+litecoinnews.club, 1
+litehost24.tk, 1
+litemere.org, 1
+litemere.us, 0
+litemind.com, 0
+liteminer.cf, 1
+litepay.ch, 1
+literacychannel.ga, 1
+literapedia-bern.ch, 1
+literaria.tk, 1
+literatura-portal.cf, 1
+literaturaacessivel.com.br, 1
+literature-schools.com, 1
+literaturka.ga, 1
+literaturkreis-online.at, 1
+literaturkreis-online.ch, 1
+literaturkreis-online.de, 1
+literaturkreis.online, 1
+literaturpreis.online, 1
+literaturtage-recklinghausen.de, 1
+literie06.com, 1
+literoticavod.com, 1
+litespeed-webserver.de, 1
+litespeedwebserver.de, 1
+litfest.ru, 1
+litfin.name, 1
+litfl.com, 1
+lithesalar.se, 1
+lithianissaneugeneparts.com, 1
+lithiumhosting.com, 1
+litiab.tk, 1
+litigatech.com, 1
+litkicks.com, 1
+litnis.com, 1
+litolin.tk, 1
+litorallimpo.com.br, 1
+litportal.gq, 1
+litterfreeriversandstreams.eu, 1
+little-brother.eu, 1
+little-cake.com, 1
+little-luk.com, 1
+little-news.gq, 1
+little-shield.com, 1
+little.recipes, 1
+littlebar.tk, 1
+littlebestfriend.de, 1
+littlebig.co, 1
+littlebirds.cf, 1
+littlebites.co.nz, 1
+littleblackfish.se, 1
+littlebootshonduras.tk, 1
+littleboutiqueshop.co.uk, 1
+littleboutiqueshop.com, 1
+littleboutiqueshop.uk, 1
+littlecreatures.com.au, 1
+littlecreekhosting.com, 1
+littlecrochetbytabea.com, 1
+littledev.nl, 0
+littleduck.eu.org, 1
+littleduck.xyz, 1
+littlefairy.no, 1
+littlefamilyadventure.com, 1
+littlefingersindia.com, 1
+littlefiredragon.tk, 1
+littlefool.de, 1
+littleforkmn.gov, 1
+littlegiants.edu.au, 1
+littlegianttraveler.com, 1
+littlegleemonster.com, 1
+littlehacker.tk, 1
+littlehide.gq, 1
+littlehoop.edu, 1
+littleireland.co.uk, 1
+littlelucifercafe.tk, 1
+littlemaple.tk, 1
+littlemaster.tk, 1
+littlenicky.org, 1
+littlenina.nz, 0
+littleorangecookbook.com, 1
+littleorchardpreschool.us, 1
+littlepigcreek.com.au, 1
+littlepincha.fr, 0
+littleqiu.net, 1
+littlericket.me, 1
+littleriverfreerange.ga, 1
+littlerose.ml, 1
+littlerphotographie.fr, 1
+littles.moe, 1
+littlescallywagsplay.co.uk, 1
+littlesearch.net, 1
+littleservice.cn, 1
+littlesk.in, 1
+littleskin.cn, 1
+littleson.com.br, 0
+littlesouls.ml, 1
+littlewatcher.com, 1
+littleyokohamakennel.tk, 1
+liturgical.net, 1
+liturkey.tk, 1
+litvideoserver.de, 1
+litz.ca, 1
+litzenberger.ca, 1
+liubliu.co.uk, 1
+liud.im, 1
+liudon.com, 1
+liuhecai.com, 1
+liujr.tk, 1
+liujunyang.com, 0
+liukang.com, 1
+liukang.tech, 1
+liul.in, 1
+liuliuya.com.tw, 1
+liulo.cf, 1
+liunian.com, 1
+liups.one, 1
+liuq.org, 1
+liuqiao.best, 1
+liuqiao.cf, 1
+liuqiao.eu.org, 1
+liuqiao.ga, 1
+liuqiao.gq, 1
+liuqiao.ml, 1
+liuqiao.pp.ua, 1
+liuqiao.tk, 1
+liuqiaolovecaonali.ml, 1
+liushuyu.tk, 1
+livada.fr, 1
+livadm.ml, 1
+livdesign.com.tw, 1
+live-home-cams.com, 1
+live-knigi.cf, 1
+live-news.gq, 1
+live-tv-channels.org, 1
+live-z-rejstejna.cz, 1
+live.ac.cn, 1
+live2play.ml, 1
+live4k.media, 1
+live8811.com, 1
+live8899.cn, 1
+live8899.co, 1
+live8899.net, 1
+live9922.com, 1
+liveachievers.tk, 1
+liveandalucia.es, 1
+liveanimations.org, 1
+livebandphotos.com, 1
+livebarmenu.com, 1
+livebestbooks.gq, 1
+livebookmark.ml, 1
+livebox-mag.fr, 1
+livebythesun.de, 1
+livecabomexico.com, 1
+livecards.co.uk, 1
+livecards.es, 1
+livecards.it, 1
+livecast.com.tr, 1
+livecchi.cloud, 1
+livechads.com, 1
+livechads.org, 1
+liveciv.top, 1
+livecommande.fr, 1
+liveconcertvideo.tk, 1
+livedesign.at, 1
+livedomain.at, 1
+livedrawtogel.id, 1
+liveeventartist.ca, 1
+liveeventartist.net, 1
+liveeventpainter.ca, 1
+liveevents.ee, 1
+liveflooring.com, 1
+livefoot.fr, 1
+liveforspeed.se, 1
+livefortheviews.com, 1
+liveinmelbourne.vic.gov.au, 1
+liveint.org, 1
+liveit.pt, 1
+liveita.com, 1
+liveitlogical.in, 1
+liveitmerck.ca, 1
+livejasmin-online.com, 1
+livejasmin.dk, 1
+livejh.tk, 1
+livekaarten.be, 1
+livekaarten.nl, 1
+livekey.tk, 1
+livekooora.online, 1
+livekort.com, 1
+livekort.dk, 1
+livekort.no, 1
+livekort.se, 1
+livekortti.fi, 1
+livela.jp, 1
+livelexi.com, 1
+livelifewithintent.com, 1
+livelink.tk, 1
+livelondon.fr, 1
+livelong.tk, 1
+livelonglife.tk, 1
+livelovelaughlg.com, 1
+liveman.dk, 1
+livemomentum.ml, 1
+livemosspointe.com, 1
+livenewsrussia.tk, 1
+liveomadic.com, 1
+liveoutdoor.ga, 1
+livepainter.ca, 1
+livepaperhelp.com, 1
+liveperformersmeeting.net, 1
+livepix.gg, 1
+liveplaygo.com, 1
+livepodcast.ru, 1
+livepornguide.com, 1
+livequote.info, 1
+liveregistratie.nl, 1
+liverfoundation.org, 1
+liverider.co.jp, 1
+liverkids.tk, 1
+livermoreca.gov, 1
+livermorefireco.gov, 1
+livero.pl, 1
+liverobot8.com, 1
+liverobot888.com, 1
+liverpoolmoneyman.com, 1
+liversurgery.com, 1
+livescore-fixedmatches.com, 1
+livesexcalls.co.uk, 1
+liveskype.com, 1
+livesportts.ml, 1
+livestone.tk, 1
+livestrana.tk, 1
+livestreamtvbox.com, 1
+livesure.com, 1
+liveteachers.in, 1
+livetilesglobal.com, 1
+livetopknigi.gq, 1
+livetoride.co.za, 1
+liveutifree.com, 1
+livevacancies.co.uk, 1
+livewebtutor.com, 1
+liveweddingartist.ca, 1
+liveweddingpainter.ca, 1
+livewirecommunications.co.uk, 1
+livezrejstejna.cz, 1
+livfcshop.com, 1
+livhao.com, 0
+livi.co, 1
+livi.co.uk, 1
+livi.fr, 1
+living-legends.tk, 1
+living-space.co.nz, 1
+living-with-outlook-2010.com, 1
+living.video, 1
+living2000.com, 1
+livingafrugallife.com, 1
+livingbitsandthings.com, 1
+livingconfidently.com, 1
+livingdocs.io, 1
+livinghebrew.tk, 1
+livinginhimalone.com, 1
+livingislands.org, 1
+livingislands.tv, 1
+livinglab.be, 1
+livinglifesecurely.com, 1
+livinglink.be, 1
+livinglocalapp.com, 1
+livingoutdoors.ga, 1
+livingstonca.gov, 1
+livingtired.org, 1
+livingtohearsix.com, 1
+livingworduk.org, 1
+livinkitchen.tk, 1
+livive.com, 1
+livli.cz, 1
+livli.pl, 1
+livli.sk, 1
+livnev.me, 1
+livnev.xyz, 1
+livogeva.dk, 1
+livornonellarete.tk, 1
+livornotoday.it, 1
+livrariacoad.com.br, 1
+livrariaideak.com.br, 1
+livrariause.com, 1
+livres-et-stickers.com, 1
+livresetmanuscrits.com, 1
+livroseuniformes.com.br, 1
+livspace.com, 1
+livsta.ca, 1
+lixi.today, 1
+lixiaoyu.live, 1
+lixinnovations.com, 1
+lixis.com, 1
+lixtick.com, 1
+lixvapes.com, 1
+lixx.org, 1
+liyin.date, 1
+liying-sub.buzz, 1
+liyingcloud.org, 1
+liz-ate.com, 1
+liz-fry.com, 0
+liz.ee, 1
+liza.fashion, 1
+lizagalore.tk, 1
+lizaminnelli.tk, 1
+lizardsystems.com, 1
+lizardtech.top, 1
+lizcheney.com, 1
+lizeal.tk, 1
+lizheng.de, 1
+lizhi.io, 1
+lizhuan.cn, 1
+lizlew.is, 1
+liznewton.com.au, 1
+liztattoo.se, 1
+lizteacher.com, 1
+lizufyr.eu, 1
+lizzandra.tk, 1
+lizzaran.io, 1
+lizzian.uk, 1
+lizzwood.com, 1
+lizzymcc.com, 1
+lizzysdoggrooming.com, 1
+lizzythepooch.com, 1
+lj-creation.com, 1
+ljason.cn, 1
+ljekarne-plantak.hr, 1
+ljoonal.xyz, 1
+ljpc-hosting.nl, 1
+ljpc.nl, 1
+ljpc.solutions, 1
+ljs.io, 1
+ljskatt.com, 1
+ljskatt.no, 1
+ljsport.nl, 1
+ljubescica.hr, 1
+ljungabolet.se, 1
+ljusdal.se, 1
+ljw.me, 1
+lk-hardware.cz, 1
+lk1.bid, 1
+lkbk.uk, 1
+lkellar.org, 1
+lkhrs.com, 1
+lklyrics.com, 1
+lkmt.us, 1
+lknw.de, 1
+lkp111138.me, 1
+lkqpickyourpart.com, 1
+lktvchannel.com, 1
+lkwmodellbau.at, 1
+ll-t.com, 1
+ll.gr, 1
+ll5197.co, 1
+ll6729.co, 1
+ll6729.com, 0
+ll6957.co, 1
+ll9297.co, 1
+ll9728.co, 1
+llac.org, 1
+llanelli-radio-club.tk, 1
+llanowar.tk, 1
+llantasysuspensiones.shop, 1
+llave.io, 1
+llccd.eu.org, 1
+llcgeek.com, 1
+llcig.com, 1
+llcigroup.com, 1
+lldigital.co.il, 1
+lleal.com, 1
+lleidanoticies.com, 1
+llemoz.com, 1
+llinck.fr, 1
+llinternational.tk, 1
+llm-guide.com, 1
+lloretparty.de, 1
+lloyd-day.me, 1
+lloydrogerspencer.com, 1
+llrpartners.com, 1
+llumar.com, 1
+llvm.us, 1
+llyncelyn.com, 1
+lm-architecture.com, 1
+lm-landscapes.co.uk, 1
+lm1628.com, 1
+lm228.cn, 1
+lm228.com, 1
+lm338.cn, 1
+lm338.com, 1
+lmasqueen.com, 1
+lmbyrne.co.uk, 1
+lmde.fr, 1
+lmh-style.com, 1
+lmi3d.com, 1
+lmintlcx.com, 1
+lmmks.com, 1
+lmmtfy.io, 1
+lmr.com, 1
+lmrcirurgiaplastica.pt, 1
+lmrcouncil.gov, 1
+lmsal.com, 1
+lmsowl.com, 1
+lmtls.me, 1
+lmtravis.com, 1
+lmvsci.gov, 1
+ln.io, 1
+lndb.me, 1
+lndrive.space, 1
+lnhydy.cn, 1
+lnk.bio, 1
+lnk.dk, 1
+lnoldan.com, 1
+lnovus.ru, 0
+lnsk.lt, 1
+lnsolucoesfinanceiras.com.br, 1
+lntpower.com, 0
+lnxy.eu, 1
+lnyltx.cn, 1
+lnzphoto.com, 1
+lo-li.icu, 0
+lo-zuromin.tk, 1
+lo.fail, 1
+loackerbusiness.it, 1
+load.pm, 0
+loader.to, 1
+loader.us.com, 1
+loadhourly.tk, 1
+loading.express, 1
+loading.se, 1
+loadlow.me, 1
+loadme.ml, 1
+loadninja.com, 1
+loadover.me, 1
+loadwallet.com, 1
+loafhead.me, 1
+loan-lenders.co.za, 1
+loanathome.com, 1
+loanfreeze.ga, 1
+loanopedia.in, 1
+loanpad.com, 1
+loanpost.com.au, 1
+loanreadycredit.com, 1
+loanscanada.ca, 1
+loansharkpro.com, 1
+loanstreet.nl, 1
+loantillpaydaydelaware.com, 1
+loavies.com, 1
+lob-assets-staging.com, 1
+lob-assets.com, 1
+lob-staging.com, 1
+lobao.eti.br, 1
+lobao.pro.br, 1
+lobbes.nl, 1
+lobbster.co, 1
+lobby.game, 1
+lobevert.com, 1
+lobiancocucina.com, 1
+lobin21.com, 1
+lobivia.de, 1
+lobmedya.com, 1
+lobocapoeira.tk, 1
+lobosdomain.ddns.net, 1
+lobosdomain.hopto.org, 1
+lobosdomain.no-ip.info, 1
+lobsangstudio.com, 1
+lobstr.co, 1
+loc-gauthier.fr, 1
+loca-voiture.fr, 1
+locabir.cf, 1
+locadoraequiloc.com.br, 1
+local-insight.com, 1
+local-shop.com, 1
+local360.net, 1
+localassocier.tk, 1
+localbandz.com, 1
+localbiketrader.com, 1
+localbitcoins.com, 1
+localblitz.com, 1
+localbouncycastle.com, 1
+localcdn.org, 1
+localcleann.uk, 1
+localcryptos.com, 1
+locald.at, 1
+localdating.ml, 1
+localdigitaldesign.com, 1
+localethereum.com, 1
+localexpert.realestate, 1
+localexpress.io, 1
+localhandyman.work, 1
+localhorst.duckdns.org, 0
+localize.live, 1
+localized.tk, 1
+localizejs.com, 1
+localizestaging.com, 1
+locall.cf, 1
+locallandscape.services, 1
+locallawfirms.com, 1
+locallhost.me, 1
+localmarketingprofessional.com, 1
+localmonero.co, 1
+localnetwork.nz, 1
+localnode.net, 1
+localplumber-uk.com, 1
+localprideart.com, 1
+localprivatediary.com, 1
+localrvs.com, 1
+localsearch.homes, 1
+localseo.ltd, 1
+localseorepair.co, 1
+localseorepair.design, 1
+localseorepair.ltd, 1
+localseorepair.network, 1
+localseorepair.rocks, 1
+localseorepair.services, 1
+localseorepair.world, 1
+localserver.ca, 1
+localspot.pl, 1
+localstartupfest.id, 1
+localstudio.tk, 1
+localtownhouses.ga, 1
+locape.com.br, 1
+locapos.com, 1
+locas.me, 1
+locatecellphone.gq, 1
+locatemypain.com, 1
+location-appartement-dakar.com, 1
+location-fichier-email.com, 1
+location-vacances-campello.com, 1
+location-vacances-croatie.tk, 1
+location-vacances.biz, 1
+locationkaraokemontreal.com, 1
+locationkaraokeottawa.com, 1
+locationkaraokequebec.com, 1
+locations.tk, 1
+locationsiledyeu.fr, 1
+locationvoitureallemagne.com, 1
+locationvoitureangleterre.com, 1
+locationvoitureaustralie.com, 1
+locationvoitureautriche.com, 1
+locationvoiturebelgique.com, 1
+locationvoiturecorse.net, 1
+locationvoitureespagne.com, 1
+locationvoiturefinlande.com, 1
+locationvoitureislande.com, 1
+locationvoitureitalie.com, 1
+locationvoiturenorvege.com, 1
+locationvoiturepaysbas.com, 1
+locationvoitureportugal.com, 1
+locationvoituresuede.com, 1
+locatornet.ga, 1
+locatorplus.gov, 1
+locauxrama.fr, 1
+locchat.com, 1
+lochlans.com, 1
+lochloco.tk, 1
+lock-expert.de, 0
+lock.me, 1
+lock23.ca, 1
+lockaby.org, 1
+lockdownfm.live, 1
+lockemower.com, 1
+locker.plus, 1
+locker3.com, 1
+lockerroomstories.com, 1
+locketurf.com, 1
+lockless.tk, 1
+locklock.com.br, 1
+locklockbrasil.com.br, 1
+locknlock.com.br, 1
+locknlockbrasil.com.br, 1
+lockoutgroup.com, 1
+lockpick.nl, 1
+lockpicks.se, 1
+lockr.jp, 1
+locksmith-durbannorth.co.za, 1
+locksmithbalchsprings.com, 1
+locksmithdearborn.com, 1
+locksmithdriftwood.com, 1
+locksmithedenvale24-7.co.za, 1
+locksmithedmonds.com, 1
+locksmithforcarshoustontx.com, 1
+locksmithgarland-tx.com, 1
+locksmithgrapevinetx.com, 1
+locksmithhillcrest.co.za, 1
+locksmithlakewaytx.com, 1
+locksmithlivoniami.com, 1
+locksmithmadisonheights.com, 1
+locksmithmesquitetexas.com, 1
+locksmithmidrand24-7.co.za, 1
+locksmithmissouricity.com, 1
+locksmithsammamishwa.com, 1
+locksmithsanantoniotexas.com, 1
+locksmithsbluff.com, 1
+locksmithsbuda.com, 1
+locksmithscottsdaleaz.com, 1
+locksmithservice-houston.com, 1
+locksmithsinsanantoniotx.com, 1
+locksmithspring.com, 1
+locksmithspringtx.com, 1
+locksmithssanmarcostx.com, 1
+locksmithstaffordtx.com, 1
+locksmiththewoodlands.com, 1
+locksoflove.org, 1
+locksport.org.nz, 1
+locktera.com, 1
+lockwoodchristmastreefarm.com, 1
+loco-concepts.nl, 1
+loco-socials.nl, 1
+loco.gg, 1
+locomotionds.com, 1
+locomotiv.tk, 1
+locomotive.ca, 1
+locomotiveworks.co.uk, 1
+locoroom.com, 1
+locoserver.net, 1
+locspec.com.au, 1
+locus-cell.com, 1
+locus-dashboard.com, 1
+locus.ml, 1
+locus.tk, 1
+locustvalleyvet.com, 1
+locutusvader.com, 1
+lodash.com, 0
+loddeke.eu, 1
+lode.li, 1
+lode.tk, 1
+lodela.ru, 1
+lodestarss.com, 1
+lodewijkict.nl, 1
+lodewillems.com, 1
+lodger.cf, 1
+lodki-pvh.com, 1
+lodni.site, 1
+lodongxu.com, 1
+lodosswar.tk, 1
+lodus.io, 1
+loekkoopmans.tk, 1
+loeklommers.nl, 1
+loekvormgeving.nl, 1
+loenshotel.de, 1
+loesje.nl, 1
+loew.de, 1
+lofirmo.com, 1
+loforo.com, 1
+loft.com.br, 1
+lofttravel.com, 1
+loftyideas.ml, 1
+loftymedia.ca, 1
+lofw.tk, 1
+log.moe, 1
+log.pw, 0
+log4shell.org, 1
+logactiond.org, 1
+logal.media, 1
+logalot.com, 1
+loganandmaria.com, 1
+logancooper.jp, 1
+logancountyks.gov, 1
+logancountyky.gov, 1
+logancountyohio.gov, 1
+loganengineeroh.gov, 1
+loganextermination.net, 1
+loganhealthohio.gov, 1
+logankpaschke.com, 1
+loganmarchione.com, 1
+loganmarchione.rocks, 1
+loganparkneighborhood.org, 1
+loganscene.tk, 1
+logart.tk, 1
+logay.com.br, 1
+logbook.ch, 1
+logbot.info, 1
+logcat.info, 1
+logdoc.tk, 1
+loge.fr, 1
+logement.com, 1
+logement.tk, 1
+logevou-immobilier.tk, 1
+logexplorer.net, 1
+logfile.at, 1
+logfile.ch, 1
+logfinish.com, 1
+logfro.de, 1
+logheavenvt.com, 1
+logic8.ml, 1
+logical-invest.com, 1
+logicalgassolutions.co.uk, 1
+logicalperformance.com, 1
+logicchen.com, 1
+logicdream.tk, 1
+logicgate.com, 1
+logiciel-entreprise-seurann.fr, 1
+logicielscrm.fr, 1
+logicintel.com, 1
+logicio.ch, 0
+logicio.de, 0
+logicio.net, 0
+logicne-hise.si, 1
+logicnets.com, 1
+logico.ar, 1
+logicsale.com, 1
+logicsale.de, 1
+logicsale.fr, 1
+logicsale.it, 1
+logicz.top, 1
+logimap.cz, 1
+login.corp.google.com, 1
+login.gov, 1
+login.launchpad.net, 1
+login.ooo, 1
+login.raiffeisen.ch, 1
+login.sapo.pt, 1
+login.ubuntu.com, 1
+login.yahoo.com, 0
+logingate.hu, 1
+loginsecure.eu, 1
+loginsoft.com, 1
+loginvovchyk.ru, 1
+loginwithmc.com, 1
+logipdv.pt, 1
+logismarket.com, 1
+logismn.gov, 1
+logisparte.com, 1
+logitel.de, 1
+logitheque.tk, 1
+logitracgps.com, 1
+logitrack.tk, 1
+loglineargroup.com, 1
+logndetektor-test.no, 1
+lognetjobs.co.uk, 1
+logodestekhatti.net, 1
+logodevir.biz, 1
+logodevir.org, 1
+logoenvue.fr, 1
+logoesun.com, 1
+logofiyati.com, 1
+logoglo.com, 1
+logolabben.cf, 1
+logolando.tk, 1
+logomarket.jp, 1
+logon-int.com, 1
+logopaedie-millian.de, 1
+logopaedie-sandkrug.de, 1
+logopaediereinhard.de, 0
+logopedickyden.cz, 1
+logopedie-direct.nl, 1
+logopedietaalrijk.nl, 1
+logopedista.roma.it, 1
+logopedistalanni.it, 1
+logopoeia.com, 1
+logoprofi.tk, 1
+logosnet.com.br, 1
+logosradio.tk, 1
+logostock.jp, 1
+logowik.com, 1
+logram.io, 1
+lograr.me, 1
+logrhythm.com, 1
+logtalk.org, 1
+logtenberg.eu, 1
+logue.media, 1
+logue.tk, 1
+logwise.com, 1
+logydice.com, 1
+logze.nl, 1
+lohanaflores.com.br, 1
+loheprobado.com, 1
+lohkoketju.fi, 1
+lohmeyer.cc, 1
+lohnsteuerhilfe-essen.de, 1
+lohocla.org, 1
+lohr.me, 1
+loic-raymond.fr, 1
+loiit.ga, 1
+loire-en-bateau.fr, 1
+loirevalley.co, 1
+lois-bullion.com, 1
+lois.cf, 1
+loisircreatif.net, 0
+loja-meltech.com.br, 1
+lojaapi.com, 1
+lojaapoio.com.br, 1
+lojabeeways.com.br, 1
+lojaclassicshow.com.br, 1
+lojadafloresta.pt, 1
+lojadamimo.com.br, 1
+lojadanidrea.com.br, 1
+lojadarenda.com.br, 1
+lojadelicatojatai.com.br, 1
+lojadesomautomotivo.com.br, 1
+lojadewhisky.com.br, 1
+lojadoarcomprimido.com.br, 1
+lojadoprazer.com.br, 1
+lojadosirmaos.com.br, 1
+lojadosomautomotivo.com.br, 1
+lojaestacaosaopedro.com.br, 1
+lojafilipaper.com.br, 1
+lojaflordelaranjeira.com.br, 1
+lojagravataria.com.br, 1
+lojahbk.com.br, 1
+lojahendel.com.br, 1
+lojahunamarcenaria.com.br, 1
+lojak2.com.br, 1
+lojal19.com.br, 1
+lojamagicalx.com, 1
+lojamultplick.com.br, 1
+lojanewinvincible.com.br, 1
+lojaodo9.com.br, 1
+lojaprimemed.com.br, 1
+lojaprojetoagua.com.br, 1
+lojasmary.com.br, 1
+lojasoulstyle.com.br, 1
+lojasportmixonline.com.br, 1
+lojasvictoria.com.br, 1
+lojasvirtuaisesites.com.br, 1
+lojatema.com.br, 1
+lojaterrazul.com.br, 1
+lojatudomi.com.br, 1
+lojausapel.com.br, 1
+lojavirtualdopsicopedagogo.com.br, 1
+lojavirtualinfopaper.com.br, 1
+lojavisamed.com.br, 1
+lojaxo.com.br, 1
+lojistaguarani.com.br, 1
+lojix.com, 0
+lojj.pt, 1
+lokace.eu, 1
+lokan.id, 1
+lokinet.org, 1
+lokjagruktafoundation.com, 1
+lokomotivaplzen.cz, 1
+lokoo.dk, 0
+lokys.de, 1
+lola.by, 1
+lolacandy.com, 1
+lolalacita.net, 1
+lolalohse.com, 1
+lolas-vip.com, 1
+lolaseuropeancafe.com, 1
+lolbird.tk, 1
+lolcats.cat, 1
+lolchat.tk, 1
+lolcloud.ru, 1
+lolcorp.pl, 1
+lolcosplay.ga, 1
+lolcow.farm, 1
+loldudes.com, 1
+lolfinity.com, 1
+lolfunny.tk, 1
+loli.art, 1
+loli.cam, 1
+loli.com, 1
+loli.edu.kg, 1
+loli.gallery, 1
+loli.io, 1
+loli.net, 1
+loli.ovh, 1
+loli.pet, 1
+loli.win, 1
+loli.world, 1
+loliblogs.cf, 1
+loliblogs.ga, 1
+loliblogs.gq, 1
+loliblogs.ml, 1
+lolibrary.org, 1
+lolic.xyz, 1
+lolicon.eu, 1
+loliel.tk, 1
+lolifamilies.cf, 1
+lolifamilies.ga, 1
+lolifamilies.gq, 1
+lolifamilies.tk, 1
+lolifamily.cf, 1
+lolifamily.ga, 1
+lolifamily.gq, 1
+lolifamily.js.org, 1
+lolifamily.ml, 1
+lolifamily.tk, 1
+lolifox.cf, 1
+loliloli.moe, 1
+loliloli.net, 1
+loliloli.top, 1
+lolinfo.ga, 1
+lolinya.link, 1
+lolio.tw, 1
+loliotero.com, 1
+lolipops.ga, 1
+lolis.stream, 1
+lolitalechat.com, 1
+lolivpn.com, 1
+lolkot.ru, 1
+lolli8.com, 1
+lollipopo69.net, 1
+lollypop.tk, 1
+lollysmalls.com, 1
+lollyteam.tk, 1
+lolmania.tk, 1
+lolnet.tk, 1
+lolnews.cf, 1
+lolnews.ga, 1
+lolnews.tk, 1
+lolo17.com, 1
+lols.gg, 1
+lolware.net, 1
+lom.name, 0
+loma.ml, 1
+lomaster.tk, 1
+lomayko.ml, 1
+lombard.co.uk, 1
+lombard.ie, 1
+lombardiaeconomy.it, 1
+lomex.tk, 1
+lomgo.cf, 1
+lomgo.ga, 1
+lomgo.gq, 1
+lommeregneren.dk, 1
+lommers.org, 1
+lommyfleet.com, 1
+lomond.com.au, 1
+lomuarredi.com, 1
+lomza.tk, 1
+lon-so.com, 1
+lona.io, 1
+lonasdigital.com, 0
+lonavla.tk, 1
+loncarlyonjenkins.com, 1
+london-design.co.uk, 0
+london-electricians.com, 1
+london-mafia.tk, 1
+london-transfers.com, 1
+londoncarpetcleaningltd.co.uk, 1
+londonderrynh.gov, 1
+londonderrynhfire.gov, 1
+londonderrynhpd.gov, 1
+londonelects.org.uk, 1
+londongynaecologist.co, 1
+londonhealthcare.ga, 1
+londonhealthcare.tk, 1
+londonjob.tk, 1
+londonkan.jp, 1
+londonkeyholdingcompany.co.uk, 1
+londonmoneyman.com, 1
+londonnorthwesternrailway.co.uk, 1
+londonpropertymatch.com, 1
+londonschool.mx, 1
+londonseedcentre.co.uk, 1
+londonsoccer.tk, 1
+londontrivia.gq, 1
+londontwpmi.gov, 1
+londonvetspecialists.vet, 1
+londonwomensclinic.com, 1
+londrihost.com.br, 1
+londynelliot.com, 1
+lone-gunman.be, 1
+lone-wolf.tk, 1
+lonely.moe, 1
+lonelybitcoin.com, 1
+lonelyhaoss.com, 1
+lonelyion.com, 1
+lonelypawn.com, 1
+lonelys.se, 1
+lonelytweets.com, 1
+lonelyworld.co.uk, 1
+lonelyworld.tk, 1
+loneronin.tk, 1
+lonerwolf.com, 0
+lonesomecosmonaut.com, 1
+lonestarpediatricdental.com, 1
+lonestarrott.com, 1
+lonewolftech.ga, 1
+long-8.com, 1
+long-9.com, 1
+long-journey.com, 1
+long008.com, 1
+long0310.com, 1
+long0311.com, 1
+long0317.com, 1
+long0318.com, 1
+long0355.com, 1
+long0377.com, 1
+long0398.com, 1
+long0536.com, 1
+long0538.com, 1
+long0539.com, 1
+long0555.com, 1
+long0556.com, 1
+long0728.com, 1
+long0776.com, 1
+long08.com, 1
+long0818.com, 1
+long0877.com, 1
+long0878.com, 1
+long0897.com, 1
+long0898.com, 1
+long0976.com, 1
+long0999.com, 1
+long100.vip, 1
+long113.com, 1
+long266.com, 1
+long68.net, 1
+long688.com, 0
+long8032.com, 1
+longbeachms.gov, 1
+longbeachroleplay.de, 1
+longboatlocal.com, 1
+longbridge.hk, 1
+longbsants.com, 1
+longchampgirls.tk, 1
+longcountyga.gov, 1
+longenyc.com, 1
+longest.tk, 1
+longevitywi.com, 1
+longflexing.com, 1
+longfordlodge.tk, 1
+longhaircareforum.com, 1
+longhairworld.tk, 1
+longhorn-imports.com, 1
+longhorn.id.au, 1
+longiminus.tk, 1
+longislandbusiness.info, 1
+longislanddigestive.com, 1
+longlakeny.gov, 1
+longlanearchitects.co.uk, 1
+longlink.tk, 1
+longlivehongkong.com, 1
+longma.pw, 1
+longma168.cn, 1
+longma168.com, 1
+longmeadowma.gov, 1
+longmelfordswan.co.uk, 0
+longoconsulting.us, 1
+longpaddock.qld.gov.au, 1
+longportpd.org, 1
+longstride.net, 1
+longtermcare.gov, 1
+longtermrentalsportugal.com, 1
+longviewnc.gov, 1
+longwoodwrestling.com, 1
+lonleymoon.tk, 1
+lonniec.com, 1
+lonniemason.net, 1
+lonokedistrictcourtar.gov, 1
+lonslai.com, 1
+lonza.ch, 1
+lonza.com, 1
+lonzagroup.net, 1
+loober.tk, 1
+look-books.tk, 1
+look-info.tk, 1
+look-like.tk, 1
+lookae.com, 0
+lookagain.co.uk, 1
+lookasik.eu, 1
+lookastic.com, 1
+lookastic.de, 1
+lookastic.es, 1
+lookastic.fr, 1
+lookastic.ru, 1
+lookathernow.com, 1
+lookatmysco.re, 1
+looker.wang, 0
+lookflyfares.com, 1
+lookie.ml, 1
+lookitdesign.com, 1
+lookscanned.io, 1
+looksmax.org, 1
+lookup-dns.net, 1
+loomi.tv, 1
+loomis.center, 1
+loonbedrijfdenboer.nl, 1
+loonbedrijfwierda.nl, 1
+looneymooney.com, 1
+loonindex.be, 1
+loonylatke.com, 1
+loop.co.id, 1
+loopback.kr, 1
+loopcore.de, 1
+loopgolf.co, 0
+loophq.com, 1
+loopingtag.eu, 1
+loopingz.com, 1
+loopkey.com.br, 1
+loopool.tk, 1
+looseleafsecurity.com, 1
+lootdog.io, 1
+loothole.com, 1
+loots.eu, 1
+lootslot.com, 1
+lootstudios.com, 1
+loottitan.com, 1
+looxent.com, 1
+lopendvuurtje.tk, 1
+lopes.at, 1
+lophtalmo.cc, 1
+loplovers.tk, 1
+loposchokk.com, 1
+lopp.net, 1
+loqu8.com, 1
+loquo.com, 1
+loqyu.co, 1
+lor.kharkov.ua, 1
+loraincountyohio.gov, 1
+loraincountyrecorder.gov, 1
+lorasong.com, 1
+loratadine10mg.gq, 1
+lorbooks.tk, 1
+lorcalive.co.uk, 0
+lorcamadrid.tk, 1
+lorcanaplayer.com, 1
+lord-design.tk, 1
+lord-of-forex.tk, 1
+lord-voldemort.tk, 1
+lordar.tk, 1
+lordbyron.tk, 1
+lordcaos.tk, 1
+lorddominion.tk, 1
+lordfutbol.tk, 1
+lordgandalf.nl, 1
+lordgeorgeanson.com, 1
+lordgrant.tk, 1
+lordkrishna.tk, 1
+lordlink.net, 1
+lordmusic.tk, 1
+lordofcbd.fr, 1
+lordofthecraft.tk, 1
+lordschimney.com, 1
+lordsesshoumaru.tk, 1
+lordshaokahn.tk, 1
+lordskate.tk, 1
+lordusa.com, 1
+lore.azurewebsites.net, 1
+loreedeslandes.com, 1
+loremipsum.info, 1
+lorena-salido.tk, 1
+lorenadumitrascu.ro, 1
+lorengraff.net, 1
+lorenstudioo.com, 1
+lorenz-hundler.co, 1
+lorenzgoossens.be, 1
+lorenzocampagna.myqnapcloud.com, 1
+lorenzodallaga.com, 1
+lorenzodeangelis.tk, 1
+lorenzoprinci.com, 1
+loreofthenorth.com, 1
+loreofthenorth.net, 1
+loreofthenorth.nl, 1
+loricozengeller.com, 1
+lorimar.bg, 1
+lorimullins.com, 1
+lorine.tk, 1
+lorisfnotary.com, 1
+lorisvelos.ch, 1
+loritaboegl.de, 1
+lorn.tk, 1
+lornabenes.com, 1
+lornategeorge.tk, 1
+lornosa.com, 1
+lorqui.tk, 1
+lorucreative.fi, 1
+los-diablos.tk, 1
+los11mandamientos.tk, 1
+losangelescarpetcleaning.com, 1
+losangelesduiattorney.com, 1
+losangelesprivatejets.com, 1
+losangelestown.com, 1
+losaucas.tk, 1
+losbandidosdelahoya.tk, 1
+losblancosalbania.cf, 1
+losbunkerschile.tk, 1
+loscamaradasmc.net, 1
+loschilums.tk, 1
+loschuchos.tk, 1
+losconsoladores.com, 1
+losdelapobla.tk, 1
+losdelcyber.tk, 1
+losdelsotano.tk, 1
+losderover.be, 1
+losdeshollinadores.es, 1
+losdingos.tk, 1
+losdisidentes.tk, 1
+losdrogatones.tk, 1
+lose-weight-now.ml, 1
+losedata.tk, 1
+losemperadores.tk, 1
+loser.wtf, 1
+losespiritus.tk, 1
+loseweightbaby.tk, 1
+loseweightin5days.tk, 1
+losfiesteros.tk, 1
+losflamers.tk, 1
+losfugitivos.tk, 1
+losfuocos.tk, 1
+losgringos.tk, 1
+loshalcones.tk, 1
+loshogares.mx, 1
+losinterrogantes.com, 1
+losjardines.tk, 1
+loslegendarios.tk, 1
+losless.fr, 1
+loslunesalrock.tk, 1
+losmaniatikos.tk, 1
+losmedicamentos.net, 0
+losmejoresgadgets.info, 1
+losmiserables.tk, 1
+losmolinos.tk, 1
+losnervios.tk, 1
+loson.cz, 1
+losopkos.tk, 1
+lospadillas.com, 1
+lospadrinosmagicos.tk, 1
+lospegotes.tk, 1
+lospozuelos.tk, 1
+losratonescoloraos.tk, 1
+losrosales.tk, 1
+losrso.tk, 1
+loss.no, 1
+lossaicos.tk, 1
+lossandthemourningafter.com, 0
+lost-bit.tk, 1
+lost-illusions.tk, 1
+lost-perdidos-hiatus.tk, 1
+lostandfound.mu, 1
+lostandfoundsoftware.com, 1
+lostarkstats.com, 1
+lostarq.com, 1
+lostbubblegame.com, 1
+lostcork.com, 1
+lostcosmonaut.cc, 1
+lostfest.co.uk, 1
+lostfield.tk, 1
+lostfilm-tv.ru, 1
+losthighway.tk, 1
+lostinfilm.org.uk, 1
+lostinfood.co.uk, 1
+lostinlove.tk, 1
+lostinside.tk, 1
+lostinweb.eu, 0
+lostkeys.co.uk, 1
+lostluma.net, 1
+lostproperty.org, 1
+lostprophetschile.tk, 1
+lostsandal.com, 1
+lostsandal.io, 1
+lostserial.cf, 1
+lostserver.com, 1
+loststudios.net, 1
+losttv.tk, 1
+lostwithdan.com, 1
+lostwithiel.org.uk, 1
+lostwithielcommunitycentre.org.uk, 1
+lostwoods.tk, 1
+losviajesdequimyelena.com, 1
+losyandex.tk, 1
+loszucoz.tk, 1
+lotc.cc, 1
+loteamentoabertocapivari.com.br, 1
+lotekk.gq, 1
+lotereiki.tk, 1
+loteriasdominicana.com.do, 1
+lothai.re, 1
+lothlorien.ca, 0
+lotimena.com, 1
+lotl.ru, 1
+lotn.mobi, 1
+lotnonline.com, 1
+lotnonline.net, 1
+lotnonline.nl, 1
+loto-king.com, 1
+lotocash.com, 1
+lotoperu.com, 1
+lotoquine.io, 1
+lotos-ag.ch, 1
+lotro-wiki.com, 1
+lottarewards247.com, 1
+lotteo.com, 1
+lotteryking.net, 1
+lotto.com, 1
+lotto.gt, 1
+lotto.ht, 1
+lotto.monster, 1
+lottobazar.com, 1
+lottodatabase.com, 1
+lottohoy.com, 1
+lottolive24.com, 1
+lottologics.com, 1
+lottolooting.com, 1
+lottomat.com, 1
+lottomonks.com, 1
+lottonigeria.com, 1
+lottopark.com, 1
+lottos.com.au, 1
+lottosonline.com, 1
+lottothaipro.com, 1
+lottoxworld.com, 1
+lottozambia.com, 1
+lotusbook247.com, 1
+lotusdiving.net, 1
+lotuselise.tk, 1
+lotusweb.tk, 1
+lotuswebsolutions.tk, 1
+lotw.de, 1
+lou.ist, 1
+lou.lt, 1
+louange-reconvilier.ch, 0
+louboutin.tk, 1
+louboutinshoessale.tk, 1
+loud-dragon.tk, 1
+loudcloudhealth.com, 1
+louddesignstudios.com, 1
+louderfaster.co.uk, 1
+loudersent.ga, 1
+loudly.com, 1
+loudmouth.tk, 1
+loudontn911.gov, 1
+louerunhacker.fr, 1
+louest.ch, 1
+loueurmeublegestion.expert, 1
+louhiranta.fi, 1
+louhomeworkouts.com, 1
+louisa.tk, 1
+louisacounty.gov, 1
+louisacountyia.gov, 1
+louisapolicefoundation.com, 1
+louisapolicefoundation.org, 1
+louisdefunes.tk, 1
+louisefar.tk, 1
+louisemisellinteriors.co.uk, 1
+louiserutkowski.tk, 1
+louisianalifesciences.gov, 1
+louisianamo.gov, 1
+louisianamusicfactory.com, 1
+louisiananetzero.gov, 1
+louisiananursery.com, 1
+louisianarural.gov, 1
+louisianassbci.gov, 1
+louisroyer.ovh, 1
+louisville.gov, 1
+louisvillecarguys.com, 1
+louisvilleconnections.ga, 1
+louisvillefilmfestival.org, 1
+louisvillene.gov, 1
+louisvilleohio.gov, 1
+louiza.tk, 1
+loujaxx.net, 1
+loukas-stoltz.fr, 1
+loukkos.ma, 1
+loune.net, 1
+lounge.guide, 1
+loungecafe.net, 1
+loungecafe.org, 1
+loungepass.com, 1
+loupcountyne.gov, 1
+lourdes.love, 1
+lourdesigns.tk, 1
+lourencolar.com, 1
+lourissa.tk, 1
+lourorestaurante.pt, 1
+loursaint.tk, 1
+lousingchaphu.com, 1
+lousoyolos.fr, 1
+loutro.tk, 1
+louwlemmer.com, 1
+louyu.cc, 1
+lovcasino.com, 1
+love-and-hate.cf, 1
+love-books.ga, 1
+love-navigator.tk, 1
+love-palestine.com, 1
+love-planeta.tk, 1
+love-sent.com, 1
+love-spells-tarot.com, 1
+love4musik.com, 1
+love4taylor.eu.org, 1
+love4taylor.xyz, 1
+loveai.org, 0
+loveamber.me, 1
+loveandloyalty.se, 1
+lovebeingsexy.co.uk, 1
+lovebigisland.com, 1
+lovebirdhut.tk, 1
+lovebo9.com, 1
+lovebo9.net, 1
+lovebombed.wtf, 1
+lovebug.beauty, 1
+lovechester.com, 1
+lovecrystal.co.uk, 1
+lovecsnov.tk, 1
+lovedaleschool.tk, 1
+lovedutch.tk, 1
+lovegpl.com, 1
+lovehairstyles.com, 1
+loveholidays.com, 1
+loveinabox.pt, 1
+loveismore.de, 0
+loveismore.es, 0
+loveismore.eu, 0
+loveismore.fr, 0
+loveismore.it, 0
+loveismore.org, 0
+loveismore.pl, 0
+loveismore.ru, 0
+loveismore.sk, 0
+loveismystyle.tk, 1
+loveisourweapon.com, 1
+lovejms.com, 1
+lovejoymethodist.org, 1
+lovelandelec.com, 1
+lovelee.tk, 1
+lovelens.li, 0
+loveless.ml, 1
+lovelive-anime.jp, 1
+lovelive-anime.tk, 1
+lovelive.us, 1
+lovelivewiki.com, 1
+lovell.co.uk, 1
+lovellgov.com, 1
+lovelybook4u.gq, 1
+lovelyfamilymm.com, 1
+lovelylanguedoc.com, 0
+lovelytimes.net, 1
+lovemaker.se, 1
+lovemanagementaccounts.co.uk, 1
+lovemasjid.com, 1
+lovememories.cf, 1
+lovemen.cc, 1
+lovemiku.info, 1
+lovemoon.tk, 1
+lovemybubbles.com, 1
+lovenet.tk, 1
+loveni.me, 1
+lovenwishes.com, 1
+loveplanets.tk, 1
+lover-bg.com, 1
+lovereligion.tk, 1
+loverepublic.ru, 1
+loverngifts.com, 1
+loverussiangirls.tk, 1
+loveshop.pt, 1
+lovesmagical.com, 0
+lovesolutiondua.com, 1
+lovesquirting.com.br, 1
+lovessentials.com, 1
+lovetablecloths.co.uk, 1
+lovetarot.jp, 1
+lovethatmakeup.tk, 1
+lovetheprint.co.za, 1
+lovetime.co.il, 1
+lovetowork.tk, 1
+loveuno.com, 1
+loveweddingphotosandfilm.co.uk, 0
+loveyouhome.ua, 1
+lovg.ren, 1
+lovi.at, 1
+lovin.ga, 1
+lovin.tk, 1
+loving-house.com, 1
+lovingbody.yoga, 1
+lovink.net, 1
+lovinoes.de, 1
+lovlyhorses.tk, 1
+lovlyluna.net, 1
+lovlyluna.org, 1
+lovstabanan.se, 1
+low-battery.tk, 1
+low-diets.com, 1
+lowcarbdietmealsmsk.ga, 1
+lowcarbspark.com, 1
+lowcosthost.cf, 1
+lowcostivf.net, 1
+lowcostwire.com.au, 1
+lowell85.com, 1
+lowendblog.com, 1
+loweporn.com, 1
+lower-level.tk, 1
+lower.nu, 1
+lowerchancefordtwppa.gov, 1
+lowercostcalls.com, 1
+lowermydrinking.com, 1
+lowerpricefinder.com, 1
+lowerthetone.com, 1
+lowesprotect.com, 1
+lowlab.io, 1
+lowlevelmusic.com, 1
+lowmagnitude.com, 1
+lowndes-al.gov, 1
+lowriderz.tk, 1
+lowsec.space, 1
+lowtempind.com, 1
+loyaleco.it, 1
+loyaliplaw.com, 1
+loyaltech.ch, 1
+loyaltech.tk, 1
+loyaltyreviewers.ga, 1
+loyisa.cn, 1
+loyloy.net, 1
+loyolahs.edu, 1
+loyverse.town, 1
+lozhka-mernaya.tk, 1
+lp-support.nl, 0
+lp177.fr, 1
+lpc.fun, 1
+lpcd-lafla.gov, 1
+lpcdops-lafla.gov, 1
+lpchemicalsolution.tk, 1
+lpcom.de, 1
+lpdp.photo, 1
+lpemprestimos.online, 1
+lpfan.tk, 1
+lph.saarland, 1
+lphispano.tk, 1
+lpiem.fr, 1
+lpkosovo.tk, 1
+lplbullets.com, 1
+lpmkonji.cf, 1
+lpnjobsite.com, 1
+lpnm.us, 1
+lps.in.ua, 1
+lpt-nebreziny.cz, 1
+lpt-nebreziny.eu, 1
+lptami.gov, 1
+lqa.org.uk, 1
+lqd.plus, 1
+lqhi.cn, 1
+lqy.me, 1
+lr-expert.ru, 1
+lra-cloud.de, 1
+lrbm.com, 1
+lrc.cn, 1
+lrcr.ch, 0
+lrdo.net, 0
+lrfix.com, 1
+lriese.ch, 1
+lrn.com, 1
+lroc.com.au, 1
+lrq.icu, 1
+lrssystems.com, 1
+lrumeq.com, 1
+lrv-grobbendonk.tk, 1
+ls-alarm.de, 1
+ls-rp.es, 1
+lsbricks.com, 1
+lsbttiq.org, 1
+lsc-dillingen.de, 1
+lsc-mn.gov, 1
+lsc.ee, 1
+lsc.moe, 1
+lscache.de, 1
+lsd.cat, 1
+lsdev.biz, 1
+lsfnet.org, 1
+lsg2021acm.com, 1
+lshiy.com, 1
+lshydrogenmethane.cz, 1
+lskgreenacquisition.com, 1
+lskgreencomponent.com, 1
+lskgreendevelop.com, 1
+lskgreenenergy.com, 1
+lslbc.gov, 1
+lspdonline.gq, 1
+lsquo.com, 1
+lsscreens.de, 1
+lstlx.com, 1
+lstma.com, 1
+lstu.tk, 1
+lsupg.com, 1
+lsxteam.tk, 1
+lsy.cn, 1
+lsys.ac, 1
+lszj.com, 1
+lt.search.yahoo.com, 0
+lt27.de, 1
+ltaake.com, 1
+ltailshort.tk, 1
+ltba.org, 1
+ltcfeds.com, 1
+ltcwaterwijk.nl, 1
+ltdev.im, 1
+ltecode.com, 1
+ltgc.cc, 1
+lthcastings.com, 0
+ltheinrich.de, 1
+ltib.com.au, 1
+ltime.ml, 1
+ltlec.cn, 1
+ltlec.com, 0
+ltlec.net, 1
+ltlec.services, 1
+ltls.org, 1
+ltmw.xyz, 1
+ltn-tom-morel.fr, 1
+ltn.pw, 1
+lto.ru, 1
+ltonlinestore.in, 0
+ltransferts.com, 1
+ltservers.net, 1
+lty.best, 1
+lty.space, 1
+ltycode.org, 1
+lu-rp.es, 1
+lu.search.yahoo.com, 0
+lu2343.com, 1
+luacustica.tk, 1
+luademelsexshop.com, 1
+lual.tk, 1
+luanvancaohoc.com, 1
+luanxt.tk, 1
+luathungson.vn, 1
+lubar.me, 1
+lubosabo.tk, 1
+lubot.net, 1
+lubotodorov.com, 1
+luc-nutrition.tk, 1
+luc-oberson.ch, 0
+luc.li, 1
+luca-app.de, 1
+luca-steeb.com, 1
+lucaconrads.de, 1
+lucade.ddns.net, 0
+lucafontana.net, 1
+lucafrancesca.me, 1
+lucakrebs.de, 1
+lucaplus.com, 1
+lucarautti.com, 1
+lucarelli.fr, 1
+lucasartsclassics.com, 1
+lucasbastos.com, 1
+lucasbergen.ca, 1
+lucascantor.com, 1
+lucascaton.com.br, 1
+lucascosta-ido.ml, 1
+lucascountyohiovotes.gov, 1
+lucasdamasceno.com, 1
+lucasem.com, 1
+lucasg.org, 1
+lucasgymnastics.com, 1
+lucasjag.com.br, 1
+lucaslarson.net, 1
+lucasmateus.ga, 1
+lucasmz.eu.org, 1
+lucciolachile.com, 1
+lucdethier.be, 1
+luce.life, 1
+lucentioluo.space, 1
+lucentt.co.nz, 1
+lucenttour.tk, 1
+lucerin.ga, 1
+lucesledsbaratas.shop, 1
+luchalibre.tk, 1
+luchandro.tk, 1
+luchshie-experty.top, 0
+luchthavenmaastricht.nl, 1
+luchtspoor.nl, 1
+lucia-art.cf, 1
+lucia-riemer.de, 1
+lucid-light.de, 1
+lucid-reality.ch, 1
+lucidea.com, 1
+lucidframeworks.com, 1
+lucidlabs.in, 1
+lucidlink.com, 1
+lucidmedia.co.nz, 1
+lucidoccult.com, 1
+lucidplumbing.com.au, 1
+lucidya.com, 1
+lucie-parizkova.cz, 1
+lucielavickova.com, 1
+luciferblog.tk, 1
+luciferianism.tk, 1
+lucifevesdaubrac.fr, 1
+lucille-thomas.fr, 1
+lucillewillemsen.tk, 1
+luciobarcellona.it, 1
+luciogelsi.com, 1
+lucishere.cz, 1
+luciusweb.es, 1
+luckblock.net, 1
+luckblock.site, 1
+luckibots.de, 1
+lucklesslovelocks.com, 1
+luckmoneymyth.com, 1
+lucko.me, 1
+luckperms.net, 1
+lucksh.ga, 1
+lucksh.gq, 1
+lucksh.tk, 1
+luckwi.gov, 1
+lucky-bul.tk, 1
+lucky-frog.co.uk, 1
+lucky-time.tk, 1
+lucky13strategies.com, 1
+luckyabonent.ml, 1
+luckybeantravel.com, 1
+luckyblockland.fr, 1
+luckycasino.se, 1
+luckycastles.co.uk, 1
+luckycloud.de, 1
+luckydag.com, 1
+luckydoglodge.net, 1
+luckyemail.ml, 1
+luckyfrog.hk, 1
+luckymice.ml, 1
+luckyrent.tk, 1
+luckystorevn.com, 1
+luckyxf.com, 1
+lucloud.top, 1
+luclu7.fr, 1
+lucorautopartes.com, 1
+lucrar.pt, 1
+lucschiltz.com, 1
+luctam.com, 1
+lucychan.tk, 1
+lucyhancock.tech, 1
+lucymontebello-arte.com, 1
+lucyparsonslabs.com, 1
+lucysan.net, 1
+lucz.co, 1
+ludasmith.co.uk, 1
+lude.tk, 1
+ludek.biz, 1
+luden.tk, 1
+ludika.tk, 1
+ludikovsky.name, 1
+ludivine-viguie.com, 1
+ludmilla.tk, 1
+ludmillaewagner.ga, 1
+ludo-giuly.tk, 1
+ludofantasy.fr, 1
+ludogogy.co.uk, 1
+ludogue.net, 1
+ludolust.tk, 1
+ludomo.de, 1
+ludong365.com, 1
+ludotech.tk, 1
+ludovic-frank.fr, 1
+ludovic-muller.fr, 1
+ludovic.com.br, 1
+ludovicfernez.com, 1
+ludovicozitelli.it, 1
+ludum-polus.xyz, 1
+ludum.pl, 1
+ludunwayoo.com, 1
+ludwig.im, 1
+ludwigjohnson.se, 1
+ludwigpro.net, 1
+ludwigsburger-brauhaus.de, 1
+luedeke-bremen.eu, 1
+lueersen.homedns.org, 1
+luehne.de, 1
+luelistan.net, 0
+luematecidos.com, 1
+luematecidos.com.br, 1
+luenwarneke.com, 1
+lufa.com, 1
+luffyhair.com, 1
+luftbild-siegerland.de, 1
+luftfilterbegehren.at, 1
+luftreiniger.biz, 1
+lugandbezel.com, 1
+lugaresturisticosdeguatemala.ga, 1
+lugaway.com, 1
+luggagecare.com, 1
+lugimax.com, 1
+luginbuehl.be, 1
+luginbuehl.eu, 1
+lugobama.tk, 1
+lugros.tk, 1
+lugui.in, 1
+lui.vn, 1
+luijken-naturephotography.com, 1
+luijten.it, 1
+luinonotizie.it, 1
+luis-portfolio.es, 1
+luis.ee, 1
+luis.fi, 0
+luisa-birkner.de, 1
+luisafernandapenuela.com, 1
+luisanalopilatogrecia.tk, 1
+luisaviles.tk, 1
+luisbacher.tk, 1
+luisbustamante.mx, 1
+luisfreire.ml, 1
+luisillo.tk, 1
+luisjosesaldana.com, 1
+luismiguelcolombia.tk, 1
+luisnavarrosl.tk, 1
+luisnet.tk, 1
+luisrubiqwe.ml, 1
+luisv.me, 1
+luisvmf.com, 1
+luisvmf.tk, 1
+luisyr.com, 1
+luiza-fashion.com, 1
+luiza.ga, 1
+luizafigueiredo.com.br, 1
+luje.net, 1
+luje.nl, 1
+lujin.ml, 1
+luk.earth, 1
+luk.photo, 1
+lukas-gorr.de, 1
+lukas-meixner.com, 1
+lukas-schauer.de, 1
+lukas-webdesign.tk, 1
+lukas.im, 1
+lukas21.com, 1
+lukas2511.de, 1
+lukasapetra.com, 1
+lukasberan.com, 1
+lukasberan.cz, 1
+lukasbures.com, 1
+lukasfelder.tk, 1
+lukasgimberis.com, 1
+lukaskollmer.de, 1
+lukasldc.com, 1
+lukasmatuska.cz, 0
+lukasrod.cz, 1
+lukasschauer.de, 1
+lukasunger.cz, 1
+lukasunger.net, 1
+lukasw.tk, 1
+lukaswiden.com, 1
+lukaszczyk.de, 1
+lukaszderlatka.pl, 1
+lukaszuk.pl, 1
+lukaszwojcik.com, 1
+lukaszwojcik.net, 1
+lukatz.de, 1
+luke.id, 1
+luke6887.me, 1
+lukeandjesse.wedding, 1
+lukeistschuld.de, 1
+lukekuza.com, 1
+lukekuza.me, 1
+lukem.eu, 1
+lukem.net, 1
+lukeplant.me.uk, 1
+luker.org, 1
+lukersallamericanstorage.com, 1
+lukersstorage.com, 1
+lukerstorage.com, 1
+lukertech.net, 1
+lukesbouncycastlehire.com, 1
+lukestert.com, 1
+lukesutton.info, 1
+lukeswiki.eu, 1
+luketscharke.com, 1
+lukezweb.tk, 1
+lukin.ga, 1
+lukka.tk, 1
+lukmanulhakim.id, 1
+lukolab.lt, 1
+lukonet.com, 1
+lukullpizza.de, 1
+lule-kendo.tk, 1
+lullugun.net, 1
+luls.tk, 1
+luluca.com.br, 1
+luludapomerania.com, 1
+lulugold.ba, 1
+lumacurve.com, 1
+lumaesthetic.co.uk, 1
+lumapr.com, 1
+lumbardhi.tk, 1
+lumbercartel.ca, 1
+lumberjackman.tk, 1
+lumbre-encendedores.com, 1
+lumchan.tk, 1
+lumenapp.com, 1
+lumenore.com, 0
+lumentell.us, 1
+lumer.tech, 1
+lumi.com, 1
+lumien.net, 1
+lumieredesoy.com, 1
+lumieresurlourdes.com, 1
+luminal-creation.com, 1
+luminaproject.ml, 1
+luminariagames.com, 1
+luminary.pl, 1
+lumindigital.com, 0
+lumineled.se, 1
+lumingze.eu.org, 1
+luminia-informatique.fr, 1
+lumitop.com, 1
+lumixtar.com, 1
+lummi-nsn.gov, 1
+lummihealth.gov, 1
+lumminary.com, 1
+lumoa.me, 1
+lumoria.eu, 1
+lumos.gallery, 1
+lumpenrock.tk, 1
+lumpov.com, 1
+lumpy.ga, 1
+lumsa.university, 1
+lumsdens.ga, 1
+lumus-grafikdesign.de, 1
+lumweb.tk, 1
+luna-corazon.net, 1
+luna-love.net, 1
+luna.ro, 1
+lunaballoonclub.com.au, 1
+lunaburner.ml, 1
+lunaclan.tk, 1
+lunacraft.ga, 1
+lunadea.tk, 1
+lunademiel.org, 1
+lunafag.ru, 1
+lunagiftables.com, 1
+lunagrill.com, 1
+lunalove.de, 1
+lunalovely.net, 1
+lunaluna.com, 1
+lunalya.de, 1
+lunanova.moe, 1
+lunaonline.tk, 1
+lunapps.com, 1
+lunar6.ch, 0
+lunares.pl, 1
+lunarflake.com, 1
+lunarhost.cf, 1
+lunaribes.ch, 1
+lunarlog.com, 1
+lunarshark.com, 1
+lunarsoft.net, 1
+lunartail.nl, 1
+lunarum.tk, 1
+lunascope.ru, 1
+lunasqu.ee, 1
+lunastrail.com, 1
+luncfreak.com, 1
+lund.se, 1
+lundlist.net, 1
+lundscape.com, 1
+lune-indigo.ch, 0
+lune.gay, 1
+lunekes.com, 1
+lunenburg-gilmanvt.gov, 1
+lunenburgva.gov, 1
+lunepieters.co.za, 1
+lunextd.com, 1
+lungta.pro, 1
+lunguflorin.ro, 1
+lungvictorycarpet.com, 1
+luniak.net, 1
+lunidea.ch, 0
+lunight.ml, 1
+lunite.net, 1
+lunite.tk, 1
+lunivertdelyne.fr, 1
+lunix.io, 1
+lunk.it, 1
+lunlixiaozhan.icu, 1
+luntadila.ga, 1
+lunulanails.nl, 1
+luochunhui.com, 1
+luoe.me, 1
+luoh.cc, 1
+luoh.me, 1
+luohua.im, 1
+luojan.com, 1
+luoli.one, 1
+luoliguan10.com, 1
+luoliguan11.com, 1
+luoliguan12.com, 1
+luoliguan13.com, 1
+luoliguan14.com, 1
+luoliguan15.com, 1
+luoliguan17.com, 1
+luoliguan18.com, 1
+luoliguan4.com, 1
+luoliguan5.com, 1
+luoliguan6.com, 1
+luoliguan9.com, 1
+luonggia.tk, 1
+luongvu.com, 0
+luongyen.com, 1
+luoshifeng.com, 1
+luotianyi.online, 1
+luowu.cc, 1
+luoxingyu.ml, 1
+lupa.cz, 1
+lupakode.com, 0
+luparacoes.com.br, 1
+lupecode.com, 1
+lupinencyclopedia.com, 1
+lupnix.org, 1
+lupocattivoblog.com, 1
+luppa.loan, 1
+lupriflex.com, 1
+luqsus.pl, 1
+lurishop.com.br, 1
+lurkmirror.ml, 1
+lushclub.tk, 1
+lushersolutions.com, 1
+lushnikov-alex.ru, 1
+lushnja.tk, 1
+lusis.fr, 1
+lusitom.com, 1
+luso-livros.net, 1
+lusoft.cz, 1
+lusometeo.com, 1
+lusosider.pt, 1
+lusson.fr, 1
+lust-lingerie.com, 1
+lust.works, 1
+lustanslakejer.tk, 1
+lusteniny.cz, 1
+lustgarten.org, 1
+lustiger-kellner.de, 1
+lustigetweets.at, 1
+lustrecloud.art, 1
+lusynth.com, 0
+lut.im, 1
+luteijn.biz, 1
+luteijn.cloud, 1
+luteijn.email, 1
+lutendo.com, 1
+lutesite.tk, 1
+lutherus.tk, 1
+lutify.me, 1
+lutoma.org, 1
+lutricia.tk, 1
+lutruwita.com, 1
+luukaslindsey.tk, 1
+luukdebruincv.nl, 0
+luukklene.nl, 1
+luukuton.fi, 1
+luuppi.fi, 1
+luv-scent.com, 1
+luv.asn.au, 1
+luv2watchmycam.com, 1
+luvare.com, 1
+luvey.com, 1
+luvmihome.com, 1
+luvscent.com, 1
+lux-house.tk, 1
+luxanos.com, 1
+luxarchive.tk, 1
+luxaterra.com, 1
+luxcaravan.com, 0
+luxcraft.eng.br, 0
+luxden.com, 1
+luxe-in.gr, 1
+luxe.digital, 1
+luxebadkameraccessoires.nl, 1
+luxegram.co, 1
+luxehomecompany.com, 1
+luxelyhome.com, 1
+luxemburgsite.tk, 1
+luxeturf.com.au, 1
+luxfosdecoenterprise.com, 1
+luxhair.com.ua, 1
+luxhome.tk, 1
+luxinfine.su, 1
+luxinmo.com, 1
+luxonengineering.com, 1
+luxonmx.com, 1
+luxosemimos.com.br, 1
+luxoticlingerieandswimwear.com, 0
+luxplay.com.tw, 1
+luxsat.tk, 1
+luxsci.com, 1
+luxstil.ga, 1
+luxur.is, 1
+luxure.cl, 1
+luxuryandexecutivetravel.co.uk, 1
+luxurydress.tk, 1
+luxuryfashion.hu, 1
+luxurygifts.tk, 1
+luxuryhome.co.id, 1
+luxuryhomeinfo.tk, 1
+luxuryhomenews.tk, 1
+luxuryhomepro.tk, 1
+luxuryhomerebuild.tk, 1
+luxuryhomeuk.tk, 1
+luxuryhomeusa.tk, 1
+luxuryhous.ru, 1
+luxuryislandtrips.com, 1
+luxurynsight.net, 0
+luxuryoutbacktours.com.au, 1
+luxuryportal.net, 1
+luxuryspeed.tk, 1
+luxurystays.in, 1
+luxurythatlasts.com, 1
+luxurywatchesworldwide.com, 1
+luxuryweddingsindonesia.com, 1
+luxushair.com, 1
+luxusy.pl, 1
+luxuszugreisen.info, 1
+luxvacuos.net, 1
+luxwatch.com, 1
+luyckx.net, 1
+luyungterd.com, 0
+luzfaltex.com, 1
+luzi-type.ch, 1
+luzica.tk, 1
+lv.lk, 1
+lv.search.yahoo.com, 0
+lv0.it, 0
+lv5.top, 1
+lvcshu.com, 1
+lvdgroup-innov8.com, 1
+lvdr.tech, 1
+lvee.org, 1
+lvfc.co, 1
+lvftw.com, 1
+lvg-heidelberg.info, 1
+lvguitars.com, 1
+lvkasz.us, 1
+lvkaszus.pl, 1
+lvlv.cf, 1
+lvna.capital, 1
+lvnacapital.com, 1
+lwb.pt, 1
+lwd-temp.top, 1
+lwems.co.uk, 1
+lwgwiki.com, 1
+lwis.me, 1
+lwisa.ma, 1
+lwl-foej-bewerbung.de, 1
+lwl.moe, 1
+lwnlh.com, 1
+lwqwq.com, 1
+lwsl.ink, 1
+lx-blog.cn, 1
+lx-is.lu, 1
+lxai.net, 1
+lxd.cc, 0
+lxd.tw, 1
+lxiii.eu, 1
+lxiv.eu, 1
+lxn.re, 1
+lxnchan.cn, 1
+lxshowcnc.com, 1
+lxx4380.com, 1
+lxx77.com, 1
+ly-nux.fr, 1
+lyam.fr, 1
+lyanaprintable.com, 1
+lyap-lyandiya.ga, 1
+lyax.be, 1
+lycan.me, 1
+lyceum.lk, 1
+lychankiet.name.vn, 0
+lycly.me, 1
+lydianibley.com, 1
+lydiawebfans.tk, 1
+lydudlejning.net, 1
+lyfbits.com, 1
+lyfepyle.com, 1
+lyftrideestimate.com, 1
+lyftservice.se, 1
+lyklasmidur.is, 1
+lykope.com, 1
+lyla-pressing.com, 1
+lyme-regis-accommodation.co.uk, 1
+lymia.moe, 1
+lymiahugs.com, 1
+lyna.ml, 1
+lyncag.org, 1
+lyncoin.com, 1
+lyndhurstohio.gov, 1
+lyndo.ga, 1
+lyndontownshipmi.gov, 1
+lynero.dk, 1
+lyness.io, 1
+lyness.uk, 1
+lyngvaer.no, 1
+lynho.com.br, 1
+lynk.hopto.org, 1
+lynkmi.com, 1
+lynnbosten.nl, 1
+lynnco.com, 1
+lynndye.com, 1
+lynnejeancleaning.com, 1
+lynnellneri.com, 1
+lynnesbian.space, 1
+lynnfieldhigh97.com, 1
+lynnfieldma.gov, 1
+lynnlaytonnissanparts.com, 1
+lynnvartan.com, 1
+lynth.io, 1
+lynthium.com, 1
+lynwilliams.com, 1
+lynwoodca.gov, 1
+lynx-webservice.com, 1
+lynx.nl, 1
+lynxbroker.com, 1
+lynxbroker.cz, 1
+lynxbroker.pl, 1
+lynxbroker.sk, 1
+lynxriskmanager.com, 1
+lyodiet.it, 1
+lyon-interactive.com, 1
+lyon-synergie.com, 1
+lyonelkaufmann.ch, 0
+lyonliving.com, 1
+lyonsbytes.com, 1
+lyontwp-higginsmi.gov, 1
+lyradhealth.com, 0
+lyrae.de, 1
+lyrenhex.com, 1
+lyrex.net, 1
+lyric.co.uk, 1
+lyrica.systems, 1
+lyrical-nonsense.com, 1
+lyricfm.ie, 1
+lyricheaven.com, 1
+lyricsbase.com, 1
+lyricsforyou.gq, 1
+lyricsroll.com, 0
+lyricsupdater.tk, 1
+lyriksidan.ga, 1
+lyrique.ch, 1
+lys.ch, 0
+lysander-hans.com, 1
+lyscnd.com, 1
+lysel.net, 1
+lysergion.com, 1
+lysethcreation.com, 1
+lyst.co.uk, 1
+lyteclinic.com, 0
+lytkins.ru, 1
+lyubov-sovmestimost.cf, 1
+lyuda.tk, 1
+lyukaacom.ru, 1
+lyuks-parfyum.tk, 1
+lyuly.com, 1
+lyx.dk, 1
+lyxel-staging.tk, 1
+lz.lv, 1
+lz.sb, 1
+lz233.ac.cn, 1
+lzcreation.com, 1
+lzqii.cn, 1
+lzwc.nl, 1
+lzwwebsite.tk, 1
+lzzr.me, 1
+m-16.ml, 1
+m-22.com, 1
+m-ast.de, 1
+m-beshr.tk, 1
+m-cert.fr, 0
+m-ch.ml, 1
+m-chemical.com.hk, 1
+m-em.co.jp, 1
+m-enterprise.net, 1
+m-epigrafes.gr, 1
+m-exchange.ml, 1
+m-fashion.com.ua, 1
+m-gaming.tk, 1
+m-generator.com, 1
+m-h-b.fr, 1
+m-hydravlika.com.ua, 1
+m-idea.jp, 1
+m-monitor.pl, 1
+m-mts.ru, 1
+m-nasiri.com, 1
+m-net.de, 1
+m-o-v-i-e.tk, 1
+m-o-x.de, 1
+m-of-love.de, 1
+m-office.pl, 1
+m-producties.nl, 1
+m-team.cc, 1
+m-warrior.tk, 1
+m.ac, 1
+m.facebook.com, 1
+m.mail.ru, 1
+m.me, 1
+m.sb, 1
+m08.co, 1
+m0t0k1ch1.com, 1
+m1-garand-rifle.com, 1
+m132.eu, 1
+m134.eu, 1
+m1d1.black, 1
+m1gun.tk, 1
+m1hax.uk, 1
+m23cal.eu, 1
+m2designer.com.br, 1
+m2dleadership.com, 1
+m2epro.com, 1
+m2i-api.com, 1
+m2icondb.com, 1
+m2il.co, 1
+m2international.com, 1
+m2jest1c.ml, 1
+m2os.com, 1
+m2tm.fr, 1
+m3-software.com, 1
+m360.com.ph, 1
+m36533.com, 1
+m3ntor.tech, 1
+m3rck.ch, 1
+m42-gmbh.de, 1
+m426.ch, 1
+m4all.gr, 1
+m4g.ru, 1
+m4rcus.de, 1
+m5197.co, 1
+m5industries.com, 1
+m5wl5r.com, 1
+m6729.co, 1
+m6729.com, 0
+m6957.co, 1
+m6pub.fr, 0
+m7rxx.com, 1
+m82365.com, 1
+m8593.com, 1
+m9297.co, 1
+m9297.com, 0
+m9397.com, 0
+m9721.com, 0
+m9728.co, 1
+m9t.ch, 1
+ma-bimbo.com, 1
+ma-canne-a-peche.fr, 1
+ma-decheterie-du-domicile.fr, 1
+ma-eir.nl, 1
+ma-lex.ma, 1
+ma-ligne.co, 1
+ma-paroisse.ch, 1
+ma-queue.com, 1
+ma-subvention-electrique.com, 1
+ma-ze-linux.tk, 1
+ma109.org, 1
+ma110.org, 1
+ma162.org, 1
+ma2t.com, 1
+maa2.com, 1
+maaamet.ee, 0
+maadi.tk, 1
+maafushiscuba.com, 1
+maagdesigns.com.uy, 1
+maahchepen.tk, 1
+maaiai.com, 1
+maailm.tk, 1
+maaldrift.tk, 1
+maaleht.ee, 1
+maaret.de, 1
+maarivpn.com, 1
+maarja.edu.ee, 1
+maartenderaedemaeker.be, 1
+maartenvandekamp.nl, 1
+maasstaddinerexpres.nl, 1
+maat.pt, 1
+maatt.ch, 1
+maatt.fr, 0
+maatwerkopruimcoaching.nl, 1
+maatwerkzorgcoaching.nl, 1
+maavaishnowsewatrust.com, 1
+maaya.jp, 1
+mab.com, 1
+maba.tk, 1
+mabankonline.com, 1
+mabelmartinez.es, 1
+mable.com.au, 1
+mableton.gov, 1
+mabnn.org, 1
+mabnn.ru, 1
+mabnn.spb.ru, 1
+mabra.com, 1
+mabusalah.tk, 1
+mac-i-tea.ch, 0
+mac-iphone.com, 1
+mac-world.pl, 1
+mac.biz.tr, 1
+macabeo.bio, 1
+macallan-tls.com, 1
+macallantls.com, 1
+macangus-wainwright.com, 1
+macaos.com, 1
+macapflag.com, 1
+macappstudio.com, 1
+macappstudiobridge.com, 1
+macappstudioprojects.com, 1
+macaque.io, 0
+macarenagomezfan.tk, 1
+macaroons.tk, 1
+macaroonshindig.tk, 1
+macautocouture.ga, 1
+macautocouture.gq, 1
+macautocouture.ml, 1
+macaw.de, 1
+macaw.lt, 1
+macaw.net, 1
+macaws.org, 1
+macbach.com, 0
+maccabi-dent.com, 1
+macchinetedesche.it, 1
+macdj.tk, 1
+macdonaldplasticsurgery.ca, 1
+macedonian-hotels.com.mk, 1
+macedonian-hotels.mk, 1
+macegroup.com, 1
+macehead.tk, 1
+maceinturecuir.com, 1
+maces-net.de, 1
+macgeneral.de, 1
+macgenius.com, 1
+mach-it.com.ar, 1
+mach-politik.ch, 1
+macha.cloud, 1
+machaaltricks.tk, 1
+machbach.com, 1
+machbach.net, 0
+machbel.com, 1
+machelpnashville.com, 1
+machiavelli.tk, 1
+machikka.com, 0
+machin.email, 1
+machinatio.ga, 1
+machine.email, 1
+machinebazar.com, 1
+machineidle.com, 1
+machinerysafety101.com, 1
+machineseeker.com, 1
+machineseeker.es, 1
+machinio.com, 1
+machissenefre.ga, 1
+machled.com.ar, 1
+machmit.tk, 1
+macho-i-botan.tk, 1
+machon.biz, 1
+machosting.jp, 1
+machtweb.de, 1
+machupicchu.tk, 1
+machwasgeil.es, 1
+macil.tech, 1
+macinyasha.net, 1
+macioszektv.eu, 1
+mack-eng.com, 1
+mack.im, 1
+mack.space, 1
+mackanz.tk, 1
+mackenziedatastream.ca, 1
+macker.io, 1
+mackeysack.com, 1
+mackies.ga, 1
+mackinawil.gov, 1
+mackinvia.com, 1
+macksproductions.in, 1
+maclafferty.be, 1
+macleans.ca, 1
+maclemon.at, 1
+macleod.io, 1
+macley.nl, 1
+macmor.com, 1
+macnemo.de, 1
+macnetwork.eu, 0
+macnetwork.fr, 0
+macnetwork.net, 0
+macnews.org, 1
+macnugget.org, 1
+maco.org.uk, 1
+macon.de, 1
+maconcountymo.gov, 1
+maconnerie-dcs.ch, 1
+macosx86.ml, 1
+macoupinvotes.gov, 1
+macpaw.com, 1
+macpress.com.br, 1
+macreosolutions.com, 1
+macroeng.tk, 1
+macroestetica.com, 1
+macrogamer.com, 1
+macropremia.com.ar, 1
+macros.co.jp, 1
+macrosec.tech, 1
+macroseo.tk, 1
+macrotech.tk, 1
+macskorlari.net, 1
+macsoftware.org, 1
+macsonuclari.com.tr, 1
+macsonuclari.mobi, 1
+macstore.pe, 0
+macupdate.com, 1
+macvcure.com, 1
+macvidcards.eu, 1
+mad-in-love.com, 1
+mad-rabbit.com, 1
+mad.es, 1
+mad2moi.com, 1
+madadmin.com, 1
+madae.nl, 1
+madamasr.com, 1
+madamcougar.com, 1
+madameblueimages.com, 1
+madamegarage.nl, 1
+madamemeringue.nl, 1
+madbicicletas.com, 1
+madbin.com, 1
+madbouncycastles.co.uk, 1
+madcloud.io, 1
+madcosao.gov, 1
+madcs.nl, 0
+maddi.biz, 1
+maddie.gay, 1
+maddin.ga, 1
+made-to-usb.com, 1
+made.md, 1
+made2coach.com, 1
+madebydusk.com, 1
+madebyesmel.com, 1
+madebyhand.art, 1
+madebyshore.com, 1
+madebythijmen.nl, 1
+madecenter.com.br, 1
+madechocolaterie.nl, 1
+madeforelle.shop, 1
+madeglobal.com, 1
+madeinabyss-manga-new.com, 1
+madeinamerica.gov, 1
+madeincana.com, 1
+madeincanarias.net, 1
+madeinchezmoi.net, 0
+madeinsport.com, 1
+madeinstudio3.com, 1
+madeinua.com, 1
+madeira.link, 1
+madeiraislandnews.com, 1
+madeiranuncios.pt, 1
+madeitstick.com, 1
+madelynn.me, 0
+mademoe.com, 1
+maden.com, 1
+madenco.nl, 1
+mader.jp, 1
+maderasbrown.com, 1
+madewithcollab.com, 1
+madewithopendata.org, 1
+madewithscience.com, 1
+madeyra.com, 1
+madge.tk, 1
+madhawaweb.tk, 1
+madhon.co.uk, 1
+madhon.com, 1
+madhyrecords.com, 1
+madian.tk, 1
+madinahtech360.com, 1
+madinatalzahra.org, 1
+madinatech360.com, 1
+madinina.tk, 1
+madintouch.com, 1
+madison.com, 1
+madisoncountyalema.gov, 1
+madisoncountyhelps.com, 1
+madisoncountyil.gov, 1
+madisoncountyky.gov, 1
+madisoncountyne.gov, 1
+madisonent-facialplasticsurgery.com, 1
+madisonhind.com, 1
+madisonmobilenotary.com, 1
+madisonpressurewashing.com, 1
+madisonprocaccini.tk, 1
+madisonsjewelersorlando.com, 1
+madisonsquarerealestate.com, 1
+madisontwpmi.gov, 1
+madkids.ga, 1
+madknight.tk, 1
+madlandezboard.tk, 1
+madlife.fr, 1
+madluging.tk, 1
+madmasters.tk, 1
+madmaxstore.it, 1
+madmoizelle.com, 1
+madnetwork.org, 1
+madobe.tk, 1
+madokami.net, 1
+madokami.pw, 1
+madonnadellafibra.gq, 1
+madonnamedia.tk, 1
+madost.one, 1
+madou278.ru, 1
+madprod.tk, 1
+madpsy.uk, 1
+madrakmoadel.ir, 1
+madrasareforms.cf, 1
+madrasareforms.ga, 1
+madrasareforms.ml, 1
+madreacqua.org, 1
+madrecha.com, 0
+madreluna.it, 1
+madresdelacruz.tk, 1
+madrese.tk, 1
+madrespect.com, 1
+madridagency.com, 1
+madride.tk, 1
+madridistas.com, 1
+madscientistwebdesign.com, 1
+madskauts.tk, 1
+madskill.tk, 1
+madskills.tk, 1
+madsklitgaard.dk, 1
+madskristensen.dk, 1
+madspeed-performance.tk, 1
+madsstorm.dk, 0
+madteam.tk, 1
+madtown.tk, 1
+madu369.com, 1
+maduexclusive.com, 1
+maduracion.com, 1
+maduradas.info, 1
+maduradas.net, 1
+madviewer.tk, 1
+madwarlock.com, 1
+mae-berlinistanbul.com, 1
+maedacolo.com.br, 1
+maedchenflohmarkt.at, 1
+maedchenflohmarkt.de, 1
+maeitems.ca, 1
+maeko.fr, 1
+maeliacreation.fr, 1
+maeln.com, 1
+maelstrom-fury.eu, 1
+maelstrom.ninja, 1
+maeplasticsurgery.com, 1
+maeprototipi.it, 1
+maersktankers.com, 1
+maerzpa.de, 1
+maestrocabins.co.uk, 1
+maestrocasas.es, 1
+maestrocasas.pt, 1
+maestrocase.it, 1
+maestrochalet.fr, 1
+maestroholzbau.de, 1
+maestrotuinhuizen.nl, 1
+maeterlinck100.be, 1
+maev.si, 1
+maeva-beauty.com, 1
+maeva-beauty.fr, 1
+maeva.com, 1
+maevelyfotografia.com, 1
+maewongaming.tk, 1
+maff.co.uk, 1
+maff.scot, 1
+mafia-web.tk, 1
+mafiaclan.tk, 1
+mafiaclub.ml, 1
+mafiaforum.de, 1
+mafiagames.tk, 1
+mafiamohaa.tk, 1
+mafiasi.de, 1
+mafiatown.pl, 1
+mafondue.ch, 0
+mafworld.com, 1
+mafy.fi, 1
+magaconnection.com, 1
+magadan.ga, 1
+magadan.gq, 1
+magadan.ml, 1
+magaliff.net, 1
+magaria.ml, 1
+magasindejouets.com, 1
+magasinsalledebain.be, 1
+magasinsalledebain.fr, 1
+magasinsalledebains.be, 1
+magasinsalledebains.fr, 1
+magasinsenfrance.com, 1
+magaso.tk, 1
+magaviva.com, 1
+magazilla.ga, 1
+magazin4ik.ga, 1
+magazinecards.ga, 1
+magazinedabeleza.net, 1
+magazinedotreino.com.br, 1
+magazinhaberi.tk, 1
+magazone.cf, 1
+magazone.gq, 1
+magazone.ml, 1
+magazynauto.pl, 1
+magbt.net, 1
+magdahavas.com, 1
+magdakostyra.pl, 1
+magdalena-pulawska.pl, 1
+magdalenabus.tk, 1
+magdalenatransa.tk, 1
+magdeburg.directory, 1
+magdic.eu, 1
+magebit.com, 1
+magebrawl.com, 1
+magel.io, 1
+magellan-met.ru, 1
+magenbrot.net, 0
+magenda.sk, 1
+magenkompass.de, 0
+magentaize.net, 1
+magentazorg.nl, 1
+magento-ecommerce.co.za, 0
+magentodevelopment.co.uk, 1
+magentrix.com, 1
+magenx.com, 1
+magepro.fr, 1
+magescobd.com, 1
+magewell.nl, 1
+maggianos.com, 1
+maggie-shaw.co.uk, 0
+maggie.gy, 1
+maggiemcgee.tk, 1
+maggot.cf, 1
+maggsy.co.uk, 1
+magi-cake.com, 1
+magiamgiashopee.vn, 1
+magiamgiatot.tk, 1
+magic-3dprint.nl, 1
+magic-cakes.nl, 1
+magic-cards.info, 1
+magic-carpetcleaning.co.uk, 1
+magic-cheerleading.tk, 1
+magic-city.quest, 1
+magic-fly.de, 1
+magic-network.tk, 1
+magic-photo-events.fr, 1
+magic5.ro, 1
+magical-secrets.com, 0
+magical.rocks, 1
+magicalcodewit.ch, 1
+magicalvegas.it, 1
+magicalwishes.tk, 1
+magicamulet.me, 1
+magicball.co, 1
+magicball.ga, 1
+magicbar.tk, 1
+magicbeanschool.com, 1
+magicbroccoli.de, 1
+magiccards.info, 1
+magicdesktop.com, 1
+magicdlp.com, 1
+magicdust.com.au, 1
+magicflora.tk, 1
+magiciansofchaos.tk, 1
+magicitaca.com, 0
+magicjudges.org, 1
+magickmale.de, 1
+magiclen.org, 1
+magicline.com, 1
+magiclogix.com, 1
+magicnethosting.com, 1
+magicomotor.com, 1
+magicorama.com, 1
+magicorange.com, 1
+magicpaper.net, 1
+magicpill.com.au, 1
+magicpowertissue.com, 1
+magicsms.pl, 1
+magicspaceninjapirates.de, 1
+magicstay.com, 1
+magictable.com, 1
+magictallguy.tk, 1
+magicthecreation.tk, 1
+magicvalley.com, 1
+magicvaporizers.at, 0
+magicvaporizers.be, 0
+magicvaporizers.co.uk, 0
+magicvaporizers.com, 0
+magicvaporizers.cz, 0
+magicvaporizers.de, 0
+magicvaporizers.dk, 0
+magicvaporizers.ee, 0
+magicvaporizers.es, 0
+magicvaporizers.fi, 0
+magicvaporizers.fr, 0
+magicvaporizers.gr, 0
+magicvaporizers.hr, 0
+magicvaporizers.hu, 0
+magicvaporizers.ie, 0
+magicvaporizers.it, 0
+magicvaporizers.lu, 0
+magicvaporizers.nl, 0
+magicvaporizers.pl, 0
+magicvaporizers.pt, 0
+magicvaporizers.se, 0
+magicvaporizers.si, 0
+magicvaporizers.sk, 0
+magicvodi.at, 1
+magicvoordeel.nl, 1
+magieshop.nl, 1
+magija.ga, 1
+magikbyte.com, 1
+magique.tk, 1
+magiskmanager.com, 1
+magisterjuris.com, 1
+magisternegi.tk, 1
+magliner.com, 1
+magnacarebroker.com, 1
+magnacumlaude.co, 1
+magnamus.it, 1
+magnate.co, 1
+magnatechnology.com, 1
+magnatronic.com.br, 1
+magneetfolie.nl, 1
+magnes.priv.pl, 1
+magnesium-biomed.ch, 1
+magnesy-neodymowe.com.pl, 1
+magnesy-neodymowe.pl, 1
+magnesy-tanio.net, 1
+magnesy.de, 1
+magnesy.net.pl, 1
+magnesy.priv.pl, 1
+magnet.pub, 1
+magnetar.com, 1
+magnetgaming.com, 1
+magnetic-ink.dk, 1
+magnetic.su, 1
+magneticanvil.com, 1
+magneticarrow.com, 1
+magneticarrowdev.com, 1
+magneticattraction.com.au, 1
+magneticspringsoh.gov, 1
+magnetoai.com, 1
+magnetoscopio.tk, 1
+magnetoterapiapertutti.com, 1
+magnetpass.uk, 1
+magnets.jp, 1
+magnetsdb.com, 1
+magnetto.ga, 1
+magnettracker.com, 1
+magnetvpn.com, 1
+magniezetassocies.fr, 1
+magnifact.com, 1
+magnific.tk, 1
+magniflood.com, 1
+magnit-akciya.tk, 1
+magnitgang.ml, 1
+magnitola.ml, 1
+magnoliadoulas.com, 1
+magnoliastrong.com, 1
+magnoliawi.gov, 1
+magnosautos.ng, 1
+magnumresearch.com, 1
+magnunbaterias.com.br, 1
+magnusdemant.ch, 1
+magnusfulton.com, 1
+magnusj.net, 1
+magnuspro.cz, 1
+magnuspro.sk, 1
+magnuz.tk, 1
+magodasredes.com.br, 1
+magok.ru, 1
+magonote-nk.com, 1
+magornitho.org, 1
+magosmedellin.com, 1
+magraebela.com, 1
+magsdata.com, 1
+magu.kz, 1
+mague.org, 1
+maguire.email, 1
+maguire.tk, 1
+maguroalmare.com.br, 1
+maguspace.com, 0
+maguy-energies.com, 1
+magwin.co.uk, 1
+magyal.hu, 1
+magyarepitok.hu, 1
+mah-nig.ga, 1
+mahabharat.tk, 1
+mahadihasan.cf, 1
+mahadsunnah.com, 1
+mahalaraibanda.ro, 1
+mahali.tk, 1
+mahalux.com, 1
+mahalux.cz, 1
+mahalux.de, 1
+mahalux.eu, 1
+mahanpt.com, 1
+maharishikaa.org, 1
+mahaskacountyia.gov, 1
+mahatenders.gov.in, 1
+mahatmarice.com, 1
+mahatmayoga.org, 1
+mahavirmandirpatna.org, 1
+mahawi.sk, 1
+mahayana.tk, 1
+mahayogam.org, 1
+mahbobmax.tk, 1
+mahboobi.tk, 1
+mahdafweb.tk, 1
+mahealthsurveys.gov, 1
+maherhost.uk, 1
+maheshbabuphotography.tk, 1
+maheshpur.tk, 1
+maheshpurnews24.tk, 1
+maheshwaran.tk, 1
+mahgu.com, 1
+mahi.be, 1
+mahieu-wonen.nl, 1
+mahindrahomefinance.com, 1
+mahirakyildiz.com, 1
+mahjong-navi.com, 1
+mahjong.org, 1
+mahjonggames.tk, 1
+mahjongrush.com, 1
+mahler.io, 1
+mahmalci.net, 1
+mahmoodmehrabi.com, 1
+mahmoodmehrabi.ir, 1
+mahmoudeeb.com, 1
+mahnaz.tk, 1
+mahnwache-luetzerath.org, 1
+mahorka.tk, 1
+mahou-sanmiguel.com, 1
+mahtabichat.ml, 1
+mahtra.edu.ee, 1
+mahurivaishya.co.in, 1
+mahurivaishya.com, 1
+mai.ru, 1
+maiaimobiliare.ro, 1
+maialeechin.com, 1
+maiateam.pt, 1
+maichun.info, 0
+maid.gg, 1
+maid.tk, 1
+maidalawfirm.com, 1
+maidenliput.fi, 1
+maidens.se, 1
+maidenworld.tk, 1
+maidoty.net, 1
+maiebanatulfruncea.com, 1
+maiet.net, 1
+maigesellschaft-lammersdorf.de, 1
+maijia800.com, 1
+maik-mahlow.de, 1
+maikendener.com, 1
+maikhuong.tk, 1
+maikolfish.it, 1
+maikoloc.com, 1
+mail-de.jp, 1
+mail-delivery.ga, 1
+mail-ink.com, 1
+mail-rotter.de, 1
+mail-routing.net, 1
+mail-settings.google.com, 1
+mail-signatures.com, 1
+mail.ch, 1
+mail.co.uk, 1
+mail.com, 1
+mail.cx, 1
+mail.de, 1
+mail.fr, 1
+mail.google.com, 1
+mail.storage, 1
+mail.td, 1
+mail.tm, 1
+mail.yahoo.com, 0
+mail180.com, 1
+mail4you.in, 1
+mailanyzer.com, 1
+mailbase.cf, 1
+mailbox.mg, 1
+mailbox.org, 1
+mailboy.ml, 1
+mailboy.tk, 1
+mailbywire.com, 1
+mailchaud.com, 1
+mailcubexs.tk, 1
+maildrops.tk, 1
+mailer-olivea.cz, 1
+mailer.me, 1
+mailex.cf, 1
+mailexpresso.tk, 1
+mailexx.ga, 1
+mailexx.gq, 1
+mailexx.ml, 1
+mailfence.com, 1
+mailflank.com, 0
+mailflex.my.id, 1
+mailgenius.com, 1
+mailgun.com, 1
+mailhardener.com, 1
+mailia.me, 1
+mailinabox.email, 1
+mailinabox.ml, 1
+mailinaitor.tk, 1
+mailingproduct.tk, 1
+mailingwork.de, 1
+mailinizer.com, 1
+mailinyzer.com, 1
+mailjet.com, 1
+mailjunkey.tk, 1
+maillotdefoot.tk, 1
+maillotfoot.tk, 1
+mailmaid.de, 1
+mailman.ml, 1
+mailmaster.tk, 1
+mailmerc.com, 1
+mailmum.io, 1
+mailnara.co.kr, 1
+mailnerds.de, 1
+mailomat.swiss, 1
+mailon.ga, 1
+mailosaur.com, 1
+mailpass.ml, 1
+mailplus.com.au, 1
+mailsac.com, 1
+mailsend.ml, 1
+mailstart.ga, 1
+mailstation.de, 1
+mailsupport.cz, 1
+mailtelligent.com, 1
+mailtobiz.tk, 1
+mailtracker.ml, 1
+mailum.org, 0
+mailwala.tk, 1
+mailway.io, 1
+mailxpress.ga, 1
+maimaiyeuem.tk, 1
+maimemostatus.com, 1
+main-bvxea6i-sw23ji6z2nxsu.us-4.platformsh.site, 1
+main1.host, 1
+maindrivekew.com.au, 1
+mainechiro.com, 1
+mainehousing.org, 0
+mainelosap.gov, 1
+mainframeserver.space, 1
+mainhattan-handwerker.de, 1
+mainhuyahan.tk, 1
+mainlined.org, 1
+mainserver.co.za, 1
+mainstaysafetywedge.com, 1
+mainstortho.com, 1
+maintainyourwebsite.help, 1
+maintenance-traceur-hp.fr, 1
+maintenanceservice.org, 1
+mainzbiomed.com, 1
+mainzelmaennchen.net, 1
+maioresemelhores.com, 1
+mair.best, 1
+mairamerlotto.com.br, 1
+mairangiautomotive.co.nz, 1
+mairie-landry.com, 1
+mairie-sornay.fr, 1
+mairiedakieni.ga, 1
+mairiedemoncelsurseille.com, 1
+maisallianz.com, 1
+maisapanama.com, 1
+maiscuidar.com, 1
+maiscupoes.com, 1
+maisecom.com.br, 1
+maisempregonet.com, 1
+maisgasolina.com, 1
+maisie.nl, 1
+maison-auriat.fr, 1
+maison-coutin.com, 1
+maison-du-savon-de-marseille.fr, 1
+maison-et-domotique.com, 1
+maison-haimard.fr, 1
+maisonkobe.fr, 1
+maisonmere.group, 1
+maisonpourtous.ca, 1
+maisonsdenfrance-cls.fr, 1
+maisproduzida.com.br, 1
+maistempo.com.br, 1
+maisvitaminas.com.br, 1
+maitemerino.net, 1
+maitheme.com, 1
+maiti.info, 1
+maitlandcashforcars.com.au, 1
+maitrelucas.fr, 1
+maitrise-orthopedique.com, 1
+maitum.de, 1
+maizeks.gov, 1
+maizuru-ongaku-kan.com, 1
+maj.ac, 1
+majahoidja.ee, 1
+majalahponsel.org, 1
+majalmirasol.com, 1
+majameer.com, 1
+majasballites.lv, 1
+majavucic.com, 1
+majaweb.cz, 1
+majelisriyadhah.com, 1
+majemedia.com, 1
+majesnix.org, 1
+majestas.tk, 1
+majestic-files.com, 1
+majestic-rp.ru, 1
+majestic.games, 1
+majestio.tk, 1
+majid.info, 1
+majisign.co.uk, 1
+majkassab.com, 1
+majkassab.net, 1
+majkassab.org, 1
+majkl.me, 1
+majkyto.cz, 1
+majlovesreg.one, 1
+majolka.com, 1
+majorhifi.com, 1
+majorpaintingco.com, 1
+majusainsurance.com, 1
+makaleci.com, 1
+makalu.me, 1
+makanj.tk, 1
+makaradigital.com, 0
+makariza.com.co, 1
+makasetesan.com, 1
+make-a-difference-daily.com, 1
+make-my-link-longer.ml, 1
+make-my-link-longer.xyz, 1
+make.org, 1
+make50aday.tk, 1
+makeacrowd.eu, 1
+makeagif.com, 1
+makeaoffice.nl, 1
+makechanges.com.au, 1
+makedin.net, 1
+makedonija.net.mk, 1
+makeh2o.com, 1
+makeit-so.de, 0
+makeitpopadvertising.com, 1
+makeitshort.ml, 1
+makeitsimple.pt, 1
+makejusticework.org.uk, 1
+makelindazi.com, 1
+makelinks.online, 0
+makellos-kosmetik.de, 1
+makemejob.com, 1
+makemillion.tk, 1
+makemoney-plan.tk, 1
+makemoney.ng, 1
+makemusic-asia.com, 1
+makemypost.com, 1
+makenaiyo-fx.com, 1
+makenprint.uk, 1
+makeovershop.ro, 1
+makepro.net, 1
+maker.systems, 1
+maker.to, 0
+makera.ga, 1
+makerdao.com, 1
+makertown.jp, 1
+makesenseofdata.co.uk, 1
+maketheconnection.net, 1
+maketheneighborsjealous.com, 1
+maketodiet.com, 1
+makeupartistedu.org, 1
+makeupevelinua.cf, 1
+makeupevelinua.ga, 1
+makeupillusion.com, 1
+makeuplove.nl, 1
+makeuppleasure.it, 1
+makeurbiz.com, 1
+makeurl.ml, 1
+makewebbetter.com, 1
+makfra.com, 0
+makhmudov.net, 1
+makhzan.org, 1
+maki-chan.de, 1
+maki-it.de, 1
+makilingchallenge.tk, 1
+making-it.nl, 1
+makingbusinessmatter.co.uk, 1
+makingmemoney.cf, 1
+makingmemoney.ga, 1
+makingmemoney.gq, 1
+makingmemoney.ml, 1
+makingmoneyathome.tk, 1
+makingmoves.gq, 1
+makingmusichappen.com, 1
+makkiyaz.tk, 1
+makkusu.photo, 1
+maklerinfo.biz, 1
+makohu.tk, 1
+makomako.tk, 1
+makonet.com.au, 0
+makos.jp, 1
+makowitz.cz, 1
+makrama.shop, 1
+makromedikal.com.tr, 1
+maksa.ga, 1
+maksima.kh.ua, 1
+maksimmrvica.tk, 1
+maksimyugai.com, 1
+maksmedia.tk, 1
+maksnet.net, 0
+maksonshop.ga, 1
+maksoud-karim.net, 1
+maksport.ml, 1
+maksutov.tk, 1
+maktoob.search.yahoo.com, 0
+makuisa.fi, 1
+makulatura.cf, 1
+makuonline.tk, 1
+makuquina.tk, 1
+makura.fun, 1
+malabarismo.tk, 1
+malacat.com, 1
+malachiteauth.com, 1
+maladie-autoimmune.fr, 1
+malafidezoeker.nl, 1
+malagabaterias.com, 1
+malagarental.com, 1
+malagarental.es, 1
+malahov.tk, 1
+malamutedoalasca.com.br, 1
+malardalenvvs.se, 1
+malareal.com.br, 1
+malariaadvice.gq, 1
+malariabehaviorsurvey.org, 1
+malash.me, 1
+malatyahaberleri.tk, 1
+malavida.tk, 1
+malavirgen.tk, 1
+malayalamtalkies.tk, 1
+malaysia.cf, 1
+malaysia.search.yahoo.com, 0
+malaysiabrands.com.my, 1
+malaysiainternship.my, 1
+malaysianews.ga, 1
+malaysianews.gq, 1
+malaysianews.ml, 1
+malaysianews.tk, 1
+malaysianhairextensions.tk, 1
+malaysiasentral.com, 1
+malaysiatxt.com, 1
+malaysurveys.com, 1
+malcathatochen.co.il, 1
+malcolmellis.com, 1
+malcolmsterling.com, 1
+maldenvotes.com, 1
+maldives-showing.cf, 1
+maldives-showing.ga, 1
+maldives.cx, 1
+maldivestraveller.mv, 1
+male-cats-spray.ml, 1
+malebooks.ml, 1
+malecki.tk, 1
+malecondemusique.fr, 1
+maleevcues.com, 1
+malego.be, 1
+malek3d.com.br, 1
+malekperiodontics.com, 1
+malenaamatomd.com, 1
+malenyflorist.com.au, 1
+malermeister-kessler.de, 1
+malermeister-tichnau.de, 1
+malesoowki.blog, 1
+malevus.com, 1
+maleyco.tk, 1
+maleylabapplications.org, 1
+malezan.com, 1
+malflutningsstofan.is, 1
+malfunction.tk, 1
+malhasgusmao.com.br, 1
+maliar.fr, 1
+malibaby.ga, 1
+malibu-electric.com, 1
+malibudread.fr, 1
+malibuexteriorlighting.com, 1
+malibulingerie.com, 1
+malibumodas.com.br, 1
+maliciousdeath.tk, 1
+malicis.com, 1
+malik.holdings, 1
+malik.id, 1
+malikcomputers.tk, 1
+malikdeenarislamicacademy.tk, 1
+maliksofts.com, 1
+malikussa.id, 1
+malikussaid.com, 1
+malimusavirler.tk, 1
+malinaclub.com, 1
+malinheadview.ie, 1
+malinmethod.com, 1
+malisheva-blog.cf, 1
+malisheva-blog.ga, 1
+maliweb.ml, 1
+malkaso.com.ua, 1
+malkingroup.com.au, 1
+malkiteribki.com, 1
+malkoun.com, 1
+malkovich.cf, 1
+malkovich.ga, 1
+mall.cz, 1
+mall.hr, 1
+mall.hu, 1
+mall.pl, 1
+mall.sk, 1
+mallach.net, 1
+mallasvita.com, 1
+malles.org, 1
+mallgastronomico.com.ar, 1
+mallhabana.com, 1
+malloc.me, 0
+mallofit.com, 1
+mallonline.com.br, 1
+mallorca.tk, 1
+mallorca2024.com, 1
+mallpass.ga, 1
+malltina.com, 0
+malmyzh.tk, 1
+malone.link, 0
+maloneyja.com, 1
+malorita.tk, 1
+malp.cc, 1
+malphisruul.de, 1
+malscan.com, 0
+malsignature.com, 1
+malta-firma.com, 1
+maltarugs.com, 1
+maltasite.tk, 1
+maltaultrastifo.tk, 1
+maltegegner.de, 0
+malu.style, 1
+malvinas-falklands.tk, 1
+malvy.kiev.ua, 1
+malwar.ee, 1
+malwar.eu, 1
+malware.watch, 1
+malwareincidentresponse.com, 1
+malwareinvestigator.gov, 1
+malwaretips.com, 1
+malwarewise.com, 1
+malworld.me, 1
+malwr.ee, 1
+malypiesekzuzi.pl, 1
+mamabatataya.com, 1
+mamacasinos.com, 1
+mamacitaz.com, 1
+mamacoolinar.bg, 1
+mamadoma.com.ua, 1
+mamaisonsherby.ca, 1
+mamamoet.ru, 1
+maman-geek.com, 1
+mamanakormit.tk, 1
+mamanecesitaungintonic.com, 1
+mamanetplus.fr, 1
+mamanzari.com, 1
+mamanzaris.com, 1
+mamaplus.net, 1
+mamaruga.com, 1
+mamasorganizedchaos.com, 1
+mamastyle.store, 1
+mamaxi.org, 1
+mamaznaet.ml, 1
+mambas.cn, 1
+mambos.tk, 1
+mamburao.tk, 1
+mame.cl, 1
+mamijaclean.tk, 1
+mamilitante.fr, 1
+mamilove.com, 1
+mamlaka.ml, 1
+mamlaka.tk, 1
+mammabelly.com.br, 1
+mammaklader.tk, 1
+mammal-taxonomy.tk, 1
+mammals.net, 1
+mammooc.org, 1
+mammothlakesmls.net, 1
+mammothpublishing.org, 1
+mamochka.org.ua, 0
+mamodsteam.tk, 1
+mamohe.de, 1
+mamoni.co, 1
+mamont.cloud, 1
+mamontov.tk, 1
+mamopracuj.pl, 1
+mamoris-net.jp, 1
+mamospienas.lt, 1
+mamot.fr, 1
+mamradost.sk, 1
+mamsds.com, 1
+mamtapark.tk, 1
+mamuko.nl, 1
+mamunlyric.tk, 1
+man-man.nl, 1
+man-stuff.co.uk, 1
+man3s.jp, 0
+mana.ee, 1
+mana.wiki, 1
+manab-it.com, 1
+manach.net, 1
+manage.cm, 1
+manage.com, 0
+manageairlinesbooking.com, 1
+manageathome.co.uk, 1
+managed-it.africa, 1
+managed-it.co.za, 1
+managedcontractors.co.uk, 1
+managedhosting.de, 1
+managedserver.it, 1
+managedservicesraleighnc.com, 1
+managedwphosting.nl, 1
+managefile.tk, 1
+managefuhui.com, 1
+management-companie.ro, 1
+managementboek.nl, 1
+managementforstartups.com, 0
+manageprefs.com, 1
+manageprojects.com, 0
+manager.linode.com, 0
+managment.io, 1
+manalu.cz, 1
+manaonetrading.com, 1
+manasakcijas.lv, 1
+manaspaul.tk, 1
+manateepao.gov, 1
+manatees.com.au, 1
+manatees.net, 1
+manausagil.com, 1
+manavgabhawala.com, 1
+manawa.tech, 1
+manawill.jp, 1
+manawithtea.com, 1
+manbetx1998.live, 1
+manboy.tk, 1
+mancaverevolution.com, 1
+manchester.careers, 1
+manchesterairportparking24.co.uk, 1
+manchestermn.gov, 1
+manchestermoneyman.com, 1
+manchestertechservices.co.uk, 1
+manchesterwi.gov, 1
+mancrates.com, 1
+mandala-ausmalbilder.de, 1
+mandala-book.tk, 1
+mandalayogaspa.com, 1
+mandanudes.ae, 1
+mandaraequestrian.com, 1
+mandarinplay.tk, 1
+mandatkollen.se, 1
+mandaz.eu, 1
+mandcbouncycastlehire.co.uk, 1
+mandediary.com, 1
+mandefender.tk, 1
+mandela-effect-wiki.tk, 1
+mandelaeffect.tk, 1
+manderstam.com, 1
+mandiblackburnphoto.com, 1
+mandospersonalizados.es, 1
+manducoshop.com, 1
+mandynamic.gr, 1
+manegehenriet.tk, 1
+manegestalflicka.tk, 1
+maneggio.milano.it, 1
+manekin.cf, 1
+manekin.ga, 1
+manekin.gq, 1
+manekin.ml, 1
+manelbenlloch.com, 1
+manelli.fr, 1
+maneql.co.jp, 1
+maneql.info, 1
+manero.de, 1
+manesht.ir, 1
+manfiction.com, 1
+manforums.com, 1
+manfred-feiger.com, 1
+manfred-kostner.tk, 1
+manfredgruber.at, 1
+manfredi.io, 1
+manfredimatteo.com, 1
+manfredschafer.ch, 1
+manfree.tk, 1
+manga-life.info, 1
+manga-passion.de, 1
+manga-republic.com, 1
+manga1000.top, 1
+manga1001.top, 1
+manga1001.xyz, 1
+manga168.com, 1
+mangabond.tk, 1
+mangaboxes.ml, 1
+mangacat.ga, 1
+mangadex.org, 1
+mangaesp.tk, 1
+mangafreak.tk, 1
+mangagaga.tk, 1
+mangahigh.com, 1
+mangajp.top, 0
+mangakita.net, 1
+mangalove.top, 1
+manganimefan.tk, 1
+mangapoi.com, 1
+mangareactor.tk, 1
+mangatafestas.com.br, 1
+mangaworld.gq, 1
+mangeur-de-cigogne.tk, 1
+mangfoldimai.no, 1
+mangga.cloud, 1
+mangio.co.uk, 1
+mangnhuapvc.com.vn, 1
+mango-zajm.gq, 1
+mango888.com, 1
+mangomercado.com, 1
+mangoservers.tk, 1
+mangotwoke.co.uk, 1
+mangumsinc.com, 1
+manguyen.de, 0
+manhack.net, 1
+manhassetparkdistrictny.gov, 1
+manhattan.at, 1
+manhattanchoralensemble.org, 1
+manhattanda.org, 1
+manhattandermatologistsnyc.com, 1
+manhattanfruitier.com, 1
+manhattanks.gov, 1
+manhattanlife.com, 1
+manhuagui.com, 1
+manhwaamour.com, 1
+mani.tw, 1
+maniacoland.com, 1
+maniadicane.com.br, 0
+maniaiti.nz, 1
+manial4d2.ml, 1
+maniasoft.pl, 1
+maniazul.tk, 1
+manicbouncycastles.co.uk, 1
+manicminers.tk, 1
+manicode.com, 1
+manicur-salon.tk, 1
+manicuradegel.es, 1
+manif-est.info, 1
+manikinuk.tk, 1
+manilacrawl.com, 1
+maniorpedi.com, 1
+maniosglass.gr, 1
+manipil.ch, 0
+manipurmatka.net, 1
+manisahaberleri.tk, 1
+manitaggarwal.com, 0
+manito.kr, 1
+manitoulinairport.ca, 1
+manitoulinairport.com, 1
+manitoulinglobalforwarding.ca, 1
+manitoulinglobalforwarding.co, 1
+manitoulinglobalforwarding.com, 1
+manitoulinglobalforwarding.mx, 1
+manitoulingolf.com, 1
+manitoulingroup.ca, 1
+manitoulingroup.co, 1
+manitoulingroup.com, 1
+manitoulinheavyhaul.ca, 1
+manitoulinheavyhaul.com, 1
+manitoulinlogistics.ca, 1
+manitoulinlogistics.com, 1
+manitoulintransport.ca, 1
+manitoulintransport.co, 1
+manitoulintransport.com, 1
+manitoulintransport.info, 1
+manitoulintransport.net, 1
+manitoulinusedequipment.ca, 1
+manitoulinusedequipment.com, 1
+manitoulinwarehousing.com, 1
+manitouspringsco.gov, 1
+manitowoccountywi.gov, 1
+manitowocwi.gov, 1
+manja-und-martin.de, 1
+manjalcouture.com, 1
+manjaro.ru, 1
+mankier.com, 1
+mankomarketing.com, 1
+manmatters.com, 1
+mann-und-maeuse.de, 1
+mannafields.org, 1
+mannat-hallmumbra.com, 1
+manneguiden.no, 1
+mannenzang.tk, 1
+mannhaarkunst.com, 1
+mannheimbloggt.tk, 1
+mannigroup.com, 1
+manningtreetilesandflooring.co.uk, 1
+mannnen.nl, 1
+mannservrice.cf, 1
+manoek.dynu.net, 1
+manofmanythings.com, 1
+manogara.tk, 1
+manoha-proservices.fr, 1
+manoila.co.uk, 1
+manoirdecontres.com, 1
+manojsharan.me, 1
+manolitodarts.tk, 1
+manologaribay.tk, 1
+manonandre-avocat.fr, 1
+manoro.de, 1
+manortx.gov, 1
+manova.cz, 1
+manowarus.com, 1
+manporn.xxx, 1
+manpro.systems, 1
+manrollo.com, 1
+mansarda-life.net, 1
+mansdell.net, 1
+mansfeld.pl, 1
+manshamita.com, 1
+manshatech.com, 1
+mansikamani.com, 1
+mansikka-sachi.com, 1
+mansionflip.com, 1
+manski.net, 1
+mansle.fr, 1
+mansoorkhan.tk, 1
+mansora.co, 1
+mansora.io, 1
+mansora.net, 1
+mansour.io, 1
+mansurov.tk, 1
+mantachiepharmacy.com, 1
+mantalak.com, 1
+mantaoilco.com, 1
+mantapmedia.com, 1
+mantaro.site, 1
+manteca.gov, 1
+manteligencia.com, 1
+mantelligence.com, 1
+mantenimiento-zaragoza.com, 1
+mantenimientoimpresoras.com, 1
+mantenimientosenjardineriaypiscinasveracruz.com, 1
+mantex.ml, 1
+manti.by, 1
+mantor.org, 0
+mantra.pictures, 1
+mantraptownshipmn.gov, 1
+mantu.com, 1
+mantul.top, 0
+manual-directory.com, 1
+manual-pdf.com, 1
+manualdousuario.net, 0
+manuall.ae, 1
+manuall.co.uk, 1
+manuall.cz, 1
+manuall.de, 1
+manuall.dk, 1
+manuall.es, 1
+manuall.fi, 1
+manuall.fr, 1
+manuall.hu, 1
+manuall.info.tr, 1
+manuall.it, 1
+manuall.jp, 1
+manuall.kr, 1
+manuall.no, 1
+manuall.pl, 1
+manuall.pt, 1
+manuall.ro, 1
+manuall.se, 1
+manuall.sk, 1
+manualowl.com, 1
+manualscollection.com, 1
+manuel-herrmann.de, 1
+manuel-schefczyk.de, 1
+manuel7espejo.com, 1
+manuelahidalgo.org, 1
+manuelboelstler.tk, 1
+manuelcancelas.com, 1
+manueldelgadohomes.com, 1
+manueldossantos.tk, 1
+manuelefior.tk, 1
+manuelefysiotherapeut.nl, 1
+manueljirado.tk, 1
+manuelosorio.me, 1
+manuelperujo.ch, 1
+manuelraimo.cf, 1
+manuelrueger.de, 1
+manufacturedhomemoving.com, 1
+manufacturing.gov, 1
+manufacturingsupportgroup.co.uk, 1
+manufacturingusa.com, 1
+manulife.ca, 1
+manumagnum.com, 1
+manuscript.com, 1
+manuscripteditorial.com, 1
+manuscriptlink.com, 1
+manusiasosial.tk, 1
+manusje-van-alles.nl, 1
+manutenzionecaldaie.it, 1
+manutenzionegiardini.it, 1
+manutenzionestabili.it, 1
+manuth.life, 1
+manutouch.com.cn, 1
+manwork.tk, 1
+manwv.gov, 1
+manychat.com, 1
+manyebook.com, 1
+manyetikboya.com, 1
+manyhotfiesta.ml, 1
+manylots.ru, 1
+manyo.jp, 1
+manypets.com, 1
+manyproservices.com, 1
+manytricks.com, 1
+manytubes.ga, 1
+manyzero.ml, 1
+manzanagroup.ru, 1
+manzanita-nsn.gov, 1
+maomihz.com, 1
+maone.net, 1
+maorilandfilm.co.nz, 1
+maorx.cn, 1
+maoshuai.bid, 1
+maoshuai.cc, 1
+maoshuai.club, 1
+maoshuai.cn, 0
+maoshuai.co, 1
+maoshuai.cx, 1
+maoshuai.fun, 1
+maoshuai.hk, 1
+maoshuai.in, 1
+maoshuai.ltd, 1
+maoshuai.me, 1
+maoshuai.net, 1
+maoshuai.online, 1
+maoshuai.org, 1
+maoshuai.pw, 1
+maoshuai.ren, 1
+maoshuai.site, 1
+maoshuai.store, 1
+maoshuai.tw, 1
+maoshuai.vip, 1
+maoshuai.wang, 1
+maoshuai.win, 1
+maoshuai.xyz, 1
+maowtm.org, 1
+maozedong.red, 1
+map-immo.fr, 1
+map.fund, 1
+map4erfurt.de, 1
+map4jena.de, 1
+mapa-airsoft-akci.cz, 1
+mapapeterie.ca, 1
+mapasmundi.com.br, 1
+mapausenaturelle.fr, 1
+mapblender.com, 1
+mapchange.org, 1
+mapduce.com, 1
+mapdump.com, 1
+mapi.eu.org, 1
+mapillary.com, 1
+maplebgm.cc, 1
+maplegrove.cf, 1
+maplegrovetownshipmi.gov, 1
+mapleholland.tk, 1
+maplehome.tk, 1
+maplemountainquiltretreat.com, 1
+maples.com, 1
+mapletime.com, 1
+mapletokyo.top, 1
+mapletonmn.gov, 1
+maplevalleytwpmi.gov, 1
+maplewood.tk, 1
+maplewoodnj.gov, 1
+mappingfutures.org, 1
+mappingspaceperu.com, 1
+mapresidentielle.fr, 1
+mapstack.org, 1
+maptician.com, 1
+mapuut.net, 1
+maqs.tk, 1
+maquena.org, 1
+maquetasdeaviones.tk, 1
+maquetting.com, 1
+maquiguarda.pt, 1
+maquinariahosteleriaocasion.com, 1
+maquinariaspesadas.org, 0
+maquinasperfectas.tk, 1
+maquinasquepiensan.tk, 1
+mar-eco.no, 1
+mar.pt, 1
+mara.paris, 1
+marabook.fr, 1
+maraboutserieuxhonnete.com, 0
+marabunta.io, 1
+maracarlinicourses.com, 1
+maracit.tk, 1
+maraichere-gourmande.org, 1
+marajo.ml, 1
+marajo.tk, 1
+marakovits.net, 1
+maralclock.ir, 1
+maranathacarechildren.com, 1
+maranightmare.net, 1
+maransurology.com, 1
+maranza.org, 1
+marasma.tk, 1
+marathoncitywi.gov, 1
+marathons.tk, 1
+marauderos.tk, 1
+marazul.tk, 1
+marbellaoptic.ro, 1
+marbermedical.com, 1
+marble.com, 1
+marbleceramiccorp.com.au, 1
+marbleme.jp, 1
+marblenexus.de, 1
+marbogardenlidkoping.se, 1
+marbree.eu, 1
+marbrerie-segur.fr, 1
+marc-beninca.fr, 1
+marc-hammer.de, 1
+marc-hoffrichter.de, 1
+marc-schlagenhauf.de, 0
+marc.info, 1
+marcago.com, 1
+marcaixala.me, 1
+marcapollo.ml, 1
+marcbeije.com, 1
+marcberndtgen.de, 1
+marcceleiro.com, 1
+marcdietschi.com, 1
+marcel-preuss.de, 1
+marcel-waldvogel.ch, 1
+marcelabarrozo.tk, 1
+marcelheemels.org, 1
+marcelino.cf, 1
+marcelinofranchini.com, 1
+marcelinofranchini.eu, 1
+marcelinofranchini.info, 1
+marcelinofranchini.net, 1
+marcelinofranchini.org, 1
+marcelkooiman.com, 1
+marcell-jansen.tk, 1
+marcelmarnitz.com, 1
+marcelofernandez.tk, 1
+marcelois.me, 1
+marcelovasconcelos.com.br, 1
+marcelpreuss.de, 1
+marcelsiegert.com, 1
+marcelwaldvogel.ch, 1
+marcelwiedemeier.com, 1
+marcelwolf.coach, 1
+marcenariaembh.com.br, 1
+marcgoertz.de, 1
+march-consulting.jp, 1
+marcha.org.ar, 1
+marchagen.nl, 1
+marchellenevers.tk, 1
+marchesini.com, 1
+marchesini.com.ua, 1
+marcheuparis.com, 1
+marchhappy.tech, 0
+marchinghatters.tk, 1
+marchingnorth.com, 1
+marchoffrichter.de, 1
+marchouben.nl, 1
+marchqualitymeats.com, 1
+marcianoandtopazio.com, 1
+marcillacetfils.fr, 1
+marclange.net, 1
+marco-burmeister.de, 1
+marco-hegenberg.net, 1
+marco-reitmeier.de, 1
+marco-s.net, 1
+marcoaurelio.tk, 1
+marcocasoni.com, 1
+marcoececilia.it, 1
+marcoherten.com, 1
+marcoklomp.nl, 1
+marcolattanzio.tk, 1
+marcopiottante.tk, 1
+marcopolo-restaurant.com, 1
+marcoreitmeier.de, 1
+marcorubiol.com, 1
+marcositaliandeli.co.uk, 0
+marcossan.com, 1
+marcosteixeira.tk, 1
+marcotolk.com, 1
+marcovery.com, 1
+marcretzlaff.com, 1
+marcschlagenhauf.de, 0
+marcsello.com, 1
+marcsferraripage.tk, 1
+marcus-scheffler.com, 1
+marcus.pw, 0
+marcusburghardt.tk, 1
+marcusds.ca, 1
+marcuskoh.com, 1
+marcusporter.tk, 1
+marcusquinn.com, 1
+marcusstafford.com, 1
+marcypro.com, 1
+marczocher.de, 1
+mardelcupon.com, 1
+mardigrasnapkins.com, 1
+mardinhaberleri.tk, 1
+mardinsondakika.tk, 1
+mare-sylt.de, 1
+mare.org.mk, 1
+mare92.cz, 1
+marebca.xyz, 1
+marechal-company.com, 1
+mareforfa.com, 1
+maregionsud.fr, 1
+marei.ad, 1
+mareinitalia.com, 1
+marekkohn.tk, 1
+marekkorlak.com, 1
+mareklecian.cz, 1
+marelijah.org, 1
+marengomi.gov, 1
+maresencial.com, 1
+maresimone.com, 1
+marex.host, 1
+marfadelivery.tk, 1
+marga-marga.tk, 1
+margagriesser.de, 1
+margan.ch, 1
+margaret.land, 1
+margaretgel.com, 1
+margaridamendessilva.com, 1
+margatroid.com, 1
+margaux-perrin.com, 1
+margauxnennig.com, 1
+margays.de, 1
+margeriam.com, 1
+margherita.cl, 1
+margintoniks.fr, 1
+margo-co.ch, 0
+margo.ml, 1
+margolcia.com.pl, 1
+margolis.gq, 1
+margotbworldnews.tk, 1
+margotdesign.ovh, 1
+margots.biz, 1
+margots.tech, 1
+margriet.nl, 1
+margus.uk, 0
+marhamat.cf, 1
+marhobateren.tk, 1
+mari-ie.ro, 1
+maria-blanco.tk, 1
+maria-kirilenko.tk, 1
+maria-sharapova.tk, 1
+mariaalcazar.com, 1
+mariaangelamacario.com, 1
+mariadelcastillo.com, 1
+mariaelisaejunior.ga, 1
+mariafernanda.com.br, 1
+mariage-protestant.ch, 0
+mariage-reussi.fr, 1
+mariagealamontagne.com, 1
+mariages.net, 1
+mariahandnasty.com, 1
+mariahcareyvenezuela.tk, 1
+mariaisabel.tk, 1
+marialopez.tk, 1
+mariamenounos.tk, 1
+mariamia.org, 1
+mariamindbodyhealth.com, 1
+marianatherapy.com, 1
+marianelaisashi.com, 1
+marianhoenscheid.de, 1
+mariannethijssen.nl, 1
+marianneveenstra.tk, 1
+marianrivera.tk, 1
+mariansalzman.com, 1
+mariapietropola.com, 1
+mariart.studio, 1
+mariasavchenko.com, 1
+mariasemarias.com.br, 1
+mariaterbildt.tk, 1
+mariavilleme.gov, 1
+mariberceritera.online, 1
+marie-pettenbeck-schule.de, 1
+marie-psy.fr, 1
+marie.club, 1
+mariealber.cz, 1
+mariearthur.fr, 1
+mariecurie.tk, 1
+mariejulien.com, 1
+mariella-sun.net, 1
+marielouise.tk, 1
+mariemccaig.co.uk, 1
+mariemiramont.fr, 1
+mariereichl.cz, 1
+mariescountymo.gov, 1
+marieskyler.net, 1
+marietrap.ch, 0
+marifilmines.com, 1
+marijang.id, 1
+marijuanajobscannabiscareers.com, 1
+marik.net.br, 1
+marikafranke.de, 1
+marikekinze.de, 1
+marillatownshipmi.gov, 1
+marilower.tk, 1
+marilsnijders.nl, 1
+marilynandsarah.org, 1
+marilynmonroy.com.ec, 1
+marin-dom.ru, 0
+marin-tullet.com, 0
+marina-group.tk, 1
+marina-tsvetaeva.ml, 1
+marinaborregoterapeuta.pt, 1
+marinadarje.com, 1
+marinamontana.net, 1
+marinapetruzio.it, 1
+marinapozzoli.tk, 1
+marinaquip.com, 1
+marinarinaldi.ml, 1
+marinasmad.com, 1
+marinat.de, 1
+marinat2012.de, 1
+marinazarza.es, 1
+marine.gov, 1
+marinecadastre.gov, 1
+marinedesign.tk, 1
+marineecologyfiji.com, 1
+marinekaplama.com, 1
+marinela.tk, 1
+marinelausa.com, 0
+marinella.tk, 1
+marinershousecalstock.com, 1
+marinettecountywi.gov, 1
+marinettewi.gov, 1
+mario-ancic.tk, 1
+mario-sarto.com, 1
+mario.com.ua, 1
+mario420.ga, 1
+marioabela.com, 1
+marioberluchi.by, 0
+mariogarcia.tk, 1
+mariogeckler.de, 0
+marioncounty911illinois.gov, 1
+marioncountyar.gov, 1
+marioncountyil.gov, 1
+marioncountyiowa.gov, 1
+marioncountyms.gov, 1
+marioncountyohio.gov, 1
+marioncountysheriffar.gov, 1
+marioncountytn.gov, 1
+marionflclerk.gov, 1
+mariontwpcvxmi.gov, 1
+marioserver.ml, 1
+mariospizzaoxford.co.uk, 1
+mariouniversalis.fr, 1
+mariowiki.com, 1
+mariposah.ch, 1
+marisamorby.com, 0
+marisasitaliankitchen.com, 1
+mariskavankasbergen.nl, 1
+mariskax.net, 1
+marismenos.tk, 1
+maritiemshertogenbosch.nl, 1
+maritime-mea.com, 1
+maritimehistory.org.uk, 1
+maritlarsen.ml, 1
+maritlarsen.tk, 1
+marius-schmalz.de, 1
+mariusschulz.com, 1
+marix.ro, 1
+marizaikonomi.tk, 1
+marj3.com, 1
+marjadeleeuw.nl, 1
+marjanne.tk, 1
+marjeta-gurtner.ch, 1
+marjoleindens.be, 1
+marjon.photography, 1
+marjonruns.nl, 1
+marjorie-wiki.de, 1
+marjoriebarretto.tk, 1
+marjoriecarvalho.com.br, 1
+mark-a-hydrant.com, 1
+mark-armstrong-gaming.com, 1
+mark-dietzer.de, 1
+mark-semmler.de, 1
+mark1998.com, 1
+markandrosalind.co.uk, 1
+markantalyamasajsalonu-bayanmasoz-cim.cf, 1
+markco.fi, 1
+markdain.net, 1
+markdixon.name, 1
+markecubanos.com, 1
+markedplassen.no, 1
+markellos-olive.gr, 1
+markenet.co, 1
+markentier.tech, 1
+markepps.com, 1
+market-garden.tk, 1
+market.android.com, 1
+marketadvisory.com.au, 0
+marketbasket.tk, 1
+marketcavalli.it, 1
+marketerprofesional.com, 0
+marketespace.fr, 0
+marketfeed.news, 1
+marketforce.com, 1
+marketgarden.tk, 1
+marketgrid.ml, 1
+marketgrid.tk, 1
+marketia.ml, 1
+marketing-2.de, 1
+marketing-advertising.eu, 1
+marketing-schools.org, 1
+marketing1-0-1.com, 1
+marketing4trends.com, 1
+marketingautomationplan.nl, 1
+marketingbab.com, 1
+marketingbrandingnews.com, 1
+marketingbrandingnews.net, 1
+marketingcareeredu.org, 1
+marketingco.nl, 1
+marketingconcafe.com, 1
+marketingdesignu.cz, 1
+marketingdigitalefisiente.com, 1
+marketingdominante.com.br, 1
+marketingforfood.com, 1
+marketingmd.com, 1
+marketingpalace.tk, 1
+marketingstrategy.gq, 1
+marketingtrendnews.com, 1
+marketingtutor.net, 1
+marketingwelt-lipp.de, 1
+marketingypublicidaddigital.com.mx, 1
+marketio.ai, 1
+marketizare.ro, 1
+marketking.ga, 1
+marketlocal.ly, 1
+marketmotion.com.au, 1
+marketnews.com, 1
+marketone.com, 1
+marketplace.org, 1
+marketplace.tf, 1
+marketplacetue.nl, 1
+marketresearch.biz, 1
+marketsearch.ga, 1
+marketsnerd.com, 1
+marketsosyali.tk, 1
+markettailor.io, 0
+marketvalue.gq, 1
+marketvolume.com, 1
+marketyourcup.com, 1
+markfietje.eu, 1
+markfisher.photo, 1
+markhaehnel.de, 1
+markhedrick.com, 1
+markholden.guru, 1
+markhoodauthor.com, 1
+markhoodbooks.com, 1
+markhoodphoto.com, 1
+markhoodwrites.com, 1
+markhornsby.co.uk, 1
+markhornsby.uk, 1
+markido.com, 1
+markisa.ninja, 1
+markitanova-anna.tk, 1
+markitee.com, 0
+markitzeroday.com, 1
+markjansen.tk, 1
+markkirkforillinois.com, 1
+markkirkforsenate.com, 1
+markkusilvennoinen.fi, 1
+marklehane.com, 1
+markllego.com, 1
+markmet.fi, 1
+markmetcalfe.io, 1
+markmorris.com.au, 1
+markocloud.com, 1
+markoglou.com.gr, 1
+markoh.co.uk, 1
+markprof.ru, 1
+markpulido.net, 1
+markri.nl, 1
+markridgwell.co.uk, 1
+markridgwell.com, 1
+marks.sa, 1
+marksa.net, 1
+markshroyer.com, 1
+marksm.it, 1
+marksmanhomes.com, 1
+marksouthall.com, 1
+markstevenkirk.com, 1
+markstickley.co.uk, 1
+markt-heiligenstadt.de, 0
+markt8asten.nl, 1
+marktcontact.com, 1
+markterweele.nl, 1
+marktgemeinde-glonn.de, 1
+marktgorman.com, 1
+marktguru.at, 1
+marktguru.de, 1
+markthisforme.com, 1
+marktissink.nl, 0
+markup-ua.com, 1
+markus-blog.de, 1
+markus-enzweiler.de, 1
+markus-keppeler.de, 1
+markus-musiker.de, 1
+markus-ullmann.de, 1
+markus289.com, 1
+markusabraham.com, 1
+markusehrlicher.de, 1
+markusgran.de, 1
+markushof.it, 1
+markusjanzen.de, 1
+markuskeppeler.de, 1
+markuskeppeler.no-ip.biz, 1
+markuslintula.fi, 1
+markusmani.tk, 1
+markusribs.com, 1
+markusritzmann.ch, 0
+markusueberallassetmanagement.de, 1
+markusueberallconsulting.de, 1
+markusweimar.de, 1
+markuswirnsperger.com, 1
+marlboroughchamber.nz, 1
+marlboroughfarmersmarket.tk, 1
+marlen.cz, 1
+marlenefavela.tk, 1
+marlenekrasa.com, 1
+marliesfens.nl, 1
+marliesslomp.nl, 1
+marlosoft.net, 1
+marmaluot.com, 1
+marmarahaberleri.tk, 1
+marmelo.digital, 1
+marmista.roma.it, 1
+marmitethegreyhound.com, 1
+marmo.gallery, 1
+marmo.tk, 1
+marmotte.love, 1
+marmurmedical.com, 1
+marny.eu, 1
+marocfoot.net, 1
+marocmail.ma, 1
+marocnews.tk, 1
+marocweb.tk, 1
+maroebeni.tk, 1
+marolu.one, 1
+maroochydorecentre.com, 1
+maroochydorecitycenter.com, 1
+maroochydorecitycenter.com.au, 1
+maroochydorecitycentre.com, 1
+maroochydorecitycentre.com.au, 1
+maroochydorecitycentre.net.au, 1
+maroquineriepirlot.be, 0
+maroshionline.tk, 1
+maroussia.tk, 1
+marouviere.fr, 1
+marpa-wohnen.de, 1
+marplo.net, 1
+marqperso.ch, 1
+marqueandbrew.com, 1
+marqued.com, 1
+marquepersonnelle.ch, 1
+marqueswines.co.uk, 1
+marquimanagement.com, 1
+marquisepools.com, 1
+marrai.de, 1
+marrakech-camel-trips.com, 1
+marrakechairporttransfer.com, 1
+marrakeche.com, 1
+marredesefairebaladersurlenet.com, 1
+marretada.org, 1
+marriage-shrine.jp, 1
+marriageinchrist.com, 1
+marrickvilleapartments.com.au, 1
+marronniergate.com, 0
+marropax.com, 1
+marryfox.net, 1
+mars-infos.org, 1
+mars.army, 1
+mars.navy, 1
+marsafc.tk, 1
+marsanvet.com, 1
+marsatapp.com, 1
+marshaiargentina.com, 1
+marshall-allman.tk, 1
+marshallcoms.gov, 1
+marshallcountyillinois.gov, 1
+marshallcountywv.gov, 1
+marshallruskwi.gov, 1
+marshallscastles.com, 1
+marshallsheriffms.gov, 1
+marshallwilson.com, 1
+marshfieldvillagevt.gov, 1
+marshfieldvt.gov, 1
+marshmallow.co, 1
+marshmallow.com, 1
+marshmallowchallenge.com, 1
+marshop.tk, 1
+marsicano.tk, 1
+marsikelektro.cz, 1
+marsilioblack.tk, 1
+marsmediavideo.com, 1
+marta-chat.ga, 1
+marta.uz, 0
+martacooks.com, 1
+martapratsmakeup.com, 1
+martasibaja.com, 1
+martastroll.com, 1
+martdev.com, 1
+martec.dk, 1
+martel-innovate.com, 0
+martelange.ovh, 1
+martelliyaqub.co.nz, 1
+martellosecurity.com, 1
+martemeo-wetterau.de, 1
+martensson.io, 1
+martesanamilano.com, 1
+marthakenney.com, 1
+marthas.sale, 1
+marthasvillemo.gov, 1
+marti201.ga, 1
+martial-arts.tk, 1
+martialarts-wels.at, 1
+martialartsbrownsplains.ga, 1
+martialgym.tk, 1
+martian.community, 1
+martian.tk, 1
+martide.com, 1
+martijnschreuders.tk, 1
+martijnvanderzande.nl, 1
+martijnvdputten.tk, 1
+martin-burger.net, 1
+martin-caslavsky.tk, 1
+martin-loewer.de, 1
+martin-mattel.com, 1
+martin-prell.de, 1
+martin-smith.info, 1
+martin-weil.de, 1
+martin.vet, 0
+martinaachen.tk, 1
+martinalonsovega.tk, 1
+martinassurfdepot.tk, 1
+martinbaileyphotography.com, 0
+martinbiely.com, 1
+martinboerhof.nl, 1
+martincernac.cz, 1
+martincornelissen.tk, 1
+martindales.ltd.uk, 1
+martine.nu, 1
+martinebot.com, 1
+martinelias.cz, 1
+martineric.tk, 1
+martineve.com, 0
+martinfresow.de, 1
+martinhal.cn, 1
+martinhal.com, 1
+martinhalfamilyblog.com, 1
+martinhalholiday.com, 1
+martinhalliving.com, 1
+martinhalpropertysales.com, 1
+martinhalresidences.com, 1
+martinhaunschmid.com, 0
+martinho.tk, 1
+martinishotpodcast.com, 1
+martinkunc.tk, 1
+martinkus.eu, 1
+martinlukes.cz, 1
+martinmawbycurtaintracks.co.uk, 1
+martinmuc.de, 1
+martino.ga, 1
+martinploug.dk, 1
+martinpohl.cz, 0
+martinreed.net, 1
+martins.im, 1
+martinschulze.org, 1
+martinschurdak.tk, 1
+martinsferryoh.gov, 1
+martinstepar.cz, 1
+martinsvillebulletin.com, 1
+martinus.cafe, 1
+martinverkerkonline.tk, 1
+martinvillalba.com, 1
+martinvillalba.com.ar, 1
+martinvillalba.info, 1
+martinvillalba.net, 1
+martinvillalba.org, 1
+martinvotes.gov, 1
+martnlab.com, 1
+martonmihaly.hu, 1
+martonveronika.tk, 1
+martstroy.ru, 1
+marturet.com, 1
+marty.me.uk, 1
+martyrium.tk, 1
+marufmusic.tk, 1
+maruja.tk, 1
+marula-oel.de, 1
+marulaweb.com, 1
+marunouchi-hotel.co.jp, 1
+marustat.ru, 1
+marvaco.cf, 1
+marvaco.ga, 1
+marvaco.tk, 1
+marvelcargiveaways.co.uk, 1
+marveld.nl, 1
+marvelmoviemarathon.com, 1
+marvelo.cf, 1
+marvelweed.ru, 1
+marvin-elsen.com, 1
+marvin.is, 1
+marvin.rocks, 1
+marvinelsen.com, 1
+marvingazibaric.io, 1
+marvinkeller.de, 0
+marvinxyz.de, 1
+marvnet.cf, 1
+marvnet.design, 1
+marvnet.ga, 1
+marvnet.gq, 1
+marvnet.ml, 1
+marvnet.tk, 1
+marvnetdigital.cf, 1
+marvnetdigital.ga, 1
+marvnetdigital.gq, 1
+marvnetdigital.ml, 1
+marvnetdigital.tk, 1
+marvnetforum.cf, 1
+marvnetforum.ga, 1
+marvnetforum.gq, 1
+marvnetforum.ml, 1
+marvnetforum.tk, 1
+marvos.se, 1
+marw.org, 1
+marwadionline.com, 1
+marxist.party, 1
+marxists.org, 1
+marxmyths.org, 1
+marxpark.tk, 1
+mary-e-kay.tk, 1
+maryamghorbani.com, 1
+maryannhaircpa.com, 1
+marycliffpress.com, 1
+marycowanceramics.com, 1
+maryeileen90.party, 1
+maryeileenkelly.com, 1
+maryhaze.net, 1
+marykatrinaphotography.com, 1
+marykirsch.net, 1
+marylandbasementandcrawlspacewaterproofing.com, 1
+marylandcomptroller.gov, 1
+marylandtaxes.gov, 1
+marylandtraditions.org, 1
+maryleemacdonald.org, 1
+maryluzturismo.co, 1
+marymaloney.tk, 1
+marypierce.tk, 1
+maryrock.net, 1
+maryrose.org, 1
+marysvilleks.gov, 1
+marytetzstore.com.br, 1
+marywet.net, 1
+marzio.co.za, 1
+mas.be, 1
+mas.bg, 1
+masadaoffensive.com, 1
+masafarms.com, 1
+masajilanver.tk, 1
+masakanibu.ga, 1
+masakigarden.com, 1
+masalaband.tk, 1
+masaloku.com.tr, 1
+masanteadelavenir.fr, 1
+masanunciosimpresos.com, 1
+masarik.sh, 1
+masaze-hanka.cz, 1
+mascarablond.tk, 1
+mascarbo.tk, 1
+mascarillas.blog, 1
+mascenter.xyz, 1
+maschine.email, 1
+maschinen.email, 1
+maschinensucher.de, 1
+mascorazon.com, 1
+mascotarios.org, 1
+mascoteando.net, 1
+masdemariette.com, 1
+masdemexico.com, 1
+masduta.co, 1
+masdzub.com, 1
+masepps.pe, 1
+maservant.net, 1
+masfloss.net, 1
+mashairi.co.ke, 1
+masharphomecooking.com, 1
+mashek.net, 1
+mashin.al, 1
+mashinavremeni.ml, 1
+mashine-art.ru, 1
+mashinist.tk, 1
+mashonkavortu.tk, 1
+mashoom.co.uk, 1
+mashrmail.com, 1
+mashrmail.io, 1
+mashtibax.ga, 1
+masiavillalonga.com, 1
+masimo.com, 1
+masinaspalat.info, 1
+masiniunelte.store.ro, 1
+masinky.tk, 1
+masite.net, 1
+mask-skin.tk, 1
+masked.love, 1
+maskedemail.nl, 1
+maskedworld.tk, 1
+maskerking.com, 1
+maskim.fr, 1
+maskinkultur.com, 1
+maskmy.id, 1
+maskova.net, 1
+maskstyle.tk, 1
+maslenka.tk, 1
+maslin.io, 1
+maslow.tk, 1
+masmusica.tk, 1
+masmusicaradio.tk, 1
+maso-corto.com, 1
+masob.site, 1
+masoftware.ddns.net, 1
+masoncountyil.gov, 1
+masoncountywa.gov, 1
+masoncountywaelections.gov, 1
+masoncountywv.gov, 1
+masonkysheriff.gov, 1
+masqueless.org, 1
+masqueradecostumes.tk, 1
+masrilanguage.tk, 1
+masrud.com, 1
+masrur.org, 1
+mass-analytics.com, 1
+mass.pt, 1
+massaer.tk, 1
+massage-californien.tk, 1
+massage-colleges.com, 1
+massage-la-clusaz.com, 1
+massage-technique.tk, 1
+massage-vitalite.fr, 1
+massage-well.ch, 1
+massage4u.net, 0
+massageandwellbeing.com, 1
+massagecoolangatta.com.au, 1
+massagecupping.com, 1
+massagegunadvice.com, 1
+massagekartan.ga, 1
+massagepraktijkamyklappe.nl, 1
+massages-du-monde-charente.fr, 1
+massagespaindia.com, 1
+massagetherapylicense.org, 1
+massagetherapyschoolsinformation.com, 1
+massaggio.it, 1
+massagik.ml, 1
+massanews.com, 1
+massapothecary.com, 1
+massauditor.gov, 1
+massazh.cf, 1
+massbank.eu, 1
+massconsultores.com, 1
+masse.org, 1
+massfone.com, 1
+masshost.tk, 1
+masshpc.gov, 1
+massive.tk, 1
+massiveanalyser.com, 1
+massiveassault.tk, 1
+masskick.ga, 1
+massmurder.tk, 1
+massmutualascend.com, 0
+massolutions.pro, 1
+masspingtool.com, 0
+masstercurssos.com, 1
+massvow.com, 1
+masta.me, 1
+mastah.fr, 1
+mastd.fr, 1
+mastd.me, 0
+mastd.onl, 1
+mastdatabase.co.uk, 1
+mastdi.eu, 1
+mastelic.net, 1
+mastellone.us, 1
+master-net.org, 1
+master-tmb.ru, 1
+master.cz, 1
+master.shop, 1
+masteranimal.tk, 1
+mastercardpac.com, 1
+mastercareplus-demo.com, 1
+mastercareplus-staging.com, 1
+mastercareplus-uat.com, 1
+mastercareplus.com, 1
+mastercomfig.com, 1
+masterdan.net, 1
+masterdc.com, 1
+masterdemolitioninc.com, 1
+masterdesingweb.tk, 1
+masterdigitale.com, 1
+masterdistillers.net, 1
+masterdrilling.com, 1
+mastere.tn, 1
+masterflitzer.xyz, 1
+masterglasses.ru, 1
+mastergrampartners.com, 1
+masterhelenaroma.com, 1
+masterimperia.com, 1
+masterin.it, 1
+masteringenieriadelfuego.es, 0
+masterise.tv, 1
+masterjuantex-projects.tk, 1
+masterkitchen.com.br, 1
+masternetix.ga, 1
+masternetltd.com, 1
+masterofallscience.com, 1
+masterofazoth.tk, 1
+masterofbytes.ch, 1
+masterpassword.org, 1
+masterplc.com, 1
+masterproseo.ru, 1
+masterpsylogos.ru, 1
+masterquest.tk, 1
+masters-burrell.co.uk, 1
+masters-education.com, 1
+masters-in-special-education.com, 1
+mastersadistancia.com, 1
+mastersindatascience.org, 1
+mastersinesl.org, 1
+mastersinlibraryscience.net, 1
+mastersofscale.com, 1
+mastersplace.tk, 1
+masterstation.net, 1
+mastersthesiswriting.com, 1
+masterstruckingacademy.com, 1
+masterstuff.de, 1
+mastertent.com, 1
+masterton.com.au, 1
+mastertutoriales.com, 0
+masterunblock.com, 0
+masterurist.ru, 1
+mastervision.tk, 1
+masterwank.com, 1
+masterwayhealth.com, 1
+mastiffingles.com.br, 1
+mastilenergy.us, 1
+mastips.cl, 1
+mastodon-poradnik.pl, 1
+mastodon.au, 1
+mastodon.blue, 0
+mastodon.com.pl, 1
+mastodon.cr, 1
+mastodon.ee, 1
+mastodon.fun, 1
+mastodon.org.uk, 1
+mastodon.pizza, 1
+mastodon.pl, 0
+mastodon.top, 1
+mastodon.uno, 1
+mastodont.tk, 1
+mastpartners.com, 1
+masuclub.jp, 1
+masuclub.net, 1
+masumreza.tk, 1
+masun.org, 1
+maswali.com, 1
+mat-berenbostel.de, 1
+mat.co.th, 1
+mat.com.vn, 1
+mat.services, 1
+mat.tt, 1
+mat99.dk, 1
+mata-i-nautisme.fr, 1
+matafonov.tk, 1
+mataharitimoer.tk, 1
+matanz.de, 1
+matapacoin.org, 1
+matarbyte.se, 1
+matarees.com, 1
+matarrosabierzo.com, 1
+matatabimix.com, 1
+matatall.com, 1
+matc.net, 1
+match.audio, 1
+match.by, 1
+match2meet.io, 1
+matcha-iga.jp, 1
+matcha14.com, 1
+matchboxdesigngroup.com, 1
+matchday.cz, 1
+matchflix.ch, 1
+matchimmo.fr, 1
+matchlive.ga, 1
+matchmeup.de, 1
+matchmove.com, 1
+matchpointusa.com, 1
+matco.ca, 0
+mate.academy, 1
+mate.software, 1
+matega.hu, 1
+mateiko.by, 1
+matej-oliva.cz, 1
+matejgroma.com, 1
+matejkosiarcik.com, 1
+matel.org, 1
+matematik-ozel-ders.tk, 1
+matematikformulleri.com, 1
+matematikkulubu.tk, 1
+matematyka.wiki, 1
+matemonsac.com, 0
+mateoconlechuga.com, 1
+materasocial.live, 1
+materassi.roma.it, 1
+materassicatania.it, 1
+materi.co.id, 1
+materiaischiquinho.com.br, 1
+material-ui.com, 1
+material-world-fuyouhin.com, 1
+material.security, 1
+materialism.com, 1
+materialyinzynierskie.pl, 1
+materiel-grand-format.fr, 1
+maternityfashion.in, 1
+maternoinfantile.online, 1
+maternum.com, 1
+mateslibres.com, 1
+matetineamoi.fr, 1
+mateuszchyla.pl, 1
+mateuszmajewski.com, 1
+mateuszpilszek.pl, 1
+matewanwv.gov, 1
+mateworks.hu, 1
+matglobal.tech, 1
+matgodt.no, 1
+math-coaching.com, 1
+math-colleges.com, 1
+math-drills.com, 1
+math-net.ru, 1
+math.hamburg, 1
+mathalexservice.info, 1
+mathavuzteknolojileri.com.tr, 1
+mathdf.com, 1
+mathebau.de, 1
+mathebibel.de, 1
+mathematica.org, 1
+mathematik.rocks, 1
+matheo-schefczyk.de, 1
+mathers.ovh, 1
+mathes.berlin, 1
+matheusmacedo.ddns.net, 1
+mathewlane.com, 1
+mathhire.org, 1
+mathias.re, 0
+mathiasbynens.be, 1
+mathiasgarbe.de, 1
+mathiasheise.de, 1
+mathiaswagner.org, 1
+mathieu-marteau.fr, 0
+mathieuchollet.eu, 1
+mathieugrant.com, 1
+mathieuguimond.com, 1
+mathieui.net, 1
+mathijskingma.nl, 1
+mathiveri.tk, 1
+mathleaks.com, 1
+mathleaks.se, 1
+mathnet.ru, 1
+maths.network, 1
+mathschool.lt, 1
+mathsource.ga, 1
+mathspace.co, 1
+mathswithcorne.com, 1
+mathteacheredu.org, 1
+mathys.io, 1
+mati.gq, 1
+mati.lol, 1
+mati.tk, 1
+maticz.com, 1
+matijakolaric.com, 1
+matildeferreira.co.uk, 1
+matillat.ovh, 1
+matindustrial.com, 1
+matipl.pl, 1
+matiu.tk, 1
+matjaz.it, 1
+matkuling.com, 1
+matkuling.no, 1
+matlss.com, 1
+matnkat.com, 1
+matocmedia.com, 1
+matok.me.uk, 1
+matolab.lt, 1
+matomari.tk, 1
+matopu.tk, 1
+matoutepetiteboutique.com, 1
+matov.tk, 1
+matovaya-pomada.ml, 1
+matozone.com, 1
+matpools.com, 1
+matratzentester.com, 1
+matreon.nl, 1
+matrichelp.co.za, 1
+matrieux.dk, 1
+matrimonio.com, 1
+matrimonio.com.co, 1
+matrimonio.com.pe, 1
+matrimonios.cl, 1
+matrimoniosriviera.com, 1
+matrimonybest.com, 1
+matriterie-sdv.ro, 1
+matrix-pm.com, 1
+matrix-team.tk, 1
+matrix.org, 1
+matrix3dp.com, 1
+matrix40.com, 1
+matrixbricks.com, 1
+matrixeditora.com.br, 1
+matrixengineered.com, 1
+matrixfm.tk, 1
+matrixglobalsms.com, 1
+matrixhealthcare.ca, 1
+matrixmedia.ro, 1
+matrixmold.com, 1
+matrixpost.net, 1
+matrixread.com, 0
+matrixreq.com, 0
+matronal.ru, 0
+matroskin.ml, 1
+matsson.com, 1
+matsu-semi.com, 1
+matsu.gov, 1
+matsushima-kosodate.com, 1
+matt-brooks.com, 1
+matt-royal.com.cy, 1
+matt.re, 1
+mattab.xyz, 1
+mattadams.info, 1
+mattajones.com, 1
+mattandreko.com, 1
+mattandyana.com, 1
+mattaponi.gov, 1
+mattari-app.com, 1
+mattatoio.eu, 1
+mattberryman.org, 1
+mattbiscay.com, 1
+mattbray.com, 1
+mattbsg.xyz, 1
+mattchellew.net, 1
+mattcoles.io, 1
+mattconstruction.com, 1
+mattcorallo.com, 1
+mattcorp.com, 1
+mattdbarton.com, 1
+mattelek.com, 1
+mattelekharris.com, 1
+mattentaart.tk, 1
+matteobrenci.com, 1
+matteomarescotti.it, 1
+matteosaturn.com, 1
+matteozinnia.it, 1
+mattersource.com, 1
+mattessons.co.uk, 1
+mattferderer.com, 1
+mattfiore.com, 1
+mattga.ca, 1
+mattgemmell.com, 1
+mattgoddardphotography.co.uk, 1
+matthew-carson.info, 1
+matthew-cash.com, 1
+matthewberry.co.za, 1
+matthewburket.com, 1
+matthewcollins.me, 1
+matthewgallagher.co.uk, 1
+matthewgraybosch.com, 1
+matthewgrow.com, 1
+matthewhaeck.com, 1
+matthewimaniphotography.ga, 1
+matthewj.ca, 1
+matthewkairys.com, 1
+matthewkenny.co.uk, 1
+matthewkerley.com, 1
+matthewlankford.com, 1
+matthewljiang.com, 1
+matthewohare.com, 0
+matthewoliver.com, 1
+matthewoshea.tk, 1
+matthewprenger.com, 1
+matthewrochow.com, 1
+matthewsaeger.com, 1
+matthewsfuneralhome.com, 1
+matthewtester.com, 1
+matthewthode.com, 1
+matthewthode.net, 1
+matthewthode.org, 1
+matthey.nl, 1
+matthi.coffee, 1
+matthi3u.xyz, 1
+matthias-lohr.com, 1
+matthias-lohr.net, 1
+matthias-muenzner.de, 1
+matthias-wimmer.de, 1
+matthiasadler.info, 1
+matthiaserb.com, 1
+matthiaslohr.net, 1
+matthiasmueller.me, 1
+matthiasott.ch, 1
+matthiasott.com, 1
+matthiasschwab.de, 1
+matthiasweiler.de, 0
+matthiaswillemsen.me, 1
+matthieu-munoz.fr, 1
+matthieuchedidweb.tk, 1
+matthieuschlosser.fr, 1
+matthijssen.info, 1
+matthijsvos.com, 1
+matthijsvos.org, 1
+mattia98.org, 0
+mattiascibien.net, 0
+mattisclever.com, 1
+mattlaks.com, 1
+mattmccutchen.net, 1
+mattmcshane.com, 1
+mattmoorcroft.com, 1
+mattmorrissound.co.uk, 1
+mattnetwork83.com, 1
+mattonline.me, 1
+mattpeterson.com, 1
+mattpippen.com, 1
+mattprice.eu, 1
+mattquintanilla.xyz, 1
+mattres.com, 1
+mattresscleaningcampsbay.co.za, 1
+mattresscleaningcapetown.co.za, 1
+mattresscleaningdurban.co.za, 1
+mattresscleaninghoutbay.co.za, 1
+mattresscleaningseapoint.co.za, 1
+mattresscleaningwesterncape.co.za, 1
+mattressdiscounters.com, 1
+mattressfirm.org, 1
+mattressfundraiser.net, 1
+mattressman.co.uk, 1
+mattressomni.ng, 1
+mattrubin.me, 1
+mattrude.com, 1
+matts.systems, 1
+matts.world, 1
+mattsavin.me, 1
+mattshi.com, 1
+mattslack.me, 1
+mattsvensson.com, 1
+mattwill.be, 1
+matucloud.de, 1
+matuntu.ml, 1
+mature-lovers.com, 1
+mature-orgasm.com, 1
+matureasspics.com, 1
+maturebbwtube.com, 1
+maturebigass.com, 1
+maturecharm.com, 1
+maturefucktube.com, 1
+maturegrandtube.com, 1
+matureladiespics.com, 1
+matureporn-videos.com, 1
+matureporn.com, 1
+maturepornpics.com, 1
+maturepussypics.com, 1
+maturetube.tv, 1
+maturexthumbs.com, 1
+matuslab.net, 1
+matway.com, 1
+matway.net, 1
+matyldamost.cz, 1
+matze.co, 1
+matze.org, 0
+matzoos.com, 1
+mau.chat, 1
+mau.fi, 1
+mau.life, 1
+mau.lu, 1
+mau.photos, 1
+maubot.xyz, 1
+maudfourier.com, 0
+mauditeboisson.tk, 1
+maudok.gov, 1
+mauhalito.tk, 1
+mauicharm.com, 1
+mauldincookfence.com, 1
+mauletsmallorca.tk, 1
+maumovie.ml, 1
+maunium.net, 1
+mauracher.cc, 1
+maurice-walker.com, 0
+mauricechavez.tk, 1
+mauricedb.nl, 1
+mauriceje.ga, 1
+mauricespapens.tk, 1
+mauricio-ochmann.tk, 1
+mauriciog.com.ar, 0
+mauricioghiorzi.com.ar, 0
+mauricioquadradoconsultor.com.br, 1
+mauricioquadradocontador.com.br, 1
+mauriciosilva.tk, 1
+mauriciotoussaint.tk, 1
+mauriciotoussaintarte.tk, 1
+mauroalejandro.co, 1
+mauronovellas.es, 1
+maurovacca.com, 1
+maurrikone.com, 1
+maury-moteurs.com, 1
+mausmani.tk, 1
+mausoleum.ga, 1
+maut1.de, 1
+mauticamp.ng, 1
+mauto.md, 1
+maveeranpasupathi.tk, 1
+maven-cap.com, 1
+maven.ng, 0
+mavente.fr, 1
+maventrading.com, 1
+mavenvets.co.uk, 1
+mavericklabel.com, 1
+maverickmobilemechanics.com, 1
+maveris.com, 0
+maviepearl.net, 1
+mavrick.tk, 1
+mavro.cf, 1
+mavro.ga, 1
+mavro.gq, 1
+mawinguhost.co.ke, 1
+mawkebaljalal.com, 1
+mawo.olkusz.pl, 1
+mawrex.tech, 1
+max-anime.tk, 1
+max-apk.com, 0
+max-cafe.cz, 1
+max-moeglich.de, 1
+max-went.pl, 1
+max.gov, 1
+max00365.com, 1
+max11365.com, 0
+max1365.com, 0
+max22365.com, 0
+max2365.com, 0
+max33365.com, 0
+max3365.com, 0
+max4365.com, 0
+max44365.com, 0
+max5365.com, 0
+max55365.com, 0
+max6365.com, 0
+max66365.com, 0
+max77365.com, 0
+max8365.com, 0
+max88365.com, 0
+max9365.com, 0
+max96.de, 1
+maxaro.nl, 1
+maxb.fm, 1
+maxbike.tk, 1
+maxboobs.com, 1
+maxbruckner.de, 1
+maxbruckner.org, 1
+maxbuelk.de, 1
+maxbytes.nl, 0
+maxchan.info, 1
+maxclean.ml, 1
+maxcleaning.be, 1
+maxconstructionmachinery.com, 1
+maxdargent.com, 1
+maxdata.pt, 1
+maxedgymequipment.com, 1
+maxgamez.tk, 1
+maxh.me.uk, 1
+maxh.name, 1
+maxhamon.ovh, 1
+maxhoechtl.at, 1
+maxhorvath.com, 1
+maxi-retail.ru, 1
+maxibanki.ovh, 1
+maxico.tk, 1
+maxigiga.com, 1
+maxiglobal.net, 1
+maxihide.tk, 1
+maxihyp.de, 1
+maxim.live, 1
+maxima.at, 0
+maximababy.de, 1
+maximalsparen.com, 1
+maximanet.tk, 1
+maximbaz.com, 1
+maximdeboiserie.be, 1
+maximdens.be, 1
+maximeferon.fr, 1
+maximegagnon.io, 1
+maximemalfoy.com, 1
+maximemichaud.me, 1
+maximilian-graf.de, 1
+maximilian-greger.com, 1
+maximilian-staedtler.de, 1
+maximiliancole.tk, 1
+maximiliangaedig.com, 1
+maximiliankaul.de, 1
+maximiliankrieg.de, 1
+maximoguk.com, 1
+maximosilupu.tk, 1
+maximovie.eu, 1
+maxims-travel.com, 1
+maximumcontrol.nl, 1
+maximumphysiotherapy.com, 1
+maximusconstrutora.com.br, 1
+maximusrose.com, 1
+maxindo.net.id, 1
+maxinesbydennees.com, 1
+maxipcalls.com, 0
+maxipro.ru, 1
+maxiservak.ml, 1
+maxisito.it, 1
+maxivisor.ga, 1
+maxjacobs.com.au, 1
+maxkaul.de, 1
+maxlaumeister.com, 1
+maxley.yachts, 1
+maxmanus.ga, 1
+maxmarket.bg, 1
+maxmatthe.ws, 1
+maxmilton.com, 1
+maxmind-test.com, 1
+maxmuen.de, 1
+maxmusic.tk, 1
+maxmusical.ml, 1
+maxnac.tk, 1
+maxopen.cf, 1
+maxopolyworldnews.com, 1
+maxp.info, 0
+maxpl0it.com, 1
+maxpoint.it, 1
+maxportal.tk, 1
+maxprog.com, 1
+maxqda.com, 1
+maxqda.de, 1
+maxr1998.de, 0
+maxrandolph.com, 1
+maxrickettsuy.com, 1
+maxrider.tk, 1
+maxroganov.tk, 1
+maxs.com, 1
+maxschleiffer.com, 1
+maxtransport.az, 1
+maxtruxa.com, 1
+maxundlara.at, 1
+maxundlara.com, 1
+maxundlara.eu, 1
+maxundlara.org, 1
+maxuniverse.de, 1
+maxus.com.py, 1
+maxus.tk, 1
+maxvaluedeals.com, 1
+maxwaellenergie.de, 1
+maxweiss.io, 1
+maxwell-english.co.jp, 0
+maxwellblog.com, 1
+maxwellcity.cf, 1
+maxwellcity.ga, 1
+maxwellcity.ml, 1
+maxwellmoore.co.uk, 1
+maxwittfeld.tech, 1
+may-tree.ru, 1
+may24.tw, 1
+mayaimplant.com, 1
+mayamaibach.org, 1
+mayamarquez.co, 1
+mayamushrooms.co.uk, 1
+mayanaturopathy.co.uk, 1
+mayanet.tk, 1
+mayangateway.com, 1
+mayarocabletv.com, 1
+mayaroconstituency.org, 1
+mayashoefke.tk, 1
+mayavi.co.in, 0
+maybeonline.de, 1
+maybeshewill.xyz, 1
+maybeul.com, 1
+mayblossom.net, 1
+maycarivero.com, 1
+maydaystrategies.com, 1
+maydex.info, 1
+mayerbrownllz.com, 1
+mayfieldheightsohio.gov, 1
+mayflowerbocawina.tk, 1
+mayflowercreative.com, 1
+mayflowerfairytales.com, 1
+mayito.tk, 1
+mayki.ga, 1
+maykitut.tk, 1
+maynails.com.br, 1
+maynardnetworks.com, 0
+maynesoftware.co.uk, 1
+mayomarquees.com, 1
+mayopartyhire.com, 1
+mayorcahill.com, 1
+mayre-idol.tk, 1
+mayrivermontessori.com, 1
+maysambotros.tk, 1
+mayslandingcornholeleague.com, 1
+maythai.eu, 1
+maythai.pl, 1
+maytretrungphuong.com, 1
+maywood-il.gov, 1
+mayx.eu.org, 1
+mazartdesign.tk, 1
+mazavto.ml, 1
+mazcue.com, 0
+mazda-mps.de, 1
+mazda-thermote.com, 1
+mazda626.net, 1
+mazdaofgermantown.com, 1
+mazdel.tk, 1
+maze.com.br, 1
+maze.fr, 0
+mazenitude.fr, 1
+mazepa.ml, 1
+mazet-machines-a-coudre.fr, 1
+mazhab.tk, 1
+mazik.tk, 1
+mazken.tk, 1
+mazternet.ru, 1
+mazurlabs.tk, 1
+mazury-invest.pl, 1
+mazzotta.me, 1
+mb-amenagements.be, 1
+mb-analytics.at, 1
+mb-demo.net, 1
+mb-is.info, 1
+mb-server.de, 1
+mb-t.net, 1
+mb300sd.com, 1
+mbaasy.com, 1
+mbaestlein.de, 1
+mbainflatables.co.uk, 1
+mbalaw.pl, 1
+mbanogmat.com, 1
+mbar.us, 1
+mbarbadun.es, 0
+mbardot.com, 0
+mbasic.facebook.com, 0
+mbcars.be, 0
+mbci.gov, 1
+mbcoaching40.fr, 1
+mbcom.de, 1
+mbd2021cm.com, 1
+mbda.gov, 1
+mbddash-staging.azurewebsites.net, 1
+mbdou50.ru, 1
+mbdrogenbos-usedcars.be, 1
+mbeach.fr, 1
+mbed.com, 1
+mbed.org, 1
+mbedcloud.com, 1
+mbedcloudintegration.net, 1
+mbfiles.tk, 1
+mbi.nl, 1
+mbilker.us, 1
+mbinf.de, 0
+mbinformatik.de, 0
+mbjeng.com, 0
+mbk.net.pl, 1
+mblankhorst.nl, 1
+mble.mg, 1
+mbmassageterapi.se, 1
+mbpskill.co.id, 1
+mbr-net.de, 1
+mbr.moe, 1
+mbr.pw, 1
+mbrd.de, 1
+mbrental.fr, 1
+mbrjun.cn, 1
+mbsec.net, 1
+mbsunu.com, 1
+mbsync4supply.com, 1
+mbt-constructions.co.uk, 1
+mbtaadvisoryboard.gov, 1
+mbudy.in, 1
+mburaks.com, 1
+mburns.duckdns.org, 1
+mbvelden.nl, 1
+mbw.org.au, 1
+mbwemmel-usedcars.be, 1
+mbwsignup.com, 1
+mc-auth.com, 1
+mc-connect.net, 1
+mc-dos.ru, 1
+mc-jobs.net, 1
+mc-sin.ch, 1
+mc-teemocraft.tk, 1
+mc.ax, 1
+mc007.xyz, 1
+mc2informatique.fr, 1
+mc3dreal.de, 1
+mc4free.cc, 1
+mc5zvezd.ru, 0
+mcagon.tk, 1
+mcahm.eu.org, 1
+mcalert.in, 1
+mcaps-mn.gov, 1
+mcb-bank.com, 1
+mcbbs.wiki, 1
+mcbooks.vn, 0
+mccannhealth.com, 1
+mccannworldgroup.com, 1
+mccarthyprestige.com.au, 1
+mccarthystonefoundation.org, 0
+mccinc.ca, 1
+mcclaincountyok.gov, 1
+mccn.pp.ua, 1
+mccommando.tk, 1
+mcconciergerie.com, 1
+mcconecountymt.gov, 1
+mccoolesredlioninn.com, 1
+mccordscvs.com, 1
+mccsquantico.marketing, 1
+mcculloughjchris.com, 0
+mcculloughsgolf.com, 1
+mccurtainems.gov, 1
+mcdanieldevelopmentservices.com, 1
+mcdean.com, 1
+mcdeed.net, 1
+mcdermottautomotive.com, 1
+mcdesigns68.co.uk, 1
+mcdgenclikkulubu.org, 1
+mcdona1d.me, 1
+mcdonaldcountymissouri.gov, 1
+mcdonalds.cloud, 1
+mcdonalds.co.il, 1
+mcdonalds.design, 1
+mcdowellcountyncboe.gov, 1
+mcdowellcountywv.gov, 1
+mcdowellnews.com, 1
+mcdreamcity.com, 1
+mcdsg.net, 1
+mcduff.ga, 1
+mce.eu, 1
+mce.nyc, 1
+mce55.eu, 1
+mcea-hld.jp, 1
+mceconferencecentre.eu, 1
+mcemyigit.com.tr, 1
+mcescher.com, 1
+mceyedol.tk, 1
+mcfallout.ru, 1
+mcfarlow.sk, 1
+mcfipvt.com, 1
+mcfreedom.eu, 1
+mcg4loans.com, 1
+mcgaccountancy.co.uk, 1
+mcgarrybair.com, 1
+mcgavocknissanwichitaparts.com, 1
+mcgillsbuses.co.uk, 1
+mcgovernance.com, 1
+mcgrand.shop, 1
+mcgregortx.gov, 1
+mch2022.org, 1
+mchaelkordomain.tk, 1
+mchan.us, 1
+mchel.net, 1
+mchenrycountyclerkil.gov, 1
+mchollet.eu, 1
+mchopkins.net, 1
+mchost.no, 1
+mchristopher.com, 1
+mchughisle.net, 1
+mci.gov.sg, 0
+mcideas.tk, 1
+mcintyredisplays.com, 1
+mcirculo.com.br, 1
+mcivor.me, 1
+mcjackk77.me, 1
+mcjars.com, 1
+mckay-bednar.net, 1
+mckeancountypa.gov, 1
+mckendry.com, 1
+mckendry.consulting, 1
+mckenna.academy, 0
+mckenney.xyz, 1
+mckenzielandscaping.ca, 1
+mckernan.in, 0
+mckhan.com, 1
+mckinley1.com, 1
+mckinleytk.com, 1
+mckinneyisdtx.gov, 1
+mckleenz.com, 1
+mckycraft.xyz, 1
+mcl.de, 1
+mcl.gg, 1
+mclanedirect.com, 1
+mclanexpress.com, 1
+mclast.de, 1
+mclear.in, 1
+mcleishandmatthews.com.au, 1
+mclennan.gov, 1
+mcleodcountymn.gov, 1
+mcleodgaming.com, 1
+mcleodoptical.com, 1
+mclinflatables.co.uk, 1
+mclmotors.co.uk, 1
+mcmillan.ski, 1
+mcmillanskiclub.com, 1
+mcmillanskiclub.com.au, 0
+mcmind.ddns.net, 1
+mcmk.in, 1
+mcnairinternational.com, 1
+mcnav.net, 1
+mcnet.care, 1
+mcnext.net, 1
+mcnoobs.pro, 1
+mcon.se, 1
+mconline.sg, 1
+mcos.nc, 1
+mcost.no, 1
+mcoutinho.pt, 0
+mcpa.top, 0
+mcpaoffice.com, 1
+mcpart.land, 1
+mcpat.com, 1
+mcpe.computer, 1
+mcpepc.com, 1
+mcpepc.me, 0
+mcplayman.de, 1
+mcprocdn.com, 1
+mcraft.ru, 1
+mcregex.com, 1
+mcrn.jp, 1
+mcrook.com, 1
+mcs-nl.com, 1
+mcsa-usa.org, 1
+mcsdatum.co.uk, 1
+mcseboard.de, 1
+mcserverslisting.net, 1
+mcsfikirsanat.com, 1
+mcsidan.tk, 1
+mcsmart.ru, 1
+mcsnovatamabayan.com, 1
+mcsoneca.tk, 1
+mcsrvstat.us, 1
+mcstaralliance.com, 1
+mctea.tk, 1
+mctherealm.net, 1
+mctitan.net, 1
+mctools.org, 1
+mctwcloud.tk, 1
+mcubedigital.com, 1
+mcukhost.co.uk, 1
+mcuuid.net, 1
+mcversions.net, 1
+mcvs.net, 1
+mcwrapper.com, 1
+mcycbd.com.au, 1
+mcyukon.com, 1
+md-1xbet.com, 1
+md-clinica.com.ua, 1
+md-events.tk, 1
+md-mb.ro, 1
+md-progressistes.fr, 1
+md-service.net, 1
+md28.in, 1
+md5file.com, 1
+mdaemon.de, 1
+mdaemon.tips, 1
+mdangels.org, 1
+mdatc.gov, 1
+mdazo.net, 1
+mdbre.gov, 1
+mdbug.de, 1
+mdca-jp.org, 1
+mdcloudps.com, 1
+mdconnect.asia, 1
+mddetails.com, 1
+mddietclinic.com, 1
+mddistributorsstore.com, 1
+mdeep.ru, 1
+mdek.at, 1
+mdewendt.de, 1
+mdf-bis.com, 0
+mdf-nakladki.kiev.ua, 1
+mdgsocialmediasecurity.com, 1
+mdgx.com, 1
+mdinstituteplasticsurgery.com, 1
+mdinvest.nz, 1
+mdir.tk, 1
+mditsa.de, 1
+mdiv.pl, 1
+mdjobsite.com, 1
+mdlayher.com, 1
+mdleom.com, 1
+mdma.net, 1
+mdmed.clinic, 1
+mdns.eu, 1
+mdosch.de, 1
+mdpp.com.br, 1
+mdpparish.com, 1
+mdrsp.de, 1
+mdrthmcs.io, 1
+mds-paris.com, 1
+mdsave.com, 1
+mdscomp.net, 1
+mdsglobal.com, 1
+mdswlegal.com, 1
+mdtaxconnect.gov, 1
+mdtorelli.it, 1
+mdwedding168.com, 1
+mdwellness.ca, 1
+mdwftw.com, 1
+mdx.no, 1
+mdxdave.de, 0
+mdxn.org, 1
+me-groups.com, 1
+me-mainz.de, 1
+me-news.tk, 1
+me-soft.nl, 1
+me.com.br, 1
+me.net.nz, 0
+me.vu, 1
+me7878.com, 1
+mea-vota-uitvaart.nl, 1
+mea.com.lb, 1
+meadowfen.farm, 1
+meadowfenfarm.com, 1
+meadowviewfarms.org, 1
+meadvillems.gov, 1
+mealcast.ml, 1
+mealpedant.com, 1
+meals.lv, 1
+mealsnmemories.in, 1
+meamod.com, 0
+meandmyemotions.org, 1
+meanevo.com, 1
+meangreenjunk.com, 1
+meaningfulaction.org, 1
+meanit.ie, 1
+meanjstraininginstitute.com, 1
+meany.xyz, 1
+meao.market, 1
+meao.online, 1
+meao.pictures, 1
+meao.ru, 1
+meapbot.com, 1
+meapbot.net, 1
+meapbot.org, 1
+meapbot.pro, 1
+measiedu.org, 1
+measureaustralia.com.au, 1
+measurementsolutionsinc.com, 1
+measureyourpenis.today, 1
+meat-education.com, 1
+meat.org.uk, 1
+meatfoods.com.br, 1
+meatfreecarnivore.com, 1
+meavagas.com, 1
+meazurelearning.com, 1
+mebehliyetsinavsorulari.com, 1
+mebel-dnr.ml, 1
+mebel-voronezh.cf, 1
+mebelconcept.tk, 1
+mebelipalitra.ru, 0
+mebelipetrov.com, 1
+mebelisk.com.br, 1
+mebelizori.com, 1
+mebelnik.pro, 1
+mebeloffice.com.ua, 1
+mebelok.com, 1
+mebelradom.com, 1
+mebelshik.tk, 1
+meblerymar.pl, 1
+mebtall.ru, 1
+mec.gub.uy, 1
+mec010.com, 1
+mec020.com, 1
+mec021.com, 1
+mec022.com, 1
+mec023.com, 1
+mec024.com, 1
+mec025.com, 1
+mec027.com, 1
+mec028.com, 1
+mec029.com, 1
+mec0310.com, 1
+mec0311.com, 1
+mec0312.com, 1
+mec0313.com, 1
+mec0314.com, 1
+mec0315.com, 1
+mec0316.com, 1
+mec0317.com, 1
+mec0318.com, 1
+mec0319.com, 1
+mec0335.com, 1
+mec0350.com, 1
+mec0351.com, 1
+mec0352.com, 1
+mec0353.com, 1
+mec0354.com, 1
+mec0355.com, 1
+mec0356.com, 1
+mec0357.com, 1
+mec0358.com, 1
+mec0359.com, 1
+mec0370.com, 1
+mec0371.com, 1
+mec0372.com, 1
+mec0373.com, 1
+mec0374.com, 1
+mec0375.com, 1
+mec0376.com, 1
+mec0377.com, 1
+mec0378.com, 1
+mec0379.com, 1
+mec0391.com, 1
+mec0392.com, 1
+mec0393.com, 1
+mec0394.com, 1
+mec0395.com, 1
+mec0396.com, 1
+mec0398.com, 1
+mec0410.com, 1
+mec0411.com, 1
+mec0412.com, 1
+mec0413.com, 1
+mec0414.com, 1
+mec0415.com, 1
+mec0416.com, 1
+mec0419.com, 1
+mec0421.com, 1
+mec0429.com, 1
+mec0431.com, 1
+mec0432.com, 1
+mec0433.com, 1
+mec0434.com, 1
+mec0435.com, 1
+mec0436.com, 1
+mec0437.com, 1
+mec0438.com, 1
+mec0439.com, 1
+mec0440.com, 1
+mec0450.com, 1
+mec0451.com, 1
+mec0452.com, 1
+mec0453.com, 1
+mec0454.com, 1
+mec0455.com, 1
+mec0456.com, 1
+mec0457.com, 1
+mec0458.com, 1
+mec0459.com, 1
+mec0470.com, 1
+mec0471.com, 1
+mec0472.com, 1
+mec0473.com, 1
+mec0474.com, 1
+mec0475.com, 1
+mec0476.com, 1
+mec0477.com, 1
+mec0478.com, 1
+mec0479.com, 1
+mec0482.com, 1
+mec0483.com, 1
+mec0510.com, 1
+mec0511.com, 1
+mec0512.com, 1
+mec0513.com, 1
+mec0514.com, 1
+mec0515.com, 1
+mec0516.com, 1
+mec0517.com, 1
+mec0518.com, 1
+mec0519.com, 1
+mec0523.com, 1
+mec0530.com, 1
+mec0531.com, 1
+mec0532.com, 1
+mec0533.com, 1
+mec0534.com, 1
+mec0535.com, 1
+mec0536.com, 1
+mec0537.com, 1
+mec0538.com, 1
+mec0539.com, 1
+mec0550.com, 1
+mec0551.com, 1
+mec0552.com, 1
+mec0553.com, 1
+mec0554.com, 1
+mec0555.com, 1
+mec0556.com, 1
+mec0557.com, 1
+mec0558.com, 1
+mec0559.com, 1
+mec0561.com, 1
+mec0562.com, 1
+mec0563.com, 1
+mec0564.com, 1
+mec0565.com, 1
+mec0566.com, 1
+mec0570.com, 1
+mec0571.com, 1
+mec0572.com, 1
+mec0573.com, 1
+mec0574.com, 1
+mec0575.com, 1
+mec0576.com, 1
+mec0577.com, 1
+mec0578.com, 1
+mec0579.com, 1
+mec0580.com, 1
+mec0591.com, 1
+mec0592.com, 1
+mec0593.com, 1
+mec0594.com, 1
+mec0595.com, 1
+mec0596.com, 1
+mec0597.com, 1
+mec0598.com, 1
+mec0599.com, 1
+mec0660.com, 1
+mec0661.com, 1
+mec0662.com, 1
+mec0663.com, 1
+mec0691.com, 1
+mec0692.com, 1
+mec0701.com, 1
+mec0710.com, 1
+mec0711.com, 1
+mec0712.com, 1
+mec0713.com, 1
+mec0714.com, 1
+mec0715.com, 1
+mec0716.com, 1
+mec0717.com, 1
+mec0718.com, 1
+mec0719.com, 1
+mec0722.com, 1
+mec0724.com, 1
+mec0728.com, 1
+mec0730.com, 1
+mec0731.com, 1
+mec0732.com, 1
+mec0733.com, 1
+mec0734.com, 1
+mec0735.com, 1
+mec0736.com, 1
+mec0737.com, 1
+mec0738.com, 1
+mec0739.com, 1
+mec0743.com, 1
+mec0744.com, 1
+mec0745.com, 1
+mec0746.com, 1
+mec0751.com, 1
+mec0752.com, 1
+mec0753.com, 1
+mec0754.com, 1
+mec0755.com, 1
+mec0756.com, 1
+mec0757.com, 1
+mec0758.com, 1
+mec0759.com, 1
+mec0760.com, 1
+mec0762.com, 1
+mec0763.com, 1
+mec0765.com, 1
+mec0766.com, 1
+mec0768.com, 1
+mec0769.com, 1
+mec0770.com, 1
+mec0771.com, 1
+mec0772.com, 1
+mec0773.com, 1
+mec0774.com, 1
+mec0775.com, 1
+mec0776.com, 1
+mec0777.com, 1
+mec0778.com, 1
+mec0779.com, 1
+mec0790.com, 1
+mec0791.com, 1
+mec0792.com, 1
+mec0793.com, 1
+mec0794.com, 1
+mec0795.com, 1
+mec0796.com, 1
+mec0797.com, 1
+mec0798.com, 1
+mec0799.com, 1
+mec0810.com, 1
+mec0811.com, 1
+mec0812.com, 1
+mec0813.com, 1
+mec0814.com, 1
+mec0816.com, 1
+mec0817.com, 1
+mec0818.com, 1
+mec0819.com, 1
+mec0826.com, 1
+mec0827.com, 1
+mec0830.com, 1
+mec0831.com, 1
+mec0832.com, 1
+mec0833.com, 1
+mec0834.com, 1
+mec0835.com, 1
+mec0836.com, 1
+mec0837.com, 1
+mec0838.com, 1
+mec0839.com, 1
+mec0840.com, 1
+mec0851.com, 1
+mec0852.com, 1
+mec0853.com, 1
+mec0854.com, 1
+mec0855.com, 1
+mec0856.com, 1
+mec0857.com, 1
+mec0858.com, 1
+mec0859.com, 1
+mec0870.com, 1
+mec0871.com, 1
+mec0872.com, 1
+mec0873.com, 1
+mec0874.com, 1
+mec0875.com, 1
+mec0876.com, 1
+mec0877.com, 1
+mec0878.com, 1
+mec0879.com, 1
+mec0881.com, 1
+mec0883.com, 1
+mec0886.com, 1
+mec0887.com, 1
+mec0888.com, 1
+mec0890.com, 1
+mec0891.com, 1
+mec0898.com, 1
+mec0899.com, 1
+mec0910.com, 1
+mec0911.com, 1
+mec0912.com, 1
+mec0913.com, 1
+mec0914.com, 1
+mec0915.com, 1
+mec0916.com, 1
+mec0917.com, 1
+mec0919.com, 1
+mec0930.com, 1
+mec0931.com, 1
+mec0932.com, 1
+mec0933.com, 1
+mec0934.com, 1
+mec0935.com, 1
+mec0936.com, 1
+mec0937.com, 1
+mec0938.com, 1
+mec0941.com, 1
+mec0943.com, 1
+mec0951.com, 1
+mec0952.com, 1
+mec0953.com, 1
+mec0954.com, 1
+mec0971.com, 1
+mec0972.com, 1
+mec0973.com, 1
+mec0974.com, 1
+mec0975.com, 1
+mec0976.com, 1
+mec0977.com, 1
+mec0991.com, 1
+mec111.com, 1
+mec111.net, 1
+mec222.com, 1
+mec222.net, 1
+mec333.com, 1
+mec333.net, 1
+mec539.com, 1
+mec555.com, 1
+mec555.net, 1
+mec666.net, 1
+mec760.com, 1
+mec777.net, 1
+mec825.com, 1
+mec888.com, 1
+mec888.net, 1
+mec999.com, 1
+mec999.net, 1
+mecalux.com, 1
+mecalux.es, 1
+mecanicoautomotriz.org, 0
+mecari.tk, 1
+meccanico.milano.it, 1
+meccano.srl, 1
+meccrcog-oh.gov, 1
+mecenat-cassous.com, 1
+mecenatfoot.fr, 1
+mechafightclub.com, 1
+mechanical.tk, 1
+mechanics-schools.com, 1
+mechanicweb.com, 1
+mechanus.io, 1
+mechasdepelo.com, 0
+mechaspartans6648.com, 1
+mechinfinity.tk, 1
+mechmk1.me, 1
+mechta.gq, 1
+meciel.net, 1
+mecloudprinter.com, 1
+mecomed.com, 1
+mecp.de, 1
+med-banki.ru, 1
+med-colleges.com, 1
+med-flex.com, 1
+med-line.cf, 1
+med-metrix.com, 0
+med-nagoya-neurosurgery.jp, 1
+med-otzyv.ru, 1
+med-spravca.ml, 1
+med.tips, 1
+meda.bg, 1
+medaboutme.ru, 1
+medalerthelp.org, 1
+medali21.tk, 1
+medaliturki.tk, 1
+medalofvalor.gov, 1
+medbankishop.ru, 1
+medbiocompany.com, 1
+medbiocompany.ml, 1
+medbreaker-friends.at, 1
+medbreaker.one, 0
+medcab.in, 1
+medcaremso.com, 1
+medcartoon.com, 1
+medcentr.online, 1
+medcentrnadezhda.ru, 1
+medcir.com.br, 1
+medcorfu.gr, 1
+medcrowd.com, 1
+meddata.pp.ua, 1
+meddatix.com, 1
+meddiehub.com, 1
+meddigital.com, 0
+meddin.com, 1
+mede-handover.azurewebsites.net, 1
+medebridge.com.au, 1
+medec.ec, 1
+medecinesalternatives-developpementspirituelcreatif.com, 1
+medefield.com, 1
+medeinos.lt, 0
+medelement.com, 1
+medellinapartamentos.com, 1
+medellinencanciones.tk, 1
+medfind.link, 1
+medfordoregon.gov, 1
+medfordwi.gov, 1
+medguide-bg.com, 1
+medhatzaki.com, 1
+medhiwa.com, 1
+medhy.fr, 1
+medi-link.co.il, 0
+medi.com.br, 1
+media-cable-solutions.de, 1
+media-credit.eu, 1
+media-cube.com, 1
+media-fleet.fr, 1
+media-instance.ru, 1
+media-journalism.org, 1
+media-land.tk, 1
+media-library.co.uk, 1
+media-serwis.com, 1
+media-start.tk, 1
+media-store.ir, 1
+media-street.co.uk, 1
+media-valko.hu, 1
+media-webs5.com, 1
+media24.world, 1
+media4u.tk, 1
+mediaarea.net, 1
+mediaareplural.ca, 1
+mediabackoffice.co.jp, 1
+mediablaster.com, 1
+mediabogen.net, 1
+mediabola.net, 1
+mediabookdb.de, 0
+mediabooks.ml, 1
+mediaboutique.nl, 1
+mediacenter.dynv6.net, 1
+mediacluster.de, 1
+mediacolor.fr, 1
+mediadex.be, 1
+mediafly.com, 1
+mediafocus.biz, 1
+mediaforkids.org, 1
+mediagetnews.tk, 1
+mediagrand.net, 1
+mediagus.com, 1
+mediahaus.de, 0
+mediajurnal.com, 1
+medialab.nrw, 1
+medialine.ag, 1
+medialine.com, 1
+medialinkz.ga, 1
+medialunaventura.com, 1
+medialys.ca, 1
+mediamarket42.tk, 1
+mediamarkt.pl, 1
+mediametrix.ru, 1
+mediamonitors.net, 1
+mediamora.nl, 1
+medianbases.ga, 1
+mediantechnologies.com, 1
+mediaoffice.ae, 1
+mediapark.uz, 1
+mediapart.fr, 1
+mediapath.gr, 0
+mediapost-publicite.fr, 1
+mediaprint-eco.com, 1
+mediarenegades.net, 1
+mediarithmics.com, 1
+mediarithmics.io, 1
+mediarquita.com, 1
+medias-presse.info, 1
+mediasagasocialseo.com, 1
+mediaserver7.com, 1
+mediasklep24.pl, 1
+mediaspike.com, 1
+mediassist.in, 1
+mediassistindia.com, 1
+mediassistindia.net, 1
+mediassisttpa.in, 1
+mediasst.com, 1
+mediastroke.com, 1
+mediataput.ga, 1
+mediathekview.de, 0
+mediation-mv.de, 1
+mediationculturelleclp.ch, 0
+mediatorzy.waw.pl, 1
+mediatrust.org, 1
+mediaukkies.nl, 0
+mediawax.be, 1
+mediaweb.com.ve, 1
+mediawijsheid.nl, 0
+mediawijzer.net, 0
+mediawiki.com, 1
+mediawiki.org, 1
+medibooker.com.au, 1
+medic-world.com, 1
+medic808.com, 1
+medicairsolutions.com, 1
+medical-assistant-colleges.com, 1
+medical-centr.tk, 1
+medical-contact.de, 1
+medical-hospital-beds.com, 1
+medical-instinct.de, 0
+medical-tiny.com, 1
+medical-tiny.de, 1
+medicalabroad.org, 0
+medicalaegis.com, 1
+medicalassistantadvice.com, 1
+medicalassistantschools.com, 1
+medicalauction.ga, 1
+medicalbillingcodingworld.com, 1
+medicalbillrights.gov, 1
+medicalbrace.net, 1
+medicalcountermeasures.gov, 1
+medicaldispute.tk, 1
+medicaleyetec.fr, 1
+medicalhelp.com.br, 1
+medicallicensing.com, 1
+medicalonliner.tk, 1
+medicalpeople.tk, 1
+medicalphysicistservices.com, 1
+medicalsite.tk, 1
+medicalsland.com, 1
+medicaltiny.com, 1
+medicaltiny.de, 1
+medicaltools.de, 1
+medicalys-tunisie.com, 0
+medicare-providers.net, 1
+medicareadvantage.com, 1
+medicareclinic.tk, 1
+medicarecompareusa.com, 1
+medicarecoveragefinder.com, 1
+medicareinfo.org, 1
+medicaremarket.com, 1
+medicaresupplement.com, 1
+medicasa-gmbh.de, 1
+medicel.com, 1
+medicenteritalia.it, 1
+medichat.ml, 1
+medicimaging.com, 1
+medicina-interventionala.ro, 1
+medicina-news.tk, 1
+medicinae.solutions, 1
+medicinaesolutions.com, 1
+medicinaesolutions.com.br, 1
+medicinalflora.com.br, 1
+medicinasportpadova.it, 1
+medicine.com, 1
+medicine.lv, 1
+medicinesfast.com, 0
+medicinia.com.br, 1
+medicinskavranje.edu.rs, 1
+mediciventures.com, 1
+mediclinik.tk, 1
+medicm.jp, 1
+medicompany.tk, 1
+medicoresponde.com.br, 1
+medictools.de, 1
+medicus.ai, 1
+medidordehumedad.online, 1
+mediengestalter-website.de, 1
+medienhelden.de, 1
+medienweite.de, 1
+medievalexpert.com, 1
+medifab.online, 1
+medifit.si, 1
+medifoto.tk, 1
+medigap-quote.net, 1
+medihost.com.au, 1
+medihostsolutions.com.au, 1
+medikuma.com, 1
+medilogistics.co.za, 1
+medinacountyohio.gov, 1
+medinaelst.nl, 1
+medinc.tk, 1
+mediniti.com, 1
+medino.com, 1
+medinorte.es, 1
+medinside.ch, 0
+medinside.li, 0
+medinsider.ch, 0
+medinsider.li, 0
+medirota.com, 1
+medisense.tk, 1
+mediskin.ro, 1
+medisuv.ga, 1
+medisysintl.net, 1
+medisystempharmacy.com, 1
+meditacionesparasanar.club, 1
+meditadvisors.com, 1
+meditarenargentina.org, 1
+meditateinolympia.org, 1
+meditation-music.shop, 1
+meditation-rennes.org, 1
+meditationsydney.org.au, 1
+meditel.nl, 1
+meditez.ca, 1
+meditrak.ml, 1
+medium.com, 1
+mediums.cf, 1
+medivisionsc.com, 1
+medivox.tk, 1
+mediweed.tk, 1
+mediziner-goettingen.tk, 1
+medja.net, 1
+medklee.com, 1
+medkliniks.ru, 1
+medlemsraadgiveren.no, 1
+medlemsradgiveren.no, 1
+medlineplus.gov, 1
+medlink.pl, 1
+medmark.com, 1
+medmobil.ru, 1
+medo64.com, 1
+medofis.com, 1
+medorand.gov, 1
+medosedu.in, 1
+medousaclinique.com, 1
+medovea.ru, 1
+medovoe.ml, 1
+medpeer.co.jp, 1
+medpeer.jp, 1
+medportalmd.tk, 1
+medpost.com, 1
+medprozone.com, 1
+medreich.com, 1
+medrol.cf, 1
+meds.ru, 1
+medsanuk.co.uk, 1
+medscangroup.ru, 1
+medschat.com, 1
+medschrome.com, 1
+medscope.com.au, 1
+medscope.tk, 1
+medsi-online.tk, 1
+medsilset.com.br, 1
+medsister.tk, 1
+medsol.co.za, 0
+medsovet.tv, 1
+medspecial.tk, 1
+medstatix-dev.com, 1
+medstatix.co, 1
+medtalents.ch, 1
+medtankers.management, 0
+medtech-jp.net, 1
+medtehnika.ua, 1
+medtronicpain.com, 1
+medullaortopedi.com, 1
+medunovi.com, 1
+medusa.wtf, 1
+meduza.io, 1
+medvedikorenka.cz, 1
+medvedivka.tk, 1
+medvedka-nasekomoe.tk, 1
+medvedkovo-hovrino.ru, 1
+medvesajt.hu, 1
+medvet.com.es, 1
+medy-me.com, 1
+medyahabertv.com, 1
+medyaweb.net, 1
+medycznyangielski.pl, 1
+medyotan.ga, 1
+medyumzeyneleroglu.com, 1
+medza.ru, 1
+medzinenews.com, 0
+meedoennoordkop.nl, 0
+meek.ml, 1
+meekhak.com, 1
+meeko.cc, 1
+meekru.com, 1
+meektech.com, 1
+meenzen.net, 1
+meeo7.tk, 1
+meepbot.net, 1
+meepbot.org, 1
+meepbot.pro, 1
+meeque.de, 1
+meer-der-ideen.de, 1
+meeras.ga, 1
+meereskunst.de, 1
+meerman.nl, 1
+meesenburg.ro, 1
+meesman.nl, 1
+meesteresmisty.nl, 1
+meet, 1
+meet.google.com, 1
+meetanshi.com, 1
+meetbeagle.com, 1
+meetbot.fedoraproject.org, 1
+meetcleo.com, 1
+meetfranz.com, 1
+meetfriends.tk, 1
+meeting-server.ml, 1
+meetingvotes.com, 1
+meetjeslandsetriathlon.tk, 1
+meetmaps.com, 1
+meetmarlo.com, 1
+meetmibaby.co.uk, 1
+meetmonarch.com, 1
+meetmygoods.com, 1
+meetmyown.ga, 1
+meetmyown.tk, 1
+meetthesinglessda.co.uk, 1
+meettheslavs.com, 1
+meetville.com, 1
+meetyou.me, 1
+meeusen-usedcars.be, 1
+meewan.fr, 1
+meeztech.com, 1
+meeztertom.nl, 1
+mefano.com, 1
+meffrepatrimoine.com, 1
+meg-a-bounce.co.uk, 1
+mega-aukcion.ru, 1
+mega-byte.nl, 0
+mega-feeling.de, 1
+mega-jeans.ru, 1
+mega-microstories.com, 1
+mega.co.nz, 1
+mega.io, 0
+mega.nz, 1
+megaar.tk, 1
+megabike.tk, 1
+megabook.ml, 1
+megabooker.hr, 1
+megabounce.co.uk, 1
+megabouncingcastles.com, 1
+megacellenerji.com, 1
+megadrol.com, 1
+megaelettrostimolatore.com, 1
+megafilez.tk, 1
+megaflix.nl, 1
+megaflowers.ru, 1
+megagame.zapto.org, 1
+megagifs.de, 1
+megaherz.tk, 1
+megahobby.jp, 1
+megahost.kz, 1
+megahostingbr.tk, 1
+megahouse.co.jp, 1
+megaimpressao3d.com.br, 1
+megainflatables.co.uk, 1
+megainformatyk.pl, 1
+megajackpot.ph, 1
+megajackpot.win, 1
+megajatek.hu, 1
+megakoncert90.cz, 1
+megalibportal.ga, 1
+megalibrarygirl.ml, 1
+megalogistic.ru, 1
+megalol.tk, 1
+megalonomia.ml, 1
+megam.host, 1
+megamarket-russia.ru, 1
+megamillions.tk, 1
+megamisja.pl, 1
+megamov.eu, 1
+megamov.fr, 1
+megamov.pro, 1
+meganandmarc.us, 1
+meganholliday.blog, 1
+meganmarston.cf, 1
+meganmarston.ga, 1
+meganruggiero.com, 1
+megaobzor.com, 1
+megaparadise.ml, 1
+megapari.com, 1
+megapixel.cz, 1
+megaplan.cz, 1
+megaportal.ga, 1
+megaportal.tk, 1
+megaprofi.tk, 1
+megarap.cf, 1
+megaron.at, 1
+megasesso.com, 1
+megasitesoficial.tk, 1
+megasunsunglasses.bg, 1
+megateam.tk, 1
+megatom.net.br, 1
+megatyumen.ru, 1
+megauction.tk, 1
+megavasoc.com.ar, 1
+megaviews.tk, 1
+megawebsite.tk, 1
+megawhat.energy, 1
+megaxchange.cash, 1
+megayachts.world, 1
+megazigzag.com, 1
+megeve-tourisme.fr, 1
+megger-aktionen.de, 1
+megger.li, 1
+meggidesign.com, 1
+meggie.tk, 1
+megh.tv, 1
+megin.gq, 1
+megin.tk, 1
+meginajums1.space, 1
+megmaster.com, 1
+megnetix.tk, 1
+mego-tracer.de, 1
+mego.cloud, 1
+mego.gmbh, 1
+megotracer.de, 1
+megumico.net, 1
+megztosidejos.lt, 1
+meh.is, 1
+mehalick.com, 1
+meharossii.ru, 1
+mehdavia.tk, 1
+mehdi-lifestyle.com, 1
+mehdibouchema.be, 1
+mehdimassage.com, 1
+meherbaba.sk, 1
+mehhh.xyz, 1
+mehibo.tk, 1
+mehlogy.com, 1
+mehlvilletermiteandpestcontrolinc.com, 1
+mehmet.net, 1
+mehmetince.net, 1
+mehode.com, 1
+mehostdd.com, 0
+mehrabpurtimes.tk, 1
+mehrgarh.tk, 1
+mehrleben.at, 1
+mehrnevesht.com, 1
+mehrwert.de, 1
+meia.ir, 1
+meiaiai.com, 1
+meideas108.com, 1
+meidev.co, 0
+meierhofer.net, 1
+meiersmarkus.de, 1
+meifacil.com, 1
+meigetsuen1980.com, 1
+meijburg.com, 1
+meikampf.de, 1
+meikan.moe, 1
+meiler.cf, 1
+meilink.eu, 0
+meilleur-casino-fiable.com, 1
+meilleursagents.com, 1
+meilleursavis.fr, 1
+meilleursjeuxporno.fr, 1
+meilleurstrucs.com, 1
+meima.cc, 1
+meimeistartup.com, 1
+mein-arabischkurs.de, 1
+mein-betriebsrat.digital, 1
+mein-domizil.at, 1
+mein-es1.de, 1
+mein-gehalt.at, 1
+mein-muehlhausen.bayern, 1
+mein-neuer-garten.de, 1
+mein-restaurant.digital, 1
+mein-webportal.de, 0
+meinbetriebsrat24.de, 1
+meincenter-meinemeinung.de, 1
+meincoach.at, 1
+meindm.at, 1
+meine-email-im.de, 1
+meine-email-im.net, 1
+meine-finanzanalyse.de, 1
+meine-immofinanzierung.de, 1
+meine-lebensenergie-staerken.de, 1
+meine-mav.digital, 1
+meine-mobile-reiseagentur.de, 1
+meineip.eu, 1
+meineit.dvag, 1
+meinerabatt.de, 1
+meinereiseangebote.de, 1
+meinevorlagen.com, 1
+meineweidegans.at, 1
+meinewolke.pw, 1
+meineziege.de, 1
+meinezuckerbaeckerei.de, 1
+meinflirtportalcheck.com, 1
+meinflirtportalcheck.de, 1
+meinforum.net, 1
+meinhard.com, 1
+meinstartinsleben.com, 1
+meinstartinsleben.de, 1
+meintragebaby.de, 1
+meinungsplatz.ch, 1
+meinungsplatz.de, 1
+meiqia.com, 0
+meirifuli6.com, 1
+meis.space, 1
+meise.cf, 1
+meise.ml, 1
+meistaramajas.lv, 1
+meister-stuecke.com, 1
+meister-texte.com, 1
+meister-wuttke.de, 1
+meisterlabs.com, 1
+meisternote.com, 1
+meisterplan.com, 1
+meisterplan.io, 1
+meistertask.com, 1
+meistronamai.lt, 1
+meitan.gz.cn, 1
+meitianyixiaobu.com, 1
+meiyi.ga, 1
+meiyouad.com, 1
+mejofi.com, 1
+mejofi.eu, 1
+mejofi.net, 1
+mejofi.nl, 1
+mejofi.org, 1
+mejor-broker.com, 1
+mejor-vpn.com, 1
+mejorator.net, 1
+mejorator.org, 1
+mejorespatineteselectricos.es, 1
+mejorfiltrodeagua.com, 1
+mejorlimpiafondos.com, 1
+mejovonakowogov.gq, 1
+mejpbs.com, 1
+mekajen.com, 1
+mekaleskirit.tk, 1
+mekanika.com.my, 1
+mekanismo.tk, 1
+mekatro.tech, 1
+mekatronika.tk, 1
+mekatrotekno.com, 1
+mekawy.tk, 1
+mekegi.com, 1
+meken.com, 1
+mekhaodee.com, 1
+mekkaoui.cf, 1
+mekker.dk, 1
+meklon.net, 1
+mekomit.co.il, 1
+mekongmontessori.com, 1
+mel-bet.com, 1
+melagenina.tk, 1
+melanfengshui.com, 1
+melaniatrump.com, 0
+melanie-guy.fr, 1
+melanie-schwarze.de, 1
+melaniebernhardt.com, 1
+melaniec-thebest.tk, 1
+melaniefaucher.ca, 1
+melaniegowen.com, 0
+melaniegruber.de, 1
+melanieschweiger.com, 1
+melanin.cf, 1
+melaodealmeirim.pt, 1
+melbar.com.au, 0
+melbet-sp.com, 1
+melbet.com, 1
+melbet.mobi, 1
+melbet27.com, 1
+melbet33011.com, 1
+melbetaffiliates.com, 1
+melbetapp.com, 1
+melbetua.com, 1
+melbourneapartments.website, 1
+melbournebushwalkers.org.au, 1
+melbournecivilcelebrant.tk, 1
+melbournefringe.com.au, 1
+melbournehookah.com.au, 1
+melbournehousesitters.com, 1
+melcher.it, 1
+melchizedek-forum.de, 1
+melda-agustin.tk, 1
+melda.ru, 1
+meldcode-assistent.nl, 1
+melderegister-auskunft.de, 1
+meldjeaan.be, 1
+meldknop.nl, 1
+meldpuntemma.nl, 1
+meldsluikstort.gent, 1
+mele.ro, 1
+melectronics-ostschweiz.ch, 1
+meledia.com, 0
+melenchatsmelenchiens.fr, 1
+melhorproduto.com.br, 1
+meli-deluxe.org, 1
+melicove.com, 1
+melideluxe.org, 1
+melihacar.com.tr, 1
+melikoff.es, 1
+melina-schefczyk.de, 1
+melinacurves.com, 1
+melinamay.net, 1
+melino.com.ua, 1
+meliowebweer.nl, 1
+melisica.tk, 1
+melissaadkins.com, 1
+melissaauclaire.com, 1
+melissadeluxe.com, 1
+melissageorge.tk, 1
+melissalb.tk, 1
+melissameuwszen.nl, 1
+meliyb.ga, 1
+melkboshigh.co.za, 1
+melkiran.tk, 1
+melkoghonning.no, 1
+mellenbergerathletics.com, 1
+mellika.ch, 1
+mellonexia.ml, 1
+mellonne.com, 1
+melnessgroup.com, 1
+melodee.de, 1
+melodict.com, 1
+melodija.tk, 1
+melodiouscode.co.uk, 1
+melodiouscode.com, 1
+melodiouscode.net, 1
+melodiouscode.uk, 1
+melody-lyrics.com, 1
+melody.my, 1
+melodycenter.de, 1
+melonhub.com, 1
+melonstudios.net, 1
+melopie.com, 1
+melpomene.me, 1
+melrosemichaels.net, 1
+melrosewi.gov, 1
+meltdownresearch.com, 1
+melted.me, 1
+meltina-hotel.com, 1
+meltybit.com, 1
+melusine.eu, 1
+melvillecity.com.au, 1
+melvinsfrance.tk, 1
+melvintemo.com, 1
+melyssamonroy.com, 1
+mema.recipes, 1
+memberbaz.ml, 1
+memberclicks.net, 1
+memberplushq.com, 1
+members-arbourlake.com, 1
+members-only-shopping.com, 1
+members.nearlyfreespeech.net, 0
+membershipservices.org.uk, 1
+membersolutions.com, 1
+memberstweets.com, 1
+memdoc.org, 1
+meme, 1
+meme.fi, 1
+meme.institute, 1
+memecentral.org, 1
+mememan.org, 1
+memememememememe.me, 1
+memento-mori.cf, 1
+memetrash.co.uk, 1
+memez.download, 1
+memind.net, 1
+memiux.com, 1
+memnet.com.au, 1
+memo-linux.com, 1
+memo.ee, 1
+memoire-resistance-ariege.fr, 1
+memoireimplicite.com, 1
+memoirmedie.dk, 1
+memolestas.tk, 1
+memorablewords.org, 1
+memoriaacademy.com, 1
+memorial.com.tr, 1
+memoriaseternizadas.com.br, 1
+memories-factory.pt, 1
+memorind.com, 1
+memoryex.net, 1
+memoryjoggerlibrary.com, 1
+memorylines.ml, 1
+memoryofyou.eu, 1
+memoryplex.com, 1
+memphisrap.com, 1
+memphisthemusical.com, 1
+mempool.chat, 1
+mempool.de, 1
+mempool.ninja, 1
+mempool.space, 1
+memrise.com, 1
+memurvadisi.tk, 1
+men-costumes.tk, 1
+men.com, 1
+menanam.net, 1
+menandsny.gov, 1
+menaraannonces.com, 1
+menardcountyil.gov, 1
+menashawi.gov, 1
+menazimkhan.tk, 1
+menddie.com, 1
+mendekuitxua.tk, 1
+mendel.tk, 1
+menden.com, 1
+mendipbouncycastles.co.uk, 1
+mendix-apps.com, 1
+mendmybackprogram.com, 0
+mendocinocounty.gov, 1
+mendomaps.com, 1
+mendonca.co, 1
+mendonvt.gov, 1
+mendovoice.com, 1
+mendozagenevieve.com, 1
+mendrala.eu, 1
+mendrala.net, 1
+menerga.it, 1
+mengjianjiemeng.com, 1
+mengjiucai.com, 1
+mengliangyun.xyz, 1
+mengma.pub, 1
+mengqingzhong.cn, 1
+mengqingzhong.com, 1
+mengqingzhong.com.cn, 1
+mengyibai.com, 1
+menh.vn, 1
+menhera.org, 0
+menielias.com, 1
+menlo-partner1-admin.com, 1
+menlo-partner1.com, 1
+menlo.cloud, 1
+menlo.security, 1
+menlofire.gov, 1
+menlogov-admin.com, 1
+menlogov.com, 1
+menlosecurity.com, 1
+menlosecurity.jp, 1
+menlotraining.com, 1
+menlotraining.net, 1
+menlotraining.org, 1
+menn.tk, 1
+mennace.com, 1
+mennetwork.com, 1
+menno.cloud, 0
+menno.me, 1
+mennohouse.ca, 1
+menole.com, 1
+menole.de, 1
+menole.net, 1
+menomg.com, 1
+menomineecountymi.gov, 1
+menomineemi.gov, 1
+menotag.com, 1
+mens-qzin.jp, 1
+mens-v.com, 1
+mens-watch.tk, 1
+mensagemaniversario.com.br, 1
+mensagemdaluz.com, 1
+mensagensaniversario.com.br, 1
+mensagensdeconforto.com.br, 1
+mensagensperfeitas.com.br, 0
+mensajeurbano.tk, 1
+mensajitos.tk, 1
+mensarena.gr, 1
+mensasifrovacka.cz, 1
+mensch-peter.me, 1
+menschocolat.jp, 1
+mensconvoy.tk, 1
+menselijkembryo.tk, 1
+menshaircuts.com, 0
+menshairstylestoday.com, 1
+menshealthcollective.au, 1
+menspeak.ga, 1
+menswear.tk, 1
+mental-check.jp, 1
+mentalcalculations.tk, 1
+mentalcraft.tk, 1
+mentalevolution.tk, 1
+mentalhealthcounselorlicense.com, 1
+mentalhealthmn.org, 1
+mentalhealthtimes.tk, 1
+mentalizes.tk, 1
+mentalpage.com, 1
+mentalproblems.tk, 1
+mentaltraining-fuer-musiker.ch, 1
+mentecuriosa.net, 1
+menteofficial.com, 1
+menterarchitects.com, 1
+mentes-inquietas.tk, 1
+mentesinquietas.tk, 1
+menthiere.fr, 1
+menti.com, 1
+mentimeter.com, 1
+mentiq.az, 1
+mentolo.tk, 1
+mentonein.gov, 1
+mentor.gov, 1
+mentoriademercadeo.com, 1
+mentoringauchan.es, 1
+mentrixpill.com, 1
+menuel.me, 1
+menufree.org, 1
+menuiserie-deumer.be, 1
+menupay.com, 1
+menureader.ml, 1
+menurutparaahli.com, 1
+menzel-motors.com, 0
+menzel4you.tk, 1
+menzietti.it, 1
+meo.cz, 1
+meo.de, 1
+meo.es, 1
+meoption.biz, 1
+meoteam.dk, 1
+meou.pictures, 1
+meow-games.com, 1
+meow.cloud, 0
+meow.enterprises, 1
+meow.plus, 1
+meower.org, 1
+meowstodon.net, 1
+meowtech.network, 1
+mepassport.com, 1
+mepc.jp, 1
+mepcoeng.ac.in, 1
+meperidina.com, 1
+mephedrone.org, 1
+mepresto.com, 1
+meps.net, 1
+mera.ddns.net, 1
+merabsurviladze.com, 1
+meraki.hu, 1
+meralda.eu, 1
+meralda.net, 1
+meralda.org, 1
+meraldamulder.com, 1
+meraldamulder.eu, 1
+meraldamulder.net, 1
+meraldamulder.org, 1
+meran.in, 1
+meransuedtirol.com, 1
+meravirsa.com, 1
+mercadobitcoin.com.br, 1
+mercadocampesino.com.co, 1
+mercadohype.tk, 1
+mercadoleal.com.br, 1
+mercadolibre.cl, 1
+mercadolibre.co.cr, 1
+mercadolibre.com.ar, 1
+mercadolibre.com.bo, 1
+mercadolibre.com.co, 1
+mercadolibre.com.do, 1
+mercadolibre.com.ec, 1
+mercadolibre.com.gt, 1
+mercadolibre.com.hn, 1
+mercadolibre.com.mx, 1
+mercadolibre.com.ni, 1
+mercadolibre.com.pa, 1
+mercadolibre.com.pe, 1
+mercadolibre.com.py, 1
+mercadolibre.com.sv, 1
+mercadolibre.com.uy, 1
+mercadolibre.com.ve, 1
+mercadolibrefz.tk, 1
+mercadolivre.com.br, 1
+mercadopago.cl, 0
+mercadopago.com, 1
+mercadopago.com.ar, 1
+mercadopago.com.br, 1
+mercadopago.com.co, 1
+mercadopago.com.ec, 1
+mercadopago.com.mx, 1
+mercadopago.com.pe, 1
+mercadopago.com.uy, 1
+mercadopago.com.ve, 1
+mercadoprop.la, 1
+mercanix.co.uk, 1
+mercatino-olomouc.cz, 1
+mercatinomusicale.com, 1
+mercatoitticosbt.it, 1
+mercedelectionsca.gov, 1
+mercedes-anciennes.fr, 1
+mercedes-benz-arena-stuttgart.de, 1
+mercedes-benz-kiev.com, 1
+mercedes-benz.art, 1
+mercedes-benz.com.py, 1
+mercelo.com, 1
+mercenaryvfx.com, 1
+mercercountyohio.gov, 1
+mercercountypa.gov, 1
+mercerisland.gov, 1
+merchant-portal.co.kr, 1
+merchantsbankofindiana.com, 0
+merchcity.com, 1
+merchentpro.biz, 1
+merchifyapp.com, 1
+merchstudio.ru, 1
+mercici.com, 1
+merck-animal-health-usa.com, 1
+merco.com.au, 1
+mercode.eu.org, 1
+mercosuleditora.com.br, 1
+mercredifiction.io, 1
+mercure.dk, 1
+mercury-pool.com, 1
+mercury.com, 1
+mercury.foundation, 0
+mercury.photo, 1
+mercurycards.com, 1
+mercurysquad.tk, 1
+mercyseverity.tk, 1
+merelskleertjes.tk, 1
+merenbach.com, 1
+merenita.eu, 1
+merenita.net, 1
+merenita.nl, 1
+merezha.ua, 1
+mergegroup.com.au, 1
+mergellina.tk, 1
+meribook.com, 1
+meridanas.me, 1
+meridiangroup.ml, 1
+meridianmetals.com, 1
+meridianoshop.com.br, 1
+meridiansteel.co.uk, 1
+meridianstore.com.br, 1
+merikserver.tk, 1
+merionwest.com, 1
+merisia.ca, 1
+meritcb.eu, 1
+meritsol.com, 1
+meritus.com.au, 1
+merkatal.com, 1
+merkattumaa.tk, 1
+merkchest.tk, 1
+merke.tk, 1
+merkel.me, 1
+merklin.gq, 1
+merlet.eu, 1
+merlin-memorial.de, 1
+merlin.dk, 1
+merlinnot.com, 1
+merlinsmagic.tk, 1
+merlinsoap.com, 1
+merloaded.rocks, 1
+mermakov.info, 1
+mernau.co, 1
+merojob.com, 1
+merpay.com, 1
+merrickcountyne.gov, 1
+merrillanwi.gov, 1
+merrimacwi.gov, 1
+merrison.uk, 1
+merrychristmas.ml, 1
+merryxmas2015.tk, 1
+mersa-co.ir, 1
+merson.org, 1
+merson.tv, 1
+mertak.cz, 1
+mertcangokgoz.com, 1
+mertuslu.com, 1
+meruhealth.com, 1
+mervart.co.uk, 1
+mervetekinmimarlikinsaat.com.tr, 1
+mervewear.com, 1
+merza.is, 1
+merzai.co.uk, 1
+mes-bouquins.fr, 1
+mes-courriers.fr, 1
+mes-finances.be, 1
+mes-vacances.tk, 1
+mes10doigts.ovh, 1
+mesaazpolice.gov, 1
+mesabi.ga, 1
+mesalancasterpa.gov, 1
+mesappros.com, 1
+mesasysillas.site, 1
+mesbonnesrecettes.com, 1
+mescadeaux.com, 1
+mescaline.com, 1
+mescaline.org, 1
+mescaline.uk, 1
+mescaline.wiki, 1
+mesdagh.be, 1
+mesec.cz, 1
+mesh.gov, 1
+meshachgt.com, 1
+meshdigital.io, 1
+meshekard.co.il, 1
+meshintranet.com, 1
+meshok.ru, 1
+meshotes.com, 1
+meskdeals.com, 1
+meskiukas.tk, 1
+meslekkursu.com, 1
+mesmer.tk, 1
+mesologie-soesterberg.nl, 1
+mesomeds.com, 1
+mesonandino.tk, 1
+mesondelcazador.com, 1
+mesos.cl, 1
+mesothelioma.com, 1
+mesotheliomacentre.tk, 1
+mesotheliomalawfirm-worldwide.tk, 1
+mesquitegcd.gov, 1
+mesquitelandscapeservices.com, 1
+messageclient.gq, 1
+messagely.com, 1
+messagescelestes-archives.ca, 1
+messagevortex.com, 1
+messagevortex.net, 1
+messaha.tk, 1
+messcoutsandguides.tk, 1
+messdorferfeld.de, 1
+messemakine.com, 1
+messen.tk, 1
+messenger.com, 0
+messengerkids.com, 1
+messengersofjoy.net, 1
+messengerupdate.com, 1
+messengerwebbrands.com, 1
+messengerwebdesign.com, 1
+messer24.ch, 1
+messifan.tk, 1
+messinale.tk, 1
+messinatoday.it, 1
+messonline.tk, 1
+messure.ru, 1
+mestazitrka.cz, 1
+mestovpohybu.cz, 1
+mesuaferrea.com, 1
+mesutates.tk, 1
+mesvision.com, 1
+mesvt.com, 1
+meszlenyiattila.tk, 1
+meta-db.com, 1
+meta-word.com, 1
+meta.com, 1
+meta4.be, 1
+meta48.live, 1
+metaalshopper.nl, 1
+metablog.xyz, 1
+metabound.co.uk, 1
+metabox.io, 1
+metacareers.com, 1
+metachthonia.io, 1
+metaclays.io, 1
+metacoda.com, 1
+metacode.biz, 1
+metacompliance.com, 1
+metacortex.cf, 1
+metacred.com, 1
+metacritic.com, 1
+metadata.be, 1
+metadata.io, 1
+metadedi.net, 1
+metaether.net, 1
+metafiz.ml, 1
+metaformarketing.com, 1
+metagaming.tk, 1
+metait.de, 1
+metaiverse.info, 1
+metakari.one, 1
+metal-madness.tk, 1
+metal-news.tk, 1
+metal-rock.tk, 1
+metalarea.ru, 1
+metalargentum.tk, 1
+metalbus.tk, 1
+metalcity.tk, 1
+metalcon.az, 1
+metalcorenews.ga, 1
+metalempire.tk, 1
+metaleonsociety.io, 0
+metalequipped.com, 1
+metalevolution.tk, 1
+metalgie.work, 1
+metalgo.co, 1
+metalgoth.tk, 1
+metalhouse.tk, 1
+metaljournal.tk, 1
+metaljunkiez.com, 1
+metallbau-gehr.de, 1
+metallheads.tk, 1
+metallibrarian.com, 1
+metallictrading.ga, 1
+metalliran.tk, 1
+metallization.tk, 1
+metallobaza.ml, 1
+metalloiskateli.com.ua, 1
+metallomania.it, 1
+metallosajding.ru, 1
+metallrecycling.org, 1
+metalmaniac.tk, 1
+metalmonocle.com, 0
+metalnight.tk, 1
+metalnivrati-iasenko.com, 1
+metalpesado.tk, 1
+metalsoviet.tk, 1
+metaltracks.tk, 1
+metalu.ch, 0
+metalunion.tk, 1
+metalwarrior.tk, 1
+metalweaverscreations.com, 1
+metalworkingexpo.com, 1
+metamorfosis.cf, 1
+metanoia8295.com, 1
+metanoiaphotography.com, 1
+metanomial.com, 1
+metanumbers.com, 1
+metapeen.nl, 1
+metaphilic.tk, 1
+metaprivatewealth.com, 0
+metapsychie.com, 1
+metapublic.com, 1
+metasearch.nl, 1
+metaskil.com, 1
+metasolutions.se, 1
+metasophi.com, 1
+metasquare.com.au, 1
+metasquare.nyc, 1
+metastasys.net, 1
+metasurfforecast.com, 1
+metasysteminfo.com, 1
+metaurl.io, 1
+metavr.ru, 1
+metaword.co.jp, 1
+metaword.com, 1
+metaword.net, 1
+metaword.org, 1
+metaximas-taverna.gr, 1
+metayou.gq, 1
+metcalfecountyky.gov, 1
+metebalci.com, 1
+meteo-parc.com, 1
+meteoabegondo.tk, 1
+meteobox.co, 1
+meteobox.com, 1
+meteobox.cz, 1
+meteobox.de, 1
+meteobox.es, 1
+meteobox.fr, 1
+meteobox.mx, 1
+meteobox.pl, 1
+meteobox.sk, 1
+meteobox.tk, 1
+meteocat.net, 1
+meteocuenca.tk, 1
+meteohuertamur.tk, 1
+meteonederbetuwe.nl, 1
+meteopievedicampo.ddns.net, 1
+meteoradar.ch, 1
+meteosat.tk, 1
+meteoweb.eu, 1
+meteowiki.tk, 1
+meter.md, 1
+meterhost.com, 1
+meterinsight.com, 1
+metex.exchange, 1
+metformin365.tk, 1
+methamphetamine.co.uk, 1
+method.com, 1
+methode.com, 1
+methodfactory.com, 1
+methodist.com.tr, 1
+methodprinting.com, 1
+methodsofcare.com, 1
+methotrexatee.gq, 1
+methotrexates.gq, 1
+methuen.gov, 1
+methusalem.tk, 1
+methwhore.date, 1
+methylone.com, 1
+metin2.community, 1
+metin2.download, 1
+metin2.top, 1
+metin2blog.de, 1
+metin2dev.org, 1
+metinarslanturk.com, 1
+metiz.site, 1
+metkos.pl, 1
+metkov.com.ua, 1
+metkovic-news.com, 1
+metlifestore.com, 1
+metmetfamily.fr, 1
+meto.eu.org, 0
+metodosilvaniaderejuvenescimento.com, 1
+metop.de, 1
+metprint.hu, 1
+metradar.ch, 1
+metric.ai, 0
+metricmutt.com, 1
+metrika.ml, 1
+metriks.ru, 1
+metrix-money-ptc.com, 1
+metrixdm.com, 0
+metro-detroit.com, 1
+metro-vet.co.uk, 1
+metro-web.net, 1
+metroarchive.jp, 1
+metrobank.com.ph, 1
+metrobriefs.com, 0
+metrobus.co.uk, 1
+metrocraft2033.tk, 1
+metrodemaracaibo.tk, 1
+metrodemedellin.gov.co, 1
+metrodequito.gob.ec, 1
+metrofree.ga, 1
+metroline.ml, 1
+metrolisboa.pt, 1
+metrolush.com, 1
+metromark.net, 1
+metron-eging.com, 1
+metron-networks.com, 1
+metron-online.com, 1
+metron.mv, 1
+metronidazolee.gq, 1
+metronik.it, 0
+metronome.ga, 1
+metroparks.net, 1
+metrophone.vn, 1
+metroplanorlando.gov, 1
+metroplex.me, 1
+metropole.com.au, 1
+metropolis.ga, 1
+metropolis5000.tk, 1
+metropolisdawn.de, 1
+metropolisdawn.net, 1
+metropolisil.gov, 1
+metroproductiongroup.com, 1
+metrorealestatepros.com, 0
+metrothessalonikis.tk, 1
+metroval.tk, 1
+metroymca.org, 1
+metsasta.com, 1
+metsosivut.fi, 1
+metspoedbeschikbaar.nl, 1
+mettelenejohansson.dk, 1
+mettin.org, 1
+metu.social, 1
+metver.tk, 1
+metyweb.ga, 0
+metzgermark.com, 1
+meuautotrac.com.br, 1
+meubanco7.com.br, 1
+meubebepa.com.br, 1
+meublesrosa.be, 1
+meuemby.com, 1
+meugamer.com, 1
+meugibi.com, 1
+meuhfolle.com, 1
+meulenerkes.tk, 1
+meulivro.biz, 1
+meulk.co.uk, 1
+meulocal.ml, 1
+meuneneoficial.com.br, 1
+meupatrocinio.com, 1
+meurisse.org, 1
+meusartis.ca, 1
+meuscabeloscacheados.com.br, 1
+meusextosentido.com, 1
+meusucesso.com, 1
+meutia.net, 1
+mevanshop.com, 1
+meveydesign.tk, 1
+mevissenpsychotrauma.nl, 1
+mevrouwtjepeper.nl, 0
+mevsalud.cl, 1
+mew.build, 1
+mew.vn, 1
+mex-it-up.com, 1
+mexaliu.ml, 1
+mexby.com, 1
+mexicankrill.com, 1
+mexico.rs, 1
+mexico.sh, 1
+mexicobeachfl.gov, 1
+mexicocsd.gov, 1
+mexicodental.co, 1
+mexicojetcharter.com, 1
+mexicom.org, 1
+mexicosrit.tk, 1
+mexior.nl, 1
+mexiquilanj.com, 1
+mexticket.com, 1
+meyafloors.com, 1
+meyateks.com, 1
+meydan.tv, 1
+meyer-horn.de, 1
+meyeraviation.com, 1
+meypell.com, 1
+meyrawinkel.nl, 1
+meys.io, 1
+mezcal.amsterdam, 1
+mezedokamomata.tk, 1
+meziblog.cz, 1
+mezinfo.tk, 1
+mezio.pt, 1
+mezquetillas.tk, 1
+mezzanine.net, 1
+mezzoettaro.it, 1
+mf-fischer.de, 1
+mf-natuurfotografie.nl, 1
+mf.me, 1
+mfactory.ca, 1
+mfamonitor.com, 1
+mfatravaux.fr, 1
+mfavis.com, 1
+mfcentral.com, 1
+mfdy66.com, 1
+mfedderke.com, 0
+mfen.de, 1
+mfg-fx.com, 1
+mfgo.link, 1
+mfgusa.com, 1
+mfiles.pl, 1
+mfinanse.pl, 1
+mfischer-it.de, 0
+mfits.co.uk, 1
+mflodin.se, 1
+mfmarquesantos.pt, 1
+mfoda-eg.com, 1
+mforum.com.au, 1
+mfotel.pl, 1
+mfpccprod.com, 1
+mfr-lameignanne.fr, 1
+mfrepair.com, 1
+mfsquad.com, 1
+mft-license.com, 1
+mft.global, 1
+mfxbe.de, 0
+mfxer.com, 1
+mfxm.fr, 1
+mfyy123.com, 1
+mg-case.com, 1
+mgae.com, 1
+mgaroz.pro, 1
+mgatreeservices.com, 1
+mgclercoh.gov, 1
+mgcs.org, 1
+mgdigitalmarketing.com.au, 1
+mgf.mx, 1
+mgfashion.ae, 1
+mgfgroup.ca, 1
+mgfgroup.com, 1
+mgfgroup.mx, 1
+mgfgroup.us, 1
+mgfnow.com, 1
+mgfpatrimoine.com, 1
+mghiorzi.com.ar, 0
+mghw.ch, 1
+mgi.gov, 1
+mgic.com, 1
+mgientertainment.com, 1
+mgis.com, 1
+mgkl.ru, 1
+mgknet.com, 1
+mglobalservices.com, 1
+mgmd.org, 1
+mgmeet.com, 1
+mgmpic.com, 1
+mgmultiservicessrl.it, 1
+mgo-ostenfelde.tk, 1
+mgonline.tk, 1
+mgousse.tk, 1
+mgr-dev.tech, 1
+mgrcred.online, 1
+mgriff.id.au, 1
+mgrossklaus.de, 0
+mgrt.net, 1
+mgsdb.com, 1
+mgsisk.com, 1
+mgtbaas.eu, 1
+mgvideo.com.au, 1
+mh-cdn.de, 1
+mh-hannover.de, 0
+mh.com.fj, 1
+mha.fi, 1
+mhabdullah.tk, 1
+mhadegree.org, 1
+mhadot.com, 1
+mhainfantandtoddler.com, 1
+mhalfter.de, 1
+mhammerbacher.me, 1
+mhand.org, 1
+mhasika.tk, 1
+mhastey.com, 1
+mhatlaw.com, 1
+mhcdesignstudio.com, 1
+mheistermann.de, 1
+mhermans.nl, 1
+mhf.gc.ca, 1
+mhgeay.fr, 1
+mhginsurance.com, 1
+mhh.de, 0
+mhi.com, 1
+mhi.web.id, 1
+mhiler.com, 1
+mhilger.de, 1
+mhjuma.com, 1
+mhmfoundationrepair.com, 1
+mhonline.fr, 1
+mhtdesign.net, 1
+mhuig.top, 1
+mhurologytriad.org, 1
+mi-amigo.tk, 1
+mi-beratung.de, 1
+mi-ras.ru, 1
+mi.sc, 1
+mi1k.cn, 1
+mi80.com, 1
+mia-manager.dk, 1
+mia.gent, 1
+mia.tw, 0
+mia3d.fr, 1
+miaadler.net, 1
+miaairportvillas.com, 1
+miability.com, 1
+miablow.net, 1
+miacuario.cl, 1
+miadennees.com, 1
+miagentemicasa.com, 1
+miagexport.com, 1
+miah.top, 1
+miaha.ch, 1
+mialma.live, 1
+miami.gov, 1
+miamibeachcommunitychurch.com, 1
+miamicountyohioauditor.gov, 1
+miamidadeclerk.gov, 1
+miamifl.casa, 1
+miamifl.homes, 1
+mianbao.ga, 1
+mianfei.us, 1
+miankamran.tk, 1
+mianra.ddns.net, 1
+miao.team, 1
+miaoft.com, 0
+miaovps.com, 0
+miaowo.org, 1
+miap.eu, 1
+miarecki.eu, 1
+miartwalk.com, 1
+miasarafina.de, 1
+miasegurado.com, 1
+miasma.tk, 1
+miasonne.com, 1
+miatabox.com, 1
+miatfactory.be, 1
+miatgent.be, 1
+miathepintzu.com, 1
+miavierra.org, 1
+miaw.ooo, 1
+mibaso.com, 1
+mibeneficio.cl, 1
+mibh.de, 1
+miboulot.com, 1
+mibuiin.com, 1
+mica-zeitz.de, 1
+mica.ml, 1
+micado-software.com, 1
+micah.soy, 1
+micamisetaestampada.com, 1
+micanetic.com, 1
+micareklamajansi.com, 1
+micasayestilo.com, 1
+micase.info, 1
+micatalogo.club, 1
+micay.ca, 1
+micbase.com, 1
+miccaldo.tk, 1
+miccgolf.com, 1
+miccomi.com, 1
+michadenheijer.com, 1
+michael-glaser.de, 1
+michael-hess.com, 1
+michael-r.ddns.net, 1
+michael-r.dynv6.net, 1
+michael-rigart.be, 1
+michael-schefczyk.de, 1
+michael-schilling.de, 0
+michael-simon.de, 1
+michael-steinhauer.eu, 1
+michael.com, 1
+michael.ie.eu.org, 1
+michael.zone, 1
+michaelabbas.tk, 1
+michaelamead.com, 1
+michaelasawyer.com, 1
+michaelband.co, 1
+michaelband.com, 1
+michaelbeer.co.uk, 1
+michaelbondar.tk, 1
+michaelboogerd.tk, 1
+michaelcailloux.com, 1
+michaelcassar.com, 1
+michaelcrane.live, 1
+michaelcullen.name, 1
+michaeldancot.com, 1
+michaeldavidsonmusic.com, 1
+michaeldjoseph.com, 1
+michaeleisen.org, 1
+michaelessek.com, 1
+michaelfoods.com, 1
+michaelglaser.de, 1
+michaelgroves.tk, 1
+michaelgwynn.tk, 1
+michaelhastrich.nl, 1
+michaelhayes.tk, 1
+michaelhebblethwaite.com, 1
+michaelholidaybooks.com, 1
+michaeliannetta.tk, 1
+michaeliscorporation.com, 1
+michaelismold.com, 1
+michaelizquierdo.com, 1
+michaeljames.com.au, 1
+michaeljdennis.com, 0
+michaeljohnsrestaurant.com, 1
+michaelkennedy.ie, 1
+michaelkiske.tk, 1
+michaelkleinert.de, 1
+michaelklos.nl, 1
+michaelkorsgill.tk, 1
+michaelkuehn.tk, 1
+michaell.io, 1
+michaelleibundgut.com, 1
+michaelliunsky.cn, 1
+michaelloveys.com, 1
+michaeln.net, 1
+michaelolson.blog, 1
+michaelpelletterie.it, 1
+michaelpfrommer.de, 1
+michaelpfrommer.pub, 1
+michaelpmullally.com, 1
+michaelrigart.be, 1
+michaelsbookcorner.com, 1
+michaelschmidt.ch, 1
+michaelschubert.com, 0
+michaelschule-rheine.de, 1
+michaelsnoeren.nl, 0
+michaelstoffer.com, 1
+michaeltaboada.me, 1
+michaeltroger.com, 1
+michaeltruskowski.com, 1
+michaelvician.me, 0
+michaelwermeester.com, 1
+michaelwmckinney.com, 1
+michaelworth.au, 1
+michal-klabnik.com, 1
+michal-klabnik.cz, 1
+michal-spacek.com, 1
+michal-spacek.cz, 1
+michalchomo.eu, 1
+michaldudek.it, 1
+michalinastrzyz.xyz, 1
+michalis.xyz, 1
+michalklabnik.com, 1
+michalklabnik.cz, 1
+michalkral.tk, 1
+michalkunicki.pl, 1
+michalmlozniak.com, 1
+michalpodraza.pl, 1
+michalspacek.com, 1
+michalspacek.cz, 1
+michalstepar.cz, 1
+michalszotkowski.cz, 1
+michalwiglasz.cz, 1
+michaonline.de, 1
+micharts.biz, 1
+michasfahrschule.com, 1
+michel-cloud.de, 1
+michel-kratochvil.tk, 1
+michel-pilaert.coach, 1
+michel-wein.de, 1
+micheladisavino.tk, 1
+michelangelo1978.com, 1
+michelangelofoundation.org, 1
+michelbenita.com, 1
+michelcoumes.com, 1
+micheldoultremont.com, 1
+michele.ga, 1
+michelegreenmd.com, 1
+michelgolfier.ml, 1
+michelinb2b.com, 1
+michelinmedia.com, 1
+michelkok.tk, 1
+michellavat.com, 1
+michelledonelan.co.uk, 0
+michellelowery.com, 1
+michelletmc.com, 1
+michelletrachtenberg.tk, 1
+michelskovbo.dk, 1
+michelson.eu, 1
+michelwolf.ch, 1
+michey.tk, 1
+michielbijland.nl, 1
+michielskleding.be, 1
+michielvanfastenhout.nl, 1
+michielwalrave.tk, 1
+michig.tk, 1
+michiganacousticneuroma.com, 1
+michiganearhearing.com, 1
+michiganhealth.tk, 1
+michiganrebates.com, 1
+michigantestingairbalancing.com, 1
+michilaw.com, 1
+michmexguides.com.mx, 1
+michu-it.com, 1
+michu.pl, 1
+mickael-caudrelier.fr, 1
+mickael.org, 1
+mickaelbonnard.fr, 1
+mickel.tk, 1
+mickelvaessen.com, 1
+mickeyspizzalincolnpark.com, 1
+mickybottenberg.com, 1
+mickyfanclub.tk, 1
+micled.com, 1
+micled.net, 1
+micled.org, 1
+micluz.shop, 1
+micoff.tk, 1
+micolab.com, 1
+micon.ro, 1
+micospa.gq, 1
+micourt.gov, 1
+micr0lab.org, 1
+micra.org.uk, 1
+micrm.vn, 1
+micro-credit.tk, 1
+microbiologist.tk, 1
+microbiologyinfo.com, 1
+microbiota-insect-vectors.group, 1
+microbiote-insectes-vecteurs.group, 1
+microbird.club, 1
+microblink.com, 1
+microcert.cn, 1
+microchains.network, 1
+microcomploja.com.br, 1
+microcosm.com, 1
+microdata.es, 1
+microdesic.com, 1
+microdot.fr, 1
+microdots.de, 1
+microdrive.pt, 1
+microferma.site, 1
+microfinance-crimea.ru, 0
+microfusa.com, 1
+microhydrony.org, 1
+microjovem.pt, 1
+microl.ink, 1
+microloan.pk, 1
+microlog-online.de, 1
+microlog.org, 1
+micromagic.fi, 1
+micromaid.cf, 1
+micromata.de, 1
+micromicro.cc, 1
+micronotfound.gq, 1
+micropigmentacaobh.com.br, 1
+micropigmentadordesucesso.com, 1
+micropigpets.com, 1
+microsoft, 1
+microsoftedgeinsider.com, 1
+microtel2notch.tk, 1
+microtube.tk, 1
+microvb.com, 1
+microwesen.de, 1
+microworkers.com, 1
+microzubr.com, 1
+micruity.com, 1
+mics-notrack.com, 1
+micsell.com, 1
+micsoft.gq, 1
+miculturaservicios.gob.do, 1
+micxel.com.au, 1
+midaero.co.uk, 1
+midair.io, 1
+midam.sk, 1
+midamericapiering.com, 1
+midasauctions.com, 1
+midasbay-free.ml, 1
+midcarolinaregionalairport.com, 1
+midcarolinaregionalairport.org, 1
+middelstaedt.com, 1
+middleboroughma.gov, 1
+middleeasy.com, 1
+middlesbroughmoneyman.com, 1
+middlesexpolicenc.gov, 1
+middlesexwoodpigeonclub.co.uk, 1
+middletonshoppingcentre.co.uk, 1
+middletowndelcopa.gov, 1
+middletownny.gov, 1
+middletownri.gov, 1
+mide.gob.do, 1
+midea.kg, 1
+mideo.tk, 1
+midesa.eu, 1
+midesa.it, 1
+midgawash.com, 1
+midi-olympique.fr, 1
+midia.tk, 1
+midiaid.de, 0
+midial.cz, 1
+midiet.co.za, 1
+midilibre.fr, 1
+midislandrealty.com, 0
+midkam.ca, 1
+midlandcountymi.gov, 1
+midlandsfundays.co.uk, 1
+midlandslotus.co.uk, 1
+midlandsphotobooths.co.uk, 1
+midmichiganasphaltpaving.com, 1
+midnight-gaming-community.tk, 1
+midnightmango.co.uk, 1
+midnightmechanism.com, 1
+mido.ga, 1
+mido4link.tk, 1
+midohiowsd.gov, 1
+midos.house, 1
+midpss.lt, 1
+midrange.com, 1
+midress.club, 1
+midrra.com, 1
+midspace.co.uk, 1
+midspss.lt, 1
+midstatebasement.com, 1
+midterm.us, 1
+midtownsmilesdentalcare.com, 1
+midville-ga.gov, 1
+midwaycitysanitaryca.gov, 1
+midwayrecovery.com, 1
+midwest-hidta.gov, 1
+midwest737simulations.com, 1
+midwestbloggers.org, 1
+midwestdfe.com, 1
+midwestinjurylawyers.com, 1
+midwestragdolls.com, 1
+midwestrecyclingcorp.com, 1
+midwife360.com, 1
+midwifeschooling.com, 1
+midyatotantik.tk, 0
+midyefilesi.com.tr, 1
+miedge.net, 1
+miegl.com, 1
+miegl.cz, 1
+mieldemexico.us, 1
+mielelpinsapar.com, 0
+mielke-it.ch, 1
+miem.us, 1
+miembarcacion.com, 1
+miemus.eu, 1
+mieresabadus.ro, 1
+mierloiu.ro, 1
+miesmuschel.tk, 1
+mieszkania-wroclaw.tk, 1
+mieterschutzkartei.de, 1
+mietwohnungen-vermietung.com, 1
+mieuxgrandir.ch, 0
+mifacturabolivia.com, 1
+mifflincountypa.gov, 1
+miffy.me, 1
+mifirm.net, 0
+miftahulteknik.com, 1
+mig5.net, 1
+mig81.com, 1
+migg.it, 1
+miggy.org, 1
+mighit.ml, 1
+mightycause.com, 1
+mightyfive.tk, 1
+mightyjo.org, 1
+mightytext-ios.tk, 1
+mightytips.biz, 1
+mightytips.hu, 1
+migliorailtuoambiente.it, 1
+miglioricasinoonline.info, 1
+migliorisitiincontri.it, 1
+mignet.io, 1
+mignonne.com, 1
+mignonneapi.com, 1
+migrafill.net, 1
+migraine-en-werk.nl, 1
+migrainereliefplan.com, 1
+migrantskillsregister.org.uk, 1
+migrantworker.gov, 1
+migraplus.ru, 1
+migratiolex.com, 1
+migrations.tk, 1
+migrinfo.fr, 1
+miguel-platteel.fr, 1
+miguel.pw, 1
+miguelalonso.tk, 1
+miguelangeljulvez.com, 1
+miguelcollections.com, 1
+miguelcolmenares.com, 1
+migueldemoura.com, 1
+migueldominguez.ch, 0
+miguelgfierro.com, 0
+miguelito.tk, 1
+miguelmartinez.ch, 0
+miguelmenendez.pro, 1
+miguelmoura.com, 1
+migueloblitas.tk, 1
+miguelpallardo.tk, 1
+miguia.tv, 1
+mihaiordean.com, 1
+mihaiturcu.ninja, 1
+mihalgrameno.ml, 1
+mihalicka.com, 1
+mihanwebtest.tk, 1
+miharu.moe, 1
+mihaylov.tk, 1
+mihgroup.eu.org, 1
+mihgroup.net, 1
+mihir.ch, 1
+mihirsingh.com, 1
+mihnea.net, 1
+mihu233.com.cn, 1
+mihva.com, 0
+miih-kiosk.com, 1
+miimhort.com, 1
+miisy.com, 1
+miisy.eu, 1
+miisy.me, 1
+miit-informain.pt, 1
+mija-fotografie.de, 1
+mijam.xyz, 1
+mijlanduitvaartzorg.nl, 1
+mijn-maagband.tk, 1
+mijnafspraak.nl, 1
+mijnblog.nl, 1
+mijncloud.space, 1
+mijndiad.com, 1
+mijndiad.nl, 1
+mijnejk.nl, 1
+mijnenergiemissie.nl, 1
+mijnetz.nl, 1
+mijngeldcoach.nl, 1
+mijngent.be, 1
+mijnhosting.org, 1
+mijnkantoor.net, 1
+mijnkerstkaarten.be, 1
+mijnkwadraad.nl, 1
+mijnmedirisk.nl, 1
+mijnnaamdag.nl, 1
+mijnonesie.nl, 1
+mijnrecepten.be, 1
+mijnrecepten.com, 1
+mijnrecepten.eu, 1
+mijnrecepten.nl, 1
+mijnreisoverzicht.nl, 1
+mijnsite.ovh, 1
+mijnstembureau-aaenhunze.nl, 1
+mijnstembureau-almere.nl, 1
+mijnstembureau-amersfoort.nl, 1
+mijnstembureau-amsterdam.nl, 1
+mijnstembureau-beuningen.nl, 1
+mijnstembureau-boekel.nl, 1
+mijnstembureau-coevorden.nl, 1
+mijnstembureau-denhelder.nl, 1
+mijnstembureau-dijkenwaard.nl, 1
+mijnstembureau-enschede.nl, 1
+mijnstembureau-goirle.nl, 1
+mijnstembureau-groningen.nl, 1
+mijnstembureau-harderwijk.nl, 1
+mijnstembureau-helmond.nl, 1
+mijnstembureau-hilvarenbeek.nl, 1
+mijnstembureau-hollandskroon.nl, 1
+mijnstembureau-kerkrade.nl, 1
+mijnstembureau-koggenland.nl, 1
+mijnstembureau-leiden.nl, 1
+mijnstembureau-leiderdorp.nl, 1
+mijnstembureau-losser.nl, 1
+mijnstembureau-midden-groningen.nl, 1
+mijnstembureau-molenlanden.nl, 1
+mijnstembureau-naar1gemeenteopvoorne.nl, 1
+mijnstembureau-oisterwijk.nl, 1
+mijnstembureau-oosterhout.nl, 1
+mijnstembureau-rijssen-holten.nl, 1
+mijnstembureau-s-hertogenbosch.nl, 1
+mijnstembureau-schagen.nl, 1
+mijnstembureau-staphorst.nl, 1
+mijnstembureau-steenbergen.nl, 1
+mijnstembureau-tynaarlo.nl, 1
+mijnstembureau-utrecht.nl, 1
+mijnstembureau-waadhoeke.nl, 1
+mijnstembureau-waalre.nl, 1
+mijnstembureau-westerwolde.nl, 1
+mijnstembureau-wierden.nl, 1
+mijnstembureau-woensdrecht.nl, 1
+mijnstembureau-zoetermeer.nl, 1
+mijnstembureau-zundert.nl, 1
+mijnstembureau-zwijndrecht.nl, 1
+mijnstembureau.nl, 1
+mijntelefoonboek.com, 1
+mijntransacties.nl, 0
+mijnvogaanvraag.nl, 1
+mijnwefact.nl, 1
+mika.moe, 1
+mikado-rybak.ru, 1
+mikadoe.nl, 1
+mikaelf.com, 0
+mikaeljansson.net, 1
+mikaelk.tk, 1
+mikaelkulig.duckdns.org, 1
+mikaila.tk, 1
+mikakalathil.ca, 1
+mikakalevi.com, 1
+mikaknuutila.com, 1
+mikaknuutila.fi, 1
+mikaknuutila.photography, 1
+mikalikes.men, 1
+mikanakashima.com, 1
+mike-bland.com, 1
+mike-burns.com, 1
+mike-et-pascale-sanger.com, 1
+mikeandemily.duckdns.org, 1
+mikeblog.site, 1
+mikeburns.tk, 1
+mikecapson.com, 0
+mikecb.org, 1
+mikechasejr.tk, 1
+mikegao.org, 1
+mikegerwitz.com, 1
+mikeguy.co.uk, 1
+mikehamburg.com, 1
+mikeklidjian.com, 1
+mikekreuzer.com, 1
+mikelawson.com, 1
+mikelpradera.tk, 1
+mikelundpainting.com, 1
+mikemcgeephotography.com, 1
+mikemooresales.com, 1
+mikeowens.us, 1
+mikeprocopio.com, 1
+mikerichards.email, 0
+mikerichards.gallery, 0
+mikerichards.photography, 0
+mikerichards.photos, 0
+mikerichards.pictures, 0
+mikerichardsphotography.com, 0
+mikeschaffnerphotography.com, 1
+mikesplumbingswfl.com, 0
+mikesystems.tk, 1
+miketabor.com, 1
+miketheuer.com, 1
+mikethiessen.net, 1
+mikevesch.com, 1
+mikewestonline.com, 1
+mikewillia.ms, 1
+mikewrites.online, 1
+mikeybot.com, 1
+mikeylab.com, 1
+mikeyroxtravels.com, 1
+mikhail-youzhny.tk, 1
+mikhailkolesnikov.tk, 1
+mikhalt.tk, 1
+mikhirev.ru, 1
+mikhlevich.ru, 1
+mikhomes.vn, 1
+miki-boras.de, 1
+miki.community, 1
+miki.it, 1
+mikiclinic-sendai.com, 1
+mikino.cf, 1
+mikino.ga, 1
+mikino.gq, 1
+mikino.ml, 1
+mikkei.space, 1
+mikkel.cc, 1
+mikkelladegaard.dk, 0
+mikkelscheike.com, 1
+mikkelvej.dk, 1
+mikkohuupponen.com, 1
+mikkonen.bio, 1
+mikkonen.com, 1
+miklcct.com, 1
+miklima.pl, 1
+mikodojo.tk, 1
+mikonmaa.fi, 1
+mikori.sk, 1
+mikos.tk, 1
+mikoulloa.com, 1
+mikper.com, 1
+mikrokosmos.tk, 1
+mikropixel.de, 1
+mikrotech.co.za, 1
+mikrothink.com, 1
+mikrotike.tk, 1
+mikrozajmy-na-kartu.cf, 1
+miku-doujin.com, 1
+miku.cloud, 1
+miku.party, 1
+miku.tips, 1
+mikumiku.stream, 1
+mikunosworld.com, 1
+mikusa.xyz, 1
+mikysgrill.it, 1
+mil-spec.ch, 0
+mil.ee, 0
+mil0.com, 1
+milacronindia.com, 1
+milaelaine.net, 1
+milagrotequila.com, 1
+milahendri.com, 1
+milakirschner.de, 1
+milan-news.ml, 1
+milaneziadvocacia.com, 1
+milani.io, 1
+milania.de, 1
+milanm.org, 1
+milanmi.gov, 1
+milano-web.it, 1
+milanoclownfestival.tk, 1
+milanodigitalweek.com, 1
+milanotoday.it, 1
+milanow67.ml, 1
+milanpala.cz, 0
+milanstephan.de, 0
+milanvit.net, 1
+milanvreeken.nl, 1
+milapopovich.com, 1
+milasescmagazin.tk, 1
+milatlumaczenia.pl, 1
+milavica.tk, 1
+milavicca.tk, 1
+milbournequine.co.uk, 1
+milcahsmusings.com, 1
+milchweg.com, 1
+milcrofton.gov, 1
+mildridesua.com, 1
+milehighmedia.com, 1
+mileme.com, 1
+milenaria.es, 1
+mileonapp.com, 1
+miles-and-more-kreditkarte.com, 0
+milesaddict.com, 1
+milesapart.dating, 1
+milescitymt.gov, 1
+milesconsulting.io, 1
+milesdewitt.com, 1
+milestonehotel.com, 1
+milestonemachine.com, 1
+miletic.net, 1
+mileyweasel.de, 1
+milfanaltube.com, 1
+milfbank.com, 1
+milfed.com, 1
+milfedin.com, 1
+milfgalleries.com, 1
+milfhunter.com, 1
+milfmoms.tv, 1
+milfordfiremi.gov, 1
+milfordtwpmi.gov, 1
+milfporn.tv, 1
+milfpornograph.com, 1
+milfsection.com, 1
+milhistwiki.tk, 1
+milhoazul.com.br, 1
+miliodemendralejo.tk, 1
+militaria.hu, 1
+military-equipment.tk, 1
+military-veteran.com, 1
+militaryaviationsafety.gov, 1
+militaryconsumer.gov, 1
+militaryfetish.tk, 1
+militaryonesource.mil, 1
+militarypumps.com, 1
+militarysrit.tk, 1
+miliumnet.tk, 1
+milivcounty.gov, 1
+milk.games, 1
+milkaalpesiutazas.hu, 1
+milkacat.com, 1
+milkagyengedseg.hu, 1
+milkaholic.ml, 1
+milkameglepetes.hu, 1
+milkbarncreamery.com, 1
+milkingit.net, 1
+milkingmachine.tk, 1
+milkmoovement.io, 1
+milkopet.com, 1
+milktea.info, 0
+milkteacant.com, 1
+milkwoodrestaurant.com, 0
+milkyperu.com, 1
+milkypond.org, 1
+milkywan.fr, 1
+milladeo.tk, 1
+millalex.com, 1
+millant.ovh, 1
+millasexshopoficial.com.br, 1
+millburyma.gov, 1
+millcreekut.gov, 1
+millcreekwa.gov, 1
+millefleurs.eu, 1
+millennium-thisiswhoweare.net, 1
+millenniumfalcon.org, 1
+millenniumhotels.com, 1
+millenniumweb.com, 0
+miller-alex.de, 1
+miller-shop.cf, 1
+milleralarms.co.uk, 1
+millerandfasselaw.com, 1
+millerandzois.com, 1
+millercountyga.gov, 1
+millercountymo.gov, 1
+millerfabricationsolutions.com, 1
+milleron.net, 1
+milleron.xyz, 1
+millesime-communication.fr, 1
+millettable.com, 1
+millhill.org.uk, 1
+millhousen.tech, 1
+milliarden-liste.de, 1
+millibirlik.tk, 1
+millibitcoin.jp, 1
+milliegrace.org, 1
+millikart.az, 1
+millionaireclub.tk, 1
+millionairemethodsacademy.tk, 1
+millionairessecrets.com, 1
+millioncloud.org, 1
+millioncombolist.tk, 1
+milliongrounds.com, 1
+millionlearn.org, 1
+millionseha.com, 1
+millistream.com, 1
+millix.com, 1
+millnet.cloud, 1
+millonario.tk, 1
+millscountyiowa.gov, 1
+millscountytx.gov, 1
+millsidecentre.org, 1
+milltime.se, 1
+millwooddentalcentre.com, 1
+millwoodwa.gov, 1
+milmesetas.com, 1
+milmiedos.tk, 1
+milmmed.ru, 1
+milnerga.gov, 1
+milodistradfallning.com, 1
+milomedia.net, 1
+milosguide.dk, 1
+milpitas.gov, 1
+milr.dk, 1
+miltau.de, 1
+miltonga.gov, 1
+miltontwpmi.gov, 1
+miltor.by, 1
+miltor.com.ua, 1
+miltor.ru, 1
+miluneetsens.fr, 1
+milvilla.com, 1
+milvus.com.br, 1
+milwaukee-webdesigner.com, 1
+milwaukeecreative.com, 1
+milwaukeeinternational.tk, 1
+milwaukeetool.eu, 1
+mim-standaard.nl, 1
+mim.am, 1
+mim.properties, 1
+mimamau.de, 1
+mimavision.ddns.net, 1
+mimemo.io, 1
+mimemoriadepez.com, 1
+mimeo.digital, 1
+mimercadillo.tk, 1
+mimgnj.com, 1
+mimikov.cz, 1
+mimithedog.com, 1
+mimm.gov, 1
+mimocad.io, 1
+mimoesthetic.com, 1
+mimonia.cf, 1
+mimonia.ga, 1
+mimonia.gq, 1
+mimorin.tk, 1
+mimovrste.com, 1
+mimoza.tk, 1
+mimscellaneous.com, 1
+mimumimu.net, 1
+mimundodxn.com, 1
+mimusic.cf, 1
+min-forsyning.dk, 1
+min.io, 1
+min.kiwi, 0
+min2.ru, 1
+minacssas.com, 1
+minademonic.org, 1
+minaio.tk, 1
+minakov.pro, 1
+minamassimo.org, 1
+minamisouma-furusato.jp, 1
+minamo.io, 1
+minandolacorrupcion.mx, 1
+minantavla.se, 0
+minapan.ro, 1
+minapin.com, 1
+minaprine.com, 1
+minasfor.com.br, 1
+minatokucarpet.com, 1
+minbos.com, 1
+mincantos.com.br, 1
+minced.cf, 1
+minclaw.com, 1
+mincom.ga, 1
+mind-books.gq, 1
+mind-box.ch, 0
+mind-drama.com, 1
+mind-farma.com, 1
+mind-hochschul-netzwerk.de, 1
+mind-media.com, 1
+mind-moves.es, 1
+mindandfull.ga, 1
+mindask.tk, 1
+mindblown.pl, 1
+mindbounce.com, 1
+mindbox.cat, 1
+mindbuild.com, 1
+mindcms.nl, 1
+mindcoding.ro, 1
+mindcraft.ga, 1
+minddistortion.tk, 1
+minddrive.cf, 1
+mindeasy.co.nz, 1
+mindenitt.ga, 1
+mindequityinternational.com, 1
+mindera.com, 0
+mindercasso.nl, 1
+mindfab.de, 1
+mindfactory.de, 1
+mindfulnessjourney.ca, 1
+mindhand.com, 1
+mindjee.tk, 1
+mindleaking.org, 1
+mindmax.fi, 1
+mindmeister.com, 1
+mindmusic.online, 1
+mindmynature.com, 1
+mindomo.com, 1
+mindonmymoney.nl, 1
+mindox.com.br, 1
+mindprod.com, 1
+mindresti.tk, 1
+mindrnd.com, 1
+mindscapephotos.de, 1
+mindset-energie.ch, 1
+mindsight.com.br, 1
+mindspliteffect.tk, 1
+mindstream.one, 1
+mindtechdigital.com.br, 1
+mindthe5.com, 1
+mindthe5.org, 1
+mindtherock.com, 1
+mindvsmind.tk, 1
+mindwork.space, 1
+mine-craftlife.com, 1
+mine-pixl.de, 1
+mine260309.me, 0
+minebbs.com, 1
+minebitcoin.tk, 1
+minecity.fun, 1
+minecraft-forum.eu, 1
+minecraft-game.ga, 1
+minecraft-server.eu, 1
+minecraft.buzz, 1
+minecraft.com.br, 1
+minecraft.social, 1
+minecraft.vip, 1
+minecraft.wiki, 1
+minecraftbestroyale.gq, 1
+minecraftdolarcube.gq, 1
+minecrafteasy.gq, 1
+minecraften.net, 0
+minecraftforever.tk, 1
+minecraftforum.de, 1
+minecraftforum.ovh, 1
+minecraftgoldwar.tk, 1
+minecraftgta5.ml, 1
+minecraftjustone.ga, 1
+minecraftnewserie.tk, 1
+minecraftonlinesfull.tk, 1
+minecraftrealgold.gq, 1
+minecraftrealgold.ml, 1
+minecraftruns.ml, 1
+minecrafts.gq, 1
+minecraftstal.com, 1
+minecraftwin.gq, 1
+minecraftx.ml, 1
+minefields.tk, 1
+minefort.com, 1
+minehash.tk, 1
+minehattan.de, 1
+minelands.ml, 1
+minelight.ml, 1
+minelucky.net, 1
+minenash.com, 1
+minepack.net, 1
+mineralnibani.bg, 1
+minered.org, 1
+minerstat.com, 1
+minersvillepa.gov, 1
+minerva2015.it, 1
+minervaaschools.com, 1
+minervabi.com, 1
+minervacars.com, 1
+mines-stetienne.fr, 1
+minesouls.fr, 1
+minestealth.xyz, 1
+minestory.cf, 1
+minesweepergame.de, 1
+minetracker.dk, 1
+mineturtle.de, 1
+minez-nightswatch.com, 0
+minf3-games.de, 1
+minfin.gov.ua, 1
+mingkai.me, 1
+mingle2.com, 1
+mingming.info, 0
+mingram.net, 1
+mingwah.ch, 0
+mingy.ddns.net, 1
+mingyannet.com, 1
+minh.at, 0
+minhanossasenhora.com.br, 1
+minhanwindow.vn, 1
+minhng99.cloud, 1
+minhng99.eu, 1
+minhtuongcomputer.com, 1
+minhyukpark.com, 1
+mini-igra.tk, 1
+mini-piraten.de, 1
+mini-zoo.club, 1
+mini2.fi, 1
+minialbums.ga, 1
+miniatomium.tk, 1
+minibabi.site, 1
+minibackpackgirls.cf, 1
+minibaggerverleih-aulendorf.de, 1
+minibardelivery.com, 1
+minibikini.cf, 1
+minibomba.pro, 1
+minibrewery.cf, 1
+minibus-service.ru, 1
+minibusrent.ro, 1
+minicampingshalom.nl, 1
+minican.net, 1
+miniclip.com, 1
+minics.tk, 1
+minifree.org, 1
+minigames.com, 1
+minigermanauto.com, 1
+minigolf-oase.com, 0
+minigolf-reisinger.com, 1
+minigolfandgames.co.uk, 1
+minikasinosblackandred.es, 1
+minikidz.es, 1
+minikin.tk, 1
+minikneet.com, 1
+minikneet.nl, 1
+miniliga.at, 1
+minimal-nothing.ml, 1
+minimal-website.ch, 0
+minimalistbaker.com, 1
+minimalistmenu.com, 1
+minimaliston.com, 1
+minimalmx.io, 1
+minimayhemsoftplay.co.uk, 1
+minimegaarcade.com, 1
+minimonies.tk, 1
+minimotogp.tk, 1
+minin.tk, 1
+mining-club.tk, 1
+mining.diamonds, 1
+miningtronics.com, 0
+minintendo.tk, 1
+minipc.de, 1
+minipigscare.com, 1
+minir.ru, 1
+minirizhi.com, 1
+miniskylab.com, 1
+miniso.me, 1
+minisoft4u.ir, 1
+ministerioaguadevida.tk, 1
+ministeriodeeducacion.gob.do, 1
+ministory.tk, 1
+ministryofinternet.eu, 1
+ministudio.ml, 1
+minitaq.com, 1
+minitec.ro, 1
+minitruckin.net, 1
+minitrucktalk.com, 1
+minivaro.de, 1
+miniverse.social, 1
+minivideoadapterssales.tk, 1
+miniwallaby.com, 1
+minix.jp, 1
+minjusticia.gob.cl, 1
+mink-coat.tk, 1
+minka.net.bo, 1
+minkafighter.de, 1
+minkatilmancoaching.nl, 1
+minkymoon.jp, 1
+minlly.com, 1
+minload.com, 1
+minly.com, 1
+minmaxgame.com, 1
+minna.tk, 1
+minnesota8.org, 1
+minnesotacitymn.gov, 1
+minnesotahealthcareconsortium.gov, 1
+minnesotalakemn.gov, 1
+minnisites.com, 1
+minnit.chat, 1
+minnpost.com, 1
+minobar.com, 1
+minocyclinee.gq, 1
+minocyclinehere.gq, 1
+minocyclines.gq, 1
+minohtaurov.cf, 1
+minor.news, 1
+minorice.net, 1
+minorisa.tk, 1
+minoritywhip.gov, 1
+minotauro.com.ar, 1
+minotnd.gov, 1
+minoxbahia.com.br, 1
+minpingvin.dk, 1
+minpolit.com, 1
+minquipo.nl, 1
+minsk-city.tk, 1
+minsk-cops.tk, 1
+minsk-music.tk, 1
+minsub.jp, 1
+mint-frauen-bw.de, 0
+mintal.is, 1
+mintclass.com, 1
+mintdsmile.com.au, 1
+mintea-noua.ro, 1
+mintea.pw, 1
+mintea.xyz, 1
+minternals.com, 1
+minterslab.com, 1
+mintersvault.com, 1
+mintert.net, 1
+mintfirsts.co.uk, 1
+mintfirsts.com, 1
+mintitafever.tk, 1
+minto.cc, 1
+mintogardens.org.au, 1
+minton.systems, 1
+mintosherbs.com, 1
+mintosoft.net, 1
+mintse.com, 0
+mintstar.net, 1
+minttang.cn, 0
+mintymoney.com, 1
+mintywhite.com, 1
+minu.link, 1
+minube.co.cr, 1
+minul.in, 1
+minungdomsbolig.dk, 1
+minutashop.ru, 1
+minuteflightdeals.com, 1
+minutemanplumbingtulsa.com, 1
+minutepunchline.com, 1
+minuterice.com, 1
+minutocultural.com.br, 1
+minutoseguros.com.br, 1
+minux.info, 1
+minweb.org, 1
+minxmine.eu.org, 1
+minzdravri.ru, 1
+mio-ip.ch, 1
+miodimleko.pl, 1
+miodziki.pl, 0
+miomiojoyeria.com, 1
+miorganics.ro, 1
+miottawavotes.gov, 1
+mipapo.de, 1
+mipediatra.tk, 1
+mipiaci.co.nz, 0
+mipiaci.com.au, 0
+miplanilla.com, 1
+mipnet.cl, 1
+mipromo.com, 1
+mipropertiesnorth.com, 1
+miproximopaso.org, 1
+miprudelafi.ga, 1
+mipueblito.tk, 1
+mipymesenlinea.com, 1
+mir-faktov.tk, 1
+mir-koji.tk, 1
+mir-multimedia.tk, 1
+mir-obshenia.tk, 1
+mir-pressy.ga, 1
+mir-tiktak.tk, 1
+mir-torgovli.tk, 1
+mir.do, 1
+mir.pe, 1
+mir24.tk, 1
+mira.fun, 1
+mira.systems, 1
+mira.vip, 1
+mirabella.tk, 1
+miraclesformya.org, 1
+mirades.es, 1
+mirador.co.uk, 1
+mirador.com, 1
+miradordelcondado.com, 1
+mirage-project.tk, 1
+miragenews.com, 1
+miragg.cf, 1
+miraggiostudio.com, 1
+miragrey-porn.com, 1
+miraheze.org, 1
+mirahezebots.org, 1
+mirai-coupon.com, 1
+miraizu-recruit.com, 1
+mirakl.com, 0
+miraldi.eu, 1
+miramanga.org, 1
+miramar-obgyn.com, 1
+miramar.ca, 1
+mirandakids.bg, 1
+miranza.es, 1
+mirasee.com, 1
+mirasmun.tk, 1
+miratechgroup.com, 1
+miraxe.cf, 1
+miraxe.ga, 1
+miraxe.gq, 1
+mirazonline.tk, 1
+mirazperu.tk, 1
+mircarfinder.ru, 1
+mircreditov.tk, 1
+mircsohbet.tk, 1
+mirdetaley.tk, 1
+mirdon.com, 1
+mireiaseuba.com, 1
+mireillewendling.com.br, 1
+miremedio.cl, 1
+mirepublic.co.nz, 1
+mireservaonline.es, 1
+miriamgamburd.com, 1
+miriamharel.tk, 1
+mirinfonews.tk, 1
+mirjamderijk.nl, 1
+mirkino.tk, 1
+mirknighechek.tk, 1
+mirknighek.cf, 1
+mirknighek.gq, 1
+mirkofranz.de, 1
+mirkomainardi.com, 1
+mirkout.com, 1
+mirkvartir.tk, 1
+mirmax.ch, 1
+mirnesnet.tk, 1
+mirnews.ml, 1
+mirobuvi.com.ua, 1
+mirogrdnika.info, 1
+miroirbythalia.shop, 1
+mirokon.tk, 1
+mironet.cz, 1
+mironi.ml, 1
+mironized.com, 1
+mironov.tk, 1
+miroslavholec.cz, 1
+mirotakampus.com, 0
+mirprav.tk, 1
+mirri.net, 1
+mirrordream.net, 1
+mirrormirror.tk, 1
+mirrors.help, 1
+mirrorsedgearchive.de, 1
+mirrorsedgearchive.ga, 1
+mirrorwood.com, 1
+mirrorz.help, 1
+mirs.ky, 1
+mirshak.com, 0
+mirtazapine.gq, 1
+mirtes.cz, 1
+mirtouf.fr, 1
+mirumhongkong.com, 1
+mirvent.site, 1
+mirvolgograda.ml, 1
+mirwild.cf, 1
+mirwild.gq, 1
+miryam-martinez.tk, 1
+mirzetonline.tk, 1
+mis1042.com, 0
+mis1042.top, 1
+misa.org, 1
+misaka.me, 1
+misakacloud.net, 1
+misakaloli.com, 0
+misakastudio.com, 1
+misakiya.co.jp, 1
+misalacuna.cl, 1
+misanci.cz, 1
+mischolz.de, 1
+misclick.net, 1
+misclick.nl, 1
+misco.it, 1
+misconfigured.io, 1
+miscuadros.tk, 1
+miscursosdebelleza.com, 1
+misfit-media.com, 1
+mishamayfairart.com, 1
+mishaomar.tk, 1
+mishavayner.com, 1
+mishkinn.ru, 1
+mishkovskyi.net, 1
+mishpatim.tk, 1
+mishraurology.com, 1
+mishraweb.com, 1
+misiepluszowe.com, 1
+misinstrumentos.com, 1
+misjoyas.com.es, 0
+miskara.com, 1
+miskatonic.org, 1
+misoji-resist.com, 1
+misol.kr, 1
+misooda.in, 1
+mispelis.tk, 1
+mispromo.com, 1
+misreflexiones.tk, 1
+misreports.in, 1
+miss-inventory.co.uk, 1
+miss.com.tw, 1
+missadrastea.org, 1
+missakari.com, 1
+missaocadastrobv.com.br, 1
+missapk.com, 1
+missbitcoin.nl, 1
+missblisshair.com.au, 1
+missdoertie.net, 1
+missdoggystyle.com, 1
+missdream.org, 1
+misseguf.dk, 1
+missevent.pl, 1
+missflora.se, 1
+missguidedus.com, 1
+missilovely.tk, 1
+missingchildreneurope.eu, 1
+missinglinks.tk, 1
+mission-gesundheit.online, 1
+mission-orange.de, 1
+missions.me, 1
+missionsgemeinde.de, 1
+missionskreis-kueps.de, 1
+mississaugaelite.com, 1
+misskappababy.com, 1
+misskey.art, 1
+misslollipop.fr, 1
+missmaid.co.uk, 1
+missmaid.com, 1
+missmeydan.com, 1
+misson.ovh, 1
+missoula.gov, 1
+missoulacountymt.gov, 1
+missouri-sky.tk, 1
+missouriheatingcoolingadvice.com, 1
+missoy.me, 1
+misspoliticsaustralia.cf, 1
+misspoliticsaustralia.ga, 1
+misspoliticsaustralia.gq, 1
+misspoliticsaustralia.ml, 1
+missthetoro.tk, 1
+misstika-bijoux.com, 1
+misstress.cf, 1
+missualready.com, 1
+missuniverse.tk, 1
+missworldinfo.tk, 1
+missycosmeticos.com.br, 1
+missycraindance.com, 1
+missyjay.tk, 1
+missyou.link, 1
+mist79.ru, 1
+mistacms.com, 0
+mistades.ga, 1
+mistajsay.com, 1
+mister-auto.co.uk, 1
+mister-auto.com, 1
+mister-auto.de, 1
+mister-auto.es, 1
+mister-auto.it, 1
+mister-auto.nl, 1
+mister-matthew.de, 1
+misterbandb.com, 1
+misterboddy.com, 1
+misterd.ml, 1
+misterdomain.eu, 1
+mistergermany.tk, 1
+mistergout.com, 1
+misterkeltic.com, 1
+misterl.net, 1
+misterorion.com, 1
+mistertesi.it, 1
+misteryrip.tk, 1
+mistinecn.com, 0
+mistitservices.in, 1
+mistreaded.com, 1
+mistress-lucia.tk, 1
+mistressnadine.tk, 1
+mistressofbeads.tk, 1
+mistyoverlookranch.com, 1
+misupportit.dk, 1
+misura.re, 1
+miswonline.nl, 1
+mit-dem-rad-zur-arbeit.de, 0
+mit-dem-rad-zur-uni.de, 0
+mit-sexchat-geld-verdienen.com, 1
+mit-uns.org, 1
+mit.akita.jp, 1
+mit.dk, 1
+mit.edu.it, 1
+mit.gg, 0
+mita-beutel.tk, 1
+mita.me, 1
+mitarbeiterbefragungen.com, 1
+mitarbeitermotivation-anleitungen.de, 1
+mitarrangement.dk, 1
+mitchell.to, 1
+mitchellcountync.gov, 1
+mitchelmore.ca, 1
+mitchkalf.nl, 0
+mitchkiah.com, 1
+mitdip-mit-group-ch.azurewebsites.net, 1
+mite3.nl, 1
+mitechtrading.com, 1
+mitel.io, 1
+mitelec.es, 1
+miteltest.com, 1
+mitenloytaatoita.fi, 1
+mitenloytaatyota.fi, 1
+mitensaadatoita.fi, 1
+mitensaadatyota.fi, 1
+mitev.gq, 1
+mitevi.com, 1
+mitgrussen.de, 1
+mithgol.tk, 1
+mithril.email, 1
+mithypnoseweiter.de, 1
+mitiad.gq, 1
+mitico.at, 1
+miticobikes.com, 1
+mitiendademunecas.com, 1
+mitigant.io, 1
+mitigationcommission.gov, 1
+mitiko.xyz, 1
+mitindo.it, 1
+mitior.net, 1
+mitjavila.com, 1
+mito-meishi.shop, 1
+mitokashi.ml, 1
+mitranlogistik.com, 1
+mitraseo.tk, 1
+mitratech.com.br, 1
+mitrausahagoto.com, 1
+mitrausahatani.com, 1
+mitrax.com.br, 1
+mitre10.com.au, 0
+mitrecaasd.org, 1
+mitremai.org, 1
+mitrostudios.com, 1
+mitsign.com, 1
+mitsonnenbrillen.de, 1
+mitsov.eu, 1
+mitsu.com, 1
+mitsu.in, 1
+mitsubishi-motors.com.co, 0
+mitsubishielectric-rce.eu, 1
+mitsukisushi.com, 1
+mitt.ca, 1
+mittagonghomestead.com.au, 1
+mittarinvaihto.fi, 1
+mittdolcino.com, 1
+mittelalter-lexikon.de, 1
+mittelunsachlich.de, 1
+mittendorff.tk, 1
+mittenofficesystems.com, 1
+mitterbach.org, 1
+mittid.dk, 1
+mittilmeld.dk, 1
+mittwoch-nacht.net, 1
+mitulv4u.tk, 1
+mitzpettel.com, 1
+miui-germany.de, 1
+miui.kr, 1
+miukimodafeminina.com, 1
+mivestuariolaboral.com, 1
+mividasecreta.tk, 1
+mivm.cn, 1
+mivne.co.il, 1
+mivo.es, 1
+mivzak.im, 1
+mivzakim.biz, 1
+mivzakim.cf, 1
+mivzakim.ga, 1
+mivzakim.gq, 1
+mivzakim.info, 1
+mivzakim.ml, 1
+mivzakim.mobi, 1
+mivzakim.net, 1
+mivzakim.org, 1
+mivzakim.tk, 1
+mivzakim.tv, 1
+mivzaklive.co.il, 0
+miweb.ec, 1
+miwebmadrid.es, 1
+mix-books.ga, 1
+mix-channel.ml, 1
+mix-master.fr, 1
+mix-recruit.jp, 1
+mix.my, 1
+mixandplay.tk, 1
+mixedanimals.com, 1
+mixedrecipe.com, 1
+mixerfestival.com.br, 1
+mixes.cloud, 1
+mixescloud.com, 1
+mixfix.com.br, 1
+mixgreen.de, 1
+mixify.ga, 1
+mixinglight.com, 1
+mixingnight.com, 1
+mixingnightaudio.com, 1
+mixizle.com, 1
+mixmastermitch.com, 1
+mixmastersdeejays.tk, 1
+mixmister.com, 1
+mixmix.tk, 1
+mixmovi.com, 1
+mixnix.tk, 1
+mixnmojo.com, 1
+mixom.net, 1
+mixon.tk, 1
+mixpanel.com, 1
+mixposure.com, 1
+mixtafrica.com, 1
+mixx.com.hk, 1
+miyagi-ctr.com, 1
+miyagi-r.com, 1
+miyajima-ken.jp, 1
+miyako-kyoto.jp, 1
+miyamane-room.com, 1
+miyanaga.tech, 1
+miyasyou.com, 1
+miyatakaikei.com, 1
+miyavru.com, 1
+miyazakian.com, 1
+miyohiro.net, 1
+miyoshi-kikaku.co.jp, 1
+miyoshi-kikaku.com, 0
+mizar.im, 0
+mizik.cz, 1
+miziklakay.com, 1
+mizipack.com, 0
+mizoey.se, 1
+mizon.com.pe, 1
+mizrahi-tefahot.co.il, 1
+mizternational.com, 1
+mizu.coffee, 1
+mizucoffee.net, 1
+mizuhobank.co.id, 1
+mizuhofutures.com, 1
+mizuiromoon.com, 1
+mizukoshika.jp, 1
+mizumax.me, 1
+mj420.com, 0
+mjacobson.net, 1
+mjanja.ch, 1
+mjasm.org, 1
+mjbeventspr.com, 0
+mjbtechtips.com, 1
+mjcstsul2022.tk, 1
+mjf.cz, 1
+mjhs.org, 1
+mjhsfoundation.org, 1
+mjjshow.eu.org, 1
+mjmpartnerlink.com.au, 1
+mjniessen.com, 1
+mjollnir.fr, 1
+mjpromotions.nl, 1
+mjpronk.nl, 1
+mjrlegends.com, 1
+mjsacco-dwi.com, 1
+mjsports.bet, 1
+mjstudios.tech, 0
+mjstudios.tk, 1
+mjt.me.uk, 1
+mjuktvatten.nu, 1
+mjwadvisory.com.au, 1
+mjzdaman.tk, 1
+mk-builder.net, 1
+mk-translations.ua, 1
+mk.gov.tr, 1
+mk89.de, 1
+mkaciuba.com, 0
+mkakh.xyz, 1
+mkala.ru, 1
+mkalisch.de, 1
+mkbd.ru, 1
+mkbeindhoven.nl, 1
+mkbet.tk, 1
+mkbofficeshop.nl, 1
+mkbouncycastles.co.uk, 1
+mkbouncyhire.co.uk, 1
+mkboynton.org, 1
+mkcert.org, 1
+mkchandler.com, 1
+mkdevice.it, 1
+mkes.com, 1
+mkey-solution.at, 1
+mkey-solution.com, 1
+mkey-solution.de, 1
+mkey-solutions.at, 1
+mkey-solutions.com, 1
+mkey-solutions.de, 1
+mkey.solutions, 1
+mkeysolution.at, 1
+mkeysolution.com, 1
+mkeysolution.de, 1
+mkeysolutions.at, 1
+mkeysolutions.com, 1
+mkeysolutions.de, 1
+mkg-laposte.info, 1
+mkg-pch.com, 1
+mkg-wiebelskirchen.de, 1
+mkhsoft.eu, 1
+mkie.cf, 1
+mkinfo.com.br, 1
+mkjl.ml, 0
+mkjoyeria.cl, 0
+mkk.de, 1
+mkkcrafts.com, 1
+mkkkrc.ru, 1
+mklenterprises.com, 0
+mklenterprisesacademy.com, 1
+mklenterprisescoaching.com, 1
+mklpedia.de, 1
+mklwork.lt, 1
+mkm.ee, 0
+mkm.szczecin.pl, 1
+mkmaster.tk, 1
+mkmedien.tk, 1
+mknowles.com.au, 1
+mkoppmann.at, 1
+mkpdeepclean.com, 1
+mkpeurope.org, 1
+mkplay.io, 1
+mkprensa.tk, 1
+mkrecek.cz, 1
+mkringel.de, 0
+mksac.co.uk, 1
+mksdarchitects.com, 1
+mkse.com, 1
+mkt.com, 1
+mkt7.de, 1
+mktcoral.com, 1
+mktemp.org, 1
+mkultraclean.com.au, 1
+mkw.st, 1
+mkws.sh, 1
+ml.tax, 1
+ml2d.com, 1
+mlada-moda.cz, 1
+mladamoda.sk, 1
+mladenovac.tk, 1
+mladinskislatna.si, 1
+mladiorl.cz, 1
+mladypodnikatel.cz, 1
+mlawfirm.com, 1
+mlcfinvest.in, 1
+mlclaw.com, 1
+mlcnfriends.com, 1
+mlcrosoftonlline.cz, 1
+mlcrosoftonlline.ml, 1
+mleydier.fr, 1
+mlfilm.ml, 1
+mlgsmokers.tk, 1
+mlii.net, 1
+mlirb.com, 1
+mlk.sd, 1
+mlkday.gov, 1
+mllz.com, 1
+mlm-hochzeit.de, 1
+mlmjam.com, 1
+mlmjunction.tk, 1
+mlnews.ml, 1
+mlo.no, 1
+mlohr.com, 1
+mlohr.net, 1
+mlonline.com.mx, 1
+mloska.tk, 1
+mlp.horse, 1
+mlpavimentosdehormigonimpreso.com, 1
+mlpk.cz, 1
+mlpvcdn.top, 1
+mlpvector.club, 1
+mlsrv.de, 1
+mlstav.sk, 1
+mlsvallarta.com, 1
+mltrade.ml, 1
+mlundberg.se, 1
+mluservices.com, 1
+mlv-psychosomatik.de, 1
+mlv.me, 1
+mlwr.ee, 1
+mlytics.com, 1
+mm-sol.com, 1
+mm13.at, 1
+mm5197.co, 1
+mm6729.co, 1
+mm6729.com, 0
+mm6957.co, 1
+mm9297.co, 1
+mm9397.com, 0
+mm9721.com, 0
+mm9728.co, 1
+mma-records.de, 1
+mmalisz.com, 1
+mmallardi.no-ip.biz, 1
+mmanews24.com, 1
+mmapiws.com, 1
+mmaps.ddns.net, 1
+mmaps.org, 1
+mmarising.com, 1
+mmarnitz.de, 1
+mmassemblyline.de, 1
+mmav.co, 1
+mmav.live, 1
+mmbb.org, 0
+mmcafe.com.br, 1
+mmcalc.jp, 1
+mmcase.ml, 1
+mmgal.com, 1
+mmhome.fr, 1
+mmilog.hu, 1
+mminsco.com, 1
+mmkstudio-digital.com, 1
+mml.cx, 0
+mmlebanon.com, 1
+mmlstyliser.com, 1
+mmm-boxing.tk, 1
+mmm.lu, 1
+mmmarco.com, 1
+mmmaximaliselmeny.hu, 1
+mmmc.hk, 1
+mmmofnigeria.tk, 1
+mmmonk.net, 1
+mmmsancristobal.es, 1
+mmoe.moe, 1
+mmogah.com, 1
+mmoneko.com, 1
+mmonit.com, 1
+mmorpg-stat.eu, 1
+mmot.sk, 1
+mmpaymentsystem.com, 1
+mmphub.com, 1
+mmprojects.nl, 1
+mmr.ua, 1
+mmrepair.in, 1
+mms.is, 1
+mmsmotor.com.hk, 1
+mmstick.tk, 1
+mmstudio.tk, 1
+mmucha.de, 1
+mmuclassifieds.tk, 1
+mmulder.com, 1
+mmwb.nl, 1
+mmwtrademarks.com.au, 1
+mmxblog.com, 1
+mmxx-distribution.com, 1
+mmzztt.com, 1
+mn-hootsuite.herokuapp.com, 1
+mn.ax, 1
+mnatechnologies.com.au, 1
+mnbg.tk, 1
+mncalliedhealth.com, 1
+mncbank.co.id, 1
+mnccc.gov, 1
+mnciitbhu.me, 1
+mncloud.de, 1
+mncustom.com, 1
+mnd.sc, 1
+mndeveloper.com, 1
+mne.moe, 1
+mnec.io, 1
+mneeb.de, 1
+mnemonic.ninja, 1
+mnemonicninja.com, 1
+mneti.ru, 1
+mngfam.ddns.net, 1
+mnguyen.io, 1
+mnhc.gov, 1
+mnienamel.com, 1
+mniopenresearch.org, 1
+mnium.de, 1
+mnjg123.de, 1
+mnkysoft.com, 1
+mnml.art, 1
+mnml.blog, 1
+mnml.top, 1
+mnmt.no, 1
+mnnknz.de, 1
+mnnon.com, 1
+mnogoigrovka.ru, 1
+mnogoknighek.gq, 1
+mnogoknighek.ml, 1
+mnogoknighek.tk, 1
+mnogosofta.tk, 1
+mnogoznai.tk, 1
+mnotrioesdp.ml, 1
+mnprairie.gov, 1
+mnrloroli.tk, 1
+mnrtechsolutions.com, 1
+mnrv.trade, 1
+mns.co.jp, 1
+mnsaviation.com, 1
+mnsenate.gov, 1
+mnsure.org, 1
+mnsvu.org, 1
+mnt-tech.fr, 1
+mnt9.com, 0
+mnt9.de, 1
+mnvotes.gov, 1
+mo-en-karim.tk, 1
+mo-mochizuki.com, 1
+mo-vvs.dk, 1
+mo.nl, 1
+mo2021.de, 1
+moa.moe, 1
+moabpapier.de, 1
+moabygg.se, 1
+moahmo.com, 0
+moaicar.com, 1
+moas.design, 1
+moas.photos, 1
+mob-tok-shop.hu, 1
+mob2con.com.br, 1
+mob889.com, 1
+moba-automation.com, 1
+moba-automation.com.br, 1
+moba-automation.de, 1
+mobal.com, 0
+mobclan.tk, 1
+mobcsp.work, 1
+mobeewash.com, 1
+mobeforlife.com, 0
+mobex.biz, 1
+mobi-katalog.tk, 1
+mobidevtalk.com, 1
+mobifrance.com, 1
+mobigadget.tk, 1
+mobijo.tk, 1
+mobikasa.com, 1
+mobil-badwimpfen.de, 1
+mobil-bei-uns.de, 1
+mobil11.net, 1
+mobila-chisinau.md, 1
+mobilci.net, 1
+mobildeal.id, 1
+mobile-discothek.at, 1
+mobile-holzofenpizza.de, 1
+mobile-industrial-robots.com, 1
+mobile-ivr.tk, 1
+mobile-master.org, 1
+mobile-news.tk, 1
+mobile-pedia.com, 1
+mobile.eti.br, 1
+mobile.united.com, 0
+mobile.usaa.com, 0
+mobile360.ph, 1
+mobileague.ml, 1
+mobilebingoclub.co.uk, 1
+mobilebooster.tk, 1
+mobileciti.com.au, 1
+mobilecoin.com, 1
+mobilecraftingco.com, 1
+mobiledor.com, 1
+mobilefactory.io, 1
+mobilegoldcoastelectrical.ga, 1
+mobilehydraulics.com.au, 1
+mobileit.cz, 1
+mobilelaby.com, 1
+mobilelobbyers.ga, 1
+mobilemedics.com, 1
+mobilemondayaustin.com, 1
+mobileone.com.my, 1
+mobilepartner.tk, 1
+mobilephoneadvise.com, 1
+mobiler-handel.de, 1
+mobileread.com, 1
+mobileritelushi.com, 1
+mobilesafe.shop, 1
+mobilesector.de, 1
+mobilesettingers.ga, 1
+mobilesignalsolutions.co.uk, 1
+mobilesms.io, 1
+mobilesnewsworld.ga, 1
+mobilestories.se, 1
+mobilestuff.tk, 1
+mobiletechnews.tk, 1
+mobileteleconferenceers.ga, 1
+mobiletirer.tk, 1
+mobiletop.co.uk, 1
+mobiletraff.co, 1
+mobilewikiserver.com, 1
+mobilgaraj.com, 1
+mobilhaber.ga, 1
+mobilhondatangsel.com, 1
+mobilidadeurbana.ind.br, 1
+mobilificio.roma.it, 1
+mobilisation-generale.org, 0
+mobiliteit.gent, 1
+mobiliteitgent.be, 1
+mobiliteitsbedrijf-gent.be, 1
+mobiliteitsbedrijf.be, 1
+mobiliteitsbedrijfgent.be, 1
+mobiliteitsbedrijfstadgent.be, 1
+mobiliteitstadgent.be, 1
+mobility-events.ch, 1
+mobility-services.eu, 1
+mobilityworks.eu, 0
+mobilityworld.tk, 1
+mobilize.us, 1
+mobilizon.fr, 1
+mobilizon.org, 1
+mobilizone.com, 1
+mobilki.tk, 1
+mobilni.site, 1
+mobilo4ka.ru, 1
+mobilosoft.com, 1
+mobiltune.tk, 1
+mobilux.lv, 1
+mobincube.com, 1
+mobincube.es, 1
+mobincube.mobi, 1
+mobinet.tk, 1
+mobinst.ml, 1
+mobio.net, 1
+mobiotics.com, 1
+mobiproj.com, 1
+mobiride.co, 1
+mobisaar-cloud.de, 1
+mobistartv.ml, 1
+mobitracker.co, 1
+mobius.network, 1
+mobizma.com, 1
+moblkar.com, 1
+mobmp4.info, 1
+mobobe.com, 1
+mobolight.ml, 1
+mobot.sg, 1
+mobox.health, 1
+mobshop.hu, 1
+mobsitin.tk, 1
+mobtop.ga, 1
+mobtop.ml, 1
+mobycoders.com, 1
+mobydog.net, 1
+mobygeek.com, 1
+mobylette.tk, 1
+moca-2081.com, 1
+moca-2082.com, 1
+moca-kinder.de, 1
+mocent.de, 1
+mochanstore.com, 1
+mochilerostailandia.com, 1
+mochiyuki.net, 1
+mochizuki.moe, 0
+mochoko.com, 1
+mockerel.com, 1
+mockers.tk, 1
+mocknen.net, 1
+mocksvillenc.org, 1
+mocomoco.jp, 1
+mod.af, 0
+mod.io, 1
+moda-donna.cf, 1
+moda-line.ml, 1
+moda-querida.de, 1
+modacompleta.com.br, 1
+modafilmdmodafinil.com, 1
+modafinil.wiki, 1
+modafinilici.com, 1
+modafinilyes.com, 1
+modafo.com, 1
+modahaber.com, 1
+modalogi.com, 1
+modalrakyat.com, 1
+modaltraining.co.uk, 1
+modamoom.com.br, 1
+modanacrho.tk, 1
+modanese.net, 1
+modanloftsortigashills.com, 1
+modapharma.org, 1
+modasexy.it, 1
+modav.org, 1
+modax.ua, 1
+modbom.com.tw, 1
+modcombo.com, 1
+modcover.com, 1
+modd.com.au, 1
+modded-minecraft-server-list.com, 1
+moddedphones.com, 1
+modderday.com, 1
+modding-forum.com, 1
+modding-openmw.com, 0
+modding-welt.com, 1
+moddingworld.tk, 1
+moddiy.com, 1
+moddo.com, 1
+mode-individuell.de, 1
+mode-musthaves.com, 1
+modebest.co.uk, 1
+modecaso.com, 1
+modehaus-marionk.de, 1
+model-school.tk, 1
+model.earth, 1
+modelbase.org, 1
+modelclub-draveil.eu, 1
+modeldanielle.tk, 1
+modeldimension.com, 1
+modeldoll.tk, 1
+modelearth.org, 1
+modelfotografie.tk, 1
+modeli.tk, 1
+modell-lq.net, 1
+modellbahnshop.de, 1
+modellismo.roma.it, 1
+models-resource.com, 1
+modelspoor-projecten.nl, 1
+modelspoorprojecten.nl, 1
+modem.cf, 1
+modem7.com, 1
+modemaille.com, 0
+modemchild.net, 1
+modemguides.com, 1
+modenatoday.it, 1
+modenodf.ru, 1
+moderaterna.se, 1
+moderatoren.org, 1
+modern-family.tv, 1
+modern-gaming.ga, 1
+modernapprenticeships.org, 1
+modernautorepairs.com, 1
+moderncommercialrealestate.com, 1
+moderndeck.org, 1
+moderndukes.tk, 1
+moderneraplumbingandgas.com.au, 1
+moderngentlemen.net, 1
+moderniknihovna.cz, 1
+modernindia.ml, 1
+modernizr.com, 0
+modernliferoleplay.cf, 1
+modernmomarchy.com, 1
+modernrelations.dk, 1
+modernsaas.net, 1
+modernsavage.coach, 1
+moderntech.dk, 1
+moderntld.net, 1
+moderntrainer.co.za, 1
+moderntreasury.com, 1
+modernwebz.com, 1
+modernworkplacelearning.co.za, 1
+modernx.de, 1
+modesalination.com, 1
+modestoca.gov, 1
+modetalente.com, 1
+modetrends.tk, 1
+modgamer.gq, 1
+modicollege.com, 1
+modifiedmind.com, 1
+modineaviation.com, 1
+modint.nl, 1
+modirhp.ir, 1
+modisarkar.tk, 1
+modistryusercontent.com, 1
+modlimit.cf, 1
+modpop.se, 1
+mods.fm, 1
+modscrew.com, 1
+modsecurity.net, 1
+modszombies.com, 1
+moduhygiene.com, 1
+modul21.eu, 1
+modul8infinity.co, 1
+modul8r.com, 1
+modulebaan.tk, 1
+moduleus.com, 1
+modulex-gmbh.de, 1
+modulkuhni.by, 1
+modulo.ee, 0
+moduloseltaladro.com, 1
+modum.by, 1
+modusawperandi.com, 1
+modusgames.com, 1
+modusit.co.za, 1
+modusmundi.com, 1
+modussystems.com, 1
+modvigilonlinerx.com, 1
+modxvm.com, 1
+modzcenter.com, 1
+modzcenter.es, 1
+moe-max.jp, 1
+moe.best, 0
+moe.blog, 1
+moe.ci, 1
+moe.gov.eg, 1
+moe.tools, 1
+moe4sale.in, 1
+moeblog.cn, 1
+moeblog.top, 1
+moec.top, 1
+moecater.com, 1
+moechel.com, 1
+moefactory.com, 1
+moefi.xyz, 1
+moegato.com, 1
+moegi.ml, 1
+moego.me, 1
+moego.pet, 1
+moehrke.cc, 1
+moekes.amsterdam, 1
+moeking.me, 1
+moeli.org, 1
+moellers.systems, 1
+moeloli.ac.cn, 1
+moelten.org, 1
+moemdom.info, 1
+moenew.top, 1
+moenew.us, 0
+moenjodaro.tk, 1
+moensnatuursteen.be, 1
+moepass.com, 1
+moesborg.dk, 1
+moescat.xyz, 0
+moeslinger-gehmayr.com, 1
+moeto-zdrave.com, 1
+moetrack.com, 1
+moewe.org, 1
+moeyi.xyz, 1
+moeyy.tech, 1
+mof.gov.ws, 1
+mofbinsurance.com, 1
+mofo.com, 1
+mofohome.dyndns.org, 1
+mofos.com, 1
+mofosnetwork.com, 1
+mogbox.net, 1
+mogica.tk, 1
+mogilev-forum.tk, 1
+moglie.xxx, 1
+mogomix.cf, 1
+mogradus.com, 1
+mogwailabs.de, 1
+mogyuchi.com, 1
+moha-swiss.com, 0
+mohaabobclan.tk, 1
+mohaanation.tk, 1
+mohabatein1.tk, 1
+mohalicity.info, 1
+mohamedalibenammarmaba.tk, 1
+mohamedfouad.tk, 1
+mohamedhamdy.tk, 1
+mohamedhosting.tk, 1
+mohamedsherif.ml, 1
+mohamedsherif.tk, 1
+mohammad-hamarsheh.com, 1
+mohammad-yarahmadi.tk, 1
+mohammadhamed.tk, 1
+mohammadreza-bakhtiari.tk, 1
+mohammed.ga, 1
+mohammedalrifai.tk, 1
+mohave.gov, 1
+mohela.com, 1
+mohelafederal.com, 1
+moheyuddin.tk, 1
+mohister.cn, 1
+mohitchahal.com, 1
+mohot.com.tw, 1
+mohot.fit, 1
+mohot.shop, 1
+mohr-maschinenservice.de, 1
+mohsen-pashootan.vercel.app, 1
+moi-sait.tk, 1
+moikolhoz.ml, 1
+moikolhoz.tk, 1
+moin.solar, 1
+moip.com.br, 1
+moipourtoit.ch, 0
+moipourtoit.com, 0
+moipourtoit.org, 0
+moirre.com, 1
+moisesbarrio.es, 1
+moisesbarrio.me, 1
+moitruongcrsvina.com, 1
+mojaapteka.pl, 1
+mojaczarnastrona.pl, 1
+mojadm.sk, 1
+mojaknjiznica.com, 0
+mojakursumlija.tk, 1
+mojama3dz.com, 1
+mojartech.ml, 1
+mojavenissanofbarstowparts.com, 1
+mojavibe.com, 1
+mojdom.ba, 1
+mojdrvar.tk, 1
+moje-communication.de, 1
+mojeco2.cz, 1
+mojedatovaschranka.cz, 1
+mojefilmy.xyz, 1
+mojetatuaze.pl, 1
+mojeurlopy.pl, 1
+mojilitygroup.com, 1
+mojitoparty-articlespara.website, 1
+mojizuri.cafe, 1
+mojizuri.com, 1
+mojizuri.jp, 1
+mojkragujevac.net, 1
+mojleksikon.com, 1
+mojnet.eu, 1
+mojnet.net, 1
+mojo.az, 1
+mojo.so, 1
+mojoco.co.za, 1
+mojodentallaboratory.co.uk, 0
+mojomen.co, 1
+mojomen.com, 1
+mojomen.net, 1
+mojomen.org, 1
+mojoshowers.ga, 1
+mojt.net, 1
+mojtabagol.tk, 1
+mojtest.site, 1
+mojzis.com, 1
+mojzis.cz, 1
+mojzisova.com, 1
+mokadev.com, 0
+mokaszinhaz.tk, 1
+mokeedev.com, 1
+mokeedev.review, 1
+mokhtarmial.com, 1
+mokrynskyi.com, 1
+moksha-movement.com, 1
+mokujinken.tokyo, 1
+mokum-organics.com, 0
+mokutovo.tk, 1
+moldinspectionslosangeles.com, 1
+moldova-online.ml, 1
+moldovanka.tk, 1
+moldovawall.tk, 1
+moldsearchers.ga, 1
+molecularbiosystems.org, 1
+moleestudio.com, 1
+molehill.it, 0
+molekula.hr, 1
+molenaagtekerke.tk, 1
+molenaar-ricardo.tk, 1
+moleskinestudio.com, 1
+molexces.com, 1
+molinillo.tk, 1
+moliporex.com, 1
+moliporex.pt, 1
+molkerei-ammerland.com, 1
+molleron.net, 1
+molletjesveer.tk, 1
+mollie.com, 1
+mollie.nl, 1
+mollybears.org, 1
+mollyblooms.tk, 1
+mollyringworm.tk, 1
+mollysun.net, 1
+molodechno-mk.by, 1
+molodost.ga, 1
+molodost.gq, 1
+molodost.tk, 1
+molokaibreeze.com, 1
+molokov.tk, 1
+molot-tora.ml, 1
+molot-tora24.ga, 1
+molpay.com, 1
+molpek.com, 1
+moltapor.tk, 1
+molti.hu, 1
+molusk.ml, 1
+molwick.com, 1
+mom.life, 1
+moma.co.uk, 1
+moment-terroir.ch, 1
+momentalno.tk, 1
+momentmag.com, 1
+momentum.photos, 1
+momentumcoach.se, 1
+momentumcomfortgear.com, 1
+momentumdash.com, 1
+momentummarketers.ga, 1
+momi-chura.com, 1
+momimi.me, 1
+momit.eu, 1
+momjoyas.com, 1
+mommoneymap.com, 1
+mommyapproveders.ga, 1
+mommyapprovedest.ga, 1
+mommydigest.ga, 1
+mommydigesters.ga, 1
+mommydigestest.ga, 1
+mommylessoners.ga, 1
+mommylessonest.ga, 1
+mommypantsest.ga, 1
+momo0v0.club, 1
+momobako.com, 1
+momochrome.online, 1
+momondersteuning.nl, 1
+momove.nl, 1
+moms.com, 1
+momsagainstcooties.com, 1
+momsays.co.za, 1
+momsbangteens.com, 1
+momslickteens.com, 1
+momspublictube.com, 1
+momstableonline.com, 1
+momtazz.net, 1
+momtits.com, 1
+momtubevideos.com, 1
+momy-genealogie.info, 1
+mon-a-lisa.com, 1
+mon-agenda.org, 0
+mon-agora.com, 1
+mon-assurance-deces.fr, 1
+mon-butin.fr, 1
+mon-cartable.fr, 1
+mon-compte.bzh, 1
+mon-dolibarr.fr, 1
+mon-habitation.ca, 1
+mon-match.com, 1
+mon-partage.fr, 1
+mon-sac-italien.fr, 1
+mon-trafic.com, 1
+mon22.ch, 0
+mona-dress.com, 1
+monacannation.gov, 1
+monaco-automaten.de, 1
+monaco-info.tk, 1
+monacoexpress.tk, 1
+monad.io, 1
+monagenceentreprise-caap.fr, 1
+monarch.security, 1
+monarchcleanersnc.com, 1
+monarchelectric.com, 1
+monarcjuexpo.ch, 1
+monaroindustrial.com.au, 1
+monasteriumlab.com, 1
+monauralpress.com, 0
+monays.ga, 1
+monbebeautrement.fr, 1
+monbedou.net, 1
+monconcoursdgfip.fr, 1
+mondayaftersunday.com, 1
+mondaynightbrewing.com, 1
+monde-ampoule.fr, 1
+monde-oriental.tk, 1
+monde.win, 1
+mondechenoafrance.tk, 1
+mondedie.fr, 1
+mondholz24.de, 1
+mondo-it.ch, 1
+mondo.rs, 1
+mondocellulari.tk, 1
+mondoffice.com, 1
+mondolila.tk, 1
+mondovisione.com, 1
+mondoviwi.gov, 1
+mondpo.pro, 1
+mondsee-psychotherapie.at, 1
+mondzorgparkzicht.nl, 1
+monechafaudage.com, 1
+moneni.com, 1
+moneoci.com.br, 1
+monerogamez.com, 1
+monese.com, 1
+moneshaq.fr, 1
+moneta-rossii.ru, 1
+monetenfuchs.de, 1
+monetize.ml, 1
+monetki.net, 1
+monettmo.gov, 1
+money-book.jp, 1
+money-earning.tk, 1
+money-fast.ga, 1
+money-finder.ml, 1
+money-loan-now.com, 1
+money-okey.tk, 1
+money-quick.cf, 1
+money-spell.com, 1
+money-tapuz.co.il, 1
+money-transfers.tk, 1
+money-trust.ru, 1
+money.bg, 1
+money4net.tk, 1
+moneybill.us, 1
+moneybird.com, 1
+moneybird.de, 1
+moneybird.nl, 1
+moneybirdstorage.com, 1
+moneyblo.com, 1
+moneychill.biz, 1
+moneyclick.tk, 1
+moneycredit.eu, 1
+moneydaily.tk, 1
+moneydecadadia.com, 1
+moneyfactory.gov, 1
+moneyformybeer.com, 1
+moneyfuxx.com, 1
+moneygo.se, 1
+moneygrup.tk, 1
+moneymania.tk, 1
+moneymart.ca, 1
+moneymet.ru, 1
+moneymint.com, 1
+moneyniti.com, 1
+moneyonchain.com, 1
+moneypark.ch, 1
+moneypot.com, 1
+moneyreal.tk, 1
+moneyreview.gr, 1
+moneysavingpro.com, 1
+moneysmart.gov.au, 1
+moneytalks.com, 1
+moneytamer.com, 1
+moneytech.tk, 1
+moneytoday.se, 1
+monfilm.tk, 1
+monforte.tk, 1
+mongla168.net, 1
+mongla88.net, 1
+mongolbox.tk, 1
+mongolito.tk, 1
+monibu.org, 1
+monicadurr.com, 1
+monicahq.com, 1
+monicanaranjo.tk, 1
+monicapotter.tk, 1
+monicz.pl, 1
+monidenum.fr, 1
+monific.com, 0
+monika.tk, 1
+monikadesign.uk, 1
+monin.net, 1
+moninformaticien.ovh, 0
+monique.io, 1
+moniquedekermadec.com, 1
+moniquevanhoutum.nl, 1
+monirtalk.ml, 1
+monirtalks.ml, 1
+moniteaucountymo.gov, 1
+monitman.com, 1
+monitman.solutions, 1
+monitor-mailtracker.com, 1
+monitor365.ch, 1
+monitorashop.com.br, 1
+monitorbandwidth.net, 1
+monitorbox.jp, 1
+monitord.at, 1
+monitordownloadsers.ga, 1
+monitorga.tk, 1
+monitoring-servers.tk, 1
+monitoring.kalisz.pl, 1
+monitoringanetwork.com, 1
+monitoringd.de, 1
+monitoringminecraft.ru, 1
+monitz.de, 1
+monix.io, 1
+monjardin.tk, 1
+monjo.io, 1
+monjob.tk, 1
+monkey-donkey.es, 1
+monkey47.com, 1
+monkey47.events, 1
+monkey47shuffle.com, 1
+monkeybusiness.agency, 1
+monkeymills.ga, 1
+monkeys.pt, 1
+monkeysorce.tk, 1
+monkeytek.ca, 1
+monkeyttack.net, 1
+monlissagebresilien.com, 1
+monloyer.quebec, 1
+monmouthcountynj.gov, 1
+monmouthmaine.gov, 1
+monmouthor.gov, 1
+monnaiecourante.tk, 1
+mono0x.net, 1
+monobunt.at, 1
+monocircus.com, 1
+monocles.de, 1
+monocyte.host, 1
+monodejuegos.shop, 1
+monodrama.tk, 1
+monohost.ml, 1
+monokli.tk, 1
+monolithapps.com, 1
+monolithic.tk, 1
+monolithindustries.com, 1
+monolithon.net, 1
+monongaliasheriff.gov, 1
+monophy.com, 1
+monopoly.tk, 1
+monorail.cf, 1
+monorail.ga, 1
+monorail.gq, 1
+monordibogue.com, 1
+monorthopedagogue.ca, 1
+monospazzole.roma.it, 1
+monothesis.com, 1
+monoworks.co.jp, 1
+monoxoro.tk, 1
+monpanier-procter-et-gamble.fr, 1
+monpc-pro.fr, 0
+monplay.host, 1
+monrabais.fr, 1
+monrasp.ddns.net, 1
+monroecountymo.gov, 1
+monroecountyny-opi.gov, 1
+monroecountysheriff-ny.gov, 1
+monroecountywv.gov, 1
+monroect.gov, 1
+monroeoregon.gov, 1
+monroetn.gov, 1
+monsalvat.no, 1
+monshoppingcestcalais.fr, 1
+monsieurbureau.com, 1
+monsieursavon.ch, 0
+monsitemoncommerce.com, 1
+monsonshoney.com.au, 1
+monsterandfox.co.uk, 1
+monsterarmsest.ga, 1
+monstercurves.com, 1
+monstergovt.com, 1
+monsterlinkmarketing.com, 1
+monstermashentertainments.co.uk, 1
+monsterminigames.de, 1
+monsterminus.tk, 1
+monstermoney.tk, 1
+monsternet.pl, 1
+monsternotebook.com.tr, 1
+monstersuniversity.ga, 1
+monsterx.cn, 1
+monstl.com, 1
+monstresdesfetes.com, 1
+mont-thabor.fr, 1
+montack.de, 1
+montagetravel.com, 1
+montagnainitalia.com, 1
+montagne-experience.fr, 1
+montaguehotel.com, 1
+montala.com, 1
+montalvofarret.xyz, 1
+montanabiack.de, 1
+montanacreativitymovement.tk, 1
+montanaguard.gov, 1
+montanaonlinedivorce.com, 1
+montanasky.tv, 1
+montanatrouthunters.com, 1
+montanawi.gov, 1
+montanwerk.de, 1
+montarosa.tk, 1
+montas.io, 1
+montcalmcountymi.gov, 1
+montclairca.gov, 1
+montco.today, 1
+montebelloca.gov, 1
+montehermoso.tk, 1
+montejomoving.com, 1
+montenativo.de, 0
+montenegro-yacht.com, 1
+monterey.gov, 1
+montessori-oberhaching.de, 1
+monteurzimmerfrei.de, 1
+montevue.co.za, 1
+montgomeryboroughpa-police.gov, 1
+montgomerycountyal.gov, 1
+montgomerycountyar.gov, 1
+montgomerycountyclerkoh.gov, 1
+montgomerycountyhealthky.gov, 1
+montgomerycountyia.gov, 1
+montgomerycountyil.gov, 1
+montgomerycountync.gov, 1
+montgomerycountyoh.gov, 1
+montgomerycountypa.gov, 1
+montgomeryfirm.com, 1
+montgomerynj.gov, 1
+montgomeryohio.gov, 1
+montgomeryprobatecourtal.gov, 1
+montgomerysoccer.net, 1
+montgomeryvotesal.gov, 1
+monti.fi, 1
+montiallison.com, 1
+monticelloky.gov, 1
+montillafarm.com, 1
+montoneros.tk, 1
+montop.tk, 1
+montourcounty.gov, 1
+montourcountypa.gov, 1
+montrain.com, 1
+montrain.fr, 1
+montre-luxe-occasion.com, 1
+montrealcatadoptions.com, 1
+montrealwi.gov, 1
+montredeal.fr, 1
+montres-mh-besancon.fr, 1
+montroseflorida.com, 1
+montsaintaignan.fr, 1
+montuan.com.br, 1
+montychristie.com, 1
+montyvlogs.com, 1
+monvanityideal.com, 1
+monvoyagedentaire.com, 1
+monweb.tk, 1
+monzaradio.tk, 1
+monzatoday.it, 1
+monzo.me, 1
+monzo.tk, 1
+moo.pet, 0
+moocat.me, 1
+moodfabrics.com, 1
+moodfoods.com, 1
+moodforsex.com, 1
+moodgym.com.au, 1
+moodgym.de, 1
+moodifiers.com, 0
+moodle.gq, 1
+moodle.servebbs.com, 1
+moodsta.com, 1
+moodyfss.marketing, 1
+moodyfssrequest.com, 1
+mooglms.com, 1
+mooivoet.nl, 1
+moojp.co.jp, 1
+mooka.tk, 1
+moola.market, 1
+moolah.rocks, 1
+moom20101234567890.tk, 1
+moon.fish, 1
+moonagic.com, 1
+moonagic.io, 1
+moonbench.xyz, 1
+moonbooth.com, 1
+moonboxi.tk, 1
+moonboys.de, 1
+moonbyte.at, 1
+mooncharmshop.com, 1
+moonchart.co.uk, 1
+moondoor.tk, 1
+moondrop.org, 1
+moondsee.de, 1
+moonfist.eu, 1
+moonfreak.tk, 1
+moonhaa.com.br, 1
+mooninvoice.com, 1
+moonkin.eu, 1
+moonlabs.nl, 1
+moonlanders.nl, 0
+moonlight-pr.com, 1
+moonlight-show.tk, 1
+moonlightdesign.org, 1
+moonlightlovers.com, 1
+moonlightlovers.es, 1
+moonlightpicnic.tk, 1
+moonlights.tk, 1
+moonlighttheatre.tk, 1
+moonlit.cloud, 1
+moonlit.games, 1
+moonmelo.com, 1
+moonmoondomain.com, 1
+moonpay.com, 0
+moonpay.io, 1
+moonproject.io, 1
+moonracer.ga, 1
+moonraptor.co.uk, 0
+moonraptor.com, 0
+moonrhythm.info, 0
+moonrhythm.io, 1
+moonsalutations.com, 1
+moonsama.com, 1
+moonshadow.tk, 1
+moonshyne.org, 1
+moonsmanagement.be, 1
+moonspell.com, 1
+moonssif.com, 1
+moonue.com, 0
+moonvpn.org, 1
+moonwolfwiccanschool.tk, 1
+moonzerotwo.tk, 1
+moopro.nl, 1
+mooreandsmalley.co.uk, 1
+moorelife.cn, 1
+mooremi.gov, 1
+mooremillerinvestmentgroup.ca, 1
+mooreminers.com, 1
+mooremoney.co, 1
+mooresvilletribune.com, 1
+mooretownrancheria-nsn.gov, 1
+moorfunevents.co.uk, 1
+moorheadmn.gov, 1
+moormiles.com, 1
+moorparkelectrical.com, 1
+moorparkelectrician.com, 1
+moorparkexteriorlighting.com, 1
+moorparklandscapelighting.com, 1
+moorparklighting.com, 1
+moorparkoutdoorlighting.com, 1
+moorstay.com, 1
+moort.be, 1
+moosic.co, 1
+moosikapp.ml, 1
+moosikapp.tk, 1
+moosmann-moehrle.de, 1
+moosmaus.tk, 1
+moot-info.co.za, 1
+moov.tk, 1
+moove-it.com, 1
+moovemais.com.br, 1
+mopak.tk, 1
+moparcraft.com, 1
+moparcraft.net, 1
+moparcraft.org, 1
+moparinsiders.com, 1
+moparisthebest.com, 1
+moparisthebest.net, 1
+moparisthebest.org, 1
+moparpartsgiant.com, 1
+moparscape.net, 1
+moped-versichern.de, 1
+mopedpress.com, 1
+mopedreifen.de, 0
+mopie.de, 1
+moplay.org, 1
+mopliangxing.com, 1
+moplx.com, 1
+mopoclub.ru, 1
+moppeleinhorn.de, 1
+moppelito.tk, 1
+moppenfactory.tk, 1
+moquettes.roma.it, 1
+moquiridatabuaria.com.br, 1
+mor.estate, 0
+mora.pl, 1
+moracont.com, 1
+moradali.tk, 1
+moralcenter.cf, 1
+moralcompass.ga, 1
+moraldehornuez.tk, 1
+moraliswimwear.com, 1
+morandofora.com.br, 0
+moranyachts.com, 1
+morata.tk, 1
+moratilla.ml, 1
+moravostavdruzstvo.cz, 1
+morawiecki.pl, 1
+moraxyc.com, 1
+morbatex.com, 1
+morbitiles.org, 1
+morbius.cz, 1
+morbotron.com, 1
+morc.me, 1
+morchstore.com, 1
+mord-ost.de, 1
+mordamla.com, 1
+mordelles-altitude.fr, 1
+mordovia.cf, 1
+mordovia.ga, 1
+mordovia.gq, 1
+mordovia.tk, 1
+mordoviya.tk, 1
+more-hikkoshi.com, 1
+more-terrain.de, 1
+moreal.co, 1
+moreapp.co.uk, 1
+morebus.co.uk, 1
+morechance.de, 1
+morecigarettes.tk, 1
+morecreativelife.com, 1
+morediets.net, 1
+moreeducation.tk, 1
+morehertz.com, 1
+morellilaw.com, 1
+moremindsbetter.com, 1
+morenadacentral.tk, 1
+morenci.ch, 1
+moreniche.com, 1
+moreno820.com, 1
+moreno820.com.ar, 1
+moreoptimal.world, 1
+morepablo.com, 1
+moreshop.pl, 1
+morespacestorage.co.uk, 1
+moresw.com, 1
+moretesting.tk, 1
+morethanautodealers.com, 1
+morethancode.be, 1
+morethandigital.info, 1
+moretti.camp, 1
+morevesi.cf, 1
+morewithcore.com, 1
+morfide.com, 1
+morgan-insurance.com, 1
+morgancounty-al.gov, 1
+morgancounty-il.gov, 1
+morgancountymo.gov, 1
+morgancountysheriffal.gov, 1
+morgancountyutah.gov, 1
+morgandesort.com, 1
+morganeb.be, 1
+morgansleisure.co.uk, 1
+morganton.com, 1
+morganwilder.com, 1
+morgengold.de, 1
+morghochak.com, 1
+morgner.com, 1
+mori-cdc.com, 1
+morindesrochersbeaulieu.ca, 1
+morinomiyako-a.co.jp, 1
+morioh.com, 1
+morisakimikiya.com, 1
+morishoji-english-school.com, 0
+moritoworks.com, 1
+moritz-baestlein.de, 1
+moritzkornher.de, 1
+moritztremmel.de, 1
+moriz.de, 1
+moriz.net, 1
+morke.tk, 1
+morleygrainger.com, 1
+mormon-colleges.com, 1
+mormonleaks.io, 1
+mormonvoiceers.ga, 1
+mormonvoiceest.ga, 1
+mornatales.tk, 1
+morningbird.eu, 1
+morningchew.com, 1
+morningcurve.com, 0
+morninggarden.com, 1
+morningstar.moe, 1
+morningstaruniversityonline.com, 1
+moro-gastro.de, 1
+moroccanews.tk, 1
+moroccomiami.com, 1
+moroccotodaynews.ga, 1
+moroccounfiltered.com, 1
+morocotacoin.news, 1
+morogoro.tk, 1
+morooi.cn, 1
+morosystems.cloud, 1
+morox.top, 1
+morozko.gq, 1
+morozstudio.tk, 1
+morozyaka.tk, 1
+morph3d.tk, 1
+morphed.io, 1
+morpheusdata.com, 1
+morphisec-utp.com, 1
+morphitattachments.com.au, 1
+morphysm.co, 1
+morphysm.com, 1
+morphysm.de, 1
+morphysm.io, 1
+morphysm.org, 1
+morrellllc.com, 0
+morrharet.se, 1
+morris.computer, 1
+morrisvillemo.gov, 1
+morrisvillenc.gov, 1
+morrowga.gov, 1
+morrowind-finland.tk, 1
+morsang.net, 1
+morselife.org, 1
+mortaltorment.tk, 1
+mortazavifar.com, 1
+mortebrume.eu, 1
+morten-harket.de, 1
+mortengamstpedersen.tk, 1
+mortezaafri.tk, 1
+mortgagecalculator.biz, 1
+mortgageexpert.io, 1
+mortgagetranslations.gov, 1
+mortis.eu, 1
+mortonmspd.gov, 1
+morus.tk, 1
+morvo.mx, 1
+mos-camin.ru, 1
+mosa.guru, 1
+mosa.tk, 1
+mosaic-design.ru, 1
+mosaically.com, 1
+mosaicmarble.com, 1
+mosaicot.com, 1
+mosaique-lachenaie.fr, 1
+mosautoshina.ru, 1
+mosboutique.it, 1
+moscardino.net, 1
+moscomes.com, 1
+moscow-moscow.tk, 1
+moscow-new.cf, 1
+moscow.tk, 1
+moscow001.com, 1
+moscowlove.tk, 1
+moscownews.ml, 1
+moscownights.org, 0
+moscowsex.tk, 1
+moscowtimes.tk, 1
+mosdosug.ml, 1
+mosdot.org.il, 1
+moseic.com, 1
+moselwi.gov, 1
+moserhof.it, 1
+moservice.id, 1
+mosfet.cz, 1
+mosfetkiller.de, 1
+mosharof-hossain.ml, 1
+moshaver-tahsili.com, 1
+moshavergroup.com, 1
+moshcore.tk, 1
+moshiach.ru, 1
+moshiachtime.com, 1
+moshop.com.vn, 1
+moshwire.com, 1
+mosin.org, 1
+mosio.com, 1
+moskas.tk, 1
+moskeedieren.nl, 1
+moskva-city.cf, 1
+moskva-kamen.ru, 1
+moskvagruz.tk, 1
+mosmirmebeli.com, 1
+mosnews.tk, 1
+moso.io, 1
+mosobl.tk, 1
+mosquito-code.com, 1
+mosquito-sklep.pl, 1
+mosquitojoe.com, 1
+mossan.net, 1
+mosscade.com, 1
+mosselle.ro, 1
+mosshi.be, 1
+mossipanama.com, 1
+mossplants.ru, 1
+mossylog.tk, 1
+most.tk, 1
+mostafabanaei.cf, 1
+mostardela.pt, 0
+mostazaketchup.com, 1
+mostbet.com, 1
+mostbet2.com, 1
+mostbetr.com, 1
+mostdisturbingnews.com, 1
+mosternaut.com, 1
+mostfamousbirthdays.com, 1
+mostlyharmless.at, 1
+mostlyoverhead.com, 1
+mostmost.tk, 1
+mostqbalwatanalqahirah.com, 1
+mosttaza.com, 1
+mostware.nl, 0
+mosurist.tk, 1
+moswand.nl, 1
+motability.co.uk, 1
+motchirotchi.com, 1
+motd.ch, 1
+motekforce.link, 1
+motekforcelink.com, 1
+motekforcelink.eu, 1
+motekforcelink.net, 1
+motekforcelink.nl, 1
+motekmedical.com, 1
+motekmedical.eu, 1
+motekmedical.nl, 1
+motekrysen.com, 0
+moteksystems.com, 1
+moteksystems.net, 1
+motezazer.fr, 1
+moth.monster, 1
+motherboard.services, 1
+motherbrain.tk, 1
+motherearth.cf, 1
+mothereff.in, 0
+motherguru.ca, 0
+motherhood.se, 1
+motherhoodinblack.com, 1
+motherlondon.com, 1
+motherofsorrows.net, 1
+mothership.de, 1
+mothersmediaonline.ga, 1
+motichi.cf, 1
+motifstudio.com.ua, 1
+motion504.com, 1
+motional.com, 1
+motiondata-vector.at, 1
+motiondata-vector.com, 1
+motiondreamatix.de, 1
+motionglobeers.ga, 1
+motionless.nl, 1
+motionory.com, 1
+motiv-rechts.tk, 1
+motiva.health, 1
+motivation.cc, 1
+motivational-babes.com, 1
+motivationalliance.com, 1
+motivness.com, 1
+motivo.nl, 0
+motiweb.fr, 1
+motlife.net, 0
+moto-texnika.tk, 1
+motoactionimola.it, 1
+motoblogism.com, 1
+motoboxbrasil.com.br, 1
+motobrasilferramentas.com.br, 1
+motochileneta.tk, 1
+motoclubentresemana.tk, 1
+motoclubrker.tk, 1
+motocrosssite.tk, 1
+motodb.co.uk, 1
+motodb.net, 1
+motodb.uk, 1
+motodeal.com.ph, 1
+motof.tk, 1
+motoforce.lt, 1
+motofoto.tk, 1
+motogb.net, 1
+motogrupblanes.tk, 1
+motohell.com, 1
+motojato.com.br, 1
+motokados.tk, 1
+motoland.ml, 1
+motolife.tk, 1
+motolinesupply.com, 1
+motomorgen.com, 1
+motonline.com.br, 1
+motor-agro.com, 1
+motor-agro.com.ua, 1
+motor-agro.kz, 1
+motor-agro.ru, 1
+motor-cycles.tk, 1
+motor-forum.nl, 1
+motor1.com, 1
+motorbiketenerife.com, 1
+motorbiketourhanoi.com, 1
+motorcitycasino.com, 1
+motordearranque.com.br, 1
+motoridiricerca.tk, 1
+motorinews24.com, 1
+motorkohler.es, 1
+motorline.ru, 1
+motorparts-images.nl, 1
+motorparts-online.com, 1
+motorring.ru, 1
+motorslopers.tk, 1
+motorsplus.com, 0
+motorsport-passion.com, 1
+motorst.dk, 1
+motortg.it, 1
+motortrend.com, 1
+motorways.tk, 1
+motorwrappen.nl, 1
+motoryachtclub-radolfzell.de, 1
+motorzone.od.ua, 1
+motoselfservices.fr, 1
+motospaya.com, 1
+motostyle.ua, 1
+mototax.ch, 1
+mototeam.tk, 1
+mototec.it, 1
+mototuristas.tk, 1
+motovaruosad.ee, 1
+motovated.co.nz, 0
+motovio.de, 1
+motovrienden.tk, 1
+motowilliams.com, 1
+motoworld.biz, 1
+motransportinfo.com, 1
+motri-projekt.tk, 1
+motringeneric.tk, 1
+motshop.tk, 1
+motstats.co.uk, 1
+mott.pe, 1
+motte.tattoo, 1
+motto-iikoto.com, 1
+motum.no, 1
+motum.se, 1
+motumblekinge.se, 1
+motumport.se, 1
+motumskane.se, 1
+motun.ga, 1
+mou-pmr.tk, 1
+moube.fr, 1
+mouche.fr, 1
+moucloud.cn, 1
+mouff.li, 1
+mouldboard.ga, 1
+moulin-pomerol.com, 1
+moultonpdtx.gov, 1
+moultriecountyil.gov, 1
+mound.ga, 1
+moundvillewi.gov, 1
+mounimaharaj.tk, 1
+mouniresidences.com, 1
+mountain-retreat-center.com, 1
+mountain-rock.ru, 1
+mountainairandheating.com, 1
+mountainbatchers.de, 1
+mountainbell.net, 1
+mountainchalet.blue, 1
+mountaincitytx.gov, 1
+mountaindiscovery.org, 1
+mountaingrovemo.gov, 1
+mountainsandmist.com, 1
+mountainsmokes.com, 0
+mountainspiritinn.com, 1
+mountainspringsrentals.ca, 1
+mountainstage.org, 1
+mountaintree.net, 1
+mountainutilities.eu, 1
+mountainvistaretirement.com, 1
+mountairymd.gov, 1
+mountbatten.cz, 1
+mountbrowneguestcottage.ga, 1
+mountcarrollil.gov, 1
+mountclemens.gov, 1
+mountdora.gov, 1
+mountfield.co.nz, 1
+mountjoy.school, 1
+mountknowledge.nl, 1
+mountpost.tk, 1
+mountvernonin.gov, 1
+mountvictoryohio.gov, 1
+mountwashington-ma.gov, 1
+mouracloset.com.br, 1
+mourassiloun.com, 1
+mouseflow.com, 1
+mousepotato.uk, 1
+moushed.tk, 1
+moussa-ibrahim.ml, 1
+moutiezhaller.com, 1
+mov, 1
+mova.club, 1
+movabletype.net, 1
+movacare.de, 1
+movaci.com, 1
+moval.gov, 1
+movavi.id, 1
+movavi.ru, 1
+move-out-cleaning.co.uk, 1
+moveceara.com.br, 1
+movefi.com.br, 1
+moveltix.net, 1
+movemais.com, 1
+movember.com, 0
+moveme.ca, 0
+movementhub.org, 1
+movementsodom.tk, 1
+moveon4.com, 1
+moveon4.de, 1
+moveonca.com, 1
+moveonfr.com, 1
+moveonlite.com, 1
+moveonru.com, 1
+movepin.com, 1
+movetonewcastle.com.au, 1
+movewellnesslab.com, 1
+movewithfiness.com, 1
+moveyourass.tk, 1
+movfun.ga, 1
+movie-download.cz, 1
+movie-infos.net, 1
+movie-sounds.org, 1
+movie1000.com, 1
+movieboost.nl, 1
+moviebox.com, 1
+movieeveningers.ga, 1
+movieeveningest.ga, 1
+moviefreeze.com, 1
+movieglot.ml, 1
+movieguys.org, 1
+moviejack.org, 0
+moviemadness.uk, 1
+movieoldiesest.ga, 1
+movieredeem.com, 1
+movies-diploma.fun, 1
+movies-fan.tk, 1
+movies1977.ga, 1
+movies4us.me, 1
+moviesetc.net, 1
+moviesrules.tk, 1
+moviestodownload.tk, 1
+movietopper.ml, 1
+movietradition.tk, 1
+moviewatchin.tk, 1
+movihut.com, 1
+moviko.nz, 1
+movil.uno, 1
+movilandroide.com, 1
+moviles.com, 1
+moviltronix.com, 1
+movimento-terra.it, 1
+movimentoterra.roma.it, 1
+moving-pixtures.de, 1
+movingjokesers.ga, 1
+movingjokesest.ga, 1
+movinglogistics.nl, 0
+movingoklahoma.org, 1
+movingservice-houston.com, 1
+movingtohttps.com, 1
+movio.ga, 1
+moviro.net, 1
+movlib.org, 1
+movnest.com, 1
+mowercountymn.gov, 1
+mowing-the-lawn.com, 1
+mowster.com, 1
+mowster.net, 1
+moxfield.com, 1
+moxiegirlz.id, 1
+moy-biznes.tk, 1
+moy-gorod.od.ua, 0
+moy-ogorod.info, 1
+moy-urozhay.info, 1
+moy.cat, 1
+moybiznes.tk, 1
+moyer.pub, 0
+moylen.eu, 1
+moyminsk.tk, 1
+moyobi.com, 0
+moyogorod.info, 1
+moyu.host, 0
+moyufangge.com, 1
+moz.idv.tw, 1
+mozambiquetravel.com, 1
+mozartgroup.hu, 1
+mozektevidi.net, 1
+mozfr.org, 1
+mozgb.ru, 1
+mozgovoy.tk, 1
+mozilla-russia.org, 1
+mozilla.cz, 1
+mozillalinks.org, 1
+mozo.com.au, 1
+mozzak.tk, 1
+mozzez.de, 1
+mozzi.online, 1
+mozzilla.cz, 1
+mp-bln.de, 1
+mp.gov.in, 1
+mp.org, 1
+mp3.tj, 1
+mp3cut.net, 1
+mp3gratuiti.com, 0
+mp3musicfind.ga, 1
+mp3noi.com, 1
+mp3skull.cf, 1
+mp3sort.biz, 0
+mpa-pro.fr, 1
+mpadegree.org, 1
+mpak.tk, 1
+mpamag.com, 1
+mpc-hc.org, 1
+mpc-view.net, 1
+mpcforum.pl, 1
+mpcmsa.org, 1
+mpdu.tk, 1
+mpebrasil.tk, 1
+mpetroff.net, 1
+mpfront.com, 1
+mpg.gg, 1
+mpg.ovh, 1
+mpgaming.pro, 1
+mpgu.tk, 1
+mphold.ru, 1
+mphprogram.com, 1
+mphprogramslist.com, 1
+mphq.de, 1
+mphwinkel.nl, 1
+mpi-sws.org, 1
+mpi.org, 1
+mpintaamalabanna.it, 1
+mpk-chayka.org.ua, 1
+mpkrachtig.nl, 1
+mplanetphl.fr, 0
+mplant.io, 1
+mpodraza.eu, 1
+mpodraza.pl, 1
+mpool.eu.org, 1
+mpool.live, 1
+mpornoindir.tk, 1
+mpowr.com, 1
+mpps.it, 1
+mprep.info, 1
+mprsco.eu, 1
+mpsctriskelions.tk, 1
+mpserver12.org, 1
+mpsi1.fr, 1
+mpso.it, 1
+mpsoundcraft.com, 1
+mptdom.com, 1
+mptenders.gov.in, 1
+mptool.pt, 1
+mpu-ibbi.de, 1
+mpu-vorbereitung.com.de, 1
+mpy.ovh, 1
+mqacg.com, 1
+mqas.net, 1
+mqbeauty.com.tw, 1
+mqbx.nl, 1
+mr-7.ru, 1
+mr-a.de, 1
+mr-anderson.org, 0
+mr-bills.com, 1
+mr-brown.tk, 1
+mr-coffee.net, 1
+mr-englischkurse.de, 1
+mr-labo.jp, 1
+mr-moulding-knives.com, 0
+mr-plomberie.com, 0
+mr-wolf.nl, 0
+mr.bet, 1
+mr0.de, 1
+mr1310.com, 1
+mr1xbet.com, 1
+mr3.io, 1
+mr8.de, 1
+mraag.xyz, 1
+mrafrohead.com, 1
+mrak.blog, 0
+mralonas.cf, 1
+mralonas.ga, 1
+mralonas.gq, 1
+mralonas.ml, 1
+mralonas.tk, 1
+mramor.ml, 1
+mrandmrsparrot.gr, 1
+mrandyyp.com, 1
+mranimal.tk, 1
+mrazek.biz, 1
+mrbeardcbd.es, 1
+mrbighungary.hu, 1
+mrbounce.com, 1
+mrbouncescrazycastles.co.uk, 1
+mrbouncycastle.com, 1
+mrbusiness360.com, 1
+mrc-productivity.com, 1
+mrca-sharp.com, 0
+mrcelulares.co, 1
+mrclutch.com, 1
+mrcog.tk, 1
+mrcomer.tk, 1
+mrcool.com, 1
+mrcool.store, 1
+mrcooldiy.ca, 1
+mrcooldiy.com, 1
+mrcoolevents.com, 1
+mrcoolfranchise.com, 1
+mrcoolfranchising.com, 1
+mrcooluniversal.ca, 1
+mrcooluniversal.com, 1
+mrcyberpixel.tk, 1
+mrd-rc.com, 1
+mrd-v.com, 1
+mrd.ninja, 1
+mrdatenschutz.de, 1
+mrdayman.com, 1
+mredsanders.net, 1
+mrenegades.com, 1
+mrephrase.com, 1
+mrevolution.eu, 1
+mrewards-production.herokuapp.com, 1
+mrewards-uat.herokuapp.com, 1
+mrfactors.com, 1
+mrfd.nl, 1
+mrfindfix.com, 1
+mrfinka.ml, 1
+mrformaltuxedos.com, 1
+mrfreshtruck.com, 1
+mrg-srv.ru, 1
+mrg-team.ru, 1
+mrgeek.ru, 1
+mrgstaticcdn.ru, 1
+mrgstaticcontent.ru, 1
+mrguider.org, 1
+mrgusercontent.ru, 1
+mrgutternj.com, 1
+mrhc.ru, 1
+mrhost.biz, 1
+mri.community, 1
+mrichard333.com, 1
+mricspatial.com, 1
+mrinalpurohit.in, 1
+mrizzio.com, 1
+mrjbanksy.com, 1
+mrjhnsn.com, 1
+mrjo.sh, 1
+mrjunior.ga, 1
+mrjunior.ml, 1
+mrkapowski.com, 0
+mrknee.gr, 1
+mrkrabat.de, 1
+mrliu.me, 1
+mrlove.tk, 1
+mrmad.com.tw, 1
+mrmanson.tk, 1
+mrmarcie.com, 1
+mrmemory.co.uk, 1
+mrmeomeo.xyz, 1
+mrmn.nl, 1
+mrmoregame.de, 1
+mrmosier.tk, 1
+mrmostafaacademy.tk, 1
+mrnabetterlife.com.sg, 1
+mrnathanpowell.com, 1
+mrnh.de, 0
+mrnh.tk, 1
+mrnice.ml, 1
+mrnonz.com, 1
+mrnordic.com, 1
+mrpanipiales.com, 1
+mrpcap.com, 1
+mrpetersen.de, 1
+mrplates.co.nz, 1
+mrplates.co.uk, 1
+mrplates.com.au, 1
+mrpluss.ml, 1
+mrpricegroup.com, 1
+mrrjva.gov, 1
+mrs-labo.jp, 1
+mrs-shop.com, 1
+mrsbairds.com, 0
+mrschristine.com, 1
+mrsejf.cz, 1
+mrshahin.cf, 1
+mrshang.tk, 1
+mrsheep.win, 1
+mrshish.com.au, 1
+mrsiding.net, 1
+mrsjinthelibrary.com, 1
+mrsk.me, 1
+mrssclaus.ca, 1
+mrstat.co.uk, 1
+mrston.ml, 1
+mrstuudio.ee, 1
+mrtg.com, 1
+mrtieungao.tk, 1
+mrtskidkispb.ru, 0
+mrtunnel.club, 1
+mru.org, 1
+mruczek.trade, 1
+mruczek.wiki, 1
+mruganiepodspacja.pl, 1
+mrupert.com, 1
+mrux.io, 1
+mrux.pl, 1
+mrv.li, 1
+mrvl.net, 1
+mrvnt.co, 1
+mrwacky.com, 1
+mrwen.net, 1
+mrwindow.co.uk, 1
+mrwp.ru, 1
+mrwrestling.tk, 1
+mrxn.net, 1
+mrzonk.cf, 1
+ms-australia.de, 1
+ms-ch.ch, 1
+ms-fassmoebel.de, 1
+ms-wissenschaft.de, 0
+ms295.com, 0
+ms67pta.org, 1
+msa-aesch.ch, 1
+msa.bank, 1
+msahebhonar.com, 1
+msaludasuhogar.com, 1
+msar.eu, 1
+msbdocs.com, 1
+msc-corps.de, 1
+mscc.mu, 1
+mscc.org, 1
+msch.pw, 1
+mschuessler.org, 1
+msda23.gov, 1
+msdnicrosoft.cn, 0
+msdproduction.cz, 1
+msdprojectclearmo.gov, 1
+msebera.cz, 1
+msedkiewicz.pl, 1
+mselectronique.tk, 1
+mserve.ddns.net, 1
+mservers.cz, 1
+msfishingcharter.com, 1
+msgallery.tk, 1
+msgauctions.com, 1
+msgmon.com, 1
+msgr.com, 1
+msgroupitaly.com, 1
+msgs.ee, 1
+msgtrust.com, 1
+msh100.uk, 1
+msha.gov, 1
+mshastanddown.gov, 1
+mshemailmarketer.com.au, 1
+mshgame.ga, 1
+msi-zlin.cz, 1
+msiegmund.com, 1
+msieursvp.fr, 1
+msig-thai.com, 1
+msinc.ru, 1
+msisupplyinc.com, 1
+msize48.ch, 1
+msk-balkon.ru, 1
+msktc.org, 1
+msl.org, 1
+mslivros.com.br, 1
+msm-data.com, 1
+msm.ai, 1
+msmails.de, 1
+msmeble.pl, 1
+msmetana.cz, 1
+msn.cn, 1
+msn.com, 1
+msnarzedzia.pl, 1
+msncash.cf, 1
+msnedu.org, 1
+msngr.com, 1
+msnhdd.info, 1
+msnr.net, 1
+msoc.gent, 1
+msoffice-inc.net, 1
+msoida.me, 1
+msoll.de, 1
+msoll.eu, 1
+msoutlook.info, 1
+msp.com.au, 1
+msp66.de, 0
+mspark.tk, 1
+mspatexas.com, 1
+mspcc.org, 1
+msphotographics.de, 0
+mspnocsupport.com, 1
+msprealestateinc.com, 1
+mspsocial.net, 1
+msquadrat.de, 0
+msquared.id.au, 1
+msroot.de, 1
+msrumon.com, 1
+mss6.com, 1
+mssa.jp, 1
+msscholz.de, 1
+mssm-portal.com, 1
+mssora.com, 1
+mssys.de, 0
+mstazakka.com, 1
+mstdn.blue, 1
+mstdn.fm, 1
+mstdn.fr, 1
+mstdn.in.th, 1
+mstdn.io, 1
+mstdn.party, 1
+mstever.com, 1
+mstr-f-dstrctn.de, 1
+mstridde.de, 1
+mstudio.tk, 1
+msu.edu.tr, 1
+msuess.me, 1
+msuna.net, 1
+msv-limpezas.pt, 1
+msvbeveiliging.nl, 1
+mswdtemplate.com, 1
+msx.org, 1
+msyndicate.com, 1
+msz-fotografie.de, 1
+mszavodumiru.cz, 1
+mt-bank.jp, 1
+mt-tech.fi, 1
+mt-west.org, 1
+mt.run, 0
+mt.search.yahoo.com, 0
+mt1016.com, 1
+mt1130.com, 1
+mt2414.com, 1
+mt2ofx.tk, 1
+mt4professional.com, 1
+mta-sts.email, 1
+mta-sts.eu, 1
+mta-sts.nl, 1
+mta.fail, 1
+mta.org.ua, 1
+mtabriz.de, 1
+mtane0412.com, 0
+mtangel.gov, 1
+mtap.in, 1
+mtasa.hu, 1
+mtasts.xyz, 1
+mtataes.gov.ma, 1
+mtauburnassociates.com, 1
+mtb.wtf, 1
+mtbfoodie.com, 1
+mtboutiques.com, 1
+mtcoks.gov, 1
+mtcq.jp, 1
+mtd.org, 1
+mtd.ovh, 1
+mtdnrc.gov, 1
+mte-online.com, 1
+mte.sk, 1
+mtechprecisioninc.com, 1
+mtehe-square.com, 1
+mtel.gr, 1
+mteleport.net, 1
+mtexpert.com.br, 1
+mtf.party, 1
+mtf.rip, 1
+mtf.wiki, 1
+mtfgnettoyage.fr, 1
+mtfwiki.com, 1
+mtfwiki.lgbt, 1
+mtfwiki.net, 1
+mtfwiki.org, 1
+mtfwiki.xyz, 1
+mtgoptex.com, 1
+mtgsuomi.fi, 1
+mthd.link, 1
+mthode.org, 1
+mthrbrd.com, 1
+mthrbrd.net, 1
+mths.be, 0
+mticareportal.com, 1
+mtinz.com, 1
+mtirc.co, 1
+mtjoytwppa.gov, 1
+mtkhs.com, 1
+mtlabs.jp, 1
+mtlconcerts.com, 1
+mtlebanonbaptist.church, 1
+mtlegnews.gov, 1
+mtltransport.com, 1
+mtludlow.co.uk, 1
+mtmedia.org, 1
+mtn-media.de, 1
+mtnc.nl, 1
+mtncoi-coe.com, 1
+mtnvalleyhospice.org, 1
+mtnwebwiz.com, 1
+mtoma.tk, 1
+mtouch.facebook.com, 0
+mtp-services.fr, 1
+mtpa.live, 1
+mtpleasant-tn.gov, 1
+mtr-croatia.tk, 1
+mtr.md, 1
+mtr123.cn, 0
+mtravelers.net, 1
+mtredistricting.gov, 1
+mtrx.tech, 1
+mts-energia.eu, 1
+mts-global.com, 1
+mtsafe.gov, 1
+mtsn3padang.sch.id, 0
+mtsoftware.com.au, 1
+mtstandard.com, 1
+mtthwbrd.com, 1
+mtv.re, 1
+mtvernonlisbonpd-ia.gov, 1
+mtvroadies.tk, 1
+mtw.org, 1
+mtwolfpa.gov, 1
+mtz-bu.gq, 1
+mtz-info.gq, 1
+mtz-sng.gq, 1
+mtz80-mtz82.gq, 1
+mtzbelarus.gq, 1
+mtzfederico.com, 1
+mu-sigma.com, 1
+mu-thunder.online, 1
+mu-venezuela.tk, 1
+mu-wi.gov, 1
+mu.ax, 1
+mu.search.yahoo.com, 0
+mu00.org, 1
+mu105.cc, 1
+mu3e.com, 1
+mu3on.com, 1
+muabannhanh.com, 0
+muac-innolab.eu, 1
+muafakatmalaysia.ga, 1
+muafakatmalaysia.gq, 1
+muafakatmalaysia.ml, 1
+muarstabyggmarknad.tk, 1
+mubase.dk, 1
+muble.tk, 1
+muceniece.tk, 1
+muchamiel.nl, 1
+muchbetterthancash.com, 1
+muchisimos.com, 1
+muchohentai.com, 1
+muchoruidoacademy.com, 1
+muchotrolley.tk, 1
+muckingabout.eu, 1
+muclan.tk, 1
+mucmail.de, 1
+mudanzasjuniorh.com, 1
+mudanzaspacifico.com, 1
+mudanzasuiza.com.ec, 1
+mudanzasytransportesbh.com, 1
+mudaomundo.org, 1
+mudareganhar.pt, 0
+mudasobwa.tk, 1
+mudbenesov.cz, 1
+mudcomplex.ga, 1
+mudcomplexers.ga, 1
+mudcrab.us, 0
+muddy-bugs.co.uk, 1
+muddy-landrover.tk, 1
+mudey.pt, 1
+mudgezero.one, 1
+mudit.xyz, 0
+mudpiles.cat, 1
+mudramagik.com, 1
+mudrc.net, 1
+mudrex.com, 1
+mudrockrentals.com, 1
+muelhau.pt, 1
+muell-weg.de, 1
+muellapp.com, 0
+mueller-starck.de, 1
+mueller5.eu, 1
+muellerurology.com, 1
+muenchberger.com, 0
+muennich-coll.de, 1
+muenzen.tk, 1
+muenzenforum.tk, 1
+mufi.ga, 1
+mufibot.net, 1
+mufid.tk, 1
+muflon-linux.org, 1
+muga.space, 1
+muganworld.com, 1
+mugawe.com, 1
+mugen.technology, 1
+mugfanatic.com, 1
+mugrabyhostel.tk, 1
+mugsstumpaward.com, 1
+muguayuan.com, 1
+muh.io, 1
+muhabarishaji.com, 0
+muhabbet.org, 1
+muhafazakarkiralikvilla.com, 1
+muhammadlukman.ml, 1
+muhammadmunif.ml, 1
+muhammed.tk, 1
+muhanov.net, 1
+muhanova.com, 1
+muhasebeci.org, 1
+muhasebekurslari.tk, 1
+muhcow.dk, 1
+muhibbulislam.tk, 1
+muhiminulhasan.me, 1
+muhlenbergtwppa.gov, 1
+muhrielle.org, 1
+mui.com, 1
+mui.pet, 1
+muii.com.br, 1
+muilties.com, 1
+muir.eu.org, 1
+muir.fun, 1
+muir.pp.ua, 1
+muisoft.fi, 1
+muizenpagina.tk, 1
+muizenpuntje.tk, 1
+muj-sejf.eu, 1
+mujemail.ml, 1
+mujerescolombianas.tk, 1
+mujeresfemeninas.com, 1
+mujlinux.cz, 1
+mujoco.org, 1
+muk-kobetsu.com, 1
+muku-flooring.com, 1
+mukwa.gov, 1
+mula.tk, 1
+mulaisehat.com, 1
+mulberryar.gov, 1
+mulberryfirear.gov, 1
+mulberrypolicear.gov, 1
+mulchexpressusa.com, 1
+mulder.social, 1
+mulderfamilie.tk, 1
+mulej.net, 1
+mulheres18.com, 1
+muling.lu, 1
+mulk.hopto.org, 1
+mullen.net.au, 1
+mullens-usedcars.be, 1
+mullerkappers.nl, 1
+mullett-townshipmi.gov, 1
+mullinsfarms.com, 1
+muloot.de, 1
+multi-cryptex.gq, 1
+multi-fruit.tk, 1
+multi-pribor.ru, 1
+multi-soudures.fr, 1
+multi-tool.ml, 1
+multi-vpn.biz, 1
+multiagent.tk, 1
+multiasistencia.com, 1
+multibomasm.com.br, 1
+multichange.net, 1
+multiclinicacardio.com.br, 1
+multicoin.capital, 0
+multiconsumos.tk, 1
+multicore.cl, 1
+multicorpbra.com, 1
+multifamily.loans, 1
+multigamecard.com, 1
+multigeist.de, 1
+multigo.ru, 1
+multihobby.tk, 1
+multikalender.de, 0
+multilevelmarketing.cf, 1
+multiline.ge, 1
+multilingualpress.org, 1
+multilogik.com, 1
+multimalin.ovh, 1
+multimatte.com, 1
+multimedia-pool.com, 1
+multimedia.or.jp, 1
+multimediaworld.tk, 1
+multimediosmonti.com, 1
+multinationalforce.com, 1
+multipassword.com, 1
+multipleapi.de, 1
+multiplex-rc.de, 1
+multiplex.tk, 1
+multiplexcy.com, 1
+multiplier-effect.org, 1
+multiplies.tk, 1
+multiply.co.za, 1
+multipotential-labo.com, 1
+multipuntos.ml, 1
+multirep.ch, 0
+multiroom-streaming.de, 1
+multischool.tk, 1
+multisite.ovh, 1
+multispaninc.com, 1
+multisportaustralia.com.au, 1
+multistas.tk, 1
+multitec.nl, 1
+multitek.no, 1
+multitenantlaravel.com, 1
+multiterm.org, 1
+multitheftauto.com, 1
+multitool.cf, 1
+multitraf.ga, 1
+multivideo.tk, 1
+multivpn.biz, 1
+multivpn.cn.com, 1
+multivpn.co.uk, 1
+multivpn.com.de, 1
+multivpn.com.ua, 1
+multivpn.fr, 1
+multivpn.su, 1
+multnomahvotes.gov, 1
+multsearch.eu.org, 1
+multymaq.com, 0
+mum.ceo, 1
+mum.lu, 1
+muma.cf, 1
+muma.ml, 1
+mumbaionlinegifts.com, 1
+mumbairoleplay.tk, 1
+muminkoykiran.com, 1
+mummatters.com.au, 1
+mummyandmephotography.com, 1
+mumolabs.com, 1
+mumszab.se, 1
+mumusofa.com.tw, 1
+muna.de, 1
+munakata-cl.jp, 1
+munch.me, 1
+munchcorp.com, 1
+mund-interdisziplinaer.com, 1
+mundo-otaku.tk, 1
+mundoalba.tk, 1
+mundoarabe.com.br, 1
+mundobizarro.tk, 1
+mundocompleto.tk, 1
+mundocristiano.tk, 1
+mundodalua.tk, 1
+mundodaprogramacao.com.br, 1
+mundodasmensagens.com, 1
+mundodastribos.com, 1
+mundodewill.com.br, 1
+mundodocurioso.com.br, 1
+mundodosagapornis.tk, 1
+mundoemalerta.com, 1
+mundofoto.tk, 1
+mundofriki.es, 1
+mundogamers.top, 1
+mundoinfrarrojo.com, 1
+mundojoven.tk, 1
+mundokia.com.co, 0
+mundokinderland.com.br, 1
+mundolettering.com, 1
+mundomagicotv.com, 1
+mundomovie.tk, 1
+mundonow.com, 1
+mundopatchwork.online, 1
+mundoperfecto.net, 1
+mundorealtv.tk, 1
+mundosat.com, 1
+mundoscrapbooking.online, 1
+mundoseth.tk, 1
+mundosteampunk.club, 1
+mundosuiri.ml, 1
+mundschenk.at, 1
+mundtec.com.br, 1
+munduberriak.com, 1
+munduch.cz, 1
+munduch.eu, 1
+muneni.co.za, 1
+munera.ca, 1
+munfordtn.gov, 1
+munialajuela.go.cr, 1
+munibilling.com, 1
+munich-eventlocations.de, 1
+municipioseducadores.es, 1
+munihei.de, 1
+muniplus.com.ar, 1
+munkeeboi.com, 1
+munki.org, 1
+munkibuilds.org, 1
+munnezza.tk, 1
+munroads.com, 1
+muntajati-om.com, 0
+muntproever.nl, 1
+muntstuk.com, 1
+munwr.com, 0
+munzlocal10.org.nz, 1
+muoivancauhoivisao.com, 1
+mup-republicanos.tk, 1
+muqqabla.com, 1
+mur-parfait.com, 1
+mur-vegetal-interieur.fr, 1
+muradiyetemizlik.com, 1
+murakami-sah.com, 1
+muralart.ga, 1
+murasaki.co.uk, 1
+murasame.tech, 1
+murashun.jp, 1
+muratatifsayar.com.tr, 1
+muratbekgi.com, 1
+muratboyla.com, 1
+muratcileli.tk, 1
+muratec.tw, 1
+muratore-roma.it, 1
+murciacobras.tk, 1
+murciaprocuradores.tk, 1
+murdercube.com, 1
+murfreesboroar.gov, 1
+murfy.kiwi, 1
+murfy.nz, 1
+murgi.de, 1
+murksbreider.tk, 1
+murl.ml, 1
+murmansk.cf, 1
+murmanskforum24x7.tk, 1
+murmashi.com, 1
+murmashi.ru, 1
+murmures.net, 1
+murof.com.br, 1
+murphy-law.net.ru, 1
+murphysfire.gov, 1
+murray.xyz, 1
+murraya.cn, 1
+murraycountymn.gov, 1
+murraywaldren.com, 1
+murrietadogtrainers.com, 1
+murrsuit.eu, 1
+murrsuit.net, 1
+murrsuit.org, 1
+mursa.tk, 1
+mursatov.tk, 1
+murster.tw, 1
+mursu.directory, 1
+murtazamustafahirani.tk, 1
+murz.tv, 1
+murzik.space, 1
+musaccostore.com, 0
+musacomo.com, 1
+musafir-aceh.tk, 1
+musasionline.com, 1
+musaslush.com, 1
+musavat.com, 1
+musbizu.com.ng, 1
+muscatinecountyiowa.gov, 1
+muscatinejournal.com, 1
+muscle-home.fr, 1
+muscle-tg.com, 1
+muscleandrecovery.com, 1
+musclecarresearch.com, 1
+musclecarsillustrated.com, 1
+musclecarus.com, 1
+muscles.cf, 1
+muscolinomusic.com, 1
+muscularbabes.net, 1
+musculardystrophyuk.org, 1
+muscuolisq.cf, 1
+musearchengine.com, 1
+museclef.com, 1
+musecomunicazione.it, 1
+musedash.moe, 1
+musehelix.com, 1
+museloveurania.com, 1
+museo.com.au, 1
+museodefutbol.online, 1
+museodeinsectos.tk, 1
+museodelistmo.tk, 1
+muserver.io, 1
+muses-success.info, 1
+museumnachtgent.be, 1
+museumplantinmoretus.be, 1
+museumtravelalliance.com, 1
+museumwaalsdorp.nl, 1
+musexpo.net, 1
+mush-room.co.jp, 1
+mushel.ddns.net, 1
+mushikabu.net, 1
+mushing.pl, 1
+mushino.com, 1
+mushka.ga, 1
+mushman.tk, 1
+mushroomcloud.moe, 1
+music-is-my-life.de, 1
+music-privilege.fr, 1
+music-project.eu, 1
+music-store-download.com, 1
+music.amazon.com, 1
+musica.com, 1
+musicales.tk, 1
+musicall.com, 1
+musicalschwarzenburg.ch, 1
+musicandrelated.tk, 1
+musicapara.net, 1
+musicapopolareitaliana.net, 1
+musicaporbolivia.tk, 1
+musicare.com, 1
+musicasbr.com.br, 1
+musicbow.com, 0
+musicbox.party, 1
+musicchris.de, 1
+musicfactory.ml, 1
+musicflac4.tk, 1
+musicfor.us, 1
+musicfreakz.cf, 1
+musicfromgod.com, 1
+musicgamegalaxy.de, 1
+musicgeek.ga, 1
+musicgivesmelife.com, 1
+musichiphop.ga, 1
+musichome.tk, 1
+musicinsiderdigest.com, 1
+musickhouseleveling.com, 1
+musickorea.tk, 1
+musiclenta.tk, 1
+musiclite.tk, 1
+musicmasala.tk, 1
+musicnotesroom.com, 1
+musicompare.com, 1
+musicradar.co.il, 1
+musicradio.ga, 1
+musicradio.gq, 1
+musicradio.tk, 1
+musicrainbow.tk, 1
+musicrepublicmagazine.com, 1
+musicrooz.tk, 1
+musicschoolonline.com, 1
+musicsense.cf, 1
+musicsmoke.tk, 1
+musicsnippet.com, 1
+musicsrv.de, 1
+musicstudio.pro, 1
+musictech.com, 1
+musictools.tk, 1
+musictouch.ru, 1
+musicvideo.club, 1
+musicvietnam.tk, 1
+musicwear.cz, 0
+musigama.tk, 1
+musik-mentaltraining.ch, 1
+musik-reitemann.de, 1
+musik-vereinsbedarf.de, 0
+musikarti.com, 1
+musiker.tk, 1
+musikhaus-korn.de, 1
+musikholics.com, 1
+musikidersi.tk, 1
+musiktag2020.ch, 1
+musikverein-elten.de, 1
+musikverein-schuettorf.de, 1
+musikzentrale.net, 0
+musings.cloud, 1
+musings.tech, 1
+musiq-supreme.tk, 1
+musique2nuit.com, 1
+musiques-traditionnelles.ga, 1
+musition.cloud, 1
+musition.com, 1
+musition.net, 1
+musitioncloud.com, 1
+musitionfirst.com, 1
+muskegoncounty.gov, 1
+muskegontwpmi.gov, 1
+muskegowi.gov, 1
+musketiers.tk, 1
+muskuratimorning.tk, 1
+muslimah.boutique, 1
+muslimbanter.co.za, 1
+muslimmarriage.cf, 1
+muslimpocket.com, 1
+muslimsoul.cf, 1
+muslimsoul.ga, 1
+muslimsoul.gq, 1
+muslimsoul.ml, 1
+muslitocomics.tk, 1
+musmann.io, 1
+musopen.org, 1
+musoscorner.com.au, 1
+muspla.com.br, 1
+mussalains.com, 1
+musselsblog.com, 1
+mussonsppe.com, 1
+mussonstrading.com, 1
+musta.ch, 1
+mustangapparel.ca, 1
+mustard.co.uk, 1
+mustard.llc, 1
+mustasj.no, 1
+mustat.com, 1
+muster-folien.de, 1
+muster-schablonen.de, 1
+musterihizmet.com, 1
+musterionsec.com, 1
+mustertexte-musterbewerbung.de, 1
+mustexist.tk, 1
+musthave.tk, 1
+musthavesforreal.com, 1
+musthinsider.com, 1
+mustika.cf, 1
+mustketing.com, 1
+musttest.com, 1
+musttest.email, 1
+musttest.eu, 1
+musttest.net, 1
+musttest.org, 1
+musubi-dev.net, 1
+musulmanesnuevos.tk, 1
+mususu.com, 1
+musvcs.com, 1
+mutagen.io, 1
+mutahar.me, 1
+mutantmonkey.in, 1
+mutantmonkey.info, 1
+mutantmonkey.sexy, 1
+mutex.tech, 1
+mutfakyolu.com, 1
+muthai.in.th, 1
+mutiararentas.com.my, 1
+mutsumikai8989.com, 1
+mutua.es, 1
+mutua.it, 1
+mutual.ga, 1
+mutualfunds.cf, 1
+mutualfunds.ml, 1
+mutualmoney.ml, 1
+mutualofomahamedicareplans.com, 1
+mutuals.cool, 1
+mutuelle.fr, 1
+muuglu.es, 1
+muunnin.net, 1
+muurari.tk, 1
+muusika.fun, 1
+muusikoiden.net, 1
+muv.co.uk, 1
+muwatenraqamy.org, 1
+muwi.tk, 1
+muxetv.com, 1
+muxup.com, 1
+muy.ooo, 1
+muydelgada.com, 1
+muyinternetsante.tk, 1
+muz-portal.com, 1
+muz2u.ru, 1
+muzamilpc.com, 1
+muzcomedia.ru, 1
+muzenzacrianca.tk, 1
+muzetxe.com, 1
+muzeumkomiksu.eu, 0
+muzflix.net, 1
+muzi-tips.tk, 1
+muzi.cz, 1
+muzicamp3.org, 1
+muzicar.rs, 1
+muzicari.tk, 1
+muziekcentrumdebijloke.gent, 1
+muziekluisteren.eu, 1
+muziektermen.tk, 1
+muzikanews.tk, 1
+muzikantine.nl, 1
+muzike.tk, 1
+muzline.ua, 1
+muzmo.ga, 1
+muzotakt.pl, 1
+muzprosvet.tk, 1
+muzykanawesele.info, 1
+mv-schnuppertage.de, 0
+mv-spital.tk, 1
+mv-wohnen.de, 1
+mvandek.nl, 1
+mvarsamis.com, 1
+mvb-it.nl, 1
+mvbits.com, 0
+mvbstyling.nl, 1
+mvbug.com, 1
+mvccp.co.za, 1
+mvdmt.gov, 1
+mvelopes.com, 1
+mventix.com, 1
+mvib.net, 1
+mviess.de, 1
+mvisioncorp.com, 1
+mvistatic.com, 1
+mvmcorps.com, 1
+mvn.lu, 1
+mvno.io, 1
+mvorisek.com, 1
+mvorisek.cz, 1
+mvpinfo.ga, 1
+mvpower.pt, 1
+mvpzd.com, 1
+mvrcheck.com, 1
+mvrdrivingrecords.com, 1
+mvsp.ru, 1
+mvwdca.gov, 1
+mvwoensei.com, 1
+mvwoensei.xyz, 1
+mvwoensel.com, 1
+mvzstartpagina.tk, 1
+mw.search.yahoo.com, 0
+mwahyunz.id, 1
+mwai.edu.ph, 1
+mwamitours.com, 1
+mware-staging.azurewebsites.net, 1
+mwavuli.co.ke, 1
+mway.io, 1
+mwba.org, 1
+mwcwallet.com, 1
+mwd.world, 1
+mwdsls.gov, 1
+mwe.st, 1
+mwezi.org, 1
+mwhcp.org.au, 1
+mwicescholarship.com, 1
+mwinds.tk, 1
+mwlcouriers.com, 1
+mwmopd.gov, 1
+mwms.nl, 1
+mwnonline.net, 0
+mwohlfarth.de, 1
+mwork.tech, 1
+mwpromotion.fr, 1
+mwr.team, 1
+mwscouts.org, 1
+mwskwong.com, 1
+mwstrategicservices.com, 1
+mwtj.com, 1
+mwtown.gov, 1
+mwu.dk, 1
+mwv2wle.club, 1
+mww.moe, 1
+mx-moto.fr, 0
+mx-quad.fr, 0
+mx-solutions.net, 1
+mx.org.ua, 1
+mx.search.yahoo.com, 0
+mx310.jp, 1
+mx5international.com, 1
+mxawei.cn, 1
+mxdanggui.org, 1
+mxdvl.com, 0
+mxes.net, 1
+mxgateway.eu, 1
+mxii.eu.org, 1
+mxin.ltd, 1
+mxn8.com, 1
+mxtm.de, 1
+mxtsoluciones.com.mx, 1
+my-aftershave-store.co.uk, 1
+my-azov.tk, 1
+my-best-wishes.com, 1
+my-bratsk.tk, 1
+my-calend.ru, 1
+my-carrent.de, 1
+my-cars.tk, 1
+my-clubpenguin.tk, 1
+my-contract.ch, 0
+my-contract.info, 0
+my-contract.net, 0
+my-coordinates.com, 1
+my-darkon.ru, 1
+my-demo.co, 1
+my-digital.fr, 1
+my-dns.co.il, 1
+my-documentforce.com, 1
+my-education.tk, 1
+my-finance.tk, 1
+my-force-user-content.com, 1
+my-fuhui.com, 1
+my-gps-tracker.co.uk, 1
+my-health-homes.com, 1
+my-host.ovh, 1
+my-how-to-draw.com, 1
+my-hps.de, 1
+my-ifms.com, 1
+my-ip.work, 1
+my-itbk.de, 1
+my-kirov.tk, 1
+my-lightning-container.com, 1
+my-lightning.com, 1
+my-meal.nl, 1
+my-meteo.net, 1
+my-mobile-apps.com, 1
+my-montenegro.tk, 1
+my-new-bikini.de, 1
+my-nextcloud.at, 1
+my-optika.ru, 1
+my-pawnshop.com.ua, 0
+my-pharmacie.com, 1
+my-phone.tk, 1
+my-profile.org, 1
+my-road.de, 1
+my-salesforce-communities.com, 1
+my-salesforce-community-builder.com, 1
+my-salesforce-community-live-preview.com, 1
+my-salesforce-community-preview.com, 1
+my-salesforce-hub.com, 1
+my-salesforce-scrt.com, 1
+my-salesforce-sites.com, 1
+my-salesforce.com, 1
+my-salesforcescrt.com, 1
+my-sex-cam.com, 1
+my-static-demo-808795.c.cdn77.org, 1
+my-static-live-808795.c.cdn77.org, 1
+my-store.ch, 1
+my-stories.ml, 1
+my-story.ml, 1
+my-stuff-online.com, 1
+my-town.tk, 1
+my-tunisia.tk, 1
+my-visualforce.com, 1
+my-vulcanplatinum.xyz, 1
+my-vulkanplatinum.xyz, 1
+my-web.xyz, 1
+my-webcloud.at, 1
+my-website.top, 1
+my-woodcraft.com, 1
+my.cat, 1
+my.com.my, 1
+my.onlime.ch, 0
+my.urown.cloud, 1
+my.usa.gov, 1
+my1login.com, 1
+my4g.net, 1
+my4thtelco.com.sg, 1
+my4thtelco.sg, 1
+my630.org, 1
+my77.vip, 0
+myabakus.com, 1
+myacademiceducation.com, 1
+myaccount.google.com, 1
+myaccountview.net, 1
+myactivity.google.com, 1
+myafweb.com, 1
+myaggic.com, 1
+myairware.com, 1
+myakkatactical.com, 1
+myalliance.church, 1
+myalliancechurch.com, 1
+myalpine.shop, 1
+myalsadd.tk, 1
+myalumil.com, 1
+myamend.com, 1
+myamihealth.com, 1
+myandre.tk, 1
+myandroidfriend.ml, 1
+myanimelist.net, 1
+myanimo.ml, 1
+myanmar-responsiblebusiness.org, 1
+myanmar.gov.mm, 1
+myapexcard.com, 1
+myappworx.com, 1
+myaquariumclub.com, 1
+myaquaterra.tk, 1
+myareaf2a.com, 1
+myarentcar.com, 1
+myarticlelibrary.cf, 1
+myarticles.io, 1
+myartsjournal.com, 1
+myasb.club, 1
+myathena.ai, 1
+myauto.ml, 1
+mybaby.bg, 1
+mybags.cf, 1
+mybakkupakku.com, 1
+mybank.com, 1
+mybaran.tk, 1
+mybarcelona.tk, 1
+mybathroom.tk, 1
+mybb.com, 1
+mybb.de, 1
+mybbcode.tk, 1
+mybeancloud.co.za, 1
+mybeautyjobs.de, 1
+mybestbook.tk, 1
+mybestbooks.gq, 1
+mybestteam.tk, 1
+mybicc.org, 1
+mybieo.com, 1
+mybigplunge.com, 1
+mybillie.com, 1
+mybirds.tk, 1
+mybisnis.tk, 1
+mybizzmail.com, 1
+mybloggedlife.com, 1
+myblogwire.org, 1
+myblueprints.org, 1
+mybon.at, 0
+mybon.online, 1
+mybookbee.com, 1
+myboostport.com, 1
+myboothang.com, 1
+myborder.ru, 1
+mybotti.eu, 1
+myboxing.tk, 1
+mybpstar.com, 1
+mybrand.nl, 1
+mybrb.com, 1
+mybreakwatertower.com, 1
+mybritney.tk, 1
+mybro.tv, 1
+mybrokenheart.tk, 1
+mybsms.gr, 1
+mybts.fr, 1
+mybubbleteashop.com, 1
+mybuddytheplumberparkcity.com, 1
+mybudgetapp.com, 1
+mybuildingcertifier.com.au, 1
+mybupa.com.au, 1
+mycaelis.fr, 1
+mycalifornialemonlaw.com, 1
+mycam.gq, 1
+mycandylove.com, 1
+mycardplace.com, 1
+mycarecorner.net, 1
+mycarecrew.co, 1
+mycarinsurance123.com, 0
+mycarwashers.com, 1
+mycase.com.ua, 1
+mycats.tk, 1
+mycaviste.com, 1
+mycbils.uk, 1
+mychamberlain.co.nz, 1
+mychamberlain.com, 1
+mychamberlain.com.au, 1
+mychamberlain.eu, 1
+mychawinda.cf, 1
+mychemromance.tk, 1
+mychestzilla.com, 0
+mychicken.info, 1
+mychicken.nl, 1
+mychildatschool.com, 1
+mycigna.com.hk, 1
+mycinema.pro, 1
+mycircleworks.com, 1
+myclang.com, 1
+myclgnotes.com, 1
+myclimate.com, 1
+myclinicalstudybuddy.com, 1
+myclon.tk, 1
+mycloud-system.com, 1
+mycloudbits.me, 1
+mycloudhome.site, 1
+mycloudhome.top, 1
+mycloudhome.xyz, 1
+mycloudkey.net, 1
+mycloudsaas.com, 1
+mycloudsoftware.com.br, 1
+mycodes.com.au, 1
+mycofairtrade.com, 0
+mycoins.gallery, 1
+mycoldjet.com, 1
+mycollegebag.in, 1
+mycolo.gq, 1
+mycolorado.gov, 1
+mycommerce.tk, 1
+mycompanion.cz, 1
+mycompanysite.host, 1
+myconan.net, 1
+myconan.tk, 1
+myconcorde.fr, 1
+myconf.com, 1
+myconf.es, 1
+myconf.uk, 1
+myconferencion.tk, 1
+myconnection.ie, 1
+myconradsiegel.com, 1
+myconsultingresources.com, 1
+mycontactacuvue.fr, 0
+mycontactopticien.fr, 0
+mycontrolmonitor.com, 1
+mycoordinates.xyz, 1
+mycopa.com, 1
+mycounterstrike.ru, 1
+mycr.eu, 1
+mycreativeartsconsulting.com, 1
+mycreditcardcenter.com, 1
+mycreditjunkie.com, 1
+mycreditunion.gov, 1
+mycredy.com, 1
+mycrm.coach, 0
+mycrowdstack.com, 1
+mycrypnet.io, 1
+mycts.org, 1
+mycues.gov, 1
+mycumortgage.com, 1
+mycutebee.com, 1
+mycyberspace.tech, 1
+mydabb.com, 1
+mydais.org, 1
+mydarkness.cf, 1
+mydarksite.tk, 1
+mydarkstar.net, 1
+mydarwin.co.uk, 1
+mydataprotected.com, 1
+mydating.be, 1
+mydaxio.com, 1
+mydaymark.com, 1
+mydaywebapp.com, 1
+mydeardreams.com, 1
+mydebian.in.ua, 1
+mydedicatedservice.ca, 1
+mydedicatedservice.com, 1
+mydegreeroute.com, 1
+mydentalplan.gr, 1
+mydentist.co.uk, 0
+mydenverhomesource.com, 1
+mydesignrules.com, 1
+mydestiny.tk, 1
+mydetailbox.com, 1
+mydigitalexperience.fr, 1
+mydigitalnation.com, 1
+mydirtysexstories.com, 1
+mydisabilitymatters.com, 1
+mydisabilitymatters.org.au, 1
+mydisco.tk, 1
+mydistance.tk, 1
+mydlonline.be, 1
+mydnshost.co.uk, 1
+mydoc.fr, 1
+mydocserve.com, 1
+mydoggyadvisor.com, 1
+mydogispolite.tk, 1
+mydogtrainingcollar.com, 1
+mydolls.ml, 1
+mydomaindesk.com, 1
+mydomen.ml, 1
+mydoxod.tk, 1
+mydreamlifelab.com, 1
+mydreamshaadi.in, 1
+mydrnetvpn.tk, 1
+mydroneservices.ca, 1
+mydroneservices.com, 1
+mydslwebstats.co.uk, 1
+mydsomanager.com, 1
+myduffyfamily.com, 1
+mydx.ru, 1
+myeasybooking.de, 1
+myebony.cam, 1
+myecms.com, 1
+myedcreview.cf, 1
+myeditclub.ml, 1
+myedu.ga, 1
+myedu.gq, 1
+myeducationhub.tk, 1
+myedumundo.com, 1
+myeisenbahn.de, 1
+myekon.com, 1
+myelebest.ga, 1
+myelka.tk, 1
+myelucidation.com, 1
+myemailadd.net, 1
+myemailsender.tk, 1
+myeml.net, 1
+myenemy.tk, 1
+myenglish.tk, 1
+myensolofts.com, 1
+myentspecialist.sg, 1
+myepass.bg, 1
+myepass.de, 1
+myeriri.com, 1
+myers.house, 1
+myersking.com, 1
+myessaydoc.com, 1
+myessaygeek.com, 1
+myetherwallet.com, 1
+myeventstation.com, 1
+myevive.com, 1
+myexams.nl, 1
+myf.cloud, 1
+myface.pt, 1
+myfae.eu, 1
+myfamilyancestry.tk, 1
+myfamilyfirsthc.com, 1
+myfancyurl.tk, 1
+myfantasysportstalk.com, 1
+myfavmessage.cf, 1
+myfavorite.com.tw, 1
+myfdic.gov, 1
+myfi24.ru, 1
+myfiladelfia.com, 1
+myfile.gq, 1
+myfinance.co.nz, 1
+myfinverse.com, 1
+myfinx.bh, 1
+myfinx.io, 1
+myfirenet.com, 0
+myfirstchessclub.com, 1
+myfishpalace.at, 1
+myfitnessbenefit.com, 1
+myfitnesscare.com, 1
+myflatfinders.com, 1
+myflightrefund.com, 1
+myfloridacfo.gov, 1
+myfloridadeferredcomp.com, 1
+myfloridahouse.gov, 1
+myfloridarealty.com, 1
+myfloridarx.gov, 1
+myformatconverter.com, 0
+myfortdodge.com, 1
+myforum.community, 1
+myfreespiritpointscard.com, 1
+myfrenchtattoo.fr, 1
+myfsb.bank, 1
+myfuhui.com, 1
+myfunworld.de, 1
+myfursona.com, 1
+myfutanari.com, 1
+myfutureself.com.au, 1
+myfuturewebsite.co.uk, 1
+myfxbook.com, 1
+myfxcm.com, 1
+myg21.com, 1
+mygadgetguardian.lookout.com, 0
+mygallery.homelinux.net, 1
+mygameconsole.tk, 1
+mygaming.news, 1
+mygate.at, 0
+mygaypornstarlist.com, 1
+mygaysitges.com, 1
+mygd.org, 1
+mygear.live, 1
+mygedit.com, 1
+mygedit.info, 1
+mygedit.net, 1
+mygedit.org, 1
+mygeek.tk, 1
+mygeek911.com, 1
+mygeneral.org, 1
+mygeorgia.org, 1
+mygeotrip.com, 1
+mygermanuniversity.com, 1
+mygest.me, 1
+myggkungen.se, 1
+mygigabitnation.com, 1
+mygignation.com, 1
+mygilehery.tk, 1
+mygimp.tk, 1
+mygirlfriendshouse.com, 1
+myglobalopti.nl, 1
+mygnmr.com, 1
+mygobelin.tk, 1
+mygolod.com, 1
+mygomel.tk, 1
+mygov.scot, 1
+mygreatjob.eu, 1
+mygreatlakes.org, 1
+mygreatwebsite.co.uk, 1
+mygreencloset.com, 1
+mygreenrecipes.com, 1
+mygretchen.de, 1
+mygrodno.tk, 1
+mygtcup.co, 1
+mygymer.ch, 1
+myhabitshop.com, 1
+myhappiness.tk, 1
+myhealthchecked.com, 0
+myhealthcheckup.ca, 1
+myhealthcheckup.com, 1
+myhealthsquad.ca, 1
+myhealthyday.com, 1
+myhelcim.com, 1
+myhell-anonim.tk, 1
+myhelo.com, 1
+myhermes.co.uk, 1
+myhfstar.com, 1
+myhkweb.tk, 1
+myhmz.bid, 1
+myhollywoodnews.com, 1
+myhome-24.pl, 1
+myhoor.ga, 1
+myhostname.net, 1
+myhotel.sk, 1
+myhotgirls.ml, 1
+myhouse-ne.co.uk, 1
+myhouse.rocks, 1
+myhousestats.com, 1
+myhub.eu.org, 1
+myhurlburt.marketing, 1
+myhuthwaite.com, 1
+myibidder.com, 1
+myibp.ph, 1
+myicare.org, 1
+myid.be, 1
+myigetit.com, 1
+myimg.cn, 1
+myimmitracker.com, 1
+myinfoenter.tk, 1
+myinjuryattorney.com, 1
+myinsiderplus.com, 1
+myinstapy.ru, 0
+myinsurancesource.com, 1
+myintegrativehealthcenters.com, 1
+myinternist.com, 1
+myintimtoys.com, 1
+myinvestinglife.com, 1
+myinvisibleknapsack.com, 1
+myip.com.tw, 1
+myip.solutions, 1
+myireland.io, 1
+myisolved.com, 1
+myitworks.co.za, 1
+myjbn.org, 1
+myjobsearchengine.com, 1
+myjudo.net, 1
+myjumparoo.co.uk, 1
+myjumpsuit.de, 1
+myjuvelirika.ru, 1
+mykarelia.ga, 1
+mykarelia.tk, 1
+myke.website, 1
+mykelseyonline.com, 1
+mykill.pl, 1
+mykitchen.gq, 1
+mykolhoz.tk, 1
+mykonos-island.tk, 1
+mykontool.de, 1
+mykoreankitchen.com, 1
+mykukun.com, 1
+mykumedir.com, 1
+mykurgan.tk, 1
+mykursumlija.tk, 1
+mylabaih.com, 1
+mylacera.gov, 1
+mylastchapter.tk, 1
+mylatestnews.org, 1
+mylawer.ga, 1
+myld.be, 1
+mylearners.vic.gov.au, 1
+myled.ml, 1
+mylegacyvip.com, 1
+mylene-chandelier.me, 1
+mylever.com, 1
+mylfca.com, 1
+mylifeabundant.com, 1
+mylifeinbalance.be, 1
+mylifesphotograph.com, 1
+myliftmaster.com, 1
+myliftmaster.eu, 1
+mylight.tk, 1
+myline.cf, 1
+mylisting.club, 1
+mylittlechat.ru, 1
+mylittleforum.ml, 1
+mylittlegrocer.co.uk, 1
+mylittlegrocer.com, 1
+mylittlewallpaper.com, 1
+mylittlewizard.fr, 1
+myliveupdates.com, 1
+myload.ch, 1
+myloan.hk, 1
+myloanmanager.com, 1
+mylobster.ml, 1
+mylocalairconditioning.com.au, 1
+mylocality.shop, 1
+mylocalmortgage.co.uk, 1
+mylocraft.tk, 1
+myloneworkers.com, 1
+mylotto.co.nz, 1
+mylover.be, 1
+mylrd.xyz, 1
+mylstrom.com, 1
+myltfilm.tk, 1
+myltivarka.ml, 1
+mymagic.ml, 1
+mymagnifi.org, 1
+mymailboxpro.cf, 1
+mymailspace.ml, 1
+mymaineconnection.gov, 1
+mymanagement.ml, 1
+mymarket.com.hk, 1
+mymartinbeckeropenhab.de, 1
+mymartinbeckeropenhab.eu, 1
+mymartinhalchiado.com, 1
+mymartinhalresidences.com, 1
+mymb.pm, 1
+mymcc.gift, 1
+mymdindia.com, 1
+mymdtaxes.gov, 1
+mymed.de, 1
+mymed.eu, 1
+mymedia.gotdns.com, 1
+mymediabox.com, 1
+mymerlin.co.nz, 1
+mymerlin.com.au, 1
+mymesra.com.my, 1
+mymixtapez.com, 1
+mymkphotography.com, 1
+mymo.in.th, 1
+mymommyworld.com, 1
+mymoneycoin.ml, 1
+mymonture.com, 1
+mymoretrip.com, 1
+mymotor.nl, 1
+mymovein.com, 1
+mymsr.de, 0
+mymun.com, 1
+mymun.net, 1
+mymusiclist.alwaysdata.net, 1
+mymusique.tk, 1
+mymx.lu, 0
+mynak.se, 1
+mynameistavis.com, 1
+mynametags.ae, 1
+mynametags.be, 1
+mynametags.com, 1
+mynametags.com.br, 1
+mynametags.fr, 1
+mynametags.ie, 1
+mynametags.it, 1
+mynametags.mt, 1
+mynametags.nl, 1
+mynametags.pt, 1
+mynas.ovh, 0
+mynaturalmood.es, 1
+mynaturebox.com, 0
+mynaughtyalbum.com, 1
+mynavi-kaigo.jp, 1
+myndcommunication.com, 1
+myndighetermeddnssec.se, 1
+myndighetermedipv6.se, 1
+mynerva.io, 1
+mynetblog.com, 1
+mynetflow.com, 1
+mynetpay.be, 1
+mynetworkingbuddy.com, 1
+mynewhorizons.shop, 1
+mynewsfit.com, 1
+mynewsinc.org, 1
+mynext.events, 1
+mynextmove.org, 1
+mynic.my, 1
+mynimo.com, 1
+mynissan.ml, 1
+myniveshak.com, 1
+mynjhelps.gov, 1
+mynn.io, 0
+mynn.ml, 1
+mynook.info, 1
+mynr.ai, 1
+mynrg.gr, 1
+mynutrientcloud.com, 1
+myocci.net, 1
+myoctocat.com, 1
+myoddlittleworld.com, 1
+myodysi.com, 1
+myofficeconnect.co.uk, 1
+myokaloosa.gov, 1
+myonline.store, 1
+myonlinemovies.ga, 1
+myonlinevehicleinsurance.com, 1
+myopd.in, 1
+myorder-pg.com, 1
+myorders.co, 1
+myoregon.gov, 1
+myosana.nl, 1
+myotopie.de, 0
+myoueb.fr, 1
+myoukochou.com, 1
+myoutdooragent.com, 1
+myowncloud.ovh, 1
+myowncloud.pl, 1
+myownconference.com, 1
+myownconference.email, 1
+myowndisk.net, 1
+myowntutor.co.uk, 1
+mypaperdone.com, 1
+mypaperwriter.com, 1
+mypartnernews.com, 1
+mypathologos.gr, 1
+mypay.fr, 1
+mypcb.tk, 1
+mypeace.tk, 1
+mypenza.tk, 1
+mypeople.co.in, 1
+myperfecthome.ca, 1
+myperks.in, 1
+mypersonalpage.tk, 1
+mypetcloud.com, 1
+mypetitjob.fr, 1
+mypetsvetsltd.co.uk, 1
+mypharmjar.com, 1
+myphotogift.in, 1
+myphotonics.ml, 1
+myphotos.ga, 1
+myphotoshopbrushes.com, 1
+myphx311.gov, 1
+myphysiocoach.ch, 1
+mypillcard.com, 1
+mypiloteis.com, 1
+mypinellasclerk.gov, 1
+mypivcard.com, 1
+myplaceonline.com, 1
+mypnu.net, 1
+mypogljad.tk, 1
+mypornsnap.top, 1
+myportal.ga, 1
+myposters.tk, 1
+mypowerserg.ca, 1
+mypowerserg.com, 1
+mypowersergca.ca, 1
+mypress.mx, 1
+myprintcard.de, 1
+myproblog.com, 1
+myprofitweb.com, 1
+mypromocode.com, 1
+mypropertal.com, 1
+myproteinpal.co.za, 1
+myprotime.eu, 1
+myproxy.eu.org, 0
+mypskov.tk, 1
+mypsy.online, 1
+mypsychicreadings.tk, 1
+mypt3.com, 1
+mypvhc.com, 1
+myraboats.tk, 1
+myrandomtips.com, 1
+myrants.org, 1
+myrasp.eu, 1
+myrays.cloud, 1
+myraytech.net, 0
+myreadingmanga.info, 1
+myrealestateautomation.com, 1
+myrealestatemate.com.au, 1
+myred.net, 1
+myredserver.com, 1
+myref.net, 1
+myreferral.systems, 1
+myrekber.co.id, 1
+myremont.tk, 1
+myremotelogin.ddns.net, 1
+myrent.quebec, 1
+myrepubic.net, 1
+myrepubiic.net, 1
+myrepublc.net, 1
+myrepublic.asia, 1
+myrepublic.cf, 1
+myrepublic.cloud, 1
+myrepublic.com.cn, 1
+myrepublic.com.hk, 1
+myrepublic.com.kh, 1
+myrepublic.com.lk, 1
+myrepublic.com.my, 1
+myrepublic.com.ph, 1
+myrepublic.com.tw, 1
+myrepublic.eu.com, 1
+myrepublic.ga, 1
+myrepublic.gq, 1
+myrepublic.icu, 1
+myrepublic.in, 1
+myrepublic.limited, 1
+myrepublic.lk, 1
+myrepublic.ml, 1
+myrepublic.mobi, 1
+myrepublic.my, 1
+myrepublic.net, 1
+myrepublic.net.au, 1
+myrepublic.nz, 1
+myrepublic.ph, 1
+myrepublic.rocks, 1
+myrepublic.run, 1
+myrepublic.tk, 1
+myrepublic.tv, 1
+myrepublic.tw, 1
+myrepublic.us.com, 1
+myrepublic.xyz, 1
+myrepublicau.com, 1
+myrepublicaus.com, 1
+myrepublicbroadband.com.au, 1
+myrepublicfibre.com.au, 1
+myrepublicgroup.com, 1
+myrepublicinternet.com.au, 1
+myrepublicltd.com, 1
+myrepublicmy.com, 1
+myrepublicnz.com, 1
+myrepublicsg.com, 1
+myrepublictelecom.com, 1
+myrepubllc.net, 1
+myresearchapp.com, 1
+myresearchtoolbox.net, 1
+myresidence.de, 1
+myrevery.com, 1
+myreviews.ga, 1
+myrevolution.in, 1
+myrewardspoints.com, 1
+myria.com, 1
+myriad.com, 1
+myriadique.com, 1
+myriadlex.com.tw, 1
+myriadof.com, 1
+myrig.com, 1
+myrig.net, 1
+myrom.tk, 1
+myrotvorets.center, 1
+myrotvorets.news, 1
+myrp.co, 1
+myrtlebeachdogtrainers.com, 1
+myruststats.com, 1
+myrvog.net, 1
+myrvogna.net, 1
+myrxplans.com, 1
+mys.gov.sd, 1
+mysa.tk, 1
+mysafetygear.co.za, 1
+mysafeway.com, 1
+mysaldo.info, 1
+mysam.net, 1
+mysantanderpension.co.uk, 1
+mysavvastraining.com, 1
+mysavvywallet.com, 1
+mysaymk.tk, 1
+mysbaccoach.com, 1
+mysber.ru, 1
+mysbi.tk, 1
+myschool.edu.au, 1
+myschoolitaly.com, 1
+myschoolphoto.org, 1
+myschools.nyc, 1
+mysciencecloset.com, 1
+myseatime.com, 1
+mysecretstylist.ga, 1
+mysecurity.review, 1
+myseo.ga, 1
+myservicearl.com, 1
+myserviceportal.de, 1
+myservices.digital, 1
+myservik.ml, 1
+myseu.cn, 1
+mysexpedition.com, 1
+mysexvids.net, 1
+mysexycard.com, 1
+mysexydate24.com, 1
+myshenwang.tk, 1
+myshiftbid.com, 1
+myshikarpur.tk, 1
+myshowbiz.tk, 1
+mysidekick.io, 1
+mysignal.com, 1
+mysill.gr, 1
+mysilvershield.com, 1
+mysisterandi.co.za, 1
+mysites.guru, 1
+mysitex.com, 1
+myslc.gov, 1
+mysmartloan.ca, 1
+mysmmstore.com, 1
+mysmmstore.in, 1
+mysmsapp.cn, 1
+mysociallinks.org, 1
+mysociety.ml, 1
+mysockfactory.ch, 1
+mysockfactory.com, 1
+mysoundtalks.com, 0
+mysourceofhealth.com, 0
+myspeedcash.com, 1
+myspicer.com, 1
+mysports.com, 1
+mysql-real-escape-string.xyz, 1
+mysqldump-secure.org, 1
+myssl.com, 1
+mystaffonline.com, 1
+mystagic.cloud, 1
+mysteriouscode.com, 1
+mysteriouscode.io, 1
+mysteriousmind.com.au, 1
+mystery-box.cf, 1
+mystery-science-theater-3000.de, 0
+mysterybeer.nl, 1
+mysteryboxinc.com, 1
+mysteryfun.house, 1
+mysterymind.ch, 0
+mysteryshow.site, 1
+mystex.me, 1
+mystgames.tk, 1
+mystia.org, 1
+mystic-falls.tk, 1
+mystic-welten.de, 1
+mysticalroseschoolofcaloocan.com, 1
+mysticexperience.com, 1
+mysticmedia.net, 1
+mysticmine.shop, 1
+mysticrealm.tk, 1
+mystiko.eu, 1
+mystinkefinger.de, 1
+mystock911.com, 1
+mystoeckel.de, 1
+mystorage.work, 1
+mystore24.us, 1
+mystorydoctor.com, 1
+mystorymonster.com, 1
+mystown.org, 1
+mystream.com, 1
+mystreet.ga, 1
+mystrength.com, 1
+mystrix-esports.eu, 1
+mystudy.me, 1
+mystudycart.com, 1
+mystudymap.tk, 1
+mystyk.art, 1
+mystylion.com, 1
+mysupplements.ga, 1
+mysurfhostel.com, 0
+myswabi.tk, 1
+myswimmingclub.uk, 1
+myswitchelectric.com, 1
+myswooop.de, 1
+mytamarin.com, 1
+mytana.com, 1
+mytanningcompany.com, 1
+mytaratata.com, 1
+mytc.fr, 1
+myte.ch, 1
+mytea.life, 1
+mytecheg.com, 1
+mytefl.com, 1
+mytests.tk, 1
+mytfg.de, 1
+mythen-fonds.ch, 1
+mythenfonds.ch, 1
+mytherapist.com, 1
+mythicdelirium.com, 1
+mythiqueamerique.fr, 0
+mytime.fr, 1
+mytime.gl, 1
+mytimer.tk, 1
+myting.net, 1
+mytntware.com, 1
+mytoncityut.gov, 1
+mytraiteurs.com, 1
+mytraning.cf, 1
+mytransmissionexperts.com, 1
+mytravelblog.de, 1
+mytravelguide.tk, 1
+mytravelresearch.com, 1
+mytreasury.gov, 1
+mytrendiya.com, 1
+mytrialist.org, 1
+mytribus.com, 1
+mytrinity.com.ua, 1
+mytripcar.co.uk, 1
+mytroc.pro, 1
+mytruecare.org, 1
+mytrustadviser.com, 1
+mytty.net, 1
+mytuleap.com, 1
+mytun.com, 1
+myturf.com.au, 0
+mytuzla.tk, 1
+mytwilight.tk, 1
+myunitard.uk, 1
+myunitypoint.org, 1
+myunraid.ru, 1
+myupdatestudio.com, 1
+myupdatesystems.com, 1
+myupdateweb.com, 1
+myusagepayments.com, 1
+myvaccinefl.gov, 1
+myvacompany.com, 1
+myvalleymarketing.com, 1
+myvawic.org, 1
+myvcc.ru, 1
+myvegasadvisor.com, 1
+myveronanj.com, 1
+myvet.ie, 1
+myviewboard.com, 1
+myvoipnews.com, 0
+myvologda.tk, 1
+myvotect.gov, 1
+myvpl.com, 1
+myvulcan-platinum.ru, 1
+myvulkanplatinum.xyz, 1
+mywalletcrypto.cf, 1
+mywapforum.ga, 1
+mywari.com, 1
+myweb360.de, 1
+mywebexperience.gq, 1
+mywebinar.com, 1
+mywebinar.io, 1
+mywebpanel.eu, 1
+mywebpanel.nl, 1
+mywebpharmacy.tk, 1
+mywebserver.ml, 1
+myweightlosstips.tk, 1
+mywifiext.net, 1
+mywihomes.com, 1
+mywikis.net, 1
+mywindscreen.my, 1
+mywish.co.il, 1
+mywiwe.com.au, 1
+myworkboard.com, 1
+myworkfromhome.ml, 1
+myworkplaceperks.ca, 1
+myworkplaceperks.com, 1
+myworldbbs.tk, 1
+myworth.com.au, 1
+mywrecklawyer.com, 1
+mywulcanplatinum.xyz, 1
+mywulkanplatinum.xyz, 1
+myxnr.com, 1
+myxt.net, 1
+myxxxsite.tk, 1
+myyoutubepage.tk, 1
+myzarabot.tk, 1
+myzina.cz, 0
+myzoetrope.com, 1
+mz-mz.net, 1
+mza.com, 1
+mzademiryolu.com, 1
+mzcsgo.top, 1
+mzflirt.de, 1
+mzitu.com, 1
+mzlive.eu, 1
+mzlog.win, 1
+mzmtech.com, 1
+mzorn.photography, 0
+mzplumber.com, 1
+mzr.jp, 1
+mzri.ru, 1
+mzrme.top, 1
+mzstatic.cc, 1
+mztmzt.com, 1
+mzyxsl.top, 1
+n-a-railways.com, 1
+n-cis.ru, 1
+n-design-service.de, 1
+n-design.de, 1
+n-doc.com, 1
+n-doc.de, 1
+n-gram.it, 1
+n-laboratory.jp, 0
+n-linear.org, 1
+n-m.lu, 1
+n-man.info, 1
+n-metz.de, 1
+n-tennis.fr, 1
+n-un.de, 0
+n.tt, 1
+n0099.net, 1
+n0paste.tk, 0
+n1.homes, 1
+n15.org, 1
+n16.co, 1
+n1co68.freeboxos.fr, 1
+n1mp.org, 1
+n26.com, 1
+n29.co, 0
+n2diving.net, 1
+n2o.io, 1
+n2ray.xyz, 1
+n2z.net, 1
+n36533.com, 1
+n37.co, 1
+n3rd.eu, 1
+n3rd0rama.tk, 1
+n3t.ch, 1
+n4mullingartolongford.ie, 1
+n4zm.com, 1
+n5197.co, 1
+n61roscommon.ie, 1
+n6729.co, 1
+n6729.com, 0
+n6957.co, 1
+n7.education, 1
+n8.gay, 1
+n82365.com, 1
+n87pedia.tk, 1
+n888ok.com, 1
+n8ch.net, 1
+n8mgt.com, 1
+n8nvi.com, 1
+n8s.jp, 1
+n8solutions.biz, 1
+n8solutions.host, 1
+n8solutions.net, 1
+n8solutions.us, 1
+n8ta.com, 1
+n9297.co, 1
+n95.news, 1
+n95s.icu, 1
+n95s.tech, 1
+n9721.com, 0
+n9728.co, 1
+na-agency.com, 1
+na-kipre.tk, 1
+na-school.nl, 1
+na.nl, 1
+na1.nl, 1
+naacam.org.za, 1
+naahgluck.de, 1
+naamlint.nl, 1
+naano.org, 1
+naap.tk, 1
+naarenaa.tk, 1
+naaronstoe.nl, 1
+nab-services.ml, 1
+nabaleka.com, 1
+nabc.com.au, 1
+nabeer.ga, 1
+nabeez.cf, 1
+nabidka.net, 1
+nabidkydnes.cz, 1
+nabiev.tk, 1
+nabitrix.tk, 1
+nabokov.tk, 1
+naboplastic.com, 1
+nabosoft.tk, 1
+nabytek-valmo.cz, 1
+nabzgroup.com, 1
+nac-6.fr, 1
+nac.gov.pl, 1
+nacfit.com, 1
+nachalniku.cf, 1
+nachalniku.ga, 1
+nachalniku.gq, 1
+nachalniku.ml, 1
+nachalniku.tk, 1
+nachalosbog.bg, 1
+nachalova.tk, 1
+nachbar.chat, 1
+nachdenken-erlaubt.de, 1
+nachoblanco.tk, 1
+nachovni.org, 1
+nachsendeauftrag.net, 0
+nachsenden.info, 1
+nachtmuziek.info, 1
+nacin.com, 1
+nacionale.com, 1
+nacionaltelha.com.br, 1
+nackwallpapers.ml, 1
+nacnkabiltrim.cf, 1
+nacocu.cf, 1
+nacom.tk, 1
+nacoree.ga, 1
+nacres.tk, 1
+nacsonline.tk, 1
+nacua.org, 1
+nacudeck.com, 1
+nacyklo.cz, 1
+nad-r.com, 1
+nada-photo.fr, 1
+nada.com, 1
+nada.org, 1
+nadache.info, 1
+nadacnifondacr.cz, 1
+nadaquenosepas.com, 1
+naddi.org, 1
+nadejeproninu.cz, 1
+nadelholzkulturen.de, 1
+nadex.com, 1
+nadezhda.ml, 1
+nadiafourcade-photographie.fr, 1
+nadilo.com.br, 1
+nadine-birkner.de, 1
+nadine-chaudier.net, 1
+nadinecays.com, 1
+nadinethings.gq, 1
+nadir.tk, 1
+nadjabenaissa.tk, 1
+nadjasummer.com, 1
+nadlan.immo, 1
+nadlerdentistry.com, 1
+nadoba-msk.ru, 1
+nadomna-rabota.tk, 1
+nadoske.info, 1
+nadsandgams.com, 1
+naduvilathu.tk, 1
+nadyaolcer.fr, 1
+naec.ge, 1
+naeemsafdar.net, 1
+naehenfuerwahrekleinehelden.de, 1
+naehtalente.de, 1
+naemnuk.tk, 1
+nafco-online.com, 1
+nafconnexus.com, 1
+nafezly.com, 1
+nafhomes.com, 1
+nafhroaviano.com, 1
+nafilia.com, 1
+nafod.net, 1
+nag.org.au, 1
+naga-semi.com, 1
+naga-wedding.tk, 1
+naga.com, 1
+naga.gq, 1
+naganoziotech.com, 1
+nagaragem.com.br, 1
+nagashi.ma, 0
+nagato.tk, 1
+nagaya.biz, 1
+nagb.gov, 1
+nagb.org, 1
+nagel-dentaltechnik.de, 1
+nageler.org, 1
+nagelfam.com, 1
+nagelideeen.ml, 1
+naggie.net, 1
+nagoonline.com, 1
+nagoya.tk, 1
+nagpurinstar.tk, 1
+nagrad.tk, 1
+nagya.com, 1
+nagya.eu, 1
+nagya.net, 1
+nagyandras.com, 1
+nagyandras.eu, 1
+nagyandras.net, 1
+nagybotond.com, 0
+nah.nz, 1
+nah.re, 1
+naheulcraft.be, 1
+nahman.tk, 1
+nahouw.net, 1
+nahrag.tk, 1
+nahrung.de, 1
+nahs-classof1972.com, 1
+nahtanoj.tk, 1
+nahttps.tk, 1
+nahue.ar, 1
+nahue.com.ar, 1
+nahura.com, 1
+nai-job.jp, 1
+naia.me, 1
+naide.ee, 1
+naidoc.org.au, 1
+naifix.com, 1
+naijabeat.com, 1
+naijapower.com, 1
+naijaretro.com, 0
+naijaxnet.com.ng, 1
+naijmobile.com, 1
+naika.clinic, 1
+nailartstudio.it, 1
+nailattitude.ch, 0
+nailchiodo.com, 1
+nailclub.tk, 1
+naildesignsjournal.com, 1
+nailmoscow.ru, 1
+nails-n-more.be, 1
+nailsart.roma.it, 1
+nailshop.gq, 1
+nailsmania.ua, 1
+nailspafinder.com, 1
+naim.tk, 1
+nairamine.org, 1
+nairobibusinessreview.com, 1
+nairus.com.br, 1
+nais.org, 1
+najany.de, 1
+najany.dk, 1
+najany.nl, 1
+najany.se, 1
+najarkadeh.com, 1
+najbezpieczniejsze.pl, 1
+najdou.cz, 1
+naji-astier.com, 1
+najprzepis.pl, 1
+najrecept.sk, 1
+najwamall.my.id, 1
+naka.io, 1
+nakaci.de, 1
+nakacide.com, 1
+nakada-shika.com, 1
+nakada4610.com, 1
+nakagawa-d.co.jp, 1
+nakagawa-s.jp, 1
+nakahama-dental.com, 1
+nakajima-kawara.com, 1
+nakalabo.jp, 1
+nakama.tv, 1
+nakamastudios.com, 1
+nakamochi.io, 1
+nakanishi-paint.com, 1
+nakanocity-cashless.jp, 1
+nakarkhana.com, 1
+nakayama.industries, 1
+nakayamaresearch.com, 1
+nakazanie.ga, 1
+naked.pics, 1
+nakedalarmclock.me, 1
+nakedbigdickmen.com, 1
+nakedfacts.co.uk, 0
+nakedgirls247.xxx, 1
+nakedinkas.com, 1
+nakedmaturepics.com, 1
+nakedpussypics.com, 1
+nakedpussyvideos.com, 1
+nakedtruth.in, 1
+nakedwomenpics.com, 1
+nakenmodell.tk, 1
+nakib4tech.com, 1
+nakim.cf, 1
+nakin.tk, 1
+nakisa.com, 1
+nakka.ch, 1
+nakkati.tk, 1
+nakliyat.name.tr, 1
+nakliye.name.tr, 1
+nakluky.cz, 1
+nako.blog, 1
+nako.kr, 1
+nako.no, 1
+naksquad.net, 1
+nakukata.com, 1
+nakupi.online, 1
+nakupnabytku.sk, 1
+nalanyinyun.top, 1
+naldydimpudus.com, 1
+nale-hosting.tk, 1
+nalepky-na-zed.cz, 1
+nalepte.cz, 1
+nalexandru.xyz, 1
+nalios.be, 1
+nalle.fi, 1
+nalles.net, 1
+nalresearch.com, 1
+nalsai.de, 0
+naltrexon.gq, 1
+nalukfitness.com.br, 1
+nalwin.cc, 1
+namaanakperempuan.net, 1
+namabank.com.vn, 1
+namacindia.com, 1
+namalelaki.com, 1
+namamala.com, 1
+namaperempuan.com, 1
+namastehomecooking.com, 1
+namastenaturo.fr, 1
+namastewestland.nl, 1
+namazon.org, 1
+namazvakitleri.com.tr, 0
+namclear.com.na, 1
+name.am, 1
+name.ax, 1
+namecoin.info, 1
+namecoin.org, 1
+namedb.ru, 1
+namegen.jp, 1
+namegrep.com, 1
+nameid.org, 1
+namepros.com, 1
+nameproscdn.com, 1
+namereel.com, 1
+nameserver.tk, 1
+nameshield.com, 1
+nameshield.net, 1
+namesmaker.com, 0
+namesnack.com, 1
+namespacesquatting.com, 1
+namestudio.com, 1
+namestudioapi.com, 1
+nametalent.com, 1
+namethatporn.com, 1
+namethissymbol.com, 1
+nametiles.co, 1
+namevirus.com, 1
+namevirus.net, 1
+namevirus.org, 1
+nami.bo, 1
+nami.exchange, 1
+nami.trade, 1
+namikawatetsuji.jp, 1
+naminam.de, 1
+namlcftc.gov.ae, 1
+nammont.com, 1
+namoro.com.pt, 1
+namozagy.com, 1
+namrs.net, 1
+namsbaekur.is, 1
+namskra.is, 1
+namu.la, 1
+namu.live, 1
+namu.moe, 1
+namu.news, 1
+namu.wiki, 1
+nan0.cloud, 1
+nanafeed.com, 1
+nanaimo.ca, 1
+nanaimoneighbourhoods.ca, 1
+nanaka.love, 1
+nanaya.net, 1
+nanboya.com, 1
+nancecountyne.gov, 1
+nanch.com, 1
+nanco.co.jp, 1
+nanco.jp, 1
+nancytelford.com, 1
+nancytutors.com, 1
+nancyzone.tk, 1
+nandajorna.nl, 1
+nandakumar.co.in, 1
+nandakumar.org, 1
+nandapanithota.xyz, 1
+nandedam.com, 1
+nandedbazar.tk, 1
+nandemo.tk, 1
+nandertga.ddns.net, 1
+nandi.tech, 1
+nandito.tk, 1
+nanfangstone.com, 1
+nange.cn, 1
+nangluongxanhbinhphuoc.com, 1
+nangwizard.net, 1
+nanhuimed.com, 1
+nanhuitop.com, 0
+naninossoftware.tk, 1
+nanjie.com.tw, 1
+nanjiyy.com, 1
+nankiseamansclub.com, 1
+nanmu.me, 1
+nannatextiles.com, 1
+nannatextiles.de, 1
+nannyandhousekeeper.uk, 1
+nannytax.ca, 1
+nano.com.au, 1
+nano.voting, 1
+nanoavionics.com, 1
+nanodynelabs.com, 1
+nanofate.tk, 1
+nanofy.org, 1
+nanogi.ga, 1
+nanogramme.fr, 0
+nanohatsolution.tk, 1
+nanohostsolution.cf, 1
+nanointeractive.cn, 1
+nanolet.ga, 1
+nanollet.org, 1
+nanomicron.eu, 1
+nanomusic.co.kr, 1
+nanopixel.ch, 1
+nanoport.jp, 1
+nanoprogress.pl, 1
+nanosek.pro, 1
+nanoshop.ml, 1
+nanospheres.tk, 1
+nanostetic.com, 1
+nanotechnologist.com, 1
+nanotechnologysolutions.com.au, 1
+nanotechtorsion.com, 1
+nanotipbot.tk, 1
+nanotrasen.org, 0
+nanovolt.nl, 1
+nanowallet.io, 1
+nansa.ch, 1
+nanubo.com, 1
+nanubo.de, 1
+nanwan.info, 1
+nanxin.xyz, 1
+nao.sh, 1
+naob.no, 1
+naocan.cf, 1
+naocan.ml, 1
+naosproject.eu, 0
+naotron.com, 1
+napareuli.eu, 1
+napavalleyregister.com, 1
+napcae.de, 1
+napervilleweather.com, 1
+naphex.rocks, 1
+napi.edu.ee, 1
+napidoktor.hu, 1
+napifilm.com, 1
+napikuponok.hu, 1
+napilol.ml, 1
+napisdata.us, 1
+napitok.tk, 1
+napituti.cf, 1
+napkins-wholesale.co.za, 1
+napkins-wholesale.com, 1
+napkins-wholesale.in, 1
+napkins-wholesale.nz, 1
+napkins-wholesale.uk, 1
+naplata.mk, 1
+naples.tk, 1
+naplestotalgarage.com, 1
+napnet.hu, 1
+napo.tk, 1
+napoleonoutlawed.tk, 1
+napolict.com, 1
+napolike.it, 1
+napolinissanctparts.com, 1
+napolitoday.it, 1
+napominanie.ml, 1
+napoveda.online, 1
+nappkassen.se, 1
+nappy.co, 1
+nappylaundry.ga, 1
+nappywashing.ga, 1
+naprapativast.se, 1
+naprawa-bazy-danych.pl, 1
+naprodukcji.xyz, 1
+napych.com, 1
+naql.om, 1
+naquebec.tk, 1
+nara.gov, 1
+naraboty.ga, 1
+narada.com.ua, 1
+naradiebosch.sk, 1
+naradiehusqvarna.sk, 1
+naradiemakita.sk, 1
+narafood.ro, 1
+naraku.cc, 1
+naranonsantabarbara.org, 1
+narardetval.se, 1
+narasi.tv, 1
+narayanahealth.org, 1
+narazaka.net, 1
+narcissism.tk, 1
+narcoticsanonymous.tk, 1
+narda-sts.com, 1
+nardamiteq.com, 1
+nardpedro.tk, 1
+narec.org, 1
+narek.tk, 1
+narela.com.mx, 0
+narenderchopra.com, 1
+narevapromotions.com, 1
+narfation.org, 1
+nargileciden.com, 1
+nargileh.nl, 1
+naric.com, 1
+narin.cf, 1
+narindal.ca, 1
+narindal.ch, 1
+naringslivsala.se, 1
+nariohtools.com, 1
+naris-grc.com, 1
+narkasa.com, 1
+narko-stop.org, 1
+narkocenter116.ru, 1
+narmafzar.tk, 1
+narmos.ch, 1
+naro.se, 1
+narodnaya-medizina.tk, 1
+narodniki.com, 1
+narodnyi-potolok.by, 1
+narodowyspispowszechny.pl, 1
+narodserial.cf, 1
+naroska.name, 1
+narrativasdigitais.pt, 0
+narrative.network, 1
+narrative.org, 1
+narrenverein-wolkenschieber.de, 1
+narrow.one, 1
+narthollis.net, 1
+nartkoc.com, 1
+nartlift.com, 1
+naruchnie-chasi.com, 1
+narushil-pdd.cf, 1
+narushil-pdd.ga, 1
+narushil-pdd.gq, 1
+narushil-pdd.ml, 1
+narushil-pdd.tk, 1
+naruto-best.tk, 1
+narutodelivery.com.br, 1
+narutolimits.tk, 1
+narutoshippuden.tk, 1
+narutoshow.tk, 1
+narutouzumaki.tk, 1
+nary-software.com, 1
+narzedziownia.top, 1
+nas-redes-sociais.com, 1
+nas.gov.ua, 1
+nasaacronyms.com, 1
+nasacxhacxha.org, 1
+nasarawanewsonline.com, 1
+nasavelkaceskoslovenskasvadba.eu, 1
+nasbi.pl, 1
+nascentmaker.com, 1
+naschart.com, 1
+naschenweng.info, 1
+naschenweng.me, 1
+naschtastisch.de, 1
+nascloud.be, 1
+nasdarq.com, 1
+nasecasomira.cz, 1
+nasedluhy.cz, 1
+naseehah.ga, 1
+nasehyar.ir, 1
+nash-dom.tk, 1
+nash-megagid.tk, 1
+nash-server.tk, 1
+nash-shishtavec.tk, 1
+nash2008.com, 1
+nasha-kahovka.tk, 1
+nashareklama.tk, 1
+nashc.net, 1
+nashfm.tk, 1
+nashfutbol.tk, 1
+nashidetki.tk, 1
+nashira.cz, 1
+nashjurist.tk, 1
+nashkrai.ga, 1
+nashsovetik.info, 1
+nashuaradiology.com, 1
+nashuarpc.gov, 1
+nashvillebasements.com, 1
+nashvilledowntown.com, 1
+nashvillelidsurgery.com, 1
+nashvilleplasticsurgery.com, 1
+nashvillesheriff.gov, 1
+nashwaukmn.gov, 1
+nashzhou.me, 1
+nasilbirsite.tk, 1
+nasimblog.tk, 1
+nasimsabz.com, 1
+nasirrezazi.tk, 1
+naslovi.net, 1
+nasme.tk, 1
+nasosvdom.com, 1
+nasosvdom.com.ua, 1
+nasr.mobi, 1
+nasrabady.tk, 1
+nasrsolar.com, 1
+nasrullaganjnews.tk, 1
+nassaucountyfl.gov, 1
+nassautrafficny.gov, 1
+nassconorfolk.com, 1
+nassi.me, 1
+nast.ro, 1
+nast.tk, 1
+nastationztv.com, 1
+nastjenka.tk, 1
+nastunya.tk, 1
+nastyapetrovaflorist.ru, 1
+nastycomics.eu, 1
+nastysclaw.com, 1
+nasvyazi.ga, 1
+naszymzdaniem.pl, 1
+nat-neocron.tk, 1
+nat.ac, 1
+nataez.tk, 1
+nataldigital.com, 1
+natalia-in-quebec.tk, 1
+natalia-shablo.ru, 1
+natalia-venezuela.tk, 1
+nataliaanderson.com.br, 1
+nataliapearl.com, 1
+nataliealba.net, 1
+nataliehershlag.tk, 1
+natalsentido.com, 1
+natanaelys.com, 1
+nataniel-perissier.fr, 1
+natarius.tk, 1
+natariusadvokat.ga, 1
+natasa-theodoridou.tk, 1
+natasabekvalac.tk, 1
+natasasavija.tk, 1
+nataschaskraamzorg.nl, 1
+natashacampos.com.br, 1
+natashacampos.nl, 1
+natashavaz.nl, 1
+natashki.tk, 1
+natbomusic.com, 1
+nate.sh, 1
+nateandxtina.wedding, 1
+natedoss.com, 1
+nategreen.org, 0
+natehobi.com, 1
+natelefon.tk, 1
+natenom.com, 1
+natenom.de, 1
+natenom.name, 1
+natenzia.fr, 1
+nateoster.com, 1
+natera.com, 1
+nates.tk, 1
+natesigal.com, 1
+natevolker.com, 1
+natflix.ch, 1
+natgo.xyz, 1
+nathalie-guillaumin.coach, 1
+nathaliedijkxhoorn.com, 1
+nathaliedijkxhoorn.nl, 1
+nathaliesadventure.eu, 1
+nathalieschaos.tk, 1
+nathan.ovh, 1
+nathan2055.com, 1
+nathanaeldawe.com, 1
+nathanbarry.com, 1
+nathancrank.com, 1
+nathancuendet.ch, 1
+nathanielknight.ca, 1
+nathanielparker.com, 0
+nathanielparker.de, 0
+nathanielparker.info, 0
+nathanielparker.org, 0
+nathanielsigal.com, 1
+nathankonopinski.com, 1
+nathanmfarrugia.com, 1
+nathanphoenix.com, 1
+nathansmetana.com, 1
+nathenmaxwell.tk, 1
+nathumarket.com.br, 1
+nation.net.pk, 1
+national-anime.com, 1
+national-shitposting.agency, 1
+national.co.ua, 1
+nationalacademic.nl, 1
+nationalaustriabank.com, 1
+nationalbank.gov, 1
+nationalbankhelp.gov, 1
+nationalbanknet.gov, 1
+nationalcybersecuritysociety.org, 1
+nationalemployertraining.co.uk, 1
+nationaleyecenter.id, 1
+nationalfleetparts.com, 1
+nationalgangcenter.gov, 1
+nationalgridrenewables.com, 1
+nationalhomequotes.com, 1
+nationaljobservice.com, 1
+nationalmall.gov, 1
+nationalmap.gov, 0
+nationalmower.com, 1
+nationalopera.ml, 1
+nationalpriorities.org, 1
+nationalresourcedirectory.gov, 1
+nationalservice.gov, 1
+nationaltestingnetwork.com, 1
+nationaltrails.ru, 1
+nationandfreedom.tk, 1
+nationslending.com, 1
+nationsreportcard.gov, 1
+nationwide.com, 1
+nationwideadvisory.com, 1
+nationx.tk, 1
+nativalab.com, 1
+native2ascii.net, 1
+nativemusicrecords.cf, 1
+nativeonestop.gov, 1
+nativeproductions.ml, 1
+natives-team.ch, 0
+nativetitle.org.au, 1
+nativitychurchnj.org, 1
+nativitynj.org, 1
+natlec.ch, 1
+natlec.com, 1
+natmal.net, 1
+nato-stamps.tk, 1
+natreningu.net, 1
+natrespro.com, 1
+natronaincident.gov, 1
+natronasheriff.gov, 1
+natropie.pl, 1
+nats-flop.tk, 1
+natty.sh, 1
+natualsmoke.com, 1
+natuerlichabnehmen.ch, 1
+natum.mx, 1
+natunion.ga, 1
+natur-care.com, 1
+natur-plus.tk, 1
+natur-seele.de, 1
+natur-udvar.hu, 1
+natur-und-kultur.de, 1
+natur.com, 1
+natura-sense.com, 1
+natura2000.tk, 1
+naturabuy.fr, 1
+naturalbeautyhacks.com, 1
+naturalbladdercontrol.tk, 1
+naturalcosmetics.cf, 1
+naturaldisasters.tk, 1
+naturalflowerpower.com, 1
+naturalkitchen.co.uk, 1
+naturallychildled.com, 1
+naturallyuncommon.com, 1
+naturalmentesinescuela.com, 1
+naturalreaders.com, 1
+naturalresources.wales, 1
+naturalstyle.tk, 1
+naturalwellnesssolutions.org, 1
+naturana.news, 1
+naturaprint.fr, 1
+naturart.pt, 1
+nature-avenue.com, 1
+natureandculture.org, 0
+natureclaim.com, 1
+naturedao.hk, 1
+natureexplorer.is, 1
+natureisland.tk, 1
+naturel.tk, 1
+naturelife.bg, 1
+naturelk.org, 1
+naturemeadows.in, 1
+naturesbest.co.uk, 1
+natureshealthandbody.com, 1
+naturesupply.eu, 1
+naturheilkunde-sabine-klein.de, 1
+naturheilpraxis-grauer.de, 1
+naturheilpraxis-oida.de, 1
+naturheilpraxis-p-grote.de, 1
+naturliga.tk, 1
+naturopath.tk, 1
+naturopatiasiddharta.com, 1
+naturparadies-rheinauen.de, 1
+naturschutz-holderbank.ch, 1
+naturvit.at, 1
+natusvita.com, 1
+natusvita.com.br, 1
+natuurinhuisheerenveen.tk, 1
+natuurkundegeflipt.nl, 1
+natuurlijk.tk, 1
+natuurlijkehaarkleuring.nl, 1
+natuurophaarmooist.nl, 1
+natuwa.com, 1
+natviehealthcare.com, 1
+natwest.com, 1
+natwestbusinesshub.com, 1
+natwestgroup.com, 1
+natwestinternational.com, 1
+naucountry.com, 1
+naude.co, 1
+naufalpanjwani.com, 1
+naughty.audio, 1
+naughtydog.com, 1
+nauris.fi, 1
+nauseainthemorning.ml, 1
+nausicaahotel.it, 1
+naut.ca, 1
+nautiboat.it, 1
+nauticlink.com, 1
+nautika.tk, 1
+nautiljon.com, 1
+nautiluslabs.com, 1
+nautilusoceanica.com, 1
+nautours.de, 1
+nautsch.de, 1
+nauz-art.com, 1
+nav.no, 1
+nava.org, 1
+navadebejar.tk, 1
+navajasdesupervivencia.es, 1
+navajocountysheriff.gov, 1
+navalarchitect.tk, 1
+navalkejigo.tk, 1
+navaneethnagesh.com, 1
+navarrete.tk, 1
+navasoft.com.tr, 1
+naveengranites.com, 1
+navegantesdelcosmos.ec, 1
+navegarea.tk, 1
+naveka.ga, 1
+navenlle.com, 1
+naviaddress.io, 1
+navidarian.tk, 1
+navienna.com, 1
+navient.com, 1
+navigo-inc.com, 1
+navigo.cc, 1
+navigo.global, 1
+navinka.com, 1
+navionhcs.com, 1
+navirefi.com, 1
+naviteq.eu, 1
+navkor.tk, 1
+navlnachekg.cz, 1
+navnet.ml, 1
+navoiyrapmafia.tk, 1
+navoto.com, 1
+navstevnik.sk, 1
+navycs.com, 1
+nawaf-blog.com, 1
+nawdar.tk, 1
+nawir.de, 1
+nawroth.info, 1
+nawt.pl, 1
+nax.io, 0
+naxcivan.tk, 1
+naxe.lv, 1
+naxsnaps.co.uk, 1
+nayanaas.com, 1
+nayankasturi.eu.org, 1
+nayapakistan.tk, 1
+nayatel.com, 1
+nayefalebrahim.com, 1
+naymai.com, 1
+nayna.tk, 1
+nayr.us, 1
+naz-sciaves.eu, 1
+nazarenohuelva.tk, 1
+nazarenoviso.tk, 1
+nazbol.tk, 1
+nazevfirmy.cz, 1
+nazimogluinsaat.com, 1
+nazmulislam.cf, 1
+nazuna.blue, 1
+nb.mba, 1
+nb.zone, 1
+nb6.de, 1
+nba-2k.com, 1
+nba-croatia.com, 0
+nba.christmas, 1
+nba.com.de, 1
+nba.de.com, 1
+nba.download, 1
+nba.gd, 1
+nba.gs, 1
+nba.gy, 1
+nba.hosting, 1
+nba.im, 1
+nba.live, 1
+nba.lu, 1
+nba.moe, 1
+nba.trade, 1
+nba.vc, 1
+nba.vg, 1
+nba2.com, 1
+nba2k.blog, 1
+nba2k.cc, 1
+nba2k.co, 1
+nba2k.download, 1
+nba2k.live, 1
+nba2k.net, 1
+nba2k.tw, 1
+nba2kcn.com, 1
+nba2kmods.com, 1
+nba2kmt.com, 1
+nba2kmy.team, 1
+nba2kol.com, 1
+nba2konline.com, 1
+nba2konlinex.com, 1
+nba2kqq.com, 1
+nba2kx.com, 1
+nbaac.org, 1
+nbad.al, 1
+nbadancers.com, 1
+nbadao.com, 1
+nbade.com, 1
+nbafile.com, 1
+nbagirls.com, 1
+nbaim.com, 1
+nbaimg.com, 1
+nbalivecn.com, 1
+nbalivex.com, 1
+nbao.ca, 1
+nbaot.org, 1
+nbapc.org, 1
+nbapwned.com, 1
+nbari.com, 1
+nbask.com, 1
+nbasky.com, 1
+nbaspot.com, 1
+nbavc.com, 1
+nbavg.com, 1
+nbayouxi.com, 1
+nbc.com.tr, 1
+nbc26.com, 1
+nbf.ae, 1
+nbfl.gov, 1
+nbgrp.org, 1
+nbhwj.com, 1
+nbib.gov, 1
+nbios.net, 1
+nbis.gov, 1
+nbit.com, 1
+nbl-forklift.com, 1
+nbm.gov, 1
+nbotvinnik.com, 1
+nbr.uno, 1
+nbrain.de, 1
+nbriresearch.com, 1
+nbrown.us, 1
+nbtc.com, 1
+nbwp.uk, 1
+nbx.com, 1
+nc-beautypro.fr, 1
+nc-formation.fr, 1
+nc-network.io, 1
+nc3rs.org.uk, 1
+ncadc.org, 1
+ncalculators.com, 1
+ncamarquee.co.uk, 1
+ncarmine.com, 1
+ncascade.com, 1
+ncastillo.xyz, 1
+ncat.tokyo, 1
+ncauditor.gov, 1
+ncbham.be, 1
+ncbon.gov, 1
+ncc-efm.com, 1
+ncc-efm.org, 1
+ncc-qualityandsafety.org, 1
+nccauto.gov.in, 1
+ncceh.ca, 1
+nccemail.net, 1
+ncchd.go.jp, 1
+nccny.com, 1
+nccoe.org, 1
+nccpa.net, 1
+ncdc.pt, 1
+ncdpi.gov, 1
+ncdwlq.space, 1
+ncea.net.au, 1
+nceahelp.com, 1
+ncedcloud.gov, 1
+ncegs.sk, 1
+ncem.gov, 1
+ncfireca.gov, 1
+ncgaming.gov, 1
+nch.com, 1
+nchaf-dynamic.gov, 1
+nchaf-static.gov, 1
+nchaf.gov, 1
+nchangfong.com, 0
+nchomeownerassistance.gov, 1
+nchrd.org, 1
+nci.com.es, 1
+ncic.gg, 1
+ncig.com.au, 1
+ncjdigital.com, 1
+ncjrs.gov, 1
+ncksrv.com, 1
+ncksrv.email, 1
+ncksrv.eu, 1
+ncksrv.net, 1
+ncksrv.nl, 1
+ncksrv.org, 1
+nclea.gov, 1
+nclf.net, 0
+ncli-design.com, 1
+ncloud.freeddns.org, 1
+ncmc.me, 1
+ncmedicaidplan.gov, 1
+ncmedicaidplans.gov, 1
+ncmms.gov, 1
+ncncs.com, 1
+ncommenuptial.tk, 1
+ncosc.gov, 1
+ncpc.gov, 1
+ncpimd001.spdns.de, 1
+ncpublichealth.info, 1
+ncpw.gov, 1
+ncr.pub, 1
+ncrjobs.in, 1
+ncrpay.com, 1
+ncrypt.ai, 1
+ncrypt.at, 1
+ncs-cleaning.dk, 1
+ncsbadvisors.gov, 1
+ncsbe-apps.gov, 1
+ncsc.gov.uk, 1
+ncsccs.com, 1
+ncshp.gov, 1
+ncsis.gov, 1
+ncsparta.gov, 1
+ncswa-nm.org, 1
+ncswboard.gov, 1
+nctu.moe, 1
+nctx.co.uk, 1
+ncua.gov, 1
+ncuc.gov, 1
+ncvps.gov, 1
+ndaal.eu, 1
+ndaccount.com, 1
+ndarville.com, 1
+ndbilje.si, 1
+ndcpolipak.com, 1
+ndd.govt.nz, 1
+ndeb-bned.ca, 1
+ndev.tk, 1
+ndhhs.gov, 1
+ndhlink.com, 1
+ndiama.eu.org, 1
+ndigen.com, 1
+ndisreview.gov.au, 1
+ndlegis.gov, 1
+ndlegistest.gov, 1
+ndmais.com.br, 1
+ndmath.club, 1
+ndns.ga, 1
+ndpbrn-research.org, 1
+ndpigskin.com, 1
+ndplumbingboard.gov, 1
+ndq.be, 1
+ndrew.me, 1
+nds-helicopter.de, 1
+nds-online.ru, 1
+ndscreening.com, 1
+ndtblog.com, 1
+ndum.ch, 1
+ndvlaw.com, 1
+ndvr.com, 1
+ndx.ee, 1
+ndxinfo.eti.br, 1
+ndy.sex, 1
+ne-on.org, 1
+ne.ax, 1
+nea.gov, 1
+nealvorusphd.com, 1
+neanderthalia.tk, 1
+neapi.com, 1
+nearbi.com.mx, 1
+nearby.in.th, 1
+nearestbusiness.com, 1
+nearlist.com, 1
+nearnorthcustoms.biz, 1
+nearnorthcustoms.co, 1
+nearnorthcustoms.com, 1
+nearnorthcustomsus.com, 1
+nearnorthmassage.com, 1
+nearnorthus.com, 1
+neartothesky.com, 1
+neasahourigan.com, 0
+neatful.eu.org, 1
+neath-afan-gymnastics.com, 1
+neatlife.co.uk, 1
+neatnestsdesign.com, 1
+neatnestsorganizing.com, 1
+neatous.cz, 1
+neatous.net, 1
+neatsvor.at, 1
+neatsvor.lt, 1
+neauviachannel.com, 1
+neave.tv, 1
+neawth.com, 1
+neaz.tk, 1
+neb.li, 1
+neba.io, 1
+nebeauty.it, 1
+nebebra.stream, 1
+nebelhauch.de, 1
+nebenan.de, 1
+nebenbeiblog.ch, 1
+nebix.tk, 1
+nebohost.tk, 1
+neboley.cf, 1
+nebra.io, 1
+nebraskadrypeas.gov, 1
+nebraskajudicial.gov, 1
+nebraskaresearch2.gov, 1
+nebraskawheat.gov, 1
+nebucadnezzer.tk, 1
+nebulise.com, 1
+nec-x.com, 1
+necd.me, 1
+necio.ca, 1
+neckbeard.xyz, 1
+necord.com, 1
+necretro.org, 1
+necromantia.tk, 1
+necronaut.tk, 1
+necronomusick.tk, 1
+necropolis-online.tk, 1
+necta.go.tz, 0
+nectere.ca, 1
+nectir-staging.com, 1
+nectir.co, 1
+necycvet.ru, 0
+nedapflux.com, 1
+nedcdata.org, 1
+nedcv-preview.nl, 1
+nedcv.nl, 1
+nedela.tk, 1
+nedemek.com.tr, 1
+nederbetuwe.nl, 0
+nederlandmobiel.nl, 1
+nederlands-vastgoedfonds.nl, 1
+nederlandse-modelspoor-database.nl, 1
+nederlandwereldwijd.nl, 1
+nedermisp.nl, 1
+nedhome.ml, 1
+nedim-accueil.fr, 1
+nedimon.gq, 1
+nedir.help, 1
+nednex.com, 1
+nedviga.gq, 1
+nedviga.tk, 1
+nedvizhimost.tk, 1
+nedvizhimostthailand.ml, 1
+nedvrf.ru, 1
+nedzadalibegovic.com, 1
+neecist.org, 1
+needfire.ga, 1
+needflare.com, 1
+needing.cf, 1
+needle-demo.azurewebsites.net, 1
+needle.net.nz, 1
+needle.nz, 1
+needme.com, 1
+needmytranscript.com, 1
+needrom.com, 1
+needsth.top, 1
+neeerd.org, 1
+neel.ch, 1
+neemo.nz, 1
+neenahwi.gov, 1
+neenan.com, 1
+neero.fr, 1
+nees.ga, 1
+neesoft.com, 1
+neesousunebonneetoile.ca, 1
+neet-investor.biz, 1
+neetflix.net, 1
+neetze-ferienwohnung.de, 1
+neev.tech, 0
+nefald.fr, 0
+nefertitis.cz, 0
+neff-pressen.de, 1
+nefit-bosch.nl, 1
+nefro-cme.de, 1
+nefthy.de, 1
+neftis.es, 1
+neg9.org, 0
+negabarit.tk, 1
+negai.moe, 0
+negativecrestinegratuite.tk, 1
+negativecurvature.net, 1
+negativeentropy.org, 1
+negativex.gq, 1
+neglected.space, 1
+neglecteddiseases.gov, 1
+negocieipanema.com.br, 1
+negociemos.com.co, 1
+negocios-imatore.com, 1
+negociosparaoptimistas.com, 1
+negociosurbanos.net, 1
+negoya-shokai.info, 1
+negozimoda.it, 1
+negoziointimo.com, 1
+negr.gay, 1
+negr.tv, 1
+negrete.tk, 1
+negril.com, 0
+neh.gov, 1
+nehalem.gov, 1
+neheim-huesten.de, 1
+nehmer.net, 1
+nehnutelnosti.io, 1
+nehoupat.cz, 1
+nehrp.gov, 1
+nehta.gov.au, 1
+nei.org, 1
+neide.ga, 1
+neighbor.co.il, 1
+neighborhood-threat.tk, 1
+neighborshop.de, 1
+neighborsunitedwilmington.org, 1
+neil-barrett.com, 1
+neil-barrett.uk, 1
+neila.tk, 1
+neildaniels.com, 1
+neilfarrington.com, 1
+neilgaimanphilippines.tk, 1
+neilpatel.com, 1
+neilrooney.com, 1
+neilwynne.com, 1
+neimadtelliam.fr, 1
+neio.uk, 1
+neishe.net, 1
+neiu.edu, 1
+nej.dk, 0
+nejenpneu.cz, 1
+nejlevnejsi-parapety.cz, 1
+nejmaklerka.cz, 1
+nejrecept.cz, 1
+nejsvetla.cz, 1
+nekenieh.net, 1
+nekkit.xyz, 1
+nekljudov.ga, 1
+neko-city.tk, 1
+neko-network.tk, 1
+neko-nyan-nuko.com, 1
+neko-nyan.org, 1
+nekochan.blog, 1
+nekodex.net, 1
+nekohana-inuhana.com, 1
+nekoku.io, 1
+nekomanten.de, 1
+nekomata.tk, 1
+nekomimi.pl, 1
+nekomimirouter.com, 1
+nekomimix.net, 1
+nekomiya-sama.top, 1
+nekomoe.moe, 1
+nekondiciya.cf, 1
+nekonet.us, 1
+nekosc.com, 1
+nekox.ml, 1
+nekrasowsky.ml, 1
+nekretnine-lidl.hr, 1
+nekrylov.ee, 0
+nekrylov.org.ru, 0
+nekrylov.spb.ru, 0
+nekusoul.de, 1
+nelebaehre.de, 1
+nelefon.com, 1
+nelegal-edition.ml, 1
+nelegal-edition.tk, 1
+nelflex.com.br, 1
+nelhage.com, 1
+nelili.com, 1
+nella-project.org, 1
+nellacms.org, 1
+nellafw.org, 1
+nellen.it, 1
+nellislife.marketing, 1
+nellydallois.fr, 1
+neln.jp, 1
+neln.net, 1
+nelnet.com, 1
+nelnet.net, 1
+nelnetbank.com, 1
+nelosculpteur.fr, 1
+nelson-marine.com, 0
+nelsoncountyky.gov, 1
+nelsonrecruitmentservices.co.uk, 1
+nelsonrodrigues.tk, 1
+nelsontwpoh.gov, 1
+nelsonworldwide.com, 1
+nelswong.com, 1
+nelty.be, 1
+nely.rocks, 1
+nema.gov.au, 1
+nemagiya.tk, 1
+nemahacountyne.gov, 1
+nemberone.com, 1
+nemcd.com, 1
+nemecisolutions.com, 1
+nemecl.eu, 1
+nemesisenterprises.de, 1
+nemesiz.tk, 1
+nemez.net, 1
+nemiroth.net, 1
+nemirow.tk, 1
+nemkoff.tk, 1
+nemnodes.org, 1
+nemo.run, 1
+nemo911.gov, 1
+nemokamas.tk, 1
+nemopan.com, 1
+nemplex.com, 1
+nemplex.win, 0
+nemplex.xyz, 1
+nems.no, 0
+nemsurvey.dk, 1
+nemtilmeld.dk, 1
+nemumu.com, 1
+nemunai.re, 1
+nemyriv.tk, 1
+nemzetizaszlok.hu, 1
+nen-ga.jp, 1
+nenapu.tk, 1
+nenco.nl, 1
+nenderus.su, 1
+neneko.moe, 1
+nenkin-kikin.jp, 1
+neno.io, 1
+neo-novarion.com, 1
+neo-wave.ro, 1
+neo1.com, 1
+neo2k.dk, 0
+neo2shyalien.eu, 0
+neo4j.com, 1
+neobits.nl, 1
+neoblindados.com.br, 1
+neoblog.tk, 1
+neobt.ro, 1
+neocenter.org, 1
+neochan.net, 1
+neochan.ru, 1
+neocharge.net, 1
+neocities.org, 1
+neoclan.tk, 1
+neocyd.com, 1
+neodaedalus.com.au, 1
+neodigital.bg, 1
+neodrive.ch, 1
+neodruid.tk, 1
+neoedresources.org, 1
+neoeliteconsulting.com, 1
+neogenomics.com, 1
+neograftaustintx.com, 1
+neohu.com, 1
+neoinvestor.club, 1
+neojo.org, 1
+neoko.fr, 1
+neokobe.city, 1
+neokonmarketing.de, 1
+neolaudia.es, 1
+neolink.com.br, 1
+neolove.ru, 1
+neom-specificenergy.com, 1
+neom.directory, 1
+neomodern.de, 1
+neonataleducationalresources.org, 1
+neonatalgoldenhours.org, 1
+neonbutik.com.tr, 1
+neoneuland.de, 1
+neonfestival.net, 1
+neonia.com.pl, 1
+neonigma.tk, 1
+neonknight.ch, 1
+neons.org, 1
+neontemple.net, 1
+neoone.art, 0
+neophilus.net, 1
+neopolis.gr, 1
+neopoly.com, 1
+neopoly.de, 1
+neoreflex.nz, 1
+neorsd.org, 1
+neos.co.jp, 1
+neosdesignstudio.co.uk, 1
+neosecurityteam.tk, 1
+neoseo.com.ua, 1
+neoshomo.gov, 1
+neosoft.hu, 1
+neosolution.ca, 1
+neossa.com, 1
+neostralis.com, 1
+neostralis.de, 1
+neostralis.net, 1
+neosys.com, 1
+neosys.eu, 1
+neot-shacked.com, 1
+neotech-solutions.com, 1
+neotiv.com, 1
+neotracker.io, 0
+neovapo.com, 1
+neoverify.com, 1
+neoverso.tk, 1
+neovote.com, 1
+neowa.tk, 1
+neowin.net, 1
+neoxcrf.com, 1
+neoz.com.br, 1
+neozeon.io, 1
+nepal-evolution.org, 0
+nepal.ga, 1
+nepalboxoffice.tk, 1
+nepalese.tk, 1
+nepali-fonts.tk, 1
+nepalsnews.tk, 1
+nepartypas.tk, 1
+nepezzano13.com, 1
+nephelae.eu, 1
+nephelion.org, 1
+nephology.net.au, 1
+nephrogo.com, 1
+nephrogo.de, 1
+nephrogo.lt, 1
+nephrolog.lt, 1
+nephy.jp, 1
+neplatnasmlouva.cz, 1
+nepomuk-ev.de, 1
+nepovolenainternetovahazardnihra.cz, 1
+nepozitkova.cz, 1
+neppglobal.top, 1
+nepremicninar.com, 1
+nepremicnine-lidl.si, 1
+nepremicnine.click, 1
+neptun-rio.tk, 1
+neptune.lol, 1
+neptunosrefugio.tk, 1
+nepu.tk, 1
+nerba.net, 1
+nerd.gallery, 1
+nerdalert.dk, 1
+nerdaristocracy.com, 1
+nerdblog.eu, 1
+nerdbox.cc, 1
+nerdca.st, 1
+nerdgebastel.de, 1
+nerdgift.ml, 1
+nerdherd.fun, 1
+nerdherd.ovh, 1
+nerdhouse.io, 1
+nerdies24.de, 0
+nerdin.space, 1
+nerdinator.ddns.net, 1
+nerdjokes.de, 1
+nerdmind.de, 1
+nerdmovieproductions.it, 1
+nerdnet.goip.de, 1
+nerdoftheherd.com, 1
+nerdoutstudios.tv, 1
+nerdpol.ch, 1
+nerdpol.org, 1
+nerds-gegen-stephan.de, 1
+nerds.company, 0
+nerdsin.space, 1
+nerdsonline.tk, 1
+nerdsuits.tk, 1
+nerdsweide.nl, 1
+nerdwallet.com, 1
+nerdydev.net, 1
+nerdyfam.tech, 1
+nerdygadgets.org, 1
+nerdyspace.net, 1
+nerfcity.tk, 1
+nerfroute.com, 1
+neri.it, 1
+nerion.tk, 1
+nerispa.it, 1
+neriumrx.com, 1
+nerja.es, 1
+nerloee.dk, 1
+neroli.bg, 1
+neroninvestment.org, 1
+neropiceno.tk, 1
+nerot.eu, 1
+neroteknik.com.tr, 1
+nerotv.live, 1
+nerpa-club.ru, 1
+nerss.ca, 1
+nertus.ua, 1
+nerull7.info, 1
+nerv.com.au, 1
+nerven.se, 1
+nervi.ga, 1
+nesabamedia.com, 1
+neseari.com, 1
+nesfb.com, 1
+nesheims.com, 1
+nesheimswaterrestoration.com, 1
+neshkorowi.gov, 1
+neshtata.bg, 1
+neskins.com, 1
+nesoddkatten.no, 1
+nesolabs.com, 1
+nesolabs.de, 1
+nespim.tk, 1
+nespresso.vn, 1
+ness.sh, 1
+nesscitycatholic.org, 1
+nesstormented.tk, 1
+nestas.eu, 1
+nestbynature.com, 1
+nesterov.pw, 1
+nestforms.com, 1
+nestinvest.com, 1
+nestlanddesign.com, 1
+nestlein.de, 1
+nestone.ru, 1
+nestra.tk, 1
+nestreeo.com, 1
+neswblogs.com, 1
+neswec.org.uk, 1
+net-abuse.email, 1
+net-combo-ja.com, 1
+net-file.tk, 1
+net-news.gq, 1
+net-provider.cloud, 1
+net-safe.info, 1
+net-script.tk, 1
+net-service.cz, 1
+net.nl.eu.org, 1
+net2ftp.com, 1
+net4you.net, 1
+netamia.com, 1
+netanin.tk, 1
+netapps.de, 1
+netba.net, 1
+netbank.com.au, 1
+netbasequid.com, 0
+netbeacon.de, 1
+netbears.com, 1
+netbears.ro, 1
+netbeyond.de, 1
+netbird.tk, 1
+netbows.com, 1
+netbows.es, 1
+netbox.org, 1
+netbrewventures.com, 1
+netbrief.ml, 1
+netbulls.io, 1
+netbuzz.ru, 1
+netcake.in, 1
+netcapital.com, 1
+netcd.tk, 1
+netcenteret.tk, 1
+netchameleon.com, 1
+netcitadel.com, 1
+netcitycheb.ru, 1
+netco-group.de, 1
+netco-privacy.de, 1
+netco-solution.de, 1
+netco-system.de, 1
+netcoolusers.org, 1
+netcorecloud.com, 1
+netcoresmartech.com, 1
+netcost-security.fr, 1
+netcrew.de, 1
+netculturejokes.tk, 1
+netd.at, 1
+netdego.jp, 1
+netdex.co, 1
+netdiode.com, 1
+netdiode.eu, 1
+netdiode.net, 1
+netdiode.org, 1
+netdir.tk, 1
+netdisk.io, 1
+netdnstrace1.com, 1
+netdox.asia, 1
+netdox.de, 1
+netducks.com, 1
+netducks.space, 1
+netdude.tk, 1
+netelite.tk, 1
+netera.se, 1
+neteraser.de, 1
+netexpatcommunity.com, 0
+neteye.ru, 1
+netfabb.com, 1
+netface.com.br, 1
+netferie.de, 1
+netferie.dk, 1
+netferie.no, 1
+netfiles.de, 1
+netfirmtextile.com, 1
+netflowanalysissolution.com, 1
+netflowanalysissolutions.com, 1
+netflowcalculator.com, 1
+netflowcollector.com, 1
+netflowknight.com, 1
+netflowknights.com, 1
+netflowreplicator.com, 1
+netflowsword.com, 1
+netflowtoday.com, 1
+netflowtrafficanalysis.net, 1
+netfog.de, 1
+netfolio.pt, 1
+netforall.tk, 1
+netfoundry.io, 1
+netfreedom.tk, 1
+netfs.pl, 1
+netfuture.ch, 1
+netgaming.de, 1
+netgenetiqs.de, 1
+netgroup.dk, 1
+netguard.solutions, 1
+netguide.co.nz, 1
+nethack.ninja, 1
+nethackwiki.com, 1
+nethask.ru, 1
+nethead.at, 1
+netheadsonair.com, 1
+nethealth.cf, 1
+nethealth.ga, 1
+nethealth.tk, 1
+netherite.gg, 1
+netherlandstypography.nl, 1
+netherlandsworldwide.nl, 1
+nethernet.nl.eu.org, 0
+nethorizon.pl, 1
+nethound.ga, 1
+nethouse.se, 1
+nethruster.com, 0
+nethui.nz, 1
+nethunter.top, 1
+netica.fr, 0
+netig.net, 1
+netim.pl, 1
+netipbox.com, 1
+netjobz.tk, 1
+netkappa.gr, 1
+netkigestioncomercial.com, 1
+netkimonos.com.br, 1
+netkolik.org, 1
+netla.tk, 1
+netlab.my.id, 1
+netleaf.ca, 1
+netlentes.com.br, 1
+netletic.com, 1
+netlevel.ga, 1
+netlify.com, 1
+netlocal.ru, 1
+netmaddy.com, 1
+netmagicas.com.br, 1
+netmajstor.eu, 1
+netmania.tk, 1
+netmedia.tk, 1
+netmeister.org, 1
+netmouse.tk, 1
+netmt.de, 1
+netnea.com, 1
+netnl.eu, 1
+netoborona.tk, 1
+netobur.net, 1
+netolink.co.il, 1
+netolink.com, 1
+netor.ga, 1
+netpatient.dk, 1
+netpenge.tk, 1
+netpreneur.co.za, 1
+netprepare.com, 1
+netprofile.com.au, 0
+netrabota.tk, 1
+netracks.ga, 1
+netradyne.com, 1
+netraising.com, 1
+netrecruituk.co.uk, 1
+netreputation.com, 1
+netresec.com, 1
+netreviews.tk, 1
+netrewrite.com, 1
+netrino.be, 1
+netrino.info, 1
+netrino.io, 1
+netrogue.ninja, 1
+netronix.be, 1
+netrunner.xyz, 1
+nets.com.sg, 1
+netschool.tk, 1
+netsearch.ga, 1
+netsec.cloud, 1
+netsecma.com, 1
+netshopgarden.com.br, 1
+netsite.dk, 1
+netslum.tk, 1
+netsoftit.com, 1
+netsoins.org, 1
+netsparker.com.tr, 0
+netspeedia.net, 1
+netsphere.cloud, 1
+netsphere.cz, 1
+netstjernen.dk, 1
+netstrategy.it, 1
+netsyms.com, 1
+netsys.com.tr, 1
+netsystems.pro, 1
+nettamente.com, 1
+nette.org, 1
+nettegeschenke.de, 1
+netter.co.id, 1
+nettgiro.no, 1
+nettia.fi, 0
+nettiger.tk, 1
+nettikasino.top, 1
+nettikasino247.com, 1
+nettiruletti.ga, 1
+nettiruletti.tk, 1
+nettletonms.gov, 1
+nettools.link, 1
+nettoptangida.com, 1
+nettoyage-apres-deces-crime.fr, 1
+nettoyage.email, 1
+nettoyeurtombe.fr, 1
+nettruepro.com, 1
+nettunoguide.dk, 1
+nettx.co.uk, 1
+nettype.ca, 1
+netube.org, 1
+netunia.org, 1
+netvizura.co.uk, 1
+netvlies.nl, 0
+netvpn.ml, 1
+netvpn.net, 1
+netwarc.eu, 1
+netwarc.nl, 1
+netwatch.me, 1
+netwave.pl, 1
+netwerkgeneeskunde.nl, 1
+netwerkmediawijsheid.nl, 1
+netwidow.com, 1
+netwire-solutions.com, 1
+netwire.tk, 1
+networg.cz, 1
+networg.pl, 1
+network-au-qa-api.azurewebsites.net, 1
+network-midlands.co.uk, 1
+network-midlands.uk, 1
+network-wr.tk, 1
+network.ae, 0
+network23.nl, 1
+networkarena.tk, 1
+networkdiode.com, 1
+networkdiode.eu, 1
+networkdiode.net, 1
+networkdiode.org, 1
+networking-groups.co.uk, 1
+networking4all.com, 1
+networkingnexus.net, 1
+networkingwithfish.com, 1
+networkinternetmonitor.com, 1
+networklessons.com, 1
+networkmas.com, 1
+networkmidlands.co.uk, 1
+networkmidlands.uk, 1
+networkmon.net, 1
+networkperformancemonitoring.net, 1
+networkposting.com, 1
+networksec.info, 1
+networksecuritysolutions.info, 1
+networksolutionsconsultant.com, 1
+networkthreatdetection.com, 1
+networkthreatprotection.com, 1
+networktools.tk, 1
+networktrafficanalysis.net, 1
+networktrafficanalyzer.net, 1
+networktrafficmonitoring.net, 1
+networkuser.de, 1
+networld.to, 1
+networth.at, 1
+networthpal.com, 1
+networx-online.de, 1
+netz-noe.at, 1
+netz0.com, 1
+netzabfragen.de, 1
+netzagentur.at, 1
+netzen.tk, 1
+netzer.ml, 1
+netzfabrik.com, 1
+netzfrauen.org, 1
+netzklad.de, 1
+netzona.org, 1
+netzpolitik.org, 1
+netzquelle.net, 1
+netzsv.website, 1
+netztest.at, 1
+netzvieh.de, 1
+netzwerk-kvp.de, 1
+netzwerk-lq.com, 1
+netzwerk-sozialliberal.de, 1
+netzwerkwerk.de, 1
+netzwolf.info, 1
+neuber-it.de, 1
+neuber.uno, 1
+neubr.de, 1
+neuca24.pl, 1
+neuch.info, 0
+neue-energien.tk, 1
+neuelandschaft-welzow.de, 1
+neuf-chateaux.com, 1
+neuhaus-city.de, 1
+neukoppel.de, 1
+neuland.technology, 1
+neumanncontractors.com.au, 1
+neumanndredging.com.au, 1
+neumannindustrialcoatings.com.au, 1
+neumarkcb.com, 1
+neumaticar.cl, 1
+neumond.de, 1
+neurabyte.com, 1
+neuraclix.com, 1
+neuralink.com, 1
+neuralkids.org, 1
+neurexcellence.com, 1
+neurido.net, 1
+neurobiology.com, 1
+neurochip.co.uk, 1
+neurocny.cloud, 1
+neurococi.ro, 1
+neuroethics.com, 1
+neurogroove.info, 1
+neurohouse.com.br, 1
+neurojournal.ru, 1
+neurologia.tk, 1
+neurologie.tk, 1
+neurologysantamonica.com, 1
+neurontinprice.ga, 1
+neuronus.com.br, 1
+neuropharmacology.com, 1
+neurophysiotherapy.ga, 1
+neuropsychologisthouston.com, 1
+neurosurgeryinmexico.com, 1
+neuroticosanonimos.tk, 1
+neuroticpoets.com, 1
+neurotransmitter.net, 1
+neurozentrum-zentralschweiz.ch, 1
+neustadtguides.de, 1
+neuteleers.tk, 1
+neutron.ch, 1
+nev.si, 1
+neva-star.ml, 1
+neva.li, 1
+nevadacountyca.gov, 1
+nevadafiber.com, 1
+nevadafiber.net, 1
+nevadamentalhealth.com, 1
+nevam.cf, 1
+neve.in.ua, 1
+never-afk.de, 0
+never-mind.tk, 1
+never-more.tk, 1
+never.pet, 1
+neveraquemola.ml, 1
+neverasquemola.ml, 1
+neverendingrejection.tk, 1
+nevergirl.tk, 1
+nevergonnatouchit.tk, 1
+nevergreen.io, 1
+neverhood-tv.tk, 1
+neverland.link, 1
+neverlandindonesia.com, 1
+neverness.tk, 1
+nevers.fr, 1
+neversayretired.in, 0
+neverwasinparis.com, 1
+nevi.nl, 1
+nevim-co-varit.cz, 1
+nevivur.net, 1
+nevntech.com, 1
+nevocloud.com, 1
+nevolution.me, 1
+nevoxo.com, 0
+nevrodiversitet.no, 1
+nevski.eu, 1
+nevychova.cz, 1
+new, 1
+new-1xbet.com, 1
+new-black-order.com, 1
+new-boiler-prices.co.uk, 1
+new-jersey-online-casinos.com, 1
+new-medic.com, 1
+new-mexico-sexcams.com, 1
+new-pornvideos.com, 1
+new-smile.cf, 1
+new-standart.tk, 1
+new-tuning.tk, 1
+new-vip.com, 1
+new-vip1.com, 1
+new-vvip.com, 1
+new-way.ml, 1
+new-web-studio.com, 1
+new-zone.tk, 1
+new10.com, 1
+newage.bg, 1
+newagehoops.com, 1
+newalbanyohio.gov, 1
+newamericanagent.com, 1
+newamericanfunding.com, 1
+newannual.com, 1
+newantiagingcreams.com, 1
+newapparatus.com, 0
+newarkca.gov, 1
+newarkohio.gov, 1
+newarkwi.gov, 1
+newasa.ga, 1
+newasianbistro.com, 1
+newaygo.gov, 1
+newaygocountymi.gov, 1
+newbabylon.tk, 1
+newbackup.ml, 1
+newbasemedia.us, 1
+newberlinwi.gov, 1
+newberrycounty.gov, 1
+newberryfl.gov, 1
+newbies.tk, 1
+newbietech.cn, 0
+newblogr.com, 1
+newboldwi.gov, 1
+newborncryptocoin.com, 1
+newbownerton.xyz, 1
+newbraunfels.gov, 1
+newbrest.tk, 1
+newbrightonresidents.org.nz, 1
+newbronze.com.br, 1
+newbrunswick.today, 1
+newbrunswickonlinedivorce.com, 1
+newbrunswicktoday.com, 1
+newbss.co.uk, 1
+newbuilding.tk, 1
+newburybouncycastles.co.uk, 1
+newburyparkelectric.com, 1
+newburyparkelectrical.com, 1
+newburyparkelectrician.com, 1
+newburyparkexteriorlighting.com, 1
+newburyparklandscapelighting.com, 1
+newburyparkoutdoorlighting.com, 1
+newburyportma.gov, 1
+newcab.de, 0
+newcapitaldev.com, 1
+newcarlisleohio.gov, 1
+newcars.tk, 1
+newcasinos-au.com, 1
+newcasinos-ca.com, 1
+newcastlemoneyman.com, 1
+newcastleok.gov, 1
+newcc.gov, 1
+newchance.store, 1
+newchapter.com, 1
+newcharmed.tk, 1
+newchester.gov, 1
+newchoicesspb.ru, 1
+newcityinfo.ch, 0
+newcityinfo.info, 1
+newcitystudio.ch, 0
+newcoincasino.com, 1
+newcoly.com, 1
+newcombny.gov, 1
+newconcept.tk, 1
+newcontext.com, 1
+newcreamforface.com, 1
+newcreationperso.com.br, 1
+newcurve.tk, 1
+newday.host, 1
+newdaychristian.com, 1
+newdayrecordlabel.com, 1
+newdecortrends.com, 1
+newdenversurvivors.tk, 1
+newdietandexercises.tk, 1
+newdimensioninterlock.com, 0
+newdirectionsolar.com.au, 1
+newdurhamnh.gov, 1
+neweggsoft.org, 1
+newemage.com.mx, 1
+newendsoft.com, 0
+newengineer.com, 1
+newenglandradioforum.tk, 1
+newenglandtek.com, 1
+newenglandworkinjury.com, 1
+newfacialbeautycream.com, 1
+newfairfieldct.gov, 1
+newfangledscoop.com, 1
+newfield-ext.co.jp, 1
+newfiepedia.ca, 1
+newflavor.design, 1
+newfld.com, 1
+newforex.ml, 1
+newforms.nl, 1
+newfoundland-labradorflora.ca, 1
+newfoundlandlabrador.com, 1
+newgarden.tk, 1
+newgardenfarms.org, 1
+newglarusvillagewi.gov, 1
+newgle.xyz, 1
+newgrowbook.com, 0
+newguidance.ch, 0
+newhamyoungbloods.co.uk, 1
+newhavenshiami.gov, 1
+newholland.tk, 1
+newhomedesign.tk, 1
+newhopeplacement.com, 1
+newhoperailroad.com, 1
+newillusion.tk, 1
+newind.info, 1
+newinf.at, 1
+newingtonnhpolice.gov, 1
+newinsane.info, 1
+newipswichnh.gov, 1
+newjerseyvideography.com, 1
+newkaliningrad.ru, 1
+newlands-fasteners.com.au, 1
+newlegalsteroid.com, 1
+newlifebathrooms.com.au, 1
+newlifefund.org, 1
+newlight.net.br, 1
+newlondonhospital.org, 1
+newlovers.ga, 1
+newlovers.gq, 1
+newlynamed.com, 1
+newlytricks.ml, 1
+newmadridcountymo.gov, 1
+newman.ga, 1
+newmansown.co.uk, 1
+newmarketbouncycastlehire.co.uk, 1
+newmatworld.com, 1
+newmed.com.br, 1
+newmedia.gotdns.com, 1
+newmediaone.net, 1
+newmeproducts.com, 1
+newmex.com.br, 1
+newmilfordct.gov, 1
+newmilfordnj.gov, 1
+newmusic.org, 1
+newmusicjackson.org, 1
+newmuslims.tk, 1
+newmuz.tk, 1
+newnorthfuels.ca, 1
+newnorthfuels.com, 1
+newodesign.com, 1
+newoho.com, 1
+newoldboughtsold.com, 1
+newoldstock.uk, 1
+newonlineroad.com, 1
+neworiflame.tk, 1
+newosis.life, 1
+newpad.de, 1
+newparadigmventures.net, 0
+newparrot.tk, 1
+newphysics.fi, 1
+newplxx.gotdns.com, 1
+newplxx.online, 1
+newpointeg.com, 1
+newportbus.co.uk, 1
+newporthomehealth.com, 1
+newportit.com, 1
+newportri.gov, 1
+newposts.ru, 1
+newpraguemn.gov, 1
+newpress24.tk, 1
+newquilters.com, 1
+newreleases.io, 1
+newreop.com, 1
+news-and-blogs.tk, 1
+news-big.com, 1
+news-club.tk, 1
+news-novoros.cf, 1
+news-of-russia.gq, 1
+news-offerte.com, 1
+news-police.tk, 1
+news-srilanka.tk, 1
+news-sy.cf, 1
+news-technology.ml, 1
+news-zp.tk, 1
+news.bg, 1
+news123.ga, 1
+news12elite.tk, 1
+news17.tk, 1
+news24rus.tk, 1
+news29.tk, 1
+news53today.tk, 1
+news54.tk, 1
+news5cleveland.com, 1
+news60.tk, 1
+news89.cf, 1
+news89.ga, 1
+news89.gq, 1
+newsadvance.com, 1
+newsall.gr, 1
+newsarmenia.tk, 1
+newsarticle.ml, 1
+newsasia7.com, 1
+newsauto.tk, 1
+newsbali.tk, 1
+newsbay.gr, 1
+newsbeat.kiwi, 1
+newsbes.org, 1
+newsbomba.ml, 1
+newsbusiness.cf, 1
+newscenter.gr, 1
+newscheck.tk, 1
+newschool.ie, 1
+newsclue.org, 1
+newscultural.tk, 1
+newsdesk.social, 1
+newsdiff.eu, 1
+newsdiff.nl, 1
+newsdiffs.eu, 1
+newsdiva.org, 1
+newseon.org, 1
+newserfanekeihani.tk, 1
+newserumforskin.com, 1
+newseue.com, 1
+newsfiber.org, 1
+newsfinale.com, 1
+newsforum.ml, 1
+newsforyou.cf, 1
+newsgenix.org, 1
+newsgroups.io, 1
+newsguyz.com, 1
+newshell.it, 1
+newshome.tk, 1
+newshorehamri.gov, 1
+newshour.media, 1
+newsig.com, 1
+newsignature.com, 1
+newsinfilm.com, 1
+newsinformer.ga, 1
+newsinkansas.ml, 1
+newsinpenn.ml, 1
+newsinpolitics.ga, 1
+newsireland.tk, 1
+newsiva.org, 1
+newskinlasercenter.com, 1
+newslanes.com, 1
+newslanka.tk, 1
+newsletteralerts.com, 1
+newsletters.gq, 1
+newslia.org, 1
+newsliner.gq, 1
+newslookup.com, 1
+newsmacro.org, 1
+newsmangas.fr, 1
+newsmotor.info, 1
+newsmyth.org, 1
+newsnfl.tk, 1
+newsoul.de, 1
+newspawn.net, 1
+newsportbox.ru, 1
+newspower.ir, 1
+newspriest.com, 1
+newsprix.com, 1
+newspsychology.com, 1
+newsquare.biz, 1
+newsreach.org, 1
+newsteadccc.com.au, 1
+newstel.tk, 1
+newsthai.ml, 1
+newsticker.tk, 1
+newstj.ml, 1
+newstone-tech.com, 1
+newstraveltoday.gq, 1
+newsuk.tk, 1
+newsupdatesdaily.ga, 1
+newsuzbekistan.tk, 1
+newsvideo.tk, 1
+newsvirginian.com, 1
+newsvoice.com, 1
+newswav.com, 1
+newswired.org, 1
+newsworld247.tk, 1
+newsxp.tk, 1
+newsyclub.tk, 1
+newtambov.gq, 1
+newtambov.tk, 1
+newtech.ro, 1
+newtekstil.ga, 1
+newterritorialclaims.tk, 1
+newtlgpacks.ml, 1
+newton-circus.jp, 1
+newtoncomputing.com, 1
+newtoncountymo.gov, 1
+newtonhaus.com, 1
+newtrackon.com, 1
+newtravelplans.com, 1
+newusatoday.ga, 1
+newvehicle.com, 1
+newvisionhealing.com, 1
+newwaterford-oh.gov, 1
+newwavelinen.com, 1
+newway.ie, 1
+newwind.tk, 1
+newwise.com, 1
+newworldnew.com, 1
+newworldnewlife.tk, 1
+newxit.tk, 1
+newyearsdishes.tk, 1
+newyorkcardiac.com, 1
+newyorkcoffeejobs.com, 1
+newyorkdiscountattractions.com, 1
+newyorkhiltonmidtown.com, 1
+newyorkland.forsale, 1
+newyorknews.tk, 1
+newyorkrp.tk, 1
+newyoushampoo.com, 1
+newz.to, 1
+newzashitnik.tk, 1
+newzealandadventure.tk, 1
+newzealandheatpumps.co.nz, 1
+newzen.fr, 1
+newzlight.com, 1
+newzlyup.com, 1
+newzvilla.ga, 1
+nex.io, 1
+nex.li, 1
+nexcoda.io, 1
+nexd.com, 1
+nexgeneration-solutions.com, 1
+nexgenwebdesign.co.uk, 1
+nexgi.com, 1
+nexhealth.info, 1
+nexicafiles.com, 1
+nexiodev.com, 1
+nexiodevopslocal.com, 1
+nexiopay.com, 1
+nexiopaydev.com, 1
+nexiopaydevopslocal.com, 1
+nexiopaysandbox.com, 1
+nexiopaystaging.com, 1
+nexiopaystg.com, 1
+nexiosandbox.com, 1
+nexiostaging.com, 1
+nexiumgeneric.tk, 1
+nexlight.be, 1
+nexo.games, 1
+nexon.com.au, 1
+nexril.net, 0
+nexs.gg, 1
+nexscience.tk, 1
+next-geek.fr, 1
+next-idea.co, 1
+next-level-accounting.com, 1
+next-log.ru, 0
+next-tms.com, 1
+next.me, 1
+next24.io, 1
+nextads.ch, 1
+nextbike.tk, 1
+nextcairn.com, 1
+nextcloud-alpha.ddns.net, 1
+nextcloud-miyamoto.spdns.org, 1
+nextcloud-server.spdns.de, 0
+nextcloud.co.za, 1
+nextcloud.com, 1
+nextcloud.nerdpol.ovh, 1
+nextcloudcn.com, 1
+nextclouddarwinkel.nl, 1
+nextcom.digital, 1
+nextdayoff.com, 1
+nextdayvapes.co.uk, 1
+nextedgecloud.com, 1
+nextevolution.co.uk, 1
+nextfm.tk, 1
+nextg.gg, 1
+nextgen-life-insurance.com, 1
+nextgen-wealth.com, 1
+nextgen.com, 0
+nextgen.sk, 1
+nextgenerationaccessories.com, 1
+nextgenerationaccessories.online, 1
+nextgenerationaccessories.ru, 1
+nextgenerationaccessories.store, 1
+nextgenforbbm.com, 1
+nextgenmath.com, 1
+nextgensocialnetwork.com, 1
+nextgenthemes.com, 0
+nextgreatmess.com, 1
+nexthop.co.th, 0
+nextiot.de, 1
+nextitstep.com, 1
+nextiva.com, 1
+nextlegends.gov, 1
+nextlevel-forum.de, 1
+nextlevel-it.co.uk, 1
+nextlevelchess.blog, 1
+nextlevelforum.de, 1
+nextmarkets.com, 1
+nextme.se, 1
+nextnet.cc, 1
+nextnowagency.com, 0
+nextos.com, 1
+nextrader.guru, 0
+nextrasp.it, 1
+nextrec.site, 1
+nextright.tk, 1
+nextsound.tk, 1
+nextsource.com, 1
+nextstep-labs.gr, 1
+nextstepstudios.ga, 1
+nextsulting.com, 1
+nextus.me, 1
+nextvibration.com, 1
+nextvision.pt, 1
+nextwab.com, 1
+nextworldcoding.ga, 1
+nexus, 1
+nexus-start.de, 1
+nexus-vienna.at, 1
+nexusbyte.de, 1
+nexusmedianews.com, 1
+nexussystems.tk, 1
+nexwebsites.com, 1
+nexxss.jp, 1
+nexxus-sistemas.net.br, 1
+nexzcore.com, 1
+nexzus.com, 1
+neyco.fr, 1
+neyer-lorenz.de, 1
+neyjens.com, 1
+nezis.tk, 1
+nezkakukec.si, 1
+nezrouge-est-vaudois.ch, 1
+nezsultan.tk, 1
+nf-tel.com, 1
+nf9q.com, 1
+nfam.de, 1
+nfb-ec.co.za, 1
+nfb-fsg.co.za, 1
+nfb.co.za, 1
+nfbam.co.za, 1
+nfbassetmanagement.co.za, 1
+nfbct.co.za, 1
+nfbec.co.za, 1
+nfbel.co.za, 1
+nfbfsg.co.za, 1
+nfbib.co.za, 1
+nfbpe.co.za, 1
+nfbplett.co.za, 1
+nfbpwm.co.za, 1
+nfbst.co.za, 1
+nfcweb.de, 1
+nfe-elektro.de, 1
+nffpm.ae, 1
+nffs.cf, 1
+nffsimples.com.br, 1
+nfgonlineuk.tk, 1
+nfitraining.nl, 1
+nfl.ddns.net, 1
+nfl.dedyn.io, 1
+nfl.duckdns.org, 1
+nfl.zapto.org, 1
+nflchan.org, 1
+nfls.io, 1
+nflsic.org, 1
+nfluence.org, 1
+nfobar.com, 1
+nforto.com, 1
+nfpors.gov, 1
+nfpsa.lv, 1
+nframe.io, 1
+nfs.pub, 1
+nfsec.pl, 1
+nft-dagasi.com, 1
+nft-dev-web.azurewebsites.net, 1
+nft-qa-web.azurewebsites.net, 1
+nft.io, 1
+nftactually.com, 1
+nftnow.com, 1
+nftshowroom.com, 1
+ng-musique.com, 1
+ng.edu.ee, 1
+ngarate.com, 1
+ngatikuri.tk, 1
+ngawa-avocat-paris.fr, 1
+ngbilling.com.br, 1
+ngc.gov, 0
+ngclearing.com, 0
+ngecezt.ddns.net, 1
+ngefics.tk, 1
+ngegame.id, 1
+ngelag.com, 1
+ngergs.de, 1
+ngetik.id, 1
+nggukbo9lbfadcf5.gq, 1
+nghe.net, 1
+ngi.eu, 0
+ngiemboon.net, 1
+nginx.io, 1
+nginxtest.ml, 1
+nginxyii.tk, 1
+ngla.gov, 1
+ngmisr.com, 1
+ngmx.com, 1
+ngmx.eu, 1
+ngmx.net, 1
+ngmx.nl, 1
+ngmx.org, 1
+ngmx.social, 1
+ngndn.jp, 1
+ngns.cz, 1
+ngo-online.de, 1
+ngontinhtruyen.com.vn, 1
+ngoresan.tk, 1
+ngorod.tk, 1
+ngplus.name, 1
+ngribok.ru, 1
+ngroupllc.com, 1
+ngservers.com, 0
+ngsmedicare.com, 1
+nguoimuahangmy.com, 1
+nguonnha.vn, 1
+nguru.net, 1
+nguyencucthanh.com, 1
+nguyenduythiem.com, 1
+nguyenfamily.tk, 1
+nguyenslist.com, 1
+nguyensuu.tk, 1
+ngvf.de, 1
+ngvgamechanger.com, 1
+ngx.hk, 1
+ngx.im, 1
+ngxmetrics.com, 1
+ngxpkg.com, 1
+nh.ee, 1
+nhacthanhcavietnam.com, 1
+nhadat100.vn, 1
+nhadonghanh.com, 1
+nhai.gov.in, 1
+nhakinh.net, 1
+nhance.pl, 1
+nhanlucnhatban.com, 1
+nhaoi.com, 1
+nharper.org, 1
+nhathaugiare.com, 1
+nhatrang.tk, 1
+nhatrangbooks.com, 1
+nhbp-nsn.gov, 1
+nhbp.gov, 1
+nhccnews.org, 1
+nhcps.com, 1
+nhdsilentheroes.org, 1
+nhg.nl, 1
+nhjvillalmanzo.tk, 1
+nhk.jp, 1
+nhnieuws.nl, 1
+nhome.ba, 1
+nhr.nl, 1
+nhscript.tk, 1
+nhsolutions.be, 0
+nhsuites.com, 1
+nhtsa.gov, 1
+nhv-vintagelemans.com, 1
+ni-dieu-ni-maitre.com, 1
+ni-mate.com, 1
+ni-s.de, 1
+ni.search.yahoo.com, 0
+niaa.gov.au, 1
+niadd.com, 1
+niagara.ru, 0
+niagaraconstruction.org, 1
+niagarafalls.ca, 1
+niagaraschoice.org, 1
+niallator.com, 1
+niawier-wetsens.tk, 1
+nibadesign.nl, 1
+nibblehole.com, 1
+nibbler.ai, 1
+nibert.fr, 1
+nibiru.com.uy, 1
+nibletllc.com, 1
+nibouw.nl, 1
+nic.ads, 1
+nic.android, 1
+nic.app, 1
+nic.bnpparibas, 1
+nic.bo, 1
+nic.boo, 1
+nic.cal, 1
+nic.channel, 1
+nic.chrome, 1
+nic.dad, 1
+nic.day, 1
+nic.dclk, 1
+nic.dev, 1
+nic.docs, 1
+nic.drive, 1
+nic.eat, 1
+nic.esq, 1
+nic.fly, 1
+nic.foo, 1
+nic.gbiz, 1
+nic.gle, 1
+nic.gmail, 1
+nic.goog, 1
+nic.google, 1
+nic.gov, 1
+nic.guge, 1
+nic.hangout, 1
+nic.here, 1
+nic.how, 1
+nic.ing, 1
+nic.meet, 1
+nic.meme, 1
+nic.mov, 1
+nic.new, 1
+nic.nexus, 1
+nic.page, 1
+nic.play, 1
+nic.prod, 1
+nic.prof, 1
+nic.rsvp, 1
+nic.soy, 1
+nic.xn--q9jyb4c, 1
+nic.youtube, 1
+nic.zip, 1
+nic199.ru, 1
+nicaieri.ro, 1
+nicanordic.com, 1
+nicastrosalvatore.tk, 1
+nicat.cf, 1
+nicava.com.mx, 1
+nice-autosurf.com, 1
+nice-germany.tk, 1
+nice-links.tk, 1
+nice-school.com.ua, 1
+nice.ch, 1
+nice.com, 0
+niceactimize.com, 0
+niceb5y.net, 0
+nicecockb.ro, 1
+niceguyit.biz, 1
+nicepussypics.com, 1
+nicerings.com, 1
+nicesco.re, 1
+nicestudio.co.il, 1
+nicesurf.tk, 1
+nicetits.pics, 1
+nicevillefl.gov, 1
+nicheosala.tk, 1
+nicher.tk, 1
+nichesite.gq, 1
+nichetest.tk, 1
+nichevideogalore.com, 0
+nichi.co, 1
+nichijou.com, 1
+nichijou.org, 1
+nicholasjohnson.ch, 1
+nicholaslazzerini.com, 1
+nicholasnassar.com, 1
+nicholasperkins.io, 1
+nicholasquigley.com, 1
+nicholaswilliams.net, 1
+nicholsonkring.tk, 1
+nicht-blau.de, 1
+nichteinschalten.de, 0
+nichthelfer.de, 1
+nichtkunst.tk, 1
+nichya.tk, 1
+nichyaforum.tk, 1
+nicic.gov, 1
+niciunde.ro, 1
+nick-black.com, 1
+nick-slowinski.de, 0
+nick-stone.com, 1
+nickcleans.co.uk, 1
+nickcraver.com, 1
+nickfoerster.io, 1
+nickfreeman.de, 1
+nickfrost.rocks, 1
+nickguyver.com, 1
+nickhawn.com, 0
+nickhitch.co.uk, 1
+nickhowell.co.uk, 0
+nickkallis.com, 1
+nicklock.ml, 1
+nickloose.de, 1
+nickmandler.tk, 1
+nickmazuk.com, 1
+nickmchardy.com, 1
+nickmiller.ie, 1
+nickmorri.com, 0
+nickmorris.name, 0
+nicknames.tk, 1
+nicknamez.tk, 1
+nickoticko.tk, 1
+nickplotnek.co.uk, 1
+nickrickard.co.uk, 1
+nickrickard.uk, 1
+nicks-autos.com, 1
+nickscomputers.nl, 1
+nickserv.eu, 1
+nickserv.social, 1
+nickserve.com, 1
+nickserve.eu, 1
+nickserve.net, 1
+nickserve.nl, 1
+nickserve.org, 1
+nickserve.social, 1
+nickstories.de, 1
+nicktamin.de, 1
+nickwasused.cf, 1
+nickwasused.de, 1
+nickwasused.ga, 1
+nickwasused.gq, 1
+nickwasused.ml, 1
+nickwasused.tk, 1
+nickwatton.com, 0
+nickyfoxx.net, 1
+nicn.me, 1
+nico.st, 1
+nicochinese.com, 1
+nicoforconi.it, 1
+nicogrosser.de, 0
+nicoknibbe.nl, 1
+nicokroon.nl, 1
+nicoladixonrealestate.com, 1
+nicolaeiotcu.ro, 1
+nicolaiteglskov.dk, 1
+nicolajanedesigns.co.uk, 1
+nicolalapenta.com, 1
+nicolaleonardi.it, 1
+nicolaottomano.it, 1
+nicolas-benoit-immobilier.fr, 1
+nicolas-bouvier.tk, 1
+nicolas-dumermuth.com, 1
+nicolas-feuillatte.com, 1
+nicolas-hoizey.com, 1
+nicolas-hoizey.photo, 0
+nicolas-simond.ch, 1
+nicolas-simond.com, 1
+nicolaschelly.tk, 1
+nicolascoolman.com, 1
+nicolasfrebert.fr, 1
+nicolasfriedli.ch, 1
+nicolashervaud.com, 1
+nicolasiung.me, 0
+nicolaslogerot.com, 1
+nicolasprovost.tk, 1
+nicolaszambetti.ch, 1
+nicolaw.uk, 1
+nicole-richie.info, 1
+nicolebracy.com, 1
+nicoleisaacs.com, 1
+nicolemathew.com, 1
+nicoleta-prestescu.tk, 1
+nicolettajennings.com, 1
+nicolettapallotta.com, 1
+nicolettevandervalk.nl, 0
+niconico.ooo, 1
+nicoobank.com, 1
+nicopretzl.de, 1
+nicorevin.ru, 1
+nicosaveyn.be, 1
+nicovip.com, 1
+nicsezcheckfbi.gov, 1
+nicsys.de, 1
+nictiz.nl, 1
+nicul.in, 1
+nicwortel.nl, 1
+nidhoeggr.duckdns.org, 1
+nidialozano.com, 1
+nidosi.nu, 1
+nidosinu.com, 1
+nidsuber.ch, 1
+niduxcomercial.com, 1
+nie-wieder-muede.de, 1
+niederalt.com, 1
+niedermair.bz, 1
+niederohmig.de, 1
+niedersachsen.cloud, 1
+niedlaechelt.de, 1
+niels-modeltog.tk, 1
+nielsbohr.ai, 1
+nielsdesign.tk, 1
+nielsensaskiagaantrouwen.be, 1
+niemaler.de, 1
+niemandmussirgendwas.de, 1
+niemeyer.org.br, 1
+nien.cf, 1
+nien.co, 1
+nien.com, 1
+nien.eu.org, 1
+nien.gq, 1
+nien.org, 1
+nien.taipei, 1
+nien.tk, 1
+nienfun.com, 1
+nienkeslop.nl, 1
+nierenpraxis-dr-merkel.de, 1
+nierenpraxis-merkel.de, 1
+niers.land, 1
+nierstichting.nl, 1
+nieruchomosci-wroclaw-24.pl, 1
+nieselregen.com, 1
+niesstar.com, 0
+nietmvwoensel.com, 1
+nietveel.tk, 1
+nietvolgensdeboekjes.nl, 1
+nietzsche.com, 1
+nieuwebroek.com, 1
+nieuwebroek.nl, 1
+nieuwpoort.tk, 1
+nieuwsbegrip.nl, 1
+nieuwsberichten.eu, 1
+nieuwsfiets.nu, 1
+nieuwslagmaat.nl, 1
+nifc.gov, 1
+niferry.co.uk, 1
+niffler.software, 1
+nifleim.net, 1
+niflheimr.es, 1
+niftiestsoftware.com, 1
+niftyninjamarketing.com, 1
+nifume.com, 1
+niga.tk, 1
+nigdeescort.tk, 1
+nigelpentland.co.uk, 1
+nigelvm.com, 1
+nigelwright.com, 1
+nigeriaimagefoundation.org, 1
+nigeriaportal.tk, 1
+nigglipads.com.br, 1
+niggo.eu, 0
+night-academy.pl, 1
+night2stay.cn, 1
+night2stay.de, 1
+night2stay.fr, 1
+night2stay.ru, 1
+nightandthecityofbrokenpromises.tk, 1
+nightblue.ml, 1
+nightblue.tk, 1
+nightbox.cf, 1
+nightbura.biz, 1
+nightcitynews.info, 1
+nightclassifieds.com, 1
+nightdreamer.me, 1
+nightfirecat.com, 1
+nightfoxtips.com, 1
+nighthawks.tk, 1
+nighthawkstrategies.com, 1
+nightingalebabyconcierge.com, 1
+nightkiss66.org, 1
+nightlife.gent, 1
+nightlight.gg, 1
+nightlive.tk, 1
+nightmail.net, 1
+nightmareabyss.top, 0
+nightmarejoker2.com, 1
+nightmoose.org, 1
+nightoutrecords.tk, 1
+nightpass.tk, 1
+nightscapes.tk, 1
+nightscout.host, 1
+nightsi.de, 1
+nightskyalerts.com, 1
+nightsnack.cf, 1
+nightstar-online.tk, 1
+nightstory.tk, 1
+nightvisionradio.tk, 1
+nightwinds.tk, 1
+nightwishchile.tk, 1
+nightwood.cf, 1
+nigmapictures.tk, 1
+nigt.cf, 1
+nih.ao, 1
+nihaarpstars.com, 1
+nihaoonline.tk, 1
+nihilistan.tk, 1
+nihilocomunidad.tk, 1
+nihon-rosoku.com, 1
+nihseniorhealth.gov, 0
+nihtek.in, 1
+nii2.org, 1
+niice.co, 1
+niinaratsula.com, 1
+niit-mts.com, 1
+niit.com, 1
+niitfoundation.org, 1
+niitnguru.com, 1
+niituniversity.in, 1
+niituva.ga, 1
+niiu.digital, 1
+niiucapital.com.sg, 1
+nijiero-ch.com, 0
+nijikata.com, 1
+nijimama-life.com, 1
+nijm.nl, 1
+nijniy-novgorod.tk, 1
+nijofotografie.de, 1
+nijzoon.nl, 0
+nik.io, 1
+nika-travel.ga, 1
+nikabazar.ir, 1
+nikahplus.com, 1
+nikahsekeri.tk, 1
+nikami.tk, 1
+nikandcara.com, 1
+nikant.tk, 1
+nikavandenbos.nl, 1
+nikavenus.com, 1
+nike-studio.com, 1
+nikeairjordan.cc, 1
+nikelunartw.net, 1
+nikesoccerbodotoutlet.ga, 1
+nikest.cf, 1
+nikest.tk, 1
+niket.site, 1
+nikeyichinese.com, 1
+nikhilnimiya.love, 1
+nikhilramakrishnan.tk, 1
+nikimix.com, 0
+nikitacartes.xyz, 0
+nikitagukov.ru, 1
+nikitenko.tk, 1
+nikitin.photo, 1
+nikitina.ml, 1
+nikka.systems, 1
+nikkasystems.com, 1
+nikkei225jp.com, 1
+nikkila.me, 1
+nikkotaytay.tk, 1
+nikksno.io, 1
+niklas.pw, 1
+niklasbabel.com, 1
+niklashagman.se, 1
+niklasstinkt.com, 1
+niko-mapping-studio.tk, 1
+niko-vfx.com, 0
+nikoflix.site, 1
+nikolab.com.ua, 1
+nikolaev.ml, 1
+nikolahost.tk, 1
+nikolahristov.tech, 1
+nikolai-schmidt.tk, 1
+nikolaipribylski.tk, 1
+nikolaj-platoshkin.cf, 1
+nikolamilekic.com, 1
+nikolasbradshaw.com, 1
+nikon-photocontest.com, 1
+nikonlibrary.co.uk, 1
+nikonnps.co.uk, 1
+nikonschool.co.uk, 1
+nikosoikonomopoulos.tk, 1
+nikosverths.tk, 1
+nikotiinipussit.com, 1
+nikscloud.eu, 1
+nikz.in, 1
+nil.com, 1
+nil.gs, 0
+nil.mx, 1
+niledevelopmentseg.com, 1
+nilefi.cf, 1
+niles-simmons.de, 1
+niles.xyz, 1
+nilesil.gov, 1
+nilianwo.com, 1
+nilmaraquintela.com.br, 1
+nilnasc.com, 1
+nilosoft.com, 1
+niloxy.com, 1
+nilpointer.com, 1
+nilrem.org, 0
+nils.ch, 1
+nils.moe, 1
+nilsbrisset.info, 1
+nilslandscaping.com.au, 1
+nilsnet.tk, 1
+nilsvital.de, 1
+nim.tw, 1
+nimbl.nz, 1
+nimble.com.br, 1
+nimblefins.co.uk, 1
+nimbo.com.au, 1
+nimbus-link.co.uk, 1
+nimbus-net.tk, 1
+nimbuslink.co.uk, 1
+nimbyte.com, 1
+nimeia.tk, 1
+nimes-gard.fr, 1
+nimfa.ml, 1
+nimfomanki.tk, 1
+nimiedad.com, 1
+nimiq.com, 1
+nimit.se, 1
+nimnadasl.tk, 1
+nimnordic.com, 1
+nimus.tk, 1
+nina-laaf.de, 1
+nina-woerz.tk, 1
+ninaafenehjelm.com, 1
+ninadeissler.de, 1
+ninadevil.org, 1
+ninakoenig.org, 1
+ninanice.net, 1
+ninaobermeier.com, 1
+ninarocha.ch, 1
+ninasky.tk, 1
+ninasofian.ro, 1
+ninaundandre.de, 1
+ninavegas.net, 1
+ninchat.com, 1
+ninebennink.com, 0
+ninedaysmore.tk, 1
+nineenergyservice.com, 1
+ninepints.co, 1
+ninespec.com, 1
+ninetailed.ninja, 1
+ninetaillabs.com, 1
+ninetaillabs.xyz, 1
+nineteensixtyone.co.uk, 1
+ninetyninestreet.co.nz, 1
+ninetyseven.tk, 1
+ninfora.com, 1
+ningrui.me, 0
+ningunlugarestalejos.com, 1
+ningwei.net, 1
+niniko.tk, 1
+ninja-corner.tk, 1
+ninjahub.net, 1
+ninjamagic.tk, 1
+ninjaseo.es, 1
+ninjasquad.fr, 1
+ninjaworld.co.uk, 1
+ninkt.com, 1
+ninmegam.gq, 1
+ninofink.com, 1
+ninohaslach.ch, 1
+ninovayazilim.com, 1
+ninoxlinks.online, 1
+ninpang.com, 1
+ninrio.com, 1
+ninsin-akachan.com, 1
+nintendocarddelivery.com, 1
+nintendocollectionsystem.com, 1
+nintendoreporters.com, 1
+ninth.cat, 1
+ninth.moe, 1
+ninth.tw, 1
+ninthc.at, 1
+ninthfloor.org, 1
+ninure.tk, 1
+ninux.ch, 0
+ninverse.com, 1
+niourk.com, 1
+nipax.cz, 1
+nipe-systems.de, 1
+nipit.biz, 1
+nipoafricaeng.co.tz, 1
+nippel.tk, 1
+nipplefucking.com, 1
+nippon-tour.tk, 1
+nippon.plus, 1
+nipponkempoph.tk, 1
+nipponkousei.com, 1
+nipponnews.tk, 1
+nipponsteelwelding-thai.co.th, 1
+nippynet.tk, 1
+nirada.info, 1
+nirex.as, 1
+nirex.cz, 1
+nirex.sk, 1
+nirhub.ru, 1
+nirjonmela.com, 1
+nirjonmela.net, 1
+nirma.co.in, 1
+nirmalroy.ml, 1
+niro.bio, 1
+nirudo.me, 1
+nirvana-esport.fr, 1
+nirvananirvana.tk, 1
+nirvanashop.com, 1
+nirvati.org, 1
+nirvel-shop.com, 1
+niscemi.tk, 1
+nishikino-maki.com, 1
+nishimebistro.cz, 1
+nishisbma.com, 1
+nishiwaki-shonaifoods.com, 1
+nishiyama-shoten.com, 1
+nisomnia.com, 1
+nissanofbismarckparts.com, 1
+nissanpartsdeal.com, 1
+nisselist.tk, 1
+nisselrooij.nl, 1
+nissens.com, 1
+nist.tech, 1
+nit.school, 1
+nitaonline.org, 0
+nitecore.ga, 1
+nitendaytowing.ga, 1
+nitifilter.com, 1
+nitix.games, 1
+nitolab.com, 1
+nitoville.com, 1
+nitranoviny.sk, 1
+nitrix.me, 1
+nitro.az, 1
+nitrocloud.ddns.net, 1
+nitrohorse.com, 0
+nitrokey.com, 1
+nitromaster.tk, 1
+nitromtb.org, 1
+nitropanel.com, 0
+nitropur.com, 1
+nitropur.de, 1
+nitroupload.com, 1
+nitschinger.at, 1
+nitter.hu, 0
+nitter.net, 1
+niu.edu.tw, 1
+niuco.com.br, 1
+niunaimilk.cn, 0
+niutennici.tk, 1
+nivaad.com, 1
+nivarussia.ml, 1
+niveau-klatsch.com, 1
+niveau-texter.de, 1
+nivel03.com, 1
+nivoit.cf, 1
+nix-sender.com, 1
+nix-sender.ru, 0
+nix.org.ua, 0
+nix13.xyz, 1
+nixcore.gq, 1
+nixcp.com, 1
+nixie.fashion, 1
+nixonlibrary.gov, 1
+nixor.ee, 0
+nixorigin.one, 1
+nixpare.com, 1
+nixplus.tk, 1
+nixrepair.nl, 1
+nixsub.tk, 1
+nixtest.net, 1
+nixx-gel.cz, 1
+nixx.tk, 1
+nixxin.tk, 1
+niyawe.de, 1
+niyazpoyilan.com, 0
+niyen.com, 1
+niyen.eu, 1
+niyen.net, 1
+niyen.org, 1
+niyen.social, 1
+nizarvoiceover.tk, 1
+nizhaoheng.com, 1
+nizozemsku.nl, 1
+nizwassolutions.com, 1
+nja.id.au, 1
+njast.net, 1
+njbr.ml, 1
+njbr.tk, 1
+njcareers.org, 1
+njccpo.gov, 1
+njdcj.gov, 1
+njdge.gov, 1
+njeda.gov, 1
+njedge.net, 1
+njgames.org, 1
+njhq.org, 1
+njilc.com, 1
+njintl.com, 1
+njleg.gov, 1
+njliner.me, 1
+njliner.net, 1
+njngroup.org, 1
+njpc.org, 1
+njpjanssen.nl, 1
+njpranksters.tk, 1
+njpropertysolutionsrealty.com, 1
+njsbf.org, 1
+njsda.gov, 1
+njshield.gov, 1
+njsp.gov, 1
+njtransfer.org, 1
+njuftp.com, 1
+njvcco.gov, 1
+nk-vision.com, 1
+nk1.de, 1
+nkapliev.org, 1
+nkbi.ru, 1
+nkbwnx.com, 1
+nkg-mosbach.de, 1
+nkg.com.au, 1
+nkghas.com, 1
+nkjwmn.com, 1
+nkjwrs.com, 1
+nkkr.hu, 1
+nklwhx.com, 1
+nko.org, 1
+nkontur.com, 1
+nkorolev.tk, 1
+nkp-media.de, 1
+nkrupp.net, 1
+nksmart.ru, 0
+nkvd-farm.ru, 1
+nkx4sjyrk4tcv0sluhwajyc-n6icja9gchqxmhp.com, 0
+nkyrtl.org, 1
+nl-comunistas.tk, 1
+nl-ix.net, 1
+nl.search.yahoo.com, 0
+nl3ehv.nl, 1
+nla.no, 1
+nlap.ca, 0
+nlc-business.com, 1
+nlgr.de, 1
+nllboard.co.uk, 1
+nlm.gov, 1
+nlorganizing.com, 1
+nlponline.com.ua, 1
+nlrb.gov, 1
+nlyfeue.gq, 1
+nm.cx, 1
+nm.sl, 1
+nma.is, 1
+nmaedu.org, 1
+nmb.gov, 1
+nmbhgc.org, 1
+nmcdm.org.in, 1
+nmcep.net, 1
+nmd.so, 1
+nmegent.be, 1
+nmeoverbetuwe.nl, 1
+nmfinanciallaw.com, 1
+nmhp.com, 1
+nmijudiciary.gov, 1
+nmjusticedata.gov, 1
+nmmlp.org, 1
+nmontag.com, 1
+nms-thoracic-surgery.com, 1
+nmugroup.com, 1
+nmx.de, 1
+nmx.moe, 1
+nn-com.co.jp, 1
+nn-vol.ga, 1
+nn0.net, 1
+nn01.cc, 1
+nn01.com, 1
+nn04.org, 1
+nn5197.co, 1
+nn6729.co, 1
+nn6729.com, 1
+nn6957.co, 1
+nn9297.co, 1
+nn9397.com, 0
+nn9721.com, 0
+nn9728.co, 1
+nna774.net, 1
+nnc.cat, 1
+nnc.im, 1
+nndfn.com, 1
+nnet.ca, 1
+nnews.tk, 1
+nnkkserver02.ddns.net, 1
+nnlm.gov, 1
+nnnn.loan, 1
+nnnnn.click, 1
+nnnovel.com, 1
+nnrevolt.com, 1
+nnss.gov, 1
+no-andishan.ir, 1
+no-cookies.net, 1
+no-data.tk, 1
+no-eye-deer.tk, 1
+no-gods-no-masters.com, 1
+no-grey-area.com, 1
+no-ice.be, 1
+no-ice.nl, 1
+no-ip.cz, 1
+no-more-gray-hair.ga, 1
+no-more-gray-hair.gq, 1
+no-more-gray-hair.ml, 1
+no-n.at, 1
+no-nat.de, 1
+no-real.tk, 1
+no-reply.mx, 1
+no-terrorism.tk, 1
+no-war-on-iraq.tk, 1
+no-xice.com, 0
+no.search.yahoo.com, 0
+no112.org, 1
+no1universities.tk, 1
+no2bacoorcityhood.tk, 1
+no34infowey.co.uk, 1
+noaccess.tk, 1
+noacore.ch, 1
+noadi-pixels.tk, 1
+noagendahr.org, 1
+noah-shop.com, 1
+noah-witt.com, 1
+noahjacobson.com, 1
+noahmodas.com.br, 1
+noahs.com, 1
+noahsaso.com, 1
+noamweb.com, 1
+noangel.tk, 1
+noart.tk, 1
+noatec.eu, 1
+noawildschut.com, 1
+noawildschut.nl, 1
+nob.ro, 1
+nobackups.com, 1
+nobasico.com.br, 1
+nobellc.com, 1
+nober.tk, 1
+nobilefoods.com, 1
+nobitschek.de, 1
+noble-diagnostic.com, 1
+noblechemical.com, 1
+nobleco.gov, 1
+noblecountyprosecutoroh.gov, 1
+noblehearinginstitute.com, 1
+nobleparkapartments.com.au, 1
+nobleproducts.biz, 1
+noblesmart.com, 1
+nobletary.com, 1
+noblogs.org, 1
+nobori.cloud, 1
+nobori.ltd, 1
+nobori.me, 1
+nobounce.me, 0
+noboxo.ch, 1
+nobreaks.ca, 1
+nobs.no, 1
+nobsmc.com, 1
+nobunplease.com, 1
+nobutwhy.com, 1
+nobz.com.br, 0
+noc.best, 1
+noc.wang, 1
+nocapplugins.xyz, 1
+nocillaconchorizo.tk, 1
+nocit.dk, 1
+nocks.com, 1
+noclegiwchecinach.pl, 1
+nocloud.website, 1
+noco.nl, 1
+nocoastpunx.tk, 1
+nocodefactory.io, 1
+nocoffee.tech, 1
+nocoffeetech.de, 1
+nocommentsallowed.com, 1
+nocr.net, 1
+nocreyentes.org, 1
+nocrm.io, 1
+noctinus.tk, 1
+noctisphoto.tk, 1
+nocturnos.tk, 1
+nocturnus.tk, 1
+noctys.com, 1
+nocyclopedia.tk, 1
+nodde.cf, 1
+nodecdn.net, 1
+nodecore.mine.nu, 1
+nodecraft.com, 1
+nodefoo.com, 1
+nodejs.org, 1
+nodelab-it.de, 1
+nodelia.com, 1
+nodepoet.com, 1
+noderunners.network, 1
+nodespin.com, 1
+nodestination.tk, 1
+nodi.at, 0
+nodi.cloud, 1
+nodie.ga, 1
+nodist.club, 1
+nodkimrecord.com, 1
+nodl.cloud, 1
+nodmarcrecord.com, 1
+noedidacticos.com, 1
+noefio-software.com, 1
+noel.wf, 1
+noel.yt, 1
+noelblog.ga, 1
+noellimpag.me, 0
+noemax.com, 1
+noeontheend.com, 1
+noexcusesc.gov, 1
+noexec.org, 1
+nofilter.gq, 1
+nofrillsdns.com, 1
+noga4you.de, 1
+nogema.net, 1
+nogerondier.eu, 1
+nogetime.com, 1
+nogfw.org, 1
+nogfw.pro, 1
+nogfwsite.com, 1
+nogger.nl, 1
+nogluten.com, 1
+nogmat.org, 1
+nogradhont.hu, 1
+nogre.com, 1
+nogyogyaszat.eu, 1
+nohatenj.gov, 1
+nohats.ca, 1
+nohomeinsurance.com, 1
+nohttps.org, 1
+nohungerfoodbank.org, 1
+nohup.se, 1
+nohup.xyz, 1
+noideas.tk, 1
+noidlikes.coffee, 1
+noiglosujemy.com.pl, 1
+noiglosujemy.pl, 1
+noincludesubdomains.preloaded.test, 0
+noirland.co.nz, 1
+noirmale.com, 1
+noirpvp.com, 1
+noiseboyz.com, 1
+noisebridge.social, 1
+noisky.cn, 1
+noisyfox.cn, 1
+noisyfox.io, 1
+noisyspa.io, 1
+noithatbachtin.com, 1
+noithatphangia.net, 1
+noj.ac, 0
+nojihata.com, 1
+nojok.es, 1
+nojoumstudio.live, 1
+nojum.tk, 1
+nokarateinthepit.com, 1
+nokchon.tk, 1
+nokia.la, 1
+noknow.ovh, 1
+nokono.com, 1
+nokoshop.fr, 1
+noktadedektor.com, 1
+noktron.de, 1
+nokumbaya.com, 1
+nokya.tk, 1
+nokzedoc.tv, 1
+nolanpoe.me, 1
+nolanpowellisaho.com, 1
+nolanvilletx.gov, 1
+nolate.de, 1
+nolatepayments.com, 1
+nolaviz.org, 1
+noleggio-bagni-chimici.it, 1
+noleggiobagnichimici.perugia.it, 1
+noleggioimbarcazioni.it, 1
+noleggiolimousine.roma.it, 1
+noleggiovetture.it, 1
+nolimit.bike, 1
+nolinobaby.pl, 1
+nolt.io, 1
+nolte-tver.ru, 1
+nolutut.ga, 1
+nomada.gt, 1
+nomadaregalos.com, 1
+nomadcasino.com, 1
+nomadichome.com, 1
+nomadichome.org, 1
+nomadichomes.com, 1
+nomadichomes.org, 1
+nomadiclifes.com, 1
+nomadicrootsco.com, 1
+nomadix.com, 1
+nomadlist.com, 1
+nomadproject.io, 0
+nomadtech.servehttp.com, 1
+nomadworld.net, 1
+nomasfraudecolorado.gov, 1
+nomaspicaduras.com, 1
+nomaster.cc, 1
+nomee6.xyz, 1
+nomerel.com, 1
+nomerodekors-esport.no, 1
+nomerodekors.no, 0
+nomesbiblicos.com, 1
+nomial.co.uk, 1
+nomifensine.com, 1
+nomik.xyz, 1
+nomo.com, 1
+nomore112.org, 1
+nomsing.tk, 1
+nomtechbytes.com, 1
+nomwoning.nl, 0
+nomzamo.spdns.org, 1
+noname-ev.de, 0
+nonametheme.com, 1
+noncombatant.org, 1
+nonemail.ch, 1
+nonemu.ninja, 1
+nonlinearsystem.eu, 1
+nonnaloreta.it, 1
+nono.fi, 0
+nono303.net, 1
+nonobstant.cafe, 1
+nonpareilonline.com, 1
+nonprofit.info, 1
+nonsa.pl, 1
+nonslipdeckingco.uk, 1
+nonstopjob.ga, 1
+nontonfilem.ml, 1
+nonuplebroken.com, 1
+nonverbalcommunicationcertificate.com, 1
+nonx.pro, 1
+nonxsistent.tk, 1
+nonzero.io, 1
+noob-box.net, 1
+noob-rp.ru, 1
+nooben.com, 1
+noobit.org, 1
+noobow.me, 1
+noobs-in-action.com, 1
+noobsrus.co.uk, 1
+noobsunited.de, 0
+noobswhatelse.net, 1
+noobunbox.net, 1
+noodweer.be, 1
+noom.com, 1
+noomist.com, 1
+noon-entertainments.com, 1
+noonan.family, 1
+noonan.tech, 1
+nooneshere.co.uk, 1
+noop.ch, 1
+noop.com.au, 1
+noordbikers.tk, 1
+noorden.com, 1
+noordsee.de, 1
+noordwijk.nl, 1
+nooresunnat.tk, 1
+noorsolidarity.com, 0
+noorzaitribe.ga, 1
+noosebrigade.com, 1
+noosxe.com, 1
+nootropic.com, 1
+nootropicpedia.com, 1
+nootropil.cf, 1
+noovell.com, 1
+nopagefound.com, 1
+nopaincenter.ro, 0
+nopajam.tk, 1
+nopaste.eu, 1
+nopaynocure.com, 1
+nophelet.com, 1
+nopiamanual.net, 1
+nopm.xyz, 1
+nopropaganda.tk, 1
+nopuedesdejarlopasar.es, 1
+nora-devot.com, 1
+nora.dog, 1
+noraahost.com, 1
+noracora.com, 1
+norad.sytes.net, 1
+noradevot.com, 1
+noradevot.org, 1
+noradrenalina.com, 1
+norala.tk, 1
+noralku.net, 1
+norazpublicservice.gov, 1
+norbert-wollheim-platz.tk, 1
+norbertorabinovichblog.com, 0
+norbit.de, 1
+norcalworkcomp.com, 1
+norcconcrete.com, 1
+norcopa.gov, 1
+nord-sud.be, 1
+nordaccount.com, 1
+nordbusinessaccount.com, 1
+nordcheckout.com, 1
+nordcity.ga, 1
+nordelig.com, 1
+norden.eu.org, 1
+norden.social, 1
+norderney-zs.de, 1
+nordesttrasporti.it, 1
+nordfinck.de, 1
+nordformstore.dk, 1
+nordgravite.fr, 1
+nordhealth.com, 1
+nordicequities.com, 1
+nordicirc.com, 1
+nordico.club, 1
+nordicportalen.tk, 1
+nordicsemi.com, 1
+nordicsolutionsgroup.com, 1
+nordicsrit.tk, 1
+nordicway.dk, 1
+nordinfo.fi, 1
+nordiskhiss.se, 1
+nordiskhissvarmland.se, 1
+nordlandsbanken.no, 1
+nordlandverliebt.de, 1
+nordlayer.com, 1
+nordlichter-brv.de, 1
+nordlocker.com, 1
+nordmark-pharma.de, 1
+nordmoregatebilklubb.com, 1
+nordpass.asia, 1
+nordpass.com, 1
+nordsec.com, 1
+nordseeblicke.de, 1
+nordstarfossils.com, 1
+nordvestkysten.de, 1
+nordvestkysten.dk, 1
+nordvpn.com, 1
+nordwal.de, 1
+nordwaldzendo.de, 1
+norebase.com, 1
+noref.tk, 1
+noregrets.tk, 1
+noreply.mx, 1
+norestfortheweekend.com, 1
+norfipc.com, 1
+norfolkgardencare.co.uk, 1
+norgesenergi.no, 1
+norichanmama.com, 1
+noriel.ro, 1
+norikazumatsuno.tk, 1
+noripon.blog, 1
+noriskit.nl, 1
+noritakechina.com, 1
+norlink.ca, 1
+normaculta.com.br, 1
+normahairstudio.it, 1
+normalady.com, 1
+normalil.gov, 1
+normalinlinden.de, 1
+normalized.ga, 1
+normalizuj.me, 1
+normalporter.tk, 1
+normalsecurity.com, 1
+norman-legal.com, 1
+norman-preusser-gmbh.de, 1
+normanbauer.com, 1
+normandgascon.com, 1
+normandy.tk, 1
+normanhurstldc.nsw.edu.au, 1
+normco.re, 0
+normity.nl, 1
+norml.fr, 1
+noroutine.com, 1
+noroutine.me, 1
+norridgewock.gov, 1
+norrisautomotiveinc.com, 1
+norrishome.tk, 1
+norristn.gov, 1
+norrkemi.se, 1
+norrlandsbilverkstad.se, 1
+norrliden.de, 1
+norsewars.com, 1
+norskespilleautomater.com, 1
+norskpensjon.no, 1
+nortecompartidoexperience.es, 1
+nortecultural.tk, 1
+nortek.com, 1
+northafrican.tk, 1
+northamericantrack.com, 1
+northampton-vets.co.uk, 1
+northatlantalawgroup.com, 1
+northatlantalawgroup.net, 1
+northaugustasc.gov, 1
+northbannockfire.gov, 1
+northbayvillage-fl.gov, 1
+northbengaltourism.com, 1
+northboot.xyz, 0
+northbranch-md.com, 0
+northbranfordct.gov, 1
+northbranfordpdct.gov, 1
+northbrisbaneapartments.com.au, 1
+northcapitalb.com, 1
+northcarolinahealth.tk, 1
+northcharlestonsc.gov, 1
+northcoastlabs.com, 1
+northcoastpsychotherapy.com.au, 1
+northcountyfire.gov, 1
+northcountykiaparts.com, 1
+northcreekresort.com, 1
+northcreekresortblue.ca, 1
+northdallasendo.com, 1
+northdavisfireut.gov, 1
+northdevonbouncycastles.co.uk, 1
+northeastcdc.org, 1
+northeasternchimney.com, 1
+northeasternsportfishing.com, 1
+northebridge.com, 0
+northernflame.tk, 1
+northerngate.net, 1
+northernhamsterclub.com, 1
+northernlight.com, 1
+northernlitescourier.ca, 1
+northernpowertrain.com, 1
+northfayettepa.gov, 1
+northfayettepapolice.gov, 1
+northfieldmn.gov, 1
+northfieldnh.gov, 1
+northfinance.dk, 1
+northflightaeromed.org, 1
+northhampton-nh-pd.gov, 1
+northhudsonwi.gov, 1
+northinfocus.org, 1
+northiowatractorride.com, 1
+northkingstownri.gov, 1
+northkoreainsider.tk, 1
+northliner.tk, 1
+northlinkferries.com, 1
+northlinkferries.net, 1
+northmiamibeachfl.gov, 1
+northmountliquor.ca, 1
+northoaksmn.gov, 1
+northokanaganbookkeeping.com, 1
+northplainfield-nj.gov, 1
+northplainfieldnj.gov, 1
+northplattene.gov, 1
+northpointoutdoors.com, 1
+northpole.dance, 1
+northportfl.gov, 1
+northportpdfl.gov, 1
+northpost.is, 1
+northprairiepdwi.gov, 1
+northprairiewi.gov, 1
+northpublicidade.com.br, 1
+northrose.net, 1
+northshoremums.com.au, 1
+northshorevisitor.com, 1
+northstarcommunitytrust.org, 1
+northstarcommunitytrust.org.uk, 1
+northstaredit.org.uk, 1
+northstarmodular.com, 1
+northstartrust.co.uk, 1
+northstartrust.com, 1
+northstartrust.org, 1
+northstartrust.org.uk, 1
+northsummitfireut.gov, 1
+northtek.tk, 1
+northteksystems.com, 1
+northtex.com, 1
+northtexaspiano.org, 1
+northtexasvasectomy.com, 1
+northtints.store, 1
+northtopsailbeachnc.gov, 1
+northtowndental.ca, 1
+northumberlandcountypa.gov, 1
+northumbria.ac.uk, 1
+northwest-events.co.uk, 1
+northwestimaging.com, 1
+northwilkesboronc.gov, 1
+northwoodoh.gov, 1
+northwoodstudios.org, 1
+northzone.ml, 1
+norvelltwp-mi.gov, 1
+norwalkct.gov, 1
+norwalkps.org, 0
+norway.ml, 1
+norwayinternetstuffs4u.tk, 1
+norwegian.events, 1
+norwellma.gov, 1
+norwichzen.org.uk, 1
+norwoodma150.gov, 1
+norys-escape.de, 1
+norz.at, 1
+norzetto.com, 1
+nos-oignons.net, 1
+nosacheva.ru, 1
+nosandjayo.com, 1
+nosbenevolesontdutalent.com, 1
+noschairsfauteuils.fr, 1
+noscript.net, 1
+noseastumismo.com, 1
+nosecare.com, 1
+nosecrets.ch, 1
+nosedoctor.net, 1
+nosetup.tk, 1
+noseware-apps.de, 1
+nosfermiers.com, 1
+nosinmiperro.tk, 1
+nosite.co.za, 1
+noskov.org, 1
+nosleepforrobots.com, 1
+noslite.nl, 1
+nosmoke.cc, 1
+nosmoking.tk, 1
+nosoxo.com, 1
+nosproduitsdequalite.fr, 1
+nossaseguros.ao, 1
+nossasenhoradodesterro.com.br, 1
+nossasenhoradopranto.pt, 0
+nossorepresentante.com.br, 1
+nostalgicinfinity.tk, 1
+nostalgie.tk, 1
+nostalgift.ir, 1
+nostalgiktv.ml, 1
+nostalgimidi.se, 1
+nostalgische-attracties.nl, 1
+nostaljicicekcilik.com, 1
+nostar.fr, 1
+nostoautomaatti.fi, 1
+nostosh.eu.org, 1
+nostradansacornella.tk, 1
+nostraforma.com, 0
+nostring.io, 1
+nostrum.ee, 1
+nostrupload.com, 1
+nosuch.site, 1
+nosuch.website, 1
+nosurfinbrighton.tk, 1
+noswap.com, 1
+nosyu.pe.kr, 0
+not-a.link, 1
+not4me.ga, 1
+not4me.tk, 1
+nota-web.com, 1
+nota.moe, 1
+nota.place, 1
+notabug.eu, 1
+notabug.org, 1
+notacooldomain.com, 1
+notactivelylooking.com, 1
+notadd.store, 1
+notallmine.net, 0
+notalone.gov, 1
+notar-glagowski.com, 1
+notar-glagowski.de, 1
+notar-peikert.com, 1
+notari.pro, 1
+notariatpublic.com, 1
+notaries-europe.com, 1
+notarisdecatalunya.org, 1
+notariusz-bialystok.com, 1
+notariuszprzybylowicz.pl, 1
+notariuszsych.pl, 1
+notary-tx.com, 1
+notary24.ru, 1
+notarypublic.co.nz, 1
+notashamedministry.org, 1
+notbolaget.se, 1
+notbot.es, 1
+notby.net, 1
+notcompletelycorrect.com, 1
+notcurses.com, 1
+notdankmemer.lol, 1
+note.ms, 1
+note1024.tk, 1
+note7forever.com, 1
+notebin.xyz, 1
+notebleue.com, 1
+noteboat.net, 1
+notebooksbilliger.de, 1
+notebooksteurer.shop, 1
+notebrook.com, 1
+notecoffee.tw, 1
+noted.de, 1
+notedinstyle.co.uk, 1
+notenarchiv.eu, 1
+notepam.com, 1
+notequal.me, 1
+notesforpebble.com, 1
+noteskeeper.ru, 1
+notfunny.tk, 1
+notgerman.com, 1
+nothinfancy.ca, 1
+nothing.net.nz, 1
+nothing.org.uk, 1
+nothingbundtcakes.com, 1
+noti.tg, 1
+noticiaelmundo.com, 1
+noticias7.org, 1
+noticiasdeautos.site, 1
+noticiasdetv.com, 1
+noticiasdocambio.com.br, 1
+noticiashoy.online, 1
+noticiassonaqui.com, 1
+noticiasymas.cl, 1
+noticieropopular.tk, 1
+noticies.tk, 1
+notienegoyete.ga, 1
+notif-build-laposte.info, 1
+notif-colissimo-laposte.info, 1
+notif-laposte.info, 1
+notif-lidentitenumerique-laposte.info, 1
+notif-lpfr-laposte.info, 1
+notif-moncompte-laposte.info, 1
+notific.at, 1
+notificami.com, 1
+notify.gov, 1
+notifyed.com, 1
+notifymy.team, 1
+notime.tk, 1
+notinglife.com, 1
+notion.so, 1
+notionbackups.com, 1
+notipress.mx, 1
+notisec.hu, 1
+notisecit.hu, 1
+notisphererecalls.com, 1
+notiziarioweb.tk, 1
+notizie.ai, 1
+notliriklagu.com, 1
+notme.cf, 1
+notmyrealmail.com, 1
+notnewz.tk, 1
+notnize.net, 1
+notnl.com, 1
+notofilia.com, 1
+notokyc.com, 1
+notomalayan.tk, 1
+notonprem.com, 1
+notora.tech, 1
+notoriousdev.com, 1
+notre-planete.info, 1
+notrefuse.tk, 1
+notrero13.com, 1
+notresiteduvercors.tk, 1
+notryden.com, 1
+notsafefor.work, 1
+notsoape.com, 1
+nottawatwpisabellami.gov, 1
+nottinghammoneyman.com, 1
+nottwo.ru, 1
+notube.cc, 1
+notube.io, 1
+notube.net, 1
+notube.site, 1
+notyour.chat, 1
+nou9ta.tk, 1
+noudjalink.nl, 1
+nougat-anduze.fr, 1
+noumeet.com, 1
+nouragha.com, 1
+nourishandnestle.com, 1
+nourishbyfrida.com, 1
+noussommesluniversite.org, 1
+nousyukum.com, 1
+nouveau.nl, 1
+nouveauhosting.com.au, 1
+nouvelle.net.au, 1
+nova-dess.ch, 0
+nova-eq.com, 1
+nova-host.ml, 1
+nova-kultura.org, 1
+nova.live, 1
+novabench.com, 0
+novacal.ga, 1
+novacoaching.nl, 1
+novacoast.com, 1
+novadir.com, 1
+novafreixo.pt, 1
+novageracao2021.pt, 1
+novaintegra.co, 1
+novaintegra.com, 1
+novak.cf, 1
+novakola.bg, 1
+novalevante.info, 1
+novalite.rs, 0
+novalnet.de, 1
+novanetwork.ml, 1
+novanice.net, 1
+novantaphotonics.com, 1
+novaquark.com, 1
+novaratoday.it, 1
+novarock.tk, 1
+novasdecadamanha.com.br, 1
+novashare.io, 1
+novasprint.tk, 1
+novastore.com.br, 1
+novastores.co, 1
+novatelecom.cl, 0
+novavax.com, 0
+novaway.ca, 1
+novaya.media, 1
+novaya.no, 1
+novayagazeta-ug.ru, 1
+novayagazeta.ee, 1
+novayagazeta.eu, 1
+novayagazeta.ru, 1
+novayazemlya.tk, 1
+nove.city, 1
+noveciti.com, 1
+novecity.cloud, 1
+novecity.com, 1
+novecity.info, 1
+novecity.it, 1
+novecity.org, 1
+novecitymail.com, 1
+novecore.pro, 1
+novel543.com, 1
+novelas.net.br, 1
+novelinglife.net, 0
+novelly.in, 1
+novelmic.com, 1
+noveltydoorers.ga, 1
+noveltydoorest.ga, 1
+novelvyretraite.fr, 1
+novema.jp, 1
+novenopiso.tk, 1
+novezamky.tk, 1
+novgorod24.tk, 1
+novgorodinfo.tk, 1
+novi-marof.hr, 1
+novias.co.jp, 1
+noviceman.tk, 1
+novichek-plus.ml, 1
+novichok.ml, 1
+novickoe.ml, 1
+novilaw.com, 1
+novilidery.com, 1
+novilist.hr, 1
+novinkihd.tk, 1
+noviny.sk, 1
+novinykraje.cz, 1
+novip.tk, 1
+noviyan.com, 1
+novobi.com, 1
+novocarrobr.com.br, 1
+novodiegomaia.com.br, 1
+novogimn.tk, 1
+novogradnje.si, 1
+novogrudok.tk, 1
+novojet.cl, 1
+novokurovka.tk, 1
+novokuznetsk.tk, 1
+novonegoc.io, 1
+novoodesabibl.tk, 1
+novoopus.com, 1
+novoresume.com, 1
+novorossiysk.tk, 1
+novorussiya.tk, 1
+novosad-kom.tk, 1
+novosel.ga, 1
+novoselie.ga, 1
+novosibavia.ru, 0
+novosleep.ca, 1
+novosti-novorossii.ml, 1
+novosti-novosibirsk.tk, 1
+novosti-online.tk, 1
+novosti-tv.tk, 1
+novostimira.gq, 1
+novostionline.tk, 1
+novostiz.tk, 1
+novostroyki.ml, 1
+novotoznanie.com, 1
+novparket.ru, 0
+novrazbb.com, 1
+novsti.cf, 1
+novu.com, 1
+novumclinic.pl, 1
+novumnet.com.br, 1
+novurania.com, 0
+novy.software, 1
+novy.vip, 1
+novychas.online, 1
+novye-kuhni.ml, 1
+novysvit.com.ua, 1
+novyzelandnamiru.cz, 1
+now.sh, 1
+now101atm.tk, 1
+nowaccy.info, 1
+nowaesthetic.com, 1
+nowaovivo.com.br, 1
+nowarning.cc, 1
+nowbb.tk, 1
+nowebsite.tk, 1
+nowecor.de, 1
+noweigh.co.uk, 1
+nowhairtime.com, 1
+nowhere.dk, 1
+nowinkijedynki.tk, 1
+nowitzki.network, 1
+nowlas.org, 0
+nowloading.co, 1
+nowloading.tk, 1
+nowoczesnysalon.ga, 1
+nowoe.ru, 1
+nowremindme.com, 1
+nowtime.cc, 1
+nowtips.gq, 1
+nowtricity.com, 1
+nowzad.com, 1
+nowzarimd.com, 1
+noxi.ga, 1
+noxomusic.com, 1
+noxx.global, 1
+noxx.solutions, 1
+noxx.uk, 1
+noy.asia, 1
+noy.cat, 1
+noyoga.at, 1
+noyweb.tools, 1
+nozaka-k.com, 1
+nozel.cf, 1
+nozel.ga, 1
+nozel.gq, 1
+nozesurvival.pl, 1
+nozom.tk, 1
+np-edv.at, 1
+np.search.yahoo.com, 0
+np39.de, 1
+npaf.org, 1
+npaihb.org, 1
+npass.us, 1
+npath.de, 1
+npbeta.com, 1
+npc-ts.org, 1
+npc.org.au, 1
+npcradio.tk, 1
+npdigital.com, 1
+npgcdn.net, 1
+nphrm.com, 1
+npjobsite.com, 1
+nplc.cc, 1
+nplindia.org, 1
+npm.li, 1
+npmcdn.com, 1
+npomirt.ru, 1
+npontu.com, 1
+npowerbusinesssolutions.com, 1
+nprb.org, 1
+npregion.org, 1
+npsas.org, 1
+nptelegraph.com, 1
+nptn.tk, 1
+npuer.life, 1
+npws.net, 1
+nqesh.blog, 1
+nqesh.net, 1
+nqesh.org, 1
+nqesh.ph, 1
+nqeshreviewer.com, 1
+nqhomeinsurance.gov.au, 1
+nqwebdesign.com, 1
+nrac.or.jp, 1
+nrail.eu, 1
+nrbpublishing.com, 1
+nrbri.ru, 1
+nrc-gateway.gov, 1
+nrc.gov, 1
+nrchealth.com, 1
+nrd.gov, 1
+nrdstd.io, 1
+nreihofer.de, 1
+nrev.ch, 1
+nrj-plomberie.com, 1
+nrkn.fr, 1
+nrldc.in, 0
+nrm.co.nz, 1
+nrpyrenees.fr, 1
+nrsmart.com, 1
+nrsweb.org, 1
+nrthcdn.me, 1
+nrvc.net, 1
+nrvn.cc, 1
+nrvnastudios.com, 1
+nrw-stiftung-magazin.de, 1
+ns-frontier.com, 1
+ns.gov, 1
+ns230kvopenhouse.com, 1
+ns2servers.pw, 1
+nsa.ovh, 1
+nsacom.com, 1
+nsadns.uk, 1
+nsamail.uk, 1
+nsb.lk, 1
+nsbfalconacademy.org, 1
+nsbih.ba, 1
+nsboston.org, 1
+nsboutique.com, 1
+nsbufl.gov, 1
+nscai.gov, 1
+nscorporation.co.jp, 1
+nsdcprayerforce.com, 1
+nsec.dk, 1
+nseindia.com, 1
+nsep.gov, 1
+nsepapa.com, 1
+nsfw-story.com, 1
+nsfw.dk, 1
+nshipster.cn, 1
+nshipster.co.kr, 1
+nshipster.com, 1
+nshipster.es, 1
+nshispeed.nl, 1
+nsics.co.jp, 1
+nsikakimoh.com, 1
+nsine.be, 1
+nsinternational.com, 1
+nsinternational.nl, 1
+nskarate.tk, 1
+nsl.co.nz, 1
+nslacandelaria.com, 1
+nsm.ee, 1
+nsmail.cn, 1
+nsmail.com, 1
+nsn.nl, 1
+nsncatalog.com, 1
+nso.ie, 1
+nso.li, 1
+nsoft.nu, 1
+nsoiran.tk, 1
+nsopr.gov, 1
+nsopw.gov, 1
+nsp-discount.com, 1
+nsp.com.ua, 1
+nsp.ua, 1
+nspeaks.com, 0
+nspireoutreach.org, 1
+nspoh.nl, 1
+nsradiology.net, 1
+nssfchile.tk, 1
+nssquad.tk, 1
+nst-maroc.com, 1
+nstatic.xyz, 1
+nstd.net, 1
+nsteck.com, 1
+nstnet.org, 1
+nsu.pw, 1
+nsure.us, 1
+nsv.ee, 1
+nswedu.link, 1
+nsworks.com, 0
+nszero.tk, 1
+ntags.org, 1
+ntcoss.org.au, 1
+ntcp.ph, 1
+ntcrmezon.ru, 1
+ntdf.co.uk, 1
+nte.email, 1
+ntecha.com, 1
+ntechp.com, 1
+ntgltema.ml, 1
+ntgvision.com, 1
+nth.sh, 0
+nti.de, 1
+ntia.gov, 1
+ntindependent.com.au, 1
+ntinet.com, 1
+ntinformatique.ca, 1
+ntk-institute.org, 1
+ntlabs.org, 1
+ntnlst.com, 1
+ntokens.com, 1
+ntokens.com.br, 1
+ntotten.com, 1
+ntppool.com, 1
+ntppool.net, 1
+ntppool.org, 1
+ntr.ac.cn, 1
+ntreizel.com, 1
+nts.com, 1
+ntsb.gov, 1
+ntsipl.com, 1
+ntsmcqs.com, 0
+ntsp.team, 1
+ntt-buses.com, 1
+ntu.edu.sg, 0
+ntuchinesesociety.com, 0
+ntut.edu.tw, 1
+ntvtelugu.com, 1
+ntx360grad-fallakte.de, 1
+ntz.im, 1
+nu-pogodi.net, 1
+nu.com.mx, 1
+nu.fi, 1
+nuacht.ie, 1
+nuage-libre.fr, 1
+nuage365.de, 0
+nuanda.es, 1
+nuansagoal.co, 1
+nubank.com.br, 1
+nube.com.br, 1
+nubehogar.nsupdate.info, 1
+nubian.cf, 1
+nubian.tk, 1
+nubilum.noip.me, 1
+nubium.net, 1
+nubla.fr, 1
+nubla.io, 1
+nubnology.com, 1
+nubraza.com, 1
+nubu.at, 1
+nubunk.com.ng, 0
+nucciocondorelli.it, 1
+nuckollscountyne.gov, 1
+nuclea.site, 1
+nuclearcake.de, 1
+nuclearforum.tk, 1
+nuclearhell.tk, 1
+nuclearmed.org, 1
+nuclearnation.tk, 1
+nuclearsky.tk, 1
+nucleios.com, 1
+nucleomarketing.com.br, 1
+nucleosynth.space, 1
+nucleuscore.org, 1
+nucleuspanel.com, 1
+nudaveritas.tk, 1
+nudeandfresh.tk, 1
+nudegirlphotos.com, 1
+nudegirls.tv, 1
+nudel.ninja, 1
+nudes.ovh, 1
+nudesexporn.com, 1
+nudetube.com, 1
+nudevotion.com, 1
+nudgesecurity.io, 1
+nudo.tk, 1
+nudoleaks.com, 1
+nuecescountytx.gov, 1
+nuel.cl, 1
+nuernberg-finanzen.de, 1
+nuespacios.com, 0
+nuestrasdanzashn.tk, 1
+nuevacombarbala.tk, 1
+nuevaimagenpublicidad.es, 1
+nuevapublicidad.tk, 1
+nuevaya.com.ni, 0
+nuffield.nl, 1
+nugdev.co, 0
+nuggit.ga, 1
+nugmanov.net, 1
+nugratis.nl, 1
+nugush.tk, 1
+nuhbeg.com, 1
+nuhil.tk, 1
+nuhs.edu.sg, 1
+nuhs.sg, 1
+nuitec.com.br, 1
+nuits-franciliennes.fr, 1
+nuke-masters.tk, 1
+nukeiso.ml, 1
+nukeportal.ml, 1
+nukeportal.tk, 1
+nukeshop.tk, 1
+nukleoti.de, 1
+nukute.com, 0
+nul20.nl, 1
+null-d.com, 1
+null-life.com, 0
+nullbit.tk, 1
+nulldev.org, 1
+nulle-part.org, 1
+nulledme.ga, 1
+nulleds.tk, 1
+nullificatr.tk, 1
+nullnix.gr, 1
+nullonerror.org, 1
+nullop.tech, 1
+nullptr.zone, 1
+nullroute.com, 1
+nullroute.wtf, 1
+nullscripts.tk, 1
+nullsechs.tk, 1
+nullshare.tk, 1
+nulltime.net, 1
+nullvoid.me, 1
+nullxsec.net, 1
+nully.xyz, 1
+nulo.ar, 0
+nulo.in, 1
+nuls.io, 1
+nulsc.biz, 1
+numancia.tk, 1
+numarasorgulama.tel, 1
+number.me, 1
+numbercult.net, 1
+numberzero.org, 1
+numbots.com, 1
+numeezy.com, 1
+numerama.com, 1
+numericall.gq, 1
+numeriquoi.com, 1
+numeritelefonici.it, 1
+numerix.com, 1
+numerli.com, 1
+numero1.ch, 0
+numero1.tk, 1
+numerobis.tk, 1
+numerologist.com, 1
+numerosrojos.es, 1
+numerossanos.com.ar, 1
+numerouno.ml, 1
+numerspiral.pt, 1
+numismatix.de, 1
+numismed-seniorcare.de, 1
+nummer378.de, 1
+numo.co, 1
+numwave.nl, 1
+numxl.com, 1
+nunesgh.com, 1
+nunesgh.org, 1
+nunnenmacher.net, 0
+nunnun.jp, 1
+nuno-sarmento.com, 1
+nunoarruda.com, 1
+nunoefabia.tk, 1
+nunogand.com, 1
+nunoleiria.com, 1
+nunomoura.com, 1
+nunoprospero.com, 1
+nunsarean.tk, 1
+nuntiicaelo.in.ua, 1
+nunu.cf, 1
+nunu.ml, 1
+nuooly.com, 1
+nuos.org, 1
+nuovaelle.it, 1
+nuovaguardia.tk, 1
+nuovicasino.it, 1
+nupaybusiness.com.br, 1
+nuquery.com, 1
+nur-test.de, 1
+nur.berlin, 1
+nuraling.com, 1
+nuranagi.rocks, 1
+nureg.club, 1
+nureg.net, 1
+nuria-fergo.tk, 1
+nuriaamat.com, 1
+nuriacamaras.com, 1
+nurkamol.com, 1
+nurlyn.com, 0
+nurmio.fi, 1
+nurnabi.ml, 1
+nurseactioners.ga, 1
+nurseactionest.ga, 1
+nursejj.com, 1
+nursemom.ca, 1
+nurserystory.co.uk, 1
+nurseslabs.com, 1
+nursetheticsbyliam.co.uk, 1
+nursing-school-degrees.com, 1
+nursing-school2.tk, 1
+nursingconsultant.ca, 1
+nursinghero.com, 1
+nursinglicensure.org, 1
+nursingschool.network, 1
+nursunity.ml, 1
+nurture-thrive.com, 1
+nusabarongmotormalang.com, 1
+nusaceningan.io, 1
+nusantaraku.tk, 1
+nusatrip-api.com, 1
+nussadoclub.org, 1
+nussschale.eu, 1
+nustay.com, 1
+nut-dev.com, 1
+nut.spb.ru, 1
+nutbot.co.uk, 1
+nutleyarchives.org, 1
+nutleyeducationalfoundation.org, 1
+nutleyef.org, 1
+nutmeg.com, 1
+nutra-creations.com, 1
+nutra.tk, 1
+nutrafitsuplementos.com.br, 1
+nutralivbio.com, 1
+nutrashop.fr, 1
+nutriciametabolics-shop.de, 1
+nutricionistatulioalmeida.com, 1
+nutriciously.com, 1
+nutriclub.co.id, 1
+nutrifruiti.ca, 1
+nutrifyyourself.com, 1
+nutrijets.com, 1
+nutriment.co.uk, 1
+nutripedia.gr, 1
+nutripure.fr, 1
+nutrisidangym.com, 1
+nutrislice.com, 1
+nutristories.gr, 1
+nutrition.gov, 0
+nutritiondynamixrd.com, 1
+nutritioned.org, 1
+nutritionfitness.fr, 1
+nutritious.cf, 1
+nutrizionista.roma.it, 1
+nutroeffect.com, 1
+nutsandboltsfoundation.org, 1
+nutsforfruits.com.au, 1
+nutwgent.tk, 1
+nuus.hu, 1
+nuva.hu, 1
+nuvabridge.com, 1
+nuvasystem.com, 1
+nuvechtdal.nl, 1
+nuvemshop.com.br, 1
+nuvini.com, 1
+nuvoagency.com, 1
+nuvolosicuro.io, 1
+nuvotheagency.com, 1
+nuwave.com, 0
+nux.jp, 1
+nuxer.fr, 1
+nuzhenkredit.ga, 1
+nuzhenkredit.gq, 1
+nuzhenkredit.ml, 1
+nuzhenkredit.tk, 1
+nv-art.ru, 1
+nvcmaine.gov, 1
+nvcogct.gov, 1
+nvda-addons.org, 1
+nvda.es, 1
+nvdps.gov, 1
+nve-qatar.com, 1
+nvest.co.za, 1
+nvestel.co.za, 1
+nvestholdings.co.za, 1
+nvestholdings.com, 1
+nvestproperties.co.za, 1
+nvests.co.za, 1
+nvestsec.co.za, 1
+nvfh.co.za, 1
+nvfoundation.com, 1
+nvh.group, 1
+nvi-go.nl, 1
+nviewscareer.com, 1
+nvigate.gov, 1
+nvio.mx, 1
+nvkc.nl, 0
+nvl-game.tokyo, 1
+nvleg.gov, 1
+nvlifeinsurance.info, 1
+nvlop.xyz, 0
+nvme.xyz, 1
+nvmo.org, 1
+nvnv.cf, 1
+nvoip.com.br, 1
+nvq.nl, 1
+nvr.bz, 1
+nvrddma.gov, 1
+nvrk.edu.ee, 1
+nvsp.in, 1
+nvtc.gov, 1
+nvtpower.com, 1
+nvtz.nl, 1
+nvz-kennisnet.nl, 1
+nw-glass.com, 1
+nw-risk.com, 1
+nwaafund.org, 1
+nwbc.gov, 0
+nwcc.bike, 1
+nwcouncil.gov, 1
+nwea.nl, 1
+nwfdaz.gov, 1
+nwfem.com, 1
+nwh.nz, 1
+nwimports.com, 1
+nwitt.us, 1
+nwoordinances.tk, 1
+nwopage.tk, 1
+nwperformanceandoffroad.com, 1
+nwps.fi, 1
+nwra.com, 1
+nwradio.tk, 1
+nwshell.com, 1
+nwspecialists.com, 1
+nwtl.com, 1
+nwtparks.ca, 1
+nwtrb.gov, 1
+nwuss.okinawa, 1
+nwwnetwork.net, 1
+nx42.pw, 1
+nxcloud.ml, 1
+nxdomain.info, 1
+nxedge.com, 1
+nxf.li, 1
+nxit.ca, 1
+nxlogis.kr, 1
+nxnt.link, 1
+nxplinc.com, 1
+nxstudios.tk, 1
+nxth.io, 1
+nxtport.eu, 1
+nxxcloud.nl, 1
+nya-cloud.com, 1
+nya.as, 1
+nya.autos, 1
+nya.chat, 1
+nya.codes, 1
+nya.one, 1
+nya.show, 1
+nya.work, 1
+nyaan.net, 1
+nyaan.org, 1
+nyac.at, 1
+nyadisk.net, 1
+nyadora.moe, 1
+nyahururu.tk, 1
+nyahururumarketplace.com, 1
+nyaken.tk, 1
+nyan.it, 0
+nyan.kim, 1
+nyan.stream, 1
+nyangasm.com, 0
+nyangasm.net, 0
+nyangasm.org, 0
+nyanor.cloud, 1
+nyansparkle.com, 1
+nyantec.com, 1
+nyap.org, 1
+nyatane.com, 1
+nyau.me, 1
+nyauth.com, 1
+nyawau.ch, 1
+nyawork.com, 1
+nybcreative.com, 1
+nycctp.com, 1
+nycdentalimplantscenter.com, 1
+nycestateest.ga, 1
+nycgastroenterologists.com, 1
+nych.com, 1
+nycoyote.org, 1
+nycpac.net, 0
+nycstyleboutique.com, 1
+nycu.moe, 1
+nydig.com, 0
+nydnxs.com, 0
+nyeclipse.com, 1
+nyecountynv.gov, 1
+nyerjakekszekkel.hu, 1
+nyerjazoreoval.hu, 1
+nyerjenaheraval.hu, 1
+nyfurnitureoutlets.com, 1
+nygbcomicguide.tk, 1
+nygbtourguide.tk, 1
+nyhaoyuan.net, 1
+nyhemsgarden.se, 1
+nyheter-sverige.ga, 1
+nyiaarhus.dk, 1
+nyiarlumar.tk, 1
+nyiooc.org, 0
+nyirc.gov, 1
+nykoping.se, 1
+nylasercenter.com.pl, 1
+nylbdc.gov, 1
+nylevemusic.com, 1
+nylipa.gov, 1
+nyliveauctions.com, 1
+nyloc.de, 1
+nym.at, 1
+nynadynasir.co.id, 0
+nynadynasir.my.id, 1
+nyoka-flutter.com, 1
+nyoka-nodejs.com, 1
+nyoka-react.com, 1
+nyoka.io, 1
+nyoka.ru, 1
+nyoliveoil.com, 1
+nyorokko.com, 1
+nyphox.ovh, 1
+nyrany.online, 1
+nyronet.de, 0
+nysis.fr, 1
+nysis.net, 1
+nysis.org, 1
+nystrom.tk, 1
+nystrs.gov, 1
+nystudio107.com, 1
+nysusankitchen.com, 1
+nytrafficticket.com, 1
+nytvattat.tk, 1
+nyupoco.com, 1
+nyuware.pw, 1
+nyxum.com, 1
+nyyu.tk, 1
+nyzed.com, 1
+nz.search.yahoo.com, 0
+nzb.su, 1
+nzbfinder.ws, 1
+nzbr.de, 1
+nzbstars.com, 1
+nzcasinohex.com, 1
+nzcorp.dk, 1
+nzdata.org, 1
+nzelaweb.com, 1
+nzguns.co.nz, 1
+nzhistory.govt.nz, 1
+nzia.tk, 1
+nzmaths.co.nz, 1
+nzmca.org.nz, 1
+nzmomentum.co.nz, 1
+nzno.org.nz, 1
+nzpost.ga, 1
+nzroom.cf, 1
+nzsafety.co.nz, 1
+nzsafetyblackwoods.co.nz, 1
+nzstudy.ac.nz, 1
+nzt.capital, 1
+nzt.co, 1
+nzt.dev, 1
+nzt.foundation, 1
+nzt.holdings, 1
+nzt.io, 1
+nzt.one, 1
+nzt.productions, 1
+nzt.properties, 1
+nzt.services, 1
+nzt.team, 1
+nzt.technology, 1
+nzt.tools, 1
+nzt.ventures, 1
+nztcap.com, 1
+nztcap.de, 1
+nztcapital.com, 1
+nztcapital.de, 1
+nztcapital.net, 1
+nztfoundation.com, 1
+nztholdings.com, 1
+nztproperties.com, 1
+nztservices.com, 1
+nzttechnology.com, 1
+nzttools.com, 1
+nzttools.net, 1
+nztventures.com, 1
+nztventures.de, 1
+nztventures.net, 1
+nzws.me, 0
+o-bereg.ru, 1
+o-dvor.tk, 1
+o-n-s.co.jp, 1
+o-results.ch, 1
+o-ta-su-ke.net, 1
+o00.eu, 1
+o00228.com, 1
+o0c.cc, 1
+o11y.top, 1
+o15y.com, 1
+o2.tn, 1
+o2design.tk, 1
+o2fitnes.ru, 1
+o2solutions.ae, 1
+o2ss.com, 0
+o3.ua, 1
+o36533.com, 1
+o365info.com, 1
+o3ptitschats.fr, 1
+o3swap.com, 1
+o3wallet.com, 1
+o5.cx, 0
+o5.vc, 1
+o5197.co, 1
+o6729.co, 1
+o6729.com, 0
+o6957.co, 1
+o6asan.com, 1
+o6i.de, 1
+o7.nz, 1
+o82365.com, 1
+o9297.co, 1
+o9728.co, 1
+o9solutions.com, 1
+oaaa.org, 1
+oabtherapy.com, 1
+oadeo.com, 1
+oahpmdata.net, 1
+oakbarnvets.com, 1
+oakbarnwellness.com, 1
+oakbottle.com, 1
+oakcreekwi.gov, 1
+oakdale.org, 0
+oakdaleca.gov, 1
+oakdalemn.gov, 1
+oaken.duckdns.org, 1
+oakesfam.net, 1
+oakface.com.au, 1
+oakharbor.gov, 1
+oakhillfl.gov, 1
+oakhillseniors.com, 1
+oakislandnc.gov, 1
+oaklandenrolls.org, 1
+oaklandfire6.com, 1
+oakparkelectrical.com, 1
+oakparkexteriorlighting.com, 1
+oakparklandscapelighting.com, 1
+oakparklighting.com, 1
+oakparkoutdoorlighting.com, 1
+oakrealty.ca, 1
+oakridgeclinic.ca, 1
+oakshield.nl, 1
+oakslim.com, 1
+oaktravel.nl, 1
+oaktree-realtors.com, 0
+oaktreecapital.com, 0
+oaktreelodge.org.uk, 1
+oakwood-park.tk, 1
+oandareview.co, 1
+oanow.com, 1
+oase-fuer-wohlbefinden.ch, 1
+oasegroen.nl, 1
+oasiristorantebagno.it, 1
+oasis-info.co.uk, 1
+oasis.in, 1
+oasisbodycare.jp, 1
+oasisgenetics.com, 1
+oasiskitchens.com, 1
+oasislab.id, 1
+oatmealdome.me, 1
+oatycloud.spdns.de, 1
+oauthaccountmanager.googleapis.com, 1
+oauthdb.com, 1
+obagg.com, 1
+obala.ga, 0
+obalawebsolutions.ml, 1
+obalky-obaly.sk, 1
+obamalibrary.gov, 1
+obamawhitehouse.gov, 1
+obandln.de, 1
+obarax.com, 1
+obatjantungrematik.tk, 1
+obbr.tk, 1
+obcevents.co.uk, 1
+obcfl.com, 1
+obclub.tk, 1
+obcom.tk, 1
+obdinvest.ru, 1
+obdolbacca.ru, 1
+obec-krakovany.cz, 1
+obecvinodol.tk, 1
+obed-doma.tk, 1
+obejor.com.ng, 1
+obelisco.tk, 1
+obelix05.duckdns.org, 1
+oberam.de, 1
+obereg.cf, 1
+obereg.ga, 1
+obereg.ml, 1
+oberg.co, 1
+oberg.us, 1
+oberhofdrinks.com, 1
+obermeiers.eu, 1
+oberoi.de, 1
+obery.com, 1
+obesidadenmallorca.com, 1
+obesidadlavega.com, 1
+obet901vip.com, 1
+obezma.com, 1
+obg-global.com, 1
+obg.ceo, 1
+obgalslancaster.com, 1
+obgynecologistnyc.com, 1
+obgynmaryland.com, 1
+obgynmiamifl.com, 1
+obgynqueensnyc.com, 1
+obi-betriebsrat.tk, 1
+obi-investissements.fr, 1
+obido.pl, 1
+obihoernchen.de, 1
+obioncountytn.gov, 1
+obioncountytn911.gov, 1
+obj.moe, 1
+object.earth, 1
+objectcache.pro, 1
+objectif-securite.ch, 1
+objectif-terre.ch, 0
+objectif-vancouver-2010.fr, 1
+objectifs-fitness.com, 1
+objectivefoodie.com, 1
+objectivity.co.uk, 1
+objectorientedsolutions.com, 1
+objekt-textil.ch, 0
+objetodestaque.com.br, 1
+obl.ong, 1
+oblak.host, 1
+oblak.studio, 1
+oblikdom.pro, 0
+oblinvest.org, 1
+oblitsov.ru, 1
+oblivious.ml, 1
+oblojka.tk, 1
+oblondata.io, 0
+obmen-viz.tk, 1
+obmen-vizitami.ml, 1
+obmenka.tk, 1
+obmennik.tk, 1
+obnalichka.cf, 1
+obnalichka.ga, 1
+obnalichka.gq, 1
+obnalichka.tk, 1
+obocat.tk, 1
+oboes.top, 1
+oboivam.ru, 1
+obomne.tk, 1
+obozrevatel.tk, 1
+obpr.gov.au, 1
+obrabotka-zakazow.tk, 1
+obraideal.com, 1
+obrasereformasbh.com.br, 1
+obrobka-zdjec.pl, 1
+obs.plus, 1
+obsceneeulogy.tk, 1
+obscur.tk, 1
+obscur.us, 1
+obscureware.xyz, 1
+obsd.me, 1
+observability.top, 1
+observatoire-des-partenariats.fr, 1
+observer.com, 1
+obsessedwithknives.ru, 1
+obsessivecompulsiveexplained.com, 1
+obsessivefacts.com, 1
+obsica.com, 1
+obsidianirc.net, 1
+obsproject.com, 1
+obss.com.tr, 1
+obss.tech, 1
+obstgarten.berlin, 1
+obsuzhday.com, 1
+obtima.org, 1
+obu4alka.ru, 1
+obuchowicz.pl, 1
+obuhov.ml, 1
+obuhov.tk, 1
+obuvgarmisch.cz, 1
+obuysya.tk, 1
+obxlistings.com, 1
+obyna3.pl, 1
+obyrai.org.ua, 1
+obyvateleceska.cz, 1
+obzor-znakomstv.tk, 1
+obzory-evgeny.tk, 1
+oc-minecraft.com, 1
+ocabj.net, 1
+ocacnews.net, 1
+ocalafl.gov, 1
+ocalaflwomenshealth.com, 1
+ocalapd.gov, 1
+ocalhukuk.com, 1
+ocapiarquitetura.com.br, 1
+ocarm.org, 1
+ocarupo.com, 0
+ocasio.es, 1
+ocassessor.gov, 1
+ocauditor.gov, 1
+ocb.gov, 1
+ocbc.com, 1
+occ.eu, 1
+occ.gov, 1
+occam-consulting.de, 1
+occasion.nc, 1
+occhelps.gov, 1
+occrp.org, 1
+occu.lt, 1
+occult-magick.ga, 1
+occult-magick.gq, 1
+occult-magick.ml, 1
+occulter.fr, 1
+occultism.tk, 1
+occultisme.tk, 1
+occultumproductions.tk, 1
+occupational-therapy-colleges.com, 1
+occupationaltherapylicense.org, 1
+occupations.org.ru, 1
+occupy4elephants.tk, 1
+occupybakersfield.tk, 1
+occupynightlife.com, 1
+occuspace.io, 1
+ocd2016.com, 1
+ocdadmin.com, 1
+ocdhub.co.za, 1
+ocealy.com, 1
+ocean-of-love.ml, 1
+ocean-sun.com, 1
+oceanaway.tk, 1
+oceanborn.ml, 1
+oceanborn.tk, 1
+oceanbreezehomes.com, 1
+oceancity.vin, 1
+oceancountynj.gov, 1
+oceancrew.org, 1
+oceandns.eu, 1
+oceandns.net, 1
+oceane.training, 1
+oceanearth.us, 1
+oceanfirst.com, 1
+oceaniahome.tk, 1
+oceaniaservergroup.com, 1
+oceanic.global, 1
+oceanings.com, 1
+oceanlogisticgroup.com, 1
+oceanlord.me, 1
+oceanofapk.com, 1
+oceanohost.com, 1
+oceanpark.vn, 1
+oceansedgecustompools.com, 1
+oceanshaman.cf, 1
+oceanshaman.ga, 1
+oceanshaman.gq, 1
+oceanshaman.ml, 1
+oceansidetour.tk, 1
+oceanspraymiami.com, 1
+oceanspringsarchives.net, 0
+oceansurplus.tk, 1
+oceanviewde.gov, 1
+oceanvisuals.com, 1
+ocenilla.ml, 1
+ocenilla.tk, 1
+ocenka-msfo.ru, 1
+ocenka-nedv.ml, 1
+ocenka.tk, 1
+ocennaswgoogle.pl, 1
+ocf.io, 1
+ocfelections.gov, 1
+ocg-card.com, 1
+ochaken.cf, 1
+ochatoosenbei.tk, 1
+ochemindessens.com, 1
+ochioneta.es, 1
+ochki-linzi.tk, 1
+ochobeatsmedia.net, 1
+ochotnicky.com, 1
+ochrepoint.com.au, 1
+ochsenfeld-design.de, 1
+ochsenfeld-fotografie.de, 1
+ochsenfeld.co, 1
+ochsundjunior.ch, 1
+ochsundjunior.swiss, 1
+ochutnejitalii.cz, 1
+ociaw.com, 1
+ocimumcdn.net, 1
+ockendenhemming.co.uk, 1
+oclausen.com, 1
+ocloudhost.com, 1
+oclube.online, 1
+ocmlng.com, 1
+ocmw.gent, 1
+ocmwgent.be, 1
+ocni-ambulance-most.cz, 1
+ocnjapartment.com, 1
+ocnjdaily.com, 1
+ocodo.ru, 1
+ocolere.ch, 1
+oconlakewi.gov, 1
+ocontocountywi.gov, 1
+ocotg.com, 1
+ocponj.gov, 1
+ocprintgraphics.gov, 1
+ocqueoctwpmi.gov, 1
+ocsamochodu.pl, 1
+ocsan.gov, 1
+ocsbl.at, 1
+ocsbl.blog, 1
+ocsbl.ch, 1
+ocsbl.cloud, 1
+ocsbl.co.uk, 1
+ocsbl.com, 1
+ocsbl.consulting, 1
+ocsbl.de, 1
+ocsbl.fr, 1
+ocsbl.group, 1
+ocsbl.info, 1
+ocsbl.link, 1
+ocsbl.media, 1
+ocsbl.net, 1
+ocsbl.network, 1
+ocsbl.nl, 1
+ocsbl.online, 1
+ocsbl.org, 1
+ocsbl.shop, 1
+ocsbl.social, 1
+ocsbl.tech, 1
+ocsbl.uk, 1
+ocsc.pro, 1
+ocsnet.com, 1
+octagon.institute, 1
+octal.es, 0
+octane.co, 1
+octane.net.au, 1
+octanio.com, 1
+octarine.cc, 1
+octarineparrot.com, 1
+octav-avocats.fr, 1
+octav.name, 1
+octavia.net, 1
+octaviorojas.tk, 1
+octaviosimon.com, 1
+octo.im, 1
+octobered.com, 0
+octocaptcha.com, 1
+octod.tk, 1
+octodex.ru, 1
+octoeverywhere.com, 1
+octofox.de, 1
+octohedralpvp.tk, 1
+octolopagon.games, 1
+octopoos.com, 1
+octopoos.org, 1
+octopub.tk, 1
+octopus-apps.be, 1
+octothorpe.club, 1
+octothorpe.ninja, 1
+octovpn.com, 1
+ocufekojip.ga, 1
+ocularsolution.com, 1
+oculta.ml, 1
+oculus.com, 1
+ocunclaimed.gov, 1
+ocuuc.org, 1
+ocvote.gov, 1
+ocwr.gov, 1
+ocydias.tk, 1
+odabilocal.com, 1
+odatakao.com, 1
+oday.org, 1
+odbierzspozywke.pl, 1
+odbtomsk.ru, 1
+odd17.org, 1
+oddfellowwellness.com, 1
+oddformrecords.tk, 1
+oddity.tk, 1
+oddlama.org, 1
+oddlemon.xyz, 1
+oddmouse.com, 0
+oddmuse.org, 1
+oddnumber.ca, 1
+oddoo.net, 1
+oddsandevens.ca, 1
+oddsandevensbookkeeping.ca, 1
+oddscasino.top, 1
+oddsmoneyers.ga, 1
+oddsnet.com, 1
+oddsseeker.com, 1
+oddtime.net, 0
+oddtoes.com, 1
+ode.red, 0
+odedigitale.marketing, 1
+odegua.com, 1
+odejdamoda.tk, 1
+odeliabridal.com, 1
+odensc.com, 1
+odensc.me, 1
+odenvilleal.gov, 1
+odeonentertainment.co.uk, 1
+odesigning.com, 1
+odessalove.tk, 1
+odete.com.br, 1
+odezdaotto.tk, 1
+odhosc.ca, 1
+odiall.co, 1
+odiall.tk, 1
+odiamoselregeton.tk, 1
+odifi.com, 1
+odigitalmarketing.com.br, 1
+odij.nl, 1
+odijmond.nl, 1
+odinpl.com, 1
+odinraz.ga, 1
+odinseye.net, 1
+odinson.tk, 1
+odisealinux.com, 0
+odishainfo.tk, 1
+odishassc.in, 1
+odishasuntimes.com, 1
+odishatv.in, 1
+odisseo.io, 1
+odlicomul.ga, 1
+odnostranichnik.tk, 1
+odo-pro.ru, 1
+odo.online, 1
+odonata-editions.fr, 1
+odonti.com, 1
+odontoguia.co, 1
+odontologiawilliampizarro.com, 1
+odoo.co.th, 1
+odoppelto.de, 1
+odoranswers.com, 1
+odoru.ga, 1
+odorucinema.ga, 1
+odosblog.de, 1
+odpikedoslike.com, 1
+odsylvie.cz, 1
+odtu.lu, 1
+oducs.org, 1
+odvps.com, 0
+odxin.com, 1
+odysea.cat, 1
+odyso.org, 1
+odyssee-animation.tk, 1
+odyssey44.com, 1
+odysseyofthemind.eu, 1
+odzyskiwanie.biz, 1
+odzywianie.info.pl, 1
+oe-it.ru, 1
+oe.ink, 1
+oe0fcdncxjpdd05b.myfritz.net, 1
+oea.gov, 1
+oec-music.com, 0
+oecdpisaforschools.org, 1
+oedeemboek.nl, 1
+oegd.at, 1
+oeh.ac.at, 1
+oeilpouroeilcreations.fr, 0
+oeko-bundesfreiwilligendienst-sh.de, 1
+oeko-bundesfreiwilligendienst.de, 1
+oeko-jahr-jubilaeum.de, 1
+oeko-jahr.de, 1
+oelbilder-oelmalerei.de, 1
+oelsner.net, 1
+oemdealsers.ga, 1
+oemparcacim.com, 1
+oemspace.net, 1
+oemwolf.com, 1
+oen.tw, 1
+oeno.link, 1
+oenolab-vidalies.com, 1
+oermen.com, 1
+oertle.tk, 1
+oessi.eu, 1
+oettig.de, 1
+oetzies-quiz.com, 0
+of-sound-mind.com, 1
+of2106.dnsalias.org, 1
+of2m.fr, 1
+ofa.org, 1
+ofaas.jp, 1
+ofallonil.gov, 1
+ofaqim.city, 1
+ofasoft.com, 1
+ofb.uz, 1
+ofcampuslausanne.ch, 0
+ofelia.tk, 1
+ofertasadsl.com, 1
+ofertastop.es, 1
+ofertino.es, 1
+ofertolino.fr, 1
+off-festival.pl, 1
+off-rabota.tk, 1
+off.net.mk, 1
+offbeat-music.com, 1
+offbeatbeats.com, 0
+offbeatbits.com, 0
+offbyinfinity.com, 1
+offcasesstore.com, 1
+offenekommune.de, 1
+offenes-deutschland.de, 1
+offensity.com, 1
+offensivesentinel.com, 1
+offentligsektormedmoln.se, 1
+offeo.com, 1
+offer-today.ml, 1
+offerhome.com, 1
+offermagnet.co, 0
+offermann-koeln.de, 1
+offers-daraghmehstores.com, 1
+offers.jp, 1
+offgamers.com, 1
+offgames.io, 1
+offgridauto.com, 1
+office, 1
+office-addins.com, 1
+office-aslabo.com, 1
+office-basilique.notaires.fr, 1
+office-de-tourisme.net, 0
+office-dolmetscher-scharnagl.de, 1
+office-furniture-direct.co.uk, 1
+office-house.tk, 1
+office-mizutani.jp, 1
+office-op.tk, 1
+office-ruru.com, 1
+office.urown.cloud, 1
+office2s.com, 1
+office365-apps.com, 1
+office365.us, 1
+officecode.co.uk, 1
+officedivvy.co, 1
+officedivvy.com, 1
+officedivvy.company, 1
+officeefficient.de, 1
+officeface.cf, 1
+officeforstudents.org.uk, 1
+officefundays.co.uk, 1
+officeguide.cz, 1
+officeinteriors.co.nz, 1
+officemove.ca, 1
+officemovepro.com, 1
+officemoves.ca, 1
+officepie.pro, 1
+officerjones.tk, 1
+officert.ga, 1
+official-sensitive.org, 1
+official.my, 1
+officialdubaidev.com, 1
+officialhazalturesan.tk, 1
+officialmc2.com, 1
+officialniledevelopments.com, 1
+officialpyramids.com, 1
+officialsunset.com, 1
+officina.roma.it, 1
+officina.tk, 1
+officium.tech, 1
+offis.de, 0
+offlineauthentication.com, 1
+offpages.cf, 1
+offpages.gq, 1
+offpages.ml, 1
+offpageseopro.tk, 1
+offroadhoverboard.net, 1
+offshoot.rentals, 0
+offshoredaddy.com, 1
+offshoremoney.tk, 1
+offshoretravelsest.ga, 1
+offshorewfs.com, 1
+offshorewindwatchdog.com, 1
+offspringmexico.tk, 1
+offspringzero.tk, 1
+offtherails.ie, 1
+offtheshelf.com, 1
+offtopica.uk, 0
+offworld.com, 1
+ofggolf.com, 1
+oficinadanet.com.br, 1
+oficoex.es, 1
+oficomercr.com, 0
+ofileo.fr, 1
+ofina.on.ca, 1
+ofis.tk, 1
+ofisas.cloud, 1
+ofisas.site, 1
+ofisescort.ga, 1
+ofisescort.tk, 1
+ofkodasplace.nl, 1
+oflow.me, 0
+ofo.moe, 1
+ofo2.com, 0
+ofogh.co, 1
+oformi.net, 1
+oformit-zajm-kruglosutochno.ga, 1
+oformlaj.ga, 1
+ofpad.com, 1
+ofrion.lu, 1
+ofs-28.com, 1
+ofsetas.lt, 1
+oftamedic.com, 0
+oftn.org, 1
+ofuquemalitaestoy.tk, 1
+og-chemistry.ru, 1
+oga.fit, 0
+ogamerezine.tk, 1
+ogarkovo.ml, 1
+ogatomo.net, 1
+ogcloud.io, 1
+ogdensburgnj.gov, 1
+oge.ch, 0
+oge.gov, 1
+ogfarms.in, 1
+oggw.us, 1
+oggyp.com, 1
+ogilvy.com, 1
+ogis.gov, 1
+ogkw.de, 1
+oglebay.com, 1
+oglecountyil.gov, 1
+oglen.ca, 1
+oglesbyil.gov, 1
+oglix.com.br, 1
+ogmworld.tk, 1
+ognedoor.ru, 0
+ognemet.net, 1
+ognyan.tk, 1
+ogo-knigi.ml, 1
+ogogo-knigi.ml, 1
+ogolnotematyczny.pl, 1
+ogorod-money.tk, 1
+ogorodnik.guru, 1
+ogorodoved.info, 1
+ogot.org, 1
+ogoulems.com, 1
+ogrenciyurtlari.tk, 1
+ogretmenimsanat.com, 0
+ogui.de, 1
+ogunquit.gov, 1
+ogurishun.tk, 1
+oguya.ch, 1
+ogyaa.jp, 0
+ogznet.com, 1
+oh-my-lash.nl, 1
+oh14.de, 0
+ohai.is, 1
+ohai.social, 1
+ohai.su, 1
+ohako-inc.jp, 1
+oharas.fr, 1
+ohartl.de, 1
+ohayosoro.me, 1
+ohbabybean.com, 1
+ohcanvas.com, 1
+ohchouette.com, 1
+ohcomassagechairs.com, 1
+oheila.com, 1
+ohentpay.com, 1
+ohglowup.nl, 1
+ohhappy.win, 1
+ohifonly.com, 0
+ohioag.gov, 1
+ohioago.gov, 1
+ohiobrewweek.com, 1
+ohiobusinesscentral.gov, 1
+ohioflockcote.com, 1
+ohiosos.gov, 1
+ohiostateparks.gov, 1
+ohiot21.gov, 1
+ohiotobacco21.gov, 1
+ohiowebtech.com, 1
+ohling.org, 1
+ohlmeier.com, 1
+ohm.sg, 1
+ohmanager.kr, 1
+ohmayonnaise.com, 1
+ohmy.ca, 1
+ohmydish.nl, 1
+ohmygeekettes.fr, 1
+ohmymalware.com, 1
+ohmyunix.com, 1
+ohne-name.de, 1
+ohnonotme.com, 0
+ohol.se, 1
+ohoreviews.com, 1
+ohrange-music.tk, 1
+ohreally.de, 1
+ohrus.mx, 1
+ohsohairy.co.uk, 1
+ohtoy.com, 1
+ohverynice.ml, 1
+ohwatch.co.za, 1
+ohydne.pl, 1
+ohyooo.com, 1
+ohype.ga, 1
+ohype.gq, 1
+oi-wiki.org, 1
+oiahe.org.uk, 1
+oiaposta.com, 1
+oidrava.tk, 1
+oiepoie.nl, 0
+oikontroloi.tk, 1
+oikosweb.com, 1
+oil-heaters.tk, 1
+oilfieldinjury.attorney, 1
+oilman.ml, 1
+oilpaintingsonly.com, 1
+oilsan.com, 1
+oilx.co.uk, 1
+oilyouneed.co.id, 1
+oimexico.tk, 1
+oinimod.com, 1
+oinky.ddns.net, 1
+oirealtor.com, 1
+oirnoir.gq, 1
+oirnoir.ml, 1
+ois.dk, 1
+oisabre.com, 1
+oisd.nl, 1
+oiseaux-mania.com, 1
+oiseauxdesjardins.tk, 1
+oita-homes.com, 1
+oitaven.es, 1
+oiwe.info, 1
+ojapanesetea.ca, 1
+ojdip.net, 1
+ojee.nic.in, 1
+ojjdp.gov, 1
+ojk.ee, 0
+ojp.gov, 1
+ok-travel.tk, 1
+ok.ru, 1
+ok118.com, 1
+ok2a.org, 1
+ok3on.cz, 1
+okachimachi-naka-clinic.jp, 1
+okaidi.es, 1
+okaidi.fr, 1
+okaidi.ro, 1
+okaidi.si, 1
+okami-no-tochi.com, 1
+okanaybek.tk, 1
+okash.it, 1
+okashi.me, 1
+okay.cf, 1
+okay.coffee, 1
+okayloser.com, 1
+okazoo.eu, 1
+okburrito.com, 1
+okcasino.ga, 1
+okchousebuyer.com, 1
+okeechobeecountyfl.gov, 1
+okeepixels.ru, 1
+okelections.gov, 1
+okemahok.gov, 1
+okeydeyim.com, 1
+okhanvatansever.tk, 1
+okhrana.agency, 1
+okib.ca, 1
+okiefrog.org, 1
+okinawa-mag.net, 1
+okinawa-seaside.com, 1
+okinawan-lyrics.com, 1
+okinext.com, 1
+okiram.net, 1
+okis.win, 1
+okkhor52.com, 1
+okkultemysterier.tk, 1
+okkur.community, 1
+okkur.dev, 1
+okkur.io, 1
+okkur.net, 1
+okkur.org, 1
+okkur.team, 1
+okkurlabs.com, 1
+oklahomaced3.gov, 1
+oklahomafibroids.com, 1
+oklahomamoversassociation.org, 1
+oklahomanotepro.com, 1
+oklahomasoftwaresolutions.com, 1
+oklahomaworkstogether.gov, 1
+okmaybe.ca, 1
+okmirror.net, 1
+okmulgeecounty.gov, 1
+okmx.cloud, 1
+okmx.de, 1
+okna-tm.kz, 0
+okna-vek.com.ua, 1
+okna.ua, 1
+oknakz-astana.kz, 1
+oknavdom.tk, 1
+oknopvh.ml, 1
+okobojitech.com, 1
+okokorecepten.nl, 1
+okonto.com, 1
+okosg.kr, 1
+okotelecom.ml, 1
+okpo.tk, 1
+okqubit.net, 1
+okr.pub, 1
+okremarketing.com, 1
+okrodrigo.com, 1
+oksafe-t.org, 1
+oksanakazakova.tk, 1
+oksichemk.com, 1
+okskoleni.cz, 1
+oksystem.cz, 1
+oktava.tk, 1
+oktave.co, 1
+oktaybozaci.com, 1
+oktayincesuturizm.com, 1
+oktime.cz, 1
+oktober.tk, 1
+oktoplus.com.br, 1
+oktos.tk, 1
+oktour.ca, 1
+oktransportation.gov, 1
+okubo-shika.jp, 1
+okuguchihifuka-clinic.com, 1
+okukan.com.au, 1
+okulistiyoruz.tk, 1
+okurapictures.com, 1
+okusiassociates.com, 1
+okv.de, 1
+okviz.com, 1
+okwine.ua, 1
+okwu.cz, 1
+ola.finance, 1
+olacatlitter.com, 1
+olafbrzeski.com, 1
+olafnorge.de, 1
+olafvantol.nl, 1
+olafwalther.de, 1
+olamagri.com, 1
+olamgroup.com, 1
+olamiccutlery.com, 1
+olamisys.com, 1
+olamisys.email, 1
+olamisys.xyz, 1
+olaradio.tk, 1
+olasderisa.tk, 1
+olasouris.com, 0
+olastrafford.org, 1
+olatiferreira.com, 1
+olax.tk, 1
+olb.de, 1
+olbat.net, 1
+olcayanar.com, 1
+olcbrookhaven.org, 1
+old-computer-club.ml, 1
+old-times.ga, 1
+old-tomsk.tk, 1
+old-wheelers.tk, 1
+oldaine.tk, 1
+oldbkcom.tk, 1
+oldbones.tk, 1
+oldbrookinflatables.co.uk, 1
+oldbrookmarqueehire.co.uk, 1
+oldcars.tk, 1
+oldcastle.tk, 1
+oldcc.gov, 1
+oldcity.tk, 1
+oldcitysmokehouse.com, 1
+oldcold.co, 1
+olddisk.ml, 1
+olddominionspeedway.com, 1
+olddragon.com.br, 1
+oldenzaal.tk, 1
+older-racer.com, 1
+oldertarl.ddns.net, 1
+olderwomanpics.com, 1
+oldfarming.tk, 1
+oldfieldmusic.tk, 1
+oldfriends.tk, 1
+oldhouse.tk, 1
+oldhousetonewhome.net, 1
+oldiesmusicguide.tk, 1
+oldiesradio.tk, 1
+oldinnpub.tk, 1
+oldita.ru, 1
+oldliverpoolrailways.tk, 1
+oldonyosafaris.com, 1
+oldpc.com.ua, 1
+oldriver.tk, 1
+oldroadswhippets.tk, 1
+oldrun.is, 1
+oldrup.art, 1
+oldrup.dk, 1
+oldrup.net, 1
+oldscans.tk, 1
+oldschool-criminal.com, 1
+oldschool.wiki, 1
+oldshara.tk, 1
+oldskoolreviews.tk, 1
+oldspice.com, 1
+oldsql.tk, 1
+oldsticker.com, 1
+oldstmary.com, 1
+oldtacomamarine.com, 1
+oldtavern.tk, 1
+oldtimer.tk, 1
+oldtimerclub.tk, 1
+oldtimerparts.de, 0
+oldtimerreifen-moeller.de, 1
+oldtimers.tk, 1
+oldtimesecurity.tk, 1
+oldtowntownship-il.gov, 1
+oldtoystuff.com, 1
+oldvaliken.tk, 1
+oldvps.com, 0
+oleam.org, 1
+olecoin.io, 1
+oleg.loan, 1
+olegchursin.com, 0
+olegon.ru, 1
+oleksandr-petrusenko.com, 1
+oleksii.name, 0
+olemon.eu.org, 1
+olenergie.com, 1
+olenergie.fr, 1
+olenergies.com, 1
+olenergies.eu, 1
+olenergies.fr, 1
+olennolla.fi, 1
+olennolla.net, 1
+oleodecopayba.com.br, 1
+olepiraatti.fi, 1
+olerogas.xyz, 1
+oles-hundehaus.de, 1
+olesaradio.tk, 1
+olevoitalia.com, 1
+olffi.com, 1
+olfnewcastle.com, 1
+olfsecane.org, 1
+olgallery.tk, 1
+olgamalytcheva.com, 1
+olgamilosevic.edu.rs, 1
+olgapankova.art, 1
+olgaserebrennikova.tk, 1
+olgcc.net, 1
+olgui.net, 0
+olgun.eu, 1
+olhcparish.net, 1
+olibarcenas.es, 0
+olidetrim.com, 1
+oliebollenbakservice.nl, 1
+olifant.fr, 0
+oligenesi.it, 1
+olightstore.ro, 1
+olihar.com, 1
+olimpicmoradebre.tk, 1
+olimpikfit.com, 1
+olimpoao.tk, 1
+olinux.fr, 1
+oliode.tk, 1
+olisius.com, 1
+olitham.com, 1
+olive.my, 1
+oliveandcompany.com, 1
+olivedon.com, 1
+olivejs.com, 1
+oliveoil.bot, 1
+oliveoil.pro, 1
+oliveoilschool.org, 1
+oliveoilshop.com, 1
+oliveoiltest.com, 1
+oliveoiltimes.com, 1
+oliver-wenz.de, 1
+oliverclark.tk, 1
+oliverclausen.com, 1
+oliverdunk.com, 0
+olivereats.ca, 1
+oliverfaircliff.com, 1
+oliverflecke.me, 1
+oliverjoss.com, 1
+oliverlanguages.com, 1
+olivernaraki.com, 1
+oliverniebuhr.de, 1
+oliverspringer.eu, 1
+oliverswindles.com, 1
+oliverwenz.de, 1
+olivetbgc.org, 1
+olivetchurch.org.uk, 0
+olivetownship-mi.gov, 1
+olivia.cf, 1
+olivialufkin.tk, 1
+olivier-giroud.tk, 1
+olivier-rochet.com, 1
+olivier-verbois.fr, 1
+olivierberardphotographe.com, 0
+oliviercreation.tk, 1
+olivierdurand.tk, 1
+olivierpieters.be, 1
+oliviervaillancourt.com, 1
+olivinehoney.com.au, 1
+olivlabs.com, 1
+oljyakatemia.fi, 1
+olk9mo.com, 1
+olkywade.com, 1
+ollerom.com, 1
+ollerom.nl, 1
+ollie.io, 1
+ollielloyd.tk, 1
+ollieowlsblog.com, 1
+ollies.cloud, 1
+ollies.cz, 1
+olliespage.com, 1
+olliespage.net, 1
+olliespage.uk, 1
+ollning.com, 1
+ollo.ga, 1
+olltechjob.com, 1
+olmari.fi, 1
+olmc-nutley.org, 1
+olmcjc.com, 1
+olmcnewark.com, 1
+olmecaaltos.com, 1
+olmik.net, 1
+olmportal.com, 1
+olmsted.io, 1
+olmstedcounty.gov, 1
+olmstedtownshipohio.gov, 1
+oloadvid.tk, 1
+olofly.com, 1
+olofsson.cc, 1
+ololmke.org, 1
+olomercy.com, 1
+olopp.org, 1
+olphseaside.org, 1
+olqoa.org, 1
+olschurch.com, 1
+olsen-town.tk, 1
+olsenban.de, 1
+olshop.ai, 1
+olson25.org, 0
+olsonproperties.com, 1
+oluchiedmundmusic.com, 1
+oludeniz.tk, 1
+olustvere.edu.ee, 1
+olxa.tk, 1
+olxdir.tk, 1
+olydent.com, 1
+olyfed.com, 1
+olygazoo.com, 1
+olymp-arts.world, 1
+olympe-transport.fr, 1
+olympia-blerick.tk, 1
+olympia-londerzeel.tk, 1
+olympiads.ca, 1
+olympiaduilawyers.com, 1
+olympiamanzanilla.tk, 1
+olympic-lodge.com, 1
+olympic-research.com, 1
+olympicfitness.com.mx, 1
+olympiclodge.com, 1
+olympiclodgebyayres.com, 1
+olymptrade.com, 1
+om.yoga, 1
+oma-opa-enkel-urlaub.de, 0
+oma-opa-enkel.de, 0
+omaedu.ro, 1
+omag.gov, 1
+omaha.com, 1
+omaha.gov, 1
+omahachapterone.org, 1
+omahagutterandsiding.com, 1
+omaharoofpros.com, 1
+omahcoin.com, 1
+omal.info, 1
+omanair.com, 1
+omandatapark.com, 1
+omangrid.com, 1
+omanhr.cf, 1
+omanpost.om, 1
+omarans.com, 1
+omarhussien.tk, 1
+omarov.tk, 1
+omarpalos.com, 1
+omarsamarah.tk, 1
+omarsuniagamusic.ga, 1
+omart.org, 1
+omarzunic.com, 1
+omatoimi.fi, 1
+omatulevaisuus.fi, 1
+omaweetraad.nl, 1
+omaxe.tk, 1
+omayn.com, 1
+omb-cobra.hr, 0
+omb.gov, 1
+ombrazur.fr, 1
+ombregialle.it, 1
+omc-copiers.com, 1
+omedita.lt, 1
+omega-intranet.com, 1
+omegachess.tk, 1
+omegacode.pl, 1
+omegahosting.net, 1
+omegamc.ua, 1
+omegarazer.ca, 1
+omegatechware.com, 1
+omegathermoproducts.nl, 1
+omegleporn.to, 1
+omelectricnyc.com, 1
+omenprinting.com.au, 1
+omeopatiadinamica.it, 1
+omerdanismaz.com, 0
+omerdemirel.com.tr, 1
+omersalaj.com, 1
+omert.tk, 1
+omerta.tk, 1
+omertabeyond.com, 1
+omertabeyond.net, 1
+omestudios.tk, 1
+ometepeislandinfo.com, 1
+omexcables.com, 1
+omf.link, 1
+omfmf.tk, 1
+omgbouncycastlehire.co.uk, 1
+omgit.works, 1
+omgpu.com, 1
+omgvaneyckwashere.be, 1
+omgvaneyckwashere.com, 1
+omgvaneyckwashere.eu, 1
+omgvaneyckwashere.gent, 1
+omhome.net, 1
+omicaorganics.com, 1
+omicawholesale.com, 1
+omicron3069.com, 1
+omid16b.com, 1
+omidfan.ir, 0
+omilia.com, 1
+omintmais.azurewebsites.net, 0
+omipicon.io, 1
+omira.pt, 1
+omitech.co.uk, 1
+omlpar.gov, 1
+ommam.com.br, 1
+ommcitalflex.com, 1
+omnama.it, 1
+omnel.ml, 1
+omngc.gov, 1
+omniaaerospace.com, 1
+omniaclubs.com, 1
+omniaintranet.com, 1
+omniaintranet.de, 1
+omniaintranet.dk, 1
+omniaintranet.se, 1
+omniarch.se, 0
+omniasl.com, 0
+omniatv.com, 1
+omniballot.us, 1
+omnibot.tv, 1
+omnicourt.jp, 1
+omnidiecasting.com, 1
+omnidigital.ae, 1
+omniflora.shop, 1
+omnifotoside.tk, 1
+omnifurgone.it, 1
+omniga.de, 0
+omnilert.net, 1
+omniscimus.net, 0
+omnisiens.se, 1
+omnisky.dk, 1
+omnissimmo.fr, 1
+omniteck.com, 1
+omnitrattore.it, 1
+omnits.pro, 1
+omny.info, 1
+omorashi.org, 1
+omoteura.com, 1
+omranic.com, 1
+omro-wi.gov, 1
+omroepvenray.nl, 1
+omronwellness.com, 1
+omshivalab.com, 1
+omsknews.tk, 1
+omskrock.com, 1
+omskweb.tk, 1
+omstars.com, 1
+omtcloud.jp, 1
+omundojornalismo.pt, 1
+omva.de, 1
+omveda.org, 1
+omxz8.com, 1
+on-air.today, 1
+on-networkers.cf, 1
+on-networkers.gq, 1
+on-networkers.ml, 1
+on-networkers.tk, 1
+on-running.com, 1
+on-state.com.ua, 1
+on-tandemdrive.com, 1
+on-tandemdrive.nl, 1
+on-targettrainingcourses.com, 1
+on-tech.co.uk, 1
+on-the-wave.com, 1
+on-tv.tk, 1
+on2it.net, 1
+on3.com, 1
+on3static.com, 1
+on5.co.id, 1
+on9.link, 1
+ona.io, 1
+onaboat.se, 1
+onaforums.com, 1
+onahonavi.com, 1
+onai.es, 1
+onair.ovh, 1
+onarto.com, 1
+onavstack.net, 1
+onbettertech.com, 1
+onbley.com.br, 1
+oncaagt.com, 1
+oncc.org, 1
+oncecocuklar.org.tr, 1
+oncemorearoundeternity.com, 1
+oncentive.io, 1
+onceuagain.tk, 1
+onceuponabow.org, 1
+onceuponachicken.com, 1
+onceuponarainbow.co.uk, 1
+oncf.asso.fr, 1
+onchclub.tk, 1
+onclouds.tech, 1
+oncore-eurofins.com, 1
+oncotarget.ru, 1
+ond-inc.com, 1
+ond-inc.jp, 1
+ondafc.es, 1
+ondajoven.tk, 1
+ondav.com, 1
+ondcp.gov, 1
+onde.xyz, 1
+ondeapostar.pt, 1
+ondemandassociate.com, 1
+onderka.com, 1
+onderwijscentrum.gent, 1
+onderwijscentrumgent.be, 1
+onderzoeksraad.nl, 1
+ondevamosjantar.com, 1
+ondiet.biz, 1
+ondoline.ch, 1
+ondoorgrond.tk, 1
+ondra05.cz, 1
+ondradoksy.com, 1
+ondrei.one, 1
+ondrej.org, 1
+ondrejhoralek.cz, 1
+ondrejsramek.cz, 1
+ondrejvasicek.cz, 1
+one-clue.com, 1
+one-cozmic.com, 1
+one-dot.de, 1
+one-host.ga, 1
+one-news.net, 0
+one-page.org, 1
+one-piece-fans.com, 1
+one-pixel.tk, 1
+one-resource.com, 1
+one-s.co.jp, 1
+one-tab.com, 1
+one3oneapartments.com, 1
+one6688.com, 0
+oneaftac.gov, 1
+oneandfree.org.au, 1
+oneapi.io, 1
+oneartyminute.com, 1
+oneazcu.com, 0
+onebanc.ai, 1
+onebelo.tk, 1
+onebigcow.com, 1
+onebiz.tk, 1
+oneblinc.com, 1
+oneblock.fr, 1
+onebookstore.ml, 1
+onebreadcrumb.com, 1
+onebreadcrumb.com.au, 1
+onecarsource.com, 1
+onecharge.biz, 1
+onechoice.co.nz, 1
+onechronos.com, 1
+oneclick.accountant, 1
+oneclick2books.cf, 1
+oneclickbooks.gq, 1
+oneclickbooks.ml, 1
+oneclickjailbreak.com, 1
+oneclickmoney.cf, 1
+oneclickmoney.ml, 1
+oneclickmoney.tk, 1
+oneclub.ua, 1
+onedaygrandcanyonrafting.com, 1
+onedeal.com.ua, 1
+onedetermination.com, 0
+onedevonshireplace.co.uk, 1
+onediversified.com, 1
+onedoc.ch, 1
+onedot.nl, 1
+onedrive.com, 0
+onee3.org, 1
+oneearthsacredarts.com, 1
+oneem.tk, 1
+oneest.com, 1
+onefamily.com, 1
+onefestivalplaza.com.au, 1
+onefestivaltower.au, 1
+onefestivaltower.com, 1
+onefestivaltower.com.au, 1
+onefile.tk, 1
+onefinitee.in, 1
+onefish.cc, 1
+onefocusapp.com, 1
+onefour.ga, 1
+onegeeks.org, 1
+onegroup.ua, 1
+onehealthbehaviors.org, 1
+oneheartbali.church, 0
+onehorizon.it, 1
+onehost.blue, 1
+onehost.kz, 0
+oneidacityny.gov, 1
+oneidacountywi.gov, 1
+oneigroup.net, 1
+oneindex.tk, 1
+oneiroi.co.uk, 1
+oneirosociety.tk, 1
+onekey.so, 1
+onekeycn.com, 1
+oneless.tk, 1
+onelifenutrition.co.uk, 1
+onelinkbpo.com, 1
+onemeter.com, 1
+onemindmedicinals.com, 1
+oneminute.io, 0
+onemix.me, 1
+onemodel.com.au, 1
+onemodel.us, 1
+onemonthcamera.tk, 1
+onemoonmedia.de, 1
+onenetcdn.com, 1
+onenetwork.com, 1
+onenetwork.io, 1
+oneone.moe, 1
+oneonemedia.tk, 1
+oneononeonone.de, 1
+oneononeonone.tv, 1
+onepeloton.ca, 1
+onepeloton.co.uk, 1
+onepeloton.com, 1
+onepersona.io, 1
+onepieceplayer.com, 1
+oneplaykh.com, 1
+onepluscamps.com, 0
+onepointsafeband.ca, 1
+onepointsafeband.com, 1
+onepointzero.com, 1
+onepotliving.com, 1
+oneprediction.com, 1
+onerivermedia.com, 1
+ones.buzz, 1
+onescience.tk, 1
+oneshotmediakc.com, 1
+oneso.win, 1
+onespan.com, 0
+onespiritinc.com, 1
+onesportslive.com, 1
+onestarclassics.com, 1
+onestasolar.com, 1
+onestepbooks.gq, 1
+onestepbooks.ml, 1
+onestopcastles.co.uk, 1
+onestopmedicalsupplies.com, 1
+onestopshop.ml, 1
+onestpasdesanges.fr, 1
+onet.co.jp, 1
+onetakeonehit.tk, 1
+onetap.com, 1
+onetcenter.org, 1
+onetcodeconnector.org, 1
+onetech.it, 1
+oneteg.com, 1
+onetestatatime.com, 1
+onetly.com, 1
+onetonline.org, 1
+onetouchreveal.com, 1
+onetouchrevealplus.com, 1
+onetouchtour.com, 1
+onetown.gq, 1
+onetranslations.com.br, 1
+onetrust.com, 1
+onets.es, 1
+onetwentyseven001.com, 1
+onetwo-vermietung.de, 1
+onetwosweetatelier.com, 1
+oneupchocolatebars.com, 1
+oneurl.co, 1
+oneway.ga, 1
+oneweb.hu, 1
+onewebdesign.nl, 0
+onewebdev.info, 1
+onewyo.gov, 1
+onex.bet, 1
+onezero24.net, 1
+onfaloc.tk, 1
+onfilm.tk, 1
+onfleet.com, 1
+onformative.net, 1
+ongea.io, 1
+ongelukvandaag.nl, 1
+ongiaenegogoa.com, 1
+onglobetrotter.com, 1
+ongoal.gr, 1
+onguardonline.gov, 1
+onhistory.co.uk, 1
+onhub1.com, 1
+oni.nl, 1
+onibolt.com, 1
+onice.ch, 1
+onicore.cf, 1
+onidesign.tk, 1
+onilacare.com, 1
+onimaodonto.com.br, 1
+oninpresento.ga, 1
+onionbot.ga, 1
+onionbot.me, 1
+onionflix.net, 1
+onionplay-network.stream, 1
+onionplay.co, 1
+onionplay.org, 1
+onionshare.org, 1
+onionsocial.com, 1
+onionyst.com, 1
+oniria.ch, 0
+oniriamultimedia.com, 1
+onirik-studio.com, 1
+oniuq.com, 1
+onix.eu.com, 1
+onixcco.com.br, 1
+onkfaktor.de, 1
+onkologiya.ga, 1
+onkyousa.com, 1
+onld.de, 1
+onlfait.ch, 0
+onlifehealth.com, 1
+online-audio-converter.com, 1
+online-bookmakers.ru, 1
+online-bouwmaterialen.nl, 1
+online-calculator.com, 1
+online-calculator.xyz, 1
+online-car-show.com, 1
+online-carhire.tk, 1
+online-casino.eu, 1
+online-clothing-store.tk, 1
+online-concepts.net, 1
+online-concepts.nl, 1
+online-consulting-corp.com, 1
+online-content.ru, 1
+online-diary.tk, 1
+online-divorce.co.za, 1
+online-eikaiwa-guide.com, 1
+online-english.tk, 1
+online-fix.me, 1
+online-health-insurance.com, 1
+online-jobs.cf, 1
+online-learning.bg, 1
+online-lernprogramme.de, 1
+online-mobile-phone-shop.tk, 1
+online-news-usa.tk, 1
+online-one-piece.com, 1
+online-pochta.ml, 1
+online-pr.at, 1
+online-series.ru, 1
+online-shop-equipment.tk, 1
+online-sql-editor.com, 1
+online-stopwatch.com, 1
+online-store-phones.tk, 1
+online-taxes.tk, 1
+online-tesis.com, 1
+online-textil.com, 1
+online-textil.cz, 1
+online-textil.sk, 1
+online-umwandeln.de, 1
+online-video-cutter.com, 1
+online-voice-recorder.com, 1
+online-wedding.site, 1
+online-wholesalers.com, 1
+online-xxxmovies.com, 1
+online.forum, 1
+online.marketing, 1
+online.net.gr, 1
+online.swedbank.se, 1
+online24.pt, 1
+online365.ga, 1
+onlineairlinesbooking.com, 1
+onlinebewerbungsserver.de, 1
+onlinebiller.com, 1
+onlinebillingform.com, 1
+onlinebookmarks.tk, 1
+onlinebrides.tk, 1
+onlinebs.tk, 1
+onlinebupropion.gq, 1
+onlinebusiness.law, 1
+onlinecannabiseducation.com, 1
+onlinecarstyling.nl, 1
+onlinecasinoerdk.com, 1
+onlinecasinohex.ca, 1
+onlinecasinohex.nl, 1
+onlinecasinoknowhow.com, 1
+onlinecasinokoning.com, 1
+onlinecasinos.vlaanderen, 1
+onlinecasinoselite.org, 1
+onlinecasinosportugal.pt, 1
+onlinecasinotrend.nl, 1
+onlinechallenge.nl, 1
+onlinecollegeessay.com, 1
+onlinecosmeticsstore.tk, 1
+onlinecounselingprograms.com, 1
+onlinecrafts.tk, 1
+onlinedapoxetina.gq, 1
+onlinedivorce.com, 1
+onlinedoctors24.com, 1
+onlinefabricstore.com, 1
+onlinefashion.it, 1
+onlinefloridadivorce.com, 1
+onlinefurniture.us, 1
+onlinegallery.cf, 1
+onlinegames4free.tk, 1
+onlinegamesforgirls.tk, 1
+onlinegeeks.ru, 1
+onlinehartha.com, 1
+onlinehashfollow.com, 1
+onlinehsa.com, 1
+onlinehypermarket.ru, 1
+onlineinfo.freesite.host, 1
+onlineinfographic.com, 1
+onlineinsurancetips.ga, 1
+onlinejobs.ga, 1
+onlinekansspel.cf, 1
+onlinekansspel.tk, 1
+onlinekasino.de, 1
+onlinekmc.com, 1
+onlineknighki.ga, 1
+onlinekocunuz.com, 1
+onlinekreditmitsofortzusage.com, 1
+onlinelegalmarketing.com, 1
+onlinelegalmedia.com, 1
+onlineloansnocreditcheck.tk, 1
+onlinemag24.com, 0
+onlinemagento.com, 1
+onlinemarketfinds.cf, 1
+onlinemarketingmuscle.com, 1
+onlinemarketingtraining.co.uk, 1
+onlinembapage.com, 1
+onlinemediamasters.com, 1
+onlinemedicalassistantprograms.net, 1
+onlinemphdegree.net, 1
+onlinemswprograms.com, 1
+onlinenewspaperclassifieds.com, 1
+onlineorto.com, 1
+onlinepay.tk, 1
+onlinepaydayloans365.tk, 1
+onlineplay.ml, 1
+onlinepokies.me, 1
+onlineporno.cc, 1
+onlineprogrammingbooks.com, 1
+onlinepsychologydegrees.com, 1
+onlineradio.com.pl, 1
+onlineradio.pp.ua, 1
+onlineradiobr.com, 1
+onlineradious.com, 1
+onlineschipaanpak.nl, 1
+onlinesearningstips.ga, 1
+onlinesellingexperiment.com, 1
+onlineseminar.com, 1
+onlineseminar.es, 1
+onlineseminar.nl, 1
+onlineservisprogrami.com, 1
+onlineshop-helgoland.de, 1
+onlineshopsatkhira.tk, 1
+onlinesitereviews.com, 1
+onlinesorusor.cf, 1
+onlinespielcasino.de, 1
+onlinesports.cf, 1
+onlinesports.tk, 1
+onlinestatic.net, 1
+onlinestoresite.com.au, 1
+onlinesudoku.tk, 1
+onlinesurveys.ac.uk, 1
+onlinesystem.jp, 1
+onlinetadacip.gq, 1
+onlinetextil.cz, 1
+onlineth.com, 1
+onlinetravelmoney.co.uk, 1
+onlinevardenafil.gq, 1
+onlineveilingmeester.nl, 1
+onlineverdict.com, 1
+onlineverdienen.tk, 1
+onlinevergidanismani.com, 1
+onlineviewers.tk, 1
+onlinevisa.ru, 1
+onlinevoting.tk, 1
+onlinewallpapers.tk, 1
+onlineweblearning.com, 1
+onlineworkshops.tk, 1
+onlinewot.ru, 1
+onlinews.ml, 1
+onlinexl.nl, 1
+onlineyearbook.tk, 1
+onlineyos.ru, 1
+onlinezaim.ml, 1
+onlstreet.com, 1
+only.bible, 1
+only.lc, 1
+only3x.com, 1
+only4free.tk, 1
+onlybestporn.com, 1
+onlybooks.gq, 1
+onlycrumbsremain.com, 1
+onlyesb.net, 1
+onlyfans.com, 1
+onlyfitgear.com, 1
+onlyincentivesest.ga, 1
+onlyjedis.com, 1
+onlyjesus.net, 1
+onlylithiumhere.gq, 1
+onlylovastatin.gq, 1
+onlymammoths.com, 1
+onlymyenglish.com, 1
+onlysergio.com, 1
+onlysmoker.com, 1
+onlystars.news, 1
+onlystay.ga, 1
+onlyu.eu, 1
+onlyveg.tk, 1
+onlyvintagewatches.com, 1
+onmaps.de, 1
+onmaru.com, 1
+onmyside.com, 1
+onnatuurlijk.tk, 1
+onnee.ch, 1
+ono.ac.il, 1
+onodera.com.br, 1
+onoelixir.gr, 1
+onohawaiianbbq.com, 1
+onondaga.gov, 1
+ononoki.org, 1
+onoranze-funebri.biz, 1
+onore.org, 1
+onospancakehouse.com, 1
+onoticiado.com.br, 1
+onourwifi.com, 0
+onoweb.be, 1
+onpatient.com, 1
+onpaws.com, 1
+onpay.io, 1
+onpermit.net, 1
+onpointinsights.us, 0
+onpointplugins.com, 1
+onpopup.ga, 1
+onporn.fun, 1
+onrealt.ru, 1
+onrr.gov, 1
+onsemediagroup.ml, 1
+onsenlaichelesdoigts.be, 1
+onsetupdates.com, 1
+onsinscrit.com, 1
+onsite4u.de, 1
+onsitespeedometer.com, 1
+onslaughtstreetboarding.tk, 1
+onslowsheriffnc.gov, 1
+onsoppad.nl, 1
+onspring.com, 1
+onstat.tk, 1
+onsudoku.com, 1
+onsweb.nl, 1
+ontargetsystem.ru, 1
+ontariocat.com, 1
+ontariocountyny.gov, 1
+ontariodog.com, 1
+ontariohearing.com, 1
+ontarioplace.com, 1
+ontariostorage.com, 1
+ontdekhetzelf.nu, 1
+ontestpad.com, 1
+onthe.network, 1
+ontheballbuilding.com.au, 1
+onthecheap.store, 0
+onthegosystems.com, 1
+onthesocials.com.au, 1
+ontheten.org, 1
+onthewaypodcast.com, 1
+ontogenese.net, 1
+ontopoflove.nl, 1
+ontourmarketing.at, 1
+ontrio.cz, 1
+ontrip.dk, 1
+ontrip.kr, 1
+ontsnappingskamer.nl, 1
+ontwerpdenkers.nl, 0
+onul.works, 1
+onurdemirezen.com, 1
+onurer.net, 1
+onurerhan.com, 1
+onuruzunonline.com, 1
+onvey.io, 1
+onvisit.net, 1
+onvori.com, 1
+onvori.de, 1
+onvousment.fr, 1
+onwie.com, 1
+onwie.fr, 1
+onx.dk, 1
+onysix.de, 1
+onysix.net, 1
+onyx-groups.com, 1
+onyxcts.com, 1
+onyxgen.duckdns.org, 1
+onzelievevrouw-veldegem.tk, 1
+onzerelaties.net, 1
+oo5197.co, 1
+oo6729.co, 1
+oo6729.com, 1
+oo6957.co, 1
+oo9297.co, 1
+oo9397.com, 0
+oo9721.com, 0
+oo9728.co, 1
+oodlessoftplay.co.uk, 1
+ooeste.com, 0
+oofishing.ru, 1
+oog-osaka.jp, 1
+oogami.name, 1
+oogartsennet.nl, 1
+oogent.be, 1
+ooharttemplates.com, 1
+oohlala.studio, 1
+ooii.net, 1
+oomepu.com, 1
+oomnitza.com, 1
+oomph-delikatessen.tk, 1
+oomuj.info, 1
+oonne.com, 1
+ooo-santal.ml, 1
+ooo.xxx, 1
+oooh.events, 1
+ooonja.de, 1
+oooo.loan, 1
+ooooo.cz, 1
+ooove.ru, 1
+oopsis.com, 1
+oopure.com, 1
+oorbellen.nl, 1
+oortcast.com, 1
+oositk.tk, 1
+oosm.org, 1
+oosolutions.nl, 1
+oostendevooranker.be, 0
+oot.rs, 1
+op11.co.uk, 0
+op3racional.eu, 1
+opacity.au, 1
+opaco.tk, 1
+opadaily.com, 1
+opale-concept.com, 1
+opalesurfcasting.net, 1
+opalhunter.at, 1
+opalternative.tk, 1
+oparamo.tk, 1
+oparceirao.com.br, 1
+oparideal.com.br, 1
+oparl.org, 1
+opatowice.tk, 1
+opatut.de, 0
+opb.de, 1
+opbedbugcanines.com, 1
+opcenter.de, 1
+opcionpublicitaria.com, 1
+opcod3.io, 1
+opcoes.net.br, 1
+opdera.org, 1
+opdi.aero, 1
+ope.ee, 1
+opel-focken.de, 1
+opelim.net, 1
+open-ai-chatgpt.ru, 1
+open-banking-access.uk, 1
+open-bs.com, 1
+open-bs.ru, 1
+open-ctp.com, 1
+open-ctp.net, 1
+open-ctp.org, 1
+open-data-apps.org, 1
+open-desk.org, 1
+open-domotics.info, 0
+open-fixture-library.org, 1
+open-future.info, 1
+open-gaming.net, 1
+open-greenenergy.com, 1
+open-infrastructure.net, 1
+open-letters.de, 1
+open-mesh.org, 1
+open-novel.work, 1
+open-procurement.com, 1
+open-sauce-recipes.co.uk, 1
+open-source.gr, 1
+open-to-repair.fr, 0
+open-trip.id, 1
+open-work.space, 1
+open-xchange.com, 1
+open.film, 1
+open.my.id, 1
+open.ru, 1
+openacte.ch, 0
+openagenda.com, 1
+openai.com, 1
+openai.community, 1
+openalt.org, 1
+openaq-staging.org, 1
+openarch.nl, 1
+openarchivaris.nl, 1
+openbayes.network, 1
+openbayesstatus.com, 1
+openbeecloud.com, 1
+openbet.it, 1
+openbible.com.au, 1
+openbiblebookstore.com.au, 1
+openbleam.com, 1
+openblox.org, 1
+openbook.net, 1
+openbriefing.org, 1
+openbsd.cz, 1
+openbsdhosting.com, 1
+openbusiness.tk, 1
+opencache.uk, 1
+opencagedata.com, 1
+opencartbot.com, 1
+opencartspecialist.com, 1
+openchronicles.net, 1
+opencircuit.nl, 1
+opencity.spb.ru, 1
+openclima.com, 1
+openclub24.ru, 1
+openconf.uk, 1
+openconnect.com.au, 1
+opencpes.com, 0
+opencpes.info, 1
+opencpes.io, 1
+opencpes.net, 1
+opencpes.org, 1
+opencrm.co.uk, 1
+openctp.com, 1
+openctp.net, 1
+openctp.org, 1
+opendata.cz, 1
+opendataincubator.eu, 1
+opendesk.cc, 0
+opendolls.com, 1
+opendsp.ru, 1
+openendpoint.tools, 1
+openevic.info, 1
+openexec.com, 1
+openexec.net, 1
+openfin.co, 1
+openfir.st, 0
+openfitapi-falke.azurewebsites.net, 1
+openfpcdn.io, 1
+openfuture.digital, 1
+opengameart.org, 1
+opengovpartnership.de, 1
+openhandhelds.org, 1
+openhistory.de, 1
+openinsieme.com, 1
+openintel.com.br, 1
+openintl.com, 1
+openjur.de, 1
+openkat.nl, 1
+openkim.org, 1
+openkvk.nl, 1
+openlitecache.com, 1
+openmail.ml, 1
+openmandriva.org, 1
+openmarkets.com.au, 0
+openmarkets.group, 0
+openmind.ga, 1
+openmindsec.com, 1
+openmindsec.de, 1
+openmined.org, 0
+openmirrors.cf, 1
+openmirrors.ml, 1
+openmtbmap.org, 1
+opennet.fund, 1
+opennippon.com, 1
+opennippon.ru, 1
+openpictures.ch, 1
+openpowerfoundation.org, 1
+openproject.com, 1
+openproton.cf, 1
+openprovider.nl, 0
+openqnx.com, 1
+openquery.com.au, 1
+openrainbow.ae, 1
+openrainbow.com, 1
+openrainbow.health, 1
+openrainbow.net, 1
+openrainbow.org, 1
+openre.site, 1
+openrealestate.co, 1
+openreel.com, 0
+openremote.io, 1
+openresearch.amsterdam, 1
+openreview.net, 1
+openroademail.com, 1
+openrtm.org, 1
+openruhr.de, 1
+openscience.ml, 1
+opensecurity.in, 1
+opensecurity.pl, 1
+opensim.tk, 1
+openslava.tk, 1
+opensocial.at, 1
+opensocietyuniversitynetwork.org, 1
+opensource-cms.nl, 1
+opensource-training.de, 1
+opensource.fund, 1
+opensourcecombat.com, 1
+opensourcesoftware.rocks, 1
+opensourcesurvey.org, 1
+opensourcex.tk, 1
+openspot.tk, 1
+opensquares.org, 1
+opensrc.one, 1
+openssl.org, 1
+openstandia.jp, 1
+openstem.com.au, 1
+openstreetmap.is, 1
+openstreetmap.org, 1
+opentable.com, 1
+opentable.com.au, 1
+opentrack.info, 1
+opentrader.com.au, 0
+opentrash.org, 1
+openverse.com, 0
+openvision.tk, 1
+openvz.org, 1
+openwaveguide.de, 1
+openwifi.gr, 1
+openwrt-dist.tk, 1
+openxcom.org, 1
+openyoga.nl, 1
+opera.im, 1
+operacdn.com, 1
+operacionlimpieza.com, 1
+operad.fr, 1
+operadotejo.org, 1
+operahedeland.dk, 1
+operalogg.com, 1
+operanavigation.ro, 1
+operatic.gq, 1
+operationhomefront.org, 1
+operationkiwi.work, 1
+operationlifeline.ca, 1
+operationlifeline.org, 1
+operationturkey.tk, 1
+operationwarm.org, 1
+operator.tk, 1
+operatoresanitario.it, 1
+operaunica.tk, 1
+operd.gob.do, 1
+opexterminating.com, 1
+opfin.com, 1
+opgani7.info, 1
+ophelia.ink, 0
+ophepartners.org, 1
+ophidian.tk, 1
+ophthalmologynotes.tk, 1
+opiates.ca, 1
+opic.gov, 1
+opid.my.id, 1
+opieoils.co.uk, 1
+opil.no, 1
+opimo3d.com.br, 1
+opin.me, 1
+opinie.pl, 1
+opinio.fr, 1
+opinionipannolini.it, 1
+opinioniprodotto.it, 1
+opinionitech.com, 1
+opinionmodel.it, 1
+opiniterupdate.com, 1
+opioidaffectedyouth.org, 1
+opioids.co.uk, 1
+opioids.com, 1
+opioids.gov, 1
+opioids.uk, 1
+opioids.wiki, 1
+opioneers.ga, 1
+opioneers.tk, 1
+opiskelijaradio.com, 1
+opiskelijaradio.fi, 1
+opisrael.tk, 1
+opito.com, 1
+opium.io, 0
+opix.fr, 1
+opl.bz, 1
+oplane.io, 1
+oplata-mvd.ga, 1
+oplata-vklike.tk, 1
+oplata.uz, 1
+oplop.appspot.com, 1
+opm.gov, 1
+opmaakonderscheidingen.nl, 1
+opnay.com, 1
+opnx.dk, 1
+opoderdaenergiafeminina.com.br, 1
+opomec.com, 1
+opop.cz, 1
+opopulechki.tk, 1
+oportunidadeganhos.tk, 1
+oportunidadinfinita.tk, 1
+opos.cf, 1
+oposicionescastillayleon.com, 1
+oposicionescorreos.es, 1
+oposicionesprofesores.tk, 1
+opp.moe, 1
+oppa888.com, 1
+oppa888.net, 1
+oppabet.com, 1
+oppada.com, 1
+oppejoud.ee, 1
+oppekepe.org, 0
+opploans.com, 1
+opportunity.de, 1
+opportunity.ng, 1
+opportunityfund.eu, 0
+opportunityliu.top, 1
+opportunitylouisiana.gov, 1
+opposer.me, 1
+oppositehq.com, 0
+oppositionsecurity.com, 1
+oppoweb.ml, 1
+oppress.life, 1
+oppstartslos.no, 1
+oppwa.com, 1
+opq.pw, 1
+opraab.ga, 1
+oprbox.com, 1
+oprekin.com, 1
+opreturn.org, 1
+opritten-en-terrassen.be, 1
+opritverklikker.nl, 1
+opromox.com, 1
+oprueba.com, 1
+opryshok.com, 1
+ops.ai, 1
+ops.com.pl, 1
+opsbase.com, 1
+opsecx.com, 1
+opskins.tk, 1
+opskiwi.work, 1
+opsmate.com, 0
+opsnotepad.com, 1
+opso.gov, 1
+opspedia.id, 1
+opstory.com, 1
+opstrengning.tk, 1
+opsystems.bg, 1
+opteamax.de, 1
+opteamax.eu, 1
+optenhoefel.de, 1
+optgo.com.ua, 1
+opti-net.solutions, 1
+optic-street.ru, 1
+optical-faking.tk, 1
+opticalprescriptionlab.com, 1
+opticaltest.com, 1
+opticamasvision.com, 1
+opticasocialvision.com, 1
+opticianedu.org, 1
+opticiansri.org, 1
+opticoolheadgear.com, 1
+opticsexplorer.com, 1
+opticstore.com.ua, 1
+optiekzien.nl, 0
+optifleet-evol.net, 1
+optifury.com, 1
+optigazelle.com, 1
+optigear.nl, 1
+optik-sehstern.de, 1
+optik-tamara.de, 1
+optik-trosdorff.de, 1
+optikflow.com, 1
+optikoscolombia.com, 1
+optilan.tk, 1
+optimakers.pl, 1
+optimale.co.uk, 1
+optimall.tk, 1
+optimalrehab.se, 1
+optimalruby.com, 1
+optimaner.pl, 1
+optimed.tk, 1
+optimised.cloud, 1
+optimised.io, 1
+optimisedlabs.co.uk, 1
+optimisedlabs.info, 1
+optimisedlabs.net, 1
+optimisedlabs.uk, 1
+optimist.bg, 1
+optimization-online.org, 1
+optimizationanalyticsest.ga, 1
+optimize-jpg.com, 1
+optimizedlabs.co.uk, 1
+optimizedlabs.info, 1
+optimizedlabs.net, 1
+optimizedlabs.uk, 1
+optimom.ca, 1
+optimon.io, 1
+optimumfmw.com, 1
+optimummanagement.net, 1
+optimummarinemanagement.net, 1
+optimummenhealth.com, 1
+optimumpacific.net, 1
+optimumship.net, 1
+optimumtic.es, 0
+optimumvikingsatcom.com, 1
+optimumwebdesigns.com, 1
+optimus.io, 1
+optimuscrime.net, 1
+optimuslearningschool.com, 1
+optimust.fi, 1
+optiondisplay.com, 1
+options-today.com, 1
+optionsfund.cn, 1
+optionskredit.ag, 1
+optionskredit.biz, 1
+optionskredit.com, 1
+optionskredit.eu, 1
+optionskredit.info, 1
+optionskredit.net, 1
+optionskredit.org, 1
+optionsloop.com, 1
+optique-morice.com, 1
+optirank.co, 1
+optisell.ga, 1
+optiwebopz.com, 1
+optmos.at, 1
+optogenics.com, 1
+optolamp.com.br, 1
+optomaeurope.com, 0
+optome.com, 1
+optoms.tk, 1
+optoutday.de, 1
+optoutpod.com, 1
+optru.eu.org, 1
+opture.ch, 1
+optykgill.pl, 1
+optymyze.com, 1
+opus-codium.fr, 1
+opus-labs.fr, 1
+opus-nail.com, 1
+opusdei.org, 1
+opuspremiumfilms.com, 1
+opussystems.com.au, 1
+opvakantie-noorwegen.nl, 1
+opvakantie-zweden.nl, 1
+opvoedingswinkelgent.be, 1
+opwaarts.tk, 1
+opwekking.tk, 1
+opzich.nl, 1
+oqevapimivud.tk, 1
+oqkd.eu, 1
+oqpo.ru, 1
+oqrqtn7ynmgc7qrgwd-ubhdvfiymfbjrh5ethdti8.com, 0
+oquedizabiblia.com.br, 1
+oqwebdesign.com, 1
+orablanket.co.nz, 1
+oracle-support.nl, 1
+oracleclown.com, 1
+oracolo.tk, 1
+oraculos.pt, 1
+oraculosiono.net, 0
+oraklinika.tk, 1
+oralb.com, 1
+oraldigital.com.br, 1
+oralemiraza.com, 1
+oralight.ml, 1
+orang-utans.com, 1
+orange.md, 1
+orangeacademy.cz, 1
+orangeappalam.com, 1
+orangecityfl.gov, 1
+orangefinanse.com.pl, 1
+orangehome.ga, 1
+orangejetpack.com, 1
+orangekey.tk, 1
+orangelandgaming.com, 1
+orangenj.gov, 1
+orangenuts.in, 1
+orangepages.ga, 1
+orangerock.tk, 1
+orangeshop.ee, 1
+orangesquash.org.uk, 0
+orangesquirrelevents.co.uk, 1
+orangetexas.gov, 1
+orangetown.com, 1
+orangtua.tk, 1
+oranjee.net, 0
+oranjerie.tk, 1
+orano.vn, 1
+oranous.tk, 1
+oranweb.tk, 1
+oraz.tk, 1
+orazen.it, 1
+orbassano5aele2021.tk, 1
+orbesurgeons.com.au, 1
+orbik.com, 1
+orbit.aero, 1
+orbit.church, 1
+orbita.zp.ua, 1
+orbitabaja.com, 1
+orbitaclub.cf, 1
+orbital3.com, 1
+orbitalcommerce.com.br, 0
+orbitcleaning.com.au, 1
+orbitdefence.co.uk, 1
+orbitfoods.ca, 1
+orbitforum.ga, 1
+orbitgoods.ca, 1
+orbitpro.co, 1
+orbits.ga, 1
+orbitum.fr, 1
+orbitum.space, 1
+orbu.net, 1
+orbussoftware.com, 0
+orca.pet, 0
+orcada.co, 1
+orcahq.com, 1
+orcamais.com.br, 1
+orcamarine.tk, 1
+orcas.tk, 1
+orcawiki.nl, 1
+orchardnh.org, 1
+orchestra-ppm.io, 1
+orchestra.tk, 1
+orchidee-mariage.com, 1
+orchidee-massage.tk, 1
+orchideemilano.it, 1
+orchidhousehotels.com, 1
+orchidinsurance.com, 1
+orchidlive.com, 1
+orchidplantscare.com, 1
+orchids.ua, 1
+orchidsforum.com, 1
+orcomsilver.tk, 1
+orcsnet.com, 1
+orcz.cz, 1
+ord-airportparking.com, 1
+ordastoikennel.tk, 1
+ordbokpro.se, 1
+ordenmutantes.tk, 1
+order-a-laura.de, 1
+order-ftw.de, 1
+order-tools.io, 1
+order.catering, 1
+order.online, 1
+ordercipro.gq, 1
+orderdiflucan.ga, 1
+ordereze.com, 1
+ordermore.cloud, 1
+ordermygear.com, 1
+ordernerd.com, 1
+orderomnicef.gq, 1
+orderpizza.tk, 1
+orderseason.digital, 1
+orderteethest.ga, 1
+ordervaltrexonlines.ga, 1
+ordevanoranjenassau.nl, 1
+ordigame.com, 1
+ordilo.org, 1
+ordina.tk, 1
+ordinals.com, 1
+ordner.tk, 1
+ordoro.com, 1
+ordr.net, 1
+ordr.no, 1
+ordremk.fr, 1
+orduhaberleri.tk, 1
+ore.cool, 1
+oreber.com, 1
+oref-idf.com, 0
+oref-idf.net, 0
+oref-idf.org, 0
+orefice.roma.it, 1
+oregon2020census.gov, 1
+oregonatv.gov, 1
+oregoncoop.gov, 1
+oregonenergysaver.com, 1
+oregonmenshealth.com, 1
+oregonpasturenetwork.org, 1
+oregonstudentaid.gov, 1
+orehoreh.ru, 0
+orel-city.ml, 1
+orel-sait.tk, 1
+orel.ga, 1
+orel.se, 1
+orelblog.tk, 1
+orelferm.ru, 1
+orelnet.tk, 1
+orem.gov, 1
+orenburg-life.tk, 1
+orendamebliv.com.ua, 1
+orendatattoo.bg, 1
+orenohatake.com, 1
+orensport.tk, 1
+oreo.rocks, 1
+oreomuhely.hu, 1
+oresama.studio, 1
+oreshinya.xyz, 1
+oreskylaw.com, 1
+orestadit.dk, 1
+oreto.de, 0
+orevan.net, 1
+orevan.org, 1
+orf-digitalsatkarte.at, 0
+orf-kartentausch.at, 0
+orfelios.com, 1
+orfeo-engineering.ch, 1
+orfininumeister.it, 1
+orfordvillewi.gov, 1
+org-css.tk, 1
+organaqsis.com, 1
+organdonor.gov, 1
+organic.pk, 1
+organicae.com, 1
+organicappraisalers.ga, 1
+organicaromas.com, 1
+organicindiausa.com, 1
+organicmachinery.net, 1
+organicossuliani.com.br, 1
+organicpoint.in, 1
+organicrootsfestival.tk, 1
+organicsearcher.com, 1
+organicseo4u.com, 1
+organictanningest.ga, 1
+organisatieteam.nl, 1
+organisation-evenement-vaud.ch, 1
+organisation-mariage.net, 1
+organizacasa.com.br, 1
+organizalpha.com, 1
+organizasyon.tk, 1
+organization-of-holidays.tk, 1
+organizedrhyme.tk, 1
+orgasmium.com, 1
+orged.de, 1
+orgoniteindonesia.com, 1
+orgsyn.in, 1
+orgtech.ga, 1
+orgyporngroup.com, 1
+orians.eu, 1
+oriatasi.tk, 1
+oribia.net, 1
+oricejoc.com, 0
+orido.org, 1
+oriental-events.net, 1
+orientalart.nl, 1
+orientalcollege.tk, 1
+orientalcuisine.tk, 1
+orientalgadgets.tk, 1
+orientaltrends.com.br, 1
+orientate.com.mx, 1
+orientir.tk, 1
+oriflamesamara.tk, 1
+oriflameszepsegkozpont.hu, 1
+orifonline.ro, 0
+origami.to, 1
+origamiii.me, 1
+origamiking.wiki, 1
+origemtemperos.com.br, 1
+origenarts.com, 1
+origent.com, 1
+originahl-scripts.com, 1
+original-christstollen.com, 1
+original-christstollen.de, 1
+originalabsinthe.com, 1
+originalblackfilms.ga, 1
+originalescaro.tk, 1
+originalmusicstream.tk, 1
+originalniknihy.cz, 0
+originalpharmacygrup.ml, 1
+originalreading.com, 1
+originalseconds.com, 0
+originaltee.uk, 1
+origingames.tk, 1
+originpc.com, 0
+origins-webdesign.fr, 1
+origintlsflexible.com, 1
+origintlsfull.com, 1
+origintlsstrict.com, 1
+origintunes.tk, 1
+orikos.tk, 1
+orikum.org, 0
+orilliacdc.com, 1
+orilon.fr, 1
+orimex-mebel.ru, 1
+orimono.ga, 1
+oriocdn.com, 1
+orion-rentals.tk, 1
+orion-universe.com, 1
+orioncokolada.cz, 0
+orioneclipse.com, 1
+orionelement.com, 1
+orionfcu.com, 1
+orionfinancialservices.com, 1
+oriongames.eu, 1
+orionlab.com.br, 1
+orionrisk.com, 1
+oris.edu.ee, 1
+oriveda.ch, 1
+oriveda.co.uk, 1
+oriveda.com, 1
+oriveda.nl, 1
+oriya-hrs.com, 1
+orizarja.tk, 1
+orkaev.cf, 1
+orkestar-krizevci.hr, 1
+orkiv.com, 0
+orkkikerho.tk, 1
+orland.tk, 1
+orlandgo.com, 1
+orlandhillspdil.gov, 1
+orlando-marijuana-doctor.com, 1
+orlandobalbas.com, 1
+orlandojetcharter.com, 1
+orlandooutdoor.com, 1
+orlandopooltech.com, 1
+orlandoprojects.com, 1
+orlandorentavilla.com, 1
+orleansiowa.gov, 1
+orleika.io, 1
+orleika.ml, 1
+ormanetrading.com, 1
+ormuratore.com, 1
+ornc.org, 1
+ornikar.com, 1
+ornithopter.tk, 1
+ornitina.com, 1
+ornsyn.no, 1
+ornua.com, 1
+ornz.net, 0
+oro.milano.it, 1
+oro.roma.it, 1
+orocojuco.com, 1
+oroconews.com.br, 1
+orodelsalento.com, 1
+orologeria.roma.it, 1
+orologi.roma.it, 1
+oronomn.gov, 1
+oroshikikin.jp, 1
+orovillelaw.com, 1
+orpf.ir, 1
+orphee-beaute.com, 0
+orphelinsdeduplessis.com, 1
+orpheus.network, 1
+orpheus2.com.ec, 1
+orquestas.tk, 1
+orrs.de, 1
+orsal.fr, 1
+orsgo.com, 1
+ortahisarsigorta.com, 1
+ortanatech.com, 1
+ortecapps-dev.com, 1
+ortecbdp.com, 1
+ortecdna.com, 1
+ortechealthtest.com, 1
+ortegaportfolio.com, 1
+ortegat.com, 1
+ortemis.host, 1
+orteo.co, 1
+ortho-graz.at, 1
+orthoatthevillage.com, 1
+orthocab.com, 1
+orthocop.cz, 1
+orthodealsers.ga, 1
+orthodontiste-geneve-docteur-rioux.com, 0
+orthodoxy.lt, 0
+orthograph.ch, 1
+orthomolecularproducts.com, 0
+orthopedic-shoes.tk, 1
+orthopedicsalon.tk, 1
+orthoprax.net, 1
+orthotrafficest.ga, 1
+ortiatuttogas.it, 1
+ortigueira.ga, 1
+ortizmario.com, 1
+ortocraft.tk, 1
+ortoemangiato.it, 1
+ortografiacerta.com.br, 1
+ortoinnovapanama.com, 1
+ortop.ua, 1
+ortopedia.tk, 1
+ortopertutti.it, 1
+ortto.com, 0
+oruggt.is, 1
+orum.in, 1
+orwell.tk, 1
+oryva.com, 1
+oryxlabs.com, 1
+oryxserver.ch, 1
+orzado.com, 1
+orzado.com.ua, 1
+orzechot.pl, 1
+os-s.de, 1
+os-s.net, 1
+os-t.de, 1
+os.web.tr, 1
+os24.cz, 1
+os33.net, 1
+os76.xyz, 1
+osaamiskartoitus.fi, 1
+osac.gov, 1
+osacrypt.studio, 1
+osagecounty-ok.gov, 1
+osagenation-nsn.gov, 1
+osagokasko.ga, 1
+osaka-hero-project.com, 0
+osakaevoce.com.br, 1
+osakagasaustralia.com.au, 1
+osakayuku.com, 1
+osakerekisteri.fi, 1
+osaketori.fi, 1
+osaki.fr, 1
+osallistuvavantaa.fi, 1
+osamabook.tk, 1
+osamakhalid.com, 1
+osamatoon.ml, 1
+osandp.com, 1
+osankj.tk, 1
+osano.com, 1
+osateam.tk, 1
+osawatomieks.org, 1
+osb-alliance.de, 1
+osbeck.com, 1
+osborn.io, 1
+osborne.tk, 1
+osbornecounty.gov, 1
+osborneinn.com, 0
+osbornepro.com, 1
+osburn.com, 1
+osbygymnasium.se, 1
+osc.gov, 1
+oscar.ms, 1
+oscarapp.net, 1
+oscarmartinez.tk, 1
+oscarr.nl, 1
+oscars-web.tk, 1
+oscarsalas.tk, 1
+oscarspatiobar.com, 1
+oscarvk.ch, 1
+osceolaar.gov, 1
+osceolacountyfl.gov, 1
+osceolacountyia.gov, 1
+osceolafdar.gov, 1
+osceolapdar.gov, 1
+osci.io, 1
+oscloud.com, 1
+oscom.tk, 1
+oscpi.com, 1
+oscreen.ru, 1
+osdeployment.com, 1
+osdeployments.com, 1
+osdls.gov, 1
+oseido.tk, 1
+osepideasthatwork.org, 1
+osereso.tn, 1
+oserver.click, 1
+oses.mobi, 0
+osetia.tk, 1
+osetinskie-pirogi.ga, 1
+osetiya.gq, 1
+osetiya.ml, 1
+osez-l-odyssee.fr, 1
+osgroup.tk, 1
+oshayr.com, 1
+oshea.cc, 1
+oshens.com, 1
+osholife.tk, 1
+oshrc.gov, 1
+osiedlemalownicze.wroc.pl, 1
+osimmo.fr, 1
+osindesejados.com.br, 1
+osipenko.ua, 1
+osiris-ai.co.uk, 1
+osirisrising.tk, 1
+osirisrp.online, 1
+osirium.com, 1
+osk-group.ru, 1
+oskety.com, 1
+oskrba.net, 1
+oskrba.online, 1
+oskuro.net, 1
+oslinux.net, 1
+oslo-kammerorkester.no, 1
+osm.is, 1
+osm.org, 1
+osmaniyehaber.tk, 1
+osmanlitakilari.tk, 1
+osmanlitorunu.com, 1
+osmarks.net, 1
+osmarks.tk, 1
+osmdroid.net, 1
+osmosebox.com, 1
+osmosis-inversa.online, 1
+osmre.gov, 1
+osmt.cc, 1
+osnova.cz, 1
+osobniterapeutka.cz, 1
+osobnyak.tk, 1
+osohq.com, 1
+osolutionscorp.com, 1
+osom.finance, 1
+osomagicmountain.com, 1
+osomjournal.org, 1
+osoo.kg, 1
+osorezone.com, 1
+osorio.io, 0
+ospis.pl, 1
+ospo-alliance.org, 1
+osrdmo.gov, 1
+osrs.wiki, 1
+osrsmap.net, 1
+osrsplugins.xyz, 1
+ossdiabolo.tk, 1
+osservatorionessuno.it, 1
+osservatorionessuno.org, 1
+ossigeno.tk, 1
+ossipee-nh.gov, 1
+ossrox.org, 1
+osszekotatermeszettel.hu, 1
+ostalb.social, 1
+ostan-collections.net, 1
+ostan-nku.tk, 1
+ostankino.tk, 1
+ostechnix.com, 1
+ostek.tk, 1
+ostendorf.com, 1
+osteolaclusaz.com, 0
+osteopathe-voisine.com, 1
+osteopathie-guggenberger.de, 1
+osteopatiaymasaje.com, 1
+osteriabellavista.ch, 0
+osteriadelponte.tk, 1
+osterkraenzchen.de, 1
+ostermcbride.com, 1
+ostern-osterfest.tk, 1
+ostgotakonst.se, 1
+osti.gov, 1
+ostimwebtasarim.name.tr, 1
+ostimyedekparca.com.tr, 1
+osto.us, 1
+ostp.gov, 1
+ostr.io, 1
+ostra.gg, 1
+ostra.me, 1
+ostrausercontent.com, 1
+ostravskypediatrickyden.cz, 1
+ostrov8.com, 1
+ostrovseocitra.cf, 1
+ostrovseocitra.ga, 1
+ostrovseocitra.gq, 1
+ostrovseocitra.ml, 1
+ostseebad-sellin.de, 1
+ostuninotizie.it, 1
+ostylelimo.com, 1
+osuarez3.com, 1
+osun.eu, 1
+osuszanie-krakow.pl, 1
+osuszanie-prinz.com.pl, 1
+osuszanie-radom.pl, 1
+osuszanie-warszawa.pl, 1
+osvaldocontreras.tk, 1
+osveld.com, 1
+osvhub.com, 1
+oswaldlabs.com, 1
+oswalds.co.uk, 1
+oswaldsmillaudio.com, 1
+oswegoil.gov, 1
+oswegony.gov, 1
+osworx.net, 1
+ot-honfleur.fr, 1
+ot-vinta.tk, 1
+otakaroltd.co.nz, 1
+otako.pl, 0
+otaku.fm, 1
+otakubox.de, 1
+otakucloud.net, 0
+otakuie.tk, 1
+otakurepublic.com, 1
+otakurumi.de, 1
+otakuzonefanzine.tk, 1
+otariarutiunian.com, 1
+otchecker.com, 1
+otd-dentalcare.com, 1
+otdel16.tk, 1
+otdelka56.ml, 1
+otdelka76.tk, 1
+otdelochnik.tk, 1
+otdih-krim.tk, 1
+otdyh-v-abhazii.tk, 1
+oteri.de, 1
+otg-drives.tk, 1
+otgadaika.tk, 1
+oth666.com, 0
+other98.com, 0
+othercdn.com, 1
+otherkinforum.com, 1
+otherlandlabs.com, 0
+otherwise.tk, 1
+othrys.net, 1
+oticasvisao.net.br, 1
+otimismoemrede.tk, 1
+otinane.eu, 1
+otipax.ru, 1
+otiumtech.com, 1
+otixz.com, 1
+otkm-stuttgart.tk, 1
+otmns.net, 1
+otng.us, 1
+otogeworks.com, 1
+otokiralama.name.tr, 1
+otokocikinciel.com, 1
+otoma.tk, 1
+otomania.tk, 1
+otomauto.com, 1
+otomekaito.xyz, 1
+otomny.fr, 1
+otomobilforumu.com, 1
+otomobilhaber.com, 1
+otonity.com, 1
+otoplastik.ml, 1
+otoplenie-ufa.ml, 1
+otorino.tk, 1
+otorium.gq, 1
+otorrino.pt, 0
+otosemi.com, 0
+otoy.com, 1
+otpbd.xyz, 1
+otpdvi.gov, 1
+otpgoldenfish.ro, 1
+otpnyugdij.hu, 1
+otpportalok.hu, 1
+otprema.hr, 1
+otpsmart.com.ua, 1
+otptikforum.cf, 1
+otr.ie, 1
+otrm.de, 1
+otrosidigo.tk, 1
+otrubah.com, 1
+ots.gov, 1
+otsfreestyle.jp, 1
+otsu.beer, 1
+ott-tv.org, 1
+ottawatribe.gov, 1
+ottens.tk, 1
+otterpops.tk, 1
+ottertailcounty.gov, 1
+ottertailcountymn.gov, 1
+otterupdate.com, 1
+ottervillemo.gov, 1
+otthonelektronika.hu, 1
+otticait.com, 1
+otticaturi.it, 1
+ottingergolf.com, 1
+ottmarliebert.tk, 1
+ottogroup.com, 1
+ottokrake.ba, 1
+ottomanbedsuk.tk, 1
+ottorinoferilli.com, 1
+ottoversand.at, 1
+otuts.eu, 1
+otvaracie-hodiny.sk, 1
+otya.me, 1
+otzyvy.cc, 1
+ouaibe.qc.ca, 1
+ouaisetalors.fr, 1
+ouattara.ch, 1
+oudedokken.be, 1
+oudersvannu.nl, 1
+ouestacro.fr, 1
+ouestfrance-auto.pro, 1
+ouezzan.tk, 1
+ouglor.com, 1
+oui-mais-toscope.info, 1
+ouin.land, 1
+oujj.link, 1
+oukasou.moe, 1
+oukasou.xyz, 1
+ouldlamara.tk, 1
+oulunjujutsu.com, 1
+oumactive.com, 1
+ouminews.net, 1
+oumlaut.net, 1
+oumorienteering.com, 1
+oumpower.com, 1
+oumrace.com, 1
+oumsnatch.com, 1
+oumsport.com, 1
+ounage.de, 1
+ouowo.gq, 1
+our-box.de, 1
+our-box.net, 1
+our-little-secret.tk, 1
+our-store.ml, 1
+ourai.ws, 1
+ourayco.gov, 1
+ourchoice2016.com, 1
+ourcloud.at, 1
+ourcodinglives.com, 1
+ourcreolesoul.com, 1
+ourcrowd.com, 1
+ourcybercommunity.com, 1
+ourdocuments.gov, 1
+ourevents.net, 1
+ourfamilyworld.com, 1
+ourgame.ie, 1
+ourharvest.com, 1
+ourhr.club, 1
+ourindiana.gov, 1
+ourladymountcarmel.net, 1
+ourladymtcarmel.org, 0
+ourladyofcalvary.org, 1
+ourladyoftheassumptionchurch.org, 1
+ourladyqueenofmartyrs.org, 1
+ourlink.tk, 1
+ourmarket.live, 1
+ournewsindia.ga, 1
+ourocg.cn, 1
+ouroh2.com, 1
+ouronyx.com, 0
+ouropal.com, 1
+ourpharmacynetwork.com, 1
+ourphonestoday.com, 1
+ourplanetary.com, 1
+ours.money, 1
+oursaintfrancis.org, 1
+oursibparksplan.com, 1
+oursportscentral.com, 1
+ourstory.rip, 1
+oursurplus.com, 1
+oursweb.com, 1
+oursweb.net, 1
+oursweb.org, 1
+ourtableforseven.com, 1
+ourteamforabetterworld.de, 1
+ouruglyfood.com, 1
+ourwits.com, 1
+ourworldindata.org, 0
+ourworldspeaks.com, 1
+oust.ch, 0
+oustaou-connect.com, 1
+out-of-england.cf, 1
+out-of-england.ga, 1
+out-of-england.gq, 1
+out-of-england.ml, 1
+outagamie.gov, 1
+outandaboutpv.com, 1
+outbankapp.com, 1
+outbot.com, 1
+outbound.tk, 1
+outbreak.games, 1
+outcasts-guild.eu, 1
+outdoorfurniture.ie, 1
+outdoorgearlab.com, 1
+outdoorimagingportal.com, 1
+outdoorlearningmap.com, 1
+outdoorlightingagoura.com, 1
+outdoorlightingagourahills.com, 1
+outdoorlightingcalabasas.com, 1
+outdoorlightingconejovalley.com, 1
+outdoorlightingdosvientos.com, 1
+outdoorlightinghiddenhills.com, 1
+outdoorlightinglakesherwood.com, 1
+outdoorlightingmalibu.com, 1
+outdoorlightingmoorpark.com, 1
+outdoorlightingnewburypark.com, 1
+outdoorlightingoakpark.com, 1
+outdoorlightingsimivalley.com, 1
+outdoorlightingthousandoaks.com, 1
+outdoorlightingwestlakevillage.com, 1
+outdoormanufaktur.com, 1
+outdoorphoto.co.za, 1
+outerface.net, 1
+outerheaven.pro, 1
+outerlimitsdigital.com, 1
+outernet.tk, 1
+outerspace.ga, 1
+outervision.com, 1
+outetc.com, 1
+outfaced-dancestudio.de, 1
+outfit-weimar.eu, 1
+outgress.com, 1
+outgrow.co, 1
+outhwaite.com, 1
+outincanberra.com.au, 1
+outinnationalsecurity.org, 1
+outka.xyz, 1
+outlaw-star.tk, 1
+outletcity.bg, 1
+outletstoresmalls.com, 1
+outline.ski, 1
+outline.vn, 1
+outlook.com, 1
+outlook.pl, 1
+outlookbythebay.com, 1
+outlookonthedesktop.com, 1
+outlooktransfer.com, 1
+outloudradio.uk, 1
+outnetic.com, 1
+outnow.ch, 1
+outoftheboxfitness.com, 1
+outofthefog.net, 1
+outofyourcomfortzone.net, 1
+outplnr.fr, 1
+output.com, 1
+outrider.ai, 1
+outshinesolutions.nl, 1
+outsideconnections.com, 1
+outsidershairboutique.com, 1
+outsize.tk, 1
+outsourcify.net, 1
+outsourcingdenomina.co, 1
+outsourcingnominabogota.com, 1
+outstack.vote, 1
+outstanding.tk, 1
+outstandingpromotion.com, 1
+outtask.ai, 0
+outwoodz.co.uk, 1
+outworking.com, 1
+ouvindo.com.br, 1
+ouwerling.tk, 1
+ov-chipkaart.nl, 1
+ovabastecedoraindustrial.com, 1
+ovago.com, 1
+ovalle.tk, 1
+ovallevirtual.tk, 1
+ovalterfurtado.com.br, 1
+ovationhand.com, 1
+ovc.gov, 1
+ovcttac.gov, 1
+ovegi.co.id, 1
+ovelhaostra.com, 1
+oven.media, 1
+ovenapp.io, 1
+ovenrepairaustin.com, 1
+overa.net, 1
+overallmotivation.com, 1
+overallscanners.tk, 1
+overca.sh, 1
+overcached.com, 1
+overcame.cf, 1
+overcasthq.com, 1
+overclockers.ga, 1
+overclockers.ge, 1
+overcomers.tk, 1
+overdrive-usedcars.be, 0
+overener.biz, 1
+overener.cn, 1
+overener.co, 1
+overener.com, 1
+overener.tech, 1
+overener.us, 1
+overflow.io, 1
+overframe.gg, 1
+overgear.tk, 1
+overground.tk, 1
+overhead.com.pe, 1
+overheek.tk, 1
+overlevers.tk, 1
+overlevingsmessen.nl, 1
+overlook.tk, 1
+overlooklakeaustin.com, 1
+overlord.network, 1
+overmorgen.nl, 1
+overnetfaq.tk, 1
+overnetworld.tk, 1
+overnightglasses.com, 1
+overpb.gq, 1
+overprint-samara.ru, 1
+overps.cf, 1
+overrated.ga, 1
+overratedtech.com, 1
+overrun.tk, 1
+overs.jp, 1
+oversea.com.br, 1
+overseamusic.de, 1
+overseasstudenthealth.com, 1
+overside.ml, 1
+oversight.garden, 1
+oversight.gov, 1
+oversight.nz, 1
+oversightboard.com, 1
+overspace.cloud, 1
+overstemmen.nl, 1
+overstockpromote.com, 1
+overthecloud.it, 1
+overthegate.tk, 1
+overtoncountytn.gov, 1
+overtunes.tk, 1
+overture.london, 1
+overwatchss.club, 1
+overzicht.pro, 1
+overzicht.ws, 1
+ovez.ga, 1
+ovhcdn.pw, 1
+ovidiusbouwbedrijf.nl, 1
+ovidro.pt, 0
+ovirt.org, 1
+oviser.ml, 1
+ovisy.com, 1
+ovnrain.com, 0
+ovochi.tk, 1
+ovodakadarkut.tk, 1
+ovomope.cn, 1
+ovosimpatico.com, 1
+ovosimpatico.org, 1
+ovpn.com, 1
+ovpn.to, 1
+ovstravel.com, 1
+ovuk.ru, 1
+ovvy.net, 0
+owagik.com, 1
+owatonna.gov, 1
+owatonnagrows.gov, 1
+owdeutschland.org, 1
+owenet.net, 1
+owensboroky.gov, 1
+owenschumacher.tk, 1
+owensmith.website, 1
+owensvilleoh.gov, 1
+owethecure.win, 1
+owfactory.com, 1
+owid.cloud, 1
+owise.tk, 1
+owl-media.pl, 1
+owl-media.ru, 1
+owl-media.us, 1
+owl-stat.ch, 0
+owl.net, 1
+owlandbee.co.uk, 1
+owlandbee.eu, 1
+owlandbee.uk, 1
+owlando.com, 1
+owlandrabbitgallery.com, 1
+owlazy.com, 1
+owlbee.be, 1
+owlbee.de, 1
+owlbee.es, 1
+owlbee.eu, 1
+owlbee.fr, 1
+owlbee.it, 1
+owlbee.nl, 1
+owldevelopers.tk, 1
+owlexa.com, 1
+owlhollowbakery.com, 1
+owln.ai, 0
+owlnull.me, 1
+owlscrap.ru, 1
+owlvilleers.ga, 1
+ownagepranks.com, 1
+ownc.at, 1
+owncloud.ch, 1
+owncloud.com, 1
+ownerbusiness.org, 1
+ownergroup.net, 1
+ownersre.com, 1
+owningless.fr, 1
+ownparking.com, 1
+ownspec.com, 1
+ownsport.fr, 1
+owntips.ml, 1
+owntournament.org, 1
+ownwolke.de, 1
+ownyourfamily.com, 1
+owo.enterprises, 1
+owo.jp, 1
+owrt-risk.dedyn.io, 1
+owyheecounty.gov, 1
+owysgarden.com.au, 1
+ox.restaurant, 1
+oxalato.com, 1
+oxaliz.gq, 1
+oxanababy.com, 1
+oxborrow.ca, 1
+oxbridge.eu, 1
+oxelie.com, 0
+oxen.io, 1
+oxfordandcambridgetutors.com, 1
+oxfordbio.com, 1
+oxfordbus.co.uk, 1
+oxforddigital.com.au, 1
+oxfordenglish.com.ua, 1
+oxfordkneeinfo.com, 1
+oxfordmd.gov, 1
+oxfordtutors.com, 1
+oxfordurgentclinic.com, 1
+oxia.me, 1
+oxialive.fr, 1
+oxiame.eu, 1
+oxibeiras.pt, 1
+oxide.social, 1
+oxidecomputer.net, 1
+oxidecomputer.social, 1
+oxidized.org, 1
+oxigenoinformatica.tk, 1
+oximedia.ga, 1
+oximoron.tk, 1
+oxinarf.pt, 1
+oxizonia.com, 0
+oxlab.com.ar, 1
+oxo.cloud, 0
+oxona.eu, 1
+oxoo.ooo, 1
+oxos.com, 1
+oxots.com, 1
+oxotscovid.com, 1
+oxt.co, 1
+oxwebdevelopment.com.au, 1
+oxxoshop.com, 0
+oxydac.com, 1
+oxydrate.com, 1
+oxygames.tk, 1
+oxygenated.cf, 1
+oxygenforchennai.com, 1
+oxygin.net, 0
+oxylabs-china.net, 1
+oxylabs.cn, 1
+oxylabs.io, 1
+oxylog.fr, 1
+oxymail.ru, 1
+oxymoron.tk, 1
+oxynux.xyz, 1
+oxytocin.org, 1
+oxytocin.wiki, 1
+oxyx.tk, 1
+oxz.me, 1
+oya.ai, 1
+oyal.co.uk, 1
+oyama-conf.com, 1
+oyama-karate.tk, 1
+oyap.ca, 1
+oyaphwcdsb.com, 1
+oyapkprdsb.ca, 1
+oyaptcdsb.com, 1
+oyaquelegal.com.br, 1
+oyensglobal.com, 1
+oyesunn.com, 0
+oyk13tyuj8ljpete31edj2tes-9if7bi.com, 0
+oyosoft.fr, 1
+oyosoft.net, 1
+oyr79.tk, 1
+oysterboxhotel.com, 1
+oysterworldwide.com, 1
+oystr.xyz, 1
+oyun.news, 1
+oyundijital.com, 1
+oyungg.net, 0
+oyunmadeni.tk, 1
+oyunnetwork.com, 1
+oyunnext.com, 1
+oyunoynuyalim.tk, 1
+oyunshell.com, 1
+oyversus.com, 1
+oz-artfocus.com, 1
+oz-style.com, 1
+ozacek.fun, 1
+ozark-serial.net, 1
+ozarkinspected.com, 1
+ozaukeecounty.gov, 1
+ozaymotor.com, 1
+ozbekistanhavayolu.com.tr, 1
+ozbolt.eu, 1
+ozcare.org.au, 1
+ozcreatives.tech, 1
+ozdemirgrubu.com, 1
+ozdenotomotiv.com.tr, 1
+ozdevelopment.com, 1
+ozel-ders.tk, 1
+ozelgitardersi.tk, 1
+ozellaruck.tk, 1
+ozemsec.com.br, 1
+ozerify.com, 1
+ozero-kardyvach.ru, 1
+ozgesezen.com, 1
+ozgurbozkurt.com, 1
+ozgurgokmen.net, 1
+ozgurkazancci.com, 1
+ozhegov.site, 0
+ozli.ga, 1
+ozmo.ml, 1
+ozna.tk, 1
+oznamovacipovinnost.cz, 1
+ozoksteel.com, 1
+ozone-medical.fr, 1
+ozonitron.com, 1
+ozonitron.de, 1
+ozonitron.eu, 1
+ozonstyle.ga, 1
+ozonytron.com, 1
+ozonytron.de, 1
+ozonytron.eu, 1
+ozoz.cc, 1
+oztorah.com, 1
+ozvoip.net, 1
+ozvolvo.org, 1
+ozzie.fr, 1
+ozzyfant.de, 1
+p-art.design, 1
+p-fent.ch, 1
+p-home.tk, 1
+p-insurgence.com, 1
+p-k-b.com, 1
+p-konto.tk, 1
+p-ku.com, 1
+p-p.site, 1
+p-pac.com, 0
+p-pc.de, 1
+p-t.io, 1
+p.ac, 1
+p.lu, 1
+p.sb, 1
+p02.de, 1
+p0l.de, 1
+p1-acc.nl, 1
+p1-apps.nl, 1
+p1-test.nl, 1
+p10.ru, 0
+p1984.nl, 0
+p1cn.com, 1
+p1group.com, 1
+p1ratrulezzz.me, 1
+p22.co, 1
+p2enews.com, 1
+p2p-tv.tk, 1
+p2pool.observer, 1
+p2r.ru, 1
+p3.marketing, 1
+p30mororgar.ir, 1
+p333aa.com, 1
+p333b.net, 1
+p333e.net, 1
+p333j.net, 0
+p36533.com, 1
+p3medicalinc.com, 1
+p3ter.fr, 1
+p4.pm, 1
+p4c-admin.azurewebsites.net, 1
+p4p.click, 1
+p4plus2.com, 1
+p4t.co, 1
+p5197.co, 1
+p5r.uk, 1
+p6729.co, 1
+p6957.co, 1
+p7jl.com, 1
+p7m.de, 1
+p7m.eu, 1
+p7sesvhc.com, 1
+p82365.com, 1
+p8r.de, 1
+p91aa.com, 1
+p9297.co, 1
+p9721.com, 0
+p9728.co, 1
+p99perf.com, 1
+p99performance.com, 1
+p9cq.com, 1
+p9d1.com, 1
+pa-w.de, 1
+pa.search.yahoo.com, 0
+pa1ch.fr, 1
+pa5am.nl, 1
+paack.co, 1
+paack.com, 1
+paal.network, 1
+paanews.com, 1
+paarberatung-hn.de, 1
+paardekoopergroup.com, 1
+paardenfotografie-nederland.nl, 1
+paardenhulp.nl, 1
+paardensportbak.nl, 1
+paarissohail.tk, 1
+paaseiland.org, 1
+paaspasst.de, 1
+paass.net, 0
+paaster.io, 0
+paazmaya.fi, 1
+pabio.com, 1
+pablikado.cz, 1
+pablo-serrano.com, 1
+pablo-sky.tk, 1
+pablo.im, 0
+pablo.io, 1
+pablo.scot, 1
+pablo.sh, 1
+pabloarcuri.com, 1
+pabloartea.ga, 1
+pabloarteaga.co.uk, 1
+pabloarteaga.com, 1
+pabloarteaga.com.es, 1
+pabloarteaga.es, 1
+pabloarteaga.eu, 1
+pabloarteaga.info, 1
+pabloarteaga.me, 1
+pabloarteaga.name, 1
+pabloarteaga.net, 1
+pabloarteaga.nom.es, 1
+pabloarteaga.org, 1
+pabloarteaga.science, 1
+pabloarteaga.tech, 1
+pabloarteaga.uk, 1
+pabloarteaga.xyz, 1
+pablocamino.tk, 1
+pablocelorio.com, 1
+pablofain.com, 0
+pablofonta.es, 1
+pablolopezlujan.es, 1
+pablomachado.tk, 1
+pablomolina.tk, 1
+pablomoreno.tk, 1
+pablonadiecomotu.tk, 1
+pabloroblesminister.com, 1
+pablosaraiva.com, 1
+pabpunk.tk, 1
+pacatlantic.com, 1
+pacay.id, 1
+pacch.io, 1
+pacco.tk, 1
+paccolat.name, 1
+pace.car, 0
+pace.cool, 1
+pacecare.com, 1
+pacecounsel.com, 1
+paceda.nl, 1
+pacelink.de, 1
+pacem.global, 1
+pacemakers.ml, 1
+pacemigration.com.au, 0
+pacenterforhearingandbalance.com, 1
+pachaiyappas.org, 1
+pachalingo.tk, 1
+pachamamaproduct.com, 1
+pachinstyle.com, 1
+pachuca.social, 1
+pachuta.pl, 1
+pacificaent.net, 1
+pacificarperu.com, 1
+pacificbags.com.au, 1
+pacificbeachpub.com, 1
+pacificblue.kiwi, 1
+pacificblue.software, 1
+pacificcashforcars.com.au, 1
+pacificcoast.com, 1
+pacificcycling.ga, 1
+pacificgynsurgicalgroup.com, 1
+pacifichospitalists.com, 1
+pacificislander.org, 1
+pacifico.com.pe, 1
+pacificocooler.com, 1
+pacificpackaging.com.au, 1
+pacificpalisadeselectric.com, 1
+pacificpalisadeselectrical.com, 1
+pacificpalisadeslandscapelighting.com, 1
+pacificpalisadeslighting.com, 1
+pacificprivatebank.com, 1
+pacificpuke.com, 1
+pacificrimcollege.online, 1
+pacificstandard.com, 1
+pacificstates.net, 1
+pacifictechnologie.com, 1
+pacifictilkin-occasions.be, 1
+pacifique-web.nc, 1
+pacifistka.tk, 1
+pack-haus.de, 1
+pack.com.ua, 1
+pack.rocks, 1
+pack1537.org, 1
+pack183.com, 1
+pack50cubs.org, 1
+packagestours.com, 1
+packaging-design.net, 1
+packaginghouse.co.nz, 1
+packagingproject.management, 1
+packagist.jp, 1
+packagist.org, 0
+packair.com, 1
+packandseal.in, 1
+packedagain.com, 1
+packer.io, 0
+packetapp.ru, 1
+packetcrash.net, 1
+packetfabric.com, 1
+packetlinux.com, 1
+packetmail.net, 1
+packetnomad.net, 1
+packetoverflow.com, 1
+packlane.com, 1
+packliberte.org, 1
+packservice.es, 1
+packservice.it, 1
+packtracking.org, 1
+packwire.com, 1
+paclease.com.my, 1
+pacman.ltd, 1
+pacobarbera.tk, 1
+pacoda.de, 0
+pacogarcia.tk, 1
+pacogorzados.tk, 1
+pacot.es, 1
+pacpost.live, 1
+pact2017.nl, 1
+pactandoconlamoda.com, 1
+pacteo.com, 1
+pactf-flag-4boxdpa21ogonzkcrs9p.com, 1
+pactf.com, 1
+pactrol.com, 1
+pacxodka.ru, 1
+paczkadlawieznia.pl, 1
+paczkahigieniczna.pl, 1
+paczkazywnosciowa.pl, 1
+pad.wf, 1
+padam-group.com, 1
+padangkita.com, 0
+padberx-marketing-consultants.de, 1
+padderne.tk, 1
+paddestoelen-encyclopedie.tk, 1
+paddy.rocks, 1
+padichota.tk, 1
+padisahbilisim.tk, 1
+padle.ml, 1
+padmagroup.com, 1
+padovaoggi.it, 1
+padpilot.co, 1
+padremiguel.pt, 1
+padron.com.es, 1
+padshah.tk, 1
+paducaheic.com, 1
+padzilla.com, 1
+pae.com, 1
+paedlink.ca, 1
+paermartinsson.se, 1
+paesa.es, 1
+paesi.info, 1
+paff.xyz, 1
+paga.red, 1
+pagalnew.com, 1
+pagalofacil.com, 1
+pagalworld-news.ml, 1
+pagalworld.com, 1
+pagalworld.mobi, 1
+pagalworld.name, 1
+pagalworld.tv, 1
+pagalworld.us, 1
+pagancollective.cf, 1
+paganismguide.com, 1
+paganistisch-forum.tk, 1
+pagatuarriendo.cl, 1
+pagbitcoin.com, 1
+page, 1
+page-engine.tk, 1
+page-speed.ru, 1
+page.lgbt, 1
+page12.tk, 1
+pageboard.fr, 1
+pageboard.io, 1
+pagecdn.io, 1
+pagedesignhub.com, 1
+pagedesignpro.com, 1
+pagedesignshop.com, 1
+pagedesignweb.com, 1
+pagefulloflies.io, 1
+pagenews.tk, 1
+pagenstedt.de, 1
+pagepapi.com, 1
+pagerange.com, 1
+pagerduty.com, 1
+pages-tocaven.com, 1
+pagesdemo.xyz, 1
+pagespeaker.com, 1
+pagespeedwizard.com, 1
+pagestash.net, 1
+pageuppeople.com, 1
+pagevitals.com, 1
+pagewizz.com, 1
+pagexl.com, 1
+pagiamtzis.com, 1
+pagina394.com.br, 1
+paginamaravillosa.tk, 1
+paging.blog, 0
+pagliucadb.ddns.net, 1
+pagodart.com.br, 1
+pagueveloz.com.br, 1
+paguponku.com, 1
+pagure.io, 1
+pagure.org, 1
+pahadee.coffee, 1
+pahe.win, 1
+pahealthbilling.com, 1
+pahira.gq, 1
+paho.org, 1
+pahom.gq, 1
+pahrumpnv.gov, 1
+pahui.cf, 1
+pahui.ml, 1
+pahuudenanatomia.fi, 1
+paide.edu.ee, 1
+paidnaija.com, 0
+paidsurveys.tk, 1
+paidtocode.com, 1
+paidtodesign.com, 1
+paidtodev.com, 1
+paiementdp.com, 1
+paiementpasseport-mali.com, 1
+paige.ai, 1
+paigethegeek.com, 1
+paiinternational.in, 1
+painart.ru, 1
+paincareehr.com, 1
+painclinic.tk, 1
+paincore.tk, 1
+paindata.dk, 1
+paine.tv, 1
+painefamily.co.uk, 1
+painesvillemunicipalcourt-ohio.gov, 1
+painfreenyc.com, 1
+painful.fun, 1
+painkiller-tech.com, 1
+painkillercart.com, 1
+painosso.org, 1
+paint-it.pink, 1
+paint4.life, 1
+paintball-ljubljana.si, 1
+paintball-shop.sk, 1
+paintballer.co, 1
+paintbrush.ga, 1
+paintcolorsbysue.com, 1
+painted-designs.tk, 1
+painteddesertfrenchies.com, 1
+paintingindurban.co.za, 1
+paintingrepair.ga, 1
+paintlabcustom.com.br, 1
+paintpaina.com, 1
+paintprotectionfilm.store, 1
+paintscratch.com, 1
+paio2-rec.com, 1
+paipuman.jp, 1
+paireepinart.com, 1
+pairsclassifiedads.tk, 1
+paisa-dev.azurewebsites.net, 1
+paisleyandsparrow.com, 1
+paistation.ch, 1
+paivafernandes.com.br, 1
+pajadam.me, 1
+pajamka.com.ua, 1
+pajbot.de, 1
+pajobsite.com, 1
+pajuvuo.fi, 1
+pak-kazan.ru, 1
+pakal.org, 1
+pakaranggrek.com, 1
+paket.monster, 1
+paketbox-systems.at, 1
+paketverfolgung.info, 1
+paketwatch.de, 0
+paketwisataliburan.com, 1
+pakeystonesaves.gov, 1
+pakeystonescholars.gov, 1
+pakfactory.com, 1
+pakforces.tk, 1
+pakho.xyz, 1
+pakingas.lt, 1
+pakistan24.tk, 1
+pakistanblogger.tk, 1
+pakistanheadline.tk, 1
+pakistanichatzone.com, 1
+pakistanientertainers.ga, 1
+pakistanmusic.tk, 1
+pakistanpost.ga, 1
+pakitow.fr, 1
+pakjefooi.be, 1
+pakjefooi.com, 1
+pakjefooi.email, 1
+pakjefooi.eu, 1
+pakjefooi.net, 1
+pakjefooi.nl, 1
+pakjefooi.org, 1
+pakkibaat.tk, 1
+pakmarkas.lt, 1
+pakmedia.tk, 1
+paknetworking.org, 1
+pakostane-apartments.tk, 1
+pakpak.tk, 1
+pakpedia.pk, 1
+pakremit.com, 1
+paksui-ne.tk, 1
+palabr.as, 1
+palaceitalia.tk, 1
+paladin.wtf, 1
+paladini.tk, 1
+palaisfrance.com, 1
+palakkad.tk, 1
+palamaailmalta.fi, 1
+palant.info, 1
+palantir.com, 1
+palariviera.com, 1
+palatin.at, 1
+palatineil.gov, 1
+palationtrade.com, 1
+palatte.ml, 1
+palau-pizza.fr, 1
+palaubluetours.com, 1
+palavalbasket.it, 1
+palavatv.com, 1
+palawan.jp, 0
+palazzo.work, 1
+palazzofiano.it, 1
+palem.com, 1
+palenque.tk, 1
+paleo.io, 1
+paleodietfoodlist.com, 1
+paleodietrecipes.com, 1
+paleografie.tk, 1
+paleonora.tk, 1
+paleontologiadebagua.tk, 1
+paleoself.com, 1
+paleoso.com, 1
+paleosquawk.com, 1
+palermoantagonista.tk, 1
+palermofc.com, 1
+palermofilmfestival.tk, 1
+palermopride.it, 1
+palermotoday.it, 1
+paless-aless.by, 1
+palessit.com, 1
+palestra.roma.it, 1
+paletdecor.com.ua, 1
+palette26.com, 1
+paletten.tk, 1
+palfut.com, 1
+paliucuiciucci.tk, 1
+palladium46.com, 1
+palladiumprivate.com, 1
+pallavibhattdesigns.com, 1
+palletflow.com, 1
+palletsprojects.com, 0
+pallhed.se, 1
+palli.ch, 0
+palliativ-del.de, 1
+palmaprop.com, 1
+palmarinaestrada.com.br, 1
+palmatin.com, 1
+palmbayfl.gov, 1
+palmbeachbusinessbroker.com, 1
+palmbeachcounty-fl.gov, 1
+palmbeachcuisine.com, 1
+palmbeachelections.gov, 1
+palmbeachvotes.gov, 1
+palmcoast.gov, 1
+palmcoastbusinessnetwork.com, 1
+palmdesert.gov, 1
+palmedconsultants.com, 1
+palmedconsultants.org, 1
+palmen-apotheke.de, 1
+palmettogba.com, 1
+palmex.com, 1
+palmfan.com, 1
+palmiye.tk, 1
+palmlivingae.com, 1
+palmofinfinity.tk, 1
+palmyramo.gov, 1
+palner.eu, 1
+paloalto.gov, 1
+paloma.tk, 1
+palomalopez.tk, 1
+palomardisplays.com, 1
+palominorp.tk, 1
+palonhs.tk, 1
+palotahaz.hu, 1
+palpitediario.com.br, 1
+paltopro.com, 1
+pamajans.com, 0
+pamaniqu.nl, 1
+pamc.tk, 1
+pamiers-citoyenne.fr, 1
+pamlightdesign.com, 1
+pamm.tk, 1
+pamontecarloclub.tk, 1
+pamorana.net, 1
+pamsorel.co.za, 1
+pamukhaliyikama.net, 1
+pamvo.com, 1
+pan-lleveme.com, 1
+pan-portugal.com, 1
+pan.digital, 1
+pana4ucloud.ddns.net, 1
+panaceainfosec.com, 1
+panamacity.gov, 1
+panamacitypolice.gov, 1
+panamatravel.tk, 1
+panamatrippin.com, 1
+panamawebfactory.com, 1
+panangelium.tk, 1
+panasca.is, 1
+panascais.at, 1
+panascais.ch, 1
+panascais.co, 1
+panascais.com, 1
+panascais.cz, 1
+panascais.es, 1
+panascais.fi, 1
+panascais.fr, 1
+panascais.host, 1
+panascais.info, 1
+panascais.io, 1
+panascais.me, 1
+panascais.net, 1
+panascais.network, 1
+panascais.nl, 1
+panascais.org, 1
+panascais.pl, 1
+panascais.pt, 1
+panascais.pw, 1
+panascais.ru, 1
+panascais.site, 1
+panascais.tech, 1
+panascais.us, 1
+panascais.zone, 1
+panasproducciones.com, 1
+panaxis.biz, 1
+panaxis.ch, 1
+panaxis.li, 1
+pancake-world.com, 1
+pancake.gg, 1
+pancani.it, 1
+panchajanyafashions.com, 1
+panda-community.com, 1
+panda-craft.tk, 1
+panda-lang.net, 1
+panda-life.tk, 1
+panda.tf, 1
+pandababy.bg, 1
+pandacbd.com, 1
+pandadoc.com, 1
+pandahut.net, 1
+pandakid.tk, 1
+pandaltd.nl, 0
+pandamo.pl, 1
+pandamoto.fr, 1
+pandapsy.com, 1
+pandasilk.com, 1
+pandavpn.pro, 1
+pandavpnpro.com, 1
+pandelys.tk, 1
+pandemicflu.gov, 1
+pandemicoversight.gov, 1
+pandillatel.ml, 1
+pandit.tech, 1
+pandithaya.tk, 1
+pandjes.com, 1
+pandkonijn.nl, 1
+pandn-bulgaria.com, 1
+pando-market.com, 1
+pandora-prestige.ru, 1
+pandora-system.ru, 1
+pandora.com.tr, 1
+pandoramutiara.id, 1
+pandorarox.com, 1
+pandorrah.nl, 1
+pandorum.cf, 1
+panduan-hamil.tk, 1
+pandymic.com, 1
+pandys.org, 1
+panel-stroy.cf, 1
+panelbear.com, 1
+paneldewelopera.pl, 1
+paneldoorsolutions.com, 1
+paneldoorsolutions.de, 1
+panele-fotowoltaiczne.pl, 1
+paneljobsers.ga, 1
+panelsandwich.com, 1
+panetolikos.gr, 1
+paneu.de, 1
+panezai.tk, 1
+pang.ga, 1
+pangea-it.com, 1
+pangea.cloud, 1
+pangeaservices.com, 1
+panglobal.org, 1
+pangolin.exchange, 0
+pangoly.com, 1
+panhandleprairiewings.com, 1
+panhardclub.nl, 0
+panheelstraat.tk, 1
+panic-away.tk, 1
+panic.tk, 1
+panicroomgames.ch, 1
+panictours.tk, 1
+panier-legumes.bio, 1
+panierscadeauxinternationaux.com, 1
+paniigielka.pl, 1
+paniniamerica.net, 1
+panino.gr, 1
+paninohome.com, 1
+paniodpolskiego.eu, 1
+paniyanovska.ua, 1
+panjiva.com, 1
+pankiewiczlaw.com, 1
+pankoff.net, 1
+panlex.org, 1
+panmill.xyz, 1
+panmuseum.gr, 1
+panna-blues.tk, 1
+pannellisolari.roma.it, 1
+pannovate.com, 1
+pano-guru.com, 1
+pano.ie, 1
+panoramacambios.com, 1
+panoramahillhotel.com, 1
+panoramaphoto.cf, 1
+panoramica.tk, 1
+panoramique.tk, 1
+panoramiquesorganya.tk, 1
+panoramixbycallens.eu, 1
+panoramo.mx, 1
+panoraven.com, 1
+panorays.com, 1
+panoti.com, 0
+panpsychism.com, 1
+panpsychist.com, 1
+pansec.de, 1
+panser.dk, 1
+pansermuseet.com, 1
+pansermuseet.dk, 1
+pansermuseum.dk, 1
+pansino.net, 1
+pansion-differently.tk, 1
+pansionat-himik.ru, 1
+panskeet.xyz, 1
+pansys.de, 1
+panszelescik.pl, 1
+pantagraph.com, 1
+pantai.com.my, 0
+pantallanotebook.cl, 1
+pantallasyescenarios.com, 0
+pantas.com, 1
+pantera.tk, 1
+panthenolplus.co.uk, 1
+panthenolplus.com, 1
+pantheoncommunity.org, 1
+pantherage.co.uk, 1
+panthercitysand.com, 1
+pantherscore.com, 1
+panthi.lk, 1
+pantingly.tk, 1
+pantonshire.com, 1
+pantou.org, 0
+pantryjars.com, 1
+pants-off.xyz, 0
+pantsu.club, 1
+pantsuservice.tk, 1
+pantuflas.tk, 1
+pantypit.com, 1
+panwchi.com, 1
+panyajt.in.th, 1
+panzdravi.cz, 1
+panzer72.ru, 1
+panzers.tk, 1
+panzerwarmodsru.tk, 1
+pao.moe, 1
+paocaibang.net, 1
+paocloud.co.th, 1
+paolodemichele.it, 0
+paolomargari.tk, 1
+paolomarzano.com, 1
+paolomoriggia.com, 1
+paolotagliaferri.com, 1
+paotang.in.th, 1
+paoyou.ml, 1
+pap-pap.ga, 1
+pap.la, 0
+papa---mama.tk, 1
+papa-online.tk, 1
+papa-webzeit.de, 1
+papabrand.tk, 1
+papadoccaffe.pt, 1
+papadopoulos.me, 1
+papaimama.ru, 1
+papajohns.com.ec, 1
+papakarlohas.ru, 1
+papakarlotools.ru, 1
+papakatsu-life.com, 1
+papapa-members.club, 1
+paparazzie.de, 1
+paparazzo.net, 1
+paparoach-fans.ru, 1
+papascoffee.org, 1
+papastratosmazi.gr, 1
+papatest24.de, 1
+papattesstore.com, 1
+papaya.me.uk, 1
+papayapay.com, 1
+papayapythons.com, 1
+papelariaestacaodopapel.com.br, 1
+papelcraft.co.uk, 1
+papeleo.digital, 1
+papelisimo.es, 1
+paper-cutter.com, 1
+paper.sc, 1
+paper.wf, 1
+paperandpage.com, 1
+papercanyon.com, 1
+paperhoney.by, 1
+paperless.spdns.eu, 1
+papermuseum.jp, 1
+paperplus.com.au, 0
+paperpress.gq, 1
+papersmart.net, 1
+papersowl.com, 1
+papertracker.net, 1
+paperwallets.io, 1
+paperwork.co.za, 1
+paperwritinghelp.net, 1
+paperwritten.com, 1
+papgift.com, 1
+papierniak.net, 1
+papillegustative.com, 1
+papillon-events.be, 1
+papinido4ki.ru, 1
+papkinadochka.ru, 1
+papotage.net, 1
+papouille.ml, 1
+pappacoda.it, 1
+pappasappar.se, 1
+pappu.tk, 1
+papuzkija.pl, 1
+paqtam.com, 1
+par-allel.ru, 1
+parabellum-barakaldo.tk, 1
+parabolaeditorial.com.br, 1
+parabooking.com, 1
+paraborsa.net, 1
+paracels.tk, 1
+parachute.gov, 1
+parachute.live, 1
+parachutes.tk, 1
+parachuteteam.co.uk, 1
+paracomer.es, 1
+parade-nootdorp.nl, 1
+paradex.io, 1
+paradies-baar.ch, 1
+paradiesgirls.ch, 1
+paradigma-med.ru, 1
+paradigmas.tk, 1
+paradigmshift.com.pk, 1
+paradiscapacitados.site, 1
+paradise-engineer.com, 1
+paradise-engineering.com, 1
+paradise-travel.net, 1
+paradise-world.ml, 1
+paradiselost.com, 0
+paradisend.tk, 1
+paradiseprivatehospital.com, 1
+paradisestore.org, 1
+paradisetownshipmi.gov, 1
+paradisim.tk, 1
+paradisu.fr, 1
+paradopolis.com, 1
+paradoxdesigns.org, 1
+paradoxium.ml, 1
+paraelganzo.tk, 1
+parafarmacia.it, 1
+paragliding-lessons.com, 1
+paragonremodeling.com, 0
+paragonsigns.tk, 1
+paragontasarim.com, 1
+paragreen.net, 1
+paraguay.tk, 1
+parakazanmafikirleri.com, 1
+paralegaledu.org, 1
+paraleli.ge, 1
+parallel-creative.co.uk, 1
+parallel-worlds.tk, 1
+paralleum.cz, 1
+paraluman.be, 1
+paralysis.ga, 1
+paramapa.com.py, 1
+paramarq.com, 1
+paramascotas.vip, 1
+paramithicy.azurewebsites.net, 1
+paramithicy.com, 1
+paramloda.online, 1
+paramo-pineiro.tk, 1
+paramountbank.com, 1
+paramountdigitalcopy.com, 1
+paramusborough.gov, 1
+paranoid.is, 1
+paranoidandroid.co, 1
+paranoidandroid.tk, 1
+paranoidpengu.in, 1
+paranoidpenguin.net, 1
+paranormales.tk, 1
+paranoxer.hu, 1
+paranoxido.tk, 1
+parapenteciconia.tk, 1
+parapickgames.ga, 1
+paraplyen.tk, 1
+parapsihologia.tk, 1
+parareflex.fr, 1
+paras.tk, 1
+parasatria.tk, 1
+paraserviceco.com, 1
+parasgroupindia.com, 1
+parasitologyclub.org, 1
+parasomnia.tk, 1
+parastaran.tk, 1
+parasympathy.com, 1
+paratlan.hu, 1
+paratlantalalkozas.hu, 1
+parattusdecora.com.br, 1
+paratupelo.com.es, 1
+paratxt.org, 1
+paraverse.tk, 1
+parazyd.cf, 1
+parcare.at, 1
+parcare.be, 1
+parcare.es, 1
+parcare.fr, 1
+parcare.nl, 1
+parcbotanique.com, 1
+parcelauditpartners.com, 1
+parceltrackr.com, 1
+parcelup.com, 1
+parcely.online, 1
+parchcraftaustralia.com, 1
+parcheggi-firenze.it, 1
+parcheggio-aeroportofiumicino.it, 1
+parcheggio-aeroportomalpensa.it, 1
+parckwart.de, 1
+parcoursup-nouvelle-caledonie.fr, 1
+parcoursup.fr, 1
+pardal.tk, 1
+pardanaud.com, 1
+pardnoy.com, 1
+paredesdecoura.pt, 0
+paregion13.gov, 1
+parejaideal.es, 1
+parelectric.com, 1
+parelweb.nl, 1
+paremedical.au, 1
+paremvasi.net, 1
+parentelement.com, 1
+parenthood.guide, 1
+parentingplaydough.tk, 1
+parentinterview.com, 1
+parentpayments.com.au, 1
+parents-as-allies.com, 1
+parentsandzebrasunited.com, 1
+parentsguidetotheworld.com, 1
+parentsintouch.co.uk, 1
+parentsmaster.com, 1
+parenttheirpassion.com, 1
+pareshukuk.com, 1
+paretoit.com, 1
+paretorule.cf, 1
+parfum-best.ml, 1
+parfumer.tk, 1
+parfumi-eu.com, 1
+parfumi.tk, 1
+parfumtester-100.ml, 1
+parhelionaerospace.com, 1
+pari-match-betting.com, 1
+pari-match.in, 1
+pari-vinci.org, 1
+pari.cz, 1
+paribus.io, 1
+parichadrelax.se, 1
+parideal.com, 1
+parideal.de, 1
+paridokhtmoshkzad.com, 1
+paridurable.com, 1
+parikmaxeru.tk, 1
+parimatch-best.com, 1
+parimatch-betting.com, 1
+parimatch-chance.com, 1
+parimatch-email.com, 1
+parimatch-live.com, 1
+parimatch-play.com, 1
+parimatch-plus.com, 1
+parimatch-sport.com, 1
+parimatch-sports.com, 1
+parimatch-world.com, 1
+parimatch.co.tz, 1
+parimatch.com, 1
+parimatch.in, 1
+parimatch.kz, 1
+parimatch.net, 1
+parimatch.tj, 1
+parimatch8.com, 1
+parimatchgo.com, 1
+parimatchlive.com, 1
+parimatchsports.com, 1
+parimatchtop.com, 1
+parina.vn, 1
+parinc.com, 1
+pario.li, 1
+paripesa.com, 1
+paripesa.ng, 1
+paris-elysees.com, 0
+paris-luttes.info, 1
+paris.edu, 1
+parisa-panahi.com, 1
+parisackerman.com, 1
+parisbesttravel.com, 1
+parisdeluxxxe.com, 1
+parisdimitriou.com, 1
+parisdomino.tk, 1
+parisescortgirls.com, 1
+parisfranceparking.com, 1
+parisfranceparking.de, 1
+parisfranceparking.fr, 1
+parisfranceparking.nl, 1
+parishoftheholycross.org, 1
+parishome.jp, 1
+parismalleg.com, 1
+parisportif.tv, 1
+parissportifs.com, 1
+pariu.online, 0
+parizhanka.tk, 1
+park-trek.com, 1
+parkable.com, 1
+parkairecrossing.com, 1
+parkbee.com.br, 1
+parkcare.at, 1
+parkcare.be, 1
+parkcare.co.uk, 1
+parkcare.es, 1
+parkcare.fr, 1
+parkcare.it, 1
+parkcare.nl, 1
+parkcare.pt, 1
+parkcheap.nl, 1
+parkcitycu.org, 1
+parkcounty-wy.gov, 1
+parkcountyco.gov, 1
+parkcountysheriff-wy.gov, 1
+parked-domain.net, 1
+parkeer.nl, 1
+parkeerserviceboxtel.nl, 1
+parkefficient.de, 1
+parken-duesseldorfflughafen.de, 1
+parken-flughafenamsterdam.de, 1
+parken-flughafenbremen.de, 1
+parken-flughafendortmund.de, 1
+parken-flughafendresden.de, 1
+parken-flughafeneindhoven.de, 1
+parken-flughafenfrankfurt.de, 1
+parken-flughafenhahn.de, 1
+parken-flughafenhannover.de, 1
+parken-flughafenkoeln.de, 1
+parken-flughafennuernberg.de, 1
+parken-flughafenstuttgart.de, 1
+parken-flughafentegel.de, 1
+parken-flughafenweeze.de, 1
+parken-hamburgflughafen.de, 1
+parken-leipzigflughafen.de, 1
+parkenamflughafen.de, 1
+parkenflughafen-muenchen.de, 1
+parkenflughafenbrandenburg.de, 1
+parkenflughafenlelystad.de, 1
+parker-pllc.com, 1
+parkerco.gov, 1
+parkercs.cf, 1
+parkercs.ga, 1
+parkercs.gq, 1
+parkercs.ml, 1
+parkercs.tech, 1
+parkercs.tk, 1
+parkeren.in, 1
+parkerenamsterdamcentrum.nl, 1
+parkerenbremen-airport.nl, 1
+parkerenbrussel-airport.nl, 1
+parkerencharleroi-airport.nl, 1
+parkerendusseldorf-airport.nl, 1
+parkereneindhoven-airport.nl, 1
+parkerenfrankfurt-airport.nl, 1
+parkerengroningen-airport.nl, 1
+parkerenhahn-airport.nl, 1
+parkerenkeulen-airport.nl, 1
+parkerenlelystad-airport.nl, 1
+parkerenrotterdam-airport.nl, 1
+parkerenrotterdamcentrum.nl, 1
+parkerenschiphol-airport.nl, 1
+parkerenutrechtcentrum.nl, 1
+parkerenweeze-airport.nl, 1
+parkerforum.cf, 1
+parkerforum.tk, 1
+parkers.cf, 1
+parkers.ga, 1
+parkers.gq, 1
+parkers.ml, 1
+parkers.tk, 1
+parkersweeper.com, 1
+parket.gq, 1
+parketsn.ru, 0
+parking-aeropuertomadrid.es, 1
+parking-roissycharlesdegaulle.fr, 1
+parkingaeroport-beauvais.fr, 1
+parkingaeroport-bordeaux.fr, 1
+parkingaeroport-charleroi.be, 1
+parkingaeroport-marseille.fr, 1
+parkingaeroport-nantes.fr, 1
+parkingaeroport-nice.fr, 1
+parkingaeroport-orly.fr, 1
+parkingaeroport-zaventem.be, 1
+parkingaeropuerto-alicante.es, 1
+parkingaeropuerto-barcelona.es, 1
+parkingaeropuerto-bilbao.es, 1
+parkingaeropuerto-malaga.es, 1
+parkingaeropuerto-santander.es, 1
+parkingaeropuerto-sevilla.es, 1
+parkingaeropuerto-valencia.es, 1
+parkingcheap.co.uk, 1
+parkinggaragecleaningchicago.com, 1
+parkinggaragepressurewashingchicago.com, 1
+parkinginparis.fr, 1
+parkingmasters.be, 1
+parkingparisnord.fr, 1
+parkinsons.tk, 1
+parkmycloud.com, 1
+parkofnations.com, 1
+parkos.com, 1
+parkos.de, 1
+parkos.it, 1
+parkos.nl, 1
+parkplus.in.ua, 0
+parkr.io, 0
+parkrangeredu.org, 1
+parkrunstats.servehttp.com, 1
+parkscandles.com, 1
+parkseed.com, 1
+parksi.top, 1
+parkstonegp.com, 1
+parkstreet.com, 1
+parksubaruoemparts.com, 1
+parktownpatrols.co.za, 1
+parktraum.com, 1
+parkvetgroup.com, 1
+parkviewmotorcompany.com, 1
+parkwayminyan.org, 1
+parkweiher.koeln, 1
+parkwhiz.com, 1
+parlakjurnal.com, 1
+parlament.cf, 1
+parlamento.gub.uy, 1
+parlamentum.com.br, 1
+parleamonluc.fr, 1
+parleu2016.nl, 1
+parleur.net, 1
+parmartecultura.it, 1
+parmatoday.it, 1
+parmels.com.br, 1
+parmoli.tk, 1
+parnassys.net, 1
+parniplus.com, 1
+parnizaziteksasko.cz, 1
+paroisses-theix-surzur.com, 1
+parokia.hu, 1
+parolededieu.org, 1
+paroli.pl, 1
+parolu.io, 1
+paronubi.com, 1
+parool.nl, 1
+parovozov.ga, 1
+paroxetine.gq, 1
+parperfeito.pt, 1
+parpharm.com, 1
+parque-batlle.tk, 1
+parquebatlle.tk, 1
+parquestejo.pt, 1
+parquettista.milano.it, 1
+parquettista.roma.it, 1
+parquettisti.roma.it, 1
+parratennis.com.au, 1
+parrocchiadimeana.tk, 1
+parrocchiamontevecchia.it, 1
+parroquiacorazondemaria.tk, 1
+parroquiadesanlesmes.tk, 1
+parrotbook.cf, 1
+parry.org, 1
+pars.work, 1
+parsdev.com, 0
+parsec.app, 1
+parsemail.org, 1
+parser.nu, 1
+parsi.com, 1
+parsify.eu, 1
+parsiko.com, 1
+parsonsfamilyhomes.com, 1
+parsonspdks.gov, 1
+parsuv.ir, 1
+part-of-that-world.com, 1
+part.la, 1
+partage.ovh, 1
+parteaga.com, 1
+parteaga.net, 1
+partechshaker.com, 1
+partecipa.tn.it, 1
+partedmagic.com, 1
+partenopei.net, 1
+parthkolekar.me, 1
+parthuisot.fr, 1
+particle-vision.ch, 1
+particles.cf, 1
+particleslam.com, 1
+partido-libertario.tk, 1
+partidolibertario.tk, 1
+partiellkorrekt.de, 1
+partigetir.com, 1
+partigoldendoodle.com, 1
+partii.tk, 1
+partijtjevoordevrijheid.nl, 0
+partijvoordedieren.nl, 1
+partin.nl, 0
+partiono.com, 1
+partir-en-livre.fr, 1
+partisaani.com, 1
+partisan-berlin.tk, 1
+partituras.tk, 1
+partner-compensation.com, 1
+partner-finden.tk, 1
+partnerbeam.com, 1
+partnerchik.tk, 1
+partnerforex.tk, 1
+partnermobil.de, 1
+partnerobzor.tk, 1
+partnerportal.io, 1
+partners1xbet.com, 1
+partners1xbit.com, 1
+partners1xslot.com, 1
+partners1xslots.com, 1
+partners4results.net, 1
+partnersbiz.com, 1
+partnersofprc.com, 1
+partnertaxhub.com, 1
+partnerwerk.de, 0
+partofthequeue.cf, 1
+partofthequeue.ga, 1
+partofthequeue.gq, 1
+partofthequeue.ml, 1
+parts4phone.com, 0
+partsandmotorcycles.com, 1
+partsandscore.com, 1
+partsavto.tk, 1
+partsbox.com, 1
+partsbox.io, 1
+partscov.ga, 1
+partscov.gq, 1
+partsdost.com, 1
+partsestore.com, 1
+partsgeek.com, 1
+partsguysusa.com, 1
+partsinstock.com, 1
+partsworld.bg, 1
+partusedtyres.net, 1
+party-kneipe-bar.com, 1
+party-time-inflatables-durham.co.uk, 1
+partyaccommodationsers.ga, 1
+partyaccommodationsest.ga, 1
+partyausstatter24.de, 1
+partyclub.tk, 1
+partycoin.ga, 1
+partyevents.tk, 1
+partygangsta.de, 1
+partyhireliverpool.co.uk, 1
+partykanal.cz, 1
+partymat.de, 1
+partymusikband.de, 1
+partypearl.de, 1
+partypeeps.tk, 1
+partyphoto.tk, 1
+partyrocksbounce.co.uk, 1
+partyschnaps.com, 1
+partyshop.ge, 1
+partytimeltd.ie, 1
+partywithunicorns.com, 1
+partyyy.io, 1
+partyzone.ie, 1
+paru-design.com, 1
+parvaneh.fr, 1
+parys.org, 1
+pasabahcemagazalari.com, 1
+pasadena.gov, 1
+pasadenapooch.org, 1
+pasarella.eu, 1
+pascal-bourhis.com, 1
+pascal-ua.tk, 1
+pascal-wittmann.de, 1
+pascalchristen.ch, 1
+pascalgames.tk, 1
+pascalhargarter.de, 1
+pascaline-jouis.fr, 1
+pascalleguern.com, 1
+paschmid.ch, 1
+pascoaselecta.com, 1
+pascocountyfl.gov, 1
+pascoflcorrections.gov, 1
+pascopresents.com, 1
+pascosheriff.com, 1
+pascovotes.gov, 1
+pascualberniz.tk, 1
+pascualinmuebles.com, 1
+pasearch.nl, 1
+paseka-putilinyh.ru, 1
+paseodelariviera.com, 1
+pashminacachemire.com, 1
+pasito.se, 1
+paslc.gov, 1
+paslerfilm.de, 1
+pasnederland.tk, 1
+pasnine.my.id, 1
+pasportaservo.org, 1
+pasquinelli-truebag.ch, 1
+pass-jobcoaching.nl, 1
+passa.org, 1
+passabook.com, 1
+passau-webdesign.com, 1
+passbolt.com, 1
+passedport.eu, 1
+passedport.net, 1
+passedport.org, 1
+passegginieculle.it, 1
+passendonderwijs.nl, 0
+passengertravelportal.com, 1
+passer.ga, 1
+passer.tk, 1
+passfilesafe.com, 1
+passfindr.com, 1
+passfoto-deinfoto.ch, 1
+passgator.com, 1
+passieposse.nl, 1
+passinggrade.co.id, 1
+passion-billard.fr, 1
+passion-net.fr, 1
+passionatefoodie.co.uk, 1
+passionatehorsemanship.com, 1
+passionatelife.com.au, 1
+passiondesigns.web.id, 1
+passionebenessere.com, 1
+passionegriglia.com, 1
+passionforbusiness.com, 1
+passionpictures.eu, 1
+passions-art.com, 1
+passiton.com, 1
+passive-work.gq, 1
+passivebook.com, 1
+passiveseinkommen.tk, 1
+passivhaus.tk, 1
+passky.org, 1
+passover-fun.com, 1
+passphrase.today, 1
+passport.yandex.ua, 1
+passportapproved.com, 1
+passportcorporate.com, 1
+passports.govt.nz, 1
+passporttrails.com, 1
+passportunlimited.com, 1
+passrhce.com, 1
+passrhcsa.com, 1
+passthrough.com, 1
+passumpsicbank.com, 1
+passvanille-reservation.fr, 1
+passvau.lt, 1
+passware.com, 1
+passwd.one, 1
+passwd.org, 1
+passwizard.com, 1
+password-checker.de, 1
+password.codes, 1
+password.consulting, 1
+passwordgenerator.ml, 1
+passwordlist.io, 0
+passwords.google.com, 1
+passwordsapp.org, 1
+passwordscon.com, 1
+passwordscon.org, 1
+passwordsecurity.info, 1
+passwordsheeters.ga, 1
+passwordsheetest.ga, 1
+passwordsleakcheck-pa.googleapis.com, 1
+passworks.io, 1
+pasta-factory.co.il, 1
+pastaenprosecco.nl, 1
+pastaroomers.ga, 1
+pastaroomest.ga, 1
+paste.fedoraproject.org, 1
+paste.gg, 1
+paste.rodeo, 1
+paste.to, 1
+pastebin.bet, 1
+pastebin.run, 1
+pasteblin.com, 1
+pasteht.ml, 1
+pasteleriaparaperrosygatos.mx, 1
+pastelpixels.studio, 1
+pasternok.org, 1
+pasteros.io, 1
+pastetot.com, 1
+pasteworks.com, 1
+pasticceria.milano.it, 1
+pasticcerialorenzetti.com, 1
+pasticceriaveneziana.ga, 1
+pastillased.gq, 1
+pastinfluences.com.au, 1
+pastorbelgagroenendael.com.br, 1
+pastorcanadense.com.br, 1
+pastordocaucaso.com.br, 1
+pastorello.cf, 1
+pastorello.ga, 1
+pastorello.gq, 1
+pastori-kollegen.de, 1
+pastorluciano.tk, 1
+pastormaremanoabruzes.com.br, 1
+pastorsline.com, 1
+pastorsuico.com.br, 1
+pastry.network, 1
+pastrybakerymachinery.com, 1
+pasugo.tk, 1
+pasyta.gr, 1
+paszkowski.tk, 1
+patagonie.fr, 1
+patagosfm.tk, 1
+patalie.cz, 0
+patalie.sk, 0
+patanegra-jambon.fr, 1
+patanegra-prosciutto.it, 1
+patanegra-schinken.ch, 1
+patanegra-schinken.de, 1
+patapwn.com, 1
+patatbesteld.nl, 1
+patbatesremodeling.com, 0
+patchassociates.com, 1
+patchduty.com, 1
+patchli.fr, 1
+patchofabsence.com, 1
+patchstack.com, 0
+patchyvideo.com, 1
+patdorf.com, 1
+patechmasters.com, 1
+patel.sh, 1
+patelheaters.com, 1
+patent-motorowodny.pl, 1
+patent-sternika.pl, 1
+patentados.com, 1
+patentmanufaktur.video, 1
+patentpanelers.ga, 1
+patentpanelest.ga, 1
+patentu.ga, 1
+patentverwag.com, 1
+paterno-gaming.com, 1
+patersonpdnj.gov, 1
+patguzmanconstruction.com, 1
+pathfinderbank.com, 1
+pathfindergeo.com, 1
+pathofexile2.com, 1
+pathogen.nl, 1
+pathologie-dna.nl, 1
+pathsaversers.ga, 1
+pathsaversest.ga, 1
+pathsha.re, 1
+pathwayscenterforgrief.org, 1
+pathwayscenterforgriefandloss.org, 1
+pathwaysthroughgrief.org, 1
+pathwaytofaith.com, 1
+patience.nl, 1
+patient.info, 1
+patientenverfuegung.digital, 1
+patientup.com, 1
+patientys.com, 1
+patiga.ga, 1
+patikabiztositas.hu, 1
+patikakristaly.hu, 1
+patin.cf, 1
+patineteselectricosbaratos.net, 1
+patioboreal.ca, 1
+patioroof.cf, 1
+patiosheders.ga, 1
+patioshedest.ga, 1
+patkiout.gr, 1
+patlis.com, 1
+patmanx.tk, 1
+patmos.tech, 1
+patorganiser.co.uk, 1
+patorganiser.com, 1
+patorganiser.com.au, 1
+patpat.com, 1
+patralos.at, 0
+patri.fr, 1
+patric-lenhart.de, 1
+patrice-carriere.tk, 1
+patriceonline.tk, 1
+patricia-lackovic.from.hr, 1
+patriciadelamora.tk, 1
+patriciakraken.at, 1
+patriciaramos.pt, 1
+patriciaroy.co, 1
+patrick-omland.eu, 1
+patrick-robrecht.de, 1
+patrick.dark.name, 1
+patrick.my-gateway.de, 1
+patrick21.ch, 1
+patrickaudley.ca, 1
+patrickaudley.com, 1
+patrickbusch.net, 1
+patrickcontainerrotator.ga, 1
+patrickdankers.nl, 1
+patrickhoefler.net, 1
+patrickpeeters.com, 1
+patrikjohan.cf, 1
+patrikjohan.ga, 1
+patrikjohan.gq, 1
+patrikjohan.tk, 1
+patriksima.cz, 1
+patrikzk.eu, 1
+patrina-bukoting.my.id, 0
+patriotbearingsupply.com, 1
+patriotcs.tk, 1
+patriotsaustralia.com, 1
+patriquefashion.tk, 1
+patris-querre.com, 1
+patrisnews.com, 1
+patrocinio.com.br, 1
+patrogers.org, 1
+patrovic.com, 1
+patrycjamichera.com, 1
+patryk.cf, 1
+patrz.eu, 1
+patservicecenter.com, 1
+patsytoforyou.ch, 0
+pattanath.com, 1
+pattayafruitgarden.tk, 1
+pattayawebservices.com, 1
+patterico.com, 1
+pattern.com, 1
+pattersonca.gov, 1
+pattoes.ga, 1
+pattonfanatic.com, 1
+pattuka.com, 1
+pattyboobs.net, 1
+pattyliao.com, 1
+pauct.com, 1
+paudley.ca, 1
+paudley.com, 1
+paudley.org, 1
+pauk.at, 1
+paul-barton.co.uk, 1
+paul-online.tech, 1
+paul-sitarz.com, 1
+paul-zhang.de, 1
+paul.media, 1
+paul.reviews, 1
+paulahot.tk, 1
+paulandmadge.com, 1
+paulanet.tk, 1
+paulasilvasvensson.eu, 1
+paulbaily.com, 1
+paulborza.com, 1
+paulbramhall.uk, 1
+paulbrown.ddns.net, 1
+paulc-themovie.com, 1
+paulcamper.com, 1
+paulcamper.de, 1
+paulchua.tk, 1
+paulcloud.fr, 1
+paulcoldren.org, 1
+pauld.codes, 1
+pauldeconinck.tk, 1
+paulfc.com, 1
+paulgerberrealtors.com, 1
+paulgo.io, 1
+paulhacker.com, 1
+paulharrisoncars.com, 1
+paulibean.tk, 1
+paulinaschubert.net, 1
+paulini.ga, 1
+pauliuspiecius.com, 1
+pauljackson.ga, 1
+pauljamesblinds.co.uk, 1
+pauljmartinez.com, 1
+pauljonathan.dk, 1
+pauljrowland.co.uk, 1
+pauljzak.com, 1
+paullockaby.com, 1
+paullovestugba.nl, 1
+paulmarc.org, 1
+paulmarvin.tk, 1
+pauloalcalde.co, 1
+pauloalcalde.com, 1
+pauloalcobianeves.pt, 1
+paulober.eu, 1
+pauloboer.nl, 1
+paulocolacino.tk, 1
+paulogarcia.tk, 1
+pauloneto.eu, 1
+paulopaiva.com.br, 1
+paulopeters.com.br, 1
+paulorochago.com.br, 1
+paulov.com, 1
+paulov.info, 1
+paulov.ru, 1
+paulrainesjr.com, 1
+paulrobertlloyd.com, 1
+paulromer.net, 1
+paulrotter.de, 1
+paulrowland.co.uk, 1
+paulrudge.codes, 1
+paulschreiber.com, 1
+paulscustomauto.com, 1
+paulshir.com, 1
+paulshir.is, 1
+paulsitarz.com, 1
+paulsnar.lv, 1
+paulswartz.net, 1
+paultonspark.co.uk, 1
+paulus-foto.pl, 1
+paulus.cloud, 1
+paulw.io, 1
+paulward.net, 1
+paulwatabe.com, 1
+paulwatler.co.uk, 1
+paulwendelboe.com, 1
+paulwilhelm.de, 1
+pauly-stahlhandel.com, 1
+pauly-stahlhandel.de, 1
+paulzen.me, 1
+pausado.com, 1
+pausewhenagitated.com, 1
+pautadiaria.com, 1
+pavajebucovina.ro, 1
+pavamtio.cz, 1
+pavando.com, 0
+pavcomm.com, 1
+pavel.cc, 1
+paveldesign.tk, 1
+pavelfojt.cz, 1
+pavelfucik.com, 1
+pavelfucik.cz, 1
+pavelfucik.eu, 1
+pavelich.com, 1
+pavelitus.tk, 1
+paveljanda.com, 1
+pavelrebrov.com, 1
+pavelstriz.cz, 1
+paven.io, 0
+pavernosmatao.tk, 1
+paviliontwpmi.gov, 1
+pavingtiles.tk, 1
+pavitrajyotish.com, 0
+pavlecic.de, 1
+pavlic.se, 1
+pavlov-ledec.cz, 1
+pavlova.es, 1
+paw.cloud, 1
+paw.net.pl, 1
+paw.pt, 1
+pawafuru.com, 0
+pawapuro.ga, 1
+pawapuro.tk, 1
+pawchewgo.com, 1
+pawealthmanagement.com, 1
+pawel-international.com, 1
+pawelgo.pl, 1
+pawelnazaruk.com, 1
+pawelurbanek.com, 1
+pawelurbanski.com, 1
+pawgearlab.com, 1
+pawneecountyne.gov, 1
+pawnsoft.tk, 1
+pawp.com, 1
+pawpatrol.tk, 1
+pawpawtownshipmi.gov, 1
+pawserv.pw, 1
+pawsitiv.space, 1
+pawson.tk, 1
+pawspetwear.com.au, 1
+pawsr.us, 1
+pawsru.org, 1
+pawtraitcaptures.com.au, 1
+paxerahealth.com, 1
+paxwinkel.nl, 1
+pay-online.in, 1
+pay.accountant, 1
+pay.apartments, 1
+pay.basketball, 1
+pay.business, 1
+pay.catering, 1
+pay.cleaning, 1
+pay.condos, 1
+pay.contractors, 1
+pay.dentist, 1
+pay.dog, 1
+pay.equipment, 1
+pay.faith, 1
+pay.football, 1
+pay.gallery, 1
+pay.gov, 0
+pay.hockey, 1
+pay.im, 1
+pay.lawyer, 1
+pay.mg, 0
+pay.photography, 1
+pay.plumbing, 1
+pay.rent, 1
+pay.repair, 1
+pay.sb, 1
+pay.school, 1
+pay.storage, 1
+pay.surf, 1
+pay.tennis, 1
+pay.ubuntu.com, 1
+pay.university, 1
+pay.wedding, 1
+pay2keep.com, 1
+pay8522.com, 1
+paya.cat, 1
+payam.co.nz, 1
+payam.com.au, 1
+payat.io, 1
+paybackfx.com, 1
+payblog.org, 1
+payboy.biz, 1
+payboy.click, 1
+payboy.rocks, 1
+paybro.eu, 1
+paycardtech.com, 1
+paycentre.com, 1
+paycore.com, 1
+paycore.io, 1
+paydepot.com, 1
+paydigital.pt, 1
+paydoor9.com, 1
+payeasy.tech, 1
+payfare.com, 1
+payfazz.com, 1
+payforpeople.nl, 1
+paygvpn.com, 1
+payhub.jp, 1
+payjunction.com, 1
+payjunctionlabs.com, 1
+paykings.com, 1
+paylabs.co.id, 1
+paylessclinicers.ga, 1
+paylessclinicest.ga, 1
+paylessmealsers.ga, 1
+paylessmealsest.ga, 1
+paylesstyres.com.au, 1
+paylike.io, 1
+paylike.se, 1
+payload.ca, 1
+paylocal.net, 0
+payme.io, 1
+payme.uz, 1
+payment-express.net, 1
+payment-network.com, 0
+payment.vet, 1
+paymentaccuracy.gov, 1
+paymentjs.com, 1
+payments.google.com, 1
+paymentworks.com, 1
+paymeservice.com, 1
+paymongo.com, 1
+paymongo.help, 1
+paymore.org, 1
+paymyphysician.com, 1
+paynexpay.com, 1
+paynuity.com, 1
+payonline-api.xyz, 1
+paypac.com.au, 1
+paypal.com, 1
+paypal.gift, 1
+paypaq.com, 1
+paypcns.co.uk, 1
+paypod.org, 1
+paypro.nl, 0
+payproglobal.com, 0
+payps.ru, 1
+payraise.us, 1
+payriff.com, 1
+payroll.ch, 0
+payroll.myftp.org, 1
+payrollhr.be, 1
+paysap.bt, 1
+paysbuy.com, 1
+paysbuy.net, 1
+paysbuy.org, 1
+paysensei.com, 1
+paysera.com, 1
+paysera.ee, 1
+paysera.lt, 1
+payservices.com, 1
+paysitesreviews.net, 1
+payskins.xyz, 1
+payslipview.com, 1
+paysoft.com, 1
+paysomeonetodomyonlineclasses.com, 1
+payspace.com, 1
+paystack.com, 1
+paystarkagency.com, 1
+paysys.jp, 1
+paytm.in, 1
+paytowriteessays.net, 1
+payu.com, 1
+payufin.in, 1
+payupay.ru, 1
+payvalida.com, 1
+paywait.com, 1
+payward.com, 1
+payzang.com, 1
+pazarlab.com, 1
+pazescomoingles.com.br, 1
+pazyarmonia.tk, 1
+pb-design.ch, 1
+pb-eatz.com, 1
+pb.ax, 0
+pba.org.uk, 1
+pback.se, 1
+pbbm.com.ph, 1
+pbc.gov, 1
+pbcables.tk, 1
+pbcknd.ml, 1
+pbcpao.gov, 1
+pbdigital.org, 0
+pbern.xyz, 1
+pbest.tk, 1
+pbgfl.gov, 1
+pbhs.co.uk, 1
+pbiexplorer.com, 1
+pbla.biz, 1
+pbmdiscounter.nl, 1
+pbo.vic.gov.au, 1
+pborn.eu, 1
+pbourhis.me, 1
+pbpe.tv, 1
+pbqs.site, 1
+pbr.so, 1
+pbraunschdash.com, 1
+pbrb.gov, 1
+pbrumby.com, 1
+pbsrmoto.com.au, 1
+pbsuite.com, 1
+pbwebdev.com, 1
+pbz.im, 1
+pc-center.tk, 1
+pc-mac.de, 1
+pc-master.pl, 1
+pc-pharma.com, 1
+pc-porady.pl, 1
+pc-remont.tk, 1
+pc-servis-brno.com, 1
+pc-soft.gq, 1
+pc-soft.tk, 1
+pc-stuff.tk, 1
+pc-taskal.net, 1
+pc-tech.ga, 1
+pc-tweak.de, 1
+pc-warriors.com, 1
+pc.domains, 1
+pc28yc.com, 1
+pc94666.com, 1
+pcah.gov, 1
+pcast.gov, 1
+pcbarchitect.com, 1
+pcbfl.gov, 1
+pcbmarketing.gq, 1
+pcbmodel.com, 1
+pcbny.com, 1
+pcbooks.in, 1
+pcbricole.fr, 1
+pcbuildinggr.com, 1
+pccartel.com, 1
+pccc.co.za, 1
+pccdal.gov, 1
+pccegoa.org, 1
+pccomc.tk, 1
+pcdekegel.nl, 1
+pcdocjim.com, 1
+pcdomain.com, 1
+pcdroid.ga, 1
+pcdroid.tk, 1
+pcel.com, 1
+pcengines.com.au, 1
+pcexpress.tk, 1
+pcf-frankfurt.de, 1
+pcf.com, 1
+pcfdut.gov, 1
+pcfiles.ga, 1
+pcfunder.co.uk, 1
+pcgalleries.com, 1
+pcgamemc.com, 1
+pcgamingfreaks.at, 1
+pcgverademo.com, 1
+pchan.is, 1
+pchancs.com, 1
+pchelpforum.net, 1
+pci-e.net, 1
+pci4.org, 1
+pcie.ac, 1
+pcipal.com, 1
+pcisecuritystandards.org, 1
+pcissc.org, 1
+pckartel.biz, 1
+pckurzypd.sk, 1
+pclgroup.co.nz, 1
+pclicensekeys.com, 1
+pcloud.com, 1
+pclyst.com, 1
+pcmania.tk, 1
+pcmaw.com, 1
+pcminsk.by, 1
+pcmkrembangan.or.id, 1
+pcmobile.tech, 1
+pcmr.info, 1
+pcmr.rocks, 1
+pcmscientific.com, 1
+pcnaid.com, 1
+pcnetinc.com, 1
+pcnewsoft.tk, 1
+pcnotdienst-oldenburg-rastede.de, 1
+pcpao.gov, 1
+pcpasokh.ir, 1
+pcpirates.tk, 1
+pcplaza.tk, 1
+pcprkolo.pl, 1
+pcproblem.tk, 1
+pcpromaroc.ma, 1
+pcpuhastaja.tk, 1
+pcrab.ml, 1
+pcrecovery.ga, 1
+pcrobot.cz, 1
+pcrypt.org, 1
+pcsafe.cf, 1
+pcsbrasil.ml, 1
+pcscotus.gov, 1
+pcsetting.com, 1
+pcsoft.fr, 1
+pcsolutionsofwillis.ga, 1
+pcsolutionsofwillis.gq, 1
+pcsremodel.com, 1
+pcstoronto.ca, 1
+pcsuniverse.ga, 1
+pcsx2.net, 1
+pcsystem.co.uk, 1
+pctelecom.cf, 1
+pctelecom.ga, 1
+pctelecom.gq, 1
+pctelecom.ml, 1
+pctips.cf, 1
+pctips.gq, 1
+pctips.tk, 1
+pctonic.net, 1
+pctravel.ca, 1
+pctronicks.tk, 1
+pctrouble.net, 1
+pcunddruckerservice.de, 1
+pcunderground.com.ar, 1
+pcvalueservices.com.au, 1
+pcvirusclear.com, 1
+pcw.gov.ph, 1
+pcwdevtwebsite.azurewebsites.net, 1
+pcwiz2u.com, 1
+pcworld.pl, 1
+pcxserver.com, 1
+pd1rnt.nl, 1
+pdamerica.org, 1
+pdavislawgroup.com, 1
+pdax.ph, 1
+pdbj.org, 1
+pderas.com, 1
+pdf-archive.com, 0
+pdf-tool.fr, 1
+pdf.io, 1
+pdfbear.com, 1
+pdfbook-dl.ml, 1
+pdfbooksonline.gq, 1
+pdfchef.com, 1
+pdfconvert.me, 1
+pdfflier.cf, 1
+pdfget.com, 1
+pdfko.com, 1
+pdflip.cf, 1
+pdfmanga.tk, 1
+pdfmint.com, 1
+pdfpassword.org, 1
+pdfpasswort.de, 1
+pdfpedia.cf, 1
+pdfprostore.cf, 1
+pdfquran.tk, 1
+pdfresizer.com, 1
+pdfsearches.com, 1
+pdfsheeters.ga, 1
+pdfsheetest.ga, 1
+pdihc.com, 1
+pdkrawczyk.com, 1
+pdmonroewi.gov, 1
+pdox.net, 1
+pdpa.ai, 1
+pds.police.uk, 1
+pdsk.ch, 1
+pdsports.network, 1
+pdtech.ltd, 1
+pdtppfl.gov, 1
+pdvault.co, 1
+pe-bank.jp, 1
+pe-netz.de, 1
+pe-portal.de, 1
+pe.search.yahoo.com, 0
+peabodytile.com, 1
+peace-is-possible.net, 1
+peaceandjava.com, 1
+peaceandwool.com, 0
+peacedivorce.com, 1
+peaceexpoers.ga, 1
+peaceexpoest.ga, 1
+peacefulrock.com, 1
+peaceispossible.cc, 1
+peacekeeper.tk, 1
+peacepiperanch.com, 1
+peacetourco.cf, 1
+peacewiththewild.co.uk, 1
+peachbuildingproducts.com, 1
+peachesandchampagne.com, 1
+peachstateaesthetics.com, 1
+peacock.onl, 1
+peacockn.com, 1
+peaici.fr, 1
+peak-careers.com, 1
+peakd.com, 1
+peakhillre.ga, 1
+peakperformance.hr, 1
+peaksalesrecruiting.com, 1
+peakseoservices.co.uk, 1
+peaksloth.com, 1
+peaksports.com, 1
+peaksupport.io, 1
+peakvets.co.uk, 1
+peamotocenter.com.br, 1
+peanutbutter.com, 1
+peanutpay.de, 1
+peanutproductionsnyc.com, 1
+pearbloom.com, 1
+pearlcohen.com, 1
+pearle.nl, 1
+pearljamargentina.tk, 1
+pearloc.com, 1
+pearlsonly.ca, 1
+pearlsonly.com, 1
+pearlsonly.com.au, 1
+pearlsonly.de, 1
+pearlteethers.ga, 1
+pearlteethest.ga, 1
+pearson424.org, 1
+pearsonbsl.com, 1
+pearstudios.cf, 1
+pearvn.tk, 1
+peas-project.com, 1
+pease.co.nz, 1
+peathealth.co.nz, 1
+peatsuki.com, 1
+peaudange.ch, 1
+peawee.co.uk, 1
+peawo.com, 1
+pebblenest.uk, 1
+pebkac.gr, 0
+peblet.be, 1
+pebook.tk, 1
+pec-email.com, 1
+pec.net, 1
+pecadis.de, 1
+pecan.ai, 1
+pecetowicz.pl, 1
+pecheneg.tk, 1
+pechibani.by, 0
+pechka.tk, 1
+pechnik-negara.ru, 0
+pechonova.com, 1
+pecker-johnson.com, 1
+peckway.co.uk, 1
+pecmd.net, 1
+pecs.com, 1
+pecsusa.com, 1
+pect.com.pk, 1
+ped-bike.de, 1
+peda.net, 1
+pedago.it, 1
+pedagoplume.fr, 1
+pedaleuse.be, 1
+pedalia.cc, 1
+pedalirovanie.tk, 1
+pedalr.eu, 1
+peddals.com, 1
+peddy.dyndns.org, 1
+peddyland.tk, 1
+pediatersucha.sk, 1
+pediatricdentistrycenter.com, 1
+pediatricdentistsdaculaga.com, 1
+pediatricdentistslilburnga.com, 1
+pediatricorthopedic.com, 1
+pedicure-stadspolders.nl, 1
+pedicurean.nl, 1
+pedicureduiven.nl, 1
+pedicurepraktijkvelserbroek.nl, 1
+pedigreetechnologies.com, 0
+pedikura-vitu.cz, 1
+pedimanie.cz, 1
+pedimoda.com.br, 1
+pedo.house, 1
+pedodontie.ro, 1
+pedohunters.de, 1
+pedrazanoticias.tk, 1
+pedro.com.es, 1
+pedrobotias.tk, 1
+pedrolamas.com, 1
+pedrollo-ua.com, 1
+pedroministro.pt, 1
+pedromunoz.tk, 1
+pedrooliveira.tk, 1
+pedrosanto.tk, 1
+pedrosart.it, 1
+pedrosaurus.com, 1
+pedrosillo-delosaires.tk, 1
+pedrotimoteo.com, 1
+peduse.com, 1
+pedziran.com, 1
+peekier.com, 1
+peelawayyourpain.com, 1
+peels.fr, 1
+peen.ch, 1
+peenee.in.th, 1
+peenor.xyz, 1
+peep.gq, 1
+peer.travel, 1
+peerberry.com, 1
+peercraft.at, 1
+peercraft.be, 1
+peercraft.biz, 1
+peercraft.ch, 1
+peercraft.cn, 1
+peercraft.co.uk, 1
+peercraft.com, 1
+peercraft.de, 1
+peercraft.dk, 1
+peercraft.es, 1
+peercraft.eu, 1
+peercraft.fr, 1
+peercraft.info, 1
+peercraft.it, 1
+peercraft.net, 1
+peercraft.nl, 1
+peercraft.org, 1
+peercraft.pl, 1
+peercraft.pt, 1
+peercraft.se, 1
+peercraft.us, 1
+peerjs.com, 1
+peername.com, 1
+peerpressurecreative.com, 1
+peers-liste.de, 1
+peers.gq, 1
+peers.tk, 1
+peersquaders.ga, 1
+peersquadest.ga, 1
+peerview.com, 1
+peerviewpress.com, 1
+peervoice.com, 1
+peerweb.com, 1
+peerwebdc.tk, 1
+peetah.com, 0
+peetersport.ee, 1
+peew.de, 1
+peewee-design.tk, 1
+pefile.tk, 1
+pefisa.com.br, 1
+pegas-studio.net, 1
+pegasnet.tk, 1
+pegdown.org, 1
+pegrum.rocks, 1
+pegundugun.tk, 1
+peifeng.li, 1
+peifi.de, 0
+peinture-77.fr, 1
+peippo.at, 1
+peirong.me, 1
+pekarstvivetvrzi.cz, 1
+pekcazip.com, 1
+peklostroj.cz, 1
+peklostroj.eu, 1
+peklostroj.sk, 1
+peko.com.mk, 1
+pekoe.se, 1
+pelagicus.co.uk, 1
+pelajaran.co.id, 1
+pelanucto.cz, 1
+pelata.net, 1
+pelatihanwirausaha.com, 1
+peleti.at, 1
+pelgrimhof.be, 1
+pelhamalrecreation.gov, 1
+pelhamlibraryal.gov, 1
+pelhrimov-strmechy.tk, 1
+pelican.ie, 1
+pelicanottertailmn.gov, 1
+pelicans.tk, 1
+peliculaonline.tk, 1
+peliculaslatino.tk, 1
+pelikone.fi, 1
+pelinca.nl, 1
+pelis-online.net, 1
+pellegrino.ar, 1
+pellet.pordenone.it, 1
+pellet.roma.it, 1
+pelletgrillreviews.com, 1
+pelletizermill.com, 1
+pelletsprice.com, 1
+pelmeni.cf, 1
+pelmeniuralskie.tk, 1
+pelo.tk, 1
+pelopoplot.com, 0
+pelosanimais.org, 1
+pelotonimports.com, 1
+pelsu.fi, 1
+peluche.tk, 1
+peluqueriaalcobendas.es, 1
+peluqueriacanina.tk, 1
+peluqueriacaninacavecanem.es, 1
+pem-jp.co.uk, 1
+pemagrid.org, 1
+pemasalem.com, 1
+pembeteknoloji.com.tr, 1
+pembhi.com, 1
+pembinewi.gov, 1
+pemborongbangunan.id, 1
+pembrokenc.gov, 1
+pemdas.xyz, 1
+pemerintahkota.com, 1
+pemez.com, 1
+pems.gov.au, 1
+pen-sec.de, 1
+pen15art.tk, 1
+pena-party.tk, 1
+pena600.tk, 1
+penatizavarise.com, 1
+penaugustin.com, 1
+penbrookpa.gov, 1
+pencepay.com, 1
+pencil2d.org, 1
+pencilboutique.com, 1
+pencillab.cn, 1
+penconsultants.com, 1
+pendidikan.co.id, 1
+pendletoncountyky.gov, 1
+pendletoncountywv.gov, 1
+pendriveapps.com, 1
+pendrivelinux.com, 1
+penedo.tk, 1
+penelopia.pl, 1
+penes.cf, 1
+penetrationstest.se, 1
+penfold.fr, 1
+pengajar.co.id, 1
+pengembangan-web-mp-pd.com, 1
+pengepung.com, 1
+pengi.me, 1
+pengisatelier.net, 1
+pengui.uk, 1
+penguin-stats.cn, 1
+penguin-stats.io, 1
+penguin.co.uk, 1
+penguinclientsystem.com, 1
+penguindominatrix.com, 1
+penguindrum.moe, 1
+penguinos.tk, 1
+penguinprotocols.com, 1
+penguinrandomhousegrupoeditorial.com, 1
+penguins.ca, 1
+penguinshome.tk, 1
+penguinvillage.info, 1
+pengumuman.id, 0
+penholder.ga, 1
+peni.tk, 1
+peniarth.cymru, 1
+peninsula360.com, 1
+peninsulaadvancedurology.com, 1
+penispumpen.se, 1
+pennan.tk, 1
+pennergold.net, 1
+pennhillspa.gov, 1
+pennsauken.gov, 1
+pennyapp.io, 0
+pennybot.tk, 1
+pennylane.com, 1
+pennymail.ga, 1
+pennywise.tk, 1
+peno1.tk, 1
+penopoly.cf, 1
+penopoly.ga, 1
+penopoly.gq, 1
+penopoly.ml, 1
+penopoly.tk, 1
+penorai.ru, 1
+penoray.ru, 1
+penosa.ga, 1
+penrite.pl, 1
+penrithapartments.com.au, 1
+penrose.edu, 1
+pens-money.cf, 1
+pens-money.ga, 1
+pens-money.gq, 1
+pensacolafl.gov, 1
+pensacolawinterfest.org, 1
+pensador.com, 1
+pensador.info, 1
+pensatore.tk, 1
+pensia.tk, 1
+pensieridigitali.tk, 1
+pensierolaterale.tech, 1
+pensioenfonds-ey.nl, 1
+pension-am-alten-waschhaus.de, 1
+pension-chevaux.com, 1
+pension-ua.tk, 1
+pension.ga, 1
+pensionchien.com, 1
+pensionecani.roma.it, 1
+pensioner-1000.tk, 1
+pensionesdominicanas.com, 1
+pensionstal.tk, 1
+pensiontrackerers.ga, 1
+pensiun.ga, 1
+pensiune-doina.ro, 1
+pensiunea-maria.tk, 1
+pensiunea-paco.ro, 1
+pensiunealido.ro, 1
+pentacodes.com, 0
+pentagon-area.tk, 1
+pentagonix.com.br, 1
+pentagram.cf, 1
+pentagram.me, 1
+pentagrid.ch, 1
+pentamexicali.tk, 1
+pentamultiservice.it, 1
+pentandra.com, 1
+pentaquin.com, 1
+pentaquin.net, 1
+pentatonik.tk, 1
+pentechmc.blog, 1
+pentekdograma.com, 1
+pentest.blog, 1
+pentesterlab.com, 1
+pentestit.com, 1
+pentestpartners.com, 1
+penthy.eu, 1
+pentofun.ch, 1
+pentoo.ch, 1
+pentools.org, 1
+pentopolimer.com, 1
+pentwatertownshipmi.gov, 1
+penuelaspr.gov, 1
+penultimategaming.com, 1
+penya.ga, 1
+penyavictorhernani.tk, 1
+penz.media, 1
+penza-on-line.tk, 1
+penza-today.tk, 1
+penzaonline.cf, 1
+penzionvzahrade.cz, 1
+people.ai, 0
+people.deloitte, 1
+people2hire.co.uk, 1
+peopleandchange.nl, 1
+peoplecert.org, 1
+peoplefinders.ml, 1
+peoplelikemeapp.com, 1
+peopleofcolorcareers.com, 1
+peopleplanetconnect.org, 1
+peoplesbankal.com, 0
+peoplescu.com, 1
+peoplesdecade.org, 1
+peopleskills4u.net, 1
+peoplesliberationfront.tk, 1
+peoplesoft-support.nl, 1
+peoplespets.co.uk, 1
+peoplesplatform.cf, 1
+peoplesplatform.tk, 1
+peoplesrepublicofchinasucks.com, 1
+peoplesrights.org, 1
+peoriacounty.gov, 1
+peoriaelections.gov, 1
+peoriaevents.com, 1
+peoriail.gov, 1
+peoriaparks-il.gov, 1
+pepe.cz, 1
+pepechkov.com, 1
+pepechkova.com, 1
+pepeelektro.sk, 1
+pepegol.it, 1
+pepegym.cz, 1
+pepemodelismo.com.br, 1
+peperiot.com, 1
+peperoni.tk, 1
+peperstraat.online, 1
+pepfar.gov, 1
+pepitadinamitastudios.com, 1
+pepix.pl, 1
+peplex.ddns.net, 1
+peplex.nl, 1
+peppelmedi.fi, 1
+pepperandpartner.com, 1
+peppermillinteriors.com, 1
+peppertalks.com, 1
+peppyflora.com, 1
+pepsi.investments, 1
+pepsipromos.com, 1
+pepta.net, 1
+pepul.com, 1
+pepul.tech, 1
+pepwaterproofingllc.com, 1
+peqal.cf, 1
+pequenaitalia.com.br, 1
+pequenas-historias.tk, 1
+pequenosbichos.com.br, 1
+pequenosfavoritos.com.br, 0
+per-olsson.se, 1
+peraavcilar.com, 1
+peracup.com.tr, 1
+perala.me, 1
+perali.com, 0
+peraparker.cz, 1
+perberestja.gq, 1
+perception-point.io, 1
+perceptyx.com, 1
+perchance.org, 1
+percherosdepared.es, 1
+percherosdepared.online, 1
+percolate.com, 1
+percussiontonal-forum.de, 1
+percy.io, 1
+percydutton.co.uk, 1
+percymagic.tk, 1
+perd.re, 1
+perdanabagus.tk, 1
+perdele-draperii.ro, 1
+perdita-capelli.tk, 1
+perdolyathlendr.tk, 1
+perecraft.com, 1
+peredovaya.tk, 1
+peredoz.tk, 1
+pereezd.ml, 1
+peregrinefund.org, 1
+peregrinus.es, 1
+perekodu.ee, 1
+peremena.ml, 1
+perenne.ee, 1
+perennialte.ch, 1
+perennialwomens.com, 1
+perera.net, 1
+peresypchanka.tk, 1
+pereuda.com, 1
+perevedi.org, 1
+perevedut.cf, 1
+perevod-tekst-pesni.ru, 1
+perewall.tk, 1
+perez-marrero.com, 1
+perezdecastro.org, 0
+perf-b2b.com, 1
+perf1.com, 1
+perfare.net, 1
+perfect-blog.com, 1
+perfect-carstyle.de, 1
+perfect-dream.tk, 1
+perfect-privacy.com, 1
+perfect-seo.ru, 1
+perfect-tour.ro, 1
+perfect8.com.tw, 1
+perfectbalance.tech, 1
+perfectcloud.org, 1
+perfectcommunity.ga, 1
+perfecteclass.com.cy, 1
+perfectfocuseyecare.com, 1
+perfectgift.com, 0
+perfectgift.tk, 1
+perfectlyluxe.ml, 1
+perfectlyluxe.tk, 1
+perfectmatch.cf, 1
+perfectme.ml, 1
+perfectme.tk, 1
+perfectosidiotaspunk.tk, 1
+perfectplrarticles.ga, 1
+perfectpussypics.com, 1
+perfectsize.pl, 1
+perfectsnap.co.uk, 1
+perfectsoft.tk, 1
+perfecttits.net, 1
+perfectweb.today, 1
+perfectworldbot.tk, 1
+perfekt-style.com, 1
+perfektesgewicht.com, 1
+perferxprecision.com, 1
+perfmatters.io, 1
+perfmed.ro, 1
+perforlabs.com, 1
+performance-advertising.de, 1
+performance.gov, 1
+performancehealth.com, 0
+performancematters.ie, 1
+performancerh.fr, 1
+performancerunningsolutions.com, 1
+performances-supervision.fr, 1
+performancetillagebolt.com, 1
+performancetransmission.net, 1
+performing-art-schools.com, 1
+performingdreams.tk, 1
+performiptv.com, 1
+performiptv.net, 1
+performive.com, 1
+performpracticesolutions.com, 1
+perfumerie.tk, 1
+perfumes.com.br, 1
+perfumesloewe.com, 1
+perfumesweb.com.br, 1
+perfumki.tk, 1
+pergam.by, 0
+pergam.kz, 1
+pergamentka-apartments.cz, 1
+pericsope.gq, 1
+peridotcapitalpartners.com, 1
+perigon.ch, 1
+perini.com.au, 1
+perinton.gov, 1
+periodex.co, 1
+periodicojerez.info, 1
+periodicomirador.com, 1
+periodicopcion.tk, 1
+periodista.tk, 1
+periony.com, 1
+periosearch.tk, 1
+periscope.tv, 1
+periscopeup.com, 1
+perishablepress.com, 1
+peritos-informaticos.com, 1
+perkilo.eu, 1
+perksplus.com, 1
+perlbanjo.com, 1
+perlego.com, 1
+perlesdelumiere.com, 1
+perlina.co.il, 1
+perm-avia.ru, 1
+perm-jur.ch, 0
+perm-juridique.ch, 0
+perm-l2.tk, 1
+permaculture.cf, 1
+permadi.id, 1
+permaditya.my.id, 1
+permajackofstlouis.com, 1
+permajackstlouis.com, 1
+permak.tk, 1
+permanence-juridique.com, 0
+permanencejuridique-ge.ch, 0
+permanencejuridique.com, 0
+permanencesecretariat.fr, 1
+permarisk.gov, 1
+permaseal.net, 1
+permasealbasement.com, 1
+permasealbasementsystems.com, 1
+permasealplumbing.com, 1
+permasealwaterproofing.com, 1
+permeance108.com, 1
+permian-elec.com, 1
+permis-a-points-bordeaux.com, 1
+permis-a-points-montpellier.com, 1
+permis-apoints.com, 1
+permis-apoints.fr, 1
+permis.online, 1
+permiscoderoute.fr, 1
+permisecole.com, 1
+permista.nl, 1
+permistheorique.be, 1
+permistheoriqueenligne.be, 1
+permitting.gov, 1
+permutationcity.net, 1
+perniciousgames.com, 0
+pernod-ricard.io, 1
+peroduaselangor.com, 1
+peronmedya.com, 1
+perot.me, 1
+perpetual.ga, 1
+perpetualemotion.com, 1
+perpetuum.tk, 1
+perrau.lt, 0
+perreiraproperties.com, 1
+perretes.com.es, 1
+perritas.tk, 1
+perritos.tk, 1
+perron.ml, 1
+perroon.eu, 1
+perrybook.tk, 1
+perrycountyal.gov, 1
+perrycountyil.gov, 1
+perrycountyky.gov, 1
+perrycountymo.gov, 1
+perrycountytn.gov, 1
+perryvilleky.gov, 1
+perryvillemo.gov, 1
+pers-hr.tk, 1
+perscore.tk, 1
+perseo.tk, 1
+persephone.gr, 1
+persey-ssm.com.ua, 1
+persey.tk, 1
+persian-clan.tk, 1
+persiandating.tk, 1
+persianrom.com, 1
+persiart.shop, 1
+persiennexperten.se, 1
+persiennkompaniet.se, 1
+persistence.one, 1
+persistshields.org, 1
+persjrp.ca, 1
+perso.pl, 1
+persoform.ch, 1
+personabrindesbr.com.br, 1
+personacommunications.com.au, 1
+personal-genome.com, 1
+personal-scrum.de, 1
+personal-scrum.eu, 1
+personalaccidentsers.ga, 1
+personalaccidentsest.ga, 1
+personalfunctionaldata.net, 1
+personalhydroponics.com, 1
+personalidadmagnetica.com, 1
+personaliseyourwine.com.au, 1
+personalisiertegeschenke.tk, 1
+personalisiertesgeschenk.tk, 1
+personalityjunkie.com, 1
+personaljokes.cf, 1
+personaljokes.ml, 1
+personaljokesers.ga, 1
+personaljokesest.ga, 1
+personaljourneys.co.nz, 1
+personalliza.pt, 1
+personalnames.net.ru, 1
+personalpages.us, 1
+personalrecreationaltourguides.com, 1
+personaltrainer-senti.de, 1
+personaltraineredu.org, 1
+personalwebsite.services, 1
+personcar.com.br, 1
+persondatakonsulenterne.dk, 1
+personetics.com, 1
+personlookup.com.au, 1
+personnedisparue.fr, 1
+perspective-daily.de, 1
+perspective.com.tr, 0
+perspectives-de-voyage.com, 1
+perspectivum.com, 0
+perspektivwechsel-coaching.de, 0
+perspio.io, 1
+persson.im, 1
+persson.me, 1
+perssonsgarn.se, 1
+persuader-reports.gov, 1
+persuasionmatters.com, 1
+perswayze.com, 1
+perthhillsarmadale.com.au, 1
+perthpregnancycentre.com.au, 1
+perthtrains.net, 1
+perthunicyclists.tk, 1
+perthweekend.com.au, 1
+pertwarp.tk, 1
+perubusca.nl, 1
+perugamerz.tk, 1
+perugiatoday.it, 1
+peruil.gov, 1
+perulinks.tk, 1
+perun.wiki, 1
+perunderforos.tk, 1
+perunsoft.rs, 1
+perupoemas.tk, 1
+peruprogramadores.tk, 1
+perusal.eu, 1
+perusal.social, 1
+perusteet.tk, 1
+peruutetutlennot.fi, 1
+peruvianhairextension.tk, 1
+peruvianhumanhair.tk, 1
+peruvianphotography.com, 1
+peruviantravel.tk, 1
+pervacio.hu, 1
+perved.org, 1
+pervejshijistochnik.tk, 1
+perversa.cl, 1
+pervesk.lt, 1
+pervoklass.cf, 1
+pervomaysk-city.ml, 1
+perwinaguirre.com, 1
+perzeidi.hr, 1
+pesandansampai.tk, 1
+pesar.tk, 1
+pesc.ru, 1
+pescadorcomunicacao.com, 1
+pescamagnetica.pt, 1
+pescanetworks.tk, 1
+pescans.com, 1
+pescco.com.br, 1
+peshakoo.com, 1
+pesinatsizsenetle.com, 1
+pesitalia.tk, 1
+pesnik.tk, 1
+pesnitut.ga, 1
+pesquisasremuneradas.net, 1
+pessa-webdesign.tk, 1
+pessebrevivent-lallacuna.tk, 1
+pestalertsers.ga, 1
+pestalertsest.ga, 1
+pestcontrol.co.uk, 1
+pestdefense.com, 1
+pesterchum.online, 1
+pesterchum.xyz, 1
+pesthotelers.ga, 1
+pestici.de, 1
+pestkill.info, 1
+pestleandmortar.hk, 1
+pesto.video, 1
+pestpatrol.ga, 1
+pestpilis.hu, 1
+pestra.tk, 1
+pet-cat-accessories.ml, 1
+pet-distributor.cz, 1
+pet-guide.net, 1
+pet-hotel-mura.net, 1
+pet-net.tk, 1
+pet-tekk.co.uk, 1
+peta.tk, 1
+petabits.de, 1
+petabundant.ga, 1
+petal-ms.gov, 1
+petalkr.com, 1
+petalsoft.tk, 1
+petamazing.ga, 1
+petaouchnok.ch, 1
+petar.fyi, 1
+petblaster.ga, 1
+petblender.ga, 1
+petbooking.it, 1
+petbrowser.ga, 1
+petburial.cf, 1
+petcareonline.com, 1
+petcharte.ga, 1
+petclassy.ga, 1
+petclient.ga, 1
+petcollections.ga, 1
+petcollector.ga, 1
+petcolor.ga, 1
+petcounty.ga, 1
+petcrawler.ga, 1
+petdesign.tk, 1
+petdesigning.ga, 1
+petdir.ga, 1
+petdish.ga, 1
+petdollar.ga, 1
+peteacheredu.org, 1
+petech.ro, 1
+petelew.is, 1
+petemerges.com, 1
+petemerges.xyz, 1
+peter-r.co.uk, 1
+peter-zhu.ca, 1
+peter.org.ua, 1
+peterackermans.tk, 1
+peterandjoelle.co.uk, 1
+peterarcherbeyondvision.com, 0
+peterbarrett.ca, 1
+peterbischof.at, 1
+peterborgapps.com, 1
+peterboroughhydroponics.com, 1
+peterbruceharvey.com, 1
+peterbulckaen.tk, 1
+petercai.com, 1
+petercawthron.com, 1
+peterdavehello.org, 1
+peterfiorella.com, 1
+peterfolta.net, 1
+petergudo.tk, 1
+peterhall.au, 1
+peterheery.me, 0
+peterherman.tk, 1
+peterhome.cn, 1
+peterhome.tk, 1
+peterhuetz.at, 1
+peterhuetz.com, 1
+peterjin.org, 1
+peterjohnson.io, 1
+peterkotula.tk, 1
+peterkrivanek.com, 1
+peterkshultz.com, 0
+peterkuma.net, 1
+peterlajos.com, 1
+peterlew.is, 1
+peterlmai.com, 0
+petermaar.com, 1
+petermamo.com, 1
+petermuenster.tk, 1
+peteroerlemans.be, 1
+peterpauer.com, 1
+peterpiperpizza.com, 1
+peters.consulting, 1
+petersburgmi.gov, 1
+peterseninc.com, 1
+petersonbrosrealty.com, 1
+petersport.ee, 1
+petersson-gartengestaltung.de, 1
+petersweb.me.uk, 1
+petervaldesii.com, 0
+petervantriet.nl, 1
+peteschmidt.com.au, 1
+petevagabond.com, 1
+petfa.ga, 1
+petfame.ga, 1
+petfeedback.ga, 1
+petfilter.tk, 1
+petfleet.ga, 1
+petflower.ga, 1
+petfolder.ga, 1
+petgeo.ga, 1
+petgrow.ga, 1
+petgun.ga, 1
+pethandsome.ga, 1
+pethard.ga, 1
+petherwick.co.uk, 1
+petherwick.com, 1
+peticion.tk, 1
+petimagine.ga, 1
+petit-archer.com, 1
+petit-bebe.fr, 1
+petitbleu.fr, 1
+petite-annonce.tk, 1
+petite-maison.ch, 0
+petiteframes.com, 1
+petitenympha.com, 1
+petitions.by, 1
+petitions.pro, 1
+petitmaison.net, 1
+petitnuagephotographie.be, 1
+petitsfrenchies.com, 1
+petitsfreresdespauvres.fr, 1
+petitu.mx, 1
+petjoy.co.za, 1
+petkiss.ga, 1
+petknight.ga, 1
+petless.ga, 1
+petlife.od.ua, 1
+petlife.vet, 1
+petlittle.ga, 1
+petmall.bg, 1
+petmatchmaker.org, 1
+petmegoo.com, 1
+petmessenger.ga, 1
+petmetric.ga, 1
+petnatural.ga, 1
+petnight.ga, 1
+petnow.gr, 1
+petopedia.ga, 1
+petopplis.ga, 1
+petops.de, 1
+petos.tk, 1
+petover.ga, 1
+petpedia.co, 1
+petpipe.ga, 1
+petpower.eu, 1
+petpuppy.tk, 1
+petr.as, 1
+petr.se, 1
+petr22shcool.tk, 1
+petra-toroid.ro, 1
+petrachuk.ru, 1
+petrally.ga, 1
+petrarca.tk, 1
+petrates.ga, 1
+petredhot.ga, 1
+petrequest.ga, 1
+petrkulik.cz, 1
+petrocheminc.com, 1
+petrochemprojects.ga, 1
+petrofac.com, 1
+petrol-power.tk, 1
+petroleum-schools.com, 1
+petroleumservicecompany.com, 1
+petroll.ga, 1
+petroscand.eu, 1
+petrostar.com, 1
+petrostathis.com, 0
+petrotranz.com, 1
+petrotrustlibya.com, 1
+petrov.engineer, 0
+petrovich.pro, 0
+petrovitch.tk, 1
+petrozavodsk.ga, 1
+petruv-grunt.cz, 1
+petruzz.net, 1
+pets4adoption.tk, 1
+pets4life.com.au, 1
+petsafe.net, 0
+petscams.com, 1
+petschnighof.at, 1
+petsdeners.ga, 1
+petsdenest.ga, 1
+petsidi.com, 1
+petsmundoanimal.com, 1
+petsnapshot.ga, 1
+petsnews.ga, 1
+petsnvets.org, 1
+petspark.tk, 1
+petsplash.ga, 1
+petsru.net, 1
+petstick.ga, 1
+petstok.com.br, 1
+petstreaming.ga, 1
+petsulcatatortoise.com, 1
+petsurreal.ga, 1
+pettersatlher.com.br, 1
+pettopsecret.ga, 1
+pettreasure.ga, 1
+pettreats.com.br, 1
+petunder.ga, 1
+peturnashes.ga, 1
+petutility.tk, 1
+petvisual.ga, 1
+petwall.info, 1
+petyolo.org, 1
+peuf.shop, 1
+peukert.cc, 1
+peupledefrance.fr, 1
+pevat-ua.tk, 1
+pew.ninja, 1
+pewamo.gov, 1
+pewat.com, 1
+pewforum.org, 1
+pewglobal.org, 1
+pewresearch.org, 1
+pex.digital, 0
+pexlab.net, 1
+peyote.com, 1
+peyote.org, 1
+peyote.wiki, 1
+peyukoshop.com, 1
+pf.dk, 1
+pfa.or.jp, 1
+pfabel.com, 1
+pfadfinder-grossauheim.de, 1
+pfalz-mail.de, 1
+pfandbriefbank.net, 1
+pfandbriefe.de, 1
+pfandbriefsparen.de, 1
+pfannkuchenbratze.de, 1
+pfarchimedes-pensioen123.nl, 1
+pfarreiengemeinschaft-neuerburg.de, 1
+pfarrhaus-mon.ch, 1
+pfashionmart.com, 1
+pfcafeen.dk, 1
+pfcardprogram.com, 1
+pfcchavdar.tk, 1
+pfcharland.com, 1
+pfctr.com, 1
+pfd-nz.com, 1
+pfe.rs, 1
+pfefferkuchen-shop.de, 0
+pfefferkuchenprinzessin-dresden.de, 0
+pfefferle.online, 1
+pfeiffer.tech, 1
+pfeifferszilard.hu, 1
+pferdesportclub-chiemgau.de, 1
+pfeuffer-elektro.de, 1
+pff.com.au, 1
+pfft.net, 1
+pfgl.co.uk, 1
+pfingstsportfest.de, 0
+pfish.zone, 1
+pfk.org.pl, 1
+pflan.dk, 1
+pflanzen-shop.ch, 1
+pflanzkompass.at, 1
+pflege.ch, 1
+pfmeasure.com, 1
+pfnpc.org, 1
+pfolta.net, 1
+pfonboarding.org, 1
+pfonks.com, 1
+pfp.com.au, 1
+pfp.works, 1
+pfr.email, 1
+pfr.wtf, 1
+pfrost.me, 1
+pfsandbox.com, 1
+pfsquad.blog, 0
+pfsquad.nu, 1
+pfssales.com, 1
+pfudor.tk, 1
+pfwarriors.com, 1
+pg-forum.at, 1
+pg-forum.ch, 1
+pg-forum.de, 0
+pg-mana.net, 1
+pg-sec.com, 1
+pg-sec.cz, 1
+pg-sec.eu, 1
+pg-slot.me, 1
+pgazette.tk, 1
+pggm.nl, 1
+pgh-art.com, 1
+pgica.org, 1
+pgklaw.com.au, 1
+pglaum.tk, 1
+pgllandscaping.com, 1
+pgln.tk, 1
+pgmann.com, 1
+pgmjr.com, 1
+pgmsource.com, 1
+pgmsp.net, 1
+pgmtechnologies.com, 1
+pgnd.net, 1
+pgnetwork.io, 1
+pgnetwork.net, 1
+pgnetwork.org, 1
+pgp.lol, 1
+pgp.net, 1
+pgp.network, 1
+pgp.org.au, 1
+pgpaintanddesign.com, 1
+pgpmail.cc, 1
+pgregg.com, 1
+pgsec.cz, 1
+pgsec.eu, 1
+pgsek.cz, 1
+pgsindustries.com.au, 0
+pgslot.id, 1
+pgsls.com, 1
+pgsupplier.com, 1
+pgwap.com, 1
+pgwellnesscoach.it, 1
+ph-brand.jp, 1
+ph-consult.sk, 1
+ph-ooe.at, 1
+ph.search.yahoo.com, 0
+ph1worlddevelopers.com, 1
+ph3r3tz.net, 1
+ph4nt0m.ddns.net, 0
+ph89.de, 1
+pha.one, 1
+pha.pub, 1
+phagyo.com, 1
+phannuoc.net, 1
+phantasia.tk, 1
+phantasie.cc, 1
+phantasmag.gq, 1
+phantastikon.de, 1
+phantom-games.tk, 1
+phantomfund.cf, 1
+phantomfund.ml, 1
+phantomfunders.ga, 1
+phantomlighting.com, 1
+phantomlord.tk, 1
+phantomphans.tk, 1
+phantomware.tk, 1
+pharandespaces.com, 1
+pharma-insights.nl, 1
+pharmaabsoluta.com.br, 1
+pharmaboard.de, 1
+pharmaboard.org, 1
+pharmaceuticalcannabis.org, 1
+pharmacie-matignon.com, 1
+pharmacy.org.pk, 1
+pharmalab.eu, 1
+pharmalab.fr, 1
+pharmalinkinternational.com, 1
+pharmapolitics.com, 1
+pharmasana.co.uk, 1
+pharmasana.de, 1
+pharmasana.ru, 1
+pharmasyncers.ga, 1
+pharmasyncest.ga, 1
+pharmgkb.org, 0
+pharmica.co.uk, 1
+pharmica.uk, 1
+pharosconsulting.com, 1
+pharside.dyndns.org, 1
+pharynks.com, 1
+pharynx.nl, 1
+phasersec.com, 1
+phasme-2016.com, 1
+phastidio.net, 1
+phatblackbooty.com, 1
+phattea.tk, 1
+phbits.com, 1
+phc4submit.org, 1
+phcimages.com, 1
+phcloud.spdns.de, 1
+phcnetworks.net, 0
+phcorner.net, 1
+phd, 1
+phdelivery.com, 1
+phdgames.com, 1
+phdhub.it, 1
+phdsolutions.org, 1
+phdwuda.com, 1
+pheasantrunpress.com, 1
+phellow.de, 1
+phellowseven.com, 1
+phelx.de, 1
+phen-garcinia.info, 1
+phenergan.ga, 1
+phenergan.ml, 1
+phenixairsoft.com, 1
+phenixlab.fr, 0
+phenomnaltwincities.com, 1
+phenriques.com, 1
+phenweb.co.uk, 1
+pheramoan.com, 1
+pheromeons.com, 1
+pheromoans.com, 1
+pheromoens.com, 1
+pheromonetalk.com, 0
+pheronome.com, 1
+pheronomes.com, 1
+pheros.com, 1
+pheroz.com, 1
+phesita.gq, 1
+phew.co.nz, 1
+phfrost.nl, 1
+phialo.de, 1
+phibureza.com, 1
+phigrupopolideportivo.es, 0
+phihq.com, 0
+phil-dirt.com, 1
+phil-phillies.com, 1
+phil.red, 1
+phil.to, 1
+phil.tw, 1
+philadelphia.com.mx, 1
+philanima.com, 1
+philarmonic-abaza.tk, 1
+philasd.org, 1
+phildevient.tk, 1
+phildonaldson.com, 1
+phileas-psychiatrie.be, 1
+philia-sa.com, 0
+philiacare.com.au, 1
+philipbuckmaster.co.uk, 1
+philipdb.com, 1
+philipdb.nl, 1
+philipdeussen.com, 1
+philipdeussen.de, 1
+philiperiksson.se, 1
+philipkdick.tk, 1
+philipkobelt.ch, 1
+philiplowran.tk, 1
+philipmordue.co.uk, 1
+philipmorrisdirect.co.uk, 1
+philipoff.com, 1
+philipp-trulson.de, 0
+philipp.vip, 1
+philippa.cool, 1
+philippbirkholz.com, 1
+philippbirkholz.de, 1
+philippe-mignotte.fr, 1
+philippebonnard.fr, 1
+philippegoffin.be, 1
+philippehannes.fr, 1
+philippekhau.tk, 1
+philippemunn.photo, 1
+philippheenen.de, 0
+philippinegreenparty.tk, 1
+philippinenewsvanguard.tk, 1
+philippkaindl.de, 1
+philippkeschl.at, 1
+philippwinterberg.com, 1
+philipslater.cf, 1
+philipslater.ga, 1
+philipslater.gq, 1
+philipslater.ml, 1
+philipsmanythougths.cf, 1
+philipsmanythougths.ga, 1
+philipsmanythougths.ml, 1
+philipssupportforum.com, 1
+philipthomas.com, 1
+philipzhan.com, 1
+philipzhan.tk, 1
+philis-oenologie.fr, 1
+phillipgoldfarb.com, 1
+phillippe-lemarc.ch, 1
+phillipspediatricsoxford.com, 1
+phillprice.com, 0
+phillyhometech.com, 1
+phillyinjurylawyer.com, 1
+philographie.com, 1
+philology.tk, 1
+philomathiclife.com, 1
+philosoftware.com.br, 1
+philosophers.tk, 1
+philosopherswool.com, 1
+philosophy-colleges.com, 1
+philosophyguides.org, 1
+philosophytalk.org, 1
+philphonic.de, 1
+philpropertygroup.com, 0
+philrights.org, 1
+phils1990.com, 1
+philsturgeon.uk, 1
+philward.io, 1
+philwilson-green.cf, 1
+philwilson-green.ga, 1
+philwilson-green.gq, 1
+philwilson-green.ml, 1
+phimmoingay.org, 1
+phimtor.com, 1
+phinikarides.net, 1
+phiomegachi.tk, 1
+phishing-studie.org, 1
+phishing.army, 1
+phishingplanet.com, 1
+phishingusertraining.com, 1
+phisis.com.br, 1
+phive.eu, 1
+phive.social, 1
+phixer.com, 1
+phligence.com, 1
+phobos.tk, 1
+phoebestrong.org, 1
+phoenix-correspondence-commission.gov, 1
+phoenix.dj, 1
+phoenixboard.tk, 1
+phoenixcourt.gov, 1
+phoenixdepositionservices.com, 1
+phoenixfrequency.ga, 1
+phoenixlpgpasig.com, 1
+phoenixmanga.com, 1
+phoenixmunicipalcourt.gov, 1
+phoenixnest.ltd, 1
+phoenixpower.tk, 1
+phoenixsalon.eu, 1
+phoenixurbanspaces.com, 1
+phoenixville.online, 1
+phoenixwebsitedesign.com, 1
+phographer.com, 1
+pholio.com, 1
+phone-service-center.de, 1
+phone-spy.ml, 1
+phone42.com, 1
+phonearena.com, 1
+phonedoc.it, 1
+phonefilter.co.uk, 1
+phonefleet.fr, 1
+phonegnome.com, 1
+phoneia.com, 1
+phoneincentivesers.ga, 1
+phoneincentivesest.ga, 1
+phoneinformation.cf, 1
+phoneinformation.ga, 1
+phoneinformation.gq, 1
+phoneinformation.ml, 1
+phoneinformation.tk, 1
+phonelookupname.ml, 1
+phonenumber-info.co.uk, 1
+phonenumberfind.cf, 1
+phonenumberfind.ga, 1
+phonenumberfind.gq, 1
+phonenumberfind.ml, 1
+phonenumberfind.tk, 1
+phonesbooksest.ga, 1
+phonesexchat.com, 1
+phonesexnumbers.com, 1
+phoneswiz.com, 1
+phonet.tk, 1
+phonetika.org, 1
+phonetrace.tk, 1
+phonetrack.tk, 1
+phonevibrator.com, 1
+phonex.bg, 1
+phonex.com.mx, 1
+phoneyourselfers.ga, 1
+phoneyourselfest.ga, 1
+phonix-company.fr, 1
+phonosynthese.tk, 1
+phonosynthesis.tk, 1
+phorcys.net, 1
+phormance.com, 1
+phormulagroup.com, 1
+phosagro.biz, 0
+phosagro.com, 0
+phosagro.ru, 0
+phosforum.ga, 1
+photistic.org, 1
+photo-blowup.com, 0
+photo-booth.ro, 1
+photo-design.ml, 1
+photo-host.tk, 1
+photo-journ.com, 0
+photo-livesearch.com, 1
+photo-news.tk, 1
+photo-on-event.de, 1
+photo-paysage.com, 1
+photo-travel.tk, 1
+photoartelle.com, 1
+photobank.ml, 1
+photobc.photos, 1
+photobcdev.photos, 1
+photoblock.tk, 1
+photobooth-romania.ro, 1
+photobooth.id, 1
+photobosco.tk, 1
+photobrunobernard.com, 1
+photobyzachary.tk, 1
+photochka.tk, 1
+photoclothing.tk, 1
+photoconferenceers.ga, 1
+photoconferenceest.ga, 1
+photodeal.fr, 1
+photodyna.tk, 1
+photofinale.com, 1
+photogelique.be, 1
+photograf.io, 1
+photograni.ru, 1
+photographe-perigueux.com, 1
+photographe-reims.com, 0
+photographeremploymenters.ga, 1
+photographeremploymentest.ga, 1
+photographerforwedding.tk, 1
+photographersdaydream.com, 1
+photography-workshops.net, 1
+photographyandvideo.tk, 1
+photographyforchange.com, 1
+photographyforchange.org, 1
+photolakeview.com, 1
+photolessya.by, 1
+photomath.com, 1
+photomizer.com, 0
+photomodelcasting.com, 1
+photomosaicwall.ca, 1
+photonclub.ir, 1
+photoncourier.com, 1
+photopalace.tk, 1
+photophobia.tk, 1
+photoprint.tk, 1
+photoprofi.tk, 1
+photops.fr, 1
+photoreal.tk, 1
+photorelive.com, 1
+photosafari.com.my, 1
+photosafaribg.com, 1
+photosavi.com, 1
+photosbyzachary.tk, 1
+photoscheduleers.ga, 1
+photoscheduleest.ga, 1
+photoscotland.net, 1
+photosgaia.ch, 1
+photoshop-tipps-und-tricks.de, 1
+photosight.ru, 1
+photosight.tk, 1
+photosoftware.nl, 1
+phototechnique.tk, 1
+phototravel.uk, 1
+phototrio.com, 1
+photoutils.com, 1
+photovoltaik-reinigung.biz, 1
+photowall.tk, 1
+photowire.uk, 1
+photune.net, 1
+phoxden.net, 1
+phoxworld.com, 1
+php.watch, 1
+phparcade.com, 1
+phparena.net, 1
+phpartners.org, 1
+phpbb-tutorials.cf, 1
+phpbbchinese.com, 0
+phpdevlabs.tk, 1
+phpdorset.co.uk, 1
+phpfactory.io, 1
+phpfashion.com, 1
+phpgalleria.com, 1
+phpinfo.in.th, 1
+phpkari.cz, 1
+phpkoru.com, 1
+phpliteadmin.org, 1
+phpmyadmin.net, 1
+phpmynewsletter.com, 1
+phpnuke-guatemala.tk, 1
+phpprime.com, 1
+phpsecure.info, 1
+phpstan.com, 1
+phpstan.org, 1
+phpunit.de, 1
+phpwebs.com, 1
+phqsoft.com, 1
+phr34kz.pw, 0
+phra.gs, 1
+phreakaus.tk, 1
+phreaker.ml, 1
+phreaknet.org, 1
+phreesia.com, 1
+phrenology.com, 1
+phrive.space, 1
+phrlegal.com, 1
+phruse.com, 1
+phryanjr.com, 0
+phryneas.de, 1
+phsa.au, 1
+phsa.co.nz, 1
+phsa.com.au, 1
+phsa.net.au, 1
+phsa.nz, 1
+phsarapp.com, 1
+phship.cn, 1
+phtalent.tk, 1
+phtbth-upload.com, 1
+phuket-idc.com, 1
+phuket-idc.de, 1
+phuket-nash.cf, 1
+phuket-nash.ga, 1
+phuket-tour.ga, 1
+phuketbeach.tk, 1
+phuketdir.com, 1
+phuketroman.tk, 1
+phuketstyle.tk, 1
+phukettour.ga, 1
+phukettravel.gq, 1
+phukienchanh.com, 1
+phulyshop.com, 0
+phumin.in.th, 1
+phuoctran.com.vn, 1
+phuoctran.org, 1
+phuoctran.vn, 1
+phuong.faith, 1
+phurl.de, 1
+phv-bw.de, 1
+phwoarbeauty.com, 1
+phx2-az.tk, 1
+phxserver.net, 0
+phyi.loan, 1
+phyley.com, 1
+phyllischerry.com, 1
+physia.gr, 1
+physicalism.com, 1
+physicalist.com, 1
+physicalmedicineandrehab.com, 1
+physicaltherapistassistantedu.org, 1
+physicianassistantedu.org, 1
+physicianbookest.ga, 1
+physiciansopticalservice.com, 1
+physicpezeshki.com, 1
+physics-schools.com, 1
+physicsforums.com, 1
+physik.lol, 1
+physio-im-appelbachtal.de, 1
+physio-koenigsee.de, 1
+physiobalance.nl, 1
+physiobrite.tk, 1
+physioteam-franz.de, 1
+physiotherapie-buk.de, 1
+physiotherapie-concept.de, 1
+physiotherapie-seiwald.de, 1
+physiotherapist-physicaltherapist.com, 1
+physiovesenaz.ch, 0
+physis.earth, 1
+phytosunaroms.com, 1
+phyxion.net, 1
+phyzx.com.au, 1
+pi-dash.com, 1
+pi-net.dedyn.io, 1
+pi-supply.com, 1
+pi1.io, 1
+pia-bardo.tk, 1
+piaad9.org, 1
+piadouwes.tk, 1
+piai.cf, 1
+piai.ga, 1
+piai.gq, 1
+piai.ml, 1
+piai.tk, 1
+piaiai.com, 1
+piajuly.net, 1
+pialove.net, 1
+pianetaottica.eu, 1
+pianetaottica.info, 1
+pianetaottica.it, 1
+pianetatatuaggi.it, 1
+piano.io, 1
+pianoadventures.com, 1
+pianodisco.tk, 1
+pianoforpreschoolers.cf, 1
+pianoforpreschoolers.ga, 1
+pianoforpreschoolers.gq, 1
+pianoguy.tk, 1
+pianojockl.org, 1
+pianoo.nl, 1
+pianopronto.com, 1
+pianoschmitz.de, 1
+pianotaku.com, 1
+pianotuning.cn, 0
+pianyigou.com, 1
+piaohong.tk, 1
+piasativa.com, 1
+piasto.com.cy, 1
+piata-imobiliara.tk, 1
+piataborrachas.com.br, 1
+piatabrasil.com.br, 1
+piatenko.ml, 1
+piatika.com, 1
+piatika.in, 1
+piavonpadberg.com, 1
+piboston.org, 1
+piboubes.me, 1
+pic-sl.com, 1
+pic.gov, 1
+pic.sr, 1
+pic2map.com, 1
+pic2pat.com, 1
+pic2pat.nl, 1
+picalendar.com, 1
+picante.today, 1
+picapollochino.tk, 1
+picasoft.net, 1
+picatavocat.fr, 1
+picatom.com, 0
+piccirello.com, 1
+piccoliamicisport.it, 1
+piccolino.tk, 1
+piccolinokids.gr, 1
+piccolitrasporti.it, 1
+piccolopark.co.nz, 1
+picdefacer.com, 1
+pichainlabs.com, 0
+pichlerei.at, 1
+pick.aw, 1
+pick150.hu, 1
+picka.gift, 1
+pickastock.info, 1
+pickaw.click, 1
+pickaw.com, 1
+pickaw.link, 1
+pickawaycountyohio.gov, 1
+picked.cf, 1
+pickelhaubes.com, 1
+pickemsheet.com, 1
+pickenscountysc.gov, 1
+picketfence.tk, 1
+pickhdtvers.ga, 1
+pickhdtvest.ga, 1
+picklinik.id, 0
+pickmysoap.gr, 1
+picknetworkiscoming.sg, 1
+picknyeroizek.hu, 1
+picksin.club, 1
+picksshop.com, 1
+pickswapers.ga, 1
+pickswapest.ga, 1
+picksygirl.com, 1
+pickupalliance.com, 1
+pickupenc.ru, 1
+piclect.com, 1
+picme.tk, 1
+picmms.com, 1
+picobellos.tk, 1
+picofme.io, 1
+picom365.com, 1
+picone.com.au, 1
+piconepress.com, 1
+picordi.fr, 1
+picoulumber.com, 1
+picpay.com, 1
+picr.ws, 1
+picrew.me, 1
+pics.io, 1
+picsalesers.ga, 1
+picsastock.com, 1
+picshare.nz, 1
+picsnmore.de, 1
+picstar.tk, 1
+picsto.re, 0
+pictopat.com, 1
+pictopat.nl, 1
+pictoplasma.com, 1
+pictoriastudios.com, 1
+pictorista.com, 1
+pictr.nl, 1
+picturedent.org, 1
+picturesalon.com, 1
+picturesitaly.com, 1
+picturesque-games.tk, 1
+picturevictoria.vic.gov.au, 1
+picturingjordan.com, 1
+pidelo-peru.com, 1
+pidginpoetry.com, 1
+pidjipi.com, 1
+pidu.jp, 1
+pie-express.xxx, 1
+pieceofcake.solutions, 1
+piecesofmind.in.rs, 1
+piecestech.com, 1
+piechart.ga, 1
+piedrahita.tk, 1
+piedrasblancas.gov, 1
+piedroshop.nl, 1
+piekacz.co.uk, 1
+piekacz.eu.org, 1
+piekacz.net, 1
+piekacz.tel, 1
+piektraining.com, 1
+piel.ai, 1
+piel.vip, 1
+pieland.eu, 1
+piem.org, 1
+piemonteeconomy.it, 1
+piening.ddns.net, 1
+piensa-escribe.tk, 1
+piepermail.nl, 1
+piepschuimlogo.nl, 1
+pieq.eu, 1
+pieq.eu.org, 1
+pier1url.com, 1
+pier28.com, 1
+pier2pier.org, 1
+piercecountyne.gov, 1
+piercingnagykereskedes.hu, 1
+piercingpiac.hu, 1
+piercraft.com, 1
+pierianservices.com, 1
+pieropuschiavo.it, 1
+pierre-denoblens.net, 1
+pierre-schmitz.com, 1
+pierreau.fr, 1
+pierreborgmann.de, 1
+pierrejeansuau.fr, 1
+pierreloizeau.com, 1
+pierreterrien.fr, 1
+pierrevieville.fr, 1
+pierreyvesdick.fr, 1
+piersmana.com, 1
+pierson.tk, 1
+pierstone.com, 1
+pietbrakman.tk, 1
+pietechsf.com, 0
+pieter-verweij.nl, 1
+pieterbamps.tk, 1
+pieterbos.nl, 1
+pieterdev.net, 1
+pietraglobal.com, 1
+pietron.name, 1
+pietrosoft.tk, 1
+pietrzyk.it, 1
+pieux-expert.com, 1
+piezus.ru, 1
+pif.email, 1
+pif.gov, 1
+pig-breeding.tk, 1
+pig333.com, 1
+pigb.net, 1
+pigdetector.com, 1
+pigeonracinginformation.com, 1
+pigeons-rings.com, 1
+pigfox.com, 1
+piggingcleaning.com, 1
+pigop.com, 1
+pigsforsale.co.za, 1
+pigslv.com, 1
+pigzilla.co, 1
+pihaar.de, 1
+pii-protect.com, 1
+pii.bz, 1
+piifunder.co.uk, 1
+piifunder.uk, 1
+piifunding.com, 1
+piizapp.com, 1
+pijamasbichopreguica.com.br, 1
+pijuice.com, 1
+pijusmagnificus.com, 1
+pikafan.de, 1
+pikafederation.ca, 1
+pikaramagazine.com, 1
+pikboxstore.com, 0
+pikecoga.gov, 1
+pikecountyil.gov, 1
+pikecountyohcommissioners.gov, 1
+pikeitservices.com.au, 1
+pikeky.gov, 1
+pikepa.gov, 1
+piketonohio.gov, 1
+pikimusic.moe, 1
+pikker.ee, 1
+pikkuegypti.tk, 1
+pikminwiki.com, 1
+pikmy.com, 1
+piknichok.ml, 1
+piksli.si, 1
+pilani.ch, 0
+pilar.moe, 1
+pilarguineagil.com, 1
+pilasebastovce.sk, 1
+pilatesavenue.co.uk, 1
+pilatescenteraz.com, 1
+pilatespt.nl, 1
+pilatesstation.co.th, 1
+pilatus-aircraft.com, 1
+pilbaraports.com.au, 1
+pildat.org, 1
+pileawayremovals.com, 1
+pilgermaske.org, 1
+pili-serv.ovh, 1
+piliszek.net, 1
+pillar.fi, 1
+pillar.ninja, 1
+pillar.us, 1
+pillitteriobgyn.com, 1
+pillow.sk, 1
+pillowcast.net, 1
+pillowexpertsers.ga, 1
+pillowexpertsest.ga, 1
+pillowfort.pub, 1
+pilot-colleges.com, 1
+pilot-gps.africa, 1
+pilot-gps.com, 0
+pilot.co, 1
+pilot.com, 1
+pilotbook.org, 1
+pilotcareercenter.com, 1
+pilotgrowth.com, 1
+pilotinterviews.com, 1
+pilotknobmo.gov, 1
+pilotproject.tk, 1
+pilotshop.com, 1
+pilsen.fun, 1
+pilseta24.lv, 1
+pilsook.com, 1
+pilvi.space, 1
+pilvin.pl, 1
+pimastoneaz.com, 1
+pimentinhasexshop.com.br, 1
+pimhaarsma.nl, 1
+pimhaarsmamedia.nl, 1
+pimichi.com, 1
+pimmel.stream, 1
+pimo.id, 1
+pimoid.fr, 1
+pimplelotionest.ga, 1
+pimpmymac.ru, 1
+pimpmypaper.com, 1
+pimpmyperf.fr, 0
+pimpninjas.org, 1
+pimppublishing.com, 1
+pimpstack.com, 1
+pims-hub.org.uk, 1
+pimylifeup.com, 1
+pin.net.au, 1
+pinadeluxe.org, 1
+pinalcourtsaz.gov, 1
+pinale.es, 1
+pinalove.com, 1
+pinamals.com, 1
+pinarecordsmusic.tk, 1
+pinaro.de, 1
+pinarshivmarket.com, 1
+pinatubo.tk, 1
+pinball.tk, 1
+pinballdirect.us, 1
+pinballhouse.us, 1
+pinboxx.com, 1
+pinceau-peinture.com, 1
+pinceaux.org, 1
+pincha.com.tw, 0
+pinched.ga, 1
+pinchoparados.tk, 1
+pinchuk.tk, 1
+pincodeit.com, 1
+pincollector.club, 1
+pincollector.net, 1
+pincong.rocks, 1
+pincsolutions.com, 1
+pindakaas.ga, 1
+pindakaas.tk, 1
+pindanutjes.be, 0
+pindostan.tk, 1
+pinebaylibrary.org, 1
+pinebeachnj.gov, 1
+pinebeecreative.com, 0
+pinebrook.tk, 1
+pinecitymn.gov, 1
+pinecone.io, 0
+pinecountymn.gov, 1
+pinedadegiguela.tk, 1
+pinedahair.com, 1
+pinefinancialgroup.com, 1
+pinegraph.com, 1
+pinegrovetownshipmi.gov, 1
+pinellaslaser.com, 1
+pinellastaxcollector.gov, 1
+pinemountainnursery.com.au, 1
+pinemountbaptistchurch.org, 1
+pineradelolmo.com, 1
+pinerivermi.gov, 1
+pinesol.com, 1
+pinetreeadvisors.us, 1
+pinflux2.com, 1
+ping-books.cf, 1
+pingce.com, 1
+pingnp.me, 0
+pingodoce.pt, 1
+pingpongparkinson.at, 1
+pingpongsourcing.com, 0
+pingrc.net, 1
+pinguinita.tk, 1
+pinguinreal.sk, 1
+pingvinofnet.ml, 1
+pinhadigital.com, 1
+pinheirobittencourt.com.br, 1
+pinigseu.xyz, 1
+pinimg.com, 1
+pininfarina.it, 1
+pink-check.school, 1
+pink-panther.tk, 1
+pink.nl, 1
+pinkapple.com, 1
+pinkband.tk, 1
+pinkbike.com, 1
+pinkbikecycle.com, 1
+pinkcasino.co.uk, 1
+pinkerton.io, 1
+pinkfoxwebdesign.com, 1
+pinkhatbeard.com, 1
+pinkitalia.tk, 1
+pinklecfest.org, 1
+pinklittlenotebook.com, 1
+pinkmango.travel, 0
+pinkoi.com, 1
+pinkoz.xyz, 1
+pinkpearl.tk, 1
+pinkplay.com.br, 1
+pinkpop.nl, 1
+pinkpussy.tv, 1
+pinkpussypics.com, 1
+pinksec.com.au, 1
+pinkster.tk, 1
+pinkvelvet.tk, 1
+pinkylam.me, 1
+pinleather.rs, 0
+pinnacle-tex.com, 1
+pinnacleallergy.net, 1
+pinnaclecare.com, 1
+pinnaclecommunityservices.com.au, 1
+pinnacleholdings.com, 1
+pinnaclelife.co.nz, 0
+pinnaclelife.nz, 1
+pinnacleroofingsolutions.com, 1
+pinnacletrailers.com, 1
+pinnakl.com, 1
+pinnoto.eu.org, 1
+pinnoto.org, 1
+pinoservers.tk, 1
+pinot.it, 1
+pinoydeal.ph, 1
+pinoyreal.com, 1
+pinoyseoservices.com, 1
+pinoysurvey.com, 1
+pinoytambayan.ga, 1
+pinoytambayan.tk, 1
+pinoytimes.tk, 1
+pinpaituiguang.com.cn, 1
+pinpayments.com, 1
+pinpointengineer.co.uk, 1
+pinsami.it, 1
+pinsamiprofessional.com, 1
+pinse.la, 1
+pinsi.pt, 1
+pinsource.kz, 1
+pinspiration.com, 1
+pinta.tk, 1
+pinterest.at, 1
+pinterest.ca, 1
+pinterest.ch, 1
+pinterest.cl, 1
+pinterest.co, 1
+pinterest.co.kr, 1
+pinterest.co.uk, 1
+pinterest.com, 1
+pinterest.com.au, 1
+pinterest.com.mx, 1
+pinterest.com.pe, 1
+pinterest.com.py, 1
+pinterest.com.uy, 1
+pinterest.de, 1
+pinterest.dk, 1
+pinterest.ec, 1
+pinterest.engineering, 1
+pinterest.es, 1
+pinterest.fr, 1
+pinterest.ie, 1
+pinterest.info, 1
+pinterest.it, 1
+pinterest.jp, 1
+pinterest.nl, 1
+pinterest.nz, 1
+pinterest.ph, 1
+pinterest.pt, 1
+pinterest.ru, 1
+pinterest.se, 1
+pinterjann.is, 1
+pinterst.com, 1
+pintiaktivasyon.com, 1
+pintiaux.com, 1
+pintosbeeremovals.co.za, 1
+pintoselectricfencing.co.za, 1
+pintrest.com, 1
+pinupbets.gq, 1
+pinupsex.com, 1
+pinxporn.net, 1
+pinyonpass.com, 1
+pinyonpass.net, 1
+pinyonpass.org, 1
+pioneer-car.eu, 1
+pioneer-rus.ru, 1
+pioneer.eu, 1
+pioneerbible.org, 1
+pionierboat.cf, 1
+pionierboat.ga, 1
+pionierboat.tk, 1
+pionieren.tk, 1
+pionplex.de, 1
+piovan.com, 1
+pipa-shop.nl, 1
+piparitaikina.fi, 1
+pipeclub.tk, 1
+piped.video, 1
+pipelineengineeringsoftware.com, 1
+pipenav.gq, 1
+pipenny.net, 1
+piperswe.me, 1
+pipestonecounty.gov, 1
+pipetehran.ir, 1
+pipetobacco.uk, 1
+pipfrosch.com, 0
+pipglobal.com, 1
+piprivillage.ml, 1
+pipscprd.ca, 1
+piquaoh.gov, 1
+piqueteway.tk, 1
+piraino.fr, 1
+piramalglassusa.com, 1
+piramide.nl, 1
+piranhaattack.tk, 1
+piranja-cola.de, 1
+piranjasoul.de, 1
+pirapiserver.ddns.net, 1
+pirate-proxy.biz, 1
+pirate-proxy.click, 1
+pirate-proxy.club, 1
+pirate-proxy.onl, 1
+pirate-proxy.pro, 1
+pirate-proxy.pw, 1
+pirate-proxy.top, 1
+pirate-punk.net, 1
+pirate.chat, 1
+pirate.gq, 0
+piraten-basel.ch, 1
+piraten-kleinbasel.ch, 1
+piraten-recording.tk, 1
+piratenlogin.de, 0
+pirateparty.org.uk, 1
+piratepay.io, 0
+pirateproxy.how, 1
+pirates-comic.com, 1
+piratesbrewcoffee.net, 1
+piratesforums.co, 1
+piratesofthewadden.tk, 1
+piratez.tk, 1
+pircher.co.uk, 1
+pircher.tk, 1
+pires.ovh, 1
+pirman.es, 1
+pirnaaktuell.de, 1
+pirnhub.xyz, 1
+pirofire.bg, 1
+pirofire.com, 1
+pirogi.ga, 1
+piroleikki.co.jp, 1
+pirscapital.com, 1
+pirxpilot.me, 1
+pisaggni.ch, 1
+pisanpeikot.tk, 1
+pisaparaasescolas.pt, 1
+pisarzowa.tk, 1
+pisatoday.it, 1
+piscapisca.pt, 1
+piscesdwarf.com, 1
+piscestrade.com, 1
+piscine.roma.it, 1
+piscines-unibeo.com, 1
+pisearch.cc, 1
+pisearch.cn, 1
+pisemnet.tk, 1
+pisf.in, 1
+pishgamiran.tk, 1
+pisitsolutions.com, 1
+pisk.loan, 1
+piskenfuerwehr.de, 1
+pisquettes.fr, 1
+pissblau.com, 1
+pissflaps.co.uk, 1
+pista73.com, 1
+pistonkandidatu.tk, 1
+pisupp.ly, 1
+piszmak.pl, 1
+pit-book.com, 1
+pit-stop-sto.tk, 1
+pitaiatrade.com, 1
+pitajrobota.com, 1
+pitakashop.hu, 1
+pitang.com, 1
+pitbooks.ga, 1
+pitbullclub.tk, 1
+pitbullsecuritysolutions.ca, 1
+pitc.nl, 1
+pitch.com, 1
+pitchforkunion.tk, 1
+pitchup.com, 1
+pitchupp.com, 0
+pitctestdomain.gov, 1
+piteadetox.com, 1
+piter-auto-painter.ru, 1
+piter-print.tk, 1
+piter178.tk, 1
+piterfish.ru, 1
+pitfire.io, 1
+pitius.tk, 1
+pitman.tk, 1
+pitomec.tk, 1
+pitot-rs.org, 1
+pitrick.tk, 1
+pitrivertribe.gov, 1
+pitshift.click, 1
+pitshift.com, 1
+pitsstop.nu, 1
+pitsundaorgan.tk, 1
+pittandmoore.co.nz, 1
+pittmancentertn.gov, 1
+pittohio.com, 1
+pittsburghfibroids.com, 1
+pittsburghhiresveterans.org, 1
+pittsburgtx.gov, 1
+pittsvillemd.gov, 1
+pitu.gov, 1
+piu.moe, 1
+piuincontri.com, 1
+piuplayer.com, 1
+piurvolium.tk, 1
+pius.com.br, 1
+piute.gov, 1
+piutesd.gov, 1
+pivbar.tk, 1
+pivio.nl, 1
+pivnica.cf, 1
+pivnica.ga, 1
+pivnica.gq, 1
+pivnica.tk, 1
+pivotaltracker.com, 1
+pivotanimation.org, 1
+pivotanimation.tk, 1
+pivovarcunak.cz, 1
+pivpn.io, 1
+pivx2bitcoin.com, 1
+pivxblockchain.com, 1
+pivxblockchaindownload.com, 1
+piw.pw, 0
+piwko.co, 1
+pix-geeks.com, 1
+pix5.de, 1
+pixalatio.tk, 1
+pixbaton.jp, 1
+pixe2019.org, 1
+pixel-history.tk, 1
+pixel-ninjas.de, 1
+pixel-perfection.com, 1
+pixel-puls.de, 1
+pixel.facebook.com, 0
+pixel.google.com, 1
+pixel4k.com, 1
+pixelats.cat, 1
+pixelbrew.coffee, 1
+pixelcatproductions.net, 1
+pixelchannel.ga, 1
+pixelcomunicacion.com, 1
+pixelcrayons.com, 1
+pixelfiends.tk, 1
+pixelglance.com, 1
+pixelgliders.de, 1
+pixelglue.com.au, 1
+pixelheaven.tk, 1
+pixelhero.co.uk, 0
+pixelion.tk, 1
+pixelmarketing.hu, 0
+pixelmattic.com, 1
+pixelmedianetwork.com, 1
+pixelmonworld.fr, 1
+pixelonl.com, 1
+pixelpaper.org, 1
+pixelpeeper.com, 1
+pixelplex.io, 1
+pixelrain.info, 1
+pixelsbanking.com, 1
+pixelsketch.co.uk, 1
+pixelsquared.us, 1
+pixelstamp.net, 1
+pixelstrade.com, 1
+pixeltranslating.com, 1
+pixelturkey.art, 1
+pixelturkey.com, 1
+pixelumin3d.com, 1
+pixelurbia.com, 1
+pixeluser.de, 1
+pixelution.at, 1
+pixelw.design, 1
+pixelwijk.de, 1
+pixelz.cc, 1
+pixend.de, 1
+pixeon.com, 1
+pixiin.com, 1
+pixinfo.com, 1
+pixiv.cat, 1
+pixiv.moe, 1
+pixiv.re, 1
+pixlfox.com, 1
+pixloc.fr, 1
+pixnel.com.br, 1
+pixodo.tk, 1
+pixojo.tk, 1
+pixouno.com, 1
+pixshop.fr, 1
+pixstash.net, 1
+pixsystem.com, 1
+pixxxels.cc, 1
+pixyship.com, 1
+pizala.de, 1
+pizdelka.tk, 1
+pizza-24.tk, 1
+pizza-aachen.de, 1
+pizza-calzone.com, 1
+pizza-curator.com, 1
+pizza-house.tk, 1
+pizza2020andcatering.com, 1
+pizzabesteld.nl, 1
+pizzachefs.co.za, 1
+pizzacontenta.tk, 1
+pizzacosi.nl, 1
+pizzafest.ddns.net, 1
+pizzagaming.tk, 1
+pizzagigant.hu, 1
+pizzahut.co.in, 1
+pizzahut.co.nz, 1
+pizzahut.com.tw, 1
+pizzamc.eu, 1
+pizzaplus.tk, 1
+pizzariapartiupizza.com.br, 1
+pizzariaroma.cf, 1
+pizzarts.fr, 1
+pizzaslut.xyz, 1
+pizzeriaamadeus.hr, 1
+pizzeriasmallorca.com, 1
+pizzeriaveneziana.it, 1
+pj11018.com, 1
+pj21j.com, 0
+pj21m.com, 0
+pj4488.cc, 1
+pjax.xyz, 1
+pjc.is, 1
+pjentertainments.co.uk, 1
+pjleisure.co.uk, 1
+pjo.no, 1
+pjotor.tk, 1
+pjp.com.mt, 0
+pjshop.cf, 1
+pjsk.cc, 1
+pjsk.eu.org, 1
+pjuu.com, 0
+pjv.co.id, 1
+pk-master.tk, 1
+pk-soft.tk, 1
+pk.search.yahoo.com, 0
+pk7777.com, 1
+pk8k.com, 1
+pkautodesign.com, 0
+pkb.shop, 1
+pkbjateng.com, 1
+pkeus.de, 1
+pkg.one, 1
+pkgbuild.com, 1
+pkgt.de, 0
+pki.com.ru, 1
+pkirwan.com, 1
+pkjtim.com, 1
+pko.ch, 0
+pkov.cz, 1
+pkq5.com, 1
+pkrank.com, 1
+pkservice.tk, 1
+pkspskov.tk, 1
+pkvgames.expert, 1
+pkvgamesqq.asia, 1
+pkwebsolutions.cf, 1
+pl-cours.ch, 0
+pl-trans.tk, 1
+pl.search.yahoo.com, 0
+pl2.es, 1
+placasonline.com.br, 1
+placeandsee.com, 1
+placedaffiliate.com, 1
+placedapps.com, 1
+placedsupport.com, 1
+placeforgames.tk, 1
+placehold.co, 1
+placeitsf.com, 1
+placements.io, 1
+placementspot.ca, 1
+placenet.fr, 1
+placeofindia.com, 1
+placepugs.com, 1
+placeralplato.com, 1
+placercountyelections.gov, 1
+placidoandriolo.tk, 1
+placker.com, 1
+plagiarismcheck.org, 1
+plagu.ee, 1
+plagued.tk, 1
+plaid.com, 1
+plainfieldil.gov, 1
+plainfieldpolicenj.gov, 1
+plainfieldvt.gov, 1
+plaingreenloans.com, 1
+plainjs.com, 1
+plainlanguage.gov, 1
+plainoltrailers.com, 1
+plainsgeorgia.gov, 1
+plainsoftware.org, 1
+plaintech.net.au, 1
+plaintext.pizza, 1
+plaintextpledge.com, 1
+plaintextpledge.email, 1
+plaintextpledge.eu, 1
+plaintextpledge.net, 1
+plaintextpledge.org, 1
+plaintownshipstarkoh.gov, 1
+plaintray.com, 1
+plaisirdumouvement.com, 1
+plaisiretsens.com, 1
+plaisirs-coquins.com, 1
+plakakodlari.com, 1
+plakbak.nl, 1
+plaloo.gq, 1
+plaloo.tk, 1
+plan-immobilier.fr, 1
+plan-it-events.de, 1
+planafy.com, 1
+planbase.com, 1
+planchasvertical.es, 1
+plancke.io, 1
+plandecorones.net, 1
+plandegralba.net, 1
+plandomemanorny.gov, 1
+plandy.me, 1
+planecon.nz, 1
+planeexplanation.com, 1
+planen-bauen.eu, 1
+planer.me, 1
+planet-laas.de, 1
+planet-work.com, 1
+planet.ink, 1
+planet.live, 1
+planeta-deti.org, 1
+planeta-remontika.ga, 1
+planetadeti.org, 1
+planetadjs.com, 1
+planetairsports.com, 1
+planetalife.com, 1
+planetamarrom.tk, 1
+planetamend.com, 1
+planetamestizo.tk, 1
+planetamotoshonda.com.br, 1
+planetamusik.tk, 1
+planetandroid.ga, 1
+planetanim.fr, 1
+planetapolska.com, 1
+planetaprogramas.tk, 1
+planetarapluso.tk, 1
+planetarian.moe, 1
+planetasilius.tk, 1
+planetasuboficial.com.br, 1
+planetau2.com, 1
+planetboredom.net, 1
+planetbreath.ch, 0
+planetcbd.net, 1
+planetchiropracticga.com, 1
+planete-lira.fr, 1
+planete-secu.com, 1
+planeteroliste.com, 1
+planeteroliste.fr, 1
+planetfertilityest.ga, 1
+planetgolf.de, 1
+planetgrehen.tk, 1
+planethowl.com, 1
+planeticke.com, 1
+planetickettravel.com, 1
+planetknauer.net, 1
+planetmath.org, 1
+planetmetroidprime.tk, 1
+planetmobile.tk, 1
+planetmugen.tk, 1
+planetonline.tk, 1
+planetpayment.com, 1
+planetpowershell.com, 1
+planetradio.tk, 1
+planetromeo.com, 1
+planetromeofoundation.org, 1
+planetscale.com, 1
+planetstimes.com, 1
+planettimer.com, 1
+planetun.mobi, 1
+planetweb.tk, 1
+planful.com, 0
+planify.io, 0
+planisanin.tk, 1
+planiserin.tk, 1
+planisware.academy, 1
+planisware.cn, 1
+planisware.io, 1
+planisware.live, 1
+planiswareusa.com, 1
+planisys.net, 1
+planitz.com, 1
+planitz.net, 1
+planitz.org, 1
+planium.io, 1
+planled.ga, 1
+planlos.net, 0
+planmember.com, 1
+planmemberpartners.com, 1
+planned-cities.com, 1
+plannedgrocery.com, 1
+plannedlink.com, 1
+planning.center, 1
+planning.ga, 1
+planning.nl, 1
+planningcenter.com, 1
+planningsagenda.nl, 1
+plano.gq, 1
+planodesaude.net.br, 1
+planresto.com, 1
+planriean.com, 1
+planrow.com, 1
+plansaude.med.br, 1
+planshetnik.tk, 1
+plant-gift.jp, 1
+plantarportugal.org, 1
+plantarum.com.br, 1
+plantastique.ch, 0
+planteforum.no, 1
+plantenvinder.nl, 1
+plantepakken.dk, 1
+plantes.ch, 1
+plantezcheznous.com, 1
+planther.nl, 1
+plantidentification.co, 0
+plantinum-cbd.com, 1
+plantmojomagic.com, 1
+plantprosperous.com, 1
+plantroon.com, 1
+plantrustler.com, 1
+plantsupplement.co.uk, 1
+planujemywesele.pl, 1
+planungsdetail.de, 1
+planview.com, 1
+plaque-funeraire.fr, 1
+plaque-immatriculation-auto.com, 1
+plaqueimmat.fr, 1
+plaredo.tk, 1
+plaros.ml, 1
+plasapulsa.tk, 1
+plasesolev.tk, 1
+plasfab.com.au, 1
+plaskiewicz.pl, 1
+plasma.nl.eu.org, 1
+plasmainc.xyz, 1
+plasmatrap.com, 0
+plasofficial.it, 1
+plassmann.ws, 1
+plast.bg, 1
+plast.design, 1
+plastdesign.com.ua, 1
+plastex.tk, 1
+plastic2print.com, 1
+plasticdoctor.co.uk, 1
+plasticdonut.tk, 1
+plasticflash.com, 1
+plasticobiodegradable.com, 1
+plasticosbiobasados.com, 1
+plasticpassion.tk, 1
+plasticscm.com, 1
+plasticstare.com, 1
+plasticsurgeon.ga, 1
+plasticsurgerynola.com, 1
+plasticsurgerypartyers.ga, 1
+plasticsurgerypartyest.ga, 1
+plasticwindows.tk, 1
+plastiform.nl, 1
+plastischechirurgie-linz.at, 1
+plastokna.tk, 1
+plastovelehatko.cz, 1
+plataformaslms.com, 1
+platanakia.tk, 1
+plate.de, 1
+plateforme-exposant.com, 1
+plateformecapitalisation.org, 1
+plateriaaida.tk, 1
+platform-med.org, 1
+platform2020prague.com, 1
+platforma2020praha.cz, 1
+platformadmin.com, 1
+platformio-cn.com, 1
+plathome.co.jp, 1
+platiniumvapes.com, 1
+platinnetz.de, 1
+platinum1.ru, 1
+platinumalertsers.ga, 1
+platinumalertsest.ga, 1
+platinumcalendarest.ga, 1
+platinumcat.info, 1
+platinumgatesecurity.co.uk, 1
+platinumjubilee.gov.au, 1
+platinumkids.com.br, 1
+platinumpoolsaz.com, 1
+platinumsystems.biz, 1
+platinumtalkers.ga, 1
+platinumtalkest.ga, 1
+platnik.net, 1
+platodecomida.com, 1
+platschi.net, 1
+plattecountymovotes.gov, 1
+platten-nach-mass.de, 1
+plattenair.tk, 1
+platter.cf, 1
+platter.ga, 1
+platter.gq, 1
+platter.tk, 1
+platterlauncher.com, 1
+plattmakers.de, 0
+platueguide.tk, 1
+platypiduses.com, 1
+plaul.de, 1
+plausibility.cloud, 1
+plaut.sk, 1
+plavdoma.com.ua, 1
+plavormind.tk, 1
+play, 1
+play-asia.com, 1
+play-best-games.com, 1
+play-casino-japan.com, 1
+play-charades.com, 1
+play-lu.com, 1
+play-mate.tk, 1
+play-telochki.tk, 1
+play.cash, 1
+play.google.com, 1
+play3niu1.com, 1
+play3niu11.com, 1
+play3niu18.com, 1
+play3niu22.com, 1
+play3niu33.com, 1
+play3niu55.com, 1
+play3niu58.com, 1
+play3niu66.com, 1
+play3niu68.com, 1
+play3niu8.com, 1
+play3niu88.com, 1
+play595.com, 1
+playabalares.ga, 1
+playandwin.co.uk, 1
+playanka.com, 1
+playapex.cn, 1
+playapex.com.cn, 1
+playapexcn.com, 1
+playasdegalicia.tk, 1
+playavalon.net, 1
+playball.tk, 1
+playcasinos.ca, 1
+playcollect.net, 1
+playdaysparties.co.uk, 1
+playdlawosp.pl, 1
+playdrop.ml, 1
+playelephant.com, 1
+player701.net, 1
+player701.ru, 1
+playerdb.co, 1
+playerslounge.co, 0
+playerup.com, 1
+playface.ml, 1
+playform.cloud, 1
+playfrank.com, 1
+playgame.tk, 1
+playgamenow.tk, 1
+playgameoflife.com, 1
+playgroundhaarlem.nl, 1
+playhappywheelsunblocked.com, 1
+playinfinity.com, 1
+playinfinityvr.com, 1
+playit.rs, 1
+playkids.com, 1
+playlistresearch.com, 1
+playmat.com, 1
+playmei.com, 0
+playnow.com, 1
+playnuganug.com, 1
+playocean.net, 1
+playorigin.com, 1
+playphoenix.net, 1
+playpirates.com, 1
+playpower.tk, 1
+playreal.cc, 1
+playreal.city, 1
+playreal.com.tw, 1
+playsnake.org, 1
+playsoftware.tk, 1
+playsprout.industries, 1
+playstation-network.ga, 1
+playstation-news.de, 1
+playstationplus.es, 1
+playstationtrophies.org, 1
+playtheme.ru, 1
+playtictactoe.org, 1
+playtoearn.net, 1
+playtop.tk, 1
+playtopia.com, 1
+playtopia.fr, 1
+playtopia.nl, 1
+playtopia.no, 1
+playtzolk.in, 1
+playupnow.com, 1
+playviolinmusic.com, 1
+playwhyyza.com, 1
+playwright.co, 1
+playxylo.com, 1
+playzone.tk, 1
+plaza.ph, 1
+plazamarinavallarta.com, 1
+plazaproductionone.com, 1
+plazasummerlin.com, 1
+plcclosets.com, 1
+plcgurus.net, 1
+plchardware.com, 1
+pldx.org, 1
+pleasantonca.gov, 1
+pleasantonmobilenotary.com, 1
+pleasantvalleywi.gov, 1
+pleasantviewmi.gov, 1
+pleasantvillepd.org, 1
+please-uwu.me, 1
+pleaseuseansnisupportedbrowser.ml, 1
+pleasure-science.com, 1
+pleasured.tk, 1
+pleasureplanetbrothel.com.au, 1
+pleb.cc, 1
+plebeian.com.tw, 1
+pleeease.io, 1
+pleer.ru, 1
+plegro.com, 1
+pleiadiantalk.tk, 1
+pleiar.no, 1
+pleier.no, 1
+pleijsier.tk, 1
+pleindedemsvaart.tk, 1
+pleine-conscience.ch, 0
+plejdbelysning.se, 1
+plenigo.com, 1
+plenkanaotrez.ml, 1
+plentybetter.com, 1
+plentybetter.org, 1
+pleo.io, 1
+pleskssd1.nl, 1
+plesse.pl, 1
+pletenkin-nn.ru, 1
+plex-server.cz, 1
+plex.tv, 1
+plexa.de, 1
+plexbpvr.ddns.net, 1
+plexhome13.ddns.net, 1
+plexidirect.nl, 1
+plexiglasssheetscuttosize.com, 1
+plexion.cf, 1
+plexion.ga, 1
+plexion.gq, 1
+plexmark.net, 1
+plexmark.tk, 1
+plexnet.cz, 1
+plexopedia.com, 1
+plexpy13.ddns.net, 1
+plextv.de, 1
+plexusmd.com, 0
+plexusworldwide.com, 1
+plgr.cc, 1
+plgr.tech, 1
+plicca.com, 0
+plichso.de, 1
+plicker.net, 1
+plikersi.tk, 1
+plikiai.tk, 1
+plintusof.by, 1
+pliosoft.com, 1
+pliroforikikoufopoulou.gr, 1
+plissee-experte.de, 1
+plitu.de, 1
+plixer.com, 1
+plixer.net, 1
+plkeenecc.com, 1
+pllivres.cf, 1
+plob.org, 1
+plodwithme.com, 1
+ploi.io, 1
+plokko.com, 1
+plomberie-rivesud.ca, 1
+plomin.tk, 1
+plongee-phuket.fr, 1
+ploof-cleaning.gr, 1
+plooij.it, 1
+ploptec.tk, 1
+plotbubble.com, 1
+plothost.com, 1
+plotly.com, 1
+plov.loan, 1
+plowerolin.tk, 1
+ploxel.co.uk, 1
+ploxel.com, 1
+plr4wp.com, 1
+plrarena.com, 1
+plu.st, 1
+plugcubed.net, 0
+plugin-planet.com, 1
+pluginhayati.tk, 1
+pluginrealty.net, 1
+pluginthemehub.com, 1
+plugshare.com, 1
+pluimveeplanner.nl, 1
+plum.fr, 1
+plumair-ve.com, 1
+plumb.build, 1
+plumber-in-boksburg.co.za, 1
+plumber-in-sandton.co.za, 1
+plumber-kempton.click, 1
+plumber-midrand.click, 1
+plumber-randburg.click, 1
+plumberdurbannorth.co.za, 1
+plumberkingsburgh.co.za, 1
+plumberlewisvilletexas.com, 1
+plumberoftucson.com, 1
+plumberqueensburgh.co.za, 1
+plumberumhlangarocks.co.za, 1
+plumbingbear.com, 1
+plumbingfourways.co.za, 1
+plumbingkingsllc.com, 0
+plumbingmidrand.co.za, 1
+plumbingshop.tk, 1
+plumbware.co.uk, 1
+plumefox.com, 1
+plumlakewi.gov, 1
+plumlocosoft.com, 1
+plumnet.ch, 0
+plumperthumbs.com, 1
+plumpie.net, 0
+plumplat.com, 1
+plumsail.com, 1
+plumz.me, 1
+plur.com.au, 1
+plural.cafe, 1
+pluralistic.net, 1
+pluralpedia.org, 1
+pluricosmetica.com, 1
+plurilock.com, 1
+pluriumint.com, 1
+plus-project.co.uk, 1
+plus.google.com, 1
+plus.sandbox.google.com, 1
+plus.st, 1
+plus15.ml, 1
+plus15.tk, 1
+plus1s.site, 1
+plusbeauty.tw, 1
+plusbot.tk, 1
+plusfitness.com.au, 1
+plushev.tk, 1
+pluslink.co.jp, 1
+plusnet.de, 0
+plusport-api.com, 1
+plusport.com, 1
+plusreed.com, 1
+plustech.co.id, 1
+plustwik.com, 1
+pluta.net, 1
+plutiedev.com, 1
+pluto5000.com, 1
+plutopia.ch, 1
+pluvo.site, 1
+pluxml.org, 1
+plyind.com, 1
+plymouthboroughpa.gov, 1
+plymouthbus.co.uk, 1
+plymouthcountyiowa.gov, 1
+plymouthct.gov, 1
+plymouthnh.gov, 1
+plymouthrockwi.gov, 1
+plymouthtownshippa.gov, 1
+plymouthwi.gov, 1
+plz.report, 1
+plzdontpwn.me, 1
+plzen-sadrokarton.cz, 1
+plzen.fun, 1
+plzh4x.me, 1
+plztoy.com, 1
+pm-22711.space, 1
+pm-game-777.com, 1
+pm-onboarding-external-dev.azurewebsites.net, 1
+pm-partners-management-dev.azurewebsites.net, 1
+pm-schilderwerk.nl, 1
+pm-site.xyz, 1
+pm-tm.info, 1
+pm.gov.au, 1
+pm.link, 1
+pm.ua, 1
+pm.uz, 1
+pm13.cz, 1
+pm13.org, 1
+pm25.im, 1
+pma-iss.com, 1
+pma-tools.de, 1
+pmail.tw, 1
+pmalaty.com, 1
+pmarbeid.nl, 1
+pmarques.info, 1
+pmbc.org, 1
+pmbet.vip, 1
+pmbrachyeducation.ca, 1
+pmc-maisons-bois.fr, 1
+pmc.gov.au, 1
+pmcancercampus.ca, 1
+pmcancerclasses.ca, 1
+pmcancerrehab.ca, 1
+pmcaregiver.ca, 1
+pmcc.net, 1
+pmccrystal.com, 1
+pmconsulting.es, 1
+pmcorganometallix.com, 1
+pmcorp.com, 1
+pmcorp.mx, 1
+pmcouvrie.com, 1
+pmctcg.com, 1
+pmctire.com, 0
+pmcvinyladditives.com, 1
+pmdealerest.ga, 1
+pmdistributors.com.au, 1
+pmessage.ch, 1
+pmf.gov, 1
+pmg-offshore-company.com, 1
+pmg.ua, 1
+pmglobal.ro, 1
+pmh.codes, 1
+pmi-install.com, 1
+pmi.edu, 1
+pmi.gov, 1
+pmiandulive.com, 1
+pmibags.com, 1
+pmicorp.in, 1
+pmk.ddns.net, 0
+pml4t.net, 1
+pmnaish.co.uk, 1
+pmnd.rs, 1
+pmoe-software.com, 1
+pmoreau.org, 1
+pmoscr.com, 1
+pmota.org, 1
+pmp-art.com, 1
+pmp6.fr, 1
+pmpm.tk, 1
+pms.myiphost.com, 1
+pmscomputers.com, 1
+pmsf.eu, 1
+pmsfdev.com, 1
+pmsfoundation.ml, 1
+pmsoft.nl, 0
+pmt-documenten.nl, 1
+pmvmaconnerie.fr, 1
+pn.com.au, 1
+pn.id.lv, 1
+pnakosoft.com, 1
+pnakosoft.com.au, 1
+pncfx.com, 1
+pneu01.fr, 1
+pneu74.fr, 1
+pneuhaus-lemp.ch, 1
+pneumania.fr, 1
+pnfiles.tk, 1
+png.am, 1
+pnggrid.com, 1
+pnimmobilier.ch, 0
+pnlarticles.com, 1
+pnnl.gov, 1
+pnoec.org.do, 1
+pnr.aero, 1
+pnr.sh, 1
+pnsc.is, 1
+pnut.io, 0
+pnvufs.com, 1
+pnwchirocoverage.com, 1
+po-italy.ru, 1
+po-krasivi.bg, 1
+po-sha-go-vo.ru, 1
+po.cash, 1
+po.ne, 1
+po.net, 1
+poac.net, 1
+pobalkonu.ru, 1
+pobierz.pl, 1
+poc060.com, 1
+poc080.com, 1
+poc090.com, 1
+poc100.com, 1
+poc109.com, 1
+poc11.com, 1
+poc116.com, 1
+poc118.com, 1
+poc119.com, 1
+poc120.com, 1
+poc128.com, 1
+poc13.com, 1
+poc15.com, 1
+poc16.com, 1
+poc17.com, 1
+poc18.com, 1
+poc19.com, 1
+poc21.com, 1
+poc211.com, 1
+poc226.com, 1
+poc228.com, 1
+poc23.com, 1
+poc25.com, 1
+poc26.com, 1
+poc261.com, 1
+poc262.com, 1
+poc27.com, 1
+poc290.com, 1
+poc298.com, 1
+poc31.com, 1
+poc32.com, 1
+poc33.com, 1
+poc35.com, 1
+poc36.com, 1
+poc37.com, 1
+poc38.com, 1
+poc51.com, 1
+poc518.com, 1
+poc52.com, 1
+poc53.com, 1
+poc55.com, 1
+poc56.com, 1
+poc568.com, 1
+poc57.com, 1
+poc58.com, 1
+poc586.com, 1
+poc588.com, 1
+poc59.com, 1
+poc601.com, 1
+poc618.com, 1
+poc63.com, 1
+poc65.com, 1
+poc66.com, 1
+poc661.com, 1
+poc663.com, 1
+poc665.com, 1
+poc668.com, 1
+poc669.com, 1
+poc67.com, 1
+poc68.com, 1
+poc69.com, 1
+poc699.com, 1
+poc71.com, 1
+poc718.com, 1
+poc72.com, 1
+poc75.com, 1
+poc768.com, 1
+poc77.com, 1
+poc771.com, 1
+poc772.com, 1
+poc773.com, 1
+poc779.com, 1
+poc78.com, 1
+poc79.com, 1
+poc8.com, 1
+poc816.com, 1
+poc86.com, 1
+poc866.com, 1
+poc88.vip, 1
+poc8811.com, 1
+poc882.com, 1
+poc8822.com, 1
+poc883.com, 1
+poc8833.com, 1
+poc885.com, 1
+poc8855.com, 1
+poc886.com, 1
+poc8866.com, 1
+poc887.com, 1
+poc8877.com, 1
+poc888.com, 1
+poc889.com, 1
+poc8899.com, 1
+poc89.com, 1
+poc899.com, 1
+poc916.com, 1
+poc918.com, 1
+poc98.com, 1
+poc99.com, 1
+poc992.com, 1
+poc993.com, 1
+poc995.com, 1
+poc996.com, 1
+poc997.com, 1
+poc998.com, 1
+pocahontascountyiowa.gov, 1
+pocahontascountywv.com, 1
+pocakking.tk, 1
+pocatello.gov, 1
+pocatellonissanparts.com, 1
+pochemuchka-books.com, 1
+pochikikaku.com, 1
+pochkiguru.ru, 1
+pochoden-praha.cz, 1
+pocitacezababku.cz, 1
+pock-programming.net, 1
+pocket-lint.com, 1
+pocketbookdot.tk, 1
+pocketcraft.io, 1
+pocketdeer.cc, 1
+pocketfruity.com, 1
+pocketgamingdirectory.com, 1
+pocketmags.com, 1
+pocketpasta.com, 1
+pockettraveling.tk, 1
+poco.se, 1
+pococo.tk, 1
+pocze.ch, 1
+pod-emnik.by, 1
+pod.lv, 1
+podari-radost.tk, 1
+podari.tk, 1
+podarki-deda-moroza.tk, 1
+podarkiboss.tk, 1
+podarky.gq, 1
+podarochek.tk, 1
+podarochkki.tk, 1
+podatrans.com, 1
+podawful.com, 1
+podawful.pizza, 1
+podcast.style, 1
+podcaster.org.il, 1
+podcastpulse.net, 1
+podcreative.ca, 1
+podcrto.si, 1
+podcrypters.ga, 1
+podcryptest.ga, 1
+podd.xyz, 1
+podemos.info, 1
+podia.com.gr, 0
+podia.gq, 1
+podipod.com, 1
+podis.ro, 1
+podivilov.com, 1
+podivilov.cz, 1
+podivilov.net, 1
+podivilov.ru, 1
+podnikatel.cz, 1
+podologie-diever.nl, 1
+podologie-tangstedt.de, 1
+podologyclinic.gr, 1
+podolskaya.tk, 1
+podparkers.ga, 1
+podparkest.ga, 1
+podprotectionest.ga, 1
+podqueue.fm, 1
+podroof.com, 0
+podroof.com.au, 0
+podrozwmilczeniu.pl, 1
+podshrink.de, 1
+podvenec.tk, 1
+podycust.co.uk, 1
+poed.com.au, 1
+poed.net.au, 1
+poeditor.com, 1
+poehlerflorian.de, 1
+poeleapellets.org, 1
+poemasonline.tk, 1
+poemerx.com, 1
+poemerx.net, 1
+poemindia.cf, 1
+poemlife.com, 1
+poems-bodywear.store, 1
+poemwall.cf, 1
+poemwall.ml, 1
+poemwallers.ga, 1
+poemwallest.ga, 1
+poenhub.xyz, 1
+poetasmenores.tk, 1
+poetenblog.tk, 1
+poeticplanetimagery.com, 1
+poetics.tk, 1
+poetka.tk, 1
+poetry.ge, 1
+poetryinmusic.tk, 1
+poetsgate.com, 1
+poetsjeboot.nl, 1
+poezja.art, 1
+poezja.com.pl, 1
+poezjagala.pl, 1
+pogera.com, 0
+pogljad-brest.tk, 1
+pogodavolgograd.tk, 1
+pogodok.tk, 1
+pogomate.com, 1
+pogotowie-komputerowe.tk, 1
+pogotowiekomputeroweolsztyn.pl, 1
+pogrebeniq-sofia.com, 1
+pogrebisky.net, 1
+pohlmann.io, 1
+pohoron.ru, 1
+poimel.ga, 1
+poimenidou.eu, 1
+poimenidou.gr, 1
+poimenidou.info, 1
+poin.tk, 1
+poinsot.info, 1
+point.pink, 1
+pointaction.com, 1
+pointagri.com, 1
+pointbarre.tk, 1
+pointcab.vn, 1
+pointclickcare.com, 1
+pointel.it, 1
+pointermate.com, 1
+pointforwardinc.net, 1
+pointfoundation.org, 1
+pointhost.de, 1
+pointiswunderland.de, 1
+pointmaquininha.com, 0
+pointpalace.tk, 1
+pointpleasantbeachnj.gov, 1
+pointpur.ch, 1
+points-pote.com, 1
+points4unitedway.com, 1
+pointtosource.com, 1
+pointum.com, 1
+pointworksacademy.com, 1
+pointzip.cf, 1
+pointzip.ml, 1
+pointzipers.ga, 1
+pointzipest.ga, 1
+poiru.net, 1
+poisk-books.ml, 1
+poiskdru.ga, 1
+poiskkladov.tk, 1
+poiskkristinity.ml, 1
+poiskrus.ml, 1
+poisoncolombia.tk, 1
+poisonget-rid-ofac.tk, 1
+poitiers-ttacc-86.eu.org, 1
+pojer.me, 1
+pojoksosmed.com, 1
+pokagontownshipmi.gov, 1
+pokalsocial.de, 1
+poke.blue, 1
+pokecazilla.com, 1
+pokedex.dedyn.io, 1
+pokedex.mobi, 1
+pokedexer.com, 1
+pokeelektronik.com, 1
+pokeelektronik.com.tr, 1
+pokefarm.com, 1
+pokeforest.io, 1
+pokeinthe.io, 1
+pokelens.tk, 1
+pokeli.de, 1
+pokemmo.com, 1
+pokemmo.eu, 1
+pokemonargentina.tk, 1
+pokemondb.net, 1
+pokemonforums.tk, 1
+pokemongoclub.tk, 1
+pokemonguide.tk, 1
+pokemonlab.com, 1
+pokemonsimulator.com, 1
+pokemonsvet.cz, 1
+pokemontabletopadventures.com, 1
+pokemori.jp, 1
+pokepon.center, 1
+poker4all.tk, 1
+pokerace.cf, 1
+pokerace.tk, 1
+pokeraddressers.ga, 1
+pokeraddressest.ga, 1
+pokeram.ml, 1
+pokerblog.tk, 1
+pokeridioters.ga, 1
+pokeridiotest.ga, 1
+pokerigrach.com, 1
+pokernyheder.io, 1
+pokerreligioners.ga, 1
+pokerreligionest.ga, 1
+pokerslab.com, 1
+pokerstarslearn.com, 1
+pokerventure.ga, 1
+pokerventureers.ga, 1
+pokerventureest.ga, 1
+pokerzone.com, 1
+poki.at, 1
+poki.be, 1
+poki.bg, 1
+poki.by, 1
+poki.ch, 1
+poki.cn, 1
+poki.co.id, 1
+poki.co.il, 1
+poki.com, 1
+poki.com.br, 1
+poki.cz, 1
+poki.de, 1
+poki.dk, 1
+poki.fi, 1
+poki.gr, 1
+poki.it, 1
+poki.jp, 1
+poki.nl, 1
+poki.no, 1
+poki.pl, 1
+poki.pt, 1
+poki.ro, 1
+poki.se, 1
+pokkareindeermeat.com, 1
+pokkt.com, 1
+pokl.cz, 1
+pokoiki.pl, 1
+pokon548.ink, 1
+pokpok.tk, 1
+pokrowcecardo.pl, 1
+pokupar.com, 1
+pokupkionline.tk, 1
+pokysoia.gov, 1
+pol-members.com, 1
+polaire.org, 1
+polak-import.tk, 1
+polan.tk, 1
+poland.tf, 1
+polanda.com, 1
+polandb2b.directory, 1
+polandtownship.gov, 1
+polar-baer.com, 1
+polarbear.army, 1
+polarhome.tk, 1
+polarisapp.xyz, 1
+polarisengineering.com, 1
+polarispool.com, 0
+polaroidmag.com, 1
+polaschin.ch, 1
+polatas.com.tr, 1
+polatsemih.com, 1
+polbox.fr, 1
+poldrack.me, 1
+pole.net.nz, 1
+poleasingowy.net, 1
+polebarn.com, 1
+polemik.tk, 1
+polenautohuur.nl, 1
+polerka.tk, 1
+polestar.com.tw, 1
+poletaem.tk, 1
+poleznie-soveti.info, 1
+polezno-v-internete.ml, 1
+police-schools.com, 1
+police4tn.gov, 1
+policeauctionsusa.com, 1
+policemanapp.com, 1
+policereferencecheck.com, 1
+policeroleplay.community, 1
+policesromandesrecrutement.ch, 1
+policia.gob.ec, 1
+policyadvice.net, 1
+policybanks.com, 1
+policyhub.gov.au, 1
+policymakr.com, 1
+policymine.com, 1
+policyreporter.us, 1
+policytrusters.ga, 1
+policytrustest.ga, 1
+poliermachines.be, 1
+polifisio.com.br, 1
+poliground.com, 1
+polimer39.ml, 1
+polina-gagarina.gq, 1
+polioptics.com, 1
+polis.or.at, 1
+polis.to, 0
+polis812.ru, 1
+polisafety.gr, 1
+polisanaraka.pl, 1
+polisanarciarska.pl, 1
+polish-dictionary.com, 1
+polish-flag.com, 1
+polish-translations.com, 1
+polish-translator.com, 1
+polish-translator.net, 1
+polish-translators.net, 1
+polish.directory, 1
+polishdating.cf, 1
+polishfabrics.com, 1
+polishforums.com, 1
+polishhockey.tk, 1
+polishmarriage.org, 1
+polishmodels.net, 1
+polishtranslation.com, 1
+polisipati.tk, 1
+polismar.pt, 1
+polisport.tk, 1
+polisynazycie.com.pl, 1
+polit-it.pro, 1
+polit.im, 1
+politagree.com, 1
+politeiaudesa.org, 0
+politeka.net, 1
+politex.tk, 1
+politic.org.ua, 1
+political-science-schools.com, 1
+politicalasylum.tk, 1
+politicalscore101.com, 1
+politicaprivacidade.com, 1
+politiciancompare.com, 1
+politicnation.com, 1
+politicsandnews.cf, 1
+politicsandnews.ga, 1
+politicsandnews.ml, 1
+politicsandnews.tk, 1
+politicsnews.ga, 1
+politicsnews.ml, 1
+politicsnews.tk, 1
+politicsnigeria.com, 1
+politiegent.be, 1
+politik-bei-uns.de, 1
+politik-kommunikation.de, 1
+politisor.com, 1
+politnews5.tk, 1
+politsei.ee, 0
+politvesti.tk, 1
+polizeiwallis.ch, 0
+polkcountyne.gov, 1
+polkcountywi.gov, 1
+polkelections.gov, 1
+polkhealthforanewyou.net, 0
+polki.com, 1
+polknc.gov, 1
+polkswcdiowa.gov, 1
+pollen.co, 1
+pollendine.co.uk, 1
+pollet-ghijs.be, 1
+pollet-ghys.be, 1
+polletmera.com, 0
+pollev-embeds.com, 1
+pollev.com, 1
+polleverywhere.com, 1
+polliga.tk, 1
+pollingplace.uk, 1
+pollnowhere.com, 1
+pollock.gallery, 1
+pollock.tk, 1
+pollpodium.nl, 1
+polly.spdns.org, 1
+pollypaps.ru, 1
+pollyundpaule.de, 1
+polnischestoffe.eu, 1
+polog.tk, 1
+poloil.gov, 1
+polomack.eu, 1
+poloniainfo.com, 1
+polonialidzbark.tk, 1
+polorize.com, 1
+polourize.com, 1
+polski-dentysta-birmingham.uk, 1
+polskiadwokat.org, 1
+polskiemalzenstwo.org, 1
+polskienewsy.tk, 1
+polsonlawfirm.com, 1
+polspam.pl, 1
+poltavawave.com.ua, 1
+poltax.com.pl, 1
+poltsamaa.edu.ee, 1
+poltsamaalasteaed.edu.ee, 1
+poly-daitron.jp, 1
+poly-fast.com, 0
+poly.se, 1
+polycoise.com, 1
+polycraftual.co.uk, 1
+polyfill.io, 1
+polygamer.net, 0
+polyglot.com.gr, 1
+polygondemos.com, 1
+polygonthemes.com, 1
+polygraphi.ae, 1
+polymake.org, 1
+polymathian.com, 1
+polymax.co.uk, 1
+polymics.com, 1
+polymtl.ca, 0
+polyna.eu, 1
+polynesia.tech, 1
+polynomapp.com, 1
+polypane.rocks, 1
+polyr.xyz, 1
+polyring.ch, 1
+polytarian.com, 1
+polytechecosystem.vc, 1
+polytekniskforening.dk, 1
+polyvalents.fr, 1
+polzaune.de, 1
+pomadgw.xyz, 1
+pomba.pl, 1
+pombalhome.duckdns.org, 1
+pombas.net, 1
+pomdoc.com, 1
+pomelo-paradigm.com, 1
+pomerol-au-coeur.com, 1
+pomfeed.fr, 1
+pomilo.fr, 0
+pommetelecom.fr, 1
+pomockypredeti.sk, 1
+pomocniczy.eu.org, 1
+pomogi-mne.tk, 1
+pomogidrugu.tk, 1
+pomogite.ml, 1
+pomonaca.gov, 1
+pomorskibereg.ml, 1
+pomost.ga, 1
+pomozmruczkom.pl, 1
+pompefunebrilariviera.it, 0
+pompeii.tickets, 1
+pomsinoz.com, 1
+pomtom.co.nz, 1
+ponabana.com, 1
+ponca-nsn.gov, 1
+poncho-bedrucken.de, 0
+pondacademy.com, 1
+pondband.net, 1
+pondof.fish, 1
+pondsama.com, 1
+poneiras.com, 1
+ponga.se, 1
+pongplace.com, 1
+ponio.org, 1
+ponio.xyz, 1
+ponnau.com, 1
+ponpokorin.tk, 1
+ponpon.tk, 1
+ponselsoak.com, 1
+ponsoftware.net, 1
+ponte-camp.de, 1
+ponteggi.it, 1
+ponteggi.roma.it, 1
+pontificia.tk, 1
+pontiwerx.com.au, 1
+pontodogame.com.br, 1
+pontosdevista.pt, 1
+pontosnews.gr, 1
+pontotoccountyms.gov, 1
+pontupagina.com, 1
+ponxel.com, 1
+pony-cl.co.jp, 1
+pony.tf, 1
+ponyar.net, 1
+ponycyclepals.co.uk, 1
+ponydesignclub.nl, 1
+ponyfoo.com, 1
+ponyhof-muensterland.de, 1
+ponytail.fr, 1
+ponytailsdesigns.com, 1
+poobert.tk, 1
+poochpark.tk, 1
+poodleassassin.com, 1
+poodlefan.net, 1
+pooi.me, 1
+poojanews.com, 0
+pookhaarden.nl, 1
+pookl.com, 1
+pool-selber-bauen.de, 1
+pooletranslation.com.au, 1
+poolheatingsolutionswa.com.au, 1
+poolmans.se, 0
+pools.shop, 1
+poolsafely.gov, 1
+poolsafety.gov, 1
+poolsonline.tk, 1
+poolspa.es, 1
+pooltools.net, 1
+poon.io, 1
+poopa.loan, 1
+poopjournal.rocks, 1
+poopr.ru, 1
+poorclarepa.org, 1
+pooriaarab.com, 1
+poortenautomatiseren.be, 1
+poorvika.com, 1
+pop-culture.tk, 1
+pop-myworld.com, 1
+pop.dk, 1
+pop.xxx, 1
+pop3.support, 1
+popadvertisementers.ga, 1
+popadvertisementest.ga, 1
+popcarte.com, 1
+popcat.ru, 1
+popcorncult.ru, 1
+popcowboyest.ga, 1
+popcultureshack.com, 1
+popdog.click, 1
+popecountyar.gov, 1
+popecountymn.gov, 1
+popeducation.ga, 1
+popeye.com, 1
+popfitclothing.com, 1
+popflow.cf, 1
+popflow.gq, 1
+popines.tk, 1
+popinga.es, 1
+popinga.it, 1
+popinga.net, 1
+popishop.tk, 1
+popitsnack.com, 1
+popjudge.cf, 1
+popjudge.ml, 1
+popka.sk, 1
+popki.tk, 1
+popkins.cf, 1
+popkins.ga, 1
+popkins.gq, 1
+popkins.ml, 1
+popkins.tk, 1
+poplargrove-il.gov, 1
+poplavok77.tk, 1
+poplite.xyz, 1
+popmagz.com, 1
+popmatters.com, 1
+popmenu.com, 1
+popmundoforum.tk, 1
+popokin.tk, 1
+popolini.ch, 1
+popolini.com, 1
+popotesetcocottes.fr, 1
+popova.tk, 1
+popoway.cloud, 1
+popoway.me, 1
+popoway9.ml, 1
+poppersareus.com, 1
+poppersy.ml, 1
+poppersy.tk, 1
+popphoto.nl, 1
+poppingdance.tk, 1
+poppinspayroll.com, 1
+poppleriverwi.gov, 1
+popporn.com, 1
+poppsylvie.com, 1
+poppylala.com, 1
+popravilam.by, 1
+popravilam.com, 1
+poprostuakwarystyka.pl, 1
+popsync.io, 1
+poptattoo.tk, 1
+poptavka.net, 1
+popular-male-kitten-names.tk, 1
+popularbusinessplatform.com, 1
+popularcar.com, 1
+popularculturegaming.tk, 1
+populardiets.tk, 1
+populardogs.ga, 1
+populardogs.gq, 1
+populardogs.ml, 1
+popularhairstyles.org, 1
+population-ethics.com, 1
+population.gov.au, 0
+popup-stores.online, 1
+popupbazaar.tk, 1
+popwaifu.click, 1
+popxclusive.com, 0
+poquiloco.com, 1
+poquvi.net, 0
+porady-wnetrzarskie.pl, 1
+porady.elblag.pl, 1
+porady.elk.pl, 1
+porady.kalisz.pl, 1
+porady.legnica.pl, 1
+porady.lubin.pl, 1
+porady.malopolska.pl, 1
+porady.mielno.pl, 1
+porady.opole.pl, 1
+porady.org, 1
+porady.pila.pl, 1
+porady.radom.pl, 1
+porady.rybnik.pl, 1
+porady.swinoujscie.pl, 1
+porady.walbrzych.pl, 1
+porady.zgora.pl, 1
+poradywnetrzarskie.pl, 1
+porazarul.by, 1
+porcepastora.com.ve, 1
+porchdaydreamer.com, 1
+porcore.com, 1
+porelcorazon.com, 1
+porelsam.ml, 1
+porevo.tk, 1
+poriadok.eu, 1
+porinnuotiopojat.tk, 1
+pork.org.uk, 1
+porka.gq, 1
+porkbun.com, 1
+porkmart.ga, 1
+porknlaser.com, 1
+porkpiesonline.co.nz, 1
+porlote.com, 1
+porm.club, 1
+porn2019.tk, 1
+porn24-7.com, 1
+porn77.info, 1
+pornagent.de, 1
+pornbabetyra.net, 1
+pornbabetyra.org, 1
+pornbay.eu, 1
+pornbay.org, 1
+pornblog.org, 1
+porncomix69.com, 1
+porncomp.com, 1
+porncompanions.com, 1
+porndoe.com, 1
+porndoepedia.com, 1
+porndragon.net, 1
+pornfacefinder.com, 0
+pornflare.net, 1
+pornforwomentube.com, 1
+pornfreehub.com, 1
+pornfreesites.com, 1
+pornfriends.tk, 1
+porngals4.com, 1
+porngameshub.com, 1
+pornhib.xyz, 1
+pornhub.com, 1
+pornhubapparel.com, 1
+pornhubpremium.com, 1
+pornhun.xyz, 1
+pornimg.net, 1
+porniwi.com, 1
+pornless.biz, 1
+pornline.porn, 1
+pornline.sex, 1
+pornloupe.com, 1
+pornmax.net, 1
+pornmega.net, 1
+porno-chat.it, 1
+porno-geschichten.com, 1
+porno-stars-video.ru, 1
+pornobilder.pics, 1
+pornoclips.net, 1
+pornodvdkopen.nl, 1
+pornogo.sex, 0
+pornogo.tube, 1
+pornohypnosis.tk, 1
+pornokran.com, 1
+pornomens.be, 1
+pornomovies.mobi, 1
+pornomovieshd.com, 1
+pornopark.nl, 1
+pornopica.com, 1
+pornopica.com.br, 1
+pornoplus.fr, 1
+pornorapido.net, 1
+pornovk.xxx, 1
+pornpics.com, 1
+pornpics.de, 1
+pornport.org, 1
+pornrd.com, 1
+pornsticky.com, 1
+pornstop.net, 1
+pornsuper.net, 1
+pornteddy.com, 1
+porntop100.com, 1
+porntube-vidios.ml, 1
+porntvclip.com, 1
+pornultra.net, 1
+pornvideos-tour.com, 1
+pornvideos-tube.com, 1
+pornvideos.tv, 1
+pornvidsfree.com, 1
+pornxxnxx.com, 1
+pornxxxvideos.xyz, 1
+porny.xyz, 1
+porodin.ml, 1
+pororoca.xyz, 1
+porplemontage.com, 1
+porroserver.tk, 1
+pors-sw.cz, 1
+porsche356registry.org, 1
+porschen.fr, 1
+porsolt.com, 1
+port.gdynia.pl, 0
+port.social, 1
+port443.hamburg, 0
+port443.se, 1
+port5060.net, 1
+port67.org, 1
+port80.hamburg, 0
+portable-games.tk, 1
+portablespeakers.tk, 1
+portablespeakersfinder.com, 1
+portadam.com, 1
+portafoliodenegocios.com.mx, 1
+portagecounty-oh.gov, 1
+portagedessiouxmo.gov, 1
+portagein.gov, 1
+portail-familles.net, 1
+portail-partenariats.fr, 1
+portail-rh.fr, 1
+portal-books.ga, 1
+portal-ekologia.pl, 1
+portal-news.tk, 1
+portal-ru.tk, 1
+portal-uang.com, 1
+portal.fo, 1
+portal.tirol.gv.at, 0
+portaladictos.tk, 1
+portalampgroep.nl, 1
+portalcarriers.com, 1
+portalchega.pt, 1
+portaldamizade.com, 1
+portaldatorcida.com.br, 1
+portaldocredito.pt, 1
+portaldogremista.com.br, 1
+portaleldense.tk, 1
+portalexpressservices.com, 1
+portalm.tk, 1
+portalmundo.xyz, 1
+portalpandalandia.tk, 1
+portalpower.com.br, 1
+portalultautv.net, 1
+portalutil.com.br, 1
+portalz.xyz, 1
+portamiinpista.it, 0
+portanatura.it, 1
+portatilea.com, 1
+portativ-mobi.tk, 1
+portcanaveral.gov, 1
+portchesterny.gov, 1
+portcomputingsolutions.com.au, 1
+porte.roma.it, 1
+portedwardswi.gov, 1
+porterbuddy.com, 1
+portercountyin.gov, 1
+porterpeds.com, 1
+portes-imaginaire.org, 1
+portesmagistral.com, 1
+portfolio-anish.tk, 1
+portfoliorlr.es, 1
+portfreezone.com, 1
+porthos.com.ar, 1
+porthueneme.gov, 1
+porthys.pt, 1
+portiapp.mx, 1
+portiaweb.org.uk, 1
+portierato.it, 1
+portingkit.com, 1
+portis.io, 1
+portiva.com, 1
+portmeirion.co.uk, 0
+portoccd.org, 0
+portofala.pt, 1
+portofedmonds.gov, 1
+portofephrata.gov, 1
+portofnenana.gov, 1
+portofsubs.com, 1
+portokalliali.tk, 1
+portonfus.com, 1
+portorchardwa.gov, 1
+portoseguro.med.br, 1
+portosonline.pl, 1
+portovelhoshopping.com.br, 1
+portraitcameos.com, 1
+portsaidyman.tk, 1
+portsdebalears.gob.es, 1
+portservice.se, 1
+portsmouthnhpd.gov, 1
+portsmouthohpd.gov, 1
+portsmouthri.gov, 1
+portsmouthsheriffsofficeva.gov, 1
+portsona.com, 1
+portugal-a-programar.org, 1
+portugal-a-programar.pt, 1
+portugal-car-hire.net, 1
+portugalbnb.net, 1
+portugalbycar.com, 1
+portugalivre.tk, 1
+portugalsko.net, 1
+portugalsurflessons.com, 1
+portusidades.com.pt, 1
+portvaletickets.com, 1
+portwashingtonwi.gov, 1
+portwing.gov, 1
+porumaoutrareforma.org, 1
+porumbei.tk, 1
+porwal.pl, 1
+porybox.com, 1
+porzellantreff.de, 1
+posa.moe, 1
+posaunenchor-senden.de, 1
+posbich.net, 1
+pose-faux-plafond.fr, 1
+poseidon-giesing.de, 1
+poseidonwaterproofing.info, 1
+poseidonwaterproofing.net, 1
+poseidonwaterproofing.org, 1
+poseidonworld.tk, 1
+posh.tech, 1
+poshcastles.co.uk, 1
+poshe.tk, 1
+poshlashes.se, 1
+poshmark.com, 1
+poshsecurity.com, 1
+poshvine.com, 1
+posicionament.tk, 1
+posied.ga, 1
+posijson.stream, 1
+positionus.io, 1
+positivastudios.tk, 1
+positive-thinking-for-you.com, 1
+positive.com.cy, 1
+positive.photography, 1
+positivecoach.org, 1
+positivenames.net, 1
+positiveone.tk, 1
+positiveoutlook.cn, 1
+positiverbeitrag.net, 1
+positiverbeitrag.org, 1
+positivethinkingmind.com, 1
+positivityoflife.com, 1
+positivos.tk, 1
+positronicmoron.tk, 1
+poslednigenerace.cz, 1
+posoco.in, 1
+pospisilik.eu, 1
+pospisilikovi.cz, 1
+post-anon.tk, 1
+post-darwinian.com, 1
+post-darwinism.com, 1
+post-health.net, 1
+post-office.tk, 1
+post-victoria.com, 1
+post.com.ar, 1
+post.how, 1
+post.icu, 1
+post.io, 1
+post.kim, 1
+post.lol, 1
+post.tf, 1
+post4me.at, 1
+postacyprus.com, 1
+postal.dk, 1
+postaltreasures.com, 1
+postandfly.com, 1
+postat.com, 1
+postback.io, 0
+postbanken.no, 1
+postblue.info, 1
+postbox.life, 1
+postcardpayment.com, 1
+postcards.tk, 1
+postcode.nl, 1
+postcodeswag.co.uk, 1
+postcodeswag.com, 1
+postcodeswag.uk, 1
+postdarwinian.com, 1
+postdarwinism.com, 1
+postdeck.de, 1
+postechbamboo.tk, 1
+posteo.de, 1
+posteo.net, 1
+postermywall.com, 1
+postern.net, 1
+postern.nl, 1
+postern.org, 1
+postern.uk, 1
+posters.win, 1
+posterspy.com, 1
+postfactum.info, 1
+postfalls-naturopathic.com, 1
+postfalls.gov, 1
+postfallspolice.gov, 1
+postfinance.ch, 1
+postimages.org, 1
+postimg.cc, 1
+postlakeswi.gov, 1
+postlifepreps.com, 1
+postlogistic.tk, 1
+postman.co, 1
+postman.ga, 1
+postmaniac.com, 1
+postmarka.tk, 1
+postmaster.boats, 1
+postmatescode.com, 1
+postmerkezi.tk, 1
+postmistress.email, 1
+postmusicologia.tk, 1
+postn.eu, 1
+postnet.club, 1
+postnext.com, 1
+postolia.cf, 1
+postoyanstvo.cf, 1
+postpot.co.kr, 1
+postscnn.com, 1
+poststar.com, 1
+postsubmeta.net, 1
+posttigo.com, 1
+posturografia.info, 1
+posturographie.info, 1
+posturography.courses, 1
+posturography.education, 1
+posturography.equipment, 1
+posturography.info, 1
+posturography.science, 1
+posturography.software, 1
+posturography.solutions, 1
+posturography.systems, 1
+posturography.training, 1
+posturologie.info, 1
+posturologo.roma.it, 1
+posukovskaschola.cz, 1
+posutochno.ml, 1
+posutochno.tk, 1
+pot-au-feu.info, 1
+potadvisor.com, 1
+potatiz.com, 1
+potato.im, 1
+potatochip.tk, 1
+potatodiet.ca, 1
+potatolighting.com, 1
+potatopro.com, 1
+potatosoft.kr, 1
+potatosouprecipe.ml, 1
+potatotee.com, 1
+potature.it, 1
+potature.org, 1
+potature.rimini.it, 1
+potature.roma.it, 1
+potbelly.com, 1
+potemkin.tk, 1
+potencial-school.ru, 1
+potentialcalm.co.uk, 1
+poterepersonale.it, 1
+pothe.com, 1
+pothe.de, 1
+pothuarivu.tk, 1
+potion.ai, 0
+potionlabs.de, 1
+potlytics.com, 1
+potolok-brest.tk, 1
+potolok.am, 1
+potomac.cf, 1
+potomacurology.com, 1
+potomania.cz, 1
+potosi-bolivia.tk, 1
+potosivlgwi.gov, 1
+potosiwi.gov, 1
+potrahushki.tk, 1
+potreningu.pl, 1
+potrillionaires.com, 1
+potsandplanters.com.au, 1
+potsdam.directory, 1
+pottawatomiecountyok.gov, 1
+pottcountyks.gov, 1
+potteranderson.com, 1
+pottercountytexasvotes.gov, 1
+potterish.com, 1
+potterperfect.tk, 1
+pottershouse.tk, 1
+potterybroker.ga, 1
+pottkinder.de, 1
+pottshome.co.uk, 1
+pottsvillepa.gov, 1
+potvorka.tk, 1
+potwin.tk, 1
+potworowski.de, 1
+potz.tk, 1
+pouchulu.tk, 1
+poudlard.fr, 1
+pouets.ovh, 1
+poultryfeedformulation.com, 1
+poun.tk, 1
+poundgatepark.co.uk, 1
+poupaeganha.pt, 1
+poupardinheiro.com.br, 1
+poupee.me, 1
+pourali.com, 1
+poured-floors.tk, 1
+pourout.org, 0
+pourtoi.se, 1
+pousadamaremata.com.br, 1
+pouwels-oss.nl, 1
+povar.ru, 1
+povarenok.cf, 1
+povareshka.tk, 1
+povmacrostabiliteit.nl, 1
+povomo.online, 1
+povzetki-knjig.si, 1
+pow.jp, 1
+powch-dev.com, 1
+powch-dev2.com, 1
+powdercoatatl.com, 1
+powdercoatingatl.com, 1
+powderedcloud.cf, 1
+powderedcloud.ga, 1
+powderkeg.com, 1
+powderspraymachine.com, 1
+powelljones.co.uk, 1
+power-bi-connector.be, 1
+power-bi-connector.eu, 1
+power-bi-connector.nl, 1
+power-coonies.de, 1
+power-flowengineer.com, 1
+power-magnetic.ml, 1
+power-of-interest.com, 1
+power-plugins.com, 1
+power-recovery.com, 1
+power-tools24.com, 1
+power100.co.uk, 1
+power2prevent.gov, 1
+poweranalitica.com, 1
+powerb.ch, 1
+powerbalance.tk, 1
+powerball.cf, 1
+powerball.club, 1
+powerbi.istanbul, 0
+powerbux.tk, 1
+powercloud.technology, 1
+powercod.tk, 1
+powercomputers.nl, 1
+powercounty.gov, 1
+powercv.ro, 1
+poweredbyiris.nl, 1
+powerentertainment.tv, 1
+powerfifty.com, 1
+powerfiler.com, 1
+powerforpeople.tk, 1
+powerfortunes.com, 1
+powerfulcom.net, 1
+powergridess.com, 0
+powergroup.tk, 1
+powerhouse.pro, 1
+powerhousegym.co, 1
+powerinboxperformance.com, 1
+powerlifting.tk, 1
+powerling.com, 1
+powerlp.com, 1
+powermeter.at, 1
+powerpc.pt, 1
+powerpilot.co.za, 1
+powerplan.com, 1
+powerplantmall.com, 1
+powerplay.com, 1
+powerplay.xyz, 1
+powerplayer.tk, 1
+powersaleskc.com, 1
+powerscif.com, 1
+powerscourt.tk, 1
+powerserg.ca, 1
+powerserg.io, 1
+powerserg.net, 1
+powerserg.shop, 1
+powerserg.us, 1
+powersergcloud.com, 1
+powersergconnect.com, 1
+powersergconsulting.com, 1
+powersergdatasystems.com, 1
+powersergdatasystems.tk, 1
+powersergdynamic.com, 1
+powersergedatasystems.com, 1
+powersergfeds.com, 1
+powersergholdings.com, 1
+powersergisrc.com, 1
+powersergmysteryshopping.com, 1
+powersergopioidoverdoseinterventiontrust.com, 1
+powersergpiv.com, 1
+powersergsecure.com, 1
+powersergsis.com, 1
+powersergsystems.com, 1
+powersergsystems.net, 1
+powersergthisisthetunnelfuckyouscott.com, 1
+powersergthisisthewebsitefuckyouchris.com, 1
+powersergthisisthewebsitefuckyouscott.com, 1
+powersergunited.com, 1
+powersergunited.org, 1
+powersergusercontent.com, 1
+powersergwiring.com, 1
+powersergwiringconsultants.com, 1
+powershaper.io, 1
+powershellmagic.com, 1
+powersolusa.com, 1
+powersport.lt, 1
+powersubmitter.tk, 1
+powersurgedatasystems.com, 1
+powerswitch.org.nz, 1
+powertecno.ml, 1
+powertofly.com, 1
+powertoolsrater.net, 1
+powertop.com, 1
+powertrike.tk, 1
+powertrunk.com, 1
+poweruser.su, 1
+powervolt.ru, 1
+powerwarranties.com, 1
+powerwellness-korecki.de, 1
+powerwheels.tk, 1
+powerwithpeople.com, 1
+powerzonewrestling.tk, 1
+poylabo.com, 1
+poynter.net, 1
+pozarevac.tk, 1
+pozd.tk, 1
+pozdravlyalka.gq, 1
+pozemedicale.org, 1
+pozharnyi.tk, 1
+pozitiffchik.ga, 1
+pozitiffchik.ml, 1
+pozitiffchik.tk, 1
+pozitiv.gq, 1
+pozitone.com, 1
+poziworld.com, 1
+poznajrynek.pl, 1
+poznavatelno.ml, 1
+pozzitiv.ro, 1
+pp.es, 1
+pp3345.net, 1
+pp5197.co, 1
+pp6729.co, 1
+pp6729.com, 1
+pp6957.co, 1
+pp9297.co, 1
+pp9721.com, 0
+pp9728.co, 1
+ppam.de, 1
+ppapogey.com, 1
+ppapogey.ru, 1
+ppaya.com, 1
+ppbi.com, 1
+ppcgeeks.com, 1
+ppcsesco.com, 1
+ppf.co.uk, 1
+ppg.report, 1
+ppgod.us, 1
+ppi.id, 1
+ppipe.net, 1
+ppirs.gov, 1
+ppissis.com.cy, 1
+ppktgti.top, 1
+ppld.org, 1
+pplog.info, 1
+pplsoft.nl, 1
+pplsvc.com, 1
+pplusp.dk, 1
+ppmlocal.com, 1
+ppmoon.com, 1
+ppms.gov, 1
+ppoou.co.uk, 1
+ppoozl.com, 1
+pppo.gov, 1
+ppppp.click, 1
+ppsltd.ca, 1
+ppssh.org, 1
+pptavmdata.org, 1
+ppter8.com, 1
+ppweb.pro, 1
+ppy.sh, 1
+pqd.ru, 1
+pqforce.com, 1
+pqgruber.com, 1
+pqscript.com, 1
+pr-news.spb.ru, 1
+pr-project.tk, 1
+pr.search.yahoo.com, 0
+pr.tn, 1
+pr100.gov, 1
+pr1sm.com, 1
+pr2studio.com, 1
+pr3-space-staging.ga, 1
+pr3.space, 1
+pr92.tk, 1
+pra.rip, 1
+prabhasakshi.com, 1
+prabirghosh.tk, 1
+prac.to, 1
+prachiiimohite.tk, 1
+pracovita.pl, 1
+pracownia-kasi.pl, 1
+pracowniamebli.mazury.pl, 1
+pracsuite.com, 1
+practicalhomes.com.au, 1
+practicallabs.com, 1
+practicepanther.com, 1
+practisforms.com, 1
+practitest.com, 1
+practixdevelopment.com, 1
+practo.com, 1
+practodev.com, 1
+pracusalev.tk, 1
+pradeek.tk, 1
+pradeepagrawal.com, 1
+pradersystems.ch, 1
+pradmin.ru, 1
+prado.it, 1
+pradohalcones.com, 1
+pradyumnashome.com, 1
+praemoveo.net, 1
+praeparation-keppner.de, 1
+praerien-racing.com, 1
+praetzlich-hamburg.de, 1
+praew.com, 1
+pragata.id, 1
+pragatiparasguesthouse.co.in, 1
+prageeth-niranjan.tk, 1
+pragma-messenger.ch, 1
+pragma-solution.com, 1
+pragmatist.nl, 1
+pragrimsby.co.uk, 1
+pragser-tal.net, 1
+pragtravel.cf, 1
+prague-swim.cz, 1
+praguepsychology.com, 1
+praguepsychology.cz, 1
+praha-9.eu, 1
+praha-kominictvi.cz, 1
+praha.tk, 1
+praia.studio, 1
+praiagrande.tk, 1
+prairienursery.com, 1
+prairievilletwp-mi.gov, 1
+praisehim.club, 1
+praiss.net, 1
+prajwal-koirala.com, 1
+prakhar.uk, 1
+prakharprasad.com, 1
+prakharvarta.com, 1
+praksite.fr, 1
+praktijkbeoordelen.nl, 1
+praktijkdevecht.nl, 1
+praktijkpassepartout.nl, 1
+praktijktian.be, 1
+praktijktoetsen.nl, 1
+praktiker.hu, 1
+praktikum.tk, 1
+praladofuturo.blog, 1
+praleria.com, 1
+prana-coachings.ch, 1
+prana-me.com, 1
+pranabesh.com, 1
+pranafilms.tk, 1
+pranavida.cl, 0
+prancor.ru, 1
+pranita-schals.de, 1
+pranita.cz, 1
+pranita.sk, 1
+prankawards.ga, 1
+pranksearch.ml, 1
+prankstercompany.com, 1
+prashantcafe.tk, 1
+prasinoscomputers.ml, 1
+prasos.fi, 1
+prasso.se, 0
+prateep.io, 1
+pratelloshop.tk, 1
+pratemarkets.com, 1
+praterraines.co.uk, 1
+prathambooks.org, 1
+praticienmedecinechinoise.be, 1
+prato-allo-stelvio.org, 1
+pratopronto.org, 1
+pratorotoli.it, 1
+pratosirunin.ga, 1
+pratyu.sh, 1
+prauxilium.com, 1
+pravac.de, 1
+pravagolosa.cf, 1
+pravagolosa.ga, 1
+pravagolosa.gq, 1
+pravda-tv.com, 1
+praveenawstest1.tk, 1
+praveenravichandran.xyz, 1
+pravex.com.ua, 1
+pravlife.ru, 1
+pravnisistem.rs, 1
+pravo-brest-belarus.tk, 1
+pravo911.tk, 1
+pravoslavie.tk, 1
+pravoslavnayarus.tk, 1
+pravosudie.tk, 1
+prawnikdlaanglii.co.uk, 1
+praxino.de, 0
+praxis-dingeldey.de, 1
+praxis-dr-bandulik.de, 1
+praxis-familienglueck.de, 1
+praxis-fickenscher.de, 1
+praxis-kjpt.de, 1
+praxis-liebner.de, 1
+praxis-oranienburg.de, 1
+praxis-rufer.ch, 1
+praxis-sorg-sam.ch, 0
+praxis-waedicity.ch, 1
+praxisamziegetsberg.de, 1
+praxisbiel.de, 1
+praxisfilms.org, 1
+praxisgroup.services, 1
+praxistipp24.com, 1
+prayag.tk, 1
+prayum.com, 1
+prazdnik-volgodonsk.tk, 1
+prazdniki-sait.tk, 1
+prazdniktost.tk, 1
+prazeremamamentar.com.br, 1
+prc.gov, 1
+prcarrier.tk, 1
+prcsurvey.com, 1
+prd-use-device-api.azurewebsites.net, 1
+prdashboard.tk, 1
+prdctz.tips, 1
+pre-commit.ci, 1
+pre-commit.com, 1
+pre-renewal.com, 1
+preapps.com, 1
+precambridge.tk, 1
+precedecaritas.com.br, 1
+precedencemedia.com, 1
+precedenceum.com, 1
+precept.uk.com, 1
+preci0.com, 1
+preciadictos.tk, 1
+preciofishbone.com, 1
+preciofishbone.de, 1
+preciofishbone.dk, 1
+preciofishbone.se, 1
+preciofishbone.vn, 1
+preciosmejores.com, 1
+preciousdad.com, 1
+preciouspebble.co.uk, 1
+preciscx.com, 1
+precisebusiness.com, 1
+precisefuture.com, 1
+precisionclan.com, 1
+precisioncoolingco.com, 1
+precisioncourt.com, 1
+precisiondentalnyc.com, 1
+precisiondentistrynj.com, 1
+precisiondigital-llc.com, 1
+precisionicerinks.com, 1
+precisionlender.com, 1
+precisionmachineservice.com, 1
+precisionpdr.tech, 1
+precisionsportsonline.com, 1
+precisionstocks.com, 0
+precisiontechcorp.com, 1
+precisionvaccinations.com, 1
+precutppf.store, 1
+predator-league.com, 1
+predatoria.tk, 1
+predatorworld.tk, 1
+predckazanie.ru, 1
+predication.ch, 1
+predictz.com, 1
+predilife.com, 1
+predkosci.pl, 1
+predmetnyj-fotograf.by, 1
+prednisolone1.gq, 1
+predoiu.ro, 1
+predskazanie.cf, 1
+predskazanie.ml, 1
+predskazanie.tk, 1
+predstavitelstvo-v-sude.tk, 1
+preejaculation.ga, 1
+preescolarsteps.com, 1
+prefabricadosdelcaribe.com, 1
+prefabrik-ev.com, 1
+prefect.cloud, 1
+prefect.io, 0
+prefereal.com, 1
+prefereal.net, 1
+prefereal.org, 1
+preference.ga, 1
+preferredathlete.com, 1
+preferredreverse.com, 1
+preferredservice.ca, 1
+prefix.eu, 1
+preflighthomeinspections.com, 1
+prefontaine.name, 1
+pregen.tk, 1
+pregnancytips.tk, 1
+pregnantorcrazy.com, 1
+preguntasdeciudadania.com, 1
+preguntasmasfrecuentes.com, 1
+pregunteleakaren.gov, 1
+preigu.de, 1
+preis-alarm.info, 1
+preis-alarm.org, 1
+preisser-it.de, 1
+preisser.it, 1
+prek.se, 1
+prekladysanca.cz, 1
+prelesti.tk, 1
+preloaded-hsts.badssl.com, 1
+prelogica.com.br, 1
+preludes.org, 1
+prelved.com, 1
+prelved.es, 1
+prelved.fi, 1
+prelved.fr, 1
+prelved.it, 1
+prelved.nl, 1
+prelved.pl, 1
+prelved.se, 1
+prematureacceleration.club, 1
+premazon.com, 1
+preme.name, 1
+premiachef.com, 1
+premier-dream.co, 1
+premier-hub.com, 1
+premier-podiatry.com, 1
+premieraviation.com, 1
+premierbouncycastles.co.uk, 1
+premierdisco.co.uk, 1
+premiereco.com.sg, 1
+premieresloges.ca, 1
+premierevents.ie, 1
+premierflmagazine.com, 1
+premierheart.com, 1
+premierleague.gq, 1
+premierloto.cg, 1
+premierloto.cm, 1
+premierloto.co.ke, 1
+premierloto.co.mz, 1
+premierloto.ml, 1
+premierloto.mw, 1
+premierloto.td, 1
+premiermaldives.com, 1
+premiermarketing.co.nz, 1
+premierpedsny.com, 1
+premierpoolsandspas.com, 1
+premierpups.com, 1
+premierseeds.co.nz, 0
+premiership-predictors.co.uk, 1
+premiersimgl.com, 1
+premioambiente.it, 1
+premiovapozicovna.sk, 1
+premiovicentejorgesilva.pt, 0
+premised.land, 1
+premium-computer.fr, 1
+premium-job.ru, 1
+premiumclean.co.nz, 1
+premiumcredit.am, 1
+premiumcs.ru, 1
+premiumdesign.hr, 1
+premiumkeystore.com, 1
+premiumlegalsupport.ga, 1
+premiumpeaches.com, 1
+premiumpictureframing.com, 1
+premiumshop24.de, 1
+premiumsmile.ru, 1
+premiumturkey.ml, 1
+premiumusedautoparts.com, 1
+premiumwebdesign.it, 1
+premkumar.net, 1
+premsarswat.me, 1
+premstarinc.com, 1
+premtech.nl, 1
+prenatal.com, 1
+prenatal.es, 1
+prendashop.es, 1
+prensaalterna.com, 1
+prensahispana.ga, 1
+prensarural.org, 1
+prepa-benjam.fr, 1
+prepa-code.com, 1
+prepagosyescortforyou.com, 1
+prepaid-cards.xyz, 1
+prepaidgirl.com, 1
+prepaidify.com, 1
+prepaidkredietkaart.be, 1
+prepare-job-hunting.com, 0
+prepareforthesat.com, 1
+preparetheword.com, 1
+prepedia.org, 1
+prepfba.com, 1
+prepr.io, 1
+prepress.ru, 1
+preprodfan.gov, 1
+prepscouts.tk, 1
+prepsiedy.cf, 1
+prepz.es, 0
+presbee.com, 1
+presbvm.org, 1
+presbyterian-colleges.com, 1
+preschoole.gq, 1
+preschoolteacher.org, 1
+presdesdunes.com, 1
+presence-group.com, 1
+presence-relation.fr, 0
+presenciainternet.com, 1
+present-m.com, 1
+presentaline.ch, 1
+presentationmedia.com, 1
+presentationsteknik.org, 1
+presentsofmind.com.au, 1
+preserveart.org, 1
+preservecrownhill.cf, 1
+preservecrownhill.ga, 1
+preservegrandcountyhistory.org, 1
+preserveourhillcountry.org, 1
+preserverollinspass.org, 1
+preserving.tk, 1
+presgrp.com, 1
+presgrp.net, 1
+president.bg, 1
+president.ee, 0
+presidentdirectory.ga, 1
+presidentialinnovationfellows.gov, 1
+presidentialserviceawards.gov, 1
+presidio.gov, 1
+presidiocommercial.gov, 1
+presidiotunneltops.gov, 1
+presly.org, 1
+presnetter.de, 1
+presnya.tk, 1
+presov.ml, 1
+press-edge.tk, 1
+press-presse.ca, 1
+press-wall24.ru, 1
+press.lv, 1
+pressakey.com, 1
+pressakey.de, 1
+presscenter.jp, 1
+presscommunity.tk, 1
+presscuozzo.com, 1
+presseagrume.net, 1
+pressed.com, 1
+pressemeddelelse.dk, 1
+pressento.com, 1
+pressertech.com, 1
+pressfreedomtracker.us, 1
+pressidium.com, 1
+pressimize.com, 1
+presslabs.com, 1
+pressnet.tk, 1
+pressnetwork.tk, 1
+pressnewscafe.gq, 1
+pressofatlanticcity.com, 1
+pressography.org, 1
+pressreleasecentral.tk, 1
+pressreleasepedia.tk, 1
+pressrush.com, 1
+pressspace2hack.com, 1
+pressspacetohack.com, 1
+pressup.it, 1
+pressureradio.com, 1
+pressurewashers.ml, 1
+pressurewashersandiego.com, 1
+pressurewashingchicago.com, 1
+presta-div-airs.fr, 1
+prestaandsons.com.au, 1
+prestaclip.com, 1
+prestar.com.my, 1
+prestaservicesgroup.com, 1
+prestashopmanager.com, 1
+prestatest.tk, 1
+prestatyn-scala.info, 1
+prestatynflowershow.co.uk, 1
+prestige-car-location.ch, 0
+prestigebouncycastles.co.uk, 1
+prestigecarkeys.com, 1
+prestigeeventshire.co.uk, 1
+prestigehealth.services, 1
+prestigehealthservices.au, 1
+prestigehealthservices.com.au, 1
+prestigelegalgroup.com.au, 1
+prestigerepairs.com.au, 1
+prestigesigns.net, 1
+prestigesoundandlight.co.uk, 1
+prestigestaffingsolutions.org.au, 1
+prestigeworldwidepr.com, 1
+prestigia.com, 1
+prestonadamscountywi.gov, 1
+prestonapp.com, 1
+prestonbrant.com, 1
+prestopermits.com, 1
+prestopizzas63.fr, 1
+prestudenta.sk, 1
+prestupniki.tk, 1
+pretabelamodas.com.br, 1
+pretalx.com, 1
+pretix.eu, 1
+pretome.info, 1
+pretor-sa.com, 1
+pretrialservices.gov, 1
+prettier.fun, 1
+pretty-liars.tk, 1
+pretty-smile.com.tw, 1
+prettybrowndancers.com, 1
+prettycities.ga, 1
+prettycloud.net, 1
+prettycloud.org, 1
+prettycobs.com, 1
+prettygirlcheats.com, 1
+prettykeira.tk, 1
+prettynode.com, 0
+prettyporn.com, 1
+prettysimplemom.com, 1
+prettyskin.com.tw, 1
+prettytunesapp.com, 1
+pretzelhands.com, 0
+pretzelx.com, 1
+preums.co, 1
+preussner-grafik-design.de, 1
+prevalent.net, 1
+preventshare.com, 1
+preview-it-now.com, 1
+preview.ninja, 1
+previewfreemovies.com, 1
+previewninja.com, 1
+previewtoday.it, 1
+previh.eu, 1
+previous.one, 1
+previousmagazine.com, 1
+previsiemens.com.br, 0
+previstart.com, 1
+previstart.fr, 1
+prevodkazet.cz, 1
+prexxorvita.com, 1
+prezentmarzen.com, 1
+preziti.eu, 1
+prfanfiction.tk, 1
+prg.rs, 1
+prgrmmr.nl, 1
+pri.email, 1
+priano.com, 0
+price-spider.com, 1
+price-tracker.duckdns.org, 1
+price.com.hk, 1
+priceactionhelp.com, 1
+priceblink.com, 1
+pricefx.com, 1
+pricefx.eu, 1
+pricegg.com, 1
+pricegg.ru, 1
+priceless-jewelry.com, 1
+pricelesspics.tk, 1
+pricelistforbxmodules.ga, 1
+pricelooper.com, 0
+priceofbusiness.com, 1
+pricepropharmacy.com, 1
+pricesdoors.com, 1
+priceshop.com, 1
+pricesmax.com.mx, 0
+pricesniffer.co, 1
+pricetoday.com.pk, 1
+pricevillepdal.gov, 1
+pricevortex.com, 1
+pricing-fox.cz, 1
+pricing-fox.sk, 1
+pride-enterprises.org, 1
+pridecounseling.com, 1
+pridecraft.gay, 1
+prideindomination.com, 1
+pridnestrovye.gq, 1
+pridurok.tk, 1
+prielwurmjaeger.de, 1
+priestess.tk, 1
+prifo.se, 1
+prij.fr, 1
+prijsvergelijken.ml, 1
+prikaznoparty.com, 1
+prikeshsavla.com, 1
+prikolkz.tk, 1
+prikpot.com, 1
+prillwitzgroup.com, 1
+prima-backoefen.de, 1
+prima-badezimmermoebel.de, 1
+prima-digitalkameras.de, 1
+prima-fernseher.de, 1
+prima-gefrierschraenke.de, 1
+prima-informatique.com, 1
+prima-mikrofone.de, 1
+prima-monitore.de, 1
+prima-pcs.de, 1
+prima-smartphones.de, 1
+prima-tablets.de, 1
+prima-trockner.de, 1
+prima-webcams.de, 1
+primadirectory.tk, 1
+primaflorafloristaccrington.co.uk, 1
+primalinea.pro, 1
+primalshop.dk, 1
+primalsurvivor.net, 1
+primananda.com, 1
+primanota.ch, 0
+primapak.bg, 1
+primary.health, 1
+primarycareconnect.com.au, 1
+primarysector.space, 1
+primasmartwatches.de, 1
+primates.com, 1
+primaudialrecords.com, 1
+primaveradesign.com.br, 1
+primbit.ru, 1
+prime, 1
+prime-host.ml, 1
+prime-med.com.tw, 1
+primecapsslim.com.br, 1
+primecreative.com.br, 1
+primecursos.com.br, 1
+primed.io, 1
+primedesigns.com.au, 1
+primeequityproperties.com, 1
+primeexecutiveoffices.com, 1
+primefinance.co.nz, 1
+primegeradores.com.br, 1
+primegiftindia.com, 1
+primekinoshita.com, 1
+primelogistics.cf, 0
+primemotive.com, 0
+primemotive.com.au, 1
+primeops.co, 1
+primeprime.cf, 1
+primeratx.gov, 1
+primerdeal.com, 1
+primersbc.com.br, 1
+primesense.com.br, 1
+primesensecosmeticos.com.br, 1
+primetechpa.com, 1
+primetics.co.uk, 0
+primeview.com, 1
+primglaz.ru, 1
+primisbank.com, 1
+primitiv.tk, 1
+primitivesbykathy.com, 1
+primo.be, 1
+primordialsnooze.com, 1
+primorus.lt, 1
+primos-tech.com, 1
+primowatercorp.com, 1
+primrose-2.com, 1
+primrosehillvets.ie, 1
+primrosenyagwaya.online, 1
+primsports.ru, 1
+primyris.fr, 1
+princebazawule.com, 1
+princedavidlodge.org.uk, 1
+princelishan.com, 1
+princelishan.com.tw, 1
+princemathew.tk, 1
+princemolak.ga, 1
+princes-st.org.nz, 1
+princess.software, 1
+princessbackpack.de, 1
+princessefoulard.com, 1
+princesspawg.tk, 1
+princessyachts.com, 1
+princetonmn.gov, 1
+princetonnassaupediatrics.com, 1
+princetonradiationoncology.com, 1
+princetontxcdc.gov, 1
+princevikal.cf, 1
+princewen.cn, 1
+princewen.com, 1
+princewen.org, 1
+princez.uk, 1
+princezna.club, 1
+principal.com.my, 1
+principalam.com, 1
+principalcomputers.com.au, 1
+principalhotelcolumbia.com, 1
+principalsexam.com, 1
+principalship.net, 1
+principaltoolbox.com, 1
+principedepaz.gt, 1
+principia-journal.de, 1
+principia-magazin.de, 1
+principia-online.de, 1
+princovi.cz, 1
+prinesec.com, 1
+prineville.gov, 1
+prinice.org, 1
+print-street.tk, 1
+print.dk, 1
+printa.nu, 1
+printable-map-az.com, 1
+printablemapaz.com, 1
+printablemapforyou.com, 1
+printablerebateform.net, 1
+printableschedule.net, 1
+printandgo.fr, 1
+printbase.cz, 1
+printbigjournal.tk, 1
+printdrivers.org, 1
+printeknologies.com, 1
+printerdrivers.com, 1
+printerem.hu, 1
+printerinks.com, 1
+printerinks.ie, 1
+printerinktoutlet.nl, 1
+printersdrivers.net, 1
+printersupportfaq.com, 1
+printertonerkopen.nl, 1
+printexpress.cloud, 1
+printfn.com, 0
+printful.com, 1
+printkinng.com.tw, 1
+printler.com, 1
+printme.com, 1
+printmet.com, 1
+printmet.ru, 1
+printmijn3dmodel.be, 1
+printmydesigns.ml, 1
+printplanlive.com, 1
+printpoint.tk, 1
+printrr.ca, 1
+printscan.com, 1
+printtolife.com.au, 1
+printus.pro, 1
+printwasteminimizer.com, 1
+prinz.gg, 1
+prinzoka.com.br, 1
+prio.pt, 1
+prior-it.be, 0
+prior.cloud, 1
+priorite-education.com, 1
+prioritet.hr, 1
+priorityeducation4u.tk, 1
+priorityelectric-agourahills.com, 1
+priorityelectric-camarillo.com, 1
+priorityelectric-dosvientos.com, 1
+priorityelectric-hiddenhills.com, 1
+priorityelectric-lakesherwood.com, 1
+priorityelectric-moorpark.com, 1
+priorityelectric-newburypark.com, 1
+priorityelectric-simivalley.com, 1
+priorityelectric.biz, 1
+priorityelectric.net, 1
+priorityessays.com, 1
+priorityfakes.com, 1
+prioritynissannewportnewsparts.com, 1
+priorlakemn.gov, 1
+priorshalldental.com, 1
+prisma.io, 0
+prisma.tk, 1
+prismacloud.com, 1
+prismacloud.xyz, 1
+prismaot.tk, 1
+prismapixel.studio, 1
+prismosystems.com, 1
+prisonerresource.com, 1
+pristinegrace.org, 1
+pristinepotty.com, 1
+prisync.com, 1
+pritchi.tk, 1
+pritti-wummen.de, 1
+priv.au, 1
+priv.gc.ca, 1
+priv.im, 1
+privace.ch, 1
+privaci.ai, 1
+privacy-web.tk, 1
+privacy-week-vienna.at, 1
+privacy-week.at, 1
+privacy-works.tk, 1
+privacy.ac.cn, 1
+privacy.ax, 1
+privacy.com.de, 1
+privacy.repair, 1
+privacybydesign.foundation, 1
+privacycentermqt.com, 1
+privacychick.com, 1
+privacychick.io, 1
+privacycloud.nl, 1
+privacydesign.ch, 1
+privacydev.net, 1
+privacyend.com, 1
+privacyfenceanddeckllc.com, 1
+privacyget.tk, 1
+privacyguides.org, 1
+privacyinternational.org, 1
+privacymanatee.com, 1
+privacynow.eu, 1
+privacypro.io, 1
+privacypros.io, 1
+privacysavvy.com, 1
+privacyscore.org, 1
+privacysecuritybrainiacs.com, 1
+privacystatement.tk, 1
+privacysvcs.net, 1
+privacyweek.at, 0
+privacyweek.de, 1
+privacyweek.eu, 1
+privacyweek.wien, 1
+privacyweekvienna.at, 1
+privaday.de, 1
+privalgo.co.uk, 1
+privasphere.com, 1
+private-diary-taka.com, 1
+private-krankenversicherung.tk, 1
+private-relay.email, 1
+private.coffee, 1
+privateadvisorgroup.com, 1
+privatebanks.uk, 1
+privatebin.info, 1
+privateboat.amsterdam, 1
+privatecapsecurity.org, 1
+privatedata.tk, 1
+privatedomaincontrol.com, 1
+privateger.me, 1
+privategiant.com, 1
+privatehd.to, 1
+privateideas.de, 1
+privateinvestigatoredu.org, 1
+privatejetschina.com, 1
+privatejetsdallas.com, 1
+privatejetsteterboro.com, 1
+privatejosh.cf, 1
+privatemillionaire.com, 1
+privatenebula.eu, 1
+privatepilot.lu, 0
+privaterelay.com, 0
+privateschoolreview.com, 1
+privateservice.cz, 1
+privatetrainingonline.se, 1
+privateuploader.com, 1
+privatevpn.com, 1
+privatfrei.de, 1
+privatmeet.com, 1
+privatstunden.express, 1
+privc.io, 1
+privcloud.cc, 1
+privcloud.org, 1
+privea.fr, 1
+priveadressen.tk, 1
+privelust.nl, 1
+priverify.com, 1
+privilegevisa.fr, 1
+privo.com, 1
+privorot.cf, 1
+privu.me, 1
+privw.com, 1
+privy-staging.com, 1
+privy.com, 1
+privylabs.com, 1
+prix-carburants-info.fr, 1
+prix-carburants.gouv.fr, 1
+prixcode.com, 1
+prixmetaux.fr, 1
+prixpictet.com, 1
+priyan.nl, 1
+priyan.tk, 1
+priz-kod.ru, 1
+prizcode.ru, 1
+prizecode.ru, 1
+prizehometickets.com.au, 1
+prizelink.com.au, 1
+prizkod.ru, 1
+prizrak-v-dospehah.ga, 1
+prizwiz.com, 1
+prizzlys.com, 1
+prjktruby.com, 0
+prkn.je, 1
+prlved.co.uk, 1
+prmihoc.com, 1
+prnav.com, 1
+pro-alter.ch, 1
+pro-babochek.ru, 1
+pro-ben.sk, 1
+pro-bike.ro, 1
+pro-c.me, 1
+pro-co.at, 1
+pro-esb.net, 1
+pro-furgoleros.tk, 1
+pro-ing.com, 0
+pro-israel.tk, 1
+pro-kemerovo.ml, 1
+pro-kolhoz.tk, 1
+pro-laser.com, 1
+pro-lq.at, 1
+pro-lq.ch, 1
+pro-lq.com, 1
+pro-lq.de, 1
+pro-lq.hu, 1
+pro-lq.it, 1
+pro-lq.net, 1
+pro-lq.ro, 1
+pro-marienburg.de, 1
+pro-mile.pl, 1
+pro-moed.nl, 1
+pro-ogorod.info, 1
+pro-server.tk, 1
+pro-taucher.com, 1
+pro-taucher.de, 1
+pro-web-design.tk, 1
+pro-wiert.pl, 1
+pro.co.id, 1
+pro.co.il, 1
+pro100systems.com.ua, 1
+pro4x4.com.ua, 0
+proacksecurity.com, 1
+proacousticsusa.com, 1
+proact-it.co.uk, 1
+proactive.run, 1
+proactivenews.ml, 1
+proadvanced.com, 1
+proalist.com, 1
+proalter.ch, 1
+proambt.nl, 1
+proamis-moodle.fi, 1
+proantab.ru, 1
+proarbor.com, 0
+proastec.com.br, 1
+proaudiogc.com, 1
+probably.group, 1
+probablyrational.com, 1
+probase.ph, 1
+probateandplanning.com, 1
+probationforms.com, 1
+probationnotes.com, 1
+probationofficeredu.org, 1
+probely.com, 1
+probiancanarias.com, 1
+probiller.com, 1
+probinarin.ga, 1
+problem-solver.ml, 1
+problempaws.ie, 1
+problemstate.com, 1
+problemstate.de, 1
+problemstate.net, 1
+problemstate.org, 1
+probleu.com, 1
+probonus.tk, 1
+probooks.gq, 1
+probrewer.com, 1
+procalc.be, 1
+procarmanuals.com, 1
+procarservices.com, 1
+procarswoking.com, 1
+procave.de, 1
+proceed.tk, 1
+procens.us, 0
+procert.ch, 0
+procesadorafenix.com.mx, 1
+processesinmotion.com, 1
+processout.com, 1
+processtec.com.br, 1
+prochainephase.com, 1
+prochaj.ru, 1
+procharter.com, 1
+procinorte.net, 1
+procitec.cz, 1
+proclaiminteractive.com, 1
+proclock.com, 1
+procode.ch, 1
+procode.gq, 1
+procomservices.com, 1
+procor.com, 1
+procore.com, 0
+procore.space, 1
+procountor.fi, 1
+procountor.se, 1
+procountorsolo.com, 1
+procrackbox.com, 1
+procrastinatingengineer.uk, 1
+procrastinationland.com, 1
+procreditbank.com.al, 1
+procsec.top, 1
+proctoloji.com, 1
+proctor.ml, 1
+proctorauth.com, 1
+proctorial.cf, 1
+proctorio.com, 1
+proctorio.net, 1
+procurant.com, 1
+procurement.moscow, 1
+procurs.us, 1
+procursus.social, 1
+procurx.pt, 1
+prod-simplesend-api.azurewebsites.net, 1
+prod-vigl-www-master.azurewebsites.net, 1
+prodaft.com, 1
+prodampro.ru, 1
+prodatalabs.com, 1
+prodentalsantacruz.es, 1
+prodesigntools.com, 1
+prodesk.bg, 1
+prodhealthcare.org, 1
+prodigibook.com, 1
+prodigyhacking.com, 1
+prodigyhq.io, 1
+prodinger.com, 0
+prodottitipicidellatoscana.it, 1
+prodottogiusto.com, 1
+producemybook.com, 1
+producentbalustrad.pl, 1
+producepromotions.com, 1
+producertools.io, 1
+producerwereld.nl, 1
+productbarcodes.com, 1
+productboard.com, 1
+productdesignsoftware.com.au, 0
+productfurniture.ga, 1
+production.vn, 1
+productionscime.com, 1
+productiv.com, 1
+productive.io, 1
+productivemachine.net, 1
+productiveplastics.com, 1
+productkeyslist.com, 1
+productosdeteruel.es, 0
+productosquimicosrd.com, 1
+productpeo.pl, 1
+products-for-health.tk, 1
+products4more.at, 1
+productsafety.gov.au, 1
+productscastle.com, 1
+productupdates.org, 1
+produform.it, 1
+produits-dantan.com, 1
+produkt.cf, 1
+produra.nl, 1
+produtosdeacademia.com, 1
+prodwa.re, 1
+prodware.fr, 1
+prodware.nl, 1
+proecommerce.com, 1
+proeflokaalbakker.nl, 1
+proefteksten.nl, 0
+proekt.tk, 1
+proemployeeprotection.com, 1
+proemployeeprotection.net, 1
+proesb.net, 1
+proeski.com, 0
+prof, 1
+prof-toplivo.ru, 1
+prof-waldowski.de, 1
+prof.lv, 1
+profarea.ru, 1
+profbigbang.ru, 1
+profbioresearch.ga, 1
+profboecker.eu, 1
+profchristophergoh.com.sg, 1
+profection.biz, 1
+profession.email, 1
+professionalbeautyshop.it, 1
+professionalblog.tk, 1
+professionalbussines.tk, 1
+professionaleducation.tk, 1
+professionalfinance.uk, 1
+professionallawyer.tk, 1
+professionalportfolio.ga, 1
+professionalrakeback.com, 1
+professionalstandards.org.uk, 1
+professions.org.ru, 1
+professor-d.ga, 1
+professorart.ru, 1
+professorwidget.tk, 1
+profi.de, 1
+profian.com, 1
+proficio.at, 1
+proficio.cz, 1
+proficio.de, 1
+proficio.io, 1
+proficiodigital.pl, 1
+proficiodigital.sk, 1
+profidea.cz, 1
+profielektrik.tk, 1
+profigen.com.br, 1
+profil-doors.spb.ru, 1
+profile.ooo, 1
+profile.tf, 1
+profilepk.com, 1
+profiles.google.com, 1
+profilesw.com, 1
+profilewatcher.ga, 1
+profilib.com, 1
+profilib.net, 1
+profilib.top, 1
+profilmedecin.fr, 1
+profilmonline.cn, 1
+profilmonline.com, 1
+profilmonline.jp, 1
+profilwerkstatt.de, 1
+profinetz.de, 1
+profinvestment.com, 1
+profisee.com, 0
+profiservis.info, 1
+profissionalstool.ga, 1
+profit24.ml, 1
+profitable-textilien.ch, 1
+profitableventure.com, 1
+profitablewebprojects.com, 1
+profitdouble.tk, 1
+profitero.com, 1
+profitimages.com, 1
+profitmiracle.tk, 1
+profloorstl.com, 1
+profmatheus.com, 1
+profmetod.com, 1
+profondeville-sharks.be, 1
+profor.cz, 1
+proformer.io, 1
+proformi.com, 1
+profound-world.com, 1
+profritual.ru, 1
+profsaranya.com, 1
+profservice.it, 1
+proft.eu, 0
+profumeria.roma.it, 1
+profuntime.tk, 1
+profusion.io, 0
+profvideo.kharkov.ua, 1
+profwald.4lima.de, 1
+prog-d.tk, 1
+prog-mailolder.tk, 1
+prog.olsztyn.pl, 1
+prog24.net, 1
+progamehackers.tk, 1
+progamersquad.com, 1
+progaudio.be, 1
+progea.com, 1
+progenda.be, 1
+proger.ga, 1
+proger.ml, 1
+progeste.pt, 1
+progettodighe.it, 1
+progettograjau.com, 1
+progettonazionale.it, 1
+progezi.com, 1
+progg.no, 1
+proggersession.com, 1
+proggersession.de, 1
+proglib.io, 1
+prognoshealth.com, 0
+prognozis.cf, 1
+progolfjourney.com, 1
+progon.cf, 1
+progonsoftware.com, 1
+prograce.info, 1
+program-and.work, 1
+programador-web-freelance.es, 1
+programagrowup.com.br, 1
+programando.tk, 1
+programarya.com, 1
+programaticon.tk, 1
+programer21.com, 1
+programmads.com, 1
+programmaticmagic.com, 1
+programmatv.tk, 1
+programme-launch28-code854-com.ml, 1
+programmed.com.au, 1
+programmervibe.com, 1
+programmes-neufs-corse.fr, 1
+programming-solutions.tk, 1
+programminghomeworkhelp.com, 1
+programnews.tk, 1
+programsareproofs.com, 1
+programsupport300procent.com, 1
+prograph.tk, 1
+prograppa.tk, 1
+progres.construction, 1
+progresion.co, 1
+progresivoptic.ro, 1
+progresja.com, 1
+progress-linux.org, 1
+progress.photos, 1
+progressive.ml, 1
+progressivecfo.co.nz, 1
+progressivedie.net, 1
+progressiveplanning.com, 1
+progressivestreetdance.tk, 1
+progressm.tk, 1
+progressnet.nl, 1
+progressonderwijs.nl, 1
+progressportaal.nl, 1
+progressverkiezingen.nl, 1
+progresswww.nl, 1
+progroep.nl, 1
+progtime.net, 1
+prohashing.com, 1
+prohelpers.tk, 1
+prohibition.tk, 1
+prohost24.tk, 1
+prohrcloud.com, 1
+proi.net, 1
+proibidoler.com, 1
+proiceresurfacer.com, 1
+proinfluent.com, 1
+proinn.com.br, 1
+proj.org.cn, 1
+proj3ct.me, 1
+proj6.site, 1
+project-alice.io, 1
+project-forum.tk, 1
+project-ice.org, 1
+project-merlin.co.uk, 1
+project-novis.org, 1
+project-rune.tech, 1
+project-stats.com, 1
+project-tamriel.com, 1
+project.ac.cn, 1
+project86fashion.com, 1
+projectalias.com, 1
+projectarmy.net, 0
+projectborealisgitlab.site, 1
+projectbotticelli.com, 1
+projectbuild.tk, 1
+projectcares.tk, 1
+projectcolonisation.tk, 1
+projectemail.co, 1
+projectfreehosting.ga, 1
+projectgazaabindo.com, 1
+projecthelius.com, 1
+projecthopeless.tk, 1
+projecthosting.nl, 1
+projectimagine.com, 1
+projectinferno.tk, 1
+projection.gq, 1
+projectl1b1t1na.tk, 1
+projectlarix.com, 1
+projectleague.lol, 1
+projectlinuseasttn.org, 1
+projectloaded.com, 1
+projectmailext.co, 1
+projectmaka.io, 1
+projectmakeit.com, 1
+projectmanager.host, 1
+projectmap.solutions, 1
+projectmidnight.tk, 1
+projectobs.com, 1
+projectplacebo.ca, 1
+projects.nl.eu.org, 1
+projectsafechildhood.gov, 1
+projectsegfau.lt, 1
+projectskynet.org, 1
+projectsmart.co.uk, 1
+projectstem.org, 1
+projecttalent.be, 1
+projectte.ch, 1
+projecttopics.org, 0
+projectunity.io, 1
+projectvault.ovh, 1
+projectveritasaction.com, 0
+projectview.ai, 1
+projectweb.gr, 1
+projectxyz.eu, 1
+projectzet.tk, 1
+projehocam.com, 1
+projekt-allianz.de, 1
+projekt-manufaktur.de, 1
+projekt-umbriel.de, 1
+projekt-wild.tk, 1
+projektarbeit-projektplanung.de, 1
+projektentwicklung-westfalen.de, 1
+projektzentrisch.de, 1
+projest.ch, 0
+projet-fly.ch, 1
+projet-pastel.be, 1
+projet-saara.com, 1
+projetomovase.com, 1
+projetootaku.net, 1
+projetsvl.com, 1
+prokaza.tk, 1
+prokey-marburg.de, 1
+proklimat.pro, 1
+prokop.ovh, 1
+prokop.uk, 1
+prolens-lankaran.tk, 1
+proletaren.se, 1
+prolikewoah.com, 1
+prolobziki.ru, 1
+prolocofrascarolo.tk, 1
+prologic.bg, 1
+prologicabg.com, 1
+proloyalweb.com, 1
+promajna.tk, 1
+promax.nl, 1
+promea.net, 1
+promecin.com, 1
+promedlatam.com, 1
+promedyczny.pl, 1
+promenics.com, 1
+promentesalzburg.at, 1
+promet.si, 1
+prometey.tk, 1
+prometheanfire.net, 1
+prometheanfire.org, 1
+promethen.com, 1
+prometheus.cf, 1
+promiflash.de, 1
+promisedland.tk, 1
+promisesaplus.com, 1
+promislovik.tk, 1
+prommontag.com, 1
+promo-brille.at, 0
+promo-brille.ch, 0
+promo-brille.de, 0
+promo-code.tk, 1
+promo-kodi.tk, 1
+promo.lc, 1
+promobit.com.br, 1
+promobo.fr, 1
+promocao.email, 1
+promocion2007.tk, 1
+promocjedladzieci.pl, 1
+promocodes777.com, 1
+promocodius.com, 1
+promocoespg.pt, 1
+promodance.cz, 1
+promodoble.com, 1
+promods.download, 1
+promods.net, 1
+promods.store, 1
+promofirstmedia.co.id, 1
+promohulp.nl, 1
+promohunt.ru, 0
+promokodi.tk, 1
+promolife.be, 1
+promolover.com, 1
+promomart.eu, 1
+promopirates.com, 1
+promopony.com, 1
+promorder.ru, 1
+promosjungle.com, 1
+promosolucoes.tk, 1
+promotech.pro, 1
+promoteiq.com, 0
+promoterms.com.au, 1
+promoteroute.com, 1
+promotiongeeks.com, 0
+promotionnissanauto.com, 1
+promotionvillanakarin.com, 1
+promotor.ro, 1
+promovendum.nl, 1
+promozioni.it, 1
+prompt-service.ro, 1
+promuovi.tv, 1
+promwad.com, 0
+pron4ik.gq, 1
+pronandi.tk, 1
+pronatec.pro.br, 1
+pronikoho.cz, 1
+pronoundb.org, 1
+pronto-intervento-fognature.it, 1
+pronto-intervento.net, 1
+prontointerventofognature.roma.it, 1
+prontointerventoimmediato.it, 1
+prontossl.com, 1
+pronty.it, 1
+prooffice.de, 1
+proofofwork.art, 1
+proofpoint.com, 1
+proofpointessentials.com, 1
+proofwiki.org, 1
+proos.nl, 1
+propaganda.love, 0
+propagandablog.de, 0
+propagationtools.com, 1
+propanesale.cf, 1
+propbot.com, 1
+propecia.ml, 1
+propeld.com.au, 1
+properchels.com, 1
+propermatches.com, 1
+propersky.com, 1
+propertech.com.br, 1
+properticons.com, 1
+properties.org.il, 1
+propertiesmiami.com, 1
+property-tax.cf, 1
+property-tax.ga, 1
+property-tax.gq, 1
+propertyauctionaction.co.uk, 1
+propertycareincorporated.com, 1
+propertycrawl.com, 1
+propertydealer.ga, 1
+propertyfindercdn.com, 1
+propertyflare.com, 1
+propertygroup.pl, 1
+propertyinspect.com, 1
+propertylondon.co.uk, 1
+propertyme.com.au, 1
+propertymingo.com, 1
+propertyofariana.pw, 1
+propertyofthepeople.org, 1
+propertyone.mk, 1
+propertyrate.com, 1
+propertyroad.co.uk, 1
+propertysales-almeria.com, 1
+propertyselling.ga, 1
+propertysex.com, 1
+propertyupdate.com.au, 1
+propertyworkshop.com, 1
+propfirmdiscount.com, 1
+prophetdesign.ch, 1
+prophitt.me, 1
+propiedadescima.com, 1
+propiedadesenventaenplayadelcarmen.com, 1
+propiedadesenventaentulum.com, 1
+propipesystem.com, 1
+propiteer.com, 1
+propiteercapitalplc.com, 1
+propmark.com.br, 1
+propolisturkiye.tk, 1
+proporcer.tk, 1
+proposalonline.com, 1
+proposeinspain.net, 1
+propr.no, 1
+propranolol.cf, 1
+propranololgeneric.ml, 1
+proprietairesmaisons.fr, 1
+propseller.com, 1
+propshub.com, 1
+proressource.ca, 0
+proressources.ca, 1
+proris.com, 0
+prosafilosofica.com.br, 1
+proschlaf.at, 1
+proscore-vr2005-1plc.de, 1
+proscore-vr2006-1plc.de, 1
+proscost.com, 1
+proserialkey.com, 1
+proservices.vip, 1
+prosharp.com.au, 1
+proshoereview.com, 1
+proshop.pl, 1
+prosimvstupte.cz, 1
+proslimdiets.com, 1
+prosocialmachines.com, 1
+prosoft.com.es, 1
+prosony.es, 1
+prospa.digital, 1
+prospectky.gov, 1
+prospecto.com.au, 1
+prospecto.ee, 1
+prospecto.hr, 1
+prospecto.lt, 1
+prosperafrica.gov, 1
+prosperbot.com, 1
+prosperfit.com, 1
+prosperi.academy, 0
+prosperityprojectaz.org, 1
+prosperoarts.com.au, 1
+prosperontheweb.com, 1
+prosperstack.com, 1
+prosperus.ru, 1
+prospo.co, 1
+prosportovani.cz, 1
+prospreads.com, 1
+prostaglandina.com, 1
+prostavropol.cf, 1
+prostecheat.xyz, 1
+prostitutka.cf, 1
+prostitutka.ml, 1
+prostitutki-narvskaja.ga, 1
+prostitytki-nijnevartovsk.club, 1
+prosto-dengi.tk, 1
+prostocash.com, 1
+prostodengi.ml, 1
+prostogame.ga, 1
+prostohobby.ru, 1
+prostoivkusno.ml, 1
+prostoporno.fun, 1
+prostoporno.guru, 1
+prostoporno.life, 1
+prostoporno.live, 1
+prostoporno.love, 1
+prostoporno.net, 1
+prostoporno.sexy, 1
+prostoporno.video, 1
+prostoporno.vip, 1
+prostoporno.zone, 1
+prostor.cf, 1
+prostore.vn, 1
+prostoskidki.ml, 1
+prostozaim.ml, 1
+prostreamstudio.com, 1
+prostye-recepty.com, 1
+prosurf.com.hr, 1
+prosurveillancegear.com, 1
+prosvet.tk, 1
+prosveta1901.tk, 1
+prosvita.dp.ua, 1
+protaaltar.com, 1
+protanki.ml, 1
+protanki.tk, 1
+protapnews.tk, 1
+proteccaocivil.com, 1
+proteccaocivil.net, 1
+proteccaocivil.org, 1
+protecciondelconsumidor.gov, 1
+proteces.ru, 1
+protecht.com.au, 1
+protechtgroup.com, 1
+proteco.sk, 1
+protectapack.com.au, 1
+protectasecurity.pe, 1
+protected-forms.com, 1
+protectedreport.com, 1
+protectem.de, 1
+protecti.com, 1
+protection-plexi.com, 1
+protection-plexi.fr, 1
+protection.ga, 1
+protectionformula.com.ua, 1
+protectoraircare.com.au, 1
+protectwrap.ml, 1
+protege.moi, 1
+proteh.com.ua, 1
+proteinreport.org, 1
+protek.tk, 1
+proteka.com.tr, 1
+protekpainters.com, 1
+protempore.fr, 1
+protenus.com, 1
+proteogenix-products.com, 1
+proteogenix.science, 1
+protesthongkong.com, 1
+proteus-eretes.nl, 1
+protez.ga, 1
+protez.ml, 1
+protez.tk, 1
+prothots.com, 1
+protic.online, 1
+protic.pt, 1
+protiksana.gr, 1
+protipster.com, 1
+protium.co.in, 1
+proto.io, 1
+protobetatest.com, 1
+protocol.ai, 1
+protocol.co.il, 1
+protogenbrainbooster.tk, 1
+protok.tk, 1
+proton.ch, 1
+proton.me, 1
+protonbg.bg, 1
+protonmail.ch, 1
+protonmail.com, 1
+protonpartnersglobal.com, 1
+protonpix.com, 1
+protonvpn.com, 1
+prototayl.gq, 1
+prototech.store, 1
+prototypable.io, 1
+prototype.bg, 1
+prototypefund.de, 1
+prototyping-computer.ml, 1
+prototypofablab.it, 1
+protoxin.net, 0
+protrainerbrasil.com.br, 1
+protrolley.cf, 1
+protteapapelaria.com.br, 1
+protvplus.ro, 1
+proudplus.com, 1
+proust.ch, 0
+proust.media, 0
+proustmedia.de, 0
+prouveonline.pt, 1
+proux.global, 1
+prove-uru.co.uk, 1
+prove.com, 1
+prove.no, 1
+proveits.me, 0
+provenbyyullia.com, 1
+provence-appartements.com, 0
+provent.io, 0
+provera10mg.tk, 1
+proverb.today, 1
+proverennie-kursi.gq, 1
+proverennie-kursi.ml, 1
+proverennie-kursi.tk, 1
+provereno-rabotaet.gq, 1
+provereno-rabotaet.tk, 1
+proverochka.tk, 1
+provide-vr2002-1plc.de, 1
+provide-vr2003-1plc.com, 1
+provide-vr2003-1plc.de, 1
+provide-vr2004-1plc.de, 1
+provide-vr2005-1plc.de, 1
+provide-vr2006-1plc.de, 1
+provide-your-image.de, 1
+providencecmc.com, 1
+provident1031.com, 1
+providenthousing.com, 1
+providential.be, 1
+providerlijst.ml, 1
+providmedical.com.ua, 1
+provigis.com, 0
+provinciaotlavoro.it, 1
+provinstyper.com, 1
+provinzblogger.de, 1
+provision-isr.nl, 1
+provisionevents.co.uk, 1
+provisionircd.tk, 1
+provitec.com, 1
+provlas.se, 1
+provo.gov, 1
+provocador.es, 1
+proweb-design.no, 1
+prowi.se, 1
+prowindow.sk, 1
+prowise.com, 1
+prowise.me, 1
+prowoodthai.com, 1
+prowpcare.com, 1
+prowrestlingevents.tk, 1
+prox.ru, 1
+proxaccess.com, 1
+proximity.ga, 1
+proximityradio.fr, 1
+proximo.tk, 1
+proxirealtime.com, 1
+proxmox-airsonic.tk, 1
+proxy-bay.biz, 1
+proxy-bay.cam, 1
+proxy-bay.cc, 1
+proxy-bay.click, 1
+proxy-bay.me, 1
+proxy-bay.one, 1
+proxy-bay.onl, 1
+proxy-bay.top, 1
+proxybay.ink, 1
+proxybay.red, 1
+proxyhub.eu.org, 1
+proxyline.net, 1
+proxytool.cf, 1
+proyectofreestyle.com, 1
+proyectomca.es, 1
+proyectosaludecuador.org, 1
+proyectosinelec.com, 1
+proyectostep.tk, 1
+prozac20mg.cf, 1
+prozapchast24.ru, 1
+prozhedownload.com, 1
+prozoneplan.com, 1
+prozorlivec.tk, 1
+prpbenevolent.org, 1
+prpbt.io, 1
+prpferrara.it, 1
+prpr.bid, 1
+prpr.cat, 1
+prpr.icu, 1
+prpr.live, 1
+prpr.rip, 1
+prpr.win, 1
+prsbtdc.org, 1
+prsg.tk, 1
+prsnlafk.com, 1
+prstatic.com, 1
+prt.in.th, 1
+prtpe.com, 1
+prtscloud.ddns.net, 1
+pru.com.hk, 1
+pru.hk, 1
+pruchovi.tk, 1
+prudenceandthecrow.com, 1
+prudential.com.sg, 1
+pruebapg.cl, 1
+pruem.software, 1
+pruijn-overheidsadvies.nl, 1
+pruma.com.br, 1
+pruna.org, 1
+prushka.gq, 1
+prushka.ml, 1
+prushka.tk, 1
+pruve.it, 1
+prvnirodinna.cz, 1
+prwebconsulting.com, 0
+prwid.gov, 1
+pry.co, 1
+pryan.org, 1
+prylarprylar.se, 1
+prynhawn.com, 1
+prynhawn.net, 1
+prynhawn.org, 1
+prytkov.com, 1
+przemas.pl, 1
+przemek-kuczynski.com, 1
+przemyslprzyszlosci.gov.pl, 1
+przepisykolejowe.tk, 1
+przerabianiezdjec.pl, 1
+przybys.eu, 1
+przyciemnianieszyb.waw.pl, 1
+ps-clinic.jp, 1
+ps-playback.com, 1
+ps-provider.co.jp, 1
+ps-rosatom.ru, 1
+ps-sale.ru, 1
+ps-w.ru, 1
+ps.energy, 1
+ps131q.com, 1
+ps194.net, 1
+ps194.org, 1
+ps2.io, 1
+ps2911.com, 1
+ps2online.tk, 1
+ps3419.org, 1
+ps4all.nl, 1
+ps5ssd.com, 1
+ps8318.com, 1
+psa-travel-care.com, 1
+psa.at, 1
+psa.gov, 1
+psacertified.org, 1
+psaho.ru, 1
+psalivenews.ml, 1
+psalmer.tk, 1
+psasines.pt, 1
+psau.edu.sa, 1
+psauthority.org.uk, 1
+psauxit.com, 0
+psazy.ml, 1
+psb.cloud, 1
+psb1.org, 1
+psb1911.com, 1
+psb4ukr.net, 1
+psb4ukr.org, 1
+psblog.fr, 1
+psc-elsene.be, 1
+pschierl.com, 1
+pscp.tv, 1
+pscr.gov, 1
+pscu.com, 1
+psd-vfx.com, 1
+psdfindia.in, 1
+psdmarket.net, 1
+psdpt-tpfd.gc.ca, 1
+psdreams.com, 1
+psdsfn.com, 1
+psdsuc.com, 1
+pseac.org, 1
+pseek.com, 1
+psemc.com, 1
+pseta.ru, 1
+psevdonim.ga, 1
+psezalla.es, 1
+psg-calw.de, 1
+psge.ps, 1
+pshar.ma, 1
+pshostpk.com, 1
+pshweb.tk, 1
+psi-tv.tk, 1
+psicanalista.milano.it, 1
+psici.eu, 1
+psicoblog.tk, 1
+psicoexpansao.com.br, 1
+psicologajanainapresotto.com.br, 1
+psicologamarianaortiz.com, 1
+psicologiaparatodos.com.mx, 1
+psicologo-especialista-barcelona.com, 1
+psicologo-infantil-barcelona.com, 1
+psicomagia.com.br, 1
+psicometricas.mx, 1
+psihocentrala.com, 1
+psiholognatalija.rs, 1
+psihologonline.tk, 1
+psihology.gq, 1
+psihology.tk, 1
+psihoterapevt1.by, 1
+psihoterapija-slap.hr, 1
+psihotest.tk, 1
+psii.global, 0
+psiint.ca, 1
+psikokoro.com, 1
+psinergy.info, 1
+psinergyhealth.com, 1
+psinergytech.com, 1
+psinetika.tk, 1
+psionline.com, 0
+psionlinestore.com, 1
+psiplex.cf, 1
+psiplex.ga, 1
+psiplex.gq, 1
+psishop.tk, 1
+psitarz.com, 1
+psixotest.tk, 1
+psixotesty.tk, 1
+pskhu-wedding.ru, 1
+pskov-daily.tk, 1
+pskov.gq, 1
+pskov.ml, 1
+pslf.gov, 1
+pslgroup.com, 1
+psm.org.ph, 1
+psmpl.com, 1
+psncarddelivery.com, 0
+psncardplus.be, 1
+psncardplus.com, 1
+psncardplus.dk, 1
+psncardplus.nl, 1
+psncardplus.se, 1
+psncoach.com, 1
+psncuc.gov, 1
+pso2.icu, 1
+psochecker.com, 1
+pson.ninja, 1
+psono.pw, 1
+psoo.top, 1
+psoppc.com, 1
+psoppc.info, 1
+psoppc.net, 1
+psoriasischecker.com, 1
+pspapershow.ga, 1
+pspenvases.es, 1
+psphp.tk, 1
+psplus.ml, 1
+psplus.tk, 1
+psprices.com, 1
+psprsaz.gov, 1
+psps.cat, 1
+psq.com.au, 1
+psreturn.com.au, 1
+pssgcsim.org, 1
+pssjd.org, 1
+pssschristchurch.tk, 1
+pst.edu.au, 1
+pst.moe, 1
+pstake.finance, 1
+pste.pw, 1
+pstrozniak.com, 1
+pstrykmyk.eu, 1
+pstutorials.tk, 1
+psu.je, 1
+psv-herford-badminton.de, 1
+psw-consulting.de, 1
+psw-group.de, 1
+psw-training.de, 1
+psw.net, 1
+pswatcher.com, 1
+psy-web.fr, 1
+psyart.tk, 1
+psycenter.tk, 1
+psych2go.net, 1
+psychcare.cz, 1
+psychedelia.com, 1
+psychedelics.org, 1
+psychiatretdah.fr, 1
+psychiatrie-ricany.cz, 1
+psychiatriepapezova.net, 1
+psychiatriepraktijkutrecht.nl, 1
+psychiatry-clinic.com.tw, 1
+psychic-healer-mariya-i-petrova-boyankinska-b-borovan-bg.com, 1
+psychicfairnetwork.cf, 1
+psychicfairnetwork.gq, 1
+psychicfairnetwork.ml, 1
+psychiq.com, 1
+psychische-systeme.de, 1
+psychistory.ru, 1
+psycho-familles.com, 1
+psycho-lobby.fr, 1
+psycho-news.tk, 1
+psycho.space, 1
+psychoactive.com, 1
+psychoco.net, 0
+psychologbruksela.be, 1
+psychologi.cf, 1
+psychologic.tk, 1
+psychologie-hofner.at, 1
+psychologischepraktijkphilips.nl, 1
+psychologist-license.com, 1
+psychologist.ga, 1
+psychologlodz.info, 1
+psychologue-a-paris.com, 1
+psychologue-grenoble.org, 1
+psychologydegreeguide.org, 1
+psychologytests.tk, 1
+psychometric.careers, 1
+psychometrictest.ca, 1
+psychometrictest.co.il, 1
+psychometrictests.ca, 1
+psychometrictests.in, 1
+psychometrictests.uk, 1
+psychometrischetests.de, 1
+psychometrist.ir, 1
+psychomotricien-la-rochelle.com, 1
+psychonaut.tk, 1
+psychonews.tk, 1
+psychopathtest.com, 1
+psychosis.tk, 1
+psychotechnique.africa, 1
+psychotechnique.be, 1
+psychotechnique.ch, 1
+psychotechnique.com, 1
+psychotechnique.lu, 1
+psychotechniquetest.fr, 1
+psychotel.tk, 1
+psychoterapia-skuteczna.pl, 1
+psychotest.gq, 1
+psychotestprep.com, 1
+psychotherapie-ahlmeyer.de, 1
+psychotherapie-kp.de, 0
+psychotherapie-leipzig.eu, 1
+psychotherapie-lichterfelde.berlin, 1
+psychotherapie1220wien.at, 0
+psychotiq.tk, 1
+psychotropical.com, 1
+psychpsyo.com, 1
+psycolleges.com, 1
+psydprograms.org, 1
+psygame.cf, 1
+psyh.tk, 1
+psyhoslovar.ru, 1
+psyk-patienten.tk, 1
+psykologtidningen.cf, 1
+psykologtidningen.ga, 1
+psykologtidningen.gq, 1
+psykometrisk.se, 1
+psykosyntes.tk, 1
+psyllabus.ru, 1
+psylliums.com, 1
+psynapse.net.au, 1
+psytrance-pro.com, 1
+pszinfo.hu, 1
+pt-d.ru, 1
+pt-server.de, 1
+pt.im, 1
+pt1xbet.com, 1
+pt4.tech, 1
+pta-security.nl, 1
+pta.world, 1
+ptab2pt.ga, 1
+ptal.eu, 1
+ptasiepodroze.eu, 1
+ptbi.org.pl, 1
+ptboys.tk, 1
+ptbx.co, 1
+ptcbooks.gq, 1
+ptcdogpark.com, 1
+ptcit.com, 1
+ptcorporategifts.com.sg, 1
+ptczone.tk, 1
+pteceng.com, 1
+ptepanacea.com, 1
+pterodactyl.org.cn, 1
+pterodactylus.cz, 1
+ptfiber.com, 1
+ptfiber.ru, 1
+ptfiber.spb.ru, 1
+ptgoldensun.com, 1
+ptheophanidis.com, 1
+pthsec.com, 1
+pticoaching.nl, 1
+ptit-trocoeur.fr, 1
+ptjobsite.com, 1
+ptlibrary.ml, 1
+ptltrade.com, 1
+ptm.ro, 1
+ptmarquees.ie, 1
+ptmco.org, 1
+ptmd.nl, 1
+ptotoday.com, 1
+ptpasi.ddns.net, 1
+ptrbrs.nl, 1
+ptrdata.com, 1
+ptrl.ws, 1
+ptron.org, 1
+ptrt.xyz, 1
+ptrujillo.com, 1
+ptsadvokat.cf, 1
+ptscrightony.fr, 1
+ptserver.org, 1
+ptservidor.pt, 1
+ptsf.pt, 1
+ptshft.co, 1
+ptsjapan.co.jp, 1
+ptssystems.co.in, 1
+ptt.casa, 1
+ptt.gov, 1
+ptt2.su, 1
+pttimewithtim.com, 1
+ptufdc.com, 1
+ptupapers.tk, 1
+pturl.tk, 1
+pty.gg, 1
+ptzoptics.com, 1
+puac.de, 1
+pub-med.ru, 1
+pub-online.ro, 1
+pubclub.com, 1
+pubertytalk.com, 1
+pubi.me, 1
+pubkgroup.com, 1
+pubkit.io, 1
+publanda.nl, 1
+publi-all.be, 1
+public-files.com, 1
+public-g.de, 1
+public-measures.com, 1
+public-projects.com, 1
+public-projects.de, 1
+public-vocals.de, 1
+public.cat, 1
+publicagent.com, 1
+publiccarauctionscalifornia.com, 1
+publicdatacloud.com, 1
+publicdatafiles.com, 1
+publicdelivery.org, 1
+publicdomainartwork.com, 0
+publichealth.cf, 1
+publichealth.gq, 1
+publichealthcareeredu.org, 1
+publichealthdegrees.org, 1
+publichealthonline.org, 1
+publicintegrity.org, 1
+publicintelligence.net, 1
+publicishealth.es, 1
+publicitar.tk, 1
+publicmarket.com, 1
+publicnode.com, 1
+publicnoticesbaycountyfl.gov, 1
+publicpickups.com, 1
+publicrea.com, 1
+publicschoolreview.com, 1
+publicserviceloanforgiveness.gov, 1
+publicspeakingcamps.com, 1
+publicsuffix.org, 1
+publictechsupport.org, 1
+publicvoid.ga, 1
+publicwhip.org.uk, 1
+publik.ml, 1
+publikum.net, 1
+publimepa.it, 0
+publiq.space, 1
+publis.me, 1
+publish.ga, 1
+publishedpaper.ga, 1
+publisherservices.co, 1
+publishmystory.co, 1
+publishpressnews.tk, 1
+publivate.ca, 1
+publiweb.tk, 1
+publixphere.net, 1
+pubmed2xl.com, 1
+pubquiz-online.nl, 1
+pubsavoy.tk, 1
+puccakir.tk, 1
+puckcreations.com, 1
+pucogid.ga, 1
+puddin.ml, 1
+pudding.tk, 1
+puddingtheatre.tk, 1
+pudro.com, 1
+puebladeeca.tk, 1
+puebladesoto.tk, 1
+pueblanmilksnake.com, 1
+pueblocantabro.tk, 1
+pueblocc.edu, 1
+pueblosamerica.com, 1
+puella.xyz, 1
+puenteviejo.tk, 1
+puer.eu.org, 1
+puer8.cn, 1
+puertodramaturgia.tk, 1
+puertoplazalasterrenas.com, 1
+puestifiestas.mx, 1
+puetter.eu, 1
+puffer.blog, 1
+puffy.tube, 1
+puffyan.us, 1
+pugachev.ml, 1
+puggan.se, 1
+pugilares.com.pl, 1
+pugstime.com, 1
+puhe.se, 1
+puhudefu.de, 1
+puissancemac.ch, 0
+puiterwijk.org, 1
+pujasharma.associates, 1
+pujcky.cz, 1
+pujd3.gq, 1
+puka.edu.ee, 1
+pukfalkenberg.dk, 1
+pula-site.tk, 1
+pulcinella.tk, 1
+puli.com.br, 1
+pulinkai.eu.org, 1
+pulinkai.xyz, 1
+pulito.it, 1
+pulitoken.net, 1
+pulizia.roma.it, 1
+puliziacantine.it, 1
+pulizie.roma.it, 1
+pulizieuffici.milano.it, 1
+pulizievap.it, 1
+pulkovo-cargo.ru, 1
+pulledporkheaven.com, 1
+pulley.co.jp, 1
+pullman.milano.it, 1
+pullman.roma.it, 1
+pullnopunchesradio.tk, 1
+pulower.tk, 1
+pulpan.xyz, 1
+pulpitsupplypreachers.com, 1
+pulpproject.org, 1
+pulsadanvoucher.tk, 1
+pulsagolden.tk, 1
+pulsedive.com, 1
+pulsenetwork.com, 1
+pulser.stream, 1
+pulseroot.ga, 1
+pulsestaffingllc.com, 1
+pulsnitzer-lebkuchen-shop.de, 0
+pulsnitzer-lebkuchen.de, 1
+pulsnitzer-lebkuchen.shop, 0
+pulsnitzer-pfefferkuchen-shop.de, 0
+pulsnitzer-pfefferkuchen.shop, 0
+pulsr.ml, 1
+pulsus.mobi, 1
+pulvislab.it, 1
+pumarin.tk, 1
+pumin.ml, 1
+pump19.eu, 1
+pumpen-blum.de, 1
+pumuntincu.eu.org, 1
+punaise-de-lit-paris.com, 1
+punat.tk, 1
+puncakpass.net, 1
+punchadragon.com, 1
+punchlinetheatre.co.uk, 1
+punchlinetheatre.com, 1
+punctually.gq, 1
+pundak.games, 1
+pundix.com, 1
+puneindia.tk, 1
+punematka.com, 1
+pungatv.ml, 1
+punikonta.de, 1
+punishment.institute, 1
+punjabdirectory.in, 0
+punjabsind.in, 1
+punk-jazz.tk, 1
+punkapoule.fr, 1
+punkart.tk, 1
+punkas.tk, 1
+punkcolombia.tk, 1
+punkgrossos.com, 1
+punknews.org, 1
+punknmetal.tk, 1
+punksway.top, 1
+punkt05.de, 1
+punshjp.com, 1
+puntacanalink.com, 1
+puntacananetwork.com, 1
+puntacanapizza.com, 1
+puntacanavapor.com, 1
+puntaires.com, 1
+puntaprop.com, 1
+puntcunts.com, 1
+puntoaparte.pe, 1
+puntocroce.tk, 1
+puntoestadodemexico.com, 1
+puntogommevenegono.it, 1
+puntonium.hu, 1
+puntopropiedad.com, 1
+puntoremov.ga, 1
+puntualseo.com, 1
+pupboss.com, 1
+pupok.cf, 1
+pupok.gq, 1
+puppo.space, 1
+puppy.actor, 1
+puppyfinder.com, 1
+puppyfish.com, 1
+puppykennel.tk, 1
+puppylove.hu, 1
+puq.moe, 1
+pur-institut.fr, 1
+pura-ponia.cf, 1
+pura-ponia.ga, 1
+pura-ponia.gq, 1
+puragreement.tk, 1
+puralifesciences.com, 1
+puravayalchurch.tk, 1
+puravida-estate.com, 1
+purchasebestone.tk, 1
+purchaserprotect.co.uk, 1
+purchasescooters.ga, 1
+purchasetncrash.gov, 1
+purchasingpower.com, 1
+pure-gmbh.com, 1
+pure-paste.tk, 1
+pure2life.nl, 1
+pureart.co.jp, 1
+pureart.jp, 1
+pureatmospherellc.com, 1
+pureaudioplayer.ru, 1
+purecodedigital.com, 1
+puredayshop.com.tw, 1
+puredisinfecting.com, 1
+puredisinfection.com, 1
+puredns.org, 1
+purefarminggame.com, 1
+purefoot.jp, 1
+pureleverage.com, 1
+purelife.photography, 1
+pureliferx.com, 1
+purelovecoaching.fi, 1
+purely.domains, 1
+purelymail.com, 1
+purelypestcontrol.com, 1
+puremosquito.com, 1
+purenvi.ca, 0
+purepestandlawn.com, 1
+puresanitization.com, 1
+purestiks.tk, 1
+puretermite.com, 1
+purevapeofficial.com, 1
+purevicky.com, 1
+purewaterguide.net, 1
+purikore.com, 1
+puritanas.tk, 1
+puritas.lk, 1
+purits.de, 1
+purityclothing.co.uk, 1
+purneauniversity.org, 1
+purovive.tk, 1
+puroyorganico.co, 1
+puroyorganico.com.co, 1
+purpl.ink, 1
+purple.gi, 1
+purple.tech, 1
+purplehost.com.br, 1
+purplehotel.cf, 1
+purplemath.com, 1
+purplemet.com, 1
+purplemoon.ch, 1
+purplemoon.mobi, 1
+purpleplains.net, 1
+purplepr.bg, 1
+purples.cf, 1
+purples.gq, 1
+purplestar.ch, 1
+purplestar.com, 1
+purplestar.mobi, 1
+purpletter.tk, 1
+purplewindows.net, 1
+purplez.pw, 1
+purplscientific.com, 1
+purpspc.com, 1
+purreview.cf, 1
+purrfectboudoir.com, 1
+purrfectcams.com, 1
+purrfectmembersclub.com, 1
+purrfectswingers.com, 1
+purroy.tk, 1
+purrpley.com, 1
+purrpley.io, 1
+purrpley.me, 1
+purrrpley.com, 1
+purrrpley.dev, 1
+purrrpley.io, 1
+purrrpley.me, 1
+purrrrpley.com, 1
+purrrrpley.io, 1
+purrrrpley.me, 1
+purse-les.com, 1
+purstonlamb.com, 1
+pursuable.cf, 1
+pursuehappiness.tk, 1
+pursuingoutdoors.com, 1
+pursuit-relax.com, 1
+purtahan.tk, 1
+purupuru-shibuya.school, 1
+purupuru.school, 1
+puryearlaw.com, 1
+pusatinkubatorbayi.com, 0
+puschkin.ga, 1
+pusehusetmalvik.no, 1
+puset.tk, 1
+push-free.com, 1
+pusha.tk, 1
+pushmetrics.io, 1
+pushoflove.com, 1
+pushok.tk, 1
+pushpanel.io, 1
+pushphp.com, 1
+pushthebutton.tk, 1
+pusichatka.ddns.net, 1
+pusra.ga, 1
+pussplay.com, 1
+pussycat.ml, 1
+pussylickingnow.com, 1
+pussyspace.com, 1
+pustak.tk, 1
+pustakvishwa.tk, 1
+pusztul.at, 1
+put-spaseniya.ml, 1
+put.moe, 1
+put.re, 1
+putana.gq, 1
+putanaru.gq, 1
+putani.gq, 1
+putany.tk, 1
+putanypitera.ml, 1
+putasenvalencia.es, 1
+putatara.net, 1
+puteulanus.xyz, 1
+puthenthope.tk, 1
+putin.red, 1
+putlire.ga, 1
+putman-it.nl, 1
+putnam-fl.gov, 1
+putnam-ga.gov, 1
+putnamcollision.com, 1
+putnamcountywv.gov, 1
+putnamil.gov, 1
+putnamvalley.gov, 1
+putney.io, 1
+putnik.tk, 1
+putokaz.eu, 0
+putomani.rs, 1
+putre.io, 1
+putrock.be, 1
+putstrategii.ru, 0
+putty.org, 1
+puttymonos.club, 1
+puttymonos.work, 1
+putzigdesign.de, 1
+puur.gent, 1
+puurgent.be, 1
+puxlit.net, 1
+puyallupnissanparts.com, 1
+puyblanc.info, 1
+puzi.nl, 1
+puzz.gg, 1
+puzzlage.com, 1
+puzzle-welt.ch, 1
+puzzlegames.com, 1
+puzzlepiehouse.com, 1
+puzzlepoint.ch, 1
+puzzles-to-print.com, 1
+puzzleswaps.com, 1
+puzzyfun.net, 1
+pv-paderborn-now.de, 1
+pvalaw.com, 1
+pvamg.org, 1
+pvao.gov.ph, 0
+pvawa.com.au, 1
+pvcplafon.com, 1
+pvda.nl, 1
+pvdplanet.tk, 1
+pvebuilds.xyz, 1
+pvgvethospital.co.uk, 1
+pvh-membrany.ru, 1
+pvhe.pl, 1
+pvideo.cz, 1
+pvlrmnnk.com, 1
+pvmotorco.com, 1
+pvp.edu.ee, 1
+pvpagario.tk, 1
+pvpcraft.ca, 1
+pvpctutorials.de, 1
+pvpheroes.gg, 1
+pvpheroes.no, 1
+pvplist.ml, 1
+pvportal.me, 1
+pvpready.gov, 1
+pvpserverler.pro, 1
+pvpzone.fr, 0
+pvrtours.com, 1
+pvtschlag.com, 0
+pvtx.gov, 1
+pvv-vermietung.de, 1
+pvz.tools, 1
+pw.org, 1
+pwaiwm.site, 0
+pwanotes.ga, 1
+pwaresume.com, 1
+pwbaccountants.com, 1
+pwcva.gov, 1
+pwd.az, 1
+pwd.vc, 1
+pwddelhi.gov.in, 1
+pwdsafe.com, 0
+pwe.vision, 1
+pwg-see.de, 1
+pwn.fi, 1
+pwnedpass.tk, 1
+pwneytelecom.com, 1
+pwnies.dk, 1
+pwoss.xyz, 1
+pws.my, 1
+pwsplash.com, 1
+pwss.gov.au, 1
+pwud.ga, 1
+pxagency.fr, 1
+pxc-coding.com, 1
+pxetech.com, 1
+pxgamer.xyz, 1
+pxl-mailtracker.com, 1
+pxl.cl, 1
+pxl.st, 1
+pxld.sh, 1
+pxnetwork.fr, 1
+pxq1.com, 1
+pxstart.cz, 1
+pxtwitter.com, 1
+pxventures.com.au, 1
+pxx.io, 1
+py-amf.org, 1
+py.pl, 1
+py.search.yahoo.com, 0
+pya.org.tr, 1
+pybilgi.com, 1
+pybtex.org, 0
+pyca.tk, 1
+pycckue.tk, 1
+pychef.com, 1
+pycoders.com, 1
+pycrc.org, 1
+pycrypto.org, 1
+pycycle.info, 1
+pydotamisa.tk, 1
+pydrocsid.ml, 1
+pygarage.com, 0
+pygb.cl, 1
+pygmyleafchameleon.com, 1
+pygn.win, 1
+pygos.space, 1
+pyhello.world, 1
+pyjiaoyi.cc, 1
+pyjy.org, 0
+pylad.se, 1
+pylon.bot, 1
+pymescentro.net, 1
+pymestari.com, 1
+pymtreceipt.com, 1
+pyopenssl.org, 1
+pypa.io, 1
+pypckomp.ddns.net, 1
+pypi.io, 1
+pypi.org, 1
+pypi.python.org, 1
+pyra-explorer.tk, 1
+pyramidsmalleg.com, 1
+pyramydair.com, 1
+pyrios.pro, 1
+pyro.works, 1
+pyroballpcbs.com, 1
+pyrofestival-vermoise.fr, 1
+pyromaniac.tk, 1
+pyrotechnologie.de, 1
+pyspace.org, 1
+pythia.nz, 1
+python.org, 0
+pythonatrix.com, 1
+pythonblog.tk, 1
+pythondiscord.com, 1
+pythonfactory.io, 1
+pythonhosted.org, 1
+pythonmorsels.com, 1
+pytodon.com, 1
+pytradebot.com.br, 1
+pywikibot.org, 1
+pyxisfreelance.au, 1
+pyxisfreelance.co, 1
+pyxisfreelance.com.au, 1
+pyxo.net, 0
+pyxyp.com, 1
+pzpittsburgh.com, 1
+pzsearch.nl, 1
+pzu-masa.pl, 1
+pzz.by, 1
+q-and-a.tk, 1
+q-inn.com, 1
+q-inn.nl, 1
+q-m.space, 1
+q-matrix.de, 1
+q-technologies.com.au, 1
+q.to, 1
+q00228.com, 1
+q01.us, 1
+q1000.nl, 1
+q1q2q3.tk, 1
+q1z.net, 1
+q3.is, 1
+q3cdn.net, 1
+q3jlzwq.com, 1
+q5118.com, 1
+q5197.co, 1
+q6729.co, 1
+q6729.com, 1
+q6957.co, 1
+q78kg.eu.org, 1
+q7k.net, 1
+q82365.com, 1
+q8igh228tq.tk, 1
+q9.ee, 1
+q9.io, 1
+q9297.co, 1
+q9297.com, 0
+q9397.com, 0
+q9721.com, 1
+q9728.co, 1
+qa-brandywineglobal.com, 1
+qa.fedoraproject.org, 1
+qa.stg.fedoraproject.org, 1
+qaabildigital.com, 1
+qabalah.ga, 1
+qabalah.jp, 1
+qabel.de, 1
+qabete.com, 1
+qac.gov, 1
+qaconstrucciones.com, 1
+qadmium.com, 1
+qadmium.tk, 1
+qadrishattari.tk, 1
+qaina.net, 1
+qalab.tk, 1
+qalm.net, 1
+qanatnews.tk, 1
+qani.me, 1
+qaq.cloud, 1
+qaq.gay, 1
+qaq.icu, 1
+qaq.jp, 1
+qarto.com, 1
+qask.ml, 1
+qassay.com, 1
+qatartimes.tk, 1
+qatesol.org.au, 1
+qawasmigroup.com, 1
+qaz.cloud, 1
+qazcloud.com, 0
+qazweek.kz, 0
+qbasic.tk, 1
+qbasicsite.tk, 1
+qbits.li, 1
+qbotica.com, 1
+qbrix.dk, 1
+qbstores.com, 1
+qbug.cf, 1
+qc.immo, 1
+qc.search.yahoo.com, 0
+qcbrna.qa, 1
+qcc.gov.ae, 1
+qccareerschool.com, 0
+qcdesignschool.com, 0
+qcdjco.com, 1
+qcdoll.com, 1
+qcert.org, 1
+qclean.com.au, 1
+qcmakeupacademy.com, 0
+qcmlw.com, 1
+qconline.com, 1
+qconnan-photos.fr, 1
+qcrx.cn, 0
+qcstudentcenter.com, 0
+qcstyleacademy.com, 0
+qctimes.com, 1
+qctravelschool.com, 0
+qcuarto.com.py, 1
+qcwz.com, 1
+qdabogados.com, 1
+qdep.net, 1
+qdm.tw, 1
+qdmnotizie.it, 1
+qdon.space, 1
+qdqlh.cn, 1
+qdrat.ml, 1
+qdrcst.com, 1
+qdstationary.co.uk, 1
+qdstationery.co.uk, 1
+qe-lab.at, 1
+qed.ai, 1
+qeddi.com.au, 1
+qeepintelligence.tk, 1
+qeepitsafe.nl, 1
+qeering.link, 1
+qei.org.au, 1
+qelectrotech.org, 1
+qeros.io, 1
+qeshmminer.com, 1
+qetesh.de, 1
+qetic.co.jp, 1
+qewc.com, 1
+qfes.qld.gov.au, 1
+qfinds.io, 1
+qfjvv7f.xyz, 1
+qform.ru, 1
+qfurs.ru, 1
+qgblog.org, 0
+qgushi.com, 1
+qhost.cf, 1
+qhse-professionals.nl, 1
+qiai.cf, 1
+qiai.ga, 1
+qiai.gq, 1
+qiai.ml, 1
+qiancao.cf, 1
+qiancao.ml, 1
+qianglie.com, 1
+qianmo.com, 1
+qiannews.net, 0
+qianqiao.me, 1
+qiantuwenlu.com, 1
+qiaohong.org, 1
+qiaowai.com, 1
+qiber.org, 1
+qicoder.com, 1
+qifu.me, 1
+qifu.org.cn, 1
+qihalu.com, 1
+qihl.gg, 1
+qike.tk, 1
+qikio.com.au, 1
+qimingbu.com, 1
+qimingceming.com, 1
+qin.moe, 1
+qingan.ca, 1
+qingchuan.cc, 1
+qingkong.net, 0
+qinglingyu.cn, 1
+qinglingyu.com, 1
+qingly.me, 1
+qingniantuzhai.com, 1
+qingpat.com, 0
+qingpei.me, 1
+qingyule.com, 1
+qinlili.bid, 1
+qionouu.cn, 1
+qiqitv.info, 1
+qis.fr, 1
+qiscience.tk, 1
+qisda.com, 1
+qitabbs.com, 0
+qitano.com, 1
+qitarabutrans.com, 1
+qiu.moe, 0
+qiu006.com, 1
+qiuwenbaike.cn, 1
+qivonline.pt, 1
+qiwi.be, 1
+qix.ca, 1
+qixbit.com, 1
+qixi.biz, 1
+qiyan.email, 0
+qkek.tk, 1
+qkka.org, 1
+qklshequ.com, 1
+ql.tc, 1
+qlares.nl, 1
+qlarititech.io, 1
+qlc.co.th, 1
+qlcvea.com, 1
+qlcvea.it, 1
+qldconservation.org.au, 1
+qldformulaford.org, 1
+qldnetwork.com.au, 1
+qliving.com, 1
+qlock.mywire.org, 1
+qlrace.com, 0
+qm-marzahnnordwest.de, 1
+qm8828.net, 1
+qm8838.net, 1
+qm8888.net, 1
+qmang.com, 1
+qmarket.tk, 1
+qmdcoin.com, 1
+qmee.com, 1
+qmeriaux.fr, 1
+qmp-media.nl, 0
+qnap.co.jp, 1
+qnap.com, 1
+qnap.com.br, 1
+qnap.com.cn, 1
+qnap.com.hk, 1
+qnap.com.tw, 1
+qnap.de, 1
+qnap.hk, 1
+qnap.tw, 1
+qnected.nl, 1
+qnixon.com, 1
+qnotafm.com.co, 1
+qnq.moe, 1
+qnsgmd.com, 1
+qofpeacechurch.org, 1
+qombo.nl, 1
+qoml.net, 1
+qonnected.nl, 1
+qontinuum.space, 1
+qoor.io, 0
+qoptalk.com, 1
+qosim.ga, 1
+qosqo.tk, 1
+qotw.net, 1
+qoyyim.com, 1
+qp666d.com, 1
+qpai.net, 1
+qparents.qld.edu.au, 1
+qpaypro.com, 1
+qpcna.org, 1
+qpi.net.au, 1
+qpipi.com, 1
+qponverzum.hu, 1
+qpsinc.com, 1
+qq.ee, 1
+qq5197.co, 1
+qq52o.me, 1
+qq6177.net, 1
+qq6729.co, 1
+qq6729.com, 0
+qq6957.co, 1
+qq885.com, 1
+qq9297.co, 1
+qq9728.co, 1
+qqiao.me, 1
+qqmingzi.cc, 0
+qqq6.com, 0
+qqq67.com, 1
+qqrss.com, 1
+qr.ae, 1
+qr.cl, 1
+qr.gp, 1
+qr.sb, 1
+qr0.ch, 1
+qr1.at, 1
+qraa.qld.gov.au, 1
+qrara.net, 1
+qrbird.com, 1
+qrcoba.org, 1
+qrcontagion.com, 1
+qrd.by, 1
+qredo.com, 0
+qrida.qld.gov.au, 1
+qrlab.biz, 1
+qrlab.ch, 1
+qrlab.de, 1
+qrlab.eu, 1
+qrlab.info, 1
+qrlab.net, 1
+qrlfinancial.com, 1
+qrmenux.com, 1
+qrpatrol.com, 1
+qrplanet.com, 1
+qrpth.eu, 1
+qrsa.com.au, 1
+qruiser.com, 1
+qryptopia.com, 1
+qrz.one, 1
+qscloud.de, 1
+qseek.cf, 1
+qslstudio.tk, 1
+qsoblog.gq, 1
+qssupplies.co.uk, 1
+qstivi.de, 1
+qt.ax, 1
+qt.to, 1
+qtacairsoft.com, 1
+qtmd.org, 1
+qtn.net, 1
+qto.cloud, 1
+qto.co, 1
+qto.com, 1
+qto.com.hk, 1
+qto.de, 1
+qto.fr, 1
+qto.info, 1
+qto.name, 1
+qto.net, 1
+qto.org, 1
+qto.support, 1
+qto.wiki, 1
+qtpass.org, 1
+qtpower.co.uk, 1
+qtpower.net, 1
+qtpower.org, 1
+qtspace.cn, 1
+qttransformation.com, 1
+qtv.ge, 1
+qtvr.com, 1
+qu.ax, 1
+qu4rtz.moe, 1
+quackapp.com, 1
+quackquack.in, 1
+quad9.com, 1
+quad9.net, 1
+quadcityjuggalos.tk, 1
+quadernoapp.com, 1
+quadomania.tk, 1
+quadrantbusinesssolutions.org, 1
+quadrantrd.com, 1
+quadratimkreis.tk, 1
+quadreon.com, 1
+quadron.hu, 1
+quaedam.org, 1
+quafe.tech, 1
+quakeroaksfarm.org, 1
+quaketips.ga, 1
+quakeworld.tk, 1
+qualbe.com, 1
+qualebroker.com, 1
+qualescegliere.it, 1
+qualiacomputers.com, 1
+qualidesign.com.br, 0
+qualifio.com, 1
+qualita.es, 1
+qualitahub.com, 1
+qualite-ecole-et-formation.ch, 0
+qualith.tk, 1
+quality-automation.de, 0
+quality-homeservice.com, 1
+quality-life.gr, 1
+qualitycarbonfiber.com, 1
+qualitycesspool.com, 1
+qualitycommerical.com, 1
+qualityconcreteleveling.com, 1
+qualityconcreterepair.com, 1
+qualitydns.net, 1
+qualityfireproofing.com, 1
+qualitygame.tk, 1
+qualitymark.com.br, 1
+qualitymudjacking.com, 1
+qualityofcourse.com, 0
+qualityoflife.ga, 1
+qualityoflife.tk, 1
+qualityoutletx.ga, 1
+qualityoutletx.tk, 1
+qualitypiering.com, 1
+qualityplusconsulting.com, 0
+qualitypolyjacking.com, 1
+qualitypropertycare.co.uk, 1
+qualitysistemas.com.br, 1
+qualitytitlepaducah.com, 1
+qualitywaterproofingco.com, 1
+qualityworks.tk, 1
+qualpay.com, 1
+qualtrics.com, 1
+qualyven.com, 1
+quandoandare.it, 1
+quanquan.cyou, 1
+quanquan.space, 1
+quantability.net, 1
+quantaloupe.tech, 1
+quantalytics.com, 1
+quantatec.com.br, 1
+quantdigit.com, 1
+quantemplate.in, 1
+quanterix.com, 1
+quanterra.ch, 0
+quantfury.com, 1
+quanti.au, 1
+quanticlab.com, 1
+quantifiedcommerce.com, 1
+quantikstudio.tk, 1
+quantiphi.com, 1
+quantiply.tech, 1
+quantolytic.de, 1
+quantomaisconsorcios.com.br, 1
+quantora.nl, 1
+quantris.net, 1
+quantrix.com, 1
+quanttydesignweb.com.br, 1
+quantuin.com, 1
+quantuin.dk, 1
+quantum-evolution.jp, 1
+quantum-lviv.pp.ua, 1
+quantum-mechanics.com, 1
+quantum.gdn, 1
+quantum.gl, 1
+quantum.gov, 1
+quantum.st, 1
+quantum2.xyz, 1
+quantum5.ca, 1
+quantumcrypto.nl, 1
+quantumfinance.com.au, 1
+quantumgoldanddiamonds.com, 1
+quantuminformationframework.com, 1
+quantumlink.tk, 1
+quantumortho.com.sg, 1
+quantumpair.net, 1
+quantumweb.ml, 1
+quantuscreative.com, 1
+quantweb.tk, 1
+quanwuji.com, 1
+quapawnation.gov, 1
+quarantine-system.com, 0
+quareal.ru, 1
+quarep.org, 1
+quarim.cz, 1
+quarkcore.pt, 1
+quarrymill.com, 1
+quarterfull.com, 1
+quarterhorses.es, 1
+quartix.com, 1
+quartix.fr, 1
+quartogame.tk, 1
+quartzclinical.com, 1
+quarus.net, 1
+quasarelectronics.co.uk, 1
+quasarhomes.com, 1
+quasetio.ml, 1
+quashed.co.nz, 1
+quasiproxy.com, 1
+quasseldroid.info, 1
+quassowski.de, 1
+quatermass.tk, 1
+quaternion.tk, 1
+quattro.tk, 1
+quatuor-courtage.fr, 1
+quaxio.com, 1
+quay.net, 1
+quayconsultingllc.com, 1
+quaydental.ie, 0
+quba.fr, 1
+qubes-os.org, 1
+qubhockey.tk, 1
+qubicgames.com, 1
+qubitsandbytes.co.uk, 1
+qubyte.codes, 1
+qudini.com, 1
+quebec.ca, 1
+quebeccat.com, 1
+quebeccats.com, 1
+quebecdogs.com, 1
+quebecsolidaire.net, 1
+quedos.com.au, 1
+queencomplex.net, 1
+queencreekaz.gov, 1
+queenhub.tk, 1
+queenkedi.net, 1
+queenlexie.tk, 1
+queenmargaret.ddns.net, 1
+queenondvd.tk, 1
+queenparis-porn.com, 1
+queenrocks.tk, 1
+queensbotanical.org, 1
+queensfactory.it, 1
+queenshaflo.com, 1
+queenspark.com, 1
+queensrdapartments.com.au, 1
+queenstyles.tk, 1
+queentitine.com, 1
+queenworld.tk, 1
+queer-augsburg.de, 1
+queer.farm, 1
+queer.party, 1
+queer.pl, 1
+queercinema.ch, 1
+queerfest.tk, 1
+queersin.space, 1
+queerspirit.net, 1
+queirozmiotto.adv.br, 1
+queirozmiotto.com.br, 1
+quel-dj.com, 1
+quelbusinesschoisir.com, 1
+quellarotondasembrafi.ga, 1
+quelle-catalog.tk, 1
+quelle.at, 1
+quelle.ch, 1
+quelle.de, 1
+quelleez.com, 1
+quelleformation.net, 1
+quellenwiese.ski, 0
+quemmeliga.com, 1
+quemquaeritis.tk, 1
+quena-artesania.tk, 1
+quenchwater.com, 1
+quenecesitopara.com, 1
+quenotejodan.cl, 1
+quentar.tk, 1
+quentin-informatique.fr, 1
+quentin-sauvetre.fr, 1
+quentinaurat.com, 1
+quentinchevre.ch, 1
+quentingemine.be, 1
+quepourlesjuristes.fr, 1
+quera.ir, 1
+querelle.tk, 1
+querenciavirtual.com.br, 1
+quermes.net, 1
+quernon.fr, 0
+querocalcular.com.br, 1
+query-massage.com, 0
+query.gov.ps, 1
+quesartencomprar.com, 1
+quesecelebra.info, 1
+quessinternational.com, 1
+quest-on-demand.com, 1
+quest3.co, 1
+quest3.co.uk, 1
+quest3.com, 1
+quest3.info, 1
+quest3.net, 1
+quest3.org, 1
+quest3.tv, 1
+quest3.uk, 1
+quest7.jp, 1
+questbars.cf, 1
+questbars.ga, 1
+questbars.gq, 1
+questforgaming.com, 1
+questfororgasm.com, 1
+questiii.com, 1
+question.cf, 1
+question.com, 1
+questionable.host, 1
+questionandanswer.ml, 1
+questionyu.com, 1
+questofaidance.tk, 1
+questoj.cn, 1
+questsocial.it, 1
+questsys.com, 1
+questthree.com, 1
+quetiapine.life, 1
+quetico.tk, 1
+queup.net, 1
+quevisiongrafica.com, 1
+quezoncity.ml, 1
+quhyu.xyz, 1
+quible.tk, 1
+quic-hosting.de, 1
+quic.cf, 1
+quic.fr, 1
+quic.stream, 1
+quicareer.com, 1
+quichante.com, 1
+quiche-quic.cf, 1
+quick-and-easy.tk, 1
+quick-seo.tk, 1
+quickassortments.com, 1
+quickboysvrouwen2.nl, 1
+quickcashcarremovals.com.au, 1
+quickcel.tk, 1
+quickerticker.tk, 1
+quickformspro.com, 1
+quickinfosystem.com, 1
+quickjobsfinder.com, 1
+quicklinks.tk, 1
+quicklinkz.tk, 1
+quicknode.com, 1
+quicko.com, 1
+quickq.nu, 1
+quickquote.pt, 1
+quickrate.de, 1
+quickref.me, 1
+quicksell.co, 1
+quicksell.store, 1
+quickshops.ga, 1
+quickstart.co.za, 1
+quicksupplies.us, 1
+quicksupply.com, 1
+quicktapstudios.com, 1
+quicktaxinmessina.tk, 1
+quicktricks.net, 1
+quickudpinternetconnections.com, 1
+quickvideo.tk, 1
+quickway.cn.com, 1
+quickyshare.com, 1
+quicomo.it, 1
+quidax.com, 1
+quieoltre.it, 1
+quieroserbombero.org, 1
+quieroserdoula.com, 1
+quieroserdoula.es, 1
+quieroserdoula.org, 1
+quierosermercedario.tk, 1
+quierosersanta.tk, 1
+quiescent.gq, 1
+quiet-downloads.tk, 1
+quiet-waters.org, 1
+quietapple.com, 1
+quietapple.org, 1
+quietlife.tk, 1
+quietplace.tk, 1
+quietstudyactivities.tk, 1
+quietus.gq, 1
+quigley.id.au, 1
+quik.legal, 1
+quikchange.net, 1
+quiksite.com, 1
+quillandinkroleplay.com, 1
+quillandpage.com, 1
+quillandquire.com, 1
+quillwave.com, 1
+quilmo.com, 1
+quiltmc.org, 1
+quimatic.com.br, 1
+quimba.tk, 1
+quimica.science, 1
+quin.md, 0
+quinder.tk, 1
+quinmedia.tk, 1
+quinn.com, 0
+quinnbet.com, 1
+quinnlabs.com, 0
+quinnlawcenters.com, 1
+quinnstech.ga, 1
+quinpro.nl, 1
+quintacbls.cl, 1
+quintadasmoitas.com, 1
+quintadesanamaro.com, 1
+quintanadelmonte.tk, 1
+quintanilla.tk, 1
+quintenbraakman.com, 1
+quintenbraakman.nl, 1
+quinteroorthodontics.com, 1
+quintessa.org, 1
+quintobarrio.tk, 1
+quintonic.fr, 0
+quiq-api.com, 1
+quiq-cdn.com, 1
+quiq-frp.com, 1
+quiq-in.com, 1
+quiq-uri.com, 1
+quiq-url.com, 1
+quiq.com, 1
+quiq.im, 1
+quiq.sh, 1
+quiq.us, 1
+quiqd.com, 1
+quiqstatus.com, 1
+quiqurl.com, 1
+quiqurls.com, 1
+quire.io, 1
+quirkytravelguy.com, 1
+quisildenafil.gq, 1
+quitri.tk, 1
+quivedo.com, 1
+quiwy.ninja, 1
+quiz.biz, 1
+quizapps.se, 1
+quizhub.ml, 1
+quizinn.live, 1
+quizl.io, 0
+quizlets.tk, 1
+quizmaker.ml, 1
+quizogames.com, 1
+quizz.biz, 1
+quizzard.ga, 1
+quizzard.tk, 1
+quizzen.tk, 1
+quizzhit.com, 1
+qul.link, 1
+qulix.by, 1
+qulix.ch, 1
+qulixqa.com, 0
+qumin.com, 1
+qumirezi.tk, 1
+qunzi.la, 1
+quoi.xyz, 1
+quoininc.com, 1
+quokka.codes, 1
+quora.com, 1
+quorrax.com, 1
+quotable.ga, 1
+quoteidiot.com, 1
+quoteinfo.net, 1
+quoteoftheday300.ga, 1
+quotescover.com, 1
+quoteshindi.net, 1
+quotesnsayings.net, 1
+quotesofgta.tk, 1
+quotev.com, 1
+quotidiani.net, 1
+quotidianodiragusa.it, 1
+quovadisaustria.com, 1
+quoviz.com, 1
+qupom.com.br, 1
+quppa.net, 1
+quprop.com, 1
+quran-archive.org, 1
+qurani.tk, 1
+quranicremedies.com, 1
+quranliveonline.com, 1
+quranpdf.cf, 1
+quranvoice.tk, 1
+qurium.org, 1
+qurplus.nl, 1
+qusi.cf, 1
+qusi.ml, 1
+qussaikhuli.tk, 1
+quuck.eu, 1
+quuck.nl, 1
+quuz.org, 1
+qv-eherkenning.nl, 1
+qvady.com, 0
+qvg.company, 1
+qvggroup.com, 1
+qvision.ml, 1
+qvq.cloud, 1
+qvq.one, 1
+qwant.com, 1
+qwantjunior.com, 1
+qwanturank.news, 1
+qwarkhealth.com, 1
+qwasar.io, 1
+qwaser.fr, 1
+qwdqwd.de, 1
+qwertee.com, 1
+qwerty.work, 1
+qwertyatom100.me, 1
+qwik.space, 1
+qwikdash.com, 1
+qwords.com, 1
+qwq.icu, 0
+qwq.moe, 1
+qwq2333.top, 1
+qwqjsq.net, 1
+qwqjsq8.com, 1
+qwrk.io, 1
+qwus.cf, 1
+qwus.tk, 1
+qx.fi, 1
+qx.se, 1
+qxazusa.xyz, 0
+qxin.info, 1
+qxq.moe, 1
+qxzg.org, 1
+qxzg.xyz, 1
+qxzgssr.xyz, 1
+qy.is, 0
+qz3ldfzr.com, 1
+qzhou.ddns.net, 1
+qzin.jp, 1
+qzlyrics.com, 1
+qzr.fi, 1
+r-ay.cn, 1
+r-baruth.de, 1
+r-core.org, 1
+r-e-a.net, 1
+r-gmp.com, 1
+r-ix.de, 1
+r-re.ru, 1
+r-rehab.online, 1
+r-rehab.org, 1
+r-rwebdesign.com, 1
+r-t-b.fr, 1
+r-t-n.tk, 1
+r.nf, 1
+r.pl, 1
+r.sb, 1
+r00tsandwings.com, 1
+r00tsolutions.ca, 1
+r0t.co, 1
+r0uzic.net, 1
+r102.ch, 1
+r15cookie.com, 1
+r17.co.id, 1
+r18.moe, 1
+r1a.eu, 1
+r1ch.net, 1
+r1h3.nl, 1
+r1ss.com, 1
+r2cdn.com, 1
+r2d2pc.com, 1
+r2wind.cn, 1
+r2wind.com, 1
+r33.space, 1
+r36533.com, 1
+r3bl.blog, 1
+r3dh4ck.ml, 1
+r3gi.cz, 1
+r3s1stanc3.me, 1
+r40.us, 1
+r4g3baby.com, 1
+r5197.co, 1
+r6729.co, 1
+r6729.com, 1
+r6957.co, 1
+r7.com.au, 1
+r72w.com, 1
+r7h.at, 1
+r82365.com, 1
+r8corporate.com, 1
+r9297.co, 1
+r9397.com, 0
+r9721.com, 0
+r9728.co, 1
+ra-joergensen.de, 1
+ra-studio.ml, 1
+ra.vc, 1
+ra3y.xyz, 1
+raadgiverborsen.com, 1
+raafwelfaretrustfund.gov.au, 1
+raailto.com, 1
+raamattuopisto.fi, 1
+raar.tk, 1
+raas.today, 1
+raassembly.com, 1
+raaynk.com, 1
+rabalefood.com, 1
+raballder.tk, 1
+rabatcity.tk, 1
+rabatt24.net, 1
+rabatt24.org, 1
+rabattkoll.se, 1
+rabatz.tk, 1
+rabbisacks.org, 1
+rabbit.finance, 1
+rabbitcallcenter.com, 1
+rabbitcare.ae, 1
+rabbitcare.com, 1
+rabbitcare.id, 1
+rabbitcare.my, 1
+rabbitcare.ph, 1
+rabbitcare.qa, 1
+rabbitcare.tl, 1
+rabbitcare.vn, 1
+rabbitdns.org, 1
+rabbitfinance.com, 1
+rabbithash.com, 1
+rabbitinternet.com, 1
+rabbitsearch.org, 1
+rabbitserverlist.com, 1
+rabbitsstore.com, 1
+rabby.tk, 1
+rabenkralle.tk, 1
+raberget.org, 1
+rabinson2005.tk, 1
+rabota-online.tk, 1
+rabotabiz.tk, 1
+rabotaemdoma.tk, 1
+rabotanet.tk, 1
+rabotaprofily.tk, 1
+rabotayte.tk, 1
+rabotenkadot.tk, 1
+rabynska.eu, 1
+racaliz.tk, 1
+racamera.com, 1
+racasdecachorro.org, 1
+raccoltadifferenziata.it, 1
+raccoltarifiuti.com, 1
+raccoltarifiuti.milano.it, 1
+raccoon.io, 1
+racedrop.tk, 1
+racelandky.gov, 1
+racemanager.io, 1
+racesimscoring.com, 1
+racetraq.net, 1
+rachaelsmaids.com, 1
+rachaeltaylor.tk, 1
+rachelandadamarethebest.com, 1
+rachelchen.me, 1
+racheldiensthuette.de, 1
+rachelmoorelaw.com, 1
+rachelsbouncycastles.co.uk, 1
+racheltinniswood.ie, 1
+rachelwatkins.co.nz, 1
+rachnacollege.tk, 1
+racinecounty.gov, 1
+racing-planet.cz, 1
+racingfanclub.tk, 1
+racingteameelde.tk, 1
+racius.com, 1
+rackoon.de, 1
+raclet.co.uk, 1
+raconconsulting.co.uk, 1
+raconteurs.gent, 1
+racquetdepot.co.uk, 1
+racsoft.cl, 1
+ractf.co.uk, 1
+racunalo.com, 1
+racunovodstvo-prina.si, 1
+rad-route.de, 1
+rad.plus, 1
+rad2share.com, 1
+rada-group.eu, 1
+radaar.io, 1
+radar.sx, 1
+radarband.tk, 1
+radarbanyumas.co.id, 1
+radarbogor.id, 1
+radarcoupon.ch, 1
+radarcoupon.it, 1
+radarcupao.pt, 1
+radarcupom.com.br, 1
+radarcupon.com.ar, 1
+radarcupon.com.co, 1
+radarcupon.com.mx, 1
+radarcupon.es, 1
+radarcupon.ro, 1
+radarfirst.com, 1
+radarstationery.com, 0
+radartatska.se, 0
+radartek.com, 1
+radbag.de, 1
+radbag.nl, 1
+radbee.com, 1
+radchakan.com, 1
+radcliffky.gov, 1
+radcloud.de, 1
+radconinc.net, 1
+radcube.hu, 1
+raddeluxe.com, 1
+raddle.me, 1
+radechefonne.it, 1
+radegundisfest.de, 1
+radekmazar.eu, 1
+radektworek.pl, 1
+rader.ninja, 1
+radeticlaw.com, 1
+radgi.com, 1
+radharanikijay.tk, 1
+radiadores.tk, 1
+radiadoresalternativos.cl, 1
+radiadoressoares.com.br, 1
+radialplus.tk, 1
+radianceswimwear.com, 1
+radiantenergy.tk, 1
+radiantwonder.com, 1
+radiation-oncologist.gr, 1
+radiationserviceswa.com.au, 1
+radiationtherapy.tk, 1
+radiatorendiscounter.nl, 1
+radicaldream.tk, 1
+radicalfuture.tk, 1
+radicalhapa.tk, 1
+radicallycanadian.com, 1
+radicaloptimism.org, 1
+radicalsub.com.br, 1
+radicaltransformationproject.com, 1
+radicalwebdesign.co.uk, 1
+radio-amezi.tk, 1
+radio-angelos.tk, 1
+radio-az.tk, 1
+radio-bandit.ml, 1
+radio-beer.tk, 1
+radio-bladel.tk, 1
+radio-brest.tk, 1
+radio-club.ml, 1
+radio-delmare.tk, 1
+radio-fly.tk, 1
+radio-luikie.tk, 1
+radio-mix.ml, 1
+radio-mouse.tk, 1
+radio-news.tk, 1
+radio-of-magic.com, 1
+radio-one.ml, 1
+radio-online.com, 1
+radio-online.tk, 1
+radio-pulsar.com, 1
+radio-pulsar.eu, 1
+radio-utopie.de, 1
+radio-valois-multien.fr, 1
+radio.de, 1
+radio.es, 1
+radio.fr, 1
+radio1.ie, 1
+radio404.tk, 1
+radio4friends.tk, 1
+radio56.tk, 1
+radio99.tk, 1
+radioab-normaal.tk, 1
+radioactiv.tk, 1
+radioactivenetwork.xyz, 1
+radioaeropuerto.tk, 1
+radioafibra.com.br, 1
+radioaltamar.tk, 1
+radioalternativa.tk, 1
+radioar.tk, 1
+radioarzua.tk, 1
+radioazioni.tk, 1
+radiobandung.tk, 1
+radioborges.tk, 1
+radiobucarica.cf, 1
+radiocappissima.tk, 1
+radiocartel.tk, 1
+radiocc.ddns.net, 1
+radiocentrafrique.cf, 1
+radiochilac.tk, 1
+radioclandestina.tk, 1
+radiocombinatie-kampen.tk, 1
+radiocommande-forestiere.fr, 1
+radiocommande-industrielle.fr, 1
+radiocomsaocarlos.com.br, 1
+radioconciencia.tk, 1
+radiocrash.tk, 1
+radiocrazy.ml, 1
+radiocristianauniversal.tk, 1
+radioculture.tk, 1
+radiocusco.tk, 1
+radiodance.tk, 1
+radiodarkwolf.tk, 1
+radiodeluxe.ml, 1
+radiodeutsch.com, 1
+radiodevrijheid.tk, 1
+radiodiagonal.tk, 1
+radiodoblen.tk, 1
+radiodxguatemala.tk, 1
+radioelectronic.tk, 1
+radioenam.tk, 1
+radioenergia.tk, 1
+radioesferico.tk, 1
+radioexito.tk, 1
+radiofmimagen.net, 1
+radiofred.tk, 1
+radiogabriela.tk, 1
+radiogaga.ga, 1
+radiogalena.tk, 1
+radiogear.ru, 1
+radiogetsemani.tk, 1
+radiogomezone.tk, 1
+radioharrastus.tk, 1
+radioheikrekel.tk, 1
+radiohlam.cf, 1
+radiohlam.ga, 1
+radiohouse.tk, 1
+radioibiapina.tk, 1
+radioilusion.es, 1
+radioilusiones.tk, 1
+radioiman.net, 1
+radiojackienorth.tk, 1
+radiojeneverstoker.tk, 1
+radioknop.nl, 1
+radiokontakt.tk, 1
+radiokukesi.tk, 1
+radiolanguages.tk, 1
+radiolaparranda.tk, 1
+radiolatinafm.tk, 1
+radioldpr.ru, 1
+radiolibertad.tk, 1
+radioliberty.ga, 1
+radiolla.com, 1
+radiolodz.pl, 1
+radiom.fr, 1
+radiomacuto.gq, 1
+radiomagicafm.tk, 1
+radiomakarena.tk, 1
+radiomanifiesto.tk, 1
+radiomaster.tk, 1
+radiomc.tk, 1
+radiomedia.tk, 1
+radiomercure.net, 1
+radiometal.tk, 1
+radiometeor.com, 1
+radiomikelerentxun.tk, 1
+radiomix.cz, 1
+radiomixer.net, 1
+radiomodem.dk, 1
+radiomontebianco.it, 1
+radiomoodmix.tk, 1
+radionalita.tk, 1
+radionetcolombia.tk, 1
+radionikkei.com, 1
+radionojavan.ir, 1
+radionoticias.tk, 1
+radionrg.tk, 1
+radiooffice.tk, 1
+radioombo.xyz, 1
+radioonline.com, 1
+radioparquesur.tk, 1
+radiopatapoe.nl, 1
+radioperfect.tk, 1
+radiopharereims.tk, 1
+radiopicaflor.tk, 1
+radioplayer.ie, 1
+radiopleer.net, 1
+radiopolarniki.spb.ru, 1
+radiopranfm.cf, 1
+radioprimerodemayo.tk, 1
+radiopush.tk, 1
+radior9.it, 1
+radioradicchio.it, 1
+radiorainbow.tk, 1
+radioranking.de, 1
+radiorecord.ml, 1
+radioregional.pt, 1
+radioremix80.tk, 1
+radioricardo.tk, 1
+radios-associatives.tk, 1
+radiosanducito.tk, 1
+radiosatbolivia.com, 1
+radioschool.co.nz, 1
+radioscope.tk, 1
+radiosdeguate.com, 0
+radioseda.ca, 1
+radiosilver.tk, 1
+radiosimba.ug, 1
+radiosterrekijker.tk, 1
+radiosuperplus.tk, 1
+radioszczecin.pl, 1
+radiotataouine.tk, 1
+radiotehnika.tk, 1
+radiotelephoni.tk, 1
+radiotexas.tk, 1
+radiotunes.tk, 1
+radiotuning.tk, 1
+radiotv.tk, 1
+radioumbrella.ga, 1
+radiouniversofm.tk, 1
+radiounofm.tk, 1
+radiounost.tk, 1
+radioventura.tk, 1
+radiovera.ru, 1
+radiovertical.tk, 1
+radiovirgendelcarmen.tk, 1
+radiovolmax.tk, 1
+radiowakeup.tk, 1
+radioxanadu.tk, 1
+radiozetta.tk, 1
+radiozilverster.tk, 1
+radis-adopt.com, 1
+radito.com, 1
+radium-it.ru, 1
+radium.group, 1
+radiumcode.com, 1
+radiumone.io, 1
+radiusmethod.com, 1
+radiusone.com, 1
+radixsalon.tk, 1
+radixweb.com, 1
+radjaternak.com, 1
+radlina.com, 1
+radnas.com, 1
+radnickapartija.tk, 1
+radnicki-nis.tk, 1
+radogear.com, 1
+radoman.ga, 1
+radon.tk, 1
+radopsec.com, 1
+radopsec.net, 1
+radopsec.org, 1
+radost-crikvenica.hr, 1
+radost.digital, 1
+radpath.at, 1
+radreisetraumtreibstoff.de, 1
+radstake.de, 1
+raduga-tv.tk, 1
+raduga4.ml, 1
+radverkehr-kelsterbach.de, 1
+radwebhosting.com, 1
+radyabkhodro.net, 1
+radyn.com, 1
+radyogemisi.com, 1
+radzikow.ski, 1
+raeder-test.azurewebsites.net, 1
+raedium.aero, 1
+raeu.me, 1
+raeven.nl, 0
+raevinnd.com, 1
+raewardfresh.co.nz, 1
+raf.org, 1
+rafaelangelfg.tk, 1
+rafaelortiz.es, 1
+rafaelsobis.tk, 1
+rafaeltuber.cf, 1
+rafalkukla.com, 1
+rafaprialv.com, 1
+rafaroca.net, 1
+rafclan.tk, 1
+raffaellaosti.com, 1
+raffall.com, 1
+rafinad.io, 1
+rafo.tech, 1
+rafo.tk, 1
+rafsis.com, 0
+raft.pub, 1
+rafting-japan.com, 1
+ragadoor.com, 1
+ragasto.nl, 1
+rage-overload.ch, 1
+rage4.com, 1
+ragebin.com, 1
+raginggaming.ga, 1
+ragingrune.tk, 1
+ragingserenity.com, 1
+ragnamania.tk, 1
+ragnamart.tk, 1
+ragnaroktop.com.br, 1
+ragsnprints.com, 1
+ragstores.com, 1
+ragt.ag, 1
+ragu.co.uk, 1
+ragusina.hr, 1
+rahasyavedicastrology.com, 1
+rahayi.tk, 1
+raheel.cf, 1
+raheel.tk, 1
+raheem.marketing, 1
+rahenytennis.tk, 1
+rahil-p.com, 1
+rahilworld.tk, 1
+rahimareports.ml, 1
+rahmans.tk, 1
+rahul.moe, 1
+rahulsadarangani.com, 1
+rai88asia.com, 1
+raiceshebreas.org, 1
+raid-runners.fr, 1
+raiden.network, 1
+raidensnakesden.co.uk, 1
+raidensnakesden.com, 1
+raidensnakesden.net, 1
+raidentawork.lt, 1
+raiderhacks.com, 1
+raidstone.net, 1
+raidstone.rocks, 1
+raiffeisen-kosovo.com, 0
+raiffeisen.al, 0
+raiffeisenbank.ba, 1
+raiffeisenleasing-kosovo.com, 1
+raiilto.com, 1
+raikko.tk, 1
+rail-o-rama.nl, 1
+rail24.nl, 1
+rail360.nl, 1
+railalabwork.lt, 1
+railbird.nl, 1
+railbus.fan, 1
+railcarrxqa.com, 1
+railclub.tk, 1
+railfans.ca, 1
+railgun.ac, 1
+railgun.com.cn, 1
+railgun.email, 1
+railjob.cn, 1
+raillto.com, 1
+railorama.nl, 1
+railpassie.nl, 1
+railroadhistory.net, 1
+railsideworks.com, 1
+railsimulator.net, 1
+railsperformance.com.br, 1
+railto.cm, 1
+railto.co, 1
+railto.com, 1
+railto.com.de, 1
+railto.com.se, 1
+railto.llc, 1
+railtollc.com, 1
+railvideo.co.uk, 1
+railvideo.net, 1
+railvideo.nl, 1
+railway.moe, 1
+railwayease.com, 1
+rain.bz, 1
+rainative.com, 1
+rainbeaus.cf, 1
+rainbeaus.ga, 1
+rainbeaus.gq, 1
+rainbeaus.ml, 1
+rainbow-christian.tk, 1
+rainbow-web.com, 1
+rainbowbrains.com, 1
+rainbowcomputer.tk, 1
+rainbowflowers.co.uk, 0
+rainbowinflatables.co.uk, 1
+rainbowlaserspewpew.xyz, 1
+rainbowloompattern.com, 1
+rainbowloompatterns.com, 1
+rainbowmath.tk, 1
+rainbowsmoothies.win, 1
+rainbowstars.ru, 1
+rainbowstore.com.au, 1
+rainbowstore.com.ua, 1
+rainbowsushi.dk, 1
+rainbowswingers.net, 1
+rainbowtransport.com, 1
+raincoat.systems, 1
+rainel.at, 1
+rainerstoll.at, 1
+rainevixen.com, 1
+rainfall.ro, 1
+rainforest.engineering, 1
+rainforestfoundation.org, 1
+rainierpros.com, 1
+rainiv.com, 1
+rainmanzone.com, 1
+rainnetwork.tk, 1
+rainnny.club, 1
+rainpaper.com, 1
+raintreatment.ga, 1
+rainturtle.com, 1
+rainuk.com, 1
+rainville.me, 1
+rainway.io, 1
+raipet.no-ip.biz, 1
+raise-educationandwellbeing.co.uk, 1
+raisecorp.com, 1
+raisects.co.uk, 1
+raisetheyouth.co.uk, 1
+raisingresilientreaders.com, 1
+raisioammattilaisille.fi, 1
+raissarobles.com, 1
+raistrick.art, 1
+raistrick.it, 1
+raitza.de, 1
+raja.fr, 1
+rajabpour.com, 1
+rajaealhoceima.tk, 1
+rajafashion.tk, 1
+rajapack.be, 1
+rajapack.co.uk, 1
+rajapack.de, 1
+rajapack.es, 1
+rajapack.it, 1
+rajapack.nl, 1
+rajasatour.id, 1
+rajeen.tk, 1
+rajeshkochhar.com, 1
+rajeshkumar.tk, 1
+rajivdeepinsights.com, 1
+rajkapoordas.com, 1
+rajkotupdates.news, 1
+rajofestival.tk, 1
+rajomon.com, 1
+rajrajasthani.tk, 1
+rajsolankimusic.ga, 1
+rajtechnologies.com, 1
+rajudhoni.ga, 1
+rak-business-service.com, 1
+rakennuspeli.com, 1
+rakeshkaryana.com, 1
+raketa.travel, 1
+raketaholst.com.ua, 1
+raketaro.de, 1
+raketenwolke.de, 1
+rakett.org, 0
+rakibzashup.ml, 1
+rakibzashup.tk, 1
+raklouisville.com, 1
+rakom.tk, 1
+rakovec.hr, 1
+raksa.media, 1
+raksha-bandhanwish.ga, 1
+rakshitrekhi.tk, 1
+raku.bzh, 1
+raku.land, 1
+rakugaki.cn, 0
+rakugokai.net, 1
+ralaoui.com, 1
+ralaoui.me, 1
+raleighadultmedicine.com, 1
+raleighboneandjoint.com, 1
+raleighcapitolent.com, 1
+raleighmedicalgroup.com, 1
+raleighpsych.com, 1
+raleighsinuscenter.com, 1
+ralfs-zusizone.de, 1
+rally-base.com, 1
+rally-base.cz, 1
+rally-base.eu, 1
+rally-results.eu, 1
+rally-vysledky.cz, 1
+rallybase.cz, 1
+rallybase.eu, 1
+rallycycling.com, 0
+rallyedu.com, 1
+rallyekrumlov.cz, 1
+rallyfotosaswin.tk, 1
+rallytrophy.tk, 1
+ralphandretta.com, 1
+ralphandretta.net, 1
+ralphandretta.org, 1
+ralphbisschops.com, 1
+raltha.com, 1
+ralvke.rocks, 1
+ram-tenancy.cf, 1
+ram-tenancy.ga, 1
+ram-tenancy.ml, 1
+ram.nl, 1
+rama.ovh, 1
+ramatola.uk, 0
+ramblingrf.tech, 1
+rambo.codes, 1
+rambus.com, 1
+ramchand.tk, 1
+ramel.tk, 1
+ramen-dealer.de, 1
+ramenramenramen.net, 1
+ramfaseo.ca, 1
+ramfy.ru, 1
+ramiabusalah.tk, 1
+ramieres.cf, 1
+ramirito.tk, 1
+ramitan.com, 1
+ramkot.tk, 1
+ramle.be, 1
+rammstein.pt, 1
+rammsteinaustralia.tk, 1
+rammsteinzone.tk, 1
+ramonahillsideplayers.org, 1
+ramonguilherme.com.br, 1
+ramos.tur.br, 1
+ramosmartinneble.es, 1
+ramowitha.com, 1
+ramp.com, 1
+rampeboreal.ca, 1
+rampestyuma.com, 1
+rampiva.com, 1
+ramplaysugente.tk, 1
+ramrecha.com, 0
+ramsaver.com.br, 1
+ramsay.xyz, 1
+ramsayshorsetransport.com, 1
+ramsayshorsetransport.com.au, 1
+ramsdensforcash.co.uk, 1
+ramsdensplc.com, 1
+ramseycountymn.gov, 1
+ramseycs.net, 0
+ramsor-gaming.de, 1
+ramt.tk, 1
+ramtechmodular.com, 1
+ramusa.org, 1
+ramydent.no, 1
+ramynetwork.tk, 1
+ramzinex.com, 1
+ran-drunken.tk, 1
+ran-ran.top, 1
+ran-sama.ddns.net, 1
+rana.realestate, 1
+rana.shop, 1
+ranasinha.com, 1
+rancakmedia.com, 1
+rancheriastereo.tk, 1
+ranchesterwy.gov, 1
+ranchocordova.gov, 1
+ranchodoalqueidao.pt, 1
+rancowar.com, 1
+randallcounty.gov, 1
+randallcraig.com, 1
+randallso.gov, 1
+randburgplumbing.co.za, 1
+randc.org, 1
+randolf.ca, 1
+randolphcountyal.gov, 1
+randolphcountyil.gov, 1
+random-project.com, 1
+random-samplings.org, 1
+random.org, 1
+randomactsofkindness.org, 1
+randomadversary.com, 1
+randomarticle.ml, 1
+randombig.cat, 1
+randombit.eu, 0
+randombooks.gq, 1
+randombrainwave.cf, 1
+randombrainwave.ga, 1
+randombrainwave.gq, 1
+randombrainwave.ml, 1
+randomdomain.io, 1
+randomforestweb.com, 1
+randomforum.tk, 1
+randomideas.me, 1
+randomizer.space, 1
+randomkindness.tk, 1
+randomkoalafacts.com, 1
+randompasswordgenerator.fun, 1
+randomquotesapp.com, 1
+randomsearching.ml, 1
+randomserver.pw, 1
+randomserver.xyz, 1
+randomsnapshots.tk, 1
+randomstuffproductions.tk, 1
+randomtest.cf, 1
+randomthings.cf, 1
+randomuuid.org, 1
+randomweb.tk, 1
+randorn.com, 1
+randox.com, 1
+randy.su, 1
+randyandpixel.com, 1
+randyrhoads.tk, 1
+randyselzer.com, 1
+ranfics.tk, 1
+ranfurlychambers.co.nz, 1
+rangde.org, 1
+range.co, 1
+rangeforce.com, 1
+rangeforce.eu, 1
+rangerfiles.tk, 1
+rangersloyalsite.tk, 1
+rangersofbelgium.be, 1
+rangeweb.ga, 1
+ranginkamonkadeh.ir, 1
+rangsmo.se, 0
+rangzol.now.sh, 1
+raniermn.gov, 1
+ranjanbiswas.in, 1
+ranjanbiswas.net, 1
+ranjeetmehta.tk, 1
+rankeco.com, 1
+ranker.work, 1
+rankia.ga, 1
+ranking-deli.jp, 1
+ranking-mensesthe.jp, 1
+ranking10hits.tk, 1
+rankingide.tk, 1
+rankingofe.com.pl, 1
+rankingubezpieczeniowy.pl, 1
+rankingubezpieczennazycie.pl, 1
+ranksite.cf, 1
+ranksite.ga, 1
+ranksite.gq, 1
+ranksite.ml, 1
+ranksite.tk, 1
+rankya.com, 1
+rannamoisaaiasalong.ee, 1
+rannseier.org, 1
+ranos.org, 1
+ransomspares.co.uk, 1
+ranson.com.au, 1
+ransonwv.gov, 1
+rantalaholcomb.tk, 1
+rantamplan.tk, 1
+rantanda.com, 1
+rante.com, 1
+ranters.nl, 1
+ranyeh.co, 1
+ranyeh.com, 1
+ranzbak.nl, 1
+raochana.com, 0
+raoliveoil.ga, 1
+raomed.com.ar, 1
+raovatsaigon.tk, 1
+rap4ever.org, 1
+rapala.com, 1
+rapanui.tk, 1
+rapay.net, 1
+rapbull.net, 1
+rapdinle.tk, 1
+rapenroer.com, 1
+rapenroer.nl, 1
+raphael.li, 1
+raphaeladdile.com, 1
+raphaelcasazza.ch, 0
+raphaelmoura.ddns.net, 1
+raphaelschneider.de, 1
+raphrfg.com, 1
+rapid-care.com, 1
+rapidapp.io, 1
+rapidcenter.tk, 1
+rapidcityjournal.com, 1
+rapidessay.com, 1
+rapidgator.net, 1
+rapidguide.tk, 1
+rapidlegal.com, 1
+rapidminer.com, 0
+rapidoo.com.br, 1
+rapidscale.net, 1
+rapidseo.net, 1
+rapidshit.net, 1
+rapidspike.com, 1
+rapidssl.com.ru, 1
+rapidsslonline.com, 1
+rapidstone.com, 1
+rapnet.com, 1
+raposafixe.pt, 1
+rapoteka.tk, 1
+rappels-produits.com, 1
+rappet.de, 1
+rappisexshop.com, 1
+rapport.link, 1
+raps.org, 1
+rapsconfab.com, 1
+raptechpk.com, 1
+rapu.nz, 1
+rapwoyska.tk, 1
+rapyd.net, 1
+raqoo.jp, 1
+raquelmolinacases.tk, 1
+rar.moe, 1
+raranga.net.nz, 1
+rarbgmirrored.org, 1
+rarbgproxied.org, 1
+rarbgproxy.com, 1
+rarbgunblock.com, 1
+rarbgunblocked.org, 1
+rare-x.org, 1
+rarece.cf, 1
+rarediseaseday.org, 1
+rareearthhair.com.au, 1
+rarefish.tk, 1
+raregems.io, 1
+rarehi.com, 1
+rarename.tk, 1
+rarity.tools, 1
+raritysniper.com, 1
+rarlab.com, 1
+rarlabs.com, 1
+raroh73.xyz, 1
+rarous.net, 1
+rarsoft.com, 1
+raryosu.info, 1
+rasa.com, 1
+rasadnikcvecaperic.rs, 0
+rasagiline.com, 1
+rasaja.com, 1
+rasberry.cf, 1
+rascals-castles.co.uk, 1
+rascals.ga, 1
+rascalscastles.co.uk, 1
+rascript.tk, 1
+rascvet.tk, 1
+rase.rocks, 1
+raserbajs.tk, 1
+rashamehrnikan.com, 1
+rashbogota.tk, 1
+rasheed-nuss.tk, 1
+rashmipandit.com, 1
+rashodkin.tk, 1
+raskruti.ga, 1
+raskruti.ml, 1
+raskrutka.cf, 1
+rasmushaslund.com, 1
+rasnyder.com, 1
+rasp-consulting.de, 1
+raspberryultradrops.com, 1
+raspclock.com, 1
+raspitec.ddns.net, 1
+rassadacvetov.com, 0
+rasset.ie, 1
+rassistem.rs, 1
+rassro.sk, 1
+rastabooks.ga, 1
+rasteniem.ru, 1
+rastko-jevtovic.tk, 1
+rasty.cz, 1
+rat.pw, 1
+rataassociates.com, 1
+ratajczak.one, 1
+ratasdesign.com, 1
+ratatosk.net, 1
+ratbarricade.com, 1
+ratd.net, 1
+rate.is, 1
+ratebridge.com, 1
+rateddomain.ml, 1
+ratelimited.me, 1
+ratelsec.com, 1
+ratemyfishtank.com, 1
+ratepayeralliance.org, 1
+rates.ca, 1
+ratespy.com, 1
+rathbonesonline.com, 1
+rathdrum.gov, 1
+rathdrumpolice.gov, 1
+ratherrarerecords.com, 0
+rathgeb.org, 1
+rathmann-couture.de, 1
+rathorian.fr, 1
+rathsallaghhouseonline.com, 1
+ratingostar.com, 1
+ratinq.co, 1
+ratiocinat.ga, 1
+ratiocontent.de, 0
+rationalcreation.com, 1
+rationalism.com, 1
+rationalops.com, 1
+ratirl.be, 1
+ratman.xyz, 1
+ratsmicedormice.com, 1
+rattanhousecarpentry.com, 1
+rattattees.com, 1
+rattenkot.io, 1
+ratujemyzwierzaki.net, 1
+ratujmydzikiekoty.org, 1
+ratunek.com.pl, 1
+ratusha.ml, 1
+rauchfrei-info.de, 1
+raulmalea.ro, 1
+raulrivero.es, 1
+raulval.com, 1
+raumausstatter-fangmann.de, 1
+rauros.net, 1
+rauschenbach.de, 1
+rauserv.de, 1
+rautarutto.tk, 1
+rava.tk, 1
+ravada-vdi.com, 1
+ravagers.tk, 1
+ravages.tk, 1
+ravalement-facade.net, 1
+ravallirepublic.com, 1
+ravchat.com, 1
+raveboy.dyndns.org, 1
+ravefm.tk, 1
+raveharmony.com, 1
+ravelin.click, 1
+ravelin.com, 1
+raven.dog, 1
+raven.express, 1
+ravenandsage.com, 1
+ravencoin.com, 1
+ravencoin.org, 1
+ravenger.net, 1
+ravengergaming.net, 1
+ravenhillavenue.com, 1
+ravennatoday.it, 1
+ravenrealms.tk, 1
+ravenrepublic.net, 1
+ravenrockrp.com, 1
+ravenstonejeweler.com, 1
+raventechnology.es, 1
+ravenx.me, 1
+ravescout.club, 1
+raveseguros.com, 1
+ravesteijn.nl, 1
+ravhaaglanden.org, 1
+ravihotel.com, 0
+ravijuhend.ee, 1
+ravik.tk, 1
+ravimiamet.ee, 0
+ravimiregister.ee, 1
+ravinala-airports.aero, 1
+raviparekh.co.uk, 1
+ravis.org, 1
+ravkavonline.co.il, 1
+ravkr.duckdns.org, 1
+ravnareka.tk, 1
+ravne.land, 1
+ravron.com, 1
+ravse.dk, 1
+raw.nl, 1
+rawa-ruska-union-nationale.fr, 1
+rawballs.nl, 1
+rawbeautysource.com, 1
+rawcom.pl, 1
+rawdamental.com, 1
+rawdutch.nl, 1
+rawfitco.com.au, 1
+rawforce.tk, 1
+rawinfosec.com, 1
+rawley.co.uk, 1
+rawlinswy.gov, 1
+rawlord.ga, 1
+rawmarkable.co.uk, 1
+rawmathub.gr, 1
+rawmonolife.ru, 1
+rawpearls.com, 1
+rawr.sexy, 1
+raxion.cf, 1
+raxion.tk, 1
+ray-works.de, 1
+rayadventure.com, 1
+raycarruthersphotography.co.uk, 1
+raycon.io, 1
+raydius.de, 1
+rayfalling.com, 1
+rayhillforsupremecourt.com, 1
+rayiris.com, 1
+rayj.org, 1
+raykitchenware.com, 1
+raylo.com, 1
+raym.ml, 1
+raymd.de, 1
+raymondelooff.nl, 1
+raymondha.ca, 1
+raymondha.com, 1
+raymondvineyards.com, 1
+raymundo.doctor, 1
+raynbo.ai, 1
+raynis.net, 1
+raynoonanwindows.ie, 1
+rayonbricolage.com, 1
+rayonnage-stockage.fr, 1
+raysbarreto.tk, 1
+raysei.com, 1
+raysmtp.ga, 1
+raysolutions.tk, 1
+raystark.com, 1
+raystedman.org, 1
+raytonne.cn, 1
+raytonne.com, 1
+rayusradiology.com, 1
+raywardapparel.com, 1
+raywisdom.tk, 1
+rayworks.de, 1
+razakhanimazhab.tk, 1
+razalabs.com, 1
+razalabs.gr, 1
+razberry.kr, 1
+razborpoletov.cf, 1
+razborpoletov.ml, 1
+razborpoletov.tk, 1
+razborpoletovsite.cf, 1
+razborpoletovsite.ga, 1
+razborpoletovsite.gq, 1
+razborpoletovsite.tk, 1
+razdolnoe.tk, 1
+razeencheng.com, 1
+razgon.ga, 1
+razgon.tk, 1
+raziculacrimi.ro, 1
+razoesparaacreditar.com, 1
+razrabo.tk, 1
+razrsec.uk, 1
+razvan.digital, 1
+razvanburz.ro, 1
+razvanvatamanu.ro, 1
+razvlekuha.cf, 1
+razvlekuhablog.tk, 1
+rb-china.net, 1
+rb.cz, 1
+rballday-entertainment.nl, 1
+rbbaader.de, 1
+rbbuae.com, 1
+rbcafe.com, 1
+rbclub.cz, 1
+rbcosmetici.it, 1
+rbd.events, 1
+rbensch.com, 0
+rbet.tk, 1
+rbgeneralcontractor.com, 1
+rbh.co.uk, 1
+rbi-admin.com, 1
+rbi-umbrella.com, 1
+rbiacademylms.org, 1
+rbin.nl, 1
+rbknarkers.tk, 1
+rbltracker.com, 1
+rbmafrica.co.za, 1
+rbmland.com, 1
+rbnet.xyz, 1
+rbocache.com, 1
+rbprosthodontics.com, 1
+rbqwow.link, 1
+rbs.co.uk, 1
+rbs.com, 1
+rbsexshop.com.br, 1
+rbsinternational.com, 1
+rbt.rs, 1
+rbt.sx, 1
+rbtvshitstorm.de, 1
+rbunews.tk, 1
+rburchell.com, 0
+rbx.com, 1
+rbx.gg, 1
+rc-lotto.com, 1
+rc-offi.net, 1
+rc-refer.nhs.uk, 1
+rc-shop.ch, 1
+rc.cruises, 1
+rc1.eu, 1
+rc21x.com, 1
+rc2edit.nl, 1
+rc3n.com, 1
+rc7.ch, 1
+rca.ink, 1
+rca2015.ru, 1
+rcbanger.tk, 1
+rccars.info, 1
+rccgstrongtowerng.org, 1
+rccom.ru, 1
+rcd.cz, 0
+rcdeescolasantcugat.com, 1
+rcdevs.com, 1
+rcdocuments.com, 1
+rcdrone.tk, 1
+rcelectronica.com, 1
+rcfl.gov, 1
+rcforex.com, 1
+rcgoncalves.pt, 1
+rchavez.site, 1
+rchrdsn.uk, 1
+rcips.ky, 1
+rclaywilliamsdo.com, 1
+rclsm.net, 1
+rcmlinx.com, 1
+rcmodelflying.tk, 1
+rcmstream.com, 1
+rcnitrotalk.com, 1
+rcoliveira.com, 1
+rcorporation.be, 1
+rcotec.be, 1
+rcpdesign.cl, 1
+rcphiphop.tk, 1
+rcprogranada.com, 1
+rcraigmurphy.net, 1
+rcrdelecuador.com, 1
+rcru.org, 1
+rcsacessoria.online, 1
+rcsda.net, 1
+rcslt.org, 1
+rcsolutions.nl, 0
+rcsscontractors.com, 1
+rct-chair.com, 1
+rct.sk, 0
+rct.uk, 1
+rctalk.com, 1
+rcteam.fr, 1
+rctiads.com, 1
+rctrk.net, 1
+rctruck.nl, 0
+rctx.tk, 1
+rcubesports.com, 1
+rcxzsc.com, 1
+rd0xb.com, 1
+rdactive.de, 1
+rdb.vote, 1
+rdcdesign.com, 1
+rddjapan.info, 1
+rded.nl, 1
+rdesigner.tk, 1
+rdfencingandgates.co.uk, 1
+rdfmapped.com, 1
+rdforum.org, 1
+rdfproject.it, 1
+rdfz.tech, 1
+rdienclosures.com, 1
+rdimedical.com, 1
+rdkf.de, 1
+rdl.at, 1
+rdm.lu, 1
+rdmc.biz, 1
+rdmc.center, 1
+rdmc.contact, 1
+rdmc.education, 1
+rdmc.fr, 1
+rdmc.host, 1
+rdmc.info, 1
+rdmc.io, 1
+rdmc.link, 1
+rdmc.live, 1
+rdmc.network, 1
+rdmc.ovh, 1
+rdmc.report, 1
+rdmc.site, 1
+rdmc.support, 1
+rdmc.systems, 1
+rdmc.tel, 0
+rdmc.tn, 1
+rdmc.vision, 1
+rdmc.wiki, 1
+rdmrotterdam.nl, 0
+rdmshit.net, 1
+rdmtaxservice.com, 0
+rdn-team.com, 1
+rdns.gq, 1
+rdo.gg, 1
+rdrama.net, 1
+rdsm.be, 0
+rdtech.de, 1
+rdto.io, 1
+rdv-cni.fr, 1
+rdv-coquin-rapide.fr, 1
+rdvobras.pt, 0
+rdwh.tech, 0
+rdwz.one, 1
+re-align.life, 1
+re-arranged.tk, 1
+re-engines.com, 1
+re-leased.com, 1
+re-presented.de, 1
+re-security.com, 1
+re.yt.nom.br, 1
+reach-on.de, 1
+reach.gov, 1
+reach.gov.sg, 1
+reachdigital.com.au, 1
+reachhead.com, 1
+reachley.net, 1
+reachout-ghana.com, 1
+reachout2.nl, 1
+reachrss.com, 1
+reachum.com, 1
+reachwithed.com, 1
+reaconverter.com, 1
+react-db.com, 1
+reacteev.com, 1
+reactfactory.io, 1
+reactheme.com, 1
+reactionindex.com, 1
+reactive-load.com, 1
+reactive-press.com, 1
+reactive.com.ru, 1
+reactivedrop.com, 1
+reactivemarkets.com, 1
+reactor-family.tk, 1
+reactpwa.com, 1
+read-blackclovermanga.com, 1
+read-myheromanga.com, 1
+read.family, 1
+readabilitychecker.com, 1
+readable.pw, 1
+readapt-nutrition.com, 1
+readcomics.gq, 1
+readersfavorite.com, 1
+reades.co.uk, 1
+reades.uk, 1
+readify.net, 1
+readifycloud.com, 1
+readingea.com, 1
+readingoutpost.com, 1
+readingrats.de, 1
+readlater.de, 1
+readless.cf, 1
+readmybeacon.com, 1
+readmynews.cf, 1
+readouble.com, 0
+readpages.gq, 1
+readtome.co.in, 1
+readup.tk, 1
+ready2learn.eu, 1
+ready4bf.tk, 1
+ready5g.net, 1
+readyblinds.com.au, 1
+readycentbid.com, 1
+readycentral.com, 1
+readychurchsites.com, 1
+readyclassroomcentral.com, 1
+readycolorado.gov, 1
+readycontacts.com, 1
+readydedis.com, 1
+readyeutaw.gov, 1
+readyfiction.com, 1
+readyit.pl, 1
+readync.gov, 1
+readyrowan.com, 1
+readyrowan.org, 1
+readyscif.com, 1
+readysell.net, 1
+readysetscif.com, 1
+readysetworkpa.com, 1
+readysetworksd.com, 1
+readystep.ga, 1
+readytocleanga.com, 1
+readytongue.com, 0
+readywithresourcestn.gov, 1
+reaganlibrary.gov, 1
+reakcjonista.tk, 1
+reaksi.id, 1
+real-it.nl, 1
+real-linux.tk, 1
+real-site.tk, 1
+real-srebrenica-genocide.cf, 1
+real-srebrenica-genocide.ga, 1
+real-srebrenica-genocide.gq, 1
+real-srebrenica-genocide.ml, 1
+real-thailand.tk, 1
+real-work.tk, 1
+realacademy.net, 1
+realanteile.at, 0
+realbiographies.cf, 1
+realbiz.ml, 1
+realcanada.com.gt, 1
+realcapoeira.ru, 1
+realclinic.jp, 1
+realdomdom.cf, 1
+realestate-in-uruguay.com, 1
+realestate-lidl.at, 1
+realestate-lidl.be, 1
+realestate-lidl.bg, 1
+realestate-lidl.ch, 1
+realestate-lidl.co.uk, 1
+realestate-lidl.com, 1
+realestate-lidl.cz, 1
+realestate-lidl.dk, 1
+realestate-lidl.fr, 1
+realestate-lidl.gr, 1
+realestate-lidl.it, 1
+realestate-lidl.lt, 1
+realestate-lidl.lu, 1
+realestate-lidl.lv, 1
+realestate-lidl.pl, 1
+realestate-lidl.pt, 1
+realestate-lidl.ro, 1
+realestate-lidl.rs, 1
+realestate-lidl.se, 1
+realestate-lidl.sk, 1
+realestateagent-directory.com, 1
+realestatebees.com, 1
+realestateblogs.tk, 1
+realestateboston.tk, 1
+realestateexecutives.tk, 1
+realestategreenville.tk, 1
+realestatekanada.tk, 1
+realestatemaryland.tk, 1
+realestateofnewmexico.com, 1
+realestateonehowell.com, 1
+realestates.istanbul, 1
+realestatesales.gov, 1
+realestatestagingassociation.com, 1
+realestatetennessee.net, 1
+realestatewebnews.tk, 1
+realfamilyincest.com, 1
+realfreedom.city, 0
+realgarant-shop.de, 0
+realgiulianova.it, 1
+realgogo.com, 1
+realgoods.com, 1
+realhelpcompany.ga, 1
+realhorsegirls.net, 1
+realhost.name, 1
+realhypnosistraining.com.au, 1
+realidad.tk, 1
+realimagess.com, 1
+realincest.tv, 1
+realinsurance.com.au, 1
+reality.news, 1
+reality0ne.com, 0
+realitycrazy.com, 1
+realitydudesnetwork.com, 1
+realityjunkies.com, 1
+realitykings.com, 1
+realityrecoverycollective.tk, 1
+realitystudio.org, 1
+realitytoday.cf, 1
+realives.com, 1
+realizegov.com, 1
+realkeywords.ga, 1
+reall.uk, 1
+reallife-it.de, 1
+reallifeforums.com, 0
+reallight.ge, 1
+reallinux.tk, 1
+reallivingcc.com, 1
+reallovetab.ga, 1
+really-simple-ssl.com, 1
+reallyangryaboutchipshops.com, 1
+reallybadidea.tk, 1
+reallycooljobs.ga, 1
+reallytrusted.com, 1
+reallywild.tk, 1
+realm-of-shade.com, 1
+realm.is, 1
+realmadrid-bet1x2.com, 1
+realmadridoffice.tk, 1
+realmaturetube.com, 1
+realmixwell.tk, 1
+realmjoin.com, 1
+realmofaesir.com, 1
+realmoney.games, 1
+realnature.com.br, 1
+realneo.me, 1
+realnet.tk, 1
+realno-money.tk, 1
+realonline.com.au, 1
+realoteam.ddns.net, 1
+realpropertyprofile.gov, 1
+realpython.com, 1
+realrapfans.tk, 1
+realrealstore.com, 1
+realtechreviews.com, 1
+realtimenetworks.com, 1
+realtimeregister.com, 1
+realtoraidan.com, 1
+realty-pochta.tk, 1
+realtygroup-virginia.com, 1
+realtyofnaples.com, 1
+realtys.ca, 1
+realum.com, 1
+realum.de, 1
+realum.eu, 1
+realum.net, 1
+realvapamarde.cf, 1
+realvisioninternet.com, 1
+realvnc.com, 1
+realvnc.help, 1
+realwaycome.com, 1
+realwebsite.ga, 1
+realwinner.es, 1
+realworldholidays.co.uk, 1
+realyux.com, 1
+reancos.report, 1
+reanimated.eu, 1
+reanimed.com.ua, 1
+reank-mnx.site, 1
+reapandsowmarketing.com, 1
+rearmatch.cf, 1
+rearmatch.ga, 1
+reavaninc.com, 1
+reaven.nl, 0
+rebajasoferta.com, 1
+rebalancenyc.com, 1
+rebaltica.lv, 1
+rebane2001.com, 1
+rebargroup.org, 1
+rebase.com.tr, 1
+rebatekey.com, 1
+rebecamode.ch, 1
+rebeccawendlandt.com, 1
+rebeccawilson.co.uk, 1
+rebel-owl.com, 1
+rebel.com.br, 1
+rebelbranding.nl, 1
+rebelchick.tk, 1
+rebelcorp.cloud, 1
+rebelcorp.ltd, 1
+rebeldeway-al.tk, 1
+rebeldeway-ks.tk, 1
+rebelko.de, 1
+rebellecare.com, 1
+rebelliouskitten.art, 1
+rebellyon.info, 1
+rebelonline.nl, 1
+rebelsewerservices.com, 1
+rebelsi.pl, 1
+rebelstudio.ml, 1
+rebelviral.com, 1
+rebelz.se, 1
+rebirthlongboard.co.th, 1
+rebizzield.com, 1
+rebonus.com, 1
+rebootwithnature.in, 0
+reboxetine.com, 1
+reboxonline.com, 1
+rebrandly.com, 1
+rebschool.ml, 1
+rebtoor.com, 0
+rebuga.com, 1
+rebuild96.ru, 1
+rebull.fr, 1
+rebure.com, 1
+rebus.support, 1
+rebusfarm.net, 1
+reby.cf, 1
+reby.tk, 1
+rec.moe, 1
+rec5.nl, 1
+recallinsider.com, 1
+recalls.gov, 1
+recambiospuntored.com, 1
+recantoshop.com.br, 1
+recaptcha-demo.appspot.com, 1
+recaptime.eu.org, 1
+receitas.tk, 1
+receitasdacassia.tk, 1
+receitasdepesos.com.br, 1
+receitasfavoritas.com, 1
+receptenwebsite.com, 1
+reception247.com, 0
+receptionsbook.com, 1
+recessmonkeyz.tk, 1
+recetasboricuas.com, 1
+recetasdelospaises.com, 1
+recetasdemape.com, 1
+recetasget.com, 1
+recetips.com, 1
+recettecookeo.net, 1
+recettes-de-tiramisu.fr, 1
+recettes-series.com, 1
+rechenknaecht.de, 1
+rechenwerk.net, 1
+recherchegruppe.tk, 1
+rechky.tk, 1
+recht.us, 1
+rechten-konsens-brechen.tk, 1
+rechtenliteratuurleiden.nl, 0
+rechtsanwalt-loesener.de, 1
+rechtsanwaltdrach.de, 1
+rechtsanwaltskammer-hamm.de, 1
+rechtschreibpruefung24.de, 1
+rechtsschutz-onlineshops.de, 1
+recidivism.com, 1
+recifaliste.fr, 1
+recipea.com, 1
+recipegym.com, 0
+recipekensaku.com, 1
+recipesbyjaz.com, 1
+recipesdelite.com, 1
+recipeslist.tk, 1
+recipesmadeeasy.co.uk, 1
+recipex.ru, 1
+recipeyak.com, 1
+recipito.tk, 1
+reciple.kz, 1
+recitoners.net, 1
+reckers-griesbach.com, 1
+recklessly.ga, 1
+reckner.com, 1
+reckoning.gq, 1
+reckontalk.com, 1
+reckord-bau.de, 1
+reckord.org, 1
+reclaimmysparkle.com, 1
+reclaimyourface.eu, 1
+reclamejagers.nl, 1
+reclamewereldsmp.eu, 1
+reclusiam.net, 1
+recmon.hu, 1
+recoa.tk, 1
+recoilbox.com, 1
+recolic.cc, 1
+recolic.net, 1
+recollective.com, 1
+recolor.ml, 1
+recomendador.cl, 1
+recommend.pro, 1
+recommends.ml, 1
+recompiled.org, 0
+recon-networks.com, 1
+recon.net.br, 1
+reconocimientoincan.org.mx, 1
+recordagrave.org, 1
+recordati.com.tr, 1
+recordmeeting.jp, 1
+recordmeeting.net, 1
+recordproduction.com, 1
+recordsmanagement.gov, 1
+recordstudio.tk, 1
+recouvrement-jmconseil.com, 1
+recoveringfromfaith.com, 1
+recoveringircaddicts.org, 1
+recoveringmarketer.com, 1
+recovery.gov.au, 1
+recoveryohio.gov, 1
+recoveryonline.org, 1
+recoveryunplugged.com, 1
+recovre.com.au, 1
+recraft-batteries.com, 1
+recraft-ventures.com, 1
+recraft.energy, 1
+recraft.ventures, 1
+recraftventures.com, 1
+recrea.pl, 1
+recreatiewoningverzekeringen.nl, 1
+recroommasters.com, 1
+recruit.net, 1
+recruitcrm.io, 0
+recruiterbox.com, 1
+recruiting.ai, 1
+recruitnow.nl, 1
+recruitpedia.co.uk, 1
+recruitpediacorp.com, 1
+recruitsecuritytraining.co.uk, 1
+recruitsecuritytraining.com, 1
+recruitskill.cf, 1
+recruitskill.ga, 1
+recruitskill.gq, 1
+rectale.co, 1
+rectale.com, 1
+rectale.xyz, 1
+rectecforum.com, 1
+rectoraudiparts.com, 1
+rectoverso61.fr, 1
+rectus.co.jp, 1
+recuperation-points.fr, 1
+recuperatucuentaya.com, 1
+recupero.it, 1
+recurly.com, 1
+recursos.vip, 1
+recursoscristianosleinad.com, 1
+recursosilimitados.tk, 1
+recursosimbiopos.com, 1
+recursosmi.com.br, 1
+recursosrev.tk, 1
+recycle-plant.com, 0
+recycle.cf, 1
+recyclebc.ca, 1
+recyclebin.email, 1
+recycledinorsett.co.uk, 1
+recycledinorsett.com, 1
+recyclenow.com, 1
+recycling.tk, 1
+recyclingisland.com, 1
+recyklacekovu.cz, 1
+red-button.hu, 1
+red-dragon.tk, 1
+red-eyed-tree-frogs.com, 1
+red-lightning.tk, 1
+red-official.com, 1
+red-panda.be, 1
+red-planet.tk, 1
+red-t-shirt.ru, 1
+red-train.de, 1
+red-wine.tk, 1
+red031000.com, 1
+red1it.net, 1
+red2fred2.com, 1
+redable.nl, 1
+redacted.finance, 1
+redactibio.com, 1
+redactieco.nl, 1
+redarx.com, 1
+redballoonsecurity.com, 1
+redbeardplumbing.net, 1
+redcabbage.tk, 1
+redcanary.co, 1
+redcandycane.tk, 1
+redcapital.cl, 1
+redcardinal.tk, 1
+redcarnationhotels.com, 1
+redcarpetmonday.com, 1
+redcatrampageforum.com, 1
+redcedar.gov, 1
+redchat.cz, 1
+redcity.apartments, 1
+redcode-web.design, 1
+redcoded.com, 1
+redcone.net, 1
+redcontralarepresion.org, 1
+redcorus.com, 1
+redcreek.tk, 1
+redcross.com.ph, 1
+redcupit.com, 1
+redd.it, 1
+reddark.io, 1
+reddcoin.com, 1
+reddcrypt.com, 1
+reddepsicologosdecr.com, 1
+reddice.tk, 1
+reddingo.at, 1
+reddingo.be, 1
+reddingo.ch, 1
+reddingo.com, 1
+reddingo.com.au, 1
+reddingo.de, 1
+reddingo.es, 1
+reddingo.eu, 1
+reddingo.fr, 1
+reddingo.it, 1
+reddingo.jp, 1
+reddingo.nl, 1
+reddingo.nz, 1
+reddingrancheria-nsn.gov, 1
+reddingsbrigade-zwolle.nl, 1
+reddit.com, 1
+reddit2kindle.com, 1
+redditinc.com, 1
+reddraggone9.com, 0
+reddyai.com, 1
+rede-reim.de, 1
+rede-t.com, 1
+redearsliderturtles.com, 1
+redecsirt.pt, 1
+rededca.com, 1
+rededecuidadores.pt, 1
+redefertig.de, 1
+redefiningstrength.com, 1
+redehiperfarma.com.br, 1
+redelectrical.co.uk, 0
+redemption.gq, 1
+redes-neuronales.tk, 1
+redeyeguatemala.tk, 1
+redfish.tk, 1
+redflare.com.au, 1
+redfog.com, 1
+redfox-media.com, 1
+redfox-media.eu, 1
+redfox-media.net, 1
+redfox-media.org, 1
+redfoxlotto.com, 1
+redfoxmarketiing.com, 1
+redgatesoftware.co.uk, 1
+redgeek.cf, 1
+redgeek.ga, 1
+redgeek.gq, 1
+redgeek.ml, 1
+redgranitefdwi.gov, 1
+redgravity.net, 1
+redhackerteam.tk, 1
+redhandedsecurity.com.au, 1
+redhead.id.au, 1
+redheadfuck.com, 1
+redheeler.com.br, 1
+redhillboardriders.tk, 1
+redhookchallenge.org, 1
+redhookny.gov, 1
+redhotmonks.com, 1
+redhotmonks.nl, 1
+redhottube.cf, 1
+redhottube.ga, 1
+redhottube.gq, 1
+redhottube.ml, 1
+redi.tk, 1
+rediazauthor.com, 1
+redid.com.au, 1
+redion.me, 1
+redir.me, 1
+redireci.one, 1
+redirecionarnoticias.ml, 1
+redirect.fedoraproject.org, 1
+redirect.pizza, 1
+redirect.stg.fedoraproject.org, 1
+redirection-plf.online, 1
+rediscoveredfamilies.com, 1
+redisgreen.com, 1
+rediske.me, 1
+redite.co, 1
+redivis.com, 1
+redjuice.co.uk, 1
+redkite.se, 1
+redknothomes.com, 1
+redletter.link, 1
+redlight.net, 1
+redlink.de, 1
+redlink.tk, 1
+redlinker.ml, 1
+redlionclub.ga, 1
+redlionhockwold.com, 1
+redloeki.tk, 1
+redmadrobot.ru, 1
+redmarker.ai, 1
+redmejoracontinua.com, 1
+redmondoregon.gov, 1
+redmore.me, 1
+redneck-radio.tk, 1
+redneragenturen.org, 1
+rednex.tk, 1
+rednsx.org, 0
+rednumberone.com, 1
+redoikos.org, 1
+redot.com, 1
+redpanda.gay, 1
+redparrotstudios.tk, 1
+redpen.gr, 1
+redper.serveminecraft.net, 1
+redperegrine.com, 0
+redphi.dedyn.io, 1
+redphoenix.tk, 1
+redpitaya.com, 1
+redprice.by, 1
+redq.now.sh, 1
+redrafting.ga, 1
+redragon.co.za, 1
+redraven.studio, 1
+redrealm.tk, 1
+redrivernm.gov, 1
+reds-dev.ga, 1
+redsequence.com, 1
+redshank-largeformat.co.uk, 1
+redshell.pw, 1
+redshiftcybersecurity.co.za, 1
+redshoeswalking.net, 1
+redshop.uk, 1
+redsicom.com, 1
+redsiege.com, 1
+redsift.cloud, 1
+redsift.com, 1
+redsift.io, 1
+redsis.com, 1
+redskullstuff.gq, 1
+redsnappr.com, 1
+redsolutor.gq, 1
+redsquarelasvegas.com, 1
+redstack.tk, 1
+redstarline.be, 1
+redstarpictures.tk, 1
+redstarsurf.com, 1
+redstarwholesale.co.za, 1
+redstoneart-server.top, 1
+redstonehomekits.com, 1
+redstoner.com, 1
+redstonium.net, 1
+redstor.com, 1
+redtails.tk, 1
+redteam-pentesting.de, 1
+redteam.coach, 1
+redteams.fr, 1
+redtomato.ga, 1
+redtrig.ca, 1
+redtrig.com, 1
+redtsar2000papers.tk, 1
+redtubs.tk, 1
+redtune.jp, 1
+reducealcoholism.com, 1
+reducedlens.org, 1
+reducer.co.uk, 1
+reducto.tk, 1
+reduktorntc-k.com.ua, 1
+redunion.tk, 1
+redvent-decor.ru, 1
+redvent.ru, 1
+redwater.co.uk, 1
+redwaymu.cf, 1
+redweek.com, 1
+redwhey.com, 1
+redwiki.tk, 1
+redwillowcountyne.gov, 1
+redwood.pw, 1
+redwoodtoxicology.com, 1
+redzonedaily.com, 1
+reebelo.co.nz, 1
+reebelo.com.au, 1
+reececustom.com, 1
+reed-sensor.com, 1
+reedgroup.com, 1
+reedsvillewi.gov, 1
+reedy.tk, 1
+reeftrip.com, 1
+reehomes.com, 1
+reel360.com, 1
+reeladventurefishing.com, 1
+reelchicago.com, 1
+reelgame.ml, 1
+reelnews.ga, 1
+reels.in.th, 1
+reelssaver.com, 1
+reemployks.gov, 1
+reenergo.ru, 1
+reening.net, 1
+reenio.com, 1
+reenio.cz, 1
+reenio.sk, 1
+reentry.gov, 1
+reentrycenterofocala.com, 1
+rees-carter.net, 1
+reesi.site, 1
+reesmichael1.com, 1
+reeson.at, 1
+reeson.de, 1
+reeson.info, 1
+reeson.org, 1
+reevaappliances.co.uk, 1
+reeves-family.com, 1
+reevoo.com, 1
+reezocar.be, 1
+reezocar.com, 1
+refalm.com, 1
+refb.org, 1
+refbanners.com, 1
+refbanners.website, 1
+refer.codes, 1
+refer.nhs.uk, 1
+referat.club, 1
+referati.tk, 1
+referdell.com, 1
+reference-classic.fr, 1
+reference-emploi.com, 1
+reference-expertise.fr, 1
+reference.be, 1
+referencement-local.info, 1
+referenceur.be, 1
+referendumcouncil.org.au, 1
+referko.in, 1
+referrer.website, 1
+reffect.io, 1
+refillrx.com, 1
+refillthecity.eu, 1
+refinedinspectionservices.com, 1
+refinedlightingaz.com, 1
+refinedroomsllc.com, 1
+refinery29.com, 1
+refjob.jp, 1
+reflab.dk, 1
+reflectionsbarlingsbeach.com.au, 1
+reflectionsonthebay.org.au, 1
+reflecton.io, 1
+reflectoring.io, 1
+refletindosaude.com.br, 1
+reflets-de-france.fr, 0
+reflets.info, 1
+reflexions.co, 1
+reflexionspain.tk, 1
+reflexive-engineering.com, 1
+refline.ch, 1
+refluxogastroesofagico.ga, 1
+refocusai.com, 1
+refood-cascaiscpr.eu, 1
+reform.ee, 1
+reformando-t.es, 1
+reformasflores.com, 1
+reformation.financial, 1
+reformatreality.com, 1
+reformayobra.com, 1
+reformedermatology.com, 1
+refpa.top, 1
+refpa1342653.top, 1
+refpa170071.top, 1
+refpa4216323.top, 1
+refpa4496162.top, 1
+refpa4903566.top, 1
+refpa5446390.top, 1
+refpa59720.top, 1
+refpa6781648.top, 1
+refpaasxufov.top, 1
+refpabei.top, 1
+refpabuyoj.top, 1
+refpadewok.com, 1
+refpaewsbc.top, 1
+refpaffkansb.top, 1
+refpaicctvtm.top, 1
+refpaiglbwkv.top, 1
+refpaikgai.top, 1
+refpajqhsd.top, 1
+refpakrtsb.top, 1
+refpakwpsrbm.top, 1
+refpalqtdn.top, 1
+refpamjeql.top, 1
+refpanjoke.com, 1
+refpaopsxi.top, 1
+refpaqutiu.top, 1
+refparrknf.top, 1
+refpasra.host, 1
+refpasrasw.world, 1
+refpaswoon.top, 1
+refpatqltx.top, 1
+refpavikwm.top, 1
+refpavnpad.top, 1
+refpaydc.top, 1
+refpayio.top, 1
+refpazkjixes.top, 1
+reframeituk.org.uk, 1
+refresh-dc.org, 1
+refreshcartridges.co.uk, 1
+refreshingserum.com, 1
+refreshliving.us, 1
+refreshmentshop.co.uk, 1
+refreshwomensretreat.com, 1
+refrigeracion2hermanos.com.mx, 1
+refrigeratorrepair-austin.com, 1
+refu.net, 0
+refuelcollective.com, 0
+refuelcreative.com.au, 0
+refuelmcconnell.com, 1
+refuelmcconnell.marketing, 1
+refugiodomilitar.com.br, 1
+refundo.cz, 1
+refundo.sk, 1
+refurb-tracker.com, 1
+refusedcarfinance.com, 1
+reg.place, 1
+rega-sport.it, 1
+regain.com, 1
+regain.us, 1
+regal.radio, 1
+regalador.com, 1
+regalcapitalwi.com, 1
+regalfille.com, 1
+regalosymuestrasgratis.com, 1
+regalpaintingfdl.com, 1
+regalradio.net, 1
+regaltheatre.com.au, 1
+regamega.ru, 0
+reganclassics.co.uk, 1
+reganclassics.com, 1
+regancyroofing.solutions, 1
+regancyroofing.uk, 1
+reganparty.com, 1
+regardezleprogramme.fr, 1
+regasportshop.it, 1
+regata-club.com.ua, 1
+regata2015.tk, 1
+regatesenbretagne.bzh, 1
+regazofotografia.com, 1
+regdomain.ga, 1
+regdomain.tk, 1
+regele.tk, 1
+regenboghorn.com, 0
+regencytablesandsinks.com, 1
+regencywalkinclinic.com, 1
+regendevices.eu, 1
+regeneo.cz, 1
+regenerapoint.it, 1
+regenerescence.com, 1
+regenpfeifer.net, 0
+regensburg-repariert.de, 1
+regent.ac.za, 1
+regent.pp.ua, 1
+regentcruises.com, 1
+regentinvest.com, 1
+regentmovies.tk, 1
+regento.bg, 1
+regex101.com, 1
+reggaesumfest.com, 1
+reggaexplosion.tk, 1
+reggea.tk, 1
+reggiotoday.it, 1
+regiamo.ch, 1
+regiaodeaveiro.pt, 1
+regie-sc.ch, 1
+regime-anticellulite.com, 1
+regimebonheur.com, 1
+reginaascanio.es, 1
+reginaclinic.jp, 1
+reginalenz.com, 1
+reginfo.gov, 1
+regio-salland.nl, 1
+regiobeveland.nl, 1
+regiojet.com, 1
+regiojet.cz, 1
+region-vologda.tk, 1
+region22.tk, 1
+region6armymars.org, 1
+regionaalenergieloket.nl, 1
+regional-rabatt.de, 1
+regionalgrowth.com, 1
+regionethost.tk, 1
+regionethungaria.hu, 1
+regionmedia.cf, 1
+regionstea.net, 1
+regioplanverbindt.nl, 1
+regiosalland.nl, 1
+regiovertrieb.de, 0
+regis.tech, 1
+regisearch.co.uk, 1
+registech.com, 1
+register.com.np, 1
+register.to, 0
+registerforevent.co.uk, 1
+registerforhappywellth.com, 1
+registertovoteflorida.gov, 1
+registr.io, 1
+registrarius.org, 1
+registrarplus.net, 1
+registrarplus.nl, 1
+registrierung.tk, 1
+registry.google, 1
+registry.quebec, 1
+registryfinder.com, 1
+registryplus.net, 1
+registryplus.nl, 1
+regmik.ua, 1
+regnix.net, 1
+regnr.info, 1
+regolithmedia.com, 1
+regon.hu, 1
+regospel.tk, 1
+regpacks.com, 1
+regraph.de, 1
+regression.tk, 1
+regsec.com, 1
+regtech.tk, 1
+regtify.com, 1
+regtify.org, 1
+regtransfers.co.uk, 1
+reguladordevoltagem.com.br, 1
+regularizaboti.com.br, 1
+regularlabs.com, 1
+regulations.gov, 1
+regulative.gq, 1
+rehab.cf, 1
+rehab.cn.ua, 1
+rehabphilippines.com, 1
+rehabthailand.com, 1
+rehabthailand.org, 1
+rehasport-informationen.de, 1
+rehasport-marketing.de, 1
+rehasportwelt.de, 1
+rehau-ua.com, 1
+reher.pro, 1
+rehobothbeachde.gov, 1
+rehobothma.gov, 1
+rehzzo.cloud, 1
+rei.ki, 1
+reiaudio.com.br, 1
+reichardt-home.goip.de, 1
+reichel-steinmetz.de, 1
+reichelt-cloud.de, 1
+reichelt.com, 1
+reichelt.de, 1
+reichelt.nl, 1
+reichl-online.net, 1
+reiciunas.lt, 1
+reidasbombas.com, 1
+reidasmalas.com.br, 1
+reidasofficial.lt, 1
+reidjaeger.com, 1
+reidope.com.br, 1
+reidostorrents.com, 1
+reidrice.com, 1
+reifeswinger.com, 1
+reifr.net, 1
+reignsphere.net, 1
+reiki-france.fr, 1
+reikiblog.cf, 1
+reikicrystal.com, 1
+reikimaster.tk, 1
+reilly.io, 1
+reimaginebelonging.de, 1
+reimaginebelonging.org, 0
+reimann.me, 1
+reimers.de, 1
+reimsmediaslibres.info, 1
+reinaertvandecruys.com, 1
+reinaertvandecruys.me, 1
+reinaldudrasfamily.ee, 1
+reinascba.com.ar, 1
+reindeere.ca, 0
+reindersfoodfashion.nl, 1
+reinencaressa.be, 1
+reiner-h.de, 1
+reinfer.io, 1
+reingroup.ru, 1
+reinhardtsgermanautorepair.com, 1
+reinhardtsgrimma.de, 1
+reinhart-auto.cz, 1
+reinheft.de, 0
+reinierjonker.nl, 1
+reinisch.io, 1
+reinodemurcia.tk, 1
+reinoldus.ddns.net, 1
+reinotools.com, 1
+reinout.nu, 1
+reinouthoornweg.nl, 1
+reintjens.de, 1
+reinventersontravail.com, 1
+reinvention-institute.com, 1
+reirei.cc, 1
+reisbergadr.com, 1
+reisdemuthwiltgen.com, 1
+reisebuero-baader.de, 1
+reisen.ga, 1
+reisenbauer.at, 1
+reisenbauer.ee, 0
+reiseziel-hiddensee.de, 0
+reiseziele.tk, 1
+reishikitchen.co.uk, 1
+reishikitchen.com, 1
+reishiplantkitchen.co.uk, 1
+reishiplantkitchen.com, 1
+reispower.nl, 1
+reisslittle.com, 1
+reissnehme.com, 1
+reisspecialistdevalk.nl, 1
+reitmeier.me, 1
+reitoracle.com, 1
+reitstall-goettingen.de, 1
+reittherapie-tschoepke.de, 1
+reivernet.com, 0
+reja.au, 1
+rejahrehim.com, 1
+rejail.ru, 1
+rejected-by-society.tk, 1
+rejected.tk, 1
+rejective.tk, 1
+rejects.email, 1
+rejido.tk, 1
+rejushiiplotter.ru, 1
+rejuvetclinicpromotion.com, 1
+rekka-j.com, 1
+rekklab.com, 1
+rekkur.com, 1
+rekkur.consulting, 1
+rekkur.de, 1
+rekkur.dev, 1
+rekkur.io, 1
+rekkur.net, 1
+rekkur.org, 1
+rekkur.solutions, 1
+rekkur.team, 1
+rekkur.tech, 1
+rekkur.technology, 1
+rekkursolutions.com, 1
+rekkurtechnology.com, 1
+reklama-crimea.com, 1
+reklamapoumu.ru, 1
+reklamim.tk, 1
+reklamirui.tk, 1
+reklamjog.hu, 1
+reklamy-led.tk, 1
+rekmedia.tk, 1
+rekono.si, 0
+rekorhaliyikama.com, 1
+reksadanapanin.co.id, 1
+rekurasi.com, 1
+rekursion.at, 1
+rel-me.cc, 1
+relais-laguiole.com, 1
+relaisducoustoubi.com, 1
+relatedgroup.com, 1
+relates.link, 1
+relatethesport.com, 0
+relatic.net, 1
+relation.cf, 1
+relationalplayground.com, 1
+relations-business.com, 1
+relationsatwork.net, 1
+relationshiptalk.net, 1
+relationsproblem.nu, 1
+relatosypoesias.tk, 1
+relawan24jam-magetan.pp.ua, 1
+relaxcenternederland.nl, 1
+relaxdata.eu, 1
+relaxhavefun.com, 1
+relaxpointhyncice.cz, 1
+relaxti.me, 1
+relaxxed.nl, 1
+relaxxxed.com, 1
+relaybox.io, 1
+relayto.com, 1
+release-monitoring.org, 1
+releasedate.me, 1
+releasepoint.com, 1
+releases.live, 1
+releasetimes.io, 1
+relevaillesquebec.com, 1
+relevanttomyinterests.com, 1
+releve-analyser.com, 1
+reley.me, 1
+reliabilityweb.com, 1
+reliablecanadianpharmacy.com, 1
+reliabledegree.com, 1
+reliablemaids.co.uk, 1
+reliablemojo.com, 1
+reliablepi.com, 1
+reliableremovals-blackpool.co.uk, 1
+reliablewire.com, 1
+reliahost.nl, 1
+relialink.co.uk, 1
+reliant.com, 1
+reliant3sixty.com, 1
+reliantpropertygrpri.com, 1
+relic.gq, 1
+relieftn.com, 1
+reliefweb.int, 1
+religious-life.com, 1
+religiousfreedomunderfire.com, 1
+religiya.tk, 1
+relikt.tk, 1
+relines.ru, 1
+relisten.nl, 1
+reloading.ml, 1
+relocatefeds.gov, 1
+relojeriajoyeria.com, 1
+relojes-especiales.com, 1
+relojes-online.com, 1
+relookdecoration.fr, 1
+relsak.cz, 0
+reltio.com, 1
+relution.io, 1
+relvan.com, 1
+relvan.tech, 1
+relyon-plasma.com, 1
+relyonnutec.com, 1
+rem-coatings.de, 1
+rem-cond.ru, 1
+rem0te.net, 1
+remain.london, 1
+remake-projects.tk, 1
+remambo.jp, 1
+remarkmart.com, 1
+remateszarate.cl, 0
+remax-direct.co.il, 1
+remax.at, 1
+remaxelite.co.il, 1
+remaxtop.co.il, 1
+remeb.de, 1
+remedi.tokyo, 1
+remediohalkiparaladiabetes.org, 1
+remedionaturales.com, 1
+remedioparaherpes.com, 1
+remedios.com.br, 1
+remedioscaseros.guru, 1
+remejeanne.com, 1
+remembear.com, 1
+remember.de, 1
+rememberingjordan.org, 1
+remembermidi.sytes.net, 1
+rememberthemilk.com, 0
+remembervets.com, 1
+remennik.tk, 1
+remesal.es, 1
+remessaonline.com.br, 1
+remetall.cz, 1
+remezcla.com, 1
+remhomut.ru, 1
+remi-decker.tk, 1
+remi-saurel.com, 1
+remi-theriault.com, 1
+remiafon.com, 1
+remicade.com, 1
+remifajardo.cf, 1
+remilner.co.uk, 1
+reminda.com, 1
+reminded.tk, 1
+remington-europe.com, 1
+remirampin.com, 1
+remissan.com, 1
+remissionclinic.com, 0
+remitano.com, 1
+remix64.com, 1
+remiz.org, 1
+remmik.com, 1
+remminhdang.com, 1
+remo.health, 1
+remodded.cf, 1
+remodded.gq, 1
+remodded.ml, 1
+remodded.tk, 1
+remodelate.mx, 1
+remodelhealth.com, 1
+remodelwithlegacy.com, 1
+remonline.ru, 1
+remont-45.tk, 1
+remont-kazan.tk, 1
+remont-kvartirvmoskve.ga, 1
+remont-naushnikov.tk, 1
+remont-rollet-izgotovlenie.cf, 1
+remont-rukami.tk, 1
+remontdot.tk, 1
+remontfirm.tk, 1
+remonti.info, 1
+remontkompyutera.tk, 1
+remontlog.com, 1
+remontmax.bg, 1
+remontmebliv.lviv.ua, 1
+remonto.tk, 1
+remontpc.cf, 1
+remontpc.tk, 1
+remontportal.tk, 1
+remontstrong.ru, 1
+remonttikauppa.com, 1
+remontuks.ru, 1
+remora.tk, 1
+remorse.ga, 1
+remote-health.net, 1
+remoteassistants.io, 1
+remotedesktop.corp.google.com, 1
+remoteoffice.ga, 1
+remoteok.com, 1
+remoteroom.jp, 1
+remoteshack.cf, 1
+remoteshack.ml, 1
+remoteutilities.com, 1
+remoteworkertech.asia, 1
+remoteworkingpal.com, 1
+remotewx.com, 1
+remotish.com, 1
+removalcellulite.com, 1
+removebg.in, 1
+removedrepo.com, 1
+removerz.ca, 1
+remptmotors.com, 0
+remrol.ru, 0
+remsenny.gov, 1
+remservices.ky, 1
+remsoft.com.br, 1
+remwhile.com, 1
+remyb.me, 1
+remyphotography.fr, 1
+remyroguevolution.tk, 1
+rena.am, 1
+renaatsioncke.com, 1
+renaissance.shop, 1
+renard-pierne-avocats.fr, 1
+renascercorretora.com.br, 1
+renascerstp.org, 1
+renate-lietz.de, 1
+renatemamber.nl, 1
+renateonline.tk, 1
+renaudmuller.fr, 1
+renaultclubticino.ch, 0
+rencbrain.com, 1
+rencontredemerde.fr, 1
+rendall.tv, 1
+render.com, 1
+renderatelier.com, 1
+renderferma-cash.tk, 1
+renderloop.com, 1
+renderstack.io, 1
+renderworld.tk, 1
+renderzone.tk, 1
+rendez-vous.gq, 1
+rendezvous-cafe.co.uk, 1
+rendre-service.ch, 0
+rendutowers.org.au, 1
+rene-eizenhoefer.de, 1
+rene-schwarz.com, 0
+rene-stolp.de, 1
+renearends.nl, 1
+renecoignard.co, 1
+renecoignard.com, 1
+renecoignard.fr, 1
+renecoignard.me, 1
+renecoignard.net, 1
+renecoignard.org, 1
+renecoignard.ru, 1
+renegadeexploration.com, 1
+renehsz.com, 1
+renem.net, 0
+reneopharma.com, 1
+reneploetz.de, 1
+reneschmidt.de, 1
+reneschroeter.de, 1
+renet.com.br, 1
+renet.tk, 1
+renevo.eu, 1
+renewablekids.tk, 1
+renewablemaine.org, 1
+renewcleaningservices.net, 1
+renewedhr.com, 1
+renewgsa.com, 1
+renewmedispa.com, 0
+renewpfc.com, 1
+renezuo.com, 1
+renicimery.com.br, 1
+renjyaku-dental.com, 1
+renkenlaw.com, 1
+rennes-bachata.com, 1
+rennes-blues.com, 1
+rennes-danse-africaine.com, 1
+rennes-danse-orientale.com, 1
+rennes-danses-en-ligne.com, 1
+rennes-hip-hop.com, 1
+rennes-lindy-hop.com, 1
+rennes-pilates.com, 1
+rennes-reggaeton.com, 1
+rennes-rock-6-temps.com, 1
+rennes-salsa-portoricaine.com, 1
+rennes-salsa.com, 1
+rennes-tango.com, 1
+rennes-valse.com, 1
+rennes-west-coast-swing.com, 1
+rennes-yoga.com, 1
+rennes-zumba.com, 1
+rennfire.org, 1
+rennie.com, 1
+renoboston.com, 1
+renocountyks.gov, 1
+renoproject.org, 1
+renorun.ca, 1
+renorun.com, 1
+renos.tk, 1
+renovalar.com.br, 1
+renovandoingresos.com, 1
+renovation-abm.fr, 1
+renovationsf.cf, 1
+renovationsf.ga, 1
+renovera.be, 1
+renovum.es, 1
+renrenche.com, 0
+rens.nu, 1
+renscreations.com, 1
+rent-a-c.io, 1
+rent-a-coder.de, 1
+rent-car.ga, 1
+rent-to-own-home.ga, 1
+rent.ie, 1
+rent.men, 1
+rentacar.name.tr, 1
+rentacar3.com, 0
+rentacaramerica.com, 1
+rentacarankara.com.tr, 1
+rentacarizmir.com.tr, 1
+rentacarmedo.me, 1
+rentaciudadana.co, 1
+rentalboatsafety.com, 1
+rentalharmony.co.za, 1
+rentalseleutheraisland.com, 1
+rentamosandamios.com.mx, 1
+rentandamiosycasetas.com, 1
+rentandgoandalo.it, 1
+rentandgofalcade.it, 1
+rentandgosestriere.it, 1
+rentandgovalmalenco.it, 1
+rentasportexclusive.it, 1
+rentasweb.gob.ar, 1
+rentberry.com, 1
+rentbrowser.com, 1
+rentcafe.co.uk, 1
+rentex.com, 1
+rentfaster.ca, 1
+renthelper.us, 1
+renticar.com, 1
+rentinsingapore.com.sg, 1
+rently.nl, 1
+rentm.media, 1
+rentmama.cf, 1
+rentmama.ga, 1
+rentmama.gq, 1
+rentmama.ml, 1
+rentmasseur.com, 1
+rentmen.eu, 1
+rentnow.my, 1
+rentourhomeinprovence.com, 1
+rentsbg.com, 1
+rentsucks.com, 1
+renuo.ch, 1
+renusoni.ga, 1
+renusson.com, 1
+renut.com.np, 1
+renverse.co, 1
+renvillecountymn.gov, 1
+renvisegrad.hu, 1
+renwerks.com, 1
+renxinge.cn, 0
+renyiyou.com, 1
+renyu.ai, 0
+reo.gov, 0
+reorz.com, 0
+reox.at, 1
+repaircafe-hanau.de, 1
+repairdriveshafts.tk, 1
+repairingmobile.tk, 1
+repairit.support, 1
+repairland.gr, 1
+repairlinkshop.com, 1
+repairtly.com, 0
+repalriley38.com, 1
+repaper.org, 1
+reparacionesdecalefones.com, 1
+reparacioneslocativas.com.co, 1
+reparacionmovilesmurcia.com, 1
+repararimac.eu, 1
+repararipad.eu, 1
+reparariphone.biz, 1
+repararmac.eu, 1
+repararsamsung.eu, 1
+repararxiaomi.eu, 1
+reparatiecrm.nl, 1
+reparatieferestre.md, 1
+reparation-traceur.com, 1
+reparaturcafe-pfullendorf.de, 1
+reparo.pe, 0
+repat.de, 1
+repauto.com.ua, 1
+repaxan.com, 1
+repeat.gg, 1
+repettoshoes.tk, 1
+repin.in.ua, 1
+repinger.my.id, 1
+repl.ga, 1
+replacementrate.ga, 1
+replay.ga, 1
+replaynexus.com, 1
+replicacoin.ga, 1
+replicagold.ml, 1
+replici.net, 1
+replikatelefon.tk, 1
+repliksword.com, 1
+repo.ml, 1
+repology.org, 1
+report-incident.de, 1
+report-it.trade, 1
+report-uri.com, 1
+report.cf, 1
+reportallusa.com, 1
+reportband.gov, 1
+reporte.tk, 1
+reportercareer.ga, 1
+reporterre.net, 1
+reporters.ng, 1
+reporting.gov, 1
+reportoid.tk, 1
+reposaarenkuva.fi, 1
+reposeed.dev, 1
+reposeed.org, 1
+represent.us, 1
+reproaccess.gov, 1
+reproductive-revolution.com, 1
+reproductiveaccess.gov, 1
+reproductivehealthservices.gov, 1
+reproductiverevolution.com, 1
+reproductiverights.gov, 1
+reprogramador.com, 1
+reprogramador.es, 1
+reprogramming-predators.com, 1
+reprogrammingpredators.com, 1
+reprolegaldefensefund.org, 1
+reprolegalhelpline.org, 1
+reprorights.gov, 1
+repsltd.co.uk, 1
+repstalent.com, 1
+reptieleninfo.tk, 1
+reptilepoint.com, 1
+reptrax.com, 1
+republic.gg, 1
+republic.gr, 1
+republica.gt, 1
+republicafederal.tk, 1
+republicanleader.gov, 1
+republicanwhip.gov, 1
+republicasantabanana.org, 1
+republicmo.gov, 1
+republictelecom.net, 1
+republik-sombora.tk, 1
+republikalajm.com, 1
+republikapost.com, 1
+republique.org, 1
+repuestosmedellin.com, 1
+repugnant-conclusion.com, 1
+repugnantconclusion.com, 1
+reputatiedesigners.nl, 1
+reqionstockholm.se, 1
+request.cf, 1
+requesthymn.com, 1
+requestr.co.uk, 1
+requeteguapas.com, 1
+requeue.ga, 1
+requin.tk, 1
+requirements.ga, 1
+rercel.com, 0
+reregu.cf, 1
+reroboto.com, 1
+reroboto.eu, 1
+reroboto.net, 1
+reroboto.org, 1
+reroboto.social, 1
+reroll.tv, 1
+rerumu.com, 1
+resalerental.com, 1
+resanebartar.tk, 1
+resbi.tk, 1
+resc.la, 1
+rescatec.com, 1
+resch-verlag.com, 1
+resch.pro, 1
+rescms-secure.com, 1
+rescuenode.com, 1
+rescuer.gq, 1
+rescuer.tk, 1
+research-panel.jp, 1
+research.facebook.com, 0
+researchmarathi.com, 1
+researchresults.com, 1
+researchstory.com, 1
+researchtriangle.org, 1
+researchwriting.co.uk, 1
+reseau-ait.ca, 1
+reseau-image.com, 1
+reseau-protestant.ch, 0
+reseau-tee.net, 1
+reseau-web.com, 1
+reseau.je, 1
+reseau007.tk, 1
+resellerprogram.ga, 1
+resellrefreshrepeat.com, 1
+reserva-agora.pt, 1
+reservadecitasonline.com, 1
+reservar-un-hotel.com, 1
+reservationsair.com, 1
+reservetonshift.com, 1
+reservilaisliitto.fi, 1
+resfriatech.com.br, 1
+reshebnik.ml, 1
+reshka.ga, 1
+residence-donatello.be, 1
+residence-edelweiss.com, 1
+residence-simoncelli.com, 1
+residencedesign.net, 1
+residencelichtenberg.com, 1
+residencemagazine.se, 1
+residencescauri.it, 1
+residency-bond.eu, 1
+resident-evil.tk, 1
+residentiallocksmithdallas.com, 1
+residentialmortgageholdings.com, 1
+residentialpressurewashingchicago.com, 1
+residentinfo.net, 1
+residualpayments.com, 1
+resigno.tk, 1
+resilience.sh, 1
+resiliencebox.com, 1
+resilientlouisianacommission.gov, 1
+resilienzatropical.it, 1
+resimdo.de, 1
+resimevi.tk, 1
+resine.roma.it, 1
+resinflooringcompany.com, 1
+resinheaven.com.au, 1
+resisfestival.com, 1
+resist.bot, 1
+resist.ca, 1
+resistancebooks.com, 0
+resistav.com, 1
+resize2fs.de, 0
+resju21.ch, 1
+resmigazete.gov.tr, 1
+resmim.net, 1
+resolu.ru, 1
+resolute.com, 1
+resolutesystems.com, 1
+resolutewealthmanagement.com, 0
+resolutionnews.cf, 1
+resolutionnews.ga, 1
+resolve-portal.it, 1
+resolved.tk, 1
+resolvefa.co.uk, 1
+resolvefa.com, 1
+resolveit.gq, 1
+resolvergroup.com.au, 1
+resolvo.com, 1
+resoplus.ch, 0
+resort-islands.net, 1
+resort-nuvola.be, 1
+resort.ga, 1
+resortafroditatucepi.com, 1
+resortrealty.com, 0
+resorts.ru, 1
+resortsupportfiji.com, 1
+resoundpro.ca, 1
+resourceconnect.com, 1
+resourceguruapp.com, 1
+resources.flowfinity.com, 1
+resourcesmanagementcorp.com, 1
+resourcespace.com, 1
+respawwn.com, 1
+respectmyprivacy.eu, 1
+respectmyprivacy.net, 1
+respectmyprivacy.nl, 1
+respectonsleau.fr, 1
+respecttheflame.com, 1
+respinar.com, 1
+respiradores.tk, 1
+respiranto.de, 1
+respiratorytherapistlicense.com, 1
+respire-yoga.fr, 1
+respokare.com, 1
+respon.jp, 1
+respondeck.de, 1
+responer.com, 1
+respons.je, 1
+respons.me, 1
+respons.mobi, 1
+respons.us, 1
+respons.ws, 1
+responscode.eu, 1
+responscode.info, 1
+responscode.mobi, 1
+responscode.nl, 1
+responsecode.info, 1
+responsecode.mobi, 1
+responsecode.nl, 1
+responsible-disclosure.nl, 1
+responsible.ca, 1
+responsibledisclosure.nl, 1
+responsivepaper.com, 1
+respostas.com.br, 1
+ressourceportal.dk, 1
+ressourcesindivior.com, 1
+ressourcesleopharma.fr, 1
+ressupply.com, 1
+rest-in-moscow.tk, 1
+resta.ga, 1
+restad.org, 1
+restart-brno.cz, 1
+restartperm.ml, 1
+restauraceumichala.cz, 1
+restaurant-de-notenkraker.be, 1
+restaurant-eatenjoy.be, 1
+restaurant-fujiyama.fr, 1
+restaurant-naan.de, 1
+restaurant-oregano.de, 1
+restaurant-rosengarten.at, 1
+restaurant-spartacus.tk, 1
+restaurantcleaningchicago.com, 1
+restaurantdetgulepakhus.tk, 1
+restaurantedonono.com.br, 1
+restaurantepepeyestrella.es, 0
+restauranteplatoubeda.es, 1
+restaurantesimonetti.com.br, 1
+restaurantguru.com, 1
+restauranthugo.nl, 1
+restaurants.sg, 1
+restauranttester.at, 1
+restauratorin-maubach-dresden.de, 1
+restauriedili.roma.it, 1
+restauto.com.ua, 1
+restbygait.com, 1
+restchart.com, 1
+rester-a-domicile.ch, 1
+rester-autonome-chez-soi.ch, 1
+restic.net, 1
+restioson.me, 1
+restless.it, 1
+restlesseshop.com, 1
+restlesslegs.tk, 1
+resto-renaissance.be, 1
+restoclub.ru, 1
+restomojo.tk, 1
+restoran.cf, 1
+restorationphotos.tk, 1
+restorethegulf.gov, 1
+restoringhopeberks.org, 1
+restoruns.com, 1
+restrealitaet.de, 1
+restream.fi, 1
+resultsatretail.com, 1
+resultscx.com, 1
+resultsdate.news, 1
+resulttado.com, 1
+resume4dummies.com, 1
+resumecompanion.com, 1
+resumegenius.com, 1
+resumegets.com, 1
+resumehelp.com, 1
+resumehelp.io, 1
+resumelibros.tk, 1
+resumenlatinoamericano.org, 1
+resumeprime.com, 1
+resumerabbit.com, 1
+resumeshoppe.com, 1
+resumevalley.com, 1
+resumeworded.com, 1
+resumic.com, 1
+resumic.dev, 1
+resumic.io, 1
+resumic.net, 1
+resumic.org, 1
+resurfacehub.com, 1
+resurgent.network, 1
+resurspartner.tk, 1
+resveratrolsupplement.co.uk, 1
+retailcleaners.ga, 1
+retailcybersolutions.com, 1
+retailing.cf, 1
+retailmarket.net, 1
+retailnext.net, 1
+retaque.tk, 1
+retarara.tk, 1
+retardedstudios.tk, 1
+retefrati.it, 0
+reteteaz.net, 1
+retetenoi.net, 1
+retetop95.it, 0
+reth.ch, 1
+rethymnorooms.tk, 1
+reticket.me, 1
+reticle.cf, 1
+reticon.de, 1
+retics.cf, 1
+retidurc.fr, 1
+retiesebaan.tk, 1
+retin.ml, 1
+retinaconsultantstexas.com, 1
+retinacv.es, 1
+retinens.com, 1
+retirementincomeplanninggroup.com, 1
+retireyourpassword.org, 1
+retiring-dentist.co.uk, 1
+retiringaccountant.co.uk, 1
+retiringifa.co.uk, 1
+retiva-bet23367.com, 1
+retivabet.com, 1
+retmig.dk, 1
+retmus.com, 1
+reto.ch, 0
+reto.io, 1
+reto.tv, 1
+retofunctional.com, 0
+retohaeberli.com, 0
+retokromer.ch, 0
+retool.com, 0
+retornaz.com, 1
+retornaz.eu, 1
+retornaz.fr, 1
+retract.com.au, 1
+retractableawningssydney.com.au, 1
+retraitebysaulsplace.nl, 1
+retro-game.org, 1
+retro.rocks, 1
+retroarms.com, 1
+retroarms.cz, 1
+retrobook.tk, 1
+retrocdn.net, 1
+retrocircuitos.com, 1
+retrogamenews.tk, 1
+retrohousewifegoesgreen.com, 1
+retroity.net, 1
+retrojar.top, 1
+retrojugo.tk, 1
+retronet.nl, 1
+retropack.org, 1
+retropedal.tk, 1
+retrophoto.fr, 0
+retropixel.ga, 1
+retroride.cz, 1
+retroroundup.com, 0
+retroskoter.tk, 1
+retroslave.ga, 1
+retroterminal.com, 1
+retrotown.ws, 1
+retrotubesporn.com, 1
+retrovideospiele.com, 1
+retroworld.tk, 1
+retseptykaboli.cf, 1
+rettar.net, 1
+rette-ein-kinderleben.de, 1
+rettig.xyz, 1
+retube.ga, 1
+return-profit.tk, 1
+return.sh, 1
+returnly.com, 1
+returnonerror.com, 1
+reucon.com, 1
+reueljohnk.com, 1
+reulitz.de, 0
+reuna.me, 1
+reunion.tk, 1
+reup.cash, 1
+reurbcaceres.com.br, 1
+reuschtools.com, 1
+reusesti.ro, 1
+reut42.de, 1
+reuter-profishop.de, 0
+reuter.de, 0
+reuterhall.se, 1
+reutersevents.com, 1
+rev-crew.info, 1
+revaio.com, 1
+reval.com, 1
+revalidatiekennisnet.nl, 1
+revaloriza.cf, 1
+revapost.fr, 1
+revayd.net, 1
+revconnect.tk, 1
+revcovi.com, 1
+revda.su, 1
+reveal-sound.com, 1
+reveal11.cloud, 1
+revealcellcamtracker.com, 1
+revealdata.com, 1
+revechat.com, 1
+revellecoaching.com, 0
+revellio.tk, 1
+revenge-spells.com, 1
+revengegames.lv, 1
+revengeofthesomething.tk, 1
+revenue-playbook.com, 1
+revenuegeeks.com, 1
+revenuegrid.com, 1
+reverce.com, 1
+reveriecaps.com.br, 1
+revers.tk, 1
+reverse1999.wiki, 1
+reverseaustralia.com, 1
+reversecanada.com, 1
+reversecrucifixkm.altervista.org, 1
+reversedns.tk, 1
+reverseloansolutions.com, 1
+reversemortgageguides.com, 1
+reversemortgageguides.org, 1
+reversesouthafrica.com, 1
+revgen.life, 1
+revierstrand.de, 1
+review.jp, 1
+review247.ga, 1
+reviewbestseller.com, 1
+reviewchecker.nl, 1
+reviewdetector.ml, 1
+reviewengin.com, 1
+reviewgeek.com, 1
+reviewheaven.ml, 1
+reviewku.id, 1
+reviewninja.net, 1
+reviewpipe.com, 1
+reviews.anime.my, 0
+reviewsfunnel.com, 1
+reviewskia.com, 1
+reviewskia.in, 1
+reviewsonline.ml, 1
+reviewspot.net, 1
+reviewu.ca, 1
+revifymedspa.com, 1
+revijahak.hr, 1
+revintake.com, 1
+revionics.com, 1
+reviquimicos.com, 1
+revis-online.cf, 1
+revis-online.gq, 1
+revis-online.ml, 1
+revis-online.tk, 1
+revisi.id, 1
+revisione.it, 1
+revisionmedia.pl, 1
+revisionnotes.xyz, 1
+revisore.it, 1
+revisores.pt, 1
+revisoronline.cf, 1
+revisoronline.ga, 1
+revisoronline.gq, 1
+revisoronline.ml, 1
+revisoronline.tk, 1
+revista-atalaya.ml, 1
+revista-programar.info, 1
+revistabifrontal.com, 1
+revistacocina.tk, 1
+revistadiscover.com, 1
+revistaespecies.ga, 1
+revistaligustinus.tk, 1
+revistamatg.com, 1
+revitalisierungs-akademie.de, 1
+revivalinhisword.com, 1
+revivalprayerfellowship.com, 1
+reviveourhearts.com, 1
+reviveplumbingmelbourne.com.au, 1
+reviviendolavilla.tk, 1
+revizor-online.cf, 1
+revizor-online.ga, 1
+revizor-online.gq, 1
+revizor-online.ml, 1
+revizor-online.tk, 1
+revizor.ml, 1
+revizoronline.tk, 1
+revloop.com, 1
+revmap.com, 1
+revoka.de, 1
+revol.space, 1
+revolucioncharango.com, 1
+revolution-mining.com.au, 1
+revolution.net.nz, 1
+revolutionary.tk, 1
+revolutionaryaim-vienna.tk, 1
+revolutionaryireland.cf, 1
+revolutionaryireland.ga, 1
+revolutionaryireland.gq, 1
+revolutionaryireland.ml, 1
+revolutionengine.tk, 1
+revolutionenkommer.dk, 1
+revolutionhealth.ca, 1
+revolutionizingheartfailure.com, 1
+revolutionofbeauty.tk, 1
+revolutionofgaming.tk, 1
+revolware.com, 1
+revosoft.de, 1
+revres.info, 1
+revspot.net, 1
+revthefox.co.uk, 1
+revton.com, 1
+revuestarlight.me, 1
+revworld.org, 1
+revx.io, 1
+rewardingexcellence.com, 1
+rewardoapp.com, 1
+rewardscout.eu, 1
+rewatch.com, 1
+rewawatch.tk, 1
+rewebsitepro.com, 1
+rewirenewsgroup.com, 1
+rewolucja1905.pl, 1
+rewriteguru.com, 1
+rewritertools.com, 1
+rex.red, 1
+rex.st, 1
+rex.tc, 1
+rexbang.tk, 1
+rexbaumgartnerdds.com, 1
+rexburgid.gov, 1
+rexcutty.com, 1
+rexdf.net, 1
+rexel.com, 1
+rexeroofing.com, 1
+rexo.ch, 1
+rexograph.com, 1
+rexskz.info, 1
+rextomanawato4.tk, 1
+rexuy.com, 1
+rexvin.co.id, 0
+rexxworld.com, 1
+reyesfernando.com, 1
+reyesholdings.com, 1
+reyna.cc, 1
+reynders.xyz, 1
+reynoldsburg.gov, 1
+rezendemultimarcas.com.br, 1
+rezept-planer.de, 1
+rezidencezdanice.cz, 1
+rezio.io, 0
+rezistor.tk, 1
+rezka-burenie.cf, 1
+rezni.cz, 1
+reznik.tk, 1
+rezultant.ru, 1
+rezun.cloud, 1
+rf-gamer.gq, 1
+rf.studio, 1
+rfasafedrop.org, 1
+rfbcnet.tk, 1
+rfbz.ca, 1
+rfdirectory.tk, 1
+rfeif.org, 1
+rfg.ru, 1
+rfgadvisorywealth.com, 0
+rfmsconnect.nl, 1
+rfn.cz, 1
+rfnews.tk, 1
+rfoard.com, 1
+rfodistribution.co.za, 1
+rfomega.ga, 1
+rfs-zbpe.net, 1
+rfstag.com, 1
+rfstag.org, 1
+rftoon.com, 1
+rfvigo.com, 1
+rfxanalyst.com, 1
+rg.to, 1
+rga.cl, 1
+rgacomputacion.cl, 1
+rgbinnovation.com, 1
+rgbpty.com, 1
+rgc.com.co, 0
+rgcomportement.fr, 0
+rgdt.tk, 1
+rgf.be, 0
+rgfundraising.com, 1
+rggraphics.mx, 1
+rgpd-elearning.com, 1
+rgpdkit.io, 1
+rgservice.ml, 1
+rgtonline.com, 1
+rgz.ee, 1
+rhaegal.me, 1
+rhamzeh.com, 1
+rhaniegghe.be, 1
+rhaniegghesoftwaresecurity.be, 1
+rhbrown.com, 1
+rhcteam.com, 1
+rhd-instruments.com, 1
+rhd-instruments.de, 1
+rhd.org, 1
+rhdiscovery.com, 1
+rhees.nl, 1
+rheijmans.io, 1
+rheijmans.nl, 1
+rheimsandcohen.ltd, 1
+rhein-liebe.de, 1
+rheincargo.com, 1
+rheine.schule, 1
+rheineschulen.de, 1
+rheinland-pilgern.de, 1
+rheinturm.nrw, 1
+rhelevate.com, 1
+rhese.net, 1
+rhetorical.ml, 0
+rhetthenckel.com, 1
+rhev.in, 1
+rhforum.tk, 1
+rhfs.tk, 1
+rhhd.gov, 1
+rhhfoamsystems.com, 1
+rhicin.com, 1
+rhinelander.ca, 1
+rhinelanderpd.gov, 1
+rhinesuchus.com, 1
+rhino-inquisitor.com, 1
+rhino.co.tz, 1
+rhinobase.net, 1
+rhinoceroses.org, 1
+rhinosf1.com, 1
+rhnet.at, 1
+rhode-island-sexcams.com, 1
+rhodeislandhealth.tk, 1
+rhodes.ml, 1
+rhodesianridgeback.com.br, 1
+rhodos.fr, 1
+rhona.cl, 1
+rhost.nl, 1
+rhowell.io, 1
+rhsbl.com, 1
+rhswl.com, 1
+rhubarb.land, 1
+rhumblineadvisers.com, 1
+rhwebdesigns.co.uk, 1
+rhye.tk, 1
+rhyme.com, 1
+rhymesofreason.com, 1
+rhymeswithmogul.com, 1
+rhynl.io, 1
+rhyno.io, 1
+rhysg.net, 1
+rhysperry.com, 1
+rhysre.net, 1
+rhystagr.am, 1
+rhyswebbmassage.com, 1
+riable.com, 1
+riacanada.ca, 1
+riachuello.tk, 1
+riaiai.com, 1
+riaki.net, 1
+riaktiv.tk, 1
+rial.space, 1
+rialto.co.nz, 1
+rialtocapital.com, 1
+rian.gq, 1
+riared.net, 1
+riared.org, 1
+riaudetil.com, 1
+rib-dinslaken.com, 1
+rib-dinslaken.de, 1
+rib-fm.com, 1
+rib-fm.de, 1
+rib-ims.at, 1
+rib-ims.ch, 1
+rib-ims.com, 1
+rib-ims.de, 1
+rib-leipzig.com, 1
+riba-lov.ga, 1
+ribafs.tk, 1
+ribar.com, 1
+ribblu.com, 1
+ribccs.com, 1
+ribdigital.com, 0
+ribella.net, 1
+ribes.design, 0
+ribims.de, 1
+ribit4u.co.il, 1
+ribmountainwi.gov, 1
+ribolov.tk, 1
+ribtours.co, 1
+ric-rac.org, 1
+ricardo.nu, 0
+ricardobaptistaleite.pt, 1
+ricardojsanchez.com.ar, 1
+ricardopq.com, 1
+ricardoquaresma.tk, 1
+ricardotaakehb.tk, 1
+ricassiocosta.me, 1
+ricaud.me, 1
+riccy.org, 1
+rice-cook.com, 1
+riceadvice.info, 1
+ricecountymn.gov, 1
+ricedust.com, 1
+ricelasvegas.com, 1
+ricettesemplicieveloci.altervista.org, 1
+rich-good.com, 0
+richadams.me, 1
+richandsteph.co.uk, 1
+richandsteph.uk, 1
+richard-fath.de, 1
+richard-offermanns.nl, 1
+richard-purves.com, 1
+richardb.me, 0
+richardcrosby.co.uk, 1
+richardharpur.com, 1
+richardhicks.us, 1
+richardhouts.tk, 1
+richardinesrolltop.com, 1
+richardjgreen.net, 1
+richardlangham.plumbing, 1
+richardlangworth.com, 1
+richardlevinmd.com, 1
+richardrblocker.net, 1
+richardsandsterling.com, 1
+richardschut.nl, 1
+richardsdebt.com, 1
+richardson.cam, 1
+richardson.engineering, 1
+richardson.pictures, 1
+richardson.software, 1
+richardson.systems, 1
+richardson.tk, 1
+richardson.tw, 1
+richardsoncountyne.gov, 1
+richardstonerealestate.com, 1
+richbutler.co.uk, 1
+richcat.tw, 1
+richecommecresus.com, 1
+richelelahaise.nl, 0
+richeyweb.com, 1
+richeza.com, 1
+richfieldadamscowi.gov, 1
+richfieldsean.org, 1
+richie.cloud, 0
+richie.fi, 1
+richie.pm, 1
+richiebartlett.com, 1
+richieheijmans.com, 1
+richieheijmans.email, 1
+richieheijmans.eu, 1
+richieheijmans.io, 1
+richieheijmans.network, 1
+richieheijmans.nl, 1
+richieheijmans.one, 1
+richiesroom.com, 1
+richini.com, 1
+richlandcenterwi.gov, 1
+richlandcountyoh.gov, 1
+richlandcountywi.gov, 1
+richlandwa.gov, 1
+richlj.com, 1
+richlj.net, 1
+richlogic.blog, 1
+richmond.com, 1
+richmondca.gov, 1
+richmondcountyclerk.com, 1
+richmondcountync.gov, 1
+richmondkitchens.com.au, 1
+richmondla.gov, 1
+richmondsunlight.com, 1
+richmoney.us, 1
+richmtdriver.com, 1
+richtabak.ru, 1
+richviajero.com, 1
+richwayfun.com, 1
+rickengineering.com, 1
+ricketyspace.net, 0
+rickhoekman.com, 1
+ricki-z.com, 0
+rickmakes.com, 1
+rickmanlegal.com, 1
+rickmartensen.nl, 0
+rickoriginal.nl, 1
+rickrongen.nl, 1
+rickrussellhomes.com, 0
+rickscastles.co.uk, 1
+ricksdailytips.com, 1
+rickvanderzwet.nl, 1
+ricky.photos, 1
+rickyips.tk, 1
+rickyromero.com, 1
+rickysgames.tk, 1
+rico-brase.de, 1
+rico-j.de, 1
+rico.ovh, 1
+ricobaldegger.ch, 1
+ricochet.com, 1
+ricochet.im, 1
+ricoydesign.com, 1
+ricozienke.de, 1
+ridayu.jp, 1
+riddhimarketplace.com, 1
+riddims.co, 1
+riddimsworld.com, 1
+riddler.com.ar, 1
+riddlock.com, 1
+rideapart.com, 1
+rideelectric.gov, 1
+ridegravel.ch, 1
+rideintaxi.com, 1
+rident-estetic.ro, 1
+riderchris.com, 1
+riders.ga, 1
+rides-japan.jp, 1
+ridetour.ru, 1
+rideyourdamn.bike, 1
+ridgecrestca.gov, 1
+ridgefieldct.gov, 1
+ridgespringsc.gov, 1
+ridgewaterlodge.com, 1
+ridgewaywi.gov, 1
+ridgidgear.eu, 1
+ridho.id, 1
+ridingoklahoma.com, 1
+ridingthetigerpro.com, 1
+rido.ml, 1
+ridsdale.ca, 1
+riechsteiner.tech, 1
+riecht-besser.de, 1
+riederle.com, 1
+riedl-shk.de, 1
+riemzac.com, 1
+riesenweber.id.au, 1
+riesheating.com, 1
+rieslingtrailclarecottages.ga, 1
+riess-ambiente.net, 1
+rietspoppen.tk, 1
+rietveldacademie.nl, 1
+riffable.com, 1
+riffnation.tk, 1
+riffreporter.de, 0
+riflajelemn.ro, 1
+rift.pictures, 1
+rifugioselvabella.tk, 1
+rigabeerbike.com, 1
+rigabeerbike.lv, 1
+rigart-michael.be, 1
+rigartmichael.be, 1
+rigelro.ga, 1
+rigeltarot.com, 1
+riggsloves.me, 1
+riggsmarkham.com, 1
+riggtech.com.au, 1
+righettod.eu, 1
+righini.ch, 0
+rightblog.tk, 1
+rightbraingroup.com, 1
+rightducks.com, 1
+rightfulowner.tk, 1
+rightlaw.nz, 1
+rightmovecanada.com, 1
+rightnetworks.com, 1
+rightreview.co.uk, 1
+rights.ninja, 1
+rightschool.cf, 1
+rightsizingcalculator.com, 1
+rightsolutionplumbing.com.au, 1
+rightstartcapital.com, 1
+rightstartent.com, 1
+rightstartinc.com, 1
+rightstuff.link, 1
+rightthingrecruit.com, 1
+righttolife.org.uk, 1
+rigidlandscapes.com.au, 1
+rihappy.tk, 1
+riietr.com, 1
+riigikogu.ee, 0
+riil.org, 1
+rijk-catering.nl, 0
+rijnland.net, 1
+rijonawnings.com, 1
+rijschoolgevonden.nl, 0
+rijschoolrichardschut.nl, 1
+rijsecure.nl, 1
+rijsinkunst.nl, 1
+rik.onl, 1
+rikardhallberg.com, 1
+rikels-slaapexperts.nl, 1
+rikki.moe, 1
+riklewis.com, 1
+rikmeijer.nl, 1
+rikpalm.nl, 1
+riksby.com, 1
+riku.pro, 1
+riku.pw, 1
+rikunori.com.tw, 1
+rileyevans.co.uk, 1
+rileypaige.com, 1
+rileyskains.com, 0
+rileystar.com, 1
+rilish.cf, 1
+rillet.com, 1
+rilretg.com, 1
+rim-kardzhali.bg, 1
+rim-kardzhali.org, 1
+riman.tk, 1
+rimax.vn, 0
+rimba.eu, 1
+rime.red, 1
+rimessaggio.it, 1
+rimetsu.com, 1
+riministreet.com, 1
+riminitoday.it, 1
+rimnow.mr, 1
+rimnow.net, 1
+rimo.site, 1
+rimonhwang.com, 1
+rimorrecherche.nl, 1
+rimzim.tk, 1
+rinabhabra.com, 1
+rinaent.com, 1
+rincat.ch, 1
+rincon-nsn.gov, 1
+rincondenoticas.com, 1
+rinconga.gov, 1
+rinconwaterca.gov, 1
+rindepo.com, 1
+rineke.art, 1
+ring.com, 1
+ringarang.com, 0
+ringgitplus.com, 1
+ringingliberty.com, 1
+ringlightstudios.com, 1
+ringmybell.tk, 1
+ringneckparakeets.com, 1
+ringofglory.ga, 1
+ringofglory.gq, 1
+ringover.com, 1
+rinka.moe, 1
+rinkhill.com, 1
+rinko-mama.com, 1
+rinoartdistrict.org, 1
+rinova.me, 1
+rinsbacherhof.com, 1
+rinskeshomepage.tk, 1
+rintarokobayashi.jp, 1
+rinton.ru, 1
+rinu.cf, 1
+rinvex.com, 1
+rinyui.cn, 1
+rinyui.com, 1
+riobastian.my.id, 1
+rioinbox.com.br, 1
+rioloagolf.tk, 1
+riomaisbrindes.com.br, 1
+riomi.org, 1
+riosat.ru, 1
+riosoil.co.uk, 1
+riosoil.com, 1
+riosoils.co.uk, 1
+riosoils.com, 1
+riostones.com, 1
+riotest.xyz, 1
+riotseeds.cloud, 1
+rip-sport.cz, 1
+ripadores.tk, 1
+ripcorddesign.com, 1
+ripcordsandbox.com, 1
+ripcurl.tk, 1
+ripenapps.com, 1
+ripetizioni.roma.it, 1
+ripin.org, 1
+ripley.red, 1
+ripmixmake.org, 1
+ripon-wi.gov, 1
+riponadvance.com, 1
+ripp-it.com, 1
+ripper.store, 1
+ripplecraft.cn, 1
+ripplemarkeg.com, 0
+ripplenews.club, 1
+ripplenews.co, 1
+ripplenews.io, 1
+ripplenews.live, 1
+ripplenews.news, 1
+ripplenews.online, 1
+ripplenews.ru, 1
+ripplenews.world, 1
+rippling.com, 1
+riproduzionichiavi.it, 1
+riptidetech.io, 1
+ripu-eshii.com, 1
+riri-tendedasole.it, 1
+ririro.com, 1
+ris.fi, 1
+ris2048.pt, 1
+risada.nl, 1
+risalatconsultants.com, 1
+riscascape.net, 1
+risco.ro, 1
+riscone.info, 1
+riscoscommunity.org, 1
+riscoshardware.tk, 1
+riscure.com, 1
+rise-technologies.com, 1
+rise.com, 1
+rise.global, 1
+rise.md, 1
+risecomedy.com, 1
+risecstate.gov, 1
+riseofmiddle-earth.tk, 1
+riseonline.wiki, 1
+riseproject.ro, 1
+riseshost.ml, 1
+riseup.net, 1
+riseupelectrical.com.au, 1
+rishabh.me, 1
+rishav.top, 1
+risheriffs.gov, 1
+rishikeshan.com, 1
+rishikeshyoga.in, 1
+rishteykaro.com, 1
+risi-china.com, 1
+risilience.com, 1
+rising-cubers.tk, 1
+risingsoftware.com, 1
+risingtidecapital.org, 1
+risitas.com.ar, 1
+riskbase.uk, 1
+riskconsole.com, 1
+riskiq.com, 0
+riskmitigation.ch, 1
+riskstudio.com, 1
+risky.services, 1
+riskymeals.com, 1
+risman.tk, 1
+risonanzamagnetica.roma.it, 1
+risoscotti.es, 0
+risounokareshi.com, 1
+risparmiare.info, 1
+risquefetish.com, 1
+risquefetish.net, 1
+risquefetish.org, 1
+risquefetishtoys.com, 1
+ristioja.ee, 1
+ristisanat.fi, 1
+ristorantedabeni.be, 1
+ristoviitanen.fi, 1
+ristrutturazione.roma.it, 1
+ristrutturazioneappartamenti.milano.it, 1
+ristrutturazioneappartamento.roma.it, 1
+ristrutturazioniappartamentinapoli.it, 1
+risunki.ga, 1
+rit.ee, 0
+rit.space, 1
+ritaescortsdelhi.com, 1
+ritaj.estate, 1
+ritaohio.gov, 1
+ritas.tk, 1
+ritchieneville.tk, 1
+riteboost.com, 1
+ritel.nl, 1
+ritense.com, 0
+ritense.nl, 1
+ritepriceheatingcooling.com.au, 1
+ritepriceroofing.com.au, 1
+riteway.rocks, 1
+ritirocalcinacci.roma.it, 1
+ritirocalcinacci.viterbo.it, 1
+ritmoloco.fr, 1
+ritmos.tk, 1
+ritmuzic.ml, 1
+ritoge.com, 1
+ritoner.it, 1
+ritos.ru, 1
+ritrium.com, 1
+ritsf.com, 1
+ritsu-life.com, 1
+rittau.org, 1
+rittersprinting.com, 1
+ritual.com, 1
+ritual.ml, 0
+ritus.md, 1
+ritzcarltonclub.com, 1
+ritzlux.com.tw, 1
+rivaforum.de, 1
+rivago.tk, 0
+rivals.space, 1
+rivalsa.cn, 1
+rivalsa.net, 1
+rivastation.de, 1
+riveal.fr, 1
+rivenmains.com, 1
+rivennero.com, 1
+river-rest.com, 1
+river.gq, 1
+riverbednetflowsupport.com, 1
+rivercitybni.com, 1
+rivercitycycling.org, 1
+riverford.co.uk, 1
+riverhoa.org, 1
+riverlandenergy.com, 1
+riverlea.com.au, 1
+riveroakaa.com, 0
+riveroaksdentaljax.com, 1
+riverotravel.cl, 1
+riverpark.casa, 1
+riverridgecc.com, 1
+riverroaddental.ca, 1
+riverrun.tk, 1
+rivers.gov, 1
+riverschool.net, 1
+riversidebaptistchurch.net, 1
+riversideiowa.gov, 1
+riversidemo.gov, 1
+riversideradio.nl, 1
+riversmeet.co.uk, 1
+rivertv.ca, 1
+riverviewtree.com, 1
+rivervista-vacationhomes.com, 1
+riverweb.gr, 1
+riverwoods.gov, 1
+rivethealthlaw.com, 1
+rivian.com, 1
+rivian.software, 1
+rivingtongreenwich.co.uk, 1
+rivlo.com, 1
+rivmedia.co.uk, 1
+rivoflor.it, 1
+rivolta.tk, 1
+rivus.net, 1
+riweco.ga, 1
+riwers.io, 1
+rix.ninja, 1
+rixcloud.moe, 1
+rixzz.ovh, 1
+riyono.com, 1
+rizaderindag.com, 1
+rizalpalawan.gov.ph, 1
+rizehaberleri.tk, 1
+rizer.io, 0
+rizhik.com.ua, 1
+rizikaockovani.cz, 1
+rizonrice.club, 1
+rizospastis.gr, 1
+rj-onderneemt.nl, 1
+rjan.nl, 1
+rjbookings.nl, 1
+rjclegeplads.dk, 1
+rje-hub.net, 1
+rjet.com, 1
+rjfedor.com, 1
+rjfedor.ddns.net, 1
+rjhgroup.co.uk, 1
+rjia.gq, 1
+rjmartz.com, 1
+rk-box.ru, 1
+rk-links.ml, 1
+rk-mediawork.de, 0
+rk.com, 1
+rkabworks.uk, 1
+rkbegraafplaats.com, 1
+rkesport.com, 0
+rkfp.cz, 1
+rkkerkjoppe.nl, 1
+rkmedia.no, 1
+rkmns.edu.in, 1
+rknews.tk, 1
+rkstudio.com, 1
+rl3.de, 1
+rlahaise.nl, 0
+rlalique.com, 1
+rland.ph, 1
+rlcosmeticsurgery.com, 1
+rld.org, 1
+rleeden.no-ip.co.uk, 1
+rleeden.servehttp.com, 1
+rleeden.servemp3.com, 1
+rleh.de, 1
+rlmud.tk, 1
+rlove.org, 1
+rm-it.de, 1
+rm2brothers.cc, 1
+rmb.li, 1
+rmbnsw.org.au, 1
+rmbs.de, 1
+rmbs.org, 1
+rmcbs.de, 1
+rmcinsuranceservices.com, 1
+rmconsulting.com, 1
+rmdb.tk, 1
+rmdhnreza.my.id, 1
+rmdis.au, 1
+rmdscreen.com, 1
+rme.li, 0
+rmf.io, 1
+rmfscrubs.com, 1
+rmgsm.ir, 1
+rmi.com.ar, 1
+rmit.ee, 0
+rmit.me, 1
+rmitobacco.com, 1
+rml-liege.be, 1
+rmm-i.com, 1
+rmmanfredi.com, 1
+rmol.tk, 1
+rmp-gebaeudedienste.de, 1
+rmpbuilders.com.au, 1
+rmrcapitalinc.com, 1
+rmrig.org, 1
+rms.com, 1
+rms.sexy, 1
+rmsisrs.com, 1
+rmsk.tk, 1
+rmsliberty.com, 1
+rmsu.pl, 1
+rmsupply.nl, 1
+rmt-construction.co.za, 1
+rmtconstruction.co.za, 1
+rmupasswordstudy.com, 1
+rmurai.com, 0
+rmvalues.com, 1
+rmw-energy.de, 1
+rmyachting.com, 1
+rn29.me, 1
+rnag.ie, 1
+rnb-storenbau.ch, 1
+rnbjunk.com, 1
+rndtool.info, 1
+rnews.tk, 1
+rngmeme.com, 1
+rnjobsite.com, 1
+rnmkrs.co, 1
+rnp.br, 1
+rntgroup.com, 1
+rntomsn.com, 1
+rntomsnedu.org, 1
+rnz3.net, 1
+ro.co, 1
+ro.exchange, 1
+ro.search.yahoo.com, 0
+ro89.com, 1
+roa.net, 1
+roach.nz, 1
+road-safety.cz, 1
+road-trips.fr, 1
+roadaccident.tk, 1
+roadandtransport.ga, 1
+roadbikes.tk, 1
+roaddoc.de, 1
+roadguard.nl, 0
+roadhousecinemas.com, 1
+roadtochina.tk, 1
+roadtoglory.tk, 1
+roadtopgm.com, 1
+roadtripaustralia.com.au, 1
+roadtripnation.com, 1
+roadtripusa.tk, 1
+roalogic.com, 1
+roamadvisors.com, 1
+roamfreun.tk, 1
+roamroofingco.com, 1
+roams.com.co, 1
+roams.es, 1
+roams.mx, 1
+roanboute.be, 1
+roanoke.com, 1
+roar.com.br, 1
+roaringforkfire.gov, 1
+roaster.ga, 1
+roastrepublic.co, 1
+roayahnews.com, 1
+rob006.net, 1
+robandjanine.com, 1
+robaxin750mg.ml, 1
+robben.io, 1
+robbertt.com, 0
+robbie.bio, 1
+robbie.contact, 1
+robbie.studio, 0
+robbiebird.tk, 1
+robbiecrash.me, 1
+robbielowe.co, 1
+robbievasquez.com, 1
+robbins-construction.com, 1
+robbinsdalemn.gov, 1
+robbrestyle.com, 1
+robbyzworld.cf, 1
+robdavidson.network, 1
+robersonaudio.tk, 1
+robert-adam.de, 1
+robert-ewert.tk, 1
+robert-flynn.de, 1
+robert-foster.com, 1
+robert-reisemobil.de, 1
+robert-victor.co.uk, 1
+robert-wiek-transporte.de, 1
+robertaltizer.com, 1
+robertattfield.com, 1
+robertayamashita.com, 1
+robertayamashita.com.br, 1
+robertbln.com, 1
+robertcspies.de, 1
+robertdunn.net, 1
+robertg.me, 1
+robertglastra.com, 1
+robertgonzalez.tk, 1
+roberthurlbut.com, 1
+robertkrueger.de, 1
+robertlowdon.com, 1
+robertlysik.com, 1
+robertmusil.ml, 1
+robertocasares.no-ip.biz, 0
+robertodegroot.tk, 1
+robertodivirgilio.it, 1
+robertoentringer.com, 0
+robertof.ovh, 1
+robertoggarcia.tk, 1
+robertopazeller.ch, 1
+robertoullan.tk, 1
+robertreiser.photography, 1
+robertrijnders.nl, 1
+robertsfinejewelers.com, 1
+robertsjoneslaw.com, 1
+robertsmits.be, 1
+robertson-cg.com, 1
+robertsonblums.com, 1
+robertsoncountytn.gov, 1
+robesoncountync.gov, 1
+robgorman.ie, 1
+robhorstmanshof.nl, 1
+robi-net.it, 1
+robicue.com, 0
+robin-kusch.de, 1
+robin-meis.com, 1
+robin-novotny.com, 1
+robin.co.kr, 1
+robin.info, 1
+robinb0s.nl, 1
+robinbos.nl, 1
+robinbrook.co.uk, 1
+robindirksen.com, 1
+robinevandenbos.nl, 1
+robinflikkema.nl, 1
+robinfrancq.ml, 1
+robinhallnursery.org.uk, 1
+robinhor10.tk, 1
+robinhordon.tk, 1
+robinlinden.eu, 1
+robinloeffel.ch, 1
+robinminto.com, 1
+robinmurez.com, 1
+robinopletal.com, 1
+robinsoncontracting.ca, 1
+robinsonphotos.uk, 1
+robinsonstrategy.com, 1
+robinsonyu.com, 1
+robinsremembered.tk, 1
+robintimmers.nl, 1
+robinvanpersie.tk, 1
+robinvdmarkt.nl, 1
+robinwill.de, 1
+robinwinslow.uk, 1
+robinzone.ua, 1
+robinzorg.nl, 1
+robjager-fotografie.nl, 0
+robkaper.nl, 1
+robkish.life, 1
+roblog.tk, 1
+roblox.com, 1
+robloxenthusiasts.ga, 1
+robnicholls.co.uk, 1
+robobusiness.ga, 1
+robocop.no, 1
+robodeidentidad.gov, 1
+roboform.com, 1
+robohash.org, 1
+robokits.co.in, 1
+roboland.ga, 1
+roboonline.tk, 1
+roboquantico.com, 1
+roboraptor.tk, 1
+robot-invest.cf, 1
+robot-invest.ml, 1
+robot.car, 1
+robotask.in, 1
+robotattack.org, 1
+robotbattle.tk, 1
+robotcoral.de, 1
+robotdecocinaya.com, 1
+roboth.am, 1
+robotham.org, 1
+roboticsummit.com.br, 1
+robotimeshop.com, 1
+robotkvarnen.se, 1
+roboto.social, 1
+robots-ju.ch, 1
+robotsaspiradores.com, 1
+robotsbigdata.com, 1
+robottip.com, 1
+robowars.ga, 1
+robpol86.com, 1
+robspc.repair, 1
+robspeed.rocks, 1
+robstibal.com, 1
+robtatemusic.com, 1
+robtex.com, 1
+robu.in, 1
+robust.ga, 1
+robustac.com, 1
+robuxemporium.com, 1
+robuxkingz.ml, 1
+roc-reo.tk, 1
+roc-taiwan.su, 1
+roc-taiwan.taipei, 1
+roc-tw.tw, 1
+roc.gov.au, 0
+rocabot.ddns.net, 1
+rochaaricanduva.com.br, 1
+rochakhand-knitcraft.com.np, 1
+rochcloud.cf, 1
+rochesterglobal.com, 1
+rochesternh.gov, 1
+rochestertwpil.gov, 1
+rochesterwi.gov, 1
+rochesterymca.org, 1
+rochow.me, 1
+rocis.gov, 1
+rock-base.tk, 1
+rock-zottegem.be, 1
+rock4life.be, 1
+rocka.me, 1
+rockabilly-sinners.tk, 1
+rockadocious.com, 1
+rockandroll.tk, 1
+rockbandparty.com, 1
+rockbankland.com.au, 1
+rockbridge.tk, 1
+rockcelebrities.net, 1
+rockcellar.ch, 1
+rockcountyne.gov, 1
+rockcult.ru, 1
+rockdaisy.com, 1
+rockdalecoprobatecourt.gov, 1
+rockdaletx.gov, 1
+rockenfolie.com, 0
+rockenfuerlachenhelfen.de, 1
+rockernj.com, 1
+rocket-resume.com, 1
+rocket.is, 1
+rocketbears.com, 1
+rocketcityts.com, 1
+rocketdashboard.com, 1
+rocketdoctor.ca, 1
+rocketdoctor.us, 1
+rocketeer.tk, 1
+rocketevents.com.au, 1
+rocketgnomes.com, 1
+rocketmill.co.uk, 1
+rocketmulejunkremoval.com, 1
+rocketnet.ml, 1
+rocketr.net, 1
+rocketsales.al, 1
+rocketsales.at, 1
+rocketsales.be, 1
+rocketsales.bg, 1
+rocketsales.by, 1
+rocketsales.cz, 1
+rocketsales.dk, 1
+rocketsales.es, 1
+rocketsales.eu, 1
+rocketsales.fi, 1
+rocketsales.fr, 1
+rocketsales.gr, 1
+rocketsales.io, 1
+rocketsales.it, 1
+rocketsales.lt, 1
+rocketsales.lu, 1
+rocketsales.md, 1
+rocketsales.me, 1
+rocketsales.mk, 1
+rocketsales.pt, 1
+rocketsales.ro, 1
+rocketsales.se, 1
+rocketsales.si, 1
+rocketsales.sk, 1
+rocketsandtutus.com, 1
+rocketsworld.tk, 1
+rockfallsil.gov, 1
+rockfax.com, 1
+rockfordnetworks.com, 1
+rockfordpressurewashing.com, 1
+rockfordtow.com, 1
+rockfreshmanyear.com, 1
+rockfs.ml, 1
+rockingreports.com, 1
+rockinit.tk, 1
+rockinmama.net, 1
+rockinronniescastles.co.uk, 1
+rockislandcountyil.gov, 1
+rockitinflatables.co.uk, 1
+rockitreports.com, 1
+rocklabs.xyz, 1
+rocklandbrownwi.gov, 1
+rocklandcountyny.gov, 1
+rocklinhousecleaning.com, 1
+rocknbluestoday.tk, 1
+rocknreports.com, 1
+rocknrowdyranch.com, 1
+rocknwater.com, 1
+rockpesado.com.br, 1
+rockporttx.gov, 1
+rockrider.tk, 1
+rockriver.tk, 1
+rocksalt.tk, 1
+rockset.com, 1
+rockshooters.com, 1
+rockslideengineering.com, 1
+rocksoundradio.tk, 1
+rockspringswi.gov, 1
+rocktape.com, 1
+rocktonil.gov, 1
+rocktontownshipil.gov, 1
+rockvilledentalarts.com, 1
+rockworldteam.tk, 1
+rockyford-co.gov, 1
+rockymountaininsurancecenter.com, 1
+rockymountainspice.com, 1
+rockymountva.gov, 1
+rockymtnexpress.com, 1
+rockyourlife.gq, 1
+rockyrealestate.com, 1
+rocssti.net, 1
+rodab.party, 1
+rodafe.sk, 1
+rodapiao.com.br, 1
+rodarion.pl, 1
+rodchapman.com, 0
+roddis.net, 1
+rodehutskors.net, 1
+rodelstein.eu, 1
+rodeobull.biz, 1
+rodeodrive.tk, 1
+rodeohire.com, 1
+rodeoimport.com, 1
+rodeosales.co.uk, 1
+rodest.net, 0
+rodevlaggen.nl, 1
+rodichi.net, 1
+rodin.tk, 1
+rodinka.tk, 1
+rodinnebyvanie.eu, 1
+rodinneodpoledne2018.cz, 1
+rodirik.de, 1
+roditely.cf, 1
+rodneybrooksjr.com, 1
+rodnikbel.tk, 1
+rodobike.com.br, 1
+rodokubu.jp, 1
+rodolfo.gs, 1
+rodomonte.org, 1
+rodosto.com, 1
+rodpenroseracing.com.au, 1
+rodrigamer.com, 1
+rodrigoacevedo.com.uy, 1
+rodrigoarayaaliaga.com, 1
+rodrigoarriaran.com, 1
+rodrigocarvalho.blog.br, 1
+rodrigodematos.tk, 1
+roeckx.be, 1
+roed.gg, 1
+roeden.dk, 1
+roedesonline.nl, 1
+roedl.de, 1
+roeitijd.nl, 0
+roelenscitynews.ml, 1
+roelhollander.eu, 1
+roeljoyas.com, 1
+roellcapital.com, 1
+roelmagdaleno.com, 1
+roelof.io, 1
+roelonline.tk, 1
+roelsworld.eu, 1
+roemhild.de, 1
+roenhorst.net, 0
+roeriverbooks.ie, 1
+roerstaafjes.nl, 1
+roethelheim.net, 1
+roethelheim.org, 1
+rofena.org, 1
+rofl.com.ua, 1
+rofrank.space, 1
+rogacevo.tk, 1
+rogagym.com, 1
+rogaineforwomen.ga, 1
+rogard.fr, 0
+rogarden.ro, 1
+roge.pw, 1
+rogeiro.net, 1
+rogell.tk, 1
+rogerdat.ovh, 1
+rogerdeflor.tk, 1
+rogerdumas.com, 1
+rogerfages-peinture.fr, 1
+rogerhub.com, 1
+rogerkunz.ch, 1
+rogerriendeau.ca, 1
+rogersaam.ch, 0
+rogersvilletn.gov, 1
+rogersvilleumc.org, 1
+roggebroek.nl, 1
+rogiershikes.tk, 1
+rogin.tk, 1
+rognhaugen.no, 1
+rogo.cz, 1
+rogoff.xyz, 1
+rogplus.nl, 1
+rogue-e.xyz, 1
+rogue.pw, 1
+roguecoder.net, 1
+roguefortgame.com, 1
+roguelicious.com, 1
+roguenation.space, 1
+roguenetworks.me, 1
+roguerocket.com, 1
+roguetech.ca, 1
+roguetechhub.org, 1
+rohal.tk, 1
+rohanbassett.com, 1
+rohaniways.com, 0
+rohankondvilkar.com, 1
+rohansingh.cf, 1
+rohde.de, 0
+rohedaten.de, 1
+rohitagr.com, 1
+rohitgupta.xyz, 1
+rohkeakirkko.fi, 1
+rohlik.cz, 1
+rohrreinigung-zentrale.de, 1
+rohrstock.at, 1
+roi-project.be, 1
+roi-project.eu, 1
+roiblozyxfswe.ga, 1
+roidsstore.com, 1
+rointe.online, 1
+roishopper.com, 1
+roisu.org, 0
+rojavainformationcenter.com, 1
+rojiblancos.tk, 1
+rojotv.tk, 1
+rokade.info, 1
+rokales.com, 1
+rokalesalapitvany.com, 1
+rokass.nl, 1
+rokettube.tk, 1
+rokki.ch, 0
+rokm.co.uk, 1
+roko-foto.de, 1
+rokudenashi.de, 1
+rokuk.org, 1
+rolamar.com.br, 1
+roland.io, 1
+rolandinsh.com, 0
+rolandlips.com, 1
+rolandlips.nl, 1
+rolandog.com, 1
+rolandoredi.com, 1
+rolandozarate.tk, 1
+rolandszabo.com, 1
+rolandvanipenburg.com, 1
+rolc.org.sg, 1
+roldeco.nl, 0
+rolecontj.com, 1
+roleplayhome.com, 1
+roligh.cf, 1
+roligt.tk, 1
+roliki.ml, 1
+roll-bakery.com.tw, 1
+roll.hockey, 1
+roll9.com, 1
+rollatorweb.nl, 1
+rollbackdiabetes.com, 1
+rolledout.info, 1
+rollerderbycollection.ga, 1
+rollerderbywines.ga, 1
+rollerwarehouse.com, 1
+rolleyes.org, 1
+rollforadventure.com.au, 1
+rollingbarge.com, 1
+rollingcouchapp.com, 1
+rollinghillsestates.gov, 1
+rollingshuttle.org, 1
+rollinsdogtraining.com, 1
+rollinspass.org, 1
+rollthedice.tk, 1
+rollthepay.com, 1
+rolotrans.cf, 1
+rolotrans.ga, 1
+rolotrans.gq, 1
+rolotrans.ml, 1
+rolstoelappartementen.tk, 1
+rolzzandik.cf, 1
+roma-servizi.it, 1
+romab.com, 1
+romacoffee.co.nz, 1
+romadiluna.band, 1
+romadprojects.com.au, 1
+romagnaoggi.it, 1
+romail.ml, 1
+romainlapoux.com, 1
+romainlapoux.fr, 1
+roman-pavlik.cz, 1
+roman.systems, 1
+romana.org, 1
+romanceamor.com.pt, 1
+romancerecipes.com, 1
+romancy.tk, 1
+romanglos.de, 1
+romania-film.ml, 1
+romaniacompany.com, 1
+romanian.cam, 1
+romankozak.cz, 1
+romanmichel.de, 1
+romano.guru, 1
+romanos.tk, 1
+romanovka.ml, 1
+romanpavlodar.kz, 1
+romantelychko.com, 1
+romanticdate.ga, 1
+romanticdate.gq, 1
+romanticdate.ml, 1
+romanticdate.tk, 1
+romantico.tk, 1
+romanticsexshopguatemala.com, 1
+romanticvillas.com.au, 0
+romantik-fm.ml, 1
+romantik-fm.tk, 1
+romantik.cf, 1
+romantik.tk, 1
+romanywg.com, 1
+romapk.tk, 1
+romarin.es, 1
+romaservicegroup.it, 1
+romashka.tk, 1
+romasko.ml, 1
+romastantra.com, 1
+romatoday.it, 1
+romatours.pt, 0
+romatrip.it, 1
+rombarte.pl, 1
+romcom.info, 1
+romdrop.com, 1
+rome-airport.net, 1
+rome.tools, 1
+romediatori.com, 1
+romega.gov, 1
+romegafire.gov, 1
+romegapolice.gov, 1
+romenz.com, 1
+romeoahmed.top, 1
+romeoferraris.com, 1
+romeoijulio.tk, 1
+romerska-ringar.se, 1
+rommelhuntermusic.tk, 1
+rommelmark.nl, 1
+rommelwood.de, 1
+romo-holidays.de, 1
+romo-holidays.dk, 1
+roms.fun, 0
+romspedia.com, 1
+romtex.co.uk, 1
+romun.net, 1
+romy.tw, 1
+ron.today, 1
+ron2k.za.net, 1
+ronaldcantor.com, 1
+ronaldleite.tk, 1
+ronaldvanassen.nl, 1
+ronan.cf, 1
+ronanrbr.com, 1
+ronasit.com, 1
+ronbongamis.com, 1
+ronc.ru, 1
+roncoutilities.com, 1
+ronda.tk, 1
+rondacan.com, 1
+rondommen.nl, 1
+rondouin.fr, 1
+ronem.com.au, 1
+ronforeman.com, 1
+ronghexx.com, 0
+roninathletics.com, 1
+roninf.ch, 1
+roninitconsulting.com, 1
+ronniegane.kiwi, 1
+ronnylindner.de, 1
+ronomon.com, 1
+ronvil.com, 1
+ronzertnert.xyz, 1
+roobet.com, 1
+roodarvasi.ir, 1
+roodfruit.com, 1
+roodfruit.nl, 1
+roodfruit.studio, 1
+roodgroen.social, 1
+roodhealth.co.uk, 1
+roodo.com, 1
+roof.ai, 0
+roofcareswfl.com, 1
+roofer.cf, 1
+roofhaven.co.uk, 1
+roofingandconstructionllc.com, 1
+roofingmaterials.tk, 1
+roofingomaha.com, 1
+roofonline.com, 1
+roofpost.gq, 1
+roofride.com, 1
+roofsandbasements.com, 0
+roohanionlinespiritualhelp.co.uk, 1
+rooiratel.red, 1
+rook-playz.net, 1
+rookgamingisevil.com, 1
+rookie.com.pl, 1
+rookiemamabear.com, 1
+roolife.xyz, 0
+room-checkin24.de, 1
+room-composite.com, 1
+room.to, 0
+room208.org, 1
+room362.com, 1
+room45.tk, 1
+room8group.com, 0
+roombase.nl, 1
+roomcube.tk, 1
+roomee.tk, 1
+roomguide.info, 1
+roomhub.jp, 1
+roomie.fi, 1
+roomieapp.fi, 1
+roomme.dk, 0
+roomonline.tk, 1
+roomoutside.com, 1
+rooms.aero, 1
+roomsatevents.eu, 1
+rooneyholdings.com, 1
+roopakv.com, 1
+roorda-schilders.nl, 1
+rooseveltcountymt.gov, 1
+roosterpets.com, 1
+root-books.gq, 1
+root-books.ml, 1
+root-couture.de, 1
+root-space.eu, 1
+root.bg, 1
+root.cz, 1
+root.eu.org, 1
+root.place, 1
+rootandvessel.com, 1
+rootbsd.at, 1
+rootcamp.net, 1
+rootcommand.com, 1
+rootear.com, 1
+rootedlifemontessori.com, 1
+rootfor.me, 1
+rootgsm.com, 1
+rootie.de, 1
+rootinchase.com, 1
+rootingpalace.tk, 1
+rootkit.es, 1
+rootlair.com, 1
+rootless.ga, 1
+rootless.tk, 1
+rootly.com, 1
+rootnician.com, 1
+rootonline.de, 1
+rootpak.com, 1
+rootpigeon.com, 1
+rootprompt.at, 1
+rootrelativity.com, 1
+rootroo.com, 1
+roots-example-project.com, 1
+roots.io, 0
+rootsandrain.com, 1
+rootsbar.fr, 0
+rootscope.co.uk, 0
+rootsinmadrid.tk, 1
+rootsland.de, 1
+rootsland.net, 1
+rootsmusicmanagement.tk, 1
+rootstation.de, 1
+rootsweb.com, 1
+rootusers.com, 1
+roozbeh.tk, 1
+rop.cx, 1
+ropd.info, 1
+ropoxcheats.ru, 1
+roques.tk, 1
+roquesevilla.com, 1
+rorelseprojektet.se, 1
+roromendut.online, 1
+rorr.im, 1
+roryneville.com, 1
+rosa-spain.tk, 1
+rosabellas.co.uk, 1
+rosabrasiv.ga, 1
+rosacosmos.tn, 1
+rosaflorbijoux.com.br, 1
+rosalinda.cl, 1
+rosalindturner.co.uk, 1
+rosalopezcortes.tk, 1
+rosamystica.tk, 1
+rosanerolife.tk, 1
+rosangar.com, 1
+rosaquest.ru, 0
+rosary.hounslow.sch.uk, 1
+rosaserra.es, 1
+rosbiznes.tk, 1
+rosclar.com, 0
+roscommontownshipmi.gov, 1
+rosdpk.ru, 1
+rosdver.ru, 1
+rose-corp.co.jp, 1
+rose-prism.org, 1
+roseberyvenues.co.uk, 1
+rosebikes.com, 1
+rosebikes.de, 1
+rosebikes.nl, 1
+roseboom-bouwkundigadvies.nl, 1
+rosebudcountysheriffmt.gov, 1
+rosecoaudit.com, 1
+rosecrance.org, 1
+rosedenellandudno.co.uk, 1
+rosefloricultura.com.br, 1
+rosehishop.com, 1
+rosehosting.reviews, 1
+roseitsolutions.co.uk, 1
+roseliere.com, 0
+roselinlin.com, 1
+rosemariefloydballet.com, 1
+rosemountmn.gov, 1
+rosenberg-fansite.tk, 1
+rosenberggard.se, 1
+rosenheimsingles.de, 1
+rosenkavalier.tk, 1
+rosenkeller.org, 1
+roseon.net, 0
+roseparkhouse.com, 1
+rosesciences.com, 1
+rosesunmotor.com, 1
+rosetiger.life, 1
+rosetravel.de, 0
+rosettapeters.com, 1
+rosetteromance.tk, 1
+rosetwig.ca, 1
+rosetwig.systems, 1
+rosevalleyfolk.com, 1
+rosevillefacialplasticsurgery.com, 1
+rosevillekindy.nsw.edu.au, 1
+rosevilletoday.com, 1
+rosewater.me, 1
+rosewebdesignstudio.co.uk, 1
+rosewebdesignstudio.uk, 1
+rosfan.by, 1
+rosgenea.ru, 1
+roshhashanahfun.com, 1
+roshiya.co.in, 1
+rosi-royal.com, 1
+rosiervandenbosch.nl, 1
+roskillcv.nz, 1
+roskillcv.org.nz, 1
+roslagenshiss.se, 1
+roslagensmansjour.tk, 1
+roslynpad.net, 1
+rosme.it, 1
+rosoft.tk, 1
+rosolioitalicus.com, 1
+rosound.cz, 1
+rosrabota.tk, 1
+ross-mitchell.com, 0
+rosscountyohiocasa.gov, 1
+rosscountyohiocourts.gov, 1
+rosset.me, 1
+rosset.net, 1
+rossia.ga, 1
+rossignoli.it, 1
+rossiyskaja.cf, 1
+rosskopfs.de, 1
+rosslug.org.uk, 1
+rossome.org, 1
+rossstores.com, 1
+rosstownshipmi.gov, 1
+rosstroj-balashiha.ml, 1
+rosstwpmcpa.gov, 1
+rossvillega.gov, 1
+rost.tv, 1
+rostclub.ro, 1
+rosten.tk, 1
+rostirolla.se, 0
+rostlau.be, 1
+rostov-aikido.tk, 1
+rostov-arena.ml, 1
+rostov.cf, 1
+rosty.sh, 1
+roswellcity.tk, 1
+rosystemsint.com, 1
+roszdravnadzor.gov.ru, 1
+rot256.io, 1
+rot47.net, 1
+rotamap.net, 1
+rotanaval.tk, 1
+rotaquote.com, 1
+rotaractclubtucuman.tk, 1
+rotaracthelmond.tk, 1
+rotarusofia.ru, 1
+rotary.org.ru, 1
+rotary6080.org, 1
+rotaryceuta.tk, 1
+rotaryfunds.ga, 1
+rotarykardzhali.org, 1
+rotas-turisticas.com, 1
+rotasgastronomicas.com, 1
+rotasgastronomicas.pt, 1
+rotasturisticas.com, 1
+rotasturisticas.com.pt, 1
+rotasturisticas.net, 1
+rotasturisticas.org, 1
+rotasturisticas.pt, 1
+rotasurbanas.pt, 1
+rotate4all.com, 1
+rotate4u.eu, 1
+rotaville.com, 1
+roteam.tk, 1
+rotek.at, 1
+roten.email, 1
+rotespotsdam.tk, 1
+rothbruederlein.tk, 1
+rothco.com, 1
+rothe.io, 1
+rothkranz.net, 1
+rothwellgornthomes.com, 1
+rotince.tk, 1
+rotol.me, 1
+rotonde.gq, 1
+rottal-inn.de, 1
+rottamazioni.it, 1
+rotterdamapartments.com, 1
+rotterdamjazz.info, 1
+rottie.xyz, 1
+rottig.de, 0
+rottnestexpress.com.au, 1
+rottweil-hilft.de, 1
+rottweilerdogcare.com, 1
+rotu.pw, 1
+rotunneling.net, 1
+rouair.com, 1
+rouamatfashion.gr, 1
+roueneternalmagic.fr, 1
+rougechocolat.fr, 1
+rougeetblanc.tk, 1
+roughcopy.com.au, 1
+roughgrain.com, 1
+roughnex.tk, 1
+roughnotes.com, 1
+roughsexporn.com, 1
+roughtime.se, 1
+roulettecarnival.com, 1
+roulettelive.ml, 1
+roulettestar.com, 1
+roulinfo.ch, 0
+roullageorgiou.com, 1
+roullier.com, 1
+roulons-autrement.com, 1
+roundaboutweb.net, 1
+roundandbrown.com, 1
+roundball.tk, 1
+roundcube.mayfirst.org, 0
+roundgarden.nl, 1
+roundrock-locksmith.com, 1
+roundtablekzn.co.za, 1
+roundtoprealestate.com, 0
+roushins.net, 0
+roussillon-informatique.fr, 1
+roussos.cc, 1
+roussosmanos.gr, 1
+rout0r.org, 1
+route-wird-berechnet.de, 1
+route66.net, 1
+route66smiles.com, 1
+routechoices.com, 1
+routedlogic.net, 1
+routemates.tk, 1
+router24.info, 1
+routerchart.com, 1
+routerclub.ru, 1
+routerctrl.com, 1
+routeto.com, 1
+routetracker.co, 1
+routeur4g.fr, 0
+rouwcentrumterheide.be, 1
+rouyt.com, 1
+rovatronic.tk, 1
+roverglobal.ga, 1
+roveridx.com, 1
+roverkob.dk, 1
+rovetf.tk, 1
+rovezzano.tk, 1
+rovian.ua, 1
+rovid.link, 1
+rovin.tk, 1
+rovity.io, 0
+rovota.com, 1
+rowancasting.ie, 1
+rowancounty911.com, 1
+rowancounty911.org, 1
+rowancountyairport.com, 1
+rowancountync.gov, 1
+rowankaag.nl, 1
+rowanpubliclibrary.com, 1
+rowansheriff.com, 1
+rowansheriff.org, 1
+rowantransit.com, 1
+rowantransit.org, 1
+rowanz.nl, 1
+rowery.org, 1
+rowingsa.asn.au, 1
+rowlog.com, 1
+rowra.org, 1
+roxanaherguz.com, 1
+roxanaramirez.love, 1
+roxanneguinoo.tk, 1
+roxburytech.tk, 1
+roxet.my.id, 1
+roxhillmedia.com, 1
+roxiesbouncycastlehire.co.uk, 1
+roxswinery.com, 1
+roxville.tk, 1
+roy-buehring.de, 1
+roy.wang, 1
+royal-flowers.dp.ua, 1
+royal-knights.tk, 1
+royal-life.tk, 1
+royal-rangers.de, 1
+royal.io, 1
+royal71.com, 0
+royal813.com, 1
+royal84.com, 0
+royal869.com, 0
+royal876.com, 1
+royal88.com, 1
+royal880.com, 0
+royal8822.com, 0
+royal896.com, 0
+royal929.com, 0
+royal939.com, 1
+royalasianescorts.co.uk, 1
+royalaubar.com, 1
+royalbluewa3.cc, 1
+royalcanin.es, 1
+royalcanin.pt, 1
+royalcaribbeanentertainment.com, 1
+royalcavaliers.tk, 1
+royalchallengers.com, 1
+royalchess100.com, 1
+royalcitystudios.ca, 1
+royalcitytaxi.ca, 1
+royalcrowns.tk, 1
+royaldarts.tk, 1
+royaldoorkc.com, 1
+royaleafrica.com, 1
+royalembassys.com, 1
+royalfitnesschennai.in, 1
+royalfloraholland.com, 1
+royalfoundation.com, 1
+royalgrandpalace.th, 1
+royalgroup.msk.ru, 1
+royalhosting.ch, 1
+royalkitchensandfurniture.co.ug, 1
+royalmarinesassociation.org.uk, 1
+royalmech.tk, 1
+royalnissanparts.com, 0
+royaloz.ma, 1
+royalpainters.co, 1
+royalpalmbeachfl.gov, 1
+royalpanda.com, 1
+royalrace.tk, 1
+royalrestrooms.com, 1
+royalsleeping.com, 1
+royalstylefit.com, 1
+royalsyouthhockey.com, 1
+royaltonvt.gov, 1
+royaltube.net, 1
+royalty-market.com, 1
+royaltyexchange.com, 1
+royaltyk9.com, 1
+royalvortex.co, 1
+royalworldservice.com.ua, 1
+royalyule.com, 1
+royaume-des-chats.fr, 1
+royaume-smoke.com, 1
+royaumesoublies.com, 1
+roycampbell.tk, 1
+royceandsteph.com, 1
+roycestars.com, 1
+roycewilliams.net, 1
+royger.tk, 1
+royoy.com, 1
+royrevell.com, 1
+roystowingrockford.com, 1
+roytuts.com, 1
+royvansichem.nl, 1
+royveenendaal.com, 1
+royxiang.me, 1
+royzez.com, 1
+rozalisbengal.ro, 1
+rozalynne-dawn.ga, 1
+rozar.eu, 1
+rozar.sk, 1
+rozataki.com.tr, 1
+rozemaandag.tk, 1
+rozhodce.cz, 1
+rozprodat.cz, 1
+rp-idskenhuizen.nl, 1
+rp-megapolis.tk, 1
+rp-murk.tk, 1
+rpa.gov, 1
+rpadonline.com, 1
+rpcinmobiliaria.net, 0
+rpg-maker.net, 1
+rpg-maker.org, 1
+rpgchan.cf, 1
+rpgfactory.tk, 1
+rpgfan.com, 1
+rpgmaker.es, 1
+rpgmakers.tk, 1
+rpguru.com, 1
+rpherbig.com, 1
+rphyncice.cz, 1
+rpi-pihole-mon.ddns.net, 1
+rpj.life, 1
+rpm-oldtimer-events.ch, 1
+rpmdrivingschool.com.au, 1
+rpmglobal.com, 1
+rpo97.fm, 0
+rpora.co, 1
+rpower.com, 1
+rpowerpos.com, 1
+rps-auto.com, 1
+rpschultz.de, 1
+rpts.edu, 1
+rpus.co, 1
+rpy.xyz, 1
+rq-labo.jp, 1
+rr30019.com, 1
+rr361.de, 1
+rr5197.co, 1
+rr6729.co, 1
+rr6729.com, 0
+rr6957.co, 1
+rr9297.co, 1
+rr9721.com, 1
+rr9728.co, 1
+rrailto.com, 1
+rray.org, 1
+rrbahmedabad.gov.in, 1
+rrbmuzaffarpur.gov.in, 1
+rrbpatna.gov.in, 1
+rrbt.eu, 1
+rrbt.net, 1
+rrbts.com, 1
+rrdesignsuisse.com, 0
+rrdtool.com, 1
+rritv.com, 1
+rrke.cc, 0
+rrmac.ml, 1
+rrmiran.com, 1
+rro.rs, 1
+rrssww.space, 1
+rrtribalcourts-nsn.gov, 1
+rrudnik.com, 1
+rrvmz.cf, 1
+rrwolfe.com, 1
+rs-cloud.ddns.net, 1
+rs-devdemo.host, 1
+rs-maschinenverleih.de, 1
+rs.wiki, 1
+rs200.org, 1
+rsa-erp.com, 1
+rsa-services.com, 1
+rsanahuano.com, 1
+rsap.ca, 1
+rsarchive.net, 1
+rsauget.fr, 1
+rsb.net, 1
+rsblake.com, 1
+rsblake.net, 1
+rsc-cronenberg.de, 1
+rsc.wiki, 1
+rschooltoday.com, 1
+rscturmoil.com, 1
+rsdbyroos.nl, 1
+rsdisedezzari.it, 1
+rsdns.ml, 1
+rse-reporting.com, 1
+rsec.kr, 1
+rsecure.tk, 1
+rsfinance.ch, 1
+rsgx.com, 1
+rsingermd.com, 1
+rsl.gd, 1
+rslcaresa.com.au, 1
+rsldb.com, 1
+rslnd.com, 1
+rsm-intern.de, 1
+rsmedic.com, 1
+rsolutions-expertises.fr, 1
+rspevents.ro, 1
+rspp.ru, 1
+rsquare.nl, 1
+rsridentassist.com, 1
+rsrnd.org, 1
+rsrural.com.br, 1
+rsrv.fr, 1
+rss.org.uk, 1
+rss.sh, 0
+rss3.co, 1
+rss3.io, 0
+rssfeedblast.com, 1
+rssfeedonline.tk, 1
+rssicons.pl, 1
+rssl.me, 1
+rssproject.nl, 1
+rssr.ddns.net, 1
+rssr.se, 1
+rssreaderone.com, 1
+rstadler.com, 1
+rstsecuritygroup.co.uk, 1
+rsttraining.co.uk, 1
+rsvaachen.de, 1
+rsvp, 1
+rsvpparty.com, 1
+rswebsols.com, 1
+rsync.eu, 0
+rszod.com, 1
+rt-inc.com, 1
+rt-praxis-barbara-scheibel.de, 1
+rt.com, 1
+rt22.ch, 1
+rt96.it, 1
+rtarabic.com, 1
+rtate.ca, 1
+rtate.se, 1
+rtc-israel.com, 1
+rtcyber.com, 1
+rtd.uk, 0
+rtde.life, 1
+rtde.live, 1
+rtde.me, 1
+rtde.site, 1
+rtde.tech, 1
+rtde.world, 1
+rtde.xyz, 1
+rte.eu, 1
+rte.host, 1
+rte.ie, 1
+rte.mobi, 1
+rte.radio, 1
+rte1.ie, 1
+rteaertel.ie, 1
+rtebensoc.ie, 1
+rtec.com.tw, 1
+rteguide.ie, 1
+rteinternational.ie, 1
+rtejr.ie, 1
+rtek.se, 1
+rtenews.eu, 1
+rteo.com.au, 1
+rteone.ie, 1
+rteplayer.co.uk, 1
+rteplayer.com, 1
+rteplayer.ie, 1
+rteplayer.org, 1
+rtesport.eu, 1
+rtestore.eu, 1
+rtgame.co.uk, 1
+rtgnews.cf, 1
+rtho.me, 1
+rths.tk, 0
+rtionline.gov.in, 1
+rtjobsite.com, 1
+rtkbe.com, 1
+rtl.de, 1
+rtlspiele.de, 1
+rtm.kr, 1
+rtmoran.org, 1
+rtmtech.ru, 1
+rtp.org, 1
+rtpa.es, 1
+rtparket.ga, 1
+rtsak.com, 1
+rtsr.ch, 0
+rttechlaw.com, 1
+rttreservations.com, 1
+rttss.com, 1
+rttvip.com, 1
+rttvvip.com, 1
+rtveen.nl, 1
+rtvslos.nl, 1
+rtwcourse.com, 1
+ru-acyclopedia.cf, 1
+ru-adv.tk, 1
+ru-auto.tk, 1
+ru-e-business.com, 1
+ru-m.org, 1
+ru-robot.tk, 1
+ru-sale.tk, 1
+ru-sprachstudio.ch, 1
+ru.search.yahoo.com, 0
+ru251.tk, 1
+rua.ink, 0
+ruageek.com, 1
+ruangangkasa.com, 0
+ruanglaptop.com, 1
+ruanmi.de, 1
+ruanwen168.com, 1
+ruavan.com, 1
+rubashki-opt.ml, 1
+rubashki.tk, 1
+rubbaduckee.tk, 1
+rubber.cf, 1
+rubberband.com, 1
+rubberchicken.net, 1
+rubberduckit.com, 1
+rubberlegscastles.co.uk, 1
+rubbermaidoutlet.com, 0
+rubbix.net, 1
+rubblebenoni.co.za, 1
+rubbleedenvale.co.za, 1
+rubblekempton.co.za, 1
+rubblemidrand.co.za, 1
+rubblerandburg.co.za, 1
+rubbleremovalsjohannesburgsouth.co.za, 1
+rubblesandton.co.za, 1
+rubdiavila.com, 1
+ruben.ga, 1
+rubenbaer.ch, 1
+rubenbrito.net, 1
+rubenfelix.tk, 1
+rubengutierrez.tk, 1
+rubenkruisselbrink.nl, 1
+rubenmamo.com, 1
+rubenpeeters.ml, 1
+rubenplazagarcia.es, 1
+rubenroy.com, 1
+rubenruiz.org, 1
+rubens.cloud, 1
+rubenschulz.nl, 1
+rubenshotel.com, 1
+rubenshuis.be, 1
+rubenslikkarchive.com, 1
+rubensteinphotography.com, 1
+rubensvrouwen.tk, 1
+ruber.cf, 1
+rubia.ca, 1
+rubiales.tk, 1
+rubic.tk, 1
+rubiconwi.gov, 1
+rubidium.ml, 1
+rubidium.se, 1
+rubik.tk, 1
+rubika.com.ua, 1
+rubinamillinery.com, 1
+rubinchyk.tk, 1
+rubinnadlan.co.il, 1
+rubiogafsi.com, 1
+rubirubli.tk, 1
+rubix.com, 1
+rublacklist.net, 1
+rublev.tk, 1
+rubonnek.com, 1
+rubooks.gq, 1
+rubreklama.tk, 1
+ruby-auf-schienen.de, 1
+rubyfactory.io, 1
+rubymaybetranslations.com, 1
+rubymediagroup.com, 1
+rubyonline.tk, 1
+rubyonremote.com, 1
+rubyquincunx.com, 1
+rubyquincunx.org, 1
+rubyribbon.com, 1
+rubystore.ga, 1
+rucheentreprise.fr, 1
+ruchka-mashinka.gq, 1
+rucinski.ch, 1
+rucinski.eu, 1
+rucinski.uk, 1
+rucksackrebellen.de, 1
+ruckzuck-privatpatient.de, 1
+rud.is, 1
+rudasl.pl, 1
+rudating.tk, 1
+rudd-o.com, 0
+rude.com, 1
+rudefish.tk, 1
+rudewiki.com, 1
+rudianto.id, 1
+rudibora.ml, 1
+rudimentalluxury.com, 1
+rudloff.pro, 1
+rudnikas.com, 1
+rudolf.gq, 1
+rudolph.life, 1
+rudovasky.com, 1
+rudrastyh.com, 1
+rudy.ga, 1
+rudymendoza.tk, 1
+rue-de-la-vieille.fr, 0
+rueckbeil.com, 1
+rueckert-gymnasium-blog.de, 1
+rueckgr.at, 1
+ruecommune.fr, 1
+ruediger-voigt.eu, 1
+ruedigervoigt.de, 1
+ruedirrenggli.ch, 0
+rueduparticulier.tk, 0
+rueg.eu, 1
+ruero.com, 1
+ruerte.net, 1
+ruexpert.cf, 1
+ruf888.com, 1
+rufartabs.ml, 1
+ruffbeatz.com, 1
+ruffcuts.com.au, 1
+ruffinstorage.com, 1
+ruffkatt.com, 1
+ruffm.com, 1
+ruffnecks.tk, 1
+ruflay.ru, 1
+ruforce.ml, 1
+rugadgets.tk, 1
+rugby.tk, 1
+rugby.video, 1
+rugbynow.com, 1
+rugbyrama.fr, 1
+rugcleaninglondon.co.uk, 1
+rugeley-vets.co.uk, 1
+rugged-cctv.com, 0
+rugk.dedyn.io, 1
+rugspa.ie, 1
+rugstorene.co.uk, 1
+rugugu.jp, 1
+ruha.co.in, 1
+ruhigehand.de, 1
+ruhimustafa.tk, 1
+ruhnke.cloud, 0
+ruhproject.kz, 1
+ruhrdurst.tk, 1
+ruhrmobil-e.de, 1
+ruhrnalist.de, 1
+ruhrpott-media.com, 1
+ruhrpott-media.de, 1
+rui-t.xyz, 1
+ruiduntrading.com, 1
+ruifu.tech, 1
+ruileitao.pt, 1
+ruiming.me, 1
+ruimonteiro.pt, 1
+ruimoreira.co.uk, 1
+ruimtevoor.gent, 1
+ruimtevoorgent.be, 1
+ruin.one, 1
+ruinme.tk, 1
+ruinone.com, 1
+ruinsofchaos.com, 1
+ruiruigeblog.com, 1
+ruitersportbak.nl, 1
+ruixin.org, 1
+rujbin.ddns.net, 1
+ruk.ca, 1
+rukhaiyar.com, 1
+rukiyegarip.art, 1
+ruknguk.tk, 1
+rukouye.cf, 1
+rukouye.ml, 1
+rul.ai, 1
+rulaholding.fi, 1
+rule5.ai, 1
+ruli.tk, 1
+ruliad.de, 1
+rullzer.com, 1
+rultek.tk, 1
+rulu.tv, 1
+ruma.io, 1
+rumaenien.immo, 1
+rumah-tanah-dijual.com, 1
+rumah123.com, 1
+rumahbukitpodomoro.com, 1
+rumahcodingtest.tk, 1
+rumahkeadilan.co.id, 1
+rumahkristal.tk, 1
+rumahminimalisoi.com, 1
+rumahpropertigratis.com, 1
+rumahresep.cf, 1
+rumartinez.es, 1
+rumata.pub, 1
+rumatallc.com, 1
+rumbasguayaquil.com, 1
+rumble.com, 1
+rumbleline.ga, 1
+rumeli.edu.tr, 1
+rumemi.com, 1
+rumenka.tk, 1
+ruminecraftru.tk, 1
+rumix.ga, 1
+rumix.tk, 1
+rumlager.de, 1
+rummage4property.co.uk, 1
+rummey.co.uk, 1
+rumreader.com, 1
+rumtaste.com, 1
+rumus.co.id, 1
+rumusbilangan.com, 1
+rumussoal.com, 1
+run-it-direct.co.uk, 1
+run.vn, 1
+runagain.ch, 0
+runalyze.com, 1
+runame.ml, 1
+runar-data.de, 1
+runbo-australia.ga, 1
+runbo-new-zealand.ga, 1
+runbo-nz.ga, 1
+runboaustralia.ga, 1
+runcarina.com, 1
+rundh-audio.de, 1
+rundh.de, 1
+rundom.co, 1
+rundu.ml, 1
+rundum-service-omh.de, 1
+rundumcolumn.xyz, 1
+runebet.com, 1
+runeblog.ru, 1
+runecaster.tk, 1
+runementors.com, 0
+runes.cf, 1
+runescape.wiki, 1
+runescapelordsconquest.tk, 1
+runesforbeginners.com, 1
+runet.cf, 1
+runetracker.org, 1
+runeworldforums.tk, 1
+runews.cf, 1
+runfitcoaching.com, 1
+rungie.com, 0
+rungisinternational.com, 1
+rungstedhave.dk, 1
+rungutan.com, 1
+runicspells.com, 1
+runklesecurity.com, 1
+runlet.gq, 1
+runlevel3.de, 1
+runmyprocess.com, 1
+runmyqubit.com, 1
+runmyqubit.de, 1
+runmyvillage.com, 1
+runner.az, 1
+runners.yoga, 1
+runnerslab.com, 1
+runningcitadel.com, 1
+runningfast.cf, 1
+runningrabb.it, 1
+runningshows.tk, 1
+runpartner.com, 1
+runrun.es, 1
+runrun.sk, 1
+runschrauger.com, 1
+runvs.io, 1
+ruobiyi.com, 0
+ruobr.ru, 1
+ruonavaara.fi, 1
+ruoskachile.tk, 1
+rupeek.com, 1
+rupeespeaks.tk, 1
+rupeevest.com, 1
+rupom.me, 1
+rupool.tk, 1
+rupostel.com, 1
+rupressa.tk, 1
+ruprivorot.tk, 1
+rupture-skate.tk, 1
+ruptureradio.com, 1
+ruqbnsmokebbq.ga, 1
+ruquiz.tk, 1
+rural-house.tk, 1
+rural.gov, 1
+ruralhousing.es, 1
+ruralis.it, 1
+ruralsuppliesdirect.co.uk, 1
+rurange-les-thionville.fr, 1
+ruri.io, 1
+rurian-gyohen.com, 1
+ruris.bg, 1
+ruro.tk, 1
+rurouni.tk, 1
+rus-blog.tk, 1
+rus-call.com, 1
+rus-manual.tk, 1
+rusa.loan, 1
+rusakov.tk, 1
+rusdigisolutions.com, 1
+ruse.church, 1
+ruseartgallery.tk, 1
+rusenemas.tk, 1
+rusexmany.ml, 1
+rush49.com, 1
+rushashkyfond.com, 1
+rushbmedia.com, 1
+rushcountykansas.gov, 1
+rushmix.com, 0
+rushmyessay.gq, 1
+rushpoppershop.co.uk, 1
+rushriverwi.gov, 1
+rushtonparay.com, 1
+rushyo.com, 1
+rusichi.tk, 1
+rusien-den.com, 1
+rusificatio.tk, 1
+rusifikator.tk, 1
+rusiptv.cf, 1
+ruska-modra.cz, 1
+ruskamodra.cz, 1
+ruskcountytx.gov, 1
+ruski.tk, 1
+ruskod.net, 1
+ruslandautohuur.nl, 1
+rusmir.tk, 1
+rusmodel.tk, 1
+rusmolotok.ru, 1
+rusnalog.ru, 1
+rusnicolas.cf, 1
+rusnum.com, 1
+rusnum.ru, 1
+rusorg.de, 1
+ruspolik.ru, 1
+rusposuda.cf, 1
+russ-portal.tk, 1
+russandol.eu, 1
+russchooljordan.tk, 1
+russell-ar.gov, 1
+russell-tech.co.uk, 1
+russellcountyky.gov, 1
+russellenvy.com, 1
+russelljohn.net, 1
+russellmeek.net, 1
+russellshobby.com, 1
+russellupevents.co.uk, 1
+russia-furniture.tk, 1
+russia-knigi.ga, 1
+russia-rp.tk, 1
+russia.wtf, 1
+russiahockey.tk, 1
+russiahunting.tk, 1
+russialife.gq, 1
+russian-artist.tk, 1
+russian-fur.tk, 1
+russian-knights.ru, 1
+russian-page.tk, 1
+russianbearsmotorsport.tk, 1
+russianbluecatsguide.com, 1
+russianbrides.cf, 1
+russianbridge.org, 1
+russianbristol.tk, 1
+russiancrimes.in.ua, 1
+russianews.cf, 1
+russianews.ga, 1
+russianflora.com, 1
+russianflora.ru, 1
+russianpostcalc.ru, 1
+russianpunkrock.tk, 1
+russianrandom.ru, 1
+russiantranslation.tk, 1
+russinfo.net, 1
+russisch.tk, 1
+russograffix.tk, 1
+russpuss.ru, 1
+rust.cf, 1
+rust.mn, 1
+rust.pm, 1
+rust.yokohama, 1
+rustambek.tk, 1
+rustamkhanko.gq, 1
+rustdesk.com, 1
+rustfactory.io, 1
+rustfanatic.com, 1
+rustfu.rs, 1
+rusticpathways.com.au, 1
+rusticroadlandscaping.com, 1
+rusticus-consulting.de, 0
+rustls.com, 1
+rustls.org, 1
+rustonla.gov, 1
+rustup.rs, 1
+rusty44.com, 1
+rustyrambles.com, 0
+rustytub.com, 1
+rusunion.org, 1
+ruswomen.tk, 1
+ruta-66.tk, 1
+rutadelastermitas.tk, 1
+rutalimon.com, 1
+rutar.org, 1
+rutas-turisticas.com, 1
+rutascostarica.viajes, 1
+rutasindonesia.viajes, 1
+rutasmaldivas.viajes, 1
+rutavietnam.com, 1
+rutazeus.tk, 1
+ruter.myftp.org, 1
+rutgerbrouwer.tk, 1
+rutgerschimmel.nl, 0
+rutgershealth.org, 1
+ruthbarrettmusic.com, 1
+ruthbellgrahammemorial.org, 1
+ruthhaloho.com, 1
+ruthil.co.il, 1
+ruthil.com, 1
+ruthmarques.com.br, 1
+rutiger.com, 1
+rutika.ru, 1
+rutlandma.gov, 1
+rutorka.tk, 1
+ruttenadvocaat.be, 1
+rutterroy.com, 1
+ruud-online.tk, 1
+ruudkoot.nl, 1
+ruurdboomsma.nl, 1
+ruvoip.net, 1
+ruwhof.com, 1
+ruwhof.net, 1
+ruxit.com, 0
+ruya.com, 1
+ruyana.tk, 1
+ruyatabirleri.com, 1
+ruyatabirlerin.gen.tr, 1
+ruzaevka.tk, 1
+ruzovyslon.cz, 1
+rv-jpshop.com, 1
+rva.gov, 1
+rvaneijk.io, 1
+rvantwembeke.tk, 1
+rvem.org, 1
+rvender.cz, 1
+rvf6.com, 1
+rvmfm.com, 1
+rvoigt.eu, 1
+rvpoweroutlet.com, 1
+rvrcleaning.nl, 0
+rvsa2bevestigingen.nl, 1
+rvsa4bevestigingen.nl, 1
+rvsbevestigingen.nl, 1
+rvss-or.gov, 1
+rvvc.im, 1
+rw-invest.com, 1
+rw.search.yahoo.com, 0
+rw2.de, 1
+rwalch.at, 1
+rway.pro, 1
+rwgamernl.ml, 1
+rwhapdentalservicesreport.net, 1
+rwky.net, 1
+rwlib.net, 1
+rws-cc.com, 1
+rws-vertriebsportal.de, 1
+rwx.ovh, 1
+rwx.work, 1
+rx-base.nl, 1
+rx-diet.com, 1
+rxbn.de, 1
+rxbusiness.com, 1
+rxcarbon.com, 1
+rxcom.net, 1
+rxphoto.com, 1
+rxtx.pt, 0
+rxxx.ml, 1
+ry88url.com, 1
+ryabinushka.tk, 1
+ryan-13.tk, 1
+ryan-design.com, 1
+ryan-gehring.com, 1
+ryan-goldstein.com, 1
+ryananeff.com, 1
+ryanclemmer.com, 1
+ryancmassey.com, 1
+ryancompanies.com, 1
+ryandewsbury.co.uk, 1
+ryanfamily.net.au, 1
+ryanhopk.com, 1
+ryanhowell.io, 1
+ryanjarvis.law, 1
+ryankearney.com, 0
+ryankilfedder.com, 1
+ryanonfire.tk, 1
+ryanparman.com, 1
+ryanrichardwalker.com, 1
+ryansmithphotography.com, 1
+ryanwordpress.com, 1
+ryazagro.ru, 1
+ryazan-region.ru, 1
+ryazancity.tk, 1
+rybak-opt.ru, 1
+rybak-russia.ru, 1
+rybalku.ru, 1
+rybarski.com, 1
+rybinsk.ga, 1
+rybnitsa.cf, 1
+rybnitsa.ga, 1
+rybnitsa.gq, 1
+rybnitsa.tk, 1
+rybox.info, 1
+rychlikoderi.cz, 0
+rycose.com, 1
+rycose.net, 1
+rycpk.org, 1
+ryd.no, 1
+rydeify.com, 1
+ryder.tk, 1
+rydercragie.co.uk, 1
+rydercragie.com, 1
+rydercragie.uk, 1
+rydermais.tk, 1
+ryderstatus.com, 1
+rydi.org, 1
+ryejuice.sytes.net, 1
+ryenews.org.uk, 1
+ryfma.com, 1
+rygy.com.br, 1
+rygyatacado.com.br, 1
+ryland.consulting, 0
+rylbyte.com, 1
+rylin.net, 1
+rymanow.tk, 1
+rymdweb.com, 1
+rymergames.tk, 1
+rymshospital.com, 1
+rynekpierwotny.pl, 1
+rynkebo.dk, 1
+ryobitools.eu, 1
+ryoch.in, 1
+ryois.me, 1
+ryois.net, 1
+ryona.agency, 1
+rys.pw, 1
+rythm.es, 1
+ryu-ga-gotoku-audition.com, 1
+ryu22e.org, 1
+ryuanerin.kr, 1
+ryuukei-nf.tk, 1
+ryvit.com, 1
+ryzen.cz, 1
+ryzhov.me, 1
+rzeczy-silene.pl, 1
+rzero.com, 1
+rzero.tk, 1
+rzhv1.cf, 1
+rzip.de, 1
+rzr.supplies, 1
+rzsmt.com, 1
+s-c.se, 1
+s-cubed.net, 1
+s-deal.eu, 1
+s-geiser.de, 1
+s-gong.com, 1
+s-he.at, 1
+s-hertogenbosch.tech, 1
+s-housing.vn, 1
+s-huset.dk, 1
+s-i-m.tk, 1
+s-ip-media.de, 1
+s-mainte.com, 1
+s-mall.com.sg, 1
+s-n-unso.com, 1
+s-on.li, 1
+s-pegasus.com, 1
+s-pro.io, 1
+s-s-paint.com, 1
+s-sisters.ru, 1
+s-team.tk, 1
+s-u.pw, 1
+s-yuz.com, 1
+s-zwrm.de, 1
+s.ai, 1
+s.ee, 1
+s.lu, 1
+s.sb, 1
+s.td, 1
+s.team, 1
+s.tt, 1
+s.wtf, 1
+s007.co, 1
+s0923.com, 1
+s0laris.co.uk, 1
+s0t.ru, 1
+s1-llc.com, 1
+s10y.eu, 1
+s1128.com, 1
+s1mplescripts.de, 1
+s1ris.org, 1
+s2.coach, 1
+s20121946.ml, 1
+s26s.com, 1
+s2i.ch, 0
+s2member.com, 1
+s2n.tech, 1
+s2t.net, 1
+s36533.com, 1
+s3call.ddns.net, 0
+s3chat.ddns.net, 1
+s3cur1ty.com, 1
+s3cur3.it, 1
+s3file.ddns.net, 1
+s3gfault.com, 1
+s3lph.me, 1
+s3w.es, 1
+s3waas.gov.in, 1
+s402.de, 1
+s404.de, 1
+s44.eu, 1
+s4c.cymru, 0
+s4db.net, 1
+s4hosting.in, 1
+s4media.org, 1
+s4media.xyz, 1
+s4q.me, 1
+s4tips.com, 1
+s4ur0n.com, 1
+s5197.co, 1
+s550.cc, 0
+s551.cc, 0
+s552.cc, 0
+s553.cc, 0
+s556.cc, 0
+s557.cc, 0
+s558.cc, 0
+s559.cc, 0
+s5g8.com, 1
+s6.tel, 1
+s64.cz, 1
+s6729.co, 1
+s6729.com, 1
+s6957.co, 1
+s6jl.com, 1
+s6n.jp, 1
+s6o.de, 1
+s82365.com, 1
+s88.com, 1
+s8a.me, 1
+s92.cloud, 1
+s92.io, 1
+s92.me, 1
+s9297.co, 1
+s95.de, 1
+s9728.co, 1
+s9h.cn, 0
+sa-blog.net, 1
+sa-mp.me, 1
+sa-mp.ro, 1
+sa-refer.nhs.uk, 1
+sa-stu.com, 1
+sa-studio.chat, 1
+sa.gov, 1
+sa.net, 1
+sa68.cc, 1
+sa88.cc, 0
+saadat.in.ua, 1
+saadurrehman.tk, 1
+saam.aero, 1
+saamhorigheidsfonds.nl, 0
+saanich.ca, 1
+saap.me, 1
+saaral.org, 1
+saarehaigla.ee, 1
+saaremaa.tk, 1
+saaricraft.ml, 1
+saarloosschilderwerken.nl, 1
+saarteliinid.ee, 1
+saas.de, 1
+saatchiart.com, 1
+saathi.asia, 1
+sab.id, 1
+saba-piserver.info, 1
+saba-shop.tk, 1
+sabachat.tk, 1
+sabahattin-gucukoglu.com, 1
+sabaland.tk, 1
+sabanco.com.br, 1
+sabaplastic.co, 1
+sabatikirooms.com, 1
+sabbat-wildfire.tk, 1
+sabbaticalhomes.com, 1
+sabbottlabs.com, 1
+sabedinovski.tk, 1
+saber-nyan.com, 1
+sabesprev.com.br, 1
+sabghijewelers.com, 1
+sabharwallawfirm.ca, 1
+sabhindimai.net, 1
+sabians.tk, 1
+sabiasque.pt, 1
+sabine-forschbach.de, 1
+sabineforschbach.de, 1
+sablanout.com, 1
+sable.gq, 1
+sabmobile.pk, 1
+saborcaribe.tk, 1
+saboresdamontanha.com.br, 1
+sabranie.com, 1
+sabrina-auer.tk, 1
+sabrinajoias.com, 1
+sabrinajoias.com.br, 1
+sabrinajoiasprontaentrega.com.br, 1
+sabrinajoiasvarejo.com.br, 1
+sabrinamiskiewicz.tk, 1
+sabrinarus.tk, 1
+sabrinazeidan.com, 1
+sabrine.tk, 1
+sabris.com, 1
+sabung-ayam.net, 1
+sabworldtricks.tk, 1
+sac-shoes.fr, 1
+sacabc.ca, 1
+sacademica.tk, 1
+sacaentradas.com, 1
+saccani.net, 1
+saccottino.tk, 1
+saccounty.gov, 1
+saccountyiowa.gov, 1
+sace.ca, 1
+sace.org.za, 1
+sacektirme.tk, 1
+sacfreightlines.com, 1
+sacha-botz.com, 0
+sacharidovejednotky.eu, 1
+sachasmets.be, 1
+sachiepvien.net, 1
+sachinchauhan.ml, 1
+sachk.com, 0
+sachse.info, 0
+sachsenlady.com, 1
+sachte-restaurant.de, 1
+sacians.tk, 1
+sacibo.ga, 1
+sackmesser.ch, 1
+saclier.at, 1
+saco.tech, 1
+sacodealegria.com, 1
+sacprincesse.com, 1
+sacramentocounty.gov, 1
+sacramentum.tk, 1
+sacreatedesign.com, 1
+sacreativity.com, 1
+sacred-destinee.tk, 1
+sacred-knights.net, 1
+sacredart-murals.co.uk, 1
+sacredheart-cliftonheights.net, 1
+sacredheartbath.org, 1
+sacredheartmission.org, 1
+sacredmessages.net, 1
+sacredsecondhandbooks.com.au, 1
+sacrome.com, 1
+sacrosanctus.tk, 1
+sacscoc.org, 1
+sacwellness.com, 1
+sad-berezka.ru, 0
+sadbox.es, 1
+sadbox.org, 1
+sadbox.xyz, 1
+sadeedos.systems, 1
+sadeem.space, 1
+sadev.co.za, 1
+sadhana.cz, 1
+sadhanaclub.de, 1
+sadhawkict.org, 1
+sadiejanehair.com, 1
+sadiestavern.cf, 1
+sadiestavern.ga, 1
+sadiestavern.gq, 1
+sadiestavern.ml, 1
+sadievilleky.gov, 1
+sadiosang.net, 1
+sadiqloaded.tk, 1
+sadjawebsolutions.com, 1
+sadko-group.com, 1
+sadkodesign.com.ua, 1
+sadmansh.com, 1
+sadou.kyoto.jp, 0
+sadoun.com, 1
+sadovskiy.tech, 1
+sadrailsim.de, 1
+sadsu.com, 0
+sadtxt.com, 1
+sadurscy.pl, 1
+sadus.tk, 1
+saechsischer-christstollen.shop, 0
+saeder-krupp.de, 1
+saeedvaladbaygi.info, 1
+saeidii.com, 1
+saeitalianfood.com, 1
+saenforcement.agency, 1
+saengsook.com, 1
+saengsuk.com, 1
+saevor.com, 1
+saf.earth, 1
+safagiza.ml, 1
+safalfasalonline.in, 1
+safar.sk, 1
+safara.host, 1
+safarimasaimara.com, 1
+safataviationgroup.com, 1
+safatech.me, 1
+safc.tk, 1
+safe-kim.com, 1
+safeacs.com, 1
+safeadmin.ga, 1
+safeandsecureserver.com, 1
+safearth.training, 1
+safeathomeohio.gov, 1
+safeatlast.co, 1
+safebaseflorida.com, 1
+safebaseinc.com, 1
+safebasementswaterproofing.com, 1
+safebits.ch, 1
+safebits.de, 1
+safebits.eu, 1
+safebits.fr, 1
+safebits.it, 1
+safeboard.ml, 1
+safebus.io, 1
+safecar.gov, 1
+safecircuitelectric.com, 1
+safecoin.tech, 1
+safecso.cf, 1
+safedrivepod.com, 1
+safeers.tk, 1
+safefreehost.gq, 1
+safefreepornsites.com, 1
+safegas.com.ua, 1
+safegold.ca, 1
+safegroup.pl, 1
+safeguardace.com, 1
+safeguardhosting.ca, 1
+safehero.com, 1
+safeheron.com, 1
+safeheron.vip, 1
+safehouse.zone, 1
+safehousepestcontrol.au, 1
+safeinfra.nl, 1
+safekidney.com.tw, 1
+safeme.ga, 1
+safeme.gq, 1
+safemt.gov, 1
+safenetwork.it, 1
+safensoundstoragegroton.com, 1
+safeo.fr, 1
+safeocs.gov, 1
+safeplay.co, 1
+safeplayground.net, 1
+safeporn.org, 1
+safeprint.pt, 1
+safer-software.tk, 1
+safera.com, 1
+safercar.gov, 1
+saferchildren.eu, 0
+saferequest.net, 1
+saferfederalworkforce.gov, 1
+safermao.fr, 1
+saferpost.com, 1
+saferproduct.gov, 1
+saferproducts.gov, 1
+saferrafrica.org, 1
+safersurfing.eu, 0
+safertruck.gov, 1
+safescif.com, 1
+safesearchs.com, 1
+safesecuretrusted.com, 1
+safesecurevital.ca, 1
+safesmartvent.com, 1
+safesoundcounselingllc.com, 1
+safestayok.gov, 1
+safestreets.cf, 1
+safetables.ga, 1
+safethishome.com, 1
+safetrainingservices.co.uk, 1
+safetrax.in, 1
+safety-in-construction.tk, 1
+safety.co.nz, 1
+safetycloud.me, 1
+safetydrivessuccess.com, 1
+safetymeasuresas.com, 1
+safetymp3.com, 1
+safetynames.com, 1
+safetynation.co.uk, 1
+safetynetwork.me, 1
+safetynigeria.com, 1
+safetyrange.com, 1
+safetyrisk.net, 1
+safetysite.tips, 1
+safetysource.co.nz, 1
+safevault.org, 1
+safevisit.com.au, 1
+safewatchsecurity.ie, 1
+safewayins.com, 1
+safewayinsurance.com, 1
+safewaysecurityscreens.com.au, 1
+safex.org, 1
+saffron.com, 1
+safijourney.com, 1
+safinamide.co.uk, 1
+safiosolutions.com, 1
+safirakbar.tk, 1
+safire.ac.za, 1
+safkgroup.com, 1
+safleo.org, 1
+safquh.com, 1
+sag-consultores.com, 1
+sagacioussuricata.com, 1
+sagagardencentre.co.uk, 1
+sagan.tk, 1
+sagarawat.in, 1
+sagareserve.com, 1
+sagargandecha.com.au, 0
+sagasailing.dk, 1
+sagauae.com, 1
+sageclinic.org, 1
+sagefitness.store, 1
+sagegardens.ca, 1
+sagenesykkel.com, 1
+sagenet.net.au, 0
+sagerus.com, 1
+sageseeds.info, 1
+sagetel.ga, 1
+sageth.com, 1
+saggis.com, 1
+saggytitsporn.com, 1
+saghekin.com, 1
+sagicorgeneral.com, 1
+sagicorlife.com, 1
+sagicorlifeusa.com, 1
+sagitta.hr, 1
+saglik-haberleri.tk, 1
+saglikhaber.tk, 1
+sagliklidegisim.com, 1
+sagnette.xyz, 1
+sago.group, 1
+sagomedia.tk, 1
+sagradobyme.cl, 1
+sagretreviso.it, 1
+sahabatnesia.com, 1
+sahafekitap.com, 1
+sahalin.tk, 1
+sahalinskiy.gq, 1
+sahar.io, 1
+saharacloud.com, 1
+sahararun.tk, 1
+saharazik.tk, 1
+saharmassachi.com, 1
+sahb.dk, 1
+sahinozgenhukuk.com, 1
+sahkotyot.eu, 1
+sahpa.co.za, 1
+saibotk.de, 1
+said.id, 1
+said.it, 1
+said.my.id, 1
+saidpurtechnical.tk, 1
+saidrive.net, 1
+saidrive.online, 1
+saidtezel.com, 0
+saieditor.com, 1
+saifonvillas.com, 1
+saifoundation.in, 1
+saifoundation.org, 1
+saigonflowers.com, 1
+saigonland24h.vn, 1
+saigonstar.de, 1
+saikarra.com, 1
+saikou.moe, 1
+saikouji.tokushima.jp, 1
+sail-holidays-hub.gr, 1
+sail-nyc.com, 1
+sailarmada.com, 1
+sailboatdata.ddns.net, 1
+sailormoondoujinshi.org, 1
+sailormoonevents.org, 1
+sailormoonfansubs.com, 1
+sailormoongallery.org, 1
+sailormoonlibrary.org, 1
+sailum.tk, 1
+sailwiz.com, 1
+saily.pl, 1
+saimedia.net, 1
+saimithrayoga.nl, 1
+saimoe.moe, 1
+saimoe.org, 1
+sainama.com, 1
+sainet.xyz, 1
+sainetworks.net, 1
+sainews.net, 1
+sainikbiswas.com, 0
+sainokuni-eng.jp, 1
+sainsburys.jobs, 1
+sainsburysbusinessdirect.co.uk, 1
+sainshand.tk, 1
+saint-aubin-sur-scie.fr, 1
+saint-bernard-gouesch.fr, 1
+saint-clan.tk, 1
+saint-cyril.com, 1
+saint-leonard.fr, 1
+saint-peterburg.tk, 1
+saint-petersburg.cf, 1
+saint-petersburg.gq, 1
+saint-petersburg.ml, 1
+saint-ssd.org, 1
+saintaardvarkthecarpeted.com, 1
+saintanne.net, 1
+saintanthonylakin.org, 1
+saintaugustineschool.tk, 1
+saintbernardpetcare.com, 1
+saintefoy-tarentaise.fr, 1
+saintereso.tk, 1
+sainteugenechurch.net, 1
+sainteugeneschurch.com, 1
+saintfrancescabrini.net, 1
+saintgabrielparish.org, 1
+sainth.de, 0
+sainthedwig-saintmary.org, 1
+sainthelena-centersquare.net, 1
+sainthelenaparish.net, 1
+sainthelenas.org, 1
+saintisidorecyo.com, 1
+saintjamestheapostle.org, 1
+saintjosephschurch.net, 1
+saintleochurch.net, 1
+saintlouisfence.com, 1
+saintmarkchurch.net, 1
+saintmaryna.com, 1
+saintmaryscathedral-trenton.org, 1
+saintmichaelpress.tk, 1
+saintpatrick-norristown.net, 1
+saintpetersburg.cf, 1
+saintpetersburg.ga, 1
+saintpetersburg.gq, 1
+saintpetersburg.ml, 1
+saintphilipneri.org, 1
+saintpius.net, 1
+saintpolycarp.org, 1
+saintseiya-temple.tk, 1
+saintsrowmods.com, 1
+sainttheresahome.org.sg, 1
+saintvincent.tk, 1
+saintw.com, 0
+sainzderozas.com, 1
+saipariwar.com, 1
+saipeople.net, 1
+saiputra.com, 1
+saiputra.net, 1
+sairadio.net, 1
+sairadio.net.in, 1
+sairadio.one, 1
+sairai.bid, 1
+sairlerimiz.tk, 1
+sairus.fr, 1
+saisandesh.org, 1
+saisecure.net, 1
+saiserver.net, 1
+saisons-fruits-legumes.fr, 1
+saisyuusyou-ikebukuro.com, 1
+saisyuusyou-omiya.com, 1
+saisyuusyou-takasaki.com, 1
+saisyuusyou-utsunomiya.com, 1
+sait.health, 1
+saitapovan.com, 1
+saitas.net, 1
+saito-koken.co.jp, 1
+saitrance.com, 1
+saitschool.ml, 1
+saitv.net, 1
+saitv.org.in, 1
+saivang.com, 1
+saiwebtv.com, 1
+sajabesaya.tk, 1
+sajbersove.rs, 1
+sajdowski.de, 0
+sajjadrezaei.fit, 1
+sajjadzaidi.com, 1
+sajt-vizitka-nedorogo.ru, 1
+sajter.ga, 1
+sakac.cz, 1
+sakainvest.com, 1
+sakaki.anime.my, 0
+sakamichi.moe, 1
+sakaryahaberi.tk, 1
+sakder.com, 1
+sake.my, 1
+sakellariadis.gr, 1
+sakenohana.com, 1
+sakerhetsbubblan.se, 1
+sakiborislam.com, 1
+sakipsabancimuzesi.org, 1
+sakirdak.tk, 1
+sakitama-shika.com, 1
+sakiyamagumi.com, 1
+saklad5.com, 1
+sako-lab.jp, 1
+sakostacloud.de, 1
+sakrajda.eu, 1
+saksham.org, 1
+sakshi.gq, 1
+saksonski-szlak-parowozow.pl, 1
+sakura-paris.org, 1
+sakuracdn.com, 1
+sakurapalace.tk, 1
+saladgo.id, 1
+saladin.vn, 1
+salahospitality.com, 1
+salalfoundation.ca, 0
+salamanders.tk, 1
+salamence.tk, 1
+salamzibaei.com, 1
+salariominimo.com.co, 1
+salarycalculatoruk.co.uk, 1
+salaryfinance.com, 1
+salas.cf, 1
+salas.tk, 1
+salasbanquetes.cl, 1
+salat-s-krevetkami.ru, 1
+salati.tk, 1
+salatiga.com, 1
+salatiga.net, 1
+salboy.co.uk, 1
+salce.com.au, 1
+salco-company.com, 1
+sald.us, 1
+saldanda.ml, 1
+salde.net, 1
+salduero.tk, 1
+sale-internet.cf, 1
+sale-sokuho.com, 1
+sale4ru.ru, 1
+saleaks.org, 1
+salebaba.com, 1
+saleduck.at, 1
+saleduck.ch, 1
+saleduck.co.id, 1
+saleduck.co.th, 1
+saleduck.com.my, 1
+saleduck.com.ph, 1
+saleduck.com.sg, 1
+saleduck.com.vn, 1
+saleduck.dk, 1
+saleduck.fi, 1
+saleduck.se, 1
+saledump.nl, 1
+saleem.cf, 1
+salegor.tk, 1
+saleh4unraid.cyou, 1
+salekaz.ru, 1
+salemma.gov, 1
+salempress.com, 1
+salensmotors-usedcars.be, 1
+salento-nostro.tk, 1
+salentocab.com, 1
+salerno-on-line.tk, 1
+salernonotizie.it, 1
+salernotoday.it, 1
+salery.ga, 1
+sales-experience.nl, 1
+sales-respect.nl, 1
+salesdesign.vn, 1
+salesdivisie.nl, 1
+salesdock.be, 1
+salesdock.de, 1
+salesdock.nl, 1
+salesflare.com, 1
+salesforce-communities.com, 1
+salesforce-experience.com, 1
+salesforce-hub.com, 1
+salesforce-scrt.com, 1
+salesforce-setup.com, 1
+salesforce-sites.com, 1
+salesforce.mil, 1
+salesforceliveagent.com, 1
+salesforcescrt.com, 1
+salesfunnelfirstaid.com, 1
+saleskeyonline.com, 1
+salesoutcomes.com, 1
+salesprocessing.gq, 1
+saletodo.com, 1
+saleturs.tk, 1
+saletzki.de, 1
+salework.net, 0
+salge.rocks, 1
+salhiyatower.com, 1
+salibandy.tk, 1
+salidaswap.com, 1
+salilab.org, 1
+salim.space, 1
+salimicm.com, 1
+salinecountyks.gov, 1
+salinecountyne.gov, 1
+salinemi.gov, 1
+salinevilleoh.gov, 1
+salins-les-bains.com, 1
+salisburylehighpa.gov, 1
+salisburyreds.co.uk, 1
+salisucre.fr, 1
+salland1.nl, 1
+salle-quali.fr, 0
+salledebainmontreal.gq, 1
+sallisawok.gov, 1
+sally-secret.com, 1
+sallyandruss.ca, 1
+sallyangeli.tk, 1
+sallycooke.co.uk, 1
+sallydowns.name, 1
+sallyheerenveen.nl, 1
+sallyjo.tk, 1
+sallyman.de, 1
+salmadenora.net, 1
+salman.agency, 1
+salmanravoof.com, 1
+salmati.de, 1
+salmelainenwalter.tk, 1
+salminencrane.tk, 1
+salmo-rybak.ru, 1
+salmonde.de, 1
+salmonella.co.uk, 1
+salmonrecovery.gov, 1
+salmotierra-salvatierra.com, 0
+salnet.wf, 1
+salo.fi, 1
+salon-de-patchouli.com, 1
+salon-hinata.biz, 1
+salon-largo.com, 1
+salon-legato.com, 1
+salon-minipli.de, 1
+salon-svadbi.tk, 1
+salon-yuan.jp, 0
+salon.io, 0
+salon1.ee, 1
+salonasymetria.com, 1
+salonboothuren.amsterdam, 1
+salone-mio.com, 1
+salonestella.it, 1
+saloniestate.ml, 1
+salonist.io, 1
+salonkaufmann.it, 1
+salonmarjon.nl, 1
+salonni.tk, 1
+salonsantebienetre.ch, 0
+salrosadohimalaia.com, 1
+salsa-straubing.de, 1
+salsa.berlin, 1
+salserocafe.com, 0
+salt-travel.cf, 1
+salt.fish, 1
+saltandlight.sg, 1
+saltbythesea.com, 0
+saltcave.gq, 1
+saltedfish.network, 1
+saltedge.com, 1
+saltedpasta.com, 1
+salter.com.tr, 1
+saltercane.com, 0
+saltlakecounty.gov, 1
+saltlakehealth.gov, 1
+saltnsauce.cf, 1
+saltnsauce.ga, 1
+saltnsauce.gq, 1
+saltnsauce.ml, 1
+saltrecovery.com.au, 1
+saltro.nl, 0
+saltstack.cz, 1
+saltsugarlove.de, 1
+saltus.ga, 1
+saltwaterfishaspets.com, 1
+saltydogpaddle.org, 1
+saltykai.com, 1
+saltyproshop.com, 1
+salud-paratodos.com, 1
+salud.top, 0
+saludakeuring.nl, 1
+saludmas.site, 1
+saludmaspro.com, 1
+saludnutrivida.com, 1
+saluels.servemp3.com, 1
+salukinet.tk, 1
+salunganogroup.com, 1
+salus-cm.care, 1
+salussafety.io, 1
+salut-butovo.cf, 1
+salutenaturale.com.br, 1
+salutes.tk, 1
+salutethefish.com, 1
+salutethegrains.com, 1
+salutethepig.com, 1
+salutparis.ml, 1
+salva.ovh, 1
+salva.re, 1
+salvaalocombia.com, 1
+salvadoralevin.tk, 1
+salvadorcorriols.tk, 1
+salvadorinfantil.tk, 1
+salvalartesicilia.it, 1
+salvameblog.tk, 1
+salverainha.org, 1
+salwyrr.com, 1
+salz-und-sinn.de, 1
+salzamt.tk, 1
+salzburg-erfahren.at, 1
+salzburg-verkehr.at, 1
+salzburgsfinest.tk, 1
+salzerperu.com, 1
+salzmann.solutions, 1
+sam-football.fr, 1
+sam.gov, 1
+sam66.cc, 1
+sam88.cc, 1
+samabest.tk, 1
+samalderson.co.uk, 1
+samandcatonline.tk, 1
+samandej.ir, 1
+samanexports.in, 1
+samangel.org, 1
+samanhatami.ir, 1
+samanthabiggers.com, 1
+samanthasmith.tk, 1
+samar-leyte.tk, 1
+samara-avia.ru, 1
+samara-hosting.tk, 1
+samarhotel.com, 1
+samaritainsmeyrin.ch, 0
+samarpanfurniture.com, 1
+samarth.edu.in, 1
+samarthtyagi.tk, 1
+samatva-yogalaya.com, 1
+samba.org, 1
+sambeso.net, 1
+sambot.ru, 1
+sambot22.tk, 1
+sambuchanan.tk, 1
+samcera.gov, 1
+samclarke.com, 1
+samclarke.uk, 1
+samdev.io, 1
+same.lol, 1
+samedamci.com, 1
+samedis.care, 1
+samegoal.com, 1
+samegoal.org, 1
+samel.de, 1
+samelol.com, 1
+samentest.tk, 1
+samenuitsamenthuis.tk, 1
+samenvoorelkaar.nl, 1
+samenvoormedicatieoverdracht.nl, 1
+samenwerkingsportaal.nl, 1
+samepage.io, 1
+samesound.ru, 1
+sametcanaz.tk, 1
+sameteem.com, 1
+sametimetomorrow.tk, 1
+sameworks.com, 1
+samh.org.uk, 1
+samhall.se, 1
+samhsa.gov, 1
+samhuri.net, 1
+samic.ir, 1
+samic.org, 1
+samic.us, 1
+samifar.in, 1
+samilyanov.tk, 1
+samin.tk, 1
+samir-software.tk, 1
+samiratv.tk, 1
+samishnation.gov, 1
+samisoft.ir, 1
+samiysok.cf, 1
+samkelleher.com, 1
+samkoandmikotoywarehouse.com, 1
+saml-gateway.org, 1
+saml2.com, 1
+samlam.ddns.net, 1
+samlamac.com, 1
+samlaw.co.nz, 0
+sammich.eu, 1
+sammich.social, 1
+sammichscripts.com, 1
+sammyservers.com, 1
+sammyservers.net, 1
+samodel.ml, 1
+samodel.tk, 1
+samogonka.tk, 1
+samokhin.cf, 1
+samorazvitie.ru, 1
+samorzad.gov.pl, 1
+samosad.tk, 1
+samotorsporttyres.com.au, 1
+samoyeddogsguide.com, 1
+samoylov.gq, 1
+samoylyk.net, 0
+samozdraw.ga, 1
+sampaguide.com, 1
+sampath.lk, 1
+sampatjewelers.com, 1
+sample-site.click, 1
+samplefashion.nl, 1
+sampsoncountync.gov, 1
+sampurna.shop, 1
+samroelants.com, 1
+sams.wtf, 1
+samsatcorner.com, 1
+samscollection.in, 1
+samsebe.ml, 1
+samsebe.tk, 1
+samsepi0l.ovh, 1
+samshouseofspaghetti.net, 1
+samson-td.com, 1
+samson.org.au, 1
+samsreseller.com, 1
+samstudios.tk, 1
+samsunghalfmarathon.com, 1
+samtalen.nl, 1
+samudranesia.id, 1
+samuel-brown.com, 1
+samuel-philipp.de, 1
+samuelbeckett.tk, 1
+samuelbramley.com, 1
+samuelharmon.com, 1
+samuelkeeley.com, 1
+samuelkyalo.tk, 1
+samuelphotos.com, 1
+samuels-blog.de, 1
+samuels-graphics.tk, 1
+samuidiving.net, 1
+samuirehabcenter.com, 1
+samurai-marumori.com, 1
+samuraichair.com, 1
+samuraiskye.com, 1
+samusil.org, 1
+samvanderkris.com, 1
+samwelek.co.uk, 1
+samwilberforce.com, 1
+samwrigley.co.uk, 1
+samwu.tw, 1
+samxoxo.com, 1
+samy.rip, 1
+samyang.tk, 1
+samystic.com, 1
+san-cassiano.com, 1
+san-genesio.net, 1
+san-leonardo.com, 1
+san-martino.org, 1
+san-vigilio-marebbe.net, 1
+san.tv, 1
+san0j.de, 1
+sana-commerce.com, 1
+sana-store.com, 1
+sana-store.cz, 1
+sana-store.sk, 1
+sanalaile.tk, 1
+sanalikaforum.tk, 1
+sanalturcu.com, 1
+sanandreasstories.com, 0
+sanantoniolocksmithtx.com, 1
+sanapaino.fi, 1
+sanasport.at, 1
+sanasport.be, 1
+sanasport.bg, 1
+sanasport.cz, 1
+sanasport.de, 1
+sanasport.fr, 1
+sanasport.hu, 1
+sanasport.it, 1
+sanasport.pl, 1
+sanasport.si, 1
+sanasport.sk, 1
+sanates.cz, 1
+sanatfilan.com, 0
+sanatori-elochka.tk, 1
+sanatori-teterev.tk, 1
+sanatorii-sverdlovskoy-oblasti.ru, 1
+sanatorionosti.com.ar, 1
+sanatstore.ir, 1
+sanayi.gov.tr, 1
+sanbenitocounty-ca-cre.gov, 1
+sanbernardino.gov, 1
+sanbornteam.com, 1
+sanbs.org.za, 1
+sancaktepehaber.tk, 1
+sanche.org, 1
+sanchez.adv.br, 0
+sancpa.ca, 1
+sancraft.de, 1
+sancta-domenica.hr, 1
+sanctio.tk, 1
+sanctum.geek.nz, 0
+sanctus-de.tk, 1
+sanctus.co.uk, 1
+sand-and-mercury.tk, 1
+sand-bleibt.de, 1
+sand-craft.ml, 1
+sand-stoneinc.com, 1
+sand66.cc, 1
+sand66.com, 1
+sandairephotography.com, 1
+sandbox.i.ng, 1
+sandbox.mydigipass.com, 0
+sandelduggal.com, 1
+sanderdesign.tk, 1
+sanderdorigo.nl, 1
+sanderkoenders.eu, 1
+sanderkoenders.nl, 1
+sanderpoppe.com, 0
+sandersonfarms.com, 1
+sandervanderstap.nl, 1
+sandesh.tk, 1
+sandgatebaysidedental.com.au, 1
+sandiegolemonlawyer.net, 1
+sandiegolifechanging.org, 1
+sandiegoluxuryhomes.org, 1
+sandiegotaxpreparation.com, 1
+sandiegotown.com, 1
+sandipmukherjee.tk, 1
+sandiuno.ml, 1
+sandle.uk, 1
+sandlerpartners.com, 1
+sandmanintel.com, 1
+sandmarc.cz, 1
+sandokan.tk, 1
+sandor.wtf, 1
+sandoval.photography, 1
+sandownpolicenh.gov, 1
+sandpaper.com, 1
+sandr0.tk, 1
+sandra-perlbach.de, 1
+sandrabay.com, 1
+sandrabernardo.com, 1
+sandragortemaker.nl, 1
+sandrainden.nl, 1
+sandraindenfotografie.nl, 1
+sandramargolesmd.com, 1
+sandramorrone.tk, 1
+sandras-hobbystueble.de, 1
+sandrasturm.net, 1
+sandrinesite.tk, 1
+sandrolittke.de, 1
+sandrproperty.com, 1
+sandsclan.tk, 1
+sandspoint.gov, 1
+sandssteelservices.com, 1
+sandstein.de, 1
+sandstroh.network, 1
+sandtears.com, 1
+sandtime.io, 1
+sandtler.moe, 1
+sandton-plumbing.co.za, 1
+sandtonrubbleremovals.co.za, 1
+sanduskycountyoh.gov, 1
+sandwichclub.tk, 1
+sandwichcouncil.tk, 1
+sandwoman.tk, 1
+sandybigboobs.com, 1
+sandybigboobs.net, 1
+sandylanevacations.com, 1
+sandyrobison.org, 1
+sandyrobsonhypnotherapy.co.uk, 1
+sandyvazquez.com, 1
+sanemind.de, 1
+sanetschka.tk, 1
+sanex.ca, 1
+sanf.org, 1
+sanfernando.tk, 1
+sanfranciscotours.org, 1
+sangamonil.gov, 1
+sangen.ml, 1
+sangheon.com, 1
+sangina.eu, 1
+sangiovannilipioni.tk, 1
+sanglierhurlant.fr, 1
+sangoandmiroku.tk, 1
+sangowen.xyz, 1
+sangreytinta.tk, 1
+sangwanbeach.tk, 1
+sangyoui.health, 1
+sanhotel.ml, 1
+sanidadnaval.cl, 1
+sanierungskonzept.pro, 1
+sanificazioni.roma.it, 1
+sanikapandit.com, 1
+sanilaccounty.gov, 1
+sanilactownshipmi.gov, 1
+sanin.gq, 1
+sanitaer-heinze.com, 1
+sanitaer-notdienst-zentrale.de, 1
+sanitairwinkel.be, 1
+sanitairwinkel.com, 1
+sanitairwinkel.nl, 1
+sanitaria.it, 1
+sanitation-planning-tool.herokuapp.com, 1
+sanitix.com, 1
+sanitizinggurus.com, 1
+sanity.host, 1
+sanity.io, 1
+sanitynet.org, 1
+sanityrant.cf, 1
+sanityrant.ml, 1
+sanjab.io, 1
+sanjanaherath.cf, 1
+sanjaymenon.xyz, 1
+sanjosecolorectal.com, 1
+sanjosecostarica.org, 1
+sanjoweb.tk, 1
+sanjuanchamelco.tk, 1
+sanjuancountywa.gov, 1
+sanjuandeabajo.tk, 1
+sanjuandediosburgos.es, 1
+sanketsu.ml, 0
+sanki.tk, 1
+sankt-kassian.com, 1
+sanktannae-advokater.dk, 1
+sanktpetriskole.dk, 1
+sanliurfahaberi.tk, 1
+sanluisdequillota.tk, 1
+sanmarcovecchio.tk, 1
+sanmonjiya-kimono.com, 1
+sanmuding.com, 1
+sanne-content.de, 1
+sannefoltz.com, 1
+sannikfk.gq, 1
+sanodent.com.ua, 1
+sanook69.com, 1
+sanook69s.com, 1
+sanooktiew.com, 0
+sanowski.com, 1
+sanowski.eu, 1
+sanowski.net, 1
+sanpablo.tk, 1
+sanpancrazio.tk, 1
+sanpatigroup-beautysalon.jp, 1
+sanpatigroup-recruit.jp, 1
+sanpatigroup.jp, 1
+sanpatriciocountytx.gov, 1
+sanpham-balea.org, 1
+sanqinyinshi.com.cn, 1
+sanrafaelvigo.org, 1
+sanray73.ru, 1
+sans-hotel.com, 1
+sansairyu-kuyoukai.com, 1
+sansdb.io, 0
+sansdict.ml, 1
+sansgetirsin.com, 1
+sanskrit.pub, 1
+sanskrit.site, 1
+sanskritiyoga.com, 1
+sansonehowell.com, 1
+sansumclinic.org, 1
+santa-fell-from.space, 1
+santabarbaraca.gov, 1
+santacasamarilia.com.br, 1
+santackergaard.nl, 1
+santaclaracounty.gov, 1
+santaclaratx.gov, 1
+santaclarautah.gov, 1
+santaclarita.gov, 1
+santacruzca.gov, 1
+santacruzcountyca.gov, 1
+santacruzgalapagoscruise.com, 1
+santacruzstudio.com.mx, 1
+santafesilversaddlemotel.com, 1
+santafetx.gov, 1
+santaluciatirajana.com, 1
+santamargarita.tk, 1
+santamariadelaisla.tk, 1
+santamariaretreats.co.uk, 1
+santamariaretreats.uk, 1
+santamonicapost123.org, 1
+santander-dojo.com, 1
+santander.com, 0
+santanderassetmanagement.es, 0
+santanderibc.com, 0
+santanderideas.com, 0
+santandertrade.com, 1
+santantonio.tk, 1
+santapace.com.br, 1
+santarosaca.gov, 1
+santarosanm.gov, 1
+santarosasegurapp.gov.co, 1
+santasofiastereo.tk, 1
+santaynezchumash-nsn.gov, 1
+sante-actu.com, 1
+sante-informations.com, 1
+sante.akita.jp, 1
+santegra.tk, 1
+santehnica.ml, 1
+santehnik-dnepr.dp.ua, 1
+santehnik-home.ru, 1
+santehnika-tut.ru, 1
+santekhmarket-nn.ru, 1
+santenatureetcie.com, 0
+santeriabeliefs.com, 1
+santhatela.com.br, 1
+santhoffplumbingco.com, 0
+santhoshveer.com, 1
+santiagogarza.co, 1
+santibanezdetera.tk, 1
+santibz.es, 1
+santillana.com, 1
+santimb.photos, 1
+santippolito-borgo.tk, 1
+santjoandevilassar.tk, 1
+santmark.eu, 1
+santmark.info, 1
+santmark.net, 1
+santmark.org, 1
+santo.fi, 1
+santodelgiorno.it, 1
+santomospb.ru, 1
+santong.tk, 1
+santoscarmelitas.tk, 1
+santosdecordoba.tk, 1
+santoshpandit.com, 1
+santugon.tk, 1
+santv.cc, 0
+sanuk.com, 1
+sanukarlos.tk, 1
+sanweb.info, 1
+sanych-msk.ru, 0
+saojudastadeu.edu.br, 1
+saoneth.pl, 1
+saorsa.fr, 1
+saorsat.com, 1
+saorsat.ie, 1
+saorsat.net, 1
+saorsat.tv, 1
+saorview.com, 1
+saorview.ie, 1
+saorview.net, 1
+saorviewconnect.ie, 1
+saorviewconnected.ie, 1
+sap-inc.co.jp, 1
+sapac.es, 1
+sapafolumuxu.tk, 1
+sapancavillalari.com, 1
+sapaship.ru, 1
+saphead.cn, 1
+saphi.re, 1
+saphnelosavings.com, 1
+sapibatam.com, 0
+sapien-ci.com, 1
+sapien.com, 1
+sapience.com, 1
+sapienml.com, 1
+sapiensecure.io, 0
+sapienz.tk, 1
+sapienza-eclipse.com, 1
+sapienzaconsulting.com, 1
+sapik.hu, 1
+sapiperelining.com.au, 1
+sapling.ai, 1
+saplumbers.com.au, 1
+sapmap01.azurewebsites.net, 1
+sapoghki.tk, 1
+sapphi.st, 1
+sapphic.site, 1
+sapphirebet.com, 1
+sapphireblinds.com.au, 1
+sapphireblue.me, 1
+sapphirecleaningwa.com.au, 1
+sapphirepearl.com.sg, 1
+sapphireservicesga.com, 1
+sapporo-asaichi.com, 1
+sapporo.ga, 1
+sapprendre.ch, 0
+saprima.de, 0
+sapulpaok.gov, 1
+sapulpapd.gov, 1
+sapuseven.com, 1
+saputra.org, 1
+saq.com, 0
+saqara.com, 1
+saracenmarkets.com, 1
+sarae.id, 1
+sarafanchik.tk, 1
+sarafanchiki.tk, 1
+sarafani.tk, 1
+sarafrazan.tk, 1
+sarafshop.tk, 1
+sarah-brown.tk, 1
+sarah-harding.tk, 1
+sarah-jane.nl, 1
+sarah-jones.uk, 1
+sarahbaker.co.nz, 1
+sarahbowling.org, 1
+sarahjaneethan.co.uk, 1
+sarahjaneredmond.com, 1
+sarahlicity.co.uk, 1
+sarahlicity.me.uk, 1
+sarahmakmq.com, 1
+sarahmckenna.ie, 0
+sarahmodel.tk, 1
+sarahneumann.tk, 1
+sarahplusdrei.de, 1
+sarahshabrina.tk, 1
+sarahtamsin.com, 1
+sarahvanessen.tk, 1
+sarahwellington.com, 1
+sarahwikeley.co.uk, 1
+saraleebread.com, 0
+saranamayyappa.tk, 1
+sarand.ch, 0
+saraskins.space, 1
+sarasotadentistry.com, 1
+sarasotaroboticurology.com, 1
+saratogasprings-ut.gov, 1
+saratogawi.gov, 1
+saraton-kasalligi.cf, 1
+saraton-kasalligi.ml, 1
+saraton-kasalligi.tk, 1
+saratov24.tk, 1
+saratovlive.tk, 1
+saratovnews.ml, 1
+saratovtime.tk, 1
+sarayeketabesoti.ir, 1
+sarbarhetsskanning.se, 1
+sarbash.ee, 1
+sarbel.tk, 1
+sarcasmlol.ga, 1
+sarcastic.com.au, 1
+sarcoxiemo.gov, 1
+sard.ro, 1
+sardacompost.it, 1
+sardegnarifiuti.it, 1
+sardegnatirocini.it, 1
+sardine.tk, 1
+sardinhagarcia.pt, 1
+sardinianvillas.co.uk, 1
+sardinianvillas.com, 1
+sardinianvillas.ru, 1
+sardoche.lol, 1
+sarecords.tk, 1
+sareena.org, 1
+sarella.org, 1
+sarems.com, 1
+saresegur.com, 1
+sargar.tk, 1
+sargarmi.tk, 1
+sargenttechnologyservices.com, 1
+sarhua.tk, 1
+saria.fun, 1
+saribunga.id, 1
+sarink.eu, 1
+sarisander.com, 1
+saritas.com.tr, 1
+sarjakuvakauppa.fi, 1
+sarjas.tk, 1
+sarkarinaukriworld.net, 1
+sarkariresultz.in, 1
+sarkazam.ml, 1
+sarkchat.cf, 1
+sarki-sozleri.net, 1
+sarkisianbuilders.com, 1
+sarkom.tk, 1
+sarkvideos.cf, 1
+sarmpel.tk, 1
+sarndipity.com, 1
+sarny.at, 1
+sarogiw.tk, 1
+saropa.com, 1
+sarpsb.org, 1
+sarrworld.com, 1
+sars-cov-2.com, 1
+sarto.roma.it, 1
+sartori.tk, 1
+sartoria.milano.it, 1
+sartoria.roma.it, 1
+sarumtechnologies.com, 1
+sarv.com, 1
+sarvaappstage.com, 1
+sarzamintarh.ir, 1
+sas-snowboarding.sk, 1
+sasakala.tk, 1
+sasapost.co, 1
+sasazono.com, 1
+sascha-brockel.de, 1
+sascha.io, 1
+sascha.is, 1
+saschabruemmer.de, 1
+saschaeggenberger.ch, 1
+saschaeggenberger.com, 1
+sascorp.co.uk, 1
+sascorp.es, 1
+sash.pw, 1
+sashabognibov.tk, 1
+sashaclothing.tk, 1
+sashakrasnoyarsk.tk, 1
+sashascollections.com, 1
+sashka.com.ua, 1
+sashleighaust.com, 1
+sasioglu.co.uk, 1
+saskiacreations.nl, 1
+saskiadhont.be, 1
+saskialund.de, 1
+sasrobotics.xyz, 1
+sasroli.tk, 1
+sassyporkchop.com, 1
+sastamalandemarit.fi, 1
+sastd.com, 1
+sasyabapi.com, 1
+sat-kw.net, 1
+sat-p.tk, 1
+sat4all.com, 1
+sata-group.com, 1
+satai.dk, 1
+satal.in, 1
+satangcorp.com, 1
+satania.moe, 1
+satanindito.tk, 1
+satanspowers.tk, 1
+satario.vn, 1
+satat.cf, 1
+satat.tk, 1
+sataturf.com, 1
+sateahafreedi.com, 1
+sateallia.org, 1
+satelital.tk, 1
+satellights.tk, 1
+satellite-equipment.tk, 1
+satellite-shop.tk, 1
+satellite-top.com, 1
+satellitebeach.gov, 1
+satellites.hopto.me, 1
+satellitetelevision.tk, 1
+satellitetv-deal.com, 1
+satellitetv.tk, 1
+satheeshsbennet.tk, 1
+satimagingcorp.com, 1
+satindolls.tk, 1
+satinn.pl, 1
+satirelabs.com, 1
+satisfaction.su, 1
+satisfactory-calculator.com, 1
+satismeter.com, 1
+satisperfectacollections.com, 1
+satistemsilcileri.com, 1
+sativatunja.com, 1
+satl-lelystad.nl, 1
+satlantis.tk, 1
+satmd.de, 1
+sato-legaloffice.jp, 1
+satopletova.cz, 1
+satoshilabs.com, 1
+satoshinumbers.com, 1
+satowa-network.eu, 1
+satpersian.tk, 1
+satplay.host, 1
+satradio.tk, 1
+satramana.org, 1
+satselect.tk, 1
+satserwis.xyz, 1
+satsukii.moe, 1
+satsumi.tk, 1
+satta-company.tk, 1
+sattamatka420.mobi, 0
+sattaresult.in, 1
+sattaresult.net, 1
+sattaresult.net.in, 1
+saturday.kiwi, 1
+saturdayenterprises.ga, 1
+saturn-test.network, 1
+saturne.tk, 1
+saturnjump.com, 1
+saturnus.consulting, 1
+satvasolutions.com, 1
+satwcomic.com, 1
+satyamshivamsundaram.in, 1
+sauber-lab.com, 1
+saubermacher.at, 1
+saubooks.tk, 1
+saucelabs.com, 1
+saudecoluna.com, 1
+saudedigitalnews.com.br, 1
+saudeintimadamulher.com.br, 1
+saudenoclique.com.br, 1
+saudiembassy.net, 1
+saudiglasses.com, 1
+saudinews.ml, 1
+saue.edu.ee, 1
+sauenytt.no, 1
+sauerbrey.eu, 1
+sauerland-rundflug.de, 1
+sauerland-schnittgruen.de, 1
+sauerwetter.tk, 1
+saugatucktownshipmi.gov, 1
+saulchristie.com, 1
+saulsplace.com, 0
+saulsplacehealth.com, 1
+saulsplacewebdesign.com, 1
+saultdefencelaw.ca, 1
+saulvanderbijl.com, 1
+sauna-acties.nl, 1
+saunaempire.lt, 1
+saunafahrten.ch, 1
+saunahats.eu, 1
+saunas.fr, 1
+saunatime.jp, 1
+saunavoordeel.nl, 1
+saurel.me, 1
+saurusly.com, 1
+sauseng.eu, 1
+sauthon.com, 0
+sauvagebridge.nl, 1
+sauve-tes-euros.com, 1
+savaari.com, 1
+savage-harmony.tk, 1
+savagecore.eu, 1
+savanna.io, 1
+savanna.vn.ua, 1
+savannahhappycats.com, 1
+savannapro.vn.ua, 1
+savant-dagen.nl, 1
+savantcare.com, 1
+savatha.tk, 1
+savbus.com, 1
+savbus.net, 1
+savbus.ws, 1
+savchenko.net, 1
+savconventioncenter.com, 1
+savcurv.com, 1
+save-me-aachen.de, 1
+save-me-aachen.eu, 1
+save-me-koeln.de, 1
+save.ch, 1
+save.gov, 1
+saveaward.gov, 1
+savebees.org, 1
+savebt.net, 1
+savedana.tk, 1
+savejonasquinn.tk, 1
+savemyexams.co.uk, 1
+savemylicence.co.uk, 1
+saveolga.tk, 1
+saveoney.ca, 1
+saveora.com, 1
+saveora.shop, 1
+savesilvercreek.com, 1
+savesilvercreek.org, 1
+savesmart.be, 1
+savestatecentral.tk, 1
+savesubs.com, 1
+savetech.tk, 1
+savethedogfishfoundation.org, 1
+savetheinternet.eu, 1
+savetomp3.net, 1
+saveusfromavril.tk, 1
+savewildcats.eu, 1
+savewildcats.foundation, 1
+savewildcats.life, 1
+savewithupgrade.com, 1
+saveworldpets.ga, 1
+saveyourhouse.tk, 1
+saveyourinternet.eu, 1
+savicki.co.uk, 1
+savicki.cz, 1
+savicki.sk, 1
+savilleassessment.com, 1
+savin.ga, 1
+savinggoliath.com, 1
+savingmoses.org, 1
+savingsbondwizard.gov, 1
+savingsoftheyear.com, 1
+savingtails.org, 1
+savitar.guide, 1
+saviynt.com, 1
+savoir.ga, 1
+savonlinnatrujillo.tk, 1
+savonsuuntaporaus.fi, 1
+savoryandpartners.com, 1
+savransafari.com, 1
+savushkin.tk, 1
+savvycleaner.com, 1
+savvydevelopment.com, 1
+savvystagingaz.com, 1
+sawanonlinebookstore.com, 1
+sawansasaram.ml, 1
+sawiday.at, 1
+sawiday.be, 1
+sawiday.com, 0
+sawiday.cz, 1
+sawiday.de, 1
+sawiday.es, 1
+sawiday.fi, 1
+sawiday.fr, 1
+sawiday.it, 1
+sawiday.nl, 1
+sawiday.pl, 1
+sawiday.se, 1
+sawikowscy.eu, 1
+sawikowscy.pl, 1
+sawpa.gov, 1
+saxeandthecity.com, 1
+saxifrageleather.com, 1
+saxis.dk, 1
+saxobroko.com, 1
+saxobroko.ga, 1
+saxobroko.gq, 1
+saxocon.com, 1
+saxojoe.co.uk, 1
+saxojoe.de, 1
+saxol-group.com, 1
+saxoncreative.com, 1
+saxophone.tk, 1
+saxotrader.com, 1
+saxynele.tk, 1
+say-it-loud.com, 1
+sayany.tk, 1
+saybecraft.ru, 1
+saybrus.partners, 1
+saydj.tk, 1
+sayednidhalphoto.tk, 1
+sayeghonline.com, 0
+sayehsazan.ir, 1
+sayers.group, 0
+sayfa.istanbul, 1
+sayfr.com, 0
+sayhanabi.eu.org, 1
+sayhi.com, 1
+sayhuahuo.net, 1
+sayhuahuo.xyz, 1
+sayingimages.com, 1
+sayiw.com, 1
+sayprepay.com, 1
+sayura.net, 1
+sayver22.com, 1
+saz-it.de, 1
+saz.sh, 1
+saz9001.com, 1
+saznworld.com, 1
+sazuz.cz, 1
+sb-graph.com, 1
+sb-group.dk, 1
+sb-sd.org, 1
+sb-webdev.de, 1
+sb.ax, 1
+sb.im, 1
+sb.sb, 1
+sb0.io, 1
+sba4u.com, 1
+sba7a.loans, 1
+sbabeshin.tk, 1
+sbacorporation.it, 1
+sbanken.no, 1
+sbankendnb.no, 1
+sbaten.nl, 1
+sbblog.cn, 1
+sbbz-bad-wurzach.de, 1
+sbcalitagtag.edu.ph, 1
+sbcargo.com, 1
+sbcbatangas.edu.ph, 1
+sbcgloballogin.com, 1
+sbcmedia.nl, 1
+sbcountyarc.gov, 1
+sbcountyatc.gov, 1
+sbcountywines.com, 1
+sbeech.uk, 0
+sbequineevac.org, 1
+sber-solutions.kz, 1
+sber-solutions.ru, 1
+sber.games, 1
+sberanalytics.ru, 1
+sberbank.ch, 1
+sbercity.ru, 1
+sbercontactmonitoring.ru, 1
+sbermobile.ru, 1
+sberna-fotofast.cz, 1
+sbestimes.com, 1
+sbettoken.org, 1
+sbf888.com, 1
+sbgcred.com, 1
+sbhscotland.org.uk, 1
+sbiewald.de, 1
+sbin.pt, 1
+sbir.gov, 0
+sbirwot.xyz, 1
+sbl250.com, 1
+sbli.com, 1
+sbm.cloud, 1
+sbm.org.tr, 1
+sbmenedzsment.hu, 1
+sbmsite.cf, 1
+sbmsite.ml, 1
+sbmsitelist.ml, 1
+sbmsitelist.tk, 1
+sbmsmartaccounting.co.uk, 1
+sbmt.cc, 1
+sbo.no, 1
+sbodewissel.tk, 1
+sborka.ml, 1
+sbpk.fr, 1
+sbpropman.co.uk, 1
+sbrc.gov, 1
+sbrouwer.org, 1
+sbrownbourne.com, 0
+sbsavings.bank, 1
+sbscyber.com, 1
+sbspp.ru, 1
+sbsrv.ml, 1
+sbssoft.ru, 1
+sbst.gov, 1
+sbstattoo.com, 1
+sby-tampere.tk, 1
+sc-artworks.co.uk, 0
+sc019.com, 1
+sc2labs.com, 1
+sc2pte.eu, 1
+sc5.jp, 1
+scaarus.com, 1
+scadanews.net, 1
+scaffalature.roma.it, 1
+scaffoldhiremidrand.co.za, 1
+scaffoldhirerandburg.co.za, 1
+scaffoldhiresandton.co.za, 1
+scaffoldingsandton.co.za, 1
+scag9.com, 1
+scai.org, 1
+scala.click, 1
+scalafactory.io, 1
+scalaire.com, 1
+scalaire.fr, 1
+scale.at, 1
+scale.milano.it, 1
+scale.roma.it, 1
+scalecalculation.ml, 1
+scaledge.com, 1
+scalemodeling.tk, 1
+scalesbiolab.com, 1
+scaleskun.com, 1
+scaligerorooms.it, 1
+scaling.solutions, 0
+scalive.tv, 1
+scallyboy.uk, 1
+scallywagsbouncycastles.co.uk, 1
+scallywagskids.co.uk, 1
+scalpel.com, 1
+scalr.io, 1
+scamadviser.com, 1
+scamangels.com, 1
+scambistimaturi.com, 1
+scamblockplus.org, 1
+scamwatch.gov.au, 1
+scan.co.uk, 1
+scan.computer, 1
+scanamed.tk, 1
+scanbetting.ga, 1
+scandalindo.ml, 1
+scandalpunk.tk, 1
+scandata.cf, 1
+scandata.tk, 1
+scandesk.com, 1
+scandinavia.ga, 1
+scandinaviancorner.tk, 1
+scandiweb.com, 1
+scaner.ga, 1
+scangeo.net, 1
+scanigma.com, 1
+scanmailx.com, 1
+scanmy.email, 1
+scanningpens.ca, 1
+scanningpens.co.uk, 1
+scanningpens.com, 1
+scanningpens.com.au, 1
+scanpay.dk, 1
+scanprice.us, 1
+scansnus.com, 1
+scantrics.io, 1
+scanutracker.com, 1
+scanyachat.cf, 1
+scapin.dk, 1
+scapp9565.xyz, 1
+scappoose.gov, 1
+scappoosebay-wc.org, 1
+scarabcoder.com, 1
+scaracloud.ddns.net, 1
+scarafaggio.it, 1
+scarboroughscrapcars.com, 1
+scarboroughtec.ac.uk, 1
+scardracs.blog, 1
+scarecrow-cn.com, 1
+scaricamusica.tk, 1
+scarinex.tk, 1
+scarsviewchrysler.com, 1
+scaryghost.tk, 1
+scatdhhs.gov, 1
+scatgirls.net, 1
+scatsbouncingcastles.ie, 1
+scatterd.im, 1
+scatteredcode.net, 1
+scatters.com, 1
+scatterscasino.com, 1
+scavalentenx.duckdns.org, 1
+scavenged.ga, 1
+scbdh.org, 1
+scbodner.com, 1
+sccd.co.uk, 1
+sccoaching.io, 1
+scde.ventures, 1
+scdmx.de, 1
+scdn.us, 1
+sceenfox.de, 1
+scejournals.org, 1
+scenadex.ga, 1
+scenari.eu, 1
+scenari.ovh, 1
+scenarp.pl, 1
+scenastu.pl, 1
+scene.mx, 1
+scenefense.tk, 1
+scenester.tv, 1
+scenetv.ga, 1
+scenicbyways.info, 1
+scentiche.com, 1
+scepticism.com, 1
+scers.gov, 1
+scevity.com, 0
+scfpensante.ca, 1
+scfssp.it, 1
+sch44r0n.de, 1
+schaafenstrasse.koeln, 1
+schachburg.de, 1
+schachingerfilm.at, 1
+schadehulpservice.nl, 1
+schaedlingsbekaempfung.tk, 1
+schaerding-innovativ.at, 1
+schafspieker.ddnsking.com, 0
+schallert.com, 0
+schambereich.org, 1
+schamlosharmlos.de, 1
+schampaert.com, 1
+schaper-sport.com, 1
+schastie.ml, 1
+schat.top, 1
+schatderer.com, 1
+schatderer.xyz, 1
+schattenwoelfe.tk, 1
+schatzibaers.de, 1
+schauergroup.com, 1
+schaumburg-dachundwand.de, 1
+schaumburgil.gov, 1
+schauraum.tk, 1
+schauspielbuehnen.de, 1
+schausteller.de, 1
+schawe.me, 1
+schbebtv.fr, 1
+schdata.de, 1
+scheervergelijker.nl, 1
+schefczyk.com, 1
+schefczyk.de, 1
+schefczyk.eu, 1
+schefczyk.net, 1
+schefer-mietstapler.de, 1
+scheidegger-kaesealpe.de, 1
+scheidingspuntlansingerland.nl, 1
+scheinerhaus.at, 1
+scheinlichter.de, 1
+schekino.ru, 1
+scheldestromen.nl, 1
+schelkovo.tk, 1
+schella.network, 1
+schellebelle.tk, 1
+schellenberg-web.de, 1
+schellenberg.ac, 1
+schellevis.net, 0
+schemingmind.com, 1
+schenectadycountyny.gov, 1
+schenkel.eti.br, 1
+schenkel.tk, 1
+schenkes.de, 0
+scherfke.de, 1
+schermen-en.nl, 1
+schermkapot.nl, 1
+schertztx.gov, 1
+scheuchenstuel.at, 1
+schgroup.com, 1
+schiau.co, 1
+schiavaonei.tk, 1
+schiavidiabruzzo.tk, 1
+schickert.org, 1
+schicksal.com, 1
+schiedelkonfigurator.hu, 1
+schielandendekrimpenerwaard.nl, 1
+schier.info, 1
+schil.li, 1
+schildbach.de, 1
+schiltron.tk, 1
+schimmel-test.info, 1
+schimmelnagelspecialist.nl, 0
+schindler.com, 1
+schinkelplatz.com, 1
+schipholwatch.nl, 1
+schipholwatch.org, 1
+schippendale.de, 1
+schiriportal.ch, 1
+schirmer.io, 1
+schittscreek.shop, 1
+schizoid.tk, 1
+schizoids.net, 1
+schizomatrix.cf, 1
+schizomatrix.tk, 1
+schlachter.ca, 1
+schlafteq.com, 1
+schlagenhauf.info, 0
+schlager.de, 1
+schlagma.de, 1
+schlagzeug-lernen.com, 1
+schlappmoebel.de, 1
+schlarb.eu, 1
+schlechtewitze.com, 1
+schleifenbaum.org, 1
+schlitzbergers.com, 1
+schlopolis.tk, 1
+schloss-gottorf.de, 1
+schloss-wackerbarth.de, 1
+schlossanger.de, 1
+schlossberg-hotel-wernigerode.de, 1
+schlossfuchs.de, 1
+schlouk-map.com, 1
+schluderns.org, 1
+schluesseldienst-hannover24.de, 1
+schluesseldienst-haymov.de, 1
+schluesseldienstzentrum.de, 1
+schmaeh-coaching.ch, 1
+schmatloch.cloud, 1
+schmelzle.io, 1
+schmidt-fri.de, 1
+schmidt-friesoythe.de, 1
+schmiedbauergut.at, 1
+schmiedecorp.com, 1
+schmiggywibblits.net, 1
+schmitt-etienne.fr, 1
+schmitt-max.com, 1
+schmitt.ws, 0
+schmitzvertalingen.nl, 1
+schnalstal.info, 1
+schnapke.name, 1
+schnapsverein.ddns.net, 1
+schnaube.de, 1
+schnauzer-dogs.com, 1
+schneckenhilfe.de, 0
+schnegg.name, 0
+schneider-dresden.de, 1
+schneider-romania.ro, 1
+schneider.co.il, 1
+schneidr.de, 0
+schneids.me, 1
+schnellno.de, 1
+schnippering.com, 1
+schnism.net, 1
+schnitzel-und-co.de, 1
+schnouki.net, 1
+schnuckenhof-wesseloh.de, 1
+schnyder-werbung.ch, 0
+schody-rozycki.pl, 1
+schoenstatt-fathers.link, 1
+schoenstatt.link, 1
+schoepski.de, 1
+schoffelcountry.com, 1
+schoknecht.net, 1
+schoknecht.one, 1
+schoko-ferien.de, 0
+schokobebe.net, 1
+schokoferien.de, 0
+schokokeks.org, 1
+scholar.group, 0
+scholar.pk, 1
+scholar.site, 0
+scholarbaze.cf, 1
+scholarchip.com, 1
+scholarconnect.com, 1
+scholareducation.tk, 1
+scholarly.com.ph, 1
+scholarly.ph, 1
+scholarnet.cn, 1
+scholars-societas.org, 1
+scholarsclub.club, 1
+scholarships.ga, 1
+scholarships.link, 1
+scholding.ru, 1
+scholenlijst.tk, 1
+scholenprogrammagroningen.nl, 1
+scholi.org, 1
+scholieren.com, 1
+scholingua.com, 1
+schollbox.de, 0
+scholledev.com, 1
+scholohost.tk, 1
+scholtensupport.nl, 1
+scholz-kallies.de, 1
+schonstedt.com, 1
+schont.org, 1
+school-22.tk, 1
+school-27-lpr.tk, 1
+school-33.tk, 1
+school-adventures.tk, 1
+school-counselor.org, 1
+school-id.co.uk, 1
+school-korfbal.nl, 1
+school-project.tk, 1
+school-psychologists.com, 1
+school-register.co.za, 1
+school.in.th, 1
+school16-tob.tk, 1
+school173.tk, 1
+school32.tk, 1
+school43.tk, 1
+school91.ml, 1
+schoolantwoorden.tk, 1
+schoolbag.gq, 1
+schoolbag.ml, 1
+schoolbag.tk, 1
+schoolbytes.com.au, 1
+schoolbytes.education, 1
+schoolcafe.com, 1
+schoolcash.net, 1
+schoolcashonline.com, 1
+schoolcrafttownshipmi.gov, 1
+schooldatasquad.com, 1
+schooldismissalmanager.com, 1
+schooleducationharyana.gov.in, 1
+schoolheads.ph, 1
+schoolhouse.world, 1
+schooli.io, 1
+schoolofequineshiatsu.com, 1
+schoolofphilosophy.org.au, 1
+schoolroom.ga, 1
+schoolrumble.tk, 1
+schoolsafety.gov, 1
+schoolshow.nl, 1
+schoolsonice.nl, 1
+schooltransport.com.au, 1
+schooluniform.com.au, 1
+schoonheidssalon-annelies-santpoort.nl, 1
+schoonheidssalon-annelies-velserbroek.nl, 1
+schoonheym.com, 1
+schoonheym.nl, 1
+schoop.me, 1
+schopenhauer-institut.de, 1
+schorel.eu, 1
+schorel.ovh, 1
+schorelweb.nl, 1
+schorers.org, 1
+schorle.wine, 1
+schottenland.de, 1
+schottlandtaxi.de, 1
+schoutenseo.com, 1
+schrauber.tk, 1
+schrauger.com, 1
+schrauger.info, 1
+schrauger.net, 1
+schrauger.org, 1
+schrauger.run, 1
+schraugerrun.com, 1
+schreibers.ca, 1
+schreilechner.tk, 1
+schreinerei-jahreis.de, 1
+schreinerei-schweikl.de, 1
+schreinerei-schwenk.com, 0
+schreinert.com, 1
+schrijnwerkerij-deconinck.be, 1
+schrijnwerkerij-deconinck.com, 1
+schrijverspunt.nl, 1
+schritt4fit.de, 1
+schroderusa.cf, 1
+schrodingersscat.com, 1
+schrodingersscat.org, 1
+schroeder-immobilien-sundern.de, 1
+schroederdennis.de, 1
+schroepfi.de, 0
+schroettle.com, 1
+schrok.eu, 1
+schrolm.de, 1
+schsrch.org, 1
+schtiehve.duckdns.org, 1
+schu.be, 1
+schubertgmbh-ingelheim.de, 1
+schubertnest.at, 1
+schuelerzeitung-ideenlos.de, 1
+schuermannhof.de, 1
+schuetzen-ehrenbreitstein.de, 1
+schuetzenverein-schwanfeld.de, 1
+schuhbeck.tk, 1
+schuhbedarf.de, 1
+schuhfits.com, 1
+schuhwelt.de, 1
+schuhzoo.de, 1
+schulden.tk, 1
+schulderinsky.de, 1
+schule.wtf, 0
+schuler.st, 1
+schulferien.org, 1
+schulhomepage.de, 1
+schulid.de, 1
+schull.ch, 0
+schum.world, 0
+schuman.tk, 1
+schumanandmonnet.eu, 1
+schummar.de, 0
+schunako.ch, 1
+schupp.io, 1
+schutte.tk, 1
+schutterij-sintsebastianus-eys.tk, 1
+schutterijschinveld.nl, 0
+schutz-vor-schmutz.de, 1
+schutzkoffer-profilampen.at, 1
+schutznetze24.de, 1
+schutzwerk.com, 1
+schuurmanopleidingen.nl, 1
+schuylercountyil.gov, 1
+schuylercountyny.gov, 1
+schuylerne.gov, 1
+schuylkillcountypa.gov, 1
+schwabenhaus-ka.de, 1
+schwan-gestaltung.de, 1
+schwano-dent.at, 1
+schwartinsky24.de, 1
+schwartz.pro, 1
+schwarz-gelbe-fuechse.de, 1
+schwarzegar.de, 1
+schwarzenberg.tk, 1
+schwarzes-muenchen.de, 1
+schwarztrade.cz, 1
+schwarzwaelder-schinken-verband.de, 1
+schwarzwald-flirt.de, 1
+schwedischezahnaerztin.com, 1
+schwedischezahnaerztin.de, 1
+schweingehabt.expert, 1
+schweiz-sextreffen.ch, 1
+schweizerbanken.tk, 1
+schweizers-restaurant.de, 1
+schwerkraftlabor.de, 1
+schwertkriege.de, 1
+schwienbacher-karl.it, 1
+schwifty.cloud, 1
+schwiha.de, 1
+schwimmschule-kleine-fische.de, 1
+schwinabart.com, 1
+schwingen.net, 1
+schwinger.me, 1
+schwinnbike.ru, 1
+schworak.com, 1
+sci-internet.tk, 1
+sciagebeton.net, 1
+sciartel.ru, 1
+scias.com, 1
+scib.tk, 1
+sciburg.com, 1
+sciclubappiano.it, 1
+scicollege.org.sg, 1
+scicomm.xyz, 1
+science-questions.org, 1
+science-texts.de, 1
+science.gov, 1
+science360.gov, 1
+science4fun.info, 1
+scienceasfashion.ga, 1
+sciencebase.gov, 1
+sciencedaily.com, 1
+scienceeducation.tk, 1
+scienceeurope.org, 1
+scienceforhealth.eu, 1
+scienceminnesota.com, 1
+sciencemonster.co.uk, 1
+sciencenews.gq, 1
+scienceofpeople.com, 0
+sciencequality.tk, 1
+sciences-world.com, 1
+scienceschool.ml, 1
+sciencesolutions.eu, 1
+sciencetechworld.tk, 1
+sciencetoymaker.org, 1
+sciencetram.tk, 1
+scienceweb.tk, 1
+sciencex.com, 1
+sciencexpo.org.za, 1
+scientia.ga, 1
+scientific-editing.info, 1
+scientific-socialism.cf, 1
+scientific-socialism.ga, 1
+scientific-socialism.ml, 1
+scientificdev.net, 1
+scif.com, 1
+scifplus.com, 1
+scifsafe.com, 1
+scigov.xyz, 1
+sciinc.com, 1
+scijinks.gov, 1
+scindustries.it, 1
+scintillating.stream, 1
+scionasset.com, 0
+sciooregon.gov, 1
+sciotoarts.com, 1
+sciototownship-oh.gov, 1
+scip.ch, 1
+scislowcy.pl, 1
+scisoltd.com, 1
+scit-nsn.gov, 1
+scitheory.com, 1
+scitopia.me, 1
+scituateri.gov, 1
+scity88.com, 1
+scjc-bridge.fr, 1
+sckc.stream, 1
+sclasupplychain.com, 1
+sclause.net, 1
+scloud.link, 1
+sclsnglssttldwn.com, 1
+sclub7esp.tk, 1
+scm-2017.org, 1
+scmestetic.pl, 1
+scms.com.my, 1
+scn9a.com, 1
+scnow.com, 1
+scoaladewebsiteuri.ro, 1
+scoebg.org, 1
+scoffable.com, 1
+scola.id, 1
+scolacdn.com, 1
+scolago.com, 1
+scoliosisinstitute.com, 1
+scom.org.uk, 1
+scommessalegale.com, 1
+scommessenonaams.com, 1
+sconecloud.com, 1
+scontomio.com, 1
+scooby.ml, 1
+scoolcode.com, 1
+scoolio.de, 1
+scoop6.co.uk, 1
+scoopcake.com, 1
+scoopcanada.com, 0
+scoopgh.com, 1
+scooply.org, 1
+scootaloo.co.uk, 1
+scootarama.com, 1
+scooterinaustralia.tk, 1
+scootermalagarental.com, 1
+scooterproducten.com, 1
+scootersbonaire.com, 1
+scooterservis.com, 1
+scootertechnofrance.tk, 1
+scope.studio, 1
+scopea.fr, 0
+scopechart.com, 1
+scopeglass.com.au, 1
+scopethree.org, 1
+scopus.tk, 1
+scorb.com.br, 1
+scorchers.tk, 1
+scorebet24.com, 1
+scoresense.com, 1
+scoro.com, 1
+scorobudem.ru, 1
+scorpia.co.uk, 1
+scorpiomarine.co.in, 1
+scorpioncomputers.nl, 1
+scorpiongames.tk, 1
+scorpions-realm.tk, 1
+scorpions.tk, 1
+scorpiotankers.com, 1
+scotbirchfield.com, 1
+scothauscounseling.com, 1
+scotiabank.ca, 1
+scotlandinaweek.com, 1
+scotlandrun.com, 1
+scott-lacy.com, 1
+scott-smith.us, 1
+scott.cm, 1
+scott.st, 1
+scott.today, 1
+scottainslie.me.uk, 1
+scottandtammy.com, 1
+scottashley.tk, 1
+scottbot.tk, 1
+scottbroad.com.au, 1
+scottcoil.gov, 1
+scottcountyva.gov, 1
+scottdayman.com, 1
+scottech.com.au, 1
+scottgalvin.com, 1
+scotthelme.co.uk, 1
+scotthelmesucks.com, 1
+scottipc.com, 1
+scottish-paranormal.tk, 1
+scottishcca.co.uk, 1
+scottishcu.org, 1
+scottishseniorsgolf.com, 1
+scottjbeigelmemorialfund.com, 1
+scottlanderkingman.com, 1
+scottmay.id.au, 1
+scottniven.tk, 1
+scottpilgrim.tk, 1
+scottrae.me.uk, 1
+scottsbluffcountyne.gov, 1
+scottsboropdal.gov, 1
+scottsdaleaz.gov, 1
+scottseditaacting.com, 1
+scottsfreightshipping.com, 1
+scottshorter.com.au, 1
+scottspainting.com, 1
+scottsvalley.gov, 1
+scottsvilleva.gov, 1
+scottymiller.au, 1
+scottyspot.tk, 1
+scounter.tk, 1
+scour.cc, 1
+scoure.de, 1
+scourgesofcarpathia.tk, 1
+scout-korting.tk, 1
+scout.org, 1
+scoutconcept.com, 1
+scouteridano.tk, 1
+scouting-kontiki.nl, 1
+scoutingeijsdenonline.tk, 1
+scoutingkontiki.nl, 1
+scoutingmeerhoven.nl, 1
+scoutingridderkerk.nl, 1
+scoutingtungelroy.nl, 1
+scoutingvilsteren.tk, 1
+scoutnation.tk, 1
+scoutnet.de, 1
+scoutreinosa.tk, 1
+scoutsanbartolome.tk, 1
+scoutsanpieropatti.tk, 1
+scoutsdeldesierto.tk, 1
+scoutwired.org, 1
+scp-rustenholz-trens.notaires.fr, 1
+scp500.com, 1
+scpe.eu.org, 1
+scphotography.co.uk, 1
+scpidcard.com, 1
+scpocahontas.nl, 1
+scpower.sg, 1
+scpricope.com, 1
+scpsecretlab.com, 1
+scpsecretlab.pl, 1
+scpsecretlaboratory.com, 1
+scpsl.ru, 1
+scpslgame.com, 1
+scqpw.com, 1
+scra.gov, 1
+scrabble-solver.com, 1
+scrabblecheat.com, 1
+scrabbleonline.nl, 1
+scrambled.online, 1
+scramsoft.com, 1
+scrantonmma.com, 1
+scrap-car-removal.ca, 1
+scrap.photos, 1
+scrap.tf, 1
+scrapbookdecorations.ga, 1
+scrapcarbrampton.ca, 1
+scrapcars.net.au, 1
+scrapfly.io, 1
+scrapmartine.tk, 1
+scrapmycarperth.com.au, 0
+scrapticket.jp, 1
+scratch-ppp.jp, 1
+scratchbot.tk, 1
+scratchzeeland.nl, 1
+scrawn.net, 1
+scrayos.net, 1
+scrc.gov, 1
+screamager.tk, 1
+screamingrooster.co.nz, 1
+scredible.com, 0
+screefox.de, 1
+screen-fox.de, 1
+screen64.tk, 1
+screenart.tv, 0
+screenfax.de, 1
+screenfox.eu, 1
+screenfox.info, 1
+screenfox.net, 1
+screeningmaster.jp, 1
+screeningxchange.com, 1
+screenmachine.com, 1
+screenpublisher.com, 1
+screenrant.com, 1
+screentimelabs.com, 1
+screenwalker.de, 1
+screenwriter.tk, 1
+screenzy.io, 1
+screvencosheriffga.gov, 1
+screvencountyga.gov, 1
+scribblefun.com, 1
+scribbler.tk, 1
+scribd.com, 1
+scriber.to, 1
+scributors.com, 1
+scripo-bay.com, 1
+script-sign.com, 1
+script.google.com, 1
+scriptamanent.org, 1
+scripter.co, 1
+scriptgates.ru, 0
+scripthost.org, 1
+scriptjunkie.us, 1
+scriptline.ga, 1
+scriptmaker.tk, 1
+scriptnav.com, 1
+scriptolab.com, 1
+scriptomania.tk, 1
+scriptrock.com, 1
+scriptsrus.tk, 1
+scripty.org, 0
+scrod.me, 1
+scroll-to-top-button.com, 1
+scroollocker.tk, 1
+scrot.de, 1
+scruffy.ga, 1
+scruffymen.com, 1
+scrum.org, 1
+scrumplex.net, 1
+scrumplex.rocks, 1
+scrumpus.com, 1
+scrumstack.co.uk, 1
+scrutinizer.com, 1
+scryfall.com, 1
+scsd.si, 1
+scservis.cz, 1
+scsprotect.com, 1
+scstg.net, 1
+sctfpa.gov, 1
+sctiger.me, 1
+sctiger.men, 1
+sctiger.ml, 1
+sctm.at, 1
+sctrainingllc.com, 1
+scubadavediving.com, 1
+scubadiving-phuket.com, 1
+scubahirefiji.com, 1
+scubaland.hu, 1
+scul.net, 1
+sculptaestheticsclinic.co.uk, 1
+sculpteo.com, 1
+sculpture.support, 1
+sculpturesworldwide.tk, 1
+scunthorpemoneyman.com, 1
+scuolaguidalame.ch, 0
+scuolamazzini.livorno.it, 1
+scuolaparentalesanpancrazio.it, 1
+scurtam.tk, 1
+scuspd.gov, 1
+scuters.club, 1
+scvilareal.tk, 1
+scvotes.gov, 1
+scw.nz, 1
+scwildflours.com, 1
+scwilliams.co.uk, 1
+scwilliams.uk, 1
+scwind.com, 1
+scylla.live, 1
+scytart.xyz, 1
+scytl.com, 0
+sd.af, 1
+sd.ax, 1
+sd44.ca, 1
+sdaniel55.com, 1
+sdarcc.gov, 1
+sdarot.tw, 1
+sdbehavioralhealth.gov, 1
+sdcapp.in, 1
+sdcardrecovery.de, 1
+sdebitati.it, 1
+sdesam.ru, 1
+sdeu.fr, 1
+sdfamilycare.org, 1
+sdgllc.com, 1
+sdgrait.tech, 1
+sdguitdagingen.be, 1
+sdguitdagingen.gent, 1
+sdhb.cz, 1
+sdhblatnice.cz, 1
+sdhblatnice.eu, 1
+sdhcounselling.co.uk, 1
+sdho.org, 1
+sdipolanight.co.uk, 1
+sdis-trib.fr, 1
+sdkco.net, 1
+sdn.cz, 1
+sdn3wonocoyo.sch.id, 1
+sdns.fr, 1
+sdns.io, 1
+sdocast.com, 1
+sdp-grupopit.com, 1
+sdp.training, 1
+sdphoto.com.au, 1
+sdpokieswiry.ga, 1
+sdpokieswiry.tk, 1
+sdruzeniprovltavu.cz, 1
+sdsi.us, 1
+sdsite.tk, 1
+sdsmanagement.me, 0
+sdsmt.engineering, 1
+sduconnect.nl, 0
+sdut.gq, 1
+sdvx.net, 0
+sdxcentral.com, 1
+sdyzmun.club, 1
+se-booster.com, 1
+se-center.pl, 1
+se-live.org, 1
+se-theories.org, 1
+se.au, 1
+se.com, 1
+se.gg, 1
+se.search.yahoo.com, 0
+se2.com, 1
+sea-airinternational.tk, 1
+sea-godzilla.com, 1
+sea.zapto.org, 1
+seabooty.com, 1
+seaborn.top, 0
+seachef.it, 1
+seadrive.cc, 1
+seadus.ee, 1
+seaelba.com, 1
+seagulls-luebeck.de, 1
+seahaweb.org, 1
+seaif.org, 1
+seal-tite.eu, 1
+sealandair.fr, 1
+sealart.pl, 1
+sealaw.com, 1
+sealbaker.com, 1
+sealoffantasy.de, 1
+sealtitebasement.com, 1
+sealvault.org, 1
+seamac.info, 1
+seamester.com, 1
+seamoo.se, 1
+seamus.party, 1
+sean-wright.com, 1
+sean.scot, 1
+seanbright.com, 1
+seanbright.info, 1
+seanbright.net, 1
+seanchaidh.org, 1
+seanchristian.tk, 1
+seancody.com, 1
+seancodynetwork.com, 1
+seandawson.info, 1
+seanholcroft.co.uk, 1
+seankilgarriff.com, 0
+seanmeedevworld.com, 1
+seanrodda.com, 1
+seanstaffiery.com, 1
+seaoftime.tk, 1
+seaplayhomes.com, 1
+seaportfish.com, 1
+seara-staging.net, 1
+searacon.nl, 1
+searafoodsolutions.com.br, 1
+search, 1
+search-net.tk, 1
+search.gov, 1
+search.yahoo.com, 0
+search4stores.com, 1
+searchable.ml, 1
+searchaudits.com, 1
+searchbar.co.za, 1
+searchbyai.com, 1
+searchbyimages.com, 1
+searchcandy.uk, 1
+searchcoloradohouses.com, 1
+searchdatalogy.com, 1
+searchdogs.ch, 1
+searchenginelinks.co.uk, 1
+searchenginepartner.com, 1
+searchforbeer.com, 1
+searchforjohn.com, 1
+searchfox.org, 1
+searchgurus.ca, 1
+searchmore.dk, 1
+searchpartners.dk, 1
+searchperfumes.ga, 1
+searchtechnology.tk, 1
+searchverdict.com, 1
+searchwork.tk, 1
+searchzone.ch, 0
+seareelfiji.com, 1
+searena.ga, 1
+seark.edu, 1
+searsucker.com, 1
+searx.be, 1
+searx.ca, 1
+searx.nu, 1
+searx.one, 1
+searx.org, 1
+searx.rocks, 1
+searx.ru, 1
+searx.run, 1
+searx.space, 1
+searx.work, 1
+searxng.cf, 1
+searxng.com, 1
+seashkey.com, 1
+seasidestudios.co.uk, 1
+seasistent.tk, 1
+season.moe, 1
+seasonlevel.com, 1
+seasonsboutique.com.au, 1
+seasonsof.berlin, 1
+seat61.com, 1
+seatbeltpledge.com, 1
+seatinglane2u.com, 1
+seatingworldindia.com, 1
+seats.aero, 1
+seattle-life.net, 1
+seattlebasementwaterproofers.com, 1
+seattlecannabis.co, 1
+seattledevicerepair.com, 0
+seattleduiattorneys.com, 1
+seattlemesh.net, 1
+seattlewalkinbathtubs.com, 1
+seaview.gq, 1
+seaviewkohchang.com, 1
+seavision-group.com, 1
+seavision-group.it, 1
+seavision-latam.com, 1
+seavision-lixis.com, 1
+seavision-usa.com, 1
+seavision.es, 1
+seavision.eu, 1
+seavision.fr, 1
+seavision.it, 1
+seavision.ru, 1
+seb.surf, 1
+seb8iaan.com, 1
+sebald.com, 1
+sebald.org, 1
+sebar-iklan.gq, 1
+sebariklanmassal.gq, 1
+sebarin.tk, 1
+sebastiaandouma.co.uk, 1
+sebastiaanwijnimport.nl, 1
+sebastian-bravo.com, 1
+sebastian-elisa-pfeifer.eu, 1
+sebastian-haeutle.de, 1
+sebastian-janich.de, 1
+sebastian-kraus.me, 1
+sebastian-kuhnert.de, 1
+sebastian-lutsch.de, 1
+sebastian-michalke.de, 1
+sebastian-walla.com, 1
+sebastianblade.com, 1
+sebastianboegl.de, 1
+sebastiandarhoi.cf, 1
+sebastianelectric.org, 1
+sebastianforst.de, 1
+sebastianhofmann.legal, 1
+sebastiantroncoso.tk, 1
+sebastianungureanu.com, 1
+sebastiaperis.com, 1
+sebastien-meric.com, 1
+sebasveeke.nl, 1
+sebba.tk, 1
+sebdat.cloud, 1
+sebeobrana.ml, 1
+sebepoznani.eu, 1
+seberika.tk, 1
+seberova.cz, 1
+sebetesty.cz, 1
+sebgar.ca, 1
+sebi.org, 1
+sebio.be, 1
+sebjacobs.com, 1
+seblod.com, 1
+seblossom.com, 1
+seboh.gov, 1
+seboluo.com, 1
+seboreia.tk, 1
+sebster.com, 1
+seby.io, 1
+sec-consult.com, 1
+sec-tunnel.com, 1
+sec-wiki.com, 1
+sec.ec, 1
+sec.gd, 1
+sec.gov, 1
+sec30.com, 1
+sec3ure.co.uk, 1
+sec530.com, 1
+secadoresdepelo.tk, 1
+secapp.fi, 1
+secard.cc, 1
+secard.me, 1
+secard.xyz, 1
+secaucusnjpolice.gov, 1
+secborder.com, 1
+secctexasgiving.org, 0
+secdaemons.com, 1
+secdfir.com, 1
+secfilingdata.com, 1
+secgui.de, 1
+sech.me, 1
+secinto.com, 1
+secitem.de, 1
+seclimax7.pw, 1
+seclink.link, 1
+seclms.net, 1
+secnet.ga, 1
+secnews.gr, 1
+secolve.com, 1
+secomo.org, 1
+second-life-partner-ichien.com, 1
+secondchancejobsforfelons.com, 1
+secondlife.tk, 1
+secondmeasure.com, 1
+secondnature.bio, 1
+secondnexus.com, 1
+secondorder.xyz, 1
+secondtreasuresmv.com, 1
+seconfig.sytes.net, 1
+secong.tk, 1
+secoseal.de, 1
+secpatrol.de, 1
+secpoc.online, 1
+secre.cy, 1
+secrecion.com, 1
+secret-bases.co.uk, 1
+secret-queen.ga, 1
+secret-queen.ml, 1
+secret.garden, 1
+secretagentclub.tk, 1
+secretar.is, 1
+secretary-schools.com, 1
+secretarypics.com, 1
+secretbase.cf, 1
+secretbusiness.tk, 1
+secretdeals.ga, 1
+secretenergy.com, 1
+secretgardendesigns.shop, 1
+secretimports.com.br, 1
+secretmap.ml, 1
+secretmolodosti.ga, 1
+secretmolodosti.ml, 1
+secretmolodosti.tk, 1
+secretmuseum.net, 1
+secretofanah.com, 1
+secretosbolivia.tk, 1
+secrets-marketing.tk, 1
+secretsdujeu.com, 1
+secretservercloud.ca, 1
+secretsofuniverse.in, 1
+secretstomartialarts.tk, 1
+secretum.tech, 1
+secretworld.ml, 1
+secretzone.bg, 1
+secrium.io, 1
+secs.london, 1
+secta.cf, 1
+secteam.ee, 1
+secteam.eu, 1
+sectelligence.com, 1
+sectelligence.nl, 1
+sectember.com, 1
+sectember.events, 1
+sectest.ml, 1
+secthirty.com, 1
+sectigo.com.ru, 1
+sectigostore.com, 1
+sectio-aurea.org, 1
+section-31.org, 1
+section.io, 1
+section508.gov, 1
+section77.de, 1
+sector.zone, 1
+sector7.nu, 1
+sectrans.tk, 1
+sectun.com, 1
+secu.host, 1
+secularweb.org, 1
+secumailer.com, 1
+secumailer.nl, 1
+secundity.com, 1
+secundity.nl, 1
+secunm.org, 1
+securai.de, 1
+secure-automotive-cloud.com, 1
+secure-automotive-cloud.org, 1
+secure-computing.net, 1
+secure-consult.com, 1
+secure-graphic.de, 1
+secure-gw.de, 1
+secure-it-is.nl, 0
+secure-server-hosting.com, 1
+secure.advancepayroll.com.au, 1
+secure.facebook.com, 0
+secure.wang, 1
+secureapplicationaccess.ca, 1
+secureapplicationaccess.com, 1
+secureauth.com, 1
+securebot.ga, 1
+securebuildingaccess.com, 1
+secured-login.net, 1
+secured.vote, 1
+secureddocumentshredding.com, 1
+securedrop.org, 1
+securedsigning.com, 1
+secureenduserconnection.se, 1
+securefiletransfer.nl, 1
+securegovernment.us, 1
+securehugs.com, 1
+secureid.services, 1
+secureideas.com, 0
+secureim.de, 1
+secureinfo.pl, 1
+securelect-inspection.com, 1
+secureo.at, 1
+secureobscure.com, 1
+secureonline.co, 1
+secureonline.nl, 1
+secureprivacy101.org, 1
+secureqbplugin.com, 1
+securerepository.net, 1
+securesense.nl, 1
+securesite.pro, 1
+securesiteaccess.com, 1
+securesuite.co.uk, 0
+securesystems.de, 1
+securetalks.com.br, 1
+securetown.top, 0
+securetrustbank.com, 1
+secureutilitypayments.com, 1
+securevideo.com, 1
+securewebcomputing.com, 1
+secureyourerp.nl, 1
+securi-tay.co.uk, 1
+securify.nl, 1
+securimail.ch, 1
+securipy.com, 1
+securist.nl, 1
+securitelandry.com, 1
+securitum.pl, 1
+security-24-7.com, 1
+security-brokers.com, 1
+security-systems.nl, 1
+security.gives, 1
+security.golf, 1
+security.google.com, 1
+security.pl, 1
+security.xn--q9jyb4c, 1
+security201.co.uk, 1
+security201.com, 1
+securityabstract.com, 1
+securityaware.me, 1
+securitybrief.asia, 1
+securitybrief.co.nz, 1
+securitybrief.com.au, 1
+securitybrief.eu, 1
+securitydriver.com, 1
+securityescrownews.com, 1
+securityfest.com, 1
+securitygladiators.com, 1
+securityguard-license.org, 1
+securityheaders.com, 1
+securityheaders.io, 1
+securityheaders.nl, 1
+securityindicators.com, 1
+securitypluspro.com, 1
+securitypuppy.com, 1
+securitysense.co.uk, 1
+securitysnobs.com, 0
+securitysoapbox.com, 1
+securitystreak.com, 1
+securitystudio.com, 1
+securitytalk.pl, 1
+securitytestfan.gov, 1
+securitytrails.com, 1
+securitywatch.co.nz, 1
+securitywithnick.com, 1
+securitywithoutborders.org, 1
+securix.hk, 1
+securl.chat, 1
+securl.link, 1
+securly.me, 1
+securocloud.com, 1
+securoswiss.ch, 1
+securot.eu, 1
+securview.ch, 1
+secutorcloud.com, 0
+secuvera.de, 0
+secuxtech.com, 1
+secvuln.info, 1
+secwall.me, 1
+secwatch.nl, 1
+secweb.org, 1
+secyourity.se, 1
+seda.wa.edu.au, 1
+sedico.mx, 1
+sedicomm.com, 1
+sedirector.net, 1
+sedkisghairi.com, 0
+sedl.org, 1
+sedlex.fr, 1
+sedmicka.sk, 0
+sedoexpert.nl, 1
+sedoexperts.nl, 1
+sedonagolfresort.com, 0
+sedro-woolley.gov, 1
+see22.de, 1
+seearmenia.tk, 1
+seebetterlab.com, 1
+seecat.biz, 1
+seedandleisure.co.uk, 1
+seedboite.ovh, 1
+seedbox.fr, 1
+seedbox.hosting, 1
+seedcom.dk, 0
+seedcoworking.es, 1
+seedisclaimers.com, 1
+seedno.de, 1
+seedscientific.com, 1
+seedspark.com, 1
+seedsystemcoaching.com, 1
+seefeldbilder.at, 1
+seefunk.net, 1
+seehisnudes.com, 0
+seeinred.tk, 1
+seejay.me, 1
+seekingalpha.com, 1
+seeks.ru, 1
+seeksupply.ga, 1
+seekweb.com, 1
+seeme.ai, 1
+seemomclick.com, 1
+seemorehere.tk, 1
+seemyreality.tk, 1
+seeonce.co, 1
+seerainer.com, 1
+seesuite.com, 0
+seetheprogress.com, 1
+seetheprogress.de, 1
+seetheprogress.eu, 1
+seetheprogress.net, 1
+seetheprogress.org, 1
+seetow.sg, 1
+seetv.ga, 1
+seewang.me, 1
+seewhatididhere.com, 1
+seewines.com, 1
+seexw.com, 1
+seezeitlodge-bostalsee.de, 1
+sef.co.za, 1
+sefa.cloud, 1
+sefodbold.dk, 1
+sefru.de, 1
+seg-leipzig.org, 1
+seg-sys.com, 1
+seg.do, 1
+segamastersystem.tk, 1
+segaretro.org, 1
+segdo.de, 1
+segdo.media, 1
+segdogames.com, 1
+segdomedia.com, 1
+segel-setzen-buch.de, 1
+segm.org, 1
+segmentify.com, 1
+segmentnext.com, 1
+segnalabullo.it, 1
+segnidisegni.eu, 1
+segnoadv.com, 1
+segpay.com, 1
+segulink.com, 1
+segurancaresidencialbh.com.br, 1
+segurancati.com, 1
+segurcaixaadeslas.es, 1
+segurdatacr.com, 1
+segurico.cz, 1
+seguridadconsumidor.gov, 1
+seguridadsistem.tech, 1
+seguridadsistemtienda.tech, 1
+seguromail.com.br, 1
+segurosbantrab.com.gt, 1
+segurosdesaluddominicanos.com, 1
+segurosmaurobracchieri.com, 1
+segurosmr.es, 1
+segurosocial.gov, 0
+segurosproteccion.com, 1
+segv.fi, 1
+sehat-solusi-makmur.com, 1
+sehatpoin.com, 1
+sehatyab.com, 1
+sehd.top, 0
+sehersirin.com, 1
+seheyah.me, 1
+sei-yu.net, 1
+seibert.ninja, 0
+seibu-kikaku.co.jp, 1
+seida.at, 1
+seidel-immobilienberatung.de, 1
+seiffen.de, 1
+seifried.org, 1
+seika-housei.com, 1
+seikatu-navi.com, 1
+seikoman.tk, 1
+seiler-ds.com, 1
+seilergeodrones.com, 1
+seilermicro.com, 1
+seilgold.de, 1
+seimo.cn, 1
+seincojavea.es, 0
+seineoparebrise.fr, 1
+seinfeldquote.com, 1
+seinolab.jp, 1
+seintje24.nl, 1
+seira.tk, 1
+seirdy.one, 1
+seirei.ne.jp, 1
+seiryokuzai-ch.com, 1
+seisansei.net, 1
+seishinan.xyz, 1
+seishinchuo-lawoffice.com, 1
+seishuncollection.com, 1
+seismas1.com, 1
+seisthewaytobe.com, 1
+seistolzaufdich.de, 1
+seistrup.dk, 1
+seitai-nabejun.jp, 1
+seitai-taiyou.com, 1
+seitanic-cookbook.de, 1
+seitenwaelzer.de, 1
+seitokai.jp, 1
+seiulocal300.org, 1
+seized.gov, 1
+seizethedaybrasil.com.br, 1
+sejageek.com, 1
+sek.ai, 1
+sekainokokki.jp, 1
+sekfung.me, 1
+sekisonn.com, 1
+sekkom.com, 1
+sekoia.io, 1
+sekoya.org, 1
+sekreti-biznesa.cf, 1
+sekretiki.info, 1
+seks-znakomstva.tk, 1
+sekshikayeler.tk, 1
+sektor-news.tk, 1
+sektor.ro, 1
+sektor.tech, 1
+sektor41.com, 1
+sektorgaza.su, 1
+sekundadosetki.pl, 1
+sekurak.pl, 1
+sekusi-tochiki.tk, 1
+sekweta.com, 1
+selang.cf, 1
+selang.ml, 1
+selangdi.com, 1
+selayar.vacations, 1
+selber-coden.de, 1
+selco-himejiminami.com, 1
+selcukluhali.com.tr, 1
+selcuksportr.com, 1
+selcusters.nl, 1
+seldadogancan.com, 1
+selea.design, 1
+selebrita.ml, 1
+selectables.tk, 1
+selectagents.gov, 1
+selectanderect.com, 1
+selectbusteni.tk, 1
+selected-properties.com, 0
+selectedbym.com, 1
+selectel.ru, 1
+selectionengine.ca, 1
+selectionengine.com, 1
+selectionengine.net, 1
+selectionengine.org, 1
+selector.space, 1
+selectsplat.com, 1
+selegiline.com, 1
+selen.com.br, 1
+selena-armavir.ml, 1
+selenapelletier.tk, 1
+seleondar.ru, 1
+selesnafes.com, 0
+selezionebarbrboguaccero.cf, 1
+selezionebarbrboguaccero.ga, 1
+selezionebarbrboguaccero.tk, 1
+self-business.tk, 1
+self-evident.org, 1
+selfassess.govt.nz, 1
+selfbattery.ga, 1
+selfbestyou.com, 1
+selfcaregate.com, 0
+selfcateringstratford.co.uk, 1
+selfdefinition.org, 1
+selfdefinition.tk, 1
+selfdevelopment.com.au, 1
+selfelec.be, 1
+selfemployed.ga, 1
+selfguidedholiday.com, 1
+selfharm.xyz, 1
+selfici.com, 1
+selfici.cz, 1
+selfiehome.cz, 1
+selfiestick.bg, 1
+selfishness.com, 1
+selfloath.in, 1
+selfmade4u.de, 0
+selfpublishingformula.com, 1
+selfrealize.ga, 1
+selfretire.cf, 1
+selfserverx.com, 0
+selftech.tk, 1
+selfycheck.it, 1
+selimcerkezi.tk, 1
+selistina.tk, 1
+selkiemckatrick.com, 1
+sellajoch.com, 1
+sellbit.io, 1
+sellcoins.top, 1
+selldone.com, 1
+selldorado.com, 1
+seller.diamonds, 1
+sellerengine.com, 1
+sellersfunding.com, 1
+sellersmart1.com, 1
+sellerssignals.com, 1
+sellerstats.ru, 1
+sellerteam.tk, 1
+sellerwiz.io, 1
+sellguard.pl, 1
+sellingsherpa.com, 0
+sellmymobile.com, 1
+sellmyphone.co.uk, 1
+sellmyshares.com.au, 1
+sello.com, 1
+sellocdn.com, 1
+sellorbuy.uk, 1
+sellorbuy.us, 1
+sellphotos.tk, 1
+sellsmartwatches.tk, 1
+selltothousandhills.com, 1
+selltous.com.au, 1
+sellusdtindubai.com, 1
+sellwithsquare.com, 1
+sellyboard.company, 1
+selma.com, 1
+selmatownship-mi.gov, 1
+selmec.com.mx, 1
+selmer-tn.gov, 1
+selmon.ru, 1
+selo-cer.tk, 1
+selo-grncare.tk, 1
+selo.ru, 1
+seloc.org, 1
+selokids.ru, 1
+selsovet56.tk, 1
+seltek.su, 1
+seltendoof.de, 1
+selvaggialucarelli.blog, 1
+selwyn.cc, 1
+semacode.com, 1
+semaflex.it, 1
+semalt.net, 1
+semanaacademica.org.br, 1
+semanarioaqui.tk, 1
+semantic-systems.com, 1
+semantica.cz, 0
+semantics.ga, 1
+semao.org, 1
+semaphore-studios.com, 1
+sembosihosting.tk, 1
+sembska.de, 1
+sembyotic.com, 1
+semcensurabrag.com.br, 1
+semeia.io, 1
+semena-ua.ml, 1
+semenov.ml, 1
+semenov.su, 1
+semenserang.com, 1
+sementes.gratis, 1
+sementesquati.com.br, 1
+semestaindovest.co.id, 1
+semesur.com, 1
+semi.social, 1
+semianalog.com, 1
+semicolon.cf, 1
+semicon.cc, 1
+semiconductors.gov, 1
+semicvetik.tk, 1
+seminarioabdtic.com.br, 1
+seminariruum.ee, 1
+seminarraum-isny.de, 1
+seminolecountyoklahoma.gov, 1
+seminovostoyota.com.br, 1
+semiotical.com, 0
+semiotika.tk, 1
+semira.tk, 1
+semirben.de, 1
+semiread.com, 1
+semiretire.ga, 1
+semiweb.ca, 1
+semmuhely.tk, 1
+semobr.cf, 1
+semops.gq, 1
+semox.de, 1
+semparar.com.br, 1
+sempersolaris.com, 1
+semplicementelight.com, 1
+sempoctet.ca, 1
+sempreupdate.com.br, 1
+semps-2fa.de, 1
+semps-threema.de, 1
+semps.de, 1
+semrecc.gov, 1
+semrush.com, 1
+semsec.net, 1
+semtinde.com, 1
+semyonov.su, 1
+semyonov.us, 1
+sen.bo, 1
+senacor.com, 1
+senamexico.com, 1
+senaofertaeducativa.co, 1
+senaofertaeducativa.com, 1
+senarea.nl, 1
+senarist.tk, 1
+senarius.de, 1
+senat.cz, 1
+senat.ro, 1
+senbil.net, 1
+senbil.video, 1
+sence.gob.cl, 1
+send.tk, 1
+send2sign.net, 1
+sendaddress.com, 1
+sendai-cc.jp, 1
+sendai-cdc.com, 1
+sendai-cooking.com, 1
+sendai-ctr.com, 1
+sendai-himawari.jp, 1
+sendai-rc.com, 1
+sendai-recruit.com, 1
+sendai-sisters.com, 1
+sendai-sougou.com, 1
+sendai-works.com, 1
+sendaimori.com, 1
+sendaiouji.com, 1
+sendbird.com, 1
+sendbox.cz, 1
+sender.party, 1
+sender.services, 1
+senderdb.com, 1
+senderismoinfantil.tk, 1
+senderosdelavida.com, 1
+sendflowers.pk, 1
+sendigperu.com, 1
+sendingbee.com, 1
+senditvia.email, 1
+sendmail.com, 1
+sendonce.io, 1
+sendonomics.com, 1
+sendpulse.com, 1
+sendsonar.com, 1
+sendthisfile.com, 1
+sendtrix.nl, 1
+sendy.land, 1
+sendzik.eu, 1
+senecailpd.gov, 1
+senergiya.tk, 1
+senf-kren.at, 1
+senfcall.de, 1
+senhost.tk, 1
+seni-beladiri.tk, 1
+senibongcove.my, 1
+senibonggolfclub.com.my, 1
+senior-sigan.ml, 1
+seniorcommunitymedia.com, 1
+seniorem.eu, 1
+seniorhost.net, 1
+seniorinhomecare.com, 1
+seniorlivinginvestments.eu, 1
+seniormanager.cz, 1
+seniorsupportservicesohio.com, 1
+senkals.one, 1
+senkyo.watch, 1
+senneeeraerts.be, 1
+sennik.tk, 1
+senoctarsoft.tk, 1
+senok.ml, 1
+senooken.jp, 1
+senor-cheapo.nl, 1
+senork.de, 1
+senpiper.com, 1
+senres.top, 1
+senrj.be, 1
+sens2lavie.com, 1
+sense.eu.com, 1
+sense.finance, 1
+sense.hamburg, 1
+sensebridge.net, 1
+senseful-online.de, 1
+senseful-online.eu, 0
+senseful-online.info, 1
+senseiclassroom.tk, 1
+senseilabs.com, 1
+senselabs.it, 1
+sensepixel.com, 1
+sensepost.com, 1
+senshudo.tv, 1
+sensibleita.tk, 1
+sensiblelanecounty.tk, 1
+sensiblepcsupport.co.uk, 1
+sensibus.com, 1
+sensical.net, 0
+sensoft-int.com, 1
+sensoft-int.net, 1
+sensoft-int.org, 1
+sensor-dream.ru, 0
+sensoria.com.br, 1
+sensorshop.ir, 0
+sensorsoft-waterontharder.nl, 1
+sensorville.com.br, 1
+sensoscientific.com, 1
+sensound.ml, 1
+sensualism.com, 1
+sensuality-models.com, 1
+sensually.tk, 1
+sensualsexyhot.com.br, 1
+sensuuri.tk, 1
+sentandsecure.com, 1
+sentencing.net, 1
+sentenza.tk, 1
+senteon.co, 1
+senterada.tk, 1
+sentic.info, 1
+sentidosdelatierra.org, 1
+sentiment.rest, 1
+sentiments.io, 1
+sentinel.gov, 1
+sentinelnet.tk, 1
+sentinelproject.io, 1
+sentinels.tk, 1
+sentir.id, 1
+sentirmebien.org, 1
+sentitvia.email, 1
+sentmail.ga, 1
+sentor.se, 1
+sentorsecurity.com, 1
+sentrafield.com, 1
+sentral.com, 1
+sentralegal.com, 1
+sentry.io, 1
+sentry.nu, 1
+sentrybay.com, 1
+sentrytwo.com, 1
+sentworks.com, 1
+senzaparole.de, 1
+senzei.tk, 1
+seo-analyse.com, 1
+seo-blog12.tk, 1
+seo-dr-it.com, 1
+seo-forum.nu, 0
+seo-linz.at, 1
+seo-obmen.tk, 1
+seo-phpbb.cf, 1
+seo-piar.tk, 1
+seo-portal.tk, 1
+seo-promox.cf, 1
+seo-promox.tk, 1
+seo-reality.cf, 1
+seo-reklama.ml, 1
+seo-reklama.tk, 1
+seo-sem.online, 1
+seo-smo.ml, 1
+seo-smo.tk, 1
+seo-srbija.rs, 1
+seo-tools4u.com, 1
+seo-url.tk, 1
+seo-website.ru, 1
+seo.consulting, 1
+seo.domains, 1
+seo.london, 1
+seo.services, 1
+seo40.fr, 1
+seoagentur-hamburg.com, 1
+seoankara.name.tr, 1
+seoapi.com, 1
+seoarchive.org, 1
+seoargentina.com.ar, 1
+seoblogs.cf, 1
+seobook2015.cf, 1
+seobook2015.ga, 1
+seobook2015.gq, 1
+seobook2016.gq, 1
+seoclubs.tk, 1
+seocontents24.tk, 1
+seocraft.me, 1
+seocreator-blog24.tk, 1
+seodayo.com, 1
+seodefinitivo.com, 1
+seodelhi.com, 1
+seodoma.ml, 1
+seodrug.tk, 1
+seoefectivo.com, 1
+seoenmexico.com.mx, 1
+seoexpert.com.br, 1
+seoforyou.nl, 1
+seogeek.nl, 1
+seogeky.com, 1
+seogood.cf, 1
+seohackers.fr, 1
+seohost.pl, 1
+seohouston.com, 1
+seoified.com, 1
+seojaguar.tk, 1
+seokatka.tk, 1
+seolabuitest.azurewebsites.net, 1
+seoline.cf, 1
+seolister.cf, 1
+seolisting.cf, 1
+seolisting.tk, 1
+seolizer.de, 1
+seolord.cf, 1
+seomag.tk, 1
+seomanager.vip, 1
+seomarketing.bg, 1
+seomasti.com, 1
+seomaton.com, 1
+seomaton.org, 1
+seomaxion.com, 1
+seomedo.com, 1
+seomen.biz, 1
+seomonk.com, 1
+seonaut.org, 1
+seonoco.com, 1
+seonow.ga, 1
+seonurse.com, 1
+seoonline.cf, 1
+seoonlinejaipur.tk, 1
+seopiar.tk, 1
+seoping.ru, 0
+seoplus.com, 1
+seopost.ga, 1
+seoprnews.cf, 1
+seopromotion.tk, 1
+seoproof.tk, 1
+seoptimize.fr, 1
+seoquero.com, 1
+seoranker.tk, 1
+seorepress.com, 1
+seorus.cf, 1
+seorus.ml, 1
+seoruse.com, 0
+seos.ga, 1
+seoscan.ga, 1
+seoschmiede.at, 1
+seoscribe.net, 1
+seosearch.org, 1
+seoserfing.tk, 1
+seosergio.com, 1
+seoshanti.ru, 0
+seoshnik.tk, 1
+seosmart.gq, 1
+seosof.com, 1
+seosos.gq, 1
+seosos.ml, 1
+seospace.ro, 1
+seosprint.gq, 1
+seostrit.cf, 1
+seostrit.tk, 1
+seosuccor.com, 1
+seoteam.tk, 1
+seotesty.cz, 1
+seotip.top, 1
+seotipster.com, 1
+seotoolsearth.com, 1
+seotoolset.tk, 1
+seoturkey.tk, 1
+seotutorials32.tk, 1
+seoulartcollective.tk, 1
+seoulista.vn, 1
+seovision.se, 1
+seovisit.tk, 1
+seovisits.tk, 1
+seoviziti50.tk, 1
+seowerkz.com, 1
+seowind.io, 1
+seowordpress.pl, 1
+seowork.tk, 1
+seozel.tk, 1
+seozen.ru, 1
+seozen.top, 1
+sep-online.com.pl, 1
+sep.bydgoszcz.pl, 1
+sep.cc, 1
+sep.jgora.pl, 1
+sep.rzeszow.pl, 1
+sep.tarnobrzeg.pl, 1
+sepakbola.id, 1
+separacioniglesiaestado.tk, 1
+sepenggal.info, 1
+seproco.com, 0
+septakkordeon.de, 1
+septam-orchestra.fr, 1
+septem.cc, 0
+septemcapital.ru, 1
+septentrionalist.org, 1
+septicrepairspecialists.com, 1
+septics.ga, 1
+septictankpumpingservices.com, 1
+septodont.ch, 1
+septodont.com.br, 1
+septodont.com.ru, 1
+septodont.in, 1
+septodontchina.com, 1
+septonol.tk, 1
+septs.blog, 1
+sepulcharium.tk, 1
+seputarfinansial.com, 1
+seqing.cf, 1
+sequachee.com, 1
+sequatchiecounty-tn.gov, 1
+sequatchiecountytn.gov, 1
+sequenceconsulting.com, 1
+sequencediagram.org, 1
+sequencing.com, 1
+sequitur.tech, 1
+ser-it.pl, 1
+sera.jp, 1
+serail.biz.id, 1
+seraimu.me, 1
+seraku.co.jp, 1
+seraph.red, 1
+seraph.tokyo, 1
+serasa.com.br, 1
+serasaexperian.com.br, 1
+seratblog.ga, 1
+serban.ro, 1
+serbanpaun.ro, 1
+serbiaonline.tk, 1
+serc.ac.uk, 1
+sercasindustry.tk, 1
+serdarakyildiz.com, 1
+serdarwork.com, 1
+serdengolpinar.tk, 1
+serecoponsillo.it, 1
+sereema.com, 1
+serele.fr, 1
+seren.tk, 1
+serenascreations.com, 1
+serenata.tk, 1
+serenavilage.net, 1
+serenavillage.net, 1
+serenavillageresidence.com, 1
+serenaweb.de, 1
+serendeputy.com, 1
+serenityeditor.com, 1
+serenitytvl.com, 1
+seresco.es, 1
+serf.io, 1
+serfas.gr, 1
+serfinansa.com.co, 1
+sergal.club, 1
+sergal.de, 1
+sergal.gay, 1
+serge-design.ch, 1
+sergeemond.ca, 1
+sergefonville.nl, 1
+sergelapointe.ca, 1
+sergeyburov.tk, 1
+sergeyesenin.tk, 1
+sergeykozharinov.com, 1
+sergi.tk, 1
+sergicoll.cat, 1
+sergio-rivero.tk, 1
+sergiochica21.tk, 1
+sergiocv.com, 1
+sergioforsanmateo.com, 1
+sergioforse.com, 1
+sergiogm.es, 1
+sergiogug.tk, 1
+sergiomur.tk, 1
+sergiopereiracouto.tk, 1
+sergiopimpao.pt, 1
+sergiozygmunt.com, 1
+sergiozygmunt.org, 1
+sergivb01.me, 0
+sergos.de, 0
+serguzim.me, 1
+serhan.in, 1
+serial-kinder.tk, 1
+serial2000.tk, 1
+serializacion.mx, 1
+serialize.gq, 1
+serialkey.info, 1
+seriesdatv.pt, 1
+seriesfeed.com, 0
+seriesgratis.tk, 1
+serifosguide.dk, 1
+serije.co, 1
+serinamusic.com, 1
+seringe.com, 1
+seriola.hr, 0
+seriouss.am, 1
+serioussam.ml, 1
+serkanceyhan.com, 1
+serkanyarbas.com.tr, 1
+serkozh.me, 1
+sermerkt.is, 1
+sernate.com, 1
+seroquel50mg.tk, 1
+seroquelonline.ga, 1
+seroquelonline.tk, 1
+serotiuk.com, 0
+serpenteq.com, 1
+serpes.nz, 1
+serphost.ml, 1
+serpic.photo, 1
+serpinco.com, 1
+serptoolsuite.com, 1
+serpuhof.ru, 1
+serralheriaeseguranca.com.br, 1
+serrande.it, 1
+serrande.roma.it, 1
+serraniadecuencaafondo.tk, 1
+serrano-chris.ch, 0
+serrature.roma.it, 1
+serreshikeclub.tk, 1
+sertaobom.eco.br, 1
+sertaovivo.tk, 1
+sertasimmons.com, 1
+sertec.com.mx, 1
+sertim.tk, 1
+serv.site, 1
+serval-concept.com, 1
+serval-formation.com, 1
+servant42.com, 1
+servantweb.fr, 1
+servatmandi.com, 1
+serve.gov, 1
+serve.work, 1
+servebyte.com, 1
+servecrypt.com, 1
+servecrypt.net, 1
+servecrypt.ru, 1
+serveistic.cat, 1
+serveistic.es, 1
+servelelecciones.cl, 1
+servelink.com, 1
+servend.gov, 1
+servepublic.com, 1
+servepublic.org, 1
+server-bg.net, 1
+server-daten.de, 1
+server-essentials.com, 1
+server-zugang.eu, 1
+server.vote, 1
+server4london.site, 1
+server72a.ddns.net, 1
+server92.eu, 1
+server92.tk, 1
+serveradium.com, 1
+serveradmin.ovh, 1
+serverbin.net, 1
+serverbit.it, 1
+serverco.com, 1
+serverd.de, 1
+serverdechile.tk, 1
+serverdensity.io, 1
+serverdragon.site, 1
+serverexpose.com, 1
+serverfix.net, 1
+serverhost.no, 1
+serverhunter.com, 1
+serverion.ga, 1
+serverka.tk, 1
+serverlauget.no, 1
+serverlein.com, 1
+serverlog.net, 1
+servermacher.de, 1
+servermaster.sk, 1
+servernerds.net, 1
+serverninja.tk, 1
+serveroffline.net, 1
+serverpedia.de, 1
+servers.vg, 1
+serverscan.com, 1
+serversfrom.space, 1
+serversify.net, 1
+serverstatus.tk, 1
+serverstuff.info, 1
+serversuit.com, 1
+servertastic.com, 1
+servertutorial.eu, 1
+serveru.us, 1
+servetten-groothandel.nl, 1
+serveur.nl, 1
+serveursminecraft.org, 1
+servfefe.com, 1
+servi-tek.net, 1
+service-centre.cf, 1
+service-soft.de, 1
+service-status.cloud, 1
+service-ways.com, 1
+service-wueste-vodafone.tk, 1
+service.gov.scot, 1
+service.gov.uk, 1
+service.vic.gov.au, 0
+serviceair.com.ar, 1
+servicebeaute.fr, 1
+serviceboss.de, 1
+servicecentreperth.com.au, 1
+servicedesk.ath.cx, 1
+servicefish.tk, 1
+serviceflow.co.za, 1
+serviceforge.com, 1
+serviceland.am, 1
+servicemasterlawncare.ca, 1
+servicemembers.gov, 1
+servicenow.com, 1
+servicepclaptop.com, 1
+servicesforfree.com, 1
+serviceslotenmaker.nl, 0
+servicesneo.com, 1
+servicesnetpro.com, 1
+servicespot.ca, 1
+servicevie.com, 1
+serviciales.com, 1
+servicii-funerare.tk, 1
+serviciodebarralibreparaeventos.com, 1
+serviciomigraciones.cl, 1
+serviciosdeti.gq, 1
+serviciosfncs.com, 1
+servicioskoinonia.org, 1
+serviciotecnicoencomputacion.com.ve, 0
+servida.ch, 1
+servietten-grosshandel.at, 1
+servietten-grosshandel.be, 1
+servietten-grosshandel.ch, 1
+servietten-grosshandel.de, 1
+serviettes-et-plus.com, 1
+servilletas-de-papel.es, 1
+servilletas-de-papel.mx, 1
+servilonjas.com, 1
+servingbaby.com, 0
+servingroddick.tk, 1
+servingseniors.org, 1
+servingupsouthern.com, 1
+servion.com, 1
+servis-azd.cz, 1
+servis4u.top, 1
+servisin.id, 1
+servispasaoglu.com.tr, 1
+servitel.ga, 1
+servitor.cf, 1
+servitproducts.com, 1
+servivum.com, 1
+serviziocolf.it, 1
+serviziourgente.it, 1
+servmaslt.com, 1
+servn.ca, 1
+servo.org, 1
+servonline.de, 1
+servpress.net, 1
+servrox.solutions, 1
+servtepstore.com, 1
+servtraq-staging.azurewebsites.net, 1
+servtraqazure.com, 1
+servus.ca, 1
+servx.org, 1
+serw.org, 1
+serwetki-papierowe.pl, 1
+serwis-militarny.net, 1
+serwis-telewizorow.pl, 1
+serwis-wroclaw.pl, 1
+serwispv.eu, 1
+serwistomy.pl, 1
+serworkribeirao.com.br, 1
+serx.cf, 1
+serx.ml, 1
+seryovpn.com, 1
+ses-egy.com, 1
+ses-offshore.com, 1
+sesa.org, 1
+sesam-biotech.com, 1
+sesamomusical.tk, 1
+sescoen.tk, 1
+seseai.ga, 1
+sesenaonline.tk, 1
+sesliturkgencligi.tk, 1
+sesperformance.eu, 1
+sesrdcem.cz, 1
+sessile-oak.co.uk, 1
+session.bbc.co.uk, 1
+session.bbc.com, 1
+sessionslogning.dk, 1
+sestry.tk, 1
+set-freeporn.com, 1
+setabun.or.jp, 1
+seteampty.net, 1
+setenforce.one, 1
+setesat.com.br, 1
+setevik.tk, 1
+sethclinic.com, 1
+sethcorker.com, 1
+sethcurry.ga, 1
+sethforprivacy.com, 1
+sethjust.com, 1
+sethlmatarassomd.com, 1
+sethoedjo.com, 1
+sethriedel.com, 1
+sethvargo.com, 1
+seti-germany.de, 0
+setin.srl, 1
+setkit.net, 1
+setmore.com, 1
+setof88.com, 1
+setonhill.edu, 1
+setphaserstostun.org, 0
+settberg.de, 1
+setterirlandes.com.br, 1
+settimanadellascienza.it, 1
+settleapp.co, 1
+settlingin.ga, 1
+setuid.de, 1
+setuid.io, 1
+setuid0.kr, 1
+setun.tk, 1
+setuplog.io, 1
+setupstreamers.com, 1
+setxxxtube.com, 1
+seu.edu.sa, 1
+seucreditodigital.com.br, 1
+seuntaylor.co, 1
+seuplano.com.br, 1
+seutens.be, 1
+seutens.eu, 1
+sevastopol.tk, 1
+sevathian.com, 1
+seven-seas.ml, 1
+sevenartzpublicidad.com, 1
+sevendevilsnc.gov, 1
+sevenfoureight.ml, 1
+sevengang.tk, 1
+sevenhillsapartments.com.au, 1
+sevenicealimentos.com.br, 1
+sevenmatches.com, 1
+sevenrooms.com, 1
+sevenseasmarble.co.uk, 1
+seventeamiles.com, 1
+seventwentynine.com, 1
+seventymania.de, 1
+severac.org, 1
+severesexfilms.com, 1
+severine-trousselard.com, 1
+severing.cf, 1
+seviercountyar.gov, 1
+seviercountyassessor-ar.gov, 1
+sevilinux.es, 1
+sevillacani.tk, 1
+sevillalinces.tk, 1
+sevillanazarena.tk, 1
+sevinci.ch, 1
+sevitahealth.com, 1
+sevocomm.com, 1
+sevsey.ru, 1
+sewa.nu, 1
+sewalaptopm2i.com, 1
+sewardcountyne.gov, 1
+sewatec.com, 1
+sewavillamurah.tk, 1
+sewfarsewgood.uk, 1
+sewing-machines.com.ua, 1
+sewing-world.ru, 1
+sewinginsight.com, 0
+sewingtales.com, 0
+sewoo.co.uk, 1
+seworld.ml, 1
+sex-chat-geld-verdienen.com, 1
+sex-education.com, 1
+sex-sex-cam.com, 1
+sex-videochat.club, 1
+sex5.com, 1
+sexaki.com, 1
+sexandthecitty.tk, 1
+sexarab.live, 1
+sexawynet.cam, 1
+sexcamsbay.com, 1
+sexdocka.nu, 1
+sexedquickies.com, 1
+sexedrescue.com, 1
+sexflare.net, 1
+sexgamesclub.com, 1
+sexgarage.de, 1
+sexgirlfriend.com, 1
+sexgood.com.ua, 1
+sexhab.guru, 1
+sexin.nl, 1
+sexkazan.love, 1
+sexkrd.love, 1
+sexminister.tk, 1
+sexmobil.de, 1
+sexnorilsk.love, 1
+sexobryansk.guru, 1
+sexocheb.com, 1
+sexochita.com, 1
+sexoclicker.com, 1
+sexoclicker.net, 1
+sexoclicker.org, 1
+sexocomgravidas.com, 1
+sexokiev.love, 1
+sexologist.cf, 1
+sexonwax.com, 0
+sexorzn.xyz, 1
+sexosintabues30.com, 1
+sexosmol.com, 1
+sexostav.com, 1
+sexotomsk.com, 1
+sexoufa.center, 1
+sexoyalta.love, 1
+sexoyrelax.com, 1
+sexpay.net, 1
+sexpdf.com, 1
+sexpression.com.br, 1
+sexshopfacil.com.br, 1
+sexshopnet.com.br, 1
+sexswing.com, 0
+sextacy.tk, 1
+sextapegermany.com, 1
+sextoysproductstore.com, 1
+sextreffendeutschland.com, 1
+sextubespot.com, 1
+sextw.net, 1
+sexualdiversity.org, 1
+sexufa.red, 1
+sexvideochat.it, 1
+sexvideos.tel, 1
+sexvirtualspace.com, 1
+sexworkrights.com, 1
+sexxyangie.com, 1
+sexy-mom.org, 1
+sexy-periscope.ml, 1
+sexy-store.nl, 1
+sexyanne.net, 1
+sexybuttpics.com, 1
+sexyfotosvandep.nl, 1
+sexyjanahot.com, 1
+sexyjenjen.net, 1
+sexyleni.org, 1
+sexynakedgirls.pics, 1
+sexynaty.org, 1
+sexynoemi.com, 1
+sexyporn.tv, 1
+sexyrachel846.com, 1
+sexystine.net, 1
+sexytagram.com, 1
+sexyteens.net, 1
+sexyvenushuegel.org, 1
+seyfarth.de, 1
+seykapuertasautomaticas.com, 1
+seymourfanclub.tk, 1
+seypt.de, 1
+seyr.it, 1
+seyr.me, 1
+seyv.io, 1
+sf-builders.com, 1
+sf-kayh.de, 1
+sf3223.com, 1
+sfaparish.org, 1
+sfarc.ml, 1
+sfat.llc, 1
+sfbao.cn, 1
+sfbao.com, 1
+sfbaytransit.org, 1
+sfcardio.fr, 1
+sfccapital.com, 1
+sfccapitalpartners.com, 1
+sfcityoption.org, 1
+sfdchub.com, 1
+sfdcopens.com, 1
+sfdev.ovh, 1
+sfdlsource.tk, 1
+sfee.cl, 1
+sfera360.es, 1
+sfg-net.com, 1
+sfg-net.eu, 1
+sfg-net.net, 1
+sfg-net.org, 1
+sfg-nordholz.de, 1
+sfhp.org, 1
+sfile.eu, 1
+sfirat-haomer.com, 1
+sfleisure.com, 1
+sflhidta.gov, 1
+sfmason.net, 1
+sfnetwork.pl, 1
+sfo-fog.ch, 0
+sfoks33.ru, 1
+sfomuseum.org, 1
+sfondo.info, 1
+sfp.net.tr, 1
+sfpdev.com, 1
+sfpebblesstones.com, 1
+sfpuc.gov, 1
+sfslashing.com, 1
+sft-framework.org, 1
+sftool.gov, 1
+sfumusic.com, 1
+sfvonline.nl, 1
+sfweef.gq, 1
+sfxmr.de, 1
+sg-1xbet.com, 1
+sg-gallerylive.it, 1
+sg-strietwald.de, 1
+sg.search.yahoo.com, 0
+sg1.tech, 1
+sgatlantis.tk, 1
+sgbpa.co.uk, 1
+sgcaccounts.co.uk, 1
+sgcountymt.gov, 1
+sgdementia.ca, 1
+sgdi.gov.sg, 1
+sgdm-services.com, 1
+sgfinanceira.online, 1
+sggame990.com, 1
+sght.gallery, 1
+sgitc.de, 1
+sgj0.net, 1
+sglazov.ru, 1
+sglibellen.de, 1
+sgnation.dk, 1
+sgnl.ai, 1
+sgo-overbetuwe.nl, 1
+sgombero.it, 1
+sgoossens.nl, 1
+sgplay.io, 1
+sgrmreproduccionapp.azurewebsites.net, 1
+sgrossi.it, 1
+sgrowe.de, 1
+sgrs.be, 1
+sgrub.xyz, 1
+sgs-systems.de, 1
+sgs.camera, 1
+sgs.systems, 1
+sgsautoparts.com.au, 0
+sgsmart.ru, 1
+sgsosu.net, 1
+sgsp.nl, 1
+sgtcodfish.com, 1
+sgtech.ga, 1
+sgthotshot.com, 1
+sgtool.eu, 1
+sgtrains.com, 1
+sgtsnookums.net, 1
+sgtt.ch, 0
+sguerrero.com, 1
+sgutranscripts.org, 1
+sh-heppelmann.de, 1
+sh-network.de, 1
+sh.com.tr, 1
+sh0rt.in, 1
+sh0rt.zone, 1
+sh0u.jp, 1
+sh0uld.net, 1
+sh1mar.in, 1
+sh4y.cn, 1
+sh4y.com, 1
+sh68.cc, 0
+sha.bi, 1
+sha512.online, 1
+shabaka.org, 1
+shabashka.ml, 1
+shabiwangyou.com, 1
+shackleton.io, 1
+shad.waw.pl, 1
+shade.sh, 1
+shadebarandgrillnh.com, 1
+shadebarandgrillorlando.com, 1
+shadebarandgrillutica.com, 1
+shadebarandgrillwindsor.com, 1
+shadedesign.cz, 1
+shademid.com, 0
+shadesofgrayadr.com, 1
+shadesofgraylaw.com, 1
+shadex.net, 1
+shadhoc.com, 1
+shadigee.org, 1
+shadikhan.tk, 1
+shadow-forum.tk, 1
+shadow-group.org, 1
+shadowandy.net, 1
+shadowcp.eu, 1
+shadowdomain.ml, 1
+shadowfight2.tk, 1
+shadowfox.tk, 1
+shadowguardian507.tk, 1
+shadowkingdomrecords.com, 1
+shadowkitsune.net, 1
+shadowknight.tk, 1
+shadowlurker.com.au, 1
+shadowmorph.info, 1
+shadowping.com, 1
+shadowplus.net, 0
+shadowrocket.net, 1
+shadowsing.com, 1
+shadowsocks.au, 1
+shadowsocks.click, 1
+shadowsocks.com, 1
+shadowsocks.com.au, 1
+shadowsocks.com.hk, 1
+shadowsocks.fr, 0
+shadowsocks.la, 1
+shadowsocks.live, 1
+shadowsocks.nz, 1
+shadowsocks.se, 1
+shadowsocks.software, 1
+shadowsocks.to, 1
+shadowstalkers.tk, 1
+shadowstep.tk, 1
+shadowstrikers.tk, 1
+shadowuniverse.xyz, 1
+shadowvolt.net, 1
+shadrinsk-city.ru, 1
+shadynook.net, 1
+shadypark.tk, 1
+shaeishu.co, 1
+shafa.ua, 1
+shaffermixers.com, 1
+shafrental.id, 1
+shafteldhon.com, 1
+shaftofdarkness.club, 0
+shag-shag.ru, 1
+shahar.cc, 0
+shaharyaranjum.com, 1
+shaheedirfani.tk, 1
+shaheednawazirfani.tk, 1
+shahidafkar.tk, 1
+shahidfakih.com, 1
+shahidflix.ml, 1
+shahidhashmi.net, 1
+shahpurjat.xyz, 1
+shahriar.ca, 1
+shahriar.email, 1
+shahriar.xyz, 1
+shahrsazan.tk, 1
+shahrvand.ga, 1
+shahsaadkhan.tk, 1
+shahyadmusic.com, 1
+shahzaibm.com, 1
+shaicoleman.com, 1
+shaiden-porn.com, 1
+shailendra.org, 1
+shailendramishra.com, 1
+shailendramishra.in, 1
+shainessim.com, 1
+shaitan.eu, 1
+shaiyapegasus.tk, 1
+shajeer.tk, 1
+shakalaka.co.za, 1
+shakan.ch, 0
+shakardara.com, 1
+shakebeforeuse.tk, 1
+shaken-kyoto.jp, 1
+shakepay.com, 1
+shakerheightsoh.gov, 1
+shakerventures.com, 1
+shakerwebdesign.net, 1
+shakespeareans.net, 1
+shakespearesolutions.com.au, 0
+shakespearevet.com, 1
+shakesprimer.tk, 1
+shakingthehabitual.com, 1
+shaknews.tk, 1
+shakraphix.tk, 1
+shakthifacility.com, 1
+shalaahmet.tk, 1
+shaloc.site, 1
+shalomamuzik.tk, 1
+shalombolivia.tk, 1
+shalomcottage.tk, 1
+shalyapin.by, 1
+sham-rock.tk, 1
+shamaev.me, 1
+shamami.ml, 1
+shamans.ga, 1
+shambala.cf, 1
+shamed.tk, 1
+shamesofhungary.com, 1
+shamil.tech, 1
+shamimahmed.tk, 1
+shamimmedia.ir, 1
+shamiphotos.tk, 1
+shampoo63.ru, 0
+shan.io, 0
+shan.sg, 1
+shan.si, 1
+shaneparker.tk, 1
+shanerichards.tk, 1
+shanetully.com, 1
+shanevandermeer.com, 1
+shanewadleigh.com, 1
+shanghaimineral.com, 0
+shangobud.com, 1
+shanhay.tk, 1
+shaniainternational.tk, 1
+shanikaonline.tk, 1
+shanikofireor.gov, 1
+shanju.tk, 1
+shankangke.com, 1
+shanli.tk, 1
+shanprop.co.za, 1
+shansen-online.de, 1
+shansing.cn, 1
+shansing.com, 1
+shansing.net, 1
+shansing.org, 1
+shantelle.tk, 1
+shanteo.com, 1
+shantitsafar.com, 1
+shanwong.com, 1
+shanwong.design, 1
+shanxia.com, 1
+shanxiapark.com, 1
+shanyi.space, 1
+shaofu.cf, 1
+shaolin-kungfu.tk, 1
+shaoxia.xyz, 0
+shape.pink, 1
+shapediver.com, 1
+shapelyways.com, 1
+shapers-production.fr, 1
+shapesouthcarolina.gov, 1
+sharaf.net, 1
+sharanyamunsi.net, 1
+sharanyan.com, 1
+shararam-card.tk, 1
+sharats.me, 1
+shardanageometries.it, 1
+shardbyte.com, 1
+share.la, 1
+share2act-dev.io, 1
+share2act-test.io, 1
+shareabc.vip, 1
+shareapollo.com, 1
+shareasale-analytics.com, 1
+sharebot.ga, 1
+shareby.cam, 1
+sharedgoals.co, 1
+sharedhost.de, 1
+sharefox.eu, 0
+sharegate.tk, 1
+sharehabor.org, 1
+sharehousechintai.jp, 1
+sharekey.com, 0
+sharelinks.tk, 1
+sharelovenotsecrets.com, 1
+sharemania.tk, 1
+sharemessage.net, 1
+sharenotes.tk, 1
+sharenz.com, 0
+shareoffice.ch, 1
+sharepointcass.com, 1
+sharepointdrive.com, 1
+sharerotic.com, 1
+sharery.net, 1
+sharescope.co.uk, 1
+shareselecttools.com, 1
+sharethe.link, 1
+sharethemeal.org, 1
+sharetheroad.org, 1
+shareworks.com, 1
+shareworx.net, 1
+sharezen.de, 0
+shariahlawcenter.com, 1
+shariahlawcenter.org, 1
+sharialawcenter.com, 1
+sharialawcenter.org, 1
+shariftown.tk, 1
+sharik-msk.ga, 1
+sharik.ml, 1
+sharine.nl, 1
+sharing-kyoto.com, 1
+sharingcolombia.com, 1
+sharingiscaring.cc, 1
+sharingphotos.co, 0
+sharisharpe.com, 1
+sharix.ml, 1
+shark-host.tk, 1
+shark5060.net, 1
+sharkblog.tk, 1
+sharkey.tk, 1
+sharkeyscuba.com, 1
+sharkie.org.za, 1
+sharking.gq, 1
+sharko.tk, 1
+sharkpaint.tk, 1
+sharks.football, 1
+sharkstriker.com, 1
+sharmafamily.tk, 1
+sharona.cloud, 1
+sharonnh.gov, 1
+sharonpope.com, 1
+sharonsplace.biz, 1
+sharpe-practice.co.uk, 1
+sharpe.systems, 1
+sharpiesscrubs.tk, 1
+sharpletters.net, 1
+sharpmetals.com, 1
+sharprocket.com.ph, 1
+sharpsburg-ga.gov, 1
+sharptudhope.co.nz, 1
+sharren.org, 1
+sharu.me, 1
+sharvey.ca, 1
+shashlik.tk, 1
+shastacounty.gov, 1
+shatabdichildrenschool.tk, 1
+shatalov.com, 1
+shatteredarchive.com, 1
+shaukatkhanum.org.pk, 1
+shaumine.ml, 1
+shaunallen.co.uk, 1
+shaunandamyswedding.com, 1
+shaunc.com, 1
+shaundanielz.com, 1
+shaunthomasart.com, 1
+shavedpics.com, 1
+shavedpussy.tv, 1
+shavedpussypics.com, 1
+shavingks.com, 1
+shavit.space, 1
+shavitech.com, 1
+shavitnadlan.co.il, 1
+shawanocountywi.gov, 1
+shawarmapressfranchise.com, 1
+shawcentral.ca, 0
+shawclan.id.au, 1
+shawfamily.id.au, 1
+shawiah.tk, 1
+shawlumber.ca, 1
+shawnalucey.com, 1
+shawnee-nsn.gov, 1
+shawngvs.com, 1
+shawnhogan.com, 1
+shawnleetttt.cyou, 0
+shawnow.com, 1
+shawnz.ca, 1
+shawnz.org, 1
+shawty.tk, 1
+shaytan.tk, 1
+shazbots.org, 1
+shazzlemd.com, 1
+shazzlepro.com, 1
+shc.gov.sa, 1
+shcode.de, 1
+shcsystems.bg, 1
+shd.one, 1
+shdw.cc, 1
+she.kiwi, 1
+she.run, 0
+she.tw, 1
+sheaf.site, 1
+sheaorganics7.com, 1
+shear.tk, 1
+shearin.pro, 1
+sheaspire.com, 1
+sheaspire.com.tw, 1
+sheatoz.com, 1
+sheboygancountywi.gov, 1
+sheboyganfallswi.gov, 1
+shechipin.cf, 1
+shechipin.ga, 1
+shechipin.gq, 1
+shechipin.ml, 1
+shed49.com, 1
+shedrentalspot.com, 1
+shedrin.tk, 1
+sheds.online, 1
+shee.org, 1
+sheehans.com.au, 1
+sheehyinfinitioftysonsparts.com, 1
+sheekdeveloper.com, 1
+sheekmedia.com, 1
+sheelyuu.art, 1
+sheenveininstitutestl.com, 1
+sheepfriends.com, 1
+sheepproductions.com, 1
+sheeprock.tk, 1
+sheepsound.tk, 1
+sheepymeh.net, 1
+sheerchain.com, 1
+sheet.host, 1
+sheetengine.net, 1
+sheetsindonesia.com, 1
+sheetstutorial.com, 1
+shef.com, 1
+shefburgers.com, 1
+sheffield-wednesday-fc.tk, 1
+sheffieldjob.net, 1
+sheffieldmoneyman.com, 1
+shefftunes.tk, 1
+shehaal.com, 1
+shehan.live, 1
+shehata.com, 1
+sheika.ro, 1
+sheilasdrivingschool.com, 1
+shek.zone, 1
+shelbycounty-il.gov, 1
+sheldon.sk, 1
+sheldoniowa.gov, 1
+shelehov.tk, 1
+shelf-ssp.com, 1
+shelf.io, 1
+shelfieretail.com, 1
+shelfordsandstaplefordscouts.org.uk, 1
+shellavartanian.tk, 1
+shellcon.io, 1
+shellday.cc, 1
+shellfire.de, 1
+shelljuggler.com, 0
+shellopolis.com, 1
+shellot.com, 1
+shellsec.pw, 0
+shellshock.eu, 1
+shellta.com, 1
+shellta.net, 1
+shellwhite.ga, 1
+shellwhite.tk, 1
+shelma.tk, 1
+shelterislandtown.gov, 1
+shelterrealestate.com.au, 1
+sheltieplanet.com, 1
+sheltongrp.com, 1
+sheltonvirtual.com, 1
+shelvacu.com, 1
+shemaleflick.com, 1
+shemalehub.com, 1
+shemalepictures.net, 1
+shemaleplus.com, 1
+shemalestrokers.com, 1
+shemalexxxfreetube.com, 1
+shemogo.com, 1
+shemsconseils.ma, 1
+shemy.eu, 1
+shena.co.uk, 1
+shenandoahrealestate.org, 1
+shenannigans.tk, 1
+shenbibi.com, 0
+shenderman.ml, 1
+shenghaiautoparts.com, 1
+shenghaiautoparts.net, 1
+shenghuang.tk, 1
+shengrenyu.com, 1
+shengyipin.com.my, 1
+shenmiya.com, 1
+shenshi.com, 1
+shentengtu.idv.tw, 1
+sheo-tech.fr, 1
+shepherdsfriendly.co.uk, 1
+shepherdsvilleky.gov, 1
+sheptytsky.ga, 1
+sheratsuki.tk, 1
+sherbers.de, 1
+sheremetka.com, 1
+sheridancountyks.gov, 1
+sheridancountymt.gov, 1
+sheridancountywy.gov, 1
+sheridanil.gov, 1
+sheriffmiamicountyks.gov, 1
+sheriffpawneecountyne.gov, 1
+sheriffpendletoncountyky.gov, 1
+sheriffwashingtoncountymaine.gov, 1
+sherissims.tk, 1
+shermancountyks.gov, 1
+shermancountyne.gov, 1
+shermanms.gov, 1
+shermanshebcowi.gov, 1
+shermantwphuronmi.gov, 1
+sherpa.blog, 1
+sherpnortheast.com, 1
+sherrikelley.com, 1
+sherut.net, 1
+shesherownceo.com, 1
+shespeakssport.co.za, 1
+shethbox.com, 1
+shetshivar.com, 1
+shevans.com, 1
+shevet-achim.tk, 1
+sheweek.ml, 1
+shewillcheat.com, 1
+shft.cl, 1
+shgf.de, 1
+shgt.jp, 1
+shgw186.com, 1
+shh-listen.com, 1
+shh.sh, 1
+shh7.com, 1
+shhmale.com, 1
+shi.ma, 1
+shiawasedo.co.jp, 1
+shibainu.com.br, 1
+shibashake.com, 1
+shibbydex.com, 1
+shibeflix.com, 1
+shibleysmiles.com, 1
+shibumi.com, 1
+shichibukai.net, 1
+shichidadoma.ru, 1
+shico.org, 1
+shidai88.cc, 1
+shield.my.id, 1
+shielder.it, 1
+shieldnet.tk, 1
+shieldnsheath.com, 1
+shieldsair.com, 1
+shiellc.com, 1
+shif.tk, 0
+shift-record.com, 1
+shift-to.co.jp, 1
+shiftcrypto.ch, 1
+shiftcrypto.shop, 1
+shiftcrypto.support, 1
+shiftdelete.net, 1
+shiftdevices.com, 1
+shiftfrequency.com, 1
+shiftj.is, 1
+shiftkey.com, 1
+shiftkey.pl, 1
+shiftleft.io, 1
+shiftleft.org, 1
+shifton.com, 1
+shiftsixth.com, 1
+shiga1.jp, 1
+shigaben.or.jp, 1
+shiganmartialarts.com, 1
+shiggles.net, 1
+shiggles.org, 1
+shigizemi.com, 1
+shigotoarimasu.com, 1
+shigotoba.com, 1
+shih-tzu-dogs.com, 1
+shihabuddin.tk, 1
+shihadwiki.com, 1
+shiji.info, 1
+shijij.com, 1
+shijing.me, 1
+shikaku-test.com, 1
+shikiryu.com, 1
+shileo.de, 1
+shilled.tk, 1
+shillongdesign.com.au, 1
+shilpaonline.tk, 1
+shilvister.net, 1
+shimi.blog, 1
+shimi.guru, 1
+shimi.net, 1
+shimi.photography, 1
+shimitower.pw, 1
+shimmo.de, 1
+shimmy1996.com, 1
+shimo.im, 1
+shin-sekai.de, 1
+shin-yo.de, 1
+shindocuba.tk, 1
+shineads.in, 1
+shineindiarktutorial.ml, 1
+shineleds.ga, 1
+shinenet.cn, 1
+shines.ml, 1
+shinetruckleads.com, 1
+shinghoi.com, 1
+shinglereplacementlv.com, 1
+shinice.net, 1
+shining.gifts, 1
+shiningservices.ie, 1
+shiningstarlogistics.com, 1
+shinju.moe, 0
+shinkamigoto.tv, 1
+shinko-osaka.jp, 1
+shinnecock-nsn.gov, 1
+shinnyosangha.org, 0
+shinobi-fansub.ro, 1
+shinochip.ru, 1
+shinodadc-nakano.com, 1
+shinonome-lab.eu.org, 1
+shinsandenki.com, 1
+shinsyo.com, 1
+shinta.ro, 1
+shintoism.com, 1
+shinuytodaati.co.il, 1
+shinycleankitchen.com, 1
+shinyoko-saisyuusyou.com, 1
+shinypebble.uk, 1
+shinyteethand.me, 1
+shiomiya.com, 1
+ship-safely.com, 1
+shipaik.com, 1
+shipard.com, 1
+shipard.cz, 1
+shipard.org, 1
+shipbuddies.com, 1
+shipcloud.io, 0
+shipeurousa.com, 1
+shipgoldchandler.com, 1
+shipheart.tech, 1
+shipitsmarter.com, 1
+shiplapandshells.com, 1
+shipmile.com, 1
+shipmondo.com, 1
+shipmonk.cloud, 1
+shipmonk.com, 1
+shipnak.com, 1
+shippercenter.info, 1
+shippexx.com, 1
+shipping-trade.ga, 1
+shippinglabel.de, 1
+shippingyourworld.ca, 1
+shippingyourworld.com, 1
+shipshewana.gov, 1
+shiptek.co, 1
+shiptest.net, 1
+shiptron.com, 1
+shipzero-frontend-staging.azurewebsites.net, 1
+shiqi.ca, 1
+shiqi.lol, 1
+shiqi.one, 1
+shiqi.online, 1
+shiqi.se, 1
+shiqi.tv, 1
+shiqi1.com, 1
+shiqishidai.cc, 1
+shiqisifu.cc, 1
+shiranaitenshi.tk, 1
+shirao.jp, 1
+shirazi.tk, 1
+shiresvets.com, 1
+shirevirtual.tk, 1
+shireyishunjian.com, 1
+shiriforum.tk, 1
+shirley.li, 1
+shirlygilad.com, 1
+shiro.com.pk, 1
+shiroki-k.net, 1
+shiropaev.tk, 1
+shirosaki-hana.fun, 1
+shirro.com, 1
+shirshik.xyz, 1
+shiryo.ch, 1
+shishadenbosch.nl, 1
+shishamania.de, 1
+shishkin.im, 1
+shishlik.net, 1
+shit.com, 1
+shit.one, 1
+shit.software, 1
+shit.works, 1
+shitara-tateo.jp, 1
+shitbeast.institute, 0
+shitcountries.org, 1
+shitdick.tk, 1
+shitfest.net, 1
+shitleft.io, 1
+shitmybradsays.com, 1
+shitnikovo.tk, 1
+shitposter.club, 1
+shitposter.io, 1
+shitposts.se, 1
+shitproductions.org, 1
+shittyurl.org, 1
+shittywok.tk, 1
+shiva-temple.tk, 1
+shivamber.com, 1
+shivammathur.com, 1
+shivenjoshi.com, 1
+shivering-isles.com, 0
+shiwa-shop.ml, 1
+shiyouqkl.com, 1
+shiyutech.com, 1
+shk.im, 0
+shk8.tk, 1
+shkafi-krasnodar.tk, 1
+shkola-95.ru, 1
+shkola1.ml, 1
+shkolamishlenia.tk, 1
+shkolladigjitale.com, 1
+shkolnyimir.gq, 1
+shkololo.cf, 1
+shkololo.ga, 1
+shkololo.gq, 1
+shkololo.ml, 1
+shkololo.tk, 1
+shlang.tk, 1
+shlemenkov.by, 1
+shlmail.info, 1
+shlupka.ml, 1
+shlupka.tk, 1
+shlyakpavel.tk, 1
+shlyapa-com.tk, 1
+shlyhi.tk, 1
+shm.ac.jp, 1
+shmidta.tk, 1
+shmilyhua.com, 1
+shmotki.ml, 1
+shmroom.tk, 1
+shmtranslations.com, 1
+shmulvad.com, 1
+shnuff.co.uk, 1
+sho-furtwangen.de, 1
+shoalcreekoutfitters.com, 1
+shoarq.com, 1
+shochikubai.tk, 1
+shochufes.jp, 1
+shock.ee, 0
+shockerdragon.tk, 1
+shocklogic.com, 1
+shockproof.systems, 1
+shodan.io, 1
+shoe.club, 1
+shoejitsu.co, 1
+shoekeys.lt, 1
+shoelevel.com, 1
+shoeline.com, 1
+shoemakerywc.com, 1
+shoeracks.uk, 1
+shoesonline.co.il, 1
+shoesoutlet.tk, 1
+shoestorebiz.tk, 1
+shoestorenet.tk, 1
+shoestringeventing.co.uk, 1
+shokaran.tk, 1
+shokofarehab.ir, 1
+shokola.com, 0
+sholtowu.com, 1
+shongshoy.com, 1
+shontakleinpeter.tk, 1
+shooba.net, 1
+shoobacreations.com, 1
+shoosmiths.com, 1
+shooter.dog, 1
+shootpooloklahoma.com, 1
+shootsame.tk, 1
+shop-cosmetic.tk, 1
+shop-cosmetics.tk, 1
+shop-de-johnniewalker.com, 1
+shop-eldorado.tk, 1
+shop-hellsheadbangers.com, 1
+shop-lingerie.tk, 1
+shop-ok.tk, 1
+shop-s.net, 1
+shop-slivki.tk, 1
+shop3dmili.com, 1
+shop4d.com, 1
+shop4im.com, 1
+shopadvies.nl, 1
+shopalike.cz, 1
+shopalike.dk, 1
+shopalike.es, 1
+shopalike.fi, 1
+shopalike.fr, 1
+shopalike.hu, 1
+shopalike.it, 1
+shopalike.nl, 1
+shopalike.pl, 1
+shopalike.se, 1
+shopalike.sk, 1
+shopapi.cz, 1
+shoparbonne.co.uk, 1
+shopatkei.com, 1
+shopazmoon.ir, 1
+shopbabymonitors.gq, 1
+shopbackyardpro.com, 1
+shopbakersnook.com, 1
+shopbysarah.com, 1
+shopcceputnam.com, 1
+shopcom.tk, 1
+shopcosmetic.tk, 1
+shopcoupons.co.id, 1
+shopcoupons.my, 1
+shopcoupons.ph, 1
+shopcoupons.sg, 1
+shopcrocs.in, 0
+shopdiy.com, 1
+shopee6.com, 0
+shopexo.in, 1
+shopfazz.com, 1
+shopfinale.com, 1
+shopforcovers.com, 1
+shopforeverproducts.com, 1
+shopfully.com.au, 1
+shophisway.com, 1
+shophumm.com, 1
+shophumm.com.au, 1
+shopific.co, 1
+shopific.com, 1
+shopify.com, 1
+shopify2006.com, 1
+shopifycloud.com, 1
+shopifyfactory.io, 1
+shopikal.com, 1
+shopingbiz.tk, 1
+shopintra.net, 1
+shopkini.com, 0
+shoplandia.co, 1
+shoplistic.com, 1
+shoplogcap.com, 1
+shoplus.com.tw, 1
+shoplyft.co.za, 1
+shopmalinka.cf, 1
+shopmlr.com, 1
+shopnguyenlieumypham.com, 1
+shopofturkey.com, 1
+shoponlinedeals.tk, 1
+shoporangetheory.com, 1
+shoposal.com, 1
+shoppbs.org, 1
+shoppe561.com, 1
+shopperexperts.com, 1
+shopperexpertss.com, 1
+shoppersdepuertorico.com, 1
+shoppersvineyard.com, 1
+shoppies.tk, 1
+shopping-cart-migration.com, 1
+shopping-il.org.il, 1
+shoppingabundant.ga, 1
+shoppinganchor.ga, 1
+shoppingandreviews.it, 1
+shoppingappeal.ga, 1
+shoppingarrow.ga, 1
+shoppingavatar.ga, 1
+shoppingbad.ga, 1
+shoppingblaster.ga, 1
+shoppingblender.ga, 1
+shoppingblod.ga, 1
+shoppingboulevard.ga, 1
+shoppingbounce.ga, 1
+shoppingbrite.ga, 1
+shoppingcalculator.ga, 1
+shoppingcamel.ga, 1
+shoppingcanal.ga, 1
+shoppingcarnival.ga, 1
+shoppingcatch.ga, 1
+shoppingcellar.ga, 1
+shoppingcharm.ga, 1
+shoppingcharte.ga, 1
+shoppingcheaper.ga, 1
+shoppingcheapest.ga, 1
+shoppingcircus.ga, 1
+shoppingclearance.ga, 1
+shoppingcollections.ga, 1
+shoppingcollector.ga, 1
+shoppingcompanion.ga, 1
+shoppingconstruct.ga, 1
+shoppingcorporation.ga, 1
+shoppingcrawler.ga, 1
+shoppingcreativity.ga, 1
+shoppingcrunch.ga, 1
+shoppingcrystal.ga, 1
+shoppingcupid.ga, 1
+shoppingdepot.ga, 1
+shoppingdesigning.ga, 1
+shoppingdish.ga, 1
+shoppingdivine.ga, 1
+shoppingdowntown.ga, 1
+shoppingduck.ga, 1
+shoppingeagle.ga, 1
+shoppingeastbay.ga, 1
+shoppingecho.ga, 1
+shoppingecono.ga, 1
+shoppingelectra.ga, 1
+shoppingenvy.ga, 1
+shoppingepic.ga, 1
+shoppingexcel.ga, 1
+shoppingfalcon.ga, 1
+shoppingfeature.ga, 1
+shoppingfiesta.ga, 1
+shoppingfighter.ga, 1
+shoppingfleet.ga, 1
+shoppingformula.ga, 1
+shoppinggecko.ga, 1
+shoppingglamour.ga, 1
+shoppingglory.ga, 1
+shoppinggrab.ga, 1
+shoppingguerilla.ga, 1
+shoppinghands.ga, 1
+shoppinghandsome.ga, 1
+shoppinghotrod.ga, 1
+shoppingimagine.ga, 1
+shoppingintergrity.ga, 1
+shoppingiron.ga, 1
+shoppingisrael.org.il, 1
+shoppingjackpot.ga, 1
+shoppingjoker.ga, 1
+shoppingkayak.ga, 1
+shoppinglast.ga, 1
+shoppinglightning.ga, 1
+shoppinglimited.ga, 1
+shoppinglittle.ga, 1
+shoppingloco.ga, 1
+shoppinglowprice.ga, 1
+shoppingmain.ga, 1
+shoppingmeasure.ga, 1
+shoppingmember.ga, 1
+shoppingmeta.ga, 1
+shoppingmetric.ga, 1
+shoppingmillions.ga, 1
+shoppingminer.ga, 1
+shoppingmystical.ga, 1
+shoppingnatural.ga, 1
+shoppingnature.ga, 1
+shoppingnormal.ga, 1
+shoppingnorthamerican.ga, 1
+shoppingnumber.ga, 1
+shoppingocity.ga, 1
+shoppingoffline.ga, 1
+shoppingomatic.ga, 1
+shoppingonlinecoffee2u.com, 1
+shoppingorama.ga, 1
+shoppingoriginal.ga, 1
+shoppingother.ga, 1
+shoppingouter.ga, 1
+shoppingpassport.ga, 1
+shoppingpeace.ga, 1
+shoppingpeach.ga, 1
+shoppingpearl.ga, 1
+shoppingpermanent.ga, 1
+shoppingpersonal.ga, 1
+shoppingphase.ga, 1
+shoppingpicker.ga, 1
+shoppingpickup.ga, 1
+shoppingplatinum.ga, 1
+shoppingplum.ga, 1
+shoppingpresident.ga, 1
+shoppingprestige.ga, 1
+shoppingpriority.ga, 1
+shoppingpure.ga, 1
+shoppingrail.ga, 1
+shoppingrainforest.ga, 1
+shoppingrally.ga, 1
+shoppingrater.ga, 1
+shoppingrazor.ga, 1
+shoppingreadset.ga, 1
+shoppingremarkable.ga, 1
+shoppingreps.ga, 1
+shoppingrequest.ga, 1
+shoppingrex.ga, 1
+shoppingrhino.ga, 1
+shoppingrings.ga, 1
+shoppingrule.ga, 1
+shoppingseason.ga, 1
+shoppingsedona.ga, 1
+shoppingshoot.ga, 1
+shoppingshuffle.ga, 1
+shoppingsignature.ga, 1
+shoppingsilk.ga, 1
+shoppingsleuth.ga, 1
+shoppingsnapshot.ga, 1
+shoppingsparkle.ga, 1
+shoppingstreaming.ga, 1
+shoppingsugar.ga, 1
+shoppingsunflower.ga, 1
+shoppingsuperhero.ga, 1
+shoppingsustain.ga, 1
+shoppingthoughts.com, 1
+shoppingthunder.ga, 1
+shoppingtopsecret.ga, 1
+shoppingtreasure.ga, 1
+shoppingtreats.ga, 1
+shoppingturbo.ga, 1
+shoppingunique.ga, 1
+shoppingurban.ga, 1
+shoppingvariety.ga, 1
+shoppingwaterfront.ga, 1
+shoppingwinner.ga, 1
+shoppingworth.ga, 1
+shoppingyankee.ga, 1
+shoppre.com, 1
+shoppsb.com, 1
+shoppyad.com, 1
+shoprentone.com, 1
+shopsici.com, 1
+shopsmarter.com, 1
+shopstasy.com, 1
+shoptec.sk, 1
+shopteq.hu, 1
+shopthestates.net, 1
+shoptio.cz, 1
+shoptupperware.in, 1
+shopunderwear.tk, 1
+shopunilever.com, 1
+shopupnorth.com, 1
+shopvcs.com, 1
+shopwebhue.com, 1
+shore.co.il, 1
+shorebreaksecurity.com, 1
+shorehamdental.ca, 1
+shorehamfort.co.uk, 1
+shorehillgolf.com, 1
+shorenstein.com, 1
+shoresofshawneebend.com, 1
+shorewoodil.gov, 1
+shorewoodmn.gov, 1
+shorewoodwi.gov, 1
+shoreyit.com, 1
+shorifhussain.tk, 1
+shorinkarate.tk, 1
+shork.space, 1
+shornehasim.co.il, 1
+short-games.gq, 1
+short-term-plans.com, 1
+short.io, 1
+shortaudition.com, 1
+shortaudition.net, 1
+shortaudition.tv, 1
+shortbread.systems, 1
+shortbreakstudios.com, 1
+shortcircuit-online.tk, 1
+shortcut-link.ga, 1
+shortcut.com, 1
+shortcut.pw, 1
+shortcutable.com, 1
+shorted.one, 1
+shorten.ninja, 1
+shorteral.gov, 1
+shorti.ga, 1
+shortnews.cf, 1
+shortquotesworld.com, 1
+shortr.li, 1
+shortshadows.band, 1
+shortstackcustoms.com, 1
+shortwave.com, 1
+shortwave.tk, 1
+shoruihokan.com, 1
+shoshin-aikido.de, 1
+shoshin.technology, 1
+shoshonecityid.gov, 1
+shossain.tk, 1
+shost.ga, 1
+shota-sekkotsuin.com, 1
+shota.pictures, 1
+shota.soy, 1
+shotbow.net, 1
+shotoniphone.ga, 1
+shotsleeve.com, 1
+shou.si, 1
+shoudanren.jp, 1
+shoujik8.com, 1
+shoujochronicle.org, 1
+shouldbetaught.com, 1
+shoulderandelbowspecialist.com.au, 1
+shouldiclick.it, 1
+shouldiwater.today, 1
+shouldtest.com, 1
+shouldtest.email, 1
+shouldtest.eu, 1
+shouldtest.net, 1
+shouldtest.org, 1
+shouohkai-dental.com, 1
+shoutmecrunch.com, 1
+shoveltoss.com, 0
+shovonhasan.com, 0
+show2all.nl, 0
+showbits.net, 0
+showcats.tk, 1
+shower.im, 1
+showerdoorco.com, 1
+showersnet.com, 1
+showf.om, 1
+showfom.sb, 1
+showgirls.ga, 1
+showmax.com, 1
+showme.co.za, 1
+showme.hu, 1
+showmeengland.co.uk, 1
+showmethescore.cf, 1
+showmoviz.com, 1
+showmyip.com, 1
+shown.io, 1
+shownet.tk, 1
+showpassword.net, 0
+showroom.co.uk, 1
+showroom.uk, 1
+showroom113.ru, 1
+showslot.com, 1
+showsonar.com, 1
+shoyuf.top, 1
+shpfy-manager.com, 1
+shpil.by, 1
+shpilevsky.name, 1
+shpiliak.com, 1
+shpiliak.ru, 1
+shpori.tk, 1
+shrapnel.com, 0
+shrapnel.ga, 1
+shraymonks.com, 1
+shred.ch, 0
+shredder.tk, 1
+shredoptics.ch, 0
+shreveportlawater.gov, 1
+shreyansh26.me, 1
+shrglobal.com, 1
+shrimpnews.tk, 1
+shrines.ga, 1
+shrines.tk, 1
+shrinidhiclinic.in, 1
+shrinker.tk, 1
+shrinkhub.com, 1
+shrinkmydoc.com, 1
+shroomery.com, 1
+shroomery.net, 1
+shroomery.org, 1
+shropshirebowls.tk, 1
+shrovetide.tv, 1
+shrsl.com, 1
+shrt.tv, 1
+shrub.ca, 1
+shrug.fyi, 1
+shrug.ml, 0
+shsadmission.online, 1
+shssl.vip, 0
+sht-vr-player.cf, 1
+shtaiman.com, 1
+shtaiman.net, 1
+shtaiman.org, 1
+shtaketnik-metall.ru, 1
+shtaketniki.kz, 1
+shtaketniki.ru, 1
+shteiman.com, 1
+shteiman.net, 1
+shteiman.org, 1
+shtfpreparedness.com, 1
+shtorku.com, 1
+shu-fu.net, 1
+shubhkumar.in, 0
+shucheng.li, 1
+shufersal-cashback.co.il, 1
+shufflecube.tk, 1
+shufflemall.com, 1
+shufflemix.tk, 1
+shuffleradio.nl, 1
+shuffleware.tk, 1
+shugarmanpsychiatric.com, 1
+shugua.com.tw, 1
+shuhacksoc.co.uk, 1
+shui.ga, 0
+shuizilan.com, 1
+shukatsu-ichiba.com, 1
+shulan.moe, 1
+shuletime.ml, 1
+shulker.store, 1
+shulman.tk, 1
+shulyaka.org.ru, 1
+shuma.ga, 1
+shumnyj-istochnik.tk, 1
+shumov.tk, 1
+shunliandongli.cn, 1
+shunliandongli.com, 1
+shunmei-hari.com, 1
+shunter.tk, 1
+shunzi.tk, 1
+shuo.li, 0
+shuomingshu88.com, 1
+shura.eu.org, 1
+shurita.org, 1
+shuset.dk, 1
+shuttelportal.nl, 1
+shutter-shower.com, 1
+shutterflybusinesssolutions.com, 1
+shutts.com, 1
+shutupandtakemy.codes, 1
+shutupbabyiknowit.party, 1
+shuvodeep.de, 1
+shux.pro, 1
+shuxiaoyi.cn, 1
+shuzicai.cn, 1
+shvedskie-stenki.ml, 1
+shw-bw.dyndns.org, 1
+shw-nc.dyndns.org, 1
+shw-rz.dyndns.org, 1
+shwemyanmarmalay.com, 1
+shwrm.ch, 1
+shy4evr.com, 1
+shymeck.pw, 1
+shymeck.xyz, 1
+shytok.net, 0
+shyuka.me, 1
+si-benelux.nl, 1
+si.insure, 1
+si.to, 1
+si2b.fr, 1
+sia.one, 1
+sia6.com, 1
+siadiamond.com, 1
+siadlak.com, 1
+siaggiusta.com, 1
+siai.cf, 1
+siai.gq, 1
+siai.ml, 1
+sialis.tk, 1
+sialtv.pk, 1
+siamdevsqua.re, 1
+siamdevsquare.com, 1
+siamega.com, 1
+siaminterhost.com, 1
+siamojo.com, 1
+siamrehab.com, 1
+siamwatercraftpromotion.com, 1
+sianjhon.com, 1
+siatris.qc.ca, 1
+siava.ru, 1
+sib-taxi.ru, 1
+sibanyestillwater.com, 1
+sibauto.club, 1
+sibekohirescaffolding.co.za, 1
+siberas.de, 1
+siberia.gq, 1
+siberiactiva.com, 1
+siberiancatsinformation.com, 1
+siberianhealth.com, 1
+siberianhuskypets.com, 1
+siberiaserver.ga, 1
+siberkulupler.com, 1
+sibernet.tk, 1
+sibfk.org, 1
+sibfl.gov, 1
+sibgold.su, 1
+sibi.nl, 1
+sibintek.ru, 1
+sibirium-red.ga, 1
+sibiuindependent.ro, 1
+sibleycounty.gov, 1
+sibleycountyattorney.gov, 1
+sibleyla.gov, 1
+sibnerpartie.tk, 1
+sibpdfl.gov, 1
+sibrenvasse.nl, 1
+sibs-dance-diamonds.ch, 1
+sibu.one, 1
+siccardisport.it, 1
+sice-si.org, 1
+sich-fight.club, 1
+sich-positionieren.net, 1
+siciliadisinfestazioni.it, 1
+siciliamconsulting.com, 1
+sicilianbalm.com, 1
+siciliapulizie.it, 1
+sicilpiuma.it, 1
+sicistroje-kocarek.cz, 1
+sickbrothers.tk, 1
+sicken.eu, 1
+sickhouse.se, 1
+sickmadworld.tk, 1
+sicomasp.com, 1
+sicoobpaulista.com.br, 1
+sicurezza24.info, 1
+sicurezzalavoro24.com, 1
+sicurled.com, 1
+sicvisuals.com, 1
+sicz.de, 1
+sid-giessen.de, 1
+sid500.com, 1
+sidari.tk, 1
+sidas.com, 1
+sidatbacklink.tk, 1
+siddhamehta.tk, 1
+siddigsami.com, 1
+sidecredit.ga, 1
+sidefx.com, 1
+sideleau.com, 1
+sidema.be, 1
+sidemount-tauchen.com, 1
+sideofburritos.com, 1
+sideofburritos.social, 1
+sidepodcast.com, 1
+sidepodcastdaily.com, 1
+sidepodcastextra.com, 1
+sideral.is, 1
+sideshowbarker.net, 1
+sidewalkcleaningchicago.com, 1
+sidewalkpressurewashingchicago.com, 1
+sidhbalibaba.com, 1
+sidi-smotri.ru, 1
+sidingsmedia.com, 1
+sidiprojects.us, 1
+sidirokastro.ga, 1
+sidium.de, 1
+sidmax.ca, 1
+sidneyhaberland.com, 1
+sidneymi.gov, 1
+sidnicio.us, 1
+sidocsa.com, 1
+sidomulyo.tk, 1
+sidonge.com, 0
+sidorovich.tk, 1
+sidpod.ru, 1
+sidsdock.org, 1
+siduga.com, 1
+sie.at, 1
+siebenhirten7.at, 1
+siebeve.be, 1
+siecledigital.fr, 1
+siecon-it.com, 1
+siega.pl, 1
+siegemund-frankfurt.de, 1
+sieglercars.ch, 1
+siegprod.tk, 1
+sieh.es, 1
+sieiro.tk, 1
+siel.nl, 1
+sielsystems.nl, 1
+siemencaes.tk, 1
+siemens.ch, 1
+siemens.co.in, 1
+siemens.co.uk, 1
+siemens.com, 1
+siemens.com.br, 1
+siemens.com.sg, 1
+siemens.es, 1
+siemens.pt, 1
+siemens.se, 1
+siemplify-soar.com, 1
+siemplifyg.net, 1
+sienafree.it, 1
+sientemendoza.com.ar, 1
+siepietnica.tk, 1
+sieplo.nl, 1
+siepomaga.net, 1
+siepomaga.pl, 1
+sierkbornemann.de, 1
+sierom.net, 1
+sierpinska.eu, 1
+sierramadreca.gov, 1
+sierramusic.tk, 1
+sietejefes.com.ar, 1
+sieulog.com, 1
+sieuthithangmay.com, 1
+sifasharing.tk, 1
+sifecs.ml, 1
+siffron.com, 1
+sifnosguide.dk, 1
+sifreuret.com, 0
+sift-tool.org, 0
+sift.com, 1
+sig-io.nl, 1
+sig6.org, 1
+siga.com, 1
+sigabrt.org, 1
+sigateway.com, 1
+sigb.sh, 1
+sigcafe.net, 1
+sigep.org, 1
+sigfridlinden.se, 1
+siggi.io, 1
+sight-restoration.tk, 1
+sight-sound.com, 1
+sightcure.jp, 1
+sightdx.com, 1
+sightful.be, 1
+sightful.eu, 1
+sightful.nl, 1
+sightmachine.com, 0
+sightseeing.news, 1
+sighup.nz, 1
+sigi.tk, 1
+sigint.pw, 0
+sigio.nl, 1
+sigma957.net, 1
+sigmacomputers.ga, 1
+sigmalux.ca, 1
+sigmalux.co.nz, 1
+sigmalux.co.uk, 1
+sigmalux.com.au, 1
+sigmalux.es, 1
+sigmalux.fr, 1
+sigmalux.ltd, 1
+sigmalux.lu, 1
+sigmalux.nz, 1
+sigmalux.sarl, 1
+sigmalux.uk, 1
+sigmaomeganu.tk, 1
+sigmasensors.com.br, 1
+sigmateca.tk, 1
+sigmath.net, 1
+sign.dog, 1
+signaconsultoria.com.br, 1
+signage.red, 1
+signal.org, 0
+signal34.com, 1
+signaldp.com, 0
+signalmaps.co.uk, 1
+signature.in.th, 1
+signature365.com, 1
+signaturedallas.com, 1
+signatureplants.co.nz, 1
+signatureplasticsurgery.net, 1
+signatureresolution.com, 1
+signaturerx.co.uk, 1
+signcreative.de, 1
+signere.com, 1
+signicat.com, 0
+signicat.io, 1
+significado.origem.nom.br, 1
+significadodenombres.net, 1
+significados.com, 1
+significados.com.br, 1
+significantbanter.com, 1
+signing-milter.org, 1
+signing.tools, 1
+signinwithmc.com, 1
+signix.net, 1
+signmore.com, 0
+signmycode.com, 1
+signorbet.it, 1
+signpath.io, 1
+signrequest.com, 1
+signrightsigns.co.uk, 1
+signsdance.uk, 1
+signslabelstapesandmore.com, 0
+signtul.com, 0
+signup.ly, 1
+signup.ninja, 1
+signupgenius.com, 1
+signuponline.events, 1
+signwell.com, 1
+sigparser.com, 1
+sigptr.me, 1
+sigsrv.net, 1
+sigsync.com, 1
+sigterm.no, 1
+sigterm.sh, 1
+sigurnost.online, 1
+sigvik.ru, 1
+sihirlielma.com, 1
+siika.solutions, 1
+siikaflix.tv, 1
+siimustilak.edu.ee, 1
+sijbesmaverhuizingen.nl, 1
+sijimi.cn, 1
+sik-it.nl, 1
+sikademy.com, 1
+sikaranbrotherhood.tk, 1
+sikawebtools.com, 1
+sikayetvar.com, 0
+sike.org, 1
+sikecikcomel.com, 1
+sikevux.se, 1
+sikkasoft.com, 1
+sikkerwindows.dk, 1
+sikkind.com, 0
+siku-shop.ch, 1
+siku.pro, 1
+sila.qa, 1
+silagra.ml, 1
+silalesa.ml, 1
+silasborowy.de, 1
+silashes.com, 1
+silashes.ru, 1
+silbercloud.com, 1
+silberfluss.com, 1
+silberkiste.com, 1
+silbox.ch, 1
+sildenafilcitrate.cf, 1
+sildenafilcitrate100mg.ga, 1
+silent-clean.de, 1
+silent.quest, 1
+silent.se, 1
+silentartifact.org, 1
+silentdream.tk, 1
+silentgreen.tk, 1
+silentkernel.fr, 1
+silentneko.ga, 1
+silentsite.tk, 1
+silentsky.tk, 1
+silentsystem.com, 1
+silentsystem.it, 1
+silentundo.org, 1
+silesianus.pl, 1
+silex.live, 1
+silica-project.com, 1
+silica-project.jp, 1
+silicateillusion.org, 1
+silicon-north.com, 1
+silicon-vision.com, 1
+siliconheartlandohio.gov, 1
+siliconwafer.ltd, 1
+siliconwafer.tv, 1
+silina.tk, 1
+siliton.pl, 1
+silk, 1
+silken-madame.tk, 1
+silkky.cloud, 1
+silkon.net, 1
+silkproducts.tk, 1
+sillasdegamer.es, 1
+sillisalaatti.fi, 1
+sillysnapz.co.uk, 1
+silo.org.br, 1
+siloportem.eu, 1
+siloportem.net, 1
+silqueskineyeserum.com, 1
+silsha.me, 1
+silta.tk, 1
+silv.me, 1
+silv.tk, 1
+silver-fenrir.cn, 1
+silver-heart.co.uk, 1
+silver-johnes.tk, 1
+silverairways.com, 0
+silverback.is, 0
+silverbankltd.com, 1
+silverbowflyshop.com, 1
+silverbox.ga, 1
+silverdroid.gq, 1
+silverfalcon.me, 1
+silvergatebank.com, 1
+silvergatebank.net, 1
+silvergoldbull.at, 1
+silvergoldbull.ba, 1
+silvergoldbull.be, 1
+silvergoldbull.bg, 1
+silvergoldbull.bj, 1
+silvergoldbull.by, 1
+silvergoldbull.ca, 1
+silvergoldbull.cl, 1
+silvergoldbull.cm, 1
+silvergoldbull.cn, 1
+silvergoldbull.co, 1
+silvergoldbull.co.ao, 1
+silvergoldbull.co.il, 1
+silvergoldbull.co.no, 1
+silvergoldbull.co.tz, 1
+silvergoldbull.co.uk, 1
+silvergoldbull.com, 1
+silvergoldbull.com.ar, 1
+silvergoldbull.com.au, 1
+silvergoldbull.com.eg, 1
+silvergoldbull.com.gh, 1
+silvergoldbull.com.mt, 1
+silvergoldbull.cr, 1
+silvergoldbull.cz, 1
+silvergoldbull.de, 1
+silvergoldbull.dj, 1
+silvergoldbull.do, 1
+silvergoldbull.ec, 1
+silvergoldbull.ee, 1
+silvergoldbull.es, 1
+silvergoldbull.fi, 1
+silvergoldbull.gd, 1
+silvergoldbull.ge, 1
+silvergoldbull.gl, 1
+silvergoldbull.gr, 1
+silvergoldbull.gt, 1
+silvergoldbull.hk, 1
+silvergoldbull.hn, 1
+silvergoldbull.hr, 1
+silvergoldbull.hu, 1
+silvergoldbull.id, 1
+silvergoldbull.in, 1
+silvergoldbull.is, 1
+silvergoldbull.it, 1
+silvergoldbull.kg, 1
+silvergoldbull.kr, 1
+silvergoldbull.ky, 1
+silvergoldbull.li, 1
+silvergoldbull.lk, 1
+silvergoldbull.lt, 1
+silvergoldbull.lv, 1
+silvergoldbull.ma, 1
+silvergoldbull.md, 1
+silvergoldbull.mk, 1
+silvergoldbull.ml, 1
+silvergoldbull.mw, 1
+silvergoldbull.my, 1
+silvergoldbull.nz, 1
+silvergoldbull.ph, 1
+silvergoldbull.pl, 1
+silvergoldbull.pt, 1
+silvergoldbull.qa, 1
+silvergoldbull.rs, 1
+silvergoldbull.ru, 1
+silvergoldbull.se, 1
+silvergoldbull.si, 1
+silvergoldbull.sn, 1
+silvergoldbull.sv, 1
+silvergoldbull.tg, 1
+silvergoldbull.tj, 1
+silvergoldbull.tn, 1
+silvergoldbull.tt, 1
+silvergoldbull.tw, 1
+silvergoldbull.uy, 1
+silvergoldbull.uz, 1
+silvergoldbull.ws, 1
+silverkattens.tk, 1
+silverlakeks.gov, 1
+silverlinkz.net, 1
+silvermama.co.za, 1
+silvermatch.ga, 1
+silveronline.ml, 1
+silveronline.tk, 1
+silverscopedesign.com, 1
+silverscreenindia.com, 1
+silversgarage.com, 1
+silversgarage.net, 1
+silversgarage.org, 1
+silvershadow.cc, 1
+silverspringdowntown.com, 1
+silverstyle.ua, 1
+silvertorrents.cf, 1
+silverwaregames.io, 1
+silverwind.io, 1
+silverwolf.cn, 1
+silvestri.consulting, 1
+silviacataldi.com, 1
+silviadominguez.tk, 1
+silviaecintia.tk, 1
+silvianavarro.tk, 1
+silviaroddey.tk, 1
+silvine.xyz, 1
+silviorodriguez.tk, 1
+silvius.at, 1
+silvobeat.blog, 1
+silvobeat.com, 1
+silvu.net, 1
+silvullet.com, 1
+sim-karten.net, 1
+sim-minaoshi.jp, 1
+sim-mobile.ml, 1
+sim4seed.org, 1
+simabonnement.nl, 1
+simac.fr, 1
+simam.de, 1
+simantec.cl, 1
+simaogv.net, 1
+simark.ca, 1
+simart.cf, 1
+simartik.com, 1
+simasoft.com, 1
+simava.org, 1
+simbeton.nl, 1
+simbike.ru, 1
+simbolo.co.uk, 0
+simcity-cafe.tk, 1
+simcityjoy.tk, 1
+simcoecurlingclub.ca, 1
+simcongroup.ir, 1
+simdex.org, 1
+simeonoff.ninja, 1
+simeononsecurity.ch, 1
+simeononsecurity.com, 1
+simetal.ch, 0
+simetri.tk, 1
+simetria.org, 1
+simex.tk, 1
+simfdr.com, 1
+simfree-review.com, 1
+simghep.com.vn, 1
+simha.online, 1
+simhaf.cf, 1
+similarcontent.com, 1
+similarfans.com, 1
+simivalley.gov, 1
+simivalleyelectrical.com, 1
+simivalleyexteriorlighting.com, 1
+simivalleylandscapelighting.com, 1
+simivalleylighting.com, 1
+simivalleyoutdoorlighting.com, 1
+simkin.tk, 1
+simkova-reality.cz, 1
+simlog.tk, 1
+simmerle.com, 1
+simoesgoulart.com.br, 1
+simon-agozzino.fr, 1
+simon-kosmrl-diplomski.xyz, 1
+simon-mueller.de, 1
+simon-templar.fr, 1
+simon.butcher.name, 1
+simon.lc, 1
+simon3k.moe, 1
+simonastallone.com, 1
+simonberard.garden, 1
+simonbondo.dk, 1
+simoncommunity.org.uk, 0
+simoncook.org, 1
+simoncotsworth.com, 1
+simone.pl, 1
+simone.sh, 1
+simonevans.uk, 1
+simonewebdesign.it, 1
+simonfischer.info, 1
+simonhirscher.de, 1
+simonkjellberg.com, 1
+simonkjellberg.se, 1
+simonmaddox.com, 1
+simonmanuel.com, 0
+simonoener.com, 1
+simonreich.de, 1
+simonreynoldsfavesunfaves.cf, 1
+simonschmitt.ch, 1
+simonsmh.cc, 1
+simonspeich.ch, 1
+simonspikensmultiplexcinema.uk, 1
+simonsreich.de, 1
+simonssh.ddns.net, 1
+simonweil.com, 0
+simonwessel.net, 1
+simonwoodside.com, 1
+simonzoellner.de, 1
+simosol.de, 1
+simosol.dk, 1
+simotrescu.ro, 1
+simp.beauty, 1
+simpaticotours.com, 1
+simpatie.tk, 1
+simpbx.net, 1
+simpel.nl, 1
+simpelkoken.be, 1
+simpelkoken.com, 1
+simpelkoken.net, 1
+simpelkoken.nl, 1
+simpelkoken.org, 1
+simpelkredit.dk, 1
+simpeo.org, 1
+simpex.ch, 1
+simphome.com, 1
+simphony.cz, 1
+simple-perfect.tk, 1
+simple-test-to-demonstrate-the-maximum-length-of-a-domain-name.com, 1
+simple-test-to-demonstrate-the-maximum-length-of-a-domain-name.eu, 1
+simple-test-to-demonstrate-the-maximum-length-of-a-domain-name.international, 1
+simple.com, 0
+simpleartifact.com, 1
+simpleavenue.com, 1
+simplecallgirls.com, 1
+simplechoicesuper.com.au, 1
+simpleclassiclife.com, 1
+simpleclothing.ro, 1
+simplecmsdemo.com, 1
+simplecoding.click, 1
+simplecompliance.co.uk, 1
+simplecrypt.io, 1
+simplecryptoconvert.com, 1
+simplefx.com, 1
+simplegoodhealth.com, 1
+simplegreen.mx, 1
+simplehome.ml, 1
+simpleinfoblog.com, 1
+simpleinout.com, 1
+simpleit.services, 1
+simpleline.studio, 1
+simplelinux.tk, 1
+simplelist.ga, 1
+simplelogin.co, 1
+simplelogin.io, 1
+simpleman.cf, 1
+simplemining.net, 1
+simplenet.io, 1
+simplenet.ro, 1
+simplepaddle.com, 1
+simplepengu.com, 1
+simplepoll.rocks, 1
+simpleports.eu, 1
+simpleports.net, 1
+simpleports.org, 1
+simpleprivacy.fr, 1
+simpleprojects.net, 1
+simplereport.gov, 1
+simplerezo.com, 1
+simplerses.com, 1
+simples.vet, 1
+simplesellatl.com, 1
+simplesend.io, 1
+simpleshow.com, 1
+simplesite.hu, 1
+simplespy.tk, 1
+simplesummerreading.com, 1
+simpletax.ca, 1
+simpletools.tk, 1
+simpletrace.nz, 1
+simplevote.ca, 1
+simplewebarchitecture.com, 1
+simplewire.de, 1
+simplexgame.net, 1
+simplexwireless.com, 1
+simplia.cz, 1
+simpliby.com, 1
+simplicitypvp.net, 1
+simplifiedlaws.com, 1
+simplifixed.com, 1
+simplifyingcollege.com, 1
+simplifylivelove.com, 1
+simplio3d.com, 1
+simplix.info, 1
+simplixos.org, 1
+simplr.ai, 1
+simplrflex.com, 1
+simplus.id, 1
+simplusbr.com, 1
+simply-bob.de, 1
+simply-pattinson.tk, 1
+simply-pdf.de, 1
+simply-premium.com, 1
+simply.com, 1
+simply.scot, 1
+simply2020.com, 1
+simplybrave.net, 1
+simplycateringequipment.co.uk, 1
+simplycharlottemason.com, 1
+simplychocolate.com, 1
+simplycloud.de, 1
+simplydonelegal.com, 1
+simplyfitperth.com.au, 1
+simplyfixit.co.uk, 1
+simplyfranciscan.org, 1
+simplygood.work, 1
+simplyhelen.de, 1
+simplyirfan.com, 0
+simplyjet.tk, 1
+simplymaidsaz.com, 1
+simplymeatsmoking.com, 1
+simplymidget.tk, 1
+simplyml.com, 1
+simplyowners.net, 1
+simplyplans.co.uk, 1
+simplyregister.net, 1
+simplyshamal.online, 1
+simplysmartgardening.com, 1
+simplytiles.com, 1
+simplyuniforms.com.au, 1
+simplyvoting.com, 1
+simpplr.com, 1
+simprosuite.com, 1
+simpsoncountyky.gov, 1
+simpul.nl, 1
+simracingcockpit.com, 1
+simrail.nl, 1
+simranmehta.ga, 1
+sims4hub.ga, 1
+simscale.com, 1
+simsek.biz.tr, 1
+simservice.dk, 1
+simsfinnchiropractic.com.au, 1
+simsim.in, 1
+simsimi.ml, 1
+simsmotorshop.be, 1
+simsnieuws.nl, 1
+simstarstyle.tk, 1
+simul.host, 1
+simulfund.com, 0
+simulhost.com, 1
+simulise.cloud, 1
+simulise.com, 1
+simulise.help, 1
+simulping.com, 1
+simulus.education, 1
+simulus.technology, 1
+simulus.training, 1
+simumiehet.com, 1
+simus.fr, 1
+simyayayinlari.com, 0
+sin-el-fil.com, 0
+sin-nombre-alleria.de, 1
+sin.swiss, 0
+sin4psi77.tk, 1
+sina-praxis.com.mx, 1
+sina.swiss, 1
+sinakuhestani.ir, 0
+sinalizeweb.com.br, 0
+sinan.mobi, 1
+sinanozpinar.com, 1
+sinanozpinar.nl, 1
+sinapuros.tk, 1
+sinarbaktiperdana.id, 1
+sinatralegal.com, 1
+sinavcevaplan.com, 0
+sinavelvet.com, 1
+sinavyo.ml, 1
+sincelockdown.co.uk, 1
+sincemydivorce.com, 1
+sincityfan.tk, 1
+sinclairinat0r.com, 1
+sincordones.net, 1
+sindacato.it, 1
+sindarina.com, 1
+sindarina.eu, 1
+sindarina.net, 1
+sindarina.org, 1
+sindastra.com, 1
+sindastra.de, 1
+sindastra.net, 1
+sindastra.org, 1
+sinde.ru, 1
+sindicatoburgos.org, 0
+sindirectory.com, 1
+sindlerova.com, 1
+sindlerova.cz, 1
+sindominio.net, 1
+sindromebenjamin.tk, 1
+sineadobrien.com, 1
+sineafoods.com, 1
+sinefili.com, 1
+sinemakurd.tk, 1
+sinergify.com, 1
+sinetron.ga, 1
+sinews.tk, 1
+sinfield.com, 0
+sinfoniettabelcanto.org, 1
+sinfully.gq, 1
+sinfully.tk, 1
+sinfulthrills.co.uk, 1
+singaporebrand.com.sg, 1
+singaporeconventionweek.sg, 1
+singaporecriminaldefencelawyer.com, 1
+singaporedivorcelawyer.com, 1
+singaporefamilylawyer.com, 1
+singaporefreelegaladvice.com, 1
+singaporetoptentravel.com, 1
+singaporewebdesign.tk, 1
+singapur24.tk, 1
+singcapital.com.sg, 1
+singee.me, 1
+singel.ch, 1
+singen.eu.org, 1
+singer.ru, 1
+singerpragathi.tk, 1
+singerwang.com, 1
+singeyel.gq, 1
+singingblackbird.tk, 1
+singita.com, 1
+single-in-stuttgart.de, 1
+singleeuropeansky.aero, 1
+singlehandedsailing.tk, 1
+singlenine.gq, 1
+singleproduction.com, 1
+singles-aus-hamburg.de, 1
+singles-berlin.de, 1
+singles-day.org.il, 1
+singlesproject.org, 1
+singleton-factory.de, 1
+singleuse.link, 1
+singlu10.org, 0
+singluten.tk, 1
+singreggaeoke.com, 1
+singulair-generic.tk, 1
+sini.tk, 1
+sinibaldi.me, 1
+sinistragiovanile.tk, 1
+sinkaray.com, 1
+sinkfactory.com, 1
+sinkhole-florida.com, 1
+sinkholerepairsflorida.com, 1
+sinkinglure.net, 1
+sinkip.com, 1
+sinluzvenezuela.tk, 1
+sinmarea.com, 1
+sinn-frei.tk, 1
+sinner-rider.tk, 1
+sinnersprojects.ro, 0
+sinnvoll-online.de, 1
+sinnvoll-online.info, 1
+sinog.si, 1
+sinok.tk, 1
+sinonimos.com.br, 1
+sinonimosonline.com, 1
+sinonimosonline.com.br, 1
+sinopx.cf, 1
+sinoscandinavia.se, 1
+sinosky.org, 1
+sinpermiso.info, 1
+sinquin.eu, 1
+sinronet.com, 0
+sinsalida.tk, 1
+sinsin.io, 1
+sinsitio.tk, 1
+sinsolucion.tk, 1
+sint-apollonia-appels.tk, 1
+sint-barbara.tk, 1
+sint-joris.nl, 1
+sint-sebastianus.tk, 1
+sint-servattumus.tk, 1
+sinta-d.com, 1
+sintas.lt, 1
+sintaxis.org, 1
+sintbaafsabdij.gent, 1
+sintbaafsabdijgent.be, 1
+sinterama.biz, 1
+sinterklaas-spelletjes.nl, 1
+sinterklaasnet.tk, 1
+sinthill.com, 1
+sintomasdocancer.com, 1
+sintpietersabdijgent.be, 1
+sintsationeel.nl, 1
+sinuate.gq, 1
+sinuelovirtual.com.br, 1
+sinusbot.online, 1
+sinusitis-bronchitis.ch, 1
+sinvideovault.com, 1
+siogyumolcs.hu, 1
+sion-colony.tk, 1
+sion.info, 1
+siouxcityjournal.com, 1
+siouxcountyne.gov, 1
+siouxfalls.gov, 1
+sip.ch, 1
+sipa.nc, 1
+sipa.pf, 1
+sipadmin.ru, 1
+sipd.go.id, 0
+sipede.tk, 1
+siphalor.de, 1
+sipinterdindikcilegon.id, 1
+sipo.tk, 1
+siproj.com.br, 1
+sipstix.co.za, 1
+siptls.com, 1
+sipuri.me, 1
+sipyuru.com, 1
+sipyuru.lk, 1
+siq.li, 1
+siqi.wang, 1
+sirakov.tk, 1
+siralyvisegrad.hu, 1
+siranap.com, 1
+sirandorung.tk, 1
+siraweb.org, 1
+sirbio.ru, 1
+sircon.no, 1
+sirena.ml, 1
+sirenassociates.com, 1
+sirenasweet.net, 1
+sirenasweet.org, 1
+sirencallofficial.com, 1
+sirenequestrianvaulting.co.uk, 1
+sirenequestrianvaulting.com, 1
+sirenslove.com, 1
+sirenvaulting.club, 1
+sirenvaulting.co.uk, 1
+sirenvaulting.com, 1
+sirenvaulting.group, 1
+siretaweb.id, 1
+sirfaustobrasil.com.br, 1
+sirg.fr, 1
+siri.cc, 1
+siria.tk, 1
+siris.nl, 1
+sirius-se.hu, 1
+sirius.su, 1
+siriuspro.pl, 1
+siriuspup.com, 1
+sirma.com, 1
+sirnakhaber.tk, 1
+siro.gq, 1
+sirovatka.tk, 1
+sirplus.com.ar, 1
+sirpsycho.tk, 1
+sirram.de, 1
+sirtaptap.com, 1
+sirtuins.com, 1
+sirvio.eu, 1
+sirvoy.ca, 1
+sirvoy.co.nz, 1
+sirvoy.co.uk, 1
+sirvoy.co.za, 1
+sirvoy.com, 1
+sirvoy.com.au, 1
+sirvoy.de, 1
+sirvoy.dk, 1
+sirvoy.es, 1
+sirvoy.fi, 1
+sirvoy.fr, 1
+sirvoy.ie, 1
+sirvoy.jp, 1
+sirvoy.nl, 1
+sirvoy.no, 1
+sirvoy.se, 1
+sirzech.my.id, 1
+sis.net.sa, 1
+sisadmin21.tk, 1
+siscompbolivia.tk, 1
+siscompt.com, 0
+siselectrom.com, 1
+siseministeerium.ee, 0
+sisiengineers.gq, 1
+sisirbatu.tk, 1
+sismit.es, 1
+sisms.pl, 1
+sisqo.tk, 1
+sisqualwfm.com, 1
+sissden.eu, 1
+sisseastumine.ee, 1
+sissyroulette.com, 1
+sisteltestserver.com, 1
+sistem-maklumat.com, 1
+sistem-maklumat.com.my, 1
+sistema-trenirovok.ml, 1
+sistema20k.tk, 1
+sistemair.be, 1
+sistemapronto.ml, 1
+sistemasespecializados.com, 1
+sistemista.it, 1
+sistemy48.ru, 0
+sistonenfranco.tk, 1
+sistrade.com, 1
+sisv.eu, 1
+sisver.mx, 1
+sit-brn.ru, 1
+sit-tech.by, 1
+sit.ec, 1
+sit.moe, 1
+sit.sh, 1
+sitak.fi, 1
+sitanleta.de, 1
+sitatravel.gr, 1
+sitc.sk, 1
+sitco.global, 1
+site-analyzer.pro, 1
+site-de-paris-en-ligne.fr, 1
+site-development.tk, 1
+site-dns.com, 1
+site-master.ml, 1
+site-oficial-inicio.com, 1
+site-oflcial.com, 1
+site-remont.ml, 1
+site-romania.tk, 1
+site-ua.tk, 1
+site.com, 1
+site.mu, 1
+site2002.tk, 1
+siteadvokat.cf, 1
+sitebrass.ru, 1
+sitebuilderreport.com, 0
+sitecentre.com.au, 1
+sitechange.dedyn.io, 1
+sitechecker.pro, 1
+sitecreation.tk, 1
+sitecreator.tk, 1
+sitecrew.cf, 1
+sitecuatui.com, 1
+sitedebelezaemoda.com.br, 1
+sitedynamix.co.uk, 1
+siteforce.com, 1
+sitehizi.com, 1
+siteintelstage.com, 1
+sitek.rocks, 1
+sitekatalog.tk, 1
+sitelinks.ga, 1
+sitelinks.ml, 1
+sitemai.eu, 1
+sitemap.solutions, 1
+sitemaxiphilippe.ch, 1
+sitempro.com.mx, 0
+sitemydesk.fr, 1
+sitenv.org, 1
+sitepentruprofesori.com, 1
+siteplug.com, 1
+sitepokupok.ru, 1
+siterank.cf, 1
+siterank.gq, 1
+siterapidowp.com.br, 1
+siterencontre.me, 1
+siteru.tk, 1
+sites.google.com, 1
+sites2poker.fr, 1
+sites2rencontre.fr, 1
+sitesara.com, 1
+sitesdesign.tk, 1
+sitesforward.com, 1
+sitesignal.net, 1
+sitesko.de, 1
+sitestudio.tk, 1
+sitesweb.gq, 1
+sitetalk.tk, 1
+sitetuners.com, 1
+siteviseagency.com, 1
+siteweb-seo.fr, 1
+sitgesfilmfestival.com, 1
+sithijaya.tk, 1
+sithmanifest.com, 1
+sitinjau.com, 1
+sitiosantaangela.com.br, 1
+sitischu.com, 1
+sitisnab.kz, 1
+sitnikov.ga, 1
+sito-online.ch, 1
+sittingwell.co.uk, 1
+sittogether.club, 1
+sittogether.tw, 1
+situm.com, 1
+situsbandarq.cf, 1
+situsbandarq.ga, 1
+situsbandarq.ml, 1
+situsbandarq.tk, 1
+sitypro.com, 1
+sitz.ch, 1
+sitzungsdienst.net, 0
+siulam-wingchun.org, 1
+siusto.com, 1
+sivaexports.in, 1
+sivaru.tk, 1
+sivizius.eu, 1
+sivyerge.com, 1
+siw64.com, 1
+siwa.cf, 1
+siwek.xyz, 1
+siwiki.rs, 1
+siwyd.com, 1
+six27.com, 1
+sixam.co.jp, 1
+sixara.com, 1
+sixcolors.lu, 1
+sixcorners.info, 1
+sixcorners.net, 1
+sixde.com.au, 1
+sixe.es, 1
+sixforkurd.tk, 1
+sixnines.net, 1
+sixpackband.tk, 1
+sixpackholubice.cz, 1
+sixstrings.tk, 1
+sixtiesgroovemachine.com, 1
+sixtiesgroovemachine.nl, 1
+sixyy.com, 1
+siyako.com, 1
+siyuan.com, 1
+sizeofvoid.org, 1
+sizeunknown.com, 1
+sizeunknown.net, 1
+sizinajans.com, 1
+sj-leisure.com, 1
+sja-se-training.com, 1
+sjaakgilsingfashion.nl, 1
+sjaaktrekhaak.nl, 1
+sjbwoodstock.org, 1
+sjcpa.gov, 1
+sjd.is, 0
+sjeverni.info, 1
+sjfss.com, 1
+sjfss.marketing, 1
+sjid.co.uk, 1
+sjiplanning.com.au, 1
+sjleisure.co.uk, 1
+sjlmd.moe, 1
+sjm-hamburg.de, 0
+sjnp.org, 1
+sjoelen.tk, 1
+sjoelsport.nl, 1
+sjoorm.com, 1
+sjorsvanweert.nl, 1
+sjouke.dedyn.io, 1
+sjout.nl, 1
+sjparanormal.tk, 1
+sjrcommercialfinance.co.uk, 1
+sjrslms.in, 0
+sjs.org.hk, 1
+sjtravel.guru, 1
+sjwheel.net, 1
+sk-ii.com, 1
+sk.tl, 1
+sk4y.net, 1
+sk8israel.com, 1
+skaala.com, 1
+skachat-filmi.info, 1
+skachat-programmylini.ga, 1
+skachat-shablon-rezyume-na-angliyskom-yazyk.tk, 1
+skachat-zip.tk, 1
+skachay-knighki.gq, 1
+skachay-photo.gq, 1
+skagen-feriebolig.dk, 1
+skaginn.tv, 1
+skaiman.ga, 1
+skaitliukas.tk, 1
+skalcollective.com, 1
+skalec.org, 1
+skalis-portage.com, 1
+skamper.tk, 1
+skankofamerica.com, 1
+skarke.se, 1
+skarla.com, 1
+skarox.com, 1
+skarox.ee, 1
+skarox.eu, 1
+skarox.net, 1
+skarox.ru, 1
+skat.dk, 1
+skate.fr, 1
+skatefilms.tv, 1
+skateparkmontbriz.tk, 1
+skaterangels.tk, 1
+skaterepublic.tk, 1
+skatesins.ch, 1
+skatesliide.tk, 1
+skateswagger.com, 1
+skatingchina.com, 1
+skatrey.com, 1
+skattebo.no, 1
+skatteforvaltningen.dk, 1
+skazama.com, 1
+skazka.ml, 1
+skazka.ru, 1
+skazochnyj-sait.tk, 1
+skbexteriorcleaningsolutions.com, 1
+skbilisim.tk, 1
+skblab.ru, 1
+skcwood.com, 1
+skday.com, 1
+skedda.com, 1
+skeditor.tk, 1
+skedr.io, 0
+skeeley.com, 1
+skeetads.com, 1
+skegnesstec.ac.uk, 1
+skei.org, 1
+skepneklaw.com, 1
+skepp.com, 1
+skepticalsports.com, 1
+skeptics.org, 1
+skeptik.tk, 1
+sketch.io, 1
+sketch.jpn.com, 1
+sketchbox.tk, 1
+sketchmonk.tk, 1
+sketchnote.co, 1
+sketchy.tk, 1
+skew.ch, 1
+skezi.eu, 1
+skgzberichtenbox.nl, 1
+skhaz.io, 1
+skhidnitsa.com.ua, 1
+skhiratemara.ma, 1
+skhire.co.uk, 1
+skhoop.cz, 1
+skhosting.eu, 1
+skhron.com.ua, 1
+ski-outdoor-shop.de, 1
+ski-planet.com, 1
+skibbereencomhaltas.tk, 1
+skibikers.tk, 1
+skid.church, 1
+skiddle.com, 1
+skidka.by, 1
+skidki-ru.cf, 1
+skidkimira.ru, 1
+skidzun.de, 1
+skifairview.com, 1
+skiff.city, 1
+skiff.com, 1
+skiff.town, 1
+skiforlight.ca, 1
+skiftet.org, 1
+skifttiljutlanderbank.dk, 1
+skigebied.nl, 1
+skiingnewsletter.cf, 1
+skiingnewsletter.ga, 1
+skiingproperty.com, 1
+skiinstructor.services, 1
+skikkogbank.no, 1
+skile.ru, 0
+skiley.net, 1
+skilift-quellenwiese.at, 0
+skill-x.ru, 1
+skill.moe, 1
+skill.tk, 1
+skillab.ro, 1
+skillablers.com, 1
+skilldnsproc.com, 1
+skillearning.de, 1
+skillmamba.com, 1
+skillmoe.at, 1
+skillonnet.com, 1
+skillrocket.in, 1
+skills2serve.org, 1
+skills2services.com, 1
+skillsboffin.com, 1
+skillsenhancementtexas.gov, 1
+skillsenhancementtx.gov, 1
+skillsforall.com, 1
+skillshare.com, 1
+skillsoftcompliance.com, 1
+skilltran.com, 1
+skillup.co, 1
+skillwaze.com, 1
+skiman.tk, 1
+skimbo.tk, 1
+skin-cosmetic.eu, 1
+skin.club, 1
+skinbet.co, 1
+skinboost.ga, 1
+skinboost.ml, 1
+skincare-note.com, 1
+skincareagent.cf, 1
+skindb.net, 1
+skinetic.eu, 1
+skinews.tk, 1
+skinexpert.ml, 1
+skinfoodpeachcotton.tk, 1
+sking.io, 1
+skinlords.com, 1
+skinmarket.co, 1
+skinmedshop.ro, 1
+skinmodo.com, 1
+skinnation.tk, 1
+skinnybitch99.net, 1
+skinport.com, 1
+skinpwrd.com, 1
+skinrejuvenate.com.au, 1
+skinrender.ga, 1
+skinseries.cf, 1
+skinsolution.ga, 1
+skinsolutionclinic.com, 1
+skinstyleglobal.com, 1
+skinsuperstore.tk, 1
+skintdad.co.uk, 1
+skintillation.com, 1
+skio.com, 1
+skioakenfull.com, 1
+skip.re, 1
+skipfault.com, 1
+skipperinnovations.com, 0
+skippy.dog, 0
+skipr.co, 1
+skipr.ninja, 1
+skiptadiabetes.com, 1
+skipthetrailers.xyz, 1
+skipton.io, 1
+skiptontownhall.co.uk, 1
+skirent-masocorto.com, 1
+skirted.cf, 1
+skirts.tk, 1
+skirtskenya.tk, 1
+skirwin.com, 1
+skischule-wildewiese.de, 1
+skisportdain.it, 1
+skitecsh.com, 1
+skitop.it, 1
+skitznet.tk, 1
+skizzen-zeichnungen.de, 1
+skj6.ga, 1
+skjt.co.jp, 1
+skk.moe, 1
+skky.net, 1
+skladmebliv.ua, 0
+skladnicaksiegarska.pl, 1
+sklepbhp.online, 1
+sklepsnowboardowy.pl, 1
+sklepvoip.tel, 1
+sklepwielobranzowymd.com, 1
+sklisen.tk, 1
+sklotechnik.cz, 1
+skm.dk, 1
+skmedia.ga, 1
+skmp.cc, 1
+skmsport.com, 1
+sknasirali.com, 1
+sknclinics.co.uk, 1
+skoander.com, 1
+skoda-im-dialog.de, 1
+skodapower.tk, 1
+skoi2023.com, 1
+skoilly.cc, 1
+skoiy.com, 1
+skokie.gov, 1
+skol.bzh, 1
+skolagatt.is, 1
+skolakrizik.cz, 1
+skolappar.nu, 1
+skolebil.dk, 1
+skolem.de, 1
+skolni-system.eu, 1
+skolnieks.lv, 1
+skolnilogin.cz, 1
+skolniweby.cz, 1
+skolplattformen.org, 1
+skolskyportalporuba.cz, 1
+skooli.com, 1
+skorbord.tk, 1
+skorepova.info, 1
+skoroff.com, 1
+skoropolnolunie.gq, 1
+skorovsud.ru, 1
+skorpil.cz, 1
+skorstensfolket.se, 1
+skory.us, 1
+skorzew.ski, 1
+skoskav.org, 1
+skotobaza.tk, 1
+skotstvo.tk, 1
+skovbosburgerblog.dk, 1
+skovik-sandbox.com, 1
+skovik.com, 1
+skpark.cf, 1
+skpk.de, 1
+skpracta.info, 1
+skpracta.tk, 1
+skprhome.i234.me, 1
+skram.de, 1
+skrepnek-sidebar.tk, 1
+skreutz.com, 1
+skrid.net, 1
+skrillex.tv, 1
+skrin.ru, 1
+skripta.tk, 1
+skriptorium.de, 1
+skrivargarden-nes.cf, 1
+skrivebeskyttet.dk, 1
+skrivebordet.tk, 1
+skrprojects.com.au, 1
+skrsv.net, 1
+skrydata.ga, 1
+sksdrivingschool.com.au, 1
+sksh.io, 1
+sktan.com, 1
+sktsolution.com, 0
+sktst.dk, 1
+skuizy.ddns.net, 1
+skulblaka.ch, 1
+skuldwyrm.no, 1
+skullcrusher.tk, 1
+skullowner.nl, 1
+skunkapeservers.net, 1
+skupka-zolota-dorogo.ru, 1
+skutry-levne.cz, 1
+skutry.cz, 1
+skux.ch, 1
+skvele-cesko.cz, 1
+skvelecesko.cz, 1
+skvot.de, 1
+skwile-cafe.com, 1
+skwitko.com, 1
+skwlkrs.com, 1
+skxpl.eu.org, 1
+sky-aroma.com, 1
+sky-cargo.at, 1
+sky-coach.com, 1
+sky-coach.nl, 1
+sky-driver.ch, 1
+sky-live.fr, 1
+sky-motion.de, 1
+sky-music.tk, 1
+sky-of-use.net, 1
+sky-os.ru, 1
+sky-torch.com, 0
+sky-wap.cf, 1
+skyarch.net, 1
+skyautorental.com, 1
+skybirch.com, 1
+skybirds.org, 1
+skyblockmc.eu, 1
+skyblockmc.no, 1
+skyblond.info, 1
+skybloom.com, 1
+skyblue4.com, 1
+skyborne.tk, 1
+skybound.link, 0
+skybrary.aero, 1
+skybrary.eu, 1
+skybrary.info, 1
+skybridge.net, 1
+skycapture.ca, 1
+skyclinic.ua, 1
+skycmd.net, 1
+skyder.com.mx, 0
+skyder.mx, 0
+skyderby.ru, 1
+skydiveaddiction.com, 1
+skydivegeronimo.com.au, 1
+skydiverapp.com, 1
+skydiverecuador.com, 1
+skydivingexperiences.co.uk, 1
+skydragoness.com, 1
+skydrive.live.com, 0
+skydronesolutions.com, 1
+skye.vg, 1
+skyeeverest.tk, 1
+skyem.co.uk, 0
+skyeng.ru, 1
+skyevg.systems, 1
+skyexpressinternational.com, 1
+skyfall.network, 1
+skyfibertech.com, 1
+skyfpicture.tk, 1
+skygame.tk, 1
+skygates.tk, 1
+skyguru.tk, 1
+skyhigh-mizell.tk, 1
+skyhook.earth, 1
+skyhooks.tk, 1
+skyhyve.com.au, 1
+skyhyve.xyz, 1
+skyint.io, 1
+skyla.tk, 1
+skylair.info, 1
+skylandanalytics.net, 1
+skylander.cf, 1
+skylar.ai, 0
+skylarker.org, 1
+skylash.be, 1
+skylgenet.nl, 1
+skylightcreative.com.au, 1
+skylightipv.com, 1
+skylimitmedia.com, 1
+skyline.link, 1
+skyline.tw, 1
+skylineexplorer.com, 1
+skylinehk.org, 1
+skylinehouse.ca, 1
+skylinertech.com, 1
+skylineservers.com, 1
+skylocker.net, 1
+skyltmax.se, 1
+skymail.de, 1
+skymass.xyz, 1
+skyminds.net, 1
+skymkmk.com, 1
+skymonk.tk, 1
+skynet-research.us, 0
+skynet233.ch, 0
+skynet800.goip.de, 1
+skynetcloud.site, 1
+skynetnetwork.eu.org, 1
+skynetstores.ae, 1
+skynetz.tk, 1
+skyoceanblue.com, 1
+skyone.host, 1
+skyoy.com, 0
+skypanic.com, 1
+skypark.tk, 1
+skypce.net, 1
+skype, 1
+skype.com, 0
+skypech.com, 1
+skypefr.com, 1
+skypicker.com, 1
+skyportcloud.com, 1
+skyqueen.cc, 1
+skyquid.co.uk, 1
+skyra.pw, 1
+skyrider.me, 1
+skyrosconsulting.com, 1
+skys-entertainment.com, 1
+skyscanner.ca, 1
+skyscanner.co.in, 1
+skyscanner.com, 1
+skyscanner.com.au, 1
+skyscanner.com.hk, 1
+skyscanner.de, 1
+skyscanner.es, 1
+skyscanner.fr, 1
+skyscanner.gg, 1
+skyscanner.net, 1
+skyscanner.pt, 1
+skyscanner.ru, 1
+skyscnr.com, 1
+skyseo.cf, 1
+skysoftbg.com, 1
+skysplash.gq, 1
+skysprouts.co.uk, 1
+skysuite.nl, 1
+skytamil.net, 1
+skytec.host, 1
+skytechosting.com, 1
+skytel.ge, 1
+skyterraathome.com, 1
+skyterraembrace.com, 1
+skyterrawellness.com, 1
+skytickets.ga, 1
+skytiger.ga, 1
+skytown.ga, 1
+skytterlogg.no, 1
+skytterloggen.no, 1
+skywalkersa.ga, 1
+skywatch.com, 1
+skywindowsnj.com, 1
+skywirephotography.com, 1
+skyworldserver.ddns.net, 1
+skywt.cn, 1
+skyynet.de, 1
+skyzimba.com.br, 1
+sl-alarm.ru, 1
+sl-bildermacher.de, 1
+sl-informatique.ovh, 1
+sl.al, 1
+sl0.us, 1
+sl41.com.br, 1
+sl66.cc, 0
+sla.pl, 1
+slaam.tk, 1
+slab.com, 1
+slabserver.com, 1
+slabstage.com, 1
+slack-files.com, 1
+slackline.tk, 1
+sladic.si, 0
+sladkiiflirt.ru, 1
+slaek.de, 1
+slagerijdekoekelaere.be, 1
+slagerijrooken.be, 1
+slagerijvanguilik.nl, 1
+slaght.de, 0
+slainvet.net, 1
+slalix.pw, 1
+slalix.xyz, 1
+slamdunkdedication.tk, 1
+slamhope.gq, 1
+slamix.nl, 1
+slamtradingcards.com.au, 1
+slan.fr, 1
+slaninka.eu, 1
+slanterns.net, 1
+slapen17.nl, 1
+slaps.be, 1
+slash64.co.uk, 1
+slash64.uk, 1
+slashbits.no, 1
+slashcam.de, 1
+slashcrypto.org, 1
+slashdigit.com, 1
+slashnroses.com, 1
+slashnroses.nl, 1
+slashorg.net, 1
+slass.fr, 1
+slate.to, 1
+slatechart.com, 1
+slated.ie, 0
+slatemc.com, 1
+slatemc.fun, 1
+slateteams.com, 1
+slathering.cf, 1
+slatteryassetadvisory.com.au, 1
+slaughter.com, 1
+slaughterhouse.fr, 1
+slava.ml, 1
+slavasoloviev.com, 1
+slavasveta.info, 1
+slaveykov.bg, 1
+slavic401k.com, 1
+slavira.ru, 1
+slavomircapik.com, 1
+slaws.io, 1
+slayer.tech, 1
+slayersonline.net, 1
+slayingqueen.com, 1
+slaytec.com, 1
+slb.ru, 1
+slbbiromaru.sch.id, 1
+slbetx.com, 1
+slbknives.com, 1
+slbm.com.au, 1
+slboatstorage.com, 1
+slcdn.net, 1
+sld08.com, 1
+sldev.ovh, 1
+sldlcdn.com, 1
+sldonline.org, 1
+sledgeroofing.com, 1
+sledwyoming.com, 1
+sleekfellow.com, 1
+sleekflow.io, 1
+sleep-go.info, 1
+sleep-tight.cf, 1
+sleepawaycampseries.tk, 1
+sleepcouncil.org.uk, 1
+sleepet.tw, 1
+sleepig.com, 1
+sleepily.tk, 1
+sleepingmattressreview.com, 1
+sleepmap.de, 1
+sleepo.ga, 1
+sleeps.jp, 0
+sleepsaround.ga, 1
+sleepshop.be, 1
+sleepstar.co.uk, 1
+sleepstar.fr, 1
+sleepys.net, 1
+sleetandsole.es, 1
+sleetandsole.eu, 1
+sleeuwijkskerkje.nl, 1
+sleio.com, 1
+sleismann.de, 1
+sleismann.eu, 1
+sleismann.org, 1
+slemen.tk, 1
+slepsluzbabeograd.org, 1
+sletaem.ml, 1
+sletat.ru, 1
+slev.tk, 1
+slevermann.de, 0
+slevomat.cz, 1
+slew.gq, 1
+slezenko.tk, 1
+sli.do, 1
+slicehousefranchise.com, 1
+sliceone.com, 1
+slicklines.co.uk, 1
+slidebatch.com, 1
+slidefiftyfamily.tk, 1
+slidemembers.com, 1
+slideproducts.com, 1
+slides.zone, 1
+slideshare.net, 1
+slido.com, 1
+slidstvo.info, 1
+slightshop.com, 1
+slik.ai, 1
+slim-health.com, 1
+slim-slender.com, 1
+slim.ua, 1
+slimeg.clinic, 1
+slimetutorial.com, 1
+slimmarkets.com, 1
+slimopweg.be, 1
+slimspots.com, 1
+slimster.nl, 1
+slimwindows.cf, 1
+slimwindows.ga, 1
+slimwindows.gq, 1
+slingo-sta.com, 1
+slingoweb.com, 1
+slink.hr, 1
+slinkwa.re, 1
+slinx.tk, 1
+slip-gaming.tk, 1
+sliphua.work, 1
+slipknot-site.tk, 1
+slipnslide.xxx, 1
+slippening.com, 1
+sliptrickrecords.com, 1
+sliszlaw.com, 1
+slite.com, 1
+sliteapp.com, 1
+slivkadesigns.tk, 1
+slix.io, 1
+slizgawka.eu, 1
+sllatina.tk, 1
+slm-sla.tk, 1
+slma.tk, 1
+sln.cloud, 1
+slo-net.net, 1
+slo-tech.com, 1
+slo.nl, 1
+sloancom.com, 1
+sloanrealtygroup.com, 1
+sloboda.tk, 1
+slobrowink.com, 1
+slobsbeer.com, 1
+slocounty.gov, 1
+slodkiflirt.pl, 1
+sloeproeienalmere.nl, 1
+sloepverhuur-roggebroek.nl, 1
+slogan.tk, 1
+slogancreator.com.au, 1
+slogix.in, 1
+sloneczni.pl, 1
+slonep.net, 1
+slonko.net, 1
+sloopautonoordholland.com, 1
+slootskyartisticdentistry.com, 1
+slopecountynd.gov, 1
+slopeedge.com, 1
+slopeedge.net, 1
+slopeoak.com, 1
+slotarazzi.com, 1
+slotbonus24.com, 1
+slotboss.co.uk, 1
+slotcatalog.com, 1
+sloterplas-beveiliging.nl, 1
+sloterplas-bouw.nl, 1
+sloterplas-management.nl, 1
+slotfara.net, 1
+slotgames.pro, 1
+slotgratisonline.net, 1
+slothless.com, 1
+sloths.org, 1
+sloticagames.com, 1
+slotjava.com.br, 1
+slotjava.es, 1
+slotjava.it, 1
+slotlist.info, 1
+slotmachinesgratisonline.com, 1
+slotmad.com, 1
+slotsinspector.com, 1
+slotsmegacasino.com, 0
+slotstar10.com, 1
+slotsup.com, 1
+slouching.ga, 1
+sloudways.com, 1
+slovakiana.sk, 1
+slovenia-trip.tk, 1
+slovenskekasina.sk, 1
+slovenskycestovatel.sk, 1
+slow.social, 1
+slow.zone, 0
+slowapi.com, 1
+slowcookingperfected.com, 1
+slowfoodandhandforgedtools.com.au, 1
+slowgames.xyz, 1
+slowinski.tk, 1
+slowlove.es, 1
+slowsocial.email, 1
+slowsocial.eu, 1
+slowsocial.net, 1
+slowsocial.org, 1
+slowsociety.org, 0
+slpidny.gov, 1
+slpm.com, 1
+slpower.com, 1
+slrd-isperih.com, 1
+slrie.de, 1
+slt.ee, 1
+slt24.de, 1
+sltcapital.com, 1
+sltda.gov.lk, 1
+sluciaconstruccion.com, 1
+sluderno.org, 1
+sludge.tk, 1
+slugify.online, 1
+sluhockey.com, 1
+sluimann.de, 1
+sluitkampzeist.nl, 0
+sluitsnel.nl, 1
+slunecnice.cz, 1
+slunyavchik.tk, 1
+sluo.org, 1
+slushat-tekst-pesni.ru, 1
+slushe.com, 1
+slushpool.com, 1
+slutty-girls.cf, 1
+slxh.eu, 1
+slxh.nl, 1
+slyarts.com, 1
+slycegateway.com, 1
+slycepay.com, 1
+slycereporting.com, 1
+slymak.com, 1
+slytech.ch, 0
+slytigers.tk, 1
+slyvon.com, 1
+slzr.cloud, 1
+sm-kyoushitsu.com, 1
+sm-supplements.gr, 1
+sm.ms, 1
+sm161.cn, 1
+sm2016.ch, 1
+sma-dev.de, 1
+sma-gift.com, 1
+smackhappy.com, 0
+smadav.ml, 1
+smaksbanken.no, 1
+smalandscountryclub.tk, 1
+small-blog.cf, 1
+small-king.ml, 1
+smallblog.org, 1
+smallbusinesscharter.org, 1
+smallbytedesign.co, 1
+smallchanges.tv, 1
+smallchat.nl, 1
+smallcraftadvisory.tk, 1
+smallcubed.com, 1
+smalldata.tech, 1
+smalldeveloper.ml, 1
+smalle-voet.de, 1
+smallfarmersjournal.com, 1
+smallfoot.tk, 1
+smallplanet.com, 0
+smalls-world.tk, 1
+smallsiri.gq, 1
+smallsites.eu, 1
+smalltalkconsulting.com, 1
+smalltunepress.tk, 1
+smallville.tk, 1
+smallville25.tk, 1
+smallwhitebear.ga, 1
+smaltimento-rifiuti.com, 1
+smaltimento-rifiuti.org, 1
+smaltimento.caserta.it, 1
+smaltimento.milano.it, 1
+smaltimento.napoli.it, 1
+smaltimento.roma.it, 1
+smaltimento.salerno.it, 1
+smaltimentoamianto.campania.it, 1
+smaltimentoamianto.frosinone.it, 1
+smaltimentoamianto.latina.it, 1
+smaltimentocalcinacci.roma.it, 1
+smaltimentorifiuti.firenze.it, 1
+smaltimentorifiuti.livorno.it, 1
+smaltimentorifiuti.milano.it, 1
+smaltimentorifiuti.napoli.it, 1
+smaltimentorifiuti.prato.it, 1
+smaltimentorifiuti.roma.it, 1
+smaltimentorifiuti.veneto.it, 1
+smanson.duckdns.org, 1
+smaragderna.cf, 1
+smaragderna.ga, 1
+smaragderna.tk, 1
+smares.de, 1
+smaridibor.tk, 1
+smarinintgal.tk, 1
+smarpshare.com, 1
+smarriti.it, 1
+smart-bezpeka.com, 1
+smart-broker.ru, 1
+smart-cp.jp, 1
+smart-fixed.ru, 1
+smart-house.bg, 1
+smart-hub.io, 1
+smart-informatics.com, 1
+smart-klimat.ru, 1
+smart-lab.ch, 1
+smart-mirror.de, 1
+smart-mrt.co.il, 1
+smart-pharma.group, 1
+smart-profile.ro, 1
+smart-travel.tk, 1
+smart-tux.de, 1
+smart-wind.ru, 1
+smart-wohnen.net, 1
+smart-zona.tk, 1
+smartacademy.ge, 1
+smartacademy.pro, 1
+smartagilesolution.com, 1
+smartandcom.ch, 1
+smartapplianceservices.com, 1
+smartar.com, 1
+smartart.gr, 1
+smartart.tk, 1
+smartass.space, 1
+smartass0027.com, 1
+smartassembly.tk, 1
+smartbase.de, 1
+smartbear.com, 1
+smartbitcoininvestments.com, 1
+smartbiz.vn, 1
+smartblock.cloud, 1
+smartcar.com, 1
+smartcard.tools, 1
+smartcents.gold, 1
+smartcheck.gov, 1
+smartchezvous.com, 1
+smartchoices.ie, 1
+smartclothing.pl, 1
+smartcluster.ga, 1
+smartcommunications.com, 1
+smartcover.tk, 1
+smartcpa.ca, 1
+smartdatafusion.jp, 1
+smartdb.jp, 1
+smartdigital.ga, 1
+smarteco.tk, 1
+smartedukasi.co.id, 1
+smarterskies.gov, 1
+smartersoft-integra.com, 1
+smartersoft.io, 1
+smartertowing.com, 1
+smartest-trading.com, 1
+smartestate.com, 1
+smartevals.com, 1
+smartfaktor.pl, 1
+smartfit.cz, 1
+smartfixmarburg.de, 1
+smartfons.tk, 1
+smartfooding.com, 1
+smartftp.com, 1
+smartgirledits.com, 1
+smartgirls.tk, 1
+smartglassworld.net, 1
+smartgrepp.se, 1
+smartgrid.gov, 1
+smartgridsecurity.com, 1
+smartgridsecurity.org, 1
+smartguardzone.kr, 1
+smarthalal.de, 1
+smarthandyman.repair, 1
+smarthdd.com, 1
+smarthealthinnovationlab.com, 1
+smarthome365.nl, 1
+smarthrms.com, 1
+smartick.com.do, 1
+smartit.gr, 1
+smartius.it, 1
+smartjoin.style, 1
+smartland.com, 1
+smartlandapartments.com, 1
+smartlandconstruction.com, 1
+smartlandturnkey.com, 1
+smartleads.tk, 1
+smartleaklocator.com, 1
+smartliferd.ml, 1
+smartlinecomputers.nl, 1
+smartlink.sk, 1
+smartlist.ga, 0
+smartloanhacks.com, 1
+smartlocksmith.com, 1
+smartlogreturns.com, 0
+smartlogstock.com, 0
+smartlogtower.com, 1
+smartlooks.es, 1
+smartmachine.com, 1
+smartmail24.de, 1
+smartme.pl, 1
+smartmeal.ru, 1
+smartmessages.eu, 1
+smartmessages.net, 1
+smartmeterfraud.tk, 1
+smartminibushire.co.uk, 0
+smartmomsmartideas.com, 1
+smartnanny.cf, 1
+smartnews-smri.com, 1
+smartnoob.de, 1
+smartoctopus.art, 1
+smartografia.pl, 1
+smartoneclub.com, 1
+smartours.com, 1
+smartpanelsmm.com, 1
+smartpatika.hu, 1
+smartpheromones.com, 1
+smartphone-pliable.wtf, 1
+smartphone.nl, 1
+smartphonecases.tk, 1
+smartphonechecker.co.uk, 1
+smartphonefixen.be, 1
+smartphonepliable.co, 1
+smartphonesolution.tk, 1
+smartplus.ae, 1
+smartpolicingplatform.com, 1
+smartpos.net.br, 1
+smartproductguide.com, 1
+smartpti.net, 1
+smartrak.co.nz, 1
+smartrak.com, 1
+smartrecruiters.com, 1
+smartrentacar.ro, 1
+smartresumeservices.com, 1
+smartriotour.com.br, 0
+smartrise.us, 1
+smartroofingandsheetmetal.com, 1
+smartservices.nl, 0
+smartshiftme.com, 1
+smartshop.gr, 1
+smartshoppers.es, 1
+smartshousekeeper.pt, 1
+smartsitio.com, 1
+smartspace.ml, 1
+smartspace.tk, 1
+smartsparrow.com, 0
+smartsprouts.com, 1
+smartsteelus.com, 1
+smartstep.pt, 1
+smartsupply.global, 1
+smartthursday.hu, 1
+smarttins.com, 1
+smartvalor.com, 1
+smartwank.com, 1
+smartweb.ge, 1
+smartwebportal.co.uk, 1
+smartwoodczech.cz, 1
+smartwritingservice.com, 1
+smartwurk.nl, 0
+smarty.cz, 1
+smartzonegsm.ro, 1
+smartzonemikulov.cz, 1
+smash-gg.club, 1
+smashbros-chile.tk, 1
+smashbylaney.com, 1
+smashcooper.tk, 1
+smashingconf.com, 0
+smashingmagazine.com, 1
+smashnl.tk, 1
+smashno.ru, 1
+smavesto.de, 1
+smb-analytics.pw, 1
+smb.wiki, 1
+smb445.com, 1
+smbabyshop.gr, 1
+smbc.co.id, 1
+smbi-gelblasterhq.com.au, 1
+smc.consulting, 1
+smcacre.gov, 1
+smcconsulting.be, 1
+smcconsulting.eu, 1
+smchfujuae.com, 1
+smcj.xyz, 1
+smcpneumatics.com, 1
+smcquistin.uk, 1
+smcvote.gov, 1
+smd-tlt.ru, 1
+smdc.com, 1
+smdcn.net, 1
+smdmetals.com, 1
+sme-gmbh.com, 1
+sme-gmbh.net, 1
+sme.sk, 1
+smedata.sk, 1
+smedix.com, 1
+smeetsengraas.com, 1
+smelly.cloud, 1
+smereka.ua, 1
+smeso.it, 1
+smeta.ml, 1
+smetak.cz, 1
+smetana.pro, 1
+smetbuildingproducts.com, 1
+smeweb.com, 1
+smexpt.com, 1
+smeys.be, 1
+smgl.cm, 1
+smh.me, 1
+smhatelier.com, 1
+smi-a.me, 1
+smialnumenor.tk, 1
+smiatek.name, 1
+smicenter.tk, 1
+smicompact.com, 1
+smictecniservi.com, 1
+smiilliin.com, 1
+smiilliin.site, 1
+smikom.ru, 1
+smile-train.org, 1
+smileback.co.uk, 1
+smilecliniq.com, 1
+smilecon.cf, 1
+smiledirectsales.com, 1
+smiledoctors.com, 1
+smileeye.com.tw, 1
+smilegenerator.tk, 1
+smilenwa.com, 1
+smileofindia.co.in, 1
+smilephi.com, 1
+smilessoftplay.co.uk, 1
+smiletimegh.com, 1
+smileykylie.com, 1
+smileys-emojis.com, 1
+smileytechguy.com, 1
+smilingmiao.com, 1
+smime.io, 1
+smimea.info, 1
+smipty.cn, 1
+smipty.com, 1
+smiraus.cz, 1
+smishnik.tk, 1
+smit.com.ua, 1
+smith-tech.ga, 1
+smith.bz, 1
+smithandellis.com, 1
+smithandnephewpensions.co.uk, 1
+smithandnoble.com, 1
+smithbell.com.ph, 0
+smithchung.eu, 1
+smithcountyelectiontn.gov, 1
+smithcountyms.gov, 1
+smithcountytxtaxrates.gov, 1
+smithf.red, 1
+smithikakart.in, 1
+smithmont.com, 1
+smithsanchez.com, 1
+smithsonian.gov, 1
+smithsstational-fpd.gov, 1
+smithsstational.gov, 1
+smithsystem.net, 1
+smithteresa.tk, 1
+smithwealth.com.au, 1
+smits.com, 1
+smits.frl, 1
+smitsdesigncenter.nl, 1
+smitsmail.net, 1
+smittybilt.com, 1
+smkkesfambatujajar.sch.id, 1
+smkn5smg.sch.id, 1
+sml.lc, 1
+smleaks.com, 1
+smlk.org, 1
+smlstriperfishing.com, 1
+smltour.net, 1
+smm.im, 1
+smm.lu, 1
+smmcab.ru, 1
+smmedia.cz, 1
+smmedya.com, 1
+smmlaba.io, 1
+smmog.tk, 1
+smmpaketleri.com, 1
+smmpanelweb.com, 1
+smmpropaganda.ru, 1
+smmworldbooster.com, 1
+smnz.de, 1
+smoe.cc, 1
+smoivez.tk, 1
+smokeandmirrors.agency, 1
+smokedrhymez.tk, 1
+smokefree.gov, 1
+smokefreeclinic.com.au, 1
+smokefreerowan.org, 1
+smokefreestage.jp, 1
+smokeopedia.com, 1
+smokeping.pl, 1
+smoker.tk, 1
+smokestore.bg, 1
+smoking-robot.com, 1
+smokinghunks.com, 1
+smokingtapes.ga, 1
+smokymountains.fm, 1
+smolbotbot.com, 1
+smolensk-i.ru, 1
+smolensk.ml, 1
+smolensk.tk, 1
+smolkatours.com, 1
+smolnikova.tk, 1
+smolny.org, 0
+smoo.st, 1
+smooth-e.net, 1
+smoothambler.com, 1
+smoothfreight.ca, 1
+smoothics.at, 1
+smoothics.com, 0
+smoothics.eu, 1
+smoothics.mobi, 1
+smoothics.net, 1
+smoothweblife.tv, 1
+smoove.io, 1
+smoqerhome.ddns.net, 1
+smorgasblog.ie, 1
+smoser.eu, 1
+smplace.com, 1
+smplr.uk, 1
+smpn10kotagorontalo.sch.id, 0
+smpnsata.sch.id, 1
+smpositiva.com, 1
+smppcenter.com, 1
+smpred.net, 1
+smprime.com, 1
+smries.com, 1
+smriticharan.com, 1
+smrtgeekdevs.com, 1
+sms-pro.tk, 1
+sms.storage, 1
+sms.to, 1
+sms1.ro, 1
+sms72.tk, 1
+smsalvand.tk, 1
+smsappointment.com, 0
+smsbd.net, 1
+smsben.com, 0
+smsbrana.cz, 0
+smsg-dev.ch, 0
+smsinger.com, 0
+smsk.email, 1
+smskeywords.co.uk, 1
+smskmail.com, 1
+smstec.ru, 1
+smstoreoficial.com.br, 1
+smszone.tk, 1
+smtchahal.com, 1
+smtcn.cc, 1
+smtenants.cn, 1
+smtji.com, 1
+smtnet.com, 1
+smtouseef.com, 1
+smtparish.org, 1
+smtpdev.com, 1
+smtpserver.dk, 1
+smuc-koca.si, 1
+smudge.ai, 1
+smuhelper.cn, 1
+smuncensored.com, 1
+smurffi.net, 1
+smurl.tk, 1
+smusg.com, 0
+smutfactor.com, 1
+smvcm.com, 1
+smvpdev.nl, 1
+smvpro.dk, 1
+smx.net.br, 1
+smxconventioncenter.com, 1
+smylepets.com, 1
+smys.uk, 1
+sn0int.com, 1
+snab-ural.ga, 1
+snabbacash.no, 1
+snacdata.com, 1
+snack-online.com, 1
+snackbartaapje.com, 1
+snackbesteld.nl, 1
+snackbyincome.sg, 1
+snacktakos.gr, 1
+snacky.nl, 1
+snafarms.com, 1
+snafu.cz, 1
+snaildos.tk, 1
+snajdr.online, 1
+snajdrova.eu, 1
+snakafya.com, 1
+snakeanarchy.tk, 1
+snakejs.ga, 1
+snakesandladders.tk, 1
+snakesolid.nl, 1
+snap.com, 1
+snapaffiliate.net, 1
+snapappointments.com, 1
+snapappts.com, 1
+snapbuzz.tk, 1
+snapfinance.com, 1
+snapintegrations.net, 1
+snapkit.com, 1
+snapserv.net, 1
+snapware.tk, 1
+snapworks.net, 1
+snarf.in, 1
+snargol.com, 1
+snatch-note.tk, 1
+snatertlc.it, 1
+snatti.com, 1
+snazel.ae, 1
+snazel.co.il, 1
+snazel.co.uk, 1
+snazel.de, 1
+snazel.ee, 1
+snazzie.nl, 1
+snco.gov, 1
+snd-zentrum.de, 1
+sndbouncycastles.co.uk, 1
+sndcdn.com, 1
+snea-kers.tk, 1
+sneak.berlin, 1
+sneakers-sports.tk, 1
+sneakers88.it, 1
+sneakersmexs.com, 1
+sneakpod.de, 0
+sneakycode.net, 1
+sneakynote.com, 1
+sneakypaw.com, 1
+sneberger.cz, 0
+sneed.company, 1
+sneed.it, 1
+sneedit.com, 1
+sneedit.de, 1
+sneeit.com, 1
+snegozaderzhatel.ru, 1
+snehasish-chakraborty.com, 1
+snekul.net, 1
+snel4u.nl, 1
+snelbv.nl, 1
+snellius.tk, 1
+snelshops.nl, 1
+snelwebshop.nl, 1
+snelwegzen.nl, 1
+snem.tk, 1
+snerith.com, 1
+snesdev.com, 1
+snetts.com, 1
+snfdata.com, 0
+sngallery.co.uk, 1
+sngeo.com, 1
+sngnews.tk, 1
+snh.nrw, 1
+snh48live.org, 1
+snic.website, 1
+sniderman-online.com, 1
+sniderman.co.il, 1
+sniderman.eu.org, 1
+sniderman.org, 1
+sniderman.pro, 1
+sniderman.us, 1
+sniderman.xyz, 1
+sniep.net, 1
+sniffing.gq, 1
+sniffnfetch.com, 1
+sniffy.ee, 1
+snip.software, 1
+snipdrive.com, 1
+sniper.sh, 1
+snipermarkettiming.com, 1
+snipl.io, 1
+snippet.host, 1
+snippet.ml, 1
+snippet.wiki, 0
+snippetpress.com, 1
+snitch.rocks, 1
+snitchnet.tk, 1
+snitko.pro, 1
+snizl.com, 1
+snj.pt, 1
+snli.org, 1
+snlianshang.com, 1
+snnwes.de, 1
+sno-tek.net, 1
+snoerendevelopment.nl, 0
+snooker.tk, 1
+snoot.club, 1
+snorerx.com, 1
+snoringtreatment.tk, 1
+snorkelaroundtheworld.com, 1
+snortfroken.net, 1
+snoska.ga, 1
+snote.io, 1
+snotekbyariens.com, 1
+snoupon.com, 1
+snow-service.it, 1
+snow.dog, 1
+snowalerts.nl, 1
+snowapparel.us, 1
+snowatka.com, 1
+snowboard-break.tk, 1
+snowboardforum.tk, 1
+snowcat.tk, 1
+snowchamps.nl, 1
+snowcrestdesign.com, 1
+snowdon.io, 1
+snowdrop.moe, 1
+snowdy.dk, 1
+snowdy.eu, 1
+snowdy.link, 1
+snowflakeaz.gov, 1
+snowfox.ai, 1
+snowhana.com, 1
+snowhaze.ch, 1
+snowhaze.com, 1
+snowman25.de, 1
+snowmassvillage.gov, 1
+snoworld.one, 1
+snowpak.com, 0
+snowparties.com, 1
+snowpaws.de, 0
+snowplanet.tk, 1
+snowplow.forsale, 1
+snowpro.tk, 1
+snowprosinc.com, 1
+snowraven.de, 1
+snowrippers.ro, 0
+snowschool.tk, 1
+snowshoedistrictwv.gov, 1
+snowsubs.moe, 1
+snowvictoria.ga, 1
+snowy.ink, 1
+snowy.land, 1
+snowyluma.com, 1
+snowyluma.me, 1
+snp-media.de, 0
+snperformance.gr, 1
+snrat.com, 1
+snrd-africa.net, 1
+snrd.de, 1
+snrd.eu, 1
+snroth.de, 1
+snrub.co, 1
+sns-beta.com, 1
+sns-dev.com, 1
+sns-tg.pl, 1
+snsirius.cf, 1
+snsp.es, 1
+snsp.nl, 1
+snsp.ro, 1
+sntial.co.za, 1
+sntry.cc, 1
+snugsite.com.au, 1
+snukep.kr, 1
+snwsjz.com, 1
+snyder-ne.gov, 1
+so-link.co, 1
+so-spa.ru, 1
+so.is-a-cpa.com, 1
+so.ninja, 1
+soacompanhantes.vip, 1
+soadultos.com, 1
+soakgames.com, 1
+soap-teco.com, 1
+soapex.com, 1
+soapsspoilers.com, 1
+soar-npc.org, 1
+soat.fr, 0
+soatplus.com, 1
+soax.com, 0
+sobakasite.tk, 1
+sobaki.tk, 1
+sobatiment.fr, 1
+sobchak.ga, 1
+sobersys.com, 1
+sobieray.dyndns.org, 1
+soblaznenie.ru, 1
+soblaznenie2.ru, 1
+sobranie.mk, 0
+sobre.tk, 1
+sobrelixo.tk, 1
+sobreporcentagem.com, 1
+sobuj.me, 1
+soc.net, 1
+soc247.cloud, 1
+socal-babes.com, 1
+socblock.com, 1
+soccer4live.com, 1
+soccerking-store.com, 1
+soccerquarters.tk, 1
+soccers.fr, 1
+soccorsostradale.lazio.it, 1
+soccorsostradale.roma.it, 1
+socfactor.ru, 1
+sochealth.co.uk, 1
+socheap.win, 1
+sochi-sochno.ru, 1
+sochi.tatar, 1
+sochionline.tk, 1
+soci.ml, 1
+sociaalwerknederland.nl, 1
+sociability.dk, 1
+social-class.ga, 1
+social-directory-list.tk, 1
+social-engineering.tk, 1
+social-line.tk, 1
+social-media-strategy.org.uk, 1
+social-net.ir, 1
+social-network.tk, 1
+social-work-colleges.com, 1
+social-work.tk, 1
+socialab.gr, 1
+socialace.in, 1
+socialair.tk, 1
+socialarchive.nl, 1
+socialblaze.com.au, 1
+socialbook2015.ga, 1
+socialbook2015.gq, 1
+socialbook2015.ml, 1
+socialbook2015.tk, 1
+socialcare.wales, 1
+socialclimb.com, 1
+socialcredit.icu, 1
+socialdemo.ga, 1
+socialdemo.ml, 1
+socialdemo.tk, 1
+socialdevelop.biz, 0
+socialeducation.tk, 1
+socialesactivo.ga, 1
+socialesretro.tk, 1
+socialfreak.cf, 1
+socialgroups.tk, 1
+socialhams.net, 1
+socialhax.com, 1
+socialhp.com, 1
+socialism.tk, 1
+socialist-alliance.org, 0
+socialistregister.com, 1
+socialistyouth.tk, 1
+sociality.io, 1
+socializator.tk, 1
+socialloots.com, 1
+socialmarketingday.nl, 1
+socialmatch.de, 1
+socialmedia-manager.gr, 1
+socialmediadisruption.com, 1
+socialmedias.tk, 1
+socialmeeps.ml, 1
+socialnet.ml, 1
+socialnetworkdemo.tk, 1
+socialnews.ga, 1
+socialnitro.com, 1
+socialnous.co, 1
+socialpa.ws, 1
+socialplace.net, 1
+socialproject.ml, 1
+socials.gq, 1
+socialsecurity.gov, 0
+socialstrata.com, 1
+socialsurvivalist.net, 1
+socialtactics.cf, 1
+socialtactics.ga, 1
+socialtactics.gq, 1
+socialtactics.ml, 1
+socialtick.club, 1
+socialtournaments.com, 0
+socialtranslation.ga, 1
+socialtrends.pl, 1
+socialwave.tk, 1
+socialworkdegrees.org, 1
+socialworkout.net, 1
+socialworkout.org, 1
+socialworkout.tv, 1
+sociedad-electronica.tk, 1
+sociedadadventista.tk, 1
+sociedadcivil.tk, 1
+sociedadderesistencia.tk, 1
+sociedadecologica.tk, 1
+sociedadsostenible.tk, 1
+societatis.fr, 1
+societe-chablaisienne-de-revetements.com, 1
+societe-chablaisienne-de-revetements.fr, 1
+societyawards.com, 1
+societyofbur-q-ua.tk, 1
+societyparty.ga, 1
+socii.network, 1
+socilit.com, 1
+sociobiology.com, 1
+sociofab.com, 1
+sociohosting.es, 1
+sociology-bg.gq, 1
+sociology-schools.com, 1
+sociologyk.nl, 1
+sociopampers.com.ar, 1
+sociopathy.org, 1
+sociosalafuerza.tk, 1
+socious.io, 1
+sociusian.gq, 1
+sockfetish.net, 1
+sockscap64.com, 1
+socksfromholland.com, 1
+socktopus.io, 1
+socomforums.tk, 1
+soconj.gov, 1
+socprime.com, 1
+socratec-pharma.de, 1
+socraticsolutions.us, 1
+socseti.cf, 1
+socseti.ga, 1
+socseti.gq, 1
+socseti.ml, 1
+socstar.ml, 1
+socstation.com, 1
+soczu.duckdns.org, 1
+soda-net.com, 0
+soda.ga, 1
+sodadigital.com.au, 1
+sodafilm.de, 1
+sodalai.tk, 1
+sodel-sa.eu, 1
+soderestore.com, 1
+sodermans.com, 1
+soderparr.com, 1
+sodexam.pro, 1
+sodi.gent, 1
+sodi.nl, 1
+sodigent.be, 1
+sodigent.gent, 1
+sodirace.com, 1
+sodo.top, 1
+sodom-metal.tk, 1
+sodrujestvo.tk, 1
+sodsouthernindiana.com, 1
+sodusny.gov, 1
+soe-server.com, 1
+soegi-haru.com, 1
+soellc.com, 1
+soellner.info, 1
+soelt.dk, 1
+soelta.com, 1
+soengen.com, 1
+soenkem.ddnss.de, 1
+soepvork.nl, 1
+sofa-bed.tk, 1
+sofa-rockers.org, 1
+sofabedshop.de, 1
+sofacamafuton.com.br, 1
+sofasthousebuyers.com, 1
+sofaware.eu, 1
+sofdwi.gov, 1
+soff.se, 1
+soffit.com, 1
+sofi.codes, 1
+sofiaestado.com, 1
+sofialobocera.com, 1
+sofianeves.tk, 1
+sofias.tk, 1
+sofiavanmoorsel.com, 1
+sofibox.com, 1
+sofiesteinfeld.com, 1
+sofiesteinfeld.de, 1
+sofoco.us, 1
+sofortcutie24.de, 1
+sofortimplantate-muenchen.de, 1
+sofortindenurlaub.de, 1
+sofpedia.ro, 0
+soft-key.tk, 1
+soft-office.tk, 1
+soft-resets.com, 1
+soft-search-system.tk, 1
+soft.taipei, 1
+soft41.ru, 1
+soft4led.com, 1
+softandbouncy.co.uk, 1
+softanka.com, 1
+softarabi.com, 1
+softbabyducks.com, 1
+softbit.pt, 1
+softblinds.co.uk, 1
+softchin.ir, 1
+softcloudone.com, 1
+softcom.net, 0
+softcompany.tk, 1
+softcomplex.com, 1
+softconcept.pt, 1
+softcreatr.com, 1
+softcreatr.de, 1
+softekontrack.com, 1
+softelectronet.tk, 1
+softfuture.tk, 1
+softhints.com, 1
+softios.com, 1
+softizy.com, 1
+softlay.com, 1
+softline.ru, 0
+softmas.cl, 1
+softnet-consulting.com, 1
+softonic-ar.com, 1
+softonic-id.com, 1
+softonic-th.com, 1
+softonic.cn, 1
+softonic.com, 1
+softonic.com.br, 1
+softonic.com.tr, 1
+softonic.jp, 1
+softonic.kr, 1
+softonic.nl, 1
+softonic.pl, 1
+softonic.ru, 1
+softonic.vn, 1
+softonit.ru, 1
+softonline.net, 1
+softowe.com, 1
+softpark.cf, 1
+softpark.ml, 1
+softplay4hire.co.uk, 1
+softsecmatheodexelle.be, 1
+softskills.tech, 1
+softskin.ga, 1
+softstack.ru, 1
+softtester.tk, 1
+softview.gq, 1
+softview.tk, 1
+software-search.com, 1
+software-tech.tk, 1
+software-voor-projecten.nl, 1
+software.rocks, 1
+softwareag-stage.cloud, 1
+softwarebeveiligingtestdomein.be, 1
+softwarechris.com, 1
+softwarecloud.ml, 1
+softwareclub.tk, 1
+softwarehexe.de, 1
+softwarepara.net, 1
+softwarepatenten.tk, 1
+softwarepixie.com, 1
+softwaresanta.com, 1
+softwaresecurityandradefernando.be, 1
+softwaterinc.com, 1
+softweb-dev.de, 1
+softwerk-edv.de, 1
+softwing.de, 1
+softwsabri.be, 1
+softx.tk, 1
+sog-gilde.tk, 1
+sogaro-realestate.de, 1
+sogec-digital.fr, 1
+sogeek.me, 1
+sogesel.es, 1
+sogo.com.hk, 1
+sogo.com.my, 0
+sogola.com, 1
+sogoreate-landtrust.org, 1
+sogravatas.com.br, 1
+sogravatas.net.br, 1
+sogutma.com.tr, 1
+sohamroy.me, 1
+sohanakhan.tk, 1
+sohanman.com, 1
+sohka.eu, 1
+soho-art.com, 1
+soia.ca, 1
+soilegustafsson.fi, 1
+soillessgeek.com, 1
+soinsparlesmains.fr, 1
+sointelcom.com.co, 1
+soinvett.com, 0
+soissons-technopole.org, 1
+soji.io, 1
+sokak-sanati.tk, 1
+sokenconstruction.com, 1
+soket.ee, 1
+sokkenkraam.nl, 1
+soko.reisen, 1
+sokolin.com, 1
+sokolmelnik.tk, 1
+sokolovskyi.ml, 1
+sokolslavkov.tk, 1
+sokouchousa.net, 1
+sokrabatt.se, 1
+sokretirement.com, 1
+sol-3.de, 0
+sol-design.jp, 1
+sol-negro.tk, 1
+sol.de, 1
+sol24.net, 1
+solaland.co.uk, 1
+solalnathan.com, 1
+solalt.com, 1
+solana-active.tk, 1
+solanacasinos.io, 1
+solanaroyale.com, 0
+solandsimonasphalt.com, 1
+solanocounty.gov, 1
+solanowonen.nl, 1
+solarace.tk, 1
+solaradventures.icu, 1
+solarafrica.com, 1
+solaranalytics.com, 1
+solaranalytics.com.au, 1
+solarandenergyspecialists.com, 1
+solarbattery.ga, 1
+solarbynatureinc.com, 1
+solarcia.com.br, 1
+solareagricola.it, 1
+solarfaa.ir, 1
+solarfever.ga, 1
+solargaming.tk, 1
+solarhome.ml, 1
+solarhome.tk, 1
+solariilacheie.ro, 1
+solarisbank.de, 1
+solarisgroup.com, 1
+solarium.gov, 1
+solarium.milano.it, 1
+solarloon.com, 1
+solaronics.tk, 1
+solarpanelquotes.org, 1
+solarpanels.tk, 1
+solarplan-berlin.de, 1
+solarrights.org, 1
+solarscan.com, 1
+solarseason.ga, 1
+solarstrom.net, 1
+solartek.cf, 1
+solartek.ga, 1
+solartek.gq, 1
+solartrackerapp.com, 1
+solartravel.tk, 1
+solarwave.tk, 1
+solarwind.cf, 1
+solati.co, 1
+solautoescuela.com, 1
+solaxfaq.com, 1
+solbjer.se, 1
+solcloud.eu, 1
+solcom.de, 1
+soldamontanhabeachwear.com.br, 1
+soldarizona.ga, 1
+soldaten-genealogie.tk, 1
+soldbygagan.com, 1
+solden.be, 1
+soldesduck.be, 1
+soldesduck.ch, 1
+soldierangels.tk, 1
+soldieroftruthpublishing.com, 1
+soldiersmg.tk, 1
+sole-erdwaermetauscher.de, 1
+soleanos.tk, 1
+solechuva.com.br, 1
+solectrus.de, 1
+soledadmataro.tk, 1
+soledadpenades.com, 0
+soleil33.net, 1
+solemare-hotel.it, 1
+solencell.com.tr, 1
+solentbasketball.co.uk, 1
+solentbubblesandbounce.co.uk, 1
+solfegiator.ch, 0
+solfipinformatique.org, 1
+solgar.dk, 1
+soli.cafe, 1
+solicafe.at, 1
+solidariaautos.com, 1
+solidarita-kosovo.net, 1
+solidarityzone.org, 1
+solidform.ml, 1
+solidgroundchiro.com, 1
+solidhost.cf, 1
+solidian.com, 1
+solidimage.com.br, 1
+solidincome.ga, 1
+solidityfactory.io, 1
+solidnet.software, 1
+solidnetwork.org, 1
+solidpurenonsense.tk, 1
+solidray.co.jp, 1
+solidshield.com, 1
+solidsteel.tk, 1
+solidtuesday.com, 1
+solidway.co.nz, 1
+solifi.com, 1
+soligorsk.place, 1
+solihullcarnival.co.uk, 1
+solihullinflatables.com, 1
+solihulllionsclub.org.uk, 1
+solihullobserver.co.uk, 1
+solihullpcrepairs.co.uk, 1
+solikreis-stuttgart.tk, 1
+solipsists.tk, 1
+solisrey.es, 1
+solitairenetwork.com, 1
+solitary.social, 1
+solitaryride.com, 1
+soliten.de, 1
+soliujing.ml, 1
+solium.com, 1
+soliver-group.com, 1
+sollah.com, 1
+sollahlibrary.com, 1
+solliv.com, 1
+solmek.co.uk, 1
+solnascentepapelaria.com.br, 1
+solntsezaschitnye-ochki.tk, 1
+solo.com.sa, 1
+solobus.com.co, 1
+solocorse.com, 1
+solodukhin.tk, 1
+solofajas.online, 1
+solofi.fr, 1
+sologetaway.ga, 1
+sologoc.com, 1
+sologstrand.com, 1
+sologstrand.dk, 1
+sologstrand.nl, 1
+sologstrand.no, 1
+sologstrand.se, 1
+soloinfo.it, 1
+soloingenieria.tk, 1
+solomidis.tk, 1
+solomo.pt, 1
+solomoncorp.com, 1
+solomonsklash.io, 1
+solongandthanksforallthe.fish, 1
+soloparati.cf, 1
+soloprivacidad.com, 1
+soloproductos.top, 1
+soloreti.com, 1
+soloroboto.com, 1
+solos.im, 1
+solosesso.tk, 1
+solostocks.cl, 1
+solostocks.com, 1
+solostocks.com.ar, 1
+solostocks.com.br, 1
+solostocks.com.co, 1
+solostocks.com.mx, 1
+solostocks.de, 1
+solostocks.fr, 1
+solostocks.it, 1
+solostocks.ma, 1
+solostocks.net, 1
+solostocks.pl, 1
+solostocks.pt, 1
+solovey.su, 0
+solovia.ru, 1
+solovyovalawfirm.com, 1
+solsea.io, 1
+solsi.ga, 1
+solsombra-abdl.com, 1
+solsticecam.com, 1
+soltanastore.com, 1
+solucion.gq, 1
+solucionesmk.online, 1
+solucionupsperu.com, 1
+solunet.com.ar, 1
+solutek.com.au, 1
+solution24.nl, 1
+solutionalbum.com, 1
+solutionmotsfleches.com, 1
+solutionpieces.com, 1
+solutionplumber.com, 1
+solutions-ii.com, 1
+solutions-it.net, 1
+solutions30.com, 1
+solutionshosted.de, 1
+solutiontutorials.com, 1
+solutys-btp-logistic.com, 1
+solutysmultiservices.com, 1
+soluzionefightlist.altervista.org, 1
+soluzionifightlist.cf, 1
+solv.ws, 1
+solvation.de, 1
+solvaybank.com, 1
+solvedapp.io, 1
+solviejo.tk, 1
+solvin.com, 1
+solviq.com, 1
+solware.co.uk, 1
+solwaveovens.com, 1
+solweb.co.uk, 1
+solwit.com, 1
+solxsys.com, 0
+solymar.co, 1
+soma.com.au, 1
+somaar.tk, 1
+somaini.li, 1
+somaliaonline.com, 1
+somalilandtalk.tk, 1
+somanao.com, 1
+somautomotivobr.com.br, 1
+someapi.de, 1
+somecrazy.com, 1
+somedial.ch, 1
+somedomain.tk, 1
+somehsara.tk, 1
+someog.com, 0
+somerm.com, 1
+somerprints.co.uk, 1
+somersetcountynj.gov, 1
+somersetscr.nhs.uk, 1
+somersetwellbeing.nhs.uk, 1
+somersworthnh.gov, 1
+somes.me, 1
+someserver.cf, 1
+something-blue.tk, 1
+something-else.cf, 1
+something.pink, 1
+somethingsimilar.com, 1
+somethingsketchy.net, 1
+somevideotapes.com, 1
+somewherenews.cf, 1
+somewherenews.ga, 1
+somewherenews.gq, 1
+somewherenews.ml, 1
+somi.nl, 1
+sominemo.com, 1
+somix.com, 1
+soml.best, 1
+sommarles.no, 1
+somme.tk, 1
+sommefeldt.com, 1
+sommeil.cl, 1
+sommeilsante.com, 1
+sommer-reitmajer.de, 1
+sommerhusudlejning.com, 1
+sommerles.no, 1
+sommerplassen.no, 1
+somnam.tk, 1
+somni.one, 1
+somnium.click, 1
+somnus.com, 1
+somogyivar.hu, 1
+somosfin-app.com, 1
+somosgesath.com, 1
+somosgratitude.com.br, 1
+somoslaarmenia.com, 1
+somosweb.cf, 1
+sompo-intl.com, 1
+sompo.com.br, 1
+somsak.de, 1
+somuchbetterwithage.com, 1
+somweyr.de, 1
+son-onlajn.cf, 1
+son-onlajn.ga, 1
+son-onlajn.gq, 1
+son-onlajn.ml, 1
+son-onlajn.tk, 1
+son-tolkovatel.cf, 1
+son-tolkovatel.ga, 1
+son-tolkovatel.gq, 1
+son-tolkovatel.ml, 1
+son-tolkovatel.tk, 1
+son.ru, 1
+sona-gaming.com, 1
+sona.fr, 1
+sonacupalova.cz, 1
+sonalisharma.co.in, 1
+sonar.ga, 1
+sonaraamat.com, 1
+sonarhmx01.serveftp.org, 1
+sonarhmx02.serveftp.org, 1
+sonarsource.com, 1
+sonavankova.cz, 1
+sonaza.com, 1
+sonaza.fi, 1
+sonbilgi.net, 1
+soncini.ch, 1
+soncnaura.si, 1
+sondebase.com, 1
+sondemitierra.tk, 1
+sonder.com.au, 1
+sonderfloral.com, 1
+sonderkomission.ch, 1
+sondoro.tk, 1
+sondriotoday.it, 1
+sonesinafar.tk, 1
+sonesisonesi.tk, 1
+sonesonesisi.tk, 1
+sonet.digital, 1
+sonet.uz, 1
+song.ski, 1
+songclan.tk, 1
+songdew.com, 1
+songesdeplumes.fr, 1
+songlifty.com, 1
+songslaura.tk, 1
+songsonline.tk, 1
+songsterr.com, 1
+songsthatsavedyourlife.com, 1
+songtianyi.com, 1
+songun.ml, 1
+songyang.cn, 1
+songzhuolun.com, 1
+sonia.ai, 1
+soniaai.com, 1
+soniaferrer.tk, 1
+sonic.network, 1
+sonic.sk, 0
+sonic.studio, 1
+sonicdoe.com, 1
+sonicdx.com.au, 1
+soniclaunchpad.com, 1
+soniclink.tk, 1
+sonicshop.tk, 1
+sonicwanderer.tk, 1
+sonicworld.tk, 1
+sonidosbinaurales.com, 1
+sonidoslibertarios.tk, 1
+sonik.tk, 1
+sonimusic.tk, 1
+soninger.ru, 1
+sonix.dk, 1
+sonixonline.com, 1
+sonixpro.com, 1
+sonja-daniels.com, 1
+sonja-kowa.de, 1
+sonjaruster.de, 1
+sonjaundjeromeheiraten.jetzt, 1
+sonjoux.com, 1
+sonkamusic.tk, 1
+sonlapc.vn, 1
+sonmark.ru, 1
+sonnenbergharrison.law, 1
+sonnendeal.ml, 1
+sonnendeal.tk, 1
+sonnenta.de, 1
+sonneundstrand.de, 1
+sonnik-znachenie-sna.cf, 1
+sonnik-znachenie-sna.ga, 1
+sonnik-znachenie-sna.gq, 1
+sonnik-znachenie-sna.ml, 1
+sonnik-znachenie-sna.tk, 1
+sonnyland.tk, 1
+sonodrom.tk, 1
+sonoecoracao.com.br, 1
+sonofsunart.com, 1
+sonohigurashi.blog, 1
+sonologic.nl, 1
+sonology.tk, 1
+sonomacounty.gov, 1
+sonomacountywriterscamp.com, 1
+sonomotors.com, 1
+sonoratexas.gov, 1
+sonorem-audition.fr, 1
+sonosguide.dk, 1
+sonraisecurity.com, 1
+sons.cf, 1
+sons.tk, 1
+sonsight.tk, 1
+sonsonate.cf, 1
+sonsonate.tk, 1
+sontaycamera.com, 0
+sony-psvita.ru, 1
+sonyazi.com, 1
+soohealthy.nl, 1
+soom.ga, 1
+soom.tk, 1
+soomee.be, 1
+soomee1.be, 1
+soontm.net, 1
+soopure.nl, 1
+soopy.moe, 1
+sopelaotaez.tk, 1
+sopenguin.com, 1
+soph.jp, 1
+soph.tk, 1
+soph.us, 1
+sopheos.com, 0
+sopher.io, 1
+sophia.com.br, 1
+sophiaandmatt.co.uk, 1
+sophiafoundation.org, 1
+sophiahatstudio.com, 1
+sophiajaneboutique.com, 1
+sophiakligys.com, 1
+sophie-revault.fr, 1
+sophiebreslin.co.uk, 1
+sophiefrutti.gr, 1
+sophiekush.com, 1
+sophier.tk, 1
+sophomoric.ga, 1
+sophos.com, 1
+sophus.com.br, 1
+sopilov.tk, 1
+sopira.ru, 1
+sopo.me, 1
+soportelatino.ml, 1
+sopra.tk, 1
+soprabalao.com.br, 1
+sopriza.com, 1
+sopronforras.tk, 1
+soprovise.fr, 1
+sopsop.tk, 1
+soquee.net, 0
+sor.so, 1
+sorabi.jp, 1
+soraharu.com, 0
+soraiaschneider.com.br, 1
+sorakumo.jp, 1
+sorbire.com, 1
+sorcix.com, 1
+sorellecollection.com.au, 1
+sorellinteriors.com, 1
+soren.xyz, 1
+sorenstudios.com, 1
+sorex.photo, 1
+sorin.cc, 1
+sorincocorada.ro, 1
+sorn.service.gov.uk, 1
+sornyaki.tk, 1
+sorocabacopos.com.br, 0
+sorpresashop.nl, 0
+sorrentofc.com.au, 1
+sorrentoparking.com, 1
+sorridi.xyz, 1
+sorrowfulunfounded.com, 1
+sort.land, 1
+sortandpack.com, 1
+sortaweird.net, 0
+sorted.org.nz, 1
+sorteiosdotom.com.br, 1
+sortek.mk, 1
+sorteonline.com.br, 1
+sorting.ai, 1
+sortirentrenous.com, 1
+sorubak.com, 1
+soruly.com, 1
+soruly.io, 1
+soruly.moe, 1
+soruly.net, 1
+soruly.org, 1
+sorunrehberi.com, 1
+sorveglianza.roma.it, 1
+sorwi.gov, 1
+sorx.tech, 1
+sorz.org, 1
+sos-brigade.org, 1
+sos-deratisation.com, 1
+sos-elettricista.it, 1
+sos-fabbro.it, 1
+sos-falegname.it, 1
+sos-idraulico.it, 1
+sos-loodgieter.com, 1
+sos-muratore.it, 1
+sos.sk, 0
+sos.xxx, 1
+sosafe-awareness.com, 1
+sosaka.ml, 1
+sosaka.tk, 1
+soscavehumide.fr, 1
+sosecu.red, 1
+sosedisetka.tk, 1
+sosesh.shop, 1
+sosessaimabeilles.com, 1
+sosharch.com, 1
+soshin.cf, 1
+sosimple.academy, 1
+sosisuka.ga, 1
+sosko.in.rs, 1
+soslsd.org, 0
+sosmicro.tk, 1
+sosnovka.ga, 1
+soso.ga, 1
+soso.loan, 1
+soso.ml, 1
+soso.stream, 1
+sosoft.tk, 1
+sosoftplay.co.uk, 1
+sosok.tk, 1
+sosou.eu, 0
+sospechhulp.nl, 1
+sospeed.net, 1
+sosregistration.eu, 1
+sostacancun.com, 1
+soste.fi, 0
+sosteric.si, 1
+sosuchki.com, 1
+sosyalat.com, 1
+sosyalpro.com.tr, 1
+sosz.org, 1
+sota.sh, 1
+sotadb.info, 1
+sotaltamer.it, 1
+sotar.us, 1
+soterdev.com, 1
+sotin-hr.tk, 1
+sotis.bg, 1
+sotnya.cf, 1
+sotnyk.ml, 1
+sotoasobi.net, 1
+sotocine.tk, 1
+sotolar.com, 1
+sotonlgbt.org.uk, 1
+sotool.dk, 1
+sotovik.tk, 1
+sotsiaalkindlustusamet.ee, 0
+sotthewes.nl, 1
+sottilealimentos.com.br, 1
+sottomarini.tk, 1
+sotypicallydutch.nl, 1
+soubriquet.org, 1
+soufastnet.com.br, 1
+souga.eu.org, 1
+sougou.com, 1
+souked.com, 1
+soukka-seura.fi, 1
+soukodou.jp, 1
+soul-source.co.uk, 1
+soulc.ml, 1
+soulcasa.com.br, 1
+soulconstructors.com, 1
+soulcrazy.org, 1
+souldecorpaints.co.nz, 1
+soulema.com, 1
+souletter.com, 1
+soulike.tech, 1
+soulinbusiness.ga, 1
+soulla.tk, 1
+soulmating.de, 1
+soulmusic.tk, 1
+soulnatura.es, 1
+soulogic.com, 1
+soulpetrol.in, 1
+soulpowercoaching.ga, 1
+soulreapers.tk, 1
+soulshare.com, 1
+soulshare.net, 1
+soulshow.tk, 1
+soulsinner.tk, 1
+soulsteer.com, 0
+soulwinning.tk, 1
+soulyfunerals.co.nz, 1
+soulyi.io, 1
+soumen.tk, 1
+soumikghosh.com, 1
+soumission-assurances.ca, 1
+soumissionalarme.ca, 1
+soumya.xyz, 1
+soumya92.me, 1
+sounah.com, 1
+sound-gardens.com, 1
+sound-orpheus.tk, 1
+sound-recording.org, 1
+sound-wave.tk, 1
+sound.as, 1
+soundabout.nl, 1
+soundar.eu.org, 1
+soundar.net, 1
+soundbase.tk, 1
+soundblast.tk, 1
+soundcache.tk, 1
+soundcamp.org, 1
+soundcharts.com, 1
+soundclick.com, 1
+soundcloud-to-mp3.com, 1
+soundcloud.com, 1
+soundee.com, 1
+soundeo.com, 1
+soundeo.net, 1
+soundersmusic.com, 1
+soundexclusive4ever.tk, 1
+soundfingers.com, 1
+soundgasm.net, 1
+soundgo.gq, 1
+soundinthesignals.tk, 1
+soundlight.tk, 1
+soundman.ga, 1
+soundmix.tk, 1
+soundmk.ch, 1
+soundmoney.club, 1
+soundmoney.page, 1
+soundmoney.tech, 1
+soundoffsignal.com, 1
+soundonmike.tk, 1
+soundproofingideas.com, 1
+soundprotectionllc.com, 1
+soundrecords.tk, 1
+soundrelief.com, 0
+soundresource.tk, 1
+soundrise.tk, 1
+sounds-resource.com, 1
+sounds.koeln, 1
+soundservice.gr, 1
+soundshepard.tk, 1
+soundslike.gent, 1
+soundtrash.tk, 1
+soundtube.tk, 1
+soundwavefestival.tk, 1
+soundzimega.tk, 1
+soungui.cm, 1
+soungui.com, 1
+soungui.net, 1
+soupbuahtaza.id, 1
+sour.is, 1
+souravbhor.gq, 1
+souravbhor.ml, 1
+source-clan.tk, 1
+sourceaudio.co.uk, 1
+sourceaudio.com, 1
+sourceaudiodetect.com, 1
+sourcecode.hosting, 1
+sourcecode.love, 1
+sourcecode.tw, 1
+sourcegraph.com, 1
+sourcehut.net, 1
+sources.tk, 1
+sourcesdegarrigue.fr, 1
+sourcexchange.net, 1
+sourcing4exports.co.uk, 1
+sourcitec.com, 1
+souria.tk, 1
+sourlakepd.gov, 1
+sourmatt.xyz, 1
+sourraundweb.tk, 1
+sourse.co, 1
+sous-surveillance.net, 0
+southadamswaterco.gov, 1
+southafrican.dating, 1
+southambouncycastle.co.uk, 1
+southamptontownnypolice.gov, 1
+southbankregister.com.au, 1
+southbaylatherapy.com, 1
+southbendflooring.com, 1
+southboroughma.gov, 1
+southbridge-ma.gov, 1
+southcarolinahealth.tk, 1
+southdakotahealth.tk, 1
+southdakotanet.tk, 1
+southeastradiology.com, 1
+southeastvalleyurology.com, 1
+southerncross.tk, 1
+southernforge.com, 1
+southerngospelnow.com, 1
+southerngospelprizes.com, 1
+southernknightsatlanta.com, 1
+southernlights.cf, 1
+southernlights.club, 1
+southernlights.gq, 1
+southernlights.ml, 1
+southernlights.site, 1
+southernmost.us, 1
+southernsecurity.org, 1
+southernsurgicalga.com, 1
+southernvalve.com, 1
+southernviewmedia.com, 1
+southernwatersolutions.com, 1
+southessexstatus.co.uk, 1
+southfieldtownshipmi.gov, 1
+southgatemi.gov, 1
+southgatesystems.com, 1
+southgeorgiacargotrailers.org, 1
+southjacksonville-il.gov, 1
+southjerseyhomes.info, 1
+southkingstownri.gov, 1
+southlakenissanparts.com, 1
+southlaketx.gov, 1
+southlandcasino.com, 1
+southlandurology.com, 1
+southmarengo.com, 1
+southmarengoal.gov, 1
+southmelbourne.apartments, 1
+southmill.com, 1
+southmilwaukee.gov, 1
+southmorangtownhouses.com.au, 1
+southogdencity.gov, 1
+southphoenixair.tk, 1
+southridgeservices.com, 1
+southside-crew.com, 1
+southside-digital.co.uk, 1
+southside-tuning-day.de, 1
+southsidebargaincenter.com, 1
+southsidebuildingcenter.com, 1
+southsideplacetx.gov, 1
+southstpaulmn.gov, 1
+southtoowoombahawks.com.au, 0
+southwebsterohio.gov, 1
+southwestkansaslibrarysystem.gov, 1
+southwestpremierurology.com, 1
+southwestrda.org.uk, 1
+southwesttest.co.uk, 1
+southwestwildlife.org, 1
+southwickma.gov, 1
+southwindsor-ct.gov, 1
+southyorkshire-pcc.gov.uk, 1
+southyorkshireviolencereductionunit.com, 1
+soutien-naissance.com, 1
+souto.eu, 1
+souvenirs-gifts.tk, 1
+souzanabellydance.com, 1
+sova-center.ru, 1
+sova.cc, 1
+sova.st, 1
+sova.wiki, 1
+sovendus.ch, 1
+sovendus.com, 1
+sovendus.de, 1
+sovendus.dk, 1
+sovendus.es, 1
+sovendus.fr, 1
+sovendus.it, 1
+sovendus.nl, 1
+sovendus.pl, 1
+sovendus.se, 1
+sovereign.bounceme.net, 1
+sovereignpcs.com, 1
+soverin.net, 1
+sovest.ml, 1
+sovet4ik.info, 1
+soveti.info, 1
+sovetidachniku.info, 1
+sovetiogorodniku.info, 1
+sovhoz.tk, 1
+sovmestimost-goroskop.cf, 1
+sovmestimost-goroskop.ga, 1
+sovmestimost-goroskop.gq, 1
+sovmestimost-goroskop.ml, 1
+sovmestimost-zodiak.gq, 1
+sovos.com, 1
+sovremenik.tk, 1
+sovryn.com, 1
+sovtech.tk, 1
+sovxoz.gq, 1
+sowget.com, 1
+sowhat.dk, 0
+sowncloud.de, 1
+sowndfinancial.com, 1
+sowsmallgarden.com, 1
+sowtarabiya.com, 1
+soybase.org, 1
+soychile.cl, 1
+soycomocomo.es, 1
+soydoula.com, 1
+soydxn.com, 1
+soyezonline.fr, 1
+soyladani.com, 1
+soylemeztrading.com, 1
+soytusitio.com, 1
+soyunperro.com, 1
+soyuznik.ml, 1
+soyvigilante.com, 1
+sozai-good.com, 1
+sozai.tk, 1
+sozdanie-krana.ml, 1
+soze.in, 1
+sozialabstand.de, 1
+soziale.email, 1
+sozialismus.tk, 1
+sozialistische-gruppe.de, 1
+sozialy.com, 1
+sozon.ca, 1
+sp-az.com, 1
+sp-codes.de, 1
+sp-consulting.ch, 1
+sp-dh.com, 1
+sp-gg.com, 1
+sp-magic.de, 1
+sp-pn.com, 1
+sp-sites.com.au, 1
+sp.rw, 1
+sp03.de, 1
+sp8ce.co, 1
+spa-center.tk, 1
+spaallegretto.com, 1
+spabellabolivia.com, 1
+spac2stock.com, 1
+space-art.tk, 1
+space-combat.tk, 1
+space-for.business, 1
+space-inc.co.jp, 1
+space-it.de, 1
+space-mining.cf, 1
+space-net.ml, 1
+space-station.tk, 1
+space-time-elements.com, 1
+space-y.cf, 1
+space.gov.ae, 1
+spaceage.mp, 1
+spaceanimalnutrition.com, 1
+spaceapi.io, 1
+spacebabies.nl, 1
+spacebear.ee, 1
+spacebestnews.tk, 1
+spacecaps.xyz, 1
+spacecityweather.com, 1
+spacecorp.de, 1
+spacedance.tk, 1
+spacedogs.ml, 1
+spacedrive.nl, 1
+spacefighters.tk, 1
+spacehey.com, 1
+spacehighway.ms, 1
+spacehighways.net, 1
+spaceholder.cc, 1
+spacehost.de, 1
+spaceint.fr, 1
+spacelabs.io, 1
+spacelandpark.ga, 1
+spacelift.io, 1
+spacenerd.it, 1
+spaceon.tk, 1
+spacepirates.tk, 1
+spacepixel.ml, 1
+spacepunks.de, 1
+spacerocksmc.tk, 1
+spaceroot.cz, 1
+spacesedu.com, 1
+spaceshells.tk, 1
+spacestation13.com, 1
+spacetime.am, 0
+spaceunique.de, 1
+spaceunique.eu, 1
+spacinov.com, 1
+spacivox.com, 1
+spackova.cz, 1
+spacomic.com, 1
+spaconnection.com, 1
+spaconsulting.it, 1
+spactostock.com, 1
+spadok.org.ua, 1
+spaenny.tf, 1
+spaghettiphreakers.tk, 1
+spaghettiwesterns.tk, 1
+spagobudapest.com, 1
+spahireleeds.co.uk, 1
+spainemotions.com, 1
+spaink.net, 1
+spainpol.es, 1
+spajk.cz, 1
+spalnobelyo.com, 1
+spaltron.net, 1
+spamasaurus.com, 1
+spamcage.com, 1
+spamdrain.com, 1
+spamedica.com.co, 1
+spamhunter360.gq, 1
+spamlinks.net, 1
+spammable.com, 1
+spamtuning.tk, 1
+spamty.eu, 1
+spanch.cf, 1
+spanch.ga, 1
+spanch.gq, 1
+spanch.ml, 1
+spanch.tk, 1
+spanchelele.cf, 1
+spanchelele.ga, 1
+spanchelele.gq, 1
+spanchelele.ml, 1
+spanchelele.tk, 1
+spanda.io, 1
+spandrusyszyn.com, 1
+spanglishls.com, 1
+spanien.guide, 1
+spanischunterricht.tk, 1
+spanishblackboard.com, 1
+spanishdogs.tk, 1
+spanishenglish.net, 1
+spanishnewsarticles.tk, 1
+spanishnow.tk, 1
+spankmonster.com, 1
+spanmass-portal.org, 1
+spanner.tk, 1
+spanner.works, 1
+spanpine.gq, 1
+spanstindrundt.no, 1
+spantrix.com, 1
+spanyolul.hu, 1
+spar-dich-frei.com, 1
+spar-ics.com, 1
+spar-ni.co.uk, 1
+spar.at, 1
+spar.hr, 1
+spar.hu, 1
+spar.si, 1
+sparanoid.blog, 1
+sparanoid.com, 1
+sparanoid.net, 1
+sparanoid.network, 1
+sparanoidstatus.com, 1
+sparatryggt.se, 1
+spare.no, 1
+spare.se, 1
+sparendirekt.at, 1
+spargrancanaria.es, 1
+sparkandglass.com, 1
+sparkar.com, 1
+sparkasse.de, 1
+sparkbase.cn, 1
+sparkeddigital.ca, 1
+sparkedge.eu, 1
+sparkforautism.org, 1
+sparkimg.nl, 1
+sparkingscala.com, 1
+sparkl.fm, 1
+sparklabs.com, 1
+sparklatvia.lv, 1
+sparkleapp.com, 1
+sparklebastard.com, 1
+sparklesvt.com, 1
+sparklewindowcleaners.co.za, 1
+sparklingloungecampiglio.it, 1
+sparklyfairy.co.nz, 1
+sparkplug.tk, 1
+sparkresearch.net, 1
+sparksga.gov, 1
+sparkz.no, 1
+sparmedo.de, 1
+sparprofi.at, 1
+sparrius.com, 1
+sparrowwallet.com, 1
+sparta-en.org, 1
+sparta-szczekociny.tk, 1
+sparta-upice.tk, 1
+sparta.ee, 1
+spartacuslife.com, 1
+spartaermelo.nl, 1
+spartamet.tk, 1
+spartan300.tk, 1
+spartanis.tk, 1
+sparvagn.tk, 1
+sparx.dog, 1
+spasem-park.tk, 1
+spasicilia.it, 1
+spasskellner-comedykellner.ch, 1
+spatialflunky.one, 1
+spatialnom.com, 1
+spatiugratis.tk, 1
+spatter.cf, 1
+spatter.tk, 1
+spatzenwerkstatt.de, 1
+spawn.cz, 1
+spaysy.com, 1
+spazioasperger.it, 1
+spaziobenedetti.com.br, 1
+spaziopervoi.com.br, 1
+spazturtle.co.uk, 1
+spazzacamino.roma.it, 1
+spbatelec.fr, 1
+spbelect.info, 1
+spbelect.org, 1
+spbet99.com, 1
+spbfavourite.ru, 1
+spbgorod.ru, 1
+spbot.ml, 1
+spc-ag.ch, 1
+spcconnect.com, 1
+spcollege.edu, 1
+spconsult.com.br, 1
+spctech.click, 1
+spd-porta-westfalica.de, 1
+spd-porta-westfalica.eu, 1
+spd15revision.gov, 1
+spdepartamentos.com.br, 1
+spdf.net, 1
+spdfund.org, 1
+spdillini.com, 1
+spdrdng.com, 1
+spe.org.co, 1
+speac.jp, 1
+speacock.co.uk, 1
+speacock.uk, 1
+speak-polish.com, 1
+speak.nl, 0
+speak.software, 1
+speakandgo.education, 1
+speakeasy.co, 1
+speaker-animateur.com, 1
+speakermatch.com, 1
+speakersbusiness.com, 1
+speakersden.tk, 1
+speakersforschools.org, 1
+speakertwpmi.gov, 1
+speakthewordaudio.com, 1
+spear.ga, 1
+spec-auto.com.ua, 0
+spec-ranking.pl, 1
+specdrones.us, 1
+specflow.org, 1
+special-education-degree.net, 1
+special-equipment.tk, 1
+special-ops.org, 1
+specialcameras.tk, 1
+specialcounsel.com, 1
+speciale.cf, 1
+specialeffect.tk, 1
+specialelectronics.tk, 1
+specialist.srv.br, 0
+specialistskin.com.sg, 1
+specialized-hosting.eu, 1
+specialnoise.tk, 1
+specialofficesupplies.tk, 1
+specialplasticparts.com, 1
+specialproperties.com, 1
+specialsite.tk, 1
+specialtechnique.tk, 1
+specialtyalloys.ca, 1
+specialtyjets.ca, 1
+specialworld.ml, 1
+speciauxquebec.com, 1
+speciesism.com, 1
+specificenergy.com, 1
+speciosapro.com, 0
+speckle.systems, 1
+speckrot.ru, 1
+specks.tk, 1
+specopssoft.com, 1
+specprawnik.pl, 1
+specs-tech.com, 1
+specsdot.ga, 1
+spectacles.com, 1
+spectemur.tk, 1
+spectrafox.com, 1
+spectre-network.tk, 1
+spectrocoin.com, 1
+spectrosoftware.de, 1
+spectrum-markets.com, 1
+spectrum.gov, 1
+spectrum3d.ru, 1
+spectrumelectrical-brisbane.com.au, 1
+spectrumtexas.net, 1
+spediscifiori.com, 1
+spedizioni.roma.it, 1
+speechdrop.net, 1
+speechmate.com, 1
+speechmore.ml, 1
+speechpathologygraduateprograms.org, 1
+speechpathologymastersprograms.com, 1
+speed-bonus.tk, 1
+speed-strike.tk, 1
+speed.tk, 1
+speed24.re, 1
+speedable.net, 1
+speedcam.tk, 1
+speedcubing.tk, 1
+speeddate.it, 0
+speeddating.mx, 1
+speeder-vpn.tk, 1
+speeder.cf, 1
+speeder.one, 1
+speeders.cf, 1
+speeders.ga, 1
+speedexam.net, 1
+speedhoundz.com, 1
+speedleads.dk, 1
+speedlearning.ml, 1
+speedlearningapp.com, 1
+speedlearningapp1.com, 1
+speedliner.com, 1
+speedmailer.nl, 1
+speedof.me, 1
+speedracer.ca, 1
+speedsvip.cc, 1
+speedtailors.com, 1
+speedtemplate.de, 1
+speedtest-russia.com, 1
+speedvitals.com, 1
+speedwaybring-proposal.cf, 1
+speedwaybusinesspark.com, 1
+speedwell.pt, 1
+speedwp.ch, 1
+speedychat.it, 0
+speedynews.ml, 1
+speedyplatypus.com, 1
+speedzone.bg, 1
+speeleninstallatietechniek.nl, 1
+speelfabriek.tk, 1
+speets.ca, 1
+spegeltankar.tk, 1
+speich.net, 1
+spek.tech, 1
+spelaspelautomater.ga, 1
+speleo-explo.fr, 1
+speleo.live, 1
+speletrodomesticos.com.br, 1
+spellcheck24.net, 1
+spellchecker.net, 1
+spellchecksquatting.com, 1
+spellic.com, 1
+spelling.ml, 1
+spellslinger.space, 1
+spencernc.gov, 1
+spencerscherer.com, 1
+spend.cloud, 1
+spendable.money, 1
+spendd.co, 1
+spenderservice.net, 1
+spendesk.com, 1
+spendmenot.com, 1
+spendo.gq, 1
+spendwise.com.au, 1
+spenglerei-shop.de, 1
+spenny.tf, 1
+spensix-pekalongan.tk, 1
+spentra.com, 1
+sperandii.it, 1
+sperformance.shop, 1
+spero.solutions, 1
+sperrmuell-berlin.de, 1
+sperrstun.de, 1
+spertto.com, 1
+spes.solutions, 1
+spesys-services.fr, 1
+spetsialist-po-zakupkam.ru, 1
+spetsialist.cf, 1
+spetskabel.ru, 1
+spettacolocame.ga, 1
+speventos.es, 1
+spewingmews.moe, 1
+speww.com, 1
+spfusion.com, 1
+sphaeristerium.it, 1
+sphere-realty.com, 1
+sphereblur.com, 1
+spherejoias.com.br, 1
+sphericalmagic.com, 1
+sphericalvision.cz, 1
+spholdings.us, 1
+sphynx-cats.com, 1
+sphynxboyz.com.au, 1
+spicandspanroofrestoration.com.au, 1
+spice-club.tk, 1
+spicegirlschart.tk, 1
+spiceislandhome.com, 1
+spicejungle.com, 1
+spicelandcorporation.com, 1
+spicemail.cc, 1
+spicemoney.com, 0
+spicerack.co.uk, 0
+spicerack.uk, 1
+spicevids.com, 1
+spichki.tk, 1
+spicture.in, 1
+spicydog.org, 1
+spicydog.tk, 1
+spicymatch.com, 1
+spicysubject.com, 1
+spicywombat.com, 1
+spidercrabs.tk, 1
+spidergymrotterdam.tk, 1
+spidermail.tk, 1
+spidermanitalia.tk, 1
+spidernet.tk, 1
+spideroak.com, 1
+spiderprotect.com, 1
+spiders.org.ua, 1
+spidersweb.cf, 1
+spidersweb.ga, 1
+spidersweb.gq, 1
+spidertechpromotions.com, 1
+spidometr.ml, 1
+spie-wirliebenkabel.de, 1
+spiegelingenblog.nl, 1
+spiegels-op-maat.nl, 1
+spieka.info, 1
+spielautomaten.cf, 1
+spielbankspezialist.com, 1
+spielcasinos.com, 1
+spiele-gewinnspiele.tk, 1
+spielefant.de, 1
+spielezar.ch, 1
+spielgeld.tk, 1
+spielland.ch, 1
+spiellawine.de, 1
+spielmit.com, 1
+spieltexte.de, 1
+spiet.nl, 1
+spiffsearch.com, 1
+spiga.ch, 0
+spigotdesign.com, 1
+spikar.gr, 1
+spike.sh, 1
+spikejeon.tk, 1
+spikelands.com, 1
+spilka-dyplomativ.tk, 1
+spillbasen.no, 1
+spillersfamily.net, 0
+spillforum.no, 1
+spillhosting.no, 1
+spillmaker.no, 0
+spilnu.dk, 1
+spin.city, 1
+spinal.ga, 1
+spinbetter.com, 1
+spinbetter.life, 1
+spinbetter.online, 1
+spincity-casino.com, 1
+spindelnet.dk, 1
+spinderella.tk, 1
+spindle45.com, 1
+spindrel.com, 1
+spinecomms.com, 1
+spinemexin.tk, 1
+spinner.dnshome.de, 1
+spinning-portugal.com, 1
+spinolamediation.com, 1
+spinozablue.com, 1
+spinpay.com.br, 1
+spins.city, 1
+spins.fedoraproject.org, 1
+spinscity-casino.info, 1
+spinscity.club, 1
+spinscity.info, 1
+spinscity.net, 1
+spinscity777.info, 1
+spintracer.de, 1
+spiralwebtech.ca, 1
+spireat.it, 1
+spirella-shop.ch, 1
+spirent.com, 1
+spirit-hunters-germany.de, 1
+spirit55555.dk, 1
+spiritbionic.ro, 1
+spiritdesigns.tk, 1
+spiritedengineers.tk, 1
+spiritinthesky.com, 1
+spiritous.cf, 1
+spiritscorp.ddns.net, 1
+spiritual.codes, 1
+spiritualites.ch, 0
+spiritualityrise.com, 1
+spiritualpsychologyofacting.com, 1
+spiritualvybz.com, 1
+spiritworld.ml, 1
+spiro.se, 1
+spiski-domenov.tk, 1
+spisochek.tk, 1
+spisok-domenov.tk, 1
+spit.com.au, 1
+spitalbuhusi.ro, 1
+spitalulbuzau.ro, 1
+spitfireuav.com, 1
+spithoven.tk, 1
+spjaet.dk, 1
+splashily.gq, 1
+splashstoretw.com, 1
+splatjov.space, 1
+splatnet3.net, 1
+splatprofcare.com, 1
+splawoffice.com, 1
+splconsulenza.it, 1
+spleis.no, 1
+splendadent.it, 1
+splendidspoon.com, 0
+splendorservizi.it, 1
+splex.com, 1
+spli.co, 1
+splibrary.tk, 1
+splikity.com, 1
+splimtechco.tk, 1
+splintercake.tk, 1
+splinterface.io, 1
+splintermail.com, 1
+splinternews.com, 1
+split.rent, 1
+splitdna.com, 1
+splitreflection.com, 1
+splnk.net, 1
+sploch.com, 1
+splorge.cloud, 0
+splorge.website, 1
+splunk.net, 1
+splytech.io, 1
+spm-servis.tk, 1
+spmax.design, 1
+spmf.org.sg, 1
+spmfijnmechanica.nl, 1
+spmttest.azurewebsites.net, 1
+spn-it.de, 1
+spnitalianfestival.com, 1
+spnsv.com, 1
+spocool.com, 1
+spodelime.com, 1
+spofia.nu, 1
+spokanecounty.gov, 1
+spokanevalleywa.gov, 1
+spokeoaffiliates.com, 1
+spokesly.com, 1
+spolekatelier.cz, 1
+spoluck.ca, 1
+spolwind.de, 0
+spom.net, 1
+sponc.de, 1
+spongebobwiki.tk, 1
+sponsor.software, 1
+spoofhaus.com, 1
+spookbook.net, 1
+spookquest.com, 1
+spooks.ga, 1
+spookyinternet.com, 1
+spoorcam.nl, 1
+sporadesnews.gr, 1
+sporenvanslavernijutrecht.nl, 1
+sporeprinters.com, 1
+sporki.fun, 1
+sporq.de, 1
+sporstball.com, 1
+sport-attitude.com, 1
+sport-in-sundern.de, 1
+sport-news.ml, 1
+sport-news24hs.tk, 1
+sport-obzor.tk, 1
+sport-online-ru.cf, 1
+sport-potreby.cz, 1
+sport-potreby.sk, 1
+sport-school.tk, 1
+sport-socken.net, 1
+sport-tv-guide.live, 1
+sport24.by, 1
+sport4sd.com, 1
+sportabatese.tk, 1
+sportabee.com, 0
+sportadictos.com, 1
+sportal.se, 1
+sportalliance.com, 1
+sportboot.mobi, 1
+sportcenter.ga, 1
+sportcenter.ml, 1
+sportchirp.com, 1
+sportclipsfranchise.com, 1
+sportcompactwarehouse.com, 1
+sportcucc.hu, 1
+sportda.tk, 1
+sporte3q.com, 1
+sportedy.com, 1
+sporter.com.hr, 1
+sportfair.it, 1
+sportfits.at, 1
+sportfits.de, 1
+sportfits.eu, 1
+sportfogadas.tk, 1
+sporthotel-rasen.com, 1
+sportify-design.fr, 1
+sportihome.com, 1
+sportinfon.cf, 1
+sportingclubdacruz.pt, 0
+sportivo.cf, 1
+sportivo.ga, 1
+sportivo.tk, 1
+sportli.sk, 1
+sportlinks.tk, 1
+sportllux.com.br, 1
+sportmedia.ga, 1
+sportmultimedia.pt, 1
+sportnesia.com, 1
+sportnn.tk, 1
+sporto24.ml, 1
+sportovni.site, 1
+sportovnidum.cz, 1
+sportovnivozy.cz, 1
+sportparks.com, 1
+sportparks.org, 1
+sportpiacenza.it, 1
+sportplaatje.nl, 0
+sportposch.com, 1
+sportprint.hr, 1
+sportraucher.tk, 1
+sportrecife.com.br, 1
+sportrent.it, 1
+sports-colleges.com, 1
+sports-equipmen.tk, 1
+sports-news-today.ml, 1
+sports-online.cf, 1
+sports-sites.ml, 1
+sports-wear.tk, 1
+sports.dating, 1
+sportsandnews.tk, 1
+sportscanada.tk, 1
+sportsdans.tk, 1
+sportsdeck.tk, 1
+sportsdestinations.com, 1
+sportskibat.tk, 1
+sportsmagy.com, 1
+sportsmania.tk, 1
+sportsmansblog.com, 1
+sportsmashup.com, 1
+sportsmax.tv, 1
+sportspainmanagementnyc.com, 1
+sportspassbremen.de, 1
+sportspeople.com.au, 1
+sportstips.tk, 1
+sportstreetstyle.com, 1
+sportsxplay.com, 1
+sportticino.ch, 0
+sporttomorrow.com, 1
+sporttown.it, 1
+sportvereine.online, 1
+sportverzorging.tk, 1
+sportvision.ml, 1
+sportvissenfun.tk, 1
+sportwars.net, 1
+sportwette.net, 1
+sportwettenbonus.de, 1
+sportwettenschweiz.net, 1
+sportygirlsjewels.ga, 1
+sportztalk.com, 1
+spot-cleaner.tk, 1
+spot-pro.jp, 1
+spotifycodes.com, 1
+spotifyfreetrial.co.uk, 1
+spotifytop.me, 1
+spotless-londoncleaningcompany.com, 1
+spotlessohio.com, 1
+spotlightsrule.com, 1
+spotme.fit, 1
+spotmefit.com, 1
+spotonlive.dk, 1
+spotpetins.com, 1
+spotpetinsurance.ca, 1
+spotpriskollen.se, 1
+spotsee.io, 0
+spotswoodvet.com, 1
+spotsylvaniacounty-va.gov, 1
+spotsylvaniacountyva.gov, 1
+spottedfoxdigital.com, 0
+spottedpenguin.co.uk, 1
+spotupload.com, 1
+spotworld.co, 1
+spotypal.com, 1
+spotzlight.cf, 1
+spotzlight.tk, 1
+spowtr.com, 1
+spp.co, 1
+sppin.fr, 1
+sppit.com, 1
+spr.id.au, 1
+sprachenlernen24.org, 1
+sprachfreudehoch3.de, 1
+sprashivalka.com, 1
+spravka-internet.tk, 1
+spravka.tk, 1
+spravki.cf, 1
+spravochnick.ru, 1
+sprawdz-nip.pl, 1
+sprawdzanie-pozycji.pl, 1
+sprax2013.de, 1
+sprayontv.com, 0
+spreadsheetconverter.co, 1
+spreadsheets.google.com, 1
+spreadshirt.at, 1
+spreadshirt.be, 1
+spreadshirt.ca, 1
+spreadshirt.ch, 1
+spreadshirt.co.uk, 1
+spreadshirt.com, 1
+spreadshirt.com.au, 1
+spreadshirt.de, 1
+spreadshirt.dk, 1
+spreadshirt.es, 1
+spreadshirt.fi, 1
+spreadshirt.fr, 1
+spreadshirt.ie, 1
+spreadshirt.it, 1
+spreadshirt.net, 1
+spreadshirt.nl, 1
+spreadshirt.no, 1
+spreadshirt.pl, 1
+spreadshirt.se, 1
+spreadthejam.tk, 1
+spreadthenews.eu, 1
+spreaf.shop, 1
+spreed.me, 1
+spribe.co, 1
+spribe.io, 1
+spribe.net, 1
+spribe.tech, 1
+spribegaming.com, 1
+spricknet.de, 1
+sprietlopen.tk, 1
+sprillerer.tk, 1
+springbaystudio.com, 1
+springbreak.it, 1
+springdalewi.gov, 1
+springerundpartner.de, 1
+springfieldbricks.com, 0
+springfieldchartertownship.gov, 1
+springfieldneurological.com, 1
+springfieldsd.gov, 1
+springfieldvt.gov, 1
+springgrillhouse.com, 1
+springgrovepa.gov, 1
+springhillmaine.com, 1
+springhow.com, 1
+springlakemi.gov, 1
+springlanguages.com, 1
+springportmi.gov, 1
+springportny.gov, 1
+springsoffthegrid.com, 1
+springspeedshop.com, 1
+springtxcarpetcleaning.com, 1
+sprintkitchen.com, 1
+sprintlee.com, 1
+sprintswac.tk, 1
+spriterinc.com, 1
+spriters-resource.com, 1
+spritmonitor.de, 1
+spritsail.io, 1
+sprizzy.com, 1
+sprock.io, 0
+sprocktech.com, 1
+sprogress.uz, 1
+sprossen-keimlinge.de, 1
+sprossenwand.de, 1
+sproutsandstems.com, 1
+sproutstudio.com, 1
+sproutstudiostaging.com, 1
+sproutways.com, 1
+sprt.pl, 1
+sprucecreekclubs.com, 1
+sprucecreekgcc.com, 1
+spruces.gq, 1
+sprucingupmamahood.com, 1
+sprueche-zum-valentinstag.de, 1
+sprueche-zur-geburt.info, 1
+sprueche-zur-hochzeit.de, 1
+sprueche-zur-konfirmation.de, 1
+sprutech.de, 1
+sps-lehrgang.de, 1
+spslawoffice.com, 1
+spstaticfiles.com, 1
+spstechnical.com, 1
+spt.tf, 1
+spthk.com, 1
+sptk.org, 1
+spuda.net, 1
+spuffin.com, 1
+spufpowered.com, 1
+spur.com.br, 1
+spurghi.roma.it, 1
+spurstark.de, 1
+spurto.in, 1
+sputnik1net.org, 1
+spx.com, 1
+spy-net.tk, 1
+spycam.hopto.me, 1
+spychala-it.de, 1
+spyclub.tk, 1
+spydar007.com, 1
+spydar007.net, 1
+spydar007.wiki, 1
+spydersec.com, 1
+spyequipmentuk.co.uk, 1
+spypornone.com, 1
+spyprofit.ru, 1
+spyroszarzonis.com, 1
+spyse.com, 1
+spytrash.tk, 1
+sq0z.ovh, 1
+sq3dmv.pl, 1
+sqalogic.com, 1
+sqap.pt, 1
+sqclick.com, 1
+sqdll.com, 1
+sqills.com, 0
+sql-injection.cz, 1
+sql-injection.rocks, 1
+sql-oem.com, 1
+sql-query-tool-exact-online.nl, 1
+sql-query-tool.com, 1
+sql-und-xml.de, 1
+sql.bi, 1
+sqlapius.net, 1
+sqlbi.com, 1
+sqldbm.com, 1
+sqli.cz, 1
+sqli.rocks, 1
+sqlinjection.cz, 1
+sqlinjection.rocks, 1
+sqliteonline.com, 1
+sqlwrapper.com, 1
+sqmin.tk, 1
+sqr-training.com, 1
+sqrl.ch, 1
+sqroot.eu, 1
+sqsd.xyz, 1
+squad.fr, 1
+squadco.com, 1
+squadgames.ru, 1
+squamiferum.net, 1
+squardllc.ml, 1
+square-gamers.tk, 1
+square-gaming.org, 0
+square-phone.com, 1
+square-src.de, 0
+square.com, 1
+square.com.mx, 1
+square.engineering, 1
+square.it, 1
+square.ly, 1
+square.mx, 1
+square.site, 1
+squarecdn.com, 1
+squaredancedance.tk, 1
+squaredtechnologies.com, 1
+squareeye.com, 1
+squarefootllcconstruction.com, 0
+squareforums.com, 1
+squaregift.com, 1
+squaregift.net, 1
+squaregift.org, 1
+squareinchhome.com, 1
+squareincircle.me, 1
+squareinstallments.com, 1
+squareinvite.com, 1
+squareinvoices.com, 1
+squarelab.it, 1
+squaremktg.com, 1
+squarenoid.com, 1
+squareoffer.com, 1
+squareonebgc.com.ph, 1
+squarepocketdesign.com, 0
+squareregister.com, 1
+squaresoft.ga, 1
+squaresolutions.com, 1
+squarestagingexternal.com, 1
+squareup.com, 1
+squareupsandbox.com, 1
+squeakie.club, 1
+squeaksscalesandtails.com, 1
+squeaky.services, 1
+squealing-filth.tk, 1
+squeezemetrics.com, 1
+squelcher.cf, 1
+squibby.ml, 1
+squid.gay, 1
+squidnovels.tk, 1
+squido.ch, 1
+squidparty.com, 1
+squids.space, 1
+squiresinsurance.net, 1
+squirex2.com, 1
+squirtingpussygirl.com, 1
+squirtqueen.org, 1
+sqxb0.ga, 1
+sr-33.com, 1
+sr-f.tk, 1
+sr.ht, 1
+sr33.com, 1
+sr7store.com.br, 1
+sr88.co.uk, 1
+sr88.me.uk, 1
+srae.me.uk, 1
+sram.top, 1
+srandom.com, 1
+sranje.rocks, 1
+sratim.tv, 1
+sravyareddy.space, 1
+srb.help, 1
+srbc.gov, 1
+src.fedoraproject.org, 1
+srcbolt.com, 1
+srchicmodas.com.br, 1
+srchub.org, 1
+srcpa.gov, 1
+srd.re.kr, 0
+srdmarketingservice.com, 1
+sreb.loan, 1
+srebro.cc, 1
+sreedhareeyam.tk, 1
+sreeharis.tk, 1
+sreenadh.in, 1
+sremodelingnyc.com, 1
+srfloki.com, 1
+srhdesign.co.uk, 1
+sri.com.pa, 0
+sridevi.ru, 1
+srife.net, 1
+srigc.com, 1
+srilanka.travel, 1
+srilankan-hope-for-children.nl, 1
+srilankanguides.com, 1
+sriramdigital.tk, 1
+sriravana.tk, 1
+sristicreationart.com, 1
+sritafrican.tk, 1
+sritalabama.tk, 1
+sritalaska.tk, 1
+sritbeauty.tk, 1
+sritbrazil.tk, 1
+sritcalifornia.tk, 1
+sritcities.tk, 1
+sritclassic.tk, 1
+sritculture.tk, 1
+sritegypt.tk, 1
+srithunters.tk, 1
+sritidaho.tk, 1
+sritsafety.ml, 1
+sritspanish.tk, 1
+srittheatre.tk, 1
+sritvermont.tk, 1
+srix.ml, 1
+srkarra.com, 1
+srkb.net, 1
+srle.tk, 1
+srmi.biz, 1
+srmllc.net, 1
+srmstatic.com, 1
+srnl.gov, 1
+sro.fi, 1
+sro.nl, 1
+srochno-pohudeti.tk, 1
+srochnozaim.gq, 1
+srochnyj-zajm.ga, 1
+sroma.tk, 1
+srorisksolutions.tk, 1
+sros.fi, 1
+sroturkey.tk, 1
+srp.gov, 1
+srpworks.com, 1
+srpx.de, 1
+srqpedals.com, 1
+srroddy.com, 1
+srs.sg, 0
+srsforward.email, 1
+srsfwd.com, 1
+srsfwd.email, 1
+srsfwd.eu, 1
+srsfwd.net, 1
+srsfwd.org, 1
+srto.win, 1
+srun.in, 0
+sruthisjewellery.com, 1
+srv-4g-test.fr, 1
+srvonfire.com, 1
+srwminc.com, 1
+srx.sx, 1
+ss-news.tk, 1
+ss.com, 1
+ss.lazio.it, 1
+ss.lt, 1
+ss.lv, 1
+ss.ua, 1
+ss09.com, 0
+ss5197.co, 1
+ss64.com, 1
+ss64.org, 1
+ss6729.co, 1
+ss6729.com, 0
+ss6957.co, 1
+ss9188.com, 0
+ss9288.com, 0
+ss9297.co, 1
+ss9397.com, 1
+ss9728.co, 1
+ssa.co.ir, 1
+ssa.gov, 0
+ssaarevents.tk, 1
+ssab.gov, 1
+ssasociety.nl, 1
+ssatpa.com, 1
+ssatripura.com, 1
+ssb.ee, 1
+ssbjk.org, 1
+ssbljk.com, 1
+ssbrm.ch, 1
+ssbwiki.com, 1
+ssc.vg, 0
+sscd.no, 1
+sschd.cc, 0
+sscnapoli.it, 1
+ssconn.com, 1
+sscpsms.biz, 1
+ssdax.com, 1
+ssdpalermo.it, 1
+ssenberg.nl, 1
+ssentinel.com, 1
+sserc.ca, 1
+ssf.no, 1
+ssfca.gov, 1
+ssh-keys.online, 1
+ssh-vault.com, 1
+ssh.in.ua, 1
+sshbox.tk, 1
+sshd.site, 1
+sshool.at, 1
+sshwiki.tk, 1
+sshx.top, 1
+ssjid.gov, 1
+ssk.ovh, 1
+sskb-ey.tech, 1
+ssky.cn, 1
+ssl-zertifikate.de, 1
+ssl.com.ru, 1
+ssl.google-analytics.com, 1
+ssl24.pl, 1
+ssl247.co.uk, 1
+ssl247.com.mx, 1
+ssl247.de, 1
+ssl247.dk, 1
+ssl4all.gq, 1
+sslbrain.com, 1
+sslc.gov, 1
+sslcertificaten.nl, 1
+sslcheck.nl, 1
+ssld.at, 1
+ssldecoder.eu, 1
+ssldev.net, 1
+sslgctx.gov, 1
+sslgram.com, 1
+sslhello.com, 1
+sslle.eu, 1
+sslmate.com, 1
+sslmonitor.eu, 1
+sslmonkey.net, 1
+sslok.com, 0
+sslping.com, 1
+sslpoint.com, 1
+ssls.cz, 1
+sslsecureproxy.com, 1
+sslsurvey.de, 1
+ssm-techmarketing.tk, 1
+ssma.it, 1
+ssmato.me, 1
+ssmd.tk, 1
+ssmic.com, 0
+ssmm88.cc, 1
+ssmothership.tk, 1
+ssmpuc.com, 1
+ssmrca.ca, 1
+ssmwebportal.tk, 1
+ssnetwork.jp, 1
+ssone.ee, 1
+ssprod.tk, 1
+sspu.ml, 1
+ssqq.com, 1
+ssr.llc, 1
+ssradio.live, 1
+ssready.io, 1
+ssrfq.com, 1
+ssrgov.cn, 1
+ssrvpn.tech, 1
+sss.red, 1
+ssshh.com, 1
+sssib.ru, 1
+ssslelectricfencing.co.za, 1
+sssppp.gq, 1
+sssss.click, 1
+sssssssss.com, 0
+sst-racing.ch, 1
+sst.ru, 1
+sstaging.com, 1
+sstestingservice.com, 1
+ssu.moe, 1
+ssuc.net, 1
+ssuiteoffice.com, 1
+ssuitesoft.com, 1
+st-damase.qc.ca, 1
+st-kilian-markt-erlbach.de, 1
+st-li.com, 0
+st-news.de, 1
+st-shakyo.jp, 1
+st-steuern.de, 1
+st42.fr, 1
+staaldart.tk, 1
+staapp.org, 1
+staapprecruiting.org, 1
+staatdesinternets.nl, 1
+staatdesnederlandscheninternets.nl, 1
+staatdesnederlandseninternets.nl, 1
+staatschutz.at, 1
+staatsschutz.at, 1
+staatsschutzgesetz.at, 1
+staatvanhetnederlandscheinternet.nl, 1
+staatvanhetnederlandseinternet.nl, 1
+stabelino.tk, 1
+stabilimento.it, 1
+stabilizatory.ga, 1
+stableflect.finance, 1
+stablelib.com, 1
+stablina.tk, 1
+stacabinetdepot.com, 1
+stacisezeptat.cz, 1
+stackery.io, 1
+stackhub.cc, 1
+stacklasvegas.com, 1
+stackroute.in, 1
+stackshine.com, 1
+stackstartup.com, 1
+stackstartup.tech, 1
+stacky.me, 1
+stad.gent, 1
+stadgent.be, 1
+stadiamaps.com, 1
+stadionmanager.com, 1
+stadionwelt.de, 1
+stadlwirt.at, 1
+stadm.com, 1
+stadspaleizengent.be, 1
+stadtbauwerk.at, 0
+stadtcentrum.it, 1
+stadterneuerung-hwb.de, 1
+stadtkapelle-oehringen.de, 1
+stadtpapa.de, 1
+stadtplan-ilmenau.de, 1
+staer.ro, 1
+staff.direct, 1
+staffaugmentation.ae, 1
+staffaugmentation.al, 1
+staffaugmentation.at, 1
+staffaugmentation.ba, 1
+staffaugmentation.be, 1
+staffaugmentation.bg, 1
+staffaugmentation.ch, 1
+staffaugmentation.co.il, 1
+staffaugmentation.co.uk, 1
+staffaugmentation.com.ar, 1
+staffaugmentation.com.ua, 1
+staffaugmentation.cz, 1
+staffaugmentation.de, 1
+staffaugmentation.dk, 1
+staffaugmentation.ee, 1
+staffaugmentation.es, 1
+staffaugmentation.eu, 1
+staffaugmentation.fi, 1
+staffaugmentation.fr, 1
+staffaugmentation.ge, 1
+staffaugmentation.gr, 1
+staffaugmentation.hr, 1
+staffaugmentation.hu, 1
+staffaugmentation.it, 1
+staffaugmentation.jp, 1
+staffaugmentation.li, 1
+staffaugmentation.lt, 1
+staffaugmentation.lu, 1
+staffaugmentation.lv, 1
+staffaugmentation.md, 1
+staffaugmentation.me, 1
+staffaugmentation.mk, 1
+staffaugmentation.mx, 1
+staffaugmentation.nl, 1
+staffaugmentation.no, 1
+staffaugmentation.pe, 1
+staffaugmentation.ph, 1
+staffaugmentation.pl, 1
+staffaugmentation.pt, 1
+staffaugmentation.ro, 1
+staffaugmentation.rs, 1
+staffaugmentation.si, 1
+staffaugmentation.us, 1
+staffaugmentation.vn, 1
+staffhours.com, 1
+staffi.tk, 1
+staffingnation.com, 1
+staffordpk.tk, 1
+staffsante.fr, 1
+staffsocial.fr, 1
+stage-bluejeans.com, 1
+stage-gate.la, 1
+stage-metrobible.org, 1
+stage-privacyportal-ui.azurewebsites.net, 1
+stage-props-blank-guns.com, 1
+stage-recuperation-points-bordeaux.com, 1
+stage-recuperation-points-lille.com, 1
+stage-recuperation-points-lyon.com, 1
+stage-recuperation-points-marseille.com, 1
+stage-recuperation-points-montpellier.com, 1
+stage-recuperation-points-nantes.com, 1
+stage-recuperation-points-nice.com, 1
+stage-recuperation-points-paris.com, 1
+stage-recuperation-points-reims.com, 1
+stage-recuperation-points-rennes.com, 1
+stage-recuperation-points-strasbourg.com, 1
+stage-recuperation-points-toulouse.com, 1
+stage.wepay.com, 1
+stage4.ch, 1
+stageirites.com, 1
+stageirites.fr, 1
+stageirites.org, 1
+stagemaster.cz, 1
+stagend.com, 1
+stagespediatrics.com, 1
+stagewalker.no, 1
+staging-scholar.tk, 1
+stagingcleargrain.com.au, 1
+stagingelpactest.eu, 1
+stagingpepocoin.com, 1
+stagmarketim.com, 1
+stagoz.com, 1
+stahlen.dk, 1
+stahlfors.com, 1
+stahlp.dk, 1
+stahlzart-moebel.de, 1
+stahlzart.at, 1
+stahlzart.com, 1
+stahlzart.de, 1
+stail.eu, 1
+stainfilm.com, 1
+stainhaufen.de, 1
+stainless-steel-cookware.tk, 1
+stainternational.com, 1
+stair.ch, 1
+stairfallgames.com, 1
+stairlin.com, 0
+stairmaster.tk, 1
+stajka.tk, 1
+staked.us, 1
+stakedate.com, 1
+stako.jp, 1
+stakotec.de, 1
+staktrace.com, 1
+stal-rulon.ru, 1
+stalbansvt.gov, 1
+stalbanswv.gov, 1
+stalder.work, 1
+stalevski.tk, 1
+stalgeraardsbergen.tk, 1
+stalin.tk, 1
+stalker-eyes.ga, 1
+stalker-shop.com, 1
+stalker-source.tk, 1
+stalkerteam.pl, 1
+stalkr.net, 1
+stalkthe.net, 1
+stall-frei.de, 1
+stallardjw.me, 1
+stallionsnow.com, 1
+stallone.pl, 1
+stalphonsusks.org, 1
+stalplus.ml, 1
+stalstroi.ml, 1
+stalwartshopping.com, 1
+stalworld.tk, 1
+stamant.org, 1
+stamboomforum.nl, 1
+stamboomgids.nl, 1
+stamgent.be, 1
+stamit.nl, 1
+stamkassa.nl, 1
+stammering.ga, 1
+stammtisch-bauwagen.tk, 1
+stammtisch.domains, 1
+stamonicatourandtravel.com, 1
+stampederadon.com, 1
+stamperdle.com, 1
+stampinggroundky.gov, 1
+stampix.com, 1
+stampsbar.co.uk, 0
+stamurai.com, 1
+stanandjerre.org, 1
+stanbul.ru, 1
+stanchierifamilylaw.com, 1
+stancoe.org, 0
+stand.earth, 1
+stand.gg, 1
+standard-mobilitaet.de, 1
+standard-wohnungsbaukredit.ag, 1
+standard-wohnungsbaukredit.biz, 1
+standard-wohnungsbaukredit.com, 1
+standard-wohnungsbaukredit.de, 1
+standard-wohnungsbaukredit.eu, 1
+standard-wohnungsbaukredit.info, 1
+standard-wohnungsbaukredit.net, 1
+standard-wohnungsbaukredit.org, 1
+standard.co.uk, 1
+standardizarea.ro, 1
+standardlifters.com, 1
+standardmetrics.io, 1
+standardnotes.com, 1
+standards.gov, 1
+standardstraversal.jp, 1
+standardwohnungsbaukredit.ag, 1
+standardwohnungsbaukredit.biz, 1
+standardwohnungsbaukredit.com, 1
+standardwohnungsbaukredit.de, 1
+standardwohnungsbaukredit.eu, 1
+standardwohnungsbaukredit.info, 1
+standardwohnungsbaukredit.net, 1
+standardwohnungsbaukredit.org, 1
+standdownofnorthjersey.org, 1
+standford.pe, 1
+standfore.com, 1
+standheizung-shop.de, 1
+standiluminaciones.com, 1
+standingbear.tk, 1
+standoffarena.com, 1
+standoffdrop.ru, 1
+standsearch.cf, 1
+standupcomedy.cf, 1
+standupcomedy.ga, 1
+standupcomedy.tk, 1
+standwithhaiti.org, 1
+stanfordny.gov, 1
+stang.moe, 1
+stangeland.tk, 1
+stanglwirt.com, 1
+stanin.net, 1
+stanislav-lysenko.lawyer, 1
+stankingma.com, 1
+stankingma.nl, 1
+stanmed24.pl, 1
+stanmirstudio.pl, 1
+stannesvets.co.uk, 1
+stannri.org, 1
+stanonline.tk, 1
+stanron.com, 1
+stansberryresearch.com, 1
+stansweather.net, 1
+stantabler.com, 1
+stanthony-hightstown.net, 1
+stantonca.gov, 1
+stantoncountyne.gov, 1
+stanwoodwa.gov, 1
+stanza.group, 1
+stape.io, 1
+staplespromo.com, 1
+staplestx.gov, 1
+stapvoorstapduurzaam.nl, 1
+star-citizen.wiki, 1
+star-clean.it, 1
+star-darom.co.il, 1
+star-life.tk, 1
+star-one.co.uk, 1
+star.my.id, 1
+star.watch, 1
+starase.com, 0
+starb.in, 1
+starbaese.de, 1
+starbase01.com, 1
+starboardmarketing.io, 1
+starbreaker.org, 1
+starbt.ro, 1
+starbucks.vn, 1
+starbusiness.ml, 1
+starbyte.co.uk, 1
+starcitizen.tools, 1
+starcitizenreferral.codes, 1
+starcitywv.gov, 1
+starcoachservices.ca, 1
+starcom.run, 1
+starcomproj.com, 1
+starconnect.at, 1
+starcraftsource.tk, 1
+starcroisieres.com, 1
+starcys.xyz, 1
+stardanceacademy.net, 1
+stardev.ovh, 1
+stardima.com, 1
+stardomino.tk, 1
+stardozen.com, 0
+stardrive.cf, 1
+starease.com, 1
+starease.net, 1
+starengineeringinc.com, 1
+starexponent.com, 1
+starfall.systems, 1
+starfeeling.net, 1
+starfield.ai, 1
+starfieldguide.com, 1
+starfiles.co, 1
+starfm.de, 1
+starfm.gq, 1
+starfm.ml, 1
+starfriend.ru, 1
+stargarder-jungs.de, 1
+stargate.gq, 1
+stargazer.de, 1
+stargift.ch, 1
+starglancer.ddns.net, 1
+starherald.com, 1
+stari.co, 1
+stariders.com, 1
+starina.ru, 1
+starinc.xyz, 1
+staring.tk, 1
+starinsights.com, 1
+starka.st, 1
+starkbim.com, 1
+starking.net.cn, 1
+starking.tk, 1
+starknh.gov, 1
+starkparks.gov, 1
+starkstromkonsument.de, 1
+starkvilleurgentcareclinic.com, 1
+starlabs.bio, 1
+starlim.co.in, 1
+starlim.org, 1
+starlincuesta.gq, 1
+starline.ru, 1
+starlinks.tk, 1
+starlinkz.tk, 1
+starlux.cz, 1
+starman.agency, 1
+starmyworld.ga, 1
+staroch.name, 1
+starorusing.com, 0
+starover.tk, 1
+starpeak.org, 1
+starphonefix.com, 1
+starpoles.com, 1
+starprime.ch, 1
+starprime.de, 1
+starprime.eu, 1
+starprime.net, 1
+starrace.eu, 1
+starretest.nl, 1
+starreview.tk, 1
+starring.host, 1
+starring.work, 1
+starrosesandplants.com, 1
+starry.blue, 1
+starrynight.com, 1
+starryvoid.com, 1
+starsam80.net, 1
+starsandmanifolds.xyz, 0
+starsbattle.net, 1
+starscream.xyz, 1
+starsessions.cc, 1
+starsguru.com, 1
+starship.xyz, 1
+starsing.bid, 1
+starskim.cn, 1
+starsoft.io, 1
+starspie.com, 1
+start-knighki.gq, 1
+start-nadlan.co.il, 1
+start-school.online, 1
+start.ag, 1
+start.ie, 1
+start.stockholm, 1
+start2dance.tk, 1
+startablog.tv, 1
+startag.xyz, 1
+startandstop.fr, 1
+startaninflatablebusiness.com, 1
+startbetter.tk, 1
+startbiz.biz.id, 1
+startbiz.co.id, 1
+startbiz.my.id, 1
+startbiz.web.id, 1
+startekstil.ru, 1
+startengine.com, 1
+starter.social, 1
+startersiteweb.com, 1
+startgeophysical.ga, 1
+starthubs.uk, 1
+starti.com.ua, 1
+startinganllcbusiness.com, 1
+startingent.be, 1
+startingyourbusiness.com, 1
+startit.bot, 1
+startlab.sk, 1
+startlap.es, 1
+startle.cloud, 1
+startle.studio, 1
+startlgvtraining.co.uk, 1
+startlinks.tk, 1
+startliste.info, 1
+startmail.com, 1
+startner.com, 1
+startpage.com, 1
+startpage.info, 1
+startpage4u.tk, 1
+startplats.tk, 1
+startplaying.games, 1
+startpoint.tk, 1
+starts.sh, 1
+startsafety.uk, 1
+startstack.tech, 1
+starttraffic.uk, 1
+startup-stack.com, 1
+startup-stack.tech, 1
+startup.melbourne, 1
+startupbros.com, 1
+startupisland.tw, 1
+startupislandtaiwan.com, 1
+startupislandtaiwan.net, 1
+startupislandtaiwan.org, 1
+startupopinions.com, 1
+startupstack.cloud, 1
+startupstack.llc, 1
+startupstack.net, 1
+startupstack.online, 1
+startupstack.pro, 1
+startupstack.services, 1
+startupstack.site, 1
+startupstack.software, 1
+startupstack.systems, 1
+startupstack.tech, 1
+startupstack.technology, 1
+startupstacksandbox.com, 1
+startupstacktech.com, 1
+startupswitzerland.com, 1
+startuptechstack.com, 1
+startupum.ru, 1
+startupweb.io, 1
+startupyourmind.com, 1
+startw.cf, 1
+startwithpieter.com, 1
+starvizyon.com, 1
+starwarschronology.com, 1
+starwatches.eu, 1
+starx.ink, 1
+stasia.ml, 1
+stasiniewicz.com, 1
+stass.eu, 1
+stassi.ch, 1
+stastka.ch, 1
+stasyan.ga, 1
+staszic.waw.pl, 1
+stat-xpert.com, 1
+stat.ink, 1
+statcenter.tk, 1
+state-of-body-and-mind.com, 1
+statecareercenter.com, 1
+statecollegemortgages.com, 1
+stated.gq, 1
+statefunddirect.com, 1
+stateidea.ga, 1
+statejobcenter.com, 1
+statelibraryofiowa.gov, 1
+statelines.ga, 1
+statelywork.com, 1
+statemercantile.com.au, 1
+stateofwatourism.com, 1
+statepoint.net, 1
+staterun.tk, 1
+stateserv.com, 1
+statesville.com, 1
+statfluence.com, 1
+statgram.me, 1
+static-assets.io, 1
+static-myfxee-808795.c.cdn77.org, 1
+static-myfxoau-808795.c.cdn77.org, 1
+static-myfxouk-808795.c.cdn77.org, 1
+static.hosting, 1
+static.wepay.com, 1
+staticfury.com, 1
+staticline.de, 1
+staticweb.tk, 1
+statik.space, 1
+statinfer.com, 1
+stationa.ch, 0
+stationary-traveller.eu, 1
+stationaryengines.tk, 1
+stationcharlie.co.za, 1
+stationmedia.tk, 1
+statistician-online.com, 0
+statistik-seminare.de, 1
+statistikian.com, 1
+statnevlajky.sk, 1
+statnivlajky.cz, 1
+stats-co.eu, 1
+stats-mailtracker.com, 1
+stats.g.doubleclick.net, 1
+stats.moe, 1
+statscrew.com, 1
+statsit.ga, 1
+statspolicy.gov, 1
+status.events, 1
+status.im, 1
+status.vg, 1
+statusbadges.me, 1
+statuscast.com, 1
+statuscode.ch, 0
+statusforward.com, 1
+statushero.com, 1
+statusmachine.com, 1
+statusmantra.tk, 1
+statuswatch.io, 1
+statxperts.com, 1
+stauffer-media.net, 1
+stavanger.kommune.no, 1
+stavgp2.ru, 1
+stavinchains.tk, 1
+stavnager.net, 1
+stavropol-news.ga, 1
+stavros.ovh, 1
+staxflax.tk, 1
+stay-curious.at, 1
+stay4all.nl, 1
+stayby.me, 1
+staycurrent.eu, 1
+staycurrent.nl, 1
+staydryohio.com, 1
+stayglam.com, 1
+staygold.blog, 1
+staygoldenphotobooth.com, 1
+stayinbusiness.nl, 1
+staylovely.tk, 1
+stayme.cz, 1
+stayokay.com, 1
+stazi.tk, 1
+stb-schefczyk.com, 1
+stb-schefczyk.de, 1
+stb-schefczyk.info, 1
+stb-schefczyk.net, 1
+stb-timmler.de, 1
+stb.gov, 1
+stbarnabashealthsystem.com, 1
+stbartholomewmanchester.org, 1
+stbk.link, 1
+stbl.org, 1
+stblaw.com, 1
+stc-istok.com.ua, 1
+stc-knrm.nl, 1
+stcatharinesromawolves.tk, 1
+stcc.edu, 1
+stccordoba.com, 1
+stceciliakearny.org, 1
+stcharlescountycsfamo.gov, 1
+stcharlesparish.gov, 1
+stclairpa.gov, 1
+stclairvet.co.uk, 1
+stclementmatawan.org, 1
+stclementreligioused.org, 1
+stcloudfl.gov, 1
+stcomcybersecurity.net, 1
+stcplasticsurgery.com, 1
+stdavidparish.org, 1
+stdavidtheking.com, 1
+stdenv.de, 1
+stderr.cc, 1
+stderr.ch, 1
+stdev.org, 1
+stdev.top, 1
+stdnet.ru, 1
+stdssr.com, 1
+ste2.de, 1
+stea-web.com, 1
+steacy.tech, 1
+steak-kojiro.com, 1
+steakovercooked.com, 1
+stealingheather.com, 1
+stealsaga.net, 1
+stealth.net, 1
+stealthbinders.tk, 1
+stealthmodel.fi, 1
+stealthseminar.com, 1
+steam-rewards.tk, 1
+steam-route-saxony.com, 1
+steamcarddelivery.com, 1
+steamcardexchange.net, 1
+steamcars.be, 1
+steamcleaning.expert, 1
+steamcn.info, 1
+steamcrack.ga, 1
+steamdb.info, 1
+steamdeckinfo.org, 1
+steamerrors.com, 1
+steamgifts.com, 1
+steamid.net, 1
+steamid.tools, 1
+steamkeyget.ga, 1
+steamlevelmarket.com, 1
+steamold.com, 0
+steamosaic.com, 1
+steampoweredlawngnome.com, 1
+steampress.io, 1
+steamscore.info, 1
+steamsprays.tk, 1
+steamstat.us, 1
+steamstatus.cn, 1
+steamtrades.com, 1
+stebenkov.tk, 1
+steborio.pw, 1
+steckel.cc, 1
+stecos.co.uk, 1
+stedb.eu, 1
+stedbg.net, 1
+stedelijkorkestpurmerend.nl, 1
+steebel.com.au, 1
+steeble.com.au, 1
+steef389.eu, 1
+steeha.nl, 1
+steel-pc.fr, 1
+steel-pc.lu, 1
+steel-roses.de, 1
+steelbeasts.org, 0
+steelecountymn.gov, 1
+steelecountynd.gov, 1
+steelephys.com.au, 1
+steelfencestlouis.com, 1
+steelfirm.ga, 1
+steelfxpatinas.com, 1
+steelhouse.com, 1
+steelmounta.in, 1
+steelpoint.com.pl, 1
+steelportknife.com, 1
+steelsheds.biz, 1
+steelshop.net, 1
+steelsoldiers.com, 1
+steelvortex.tk, 1
+steelway.biz, 1
+steelzone.tk, 1
+steemit.com, 1
+steempeak.com, 1
+steemworld.org, 1
+steemyy.com, 1
+steenkampskraal.com, 1
+steenwijkerland.nl, 1
+steering-wheel.tk, 1
+steevels.nl, 1
+stefaanoyen.be, 1
+stefamedia.com, 1
+stefan-bayer.eu, 1
+stefan-karstens.de, 1
+stefan-rothe.ch, 1
+stefan-schlueter.de, 1
+stefan-schmid.com, 1
+stefan.de, 1
+stefanbayer.de, 1
+stefandesign.tk, 1
+stefanfriedli.ch, 1
+stefangroothuis.tk, 1
+stefania.tk, 1
+stefaniepetermann.eu, 1
+stefaniharvilla.tk, 1
+stefanini.com, 1
+stefanknobel.ch, 1
+stefano-wesel.de, 1
+stefanoiavarone.com, 1
+stefanolsdal.tk, 1
+stefanrusie.ro, 1
+stefanvd.net, 1
+stefany.cloud, 1
+stefany.eu, 1
+stefchapman.tk, 1
+stefcraps.tk, 1
+steffenmeister.com, 1
+steffi-in-australien.com, 1
+steffi-knorn.de, 1
+steffko.net, 1
+stefpastoor.nl, 0
+stegenevieve.gov, 1
+steggemachine.com, 1
+stehlik.co.uk, 1
+stehlik.sk, 1
+steigerlegal.ch, 1
+steinbach.ai, 1
+steiner-dominik.at, 1
+steiner.do, 1
+steiner.is, 1
+steiner.is.it, 1
+steiner.sh, 1
+steinerkovarik.de, 1
+steiners.party, 1
+steingergreeneandfeiner.com, 1
+steingergreenefeiner.com, 1
+steinhartwatches.de, 1
+steinibox.de, 1
+steinmassl.org, 1
+steinmetz.cloud, 1
+stekelenburg.me, 1
+stelem.com, 1
+stelfox.net, 1
+stelga.ca, 1
+steliosmanousakis.gr, 1
+stella-shop.eu, 1
+stellacinderella.net, 1
+stellanova-planeten.de, 0
+stellar.com.de, 1
+stellar.org, 1
+stellarguard.me, 1
+stellarite.io, 1
+stellarium-gornergrat.ch, 1
+stellarlumensnews.today, 1
+stellarosa-clinic.net, 1
+stellarpurr.me, 1
+stellartraderacademy.co.uk, 1
+stellen.ch, 1
+stelleninserate.de, 1
+stellenticket.de, 1
+steller.co, 1
+stelletjeafgebeuktemongolen.tk, 1
+stellexshop.ru, 1
+stelling.nl, 0
+stellmacher.name, 1
+stelovisual.pl, 1
+stels.ml, 1
+stels.tk, 1
+steltzer-scheidung.de, 1
+stelzl.co, 1
+stem16plus.gent, 1
+stematechnologies.ga, 1
+stembureau-nissewaard.nl, 1
+stembureauledenindenhaag.nl, 1
+stembureaunijmegen.nl, 1
+stemcellclinic.design, 1
+stemcellclinic.live, 1
+stemcellclinic.ltd, 1
+stemcellclinic.network, 1
+stemcellclinic.services, 1
+stemcellclinic.store, 0
+stemcellclinic.tech, 1
+stemcellclinic.vip, 1
+stemcellclinic.world, 1
+stemcellsscotland.co.uk, 1
+stemderbomen.tk, 1
+stemgirls.co.za, 1
+stemklank.tk, 1
+stemmayhem.com, 1
+sten.photography, 1
+stena.cf, 1
+stenaro.ch, 1
+stencilsaustralia.com.au, 1
+stenhojmedia.dk, 1
+stening.co, 1
+steno.nl, 1
+stenvallmcclain.tk, 1
+stenzhorn-cloud.de, 1
+steolo.com, 1
+step-lead.cc, 1
+step2web-cms.info, 1
+stepanvanek.cz, 1
+stepanyansurgical.com, 1
+steparovi.cz, 1
+stepbrobd.com, 1
+steph.ninja, 0
+steph3n.me, 1
+stephan-matthiesen.de, 1
+stephanao.tk, 1
+stephandriessen.tk, 1
+stephaniecalahan.com, 1
+stephaniedeady.ie, 1
+stephanielacroix.nl, 1
+stephanieleonidasfan.tk, 1
+stephanieschreiber.com, 1
+stephanoptiek.nl, 1
+stephen-oliver-art.co.uk, 1
+stephenbakalian.com, 1
+stephencorp.com, 1
+stephencreilly.com, 1
+stephenhaunts.com, 1
+stephenj.co.uk, 1
+stephenperreira.com, 1
+stephenplustwik.com, 1
+stephenreescarter.net, 1
+stephenschirle.gq, 1
+stephenschirle.ml, 1
+stephenschrauger.com, 1
+stephenschrauger.org, 1
+stephenscity.gov, 1
+stephenskory.com, 1
+stephensol.is, 1
+stephensolis.com, 1
+stephensolis.net, 1
+stephensolisrey.es, 1
+stephensoncountyil.gov, 1
+stephsolis.net, 1
+stephspace.net, 1
+stephycom.com, 1
+stepin.cloud, 0
+steplogictalent.com, 1
+steponedanceclub.uk, 1
+steppesisters.org, 1
+steppicrew.de, 1
+steppingoutinstyleonline.com, 1
+steppinout.tk, 1
+stepplanning.com, 1
+stepstone.dk, 1
+stepupforeurope.eu, 1
+stepyz.com, 1
+stepzen.com, 1
+ster-enzo.nl, 1
+ster.nl, 1
+sterchit.ch, 1
+stereo.com, 1
+stereoamistadmomos.ga, 1
+stereoamistadmomos.gq, 1
+stereoamistadmomos.ml, 1
+stereob.it, 1
+stereochro.me, 0
+stereoscopio.es, 1
+stereostudio.cf, 1
+stereotyped.de, 1
+sterilium.tk, 1
+sterling.com, 1
+sterlingheights.gov, 1
+sterlinginsurance.com.au, 0
+sterlingtechnotrade.com, 1
+sterlinx.de, 1
+stern-freunde.de, 1
+stern.koeln, 1
+sternadel.pl, 1
+sternen-sitzberg.ch, 1
+sternenbund.info, 1
+sternik-motorowodny.com.pl, 1
+sterno.cf, 1
+sternplastic.com, 1
+sternsinus.com, 1
+sternstrailer.com, 1
+steroids.ga, 1
+steroidswiki.com, 1
+sterretranen.tk, 1
+sterva.mobi, 0
+sterydki.pl, 1
+sterz.io, 1
+stestena.eu, 1
+stesti.cz, 1
+stethostalk.com, 1
+stetson.edu, 1
+steuerberater-bayreuth.com, 1
+steuerberater-essen-steele.com, 1
+steuerberater-hopfner.de, 1
+steuerberatungs-website.de, 1
+steuerboard.org, 1
+steuerimgriff.de, 1
+steuerkanzlei-edel.de, 1
+steuern-recht-wirtschaft.de, 1
+steuertipps-sonderausgaben.de, 1
+steve-mason.tk, 1
+steve.kiwi, 1
+stevebanks.info, 1
+steveborba.com, 1
+stevebuck.tk, 1
+stevecostar.com, 1
+stevedoggett.com, 1
+steveellwood.com, 1
+stevegellerhomes.com, 1
+stevegrav.es, 1
+stevejcraig.com, 1
+stevejobsfollowers.tk, 1
+stevemario.com, 1
+stevemason.tk, 1
+stevemonteyne.be, 1
+steven-klix.de, 0
+steven.photos, 1
+stevenapate.com, 1
+stevenavaldez.tk, 1
+stevenberg.net, 1
+stevenbolgartersnakes.com, 1
+stevendearstyne.com, 1
+stevengoodpaster.com, 1
+stevengrech.com, 1
+stevenhardy.digital, 1
+stevenjacobs.be, 1
+stevenjacobs.eu, 1
+stevenkendypierre.com, 1
+stevenkobes.com, 1
+stevenlapere.co.za, 1
+stevenmdriving.co.uk, 1
+stevenroddis.com, 1
+stevensautotopsandupholstery.com, 1
+stevenscountymn.gov, 1
+stevenshame.com, 1
+stevenski.com, 0
+stevensonal.gov, 1
+stevenspoint.gov, 1
+steventress.com, 1
+steventruesdell.com, 1
+stevenz.blog, 1
+stevenz.net, 1
+stevenz.science, 1
+stevenz.xyz, 1
+steveoswald.tk, 1
+stevepacheco.com, 1
+stevereedmp.co.uk, 1
+stevesbriefmovierecommendations.com, 1
+stevezheng.cf, 1
+stevezheng.tk, 1
+stevezone.in, 1
+steviate.com, 1
+steviate.de, 1
+stevin.com, 1
+stevinson.org, 1
+stewards.tk, 1
+stewart.tk, 1
+stewpolley.com, 1
+stfd-oh.gov, 1
+stfrancisnaugatuck.org, 1
+stg-0-con.com, 1
+stgabrielstowepa.org, 1
+stgeorgegolfing.com, 1
+stgeorgeks.gov, 1
+stgeorgesbank.com.pa, 1
+stgermainwi.gov, 1
+stghv.com, 1
+stgiannanorthfieldnj.org, 1
+stgy.it, 1
+sth.sh, 1
+sthelen.eu, 1
+sthelensoregon.gov, 1
+sthenryrc.org, 1
+sthetix.info, 1
+sthpr.gr, 1
+sthreemarketing.com, 1
+stibal.art, 1
+stichtingcompassroemenie.nl, 1
+stichtingcoronaonderzoek.nl, 1
+stichtingscholierenvervoerzeeland.nl, 1
+stichtingsticky.nl, 0
+stichtingtwigadukina.nl, 1
+stichtingwwtoegankelijk.nl, 1
+stichtsevecht.nl, 1
+stick2bike.de, 1
+stickandpoketattookit.com, 1
+stickerapp.com, 1
+stickerparadise.me, 1
+stickers-garage.com, 1
+stickertrade.me, 1
+stickies.io, 1
+stickmangames.tk, 1
+stickme.be, 1
+stickmy.cn, 1
+sticksandstonescomic.tk, 1
+stickstone.co, 1
+stickswag.cf, 1
+stickswag.eu, 1
+sticky.to, 1
+stickypassword.com, 1
+stickywilds.com, 1
+stidmobile-id.com, 1
+stiebel-eltron.co.nz, 1
+stiebel-eltron.com.au, 1
+stiebel.co.nz, 1
+stiebel.com.au, 1
+stiebelmedia.co.nz, 1
+stiebelmedia.com.au, 1
+stiebelrewards.com.au, 1
+stiebelservice.com.au, 1
+stiebelstore.com.au, 1
+stiehler-leipzig.tk, 1
+stiekemverliefdopjou.nl, 1
+stierheating.com, 1
+stiff.wang, 1
+stifflersmom.ga, 1
+stift-kremsmuenster.at, 1
+stift-kremsmuenster.net, 1
+stiftung-lq.ch, 1
+stiftung-lq.com, 1
+stiftung-lq.net, 1
+stiftungleostrauss.com, 1
+stiftunglq.com, 1
+stigaview.com, 1
+stigviewer.com, 1
+stihiya.tk, 1
+stijlvol-wonen.com, 1
+stijndv.com, 1
+stijnodink.nl, 1
+stikic.me, 1
+stikkie.me, 1
+stikkyikkys.com, 1
+stikonas.eu, 0
+stila.no, 1
+stildate.de, 1
+stileapp.com, 1
+stilecop.com, 1
+stilettobg.com, 1
+stilfoto.net, 1
+stilingavonia.lt, 1
+stilldrunkfromyesterday.com, 1
+stille-post.eu, 1
+stillpointmag.org, 1
+stillwatermn.gov, 1
+stillwatertownshipmn.gov, 1
+stillwell.me, 1
+stillwhite.com, 1
+stillwhite.com.au, 1
+stilmobil.se, 1
+stilnaya-odezhda.tk, 1
+stilsvadba.tk, 1
+stiltmedia.com, 1
+stiltnerelectric.com, 1
+stiltsoft.com, 1
+stimmgabel.lu, 1
+stimulants.uk, 1
+stina-vino.hr, 1
+stinesvillein.gov, 1
+stingraybook.com, 1
+stinici.site, 1
+stinkefingereinhorn.de, 1
+stinkintechnology.com, 1
+stinkmemes.com, 1
+stinter.cf, 1
+stintup.com, 0
+stiphosting.nl, 1
+stirblaut.de, 1
+stirling.co, 1
+stirlingpoon.com, 1
+stirringphoto.com, 1
+stisidores.org, 1
+stitch.money, 1
+stitchersvillage.com, 1
+stitcheswyo.com, 1
+stitchfiddle.com, 1
+stitchlabs.com, 1
+stivesbouncycastlehire.co.uk, 1
+stjh.org.sg, 1
+stjlogistics.com, 1
+stjohnbjc.org, 1
+stjohncamden.com, 1
+stjohnin.com, 1
+stjohnin.gov, 1
+stjohnnepomucene.com, 1
+stjohnpa.org, 1
+stjohnsc.com, 1
+stjohnsmi.gov, 1
+stjohnsottsville.org, 1
+stjoseph-stcatherine.org, 1
+stjosephclaremont.org, 1
+stjosephmo.gov, 1
+stjosephri.org, 1
+stjosephspringcity.com, 1
+stjosephtownship.com, 1
+stjscatholicchurch.org, 1
+stjude-ettekkar.tk, 1
+stjustin.org, 1
+stkc.win, 1
+stkeverneparishcouncil.org.uk, 1
+stkevin-stbenedict.org, 1
+stkildaosteopathy.com.au, 1
+stla.net, 1
+stlautoenhancements.com, 1
+stlawco.gov, 1
+stleismann.de, 1
+stlfc.gov, 1
+stlfence.com, 1
+stln.ml, 1
+stlouiscountymovotes.gov, 1
+stlouisfence.com, 1
+stlouisinsuranceco.com, 1
+stlouisnativeflute.com, 1
+stlouisparkmn.gov, 1
+stlouisstabilizing.com, 1
+stlpassports.com, 1
+stlpoolattendants.com, 1
+stlu.de, 1
+stluciastar.com, 1
+stlucieclerk.gov, 1
+stluciesheriff.gov, 1
+stlucievillagefl.gov, 1
+stlueke.de, 1
+stlukenh.org, 1
+stlukesbrandon.org, 1
+stma.is, 1
+stmargs.us, 1
+stmariagoretti.net, 1
+stmarkcharlotte.org, 1
+stmarkseagirt.com, 1
+stmarthachurch.com, 1
+stmaryextra.uk, 1
+stmaryscountymd.gov, 1
+stmaryskutztown.com, 1
+stmarysmdsao.gov, 1
+stmarysnutley.org, 1
+stmarystfd.org, 1
+stmaryswv.gov, 1
+stmatthewri.org, 1
+stmattsparish.com, 1
+stmattsucc.org, 1
+stmfdky.gov, 1
+stmichaellvt.com, 1
+stmichaelmn.gov, 1
+stmichaelsmajors.tk, 1
+stmltn.com, 1
+stmohrael.org, 1
+stmsolutions.pl, 1
+stmsouthcoventry.com, 1
+stn.me.uk, 0
+stnews.ga, 1
+stnl.de, 0
+stntrading.eu, 1
+sto-garant.nl, 1
+sto.ne, 1
+stock-analysis-on.net, 1
+stockageprive.net, 1
+stockanalysis.com, 1
+stockbrain.co.jp, 1
+stockbridge-ma.gov, 1
+stockbridgevt.gov, 1
+stockgraphicdesigns.com, 1
+stockholm.ga, 1
+stockholm.se, 1
+stockholmpride.org, 1
+stockhuntertrading.com, 1
+stockilluminati.com, 1
+stockmarkettoday.news, 1
+stockmeta.jp, 1
+stockpile.com, 1
+stockportny.gov, 1
+stockpricetrends.com, 1
+stocks-adviser.com, 1
+stockslam.ga, 1
+stocksnews.tk, 1
+stockspy.ru, 1
+stockstuck.com, 1
+stockt-shirtdesigns.com, 1
+stocktonengineering.co.uk, 1
+stocktout.info, 1
+stocktrader.com, 1
+stockway.tk, 1
+stockx.com, 1
+stockx.io, 1
+stockyards.com, 1
+stocorp.com, 1
+stocp.org, 1
+stoddardcountyclerk.gov, 1
+stodieck.com, 1
+stodlinjen.se, 1
+stoeckel.info, 0
+stoeckl-schmaus.com, 1
+stoemp.gent, 1
+stoffelnet.de, 1
+stoffhandwerk.tk, 1
+stohrm.com, 1
+stoianlawfirm.com, 1
+stoicatedy.ovh, 1
+stoicnotaries.com, 1
+stoicus.com.br, 1
+stoinov.com, 1
+stoiximatikesetairies.tv, 1
+stokl.com.au, 0
+stokrotkadelikatesy.pl, 1
+stolarka.tk, 1
+stolarstvi-jiriholy.cz, 1
+stolbart.com, 1
+stolensun.tk, 1
+stolin.info, 1
+stolina.de, 1
+stolkpotplanten.nl, 1
+stoll.info, 1
+stollen-wurm.de, 1
+stollenwurm.de, 1
+stolpe.tk, 1
+stolpe5674.tk, 1
+stolpersteine-dithmarschen.tk, 1
+stolpi.is, 0
+stoltz-it.de, 1
+stomaline.com.ua, 1
+stomatolog-czestochowa.cf, 1
+stomatolog-czestochowa.ga, 1
+stomatolog-czestochowa.gq, 1
+stomatolog.cf, 1
+stomatolog.ga, 1
+stomatologiya.gq, 1
+stomatologiya.ml, 1
+stomproced.ro, 1
+stomt.com, 1
+stoneagehealth.com.au, 1
+stonebriarpropertyinspections.com, 1
+stonechatjewellers.ie, 1
+stonecore.co, 0
+stonecountyar.gov, 1
+stonecutgods.com, 1
+stonedwarf5.net, 1
+stonedworms.de, 0
+stoneedgeconcrete.com, 1
+stonefoot.de, 1
+stonefusion.org.uk, 1
+stonegatewealth.com, 0
+stonegray.ca, 1
+stonehammerhead.org, 1
+stonehurstcap.com, 1
+stonemain.eu, 1
+stonemanbrasil.com.br, 1
+stoneocean.net, 1
+stoneproperty.ie, 1
+stonerwitch.tk, 1
+stonesfamilyrestaurant.com, 1
+stonesgarden.pl, 1
+stonetribute.tk, 1
+stonewallwcidtx.gov, 1
+stoneworld.ga, 1
+stonewuu.com, 1
+stoningtonboroughct.gov, 1
+stonkslab.com, 1
+stonsil.com, 1
+stonystratford.org, 1
+stoom-stichting.nl, 1
+stoomstichting.be, 1
+stoomstichting.biz, 1
+stoomstichting.com, 1
+stoomstichting.de, 1
+stoomstichting.eu, 1
+stoomstichting.info, 1
+stoomstichting.net, 1
+stoomstichting.nl, 1
+stoomstichting.org, 1
+stoomtreinhuren.nl, 1
+stoomtreinreizen.be, 1
+stoomtreinreizen.com, 1
+stoomtreinreizen.eu, 1
+stoomtreinreizen.nl, 1
+stoomtreinreizen.org, 1
+stop-acouphenes.ch, 1
+stop-activ.ga, 1
+stop-microsoft.org, 1
+stop-nikotin.tk, 1
+stop-russia.tk, 1
+stop-tihange.eu, 1
+stop-tihange.org, 1
+stop.pe, 1
+stopaggressivedriving.com, 1
+stopanskaleasing.mk, 1
+stopautoshop.bg, 1
+stopbullying.gov, 1
+stopever.com, 1
+stopforumspam.com, 1
+stopfraud.gov, 1
+stoph.at, 1
+stopillicit.com, 1
+stopka.tk, 1
+stopkadr-studio.ru, 1
+stopklopam.ru, 1
+stoplossoff.tk, 1
+stopmetbellen.be, 1
+stopmoustic.fr, 0
+stopoverconnections.com, 1
+stoppage.cf, 1
+stopransomware.gov, 1
+stoprat.fr, 1
+stopsmoke.gq, 1
+stopssherdenking.tk, 1
+stopsvet.ml, 1
+stopthemoss.com, 1
+stoptheperio.com, 1
+stopthethyroidmadness.com, 1
+stopthinkconnect.jp, 1
+stoptrading.co.uk, 1
+stopves.tk, 1
+stopvirus.in, 1
+stor-guard.com, 1
+storage-base.de, 1
+storage-books.gq, 1
+storage-in-motion.com, 1
+storageideas.uk, 1
+storagenewsletter.com, 1
+storageshedsnc.com, 1
+storck.com, 1
+stordbatlag.no, 1
+store-en-stock.com, 1
+store10.de, 0
+store71.it, 1
+storeandforward.email, 1
+storeandforward.eu, 1
+storeandforward.nl, 1
+storebusy.nz, 1
+storecard.tk, 1
+storecove.com, 0
+storedieu.com, 1
+storedsafe.com, 1
+storeforward.email, 1
+storeforward.eu, 1
+storeforward.net, 1
+storeforward.nl, 1
+storeforward.org, 1
+storefront.gq, 1
+storefrontcleaningchicago.com, 1
+storeisrael.co.il, 1
+storeit.co.uk, 1
+storemax.com.au, 1
+storepaperoomates.co.bw, 1
+storepaperoomates.com, 1
+storepaperoomates.net, 1
+storephotovoltaique.com, 1
+storeplus.ml, 1
+storepy.com.mx, 1
+storesonline.fr, 1
+storewebshop.com, 1
+storgaarddieu.com, 1
+stori.press, 1
+storiadellarte.com, 1
+storiadirectory.tk, 1
+storiagraph.com, 1
+stories-event.com.ua, 1
+stories-pro.com, 1
+storiesbysign.com, 1
+storillo.com, 1
+storin.nl, 1
+storipress.com, 1
+storipress.pro, 1
+storistalker.com, 1
+storj.io, 1
+storjar.com, 1
+storm-news.tk, 1
+stormairsoft.tk, 1
+storman.com, 1
+stormchile.cl, 1
+stormdamages.claims, 1
+stormestudios.tk, 1
+stormfest.tk, 1
+stormhub.ml, 1
+stormi.io, 1
+stormlab.tk, 1
+stormrider.tk, 1
+stormwatcher.org, 1
+stormylegions.tk, 1
+storspillercasino.com, 1
+storungssuche.com, 1
+storvann.net, 1
+storvann.no, 1
+storvault.co.za, 1
+story.be, 1
+story.nl, 1
+storyark.de, 1
+storyark.eu, 1
+storyboardmedia.cl, 1
+storybuilder.me, 1
+storyclash.com, 1
+storycollective.film, 1
+storycollective.nl, 1
+storycopy.org, 1
+storycycle.tk, 1
+storyland.ie, 1
+storyliebe.de, 1
+storymalayalam.com, 1
+storyoneforty.com, 1
+storysift.news, 1
+storytea.top, 1
+storytel.net, 1
+storytell.com, 1
+storytellingsales.com, 1
+storytime.hu, 1
+stotranidhi.com, 1
+stoumann.dk, 1
+stourstreet.com, 1
+stouter.nl, 1
+stoverepairaustin.com, 1
+stovokzal.com.ua, 1
+stoxford.com, 1
+stp-ip.com, 1
+stp-ip.net, 1
+stp.dev, 1
+stpatrick.tk, 1
+stpatrickathenscatskill.org, 1
+stpatrickbayshore.org, 1
+stpatrickkennettsquare.org, 1
+stpatrickri.org, 1
+stpatricks-pelham.com, 1
+stpatricksmapleridge.ca, 1
+stpatsschool.org, 1
+stpaulcatholicchurcheastnorriton.net, 1
+stpaulsbullville.org, 1
+stperseo.tk, 1
+stpetersresidence.org, 0
+stpioparish.com, 1
+stpip.com, 1
+stpip.net, 1
+stps.dk, 0
+str8hd.com, 1
+str92.com, 1
+straalatelier.com, 1
+straatderzotten.nl, 1
+stradedelvino.ch, 1
+stradsolutions.ga, 1
+strafe-muss-sein.at, 1
+strafensau.de, 1
+straffordpub.com, 1
+strahlende-augen.info, 1
+strahovanienet.tk, 1
+straightcurlyhair.tk, 1
+straightlinetutoring.com, 1
+straightnude.com, 1
+strail-english.jp, 1
+strajnar.si, 1
+straka.name, 1
+strakertranslations.com, 1
+strakh.tk, 1
+strakonak.cz, 1
+stralau.kicks-ass.net, 1
+stralingsonzin.com, 1
+strana-snov.tk, 1
+strana.ga, 1
+strandedinotter.space, 1
+strandfuif.tk, 1
+strandhaus-claassen.de, 1
+strandhaus-hinter-der-duene.de, 1
+strandhousedingle.com, 1
+strandkorb-jentzsch.de, 1
+strandom.ru, 1
+strandschnuppern.de, 0
+strange.ga, 1
+strangecharmlabs.com, 1
+strangeelectricdreams.com, 1
+strangelandrecording.com, 1
+strangelandrecordingstudios.com, 1
+strangelandsoundstage.com, 1
+strangelane.com, 1
+strangelanerecords.com, 1
+strangelittlecovers.tk, 1
+strangemusicbox.com, 1
+strangemusichollywood.com, 1
+strangemusicinc.com, 1
+strangemusicinc.net, 1
+strangeonline.tk, 1
+strangers-team.fr, 1
+strangerthanusual.de, 1
+strangerthingsmerch.co, 1
+strangestfacts.cf, 1
+strangevip.com, 1
+strangeways.ca, 1
+strangeworksinc.com, 1
+strangeworldmerch.com, 1
+strangeworldmerchandising.com, 1
+straniero.net, 1
+strankahrvatskogprava.tk, 1
+straphael-holyangels.com, 1
+strappazzon.xyz, 1
+strashtrading.com, 1
+strass-sur-mesure.fr, 1
+strassberger.tk, 1
+strasweb.fr, 1
+stratahealth.com, 1
+strategery.io, 1
+strategia.tk, 1
+strategicemailservices.com, 1
+strategicenvironmentalassessment.gov.scot, 1
+strategiclivingblog.com, 1
+strategicmanagementinsight.com, 1
+strategicmind.com, 1
+strategicpartnersmedia.com, 1
+strategie-zone.de, 1
+stratego-belgie.tk, 1
+strategy.it, 1
+strategy66.com, 1
+strategybusiness.ga, 1
+stratejm.com, 1
+stratekispiel.at, 1
+stratfordct.gov, 1
+stratfordnh.gov, 1
+stratfordwi.gov, 1
+stratforge.com, 1
+strathspeycrown.com, 1
+strati.com.br, 1
+stratible.com, 0
+stratik.com.co, 1
+stratinator.com, 1
+stratlibs.org.uk, 1
+stratmann-b.de, 1
+stratocumulus.legal, 1
+stratos.support, 1
+stratreg.com, 1
+stratsoftware.com, 1
+strattera.ga, 1
+strattonapps.com, 1
+strattonhats.com, 1
+stratuscloud.co.za, 1
+stratuscloud.group, 1
+stratuscloudconsulting.net, 1
+stratuspayments.net, 1
+stratussc.com, 1
+straubis.org, 1
+straubs.eu, 1
+strauss-advisor.de, 1
+strauss.eu.com, 1
+strauss.tirol, 1
+stravato.com, 1
+stravato.net, 1
+stravers.shoes, 1
+strawberries.tk, 1
+strawberry-laser.gr, 1
+strawberry-melon.com, 1
+strawberry.dk, 1
+strawberry.fi, 1
+strawberry.no, 1
+strawberry.se, 1
+strawberrydreadlocks.tk, 1
+strawberryhotels.com, 1
+strawberryplants.org, 1
+strawpoll.fi, 1
+stray-soul.com, 1
+straydio.co.uk, 1
+straylight.tk, 1
+strcat.ga, 1
+strd.co, 1
+stream-box.tk, 1
+stream.cz, 1
+stream.gifts, 1
+stream.ru, 0
+streamblur.net, 1
+streamchan.org, 1
+streamcraft.net, 1
+streamelements.com, 1
+streameo.tk, 1
+streamfood.tv, 1
+streamgato.com, 1
+streamgifter.com, 1
+streamgoalandres.ml, 1
+streaming-download.net, 1
+streamliner.fr, 1
+streamlinerg.com, 1
+streamlineverify.com, 1
+streamodz.com, 1
+streampanel.net, 1
+streams.dyndns.org, 1
+streamside.tk, 1
+streamsoft.pl, 1
+streamspouredout.com, 1
+streamtelly.com, 1
+streamurl.link, 1
+streamz.be, 1
+streamzilla.com, 1
+streathamfoodfestival.com, 1
+streekproducten.tk, 1
+streekwinkelkatlijk.nl, 1
+streem.com.au, 1
+streem.media, 1
+streemprn.xyz, 1
+streengis.tk, 1
+streepjesenstipjes.nl, 1
+street-clic.tk, 1
+street-hoops.tk, 1
+street-legal.tk, 1
+street-medics.fr, 1
+street-race.tk, 1
+street-racing.tk, 1
+streetart.tk, 1
+streetartcities.com, 1
+streetballromania.tk, 1
+streetcheck.co.uk, 1
+streetdancecenter.com, 1
+streetdreamz.tk, 1
+streetforceteam.tk, 1
+streetking.tk, 1
+streetliferadio.tk, 1
+streetlightdata.com, 1
+streetmaderecordz.tk, 1
+streets.mn, 1
+streetsalad.tk, 1
+streetshirts.co.uk, 1
+streetspirit.tk, 1
+streetspotr.com, 1
+streetstunters.tk, 1
+streetview.wien, 1
+streetwitnessing.org, 1
+streetwitnessingchurch.com, 1
+strefapi.com, 1
+strefapi.pl, 1
+strefarysunku.pl, 1
+strehl.tk, 1
+stremio.com, 1
+strenge-zucht.schule, 1
+strength-secure.com, 1
+strengthroots.com, 1
+stress-mess-punkte.de, 1
+stressdown.ml, 1
+stressed.tk, 1
+stressexplained.com, 1
+streszczenia.pl, 1
+stretchpc.com, 1
+stretchwrap.co.nz, 1
+strettoweb.com, 1
+striae.cf, 1
+striata.biz, 1
+striata.com, 1
+striata.info, 1
+striata.mobi, 1
+striata.org, 1
+stricken.gq, 1
+stricted.net, 1
+strictlynormal.com, 1
+strideengineering.com.au, 1
+strietwaelder-blaettche.de, 1
+strijdmeevoorvrede.gent, 1
+strijkkraal.tk, 1
+strijkshop.be, 1
+strikeone.io, 1
+strikeout.ga, 1
+strikers.cf, 1
+strikevectorex.com, 1
+strikezonesalessystems.com, 1
+strings.cf, 1
+stripe.com, 1
+stripe.network, 1
+stripecdn.com, 1
+striped.horse, 1
+stripped-anarchy.xyz, 1
+strippersinthehoodxxx.com, 1
+striptizer.tk, 1
+stritai.ru, 1
+strixmusic.com, 1
+strl-tunis.tk, 1
+strm.pl, 1
+strobe.cool, 1
+strobel.cl, 1
+strobotti.com, 1
+stroccounioncity.org, 1
+stroeck.at, 1
+stroeder.com, 1
+stroeder.de, 1
+stroeerdigital.de, 1
+stroginopk.ga, 1
+strogov.me, 1
+strogova.me, 1
+stroifenix.ru, 1
+stroigid.tk, 1
+stroimsami.tk, 1
+stroimvse.ml, 1
+stroiproect.tk, 1
+strojmaster.tk, 1
+strokesb.store, 1
+strokesurvivor.nz, 1
+strom.family, 1
+stromak.cz, 0
+stromberg.marketing, 1
+stromectol.gq, 1
+stromkomfort.cz, 1
+stromvergleichgaspreis.de, 1
+stromzivota.sk, 1
+strona-na-medal.pl, 1
+strong-game.com, 1
+strong-iptv.online, 1
+strongblock.com, 1
+strongdm.com, 1
+strongencryption.org, 1
+stronger-communities.org.uk, 1
+strongercommunity.org.uk, 1
+strongergateway.com, 1
+stronghermoney.com, 0
+strongholdinc.co.nz, 1
+strongmind.be, 1
+strongohio.gov, 1
+strongpassword.club, 1
+strongrandom.com, 0
+strongroom.ai, 1
+strongsalpinesucculents.com, 1
+strongtomorrow.tk, 1
+strongtoto.com, 1
+strongtowerpc.com, 1
+stroomacties.nl, 1
+strooming.nl, 0
+stroopwafel.ch, 1
+stropek.eu, 1
+strophicmusic.com, 1
+stropkova.eu, 1
+strosebelmar.com, 1
+strotmann.de, 1
+strousberg.net, 1
+stroy-klg.ru, 1
+stroyca.tk, 1
+stroydvor.tk, 1
+stroyka-iz-brusa.ru, 1
+stroykomi.tk, 1
+stroymart.bg, 1
+stroymex.online, 1
+stroynet.ml, 1
+stroyservice-tver.ru, 1
+strozik.de, 1
+strrl.com, 1
+strtrade.com, 1
+structurally.net, 1
+structure.gov.au, 1
+strugee.net, 1
+strullmeier.eu, 1
+strumpe.lv, 1
+strunecka.cz, 1
+struxureon.com, 1
+strydom.me.uk, 1
+strypsteen.com, 1
+strypsteen.me, 1
+strzelcy.org.pl, 1
+sts-consulting.it, 1
+stscecyteo.org, 1
+stsen.de, 1
+stsolarenerji.com, 1
+ststanislaus.com, 1
+ststanstrans.org, 1
+ststephensc.gov, 1
+sttammanyurology.com, 1
+sttelemediagdc.in, 1
+sttf.org.uk, 1
+stthomasbrigantine.org, 1
+stthomaschurchri.org, 1
+sttl-topographie.com, 1
+sttpk.id, 0
+sttrv.ru, 1
+stuartbeard.com, 1
+stuartbell.co.uk, 1
+stuartbell.uk, 1
+stuartcrawford.co.nz, 1
+stuartcrawford.nz, 1
+stuarteggerton.com, 1
+stuartfl.gov, 1
+stuartmorris.id.au, 1
+stuartmorris.me, 1
+stuartmorris.name, 1
+stuartmorris.tel, 1
+stuartmoving.com, 1
+stuartparsons.com, 1
+stubbings.de, 0
+stubbingsmail.de, 1
+stubbmail.de, 1
+stubentiga.de, 1
+stuccokingsfl.com, 1
+stuckateur-bruno.de, 0
+stucki-bagger.ch, 1
+stuckwithme.tk, 1
+stucydee.nl, 1
+stud-lib.ml, 1
+studay.fr, 1
+studboo.com, 1
+student.andover.edu, 1
+studentaid.gov, 1
+studentenmobiliteit.be, 1
+studentenplaza.tk, 1
+studentenwerk.sh, 1
+studenterguiden.dk, 1
+studentforums.biz, 1
+studenti.tk, 1
+studentinaneta.com, 1
+studentingent.be, 1
+studentite.bg, 1
+studentjournalist.ml, 1
+studentklinikk.no, 1
+studentloans.gov, 1
+studentnep.tk, 1
+studentpop.com, 1
+studentproject.be, 1
+studentquickpay.com, 1
+studentrobotics.org, 1
+students4sports.org, 1
+studentse.fr, 1
+studentsfirstnb.com, 1
+studentstc.cz, 1
+studenttenant.com, 1
+studi-luar-negeri.tk, 1
+studiedeals.dk, 0
+studiekort.se, 1
+studiekortet.com, 1
+studiekortet.eu, 1
+studiekortet.net, 1
+studiekortet.nu, 1
+studiekortet.org, 1
+studiekortet.se, 1
+studienportal.eu, 1
+studierttomnoch.de, 1
+studio-54.tk, 1
+studio-637.com, 1
+studio-abok.com, 1
+studio-architetto.com, 1
+studio-fotografico.ru, 1
+studio-impress.com, 1
+studio-mir.tk, 1
+studio-n.pl, 1
+studio-np.ru, 1
+studio-one.ru, 1
+studio-satellite.com, 1
+studio32.tk, 1
+studio4101.ga, 1
+studio413.net, 1
+studio54.tk, 1
+studio678.com, 0
+studio91.tk, 1
+studioabq.com, 1
+studioadevents.com, 1
+studioamai.be, 1
+studioamoureus.nl, 1
+studioandrew.tk, 1
+studioavvocato.milano.it, 1
+studioavvocato.roma.it, 1
+studioavvocato24.it, 1
+studiobrandano.com, 1
+studiocharloslivro.tk, 1
+studioclassic.no, 1
+studiodelbenessere.com, 1
+studiodentisticomasi.com, 1
+studiodentisticosanmarco.it, 0
+studiodoprazer.com.br, 1
+studiodpe.com, 0
+studiodriban.com, 0
+studioelo.com.br, 0
+studioevent.tk, 1
+studiofpvet.it, 1
+studiofutbol.com.ec, 1
+studiogears.com, 1
+studiograou.com, 1
+studiogronda.it, 1
+studiohelder.fr, 0
+studiohomebase.amsterdam, 1
+studiolegalemarchi.tk, 1
+studiolegalepaternostro.it, 1
+studiolive.club, 1
+studiolu.tk, 1
+studiolupotti.it, 1
+studiomarcella.com, 1
+studiomenfis.com, 1
+studionowystyl.pl, 1
+studiopanamaitalia.com, 1
+studiopirrate.com, 1
+studioriehl.com, 1
+studioshiftup.net, 1
+studiosql.ml, 1
+studiostawki.com, 1
+studiostudio.net, 1
+studiosuracidenunzio.it, 1
+studiotheatrestains.fr, 1
+studiotolsta.com, 1
+studiovaud.com, 0
+studiowildverband.nl, 1
+studiozef.tk, 1
+studiozes.nl, 1
+studipad.de, 1
+studipro-formation.fr, 1
+studipro-marketing.fr, 1
+studipro.fr, 1
+studisys.net, 1
+studium.cz, 1
+studius.gq, 1
+studiweb.pro, 1
+studport.rv.ua, 1
+studsovet.cf, 1
+studsovet.tk, 1
+studuj.digital, 1
+studujdigital.cz, 1
+studujdigital.eu, 1
+studwebs.ml, 1
+studyarabic.info, 1
+studyarch.tk, 1
+studybay.com, 0
+studybeans.org, 1
+studyclerk.com, 1
+studyero.com, 1
+studyhacker.jp, 1
+studyhacker.net, 1
+studyhub.cf, 1
+studyin.jp, 1
+studyinaustraliafair.africa, 1
+studying-neet.com, 1
+studylink.com, 1
+studylish.com, 1
+studyme.ml, 1
+studynoun.com, 1
+studyosepeti.com, 1
+studyportal.net, 1
+studyservice.net, 1
+studysive.com, 1
+studyspanish-lapaz-bolivia.tk, 1
+studystack.ml, 1
+studytactics.com, 1
+studytour.ml, 1
+studytube.nl, 0
+stuermer.me, 1
+stuetzredli.ch, 1
+stuff-fibre.co.nz, 1
+stuffi.fr, 1
+stuffiwouldbuy.com, 0
+stuffsearth.com, 1
+stuhrs.dk, 1
+stuka-art.de, 0
+stulda.cz, 1
+stumeta.de, 1
+stumeta2018.de, 1
+stumeta2019.de, 1
+stumf.si, 1
+stumpblog.com, 1
+stunnel.org, 1
+stunner.watch, 1
+stunning-dresses.com, 1
+stunningautos.com, 1
+stunningbikecotours.com, 1
+stunninggdansk.com, 1
+stunningkrakow.com, 1
+stunningpoland.com, 1
+stunningpoznan.com, 1
+stunningszczecin.com, 1
+stunningwarsaw.com, 1
+stunningwroclaw.com, 1
+stunov.ga, 1
+stunov.gq, 1
+stuntman.ga, 1
+stuntman.tk, 1
+stuntmen.xyz, 1
+stuntx-server.ga, 1
+stupendousproduce.com, 1
+stuphid.tk, 1
+stupidcupid.tk, 1
+stupidest.org, 1
+stupidstatetricks.com, 1
+stupidthoughts.tk, 1
+stupino-stroy.cf, 1
+sturdybusiness.com, 1
+sturents.com, 1
+sturgeonbaywi.gov, 1
+stut.tk, 1
+stutelage.com, 1
+stutsmancounty.gov, 1
+stuttgart.ga, 1
+stuudium-mail.ee, 1
+stuudium.cloud, 1
+stuudium.com, 1
+stuudium.eu, 1
+stuudium.life, 1
+stuudium.link, 1
+stuudium.net, 1
+stuudium.org, 1
+stuudium.pro, 1
+stuut.info, 1
+stuvel.eu, 1
+stuvus.de, 1
+stuvus.uni-stuttgart.de, 1
+stuyvesantoutdoor.com, 1
+stv.lol, 0
+stview.me, 1
+stvrainsdco.gov, 1
+stwcforum.tk, 1
+stwcreation.com, 1
+stworzwirusa.tk, 1
+stx.ie, 1
+stygium.net, 0
+styilishdress.tk, 1
+style-style.com, 1
+stylearray.com, 1
+stylebajumuslim.com, 1
+stylebeat.tk, 1
+styleci.io, 1
+styleclub.tk, 1
+stylecollective.us, 1
+styledbysally.com.au, 1
+styleelite.tk, 1
+styleetvieperfumes.com, 1
+styleflow.nl, 1
+stylemall.tk, 1
+stylepixo.com, 1
+stylerecap.com, 1
+stylesaag.com, 1
+stylesinmotion.co, 1
+stylesound.tk, 1
+styletheweb.cf, 1
+styletron.org, 1
+stylett.ru, 1
+styletyx.com, 1
+stylewish.me, 1
+stylezutra.com, 1
+stylidafm.gr, 1
+stylight.co.uk, 1
+stylight.com, 1
+stylight.de, 1
+stylight.fr, 1
+stylight.it, 1
+stylight.nl, 1
+stylingstudio.ga, 1
+stylistbazaar.com, 0
+stylle.me, 1
+styllussports.com.br, 1
+stylodessens.fr, 1
+stylspire.com, 1
+styplon.cf, 1
+stypr.com, 1
+styriswaste.com, 1
+styxxx.de, 1
+su-kacagi.istanbul, 1
+su1ph3r.io, 1
+suachuanha365.com, 1
+suagent.com, 0
+sualkuchionline.tk, 1
+suamicowi.gov, 1
+suatdautu.com, 1
+suaudeau.fr, 1
+suaudeau.org, 1
+suayslim.com, 1
+sub-etha.se, 1
+sub-health.org, 1
+sub-net.at, 1
+sub-topia.de, 1
+subahankamal.tk, 1
+subalert.com, 1
+subanelvolumen.tk, 1
+subaru.pl, 1
+subarudev.pl, 1
+subarupartsdeal.com, 1
+subarus.tk, 1
+subaruxv.pl, 1
+subastasdecarros.net, 1
+subastatutraslado.com.mx, 1
+subbacultcha.tk, 1
+subdev.org, 1
+subdimension.org, 1
+subdivider.tk, 1
+subestan.tk, 1
+subgirl.ga, 1
+subiblia.com, 1
+subic.ga, 1
+subilarch.net, 0
+subject-barred.cf, 1
+subject-barred.ga, 1
+subjecto.com, 0
+subjektzentrisch.de, 1
+sublettecountywy.gov, 1
+sublimacaoshop.com.br, 1
+sublimated.tk, 1
+sublimedigitals.com, 1
+sublimesurface.fr, 1
+sublimetours.com, 1
+sublimigeek.fr, 1
+subliminalrecorder.com, 1
+subliminalrecordingsystem.com, 1
+submeet.vet, 1
+submelon.tech, 1
+submit-link.cf, 1
+submiteads.tk, 1
+submittable.com, 1
+submityou-rlink.tk, 1
+submityour-link.tk, 1
+subology.co, 1
+suborbital.io, 1
+subpage.tk, 1
+subscription-list.com, 1
+subscription-plus.uk, 1
+subscriptionplus.uk, 1
+subserv.tk, 1
+subsidioalempleo.cl, 1
+subsistence.wiki, 1
+subsitude.tk, 1
+subsoft.tk, 1
+substanceandprogram.info, 1
+substances.be, 1
+substitutealert.com, 1
+substore.co.il, 1
+subteen.gq, 1
+subterra.tk, 1
+subtitry.ru, 1
+subtituleros.tk, 1
+suburb.social, 1
+suburban-landscape.net, 1
+suburbaninfinitioftroyparts.com, 1
+suburbanprojects.com.au, 1
+suburbanpsych.org, 1
+suburbanurologic.com, 1
+suburbanweldingandsteel.com, 1
+suburbass.tk, 1
+suburbservice.net, 0
+subversionnews.tk, 1
+subvetcustoms.com, 1
+subway.co.id, 1
+subwaysurfers.tk, 1
+subwaytrain.tk, 1
+succesprojekter.dk, 1
+successbox.vn, 1
+successclicker.tk, 1
+successdeliv.com, 1
+successemails.ml, 1
+successive.tech, 1
+successminds.com, 1
+successrice.com, 1
+succmy.wang, 1
+succorfish.net, 1
+succubus.network, 1
+succubus.xxx, 1
+succulentplantguru.com, 1
+succulenty.ru, 1
+sucessclick.gq, 1
+suche.org, 1
+suchhire.com, 1
+suchhunde.wien, 1
+suchmaschinen-werkstatt.de, 1
+suckerpunch.com, 1
+suckmyan.us, 0
+sucomaga.jp, 1
+sucretown.net, 1
+sucro.us, 1
+sucsses.cf, 1
+sucsses.ga, 1
+sucsses.gq, 1
+sudabaus.com, 1
+sudak-turizm.tk, 1
+sudametrica.tk, 1
+sudanell.tk, 1
+sudanindependent.net, 1
+sudaraka.org, 0
+suddenlysavvy.com, 1
+sudeleycastle.co.uk, 1
+sudo.li, 1
+sudo.ws, 1
+sudoash.com, 1
+sudocat.me, 1
+sudoctor.co, 1
+sudoku-insight.tk, 1
+sudoku.org.ua, 1
+sudoless.com, 1
+sudoless.eu, 1
+sudoless.net, 1
+sudosaveclimate.com, 1
+sudoschool.com, 1
+sudosu.fr, 1
+sudrania.com, 1
+sudtirol.com, 1
+sudya-dredd.ru, 1
+suecaunitedfc.tk, 1
+suedtirolerhotels.it, 1
+sueletricidade.pt, 1
+suelyonjones.com, 1
+suempresa.cloud, 1
+suenotek.com, 1
+sueperclean.com, 1
+suerteloteria.com, 1
+suessenbecker.de, 1
+suessundbitter.de, 1
+suevia-ka.de, 1
+suff.co, 1
+suffix.ru, 1
+sufix.cz, 1
+sufleu.ro, 1
+sufleuri.ro, 1
+sug.hr, 1
+sugarbrother.com, 0
+sugarcube.ml, 1
+sugarcube.tk, 1
+sugardaddy.network, 1
+sugardating.network, 1
+sugarfans.com, 1
+sugarfetch.com, 1
+sugargrant.gq, 1
+sugarhillsfarm.com, 1
+sugarlandsara.com, 1
+sugarlandurology.com, 1
+sugarondemand.com, 1
+sugaropencloud.eu, 1
+sugaropencloud.uk, 1
+sugarpiano.com, 1
+sugarroll.ml, 1
+sugarsalted.com, 1
+sugarshin.net, 1
+sugartownfarm.com, 1
+sugaru.pe, 1
+sugatime.tk, 1
+sugattor.ga, 1
+sugawara-soroban.com, 1
+suggea.com, 1
+suggestim.ch, 0
+sugoicraft.tk, 1
+sugos.cf, 1
+sugos.ga, 1
+sugos.gq, 1
+sugos.ml, 1
+suhost.com.br, 1
+suhost.site, 1
+suicide.gq, 1
+suicidegirls.cf, 1
+suicidepreventioncenter.tk, 1
+suijo-bus.osaka, 1
+suike.com, 1
+suikerspinnetje.nl, 1
+suisui.stream, 1
+suite360sel.org, 1
+suiteassured.com, 1
+suitecrm.com, 1
+suitesapp.com, 1
+suitocracy.com, 1
+sujal.com, 1
+sujatadev.in, 1
+sujiao.de, 1
+sujoydhar.in, 1
+sukamusik.tk, 1
+suke3.jp, 1
+suki.moe, 1
+sukiu.net, 1
+sukker-oaxaca.com, 1
+sukoyakapp.com, 1
+sukrie.net, 1
+sukruarslan.tk, 1
+suksit.com, 0
+sulabs.org, 1
+sulakskii-canyon.ru, 1
+sulavius.tech, 1
+sulawesi-adventure.tk, 1
+suleeka.tk, 1
+sulek.eu, 1
+sulemanmalik.tk, 1
+sulemanquotes.tk, 1
+suleri.tk, 1
+sulfegate.org, 1
+sulkmen.tk, 1
+sullivancountypa.gov, 1
+sulman4paf.tk, 1
+sulphurspringsar.gov, 1
+sultans.tk, 1
+sulytics-tool.com, 1
+sum1.tk, 1
+suma.coop, 1
+sumac.is, 1
+sumakola.space, 1
+sumanai.gq, 1
+sumanai.tk, 1
+sumantv.com, 1
+sumaque.com, 1
+sumatogroup.com, 1
+sumatphoto.com, 1
+sumatrabarat.cf, 1
+sumatrabarat.ga, 1
+sumatrabarat.gq, 1
+sumatrabarat.ml, 1
+sumatrabarat.tk, 1
+sumatraselatan.cf, 1
+sumatraselatan.ga, 1
+sumatraselatan.gq, 1
+sumatraselatan.ml, 1
+sumatraselatan.tk, 1
+sumatrautara.cf, 1
+sumatrautara.ga, 1
+sumatrautara.gq, 1
+sumatrautara.ml, 1
+sumatrautara.tk, 1
+sumatriptan365.tk, 1
+sumbur.ga, 1
+sumcrevillent.tk, 1
+sumecho.com, 1
+sumguy.com, 1
+sumhost.ml, 1
+sumiko.moe, 1
+sumill.com, 1
+sumire.ne.jp, 1
+sumisa.cf, 1
+sumit.blog, 1
+sumit.sh, 1
+sumitbot.ga, 1
+sumitchahal.blog, 1
+sumitchahal.com, 1
+sumitronics.com.tw, 1
+sumiyakimatsu.com, 1
+sumkunado.ru, 1
+summa.es, 1
+summa.eu, 0
+summarized.gq, 1
+summaryexecution.com, 1
+summaryexecution.net, 1
+summaryexecution.org, 1
+summer.ga, 1
+summer.today, 1
+summeracademy-china.org, 1
+summerbo.at, 1
+summercampthailand.com, 1
+summerdance.tk, 1
+summerfieldtwpmonroemi.gov, 1
+summerjam.de, 1
+summermc.cc, 1
+summermovies.nyc, 1
+summerstylessalon.com, 1
+summing.ga, 1
+summit-humanpotential.com, 1
+summit-level.ru, 1
+summit-research.org, 1
+summitcountyboe.gov, 1
+summitcustomsbrokers.com, 1
+summitdentistry.nl, 1
+summiteyekc.com, 1
+summitlighthousela.org, 1
+summitms.gov, 1
+summitseodesign.com, 1
+sumner-jc-wi.gov, 1
+sumochki.tk, 1
+sumppumpchicagoil.com, 1
+sumpters.co.nz, 1
+sumran.in, 1
+sumtercountysc.gov, 1
+sumterhousecleaning.com, 1
+sumthing.com, 1
+sumtotal.host, 1
+sumtotallab.host, 1
+sumutoday.com, 1
+sumzero.com, 1
+sun-beach.com.ua, 1
+sun-host.ml, 1
+sun-lounge.be, 1
+sun-shield.fr, 1
+sun-studio.tk, 1
+sun-wellness-online.com.vn, 0
+sun1218.com, 1
+sun1245.com, 1
+sun1338.com, 1
+sun1345.com, 1
+sun1378.com, 1
+sun668.asia, 1
+sun668.co, 1
+sunbeltasphalt.com, 1
+sunbirdgrove.com, 1
+sunbit.com, 1
+sunblind.tk, 1
+sunbnice.com, 1
+sunburstdata.com, 1
+sunby.jp, 1
+sunby.org, 1
+suncanary.tk, 1
+suncat.tk, 1
+sunchasercats.com, 1
+sunchild.ml, 1
+suncity288.com, 1
+suncity288.net, 1
+suncity8118.cn, 1
+suncity8118.com, 1
+suncity818.cn, 1
+suncity818.com, 1
+suncity818.net, 1
+suncity8338.cn, 1
+suncity8338.com, 1
+suncity858.cn, 1
+suncity858.com, 1
+suncity8668.com, 1
+suncity8998.com, 1
+suncitycinemas.com, 1
+suncloud.ch, 0
+suncoastdisplays.com, 1
+suncoastrebuilding.com, 1
+suncomegrain.ga, 1
+sundanceusa.com, 1
+sunday.pm, 1
+sundayfundayjapan.com, 1
+sundaysky.com, 1
+sunderland.ac.uk, 1
+sunderlandmoneyman.com, 1
+sundhedsdatastyrelsen.dk, 1
+sundhedsvejen.dk, 1
+sundialpowdercoating.com, 1
+sundiel.tk, 1
+sundoctors.com.au, 0
+suneilpatel.com, 1
+sunfeathers.net, 1
+sunfiregold.com, 1
+sunfireshop.com.br, 1
+sunflare.tk, 1
+sunflowercircuitclerk.gov, 1
+sunflyer.cn, 1
+sunfox.cz, 1
+sunfulong.me, 1
+sungalsses.ml, 1
+sunglassstyle.co.nz, 1
+sungreen.info, 1
+sunhaoxiang.net, 1
+sunhills23.ru, 1
+sunho.net.tw, 1
+suniru.com, 0
+sunjaydhama.com, 1
+sunjiutuo.com, 1
+sunjob.tk, 1
+sunkar.tk, 1
+sunkavallymd.com, 1
+sunkimurology.com, 1
+sunlit.cloud, 1
+sunmeiren.com, 1
+sunn.ie, 1
+sunnuntaileivonta.fi, 1
+sunnuntaimargariini.fi, 1
+sunnuntaipaasiainen.fi, 1
+sunnuntaipiirakka.fi, 1
+sunnuslight.com, 1
+sunny.co.uk, 1
+sunnyhome.tk, 1
+sunnylyx.com, 1
+sunnynetworks.net, 1
+sunnyoxygen.xyz, 1
+sunnyside-jazzclub.com, 1
+sunnysideinc.ca, 1
+sunnyssingh.tk, 1
+sunnyx3m.com, 1
+sunokuran.tk, 1
+sunpax.ga, 1
+sunpig.com.my, 1
+sunpig.com.sg, 1
+sunpig.my, 1
+sunpig.sg, 1
+sunplay.host, 1
+sunpower.id, 1
+sunradio.tk, 1
+sunred.info, 1
+sunred.org, 1
+sunrichtec.com, 1
+sunrise.tk, 1
+sunrisebeachmo.gov, 1
+sunrisebeachtx.gov, 1
+sunrisesolutionsutah.com, 1
+sunrisewhen.com, 1
+sunroof.ga, 1
+sunroomsbywoodland.com, 1
+sunroomsbywoodlandwindows.com, 1
+sunroomschicagoil.com, 1
+sunsafe.se, 1
+sunsdesign.net, 1
+sunsetfire.de, 1
+sunsetmusic.tk, 1
+sunsetnelson.com, 1
+sunsetservicecentre.ca, 1
+sunsetweb.fr, 1
+sunsetwx.com, 1
+sunshilin.tk, 1
+sunshine-cleaners.com.au, 1
+sunshinefrontier.tk, 1
+sunshinelife.tk, 1
+sunshineoilstop.com, 1
+sunshinerequest.com, 1
+sunshinesf.org, 1
+sunshinesramblings.com, 1
+sunskyview.com, 1
+sunsong.org, 1
+sunsparksolar.co.uk, 1
+sunsquare.cz, 1
+sunstar.bg, 1
+sunstaroptical.com, 1
+sunsumba.com, 1
+sunsun-jewelry.com, 1
+sunsun.co, 1
+sunsun.com.sg, 1
+sunsungem.com, 1
+sunsungems.com, 1
+sunsunjewellery.com, 1
+sunsunjewelry.com, 1
+sunsunjewelry.net, 1
+sunsunjewelry.org, 1
+sunticschool.org, 1
+sunvillas.vn, 1
+sunwahpanama.com, 1
+sunwayxfarms.com, 1
+sunwei-proxy.tk, 1
+sunwolf.studio, 1
+sunyanzi.cf, 1
+sunyanzi.tk, 1
+suomensotilas.fi, 1
+suomentilitoimistot.fi, 1
+suomiheraa.com, 1
+suomika.pl, 1
+suourl.com, 0
+sup-net.de, 1
+supa.sexy, 1
+supasomsak.de, 1
+supazena.com, 1
+supdajuice.tk, 1
+supedio.com, 1
+supedium.com, 1
+supel.cf, 1
+supel.ga, 1
+supel.gq, 1
+supel.ml, 1
+super-60.ag, 1
+super-60.biz, 1
+super-60.com, 1
+super-60.de, 1
+super-60.eu, 1
+super-60.info, 1
+super-60.net, 1
+super-60.org, 1
+super-baik.tk, 1
+super-boy.tk, 1
+super-gs.jp, 1
+super-knighki.gq, 1
+super-lolitas.tk, 1
+super-net.tk, 1
+super-o-blog.com, 1
+super-puper.su, 0
+super-silicon.com, 1
+super-trophy.de, 1
+super11.nl, 1
+super365.info, 1
+super365aa.com, 1
+super60.ag, 1
+super60.biz, 1
+super60.de, 1
+super60.eu, 1
+super60.info, 1
+super60.net, 1
+super60.org, 1
+super60plus.de, 1
+superaficionados.com, 1
+superalem.org, 1
+superb.games, 0
+superb.net, 1
+superbart.nl, 1
+superbaskirskij-med.tk, 1
+superbdistribute.com, 1
+superbestpalsclub.tk, 1
+superbir.net, 1
+superbomber.tk, 1
+superboom.dance, 1
+superbouncebouncycastles.com, 1
+superbowlkneel.com, 1
+superbugs.nl, 1
+superbuy.com.tw, 1
+supercalorias.com, 1
+supercarpets.ru, 1
+supercarrot.tk, 1
+supercastlesadelaide.com.au, 1
+supercastlesbrisbane.com.au, 1
+supercastlesmelbourne.com.au, 1
+supercastlessouthsydney.com.au, 1
+supercastlessunshinecoast.com.au, 1
+supercentenarian.com, 1
+supercharged.co.uk, 1
+supercinebattle.fr, 1
+supercontent.cf, 1
+supercontent.ga, 1
+supercontent.ml, 1
+supercontent.tk, 1
+supercorp.cf, 1
+supercours.net, 1
+superdaddy.club, 1
+superdeals.cf, 1
+superdolly.cf, 1
+superdolly.ga, 1
+superdolly.gq, 1
+superdolly.ml, 1
+superdrillers.tk, 1
+superdroni.com, 1
+supereduc.cl, 1
+superenduro.net, 1
+superfaktura.at, 1
+superfaktura.cz, 1
+superfaktura.sk, 1
+superfans.top, 1
+superfastpress.com, 1
+superfastquintessentially.co.uk, 1
+superfavorite.tk, 1
+superfluous.tk, 1
+superfly.tk, 1
+superfoodsexplained.com, 1
+superfury.tk, 1
+supergmtransport.com.au, 1
+supergood.ga, 1
+supergoods.tk, 1
+supergoop.com, 1
+supergrandmasternetwork.com, 1
+supergroup.tk, 1
+superguide.com.au, 1
+superhappiness.com, 1
+superherba.cz, 1
+superherofactory.hu, 1
+superhits.gq, 1
+superhumanendurance.ga, 1
+superhyp.de, 1
+superidea.in, 1
+superidropulitrice.com, 1
+superiordetail.tk, 1
+superiorinngrandmarais.com, 1
+superiormanifestations.com, 1
+superiormusic.tk, 1
+superioroptical.com, 1
+superioropticalva.com, 1
+superiorseamlessinc.com, 1
+superiorvision.com, 1
+superiorwi.gov, 1
+superis.eu, 1
+superkakdoma.ru, 1
+superklima.ro, 0
+superkonsult.se, 1
+superkrasota.tk, 1
+superlevel.de, 1
+superlight.tk, 1
+superlisa.nl, 1
+superlog.tk, 1
+superlol.tk, 1
+supermae.pt, 1
+supermagna.tk, 1
+supermanera.tk, 1
+supermarkets.ga, 1
+supermart.tk, 1
+supermarx.nl, 1
+supermedia.cool, 1
+supermeitw.com, 1
+supermercadosdia.com.ar, 1
+supermercato24.it, 1
+supermil.ch, 1
+supermini-games.tk, 1
+supermustang.tk, 1
+supern0va.net, 0
+supernatural-fans.tk, 1
+supernaturalbrand.com, 1
+supernaut.info, 1
+supernogi.ga, 1
+supernovicebaker.com, 1
+superpaczka24.pl, 1
+superpase.com, 1
+superpi.noip.me, 1
+superpollo.com.ec, 1
+superpowerexperts.com, 1
+superraclette.fr, 1
+supersahnetorten.de, 1
+superseguros.gob.do, 1
+superservers.ml, 1
+supershrooms.nl, 1
+supersisi.cf, 1
+supersisi.ml, 1
+superskidki.cf, 1
+supersmashflash.com, 1
+supersocial.net, 1
+supersole.net, 0
+supersolenoid.tk, 1
+supersonicsoft.com, 1
+superstargossip.com, 1
+superstarhost.tk, 1
+superstart.tk, 1
+supersteosbouncycastles.com, 1
+superstone.diamonds, 1
+superstropdas.nl, 1
+supersu.kr, 1
+superswingtrainer.com, 1
+supertape.com, 1
+supertrade.tk, 1
+supertrophy.de, 1
+supertutorial.com.br, 1
+superunion.com, 1
+superuser.one, 1
+supervasan.se, 1
+supervets.com.au, 1
+supervisorbullying.com, 1
+superway.es, 1
+superwhoopi.tk, 1
+superworks.com, 1
+superzaim.ga, 1
+supfood.cz, 1
+suphelper.ru, 1
+supholsterycleaningbrisbane.com.au, 1
+supholsterycleaningcanberra.com.au, 1
+supholsterycleaningmelbourne.com.au, 1
+supholsterycleaningperth.com.au, 1
+supholsterycleaningsydney.com.au, 1
+supioka.com, 1
+suplementasi.com, 1
+suplery.com, 1
+suplindex.com, 1
+suplments.co.uk, 1
+suplments.com, 1
+suplments.de, 1
+suplments.fr, 1
+suplments.it, 1
+suplments.pt, 1
+supmil.net, 1
+suppchat.ru, 1
+suppdeals.eu, 1
+supperclub.net, 1
+suppernova.com, 1
+supplement.cf, 1
+supplementaanbiedingen.nl, 1
+supplementalconditions.com, 1
+supplementpolice.tk, 1
+supplements101.net, 1
+supplementwarehouseonline.com, 1
+supplhi.com, 1
+supplierlinkup.com, 1
+suppliersession2021.com, 1
+supplies24.at, 1
+supplies24.es, 1
+supplychainriskmanagement.com, 1
+supplynation.org.au, 1
+supplyoutlook.com, 1
+support-ticino.ch, 1
+support.it, 1
+support.mayfirst.org, 0
+support1448.com, 1
+support1448.org, 1
+support4professionals.nl, 1
+supportal.one, 1
+supportericking.org, 1
+supportfan.gov, 1
+supportiv.com, 0
+supportivecare.org, 1
+supportlafd.org, 1
+supportme123.com, 0
+supportmeindia.com, 1
+suppos-net.tk, 1
+supra.tf, 1
+supracube.com, 1
+supraelco.com, 1
+suprax365.tk, 1
+suprem.biz, 0
+suprem.ch, 0
+supremacrypt.com, 1
+supreme-council.me, 1
+supreme-court.tk, 1
+suprememale.tk, 1
+supremestandards.com, 1
+suprintbot.xyz, 1
+supriville.com.br, 1
+supropionegocio.tk, 1
+supweb.ovh, 0
+supwoman.site, 1
+supya.co, 1
+suranganet.tk, 1
+surasak.org, 1
+surasak.tk, 1
+suravi.in.net, 1
+suraya.online, 1
+sure-it.de, 1
+surebets.bet, 1
+surecloud.com, 0
+surefit-oms.com, 1
+surefleet.com.au, 1
+surelyhired.com, 1
+suresi.com.tr, 1
+suresi.gen.tr, 1
+surest.com, 0
+surf1969.tk, 1
+surfacespots.ga, 1
+surfandturfroofing.com, 1
+surfenergy.tk, 1
+surfkath.de, 1
+surflessonslisbon.com, 1
+surfnetkids.com, 1
+surfnetparents.com, 1
+surfocal.com, 0
+surfocal.net, 1
+surfoleon.tk, 1
+surfseo.ml, 1
+surfseo.tk, 1
+surfsm2.ddns.net, 1
+surgatekno.com, 1
+surgeholdinggroup.com, 1
+surgeongeneral.gov, 1
+surgicalassociates.sg, 1
+surgicalassociateswny.com, 1
+surgicalresourcesgroup.com, 1
+surgispa.net, 1
+surgoinsvilletn.gov, 1
+surialternat.tk, 1
+surik.de, 1
+surikov.tk, 1
+suriname.tk, 1
+surl.win, 1
+surma.tk, 1
+surnganet.tk, 1
+suroil.com, 1
+suroot.moe, 1
+suros.com.tw, 0
+surpassexam.com, 1
+surpasshosting.com, 1
+surplusdirectory.ml, 1
+surplusrecord.com, 1
+surpreem.com, 1
+surprisepubliclibrary.gov, 1
+surpriz-net.tk, 1
+surrealdb.com, 1
+surrealistas.tk, 1
+surreycyclingclub.co.uk, 1
+surreyheathyc.org.uk, 0
+surreysportspark.co.uk, 1
+surrogacyaccount.com, 1
+surrycountync.gov, 1
+surrycountyncvotes.gov, 1
+surthriveak.com, 1
+suruifu.com, 1
+suruifu.tk, 1
+suruno.com, 0
+survature.com, 1
+surveer.com, 1
+surveyapp.io, 1
+surveyberbayar.com, 1
+surveyhealthcare.com, 1
+surveyorcloud.com, 1
+surveyremover.tk, 1
+surveyspy.net, 1
+surveytester.com, 1
+surveyviet.com, 1
+survicate.com, 1
+survival-mastery.com, 0
+survivalgearideas.com, 1
+survivalknivar.se, 1
+survivebox.fr, 1
+survivebox.net, 1
+survivingmesothelioma.com, 1
+suryayurveda.com, 1
+sus.zone, 1
+susajja.com, 1
+susanacruzdesign.com, 1
+susanagomez.tk, 1
+susanbpilates.co, 1
+susanbpilates.com, 1
+susanmmeyersauthor.com, 1
+susann-kerk.de, 1
+susanna-komischke.de, 1
+susannaridge.com, 1
+susconam.org, 1
+susdomicilios.co, 1
+suse.com, 1
+suseki.ga, 1
+sushi-sakura.tk, 1
+sushi.roma.it, 1
+sushibesteld.nl, 1
+sushifrick.de, 1
+sushikatze.de, 1
+sushilmedicos.tk, 1
+sushiprints.com, 1
+susiestoddart.tk, 1
+suska.tk, 1
+susoft.tk, 1
+susosudon.com, 1
+suspect.id, 1
+suspensebox.com, 1
+suspiciousdarknet.xyz, 1
+suss.be, 1
+sussexheart.com, 1
+sussexsecurityinstallations.co.uk, 1
+sussexwi.gov, 1
+sustain.software, 1
+sustainability.gov, 1
+sustainabilityknowledgegroup.com, 1
+sustainabilitysociety.hk, 1
+sustainableweb.dk, 1
+sustainalists.com, 1
+sustainalytics.com, 0
+sustained.tk, 1
+sustainoss.org, 1
+sustc.ac.cn, 1
+sustekova.eu, 1
+susthx.com, 1
+susumulus.ml, 1
+suswhw.top, 1
+sut-b.de, 1
+sutabi.tk, 1
+suter.au, 1
+suter.id.au, 1
+suternetwork.ch, 1
+suth.jp, 1
+sutherlinoregon.gov, 1
+sutinenmatthews.tk, 1
+sutmar-anwaltskanzlei.de, 1
+sutore.com, 1
+suttacentral.net, 1
+suttonbank.com, 1
+sutty.nl, 1
+suurhelsinki.cf, 1
+suuria.de, 1
+suutaripaivat.fi, 1
+suv4.net, 1
+suvalor.com, 1
+suvari.com.tr, 1
+suvidhaapay.com, 1
+suvirink.lt, 1
+suvisioninc.com, 1
+suwanneecountyfl.gov, 1
+suwanya.cn, 1
+suwcountyfl.gov, 1
+suwebcreativa.com, 1
+suyati.com, 0
+suzannejauchius.com, 1
+suzansalem.nl, 1
+suzdalgrad.cf, 1
+suziepachecoart.com, 1
+suzikogsm.tk, 1
+suzuki-aps.de, 1
+suzuki.com, 1
+suzukiarindo.co.id, 1
+suzukibali.id, 1
+suzukicintadamai.co.id, 1
+suzukicycles.com, 1
+suzukimarinepress.com, 1
+suzukinjs.co.id, 1
+suzukinozomu.tk, 1
+suzukisumberbaru.co.id, 1
+suzukisurakarta.co.id, 1
+suzukitradajateng.co.id, 1
+suzukitradajatim.co.id, 1
+suzukiumc.co.id, 1
+sv-1966-medenbach.de, 0
+sv-bachum-bergheim.de, 1
+sv-ec-ditzingen.de, 1
+sv-schody.cz, 1
+sv-turm-hohenlimburg.de, 1
+sv-webdesign.com, 1
+sv.search.yahoo.com, 0
+sv1862ruesselsheim.de, 0
+sv1880-lichtenau.de, 0
+sv388.bz, 1
+sv443.net, 1
+svager.cz, 1
+svak-gutachter.de, 0
+svanstrom.com, 1
+svanstrom.org, 1
+svantner.sk, 1
+svarka22.ml, 1
+svarka24.com.ua, 1
+svarka26.gq, 1
+svarmax.com.ua, 1
+svarovani.tk, 1
+svatba.cf, 1
+svatba.ml, 1
+svatbamisiaviti.tk, 1
+svatyjur.tk, 1
+svauto.ks.ua, 1
+svc-sitec.com, 1
+svc-sitec.com.mx, 1
+svc-sitec.org, 1
+svc-studioslive-api-dev.azurewebsites.net, 1
+svc-tools.ru, 1
+svc1.xyz, 1
+svdb.co, 0
+sve-hosting.nl, 1
+svealandsgruppen.tk, 1
+svecbeton.cz, 1
+svedalataxi.com, 1
+svedorszag.tk, 1
+sveikas.info, 1
+svenbacia.me, 1
+svendgram.com, 1
+svendubbeld.nl, 1
+sveneckelmann.de, 1
+svenhammond.com, 1
+svenjaundchristian.de, 1
+svenmuller.com, 1
+svenmuller.nl, 1
+svenpeter.eu, 1
+svenpeter.info, 1
+svenpeter.me, 1
+svenpeter.net, 1
+svenpeter.org, 1
+svenska.events, 1
+svenskakyrkansunga.tk, 1
+svenskapsalmer.se, 1
+svenskarnaochinternet.se, 1
+svenskdam.se, 1
+svenskmediabevakning.se, 1
+svensson-generators.be, 1
+sverdlov.spb.ru, 1
+sverdlovsk.gq, 1
+sverdlovsk.ml, 1
+sverdlovsk.tk, 1
+sverlo.cf, 1
+svet.tk, 1
+svetandroida.cz, 1
+svetbank.cz, 1
+svetila.com, 1
+svetix.ch, 1
+svetlanamamedova.tk, 1
+svetlayarus.tk, 1
+svetlilo.com, 1
+svetlograd.tk, 1
+svetoch.ga, 1
+svetoch.tk, 1
+svetodiod.gq, 1
+svetonaushniki.tk, 1
+svetplast.spb.ru, 0
+svetrelaxu.cz, 1
+svetserialov.to, 1
+svetzitrka.cz, 0
+svfitness.ru, 1
+svg-board.ml, 1
+svg.beauty, 0
+svgdesigns.com, 1
+svge.ms, 1
+svgems.xyz, 1
+svgwg.org, 1
+svgzone.tk, 1
+svh.nl, 1
+svhni.nl, 1
+svia.nl, 1
+sviatzoo.com, 1
+svin.loan, 1
+svirel.ga, 1
+sviz.pro, 1
+svj-stochovska.cz, 1
+svjvn.cz, 1
+svkpk.cz, 1
+svlh.gov, 1
+svm-basketball.de, 1
+svn-yokaiispirit.ddns.net, 1
+svnty2.dedyn.io, 1
+svobodny.fr, 1
+svobodnyblog.cz, 1
+svodjapan.info, 1
+svoi-ugolok.tk, 1
+svoimi-slovami.tk, 1
+svorcikova.cz, 1
+svorkmofotball.tk, 1
+svoya-energy.com.ua, 1
+svpe.de, 1
+svpe.eu, 1
+svportalframe.com, 1
+svrjs.org, 1
+svrtech.com.tr, 1
+svrx.one, 1
+svse.global, 1
+svseglobal.com, 1
+svsewerut.gov, 1
+svswebmarketing.com, 1
+svtemplemn.org, 1
+svtl.ch, 1
+svtr.de, 1
+svtv.org, 1
+svwissel.tk, 1
+sw-machines.io, 1
+sw-s.info, 1
+sw-servers.net, 1
+sw33tp34.com, 1
+swa-il.gov, 1
+swabifoundation.tk, 1
+swacash.com, 1
+swacu.org, 1
+swadeshiherbal.com, 1
+swag.live, 1
+swag.pw, 1
+swagat.tk, 1
+swagger.io, 1
+swagger.london, 1
+swaglookbook.com, 1
+swagmoney.enterprises, 1
+swagsocial.net, 0
+swahili-dictionary.com, 1
+swain.tk, 1
+swallowforum.tk, 1
+swallsoft.co.uk, 1
+swallsoft.com, 1
+swanbitcoin.com, 1
+swanbullion.com, 0
+swansdoor.org, 1
+swanseama.gov, 1
+swantonvt.gov, 1
+swanvinylworks.com, 1
+swap-ict.nl, 1
+swap.gg, 1
+swap.ly, 1
+swapbox.tk, 1
+swapfiets.com, 1
+swapfiets.de, 1
+swapfiets.nl, 1
+swapfin.com, 1
+swappa.com, 1
+swapspace.co, 1
+swarfarm.com, 1
+swargvibha.tk, 1
+swarlys-server.de, 1
+swarovskijewelry.tk, 1
+swat.io, 1
+swat4stats.com, 1
+swataratwpauthority-pa.gov, 1
+swatee.com, 1
+swavlambancard.gov.in, 1
+sway-cdn.com, 1
+sway.com, 1
+swayampaaka.com, 1
+swc-cfc.gc.ca, 1
+swcleanair.gov, 1
+swe77.com, 1
+swe777.com, 1
+sweak.net, 1
+sweat-shirts.tk, 1
+sweatercon.com, 1
+swebdigitalmarketing.com, 1
+swecha.org, 1
+swedbank.com, 1
+swedbank.se, 1
+swederica.tk, 1
+swedish-saints.tk, 1
+swedish.so, 1
+swedishforces.tk, 1
+swedishhost.com, 1
+swedishhost.se, 1
+sweep-me.net, 1
+sweep-staging.com, 1
+sweep.net, 1
+sweet-spatula.com, 1
+sweet64.fr, 1
+sweetair.com, 1
+sweetairlines.tk, 1
+sweetamoris.de, 1
+sweetbabyjesus.com, 1
+sweetbasilscafe.com, 1
+sweetcalculus.ru, 1
+sweetcoraline.eu.org, 1
+sweetcorner.tk, 1
+sweetdata.io, 1
+sweetdeko.com, 1
+sweeteleven.tk, 1
+sweetgood.de, 1
+sweetgracemarket.com, 1
+sweetharvestfoods.com, 1
+sweethearts.tk, 1
+sweetheartvideo.com, 1
+sweethomesnohomishrenovations.com, 1
+sweethorses.tk, 1
+sweetintrigue.tk, 1
+sweetlegs.jp, 1
+sweetlycakes.com, 1
+sweetparis.cf, 1
+sweetpinkpussy.org, 1
+sweetpummelfee.com, 1
+sweets-mimatsu.com, 1
+sweetsandlifestyle.com, 1
+sweetsinner.com, 1
+sweetspot.co.kr, 1
+sweetsugarcakes.com, 1
+sweetsusinrw.org, 1
+sweettreatscookiedough.com, 1
+sweetvanilla.jp, 1
+sweetwatercountywy.gov, 1
+sweetwatertn.gov, 1
+sweetwatertx.gov, 1
+sweetydecor.ru, 1
+sweharris.org, 1
+swelife.se, 1
+swellnote.com, 1
+swentr.site, 1
+swerve-media-testbed-03.co.uk, 1
+swet.com.ua, 1
+swetrust.com, 1
+swey.net, 0
+swfmax.com, 1
+swgoh4.life, 1
+swha.xyz, 1
+swhi.net, 1
+swhw.io, 1
+swi.sytes.net, 1
+swiatpilki.com, 1
+swid.co.uk, 1
+swiezastrona.pl, 1
+swift-devedge.de, 1
+swiftbonds.com, 1
+swiftcashforcars.com.au, 1
+swiftcodetoday.com, 1
+swiftcom.co.za, 1
+swiftcrypto.com, 1
+swifteh.net, 1
+swiftfactory.io, 1
+swiftgram.ml, 1
+swiftink.com, 1
+swiftirc.net, 1
+swiftmod.net, 1
+swiftmodcdn.net, 1
+swiftopal.com, 1
+swiftoutput.com, 1
+swiftpak.co.uk, 1
+swiftqueue.com, 1
+swiftrecharge.com, 1
+swilabible.be, 1
+swilagod.be, 1
+swilatag.be, 1
+swilly.org, 1
+swim-play.ru, 1
+swim-smart.com, 1
+swim.aero, 1
+swimclubinsurance.com, 1
+swimhome.es, 1
+swimlane.com, 1
+swimmingpoolaccidentattorney.net, 1
+swimmingpoolpumpsbassonia.co.za, 1
+swimpool.co.il, 1
+swimpools.co.il, 1
+swimready.net, 1
+swimwear365.co.uk, 1
+swindonbus.co.uk, 1
+swindontennisclub.azurewebsites.net, 1
+swindontennisclub.org, 1
+swineson.me, 1
+swing.berlin, 1
+swingerclub.in, 1
+swingers.com.pt, 1
+swingle.ga, 1
+swingmonkey.com, 0
+swingstel.tk, 1
+swingular.com, 1
+swingwomenswellness.com, 1
+swingz.com.au, 1
+swipedon.com, 1
+swipelux.com, 0
+swipetv.ie, 1
+swireshipping.com, 1
+swish-ict.com, 1
+swishmail.com, 1
+swiss-apartments.com, 0
+swiss-connection.net, 0
+swiss-export-compliance.com, 1
+swiss-vanilla.ch, 1
+swiss-vanilla.com, 1
+swiss-watch.com.ua, 1
+swissaquashop.ch, 1
+swissbearfoodservices.com, 1
+swissbit.com, 1
+swissborg.com, 1
+swisscannabis.club, 1
+swisschat.tk, 1
+swissdomaintrustee.ch, 1
+swissentreprises.ch, 1
+swisservers.com, 1
+swissfreshaircan.ch, 0
+swissfreshaircan.com, 0
+swissgrid.ch, 0
+swissinternationalva.com, 1
+swisslinux.org, 1
+swissneutral.net, 1
+swissnoso.ch, 1
+swissquawk.ch, 1
+swisstechmap.ch, 1
+swisstranslate.ch, 0
+swisstranslate.fr, 0
+swissurf.tk, 1
+swissvanilla.ch, 1
+swissvanilla.com, 1
+swisswebhelp.ch, 1
+swissxperts.ch, 1
+switch-defekt.de, 1
+switch-trader.com, 1
+switch.pt, 0
+switch2osm.org, 1
+switchassur.fr, 1
+switchbacksystems.com, 1
+switchboard.lgbt, 1
+switchbyte.nl, 1
+switcheo.exchange, 0
+switcheo.rocks, 1
+switchinitiatives.com, 1
+switchinitiatives.fr, 1
+switchinitiatives.org, 1
+switchur.com, 1
+swizio.com, 1
+swjen.com.sg, 1
+swjtu.today, 1
+swjz.art, 1
+swkdevserver.tk, 1
+swktestserver.tk, 1
+swmlink.com, 1
+swn-nec.de, 1
+swocaoh.gov, 1
+swoop-qa.cloud, 1
+swoop.cloud, 1
+swopre-appgallop.azurewebsites.net, 1
+swordfeng.xyz, 1
+swordfighting.net, 1
+swordpop.cf, 1
+swordpop.gq, 1
+sworkit.com, 1
+sworn.ga, 1
+swosplinter.nl, 1
+swostik.com, 1
+swot-digital.com, 1
+swparegionalcad.gov, 1
+swpat.org, 1
+swprowood.com, 1
+swqa.hu, 1
+swretail.ga, 1
+swtp-p-appsrv-coordination-backend-businessservices1.azurewebsites.net, 1
+swtp-p-appsrv-donorevaluation-api-businessservices1.azurewebsites.net, 1
+swtp-p-appsrv-protocol-api-businessservices1.azurewebsites.net, 1
+swtrayssq.gq, 1
+swtun.com, 1
+swvatoday.com, 1
+swvaux.com, 1
+swwc.com, 1
+swxtd.com, 1
+swy.cz, 1
+swyn.net, 1
+swynwyr.com, 1
+sx3.no, 1
+sx6729.com, 1
+sx8.ovh, 1
+sxilm.com, 1
+sxistolithos.gr, 1
+sxmd99.com, 1
+sy-anduril.de, 1
+sy24.ru, 1
+syaeful12ips.tk, 1
+syakeapps.net, 1
+syakonavi.com, 1
+syazli7.me, 1
+sybersense.com, 1
+syc-rotterdam.tk, 1
+sycamorememphis.org, 1
+sycca.com, 1
+sychov.pro, 1
+sycorr.com, 1
+syd.catholic.edu.au, 1
+sydcatholicschools.nsw.edu.au, 1
+sydgrabber.tk, 1
+sydney.dating, 1
+sydneyaustralia.tk, 1
+sydneybamboo.com.au, 0
+sydneybusinessweb.com.au, 1
+sydneydesignprint.com.au, 1
+sydneyhelicopters.com.au, 1
+sydneylawnandturf.com.au, 0
+sydneylounge.ga, 1
+sydneyshisha.com.au, 1
+sydneysteinger.com, 1
+sydneyvangelder.com, 0
+sydneyvapeshub.com, 1
+syds.xyz, 1
+syedmuhdadasgardezi.tk, 1
+syenar.net, 1
+sygnalista-24.pl, 1
+sykam.com, 1
+sykepleien.no, 0
+sykiotis.com, 1
+sykorp.com, 1
+sylaps.com, 0
+sylcon.es, 0
+sylencegsm.com, 1
+sylfie.net, 1
+sylino.tk, 1
+syllogi.xyz, 1
+sylphix.cn, 1
+sylvaindurand.fr, 1
+sylvaindurand.org, 1
+sylvaloir.fr, 1
+sylvangarden.net, 1
+sylvantownshipmi.gov, 1
+sylviaharke.de, 1
+sylwiart.pl, 1
+sylwiaspychala.pl, 1
+sym01.com, 1
+symantec.com.ru, 1
+symatrix.co.uk, 1
+symbility.net, 1
+symbiose-com.ch, 0
+symbiose.com, 1
+symbiosecom.ch, 0
+symbiote.com.au, 1
+symbioxr.com, 1
+symbolics.digital, 1
+symbolnodes.org, 1
+symdevinc.com, 1
+symeda.de, 1
+symeonchen.com, 1
+symetrix.tk, 1
+symetryk.tk, 1
+symflower.com, 1
+symfoninews.com, 1
+symfora-meander.nl, 1
+syminsight.tk, 1
+symlink.io, 1
+symlnk.de, 1
+symoteb.ir, 1
+sympletrade.com, 1
+symplexia.com.br, 1
+symplyos.tk, 1
+sympmarc.com, 1
+symposit.com, 1
+symposium.beer, 1
+symptome-erklaert.de, 1
+symvolik.ru, 0
+syna.dev, 1
+syna.site, 1
+synabi.com, 0
+synackrst.net, 1
+synapse.pe, 1
+synapsemedical.com.au, 1
+synapsepain.com, 0
+synaptickz.me, 1
+synccentre.com, 1
+syncevolution.org, 1
+syncgal.com, 1
+synchrocity.no, 1
+synchrocube.com, 1
+synchronic.pl, 1
+synchronicity.cz, 1
+synchronicity.icu, 1
+synchronicity.one, 1
+synchronyse.com, 1
+synclio.com, 1
+syncmylife.net, 0
+syncplay.pl, 1
+syncresis.com, 1
+syncrony.com, 1
+syncsci.com, 1
+syncspace.live, 1
+syndicats.de, 1
+syndigo.com, 1
+syndika.co, 1
+syndikalismus-im-laendle.tk, 1
+syneart.com, 1
+synecek11.cz, 1
+synedat.com, 1
+synergiamedicalcare.es, 1
+synergiedenken.de, 1
+synergisticsoccer.com, 1
+synergy-logistics.tk, 1
+synergyofserra.com, 1
+synergytherm.com, 1
+synergyzone.tk, 1
+synerio.com, 1
+synerionagile.com, 1
+synfrait.com, 1
+synitsa.tk, 1
+synlab.es, 1
+synology-distribution.de, 1
+synology.com, 0
+synonimluksusu.pl, 1
+synony.me, 1
+synonym24.at, 1
+synonymedeutsch.com, 1
+synoptek.com, 1
+synotna.eu, 1
+synrelay.com, 1
+syntaxnightmare.com, 1
+syntaxsociety.se, 1
+syntech.co.za, 1
+synth.no, 1
+synthax.codes, 1
+synthesis.ru, 1
+syntheticgrassliving.com.au, 1
+synthetictrading.com, 1
+synthetis.com, 1
+synthezis.tk, 1
+synthgularity.net, 1
+syntia.tk, 1
+syntric.io, 1
+syobon.org, 1
+syogainenkin119.com, 1
+syoier.com, 1
+syok.my, 1
+syonix.ru, 1
+syotatakahashi.com, 1
+syphax.ml, 1
+syplasticsurgery.com, 1
+sypp.net, 1
+sypra-host.tk, 1
+sypreformas.tk, 1
+syptak.eu, 1
+syquel-systems.de, 1
+syr.gov, 1
+syracuseut.gov, 1
+syrea.com, 1
+syrianair.cf, 1
+syrianair.ga, 1
+syrianair.ml, 1
+syrianet.cf, 1
+syrius.tk, 1
+syronex.com, 1
+sys-admin.fr, 1
+sys-stat.de, 1
+sys-state.de, 1
+sys-tm.com, 1
+sys.as, 1
+sys001-homenet.duckdns.org, 1
+sysadmin.pm, 1
+sysadmin.xyz, 0
+sysadmin21.tk, 1
+sysadmins.ro, 1
+sysadvisors.pl, 1
+sysaid.com, 1
+sysbert.de, 1
+syscap.co.uk, 1
+syscap.com, 1
+syscap.uk, 1
+syscapassetfinance.uk, 1
+syscaponline.co.uk, 1
+syscom.be, 1
+sysconautomation.com, 1
+syscoon.com, 1
+sysctl.se, 1
+syscurve.com, 1
+sysdb.io, 1
+syselg.com, 1
+sysert.tv, 0
+sysgap-gsci.com, 1
+sysin.org, 1
+syska.com, 1
+syslogic.io, 1
+sysmike.de, 1
+sysmike.net, 1
+sysnet.cz, 1
+sysoons.com, 1
+sysopworld.cf, 1
+sysopworld.ga, 1
+sysopworld.gq, 1
+sysopworld.ml, 1
+sysrigar.com, 1
+sysrq.in, 1
+sysrq.tech, 0
+syssolindia.com, 1
+sysstate.de, 1
+systea.fr, 1
+systea.net, 1
+system-admin-girl.com, 1
+system-design.tk, 1
+system-erp.com.pl, 1
+system-fehler.tk, 1
+system-informer.com, 1
+system-m.de, 0
+system.is, 1
+system.md, 1
+system4travel.com, 1
+systemart.pro, 1
+systematic-momo.com, 1
+systematic-momo.dk, 1
+systematik.nu, 1
+systemausfall.org, 1
+systemb.ch, 1
+systemblog.tk, 1
+systemc.com, 0
+systemchange.in, 1
+systemd.eu.org, 1
+systemerka.pl, 1
+systemerr.tk, 1
+systemhaus.saarland, 1
+systeminformer.com, 1
+systemintegra.ru, 0
+systemisbusy.info, 1
+systemlead.pl, 1
+systemli.org, 1
+systemlinkcloud.com, 1
+systemonthego.com, 1
+systems-thinking.eu, 1
+systems.fail, 1
+systemsense.com.au, 1
+systemsinblue.tk, 1
+systemswizard.io, 1
+systemtoto.ml, 1
+systemysportowe.pl, 1
+systemzeit.info, 1
+systime.dk, 1
+systoolbox.net, 1
+syswap.fr, 1
+syswiki.org, 1
+sysystems.cz, 1
+syt3.net, 1
+sytenko.org.ua, 1
+syuez.com, 1
+syunpay.cn, 1
+syuumi.eu, 1
+syuumi.me, 1
+syzygy-tables.info, 1
+syzygycareers.com, 1
+sz-ideenlos.de, 1
+sz-lessgym-kamenz.de, 1
+szabadpingvin.eu, 1
+szachowaprzygoda.pl, 1
+szadeczky.com, 1
+szafkirtv.pl, 1
+szalaiterko.hu, 1
+szamitogepdepo.com, 1
+szamlarobot.hu, 1
+szasz.me, 1
+szaszm.tk, 0
+szclsya.me, 1
+szczury.org, 1
+szeged365.hu, 1
+szegediszobafestok.hu, 1
+szelagnes.com, 1
+szelagnes.hu, 1
+szemuvegtrend.hu, 1
+szentistvanpt.sk, 1
+szepsegbennedrejlik.hu, 1
+szerbnyelvkonyv.hu, 1
+szerelem.love, 1
+szhighsun.com, 1
+szih.org.pl, 1
+szilaghi.com, 1
+szili.uk, 1
+sziluett.xyz, 1
+szimpla.hu, 1
+szinezdmagad.hu, 1
+szklarnia.pro, 1
+szkolajazdykaleta.pl, 1
+szkolenia-dron.pl, 1
+szlovaknyelv.hu, 1
+szlovennyelv.hu, 1
+szmidtinwest.pl, 1
+szotkowski.fun, 1
+szotkowski.info, 1
+szotkowski.online, 1
+szpet.jp, 1
+szpro.ru, 1
+szs-arbeitssicherheit.de, 1
+szs.space, 1
+szsyidc.cf, 1
+sztfh.hu, 1
+sztoriboljeles.hu, 1
+sztreasure.com, 1
+sztuanzi.top, 1
+sztyup.com, 1
+szuecs.net, 1
+szw-hessen.de, 1
+szwrc.co, 1
+szww99.cc, 1
+szybkiebieganie.pl, 1
+szymczak.at, 1
+szyndler.ch, 1
+szyszkowitz.at, 1
+szzsivf.com, 1
+t-1.org, 0
+t-10.nz, 1
+t-cophony.com, 1
+t-dent.com, 1
+t-fischer.net, 1
+t-hawk.com, 1
+t-inn.tk, 1
+t-m.me, 1
+t-moon.hr, 1
+t-network.nl, 1
+t-op1.com, 1
+t-op10.com, 1
+t-op6.com, 1
+t-op7.com, 1
+t-op8.com, 1
+t-op9.com, 1
+t-pc.org, 1
+t-shirt-template.com, 1
+t-shirts4less.nl, 1
+t-shirty.tk, 1
+t-unit.ru, 1
+t-wirth.de, 1
+t.ar, 1
+t.facebook.com, 0
+t.net.co, 1
+t.pe, 1
+t00228.com, 1
+t08.co, 1
+t09.cc, 1
+t09.co, 1
+t0kie.space, 1
+t0ny.name, 1
+t12u.com, 1
+t1cloud.com, 1
+t1f.ru, 1
+t2-sit-test.tk, 0
+t2000headphones.com, 1
+t2000laserpointers.com, 1
+t22.uk, 1
+t2data.com, 1
+t2informatik.de, 1
+t2tea.com, 1
+t33.eu, 1
+t36533.com, 1
+t3concrete.my, 1
+t3hty.fr, 1
+t3rror.net, 1
+t3terminal.com, 1
+t4-wiki.de, 1
+t404.de, 1
+t47.io, 1
+t4c.link, 1
+t4gh.com, 1
+t5118.com, 1
+t51365.com, 1
+t5197.co, 1
+t630.nl, 1
+t6729.co, 1
+t6957.co, 1
+t7035.com, 0
+t776633.com, 1
+t7e.de, 1
+t7tech.net, 1
+t8.software, 1
+t82365.com, 1
+t8803.com, 1
+t8805.com, 1
+t8807.com, 1
+t8809.com, 1
+t8815.com, 1
+t8817.com, 1
+t8819.com, 1
+t8830.com, 1
+t88gg.com, 1
+t88jj.com, 1
+t88mm.com, 1
+t88nn.com, 1
+t88oo.com, 1
+t88ss.com, 1
+t88vip0.com, 1
+t88vip1.com, 1
+t88vip2.com, 1
+t88vip3.com, 1
+t88vip4.com, 1
+t88vip5.com, 1
+t88vip6.com, 1
+t88vip7.com, 1
+t88ww.com, 1
+t88yy.com, 1
+t8software.cn, 1
+t8software.com.hk, 1
+t8software.nl, 1
+t8w.de, 1
+t90official.games, 1
+t9297.co, 1
+t9721.com, 1
+t9728.co, 1
+ta-maison.fr, 1
+ta-nehisicoates.com, 1
+ta-nuth.nl, 0
+ta-server.nl, 1
+ta-soest.nl, 0
+ta65.com, 1
+taabe.net, 1
+taaltaal.nl, 1
+taanishsaifu.gq, 1
+taapk.com, 1
+taarnby.dk, 1
+taartbesteld.nl, 1
+taartenvankoenie.tk, 1
+taartenvanmireille.nl, 1
+taartenvanthea.nl, 1
+taat.edu.ee, 1
+tab.com, 1
+tabacarika.tk, 1
+tabacundo.tk, 1
+tabacundolindo.tk, 1
+tabadotupi.tk, 1
+tabakerka.tk, 1
+tabarnak.ga, 1
+tabby.cz, 1
+tabclassics.tk, 1
+tabe.cn, 1
+tabe.com.cn, 1
+tabegamisama.com, 1
+tabelaci.tk, 1
+tabelekaloryczne.waw.pl, 1
+tabella.fi, 1
+taberna.tk, 1
+tabernaalibaba.tk, 1
+tabi-news.com, 1
+tabi-runrun.com, 1
+tabi-time.com, 1
+tabib.top, 1
+tabira.tk, 1
+tabisuta.com, 1
+tabiteollisuus.tk, 1
+tabitha.org, 1
+tablamatica.tk, 1
+tablascreek.com, 1
+tableandhearth.com, 1
+tableconvert.com, 1
+tabledown.ga, 1
+tabledusud.be, 1
+tabledusud.nl, 1
+tablepaddie.com, 1
+tablepaddies.com, 1
+tableres.com, 1
+tablerocksbestrealtors.com, 1
+tablet.facebook.com, 0
+tablet4me.de, 0
+tabletd.com, 1
+tabletennis-reference.com, 1
+tabletennis-tt.tk, 1
+tablethotels.com, 1
+tabletkinamase.ga, 1
+tabletkinatradzik.ga, 1
+tabletopwealth.reviews, 0
+tablettes-tactiles.tk, 1
+tablosec.com, 1
+tablyrics.com, 1
+tabordaadvogados.ga, 1
+taborsky.cz, 1
+tabpanelwidget.com, 1
+tabrizbiology.tk, 1
+tabserectilecheap.com, 1
+tabtap.shop, 1
+tabular.tools, 1
+tabulartools.com, 1
+taburetka.ua, 1
+tac-performance.net, 1
+tac-sys.net, 1
+tache.cc, 1
+tachikawa-saisyuusyou.com, 1
+tachikoma.social, 1
+tachip.net, 1
+tachoplus.pl, 1
+tachtien.nl, 1
+tachyonapp.com, 1
+taciso.com, 1
+tackleundies.com, 1
+tackn.jp, 1
+tacoma-dui-attorneys.com, 1
+tacomaautomobile.tk, 1
+tacomaclassifieds.net, 1
+tacomaescorts.net, 1
+tacomarugby.com, 1
+tacomarugby.org, 1
+tacotown.tk, 1
+tactful.ai, 1
+tactical.zone, 1
+tacticalavocado.com, 1
+tacticalsquare.com, 0
+tacticalvote.co.uk, 1
+tactile.love, 1
+tactportal.com, 1
+tactus.nl, 1
+tad.ua, 1
+tadaaam.studio, 1
+tadabase.io, 1
+tadalafil-tablets.tk, 1
+tadalafilindia.gq, 1
+taddiestales.com, 1
+tadj-mahalat.com, 0
+tadjiki.tk, 1
+tadjikistan.tk, 1
+tadluedtke.com, 1
+tadtadya.com, 1
+tadu.de, 1
+tadzkitchen.com, 1
+taebek.tk, 1
+taekwondo-berlin.tk, 1
+taekwondo-hochwald.de, 1
+taetomeister.de, 1
+tafcares.org, 1
+tafdi.net, 1
+taffe-elec.com, 1
+tafinance-association.com, 1
+tafnervotacao.com.br, 1
+tafp3.ga, 1
+tafs.com, 1
+taftok.gov, 1
+tafttx.gov, 1
+tafusu-support.com, 1
+tag-insights.com, 1
+tag-verse.com, 1
+tagabrand.co.uk, 1
+tagalliances.com, 1
+tagalog.com, 1
+tagana-anindustrialpark.tk, 1
+tagat.top, 1
+tagaytayhighlands.com, 1
+tagboards.tk, 1
+tagcorp.ca, 1
+tagderinspiration.ch, 1
+tagesmutter-in-bilm.de, 1
+taggedpdf.com, 0
+taggermedia.com, 1
+taggeru.com, 1
+taggigkaktus.tk, 1
+taghit.tk, 1
+tagid.ga, 1
+tagid.tk, 1
+taginet.com, 1
+tagliando.it, 1
+taglioepiega.com, 1
+taglioepiega.eu, 1
+taglioepiega.it, 1
+tagnull.de, 1
+tagram.net, 1
+tagstationen.se, 1
+tagstatravel.com, 1
+tagsweekly.com, 1
+tagtoys.com, 1
+taguette.com, 1
+taguette.fr, 1
+taguette.org, 1
+tagungsraum-usedom.de, 0
+tagungsraum-zinnowitz.de, 0
+tagungsstaette-usedom.de, 0
+tagungsstaette-zinnowitz.de, 0
+tahabrand.com, 1
+tahaonline.tk, 1
+tahitiodoo.com, 1
+tahititourisme.com, 1
+tahititourisme.fr, 1
+tahlequah.gov, 1
+tahlilsonuclari.site, 1
+tahnee.tk, 1
+tahosa.co, 0
+tahribat.tk, 1
+tahrirbazar.com, 1
+tahugocilebut.com, 1
+tahvienovin.ir, 1
+tahynatozzi.tk, 1
+taiaro.tk, 1
+taibachicken.com, 1
+taichi-jade.com, 1
+taidu.news, 1
+taie-oreiller-satin.fr, 1
+taifun-software.de, 1
+taiga-aikidojo.tk, 1
+taigalaloca.net, 1
+taihesy.tk, 1
+taijul.tk, 1
+taikodom.tk, 1
+tail.id.lv, 1
+tail.ml, 1
+tail.wtf, 1
+taildb.com, 1
+tailor.com.br, 1
+tailorbrands.com, 1
+tailored.health, 1
+tailoring.tk, 1
+tailpuff.net, 0
+tails.net, 1
+tailsteak.tk, 1
+tailwindapp.com, 1
+tainiesonline.tk, 1
+taintedart.co.nz, 1
+taipak-krasnoyar.tk, 1
+taipei2025.com, 1
+taipei2038.com, 1
+taishon.nagoya, 1
+taitlinstudio.com, 1
+taittowers.com, 0
+taiwan-kitchen.com, 1
+taiwanbible.com.tw, 1
+taiwanhotspring.net, 1
+taiwania.capital, 1
+taiwania.vc, 1
+taiwaniacapital.com, 1
+taiwaniacapital.com.tw, 1
+taiwaniacapital.tw, 1
+taiwanteama.com.tw, 1
+taiwantechtrek.tk, 1
+taiwantour.info, 0
+taizegroep.nl, 1
+taj-portal.tk, 1
+tajbrighton.tk, 1
+tajilamagazine.com.br, 1
+tajmisreg.com, 1
+tajniy-smisl.cf, 1
+tajniy-smisl.ga, 1
+tajniy-smisl.gq, 1
+tajniy-smisl.ml, 1
+tajniy-smisl.tk, 1
+tajper.pl, 1
+tajr.shop, 1
+tajtowereg.com, 1
+tak-it.nl, 1
+takano-recruit.com, 1
+takano-takuhai.com, 1
+takanogroup.co.jp, 1
+takao-hs.com, 1
+takao.ga, 1
+takarabrig.com, 1
+takase.buzz, 1
+takayaindustries.ml, 1
+take-a-screenshot.org, 1
+take1give1.com, 0
+takeaction.ml, 1
+takeatumble.com.au, 1
+takebackyourstate.com, 1
+takebackyourstate.net, 1
+takebackyourstate.org, 1
+takecarebnb.org, 0
+takechargetexas.gov, 1
+takecommunity.com, 1
+takedownthissite.com, 1
+takehomepay.uk, 1
+takeitback.tk, 1
+takemydodgecoins.com, 1
+taken.cf, 1
+taken.pl, 1
+takenote.co, 1
+takeomi.jp, 1
+takepicturesleavefootprints.com, 1
+takeshi.cz, 1
+takestars.tk, 1
+takethatspainfanclub.tk, 1
+takezo.tk, 1
+takhfifeirani.ir, 1
+taki.sh, 1
+taki.sk, 1
+taki.to, 1
+takinet.kr, 1
+takipavm.com, 1
+takipcikutusu.com, 1
+takiplekazan.ga, 1
+takito.net, 0
+takk.pl, 1
+takkaaaaa.com, 1
+takkguitar.net, 1
+takkyu-navi.jp, 1
+takosuke.net, 1
+taks.nl, 1
+taksaft.tk, 1
+taksimax.ru, 1
+taksometry.pl, 1
+taktak.co.uk, 0
+taktika.tk, 1
+taktraneh.com, 1
+takuhai12.com, 1
+takumi-s.net, 1
+takumikougyou.co.jp, 1
+takusan.ru, 1
+takuse.cf, 1
+takysoft.tk, 1
+talado.gr, 0
+talakacaruli.tk, 1
+talalaok.gov, 1
+talcualdigital.com, 1
+taldia.es, 1
+taleblooplastic.ir, 1
+talendipank.ee, 1
+talengo.com, 1
+talent-safari.com, 1
+talentbazi.com, 1
+talentcast.nl, 1
+talentcast.org, 1
+talenteam.com, 1
+talented.ga, 1
+talentedagents.ga, 1
+talentexcellence.com, 1
+talentguru.ml, 1
+talenthubmpi.com, 1
+talentimpuls.de, 1
+talentis.net, 1
+talentoday.com, 1
+talentplatform.ca, 1
+talentplatform.com, 1
+talentplatform.eu, 1
+talentplatform.us, 1
+talentsplit.com, 1
+talentstimuleren.nl, 1
+talentuar.com, 1
+talentwall.io, 1
+taler.net, 1
+talerakademiet.dk, 1
+talesbazaar.com, 1
+talesoftenko.tk, 1
+talichi.com, 1
+talichi.es, 1
+talideon.com, 0
+talikotang.tk, 1
+talisadesign.fi, 1
+taliskerwhiskyatlanticchallenge.com, 1
+talisman-amulet.ga, 1
+talk.google.com, 1
+talkappin.com.au, 1
+talkbasket.net, 1
+talkbitz.com, 0
+talkeducation.com, 1
+talkgadget.google.com, 1
+talki.tk, 1
+talkinators.tk, 1
+talkingbittersweet.com, 1
+talkingmoose.net, 0
+talkingtodrake.tk, 1
+talkingtoteapots.tk, 1
+talkischeap.co.za, 1
+talkischeap.tk, 1
+talklikeyodaday.tk, 1
+talkmojang.club, 1
+talknetwork.ru, 1
+talkreal.net, 1
+talks.run, 1
+talkscope.cf, 1
+talkscope.ml, 1
+talksileby.tk, 1
+talktech.com, 1
+talktobabes.com, 1
+talktobot.com, 1
+talktwincities.com, 1
+talkwithyourbaby.org, 1
+talkx.de, 1
+tallac.tk, 1
+tallahatchiecountysheriffofficems.gov, 1
+tallcraft.com, 1
+tallcraft.net, 1
+tallercommercial.com, 1
+tallercs.tk, 1
+tallerdelcuadro.online, 1
+talleresluse.com, 1
+tallerfrancia2.es, 1
+tallgrasslegal.com, 1
+tallinn-airport.ee, 0
+tallinnsex.ee, 1
+tallship.cz, 1
+tallulahbernard.com, 1
+tallwoodmedical.com, 1
+tallyfy.com, 1
+tallylights.com, 1
+talment.com.mx, 1
+talmischleather.com, 1
+taloman.fi, 1
+talonro.com, 1
+talos-app.io, 1
+talos-staging.io, 1
+talpanetwork.com, 0
+talpurwadalions.tk, 1
+taltech.ee, 1
+talun.de, 1
+talusan.tk, 1
+talxis.com, 1
+tam-moon.com, 1
+tam-safe.com, 1
+tam7t.com, 0
+tama.ga, 1
+tamagotchicenter.com, 1
+tamalcloud.com, 1
+tamamlayici.com.tr, 1
+tamarac.gov, 1
+tamarasoft.com, 1
+tamareverson.tk, 1
+tamarind.by, 1
+tambayology.com, 1
+tambo.es, 1
+tamboa.com, 1
+tambola.live, 1
+tambosi-odeonsplatz.de, 1
+tambov.cf, 1
+tambov.tk, 1
+tambovcity.tk, 1
+tambre.ee, 1
+tamchunho.com, 1
+tamdaotravelvi.tk, 1
+tamdidpay.tk, 1
+tamedia.ch, 1
+tameru.me, 1
+tamerx.com, 1
+tamgaturk.com, 1
+tami.co.uk, 1
+tamilentertainment.tk, 1
+tamilfunda.com, 1
+tamilglitz.in, 1
+tamilrokers.tk, 1
+tamilsms.blog, 1
+tamiltax.tk, 1
+tamim.io, 1
+tamimmalik.ml, 1
+tamindir.com, 1
+tamistuff.com, 1
+tammie.ga, 1
+tammiku.edu.ee, 1
+tammvee.ee, 1
+tammy.pro, 1
+tamoxifen-citrate.gq, 1
+tamoxifen-citrate.ml, 1
+tamoxifenformen.ga, 1
+tampa.gov, 1
+tampabaybusinesslistings.com, 1
+tampabayhistorycenter.org, 1
+tampabayhometours.info, 1
+tampacific.net, 1
+tampacific.vn, 1
+tampaexplorer.ml, 1
+tampereenliberaalit.tk, 1
+tamracapital.sa, 1
+tamriel-rebuilt.org, 1
+tamrielcraft.tk, 1
+tamronhallshow.com, 1
+tamsulosin.gq, 1
+tamuraei.co.jp, 1
+tamylove.net, 1
+tan90.tw, 1
+tanabekensetsu.co.jp, 1
+tanacio.com, 1
+tanatos.ga, 1
+tanchynski.com, 1
+tancuongtea.tk, 1
+tand-teknik.dk, 1
+tandarts-ict.nl, 1
+tandartsen-ict.nl, 1
+tandartspraktijkreddingius.nl, 1
+tandartszilverschoon.nl, 1
+tandblekningidag.com, 1
+tandcr.com, 1
+tandem-trade.ru, 0
+tandemexhibits.com, 1
+tandempartnerships.com, 0
+tandemtransport.ca, 1
+tandhoutdoors.com, 1
+tandzorg.link, 1
+taneytownmd.gov, 1
+tangai.tk, 1
+tangas.tk, 1
+tangel.me, 1
+tangentnet.tech, 1
+tangentnetworks.tech, 1
+tangerangkota.go.id, 1
+tangiblesnft.com, 1
+tangier.tk, 1
+tangipahoa.gov, 1
+tangle-teezer.net, 1
+tangledmeditations.com, 1
+tanglepatterns.com, 1
+tango-cats.de, 1
+tango-networks.com, 0
+tango-querida.tk, 1
+tango.berlin, 1
+tango.info, 1
+tangoalpha.co.uk, 1
+tangoanalytics.com, 1
+tangofoxi.com, 1
+tangosix.rs, 1
+tangs.com, 1
+tangub.today, 1
+tangyue.date, 1
+tangzhao.net, 1
+tanhaa.tk, 1
+tanhongit.com, 1
+taniawizualizacja.pl, 1
+tanie-obraczki-szczecin.tk, 1
+tanie-uprawnienia-sep.pl, 1
+taniku-succulent.com, 1
+tanjaradovic.tk, 1
+tanjasavicmusic.tk, 1
+tankdoggear.tk, 1
+tanknology.ca, 1
+tankos.tk, 1
+tankpassen-vergelijken.nl, 1
+tanks.je, 1
+tankski.co.uk, 1
+tanned.tk, 1
+tannenhof-moelln.de, 1
+tanner.sh, 1
+tanneradvisorysolutions.com.au, 1
+tannercorporation.com, 1
+tannerdewitt.com, 1
+tannerryan.ca, 1
+tannerwilliamson.com, 1
+tannerwj.com, 1
+tannextcloud.cf, 1
+tanningroom.co.uk, 1
+tannlegenityrkia.no, 1
+tanomimaster.com, 1
+tanovar.com, 1
+tanphu.tk, 1
+tanpopo.io, 1
+tantalos.nl, 1
+tantejulia.tk, 1
+tantetilli.de, 0
+tanto259.name, 1
+tantrabali.tk, 1
+tantravoorlichting.nl, 1
+tantrum-rocks.tk, 1
+tantso.com, 1
+tanuki.army, 1
+tanushka.tk, 1
+tanveersingh.tk, 1
+tanweerkhan.tk, 1
+tanya-avdeeva.cf, 1
+tanyanama.com, 1
+tanz-kreativ.de, 0
+tanz.info, 1
+tanzania-chameleon.ga, 1
+tanzanianfilms.tk, 1
+tanzaniauk.org.uk, 1
+tanzhijun.com, 1
+tanzpartner.tk, 1
+tao-energie.tk, 1
+taoaworld.com, 1
+taoburee.com, 0
+taodung.com, 1
+taoismus.eu, 1
+taolu.tv, 1
+taolu168.com, 1
+taolubdsm10.com, 1
+taoofbeauty.tk, 1
+taoscountynm.gov, 1
+taoshu.in, 1
+taosnm.gov, 1
+taotic.eu, 1
+taowa.ca, 1
+taoyingchang.tk, 1
+tap.az, 1
+tap.bio, 1
+tapbutdao.com, 1
+tapchiphaidep.info, 1
+tapcloud.com, 1
+tapestries.tk, 1
+tapestryjournal.com, 1
+tapesvip.xyz, 1
+tapetenresonanz.de, 1
+taplemon.at, 1
+taplemon.com, 1
+tapmat.com, 1
+tapparellemessina.it, 1
+tappezzeria.roma.it, 1
+tappezziere.milano.it, 0
+tappezziere.roma.it, 1
+tappyshop.com.br, 1
+tapquad.com, 1
+taprix.org, 1
+tapsnapp.co, 1
+taqamorocco.ma, 1
+taquilla.com, 1
+taqun.club, 1
+tara.ru, 1
+tarabici.tk, 1
+taraiid.com, 1
+tarakan-klopik.tk, 1
+taraksarkar.tk, 1
+taranagar.tk, 1
+tarantino.tk, 1
+tarantul.org.ua, 1
+tarantula-spider.com, 1
+taraori.tk, 1
+tarapacadigitaltv.tk, 1
+tarasecurity.co.uk, 1
+tarasecurity.com, 1
+tarasevich.by, 1
+taravancil.com, 0
+tarbsong.ml, 1
+tarcode.ru, 1
+tardics.com, 1
+tardics.eu, 1
+tardics.net, 1
+tardis.cloud, 1
+tardis.io, 1
+tardishomelab.com, 1
+tarek.wtf, 1
+tarekfadel.com, 1
+tarfand-pc.tk, 1
+tarfandgram.com, 0
+tarfin.com, 1
+targaryen.house, 1
+target.com, 1
+targetbuilding.com, 1
+targetlonglife.tk, 1
+targetmarc.com, 1
+targetsportsworld.com, 1
+targettrend.com, 1
+targeturl.ru, 1
+targetx.pl, 1
+targimieszkaniowe.net, 1
+targoncavasarlas.hu, 1
+tarhunfirin.com, 1
+tarif-pellets.fr, 1
+tarife.at, 1
+tariff.cc, 1
+tarihpedia.com, 1
+tarihvakti.com, 1
+tarija.tk, 1
+tarik.io, 1
+tarikigaru.ga, 1
+tarimaferial.com, 1
+tarimkredi.net, 1
+tarjaturunen.tk, 1
+tarjetasgraficas.tk, 1
+tarjetaspark.es, 1
+tarjetaspersonales.tk, 1
+tarjetondigital.com, 1
+tarkari.tk, 1
+tarkasparrows.org.za, 1
+tarketmedia.com, 1
+tarkett-group.com, 1
+tarkov.tk, 1
+tarocchi.blog, 1
+taron.top, 1
+tarot-online-app.com, 1
+tarot-online-app.de, 1
+tarot-online.cn, 1
+tarot-online.com.pl, 1
+tarot-online.fr, 1
+tarot-online.it, 1
+tarot.vn, 1
+tarotgratis.vip, 1
+tarotreadingexplained.com, 1
+tarper24.net, 1
+tarpsnow.com, 1
+tarrantandharman.com, 1
+tarrasque.io, 1
+tarrytownny.gov, 1
+tarsan.cz, 1
+tarsusdistribution.co.za, 0
+tarsusrx.com, 1
+tartablu.it, 1
+tartaneagle.org.uk, 1
+tartanhamedshop.com.br, 1
+tartu.ee, 0
+tartufomajella.it, 1
+taruntarun.net, 1
+tarus.gq, 1
+tarvit.me, 1
+tarvoo.com, 1
+tarzanka.ml, 1
+tas.best, 1
+tas2580.net, 0
+tasarimgazetesi.com, 1
+tasarimrehberi.com, 1
+tasawehala.com, 1
+tascas.ga, 1
+tasconnect.com, 1
+tascout.com, 1
+tascuro.com, 1
+tasefiling.gov, 1
+tashicell.com, 1
+tasintrip.com, 1
+taskforce.eu, 1
+taskhorizon.audio, 1
+taskin.me, 1
+taskman.london, 1
+taskotron.fedoraproject.org, 1
+taskotron.stg.fedoraproject.org, 1
+taskrunnr.com, 1
+tasks.org, 1
+tasktrek.com, 1
+taskulu.com, 1
+taskulu.ir, 1
+taskus.com, 1
+taskwise.cf, 0
+tasogarenoinori.net, 1
+tasonoken.tk, 1
+tasports.com.au, 1
+tasports2043.com.au, 1
+tastenewwines.com, 1
+tasteville.com.au, 1
+tastycake.net, 0
+tastycool.io, 1
+tastyplacement.com, 1
+tastystakes.com, 1
+tastyworksreview.co, 1
+tasvideos.org, 1
+tatamypa.gov, 1
+tatar-bashqort.tk, 1
+tatara.ne.jp, 1
+tatard.fr, 1
+tataria.tk, 1
+tatarin.ga, 1
+tatarin.gq, 1
+tataristan.tk, 1
+tatarland.tk, 1
+tataru.it, 1
+tatarworld.tk, 1
+tatary.cf, 1
+tatary.tk, 1
+tate.com, 1
+tatecountyms.gov, 1
+tateesq.com, 0
+tateishi-ip.com, 1
+tatemode.com, 1
+taters.org, 1
+tatewake.com, 1
+tatfan.com, 1
+tathanhson.com, 1
+tatiana-kpb.tk, 1
+tatilsepeti.com, 1
+tatjana-young.net, 1
+tatler.com, 1
+tato.noip.me, 0
+tatoo-shop.ca, 1
+tatooine.club, 1
+tatort-fanpage.de, 1
+tatsidou.gr, 1
+tatsumi-air.com, 1
+tatsuya.tk, 1
+tatteredatlastales.com, 1
+tattoo-art.tk, 1
+tattoo.roma.it, 1
+tattoocorina.tk, 1
+tattooidee.nl, 1
+tattoomotive.net, 1
+tattoopiercing-wien.at, 1
+tatu-love.tk, 1
+tatuaggi.roma.it, 1
+tatuaggio.co, 1
+tatuering.net, 1
+tatuhagu.gov, 1
+taturukav.tk, 1
+taubenartikel.de, 1
+taubin.cc, 1
+tauedu.org, 1
+taufers.info, 1
+tauntongolf.co.uk, 1
+tauntonpdma.gov, 1
+taunusstein.net, 1
+taura.vn, 1
+tauran.net, 1
+tauriscia.tk, 1
+taurusgaming.com, 1
+tava.tk, 1
+tavanahost.com, 0
+tavaresfl.gov, 1
+tavda.info, 1
+tavelbutiken.com, 1
+taverne.tk, 1
+taverns.tk, 1
+tavex.bg, 1
+tavex.dk, 1
+tavex.eu, 1
+tavex.fi, 1
+tavex.hu, 1
+tavex.lt, 1
+tavex.lv, 1
+tavex.no, 1
+tavex.pl, 1
+tavex.ro, 1
+tavex.rs, 1
+tavex.se, 1
+tavexbullion.co.uk, 1
+tavid.ee, 1
+tavola-cescato.club, 1
+tavolaquadrada.com.br, 1
+tavolartegusto.it, 1
+tavoseimai.lt, 1
+tavsiyeforumu.com, 1
+tavsys.net, 1
+tavukdiyari.net, 1
+tawzea.com, 1
+tax-brain.net, 1
+tax-guard.com, 1
+taxandor.com, 1
+taxassist.co.uk, 1
+taxationweb.co.uk, 1
+taxboard.gov.au, 1
+taxborn.com, 0
+taxdispute.win, 1
+taxesreclaimed.com, 1
+taxfunder.co.uk, 1
+taxfunder.uk, 1
+taxglobalizers.com, 1
+taxhawk.com, 1
+taxi-5plus.ru, 1
+taxi-chamonix.fr, 0
+taxi-christian.de, 1
+taxi-collectif.ch, 0
+taxi-domzale.tk, 1
+taxi-doudoune.fr, 1
+taxi-edessas.gr, 1
+taxi-legroux.com, 1
+taxi-meridian.ru, 1
+taxi-puck.pl, 1
+taxi-tienen.com, 1
+taxi-zakaz.ml, 1
+taxi24.ml, 1
+taxi7.be, 1
+taxibiz.ga, 1
+taxicollectif.ch, 0
+taxid-k.be, 1
+taxikraken.tk, 1
+taxiloerrach.de, 1
+taximinvody.ml, 1
+taximovies.gq, 1
+taxinhanhphanthiet24h.vn, 1
+taxipool.co.il, 1
+taxirostova.ru, 1
+taxis-collectifs.ch, 0
+taxisafmatosinhos.pt, 1
+taxiscollectifs.ch, 0
+taxiseek.ga, 1
+taxiunion.info, 1
+taxlab.co.nz, 0
+taxly.kr, 1
+taxmadras.com, 1
+taxo.fi, 1
+taxpackagesupport.com, 1
+taxprocpa.com, 1
+taxstorestalbans.com.au, 1
+taxteam.co.il, 1
+taxuni.com, 1
+tayar2u.my, 1
+taybee.net, 1
+tayebbayri.com, 1
+tayho24h.com, 1
+taylorandfrancis.com, 1
+tayloraz.gov, 1
+taylorburton-porn.com, 1
+taylorcountyhdwv.gov, 1
+taylorcountyky.gov, 1
+taylorcountywv.gov, 1
+taylored.ga, 1
+taylorelectionsfl.gov, 1
+taylorfarms.com, 1
+taylorfrancis.com, 1
+taylorfry.au, 1
+taylorfry.co.nz, 1
+taylorfry.com, 1
+taylorfry.com.au, 1
+taylorfry.nz, 1
+taylors-castles.co.uk, 1
+taylorshillsamoan.org, 1
+taylorstauss.com, 1
+tazamobile.ga, 1
+tazarelax.es, 1
+tazefiltre.com, 1
+tazefirsat.com, 1
+tazemama.biz, 1
+tazenda.tk, 1
+tazendaforever.tk, 1
+tazewell-il.gov, 1
+tazewellcountyjury.gov, 1
+tazita.tk, 1
+tazz.ro, 1
+tb-bolshevik.tk, 1
+tb-devel.de, 1
+tb-itf.de, 1
+tb.org.tw, 1
+tbahn.de, 1
+tbatr.tk, 1
+tbbank.gov.tm, 0
+tbcinteriorismo.com, 1
+tbcloud.site, 0
+tbebkom.com, 1
+tbejos.com, 1
+tbfocus.com, 1
+tbi.equipment, 1
+tbi.systems, 1
+tbid.gov, 1
+tbird-q.com, 1
+tbitc.ch, 1
+tbksp.org, 1
+tbkwatch.co.za, 1
+tbkwatch.com, 1
+tbkwatch.org.za, 1
+tbld.gov, 1
+tblflip.de, 1
+tblnk.de, 1
+tbonejs.org, 1
+tbox.net, 1
+tbpchan.cz, 1
+tbq-s.com, 1
+tbq-s1.com, 1
+tbrindus.ca, 1
+tbs-certificates.co.uk, 1
+tbscan.com, 1
+tbsmportal.com, 1
+tbspace.de, 1
+tbsunday.tk, 1
+tbtech.cz, 1
+tbuchloh.de, 1
+tbun.de, 1
+tbunews.com, 1
+tbunews.info, 1
+tbwa.com, 1
+tbwa.com.au, 0
+tbyi.gov, 1
+tbys.us, 1
+tbz-pariv.de, 1
+tc-solutions.be, 1
+tc-tsc.com, 1
+tc.nz, 1
+tc2.hu, 1
+tcacademy.co.uk, 1
+tcade.co, 1
+tcapws-dev.azurewebsites.net, 1
+tcapws-prod.azurewebsites.net, 1
+tcb-a.org, 1
+tcbdarts.nl, 1
+tccc.org.tw, 1
+tcckonsult.com, 1
+tccmb.com, 1
+tccportal.com, 1
+tcddtrensaatleri.com, 1
+tcdn.tech, 1
+tcdww.cn, 1
+tcepc.com, 1
+tcf.org, 1
+tcgcardcare.com, 1
+tcglobal.com, 1
+tcgpraktijk.nl, 1
+tcgrepublic.com, 1
+tch-forum.com, 1
+tchak.be, 1
+tchaka.top, 1
+tchalian-boulonnerie.store, 1
+tchannels.tv, 1
+tcharning.ml, 1
+tchatland.fr, 1
+tche.digital, 1
+tchealers.com, 1
+tcheb.ru, 1
+tchebb.me, 1
+tchncs.de, 1
+tchnics.de, 1
+tcholet.com, 1
+tchoukball.ch, 0
+tchouktchouk-baroum.fr, 1
+tchverheul.nl, 1
+tci-style.pl, 1
+tci-thaijo.org, 1
+tci-thailand.org, 1
+tciit.pl, 1
+tcit.fr, 0
+tcj.ir, 1
+tcl.sh, 1
+tcmk-tomsk.ru, 1
+tcmskarate.fr, 1
+tcnapplications.com, 1
+tcnewhk.com, 1
+tco.zapto.org, 1
+tcoa.tk, 1
+tcpdf.org, 1
+tcpride.org, 1
+tcptun.com, 1
+tcr-ees.com, 1
+tcrecord.org, 1
+tcsemotion.com, 1
+tcspartner.eu, 1
+tcspartner.net, 1
+tcuprs.com, 1
+tcvanbuuren.tk, 1
+tcvonline.vic.gov.au, 1
+tcvw.org, 1
+tcwis.com, 1
+tcwsites.com.br, 1
+tcybert.com, 1
+tcyoung.co.uk, 1
+td-bambini.com, 1
+td-magellan.ru, 1
+td-olymp.ru, 1
+td-zolotoy.ru, 1
+tda-werbetechnik.de, 1
+tda.de, 1
+tdchrom.com, 0
+tddos.pw, 1
+tdeaqua.com, 1
+tdeecalculator.org, 1
+tdelmas.ovh, 1
+tdev.team, 1
+tdk.eu, 1
+tdlesovik.ru, 1
+tdln.tk, 1
+tdn.com, 1
+tdolar.com, 1
+tdr.today, 1
+tdrcartuchos.com.br, 1
+tdro.cf, 1
+tdrs.info, 1
+tds-forum.tk, 1
+tdsb.cf, 1
+tdsb.ml, 1
+tdsbhack.tk, 1
+tdse.de, 1
+tdsf.io, 1
+tdstoragebay.com, 1
+tdtf.eu, 1
+tdtf.hk, 1
+tdtf.nl, 1
+tdvg.nl, 1
+tdxexpedited.com, 1
+tdyx-china.com.cn, 0
+te-ajut.ro, 1
+te-an.tw, 1
+tea-alpha.gr, 1
+tea-eurobank.gr, 1
+tea.codes, 1
+tea.in.th, 1
+teablr.com, 1
+teach.com, 1
+teach.gq, 1
+teachbase.ru, 1
+teachbiz.net, 1
+teacher.org, 1
+teachercall.kr, 1
+teachermommylife.com, 1
+teachernewsbd.com, 1
+teacherph.com, 1
+teacherph.net, 0
+teacherpics.com, 1
+teacherquinten.com, 1
+teacherquotes.gq, 1
+teachersasap.info, 1
+teachertoolsgpt.com, 1
+teaching-certification.com, 1
+teachinginhighered.com, 1
+teachingtoday.education, 1
+teachjam.org, 1
+teachking.tk, 1
+teachnowprogram.com, 1
+teachonmars.com, 1
+teachpeople.org, 1
+teachwithouttears.com, 1
+teacuppersiancats.com, 1
+teacupyorkiespets.com, 1
+teaeggss.com, 1
+teaguepdtx.gov, 1
+teahawaii.ga, 1
+teahouse.gq, 1
+teahut.net, 1
+teaine.com, 1
+teainside.ga, 1
+teaks.nl, 1
+tealegrar.com.br, 1
+tealium.com, 1
+team-17.tk, 1
+team-a.tk, 1
+team-aaa.tk, 1
+team-apollo.tk, 1
+team-atomic.tk, 1
+team-azerty.com, 1
+team-bbd.com, 1
+team-building.madrid, 1
+team-building.tirol, 1
+team-cut.tk, 1
+team-darkness.tk, 1
+team-eklund-motorsport.tk, 1
+team-io.net, 1
+team-royal.tk, 1
+team-russia.tk, 1
+team-swami.com, 1
+team-toranomon.com, 1
+team-work.online, 1
+team.house, 0
+team005helpdesk.ddns.net, 1
+team3.au, 1
+team3482.com, 1
+team7-home.com, 1
+team957.co.uk, 1
+teamarasensas.tk, 1
+teamasea.com, 1
+teamassists.com, 0
+teamawesome.ga, 1
+teamb.nl, 1
+teambalinge.tk, 1
+teambanzai.tk, 1
+teambeam.ru, 0
+teambee.tk, 1
+teambim.eu, 1
+teamcg.ru, 1
+teamclean.bg, 1
+teamcoco.com, 1
+teamcode.tk, 1
+teamcodeorange.tk, 1
+teamcollins.org.nz, 1
+teamconf.ru, 1
+teamdarko.tk, 1
+teamdaylo.xyz, 1
+teamdev.id, 1
+teamdevelopers.ga, 1
+teamdriven.tk, 1
+teamdumondelibre.fr, 1
+teamengland.tk, 1
+teamfriet.nl, 1
+teamhd.org, 1
+teamhealth.com, 1
+teamhinkleyc.com, 0
+teamhybrid.com, 1
+teamhybridforums.com, 1
+teamjiradia.tk, 1
+teamkankun.tk, 1
+teamkgsr.com, 1
+teamkilled.tk, 1
+teamkiller.tk, 1
+teamkoncert.pl, 1
+teamleader-apps-by-invantive.com, 1
+teamlightning.tk, 1
+teamliquid.com, 1
+teamliquid.eu, 1
+teamliquidstarleague.com, 1
+teammateworld.com, 1
+teammojo.org, 1
+teamninjaapp.com, 1
+teamnissannorthparts.com, 1
+teamnutrition.fr, 1
+teamos.tk, 1
+teampaddymurphy.ch, 1
+teampaddymurphy.ie, 1
+teampages.com, 1
+teampassword.com, 1
+teampatat.nl, 1
+teamphotonetwork.com, 1
+teampoison.tk, 1
+teampz.com, 1
+teamr3set.com, 1
+teamrecess.com, 1
+teamredfox.tk, 1
+teamrevolution.tk, 1
+teamroom.jp, 1
+teams.microsoft.us, 1
+teamsakura.net, 1
+teamsass.ca, 1
+teamsecure.al, 1
+teamsecure.at, 1
+teamsecure.be, 1
+teamsecure.bg, 1
+teamsecure.ch, 1
+teamsecure.co.il, 1
+teamsecure.co.uk, 1
+teamsecure.com.ua, 1
+teamsecure.cz, 1
+teamsecure.de, 1
+teamsecure.dk, 1
+teamsecure.ee, 1
+teamsecure.es, 1
+teamsecure.fi, 1
+teamsecure.fr, 1
+teamsecure.gr, 1
+teamsecure.hu, 1
+teamsecure.io, 1
+teamsecure.is, 1
+teamsecure.it, 1
+teamsecure.li, 1
+teamsecure.lt, 1
+teamsecure.lu, 1
+teamsecure.lv, 1
+teamsecure.md, 1
+teamsecure.me, 1
+teamsecure.mk, 1
+teamsecure.pl, 1
+teamsecure.pt, 1
+teamsecure.ro, 1
+teamsecure.rs, 1
+teamsecure.ru, 1
+teamsecure.se, 1
+teamsecure.si, 1
+teamsecure.sk, 1
+teamsherry.realtor, 1
+teamshirts.at, 1
+teamshirts.be, 1
+teamshirts.ch, 1
+teamshirts.co.uk, 1
+teamshirts.com, 1
+teamshirts.de, 1
+teamshirts.dk, 1
+teamshirts.fi, 1
+teamshirts.fr, 1
+teamshirts.net, 1
+teamshirts.nl, 1
+teamshirts.no, 1
+teamshirts.se, 1
+teamsignia.com, 1
+teamsomeday.tk, 1
+teamsudan.cf, 1
+teamtheory.io, 1
+teamtirith.com, 1
+teamtomorrow.tk, 1
+teamtotal.com, 1
+teamtrack.uk, 1
+teamup.com, 1
+teamup.rocks, 0
+teamupturn.com, 1
+teamupturn.org, 1
+teamusacreditrepair.com, 1
+teamusec.de, 1
+teamwass.com, 1
+teamwass.eu, 1
+teamwolf.tk, 1
+teamwork-bad-wurzach.de, 1
+teamworld.blog, 1
+teamwpsekure.com, 1
+teamx-gaming.de, 0
+teaparty.id, 1
+teapiraeus.gr, 1
+teara.govt.nz, 1
+teararia.com, 1
+teardrop.tk, 1
+tearihome.com, 1
+tearoomlints.be, 1
+tease.email, 1
+teasenetwork.com, 1
+teaser-trailer.com, 1
+teasers.ga, 1
+teaterbristol.se, 1
+teatrarium.com, 1
+teatrebarcelona.com, 1
+teatroutopia.tk, 1
+teatruastra.org.mt, 1
+teazer.tk, 1
+teb-akademia.pl, 1
+teb-x-1.com, 1
+tebebo.com, 1
+teber.av.tr, 1
+tebian.tk, 1
+tebianco.net, 1
+tebieer.com, 1
+tebodental.com, 1
+tebodentalgroup.com, 1
+tebodentistryatlanta.com, 1
+tebodentistryforkids.com, 1
+teboexperience.com, 1
+tebokidsstore.com, 1
+teboorthodontics.com, 1
+tebothetooth.com, 1
+tebsonati.tk, 1
+tebx-1.com, 1
+tebx1.com, 1
+tec24.ga, 1
+tecart-cloud.de, 1
+tecart-system.de, 0
+tecart.de, 1
+tecartcrm.de, 1
+tecatebeerusa.com, 1
+tecdoor.pt, 1
+tece.com, 1
+tece.de, 1
+tecfix.com, 1
+tecfleet.com, 1
+tech-clips.com, 0
+tech-dempaz.com, 1
+tech-essential.com, 1
+tech-guru.ml, 1
+tech-idea.com, 0
+tech-ideas.tk, 1
+tech-leaders.jp, 1
+tech-my.biz, 1
+tech-ninja.de, 0
+tech-post.net, 1
+tech-professor.ir, 1
+tech-rat.com, 1
+tech-seminar.jp, 1
+tech-story.net, 1
+tech-urdu.tk, 1
+tech-value.eu, 1
+tech-zealots.com, 1
+tech-zoom.com, 1
+tech3599.com, 1
+tech3araby.com, 1
+tech4founders.co, 1
+tech4greece.gr, 1
+tech506.com, 1
+techalert.net, 1
+techangel.tk, 1
+techanit.de, 1
+techarab.ga, 1
+techarchive.cf, 1
+techarchive.ml, 1
+techarchive.tk, 1
+techarea.fr, 1
+techarkansas.tk, 1
+techask.it, 1
+techassist.io, 0
+techatt.com, 1
+techava.ru, 1
+techbelife.com, 1
+techbizidea.com, 1
+techbmc.com, 1
+techbrawl.org, 1
+techbuz.net, 1
+techbuzzonly.com, 1
+techcavern.ml, 1
+techcentral.ml, 1
+techcenturion.com, 1
+techchip.com, 1
+techclan.ga, 1
+techcluster.tk, 1
+techcm.com, 1
+techcody.com, 1
+techcolorado.tk, 1
+techcompany.tk, 1
+techcracky.com, 1
+techcu.lt, 1
+techcult.com, 1
+techcultivation.de, 0
+techcultivation.net, 0
+techcultivation.org, 1
+techdatapark.com, 1
+techday.asia, 1
+techday.co.nz, 1
+techday.com, 1
+techday.com.au, 1
+techday.network, 1
+techdhanush.com, 1
+techdirt.com, 1
+techdoms.tk, 1
+teched-creations.com, 1
+techexpert.tips, 1
+techexplorist.com, 1
+techfibian.tk, 1
+techfinancials.co.za, 1
+techfishnews.com, 1
+techformator.pl, 1
+techforthepeople.org, 1
+techforum.cz, 1
+techframework.com, 1
+techfreepro.ml, 1
+techfuturae.com, 1
+techgama.org, 1
+techgara.com, 0
+techgearlab.com, 1
+techgo.re, 1
+techgrance.com, 1
+techguidereview.com, 1
+techguides.tk, 1
+techhackhome.tk, 1
+techhappy.ca, 1
+techhh.ca, 1
+techhubs.gov, 1
+techie-show.com, 1
+techiecomputers.com, 1
+techiehall.com, 1
+techieidiots.ml, 1
+techieshideaway.com, 1
+techiesmart.tk, 1
+techiestalk.in, 1
+techikoma.social, 1
+techindiana.tk, 1
+techindo.cf, 1
+techinet.pl, 1
+techinsurance.com, 1
+techiseasy.it, 1
+techisfake.ga, 1
+techitalk.ga, 1
+techitsol.tk, 1
+techiwant.com, 1
+techjobplaybook.nyc, 1
+techjobs.be, 1
+techjury.net, 1
+techkalture.com, 1
+techkeep.tk, 1
+techkentucky.tk, 1
+techkilla.tk, 1
+techland.net, 1
+techlandgg.com, 1
+techlearningcollective.com, 1
+techlit.pk, 1
+techlore.tech, 1
+techlovers.com, 1
+techlr.de, 1
+techmagazine.tk, 1
+techmagick.com, 1
+techmahindrafoundation.org, 1
+techmaish.com, 1
+techmammal.de, 1
+techmanstan.com, 1
+techmatter.tk, 1
+techmatters.org, 1
+techmayhem.net, 1
+techmen.net, 1
+techmeout.io, 1
+techmerch.ru, 0
+techmusea.com, 1
+technamin.com, 1
+technavio.com, 1
+technewsetc.tk, 1
+technewyork.tk, 1
+technic-piscines.fr, 1
+technic3000.com, 1
+technicabv.nl, 1
+technicalbikram.tk, 1
+technicalbikrammalati.tk, 1
+technicalbrothers.cf, 1
+technicalforensic.com, 1
+technicalhelps.org, 1
+technicalhub.tk, 1
+technicalities.ca, 1
+technicallyeasy.net, 1
+technicalmarine.solutions, 1
+technicalproblem.tk, 1
+technicalsouvick.in, 1
+technicaltrainer.co.za, 1
+technicalustad.com, 1
+technick.net, 1
+technicodelabels.com, 1
+technicus.nl, 1
+technikoma.com, 1
+technikoma.eu, 1
+technikoma.net, 1
+technikoma.org, 1
+technikoma.social, 1
+technikplanet.de, 1
+techniqueelevage.ddns.net, 1
+technisys.com, 1
+techno-utopia.com, 1
+techno360.in, 1
+technochat.in, 1
+technocracy.works, 1
+technodance.tk, 1
+technodemarkt.bg, 1
+technodevelopmentera.tk, 1
+technogies.cf, 1
+technogps.com, 1
+technogrand.gq, 1
+technoholod.tk, 1
+technohonks.tk, 1
+technohram.tk, 1
+technoidhost.com, 1
+technoids.tk, 1
+technoledge.jp, 1
+technolink.cf, 1
+technolink.ga, 1
+technologie-innovation.fr, 1
+technology.cx, 1
+technologyabundant.ga, 1
+technologyandroid.tk, 1
+technologyapp.tk, 1
+technologycaptive.ga, 1
+technologycellar.ga, 1
+technologyclassy.ga, 1
+technologycollections.ga, 1
+technologycollector.ga, 1
+technologycompanion.ga, 1
+technologycupid.ga, 1
+technologydesigning.ga, 1
+technologydigital.tk, 1
+technologyecho.ga, 1
+technologyecho.tk, 1
+technologyinformation.tk, 1
+technologyintergrity.ga, 1
+technologyjust.ga, 1
+technologylittle.ga, 1
+technologymessenger.ga, 1
+technologynewss.tk, 1
+technologyscience.tk, 1
+technologysi.com, 1
+technologysnapshot.ga, 1
+technologysoftware.tk, 1
+technologysouthbeach.ga, 1
+technologysprint.ga, 1
+technologysugar.ga, 1
+technologyvisual.ga, 1
+technologywaterfront.ga, 1
+technologywt.com, 1
+technolution.tk, 1
+technolux.net, 0
+technomagia.tk, 1
+technomix.tk, 1
+technopedia.gq, 1
+technorthdakota.tk, 1
+technosapien.ml, 1
+technosorcery.net, 1
+technospeakco.com, 1
+technostone.tk, 1
+technostropic.au, 1
+technostropic.com, 1
+technostropic.net, 1
+technoswag.ca, 1
+technotoday.com.tr, 1
+technotronikcanada.ca, 0
+technovisioneng.com, 1
+technoweb.ga, 1
+technoweightloss.com, 1
+technowikis.com, 1
+technowise.tk, 1
+technowiz.tk, 1
+technoyl.com, 1
+techonline.com, 1
+techorbiter.com, 1
+techorganism.com, 1
+techpartes.com.br, 1
+techpedia.it, 1
+techpeer.al, 1
+techpeer.at, 1
+techpeer.be, 1
+techpeer.bg, 1
+techpeer.ch, 1
+techpeer.co.uk, 1
+techpeer.cz, 1
+techpeer.de, 1
+techpeer.dk, 1
+techpeer.ee, 1
+techpeer.es, 1
+techpeer.eu, 1
+techpeer.fr, 1
+techpeer.hu, 1
+techpeer.lt, 1
+techpeer.lu, 1
+techpeer.lv, 1
+techpeer.md, 1
+techpeer.me, 1
+techpeer.nl, 1
+techpeer.pl, 1
+techpeer.pt, 1
+techpeer.ro, 1
+techpeer.rs, 1
+techpeer.se, 1
+techpeer.si, 1
+techpeer.sk, 1
+techpilipinas.com, 1
+techpoint.org, 1
+techpp.com, 1
+techpressable.com, 1
+techprom.tk, 1
+techraptor.net, 1
+techrek.pl, 1
+techreportforall.tk, 1
+techrevolution.lt, 1
+techround.co.uk, 1
+techs.cf, 1
+techsalot.com, 1
+techsat.tk, 1
+techsaviours.online, 1
+techsaviours.org, 1
+techsecrets.tk, 1
+techsee.me, 1
+techserve.ml, 1
+techsharetx.gov, 1
+techshift.eu, 1
+techshift.nl, 1
+techshift.se, 1
+techsite.tk, 1
+techsmartstore.com, 1
+techsna.com, 1
+techsolvency.com, 1
+techsoup.net.nz, 1
+techstackjournal.com, 1
+techsys.ch, 1
+techsys.cz, 1
+techtastic.tk, 1
+techtexas.tk, 1
+techthorne.com, 1
+techtivity.pl, 1
+techto.date, 1
+techtolia.com, 1
+techtouch.tk, 1
+techtoydeveloper.tk, 1
+techtrader.ai, 1
+techtrader.io, 1
+techtrendnews.tk, 1
+techtrozan.ga, 1
+techunit.org, 1
+techvaz.com, 1
+techvel.pl, 1
+techview.link, 1
+techviewforum.com, 1
+techvigil.org, 1
+techvision.tk, 1
+techvoice.tk, 1
+techwalker.cf, 1
+techwallet.tk, 1
+techwestsolutions.com.au, 1
+techwin.systems, 1
+techwithcromulent.com, 1
+techwolf12.nl, 1
+techwords.io, 1
+techzant.com, 1
+techzero.cn, 1
+techzjc.com, 0
+tecit.ch, 1
+tecke.tk, 1
+teckgeekz.com, 1
+tecknobox.fr, 1
+tecknologg.website, 1
+teckprojects.com, 1
+tecmarkdig.com, 1
+tecmestre.com.br, 1
+tecne.ws, 1
+tecnicainnovacion.com.mx, 1
+tecnicapotiguar.com.br, 1
+tecnicasapinzon.com, 1
+tecnick.com, 1
+tecnicman.com, 1
+tecnicman.it, 1
+tecnicoadomicilio.com.mx, 1
+tecnicoelettrodomestici.roma.it, 1
+tecnikan.ar, 1
+tecnimas.com.mx, 0
+tecnimotos.com, 1
+tecnitool.es, 1
+tecno-block.ru, 1
+tecno-pack.net, 1
+tecnoarea.com.ar, 1
+tecnoblog.net, 1
+tecnoboxchile.cl, 1
+tecnocomp-systems.com, 1
+tecnodritte.it, 1
+tecnoempleo.com, 1
+tecnofarma.com.pe, 1
+tecnogazzetta.it, 1
+tecnogestionsas.com, 1
+tecnograficaimpresos.com, 1
+tecnoimp.it, 1
+tecnoimpianti.bz.it, 1
+tecnologiahdv.com, 1
+tecnoloop.es, 1
+tecnomagazine.net, 1
+tecnonews.cf, 1
+tecnonews.tk, 1
+tecnopiniones.com, 1
+tecnosa.es, 1
+tecnoticiasdigitales.tk, 1
+tecnotrattamenti.it, 1
+tecnovernicisrl.com, 1
+tecnyal.com, 1
+tecob.com, 1
+tecon.co.at, 1
+tecorrs.tk, 1
+tecparsnet.ir, 1
+tecpartnership.com, 1
+tecra.com, 1
+tecroxy.com, 1
+tecsar.cn, 1
+tecsar.org, 1
+tecscipro.de, 1
+tectas.co.jp, 1
+tecumsehmi.gov, 1
+tecwolf.com.br, 1
+tecyt.com, 1
+teczero.co.uk, 1
+ted.do, 0
+tedamos.at, 1
+tedamos.ch, 1
+tedamos.com, 1
+tedamos.de, 1
+tedankara.k12.tr, 1
+teddax.com, 1
+tedder.cc, 1
+teddit.net, 1
+teddybearsnextadventure.com, 1
+teddykatz.com, 1
+teddyss.com, 0
+teddywayne.com, 1
+tedhardy.com, 1
+tedirgin.tk, 1
+tedroche.com, 1
+tedsdivingsystem.com, 1
+tedulearning.com, 1
+tedxencgf.com, 1
+tedxyalesecondaryschool.com, 1
+tedyst.ro, 1
+tee-suche.de, 1
+teecketing.com, 1
+teedinsiam.com, 1
+teehaus-shila.de, 1
+teekaymedia.tk, 1
+teektalk.org, 1
+teemo.gg, 1
+teemulintula.fi, 1
+teen-club.tk, 1
+teen-porno-video.ru, 1
+teencounseling.com, 1
+teengamer.tk, 1
+teengamingnights.net, 1
+teengirlpics.com, 1
+teenmissions.org, 1
+teenmoviesgallery.ga, 1
+teenpussypornvid.com, 1
+teenringen.nl, 1
+teensexgo.com, 1
+teensifynews.tk, 1
+teenslesbian.com, 1
+teenslikeitbig.com, 1
+teenslovehugecocks.com, 1
+teentinytits.com, 1
+teenusernames.com, 1
+teenviet.ga, 1
+teenwebcams.ml, 1
+teenwolfturkey.tk, 1
+teenworlds.tk, 1
+teenxxx-tube.com, 1
+teenxy.com, 1
+teepak.ml, 1
+teerer.tk, 1
+teestore.ru, 1
+teesypeesy.com, 1
+teethtalkgirl.com, 0
+teetje-doko.de, 1
+teetoptens.com, 1
+teeverse-photography.com, 1
+teeworlds-friends.de, 1
+tefek.cz, 1
+tefinet.sk, 1
+tefly-frhaty.com, 1
+tefok.com, 1
+tefwin.cf, 1
+teg6.com, 1
+teganlaw.ca, 1
+teganlaw.com, 1
+tege-elektronik.hu, 1
+tegel-schoonmaken.nl, 1
+teh1xbet.com, 1
+tehillimforall.com, 1
+tehnicari-za-racunalstvo.tk, 1
+tehnikarechi.studio, 1
+tehniss.rs, 1
+tehno-kip.ru, 0
+tehno-trust.tk, 1
+tehno3d.ru, 1
+tehnoklubi.ee, 1
+tehnomagija.tk, 1
+tehosmotravto.ru, 1
+tehplace.club, 1
+tehrankey.ir, 1
+tehrantamirgah.com, 1
+teichroeb.net, 1
+teier.eu, 1
+teier.net, 1
+teigtascherlfabrik.net, 1
+teigukitty.tk, 1
+teilenapp.com, 1
+teiron.ml, 1
+teiseken.tk, 1
+teixobactin.com, 1
+tejo.tk, 1
+tejomaya.net, 1
+tek-el.ru, 1
+teka.ro, 1
+tekanswer.com, 1
+tekcafe.vn, 1
+tekchoiceelectronics.com, 1
+tekila.cf, 1
+tekila.ga, 1
+tekila.tk, 1
+tekingb.com, 0
+tekirdagemlak.tk, 1
+tekiro.com, 1
+tekittak.com, 1
+tekkenzone.net, 1
+tekme.pt, 1
+teknashop.com, 1
+teknik-sipil.tk, 1
+teknikaldomain.me, 1
+tekniksnack.se, 1
+teknisetdemarit.fi, 1
+tekniskakustik.se, 1
+teknodaim.com, 1
+teknoforums.com, 1
+teknogeek.id, 1
+teknoharekat.com, 1
+teknoinfo.id, 1
+teknomarko.com, 0
+teknon.tk, 1
+teknorix.com, 1
+teknosa.com, 0
+teknotiq.com, 1
+teknow.tk, 1
+teknoweek.com, 0
+teko.se, 1
+tekpon.com, 1
+tekshrek.com, 0
+teksnologi.com, 1
+teksol-boat.ru, 1
+tekstover.tk, 1
+tekstpesni.tk, 1
+tektorg.ru, 1
+tektouch.net, 1
+tektuts.com, 1
+telamon.eu, 1
+telangananews.ml, 1
+telanganatoday.com, 1
+telani.net, 1
+telaviv.estate, 1
+telaviva.com.br, 1
+telco-motor.fr, 1
+telco.si, 1
+telcodb.net, 1
+telcu.com, 1
+teldak.pt, 1
+tele-alarme.ch, 1
+tele-assistance.ch, 0
+tele-points.net, 1
+tele-teen.ru, 1
+tele.wiki, 1
+tele2vaxel.se, 1
+teleafrica.ga, 1
+telealarme.ch, 0
+telealarmevalais.ch, 1
+teleassistance-telealarme.com, 1
+teleblog.gq, 1
+telebugs.tk, 1
+telecablenostima.tk, 1
+telecallsrl.com, 1
+telecamera.pro, 0
+telecharger-itunes.com, 1
+telecharger-open-office.com, 1
+telecharger-videos.com, 1
+telecharger-winrar.com, 1
+telechirkut.xyz, 1
+telecomhelp.ru, 1
+telecommande-express.com, 1
+telecommunications.cf, 1
+telecommutejobs.com, 1
+telecomwestland.nl, 1
+teledatos.tk, 1
+telefon.report, 1
+telefonabonnement.dk, 1
+telefoncek.si, 1
+telefonicatech.com, 1
+telefonkort.tk, 1
+telefonni-ustredna.cz, 1
+telefonseelsorge-paderborn.de, 1
+telefoon.nl, 1
+telefunk.tk, 1
+telefusion.de, 1
+telega.gq, 1
+telegashop.cf, 1
+telegra.ph, 1
+telegram-gp.ml, 1
+telegram.org, 1
+telegram.poker, 1
+telegramlearn.tk, 1
+telegramseen.com, 1
+telehealthsuite.com, 1
+telehealthventures.com, 0
+telekollektiv.org, 1
+telekomiker.tk, 1
+telekothonbd.com, 1
+teleleafpa.com, 1
+telelog.ml, 1
+telema.tk, 1
+telemaco.tk, 1
+telemetr.io, 0
+telemind.net, 1
+telemitra.com, 1
+telenco-datacenter.com, 1
+telenco-networks.com, 1
+telenovelas-france.tk, 1
+teleogistic.net, 1
+telephonedirectories.us, 1
+telephoni-cdma.tk, 1
+telepilote-academy.fr, 1
+telepok.com, 1
+telepons.com, 1
+teleport.com.br, 1
+teleport.sh, 1
+teleport.video, 1
+teleportart.gq, 1
+teleportpink.com, 1
+teleportweb.com.br, 1
+teleradio.ga, 1
+teleradio.tk, 1
+telesales.guru, 1
+teleserce.com, 1
+teleshkronja.ml, 1
+teleshop.be, 1
+teleskell.org, 1
+telesoftware.tk, 1
+telesonicengineering.com.my, 1
+telestepina.ru, 1
+teleteen.ru, 1
+teleteleei.ml, 1
+teletexto.com, 1
+teletime.com.br, 1
+teleton.org, 1
+teletxt.me, 1
+teleum.net, 1
+televentabelcorp.com, 1
+televisioncontests.ga, 1
+televisionesendirecto.tk, 1
+televisionsrit.tk, 1
+televizeseznam.cz, 1
+televotia.ch, 1
+telework.gov, 1
+teleworkouts.com, 1
+telexsus.com, 1
+teleyal.blog, 1
+telezon.ru, 1
+telfaircountyga.gov, 1
+telfas.de, 1
+telford.codes, 1
+telhai.ac.il, 1
+telhatelite.com.br, 1
+teligram.ru, 1
+telk.kr, 1
+telka-online.tk, 1
+telking.com, 1
+telkom.co.id, 1
+tellaresdo.com, 1
+tellercounty.gov, 1
+tellet.tel, 1
+tellimer.com, 1
+telling-voices.tk, 1
+telling.xyz, 1
+tellingua.com, 1
+tellme.tk, 1
+tellusaboutus.com, 1
+telly.site, 1
+tellygames.com, 1
+tellyourtale.com, 1
+telnet.dk, 1
+telokchki.ga, 1
+telokchki.ml, 1
+teloo.pl, 1
+telos-analytics.com, 1
+telosglobal.io, 1
+telrock.com, 1
+telsu.fi, 1
+teltru.com, 1
+telugu4u.net, 1
+temaflex.tk, 1
+temariogratis.com, 1
+temariosoposiciones.tk, 1
+tematicas.org, 1
+tematonline.pl, 1
+tembusulaw.com, 1
+temdu.com, 0
+temertysimcentre.com, 1
+temirgaliev.tk, 1
+temizlik.ml, 1
+temizmama.com, 1
+teml.in, 1
+temmyzplace.com, 1
+temnacepel.cz, 1
+temnikova.tk, 1
+temoclub.com, 1
+temofoundation.com, 1
+temogroup.com, 1
+temogroup.org, 1
+temogroupe.com, 1
+temoinfidele.fr, 1
+temoinfo.com, 1
+temonews.com, 1
+temonews.org, 1
+temp-lars.army, 1
+temp.pm, 1
+temp37c.com, 1
+tempa.com.ua, 1
+tempdomain.ml, 1
+tempdomain.tk, 1
+tempefestivalofthearts.com, 1
+temperedglassncase.com, 1
+temperodojuca.com.br, 1
+tempestsoft.com, 1
+tempfiles.ninja, 1
+templars.army, 1
+template-help.fr, 1
+templated.ga, 1
+templatetrip.com, 1
+templeandalucia.tk, 1
+templeoverheaddoors.com, 1
+templete.tk, 1
+tempmail.ninja, 1
+tempo.co, 1
+tempo.com.ph, 1
+tempocams.com, 1
+tempocams.net, 1
+tempocams.org, 1
+temporada.icu, 1
+temporada.tk, 1
+temporal.tk, 1
+temporalmotivation.com, 1
+temporaris.com, 1
+temporaryair.com, 1
+temporaryfencehire.net.au, 1
+temporarysanity.tk, 1
+temporarytattoosguru.com.au, 1
+tempsdexpo.com, 1
+tempsoundsolutions.tk, 1
+tempus-aquilae.de, 1
+tempus.tf, 1
+temtekco.com, 1
+ten-ki-lp.work, 1
+ten-ki-saiyo.online, 1
+tena.ml, 1
+tena.tk, 1
+tenangjiwaku.tk, 1
+tenantacademy.co.za, 1
+tenantoptions.com.au, 1
+tenantprotect.co.za, 1
+tenber.ge, 1
+tenberg.com, 1
+tenbookclub.org, 1
+tencent.xn--vuq861b, 1
+tencur.com, 1
+tendanceaumasculin.fr, 1
+tendanceouest.com, 1
+tendaqu.com, 1
+tende.roma.it, 1
+tendergrupp.ru, 1
+tenderned.nl, 1
+tenderstem.co.uk, 1
+tenderstem.ie, 1
+tendiestown.com, 1
+tendinite.org, 1
+tendiris.ga, 1
+tendmed.com.br, 1
+tendomag.com, 1
+tendure.tk, 1
+tenens.ru, 1
+tenenz.com, 1
+tenerifeautohuur.nl, 1
+teners.me, 1
+tenfeetsquare.net, 1
+tenfingerscollective.tk, 1
+tengodetodo.tk, 1
+tenhourguy.com, 1
+tenispopular.com, 1
+tenisservis.eu, 1
+tenjou-tenge.tk, 1
+tenken1010.org, 1
+tenma.pro, 1
+tennaxia.com, 1
+tenncare.gov, 1
+tennesseejeepsters.com, 1
+tennis-academy-weserbergland.de, 1
+tennis-agesc.fr, 1
+tennis-altai.tk, 1
+tennis-hameln.de, 1
+tennisadmin.com, 1
+tennisapp.de, 1
+tenniscourtsjoburg.com, 1
+tenniscritic.ga, 1
+tennismania.tk, 1
+tennismindgame.com, 1
+tennisnerd.net, 1
+tennisnyi-stol.tk, 1
+tennispensacola.com, 1
+tennisportal.com.ua, 1
+tennisschool.tk, 1
+tennistalk.tk, 1
+tennisweb.cf, 1
+tenno.tools, 1
+tenon-backup.com, 1
+tenryo.work, 0
+tenshindo.ne.jp, 1
+tenshoku-hanashi.com, 1
+tenshokudo.com, 1
+tenshokufair.jp, 1
+tent.io, 1
+tenta.com, 1
+tentacle.monster, 1
+tentacle.net, 1
+tentacletank.com, 1
+tentagent.com, 1
+tenthdimensions.com, 1
+tenthirtyonepictures.com, 1
+tenthousandcoffees.com, 1
+tentoo.nl, 1
+tentq.com, 1
+tentries.com, 1
+tenutachianchizza.it, 0
+tenyx.de, 1
+tenzer.dk, 1
+teoassessoria.com.br, 1
+teodorpravicky.com, 1
+teodw.com, 1
+teodw.net, 1
+teoletextsq.tk, 1
+teologia.promo, 1
+teomahk.de, 1
+teoskanta.fi, 1
+tep.com, 1
+tepaard.ddns.net, 1
+tepautotuning.com, 1
+tepco2021.com, 1
+tepid.org, 1
+tepitus.de, 0
+teplici-crimea.ru, 1
+teplo-russia.ru, 1
+teplo-unit.ru, 1
+teplofom.ru, 1
+teplohod.kharkov.ua, 1
+teplomash24.ru, 1
+teplotehnik.tk, 1
+teplovizor.info, 1
+teppelin.fr, 1
+teppichfrisch.de, 1
+teppichpracker.at, 1
+tepui.io, 1
+teq-automotive.com, 1
+teqip-pms.gov.in, 1
+tequenikality.net, 1
+tequilaavion.com, 1
+tequilazor.com, 1
+terabyte-computing.com, 1
+terabyte.services, 1
+terabyteharddrive.net, 1
+terabyteit.co.uk, 1
+teracloud.at, 1
+teradatta.ga, 1
+teradatta.gq, 1
+teradatta.tk, 1
+teramind.co, 1
+teramundi.com, 1
+teran.me, 1
+teran.pw, 1
+teran.ru, 1
+teranacreative.com, 1
+terapeuticaenalza.es, 1
+terapiaradial.tk, 1
+terapower.com.tw, 1
+teraren.com, 1
+teraservice.eu, 1
+teraservice.ml, 1
+terass.com, 0
+terbaruberita.id, 1
+terborg600.nl, 1
+tercelonlinelat.tk, 1
+tercosdemaria.com.br, 1
+teremopt.ru, 1
+terence2008.info, 1
+terengganudaily.tk, 1
+terenska-edinica.tk, 1
+terento.org, 1
+teritwarsj.org, 1
+teriva.ua, 1
+term-master.ru, 1
+terma.ml, 1
+termbackti.me, 1
+terme.milano.it, 1
+terme.roma.it, 1
+terme.viterbo.it, 1
+termee.com, 1
+termeh-store.com, 1
+termi.tk, 1
+termifree.tk, 1
+termin-online.com, 0
+terminalyouth.tk, 1
+terminationsremembered.com, 1
+termine.tel, 1
+termino.eu, 1
+terminsrakning.se, 1
+termitinitus.org, 1
+termius.com, 1
+termografiranje.si, 1
+termoidraulica.roma.it, 1
+termoidraulico.milano.it, 1
+termoidraulico.roma.it, 1
+termopares.tk, 1
+termproject.org, 1
+termux.com, 1
+ternex.ru, 1
+ternitoday.it, 1
+terobait48.ru, 1
+teronia.net, 1
+terovania.com, 1
+terovania.de, 1
+terovania.games, 1
+terpelpanama.com, 1
+terpotiz.eu, 1
+terpotiz.net, 1
+terra-med.ga, 1
+terra-x.net, 1
+terra.bio, 1
+terra.fitness, 1
+terra7.net, 1
+terrab.de, 1
+terrabela.tk, 1
+terracloud.de, 0
+terraco.ga, 1
+terracom.gr, 1
+terracycle.com, 1
+terraesencial.com, 1
+terrafinanz.de, 1
+terraform.io, 0
+terraformator.ru, 1
+terragni-sarasin.ch, 1
+terrakotta.tk, 1
+terraluna.space, 1
+terramineira.com.br, 1
+terraneesens.fr, 1
+terranimo.re, 1
+terranovadesignbuild.com, 1
+terraquercus.tk, 1
+terrariatr.tk, 1
+terrarium.tk, 1
+terrasandcooking.nl, 1
+terrasandcookingoutdoor.nl, 1
+terrasearcher.tk, 1
+terraso.net, 1
+terraso.org, 1
+terrasoverkappingvillage.be, 1
+terrasoverkappingvillage.nl, 1
+terratruehq.com, 1
+terraweb.net, 1
+terrax.net, 1
+terredeshommes.nl, 1
+terrelltx.gov, 1
+terremoto.com.br, 1
+terrenal.tk, 1
+terrenasparadise.com, 1
+terres-et-territoires.com, 1
+terresmagiques.com, 0
+terrexllc.com, 1
+terrischeer.com.au, 1
+territoriesredress.gov.au, 1
+territoriocuchero.tk, 1
+territoriya.tk, 1
+territory.cf, 1
+terroinsect.com.mx, 1
+terrorbilly.com, 1
+terrorblast.tk, 1
+terrorism.lol, 1
+terrty.net, 1
+terryburton.co.uk, 1
+terrybutler.co.uk, 0
+terryjohnsononline.com, 1
+terryoconnor.org, 1
+ters.ga, 1
+terumoindia.com, 1
+terumoindiaskilllab.com, 1
+terumomedical.com, 1
+tervelde.com, 1
+terviseamet.ee, 0
+tervolina.tk, 1
+tesche.biz, 1
+tescoirelandpayslips.com, 1
+tescoludia.sk, 1
+tesdrole.tk, 1
+teseo.kz, 1
+tesharp.com, 1
+teshuzi.com, 1
+teskalabs.com, 1
+tesla-fire.com, 1
+tesla-tula.tk, 1
+tesladeaths.com, 1
+teslam.in, 1
+teslamagician.com, 1
+teslamate.ca, 1
+teslasuit.io, 1
+tesorion.nl, 1
+tespent.cn, 1
+tesseract.wiki, 1
+tesseractinitiative.org, 1
+tessierashpool.de, 1
+tessla.org, 1
+test-deployment.xyz, 1
+test-eligibilite-isolation.com, 1
+test-iq.gq, 1
+test-my.tk, 1
+test-na-beremennost.tk, 1
+test-online.tk, 1
+test-privacyportal-ui.azurewebsites.net, 1
+test-school.ml, 1
+test-textbooks.com, 1
+test.de, 1
+test.io, 1
+test1-isrewards.com, 1
+test2-isrewards.com, 1
+test4pro.ga, 1
+testable.org, 1
+testadren.com, 1
+testadron.com, 1
+testapfnxg.com, 1
+testaustime.fi, 1
+testazdes.gov, 1
+testbed.fi, 1
+testbirds.cz, 1
+testbirds.sk, 1
+testcase.me, 1
+testcoz.tk, 1
+testdemoweb.tk, 1
+testdevelocidad.com, 1
+testdomens.ga, 1
+testecta.top, 1
+testehogs.tk, 1
+testem.de, 1
+testemo.tk, 1
+testenopreis.nl, 1
+testeri.fi, 1
+testermerch.pl, 1
+testeveonline.com, 1
+testforce.tk, 1
+testfort.com, 1
+testgeomed.ro, 1
+testgroup.nl, 1
+testheat.org, 1
+testikel.be, 1
+testing-server.tk, 1
+testingbot.com, 1
+testingtask.tk, 1
+testiowa.gov, 1
+testispdomain.ml, 1
+testkinja.com, 1
+testmpf.com, 1
+testmx.email, 1
+testmx.eu, 1
+testmx.org, 1
+testmy.tk, 1
+testomato.com, 1
+testone.com.tr, 1
+testoon.com, 1
+testosterone-complex.com, 1
+testosteronedetective.com, 1
+testovaci.ml, 1
+testpinoy.com, 0
+testplant.com, 1
+testpool.gq, 1
+testpornsite.com, 1
+testprep.online, 1
+testprepinsight.com, 1
+testpsicotecnicos.com.es, 1
+testq.se, 1
+tests-and-tips.info, 1
+tests-und-tipps.info, 1
+tests.pp.ru, 1
+tests.school, 1
+tests.tips, 1
+testsab.com, 1
+testscript.ml, 1
+testservice.nl, 1
+testsitefortask.xyz, 1
+testsity.tk, 1
+testspsicotecnicos.org, 1
+testsweb.ml, 1
+testthis.cf, 1
+testvision.nl, 1
+testyonline.tk, 1
+tetangers.tk, 1
+tetete-no-te.com, 1
+tether.com, 1
+tethercasinos.io, 1
+tetherqr.com, 1
+tethys.fr, 1
+teto.nu, 1
+tetonas.tk, 1
+tetontherapypc.com, 1
+tetorix.gq, 1
+tetovaweb.tk, 1
+tetovo.tk, 1
+tetrabyte.tk, 1
+tetracyclin.gq, 1
+tetracyclin.ml, 1
+tetracyclin.tk, 1
+tetracycline500mg.ga, 1
+tetraktus.org, 1
+tetramax.eu, 1
+tetrarch.co, 1
+tetrimus.com, 1
+tetrisponse.io, 1
+tetsudo.jp.net, 1
+tetsumaki.net, 1
+tetweb.ir, 1
+teu-fel.com, 1
+teufel-cloud.ddns.net, 1
+teufel.de, 1
+teufelaudio.nl, 1
+teufelswerk.net, 1
+teulon.eu, 1
+teungedj.de, 1
+teunmulder.tk, 1
+teunstuinposters.nl, 1
+teusink.eu, 1
+teuton.io, 1
+teutonia-grossenlueder.de, 1
+teutonia08.de, 1
+teva.com, 1
+teveblad.be, 1
+teverzamelen.nl, 1
+tewarilab.co.uk, 1
+tewhare-iti.co.nz, 1
+tewkesburyyoga.com, 1
+tex-izol.ru, 1
+texaport.co.uk, 0
+texarkanatexas.gov, 1
+texarkanatherapycenter.com, 1
+texasbluesalley.com, 1
+texascarauctions.com, 1
+texascharterbuscompany.com, 1
+texascoffee.co, 1
+texasconcretereadymix.com, 1
+texascountymo911.gov, 1
+texascredit.com, 1
+texasdivorceforall.com, 1
+texasgynecomastia.com, 1
+texashealthtrace.gov, 1
+texasintegratedservices.com, 1
+texasnewsusa.tk, 1
+texasonesource.com, 1
+texasonlinedivorce.com, 1
+texasonlinemarriagecounseling.com, 1
+texaspaintingandgutters.com, 1
+texasparkinglotstriping.com, 1
+texasready.gov, 1
+texasteam.tk, 1
+texasultraspirit.com, 1
+texasurodoc.com, 1
+texasvolunteerattorneys.org, 1
+texaswinetrail.com, 1
+texby.com, 1
+texdot.gov, 1
+texel.es, 1
+texel.tk, 1
+texfunding.com, 1
+texican.nl, 1
+texicopolicenm.gov, 1
+texier.mx, 1
+texkey.com, 1
+texkings.com, 1
+texnoguru.tk, 1
+texnolog.tk, 1
+texnotroniks.tk, 1
+texosmotr.tk, 1
+texpresspainting.com, 1
+textadventure.tk, 1
+textassistant.ga, 1
+textcleaner.net, 1
+textcounter.tk, 1
+texteditor.co, 1
+texter-linz.at, 1
+texter.at, 1
+texterseo.at, 1
+texterseo.de, 1
+textieldiscounter.nl, 1
+textil-kyoto.tk, 1
+textiles.tk, 1
+textinmate.com, 1
+textlinktausch.tk, 1
+textonly.email, 1
+textpages.tk, 1
+textpattern.com, 1
+textpro.xyz, 1
+textprotocol.org, 1
+textron.com, 0
+textscout.io, 1
+textsite.tk, 1
+textualapp.com, 1
+textundblog.de, 1
+textura.bg, 1
+textura.gr, 1
+textura.ro, 1
+textures-resource.com, 1
+textus.com, 1
+textzformatter.com, 1
+texus.me, 1
+texy.info, 1
+teycos.com, 1
+teyit.org, 1
+teysens.com, 1
+teyyib.com, 1
+tezcam.tk, 1
+tezgoal.com, 1
+teztarama.com, 1
+tf-amd.com.my, 1
+tf-network.de, 1
+tf2b.com, 1
+tf2calculator.com, 1
+tf2pickup.cz, 1
+tf2pickup.de, 1
+tf2pickup.eu, 1
+tf2pickup.fi, 1
+tf2pickup.it, 1
+tf2pickup.org, 1
+tf2pickup.pl, 1
+tf2pickup.se, 1
+tf2pickup.web.tr, 1
+tf7879.com, 1
+tfadictivo.com, 1
+tfaforms.com, 1
+tfb.az, 1
+tferdinand.net, 1
+tfg-bouncycastles.com, 1
+tfiglobalnews.com, 1
+tfiik.com, 1
+tfinfo.fr, 1
+tfipost.com, 1
+tfk-installatieservice.nl, 1
+tfk.fr, 1
+tfle.xyz, 1
+tflite.com, 1
+tfnapps.de, 1
+tfok.ml, 1
+tfrei.de, 1
+tfscreener.com, 1
+tfsound.cz, 1
+tfsrcymru.org.uk, 1
+tft-cheat-sheet.com, 1
+tfus.co, 1
+tfw-a.com, 1
+tfx.com.br, 1
+tfxstartup.com, 1
+tfxstartup.com.br, 1
+tfyre.co.za, 1
+tg2sclient.com, 1
+tgb.org.uk, 1
+tgcfabian.nl, 1
+tgcgrain.com, 1
+tgenotary.com, 1
+tgexport.eu, 1
+tglbbs.com, 0
+tgmarketingusa.com, 1
+tgo1111.com, 0
+tgo6688.com, 0
+tgo789.com, 0
+tgo8899.com, 1
+tgoaa.com, 1
+tgoall.com, 1
+tgod.co, 1
+tgrade.finance, 0
+tgt.co.il, 0
+tgtw.cc, 1
+tgu15.com, 1
+tgui.eu, 1
+tgui.net, 1
+tgw.com, 1
+tgwork.com, 1
+tgx.rs, 1
+th-1x.com, 1
+th-1xbet.com, 1
+th-bl.de, 1
+th-fanlist.tk, 1
+th.search.yahoo.com, 0
+th2eco.de, 1
+thablubb.de, 1
+thackert.myfirewall.org, 1
+thai-massage.tk, 1
+thai-ridgeback.tk, 1
+thai.land, 1
+thai369.com, 1
+thaibizsingapore.com, 0
+thaiboystory.ga, 1
+thaibrokersfx.com, 1
+thaicurry.net, 1
+thaiforest.ch, 0
+thaiforexfamily.com, 1
+thaifriendly.com, 1
+thaigirls.cf, 1
+thaihomecooking.com, 1
+thaihong.co.th, 1
+thaihong.com, 1
+thaihotmodels.tk, 1
+thailande-fr.com, 1
+thailandguru.properties, 1
+thailandhotel.tk, 1
+thailandpropertylisting.ga, 1
+thailandvariety.cf, 1
+thaimbc.com, 1
+thaimega.club, 1
+thaiminh.tech, 1
+thaiorchidpetoskey.com, 1
+thaipbspodcast.com, 1
+thaiportal.gq, 1
+thairad.com, 0
+thais.tk, 1
+thaislots.online, 1
+thaisolarexpert.com, 1
+thaisurveys.com, 1
+thaitonic.de, 1
+thaiwatsadu.com, 1
+thaiwrestling.tk, 1
+thaixon.co.th, 1
+thajske-masaze-brno.cz, 1
+thajske-masaze-olomouc.cz, 1
+thajske-masaze-vyskov.cz, 1
+thakurmarjhuli.tk, 1
+thalamus.nz, 1
+thalan.fr, 1
+thalgott.net, 0
+thalhammer.it, 1
+thalia.nu, 1
+thalikkunushivatemple.tk, 1
+thalliman.com, 1
+thalmann.fr, 0
+thamesfamilydentistry.com, 1
+thamesvalleybuses.com, 1
+thammachartconnect.com, 1
+thammysen.vn, 1
+thanatoid.net, 1
+thancon.com, 1
+thanhtrungmobile.vn, 1
+thantra.tk, 1
+thapduoc.com, 1
+tharuka.com, 1
+tharuka.de, 1
+thaserv.de, 1
+thassos-world-web.tk, 1
+thassos.tk, 1
+that.host, 1
+thatch.ai, 1
+thatchhealth.com, 1
+thatdaria.com, 1
+thatdarkplace.com, 1
+thatdirtyd.com, 1
+thatmy.com, 1
+thatshayini-sivananthan.fr, 1
+thatskykid.com, 1
+thatssodee.com, 1
+thaumaturgian-national-university.tk, 1
+thavmacode.gr, 1
+thaw.systems, 1
+thawte.com.ru, 1
+thaxton.xyz, 0
+thc-stadvdzon.nl, 1
+thca.ca, 1
+thda.org, 1
+the-ace.tk, 1
+the-allmighty-mike.tk, 1
+the-archive.io, 1
+the-archive.ml, 1
+the-azad.com, 1
+the-big-bang-theory.com, 1
+the-bookies.com, 1
+the-brandidentity.com, 1
+the-buildersyard.com, 1
+the-burtons.xyz, 1
+the-busbys.com, 1
+the-carshop.com, 1
+the-club.fr, 1
+the-crypto-syllabus.com, 1
+the-deep.tk, 1
+the-digital-insurer.com, 1
+the-digitale.com, 0
+the-doorman.co.uk, 0
+the-dream.tk, 1
+the-ear.net, 1
+the-earth-yui.net, 0
+the-egotronic.tk, 1
+the-farm.tk, 1
+the-finance-blog.com, 1
+the-forgotten.net, 1
+the-gist.io, 1
+the-glitch.network, 1
+the-ken.com, 1
+the-lfb.tk, 1
+the-mermaid.tk, 1
+the-metropolitans.tk, 1
+the-muddy-trophy-team.tk, 1
+the-mudmen.tk, 1
+the-naked.com, 1
+the-opposites.tk, 1
+the-pcca.org, 1
+the-pressoffice.com, 1
+the-red.pp.ua, 1
+the-small-dick-club.com, 1
+the-snaglist.com, 1
+the-spellcaster.com, 1
+the-spoonfeed.club, 1
+the-storm.tk, 1
+the-tech-trend.com, 1
+the-tg.com, 1
+the-toolshop.com, 1
+the-top.net, 1
+the-trophy-company.com, 1
+the-wandering-midget.tk, 1
+the-winx.tk, 1
+the-woods.org.uk, 1
+the-world.tk, 1
+the-zenti.de, 1
+the1.wiki, 1
+the12by12.com, 1
+the13thtribe.tk, 1
+the51news.ga, 1
+the5th.nl, 1
+the7eye.org.il, 1
+the8rules.co.uk, 1
+thea-team.net, 1
+theabsoluteroof.com, 1
+theacademicpapers.co.uk, 1
+theaccountingcompanyleeds.co.uk, 1
+theaceblock.space, 1
+theactivationfunction.com, 1
+theactuary.ninja, 1
+theadamsonchronicle.tk, 1
+theadelaideshow.com.au, 1
+theadultswiki.com, 1
+theafleo.ga, 1
+theafleo.gq, 1
+theagencywithoutaname.com, 1
+theaidigitalmarketingblog.com, 1
+thealchemistatelier.com, 1
+theallmanteam.com, 1
+thealmoners.com, 1
+thealmsolution.com, 1
+thealonas.cf, 1
+thealonas.ga, 1
+thealonas.gq, 1
+thealonas.ml, 1
+thealonas.tk, 1
+theamandatappingclub.tk, 1
+theamandatappingcontest.tk, 1
+theangelgivingtree.com, 1
+theangelgivingtree.info, 1
+theangelgivingtree.net, 1
+theangelgivingtree.org, 1
+theangelushouse.com, 1
+theanimalskingdom.com, 1
+theantarticx.com, 1
+theantisocialengineer.com, 1
+theantnetwork.tk, 1
+theapj.com, 1
+theapplewiki.com, 1
+theapriltears.tk, 1
+theaps.net, 0
+theaquila.tk, 1
+thearcheryguide.com, 1
+thearches.co.uk, 1
+thearchimag.tk, 1
+thearizonatribune.com, 1
+thearkfamily.org, 1
+thearmchairtrader.com, 0
+theasianshooters.com, 1
+theastrocoach.com, 1
+theataraxia.tk, 1
+theataraxiazine.tk, 1
+theater.cf, 1
+theaterfrederik.tk, 1
+theatergroep-o.nl, 1
+theaterreichenhall.tk, 1
+theatheistbook.com, 1
+theathletic.com, 1
+theatre-schools.com, 1
+theatrefolk.com, 1
+theatrepremol.com, 1
+theatresocietyguts.tk, 1
+theatresuite.tk, 1
+theaus.xyz, 1
+theaustinbulldog.org, 1
+theaustinsevenworkshop.com, 1
+theawesomemuse.com, 1
+thebabelog.cf, 1
+thebabelog.ga, 1
+thebabelog.gq, 1
+thebabypassport.com, 1
+thebacksplashcompany.com, 1
+thebackstage.tk, 1
+thebacteriafight.gq, 1
+thebakersbuddy.co.uk, 1
+thebakery2go.de, 1
+thebalancedsystem.org, 1
+thebannerstore.com, 1
+thebarclay.org, 1
+thebarrens.nu, 1
+thebasementdefender.com, 1
+thebasementdefender.net, 1
+thebasicstudio.com, 1
+thebathroomexchange.ga, 1
+thebeatyard.nl, 1
+thebeaulife.co, 1
+thebeautyqueen.tk, 1
+thebedfordcitizen.org, 1
+thebeeyard.org, 1
+thebeginningviolinist.com, 1
+thebenefitcalculator.com, 1
+thebengalinews.tk, 1
+thebenstore.com, 1
+theberries.tk, 1
+thebestfun.co.uk, 1
+thebesthomecooking.ru, 0
+thebestlaos.ga, 1
+thebestnews.ga, 1
+thebestofthesprings.com, 1
+thebestpersonin.ml, 1
+thebestshopping.tk, 1
+thebetterfit.com, 1
+thebettermagazine.com, 1
+thebhc.org, 1
+thebigbigworld.tk, 1
+thebigdatacompany.com, 1
+thebigdig.xyz, 1
+thebigslow.com, 1
+thebillingtongroup.com, 1
+thebinarys.com, 1
+thebiopoetist.eu.org, 1
+thebirchwoods.com, 1
+thebismarckmarathon.com, 1
+thebit.link, 1
+thebitchneyfiles.tk, 1
+thebiz.tk, 1
+theblackboard.gr, 1
+theblackcat.ga, 1
+theblackknightsings.com, 1
+theblackravens.com, 1
+theblankenshipfirm.com, 1
+theblink.com, 1
+theblisters.tk, 1
+theblock.co, 1
+theblog.cn, 1
+theblogstarter.com, 1
+theblondeabroad.com, 0
+theblue.tk, 1
+theblueinnovations.com, 1
+thebluered.net, 0
+theblueroofcottage.ca, 1
+thebluub.com, 1
+theboard.tk, 1
+theboardroomsubi.com.au, 1
+theboats.agency, 1
+theboats.club, 1
+theboats.com, 1
+theboats.de, 1
+theboats.online, 1
+theboats.pro, 1
+thebobcoin.io, 1
+thebodylanguageguide.tk, 1
+thebodyshop.bg, 1
+theboltway.com, 1
+thebonerking.com, 1
+thebook.pro, 1
+thebosshub.net, 1
+thebot.net, 1
+theboulders.com, 1
+thebouncedepartment.co.uk, 1
+theboxofcarlos.com, 1
+theboxoutofthebox.com, 1
+theboysrepublic.tk, 1
+thebrag.com, 1
+thebrainfactory.eu, 1
+thebraininitiative.gov, 1
+thebrainwash.tk, 1
+thebranddesign.gq, 1
+thebreakroom.org, 1
+thebrewingtonfamily.net, 1
+thebridalcollection.com, 1
+thebrightons.co.uk, 1
+thebrightons.uk, 1
+thebritishlibraryinstallation.com, 1
+thebroadcastknowledge.com, 1
+thebrookeb.com, 1
+thebsl.ca, 1
+thebss.tk, 1
+thebucklandreligion.tk, 1
+thebuffalotavern.com, 1
+thebugmanfraservalley.com, 1
+thebull.com.au, 1
+thebulletin.io, 1
+thebunnyhutch.org, 1
+theburst.tk, 1
+thebus.top, 1
+thebutterflyencounters.com, 1
+thebuttongame.io, 1
+thebuttonpost.com, 1
+thecakeboxhampton.co.uk, 1
+thecalifornias.tk, 1
+thecalmnessofblankspace.tk, 1
+thecamels.org, 1
+thecameradivision.com, 1
+thecanadarace.com, 1
+thecandidforum.com, 1
+thecandystore.tk, 1
+thecardcloset.com, 1
+thecarolingconnection.com, 1
+thecarpenters.tk, 1
+thecarphunter.tk, 1
+thecarriagerooms.com, 1
+thecatanddogbowl.au, 1
+thecatbowl.com.au, 1
+thecats.tk, 1
+thecavedistro.tk, 1
+thecaveofsatyr.tk, 1
+thecavepeople.is, 1
+thecdev.com.br, 1
+thecelticfiles.tk, 1
+theceocollective.com, 1
+thecfef.org, 1
+thechaikinreport.com, 1
+thechallenge.fit, 1
+thechandigarhcity.com, 1
+thechargertimes.com, 1
+thechatlinenumbers.com, 1
+thechauffeur-international.com, 1
+thechavs.xyz, 1
+thecheapairlinetickets.com, 1
+thecheat.tk, 1
+thecheese.co.nz, 1
+thechelseadrugstore.ie, 1
+thechemistryisdead.tk, 1
+thechfdietitian.com, 1
+thechicanos.tk, 1
+thechinaguide.com, 1
+thechoice.tk, 1
+thechosenones.tk, 1
+thecigarlibrary.com, 0
+thecineshoppe.com, 1
+theciso.com, 0
+thecitizen.support, 1
+thecitywarehouse.clothing, 1
+theclarke.house, 1
+theclarke.wedding, 1
+theclearingnw.com, 1
+thecleverhost.co.uk, 1
+theclimbingunit.com, 1
+theclockdepot.com, 1
+theclonker.de, 0
+thecloroxcompany.com, 1
+thecloudadmin.eu, 1
+thecluster.xyz, 1
+thecnstore.com, 1
+thecodeninja.net, 1
+thecoffeecamp.com, 1
+thecoffinshop.co.nz, 1
+thecognitivequest.com, 1
+thecolorbarph.com, 1
+thecolorrun.hu, 1
+thecolourbox.in, 1
+thecombustionway.com, 0
+thecomedystore.co.uk, 1
+thecommonmen.tk, 1
+thecommunityguide.org, 1
+thecommunitymakers.club, 1
+thecompany.pl, 1
+thecompliancepeople.co.uk, 1
+theconcordbridge.azurewebsites.net, 1
+thecondemned.tk, 1
+theconductsoflife.com, 1
+theconsultant.jp, 1
+theconsultingpeople.tk, 1
+thecontentcloud.com, 1
+theconversation.com, 1
+theconverter.net, 0
+theconveyer.org, 1
+thecook.com.co, 1
+thecookiewriter.com, 1
+thecoredublin.tk, 1
+thecorianderkitchen.com, 1
+thecorrectblogger.com, 1
+thecostymusic.tk, 1
+thecotsworth.com, 1
+thecoverlot.com, 1
+thecovky.gov, 1
+thecowboy.cafe, 1
+thecowquerie.tk, 1
+thecr3ative.tk, 1
+thecraftingstrider.net, 1
+thecrazybrains.tk, 1
+thecrazytravel.com, 1
+thecreativeshour.com, 1
+thecrew-exchange.com, 1
+thecrimson.tk, 1
+thecrochetcottage.net, 1
+thecronosgroup.com, 1
+thecrypt.game, 1
+thecskr.in, 1
+thecstick.com, 1
+thecubepsych.com, 1
+thecup.us, 1
+thecureplainsong.tk, 1
+thecuriousdev.com, 1
+thecurvyfashionista.com, 1
+thecustomdroid.com, 1
+thecustomizewindows.com, 1
+thecyberwire.com, 1
+theda.co.za, 1
+thedaac.org, 1
+thedailybloon.tk, 1
+thedailyprosper.com, 0
+thedailyreporteronline.com, 1
+thedailyupvote.com, 1
+thedaimon.cn, 1
+thedanceacademybuckscounty.com, 0
+thedark.ga, 1
+thedark1337.com, 1
+thedarkages.tk, 1
+thedarkartsandcrafts.com, 1
+thedarkcolonyfansite.tk, 1
+thedarkfusion.tk, 1
+thedarksidesoftwaresecurity.ga, 1
+thedarkteam.tk, 1
+thedataexaminer.com, 1
+thedave.link, 1
+thedave.me, 1
+thedave.photos, 1
+thedawningofdarkness.tk, 1
+thedeathmachine.tk, 1
+thedeathofannakarina.tk, 1
+thedebug.life, 1
+thedefiled.tk, 1
+thedelaunay.com, 1
+thedemocraticstrategist.org, 1
+thedermdetective.com, 1
+thedev.id, 1
+thedevastatedrealm.tk, 1
+thedevilsbrigade.com, 1
+thedevilwearswibra.nl, 1
+thedevrycommonsbrasil.com, 0
+thediamondapp.com, 1
+thedietsolutionprog.tk, 1
+thedigitalcurator.art, 1
+thedigitalparadox.tk, 1
+thediligentwoman.com, 1
+thedinnerdetective.com, 1
+thediscforum.tk, 1
+thediscovine.com, 1
+thedistance.co.uk, 1
+thedivineforce.com, 1
+thediyvibe.com, 1
+thedjhookup.com, 1
+thedoc.eu.org, 1
+thedocumentrefinery.com, 1
+thedomains.co.uk, 1
+thedonaldarchive.tk, 1
+thedotcom.tk, 1
+thedowlinggroup.com, 1
+thedrakesdebut.com, 1
+thedrawbacks.tk, 1
+thedriftuniversity.com, 1
+thedrivers.tk, 1
+thedrizzle.tk, 1
+thedronechart.com, 1
+thedroneely.com, 1
+theduchessbudapest.com, 1
+thedysfunctionalangel.cf, 1
+thedysfunctionalangel.ga, 1
+thedysfunctionalangel.gq, 1
+thedysfunctionalangel.ml, 1
+theeagle.com, 1
+theebookkeepers.co.za, 1
+theeducationalequalityinstitute.org, 1
+theeducatoronline.com, 1
+theeffingyogablog.com, 1
+theegyptblog.tk, 1
+theeighthbit.com, 0
+theel0ja.info, 1
+theel0ja.ovh, 1
+theeldritchhounds.cf, 1
+theeldritchhounds.gq, 1
+theeldritchhounds.ml, 1
+theelephant.info, 1
+theeliteneet.com, 1
+theemeraldmagazine.com, 1
+theemptyvault.com, 1
+theender.net, 1
+theendlesssixties.com, 0
+theendpoem.com, 0
+theentropyofdelicatewonders.com, 1
+theepankar.com, 1
+theepicsponge.co.uk, 1
+theequinepractice.com, 1
+theescapegame.com, 1
+theestateplanninggroup.com, 1
+theeuropeanlibrary.org, 1
+theevergreen.me, 0
+theeverydayprepper.com, 1
+theexodus.tk, 1
+theexpatriate.de, 1
+theexplorer.ro, 1
+theextract.co.uk, 1
+theeyeopener.com, 1
+theeyewearshop.com.au, 1
+thefabricator.com, 1
+thefabulouslifestyles.com, 1
+thefabulouswomen.com, 1
+thefaceshop.ca, 1
+thefaircottage.com, 1
+thefairieswantmedead.com, 1
+thefairytale.tk, 1
+thefallen.tk, 1
+thefamilychemist.co.uk, 1
+thefamilygarrison.com, 1
+thefanimatrix.net, 1
+thefantasyrooms.com, 1
+thefarleys.ca, 1
+thefashiondistrict.tk, 1
+thefashionpolos.com, 1
+thefasthire.org, 1
+thefastmode.com, 1
+thefatduck.co.uk, 1
+thefatlosspuzzle.com, 0
+theferrarista.com, 0
+thefibreapp.com, 1
+thefieldservicecompany.nl, 1
+thefinalconflict.tk, 1
+thefinx.io, 1
+thefishshop.ga, 1
+thefitcare.com, 1
+thefitcareerist.com, 1
+theflashback.co.uk, 1
+theflesh.tk, 1
+theflexerzone.ga, 1
+theflowershopdeddington.com, 1
+theflowstudios.com, 1
+theflyingbear.net, 0
+theflyingdutch.tk, 1
+thefnafarchive.org, 1
+thefoodcops.com, 1
+thefooddictator.com, 1
+thefoodieblogger.com, 1
+thefoot.tk, 1
+theforkedspoon.com, 1
+theformtool.com, 1
+thefox.com.fr, 1
+thefranklinnewspost.com, 1
+thefreebay.tk, 1
+thefreemail.com, 1
+thefreethinker.tk, 1
+thefrenchbeautyacademy.edu.au, 1
+thefrenchconnection.tk, 1
+thefridaycinema.com, 1
+thefriedzombie.com, 1
+thefriedzombie.nl, 1
+thefriedzombie.online, 1
+thefriendlyplant.co.za, 1
+thefrontend.agency, 1
+thefrugalvegan.tk, 1
+thefuckingtide.com, 0
+thefulcrum.us, 1
+thefunfirm.co.uk, 1
+thefunzone.tk, 1
+thefurnitureco.uk, 1
+thefurniturefamily.com, 1
+thefusion.net.in, 1
+thefussyeater.ie, 1
+thefuturetech.ga, 1
+thegab.in, 1
+thegadget.tk, 1
+thegallery-restaurant.co.uk, 1
+thegamecave.co.uk, 1
+thegamecollector.tk, 1
+thegantars.tk, 1
+thegasshop.co.uk, 1
+thegasshop.uk, 1
+thegatewaydigital.com, 1
+thegatewaytoanewworld.com, 1
+thegeekdiary.com, 1
+thegeekguy.eu, 1
+thegeeklab.de, 0
+thegeektools.com, 1
+thegemriverside.com.vn, 1
+thegeniusdz.tk, 1
+thegentleman.tk, 1
+thegeriatricdietitian.com, 1
+thegermancoder.com, 1
+thegerwingroup.com, 1
+thegetaway.com, 1
+theghostlytavern.com, 1
+thegiantsdream.tk, 1
+thegildedthistle.com, 1
+thegingersnapbaker.co.za, 1
+theginnylee.com, 1
+thegioibanca.tk, 1
+thegioidulich.com.vn, 1
+theglencoetorah.com, 1
+theglossymusings.com, 1
+thego2swatking.com, 1
+thegoaescort.com, 1
+thegoldandsilverexchange.com, 1
+thegolden.com, 1
+thegoodinside.com, 1
+thegoodveggie.com, 1
+thegoodvybe.ml, 1
+thegospell.tk, 1
+thegotbiz.com, 1
+thegpbox.com, 1
+thegradient.pub, 1
+thegraduatesalon.co.uk, 1
+thegrandline.tk, 1
+thegrandtour.tk, 1
+thegraphic.art, 1
+thegreatcommissionpodcast.com, 1
+thegreatdecay.tk, 1
+thegreatgonzo.uk, 1
+thegreatplains.com, 1
+thegreatsouthernburgerco.ga, 1
+thegreendigest.com, 1
+thegreenfields.se, 1
+thegreenlawreport.com, 1
+thegreenmanpottery.com, 1
+thegroovecartel.com, 1
+thegrotto.tk, 1
+thegrs.com, 0
+theguerrilla.agency, 0
+thegundogaffair.com, 1
+thegvoffice.net, 1
+thehabitat.com, 1
+thehackerblog.com, 1
+thehackers.cf, 1
+thehadicks.com, 1
+thehairrepublic.net, 1
+thehalchal.com, 1
+thehamiltoncoblog.com, 1
+thehammerfund.com, 1
+thehamptonsvegan.com, 1
+thehappeny.com, 1
+thehappyxwife.ga, 1
+thehardgame.top, 1
+thehasanyildirim.tk, 1
+thehashagency.com.au, 1
+thehassanmusic.tk, 1
+thehasty.com, 1
+thehaxbys.co.uk, 1
+thehaze.org, 1
+theheadplug.tk, 1
+theheatingoilclub.co.uk, 1
+thehelper.tk, 1
+thehillstx.gov, 1
+thehiltonfirm.tk, 1
+thehivedesign.org, 1
+thehoff.ddnss.de, 1
+thehollandfam.com, 0
+theholloways.tk, 1
+thehomebakery.ie, 1
+thehomebarista.com, 1
+thehomemademasks.com, 1
+thehomeofthefuture.com, 1
+thehoney.ga, 1
+thehonorguard.org, 1
+thehookup.be, 1
+thehopefuture.com, 1
+thehorsesadvocate.com, 1
+thehosmers.com, 1
+thehotcasinos.com, 1
+thehotfix.net, 1
+thehotness.tech, 1
+thehotrocks.tk, 1
+thehowlinwolfcafe.ga, 1
+thehudsonindependent.com, 1
+thehumancondition.com, 1
+thehumanizer.tk, 1
+thehumanjoint.com, 1
+thehumorist.tk, 1
+theideaskitchen.com.au, 1
+theidiotboard.com, 1
+theimagefile.com, 1
+theimaginationagency.com, 1
+theinboxpros.com, 1
+theindependent.ca, 0
+theindependent.com, 1
+theindiangraph.tk, 1
+theindiantimes.in, 1
+theindiemood.com, 1
+theinfoblog.com, 1
+theinitium.com, 0
+theinnerprism.com, 1
+theinput.com, 1
+theinsightsfamily.com, 1
+theinstitute.cf, 1
+theintercept.com, 0
+theinternationalgeekconspiracy.eu, 1
+theinventory.com, 1
+theinvisibleman.tk, 1
+theipkeeper.co.uk, 1
+theislandtime.com, 1
+theissen.io, 1
+theitaliantimes.it, 1
+theitsage.com, 0
+thejacksoninstitute.com.au, 1
+thejewelhut.co.uk, 1
+thejkdrebel.com, 1
+thejoaustralia.com, 1
+thejollyguest.com, 1
+thejoneshub.com, 1
+thejonsey.com, 0
+thejourneydesignstudio.com, 1
+thejoykiller.tk, 1
+thejukebox.tk, 1
+thejunkfiles.com, 1
+thekalakriti.tk, 1
+thekev.in, 1
+thekeymusic.com, 1
+thekickassvirtualassistant.nl, 1
+thekidszone.in, 1
+thekillertoxin.de, 1
+thekingofhate.com, 0
+thekitchendoor.co.nz, 1
+thekitchenfarnborough.co.uk, 1
+thekitchenprofessor.com, 1
+thekitchngic.com, 1
+thekitsunesden.com, 1
+thekittivibe.com, 1
+thekliniquehotdeal.com, 1
+theknightrider.com, 1
+theknittingnetwork.co.uk, 1
+theknockout.tk, 1
+theknowitguy.com, 1
+thekonsulthub.tk, 1
+thekuwayama.net, 1
+thelafayettecompany.com, 1
+thelaimlife.com, 1
+thelakedistrict.tk, 1
+thelancergroup.com, 1
+thelandsite.co.uk, 1
+thelangfords.au, 1
+thelangfords.id.au, 1
+thelanscape.com, 1
+thelansingjournal.com, 1
+thelapine.ca, 1
+thelasallenetwork.com, 1
+thelastsurprise.com, 1
+thelastvikings.tk, 1
+thelatinbrothers.ch, 1
+thelaunchbay.com, 1
+thelaurelchiropractor.com, 1
+thelawyermag.com, 1
+thelazyfox.xyz, 1
+thelazysre.com, 1
+thelbc.io, 0
+thelearninggardener.com, 1
+theleaves.tk, 1
+thelegionshirley.co.uk, 1
+thelematics.com, 1
+thelemonlawcalifornia.com, 1
+thelencystore.com, 1
+thelevelman.com, 1
+thelibertinephilosophy.ga, 1
+thelicensecompany.com, 1
+thelifevison.com, 1
+thelightbulbproject.tk, 1
+thelightingstore.co.uk, 1
+thelightpoints.eu, 1
+thelimitededition.in, 1
+thelinuxspace.com, 1
+thelittlepeartree.eu, 1
+thelocals.ru, 1
+thelockerroom.ie, 1
+thelocxresearch.tk, 1
+thelodgeonlakedetroit.com, 1
+thelondonflorist.com, 1
+thelonelyones.co.uk, 1
+thelonious.nl, 1
+theloop.ai, 1
+theloop.build, 1
+thelordofthewing.cf, 1
+thelordofthewing.ga, 1
+thelordofthewing.gq, 1
+thelordofthewing.ml, 1
+thelordsofthefallen.com, 1
+thelosangelesconservative.com, 1
+thelostfreighter.com, 1
+thelostyankee.com, 1
+thelotter.club, 1
+thelounge.chat, 1
+theloves.com, 1
+thelwallrangers.tk, 1
+themacateam.com, 1
+themacios.com, 1
+themadlabengineer.co.uk, 1
+themagazine.my, 1
+themagazinetimes.com, 1
+themagician.tk, 1
+themainemonitor.org, 1
+themakers.ie, 1
+themallards.info, 1
+themallrats.tk, 1
+themandogs.tk, 1
+themaniaks.tk, 1
+themarkup.org, 1
+themarshallproject.org, 1
+themassageguy.capetown, 1
+themaster.site, 1
+themaster.tk, 1
+themasterplan.com.au, 1
+thematchless.de, 1
+themathbehindthe.science, 1
+themathergroup.com, 1
+themathscentre.com, 1
+themattresswarehouse.co.za, 1
+thematyper.tk, 1
+themayanah.com, 1
+themeapps.ga, 1
+themeccagroupllc.com, 1
+themecraft.studio, 0
+themediaframe.com, 1
+themedictips.com, 1
+themegatones.tk, 1
+thememory.tk, 1
+thementornetwork.com, 1
+themenzentrisch.de, 1
+themeparkfans.tk, 1
+themeparksimulations.tk, 1
+themerchandiser.net, 0
+themerciful.tk, 1
+themeridianway.com, 1
+themesurgeons.net, 1
+themetropreneur.com, 1
+themexicos.tk, 1
+themexx.at, 1
+themiamimarathon.com, 1
+themiddle.co, 1
+themiddlewoman.com.au, 1
+themify.me, 1
+themify.org, 1
+themigraineinstitute.com, 1
+themilanlife.com, 1
+themilfmovies.com, 1
+themindcollection.com, 1
+theminiacs.com, 1
+themiracle.tk, 1
+themirc.tk, 1
+themizellbrothers.tk, 1
+themlmsuccessnow.tk, 1
+themodel.ie, 1
+themodernreviewer.ga, 1
+themologroup.com, 1
+themomentratchada19.com, 1
+themomstudio.tk, 1
+themoneyconverter.com, 1
+themonthly.com.au, 1
+themood.site, 0
+themorningpodcast.tk, 1
+themortgagereports.com, 1
+themostexpensiveworkofart.com, 1
+themount.co.uk, 1
+themoviepreview.ga, 1
+themprojects.com, 1
+themurrayfamily.me.uk, 1
+themusecollaborative.org, 1
+themusicofchrisbulman.tk, 1
+themusicthatnobodylikes.tk, 1
+themusketeerslodge.com, 1
+themusthaves.de, 1
+thenamingcommission.gov, 1
+thenappylaundry.ga, 1
+thenathanmethod.com, 1
+thenation.tk, 1
+thenational.academy, 1
+thenaturalpath.co.nz, 1
+theneatgadgets.com, 1
+thenest.se, 1
+thenetw.org, 1
+thenew3rs.org, 1
+thenewamericanright.com, 1
+thenewclassics.com, 1
+thenewissue.tk, 1
+thenewsmill.com, 1
+thenewtoy.net, 1
+thenextweb.com, 1
+thenexwork.com, 1
+thenichecast.com, 1
+thenine.info, 1
+theninenine.com, 1
+theninjasedge.com, 1
+thenitintech.com, 0
+thenobullshit.coach, 1
+thenocman.com, 1
+thenolank.com, 1
+thenorthschool.org.uk, 1
+thenovaclinic.com, 1
+thenovicechefblog.com, 1
+thenowheremen.com, 1
+thenrdhrd.nl, 1
+thenudge.com, 1
+thenullpointer.net, 1
+thenutritionalreset.ca, 1
+theo-andreou.org, 1
+theo.agency, 1
+theo.me, 1
+theo546.cloud, 1
+theo546.fr, 1
+theo546.ovh, 1
+theoakageexperiment.com, 1
+theoasis.co.nz, 1
+theobg.co, 1
+theobromos.fr, 0
+theoc4ever.tk, 1
+theocharis.org, 1
+theocjournal.tk, 1
+theocoffee.com, 0
+theocracy.tk, 1
+theocratic.cf, 1
+theocratic.tk, 1
+theocrazzolara.tk, 1
+theodorahome.co, 1
+theodorahome.com.br, 1
+theodoreroosevelt.org, 1
+theodorojr.com.br, 1
+theofficeofangelascott.com, 1
+theofleck.com, 0
+theojones.name, 1
+theokouzelis.com, 1
+theoldbrewhouse.info, 1
+theoldmill.tk, 1
+theoldnews.net, 1
+theoldschoolgamevault.com, 1
+theolodewijk.nl, 1
+theologique.ch, 1
+theome.ga, 1
+theonegroup.co.uk, 0
+theonethaimassage.de, 1
+theonikage.tk, 1
+theonion.com, 1
+theonyxzone.com, 1
+theoosmetalart.nl, 1
+theopaczek.com, 1
+theopera.tk, 1
+theoperators.tk, 1
+theophil.tk, 1
+theorchestranow.com, 1
+theorchestranow.org, 1
+theoriecheck.de, 1
+theoriginalassistant.com, 1
+theoriginalcandid.com, 1
+theoriginalmarkz.com, 1
+theoriginalworkshop.com, 1
+theorioncorrelation.com, 1
+theory-test-online.co.uk, 1
+theory.org, 1
+theoryofmind.tk, 1
+theoscure.eu, 1
+theosophic.ga, 1
+theosophie-afrique.org, 1
+theotherside.tk, 1
+theoverfly.co, 1
+theoverground.tk, 1
+thepac.uk, 1
+thepaffy.de, 0
+thepaleodiettips.tk, 1
+thepandacustom.com, 1
+thepaperstore.com, 1
+theparachafamily.tk, 1
+theparallelrevolution.com, 1
+theparklane-sukhumvitbearing.com, 1
+theparkwoodmanor.com, 1
+theparoxetine.gq, 1
+theparthub.com, 1
+theparticipants.tk, 1
+thepartner.co.uk, 1
+thepartydoctors.co.uk, 1
+thepatchworks.org, 1
+thepathsofdiscovery.com, 1
+thepaul.tk, 1
+thepaulagcompany.com, 0
+thepavilionbanbury.co.uk, 0
+thepaymentscompany.com, 1
+thepcweb.tk, 1
+thepeak.com, 1
+thepenguinconspiracy.tk, 1
+thepennyjar.com, 1
+thepennymatters.com, 1
+thepeoplesdata.com, 1
+thepeoplesdata.org, 1
+theperfectmediagroup.com, 1
+theperformanceblog.com, 1
+thepharm.co.nz, 1
+thephoenixdg.com, 1
+thephp.cc, 1
+thepiabo.ovh, 0
+thepieslicer.com, 1
+thepigwrestlers.com, 1
+thepilotwoman.cf, 1
+thepilotwoman.ga, 1
+thepilotwoman.gq, 1
+thepilotwoman.ml, 1
+thepinecones.tk, 1
+thepioneersgame.com, 1
+thepiratebay.cf, 1
+thepiratebay.net, 1
+thepiratesociety.org, 1
+thepitsurfhire.co.uk, 1
+thepixel.tk, 1
+theplantpeople.co.nz, 1
+theplaydaysbus.co.uk, 1
+theploughharborne.co.uk, 1
+thepodcastreviewshow.com, 1
+thepoetryclub.tk, 1
+thepoetryofperfume.com, 1
+thepokerbank.com, 1
+thepokerpeople.com, 1
+thepollitochicken.com, 1
+thepool.tk, 1
+thepopcornfactory.com, 1
+thepowerboys.tk, 1
+thepressleygirls.com, 1
+thepressurewashingdirectory.com, 1
+thepriceisright.tk, 1
+theprimegroup.ca, 1
+theprimepr.in, 1
+theprimetalks.com, 0
+theprincegame.com, 1
+theprinceshort.tk, 1
+theprinterjam.com, 1
+theprintrepublic.com, 1
+thepriorybandbsyresham.co.uk, 1
+theprivacysolution.com, 1
+theprodigaljournal.com, 1
+theproject.cf, 1
+theprojectx.tk, 1
+thepromisemusic.com, 1
+thepsi.com, 0
+theptclist.tk, 1
+theptpractitioner.com.au, 1
+thepulpit.tk, 1
+thepuppetdolls.tk, 1
+thepureplan.com, 1
+thepurplechickens.tk, 1
+thepuzzles.eu.org, 1
+thepyre.tk, 1
+thepyrographytool.com, 1
+theqrl.org, 1
+theqtree.com, 1
+thequillmagazine.org, 1
+theradiojudge.com, 1
+theralino.de, 1
+theramo.re, 1
+theranch.com, 1
+therandombits.com, 1
+therankkings.org, 1
+therap-up.fr, 1
+therapie-fricktal.ch, 1
+therapie-psycho-emotionnelle.fr, 1
+therapiemi.ch, 1
+therapiepraxis-westbezirk.de, 1
+therapyclient.com, 1
+therapyconnects.co.uk, 1
+therapyforblackmen.org, 1
+therapyglobe.com, 1
+therapynotes.com, 1
+therapypartner.com, 1
+therapyportal.com, 1
+therapyservices.co.nz, 1
+therapysxm.com, 0
+therapyworks.com, 1
+therasmusgt.tk, 1
+therasmusperu.tk, 1
+theravada.tk, 1
+thereadingresidence.com, 1
+thereafter.ga, 1
+thereal.tk, 1
+therealcomp.ga, 1
+therealcost.gov, 1
+therealcountrydancers.tk, 1
+therealestatesolutionsguy.com, 1
+therealmaids.com, 1
+thereaper.net.au, 1
+thereaper.tk, 1
+theredhouse.org, 1
+theredsgazette.tk, 1
+thereisnocloud.fr, 1
+thereload.com, 1
+therenderingmachine.com, 1
+therenegade.tk, 1
+thereptiles.tk, 1
+theresa-mayer.eu, 1
+theresapolicewi.gov, 1
+theresingles.tk, 1
+therestaurantstore.com, 1
+theretirementincomecalculator.com, 1
+therevenge.me, 1
+therevolutionist.tk, 1
+therewill.be, 0
+therhetorical.ml, 0
+therhodesresidences.com, 1
+therichardsfamily.tk, 1
+therisk.global, 1
+theriverspecialist.com, 1
+thermalbad-therme.de, 1
+thermalitowsca.gov, 1
+thermia.co.nz, 1
+thermia.com.au, 1
+thermique.ch, 0
+thermity.com, 1
+thermolamina.nl, 1
+thermorhythm.com, 1
+thermostat.gq, 1
+thermostatsolutions.com, 1
+thermowood-bkh.ru, 1
+therniakov.tk, 1
+theroadrunners.tk, 1
+theroams.co.uk, 1
+therobertcoffeeshow.com, 1
+theroccos.us, 0
+therockawaysny.com, 0
+theroguestormtrooper.com, 1
+therokasshow.tk, 1
+theroks.com, 1
+theromexchange.com, 1
+theroot.com, 1
+therootdental.com, 1
+therootshive.com, 1
+theros.org.uk, 1
+therowlinglibrary.com, 1
+theroyal.tk, 1
+therugswarehouse.co.uk, 1
+theruleslawyer.net, 1
+therumfordcitizen.com, 1
+therunawayspremiere.tk, 1
+theruncibleraven.com, 1
+theruraltrust.com, 1
+therusnews.tk, 1
+therustyspoon.net, 1
+therworth.com, 1
+therworth.eu, 1
+therworth.net, 1
+therworth.org, 1
+thesacreds.com, 1
+thesafetymag.com, 1
+thesage.cf, 1
+thesage.ga, 1
+thesagresapartments.com, 1
+thesalonthing.com, 0
+thesaltsanctuaryfl.com, 1
+thesarogroup.com, 1
+thesatriantoshow.tk, 1
+thesaturdaypaper.com.au, 1
+thescienceofdeduction.tk, 1
+thescientists.nl, 1
+thescriptzone.tk, 1
+theseal.tk, 1
+thesearch.com.tw, 1
+thesecondsposts.com, 0
+thesecularparent.com, 1
+thesecurityvault.com, 0
+theseed.io, 1
+theseedbox.xyz, 1
+thesehighsandlows.com, 1
+theselfevidenttruth.com, 1
+thesemisouthernhomemaker.com, 1
+theseofarm.com, 1
+theseoframework.com, 1
+theseosystem.com, 1
+theseotool.site, 1
+theseparationguide.com.au, 1
+theserpent.tk, 1
+theserver.ml, 1
+theserver201.tk, 1
+theserviceyouneed.com, 1
+thesession.org, 1
+thesetwohands864.com, 1
+theshaker.com.au, 1
+thesharedbrain.ch, 0
+theshesuite.com, 1
+theshopally.com, 1
+theshots.cz, 1
+theshroomery.org, 1
+thesigit.tk, 1
+thesignacademy.co.uk, 1
+thesignalco.com.au, 1
+thesilentfew.tk, 1
+thesilentlink.org, 1
+thesilentplanet.tk, 1
+thesilentsecrets.com, 1
+thesilverdaisy.com, 1
+thesimons.family, 1
+thesimplehelp.com, 1
+thesimplewebcompany.com, 1
+thesimsbrasil.tk, 1
+thesingaporelawyer.com, 1
+thesinhalanews.lk, 1
+thesipher.tk, 1
+thesis-editor.co.uk, 1
+thesisgeek.com, 1
+thesishelp.net, 1
+thesissurvey.cf, 1
+thesissurvey.gq, 1
+thesistraffic.com, 1
+thesiterank.com, 1
+theskepticalreviewarchive.com, 1
+theskingym.co.uk, 1
+theskiweek.com, 1
+thesled.net, 1
+thesocialitefamily.com, 1
+thesocialmediacentral.com, 1
+thesomepeople.org, 1
+thesoundproofwindows.co.uk, 1
+thesoundstageatstrangeland.com, 1
+thespacegame.tk, 1
+thespanishcollection.com, 1
+thespiritfm.tk, 1
+thespoiler.co.il, 1
+thesponsorshipguy.com, 0
+thesportsroom.tv, 1
+thestandards.tk, 1
+thestatementjewelry.com, 1
+thestationatwillowgrove.com, 1
+thestatuspage.com, 1
+thesteins.org, 0
+thestitchynerd.com, 1
+thestockoasis.com, 1
+thestopoff.tk, 1
+thestoragebay.co.uk, 1
+thestore.tk, 1
+thestoryshack.com, 0
+thestral.pro, 1
+thestralbot.com, 1
+thestrangenessofthings.tk, 1
+thestreet.cz, 1
+thestudioslucan.com, 1
+thestudylink.com, 1
+thestyle.city, 1
+thestylebouquet.com, 1
+thesubstitute.nl, 1
+thesultans.tk, 1
+thesunshinecoasttourcompany.com.au, 1
+thesupersunday.tk, 1
+thesuppercircle.com, 1
+thesupremacyg.com, 1
+thesurgeons.sg, 1
+theswanstation.tk, 1
+theswanwindsor.co.uk, 1
+theswimdoctors.com, 0
+theswissbay.ch, 0
+thetablehuff.com, 1
+thetakeout.com, 1
+thetampariverwalk.com, 1
+thetandd.com, 1
+thetapirsmouth.com, 1
+thetassos.com, 1
+thetattooedpreacher.com, 1
+theteaaffair.com, 1
+theteaguemovie.tk, 1
+thetebodifference.com, 1
+thetechdude.ga, 1
+thetechnicaldost.com, 1
+thetfordtwpmi.gov, 1
+thetfordvt.gov, 1
+thetherapist.tk, 1
+thethinktankpodcast.co, 1
+thethreadsmiths.com.tw, 1
+thethreepercent.marketing, 1
+thethymevortex.zapto.org, 1
+thetinylife.com, 1
+thetinymom.com, 1
+thetipo01.tk, 1
+thetogbox.cf, 1
+thetomharling.com, 1
+thetopmovie.gq, 1
+thetopsecretepisode.tk, 1
+thetorlock.com, 1
+thetorturedman.com, 1
+thetotalemaildelivery.com, 1
+thetoto.tk, 1
+thetownehub.com, 1
+thetradinghall.com, 0
+thetrafficgeek.com, 1
+thetravel.com, 1
+thetravelczar.com, 1
+thetravelhack.com, 0
+thetravelinstitute.com, 1
+thetravelstylist.nl, 1
+thetreeradio.com, 1
+thetrendingarticle.com, 1
+thetrendspotter.net, 1
+thetropics.tk, 1
+thetrulycharming.com, 0
+thetrustai.com, 1
+thetruthabouthemp.com, 1
+thetubecopenhagen.com, 1
+thetuxkeeper.de, 0
+thetvtraveler.com, 1
+thetwistedrabbit.com, 1
+theuhlesteam.com, 1
+theultimateshave.net, 1
+theunbox.com, 1
+theunconventionalconventionists.tk, 1
+theundefeated.com, 1
+theunderzone.tk, 1
+theuniversallover.tk, 1
+theuniversitiesofasia.ga, 1
+theunleashedpet.com, 1
+theunwrittenletters.tk, 1
+theupslady.cf, 1
+theupslady.ga, 1
+theurbandecor.com, 1
+theuucc.org, 0
+thevacuumpouch.co.uk, 1
+thevalleybucketeers.tk, 1
+thevalueofarchitecture.com, 1
+thevanishedvoyager.ml, 1
+thevegcat.com, 1
+theveggietable.com, 1
+thevelvetlove.tk, 1
+thevenueofhollywood.com, 1
+thevern.co.za, 1
+theverybusyoffice.co.uk, 1
+thevetstop.co.uk, 1
+thevillageok.gov, 1
+thevillasatparkaire.com, 1
+thevine.one, 1
+thevintagenews.com, 0
+theviolenceofdevelopment.com, 1
+thevirajshelke.com, 1
+thevirgin.tk, 1
+thevirtualbookkeepers.com, 0
+thevirtualdetective.games, 1
+thevirtualhealingroom.ca, 1
+thevirtualhealingroom.com, 1
+thevirtuousdog.com, 1
+thevisasofoz.com, 1
+thevoga.com, 1
+thevoid.one, 1
+thevolte.com, 1
+thevoya.ga, 0
+thewagesroom.co.uk, 1
+thewalkerz.tk, 1
+thewallet.today, 1
+thewarehousefellowship.org, 1
+thewatchdog.com.br, 1
+thewaterfront.org.au, 1
+thewaterfrontpoole.com, 1
+thewave.tk, 1
+thewaxhouse.academy, 1
+thewayofislam.ml, 1
+thewayofthedojo.com, 1
+thewaytoyourself.com, 1
+theweakandthestrong.tk, 1
+thewebbogan.com.au, 1
+thewebcully.com, 1
+thewebguru.net, 1
+thewebmasters.tk, 1
+thewebsitemarketingagency.com, 1
+theweddingfit.com, 1
+theweed.tk, 1
+thewest.tk, 1
+thewhiteboxxx.com, 1
+thewhitedog9487.xyz, 1
+thewhitehorses.tk, 1
+thewhiterabbit.space, 1
+thewhitneypaige.com, 1
+thewickedclan.tk, 1
+thewiki.kr, 1
+thewindow.com, 1
+thewindowcleaningexpert.com, 1
+thewindowcleaningexperts.com, 1
+thewindowcleaningexperts.net, 1
+thewindowsclub.com, 1
+thewinedelivery.ga, 1
+thewisdomtrust.org.uk, 1
+thewish.ml, 1
+thewish.tk, 1
+thewolseley.com, 1
+thewombatsict.com.au, 1
+thewomen.tk, 1
+thewomensbusinesscenter.com, 0
+thewoodkid.com.au, 1
+thewoodlandsviplimousine.com, 1
+thewoods.earth, 1
+thewoolroom.com.au, 1
+theworkingeye.nl, 1
+theworksboulder.com, 1
+theworksheets.com, 1
+theworkshop.tk, 1
+theworld.org, 1
+theworld.tk, 1
+theworldaccordingtocathers.com, 1
+theworldexchange.com, 1
+theworldexchange.net, 1
+theworldexchange.org, 1
+theworldsbestmassagechairs.com, 1
+theworldsend.eu, 1
+theworldtakes.tk, 1
+theworser.tk, 1
+thewraithmovie.tk, 1
+thewrenchmonkey.ca, 1
+thewrightflyer.com, 1
+thewritegrl.com, 1
+thewriteress.com, 1
+thexalla.tk, 1
+thexme.de, 1
+thexpert.ml, 1
+theyacht.ga, 1
+theyachtweek.com, 1
+theyakshack.co.uk, 1
+theyarnhookup.com, 0
+theycallmesnail.tk, 1
+theyear199x.org, 1
+theyearinpictures.co.uk, 1
+theyosh.nl, 1
+theysocial.tk, 1
+thezillersathenshotel.com, 1
+thezone.bg, 1
+thfaid.org, 1
+thghosting.com, 1
+thgstardragon.com, 1
+thhomes.vn, 1
+thhost.tk, 1
+thiagohersan.com, 1
+thiagolosneves.com.br, 1
+thiagoribeiro.ml, 1
+thiasil.com, 1
+thibault-ml.com, 1
+thibaultbaheux.com, 0
+thibaultwalle.com, 1
+thibautcharles.net, 1
+thibierge-associes.notaires.fr, 1
+thichson.vn, 1
+thickassporn.com, 1
+thieme-it.de, 1
+thienduongthoitrang.vn, 1
+thiepcuoidep.com, 1
+thiepxinh.net, 1
+thierryhayoz.ch, 1
+thierrymazue.com, 1
+thierrymazue.fr, 0
+thiesketelsen.de, 0
+thietbithoathiem.net, 1
+thietkegianhangtttm.com, 1
+thietkenamcuong.com, 0
+thijmen.xyz, 1
+thijmendevalk.nl, 1
+thijmenmathijs.nl, 1
+thijmenverveeltzich.nl, 1
+thijs.amsterdam, 1
+thijs.fr, 1
+thijsenarjan.nl, 1
+thijsslop.com, 1
+thijsslop.eu, 1
+thijsslop.nl, 1
+thijsvanderveen.net, 1
+thikkodi.tk, 1
+thilko.com, 1
+thilobuchholz.de, 1
+thimbros.tk, 1
+thimic.net, 1
+thimic.no, 1
+thinair.co, 1
+thinairsolutions.com, 1
+thinegen.de, 1
+thinfilmview.com, 1
+thing.vn, 1
+thingformatter.net, 1
+thingies.site, 1
+thingsandcode.com, 1
+thingsimplied.com, 0
+thingsivesaid.com, 1
+thingsof.org, 1
+thingswithleaves.co.uk, 1
+think-ai.eu, 1
+think-positive-watches.de, 1
+think.law, 1
+thinkbigdobig.tk, 1
+thinkbot.de, 1
+thinkbrands.co.uk, 1
+thinkcash.nl, 1
+thinkcogency.com, 1
+thinkd2s.com, 1
+thinkdata.com.br, 1
+thinkdigital.co.id, 1
+thinkdigital.tk, 1
+thinkel.tk, 1
+thinkelectric.cf, 1
+thinkelectric.gq, 1
+thinkelectric.ml, 1
+thinkfortune.co, 1
+thinkforyourself.tk, 1
+thinkheaddesign.com, 1
+thinkhealing.co.uk, 1
+thinkific.com, 1
+thinkindifferent.net, 1
+thinkingfaith.org, 1
+thinkingliberty.com, 1
+thinkingnull.com, 0
+thinkingplanet.net, 1
+thinkittech.com, 1
+thinkmaking.org, 1
+thinkmarketing.ca, 1
+thinkprocedural.com, 1
+thinktux.net, 1
+thinkwisesoftware.com, 0
+thinkwits.com, 1
+thinwildmercury.com, 1
+thinxtream.com, 1
+thirdbearsolutions.com, 0
+thirdgenphoto.co.uk, 1
+thirdman.auction, 0
+thirdwave.tk, 1
+thirdwaveanalytics.com, 1
+thirdwaverevenue.com, 1
+thirdworld.moe, 1
+thirteen.pm, 1
+thirtysixseventy.ml, 1
+thirtyspot.com, 1
+thiruvarur.org, 1
+thiry-automobiles.net, 1
+thisbowin.com, 1
+thiscloudiscrap.com, 0
+thisdayinhockey.tk, 1
+thisdot.site, 1
+thisfreelife.gov, 1
+thisis.id, 1
+thisisacompletetest.ga, 1
+thisisarecording.com, 1
+thisisart.ie, 1
+thisisbenwoo.com, 1
+thisishugo.com, 1
+thisismit.ch, 1
+thisisrapt.com.au, 0
+thisisreno.com, 1
+thisistechtoday.com, 1
+thisistina.nl, 1
+thisistwice.tk, 1
+thisiswhywemom.com, 1
+thismatter.com, 1
+thismatters.agency, 1
+thismumdoesntknowbest.com, 1
+thisquarterly.sg, 1
+thisserver.dontexist.net, 1
+thissimplifiedhome.com, 1
+thistleandleaves.com, 1
+thistom.de, 1
+thisuniverse.tk, 1
+thisyear.jp, 1
+thn.la, 1
+thoenesfamilierecht.nl, 1
+thok.de, 1
+tholab.io, 1
+tholcomb.com, 1
+thole.org, 1
+thom4s.info, 1
+thomalaudan.de, 1
+thomaner.de, 1
+thomas-bronniart.com, 1
+thomas-grobelny.de, 1
+thomas-leplus.com, 1
+thomas-sammut.com, 1
+thomas-schmittner.de, 1
+thomas-steel.com, 1
+thomas-suchon.fr, 1
+thomas.computer, 1
+thomas.love, 0
+thomas717.com, 1
+thomasbeckers.be, 1
+thomasboosman.com, 1
+thomasbreads.com, 0
+thomascountyne.gov, 1
+thomasdbrown.com, 1
+thomasduerlund.dk, 1
+thomasebenrett.de, 1
+thomasecookedds.com, 1
+thomaseikel.de, 1
+thomaseyck.com, 1
+thomasfoster.co, 1
+thomasgriffin.com, 1
+thomasgriffin.io, 1
+thomashunter.name, 0
+thomaskaviani.be, 1
+thomasleplus.com, 1
+thomasmeester.nl, 0
+thomasmerritt.de, 1
+thomaspic.com, 1
+thomaspluschris.com, 1
+thomasrichter.de, 1
+thomass.tk, 1
+thomastestor.tk, 1
+thomastimepieces.com.au, 1
+thomastonmaine.gov, 1
+thomasvanlaere.com, 1
+thomasverhelst.be, 1
+thomasvochten.com, 1
+thomaswoo.com, 1
+thomien.de, 1
+thompsonfamily.cloud, 1
+thompsonoh.gov, 1
+thomson-mcduffie.gov, 1
+thomsonbaby.com, 1
+thomsonscleaning.co.uk, 1
+thomspooren.nl, 0
+thomwiggers.nl, 1
+thongnhat.com.vn, 1
+thongsokythuat.vn, 1
+thongtinthethao.net, 1
+thooka.com, 1
+thoplam.com, 1
+thor.edu, 1
+thor.re, 1
+thorbes.ga, 1
+thorbiswebsitedesign.com, 1
+thorborg.dk, 1
+thoreau.tk, 1
+thornhillfamilydental.ca, 1
+thornlaw.co.nz, 1
+thorntonnh.gov, 1
+thorntonshvacservice.com, 1
+thoroquel.org, 1
+thoroughbredrecords.com, 1
+thors-hearth.tk, 1
+thorsten-schaefer.com, 1
+thorstenschaefer.name, 1
+thost3.de, 1
+thotcomputed.com, 1
+thotpublicidad.com, 1
+thots.org, 1
+thoughtexchange.ca, 1
+thoughtexchange.com, 1
+thoughtexchange.net, 1
+thoughtleadersnetwork.nl, 1
+thoughtlessleaders.online, 1
+thoughtspot.com, 1
+thoughtsynth.com, 1
+thoughtsynth.net, 1
+thoughtsynth.org, 1
+thoughtworthy.info, 1
+thousandoaksca.gov, 1
+thousandoakselectrical.com, 1
+thousandoaksexteriorlighting.com, 1
+thousandoakslandscapelighting.com, 1
+thousandoakslighting.com, 1
+thousandoaksoutdoorlighting.com, 1
+thowzzy.be, 1
+thoxyn.com, 1
+thpatch.net, 1
+thpay.com, 1
+thprd.gov, 1
+thr-kurd.tk, 1
+threadabead.com, 1
+threadingcentral.com, 1
+threads.net, 1
+threadscircle.com, 1
+threadsdownloader.com, 1
+threadspecification.com, 1
+threadtrails.com, 1
+threadythready.com, 1
+threatcentral.io, 1
+threatcon.at, 1
+threatcon.blog, 1
+threatcon.ch, 1
+threatcon.de, 1
+threatcon.email, 1
+threatcon.eu, 1
+threatcon.io, 1
+threatcon.link, 1
+threatcon.live, 1
+threatcon.media, 1
+threatcon.net, 1
+threatcon.network, 1
+threatcon.online, 1
+threatcon.org, 1
+threatcon.shop, 1
+threatcon.tv, 1
+threatint.at, 1
+threatint.be, 1
+threatint.blog, 1
+threatint.ch, 1
+threatint.cloud, 1
+threatint.co.uk, 1
+threatint.com, 1
+threatint.com.cy, 1
+threatint.cy, 1
+threatint.de, 1
+threatint.dk, 1
+threatint.es, 1
+threatint.eu, 1
+threatint.fr, 1
+threatint.group, 1
+threatint.info, 1
+threatint.it, 1
+threatint.link, 1
+threatint.lu, 1
+threatint.media, 1
+threatint.network, 1
+threatint.nl, 1
+threatint.online, 1
+threatint.org, 1
+threatint.pl, 1
+threatint.pt, 1
+threatint.tv, 1
+threatint.uk, 1
+threatjammer.com, 1
+threatlabs.eu, 1
+threatlabs.nl, 1
+threatmonitor.io, 1
+threatnix.io, 1
+threatobserver.com, 1
+threatutic.gq, 1
+threatworking.com, 1
+three-wheels.cf, 1
+threedpro.me, 1
+threefantasy.com, 1
+threefisheswebdesign.com, 1
+threefortheroad.tv, 1
+threefours.net, 0
+threelions.ch, 1
+threeluck.sg, 1
+threema.ch, 1
+threema.id, 1
+threenorth.com, 1
+threeper.org, 1
+threepoint.tk, 1
+threeriversopenhouse.com, 1
+threesixteen.com.au, 1
+threethirty.gq, 1
+threewire.com, 1
+threexxx.ch, 1
+threv.net, 1
+thriftdiving.com, 1
+thriftywp.com, 1
+thrillernyc.com, 1
+thrillkill.tk, 1
+thriva.co, 1
+thriveansanm.org, 1
+thriveatfive.org.uk, 1
+thriveondev.com, 1
+thriver.com, 1
+thrivetours.ca, 0
+thrivetracker.com, 1
+thrivewp.com, 1
+throckmortoncountytx.gov, 1
+throneofmolok.tk, 1
+throopny.gov, 1
+throttlerz.in, 1
+throughout.ga, 1
+throughtheglass.photo, 1
+throwaway.link, 1
+throwmails.com, 1
+throwpass.com, 1
+thrustrules.tk, 1
+ths.li, 1
+thsc.us, 1
+thsclothing.com, 1
+thsconstructors.com, 1
+thscpac.org, 1
+thsecurity.cz, 1
+thtcmaps.com, 1
+thtcmaps.sa, 1
+thuenhapho.com, 1
+thues.eu, 1
+thugcityrecords.tk, 1
+thuisverplegingvandermeiren.be, 1
+thuiswinkel.org, 1
+thumbnail-download.com, 1
+thumbsnap.com, 1
+thumbsupcandy.com, 1
+thumbtack.com, 1
+thumbzilla.com, 1
+thummer.net, 1
+thunderbase.tk, 1
+thunderbolt.tk, 1
+thundercloud.onthewifi.com, 1
+thunderfield-boat.co.uk, 1
+thunderhead.com, 0
+thunderheadjtc.tk, 1
+thunderkeys.net, 1
+thunderstruckfestival.nl, 1
+thundr.eu, 1
+thunktank.org, 1
+thunraz.com, 1
+thuongluu.vn, 1
+thurmanny.gov, 1
+thurn.net, 1
+thurstonauditor.gov, 1
+thurstoncountyne.gov, 1
+thurstoncountysheriffne.gov, 1
+thurstonwavotes.gov, 1
+thusa.co.za, 1
+thusoy.com, 1
+thuthuatmac.com, 1
+thutm.com, 1
+thutucxuatnhapkhau.net, 1
+thuviensoft.com, 1
+thuviensoft.net, 1
+thuyetphapmoi.com, 1
+thvideo.tv, 1
+thw-messenger.de, 1
+thwiki.cc, 1
+thwitt.de, 1
+thxandbye.de, 1
+thycotic.ru, 1
+thynx.io, 1
+thyrex.fr, 0
+thyroidheadnecksurgery.com, 1
+ti-coast.com, 1
+ti-js.com, 1
+ti-nuage.fr, 1
+ti-pla.net, 1
+ti-planet.org, 1
+ti780.com, 1
+tiagocasalribeiro.ml, 1
+tiagomoraismorgado.tk, 1
+tiagoneves.tk, 1
+tiagonunes.pt, 1
+tiagosimao.com, 1
+tiai.cf, 1
+tiai.gq, 1
+tiai.ml, 1
+tiaki.org, 0
+tiamabi.tk, 1
+tiamarcia.com.br, 1
+tian123.com, 1
+tian888.com, 1
+tianbaobo05.com, 1
+tianbaobo06.com, 1
+tianbaobo07.com, 1
+tianbaobo09.com, 1
+tianbo1088.com, 1
+tianbo1988.com, 1
+tianbo1998.com, 1
+tiandixing.org, 1
+tianeptine.com, 1
+tianjiaxi.com, 1
+tianjinair.com, 1
+tianle.sh, 1
+tianshili.me, 1
+tiantangbt.com, 1
+tianwen.tk, 1
+tianxicaipiao.com, 1
+tianxicaipiao.win, 1
+tianxicp.com, 1
+tianyis.net, 1
+tianyou-ecjtu.com, 1
+tiarap.org, 1
+tiaria.id, 1
+tiaskipin.tk, 1
+tib1.com, 1
+tibber.com, 1
+tibberdev.com, 1
+tibbitshall.ca, 1
+tibc.ch, 1
+tiberian.tk, 1
+tibiarock.tk, 1
+tibicinagarricola.com, 1
+tibinonest.me, 1
+tibipg.com, 1
+tible.com, 1
+tibovanheule.site, 1
+tibovanheule.space, 0
+tibox.cl, 0
+tiburgundysi.ga, 1
+ticalcgames.tk, 1
+ticfleet.com, 1
+tichdiem80.com, 1
+tichieru.pw, 1
+ticinoscout.ch, 1
+tickertable.com, 0
+tickertoolkit.com, 1
+ticket-time.es, 1
+ticketassist.nl, 1
+ticketbahia.com, 1
+ticketcity.com, 1
+ticketfan.es, 1
+ticketix.com, 1
+ticketpay.jp, 1
+ticketpro.ca, 1
+ticketrestaurant.us, 1
+ticketrunway.com, 1
+tickets2004.tk, 1
+ticketscheapairfare.com, 1
+ticketscheapairline.com, 1
+ticketscheapflights.com, 1
+ticketslover.com, 1
+ticketsolve.com, 1
+ticketsource.co.uk, 1
+ticketsource.eu, 1
+ticketsource.io, 1
+ticketsource.us, 1
+ticketsourcebeta.co.uk, 1
+ticketswap.co, 1
+ticketswap.co.nz, 1
+ticketswap.dk, 1
+ticketswap.fi, 1
+ticketswap.in, 1
+ticketswap.pt, 1
+ticketswap.ru, 1
+tickettailor.com, 1
+ticketunity.com, 1
+ticketure.com, 1
+tickit.ca, 0
+ticktbox.com, 1
+ticnom.com, 1
+tictac.tk, 1
+tictail.com, 1
+tid.jp, 1
+tida.ge, 1
+tidal.ninja, 1
+tidal.zone, 1
+tide.com, 1
+tidecommunity.tk, 1
+tidehunter.ml, 1
+tideritter.de, 1
+tidimension.tk, 1
+tidit.nl, 1
+tidlook.co.il, 1
+tidy.chat, 1
+tidych.at, 1
+tidycustoms.net, 1
+tidydiary.com, 1
+tie.pub, 1
+tiederavintola.fi, 1
+tieffeservice.it, 1
+tiekoetter.com, 1
+tielectric.ch, 1
+tielsebakkers.tk, 1
+tiempo3.com, 1
+tiempoalegria.com, 1
+tiempolibre.nl, 1
+tiendabna.com.ar, 1
+tiendacanper.com, 1
+tiendacomprasegura.com, 1
+tiendadatasystem.es, 1
+tiendadeperros.com, 1
+tiendadolca.com, 1
+tiendaengeneral.com, 1
+tiendafetichista.com, 1
+tiendamacoco.com.ar, 1
+tiendamagia.com, 1
+tiendamia.co, 1
+tiendamia.com, 1
+tiendamia.com.do, 1
+tiendamia.com.pa, 1
+tiendamia.com.py, 1
+tiendamia.cr, 1
+tiendanube.com, 1
+tiendaregalos.eu, 1
+tiendatecnologica.net, 1
+tiener-herentals.be, 1
+tienerdienst-johanneskapel.tk, 1
+tiengtrungquoc.net, 1
+tienic.com, 1
+tiens-ib.cz, 1
+tier5industries.com, 1
+tierarzt-karlsruhe-durlach.de, 1
+tierarztpraxis-illerwinkel.de, 1
+tieredaccess.com, 1
+tierfaszienation.de, 1
+tiergear.com.au, 1
+tieronegraphics.com, 1
+tierparadies-muhrielle.org, 1
+tierra-indomables.tk, 1
+tierracenter.com, 1
+tierradeayala.com, 1
+tierrahost.com, 1
+tierramarca.com, 1
+tierraprohibida.net, 1
+tierschutz-niederrhein.de, 1
+tiestofan.tk, 1
+tiete.be, 1
+tietew.jp, 1
+tietew.net, 1
+tietotori.fi, 1
+tieulinh.com, 1
+tiew.pl, 0
+tifa-233.com, 1
+tifan.net, 1
+tifaware.com, 1
+tifenn.eu, 1
+tifenn.nl, 1
+tiffanitooley.tk, 1
+tiffany-angel.com, 1
+tiffany-remixed.tk, 1
+tiffany.moe, 1
+tiffanyblooms.ru, 1
+tiffanychristie.ca, 1
+tiffanywatson.xyz, 1
+tiffnix.com, 1
+tiflonet.tk, 1
+tifokaos.tk, 1
+tiftonga.gov, 1
+tig.mr, 1
+tiga-design.com, 1
+tigercam.cl, 1
+tigerconnect.com, 1
+tigerengine.com, 1
+tigerfm.tk, 1
+tigerfocus.com, 1
+tigerforce.tk, 1
+tigergraph.com, 1
+tigergroup.tk, 1
+tigernero.duckdns.org, 1
+tigernode.com, 1
+tigernode.net, 1
+tigertonwi.gov, 1
+tigerupload.tk, 1
+tigerzplace.tk, 1
+tiggeriffic.com, 1
+tiggertracks.com, 1
+tiggi.pw, 1
+tightassanal.com, 1
+tightasspics.com, 1
+tightassporntube.com, 1
+tightenthisshitup.com, 1
+tightpussysex.com, 1
+tigit.co.nz, 1
+tiglitub.com, 1
+tigreblanco.tk, 1
+tigzirt.tk, 1
+tihvin.tk, 1
+tii.audio, 1
+tii.party, 1
+tiihosen.fi, 1
+tiim.technology, 1
+tijden.nu, 1
+tijdvoorgeschiedenis.nl, 1
+tijerascreek.com, 0
+tijerasnm.gov, 1
+tijo.ch, 1
+tijoe.net, 1
+tik.edu.ee, 1
+tik.porn, 1
+tiki-god.co.uk, 1
+tiki.id, 1
+tikitak-o-rama.tk, 1
+tikkio.com, 1
+tikklik.nl, 1
+tikona.ga, 1
+tiktak.su, 1
+tiktok-download.io, 1
+tiktok.com, 1
+tiktokdownloader.com, 1
+tiktokformation.fr, 1
+tiktokgirls.live, 1
+tiktokglobalshop.com, 1
+tiktokglobalshopv.com, 1
+tiktokshop.com, 1
+tiktokv.com, 1
+tikun.tk, 1
+tikuter.me, 1
+tilcra.de, 1
+tilde.green, 1
+tilde.institute, 1
+tilde.link, 1
+tildes.net, 1
+tilecleaningservicepros.com, 1
+tileco.ga, 1
+tileflooringideas.gq, 1
+tileflooringideas.ml, 1
+tilellit.pro, 1
+tilers-world.com, 1
+tilesbay.com, 1
+tilietu.com, 1
+tilikum.io, 1
+tilipalvelutuominen.fi, 1
+tilisi.ga, 1
+tilitoimistokota.fi, 0
+tilitoimistopaiva.fi, 1
+tilitoimistosukkela.fi, 1
+tilitop.tk, 1
+till-grossmann.de, 1
+till.fyi, 1
+till.im, 1
+tillamookcounty.gov, 1
+tillberg.us, 1
+tillehus.frl, 1
+tilleysbouncycastles.co.uk, 1
+tillinger.sk, 1
+tillseasyscore.com, 1
+tillwalldrug.com, 1
+tillydesign.com, 1
+tiloschroeder.space, 1
+tilosp.de, 1
+tiltedscalescollective.org, 1
+tiltedwindmillcrafts.com, 1
+tiltedwindmillpress.com, 1
+tilvids.com, 1
+tilyexpress.ug, 0
+tilysthings.com, 1
+tim-demisch.com, 1
+tim-demisch.de, 1
+tim-demisch.email, 1
+tim-demisch.eu, 1
+tim-lawrence.cf, 1
+tim-niclas-demisch.de, 1
+tim-niclas-demisch.eu, 1
+tim.org.tr, 1
+tim427.net, 0
+timacdonald.me, 1
+timawesomeness.com, 1
+timbarlotta.com, 1
+timbercreekcanyontx.gov, 1
+timberjewelleryboxes.ga, 1
+timberjoineryperth.com.au, 1
+timbers.space, 1
+timbishopartist.com, 1
+timbrust.de, 1
+timbuktutimber.com, 1
+timcamara.com, 1
+timco.cloud, 1
+timdebruijn.nl, 1
+timdemisch.de, 1
+timdemisch.email, 1
+timdemisch.eu, 1
+timdemisch.online, 1
+timdoug.com, 1
+time-business.tk, 1
+time-hotel.cf, 1
+time-killers.tk, 1
+time.cy, 1
+time.gov, 1
+time.ly, 1
+time.sh, 1
+time2060.ru, 1
+time22.com, 1
+time2choose.com, 1
+time4writing.com, 1
+timeai.io, 1
+timeauction.hk, 1
+timeblog.org, 1
+timebomb.tk, 1
+timebookings.cf, 1
+timebox.tk, 1
+timebutler.de, 1
+timecamp.com, 1
+timecamp.pl, 1
+timecaptis.com, 1
+timecarrot.tk, 1
+timecheck.tk, 1
+timedin.net, 1
+timefor.tk, 1
+timeglass.de, 1
+timelapsetv.tk, 1
+timeless-photostudio.com, 1
+timeless-spirit.com, 1
+timelesstopiary.com, 1
+timelesstreasures.tk, 1
+timelettings.com, 1
+timelimit.io, 1
+timelost.tk, 1
+timely.fun, 1
+timely.md, 1
+timelybookkeeper.com, 1
+timelycare.com, 1
+timelyprovider.com, 1
+timemuzz.com, 1
+timeneye.com, 1
+timentask.com, 1
+timeout.co.il, 1
+timeoutdoors.com, 1
+timepassengers.tk, 1
+timeprison.tk, 1
+timepro.sk, 1
+timerace.ml, 1
+timeroll.ml, 1
+timersuite.com, 1
+timertomato.com, 1
+timesamui.com, 1
+timesedlen.dk, 1
+timeserver0.de, 1
+timeserver1.de, 1
+timeserver2.de, 1
+timeserver3.de, 1
+timesheet-plugin.herokuapp.com, 1
+timesheetcomics.com, 1
+timeslive.co.ke, 1
+timesloth.io, 1
+timesmarket.org, 1
+timesofisrael.com, 1
+timesofmalta.com, 1
+timespace.eu.org, 0
+timespreader.com, 0
+timeswath.uk, 1
+timeswiki.org, 1
+timetab.org, 1
+timetastic.co.uk, 1
+timetastic.us, 1
+timeticket.eu, 1
+timeticket.nl, 1
+timetotrade.com, 1
+timetravelforum.tk, 1
+timetreeapp.com, 1
+timeular.com, 1
+timewall.de, 1
+timewasters.nl, 1
+timewasters.tk, 1
+timeweb.io, 1
+timewornlit.com, 1
+timfiedler.net, 1
+timgame.tk, 1
+timhieuthuoc.com, 1
+timi-matik.hu, 1
+timich.ga, 1
+timilion.tk, 1
+timing.com.br, 1
+timjk.de, 0
+timm404.de, 1
+timmcclure.ca, 1
+timmerbedrijfpauel.nl, 1
+timmermansadministratie.nl, 0
+timmy.ws, 1
+timmyrs.de, 1
+timnash.co.uk, 1
+timnegocia.com.br, 1
+timniclasdemisch.de, 1
+timniclasdemisch.eu, 1
+timo-viveen.nl, 1
+timochan.cn, 1
+timomontalto.de, 1
+timonenko.cf, 1
+timonline.tk, 1
+timosfoodbar.nl, 1
+timoso.de, 1
+timotheeduran.com, 1
+timothy.tk, 1
+timothybjacobs.com, 1
+timothyyip.photography, 1
+timowi.de, 1
+timoxbrow.com, 0
+timqueen.com, 1
+timroes.de, 1
+timsayedmd.com, 1
+timscheuermann.ddns.net, 1
+timseverien.com, 0
+timstoffel.net, 0
+timtaubert.de, 1
+timtelfer.com, 1
+timtj.ca, 1
+timtom.ga, 1
+timvanban.vn, 1
+timvandekamp.nl, 1
+timvanheusdencoaching.com, 1
+timvivian.ca, 1
+timweb.ca, 1
+timx.uk, 1
+timysewyn.be, 0
+tin-bao.com, 1
+tina.media, 1
+tinaarenaweb.tk, 1
+tinakay-photography.com, 1
+tinamajorino.tk, 1
+tinandthyme.uk, 1
+tinapoethe.com, 0
+tinastouchmassage.com, 1
+tinclip.com, 1
+tindallriley.co.uk, 1
+tinder.wiki, 1
+tinderphotos.ga, 1
+tineb.be, 1
+tinevogel.dk, 1
+tinf.de, 1
+tinf15b4.de, 1
+tinfoilsecurity.com, 1
+tinfoleak.com, 1
+tingriev.gq, 1
+tinh.work, 1
+tinhchattrangda.vn, 1
+tinhlai.gq, 1
+tinint.com, 1
+tink.network, 1
+tinka.tk, 1
+tinker.career, 1
+tinkerbeast.com, 1
+tinkerbell.space, 1
+tinkerboard.org, 1
+tinkerdifferent.com, 1
+tinkerhost.net, 1
+tinkerliving.com, 1
+tinkerliving.marketing, 1
+tinkuscochabamba.tk, 1
+tinky.tk, 1
+tinlc.org, 1
+tinmarin.org, 1
+tinmouthvt.gov, 1
+tinneke.tk, 1
+tinnhanhvietnam.tk, 1
+tinnitus.tirol, 1
+tinobeth.com, 1
+tinonawall.co.uk, 1
+tintamas.tk, 1
+tinte24.de, 1
+tintenfix.net, 1
+tintiger.com, 1
+tintoria.roma.it, 1
+tintuonmobile.tk, 1
+tinturanaturale.it, 1
+tiny-house.ro, 1
+tiny-img.com, 1
+tiny-tattoos.tk, 1
+tiny.ee, 1
+tiny777.com, 1
+tinychen.com, 1
+tinycrm.pl, 1
+tinydogllc.com, 0
+tinydogs.ga, 1
+tinyemily.com, 1
+tinyfont.cf, 1
+tinyfont.ml, 1
+tinyguitars.tk, 1
+tinyhouse-bimify.fr, 1
+tinyhousebarat.com, 1
+tinyhousebarat.de, 1
+tinyhousefinance.com.au, 1
+tinyhouseprojects.be, 1
+tinyhouseturkiye.com.tr, 1
+tinylan.com, 1
+tinylink.cf, 1
+tinylotta.com, 1
+tinypic.host, 1
+tinyproxy.cf, 1
+tinyproxy.ga, 1
+tinyspeck.com, 1
+tinyssh.com, 1
+tinyssh.org, 1
+tinytanuki.com, 1
+tinytownsoftplay.co.uk, 1
+tinytwitter.io, 1
+tinyvpn.org, 1
+tio.run, 1
+tiogacountyny.gov, 1
+tiolou.com.br, 1
+tipi.jp, 1
+tipiakers.club, 1
+tiplanet.org, 1
+tiplitskymd.com, 1
+tipmexico.com, 1
+tipnews.tk, 1
+tipo01.tk, 1
+tipocloud.cf, 1
+tipoftheday.tips, 1
+tipplist.com, 1
+tipps-fuer-den-haushalt.de, 1
+tipranks.com, 1
+tips4gamers.com, 1
+tips4india.tk, 1
+tipsacademicos.com, 1
+tipsfinal.tk, 1
+tipsforgamers.com, 1
+tipskanalen.cf, 1
+tipslifetimefitness.ga, 1
+tipslifetimefitness.gq, 1
+tipsmake.com, 1
+tipsoftech.tk, 1
+tipsplants.com, 1
+tipstersweb.com, 1
+tipsypresent.com, 1
+tiptop.cloud, 1
+tiptoptransmissions.com, 1
+tipulnagish.co.il, 1
+tipwin.com, 1
+tipwin.de, 1
+tipydokasina.cz, 1
+tiqets.com, 0
+tir-mauperthuis.fr, 1
+tiraloche.com, 1
+tirana-chat.tk, 1
+tirandoalplato.tk, 1
+tiraspol.tk, 1
+tircentrale.net, 0
+tirebichon.eu, 1
+tiremart.com, 1
+tirflesia.it, 1
+tirgar.org, 1
+tirgul-vertiujeni.tk, 1
+tirion.network, 0
+tirion.org, 0
+tirionnetwork.de, 1
+tirlins.com, 1
+tirme.com, 1
+tiroler-kupferschmiede.com, 1
+tirteafuera.tk, 1
+tirupatinightwear.co.in, 1
+tischlerei-klettke.de, 1
+tisec.info, 1
+tishomingo.news, 1
+tiski-shop.ru, 1
+tisknunahadry.cz, 1
+tism.in, 1
+tisparking.com, 1
+tissus-paris.com, 1
+tisvapo.it, 1
+tit-cdn.de, 1
+tit-dev.de, 1
+tit-dns.de, 1
+tit-mail.de, 1
+tit.systems, 1
+titanandco.com, 1
+titandirect.co.uk, 1
+titanfile.com, 1
+titanicauto.ro, 1
+titaniumconsulting.co.uk, 1
+titantax.com, 1
+titantrades.com, 1
+titantrading.com.au, 1
+titanwaterproofing.com.au, 1
+titanyumkaplama.com, 1
+titelseite.ch, 1
+titiansgirl.com, 1
+titiansgirlphotography.com, 1
+titina.tk, 1
+titivoot.tk, 1
+titli.fr, 1
+titouan.co, 0
+titser.ph, 1
+tittelbach.at, 1
+titulares.ar, 0
+titularizadora.com, 1
+titulosuniversitariosalaventa.com, 1
+titusetcompagnies.net, 0
+titusvillepapd.gov, 1
+tivido.nl, 1
+tivit-chill.partners, 1
+tivit-focus-partners.com, 1
+tiwilandcouncil.com, 1
+tixeconsulting.com, 1
+tixel.com, 1
+tixify.com, 1
+tixio.de, 1
+tixtips.com, 1
+tiyee.net, 1
+tizen-ru.tk, 1
+tizimin.tk, 1
+tizreu.xyz, 1
+tjampoer.com, 1
+tjebben.tech, 1
+tjeea.com, 1
+tjgrant.com, 1
+tjian.info, 1
+tjkebayi.com, 1
+tjl.rocks, 0
+tjmarron.co.uk, 1
+tjongeling.tk, 1
+tjp.ch, 0
+tjpiezo.com, 1
+tjplabs.com, 1
+tjrapid.sk, 1
+tjsky.net, 0
+tjtechofficial.ga, 1
+tju.me, 1
+tjupt.org, 1
+tjurun.ga, 0
+tjxcanada.ca, 1
+tjxxzy.com, 1
+tjzzz.com, 1
+tk-its.net, 1
+tk-its.org, 1
+tk-smart.ru, 1
+tk2net.com, 1
+tkacz.pro, 1
+tkafinearts.net, 1
+tkanemoto.com, 0
+tkanix.ru, 1
+tkarstens.de, 1
+tkcafe.net, 1
+tkcaninetraining.com, 1
+tkd-itf.tk, 1
+tkgpm.com, 1
+tkhirianov.tk, 1
+tkhsurgery.com, 1
+tki.jp, 1
+tkiely.net, 1
+tkirch.de, 1
+tklm.pl, 1
+tkmr-gyouseishosi.com, 1
+tkn.me, 1
+tkonstantopoulos.tk, 1
+tkpayrollsolutions.com, 1
+tksainc.com, 1
+tkts.cl, 1
+tkwataneya.tk, 1
+tkwhongkong.tk, 1
+tl.gg, 1
+tlach.cz, 1
+tlanyan.pp.ua, 1
+tlca.org, 1
+tlcinteriors.com.au, 1
+tlctrades.com, 1
+tldata.co, 1
+tldplaza.com, 1
+tldrtips.com, 1
+tldtattoo.com, 1
+tldus.com, 0
+tlehseasyads.com, 1
+tleng.de, 1
+tleplus.com, 1
+tlercher.de, 1
+tlicycling.com, 1
+tlingitandhaida.gov, 1
+tljcw.com, 1
+tlmedia.online, 1
+tlmicorp.com, 1
+tln.lib.ee, 1
+tlo.xyz, 1
+tloschinski.de, 1
+tloxygen.com, 1
+tloxygen.us, 1
+tlpn.eu, 1
+tlroadmap.io, 1
+tls-proxy.de, 1
+tls.builders, 1
+tls.care, 0
+tls.support, 1
+tlsbv.nl, 1
+tlsdane.com, 1
+tlsinspector.com, 1
+tlsmail.cc, 1
+tlsrobot.se, 1
+tlumaczenie.com, 1
+tlv77.net, 1
+tlyphed.net, 1
+tlys.de, 0
+tm-its.com, 1
+tm-sydney.au, 1
+tm-t.ca, 1
+tm2ts.com, 1
+tm80plus.com, 0
+tmachinery.cz, 1
+tmadev.com.au, 1
+tmamontreal.ca, 0
+tmartravel.com, 1
+tmatrack.com, 1
+tmbcloud.duckdns.org, 1
+tmberg.cf, 1
+tmberg.eu.org, 1
+tmberg.ga, 1
+tmberg.gq, 1
+tmberg.ml, 1
+tmberg.se.eu.org, 1
+tmberg.tk, 1
+tmbergtmberg.cf, 1
+tmbergtmberg.ga, 1
+tmbergtmberg.gq, 1
+tmbergtmberg.ml, 1
+tmbergtmberg.tk, 1
+tmbservis.cz, 1
+tmc.com.ar, 1
+tmc.com.mt, 1
+tmcjobs.com, 1
+tmcreationweb.com, 1
+tmcrew.org, 1
+tmdb.biz, 1
+tmdmotorhomes.com, 1
+tmeoworld.tk, 1
+tmf.ru, 1
+tmhanoi.com, 1
+tmhr.moe, 1
+tmi-products.eu, 1
+tmi-produkter.se, 1
+tmin.cf, 1
+tmirz.ml, 1
+tmj4.com, 1
+tmm.cx, 1
+tmmapps.com, 1
+tmobilethuis.nl.eu.org, 1
+tmp.sx, 1
+tmpcdn.xyz, 1
+tmpraider.net, 1
+tmpsantos.com.br, 1
+tmpwn.com, 1
+tmredondela.tk, 1
+tmryan.co.uk, 1
+tmshea.com, 1
+tmstats.fr, 1
+tn-bb.com, 1
+tn0.club, 1
+tnb-plattform.de, 1
+tncrtinfo.com, 1
+tndagc.gov, 1
+tndentalwellness.com, 1
+tnes.dk, 1
+tnmsc.com, 1
+tnonline.net, 1
+tnosha.gov, 1
+tnpds.org.in, 1
+tnrealid.gov, 1
+tnrf.eu, 1
+tnskvi.tk, 1
+tnsos.gov, 1
+tnt-21.com, 1
+tnt.construction, 0
+tnt2k.de, 1
+tntbooks.ca, 1
+tntmobi.com, 1
+tntuservices.com, 1
+tntware.com, 1
+tnurocancer.com, 1
+tnusedoil.gov, 1
+tnutoys.com, 1
+tnved2013-narod.tk, 1
+tnwgrc.com, 1
+tnwildlandfire.gov, 1
+tnwioa.gov, 1
+to-med.ru, 1
+to-ya.jp, 1
+to.cm, 1
+to.gt, 1
+to.md, 1
+to4ka.md, 0
+toachina.com, 1
+toad.ga, 1
+toade.com, 1
+toadox.com, 1
+toaks.gov, 1
+toastmasters.tk, 1
+toastrye.com, 1
+toaw.de, 1
+tob-rulez.de, 1
+tobacco.gov, 1
+tobaccolocker.com, 1
+tobbro-trans.de, 1
+tobedo.net, 1
+toberdyne.net, 1
+tobevictorious.com, 1
+tobi-mayer.de, 1
+tobi-server.goip.de, 1
+tobi-videos.goip.de, 1
+tobiaalberti.com, 1
+tobias-bauer.de, 1
+tobias-bauer.eu, 1
+tobias-bauer.fr, 1
+tobias-bauer.net, 1
+tobias-haenel.de, 1
+tobias-kleinmann.de, 1
+tobias-kluge.com, 1
+tobias-kluge.de, 1
+tobias-olbrich.de, 1
+tobias-picha.de, 1
+tobias-weidhase.de, 1
+tobias.gr, 1
+tobias4.ddns.net, 1
+tobiasbrunner.net, 1
+tobiasconradi.com, 1
+tobiase.de, 1
+tobiasfischer.info, 1
+tobiashorvath.com, 1
+tobiashorvath.de, 1
+tobiashorvath.net, 1
+tobiashorvath.org, 1
+tobiaskorf.de, 1
+tobiasmanske.de, 1
+tobiaspahlings.de, 1
+tobiaspreis.com, 1
+tobiaspreis.de, 1
+tobiassachs.cf, 1
+tobiassachs.de, 1
+tobiassachs.tk, 1
+tobiassattler.com, 1
+tobiaswiese.com, 1
+tobiaswiese.eu, 1
+tobiaswiese.net, 1
+tobiaswiese.org, 1
+tobiaswiese.work, 1
+tobiefornerod.ch, 1
+tobiichi3227.ddns.net, 1
+tobiichi3227.eu.org, 1
+tobinc.ddnss.de, 1
+tobis-rundfluege.de, 1
+tobis.cloud, 1
+tobischo.de, 1
+tobnm.gov, 1
+tobruxo.com.br, 1
+tobtennis.tk, 1
+toby.website, 1
+toby3d.me, 1
+tobyalden.com, 1
+tobyschrapel.com, 0
+tobyx.cc, 1
+tobyx.co, 1
+tobyx.com, 1
+tobyx.de, 1
+tobyx.eu, 1
+tobyx.is, 1
+tobyx.me, 1
+tobyx.net, 1
+tobyx.ooo, 1
+tobyx.org, 1
+tobyx.xyz, 1
+tocasoft.co.uk, 1
+tocco.ch, 1
+tochi-urikata.net, 1
+tochified.com, 1
+tochinoki.co.jp, 1
+tocho-america.com, 1
+tocomtulio.com, 1
+toconnect.me, 1
+todacarreira.com, 1
+todaciencia.com, 1
+todamateria.com, 1
+todamateria.com.br, 1
+todapolitica.com, 1
+todaslascafeteras.com, 1
+todasnoticias.pt, 1
+today.it, 1
+todayer.ru, 1
+todayfinance.news, 1
+todayfinancial.news, 1
+todayhap.net, 1
+todayjobs.pk, 0
+todaylearn.tk, 1
+todaymeow.com, 1
+todayprice.ga, 1
+todaysbestinsurance.com, 1
+todaysparent.com, 1
+todayupdates.ga, 1
+toddcullumresearch.com, 1
+toddexler.com, 1
+toddlerleaf.com, 1
+toddmclauchlin.cf, 1
+toddmclauchlin.ga, 1
+toddmclauchlin.ml, 1
+toddmissiontx.gov, 1
+toddvbanks.com, 1
+todeva.com, 1
+todo-securitywerkstuk.azurewebsites.net, 1
+todo.is, 0
+todobus.tk, 1
+todobuscadores.tk, 1
+todocracy.com, 1
+todocruces.com, 1
+tododescarga.tk, 1
+todoescaperooms.com, 1
+todoescine.com, 1
+todofadingsuns.tk, 1
+todofiesta.com.ar, 1
+todohealth.com, 1
+todoinfo.tk, 1
+todoist.com, 1
+todoist.help, 1
+todoist.net, 1
+todokete.ga, 1
+todolex.tk, 1
+todon.fr, 1
+todoporjesus.net, 1
+todoscheduler.de, 1
+todoscheduler.org, 1
+todoscomciro.com, 1
+todoseaprende.com, 1
+todosquerem.uno, 1
+todosrv.com, 1
+todotiendas.tk, 1
+toeglhofer.at, 1
+toeightycountries.com, 1
+toekomstperspectief.be, 1
+toepferei-langerwehe.de, 1
+toerschaatsenknsb.nl, 1
+toetsplatform.be, 1
+toeverynation.com, 1
+tofa-koeln.de, 1
+tofe.io, 1
+tofilmhub.com, 1
+tofliving.nl, 1
+toftered.se, 0
+tofu.cf, 1
+tofu.kim, 1
+tofuixi.com, 1
+together.gov, 1
+togetherplanning.com, 0
+togetherprice.com, 1
+togetter.com, 1
+togglename.ml, 1
+togoweed.co, 1
+togtider.dk, 1
+toh25unblocked.tk, 1
+toheb.de, 0
+tohevn.tk, 1
+toho-tk.com, 1
+tohofc.co.jp, 1
+tohoku-fukushi.com, 1
+tohokufd.com, 1
+toila.best, 1
+toileobscure.fr, 1
+toilet-guru.com, 1
+toimitaax.fi, 1
+toipa.org, 1
+tojeit.cz, 1
+tojevune.cz, 1
+tok4.com, 1
+tokaido-kun.jp, 1
+tokaido.com, 1
+tokaishishisetsukanrikyokai.jp, 1
+tokarconsulting.com, 1
+tokathaberleri.tk, 1
+tokdeccor.com.br, 1
+tokelaunso.tk, 1
+token.im, 1
+tokenizedhq.com, 1
+tokenlon.im, 0
+tokenoftrust.com, 1
+tokens.net, 1
+toki-doki.tk, 1
+tokic.hr, 0
+tokidoki.team, 1
+tokimeko.jp, 0
+tokinoha.net, 1
+tokinohikari.com, 1
+tokinokakehashi.com, 1
+tokinosasae.com, 1
+tokio.fi, 1
+tokiohotel-world.tk, 1
+tokiohotelcroatia.tk, 1
+tokka.com, 1
+tokke.dk, 1
+tokkee.org, 1
+tokky.be, 1
+tokky.eu, 1
+tokky.fr, 1
+tokoangga.com, 1
+tokobelibeli.com, 1
+tokobungaasryflorist.com, 1
+tokobungadilampung.com, 1
+tokocuan.id, 1
+tokoindo.top, 1
+tokokujogja.com, 1
+tokomoto-w.com, 1
+tokopedia.ga, 1
+toku.co, 0
+tokugai.com, 1
+tokusatsunetwork.com, 1
+tokyo-city.ru, 0
+tokyo-co2down.jp, 1
+tokyo-hotel.tk, 1
+tokyo-onkyo.jp, 1
+tokyo-powerstation.com, 1
+tokyoadultguide.com, 1
+tokyocare.com, 1
+tokyodenmarkweek.com, 1
+tokyomakino.com, 1
+tokyosaviva.com, 1
+tokyotalk.tk, 1
+tokyotimeline.com, 1
+tolartx.gov, 1
+tolas.lt, 1
+tolboe.com, 1
+toldos-en-stock.es, 1
+toldst.dk, 1
+toledo.tk, 1
+toledoclassifieds.net, 1
+toledoescorts.net, 1
+toledohydraulic.com, 1
+tolerance-zero.tk, 1
+toleressea.fr, 1
+toles-sur-mesure.fr, 1
+tolibanana.com, 1
+tolkienfans.tk, 1
+tolkienlibrary.com, 1
+tolkienmusic.tk, 1
+tolkienwiki.ml, 1
+tolkovanie-sna.tk, 1
+tollandct.gov, 1
+tolle-wolke.de, 0
+tollerunterricht.com, 1
+tollfreeproxy.com, 1
+tollmanz.com, 0
+tolls.eu, 1
+tollsjekk.no, 1
+tollywood.ga, 1
+tolmaidis.com, 1
+tolman.nl, 1
+tolmandrywall.com, 0
+tolnavar.hu, 1
+tolstoevsky.tk, 1
+tolucreaciones.com, 1
+tom-bmx.com, 1
+tom-crowley.co.uk, 1
+tom-geiger.de, 1
+tom-hanks.tk, 1
+tom-kunze.de, 1
+tom-kurka.cz, 1
+tom.je, 1
+tom0907.eu, 1
+tomabrafix.de, 1
+tomacino.de, 1
+tomaempleo.com, 1
+tomahawkwi.gov, 1
+tomahwi.gov, 1
+toman.rs, 1
+toman.sk, 1
+toman.su, 1
+tomandmara.com, 1
+tomandshirley.com, 1
+tomarlacalle.com, 1
+tomarnarede.pt, 0
+tomartv.pt, 1
+tomasa.cc, 1
+tomasdrtina.cz, 1
+tomashejatko.cz, 1
+tomashouzvicka.pl, 1
+tomasjacik.cz, 1
+tomaskavalek.cz, 0
+tomasmatulevicius.lt, 1
+tomasmoberg.org, 1
+tomasvecera.cz, 0
+tomaszdwornicki.net, 1
+tomatis-nantes.com, 1
+tomatofrogs.com, 1
+tomatohq.com, 1
+tomaz.eu, 1
+tomba.io, 1
+tombaker.me, 0
+tombari.com, 1
+tombclan.ga, 1
+tombeantx.gov, 1
+tombolaarcade.co.uk, 1
+tomboonen.tk, 1
+tomboy.org, 1
+tombrossman.com, 1
+tombu.biz, 0
+tombu.info, 0
+tombu.org, 0
+tombu.xyz, 0
+tomcat.ml, 1
+tomchen.org, 1
+tomco-corporation.tk, 1
+tomcort.com, 1
+tomd.ai, 1
+tomdapice.com, 1
+tomdougiamas.com, 1
+tomdudfield.com, 1
+tomend.es, 1
+tomfelton.tk, 1
+tomff.com, 1
+tomfisher.eu, 1
+tomfun.co, 1
+tomgaddis.com, 1
+tomgaechter.ch, 1
+tomget.tk, 1
+tomharling.co.uk, 1
+tomharling.uk, 1
+tomi.ai, 1
+tomi.cc, 1
+tomica.me, 1
+tomik.cloud, 1
+tomik.fun, 1
+tomikoyco.com, 1
+tomiler.com, 1
+tominysun.com, 1
+tomislava.com, 1
+tomjans.nl, 1
+tomjepp.uk, 1
+tomjn.com, 1
+tomkempers.nl, 1
+tomkleinit.de, 1
+tomkompserwis.pl, 1
+tomkunze.de, 1
+tomkwok.com, 0
+tomlehrersongs.nl, 1
+tomli.blog, 1
+tomm.yt, 1
+tomma.tk, 1
+tommic.eu, 0
+tommihynynen.com, 1
+tommy-bordas.fr, 0
+tommybrown.ru, 1
+tommycarrauto.com, 1
+tommyemo.com, 1
+tommyemo.net, 1
+tommymoya.tv, 1
+tommypa.se, 1
+tommypalarsson.com, 1
+tommypalarsson.se, 1
+tommyphotographie.com, 0
+tommys.com, 1
+tommytran.io, 1
+tomnatt.com, 1
+tomo.gr, 0
+tomoarigato.com, 1
+tomodachi.tk, 1
+tomoko-clinic.jp, 1
+tomorrow-traxx.tk, 1
+tomorrow.one, 1
+tomosm.net, 1
+tomoveornot.de, 1
+tomphenix.com, 1
+tomphill.co.uk, 0
+tomravinmd.com, 1
+tomrei.com, 1
+tomrichards.net, 1
+tomrunting.pro, 1
+toms.ovh, 1
+tomschlick.com, 1
+tomsdevsn.me, 1
+tomsick.it, 1
+tomsk.cf, 1
+tomsk.ml, 1
+tomsk24.tk, 1
+tomsk365.ga, 1
+tomsknet.tk, 1
+tomsknews.tk, 1
+tomslawadvice.com, 1
+tomsoft.hr, 1
+tomspdblog.com, 1
+tomssite.tk, 1
+tomssl.com, 1
+tomstew.art, 1
+tomtelist.tk, 1
+tomthorogood.co.uk, 1
+tomthorogood.net, 1
+tomthorogood.uk, 1
+tomticket.com, 1
+tomudding.nl, 1
+tomvanlaer.be, 1
+tomvannoppen.tk, 1
+tomvote.com, 1
+tomvst.net, 1
+tomwassenberg.com, 1
+tomwassenberg.nl, 1
+tomwellington.design, 1
+tomwilson.io, 0
+tomwither.com, 1
+tomyork.net, 1
+tonabor.ru, 1
+tonage.de, 1
+tonalaw.com, 1
+tonarinoliusan.com, 1
+tonarinoliusan.net, 1
+tonasketwa.gov, 1
+tonaton.com, 1
+tonazo.tk, 1
+tonburi.jp, 0
+toncusters.nl, 1
+tondles.com, 1
+tone-town.com, 1
+toneelaccent.tk, 1
+tonegidoarchief.nl, 1
+tonemadison.com, 0
+toner24.at, 1
+toner24.co.uk, 1
+toner24.es, 1
+toner24.fr, 1
+toner24.it, 1
+toner24.nl, 1
+toner24.pl, 1
+tonerdepot.de, 1
+tonerjet.at, 1
+tonerjet.co.uk, 1
+tonerklick.de, 1
+tonerkurier.de, 1
+tonermaus.de, 1
+tonermonster.de, 1
+toners.ro, 1
+tonex.de, 1
+tonex.nl, 1
+tongkhothanhly.com, 1
+tongli.eu.org, 1
+tonguetechnology.com, 1
+toni-dis.ch, 0
+toniduarte.tk, 1
+tonies.com, 1
+tonifarres.net, 1
+tonifix.fi, 1
+tonight.de, 1
+tonik.tk, 1
+tonimorena.net, 1
+tonkawaok.gov, 1
+tonkayagran.ru, 1
+tonnycat.com, 1
+tono.us, 1
+tonorosario.tk, 1
+tonshaiza.tk, 1
+tonsil-stone.com, 1
+tonsillar-stones.com, 1
+tonsit.com, 1
+tonsit.org, 0
+tonton.cf, 1
+tontonan.gq, 1
+tontonnews.net, 1
+tontonroger.org, 1
+tonyandskye.com, 1
+tonyarcieri.com, 1
+tonydaquin.com, 1
+tonyfanningphotography.co.uk, 1
+tonygallo.tk, 1
+tonyhagerlund.tk, 1
+tonykadleck.com, 1
+tonykarbo.tk, 1
+tonymanning.com, 1
+tonyonsecurity.com, 1
+tonypolecastro.com, 1
+tonysantos.tk, 1
+tonytan.cn, 1
+tonytan.io, 1
+tonytan.net, 1
+tonyw.xyz, 1
+tonywebster.com, 1
+too.com.ua, 1
+too.gy, 1
+tooadalsauda.kz, 1
+toobi.co.uk, 1
+toobug.net, 0
+tooelecity.gov, 1
+tooelecountyvotes.gov, 1
+toofab.com, 1
+tooij.com, 1
+tookan.tech, 1
+tookhan.tk, 1
+tool.lu, 1
+toolbox.ninja, 0
+toolboxsoftware.tk, 1
+toolecountysheriffmt.gov, 1
+toolineo.de, 1
+toolip.gr, 1
+toolkits.design, 1
+toolminer.com, 1
+toolroomrecords.com, 1
+tools-services.com.co, 1
+tools.pro, 1
+tools4me.win, 0
+toolsa.bg, 1
+toolsbit.com, 1
+toolsense.io, 1
+toolset.com, 1
+toolsforbiblestudy.com, 1
+toolspain.tk, 1
+toolsu.com, 1
+toolzone.cz, 1
+toom.io, 1
+toomy.ddns.net, 1
+toomy.pri.ee, 1
+toon.at, 1
+toon.style, 1
+tooncastle.tk, 1
+toondah.com.au, 1
+toondahjobs.com.au, 1
+toondergroup.com, 1
+toonetcreation.com, 1
+toonict.nl, 1
+toonmate.tk, 1
+toonpool.com, 1
+toonsburgh.com, 1
+toontown.team, 1
+toontownrewritten.com, 1
+toool.nl, 1
+toool.nyc, 1
+toool.org, 1
+toopita.com, 1
+toopopular.ga, 1
+toot.community, 0
+toot.haus, 1
+tootbitco.ml, 1
+toothimplantsydney.com.au, 1
+toothless.tk, 1
+toothpique.tk, 1
+toothsearch.tk, 1
+tooti.biz, 1
+tootl.org, 1
+tootsi.edu.ee, 1
+tootsiewootsies4d.com, 1
+toowoombawebdesign.com.au, 1
+top-aanbiedingen.nl, 1
+top-avis.fr, 1
+top-azia.ru, 1
+top-b.net, 1
+top-beauty.cf, 1
+top-credit.tk, 1
+top-dance.pl, 1
+top-drop.tk, 1
+top-electronics.ru, 1
+top-frog.com, 1
+top-info.ga, 1
+top-koupelny.cz, 1
+top-kuwait.com, 1
+top-melody.ru, 1
+top-messenger.com, 1
+top-mining.tk, 1
+top-model.biz, 1
+top-obaly.cz, 1
+top-opakowania.pl, 1
+top-pansionaty.ru, 1
+top-rensner.de, 1
+top-rezepte.de, 1
+top-russian.tk, 1
+top-schools.tk, 1
+top-secret.tk, 1
+top-seminaire.com, 1
+top-service.ml, 1
+top-shashlik.com.ua, 1
+top-skins.ml, 1
+top-super-60.ag, 1
+top-super-60.biz, 1
+top-super-60.com, 1
+top-super-60.de, 1
+top-super-60.eu, 1
+top-super-60.info, 1
+top-super-60.net, 1
+top-super-60.org, 1
+top-verhandlungstraining.de, 1
+top-zdrave.bg, 1
+top-zentr.tk, 1
+top.ax, 1
+top1.com.vn, 0
+top10-casinosites.net, 1
+top10.tk, 1
+top100games.ml, 1
+top10antivirus.review, 1
+top10directory.tk, 1
+top10list.tk, 1
+top10llcformationsites.com, 1
+top10media.tk, 1
+top10mountainbikes.info, 1
+top1health.com, 1
+top4shop.de, 1
+top5melhorescursosdedrone.com, 1
+topa.tk, 1
+topagrar.com, 1
+topan.tk, 1
+topandtrending.com, 1
+topanimecharacters.com, 1
+topanlage.de, 1
+toparkinfo.hu, 1
+topas.tk, 1
+topaxi.codes, 0
+topbloc.com, 1
+topbookmarking.cf, 1
+topbouncycastles.co.uk, 1
+topbrasilnews.tk, 1
+topbrunchspots.com, 1
+topbuild.com, 1
+topbusiness.tk, 1
+topbusinessnews.today, 1
+topbussines.tk, 1
+topcameras.tk, 1
+topcarehvac.ca, 1
+topcash.co.il, 1
+topcasinobonus.nu, 1
+topchinasupplier.com, 1
+topciderska-crkva.rs, 1
+topclaim.com, 1
+topclan.tk, 1
+topclassfun.ie, 1
+topcoffee.cf, 1
+topcompany.be, 1
+topcomputacion.com.ar, 1
+topconteudos.com.br, 1
+topconteudos.shop, 1
+topcover.cz, 1
+topdesignfirms.com, 1
+topdesk.net, 1
+topdetal.ru, 1
+topdetoxcleanse.com, 1
+topdisco.com, 1
+topdoctors.co.uk, 1
+topdoctors.es, 1
+topdoctors.it, 1
+topdocumentaryfilms.com, 1
+topdogsinflatables.co.uk, 1
+topdomainsandhosting.com, 1
+topdosug.ml, 1
+topdroneusa.com, 1
+topeducationhelp.co, 1
+topekafoundationpros.com, 1
+topendcamphire.com.au, 1
+toperadigital.com, 1
+topesdegama.com, 1
+topessaywritingbase.com, 1
+topeyechang.com.tw, 1
+topfd.net, 1
+topferta.com, 1
+topfiremedia.com, 1
+topfivepercent.co.uk, 1
+topfood.club, 1
+topfreeporn.com, 1
+topgallant.gq, 1
+topgevelbekleding.nl, 1
+topgod.com, 1
+topgrading.com, 1
+topgshop.ru, 1
+tophat.studio, 1
+tophatpuffin.com, 0
+tophighnorldiet.gq, 1
+tophr.kz, 1
+topicalnet.de, 1
+topicdesk.com, 1
+topicit.net, 1
+topicpoint.tk, 1
+topicpulse.tk, 1
+topicv.com, 0
+topideipodarkov.ru, 1
+topitalianscientists.org, 1
+topjean.com, 1
+topjeans.ga, 1
+topjobs.ch, 1
+topknot.gq, 1
+topkorea.ml, 1
+topktv.com, 1
+toplevel.nl, 1
+topline.com.sa, 1
+toplink.co.il, 1
+toplist.cz, 1
+toplist.eu, 1
+toplist.sk, 1
+topliste.tk, 1
+toplistforum.tk, 1
+toplockshop.com, 1
+topluxitalia.com, 1
+topmachstudios.com, 1
+topmanitas.es, 1
+topmarketplace.com.br, 1
+topmaxstore.com, 1
+topmba.com.au, 1
+topmmogames.org, 1
+topmoods.com, 1
+topmotoric.com, 1
+topmovie.gq, 1
+topmuzic.tk, 1
+topmuzika.cz, 1
+topnado.tk, 1
+topnet.tk, 1
+topnews.gq, 1
+topnews333.cf, 1
+topnews333.tk, 1
+topnlist.com, 1
+topnoshgourmet.com, 1
+topnotchendings.com, 1
+topo.com.ro, 1
+topodin.com, 1
+topofart.com, 1
+topofertas.tk, 1
+topofficesupplies.tk, 1
+topofthefreegames.ml, 1
+topographic.tk, 1
+toponlinecasino.be, 1
+toponlinecasinosites.co.uk, 1
+toponlinemarketing.tk, 1
+topophile.net, 1
+topoptics.com.ua, 1
+topotom.tk, 1
+topporn.me, 1
+topppinfo.com, 1
+topprice.ua, 1
+topproductsanalysis.com, 1
+topprogaragedoor.com, 1
+toppsnfts.com, 1
+toppstugansundbyberg.se, 1
+topradiosbrasil.tk, 1
+toprating.casino, 1
+toprci.com.br, 1
+topreit.ru, 1
+toprelatos.com, 1
+topsailbeachnc.gov, 1
+topsailtechnologies.com, 1
+topsas.com, 1
+topseo.gq, 1
+topservercccam.com, 1
+topservercccam.tv, 1
+topservers.ga, 1
+topsexik.cz, 1
+topshelf.tech, 0
+topshop.tk, 1
+topshoptools.com, 1
+topsights.org, 1
+topsnow.ru, 1
+topspace.tk, 1
+topspani.cz, 1
+topspin.tk, 1
+topsport.bg, 1
+topsteroidsonline.com, 1
+topsuper60.ag, 1
+topsuper60.biz, 1
+topsuper60.com, 1
+topsuper60.de, 1
+topsuper60.eu, 1
+topsuper60.info, 1
+topsuper60.net, 1
+topsuper60.org, 1
+topsvet.ru, 1
+toptapety.cz, 1
+toptec.net.br, 1
+toptechnews.cf, 1
+toptechnews.tk, 1
+topteen.tk, 1
+topten.com.co, 1
+toptexture.com, 1
+toptheto.com, 1
+toptiernetworks.tk, 1
+toptilebathrooms.co.nz, 1
+toptotosite.com, 1
+toptour.tk, 1
+toptracks.tk, 1
+toptranslation.com, 1
+toptravel.tk, 1
+toptravelgram.com, 1
+toptur.tk, 1
+topu.ro, 1
+topurls.tk, 1
+topvertimai.lt, 1
+topviet.ga, 1
+topvision.es, 1
+topvpn.pl, 1
+topwin.la, 1
+topwindowcleaners.co.uk, 1
+topwonders.tk, 1
+topworkplaces.com, 1
+topyachts-shop.com.ua, 1
+topyachts.com.ua, 1
+topyouth.com, 1
+topzarabotok.ml, 1
+toquechic.com, 1
+tor.taxi, 1
+tor2web.org, 1
+tor4.cf, 1
+toranjchap.com, 1
+torb.com, 1
+torba.tk, 1
+torbay.ga, 1
+torbay.tk, 1
+torbe.es, 1
+torch-fan.site, 1
+torchbankz.com, 1
+torchbearer.tk, 1
+torchmc.ru, 1
+tordenskjold.de, 1
+tordo.net, 1
+toreni.us, 1
+toretame.jp, 1
+toretfaction.net, 1
+torfbahn.de, 1
+torg-room.ru, 1
+torgoborud.tk, 1
+torgopt.tk, 1
+torgovaya.tk, 1
+toricafe.com, 1
+torigaoka-dc.com, 1
+toriko-official.ml, 1
+torino.fi, 1
+torinotoday.it, 1
+torisamaahirusama.com, 1
+torkel.se, 1
+torlock.com, 1
+torlock2.com, 1
+tormentedradio.com, 0
+tormentgame.com, 1
+tormox.ml, 1
+tornadica.by, 1
+tornado-map.de, 1
+tornadoarchiv.ml, 1
+tornadoautos.com, 1
+tornadodetector.ga, 1
+torngalaxy.com, 1
+tornyosbbq.hu, 1
+torocatala.tk, 1
+toroguapo.com, 1
+torondor.tk, 1
+toronto-escorts.com, 1
+torontoaccesscontrol.com, 1
+torontocorporatelimo.services, 1
+torontogid.cf, 1
+torontohealthcare.tk, 1
+torontolife.com, 1
+torontonews.tk, 1
+torontopostcardclub.com, 1
+torontopowerwalkers.ca, 1
+torontoscrapcarremoval.ca, 1
+torontotransit.tk, 1
+toropova.tk, 1
+toros2.com, 1
+torproject.org, 0
+torproject.ovh, 1
+torprojects.com, 1
+torquemada.tk, 1
+torrance.gq, 1
+torrba.tk, 1
+torrecilladelaabadesa.tk, 1
+torreconta.pt, 1
+torrededonmiguel.tk, 1
+torrelorenzo.com, 1
+torremarsalou.com, 1
+torrent.fedoraproject.org, 1
+torrent.is, 1
+torrent.tm, 1
+torrentbd.com, 1
+torrentbd.me, 1
+torrentbd.net, 1
+torrentdb.tk, 1
+torrentdownload.gq, 1
+torrentfunk.com, 1
+torrentfunk2.com, 1
+torrentgalaxy.mx, 1
+torrentgalaxy.su, 1
+torrenttop100.net, 1
+torrentz2.al, 1
+torrero.tk, 1
+torresdealbanchez.tk, 1
+torresjaen.tk, 1
+torresshop.es, 0
+torretzalam.com, 1
+torsdammen.se, 1
+torservers.net, 0
+torsten-schmitz.net, 1
+torsten-werner.info, 1
+torstens-buecherecke.de, 1
+torstensenf.de, 1
+tortak.ml, 1
+torte.roma.it, 1
+torticollisexplained.com, 1
+tortikvam.ru, 1
+tortillahernandez.com, 0
+tortillas-duras.cf, 1
+tortillas-duras.ga, 1
+tortillas-duras.gq, 1
+tortillas-duras.ml, 1
+tortimes.com, 1
+tortocan.com, 1
+tortoises-turtles.com, 1
+tortuga.ga, 1
+tortugan.com.br, 1
+torwart-jugend.de, 1
+tosainu.com.br, 1
+tosatopsicologabologna.com, 1
+tosbourn.com, 1
+toscanaecommerce.it, 1
+toscanaeconomy.it, 1
+toschool.com.br, 1
+toshen.com, 1
+toshicar.com, 1
+toshik.tk, 1
+toshiroz.com, 1
+toshkov.com, 1
+toshl.com, 1
+toskavista.de, 1
+tosolini.info, 1
+tosostav.cz, 1
+tosshi-life.com, 1
+tossitaway.tk, 1
+tosteberg.se, 0
+tot.money, 1
+totaku.ru, 0
+total-chaos.tk, 1
+total-deco.eu, 1
+total-destruction.tk, 1
+total-electric.com, 1
+total-privacy.tk, 1
+total-security.tk, 1
+totalabogados.cl, 1
+totalaccessnicaragua.co, 1
+totalbike.com.br, 1
+totalbyverizon.com, 1
+totalcarcheck.co.uk, 1
+totalcare.co.nz, 1
+totalcarpetcare.co.uk, 1
+totalchecklist.com, 1
+totalcontrols.eu, 1
+totalemaildelivery.com, 1
+totalenergies.ca, 1
+totalenergies.com, 1
+totalenergies.de, 1
+totalenergies.do, 1
+totalengineering.club, 1
+totalenterprise.pl, 1
+totalexpert.net, 1
+totalfitnessandmassage.com.au, 1
+totalforcegym.com, 1
+totalfoundationpros.com, 1
+totalhost.gq, 1
+totalinfo.in, 1
+totalintegratedtherapy.com, 1
+totalityservices.co.uk, 1
+totalleedee.com, 1
+totally-dakota.tk, 1
+totallyjessica.tk, 1
+totallylegitimatehosting.ru, 1
+totallynotaserver.com, 1
+totallyrace.tk, 1
+totallystocks.ga, 1
+totalmdplan.com, 1
+totalmerchandise.co.uk, 1
+totalmerda.tk, 1
+totalnormal.tk, 1
+totalofficeclean.co.uk, 1
+totalpackers.com, 1
+totalparts.com.au, 1
+totalsport-bg.com, 1
+totaltriathlon.com, 1
+totalwebmedia.nl, 1
+totalwebpartners.com, 1
+totalzen.ga, 1
+totch.de, 1
+tote.co.uk, 1
+totemgames.tk, 1
+tothetopmentoring.com, 1
+totheweb.com, 1
+totlan.tk, 1
+totnastic.tk, 1
+toto-realestate.com, 1
+totobetty.com, 1
+totodil.es, 1
+totolabs.com, 1
+totolink.tw, 1
+totora.tk, 1
+totstraksonline.nl, 1
+tottoya.com, 1
+totuus.sk, 1
+totvs.com, 1
+toucan-informatique.fr, 1
+touch-up-net.com, 1
+touch.facebook.com, 0
+touch.mail.ru, 1
+touch2ship.com, 1
+touchable.gq, 1
+touchanddraw.tk, 1
+touchbasesm2.ca, 1
+touchboobs.ml, 1
+touchdown.co, 1
+touchfoundation.org, 1
+touchfromtheheartmassagetherapyandreflexology.com, 1
+touchka.ga, 1
+touchmark.tk, 1
+touchmekissmee.com, 1
+touchoflife.in, 1
+touchscreentills.com, 1
+touchspeak.nl, 0
+touchtable.nl, 1
+touchweb.be, 1
+touchweb.ch, 1
+touchweb.fr, 1
+tough-construction.com, 1
+toughcodes.com, 1
+toughcoding.net, 1
+toughguyswyo.com, 1
+touhidur.ru.com, 1
+touhidur.sa.com, 1
+touhidur.studio, 1
+touhidur.tk, 1
+touhidur.xyz, 1
+touhidur.za.com, 1
+touhidurrr.me, 1
+touhou.ac.cn, 0
+touhou.cc, 1
+touhou.tw, 1
+touhouwiki.net, 1
+toujour.top, 1
+toulis.net, 1
+toulouscope.fr, 1
+toulouselautrec.com.br, 1
+toumeitech.com, 1
+toupcreative.com, 1
+touquet-volley.com, 1
+tour-de-franz.bike, 1
+tour-japan.ml, 1
+tour-vietnam.tk, 1
+touray-enterprise.ch, 1
+tourbryansk.tk, 1
+tourcienaga.tk, 1
+tourdatenarchiv.de, 1
+tourdewestwoud.nl, 1
+tourfunnels.com, 1
+tourgest.net, 1
+touringinmorocco.com, 1
+tourism-exegetai.tk, 1
+tourisme-castillonpujols.fr, 1
+tourisme-dordogne-paysfoyen.com, 1
+tourisme-fronsadais.com, 1
+tourismpskov.tk, 1
+tourismtrain.tk, 1
+touristanalyst.ga, 1
+touristmaker.com, 1
+touristsense.com, 1
+tourmalineskincare.com, 1
+tourmaster.com, 1
+tournamentmgr.com, 1
+tournaments.tk, 1
+tournation.info, 1
+touroogle.com, 1
+tours-in-petersburg.tk, 1
+toursaindia.com, 1
+toursandtransfers.it, 0
+tourshopfresno.com, 1
+toursmontessori.com, 1
+tourteller.com, 1
+tourtransferitaly.it, 1
+tourtrektrip.com, 1
+tourweekend.tk, 1
+tourx.co.nz, 1
+tous-travaux.ch, 0
+tousei.tokyo.jp, 1
+toushi-return.xyz, 1
+toushi-shakkin.com, 1
+touslesdrivers.com, 1
+touslesforums.tk, 1
+tout-a-fait.fr, 1
+tout-art.ch, 1
+toutankamon.tk, 1
+toutart.ch, 1
+toutenmusic.fr, 1
+toutmonexam.fr, 1
+toutvendre.be, 1
+toutvendre.ch, 1
+toutvendre.cm, 1
+toutvendre.es, 1
+toutvendre.fr, 1
+toutvendre.lu, 1
+toutvendre.pics, 1
+toutvendre.uk, 1
+toutvendre.us, 1
+touwhalster.tk, 1
+touyatakenaka.tk, 1
+tovaglioli-di-carta.it, 1
+tovanot.biz, 1
+tovare.com, 1
+tovari-rukodeliya.tk, 1
+tovarypochtoj.tk, 1
+toverland-tickets.nl, 1
+tovp.org, 0
+towardsthecloud.com, 1
+towaway.ru, 1
+towellconstruction.ca, 1
+tower.land, 1
+towerdefen.se, 1
+towerdefence.tk, 1
+towerloan.com, 1
+towers-kolomna.tk, 1
+towersstreet.com, 1
+towessi.tk, 1
+town-night.jp, 1
+townforge.net, 1
+townfremontwi.gov, 1
+townhouseregister.com.au, 1
+townifi.ga, 1
+townithacany.gov, 1
+townlaretsota.gq, 1
+townnews.com, 1
+townoconomowoc-wi.gov, 1
+townofadamsgreencountywi.gov, 1
+townofadamsjacksoncowi.gov, 1
+townofadamswi.gov, 1
+townofavonwi.gov, 1
+townofbalsamlakewi.gov, 1
+townofbarneswi.gov, 1
+townofbayfieldwi.gov, 1
+townofbeavermarinettewi.gov, 1
+townofbeecherwi.gov, 1
+townofbelgiumwi.gov, 1
+townofbeloitwi.gov, 1
+townofbrazeauwi.gov, 1
+townofbridgewater.ca, 1
+townofbrillionwi.gov, 1
+townofbrinybreezes-fl.gov, 1
+townofbrooklynwi.gov, 1
+townofbrookwoodal.gov, 1
+townofbrothertownwi.gov, 1
+townofbrunswickwi.gov, 1
+townofbutlerwi.gov, 1
+townofbyronwi.gov, 1
+townofcadizwi.gov, 1
+townofcaledoniacolumbiawi.gov, 1
+townofcampbellwi.gov, 1
+townofcanandaigua.gov, 1
+townofcantonct.gov, 1
+townofcaponbridgewv.gov, 1
+townofcarthagetn.gov, 1
+townofcedarburgwi.gov, 1
+townofchenangony.gov, 1
+townofcherrycreekny.gov, 1
+townofchesterwi.gov, 1
+townofclarnowi.gov, 1
+townofclaytonny.gov, 1
+townofclearfieldwi.gov, 1
+townofclearlakewi.gov, 1
+townofclevelandnc.gov, 1
+townofclymanwi.gov, 1
+townofcohoctonny.gov, 1
+townofcoldspringny.gov, 1
+townofcooperstownwi.gov, 1
+townofcranmoor.gov, 1
+townofdaltonnh.gov, 1
+townofdane.gov, 1
+townofdecaturwi.gov, 1
+townofdepositny.gov, 1
+townofdewhurstwi.gov, 1
+townofdexterwi.gov, 1
+townofdrammen-wi.gov, 1
+townofdraperwi.gov, 1
+townofdrummondmt.gov, 1
+townofdunbarwi.gov, 1
+townofeaugallewi.gov, 1
+townofedenwi.gov, 1
+townofemmetwi.gov, 1
+townofevansny.gov, 1
+townofexcelsiorwi.gov, 1
+townoffairfieldwi.gov, 1
+townoffonddulacwi.gov, 1
+townofforestvernonwi.gov, 1
+townofgalewi.gov, 1
+townofgardenvalleywi.gov, 1
+townofgardnerwi.gov, 1
+townofgermantownwi.gov, 1
+townofgibsonwi.gov, 1
+townofgoldenmeadow-la.gov, 1
+townofgoreok.gov, 1
+townofgraftonwi.gov, 1
+townofgrantsburgwi.gov, 1
+townofgrantshawanowi.gov, 1
+townofgreengrovewi.gov, 1
+townofgreenlake.gov, 1
+townofhamburgny.gov, 1
+townofhamiltonny.gov, 1
+townofharrisonmcwi.gov, 1
+townofhartfordwi.gov, 1
+townofherman-wi.gov, 1
+townofhollandwi.gov, 1
+townofhulbertok.gov, 1
+townofhumeny.gov, 1
+townofhustisford.gov, 1
+townofjacksonadamswi.gov, 1
+townofjacksonwi.gov, 1
+townofjanesvillewi.gov, 1
+townofjohnsonwi.gov, 1
+townofjohnstonsc.gov, 1
+townofjordanwi.gov, 1
+townofkewaskumwi.gov, 1
+townofkeystonewi.gov, 1
+townoflagrangemcwi.gov, 1
+townoflakecityco.gov, 1
+townoflakemarinettewi.gov, 1
+townoflakeviewor.gov, 1
+townoflamartinewi.gov, 1
+townoflandisnc.gov, 1
+townoflebanonny.gov, 1
+townoflebanonwi.gov, 1
+townoflemonweirwi.gov, 1
+townoflenrootwi.gov, 1
+townofleonmocowi.gov, 1
+townofleroywi.gov, 1
+townoflibertyocwi.gov, 1
+townoflincolnforestwi.gov, 1
+townoflindenwi.gov, 1
+townoflomira.gov, 1
+townoflucas-wi.gov, 1
+townofluskwy.gov, 1
+townoflyndonwi.gov, 1
+townoflynneoneidactywi.gov, 1
+townofmackfordwi.gov, 1
+townofmarionwausharawi.gov, 1
+townofmarshfieldwi.gov, 1
+townofmecanwi.gov, 1
+townofmentorwi.gov, 1
+townofmerrillwi.gov, 1
+townofmertonwi.gov, 1
+townofmiltonwi.gov, 1
+townofmineral.net, 1
+townofminocqua.gov, 1
+townofmontereytn.gov, 1
+townofmosineewi.gov, 1
+townofmtpleasantwi.gov, 1
+townofnasewaupeewi.gov, 1
+townofnecedahwi.gov, 1
+townofneenahwi.gov, 1
+townofnevawi.gov, 1
+townofnewdenmarkwi.gov, 1
+townofnewglaruswi.gov, 1
+townofnewhavendunnwi.gov, 1
+townofnewpaltzny.gov, 1
+townofnilesny.gov, 1
+townofnorwaywi.gov, 1
+townofnorwichny.gov, 1
+townofomro.gov, 1
+townofonalaskawi.gov, 1
+townofonondaga.gov, 1
+townoforegonwi.gov, 1
+townofpolk-wi.gov, 1
+townofpoygan.gov, 1
+townofprincessannemd.gov, 1
+townofpulaskiwi.gov, 1
+townofredriverwis.gov, 1
+townofreseburgwi.gov, 1
+townofriblakewi.gov, 1
+townofrichfordwi.gov, 1
+townofrichlandwi.gov, 1
+townofrichmond-walworthwi.gov, 1
+townofrichmondwi.gov, 1
+townofrockwi.gov, 1
+townofrudolphwi.gov, 1
+townofrussellwi.gov, 1
+townofruthnc.gov, 1
+townofrutlandwi.gov, 1
+townofsalemny.gov, 1
+townofsananselmoca.gov, 1
+townofsandcreekwi.gov, 1
+townofsasserga.gov, 1
+townofscottbrownwi.gov, 1
+townofscottsheboyganwi.gov, 1
+townofsenecawoodcowi.gov, 1
+townofsevastopolwi.gov, 1
+townofsheboyganfallswi.gov, 1
+townofsheboyganwi.gov, 1
+townofsidneyny.gov, 1
+townofsigelwoodwi.gov, 1
+townofspiderlakewi.gov, 1
+townofstanley-wi.gov, 1
+townofstarmandny.gov, 1
+townofstockbridge.gov, 1
+townofsturgeonbay-wi.gov, 1
+townofsumrallms.gov, 1
+townofsweetwater.com, 1
+townofsylvesterwi.gov, 1
+townoftaycheedahwi.gov, 1
+townoftheresawi.gov, 1
+townofthomsonmn.gov, 1
+townofthorpwi.gov, 1
+townofthreelakeswi.gov, 1
+townoftroupsburgny.gov, 1
+townofturtlewi.gov, 1
+townofulyssesny.gov, 1
+townofuniondoorwi.gov, 1
+townofuticawi.gov, 1
+townofvarnamtown.gov, 1
+townofvermontwi.gov, 1
+townofveteranny.gov, 1
+townofvinlandwi.gov, 1
+townofwalworthwi.gov, 1
+townofwarrensccwi.gov, 1
+townofwatertownwi.gov, 1
+townofwausaukeewi.gov, 1
+townofwautomawi.gov, 1
+townofwendellnc.gov, 1
+townofwescott-wi.gov, 1
+townofwestfieldsaukwi.gov, 1
+townofwestfordwi.gov, 1
+townofwestportin.gov, 1
+townofweyauwega-wi.gov, 1
+townofwhitewaterwi.gov, 1
+townofwinfieldwi.gov, 1
+townofwinneconne.gov, 1
+townofwittenbergwi.gov, 1
+townofwoodruffwi.gov, 1
+townofwoodvillewi.gov, 1
+townofwordenwi.gov, 1
+townofwrightstownwi.gov, 1
+townofwyomingwi.gov, 1
+townresults.ga, 1
+townshendvt.gov, 1
+townshipofthenorthshore.ca, 1
+townswalker.com, 1
+towolabs.com, 1
+towsonpediatrics.com, 1
+towywebdesigns.uk, 1
+towzone.co.uk, 1
+tox21.gov, 1
+toxicboot.com, 1
+toxicip.com, 1
+toycu.de, 1
+toyduck.ga, 1
+toyfight.co, 0
+toymania.de, 1
+toymarket.tk, 1
+toyonut.co.jp, 0
+toyopac.com, 1
+toyota-kinenkan.com, 1
+toyota.com.sg, 1
+toyotaconnected.co.th, 1
+toyotapartsdeal.com, 1
+toyotapartsprime.com, 1
+toyotasp.ru, 1
+toyouiv.net, 1
+toyouiv.org, 1
+toys-robots.cf, 1
+toys4education.com.au, 1
+toyscenter.it, 1
+toyschina.cf, 1
+toysearcher.ml, 1
+toyshowappeal.ie, 1
+toyshowthemusical.co.uk, 1
+toyshowthemusical.com, 1
+toyshowthemusical.ie, 1
+toysperiod.com, 1
+toysplace.ml, 1
+toystory3.ga, 1
+toyventure.ga, 1
+tozdev.com, 1
+tp-events.co.uk, 1
+tp-genie.com, 1
+tp-properties.co.uk, 1
+tp-shipping.co.uk, 1
+tp-technology.co.uk, 1
+tpa.or.th, 1
+tpala-pg.fr, 1
+tpark.jp, 1
+tpbseries.com, 1
+tpcbf.cn, 1
+tpccf.cn, 1
+tpcff.cn, 1
+tpchan.info, 1
+tpci.biz, 1
+tpcof.cn, 1
+tpcrestorationllc.com, 1
+tpdaniel.fr, 1
+tpedu.eu, 1
+tpedu.hk, 1
+tpedu.nl, 1
+tpeducation.cn, 1
+tpetrov.com, 1
+tpf.hk, 1
+tpgozd.si, 1
+tpiada.tk, 1
+tpk-parma.ru, 1
+tpk.quest, 1
+tplak.com, 1
+tpldevsg-mythiess-dev.azurewebsites.net, 1
+tplive.io, 1
+tplprodsg-mythiess.azurewebsites.net, 1
+tpltestsg-mythiess-test.azurewebsites.net, 1
+tpolemis.com, 1
+tpp-tpc.ga, 1
+tppleague.me, 0
+tpr.hk, 1
+tpress.tk, 1
+tprk.pl, 1
+tpro.rocks, 1
+tproger.ru, 1
+tpu.gay, 1
+tpue.de, 1
+tpx.com, 1
+tqaclark.com, 1
+tqdev.com, 0
+tqdn.cn, 1
+tql.plus, 1
+tqnx.link, 0
+tqsintegration.com, 1
+tr.search.yahoo.com, 0
+tr0n.net, 1
+tr3fit.xyz, 1
+tra-tra.be, 1
+traas.org, 1
+trabaja.xyz, 1
+trabajadormigrante.gov, 1
+trabajaenvitamina.cl, 1
+trabajarytrabajar.com, 1
+trabajoen.com, 1
+trabajoenmx.com, 0
+trabajoreal.com, 1
+trabajouniversitario.tk, 1
+trabalance.com, 1
+trabbel.org, 1
+trabia.com, 1
+traccxs.com, 1
+trace.guru, 1
+trace.moe, 1
+trace2race.com, 1
+traceflix.com, 1
+tracefy.com, 1
+traceheatinguk.co.uk, 1
+tracelight.io, 0
+tracer.gg, 1
+tracercdn.com, 1
+traceroute.guru, 1
+traceroute.link, 1
+traceroute.network, 1
+tracery.jp, 1
+tracesteps.ga, 1
+tracetracker.com, 1
+tracetracker.no, 1
+traceur-france.fr, 1
+traceyjsvorusphd.com, 1
+tracinglineage.com, 1
+tracinsurance.com, 1
+track.plus, 1
+trackadblock.com, 1
+trackballs.gq, 1
+trackchair.com, 1
+trackdays4fun.com, 1
+trackee.link, 1
+tracker-knigi.gq, 1
+tracker.com.ar, 1
+trackerx.ga, 1
+trackeye.dk, 1
+trackify.tk, 1
+trackimo.ca, 1
+tracking-app.tk, 1
+tracking.best, 1
+trackingencomendas.com, 1
+trackinsight.com, 1
+tracklist4u.com, 1
+tracknetsports.com, 1
+trackntack.com, 1
+trackrecord.net, 1
+trackshun.tk, 1
+trackulo.us, 1
+trackyourlogs.com, 1
+tractariauto.tk, 1
+tractarimvbcluj.ro, 1
+tractive.com, 1
+tractor-pulling.fr, 1
+tractor-pulling.tk, 1
+tractorfan.nl, 1
+tractorpumps.com, 1
+tracxn.com, 1
+tracyhaze.net, 1
+tracyrobbinsking.com, 1
+trad-n-vo.com, 1
+trade-arcade.com, 1
+trade-bot.cf, 1
+trade-foods.com, 1
+trade-platform.tk, 1
+trade.gov, 1
+trade.mn, 1
+trade247.exchange, 1
+trade360solutions.com, 1
+tradeandindustrydev.com, 1
+tradebot.cf, 1
+tradebotcompany.ml, 1
+tradebuilders.com.au, 1
+tradebull.co.in, 1
+tradedesk.co.za, 1
+tradedigital.co, 1
+tradeeasy.com, 1
+tradees.com, 1
+tradefxp.com, 1
+tradeinvent.co.uk, 1
+tradeline.vn, 1
+tradelink.cf, 1
+trademarkregistration-coimbatore.com, 1
+trademen.ga, 1
+trademotion.com, 1
+tradeonfx.com, 1
+tradeplotter.com, 1
+traderfox.de, 1
+traderinside.ga, 1
+traderjobs.com, 1
+traderlion.com, 1
+traderpen.com, 1
+tradersclub.com.br, 1
+tradersport.tk, 1
+tradersrank.ga, 1
+tradesafe.co.za, 1
+tradesecretslaw.com, 1
+tradeshift.com, 1
+tradeshowfreightservices.com, 1
+tradesrenovations.ca, 1
+tradet.fi, 1
+tradeview.eu, 1
+tradewithestonia.com, 0
+tradezlist.tk, 1
+tradgardsmart.eu, 1
+tradgardsmart.se, 0
+tradie.com, 1
+tradik.com, 1
+tradinews.com, 1
+tradinews.fr, 1
+trading-academy.cf, 1
+trading-ea.pt, 1
+tradingdeer.io, 1
+tradingfacile.eu, 1
+tradinghelper.be, 1
+tradingtag.ga, 1
+tradingview.com, 1
+tradition-immobilier.com, 1
+tradition.ch, 1
+tradition.com, 1
+traditional.kz, 1
+traditions.nl, 1
+traditionskapperscollege.nl, 1
+traditionsvivantesenimages.ch, 1
+tradreams.com, 1
+tradu.com, 1
+tradymoney.com, 1
+traegerbox.com, 0
+traegergrills.com, 1
+traf-bonus.tk, 1
+trafarm.ro, 1
+traffic.az, 1
+trafficdirection.tk, 1
+trafficgazelles.com, 0
+trafficgenerator.ga, 1
+trafficmanager.com, 1
+trafficmanager.ltd, 1
+trafficmanager.xxx, 1
+trafficmgr.net, 1
+trafficpixel.tk, 0
+trafficsafetymarketing.gov, 1
+trafficsale.cf, 1
+traffixdevices.com, 1
+trafic-wap.tk, 1
+traficmusik.net, 1
+trafik.tk, 1
+trafiken.nu, 1
+trafplus.tk, 1
+tragamonedas-gratis.biz, 1
+tragaver.ga, 1
+traghetti.tk, 1
+tragicallytrumped.com, 1
+tragicempire.tk, 1
+tragmi.ch, 1
+traha.org, 1
+trahnisoseda.tk, 1
+trail-alps.ch, 1
+trail-alps.com, 1
+trail.pink, 1
+trailblazercommunitygroups.com, 1
+trailblazers.tk, 1
+trailcloud.ink, 1
+trailerparty.com, 1
+trailforks.com, 1
+trailrider.tk, 1
+trailrighttraining.com, 1
+trailrunbern.ch, 1
+trails-end.com, 1
+trainable.cf, 1
+trainbusferry.com, 1
+traineeshipplaza.nl, 1
+trainex.org, 1
+trainhornforums.com, 0
+trainiac.com.au, 1
+trainingcentral.cf, 1
+trainingchannel.com, 1
+trainingfitstudio.fr, 1
+trainingflow.com, 1
+traininghamburg.de, 1
+traininglife.org, 1
+trainingminds.nl, 1
+trainingproviderresults.gov, 1
+trainings-handschuhe-test.de, 1
+trainingsalicante.tk, 1
+trainingscatalogus.nl, 1
+trainingsecke.de, 1
+trainingstore.fish, 1
+trainingswiese.at, 1
+trainline.io, 1
+trainmagazine.be, 1
+trainmagazine.de, 1
+trainmagazine.nl, 1
+trainme.nl, 1
+trainoclock.com, 1
+trainplaza.be, 1
+trainplaza.net, 1
+trainplaza.nl, 1
+trains.sexy, 1
+trainsgoodplanesbad.com, 0
+trainsnmore.tv, 1
+traintimes.be, 1
+traintimes.ch, 1
+traintimes.dk, 1
+traintimes.fi, 1
+traintimes.lu, 1
+traintimes.nl, 1
+traintimes.se, 1
+traintoday.ca, 1
+traintowin.tv, 1
+trainwiki.tk, 1
+trainyourtribe.com.au, 1
+traista.ru, 1
+traitement-arthrose.fr, 1
+traitement-punaise.paris, 1
+traiteur-laporte.fr, 1
+traiteurpapillonevents.be, 1
+trajectfoto.nl, 1
+trajectvideo.nl, 1
+trakid.com, 1
+trakkr.tk, 0
+trakmd.com, 1
+trakteershop.tk, 1
+trakteren.tk, 1
+traktor-troubadour.tk, 1
+tralalashow.tk, 1
+tralios.de, 1
+tramadol.ga, 1
+tramadolhcl.ga, 1
+tramclub-basel.ch, 1
+tramikshop.ml, 1
+tramitelegal.com.ar, 1
+tramplin.tk, 1
+tramway.org, 1
+tran.pw, 1
+trance-heal.com, 1
+trance-heal.de, 1
+trance-heal.me, 1
+trance-nation.tk, 1
+trance-zone.tk, 1
+tranceattic.com, 1
+tranceheal.com, 1
+tranceheal.me, 1
+trancehost.com, 1
+trancendances.fr, 1
+tranceparadise.tk, 1
+tranceptortechnology.com, 1
+trandanhland.com, 1
+trangcongnghe.com, 1
+tranhlavender.com, 1
+tranhmonalisa.vn, 1
+tranhvenus.com, 1
+tranmerelectric.com, 1
+trannysurprise.com, 1
+tranquillity.se, 1
+tranquillum.tk, 1
+trans-aliyans.tk, 1
+trans.eu, 1
+transacid.de, 0
+transact-online.co.uk, 1
+transactpaymentsltd.com, 1
+transaminasas.com, 1
+transangels.com, 1
+transangelsnetwork.com, 1
+transanglo.pl, 1
+transappealrights.com, 1
+transav.ru, 1
+transbella.com, 1
+transcend.org, 1
+transcendmotor.sg, 1
+transcendretirement.net, 1
+transco.com.tr, 1
+transcoalition.net, 1
+transcontrol.com.ua, 1
+transcricentro.pt, 1
+transdev.blog, 1
+transdevbus.co.uk, 1
+transdyne.com, 1
+transes.com.tr, 1
+transeshairtransplant.com, 1
+transfair.sh, 1
+transfer-sheregesh.com, 1
+transfer-v-sheregesh.ru, 1
+transfer-vsheregesh.ru, 1
+transfer.pw, 1
+transfera-sheregesh.ru, 1
+transferagent.co, 1
+transferbags.com, 1
+transferistan.com, 1
+transfermate.com, 1
+transfero-sheregesh.ru, 1
+transfers-sheregesh.ru, 1
+transferserver.at, 1
+transferwiseturkiye.com.tr, 1
+transfery-sheregesh.ru, 1
+transfigurewizard.com, 1
+transforleren.nl, 1
+transformaniatime.com, 1
+transformation.gouv.fr, 1
+transformersmmdb.tk, 1
+transformyourmarketing.com, 1
+transforumation.com, 1
+transfurrmation.town, 1
+transgendergedenkdag.nl, 1
+transgenderinfo.nl, 1
+transgendernetwerk.nl, 1
+transgendernetwerk.org, 1
+transglobelogistiques.com, 1
+transharder.com, 1
+transhumanism.co.uk, 1
+transhumanism.com, 1
+transhumanism.org, 1
+transhumanist.co.uk, 1
+transhumanist.com, 1
+transhumanist.net, 1
+transhumanist.org, 1
+transhumanist.uk, 0
+transinbeeld.nl, 1
+transit.my.id, 1
+transitables.tk, 1
+transitllc.ru, 1
+transito.tk, 1
+transitownplaza.com, 1
+transitpoint.us, 1
+translab.ir, 1
+translate-polish.com, 1
+translate.googleapis.com, 1
+translatedict.com, 1
+translation-services.ga, 1
+translation.ca, 1
+translationge.com, 1
+translations.com, 1
+translationsfirm.tk, 1
+translationsnz.com, 1
+translatorall.tk, 1
+translatorglobal.tk, 1
+translatoruk.co.uk, 0
+translink.com.au, 1
+translit-net.tk, 1
+translit.ga, 1
+translit.ru, 1
+transmarttouring.com, 1
+transmitit.pl, 1
+transmitrecordings.com, 1
+transmoni.vn, 1
+transmutatie.nl, 1
+transnexus.com, 1
+transon.tk, 1
+transpak-cn.com, 1
+transparency.cf, 1
+transparencyinadmissions.org, 1
+transparencynj.com, 1
+transparent.cf, 1
+transparentpng.com, 1
+transperfect.com, 1
+transport-gura-portitei.com, 1
+transport-gura-portitei.contact, 1
+transporta.it, 1
+transportdebateauxmp.ca, 1
+transporterlock.com, 0
+transporteselsol.com, 0
+transportesvarelacr.com, 1
+transportnews.tk, 1
+transsensual.com, 1
+transservice.net.ua, 1
+transsexualpantyhose.com, 1
+transsrit.tk, 1
+transtaboo.com, 1
+transtrack.net, 1
+transtur.tk, 1
+transumption.com, 1
+transvault.com, 1
+transwank.com, 1
+transwestern.com, 1
+transwestern.net, 1
+trantrongtri.info, 1
+tranvia.info, 1
+tranzact.net, 1
+tranzron.ga, 1
+trapay.net, 1
+trapcall.com, 1
+trapichelaesperanza.com, 1
+trapkitchen.ml, 1
+trappednerve.org, 1
+trappersoutfitters.tk, 1
+traproulette.com, 1
+trapsdirect.com, 1
+trapsexy.com, 1
+trapsexy.net, 1
+trapsexy.org, 1
+trapz.xyz, 1
+trarch.com, 1
+trasandino.tk, 1
+trasatsatelital.com.ar, 1
+trash2treasurecreations.co.za, 1
+trashcanheroes.tk, 1
+trashcraft.tk, 1
+trashexpert.ru, 1
+trashmail.com, 1
+trashnothing.com, 1
+trashpanda.website, 1
+trashwagon.club, 1
+trashy-gypsy.com, 1
+trashylingerie.ga, 1
+traslocare.roma.it, 1
+traslocatore.roma.it, 1
+traslochi-trasporti-facchinaggio.it, 1
+traslochi.napoli.it, 1
+traslochiinternazionali.it, 1
+trasloco.milano.it, 1
+trasloedil.it, 1
+trasportatori.it, 1
+trasportoambulanzaprivata.it, 1
+tratamentoparacelulite.net, 1
+tratt.net, 1
+trattamenti.biz, 1
+trattamento-cotto.it, 1
+trattamentocotto.roma.it, 1
+trauerbegleitung-kudla.de, 1
+trauertexte.info, 1
+traumaberatung-lindner.de, 1
+traumahealing.com, 1
+traumarecoverysupport.com, 1
+traumfaenger.tk, 1
+traumobjekte.com, 1
+traumobjekte.info, 1
+traumschwingen.de, 1
+traumtrauringe.de, 1
+traut.cloud, 1
+travador.com, 1
+trave.africa, 1
+travel-and-cache.de, 0
+travel-cube.ml, 1
+travel-dealz.de, 1
+travel-rus-club.tk, 1
+travel-to-cuba.tk, 1
+travel-trek.tk, 1
+travel101.tk, 1
+travel2macedonia.com, 1
+travel2macedonia.com.mk, 1
+travel2macedonia.mk, 1
+travel2next.com, 1
+travel2you.ru, 1
+travel365.it, 1
+travel4history.nl, 1
+travel4news.at, 1
+traveladdiction.tk, 1
+traveladventure.ml, 1
+travelairtravel.com, 1
+travelamm.com, 1
+travelanchor.ga, 1
+travelandtourism.tk, 1
+travelarmenia.org, 1
+travelaround.tk, 1
+travelassist.us.com, 1
+travelastscom.ga, 1
+travelback.ga, 1
+travelbangladesh.ga, 1
+travelbiz.cf, 1
+travelbiz.ga, 1
+travelbiz.gq, 1
+travelbuddiesperu.com, 1
+travelbunny.ga, 1
+travelcellar.ga, 1
+travelcenter.tk, 1
+travelchannel.ml, 1
+travelcharm.ga, 1
+travelcheapdeals.com, 1
+travelcircus.ga, 1
+travelclinic.ml, 1
+travelclube.com, 1
+travelclube.com.pt, 1
+travelcollect.ga, 1
+travelcollections.ga, 1
+travelcolor.ga, 1
+travelcompany.tk, 1
+travelcrown.ga, 1
+traveldir.ga, 1
+traveldodge.ga, 1
+traveldoo.com, 1
+traveldragon.ga, 1
+travelecho.ga, 1
+traveleets.com, 1
+travelepoch.com, 1
+travelera.tk, 1
+travelerspress.com, 1
+travelersuniverse.com, 1
+travelescape.tk, 1
+traveleurope.ml, 1
+travelexbiz.com, 1
+travelexecutive.de, 1
+travelexinternational.com, 1
+travelexpress.tk, 1
+travelfeature.ga, 1
+travelfield.org, 1
+travelfiesta.ga, 1
+travelflighthotel.com, 1
+travelfoot.com, 1
+travelfriend.tk, 1
+travelfusion.com, 1
+travelgang.ga, 1
+travelgirlsclub.com, 1
+travelglamour.ga, 1
+travelgratis.ga, 1
+travelhands.ga, 1
+travelholicworld.com, 1
+travelhoppers.com, 1
+travelhusky.ga, 1
+traveling-thailand.info, 1
+travelingagency.tk, 1
+travelingbagsmke.com, 0
+travelingthevortex.com, 1
+travelinsurance.co.nz, 1
+travelinsurance.ga, 1
+travelinsured.com, 1
+travelist.co.nz, 1
+traveljunkie.tips, 1
+travelkatta.in, 1
+travelknowledge.org, 1
+travellegacy.ga, 1
+travellets.tk, 1
+travellinginmorocco.com, 1
+travellingplanetearth.com, 1
+travellings.cn, 0
+travellinks.tk, 1
+travellittle.ga, 1
+travellovers.fr, 1
+travelmap.net, 1
+travelmate.cf, 1
+travelmember.ga, 1
+travelmexico42.com, 1
+travelmindsets.com, 1
+travelmontenegro.tk, 1
+travelnano.ga, 1
+travelnatural.ga, 1
+travelnetwork.tk, 1
+travelnews.cf, 1
+travelni.com, 1
+travelnotoria.com, 1
+travelnumber.ga, 1
+travelodge.co.uk, 1
+traveloffline.ga, 1
+travelogue.jp, 1
+travelomega.ga, 1
+travelongravel.tk, 1
+travelook.ml, 1
+travelopedia.ga, 1
+travelouter.ga, 1
+travelove.tk, 1
+travelovernight.ga, 1
+travelpeace.ga, 1
+travelpearl.ga, 1
+travelpenguin.nl, 1
+travelphilippines.tk, 1
+travelphoto.cc, 1
+travelphotographycourse.com, 1
+travelplatinum.ga, 1
+travelplum.ga, 1
+travelpremier.ga, 1
+travelpremium.ga, 1
+travelprestige.ga, 1
+travelpride.ga, 1
+travelquantum.ga, 1
+travelrail.ga, 1
+travelrates.ga, 1
+travelraven.ga, 1
+travelrefund.com, 1
+travelreviews.tk, 1
+travelriny.com, 1
+travelsets.com, 1
+travelshelper.com, 1
+travelshopbooking.com, 1
+travelsignature.ga, 1
+travelsites.cf, 1
+travelsites.tk, 1
+travelsoldier.ga, 1
+travelsonic.ga, 1
+travelsouthbeach.ga, 1
+travelstation.tk, 1
+travelstrokes.com, 1
+travelsunflower.ga, 1
+travelsuperhero.ga, 1
+travelsurprise.ga, 1
+traveltains.com, 1
+traveltalk.tk, 1
+travelthing.io, 1
+travelthisweekend.com, 1
+travelthunder.ga, 1
+traveltimeagency.com, 1
+traveltomachupichu.com, 1
+traveltourist.tk, 1
+traveltovietnam.ga, 1
+traveltruster.com, 0
+travelturbo.ga, 1
+travelultra.ga, 1
+travelunicorns.com, 1
+travelunique.ga, 1
+travelup.com, 1
+travelurban.ga, 1
+travelus.nl, 1
+travelvacancy.tk, 1
+travelvictory.ga, 1
+travelvisit.cf, 1
+travelways.ml, 1
+travelwithbender.com, 1
+travelwithjack.com, 1
+travelzoneshop.com, 1
+traverse.com.ua, 0
+travi.org, 1
+travianbattleplanner.com, 1
+travin.tk, 1
+travis.nl, 1
+traviscoesd1tx.gov, 1
+travisf.net, 1
+travisflix.com, 1
+travisforte.io, 1
+travisfranck.com, 1
+travishenning.com, 1
+travislord.xyz, 1
+travkolyl.gq, 1
+travler.net, 1
+travnik24.tk, 1
+travotion.com, 1
+travuscka.ru, 1
+trawox.com, 1
+traws.cymru, 1
+traxpayroll.com, 1
+traxstage.com, 1
+trayinc.com, 1
+trayport.com, 1
+traza.cl, 1
+trazodoneonline.tk, 1
+trazodononline.gq, 1
+trazs.com, 1
+trbanka.com, 1
+trblwlf.net, 1
+trcollaborative.com, 1
+trcont.com, 1
+trdepoist.net, 1
+treaslockbox.gov, 1
+treasureboxgreetings.com, 1
+treasurechina.com, 1
+treasureislandbeads.ga, 1
+treasurejewelry.shop, 0
+treasuremountainmining.com, 1
+treasuretrooperguide.tk, 1
+treasury.gov.lk, 1
+treasurydirect.gov, 1
+treasuryhunt.gov, 1
+treasuryofgreatchildrensbooks.com, 1
+treasuryscams.gov, 1
+treatyoakdental.com, 1
+treatyoself.com.au, 1
+trebek.club, 1
+trebilfoundationsystems.com, 1
+trebnie.nl, 1
+trecebits.com, 1
+trecobox.com.br, 1
+tredegar.com, 1
+tredegarsurfaceprotection.com, 1
+tredto.com, 1
+tree.gdn, 1
+tree0.xyz, 1
+treebaglia.xyz, 1
+treecycle.com.au, 1
+treedoctornearme.com, 1
+treehorn.nl, 1
+treehouseresort.nl, 1
+treeliss.com.br, 1
+treemadeiras.com.br, 1
+treeremovalfourways.co.za, 1
+treeremovalsboksburg.co.za, 1
+treesonthemove.com, 1
+treestarmarketing.com, 1
+treevectors.com, 1
+treexy.com, 1
+treezone.net, 1
+trefpuntdemeent.nl, 1
+treier.xyz, 1
+treinmagazine.be, 1
+treinmagazine.nl, 1
+treinonerd.com, 1
+treinonline.tk, 1
+treintijden.com, 1
+trek-planet.ru, 1
+trekamdienstag.de, 1
+trekintel.com, 1
+trekkertrek.tk, 1
+trekkertrekharpel.tk, 1
+trekking-friends.ch, 1
+trekkinglab.org, 1
+trekonbh.com, 1
+trekosecia.com.br, 1
+trekscaper.tk, 1
+trelleborg.se, 1
+trelliscompany.org, 1
+trembler.org, 1
+treml-sturm.com, 1
+tremol-spedition.com, 1
+tremontil.gov, 1
+tremors.tk, 1
+trempcountywi.gov, 1
+trenchapps.com, 1
+trend-calendar.com, 1
+trend-shop.ga, 1
+trendegypt.ml, 1
+trendier.com.co, 1
+trendier.mx, 1
+trendingaffords.com, 1
+trendingdeals.ga, 1
+trendingeducation.tk, 1
+trendingknow.tk, 1
+trendingnewswala.online, 1
+trendingstory.tk, 1
+trendingxxl.nl, 1
+trendkraft.de, 1
+trendme.ga, 1
+trendnews.cf, 1
+trendnews.gq, 1
+trendntech.com, 1
+trendocracy.cf, 1
+trendocracy.ga, 1
+trendocracy.gq, 1
+trendocracy.ml, 1
+trendpanel.tk, 1
+trendparty.net, 1
+trendpie.com, 1
+trendreportdeals.com, 1
+trends-news.tk, 1
+trendsce.com.br, 1
+trendtesettur.com, 0
+trendware.de, 1
+trendycrowds.com, 1
+trendydips.com, 1
+trendyolgo.com, 0
+trendzilla.ga, 1
+treningo.rs, 1
+trenorario.it, 1
+trenta.fr, 1
+trentinogenealogy.com, 1
+trentonmakesnews.com, 1
+trentonoh.gov, 1
+trentotoday.it, 1
+trenujskutecznie.com, 1
+trenztec.ml, 1
+tresen-demo.com, 1
+treshermanasshop.com, 1
+tresmaistres.com.br, 1
+tresor.it, 1
+tresorit.com, 1
+tresoro.at, 1
+tresoro.de, 1
+trespedia.com, 1
+tresredatores.tk, 1
+tresscabelos.com.br, 1
+tretail.net, 1
+tretinoin.gq, 1
+treurtransport.tk, 1
+trevea.fi, 1
+trevisotoday.it, 1
+trevo-lotofacil.com.br, 0
+trevorkay.tk, 1
+trevormarron.co.uk, 1
+trevsanders.co.uk, 1
+trexedia.com, 1
+trexweb.tk, 1
+trezor.io, 1
+trezy.me, 1
+trezy.net, 1
+trfmn.gov, 1
+trhastane.com, 1
+trhknih.cz, 1
+tri.gg, 1
+triad.earth, 1
+triadtool.com, 1
+triage.clinic, 1
+triage.com, 1
+triage.md, 1
+triageclinic.com, 1
+triageforensic.com, 1
+trial-server.tk, 1
+trialandsuccess.nl, 1
+trialbyfire.tk, 1
+trialmaaskant.tk, 1
+trials.tk, 1
+trialweb.com.br, 1
+triangela.com, 1
+triangela.se, 1
+triangle-energie.com, 1
+trianglecastles.co.uk, 1
+trianglelawngames.com, 1
+trianglepwh.com, 1
+trianglewaverecords.tk, 1
+trib.com, 1
+tribac.de, 1
+tribaldos.com, 0
+tribaljusticeandsafety.gov, 1
+tribalwarsstyles.tk, 1
+tribalzone.tk, 1
+tribe.rs, 1
+tribeca-it.com, 1
+tribecalawsuitloans.com, 1
+tribefanaticsunited.tk, 1
+tribesbeekeepersassociation.com, 0
+tribesofneurot.tk, 1
+tribetokes.com, 1
+tribetrails.com, 1
+tribinary.tk, 1
+tribistovo.tk, 1
+tribunatv.ml, 1
+tribunesia.ga, 1
+tribut.de, 1
+tributh.cf, 1
+tributh.ga, 1
+tributh.gq, 1
+tributh.ml, 1
+tributh.net, 1
+tributh.tk, 1
+tributoconsuegra.tk, 1
+tricare.mil, 1
+tricefy4.com, 1
+tricetirisad.me, 1
+tricherenligne.com, 1
+triciaree.com, 1
+tricityhelpline.com, 1
+tricityrogues.eu, 1
+trickedguys.com, 1
+trickle.works, 1
+tricksforgreeks.com, 1
+trico-pigmentazione.it, 1
+tricolortotal.tk, 1
+tricordmedia.ca, 1
+tricountyathome.com, 1
+tricountyhealthut.gov, 1
+tricountyheatingcooling.com, 1
+tridena.com, 1
+trident-online.de, 1
+trident1000logoi.gr, 1
+tridentdiagnostics.com, 1
+tridentfreightinc.com, 1
+tridentmedia.gq, 1
+tridindia.com, 1
+tridnice.eu, 1
+tridoor.com, 1
+triedandtruebytrista.com, 1
+triefenbach.com, 1
+triefenbach.eu, 1
+triesteprima.it, 1
+trietment.com, 0
+trieuvy.com, 1
+trifence.ch, 1
+trifence.eu, 1
+trifence.net, 1
+trifence.org, 1
+trifiro.it, 1
+trigate.io, 1
+triggeredpaintz.com, 1
+triggertraders.com, 1
+trigirlpainting.com, 1
+triglovian-clades.com, 1
+trigraph.net, 1
+trigueros.tk, 1
+trigular.de, 1
+trihard.space, 1
+trihedron.tk, 1
+trihunter6000.com, 1
+trik-komputer.tk, 1
+trik.es, 0
+triker.tk, 1
+trikeweb.com, 1
+trikuj.cz, 1
+trillian.im, 1
+trilliondigital.io, 1
+trilliux.me, 1
+trilogymp.com, 1
+trim21.cn, 1
+trimage.org, 1
+trimarix.de, 1
+trimblenetworks.com.au, 1
+trimbletl.com, 0
+trimental.de, 1
+trimill.xyz, 1
+trimjoinerycentralcoast.com.au, 1
+trimsalon.tk, 1
+trimsalonelst.nl, 1
+trimtone.com, 1
+trimyourbushforallah.com, 0
+trinary.ca, 0
+trinary.tk, 1
+trindonball.com, 1
+trineco.cloud, 1
+trineco.com, 1
+trineco.fi, 1
+tringle.org, 1
+trinhhoangtien.vn, 1
+trinhtrongson.tk, 1
+trini.tk, 1
+trinitasgyor.hu, 1
+trinitatis-leipzig.de, 1
+trinitatiskindergarten.de, 1
+trinitatiskirche-leipzig.de, 1
+trinity.fr.eu.org, 1
+trinity.one, 1
+trinitycore.org, 1
+trinityradioandvideo.org, 1
+trinitysurfaces.com, 1
+trinitywernersville.org, 1
+trinityyardgreetings.com, 1
+trink-und-partyspiele.de, 1
+trinnes.net, 1
+trintocpenalcu.com, 1
+trio.online, 1
+triollo-rural.tk, 1
+triomedspa.com, 1
+triomoda.com.br, 1
+trionyx.ph, 1
+triop.se, 1
+triozon.hu, 1
+trip.my, 1
+tripadvicestore.tk, 1
+tripanimal.tk, 1
+triperapp.com, 1
+tripguide.is, 1
+tripisland.tk, 1
+triple1.net, 1
+tripleblossom.com, 1
+triplecrownsports.com, 1
+triplefork.com.ua, 1
+triplejprints.com, 1
+triplekeys.net, 1
+tripleone.co.uk, 1
+triplesixdesigns.com, 1
+triplethreatband.tk, 1
+triplevision.nl, 1
+triplicate.gq, 1
+tripmakery.com, 1
+tripoli.org, 1
+tripolinews.tk, 1
+tripomanija.tk, 1
+tripout.tech, 1
+tripozo.com, 1
+tripp.xyz, 1
+trippati.com, 1
+tripport.com.do, 1
+tripspoint.com, 1
+triptravels.tk, 1
+tripwire.io, 1
+trisect.uk, 1
+trish-mcevoy.ru, 1
+trisha.tk, 1
+trisolaris.co.uk, 1
+trisomie21-normandie.org, 1
+trissiethehusky.rocks, 1
+tristan.moe, 1
+tristanfarkas.one, 1
+tristatechess.com, 1
+trit.pro, 1
+tritium.cf, 1
+tritoncc.com, 1
+triumc.org, 1
+triumph-duesseldorf.com, 1
+triumph-gera.de, 1
+triumph-hannover.de, 1
+triumph-rheinhessen.de, 1
+triumph-schongau.de, 1
+triumph-stuttgart.de, 1
+trixiebooru.org, 1
+trixietainted.net, 1
+trixy.com.br, 1
+triz.co.uk, 0
+trizettoprovider.com, 1
+trkhosting.ga, 1
+trkmakine.com.tr, 1
+trkpuls.tk, 1
+trmgo.de, 1
+troc.co.il, 1
+trocaire.org, 1
+trochoi.net, 1
+trockendock.ch, 1
+trockner-fehler.site, 1
+trodat.cf, 1
+trodniescis.gq, 1
+troedel-trolle.de, 1
+troedelhannes.at, 1
+trofeosylogros.com, 1
+trogloditas.tk, 1
+troi.de, 1
+troiaconsultoria.com.br, 1
+troianet.com.br, 1
+trojanchronicles.tk, 1
+trojanherring.com, 1
+trojanrecords.com, 1
+trok.co.il, 1
+trolebusesdevalparaiso.tk, 1
+troll-gaming.tk, 1
+trolla.us, 1
+trolldesign.cf, 1
+trolldi.eu, 1
+trolldi.eu.org, 1
+trollforums.gq, 1
+trollgetslucky.tk, 1
+trollhanttan.cf, 1
+trollhanttan.ga, 1
+trollhanttan.gq, 1
+trollhanttan.tk, 1
+trolliet.fr, 1
+trolling.gq, 1
+trollingeffects.org, 1
+trollmoa.se, 0
+trollolo.tk, 1
+trollos.cf, 1
+trollos.ga, 1
+trollos.gq, 1
+trollos.tk, 1
+trollscave.xyz, 1
+trom.tf, 1
+trommelwirbel.com, 1
+trommstone.de, 1
+trongkhanh.com, 1
+tronika.no, 1
+tronlaserarena.cz, 1
+tronmeo.com, 1
+tronnews.best, 1
+tronnews.co, 1
+tronnews.global, 1
+tronnews.life, 1
+tronnews.live, 1
+tronnews.me, 1
+tronnews.news, 1
+tronnews.world, 1
+tronnews.xyz, 1
+troomcafe.com, 1
+troonnorthgolf.com, 0
+troopaid.info, 1
+troopers.de, 1
+trophcomplewin.ml, 1
+trophy-discount.com, 1
+trophykoi.tk, 1
+trophyshopinc.com, 1
+tropicalhurricanetracker.com, 1
+tropicalislands.tk, 1
+tropicalstandard.com, 1
+tropicalticket.cf, 1
+tropicalticket.ml, 1
+tropicaltravelco.com, 1
+tropicpet.vn, 1
+tropikdeniz.com.tr, 1
+tropiki.tk, 1
+tropiweb.tk, 1
+tropixshipping.com, 1
+troplo.com, 1
+troplo.com.au, 1
+troplo.eu.org, 1
+tropofy.com, 1
+troppotogo.it, 1
+troqueladoras.online, 1
+trosell.net, 1
+trosinenko.com, 1
+tross.tk, 1
+trotec.com, 1
+trotter.cf, 1
+troubles.ru, 1
+troubleshooter.xyz, 1
+troubleshooting.cz, 1
+troubleshooting.support, 1
+troubleshooting.tools, 1
+troubleshootyourvehicle.com, 1
+troupcountyga.gov, 1
+trousers.co.uk, 1
+trouvenet.tk, 1
+trouver-son-chemin.com, 1
+trouvetonbusiness.com, 1
+trouvetonplancul.fr, 1
+trouvez.tk, 1
+trouvons.org, 1
+trouw.nl, 1
+trouwrijk.nl, 1
+trovaprezzi.it, 1
+trovas.ch, 1
+trove.com, 1
+troxal.com, 1
+troyanos.uy, 1
+troyfawkes.com, 1
+troyflexpay.com, 1
+troyhunt.com, 1
+troyhuntstress.com, 1
+troyhuntsucks.com, 1
+troyjanda.com, 1
+troykao.com, 1
+troytn.gov, 1
+troytwpdelawareoh.gov, 1
+troywalworthwi.gov, 1
+troywistcroix.gov, 1
+trpa.gov, 1
+trs.tn, 1
+trtadalafilone.com, 1
+trtadalafilone.net, 1
+trtasarim.tk, 1
+tru.ltd, 1
+truasset.com, 1
+trubapro.com, 0
+trubmet.tk, 1
+trubos.com.ua, 1
+trucatout.tk, 1
+trucchibellezza.com, 1
+trucchibellezza.it, 1
+truckcord.com, 1
+truckdeal.com.ph, 1
+truckerjobusa.com, 1
+truckersdatabase.cf, 1
+truckersmp.com, 1
+truckersworld.tk, 1
+truckingks.gov, 1
+truckkss.com, 1
+truckscout24.at, 1
+truckscout24.be, 1
+truckscout24.bg, 1
+truckscout24.com, 1
+truckscout24.cz, 1
+truckscout24.de, 1
+truckscout24.dk, 1
+truckscout24.es, 1
+truckscout24.fr, 1
+truckscout24.gr, 1
+truckscout24.hu, 1
+truckscout24.it, 1
+truckscout24.lt, 1
+truckscout24.lv, 1
+truckscout24.nl, 1
+truckscout24.pl, 1
+truckscout24.pt, 1
+truckscout24.ro, 1
+truckscout24.ru, 1
+truckscout24.se, 1
+truckscout24.si, 1
+truckshina-plus.com.ua, 1
+truckspring.com, 1
+trucockpit-demo.com, 1
+trucockpit.ch, 1
+trucockpit.com, 1
+trucosparaelbruto.tk, 1
+trucosuso.org, 1
+trucoswindows.net, 0
+trudicollus.com, 1
+trudyblackcrow.tk, 1
+true-colors.tk, 1
+true-itk.de, 1
+trueachievements.com, 1
+trueamateurs.com, 1
+trueasia.ga, 1
+truebarbershopinc.com, 1
+trueccu.com, 1
+truechimer.com, 1
+truecircumcision.tk, 1
+truecosmos.com, 1
+truecrimedaily.com, 1
+truedarkness.tk, 1
+trueduality.net, 1
+trueflowplumbing.com, 1
+trueformroofing.co.nz, 1
+truegether.com, 1
+truegunvalue.com, 1
+truehealth.tk, 1
+truekey.com, 1
+truelovesakuya.info, 1
+trueminecraft.com, 1
+truenorthartcollektive.com, 1
+truenorthseedbank.com, 1
+truentumvet.it, 1
+truepartner.academy, 1
+truepartner.asia, 1
+truepartner.capital, 1
+truepartner.cn, 1
+truepartner.education, 1
+truepartner.email, 1
+truepartner.eu, 1
+truepartner.fund, 1
+truepartner.group, 1
+truepartner.hk, 1
+truepartner.holdings, 1
+truepartner.limited, 1
+truepartner.ltd, 1
+truepartner.nl, 1
+truepartner.sg, 1
+truepartner.software, 1
+truepartner.tech, 1
+truepartner.technology, 1
+truepartner.university, 1
+truepartner.us, 1
+truepartneradvisor.cn, 1
+truepartneradvisor.com, 1
+truepartneradvisor.nl, 1
+truepartnercapital.cn, 1
+truepartnercapital.hk, 1
+truepartnercapital.holdings, 1
+truepartnercapital.net, 1
+truepartnercapital.nl, 1
+truepartnercapital.org, 1
+truepartnercapital.sg, 1
+truepartnercapital.us, 1
+truepartnercapitaladvisor.nl, 1
+truepartnercapitalusa.com, 1
+truepartnerchinabondfund.cn, 1
+truepartnerchinafund.cn, 1
+truepartnerchinafuturesfund.cn, 1
+truepartnerchinagrowthfund.cn, 1
+truepartnerchinaoptionsfund.cn, 1
+truepartneredu.com, 1
+truepartnereducation.cn, 1
+truepartnereducation.com, 1
+truepartnerfund.cn, 1
+truepartnerfund.hk, 1
+truepartnerfund.nl, 1
+truepartnerinvestment.com, 1
+truepartnerinvestments.cn, 1
+truepartnerinvestments.com, 1
+truepartnerinvestments.com.hk, 1
+truepartnerinvestments.hk, 1
+truepartnertech.com, 1
+truepartnertech.nl, 1
+truepartnertech.sg, 1
+truepartnertechnology.com, 1
+truepartnertechnology.nl, 1
+truepartnertechnology.sg, 1
+truereligionjeanstore.tk, 1
+truerizm.ru, 1
+truescreen.io, 1
+trueseeing.com, 1
+truessl.shop, 1
+truesteamachievements.com, 1
+truestor.com, 1
+truetraveller.com, 1
+truetrophies.com, 1
+truetype.tech, 1
+truewateraustralia.com, 1
+trueweb.es, 1
+truewinter.net, 1
+truework.com, 1
+trueworlds.net, 1
+truffe.uk, 1
+trufflemonkey.co.uk, 1
+trufflepig-forensics.com, 1
+truhlarstvi-fise.cz, 1
+truimo.com, 1
+truklink.cf, 1
+truklink.ga, 1
+truklink.gq, 1
+trulock.tk, 1
+trulycharmed.tk, 1
+trumanlibrary.gov, 1
+trumanlibrary.org, 1
+trummer.xyz, 1
+trumpet-call.org, 1
+trumpet-whistleblowing.eu, 1
+trumplibrary.gov, 1
+trumppresidency.org, 1
+trumptragedy.com, 1
+trumptragic.com, 1
+trumpwhitehouse.gov, 1
+trumtruyen.vn, 1
+truncus-encephali.co.uk, 1
+trundr.com, 1
+trunix-forum.tk, 1
+trunk-show.net, 1
+truong.fi, 1
+truonganhdecor.com, 1
+truongnguyen.live, 1
+truongthanhaudio.com, 1
+truopio.com, 1
+truqu.com, 1
+trureg.uk, 1
+truromusicteacher.co.uk, 1
+trusecurity.gq, 1
+truserve.org, 1
+trusifan.tk, 1
+trusitio.com, 1
+truskmedia.tk, 1
+trussgenius.com, 1
+trussville.gov, 1
+trust-btc.ml, 1
+trust-ted.co.uk, 1
+trust.com, 1
+trust.zone, 1
+trust2protect.de, 1
+trustarts.org, 1
+trustcert.net, 1
+trustcert.org, 1
+trustednetworks.nl, 1
+trustedpropertymanagement.net, 1
+trustedtoolbox.com, 1
+trustee.deals, 1
+trusthook.tk, 1
+trusthub.com, 1
+trustmymail.org, 1
+trustnet.co.il, 0
+trustology.io, 1
+trustpoint.one, 1
+trustreview.tk, 1
+trustserv.de, 1
+trustswiftly.com, 1
+trustvox.com.br, 1
+trustycloud.net, 1
+truten.tk, 1
+truth.com, 1
+truth.tk, 1
+truthdancer.com, 1
+truthmessages.pw, 1
+truthre.org, 1
+truthsayer.tk, 1
+truthsocial.com, 1
+trutrip.co, 1
+truvayangin.tk, 1
+trux.tk, 1
+truxton.tk, 1
+truyen-hentai.co.uk, 1
+truyen-hentai.com, 1
+truyen-hentai.de, 1
+truyen-hentai.fr, 1
+truyen-hentai.ru, 1
+truyenfull.vn, 1
+truyenkiemhiep.com.vn, 1
+truyenmoi.org, 1
+truyenmoivn.com, 1
+truyentienhiep.com.vn, 1
+trveled.com, 1
+trw-reseller.com, 1
+trxnews.today, 1
+try2admin.pw, 1
+try2hack.it, 1
+tryaatos.com, 1
+trybabyschoice.com, 1
+trycaviar.com, 1
+trychameleon.com, 1
+trydoggo.com, 1
+tryfabulousdiet.com, 1
+tryfabulousskincream.com, 1
+tryfabulousskinserum.com, 1
+tryfrontline.cloud, 1
+tryhexadecimal.com, 1
+tryin.cz, 1
+tryingtotakeoversweden.tk, 1
+tryingtotakeovertheworld.tk, 1
+tryitonline.net, 1
+tryk.tk, 1
+tryknow.com, 1
+trymegadrol.com, 1
+tryndraze.com, 1
+trynewjobs.com, 1
+trynowrinkleseyeserum.com, 1
+trynta.net, 1
+tryonnc.gov, 1
+tryplo.ca, 1
+tryplo.io, 1
+tryplo.net, 1
+tryplo.org, 1
+tryplo.xyz, 1
+trypt.am, 1
+tryptamine.tk, 1
+tryramp.com, 1
+tryreason.com, 1
+tryrebooting.tech, 1
+tryrfsfirst.co.uk, 1
+trystagency.com, 1
+tryti.me, 1
+trytivi.com, 1
+tryupdates.com, 1
+trywesayyes.com, 1
+trz.cz, 1
+ts-farm.ru, 1
+ts-folienmontage.de, 1
+ts-pro-consulting.de, 1
+ts-projects.tk, 1
+ts-public.tk, 1
+ts3-legenda.tech, 1
+ts3.ink, 0
+ts3frei.eu, 1
+ts4rent.eu, 1
+ts5server.eu, 1
+tsacareer.com, 1
+tsacasa.com, 1
+tsacbttest.com, 1
+tsachs.eu, 1
+tsacloud.ml, 1
+tsahf.com, 1
+tsai.com.de, 1
+tsakanakis.tk, 1
+tsaro.io, 1
+tsatestprep.com, 1
+tsatsalashvili.com, 1
+tsb.co.uk, 1
+tsbg.com, 1
+tsbraz.com, 1
+tsbraz.com.br, 1
+tsc.gov, 1
+tsc.tax, 1
+tscampus.online, 1
+tschuermans.be, 0
+tsedryk.ca, 1
+tseng.dedyn.io, 1
+tsentrobuv.tk, 1
+tsenv.net, 1
+tsfempleos.com, 1
+tsg0o0.com, 1
+tsgbcs.org, 1
+tsgbit.net, 1
+tshirai.work, 1
+tshirtgenerator.ga, 1
+tshirtmemoryquilts.com, 1
+tshirtscapetown.com, 1
+tsia.com, 1
+tsico.com, 1
+tsicons.com, 1
+tsig.nl, 1
+tsigaradiko.com, 1
+tsimg.space, 1
+tsiolakisfurs.com, 1
+tsironis-olivenoel.de, 1
+tsja.tk, 1
+tsk.ovh, 1
+tskikoh.com, 1
+tskimwagner.com, 1
+tsla.nu, 1
+tslcontractors.co.uk, 1
+tsmasseur.com, 1
+tsmgroup2.biz, 1
+tsmost.cz, 1
+tsna.cc, 1
+tsoto.net, 1
+tsp.gov, 1
+tspdrits.xyz, 1
+tsproesasac.com, 1
+tsr.best, 1
+tsra.gov.au, 1
+tsriggingequipment.com, 1
+tsrv.pw, 0
+tss.am, 1
+tst-band.tk, 1
+tsu.re, 1
+tsueri.cloud, 1
+tsukhani.com, 1
+tsukikoh.com, 1
+tsukikoh.jp, 1
+tsukuba-it.net, 1
+tsukuba.style, 0
+tsumegumi.com, 1
+tsumi.it, 0
+tsumi.moe, 1
+tsumishima.com, 1
+tsumugu2021.com, 1
+tsunami.gov, 1
+tsunamic.cf, 1
+tsunamikill.tk, 1
+tsundere.moe, 1
+tsura.org, 1
+tsurai.work, 1
+tsurezurematome.ga, 1
+tsurimap.com, 1
+tsuruhime.tk, 1
+tsutawal.com, 1
+tsutaya-ai.com, 1
+tsutsumi-kogyo.jp, 1
+tsuyuzakihiroyuki.com, 1
+tsv-1894.de, 0
+tsv-hittfeld.de, 0
+tsw.ovh, 1
+tsxxlangel.com, 1
+tsybanov.com, 1
+tt-aepfingen.tk, 1
+tt-hardware.com, 1
+tt.gt, 1
+tt0766.com, 1
+tt0966.com, 1
+tt2866.com, 1
+tt2966.com, 1
+tt3666.com, 1
+tt3699.com, 1
+tt3766.com, 0
+tt3999.com, 1
+tt5197.co, 1
+tt6729.co, 1
+tt6729.com, 1
+tt6957.co, 1
+tt7199.com, 1
+tt7299.com, 1
+tt7399.com, 1
+tt8166.com, 1
+tt8266.com, 1
+tt8366.com, 1
+tt9297.co, 1
+tt9397.com, 0
+tt9721.com, 1
+tt9728.co, 1
+tt9799.com, 1
+ttb.gov, 1
+ttbonline.gov, 1
+ttc-birkenfeld.de, 1
+ttcak.ddns.net, 1
+ttcf.ca, 1
+ttchan.org, 1
+ttclub.fr, 1
+ttdrive.ru, 1
+ttfin.ch, 1
+tthomes.vn, 1
+ttill.de, 1
+ttkiel.de, 1
+ttlet.com, 1
+ttlg.io, 1
+ttluoli.com, 1
+ttm.jp, 1
+ttnmpls.org, 1
+ttp-shop.com.ua, 1
+ttpwned.com, 1
+ttr-home.com, 1
+ttr3.eu, 1
+ttrade.ga, 1
+ttrecms.com, 1
+tts-assessments.com, 1
+ttshapn.org, 1
+ttsoft.pl, 1
+ttspttsp.com, 1
+ttsteel.co, 1
+ttt-networks.com, 1
+tttfic.com, 1
+ttug.co.uk, 1
+ttunda.com, 1
+ttv-bernisse80.tk, 1
+ttwtrader.com, 1
+tty.space, 1
+tty1.net, 1
+ttyystudio.com, 1
+tu-muenchen.de, 1
+tu6.pm, 1
+tuaflor.com.br, 1
+tualiadaenlimpieza.com, 1
+tuamipartanna.it, 1
+tuang-tuang.com, 1
+tuasaude.com, 1
+tubach.org, 1
+tubanten.nl, 1
+tubao.com.br, 1
+tubator.com, 1
+tube.tools, 1
+tube8vip.com, 1
+tubebegana.com, 1
+tubedesire.com, 1
+tubehall.com, 1
+tubejack.nl, 1
+tubeju.com, 1
+tubemilf.com, 1
+tubeporn.tv, 1
+tubepornmovies.net, 1
+tubeview.cf, 1
+tubeview.ga, 1
+tubexxxone.com, 1
+tubing.cf, 1
+tubs4fun.co.uk, 1
+tubsof.fun, 1
+tubuenpedido.com, 1
+tubul.net, 1
+tubuscador.tk, 1
+tucarora.tk, 1
+tucarroycasa.com, 1
+tucidi.net, 1
+tuck2000.com, 1
+tuckerobserver.com, 1
+tuckhayward.art, 1
+tuckmeintebo.com, 1
+tucnak.eu, 1
+tucny.com, 1
+tucson.com, 1
+tucsonfcu.com, 1
+tucsonpcrepair.com, 1
+tucuatro.com, 1
+tucuxi.org, 1
+tudinerito.tk, 1
+tudinhoparasuacasa.com.br, 1
+tudodebompresentes.com.br, 1
+tudonoticiadigital.com, 1
+tudorproject.org, 1
+tudorrosesamplerguild.com, 1
+tudosobrehost.com.br, 1
+tudoxwallprinter.com, 1
+tueplay.host, 1
+tueri.eu, 1
+tuerkei-immobilien.tk, 1
+tuespr.com, 1
+tuestilo.nl, 1
+tuev-hessen.de, 1
+tufelicitacion.info, 1
+tuffclassified.com, 1
+tuffmail.com, 1
+tuffmail.net, 1
+tuffsruffs.se, 1
+tufilo.com, 0
+tuftonboronh.gov, 1
+tugadar.com, 1
+tugafm.com, 1
+tugesha.com, 1
+tugnut.tk, 1
+tugrul.blog, 1
+tuhoctainha.net, 1
+tuica.com, 1
+tuinaportugal.com, 1
+tuincentersnaet.be, 1
+tuinenhullebroek.be, 1
+tuinenvermeiren.be, 1
+tuingereedschappen.net, 0
+tuinieren.tk, 1
+tuinmeubelkorting.nl, 1
+tuitle.com, 1
+tuiyi.com, 1
+tuja.hu, 1
+tujardin.casa, 1
+tujunfang.com, 1
+tukebab.com, 1
+tuketicihaklari.net, 1
+tukiart.tk, 1
+tula-city.tk, 1
+tula-news.ga, 1
+tulafarms.ga, 1
+tulafarms.gq, 1
+tulalip.gov, 1
+tulana.ga, 1
+tule.studio, 1
+tuleap.net, 1
+tuleap.org, 1
+tulevaisuusdemarit.fi, 1
+tuliha.ga, 1
+tulikajain.cf, 1
+tulikajain.ga, 1
+tulikajain.gq, 1
+tulikukko.tk, 1
+tulippublishing.com.au, 1
+tulisan.tk, 1
+tull.tk, 1
+tuller.tk, 1
+tulocura.tk, 1
+tulotos.com, 1
+tulpawiki.org, 1
+tulsa.tech, 1
+tulsameetingroom.com, 1
+tulsaworkshop.org, 1
+tulsaworld.com, 1
+tulumcosmeticos.com.br, 1
+tulup.io, 1
+tum.de, 1
+tumagiri.net, 1
+tumanishvili.com, 1
+tumarcafe.com, 1
+tumblenet.tk, 1
+tumblr.com, 1
+tumed-ks.org, 1
+tumedico.es, 1
+tumelum.de, 1
+tumen.cf, 1
+tumen.gq, 1
+tumen.ml, 1
+tumen.tk, 1
+tumentorweb.com.mx, 1
+tumpicon.org, 1
+tumult-productions.tk, 1
+tun.bible, 1
+tuna.be, 1
+tunad.io, 1
+tunbiya.com, 1
+tuncelimezaryapimi.com.tr, 1
+tunder.tk, 1
+tundermadar.hu, 1
+tundrawear.ru, 1
+tune-web.de, 1
+tunenet.ml, 1
+tuner.cloud, 1
+tunescoot.site, 1
+tuneserver.tk, 0
+tungstenworld.com, 0
+tuning-parts24.de, 1
+tuning-werkstatt-nuernberg.de, 1
+tuningblog.eu, 0
+tunisia-tech.tk, 1
+tunisiadefnews.ga, 1
+tunisiana.tk, 1
+tunisiangamers.tk, 1
+tunisiapress.tk, 1
+tunisieconcours.tn, 1
+tunix-openair.de, 1
+tunktwppolice.gov, 1
+tunnel-staging.googlezip.net, 1
+tunnel.googlezip.net, 1
+tunnel53.net, 1
+tunnelbear.com, 1
+tunnelblick.net, 1
+tunnelbroker.net, 1
+tunnelstore.it, 1
+tunnelstore.net, 1
+tunneltracker.com, 1
+tunnelventilation.pro, 1
+tunnelwatch.com, 1
+tunningcars.tk, 1
+tunochebuena.com, 1
+tunombre.tk, 1
+tuntitili.fi, 1
+tuol-sleng.tk, 1
+tuomiset.com, 1
+tuoni.ga, 1
+tuotromedico.com, 1
+tuotteet.org, 1
+tuou.xyz, 0
+tupahost.net.br, 1
+tupass.pw, 1
+tupatane.gq, 1
+tupeng.com, 1
+tuperiodico.soy, 0
+tupeuxpastest.ch, 0
+tupi.fm, 1
+tuppenceworth.ie, 1
+tuppennysfireplace.com, 1
+tupperwaresalamanca.com, 1
+tupsicoayuda.com, 0
+tupugoya.org, 1
+tur.bo, 1
+tur17.com, 1
+turadio.tk, 1
+turadionline.cf, 1
+turalt.com, 1
+turanga.tk, 1
+turanlawoffice.com, 1
+turanogluoptik.com, 1
+turbaza.tk, 1
+turbinadordigital.tk, 1
+turbinaonline.tk, 1
+turbineaero.com, 1
+turbinelectricity.ga, 1
+turbo.az, 1
+turbo24.com, 1
+turbocourses.net, 1
+turbodata.no, 1
+turbodata.org, 1
+turbohost.co.mz, 0
+turbomag.pl, 1
+turbomodz.com, 1
+turbomodz.es, 1
+turbosim.de, 1
+turbotube.ga, 1
+turbowheels.biz, 1
+turboworld.tk, 1
+turc.church, 1
+turcan.de, 1
+turciya.cf, 1
+tures-aurina.it, 1
+turf-experts.com, 0
+turfirm.tk, 1
+turgut46.tk, 1
+turi.space, 1
+turikslab.tk, 1
+turing.bio, 1
+turisbrasil.com, 1
+turisbrasil.com.br, 1
+turiscar.pt, 1
+turismoeviagens.com, 1
+turismogdl.com, 1
+turismoliliana.tk, 1
+turismomagdalena.com, 1
+turitzadr.com, 1
+turizm.gq, 1
+turizm.tk, 1
+turizm21.ru, 1
+turizmsektoru.ga, 1
+turizmsektoru.tk, 1
+turkana.tk, 1
+turkanime.co, 1
+turkcechat.tk, 1
+turkcedizin.tk, 1
+turkceingilizce.gen.tr, 1
+turkcoder.tk, 1
+turkdevs.net, 1
+turkey-portal.tk, 1
+turkeyfiles.tk, 1
+turkeymistress.tk, 1
+turkeyobesity.com, 1
+turkeysforlife.com, 1
+turkeysms.com.tr, 1
+turkgiller.com, 1
+turkgrafik.tk, 1
+turkhacks.com, 1
+turkhalkmuzigi.tk, 1
+turkiet.guide, 1
+turkishhackers.tk, 1
+turkishyatirim.com, 1
+turkist.tk, 1
+turkistan-rap.tk, 1
+turkiye.ai, 0
+turkkarate.tk, 1
+turkman.ml, 1
+turkman.tk, 1
+turkmanbox.tk, 1
+turkmanga.com.tr, 1
+turkmannews.tk, 1
+turkmans.tk, 1
+turkmen.news, 1
+turkmenbusiness.tk, 1
+turkmenistanairlines.tm, 1
+turkmens.tk, 1
+turkmirc.tk, 1
+turkmistress.tk, 1
+turkodon.com, 1
+turkology.tk, 1
+turkrap.tk, 1
+turkreno.com, 1
+turkrock.com, 1
+turkru.pro, 1
+turksell.ru, 1
+turksite.tk, 1
+turksiteleri.tk, 1
+turksohbet.com, 1
+turkteam.tk, 1
+turktelekomarenagolleri.tk, 1
+turktree.com, 1
+turkup.ml, 1
+turkuradyo.tk, 1
+turkutitans.tk, 1
+turl.pl, 1
+turlewicz.pl, 1
+turlockca.gov, 1
+turm-umzuege.de, 1
+turn-sticks.com, 1
+turnali.tk, 1
+turnalikoyu.tk, 1
+turnaroundinsights.com, 1
+turnbacktogod.com, 1
+turncircles.com, 1
+turneragsupply.com, 0
+turneroregon.gov, 1
+turnet.tk, 1
+turnierplanung.com, 1
+turnkey-ips.com, 1
+turnkeycybersecurityandprivacysolutions.com, 1
+turnningpoint.xyz, 1
+turnoffthelights.com, 1
+turnoffthelights.video, 1
+turnonsocial.com, 1
+turnosinscripcionchascomus.site, 1
+turnout.rocks, 1
+turnover.cf, 1
+turnto23.com, 1
+turobot.casa, 1
+turoktv.org, 1
+turpinpesage.fr, 1
+turquoisetassel.com, 1
+turretlabs.io, 1
+tursa.com.au, 1
+tursiae.org, 1
+turteka.com, 1
+turtle.ai, 0
+turtleduckstudios.com, 1
+turtlehead.tk, 1
+turtles.ga, 1
+turtleteam.fr, 1
+turtunis.ml, 1
+turul.tk, 1
+turuncu-sepet.com, 1
+turunculevye.com, 1
+tus-kikishinkyo.jp, 1
+tus.si, 1
+tusar.cf, 1
+tusar.ga, 1
+tuscanyleather.it, 0
+tusconsultorex.com, 1
+tusdtapi.com, 1
+tusfinanzas.ec, 1
+tusharwalaskar.com, 1
+tusi.co, 1
+tusierra.com, 1
+tusksol.com, 1
+tuslamparasonline.com, 1
+tusmedicamentos.com, 1
+tusociofinanciero.com, 1
+tussenuur.tk, 1
+tustin.tk, 1
+tusuri.tk, 1
+tut-kino.tk, 1
+tuta.io, 1
+tuta.pm, 1
+tutamail.com, 1
+tutamon.net, 1
+tutanota.com, 1
+tutanota.de, 1
+tutarot.club, 1
+tutdevki.tk, 1
+tuteepdf.com, 1
+tutiendard.ga, 1
+tutierra.net, 1
+tutima.com, 1
+tuto-craft.com, 1
+tutocursos.com, 1
+tutomaestro.ca, 1
+tutoragency.org, 1
+tutorcruncher.com, 1
+tutorial90.cf, 1
+tutorialcoding.ga, 1
+tutorialcoding.tk, 1
+tutorialdb.tk, 1
+tutorialehtml.com, 1
+tutorialforest.com, 1
+tutorialhtml.tk, 1
+tutoriali.tk, 1
+tutorialinux.com, 1
+tutorialitmalaysia.tk, 1
+tutorialphotoshop.tk, 1
+tutorials.vg, 1
+tutorialseo.com.br, 1
+tutoriel-arduino.com, 1
+tutoringindustry.tk, 1
+tutorio.ga, 1
+tutormedia.net, 0
+tuts4you.com, 1
+tutteo.com, 1
+tuttimundi.org, 0
+tuttleok.gov, 1
+tuttoandroid.net, 1
+tuttonotizie.eu, 1
+tutu.ro, 1
+tutucos.com, 1
+tutudaju.com, 1
+tuulialaine.com, 1
+tuvankinhdoanhonline.com, 1
+tuvanmat.com, 1
+tuversionplus.com, 1
+tuvingaynay.com, 1
+tuwaner.com, 1
+tuxamca.com, 1
+tuxcare.com, 1
+tuxcloud.duckdns.org, 1
+tuxcloud.net, 1
+tuxflow.de, 0
+tuxforums.com, 1
+tuxhound.org, 1
+tuxie.com, 1
+tuxito.tk, 1
+tuxlife.net, 1
+tuxlinux.tk, 1
+tuxmobil.cf, 1
+tuxpeliculas.com, 1
+tuxphones.com, 1
+tuxpi.com, 1
+tuxplace.nl, 1
+tuxsoul.com, 1
+tuxsrv.com, 1
+tuyetchieuwebsite.tk, 1
+tuz-es-munkavedelem.hu, 1
+tuza.com.au, 1
+tuzaginside.com, 1
+tuzagtcs.com, 1
+tuzaijidi.com, 1
+tuzlamap.tk, 1
+tuzlasite.tk, 1
+tv-hot.com, 1
+tv-mainzlar.de, 1
+tv-online.ml, 1
+tv-programme.be, 1
+tv-programme.com, 1
+tv-radio.com, 1
+tv-sports.fr, 1
+tv-tuners.cf, 1
+tv-zone.tk, 1
+tv.kg, 1
+tv9gujarati.com, 1
+tvabullarbro.tk, 1
+tvaerialsmanchester.com, 1
+tvatomic.com, 1
+tvboxstop.com, 1
+tvbracketman.co.uk, 1
+tvcal.net, 1
+tvchannelslive.tk, 1
+tvcmarketing.com, 1
+tvdenevar.net, 0
+tvears.com, 1
+tvenligne.tk, 1
+tver-msk.ru, 1
+tver2000.tk, 1
+tver69.tk, 1
+tveronline.tk, 1
+tvfamilie.be, 1
+tvfans.ga, 1
+tvfans.tk, 1
+tvfcu.com, 1
+tvfr.gov, 1
+tvgsc.sg, 1
+tvguide.com, 1
+tview.co.uk, 1
+tvindia.tk, 1
+tvipper.com, 1
+tvk.tirol, 1
+tvkaista.com, 1
+tvkaista.net, 1
+tvkaista.org, 1
+tvkaren.tk, 1
+tvlanguedoc.com, 1
+tvleaks.se, 1
+tvlplus.net, 1
+tvmice.tk, 1
+tvmounting-houston.com, 1
+tvnow.de, 1
+tvoedelo.ml, 1
+tvoia-dietka.tk, 1
+tvoistatusy.tk, 1
+tvoistili.ml, 1
+tvojeucetnictvi.cz, 1
+tvorog.dedyn.io, 1
+tvos.eu, 1
+tvoyaknighka.ga, 1
+tvoysad.ru, 0
+tvquot.es, 1
+tvregion.com, 1
+tvrestyler.eu, 1
+tvreviewer.tk, 1
+tvs-virtual.cz, 1
+tvseasons.tk, 1
+tvseries.info, 1
+tvsheerenhoek.nl, 1
+tvsscs.com, 1
+tvtj.ml, 1
+tvtsvod.com, 1
+tvzahist.com.ua, 1
+tw-louis.com, 0
+tw.edu.pl, 1
+tw.search.yahoo.com, 0
+twa.travel, 1
+twainhartehotels.com, 1
+twakkensi.cf, 1
+twatspot.com, 1
+twb.berlin, 1
+twbiz.com, 1
+twcgcm.com, 1
+twd2.me, 1
+twd2.net, 0
+twdinjurylaw.com, 1
+twdreview.com, 1
+twdtulelo.hu, 1
+tweakers.com.au, 1
+tweakers.net, 1
+tweakersbadge.nl, 1
+tweaktown.com, 1
+tweaktownforum.com, 1
+tweaky.tk, 1
+tweedagenextravakantie.nl, 1
+tweedandtalon.co.uk, 1
+tweedehandskledij.be, 1
+tweedehandsmerkkledij.be, 1
+tweedekamer.nl, 1
+tweekshow.tk, 1
+tweemaster.tk, 1
+tweeple.ga, 1
+tweetadder.fr, 1
+tweetfinity.com, 1
+tweetfinityapp.com, 1
+tweetyconnect.com, 1
+twelve-inch-classics.tk, 1
+twelve.rocks, 1
+twelvecolonies.tk, 1
+twelvecornerspediatrics.com, 1
+twem.ddns.net, 1
+twerk.tk, 1
+twfund.com, 1
+twfwd.email, 1
+twidy.jp, 0
+twidy.uk, 1
+twig.sg, 0
+twigandolive.com, 1
+twilightcookies.ca, 1
+twilightkingdom.tk, 1
+twilightningzone.tk, 1
+twilite.co.uk, 1
+twilite.uk, 1
+twilo-host.de, 1
+twilo.de, 1
+twincap-first.de, 1
+twincapfirst.ch, 1
+twincapsula.co.jp, 1
+twincitynissantxparts.com, 1
+twindii.com, 1
+twinfield-apps.nl, 1
+twinflame.tf, 1
+twinkseason.com, 1
+twinlakeswi.gov, 1
+twinspringcoupling.com, 1
+twinstudiosparis.com, 1
+twinztech.com, 1
+twist.com, 1
+twistapp.com, 1
+twistbets.com, 1
+twistedoakonline.com, 1
+twistedwave.com, 1
+twistersolutions.com, 1
+twistertech.com.br, 1
+twistfix.co.uk, 1
+twistmc.net, 1
+twisto.cz, 1
+twisto.pl, 1
+twistopay.com, 1
+twistpedia.com, 1
+twistys.com, 1
+twistysnetwork.com, 1
+twit-guide.com, 1
+twitchplaysleaderboard.info, 1
+twitchy.tk, 1
+twitcker.com, 1
+twittelzie.nl, 1
+twitter.ax, 1
+twitter.com, 0
+twitterdriver.io, 1
+twittervid.com, 1
+twittpr.com, 1
+twizzle.net, 1
+twk95.com, 1
+twl-clan.tk, 1
+twlan.org, 1
+twlitek.com.tw, 1
+twma.pro, 1
+twmartin.codes, 1
+two-step-verification.solutions, 1
+twoam.ph, 1
+twoandahalfvan.eu, 1
+twobitbusker.com, 1
+twobrothersbbq.com, 0
+twocatsinacaravan.xyz, 1
+twocornertiming.com, 1
+twodadsgames.com, 1
+twoef.co.uk, 1
+twofestivaltower.au, 1
+twofestivaltower.com, 1
+twofestivaltower.com.au, 1
+twohuo.com, 1
+twojapogoda.pl, 1
+twojfaktum.pl, 1
+twolinesmedia.eu, 1
+twolittlefleas.co.uk, 1
+twoninersix.com, 1
+twonodes.games, 0
+twopipes.net, 1
+twopipes.org, 1
+twoqi.com, 0
+tworaz.net, 1
+twoseven.xyz, 1
+twospirits.org, 1
+twotravel.world, 1
+twr.org, 1
+twslots.online, 1
+twtf.org.uk, 1
+twtr.email, 1
+twwd.de, 1
+tx299.com, 0
+tx577.com, 1
+txbooster.com, 1
+txcap.org, 1
+txferretrescue.org, 1
+txhb.gov, 1
+txlocksmiththewoodlands.com, 1
+txlrs.org, 1
+txryan.com, 1
+txtd.io, 1
+txtdb.com, 1
+txtdirect.com, 1
+txtdirect.dev, 1
+txtdirect.io, 1
+txtdirect.link, 1
+txtdirect.me, 1
+txtdirect.org, 1
+txtentertainment.ga, 1
+txtfile.eu, 0
+txtnovel.me, 1
+txtnovel.net, 1
+txurologist.com, 1
+txwm.com, 1
+txwriterstudio.com, 1
+ty0m.com, 1
+ty529.com, 1
+ty573.com, 1
+ty583.com, 1
+ty587.com, 1
+ty593.com, 1
+ty5998.com, 1
+ty613.com, 1
+ty637.com, 1
+ty679.com, 1
+ty705.com, 1
+ty723.com, 0
+ty736.com, 1
+ty7788.cc, 1
+ty791.com, 1
+ty835.com, 0
+ty927.com, 1
+ty935.com, 1
+ty937.com, 1
+ty953.com, 0
+ty962.com, 0
+ty965.com, 1
+ty980.com, 1
+tyan.com, 1
+tybox.ca, 1
+tyc001.cc, 1
+tyc009.cc, 1
+tycaa.org, 1
+tycatering.com, 1
+tycho.org, 1
+tycho.tk, 1
+tychoverstraete.be, 1
+tycyc88.com, 1
+tyentbulgaria.com, 1
+tyg3r.com, 1
+tygochrum.se, 0
+tyinnovations.com, 1
+tyk.io, 1
+tyl.io, 1
+tyler.rs, 1
+tylerdavies.net, 1
+tylerdurden.ml, 1
+tylergordonhill.com, 1
+tylerharcourt.com, 1
+tylerharcourt.net, 1
+tylerharcourt.org, 1
+tylermade.net, 1
+tylermn.gov, 1
+tylerobrien.org, 1
+tyleromeara.com, 1
+tylerpayne.tk, 1
+tylerschmidtke.com, 0
+tylervigario.com, 1
+tylko-wazne.tk, 1
+tymoch.pl, 1
+tymyrddin.space, 1
+tyndalehouse.com, 1
+tynefm.tk, 1
+tyni-goc.gq, 1
+tyni-gof.gq, 1
+tynki-maszynowe.tk, 1
+tyojyu.or.jp, 0
+type1joe.com, 1
+type1joe.net, 1
+type1joe.org, 1
+type74.ir, 1
+typecheck.io, 1
+typecheckapp.com, 1
+typecho.site, 0
+typeclasses.com, 1
+typecodes.com, 1
+typehub.net, 1
+typeof.pw, 1
+typeonejoe.com, 1
+typeonejoe.net, 1
+typeonejoe.org, 1
+typeria.net, 1
+typescript-weekly.com, 1
+typesofdogs.info, 1
+typesofnote.com, 1
+typesolution.pt, 1
+typetwodiabetesexplained.com, 1
+typewolf.com, 1
+typewriter.tk, 1
+typher.eu, 1
+typhlos.fr, 1
+typica.com.tw, 1
+typing.com, 1
+typingcheck.ga, 1
+typist.tech, 1
+typo3.com, 1
+typosphere.fr, 1
+typr.com, 1
+tyr0wl.com, 1
+tyrael.eu, 1
+tyraga.ga, 1
+tyrannize.us, 1
+tyrasuki.be, 1
+tyre-search.ga, 1
+tyree.tech, 1
+tyres-mechanical.com.au, 1
+tyrkey.tk, 1
+tyrocity.com, 1
+tyronega.gov, 1
+tyroola.co.id, 1
+tyroola.co.nz, 1
+tyroola.com.au, 1
+tyroola.de, 1
+tyroola.it, 1
+tyroola.nl, 1
+tyroremotes.co.uk, 1
+tyroremotes.es, 1
+tyroremotes.eu, 1
+tyroremotes.fr, 1
+tyroremotes.nl, 1
+tyroremotes.no, 1
+tyroremotes.pt, 1
+tyroremotes.se, 1
+tyrulez.tk, 1
+tysukakorrekt.ga, 1
+tysye.ca, 1
+tytixazo.tk, 1
+tytocare.com, 1
+tytod.com, 1
+tyukanyo.hu, 1
+tyumen.ga, 1
+tyuning-avto.tk, 1
+tyva.gq, 1
+tyva.ml, 1
+tyva.tk, 1
+tz9.co, 1
+tzchz.pp.ua, 1
+tzdn.gq, 1
+tzeribi.fr, 1
+tzgo.at, 1
+tzifas.com, 0
+tzinsurance.com, 1
+tziyona.net, 1
+tzonevrakis.gr, 1
+tzsec.com, 1
+tzsrv.cf, 1
+tzsrv.com, 1
+tzsrv.de, 1
+tzsrv.tk, 1
+tzstamp.io, 1
+tzunami.tk, 1
+tzunamiblog.tk, 1
+tzwe.com, 1
+u-chan.com, 0
+u-he.com, 1
+u-olymp.ru, 1
+u-page.nl, 1
+u-watch.it, 1
+u.nu, 1
+u.sb, 1
+u00228.com, 0
+u0060.com, 0
+u0070.com, 1
+u0080.com, 0
+u03.fr, 1
+u05.cn, 1
+u1100.com, 1
+u1144.com, 1
+u12buy.com, 1
+u15.info, 1
+u15b1.com, 1
+u15b2.com, 1
+u15jj.com, 1
+u15p1.com, 1
+u15p2.com, 1
+u15p5.com, 1
+u15p6.com, 1
+u15p7.com, 1
+u15p8.com, 1
+u15x.com, 1
+u175.com, 1
+u29dc.com, 1
+u2b.eu, 1
+u2co.de, 1
+u2croatia.tk, 1
+u2fanlife.com, 1
+u2galicia.tk, 1
+u32i64.cf, 1
+u36533.com, 1
+u4.re, 1
+u4mh-dev-accesscontroller.azurewebsites.net, 1
+u4mh-dev-portal.azurewebsites.net, 1
+u5.re, 1
+u51365.com, 1
+u5197.co, 1
+u6729.co, 1
+u6729.com, 0
+u6957.co, 1
+u6957.com, 0
+u6a5hqf.top, 1
+u7ae.com, 1
+u81365.com, 1
+u82365.com, 1
+u9297.co, 1
+u9397.com, 1
+u9721.com, 0
+u9728.co, 1
+ua-1x-bet.com, 1
+ua-autonews.tk, 1
+ua-fediland.de, 0
+ua-news.tk, 1
+ua.search.yahoo.com, 0
+ua1xbet.com, 1
+ua1xbet1967.com, 1
+ua577.com, 1
+ua5v.com, 1
+uab.tv, 1
+uachemlabs.com, 1
+uae-auto.ru, 1
+uae-company-service.com, 1
+uaefiu.gov.ae, 1
+uaemegadeals.com, 1
+uafinance.net, 1
+ualove.tk, 1
+uamxsociologia.tk, 1
+uanews.tk, 1
+uapp.win, 1
+uareferat.tk, 1
+uartpastelpaper.com, 1
+uasaumur.com, 1
+uash.tk, 1
+uasmi.com, 1
+uasonics.tk, 1
+uat-activesg.com, 1
+uat-mypfp.co.uk, 1
+uateach.tk, 1
+uatgootax.ru, 0
+uathq.com, 1
+uatuning.com.ua, 1
+uatx.mx, 1
+uavis.com.au, 1
+ub3rk1tten.com, 1
+ub889.com, 1
+uba-tra.tk, 1
+ubaid.tk, 1
+ubaldopoa.tk, 1
+ubanks.com.ua, 1
+ubanquity.com, 0
+ubcani.com, 1
+uber-work.tk, 1
+uberactivist.com, 1
+uberalles.live, 1
+uberboxen.net, 1
+ubereatspos.com, 1
+ubergamingworld.tk, 1
+uberhorny.tk, 1
+uberi.fi, 1
+ubermail.me, 1
+uberpromocodes.us, 1
+ubersmith.com, 1
+uberwald.ws, 1
+ubezpieczeniaonline.pl, 1
+ubezpieczeniazyciowe.pl, 1
+ubezpieczenie.com.pl, 1
+ubezpieczeniemieszkania.pl, 1
+ubezpieczenienanarty.pl, 1
+ubezpieczenienarciarskie.pl, 1
+ubezpieczenienazycie.net.pl, 1
+ubezpieczeniepsa.com, 1
+ubezpieczenieturystyczne.com.pl, 1
+ubezpieczeniezycia.pl, 1
+ubezpieczeniezyciowe.pl, 1
+ubezpieczonamama.pl, 1
+ubezpieczonedziecko.pl, 1
+ubicaciones-vitamina.cl, 1
+ubicv.com, 1
+ubill.ge, 1
+ubimail.org, 1
+ubiminds.com, 0
+ubiqubit.it, 1
+ubis.group, 1
+ubiurbe.com, 1
+ubn-speed.fr, 0
+ubonit.pl, 1
+uborcare.com, 1
+uborka-812.ru, 1
+uborka-kvartir-moskva.gq, 1
+uborka-snega.ga, 1
+ubun.kr, 1
+ubun.net, 1
+ubuntu-es.org, 1
+ubuntu-tr.net, 1
+ubuntu-tutorials.com, 1
+ubuntu.marketing, 1
+ubuntu18.com, 1
+ubutovo.ga, 1
+ubwash.re, 1
+ubytovanihyncice.cz, 1
+ubytovnastrazske.sk, 1
+ubzoo.tk, 1
+uc4h.com, 1
+ucac.nz, 0
+ucangiller.com, 1
+ucaskernel.com, 1
+ucayim.com, 1
+ucb.com, 1
+ucbostad.se, 1
+ucch.be, 0
+uccisme.net.ua, 1
+ucdap.com, 1
+ucemich.edu.mx, 1
+ucero.tk, 1
+ucfirst.nl, 1
+ucg-international.com, 1
+uchargeapp.com, 1
+ucheba.cf, 1
+ucheba.ga, 1
+ucheba.gq, 1
+ucheba.tk, 1
+uchicagomedicine.org, 1
+uchuumontreal.com, 1
+ucibt.com, 1
+ucih.ru, 1
+ucinvest.com.au, 1
+uciplasticsurgery.com, 1
+uckunlaboratuvari.com, 1
+uclf.de, 1
+uclip.club, 1
+ucmatedeveloper.gq, 1
+ucmjlawyers.com, 1
+ucmultrasuoni.it, 1
+ucngame.com, 1
+ucnprod.fr, 1
+ucphotography.net.au, 1
+ucppe.org, 1
+ucraft.ai, 1
+ucrdatatool.gov, 1
+ucretleri.net, 1
+ucsi.link, 1
+uctarna.online, 1
+ucybodyinc.com, 1
+udaap.org, 1
+udancy.com, 1
+udaneprzepisy.pl, 1
+udb.kr, 1
+udbina.tk, 1
+uddate-linthdcp-3345app.com, 1
+uddate-linthdcp-567app.com, 1
+uddi.ng, 1
+uddin.io, 1
+udemons.be, 1
+udenit.de, 1
+udenlandskecasinoer.dk, 1
+udenlandskeonlinecasino.com, 1
+udenrigspolitik.dk, 1
+udi.no, 1
+udid.fyi, 1
+udien.tk, 1
+udigital.nl, 1
+udik.tk, 1
+udinetoday.it, 1
+udla.edu.ec, 1
+udmarbella.tk, 1
+udmddn.ru, 1
+udmurtia.tk, 1
+udo-luetkemeier.de, 1
+udomain.net, 1
+udp.pw, 0
+udp.sh, 0
+udruga-point.hr, 1
+udsocial.com, 1
+udtonline.com, 1
+udvoukocek.eu, 1
+ue30.fun, 1
+ueba1085.jp, 1
+ueberdosis.io, 0
+uebersetzungscenter.ch, 1
+ueberwachungspaket.at, 1
+uedaviolin.com, 1
+uefeng.com, 0
+uel-thompson-okanagan.ca, 1
+ueliexpress.ch, 1
+uesaz.com, 1
+uesc.org, 1
+uesociedadlimitada.com, 1
+uestc.icu, 1
+uevan.com, 1
+uf-ace.com, 1
+ufa-soft.tk, 1
+ufacesign.in, 1
+ufanet.id, 1
+ufanisi.mx, 1
+ufar-ntds.org, 1
+ufero.co.za, 1
+uffserver.ml, 1
+ufh.com.cn, 1
+ufindme.at, 1
+ufirst.ro, 1
+ufo.moe, 0
+ufocentre.com, 1
+ufoch.com, 0
+ufoet.cn, 0
+ufologiahistorica.tk, 1
+ufologiaweb.tk, 1
+ufone.com, 1
+ufone.net, 1
+ufopaedia.org, 1
+ufos.tk, 1
+ufplanets.com, 1
+ufst.dk, 1
+ug.gg, 1
+ugarte-zestoa.com, 1
+ugb-verlag.de, 0
+ugc.fr, 1
+ugcdn.com, 1
+ugeek.tk, 1
+ugg.com, 1
+uggedal.com, 1
+ugirlx.com, 1
+ugis.info, 1
+uglypeople.com, 1
+ugmtc.org, 1
+ugolovnyj-advokat.cf, 1
+ugolsibiri.ru, 1
+ugrod.ru, 1
+ugsonline.tk, 1
+uguragdas.com.tr, 1
+ugurkorkmazyurek.com, 1
+ugurnakliyat.com.tr, 1
+uguu.se, 1
+ugx-mods.com, 1
+ugy.es, 1
+uhasseltctf.be, 1
+uhasseltctf.ga, 1
+uhc.gg, 1
+uhcuhcas.cf, 1
+uhcuhcas.ga, 1
+uhcuhcas.gq, 1
+uhcuhcas.ml, 1
+uhcuhcas.tk, 1
+uhes.com.sg, 1
+uhingaro.com, 0
+uhl.site, 1
+uhlhosting.ch, 1
+uhnwarfarinedu.ca, 1
+uhost.cyou, 1
+uhrenlux.de, 1
+uhuc.de, 1
+uhurl.net, 1
+ui.com, 1
+ui.gov, 1
+ui8.net, 1
+uiberlay.cz, 1
+uicchy.com, 1
+uid0.pl, 1
+uidrafter.com, 1
+uiharu.top, 1
+uinst.tk, 1
+uinvest.ml, 1
+uinvest.tk, 1
+uiop.link, 1
+uirysa.pl, 1
+uitdeoudekoektrommel.com, 1
+uiterwijk.org, 1
+uitgeverij-deviant.nl, 1
+uitingent.be, 1
+uitvaartgoessens.be, 1
+uitvaartverzekeringwijzer.net, 0
+uitvaartvrouwenfriesland.nl, 1
+uiuo.de, 1
+uizard.io, 1
+uj2008.com, 1
+ujam.com, 1
+ujeb.link, 1
+ujiyasu.com, 1
+ujjivan.com, 1
+ujob.com.cn, 1
+ujotthon.hu, 1
+ujvary.eu, 1
+uk.dating, 1
+uk.search.yahoo.com, 0
+ukari.hokkaido.jp, 0
+ukb.sch.id, 0
+ukbc.london, 1
+ukc2.com, 1
+ukcarers.tk, 1
+ukdefencejournal.org.uk, 1
+ukfoodbox.co.nz, 1
+ukforum.net, 1
+ukhas.net, 1
+ukimmigration.law, 1
+ukitbs.com, 1
+ukiuki.photography, 1
+ukkeyholdingcompany.co.uk, 1
+uklawfirm.tk, 1
+uklidgaraze.fun, 1
+uklizim.fun, 1
+ukmalls.co.uk, 1
+ukmeetandgreet.com, 1
+ukmerges-vaikyste.lt, 1
+ukmortgagecompare.co.uk, 1
+uknew.co, 0
+uknews.ga, 1
+uknews.ml, 1
+uknewsroom.tk, 1
+ukooku.com, 1
+ukosystudio.com, 1
+ukozliku.cz, 1
+ukpass.co, 1
+ukpr.group, 1
+ukpropertyrescue.com, 1
+ukpts.org, 1
+ukraflora.ua, 1
+ukrainci.com.ua, 1
+ukraine-standart.com.ua, 1
+ukrainians.ch, 1
+ukrainianwall.com, 1
+ukrainskie-konstrukcii.com.ua, 1
+ukrapak.com.ua, 1
+ukrcredit.net, 1
+ukrn.io, 1
+ukrnames.com, 1
+ukrnet.co.uk, 1
+ukrtabletki.tk, 1
+ukrzoloto.ua, 1
+ukseafood.co.uk, 1
+ukshg.org, 1
+uksv.co.uk, 0
+ukta.tk, 1
+uktw.co.uk, 0
+uku.lt, 1
+ukulele.co.nz, 1
+ukulelesite.com.br, 1
+ukunlocks.com, 1
+ukutabs.com, 1
+ukwct.org.uk, 1
+ul-fluglehrer.de, 1
+ulax.org, 1
+ulax.tk, 1
+ulbr.dnshome.de, 1
+ulconnect.com, 1
+uldsh.de, 1
+ulement.com, 1
+ulen.me, 1
+ulet.tk, 1
+ulfmikaelmattsson.se, 1
+ulgaipbox.online, 1
+uli-eckhardt.de, 1
+ulickaprozivot.cz, 1
+ulike123.com, 1
+ulitroyo.com, 1
+ullah.se, 1
+ulli.ml, 1
+ullrich-group.de, 1
+ulm-eurofox.fr, 1
+ulmer-schneesport.de, 1
+ulnesshealth.com, 1
+ulobby.eu, 1
+uloztoasdilej.cz, 1
+ulprospector.com, 1
+ulrichracing.com, 1
+ulrik.moe, 1
+ulrikethiele.de, 1
+ulsterbank.co.uk, 1
+ulsterbank.ie, 1
+ulsters.cf, 1
+ulstersheriffny.gov, 1
+ultahost.com, 1
+ultalabtests.com, 1
+ultima-ratio.at, 1
+ultimasword.tk, 1
+ultimate-fireworks.tk, 1
+ultimateappreviews.co, 1
+ultimatebabyshowergifts.ga, 1
+ultimatebattle.tk, 1
+ultimatebattles.club, 1
+ultimatecheerleaders.com, 1
+ultimateclub.tk, 1
+ultimatefilmpromotion.com, 0
+ultimatefxtools.com, 0
+ultimategamechair.com, 1
+ultimategaming.tk, 1
+ultimatehalo.tk, 1
+ultimatelifesupport.ga, 1
+ultimatemafia.be, 1
+ultimatemafia.de, 1
+ultimatemafia.net, 1
+ultimatemafia.nl, 1
+ultimatemapping.tk, 1
+ultimatemotherfuckingwebsite.com, 1
+ultimatempb.com.au, 1
+ultimateoptimizer.com, 1
+ultimatepaleoguide.com, 1
+ultimateparts.nl, 1
+ultimatepatrol.de, 1
+ultimatepower.ga, 1
+ultortech.com, 1
+ultra-fast.net, 1
+ultra-pro.ga, 1
+ultra.gen.tr, 1
+ultra.law, 1
+ultrabkk.com, 1
+ultracentr.ml, 1
+ultrafine.cf, 1
+ultralife.cf, 1
+ultraman.tk, 1
+ultramax.biz, 1
+ultramookie.com, 0
+ultraonline.ml, 1
+ultrapedic.com, 1
+ultrarare.space, 1
+ultras-venlo.tk, 1
+ultrasbet.com, 1
+ultrasite.tk, 1
+ultrasocial.ml, 1
+ultrasoundtechnicianschools.com, 1
+ultrastar-es.org, 1
+ultrasvargon.tk, 1
+ultratechlp.com, 1
+ultratress.com, 1
+ultraviolence.tk, 1
+ultravip.com.br, 1
+ultreya.tk, 1
+ultrixus.rocks, 1
+ulusar.com.tr, 1
+ulyanovsk-73.tk, 1
+ulyanovsk73.tk, 1
+ulyanovskcity.tk, 1
+ulysim.com, 1
+ulyssesenergy.it, 1
+um-sachsen-pictures.de, 1
+um.es, 0
+umagoyal.com, 1
+umami.vercel.app, 1
+umamibbqsushi.com, 1
+umamibites.com, 1
+umanews.net, 1
+umanityracing.com, 1
+umanupszn.gov.ua, 1
+umap.uz, 1
+umaru.gq, 1
+umarysi.fun, 1
+umas.tk, 1
+umashev.ru, 1
+umasoda-tohoku.com, 1
+umassfive.coop, 1
+umasstransit.org, 1
+umatilla.gov, 1
+umatillacounty.gov, 1
+umbertheprussianblue.com, 1
+umbrellamediagroup.com, 1
+umbrellaye.online, 1
+umbria.network, 1
+umbricht.li, 1
+umeligence.cz, 1
+umenlisam.com, 1
+umisonoda.com, 1
+umitribe.gov, 1
+umity.com.ua, 1
+umkomaaslodge-aliwalshoal.co.za, 1
+umlcode.com, 1
+ummiabi.id, 1
+umniy-dom.tk, 1
+umnugobi.tk, 1
+umo.ci, 1
+umojacloud.io, 1
+umojo.com, 1
+umoman.ru, 1
+umount.net, 1
+umripd.gov, 1
+umsapi.com, 1
+umspannwerk-leipzig.de, 1
+umtactivation.com, 1
+umtactivation.in, 1
+umutdemir.com, 1
+umv.gov.co, 1
+umwandeln-online.de, 1
+umweltgalerie.de, 1
+umzuege-hannover.net, 1
+umzugsunternehmenberlin.eu, 1
+un-box.org, 1
+un-framed.co.za, 1
+un-zero-un.fr, 1
+unaffectedsound.tk, 1
+unai-yus.tk, 1
+unaidesarrolladorweb.com, 1
+unaligned.net, 1
+unalignment.com, 1
+unanaciounaseleccio.tk, 1
+unangelturbio.tk, 1
+unaone.net, 1
+unapp.me, 1
+unasim.gq, 1
+unataly.gq, 1
+unataz.tk, 1
+unatbeaubrid.cf, 1
+unatco.noip.me, 1
+unausa.com.br, 1
+unautreregard.tk, 1
+unaware.tk, 1
+unbanked.com, 1
+unbelievableplaces.de, 1
+unbelievaboat.com, 1
+unblock-zh.org, 1
+unblockat.tk, 1
+unblocked.cx, 1
+unblocked.lat, 1
+unblocked.one, 1
+unblockit.asia, 1
+unblockit.bet, 1
+unblockit.bio, 1
+unblockit.blue, 1
+unblockit.cat, 1
+unblockit.click, 1
+unblockit.ink, 1
+unblockit.ist, 1
+unblockit.llc, 1
+unblockit.me, 1
+unblockit.name, 1
+unblockit.nz, 1
+unblockit.pet, 1
+unblockit.vegas, 1
+unbolt.cf, 1
+unbonavocat.fr, 1
+unboundmoney.com, 1
+unboxed.cf, 1
+unboxinspector.com, 1
+uncarved.com, 1
+uncensoreddns.dk, 1
+uncensoreddns.org, 1
+uncentodecousas.tk, 1
+unchex.com, 1
+unchile.com, 1
+uncinema.cf, 1
+uncivserver.xyz, 1
+unclaimedretirementbenefits.com, 1
+unclebens-specials.gr, 1
+uncontrollablegas.com, 1
+uncorporate.cf, 1
+uncoveringnarcolepsy.ca, 1
+uncut.wtf, 1
+uncuteyes.tk, 1
+uncuttype.wtf, 1
+undangan-digital.com, 1
+undawns.tk, 1
+undecidable.de, 1
+undegasesc.net, 1
+undelightfully.tk, 1
+undemocracy.cf, 1
+undemocracy.ga, 1
+undemocracy.gq, 1
+undemocracy.ml, 1
+under-wears.tk, 1
+under15.ml, 1
+undercliff.tk, 1
+underconsideration.com, 1
+undercoverxp.tk, 1
+undercucho.tk, 1
+underdestruction.tk, 1
+underdog.tk, 1
+underfloorheating-uk.co.uk, 1
+underground.jp, 1
+undergrounder.ga, 1
+undergroundiron.tk, 1
+undergroundmusic.tk, 1
+underlined.fr, 1
+undernet.org, 1
+undernet.uy, 0
+undershoping.tk, 1
+underskatten.tk, 1
+understandmaths.co.za, 1
+undertow.ga, 1
+underwaterasia.info, 1
+underwear-fashion.tk, 1
+underwearoffer.com, 1
+underwood.tk, 1
+underwoodpatents.com, 1
+underworlds.tk, 1
+underwriting.ai, 1
+undiariodiferente.tk, 1
+undiepatrol.tk, 1
+undo.co.il, 1
+undone.tk, 1
+undp.lt, 1
+une-bonne-nouvelle.fr, 1
+une-femme-dhonneur.tk, 1
+uneaimages.com, 1
+unece-deta.eu, 1
+unej.org, 1
+uneltemasini.ro, 1
+unemployment.ga, 1
+unemployment.gov, 1
+unepierrepourlui.fr, 1
+unescoclub.tk, 1
+unetyr.gq, 1
+unexcited.tk, 1
+unexpected.nu, 1
+unexplored-belarus.tk, 1
+unexplored-moscow.tk, 1
+unf.dk, 1
+unfabulous.tk, 1
+unfall24.com, 1
+unfallrechtler.de, 1
+unfamousrecords.tk, 1
+unfathomable.blue, 1
+unfc.nl, 1
+unfixed-soul.tk, 1
+unfollow.today, 1
+unfriend.tk, 1
+unga.dk, 1
+ungaeuropeer.se, 1
+ungainlybeast.com, 1
+ungedient.de, 1
+unghie.com, 0
+ungnyo.org, 1
+ungolianth.tk, 1
+ungooglize.org, 1
+ungovernable.men, 1
+ungrafakta.cf, 1
+ungrafakta.gq, 1
+ungrafakta.tk, 1
+unhabitat.org, 1
+unhappy.tk, 1
+unheated.com, 1
+unhub.ru, 1
+uni-chem.rs, 1
+uni-cleaner.com, 1
+uni-watch.com, 1
+uni2share.com, 1
+unia.es, 1
+unian.info, 1
+uniaofraternalraulcury.com.br, 1
+unibaby.com, 1
+unibet.bz, 1
+unibet.ltd, 1
+unibev.net, 1
+unibh.br, 1
+unibolsit.com, 1
+unibuses.co.uk, 1
+unibusreputation.com, 1
+unicef.pl, 1
+unicefcards.cz, 1
+unicefcards.gr, 1
+unicefcards.sk, 1
+unicefcestitke.rs, 1
+unicefkartkidlafirm.pl, 1
+unicefkepeslapok.hu, 1
+unicefvoscilnice.si, 1
+unicintas.com.br, 1
+unicioushop.com, 1
+unicode.gq, 1
+unicode.link, 1
+unicolabo.jp, 1
+unicomergiraygana.com, 1
+unicool.tk, 1
+unicorn-systems.net, 1
+unicorn.melbourne, 1
+unicorndesign.ninja, 0
+unicornheaven.net, 1
+unicornmusic.tk, 1
+unicornsoft.tk, 1
+unicorntooling.eu, 1
+unicrack.cf, 1
+unicreditbulbank.info, 1
+unicul.tk, 1
+unicycle.ga, 1
+unicycle.show, 1
+unidadvirtual.com, 1
+unidata.ca, 1
+unideb.hu, 1
+unidet.eu, 1
+unieducar.org.br, 1
+uniekglas.nl, 1
+uniex.ch, 1
+uniex.pw, 1
+unifashion.ro, 1
+unifestal.com, 1
+unifiednetwork.me, 1
+unifiedwellness.ca, 1
+uniforcele.com, 1
+uniformebateriasheliar.com.br, 1
+uniforms.com.au, 1
+unify.id, 1
+unik.bg, 1
+unikainfocom.in, 1
+unike.tech, 1
+unikimages.com, 1
+unikon.su, 1
+unikos.tk, 1
+unikrn.com, 1
+unikrn.space, 1
+unikrn.tech, 1
+unikrnb2b.com, 1
+unilab.com.ph, 1
+unilinkbus.co.uk, 1
+unilinkgroup.com, 1
+unimarijo.com, 1
+unimarvel.tk, 1
+unimax.com.tw, 1
+unimbalr.com, 1
+unimeias.com.br, 1
+unimex.edu.mx, 1
+unimexver.edu.mx, 1
+unimus.net, 1
+unimusica.tk, 1
+uninatural.com.br, 1
+unine.fun, 1
+unionciclistabinefar.tk, 1
+unioncountyilcourts.gov, 1
+unioncountyiowa.gov, 1
+unioncountyncelections.gov, 1
+unioncountyor.gov, 1
+unioncr.uk, 1
+uniondeterapeutas.com, 1
+unionflpa.gov, 1
+unionhoster.ml, 1
+unionlacalera.tk, 1
+unionlife-net.com, 1
+unionmagdalena.tk, 1
+unionmissouri.gov, 1
+unionplat.ru, 1
+unionreports.gov, 1
+unionstreetskateboards.com, 1
+uniontestprep.com, 1
+unionvilleheating.com, 1
+unios.tk, 1
+unipart.digital, 0
+unipass.ga, 1
+unipaz.edu.co, 1
+unipig.de, 0
+uniq.moe, 1
+uniqclothing.co.za, 1
+uniqopter.com, 1
+uniqsys.eu, 1
+unique-app.com, 1
+unique-news.tk, 1
+unique-punk.tk, 1
+unique-urls.tk, 1
+uniquedollz.tk, 1
+uniqueexpression-coaching.de, 1
+uniquehardware.ca, 1
+uniquehardware.net, 1
+uniquemode.nl, 1
+uniquepathways.ch, 0
+uniquepress.biz, 1
+uniquestlye.ga, 1
+uniqueworks.tk, 1
+uniqweb.ga, 1
+uniresbajdas.ml, 1
+unis-pour-la-planete.com, 1
+unis-pour-le-climat.com, 1
+uniselectweb.com, 1
+uniserve.com, 1
+unison-d.com, 1
+unisontech.org, 1
+unisplendour.com, 1
+unisul.br, 1
+unisupdi.com, 1
+unisys.net.nz, 1
+unisyssecurity.com, 1
+unit-linked.ru, 1
+unit-soft.com, 0
+unit15.net, 1
+unit7jazz.org, 1
+unitanzania.com, 1
+unite-ka.de, 1
+uniteam.ga, 1
+uniteasia.org, 1
+united-coders.com, 1
+united-dm.ml, 1
+united-schools.net, 1
+united-trackmaniacs.tk, 1
+united-trainers-league.tk, 1
+united.com, 0
+unitedadmins.com, 1
+unitedarmyofentropia.tk, 1
+unitedaviate.com, 1
+unitedbaby.fr, 1
+unitedbusinessbank.com, 1
+unitedcyberdevelopment.com, 1
+unitedfitness.com.au, 1
+unitedforwildlife.org, 0
+unitedhomeservices.com.au, 1
+unitedhoseinc.com, 1
+unitedkingdoms-guild.com, 1
+unitedlisbon.school, 1
+unitedpsychological.com, 1
+unitedrestorationfl.com, 1
+unitedsiteservices.com, 1
+unitedstables.tk, 1
+unitedstudents.tk, 1
+unitedstudios.ru, 1
+unitedvalve.com, 1
+unitedweb.com, 1
+unitedwecare.com, 1
+unitedwestand.gov, 1
+uniteforrecovery.govt.nz, 1
+unitefortherecovery.govt.nz, 1
+unitehelivy.be, 1
+uniteinhealth.org, 1
+unitel2000.de, 0
+unitencup.tk, 1
+unither.com, 1
+unitil.com, 1
+unitingwa.org.au, 1
+unitir.gq, 1
+unitizer.com, 1
+unitop.bg, 1
+unity-lepetitshop.com, 1
+unitycardiology.com.au, 1
+unityconsciousnessbooks.com, 1
+unityfactory.io, 1
+unityor.gov, 1
+unitysavannah.org, 1
+unityseguros.com, 1
+unitysyndicate.tk, 1
+unityvox.com, 1
+uniuni.info, 1
+uniup.tk, 1
+univ-segou.ml, 1
+univalence.me, 1
+univaservizi.academy, 1
+univate.berlin, 1
+univdatos.com, 1
+univercite.ch, 0
+univeril.com, 0
+univerkeys.com, 1
+universal-credit.com, 1
+universal-happiness.com, 1
+universal-mail.ml, 1
+universal-tutorial.com, 1
+universal.at, 1
+universalcircus.tk, 1
+universaldriveshafts.com, 1
+universalecology.tk, 1
+universalmedia.tk, 1
+universalmusic.pl, 0
+universalpaymentgateway.com, 1
+universalplant.com, 1
+universalspf.org, 1
+universalstars.com.au, 1
+universalwebcommunity.tk, 1
+universdejeff.com, 1
+universe.horse, 1
+universe.la, 1
+universe.wtf, 1
+universehistory.net, 1
+universehk.tk, 1
+universeinform.com, 1
+universellafredsdanser.se, 1
+universellesleben.tk, 1
+universemasterplan.com, 1
+universen.tk, 1
+universereligion.com, 1
+universevision.com, 1
+universidadperu.com, 1
+universitapopolaredeglistudidimilano.wiki, 1
+universiteplatformu.com, 1
+universitepourlavie.tk, 1
+universitesegou.ml, 1
+universityadmissions.se, 1
+universitycentre.co.uk, 1
+universityhealthplans.com, 1
+universityhousemates.co.uk, 1
+universityhousemates.uk, 1
+universityinmaryland.com, 1
+universityintexas.com, 1
+universityofedinburgh.org.uk, 1
+universityofnarowal.ga, 1
+universitywafer.com, 1
+universoagropets.com.br, 1
+universocaballo.top, 1
+universodelasaludanimal.com, 1
+universogay.com, 1
+universrumbacongolaise.com, 1
+universus.tk, 1
+univim.edu.mx, 1
+univitale.fr, 0
+unix.family, 1
+unix.lu, 1
+unixadm.org, 1
+unixapp.ml, 1
+unixattic.com, 1
+unixauto.com, 1
+unixauto.de, 1
+unixauto.hu, 1
+unixauto.ro, 1
+unixauto.sk, 1
+unixer.tk, 1
+unixery.de, 1
+unixforum.org, 1
+unixfox.eu, 1
+unixgeeks.net, 1
+unixhost.ga, 1
+unixteam.de, 1
+unixtime.date, 1
+unk.gov, 1
+unkn0wncat.net, 1
+unknown-player.com, 1
+unknown.kyoto, 0
+unknownhacks.tk, 1
+unknownmasses.tk, 1
+unknownnet.tk, 1
+unknowntrailsrider.tk, 1
+unknowntrojan.win, 1
+unko.cz, 1
+unkrn.com, 1
+unleashfido.com, 1
+unleashyouridentity.com, 1
+unli.xyz, 1
+unlimiteddata.digital, 1
+unlimiteddsl.ga, 1
+unlimitedheatingcooling.com, 1
+unlimitedpcs.com, 1
+unlimitedzone.tk, 1
+unlocator.com, 1
+unlock-my-sprint.mobi, 1
+unlockauthority.com, 1
+unlockblackberryfree.co.uk, 1
+unlockboot.com, 0
+unlocken.nl, 1
+unlockerboss.com, 1
+unlocks.co.uk, 1
+unlockscheveningen.nl, 1
+unlocktalent.gov, 1
+unlocktoolactivation.com, 1
+unlocktoolactivation.in, 1
+unluco.com, 1
+unm-ye.com, 1
+unmanaged.space, 1
+unmarkdocs.co, 1
+unmask.earth, 1
+unmetric.com, 1
+unminutomami.com, 1
+unmo.com, 1
+unn-edu.info, 1
+unnamed.tk, 1
+unnas.ca, 1
+unniehallyu.co.uk, 1
+uno-express.de, 1
+uno.fi, 1
+uno.uk, 1
+unobrindes.com.br, 1
+unoccupyabq.org, 1
+unocha.org, 1
+unofficialbpb.tk, 1
+unoodostoques.tk, 1
+unope.ml, 1
+unope.ru, 1
+unope.tk, 1
+unoptional.tk, 1
+unoriginal.tk, 1
+unosconotros.com, 1
+unovosti.tk, 1
+unp.me, 1
+unpar.ac.id, 1
+unparenting.com, 1
+unpkg.com, 1
+unpleasant.tk, 1
+unpluggedjuice.dk, 1
+unplugstore.it, 1
+unply.com, 1
+unpoditalia.se, 1
+unpossible.xyz, 1
+unpost.net, 1
+unpr.dk, 1
+unreal-estate.cz, 1
+unreal-estate.pl, 1
+unreal.dk, 1
+unrealircd.org, 1
+unrelated.net.au, 1
+unrepentant.cf, 1
+unrepentant.ga, 1
+unrepentant.ml, 1
+unrestricted.ga, 1
+unri.de, 1
+unric.org, 1
+uns.com, 1
+unsee.cc, 1
+unseeliefilms.com, 1
+unseeliepress.com, 1
+unseen.is, 1
+unser-gartenforum.de, 1
+unsigcrazy.art, 1
+unsourirealecole.fr, 1
+unstable.fun, 1
+unstable.network, 1
+unstable.systems, 1
+unstablewormhole.ltd, 1
+unstockd.org, 1
+unstoppable.money, 1
+unstoppabledomains.com, 1
+unstoppableever.com.br, 1
+unstoppableunits.com, 1
+unsupervised.ca, 1
+untarget.ai, 1
+unterfrauner.it, 1
+unterhaltungsbox.com, 1
+unternehmensberater-website.de, 1
+unternehmensbewertung.pro, 1
+unternehmerrat-hagen.de, 1
+unternimmteam.de, 1
+untethereddog.com, 0
+unti.me, 1
+unti.tk, 1
+untidybits.com, 1
+untitled-home-storage.cyou, 1
+untrading.org, 1
+untro.xyz, 1
+untvweb.com, 1
+unufoundation.com, 1
+unusualhatclub.com, 1
+unusualplaces.org, 1
+unveiledgnosis.com, 1
+unveilturkey.com, 1
+unviajedesabor.com, 1
+unvired.com, 1
+unwa.tk, 1
+unwire.com, 1
+unwiredbrain.com, 0
+unwishingmoon.com, 1
+unworldoceansday.org, 1
+unworthy.ml, 1
+unx.dk, 1
+unxicdellum.cat, 1
+unyouth.co.nz, 1
+unyouth.nz, 1
+unyouth.org.nz, 1
+uoe.com, 1
+uomo.com.ar, 1
+uopeople.reviews, 1
+uoui.de, 1
+up-obmen.ml, 1
+up-stage.jp, 1
+up.com.au, 1
+up1s.tk, 1
+up2date.com.ua, 1
+up2mark.com, 0
+up2staff.com, 1
+up2tech.fr, 1
+up4cash.com, 1
+upahminimum.com, 1
+upakovka-podarkov.tk, 1
+upandatom.biz, 1
+upandrunningtutorials.com, 1
+upar.org, 1
+upay.ru, 1
+upbad.com, 1
+upbatangan.tk, 1
+upbeatrobot.com, 1
+upbeatrobot.email, 1
+upbeatrobot.eu, 1
+upbeatrobot.net, 1
+upbeatrobot.nl, 1
+upbeatrobot.org, 1
+upbeatrobot.social, 1
+upbtrbt.com, 1
+upbtrbt.eu, 1
+upbtrbt.net, 1
+upbtrbt.nl, 1
+upbtrbt.org, 1
+upcambio.com, 1
+upclinic.ru, 1
+upcloud.cz, 1
+upcwifikeys.com, 1
+upcycleandcompany.com, 1
+upd.jp, 1
+updata.com, 1
+update-linthdcp-567app1.com, 1
+updefense.io, 1
+updoze.com, 1
+upengo.com, 1
+uperne.ro, 1
+upestudios.tk, 1
+upex.tk, 1
+upfield.com, 1
+upflow.io, 1
+upforshare.com, 1
+upfronthealthcare.com, 1
+upfurniture.tk, 1
+upgamerengine.com, 1
+upgamerengine.com.br, 1
+upgamerengine.net, 1
+upgintl.com, 1
+upgrade.com, 1
+upgradeguru.de, 1
+upgradeit.dk, 1
+upgradeloans.com, 1
+upgrades-and-options.com, 1
+upgraid.ru, 1
+upguard.com, 1
+upguard.org, 1
+uphabit.io, 1
+uphold-15-party.com, 1
+upholsterycleanerslondon.co.uk, 1
+upholsterydesign.com.au, 1
+uphost.be, 1
+uphshrine.com, 1
+upitnik.rs, 1
+upjong.co.kr, 1
+uplan.com.ua, 1
+uplandsparkmo.gov, 1
+uplaqui.com.br, 1
+uplead.com, 1
+upleveled.io, 1
+uplexis.com.br, 1
+upliftingappalachia.org, 1
+uplinkgame.tk, 1
+uplinklabs.net, 1
+uplinkrev.com, 1
+uplinks24.com, 1
+upload.facebook.com, 0
+uploadbaz.me, 1
+uploadbeta.com, 1
+uploadcare.com, 1
+uploadingsite.com, 1
+uploads.su, 1
+uploadscript.tk, 1
+uploadtokiosk.com, 1
+upmail.ml, 1
+upmchealthsecurity.us, 1
+upmediaclick.com, 1
+upmediaclick.net, 1
+upmediamarketer.ml, 1
+upmls.com, 1
+upmon.com, 1
+upnetwork.ml, 1
+upnext.tk, 1
+upnfm.edu.hn, 1
+upnorth.solutions, 1
+uponsel.com, 1
+uportal.tk, 1
+upp.com, 1
+uppercloud.cf, 1
+upperglass.co.uk, 1
+upperinc.com, 1
+upperskagittribe-nsn.gov, 1
+uppfinnarenc.tk, 1
+upplands-bro.se, 1
+upplevelse.com, 1
+uppsala.tk, 1
+upr.com.ua, 1
+upr.edu, 1
+upr.llc, 1
+upr.si, 1
+upr.ua, 1
+uprawnienia-1kv.pl, 1
+uprawnienia-dronowe.pl, 1
+uprawnienia-drony.pl, 1
+uprawnienia-elektryczne.pl, 1
+uprawnienia-g1.pl, 1
+uprawnienia-motorowodne.pl, 1
+uprawnienia-pomiary.pl, 1
+uprawnienia-sep-1kv.pl, 1
+uprawnienia-sep.com.pl, 1
+uprawnieniaeuropejskie.pl, 1
+uprawnienie-sep.pl, 1
+uprep.lol, 1
+uprep.ml, 1
+uprint.it, 1
+uprisehigh.com, 1
+upropay.com, 1
+upschreven.blog, 0
+upscope.io, 1
+upsdelperu.com.pe, 1
+upsettunnel.com, 1
+upsihologa.com.ua, 0
+upsilonsigmaphi.us, 1
+upsiteseo.com, 1
+upskilllearning.ml, 1
+upskirtmania.tk, 1
+upsocial.ga, 1
+upsocial.pp.ua, 1
+upstairs.one, 1
+upstart.com, 1
+upstatesc.net, 1
+upstream.auto, 1
+uptech.biz.id, 1
+uptechbrasil.com.br, 1
+uptimed.com, 1
+uptimeradar.com, 1
+uptimeuno.com, 1
+uptional.gq, 1
+uptodateinteriors.com, 1
+uptoplay.ovh, 1
+uptrends.com, 1
+uptrends.de, 1
+uptrex.co.uk, 1
+upundit.com, 1
+upupming.site, 0
+upupor.com, 1
+upviews.tk, 1
+upwardcreative.com, 1
+upwardflourish.com, 1
+upwardtraining.co.uk, 1
+upwork.com, 1
+uq1k.com, 1
+uqschool.com, 1
+uquid.com, 1
+uquidcoin.com, 1
+ur-lauber.de, 1
+ur.nl, 1
+ur2.pw, 1
+urabain.com, 1
+uraimo.com, 1
+urakn0x.tk, 1
+ural-emal.ga, 1
+ural-travel.ml, 1
+ural.cf, 1
+ural.ga, 1
+ural.tk, 1
+uralec.tk, 1
+uralscoin.ml, 1
+uralsite.cf, 1
+uralsk.ml, 1
+uralskaya-garmon.tk, 1
+uralspravka.cf, 1
+urandom.co.uk, 1
+urang-kurai.tk, 1
+uraniborg.net, 1
+uraniumhost.ga, 1
+uranius.eu, 1
+uranmoney.ml, 1
+uranus.cf, 1
+urbackups.com, 1
+urbalex.ch, 0
+urban-culture.fr, 1
+urban-lounge.tk, 1
+urban-news.tk, 1
+urban.melbourne, 1
+urbanagriculturesummit.cf, 1
+urbanail.gov, 1
+urbanarcana.tk, 1
+urbanartisan.cf, 1
+urbanbageecha.com, 1
+urbanbikeweamr.ga, 1
+urbanbooks.tk, 1
+urbancoffee.com.mx, 1
+urbancoyoteresearch.com, 0
+urbancreators.dk, 1
+urbane-narrationen.de, 1
+urbanesecurity.com, 1
+urbanevielfalt.de, 1
+urbanface.photography, 1
+urbanfineart.ro, 1
+urbanfoodmarket.nl, 1
+urbanfun.ga, 1
+urbangaming.tk, 1
+urbangardening.ga, 1
+urbangymfirenze.com, 1
+urbanhost.tk, 1
+urbanhotbed.eu, 1
+urbanhub.lt, 1
+urbanietz-immobilien.de, 1
+urbanindustriecoiffure-auray.fr, 1
+urbanism.xyz, 1
+urbanized.tk, 1
+urbanizedrecords.tk, 1
+urbanlounge.tk, 1
+urbanlymodern.com, 1
+urbanmic.com, 1
+urbanmuslim.tk, 1
+urbannewsservice.com, 1
+urbanology.tk, 1
+urbanon.cz, 1
+urbanovich.net, 1
+urbanpiraten.tk, 1
+urbanpromisetrenton.org, 1
+urbansketchers.org, 1
+urbansoundwave.tk, 1
+urbanspitz.tk, 1
+urbanstylestaging.com, 1
+urbantecno.com, 1
+urbantrafficschool.com, 1
+urbantrail.tk, 1
+urbanusonline.tk, 1
+urbanwaters.gov, 1
+urbanwave.co.za, 1
+urbanxdevelopment.com, 0
+urbarberjerry.com, 1
+urbest.io, 1
+urbex.link, 1
+urbexdk.nl, 1
+urburb.social, 1
+urbv.eu, 1
+urbv.net, 1
+urbv.org, 1
+urcentral.com, 1
+urcentral.eu, 1
+urcentral.net, 1
+urcentral.nl, 1
+urcentral.org, 1
+urcommunitytimebanking.org.au, 1
+urdoverie.com, 1
+ureed.com, 1
+ureka.org, 1
+urfreecon.tk, 1
+urge55.com, 1
+urgences-valais.ch, 1
+urgencesolidarite.fr, 1
+urgent-notice.ml, 1
+urgentcaresouthaven.com, 1
+urgrafix.com, 1
+urion.com.br, 1
+uriport.com, 1
+uriports.com, 1
+uripura.de, 1
+urist1011.ru, 1
+urka.tk, 1
+urke.tk, 1
+urkhole.tk, 1
+urko.shop, 1
+urkonsultant.tk, 1
+urkult.se, 0
+url.fm, 1
+url.ht, 1
+urlakite.com, 1
+urlaub-busreisen.de, 1
+urlaub-leitner.at, 1
+urlaub.de, 1
+urlaubsziele.com, 1
+urlauthority.at, 1
+urlauthority.blog, 1
+urlauthority.ch, 1
+urlauthority.co.uk, 1
+urlauthority.com, 1
+urlauthority.de, 1
+urlauthority.eu, 1
+urlauthority.info, 1
+urlauthority.io, 1
+urlauthority.link, 1
+urlauthority.net, 1
+urlauthority.org, 1
+urlauthority.uk, 1
+urlbox.tk, 1
+urlcitr.us, 1
+urlcitrus.com, 1
+urlendecoder.tk, 1
+urlfly.tk, 1
+urlgoo.ga, 1
+urlive.ga, 1
+urljournal.tk, 1
+urlparse.com, 1
+urlrating.com, 1
+urlscan.io, 1
+urlsimple.tk, 1
+urltell.com, 1
+urltodomain.com, 1
+urluno.com, 1
+urlwing.tk, 1
+urlz.ml, 1
+urlz.tk, 1
+urmikron.tk, 1
+uro.soy, 1
+urocentre.ga, 1
+urogen.com, 1
+uroki.tk, 1
+urology.wiki, 1
+urologyoklahoma.com, 1
+urologyspecialistspc.com, 1
+urologywi.com, 1
+uronlinestreams.ga, 1
+uroute.co, 1
+urown.net, 1
+urrestarazuserranoabogados.com, 1
+ursa-minor-beta.org, 1
+ursae.co, 1
+ursonatefanzine.tk, 1
+urspringer.com, 1
+urspringer.de, 1
+urstore.ga, 1
+ursula-gadalka.tk, 1
+ursulahadasch.de, 1
+ursuslibris.hu, 1
+urt.fm, 1
+uruguay-experience.com, 1
+urukproject.org, 1
+uruslugi.tk, 1
+urvastekool.edu.ee, 1
+us-10.cc, 1
+us-10.com, 1
+us-films.com, 1
+us-igloopreview.com, 1
+us-immigration.com, 1
+us.ax, 1
+us.gov, 1
+us.kg, 1
+us.marketing, 1
+us.nl.eu.org, 1
+us10.net, 1
+us2uplumbing.com.au, 1
+usa-10.com, 1
+usa-10.net, 1
+usa-greencard.eu, 1
+usa-reisetipps.net, 1
+usa.gov, 1
+usa10.net, 1
+usa250.gov, 1
+usaa.com, 0
+usabackground.com, 1
+usabilis.com, 1
+usability.com.gr, 1
+usability.gov, 1
+usabusinessdirectories.com, 1
+usacainfo.com, 1
+usacarry.com, 1
+usacrime.com, 1
+usadba.net.ru, 1
+usadf.gov, 1
+usadirectory.tk, 1
+usaestaonline.com, 1
+usage.be, 1
+usagi-ku.ga, 1
+usagm.gov, 1
+usagov.gov, 1
+usahealthwebapps.com, 1
+usaherald.com, 1
+usaisilanlari.com, 1
+usait.org, 1
+usajobs.com, 1
+usajobs.gov, 1
+usalearning.gov, 1
+usamale.cf, 1
+usamdt.com, 1
+usamocha.com, 0
+usamultimeters.com, 0
+usanamiru.cz, 1
+usanewsposts.ga, 1
+usanewstrends.ga, 1
+usapel.com.br, 1
+usaprimecredit.org, 1
+usapublicrecords.com, 1
+usascripthelpers.com, 1
+usaseanconnect.gov, 1
+usastaffing.gov, 1
+usatales.com, 0
+usatiuk.com, 1
+usatodaynetworkservice.com, 1
+usatodaysportsplus.com, 1
+usavingsbank.com, 1
+usaweblist.tk, 1
+usawireguard.com, 1
+usbcompatible.com, 1
+usbevents.co.uk, 1
+usbr.gov, 1
+uscc.org.ua, 1
+uscis.gov, 1
+uscitizenship.info, 1
+uscloud.nl, 1
+uscp8.com, 1
+usctt.org, 1
+uscurrency.gov, 1
+uscveteranspark.org, 1
+usda.gov, 1
+usdailyhealth.tk, 1
+usdfc.gov, 1
+usdirectory.com, 1
+usdirectory.tk, 1
+usdoj.gov, 1
+usdoscloud.gov, 1
+usds.gov, 1
+use.be, 1
+usebosin.gq, 1
+usecamisetas.com, 1
+used-laptop.in, 1
+used255.xyz, 1
+useful-thing.ru, 1
+usefuldiy.com, 1
+usefulinsight.com, 1
+usehonk.com, 1
+usemergencyservices.com, 1
+usenet.tk, 1
+usenethd.li, 1
+usenetreviewz.com, 1
+useon.com, 1
+useon.ru, 0
+user-agent.ml, 1
+user-daitron.jp, 1
+userbase.com, 1
+usercentrics.com, 1
+usercompare.tk, 1
+useresponse.com, 1
+userflow.com, 1
+userhelp.tk, 1
+username.nz, 1
+userpizza.com, 1
+userra.gov, 1
+userstation.de, 1
+userstyles.world, 1
+usetypo3.com, 1
+useworkshop.com, 1
+useyourloaf.com, 1
+usgamesinc.com, 1
+usgeneralhealth.tk, 1
+usgovernmentnews.com, 1
+usgs.gov, 1
+ushandbookapp.com, 1
+ushare.ch, 1
+ushealthprovider.ga, 1
+usherwoodexecutivetravel.com, 1
+usicecenter.gov, 1
+usidfc.gov, 1
+usintimate.com.br, 1
+usjobmarket24.com, 1
+usjt.br, 1
+usk-clan.tk, 1
+uskaonline.tk, 1
+uskaria.com, 1
+uskostadariksi.fi, 1
+uslab.io, 0
+uslegalsupport.com, 1
+usleravnekrog.dk, 1
+uslugi-advokata.ga, 1
+uslugi-advokata.tk, 1
+uslugi-online.pl, 1
+uslugi-voronezh.tk, 1
+uslugikoparkalodz.gq, 1
+usmammy.com.tw, 1
+usmantrader.gq, 1
+usmiddleclass.net, 1
+usmint.gov, 1
+usmoneyreserve.com, 1
+usmrecycles.com, 1
+usnews-new.tk, 1
+usnews.ga, 1
+usninosnikrcni.eu, 1
+usnti.com, 1
+usodesu.ga, 1
+usoog.com, 1
+usoptical.com, 1
+uspaacc.com, 1
+uspanglish.com, 1
+usparklodging.com, 1
+uspeh62.tk, 1
+uspeli.ml, 1
+uspesnyprvnacek.cz, 1
+usphs.gov, 1
+uspib.info, 1
+usplate.com, 1
+uspon.tk, 1
+usportsgo.com, 1
+uspory.cz, 1
+uspreventiveservicestaskforce.org, 1
+uspsblog.com, 1
+uspsoig.gov, 1
+usrspace.at, 1
+uss-atlas.de, 1
+uss-electro.ru, 1
+ussemiquincentennial.gov, 1
+ussfcu.org, 1
+ussm.gov, 1
+ussm.tk, 1
+ussnoorinayatkhan.com, 1
+ussst.org, 1
+ussst.org.in, 1
+ust.space, 1
+ustabor.uz, 1
+ustaywell.com, 1
+ustc.fun, 1
+ustensiles-cuisine.boutique, 1
+ustoy.com, 1
+ustr.gov, 1
+ustreasuryetf.com, 1
+ustugov.kiev.ua, 1
+ustugova.kiev.ua, 1
+ustyj.tk, 1
+usu.org.ua, 1
+usuan.net, 1
+usuluddin.ga, 1
+usuluddin.tk, 1
+usuwanie-wirusow-wordpress.pl, 1
+usvisallc.com, 1
+uswitch.com, 1
+uswritemyessay.com, 1
+usyfawovad.gq, 1
+usygov.ga, 1
+ut-addicted.com, 1
+ut-jobs.net, 1
+ut5s.com, 1
+utafutbol.tk, 1
+utagawavtt.com, 1
+utageno.jp, 1
+utahblackplate.com, 1
+utahblackplates.com, 1
+utahcanyons.org, 1
+utahcountydjcompany.com, 1
+utahdebtcare.com, 1
+utahfanclub.org, 1
+utahfireinfo.gov, 1
+utahlake.gov, 1
+utahlivebands.com, 1
+utahmotors.ru, 1
+utahonlinedivorce.com, 1
+utahphotogs.com, 1
+utaindoradio.cf, 1
+utangard.net, 1
+utaowan.com, 0
+utarn.icu, 1
+utavatu.mk, 1
+utazas-nyaralas.info, 1
+utbabogados.com, 1
+utbosbeekhuuske.tk, 1
+utcast-mate.com, 1
+utduc.com, 1
+utec.edu.pe, 1
+utepecem.com, 1
+utevai.tk, 1
+uthavi.org, 1
+utiao.net, 1
+utiars.com, 1
+uticagravel.com, 1
+utilajexpert.ro, 1
+utilbot.co, 1
+utilia.tools, 1
+utilidad.tk, 1
+utililab.com, 1
+utilitarian.com, 1
+utilitarian.org, 1
+utilitarianism.com, 1
+utilitarianism.org, 1
+utilitarianism.uk, 1
+utilitarismo.com, 1
+utilitas.ee, 1
+utilitiesconstructionsettlement.com, 1
+utilitronium-shockwave.com, 1
+utilitronium.com, 1
+utilityapi.com, 1
+utilitybot.in, 1
+utilityconcierge.com, 0
+utleg.gov, 1
+utloperadora.com.br, 1
+utodyg.ga, 1
+utonia.ch, 1
+utopiahsa.com, 1
+utopialgb.org.uk, 1
+utopian-institute.tk, 1
+utopian-surgery.com, 1
+utopiancapitalism.tk, 1
+utopians.dk, 0
+utopiasmart.city, 1
+utopiatech.tk, 1
+utopicestudios.com, 1
+utopique.net, 1
+utopyaforum.tk, 1
+utrace.me, 1
+utrantor.org, 1
+utrymningsplaner.se, 1
+uttama.ga, 1
+uttenheim.net, 1
+utterberry.io, 1
+utterman.se, 1
+uttnetgroup.fr, 1
+utube.ai, 1
+utural.tk, 1
+utusan.com.my, 1
+utw.me, 1
+utwente.io, 1
+utwf.org, 1
+utzon.net, 1
+uu5197.co, 1
+uu6729.co, 1
+uu6729.com, 0
+uu6957.co, 1
+uu9297.co, 1
+uu939.com, 1
+uu9721.com, 0
+uu9728.co, 1
+uubb.top, 1
+uuin.top, 1
+uuit.nl, 1
+uulu.edu.ee, 1
+uurl.cf, 1
+uurl.ga, 1
+uutf.org.uk, 1
+uuuu.loan, 1
+uuuvn.space, 1
+uv.uy, 1
+uvarov.pw, 0
+uvb.com.co, 1
+uvenuse.cz, 1
+uvesco.es, 1
+uvlamp.ee, 1
+uvocorp.com, 1
+uvomaltiv.ch, 1
+uvpress.com, 1
+uvsa.org.au, 1
+uvsar.com, 1
+uvt.com.co, 1
+uvtcinemas.com, 1
+uvx.io, 1
+uwac.co.uk, 0
+uwalumni.com, 0
+uwat.cc, 1
+uwat.cf, 1
+uwdigitaleboekhouder.nl, 1
+uwe-arzt.de, 1
+uwe-r.com, 1
+uwe-reimold.com, 1
+uwe-reimold.de, 1
+uwe.training, 1
+uwe.wtf, 1
+uweeze.com, 1
+uwefreund.com, 1
+uweier.com, 1
+uwereimold.de, 1
+uwesander.de, 1
+uwfreelanceopticien.nl, 1
+uwiventuresltd.com, 1
+uwtd.me, 1
+uwu.lgbt, 0
+uwu.nu, 1
+uwu.tw, 1
+uwwsb.com, 1
+ux-designers.nl, 1
+ux-solution.de, 0
+ux.pub, 1
+uxdesignerjobs.nl, 1
+uxg.ch, 1
+uxpressia.com, 1
+uxteam.com, 1
+uy.search.yahoo.com, 0
+uygindir.ml, 1
+uyz.me, 1
+uz-yulduzlar.tk, 1
+uz.search.yahoo.com, 0
+uz1xbet.com, 1
+uzagmozemunk.ga, 1
+uzagmozemunk.ml, 1
+uzayliyiz.biz, 1
+uzbaza.tk, 1
+uzbek-soft.tk, 1
+uzbekistan24.tk, 1
+uzbekkizlari.cf, 1
+uzbekkizlari.gq, 1
+uzbekkizlari.ml, 1
+uzbekkizlari.tk, 1
+uzbektumblers.tk, 1
+uzbwap.tk, 1
+uze-store.com, 1
+uzhas-uzhasny.ml, 1
+uzhits.cf, 1
+uzidesign.com, 1
+uziregister.nl, 0
+uzkalip.com, 1
+uzmansorusu.com, 1
+uznaychtotakoe.ru, 1
+uzoic.com, 1
+uzone.uk, 0
+uzparimatch.com, 1
+uzsvm.cz, 1
+uztop.ml, 1
+uzzamari.com, 1
+uzzamari.com.br, 1
+v-d-p.net, 1
+v-empower.com, 1
+v-gornom.ga, 1
+v-horus.cloud, 1
+v-jo.com, 1
+v-kurgane.tk, 1
+v-media.tk, 1
+v-news.tk, 1
+v-novosibirske.tk, 1
+v-ogorode.info, 1
+v-phoenix.tk, 1
+v-platinum.ru, 1
+v-spin.cz, 1
+v-tek.fi, 1
+v-u-z.ru, 1
+v.pn, 1
+v.ps, 1
+v0ctor.me, 1
+v0i.de, 1
+v0v.cc, 1
+v0v.de, 1
+v1.dk, 1
+v10006.com, 0
+v10008.com, 1
+v139.com, 1
+v1r2zz.tk, 1
+v1sit0r.ru, 1
+v2.digital, 1
+v2.pw, 1
+v2bv.net, 1
+v2bv.win, 1
+v2ex.com, 1
+v2mcdev.com, 1
+v2raytech.com, 1
+v2x.sk, 1
+v2xtls.org, 1
+v2yes.com, 1
+v3025.com, 0
+v33v33.com, 1
+v36533.com, 1
+v44v44.com, 1
+v5017.com, 0
+v51365.com, 1
+v5197.co, 1
+v55565.com, 0
+v55v55.com, 1
+v5658.com, 0
+v5ray.club, 1
+v5ray.top, 1
+v6004.com, 1
+v6021.com, 0
+v6170.com, 0
+v6350.com, 0
+v6506.com, 0
+v66255.com, 0
+v66557.com, 0
+v6729.co, 1
+v6752.com, 0
+v6957.co, 1
+v6ss.com, 1
+v700a.com, 1
+v700bb.com, 1
+v700cc.com, 1
+v700dd.com, 1
+v700ee.com, 1
+v700w.com, 1
+v7090.com, 0
+v81365.com, 1
+v82365.com, 1
+v88158.com, 0
+v8abc.com.br, 1
+v8builder.com, 1
+v9285.com, 0
+v9297.co, 1
+v9728.co, 1
+v9728.com, 0
+va-11-hall-a.cafe, 1
+va.gov, 0
+va.ua, 1
+va11hal.la, 1
+va11halla.ddns.net, 1
+vaaddress.co, 1
+vaan-arbeidsrecht.nl, 1
+vaarfoto.nl, 1
+vaartjesboten.nl, 1
+vaat.io, 1
+vabusinesses.org, 1
+vacacionesenlinea.com, 1
+vacacionestours.com, 1
+vacaf.org, 1
+vacanze-in-montagna-dolomiti.com, 1
+vacanze-merano.org, 1
+vacatecleaning.melbourne, 1
+vacati0n.tk, 1
+vacation-croatia.com, 1
+vacation-in-pisak.tk, 1
+vacationfund.co, 1
+vacationsforcouples.com, 1
+vacaturesonline.nl, 1
+vaccantcorner.ml, 1
+vaccinateiowa.gov, 1
+vaccine.gov, 1
+vaccines.gov, 1
+vaccineskill.biz, 1
+vaccinestats.net, 1
+vacek.llc, 1
+vacine.gov, 1
+vacines.gov, 1
+vackor.tk, 1
+vackradetaljer.se, 1
+vaclan.tk, 1
+vaclavambroz.eu, 1
+vacome.com, 1
+vacuna.gov, 1
+vacunas.gov, 1
+vacuumpump.co.id, 1
+vacuumsealers.ml, 1
+vacuumsupplystore.com, 1
+vadang.net, 1
+vadeainterior.com, 1
+vademekum.com, 1
+vaderochvind.se, 1
+vaderqkcloud.ddns.net, 1
+vadiar-angola.tk, 1
+vadidanismanlik.com, 1
+vadik.me, 1
+vadillodelasierra.tk, 1
+vadis.tk, 1
+vado.li, 1
+vadras.rs, 1
+vaew.com, 1
+vagabond.film, 1
+vagabond.fr, 1
+vagabond.tk, 1
+vagabondages.tk, 1
+vagabondgal.com, 1
+vagabundos.tk, 1
+vagaerg.com, 1
+vagaerg.net, 1
+vaganciatechnology.com, 0
+vagasdeempregos.ga, 1
+vageenadispenser.tk, 1
+vaginalrejuvenationkentucky.com, 1
+vagmour.eu, 1
+vagonetta.tk, 1
+vagpartsdb.com, 1
+vagrantbits.com, 1
+vagrantcloud.com, 1
+vagrantup.com, 0
+vague-normande.com, 1
+vahak.in, 0
+vahl.blue, 1
+vahoshop.cz, 1
+vaibhavchatarkar.com, 0
+vaidikapriya.pub, 0
+vail.gov, 1
+vaildcrack.com, 1
+vaindil.com, 1
+vaioswolke.xyz, 0
+vairuok.lt, 1
+vak-pobeda.ru, 1
+vakanser.se, 1
+vakantiedetective.nl, 1
+vakantiehuisschellinkhout.nl, 1
+vakantiehuisverzekeringen.nl, 1
+vakantieinfo.tk, 1
+vakantieverblijfalgarve.nl, 1
+vakat.eu, 1
+vakifuniver.ru, 1
+vakita.fi, 1
+vakrebella.no, 1
+vakuutuskanava.fi, 1
+vakwinkeldemo.nl, 1
+val-casies.net, 1
+val-sec.com, 1
+valach.cz, 1
+valagrovoce.com, 1
+valant.io, 1
+valaphee.com, 1
+valariejenkins.com, 1
+valasi.eu, 1
+valassis.com, 1
+valasskyregion.cz, 1
+valbon.pl, 1
+valcano-krd.ru, 1
+valcano.ru, 1
+valdecaballeros.tk, 1
+valdega.org, 1
+valdelcubo.tk, 1
+valdifunes.com, 1
+valdor2.com, 1
+valdres.tk, 1
+valdultimo.org, 1
+valecnatechnika.cz, 1
+valek.net, 1
+valemountchamber.com, 1
+valemountmuseum.ca, 1
+valemusicfest.com.br, 1
+valencia-s-vikoy.ru, 1
+valenciadevops.me, 1
+valenciaescatala.tk, 1
+valencianisme.tk, 1
+valencianistas.tk, 1
+valencraft.ca, 1
+valencraft.com, 1
+valenhub.com, 1
+valenhub.es, 1
+valeniidemunte.tk, 1
+valentin-dederer.de, 1
+valentin-ochs.de, 1
+valentin-weibel.com, 1
+valentin.app, 1
+valentinaquino.com, 1
+valentinarosamilia.com, 1
+valentinberclaz.com, 0
+valentinemom.cf, 1
+valentinemom.ga, 1
+valentinemom.gq, 1
+valentinemom.ml, 1
+valentinene.gov, 1
+valentinesongs.com, 1
+valentinoduval.fr, 1
+valentinog.com, 1
+valentinstag.ga, 1
+valentinstag.ml, 1
+valentinvesa.ro, 1
+valerian.tk, 1
+valeriansaliou.name, 1
+valeriapanarina.com, 1
+valerieorsoni.com, 1
+valeriya.life, 1
+valeryvenom.net, 1
+valescarodrigues.com.br, 1
+valgagym.ee, 1
+valgardsempornium.pw, 1
+valgavesi.ee, 1
+valhallastrengthsthbne.com.au, 1
+valiakhmetov.tk, 1
+valiant.finance, 1
+valiantprep.org, 1
+valid.com, 1
+validation.link, 1
+validatis.com, 1
+validbot.com, 1
+validius.fi, 1
+validius.net, 1
+validptr.zone, 1
+validus.sg, 1
+validvent.com, 1
+valigate.com, 1
+valigrama.ro, 1
+valika.ee, 1
+valimail.com, 1
+valimised.ee, 0
+valisevoyage.fr, 1
+valitsus.ee, 0
+valivalcoach.com, 1
+valivalcommerce.com, 1
+valkiryan.tk, 1
+valkohalla.dk, 1
+valkohattu.fi, 1
+valkoi-konyvtar.hu, 1
+valkoi-konyvtar.tk, 1
+valkoi-ksk.tk, 1
+valkova.net, 1
+valladolidlempira.tk, 1
+vallansuunta.net, 1
+vallartense.tk, 1
+valledeleresma.tk, 1
+valledibraies.org, 1
+vallee-egoutiers.ca, 1
+valleesenlutte.org, 1
+vallei-veluwe.nl, 1
+vallejo.gov, 1
+vallejoca.gov, 1
+vallen.com, 1
+vallenar.tk, 1
+valleyautofair.com, 1
+valleybrookholidays.com, 1
+valleycom.com, 1
+valleycountyne.gov, 1
+valleydalecottage.com.au, 1
+valleyofdeath.tk, 1
+valleyradiologypad.com, 1
+valleyradiologyufe.com, 1
+valleyshop.ca, 1
+valleystories.ga, 1
+valleysupply.biz, 1
+valleywaste.ca, 1
+valleywidetvrepair.ml, 1
+vallutaja.eu, 1
+valnetcdn.com, 1
+valoan.me, 1
+valolo.fr, 1
+valopv.be, 1
+valor-host.ml, 1
+valorantpicker.com, 0
+valorantpornhentai.com, 0
+valordolarblue.com.ar, 1
+valordotrabalho.com.br, 1
+valoriashard.tk, 1
+valorizofficial.com, 1
+valparaiso.tk, 1
+valparaisoin.gov, 1
+valpareso.tk, 1
+valphenn.blue, 1
+valpovo-online.tk, 1
+valsa.mx, 1
+valsenales.it, 1
+valshamar.is, 1
+valskis.lt, 1
+valsorey.ch, 0
+valtech.de, 1
+valtech.io, 1
+valtherperron.nl, 1
+valtlai.fi, 1
+valtoaho.com, 1
+valtool.uk, 1
+valudo.st, 1
+valueaddedonline.com, 1
+valuelinksoftware.com, 1
+valuemyhome.co.uk, 1
+valuemyhome.uk, 1
+valueourmind.com, 1
+valueourminds.com, 1
+valueourminds.org, 1
+valueresearchonline.com, 1
+values.com, 1
+valueseed.net, 1
+valunet.co.za, 1
+valuoo-legal.com, 1
+valuskills.co.za, 1
+valuta-tools.nl, 1
+valuuttamuunnin.com, 1
+valvulasvaneo.com, 1
+valx.jp, 1
+vam-podarok.tk, 1
+vam3.com, 1
+vami.tk, 1
+vamoneysearch.gov, 1
+vamonospaportugal.tk, 1
+vamosalvaiazere.pt, 1
+vamosargentina.tk, 1
+vamoscurarsintra.pt, 1
+vamosfalardesaude.pt, 1
+vampire-studios.tk, 1
+vampire142.fr, 1
+vampireapocalypsesurvival.com, 1
+vampiresdawn.org, 1
+vampirzine.tk, 1
+vampyrium.com, 0
+vampyrium.net, 0
+vamsucai.com, 1
+vamziyuan.com, 1
+van-assen.com, 1
+van-brandevoort.tk, 1
+van-der-straeten.be, 1
+van.ddns.net, 1
+van11y.net, 1
+vanadrighem.eu, 1
+vanafhier.nl, 1
+vanarok.xyz, 0
+vanasperenschoenen.nl, 1
+vanbalen.be, 1
+vanbarel.tk, 1
+vanboven.nl, 1
+vanboyvital.tk, 1
+vanbruchem.tk, 1
+vanburencounty-mi.gov, 1
+vanburencountyiowa.gov, 1
+vancityconcerts.com, 1
+vancoevents.com, 1
+vancouver.gov, 1
+vancouverchess.com, 1
+vancouvercosmeticsurgery.ca, 1
+vancouverdriveband.com, 1
+vancouverok.com, 1
+vancouverwademolition.com, 1
+vancouverwaseo.org, 1
+vancubers.com, 1
+vandaalen.email, 1
+vandalfsen.me, 1
+vandals.ml, 1
+vandam.io, 1
+vande-walle.eu, 1
+vandegriftplasticsurgery.com, 1
+vandemeent.eu, 1
+vandenbergfss.com, 1
+vandenbroekwi.gov, 1
+vandeput.be, 1
+vander-bugenne.fr, 1
+vanderbeek.be, 1
+vanderbeekonline.nl, 1
+vanderbiltcisa.org, 0
+vanderkley.it, 1
+vanderkrieken.org, 1
+vanderleeden.servepics.com, 1
+vanderlinde.ml, 1
+vandermeer.frl, 1
+vanderrijt.nl, 1
+vandersmissen.lawyer, 1
+vanderstraeten.dynv6.net, 1
+vanderzwet.net, 1
+vandi.tk, 1
+vandijkmaatwerk.nl, 1
+vandommelenart.com, 0
+vandoornmiddenzeeland.nl, 1
+vandortgroep.nl, 1
+vandrielschoenen.nl, 1
+vandyhacks.org, 1
+vanesaleiro.tk, 1
+vanessaamorosi.tk, 1
+vanessabalibridal.com, 1
+vanessaglendagarcia.tk, 1
+vanessarivas.com, 1
+vanetv.com, 1
+vaneurology.com, 1
+vaneyckexpo.be, 1
+vaneyckwashere.be, 1
+vaneyckwashere.com, 1
+vaneyckwashere.eu, 1
+vaneyckwashere.gent, 1
+vangest.com, 1
+vangest.pt, 1
+vangoghcoaching.nl, 1
+vanguards.tk, 1
+vanhatten.com, 1
+vanheede.com, 1
+vanhelsing.ml, 1
+vanhelsing.tk, 1
+vanherle-dakdichting.be, 1
+vanhoudt-usedcars.be, 1
+vanhoutte.be, 0
+vanhove.biz, 1
+vaniamgroup.com, 1
+vanier.gc.ca, 1
+vanilla-official.jp, 1
+vanillacoder.co.za, 1
+vaninsure247.co.uk, 1
+vaniola.com, 1
+vanisha.co, 1
+vanished.tk, 1
+vanitas.xyz, 0
+vanityestetik.com, 1
+vanityfairnapkins.com, 0
+vanivi.ml, 1
+vanjeveren.nl, 1
+vanlierdezottegem.be, 1
+vanlong.com.vn, 1
+vanmalland.com, 1
+vanmalleghem.eu, 1
+vanna-mechti.tk, 1
+vanna-original.ru, 1
+vanna5.ru, 1
+vannaos.com, 1
+vannaos.net, 1
+vanndigital.com, 1
+vanner.com, 1
+vannoordgouda.nl, 1
+vanouwerkerk.net, 1
+vanquish.tk, 1
+vanral.com.br, 1
+vanrichie.nl, 1
+vanspa.vn, 1
+vanstoftotleven.nl, 1
+vantagepointpreneed.com, 1
+vantagesfa.com, 1
+vantien.com, 1
+vantru.is, 1
+vanuithartenziel.nl, 1
+vanvanlines.com, 1
+vanwa.ch, 1
+vanwertcountyohio.gov, 1
+vanwoensei.xyz, 1
+vanwoensel.directory, 1
+vanwoensel.xyz, 1
+vanwort.de, 1
+vanwunnik.com, 1
+vanya.click, 1
+vanyavpn.com, 1
+vaoig.gov, 1
+vapebhd.com, 1
+vapebuddy.ch, 1
+vapeclub.co.uk, 1
+vapecom-shop.com, 1
+vapecraftinc.com, 0
+vapecrunch.com, 1
+vapehousebh.com, 1
+vapeking.co.za, 1
+vapensiero.co.uk, 1
+vapesense.co.uk, 1
+vapeshoppos.com, 1
+vapetaclope.cf, 1
+vapevine.ca, 1
+vapex.pl, 1
+vapingdaily.com, 1
+vapocial.com, 1
+vapolik.fr, 1
+vapoo.de, 1
+vapor.cloud, 0
+vapordepot.jp, 1
+vaporquest.tk, 1
+vapotank.com, 1
+vapoteuse.fr, 1
+vapourtown.com, 1
+vapteke.ru, 1
+var.cc, 1
+varaani.tk, 1
+varalaval.com, 1
+varb.in, 1
+varcare.jp, 1
+varda.nl, 1
+vardakeio.gov.gr, 1
+vardenafilhcl.gq, 1
+varela-electricite.fr, 1
+varelaloca.tk, 1
+varghese.de, 1
+variable.dk, 1
+variablyconstant.com, 1
+variance.pl, 1
+varianteespiritual.gal, 1
+variatesonline.tk, 1
+variatkowo.pl, 1
+varied.ga, 1
+varierchairs.com, 1
+variohyp.de, 1
+variomedia.de, 1
+variusunum.com, 1
+varizh.by, 1
+varjo.tk, 1
+varjuring.tk, 1
+varlex.cl, 1
+varlin.tk, 1
+varmaz.men, 1
+varna-airport.bg, 1
+varney.tk, 1
+varnish.ga, 1
+varonahairrestoration.com, 0
+varrogepcentrum.hu, 1
+varshathacker.com, 1
+varun-rajeshwari.tk, 1
+varuniyer.info, 1
+varvitra20mg.ga, 1
+varvy.com, 1
+varyrentacar.com, 1
+varztupasaulis.com, 1
+varztupasaulis.eu, 1
+varztupasaulis.lt, 1
+varztupasaulis.net, 1
+vas-webmaster.cz, 1
+vas.com, 1
+vasaconsulting.com, 1
+vasaivirarnews.com, 1
+vasankari.fi, 1
+vasanth.org, 0
+vasaprilezitost.eu, 1
+vasconcellos.casa, 1
+vascularlaser.com.br, 1
+vase-dovolena.cz, 1
+vasel.de, 1
+vasel.eu, 1
+vaselin.cf, 1
+vaselin.ga, 1
+vaselin.gq, 1
+vaselin.ml, 1
+vaselin.tk, 1
+vases.tk, 1
+vasficelik.com, 1
+vash-doctor.tk, 1
+vash-dom.tk, 1
+vashdohod.ml, 1
+vashel.us, 1
+vasheradio.tk, 1
+vashmatrass.ru, 1
+vashprazdnik.tk, 1
+vasilev.wtf, 1
+vasilevo.tk, 1
+vasilijeojdanic.ml, 1
+vasilijeojdanic.tk, 1
+vasilikieleftheriou.com, 1
+vasilisa-volodina.cf, 1
+vasilisa-volodina.ga, 1
+vasilisa-volodina.gq, 1
+vasilisa-volodina.ml, 1
+vaskulitis-info.de, 1
+vasp.at, 1
+vassalengine.org, 1
+vassourassaojoao.com.br, 1
+vastdata.com, 0
+vastgoed-lidl.nl, 1
+vastgoedcert.nl, 1
+vastgoedfaculteit.be, 1
+vastu.co.il, 1
+vasya-com.tk, 1
+vasya-odyag.tk, 1
+vasyaka.cf, 1
+vasyaka.ga, 1
+vasyharan.com, 1
+vat-eu.com, 1
+vat-funding.com, 1
+vatav.eu, 1
+vatav.tk, 1
+vatazhok.com, 1
+vatikantour.tk, 1
+vatlieuhay.com, 1
+vatman.tk, 1
+vatnik.info, 1
+vato.nl, 1
+vats.im, 1
+vattulainen.fi, 1
+vauban-ip.com, 1
+vauceri.hr, 1
+vaugarnier.fr, 1
+vaughanrisher.com, 1
+vaulavalpola.tk, 1
+vault.investments, 1
+vault.spdns.eu, 1
+vault12.com, 1
+vault12.io, 1
+vault182.xyz, 1
+vault81.de, 1
+vaultdoma.in, 1
+vaultlabs1226.com, 1
+vaultproject.io, 0
+vaur.fr, 1
+vaurio.tk, 1
+vavada.com, 1
+vave.men, 1
+vavel.com, 1
+vawebsite.co, 1
+vawic4retailers.org, 1
+vawlt.io, 1
+vawomenshealth.com, 1
+vaxbook.com, 1
+vayaport.com, 1
+vayaprecio.es, 1
+vayavotarcolorado.gov, 1
+vaygren.com, 1
+vazdemelloconsultoria.com.br, 1
+vb.com.br, 1
+vba.rest, 1
+vbanu.com.ua, 1
+vbelgorode.tk, 1
+vbetcn.com, 1
+vbl.co.th, 1
+vbql.me, 1
+vbsoft.cz, 1
+vbttc.com, 1
+vburyatii.ml, 1
+vbwinery.com, 1
+vc123.xyz, 1
+vcacursus.nl, 1
+vcanederland.nl, 1
+vcard.mx, 1
+vcare.group, 1
+vccload.com, 1
+vccmurah.net, 1
+vccv.cc, 1
+vcdspro.de, 1
+vcebookclub.com.au, 1
+vcelin-na-doliku.cz, 1
+vcf.gov, 1
+vchelyabinske.tk, 1
+vclobby.com, 1
+vcloudways.com, 1
+vcm.ru, 1
+vcmi.download, 1
+vcockpit.de, 1
+vconcept.ch, 1
+vconcept.me, 1
+vconstruct.com, 1
+vcot.info, 1
+vcpa.gov, 1
+vcraftaudio.com, 1
+vcross.cf, 1
+vcs-steuern.de, 1
+vcsafrica.com, 1
+vcsjones.codes, 1
+vcsjones.com, 1
+vcsource.tk, 1
+vcti.cloud, 1
+vcz.fr, 1
+vczk.me, 1
+vd42.net, 0
+vda.li, 1
+vdagestan.tk, 1
+vdb-it.com, 1
+vdbongard.com, 1
+vdcomp.cz, 0
+vddruckwerk.de, 1
+vdemuzere.be, 1
+vdheyden.net, 1
+vdim.shop, 1
+vdisk24.de, 1
+vdmeij.com, 1
+vdmeta.com, 1
+vdolg2000rub.ga, 1
+vdolg2000rub.ml, 1
+vdolg8000rub.cf, 1
+vdolg8000rub.ga, 1
+vdolg8000rub.gq, 1
+vdolg8000rub.ml, 1
+vdolg8000rub.tk, 1
+vdownloader.com, 1
+vdrei.at, 1
+vdslux.eu, 1
+vdstc.com, 1
+vdw-instruments.com, 1
+vdw.ovh, 1
+vdzwan.net, 1
+ve-1xbet.com, 1
+ve.search.yahoo.com, 0
+ve3oat.ca, 1
+veadoscomfome.tk, 1
+veast.network, 1
+vebbankir-zajm-onlajn.gq, 1
+vebdengi.tk, 1
+vebeco.de, 1
+veber.bg, 1
+veca.tk, 1
+vecara.es, 1
+vecchiofornobarletta.it, 1
+vechainstats.com, 1
+vecherka.tk, 1
+vechersky.tk, 1
+vectomatic.org, 1
+vectops.com, 0
+vector.express, 1
+vectorcardiometry.tk, 1
+vectordtg.com, 0
+vectormagnetics.com, 1
+vectortrack.com.au, 1
+vectorwish.com, 1
+vectrum.cf, 1
+vedeneev.tk, 1
+vedev.io, 1
+vedma-praktik.com, 1
+vedom.ru, 1
+vedran-zulin.from.hr, 1
+vee.ci, 1
+veeam.com, 1
+veebill.com, 1
+veebiveski.ee, 1
+veefna.com, 1
+veegish.com, 1
+veekshanam.com, 1
+veerleklinge.nl, 1
+veessen.tk, 1
+veethi.com, 1
+veeva.com, 1
+veeva.link, 1
+vefagas.com, 1
+veg-leiden.nl, 0
+veg.lv, 0
+vega-diva.com, 1
+vega-rumia.pl, 0
+vega.education, 1
+vegalanguageacademy.ca, 1
+vegan-essen.tk, 1
+vegan-kochen.tk, 1
+vegan-pratique.fr, 1
+vegane-proteine.com, 1
+veganenumbers.com, 1
+veganfamiliesclub.com, 1
+vegangaymer.blog, 1
+veganism.co.uk, 1
+veganism.com, 1
+veganismo.tk, 1
+veganitos.tk, 1
+veganlinguists.org, 1
+veganmasterrace.com, 1
+veganplace.it, 1
+veganrecipereviews.com, 1
+veganuary.com, 1
+veganvisboer.nl, 1
+veganz.de, 1
+vegardit.com, 1
+vegascasino.news, 1
+vegasconcepts.com, 1
+vegasluxuryestates.com, 1
+vegasrock.tk, 1
+vegavio.com, 1
+vegculinary.com, 1
+vege-tables.fr, 1
+vegekoszyk.pl, 1
+vegepa.com, 1
+vegetariantokyo.net, 1
+vegetarier-sind-moerder.tk, 1
+veggie-einhorn.de, 0
+vegoresto.fr, 1
+vegtelenchat.tk, 1
+veguillas.tk, 1
+vegvor.com, 1
+vehicleenquiry.service.gov.uk, 1
+vehiclehistory.gov, 1
+vehicleinfozone.com, 1
+vehiclematsuk.com, 1
+vehicletax.service.gov.uk, 1
+vehicletransportservices.co, 1
+veidiheimar.is, 1
+veii.de, 1
+veikkosimpanen.fi, 1
+veilofsecurity.com, 1
+veincenterbrintonlake.com, 1
+veintidos.com.ar, 1
+vejanoticias.com.br, 1
+vejas2004.tk, 1
+vejersferie.de, 1
+vek.com.br, 1
+vekashka.gq, 1
+vekenz.com, 1
+vektlofting.tk, 1
+vektor.tk, 1
+vektorparts.ru, 1
+velacartagena.tk, 1
+velassoltas.pt, 1
+veldadvies.nl, 1
+veldhovenactief.nl, 1
+velen.io, 1
+veles-moto.ru, 1
+velesnet.ml, 1
+velforo.com, 1
+veli.ee, 1
+velichkin.tk, 1
+velika-balgaria.tk, 1
+velikijhutir.cherkassy.ua, 1
+velis.tk, 1
+velken.de, 1
+vellandreathcornishcottages.com, 1
+vellingetaxi.se, 1
+velmart.ua, 1
+velmorra.id, 1
+velo-doktor.ch, 1
+velo-volga.tk, 1
+velo24.tk, 1
+velobar.plus, 1
+velociter.net, 1
+velocitycu.com, 0
+velocityelectronics.com, 1
+velocityfiber.com, 1
+velocitygames.tk, 1
+velocityhost.com.au, 1
+velocitytech.com, 1
+velocompany.com, 1
+velocompany.de, 1
+velomap.org, 1
+velonustraduction.com, 1
+velopinion.fr, 1
+veloroute.hamburg, 1
+velosipedi.tk, 1
+velostudio.com.ua, 1
+velotours.ga, 1
+velotyretz.fr, 0
+velovelo.gq, 1
+veluwerally2002.tk, 1
+velvet-tarantula.tk, 1
+velvetempire.tk, 1
+velvetia.no, 1
+vema-bg.com, 1
+vemoweb.com, 0
+venacifuentes.tk, 1
+venali.tk, 1
+venalytics.com, 1
+venangocountypa.gov, 1
+venasoft.systems, 1
+venatorinc.tk, 1
+venbot.tk, 1
+vendaapartamentomoema.com.br, 1
+vendadopinheiro.com, 1
+vendadopinheiro.net, 1
+vendadopinheiro.org, 1
+vendagora.tk, 1
+vendasdealbunsbrasil.tk, 1
+vendee.tk, 1
+vendela.tk, 1
+vendermicasarapido.com.mx, 1
+vendi.it, 1
+vendigital.com, 1
+vendingmachines.tk, 1
+vendisrls.it, 1
+venditorepoa.com.br, 1
+vendloop.com, 1
+vendomicasaenserena.cl, 1
+vendor-finance.uk, 1
+vendorconnect.nyc, 1
+vendorful.com, 1
+vendorleasing.uk, 1
+vendorpedia.com, 1
+vendreacheter.be, 1
+vendreacheter.net, 1
+vendserve.eu, 1
+vendsoefoutra.ga, 1
+vendsoefoutra.ml, 1
+venegreco.com, 1
+venenum.org, 1
+venera-magik.tk, 1
+venesuela.cf, 1
+venetkaarsenovart.com, 1
+venev.com, 1
+venev.name, 1
+venezia.ga, 1
+veneziatoday.it, 1
+venezuelachat.tk, 1
+venezuelalibre.tk, 1
+venga.tk, 1
+vengriya.tk, 1
+venicecakes.ga, 1
+venicecomputerrepair.com, 1
+venicefl.gov, 1
+venicefloridawebsitedesign.com, 1
+venicerealdeal.com, 1
+venida.com, 1
+venje.pro, 0
+venlafaxine.gq, 1
+venndy.com, 1
+vennet.fr, 1
+vennprime.com, 1
+venomxsecurity.com, 1
+venostech.com, 1
+venstar.com, 1
+ventaenlinea-bancoomeva.com, 1
+ventajasdesventajas.com, 1
+ventana.kz, 1
+ventanillaproveedorespit.com, 1
+ventasreit.com, 1
+ventassantillan.com, 1
+vente-voiture.org, 1
+ventes-privees-flash.fr, 1
+venti-athens.gr, 1
+venti.eu.org, 1
+ventilateurs-plafond.com, 1
+ventiques.com, 1
+ventizo.com, 1
+ventnose.com, 1
+ventolin-hfa.tk, 1
+ventolin.ga, 1
+ventor.ml, 1
+ventosport.nl, 1
+ventuordici.org, 1
+venturavwparts.com, 1
+venture.biz.id, 1
+venturebanners.co.uk, 1
+ventureharbour.com, 1
+venturepointe.com, 1
+ventures.lgbt, 1
+ventureslgbt.com, 1
+venturum.com, 1
+venturum.de, 1
+venturum.eu, 1
+venturum.net, 1
+venuedriver.com, 1
+venurse.net, 1
+venus-erotic.com, 1
+venus-football-giveaway.co.uk, 0
+venusbeautyproducts.in, 1
+venusvprincess.com, 1
+venzeo.com, 1
+veobas.com, 1
+veonow.com, 1
+vepein.ga, 1
+vepein.gq, 1
+veply.com, 1
+ver.ma, 1
+ver.re, 1
+vera-1.ru, 1
+verae.tk, 1
+verafin.com, 1
+verakoubova.net, 1
+veramagazine.jp, 0
+veramark.cl, 1
+verasani.ch, 1
+verasani.com, 1
+verascityscience.com, 1
+verasoie.fr, 1
+verasoul.com, 1
+verasrvmobiledetail.com, 1
+verata.co, 0
+verberne.nu, 1
+verbert.be, 1
+verbier-lechable.com, 1
+verbierfestival.com, 0
+verbmaestro.com, 1
+verboom.co.nz, 1
+verbundkredit.ag, 1
+verbundkredit.biz, 1
+verbundkredit.com, 1
+verbundkredit.de, 1
+verbundkredit.eu, 1
+verbundkredit.info, 1
+verbundkredit.net, 1
+verbundkredit.org, 1
+verbzilla.com, 1
+vercel.co, 1
+vercel.com, 1
+vercel.email, 1
+vercel.org, 1
+vercel.sh, 1
+vercopy.com, 1
+vercountyil.gov, 1
+verdeandco.co.uk, 1
+verdecora.es, 1
+verdensflag.dk, 1
+verdeplus.net, 1
+verdesfoundation.org, 1
+verdict.gg, 1
+verdict.ro, 1
+verdonkadvocaten.nl, 1
+verduccies.com, 0
+verdugosxerecistas.tk, 1
+veredadelaestrella.tk, 1
+verein-kiekin.de, 1
+vereine-weiskirchen.de, 1
+vereinscheck.de, 1
+vereinswahl.online, 1
+veren-group.ua, 1
+verena.gallery, 1
+verenpaine.com, 1
+vereshagino.tk, 1
+verf.nu, 1
+verfassungsklage.at, 1
+verge-solutions.com, 1
+verge.capital, 1
+vergehealth.com, 1
+vergelijksimonly.nl, 1
+vergelijkwitgoed.nl, 1
+vergesense.com, 1
+vergessen.cn, 1
+vergilioferreira.pt, 1
+vergraal.tk, 1
+verhaltenstherapie-weiden.de, 1
+verhaslaw.com, 1
+verhave.net, 1
+verhoog.xyz, 1
+veri2.com, 1
+verifalia.com, 1
+verificationlink.ga, 1
+verified.lu, 1
+verifiedcliq.com, 1
+verifiedjoseph.com, 0
+verifiny.com, 1
+verifize.co.za, 1
+verify.gov.sg, 1
+verifyos.com, 1
+verifyyourip.com, 1
+verigom.com, 1
+verindra.ga, 1
+veriomed.com, 1
+veripn.com, 1
+veritablescreening.com, 1
+veritafineviolins.com, 1
+veritas-data.de, 1
+veritashomeschoolers.org, 1
+veritasinvestmentwealth.com, 1
+veriteliberte.fr, 1
+veriteslibertes.com, 1
+veriteslibertes.fr, 1
+verityinspections.com, 1
+verizonconnect.com, 0
+verkada.com, 1
+verkami.com, 1
+verkeer.gent, 1
+verkeersschoolrichardschut.nl, 1
+verkeersschoolvanhouten.nl, 1
+verkkovalmentajat.fi, 1
+verkossa.tk, 1
+verksampsykologi.com, 1
+verlag-lq.at, 1
+verlag-lq.ch, 1
+verlag-lq.com, 1
+verlag-lq.de, 1
+verlag-lq.net, 1
+verlagdrkovac.de, 0
+verlaglq.com, 1
+verland.org, 1
+verleger.biz, 1
+verliebt-in-bw.de, 1
+verliebt-in-niedersachsen.de, 1
+verliefde-jongens.nl, 1
+verlocke.de, 1
+verloja.com, 1
+verloskundigepraktijktolmiea.nl, 1
+vermaeckbouw.nl, 1
+vermageringsdieetpillen.ga, 1
+vermageringsdieetpillen.gq, 1
+vermageringsdieetpillen.tk, 1
+vermellcollection.com, 1
+vermogeninkaart.nl, 1
+vermont.builders, 1
+vermontbiz.com, 1
+vermontflannel.com, 1
+vermontvilletownshipmi.gov, 1
+vermouth.cf, 1
+vermuetje.nl, 1
+vern.cc, 0
+vernal.gov, 1
+verndale.com, 1
+vernis-marins.com, 1
+vernonfigureskatingclub.com, 1
+vernonfilmsociety.bc.ca, 1
+vernonreinike.com, 1
+vernonsecureselfstorage.ca, 1
+vernonspeedskatingclub.com, 1
+vernonvt.gov, 1
+veronasera.it, 1
+veronic.hu, 1
+veronicasuperguide.nl, 1
+veronique-schmitz.de, 1
+veropharm.ru, 1
+veros-volejbal.tk, 1
+veros.com, 1
+verrame.no, 1
+verrerie-mousseline.org, 0
+verry.org, 1
+vers.one, 1
+versa-networks.com, 1
+versagercloud.de, 1
+versahub.com, 1
+versaillestourisme.fr, 1
+versalhost.nl, 1
+versallesin.com, 1
+versanthealth.com, 1
+versata.pt, 1
+versatek.com, 1
+versbesteld.nl, 1
+verschil.info, 1
+verschurendegroot.nl, 1
+verse.eu.org, 1
+versfin.net, 1
+versia.ru, 1
+versicherung-website.de, 1
+versicherungen-werner-hahn.de, 1
+versifylabs.com, 1
+versionit.org, 1
+versium.net, 1
+verspai.de, 1
+versprite.com, 1
+verstaanwiskunde.co.za, 1
+verstka.cf, 1
+verstka.ga, 1
+verstka.tk, 1
+versus-hair.com, 1
+versus-sec.com, 1
+versusforum.tk, 1
+versustexas.com, 1
+vertanex.com, 1
+vertaxaccountants.co.uk, 1
+vertebrates.com, 1
+vertec-cloud.at, 1
+vertec-cloud.com, 1
+vertec-cloud.de, 1
+vertec-test.at, 1
+vertec-test.com, 1
+vertec-test.de, 1
+vertec.com, 1
+verteilergetriebe.info, 1
+vertex-academy.com, 1
+vertexinc.com, 1
+vertexlife.ml, 1
+vertexlife.tk, 1
+vertexsmb.com, 1
+vertexventures.co.il, 1
+vertexventures.sg, 0
+verticalmindventures.com, 1
+verticals.tk, 1
+verticalstructure.com, 1
+verticesedge.com, 1
+vertichost.com, 1
+vertichost.ro, 1
+verticweb.com, 1
+vertigo.name, 0
+vertigomassage.com, 1
+vertikal.tk, 1
+vertiko.de, 1
+vertip.net, 1
+vertragsfix.de, 1
+vertrauen.site, 1
+vertretungsplan.io, 1
+vertrieb-strategie.de, 1
+vertrouwenspiegel.nl, 1
+vertymelo.com, 1
+verustracking.com, 1
+verve.com, 1
+vervewellness.co.nz, 1
+verwandlung.org, 1
+verwarring.tk, 1
+very-good.ru, 1
+veryapt.com, 1
+verybin.com, 1
+veryestate.com, 1
+veryfinecommentary.tk, 1
+verygoodmarketing.nl, 1
+verygoodwebsite.ca, 1
+veryhome.com.pe, 1
+verymelon.de, 1
+verymetal.site, 1
+veryssl.com, 1
+veryswing.com, 1
+verzekerdbijhema.nl, 1
+verzekeringsacties.nl, 1
+verzekerjebeter.nl, 0
+verzick.com, 1
+vesa.ro, 1
+vesaviljanen.fi, 1
+vescudero.net, 1
+veseleruska.sk, 1
+veselka.tk, 1
+veselyjpovar.gq, 1
+vesen.tk, 1
+vesinhcongnghiepttchome.com, 1
+vesiskitim.ru, 1
+veski.hr, 1
+vesmail.biz, 1
+vesmail.email, 1
+vesna2011.tk, 1
+vespacascadia.com, 1
+vesseldove.com, 1
+vessentys.com, 1
+vesta.us, 1
+vestacp.top, 1
+vestakassa-online.cf, 1
+vestal.nl, 1
+vestalny.gov, 1
+vestberry.com, 1
+vestd.com, 0
+vestia.nl, 1
+vestibtech.com, 1
+vestibulaire.ch, 1
+vestibular.science, 1
+vestiizhevska.cf, 1
+vestingbar.nl, 1
+vestirnakaret.cz, 1
+vestkyneonline.cz, 1
+vestlundbolargen.tk, 1
+vestnik24.cf, 1
+vestum.ru, 1
+vesuvio.tk, 1
+vet24hour.co.uk, 1
+vet4life.co.uk, 1
+vetafarm.com.au, 1
+vetantumapu.cl, 1
+vetbilgi.com, 1
+vetbits.com, 0
+vetcard.info, 1
+vetch.ga, 1
+vetclick.com, 1
+veteranreservecorps.com, 1
+veteransadvantage.com, 1
+veteranscrisisline.net, 1
+veteransfirstwatch.com, 1
+veteransholidaylights.com, 1
+veteransroofingllc.com, 1
+veteranticketsfoundation.org, 1
+veterinanmnm.cz, 1
+veterinanmnm.eu, 1
+veterinarian-hospital.com, 1
+veterinarianedu.org, 1
+veterinario.milano.it, 1
+veterinario.roma.it, 1
+veterinary-colleges.com, 1
+veterinaryhelp.cf, 1
+veterinaryvision.co.uk, 1
+veteriner.name.tr, 1
+veterquimica.pe, 1
+vetikalender-berlin.de, 1
+vetinte.eu, 1
+vetitus-teatro.tk, 1
+vetmgmt.com, 1
+vetnet.info, 1
+veto.fish, 1
+vetofish.com, 1
+vetosh.tk, 1
+vetpraxis.de, 1
+vetputten.nl, 1
+vetren.tk, 1
+vetreria.roma.it, 1
+vetres.net.au, 1
+vets.gov, 1
+vets24.ae, 1
+vetscore.co.za, 1
+vetsmarketing.co.za, 1
+vetsource.com, 0
+vettenburg.eu, 1
+vettix.org, 1
+vetuni.cz, 1
+vetustainversion.com, 1
+vetvim.com, 1
+veules-les-roses.fr, 1
+veve.com, 1
+veverusak.cz, 1
+vevioz.com, 1
+vexsh.com, 1
+vezettaksii.ru, 1
+veziaici.net, 1
+vezzo.one, 1
+vf-bikes.be, 1
+vf99.com, 1
+vfbikes.be, 1
+vfc.com, 0
+vfdworld.com, 1
+vfg.com.ua, 1
+vfn-nrw.de, 1
+vfnm.de, 1
+vfree.org, 0
+vfwpost1.org, 1
+vfxstudy.com, 1
+vg-resource.com, 1
+vgatest.nl, 1
+vgbf.tk, 1
+vgchat.us, 1
+vgerak.com, 1
+vglist.co, 1
+vgopilot.azurewebsites.net, 1
+vgorcum.com, 1
+vgpu.vladimir.ru, 1
+vgropp.de, 1
+vgxcontactcenter.com.br, 1
+vgywm.com, 1
+vhelio.org, 1
+vhg.org, 1
+vhiweb.com, 1
+vhosting-it.com, 1
+vhproductions.tk, 1
+vhumo.com, 1
+via-tygo.com, 1
+via1buynow.com, 1
+viabenefitsaccounts.com, 1
+viacar.com, 1
+viacdn.org, 1
+viacheslavpleshkov.com, 1
+viadennis.nl, 1
+viaelegancestore.com.br, 1
+viaeth.io, 1
+viafoura.com, 1
+viaggioincoppia.com, 1
+viaggivistos.com.br, 1
+viagraest.com, 1
+viagramarketim.com, 1
+viagramarketim.org, 1
+viagratop.tk, 1
+viagusto.pl, 1
+viajantecolorido.com.br, 1
+viajantesturismo.com, 1
+viajarconmascotas.pro, 1
+vialibido.com.br, 1
+vialorran.com, 0
+vialto.com, 1
+viamax.eu, 1
+viamilitaris.net, 1
+vianetplc.com, 1
+vianetz.com, 1
+vianica.com, 1
+viaon.net.br, 1
+viapajucara.com.br, 1
+viaprinto.de, 1
+viaprofit.tk, 1
+vias-ferratas.tk, 1
+viasinc.com, 0
+viato.fr, 1
+viaura.biz, 1
+viawave.tk, 1
+viba-sweets.de, 1
+vibaphoto.com, 1
+vibaphoto.fr, 1
+vibbslist.com, 1
+vibcon.com, 1
+vibehire.co.uk, 1
+vibeonline.tk, 1
+vibetribe.co.za, 1
+vibgyyor.com, 1
+vibioh.fr, 1
+vibox.co.uk, 1
+vibraagenciadigital.com.br, 1
+vibramycin100mg.tk, 1
+vibrato1-kutikomi.com, 1
+vibrolandia.com, 1
+vibromax.com, 1
+vibromax.net, 1
+vibromax.org, 1
+vicarious.cf, 1
+vicenez.agency, 1
+vicentaburon.tk, 1
+vicentejr.com.br, 1
+vicenterodriguez81.tk, 1
+vicentico.tk, 1
+vicenzatoday.it, 1
+vicescorts.ga, 1
+vicete.tk, 1
+vichiya.com, 1
+vichovska-vyhlidka.cz, 1
+vician.cz, 1
+vicicode.com, 1
+vicinityindustrial.com.au, 1
+vicioanimal.pt, 1
+viciousflora.com, 1
+viciousracing.tk, 1
+vicjuwelen-annelore.be, 1
+vickyflipfloptravels.com, 0
+vickyhundt.com, 1
+vickylarraz.tk, 1
+vickyoliver.tk, 1
+vicmatus.com, 1
+vico.vn, 1
+vicrea.nl, 1
+vicsancab.com, 1
+victimizer.tk, 1
+victora.com, 1
+victorblomberg.se, 1
+victorbuch.cf, 1
+victorc.net, 1
+victorcalvez.com, 1
+victorcanera.com, 1
+victorcarrasco.tk, 1
+victorcarwasher.com, 1
+victoreriksson.ch, 1
+victoreriksson.co, 1
+victoreriksson.es, 1
+victoreriksson.eu, 1
+victoreriksson.info, 1
+victoreriksson.me, 1
+victoreriksson.net, 1
+victoreriksson.nu, 1
+victoreriksson.org, 1
+victoreriksson.se, 1
+victoreriksson.us, 1
+victoreriksson.xyz, 1
+victorhawk.com, 1
+victorhorta.tk, 1
+victoria-clinic.ru, 1
+victoria-legis.ru, 1
+victoria.associates, 1
+victoriaartist.ru, 1
+victoriabeckham.tk, 1
+victoriacountytx.gov, 1
+victoriaharmandjieva.art, 1
+victoriait.com, 1
+victoriait.com.au, 1
+victoriamn.gov, 1
+victorianosaez.tk, 1
+victoriastudio.ru, 1
+victoriavalente.net, 1
+victoridaho.gov, 1
+victorique.moe, 1
+victorjacobs.com, 0
+victornet.de, 1
+victoroilpress.com, 1
+victorpelletmill.com, 1
+victorpericiales.com, 1
+victorricemill.com, 1
+victorrodriguez.ml, 1
+victorunix.com, 1
+victory.radio, 1
+victoryalliance.us, 1
+victorychurch.org.tw, 1
+victoryoutreach.org, 1
+victrays.com, 1
+victusrp.gq, 1
+vicugna.nl, 1
+vicyu.com, 1
+vidaliala.gov, 1
+vidanuevaparaelmundo.net, 1
+vidanuevaparaelmundo.org, 1
+vidaparalela.tk, 1
+vidapositiva.tk, 1
+vidarity.com, 1
+vidassemfronteiras.com, 1
+vidatantrica.com, 1
+vidawichi.tk, 1
+vidaxp.com, 1
+vidazoo.com, 1
+vidb.me, 1
+vidbooster.com, 0
+vidbuchanan.co.uk, 1
+vidcruiter.com, 0
+vide-dressing.org, 0
+vide-greniers.org, 0
+vide-maisons.org, 0
+videferre.tk, 1
+video-converter.com, 1
+video-lab.it, 1
+video-oldenburg.de, 1
+videoarcadia.cf, 1
+videoarcadia.ml, 1
+videocall.guide, 1
+videochatv.com, 1
+videochums.com, 1
+videoclean.fr, 1
+videoclipsex.com, 1
+videoclubhd.ga, 1
+videoclubhd.ml, 1
+videoconferencing.guide, 1
+videoebook.tk, 1
+videoeta.com, 1
+videoface.ru, 0
+videogameconsole.ir, 1
+videogamer.com, 1
+videogamerreader.tk, 1
+videogamers.com.ar, 1
+videogamesartwork.com, 1
+videograb.ga, 1
+videograb.ml, 1
+videoha.ml, 1
+videojet.com, 1
+videojuegos.com, 1
+videoload.co, 1
+videomail.io, 1
+videomaker.it, 1
+videomaniya.ml, 1
+videomarketermastery.com, 1
+videonika.tk, 1
+videopediablogs.tk, 1
+videopokerez.cf, 1
+videopornoitaliana.com, 1
+videoprikol.cf, 1
+videoprikoly.ga, 1
+videoregion.ru, 1
+videoremote.tk, 1
+videosengracado.ga, 1
+videoseyred.in, 1
+videoskaseros.com, 1
+videoskazka.tk, 1
+videospericos.tk, 1
+videosporno.life, 1
+videosporno.org, 1
+videot.tk, 1
+videotehnika.tk, 1
+videoueberwachung-set.de, 1
+videouroki.ml, 1
+videov.tk, 1
+videovt.tk, 1
+videozv.tk, 1
+videsk.io, 1
+videt-son.cf, 1
+videt-son.ml, 1
+videt-son.tk, 1
+vidimte.eu, 1
+vidiproject.com, 1
+vidister.de, 0
+viditour-golf.nl, 1
+viditour-zorg.nl, 1
+vidkovaomara.si, 1
+vidlen.com, 1
+vidlen.ru, 1
+vidlyoficial.com, 1
+vidooo.de, 1
+vidracariaembh.com, 1
+vidrop.me, 1
+vidtekno.com, 1
+vidulo.com, 1
+vidyamonk.com, 1
+viedecelibataire.fr, 1
+viega.at, 1
+viega.be, 1
+viega.ca, 1
+viega.ch, 1
+viega.co.uk, 1
+viega.com, 1
+viega.com.au, 1
+viega.cz, 1
+viega.de, 1
+viega.dk, 1
+viega.es, 1
+viega.fi, 1
+viega.fr, 1
+viega.hr, 1
+viega.hu, 1
+viega.in, 1
+viega.it, 1
+viega.lt, 1
+viega.lv, 1
+viega.mx, 1
+viega.nl, 1
+viega.no, 1
+viega.pl, 1
+viega.pt, 1
+viega.ro, 1
+viega.rs, 1
+viega.se, 1
+viega.sg, 1
+viega.si, 1
+viega.sk, 1
+viega.us, 1
+viekelis.lt, 0
+vielfalt.link, 1
+vielleserin.de, 1
+viemeister.com, 1
+viemontante.be, 0
+viennadancecrew.at, 1
+viennawi.gov, 1
+vientos.coop, 0
+vientosur.info, 1
+vieon.vn, 1
+viepixel.at, 1
+vierdaagsehotel.nl, 1
+vieref.eu, 1
+vierna.ga, 1
+vierpfeile.de, 1
+vierpluseins.wtf, 1
+vietconghackz.tk, 1
+vietdungit.vn, 0
+vietfes.asia, 1
+vietforum.ml, 1
+vietnam-fishing.com, 1
+vietnam-lifer.com, 1
+vietnam-tours.tk, 1
+vietnameselove.com, 1
+vietnamhairs.com, 1
+vietnamhost.vn, 0
+vietnamphotoblog.com, 0
+vietnamphotographer.net, 1
+vietnamtravelmart.com.vn, 1
+vietnamvisa.cf, 1
+vietnamvisa.ga, 1
+vietquan.net, 1
+viettelstore.vn, 1
+vietzzaune.de, 1
+vieux.pro, 1
+vievolution.tk, 1
+view-page-source.com, 1
+vieweb.tk, 1
+viewer.ga, 1
+viewflix.win, 1
+viewfreescore.com, 1
+viewing.nyc, 1
+viewpointsfromfacebook.com, 1
+viewsea.com, 1
+viewstub.com, 1
+viewzipcode.com, 1
+viez.vn, 1
+vifranco.cl, 1
+vifsoft.com, 1
+vigilanciatotal.com, 1
+vigilanciaysalud.com, 1
+vigilantesporcolombia.org, 1
+vigilanza.milano.it, 1
+vigilanza.roma.it, 1
+vigiles.nl, 1
+vigilo.cf, 1
+vigilo.ga, 1
+vigl.biz, 1
+vigliano.com, 1
+vigneshkumar.com, 1
+vignobles-querre.com, 1
+vignoblesdeletat.ch, 1
+vigo-krankenversicherung.de, 1
+vigo-select.de, 1
+vigoinvestments.com, 0
+vigorous.co.il, 1
+vigorspa.it, 1
+vigoxatelier.tech, 1
+vigrid.online, 1
+vigridpartiet.tk, 1
+vihaainfosoft.com, 1
+vihtahousu.fi, 1
+viikko.cf, 1
+viikko.eu, 1
+viikko.ga, 1
+viikko.gq, 1
+viikko.ml, 1
+viilup.com, 1
+viitanen.xyz, 1
+vijayam.ml, 1
+vijaymishra.tk, 1
+vijn.io, 1
+vijoe.org, 1
+vijverbenodigdheden.nl, 1
+vik.bio, 1
+vik.im, 1
+vikalpgupta.com, 1
+vikapaula.com, 1
+vikasinstitute.tk, 1
+vikaviktoria.com, 1
+vikc.ca, 1
+vikcdn.com, 1
+viki.com, 1
+viking-style.ru, 1
+viking-t.com, 1
+vikingconcretefloors.com, 1
+vikiwat.com, 1
+viko.ai, 1
+viko.co.uk, 1
+vikpage.com, 1
+vikramkulkarni.com, 1
+vikrantkakad.in, 1
+viksbergshr.se, 1
+viktor-chin-kon-sung.com, 1
+viktor-chin-kon-sung.nl, 1
+viktor-chin.com, 1
+viktor-chin.nl, 1
+viktorbarzin.me, 1
+viktorchin.com, 1
+viktorchin.nl, 1
+viktorchin.online, 1
+viktorchin.site, 1
+viktorchinkonsung.com, 1
+viktorchinkonsung.nl, 1
+viktorchinkonsung.online, 1
+viktorchinkonsung.site, 1
+viktoria-goo.com, 1
+viktoria-stube.de, 1
+viktorovi.cz, 1
+viktorprevaric.eu, 1
+viku.fi, 1
+vila-senov.cz, 1
+vila11.com.br, 1
+vilaanimalpetshop.com, 1
+vilabiamodas.com.br, 1
+viladelpingui.net, 1
+vilafloridacapivari.com.br, 1
+vilafrancaeagles.tk, 1
+vilamarija.tk, 1
+vilamoura-car-hire.com, 1
+vilans.nl, 1
+vilantice.cz, 1
+vilavilma.si, 1
+vilavyhlidka.cz, 1
+vilawatt.cat, 1
+vilaydin.com, 1
+vildlaithailand.cf, 1
+vildlaithailand.gq, 1
+vildlaithailand.tk, 1
+vilettecouvreur.fr, 1
+vilgain.at, 1
+vilgain.com, 1
+vilgain.de, 1
+vilgain.hu, 1
+vilgain.it, 1
+vilgain.pl, 1
+vilhe.com, 1
+vilhe.fi, 1
+vilhelmjunnila.fi, 1
+vilife.tk, 1
+viliravnjak.tk, 1
+viliv.com.co, 1
+villa-christina.com, 1
+villa-gockel.de, 1
+villa-luna.it, 1
+villa-ottone.net, 1
+villa-toscana.berlin, 1
+villablancaluarca.es, 1
+villablino.tk, 1
+villaboavida.nl, 1
+villacarralon.tk, 1
+villadelprado.tk, 1
+villaditirano.tk, 1
+villaespanola.tk, 1
+villafiore.com.br, 1
+villafrancis.org.sg, 1
+villagebridalbyomnibus.com, 1
+villagecardshop.co.uk, 1
+villagecenterpediatrics.com, 1
+villagemagazines.co.uk, 1
+villagenscamuria.it, 1
+villageofalbionny.gov, 1
+villageofallouezwi.gov, 1
+villageofalmondwi.gov, 1
+villageofarenawi.gov, 1
+villageofavocawi.gov, 1
+villageofbearlakemi.gov, 1
+villageofbellevuewi.gov, 1
+villageofcallawayne.gov, 1
+villageofcarbonhill-il.gov, 1
+villageofcascadewi.gov, 1
+villageofcascowi.gov, 1
+villageofcatskillny.gov, 1
+villageofcazenoviany.gov, 1
+villageofclaytonmi.gov, 1
+villageofclaytonwi.gov, 1
+villageofclymanwi.gov, 1
+villageofcolemanwi.gov, 1
+villageofcottagegrove.gov, 1
+villageofdousman.gov, 1
+villageofedenwi.gov, 1
+villageoffarwellmi.gov, 1
+villageofforestvillewi.gov, 1
+villageoffremontwi.gov, 1
+villageofgraftonwi.gov, 1
+villageofgrantsburg.gov, 1
+villageofhempsteadpdny.gov, 1
+villageofjacksonwi.gov, 1
+villageoflagrangeohio.gov, 1
+villageoflaurensny.gov, 1
+villageoflavallewi.gov, 1
+villageoflomira.gov, 1
+villageoflonerock-wi.gov, 1
+villageofluxemburgwi.gov, 1
+villageofmenandsny.gov, 1
+villageofmendonmi.gov, 1
+villageofmillerton-ny.gov, 1
+villageofmuirmi.gov, 1
+villageofmukwonago.gov, 1
+villageofnaponeene.gov, 1
+villageofnecedahwi.gov, 1
+villageofnewberlinny.gov, 1
+villageofoakdalewi.gov, 1
+villageofoakfieldwi.gov, 1
+villageofowegony.gov, 1
+villageofpalmyrailmacoupin.gov, 1
+villageofpewaukeewi.gov, 1
+villageofriverbendmo.gov, 1
+villageofsaukvillewi.gov, 1
+villageofsciooh.gov, 1
+villageofsheldonwi.gov, 1
+villageofsirenwi.gov, 1
+villageofstetsonvillewi.gov, 1
+villageofstockbridgemi.gov, 1
+villageofstockbridgewi.gov, 1
+villageoftheresawi.gov, 1
+villageoftikiisland.gov, 1
+villageofwales.gov, 1
+villageofwhitelaw-wi.gov, 1
+villageofwitheewi.gov, 1
+villagephysicians.com, 1
+villagesincrisis.tk, 1
+villageunique.com.br, 1
+villagevet.co.uk, 1
+villagevetcattery.co.uk, 1
+villagockel.de, 1
+villahistoria.ml, 1
+villainsclothing.com.au, 1
+villaismaelcortinas.uy, 1
+villakarma.at, 1
+villakiralik.com, 1
+villalmanzo.tk, 1
+villamenty.com, 1
+villanew.tk, 1
+villanyautosok.hu, 1
+villaparkil.gov, 1
+villapiknik.tk, 1
+villarica.gov, 1
+villas-parfumdemyrte.fr, 1
+villasdelbosque.com.gt, 1
+villasenor.online, 1
+villasfinistere.fr, 1
+villasforsale-bali.com, 1
+villasintrabali.com, 1
+villasupport.it, 1
+villaumbrales.tk, 1
+villavaltava.fi, 1
+villaville.com, 1
+villawirz.it, 1
+ville-ideale.fr, 1
+ville-vif.fr, 1
+villehardouin.fr, 1
+villek.fi, 1
+villekaaria.eu, 1
+villekautto.com, 1
+villenavedornon.fr, 1
+villerez.fr, 1
+villeroy-immobilier-sete.fr, 1
+villers-ecalles.fr, 1
+villesalonen.fi, 1
+villian.tk, 1
+villnoesser-tal.com, 1
+villu.ga, 1
+villu.stream, 1
+viload.org, 1
+vilostore.my.id, 1
+viltsu.net, 1
+vilvoordelaan.be, 1
+vima.ch, 0
+vimbom.tk, 1
+vimbowen.xyz, 1
+vimeo.com, 1
+vimeosucks.nyc, 1
+vimexx.nl, 1
+vimium.com, 1
+vimka.gq, 1
+vimoksa.com, 1
+vimworld.com, 1
+vinarstvimodryhrozen.cz, 1
+vinaygakhar.tk, 1
+vinaygarg.com, 1
+vinc.me, 1
+vinc.name.tr, 1
+vincehut.top, 1
+vincemumford.com, 1
+vincent-haupert.de, 1
+vincentcox.com, 0
+vincentdame.net, 1
+vincenticosmeticsurgery.tk, 1
+vincentiliano.tk, 1
+vincentpancol.com, 1
+vincentpo.tk, 1
+vincentsimon.de, 1
+vincentvdsluijs.nl, 1
+vincentwolsink.nl, 0
+vinceracing.tk, 1
+vincexpertconsulting.fr, 1
+vinci-archipel.com, 1
+vinci-foundation.com, 1
+vinci-gestion.com, 1
+vinci-gestion.fr, 1
+vinci-reassurance.com, 1
+vinci-vie.com, 1
+vinci-vie.fr, 0
+vinci-vie.net, 1
+vinci.gr, 1
+vinci.lt, 1
+vinci.lu, 1
+vincible.space, 1
+vinciconps4.it, 1
+vinciladislessia.it, 1
+vincitraining.com, 1
+vinciu.com, 1
+vincour.info, 1
+vindafrid.com, 1
+vindafrid.nu, 1
+vindafrid.se, 1
+vindelicum.eu, 1
+vindeurgent.ro, 1
+vindipoker.dk, 1
+vindnu.dk, 1
+vinduesgrossisten.dk, 1
+vineeth.uk, 1
+vineethavarma.com, 1
+vinehall.ie, 1
+vinelli.de, 1
+vinepower.co.nz, 1
+vineripenutrition.com, 1
+vinesauce.info, 1
+vineta.tk, 1
+vinetalk.net, 1
+vinetech.co.nz, 1
+vineyard-wash.com, 1
+vingahiss.se, 1
+vingt.me, 1
+vingtsuncoach.tk, 1
+vinhobros.de, 1
+vinhomes.tv, 1
+vinhomesonline.com, 1
+vinhosdoalentejo.pt, 1
+vinicius.sl, 1
+viniciuscosta.tk, 1
+vinigas.com, 1
+vinihk.com, 0
+vinilart.com, 1
+vinilosdecorativos.net, 1
+vinistas.com, 1
+vinit.tk, 1
+vinnellarabia.com, 1
+vinner.com.au, 0
+vinnie.gq, 1
+vinny.tk, 1
+vinnyvidivici.com, 1
+vinodoc.cz, 1
+vinoffice.vn, 1
+vinohradiv.tk, 1
+vinokourovnet.tk, 1
+vinokurov.tk, 0
+vinolli.de, 1
+vinopan.de, 1
+vinorossoconero.com, 1
+vinoshipper.com, 1
+vinovum.net, 1
+vinoxo.in, 1
+vinsation.com, 1
+vinsetchampagne.fr, 0
+vinsonfinancials.tk, 1
+vinstafood.com, 1
+vintageaudio.tk, 1
+vintagebandfestival.org, 1
+vintagecarparts.co.uk, 1
+vintagecaskandbarrel.com, 1
+vintagecommerce.it, 1
+vintagejeeps.net, 1
+vintagemakeupguide.com, 1
+vintageportgifts.co.uk, 1
+vintagestock.com, 1
+vintagetoydepot.tk, 1
+vintagetrailerbuyers.com, 1
+vintagewedding.tk, 1
+vintazh.net, 1
+vintizen.com, 1
+vintom.com, 1
+vintonia.gov, 1
+vinumenu.com, 1
+vinyl-digital.com, 1
+vinylbasement.tk, 1
+vinylfencestlouis.com, 1
+vinzer.tk, 1
+vinzite.com, 1
+violapiekut.com, 1
+violarenate.com, 1
+violetfairy.tk, 1
+violetraven.co.uk, 1
+violettecleaning.be, 1
+violifefoods.com, 1
+violin4fun.nl, 1
+vionicbeach.com, 1
+vionicshoes.com, 1
+vionity.co, 1
+viosey.com, 1
+vioye.com, 1
+vip-6132.com, 1
+vip-agency-escort.com, 1
+vip-banner.tk, 1
+vip-moda.ga, 1
+vip-sauna.tk, 1
+vip-soski.tk, 1
+vip-ssl.com, 1
+vip-transfer.by, 1
+vip00228.com, 0
+vip11018.com, 0
+vip2132.com, 1
+vip22884.com, 0
+vip33138.com, 0
+vip4553.com, 1
+vip45bet365.com, 0
+vip5132.com, 1
+vip5414.com, 1
+vip6132.com, 1
+vip77018.com, 0
+vip8522.com, 1
+vipaairportsp3.gov, 1
+vipartneriai.lt, 1
+vipcan.com, 1
+vipdirektolog.ru, 0
+vipenvia.com.br, 1
+viper-drones.com, 1
+vipertechnology.com.br, 1
+vipesball.me, 1
+vipesball.net, 1
+vipfitter.com, 1
+vipframesandtrusses.co.nz, 1
+vipgalant.ru, 1
+viphackers.tk, 1
+vipi.es, 1
+vipkit.com, 1
+vipku.ru, 1
+viplata-mgnovenno.ml, 1
+viplc4.com, 0
+viplc6.com, 0
+viplc68.com, 1
+viplc98.net, 1
+vipline.me, 1
+viplive.tk, 1
+vipllcnj.com, 1
+vipmdh.com.ua, 1
+vipmercedes.by, 1
+viporiflame.tk, 1
+vippclub.be, 1
+viprsolutions.com, 1
+vipsauna.gq, 1
+vipsexvault.com, 1
+vipshop.ga, 1
+vipsibir.cf, 1
+vipstat.pl, 1
+viptravel.tk, 1
+vipturismo-europa.com, 1
+vipus.gq, 1
+vipuser.info, 1
+vipw6600.com, 0
+vipw6603.com, 1
+vipw6606.com, 0
+vipw6608.com, 0
+vir-tec.eu, 0
+vir2.me, 1
+virajtharinda.tk, 1
+viral-loops.com, 1
+viral32111.com, 1
+virala.tk, 1
+viralboombox.xyz, 1
+viralhua.com, 1
+viralinsurance.ga, 1
+viraljobs.ga, 1
+viraloffer.ga, 1
+viralpagi.com, 1
+viralrakyat.com, 1
+viralsv.com, 1
+viraltalky.com, 1
+viraltech.cf, 1
+viralted.ml, 1
+viraltobuzz.tk, 1
+viraltube.my, 1
+viralvids.gq, 1
+viraly.me, 1
+viran-khodro.tk, 1
+virazh58.tk, 1
+virbex.com, 1
+vircloud.net, 1
+virga.pp.ua, 1
+virgi.tk, 1
+virgil.gg, 1
+virgilsecurity.com, 1
+virginiaabc.gov, 1
+virginiabeachcoolsculpting.com, 1
+virginiagardens-fl.gov, 1
+virginiahealth.tk, 1
+virginiaisgoingsolar.com, 1
+virginiamnpd.gov, 1
+virginiedelmas.fr, 1
+virginietessier.fr, 1
+virginitychecker.ga, 1
+virginized.tk, 1
+virginpulse.us, 1
+virgintears.tk, 1
+virgontech.tk, 1
+virgosecurity.com.au, 1
+virgulazero.com.br, 1
+viridis-milites.cz, 1
+virima.com, 1
+viris.si, 1
+virkhost.com, 1
+virostack.com, 1
+virot.eu, 1
+virtasktic.com, 1
+virtbaza.cf, 1
+virtit.fr, 1
+virtlinux.eu, 1
+virtola.ml, 1
+virtua.com.tr, 1
+virtuaal.com, 1
+virtual-assistant.ml, 1
+virtual-data-room.org, 1
+virtual-dba.com, 1
+virtual-insanity.tk, 1
+virtual-webcam.com, 1
+virtualarkansas.org, 1
+virtualbrands.com, 0
+virtualbrestby.tk, 1
+virtualbruges.tk, 1
+virtualchecker.com, 1
+virtualcitehuallaga.com, 1
+virtualcity.tk, 1
+virtualcloud.ddns.net, 1
+virtualcommodities.org, 1
+virtualcomputer.ml, 1
+virtualdesign.tk, 1
+virtualdesignmedia.com, 1
+virtualedge.org, 1
+virtualgovernance.tk, 1
+virtualgraffiti.com, 1
+virtualhawaii360.com, 1
+virtualife.tk, 1
+virtuality4d.com, 1
+virtualization-online.org, 1
+virtuallanding.com, 1
+virtuallifestyle.nl, 1
+virtuallypilates.com, 1
+virtualmachine.tk, 1
+virtualmemento.tk, 1
+virtualmt2.pl, 1
+virtualnet.ec, 1
+virtualpavilion.co, 1
+virtualpiano.net, 1
+virtualprom.tk, 1
+virtualroad.org, 1
+virtualsanity.com, 1
+virtualscoutschool.com, 1
+virtualsex.ga, 1
+virtualshell.ml, 1
+virtualtabletop.io, 1
+virtualvaults.com, 0
+virtualx.de, 1
+virtubox.net, 1
+virtubroker.com.mx, 1
+virtuele-dataroom.nl, 1
+virtueturkey.ga, 1
+virtuology.com, 1
+virtus-group.com, 1
+virtusaero.com, 0
+virtwen.com, 1
+virty.cz, 1
+virus.pm, 1
+virusah1n1.com, 1
+virusdelebola.com, 1
+virusmousepads.tk, 1
+virusprotect.ro, 1
+virusquery.com, 1
+virutasjamon.com, 1
+visa-master.tk, 1
+visacentre.pk, 1
+visadaifu.com, 0
+visafruit.com, 1
+visale.fr, 1
+visalia.gov, 1
+visaliafarmersmarket.com, 0
+visalist.io, 1
+visalogy.com, 1
+visaop.com, 1
+visapourailleurs.fr, 0
+visapro.com, 1
+visapro.me, 1
+visaprolaw.com, 1
+visarewardprogramplatform.com, 1
+visartdecor.com.ua, 1
+visasofoz.com, 1
+visatime.info, 1
+visatitans.ae, 1
+visatitans.ca, 1
+visatitans.co.uk, 1
+visatitans.com, 1
+visavtodor.ru, 1
+visaxplorer.com, 1
+visaya.com.co, 1
+visceralsound.ca, 1
+viscoelastico.com.br, 1
+visconde-de-maua.com.br, 1
+viscondedemaua.com.br, 1
+viscondedemauapousadas.com.br, 1
+viscopic.com, 1
+vise.com, 0
+visegradieskuvo.hu, 1
+visegradtours.hu, 1
+viseum.co.uk, 1
+visforvaccinated.gov, 1
+vishenka.tk, 1
+vishnujyothi.co.uk, 1
+vishwashantiyoga.com, 1
+visibleone.com, 1
+visiblethoughts.co.uk, 1
+vision-du-net.com, 1
+vision-net.ie, 1
+vision-painting.com, 0
+vision2005.tk, 1
+visionamp.com, 1
+visionations.com, 1
+visioncenter.org, 1
+visioncloud.tk, 1
+visioncraftinc.com, 1
+visiondetails.ru, 1
+visiondigitalpe.com, 1
+visiondigitalsog.com, 1
+visiondrivers.com, 0
+visioned.net, 1
+visioneducation.tk, 1
+visionexpress.com, 1
+visionexpress.ie, 1
+visiongamestudios.com, 1
+visioniot.com, 1
+visionlearning.com, 1
+visionnissancanandaiguaparts.com, 1
+visionnocturne.tk, 1
+visionoscope.org, 1
+visionpeak.net, 1
+visionproductssoutheast.com, 1
+visionr.com, 1
+visionsc.co.uk, 1
+visionsofmysoul.com, 1
+visiontaiwan.info, 1
+visionthroughknowledge.com, 1
+visiontree-beta.eu, 1
+visionunit.ch, 1
+visionwow.ai, 1
+visionxcreative.gq, 1
+visionzerocfl.gov, 1
+visionzeroreporting.com, 1
+visiquate.com, 1
+visit-sanbenedettodeltronto.it, 1
+visit-thailand.tk, 1
+visit.gent, 1
+visit.natal.br, 1
+visitafuengirola.es, 1
+visitafuengirola.ru, 1
+visitaltai.info, 1
+visitationbvm.net, 1
+visitazores.com, 1
+visitbangkoktravel.com, 1
+visitbelfast.com, 1
+visitbinghamton.org, 1
+visitcambridgeshirefens.org, 1
+visitcamden.com.au, 1
+visitcmafest.com, 1
+visitconwaysc.gov, 1
+visitdubai.com, 1
+visiter-tunis.tk, 1
+visitgaribaldi.gov, 1
+visitgent.be, 1
+visitgent.eu, 1
+visitghent.be, 1
+visitghent.eu, 1
+visithuntingtonwv.org, 1
+visitinvernesslochness.com, 1
+visitislandpond.com, 1
+visitkeralaadventure.org, 1
+visitmaine.com, 1
+visitmexico.com, 1
+visitmorelos.mx, 1
+visitnamibia.net, 1
+visitnewcastle.com.au, 1
+visitoractivities.com, 1
+visitorguard.com, 1
+visitorsguide.is, 1
+visitorslist.com, 1
+visitosalnes.com, 1
+visitpare.com, 0
+visitrainscounty.com, 1
+visits.ga, 1
+visits.tk, 1
+visitsights.com, 1
+visitsights.de, 1
+visitstegen.com, 1
+visitsugartown.com, 1
+visittartu.com, 0
+visittci.com, 1
+visitthematrix.tk, 1
+visituzbekistan.tk, 1
+visitvalenca.com, 0
+visitwv.com, 1
+visitzug.ga, 1
+visma-apps.com, 1
+vismaverzuim.com, 1
+visomdm.com, 1
+visometry.com, 1
+visor.ph, 1
+visordown.com, 1
+visoundcloud.com, 1
+vissanum.com, 1
+visscher.codes, 1
+vista-calculator.ru, 1
+vista-research-group.com, 1
+vista.gov, 1
+vistaalegre.com, 1
+vistaalmar.es, 1
+vistacampus.gov, 1
+vistamatic.eu, 1
+vistapaket.com.ua, 1
+vistapoquei.com.br, 1
+vistastylebuilder.com, 0
+vistb.me, 1
+vistec-support.de, 1
+vistmagazine.com, 1
+visu.li, 1
+visual-cockpit.com, 0
+visual-concept.net, 1
+visual-conversion.com, 1
+visual-design.cf, 1
+visual-dreams.de, 1
+visualdrone.co, 1
+visualetiquetas.art.br, 1
+visualforce.com, 1
+visualgnome.com, 1
+visualizing.info, 1
+visuall.be, 1
+visualmarketingdeals.com, 1
+visualmasters.nl, 1
+visualstories.com, 1
+visualtec.host, 1
+visudira.com, 1
+visunext.de, 1
+visuri.de, 1
+visware.com, 1
+visyeva.hu, 1
+vita-transmr.de, 1
+vitaalcheck.nl, 1
+vitaalfitcoaching.nl, 1
+vitabrillanti.com, 0
+vitaclinicliverpool.co.uk, 1
+vitacore.ru, 1
+vitaerotaksi.ru, 1
+vitafybrands.de, 1
+vitahook.pw, 1
+vitahost.ml, 1
+vitakov.tk, 1
+vital-heart.com, 1
+vital.help, 1
+vital.no, 1
+vitalamin.at, 1
+vitalamin.ch, 1
+vitalchoice.com, 1
+vitalhealthandbeauty.co.uk, 1
+vitalia.cz, 1
+vitaline.uz, 1
+vitalismaatjes.nl, 1
+vitalitymedcenters.com, 0
+vitalityscience.com, 0
+vitaliyshepotkov.tk, 1
+vitallearning.dk, 1
+vitallearning.ee, 1
+vitallearning.eu, 1
+vitallearning.no, 1
+vitallearning.se, 1
+vitallife.com, 1
+vitallispsy.be, 1
+vitallispsy.com, 1
+vitallispsy.de, 1
+vitallispsy.eu, 1
+vitallispsy.nl, 1
+vitalpraxis-lietz.de, 1
+vitalshop.tk, 1
+vitalsolutions.ro, 1
+vitalthings.de, 1
+vitalware.com, 1
+vitalyzhukphoto.com, 1
+vitamaxxi.com.br, 1
+vitamedgroup.com, 1
+vitamina.cl, 1
+vitamina.com, 1
+vitaminas.me, 1
+vitaminegeszseg.hu, 1
+vitaminka.tk, 1
+vitaminmovie.ga, 1
+vitaminoutlet.net, 1
+vitamixromania.ro, 1
+vitanetonline.com, 1
+vitapingu.de, 1
+vitario.eu, 1
+vitastic.nl, 1
+vitavarese.tk, 1
+vitavista.health, 1
+vitavista.io, 1
+vitay.pl, 1
+viteleaf.com, 1
+viteoscrm.ch, 0
+viterbio.com, 1
+viterboonair.tk, 1
+viteuneexcuse.io, 1
+vitikit.com, 1
+vitkausk.as, 1
+vitlproducts.com, 1
+vitman.tk, 1
+vitoye.com, 1
+vitra-showrooms.co.uk, 1
+vitra-vcare.co.uk, 1
+vitrade.de, 1
+vitrado.de, 1
+vitrinachasov.cf, 1
+vitrineenligne.com, 1
+vitromex.tk, 1
+vitron.ru, 1
+vitsearch.link, 1
+vitto.tk, 1
+vittoria-conseil.com, 1
+vittoria-web.com, 1
+vittoria.consulting, 1
+vittoria.pro, 1
+vittoria.run, 1
+vittoria.studio, 1
+vittoria.tech, 1
+vittoriaconseil.com, 1
+vitucho.tk, 1
+vitus-meppen.de, 1
+viv.fi, 1
+viva.ro, 1
+viva.ua, 1
+viva2000.com, 1
+vivablogger.com, 1
+vivabraslav.ga, 1
+vivace.parts, 1
+vivachile.tk, 1
+vivaconagua.org, 1
+vivagy.com, 1
+vivahome.tk, 1
+vivaio.roma.it, 1
+vivaiocolombo.com, 1
+vivalacloud.ru, 1
+vivalajack.de, 1
+vivaldi.club, 1
+vivaldi.com, 1
+vivaldi.net, 1
+vivaleisure.com.au, 1
+vivaleisure.group, 1
+vivamortgage.tk, 1
+vivanosports.com.br, 0
+vivapharma.net, 1
+vivas.cf, 1
+vivas.gq, 1
+vivas.ml, 1
+vivas.tk, 1
+vivat.de, 1
+vivatbet.com.ee, 1
+vivatbet.ee, 1
+vivatechnology.com, 1
+vivates.tk, 1
+vivavox.es, 1
+vivavox.tk, 1
+vive.com, 0
+vive.link, 1
+vivediabetes-sanamente.com, 1
+vivekanandaspokenenglish.com, 1
+vivekparekh.ca, 1
+vivekselvakumar.ga, 1
+vivelawir.eu, 1
+vivemedialab.com, 1
+vivemercadosaludable.com, 1
+vivemontecarlo.tk, 1
+vivendi.de, 1
+vivendoapalavra.org, 1
+vivendoderendananet.com.br, 1
+viveoriginals.com, 1
+viveport.com, 1
+viveportal.com, 1
+viveras.ch, 1
+viveremediglia.tk, 1
+viverse.com, 1
+viverstp.net, 1
+vivesaludableconomnilife.com, 1
+vivetoluca.com, 1
+vivezlaromate.com, 1
+vivi.fyi, 0
+vivi.zone, 0
+vivian.tk, 1
+vivianaball.ro, 1
+vivianadavila.com, 1
+vivianargiriou.gr, 0
+vivianlms.ga, 1
+vivianmaier.cn, 1
+vivichannel.tk, 1
+vivid-academy.com, 1
+vivide.re, 1
+vividinflatables.co.uk, 1
+viviendacoomeva.com, 1
+viviennelinettevandenassem.tk, 1
+viviennevandenbos.nl, 1
+vivimasverde.com.ar, 1
+vivirenelmundo.com, 1
+vivirenelpoblado.com, 1
+vivo.cam, 1
+vivo.vn, 0
+vivoitaliankitchen.com, 1
+vivoldi.com, 1
+vivos.co.il, 1
+vivoseg.com, 0
+vivreenisrael.com, 1
+vivun.com, 1
+vivy.com, 1
+viwsec.com.br, 1
+vixlum.com, 1
+vixonline.com.br, 1
+vixrapedia.org, 1
+viyf.org, 1
+viyoga.co, 1
+vizantia.tk, 1
+vize.ai, 0
+vizedia.ga, 1
+vizierdata.ca, 1
+vizion.com, 1
+vizional.com, 0
+vizirinvestimentos.com, 1
+vizit-obmen.tk, 1
+vizit.ml, 1
+vizit.tk, 1
+vizitfree.ml, 1
+vizitnik.tk, 1
+vizmart.ml, 1
+vizyonpara.com, 1
+vizzarragrup.com, 1
+vjeff.com, 1
+vjeff.net, 1
+vjk.dk, 1
+vjn.ee, 1
+vjqlifestyle.com, 1
+vjshi.xyz, 0
+vjshop.vn, 1
+vjuliano.net, 1
+vk-agent.ru, 1
+vk-group.com, 1
+vk-k.com, 1
+vk-random.ml, 1
+vk-srv.ru, 1
+vk.group, 1
+vk.nl, 1
+vk09.ru, 1
+vk1fj.net, 1
+vk2.net, 1
+vkarpaty.tk, 1
+vkavkaz.tk, 1
+vkb-remont.ru, 1
+vkcombo.ru, 1
+vkennke.org, 1
+vkfaces.com, 1
+vkfish.ga, 1
+vkflac.tk, 1
+vkg.nl, 0
+vkgroup.az, 1
+vkh-online.de, 1
+vkikaku.com, 0
+vkino.com, 0
+vkino.ml, 1
+vkirichenko.name, 1
+vkirienko.com, 1
+vklikers.tk, 1
+vkolledzhe.tk, 1
+vkontakte-poisk.ru, 1
+vkox.com, 1
+vkrutilca.tk, 1
+vksportphoto.com, 1
+vkst-field-trials.dk, 1
+vkstaticcdn.ru, 1
+vkstaticcontent.ru, 1
+vkstream.tk, 1
+vkulagin.ru, 1
+vkusercontent.ru, 1
+vkusniy.shop, 1
+vkusnyashka.tk, 1
+vkustradicii.com.ua, 1
+vkusvill.ru, 1
+vl.cloudns.cc, 1
+vl9.de, 1
+vlaamsegemeenschap.tk, 1
+vlaamsetollers.tk, 1
+vlaardingen-enzo.tk, 1
+vlachoshome.com, 1
+vladgazeta.gq, 1
+vladikavkaz-city.tk, 1
+vladimir-chanaev.pro, 1
+vladimir.ml, 1
+vladimirbatrakov.tk, 1
+vladimirchernyshov.ml, 1
+vladimirkarpets.tk, 1
+vladimirovka.ml, 1
+vladimirpenev.tk, 1
+vladivostok-city.tk, 1
+vladivostok.cf, 1
+vladivostok.tk, 1
+vladivostokportal.tk, 1
+vladmoraru.org, 1
+vladreview.com, 1
+vladsfads.com, 1
+vladwp.com, 1
+vlaggen-landen.nl, 1
+vlajo.org, 1
+vlak.hr, 1
+vlakem.net, 1
+vlance.gq, 1
+vlasov.ml, 1
+vlasova-sova.ml, 1
+vlccrussia.ru, 1
+vlci-doupe.cz, 1
+vldkn.net, 1
+vldz.co, 1
+vle.lt, 1
+vleague.tk, 1
+vleesbesteld.nl, 1
+vleij.com, 0
+vleij.family, 1
+vleij.se, 1
+vleo.me, 1
+vlh.dk, 1
+vliegendklokske.com, 1
+vliegherrie.nl, 1
+vlijmscherrup.tk, 1
+vlike.ml, 1
+vlissingse-oratoriumvereniging.nl, 1
+vlndc.org, 1
+vlnv.ca, 1
+vloeck.de, 1
+vloggerfaire.com, 1
+vloggerspace.tk, 1
+vlos.com.pl, 1
+vlovgr.se, 1
+vltonline.org, 1
+vlzbazar.ru, 1
+vm-0.com, 1
+vm.co.mz, 0
+vm.ee, 0
+vm0.eu, 1
+vm88.top, 0
+vmagadane.tk, 1
+vmath.my.id, 1
+vmautorajkot.com, 1
+vmaxleclub.com, 1
+vmc.co.id, 1
+vmccnc.com, 1
+vmconnected.co.uk, 1
+vmedia.ca, 1
+vmf365.tk, 1
+vmgirls.com, 0
+vmhydro.ru, 0
+vmis.nl, 1
+vmlze.cz, 1
+vmm.pw, 1
+vmninja.io, 1
+vmoagents.com, 0
+vmock.com, 1
+vmoe.info, 1
+vmotosoco.lv, 0
+vmst.io, 1
+vmsurgery.org, 1
+vmug.pl, 1
+vmurmanske.tk, 1
+vn.search.yahoo.com, 0
+vn58.com, 1
+vnanet.vn, 1
+vnctdj.fr, 1
+vnd.cloud, 1
+vndb.org, 1
+vneftekamske.tk, 1
+vnetboard.com, 1
+vnikolaev.tk, 1
+vnlfrk.com, 1
+vnministries.org, 1
+vnovosibirske.tk, 1
+vns168.vip, 0
+vns377c.com, 0
+vns377d.com, 0
+vns377e.com, 0
+vns377f.com, 0
+vns377g.com, 0
+vns377h.com, 0
+vns377i.com, 0
+vns377j.com, 0
+vns3780.com, 1
+vns5020.com, 0
+vns5151.com, 0
+vns5353.com, 0
+vns5656.com, 1
+vns5757.com, 0
+vns5858.vip, 1
+vns5959.com, 0
+vns6161.com, 0
+vns6262.com, 0
+vns6363.com, 0
+vns6565.com, 0
+vns6767.com, 0
+vns68611.com, 0
+vns68655.com, 1
+vns68669.com, 1
+vns6868.com, 0
+vns6868.vip, 1
+vns68722.com, 1
+vns6969.com, 0
+vnsc.org, 1
+vnumngr.com, 1
+vnxf.vn, 1
+vnya.loan, 1
+vo-vse-tyajkie.online, 1
+voatz.com, 1
+vobe.io, 1
+vobis.pl, 1
+vocably.de, 1
+vocaloid.my, 1
+vocalviews.com, 1
+vocationaujourdhui.fr, 1
+vocationnetwork.org, 1
+vocomo.de, 1
+voctto.com.br, 1
+vocus.aero, 1
+vocustest.aero, 1
+vod.uk.com, 0
+vodadombay.cf, 1
+vodafone.com.gh, 1
+vodavoda.tk, 1
+vodb.org, 1
+voddinteriors.com, 1
+vodicak.info, 1
+vodicaknapocitac.sk, 1
+voditel.ua, 1
+vodix.nl, 1
+vodpay.com, 1
+vodpay.net, 1
+vodpay.org, 1
+voeding-en-fitness.nl, 1
+voetbalclubinfo.tk, 1
+voetbalforum.tk, 1
+voetbalindestad.be, 1
+voetbaloptv.nl, 1
+voetbalwedden.net, 1
+voetfit47.nl, 1
+voetpunttwente.nl, 1
+voeux.io, 0
+voevm.at, 0
+voevodin.tk, 1
+vofem.ru, 1
+voffka.com, 1
+vofwittenbergwi.gov, 1
+vofy.cz, 1
+vogel-verhuizingen.nl, 1
+vogelbus.ch, 1
+vogelwereld.tk, 1
+vogler.name, 1
+vogt.sh, 1
+vogt.works, 1
+vogue.co.uk, 1
+vogue.cz, 1
+vogue.gr, 1
+voguefabricsstore.com, 1
+voguefrontier.tk, 1
+voi.ch, 1
+voice-of-design.com, 1
+voice-pic.com, 1
+voice.gov.au, 1
+voicedata.tk, 1
+voicemaker.in, 1
+voicenation.com, 1
+voiceofcricket.tk, 1
+voiceofserbia.tk, 1
+voicesoflabor.com, 1
+voicesofspirit.at, 1
+voicesuk.co.uk, 1
+voicu.ch, 0
+voidancerecords.com, 1
+voidbbs.com, 1
+voidbits.io, 1
+voidbot.ai, 1
+voidcore.org, 1
+voide.club, 1
+voidge.cf, 1
+voidhacker.com, 1
+voidi.ca, 1
+voidma.in, 1
+voidpay.com, 1
+voidpay.net, 1
+voidpay.org, 1
+voidx.top, 1
+voigt-it.solutions, 1
+voimix.ee, 1
+voinuocsago.com, 1
+voinuocthienmy.com, 1
+voipforbusiness.tk, 1
+voiretmanger.fr, 1
+voiretrevu.ca, 1
+voirfilms.live, 1
+voitolla.com, 1
+voivoinfotech.com, 1
+voix-bien-etre.com, 0
+vojenshandicap.dk, 1
+vojtat.cz, 1
+vokabl.io, 1
+vokabula.com, 0
+vokativy.cz, 1
+vokieciupamokos.lt, 1
+vokimberlywi.gov, 1
+vokov.ml, 1
+vokrug.ga, 1
+vokurka.net, 1
+vokzalkursk.ru, 1
+vokzalperm.ru, 1
+volant.digital, 0
+volantinaggioaroma.it, 1
+volarikcapital.eu, 1
+volatile.pw, 1
+volatilesystems.org, 1
+volatilethunk.com, 1
+volatiliza.ga, 1
+volatimer.com, 1
+volcain.io, 1
+volcanconcretos.com, 1
+volcano-kazan.ru, 1
+volcano-spb.ru, 1
+volcano-ug.ru, 1
+volcano-vts.ru, 1
+volcano-x.ru, 1
+volcano.lt, 1
+volcano24.ru, 1
+volcano75.ru, 1
+volcanov.ru, 1
+volchara.tk, 1
+volebnipruzkum.eu, 1
+volga.us, 0
+volgar.name, 1
+volgares.ru, 1
+volgavibes.ru, 0
+volgograd-34.tk, 1
+volgograd-privolzskiy.ga, 1
+volgograd34.tk, 1
+volha.tk, 1
+volichat.com, 1
+volin.tk, 1
+volk.ga, 1
+volk.gq, 1
+volkanyilmaz.com.tr, 1
+volker-gropp.de, 1
+volkergropp.de, 1
+volkerwesselstransfer.nl, 1
+volkerwesselswave.nl, 0
+volki.ga, 1
+volki.ml, 1
+volkov.ga, 1
+volksbaufi.de, 1
+volksbaugeld.de, 1
+volksbauzins.de, 1
+volkshypothek.de, 1
+volkskrant.nl, 1
+volkstuinwaregem.tk, 1
+volksvorschlagpmar.ch, 1
+volkswagen.io, 1
+volkswagengolf.tk, 1
+volkswagenmiennam.com.vn, 1
+volkswagensaigon.com.vn, 1
+volkswagensaigon.net, 0
+volkswurst.de, 1
+vollenberg.ca, 1
+volleyballcityofpreston.tk, 1
+volleyballnews.tk, 1
+volleyfreaks.tk, 1
+volleypatos.tk, 1
+vollmondstollen.de, 1
+volnamobile.ru, 1
+volochaevskiy.tk, 1
+volochisk.tk, 1
+voloder.net, 1
+voloevents.com, 1
+vologda-city.ga, 1
+vologda-city.tk, 1
+volosi.cf, 1
+volosi.tk, 1
+voloskova.ru, 1
+volqanic.com, 1
+volreinsistemas.com, 1
+volshebniki.ua, 1
+volt.fm, 1
+volta.io, 1
+voltageelectricity.tk, 1
+voltahurt.pl, 1
+voltainsite.com, 1
+voltarengelprice.tk, 1
+voltarengeneric.tk, 1
+voltcloud.net, 1
+voltfloyd.com, 1
+volthemes.com, 1
+voltiac.ml, 1
+volto.io, 1
+voltrix.net, 1
+volubilisplus.fr, 1
+volunka.ml, 1
+volunteerham.com, 1
+volunteerhere.ga, 1
+volunteers.tk, 1
+volunteertherealuganda.com, 1
+voluntourism.ga, 1
+volusia.gov, 1
+volusiaelections.gov, 1
+volusiasheriff.gov, 1
+volusiavotes.gov, 1
+volvo1800es.tk, 1
+volvoconnect.com, 1
+vom-achterhof.de, 1
+vomitoxin.ga, 1
+vommu.be, 1
+vomsee.eu, 1
+von-haselberg.de, 1
+vonauw.com, 0
+vonborstelboerner.de, 1
+vonckers.tk, 1
+voncurr.com, 1
+vondenstein.com, 1
+vonfurstenrechtstables.nl, 1
+vonimus.com, 1
+vonitsanet.gr, 1
+vonjohanson.de, 1
+vonkuenheim.de, 1
+vonniehudson.com, 1
+vonpawn.com, 1
+vonski.pl, 1
+vonsponneck.tv, 1
+vonsuri.com, 1
+voodoobeginner.com, 1
+voodoocat.cf, 1
+voodooshaman.com, 1
+vookstock.tk, 1
+voolik.pw, 1
+voom.pt, 1
+voorde.lol, 1
+vooreenveiligthuis.nl, 0
+voornaam-at-achternaam.be, 1
+vooruitmetjevereniging.nl, 1
+vooxia.xyz, 1
+vop.li, 1
+voprosnik.gq, 1
+voprosownet.tk, 1
+voquent.com, 1
+vorbrodt.blog, 1
+vorderklier.de, 1
+vorkbaard.nl, 1
+vorlage-musterbriefe.de, 1
+vorlage-mustervertrag.de, 1
+vorlagen-geburtstagsgruesse.de, 1
+vorlif.org, 1
+vorlonempire.org, 1
+vorm2.com, 1
+vorona.tk, 1
+vort-x.com.my, 1
+vortari.tk, 1
+vorte.ga, 1
+vortexhosting.ga, 1
+vortix.tk, 1
+vos-fleurs.ch, 1
+vos-fleurs.com, 1
+vos-systems.com, 1
+vos-systems.es, 1
+vos-systems.eu, 1
+vos-systems.net, 1
+vos-systems.org, 1
+vos.directory, 1
+vosges-tourisme.net, 1
+vosgym.jp, 1
+vosjesweb.nl, 1
+vosk-cream.tk, 1
+vosn.de, 1
+voss-klinik.com, 1
+voss-zaehne.com, 1
+voss-zaehne.de, 1
+vosselaer.com, 1
+vosser.de, 1
+vostok-zapad54.ru, 1
+vostronet.com, 1
+vot-tak-vot.tk, 1
+votajeffcoco.gov, 1
+votan.cf, 1
+vote.gov, 1
+vote.nz, 1
+vote.org, 1
+votealachua.gov, 1
+votebradfordfl.gov, 1
+votebrevard.gov, 1
+votebymail.gov, 1
+votecalhounfl.gov, 1
+votechestercountytn.gov, 1
+votecitrus.gov, 1
+voteclaycountymo.gov, 1
+votecolumbiafl.gov, 1
+votedenton.gov, 1
+votefloydva.gov, 1
+votefranklinfl.gov, 1
+voteglades.gov, 1
+votegulf.gov, 1
+votehamiltoncountyohio.gov, 1
+votehighlands.gov, 1
+votehillsborough.gov, 1
+voteidaho.gov, 1
+voteindianriver.gov, 1
+votejacksonfl.gov, 1
+votejeffcoco.gov, 1
+votekansas.gov, 1
+voteks.gov, 1
+votelevy.gov, 1
+votemarion.gov, 1
+votemate.org, 1
+votemt.gov, 1
+votenassaufl.gov, 1
+voteokaloosa.gov, 1
+voteokeechobee.gov, 1
+voteosceola.gov, 1
+votepalmbeach.gov, 1
+votepinellas.gov, 1
+voter-info.uk, 1
+voterconnect.ie, 1
+voterockfordil.gov, 1
+votes-reu.ml, 1
+votesantarosa.gov, 1
+votescotttn.gov, 1
+voteseminole.gov, 1
+votesjc.gov, 1
+votetomgreencounty.gov, 1
+voteurl.cf, 1
+votewa.gov, 1
+votewalton.gov, 1
+votocek.cz, 0
+votockova.cz, 0
+votoot.com, 1
+votre-agence-web.com, 1
+votre-hotel.com, 1
+votrepolice.ch, 0
+votresiteweb.ch, 0
+votrespace.ca, 1
+vouchers4u.com, 1
+voucherx.co.uk, 1
+vought-vip.com, 1
+vous-etre-utile-ceidf.fr, 1
+vous-les-jeunnes.tk, 1
+vousnousils.fr, 1
+vov.furniture, 1
+vova.loan, 1
+vovac.tk, 1
+vovachka.tk, 1
+vovkamagazine.tk, 1
+vovladikavkaze.ru, 1
+vovo4ka.tk, 1
+vowsy.club, 0
+vox.de, 1
+voxbras.com.br, 1
+voxeaarecords.com, 1
+voxel.ax, 1
+voxel.cat, 1
+voxel.sh, 1
+voxelcat.de, 1
+voxelcat.jp, 1
+voxeljet.com, 1
+voxengo.com, 1
+voxfa.com, 1
+voxfilmeonline.net, 1
+voxio.nl, 1
+voxpopuli.com, 1
+voxturba.com, 0
+voxx1116.com, 1
+voyage-martinique.fr, 1
+voyage2africa.com, 1
+voyagedeductible.com, 1
+voyageforum.com, 1
+voyageofyume.com, 1
+voyages-groupes-transgallia.com, 1
+voyagesparadis.ca, 1
+voyagesvoyages.net, 1
+voyagewd.world, 1
+voyagewiki.com, 1
+voyagewiki.org, 1
+voyainvestments.com, 1
+voyaker.tk, 1
+voyance-direct.info, 1
+voyancedanslenord.com, 1
+voyeurspyporn.com, 1
+vozami.com, 1
+vozbudim.tk, 1
+vozdux.tk, 1
+vozelocucao.com.br, 1
+vozhatik.cf, 1
+vozhuo.cf, 1
+vozolmarketim.com, 1
+vozpopuli.com, 1
+vp-arc.org, 1
+vparilke.su, 1
+vpetkov.tk, 1
+vpn-suomi.fi, 1
+vpn-sverige.se, 1
+vpn.ht, 1
+vpn4free.ga, 1
+vpnalert.com, 1
+vpnbrains.com, 1
+vpnclient.ru, 1
+vpnemail.com, 1
+vpnent.com, 1
+vpnhongkong.gq, 1
+vpnmag.fr, 1
+vpnpro.com, 1
+vpnservice.nl, 1
+vporno.video, 1
+vprotect.ga, 1
+vps-green.com, 1
+vps.auction, 1
+vps.chat, 1
+vps.discount, 1
+vps.hosting, 1
+vps.management, 1
+vps.nl, 1
+vps.tg, 1
+vpsao.org, 1
+vpsboard.com, 1
+vpsce.com, 0
+vpsdream.dk, 1
+vpsgongyi.com, 0
+vpsji.com, 1
+vpsmore.com, 1
+vpsou.com, 1
+vpsport.ch, 1
+vpsproj.dynu.net, 1
+vpsrussia.com, 1
+vpstrial.net, 1
+vpsvz.cloud, 1
+vpsvz.ninja, 1
+vpswebs.tk, 1
+vpsxhq.com, 1
+vpu-online.com, 1
+vqcymsa.com, 1
+vqebizconsulting.com, 1
+vqeg.org, 1
+vqn.se, 1
+vr-baufi.com, 1
+vr-baufi.info, 1
+vr-baufi24.de, 1
+vr-bauficoncept.de, 1
+vr-baufinanzierung.de, 1
+vr-hypothekenbank.de, 1
+vr-immo-invest.biz, 1
+vr-immo-invest.com, 1
+vr-immoexpress.biz, 1
+vr-immoexpress.info, 1
+vr-immoinvest.eu, 1
+vr-payment.de, 1
+vr-re-bank.org, 1
+vr-realestate.co.uk, 1
+vr3marcas.com.br, 1
+vrac-drive.ch, 1
+vracdrive.ch, 1
+vrachi.online, 1
+vractive.pl, 1
+vragenvanproust.nl, 1
+vrallart.com, 1
+vramoni.ru, 1
+vran.ga, 1
+vrandopulo.ru, 1
+vravi.tech, 1
+vrba.org, 1
+vrbangers.com, 1
+vrbl.pt, 1
+vrbr.ch, 0
+vrchat.community, 1
+vrconk.com, 1
+vrcosplayx.com, 1
+vrcprofile.com, 1
+vrcsearch.com, 1
+vrdennis.tk, 1
+vredesregister.be, 1
+vredesregister.gent, 1
+vreeken-selfstorage.tk, 1
+vreeman.com, 1
+vreklame.ml, 1
+vremyachko.tk, 1
+vremyapervyih-hd.tk, 1
+vresonline.gr, 1
+vresportal.co.uk, 1
+vrfoodchannel.com, 1
+vrg-gruppe.de, 1
+vrg.de, 1
+vrgamecritic.com, 1
+vrh.net.au, 1
+vriendenkring-klassiekers.tk, 1
+vriesdonkow.be, 0
+vrifox.cc, 1
+vrij-links.nl, 1
+vrijedomeinnamen.nl, 1
+vrijekunst.tk, 1
+vrijeradio.tk, 1
+vrijgezellen-feest.com, 1
+vrijgezellen-feesten.nl, 1
+vrijgezellenfeestzwolle.com, 1
+vrikshamindia.com, 1
+vrimmoexpress.biz, 1
+vrimmoexpress.eu, 1
+vrimmoinvest.ag, 1
+vrimmoinvest.org, 1
+vrimmoworld.de, 1
+vriresorts.com, 1
+vrisak-generacije.tk, 1
+vrjetpackgame.com, 1
+vrnhn.nl, 1
+vroedvrouwella.be, 1
+vros.co.id, 1
+vrostove.tk, 1
+vrp.moe, 0
+vrre.ag, 1
+vrrebank.info, 1
+vrsmash.com, 1
+vrsystem.com.br, 0
+vrtak-cz.net, 0
+vrtidaho.gov, 1
+vrtouring.org, 1
+vrumcar.com, 1
+vrzas.net, 1
+vrzl.pro, 1
+vs1177.com, 0
+vs1717.com, 0
+vs2277.com, 0
+vs2828.com, 0
+vs5151.com, 0
+vs603.com, 1
+vs6060.com, 0
+vs6161.com, 0
+vs7711.com, 0
+vs8899.com, 0
+vs9911.com, 0
+vs9977.com, 0
+vsactivity.com, 1
+vsamsonov.com, 1
+vsaratove.tk, 1
+vsatke.tk, 1
+vsc-don-stocksport.de, 1
+vscm888.com, 0
+vscredconsultoria.online, 1
+vsd.sk, 1
+vse-bolezni.tk, 1
+vse-dlya-fermera.tk, 1
+vse-dlya-jinok.tk, 1
+vse-dlya-texniki.tk, 1
+vse-novosti.tk, 1
+vse-potolki.ml, 1
+vse-prosto.tk, 1
+vsean.net, 1
+vsec.co.il, 1
+vsee.com, 1
+vsekulinar.ru, 1
+vsem-reiki.tk, 1
+vsemrabota.ml, 1
+vsenovosti.cf, 1
+vseostile.ml, 1
+vserisuem.ga, 1
+vserus.com, 1
+vserver-preis-vergleich.de, 1
+vseserialy.tk, 1
+vsesrazu-raiffeisen.ru, 1
+vsestiralnie.com, 0
+vsestoki.com, 0
+vsevkusno.tk, 1
+vsevolod.tk, 1
+vsgcommunity.nl, 1
+vshipit.com, 1
+vsimosvita.com, 1
+vsl-defi.ch, 0
+vsl.de, 1
+vsmcomunicacao.com.br, 1
+vsoflavors.com, 1
+vsolovev.com, 1
+vsolvit.com, 1
+vsoy.co.th, 1
+vspin.cz, 1
+vsportage.com, 1
+vss-clan.ml, 1
+vsscr.tech, 1
+vsscrew.tk, 1
+vssnederland.nl, 1
+vstavropole.tk, 1
+vstrikovaci-lisy.cz, 1
+vsure.com.au, 1
+vsx.ch, 1
+vsz.me, 1
+vszp.sk, 1
+vtanki.tk, 1
+vtaxi.se, 1
+vtbclub.xyz, 1
+vtbs.moe, 1
+vtcourts.gov, 1
+vtech.com, 1
+vtescebu.com, 1
+vtipe-vylez.cz, 0
+vtivision.com, 1
+vtjud.gov, 1
+vtklan.tk, 1
+vtler-glabbich.de, 0
+vtliving.com, 1
+vtm.be, 1
+vtmgo.be, 1
+vtoroy-kanal.ga, 1
+vtsnetworks.com, 1
+vttnordisere.fr, 1
+vtuber-schedule.info, 1
+vtuber.art, 1
+vtul.io, 1
+vtulinkng.com.ng, 1
+vtupro.com, 1
+vtvnetwork.org, 1
+vtwonen.be, 1
+vtwonen.nl, 1
+vuagym.com, 1
+vuakhuyenmai.vn, 1
+vuath.com, 1
+vucdn.com, 1
+vue-sur-mer.com, 1
+vuefact.com, 1
+vuefactory.io, 1
+vuelacaruru.com, 1
+vuelosabajoprecio.net, 1
+vugt.me, 1
+vuilelakens.be, 1
+vuitimig.com, 1
+vukhoidecor.com, 1
+vulcan-platinum.online, 1
+vulcan-russia.today, 1
+vulcancycling.ga, 1
+vulcannow.ru, 1
+vulcanplatinum-best.com, 1
+vulcanplatinum777-vip.com, 1
+vulcanplatinum777club.com, 1
+vulcanplatinumplay.xyz, 1
+vulcanrussia-game.com, 1
+vulcanrussiagame.com, 1
+vuldb.com, 1
+vulgar-teens.tk, 1
+vulkan-24-platinum.ru, 1
+vulkan-platina.info, 1
+vulkan-platinum-101.ru, 1
+vulkan-platinum13.com, 1
+vulkan-platinumclub.ru, 1
+vulkan-platinumpro.com, 1
+vulkan-russia-pro.com, 1
+vulkan-russia.vip, 1
+vulkan-russiaklub.com, 1
+vulkan.org, 1
+vulkanmillioncasino.xyz, 1
+vulkano-online-casino.com, 1
+vulkanplatinacasino.xyz, 1
+vulkanplatinum-casino.xyz, 1
+vulkanplatinum-klub.com, 1
+vulkanplatinum22.com, 1
+vulkanplay-platinum.com, 1
+vulkanprotektor.rs, 1
+vulkanruhe.com, 1
+vulkanruhe.de, 1
+vulkanrussia-avtomat.ru, 1
+vulkanrussia-casinos.com, 1
+vullriede-multimedia.de, 0
+vulndetect.com, 1
+vulndetect.org, 1
+vulnerability.ch, 1
+vulnerabilityscans.nl, 1
+vulnerable.af, 1
+vulnerar.com, 1
+vulners.com, 1
+vulns.sexy, 1
+vulns.xyz, 1
+vulnscan.org, 1
+vulpine.club, 1
+vulpr.com, 1
+vultrhxl.com, 1
+vulyk-medu.com.ua, 1
+vunn.com, 1
+vuojolahti.fi, 0
+vuotila.eu, 1
+vuoto.fi, 1
+vurdst.dk, 1
+vusdigital.com, 0
+vuse.com, 1
+vutrox.com, 1
+vutruso.com, 1
+vux.li, 1
+vuze.camera, 1
+vuzi.fr, 1
+vv066.com, 0
+vv1234.cn, 1
+vv5197.co, 1
+vv6729.co, 1
+vv6729.com, 0
+vv6957.co, 1
+vv9297.co, 1
+vv9721.com, 0
+vv9728.co, 1
+vvactivia.nl, 1
+vvave.net, 1
+vvcasteren.nl, 1
+vvd.bz, 1
+vvdbronckhorst.nl, 1
+vveactiefbeheer.nl, 0
+vvg-vermietung.de, 1
+vvlemmer.tk, 1
+vvlen.com, 1
+vvoip.org.uk, 1
+vvpn.loan, 1
+vvs.spb.ru, 1
+vvsummer.ml, 1
+vvvvbrest.tk, 1
+vvvvvv.click, 1
+vvvz0.gq, 1
+vvvzeeland.nl, 1
+vvw-8522.com, 1
+vvwraca.gov, 1
+vvzero.cf, 1
+vvzero.com, 1
+vw-touranclub.cz, 1
+vw22.com, 1
+vwcredit.com, 1
+vwforum.ro, 1
+vwfs.ru, 1
+vwfsfcp.com, 1
+vwfsrentacar.co.uk, 1
+vwh-kunden.de, 1
+vwittich.de, 1
+vwoforangeparts.com, 1
+vwp.su, 1
+vwpartsinternational.com, 1
+vwpi.co, 1
+vwsaigon.vn, 0
+vwt-event.nl, 1
+vww-8522.com, 1
+vx.hn, 1
+vxapps.com, 1
+vxl.sh, 0
+vxlabs.de, 1
+vxm.se, 1
+vxz.me, 1
+vyacheslav.ml, 1
+vybavzahradu.cz, 1
+vybeministry.org, 1
+vyber-odhadce.cz, 1
+vyberdomov.cz, 1
+vyberodhadce.cz, 1
+vycius.lt, 1
+vygeja.lt, 1
+vygo.network, 1
+vygo.one, 1
+vyomoverseas.com, 1
+vyorsa.com.mx, 1
+vypij.cz, 1
+vyplnto.cz, 1
+vyre.ovh, 1
+vyresimeonline.cz, 1
+vyroba.site, 1
+vyrubka-derevya.ru, 1
+vys.in, 1
+vyshivanochka.in.ua, 1
+vysko.cz, 1
+vyskocil.com, 1
+vyskocil.eu, 1
+vysoketatry.tk, 1
+vysokij-istochnik.tk, 1
+vysokoe.tk, 1
+vysotka.tk, 1
+vysvetluju.cz, 1
+vyturys.lt, 1
+vytvorsipotisk.cz, 1
+vyvod-iz-zapoya.online, 1
+vyvygen.org, 1
+vyzner.cz, 1
+vzce.cn, 1
+vzducho-klima.cz, 1
+vzemiseo.com, 1
+vzemisite.com, 1
+vzr-garant.nl, 1
+vzteam.ga, 1
+vzw-muzaik.tk, 1
+vzwregent.be, 1
+vzyatonlinezaim.ga, 1
+vzyatonlinezaim.gq, 1
+vzyatonlinezaim.ml, 1
+vzyatonlinezaim.tk, 1
+vzyatzaimonline.cf, 1
+vzyatzaimonline.ga, 1
+vzyatzaimonline.gq, 1
+vzyatzaimonline.ml, 1
+vzyatzaimonline.tk, 1
+vzzjoias.com.br, 1
+w-architectes.com, 1
+w-hub.ru, 1
+w-oasis.co.jp, 1
+w-p-k.de, 1
+w-spotlight.appspot.com, 1
+w-surgeryhospital.com, 1
+w-w-auto.de, 1
+w-ws.ga, 1
+w.st, 1
+w.wiki, 1
+w0.pw, 1
+w00228.com, 1
+w0102.com, 1
+w03.cn, 1
+w10club.com, 0
+w1n73r.de, 1
+w1nter.xyz, 1
+w2929w.com, 1
+w2ang.cn, 1
+w2ang.com, 1
+w2design.eu, 1
+w2n.me, 1
+w2w.com, 1
+w33b.in, 1
+w365.vip, 0
+w36533.com, 1
+w36594.com, 1
+w398.com, 1
+w3app.nl, 1
+w3ctag.com, 1
+w3ctag.org, 1
+w3d.io, 1
+w3layouts.com, 1
+w3n14izy.cf, 1
+w3n14izy.ga, 1
+w3n14izy.gq, 1
+w3n14izy.ml, 1
+w3n14izy.tk, 1
+w3punkt.de, 1
+w3scan.nl, 1
+w3squad.com, 1
+w40faktory.tk, 1
+w4b.in, 1
+w4eg.de, 1
+w4g-security.com, 1
+w4nvu.org, 1
+w4r.nl, 1
+w4solutions.de, 1
+w4tec.de, 1
+w50.co.uk, 0
+w5050w.com, 1
+w51365.com, 1
+w5197.co, 1
+w5gfe.org, 1
+w60.co, 1
+w61611.net, 1
+w61616.com, 0
+w66133.com, 0
+w66136.net, 0
+w66138.net, 0
+w6616.com, 1
+w661616.com, 0
+w6619.com, 1
+w66938.com, 1
+w6698.com, 0
+w6729.co, 1
+w6729.com, 1
+w6808.com, 1
+w6829.com, 1
+w6832.com, 1
+w6886.com, 1
+w6957.co, 1
+w6957.com, 0
+w7k.de, 1
+w7n.ch, 1
+w8094.com, 1
+w82365.com, 1
+w84.it, 1
+w8605.com, 1
+w8628.com, 1
+w888022.com, 0
+w888033.com, 0
+w888044.com, 0
+w888066.com, 1
+w888077.com, 0
+w888088.com, 0
+w889-line.com, 1
+w889-line.net, 1
+w88clubz.com, 1
+w8less.nl, 1
+w8wat.com, 1
+w9297.co, 1
+w9297.com, 0
+w9721.com, 0
+w9728.co, 1
+w9nb.radio, 1
+wa-m-web-alpcustomer-portal-caixabank.azurewebsites.net, 1
+wa-m-web-alpcustomer-portal-timfin.azurewebsites.net, 1
+wa-stromerzeuger.de, 0
+wa.me, 1
+waagen.tk, 1
+waaifu.com, 1
+waalsekrook.be, 1
+waavit.com, 1
+waaynex.ch, 1
+waays.eu, 1
+waays.fr, 1
+waayz.eu, 1
+waayz.fr, 1
+wabbel.sa.com, 1
+wabifoggynuts.com, 1
+wabuwa.com, 1
+wacht-auf.de, 1
+wachter.biz, 1
+wachtspoor.nl, 1
+wachtspoor18.nl, 1
+wacken666.com, 1
+wackery.com, 1
+wacky.one, 1
+wackyblackie.eu.org, 1
+wackyblackie.ml, 1
+wackys.com, 1
+wacotrib.com, 1
+wacpericias.com.br, 1
+wade.gdn, 0
+wadebet.com, 1
+wadesboronc.gov, 1
+wadidi.com, 1
+wadleyga.gov, 1
+wadsworth.gallery, 1
+wadvisor.com, 1
+waeldertexas.gov, 1
+waelisch.de, 1
+waelti.xxx, 1
+waf.hk, 1
+waf.ninja, 1
+waf.sexy, 1
+wafa4hw.com, 1
+waferscriber.com, 1
+waffeln.jetzt, 1
+waffle-backend-sanggyu.shop, 1
+waffle-sanggyu.tk, 1
+wafflehacks.org, 1
+waffleindex.com, 1
+wafflemakers.ca, 1
+wafni.com, 1
+wagcenter.com, 1
+wage-feeg.gc.ca, 1
+wagesweldandfab.com, 1
+wageverify.com, 1
+waggybytes.com, 1
+wagn3r.de, 1
+wagspuzzle.space, 1
+waguramaurice.cf, 1
+wahay.org, 1
+wahhoi.net, 1
+wahine.gq, 1
+wahl-co.de, 1
+wahminda.tk, 1
+wahoo-ashland-waverly.com, 1
+wahrnehmungswelt.de, 1
+wahrnehmungswelten.de, 1
+wai-in.com, 1
+wai.run, 1
+waibit.io, 1
+waidfrau.de, 1
+waifu-technologies.com, 1
+waifu-technologies.moe, 1
+waifu.gallery, 1
+waifuist.pro, 1
+waikatowebdesigners.com, 1
+wail.net, 1
+waimanu.io, 1
+waisster.com, 1
+waistawayuk.co.uk, 0
+waitabu.org, 1
+waits.io, 1
+waiwaisw.com, 1
+waiwei.ml, 1
+waixingrenfuli.vip, 1
+wajtc.com, 1
+wak.io, 1
+waka-mono.com, 1
+wakarandroid.com, 1
+wakastream.cc, 1
+wakatime.com, 1
+wake.gov, 1
+wake.net, 1
+wakecounty.gov, 1
+wakecountynorthcarolina.ml, 1
+wakelet.com, 1
+wakenyatulindane.co.ke, 1
+wakeofthepredator.tk, 1
+wakeupeire.com, 1
+wakeupplatform.com, 1
+wakeupworld.ml, 1
+wakpamnilake-nsn.gov, 1
+wakullaelectionfl.gov, 1
+wakullavotes.gov, 1
+wakuwakustudyworld.co.jp, 0
+walaa.com.co, 1
+walaamohamed.com, 1
+waldenvt.gov, 1
+waldenwritingcenter.ml, 1
+waldgourmet.de, 1
+waldo.tk, 1
+waldo.vn, 0
+waldorf-augsburg.de, 1
+waldorf-harduf.org, 1
+waldorfdiary.com, 1
+waldparkerwoelfe.tk, 1
+waldpflegeverein.at, 1
+waldportoregon.gov, 1
+waldur.nl, 1
+waldvogel.family, 1
+walent.in, 1
+walentin.co, 1
+walentynki.tk, 1
+walesmaine.gov, 1
+walhal.la, 1
+waligorska.pl, 1
+walk.onl, 1
+walkaround.tk, 1
+walker-foundation.org, 1
+walkera-fans.de, 1
+walkercorp.com.au, 0
+walkercountytx.gov, 1
+walkerfoundation.org.au, 1
+walkergroup.com.au, 1
+walkerinsurance.net, 1
+walkermi.gov, 1
+walkersplayground.tk, 1
+walkfree.org, 1
+walkhighlandsandislands.com, 0
+walkingandcycling.org.uk, 1
+walkingrehabilitation.com, 1
+walkinweb.com, 1
+walklocal.be, 1
+walklocal.gent, 1
+walkman.cloud, 1
+walkman.io, 1
+walkme.com, 1
+walksedona.com, 1
+walksfourpaws.co.uk, 1
+wall-banners.tk, 1
+wall-of-death.co.nz, 1
+wallabag.org, 0
+wallabies.org, 1
+wallace-group.net, 1
+wallacealvesdigital.com.br, 1
+wallacecountyks.gov, 1
+wallacehigh.org.uk, 1
+wallada.tk, 1
+wallaralogistics.com.au, 1
+wallartista.com, 1
+wallbanksweb.net, 1
+wallcs.eu, 1
+wallduck.com, 1
+wallendair.com, 1
+wallers.com, 1
+wallet.google.com, 1
+wallet.pp.ua, 1
+walletconnect.com, 1
+walletconnector.cz, 1
+walletfox.com, 1
+wallethub.com, 1
+walletory.com, 1
+wallett.gq, 1
+wallhack.ml, 1
+wallhost.tk, 1
+wallingford.cc, 1
+wallis-inside.ch, 1
+wallisch.pro, 1
+walliscreek.com.au, 1
+wallix.com, 1
+wallmanderstd.se, 1
+wallmarketing.cz, 1
+wallners.se, 1
+wallnj.gov, 1
+wallnot.dk, 1
+wallofclocks.com, 1
+wallpaperstreet.tk, 1
+wallpapertag.com, 1
+wallpaperup.com, 1
+wallrgb.com, 1
+walls.io, 1
+wallsauce.com, 1
+wallstreetmojo.com, 1
+walltech.tk, 1
+walltime.info, 1
+wallumai.com.au, 1
+wally4000.tk, 1
+wallytest.tk, 1
+walma.re, 1
+walnus.com, 1
+walnutcreekca.gov, 1
+walnutcreekpdca.gov, 1
+walnutgrovemo.gov, 1
+walnutvalleywater.gov, 1
+walpu.ski, 1
+walpuski.com, 1
+walruscode.com, 1
+walruses.org, 1
+walrusntiny.com, 1
+walsermedia.com, 1
+walshbanks.com, 1
+walshy.fail, 1
+walter-foerster.de, 1
+walter-mooij-jazztrio.tk, 1
+walter.lc, 1
+waltercedric.com, 0
+waltermulders.be, 1
+walterswholesale.com, 1
+waltherarms.com, 1
+waltravis.com, 1
+waltthirion.com, 1
+walutomat.pl, 1
+walvi.nl, 1
+wamia.wa.gov.au, 1
+wammu.eu, 1
+wamsi.net, 1
+wanabka.tk, 1
+wanashi.com, 1
+wanda.ch, 1
+wanda76.com, 1
+wanda79.com, 1
+wanda97.com, 1
+wanda98.com, 1
+wandelreizen.eu, 1
+wander.al, 1
+wander.tk, 1
+wanderersfc.tk, 1
+wanderfost.com, 1
+wanderfullcoven.tk, 1
+wanderinghiker.com, 1
+wanderingincaptivity.com, 1
+wanderings.online, 1
+wandervoll.ch, 1
+wandystan.eu, 1
+wane.co, 1
+wang.by, 1
+wangbangyu.cf, 1
+wangbangyu.ga, 1
+wangbangyu.gq, 1
+wangbangyu.ml, 1
+wangbangyu.tk, 1
+wangcanmou.com, 1
+wangcun.eu.org, 1
+wangdaijin.com, 1
+wangejiba.com, 0
+wangjiatun.com.tw, 1
+wangluoyunying.com, 1
+wangpedersen.com, 1
+wangqiliang.org, 1
+wangql.cn, 1
+wangql.net, 1
+wangqr.org, 1
+wangqr.tk, 1
+wangriwu.com, 1
+wangtanzhang.com, 1
+wangwill.me, 1
+wangyue.blog, 1
+wangzhe100.xyz, 1
+wangzuan168.cc, 1
+wanjuhui.com, 1
+wanlieyan.com, 1
+wannabfit.nl, 1
+wannaknow.tk, 1
+wannaparty.in, 0
+wannapopularnews.cf, 1
+wannaridecostarica.com, 1
+wanorthshoreny.gov, 1
+wantocode.com, 1
+wanybug.cf, 1
+wanybug.ga, 1
+wanybug.gq, 1
+wanybug.tk, 1
+waonui.io, 1
+wap-umbrella.tk, 1
+wapa.gov, 1
+wapazewddamcdocmanui6001.azurewebsites.net, 1
+wapazewrdamcdocmanui6001.azurewebsites.net, 1
+wapbd.ga, 1
+wapchan.org, 1
+wapelloia.gov, 1
+wapflash.ml, 1
+wapgame.gq, 1
+wapgu.cc, 1
+wapheat.tk, 1
+wapkarma.tk, 1
+wapkat.tk, 1
+waplumber.com.au, 1
+wapmaster.cf, 1
+wapmaster.ga, 1
+wapnazir.tk, 1
+wapnepal.com.np, 1
+wapnews.tk, 1
+wapnik.tk, 1
+wapo.ro, 1
+wappie.tk, 1
+wapplerbrewing.com, 1
+wapresri.go.id, 1
+wapspaces.tk, 1
+wapsychiatry.com.au, 1
+waptransfer.tk, 1
+wapveil.ml, 1
+war-requiem.com, 1
+war-team.com, 1
+waragod.sk, 1
+warbox.ga, 1
+warcraft2016.tk, 1
+warcraftjournal.org, 1
+warcraftwikicz.tk, 1
+ward.nl, 1
+ward2u.com, 1
+wardeath.tk, 1
+wardemons.tk, 1
+warden.navy, 1
+wardnd.gov, 1
+wardogz.tk, 1
+wardonat.tk, 1
+wardow.com, 1
+wardpieters.eu, 1
+wardpieters.online, 1
+wardpieters.xyz, 1
+wardsborovt.gov, 1
+wardslager.com, 1
+warecountyga.gov, 1
+warehost.de, 0
+warehouse-nantes.fr, 1
+warekon.com, 1
+warekon.dk, 1
+waren.io, 1
+waren.one, 1
+warenghem.com, 1
+warengroup.eu, 1
+warengroup.fi, 1
+warengroup.net, 1
+warengroup.org, 1
+warenhosting.com, 1
+warenhuisvandijk.nl, 1
+warenits.at, 0
+warenmedia.com, 1
+warennetworks.com, 1
+warensecurity.com, 1
+wareshoalssc.gov, 1
+warezbook.org, 1
+warezoom.com, 1
+warfarina.com, 1
+warfield.org.uk, 1
+warfighters.de, 1
+wargov.tk, 1
+wargun.ml, 1
+warhaggis.com, 1
+warhistoryonline.com, 0
+warhut.cn, 1
+warid.ga, 1
+warispak.tk, 1
+warking.ml, 1
+warlions.info, 0
+warlords.cf, 1
+warmestwishes.ca, 1
+warmlyyours.com, 1
+warmservers.com, 1
+warmtepomp.express, 1
+warnernh.gov, 1
+waroengkopigazebo.net, 1
+warofelements.de, 1
+waronbrain.com, 1
+warp-radio.net, 1
+warpsubmitter.tk, 1
+warr.ath.cx, 1
+warrantycontracts.ga, 1
+warrantynowvoid.com, 1
+warrencampdesign.com, 1
+warrencountyga.gov, 1
+warrencountyia.gov, 1
+warrencountyil.gov, 1
+warrencountynj.gov, 1
+warrencountypa.gov, 1
+warrencountyva.gov, 1
+warrenct.gov, 1
+warrenfisher.net, 1
+warrenhousevets.co.uk, 1
+warrenmi.gov, 1
+warrenri.gov, 1
+warrentwpstjosephco-in.gov, 1
+warringtonkidsbouncycastles.co.uk, 1
+warringtonsownbuses.co.uk, 1
+warriorofmars.com, 1
+warrock-es.tk, 1
+warrs.com, 1
+wars.cat, 1
+warschild.org, 1
+warsh.moe, 1
+warsonco.com, 0
+warspot.ru, 1
+warszawa-pranie-dywanow.pl, 1
+warszawa19115.pl, 0
+warszawska285.pl, 1
+wartabank.com, 1
+warteg.com, 1
+warteg.net, 1
+wartegseberangsana.com, 1
+warthog.ml, 1
+wartimecontracting.gov, 1
+wartorngalaxy.com, 1
+wartraining.com.br, 1
+wartung.tk, 1
+warubbermate.co.th, 1
+warungmini-vanwou.nl, 1
+warupu.com, 1
+warwickbucks.gov, 1
+warworld.ml, 1
+was.ch, 1
+wasabiwallet.co, 1
+wasabiwallet.io, 1
+wasatchconstables.com, 1
+wasatchcounty.gov, 1
+waschmaschinen-dienst.de, 1
+waschpark-hantschel.de, 1
+wasdestek.tk, 1
+wasema.com, 1
+wasfestes.de, 1
+wasfuereintheater.com, 1
+wash-house.tk, 1
+washa.tv, 1
+washabich.ch, 1
+washabich.de, 1
+washburnclarkwi.gov, 1
+washburnenglishschool.tk, 1
+washcowi.gov, 1
+washcowisco.gov, 1
+washed-house.info, 1
+washerrepairaustin.com, 1
+washify.com, 1
+washington-ma.gov, 1
+washingtoncopa.gov, 1
+washingtoncountyar.gov, 1
+washingtoncountyhomeoh.gov, 1
+washingtoncountyid.gov, 1
+washingtoncountymn.gov, 1
+washingtoncountyne.gov, 1
+washingtoncountyor.gov, 1
+washingtoncountysheriffne.gov, 1
+washingtoncountytx.gov, 1
+washingtoncountywi.gov, 1
+washingtonnewsz.com, 1
+washingtontwpacpa.gov, 1
+washingtonviews.com, 1
+washingtonwatchdog.org, 1
+washoecounty.gov, 1
+washroomcubicles.co.uk, 1
+washsolucoesemlimpeza.com.br, 1
+washtenaw.gov, 1
+washub.org.uk, 1
+washup.tk, 1
+wasi-net.de, 1
+wasielewski.com.de, 1
+wasistderunterschied.com, 1
+wasp.host, 1
+wass.ga, 1
+wassenaar.org, 0
+wassermanx.com, 1
+wassim.is, 1
+wastewaterservicesltd.co.uk, 0
+wastewise.com, 0
+wasticker.ru, 1
+wastrel.ch, 1
+wasys.com.br, 1
+wat.sh, 1
+wataclinic.com, 1
+watari-bg.com, 1
+watashi.bid, 1
+wataugatx.gov, 1
+watboeithet.nl, 1
+watch-host.ga, 1
+watch-wiki.org, 1
+watchamovie.ga, 1
+watchcom.co.za, 1
+watchcom.org, 1
+watchcom.org.za, 1
+watchcow.org, 0
+watchdogs.tk, 1
+watchersrealm.tk, 1
+watchface.watch, 1
+watchfreeonline.co.uk, 1
+watchinventory.com, 1
+watchjavidol.com, 0
+watchmetech.com, 1
+watchmoviesgallery.com, 1
+watchmoviesreel.com, 1
+watchparts-and-tools-okayama.co.jp, 1
+watchpeopledie.tv, 1
+watchporninpublic.com, 1
+watchpsllive.com, 1
+watchstyle.com, 1
+watcht20worldcup.com, 1
+watchthis-svp.com, 1
+watchtogether.ch, 1
+watchtolearn.co, 1
+watchurdiet.com, 1
+watchweasel.com, 1
+water-filters.tk, 1
+water-for-africa.org, 1
+water-polo.tk, 1
+water-valley.tk, 1
+water.com, 1
+waterandhealth.org, 1
+waterbassoon.eu.org, 1
+waterborefiji.com, 1
+waterboromaine.gov, 1
+watercold.cool, 1
+waterdamageindiana.com, 1
+waterdogsmokehouse.com, 1
+waterdownmedia.co.uk, 1
+waterdrop.tk, 1
+waterdropcultureproject.com, 1
+waterest.tk, 1
+waterfedpole.com, 0
+waterfordstoves.ie, 1
+waterfordvt.gov, 1
+waterfordwi.gov, 1
+waterforlifecharity.org, 1
+waterheaterleaguecity.com, 1
+waterhouse.tk, 1
+waterjet.com.ru, 1
+waterjet.my, 1
+waterjets.jp, 1
+waterjetsale.com, 1
+waterlanders.tk, 1
+waterlandtuinen.be, 1
+waterleeftinbeek.nl, 1
+waterlemons2k.top, 1
+waterlens.moe, 1
+waterliteracy.tk, 1
+waterloo-abba-show.de, 1
+waterloofaucets.com, 1
+waterlootwpmi.gov, 1
+watermarkktp.com, 1
+watermarkly.com, 0
+watermonitor.gov, 1
+wateroutlook.com, 1
+waterpoint.tk, 1
+waterpolosantona.tk, 1
+waterpolospain.tk, 1
+waterpumps.xyz, 1
+waterpurificationsupplies.com, 1
+watersb.org, 1
+waterschaplimburg.nl, 1
+waterside-inn.co.uk, 1
+waterside-residents.org.uk, 1
+watersky.tk, 1
+waterslide-austria.at, 0
+watersoul.com, 1
+watersource.ga, 1
+watersports.guru, 1
+waterstreetloft.com, 1
+watertaxi.com, 1
+waterton.tk, 1
+watertorenstraat.tk, 1
+watertownmi.gov, 1
+watertownmn.gov, 1
+watertownwi.gov, 1
+watertrails.io, 1
+waterville-estatesnh.gov, 1
+watervillevalleynh.gov, 1
+watervillewomenscare.com, 1
+waterworkscondos.com, 1
+watestsite.ovh, 1
+watfordcyclehub.org.uk, 1
+watfordjc.uk, 1
+wathory.com, 1
+watisleukemie.tk, 1
+watismijnbandenspanning.nl, 1
+watongaok.gov, 1
+watoo.tech, 1
+watsonsurplus.com, 1
+watsontownshipmi.gov, 1
+wattmaedchen.de, 1
+watto29.co.jp, 1
+wattpad.com, 1
+wattstrading.co.uk, 1
+watvindtnederland.com, 1
+watzijnmijnkerntalenten.nl, 1
+waukee.gov, 1
+waukeect.com, 1
+waupacacounty-wi.gov, 1
+waupacawi.gov, 1
+wausharacountywi.gov, 1
+wauwatosa.gov, 1
+wav-productions.com, 1
+wav.tv, 1
+wave-cockpit.de, 1
+wave-electronics.com, 0
+wave-inc.co.jp, 1
+wave.is, 1
+wave.md, 1
+wave.red, 1
+waveburst.net, 1
+waveestetic.com, 1
+waveletscreative.org, 1
+wavelifesciences.com, 1
+wavenetwork.com.au, 1
+wavengine.com, 1
+waveous.com, 1
+wavered.cf, 1
+waverlypa.gov, 1
+waverlytn.gov, 1
+wavesboardshop.com, 1
+wavesite.tk, 1
+wavin.com, 1
+wawak.pl, 1
+wawapuquy.com, 1
+wawarsingny.gov, 1
+wawshop.cz, 1
+waxcollectibles.com, 1
+waxdramatic.com, 1
+waxlrs.com, 1
+way2earning.com, 1
+way2tech.de, 1
+waya0125.com, 1
+wayaberolodge.com, 1
+waybinary.com, 1
+waycoolmail.tk, 1
+waycraze.com, 1
+waycrossga.gov, 1
+wayfairertravel.com, 0
+wayfarium.com, 1
+wayleadr.com, 1
+waynecountyil.gov, 1
+waynecountymi.gov, 1
+waynecountymo.gov, 1
+waynecountyne.gov, 1
+waynecountyny.gov, 1
+waynecountyoh.gov, 1
+waynefarms.com, 1
+wayneforeman.com, 1
+waynefranklin.com, 1
+waynehartman.com, 1
+wayneo.tk, 1
+waynesboropa.gov, 1
+waynetworking.com, 1
+waynewashcowi.gov, 1
+wayofleaf.com, 1
+wayohoo.net, 1
+waysandlore.consulting, 1
+waysandlore.fr, 1
+wayscript.io, 1
+waysport.ua, 1
+waytofreedom.tk, 1
+waytogrow.com, 1
+waytt.cf, 1
+wayuanma.com, 0
+wazdan.com, 1
+waze.com, 1
+wazefaher.tk, 1
+wazeibra.com, 1
+wazuh.com, 1
+wazzap.tk, 1
+wb-cw.tech, 1
+wb256.com, 1
+wb6668.net, 1
+wba.or.at, 1
+wball.com, 1
+wbbauth.de, 1
+wbbwbwebweb.cf, 1
+wbca.ca, 1
+wbcasaverde.co, 1
+wbci.us, 0
+wbclink.io, 1
+wbeme2.com, 1
+wbeuil.com, 1
+wbg.li, 1
+wbh.im, 1
+wbldc.in, 1
+wblinks.com, 1
+wbnet.eu, 1
+wbolt.com, 1
+wbookcompany.com, 1
+wbphed.gov.in, 1
+wbsentinel.com, 1
+wbsogids.nl, 1
+wbss.it, 1
+wbt-solutions.ch, 1
+wbt-solutions.net, 1
+wbtechnologie.nl, 1
+wbtenders.gov.in, 1
+wbudd.com, 1
+wbut.ml, 1
+wby.by, 1
+wby.tw, 1
+wc3modding.ml, 1
+wc64.org, 1
+wca.link, 1
+wcally.com, 1
+wcarc.ca, 1
+wcat.in, 1
+wcatherinekendall.co.uk, 1
+wcei.com.au, 1
+wcema-ok.gov, 1
+wcfauth.de, 1
+wcfcourier.com, 1
+wck.com, 1
+wcl.govt.nz, 1
+wcloud.pro, 1
+wcn.life, 0
+wcools.tk, 1
+wcpo.com, 1
+wcrca.org, 0
+wcru.one, 1
+wcs.rs, 1
+wcsoe.gov, 1
+wcss.com, 1
+wctsite.tk, 1
+wcwcd.gov, 1
+wcwcg.net, 1
+wd-api.com, 0
+wd-img.com, 1
+wd-ljt.com, 1
+wd.is, 1
+wd627.com, 1
+wd976.com, 0
+wdambv.nl, 1
+wdcvalencia2022.com, 1
+wdesign.cl, 1
+wdesk.com, 1
+wdf.ink, 1
+wdgpublichealth.ca, 1
+wdic.org, 1
+wdkpurple.lgbt, 1
+wdmcheng.cn, 1
+wdmg.com.ua, 1
+wdmleds.com, 1
+wdmpa.eu.org, 1
+wdmpa.org, 1
+wdnmd.ac.cn, 1
+wdntcr.com, 1
+wdo.org, 1
+wdodelta.nl, 0
+wdol.gov, 1
+wdophoto.com, 1
+wdpapi.io, 1
+wdpui.io, 1
+wdrl.info, 0
+wdsdownload.cf, 1
+wdstrings.com, 1
+wdt.cz, 0
+wdtcinfo.com, 1
+we-bb.com, 1
+we-listen.org, 1
+we-run-linux.de, 1
+we-use-linux.de, 1
+we.serveftp.net, 1
+we168168.com, 1
+we5688.net, 1
+we9988.net, 1
+weacceptbitcoin.gr, 1
+wealthadvisorsmf.com, 1
+wealthadvisorstrust.com, 1
+wealthcreationsolutions.ga, 1
+wealthprofessional.ca, 1
+wealthprojector.com, 1
+wealthprojector.com.au, 1
+wealthsimple.com, 1
+wealthsuccess.edu.vn, 1
+wear-largesizes.tk, 1
+wear-referrals.co.uk, 1
+wear1015.ml, 1
+wear2work.nl, 1
+wearandcare.net, 1
+weare1inspirit.com, 1
+wearebase.com, 1
+wearebfi.co.uk, 1
+wearecreator.uk, 1
+wearecrew.io, 1
+wearedevs.net, 1
+wearefestival.ml, 1
+weareflo.com, 0
+wearefrantic.com, 1
+wearegenki.com, 1
+wearehackerone.com, 1
+weareher.com, 1
+weareincognito.org, 1
+wearemarketing.com, 1
+wearemojo.com, 1
+wearenh.gov, 1
+wearepapermill.co, 1
+wearepapermill.com, 1
+wearepoo.com, 1
+wearereasonablepeople.com, 1
+wearereasonablepeople.nl, 1
+wearesilverbullet.com, 1
+wearesuma.com, 1
+wearetravellers.nl, 1
+wearetuzag.com, 1
+wearewithyou.org, 1
+weareworldtrippers.com, 1
+wearewp.pro, 1
+wearit.tk, 1
+wearmoi.com, 1
+wearvintage.ml, 1
+wearvr.com, 1
+wearwick.com, 1
+wearwolf.tk, 1
+weasyl.com, 1
+weather-schools.com, 1
+weather.gov, 1
+weather.gov.mo, 1
+weather25.com, 1
+weatherguard.com, 1
+weathermelon.io, 1
+weathermyway.rocks, 1
+weatherproduct.ga, 1
+weavabel.com, 0
+weavedreams.com, 1
+weaveral.gov, 1
+weavers.space, 1
+weavile.art, 1
+web-3.ru, 1
+web-advisor.co.uk, 1
+web-aps.tk, 1
+web-art.cz, 1
+web-biz.fr, 1
+web-business.tk, 1
+web-cms.fr, 1
+web-connected.com, 1
+web-create.ml, 1
+web-creations.tk, 1
+web-creato.tk, 1
+web-demarche.com, 1
+web-design-india.com, 1
+web-design-singapore.sg, 1
+web-design.co.il, 1
+web-dev-qa-db-ja.com, 1
+web-direct.nl, 1
+web-disaster.tk, 1
+web-format.tk, 1
+web-fox23.ru, 1
+web-hotel.gr, 1
+web-industry.pro, 1
+web-is-amigo.tk, 1
+web-it-entwicklung.de, 1
+web-lab.ml, 1
+web-log.ml, 1
+web-masterok.ga, 1
+web-mastery.tk, 1
+web-net.tk, 1
+web-odyssey.com, 1
+web-one.net, 1
+web-online.cf, 1
+web-performance.ch, 1
+web-privacy.tk, 1
+web-redactor.com, 1
+web-redactor.net, 1
+web-ross.gq, 1
+web-ross.tk, 1
+web-siena.it, 1
+web-smart.com, 1
+web-snadno.online, 1
+web-space.design, 1
+web-station.tk, 1
+web-stories.at, 0
+web-studio-kzo.ml, 1
+web-style.tk, 1
+web-tcapwebsite-dev.azurewebsites.net, 1
+web-test.gq, 1
+web-town.tk, 1
+web-treff.de, 1
+web-view.ml, 1
+web-wack.at, 1
+web-warrior.de, 1
+web-worker.cn, 1
+web.ca, 1
+web.de, 1
+web.net, 1
+web1212.top, 1
+web1n.com, 0
+web20indexer.com, 1
+web22.eu, 1
+web2ldap.de, 1
+web2screen.tv, 1
+web3mantra.com, 1
+web404.net, 1
+web50aqui.es, 1
+web74.ga, 1
+web76.tk, 1
+webaam.com, 1
+webachtal.com, 1
+webadiccion.net, 1
+webadicta.net, 1
+webadicto.net, 1
+webadmit.org, 1
+webagentur-flake.de, 1
+webaholic.co.in, 1
+webais.ru, 1
+webal.co.uk, 1
+webambacht.nl, 1
+webanalysissolutions.com, 1
+webandmore.de, 1
+webandsun.com, 1
+webanet.eu, 1
+webannonces.tk, 1
+webanyti.me, 1
+webapky.cz, 1
+webappky.cz, 1
+webapplay.com, 1
+webappperformance.com, 1
+webapps-conception.fr, 0
+webark.hu, 1
+webart-factory.de, 1
+webartex.ru, 1
+webarxsecurity.com, 1
+webasto-moscow.ru, 1
+webastra.fr, 1
+webauftritt.ch, 1
+webauthnlogin.com, 1
+webautohelper.com, 1
+webawere.com, 1
+webb.se, 1
+webbankir.com, 1
+webbanquyen.com, 1
+webbgro.com, 1
+webbiz.co.uk, 1
+webblawmaine.com, 1
+webbolivia.tk, 1
+webbricks.ru, 1
+webbuilder.de, 1
+webbureauer.dk, 1
+webby-books.com, 1
+webcafe.tk, 1
+webcam-lisa.ml, 1
+webcam-model.tk, 1
+webcam.ninja, 1
+webcamara.sytes.net, 1
+webcamdream.hu, 1
+webcamera-online.tk, 1
+webcamera.io, 1
+webcamrunetki.ga, 1
+webcams4date.com, 1
+webcamstudio.hu, 1
+webcamtoy.com, 1
+webcamyoung.tk, 1
+webcaptive.com, 1
+webcaptive.net, 1
+webcarebox.com, 1
+webcargonet.com, 1
+webcarlosmartin.tk, 1
+webcarroseletricos.ga, 1
+webcase.tk, 1
+webcatchers.nl, 0
+webce.de, 1
+webcheck.pt, 1
+webclymber.com, 0
+webcoder.cf, 1
+webcoins.tk, 1
+webcollect.org.uk, 1
+webcollector.ga, 1
+webcontrol.tk, 1
+webcookies.org, 1
+webcover.fr, 1
+webcrazy.ga, 1
+webcreaciones.net, 1
+webcreativa.tk, 1
+webcreative.tk, 1
+webcrial.com.br, 1
+webcrm.com, 1
+webcurtaincall.com, 1
+webdaddyit.ga, 1
+webdating.tk, 1
+webdemaestrias.com, 1
+webdesign-kall.de, 1
+webdesign-note.jp, 1
+webdesignagency.cf, 1
+webdesigncompanyindia.com, 1
+webdesignersinchennai.tk, 1
+webdesignfenua.tk, 1
+webdesignlabor.ch, 1
+webdesignplay.com, 1
+webdesignplayground.io, 1
+webdesignrodgau.de, 1
+webdesignsyourway.net, 1
+webdev-cw.me, 1
+webdev-cw.tk, 1
+webdev.solutions, 1
+webdevelop.ninja, 1
+webdevinsider.pl, 1
+webdevoo.com, 1
+webdevxp.com, 1
+webdgc.ro, 1
+webdieta.tk, 1
+webdietrolequinte.it, 0
+webdig.pt, 1
+webdl.org, 1
+webdollarvpn.io, 1
+webdoors.ge, 1
+webdrino.com, 1
+webdrops.nl, 1
+webdushowcase.co.uk, 1
+webeast.eu, 1
+webeck-information-systems.at, 1
+webelement.sk, 0
+webemployed.com, 1
+webengage.com, 1
+webenglish.se, 1
+weber911.gov, 1
+webera.lt, 1
+webera.pro, 1
+weberbasin.gov, 1
+weberbasinut.gov, 1
+weberelections.gov, 1
+weberl.com, 1
+webers-webdesign.de, 1
+webescucha.tk, 1
+webest.pl, 1
+webexample.win, 0
+webexp.biz, 1
+webexperts.tk, 1
+webexpertsdirect.com.au, 1
+webfeifei.tk, 1
+webfence.pt, 1
+webfigueras.tk, 1
+webfilings-eu-mirror.appspot.com, 1
+webfilings-eu.appspot.com, 1
+webfilings-mirror-hrd.appspot.com, 1
+webfilings.appspot.com, 1
+webfixers.nl, 1
+webfocus.ph, 1
+webfoersterei.de, 1
+webforce.pt, 1
+webformula.in, 0
+webforthemasses.tk, 1
+webfrenz.com, 1
+webfronten.dk, 0
+webfun.tk, 1
+webgadgets.tk, 1
+webgaku.net, 1
+webgamex.ml, 1
+webgap.io, 1
+webgarten.ch, 1
+webgeneric.com, 1
+webgeneric.in, 1
+webgentleman.tk, 1
+webgrow.co.za, 1
+webhackspro.com, 1
+webharvest.gov, 1
+webhelpmedica.com, 1
+webhelpmedica.fr, 1
+webhelyesarcu.hu, 1
+webhoffmann.de, 0
+webhooks.stream, 1
+webhopp.com, 1
+webhosting-erfahrungen.de, 1
+webhosting4u.email, 0
+webhostingblackfriday.deals, 1
+webhostingempresas.com, 1
+webhostingmagic.com, 1
+webhostingmedia.net, 1
+webhostingpros.ml, 1
+webhostings.org, 1
+webhostingshop.ca, 1
+webhostplan.info, 1
+webhostsg.net, 1
+webhotel24.se, 1
+webhotelli.website, 1
+webhotels.tk, 1
+webhotelsoversigt.dk, 1
+webhr.co, 1
+webi.ms, 1
+webi.sh, 1
+webia.in.th, 1
+webika.site, 1
+webimagina.tk, 1
+webinator.tk, 1
+webinformer.tk, 1
+webini.co, 1
+webinke.ga, 1
+webinnovation.ie, 1
+webinstit.net, 1
+webionite.com, 1
+webiroha.com, 1
+webisle.com, 1
+webisoder.net, 1
+webissues.de, 1
+webitentwicklung.de, 1
+webiz.ro, 1
+webizer.fr, 1
+webjobposting.com, 1
+webkam-sex.com, 1
+webkato.ru, 1
+webkef.com, 1
+webkeks.org, 1
+webkolektiv.com, 1
+webkorobka.tk, 1
+weblagalera.tk, 1
+weblate.com, 1
+weblate.cz, 1
+weblate.org, 1
+weblead.vip, 1
+weblegion.tk, 1
+weblian.ml, 1
+webliberty.ru, 1
+weblibrary.cf, 1
+weblightnovel.tk, 1
+weblights.ml, 1
+webline.ch, 1
+weblinkcity.tk, 1
+weblinkpedia.com, 1
+weblistposting.com, 1
+weblocus.tk, 1
+weblogia.tk, 1
+weblogic.tk, 1
+weblogzwolle.nl, 1
+webmachine.co.za, 1
+webmail.ee, 1
+webmail.gigahost.dk, 0
+webmail.info, 0
+webmail.mayfirst.org, 0
+webmail.onlime.ch, 0
+webmail.schokokeks.org, 1
+webmama.tk, 1
+webmanagement.berlin, 0
+webmandat.fr, 1
+webmandesign.eu, 1
+webmarcosmarquez.tk, 1
+webmaster16.ml, 1
+webmasterblog.tk, 1
+webmasterhall.com, 1
+webmax.cloud, 1
+webmediaclick.com, 1
+webmediaprint.at, 1
+webmediums.com, 1
+webmedpharmacy.co.uk, 1
+webmeister.org, 1
+webmenedzser.hu, 1
+webmetallica.tk, 1
+webmetering.at, 1
+webmethod.email, 1
+webminders.it, 1
+webmining.gq, 1
+webministeriet.net, 1
+webmonsters.tk, 1
+webmore.fr, 1
+webmotelli.fi, 1
+webmotion.com.au, 1
+webmyhealth.com, 1
+webnames.ca, 1
+webnancy.tk, 1
+webnetmail4u.com, 1
+webnexty.com, 1
+webnoob.net, 1
+webo.agency, 1
+webo.pl, 1
+weboffice.ro, 1
+webofisin.com, 1
+weboflies.tk, 1
+webofthingsmarwane.xyz, 1
+weboke.nl, 1
+weboost.com.ar, 1
+weboperater.rs, 0
+webowell.fr, 1
+webpage.com.ua, 1
+webpantry.ga, 1
+webparallax.cf, 1
+webpark.ch, 1
+webpcstudio.com, 1
+webperformance.io, 1
+webpiar.tk, 1
+webpitarque.tk, 1
+webpixelia.com, 1
+webpkgcache.com, 1
+webplace4u.nl, 1
+webplatform.news, 1
+webportail.tk, 1
+webpostingmart.com, 1
+webpostingpro.com, 1
+webpostingreviews.com, 1
+webprato.it, 1
+webpresence.tk, 1
+webprice.ga, 1
+webproject.rocks, 1
+webprom.net, 1
+webprostitutki.tk, 1
+webpublishing.tk, 1
+webpubsub.com, 1
+webpunk.tk, 1
+webqam.fr, 0
+webquests.tk, 1
+webrabbit.at, 1
+webradio-maroc.tk, 1
+webrand.com, 1
+webranko.tk, 1
+webrebels.org, 0
+webregie.de, 1
+webregion.tk, 1
+webrepresalia.tk, 1
+webringpeopletogether.com.au, 1
+webs4all.ro, 0
+websa.nl, 1
+websanlamuerte.tk, 1
+websayfasi.biz.tr, 1
+webschool21.ml, 1
+websec.nu, 1
+websectools.com, 1
+webseitendesigner.com, 0
+webseitenserver.com, 0
+webserverindia.com, 1
+webshaped.de, 1
+webshipper.com, 1
+webshop.nl, 1
+websika.com, 1
+website-engineering.co.za, 1
+website-traffic.shop, 1
+website.builders, 1
+website999.in, 1
+websitebakers.eu, 1
+websiteboost.nl, 1
+websitecalifornia.cf, 1
+websitecenter.tk, 1
+websitecontrol.com, 1
+websitecyber.com, 1
+websitedesignersmalappuram.ga, 1
+websitedesignprice.ga, 1
+websiteforyou.nl, 0
+websiteirani.tk, 1
+websitelearners.cf, 1
+websiteleichtgemacht.de, 1
+websitemarketers.tk, 1
+websiteout.ca, 1
+websiteout.net, 1
+websitepromotion.ml, 1
+websiterent.ca, 1
+websites4business.ca, 1
+websitesbymark.co.uk, 0
+websitesbywordpress.com, 1
+websitesdallas.com, 1
+websitesdemos.tk, 1
+websiteservice.pro, 1
+websitesthatwork.biz, 1
+websize.me, 1
+websktop.com, 1
+websmartlink.tk, 1
+websoftba.gq, 1
+websofts.co.in, 1
+websolid.be, 1
+websolutionbd.tk, 1
+websouthdesign.com, 1
+websphere.tk, 1
+webspider.tk, 1
+webspire.tech, 1
+webspotter.nl, 1
+webssupport.ga, 1
+webstaff.xyz, 1
+webstar.tk, 1
+webstart.nl, 1
+webstats.tk, 1
+webstaurant.com, 1
+webstaurantstore.com, 1
+websteam.tk, 1
+webstellung.com, 1
+webstergrovesmo.gov, 1
+websternytoday.gov, 1
+webstop.tk, 1
+webstore.be, 1
+webstreamworld.ae, 1
+webstreamworld.com, 1
+webstreamworld.sg, 1
+webstu.be, 1
+webstylemedia.com, 1
+websubmissions.tk, 1
+websuccess.ga, 1
+websvetaines.lt, 1
+webtalis.nl, 1
+webtasarim.info.tr, 1
+webtasarim.pw, 1
+webtasarimankara.name.tr, 1
+webtasarimi.tk, 1
+webtasarimostim.name.tr, 1
+webtaxi.cf, 1
+webtechmantra.com, 1
+webtechnicom.net, 0
+webtek.nu, 1
+webtele.ga, 1
+webtele.tk, 1
+webtelegram.eu.org, 1
+webtematica.com, 1
+webter.de, 1
+webthreesome.com, 1
+webtobesocial.de, 1
+webtodito.tk, 1
+webtomsk.tk, 1
+webtoolhost.com, 1
+webtools-eqt.co.nz, 1
+webtoolxl.net, 1
+webtoolxl.nl, 1
+webtop.co.il, 1
+webtoro.com, 1
+webtorrent.io, 1
+webtorrent.tk, 1
+webtostore.fr, 1
+webtransfers.ml, 1
+webtrend.ch, 1
+webtrh.cz, 1
+webtribunal.net, 1
+webtropia.com, 0
+webtrustcr.com, 1
+webuildsite.ga, 1
+webukhost.com, 1
+webullreview.co, 1
+webunika.com, 0
+webuniverse.ml, 1
+webunix.ga, 1
+webuyhousestitletown.com, 1
+webuyloansfast.com, 1
+webvampiro.tk, 1
+webvanced.nl, 1
+webvenezuela.tk, 1
+webverdienst.tk, 1
+webviewcams.com, 1
+webvpsnet.com, 1
+webvpsnet.org, 1
+webwatchdogs.net, 1
+webwatcher.tk, 1
+webwelearn.com, 1
+webwinkelexploitatie.nl, 1
+webwinkelkeur.nl, 1
+webwinkelwestland.nl, 1
+webwit.pro, 1
+webwweb.com.pl, 1
+webx5.pro, 1
+webyazilim.biz.tr, 1
+webyazilimankara.com, 1
+webycrea.eu, 1
+webyildiz.com, 1
+webyourself.eu, 1
+webz.one, 1
+webzanem.com, 1
+webzarabotok.tk, 1
+wecanvisit.com, 1
+wecareplatform.nl, 1
+weccode.com, 1
+wechange.de, 1
+wechatify.com, 1
+wecleanbins.com, 1
+wecoach.gg, 0
+wecobble.com, 1
+wecodify.nl, 1
+wecreate.ml, 1
+wed13spain.tk, 1
+weda.cf, 1
+wedabout.com, 1
+wedatasolution.com.br, 1
+wedceducation.com, 1
+wedcha.com, 1
+wedding-dress-hire.tk, 1
+wedding-e-dress.tk, 1
+wedding-page.ga, 1
+wedding-page.tk, 1
+wedding-transportation.com, 1
+wedding-ua.tk, 1
+weddingartist.ca, 1
+weddingbells.ca, 1
+weddingcalculator.ga, 1
+weddingdays.tv, 1
+weddingdressesguide.com, 1
+weddingfantasy.ru, 1
+weddinggoods.tk, 1
+weddinggram.ga, 1
+weddinghotographers.tk, 1
+weddingideas.gq, 1
+weddingpainter.ca, 1
+weddingplanner.tk, 1
+weddingpro.com, 1
+weddingsbynoon.co.uk, 1
+weddingsinbloom.com, 1
+weddingtrunks.tk, 1
+weddingwire.ca, 1
+weddingwire.co.uk, 1
+weddingwire.com, 1
+weddingwire.in, 1
+weddingz.in, 1
+wedefendcharities.org, 1
+wedeliverdavao.com, 1
+wedinspire.com, 1
+wedl.ru, 0
+wedontca.re, 1
+wedontcaregroup.com, 1
+wedooper.com, 1
+wedot.co.uk, 1
+wedplay.host, 1
+wedshoots.com, 1
+weeaboo.ml, 1
+weeb.us, 1
+weebl.me, 1
+weeblr.com, 1
+weecarepreschool.ca, 1
+weed.ren, 1
+weedgranadagrowshop.com, 1
+weedlife.com, 1
+weednews.co, 0
+weedupdate.com, 1
+weedworthy.com, 1
+weedypedia.de, 1
+weeelive.com, 1
+weefriendskids.com, 1
+weegshop.nl, 1
+week.report, 1
+weekdone.com, 1
+weekendbus.pl, 1
+weekendcandy.com, 1
+weekendcraft.com, 1
+weekendinitaly.com, 1
+weekendplayers.tk, 1
+weekendstartup.ml, 1
+weekly-news.pl, 1
+weekly-residence.com, 1
+weeklyads2.com, 1
+weeklydcoupgen.com, 1
+weektegenarmoede.be, 1
+weemake.fr, 0
+weemakers.fr, 0
+weepycat.com, 1
+weerda.fr, 1
+weernieuws.info, 1
+weerstationgiethoorn.nl, 1
+weerstatistieken.nl, 1
+weetalksls.com, 1
+weetix.fr, 1
+weezerosos.tk, 1
+weezertabs.tk, 1
+wefact.nl, 1
+wefillgood.com, 1
+wefitboilers.com, 1
+wefixmd.com, 1
+wefloridafinancial.com, 1
+weforgood.org.tw, 1
+wefound.com.tw, 1
+wefound.se, 1
+weg-auwald.de, 1
+wegethitched.co.uk, 1
+wegner.no, 1
+wego.ca, 1
+wegonnagetsued.org, 1
+wegotcookies.com, 1
+wegotrip.com, 1
+wegotrip.ru, 1
+wegrzynek.org, 1
+wegrzynek.pl, 1
+wegvielfalt.de, 1
+wehaa-server2.com, 1
+wehaaserver.com, 1
+wehealasone.gov.ph, 1
+wehiremac.uk, 1
+weho.gov, 1
+wehostdnn.com, 1
+wei-mao.com.ua, 1
+weibomiaopai.com, 1
+weideheuvel.org, 1
+weidmannfibertechnology.com, 0
+weig-karton.de, 1
+weighed.ga, 1
+weightlift.ml, 1
+weightlosseasy.cf, 1
+weightlossoutcome.com, 1
+weightprogram.cf, 1
+weihua.life, 1
+weikai.net, 1
+weike.tk, 1
+weiling.clinic, 1
+weils.net, 1
+weiltoast.de, 1
+weimaranerdogcare.com, 1
+weiming.ddns.net, 1
+weimingsci.cn, 1
+weimz.com, 1
+wein.cc, 1
+weinbergerlawgroup.com, 1
+weinboxbuilders.co.nz, 1
+weinfuse.com, 0
+weingut-bernd-klein.de, 1
+weinundsein.com, 1
+weinzierlweb.com, 1
+weiran.org.cn, 1
+weirddisney.com, 1
+weirdesigns.com, 1
+weirdgloop.org, 1
+weirdness.tk, 1
+weirdork.com, 1
+weirdork.eu, 1
+weirdork.net, 1
+weirdork.org, 1
+weirdork.social, 1
+weirdorks.eu, 1
+weirdorks.net, 1
+weirdorks.org, 1
+weirdorks.social, 1
+weirdserver.com, 1
+weirdware.tech, 1
+weis.bz, 1
+weis.duckdns.org, 1
+weisskircher.tk, 1
+weissman.agency, 1
+weiter.so, 1
+weiterbildung-vdz.de, 1
+weitergedacht.eu, 1
+weitsolutions.nl, 1
+weitundbreit.ch, 1
+weitz-porzellan.de, 1
+weitzmangroup.com, 1
+weizenke.im, 1
+wekan.hopto.org, 1
+wekibe.de, 1
+wekipedia.com, 1
+weknowhowtodoit.com, 1
+wekurate.com, 1
+wel.com.br, 1
+weladee.com, 1
+welby.cat, 1
+welches-kinderfahrrad.de, 1
+welcome-tahiti.com, 0
+welcome-werkstatt.com, 1
+welcome26.ch, 0
+welcomehometnt.com, 1
+welcomepowayan.tk, 1
+welcometoohio.gov, 1
+welcoop-logistique.com, 1
+welcorp.com, 1
+weld.gov, 1
+weldersnet.tk, 1
+weldingandwelder.com, 1
+weldynz.co.nz, 1
+welfareness.icu, 1
+welivetogether.com, 1
+well.bayern, 1
+wella-download-center.de, 1
+wellaeducationbook.de, 1
+wellbalancedhealth.ie, 1
+wellbe.com, 1
+wellbeing360.com.au, 1
+wellbutrinxlgeneric.cf, 1
+wellcarehealthsurvey.com, 1
+wellcom.co.il, 1
+wellcomemdhealth.com, 1
+welldoc.com, 1
+welldocinc.com, 1
+wellen-reiten.com, 1
+wellensteyn.ru, 1
+weller.pm, 1
+wellesleycosmeticsurgery.com, 1
+wellesweb.net, 1
+welletin.it, 1
+wellgreece.com, 1
+wellington.govt.nz, 1
+wellist.com, 1
+wellness-alto-adige.net, 1
+wellness-bonbon.de, 0
+wellness-gutschein.de, 1
+wellness-spa-suedtirol.com, 1
+wellnesscheck.net, 1
+wellnessmama.com, 1
+wellnessmassage-eitorf.de, 1
+welloca.com, 1
+wellreceived.com, 1
+wellsbourne.co.uk, 1
+wellsolveit.com, 0
+wellspringsga.com, 1
+wellsprung.net, 1
+wellstonok.gov, 1
+wellthy.com, 1
+wellzapness.com, 1
+welmo.fr, 1
+welom.tk, 1
+welove.lk, 1
+welove.tk, 1
+welovecatsandkittens.com, 1
+welovegalicia.com, 1
+welovelinks.com, 1
+weloveliving.it, 1
+welovemail.com, 1
+welovestrawberries.com, 1
+welpen-rucphen.tk, 1
+welpo.me, 1
+welshccf.org.uk, 1
+welshterrier.tk, 1
+welshyak.tk, 1
+welspunindia.com, 1
+welstrim.de, 1
+welsum.com, 1
+welt-flaggen.de, 1
+weltderangebote.de, 0
+welteneroberer.de, 1
+weltengilde.de, 1
+weltenhueter.de, 1
+weltentanzer.com, 1
+weltumradler.tk, 1
+weltverschwoerung.de, 1
+welty.cc, 1
+welty.co, 1
+welty.io, 1
+welty.me, 1
+wemadegod.tk, 1
+wemakebookkeepingeasy.com, 1
+wemakemx.mx, 1
+wemakeonlinereviews.com, 1
+weme.eco, 1
+wemissyou.tk, 1
+wemovemountains.co.uk, 1
+wenablog.pl, 1
+wenaiwu.net, 1
+wenanmao.com, 1
+wenceslas.org.uk, 1
+wenchengchou.co, 1
+wenchieh.com, 1
+wendkom.com, 1
+wendlberger.net, 1
+wendu.me, 1
+wenducation.nl, 1
+wendy-david.tk, 1
+wendydarling.tk, 1
+wendys-careers.com, 1
+wendysbeautyshop.co.za, 1
+wenger-shop.ch, 1
+wengyep.com, 1
+wenhelpdesk.tk, 1
+wenjulebu.cc, 1
+wenlopleidingen.nl, 1
+wenmilot.com, 1
+wenoexchange.com, 1
+wensenboomaltrecht.nl, 1
+wenta-computerservice.net, 1
+wenta.de, 1
+wentu.ml, 1
+wentyl.tk, 1
+wenzthewanderer.gq, 1
+weoneit.com, 1
+wep.pw, 1
+wepa.pe, 1
+wepay.com, 1
+wepay.in.th, 1
+wepbiz.com, 1
+weplay.io, 1
+weplaycollectibles.com, 1
+weplaynaked.dk, 1
+weple.ga, 1
+weple.gq, 1
+weprenup.com, 1
+werbe-markt.de, 1
+werbe-sonnenbrillen.de, 0
+werbeagentur-benningen.de, 1
+werbeagentur-website.de, 1
+werbeagentur.de, 1
+werbefotograf-leitner.de, 1
+werbefotografie-leitner.de, 1
+werbewelt-tv.de, 1
+werbezentrum-stiebler.de, 1
+werbik.at, 1
+werchangemakers.com, 1
+werd.pw, 0
+werehub.org, 1
+wereldkoffie.eu, 1
+wereldplanner.nl, 1
+wereldreizen.tk, 1
+wereldschool.nl, 1
+werhatunsverraten.eu, 1
+werk-34.de, 1
+werk32.net, 1
+werken-bij-inwork.nl, 1
+werkenbijbejo.nl, 0
+werkenbijblokker.nl, 1
+werkenbijbuvo.nl, 1
+werkenbijdfzs.nl, 0
+werkenbijejk.nl, 1
+werkenbijintertoys.nl, 1
+werkenbijmagentazorg.nl, 1
+werkenbijpromovendum.nl, 1
+werkenbijsanitairwinkel.be, 1
+werkenbijsanitairwinkel.nl, 1
+werkenbijsherpa.nl, 1
+werkenbijvanderventions.com, 1
+werkenbijvanderventions.nl, 1
+werkeninwesterveld.nl, 1
+werkgroepderdewereld.nl, 1
+werkgroeppaleisparkhetloo.nl, 1
+werkkrew.xyz, 1
+werksalon.at, 1
+werkslimreisslim.nl, 1
+werkstattkinder.de, 1
+werktuigen.nl, 1
+werkzoeken.nl, 1
+wermeester.be, 1
+wermeester.com, 1
+werner-ema.de, 1
+wernerco.com, 1
+wernicke-it.de, 1
+werpo.com.ar, 1
+werranfehtan.org, 1
+wertpapiertreuhand.de, 1
+wertschatz-kommunikation.de, 1
+wervingenselectieamsterdam.nl, 1
+werwolf-live.de, 1
+werxa.cz, 1
+werxus.eu, 1
+weryfikacjapodatnika.pl, 1
+wesecom.com, 1
+wesermarsch-bauelemente.de, 1
+weserv.nl, 1
+wesleyanbank.co.uk, 1
+wesleyarcher.com, 1
+wesleycabus.be, 0
+wesleywarnell.com, 1
+wesoco.de, 1
+wespath.org, 1
+wespeakgeek.co.za, 1
+wespringforward.com, 1
+wesreportportal.com, 1
+wessalicious.com, 1
+wessco.mx, 1
+wesselius.tk, 1
+wessner.co, 0
+wessner.org, 0
+wessobrunn.de, 1
+wessokind.de, 1
+west-nerica.de, 1
+west-raptors.tk, 1
+west-trans.com.au, 0
+west-wind.net, 1
+west2.cn, 0
+westaf-edit.com, 1
+westappin.com.au, 1
+westbathmaine.gov, 1
+westboroughma.gov, 1
+westburlingtoniowa.gov, 1
+westburyfestival.org.uk, 1
+westcartilafdnc.gov, 1
+westcentenaryscouts.org.au, 1
+westcentralaor.org, 1
+westcentralmls.com, 1
+westchester-il.gov, 1
+westchesteranxietytreatment.com, 1
+westcoastaggregate.com, 1
+westcoastcastles.com, 1
+westcoastdrones.io, 1
+westcoastdrones.net, 1
+westcoastfood.ca, 1
+westcoastmarineadvisor.com, 1
+westcoastmotors.co.uk, 1
+westcode.de, 1
+westcountrydentalcrafts.uk, 1
+westcountrystalking.com, 1
+westcreekna.org, 1
+westendwifi.net, 1
+westerdraai.tk, 1
+westeremden.com, 1
+westergas.nl, 1
+westernalliancebancorporation.com, 1
+westernpadermatologist.com, 1
+westernparts.com, 0
+westernpsychiatry.com.au, 1
+westernresourceadvocates.org, 1
+westernskydental.com, 1
+westernsydney.com.au, 1
+westernwaterca.gov, 1
+westfairleevt.gov, 1
+westfordwi.gov, 1
+westfund.com.au, 1
+westgatecruiseandtravel.com, 1
+westhamptonma.gov, 1
+westhighlandwhiteterrier.com.br, 1
+westhomesteadpa.gov, 1
+westie.tk, 1
+westjp-tetuke-hosyou.co.jp, 1
+westlab.ch, 1
+westlakehills.gov, 1
+westlaketx.gov, 1
+westlakevillageelectric.com, 1
+westlakevillageelectrical.com, 1
+westlakevillageelectrician.com, 1
+westlakevillageexteriorlighting.com, 1
+westlakevillagelandscapelighting.com, 1
+westlakevillagelighting.com, 1
+westlakevillageoutdoorlighting.com, 1
+westlandcultuur.tk, 1
+westlander-nostalgie.tk, 1
+westlandinsurance.ca, 1
+westlebanonpa.gov, 1
+westlibertykypolice.gov, 1
+westline.com.tr, 1
+westlogistic.com, 1
+westmarlboroughpa.gov, 1
+westmead.org, 1
+westmeadapartments.com.au, 1
+westmelbourne.gov, 1
+westmidlandsbouncycastlehire.co.uk, 1
+westmidlandsinflatables.co.uk, 1
+westmidlandslettings.com, 1
+westmidlandsrailway.co.uk, 1
+westmilwaukeewi.gov, 1
+westminsterco.gov, 1
+westminsternational.com.au, 1
+westmodernclinic.com, 1
+westonma.gov, 1
+westonreed.com, 1
+westoveral.gov, 1
+westpennwire.com, 1
+westphalfamily.com, 1
+westplains.gov, 1
+westpointne.gov, 1
+westporthoney.com, 1
+westportisland.gov, 1
+westportok.gov, 1
+westreet-store.com, 1
+westsalemwi.gov, 1
+westside-pediatrics.com, 1
+westsidechildrenstherapy.com, 1
+westskinlaser.com, 1
+westspace.org.uk, 1
+westterrehautein.gov, 1
+westvalleyfiremt.gov, 1
+westvancouver.ca, 1
+westviewpa.gov, 1
+westvirginiahealth.tk, 1
+westwarwickri.gov, 1
+westwingopenhouse.com, 1
+westwings.tk, 1
+westwoodhillsks.gov, 1
+wesupportthebadge.org, 1
+wesystems.cloud, 0
+wet-dry.world, 1
+wet-international.com, 1
+wet1.com.au, 1
+wetdryvacs.co.uk, 1
+wetdryvacs.ie, 1
+weteachme.com, 1
+wetheghosts.eu, 1
+wetleak.com, 1
+wetofu.top, 1
+wetpussylipsex.com, 1
+wetpussyporn.com, 1
+wetravel.company, 1
+wetrepublic.com, 1
+wettbuero.com, 1
+wettbuero.de, 1
+wetter.de, 1
+wetthost.com, 1
+wetumpkaal.gov, 1
+wevah.com, 0
+wevenues.com, 1
+wevolver.com, 0
+wew881.com, 1
+wew882.com, 1
+wewin889.com, 1
+wewitro.de, 1
+weworkjpn.com, 1
+wexfordbouncycastles.ie, 1
+wexilapp.com, 1
+weyhmueller.de, 0
+weyland-yutani.org, 1
+weymouthslowik.com, 1
+weyoui.de, 1
+wf-bigsky-master.appspot.com, 1
+wf-demo-eu.appspot.com, 1
+wf-demo-hrd.appspot.com, 1
+wf-dogfood-hrd.appspot.com, 1
+wf-hosting.de, 1
+wf-pentest.appspot.com, 1
+wf-staging-hr.appspot.com, 1
+wf-training-hrd.appspot.com, 1
+wf-training-master.appspot.com, 1
+wf-trial-hrd.appspot.com, 1
+wf336.com, 1
+wfbabfn.com, 1
+wfbvillage.gov, 1
+wfh.ovh, 1
+wfh.se, 1
+wfigueiredo.com.br, 1
+wforum.nl, 1
+wfschicago.com, 1
+wftbasis.nl, 1
+wfxs.com.tw, 1
+wg-smue.de, 1
+wg-tools.de, 1
+wg2023.com.br, 1
+wg3k.us, 1
+wgauthier.net, 1
+wgcaobgyn.com, 1
+wgdp.gov, 1
+wge-feg.gc.ca, 1
+wgec-fegc.gc.ca, 1
+wget.cool, 1
+wget.tw, 1
+wgfl.gov, 1
+wgi.fi, 1
+wgnr.me, 1
+wgom.org, 0
+wgplatform.co.uk, 1
+wgraphics.ru, 1
+wgrfoods.co.uk, 1
+wgrlc.vic.gov.au, 1
+wgrstudio.com, 1
+wgsh.de, 1
+wgsuyi.cf, 1
+wgtrm.com, 1
+wgyt.tk, 1
+wgzdy.top, 0
+wh-guide.de, 1
+wh.gov, 1
+wh0.re, 1
+wh966.com, 0
+whalecrew.com, 1
+whaletail.ai, 0
+whanau.org, 0
+whanglaw.com, 1
+whannell.net, 0
+whaogirls.com, 1
+whapn.sg, 1
+wharfevalleywindows.co.uk, 1
+what-do-kittens-need-to-eat.tk, 1
+what-does-kittens-need.ml, 1
+what-wood.servehttp.com, 1
+what.tf, 1
+what2see.today, 1
+whatabout.ga, 1
+whatabout.tk, 1
+whataboutjonbuckland.tk, 1
+whataboutjoshua.tk, 1
+whatairdefencedoing.com, 1
+whatarepatentsfor.com, 1
+whatcanyoudocampaign.org, 1
+whatclinic.co.uk, 1
+whatclinic.com, 1
+whatclinic.com.ph, 1
+whatclinic.de, 1
+whatclinic.ie, 1
+whatclinic.ru, 1
+whatdevotion.com, 1
+whatdevshouldknow.pl, 1
+whatevents.tk, 1
+whateveritworks.org, 1
+whatevername.tk, 1
+whateverzone.ml, 1
+whatfinger.com, 1
+whatfontis.com, 1
+whatimissed.news, 1
+whatisapassword.com, 1
+whatiscss.tk, 1
+whatisinternetsecurity.net, 1
+whatisipfix.com, 1
+whatisl.ovh, 1
+whatismycountry.com, 1
+whatismyip.net, 0
+whatismypublicip.com, 1
+whatisnetflow.com, 1
+whatissflow.com, 1
+whatisthe.cloud, 1
+whatisthisapp.com, 1
+whatiswhatis.com, 1
+whatsapp.com, 1
+whatsapp.net, 1
+whatsapp.ru, 1
+whatsatienda.com, 1
+whatsgood.tk, 1
+whatsinmyjar.com, 1
+whatsitsname.tk, 1
+whatsmychaincert.com, 1
+whatstheirnetworth.com, 1
+whatsupoutdoor.com, 0
+whatsupyo.tk, 1
+whatswrong.blog, 1
+whatthefile.info, 1
+whatthingsweigh.com, 1
+whattimedoiwork.com, 1
+whattominingrigrentals.com, 1
+whatusb.com, 1
+whatwebcando.today, 1
+whatwg.org, 1
+whatzelink.com, 1
+whawtheme.fr, 1
+whd-guide.de, 1
+whdpc.gov, 1
+wheatfieldtwpmi.gov, 1
+wheatgra.in, 1
+wheatland.com, 1
+wheatlandcomt.gov, 1
+wheatridge.gov, 1
+wheelchair-mobility-scooter-rental-london.com, 1
+wheelchair.gq, 1
+wheeler.kiwi.nz, 0
+wheelhero.com, 1
+wheelingisland.com, 1
+wheelspin.ga, 1
+wheelwide.co.uk, 1
+wheelwork.org, 0
+wheelworxrefinishing.com, 1
+wheely.com, 1
+wheelycool.tech, 1
+wheelycoolgear.com, 1
+wheelyking.tk, 1
+when-release.ru, 1
+when.fm, 0
+when.org.il, 1
+when2watch.live, 1
+whenisholiday.com, 1
+whentowork.com, 1
+whenwe.me, 1
+wheon.com, 1
+where2trip.com, 1
+whereapp.social, 1
+wherearethosemorgans.com, 1
+wherecaniwatchanime.com, 1
+wheredoi.click, 1
+wheregoes.com, 1
+whereicode.org, 0
+whereismyorigin.cf, 1
+whereisthekeep.com, 1
+whereiszakir.com, 1
+wheresbuzz.com.au, 1
+wheresthejump.com, 1
+wheretotravel.info, 1
+whereuare.se, 1
+whereveryougo.space, 1
+whexit.nl, 1
+whey-protein.ch, 1
+wheyteck.com, 1
+whichdoctor.com, 1
+whichgender.today, 1
+whichphish.com, 1
+whichwasfirst.com, 1
+whiff-of-grape.ca, 1
+whigfieldspain.tk, 1
+whil.com, 1
+whilsttraveling.com, 1
+whimsical.com, 1
+whing.org, 1
+whining.blue, 1
+whipnic.com, 1
+whirlpool-luboss.de, 1
+whirlpool.net.au, 1
+whirr.org, 1
+whishart.cf, 1
+whishart.ga, 1
+whishart.gq, 1
+whishart.ml, 1
+whiskersandtails.co.za, 1
+whiskey.com.my, 1
+whiskey.money, 1
+whisky-circle.info, 1
+whisky.com.my, 1
+whisky.money, 1
+whisky.my, 1
+whiskydb.de, 1
+whiskydrivers.tk, 1
+whiskyhammer.com, 1
+whiskymy.com, 1
+whiskyshop.com.my, 1
+whiskyshop.my, 1
+whisp.ly, 0
+whispeer.de, 1
+whisper-net.de, 1
+whisperinghoperanch.org, 1
+whisperlab.org, 1
+whistleblower.gov, 1
+whistleblower.pl, 1
+whistleblower.report, 1
+whistleblowerordning.com, 1
+whistleblowers.org, 1
+whistleblowersoftware.com, 1
+whistlingdog.media, 0
+whitbread.com.au, 1
+whitdoit.tk, 1
+white-hell.tk, 1
+white-ibiza.com, 1
+white-info.tk, 1
+white-noise.tk, 1
+white-rabbit.tk, 1
+white-skull.tk, 1
+white-wolf.tk, 1
+whitealps.at, 0
+whitealps.be, 0
+whitealps.ch, 0
+whitealps.de, 0
+whitealps.fr, 0
+whitealps.net, 0
+whiteantelopeinteriors.com, 1
+whitebirdclinic.org, 1
+whitebox.ga, 1
+whitefieldnhpd.gov, 1
+whitefishtownshipmi.gov, 1
+whitefordtownshipmi.gov, 1
+whitehallal.gov, 1
+whitehatbrokers.com, 1
+whitehathackers.com.br, 1
+whitehats.nl, 1
+whitehorse.ga, 1
+whitehouse.gov, 1
+whitehouse.org, 1
+whitehouseconferenceonaging.gov, 1
+whitehousedrugpolicy.gov, 1
+whiteink.com, 1
+whitejaguars.com, 1
+whitekings.tk, 1
+whitelabeltickets.com, 1
+whitelist-crypto.io, 1
+whitelotto.com, 1
+whitelotuscyp.com, 1
+whitelynx.co, 1
+whitemagic.ga, 1
+whitemanfss.net, 1
+whitemetalperu.tk, 1
+whiteneon.com, 1
+whitepages.ml, 1
+whitepen.io, 1
+whitepen.tk, 1
+whitepinetn.gov, 1
+whiteprintnews.com, 1
+whiterabbit.group, 0
+whiterabbit.nl, 1
+whiterabbit.org, 1
+whiterabbitcyber.space, 1
+whiterose.goip.de, 1
+whitesalmonwa.gov, 1
+whiteshadowimperium.com, 1
+whiteshelf.org, 1
+whitesoxbestteaminbaseball.com, 1
+whitespace.se, 1
+whitespider.cf, 1
+whitespider.gq, 1
+whitespider.ml, 1
+whitespider.tk, 1
+whitestarlegacy.tk, 1
+whitestoneva.gov, 1
+whitesword.tk, 1
+whitevpn.cz, 1
+whitewaterks.gov, 1
+whitewatertownshipmi.gov, 1
+whiteweb.tk, 1
+whitewebhosting.com, 1
+whitewinterwolf.com, 1
+whiteyardcottage.com, 1
+whitfieldcountyga.gov, 1
+whitkirkchurch.org.uk, 0
+whitmanarchive.org, 1
+whitmancounty.gov, 1
+whittle.in, 1
+whittome.com, 1
+whitworth.nyc, 1
+whizkidpcservices.com, 1
+whizzzbang.co.uk, 1
+whm.gc.ca, 1
+whmcsdeveloper.com, 1
+whnpa.org, 1
+who-calledme.com, 1
+who.pm, 0
+whoagirls.com, 1
+whoagirls.net, 0
+whoagirls.org, 1
+whoami.eu.org, 1
+whoami.io, 1
+whoami.red, 1
+whocalld.com, 1
+whocalled.us, 1
+whocrushonme.com, 1
+whodiduexpect.com, 1
+whois.az, 1
+whoisamitsingh.com, 1
+whoiscuter.ml, 1
+whoiscutest.ml, 1
+whoisdhh.com, 0
+whoisonthebench.com, 1
+whoistheorchid.com, 1
+whoiswho.tk, 1
+wholebody.je, 1
+wholegrace.com, 1
+wholesale.cf, 1
+wholesalediamonds.tk, 1
+wholesalediscountsunglasses.com, 1
+wholesalegrowersdirect.com, 1
+wholesalehosting.co.uk, 1
+wholesaleimages.com, 1
+wholesalewarehouses.net, 1
+wholesomeharvestbread.com, 0
+wholevood.com, 1
+wholevood.de, 1
+wholewideworldtoys.com, 1
+wholewildworld.de, 1
+whoneedstobeprimaried.today, 1
+whong.media, 1
+whonix.org, 1
+whoopee.my, 0
+whooshkaa.com, 1
+whoplusyou.com, 1
+whoreofwallstreet.tk, 1
+whorepresentsme.us, 1
+whosapeach.tk, 1
+whosneo.com, 1
+whosts.cn, 1
+whosyourdaddy.ml, 1
+whowherewhen.net, 1
+whqmeps.org, 1
+whqqq.com, 1
+wht.one, 1
+whta.eu, 1
+whta.se, 1
+whtcsj.com, 1
+whub.io, 0
+why-brexit.uk, 1
+why918.com, 0
+whychoosebob.net.au, 1
+whydoeseverythingsuck.net, 1
+whyinsurance.me, 1
+whymps.com, 1
+whynohttps.com, 1
+whyopencomputing.ch, 0
+whyopencomputing.com, 0
+whypowerbrush.com, 1
+whysoslow.co.uk, 1
+whyteryan.com, 1
+whywa.com, 1
+whywelive.me, 1
+whyworldhot.com, 1
+whyy.eu.org, 1
+whyzeroturn.com, 1
+wi-q.cloud, 1
+wi-wi.co.jp, 1
+wiagencies.com, 1
+wiai.eu.org, 1
+wiapply.com, 1
+wibbe.link, 1
+wiberg.nu, 1
+wibness.com, 1
+wibu.moe, 1
+wibuw.com, 1
+wicamb.com, 1
+wicca-witchcraft.com, 1
+wiccansupplies.ga, 1
+wiccanwicks.ca, 1
+wiccasima.fr, 1
+wicharypawel.com, 1
+wichitafoundationpros.com, 1
+wichtel-umzuege.de, 1
+wickedsick.tk, 1
+wickedvibes.tk, 1
+wickersmith.com, 1
+wickerwoman.com, 0
+wickrath.net, 1
+wicksandwonders.com.au, 1
+wicstunvetgroup.co.uk, 1
+widado.com, 1
+widatcp.gov, 1
+widderplasticsurgery.com, 1
+wideboxmacau.com, 0
+widecontrol.it, 1
+wideinfo.org, 1
+widejeans.tk, 1
+wideline.com.au, 1
+widememory.com, 1
+widenews.org, 1
+widescreenfixer.org, 1
+wideshoes.com, 1
+widewebhost.net, 1
+wideworks.agency, 1
+widgetmaker.co.uk, 1
+widma.gov, 1
+widmer.bz, 1
+widner.xyz, 1
+widoj.gov, 1
+widsl.de, 1
+widum.ru, 1
+widwap.net, 1
+widzenia.pl, 1
+wiebel.org, 1
+wiebetaaltdat.nl, 1
+wieckiewicz.org, 1
+wiederkehrvillagear.gov, 1
+wiedmeyer.de, 1
+wiedu.net, 1
+wieesgeht.com, 1
+wiegandt.org, 1
+wiegedaten.de, 1
+wiek.net, 1
+wieldberis.ru, 1
+wieloswiat.pl, 1
+wielrenbond.ml, 1
+wielrennen-in-zeeland.tk, 1
+wien52.at, 1
+wiender.be, 0
+wieneck-bauelemente.de, 1
+wiener.hr, 1
+wienergyjobs.com, 1
+wieobensounten.de, 1
+wiet2home.nl, 1
+wifesbank.com, 1
+wifi-hack.com, 0
+wifi-names.com, 1
+wifi-ooe.at, 1
+wifi.com.vn, 1
+wifi.id, 1
+wificafehosting.com, 1
+wificonnect.cc, 1
+wifimb.cz, 1
+wifipineapple.com, 1
+wifirst.net, 1
+wifishing.tk, 1
+wifiwizardofoz.com, 1
+wigan.ovh, 1
+wiganer.tk, 1
+wigelsworth.consulting, 1
+wigelsworth.io, 1
+wigger.one, 1
+wigggle.it, 1
+wigglywisdom.com, 1
+wigle.net, 1
+wigmore-hall.org.uk, 0
+wigsalon.ga, 1
+wigwam.design, 1
+wihiki.org, 1
+wiiaam.com, 1
+wiikipedia.com, 1
+wiimotion.de, 1
+wiin.co, 1
+wiingy.com, 1
+wiire.me, 0
+wijaya.net, 1
+wijaya2u.com, 1
+wijkbudget.gent, 1
+wijkdezwaenebloeme.tk, 1
+wijkstation.nl, 1
+wijnbesteld.nl, 1
+wijnlandkroatie.nl, 1
+wijnservices.nl, 0
+wijsaantwerk.be, 1
+wijseuropa.gent, 1
+wijsvangent.be, 1
+wijwillendit.nl, 1
+wijzeweters.gent, 1
+wijzijnbrandstof.nl, 1
+wijzijnwolf.nl, 1
+wikalin.ski, 1
+wikelia.com, 1
+wikepedia.org, 1
+wiki-books.ga, 1
+wiki-iknownaught.ddns.net, 1
+wiki-pedia.org, 1
+wiki-play.ru, 1
+wiki-rostelecom.ru, 1
+wiki.berlin, 1
+wiki.gallery, 1
+wiki.python.org, 1
+wiki.voyage, 1
+wiki24.ru, 1
+wikiboard.tk, 1
+wikibook.com, 1
+wikibooks.org, 1
+wikibooks.pt, 1
+wikibulz.com, 1
+wikibuy.com, 1
+wikicooking.tk, 1
+wikicuida.pt, 1
+wikidata.org, 1
+wikidpedia.org, 1
+wikiepdia.com, 1
+wikiepdia.org, 1
+wikifactory.com, 1
+wikifamily.ga, 1
+wikifamily.tk, 1
+wikifunctions.org, 1
+wikigta.org, 1
+wikihelp.in, 1
+wikihistory.tk, 1
+wikihow-fun.com, 1
+wikihow.com, 1
+wikihow.com.tr, 1
+wikihow.cz, 1
+wikihow.fitness, 1
+wikihow.health, 1
+wikihow.it, 1
+wikihow.jp, 1
+wikihow.life, 1
+wikihow.mom, 1
+wikihow.pet, 1
+wikihow.tech, 1
+wikihow.vn, 1
+wikijunior.com, 1
+wikijunior.net, 1
+wikijunior.org, 1
+wikileaks.ch, 1
+wikilibrary.tk, 1
+wikilink.cf, 1
+wikilink.tk, 1
+wikilinux.xyz, 1
+wikimania.com, 1
+wikimania.org, 1
+wikimatrix.org, 1
+wikimedia-dns.org, 1
+wikimedia.biz, 1
+wikimedia.com.pt, 1
+wikimedia.community, 1
+wikimedia.is, 1
+wikimedia.jp.net, 1
+wikimedia.lt, 1
+wikimedia.org, 1
+wikimedia.us, 1
+wikimedia.xyz, 1
+wikimediacommons.co.uk, 1
+wikimediacommons.info, 1
+wikimediacommons.jp.net, 1
+wikimediacommons.mobi, 1
+wikimediacommons.net, 1
+wikimediacommons.org, 1
+wikimediafoundation.com, 1
+wikimediafoundation.info, 1
+wikimediafoundation.net, 1
+wikimediafoundation.org, 1
+wikimilk.org, 1
+wikimir.tk, 1
+wikimirror.org, 1
+wikinews.com, 1
+wikinews.de, 1
+wikinews.org, 1
+wikinews.pt, 1
+wikipaedia.net, 1
+wikipedia.bg, 1
+wikipedia.co.il, 1
+wikipedia.co.uk, 1
+wikipedia.co.za, 1
+wikipedia.com, 1
+wikipedia.com.ar, 1
+wikipedia.ee, 1
+wikipedia.es, 1
+wikipedia.fi, 1
+wikipedia.id, 1
+wikipedia.info, 1
+wikipedia.is, 1
+wikipedia.lt, 1
+wikipedia.net, 1
+wikipedia.org, 1
+wikipedia.org.il, 1
+wikipedia.sk, 1
+wikipediafoundation.org, 1
+wikipedial.org, 1
+wikipediazero.org, 1
+wikipeter.nl, 1
+wikipiedi.it, 1
+wikiquote.com, 1
+wikiquote.net, 1
+wikiquote.org, 1
+wikiquote.pt, 1
+wikiquotes.info, 1
+wikirace.tk, 1
+wikisaur.tk, 1
+wikiskripta.eu, 1
+wikisorg.tk, 1
+wikisource.com, 1
+wikisource.org, 1
+wikisource.pl, 1
+wikisource.pt, 1
+wikispecies.com, 1
+wikispecies.net, 1
+wikispecies.org, 1
+wikispiel.de, 1
+wikitech.ga, 1
+wikitech.gq, 1
+wikitech.tk, 1
+wikitechsolutions.com, 1
+wikitransporte.tk, 1
+wikiutah.tk, 1
+wikiversity.com, 1
+wikiversity.org, 1
+wikiversity.pt, 1
+wikiversus.com, 1
+wikivisually.com, 1
+wikivoyage.com, 1
+wikivoyage.de, 1
+wikivoyage.eu, 1
+wikivoyage.net, 1
+wikivoyage.org, 1
+wikivoyager.de, 1
+wikivoyager.org, 1
+wikiwp.org, 1
+wikizip.ga, 1
+wikjpedia.org, 1
+wikkelweb.nl, 1
+wikpa.com, 1
+wikpedia.org, 1
+wikproduccions.tk, 1
+wiktionary.com, 1
+wiktionary.eu, 1
+wiktionary.org, 1
+wiktionary.pl, 1
+wiktionary.pt, 1
+wiktor-imbierski.com, 1
+wiktoriaflis.com, 1
+wilane.org, 1
+wilbrinkdesign.nl, 0
+wilburyvets.co.uk, 1
+wilco-s.nl, 1
+wilcodeboer.me, 1
+wilcojunk.com, 1
+wilcotx.gov, 1
+wild-reels.com, 1
+wild-turtles.com, 1
+wild.at, 1
+wildanalysis.ga, 1
+wildbergh.tk, 1
+wildbirdsuets.com, 1
+wildcard.hu, 1
+wildcardfederal.net, 1
+wildcatdiesel.com.au, 1
+wildcatprotection.org, 1
+wildcaves.co.za, 1
+wildcove.ca, 1
+wildcraft.com, 0
+wildcruisers.tk, 1
+wildercerron.com, 1
+wilderky.gov, 1
+wilderoben.com, 1
+wildfilm.tv, 1
+wildfirechain.xyz, 1
+wildflowers5.com, 1
+wildfoerster.org, 1
+wildfoxlady.com, 1
+wildglass.nl, 1
+wildhelper.com, 1
+wildlifeadaptationstrategy.gov, 1
+wildlifeforafrica.org, 1
+wildmarsian.info, 1
+wildmine.su, 1
+wildonengineering.com.au, 1
+wildowi.cz, 1
+wildrideproject.tk, 1
+wildroseflorist.co.za, 1
+wildsafety.com, 1
+wildsense.tk, 1
+wildtattoo.ru, 1
+wildtrip.blog, 0
+wildvicky.net, 1
+wildwildtravel.com, 1
+wildwind.world, 1
+wildwnc.org, 1
+wildwoodpolice-fl.gov, 1
+wildwoodrockers.tk, 1
+wildzap.ml, 1
+wildzoopark.co.uk, 1
+wildzoopark.com, 1
+wilf1rst.com, 1
+wilfert.cc, 1
+wilfert.xyz, 1
+wilfredswholesale.com.au, 1
+wilfrid-calixte.fr, 0
+wilhelm-nathan.de, 1
+wilhelm-sattler-realschule.de, 1
+wilhelmhansenfonden.dk, 1
+wilhelmina.com, 1
+wili.li, 1
+wiliquet.net, 1
+wilk.tech, 0
+wilkebouwer.nl, 1
+wilkes-barretownship.gov, 1
+wilkincounty.gov, 1
+wilkipedia.org, 1
+wilkushka.com, 1
+wilky44.com, 1
+willalex.com, 1
+willardohio.gov, 1
+willardwi.gov, 1
+willcounty.gov, 1
+willcounty911.gov, 1
+willcountyclerk.gov, 1
+willcountysao.gov, 1
+willdropphoto.co.uk, 1
+willekeinden.nl, 1
+willenberg.family, 1
+willerei.com, 1
+willerei.de, 1
+willfarrell.ca, 1
+willflies.com, 1
+willhackett.com, 1
+willi-graf-os.de, 1
+willi-roth-holzbau.ch, 1
+williamarias.tk, 1
+williamblondel.fr, 1
+williamboulton.co.uk, 1
+williamboundsltd.com, 1
+williamfeely.info, 1
+williamgoldberg.cf, 1
+williamjohngauthier.net, 1
+williamk.ga, 0
+williamle.com, 1
+williamlong.info, 1
+williammcgill.co, 1
+williammcgill.com, 1
+williamparedes.tk, 1
+williampuckering.com, 1
+williamsalexander.com, 1
+williamscomposer.com, 1
+williamscountyoh.gov, 1
+williamsflintlocks.com, 0
+williamshomeheat.co.uk, 0
+williamsigal.com, 1
+williamstonmipd.gov, 1
+williamstownmi.gov, 1
+williamtai.moe, 1
+williamtm.com, 1
+willianchopin.tk, 1
+willich.tk, 1
+williejackson.com, 1
+willighp.de, 1
+willistonpdvt.gov, 1
+willkie.com, 1
+willlewis.co.uk, 1
+willmage.com, 1
+willnorris.com, 1
+willocks.nl, 1
+willoughbyhillsohio.gov, 1
+willow.technology, 1
+willowbrook.co.uk, 1
+willowchild.de, 1
+willowcreektrucking.com, 1
+willowcundy.com, 1
+willowdalechurch.ca, 1
+willowmanorgroup.com, 1
+willowparktx.gov, 1
+willowpassdentalcare.com, 1
+willowpf.com, 1
+wills.co.tt, 1
+willship.co.nz, 0
+willsigal.com, 1
+willspointtx.gov, 1
+willstamper.name, 1
+willsthebest.co.uk, 1
+willstocks.co.uk, 1
+willturner.tk, 1
+willvision.com, 1
+willwilkins.com, 1
+willwoodworth.com, 1
+willys.zone, 1
+willywangstory.com.tw, 1
+willywangstory.org, 1
+willzahra.com.au, 1
+wilmette.gov, 1
+wilmingtonzen.tk, 1
+wilmothgroup.com, 1
+wilomark.com, 1
+wils.jp, 1
+wilseyrealty.com, 1
+wilshirelawfirm.com, 1
+wilson-lincoln-wi.gov, 1
+wilsoncountync.gov, 1
+wilsonfire.com, 1
+wilsonlanguage.com, 1
+wilsonovi.com, 1
+wilsontnvotes.gov, 1
+wilsonvilleoregon.gov, 1
+wiltoniowa.gov, 1
+wiltonmanors.gov, 1
+wiltonsandstonequarry.com.au, 1
+wiltrovira.com, 1
+wiltshirefarmfoods.com, 0
+wimbledon.com, 1
+wimlanphen.nl, 1
+wimmer-informatik.eu, 1
+wimmer-musik.eu, 1
+wimmer-software.de, 1
+wimmer-software.eu, 1
+wimmer.green, 1
+wimmer.software, 1
+wimmer.tel, 1
+wimmersoftware.de, 1
+wimmersoftware.eu, 1
+win-apuestas.com, 1
+win-fortuna.ml, 1
+win-rar.com, 1
+win-the-1.com, 1
+win11.ren, 1
+win7stylebuilder.com, 0
+win7tips.tk, 1
+win8.am, 1
+win88-line.com, 1
+win88-line.net, 1
+winampnederlands.tk, 1
+winancreekbarn.com, 1
+winario.de, 1
+winball.ml, 1
+winbignow.click, 1
+wincasinosmoney.com, 1
+wincasinowin.click, 1
+winch-center.de, 1
+winch.expert, 0
+winchat365.com, 1
+winchendon-ma.gov, 1
+winckelmann2020.com, 1
+wincoil.gov, 1
+wind-riders.cf, 1
+wind.com.do, 1
+wind.moe, 0
+windev.com, 0
+windev.es, 0
+windforme.com, 1
+windgucker.de, 1
+windhamct.gov, 1
+windhamvillageoh.gov, 1
+windhamworks.com, 1
+windice1.io, 1
+windictus.net, 1
+windirect.tk, 1
+windirstat.net, 1
+windjetboats.com, 1
+windmillart.net, 1
+windowcleaningexperts.net, 1
+windowreplacement.net, 1
+windows, 1
+windows11.com.br, 1
+windows311.org, 1
+windowsblogitalia.com, 1
+windowscult.com, 1
+windowsdoors.it, 1
+windowsforum.com, 1
+windowsfreak.de, 1
+windowsindonesia.com, 1
+windowsindonesia.id, 1
+windowslatest.com, 1
+windowsnerd.com, 1
+windowsru.com, 0
+windowsviet.com, 1
+windowsworkstation.com, 1
+windpay.ga, 1
+windr.win, 1
+windrawwin.com, 1
+windrich-werkzeugmaschinen.de, 1
+windriver.org, 1
+windriverpediatrics.com, 1
+windroide.net, 1
+windrunner.se, 1
+windscribe.com, 1
+windsock-app.com, 1
+windsorelectricalservice.com, 1
+windsorite.ca, 1
+windsornc.gov, 1
+windsorrslsubbranch.com.au, 1
+windstreamhosting.com, 1
+windsurfercrs.com, 1
+windturbine.tk, 1
+windwoodmedia.com, 1
+windwords.me, 0
+windybank.net, 1
+windycitylawgroup.com, 1
+windycitypressurewashing.com, 1
+wine-route.net, 1
+wine-yoga.pl, 1
+wine.com.br, 1
+wine.com.my, 1
+wine.money, 1
+wine.my, 1
+wineandcheeseplace.com, 1
+winebrasil.com.br, 1
+winechapter.be, 1
+winedineunwind.org, 1
+winedoor.com, 1
+wineexperience.com.au, 1
+wineforhelp.cz, 1
+winegadgets.ru, 0
+winek.tk, 1
+winenews.it, 1
+wineparis.com, 1
+winerytoursanfrancisco.com, 1
+winezja.pl, 1
+winfar.co.za, 1
+winfieldchen.me, 1
+winfieldtownshipmi.gov, 1
+winfilestorage.tk, 1
+winfuture.de, 1
+wing-tsun.cf, 1
+wing-tsun.ga, 1
+wing-tsun.gq, 1
+wing-tsun.tk, 1
+wingchun.edu.au, 1
+wingchunboxtribe.com, 1
+wingertmd.com, 1
+winghill.com, 0
+wingify.com, 1
+wingmin.net, 1
+wingover.su, 1
+wings.com.pk, 1
+wingspatagonia.com, 1
+wingstop.fr, 1
+wingsung.com, 1
+winhelp21.tk, 1
+winhistory-forum.net, 1
+winkelbalans.nl, 1
+winkelcentrumputten.nl, 1
+winkelmanaz.gov, 1
+winkelvanmorgen.nl, 1
+winkelvansinkel.tk, 1
+winkli.ddns.net, 1
+winktonsibo.tk, 1
+winl-45774.club, 1
+winma.org, 0
+winmax.it, 1
+winmix.nl, 1
+winmodels.org, 1
+winmodels.ru, 1
+winnebagocountyiowa.gov, 1
+winnebagocountywi.gov, 1
+winneconnesd3wi.gov, 1
+winner.ua, 1
+winnercivi.com, 1
+winnersaffiliate.com, 1
+winnerschapelbelgium.be, 1
+winnery.tk, 1
+winning.gq, 1
+winningattitudeawards.org, 1
+winnipegcomputerguy.tk, 1
+winnlandscaping.com, 1
+winona-area-scum.tk, 1
+winonamn.gov, 1
+winoptical.com, 1
+winoptimise.fr, 1
+winov.com.br, 1
+winphonemetro.com, 1
+winpic.co, 1
+winpreso.com, 1
+winrar.com, 1
+winrss.com, 0
+winsabayi.tk, 1
+winserver.ne.jp, 1
+winslowhomer.tk, 1
+winslowslair.tk, 1
+winsufi.biz, 1
+wint.global, 1
+wintark.com, 1
+wintechlab.com, 1
+winter-auszeit.de, 0
+winter-elektro.de, 1
+winter-leak.ml, 1
+winter.ae, 1
+winterbergwebcams.com, 1
+winterco.org, 1
+wintercorn.com, 1
+winterdetective.ga, 1
+winterfeldt.de, 0
+winterhavenobgyn.com, 1
+winterhillbank.com, 1
+winteringent.be, 1
+winterlandbeverages.com, 1
+wintermeyer-consulting.de, 1
+wintermeyer.de, 1
+winternacht14.tk, 1
+winteromeo.tk, 1
+winterset.gov, 1
+winterstudies.ga, 1
+winterthur.ch, 1
+winterzine.cf, 1
+wintodoor.com, 1
+winull.de, 1
+winup.org, 1
+winvio.com, 1
+winwares.com, 1
+winwitharval.co.uk, 1
+winwiz1.com, 1
+winxpclub.tk, 1
+winzdevelopment.com, 1
+winzero.tk, 1
+winzong.cn, 1
+winzong.net, 1
+wiocha.pl, 1
+wipa.tk, 1
+wipayfinancial.com, 1
+wipeoutracing.tk, 1
+wippie.se, 1
+wippler.at, 1
+wippy.tk, 1
+wipro.com.vn, 0
+wir-do.de, 1
+wir-jugendhilfe.de, 1
+wir-machen-druck.de, 1
+wir-pflegen-zuhause.at, 1
+wir-pflegen-zuhause.ch, 1
+wir-pflegen-zuhause.de, 1
+wir-pflegen-zuhause.it, 1
+wirbsinglereview.com, 1
+wire.com, 0
+wirebank.ru, 1
+wired.co.uk, 1
+wiredcolony.com, 1
+wiredrelease.com, 1
+wiredroot.com, 1
+wireheading.com, 1
+wirekeep.com, 1
+wireless-emergency-stop.com, 1
+wireless-kill-switch.com, 1
+wirelessbelgie.tk, 1
+wirelesscctv.tk, 1
+wirelessfestival.co.uk, 1
+wirelessleeuwarden.tk, 1
+wirelesslogic.com, 1
+wirelesslogicnordic.com, 1
+wirelessthief.ga, 1
+wirelly.com, 1
+wireshark.org, 1
+wireshocks.com, 1
+wiretap.cf, 1
+wirethrone.com, 1
+wiretoss.com, 1
+wiretransaction.ga, 1
+wiriamu.net, 1
+wirings-diagram.com, 1
+wiris.be, 1
+wirkaufen.it, 1
+wirkaufendeinau.to, 1
+wirken.info, 1
+wirksportal.com, 1
+wirkstatt-lq.at, 1
+wirkstatt-lq.ch, 1
+wirkstatt-lq.de, 1
+wirkstatt-lq.net, 1
+wirkstoffreich.de, 1
+wirkungs-forschung.at, 1
+wirkungs-forschung.ch, 1
+wirkungs-forschung.com, 1
+wirkungs-forschung.de, 1
+wirkungs-forschung.net, 1
+wirsberg-studios.de, 1
+wirsing.nl, 1
+wirtanen.tk, 1
+wirtcountywvsheriff.gov, 1
+wirtschaftsberater-website.de, 1
+wis.no, 1
+wisak.me, 1
+wisal.org, 1
+wisardcoin.tk, 1
+wisatabagus.com, 1
+wischu.com, 1
+wiscon.co, 1
+wisconsinnet.tk, 1
+wisdoj.gov, 1
+wisdom-nict.jp, 1
+wisdomcue.com, 0
+wisdomgarden-mr.com, 1
+wisdomgeek.com, 1
+wisdomise.com, 1
+wisdomise.io, 1
+wisdomize.me, 1
+wisdomteethonly.com, 1
+wisdomteethsydney.com.au, 1
+wisdotplans.gov, 1
+wise-parenting.com, 1
+wise.jobs, 1
+wiseadvicetravelling.com, 0
+wisebarber.com, 1
+wisecountytx.gov, 1
+wisegoldfish.com, 1
+wisehome.dk, 1
+wiseinternational.org, 1
+wiseitguys.com, 1
+wiselectures.com.au, 1
+wisemans.us, 1
+wisemen.digital, 0
+wisemoney.com.vc, 1
+wisenederland.nl, 1
+wiseradiology.com.au, 1
+wisereducacao.com, 1
+wisereshape.com, 1
+wisersp.com, 1
+wisertp.com, 1
+wisetechglobal.com, 1
+wisetoken.net, 1
+wiseup.com, 1
+wiseupcorp.com, 1
+wiseuplive.com.br, 1
+wisewaynutrition.com, 1
+wishing3.com, 1
+wishingyou.co.uk, 1
+wishlisotr.cf, 1
+wishlisotr.gq, 1
+wishlist.net, 1
+wishlog.fun, 1
+wishmail.cf, 1
+wiska.cn, 1
+wiska.co.kr, 1
+wiska.co.uk, 1
+wiska.com, 1
+wiska.com.br, 1
+wiska.es, 1
+wiska.in, 1
+wiska.lat, 1
+wiskundeonderzoek.tk, 1
+wism.io, 1
+wisniewskamakeup.pl, 1
+wisnz.co.nz, 1
+wispmaeksmusic.tk, 1
+wispsuperfoods.com, 1
+wispyon.com, 1
+wisr.com.au, 1
+wiss.co.uk, 0
+wissamnr.be, 1
+wisselink.tk, 1
+wissen-a5.de, 1
+wissena5.de, 1
+wistaysafe.gov, 1
+wisweb.no, 1
+wit-creations.fr, 1
+wit.ai, 1
+witae.com, 1
+witajmaluszku.pl, 1
+witch-anastasia.com, 1
+witch-spells.com, 1
+witchbeauty.tk, 1
+witcher-rz.com, 1
+witcher.tk, 1
+witchhunt.tk, 1
+witchsrocksurfcamp.com, 1
+witchthicktits.tk, 1
+with-environment.com, 1
+withamscouts.org.uk, 1
+withdati.fr, 1
+withdcc.com, 1
+wither.cf, 1
+witheveryheartbeat.com.au, 1
+withextraveg.net, 1
+withfoundation.org, 1
+withgentlent.com, 1
+withgoogle.com, 1
+withinsecurity.com, 1
+withjoy.com, 1
+withoutessence.io, 1
+withpersona.com, 1
+withprocess.com, 1
+withsunglasses.co.uk, 1
+withyoutube.com, 1
+witneywaterpolo.org.uk, 1
+witrey.com, 1
+witron.de, 1
+wits.uk, 1
+witsvideo.com, 1
+witt.link, 1
+wittamer.com, 0
+wittebrug.nl, 1
+wittepapaver.nl, 1
+witteveenbos.com, 1
+wittgen-kfz-technik.de, 1
+witting.co, 0
+wittingtonventures.com, 1
+wittu.fi, 1
+wittur.com, 1
+witze-fun.de, 1
+witzik.at, 1
+wiut.uz, 1
+wivcfinancialservices.com, 1
+wivoc.nl, 1
+wiwi.nl, 1
+wixadvertising.com, 1
+wixel.tk, 1
+wixmultimedia.com, 1
+wiz.at, 1
+wiz.biz, 1
+wiz.io, 1
+wizadjournal.com, 1
+wizard.gov, 0
+wizardbouncycastles.co.uk, 1
+wizardk.tk, 1
+wizardkami.tk, 1
+wizardmeow.xin, 1
+wizardschool.tk, 1
+wizardswebs.com, 1
+wizathon.com, 1
+wizzair.com, 1
+wizzley.com, 1
+wizznab.tk, 1
+wizzr.nl, 1
+wjb.marketing, 1
+wjcainc.com, 0
+wjci.com, 1
+wjdetailers.com, 1
+wje-online.de, 1
+wjec.co.uk, 1
+wjg.ca, 1
+wjg.dk, 1
+wjg.se, 1
+wjm2038.me, 1
+wjr.io, 1
+wjtje.ga, 1
+wjwieland.dvrdns.org, 0
+wk-tk.com, 1
+wk.pl, 1
+wk577.com, 1
+wkberg.nl, 1
+wkbw.com, 1
+wkd.one, 1
+wkennington.com, 1
+wkitu-test.tk, 1
+wkj-airport.jp, 1
+wkola.tk, 1
+wkshp.link, 1
+wkv.com, 1
+wkwsafetysolution.com, 1
+wkymenshealth.com, 1
+wkz.io, 1
+wl-bank.com, 1
+wl-bank.de, 1
+wl-bank.eu, 1
+wlaws.com, 1
+wlbank.de, 1
+wlci.gov, 1
+wlcmedical.com.au, 1
+wlf.is, 1
+wlmq10086.cn, 1
+wlnk.cc, 1
+wloch.me, 1
+wlolo.com, 1
+wlozku.pl, 1
+wlpc.com, 1
+wlpvzfilmy-onlajnmlawq.tk, 1
+wlt.ca, 1
+wltix.com, 1
+wlwlwx.com, 0
+wm-access.com, 1
+wm-access.de, 1
+wm-referrals.com, 1
+wmaccess.com, 1
+wmaccess.de, 1
+wmar2news.com, 1
+wmasphaltservices.com, 1
+wmataoig.gov, 1
+wmc.org, 1
+wmcpaphysicians.com, 1
+wmcuk.net, 1
+wme.cn, 1
+wmfusercontent.org, 1
+wmi4.com, 1
+wmkowa.de, 1
+wmmi.org, 1
+wmmkf.com, 1
+wmmks.com, 1
+wmmp.link, 1
+wmnrj.com, 1
+wmphonline.com, 1
+wmphvacations.com, 1
+wmsenibong.com.my, 1
+wmsndorgen.cf, 1
+wmsndorgen.ga, 1
+wmsndorgen.gq, 1
+wmsndorgen.ml, 1
+wmsndorgen.tk, 1
+wmtools.me, 1
+wmustore.com, 1
+wnark.com, 1
+wnc-frontend-alb-1765173526.ap-northeast-2.elb.amazonaws.com, 1
+wndrdtfd.com, 1
+wnmed.com.au, 1
+wnn8.com, 1
+wns68123.com, 1
+wns6852.com, 1
+wns6862.com, 1
+wns68622.com, 1
+wns6865.com, 1
+wns68666.com, 1
+wns6872.com, 1
+wnsr3970.com, 1
+wnvtech.com, 0
+wnxt.in, 1
+wo-ist-elvira.net, 1
+wo25.net, 1
+wo2forum.nl, 1
+woadzs.com, 1
+woah.how, 1
+woai.cf, 1
+woaiuhd.com, 1
+woba.cf, 1
+woba.ml, 1
+wobako.pl, 1
+wobble.ninja, 1
+wobblywotnotz.co.uk, 1
+wobker.co, 1
+wobler.com, 1
+woblex.cz, 1
+wobuwo.com, 1
+woc.ao, 1
+wochenblatt.com, 1
+wochennummern.de, 1
+wocup.ga, 1
+wod-stavby.cz, 1
+wodarfmankiffen.de, 1
+wodax.dk, 1
+wodboss.com, 1
+wodemo.com, 1
+wodi.cf, 1
+wodi.ml, 1
+wodicka.org, 1
+wodinaz.com, 1
+wodka-division.de, 1
+woeb.fr, 1
+woelckner.com, 1
+wofford-ecs.org, 0
+woffu.com, 1
+wogame.co, 1
+wogame.ink, 1
+wogame.org, 1
+wogame.wiki, 1
+wogame.work, 1
+wogame.works, 1
+woge.cf, 1
+woge.ml, 1
+wogo.org, 1
+woh.org, 1
+woheni.de, 1
+wohnberatung-wien.at, 1
+wohnsitz-ausland.com, 1
+wohnungsaufloesung-berlin.net, 1
+wohnungsbaukredit.ag, 1
+wohnungsbaukredit.biz, 1
+wohnungsbaukredit.com, 1
+wohnungsbaukredit.de, 1
+wohnungsbaukredit.eu, 1
+wohnungsbaukredit.info, 1
+wohnungsbaukredit.org, 1
+wohnungsmarktbeobachtung.de, 1
+wohnzimmer-koch.de, 1
+woi.vision, 1
+wois.info, 1
+wojart.pl, 1
+wojciechowka.pl, 1
+wojciechteichert.pl, 1
+wojtekmaj.pl, 1
+wojtekogrodnik.pl, 1
+wokeanda.com, 1
+wokeupset.ru, 0
+wokfilms.pt, 1
+wokinghammotorhomes.com, 1
+woktoss.com, 1
+woldars.com, 1
+wolf-haven.tk, 1
+wolf333.com, 1
+wolfachtal-alpaka.de, 1
+wolfarth.info, 1
+wolfermann.org, 1
+wolfermans.com, 1
+wolferstetterkeller.de, 1
+wolfertconsulting.nl, 1
+wolfflabs.com, 1
+wolffproperties.com, 1
+wolfgang-kerschbaumer.at, 1
+wolfgang-kerschbaumer.com, 1
+wolfgang-kerschbaumer.net, 1
+wolfgang-kloke.de, 1
+wolfgang-ziegler.com, 1
+wolfgangkowar.de, 1
+wolfie.tv, 1
+wolflabs.co.uk, 1
+wolflambert.tk, 1
+wolfsburgwest.com, 1
+wolfsense.nl, 1
+wolfshoehle.eu, 1
+wolfskymedia.com, 1
+wolfsmobile.com, 1
+wolfstreet.com, 1
+wolfteam.tk, 1
+wolfvideoproductions.com, 1
+wolfwings.us, 1
+wolfy.design, 1
+wolfy1339.com, 1
+wolkanca.com, 1
+wolkanca.com.tr, 1
+wolke7.wtf, 1
+wolkenputzer.com, 1
+wolkenspeicher.org, 1
+wolkjehosting.nl, 1
+wolkoopjes.nl, 1
+wolkowitz.com, 1
+wollmann.it, 1
+wollongongbaptist.hopto.org, 1
+wollwerk.org, 1
+wolrdwidessl.net, 1
+wolsing.dk, 1
+wolszon.me, 1
+woltauth.de, 1
+woltlab-demo.com, 1
+woltlab.com, 1
+woltlab.de, 1
+wolverine-obuv.ru, 1
+wolvesbanemanor.com, 1
+wolvostore.com, 1
+wom.de, 1
+womanpub.com, 1
+womb.city, 1
+wombathost.uk, 1
+wombatnet.com, 1
+wombatpass.com, 1
+wombatpass.com.au, 1
+wombats.net, 1
+wombere.org, 1
+womblesemporium.co.uk, 1
+women-femmes.gc.ca, 1
+women-only.net, 0
+women.gc.ca, 1
+womenagainstviolence.org, 1
+womenbeautyhealth.com, 1
+womenbrace.tk, 1
+womenfashionshirt.tk, 1
+womenofficersofindia.com, 1
+womenonboardskenya.co.ke, 1
+womenridersnow.com, 1
+womens-suits.tk, 1
+womensbiz.tk, 1
+womenscalltoaction.tk, 1
+womensenews.org, 0
+womenshealth.gov, 1
+womensmedassoc.com, 1
+womensshelterofhope.com, 1
+womfs.com.au, 1
+wompenriebler.tk, 1
+womply.com, 1
+woms.top, 1
+womywomwoo.com, 1
+wonderbits.net, 1
+wonderbox.ga, 1
+wonderbox.gq, 1
+wonderbox.ml, 1
+wonderchat.tk, 1
+wondercorner.ca, 1
+wondereur.com, 1
+wonderfall.space, 1
+wonderfuleducation.eu, 1
+wonderfuleducation.nl, 1
+wonderfulworldofwalliams.tk, 1
+wonderhost.info, 1
+wonderhowto.com, 1
+wonderkind.de, 1
+wonderlab.ml, 1
+wonderland-server.net, 1
+wonderlangkawi.com, 1
+wonderleaks.gq, 1
+wondermags.com, 1
+wondermiles.com, 1
+wondermiles.org, 1
+wonderworksonline.com, 1
+wondeur.ai, 1
+wondium.nl, 1
+wonewocwi.gov, 1
+wong-sleweah.tk, 1
+wonghome.net, 1
+wongu.tech, 1
+woning-verfspuiten.be, 1
+woning-verfspuiten.com, 1
+woning-verfspuiten.nl, 1
+woningonderhoud.tk, 1
+woningsnet.nl, 1
+wonko-vs-trader.de, 1
+wonksecurity.com, 1
+wonksecurityblog.com, 1
+woo-jiho.tk, 1
+woo-order.com, 1
+woo.bi, 1
+wooby.tk, 1
+wooc.org, 0
+woocommerce-b2b-plugin.com, 1
+woocommerce-multivendor.com, 1
+woocommerce.academy, 1
+wood-crafted.co.uk, 1
+wood-crafted.uk, 1
+wood4heat.ca, 1
+woodandshop.com, 1
+woodbornekitchens.com, 1
+woodbridgegrp.com, 1
+woodbury.io, 1
+woodburynj.gov, 1
+woodcat.net, 1
+woodcentral.com, 1
+woodcock.cloud, 1
+woodcountywi.gov, 1
+woodcraftcompany.ru, 1
+woodenson.com, 1
+woodev.us, 1
+woodfarm2020.com, 1
+woodfencestlouis.com, 1
+woodfordcountyil.gov, 1
+woodfordcountyky.gov, 1
+woodhavenmi.gov, 1
+woodlandboys.com, 1
+woodlandexterior.com, 1
+woodlandsiding.com, 1
+woodlandsunrooms.com, 1
+woodlandsunroomsandenclosures.com, 1
+woodlandsvale.uk, 1
+woodlandwindows.com, 1
+woodlandwindows.net, 1
+woodlawnky.gov, 1
+woodlineds.com, 1
+woodmaster23.ru, 0
+woodminstermanagement.tk, 1
+woodminsterrealty.com, 1
+woodomat.com, 1
+woodomat.net, 1
+woodomat.org, 1
+woodpeckerhallacademy.org.uk, 1
+woodridgeil.gov, 1
+woodrowandallen.com, 1
+woodruffcountyar.gov, 1
+woodsbagot.com, 1
+woodsconsulting.com, 0
+woodscountyok.gov, 1
+woodshouse.ru, 1
+woodsideca.gov, 1
+woodsidepottery.ca, 1
+woodstar.ro, 1
+woodstocknh.gov, 1
+woodstockva.gov, 1
+woodstone.nu, 1
+woodtrust.com, 1
+woodvillems.gov, 1
+woodvillemspolice.gov, 1
+woodward-vets.co.uk, 1
+woodwicker.cl, 1
+woodwo.se, 1
+woodworkcare.com, 1
+woodworkingforabeginner.com, 1
+woodwormtreatment.com, 1
+woody-art.eu, 1
+woodyallen.tk, 1
+woodysinstalaciones.com, 1
+woodyworld.com, 1
+woof.gq, 1
+woofsbakery.com, 1
+woohay.com, 1
+woohoo.in, 1
+woohooyeah.nl, 1
+wookstar.com, 1
+woolfplumbing.com.au, 1
+woolyss.com, 1
+woomu.me, 1
+woonaval.eu, 1
+woonbedrijf.com, 1
+woonboulevardvolendam.nl, 0
+woonplein.tk, 1
+woontegelwinkel.nl, 1
+woonverkoop.be, 1
+woopie.com, 1
+woopiq.com, 0
+wooplaces.com, 1
+wooproducciones.tk, 1
+woordvanvandaag.nl, 1
+woorkup.com, 1
+woosk.de, 1
+wootality.com, 0
+woothelpdesk.com, 1
+wootkit.tk, 1
+wootware.co.za, 1
+wopr.network, 1
+wops.cc, 1
+worayuthit.com, 1
+worca.de, 1
+worcade.com, 1
+worcesterbouncycastlehire.co.uk, 1
+worcesterbouncycastles.co.uk, 1
+worcestercu.com, 1
+worcesterfestival.co.uk, 1
+worcestermd.gov, 1
+worcesterpethydrotherapy.com, 1
+worcestervets.co.uk, 1
+worcestervetsreferrals.com, 1
+word-grabber.com, 1
+wordbits.net, 0
+wordcounter.net, 1
+wordfast.com, 1
+wordher.com, 1
+wordindonesia.com, 1
+wordindonesia.id, 1
+wordki.com, 1
+wordlessecho.com, 1
+wordnietvindbaar.nl, 1
+wordops.io, 1
+wordops.net, 1
+wordpress-crm-plugin.com, 1
+wordpress-crm.pl, 1
+wordpress-inc.ru, 1
+wordpress-szakerto.hu, 1
+wordpress-test.site, 0
+wordpress.com, 0
+wordpressadmin.ru, 1
+wordpressbot.tk, 1
+wordpressdevelopment.ml, 1
+wordregistrar.ga, 1
+wordroid.net, 1
+words-are-pictures.com, 1
+words.codes, 0
+wordsearchwhiz.com, 1
+wordsforellie.com, 1
+wordsmart.it, 1
+wordsofamaster.com, 1
+wordspam.ga, 1
+wordunscrambler.com, 1
+wordwidessl.net, 1
+wordxtra.net, 1
+wordzite.com, 1
+worf.in, 1
+wori.cf, 1
+wori.ga, 1
+wori.gq, 1
+wori.ml, 1
+wori.tk, 1
+worio.co, 1
+work-at-home.ga, 1
+work-at-home.gq, 1
+work-in-progress.website, 1
+work-msg.com, 1
+work.me, 1
+workaholic.tk, 1
+workaholics.tk, 1
+workaround.run, 1
+workat.tech, 1
+workatclever.com, 1
+workatclever.us, 1
+workatclevyr.us, 1
+workathome.tk, 1
+workathomeideas.tk, 1
+workathomenoscams.com, 1
+workathomeopportunities.tk, 1
+workathomernjobs.tk, 1
+workcare.com, 1
+workcelerator.com, 1
+workcenter.gov, 1
+workcheck.bz, 1
+workclaims.org, 1
+workcloud.jp, 1
+workcost.me, 1
+workelo.eu, 1
+workemy.com, 1
+worker.gov, 1
+workermess.tk, 1
+workers-iran.org, 1
+workerselforganisation.cf, 1
+workerselforganisation.ga, 1
+workflowy.com, 1
+workfromhomebusinessopportunities.cf, 1
+workfromhomebusinessopportunities.tk, 1
+workfromhomecareers.tk, 1
+workfromhomeforum.cf, 1
+workfromhomeforum.tk, 1
+workfromhomemom.cf, 1
+workfromhomeoptions.ml, 1
+workfromhomeoptions.tk, 1
+workfromhomesales.tk, 1
+workfromhomesites.ga, 1
+workfromhomesites.ml, 1
+workfromhometexas.tk, 1
+workhorsemkt.com, 1
+workindia.ml, 1
+workinestonia.com, 0
+working-group-cloudsecurityalliance.org, 1
+workingclassmedia.com, 1
+workingfamilies.org.uk, 0
+workinghardinit.work, 1
+workingmachine.info, 1
+workingnotworking.com, 1
+workingproductkeys.info, 1
+workingtalent.nl, 1
+workinnorway.no, 1
+workiva.com, 1
+workjustice.com.au, 1
+worklinepc.com, 1
+worklizard.com, 1
+workmax.com, 1
+workmaxidenta.lt, 1
+worknrby.com, 1
+workona.com, 1
+workonit.cf, 1
+workoutdigital.com, 1
+workplace.com, 1
+workplace.tools, 1
+workreap.tk, 1
+workreveal.biz, 1
+works-ginan.jp, 1
+worksheets-to-print.com, 1
+workshop-assets.com, 1
+workshop-email-content.com, 1
+workshop-email-tracking.com, 1
+workshop-spf.net, 1
+workshop-sync.net, 1
+workshop.industries, 1
+workshop.men, 1
+workshopengine.com.au, 1
+workshopszwolle.nl, 1
+workshopzwolle.com, 1
+worksindev.com, 1
+worksitevr.com, 1
+workspace.pt, 1
+worksthatwork.com, 1
+worktefa.tk, 1
+workthings.de, 1
+workupapp.com, 1
+workwithgo.com, 0
+workwithusaid.gov, 1
+worky.ph, 1
+workzly.in, 1
+world-citizen-report.com, 1
+world-creator.se, 1
+world-documentary.ml, 1
+world-education-association.org, 1
+world-ir.international, 1
+world-lolo.com, 1
+world-mail.org, 1
+world-of-arms.tk, 1
+world-of-tes.tk, 1
+world-politics.tk, 1
+world-selena.tk, 1
+world-tanks.tk, 1
+world-trigger.net, 1
+world-web.pro, 1
+worldaccord.org, 1
+worldarmy.tk, 1
+worldatwork.org, 1
+worldbelow.tk, 1
+worldbirds.com, 1
+worldbirds.org, 1
+worldbusinessarea.tk, 1
+worldbusinessera.tk, 1
+worldcarding.tk, 1
+worldcdg.org, 1
+worldcharteronline.ga, 1
+worldchess.london, 1
+worldcigars.com.br, 1
+worldcircuit.co.uk, 1
+worldclassfriend.com, 1
+worldconsultingchile.tk, 1
+worldcrafts.org, 1
+worldcrunch.com, 1
+worldcup-odds.com, 1
+worlddataexchange.au, 1
+worlddataexchange.com, 1
+worlddataexchange.com.au, 1
+worldeg.estate, 1
+worldessays.com, 1
+worldeventscalendars.com, 1
+worldexpo.ga, 1
+worldfa.me, 1
+worldfinancenews.org, 1
+worldfootball.tk, 1
+worldgun.ml, 1
+worldhealthcompany.tk, 1
+worldhealthdepartment.tk, 1
+worldhealthdiet.tk, 1
+worldhealthinfo.tk, 1
+worldhealthmedia.tk, 1
+worldhealthnews.tk, 1
+worldhealthsystem.tk, 1
+worldhealthtips.ga, 1
+worldhealthtips.tk, 1
+worldhomeasian.tk, 1
+worldhomebuild.tk, 1
+worldhomecanada.tk, 1
+worldhomedecor.tk, 1
+worldhomedecoration.tk, 1
+worldhomedesign.tk, 1
+worldhomeglobal.tk, 1
+worldhomeimprevement.tk, 1
+worldhomeinfo.tk, 1
+worldhomeinspiration.tk, 1
+worldhomeinterior.tk, 1
+worldhomeinteriror.tk, 1
+worldhomeitaly.tk, 1
+worldhomenews.tk, 1
+worldhomepro.tk, 1
+worldhomeuk.tk, 1
+worldhomeusa.tk, 1
+worldhosting.cf, 1
+worldinfusedcandles.com.au, 1
+worldintercontinental.cf, 1
+worldix.cf, 1
+worldix.gq, 1
+worldix.ml, 1
+worldix.tk, 1
+worldjobs.tk, 1
+worldjusticeproject.org, 1
+worldlandtrust.org, 1
+worldlanguage.tk, 1
+worldluxuryhome.tk, 1
+worldmarathons.tk, 1
+worldmeetings.com, 1
+worldnewsinbox.ga, 1
+worldnewsphoto.tk, 1
+worldofarganoil.com, 1
+worldofbelia.de, 1
+worldofgeekstuff.com, 1
+worldofghibli.id, 1
+worldofheroes.ml, 1
+worldoflegion.ml, 1
+worldofparties.co.uk, 1
+worldpage.tk, 1
+worldpayaccessories.com, 1
+worldplayerx.com, 1
+worldpolitics.cf, 1
+worldpool.com.au, 1
+worldrallyforum.tk, 1
+worldranking.tk, 1
+worldrecipes.eu, 1
+worldrism.com, 1
+worldsage.org, 1
+worldsat.tk, 1
+worldsaway.ca, 1
+worldsbest.ga, 1
+worldscoop.org, 1
+worldsfree4u.ga, 1
+worldsgreatestazuredemo.com, 1
+worldsinperil.it, 1
+worldsms.tk, 1
+worldsport.cf, 1
+worldstone777.com, 1
+worldstyles.cf, 1
+worldsweet.ru, 1
+worldsy.com, 1
+worldsystems.com.co, 1
+worldtalk.de, 1
+worldtattooevents.com, 1
+worldtourismgroup.com, 1
+worldtrandingnews.ml, 1
+worldtravelmagazine.tk, 1
+worldturkmans.tk, 1
+worldupdatereviews.com, 1
+worldviews-debattieren.de, 1
+worldvisa.tk, 1
+worldvm.com, 1
+worldwallstreet.tk, 1
+worldwar2collector.tk, 1
+worldwatchmonitor.org, 1
+worldwideradiosummit.com, 1
+worldwidescience.org, 1
+worldwidessl.net, 1
+worldwinesweb.be, 1
+worlich.tk, 1
+wormate.io, 1
+wormburners.tk, 1
+wormbytes.ca, 1
+wormhol.org, 1
+wormhole.com, 1
+wormhole.ga, 1
+wormholevpn.net, 1
+wormincorporated.tk, 1
+wormpress.com, 1
+worms-cowclan.tk, 1
+worongarymedical.com.au, 1
+worpswede.eu, 1
+worst.horse, 0
+wort-suchen.de, 1
+wortdestages.tk, 1
+worthcountyiowa.gov, 1
+worthenind.com, 1
+worthingtonindustries.com, 0
+worthless.company, 1
+worthlessingratitudecq.cf, 1
+worthlessingratitudecq.gq, 1
+worthlessingratitudecq.ml, 1
+worthlydeals.com, 1
+worthtownshipmi.gov, 1
+worthyblog.com, 1
+worthygo.com, 1
+worzo.tk, 1
+woshiluo.com, 1
+woshiluo.site, 1
+wossl.com, 1
+wossl.net, 1
+wot-life.com, 1
+wot-tudasbazis.hu, 1
+wot-zadrot.com, 1
+wotaku.top, 1
+wotcheats.ru, 1
+woti.dedyn.io, 1
+wotlo.com, 1
+wotsunduk.ru, 1
+wotzadrot.com, 1
+woudenberg.nl, 0
+woulaba.com, 1
+wound-doc.co.uk, 1
+wouter.site, 1
+wouterbruijning.nl, 1
+wouterkobes.nl, 1
+wouterpetri.com, 1
+wouterpetri.xyz, 1
+wouterslop.com, 1
+wouterslop.eu, 1
+wouterslop.nl, 1
+woutervdb.com, 1
+woutiscoding.be, 1
+wovietv.com, 1
+wow-dsg.ch, 1
+wow-foederation.de, 1
+wow-screenshots.net, 1
+wow-serbia.tk, 1
+wowa.ca, 1
+wowaffixes.info, 1
+wowarcaim.ml, 1
+wowbanner.ru, 1
+wowbouncycastles.co.uk, 1
+wowchemy.com, 1
+wowcinema.tk, 1
+wowdrive.ga, 1
+wowede.com, 0
+wowfare.com, 1
+wowhampers.ie, 1
+wowhelp.it, 1
+wowi-ffo.de, 1
+wowjs.co.uk, 1
+wowjs.org, 1
+wowjs.uk, 1
+wowlegacy.ml, 1
+wowlove.tk, 1
+wownmedia.com, 1
+wownskportal.tk, 1
+wowpilates.com, 1
+wowpolisa.pl, 1
+wows-mods.tk, 1
+wows.sb, 1
+wowsosellout.com, 1
+wox.ac, 1
+woyao.ml, 1
+woyzeck.org, 1
+woz.ch, 1
+wozalapha.com, 1
+wozwaardeloket.nl, 1
+wozwebdesign.com.br, 1
+wp-assistance.fr, 1
+wp-bootstrap.org, 1
+wp-bundle.co, 0
+wp-cloud.fi, 0
+wp-fastsearch.de, 1
+wp-in.de, 1
+wp-mix.com, 1
+wp-ninja.tk, 1
+wp-note.it, 1
+wp-op.com, 1
+wp-rebuild.com, 1
+wp-securehosting.com, 1
+wp-stack.pro, 1
+wp-tao.com, 1
+wp-webagentur.de, 1
+wp2static.com, 1
+wp3.ca, 1
+wpac.de, 1
+wpandup.org, 1
+wpautolistings.com, 1
+wpboot.com, 1
+wpboys.com, 0
+wpbrigade.com, 1
+wpbyte.io, 1
+wpcanban.com, 1
+wpcc.edu, 1
+wpcdn.bid, 1
+wpcepat.com, 0
+wpcgm.co.uk, 1
+wpcharged.nz, 1
+wpcheck.io, 1
+wpckraft.ro, 1
+wpco.nl, 1
+wpco.se, 1
+wpconcepts.net, 1
+wpcoupons.io, 1
+wpcrs.org, 1
+wpcs.pro, 1
+wpdev.com.au, 1
+wpekspres.com, 1
+wpetri.nl, 1
+wpexpert.com.tr, 1
+wpexplainer.com, 1
+wpexplorer.com, 1
+wpfactory.io, 1
+wpformation.com, 1
+wpforum.tk, 1
+wpfunction.com, 1
+wpg-verwaltungen.de, 1
+wpginvest.com, 1
+wpguvenlik.com, 1
+wphelpdesk.nl, 1
+wphelpwithhomework.tk, 1
+wphlive.tv, 1
+wphost.nl, 0
+wphostee.co.uk, 1
+wphosting.ovh, 1
+wpinabox.de, 1
+wpinfos.de, 0
+wpinsides.com, 1
+wpjzb.com, 1
+wpknol.com, 1
+wpkoridoru.com, 1
+wpldn.uk, 1
+wpletter.de, 1
+wplibrary.net, 1
+wplicious.com, 1
+wplistings.pro, 1
+wpmafias.com, 1
+wpmatik.com, 1
+wpmeer.com, 1
+wpmeetup-berlin.de, 1
+wpmet.com, 1
+wpml.org, 1
+wpmu-tutorials.de, 1
+wpnesia.id, 1
+wpnews.cf, 1
+wpnews.ga, 1
+wpnews.gq, 1
+wpnews.ml, 1
+wpnews.tk, 1
+wpnovice.tk, 1
+wpocs.com, 1
+wpoptimalizace.cz, 1
+wppbki1.com, 1
+wprank.net, 1
+wprapide.com, 1
+wpresscoder.com, 1
+wpscholar.com, 1
+wpsecured.net, 1
+wpserp.com, 1
+wpsharks.com, 1
+wpsite.dk, 1
+wpsitemovers.com, 1
+wpsitesuccess.com, 1
+wpslimseo.com, 1
+wpsmackdown.com, 1
+wpspeedcare.com, 1
+wpspeedking.com, 1
+wpsuites.com, 1
+wptests.tk, 1
+wpthemearchive.com, 1
+wptotal.com, 1
+wptrigone.fr, 1
+wptrigone.net, 1
+wpturnedup.com, 1
+wptv.com, 1
+wpunited.com, 1
+wpuse.ru, 1
+wpwebshop.com, 1
+wpwebtools.com, 1
+wq.ro, 1
+wqaw3.tk, 1
+wr.su, 1
+wrallp.com, 1
+wranglerworld.com, 1
+wrap.in.ua, 1
+wrap.org.uk, 1
+wrapit.hu, 1
+wrapitup.co.uk, 1
+wrapping.spb.ru, 1
+wrara.org, 1
+wrathofgeek.com, 1
+wrbunderwriting.com, 0
+wrc-results.com, 1
+wrd48.net, 1
+wrdcfiles.ca, 1
+wrdf.org, 1
+wrdmrk.com, 1
+wrecked.cf, 1
+wrecked.tk, 1
+wreckeroo.com.au, 1
+wreckingball.hu, 1
+wrecky.com.au, 1
+wregni.com, 1
+wrentham.gov, 1
+wrenthamfire.gov, 1
+wrenthampolice.gov, 1
+wrenwrites.com, 1
+wresttmb.tk, 1
+wrfalimentos.com.br, 1
+wrglzd.com, 1
+wrgms.com, 1
+wrhomedecor.com.br, 1
+wrightcountymo911.gov, 1
+wrighthassall.co.uk, 1
+wrightpattfss.com, 1
+wrightslawfirm.com, 1
+wrighttownshipottawami.gov, 1
+wrighttownshippa.gov, 1
+wringer.ga, 1
+wristler.eu, 1
+write-right.net, 1
+writeandedit-for-you.com, 1
+writeaword.tk, 1
+writemyessay.today, 1
+writemyessays.com, 1
+writemypaperhub.com, 1
+writemytermpapers.com, 1
+writeoff.me, 1
+writepro.net, 1
+writer24.ru, 1
+writerecommendations.ga, 1
+writerimranc.ca, 1
+writers-club.tk, 1
+writersblock.tk, 1
+writesafer.com, 1
+writestreak.team, 1
+writeyoursmile.com, 1
+writing-expert.com, 1
+writingapps.ga, 1
+writingbee.com, 1
+writingcities.net, 1
+writingiswork.ga, 1
+writingontablets.com, 1
+writingpapersonlineformoney.ga, 1
+writingtoserve.net, 1
+writtenandrecorded.com, 1
+writtenworld.bg, 1
+wrm.sr, 1
+wrmea.org, 1
+wrmh343.org, 1
+wrnck.cloud, 1
+wroclawguide.com, 1
+wrong.wang, 0
+wrozbyonline.pl, 1
+wrozbyzkartklasycznych.pl, 1
+wrp.gov, 1
+wrtv.com, 1
+wrytin.com, 1
+wrzalski.com, 1
+ws159.com, 1
+ws88.top, 0
+wsa.org.nz, 1
+wsa.poznan.pl, 1
+wsadek.ovh, 1
+wsave.be, 1
+wsb.pl, 1
+wsballc.com, 1
+wscad.com, 1
+wscales.com, 0
+wscauth.de, 1
+wscore.me, 1
+wsdac.com, 1
+wsdcap.com, 1
+wsdcapital.com, 1
+wsdeboer.nl, 1
+wselektro.de, 1
+wseo.pw, 1
+wsgvet.com, 1
+wsheffield.com, 1
+wshop24.biz, 1
+wsl.sh, 1
+wsldp.com, 1
+wsm-naramowice.pl, 1
+wsn.com, 1
+wso01.com, 1
+wsparcie.gov.pl, 1
+wsrc.tk, 1
+wsrn.de, 1
+wsrv.nl, 1
+wss.com.ve, 1
+wsspalluto.de, 1
+wssv.ch, 0
+wstudio.ch, 0
+wstx.com, 1
+wsug.gq, 1
+wsv-pfeffingen.de, 1
+wszystkocokocham.com, 1
+wt-server3.de, 1
+wtawi.org, 1
+wtccc.org.uk, 1
+wtdiw.com, 1
+wtfbryan.com, 0
+wtfcripto.com, 1
+wtfindonesia.tk, 1
+wtfnope.org, 1
+wth-security.nl, 1
+wth.in, 1
+wthproject.ru, 1
+wtkr.com, 1
+wtmarketing.com, 1
+wtp.co.jp, 1
+wtpdive.jp, 1
+wtpmj.com, 1
+wtsh.de, 1
+wtvr.com, 1
+wtw.io, 1
+wtxl.com, 1
+wu-y.com, 1
+wuaffiliate.tk, 1
+wuast24.de, 1
+wubuwu.com, 1
+wuchipc.com, 1
+wuchoamoveis.com.br, 1
+wucke13.de, 1
+wudangkungfu.com, 1
+wuellenweber.net, 1
+wuerfel.wf, 1
+wuerfelmail.de, 1
+wuergler-consulting.ch, 1
+wuermlitaucher.ch, 1
+wuestenbergs.tk, 1
+wuevahosting.com, 1
+wufenzhong.com, 1
+wuff.blog, 1
+wuff.gay, 1
+wug.fun, 1
+wug.jp, 1
+wug.news, 1
+wuhua.com, 1
+wui.fan, 1
+wuifan.com, 1
+wuifan.net, 1
+wuifan.org, 1
+wuji.cz, 1
+wuki.li, 1
+wuknet.com, 1
+wuknet.net, 1
+wulai.cf, 1
+wulai.ml, 1
+wulala.one, 1
+wulcan-platinum.com, 1
+wulel.cn, 0
+wulfrun-invicta.tk, 1
+wulkan-platinum.xyz, 1
+wum.me, 1
+wuma.ml, 1
+wumai-p.cn, 1
+wumbo.cf, 1
+wumbo.co.nz, 0
+wumbo.ga, 1
+wumbo.gq, 1
+wumbo.kiwi, 1
+wumbo.ml, 1
+wumbo.tk, 1
+wuminhao.com, 1
+wums.org, 1
+wunder.io, 1
+wunderbarespolen.de, 1
+wunderkarten.de, 1
+wunderlist.com, 1
+wundi.net, 1
+wunschpreisauto.de, 1
+wunschzettel.de, 1
+wuoppy.com, 1
+wuppertal-2018.de, 0
+wuppertaler-frettchensitterin.tk, 1
+wurm-sb.de, 0
+wurmannsquick.bayern, 0
+wurmannsquick.de, 0
+wurstbrot.cf, 1
+wurstmineberg.de, 1
+wurzelchaos.de, 1
+wurzelkanal.de, 1
+wushka.com.au, 1
+wusu.tk, 1
+wuw.moe, 1
+wuxian.ml, 0
+wuya.eu.org, 1
+wuyifan.ga, 1
+wuyuan.io, 1
+wuz.com.tw, 1
+wuzhishan.com, 1
+wuzhuiso.com, 1
+wv-n.de, 1
+wvbold.gov, 1
+wvbvm.gov, 1
+wvdnr.gov, 1
+wver.de, 1
+wvg.myds.me, 1
+wvpbs.ml, 1
+wvpbs.tk, 1
+wvpebd.gov, 1
+wvrtboard.gov, 1
+wvstateparks.com, 1
+wvunclaimedproperty.gov, 1
+wvv-8522.com, 1
+wvw-8522.com, 1
+ww5197.co, 1
+ww6396.com, 0
+ww6729.co, 1
+ww6729.com, 0
+ww6957.co, 1
+ww8989.com, 1
+ww9297.co, 1
+ww9397.com, 0
+ww9721.com, 1
+ww9728.co, 1
+wwa-clan.tk, 1
+wwads.cn, 1
+wwbsb.xyz, 1
+wwc.ren, 1
+wwcowa.gov, 1
+wwe.to, 1
+wwgc2011.se, 1
+wwilogistics.com, 1
+wwjd.dynu.net, 1
+wwlc.ch, 1
+wwp-beauty.com, 1
+wwpxbeauty.com, 1
+wws-energysolutions.de, 1
+wws.nu, 1
+wwtelenet.com, 1
+wwtelenet.net, 1
+wwtg.gov, 1
+wwv-8522.com, 1
+wwv-8722.com, 1
+wwvip88.com, 1
+www-33445.com, 1
+www-38978.com, 1
+www-49889.com, 1
+www-68277.com, 1
+www-8225.com, 1
+www-8522.am, 1
+www-8522.com, 1
+www-8722.com, 1
+www-8887999.com, 0
+www-9118.com, 0
+www-9822.com, 1
+www-fwt.com, 1
+www-pheromone.com, 1
+www-pheromones.com, 1
+www.aclu.org, 0
+www.amazon.ca, 1
+www.amazon.cn, 1
+www.amazon.co.jp, 1
+www.amazon.co.uk, 1
+www.amazon.com, 1
+www.amazon.com.au, 1
+www.amazon.com.br, 1
+www.amazon.com.mx, 1
+www.amazon.de, 1
+www.amazon.es, 1
+www.amazon.fr, 1
+www.amazon.in, 1
+www.amazon.it, 1
+www.amazon.nl, 1
+www.banking.co.at, 1
+www.bbc.co.uk, 0
+www.bbc.com, 0
+www.braintreepayments.com, 0
+www.calyxinstitute.org, 1
+www.capitainetrain.com, 0
+www.captaintrain.com, 0
+www.cnet.com, 1
+www.dm-drogeriemarkt.ba, 1
+www.dm-drogeriemarkt.bg, 1
+www.dm-drogeriemarkt.it, 1
+www.dm-drogeriemarkt.ro, 1
+www.dm.at, 1
+www.dm.cz, 1
+www.dm.de, 1
+www.dm.hr, 1
+www.dm.hu, 1
+www.dm.mk, 1
+www.dm.pl, 1
+www.dm.rs, 1
+www.dm.si, 1
+www.dropbox.com, 1
+www.dropcam.com, 0
+www.edu.tw, 1
+www.eternalgoth.co.uk, 1
+www.evernote.com, 0
+www.facebook.com, 0
+www.fastmail.com, 1
+www.figma.com, 1
+www.ft.com, 1
+www.g.co, 0
+www.gamesdepartment.co.uk, 0
+www.getcloak.com, 1
+www.gmail.com, 0
+www.googlemail.com, 0
+www.gov.pl, 1
+www.gov.scot, 1
+www.gov.uk, 0
+www.govt.nz, 1
+www.gpo.gov, 1
+www.grc.com, 0
+www.gub.uy, 1
+www.healthcare.gov, 0
+www.heliosnet.com, 1
+www.history.pe, 1
+www.honeybadger.io, 0
+www.hyatt.com, 1
+www.icann.org, 0
+www.irccloud.com, 0
+www.ki, 1
+www.lastpass.com, 0
+www.ledgerscope.net, 0
+www.lookout.com, 1
+www.messenger.com, 1
+www.mojadm.sk, 1
+www.mygov.bd, 1
+www.noisebridge.net, 1
+www.opsmate.com, 1
+www.org.gg, 0
+www.paypal.com, 1
+www.python.org, 1
+www.re, 1
+www.rememberthemilk.com, 0
+www.rme.li, 0
+www.sb, 1
+www.simbolo.co.uk, 0
+www.techrepublic.com, 0
+www.theguardian.com, 1
+www.therapynotes.com, 1
+www.tinfoilsecurity.com, 1
+www.tl, 1
+www.torproject.org, 0
+www.tumblr.com, 0
+www.united.com, 1
+www.usaa.com, 0
+www.viasinc.com, 0
+www.vino.com, 0
+www.wepay.com, 1
+www.wordpress.com, 0
+www.zdnet.com, 1
+www00228a.com, 0
+www00228b.com, 0
+www00228c.com, 0
+www00228d.com, 0
+www00228e.com, 0
+www68277.com, 1
+wwwclan.tk, 1
+wwweb.be, 1
+wwwebdesignstudios.com, 1
+wwwhackeronecom.com, 1
+wwwindows.co.uk, 1
+wwwithcarrie.com, 1
+wwwn888.com, 0
+wwwsberdahk.ru, 1
+wwwwnews.tk, 1
+wwwwww.click, 1
+wwx.duckdns.org, 1
+wx37.ac.cn, 1
+wx6688.cc, 0
+wxcafe.net, 1
+wxdisco.com, 1
+wxforums.com, 1
+wxh.jp, 1
+wxhbts.com, 1
+wxkxsw.com, 1
+wxrlab.com, 1
+wxservices.tk, 1
+wxster.com, 1
+wxw.cat, 1
+wxw.guru, 1
+wxw.moe, 1
+wxw.ooo, 1
+wxyz.com, 1
+wxzm.sx, 1
+wy188.cc, 0
+wy6.org, 1
+wyam.io, 1
+wyatttauber.com, 1
+wybar.co.uk, 1
+wybar.uk, 1
+wycena.ga, 1
+wyckoff.vip, 1
+wyckoffspringmeadowcondos.com, 1
+wycombetoday.com, 0
+wycoreconstruction.com, 1
+wyczaruj.pl, 1
+wyday.com, 1
+wydmy.com.pl, 1
+wygibanki.pl, 1
+wygodnie.pl, 1
+wykedways.com, 1
+wykop.pl, 0
+wykopylodz.ga, 1
+wylark.com, 1
+wyldfiresignage.com, 1
+wylog.ph, 1
+wynajemautkrakow.cf, 1
+wynajemautkrakow.ga, 1
+wynajmijkontener.pl, 1
+wyndhamcapital.com, 1
+wyngatepta.com, 1
+wynlv.com, 1
+wynyardwood.co.nz, 1
+wyo.cam, 1
+wyofitclubs.com, 1
+wyofitness.com, 1
+wyomingcountyny.gov, 1
+wyomingcountypa.gov, 1
+wyomingia.gov, 1
+wyomingmi.gov, 1
+wyomingurology.com, 1
+wypiska.pl, 1
+wypozyczalniasamochodowkrakow.gq, 1
+wypracowania.pl, 1
+wyprawywedkarskiepremium.pl, 1
+wyrickstaxidermy.com, 1
+wyrihaximus.net, 1
+wyrimaps.net, 1
+wyriverton.com, 1
+wysa.io, 1
+wyspa.com.pl, 1
+wyssmuller.ch, 0
+wysz.com, 1
+wyydsb.cn, 1
+wyydsb.com, 1
+wyydsb.xin, 1
+wyzj.tv, 1
+wyzl.cc, 1
+wyzwaniemilosci.com, 1
+wz.lviv.ua, 1
+wz.my, 0
+wz.pt, 1
+wzajemnie.org.pl, 1
+wzfou.com, 1
+wzh.one, 1
+wzmzw.com, 0
+wzrd.in, 1
+wzutti.com, 0
+wzxaini9.com, 1
+wzyboy.org, 1
+x-6.pl, 1
+x-charge.uk, 1
+x-embed.com, 1
+x-files.tk, 1
+x-iweb.ru, 1
+x-kamera.de, 1
+x-lan.be, 1
+x-net24.pl, 1
+x-one.co.jp, 1
+x-orbit.dk, 1
+x-sun.com, 1
+x-team.co.il, 1
+x-way.org, 1
+x.io, 1
+x.sb, 1
+x001.org, 1
+x00228.com, 1
+x00701.com, 1
+x00708.com, 0
+x00738.com, 1
+x00776.com, 1
+x00786.com, 0
+x0e.nl, 1
+x0r.be, 1
+x0r.link, 1
+x0rg.org, 1
+x13.com, 1
+x16.in, 1
+x1616.tk, 1
+x17.cafe, 1
+x17.ink, 0
+x2d2.de, 0
+x2oe.com, 1
+x2ox.com, 1
+x36533.com, 1
+x378.ch, 1
+x3803.com, 1
+x3816.com, 1
+x3828.com, 1
+x3x.tc, 1
+x44.at, 1
+x500658.com, 1
+x5197.co, 1
+x58f.com, 1
+x58p.com, 1
+x58t.com, 1
+x58v.com, 1
+x5901.com, 0
+x5902.com, 1
+x5903.com, 0
+x5904.com, 1
+x5905.com, 1
+x5906.com, 0
+x5907.com, 1
+x5908.com, 0
+x5910.com, 0
+x59988.com, 0
+x5x.host, 1
+x6.nl, 1
+x61.sh, 1
+x64architecture.com, 1
+x6729.co, 1
+x6957.co, 1
+x7008.com, 0
+x7713.com, 0
+x7718.com, 1
+x7719.com, 0
+x7782.com, 0
+x7785.com, 0
+x7795.com, 0
+x77dd.com, 0
+x77ee.com, 1
+x77hh.com, 0
+x77jj.com, 1
+x77kk.com, 0
+x77mm.com, 0
+x77nn.com, 1
+x77pp.com, 0
+x77qq.com, 0
+x77ww.com, 0
+x7sevenusa.com, 1
+x81vv.com, 1
+x82365.com, 1
+x86.co.kr, 1
+x90.im, 1
+x9016.com, 1
+x9297.co, 1
+x9721.com, 0
+x9728.co, 1
+x98v.com, 1
+x98y.com, 1
+x98z.com, 1
+xa.search.yahoo.com, 0
+xa1.uk, 0
+xab199.com, 1
+xab678.com, 1
+xaba.tk, 1
+xabifk.com, 1
+xacker.tk, 1
+xacobeoexperience.com, 1
+xad.ch, 1
+xado-france.com, 1
+xajh.org, 1
+xakep-slon.tk, 1
+xakepctbo.tk, 1
+xakiatech.com, 1
+xali.com, 1
+xalima.gq, 1
+xampusolid.cat, 1
+xanalys.org, 1
+xanderbron.tech, 1
+xanhdecor.com, 1
+xanny.family, 1
+xantec.com.my, 1
+xanthipolis.gr, 1
+xanthopoulos.me, 1
+xants.de, 1
+xanyl.de, 1
+xanzhu.com, 1
+xarangallomangallo.tk, 1
+xarmenta.tk, 1
+xarxanet.org, 1
+xatr0z.org, 0
+xauzit.com, 1
+xav.ie, 1
+xaver.cash, 1
+xaver.exchange, 1
+xavi.re, 1
+xavier.is, 1
+xavierarroyo.tk, 1
+xaviermalisse.tk, 1
+xavio-design.com, 1
+xavy.fr, 1
+xayah.net, 1
+xaydungnamcuong.com, 0
+xaynhachothue.vn, 1
+xb008.com, 1
+xb053.com, 1
+xb056.com, 1
+xb058.com, 1
+xb1001.com, 1
+xb2002.com, 1
+xb201.com, 0
+xb3008.com, 1
+xb306.com, 1
+xb3888.com, 1
+xb6008.com, 1
+xb601.com, 0
+xb6610.com, 1
+xb6616.com, 1
+xb6632.com, 1
+xb6636.com, 1
+xb6638.com, 1
+xb6639.com, 1
+xb6656.com, 1
+xb6673.com, 1
+xb6676.com, 1
+xb6679.com, 1
+xb6683.com, 1
+xb6692.com, 1
+xb6696.com, 1
+xb6806.com, 1
+xb6808.com, 1
+xb6866.com, 1
+xb6880.com, 1
+xb7001.com, 1
+xb7077.com, 1
+xb7676.com, 1
+xb780.com, 1
+xb8006.com, 1
+xb8018.com, 1
+xb836.com, 1
+xb851.com, 0
+xb852.com, 1
+xb853.com, 0
+xb859.com, 0
+xb8606.com, 1
+xb862.com, 1
+xb865.com, 1
+xb871.com, 1
+xb872.com, 0
+xb873.com, 1
+xb8806.com, 0
+xb8861.com, 1
+xb891.com, 0
+xb893.com, 0
+xb896.com, 1
+xb9009.com, 1
+xb901.com, 0
+xb906.com, 1
+xb913.com, 1
+xb925.com, 1
+xb927.com, 0
+xb935.com, 0
+xb936.com, 0
+xb937.com, 1
+xb953.com, 0
+xb957.com, 1
+xb961.com, 1
+xb962.com, 0
+xb965.com, 0
+xb967.com, 0
+xb971.com, 0
+xb972.com, 1
+xb976.com, 0
+xb980.com, 1
+xb982.com, 1
+xb983.com, 0
+xbanner.tk, 1
+xbb.hk, 1
+xbb.li, 1
+xbc.nz, 1
+xbdm.fun, 1
+xbdmov.com, 1
+xbertschy.com, 1
+xbet104.com, 1
+xbet106.com, 1
+xbetkr.com, 1
+xbigzmedia.tk, 1
+xbjt11.com, 1
+xbjt2.com, 1
+xbjt3.com, 1
+xbjt33.com, 1
+xbjt66.com, 1
+xbjt666.com, 1
+xbjt77.com, 1
+xblau.com, 1
+xbortov.com, 1
+xbox, 1
+xbox-mag.net, 1
+xboxachievements.com, 1
+xboxdynasty.de, 1
+xboxplay.games, 1
+xbrl.online, 1
+xbrlsuccess.appspot.com, 1
+xbros.cz, 1
+xbt.co, 1
+xbtce.com, 1
+xbtmusic.org, 0
+xbvip.net, 1
+xbvip99.com, 1
+xbyl.xn--fiqs8s, 1
+xbyl15.com, 1
+xbyl16.com, 1
+xbyl17.com, 1
+xbyl18.com, 1
+xbyl21.com, 1
+xbyl23.com, 1
+xbyl26.com, 1
+xbyl28.com, 1
+xbyl39.com, 1
+xbyl60.com, 1
+xbyl62.com, 1
+xbyl63.com, 1
+xbyl67.com, 1
+xbyl68.com, 1
+xbyl69.com, 1
+xbyl71.com, 1
+xbyl73.com, 1
+xbyl78.com, 1
+xbyl82.com, 1
+xbyl85.com, 1
+xbyl86.com, 1
+xbyl89.com, 1
+xbyl91.com, 1
+xc01.co, 1
+xc02.co, 0
+xc03.co, 1
+xc06.co, 1
+xc07.co, 1
+xc08.co, 1
+xc09.co, 1
+xc12.co, 1
+xc15.co, 1
+xc9988.cc, 1
+xcatalogo.com.mx, 0
+xccc.net, 1
+xce.pl, 1
+xceedgaming.com, 1
+xchangeinfo.com, 1
+xcharge.uk, 1
+xchimera.com, 1
+xchuan.cn, 1
+xcler8.com, 1
+xclirion-support.de, 1
+xcloudways.com, 1
+xcmfu.com, 0
+xcompany.one, 1
+xcraftsumulator.ru, 1
+xcspy.org, 1
+xcupidon.com, 1
+xcw8886.net, 1
+xcw8888.net, 0
+xcw8889.net, 0
+xcxmiku.com, 0
+xd.cm, 1
+xd.gd.cn, 1
+xd.gov, 1
+xdawn.cn, 1
+xdb.be, 0
+xdos.io, 1
+xdtag.com, 1
+xdty.org, 1
+xduce.com, 1
+xecure.zone, 1
+xedap24h.com, 1
+xeditpro.com, 1
+xeerpa.com, 1
+xeforce.com, 1
+xehopdongmuine.vn, 1
+xehost.com, 1
+xeiropraktiki.gr, 1
+xelesante.jp, 1
+xencrystal.me, 1
+xenfo.ro, 1
+xenical-online.ga, 1
+xenical-online.tk, 1
+xenical.tk, 1
+xenicalonline.gq, 1
+xenicalorlistat.tk, 1
+xenicalpills.tk, 1
+xenocide.tk, 1
+xenomedia.nl, 1
+xenomorph.tk, 1
+xenon.cloud, 1
+xenoncloud.net, 1
+xenophile.name, 1
+xenophobia.ga, 1
+xenoscopic.com, 1
+xenosphere.tk, 1
+xenotropegames.com, 1
+xenoworld.de, 1
+xenox-rp.ru, 1
+xenrox.net, 1
+xentho.net, 1
+xentox.com, 1
+xenwo.com, 1
+xenwo.io, 1
+xeonlab.de, 1
+xerbisworks.com, 1
+xerdeso.tk, 1
+xerezdeportivo.tk, 1
+xerkus.pro, 1
+xerownia.eu, 1
+xertainty.com, 1
+xertainty.de, 1
+xeryus.nl, 1
+xess.co.uk, 1
+xetown.com, 1
+xevnet.com, 1
+xevolkswagen.com, 1
+xfantasy.su, 1
+xfcy.me, 1
+xfd3.de, 1
+xfinityapparel.com, 1
+xfirma.pl, 1
+xfix.pw, 1
+xfixup.com, 1
+xford.tech, 1
+xfrag-networks.com, 1
+xftp.ml, 1
+xfzhao.com, 1
+xgadget.de, 1
+xgame.com.tr, 1
+xgameshst.com, 1
+xgcf.com, 1
+xgclan.com, 1
+xgeni.us, 1
+xgn.es, 1
+xgp.pl, 1
+xgpu.deals, 1
+xgreatben.blog, 1
+xgys.net, 0
+xgzepto.cn, 1
+xh.ax, 1
+xh7eee.com, 1
+xhacker.com, 1
+xhamiadituria.com, 1
+xhamster.com, 1
+xhanster.gq, 1
+xhcmnews.com, 1
+xhibitran.tk, 1
+xhily.com, 0
+xhmikosr.io, 1
+xho.me, 1
+xi.ht, 1
+xia.com, 1
+xia.de, 1
+xia100.xyz, 1
+xiai.cf, 1
+xiai.ga, 1
+xiai.ml, 1
+xiamenshipbuilding.com, 1
+xiamuzi.com, 1
+xiangblog.com, 1
+xiangdan.com, 1
+xianguocy.com, 1
+xiangweiqing.co.uk, 1
+xianjianruishiyouyiyuan.com, 1
+xiannvgong.art, 1
+xiannvgong.net, 1
+xiannvgong.online, 1
+xiannvgong.store, 1
+xiansiniao.com, 1
+xianteng.com, 1
+xianweiyuan.com, 1
+xianyu.uk, 1
+xiao-sheng.gq, 1
+xiaobai.pro, 0
+xiaobude.cn, 1
+xiaocg.xyz, 1
+xiaodaoxiaoxi.com, 1
+xiaodingyi.cn, 1
+xiaohui.love, 1
+xiaojiyoupin.com, 1
+xiaolanglang.net, 1
+xiaolong.link, 1
+xiaomao.tk, 1
+xiaomibarato.com, 1
+xiaomionline24.pl, 1
+xiaoneijun.cn, 1
+xiaoneimao.cn, 0
+xiaoniaoyou.com, 0
+xiaoqiang.blog, 1
+xiaose.com, 1
+xiaowangshen.com, 1
+xiaowutou.com, 1
+xiaoxia.li, 1
+xiaoyu.net, 1
+xiaoyy.org, 1
+xiaozonglin.cn, 1
+xiarain.com, 1
+xiaxuejin.cn, 1
+xiayimiao.com, 1
+xiazhanjian.com, 0
+xice.cf, 1
+xice.wang, 1
+xicreative.net, 1
+xiecongan.org, 1
+xier.ch, 1
+xiexiexi.com, 1
+xif.at, 1
+xifrem.com, 1
+xiix.cf, 1
+xile.ml, 1
+xilef.org, 1
+xilegames.com, 1
+xilkoi.net, 1
+xillimite.com, 1
+xilnex.com, 1
+xilo.net, 1
+ximes.com, 1
+ximeshosted.com, 1
+ximg.co, 1
+ximware.com, 1
+xin365.com, 1
+xinanwork.com, 1
+xinbo010.com, 1
+xinbo016.com, 1
+xinbo018.com, 1
+xinbo019.com, 1
+xinbo020.com, 1
+xinbo026.com, 1
+xinbo028.com, 1
+xinbo030.com, 1
+xinbo038.com, 1
+xinbo050.com, 1
+xinbo056.com, 1
+xinbo059.com, 1
+xinbo060.com, 1
+xinbo066.com, 1
+xinbo068.com, 1
+xinbo069.com, 1
+xinbo070.com, 1
+xinbo076.com, 1
+xinbo078.com, 1
+xinbo079.com, 1
+xinbo080.com, 1
+xinbo086.com, 1
+xinbo088.com, 1
+xinbo089.com, 1
+xinbo090.com, 1
+xinbo096.com, 1
+xinbo098.com, 1
+xinbo099.com, 1
+xinbo120.com, 1
+xinbo129.com, 1
+xinbo130.com, 1
+xinbo138.com, 1
+xinbo150.com, 1
+xinbo156.com, 1
+xinbo158.com, 1
+xinbo160.com, 1
+xinbo170.com, 1
+xinbo178.com, 1
+xinbo179.com, 1
+xinbo180.com, 1
+xinbo186.com, 1
+xinbo190.com, 1
+xinbo196.com, 1
+xinbo198.com, 1
+xinbo200.com, 1
+xinbo218.com, 1
+xinbo238.com, 1
+xinbo256.com, 1
+xinbo258.com, 1
+xinbo260.com, 1
+xinbo266.com, 1
+xinbo268.com, 1
+xinbo269.com, 1
+xinbo270.com, 1
+xinbo276.com, 1
+xinbo278.com, 1
+xinbo279.com, 1
+xinbo280.com, 1
+xinbo286.com, 1
+xinbo290.com, 1
+xinbo296.com, 1
+xinbo298.com, 1
+xinbo306.com, 1
+xinbo308.com, 1
+xinbo316.com, 1
+xinbo318.com, 1
+xinbo326.com, 1
+xinbo338.com, 1
+xinbo350.com, 1
+xinbo356.com, 1
+xinbo359.com, 1
+xinbo369.com, 1
+xinbo376.com, 1
+xinbo378.com, 1
+xinbo379.com, 1
+xinbo38.com, 1
+xinbo380.com, 1
+xinbo386.com, 1
+xinbo389.com, 1
+xinbo390.com, 1
+xinbo396.com, 1
+xinbo398.com, 1
+xinbo400.com, 1
+xinbo401.com, 1
+xinbo406.com, 1
+xinbo407.com, 1
+xinbo466.com, 1
+xinbo468.com, 1
+xinbo478.com, 1
+xinbo480.com, 1
+xinbo496.com, 1
+xinbo498.com, 1
+xinbo506.com, 1
+xinbo508.com, 1
+xinbo516.com, 1
+xinbo526.com, 1
+xinbo528.com, 1
+xinbo536.com, 1
+xinbo538.com, 1
+xinbo556.com, 1
+xinbo566.com, 1
+xinbo570.com, 1
+xinbo576.com, 1
+xinbo578.com, 1
+xinbo580.com, 1
+xinbo586.com, 1
+xinbo590.com, 1
+xinbo600.com, 1
+xinbo608.com, 1
+xinbo609.com, 1
+xinbo610.com, 1
+xinbo676.com, 1
+xinebf.com, 0
+xing.ml, 1
+xingai.ml, 1
+xingzuozixun.com, 1
+xinlandm.com, 1
+xinmeiti168.cn, 1
+xinmeiti365.cn, 1
+xinnermedia.nl, 1
+xinpujing198.com, 0
+xinpujing200.com, 0
+xinpujing518.com, 0
+xinpujing918.com, 0
+xinshanla.com, 1
+xinxeta.es, 1
+xinxin.pl, 1
+xinyazhang.com, 1
+xinyezx.com, 1
+xinyitour.tw, 1
+xio.moe, 1
+xion.nu, 1
+xiphwork.de, 1
+xiqonline.com, 1
+xisu.com, 1
+xitin.tk, 1
+xiufe.ng, 1
+xiufeng.de, 1
+xiufeng.nl, 1
+xiumu.org, 1
+xiurenwang.co, 1
+xiuxiu.cf, 1
+xiuxiu.ga, 1
+xiuxiu.gq, 1
+xiuxiu.ml, 1
+xiuxiumh01.cc, 0
+xixi.com, 1
+xiyu.com, 1
+xjd.vision, 1
+xjf6.com, 1
+xjjeeps.com, 1
+xjjzp.com, 1
+xjjzp.net, 1
+xjpvictor.info, 1
+xjtu.live, 1
+xjtu.love, 1
+xjtu.men, 1
+xjtv.com, 1
+xjysilicone.com, 1
+xkblog.xyz, 1
+xkcd.pw, 1
+xkviz.net, 1
+xkww3n.cyou, 1
+xkwy2018.cn, 1
+xkwy2018.com, 1
+xkylee.com, 1
+xl-porn.com, 1
+xl3v3r.com, 1
+xlan.be, 1
+xlange.com, 1
+xlaw.com.br, 1
+xlbnas.cafe, 1
+xldl.ml, 1
+xlem.cn, 1
+xlink.com.pl, 1
+xlion.tw, 1
+xlmnews.today, 1
+xlnaudio.com, 1
+xloffice.se, 1
+xloud.cf, 1
+xloutdoor.se, 1
+xlribbon.ml, 1
+xlrsecurity.com, 1
+xlstat.com, 1
+xluxes.jp, 1
+xm1s.life, 1
+xmag.pl, 1
+xmanshow.tk, 1
+xmanyz.tk, 1
+xmdhs.com, 1
+xmdhs.top, 1
+xmediabigz.tk, 1
+xmediazxy.tk, 1
+xmenrevolution.com, 1
+xmessy.com, 1
+xmisystems.com, 1
+xmiui.com, 1
+xmlseo.ru, 1
+xmnr.net, 1
+xmusic.live, 1
+xmv.cz, 1
+xmyy.com, 1
+xn------7cdabibmbihbgykn8elfdbfgbeqxmlc3a.tk, 1
+xn------7cdbfcbc0ab6akhadmzphmbibhebcc7b0ahshon.tk, 1
+xn-----6kcamlijegc9ea1aw4ivc.xn--p1ai, 1
+xn-----6kcbb0cahbiskdv1bcj5c7g.tk, 1
+xn-----6kcbjcgl1atjj7aadbkxfxfe7a9yia.xn--p1ai, 1
+xn-----7kcbhdpr0asllefq0bjk.com, 1
+xn-----7kcgqqeagtqecgbhc3aginaie1hwh.tk, 1
+xn-----7kckegeaw8apdfn0d9a0j.xn--p1ai, 1
+xn-----8kcdcb4bffibpgkpbdbcc5cedihs.tk, 1
+xn-----elcblfoyosbv5mwb.xn--p1ai, 1
+xn----4tb0c.xn--p1ai, 1
+xn----7sbabexseekfke3cifnf3b4r.tk, 1
+xn----7sbabrwauchevq0ba.xn--p1ai, 1
+xn----7sbagi4akcjwfceu2aoi5e0eh.xn--p1ai, 1
+xn----7sbarcdvrtr1be.org, 1
+xn----7sbbagp2bcfwdeee1afm.xn--p1ai, 1
+xn----7sbbak4cyaoedjf3m.xn--p1ai, 1
+xn----7sbbgbr0arxb4a4exa.com.ua, 1
+xn----7sbbhzfbdo6dnf.tk, 1
+xn----7sbbncaddj9a9b6am9p.tk, 1
+xn----7sbbq5b0a1c.com, 1
+xn----7sbc3abak3afteia.xn--p1ai, 1
+xn----7sbedlbhv2azb6a.xn--j1amh, 1
+xn----7sbfl2alf8a.xn--p1ai, 1
+xn----7sbkofbbj4akz.xn--80asehdb, 1
+xn----7sblrfhjjgq8g.xn--p1ai, 1
+xn----7sbmucgqdbgwwc5e9b.xn--p1ai, 1
+xn----8hcdn2ankm1bfq.com, 1
+xn----8sbadsuaby8bb4a7cwh.xn--p1ai, 1
+xn----8sbdo7cb0b.xn--p1ai, 1
+xn----8sbggtw.xn--p1ai, 0
+xn----dtbfemantkhdczc.tk, 1
+xn----dtbfemmqjdddczc.tk, 1
+xn----dtbhcpoeofgcvoic1s.xn--p1ai, 1
+xn----etbqa2alia5i.tk, 1
+xn----htbhdmyci.xn--p1ai, 1
+xn----itbanmp3ae.xn--p1ai, 1
+xn----itbkhngkr2a.xn--p1ai, 0
+xn----jtbiihtkil8b4e.xn--p1ai, 1
+xn----mtbckubhv.xn--p1ai, 1
+xn----ncfb.ws, 1
+xn----otbabmp3ae.xn--p1ai, 1
+xn----ylba7abgd9bnh0e.xn--qxa6a, 1
+xn----ymcbah8a8de3hvarv.com, 1
+xn---35-6cdk1dnenygj.xn--p1ai, 1
+xn--061az77a.xn--fiqs8s, 1
+xn--061az77a.xn--fiqz9s, 1
+xn--0kq33cbsi8bk6d417b.com, 1
+xn--0kq33cz5c8wmwrqqw1d.com, 1
+xn--1-9u7ey2dtz3c.com, 0
+xn--12c3bpr6bsv7c.com, 1
+xn--12carbp3gycugf9k9a.xn--o3cw4h, 1
+xn--12cg9bnm5ci2ag9hbcs17a.com, 1
+xn--13-6kc0bufl.xn--p1ai, 1
+xn--15tx89ctvm.xn--6qq986b3xl, 1
+xn--1985-43d6eta0a4g2a.xn--p1ai, 1
+xn--1yst51avkr.ga, 1
+xn--1yst51avkr.xn--6qq986b3xl, 1
+xn--230ap0xpa.com, 1
+xn--24-6kc5agehpdf5a.xn--p1ai, 1
+xn--24-6kch4bfqee.xn--p1ai, 1
+xn--24-glcha1cjdmf1dye.xn--p1ai, 1
+xn--24-glcia8dc.xn--p1ai, 1
+xn--2sxs9ol7o.com, 1
+xn--36-dlcdun7abo4a.xn--p1ai, 1
+xn--3bt625flzps8a.com, 1
+xn--3btta.xn--fiqs8s, 1
+xn--3btta.xn--fiqz9s, 1
+xn--3js556addp80q.cn, 1
+xn--3lqp21gwna.cn, 1
+xn--3st814ec8r.cn, 1
+xn--3stv82k.hk, 1
+xn--3stv82k.tw, 1
+xn--41a.ml, 1
+xn--43-6kc4be0fbz.xn--p1ai, 1
+xn--45i.tk, 1
+xn--4brt03c.xn--fiqs8s, 1
+xn--4brt03c.xn--io0a7i, 1
+xn--4gq45ay49m.com, 1
+xn--4gq62f52gdss.com, 1
+xn--4kro7fswi.xn--6qq986b3xl, 1
+xn--4pv80kkz8auzf.jp, 1
+xn--4qs85t91oq9e.com, 1
+xn--54-6kc3btfht.xn--p1ai, 1
+xn--55q36pba3495a.com, 1
+xn--57h.ml, 0
+xn--5dbkjqb0d.com, 1
+xn--5dbkjqb0d.net, 1
+xn--6btn.xn--fiqs8s, 1
+xn--6btn.xn--fiqz9s, 1
+xn--6kru6im1lczj.com, 1
+xn--6o8h.cf, 1
+xn--6qq52xuogcjfw8pwqp.ga, 1
+xn--6qq62xsogfjfs8p1qp.ga, 1
+xn--72c1ar3gd6fvd.xn--o3cw4h, 1
+xn--78je2j8a.cafe, 1
+xn--7ca.co, 1
+xn--7dvy22i.com, 0
+xn--7or43h.jp, 1
+xn--7tq776cdf4a.xn--fiqs8s, 1
+xn--7tq776cdf4a.xn--fiqz9s, 1
+xn--7tq798c.ml, 1
+xn--7tqp36c113a.xn--fiqs8s, 1
+xn--7tqp36c113a.xn--fiqz9s, 1
+xn--7xa.google.com, 1
+xn--80a1a8b.tk, 1
+xn--80a5ai3dd.xn--d1at.xn--90a3ac, 1
+xn--80a6a1b.tk, 1
+xn--80a6aq.tk, 1
+xn--80aaa3bgsbbm.tk, 1
+xn--80aaa5ajbrzqd.tk, 1
+xn--80aaaane9bk7bh.tk, 1
+xn--80aaacqdkdv7b0a.tk, 1
+xn--80aaagbtu3bfbullc1c.xn--80asehdb, 1
+xn--80aaaptltzqd.tk, 1
+xn--80aacgbiy5akmx.xn--e1a4c, 1
+xn--80aae7aeoh.xn--p1ai, 1
+xn--80aahvz2a9a.xn--p1acf, 1
+xn--80aanbkcescrdedmxzcl4pmc.xn--p1acf, 1
+xn--80aapmgginxs3d.xn--p1ai, 1
+xn--80aayajj8aic.xn--p1ai, 1
+xn--80ab1bse.tk, 1
+xn--80abb4bp.tk, 1
+xn--80abmghlx4ajd.tk, 1
+xn--80ace6be.tk, 1
+xn--80achgm7d.tk, 1
+xn--80ack7b.xn--p1ai, 1
+xn--80acqgkhcn.tk, 1
+xn--80acubre5k.tk, 1
+xn--80adbvdjzhptl1be6j.com, 1
+xn--80adc7bbjgi.xn--p1ai, 1
+xn--80adjmbjd1avp5b4a.xn--p1ai, 1
+xn--80adydmce.com, 1
+xn--80ae7bafe4d.tk, 1
+xn--80aebbkaqx6at.xn--p1ai, 1
+xn--80aejhvi0at.xn--90ais, 1
+xn--80aejljbfwxn.xn--p1ai, 1
+xn--80affa6ai0a.tk, 1
+xn--80afvgfgb0aa.xn--p1ai, 1
+xn--80ah4f.xn--p1ai, 1
+xn--80ahclcaoccacrhfebi0dcn5c1jh.xn--p1ai, 1
+xn--80ahjdhy.tk, 1
+xn--80ahnefiifo0g.xn--p1ai, 1
+xn--80aihgal0apt.xn--p1ai, 1
+xn--80ajnofdk.xn--p1ai, 1
+xn--80ajuk.xn--p1ai, 1
+xn--80akjfhoqm2h2a.xn--p1ai, 1
+xn--80aknjgrv.tk, 1
+xn--80aleen8i.site, 1
+xn--80ancacgircb8q.xn--p1ai, 1
+xn--80anogxed.xn--p1ai, 1
+xn--80aocgsfei.xn--p1ai, 1
+xn--80aod6g.tk, 1
+xn--80apbaibrczvs.xn--p1ai, 1
+xn--80axad8esa.tk, 1
+xn--80azep.tk, 1
+xn--8bi.gq, 0
+xn--8n2am80a.tech, 1
+xn--90accgba6bldkcbb7a.xn--p1acf, 1
+xn--90acibo4aazm.com.ua, 1
+xn--90acjfgylpnm.xn--90ais, 1
+xn--90acrudcl3j.com, 0
+xn--90adahrqfmec.xn--p1ai, 1
+xn--90agmsorb.tk, 1
+xn--90aij9af3f.com.ua, 1
+xn--90aimoos.tk, 1
+xn--90aizn.tk, 1
+xn--90amdjbi3c0ec.xn--p1ai, 1
+xn--938h.st, 1
+xn--94q57lcvpw50b.com, 1
+xn--95q32l0t6b9cb17l.cn, 1
+xn--95qy23o.xn--fiqs8s, 1
+xn--95qy23o.xn--fiqz9s, 1
+xn--98jm6m.jp, 1
+xn--9iqy04a7fi01l.com, 1
+xn--9kq.eu.org, 1
+xn--9kqw7o.com, 1
+xn--9xa.fun, 1
+xn--afd-brhl-c6a.de, 1
+xn--afd-hrth-b6a.de, 1
+xn--afdbrhl-r2a.de, 1
+xn--afdhrth-q2a.de, 1
+xn--alcaiz-zwa.tk, 1
+xn--allgu-biker-o8a.de, 1
+xn--andre-is--yz4h8t9azf9596c4rigl8h.moe, 1
+xn--anyd-7na.at, 1
+xn--apaados-6za.es, 1
+xn--avocai-timioara-kmf1a.ro, 1
+xn--b-tqa.net, 0
+xn--b1aa9b.tk, 1
+xn--b1ab6abhfh.xn--p1ai, 1
+xn--b1ag9a.xn--p1ai, 1
+xn--b1agcgqrei7i.tk, 1
+xn--b1ayb.tk, 1
+xn--b3c4f.xn--o3cw4h, 1
+xn--baron-bonzenbru-elb.com, 1
+xn--bckerei-wohlgemuth-ltb.de, 1
+xn--bersetzung-8db.cc, 1
+xn--bersetzungen-beglaubigt-bpc.de, 1
+xn--berufsprfung-kinsthetik-b8b50d.ch, 1
+xn--berwachungspaket-izb.at, 1
+xn--betwinnerespaa-2nb.com, 1
+xn--bjugrd-lua.io, 1
+xn--blusastlacotalpeas-20b.online, 1
+xn--bm3bl9r.com, 1
+xn--bnq37rc0nw50b.com, 1
+xn--bognsroad-j3a.dk, 1
+xn--brneruhr-0za.ch, 1
+xn--bruno-hnel-kcb.de, 0
+xn--bwx.xn--fiqs8s, 1
+xn--bwx.xn--fiqz9s, 1
+xn--c-xga.de, 1
+xn--c1aaulbdc.tk, 1
+xn--c1adqibibm8i.com, 1
+xn--c1aehtaetb.xn--p1ai, 1
+xn--c1aid4ap8e.tk, 1
+xn--c1aolabgdj.tk, 1
+xn--c5w032d4vi.cn, 1
+xn--c5w032d4vi.com, 1
+xn--c5w032d4vi.xn--fiqs8s, 1
+xn--c5w032d4vi.xn--fiqz9s, 1
+xn--c5w27q.ml, 1
+xn--c5wy5c025b.cn, 1
+xn--c5wy5c025b.xn--fiqs8s, 1
+xn--c5wy5c025b.xn--fiqz9s, 1
+xn--carlshamnsvxtrike-0qb.se, 1
+xn--cck4ax91r.com, 1
+xn--cck7f515h.com, 1
+xn--cckdrt0kwb4g3cnh.com, 1
+xn--cckvb1cwa0c5br5e2d2711k.net, 1
+xn--cckwcxetd, 1
+xn--cctsgy36bnvprwpekc.com, 1
+xn--chrysopekinsiologie-hzbe.fr, 1
+xn--circul-gva.cc, 1
+xn--circul-u3a.cc, 1
+xn--cisowcy-pjb5t.pl, 1
+xn--contrasea-s6a.cl, 1
+xn--crystal-9e7ua.icu, 1
+xn--cysy13an3a5z7c.xyz, 1
+xn--d1aca2a5al.tk, 1
+xn--d1acfdr6h.com.ua, 1
+xn--d1acmf9g.xn--p1ai, 1
+xn--d1aczdsdn4d.tk, 1
+xn--d1afcjuch.xn--p1ai, 1
+xn--d1awi.tk, 1
+xn--das-anhngerzentrum-rtb.at, 1
+xn--dcko6fsa5b1a8gyicbc.biz, 1
+xn--dckya4a0bya6x.com, 1
+xn--dckya4a0bya6x.jp, 1
+xn--dej-3oa.lv, 1
+xn--detrkl13b9sbv53j.com, 1
+xn--diseadorwebmallorca-y3b.com, 1
+xn--dk8haaa.ws, 1
+xn--dmontaa-9za.com, 1
+xn--dragni-g1a.de, 1
+xn--dragni-g1a.eu, 1
+xn--dtursfest-72a.dk, 1
+xn--durhre-yxa.de, 1
+xn--dviz-5qa.com, 1
+xn--e--0g4aiy1b8rmfg3o.jp, 1
+xn--e--4h4axau6ld4lna0g.com, 1
+xn--e--ig4a4c3f6bvc5et632i.com, 1
+xn--e--k83a5h244w54gttk.xyz, 1
+xn--e1aa7abbg.xn--p1ai, 1
+xn--e1aaavheew.xn--p1ai, 1
+xn--e1aaavheewr.xn--p1ai, 1
+xn--e1aahuqbk6f.tk, 1
+xn--e1aajhbc0amdp4byf.xn--p1ai, 1
+xn--e1aajkmzd.xn--p1ai, 1
+xn--e1adlfhcdo7h.xn--p1ai, 1
+xn--e1afggpjhk3b1e.xn--p1ai, 1
+xn--e1agokg6a9a.tk, 1
+xn--e1aoahhqgn.xn--p1ai, 1
+xn--e1aoddhq.gq, 1
+xn--e1awbbf4g.xn--p1ai, 1
+xn--e1tvpw18d.com, 1
+xn--e1tx9l9xc.xn--6qq986b3xl, 1
+xn--ecki0cd0bu9a4nsjb.com, 1
+xn--ee-zja.de, 1
+xn--eebao6b.com, 1
+xn--eebao6b.net, 1
+xn--eglujemy-23b.net, 1
+xn--ehq091c7jk8qq.com, 1
+xn--ehqw04eq6e.jp, 1
+xn--ehqy0ag27f64i.xyz, 1
+xn--elsignificadodesoar-c4b.com, 1
+xn--eo5aaa.eu.org, 1
+xn--erban-e9b.ro, 1
+xn--erklderbarenben-slbh.dk, 1
+xn--ertvg-pra.no, 1
+xn--et8h.cf, 0
+xn--ettbttreinternet-ynb.se, 1
+xn--ex-1b4auld4fn3u3ck2069g.com, 1
+xn--f1ai7a.tk, 1
+xn--f5q52dc2lgtg336a4xoyxh2oj.tw, 1
+xn--f9jh4f4b4993b66s.tokyo, 1
+xn--fakovcov-gza74b.eu, 1
+xn--fakovec-k6a.eu, 1
+xn--familie-pppinghaus-l3b.de, 1
+xn--feuerlscher-arten-4zb.de, 1
+xn--fiqs8syvac75bffa172w.cn, 1
+xn--fiqs8syvak73af2cw10h.cn, 1
+xn--flskeklubben-7cb.dk, 1
+xn--flsterstollen-xob.com, 0
+xn--fp8h58f.ws, 1
+xn--fp8hm6b.ws, 1
+xn--frankierknig-djb.de, 1
+xn--frauenrztin-wedel-vqb.de, 1
+xn--frderer-n2a.de, 1
+xn--fretagsfinanser-8sb.se, 1
+xn--fs5ak3f.com, 1
+xn--g1abhqbgs.xn--p1ai, 1
+xn--gfrr-7qa.li, 1
+xn--gfrrli-yxa.ch, 1
+xn--ggle-qoaa.com, 1
+xn--gi8h6v.ml, 1
+xn--gmq92k.nagoya, 1
+xn--grnderlehrstuhl-0vb.de, 1
+xn--grnstrm-r1ae.nu, 1
+xn--gs8h.eu.org, 1
+xn--gu1a.moe, 1
+xn--h-1ga.net, 1
+xn--h1aaahdlb4aki4h.xn--p1ai, 1
+xn--h1aaakmzd.xn--p1ai, 1
+xn--h1aarew7ct.tk, 1
+xn--h1aifgllz.xn--p1ai, 1
+xn--h7t906ca.xn--fiqs8s, 1
+xn--h7t906ca.xn--fiqz9s, 1
+xn--helhetsframtrdande-xtb.se, 1
+xn--hfk-allgu-schwaben-stb.de, 1
+xn--hgbk4a00a.com, 1
+xn--hllrigl-90a.at, 0
+xn--hnse-gra.net, 1
+xn--hogarniitojesus-4qb.com, 1
+xn--hsers-kva.de, 1
+xn--ikketenkpdet-1cb.no, 1
+xn--imker-in-nrnberg-szb.de, 1
+xn--int-ru8ea.xn--6qq986b3xl, 1
+xn--internetlnen-1cb.com, 1
+xn--ionunica-29c.ro, 1
+xn--irr.xn--fiqs8s, 1
+xn--is8h6d.gq, 0
+xn--itt6x.xn--fiqs8s, 1
+xn--itt6x.xn--fiqz9s, 1
+xn--itts1a.xn--fiqs8s, 1
+xn--itts1a.xn--fiqz9s, 1
+xn--j1afcdm4f.xn--p1ai, 1
+xn--j1aoca.xn--p1ai, 1
+xn--j4h.cf, 1
+xn--j8se.com, 1
+xn--jkaappi-5waa.fi, 1
+xn--jlq480n2rg, 1
+xn--jp8hx8f.ws, 1
+xn--kckd0bd4a8tp27yee2e.com, 1
+xn--keditr-0xa.biz, 1
+xn--kinsthetik-s5a.ch, 1
+xn--kkcon-fwab.nz, 1
+xn--kl-oja.is, 1
+xn--klmek-0sa.com, 1
+xn--ksse-5qa.fi, 1
+xn--ktha-kamrater-pfba.se, 0
+xn--l3cb0bbcf6ezc4a7e.th, 1
+xn--l8j6d.com, 1
+xn--l8jer.moe, 1
+xn--l8js6h.moe, 1
+xn--l8js6h476m.xn--q9jyb4c, 1
+xn--labanskllermark-ftb.se, 1
+xn--lfv405c.com, 1
+xn--ljyakatemia-qfb.fi, 1
+xn--lk1a.moe, 1
+xn--ll-yka.de, 1
+xn--lna-2000-9za.nu, 1
+xn--lna-4000-9za.nu, 1
+xn--locaaomoema-p9a.com.br, 1
+xn--losolivareos-jhb.com, 1
+xn--love-un4c7e0d4a.com, 1
+xn--lrepenger-g3a.no, 1
+xn--lti-3qa.lv, 1
+xn--lzs398g.xn--fiqs8s, 1
+xn--lzs398g.xn--fiqz9s, 1
+xn--m1aba.tk, 1
+xn--m6t22d1b026i1odr9k.cn, 1
+xn--m6to92j.xn--gmqw5a.xn--j6w193g, 1
+xn--m6ty4dmx2a7ki.cn, 1
+xn--m9jy50kkpx.tk, 1
+xn--manuela-stsser-psb.de, 1
+xn--marn-8ra.eu, 1
+xn--martnvillalba-zib.com, 1
+xn--martnvillalba-zib.net, 1
+xn--mbius-jua.band, 1
+xn--mein-kchenhelfer-ozb.de, 1
+xn--mensenges-o1a8c.gq, 1
+xn--mensengesss-t8a.gq, 1
+xn--mentaltraining-fr-musiker-uwc.ch, 1
+xn--mercadonavideo-2nb.com, 1
+xn--mgbbh2a9fub.xn--ngbc5azd, 0
+xn--mgbmmp7eub.com, 1
+xn--mgbpkc7fz3awhe.com, 1
+xn--mgbqq.com, 1
+xn--mgbuq0c.net, 1
+xn--mhringen-65a.de, 1
+xn--mitenlyttit-s8aad6xf.fi, 1
+xn--mitenlyttyt-s8aad6xg.fi, 1
+xn--mitensaadatit-nfb1y.fi, 1
+xn--mitensaadatyt-nfb2y.fi, 1
+xn--mlkky-jua.fr, 1
+xn--mllerhesszimmerli-22b.ch, 1
+xn--mllingen-65a.de, 1
+xn--mnck-5qa.de, 1
+xn--mnich-7ua.de, 1
+xn--mntsamling-0cb.dk, 1
+xn--morrhret-e0a.se, 1
+xn--mxaavenvi2h.live, 1
+xn--myrepubic-wub.net, 1
+xn--myrepublc-x5a.net, 1
+xn--naade-dta.com, 1
+xn--nbetcieczane-4ib.gen.tr, 1
+xn--nicieri-b4a.ro, 1
+xn--nidar-tib.org, 1
+xn--nide-loa.ee, 1
+xn--nied-lchelt-q8a.de, 1
+xn--niedlchelt-u5a.de, 1
+xn--nordlicht-hrnum-jtb.de, 1
+xn--nrrdetval-v2ab.se, 1
+xn--nts.xn--fiqs8s, 1
+xn--nts.xn--fiqz9s, 1
+xn--o38h.tk, 1
+xn--o3ca2aced1cc7e5a1jc6h.com, 1
+xn--o77hka.ga, 1
+xn--obt757c.com, 1
+xn--oiqt18e8e2a.eu.org, 1
+xn--oj-uu2c9c422w3mh.com, 0
+xn--okra.xn--6qq986b3xl, 1
+xn--p2v.xn--fiqs8s, 1
+xn--p2v.xn--fiqz9s, 1
+xn--p3t555glxhnwa.com, 1
+xn--p8j9a0d9c9a.xn--q9jyb4c, 1
+xn--patga-p4a.ga, 1
+xn--patiga-syd.ga, 1
+xn--pbt947am3ab71g.com, 1
+xn--pckl4ji.ml, 1
+xn--pckqk6xk43lunk.net, 1
+xn--pe-bka.ee, 1
+xn--petitetoile-gbb.com, 1
+xn--photovoltaik-berwachung-opc.de, 1
+xn--pn1am9c.com, 1
+xn--pq1a637b.xn--6qq986b3xl, 1
+xn--prfontaine-c7a.name, 1
+xn--q2y08clzag4u.tw, 1
+xn--q3cb3bxa0b7h.com, 1
+xn--qckss0j.tk, 1
+xn--qfun83b.ga, 1
+xn--qm1a.xn--fiqs8s, 1
+xn--qm1a.xn--fiqz9s, 1
+xn--r77hya.ga, 1
+xn--r8jzaf7977b09e.com, 1
+xn--rdiger-barney-wob.de, 1
+xn--rdiger-kuhlmann-zvb.de, 1
+xn--registriertesexualstraftter-ykc.de, 1
+xn--rih.ml, 1
+xn--rl-wka.ch, 1
+xn--roselire-60a.ch, 0
+xn--roselire-60a.com, 0
+xn--rs5a.xn--fiqs8s, 1
+xn--rs5a.xn--fiqz9s, 1
+xn--rt-cja.eu, 1
+xn--rt-cja.ie, 1
+xn--rtter-kva.eu, 1
+xn--ruanmller-u9a.com, 1
+xn--ruciski-6jb.pl, 1
+xn--s-0fa.fi, 1
+xn--s-1gaa.fi, 1
+xn--s1r71tg0o30bxm52odlvspdop4b.cn, 1
+xn--sb-lka.org, 1
+xn--schcke-yxa.de, 1
+xn--schlerzeitung-ideenlos-ulc.de, 1
+xn--schpski-c1a.de, 1
+xn--schsischer-christstollen-qbc.shop, 0
+xn--schwedischezahnrztin-pzb.de, 1
+xn--skmotoroptimering-zzb.site, 1
+xn--spenijmazania-yhc.pl, 1
+xn--spiraphnix-olb.xyz, 1
+xn--srbarhetsskanning-8qb.se, 1
+xn--srenpind-54a.dk, 1
+xn--ss-sein-fetzt-wob.de, 1
+xn--strandhaus-hinter-der-dne-1wc.de, 1
+xn--stubbfrsning-uppsala-hzb.se, 1
+xn--svezavaukuu-ulb08i.rs, 1
+xn--sz8h.ml, 1
+xn--t-oha.lv, 1
+xn--t8j4aa4nkg1h9bwcvud.com, 1
+xn--t8j4aa4nzg3a5euoxcwee.xyz, 1
+xn--t8jo9k1b.com, 1
+xn--t8qu4voqikh.com, 1
+xn--tagungssttte-usedom-owb.de, 0
+xn--tagungssttte-zinnowitz-84b.de, 0
+xn--tatilgnleri-yhb.com, 1
+xn--tftel-tom-q9a.de, 1
+xn--tgstationen-x8a.se, 1
+xn--thorme-6uaf.ca, 1
+xn--tigreray-i1a.org, 1
+xn--trdler-xxa.xyz, 1
+xn--u8jwd.ga, 1
+xn--u9j920h4sbt5ex10f.online, 1
+xn--u9jv84l7ea468b.com, 1
+xn--u9jy16ncfao19mo8i.nagoya, 1
+xn--uba.eu.org, 1
+xn--ug8h.st, 1
+xn--uist1idrju3i.jp, 1
+xn--ukasik-2db.pl, 1
+xn--ukys-f6a.lt, 1
+xn--underux-0za.eu, 1
+xn--urgencesolidarit-qqb.com, 1
+xn--urgencesolidarit-qqb.fr, 1
+xn--uxqy9syyb.com, 1
+xn--v-wfa35g.ro, 1
+xn--v4q.ml, 1
+xn--v6q426ishax2a.xyz, 1
+xn--vck8crc010pu14e.biz, 1
+xn--vck8crcu789ajtaj92eura.xyz, 1
+xn--vihrekeino-u5a.fi, 1
+xn--vwsv89g.xn--fiqs8s, 1
+xn--vwsv89g.xn--fiqz9s, 1
+xn--vwsw0b.xn--fiqs8s, 1
+xn--vwsw0b.xn--fiqz9s, 1
+xn--vwsw0b192f.xn--fiqs8s, 1
+xn--vwsw0b192f.xn--fiqz9s, 1
+xn--vxsq49l.cn, 1
+xn--w-sgae.eu, 1
+xn--w22a.jp, 1
+xn--wby9t.xyz, 0
+xn--wcs69oyudj44b.xyz, 1
+xn--wiateko-rjb3t.eu, 1
+xn--woistdermlleimer-rzb.de, 1
+xn--wp9ha.ws, 1
+xn--wq9h.ml, 0
+xn--xft85up3jca.ga, 1
+xn--xwqa8512b.eu.org, 1
+xn--xz1a.jp, 1
+xn--y-5ga.com, 1
+xn--y3cac7d1d.xn--o3cw4h, 1
+xn--y8j0b0a9exb.jp, 1
+xn--y8j148r.xn--q9jyb4c, 0
+xn--y8j2eb5631a4qf5n0h.com, 1
+xn--y8ja6lb.xn--q9jyb4c, 1
+xn--y8jarb5hca.jp, 1
+xn--yj8h0m.ws, 1
+xn--ykqxsg6sqp4cd861a.ml, 1
+xn--ykrp42k.com, 1
+xn--yrvp1ac68c.xn--6qq986b3xl, 1
+xn--z1tq4ldt4b.com, 1
+xn--zca.dk, 1
+xn--zettlmeil-n1a.de, 1
+xn--zr9h.cf, 1
+xn--zr9h.ga, 1
+xn--zr9h.ml, 1
+xn--zr9h.tk, 1
+xn--zsr042b.fun, 1
+xnaas.info, 1
+xnativi.pl, 1
+xnet-x.net, 1
+xnetwork.ml, 1
+xniver.se, 1
+xnix.tk, 1
+xnoe.moe, 1
+xnop.yt, 1
+xnopyt.com, 1
+xnopyt.info, 1
+xnsir.com, 1
+xntrik.wtf, 1
+xnu.kr, 1
+xnxxporns.com, 1
+xo.wtf, 1
+xoan.cf, 1
+xobotun.com, 1
+xocc.cc, 1
+xoda.pw, 1
+xolotto.com, 1
+xolphin.nl, 1
+xombitgames.com, 1
+xombitmusic.com, 1
+xomyak.tk, 1
+xone.cz, 0
+xonobixa.tk, 1
+xoomenergy.com, 1
+xor.ai, 1
+xor.cat, 1
+xor.tools, 1
+xorion.pl, 1
+xorm.io, 1
+xormatic.com, 1
+xosh.fr, 1
+xotictrends.com, 1
+xotika.tv, 1
+xoutpost.com, 1
+xp-ochrona.pl, 1
+xp.nsupdate.info, 1
+xpd.se, 1
+xpenology-fr.net, 1
+xperiacode.com, 1
+xperidia.com, 1
+xpertairtx.com, 1
+xpertairwaco.com, 1
+xpertcenter.ch, 0
+xpertcube.com, 1
+xpertmedia.ro, 1
+xpertsunlimited.com, 1
+xpetit.net, 1
+xpews.org, 1
+xpg.jp, 1
+xphelper.tk, 1
+xpj090.com, 1
+xpj100.com, 0
+xpj678678.com, 1
+xpj90.com, 1
+xpj909.cc, 0
+xpj909.com, 1
+xpj909.in, 0
+xpj909.me, 1
+xpj909.vip, 0
+xpj919.in, 0
+xpj919.me, 0
+xpj919.vip, 0
+xpjab.com, 0
+xpjcu.com, 0
+xpjdi.com, 0
+xpjei.com, 0
+xpjiosapp.com, 0
+xpjwa.com, 0
+xpjwb.com, 0
+xpletus.nl, 1
+xplo.it, 1
+xploredundee.com, 1
+xplozion.tk, 1
+xpods.sg, 1
+xportxpert.com, 1
+xpreflect.co.uk, 1
+xps-auto.com, 1
+xps3dp.com, 1
+xps40.com, 1
+xpsauto.com, 1
+xpsautomation.com, 1
+xpsfactory.com, 1
+xpsinnovation.com, 1
+xpsnow.net, 1
+xpsrobotics.com, 1
+xptrack.com, 1
+xptrackstaging.com, 1
+xpwn.cz, 0
+xq.com, 1
+xq6dtff.top, 1
+xqin.net, 1
+xqk7.com, 1
+xqwqx.com, 1
+xr5.me, 1
+xr5.tech, 1
+xrayreview.ml, 1
+xrbox.me, 1
+xrdd.de, 1
+xreverseporn.com, 1
+xrg.cz, 1
+xrippedhd.com, 1
+xrism.ro, 1
+xrockx.de, 1
+xrp.pp.ua, 1
+xrpnews.info, 1
+xrpscan.com, 1
+xrwracing-france.com, 1
+xs2a.no, 1
+xs4ever.org, 1
+xsait.tk, 1
+xsave.ru, 1
+xscancun.com, 1
+xsden.info, 1
+xsec.me, 1
+xsenya74hram.tk, 1
+xseries-forum.com, 1
+xserownia.cloud, 0
+xserownia.com.pl, 1
+xserownia.eu, 1
+xserownia.info, 0
+xserownia.net, 1
+xserownia.pl, 1
+xsitedleads.com, 1
+xsmobile.de, 1
+xsolla.com, 1
+xss.name, 1
+xss.sk, 1
+xssi.uk, 1
+xsstime.nl, 1
+xsteam.eu, 1
+xstorysnap.com, 1
+xstreamable.com, 1
+xsuper.net, 1
+xsv.cn, 1
+xsz.jp, 1
+xt.om, 1
+xt177.com, 1
+xtaboo3d.com, 1
+xtalpi.com, 1
+xtarget.ru, 1
+xtechkr.com, 1
+xtechtecnologia.tec.br, 1
+xthugboyz.com, 1
+xtianhe.com, 0
+xtips.us, 1
+xtom.africa, 1
+xtom.al, 1
+xtom.amsterdam, 1
+xtom.au, 1
+xtom.ax, 1
+xtom.be, 1
+xtom.bg, 1
+xtom.by, 1
+xtom.ch, 1
+xtom.chat, 1
+xtom.co.uk, 1
+xtom.com, 1
+xtom.com.au, 1
+xtom.com.de, 1
+xtom.com.ee, 1
+xtom.com.hk, 1
+xtom.cy, 1
+xtom.cz, 1
+xtom.de, 1
+xtom.dk, 1
+xtom.ee, 1
+xtom.es, 1
+xtom.eu, 1
+xtom.fi, 1
+xtom.fo, 1
+xtom.fr, 1
+xtom.ge, 1
+xtom.gg, 1
+xtom.gmbh, 1
+xtom.gr, 1
+xtom.hk, 1
+xtom.hr, 1
+xtom.hu, 1
+xtom.im, 1
+xtom.io, 1
+xtom.is, 1
+xtom.it, 1
+xtom.je, 1
+xtom.jp, 1
+xtom.li, 1
+xtom.limited, 1
+xtom.london, 1
+xtom.lt, 1
+xtom.ltd, 1
+xtom.lu, 1
+xtom.lv, 1
+xtom.md, 1
+xtom.me, 1
+xtom.mk, 1
+xtom.moscow, 1
+xtom.nl, 1
+xtom.no, 1
+xtom.nu, 1
+xtom.paris, 1
+xtom.pl, 1
+xtom.pt, 1
+xtom.ro, 1
+xtom.ru, 1
+xtom.si, 1
+xtom.sk, 1
+xtom.social, 1
+xtom.su, 1
+xtom.uk, 1
+xtom.us, 1
+xtom.wiki, 1
+xtom.xyz, 1
+xtorm.ro, 1
+xtournois.com, 1
+xtra.net, 1
+xtrainsights.com, 1
+xtralis.com, 1
+xtreamfire.tk, 1
+xtreme-cs.tk, 1
+xtreme-servers.eu, 1
+xtremealaskainsulation.com, 1
+xtremebouncepartyhire.com.au, 1
+xtremegaming.it, 1
+xtremers.tk, 1
+xtremotivation.com, 1
+xtremyblog.com, 1
+xtronics.com, 1
+xts.bike, 1
+xts3636.net, 1
+xtsna.com, 1
+xtspeeder.com, 0
+xttt.net, 1
+xtu2.com, 1
+xtzone.be, 1
+xtzs6.vip, 1
+xuab.net, 1
+xuan-hao.com, 1
+xuan.com.my, 1
+xuancommagere.com, 1
+xuanmeishe.net, 0
+xuann.wang, 1
+xubo666.com, 1
+xuc.me, 1
+xucha.ml, 1
+xueaiai.cf, 1
+xueaiai.com, 1
+xueaiai.ml, 1
+xueanquan.com, 1
+xuecheng.com, 1
+xuedianshang.com, 1
+xuehuang666.cn, 1
+xuesoska.ga, 1
+xuewen.ink, 1
+xuewen.me, 1
+xuexi.icu, 0
+xuez.cc, 1
+xuming.studio, 1
+xumm.me, 1
+xunmengdu.com, 1
+xuntaosms.com, 1
+xuntier.ch, 1
+xurl.gq, 1
+xurl.ltd, 1
+xushuai.org, 1
+xusqui.com, 1
+xuwei.de, 1
+xuyh0120.win, 1
+xvadimx.me, 1
+xvaldezendocrino.com, 1
+xvidyo.ga, 1
+xviimusic.com, 1
+xvix.eu, 1
+xvmmod.com, 1
+xvpn.io, 1
+xvt-blog.tk, 1
+xwalck.se, 1
+xwaretech.info, 1
+xwf.fyi, 1
+xwfwrestling.tk, 1
+xwm.ru, 1
+xwndtq.xyz, 1
+xwnu.com, 1
+xworder.tk, 1
+xwp.co, 1
+xx.gl, 1
+xx0r.eu, 1
+xx6729.co, 1
+xx6729.com, 0
+xx6957.co, 1
+xx9297.co, 1
+xx9397.com, 0
+xx9721.com, 0
+xx9728.co, 1
+xxdtl.com, 1
+xxffo.com, 1
+xxl-bonus.tk, 1
+xxl.dk, 1
+xxl.fi, 1
+xxl.se, 1
+xxl.tax, 1
+xxlpen.eu, 1
+xxlsports.at, 1
+xxvv.loan, 1
+xxx-fiction.com, 1
+xxx-gays.com, 1
+xxxarabgirls.com, 1
+xxxbunker.com, 1
+xxxfreepornclip.com, 1
+xxxgr.net, 1
+xxxite.me, 1
+xxxmoviesdot.com, 1
+xxxomas.com, 1
+xxxoopz.com, 1
+xxxporn-videos.com, 1
+xxxpornohub.net, 1
+xxxshades.com, 1
+xxxshemaleporn.com, 1
+xxxsuper.net, 1
+xxxteen.net, 1
+xxxtophd.com, 1
+xxxvideos-base.com, 1
+xxxvideos-tube.com, 1
+xxxvids.mobi, 1
+xxxvids.tv, 1
+xxxvv3.com, 1
+xxxvv8.com, 1
+xxxvv9.com, 1
+xxxxlol.com, 1
+xxyy.asia, 1
+xy.ax, 1
+xy366.cc, 1
+xy369.cc, 1
+xy6161.com, 1
+xy6262.com, 1
+xy6729.com, 1
+xy6957.com, 1
+xy7171.com, 1
+xy7272.com, 1
+xy7373.com, 1
+xy96.top, 1
+xyactive.com.au, 1
+xycommunication.com, 1
+xyenon.bid, 1
+xyfun.net, 0
+xyl.cool, 1
+xyloefarmoges.gr, 0
+xylos.nl, 1
+xynta.ch, 1
+xyquadrat.ch, 1
+xyrexwolf-sebastien-izambard.tk, 1
+xywing.com, 0
+xyz.vn, 1
+xyz2007.com, 1
+xyz234.com, 1
+xyz323.com, 1
+xyz345.com, 1
+xyz543.com, 1
+xyz55.com, 1
+xyz566.com, 1
+xyz566.net, 1
+xyz567.com, 1
+xyz65.com, 1
+xyz66.ai, 1
+xyz66.net, 1
+xyz678.com, 1
+xyz77.com, 1
+xyz788.com, 1
+xyz88.ai, 1
+xyz88.biz, 1
+xyz88.fun, 1
+xyz88.info, 1
+xyz88.life, 1
+xyz88s.com, 1
+xyzcd.ai, 1
+xyzemails.com, 0
+xyzmedia.net, 1
+xyzmedia.rs, 1
+xyzulu.hosting, 1
+xyzxyx.com, 1
+xyzyz.xyz, 1
+xyzzy.earth, 1
+xyzzyyyz.com, 1
+xz0.de, 1
+xzclip.cn, 1
+xzib.com, 1
+xzibits.com, 1
+xzqy.net, 1
+xztech.co, 1
+y-erodoga.com, 1
+y-erogazo.com, 1
+y-nas.tk, 1
+y.com.cm, 1
+y.com.sb, 1
+y09a.com, 0
+y09app.com, 0
+y09app.vip, 0
+y09j.com, 0
+y11n.net, 0
+y2bet.com, 1
+y2s.pw, 1
+y3451.com, 1
+y3600.cc, 1
+y3600.cz, 1
+y3650.com, 1
+y36500.com, 1
+y3651.com, 0
+y36511.com, 1
+y365188.com, 1
+y3653.com, 1
+y36533.com, 1
+y3654.com, 0
+y3656.com, 1
+y36577.com, 0
+y3bet.com, 1
+y5197.co, 1
+y5bet.com, 1
+y6180.com, 1
+y6729.co, 1
+y6729.com, 1
+y68cc.com, 0
+y68ee.com, 0
+y68ff.com, 0
+y68gg.com, 0
+y68gl.com, 1
+y68hh.com, 0
+y68ii.com, 0
+y68jj.com, 0
+y68jn.com, 1
+y68ll.com, 0
+y68oo.com, 1
+y68pp.com, 0
+y68qq.com, 0
+y68rr.com, 0
+y68sc.com, 1
+y68sz.com, 1
+y68tt.com, 0
+y68uu.com, 0
+y68yy.com, 0
+y68zz.com, 0
+y6957.co, 1
+y6bet.com, 1
+y70102.com, 1
+y70301.com, 1
+y70302.com, 1
+y70303.com, 1
+y7091.com, 1
+y7092.com, 1
+y7093.com, 1
+y890000.com, 0
+y891111.com, 0
+y892222.com, 0
+y893333.com, 0
+y894444.com, 0
+y895555.com, 0
+y896666.com, 0
+y897777.com, 0
+y898888.com, 0
+y89a.com, 0
+y89a.net, 1
+y89aaa.com, 0
+y89b.com, 0
+y89b.net, 1
+y89bbb.com, 0
+y89c.com, 1
+y89c.net, 1
+y89ccc.com, 0
+y89d.com, 1
+y89d.net, 1
+y89dd.com, 1
+y89ddd.com, 1
+y89e.com, 1
+y89e.net, 1
+y89ee.com, 1
+y89eee.com, 1
+y89f.com, 1
+y89f.net, 1
+y89fff.com, 0
+y89g.com, 1
+y89g.net, 1
+y89gg.com, 1
+y89h.net, 1
+y89hh.com, 1
+y89hhh.com, 0
+y89i.com, 0
+y89i.net, 1
+y89ii.com, 1
+y89iii.com, 1
+y89j.com, 1
+y89j.net, 1
+y89jj.com, 1
+y89jjj.com, 0
+y89k.com, 0
+y89kk.com, 1
+y89l.com, 0
+y89ll.com, 1
+y89m.com, 1
+y89n.com, 1
+y89o.com, 1
+y89q.com, 0
+y89r.com, 0
+y89s.com, 0
+y89t.com, 0
+y89u.com, 0
+y89v.com, 1
+y89ww.com, 0
+y89zz.com, 0
+y9297.co, 1
+y9728.co, 1
+y99.in, 1
+ya-hudeu.tk, 1
+ya-hudeyu.gq, 1
+ya-hudeyu.ml, 1
+ya-hudeyu.tk, 1
+ya-madina.tk, 1
+ya-radio.tk, 1
+ya-stroynaya.tk, 1
+ya-zdorova.tk, 1
+ya.mk, 1
+yaateens.org, 1
+yaay.com.br, 1
+yaazhtech.com, 1
+yaballe.com, 1
+yabbr.com.au, 1
+yabbr.io, 1
+yabo68.com, 0
+yabuisha.jp, 1
+yacca.co.uk, 1
+yacg.asia, 1
+yachatshomesforsale.com, 1
+yachigoya.com, 1
+yachta.kiev.ua, 1
+yachtbuyer.com, 1
+yachtcharterfleet.com, 1
+yachtcita.com, 0
+yachtcrafter.com, 1
+yachtfolio1.com, 1
+yachting-home.com, 1
+yachtlettering.com, 1
+yachtmarket.com.ua, 1
+yachtwaypoints.com, 1
+yacine-app.tv, 1
+yacostasolutions.com, 1
+yadnameh.ga, 1
+yaebus.tk, 1
+yaencontre.com, 1
+yafull.com, 1
+yafuoku.ru, 1
+yaghoobi.tk, 1
+yagihiro.tech, 1
+yagizhan.me, 1
+yagliyurt.com, 1
+yagmursoft.tk, 1
+yagoda-malina.tk, 1
+yagodigribi.guru, 1
+yagotour.cf, 1
+yaharu.ru, 1
+yahav.co.il, 1
+yahlab.de, 1
+yahoo.ax, 1
+yahtzeemanifesto.com, 1
+yahvehyireh.com, 1
+yahvk.moe, 1
+yahzah.com, 1
+yaiho.com, 1
+yaiho.de, 1
+yak-host.tk, 1
+yakbett.de, 1
+yakiimo-sakura.com, 1
+yakimono.ga, 1
+yakimoshi.tk, 1
+yakisakana.tk, 1
+yakkifamirie.tk, 1
+yakmail.tech, 1
+yakovmanshin.com, 1
+yakshop.bg, 1
+yakupyilmazboru.com, 1
+yakutia.tk, 1
+yakutianews.tk, 1
+yakutsk-city.tk, 1
+yakutsk.ml, 1
+yalb.tech, 1
+yalcinkaya.ninja, 0
+yalecleaners.com, 1
+yalla-kora.tv, 1
+yalla-shoots.tv, 1
+yalla-shootx.com, 1
+yallamotor.com, 1
+yalook.com, 1
+yaltaarenda.tk, 1
+yamabara.tk, 1
+yamabi.co, 1
+yamacore.de, 1
+yamadaya.tv, 1
+yamagata-fujinka.jp, 1
+yamagata-healing.com, 1
+yamaken.jp, 1
+yamal-online.ml, 1
+yamal159263.ml, 1
+yamanami.tokyo, 1
+yamanobe-taro.jp, 1
+yamatonetwork.com, 1
+yamazaki-automotive.co.jp, 1
+yame2.com, 1
+yamei1.com, 1
+yamei6688.com, 1
+yamei6699.com, 1
+yamei8.com, 1
+yamei8866.com, 1
+yamei98.com, 1
+yamei99.com, 1
+yamei9955.com, 1
+yamhillcounty.gov, 1
+yamm.io, 1
+yamobila.tk, 1
+yamunaexpresswayplot.com, 1
+yan.gg, 1
+yan.lt, 1
+yan.net.cn, 1
+yan3321.com, 1
+yanaduday.com, 1
+yanagibashi.me, 1
+yananikitina.site, 1
+yanaya-k.jp, 1
+yanbohon.com, 1
+yandere.moe, 1
+yandong.tk, 1
+yang1963.com.tw, 1
+yangcs.net, 0
+yangfamily.tw, 1
+yangjingwen.cn, 1
+yangjingwen.com, 1
+yangmao.info, 1
+yangmaodang.org, 0
+yangmi.blog, 1
+yangrq.org, 1
+yangruixin.com, 1
+yangshangzhen.com, 0
+yangwang.tk, 1
+yangxi.tech, 1
+yangyi.ml, 1
+yangzi.ml, 1
+yanhongming.net, 1
+yanik.info, 1
+yanisvaroufakis.eu, 1
+yanivboost.com, 1
+yanjicg.com, 0
+yann.tw, 1
+yanngraf.ch, 0
+yannic.world, 0
+yannickkordel.de, 1
+yannickkordel.eu, 1
+yannickvdvelde.tk, 1
+yanniclandsmann.de, 1
+yannik-buerkle.de, 1
+yannikbloscheck.com, 1
+yannsalmon.fr, 1
+yannyann.com, 1
+yanovosibirsk.ml, 1
+yanservices.be, 1
+yansurachman.web.id, 1
+yantarniy.tk, 1
+yantox.com, 1
+yanwo.com.tw, 1
+yaodownload.com, 1
+yaoge123.com, 1
+yaourtiere.info, 1
+yaoyorozu.eu, 1
+yaoyorozu.re, 1
+yap26.cc, 1
+yapan008.com, 1
+yapan222.com, 1
+yapan3.com, 1
+yapan33.com, 1
+yapan333.com, 1
+yapan365.net, 1
+yapan4.com, 1
+yapan44.com, 1
+yapan444.com, 1
+yapan55.com, 1
+yapan555.com, 1
+yapan6.com, 1
+yapan66.com, 1
+yapan666.com, 1
+yapan7.com, 1
+yapan77.com, 1
+yapan777.com, 1
+yapan8.com, 1
+yapan888.com, 1
+yapan9.com, 1
+yapan99.com, 1
+yapan999.com, 1
+yapanwang.com, 1
+yapaytech.com, 1
+yapdentalsurgery.com, 1
+yapmaz.com, 1
+yapper.fr, 1
+yappy.com, 1
+yappy.media, 1
+yarcom.ru, 0
+yardandgardenguru.com, 1
+yardesign.tk, 1
+yardhelp.ga, 1
+yardthyme.com, 1
+yardtower.com, 1
+yaren-it.de, 1
+yaren.it, 1
+yarlesac.com, 1
+yarmarka-megamarket.ru, 1
+yarnandy.com, 1
+yarnsub.com, 1
+yarogneva.ru, 1
+yarokuk.com, 1
+yaroslavia.eu.org, 1
+yaroslavova.tk, 1
+yarowork.jp, 1
+yarplast.tk, 1
+yarr.pt, 1
+yarracitta.tk, 1
+yarravilletownhouses.com.au, 1
+yaru.one, 1
+yarygin.tk, 1
+yasam.co.uk, 1
+yaseen.ae, 1
+yaseiblog.org, 1
+yash.com, 1
+yashik.tv, 0
+yashinstore.com, 1
+yashu.store, 1
+yasic.net, 1
+yasikish.com, 1
+yaslihastabakici.com, 1
+yasmeencreative.com, 1
+yasmin-apartments.cz, 1
+yasmin.ml, 1
+yasmingarcia.tk, 1
+yasraiting.tk, 1
+yasrating.tk, 1
+yassinesmael.tk, 1
+yasudaseiki.cn, 1
+yasukevicious.com, 1
+yatai18.com, 1
+yatax.fr, 1
+yateam.cc, 1
+yates.com.au, 1
+yatescountyny.gov, 1
+yatescountysheriff.gov, 1
+yatorie.net, 1
+yatriindia.tk, 1
+yatsat.com, 1
+yatserver.com, 1
+yatstudios.com, 1
+yatsuenpoon.com, 1
+yauatcha.com, 1
+yaucy.win, 1
+yaup.tk, 1
+yaustal.com, 1
+yavapaiaz.gov, 1
+yavapaivotes.gov, 1
+yavar.nl, 1
+yavin4.cf, 1
+yavip8088.com, 1
+yavorivanov.com, 1
+yavuzatasoy.tk, 1
+yawen.me, 1
+yawnbox.com, 1
+yaws.cf, 1
+yaxim.org, 1
+yay-btcl.work, 1
+yay.space, 1
+yayart.club, 1
+yayginegitim.net, 1
+yayl888.com, 1
+yaymaker.com, 1
+yayou.ag, 1
+yazichestvo.tk, 1
+yazik.ga, 1
+yazilim.tk, 1
+yazzys.com, 1
+yba-lier.tk, 1
+ybexalev.ga, 1
+ybos.nl, 1
+ybr.ch, 1
+ybr.com, 1
+ybresson.com, 1
+ybrfrance.fr, 1
+ybscareers.co.uk, 1
+ybti.net, 1
+ybvip789.com, 0
+ybzhao.com, 1
+yc1820.com, 1
+ycalculators.com, 1
+ycb.fr, 1
+ycbmdevelopment.com, 1
+ycbmstaging.com, 1
+ycfld.gov, 1
+ych.art, 1
+ycherbonnel.fr, 1
+ycl.org.uk, 1
+yclan.net, 1
+ycnrg.org, 1
+ycodendauteradio.net, 1
+yd.io, 1
+yd163.cc, 1
+yd169.cc, 1
+ydetc.es, 1
+ydt.am, 1
+ydyy99.com, 1
+ydyydy.ml, 1
+ye.ax, 1
+yeadonboroughpa.gov, 1
+yearinviewcalendars.com, 1
+yearli.com, 1
+yeartracker.ga, 1
+yebkw.com, 1
+yebshotel.de, 1
+yecdn.com, 1
+yecl.net, 1
+yedeksubay.tk, 1
+yeechie.nl, 0
+yeecord.com, 1
+yeecord.tk, 1
+yeesker.com, 1
+yekaterinburg-city.tk, 1
+yellcosheriffar.gov, 1
+yellcountyar.gov, 1
+yello.co, 1
+yellow.ai, 1
+yellow.place, 1
+yellowbrick.co, 1
+yellowcar.website, 1
+yellowfinlogistics.com, 1
+yellowfolder.com, 1
+yellowhawk.nl, 1
+yellowmessenger.com, 1
+yellowpages.ee, 1
+yellowsource.org, 1
+yellowsquid.uk, 0
+yellowstone.nsupdate.info, 1
+yellowstonecountymt.gov, 1
+yellowstrips.com, 1
+yellowsubmarinebook.com, 1
+yellowtaillasvegas.com, 1
+yellowtails.co.jp, 1
+yellowtrace.net.au, 1
+yellsystem.co.jp, 1
+yelp.at, 1
+yelp.be, 1
+yelp.ca, 1
+yelp.ch, 1
+yelp.cl, 1
+yelp.co.jp, 1
+yelp.co.nz, 1
+yelp.co.uk, 1
+yelp.com, 1
+yelp.com.ar, 1
+yelp.com.au, 1
+yelp.com.br, 1
+yelp.com.hk, 1
+yelp.com.mx, 1
+yelp.com.ph, 1
+yelp.com.sg, 1
+yelp.com.tr, 1
+yelp.com.tw, 1
+yelp.cz, 1
+yelp.de, 1
+yelp.dk, 1
+yelp.es, 1
+yelp.fi, 1
+yelp.fr, 1
+yelp.ie, 1
+yelp.it, 1
+yelp.my, 1
+yelp.nl, 1
+yelp.no, 1
+yelp.pl, 1
+yelp.pt, 1
+yelp.se, 1
+yeltsin.tech, 1
+yeltzland.net, 1
+yemalu.com, 1
+yemekbaz.az, 1
+yemekfirmalari.tk, 1
+yemekfirmasi.tk, 1
+yemeksirketleri.tk, 1
+yemenat.tk, 1
+yemenlink.tk, 1
+yenbainet.tk, 1
+yengec.co, 1
+yenidunya.org, 1
+yeniehliyetsinavi.com, 1
+yennhi.co, 1
+yenpape.com, 1
+yep-pro.ch, 0
+yepbitcoin.com, 1
+yephy.com, 0
+yepu.cc, 1
+yepu.ga, 1
+yerbasbuenas.tk, 1
+yerf.eu, 1
+yeri.com, 1
+yes-money.cf, 1
+yes-money.ga, 1
+yes-money.gq, 1
+yesapp.tk, 1
+yesasia.com, 1
+yescareer.ga, 1
+yescool.cn, 0
+yesfone.com.br, 1
+yesglasses.com, 1
+yesh.lk, 1
+yesiammaisey.me, 1
+yesichat.com, 1
+yesileczam.com, 1
+yesileczam.net, 1
+yesilliforum.tk, 1
+yesilpanda.com, 1
+yesjobs.ga, 1
+yesleaks.com, 1
+yesmirov.ga, 1
+yesmsp.com, 1
+yesod.in, 1
+yesogovinpetcare.com, 1
+yesolo.tk, 1
+yespornfree.com, 1
+yespornplease.com, 1
+yessirgear.com, 0
+yeste.tk, 1
+yestees.com, 1
+yesterford.com, 1
+yesteryear-chronicle.cf, 1
+yeswecan.co.bw, 1
+yeti.ca, 1
+yeti.com, 1
+yeti.gq, 1
+yetishirt.com, 0
+yetivisite.ch, 1
+yetkiliservisrehberi.com, 1
+yeu.io, 1
+yewan.cf, 1
+yewan.ml, 1
+yewtu.be, 1
+yex.nz, 1
+yex.trade, 1
+yezhan.ml, 1
+yezhong.cf, 1
+yezhong.ml, 1
+yezi.ga, 1
+yezishurb.site, 1
+yf128.cc, 1
+yfeer.com, 0
+yggdar.ga, 1
+yggdrasildice.com, 1
+ygm.org.uk, 1
+ygobbs.com, 1
+yh12366.com, 1
+yh56787.com, 1
+yh599.cc, 1
+yh64678.com, 1
+yh66689.com, 1
+yh811.com, 1
+yh88890.com, 1
+yh98768.com, 1
+yhanthydech.com, 0
+yhaupenthal.org, 1
+yhclinic.com.tw, 1
+yhe.me, 1
+yhenke.de, 0
+yhhvi.cf, 1
+yhn.sh, 1
+yhndnzj.com, 1
+yhong.me, 1
+yhori.xyz, 1
+yhrd.org, 1
+yhsh.xyz, 1
+yhwj.top, 0
+yiai.cf, 1
+yiai.ga, 1
+yiai.gq, 1
+yiai.ml, 1
+yiai.tk, 1
+yibaoweilong.top, 1
+yibei-original.com, 1
+yibin0831.com, 0
+yicc.net, 1
+yicivideo.com, 1
+yicknam.my, 1
+yifanbian.me, 1
+yifansun.net, 1
+yiff.forsale, 1
+yiff.media, 1
+yiff.rest, 1
+yiff.rocks, 1
+yiff.supply, 1
+yigelangzi.com, 1
+yigit.shop, 1
+yiguan.me, 1
+yigujin.cn, 1
+yiheng.moe, 0
+yihome.com.tw, 1
+yihouse.tw, 1
+yijia.support, 1
+yijingying.com, 0
+yikeyong.com, 1
+yilanju.com, 1
+yilconstruction.ca, 1
+yildiznamebaktir.com, 1
+yilmaznargile.com, 1
+yiluup.com, 0
+yimgo.fr, 0
+yinduyy.com, 0
+yinfor.com, 1
+ying.gift, 1
+ying299.com, 1
+ying299.net, 1
+yingatech.com, 1
+yinglinda.love, 1
+yingmei.jp, 1
+yingshu.hopto.org, 1
+yingyj.com, 1
+yingzi.ml, 1
+yinlei.org, 1
+yinwa.cf, 1
+yinwa.ml, 1
+yinyang.jp, 1
+yippie.nl, 0
+yiyuanzhong.com, 1
+yiz96.com, 1
+yizhihuang.org, 1
+yj4p.com, 1
+yjav.tv, 1
+yjdevtech.com, 1
+yjrk.cc, 1
+yjsoft.me, 1
+yjsp.tv, 1
+yjst.cn, 1
+yjsw.sh.cn, 1
+yjz.hk, 1
+ykb.click, 1
+ykgli.cn, 1
+ykqpw.com, 1
+yksolutions.ma, 1
+yl-invest.co.il, 1
+ylanan.tk, 1
+ylde.de, 1
+yliarb.ru, 1
+ylilauta.org, 1
+ylivemusic.com, 1
+yloti.com, 1
+ylromania.ro, 1
+ylwd.gov, 1
+ym069.com, 1
+ym181.am, 1
+ym966.com, 1
+ymaca.tk, 1
+ymarion.de, 1
+ymatyt.com, 1
+ymc.moe, 1
+ymca.ga, 1
+ymcapkc.org, 1
+ymdecor.com, 1
+ymeye.com.tw, 1
+ymg-allergy.jp, 1
+ymlsport.pe, 1
+ymm18.com, 1
+ymoah.nl, 1
+ymos.com.tw, 1
+ymoz.com, 1
+ymtsonline.org, 1
+ymy.moe, 1
+ymy.zone, 1
+yn.org.nz, 1
+ynamly.site, 1
+ynode.com, 1
+yo-digital.ga, 1
+yoa.st, 1
+yoannlatzer.com, 1
+yoast.com, 1
+yoba.co.uk, 1
+yoba.systems, 1
+yobai-grouprec.jp, 1
+yobasystems.co.uk, 1
+yobda.tk, 1
+yobeverages.com, 1
+yobify.com, 1
+yobniyulyu.tk, 1
+yobst.tk, 1
+yochadehe.gov, 1
+yochen.de, 1
+yocoboard.com, 1
+yodababy.com.tw, 1
+yodalef3.tk, 1
+yodaremote.tk, 1
+yodelmobile.com, 1
+yodocon.com, 1
+yoga-alliance-teacher-training.com, 1
+yoga-bien-etre.com, 1
+yoga-erde.de, 1
+yoga-good.fr, 1
+yoga-in-aying.de, 1
+yoga-m.fr, 0
+yoga-masterskaya.ru, 1
+yoga-mindfulness-ibiza.com, 1
+yoga-prive.de, 1
+yoga-school.xyz, 1
+yoga-vakantie-ibiza.nl, 1
+yoga-zentrum-narayani.de, 1
+yoga.is-an-engineer.com, 1
+yogaangels.ga, 1
+yogaanswered.com, 1
+yogaecology.org, 1
+yogaemmental.ch, 1
+yogagadgets.ga, 1
+yogahealsinc.org, 1
+yogahome.com, 1
+yogaillustrations.ga, 1
+yogaillustrations.tk, 1
+yogamarlene.ch, 1
+yogamea.school, 1
+yogananda-roma.org, 1
+yogaovelser.dk, 1
+yogaportalen.dk, 1
+yogaprague.com, 1
+yogaschoolrishikesh.com, 1
+yogasolution.tk, 1
+yogatherapykosha.com, 1
+yogaworld.tk, 1
+yogibear.tk, 1
+yogonet.com, 1
+yogstation.net, 1
+yogularm.de, 1
+yogunet.de, 1
+yohanesmario.com, 1
+yohannes.tk, 1
+yoim.cc, 1
+yoitsu.moe, 1
+yoitsu.org, 1
+yokaiispirit.ddns.net, 1
+yokocho373.com, 1
+yokoda.okinawa, 1
+yokohama.ga, 1
+yokone3-kutikomi.com, 1
+yokorei.yokohama, 1
+yokotafss.marketing, 1
+yolandgao.me, 1
+yolks.in, 1
+yolo-csgo.com, 1
+yolo.vn, 1
+yolobert.de, 1
+yoloboatrentals.com, 1
+yolocast.wtf, 1
+yolocounty.gov, 1
+yolocountyca.gov, 1
+yolops.net, 1
+yolosh.se, 1
+yoloyolo.top, 0
+yomena.in, 1
+yomeuno.com, 1
+yomiren.co.jp, 1
+yommy.com.mx, 1
+yomyyomy.co.jp, 1
+yon.co.il, 0
+yonalink.com, 1
+yoneda-paint.com, 1
+yonema.com, 1
+yongbin.org, 1
+yongkang-clinic.com.tw, 1
+yongseovn.net, 1
+yonistap.com, 1
+yonja.com, 1
+yonkersdentalspa.com, 1
+yoodigital.co, 1
+yoogirls.com, 1
+yoomza.com, 1
+yoonas.com, 1
+yooooex.com, 1
+yoopies.fr, 1
+yooptopian.com, 0
+yoozik.io, 1
+yooznet.com, 1
+yopers.com, 0
+yopmail.com, 1
+yopmail.net, 1
+yoppoy.com, 1
+yops.info.pl, 1
+yoramvandevelde.net, 1
+yorcar.com, 1
+yorcom.nl, 0
+yorcool.nl, 0
+yorcybersec.co.uk, 0
+yordanisp.tk, 1
+yore.tk, 1
+yorganica.ga, 1
+yorgosbos.nl, 1
+yorkacademy.ca, 1
+yorkcountyne.gov, 1
+yorkcountysc.gov, 1
+yorkcountyschools.org, 1
+yorkieloverdiy.com, 1
+yorkiepooexpert.com, 1
+yorkmarkets.com, 1
+yorkmoneyman.com, 1
+yorkroadyums.com, 1
+yorkshiredalesinflatables.co.uk, 1
+yorkshiregardensheds.co.uk, 1
+yorkshiregrit.cc, 1
+yorkshirehousing.co.uk, 1
+yorkshireinflatables.co.uk, 1
+yorkshireterrier.com.br, 1
+yorkshireterrier.dog, 1
+yorkshireterrieraspets.com, 1
+yorktest.com, 1
+yorname.ml, 0
+yornik.nl, 1
+yoru.me, 0
+yoryo.com, 1
+yosakoinight.com, 1
+yosbeda.com, 1
+yosemo.de, 1
+yosh.is, 1
+yosheenetwork.fr, 1
+yoshibaworks.com, 1
+yoshimura-seimenjo.com, 1
+yoshitsugu.net, 1
+yoshiya2020.com, 1
+yoshkar-ola-city.tk, 1
+yosida-dental.com, 1
+yosida95.com, 1
+yosm.net, 1
+yospos.org, 1
+yoti.com, 1
+yoticonnections.com, 1
+yotilabs.com, 1
+yoto.at, 0
+yotta-zetta.com, 1
+yottahash.net, 1
+yotubaiotona.net, 1
+you-working.ru, 1
+you.bo, 0
+you.com.br, 1
+you15iv.com, 1
+youareamazingnd.com, 1
+youavtube.com, 1
+youbehero.com, 1
+youber.cz, 1
+youbetteravoid.me, 1
+youc.ir, 1
+youcanbook.me, 0
+youcanfinance.com.au, 1
+youcanfuckoff.xyz, 1
+youcanhelp.tk, 1
+youcanmakeit.at, 1
+youcloud.com, 1
+youcruit.com, 1
+youcruit.jobs, 1
+youdino.com, 1
+youdontneedipv6.xyz, 1
+youdungoofd.com, 1
+youearnedit.com, 1
+youenglish.school, 1
+youftp.tk, 1
+yougee.ml, 1
+yougene.me, 1
+yougot.pw, 1
+youhabitat.es, 1
+youhavewords.com, 1
+youhs.top, 0
+youhua.ru, 1
+youiv.info, 1
+youiv.net, 1
+youiv.pw, 1
+youiv.tv, 1
+youiv1.com, 1
+youiv10.com, 1
+youiv100.com, 1
+youiv20.com, 1
+youivh.com, 1
+youivr.com, 1
+youivt.com, 0
+youjob.us, 1
+youkaryote.com, 1
+youkaryote.org, 1
+youked.com, 1
+youkube.cf, 1
+youla.gq, 1
+youla.ru, 1
+youlikehookups.com, 1
+youliketwinks.com, 1
+youlovehers.com, 1
+youmeandjunee.com.au, 1
+youmonit.me, 1
+youms.de, 1
+younameit.ru, 1
+youneedfame.com, 1
+young-brahmousin.com, 1
+young-celebrities.tk, 1
+young-hands.it, 1
+young-sheldon.com, 1
+young-zy.com, 1
+young.scot, 0
+youngandunited.nl, 0
+youngart.hu, 1
+youngauthentic.cf, 1
+youngbabes.pro, 1
+youngcouple9598.net, 1
+youngdevotion.net, 1
+youngdevotion.org, 1
+youngfree.cn, 1
+younglabour.co.nz, 1
+younglabour.nz, 1
+younglabour.org.nz, 1
+younglions.cf, 1
+youngmodelsagency.tk, 1
+youngpeopleunited.co.uk, 1
+youngsook.org, 1
+youngsophie.net, 1
+youngsoulstudios.com, 0
+youngsvillenc.gov, 1
+youngtube.one, 1
+youngvoicesmatter.org, 1
+youniq.ga, 1
+younl.net, 1
+youpark.no, 1
+youphysics.education, 1
+youpickfarms.org, 1
+your-computer-is-a-hero.tk, 1
+your-forum.tk, 1
+your-greece.ga, 1
+your-idc.tk, 1
+your-kurs.tk, 1
+your-melody.ru, 1
+your-money.info, 1
+your-out.com, 1
+your-restorer.ru, 1
+your-sussex.wedding, 1
+your.best, 1
+your28days.com, 1
+youracnepro.com, 1
+youran.me, 1
+yourantiquarian.com, 1
+youraudiobooks.xyz, 1
+yourazbraces.com, 1
+yourbenefitsresources.com, 1
+yourberksbucksoxon.wedding, 1
+yourbittorrent.com, 1
+yourbittorrent2.com, 1
+yourblazeguard.com, 1
+yourbodyknows.dk, 1
+yourbodyknows.is, 1
+yourbonus.click, 0
+yourbreakfast.tk, 1
+yourbrewclub.com, 1
+yourbristolsomerset.wedding, 1
+yourbusiness.ml, 1
+yourcareerhost.com, 1
+yourcfo.co.in, 1
+yourcheshiremerseyside.wedding, 1
+yourciso.com, 1
+yourcomputer.expert, 1
+yourcomputer.tk, 1
+yourconscious.life, 1
+yourcopywriter.it, 1
+yourcrypto.tax, 1
+yourdailyalerts.net, 1
+yourdailyhealthcare.tk, 1
+yourdailylocal.com, 1
+yourdata.ai, 1
+yourdata.ga, 1
+yourdemowebsite.ml, 1
+yourdevoncornwall.wedding, 1
+yourdrive.tk, 1
+youreallyneedthis.co, 1
+youreart.shop, 1
+youreastanglian.wedding, 1
+youreastmidlands.wedding, 1
+youreitbranding.com, 1
+youremailexpert.com, 1
+yourenergy.io, 1
+youreward.ga, 1
+yourfandom.ddns.net, 1
+yourfin.nl, 1
+yourforceserver.com, 1
+yourforcesupport.com, 1
+yourforcesupport.events, 1
+yourforcesupport.me, 1
+yourforcesupport.net, 1
+yourforcesupport.pro, 1
+yourforcesupport.us, 1
+yourforex.org, 1
+yourfriendlytech.com, 1
+yourfuntrivia.com, 1
+yourfuturestrategy.com.au, 1
+yourgadget.ro, 1
+yourgames.tv, 1
+yourgifttoyou.com, 1
+yourgloswilts.wedding, 1
+yourhampshiredorset.wedding, 1
+yourhealthcommunity.com, 1
+yourhearingnetwork.com, 1
+yourhertsbeds.wedding, 1
+yourhomeloanapprovals.com.au, 1
+yourhrworld.com, 1
+yourhumandesign.ch, 1
+yourkent.wedding, 1
+yourkit.com, 1
+yourkrabivilla.com, 1
+yourlanguages.de, 1
+yourlifespirit.de, 1
+yourloan.gq, 1
+yourlocalsecurity.com, 1
+yourlondon.wedding, 1
+yourlovesong.com.mx, 1
+yourmagicstory.tk, 1
+yourmaki.com, 1
+yourmobility.ga, 1
+yourms.com, 1
+yourname.xyz, 1
+yournewsfeed.org, 1
+yournortheast.wedding, 1
+yournorthwest.wedding, 1
+youronly.one, 1
+yourpalmbeachcountyrealtor.com, 1
+yourpalstore.com, 1
+yourpersonalfoodnesscoach.nl, 1
+yourpersonalfrance.com, 1
+yourpillstore.com, 1
+yourscotlandtour.co.uk, 1
+yoursfunny.top, 1
+yourskin.nl, 0
+yoursoul.gq, 1
+yoursoulmate.tk, 1
+yoursouthwales.wedding, 1
+yourstake.org, 1
+yourstart.tk, 1
+yourstorebridgwater.co.uk, 1
+yourstoreexeter.co.uk, 1
+yoursupportline.co.uk, 1
+yoursurrey.wedding, 1
+yourtampaparksplan.com, 1
+yourtests.tk, 1
+yourticketbooking.com, 1
+yourtourdesk.com, 1
+yourtwojugs.com, 1
+youruseragent.info, 1
+yourwatchdesign.co.uk, 1
+yourwestmidlands.wedding, 1
+yourworlds.cf, 1
+youryorkshire.wedding, 1
+yourznc.com, 1
+yousee.cf, 1
+yousee.gq, 1
+yousefi.de, 1
+yousei.ne.jp, 1
+youservice.it, 1
+youshouldnthavebeenhacking.com, 1
+yousite.by, 1
+yousound.tk, 1
+youssfitpro.com, 1
+youston.agency, 1
+youstyleski.it, 1
+yousufahmad.ca, 1
+yousuforg.ga, 1
+youth-for-life.tk, 1
+youth-sport.net, 1
+youth.gov, 1
+youth2009.org, 1
+youthclothing.tk, 1
+youthink.jp, 1
+youthmarketing.com, 1
+youthnews.tk, 1
+youthopportunitieshub.com, 1
+youthpassageways.org, 1
+youthpolicy.org, 1
+youthreach.org, 1
+youthrules.gov, 1
+youthsadda.com, 1
+youtous.me, 1
+youtube, 1
+youtube-notify.com, 1
+youtube.com, 1
+youtubedownloader.com, 1
+youtubekids.com, 1
+youtubelet.com, 1
+youtuberis.lt, 1
+youtuberus.tk, 1
+youwebcams.org, 1
+youwelike.com, 1
+youyifans.com, 1
+youyoulemon.com, 1
+youyuan.rocks, 1
+youyuandesign.top, 1
+yova.nl, 0
+yovko.net, 0
+yoyohe.com, 1
+yoyojobs.tk, 1
+yoyoost.duckdns.org, 1
+yoyoost.ga, 1
+yozakura.me, 1
+yozhik.tk, 1
+yozucreative.com, 1
+yparches.com, 1
+ypart.eu, 1
+ypdlp.org, 1
+ypea.info, 1
+ypfr.fr, 1
+ypgnews.tk, 1
+ypid.de, 1
+yplanapp.com, 1
+ypopovych.tk, 1
+yporti.net, 1
+ypse.com.br, 1
+ypsitownship.gov, 1
+yq5.de, 1
+yqagizev.tk, 1
+yqjf68.com, 1
+yqmhz.com, 1
+yr-labo.jp, 1
+yr.sa, 1
+yr166166.com, 1
+yrausquin.com, 1
+yrcc878.com, 1
+yrefail.net, 1
+yriik.ml, 1
+yrityksen-perustaminen.net, 1
+yrjanheikki.com, 1
+yrx.me, 1
+yryz.net, 1
+ys96.org, 1
+ysearc.tk, 1
+ysff.me, 1
+ysfridge.com, 1
+ysicorp.com, 1
+yslxxhome.com, 1
+ysmedia.jp, 1
+yspa.tv, 1
+yspertal.party, 1
+ystral.com, 1
+ysun.one, 1
+ysuna.xyz, 1
+yt-downloader.xyz, 1
+yt129.com, 1
+yt605.com, 1
+yt629.com, 1
+yt675.com, 1
+yt972.com, 1
+ytcodecs.com, 1
+ytcount.com, 1
+ytec.ca, 1
+ytexa.tk, 1
+ytpak.pk, 1
+ytreza.fr, 1
+ytterland.tk, 1
+ytvwld.de, 0
+ytx588.com, 1
+yu-dkc.com, 1
+yu-mug.jp, 1
+yu.vc, 1
+yuan.ga, 1
+yuan.idv.tw, 0
+yuan.nctu.me, 1
+yuanandyuan.info, 1
+yuanandyuan.me, 1
+yuanben.io, 1
+yuanbenlian.com, 1
+yuanbiji.net, 1
+yuandan.cf, 1
+yuandan.gq, 1
+yuandan.ml, 1
+yuanjiazhao.com, 1
+yuanjiazhao.tk, 1
+yuansecard.me, 1
+yubi.co, 0
+yubico.com, 1
+yubico.org, 1
+yucaipa.gov, 1
+yucca.cf, 1
+yuccaschidigera.co.uk, 1
+yuce518.com, 1
+yuchun.me, 1
+yude.ml, 1
+yudin.ga, 1
+yue.la, 1
+yue2.net, 1
+yueeeyueee.com, 1
+yuema.net.cn, 1
+yuer.sytes.net, 1
+yuezhengling.link, 1
+yugasun.com, 1
+yugege.cf, 1
+yugioh-duelodefinitivo.tk, 1
+yugiohthenextgeneration.tk, 1
+yugodi.com, 1
+yugohome.com, 1
+yuh.li, 1
+yuhaoskin.com.tw, 1
+yuharahisako.ga, 1
+yuho.vn, 1
+yui.cat, 1
+yuisyo.ml, 1
+yujixr.net, 1
+yukari.cafe, 1
+yuki-nagato.com, 1
+yuki.xyz, 1
+yukict.com, 1
+yukieda.com, 1
+yukigroup.ru, 1
+yukimituki.net, 1
+yukimiu.cf, 1
+yukimochi.com, 1
+yukimochi.io, 1
+yukimochi.jp, 1
+yukimochi.me, 1
+yukimochi.net, 1
+yukinastorage.net, 0
+yukino.xyz, 1
+yukitty-yukitty.com, 1
+yukkitacari.tk, 1
+yukomgroup.com, 1
+yukon.ca, 1
+yukonconnector.com, 1
+yukonlip.com, 1
+yukoslibrary.ga, 1
+yuksinau.co.id, 1
+yuksinau.id, 1
+yula.cf, 1
+yulaiz.com, 1
+yule.hk, 1
+yuleyule88game.com, 1
+yuliana-hotel.com, 1
+yulsn.io, 1
+yum0.cn, 1
+yumacountyazvotes.gov, 1
+yumacountyco.gov, 1
+yumechi.jp, 1
+yumepolo.com, 1
+yumi2.jp, 1
+yumiandryan.com, 1
+yumisign.com, 1
+yumli.net, 1
+yumm.menu, 1
+yummiyogi.com, 1
+yummycouple.net, 1
+yummydrool.com, 1
+yumtaro.com, 1
+yun-bao.co, 0
+yuna.tg, 0
+yunasecurity.com, 1
+yuncaioo.com, 0
+yunibalance.com, 1
+yunite.one, 1
+yunjishou.pro, 1
+yunloc.com, 1
+yunnet.ru, 1
+yunqueradehenares.tk, 1
+yunzhu.li, 1
+yupug.com, 1
+yupulse.be, 1
+yuqi.me, 1
+yura.cf, 1
+yuricarlenzoli.it, 1
+yurikirin.me, 1
+yuriland.xyz, 1
+yurimoens.be, 1
+yurinet.org, 1
+yurisora.com, 1
+yurist-vopros.gq, 1
+yuriylysyuk.ru, 1
+yurtdisigocmenlik.com, 1
+yus-azaria.tk, 1
+yusa.me, 1
+yushanfang.recipes, 1
+yusu.org, 1
+yusufipek.me, 1
+yusukekato.com, 1
+yusukesakai.com, 1
+yutabon.com, 0
+yutakato.net, 1
+yutangyun.com, 1
+yuth.in, 0
+yuu.ink, 1
+yuucchi.com, 1
+yuucdn.net, 1
+yuugi.be, 1
+yuuki0xff.jp, 1
+yuumari.com, 1
+yuuta.moe, 1
+yuvaindia.co.in, 1
+yuvaskillfoundation.org, 1
+yuweetek.com, 0
+yuwei.org, 1
+yuweiji.com, 1
+yuweiyang.xyz, 1
+yux.fr, 1
+yuxiangyuan.com, 1
+yuxuan.org, 1
+yuyantang.club, 1
+yuyucn.com, 1
+yuzei.ml, 1
+yuzei.tk, 1
+yuzneri.net, 1
+yuzu.tk, 1
+yuzurisa.com, 1
+yvabph.com, 1
+yvb.moe, 1
+yveslegendre.fr, 0
+yvesx.com, 1
+yveszarkaconsultant.fr, 1
+yvettextreme.com, 1
+yvonnethomet.ch, 1
+yvonnewilhelmi.com, 1
+yw.com, 1
+ywamphilippines.org, 1
+yxapp10.com, 1
+yxapp20.com, 1
+yxapp30.com, 1
+yxapp43.xyz, 1
+yxapp45.xyz, 1
+yxapp46.xyz, 1
+yxapp47.xyz, 1
+yxapp48.xyz, 1
+yxbet43.com, 1
+yxc.xyz, 1
+yxcpapp08.com, 1
+yxcpapp09.com, 1
+yxcpapp13.com, 1
+yxcpapp14.com, 1
+yxhc.cc, 0
+yxhlz.com, 1
+yxlon.cn, 1
+yxlon.co.jp, 1
+yxlon.com, 1
+yxlon.de, 1
+yxt521.com, 1
+yy-s.net, 1
+yy153.com, 0
+yy366.cc, 0
+yy369.cc, 1
+yy393.com, 0
+yy5197.co, 1
+yy6729.co, 1
+yy6729.com, 1
+yy6957.co, 1
+yy9297.co, 1
+yy9297.com, 0
+yy9721.com, 1
+yy9728.co, 1
+yya.men, 1
+yybx.top, 1
+yyc.city, 1
+yycbike.info, 1
+yyr.im, 1
+yyrss.com, 0
+yyy116.com, 1
+yyy608.com, 1
+yyyy.xyz, 1
+yz86.cc, 1
+yzal.io, 1
+yzarul.com, 1
+yzddd.com, 1
+yzer.club, 1
+yzervast-heestert.be, 1
+yzh8.cc, 1
+yzh8.net, 1
+yzh8.vip, 1
+yzimroni.net, 1
+yzy6666.com, 1
+yzydo.com, 0
+yzyweb.cn, 1
+z-cert.nl, 1
+z-e.eu, 1
+z-epub.com, 1
+z-g-v.nl, 1
+z-kasino.ru, 1
+z-konzept-nutrition.ru, 1
+z-pc.net, 1
+z-rejstejna.cz, 1
+z-vector.com, 1
+z.is, 1
+z.md, 1
+z.mom, 1
+z.sh, 1
+z.sv, 1
+z.tl, 1
+z0.pm, 1
+z00228.com, 1
+z0ey.de, 1
+z0rro.net, 1
+z11slot.co, 1
+z1h.de, 1
+z2.fi, 1
+z2a4.com, 1
+z36533.com, 1
+z3marketing.com, 1
+z3r0101.com, 1
+z3s.nl, 1
+z3u5.net, 1
+z3ven.nl, 1
+z4k.de, 1
+z5197.co, 1
+z6182.com, 1
+z6192.com, 1
+z6218.com, 1
+z6252.com, 1
+z6323.com, 1
+z6359.com, 1
+z6371.com, 1
+z6512.com, 1
+z6519.com, 1
+z6527.com, 1
+z6529.com, 1
+z6573.com, 1
+z6587.com, 1
+z6729.co, 1
+z6729.com, 1
+z6827.com, 1
+z6882.com, 1
+z6897.com, 1
+z6957.co, 1
+z6957.com, 0
+z6wang.com, 1
+z8011.com, 1
+z8012.com, 1
+z8013.com, 1
+z8017.com, 1
+z8023.com, 1
+z8026.com, 1
+z8032.com, 1
+z8038.com, 1
+z8051.com, 1
+z8052.com, 1
+z8053.com, 1
+z8057.com, 1
+z8063.com, 1
+z8066.com, 1
+z8068.com, 1
+z8071.com, 1
+z8079.com, 1
+z8082.com, 1
+z8083.com, 1
+z8086.com, 1
+z8087.com, 0
+z8089.com, 1
+z8106.com, 1
+z8109.com, 1
+z8113.com, 1
+z8120.com, 1
+z8125.com, 1
+z8130.com, 1
+z8132.com, 1
+z8139.com, 1
+z8150.com, 1
+z8170.com, 1
+z8171.com, 1
+z8176.com, 1
+z8177.com, 1
+z8178.com, 1
+z8182.com, 1
+z8187.com, 1
+z8193.com, 1
+z8195.com, 1
+z8196.com, 1
+z8206.com, 1
+z8207.com, 1
+z8208.com, 1
+z8209.com, 1
+z8210.com, 1
+z8212.com, 1
+z8218.com, 1
+z8219.com, 1
+z8225.com, 1
+z8226.com, 1
+z8230.com, 1
+z8231.com, 1
+z8232.com, 1
+z82365.com, 1
+z8817.com, 1
+z8826.com, 1
+z8851.com, 1
+z8856.com, 1
+z8861.com, 1
+z8862.com, 1
+z8865.com, 1
+z8870.com, 1
+z8875.com, 1
+z8876.com, 1
+z8879.com, 1
+z8891.com, 1
+z8895.com, 1
+z8907.com, 1
+z8908.com, 1
+z8917.com, 1
+z8920.com, 1
+z8922.com, 1
+z9297.co, 1
+z9721.com, 1
+z9728.co, 1
+z99944x.xyz, 1
+za.search.yahoo.com, 0
+zaagbaak.nl, 1
+zaalleatherwear.nl, 1
+zaanlijn.nl, 1
+zaba.training, 1
+zabatsai-sam.tk, 1
+zabbi.ru, 1
+zabbix-monitoring.tk, 1
+zabbix.tips, 1
+zabbixtech.info, 1
+zabe.in, 1
+zaboi.tk, 1
+zabory-klg.ru, 1
+zabszk.net, 1
+zabszk.ovh, 1
+zabukovnik.net, 1
+zac.cy, 1
+zacarias.com.ar, 1
+zacatecasmeetings.com, 1
+zacco.site, 1
+zach.codes, 0
+zacharopoulos.me, 0
+zacharydubois.me, 1
+zacharyschneider.ca, 1
+zacharyschneider.com, 1
+zacharyseguin.ca, 1
+zacharysherman.tk, 1
+zachaysan.com, 1
+zachbolinger.com, 1
+zachborboa.com, 1
+zachfox.photography, 1
+zachgibbens.org, 1
+zachranari.tk, 1
+zachschneider.ca, 1
+zachyang.cn, 1
+zack.today, 0
+zackattack.tk, 1
+zackiarfan.ml, 1
+zackzack.at, 1
+zaclys.com, 0
+zad-academy.com, 1
+zadania.wiki, 1
+zadavalka.ru, 1
+zadoak.com, 1
+zadrot.tk, 1
+zadroweb.com, 1
+zaelkids.it, 1
+zaem.tv, 1
+zaferaniehearing.com, 1
+zaferbalkan.com, 1
+zaffittv.com, 1
+zaffittv.mx, 1
+zaffke.co, 1
+zafrani.ga, 1
+zagadki-cosmosa.tk, 1
+zagi.net, 1
+zagis.nl, 1
+zagorod.spb.ru, 1
+zagranicablog.tk, 1
+zagruz.tk, 1
+zahari.tk, 1
+zahirdanzavila.com, 1
+zahn-frankl.at, 1
+zahnaerzte-website.de, 1
+zahnarzt-korsos.at, 1
+zahnarzt-kramer.ch, 1
+zahnarzt-kruft.de, 1
+zahnarzt-neudecker.de, 1
+zahnarzt.se, 1
+zahnarztpraxis-schaerding.at, 1
+zahnarztpraxis-simone-koch.de, 1
+zahrowski.com, 1
+zaija.tk, 1
+zaim-best.ml, 1
+zaim15min.cf, 1
+zaimdengi.tk, 1
+zaimexpress.cf, 1
+zaimi.ml, 1
+zaimin.ga, 1
+zaimlime.ga, 1
+zaimponuj.pl, 1
+zaimvkredit2.gq, 1
+zaimvkredit3.ga, 1
+zaimvkredit3.gq, 1
+zaimvkredit3.ml, 1
+zaimvkredit4.ml, 1
+zain-hasan.ml, 1
+zainblue.com, 1
+zainzinger.org, 1
+zaitaiguo.com, 1
+zaizaia.cc, 1
+zajc.eu.org, 1
+zajm-bez-otkaza.gq, 1
+zajm-bez-poruchitelej.cf, 1
+zajm-bez-spravok.tk, 1
+zajm-cherez-sms.ml, 1
+zajm-ehkspress.ml, 1
+zajm-na-kartu.tk, 1
+zajm-na-kivi.cf, 1
+zajm-pod-raspisku.cf, 1
+zajm-pod-zalog.ga, 1
+zajm-pod-zalog.gq, 1
+zajmy-contact.cf, 1
+zajmy-contact.ga, 1
+zajmy-contact.gq, 1
+zajmy-contact.tk, 1
+zajsoft.net, 1
+zak.co.at, 1
+zak.org.pl, 1
+zakachat-brauzer.gq, 1
+zakachat-temi.gq, 1
+zakanyszek.hu, 1
+zakaria.website, 1
+zakariya.blog, 1
+zakarotta.ga, 1
+zakarpattya.fun, 1
+zakaz.cf, 1
+zakazbiletov.kz, 1
+zakcutner.com, 1
+zakcutner.uk, 1
+zakelijketaalcursus.nl, 1
+zakes.tk, 1
+zakirov.gq, 1
+zakladam.cz, 1
+zakladki.tk, 1
+zakladybukmacherskie.tv, 1
+zakmccrac.de, 1
+zakojifarm.jp, 1
+zakononline.cf, 1
+zakonu.net.ru, 1
+zakpex.com, 1
+zakr.es, 1
+zakratheme.com, 1
+zakreconysloik.com.pl, 1
+zakrentus-ostrus.space, 1
+zakspartiesandevents.com, 1
+zala.ml, 1
+zalaetavoleibol.tk, 1
+zalan.do, 1
+zalax.xyz, 1
+zalaxx.ddns.net, 1
+zaledia.com, 1
+zalef.tk, 1
+zaleycash.com, 1
+zalgos.xyz, 1
+zalihvoch.ga, 1
+zaloghaz.ro, 1
+zalohovaniburian.cz, 1
+zaltv.com, 1
+zalure.com, 1
+zalvus.com, 1
+zam0th.tk, 1
+zamalektoday.com, 1
+zamarax.com, 1
+zambianewsforum.tk, 1
+zambranopublicidadvideo.com, 1
+zamecnikkladno.cz, 1
+zamenim.tk, 1
+zametkin.tk, 1
+zamki.tk, 1
+zammad.com, 1
+zammad.org, 1
+zamok-love.tk, 1
+zamok.cf, 1
+zamokservis.com, 1
+zamor.com.br, 1
+zamorsky.tk, 1
+zamos.ru, 1
+zamow.co, 1
+zamtech.co.jp, 1
+zanahd.co.za, 1
+zananta.com, 1
+zander.dk, 1
+zandhuisjes.nl, 1
+zandra.cf, 1
+zanellidesigns.co.uk, 1
+zaneslaw.com, 1
+zanettimateriais.com.br, 1
+zangerfreddy.tk, 1
+zangerwillem.tk, 1
+zango.com.au, 1
+zankevich.com, 1
+zankevich.net, 1
+zanotti.io, 1
+zanquan.net, 1
+zanreal.net, 1
+zanreal.pl, 1
+zanshinkankarate.com, 1
+zanthed.xyz, 1
+zanthra.com, 1
+zanzariere.roma.it, 1
+zaoai.cf, 1
+zaoai.ga, 1
+zaoai.gq, 1
+zaoai.ml, 1
+zaoai.tk, 1
+zaoext.com, 1
+zaorejas.tk, 1
+zaoren.cf, 1
+zaoren.ga, 1
+zaoren.gq, 1
+zaoren.ml, 1
+zaoren.tk, 1
+zap-mag.ru, 1
+zapamini.ml, 1
+zaparoh.com, 1
+zapaska.tk, 1
+zapatilla.com.es, 0
+zapier-staging.com, 1
+zapier.com, 1
+zaplano.tk, 1
+zapmaster14.com, 1
+zapnito.com, 1
+zappbuildapps.com, 0
+zappi.io, 1
+zappingarahal.tk, 1
+zappingcuraduria.tk, 1
+zappos, 1
+zapproved.com, 1
+zapreaders.cf, 1
+zaprefy.com, 1
+zapsibir.ru, 1
+zaptorg.xyz, 1
+zapuz.com, 1
+zapzockt.de, 1
+zar-kripto.tk, 1
+zarabiaj.com, 1
+zarabianiewsieci.tk, 1
+zarabizarr.com, 1
+zarabotai-doma.ml, 1
+zarabotki-v-internete.tk, 1
+zarabotok-obzor.ru, 1
+zarabotok-v-internete.ga, 1
+zarabotok-v-internete.gq, 1
+zarabotok-veka.ga, 1
+zarabotok2017.tk, 1
+zarabotok24obzor.ru, 1
+zarabotoker.tk, 1
+zarabotoklaif.tk, 1
+zarabotokvnet.tk, 1
+zarabotokvseti.tk, 1
+zaracraft.tk, 1
+zaramendez.net, 1
+zaratan.fr, 0
+zaratime.com, 1
+zaraweb.net, 1
+zarbis.tk, 1
+zarcik.pl, 1
+zardain.tk, 1
+zarezerwuj-nocleg.com, 1
+zarinab.com, 1
+zarja.tk, 1
+zarjadnik.tk, 1
+zarla.com, 1
+zarnu.com, 1
+zarobotok-forum.ga, 1
+zarobotok-forum.gq, 1
+zarobotok-forum.ml, 1
+zarof-fkf.de, 1
+zarok.tv, 1
+zaroktv.com.tr, 1
+zaroktv.krd, 1
+zarra.tk, 1
+zaruhi.ml, 1
+zary.me, 1
+zas4eku.tk, 1
+zaschtnik.ga, 1
+zasolka.guru, 1
+zastenchivost.tk, 1
+zasudili.ru, 1
+zataz.com, 1
+zatepli.eu, 1
+zaterdagwelpen.tk, 1
+zatp.com, 0
+zatrzymanie.com.pl, 1
+zatsepin.by, 1
+zauberer-bauchredner.ch, 1
+zauberwald.tk, 1
+zaufanatrzeciastrona.pl, 1
+zav-hub.ddns.net, 1
+zavalianis.gr, 1
+zavarkin.tk, 1
+zavec.com.ec, 0
+zavedeno.com, 1
+zaves.tk, 1
+zawo-electric.de, 1
+zawodowe-szkolenia.com, 1
+zayats.tk, 1
+zayavka.cf, 1
+zayavka.ml, 1
+zaym.tk, 1
+zaympodzalog.cf, 1
+zaympodzalog.ga, 1
+zaympodzalog.gq, 1
+zaympodzalog.ml, 1
+zaympodzalog.tk, 1
+zayzoh.com, 1
+zazaradio.tk, 1
+zazemleno.com, 1
+zazhong.cf, 1
+zazhong.ml, 1
+zazza.tk, 1
+zbanks.cn, 1
+zbarista.co.nz, 1
+zberger.com, 1
+zbetcheck.in, 1
+zbib.org, 1
+zbrain.ml, 1
+zbrane-doplnky.cz, 1
+zbrsk.ru, 1
+zbsj.pl, 1
+zbuilderz-lb.com, 1
+zbut.bg, 1
+zbyga.cz, 1
+zbynekuher.cz, 1
+zcarot.com, 1
+zcarrot.com, 1
+zcb.fr, 1
+zcode.tk, 1
+zcompany.ga, 1
+zcompany.tk, 1
+zcon.nl, 1
+zcore.org, 1
+zcr.ca, 1
+zcrypto.ml, 1
+zcwtl.com, 1
+zczc.cz, 1
+zd1010.com, 1
+zd1515.com, 0
+zd209.com, 1
+zd235.com, 0
+zd236.com, 1
+zd273.com, 1
+zd275.com, 1
+zd280.com, 1
+zd302.com, 1
+zd303.com, 1
+zd307.com, 1
+zd3434.com, 1
+zd4848.com, 1
+zd623.com, 1
+zd632.com, 1
+zd635.com, 1
+zd6464.com, 1
+zd6565.com, 1
+zd673.com, 1
+zd6862.com, 1
+zd6866.com, 1
+zd6867.com, 1
+zd6879.com, 1
+zd6880.com, 1
+zd6883.com, 1
+zd6885.com, 1
+zd6886.com, 1
+zd6893.com, 1
+zd6898.com, 1
+zd692.com, 1
+zd693.com, 1
+zd726.com, 1
+zd732.com, 1
+zd736.com, 1
+zd753.com, 1
+zd7575.com, 1
+zd759.com, 1
+zd793.com, 1
+zd796.com, 1
+zd803.com, 1
+zd805.com, 1
+zd806.com, 1
+zd826.com, 1
+zd8826.com, 1
+zd8838.com, 1
+zd8839.com, 1
+zd8858.com, 1
+zd8865.com, 1
+zd8869.com, 1
+zd8882.com, 1
+zd9090.com, 1
+zda.ag, 1
+zdbl.de, 1
+zdcs.com, 1
+zdenek-hejl.com, 1
+zdeneklavicky.cz, 1
+zdenekpasek.com, 1
+zdenekpasek.cz, 1
+zdenekspacek.cz, 1
+zdenekvecera.cz, 1
+zdorov-blog.gq, 1
+zdorov.by, 1
+zdorovayasimya.com, 1
+zdorovcentr.ga, 1
+zdorovyj-rebjonok.ru, 1
+zdrapti.tk, 1
+zdrave-konzultace.cz, 1
+zdravec-bg.com, 1
+zdravekonzultace.cz, 1
+zdravesteny.cz, 1
+zdravkovic.tk, 1
+zdravnica-polin.com, 1
+zdravshop.sk, 1
+zdravypanak.sk, 1
+zdravypanelak.cz, 1
+zdravystul.cz, 1
+zdrowebodomowe.pl, 1
+zdrowezywienie.edu.pl, 1
+zdxiaoda.me, 1
+zdymak.by, 1
+zdz.katowice.pl, 0
+ze-mag.info, 1
+ze.delivery, 1
+ze3kr.com, 1
+zeadaniel.com, 1
+zeal-and.jp, 1
+zeal-interior.com, 1
+zealar.com.au, 1
+zealworks.jp, 1
+zeanweb.tk, 1
+zeb.fun, 1
+zebbra.ro, 1
+zeblog.tk, 1
+zebra-serwis.pl, 1
+zebradom.ru, 1
+zebraguide.com, 1
+zebravinken.tk, 1
+zebsaestheticsspa.co.za, 1
+zebspeech.tk, 1
+zebulon.fr, 1
+zecanard.com, 1
+zecible.fr, 1
+zecircle.xyz, 1
+zeckenhilfe.de, 0
+zectazepia.tk, 1
+zecuur.nl, 1
+zedeko.pl, 1
+zednet.tk, 1
+zedshaw.com, 1
+zeedroom.be, 1
+zeeg.me, 1
+zeegeeks.com, 1
+zeegers.family, 1
+zeeheldenwijk-urk.nl, 1
+zeekajakvaren.tk, 1
+zeel.com, 1
+zeelandbrug.tk, 1
+zeeloo.xyz, 1
+zeeshan.website, 0
+zeet.tk, 1
+zeetoppers.nl, 1
+zefort.com, 1
+zegazte.org, 1
+zegels-danst.tk, 1
+zegluje.net, 1
+zeglujemy.net, 1
+zegriesalmansa.tk, 1
+zeguigui.com, 1
+zehdenick-bleibt-bunt.de, 1
+zehka.net, 1
+zehkae.net, 1
+zehnegira.ir, 0
+zehrailkeakyildiz.com, 1
+zehy.de, 1
+zehy.link, 1
+zehy.me, 1
+zehy.net, 1
+zehy.org, 1
+zeibekiko-souvlaki.gr, 1
+zeidlertechnik.de, 1
+zeigren.com, 1
+zeihetecumre.cf, 1
+zeihetecumre.gq, 1
+zeihsel.com, 1
+zeilenmethans.nl, 1
+zeilenvoorondernemers.nl, 1
+zeilenwind.com, 0
+zeilinstructeurs.tk, 1
+zeilles.nu, 1
+zeilschoolneptunus.nl, 1
+zeit.co, 1
+zeit.sh, 1
+zeitgitter.net, 1
+zeitgitter.org, 1
+zeitoununiversity.org, 1
+zeitpunkt-kulturmagazin.de, 1
+zeitschrift-lq.com, 1
+zeitschriftlq.com, 1
+zeitzer-turngala.de, 1
+zekerbewegenhengelo.nl, 1
+zekerheidvanparcelinternational.nl, 1
+zekinteractive.com, 1
+zekra.tk, 1
+zelandnamiru.cz, 1
+zeldaliberty.tk, 1
+zeldamods.org, 1
+zelena-armija.tk, 1
+zelenazeme.cz, 1
+zelendoma.ml, 1
+zeliard.tk, 1
+zelizy.cz, 1
+zelkor.ml, 1
+zelong.tk, 1
+zeloz.xyz, 1
+zelpc.com, 1
+zelvar.cz, 1
+zemledel.info, 1
+zemli.tk, 1
+zemlova.cz, 1
+zemlyaki.ga, 1
+zemlyaki.ml, 1
+zemlyaki.tk, 1
+zen-solutions.io, 1
+zen-zone.tk, 1
+zenassociates.com, 1
+zenbalans.nl, 1
+zenbox.pl, 1
+zenchain.com, 1
+zencube.ga, 1
+zendarhunters.tk, 1
+zendave.au, 1
+zendev.ga, 1
+zendev.tk, 1
+zendrop.com, 1
+zenerisprojekty.pl, 1
+zenfires.com, 1
+zengdong.ren, 1
+zenghuanmin.cn, 0
+zengold.com, 1
+zenideen.com, 1
+zenidees.com, 1
+zeniran.com, 1
+zenisi.com, 1
+zenit505.com, 1
+zenitchik.org, 1
+zenithappliance.co.uk, 1
+zenithmanagement.net, 1
+zenithmedia.ca, 0
+zenithstudylab.org, 1
+zenithvitalcare.com.au, 1
+zenitkft.hu, 1
+zenk-security.com, 1
+zenker-hausbau.at, 1
+zenki-manga.tk, 1
+zenless.top, 1
+zenlogic.com, 1
+zenluxuryliving.com, 1
+zenmail.ga, 1
+zenmassageusa.com, 1
+zenmod.in.rs, 1
+zeno-dev.com, 1
+zenon.at, 1
+zenon.eu, 1
+zenpromo.ru, 1
+zenrtal-online-russia.ml, 1
+zenseal.co.uk, 1
+zenspace.us, 1
+zenstore.it, 1
+zenti-im-zug.de, 1
+zenti.cloud, 1
+zentoid.com, 1
+zentouch.gq, 1
+zentoy.club, 1
+zentrumfuerchemie.de, 1
+zenvia.com, 1
+zenvideocloud.com, 1
+zenvite.com, 1
+zenways.io, 1
+zeocax.com, 0
+zep.us, 1
+zephyrbk.com, 1
+zephyrbookkeeping.com, 1
+zephyretcoraline.com, 1
+zepig.nl, 1
+zeplin.io, 1
+zeppelflix.de, 1
+zeppelin.ml, 1
+zepta.net, 1
+zepter.cf, 1
+zepter.ga, 1
+zepter.gq, 1
+zepter.ml, 1
+zer0.de, 0
+zercutie.com, 1
+zerg.uk, 1
+zergy.net, 1
+zerium.ml, 1
+zerknij.tv, 1
+zerm.eu, 1
+zerm.link, 1
+zero-knigi.ml, 1
+zero-link.com, 1
+zero-stress.net, 1
+zero-sum.xyz, 1
+zerobelow.net, 1
+zerobelow.org, 1
+zerobounce.net, 1
+zerocalc.be, 1
+zerocash.msk.ru, 1
+zerocms.fr, 1
+zerocomputer.tk, 1
+zerocool.io, 1
+zerocz.eu, 0
+zerodeathsmd.gov, 1
+zerodensity.tv, 1
+zerodhareview.co, 1
+zerodoubtclub.com, 1
+zerofox.gq, 1
+zerofy.de, 0
+zerogamestore.ir, 1
+zerohash.com, 1
+zerohouse.co, 1
+zeroknowledge.me, 1
+zeroland.top, 1
+zerolime.se, 1
+zerolink.click, 1
+zerolink.es, 1
+zeromaxmoving.com, 1
+zeromedia.co.id, 1
+zeromoment.marketing, 1
+zeronedefi.com, 1
+zeronet.io, 1
+zeroplast24.ru, 1
+zeropoint.bg, 1
+zerosector.io, 1
+zeroseteatacado.com.br, 1
+zerotoleranceclan.tk, 1
+zerotoone.de, 1
+zerotrust.plus, 1
+zerotwo.ga, 1
+zerout.in, 0
+zerowastesonoma.gov, 1
+zeroz.cf, 1
+zeroz.ga, 1
+zeroz.gq, 1
+zeroz.ml, 1
+zerozero.gq, 1
+zertif.info, 1
+zertifikatsshop.de, 1
+zerto.com, 1
+zerty.de, 0
+zeryn.net, 1
+zesgoes.nl, 1
+zeshanfoundation.org, 0
+zespia.tw, 0
+zestedesavoir.com, 1
+zesty.co, 1
+zestylemon.co.uk, 1
+zeta.co.za, 1
+zeta.hk, 1
+zetadisseny.es, 1
+zetaglobal.com, 0
+zetamode.com, 1
+zetasystem.jp, 1
+zetflix.pro, 1
+zetflix.zone, 1
+zetokatowice.pl, 1
+zettahertz.com, 1
+zettaplan.ru, 1
+zettaport.com, 1
+zettlmeissl.de, 1
+zety.com, 1
+zety.es, 1
+zety.fr, 1
+zeus.gent, 1
+zeus.wang, 1
+zeuscorp.ga, 1
+zeusec.co.jp, 1
+zeusembroidery.com.au, 1
+zeusindia.tk, 1
+zevelev.net, 1
+zevenbergenbos.tk, 1
+zevlee.me, 1
+zewtie.com, 1
+zeynabacademy.com, 1
+zeyneleroglu.com.tr, 1
+zeyoking.com, 1
+zezov.com, 1
+zf.com, 1
+zfast.com.br, 1
+zfg.li, 1
+zfid.pl, 1
+zfj.hk, 1
+zfj.la, 0
+zfj.lu, 0
+zfl-site.top, 1
+zfly.me, 1
+zfpsystems.com, 1
+zfree.co.nz, 1
+zfxhzc.blog, 1
+zfyl8.com, 1
+zg-dyw.net, 1
+zgan.ga, 1
+zgmining.com, 0
+zgndh.com, 1
+zgrep.org, 1
+zgyl8.ml, 1
+zh.fyi, 1
+zh.search.yahoo.com, 0
+zhabababa.gq, 1
+zhabagly.com, 1
+zhabthra.com, 1
+zhamolov.tk, 1
+zhan.moe, 1
+zhana-auen.tk, 1
+zhang-hao.com, 1
+zhang.fm, 1
+zhang.ge, 1
+zhang14386.love, 1
+zhangda.xyz, 1
+zhangfangzhou.com, 1
+zhanghao.me, 0
+zhanghao.org, 1
+zhangjet.com, 1
+zhangjing.space, 1
+zhanglizhi.ml, 1
+zhangmenglong.cn, 1
+zhangpeng.ai, 1
+zhangwendao.com, 1
+zhangyiming.tech, 1
+zhangyuhao.com, 0
+zhankon.com, 0
+zhanxiangyang.com, 1
+zhanzhangb.com, 1
+zhaochen.xyz, 1
+zhaochengtan.com, 1
+zhaodao.ai, 1
+zhaoeq.com, 1
+zhaofeng.li, 0
+zhaohanman.com, 1
+zhaojin97.cn, 0
+zhaopage.com, 1
+zhaostephen.com, 1
+zhaoxixiangban.cc, 1
+zhattyt.com, 0
+zhbot.org, 1
+zhceres.com, 1
+zhcexo.com, 1
+zhdun.tk, 1
+zhelanie.ml, 1
+zheldor-dance.ga, 1
+zheldorinform.ga, 1
+zheltyy.at, 1
+zhen-chen.com, 1
+zhengjie.com, 1
+zhengouwu.com, 1
+zhenic.ir, 1
+zhenn.fr, 1
+zhenyan.org, 1
+zhestokiemechtyi.tk, 1
+zhestokijavtor.tk, 1
+zhi.ci, 1
+zhiboba.fun, 1
+zhidkiy-kashtan.ga, 1
+zhih.me, 1
+zhihua-lai.com, 1
+zhijikaoyan.com, 1
+zhikin.com, 1
+zhiku8.com, 1
+zhima.io, 1
+zhimajk.com, 1
+zhimingwang.org, 1
+zhina.wiki, 1
+zhinood.com, 1
+zhis.ltd, 1
+zhitanska.com, 1
+zhivoe.tk, 1
+zhixiu.com, 1
+zhiyulife.pp.ua, 1
+zhizi.ca, 1
+zhl123.com, 1
+zhodani.space, 1
+zhodino.cf, 1
+zhodino.ga, 1
+zhongai.com, 1
+zhongqiao.com, 1
+zhongxigo.com, 1
+zhongzicili.ws, 1
+zhongzilou.com, 1
+zhouba.cz, 1
+zhoujianghan.com, 0
+zhoujiashu.com, 1
+zhoujunlawer.ml, 1
+zhoukan.fun, 0
+zhoukz.com, 1
+zhousiru.com, 1
+zhoutiancai.cn, 1
+zhouyipro.com, 1
+zhouzanxi.com, 1
+zhovner.com, 1
+zhthings.com, 1
+zhuangqiu.com, 1
+zhuji.com, 1
+zhuji.com.cn, 1
+zhuji.org, 1
+zhuji5.com, 1
+zhujicaihong.com, 1
+zhujiceping.com, 1
+zhujike.com, 1
+zhujike.net, 1
+zhukaev.ml, 1
+zhuktrans.msk.ru, 1
+zhunlink.com, 1
+zhuoyuelicai.com, 1
+zhuqiang.com, 1
+zhurnalyu.ga, 1
+zhz.moe, 1
+zi.is, 1
+zi5.net, 1
+ziad87.net, 0
+ziai.cf, 1
+ziai.ga, 1
+ziai.gq, 1
+ziai.ml, 1
+ziaiai.com, 1
+ziarajoias.com.br, 1
+ziaulnmonzur.tk, 1
+zidanpainting.com, 0
+ziddea.com, 1
+ziegenhagel.com, 1
+ziegler-heizung-frankfurt.de, 1
+ziemlich-zackig.de, 1
+ziemlichzackig.de, 1
+zifoapptest.com, 1
+ziftone.com, 1
+zigao.info, 1
+zigarn.com, 1
+ziggi.tk, 1
+ziggletech.com, 1
+ziggo.nl, 1
+zighinetto.org, 1
+zigoomar.tk, 1
+zigottos.fr, 1
+zigsphere.com, 0
+zigzagmart.com, 1
+zihao.me, 0
+zihari.com, 1
+zihun.club, 1
+zij-aan-zij.be, 1
+zijinbor.com, 1
+zijingbt.cn, 1
+zijingbt.com, 1
+zijingbt.net, 1
+zijn.co.zw, 1
+zijspancross.tk, 1
+zikinf.com, 1
+zikipedia.ml, 1
+zikirakhirzaman.com, 1
+ziledelaultimagafaavioricai.ro, 1
+ziliotti.com.br, 1
+zilla-sushi.tk, 1
+zillertaleralpen.net, 1
+zilon.com.co, 1
+zilore.com, 1
+zilpay.io, 1
+zilsen.com, 1
+zilsoft.net, 0
+zilv.life, 1
+zilver.nl, 1
+zilverwater.tk, 1
+zima-lito.tk, 1
+zima.io, 1
+zimaoxy.com, 1
+zimbromotor.pt, 1
+zimhosiery.com, 1
+zimiao.moe, 1
+zimkaru.ga, 1
+zimmer-voss.de, 1
+zimperium.com, 1
+zinabnews.tk, 1
+zinchenko.gq, 1
+zindagilive.tk, 1
+zindec.com, 1
+zinewords.com, 1
+zingermans.com, 1
+zinglix.xyz, 1
+zingpetfood.com, 1
+zinhar.tk, 1
+zinkmetselwerken.nl, 1
+zinniazorgverlening.nl, 1
+zinnov.com, 1
+zinnowitzer-ferienwohnung.de, 1
+zinsserplasticsurgery.com, 1
+zio-enzo.eu, 1
+zion-craft.tk, 1
+zionaesthetics.com.sg, 1
+ziondrive.com.br, 1
+zionladderp.com, 1
+zionsvillelocksmiths.com, 1
+zip, 1
+zip4.pl, 1
+zipalerts.com, 1
+ziparcfhive.ga, 1
+zipatlas.com, 1
+zipjobs.com, 1
+zipkey.de, 1
+zippie.tk, 1
+zippo-days.me, 0
+zippricami.com, 1
+zippyshare.com, 1
+ziprecruiter.com, 1
+ziqijiang.com, 0
+zir-online.com, 1
+zir.com.ua, 1
+ziraatweb.com, 1
+zircly.com, 1
+zireon.tk, 1
+zirka24.net, 1
+ziroh.be, 1
+ziroux.net, 1
+zirrka.de, 1
+zisoo.nl, 1
+zistemo.com, 1
+zitadel.ch, 0
+zitadel.cloud, 1
+zitadel.com, 1
+zithromaxstrepthroat.gq, 1
+zitseng.com, 1
+zitstabureau24.nl, 1
+zivava.ge, 1
+zivimexico.com, 1
+zivot.org, 1
+zivotbezkrutosti.cz, 1
+zivotsdietou.cz, 1
+zivyruzenec.cz, 1
+zixiao.wang, 1
+zixin.com, 1
+ziz.exchange, 0
+ziz.nl, 1
+zizcollections.com, 1
+zizibook.ml, 1
+zizin.tk, 1
+zizoled.com, 1
+zjawa.pro, 1
+zjc3.com, 1
+zjeunesse.com, 1
+zjsnrwiki.com, 1
+zju.tv, 1
+zjuqsc.com, 1
+zjy7722.ml, 1
+zjyoulian.cn, 1
+zk.gd, 1
+zk9.nl, 1
+zkbitcoin.com, 1
+zking.ga, 1
+zklcdc.top, 0
+zko.pub, 1
+zkocdn.com, 1
+zkoclub.cn, 1
+zkoclub.com, 1
+zkontrolujsiauto.cz, 1
+zkrd.de, 1
+zkvi.nl, 1
+zkwolf.top, 1
+zl-19.com, 1
+zl-29.com, 1
+zl-59.com, 1
+zl-89.com, 1
+zl.lv, 1
+zl0707.com, 1
+zl071.com, 1
+zl0909.com, 1
+zl0iu.com, 1
+zl1212.com, 1
+zl1515.com, 1
+zl2020.com, 1
+zl2020.vip, 1
+zl2121.com, 1
+zl2727.com, 1
+zl2929.com, 1
+zl2toy.com, 1
+zl335.com, 1
+zl3737.com, 1
+zl4231.com, 1
+zl4290.com, 1
+zl5151.com, 1
+zl6161.com, 1
+zl6868.com, 1
+zl7070.com, 1
+zl7077.com, 1
+zl7171.com, 1
+zl7979.com, 1
+zl8383.com, 1
+zl850.com, 1
+zl861.com, 1
+zl8686.com, 1
+zl8787.com, 1
+zl8824.com, 1
+zl9191.com, 1
+zl969.com, 1
+zl9696.com, 1
+zl9898.com, 1
+zlarin.tk, 1
+zlatakus.cz, 1
+zlatamira.ru, 1
+zlatan-ibrahimovic.tk, 1
+zlatanonline.tk, 1
+zlato.ua, 1
+zlatograd.bg, 1
+zlatom.ru, 1
+zlatopil.com, 0
+zlavomat.sk, 1
+zlc1994.com, 1
+zlhuodong.vip, 1
+zlima12.com, 1
+zlogin.nl, 1
+zlotykameleon.tk, 1
+zlotyslawecin.tk, 1
+zloybot.tk, 1
+zlpa.loan, 1
+zlr.hu, 1
+zlypi.com, 1
+zman.co.il, 1
+zmarta.de, 1
+zmarta.dk, 1
+zmarta.org, 1
+zmartagroup.com, 1
+zmartagroup.fi, 1
+zmartagroup.no, 1
+zmartagroup.se, 1
+zmc.com.sa, 1
+zmessages.com, 0
+zmeya.tk, 1
+zmgroup.cz, 1
+zmiguel.me, 1
+zmk.fr, 1
+zmprjg.ml, 1
+zms-qs.de, 1
+zmuda.tk, 1
+zmy.im, 0
+zmy666.com, 1
+znachenie-sna.cf, 1
+znachenie-sna.ga, 1
+znachenie-sna.ml, 1
+znachenie-sna.tk, 1
+znaj.ua, 1
+znajdzprzodka.pl, 1
+znakomim.cf, 1
+znakomstva-2013.tk, 1
+znakomstva.gq, 1
+znakomstvablogs.tk, 1
+znakomstvatochka.tk, 1
+znakomstvo.tk, 1
+znalec-okna.cz, 1
+znanie-sila.tk, 1
+znanio.ru, 1
+znanium.com, 1
+znaniya.cf, 1
+znanje.gq, 1
+znation.nl, 1
+znau.ru, 1
+znbr.com, 1
+znd.jp, 1
+znhglobalresources.com, 1
+znich.tk, 1
+znidar.org, 1
+zniis.ru, 1
+zning.net.cn, 1
+znjc.top, 1
+znowuwrocisz.pl, 1
+znwvw.net, 1
+zobraz.cz, 1
+zochowskiplasticsurgery.com, 1
+zockenbiszumumfallen.de, 1
+zocode.tk, 1
+zocoxx.com, 1
+zode.co, 1
+zodgame.fun, 0
+zodgame.xyz, 1
+zodiac.rs, 1
+zodiacohouses.com, 1
+zodiaconline.com, 1
+zodiak.tk, 1
+zoedijital.com, 1
+zoefmasters.be, 1
+zoepolitics.cf, 1
+zoepolitics.ga, 1
+zoepolitics.gq, 1
+zoepolitics.ml, 1
+zoeyachicstore.biz.id, 1
+zoeyvid.de, 1
+zof.kh.ua, 1
+zoflora.co.uk, 1
+zofran-medication.cf, 1
+zofran.ga, 1
+zofran.gq, 1
+zofrancost.ga, 1
+zofrangeneric.ga, 1
+zofranprice.ga, 1
+zofrex.com, 0
+zofzpcb.com, 1
+zogatest.tk, 1
+zogevikst.nl, 1
+zohditech.com, 1
+zoidberg.tv, 1
+zoigl.club, 1
+zoisfinefood.fr, 1
+zojadravai.com, 1
+zok-ambicija.tk, 1
+zokdl.zp.ua, 1
+zoki.art, 1
+zoko.tk, 1
+zokuomthawn.tk, 1
+zollernalbtour.de, 1
+zollo-hauswartung.ch, 1
+zollprozess.ch, 1
+zoloft-medication.ml, 1
+zoloftmedication.gq, 1
+zoloftpills.tk, 1
+zoloftprice.cf, 1
+zolotie-ptichki.tk, 1
+zolotistyi-kofe.gq, 1
+zolotoinform.ru, 1
+zolotoioasis.ml, 1
+zolotoy-standart.com.ua, 1
+zoltanmatanyi.com, 1
+zolucky.com, 1
+zolushka-1950.tk, 1
+zolw.info, 1
+zom.bi, 1
+zomatree.live, 1
+zombie-40th.com, 1
+zombie.cam, 1
+zombieclown.com, 1
+zombiecrowinc.tk, 1
+zombielandkf.tk, 1
+zombieloadattack.com, 1
+zombiemix.tk, 1
+zombiepassions.com, 1
+zombiesecured.com, 1
+zombmage.tk, 1
+zomerschoen.nl, 1
+zomiac.pp.ua, 1
+zona-bellepop.tk, 1
+zona-japonesa.tk, 1
+zonadetestes.com, 1
+zonadjadoel.com, 1
+zonagioco.it, 1
+zonagratisan.ga, 1
+zonainuyasha.tk, 1
+zonanews.tk, 1
+zonaperu.tk, 1
+zonaquimica.tk, 1
+zonarumbera.tk, 1
+zonatelevision.tk, 1
+zondervanacademic.com, 1
+zone-de-confiance.fr, 1
+zone-hack.tk, 1
+zone.ee, 1
+zone.eu, 0
+zone.fi, 0
+zone3000.tk, 1
+zone39.com, 1
+zoneadsl.com, 1
+zoneaffiliation.com, 1
+zoneblog.tk, 1
+zonecheck.org, 1
+zonecloud.ee, 1
+zonediary.com, 1
+zonehomesolutions.com, 1
+zonemaster.fr, 1
+zonemaster.net, 1
+zonepdf.com, 1
+zones.com, 1
+zonesec.org, 1
+zonesons.com, 1
+zonewatcher.com, 1
+zongboao.com, 1
+zongheng3d.com, 1
+zonglovani.info, 1
+zongzi.zone, 1
+zonky.cz, 1
+zonky.de, 1
+zonneglossis.tk, 1
+zonnenberg.de, 1
+zonnigzieuwent.nl, 1
+zontractors.com, 1
+zoo-dog.ru, 1
+zoo-tver.ru, 1
+zoo.org.au, 1
+zoo24.de, 1
+zooforum.tk, 1
+zoogbook.ml, 1
+zooish.net, 1
+zook.pw, 1
+zook.systems, 1
+zook.tk, 1
+zookids.uy, 1
+zoola.io, 1
+zoolaboo.de, 1
+zooll.net, 1
+zoological-gardens.eu, 1
+zoom-eco.net, 1
+zoom.earth, 1
+zoomaal.com, 1
+zoomcar.pro, 1
+zoomek.com, 1
+zoomerhost.com, 1
+zoomgov.com, 1
+zoomir-ra.ru, 1
+zoomsphere.com, 1
+zoones.net, 1
+zooom.azurewebsites.net, 1
+zooom2.azurewebsites.net, 1
+zoop.ml, 0
+zooparadies.eu, 1
+zoopix.ir, 1
+zooplankton.no, 1
+zoosfera12.ru, 1
+zoot.org, 1
+zootime.net, 1
+zootime.org, 1
+zoowiki.us, 1
+zooxdata.com, 1
+zopyx.com, 1
+zor.com, 1
+zorasvobodova.cz, 1
+zorgclustertool.nl, 1
+zorgenvoorandrea.be, 1
+zorgenvoorherena.be, 1
+zorgenvoorjean.be, 1
+zorgenvoormaria.be, 1
+zorghuys.nl, 1
+zorgnetwerkenabr.nl, 1
+zorgonderwijsnu.nl, 1
+zorgvanoranje.nl, 0
+zorgverzekeringslijn.nl, 1
+zorig.ch, 1
+zorkin.uz, 1
+zornica.tk, 1
+zorntt.fr, 0
+zorox.sex, 1
+zorro.management, 1
+zorte.net, 1
+zorz.info, 1
+zorzorfm.ml, 1
+zoske.it, 1
+zotan.email, 1
+zotan.network, 1
+zotan.photography, 1
+zotan.photos, 1
+zotan.pictures, 1
+zotan.services, 1
+zotan.stream, 1
+zotan.studio, 1
+zotan.systems, 1
+zotero.org, 1
+zoto.ga, 1
+zottika.com, 1
+zotum.net, 1
+zouaouitransport.fr, 1
+zoubaa.de, 0
+zouk.info, 1
+zouyaoji.top, 1
+zova.io, 1
+zovirax-cream.gq, 1
+zovirax-cream.ml, 1
+zovoscitvfu.cz, 1
+zowe.ru, 1
+zoyride.com, 1
+zoznamka.tk, 1
+zoznamrealit.sk, 1
+zozzle.co.uk, 1
+zp25.ninja, 1
+zpapieru.pl, 1
+zpasathagroup.com, 1
+zpc.st, 1
+zphmetalus.pl, 1
+zpider.cloud, 1
+zporno.sex, 1
+zpozdeno.cz, 1
+zpozdrowieniem.pl, 1
+zprogramming.tk, 1
+zq.com.sg, 1
+zqwqz.org, 1
+zrali.com, 1
+zravyobrazky.cz, 1
+zravypapir.cz, 1
+zrejstejna.cz, 1
+zrgmedical.com, 1
+zrinski.tk, 1
+zrkhosting.com, 1
+zrkr.de, 1
+zrniecka-pre-sny.sk, 1
+zrnieckapresny.sk, 1
+zrobysama.com.ua, 1
+zrs-meissen.de, 1
+zry.io, 1
+zs6688.cc, 0
+zsaqwq.com, 1
+zscaler.es, 1
+zscales.com, 0
+zsdublovice.cz, 1
+zseartcc.org, 1
+zselicivt.hu, 1
+zshmvp.com, 1
+zsien.cn, 1
+zsnm.pl, 1
+zsofit.com.au, 1
+zsoltbereczki.tk, 1
+zsplesivec.cz, 1
+zsq.im, 1
+zsrbcs.com, 1
+zstgmnachod.cz, 1
+zsyaolong.com, 0
+zt360.net, 1
+zta.training, 1
+ztable.io, 1
+ztctarrin.com, 1
+zten.org, 1
+ztickerz.nl, 1
+ztmovies.cf, 1
+ztn.sh, 1
+ztu75.ru, 1
+ztv.su, 1
+ztylez.com, 1
+zuan-in.com, 1
+zuan-in.net, 1
+zubby.com, 1
+zubel.it, 0
+zubenciy.tk, 1
+zubilo-perm.ru, 1
+zubnivodni.cz, 1
+zubprotez.ru, 1
+zubr.net, 1
+zubro.net, 0
+zucalgrappe.it, 1
+zudomc.me, 1
+zuefle.net, 1
+zuehlcke.de, 1
+zuehlke-coaching.de, 1
+zuffel.com, 1
+zufuribita.tk, 1
+zug-anwalt.de, 0
+zugspitz-region-gmbh.de, 1
+zuhausejobs.at, 1
+zuhausejobs.com, 1
+zuhauserealestate.com, 0
+zuhur2021.tk, 1
+zui.moe, 1
+zuiai.tv, 1
+zuiderlokaal.nl, 1
+zuidplein.nl, 1
+zuijia.com, 1
+zuim.de, 1
+zuitaotu.com, 1
+zuivelonline.nl, 1
+zuiverjegeest.nl, 1
+zukonar.ru, 1
+zukong.party, 1
+zukunft-mobilitaet.net, 1
+zukunftswege.at, 1
+zula.africa, 1
+zulaoyun.ml, 1
+zulfumehmet.tk, 1
+zulu.id, 1
+zulu.ro, 1
+zum-baur.de, 1
+zum-ziegenhainer.de, 1
+zumba-oostende.be, 1
+zumba.com, 1
+zumberak.tk, 1
+zummoricambi.com, 1
+zumtaedanceschool.co.za, 1
+zumturm.org, 1
+zumub.com, 1
+zumwildenaffen.com, 1
+zund-app.com, 1
+zundapp.one, 1
+zundapp529.nl, 1
+zundappachterhoek.nl, 1
+zunlong0.com, 1
+zuoai.net, 1
+zuomin.tk, 1
+zupit.it, 1
+zuppy.pm, 1
+zurgl.com, 1
+zurich.co.uk, 1
+zurmas-design.tk, 1
+zuru.ml, 1
+zuru.tk, 1
+zusammen-grossartig.de, 1
+zusjesvandenbos.nl, 1
+zuss.tk, 1
+zusterjansen.nl, 1
+zutobi.com, 0
+zuu.fi, 1
+zuviel.space, 1
+zuyzi.com, 1
+zuzulatomas.eu, 1
+zuzumba.es, 1
+zvcdn.de, 1
+zvejonys.lt, 1
+zverovod.info, 1
+zverskij-site.tk, 1
+zvezdy-porno.ml, 1
+zvps.uk, 1
+zvukipro.com, 1
+zvvtheboys.tk, 1
+zvxr.net, 1
+zvz.im, 1
+zwartendijkstalling.nl, 1
+zwedenautohuur.nl, 1
+zwemclub-rob.nl, 1
+zwemschooldezwaantjes.tk, 1
+zwergenfeste.ch, 1
+zwergenfreiheit.at, 1
+zwerimex.com, 1
+zwerkandsons.com, 1
+zwhblog.xyz, 0
+zwickau.de, 1
+zwilla.de, 1
+zwit.au, 1
+zwit.org, 1
+zwitserlandautohuur.nl, 1
+zwitterion.au, 1
+zwitterion.org, 1
+zwk.de, 1
+zwofroue.ch, 1
+zwollemag.nl, 1
+zwollemagazine.nl, 1
+zwrotzalot.pl, 1
+zwy.ch, 0
+zwyr157wwiu6eior.com, 1
+zwz.cz, 1
+zx1168.com, 0
+zxcs.wiki, 1
+zxdsj1.com, 1
+zxe.com.br, 1
+zxfiles.tk, 1
+zxity.co.uk, 1
+zxity.ltd, 1
+zxity.uk, 1
+zxssl.com, 0
+zxtcode.com, 1
+zy.md, 1
+zy.si, 1
+zybbo.com, 0
+zycao.com, 0
+zycie.news, 1
+zyciedirect.pl, 1
+zyciepl.com, 1
+zycjd.com, 0
+zycrypto.com, 1
+zydecozityradio.tk, 1
+zydronium.com, 1
+zydronium.nl, 1
+zyex.vip, 1
+zygfrydadamski.tk, 1
+zygmuntsergio.com, 1
+zygozoon.com, 1
+zyiaactive.com, 1
+zylai.com, 1
+zylai.net, 1
+zylo.com, 1
+zymewire.com, 1
+zymmm.com, 1
+zyno.space, 1
+zypernreisen.com, 1
+zypr.pw, 1
+zyrex.eu.org, 1
+zyrexsolutions.com, 1
+zyria.de, 1
+zyrillezuno.com, 1
+zyshow.co, 1
+zyshow.net, 1
+zythom.fr, 1
+zythromax.ga, 1
+zyul.ddns.net, 1
+zywave.co.uk, 1
+zyx3d.tk, 1
+zyzardx.com, 1
+zz5197.co, 1
+zz6729.co, 1
+zz6729.com, 0
+zz6957.co, 1
+zz772.com, 0
+zz9297.co, 1
+zz9397.com, 1
+zz9721.com, 0
+zz9728.co, 1
+zz993.com, 1
+zzcc.de, 0
+zzcc.loan, 1
+zzekj.net, 1
+zzf.red, 1
+zzops.eu, 1
+zzops.net, 1
+zzops.nl, 1
+zzops.org, 1
+zzphuis.nl, 1
+zzsec.org, 1
+zzw.ca, 1
+zzz-diary.com, 1
+zzzmode.com, 1
+zzzz365.com, 0
+zzzzz.click, 1
+%%
diff --git a/security/manager/ssl/nsSecureBrowserUI.cpp b/security/manager/ssl/nsSecureBrowserUI.cpp
new file mode 100644
index 0000000000..b4de1a331f
--- /dev/null
+++ b/security/manager/ssl/nsSecureBrowserUI.cpp
@@ -0,0 +1,162 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSecureBrowserUI.h"
+
+#include "mozilla/Assertions.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Unused.h"
+#include "mozilla/dom/Document.h"
+#include "nsContentUtils.h"
+#include "nsIChannel.h"
+#include "nsDocShell.h"
+#include "nsIDocShellTreeItem.h"
+#include "nsGlobalWindow.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIWebProgress.h"
+#include "nsNetUtil.h"
+#include "mozilla/dom/CanonicalBrowsingContext.h"
+#include "mozilla/dom/WindowGlobalParent.h"
+#include "mozilla/dom/Element.h"
+#include "nsIBrowser.h"
+
+using namespace mozilla;
+using namespace mozilla::dom;
+
+LazyLogModule gSecureBrowserUILog("nsSecureBrowserUI");
+
+nsSecureBrowserUI::nsSecureBrowserUI(CanonicalBrowsingContext* aBrowsingContext)
+    : mState(0) {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  // The BrowsingContext will own the SecureBrowserUI object, we keep a weak
+  // ref.
+  mBrowsingContextId = aBrowsingContext->Id();
+}
+
+NS_IMPL_ISUPPORTS(nsSecureBrowserUI, nsISecureBrowserUI,
+                  nsISupportsWeakReference)
+
+NS_IMETHODIMP
+nsSecureBrowserUI::GetState(uint32_t* aState) {
+  MOZ_ASSERT(NS_IsMainThread());
+  NS_ENSURE_ARG(aState);
+
+  MOZ_LOG(gSecureBrowserUILog, LogLevel::Debug,
+          ("GetState %p mState: %x", this, mState));
+  *aState = mState;
+  return NS_OK;
+}
+
+void nsSecureBrowserUI::RecomputeSecurityFlags() {
+  // Our BrowsingContext either has a new WindowGlobalParent, or the
+  // existing one has mutated its security state.
+  // Recompute our security state and fire notifications to listeners
+
+  RefPtr<WindowGlobalParent> win = GetCurrentWindow();
+  mState = nsIWebProgressListener::STATE_IS_INSECURE;
+
+  // Only https is considered secure (it is possible to have e.g. an http URI
+  // with a channel that has a securityInfo that indicates the connection is
+  // secure - e.g. h2/alt-svc or by visiting an http URI over an https proxy).
+  nsCOMPtr<nsITransportSecurityInfo> securityInfo;
+  if (win && win->GetIsSecure()) {
+    securityInfo = win->GetSecurityInfo();
+    if (securityInfo) {
+      MOZ_LOG(gSecureBrowserUILog, LogLevel::Debug,
+              ("  we have a security info %p", securityInfo.get()));
+
+      nsresult rv = securityInfo->GetSecurityState(&mState);
+
+      // If the security state is STATE_IS_INSECURE, the TLS handshake never
+      // completed. Don't set any further state.
+      if (NS_SUCCEEDED(rv) &&
+          mState != nsIWebProgressListener::STATE_IS_INSECURE) {
+        MOZ_LOG(gSecureBrowserUILog, LogLevel::Debug,
+                ("  set mTopLevelSecurityInfo"));
+        bool isEV;
+        rv = securityInfo->GetIsExtendedValidation(&isEV);
+        if (NS_SUCCEEDED(rv) && isEV) {
+          MOZ_LOG(gSecureBrowserUILog, LogLevel::Debug, ("  is EV"));
+          mState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL;
+        }
+      }
+    }
+  }
+
+  // Add upgraded-state flags when request has been
+  // upgraded with HTTPS-Only Mode
+  if (win) {
+    // Check if top-level load has been upgraded
+    uint32_t httpsOnlyStatus = win->HttpsOnlyStatus();
+    if (!(httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_UNINITIALIZED) &&
+        !(httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT)) {
+      mState |= nsIWebProgressListener::STATE_HTTPS_ONLY_MODE_UPGRADED;
+    }
+    // Add the secruity flags from the window
+    mState |= win->GetSecurityFlags();
+  }
+
+  // If we have loaded mixed content and this is a secure page,
+  // then clear secure flags and add broken instead.
+  static const uint32_t kLoadedMixedContentFlags =
+      nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT |
+      nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT;
+  if (win && win->GetIsSecure() && (mState & kLoadedMixedContentFlags)) {
+    // reset state security flag
+    mState = mState >> 4 << 4;
+    // set state security flag to broken, since there is mixed content
+    mState |= nsIWebProgressListener::STATE_IS_BROKEN;
+  }
+
+  RefPtr<CanonicalBrowsingContext> ctx =
+      CanonicalBrowsingContext::Get(mBrowsingContextId);
+  if (!ctx) {
+    return;
+  }
+
+  if (ctx->GetDocShell()) {
+    nsDocShell* nativeDocShell = nsDocShell::Cast(ctx->GetDocShell());
+    nativeDocShell->nsDocLoader::OnSecurityChange(nullptr, mState);
+  } else if (ctx->GetWebProgress()) {
+    ctx->GetWebProgress()->OnSecurityChange(nullptr, nullptr, mState);
+  }
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUI::GetIsSecureContext(bool* aIsSecureContext) {
+  MOZ_ASSERT(NS_IsMainThread());
+  NS_ENSURE_ARG(aIsSecureContext);
+
+  if (WindowGlobalParent* parent = GetCurrentWindow()) {
+    *aIsSecureContext = parent->GetIsSecureContext();
+  } else {
+    *aIsSecureContext = false;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUI::GetSecInfo(nsITransportSecurityInfo** result) {
+  MOZ_ASSERT(NS_IsMainThread());
+  NS_ENSURE_ARG_POINTER(result);
+
+  if (WindowGlobalParent* parent = GetCurrentWindow()) {
+    *result = parent->GetSecurityInfo();
+  }
+  NS_IF_ADDREF(*result);
+
+  return NS_OK;
+}
+
+WindowGlobalParent* nsSecureBrowserUI::GetCurrentWindow() {
+  RefPtr<CanonicalBrowsingContext> ctx =
+      CanonicalBrowsingContext::Get(mBrowsingContextId);
+  if (!ctx) {
+    return nullptr;
+  }
+  return ctx->GetCurrentWindowGlobal();
+}
diff --git a/security/manager/ssl/nsSecureBrowserUI.h b/security/manager/ssl/nsSecureBrowserUI.h
new file mode 100644
index 0000000000..a71d9ebde4
--- /dev/null
+++ b/security/manager/ssl/nsSecureBrowserUI.h
@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSecureBrowserUIImpl_h
+#define nsSecureBrowserUIImpl_h
+
+#include "nsCOMPtr.h"
+#include "nsISecureBrowserUI.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIWebProgressListener.h"
+#include "nsWeakReference.h"
+
+class nsITransportSecurityInfo;
+class nsIChannel;
+
+namespace mozilla {
+namespace dom {
+class Document;
+class WindowGlobalParent;
+class CanonicalBrowsingContext;
+}  // namespace dom
+}  // namespace mozilla
+
+#define NS_SECURE_BROWSER_UI_CID                     \
+  {                                                  \
+    0xcc75499a, 0x1dd1, 0x11b2, {                    \
+      0x8a, 0x82, 0xca, 0x41, 0x0a, 0xc9, 0x07, 0xb8 \
+    }                                                \
+  }
+
+class nsSecureBrowserUI : public nsISecureBrowserUI,
+                          public nsSupportsWeakReference {
+ public:
+  explicit nsSecureBrowserUI(
+      mozilla::dom::CanonicalBrowsingContext* aBrowsingContext);
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSISECUREBROWSERUI
+
+  void RecomputeSecurityFlags();
+
+ protected:
+  virtual ~nsSecureBrowserUI() = default;
+
+  mozilla::dom::WindowGlobalParent* GetCurrentWindow();
+
+  uint32_t mState;
+  uint64_t mBrowsingContextId;
+};
+
+#endif  // nsSecureBrowserUIImpl_h
diff --git a/security/manager/ssl/nsSecurityHeaderParser.cpp b/security/manager/ssl/nsSecurityHeaderParser.cpp
new file mode 100644
index 0000000000..d9d9d48bc0
--- /dev/null
+++ b/security/manager/ssl/nsSecurityHeaderParser.cpp
@@ -0,0 +1,206 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSecurityHeaderParser.h"
+#include "mozilla/Logging.h"
+
+// The character classes in this file are informed by [RFC2616], Section 2.2.
+// signed char is a signed data type one byte (8 bits) wide, so its value can
+// never be greater than 127. The following implicitly makes use of this.
+
+// A token is one or more CHAR except CTLs or separators.
+// A CHAR is any US-ASCII character (octets 0 - 127).
+// A CTL is any US-ASCII control character (octets 0 - 31) and DEL (127).
+// A separator is one of ()<>@,;:\"/[]?={} as well as space and
+// horizontal-tab (32 and 9, respectively).
+// So, this returns true if chr is any octet 33-126 except ()<>@,;:\"/[]?={}
+bool IsTokenSymbol(signed char chr) {
+  if (chr < 33 || chr == 127 || chr == '(' || chr == ')' || chr == '<' ||
+      chr == '>' || chr == '@' || chr == ',' || chr == ';' || chr == ':' ||
+      chr == '"' || chr == '/' || chr == '[' || chr == ']' || chr == '?' ||
+      chr == '=' || chr == '{' || chr == '}' || chr == '\\') {
+    return false;
+  }
+  return true;
+}
+
+// A quoted-string consists of a quote (") followed by any amount of
+// qdtext or quoted-pair, followed by a quote.
+// qdtext is any TEXT except a quote.
+// TEXT is any 8-bit octet except CTLs, but including LWS.
+// quoted-pair is a backslash (\) followed by a CHAR.
+// So, it turns out, \ can't really be a qdtext symbol for our purposes.
+// This returns true if chr is any octet 9,10,13,32-126 except <"> or "\"
+bool IsQuotedTextSymbol(signed char chr) {
+  return ((chr >= 32 && chr != '"' && chr != '\\' && chr != 127) ||
+          chr == 0x9 || chr == 0xa || chr == 0xd);
+}
+
+// The octet following the "\" in a quoted pair can be anything 0-127.
+bool IsQuotedPairSymbol(signed char chr) { return (chr >= 0); }
+
+static mozilla::LazyLogModule sSHParserLog("nsSecurityHeaderParser");
+
+#define SHPARSERLOG(args) MOZ_LOG(sSHParserLog, mozilla::LogLevel::Debug, args)
+
+nsSecurityHeaderParser::nsSecurityHeaderParser(const nsCString& aHeader)
+    : mCursor(aHeader.get()), mDirective(nullptr), mError(false) {}
+
+nsSecurityHeaderParser::~nsSecurityHeaderParser() {
+  nsSecurityHeaderDirective* directive;
+  while ((directive = mDirectives.popFirst())) {
+    delete directive;
+  }
+}
+
+mozilla::LinkedList<nsSecurityHeaderDirective>*
+nsSecurityHeaderParser::GetDirectives() {
+  return &mDirectives;
+}
+
+nsresult nsSecurityHeaderParser::Parse() {
+  MOZ_ASSERT(mDirectives.isEmpty());
+  SHPARSERLOG(("trying to parse '%s'", mCursor));
+
+  Header();
+
+  // if we didn't consume the entire input, we were unable to parse it => error
+  if (mError || *mCursor) {
+    return NS_ERROR_FAILURE;
+  } else {
+    return NS_OK;
+  }
+}
+
+bool nsSecurityHeaderParser::Accept(char aChr) {
+  if (*mCursor == aChr) {
+    Advance();
+    return true;
+  }
+
+  return false;
+}
+
+bool nsSecurityHeaderParser::Accept(bool (*aClassifier)(signed char)) {
+  if (aClassifier(*mCursor)) {
+    Advance();
+    return true;
+  }
+
+  return false;
+}
+
+void nsSecurityHeaderParser::Expect(char aChr) {
+  if (*mCursor != aChr) {
+    mError = true;
+  } else {
+    Advance();
+  }
+}
+
+void nsSecurityHeaderParser::Advance() {
+  // Technically, 0 is valid in quoted-pair, but we were handed a
+  // null-terminated const char *, so this doesn't handle that.
+  if (*mCursor) {
+    mOutput.Append(*mCursor);
+    mCursor++;
+  } else {
+    mError = true;
+  }
+}
+
+void nsSecurityHeaderParser::Header() {
+  Directive();
+  while (Accept(';')) {
+    Directive();
+  }
+}
+
+void nsSecurityHeaderParser::Directive() {
+  mDirective = new nsSecurityHeaderDirective();
+  LWSMultiple();
+  DirectiveName();
+  LWSMultiple();
+  if (Accept('=')) {
+    LWSMultiple();
+    DirectiveValue();
+    LWSMultiple();
+  }
+  mDirectives.insertBack(mDirective);
+  SHPARSERLOG(("read directive name '%s', value '%s'", mDirective->mName.Data(),
+               mDirective->mValue.Data()));
+}
+
+void nsSecurityHeaderParser::DirectiveName() {
+  mOutput.Truncate(0);
+  Token();
+  mDirective->mName.Assign(mOutput);
+}
+
+void nsSecurityHeaderParser::DirectiveValue() {
+  mOutput.Truncate(0);
+  if (Accept(IsTokenSymbol)) {
+    Token();
+    mDirective->mValue.Assign(mOutput);
+  } else if (Accept('"')) {
+    // Accept advances the cursor if successful, which appends a character to
+    // mOutput. The " is not part of what we want to capture, so truncate
+    // mOutput again.
+    mOutput.Truncate(0);
+    QuotedString();
+    mDirective->mValue.Assign(mOutput);
+    Expect('"');
+  }
+}
+
+void nsSecurityHeaderParser::Token() {
+  while (Accept(IsTokenSymbol))
+    ;
+}
+
+void nsSecurityHeaderParser::QuotedString() {
+  while (true) {
+    if (Accept(IsQuotedTextSymbol)) {
+      QuotedText();
+    } else if (Accept('\\')) {
+      QuotedPair();
+    } else {
+      break;
+    }
+  }
+}
+
+void nsSecurityHeaderParser::QuotedText() {
+  while (Accept(IsQuotedTextSymbol))
+    ;
+}
+
+void nsSecurityHeaderParser::QuotedPair() { Accept(IsQuotedPairSymbol); }
+
+void nsSecurityHeaderParser::LWSMultiple() {
+  while (true) {
+    if (Accept('\r')) {
+      LWSCRLF();
+    } else if (Accept(' ') || Accept('\t')) {
+      LWS();
+    } else {
+      break;
+    }
+  }
+}
+
+void nsSecurityHeaderParser::LWSCRLF() {
+  Expect('\n');
+  if (!(Accept(' ') || Accept('\t'))) {
+    mError = true;
+  }
+  LWS();
+}
+
+void nsSecurityHeaderParser::LWS() {
+  // Note that becaue of how we're called, we don't have to check for
+  // the mandatory presense of at least one of SP or HT.
+  while (Accept(' ') || Accept('\t'))
+    ;
+}
diff --git a/security/manager/ssl/nsSecurityHeaderParser.h b/security/manager/ssl/nsSecurityHeaderParser.h
new file mode 100644
index 0000000000..5cb50d425a
--- /dev/null
+++ b/security/manager/ssl/nsSecurityHeaderParser.h
@@ -0,0 +1,78 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSecurityHeaderParser_h
+#define nsSecurityHeaderParser_h
+
+#include "mozilla/LinkedList.h"
+#include "nsCOMPtr.h"
+#include "nsString.h"
+
+// Utility class for handing back parsed directives and (optional) values
+class nsSecurityHeaderDirective
+    : public mozilla::LinkedListElement<nsSecurityHeaderDirective> {
+ public:
+  nsCString mName;
+  nsCString mValue;
+};
+
+// This class parses security-related HTTP headers like
+// Strict-Transport-Security. The Augmented Backus-Naur Form syntax for this
+// header is reproduced below, for reference:
+//
+//   Strict-Transport-Security = "Strict-Transport-Security" ":"
+//                               [ directive ]  *( ";" [ directive ] )
+//
+//   directive                 = directive-name [ "=" directive-value ]
+//   directive-name            = token
+//   directive-value           = token | quoted-string
+//
+//   where:
+//
+//   token          = <token, defined in [RFC2616], Section 2.2>
+//   quoted-string  = <quoted-string, defined in [RFC2616], Section 2.2>/
+//
+// For further reference, see [RFC6797], Section 6.1
+
+class nsSecurityHeaderParser {
+ public:
+  // The input to this class must be null-terminated, and must have a lifetime
+  // greater than or equal to the lifetime of the created
+  // nsSecurityHeaderParser.
+  explicit nsSecurityHeaderParser(const nsCString& aHeader);
+  ~nsSecurityHeaderParser();
+
+  // Only call Parse once.
+  nsresult Parse();
+  // The caller does not take ownership of the memory returned here.
+  mozilla::LinkedList<nsSecurityHeaderDirective>* GetDirectives();
+
+ private:
+  bool Accept(char aChr);
+  bool Accept(bool (*aClassifier)(signed char));
+  void Expect(char aChr);
+  void Advance();
+  void Header();          // header = [ directive ] *( ";" [ directive ] )
+  void Directive();       // directive = directive-name [ "=" directive-value ]
+  void DirectiveName();   // directive-name = token
+  void DirectiveValue();  // directive-value = token | quoted-string
+  void Token();           // token = 1*<any CHAR except CTLs or separators>
+  void QuotedString();    // quoted-string = (<"> *( qdtext | quoted-pair ) <">)
+  void QuotedText();      // qdtext = <any TEXT except <"> and "\">
+  void QuotedPair();      // quoted-pair = "\" CHAR
+
+  // LWS = [CRLF] 1*( SP | HT )
+  void LWSMultiple();  // Handles *( LWS )
+  void LWSCRLF();      // Handles the [CRLF] part of LWS
+  void LWS();          // Handles the 1*( SP | HT ) part of LWS
+
+  mozilla::LinkedList<nsSecurityHeaderDirective> mDirectives;
+  const char* mCursor;
+  nsSecurityHeaderDirective* mDirective;
+
+  nsCString mOutput;
+  bool mError;
+};
+
+#endif  // nsSecurityHeaderParser_h
diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
new file mode 100644
index 0000000000..66cc8981b7
--- /dev/null
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -0,0 +1,830 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSiteSecurityService.h"
+
+#include "PublicKeyPinningService.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Base64.h"
+#include "mozilla/LinkedList.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Tokenizer.h"
+#include "mozilla/dom/PContent.h"
+#include "mozilla/dom/ToJSValue.h"
+#include "nsArrayEnumerator.h"
+#include "nsCOMArray.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsISocketProvider.h"
+#include "nsIURI.h"
+#include "nsNSSComponent.h"
+#include "nsNetUtil.h"
+#include "nsPromiseFlatString.h"
+#include "nsReadableUtils.h"
+#include "nsSecurityHeaderParser.h"
+#include "nsThreadUtils.h"
+#include "nsVariant.h"
+#include "nsXULAppAPI.h"
+#include "prnetdb.h"
+
+// A note about the preload list:
+// When a site specifically disables HSTS by sending a header with
+// 'max-age: 0', we keep a "knockout" value that means "we have no information
+// regarding the HSTS state of this host" (any ancestor of "this host" can still
+// influence its HSTS status via include subdomains, however).
+// This prevents the preload list from overriding the site's current
+// desired HSTS status.
+#include "nsSTSPreloadListGenerated.inc"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+static LazyLogModule gSSSLog("nsSSService");
+
+#define SSSLOG(args) MOZ_LOG(gSSSLog, mozilla::LogLevel::Debug, args)
+
+static const nsLiteralCString kHSTSKeySuffix = ":HSTS"_ns;
+
+////////////////////////////////////////////////////////////////////////////////
+
+namespace {
+
+class SSSTokenizer final : public Tokenizer {
+ public:
+  explicit SSSTokenizer(const nsACString& source) : Tokenizer(source) {}
+
+  [[nodiscard]] bool ReadBool(/*out*/ bool& value) {
+    uint8_t rawValue;
+    if (!ReadInteger(&rawValue)) {
+      return false;
+    }
+
+    if (rawValue != 0 && rawValue != 1) {
+      return false;
+    }
+
+    value = (rawValue == 1);
+    return true;
+  }
+
+  [[nodiscard]] bool ReadState(/*out*/ SecurityPropertyState& state) {
+    uint32_t rawValue;
+    if (!ReadInteger(&rawValue)) {
+      return false;
+    }
+
+    state = static_cast<SecurityPropertyState>(rawValue);
+    switch (state) {
+      case SecurityPropertyKnockout:
+      case SecurityPropertySet:
+      case SecurityPropertyUnset:
+        break;
+      default:
+        return false;
+    }
+
+    return true;
+  }
+};
+
+// Parses a state string like "1500918564034,1,1" into its constituent parts.
+bool ParseHSTSState(const nsCString& stateString,
+                    /*out*/ PRTime& expireTime,
+                    /*out*/ SecurityPropertyState& state,
+                    /*out*/ bool& includeSubdomains) {
+  SSSTokenizer tokenizer(stateString);
+  SSSLOG(("Parsing state from %s", stateString.get()));
+
+  if (!tokenizer.ReadInteger(&expireTime)) {
+    return false;
+  }
+
+  if (!tokenizer.CheckChar(',')) {
+    return false;
+  }
+
+  if (!tokenizer.ReadState(state)) {
+    return false;
+  }
+
+  if (!tokenizer.CheckChar(',')) {
+    return false;
+  }
+
+  if (!tokenizer.ReadBool(includeSubdomains)) {
+    return false;
+  }
+
+  if (tokenizer.CheckChar(',')) {
+    // Read now-unused "source" field.
+    uint32_t unused;
+    if (!tokenizer.ReadInteger(&unused)) {
+      return false;
+    }
+  }
+
+  return tokenizer.CheckEOF();
+}
+
+}  // namespace
+
+SiteHSTSState::SiteHSTSState(const nsCString& aHost,
+                             const OriginAttributes& aOriginAttributes,
+                             const nsCString& aStateString)
+    : mHostname(aHost),
+      mOriginAttributes(aOriginAttributes),
+      mHSTSExpireTime(0),
+      mHSTSState(SecurityPropertyUnset),
+      mHSTSIncludeSubdomains(false) {
+  bool valid = ParseHSTSState(aStateString, mHSTSExpireTime, mHSTSState,
+                              mHSTSIncludeSubdomains);
+  if (!valid) {
+    SSSLOG(("%s is not a valid SiteHSTSState", aStateString.get()));
+    mHSTSExpireTime = 0;
+    mHSTSState = SecurityPropertyUnset;
+    mHSTSIncludeSubdomains = false;
+  }
+}
+
+SiteHSTSState::SiteHSTSState(const nsCString& aHost,
+                             const OriginAttributes& aOriginAttributes,
+                             PRTime aHSTSExpireTime,
+                             SecurityPropertyState aHSTSState,
+                             bool aHSTSIncludeSubdomains)
+
+    : mHostname(aHost),
+      mOriginAttributes(aOriginAttributes),
+      mHSTSExpireTime(aHSTSExpireTime),
+      mHSTSState(aHSTSState),
+      mHSTSIncludeSubdomains(aHSTSIncludeSubdomains) {}
+
+void SiteHSTSState::ToString(nsCString& aString) {
+  aString.Truncate();
+  aString.AppendInt(mHSTSExpireTime);
+  aString.Append(',');
+  aString.AppendInt(mHSTSState);
+  aString.Append(',');
+  aString.AppendInt(static_cast<uint32_t>(mHSTSIncludeSubdomains));
+}
+
+nsSiteSecurityService::nsSiteSecurityService()
+    : mUsePreloadList(true), mPreloadListTimeOffset(0), mDafsa(kDafsa) {}
+
+nsSiteSecurityService::~nsSiteSecurityService() = default;
+
+NS_IMPL_ISUPPORTS(nsSiteSecurityService, nsIObserver, nsISiteSecurityService)
+
+nsresult nsSiteSecurityService::Init() {
+  // Don't access Preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    MOZ_ASSERT_UNREACHABLE("nsSiteSecurityService initialized off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  mUsePreloadList = mozilla::Preferences::GetBool(
+      "network.stricttransportsecurity.preloadlist", true);
+  mozilla::Preferences::AddStrongObserver(
+      this, "network.stricttransportsecurity.preloadlist");
+  mPreloadListTimeOffset =
+      mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
+  mozilla::Preferences::AddStrongObserver(this,
+                                          "test.currentTimeOffsetSeconds");
+  mSiteStateStorage =
+      mozilla::DataStorage::Get(DataStorageClass::SiteSecurityServiceState);
+  nsresult rv = mSiteStateStorage->Init();
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult nsSiteSecurityService::GetHost(nsIURI* aURI, nsACString& aResult) {
+  nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI);
+  if (!innerURI) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoCString host;
+  nsresult rv = innerURI->GetAsciiHost(host);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  aResult.Assign(PublicKeyPinningService::CanonicalizeHostname(host.get()));
+  if (aResult.IsEmpty()) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+static void SetStorageKey(const nsACString& hostname,
+                          const OriginAttributes& aOriginAttributes,
+                          /*out*/ nsAutoCString& storageKey) {
+  storageKey = hostname;
+
+  // Don't isolate by userContextId.
+  OriginAttributes originAttributesNoUserContext = aOriginAttributes;
+  originAttributesNoUserContext.mUserContextId =
+      nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID;
+  nsAutoCString originAttributesSuffix;
+  originAttributesNoUserContext.CreateSuffix(originAttributesSuffix);
+  storageKey.Append(originAttributesSuffix);
+  storageKey.Append(kHSTSKeySuffix);
+}
+
+// Expire times are in millis.  Since Headers max-age is in seconds, and
+// PR_Now() is in micros, normalize the units at milliseconds.
+static int64_t ExpireTimeFromMaxAge(uint64_t maxAge) {
+  return (PR_Now() / PR_USEC_PER_MSEC) + ((int64_t)maxAge * PR_MSEC_PER_SEC);
+}
+
+inline uint64_t AbsoluteDifference(int64_t a, int64_t b) {
+  if (a <= b) {
+    return b - a;
+  }
+  return a - b;
+}
+
+const uint64_t sOneDayInMilliseconds = 24 * 60 * 60 * 1000;
+
+nsresult nsSiteSecurityService::SetHSTSState(
+    const char* aHost, int64_t maxage, bool includeSubdomains,
+    SecurityPropertyState aHSTSState,
+    const OriginAttributes& aOriginAttributes) {
+  nsAutoCString hostname(aHost);
+  // If max-age is zero, the host is no longer considered HSTS. If the host was
+  // preloaded, we store an entry indicating that this host is not HSTS, causing
+  // the preloaded information to be ignored.
+  if (maxage == 0) {
+    return MarkHostAsNotHSTS(hostname, aOriginAttributes);
+  }
+
+  MOZ_ASSERT(aHSTSState == SecurityPropertySet,
+             "HSTS State must be SecurityPropertySet");
+
+  int64_t expiretime = ExpireTimeFromMaxAge(maxage);
+  SiteHSTSState siteState(hostname, aOriginAttributes, expiretime, aHSTSState,
+                          includeSubdomains);
+  nsAutoCString stateString;
+  siteState.ToString(stateString);
+  SSSLOG(("SSS: setting state for %s", hostname.get()));
+  bool isPrivate = aOriginAttributes.mPrivateBrowsingId > 0;
+  mozilla::DataStorageType storageType = isPrivate
+                                             ? mozilla::DataStorage_Private
+                                             : mozilla::DataStorage_Persistent;
+  nsAutoCString storageKey;
+  SetStorageKey(hostname, aOriginAttributes, storageKey);
+  SSSLOG(("SSS: storing HSTS site entry for %s", hostname.get()));
+  nsCString value = mSiteStateStorage->Get(storageKey, storageType);
+  SiteHSTSState curSiteState(hostname, aOriginAttributes, value);
+  // Only update the backing storage if the currently-stored state is
+  // different. In the case of expiration time, "different" means "is different
+  // by more than a day".
+  if (curSiteState.mHSTSState != siteState.mHSTSState ||
+      curSiteState.mHSTSIncludeSubdomains != siteState.mHSTSIncludeSubdomains ||
+      AbsoluteDifference(curSiteState.mHSTSExpireTime,
+                         siteState.mHSTSExpireTime) > sOneDayInMilliseconds) {
+    nsresult rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return NS_OK;
+}
+
+// Helper function to mark a host as not HSTS. In the general case, we can just
+// remove the HSTS state. However, for preloaded entries, we have to store an
+// entry that indicates this host is not HSTS to prevent the implementation
+// using the preloaded information.
+nsresult nsSiteSecurityService::MarkHostAsNotHSTS(
+    const nsAutoCString& aHost, const OriginAttributes& aOriginAttributes) {
+  bool isPrivate = aOriginAttributes.mPrivateBrowsingId > 0;
+  mozilla::DataStorageType storageType = isPrivate
+                                             ? mozilla::DataStorage_Private
+                                             : mozilla::DataStorage_Persistent;
+  nsAutoCString storageKey;
+  SetStorageKey(aHost, aOriginAttributes, storageKey);
+
+  if (GetPreloadStatus(aHost)) {
+    SSSLOG(("SSS: storing knockout entry for %s", aHost.get()));
+    SiteHSTSState siteState(aHost, aOriginAttributes, 0,
+                            SecurityPropertyKnockout, false);
+    nsAutoCString stateString;
+    siteState.ToString(stateString);
+    nsresult rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else {
+    SSSLOG(("SSS: removing entry for %s", aHost.get()));
+    mSiteStateStorage->Remove(storageKey, storageType);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ResetState(nsIURI* aURI,
+                                  JS::Handle<JS::Value> aOriginAttributes,
+                                  nsISiteSecurityService::ResetStateBy aScope,
+                                  JSContext* aCx, uint8_t aArgc) {
+  if (!aURI) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  OriginAttributes originAttributes;
+  if (aArgc > 0) {
+    // OriginAttributes were passed in.
+    if (!aOriginAttributes.isObject() ||
+        !originAttributes.Init(aCx, aOriginAttributes)) {
+      return NS_ERROR_INVALID_ARG;
+    }
+  }
+  nsISiteSecurityService::ResetStateBy scope =
+      nsISiteSecurityService::ResetStateBy::ExactDomain;
+  if (aArgc > 1) {
+    // ResetStateBy scope was passed in
+    scope = aScope;
+  }
+
+  return ResetStateInternal(aURI, originAttributes, scope);
+}
+
+// Helper function to reset stored state of the given type for the host
+// identified by the given URI. If there is preloaded information for the host,
+// that information will be used for future queries. C.f. MarkHostAsNotHSTS,
+// which will store a knockout entry for preloaded HSTS hosts that have sent a
+// header with max-age=0 (meaning preloaded information will then not be used
+// for that host).
+nsresult nsSiteSecurityService::ResetStateInternal(
+    nsIURI* aURI, const OriginAttributes& aOriginAttributes,
+    nsISiteSecurityService::ResetStateBy aScope) {
+  if (!aURI) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aURI, hostname);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (aScope == ResetStateBy::ExactDomain) {
+    ResetStateForExactDomain(hostname, aOriginAttributes);
+    return NS_OK;
+  }
+
+  nsTArray<DataStorageItem> items;
+  mSiteStateStorage->GetAll(&items);
+  for (const auto& item : items) {
+    if (!StringEndsWith(item.key, kHSTSKeySuffix)) {
+      // The key does not end with correct suffix, so is not the type we want.
+      continue;
+    }
+    nsCString origin(
+        StringHead(item.key, item.key.Length() - kHSTSKeySuffix.Length()));
+    nsAutoCString itemHostname;
+    OriginAttributes itemOriginAttributes;
+    if (!itemOriginAttributes.PopulateFromOrigin(origin, itemHostname)) {
+      return NS_ERROR_FAILURE;
+    }
+    bool hasRootDomain = false;
+    nsresult rv = net::HasRootDomain(itemHostname, hostname, &hasRootDomain);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (hasRootDomain) {
+      ResetStateForExactDomain(itemHostname, itemOriginAttributes);
+    } else if (aScope == ResetStateBy::BaseDomain) {
+      mozilla::dom::PartitionKeyPatternDictionary partitionKeyPattern;
+      partitionKeyPattern.mBaseDomain.Construct(
+          NS_ConvertUTF8toUTF16(hostname));
+      OriginAttributesPattern originAttributesPattern;
+      originAttributesPattern.mPartitionKeyPattern.Construct(
+          partitionKeyPattern);
+      if (originAttributesPattern.Matches(itemOriginAttributes)) {
+        ResetStateForExactDomain(itemHostname, itemOriginAttributes);
+      }
+    }
+  }
+  return NS_OK;
+}
+
+void nsSiteSecurityService::ResetStateForExactDomain(
+    const nsCString& aHostname, const OriginAttributes& aOriginAttributes) {
+  nsAutoCString storageKey;
+  SetStorageKey(aHostname, aOriginAttributes, storageKey);
+  bool isPrivate = aOriginAttributes.mPrivateBrowsingId > 0;
+  mozilla::DataStorageType storageType = isPrivate
+                                             ? mozilla::DataStorage_Private
+                                             : mozilla::DataStorage_Persistent;
+  mSiteStateStorage->Remove(storageKey, storageType);
+}
+
+bool nsSiteSecurityService::HostIsIPAddress(const nsCString& hostname) {
+  PRNetAddr hostAddr;
+  PRErrorCode prv = PR_StringToNetAddr(hostname.get(), &hostAddr);
+  return (prv == PR_SUCCESS);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ProcessHeaderScriptable(
+    nsIURI* aSourceURI, const nsACString& aHeader,
+    JS::Handle<JS::Value> aOriginAttributes, uint64_t* aMaxAge,
+    bool* aIncludeSubdomains, uint32_t* aFailureResult, JSContext* aCx,
+    uint8_t aArgc) {
+  OriginAttributes originAttributes;
+  if (aArgc > 0) {
+    if (!aOriginAttributes.isObject() ||
+        !originAttributes.Init(aCx, aOriginAttributes)) {
+      return NS_ERROR_INVALID_ARG;
+    }
+  }
+  return ProcessHeader(aSourceURI, aHeader, originAttributes, aMaxAge,
+                       aIncludeSubdomains, aFailureResult);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ProcessHeader(nsIURI* aSourceURI,
+                                     const nsACString& aHeader,
+                                     const OriginAttributes& aOriginAttributes,
+                                     uint64_t* aMaxAge,
+                                     bool* aIncludeSubdomains,
+                                     uint32_t* aFailureResult) {
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  return ProcessHeaderInternal(aSourceURI, PromiseFlatCString(aHeader),
+                               aOriginAttributes, aMaxAge, aIncludeSubdomains,
+                               aFailureResult);
+}
+
+nsresult nsSiteSecurityService::ProcessHeaderInternal(
+    nsIURI* aSourceURI, const nsCString& aHeader,
+    const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge,
+    bool* aIncludeSubdomains, uint32_t* aFailureResult) {
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  if (aMaxAge != nullptr) {
+    *aMaxAge = 0;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = false;
+  }
+
+  nsAutoCString host;
+  nsresult rv = GetHost(aSourceURI, host);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (HostIsIPAddress(host)) {
+    /* Don't process headers if a site is accessed by IP address. */
+    return NS_OK;
+  }
+
+  return ProcessSTSHeader(aSourceURI, aHeader, aOriginAttributes, aMaxAge,
+                          aIncludeSubdomains, aFailureResult);
+}
+
+static uint32_t ParseSSSHeaders(const nsCString& aHeader,
+                                bool& foundIncludeSubdomains, bool& foundMaxAge,
+                                bool& foundUnrecognizedDirective,
+                                uint64_t& maxAge) {
+  // "Strict-Transport-Security" ":" OWS
+  //      STS-d  *( OWS ";" OWS STS-d  OWS)
+  //
+  //  ; STS directive
+  //  STS-d      = maxAge / includeSubDomains
+  //
+  //  maxAge     = "max-age" "=" delta-seconds v-ext
+  //
+  //  includeSubDomains = [ "includeSubDomains" ]
+  //
+  //  The order of the directives is not significant.
+  //  All directives must appear only once.
+  //  Directive names are case-insensitive.
+  //  The entire header is invalid if a directive not conforming to the
+  //  syntax is encountered.
+  //  Unrecognized directives (that are otherwise syntactically valid) are
+  //  ignored, and the rest of the header is parsed as normal.
+
+  constexpr auto max_age_var = "max-age"_ns;
+  constexpr auto include_subd_var = "includesubdomains"_ns;
+
+  nsSecurityHeaderParser parser(aHeader);
+  nsresult rv = parser.Parse();
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: could not parse header"));
+    return nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER;
+  }
+  mozilla::LinkedList<nsSecurityHeaderDirective>* directives =
+      parser.GetDirectives();
+
+  for (nsSecurityHeaderDirective* directive = directives->getFirst();
+       directive != nullptr; directive = directive->getNext()) {
+    SSSLOG(("SSS: found directive %s\n", directive->mName.get()));
+    if (directive->mName.EqualsIgnoreCase(max_age_var)) {
+      if (foundMaxAge) {
+        SSSLOG(("SSS: found two max-age directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES;
+      }
+
+      SSSLOG(("SSS: found max-age directive"));
+      foundMaxAge = true;
+
+      Tokenizer tokenizer(directive->mValue);
+      if (!tokenizer.ReadInteger(&maxAge)) {
+        SSSLOG(("SSS: could not parse delta-seconds"));
+        return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
+      }
+
+      if (!tokenizer.CheckEOF()) {
+        SSSLOG(("SSS: invalid value for max-age directive"));
+        return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
+      }
+
+      SSSLOG(("SSS: parsed delta-seconds: %" PRIu64, maxAge));
+    } else if (directive->mName.EqualsIgnoreCase(include_subd_var)) {
+      if (foundIncludeSubdomains) {
+        SSSLOG(("SSS: found two includeSubdomains directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS;
+      }
+
+      SSSLOG(("SSS: found includeSubdomains directive"));
+      foundIncludeSubdomains = true;
+
+      if (directive->mValue.Length() != 0) {
+        SSSLOG(("SSS: includeSubdomains directive unexpectedly had value '%s'",
+                directive->mValue.get()));
+        return nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS;
+      }
+    } else {
+      SSSLOG(("SSS: ignoring unrecognized directive '%s'",
+              directive->mName.get()));
+      foundUnrecognizedDirective = true;
+    }
+  }
+  return nsISiteSecurityService::Success;
+}
+
+// 100 years is wildly longer than anyone will ever need.
+const uint64_t sMaxMaxAgeInSeconds = UINT64_C(60 * 60 * 24 * 365 * 100);
+
+nsresult nsSiteSecurityService::ProcessSTSHeader(
+    nsIURI* aSourceURI, const nsCString& aHeader,
+    const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge,
+    bool* aIncludeSubdomains, uint32_t* aFailureResult) {
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  SSSLOG(("SSS: processing HSTS header '%s'", aHeader.get()));
+
+  bool foundMaxAge = false;
+  bool foundIncludeSubdomains = false;
+  bool foundUnrecognizedDirective = false;
+  uint64_t maxAge = 0;
+
+  uint32_t sssrv = ParseSSSHeaders(aHeader, foundIncludeSubdomains, foundMaxAge,
+                                   foundUnrecognizedDirective, maxAge);
+  if (sssrv != nsISiteSecurityService::Success) {
+    if (aFailureResult) {
+      *aFailureResult = sssrv;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // after processing all the directives, make sure we came across max-age
+  // somewhere.
+  if (!foundMaxAge) {
+    SSSLOG(("SSS: did not encounter required max-age directive"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_NO_MAX_AGE;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // Cap the specified max-age.
+  if (maxAge > sMaxMaxAgeInSeconds) {
+    maxAge = sMaxMaxAgeInSeconds;
+  }
+
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aSourceURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // record the successfully parsed header data.
+  rv = SetHSTSState(hostname.get(), maxAge, foundIncludeSubdomains,
+                    SecurityPropertySet, aOriginAttributes);
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: failed to set STS state"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE;
+    }
+    return rv;
+  }
+
+  if (aMaxAge != nullptr) {
+    *aMaxAge = maxAge;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = foundIncludeSubdomains;
+  }
+
+  return foundUnrecognizedDirective ? NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+                                    : NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::IsSecureURIScriptable(
+    nsIURI* aURI, JS::Handle<JS::Value> aOriginAttributes, JSContext* aCx,
+    uint8_t aArgc, bool* aResult) {
+  OriginAttributes originAttributes;
+  if (aArgc > 0) {
+    if (!aOriginAttributes.isObject() ||
+        !originAttributes.Init(aCx, aOriginAttributes)) {
+      return NS_ERROR_INVALID_ARG;
+    }
+  }
+  return IsSecureURI(aURI, originAttributes, aResult);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::IsSecureURI(nsIURI* aURI,
+                                   const OriginAttributes& aOriginAttributes,
+                                   bool* aResult) {
+  NS_ENSURE_ARG(aURI);
+  NS_ENSURE_ARG(aResult);
+
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+  /* An IP address never qualifies as a secure URI. */
+  if (HostIsIPAddress(hostname)) {
+    *aResult = false;
+    return NS_OK;
+  }
+
+  return IsSecureHost(hostname, aOriginAttributes, aResult);
+}
+
+// Checks if the given host is in the preload list.
+//
+// @param aHost The host to match. Only does exact host matching.
+// @param aIncludeSubdomains Out, optional. Indicates whether or not to include
+//        subdomains. Only set if the host is matched and this function returns
+//        true.
+//
+// @return True if the host is matched, false otherwise.
+bool nsSiteSecurityService::GetPreloadStatus(const nsACString& aHost,
+                                             bool* aIncludeSubdomains) const {
+  const int kIncludeSubdomains = 1;
+  bool found = false;
+
+  PRTime currentTime = PR_Now() + (mPreloadListTimeOffset * PR_USEC_PER_SEC);
+  if (mUsePreloadList && currentTime < gPreloadListExpirationTime) {
+    int result = mDafsa.Lookup(aHost);
+    found = (result != mozilla::Dafsa::kKeyNotFound);
+    if (found && aIncludeSubdomains) {
+      *aIncludeSubdomains = (result == kIncludeSubdomains);
+    }
+  }
+
+  return found;
+}
+
+// Determines whether or not there is a matching HSTS entry for the given host.
+// If aRequireIncludeSubdomains is set, then for there to be a matching HSTS
+// entry, it must assert includeSubdomains.
+bool nsSiteSecurityService::HostMatchesHSTSEntry(
+    const nsAutoCString& aHost, bool aRequireIncludeSubdomains,
+    const OriginAttributes& aOriginAttributes) {
+  // First we check for an entry in site security storage. If that entry exists,
+  // we don't want to check in the preload lists. We only want to use the
+  // stored value if it is not a knockout entry, however.
+  // Additionally, if it is a knockout entry, we want to stop looking for data
+  // on the host, because the knockout entry indicates "we have no information
+  // regarding the security status of this host".
+  bool isPrivate = aOriginAttributes.mPrivateBrowsingId > 0;
+  mozilla::DataStorageType storageType = isPrivate
+                                             ? mozilla::DataStorage_Private
+                                             : mozilla::DataStorage_Persistent;
+  nsAutoCString storageKey;
+  SSSLOG(("Seeking HSTS entry for %s", aHost.get()));
+  SetStorageKey(aHost, aOriginAttributes, storageKey);
+  nsCString value = mSiteStateStorage->Get(storageKey, storageType);
+  SiteHSTSState siteState(aHost, aOriginAttributes, value);
+  if (siteState.mHSTSState != SecurityPropertyUnset) {
+    SSSLOG(("Found HSTS entry for %s", aHost.get()));
+    bool expired = siteState.IsExpired();
+    if (!expired) {
+      SSSLOG(("Entry for %s is not expired", aHost.get()));
+      if (siteState.mHSTSState == SecurityPropertySet) {
+        return aRequireIncludeSubdomains ? siteState.mHSTSIncludeSubdomains
+                                         : true;
+      }
+    }
+
+    if (expired) {
+      SSSLOG(("Entry %s is expired - checking for preload state", aHost.get()));
+      if (!GetPreloadStatus(aHost)) {
+        SSSLOG(("No static preload - removing expired entry"));
+        mSiteStateStorage->Remove(storageKey, storageType);
+      }
+    }
+    return false;
+  }
+
+  bool includeSubdomains = false;
+
+  // Finally look in the static preload list.
+  if (siteState.mHSTSState == SecurityPropertyUnset &&
+      GetPreloadStatus(aHost, &includeSubdomains)) {
+    SSSLOG(("%s is a preloaded HSTS host", aHost.get()));
+    return aRequireIncludeSubdomains ? includeSubdomains : true;
+  }
+
+  return false;
+}
+
+nsresult nsSiteSecurityService::IsSecureHost(
+    const nsACString& aHost, const OriginAttributes& aOriginAttributes,
+    bool* aResult) {
+  NS_ENSURE_ARG(aResult);
+  *aResult = false;
+
+  /* An IP address never qualifies as a secure URI. */
+  const nsCString& flatHost = PromiseFlatCString(aHost);
+  if (HostIsIPAddress(flatHost)) {
+    return NS_OK;
+  }
+
+  nsAutoCString host(
+      PublicKeyPinningService::CanonicalizeHostname(flatHost.get()));
+
+  // First check the exact host.
+  if (HostMatchesHSTSEntry(host, false, aOriginAttributes)) {
+    *aResult = true;
+    return NS_OK;
+  }
+
+  SSSLOG(("%s not congruent match for any known HSTS host", host.get()));
+  const char* superdomain;
+
+  uint32_t offset = 0;
+  for (offset = host.FindChar('.', offset) + 1; offset > 0;
+       offset = host.FindChar('.', offset) + 1) {
+    superdomain = host.get() + offset;
+
+    // If we get an empty string, don't continue.
+    if (strlen(superdomain) < 1) {
+      break;
+    }
+
+    // Do the same thing as with the exact host except now we're looking at
+    // ancestor domains of the original host and, therefore, we have to require
+    // that the entry asserts includeSubdomains.
+    nsAutoCString superdomainString(superdomain);
+    if (HostMatchesHSTSEntry(superdomainString, true, aOriginAttributes)) {
+      *aResult = true;
+      return NS_OK;
+    }
+
+    SSSLOG(
+        ("superdomain %s not known HSTS host (or includeSubdomains not set), "
+         "walking up domain",
+         superdomain));
+  }
+
+  // If we get here, there was no congruent match, and no superdomain matched
+  // while asserting includeSubdomains, so this host is not HSTS.
+  *aResult = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ClearAll() { return mSiteStateStorage->Clear(); }
+
+//------------------------------------------------------------
+// nsSiteSecurityService::nsIObserver
+//------------------------------------------------------------
+
+NS_IMETHODIMP
+nsSiteSecurityService::Observe(nsISupports* /*subject*/, const char* topic,
+                               const char16_t* /*data*/) {
+  // Don't access Preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    MOZ_ASSERT_UNREACHABLE("Preferences accessed off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (strcmp(topic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    mUsePreloadList = mozilla::Preferences::GetBool(
+        "network.stricttransportsecurity.preloadlist", true);
+    mPreloadListTimeOffset =
+        mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h
new file mode 100644
index 0000000000..21403b0009
--- /dev/null
+++ b/security/manager/ssl/nsSiteSecurityService.h
@@ -0,0 +1,145 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __nsSiteSecurityService_h__
+#define __nsSiteSecurityService_h__
+
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Dafsa.h"
+#include "mozilla/DataStorage.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "nsIObserver.h"
+#include "nsISiteSecurityService.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "mozpkix/pkixtypes.h"
+#include "prtime.h"
+
+class nsIURI;
+
+using mozilla::OriginAttributes;
+
+// {16955eee-6c48-4152-9309-c42a465138a1}
+#define NS_SITE_SECURITY_SERVICE_CID                 \
+  {                                                  \
+    0x16955eee, 0x6c48, 0x4152, {                    \
+      0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1 \
+    }                                                \
+  }
+
+/**
+ * SecurityPropertyState: A utility enum for representing the different states
+ * a security property can be in.
+ * SecurityPropertySet and SecurityPropertyUnset correspond to indicating
+ * a site has or does not have the security property in question, respectively.
+ * SecurityPropertyKnockout indicates a value on a preloaded list is being
+ * overridden, and the associated site does not have the security property
+ * in question.
+ */
+enum SecurityPropertyState {
+  SecurityPropertyUnset = 0,
+  SecurityPropertySet = 1,
+  SecurityPropertyKnockout = 2,
+};
+
+/**
+ * SiteHSTSState: A utility class that encodes/decodes a string describing
+ * the security state of a site. Currently only handles HSTS.
+ * HSTS state consists of:
+ *  - Hostname (nsCString)
+ *  - Origin attributes (OriginAttributes)
+ *  - Expiry time (PRTime (aka int64_t) in milliseconds)
+ *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
+ *  - An include subdomains flag (bool, default false)
+ */
+class SiteHSTSState {
+ public:
+  SiteHSTSState(const nsCString& aHost,
+                const OriginAttributes& aOriginAttributes,
+                const nsCString& aStateString);
+  SiteHSTSState(const nsCString& aHost,
+                const OriginAttributes& aOriginAttributes,
+                PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
+                bool aHSTSIncludeSubdomains);
+
+  nsCString mHostname;
+  OriginAttributes mOriginAttributes;
+  PRTime mHSTSExpireTime;
+  SecurityPropertyState mHSTSState;
+  bool mHSTSIncludeSubdomains;
+
+  bool IsExpired() {
+    // If mHSTSExpireTime is 0, this entry never expires (this is the case for
+    // knockout entries).
+    if (mHSTSExpireTime == 0) {
+      return false;
+    }
+
+    PRTime now = PR_Now() / PR_USEC_PER_MSEC;
+    if (now > mHSTSExpireTime) {
+      return true;
+    }
+
+    return false;
+  }
+
+  void ToString(nsCString& aString);
+};
+
+struct nsSTSPreload;
+
+class nsSiteSecurityService : public nsISiteSecurityService,
+                              public nsIObserver {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  NS_DECL_NSISITESECURITYSERVICE
+
+  nsSiteSecurityService();
+  nsresult Init();
+
+  static nsresult GetHost(nsIURI* aURI, nsACString& aResult);
+  static bool HostIsIPAddress(const nsCString& hostname);
+
+ protected:
+  virtual ~nsSiteSecurityService();
+
+ private:
+  nsresult SetHSTSState(const char* aHost, int64_t maxage,
+                        bool includeSubdomains,
+                        SecurityPropertyState aHSTSState,
+                        const OriginAttributes& aOriginAttributes);
+  nsresult ProcessHeaderInternal(nsIURI* aSourceURI, const nsCString& aHeader,
+                                 const OriginAttributes& aOriginAttributes,
+                                 uint64_t* aMaxAge, bool* aIncludeSubdomains,
+                                 uint32_t* aFailureResult);
+  nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
+                            const OriginAttributes& aOriginAttributes,
+                            uint64_t* aMaxAge, bool* aIncludeSubdomains,
+                            uint32_t* aFailureResult);
+  nsresult MarkHostAsNotHSTS(const nsAutoCString& aHost,
+                             const OriginAttributes& aOriginAttributes);
+  nsresult ResetStateInternal(nsIURI* aURI,
+                              const OriginAttributes& aOriginAttributes,
+                              nsISiteSecurityService::ResetStateBy aScope);
+  void ResetStateForExactDomain(const nsCString& aHostname,
+                                const OriginAttributes& aOriginAttributes);
+  bool HostMatchesHSTSEntry(const nsAutoCString& aHost,
+                            bool aRequireIncludeSubdomains,
+                            const OriginAttributes& aOriginAttributes);
+  bool GetPreloadStatus(
+      const nsACString& aHost,
+      /*optional out*/ bool* aIncludeSubdomains = nullptr) const;
+  nsresult IsSecureHost(const nsACString& aHost,
+                        const OriginAttributes& aOriginAttributes,
+                        bool* aResult);
+
+  bool mUsePreloadList;
+  int64_t mPreloadListTimeOffset;
+  RefPtr<mozilla::DataStorage> mSiteStateStorage;
+  const mozilla::Dafsa mDafsa;
+};
+
+#endif  // __nsSiteSecurityService_h__
diff --git a/security/manager/ssl/nsTLSSocketProvider.cpp b/security/manager/ssl/nsTLSSocketProvider.cpp
new file mode 100644
index 0000000000..bc26d47966
--- /dev/null
+++ b/security/manager/ssl/nsTLSSocketProvider.cpp
@@ -0,0 +1,47 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/BasePrincipal.h"
+#include "nsTLSSocketProvider.h"
+#include "nsNSSIOLayer.h"
+#include "nsError.h"
+
+using mozilla::OriginAttributes;
+
+nsTLSSocketProvider::nsTLSSocketProvider() = default;
+
+nsTLSSocketProvider::~nsTLSSocketProvider() = default;
+
+NS_IMPL_ISUPPORTS(nsTLSSocketProvider, nsISocketProvider)
+
+NS_IMETHODIMP
+nsTLSSocketProvider::NewSocket(int32_t family, const char* host, int32_t port,
+                               nsIProxyInfo* proxy,
+                               const OriginAttributes& originAttributes,
+                               uint32_t flags, uint32_t tlsFlags,
+                               PRFileDesc** _result,
+                               nsITLSSocketControl** tlsSocketControl) {
+  nsresult rv =
+      nsSSLIOLayerNewSocket(family, host, port, proxy, originAttributes,
+                            _result, tlsSocketControl, true, flags, tlsFlags);
+
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
+
+// Add the SSL IO layer to an existing socket
+NS_IMETHODIMP
+nsTLSSocketProvider::AddToSocket(int32_t family, const char* host, int32_t port,
+                                 nsIProxyInfo* proxy,
+                                 const OriginAttributes& originAttributes,
+                                 uint32_t flags, uint32_t tlsFlags,
+                                 PRFileDesc* aSocket,
+                                 nsITLSSocketControl** tlsSocketControl) {
+  nsresult rv =
+      nsSSLIOLayerAddToSocket(family, host, port, proxy, originAttributes,
+                              aSocket, tlsSocketControl, true, flags, tlsFlags);
+
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
diff --git a/security/manager/ssl/nsTLSSocketProvider.h b/security/manager/ssl/nsTLSSocketProvider.h
new file mode 100644
index 0000000000..eeed0ae40c
--- /dev/null
+++ b/security/manager/ssl/nsTLSSocketProvider.h
@@ -0,0 +1,31 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSTLSSOCKETPROVIDER_H_
+#define _NSTLSSOCKETPROVIDER_H_
+
+#include "nsISocketProvider.h"
+
+#define NS_STARTTLSSOCKETPROVIDER_CID                \
+  { /* b9507aec-1dd1-11b2-8cd5-c48ee0c50307 */       \
+    0xb9507aec, 0x1dd1, 0x11b2, {                    \
+      0x8c, 0xd5, 0xc4, 0x8e, 0xe0, 0xc5, 0x03, 0x07 \
+    }                                                \
+  }
+
+class nsTLSSocketProvider : public nsISocketProvider {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISOCKETPROVIDER
+
+  // nsTLSSocketProvider methods:
+  nsTLSSocketProvider();
+
+ protected:
+  virtual ~nsTLSSocketProvider();
+};
+
+#endif /* _NSTLSSOCKETPROVIDER_H_ */
diff --git a/security/manager/ssl/nsVerificationJob.h b/security/manager/ssl/nsVerificationJob.h
new file mode 100644
index 0000000000..377cfabb73
--- /dev/null
+++ b/security/manager/ssl/nsVerificationJob.h
@@ -0,0 +1,48 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _INC_NSVERIFICATIONJOB_H
+#define _INC_NSVERIFICATIONJOB_H
+
+#include "nspr.h"
+
+#include "nsIX509Cert.h"
+#include "nsProxyRelease.h"
+
+class nsBaseVerificationJob {
+ public:
+  virtual ~nsBaseVerificationJob() {}
+  virtual void Run() = 0;
+};
+
+class nsCertVerificationJob : public nsBaseVerificationJob {
+ public:
+  nsCOMPtr<nsIX509Cert> mCert;
+  nsMainThreadPtrHandle<nsICertVerificationListener> mListener;
+
+  void Run();
+};
+
+class nsCertVerificationResult : public nsICertVerificationResult {
+ public:
+  nsCertVerificationResult();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTVERIFICATIONRESULT
+
+ protected:
+  virtual ~nsCertVerificationResult();
+
+ private:
+  nsresult mRV;
+  uint32_t mVerified;
+  uint32_t mCount;
+  char16_t** mUsages;
+
+  friend class nsCertVerificationJob;
+};
+
+#endif
diff --git a/security/manager/ssl/osclientcerts/Cargo.toml b/security/manager/ssl/osclientcerts/Cargo.toml
new file mode 100644
index 0000000000..2e364e3218
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/Cargo.toml
@@ -0,0 +1,31 @@
+[package]
+name = "osclientcerts-static"
+version = "0.1.4"
+authors = ["Dana Keeler <dkeeler@mozilla.com>"]
+edition = "2018"
+description = "Platform-specific support for client authentication certificates in Firefox"
+repository = "https://github.com/mozkeeler/osclientcerts"
+license = "MPL-2.0"
+
+[dependencies]
+byteorder = "1.3"
+env_logger = {version = "0.10", default-features = false } # disable `regex` to reduce code size
+lazy_static = "1"
+log = "0.4"
+mozilla-central-workspace-hack = { path = "../../../../build/workspace-hack" }
+pkcs11-bindings = "0.1"
+rsclientcerts = { path = "../rsclientcerts" }
+sha2 = "0.10.2"
+
+[target."cfg(target_os = \"macos\")".dependencies.core-foundation]
+version = "0.9"
+
+[target."cfg(target_os = \"macos\")".dependencies.libloading]
+version = "0.7"
+
+[target."cfg(target_os = \"windows\")".dependencies.winapi]
+version = "0.3"
+features = ["wincrypt"]
+
+[lib]
+crate-type = ["staticlib"]
diff --git a/security/manager/ssl/osclientcerts/dynamic-library/moz.build b/security/manager/ssl/osclientcerts/dynamic-library/moz.build
new file mode 100644
index 0000000000..36c0341ca7
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/dynamic-library/moz.build
@@ -0,0 +1,33 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+USE_LIBS += ["osclientcerts-static"]
+
+UNIFIED_SOURCES += [
+    "stub.cpp",
+]
+
+if CONFIG["OS_ARCH"] == "WINNT":
+    OS_LIBS += [
+        "advapi32",
+        "crypt32",
+        "kernel32",
+        "ncrypt",
+        "userenv",
+        "ws2_32",
+        "ntdll",
+    ]
+
+if CONFIG["OS_ARCH"] == "Darwin":
+    OS_LIBS += [
+        "-framework CoreFoundation",
+        "-framework Security",
+    ]
+
+SharedLibrary("osclientcerts")
+
+NoVisibilityFlags()
+SYMBOLS_FILE = "osclientcerts.symbols"
diff --git a/security/manager/ssl/osclientcerts/dynamic-library/osclientcerts.symbols b/security/manager/ssl/osclientcerts/dynamic-library/osclientcerts.symbols
new file mode 100644
index 0000000000..562ecea21d
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/dynamic-library/osclientcerts.symbols
@@ -0,0 +1 @@
+C_GetFunctionList
diff --git a/security/manager/ssl/osclientcerts/dynamic-library/stub.cpp b/security/manager/ssl/osclientcerts/dynamic-library/stub.cpp
new file mode 100644
index 0000000000..bd20c15c4f
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/dynamic-library/stub.cpp
@@ -0,0 +1,8 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is an intentionally empty file. It is necessary for the build system to
+// successfully convert a static rust library into a dynamic library on
+// Windows.
diff --git a/security/manager/ssl/osclientcerts/moz.build b/security/manager/ssl/osclientcerts/moz.build
new file mode 100644
index 0000000000..fa484af6a4
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/moz.build
@@ -0,0 +1,9 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ["dynamic-library"]
+
+RustLibrary("osclientcerts-static")
diff --git a/security/manager/ssl/osclientcerts/src/backend_macos.rs b/security/manager/ssl/osclientcerts/src/backend_macos.rs
new file mode 100644
index 0000000000..34386371aa
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/src/backend_macos.rs
@@ -0,0 +1,849 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#![allow(non_upper_case_globals)]
+
+use core_foundation::array::*;
+use core_foundation::base::*;
+use core_foundation::boolean::*;
+use core_foundation::data::*;
+use core_foundation::dictionary::*;
+use core_foundation::error::*;
+use core_foundation::number::*;
+use core_foundation::string::*;
+use libloading::{Library, Symbol};
+use pkcs11_bindings::*;
+use rsclientcerts::error::{Error, ErrorType};
+use rsclientcerts::manager::{ClientCertsBackend, CryptokiObject, Sign, SlotType};
+use rsclientcerts::util::*;
+use sha2::{Digest, Sha256};
+use std::collections::BTreeMap;
+use std::convert::TryInto;
+use std::os::raw::c_void;
+
+// Normally we would generate this with a build script, but macos is
+// cross-compiled on linux, and we'd have to figure out e.g. include paths,
+// etc.. This is easier.
+include!("bindings_macos.rs");
+
+#[repr(C)]
+pub struct __SecIdentity(c_void);
+pub type SecIdentityRef = *const __SecIdentity;
+declare_TCFType!(SecIdentity, SecIdentityRef);
+impl_TCFType!(SecIdentity, SecIdentityRef, SecIdentityGetTypeID);
+
+#[repr(C)]
+pub struct __SecCertificate(c_void);
+pub type SecCertificateRef = *const __SecCertificate;
+declare_TCFType!(SecCertificate, SecCertificateRef);
+impl_TCFType!(SecCertificate, SecCertificateRef, SecCertificateGetTypeID);
+
+#[repr(C)]
+pub struct __SecKey(c_void);
+pub type SecKeyRef = *const __SecKey;
+declare_TCFType!(SecKey, SecKeyRef);
+impl_TCFType!(SecKey, SecKeyRef, SecKeyGetTypeID);
+
+#[repr(C)]
+pub struct __SecPolicy(c_void);
+pub type SecPolicyRef = *const __SecPolicy;
+declare_TCFType!(SecPolicy, SecPolicyRef);
+impl_TCFType!(SecPolicy, SecPolicyRef, SecPolicyGetTypeID);
+
+#[repr(C)]
+pub struct __SecTrust(c_void);
+pub type SecTrustRef = *const __SecTrust;
+declare_TCFType!(SecTrust, SecTrustRef);
+impl_TCFType!(SecTrust, SecTrustRef, SecTrustGetTypeID);
+
+type SecCertificateCopyKeyType = unsafe extern "C" fn(SecCertificateRef) -> SecKeyRef;
+type SecTrustEvaluateWithErrorType =
+    unsafe extern "C" fn(trust: SecTrustRef, error: *mut CFErrorRef) -> bool;
+
+#[derive(Ord, Eq, PartialOrd, PartialEq)]
+enum SecStringConstant {
+    // These are available in macOS 10.13
+    SecKeyAlgorithmRSASignatureDigestPSSSHA1,
+    SecKeyAlgorithmRSASignatureDigestPSSSHA256,
+    SecKeyAlgorithmRSASignatureDigestPSSSHA384,
+    SecKeyAlgorithmRSASignatureDigestPSSSHA512,
+}
+
+/// This implementation uses security framework functions and constants that
+/// are not provided by the version of the SDK we build with. To work around
+/// this, we attempt to open and dynamically load these functions and symbols
+/// at runtime. Unfortunately this does mean that if a user is not on a new
+/// enough version of macOS, they will not be able to use client certificates
+/// from their keychain in Firefox until they upgrade.
+struct SecurityFramework<'a> {
+    sec_certificate_copy_key: Symbol<'a, SecCertificateCopyKeyType>,
+    sec_trust_evaluate_with_error: Symbol<'a, SecTrustEvaluateWithErrorType>,
+    sec_string_constants: BTreeMap<SecStringConstant, String>,
+}
+
+lazy_static! {
+    static ref SECURITY_LIBRARY: Result<Library, String> = unsafe {
+        Library::new("/System/Library/Frameworks/Security.framework/Security")
+            .map_err(|e| e.to_string())
+    };
+}
+
+impl<'a> SecurityFramework<'a> {
+    fn new() -> Result<SecurityFramework<'a>, Error> {
+        let library = match &*SECURITY_LIBRARY {
+            Ok(library) => library,
+            Err(e) => return Err(error_here!(ErrorType::ExternalError, e.clone())),
+        };
+        let sec_certificate_copy_key = unsafe {
+            library
+                .get::<SecCertificateCopyKeyType>(b"SecCertificateCopyKey\0")
+                .map_err(|e| error_here!(ErrorType::ExternalError, e.to_string()))?
+        };
+        let sec_trust_evaluate_with_error = unsafe {
+            library
+                .get::<SecTrustEvaluateWithErrorType>(b"SecTrustEvaluateWithError\0")
+                .map_err(|e| error_here!(ErrorType::ExternalError, e.to_string()))?
+        };
+        let mut sec_string_constants = BTreeMap::new();
+        let strings_to_load = vec![
+            (
+                b"kSecKeyAlgorithmRSASignatureDigestPSSSHA1\0".as_ref(),
+                SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA1,
+            ),
+            (
+                b"kSecKeyAlgorithmRSASignatureDigestPSSSHA256\0".as_ref(),
+                SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA256,
+            ),
+            (
+                b"kSecKeyAlgorithmRSASignatureDigestPSSSHA384\0".as_ref(),
+                SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA384,
+            ),
+            (
+                b"kSecKeyAlgorithmRSASignatureDigestPSSSHA512\0".as_ref(),
+                SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA512,
+            ),
+        ];
+        for (symbol_name, sec_string_constant) in strings_to_load {
+            let cfstring_symbol = unsafe {
+                library
+                    .get::<*const CFStringRef>(symbol_name)
+                    .map_err(|e| error_here!(ErrorType::ExternalError, e.to_string()))?
+            };
+            let cfstring = unsafe { CFString::wrap_under_create_rule(**cfstring_symbol) };
+            sec_string_constants.insert(sec_string_constant, cfstring.to_string());
+        }
+        Ok(SecurityFramework {
+            sec_certificate_copy_key,
+            sec_trust_evaluate_with_error,
+            sec_string_constants,
+        })
+    }
+}
+
+struct SecurityFrameworkHolder<'a> {
+    framework: Result<SecurityFramework<'a>, Error>,
+}
+
+impl<'a> SecurityFrameworkHolder<'a> {
+    fn new() -> SecurityFrameworkHolder<'a> {
+        SecurityFrameworkHolder {
+            framework: SecurityFramework::new(),
+        }
+    }
+
+    /// SecCertificateCopyKey is available in macOS 10.14
+    fn sec_certificate_copy_key(&self, certificate: &SecCertificate) -> Result<SecKey, Error> {
+        match &self.framework {
+            Ok(framework) => unsafe {
+                let result =
+                    (framework.sec_certificate_copy_key)(certificate.as_concrete_TypeRef());
+                if result.is_null() {
+                    return Err(error_here!(ErrorType::ExternalError));
+                }
+                Ok(SecKey::wrap_under_create_rule(result))
+            },
+            Err(e) => Err(e.clone()),
+        }
+    }
+
+    /// SecTrustEvaluateWithError is available in macOS 10.14
+    fn sec_trust_evaluate_with_error(&self, trust: &SecTrust) -> Result<bool, Error> {
+        match &self.framework {
+            Ok(framework) => unsafe {
+                Ok((framework.sec_trust_evaluate_with_error)(
+                    trust.as_concrete_TypeRef(),
+                    std::ptr::null_mut(),
+                ))
+            },
+            Err(e) => Err(e.clone()),
+        }
+    }
+
+    fn get_sec_string_constant(
+        &self,
+        sec_string_constant: SecStringConstant,
+    ) -> Result<CFString, Error> {
+        match &self.framework {
+            Ok(framework) => match framework.sec_string_constants.get(&sec_string_constant) {
+                Some(string) => Ok(CFString::new(string)),
+                None => Err(error_here!(ErrorType::ExternalError)),
+            },
+            Err(e) => Err(e.clone()),
+        }
+    }
+}
+
+lazy_static! {
+    static ref SECURITY_FRAMEWORK: SecurityFrameworkHolder<'static> =
+        SecurityFrameworkHolder::new();
+}
+
+fn sec_key_create_signature(
+    key: &SecKey,
+    algorithm: SecKeyAlgorithm,
+    data: &CFData,
+) -> Result<CFData, Error> {
+    let mut error = std::ptr::null_mut();
+    let signature = unsafe {
+        SecKeyCreateSignature(
+            key.as_concrete_TypeRef(),
+            algorithm,
+            data.as_concrete_TypeRef(),
+            &mut error,
+        )
+    };
+    if signature.is_null() {
+        let error = unsafe { CFError::wrap_under_create_rule(error) };
+        return Err(error_here!(
+            ErrorType::ExternalError,
+            error.description().to_string()
+        ));
+    }
+    Ok(unsafe { CFData::wrap_under_create_rule(signature) })
+}
+
+fn sec_key_copy_attributes<T: TCFType>(key: &SecKey) -> CFDictionary<CFString, T> {
+    unsafe { CFDictionary::wrap_under_create_rule(SecKeyCopyAttributes(key.as_concrete_TypeRef())) }
+}
+
+fn sec_key_copy_external_representation(key: &SecKey) -> Result<CFData, Error> {
+    let mut error = std::ptr::null_mut();
+    let representation =
+        unsafe { SecKeyCopyExternalRepresentation(key.as_concrete_TypeRef(), &mut error) };
+    if representation.is_null() {
+        let error = unsafe { CFError::wrap_under_create_rule(error) };
+        return Err(error_here!(
+            ErrorType::ExternalError,
+            error.description().to_string()
+        ));
+    }
+    Ok(unsafe { CFData::wrap_under_create_rule(representation) })
+}
+
+fn sec_identity_copy_certificate(identity: &SecIdentity) -> Result<SecCertificate, Error> {
+    let mut certificate = std::ptr::null();
+    let status =
+        unsafe { SecIdentityCopyCertificate(identity.as_concrete_TypeRef(), &mut certificate) };
+    if status != errSecSuccess {
+        return Err(error_here!(ErrorType::ExternalError, status.to_string()));
+    }
+    if certificate.is_null() {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    Ok(unsafe { SecCertificate::wrap_under_create_rule(certificate) })
+}
+
+fn sec_certificate_copy_subject_summary(certificate: &SecCertificate) -> Result<CFString, Error> {
+    let result = unsafe { SecCertificateCopySubjectSummary(certificate.as_concrete_TypeRef()) };
+    if result.is_null() {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    Ok(unsafe { CFString::wrap_under_create_rule(result) })
+}
+
+fn sec_certificate_copy_data(certificate: &SecCertificate) -> Result<CFData, Error> {
+    let result = unsafe { SecCertificateCopyData(certificate.as_concrete_TypeRef()) };
+    if result.is_null() {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    Ok(unsafe { CFData::wrap_under_create_rule(result) })
+}
+
+fn sec_identity_copy_private_key(identity: &SecIdentity) -> Result<SecKey, Error> {
+    let mut key = std::ptr::null();
+    let status = unsafe { SecIdentityCopyPrivateKey(identity.as_concrete_TypeRef(), &mut key) };
+    if status != errSecSuccess {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    if key.is_null() {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    Ok(unsafe { SecKey::wrap_under_create_rule(key) })
+}
+
+pub struct Cert {
+    class: Vec<u8>,
+    token: Vec<u8>,
+    id: Vec<u8>,
+    label: Vec<u8>,
+    value: Vec<u8>,
+    issuer: Vec<u8>,
+    serial_number: Vec<u8>,
+    subject: Vec<u8>,
+}
+
+impl Cert {
+    fn new_from_identity(identity: &SecIdentity) -> Result<Cert, Error> {
+        let certificate = sec_identity_copy_certificate(identity)?;
+        Cert::new_from_certificate(&certificate)
+    }
+
+    fn new_from_certificate(certificate: &SecCertificate) -> Result<Cert, Error> {
+        let label = sec_certificate_copy_subject_summary(certificate)?;
+        let der = sec_certificate_copy_data(certificate)?;
+        let der = der.bytes().to_vec();
+        let id = Sha256::digest(&der).to_vec();
+        let (serial_number, issuer, subject) = read_encoded_certificate_identifiers(&der)?;
+        Ok(Cert {
+            class: serialize_uint(CKO_CERTIFICATE)?,
+            token: serialize_uint(CK_TRUE)?,
+            id,
+            label: label.to_string().into_bytes(),
+            value: der,
+            issuer,
+            serial_number,
+            subject,
+        })
+    }
+
+    fn class(&self) -> &[u8] {
+        &self.class
+    }
+
+    fn token(&self) -> &[u8] {
+        &self.token
+    }
+
+    fn id(&self) -> &[u8] {
+        &self.id
+    }
+
+    fn label(&self) -> &[u8] {
+        &self.label
+    }
+
+    fn value(&self) -> &[u8] {
+        &self.value
+    }
+
+    fn issuer(&self) -> &[u8] {
+        &self.issuer
+    }
+
+    fn serial_number(&self) -> &[u8] {
+        &self.serial_number
+    }
+
+    fn subject(&self) -> &[u8] {
+        &self.subject
+    }
+}
+
+impl CryptokiObject for Cert {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool {
+        // The modern/legacy slot distinction in theory enables differentiation
+        // between keys that are from modules that can use modern cryptography
+        // (namely EC keys and RSA-PSS signatures) and those that cannot.
+        // However, the function that would enable this
+        // (SecKeyIsAlgorithmSupported) causes a password dialog to appear on
+        // our test machines, so this backend pretends that everything supports
+        // modern crypto for now.
+        if slot_type != SlotType::Modern {
+            return false;
+        }
+        for (attr_type, attr_value) in attrs {
+            let comparison = match *attr_type {
+                CKA_CLASS => self.class(),
+                CKA_TOKEN => self.token(),
+                CKA_LABEL => self.label(),
+                CKA_ID => self.id(),
+                CKA_VALUE => self.value(),
+                CKA_ISSUER => self.issuer(),
+                CKA_SERIAL_NUMBER => self.serial_number(),
+                CKA_SUBJECT => self.subject(),
+                _ => return false,
+            };
+            if attr_value.as_slice() != comparison {
+                return false;
+            }
+        }
+        true
+    }
+
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]> {
+        let result = match attribute {
+            CKA_CLASS => self.class(),
+            CKA_TOKEN => self.token(),
+            CKA_LABEL => self.label(),
+            CKA_ID => self.id(),
+            CKA_VALUE => self.value(),
+            CKA_ISSUER => self.issuer(),
+            CKA_SERIAL_NUMBER => self.serial_number(),
+            CKA_SUBJECT => self.subject(),
+            _ => return None,
+        };
+        Some(result)
+    }
+}
+
+#[allow(clippy::upper_case_acronyms)]
+#[derive(Clone, Copy, Debug)]
+pub enum KeyType {
+    EC(usize),
+    RSA,
+}
+
+#[allow(clippy::upper_case_acronyms)]
+enum SignParams<'a> {
+    EC(CFString, &'a [u8]),
+    RSA(CFString, &'a [u8]),
+}
+
+impl<'a> SignParams<'a> {
+    fn new(
+        key_type: KeyType,
+        data: &'a [u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<SignParams<'a>, Error> {
+        match key_type {
+            KeyType::EC(_) => SignParams::new_ec_params(data),
+            KeyType::RSA => SignParams::new_rsa_params(params, data),
+        }
+    }
+
+    fn new_ec_params(data: &'a [u8]) -> Result<SignParams<'a>, Error> {
+        let algorithm = unsafe {
+            CFString::wrap_under_get_rule(match data.len() {
+                20 => kSecKeyAlgorithmECDSASignatureDigestX962SHA1,
+                32 => kSecKeyAlgorithmECDSASignatureDigestX962SHA256,
+                48 => kSecKeyAlgorithmECDSASignatureDigestX962SHA384,
+                64 => kSecKeyAlgorithmECDSASignatureDigestX962SHA512,
+                _ => {
+                    return Err(error_here!(ErrorType::UnsupportedInput));
+                }
+            })
+        };
+        Ok(SignParams::EC(algorithm, data))
+    }
+
+    fn new_rsa_params(
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+        data: &'a [u8],
+    ) -> Result<SignParams<'a>, Error> {
+        if let Some(pss_params) = params {
+            let algorithm = {
+                let algorithm_id = match pss_params.hashAlg {
+                    CKM_SHA_1 => SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA1,
+                    CKM_SHA256 => SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA256,
+                    CKM_SHA384 => SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA384,
+                    CKM_SHA512 => SecStringConstant::SecKeyAlgorithmRSASignatureDigestPSSSHA512,
+                    _ => {
+                        return Err(error_here!(ErrorType::UnsupportedInput));
+                    }
+                };
+                SECURITY_FRAMEWORK.get_sec_string_constant(algorithm_id)?
+            };
+            return Ok(SignParams::RSA(algorithm, data));
+        }
+
+        // Handle the case where this is a TLS 1.0 MD5/SHA1 hash.
+        if data.len() == 36 {
+            let algorithm = unsafe {
+                CFString::wrap_under_get_rule(kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw)
+            };
+            return Ok(SignParams::RSA(algorithm, data));
+        }
+        // Otherwise, `data` should be a DigestInfo.
+        let (digest_oid, hash) = read_digest_info(data)?;
+        let algorithm = unsafe {
+            CFString::wrap_under_create_rule(match digest_oid {
+                OID_BYTES_SHA_256 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256,
+                OID_BYTES_SHA_384 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384,
+                OID_BYTES_SHA_512 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512,
+                OID_BYTES_SHA_1 => kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1,
+                _ => return Err(error_here!(ErrorType::UnsupportedInput)),
+            })
+        };
+
+        Ok(SignParams::RSA(algorithm, hash))
+    }
+
+    fn get_algorithm(&self) -> SecKeyAlgorithm {
+        match self {
+            SignParams::EC(algorithm, _) => algorithm.as_concrete_TypeRef(),
+            SignParams::RSA(algorithm, _) => algorithm.as_concrete_TypeRef(),
+        }
+    }
+
+    fn get_data_to_sign(&self) -> &'a [u8] {
+        match self {
+            SignParams::EC(_, data_to_sign) => data_to_sign,
+            SignParams::RSA(_, data_to_sign) => data_to_sign,
+        }
+    }
+}
+
+pub struct Key {
+    identity: SecIdentity,
+    class: Vec<u8>,
+    token: Vec<u8>,
+    id: Vec<u8>,
+    private: Vec<u8>,
+    key_type: Vec<u8>,
+    modulus: Option<Vec<u8>>,
+    ec_params: Option<Vec<u8>>,
+    key_type_enum: KeyType,
+    key_handle: Option<SecKey>,
+}
+
+impl Key {
+    fn new(identity: &SecIdentity) -> Result<Key, Error> {
+        let certificate = sec_identity_copy_certificate(identity)?;
+        let der = sec_certificate_copy_data(&certificate)?;
+        let id = Sha256::digest(der.bytes()).to_vec();
+        let key = SECURITY_FRAMEWORK.sec_certificate_copy_key(&certificate)?;
+        let key_type: CFString = get_key_attribute(&key, unsafe { kSecAttrKeyType })?;
+        let key_size_in_bits: CFNumber = get_key_attribute(&key, unsafe { kSecAttrKeySizeInBits })?;
+        let mut modulus = None;
+        let mut ec_params = None;
+        let sec_attr_key_type_ec =
+            unsafe { CFString::wrap_under_create_rule(kSecAttrKeyTypeECSECPrimeRandom) };
+        let (key_type_enum, key_type_attribute) =
+            if key_type.as_concrete_TypeRef() == unsafe { kSecAttrKeyTypeRSA } {
+                let public_key = sec_key_copy_external_representation(&key)?;
+                let modulus_value = read_rsa_modulus(public_key.bytes())?;
+                modulus = Some(modulus_value);
+                (KeyType::RSA, CKK_RSA)
+            } else if key_type == sec_attr_key_type_ec {
+                // Assume all EC keys are secp256r1, secp384r1, or secp521r1. This
+                // is wrong, but the API doesn't seem to give us a way to determine
+                // which curve this key is on.
+                // This might not matter in practice, because it seems all NSS uses
+                // this for is to get the signature size.
+                let key_size_in_bits = match key_size_in_bits.to_i64() {
+                    Some(value) => value,
+                    None => return Err(error_here!(ErrorType::ValueTooLarge)),
+                };
+                match key_size_in_bits {
+                    256 => ec_params = Some(ENCODED_OID_BYTES_SECP256R1.to_vec()),
+                    384 => ec_params = Some(ENCODED_OID_BYTES_SECP384R1.to_vec()),
+                    521 => ec_params = Some(ENCODED_OID_BYTES_SECP521R1.to_vec()),
+                    _ => return Err(error_here!(ErrorType::UnsupportedInput)),
+                }
+                let coordinate_width = (key_size_in_bits as usize + 7) / 8;
+                (KeyType::EC(coordinate_width), CKK_EC)
+            } else {
+                return Err(error_here!(ErrorType::LibraryFailure));
+            };
+
+        Ok(Key {
+            identity: identity.clone(),
+            class: serialize_uint(CKO_PRIVATE_KEY)?,
+            token: serialize_uint(CK_TRUE)?,
+            id,
+            private: serialize_uint(CK_TRUE)?,
+            key_type: serialize_uint(key_type_attribute)?,
+            modulus,
+            ec_params,
+            key_type_enum,
+            key_handle: None,
+        })
+    }
+
+    fn class(&self) -> &[u8] {
+        &self.class
+    }
+
+    fn token(&self) -> &[u8] {
+        &self.token
+    }
+
+    fn id(&self) -> &[u8] {
+        &self.id
+    }
+
+    fn private(&self) -> &[u8] {
+        &self.private
+    }
+
+    fn key_type(&self) -> &[u8] {
+        &self.key_type
+    }
+
+    fn modulus(&self) -> Option<&[u8]> {
+        match &self.modulus {
+            Some(modulus) => Some(modulus.as_slice()),
+            None => None,
+        }
+    }
+
+    fn ec_params(&self) -> Option<&[u8]> {
+        match &self.ec_params {
+            Some(ec_params) => Some(ec_params.as_slice()),
+            None => None,
+        }
+    }
+
+    fn sign_internal(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<Vec<u8>, Error> {
+        // If this key hasn't been used for signing yet, there won't be a cached key handle. Obtain
+        // and cache it if this is the case. Doing so can cause the underlying implementation to
+        // show an authentication or pin prompt to the user. Caching the handle can avoid causing
+        // multiple prompts to be displayed in some cases.
+        if self.key_handle.is_none() {
+            let _ = self
+                .key_handle
+                .replace(sec_identity_copy_private_key(&self.identity)?);
+        }
+        let key = match &self.key_handle {
+            Some(key) => key,
+            None => return Err(error_here!(ErrorType::LibraryFailure)),
+        };
+        let sign_params = SignParams::new(self.key_type_enum, data, params)?;
+        let signing_algorithm = sign_params.get_algorithm();
+        let data_to_sign = CFData::from_buffer(sign_params.get_data_to_sign());
+        let signature = sec_key_create_signature(key, signing_algorithm, &data_to_sign)?;
+        let signature_value = match self.key_type_enum {
+            KeyType::EC(coordinate_width) => {
+                // We need to convert the DER Ecdsa-Sig-Value to the
+                // concatenation of r and s, the coordinates of the point on
+                // the curve. r and s must be 0-padded to be coordinate_width
+                // total bytes.
+                let (r, s) = read_ec_sig_point(signature.bytes())?;
+                if r.len() > coordinate_width || s.len() > coordinate_width {
+                    return Err(error_here!(ErrorType::InvalidInput));
+                }
+                let mut signature_value = Vec::with_capacity(2 * coordinate_width);
+                let r_padding = vec![0; coordinate_width - r.len()];
+                signature_value.extend(r_padding);
+                signature_value.extend_from_slice(r);
+                let s_padding = vec![0; coordinate_width - s.len()];
+                signature_value.extend(s_padding);
+                signature_value.extend_from_slice(s);
+                signature_value
+            }
+            KeyType::RSA => signature.bytes().to_vec(),
+        };
+        Ok(signature_value)
+    }
+}
+
+impl CryptokiObject for Key {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool {
+        // The modern/legacy slot distinction in theory enables differentiation
+        // between keys that are from modules that can use modern cryptography
+        // (namely EC keys and RSA-PSS signatures) and those that cannot.
+        // However, the function that would enable this
+        // (SecKeyIsAlgorithmSupported) causes a password dialog to appear on
+        // our test machines, so this backend pretends that everything supports
+        // modern crypto for now.
+        if slot_type != SlotType::Modern {
+            return false;
+        }
+        for (attr_type, attr_value) in attrs {
+            let comparison = match *attr_type {
+                CKA_CLASS => self.class(),
+                CKA_TOKEN => self.token(),
+                CKA_ID => self.id(),
+                CKA_PRIVATE => self.private(),
+                CKA_KEY_TYPE => self.key_type(),
+                CKA_MODULUS => {
+                    if let Some(modulus) = self.modulus() {
+                        modulus
+                    } else {
+                        return false;
+                    }
+                }
+                CKA_EC_PARAMS => {
+                    if let Some(ec_params) = self.ec_params() {
+                        ec_params
+                    } else {
+                        return false;
+                    }
+                }
+                _ => return false,
+            };
+            if attr_value.as_slice() != comparison {
+                return false;
+            }
+        }
+        true
+    }
+
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]> {
+        match attribute {
+            CKA_CLASS => Some(self.class()),
+            CKA_TOKEN => Some(self.token()),
+            CKA_ID => Some(self.id()),
+            CKA_PRIVATE => Some(self.private()),
+            CKA_KEY_TYPE => Some(self.key_type()),
+            CKA_MODULUS => self.modulus(),
+            CKA_EC_PARAMS => self.ec_params(),
+            _ => None,
+        }
+    }
+}
+
+impl Sign for Key {
+    fn get_signature_length(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<usize, Error> {
+        // Unfortunately we don't have a way of getting the length of a signature without creating
+        // one.
+        let dummy_signature_bytes = self.sign(data, params)?;
+        Ok(dummy_signature_bytes.len())
+    }
+
+    // The input data is a hash. What algorithm we use depends on the size of the hash.
+    fn sign(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<Vec<u8>, Error> {
+        let result = self.sign_internal(data, params);
+        if result.is_ok() {
+            return result;
+        }
+        // Some devices appear to not work well when the key handle is held for too long or if a
+        // card is inserted/removed while Firefox is running. Try refreshing the key handle.
+        let _ = self.key_handle.take();
+        self.sign_internal(data, params)
+    }
+}
+
+fn get_key_attribute<T: TCFType + Clone>(key: &SecKey, attr: CFStringRef) -> Result<T, Error> {
+    let attributes: CFDictionary<CFString, T> = sec_key_copy_attributes(key);
+    match attributes.find(attr as *const _) {
+        Some(value) => Ok((*value).clone()),
+        None => Err(error_here!(ErrorType::ExternalError)),
+    }
+}
+
+// Given a SecIdentity, attempts to build as much of a path to a trust anchor as possible, gathers
+// the CA certificates from that path, and returns them. The purpose of this function is not to
+// validate the given certificate but to find CA certificates that gecko may need to do path
+// building when filtering client certificates according to the acceptable CA list sent by the
+// server during client authentication.
+fn get_issuers(identity: &SecIdentity) -> Result<Vec<SecCertificate>, Error> {
+    let certificate = sec_identity_copy_certificate(identity)?;
+    let policy = unsafe { SecPolicyCreateSSL(false, std::ptr::null()) };
+    if policy.is_null() {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    let policy = unsafe { SecPolicy::wrap_under_create_rule(policy) };
+    let mut trust = std::ptr::null();
+    // Each of SecTrustCreateWithCertificates' input arguments can be either single items or an
+    // array of items. Since we only want to specify one of each, we directly specify the arguments.
+    let status = unsafe {
+        SecTrustCreateWithCertificates(
+            certificate.as_concrete_TypeRef(),
+            policy.as_concrete_TypeRef(),
+            &mut trust,
+        )
+    };
+    if status != errSecSuccess {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    if trust.is_null() {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    let trust = unsafe { SecTrust::wrap_under_create_rule(trust) };
+    // Disable AIA fetching so that SecTrustEvaluateWithError doesn't result in network I/O.
+    let status = unsafe { SecTrustSetNetworkFetchAllowed(trust.as_concrete_TypeRef(), 0) };
+    if status != errSecSuccess {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    // We ignore the return value here because we don't care if the certificate is trusted or not -
+    // we're only doing this to build its issuer chain as much as possible.
+    let _ = SECURITY_FRAMEWORK.sec_trust_evaluate_with_error(&trust)?;
+    let certificate_count = unsafe { SecTrustGetCertificateCount(trust.as_concrete_TypeRef()) };
+    let mut certificates = Vec::with_capacity(
+        certificate_count
+            .try_into()
+            .map_err(|_| error_here!(ErrorType::ValueTooLarge))?,
+    );
+    for i in 1..certificate_count {
+        let certificate = unsafe { SecTrustGetCertificateAtIndex(trust.as_concrete_TypeRef(), i) };
+        if certificate.is_null() {
+            error!("SecTrustGetCertificateAtIndex returned null certificate?");
+            continue;
+        }
+        let certificate = unsafe { SecCertificate::wrap_under_get_rule(certificate) };
+        certificates.push(certificate);
+    }
+    Ok(certificates)
+}
+
+pub struct Backend {}
+
+impl ClientCertsBackend for Backend {
+    type Cert = Cert;
+    type Key = Key;
+
+    fn find_objects(&self) -> Result<(Vec<Cert>, Vec<Key>), Error> {
+        let mut certs = Vec::new();
+        let mut keys = Vec::new();
+        let identities = unsafe {
+            let class_key = CFString::wrap_under_get_rule(kSecClass);
+            let class_value = CFString::wrap_under_get_rule(kSecClassIdentity);
+            let return_ref_key = CFString::wrap_under_get_rule(kSecReturnRef);
+            let return_ref_value = CFBoolean::wrap_under_get_rule(kCFBooleanTrue);
+            let match_key = CFString::wrap_under_get_rule(kSecMatchLimit);
+            let match_value = CFString::wrap_under_get_rule(kSecMatchLimitAll);
+            let vals = vec![
+                (class_key.as_CFType(), class_value.as_CFType()),
+                (return_ref_key.as_CFType(), return_ref_value.as_CFType()),
+                (match_key.as_CFType(), match_value.as_CFType()),
+            ];
+            let dict = CFDictionary::from_CFType_pairs(&vals);
+            let mut result = std::ptr::null();
+            let status = SecItemCopyMatching(dict.as_CFTypeRef() as CFDictionaryRef, &mut result);
+            if status == errSecItemNotFound {
+                return Ok((certs, keys));
+            }
+            if status != errSecSuccess {
+                return Err(error_here!(ErrorType::ExternalError, status.to_string()));
+            }
+            if result.is_null() {
+                return Err(error_here!(ErrorType::ExternalError));
+            }
+            CFArray::<SecIdentityRef>::wrap_under_create_rule(result as CFArrayRef)
+        };
+        for identity in identities.get_all_values().iter() {
+            let identity = unsafe { SecIdentity::wrap_under_get_rule(*identity as SecIdentityRef) };
+            let cert = Cert::new_from_identity(&identity);
+            let key = Key::new(&identity);
+            if let (Ok(cert), Ok(key)) = (cert, key) {
+                certs.push(cert);
+                keys.push(key);
+            } else {
+                continue;
+            }
+            if let Ok(issuers) = get_issuers(&identity) {
+                for issuer in issuers {
+                    if let Ok(cert) = Cert::new_from_certificate(&issuer) {
+                        certs.push(cert);
+                    }
+                }
+            }
+        }
+        Ok((certs, keys))
+    }
+}
diff --git a/security/manager/ssl/osclientcerts/src/backend_windows.rs b/security/manager/ssl/osclientcerts/src/backend_windows.rs
new file mode 100644
index 0000000000..2a80ff8354
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/src/backend_windows.rs
@@ -0,0 +1,914 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#![allow(non_camel_case_types)]
+
+use pkcs11_bindings::*;
+use rsclientcerts::error::{Error, ErrorType};
+use rsclientcerts::manager::{ClientCertsBackend, CryptokiObject, Sign, SlotType};
+use rsclientcerts::util::*;
+use sha2::{Digest, Sha256};
+use std::convert::TryInto;
+use std::ffi::{c_void, CStr, CString};
+use std::ops::Deref;
+use std::slice;
+use winapi::shared::bcrypt::*;
+use winapi::shared::minwindef::{DWORD, PBYTE};
+use winapi::um::errhandlingapi::GetLastError;
+use winapi::um::ncrypt::*;
+use winapi::um::wincrypt::{HCRYPTHASH, HCRYPTPROV, *};
+
+// winapi has some support for ncrypt.h, but not for this function.
+extern "system" {
+    fn NCryptSignHash(
+        hKey: NCRYPT_KEY_HANDLE,
+        pPaddingInfo: *mut c_void,
+        pbHashValue: PBYTE,
+        cbHashValue: DWORD,
+        pbSignature: PBYTE,
+        cbSignature: DWORD,
+        pcbResult: *mut DWORD,
+        dwFlags: DWORD,
+    ) -> SECURITY_STATUS;
+}
+
+/// Given a `CERT_INFO`, tries to return the bytes of the subject distinguished name as formatted by
+/// `CertNameToStrA` using the flag `CERT_SIMPLE_NAME_STR`. This is used as the label for the
+/// certificate.
+fn get_cert_subject_dn(cert_info: &CERT_INFO) -> Result<Vec<u8>, Error> {
+    let mut cert_info_subject = cert_info.Subject;
+    let subject_dn_len = unsafe {
+        CertNameToStrA(
+            X509_ASN_ENCODING,
+            &mut cert_info_subject,
+            CERT_SIMPLE_NAME_STR,
+            std::ptr::null_mut(),
+            0,
+        )
+    };
+    // subject_dn_len includes the terminating null byte.
+    let mut subject_dn_string_bytes: Vec<u8> = vec![0; subject_dn_len as usize];
+    let subject_dn_len = unsafe {
+        CertNameToStrA(
+            X509_ASN_ENCODING,
+            &mut cert_info_subject,
+            CERT_SIMPLE_NAME_STR,
+            subject_dn_string_bytes.as_mut_ptr() as *mut i8,
+            subject_dn_string_bytes
+                .len()
+                .try_into()
+                .map_err(|_| error_here!(ErrorType::ValueTooLarge))?,
+        )
+    };
+    if subject_dn_len as usize != subject_dn_string_bytes.len() {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    Ok(subject_dn_string_bytes)
+}
+
+/// Represents a certificate for which there exists a corresponding private key.
+pub struct Cert {
+    /// PKCS #11 object class. Will be `CKO_CERTIFICATE`.
+    class: Vec<u8>,
+    /// Whether or not this is on a token. Will be `CK_TRUE`.
+    token: Vec<u8>,
+    /// An identifier unique to this certificate. Must be the same as the ID for the private key.
+    id: Vec<u8>,
+    /// The bytes of a human-readable label for this certificate. Will be the subject DN.
+    label: Vec<u8>,
+    /// The DER bytes of the certificate.
+    value: Vec<u8>,
+    /// The DER bytes of the issuer distinguished name of the certificate.
+    issuer: Vec<u8>,
+    /// The DER bytes of the serial number of the certificate.
+    serial_number: Vec<u8>,
+    /// The DER bytes of the subject distinguished name of the certificate.
+    subject: Vec<u8>,
+    /// Which slot this certificate should be exposed on.
+    slot_type: SlotType,
+}
+
+impl Cert {
+    fn new(cert_context: PCCERT_CONTEXT) -> Result<Cert, Error> {
+        let cert = unsafe { &*cert_context };
+        let cert_info = unsafe { &*cert.pCertInfo };
+        let value =
+            unsafe { slice::from_raw_parts(cert.pbCertEncoded, cert.cbCertEncoded as usize) };
+        let value = value.to_vec();
+        let id = Sha256::digest(&value).to_vec();
+        let label = get_cert_subject_dn(cert_info)?;
+        let (serial_number, issuer, subject) = read_encoded_certificate_identifiers(&value)?;
+        Ok(Cert {
+            class: serialize_uint(CKO_CERTIFICATE)?,
+            token: serialize_uint(CK_TRUE)?,
+            id,
+            label,
+            value,
+            issuer,
+            serial_number,
+            subject,
+            slot_type: SlotType::Modern,
+        })
+    }
+
+    fn class(&self) -> &[u8] {
+        &self.class
+    }
+
+    fn token(&self) -> &[u8] {
+        &self.token
+    }
+
+    fn id(&self) -> &[u8] {
+        &self.id
+    }
+
+    fn label(&self) -> &[u8] {
+        &self.label
+    }
+
+    fn value(&self) -> &[u8] {
+        &self.value
+    }
+
+    fn issuer(&self) -> &[u8] {
+        &self.issuer
+    }
+
+    fn serial_number(&self) -> &[u8] {
+        &self.serial_number
+    }
+
+    fn subject(&self) -> &[u8] {
+        &self.subject
+    }
+}
+
+impl CryptokiObject for Cert {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool {
+        if slot_type != self.slot_type {
+            return false;
+        }
+        for (attr_type, attr_value) in attrs {
+            let comparison = match *attr_type {
+                CKA_CLASS => self.class(),
+                CKA_TOKEN => self.token(),
+                CKA_LABEL => self.label(),
+                CKA_ID => self.id(),
+                CKA_VALUE => self.value(),
+                CKA_ISSUER => self.issuer(),
+                CKA_SERIAL_NUMBER => self.serial_number(),
+                CKA_SUBJECT => self.subject(),
+                _ => return false,
+            };
+            if attr_value.as_slice() != comparison {
+                return false;
+            }
+        }
+        true
+    }
+
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]> {
+        let result = match attribute {
+            CKA_CLASS => self.class(),
+            CKA_TOKEN => self.token(),
+            CKA_LABEL => self.label(),
+            CKA_ID => self.id(),
+            CKA_VALUE => self.value(),
+            CKA_ISSUER => self.issuer(),
+            CKA_SERIAL_NUMBER => self.serial_number(),
+            CKA_SUBJECT => self.subject(),
+            _ => return None,
+        };
+        Some(result)
+    }
+}
+
+struct CertContext(PCCERT_CONTEXT);
+
+impl CertContext {
+    fn new(cert: PCCERT_CONTEXT) -> CertContext {
+        CertContext(unsafe { CertDuplicateCertificateContext(cert) })
+    }
+}
+
+impl Drop for CertContext {
+    fn drop(&mut self) {
+        unsafe {
+            CertFreeCertificateContext(self.0);
+        }
+    }
+}
+
+impl Deref for CertContext {
+    type Target = PCCERT_CONTEXT;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+enum KeyHandle {
+    NCrypt(NCRYPT_KEY_HANDLE),
+    CryptoAPI(HCRYPTPROV, DWORD),
+}
+
+impl KeyHandle {
+    fn from_cert(cert: &CertContext) -> Result<KeyHandle, Error> {
+        let mut key_handle = 0;
+        let mut key_spec = 0;
+        let mut must_free = 0;
+        unsafe {
+            if CryptAcquireCertificatePrivateKey(
+                **cert,
+                CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG,
+                std::ptr::null_mut(),
+                &mut key_handle,
+                &mut key_spec,
+                &mut must_free,
+            ) != 1
+            {
+                return Err(error_here!(
+                    ErrorType::ExternalError,
+                    GetLastError().to_string()
+                ));
+            }
+        }
+        if must_free == 0 {
+            return Err(error_here!(ErrorType::ExternalError));
+        }
+        if key_spec == CERT_NCRYPT_KEY_SPEC {
+            Ok(KeyHandle::NCrypt(key_handle as NCRYPT_KEY_HANDLE))
+        } else {
+            Ok(KeyHandle::CryptoAPI(key_handle as HCRYPTPROV, key_spec))
+        }
+    }
+
+    fn sign(
+        &self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+        do_signature: bool,
+        key_type: KeyType,
+    ) -> Result<Vec<u8>, Error> {
+        match &self {
+            KeyHandle::NCrypt(ncrypt_handle) => {
+                sign_ncrypt(ncrypt_handle, data, params, do_signature, key_type)
+            }
+            KeyHandle::CryptoAPI(hcryptprov, key_spec) => {
+                sign_cryptoapi(hcryptprov, key_spec, data, params, do_signature)
+            }
+        }
+    }
+}
+
+impl Drop for KeyHandle {
+    fn drop(&mut self) {
+        match self {
+            KeyHandle::NCrypt(ncrypt_handle) => unsafe {
+                let _ = NCryptFreeObject(*ncrypt_handle);
+            },
+            KeyHandle::CryptoAPI(hcryptprov, _) => unsafe {
+                let _ = CryptReleaseContext(*hcryptprov, 0);
+            },
+        }
+    }
+}
+
+fn sign_ncrypt(
+    ncrypt_handle: &NCRYPT_KEY_HANDLE,
+    data: &[u8],
+    params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    do_signature: bool,
+    key_type: KeyType,
+) -> Result<Vec<u8>, Error> {
+    let mut sign_params = SignParams::new(key_type, params)?;
+    let params_ptr = sign_params.params_ptr();
+    let flags = sign_params.flags();
+    let mut data = data.to_vec();
+    let mut signature_len = 0;
+    // We call NCryptSignHash twice: the first time to get the size of the buffer we need to
+    // allocate and then again to actually sign the data, if `do_signature` is `true`.
+    let status = unsafe {
+        NCryptSignHash(
+            *ncrypt_handle,
+            params_ptr,
+            data.as_mut_ptr(),
+            data.len()
+                .try_into()
+                .map_err(|_| error_here!(ErrorType::ValueTooLarge))?,
+            std::ptr::null_mut(),
+            0,
+            &mut signature_len,
+            flags,
+        )
+    };
+    // 0 is "ERROR_SUCCESS" (but "ERROR_SUCCESS" is unsigned, whereas SECURITY_STATUS is signed)
+    if status != 0 {
+        return Err(error_here!(ErrorType::ExternalError, status.to_string()));
+    }
+    let mut signature = vec![0; signature_len as usize];
+    if !do_signature {
+        return Ok(signature);
+    }
+    let mut final_signature_len = signature_len;
+    let status = unsafe {
+        NCryptSignHash(
+            *ncrypt_handle,
+            params_ptr,
+            data.as_mut_ptr(),
+            data.len()
+                .try_into()
+                .map_err(|_| error_here!(ErrorType::ValueTooLarge))?,
+            signature.as_mut_ptr(),
+            signature_len,
+            &mut final_signature_len,
+            flags,
+        )
+    };
+    if status != 0 {
+        return Err(error_here!(ErrorType::ExternalError, status.to_string()));
+    }
+    if final_signature_len != signature_len {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    Ok(signature)
+}
+
+fn sign_cryptoapi(
+    hcryptprov: &HCRYPTPROV,
+    key_spec: &DWORD,
+    data: &[u8],
+    params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    do_signature: bool,
+) -> Result<Vec<u8>, Error> {
+    if params.is_some() {
+        return Err(error_here!(ErrorType::LibraryFailure));
+    }
+    // data will be an encoded DigestInfo, which specifies the hash algorithm and bytes of the hash
+    // to sign. However, CryptoAPI requires directly specifying the bytes of the hash, so it must
+    // be extracted first.
+    let (_, hash_bytes) = read_digest_info(data)?;
+    let hash = HCryptHash::new(hcryptprov, hash_bytes)?;
+    let mut signature_len = 0;
+    if unsafe {
+        CryptSignHashW(
+            *hash,
+            *key_spec,
+            std::ptr::null_mut(),
+            0,
+            std::ptr::null_mut(),
+            &mut signature_len,
+        )
+    } != 1
+    {
+        return Err(error_here!(
+            ErrorType::ExternalError,
+            unsafe { GetLastError() }.to_string()
+        ));
+    }
+    let mut signature = vec![0; signature_len as usize];
+    if !do_signature {
+        return Ok(signature);
+    }
+    let mut final_signature_len = signature_len;
+    if unsafe {
+        CryptSignHashW(
+            *hash,
+            *key_spec,
+            std::ptr::null_mut(),
+            0,
+            signature.as_mut_ptr(),
+            &mut final_signature_len,
+        )
+    } != 1
+    {
+        return Err(error_here!(
+            ErrorType::ExternalError,
+            unsafe { GetLastError() }.to_string()
+        ));
+    }
+    if final_signature_len != signature_len {
+        return Err(error_here!(ErrorType::ExternalError));
+    }
+    // CryptoAPI returns the signature with the most significant byte last (little-endian),
+    // whereas PKCS#11 expects the most significant byte first (big-endian).
+    signature.reverse();
+    Ok(signature)
+}
+
+struct HCryptHash(HCRYPTHASH);
+
+impl HCryptHash {
+    fn new(hcryptprov: &HCRYPTPROV, hash_bytes: &[u8]) -> Result<HCryptHash, Error> {
+        let alg = match hash_bytes.len() {
+            20 => CALG_SHA1,
+            32 => CALG_SHA_256,
+            48 => CALG_SHA_384,
+            64 => CALG_SHA_512,
+            _ => {
+                return Err(error_here!(ErrorType::UnsupportedInput));
+            }
+        };
+        let mut hash: HCRYPTHASH = 0;
+        if unsafe { CryptCreateHash(*hcryptprov, alg, 0, 0, &mut hash) } != 1 {
+            return Err(error_here!(
+                ErrorType::ExternalError,
+                unsafe { GetLastError() }.to_string()
+            ));
+        }
+        if unsafe { CryptSetHashParam(hash, HP_HASHVAL, hash_bytes.as_ptr(), 0) } != 1 {
+            return Err(error_here!(
+                ErrorType::ExternalError,
+                unsafe { GetLastError() }.to_string()
+            ));
+        }
+        Ok(HCryptHash(hash))
+    }
+}
+
+impl Drop for HCryptHash {
+    fn drop(&mut self) {
+        unsafe {
+            CryptDestroyHash(self.0);
+        }
+    }
+}
+
+impl Deref for HCryptHash {
+    type Target = HCRYPTHASH;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+// In some cases, the ncrypt API takes a pointer to a null-terminated wide-character string as a way
+// of specifying an algorithm. The "right" way to do this would be to take the corresponding
+// &'static str constant provided by the winapi crate, create an OsString from it, encode it as wide
+// characters, and collect it into a Vec<u16>. However, since the implementation that provides this
+// functionality isn't constant, we would have to manage the memory this creates and uses. Since
+// rust structures generally can't be self-referrential, this memory would have to live elsewhere,
+// and the nice abstractions we've created for this implementation start to break down. It's much
+// simpler to hard-code the identifiers we support, since there are only four of them.
+// The following arrays represent the identifiers "SHA1", "SHA256", "SHA384", and "SHA512",
+// respectively.
+const SHA1_ALGORITHM_STRING: &[u16] = &[83, 72, 65, 49, 0];
+const SHA256_ALGORITHM_STRING: &[u16] = &[83, 72, 65, 50, 53, 54, 0];
+const SHA384_ALGORITHM_STRING: &[u16] = &[83, 72, 65, 51, 56, 52, 0];
+const SHA512_ALGORITHM_STRING: &[u16] = &[83, 72, 65, 53, 49, 50, 0];
+
+enum SignParams {
+    EC,
+    RSA_PKCS1(BCRYPT_PKCS1_PADDING_INFO),
+    RSA_PSS(BCRYPT_PSS_PADDING_INFO),
+}
+
+impl SignParams {
+    fn new(
+        key_type: KeyType,
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<SignParams, Error> {
+        // EC is easy, so handle that first.
+        match key_type {
+            KeyType::EC => return Ok(SignParams::EC),
+            KeyType::RSA => {}
+        }
+        // If `params` is `Some`, we're doing RSA-PSS. If it is `None`, we're doing RSA-PKCS1.
+        let pss_params = match params {
+            Some(pss_params) => pss_params,
+            None => {
+                // The hash algorithm should be encoded in the data to be signed, so we don't have to
+                // (and don't want to) specify a particular algorithm here.
+                return Ok(SignParams::RSA_PKCS1(BCRYPT_PKCS1_PADDING_INFO {
+                    pszAlgId: std::ptr::null(),
+                }));
+            }
+        };
+        let algorithm_string = match pss_params.hashAlg {
+            CKM_SHA_1 => SHA1_ALGORITHM_STRING,
+            CKM_SHA256 => SHA256_ALGORITHM_STRING,
+            CKM_SHA384 => SHA384_ALGORITHM_STRING,
+            CKM_SHA512 => SHA512_ALGORITHM_STRING,
+            _ => {
+                return Err(error_here!(ErrorType::UnsupportedInput));
+            }
+        };
+        Ok(SignParams::RSA_PSS(BCRYPT_PSS_PADDING_INFO {
+            pszAlgId: algorithm_string.as_ptr(),
+            cbSalt: pss_params.sLen,
+        }))
+    }
+
+    fn params_ptr(&mut self) -> *mut std::ffi::c_void {
+        match self {
+            SignParams::EC => std::ptr::null_mut(),
+            SignParams::RSA_PKCS1(params) => {
+                params as *mut BCRYPT_PKCS1_PADDING_INFO as *mut std::ffi::c_void
+            }
+            SignParams::RSA_PSS(params) => {
+                params as *mut BCRYPT_PSS_PADDING_INFO as *mut std::ffi::c_void
+            }
+        }
+    }
+
+    fn flags(&self) -> u32 {
+        match *self {
+            SignParams::EC => 0,
+            SignParams::RSA_PKCS1(_) => NCRYPT_PAD_PKCS1_FLAG,
+            SignParams::RSA_PSS(_) => NCRYPT_PAD_PSS_FLAG,
+        }
+    }
+}
+
+/// A helper enum to identify a private key's type. We support EC and RSA.
+#[allow(clippy::upper_case_acronyms)]
+#[derive(Clone, Copy, Debug)]
+pub enum KeyType {
+    EC,
+    RSA,
+}
+
+/// Represents a private key for which there exists a corresponding certificate.
+pub struct Key {
+    /// A handle on the OS mechanism that represents the certificate for this key.
+    cert: CertContext,
+    /// PKCS #11 object class. Will be `CKO_PRIVATE_KEY`.
+    class: Vec<u8>,
+    /// Whether or not this is on a token. Will be `CK_TRUE`.
+    token: Vec<u8>,
+    /// An identifier unique to this key. Must be the same as the ID for the certificate.
+    id: Vec<u8>,
+    /// Whether or not this key is "private" (can it be exported?). Will be CK_TRUE (it can't be
+    /// exported).
+    private: Vec<u8>,
+    /// PKCS #11 key type. Will be `CKK_EC` for EC, and `CKK_RSA` for RSA.
+    key_type: Vec<u8>,
+    /// If this is an RSA key, this is the value of the modulus as an unsigned integer.
+    modulus: Option<Vec<u8>>,
+    /// If this is an EC key, this is the DER bytes of the OID identifying the curve the key is on.
+    ec_params: Option<Vec<u8>>,
+    /// An enum identifying this key's type.
+    key_type_enum: KeyType,
+    /// Which slot this key should be exposed on.
+    slot_type: SlotType,
+    /// A handle on the OS mechanism that represents this key.
+    key_handle: Option<KeyHandle>,
+}
+
+impl Key {
+    fn new(cert_context: PCCERT_CONTEXT) -> Result<Key, Error> {
+        let cert = unsafe { *cert_context };
+        let cert_der =
+            unsafe { slice::from_raw_parts(cert.pbCertEncoded, cert.cbCertEncoded as usize) };
+        let id = Sha256::digest(cert_der).to_vec();
+        let id = id.to_vec();
+        let cert_info = unsafe { &*cert.pCertInfo };
+        let mut modulus = None;
+        let mut ec_params = None;
+        let spki = &cert_info.SubjectPublicKeyInfo;
+        let algorithm_oid = unsafe { CStr::from_ptr(spki.Algorithm.pszObjId) }
+            .to_str()
+            .map_err(|_| error_here!(ErrorType::ExternalError))?;
+        let (key_type_enum, key_type_attribute) = if algorithm_oid == szOID_RSA_RSA {
+            if spki.PublicKey.cUnusedBits != 0 {
+                return Err(error_here!(ErrorType::ExternalError));
+            }
+            let public_key_bytes = unsafe {
+                std::slice::from_raw_parts(spki.PublicKey.pbData, spki.PublicKey.cbData as usize)
+            };
+            let modulus_value = read_rsa_modulus(public_key_bytes)?;
+            modulus = Some(modulus_value);
+            (KeyType::RSA, CKK_RSA)
+        } else if algorithm_oid == szOID_ECC_PUBLIC_KEY {
+            let params = &spki.Algorithm.Parameters;
+            ec_params = Some(
+                unsafe { std::slice::from_raw_parts(params.pbData, params.cbData as usize) }
+                    .to_vec(),
+            );
+            (KeyType::EC, CKK_EC)
+        } else {
+            return Err(error_here!(ErrorType::LibraryFailure));
+        };
+        let cert = CertContext::new(cert_context);
+        Ok(Key {
+            cert,
+            class: serialize_uint(CKO_PRIVATE_KEY)?,
+            token: serialize_uint(CK_TRUE)?,
+            id,
+            private: serialize_uint(CK_TRUE)?,
+            key_type: serialize_uint(key_type_attribute)?,
+            modulus,
+            ec_params,
+            key_type_enum,
+            slot_type: SlotType::Modern,
+            key_handle: None,
+        })
+    }
+
+    fn class(&self) -> &[u8] {
+        &self.class
+    }
+
+    fn token(&self) -> &[u8] {
+        &self.token
+    }
+
+    fn id(&self) -> &[u8] {
+        &self.id
+    }
+
+    fn private(&self) -> &[u8] {
+        &self.private
+    }
+
+    fn key_type(&self) -> &[u8] {
+        &self.key_type
+    }
+
+    fn modulus(&self) -> Option<&[u8]> {
+        match &self.modulus {
+            Some(modulus) => Some(modulus.as_slice()),
+            None => None,
+        }
+    }
+
+    fn ec_params(&self) -> Option<&[u8]> {
+        match &self.ec_params {
+            Some(ec_params) => Some(ec_params.as_slice()),
+            None => None,
+        }
+    }
+
+    fn sign_with_retry(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+        do_signature: bool,
+    ) -> Result<Vec<u8>, Error> {
+        let result = self.sign_internal(data, params, do_signature);
+        if result.is_ok() {
+            return result;
+        }
+        // Some devices appear to not work well when the key handle is held for too long or if a
+        // card is inserted/removed while Firefox is running. Try refreshing the key handle.
+        debug!("sign failed: refreshing key handle");
+        let _ = self.key_handle.take();
+        self.sign_internal(data, params, do_signature)
+    }
+
+    /// data: the data to sign
+    /// do_signature: if true, actually perform the signature. Otherwise, return a `Vec<u8>` of the
+    /// length the signature would be, if performed.
+    fn sign_internal(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+        do_signature: bool,
+    ) -> Result<Vec<u8>, Error> {
+        // If this key hasn't been used for signing yet, there won't be a cached key handle. Obtain
+        // and cache it if this is the case. Doing so can cause the underlying implementation to
+        // show an authentication or pin prompt to the user. Caching the handle can avoid causing
+        // multiple prompts to be displayed in some cases.
+        if self.key_handle.is_none() {
+            let _ = self.key_handle.replace(KeyHandle::from_cert(&self.cert)?);
+        }
+        let key = match &self.key_handle {
+            Some(key) => key,
+            None => return Err(error_here!(ErrorType::LibraryFailure)),
+        };
+        key.sign(data, params, do_signature, self.key_type_enum)
+    }
+}
+
+impl CryptokiObject for Key {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool {
+        if slot_type != self.slot_type {
+            return false;
+        }
+        for (attr_type, attr_value) in attrs {
+            let comparison = match *attr_type {
+                CKA_CLASS => self.class(),
+                CKA_TOKEN => self.token(),
+                CKA_ID => self.id(),
+                CKA_PRIVATE => self.private(),
+                CKA_KEY_TYPE => self.key_type(),
+                CKA_MODULUS => {
+                    if let Some(modulus) = self.modulus() {
+                        modulus
+                    } else {
+                        return false;
+                    }
+                }
+                CKA_EC_PARAMS => {
+                    if let Some(ec_params) = self.ec_params() {
+                        ec_params
+                    } else {
+                        return false;
+                    }
+                }
+                _ => return false,
+            };
+            if attr_value.as_slice() != comparison {
+                return false;
+            }
+        }
+        true
+    }
+
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]> {
+        match attribute {
+            CKA_CLASS => Some(self.class()),
+            CKA_TOKEN => Some(self.token()),
+            CKA_ID => Some(self.id()),
+            CKA_PRIVATE => Some(self.private()),
+            CKA_KEY_TYPE => Some(self.key_type()),
+            CKA_MODULUS => self.modulus(),
+            CKA_EC_PARAMS => self.ec_params(),
+            _ => None,
+        }
+    }
+}
+
+impl Sign for Key {
+    fn get_signature_length(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<usize, Error> {
+        match self.sign_with_retry(data, params, false) {
+            Ok(dummy_signature_bytes) => Ok(dummy_signature_bytes.len()),
+            Err(e) => Err(e),
+        }
+    }
+
+    fn sign(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<Vec<u8>, Error> {
+        self.sign_with_retry(data, params, true)
+    }
+}
+
+struct CertStore {
+    handle: HCERTSTORE,
+}
+
+impl Drop for CertStore {
+    fn drop(&mut self) {
+        if !self.handle.is_null() {
+            unsafe {
+                CertCloseStore(self.handle, 0);
+            }
+        }
+    }
+}
+
+impl Deref for CertStore {
+    type Target = HCERTSTORE;
+
+    fn deref(&self) -> &Self::Target {
+        &self.handle
+    }
+}
+
+impl CertStore {
+    fn new(handle: HCERTSTORE) -> CertStore {
+        CertStore { handle }
+    }
+}
+
+// Given a pointer to a CERT_CHAIN_CONTEXT, enumerates each chain in the context and each element
+// in each chain to gather every CERT_CONTEXT pointed to by the CERT_CHAIN_CONTEXT.
+// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_chain_context says
+// that the 0th element of the 0th chain will be the end-entity certificate. This certificate (if
+// present), will be the 0th element of the returned Vec.
+fn gather_cert_contexts(cert_chain_context: *const CERT_CHAIN_CONTEXT) -> Vec<*const CERT_CONTEXT> {
+    let mut cert_contexts = Vec::new();
+    if cert_chain_context.is_null() {
+        return cert_contexts;
+    }
+    let cert_chain_context = unsafe { &*cert_chain_context };
+    let cert_chains = unsafe {
+        std::slice::from_raw_parts(
+            cert_chain_context.rgpChain,
+            cert_chain_context.cChain as usize,
+        )
+    };
+    for cert_chain in cert_chains {
+        // First dereference the borrow.
+        let cert_chain = *cert_chain;
+        if cert_chain.is_null() {
+            continue;
+        }
+        // Then dereference the pointer.
+        let cert_chain = unsafe { &*cert_chain };
+        let chain_elements = unsafe {
+            std::slice::from_raw_parts(cert_chain.rgpElement, cert_chain.cElement as usize)
+        };
+        for chain_element in chain_elements {
+            let chain_element = *chain_element; // dereference borrow
+            if chain_element.is_null() {
+                continue;
+            }
+            let chain_element = unsafe { &*chain_element }; // dereference pointer
+            cert_contexts.push(chain_element.pCertContext);
+        }
+    }
+    cert_contexts
+}
+
+pub struct Backend {}
+
+impl ClientCertsBackend for Backend {
+    type Cert = Cert;
+    type Key = Key;
+
+    /// Attempts to enumerate certificates with private keys exposed by the OS. Currently only looks in
+    /// the "My" cert store of the current user. In the future this may look in more locations.
+    fn find_objects(&self) -> Result<(Vec<Cert>, Vec<Key>), Error> {
+        let mut certs = Vec::new();
+        let mut keys = Vec::new();
+        let location_flags = CERT_SYSTEM_STORE_CURRENT_USER
+            | CERT_STORE_OPEN_EXISTING_FLAG
+            | CERT_STORE_READONLY_FLAG;
+        let store_name = match CString::new("My") {
+            Ok(store_name) => store_name,
+            Err(_) => return Err(error_here!(ErrorType::LibraryFailure)),
+        };
+        let store = CertStore::new(unsafe {
+            CertOpenStore(
+                CERT_STORE_PROV_SYSTEM_REGISTRY_A,
+                0,
+                0,
+                location_flags,
+                store_name.as_ptr() as *const winapi::ctypes::c_void,
+            )
+        });
+        if store.is_null() {
+            return Err(error_here!(ErrorType::ExternalError));
+        }
+        let find_params = CERT_CHAIN_FIND_ISSUER_PARA {
+            cbSize: std::mem::size_of::<CERT_CHAIN_FIND_ISSUER_PARA>() as u32,
+            pszUsageIdentifier: std::ptr::null(),
+            dwKeySpec: 0,
+            dwAcquirePrivateKeyFlags: 0,
+            cIssuer: 0,
+            rgIssuer: std::ptr::null_mut(),
+            pfnFindCallback: None,
+            pvFindArg: std::ptr::null_mut(),
+            pdwIssuerChainIndex: std::ptr::null_mut(),
+            pdwIssuerElementIndex: std::ptr::null_mut(),
+        };
+        let mut cert_chain_context: PCCERT_CHAIN_CONTEXT = std::ptr::null_mut();
+        loop {
+            // CertFindChainInStore finds all certificates with private keys in the store. It also
+            // attempts to build a verified certificate chain to a trust anchor for each certificate.
+            // We gather and hold onto these extra certificates so that gecko can use them when
+            // filtering potential client certificates according to the acceptable CAs list sent by
+            // servers when they request client certificates.
+            cert_chain_context = unsafe {
+                CertFindChainInStore(
+                    *store,
+                    X509_ASN_ENCODING,
+                    CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG
+                        | CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG,
+                    CERT_CHAIN_FIND_BY_ISSUER,
+                    &find_params as *const CERT_CHAIN_FIND_ISSUER_PARA
+                        as *const winapi::ctypes::c_void,
+                    cert_chain_context,
+                )
+            };
+            if cert_chain_context.is_null() {
+                break;
+            }
+            let cert_contexts = gather_cert_contexts(cert_chain_context);
+            // The 0th CERT_CONTEXT is the end-entity (i.e. the certificate with the private key we're
+            // after).
+            match cert_contexts.get(0) {
+                Some(cert_context) => {
+                    let key = match Key::new(*cert_context) {
+                        Ok(key) => key,
+                        Err(_) => continue,
+                    };
+                    let cert = match Cert::new(*cert_context) {
+                        Ok(cert) => cert,
+                        Err(_) => continue,
+                    };
+                    certs.push(cert);
+                    keys.push(key);
+                }
+                None => {}
+            };
+            for cert_context in cert_contexts.iter().skip(1) {
+                if let Ok(cert) = Cert::new(*cert_context) {
+                    certs.push(cert);
+                }
+            }
+        }
+        Ok((certs, keys))
+    }
+}
diff --git a/security/manager/ssl/osclientcerts/src/bindings_macos.rs b/security/manager/ssl/osclientcerts/src/bindings_macos.rs
new file mode 100644
index 0000000000..7294bbb555
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/src/bindings_macos.rs
@@ -0,0 +1,79 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This was originally generated by rust-bindgen at build time. Later in
+// development it became clear that using bindgen for this library as part of
+// mozilla-central would be difficult (if not impossible). So, this was
+// converted to a static file and unused declarations were removed. Also,
+// intermediate types added by rust-bindgen were removed for clarity.
+
+pub type OSStatus = i32;
+pub const errSecSuccess: OSStatus = 0;
+pub const errSecItemNotFound: OSStatus = -25300;
+
+pub type SecKeyAlgorithm = CFStringRef;
+
+extern "C" {
+    // Available starting macOS 10.3
+    pub fn SecCertificateGetTypeID() -> CFTypeID;
+    pub fn SecTrustCreateWithCertificates(
+        certificates: SecCertificateRef,
+        policies: SecPolicyRef,
+        trust: *mut SecTrustRef,
+    ) -> OSStatus;
+    pub fn SecIdentityGetTypeID() -> CFTypeID;
+    pub fn SecIdentityCopyCertificate(
+        identityRef: SecIdentityRef,
+        certificateRef: *mut SecCertificateRef,
+    ) -> OSStatus;
+    pub fn SecIdentityCopyPrivateKey(
+        identityRef: SecIdentityRef,
+        privateKeyRef: *mut SecKeyRef,
+    ) -> OSStatus;
+    pub fn SecKeyGetTypeID() -> CFTypeID;
+    pub fn SecPolicyGetTypeID() -> CFTypeID;
+    pub fn SecTrustGetTypeID() -> CFTypeID;
+
+    // Available starting macOS 10.6
+    pub fn SecCertificateCopyData(certificate: SecCertificateRef) -> CFDataRef;
+    pub fn SecCertificateCopySubjectSummary(certificate: SecCertificateRef) -> CFStringRef;
+    pub fn SecItemCopyMatching(query: CFDictionaryRef, result: *mut CFTypeRef) -> OSStatus;
+    pub fn SecPolicyCreateSSL(server: bool, hostname: CFStringRef) -> SecPolicyRef;
+    pub static kSecClass: CFStringRef;
+    pub static kSecAttrKeyType: CFStringRef;
+    pub static kSecAttrKeySizeInBits: CFStringRef;
+    pub static kSecMatchLimit: CFStringRef;
+    pub static kSecMatchLimitAll: CFStringRef;
+    pub static kSecReturnRef: CFStringRef;
+
+    // Available starting macOS 10.7
+    pub fn SecTrustGetCertificateAtIndex(trust: SecTrustRef, ix: CFIndex) -> SecCertificateRef;
+    pub fn SecTrustGetCertificateCount(trust: SecTrustRef) -> CFIndex;
+    pub static kSecClassIdentity: CFStringRef;
+    pub static kSecAttrKeyTypeRSA: CFStringRef;
+
+    // Available starting macOS 10.9
+    pub fn SecTrustSetNetworkFetchAllowed(trust: SecTrustRef, allowFetch: Boolean) -> OSStatus;
+
+    // Available starting macOS 10.12
+    pub fn SecKeyCreateSignature(
+        key: SecKeyRef,
+        algorithm: SecKeyAlgorithm,
+        data: CFDataRef,
+        err: *mut CFErrorRef,
+    ) -> CFDataRef;
+    pub fn SecKeyCopyAttributes(key: SecKeyRef) -> CFDictionaryRef;
+    pub fn SecKeyCopyExternalRepresentation(key: SecKeyRef, err: *mut CFErrorRef) -> CFDataRef;
+    pub static kSecKeyAlgorithmECDSASignatureDigestX962SHA1: CFStringRef;
+    pub static kSecKeyAlgorithmECDSASignatureDigestX962SHA256: CFStringRef;
+    pub static kSecKeyAlgorithmECDSASignatureDigestX962SHA384: CFStringRef;
+    pub static kSecKeyAlgorithmECDSASignatureDigestX962SHA512: CFStringRef;
+    pub static kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw: CFStringRef;
+    pub static kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256: CFStringRef;
+    pub static kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384: CFStringRef;
+    pub static kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512: CFStringRef;
+    pub static kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1: CFStringRef;
+    pub static kSecAttrKeyTypeECSECPrimeRandom: CFStringRef;
+}
diff --git a/security/manager/ssl/osclientcerts/src/lib.rs b/security/manager/ssl/osclientcerts/src/lib.rs
new file mode 100644
index 0000000000..a6cc206cfa
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/src/lib.rs
@@ -0,0 +1,1235 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#![allow(non_snake_case)]
+
+extern crate byteorder;
+#[cfg(target_os = "macos")]
+#[macro_use]
+extern crate core_foundation;
+extern crate env_logger;
+#[cfg(target_os = "macos")]
+#[macro_use]
+extern crate lazy_static;
+#[cfg(target_os = "macos")]
+extern crate libloading;
+#[macro_use]
+extern crate log;
+extern crate pkcs11_bindings;
+#[macro_use]
+extern crate rsclientcerts;
+extern crate sha2;
+#[cfg(target_os = "windows")]
+extern crate winapi;
+
+use pkcs11_bindings::*;
+use rsclientcerts::manager::{ManagerProxy, SlotType};
+use std::ffi::CStr;
+use std::sync::Mutex;
+use std::thread;
+
+#[cfg(target_os = "macos")]
+mod backend_macos;
+#[cfg(target_os = "windows")]
+mod backend_windows;
+
+#[cfg(target_os = "macos")]
+use crate::backend_macos::Backend;
+#[cfg(target_os = "windows")]
+use crate::backend_windows::Backend;
+
+struct ModuleState {
+    manager_proxy: ManagerProxy,
+    mechanisms: Vec<CK_MECHANISM_TYPE>,
+}
+
+/// The singleton `ModuleState` that handles state with respect to PKCS #11. Only one thread
+/// may use it at a time, but there is no restriction on which threads may use it. However, as
+/// OS APIs being used are not necessarily thread-safe (e.g. they may be using
+/// thread-local-storage), the `ManagerProxy` of the `ModuleState` forwards calls from any
+/// thread to a single thread where the real `Manager` does the actual work.
+static MODULE_STATE: Mutex<Option<ModuleState>> = Mutex::new(None);
+
+// Obtaining a handle on the manager proxy is a two-step process. First the mutex must be locked,
+// which (if successful), results in a mutex guard object. We must then get a mutable refence to the
+// underlying manager proxy (if set - otherwise we return an error). This can't happen all in one
+// macro without dropping a reference that needs to live long enough for this to be safe. In
+// practice, this looks like:
+//   let mut module_state_guard = try_to_get_module_state_guard!();
+//   let manager = module_state_guard_to_manager!(module_state_guard);
+macro_rules! try_to_get_module_state_guard {
+    () => {
+        match MODULE_STATE.lock() {
+            Ok(maybe_module_state) => maybe_module_state,
+            Err(poison_error) => {
+                log_with_thread_id!(
+                    error,
+                    "previous thread panicked acquiring manager lock: {}",
+                    poison_error
+                );
+                return CKR_DEVICE_ERROR;
+            }
+        }
+    };
+}
+
+macro_rules! module_state_guard_to_manager {
+    ($module_state_guard:ident) => {
+        match $module_state_guard.as_mut() {
+            Some(module_state) => &mut module_state.manager_proxy,
+            None => {
+                log_with_thread_id!(error, "module state expected to be set, but it is not");
+                return CKR_DEVICE_ERROR;
+            }
+        }
+    };
+}
+
+macro_rules! module_state_guard_to_mechanisms {
+    ($module_state_guard:ident) => {
+        match $module_state_guard.as_ref() {
+            Some(module_state) => &module_state.mechanisms,
+            None => {
+                log_with_thread_id!(error, "module state expected to be set, but it is not");
+                return CKR_DEVICE_ERROR;
+            }
+        }
+    };
+}
+
+// Helper macro to prefix log messages with the current thread ID.
+macro_rules! log_with_thread_id {
+    ($log_level:ident, $($message:expr),*) => {
+        $log_level!("{:?} {}", thread::current().id(), format_args!($($message),*));
+    };
+}
+
+/// This gets called to initialize the module. For this implementation, this consists of
+/// instantiating the `ManagerProxy`.
+extern "C" fn C_Initialize(pInitArgs: CK_VOID_PTR) -> CK_RV {
+    // This will fail if this has already been called, but this isn't a problem because either way,
+    // logging has been initialized.
+    let _ = env_logger::try_init();
+
+    if pInitArgs.is_null() {
+        return CKR_DEVICE_ERROR;
+    }
+    let init_args_ptr = unsafe { (*(pInitArgs as CK_C_INITIALIZE_ARGS_PTR)).pReserved };
+    if init_args_ptr.is_null() {
+        return CKR_DEVICE_ERROR;
+    }
+    let init_args_cstr = unsafe { CStr::from_ptr(init_args_ptr as *mut std::os::raw::c_char) };
+    let init_args = match init_args_cstr.to_str() {
+        Ok(init_args) => init_args,
+        Err(_) => return CKR_DEVICE_ERROR,
+    };
+    let mechanisms = if init_args == "RSA-PSS" {
+        vec![CKM_ECDSA, CKM_RSA_PKCS, CKM_RSA_PKCS_PSS]
+    } else {
+        vec![CKM_ECDSA, CKM_RSA_PKCS]
+    };
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager_proxy = match ManagerProxy::new(Backend {}) {
+        Ok(p) => p,
+        Err(e) => {
+            log_with_thread_id!(error, "C_Initialize: ManagerProxy: {}", e);
+            return CKR_DEVICE_ERROR;
+        }
+    };
+    match module_state_guard.replace(ModuleState {
+        manager_proxy,
+        mechanisms,
+    }) {
+        Some(_unexpected_previous_module_state) => {
+            #[cfg(target_os = "macos")]
+            {
+                log_with_thread_id!(info, "C_Initialize: module state previously set (this is expected on macOS - replacing it)");
+            }
+            #[cfg(target_os = "windows")]
+            {
+                log_with_thread_id!(
+                    warn,
+                    "C_Initialize: module state unexpectedly previously set (replacing it)"
+                );
+            }
+        }
+        None => {}
+    }
+    log_with_thread_id!(debug, "C_Initialize: CKR_OK");
+    CKR_OK
+}
+
+extern "C" fn C_Finalize(_pReserved: CK_VOID_PTR) -> CK_RV {
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    match manager.stop() {
+        Ok(()) => {
+            log_with_thread_id!(debug, "C_Finalize: CKR_OK");
+            CKR_OK
+        }
+        Err(e) => {
+            log_with_thread_id!(error, "C_Finalize: CKR_DEVICE_ERROR: {}", e);
+            CKR_DEVICE_ERROR
+        }
+    }
+}
+
+// The specification mandates that these strings be padded with spaces to the appropriate length.
+// Since the length of fixed-size arrays in rust is part of the type, the compiler enforces that
+// these byte strings are of the correct length.
+const MANUFACTURER_ID_BYTES: &[u8; 32] = b"Mozilla Corporation             ";
+const LIBRARY_DESCRIPTION_BYTES: &[u8; 32] = b"OS Client Cert Module           ";
+
+/// This gets called to gather some information about the module. In particular, this implementation
+/// supports (portions of) cryptoki (PKCS #11) version 2.2.
+extern "C" fn C_GetInfo(pInfo: CK_INFO_PTR) -> CK_RV {
+    if pInfo.is_null() {
+        log_with_thread_id!(error, "C_GetInfo: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    log_with_thread_id!(debug, "C_GetInfo: CKR_OK");
+    let mut info = CK_INFO::default();
+    info.cryptokiVersion.major = 2;
+    info.cryptokiVersion.minor = 2;
+    info.manufacturerID = *MANUFACTURER_ID_BYTES;
+    info.libraryDescription = *LIBRARY_DESCRIPTION_BYTES;
+    unsafe {
+        *pInfo = info;
+    }
+    CKR_OK
+}
+
+/// This module has one slot.
+const SLOT_COUNT: CK_ULONG = 1;
+const SLOT_ID: CK_SLOT_ID = 1;
+
+/// This gets called twice: once with a null `pSlotList` to get the number of slots (returned via
+/// `pulCount`) and a second time to get the ID for each slot.
+extern "C" fn C_GetSlotList(
+    _tokenPresent: CK_BBOOL,
+    pSlotList: CK_SLOT_ID_PTR,
+    pulCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if pulCount.is_null() {
+        log_with_thread_id!(error, "C_GetSlotList: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    if !pSlotList.is_null() {
+        if unsafe { *pulCount } < SLOT_COUNT {
+            log_with_thread_id!(error, "C_GetSlotList: CKR_BUFFER_TOO_SMALL");
+            return CKR_BUFFER_TOO_SMALL;
+        }
+        unsafe {
+            *pSlotList = SLOT_ID;
+        }
+    };
+    unsafe {
+        *pulCount = SLOT_COUNT;
+    }
+    log_with_thread_id!(debug, "C_GetSlotList: CKR_OK");
+    CKR_OK
+}
+
+const SLOT_DESCRIPTION_BYTES: &[u8; 64] =
+    b"OS Client Cert Slot                                             ";
+
+/// This gets called to obtain information about slots. In this implementation, the token is
+/// always present in the singular slot.
+extern "C" fn C_GetSlotInfo(slotID: CK_SLOT_ID, pInfo: CK_SLOT_INFO_PTR) -> CK_RV {
+    if slotID != SLOT_ID || pInfo.is_null() {
+        log_with_thread_id!(error, "C_GetSlotInfo: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let slot_info = CK_SLOT_INFO {
+        slotDescription: *SLOT_DESCRIPTION_BYTES,
+        manufacturerID: *MANUFACTURER_ID_BYTES,
+        flags: CKF_TOKEN_PRESENT,
+        hardwareVersion: CK_VERSION::default(),
+        firmwareVersion: CK_VERSION::default(),
+    };
+    unsafe {
+        *pInfo = slot_info;
+    }
+    log_with_thread_id!(debug, "C_GetSlotInfo: CKR_OK");
+    CKR_OK
+}
+
+const TOKEN_LABEL_BYTES: &[u8; 32] = b"OS Client Cert Token            ";
+const TOKEN_MODEL_BYTES: &[u8; 16] = b"osclientcerts   ";
+const TOKEN_SERIAL_NUMBER_BYTES: &[u8; 16] = b"0000000000000000";
+
+/// This gets called to obtain some information about tokens. This implementation has one slot,
+/// so it has one token. This information is primarily for display purposes.
+extern "C" fn C_GetTokenInfo(slotID: CK_SLOT_ID, pInfo: CK_TOKEN_INFO_PTR) -> CK_RV {
+    if slotID != SLOT_ID || pInfo.is_null() {
+        log_with_thread_id!(error, "C_GetTokenInfo: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut token_info = CK_TOKEN_INFO::default();
+    token_info.label = *TOKEN_LABEL_BYTES;
+    token_info.manufacturerID = *MANUFACTURER_ID_BYTES;
+    token_info.model = *TOKEN_MODEL_BYTES;
+    token_info.serialNumber = *TOKEN_SERIAL_NUMBER_BYTES;
+    unsafe {
+        *pInfo = token_info;
+    }
+    log_with_thread_id!(debug, "C_GetTokenInfo: CKR_OK");
+    CKR_OK
+}
+
+/// This gets called to determine what mechanisms a slot supports. The singular slot supports
+/// ECDSA and RSA PKCS1. Depending on the configuration the module was loaded with, it may also
+/// support RSA PSS.
+extern "C" fn C_GetMechanismList(
+    slotID: CK_SLOT_ID,
+    pMechanismList: CK_MECHANISM_TYPE_PTR,
+    pulCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if slotID != SLOT_ID || pulCount.is_null() {
+        log_with_thread_id!(error, "C_GetMechanismList: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let module_state_guard = try_to_get_module_state_guard!();
+    let mechanisms = module_state_guard_to_mechanisms!(module_state_guard);
+    if !pMechanismList.is_null() {
+        if unsafe { *pulCount as usize } < mechanisms.len() {
+            log_with_thread_id!(error, "C_GetMechanismList: CKR_ARGUMENTS_BAD");
+            return CKR_ARGUMENTS_BAD;
+        }
+        for (i, mechanism) in mechanisms.iter().enumerate() {
+            unsafe {
+                *pMechanismList.add(i) = *mechanism;
+            }
+        }
+    }
+    unsafe {
+        *pulCount = mechanisms.len() as CK_ULONG;
+    }
+    log_with_thread_id!(debug, "C_GetMechanismList: CKR_OK");
+    CKR_OK
+}
+
+extern "C" fn C_GetMechanismInfo(
+    _slotID: CK_SLOT_ID,
+    _type: CK_MECHANISM_TYPE,
+    _pInfo: CK_MECHANISM_INFO_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_GetMechanismInfo: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_InitToken(
+    _slotID: CK_SLOT_ID,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+    _pLabel: CK_UTF8CHAR_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_InitToken: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_InitPIN(
+    _hSession: CK_SESSION_HANDLE,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_InitPIN: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SetPIN(
+    _hSession: CK_SESSION_HANDLE,
+    _pOldPin: CK_UTF8CHAR_PTR,
+    _ulOldLen: CK_ULONG,
+    _pNewPin: CK_UTF8CHAR_PTR,
+    _ulNewLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SetPIN: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to create a new session. This module defers to the `ManagerProxy` to implement
+/// this.
+extern "C" fn C_OpenSession(
+    slotID: CK_SLOT_ID,
+    _flags: CK_FLAGS,
+    _pApplication: CK_VOID_PTR,
+    _Notify: CK_NOTIFY,
+    phSession: CK_SESSION_HANDLE_PTR,
+) -> CK_RV {
+    if slotID != SLOT_ID || phSession.is_null() {
+        log_with_thread_id!(error, "C_OpenSession: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    // The "modern"/"legacy" slot distinction still exists in ipcclientcerts,
+    // which shares some library code with this module, to allow for a more
+    // nuanced notion of whether or not e.g. RSA-PSS is supported.
+    let session_handle = match manager.open_session(SlotType::Modern) {
+        Ok(session_handle) => session_handle,
+        Err(e) => {
+            log_with_thread_id!(error, "C_OpenSession: open_session failed: {}", e);
+            return CKR_DEVICE_ERROR;
+        }
+    };
+    unsafe {
+        *phSession = session_handle;
+    }
+    log_with_thread_id!(debug, "C_OpenSession: CKR_OK");
+    CKR_OK
+}
+
+/// This gets called to close a session. This is handled by the `ManagerProxy`.
+extern "C" fn C_CloseSession(hSession: CK_SESSION_HANDLE) -> CK_RV {
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    if manager.close_session(hSession).is_err() {
+        log_with_thread_id!(error, "C_CloseSession: CKR_SESSION_HANDLE_INVALID");
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    log_with_thread_id!(debug, "C_CloseSession: CKR_OK");
+    CKR_OK
+}
+
+/// This gets called to close all open sessions at once. This is handled by the `ManagerProxy`.
+extern "C" fn C_CloseAllSessions(slotID: CK_SLOT_ID) -> CK_RV {
+    if slotID != SLOT_ID {
+        log_with_thread_id!(error, "C_CloseAllSessions: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    match manager.close_all_sessions(SlotType::Modern) {
+        Ok(()) => {
+            log_with_thread_id!(debug, "C_CloseAllSessions: CKR_OK");
+            CKR_OK
+        }
+        Err(e) => {
+            log_with_thread_id!(
+                error,
+                "C_CloseAllSessions: close_all_sessions failed: {}",
+                e
+            );
+            CKR_DEVICE_ERROR
+        }
+    }
+}
+
+extern "C" fn C_GetSessionInfo(_hSession: CK_SESSION_HANDLE, _pInfo: CK_SESSION_INFO_PTR) -> CK_RV {
+    log_with_thread_id!(error, "C_GetSessionInfo: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetOperationState(
+    _hSession: CK_SESSION_HANDLE,
+    _pOperationState: CK_BYTE_PTR,
+    _pulOperationStateLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_GetOperationState: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SetOperationState(
+    _hSession: CK_SESSION_HANDLE,
+    _pOperationState: CK_BYTE_PTR,
+    _ulOperationStateLen: CK_ULONG,
+    _hEncryptionKey: CK_OBJECT_HANDLE,
+    _hAuthenticationKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SetOperationState: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Login(
+    _hSession: CK_SESSION_HANDLE,
+    _userType: CK_USER_TYPE,
+    _pPin: CK_UTF8CHAR_PTR,
+    _ulPinLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_Login: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to log out and drop any authenticated resources. Because this module does not
+/// hold on to authenticated resources, this module "implements" this by doing nothing and
+/// returning a success result.
+extern "C" fn C_Logout(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    log_with_thread_id!(debug, "C_Logout: CKR_OK");
+    CKR_OK
+}
+
+extern "C" fn C_CreateObject(
+    _hSession: CK_SESSION_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phObject: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_CreateObject: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_CopyObject(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phNewObject: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_CopyObject: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DestroyObject(_hSession: CK_SESSION_HANDLE, _hObject: CK_OBJECT_HANDLE) -> CK_RV {
+    log_with_thread_id!(error, "C_DestroyObject: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetObjectSize(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pulSize: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_GetObjectSize: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to obtain the values of a number of attributes of an object identified by the
+/// given handle. This module implements this by requesting that the `ManagerProxy` find the object
+/// and attempt to get the value of each attribute. If a specified attribute is not defined on the
+/// object, the length of that attribute is set to -1 to indicate that it is not available.
+/// This gets called twice: once to obtain the lengths of the attributes and again to get the
+/// values.
+extern "C" fn C_GetAttributeValue(
+    _hSession: CK_SESSION_HANDLE,
+    hObject: CK_OBJECT_HANDLE,
+    pTemplate: CK_ATTRIBUTE_PTR,
+    ulCount: CK_ULONG,
+) -> CK_RV {
+    if pTemplate.is_null() {
+        log_with_thread_id!(error, "C_GetAttributeValue: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut attr_types = Vec::with_capacity(ulCount as usize);
+    for i in 0..ulCount as usize {
+        let attr = unsafe { &*pTemplate.add(i) };
+        attr_types.push(attr.type_);
+    }
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    let values = match manager.get_attributes(hObject, attr_types) {
+        Ok(values) => values,
+        Err(e) => {
+            log_with_thread_id!(error, "C_GetAttributeValue: CKR_ARGUMENTS_BAD ({})", e);
+            return CKR_ARGUMENTS_BAD;
+        }
+    };
+    if values.len() != ulCount as usize {
+        log_with_thread_id!(
+            error,
+            "C_GetAttributeValue: manager.get_attributes didn't return the right number of values"
+        );
+        return CKR_DEVICE_ERROR;
+    }
+    for (i, value) in values.iter().enumerate().take(ulCount as usize) {
+        let mut attr = unsafe { &mut *pTemplate.add(i) };
+        if let Some(attr_value) = value {
+            if attr.pValue.is_null() {
+                attr.ulValueLen = attr_value.len() as CK_ULONG;
+            } else {
+                let ptr: *mut u8 = attr.pValue as *mut u8;
+                if attr_value.len() != attr.ulValueLen as usize {
+                    log_with_thread_id!(error, "C_GetAttributeValue: incorrect attr size");
+                    return CKR_ARGUMENTS_BAD;
+                }
+                unsafe {
+                    std::ptr::copy_nonoverlapping(attr_value.as_ptr(), ptr, attr_value.len());
+                }
+            }
+        } else {
+            attr.ulValueLen = (0 - 1) as CK_ULONG;
+        }
+    }
+    log_with_thread_id!(debug, "C_GetAttributeValue: CKR_OK");
+    CKR_OK
+}
+
+extern "C" fn C_SetAttributeValue(
+    _hSession: CK_SESSION_HANDLE,
+    _hObject: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SetAttributeValue: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+fn trace_attr(prefix: &str, attr: &CK_ATTRIBUTE) {
+    let typ = match unsafe_packed_field_access!(attr.type_) {
+        CKA_CLASS => "CKA_CLASS".to_string(),
+        CKA_TOKEN => "CKA_TOKEN".to_string(),
+        CKA_LABEL => "CKA_LABEL".to_string(),
+        CKA_ID => "CKA_ID".to_string(),
+        CKA_VALUE => "CKA_VALUE".to_string(),
+        CKA_ISSUER => "CKA_ISSUER".to_string(),
+        CKA_SERIAL_NUMBER => "CKA_SERIAL_NUMBER".to_string(),
+        CKA_SUBJECT => "CKA_SUBJECT".to_string(),
+        CKA_PRIVATE => "CKA_PRIVATE".to_string(),
+        CKA_KEY_TYPE => "CKA_KEY_TYPE".to_string(),
+        CKA_MODULUS => "CKA_MODULUS".to_string(),
+        CKA_EC_PARAMS => "CKA_EC_PARAMS".to_string(),
+        _ => format!("0x{:x}", unsafe_packed_field_access!(attr.type_)),
+    };
+    let value =
+        unsafe { std::slice::from_raw_parts(attr.pValue as *const u8, attr.ulValueLen as usize) };
+    log_with_thread_id!(
+        trace,
+        "{}CK_ATTRIBUTE {{ type: {}, pValue: {:?}, ulValueLen: {} }}",
+        prefix,
+        typ,
+        value,
+        unsafe_packed_field_access!(attr.ulValueLen)
+    );
+}
+
+/// This gets called to initialize a search for objects matching a given list of attributes. This
+/// module implements this by gathering the attributes and passing them to the `ManagerProxy` to
+/// start the search.
+extern "C" fn C_FindObjectsInit(
+    hSession: CK_SESSION_HANDLE,
+    pTemplate: CK_ATTRIBUTE_PTR,
+    ulCount: CK_ULONG,
+) -> CK_RV {
+    if pTemplate.is_null() {
+        log_with_thread_id!(error, "C_FindObjectsInit: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut attrs = Vec::new();
+    log_with_thread_id!(trace, "C_FindObjectsInit:");
+    for i in 0..ulCount as usize {
+        let attr = unsafe { &*pTemplate.add(i) };
+        trace_attr("  ", attr);
+        let slice = unsafe {
+            std::slice::from_raw_parts(attr.pValue as *const u8, attr.ulValueLen as usize)
+        };
+        attrs.push((attr.type_, slice.to_owned()));
+    }
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    match manager.start_search(hSession, attrs) {
+        Ok(()) => {}
+        Err(e) => {
+            log_with_thread_id!(error, "C_FindObjectsInit: CKR_ARGUMENTS_BAD: {}", e);
+            return CKR_ARGUMENTS_BAD;
+        }
+    }
+    log_with_thread_id!(debug, "C_FindObjectsInit: CKR_OK");
+    CKR_OK
+}
+
+/// This gets called after `C_FindObjectsInit` to get the results of a search. This module
+/// implements this by looking up the search in the `ManagerProxy` and copying out the matching
+/// object handles.
+extern "C" fn C_FindObjects(
+    hSession: CK_SESSION_HANDLE,
+    phObject: CK_OBJECT_HANDLE_PTR,
+    ulMaxObjectCount: CK_ULONG,
+    pulObjectCount: CK_ULONG_PTR,
+) -> CK_RV {
+    if phObject.is_null() || pulObjectCount.is_null() || ulMaxObjectCount == 0 {
+        log_with_thread_id!(error, "C_FindObjects: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    let handles = match manager.search(hSession, ulMaxObjectCount as usize) {
+        Ok(handles) => handles,
+        Err(e) => {
+            log_with_thread_id!(error, "C_FindObjects: CKR_ARGUMENTS_BAD: {}", e);
+            return CKR_ARGUMENTS_BAD;
+        }
+    };
+    log_with_thread_id!(debug, "C_FindObjects: found handles {:?}", handles);
+    if handles.len() > ulMaxObjectCount as usize {
+        log_with_thread_id!(error, "C_FindObjects: manager returned too many handles");
+        return CKR_DEVICE_ERROR;
+    }
+    unsafe {
+        *pulObjectCount = handles.len() as CK_ULONG;
+    }
+    for (index, handle) in handles.iter().enumerate() {
+        if index < ulMaxObjectCount as usize {
+            unsafe {
+                *(phObject.add(index)) = *handle;
+            }
+        }
+    }
+    log_with_thread_id!(debug, "C_FindObjects: CKR_OK");
+    CKR_OK
+}
+
+/// This gets called after `C_FindObjectsInit` and `C_FindObjects` to finish a search. The module
+/// tells the `ManagerProxy` to clear the search.
+extern "C" fn C_FindObjectsFinal(hSession: CK_SESSION_HANDLE) -> CK_RV {
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    // It would be an error if there were no search for this session, but we can be permissive here.
+    match manager.clear_search(hSession) {
+        Ok(()) => {
+            log_with_thread_id!(debug, "C_FindObjectsFinal: CKR_OK");
+            CKR_OK
+        }
+        Err(e) => {
+            log_with_thread_id!(error, "C_FindObjectsFinal: clear_search failed: {}", e);
+            CKR_DEVICE_ERROR
+        }
+    }
+}
+
+extern "C" fn C_EncryptInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_EncryptInit: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Encrypt(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pEncryptedData: CK_BYTE_PTR,
+    _pulEncryptedDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_Encrypt: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_EncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_EncryptUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_EncryptFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pLastEncryptedPart: CK_BYTE_PTR,
+    _pulLastEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_EncryptFinal: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DecryptInit: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Decrypt(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedData: CK_BYTE_PTR,
+    _ulEncryptedDataLen: CK_ULONG,
+    _pData: CK_BYTE_PTR,
+    _pulDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_Decrypt: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DecryptUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pLastPart: CK_BYTE_PTR,
+    _pulLastPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DecryptFinal: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestInit(_hSession: CK_SESSION_HANDLE, _pMechanism: CK_MECHANISM_PTR) -> CK_RV {
+    log_with_thread_id!(error, "C_DigestInit: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Digest(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pDigest: CK_BYTE_PTR,
+    _pulDigestLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_Digest: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DigestUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestKey(_hSession: CK_SESSION_HANDLE, _hKey: CK_OBJECT_HANDLE) -> CK_RV {
+    log_with_thread_id!(error, "C_DigestKey: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pDigest: CK_BYTE_PTR,
+    _pulDigestLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DigestFinal: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// This gets called to set up a sign operation. The module essentially defers to the
+/// `ManagerProxy`.
+extern "C" fn C_SignInit(
+    hSession: CK_SESSION_HANDLE,
+    pMechanism: CK_MECHANISM_PTR,
+    hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    if pMechanism.is_null() {
+        log_with_thread_id!(error, "C_SignInit: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    // Presumably we should validate the mechanism against hKey, but the specification doesn't
+    // actually seem to require this.
+    let mechanism = unsafe { *pMechanism };
+    log_with_thread_id!(debug, "C_SignInit: mechanism is {:?}", mechanism);
+    let mechanism_params = if mechanism.mechanism == CKM_RSA_PKCS_PSS {
+        if mechanism.ulParameterLen as usize != std::mem::size_of::<CK_RSA_PKCS_PSS_PARAMS>() {
+            log_with_thread_id!(
+                error,
+                "C_SignInit: bad ulParameterLen for CKM_RSA_PKCS_PSS: {}",
+                unsafe_packed_field_access!(mechanism.ulParameterLen)
+            );
+            return CKR_ARGUMENTS_BAD;
+        }
+        Some(unsafe { *(mechanism.pParameter as *const CK_RSA_PKCS_PSS_PARAMS) })
+    } else {
+        None
+    };
+    let mut module_state_guard = try_to_get_module_state_guard!();
+    let manager = module_state_guard_to_manager!(module_state_guard);
+    match manager.start_sign(hSession, hKey, mechanism_params) {
+        Ok(()) => {}
+        Err(e) => {
+            log_with_thread_id!(error, "C_SignInit: CKR_GENERAL_ERROR: {}", e);
+            return CKR_GENERAL_ERROR;
+        }
+    };
+    log_with_thread_id!(debug, "C_SignInit: CKR_OK");
+    CKR_OK
+}
+
+/// NSS calls this after `C_SignInit` (there are more ways in the PKCS #11 specification to sign
+/// data, but this is the only way supported by this module). The module essentially defers to the
+/// `ManagerProxy` and copies out the resulting signature.
+extern "C" fn C_Sign(
+    hSession: CK_SESSION_HANDLE,
+    pData: CK_BYTE_PTR,
+    ulDataLen: CK_ULONG,
+    pSignature: CK_BYTE_PTR,
+    pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    if pData.is_null() || pulSignatureLen.is_null() {
+        log_with_thread_id!(error, "C_Sign: CKR_ARGUMENTS_BAD");
+        return CKR_ARGUMENTS_BAD;
+    }
+    let data = unsafe { std::slice::from_raw_parts(pData, ulDataLen as usize) };
+    if pSignature.is_null() {
+        let mut module_state_guard = try_to_get_module_state_guard!();
+        let manager = module_state_guard_to_manager!(module_state_guard);
+        match manager.get_signature_length(hSession, data.to_vec()) {
+            Ok(signature_length) => unsafe {
+                *pulSignatureLen = signature_length as CK_ULONG;
+            },
+            Err(e) => {
+                log_with_thread_id!(error, "C_Sign: get_signature_length failed: {}", e);
+                log_with_thread_id!(error, "C_Sign: try setting security.osclientcerts.assume_rsa_pss_support to false and restarting");
+                return CKR_GENERAL_ERROR;
+            }
+        }
+    } else {
+        let mut module_state_guard = try_to_get_module_state_guard!();
+        let manager = module_state_guard_to_manager!(module_state_guard);
+        match manager.sign(hSession, data.to_vec()) {
+            Ok(signature) => {
+                let signature_capacity = unsafe { *pulSignatureLen } as usize;
+                if signature_capacity < signature.len() {
+                    log_with_thread_id!(error, "C_Sign: CKR_ARGUMENTS_BAD");
+                    return CKR_ARGUMENTS_BAD;
+                }
+                let ptr: *mut u8 = pSignature as *mut u8;
+                unsafe {
+                    std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len());
+                    *pulSignatureLen = signature.len() as CK_ULONG;
+                }
+            }
+            Err(e) => {
+                log_with_thread_id!(error, "C_Sign: sign failed: {}", e);
+                log_with_thread_id!(error, "C_Sign: try setting security.osclientcerts.assume_rsa_pss_support to false and restarting");
+                return CKR_GENERAL_ERROR;
+            }
+        }
+    }
+    log_with_thread_id!(debug, "C_Sign: CKR_OK");
+    CKR_OK
+}
+
+extern "C" fn C_SignUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SignUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SignFinal: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignRecoverInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SignRecoverInit: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignRecover(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pSignature: CK_BYTE_PTR,
+    _pulSignatureLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SignRecover: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_VerifyInit: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_Verify(
+    _hSession: CK_SESSION_HANDLE,
+    _pData: CK_BYTE_PTR,
+    _ulDataLen: CK_ULONG,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_Verify: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_VerifyUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyFinal(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_VerifyFinal: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyRecoverInit(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hKey: CK_OBJECT_HANDLE,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_VerifyRecoverInit: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_VerifyRecover(
+    _hSession: CK_SESSION_HANDLE,
+    _pSignature: CK_BYTE_PTR,
+    _ulSignatureLen: CK_ULONG,
+    _pData: CK_BYTE_PTR,
+    _pulDataLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_VerifyRecover: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DigestEncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DigestEncryptUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptDigestUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DecryptDigestUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SignEncryptUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pPart: CK_BYTE_PTR,
+    _ulPartLen: CK_ULONG,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _pulEncryptedPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SignEncryptUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DecryptVerifyUpdate(
+    _hSession: CK_SESSION_HANDLE,
+    _pEncryptedPart: CK_BYTE_PTR,
+    _ulEncryptedPartLen: CK_ULONG,
+    _pPart: CK_BYTE_PTR,
+    _pulPartLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DecryptVerifyUpdate: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_GenerateKey: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateKeyPair(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _pPublicKeyTemplate: CK_ATTRIBUTE_PTR,
+    _ulPublicKeyAttributeCount: CK_ULONG,
+    _pPrivateKeyTemplate: CK_ATTRIBUTE_PTR,
+    _ulPrivateKeyAttributeCount: CK_ULONG,
+    _phPublicKey: CK_OBJECT_HANDLE_PTR,
+    _phPrivateKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_GenerateKeyPair: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_WrapKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hWrappingKey: CK_OBJECT_HANDLE,
+    _hKey: CK_OBJECT_HANDLE,
+    _pWrappedKey: CK_BYTE_PTR,
+    _pulWrappedKeyLen: CK_ULONG_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_WrapKey: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_UnwrapKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hUnwrappingKey: CK_OBJECT_HANDLE,
+    _pWrappedKey: CK_BYTE_PTR,
+    _ulWrappedKeyLen: CK_ULONG,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulAttributeCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_UnwrapKey: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_DeriveKey(
+    _hSession: CK_SESSION_HANDLE,
+    _pMechanism: CK_MECHANISM_PTR,
+    _hBaseKey: CK_OBJECT_HANDLE,
+    _pTemplate: CK_ATTRIBUTE_PTR,
+    _ulAttributeCount: CK_ULONG,
+    _phKey: CK_OBJECT_HANDLE_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_DeriveKey: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_SeedRandom(
+    _hSession: CK_SESSION_HANDLE,
+    _pSeed: CK_BYTE_PTR,
+    _ulSeedLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_SeedRandom: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GenerateRandom(
+    _hSession: CK_SESSION_HANDLE,
+    _RandomData: CK_BYTE_PTR,
+    _ulRandomLen: CK_ULONG,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_GenerateRandom: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_GetFunctionStatus(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    log_with_thread_id!(error, "C_GetFunctionStatus: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_CancelFunction(_hSession: CK_SESSION_HANDLE) -> CK_RV {
+    log_with_thread_id!(error, "C_CancelFunction: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+extern "C" fn C_WaitForSlotEvent(
+    _flags: CK_FLAGS,
+    _pSlot: CK_SLOT_ID_PTR,
+    _pRserved: CK_VOID_PTR,
+) -> CK_RV {
+    log_with_thread_id!(error, "C_WaitForSlotEvent: CKR_FUNCTION_NOT_SUPPORTED");
+    CKR_FUNCTION_NOT_SUPPORTED
+}
+
+/// To be a valid PKCS #11 module, this list of functions must be supported. At least cryptoki 2.2
+/// must be supported for this module to work in NSS.
+static mut FUNCTION_LIST: CK_FUNCTION_LIST = CK_FUNCTION_LIST {
+    version: CK_VERSION { major: 2, minor: 2 },
+    C_Initialize: Some(C_Initialize),
+    C_Finalize: Some(C_Finalize),
+    C_GetInfo: Some(C_GetInfo),
+    C_GetFunctionList: None,
+    C_GetSlotList: Some(C_GetSlotList),
+    C_GetSlotInfo: Some(C_GetSlotInfo),
+    C_GetTokenInfo: Some(C_GetTokenInfo),
+    C_GetMechanismList: Some(C_GetMechanismList),
+    C_GetMechanismInfo: Some(C_GetMechanismInfo),
+    C_InitToken: Some(C_InitToken),
+    C_InitPIN: Some(C_InitPIN),
+    C_SetPIN: Some(C_SetPIN),
+    C_OpenSession: Some(C_OpenSession),
+    C_CloseSession: Some(C_CloseSession),
+    C_CloseAllSessions: Some(C_CloseAllSessions),
+    C_GetSessionInfo: Some(C_GetSessionInfo),
+    C_GetOperationState: Some(C_GetOperationState),
+    C_SetOperationState: Some(C_SetOperationState),
+    C_Login: Some(C_Login),
+    C_Logout: Some(C_Logout),
+    C_CreateObject: Some(C_CreateObject),
+    C_CopyObject: Some(C_CopyObject),
+    C_DestroyObject: Some(C_DestroyObject),
+    C_GetObjectSize: Some(C_GetObjectSize),
+    C_GetAttributeValue: Some(C_GetAttributeValue),
+    C_SetAttributeValue: Some(C_SetAttributeValue),
+    C_FindObjectsInit: Some(C_FindObjectsInit),
+    C_FindObjects: Some(C_FindObjects),
+    C_FindObjectsFinal: Some(C_FindObjectsFinal),
+    C_EncryptInit: Some(C_EncryptInit),
+    C_Encrypt: Some(C_Encrypt),
+    C_EncryptUpdate: Some(C_EncryptUpdate),
+    C_EncryptFinal: Some(C_EncryptFinal),
+    C_DecryptInit: Some(C_DecryptInit),
+    C_Decrypt: Some(C_Decrypt),
+    C_DecryptUpdate: Some(C_DecryptUpdate),
+    C_DecryptFinal: Some(C_DecryptFinal),
+    C_DigestInit: Some(C_DigestInit),
+    C_Digest: Some(C_Digest),
+    C_DigestUpdate: Some(C_DigestUpdate),
+    C_DigestKey: Some(C_DigestKey),
+    C_DigestFinal: Some(C_DigestFinal),
+    C_SignInit: Some(C_SignInit),
+    C_Sign: Some(C_Sign),
+    C_SignUpdate: Some(C_SignUpdate),
+    C_SignFinal: Some(C_SignFinal),
+    C_SignRecoverInit: Some(C_SignRecoverInit),
+    C_SignRecover: Some(C_SignRecover),
+    C_VerifyInit: Some(C_VerifyInit),
+    C_Verify: Some(C_Verify),
+    C_VerifyUpdate: Some(C_VerifyUpdate),
+    C_VerifyFinal: Some(C_VerifyFinal),
+    C_VerifyRecoverInit: Some(C_VerifyRecoverInit),
+    C_VerifyRecover: Some(C_VerifyRecover),
+    C_DigestEncryptUpdate: Some(C_DigestEncryptUpdate),
+    C_DecryptDigestUpdate: Some(C_DecryptDigestUpdate),
+    C_SignEncryptUpdate: Some(C_SignEncryptUpdate),
+    C_DecryptVerifyUpdate: Some(C_DecryptVerifyUpdate),
+    C_GenerateKey: Some(C_GenerateKey),
+    C_GenerateKeyPair: Some(C_GenerateKeyPair),
+    C_WrapKey: Some(C_WrapKey),
+    C_UnwrapKey: Some(C_UnwrapKey),
+    C_DeriveKey: Some(C_DeriveKey),
+    C_SeedRandom: Some(C_SeedRandom),
+    C_GenerateRandom: Some(C_GenerateRandom),
+    C_GetFunctionStatus: Some(C_GetFunctionStatus),
+    C_CancelFunction: Some(C_CancelFunction),
+    C_WaitForSlotEvent: Some(C_WaitForSlotEvent),
+};
+
+/// # Safety
+///
+/// This is the only function this module exposes. NSS calls it to obtain the list of functions
+/// comprising this module.
+/// ppFunctionList must be a valid pointer.
+#[no_mangle]
+pub unsafe extern "C" fn C_GetFunctionList(ppFunctionList: CK_FUNCTION_LIST_PTR_PTR) -> CK_RV {
+    if ppFunctionList.is_null() {
+        return CKR_ARGUMENTS_BAD;
+    }
+    *ppFunctionList = &mut FUNCTION_LIST;
+    CKR_OK
+}
+
+#[cfg_attr(target_os = "macos", link(name = "Security", kind = "framework"))]
+extern "C" {}
diff --git a/security/manager/ssl/osclientcerts/test/certificate.bin b/security/manager/ssl/osclientcerts/test/certificate.bin
new file mode 100644
index 0000000000..01fbafb15c
Binary files /dev/null and b/security/manager/ssl/osclientcerts/test/certificate.bin differ
diff --git a/security/manager/ssl/osclientcerts/test/modulus.bin b/security/manager/ssl/osclientcerts/test/modulus.bin
new file mode 100644
index 0000000000..a9b09ff53e
--- /dev/null
+++ b/security/manager/ssl/osclientcerts/test/modulus.bin
@@ -0,0 +1,2 @@
+ºˆQ¨DŽÖAýn¶ˆ6=<Ùêä5J´ìõhWl${ÁÇ%¨àؽ±œ›n†òkâ¯Zukjdqz¥Z§E‡÷Õ$œ~ÍCüiÐ8 )“« ÃIäÛ¹LÂklí‚ñ~­i±Ó:‹*Aî§pà
�ýf+°$’¤}¹ˆay�±W�=Ò;Åà¸H¨7ÓˆCï'ØU·fZª~�/:{€$Ìl—­–a[·â–Àu1£‘Ý´Ê÷ü­%Ó	﹧há³{/"oiã´Š•aî&Ö%�«‘N6Ë$,¿‹/åñ�™1¸³þI#úrQÄ1Õ¬Ú
+5í�
\ No newline at end of file
diff --git a/security/manager/ssl/osclientcerts/test/rsa.bin b/security/manager/ssl/osclientcerts/test/rsa.bin
new file mode 100644
index 0000000000..93ededb827
Binary files /dev/null and b/security/manager/ssl/osclientcerts/test/rsa.bin differ
diff --git a/security/manager/ssl/rsclientcerts/Cargo.toml b/security/manager/ssl/rsclientcerts/Cargo.toml
new file mode 100644
index 0000000000..14a35918b8
--- /dev/null
+++ b/security/manager/ssl/rsclientcerts/Cargo.toml
@@ -0,0 +1,10 @@
+[package]
+name = "rsclientcerts"
+version = "0.1.0"
+authors = ["Dana Keeler <dkeeler@mozilla.com>"]
+edition = "2018"
+license = "MPL-2.0"
+
+[dependencies]
+byteorder = "1.3"
+pkcs11-bindings = "0.1"
diff --git a/security/manager/ssl/rsclientcerts/src/error.rs b/security/manager/ssl/rsclientcerts/src/error.rs
new file mode 100644
index 0000000000..6ef9062d32
--- /dev/null
+++ b/security/manager/ssl/rsclientcerts/src/error.rs
@@ -0,0 +1,103 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use std::fmt;
+
+/// Helper macro to create an Error that knows which file and line it occurred
+/// on. Can optionally have some extra information as a String.
+#[macro_export]
+macro_rules! error_here {
+    ($error_type:expr) => {
+        Error::new($error_type, file!(), line!(), None)
+    };
+    ($error_type:expr, $info:expr) => {
+        Error::new($error_type, file!(), line!(), Some($info))
+    };
+}
+
+/// Error type for identifying errors in this crate. Use the error_here! macro
+/// to instantiate.
+#[derive(Debug)]
+pub struct Error {
+    typ: ErrorType,
+    file: &'static str,
+    line: u32,
+    info: Option<String>,
+}
+
+impl Error {
+    pub fn new(typ: ErrorType, file: &'static str, line: u32, info: Option<String>) -> Error {
+        Error {
+            typ,
+            file,
+            line,
+            info,
+        }
+    }
+}
+
+impl fmt::Display for Error {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        if let Some(info) = &self.info {
+            write!(f, "{} at {}:{} ({})", self.typ, self.file, self.line, info)
+        } else {
+            write!(f, "{} at {}:{}", self.typ, self.file, self.line)
+        }
+    }
+}
+
+impl Clone for Error {
+    fn clone(&self) -> Self {
+        Error {
+            typ: self.typ,
+            file: self.file,
+            line: self.line,
+            info: self.info.as_ref().cloned(),
+        }
+    }
+
+    fn clone_from(&mut self, source: &Self) {
+        self.typ = source.typ;
+        self.file = source.file;
+        self.line = source.line;
+        self.info = source.info.as_ref().cloned();
+    }
+}
+
+#[derive(Copy, Clone, Debug)]
+pub enum ErrorType {
+    /// An error in an external library or resource.
+    ExternalError,
+    /// Unexpected extra input (e.g. in an ASN.1 encoding).
+    ExtraInput,
+    /// Invalid argument.
+    InvalidArgument,
+    /// Invalid data input.
+    InvalidInput,
+    /// An internal library failure (e.g. an expected invariant failed).
+    LibraryFailure,
+    /// Truncated input (e.g. in an ASN.1 encoding).
+    TruncatedInput,
+    /// Unsupported input.
+    UnsupportedInput,
+    /// A given value could not be represented in the type used for it.
+    ValueTooLarge,
+}
+
+impl fmt::Display for ErrorType {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        let error_type_str = match self {
+            ErrorType::ExternalError => "ExternalError",
+            ErrorType::ExtraInput => "ExtraInput",
+            ErrorType::InvalidArgument => "InvalidArgument",
+            ErrorType::InvalidInput => "InvalidInput",
+            ErrorType::LibraryFailure => "LibraryFailure",
+            ErrorType::TruncatedInput => "TruncatedInput",
+            ErrorType::UnsupportedInput => "UnsupportedInput",
+            ErrorType::ValueTooLarge => "ValueTooLarge",
+        };
+        write!(f, "{}", error_type_str)
+    }
+}
diff --git a/security/manager/ssl/rsclientcerts/src/lib.rs b/security/manager/ssl/rsclientcerts/src/lib.rs
new file mode 100644
index 0000000000..01fa31e204
--- /dev/null
+++ b/security/manager/ssl/rsclientcerts/src/lib.rs
@@ -0,0 +1,11 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+extern crate byteorder;
+extern crate pkcs11_bindings;
+
+pub mod error;
+pub mod manager;
+pub mod util;
diff --git a/security/manager/ssl/rsclientcerts/src/manager.rs b/security/manager/ssl/rsclientcerts/src/manager.rs
new file mode 100644
index 0000000000..507bed3a83
--- /dev/null
+++ b/security/manager/ssl/rsclientcerts/src/manager.rs
@@ -0,0 +1,671 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use pkcs11_bindings::*;
+use std::collections::{BTreeMap, BTreeSet};
+use std::sync::mpsc::{channel, Receiver, Sender};
+use std::thread;
+use std::thread::JoinHandle;
+use std::time::{Duration, Instant};
+
+use crate::error::{Error, ErrorType};
+use crate::error_here;
+use crate::util::*;
+
+/// Helper enum to differentiate between sessions on the modern slot and sessions on the legacy
+/// slot. The former is for EC keys and RSA keys that can be used with RSA-PSS whereas the latter is
+/// for RSA keys that cannot be used with RSA-PSS.
+#[derive(Clone, Copy, PartialEq)]
+pub enum SlotType {
+    Modern,
+    Legacy,
+}
+
+pub trait CryptokiObject {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool;
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]>;
+}
+
+pub trait Sign {
+    fn get_signature_length(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<usize, Error>;
+    fn sign(
+        &mut self,
+        data: &[u8],
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<Vec<u8>, Error>;
+}
+
+pub trait ClientCertsBackend {
+    type Cert: CryptokiObject;
+    type Key: CryptokiObject + Sign;
+
+    #[allow(clippy::type_complexity)]
+    fn find_objects(&self) -> Result<(Vec<Self::Cert>, Vec<Self::Key>), Error>;
+}
+
+/// Helper type for sending `ManagerArguments` to the real `Manager`.
+type ManagerArgumentsSender = Sender<ManagerArguments>;
+/// Helper type for receiving `ManagerReturnValue`s from the real `Manager`.
+type ManagerReturnValueReceiver = Receiver<ManagerReturnValue>;
+
+/// Helper enum that encapsulates arguments to send from the `ManagerProxy` to the real `Manager`.
+/// `ManagerArguments::Stop` is a special variant that stops the background thread and drops the
+/// `Manager`.
+enum ManagerArguments {
+    OpenSession(SlotType),
+    CloseSession(CK_SESSION_HANDLE),
+    CloseAllSessions(SlotType),
+    StartSearch(CK_SESSION_HANDLE, Vec<(CK_ATTRIBUTE_TYPE, Vec<u8>)>),
+    Search(CK_SESSION_HANDLE, usize),
+    ClearSearch(CK_SESSION_HANDLE),
+    GetAttributes(CK_OBJECT_HANDLE, Vec<CK_ATTRIBUTE_TYPE>),
+    StartSign(
+        CK_SESSION_HANDLE,
+        CK_OBJECT_HANDLE,
+        Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ),
+    GetSignatureLength(CK_SESSION_HANDLE, Vec<u8>),
+    Sign(CK_SESSION_HANDLE, Vec<u8>),
+    Stop,
+}
+
+/// Helper enum that encapsulates return values from the real `Manager` that are sent back to the
+/// `ManagerProxy`. `ManagerReturnValue::Stop` is a special variant that indicates that the
+/// `Manager` will stop.
+enum ManagerReturnValue {
+    OpenSession(Result<CK_SESSION_HANDLE, Error>),
+    CloseSession(Result<(), Error>),
+    CloseAllSessions(Result<(), Error>),
+    StartSearch(Result<(), Error>),
+    Search(Result<Vec<CK_OBJECT_HANDLE>, Error>),
+    ClearSearch(Result<(), Error>),
+    GetAttributes(Result<Vec<Option<Vec<u8>>>, Error>),
+    StartSign(Result<(), Error>),
+    GetSignatureLength(Result<usize, Error>),
+    Sign(Result<Vec<u8>, Error>),
+    Stop(Result<(), Error>),
+}
+
+/// Helper macro to implement the body of each public `ManagerProxy` function. Takes a
+/// `ManagerProxy` instance (should always be `self`), a `ManagerArguments` representing the
+/// `Manager` function to call and the arguments to use, and the qualified type of the expected
+/// `ManagerReturnValue` that will be received from the `Manager` when it is done.
+macro_rules! manager_proxy_fn_impl {
+    ($manager:ident, $argument_enum:expr, $return_type:path) => {
+        match $manager.proxy_call($argument_enum) {
+            Ok($return_type(result)) => result,
+            Ok(_) => Err(error_here!(ErrorType::LibraryFailure)),
+            Err(e) => Err(e),
+        }
+    };
+}
+
+/// `ManagerProxy` synchronously proxies calls from any thread to the `Manager` that runs on a
+/// single thread. This is necessary because the underlying OS APIs in use are not guaranteed to be
+/// thread-safe (e.g. they may use thread-local storage). Using it should be identical to using the
+/// real `Manager`.
+pub struct ManagerProxy {
+    sender: ManagerArgumentsSender,
+    receiver: ManagerReturnValueReceiver,
+    thread_handle: Option<JoinHandle<()>>,
+}
+
+impl ManagerProxy {
+    pub fn new<B: ClientCertsBackend + Send + 'static>(backend: B) -> Result<ManagerProxy, Error> {
+        let (proxy_sender, manager_receiver) = channel();
+        let (manager_sender, proxy_receiver) = channel();
+        let thread_handle = thread::Builder::new()
+            .name("osclientcert".into())
+            .spawn(move || {
+                let mut real_manager = Manager::new(backend);
+                while let Ok(arguments) = manager_receiver.recv() {
+                    let results = match arguments {
+                        ManagerArguments::OpenSession(slot_type) => {
+                            ManagerReturnValue::OpenSession(real_manager.open_session(slot_type))
+                        }
+                        ManagerArguments::CloseSession(session_handle) => {
+                            ManagerReturnValue::CloseSession(
+                                real_manager.close_session(session_handle),
+                            )
+                        }
+                        ManagerArguments::CloseAllSessions(slot_type) => {
+                            ManagerReturnValue::CloseAllSessions(
+                                real_manager.close_all_sessions(slot_type),
+                            )
+                        }
+                        ManagerArguments::StartSearch(session, attrs) => {
+                            ManagerReturnValue::StartSearch(
+                                real_manager.start_search(session, attrs),
+                            )
+                        }
+                        ManagerArguments::Search(session, max_objects) => {
+                            ManagerReturnValue::Search(real_manager.search(session, max_objects))
+                        }
+                        ManagerArguments::ClearSearch(session) => {
+                            ManagerReturnValue::ClearSearch(real_manager.clear_search(session))
+                        }
+                        ManagerArguments::GetAttributes(object_handle, attr_types) => {
+                            ManagerReturnValue::GetAttributes(
+                                real_manager.get_attributes(object_handle, attr_types),
+                            )
+                        }
+                        ManagerArguments::StartSign(session, key_handle, params) => {
+                            ManagerReturnValue::StartSign(
+                                real_manager.start_sign(session, key_handle, params),
+                            )
+                        }
+                        ManagerArguments::GetSignatureLength(session, data) => {
+                            ManagerReturnValue::GetSignatureLength(
+                                real_manager.get_signature_length(session, data),
+                            )
+                        }
+                        ManagerArguments::Sign(session, data) => {
+                            ManagerReturnValue::Sign(real_manager.sign(session, data))
+                        }
+                        ManagerArguments::Stop => ManagerReturnValue::Stop(Ok(())),
+                    };
+                    let stop_after_send = matches!(&results, &ManagerReturnValue::Stop(_));
+                    match manager_sender.send(results) {
+                        Ok(()) => {}
+                        Err(_) => {
+                            break;
+                        }
+                    }
+                    if stop_after_send {
+                        break;
+                    }
+                }
+            });
+        match thread_handle {
+            Ok(thread_handle) => Ok(ManagerProxy {
+                sender: proxy_sender,
+                receiver: proxy_receiver,
+                thread_handle: Some(thread_handle),
+            }),
+            Err(_) => Err(error_here!(ErrorType::LibraryFailure)),
+        }
+    }
+
+    fn proxy_call(&self, args: ManagerArguments) -> Result<ManagerReturnValue, Error> {
+        match self.sender.send(args) {
+            Ok(()) => {}
+            Err(_) => {
+                return Err(error_here!(ErrorType::LibraryFailure));
+            }
+        };
+        let result = match self.receiver.recv() {
+            Ok(result) => result,
+            Err(_) => {
+                return Err(error_here!(ErrorType::LibraryFailure));
+            }
+        };
+        Ok(result)
+    }
+
+    pub fn open_session(&mut self, slot_type: SlotType) -> Result<CK_SESSION_HANDLE, Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::OpenSession(slot_type),
+            ManagerReturnValue::OpenSession
+        )
+    }
+
+    pub fn close_session(&mut self, session: CK_SESSION_HANDLE) -> Result<(), Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::CloseSession(session),
+            ManagerReturnValue::CloseSession
+        )
+    }
+
+    pub fn close_all_sessions(&mut self, slot_type: SlotType) -> Result<(), Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::CloseAllSessions(slot_type),
+            ManagerReturnValue::CloseAllSessions
+        )
+    }
+
+    pub fn start_search(
+        &mut self,
+        session: CK_SESSION_HANDLE,
+        attrs: Vec<(CK_ATTRIBUTE_TYPE, Vec<u8>)>,
+    ) -> Result<(), Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::StartSearch(session, attrs),
+            ManagerReturnValue::StartSearch
+        )
+    }
+
+    pub fn search(
+        &mut self,
+        session: CK_SESSION_HANDLE,
+        max_objects: usize,
+    ) -> Result<Vec<CK_OBJECT_HANDLE>, Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::Search(session, max_objects),
+            ManagerReturnValue::Search
+        )
+    }
+
+    pub fn clear_search(&mut self, session: CK_SESSION_HANDLE) -> Result<(), Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::ClearSearch(session),
+            ManagerReturnValue::ClearSearch
+        )
+    }
+
+    pub fn get_attributes(
+        &self,
+        object_handle: CK_OBJECT_HANDLE,
+        attr_types: Vec<CK_ATTRIBUTE_TYPE>,
+    ) -> Result<Vec<Option<Vec<u8>>>, Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::GetAttributes(object_handle, attr_types,),
+            ManagerReturnValue::GetAttributes
+        )
+    }
+
+    pub fn start_sign(
+        &mut self,
+        session: CK_SESSION_HANDLE,
+        key_handle: CK_OBJECT_HANDLE,
+        params: Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<(), Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::StartSign(session, key_handle, params),
+            ManagerReturnValue::StartSign
+        )
+    }
+
+    pub fn get_signature_length(
+        &self,
+        session: CK_SESSION_HANDLE,
+        data: Vec<u8>,
+    ) -> Result<usize, Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::GetSignatureLength(session, data),
+            ManagerReturnValue::GetSignatureLength
+        )
+    }
+
+    pub fn sign(&mut self, session: CK_SESSION_HANDLE, data: Vec<u8>) -> Result<Vec<u8>, Error> {
+        manager_proxy_fn_impl!(
+            self,
+            ManagerArguments::Sign(session, data),
+            ManagerReturnValue::Sign
+        )
+    }
+
+    pub fn stop(&mut self) -> Result<(), Error> {
+        manager_proxy_fn_impl!(self, ManagerArguments::Stop, ManagerReturnValue::Stop)?;
+        let thread_handle = match self.thread_handle.take() {
+            Some(thread_handle) => thread_handle,
+            None => return Err(error_here!(ErrorType::LibraryFailure)),
+        };
+        thread_handle
+            .join()
+            .map_err(|_| error_here!(ErrorType::LibraryFailure))
+    }
+}
+
+// Determines if the attributes of a given search correspond to NSS looking for all certificates or
+// private keys. Returns true if so, and false otherwise.
+// These searches are of the form:
+//   { { type: CKA_TOKEN, value: [1] },
+//     { type: CKA_CLASS, value: [CKO_CERTIFICATE or CKO_PRIVATE_KEY, as serialized bytes] } }
+// (although not necessarily in that order - see nssToken_TraverseCertificates and
+// nssToken_FindPrivateKeys)
+fn search_is_for_all_certificates_or_keys(
+    attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)],
+) -> Result<bool, Error> {
+    if attrs.len() != 2 {
+        return Ok(false);
+    }
+    let token_bytes = vec![1_u8];
+    let mut found_token = false;
+    let cko_certificate_bytes = serialize_uint(CKO_CERTIFICATE)?;
+    let cko_private_key_bytes = serialize_uint(CKO_PRIVATE_KEY)?;
+    let mut found_certificate_or_private_key = false;
+    for (attr_type, attr_value) in attrs.iter() {
+        if attr_type == &CKA_TOKEN && attr_value == &token_bytes {
+            found_token = true;
+        }
+        if attr_type == &CKA_CLASS
+            && (attr_value == &cko_certificate_bytes || attr_value == &cko_private_key_bytes)
+        {
+            found_certificate_or_private_key = true;
+        }
+    }
+    Ok(found_token && found_certificate_or_private_key)
+}
+
+const SUPPORTED_ATTRIBUTES: &[CK_ATTRIBUTE_TYPE] = &[
+    CKA_CLASS,
+    CKA_TOKEN,
+    CKA_LABEL,
+    CKA_ID,
+    CKA_VALUE,
+    CKA_ISSUER,
+    CKA_SERIAL_NUMBER,
+    CKA_SUBJECT,
+    CKA_PRIVATE,
+    CKA_KEY_TYPE,
+    CKA_MODULUS,
+    CKA_EC_PARAMS,
+];
+
+enum Object<B: ClientCertsBackend> {
+    Cert(B::Cert),
+    Key(B::Key),
+}
+
+impl<B: ClientCertsBackend> Object<B> {
+    fn matches(&self, slot_type: SlotType, attrs: &[(CK_ATTRIBUTE_TYPE, Vec<u8>)]) -> bool {
+        match self {
+            Object::Cert(cert) => cert.matches(slot_type, attrs),
+            Object::Key(key) => key.matches(slot_type, attrs),
+        }
+    }
+
+    fn get_attribute(&self, attribute: CK_ATTRIBUTE_TYPE) -> Option<&[u8]> {
+        match self {
+            Object::Cert(cert) => cert.get_attribute(attribute),
+            Object::Key(key) => key.get_attribute(attribute),
+        }
+    }
+
+    fn id(&self) -> Result<&[u8], Error> {
+        self.get_attribute(CKA_ID)
+            .ok_or_else(|| error_here!(ErrorType::LibraryFailure))
+    }
+
+    fn get_signature_length(
+        &mut self,
+        data: Vec<u8>,
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<usize, Error> {
+        match self {
+            Object::Cert(_) => Err(error_here!(ErrorType::InvalidArgument)),
+            Object::Key(key) => key.get_signature_length(&data, params),
+        }
+    }
+
+    fn sign(
+        &mut self,
+        data: Vec<u8>,
+        params: &Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<Vec<u8>, Error> {
+        match self {
+            Object::Cert(_) => Err(error_here!(ErrorType::InvalidArgument)),
+            Object::Key(key) => key.sign(&data, params),
+        }
+    }
+}
+
+/// The `Manager` keeps track of the state of this module with respect to the PKCS #11
+/// specification. This includes what sessions are open, which search and sign operations are
+/// ongoing, and what objects are known and by what handle.
+pub struct Manager<B: ClientCertsBackend> {
+    /// A map of session to session type (modern or legacy). Sessions can be created (opened) and
+    /// later closed.
+    sessions: BTreeMap<CK_SESSION_HANDLE, SlotType>,
+    /// A map of searches to PKCS #11 object handles that match those searches.
+    searches: BTreeMap<CK_SESSION_HANDLE, Vec<CK_OBJECT_HANDLE>>,
+    /// A map of sign operations to a pair of the object handle and optionally some params being
+    /// used by each one.
+    signs: BTreeMap<CK_SESSION_HANDLE, (CK_OBJECT_HANDLE, Option<CK_RSA_PKCS_PSS_PARAMS>)>,
+    /// A map of object handles to the underlying objects.
+    objects: BTreeMap<CK_OBJECT_HANDLE, Object<B>>,
+    /// A set of certificate identifiers (not the same as handles).
+    cert_ids: BTreeSet<Vec<u8>>,
+    /// A set of key identifiers (not the same as handles). For each id in this set, there should be
+    /// a corresponding identical id in the `cert_ids` set.
+    key_ids: BTreeSet<Vec<u8>>,
+    /// The next session handle to hand out.
+    next_session: CK_SESSION_HANDLE,
+    /// The next object handle to hand out.
+    next_handle: CK_OBJECT_HANDLE,
+    /// The last time the implementation looked for new objects in the backend.
+    /// The implementation does this search no more than once every 3 seconds.
+    last_scan_time: Option<Instant>,
+    backend: B,
+}
+
+impl<B: ClientCertsBackend> Manager<B> {
+    pub fn new(backend: B) -> Manager<B> {
+        Manager {
+            sessions: BTreeMap::new(),
+            searches: BTreeMap::new(),
+            signs: BTreeMap::new(),
+            objects: BTreeMap::new(),
+            cert_ids: BTreeSet::new(),
+            key_ids: BTreeSet::new(),
+            next_session: 1,
+            next_handle: 1,
+            last_scan_time: None,
+            backend,
+        }
+    }
+
+    /// When a new search session is opened (provided at least 3 seconds have elapsed since the
+    /// last session was opened), this searches for certificates and keys to expose. We
+    /// de-duplicate previously-found certificates and keys by keeping track of their IDs.
+    fn maybe_find_new_objects(&mut self) -> Result<(), Error> {
+        let now = Instant::now();
+        match self.last_scan_time {
+            Some(last_scan_time) => {
+                if now.duration_since(last_scan_time) < Duration::new(3, 0) {
+                    return Ok(());
+                }
+            }
+            None => {}
+        }
+        self.last_scan_time = Some(now);
+        let (certs, keys) = self.backend.find_objects()?;
+        for cert in certs {
+            let object = Object::Cert(cert);
+            if self.cert_ids.contains(object.id()?) {
+                continue;
+            }
+            self.cert_ids.insert(object.id()?.to_vec());
+            let handle = self.get_next_handle();
+            self.objects.insert(handle, object);
+        }
+        for key in keys {
+            let object = Object::Key(key);
+            if self.key_ids.contains(object.id()?) {
+                continue;
+            }
+            self.key_ids.insert(object.id()?.to_vec());
+            let handle = self.get_next_handle();
+            self.objects.insert(handle, object);
+        }
+        Ok(())
+    }
+
+    pub fn open_session(&mut self, slot_type: SlotType) -> Result<CK_SESSION_HANDLE, Error> {
+        let next_session = self.next_session;
+        self.next_session += 1;
+        self.sessions.insert(next_session, slot_type);
+        Ok(next_session)
+    }
+
+    pub fn close_session(&mut self, session: CK_SESSION_HANDLE) -> Result<(), Error> {
+        self.sessions
+            .remove(&session)
+            .ok_or_else(|| error_here!(ErrorType::InvalidInput))
+            .map(|_| ())
+    }
+
+    pub fn close_all_sessions(&mut self, slot_type: SlotType) -> Result<(), Error> {
+        let mut to_remove = Vec::new();
+        for (session, open_slot_type) in self.sessions.iter() {
+            if slot_type == *open_slot_type {
+                to_remove.push(*session);
+            }
+        }
+        for session in to_remove {
+            if self.sessions.remove(&session).is_none() {
+                return Err(error_here!(ErrorType::LibraryFailure));
+            }
+        }
+        Ok(())
+    }
+
+    fn get_next_handle(&mut self) -> CK_OBJECT_HANDLE {
+        let next_handle = self.next_handle;
+        self.next_handle += 1;
+        next_handle
+    }
+
+    /// PKCS #11 specifies that search operations happen in three phases: setup, get any matches
+    /// (this part may be repeated if the caller uses a small buffer), and end. This implementation
+    /// does all of the work up front and gathers all matching objects during setup and retains them
+    /// until they are retrieved and consumed via `search`.
+    pub fn start_search(
+        &mut self,
+        session: CK_SESSION_HANDLE,
+        attrs: Vec<(CK_ATTRIBUTE_TYPE, Vec<u8>)>,
+    ) -> Result<(), Error> {
+        let slot_type = match self.sessions.get(&session) {
+            Some(slot_type) => *slot_type,
+            None => return Err(error_here!(ErrorType::InvalidArgument)),
+        };
+        // If the search is for an attribute we don't support, no objects will match. This check
+        // saves us having to look through all of our objects.
+        for (attr, _) in &attrs {
+            if !SUPPORTED_ATTRIBUTES.contains(attr) {
+                self.searches.insert(session, Vec::new());
+                return Ok(());
+            }
+        }
+        // When NSS wants to find all certificates or all private keys, it will perform a search
+        // with a particular set of attributes. This implementation uses these searches as an
+        // indication for the backend to re-scan for new objects from tokens that may have been
+        // inserted or certificates that may have been imported into the OS. Since these searches
+        // are relatively rare, this minimizes the impact of doing these re-scans.
+        if search_is_for_all_certificates_or_keys(&attrs)? {
+            self.maybe_find_new_objects()?;
+        }
+        let mut handles = Vec::new();
+        for (handle, object) in &self.objects {
+            if object.matches(slot_type, &attrs) {
+                handles.push(*handle);
+            }
+        }
+        self.searches.insert(session, handles);
+        Ok(())
+    }
+
+    /// Given a session and a maximum number of object handles to return, attempts to retrieve up to
+    /// that many objects from the corresponding search. Updates the search so those objects are not
+    /// returned repeatedly. `max_objects` must be non-zero.
+    pub fn search(
+        &mut self,
+        session: CK_SESSION_HANDLE,
+        max_objects: usize,
+    ) -> Result<Vec<CK_OBJECT_HANDLE>, Error> {
+        if max_objects == 0 {
+            return Err(error_here!(ErrorType::InvalidArgument));
+        }
+        match self.searches.get_mut(&session) {
+            Some(search) => {
+                let split_at = if max_objects >= search.len() {
+                    0
+                } else {
+                    search.len() - max_objects
+                };
+                let to_return = search.split_off(split_at);
+                if to_return.len() > max_objects {
+                    return Err(error_here!(ErrorType::LibraryFailure));
+                }
+                Ok(to_return)
+            }
+            None => Err(error_here!(ErrorType::InvalidArgument)),
+        }
+    }
+
+    pub fn clear_search(&mut self, session: CK_SESSION_HANDLE) -> Result<(), Error> {
+        self.searches.remove(&session);
+        Ok(())
+    }
+
+    pub fn get_attributes(
+        &self,
+        object_handle: CK_OBJECT_HANDLE,
+        attr_types: Vec<CK_ATTRIBUTE_TYPE>,
+    ) -> Result<Vec<Option<Vec<u8>>>, Error> {
+        let object = match self.objects.get(&object_handle) {
+            Some(object) => object,
+            None => return Err(error_here!(ErrorType::InvalidArgument)),
+        };
+        let mut results = Vec::with_capacity(attr_types.len());
+        for attr_type in attr_types {
+            let result = object
+                .get_attribute(attr_type)
+                .map(|value| value.to_owned());
+            results.push(result);
+        }
+        Ok(results)
+    }
+
+    /// The way NSS uses PKCS #11 to sign data happens in two phases: setup and sign. This
+    /// implementation makes a note of which key is to be used (if it exists) during setup. When the
+    /// caller finishes with the sign operation, this implementation retrieves the key handle and
+    /// performs the signature.
+    pub fn start_sign(
+        &mut self,
+        session: CK_SESSION_HANDLE,
+        key_handle: CK_OBJECT_HANDLE,
+        params: Option<CK_RSA_PKCS_PSS_PARAMS>,
+    ) -> Result<(), Error> {
+        if self.signs.contains_key(&session) {
+            return Err(error_here!(ErrorType::InvalidArgument));
+        }
+        self.signs.insert(session, (key_handle, params));
+        Ok(())
+    }
+
+    pub fn get_signature_length(
+        &mut self,
+        session: CK_SESSION_HANDLE,
+        data: Vec<u8>,
+    ) -> Result<usize, Error> {
+        let (key_handle, params) = match self.signs.get(&session) {
+            Some((key_handle, params)) => (key_handle, params),
+            None => return Err(error_here!(ErrorType::InvalidArgument)),
+        };
+        let key = match self.objects.get_mut(key_handle) {
+            Some(key) => key,
+            None => return Err(error_here!(ErrorType::InvalidArgument)),
+        };
+        key.get_signature_length(data, params)
+    }
+
+    pub fn sign(&mut self, session: CK_SESSION_HANDLE, data: Vec<u8>) -> Result<Vec<u8>, Error> {
+        // Performing the signature (via C_Sign, which is the only way we support) finishes the sign
+        // operation, so it needs to be removed here.
+        let (key_handle, params) = match self.signs.remove(&session) {
+            Some((key_handle, params)) => (key_handle, params),
+            None => return Err(error_here!(ErrorType::InvalidArgument)),
+        };
+        let key = match self.objects.get_mut(&key_handle) {
+            Some(key) => key,
+            None => return Err(error_here!(ErrorType::InvalidArgument)),
+        };
+        key.sign(data, &params)
+    }
+}
diff --git a/security/manager/ssl/rsclientcerts/src/util.rs b/security/manager/ssl/rsclientcerts/src/util.rs
new file mode 100644
index 0000000000..d0011a0a2e
--- /dev/null
+++ b/security/manager/ssl/rsclientcerts/src/util.rs
@@ -0,0 +1,540 @@
+/* -*- Mode: rust; rust-indent-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use byteorder::{BigEndian, NativeEndian, ReadBytesExt, WriteBytesExt};
+use std::convert::TryInto;
+
+use crate::error::{Error, ErrorType};
+use crate::error_here;
+
+/// Accessing fields of packed structs is unsafe (it may be undefined behavior if the field isn't
+/// aligned). Since we're implementing a PKCS#11 module, we already have to trust the caller not to
+/// give us bad data, so normally we would deal with this by adding an unsafe block. If we do that,
+/// though, the compiler complains that the unsafe block is unnecessary. Thus, we use this macro to
+/// annotate the unsafe block to silence the compiler.
+#[macro_export]
+macro_rules! unsafe_packed_field_access {
+    ($e:expr) => {{
+        #[allow(unused_unsafe)]
+        let tmp = unsafe { $e };
+        tmp
+    }};
+}
+
+// The following ENCODED_OID_BYTES_* consist of the encoded bytes of an ASN.1
+// OBJECT IDENTIFIER specifying the indicated OID (in other words, the full
+// tag, length, and value).
+#[cfg(target_os = "macos")]
+pub const ENCODED_OID_BYTES_SECP256R1: &[u8] =
+    &[0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07];
+#[cfg(target_os = "macos")]
+pub const ENCODED_OID_BYTES_SECP384R1: &[u8] = &[0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22];
+#[cfg(target_os = "macos")]
+pub const ENCODED_OID_BYTES_SECP521R1: &[u8] = &[0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23];
+
+// The following OID_BYTES_* consist of the contents of the bytes of an ASN.1
+// OBJECT IDENTIFIER specifying the indicated OID (in other words, just the
+// value, and not the tag or length).
+#[cfg(target_os = "macos")]
+pub const OID_BYTES_SHA_256: &[u8] = &[0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01];
+#[cfg(target_os = "macos")]
+pub const OID_BYTES_SHA_384: &[u8] = &[0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02];
+#[cfg(target_os = "macos")]
+pub const OID_BYTES_SHA_512: &[u8] = &[0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03];
+#[cfg(target_os = "macos")]
+pub const OID_BYTES_SHA_1: &[u8] = &[0x2b, 0x0e, 0x03, 0x02, 0x1a];
+
+// This is a helper function to take a value and lay it out in memory how
+// PKCS#11 is expecting it.
+pub fn serialize_uint<T: TryInto<u64>>(value: T) -> Result<Vec<u8>, Error> {
+    let value_size = std::mem::size_of::<T>();
+    let mut value_buf = Vec::with_capacity(value_size);
+    let value_as_u64 = value
+        .try_into()
+        .map_err(|_| error_here!(ErrorType::ValueTooLarge))?;
+    value_buf
+        .write_uint::<NativeEndian>(value_as_u64, value_size)
+        .map_err(|_| error_here!(ErrorType::LibraryFailure))?;
+    Ok(value_buf)
+}
+
+/// Given a slice of DER bytes representing an RSA public key, extracts the bytes of the modulus
+/// as an unsigned integer. Also verifies that the public exponent is present (again as an
+/// unsigned integer). Finally verifies that reading these values consumes the entirety of the
+/// slice.
+/// RSAPublicKey ::= SEQUENCE {
+///     modulus           INTEGER,  -- n
+///     publicExponent    INTEGER   -- e
+/// }
+pub fn read_rsa_modulus(public_key: &[u8]) -> Result<Vec<u8>, Error> {
+    let mut sequence = Sequence::new(public_key)?;
+    let modulus_value = sequence.read_unsigned_integer()?;
+    let _exponent = sequence.read_unsigned_integer()?;
+    if !sequence.at_end() {
+        return Err(error_here!(ErrorType::ExtraInput));
+    }
+    Ok(modulus_value.to_vec())
+}
+
+/// Given a slice of DER bytes representing a DigestInfo, extracts the bytes of
+/// the OID of the hash algorithm and the digest.
+/// DigestInfo ::= SEQUENCE {
+///   digestAlgorithm DigestAlgorithmIdentifier,
+///   digest Digest }
+///
+/// DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+///
+/// AlgorithmIdentifier  ::=  SEQUENCE  {
+///      algorithm               OBJECT IDENTIFIER,
+///      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+///
+/// Digest ::= OCTET STRING
+pub fn read_digest_info(digest_info: &[u8]) -> Result<(&[u8], &[u8]), Error> {
+    let mut sequence = Sequence::new(digest_info)?;
+    let mut algorithm = sequence.read_sequence()?;
+    let oid = algorithm.read_oid()?;
+    algorithm.read_null()?;
+    if !algorithm.at_end() {
+        return Err(error_here!(ErrorType::ExtraInput));
+    }
+    let digest = sequence.read_octet_string()?;
+    if !sequence.at_end() {
+        return Err(error_here!(ErrorType::ExtraInput));
+    }
+    Ok((oid, digest))
+}
+
+/// Given a slice of DER bytes representing an ECDSA signature, extracts the bytes of `r` and `s`
+/// as unsigned integers. Also verifies that this consumes the entirety of the slice.
+///   Ecdsa-Sig-Value  ::=  SEQUENCE  {
+///        r     INTEGER,
+///        s     INTEGER  }
+#[cfg(target_os = "macos")]
+pub fn read_ec_sig_point(signature: &[u8]) -> Result<(&[u8], &[u8]), Error> {
+    let mut sequence = Sequence::new(signature)?;
+    let r = sequence.read_unsigned_integer()?;
+    let s = sequence.read_unsigned_integer()?;
+    if !sequence.at_end() {
+        return Err(error_here!(ErrorType::ExtraInput));
+    }
+    Ok((r, s))
+}
+
+/// Given a slice of DER bytes representing an X.509 certificate, extracts the encoded serial
+/// number, issuer, and subject. Does not verify that the remainder of the certificate is in any
+/// way well-formed.
+///   Certificate  ::=  SEQUENCE  {
+///           tbsCertificate       TBSCertificate,
+///           signatureAlgorithm   AlgorithmIdentifier,
+///           signatureValue       BIT STRING  }
+///
+///   TBSCertificate  ::=  SEQUENCE  {
+///           version         [0]  EXPLICIT Version DEFAULT v1,
+///           serialNumber         CertificateSerialNumber,
+///           signature            AlgorithmIdentifier,
+///           issuer               Name,
+///           validity             Validity,
+///           subject              Name,
+///           ...
+///
+///   CertificateSerialNumber  ::=  INTEGER
+///
+///   Name ::= CHOICE { -- only one possibility for now --
+///     rdnSequence  RDNSequence }
+///
+///   RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+///
+///   Validity ::= SEQUENCE {
+///        notBefore      Time,
+///        notAfter       Time  }
+#[allow(clippy::type_complexity)]
+pub fn read_encoded_certificate_identifiers(
+    certificate: &[u8],
+) -> Result<(Vec<u8>, Vec<u8>, Vec<u8>), Error> {
+    let mut certificate_sequence = Sequence::new(certificate)?;
+    let mut tbs_certificate_sequence = certificate_sequence.read_sequence()?;
+    let _version = tbs_certificate_sequence.read_tagged_value(0)?;
+    let serial_number = tbs_certificate_sequence.read_encoded_sequence_component(INTEGER)?;
+    let _signature = tbs_certificate_sequence.read_sequence()?;
+    let issuer =
+        tbs_certificate_sequence.read_encoded_sequence_component(SEQUENCE | CONSTRUCTED)?;
+    let _validity = tbs_certificate_sequence.read_sequence()?;
+    let subject =
+        tbs_certificate_sequence.read_encoded_sequence_component(SEQUENCE | CONSTRUCTED)?;
+    Ok((serial_number, issuer, subject))
+}
+
+/// Helper macro for reading some bytes from a slice while checking the slice is long enough.
+/// Returns a pair consisting of a slice of the bytes read and a slice of the rest of the bytes
+/// from the original slice.
+macro_rules! try_read_bytes {
+    ($data:ident, $len:expr) => {{
+        if $data.len() < $len {
+            return Err(error_here!(ErrorType::TruncatedInput));
+        }
+        $data.split_at($len)
+    }};
+}
+
+/// ASN.1 tag identifying an integer.
+const INTEGER: u8 = 0x02;
+/// ASN.1 tag identifying an octet string.
+const OCTET_STRING: u8 = 0x04;
+/// ASN.1 tag identifying a null value.
+const NULL: u8 = 0x05;
+/// ASN.1 tag identifying an object identifier (OID).
+const OBJECT_IDENTIFIER: u8 = 0x06;
+/// ASN.1 tag identifying a sequence.
+const SEQUENCE: u8 = 0x10;
+/// ASN.1 tag modifier identifying an item as constructed.
+const CONSTRUCTED: u8 = 0x20;
+/// ASN.1 tag modifier identifying an item as context-specific.
+const CONTEXT_SPECIFIC: u8 = 0x80;
+
+/// A helper struct for reading items from a DER SEQUENCE (in this case, all sequences are
+/// assumed to be CONSTRUCTED).
+struct Sequence<'a> {
+    /// The contents of the SEQUENCE.
+    contents: Der<'a>,
+}
+
+impl<'a> Sequence<'a> {
+    fn new(input: &'a [u8]) -> Result<Sequence<'a>, Error> {
+        let mut der = Der::new(input);
+        let (_, _, sequence_bytes) = der.read_tlv(SEQUENCE | CONSTRUCTED)?;
+        // We're assuming we want to consume the entire input for now.
+        if !der.at_end() {
+            return Err(error_here!(ErrorType::ExtraInput));
+        }
+        Ok(Sequence {
+            contents: Der::new(sequence_bytes),
+        })
+    }
+
+    // TODO: we're not exhaustively validating this integer
+    fn read_unsigned_integer(&mut self) -> Result<&'a [u8], Error> {
+        let (_, _, bytes) = self.contents.read_tlv(INTEGER)?;
+        if bytes.is_empty() {
+            return Err(error_here!(ErrorType::InvalidInput));
+        }
+        // There may be a leading zero (we should also check that the first bit
+        // of the rest of the integer is set).
+        if bytes[0] == 0 && bytes.len() > 1 {
+            let (_, integer) = bytes.split_at(1);
+            Ok(integer)
+        } else {
+            Ok(bytes)
+        }
+    }
+
+    fn read_octet_string(&mut self) -> Result<&'a [u8], Error> {
+        let (_, _, bytes) = self.contents.read_tlv(OCTET_STRING)?;
+        Ok(bytes)
+    }
+
+    fn read_oid(&mut self) -> Result<&'a [u8], Error> {
+        let (_, _, bytes) = self.contents.read_tlv(OBJECT_IDENTIFIER)?;
+        Ok(bytes)
+    }
+
+    fn read_null(&mut self) -> Result<(), Error> {
+        let (_, _, bytes) = self.contents.read_tlv(NULL)?;
+        if bytes.is_empty() {
+            Ok(())
+        } else {
+            Err(error_here!(ErrorType::InvalidInput))
+        }
+    }
+
+    fn read_sequence(&mut self) -> Result<Sequence<'a>, Error> {
+        let (_, _, sequence_bytes) = self.contents.read_tlv(SEQUENCE | CONSTRUCTED)?;
+        Ok(Sequence {
+            contents: Der::new(sequence_bytes),
+        })
+    }
+
+    fn read_tagged_value(&mut self, tag: u8) -> Result<&'a [u8], Error> {
+        let (_, _, tagged_value_bytes) = self
+            .contents
+            .read_tlv(CONTEXT_SPECIFIC | CONSTRUCTED | tag)?;
+        Ok(tagged_value_bytes)
+    }
+
+    fn read_encoded_sequence_component(&mut self, tag: u8) -> Result<Vec<u8>, Error> {
+        let (tag, length, value) = self.contents.read_tlv(tag)?;
+        let mut encoded_component_bytes = length;
+        encoded_component_bytes.insert(0, tag);
+        encoded_component_bytes.extend_from_slice(value);
+        Ok(encoded_component_bytes)
+    }
+
+    fn at_end(&self) -> bool {
+        self.contents.at_end()
+    }
+}
+
+/// A helper struct for reading DER data. The contents are treated like a cursor, so its position
+/// is updated as data is read.
+struct Der<'a> {
+    contents: &'a [u8],
+}
+
+impl<'a> Der<'a> {
+    fn new(contents: &'a [u8]) -> Der<'a> {
+        Der { contents }
+    }
+
+    // In theory, a caller could encounter an error and try another operation, in which case we may
+    // be in an inconsistent state. As long as this implementation isn't exposed to code that would
+    // use it incorrectly (i.e. it stays in this module and we only expose a stateless API), it
+    // should be safe.
+    /// Given an expected tag, reads the next (tag, lengh, value) from the contents. Most
+    /// consumers will only be interested in the value, but some may want the entire encoded
+    /// contents, in which case the returned tuple can be concatenated.
+    fn read_tlv(&mut self, tag: u8) -> Result<(u8, Vec<u8>, &'a [u8]), Error> {
+        let contents = self.contents;
+        let (tag_read, rest) = try_read_bytes!(contents, 1);
+        if tag_read[0] != tag {
+            return Err(error_here!(ErrorType::InvalidInput));
+        }
+        let mut accumulated_length_bytes = Vec::with_capacity(4);
+        let (length1, rest) = try_read_bytes!(rest, 1);
+        accumulated_length_bytes.extend_from_slice(length1);
+        let (length, to_read_from) = if length1[0] < 0x80 {
+            (length1[0] as usize, rest)
+        } else if length1[0] == 0x81 {
+            let (length, rest) = try_read_bytes!(rest, 1);
+            accumulated_length_bytes.extend_from_slice(length);
+            if length[0] < 0x80 {
+                return Err(error_here!(ErrorType::InvalidInput));
+            }
+            (length[0] as usize, rest)
+        } else if length1[0] == 0x82 {
+            let (mut lengths, rest) = try_read_bytes!(rest, 2);
+            accumulated_length_bytes.extend_from_slice(lengths);
+            let length = lengths
+                .read_u16::<BigEndian>()
+                .map_err(|_| error_here!(ErrorType::LibraryFailure))?;
+            if length < 256 {
+                return Err(error_here!(ErrorType::InvalidInput));
+            }
+            (length as usize, rest)
+        } else {
+            return Err(error_here!(ErrorType::UnsupportedInput));
+        };
+        let (contents, rest) = try_read_bytes!(to_read_from, length);
+        self.contents = rest;
+        Ok((tag, accumulated_length_bytes, contents))
+    }
+
+    fn at_end(&self) -> bool {
+        self.contents.is_empty()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn der_test_empty_input() {
+        let input = Vec::new();
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(INTEGER).is_err());
+    }
+
+    #[test]
+    fn der_test_no_length() {
+        let input = vec![INTEGER];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(INTEGER).is_err());
+    }
+
+    #[test]
+    fn der_test_empty_sequence() {
+        let input = vec![SEQUENCE, 0];
+        let mut der = Der::new(&input);
+        let read_result = der.read_tlv(SEQUENCE);
+        assert!(read_result.is_ok());
+        let (tag, length, sequence_bytes) = read_result.unwrap();
+        assert_eq!(tag, SEQUENCE);
+        assert_eq!(length, vec![0]);
+        assert_eq!(sequence_bytes.len(), 0);
+        assert!(der.at_end());
+    }
+
+    #[test]
+    fn der_test_not_at_end() {
+        let input = vec![SEQUENCE, 0, 1];
+        let mut der = Der::new(&input);
+        let read_result = der.read_tlv(SEQUENCE);
+        assert!(read_result.is_ok());
+        let (tag, length, sequence_bytes) = read_result.unwrap();
+        assert_eq!(tag, SEQUENCE);
+        assert_eq!(length, vec![0]);
+        assert_eq!(sequence_bytes.len(), 0);
+        assert!(!der.at_end());
+    }
+
+    #[test]
+    fn der_test_wrong_tag() {
+        let input = vec![SEQUENCE, 0];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(INTEGER).is_err());
+    }
+
+    #[test]
+    fn der_test_truncated_two_byte_length() {
+        let input = vec![SEQUENCE, 0x81];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(SEQUENCE).is_err());
+    }
+
+    #[test]
+    fn der_test_truncated_three_byte_length() {
+        let input = vec![SEQUENCE, 0x82, 1];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(SEQUENCE).is_err());
+    }
+
+    #[test]
+    fn der_test_truncated_data() {
+        let input = vec![SEQUENCE, 20, 1];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(SEQUENCE).is_err());
+    }
+
+    #[test]
+    fn der_test_sequence() {
+        let input = vec![
+            SEQUENCE, 20, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 0, 0,
+        ];
+        let mut der = Der::new(&input);
+        let result = der.read_tlv(SEQUENCE);
+        assert!(result.is_ok());
+        let (tag, length, value) = result.unwrap();
+        assert_eq!(tag, SEQUENCE);
+        assert_eq!(length, vec![20]);
+        assert_eq!(
+            value,
+            [1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 0, 0]
+        );
+        assert!(der.at_end());
+    }
+
+    #[test]
+    fn der_test_not_shortest_two_byte_length_encoding() {
+        let input = vec![SEQUENCE, 0x81, 1, 1];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(SEQUENCE).is_err());
+    }
+
+    #[test]
+    fn der_test_not_shortest_three_byte_length_encoding() {
+        let input = vec![SEQUENCE, 0x82, 0, 1, 1];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(SEQUENCE).is_err());
+    }
+
+    #[test]
+    fn der_test_indefinite_length_unsupported() {
+        let input = vec![SEQUENCE, 0x80, 1, 2, 3, 0x00, 0x00];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(SEQUENCE).is_err());
+    }
+
+    #[test]
+    fn der_test_input_too_long() {
+        // This isn't valid DER (the contents of the SEQUENCE are truncated), but it demonstrates
+        // that we don't try to read too much if we're given a long length (and also that we don't
+        // support lengths 2^16 and up).
+        let input = vec![SEQUENCE, 0x83, 0x01, 0x00, 0x01, 1, 1, 1, 1];
+        let mut der = Der::new(&input);
+        assert!(der.read_tlv(SEQUENCE).is_err());
+    }
+
+    #[test]
+    fn empty_input_fails() {
+        let empty = Vec::new();
+        assert!(read_rsa_modulus(&empty).is_err());
+        #[cfg(target_os = "macos")]
+        assert!(read_ec_sig_point(&empty).is_err());
+        assert!(read_encoded_certificate_identifiers(&empty).is_err());
+    }
+
+    #[test]
+    fn empty_sequence_fails() {
+        let empty = vec![SEQUENCE | CONSTRUCTED];
+        assert!(read_rsa_modulus(&empty).is_err());
+        #[cfg(target_os = "macos")]
+        assert!(read_ec_sig_point(&empty).is_err());
+        assert!(read_encoded_certificate_identifiers(&empty).is_err());
+    }
+
+    #[test]
+    fn test_read_rsa_modulus() {
+        let rsa_key = include_bytes!("../test/rsa.bin");
+        let result = read_rsa_modulus(rsa_key);
+        assert!(result.is_ok());
+        let modulus = result.unwrap();
+        assert_eq!(modulus, include_bytes!("../test/modulus.bin").to_vec());
+    }
+
+    #[test]
+    fn test_read_certificate_identifiers() {
+        let certificate = include_bytes!("../test/certificate.bin");
+        let result = read_encoded_certificate_identifiers(certificate);
+        assert!(result.is_ok());
+        let (serial_number, issuer, subject) = result.unwrap();
+        assert_eq!(
+            serial_number,
+            &[
+                0x02, 0x14, 0x3f, 0xed, 0x7b, 0x43, 0x47, 0x8a, 0x53, 0x42, 0x5b, 0x0d, 0x50, 0xe1,
+                0x37, 0x88, 0x2a, 0x20, 0x3f, 0x31, 0x17, 0x20
+            ]
+        );
+        assert_eq!(
+            issuer,
+            &[
+                0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x54,
+                0x65, 0x73, 0x74, 0x20, 0x43, 0x41
+            ]
+        );
+        assert_eq!(
+            subject,
+            &[
+                0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x54,
+                0x65, 0x73, 0x74, 0x20, 0x45, 0x6e, 0x64, 0x2d, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79
+            ]
+        );
+    }
+
+    #[test]
+    #[cfg(target_os = "windows")]
+    fn test_read_digest() {
+        // SEQUENCE
+        //   SEQUENCE
+        //     OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256
+        //       NULL
+        //   OCTET STRING 1A7FCDB9A5F649F954885CFE145F3E93F0D1FA72BE980CC6EC82C70E1407C7D2
+        let digest_info = [
+            0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x1, 0x65, 0x03, 0x04, 0x02,
+            0x01, 0x05, 0x00, 0x04, 0x20, 0x1a, 0x7f, 0xcd, 0xb9, 0xa5, 0xf6, 0x49, 0xf9, 0x54,
+            0x88, 0x5c, 0xfe, 0x14, 0x5f, 0x3e, 0x93, 0xf0, 0xd1, 0xfa, 0x72, 0xbe, 0x98, 0x0c,
+            0xc6, 0xec, 0x82, 0xc7, 0x0e, 0x14, 0x07, 0xc7, 0xd2,
+        ];
+        let result = read_digest(&digest_info);
+        assert!(result.is_ok());
+        let digest = result.unwrap();
+        assert_eq!(
+            digest,
+            &[
+                0x1a, 0x7f, 0xcd, 0xb9, 0xa5, 0xf6, 0x49, 0xf9, 0x54, 0x88, 0x5c, 0xfe, 0x14, 0x5f,
+                0x3e, 0x93, 0xf0, 0xd1, 0xfa, 0x72, 0xbe, 0x98, 0x0c, 0xc6, 0xec, 0x82, 0xc7, 0x0e,
+                0x14, 0x07, 0xc7, 0xd2
+            ]
+        );
+    }
+}
diff --git a/security/manager/ssl/rsclientcerts/test/certificate.bin b/security/manager/ssl/rsclientcerts/test/certificate.bin
new file mode 100644
index 0000000000..01fbafb15c
Binary files /dev/null and b/security/manager/ssl/rsclientcerts/test/certificate.bin differ
diff --git a/security/manager/ssl/rsclientcerts/test/modulus.bin b/security/manager/ssl/rsclientcerts/test/modulus.bin
new file mode 100644
index 0000000000..a9b09ff53e
--- /dev/null
+++ b/security/manager/ssl/rsclientcerts/test/modulus.bin
@@ -0,0 +1,2 @@
+ºˆQ¨DŽÖAýn¶ˆ6=<Ùêä5J´ìõhWl${ÁÇ%¨àؽ±œ›n†òkâ¯Zukjdqz¥Z§E‡÷Õ$œ~ÍCüiÐ8 )“« ÃIäÛ¹LÂklí‚ñ~­i±Ó:‹*Aî§pà
�ýf+°$’¤}¹ˆay�±W�=Ò;Åà¸H¨7ÓˆCï'ØU·fZª~�/:{€$Ìl—­–a[·â–Àu1£‘Ý´Ê÷ü­%Ó	﹧há³{/"oiã´Š•aî&Ö%�«‘N6Ë$,¿‹/åñ�™1¸³þI#úrQÄ1Õ¬Ú
+5í�
\ No newline at end of file
diff --git a/security/manager/ssl/rsclientcerts/test/rsa.bin b/security/manager/ssl/rsclientcerts/test/rsa.bin
new file mode 100644
index 0000000000..93ededb827
Binary files /dev/null and b/security/manager/ssl/rsclientcerts/test/rsa.bin differ
diff --git a/security/manager/ssl/tests/.eslintrc.js b/security/manager/ssl/tests/.eslintrc.js
new file mode 100644
index 0000000000..379eabb2d0
--- /dev/null
+++ b/security/manager/ssl/tests/.eslintrc.js
@@ -0,0 +1,8 @@
+"use strict";
+
+module.exports = {
+  rules: {
+    // Disallow non-top level |var| declarations.
+    "mozilla/var-only-at-top-level": "error",
+  },
+};
diff --git a/security/manager/ssl/tests/gtest/CertDBTest.cpp b/security/manager/ssl/tests/gtest/CertDBTest.cpp
new file mode 100644
index 0000000000..310b0226e1
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/CertDBTest.cpp
@@ -0,0 +1,52 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+#include "nsCOMPtr.h"
+#include "nsIPrefService.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsServiceManagerUtils.h"
+
+TEST(psm_CertDB, Test)
+{
+  {
+    nsCOMPtr<nsIPrefBranch> prefs(do_GetService(NS_PREFSERVICE_CONTRACTID));
+    ASSERT_TRUE(prefs)
+    << "couldn't get nsIPrefBranch";
+
+    // When PSM initializes, it attempts to get some localized strings.
+    // As a result, Android flips out if this isn't set.
+    nsresult rv = prefs->SetBoolPref("intl.locale.matchOS", true);
+    ASSERT_TRUE(NS_SUCCEEDED(rv))
+    << "couldn't set pref 'intl.locale.matchOS'";
+
+    nsCOMPtr<nsIX509CertDB> certdb(do_GetService(NS_X509CERTDB_CONTRACTID));
+    ASSERT_TRUE(certdb)
+    << "couldn't get certdb";
+
+    nsTArray<RefPtr<nsIX509Cert>> certList;
+    rv = certdb->GetCerts(certList);
+    ASSERT_TRUE(NS_SUCCEEDED(rv))
+    << "couldn't get list of certificates";
+
+    bool foundBuiltIn = false;
+    for (const auto& cert : certList) {
+      ASSERT_TRUE(cert)
+      << "certlist shouldn't have null certificate";
+      ASSERT_TRUE(NS_SUCCEEDED(cert->GetIsBuiltInRoot(&foundBuiltIn)))
+      << "GetIsBuiltInRoot failed";
+      if (foundBuiltIn) {
+        break;
+      }
+    }
+
+    ASSERT_TRUE(foundBuiltIn)
+    << "didn't load any built-in certificates";
+
+    printf("successfully loaded at least one built-in certificate\n");
+
+  }  // this scopes the nsCOMPtrs
+}
diff --git a/security/manager/ssl/tests/gtest/CoseTest.cpp b/security/manager/ssl/tests/gtest/CoseTest.cpp
new file mode 100644
index 0000000000..2f05cad3a7
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/CoseTest.cpp
@@ -0,0 +1,756 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <cstddef>
+#include <memory>
+
+#include <keyhi.h>
+#include <nss.h>
+#include <pk11pub.h>
+
+#include <pkcs11t.h>
+#include <secmodt.h>
+#include <cert.h>
+
+#include "ScopedNSSTypes.h"
+#include "cosec.h"
+
+namespace mozilla {
+
+// "This is the content."
+const uint8_t PAYLOAD[] = {84,  104, 105, 115, 32,  105, 115, 32,  116, 104,
+                           101, 32,  99,  111, 110, 116, 101, 110, 116, 46};
+
+// This is a COSE signature generated with the cose rust library (see
+// third-party/rust/cose). The payload is signed with the P256 key from
+// pykey.py.
+const uint8_t SIGNATURE[] = {
+    0xd8, 0x62, 0x84, 0x59, 0x02, 0xa3, 0xa1, 0x04, 0x82, 0x59, 0x01, 0x4e,
+    0x30, 0x82, 0x01, 0x4a, 0x30, 0x81, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02,
+    0x02, 0x14, 0x5f, 0x3f, 0xae, 0x90, 0x49, 0x30, 0x2f, 0x33, 0x6e, 0x95,
+    0x23, 0xa7, 0xcb, 0x23, 0xd7, 0x65, 0x4f, 0xea, 0x3c, 0xf7, 0x30, 0x0a,
+    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x14,
+    0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72,
+    0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+    0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+    0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x14, 0x31, 0x12,
+    0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f,
+    0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+    0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+    0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+    0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+    0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+    0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+    0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+    0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+    0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30,
+    0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d,
+    0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75,
+    0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02,
+    0x21, 0x00, 0xc2, 0xe4, 0xc1, 0xa8, 0xe2, 0x89, 0xdc, 0xa1, 0xbb, 0xe7,
+    0xd5, 0x4f, 0x5c, 0x88, 0xad, 0xeb, 0xa4, 0x78, 0xa1, 0x19, 0xbe, 0x22,
+    0x54, 0xc8, 0x9f, 0xef, 0xb8, 0x5d, 0xa2, 0x40, 0xd9, 0x8b, 0x59, 0x01,
+    0x4c, 0x30, 0x82, 0x01, 0x48, 0x30, 0x81, 0xf0, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x43, 0x63, 0x59, 0xad, 0x04, 0x34, 0x56, 0x80, 0x43,
+    0xec, 0x90, 0x6a, 0xd4, 0x10, 0x64, 0x7c, 0x7f, 0x38, 0x32, 0xe2, 0x30,
+    0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30,
+    0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09,
+    0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18,
+    0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+    0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31,
+    0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e,
+    0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+    0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+    0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+    0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+    0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+    0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+    0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+    0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+    0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30,
+    0x44, 0x02, 0x20, 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff,
+    0xd1, 0x16, 0x4e, 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf, 0x77,
+    0x5c, 0x93, 0x60, 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d, 0x24, 0x02,
+    0x20, 0x3d, 0x87, 0x0f, 0xac, 0x22, 0x4d, 0x16, 0xd9, 0xa1, 0x95, 0xbb,
+    0x56, 0xe0, 0x21, 0x05, 0x93, 0xd1, 0x07, 0xb5, 0x25, 0x3b, 0xf4, 0x57,
+    0x20, 0x87, 0x13, 0xa2, 0xf7, 0x78, 0x15, 0x30, 0xa7, 0xa0, 0xf6, 0x81,
+    0x83, 0x59, 0x01, 0x33, 0xa2, 0x01, 0x26, 0x04, 0x59, 0x01, 0x2c, 0x30,
+    0x82, 0x01, 0x28, 0x30, 0x81, 0xcf, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
+    0x14, 0x2f, 0xc3, 0x5f, 0x05, 0x80, 0xb4, 0x49, 0x45, 0x13, 0x92, 0xd6,
+    0x93, 0xb7, 0x2d, 0x71, 0x19, 0xc5, 0x8c, 0x40, 0x39, 0x30, 0x0a, 0x06,
+    0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x13, 0x31,
+    0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e,
+    0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30,
+    0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+    0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31, 0x30,
+    0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x65, 0x65, 0x2d, 0x70, 0x32,
+    0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
+    0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
+    0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb, 0x61, 0xe0, 0xf8,
+    0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2, 0xec, 0x05, 0x0b,
+    0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b, 0x45,
+    0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d, 0x07,
+    0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b, 0x7b,
+    0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, 0x30, 0x0a, 0x06,
+    0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00,
+    0x30, 0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd,
+    0x5d, 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73,
+    0x75, 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6,
+    0x02, 0x21, 0x00, 0xff, 0x81, 0xbe, 0xa8, 0x0d, 0x03, 0x36, 0x6b, 0x75,
+    0xe2, 0x70, 0x6a, 0xac, 0x07, 0x2e, 0x4c, 0xdc, 0xf9, 0xc5, 0x89, 0xc1,
+    0xcf, 0x88, 0xc2, 0xc8, 0x2a, 0x32, 0xf5, 0x42, 0x0c, 0xfa, 0x0b, 0xa0,
+    0x58, 0x40, 0x1e, 0x6e, 0x08, 0xdf, 0x8f, 0x4f, 0xd6, 0xab, 0x23, 0xae,
+    0x84, 0xaa, 0xf3, 0x43, 0x35, 0x9a, 0x53, 0xb9, 0x8b, 0xf9, 0x81, 0xa1,
+    0xbc, 0x1e, 0x5c, 0x57, 0x5c, 0x0a, 0x20, 0x37, 0xf4, 0x3d, 0x11, 0x08,
+    0xa0, 0x97, 0x4b, 0x68, 0xa4, 0x0f, 0x80, 0xe9, 0x96, 0x30, 0x04, 0x24,
+    0x0e, 0x81, 0x3d, 0x2a, 0x8a, 0x64, 0x40, 0x61, 0x5a, 0x19, 0x00, 0xff,
+    0x74, 0x40, 0x71, 0x82, 0x65, 0xe9};
+
+// This is a COSE signature generated with the cose rust library (see
+// third-party/rust/cose). The payload is signed twice; with the P256 and the
+// RSA key from pykey.py.
+const uint8_t SIGNATURE_ES256_PS256[] = {
+    0xd8, 0x62, 0x84, 0x59, 0x08, 0x52, 0xa1, 0x04, 0x84, 0x59, 0x01, 0x4e,
+    0x30, 0x82, 0x01, 0x4a, 0x30, 0x81, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02,
+    0x02, 0x14, 0x5f, 0x3f, 0xae, 0x90, 0x49, 0x30, 0x2f, 0x33, 0x6e, 0x95,
+    0x23, 0xa7, 0xcb, 0x23, 0xd7, 0x65, 0x4f, 0xea, 0x3c, 0xf7, 0x30, 0x0a,
+    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x14,
+    0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72,
+    0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+    0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+    0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x14, 0x31, 0x12,
+    0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f,
+    0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+    0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+    0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+    0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+    0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+    0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+    0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+    0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+    0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30,
+    0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d,
+    0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75,
+    0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02,
+    0x21, 0x00, 0xc2, 0xe4, 0xc1, 0xa8, 0xe2, 0x89, 0xdc, 0xa1, 0xbb, 0xe7,
+    0xd5, 0x4f, 0x5c, 0x88, 0xad, 0xeb, 0xa4, 0x78, 0xa1, 0x19, 0xbe, 0x22,
+    0x54, 0xc8, 0x9f, 0xef, 0xb8, 0x5d, 0xa2, 0x40, 0xd9, 0x8b, 0x59, 0x01,
+    0x4c, 0x30, 0x82, 0x01, 0x48, 0x30, 0x81, 0xf0, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x43, 0x63, 0x59, 0xad, 0x04, 0x34, 0x56, 0x80, 0x43,
+    0xec, 0x90, 0x6a, 0xd4, 0x10, 0x64, 0x7c, 0x7f, 0x38, 0x32, 0xe2, 0x30,
+    0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30,
+    0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09,
+    0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18,
+    0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+    0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31,
+    0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e,
+    0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+    0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+    0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+    0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+    0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+    0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+    0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+    0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+    0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30,
+    0x44, 0x02, 0x20, 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff,
+    0xd1, 0x16, 0x4e, 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf, 0x77,
+    0x5c, 0x93, 0x60, 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d, 0x24, 0x02,
+    0x20, 0x3d, 0x87, 0x0f, 0xac, 0x22, 0x4d, 0x16, 0xd9, 0xa1, 0x95, 0xbb,
+    0x56, 0xe0, 0x21, 0x05, 0x93, 0xd1, 0x07, 0xb5, 0x25, 0x3b, 0xf4, 0x57,
+    0x20, 0x87, 0x13, 0xa2, 0xf7, 0x78, 0x15, 0x30, 0xa7, 0x59, 0x02, 0xd5,
+    0x30, 0x82, 0x02, 0xd1, 0x30, 0x82, 0x01, 0xbb, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x29, 0x6c, 0x1a, 0xd8, 0x20, 0xcd, 0x74, 0x6d, 0x4b,
+    0x00, 0xf3, 0x16, 0x88, 0xd9, 0x66, 0x87, 0x5f, 0x28, 0x56, 0x6a, 0x30,
+    0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x08, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18,
+    0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+    0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31,
+    0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x72, 0x6f,
+    0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+    0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
+    0x01, 0x01, 0x00, 0xba, 0x88, 0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41,
+    0xfd, 0x6e, 0xb6, 0x88, 0x06, 0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea,
+    0xe4, 0x35, 0x4a, 0xb4, 0xec, 0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1,
+    0xc7, 0x25, 0xa8, 0xe0, 0xd8, 0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e,
+    0x1a, 0x86, 0xf2, 0x6b, 0xe2, 0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71,
+    0x08, 0x7a, 0xa5, 0x5a, 0xa7, 0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c,
+    0x02, 0x7e, 0xcd, 0x43, 0xfc, 0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93,
+    0xab, 0x20, 0xc3, 0x49, 0xe4, 0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e,
+    0xed, 0x15, 0x82, 0x0f, 0xf1, 0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02,
+    0x3a, 0x8b, 0x2a, 0x41, 0xee, 0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd,
+    0x66, 0x0b, 0x2b, 0xb0, 0x24, 0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79,
+    0x90, 0xb1, 0x57, 0x90, 0x3d, 0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f,
+    0xa8, 0x37, 0xd3, 0x88, 0x43, 0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66,
+    0x5a, 0xaa, 0x7e, 0x02, 0x90, 0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24,
+    0xcc, 0x1c, 0x6c, 0x97, 0xad, 0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12,
+    0xc0, 0x75, 0x31, 0xa3, 0x0c, 0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad,
+    0x1d, 0x25, 0xd3, 0x09, 0xef, 0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3,
+    0x7b, 0x2f, 0x22, 0x6f, 0x69, 0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee,
+    0x26, 0xd6, 0x25, 0x9d, 0xab, 0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24,
+    0x04, 0x2c, 0xbf, 0x16, 0x8b, 0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31,
+    0xb8, 0xb3, 0xfe, 0x49, 0x23, 0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03,
+    0xac, 0xda, 0x18, 0x0a, 0x35, 0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01,
+    0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
+    0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d,
+    0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0b, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01,
+    0x00, 0x23, 0x2f, 0x9f, 0x72, 0xeb, 0x70, 0x6d, 0x9e, 0x3e, 0x9f, 0xd7,
+    0x9c, 0xd9, 0x19, 0x7c, 0x99, 0x07, 0xc5, 0x5c, 0x9d, 0xf5, 0x66, 0x9f,
+    0x28, 0x8d, 0xfe, 0x0e, 0x3f, 0x38, 0x75, 0xed, 0xee, 0x4e, 0x3f, 0xf6,
+    0x6e, 0x35, 0xe0, 0x95, 0x3f, 0x08, 0x4a, 0x71, 0x5a, 0xf2, 0x4f, 0xc9,
+    0x96, 0x61, 0x8d, 0x45, 0x4b, 0x97, 0x85, 0xff, 0xb0, 0xe3, 0xbb, 0xb5,
+    0xd7, 0x7e, 0xfb, 0xd2, 0xfc, 0xec, 0xfe, 0x42, 0x9f, 0x4e, 0x7b, 0xbf,
+    0x97, 0xbb, 0xb4, 0x3a, 0x93, 0x0b, 0x13, 0x61, 0x90, 0x0c, 0x3a, 0xce,
+    0xf7, 0x8e, 0xef, 0x80, 0xf5, 0x4a, 0x92, 0xc5, 0xa5, 0x03, 0x78, 0xc2,
+    0xee, 0xb8, 0x66, 0x60, 0x6b, 0x76, 0x4f, 0x32, 0x5a, 0x1a, 0xa2, 0x4b,
+    0x7e, 0x2b, 0xa6, 0x1a, 0x89, 0x01, 0xe3, 0xbb, 0x55, 0x13, 0x7c, 0x4c,
+    0xf4, 0x6a, 0x99, 0x94, 0xd1, 0xa0, 0x84, 0x1c, 0x1a, 0xc2, 0x7b, 0xb4,
+    0xa0, 0xb0, 0x3b, 0xdc, 0x5a, 0x7b, 0xc7, 0xe0, 0x44, 0xb2, 0x1f, 0x46,
+    0xd5, 0x8b, 0x39, 0x8b, 0xdc, 0x9e, 0xce, 0xa8, 0x7f, 0x85, 0x1d, 0x4b,
+    0x63, 0x06, 0x1e, 0x8e, 0xe5, 0xe5, 0x99, 0xd9, 0xf7, 0x4d, 0x89, 0x0b,
+    0x1d, 0x5c, 0x27, 0x33, 0x66, 0x21, 0xcf, 0x9a, 0xbd, 0x98, 0x68, 0x23,
+    0x3a, 0x66, 0x9d, 0xd4, 0x46, 0xed, 0x63, 0x58, 0xf3, 0x42, 0xe4, 0x1d,
+    0xe2, 0x47, 0x65, 0x13, 0x8d, 0xd4, 0x1f, 0x4b, 0x7e, 0xde, 0x11, 0x56,
+    0xf8, 0x6d, 0x01, 0x0c, 0x99, 0xbd, 0x8d, 0xca, 0x8a, 0x2e, 0xe3, 0x8a,
+    0x9c, 0x3d, 0x83, 0x8d, 0x69, 0x62, 0x8d, 0x05, 0xea, 0xb7, 0xf5, 0xa3,
+    0x4b, 0xfc, 0x96, 0xcf, 0x18, 0x21, 0x0a, 0xc7, 0xf3, 0x23, 0x7e, 0x1c,
+    0xab, 0xe2, 0xa2, 0xd1, 0x83, 0xc4, 0x25, 0x93, 0x37, 0x80, 0xca, 0xda,
+    0xf0, 0xef, 0x7d, 0x94, 0xb5, 0x59, 0x02, 0xd4, 0x30, 0x82, 0x02, 0xd0,
+    0x30, 0x82, 0x01, 0xba, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x07,
+    0x10, 0xaf, 0xc4, 0x1a, 0x3a, 0x56, 0x4f, 0xd8, 0xc2, 0xcc, 0x46, 0xd7,
+    0x5b, 0xdf, 0x1c, 0x4e, 0x2f, 0x49, 0x3a, 0x30, 0x0b, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x30, 0x13, 0x31, 0x11,
+    0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x72, 0x6f, 0x6f,
+    0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31,
+    0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
+    0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x69, 0x6e, 0x74, 0x2d, 0x72, 0x73,
+    0x61, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
+    0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
+    0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xba, 0x88,
+    0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41, 0xfd, 0x6e, 0xb6, 0x88, 0x06,
+    0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea, 0xe4, 0x35, 0x4a, 0xb4, 0xec,
+    0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1, 0xc7, 0x25, 0xa8, 0xe0, 0xd8,
+    0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e, 0x1a, 0x86, 0xf2, 0x6b, 0xe2,
+    0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71, 0x08, 0x7a, 0xa5, 0x5a, 0xa7,
+    0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c, 0x02, 0x7e, 0xcd, 0x43, 0xfc,
+    0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93, 0xab, 0x20, 0xc3, 0x49, 0xe4,
+    0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e, 0xed, 0x15, 0x82, 0x0f, 0xf1,
+    0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02, 0x3a, 0x8b, 0x2a, 0x41, 0xee,
+    0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd, 0x66, 0x0b, 0x2b, 0xb0, 0x24,
+    0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79, 0x90, 0xb1, 0x57, 0x90, 0x3d,
+    0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f, 0xa8, 0x37, 0xd3, 0x88, 0x43,
+    0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66, 0x5a, 0xaa, 0x7e, 0x02, 0x90,
+    0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24, 0xcc, 0x1c, 0x6c, 0x97, 0xad,
+    0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12, 0xc0, 0x75, 0x31, 0xa3, 0x0c,
+    0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad, 0x1d, 0x25, 0xd3, 0x09, 0xef,
+    0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3, 0x7b, 0x2f, 0x22, 0x6f, 0x69,
+    0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee, 0x26, 0xd6, 0x25, 0x9d, 0xab,
+    0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24, 0x04, 0x2c, 0xbf, 0x16, 0x8b,
+    0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31, 0xb8, 0xb3, 0xfe, 0x49, 0x23,
+    0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03, 0xac, 0xda, 0x18, 0x0a, 0x35,
+    0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x1d, 0x30, 0x1b, 0x30,
+    0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+    0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
+    0x01, 0x06, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+    0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x5e, 0xba, 0x69, 0x55,
+    0x9f, 0xf8, 0xeb, 0x16, 0x21, 0x98, 0xde, 0xb7, 0x31, 0x3e, 0x66, 0xe1,
+    0x3b, 0x0c, 0x29, 0xf7, 0x48, 0x73, 0x05, 0xd9, 0xce, 0x5e, 0x4c, 0xbe,
+    0x03, 0xc4, 0x51, 0xd6, 0x21, 0x92, 0x40, 0x38, 0xaa, 0x5b, 0x28, 0xb5,
+    0xa1, 0x10, 0x52, 0x57, 0xff, 0x91, 0x54, 0x82, 0x86, 0x9e, 0x74, 0xd5,
+    0x3d, 0x82, 0x29, 0xee, 0xd1, 0xcf, 0x93, 0xb1, 0x24, 0x76, 0xbb, 0x95,
+    0x41, 0x06, 0x7e, 0x40, 0x9b, 0xb4, 0xab, 0x44, 0x34, 0x10, 0x8f, 0xb1,
+    0x51, 0x6f, 0xc0, 0x89, 0xd1, 0xa3, 0xc4, 0x9f, 0xb3, 0x48, 0xe1, 0xcd,
+    0x73, 0xad, 0xff, 0x42, 0x5f, 0x76, 0x05, 0x60, 0xc5, 0xe0, 0x45, 0x79,
+    0x18, 0xa1, 0x19, 0xb8, 0xa7, 0x3a, 0x64, 0xb3, 0x19, 0xba, 0x14, 0xa1,
+    0xb5, 0xdc, 0x32, 0xec, 0x09, 0x39, 0x58, 0x54, 0x5b, 0x04, 0xdc, 0x1b,
+    0x66, 0x0d, 0x1d, 0x0d, 0xce, 0x7f, 0xfa, 0x24, 0x52, 0x6a, 0xad, 0xe2,
+    0xc8, 0x30, 0xaf, 0xf2, 0xaf, 0x63, 0xc5, 0xe2, 0xbf, 0xe2, 0x20, 0x1b,
+    0x9e, 0xf9, 0x3d, 0xbc, 0xfb, 0x04, 0x8e, 0xda, 0x7a, 0x1a, 0x5d, 0xd3,
+    0x13, 0xd7, 0x00, 0x8e, 0x9b, 0x5d, 0x85, 0x51, 0xda, 0xd3, 0x91, 0x25,
+    0xf5, 0x67, 0x85, 0x3e, 0x25, 0x89, 0x5e, 0xcb, 0x89, 0x8a, 0xec, 0x8a,
+    0xde, 0x8b, 0xf4, 0x33, 0x5f, 0x76, 0xdb, 0x3d, 0xfc, 0x6a, 0x05, 0x21,
+    0x43, 0xb2, 0x41, 0xd8, 0x33, 0x8d, 0xfd, 0x05, 0x5c, 0x22, 0x0a, 0xf6,
+    0x90, 0x65, 0x9c, 0x4f, 0x8c, 0x44, 0x9f, 0x2d, 0xca, 0xf3, 0x49, 0x9c,
+    0x3a, 0x14, 0x88, 0xab, 0xe4, 0xce, 0xb7, 0xbc, 0x95, 0x22, 0x2e, 0xb1,
+    0x82, 0x4c, 0xbf, 0x83, 0x3e, 0x49, 0x72, 0x03, 0x2a, 0x68, 0xe7, 0x2d,
+    0xe5, 0x2d, 0x4b, 0x61, 0xb0, 0x8d, 0x0d, 0x0c, 0x87, 0xc6, 0x5c, 0x51,
+    0xa0, 0xf6, 0x82, 0x83, 0x59, 0x01, 0x33, 0xa2, 0x01, 0x26, 0x04, 0x59,
+    0x01, 0x2c, 0x30, 0x82, 0x01, 0x28, 0x30, 0x81, 0xcf, 0xa0, 0x03, 0x02,
+    0x01, 0x02, 0x02, 0x14, 0x2f, 0xc3, 0x5f, 0x05, 0x80, 0xb4, 0x49, 0x45,
+    0x13, 0x92, 0xd6, 0x93, 0xb7, 0x2d, 0x71, 0x19, 0xc5, 0x8c, 0x40, 0x39,
+    0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+    0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x08, 0x69, 0x6e, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18,
+    0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+    0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x65, 0x65,
+    0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
+    0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb,
+    0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2,
+    0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f,
+    0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4,
+    0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7,
+    0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0,
+    0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+    0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13,
+    0x11, 0x50, 0xcd, 0x5d, 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91,
+    0xff, 0xb2, 0x73, 0x75, 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80,
+    0x0a, 0x70, 0xe6, 0x02, 0x21, 0x00, 0xff, 0x81, 0xbe, 0xa8, 0x0d, 0x03,
+    0x36, 0x6b, 0x75, 0xe2, 0x70, 0x6a, 0xac, 0x07, 0x2e, 0x4c, 0xdc, 0xf9,
+    0xc5, 0x89, 0xc1, 0xcf, 0x88, 0xc2, 0xc8, 0x2a, 0x32, 0xf5, 0x42, 0x0c,
+    0xfa, 0x0b, 0xa0, 0x58, 0x40, 0xa3, 0xfb, 0x49, 0xe6, 0x45, 0x29, 0x64,
+    0x76, 0xeb, 0x9d, 0xbd, 0xf5, 0x38, 0x56, 0xbe, 0x6e, 0x31, 0x57, 0x73,
+    0xc1, 0x2d, 0x3e, 0xac, 0xee, 0xba, 0x55, 0x8e, 0x37, 0xd4, 0xea, 0x80,
+    0x25, 0x31, 0x99, 0x9f, 0x4a, 0xb0, 0xf9, 0xd8, 0xb0, 0xed, 0x74, 0xfc,
+    0x8c, 0x02, 0xf0, 0x9f, 0x95, 0xf1, 0xaa, 0x71, 0xcc, 0xd2, 0xe7, 0x1a,
+    0x6d, 0xd4, 0xed, 0xff, 0xf2, 0x78, 0x09, 0x83, 0x7e, 0x83, 0x59, 0x02,
+    0xbb, 0xa2, 0x01, 0x38, 0x24, 0x04, 0x59, 0x02, 0xb3, 0x30, 0x82, 0x02,
+    0xaf, 0x30, 0x82, 0x01, 0x99, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14,
+    0x07, 0x1c, 0x3b, 0x71, 0x08, 0xbe, 0xd7, 0x9f, 0xfd, 0xaf, 0x26, 0xb6,
+    0x08, 0xa3, 0x99, 0x06, 0x77, 0x69, 0x32, 0x7e, 0x30, 0x0b, 0x06, 0x09,
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x30, 0x12, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x69, 0x6e,
+    0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31,
+    0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
+    0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x11, 0x31, 0x0f, 0x30, 0x0d, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x65, 0x65, 0x2d, 0x72, 0x73, 0x61,
+    0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+    0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xba, 0x88, 0x51,
+    0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41, 0xfd, 0x6e, 0xb6, 0x88, 0x06, 0x36,
+    0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea, 0xe4, 0x35, 0x4a, 0xb4, 0xec, 0xf5,
+    0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1, 0xc7, 0x25, 0xa8, 0xe0, 0xd8, 0x1f,
+    0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e, 0x1a, 0x86, 0xf2, 0x6b, 0xe2, 0xaf,
+    0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71, 0x08, 0x7a, 0xa5, 0x5a, 0xa7, 0x45,
+    0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c, 0x02, 0x7e, 0xcd, 0x43, 0xfc, 0x1e,
+    0x69, 0xd0, 0x38, 0x20, 0x29, 0x93, 0xab, 0x20, 0xc3, 0x49, 0xe4, 0xdb,
+    0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e, 0xed, 0x15, 0x82, 0x0f, 0xf1, 0x7e,
+    0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02, 0x3a, 0x8b, 0x2a, 0x41, 0xee, 0xa7,
+    0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd, 0x66, 0x0b, 0x2b, 0xb0, 0x24, 0x92,
+    0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79, 0x90, 0xb1, 0x57, 0x90, 0x3d, 0xd2,
+    0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f, 0xa8, 0x37, 0xd3, 0x88, 0x43, 0xef,
+    0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66, 0x5a, 0xaa, 0x7e, 0x02, 0x90, 0x2f,
+    0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24, 0xcc, 0x1c, 0x6c, 0x97, 0xad, 0x96,
+    0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12, 0xc0, 0x75, 0x31, 0xa3, 0x0c, 0x91,
+    0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad, 0x1d, 0x25, 0xd3, 0x09, 0xef, 0xb9,
+    0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3, 0x7b, 0x2f, 0x22, 0x6f, 0x69, 0xe3,
+    0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee, 0x26, 0xd6, 0x25, 0x9d, 0xab, 0x91,
+    0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24, 0x04, 0x2c, 0xbf, 0x16, 0x8b, 0x2f,
+    0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31, 0xb8, 0xb3, 0xfe, 0x49, 0x23, 0xfa,
+    0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03, 0xac, 0xda, 0x18, 0x0a, 0x35, 0xed,
+    0x8d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00,
+    0x44, 0x92, 0xbb, 0x8e, 0x83, 0x58, 0x56, 0x2e, 0x7a, 0x86, 0xfa, 0x1d,
+    0x77, 0x50, 0x3f, 0x45, 0x8d, 0x90, 0xc4, 0x62, 0x27, 0x21, 0x96, 0x5a,
+    0xef, 0x51, 0x78, 0xd7, 0x7d, 0x0d, 0x02, 0x2d, 0x5a, 0x0e, 0x3c, 0x82,
+    0x6f, 0x1d, 0x92, 0x87, 0xd5, 0x1a, 0x44, 0xae, 0xa7, 0x92, 0xd1, 0x8b,
+    0xfa, 0x16, 0x53, 0x7f, 0xa3, 0x22, 0x96, 0x1a, 0x51, 0x8c, 0xeb, 0xa1,
+    0xe6, 0xf6, 0x37, 0x11, 0xfe, 0x7d, 0x53, 0x3f, 0xae, 0xf0, 0x6b, 0xb9,
+    0xb1, 0x7a, 0x73, 0x07, 0x14, 0xcf, 0x04, 0x05, 0x93, 0x9e, 0xe3, 0xd2,
+    0x4d, 0x9d, 0x6d, 0x35, 0x68, 0xf9, 0x36, 0xe5, 0x10, 0x0a, 0x36, 0xd9,
+    0x48, 0xb0, 0x83, 0xd0, 0xb9, 0x58, 0x74, 0x53, 0xb3, 0xbc, 0x99, 0xab,
+    0xe1, 0x3e, 0xd5, 0x01, 0x8e, 0xcf, 0x3a, 0x69, 0x93, 0x9e, 0xa7, 0x88,
+    0xd4, 0xad, 0x95, 0xf9, 0x2a, 0xb4, 0x7f, 0x95, 0x97, 0x86, 0x50, 0x38,
+    0xb1, 0x04, 0x0a, 0xe4, 0x7a, 0xd5, 0x2d, 0x6c, 0xde, 0x3e, 0x1a, 0x47,
+    0x17, 0x88, 0x63, 0x20, 0x9d, 0x21, 0x3e, 0x0c, 0x6f, 0xfd, 0x20, 0x54,
+    0xd0, 0x67, 0xd2, 0x6b, 0x06, 0xfe, 0x60, 0x13, 0x42, 0x3d, 0xb7, 0xca,
+    0xcb, 0xab, 0x7b, 0x5f, 0x5d, 0x01, 0x56, 0xd3, 0x99, 0x80, 0x0f, 0xde,
+    0x7f, 0x3a, 0x61, 0x9c, 0xd3, 0x6b, 0x5e, 0xfe, 0xb5, 0xfc, 0x39, 0x8b,
+    0x8e, 0xf0, 0x8c, 0x8b, 0x65, 0x46, 0x45, 0xff, 0x47, 0x8f, 0xd4, 0xdd,
+    0xae, 0xc9, 0x72, 0xc7, 0x7f, 0x28, 0x86, 0xf1, 0xf7, 0x6e, 0xcb, 0x86,
+    0x03, 0xeb, 0x0c, 0x46, 0xe5, 0xa0, 0x6b, 0xef, 0xd4, 0x5e, 0xa4, 0x0f,
+    0x53, 0xe1, 0xbc, 0xb4, 0xc9, 0x37, 0x0e, 0x75, 0xdd, 0x93, 0xe8, 0x0f,
+    0x18, 0x0a, 0x02, 0x83, 0x17, 0x74, 0xbb, 0x1a, 0x42, 0x5b, 0x63, 0x2c,
+    0x80, 0x80, 0xa6, 0x84, 0xa0, 0x59, 0x01, 0x00, 0x51, 0xf4, 0xe6, 0x1c,
+    0x18, 0x7b, 0x28, 0xa0, 0x1f, 0x63, 0xbf, 0xa5, 0xbd, 0x89, 0x9f, 0xd9,
+    0x30, 0x46, 0x4b, 0x34, 0x9b, 0x9d, 0x0f, 0xb0, 0x33, 0x11, 0xf8, 0xaa,
+    0x84, 0x4e, 0xb2, 0xca, 0x29, 0x83, 0x54, 0x28, 0x99, 0x2a, 0x43, 0x7f,
+    0xe0, 0xe6, 0xd8, 0xdc, 0xd7, 0xf4, 0xb3, 0xd7, 0xf7, 0x39, 0xd5, 0xdc,
+    0xde, 0xdc, 0x23, 0x78, 0xd7, 0x90, 0xc0, 0x52, 0xf5, 0xd2, 0x14, 0x6f,
+    0xf9, 0x24, 0x48, 0xc8, 0x75, 0x4a, 0x9a, 0x4c, 0x61, 0x2f, 0x96, 0x4e,
+    0xc8, 0x02, 0x95, 0x72, 0xef, 0xbc, 0x91, 0xae, 0xf8, 0x23, 0xfb, 0xba,
+    0x9f, 0xfd, 0xe0, 0x1a, 0x8e, 0xa9, 0x03, 0x16, 0x76, 0xf4, 0xdb, 0x81,
+    0x5a, 0x69, 0xeb, 0xf5, 0x55, 0xd7, 0x68, 0x28, 0xe4, 0xce, 0xde, 0x1b,
+    0xb4, 0x90, 0xac, 0x97, 0x07, 0x15, 0xe0, 0xce, 0x5f, 0x3f, 0x89, 0xaf,
+    0xc1, 0xb8, 0x46, 0x5e, 0x87, 0xa1, 0x8d, 0xa7, 0x44, 0x09, 0x02, 0x4e,
+    0xbe, 0x6b, 0xfb, 0xab, 0xeb, 0x19, 0x62, 0x9e, 0xb0, 0xef, 0x0a, 0x6b,
+    0xcf, 0xe0, 0x00, 0xa9, 0x68, 0x2a, 0x8e, 0xfe, 0x8a, 0xb9, 0x57, 0x52,
+    0xb3, 0x08, 0x80, 0x5e, 0xa6, 0x88, 0x5f, 0x31, 0xd1, 0xe9, 0x6d, 0xf7,
+    0x54, 0x4e, 0xf8, 0x17, 0xb0, 0x1c, 0xca, 0xa6, 0xa6, 0x80, 0xf8, 0xd8,
+    0xf5, 0x94, 0xa4, 0xb2, 0xd0, 0x7e, 0xbb, 0x4f, 0xdb, 0x3a, 0x91, 0x5f,
+    0xb3, 0xc1, 0xfa, 0x60, 0xe4, 0xce, 0xe3, 0xe5, 0x14, 0x1f, 0x9c, 0x01,
+    0x60, 0xff, 0xe2, 0x09, 0xe6, 0x1a, 0x82, 0x69, 0xb6, 0xeb, 0x52, 0x1e,
+    0x3d, 0xc7, 0xfd, 0x69, 0x9d, 0x2a, 0xa5, 0xdb, 0xc1, 0x6a, 0x5a, 0x7d,
+    0x23, 0x2a, 0x00, 0xe4, 0x53, 0x16, 0x8e, 0xc1, 0x56, 0xf5, 0x5a, 0x8d,
+    0x59, 0x1f, 0x7f, 0xff, 0x77, 0x6f, 0x92, 0xea, 0x5d, 0x31, 0xe9, 0x18};
+
+// The RSA intermediate certificate that issued the EE cert used in the
+// signature above. The certificate was generated with pycert.py
+const uint8_t RSA_INT[] = {
+    0x30, 0x82, 0x02, 0xd0, 0x30, 0x82, 0x01, 0xba, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x07, 0x10, 0xaf, 0xc4, 0x1a, 0x3a, 0x56, 0x4f, 0xd8,
+    0xc2, 0xcc, 0x46, 0xd7, 0x5b, 0xdf, 0x1c, 0x4e, 0x2f, 0x49, 0x3a, 0x30,
+    0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x08, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18,
+    0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+    0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31,
+    0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x69, 0x6e,
+    0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
+    0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
+    0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xba, 0x88, 0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41, 0xfd,
+    0x6e, 0xb6, 0x88, 0x06, 0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea, 0xe4,
+    0x35, 0x4a, 0xb4, 0xec, 0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1, 0xc7,
+    0x25, 0xa8, 0xe0, 0xd8, 0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e, 0x1a,
+    0x86, 0xf2, 0x6b, 0xe2, 0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71, 0x08,
+    0x7a, 0xa5, 0x5a, 0xa7, 0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c, 0x02,
+    0x7e, 0xcd, 0x43, 0xfc, 0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93, 0xab,
+    0x20, 0xc3, 0x49, 0xe4, 0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e, 0xed,
+    0x15, 0x82, 0x0f, 0xf1, 0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02, 0x3a,
+    0x8b, 0x2a, 0x41, 0xee, 0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd, 0x66,
+    0x0b, 0x2b, 0xb0, 0x24, 0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79, 0x90,
+    0xb1, 0x57, 0x90, 0x3d, 0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f, 0xa8,
+    0x37, 0xd3, 0x88, 0x43, 0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66, 0x5a,
+    0xaa, 0x7e, 0x02, 0x90, 0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24, 0xcc,
+    0x1c, 0x6c, 0x97, 0xad, 0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12, 0xc0,
+    0x75, 0x31, 0xa3, 0x0c, 0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad, 0x1d,
+    0x25, 0xd3, 0x09, 0xef, 0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3, 0x7b,
+    0x2f, 0x22, 0x6f, 0x69, 0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee, 0x26,
+    0xd6, 0x25, 0x9d, 0xab, 0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24, 0x04,
+    0x2c, 0xbf, 0x16, 0x8b, 0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31, 0xb8,
+    0xb3, 0xfe, 0x49, 0x23, 0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03, 0xac,
+    0xda, 0x18, 0x0a, 0x35, 0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
+    0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05,
+    0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f,
+    0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86,
+    0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00,
+    0x5e, 0xba, 0x69, 0x55, 0x9f, 0xf8, 0xeb, 0x16, 0x21, 0x98, 0xde, 0xb7,
+    0x31, 0x3e, 0x66, 0xe1, 0x3b, 0x0c, 0x29, 0xf7, 0x48, 0x73, 0x05, 0xd9,
+    0xce, 0x5e, 0x4c, 0xbe, 0x03, 0xc4, 0x51, 0xd6, 0x21, 0x92, 0x40, 0x38,
+    0xaa, 0x5b, 0x28, 0xb5, 0xa1, 0x10, 0x52, 0x57, 0xff, 0x91, 0x54, 0x82,
+    0x86, 0x9e, 0x74, 0xd5, 0x3d, 0x82, 0x29, 0xee, 0xd1, 0xcf, 0x93, 0xb1,
+    0x24, 0x76, 0xbb, 0x95, 0x41, 0x06, 0x7e, 0x40, 0x9b, 0xb4, 0xab, 0x44,
+    0x34, 0x10, 0x8f, 0xb1, 0x51, 0x6f, 0xc0, 0x89, 0xd1, 0xa3, 0xc4, 0x9f,
+    0xb3, 0x48, 0xe1, 0xcd, 0x73, 0xad, 0xff, 0x42, 0x5f, 0x76, 0x05, 0x60,
+    0xc5, 0xe0, 0x45, 0x79, 0x18, 0xa1, 0x19, 0xb8, 0xa7, 0x3a, 0x64, 0xb3,
+    0x19, 0xba, 0x14, 0xa1, 0xb5, 0xdc, 0x32, 0xec, 0x09, 0x39, 0x58, 0x54,
+    0x5b, 0x04, 0xdc, 0x1b, 0x66, 0x0d, 0x1d, 0x0d, 0xce, 0x7f, 0xfa, 0x24,
+    0x52, 0x6a, 0xad, 0xe2, 0xc8, 0x30, 0xaf, 0xf2, 0xaf, 0x63, 0xc5, 0xe2,
+    0xbf, 0xe2, 0x20, 0x1b, 0x9e, 0xf9, 0x3d, 0xbc, 0xfb, 0x04, 0x8e, 0xda,
+    0x7a, 0x1a, 0x5d, 0xd3, 0x13, 0xd7, 0x00, 0x8e, 0x9b, 0x5d, 0x85, 0x51,
+    0xda, 0xd3, 0x91, 0x25, 0xf5, 0x67, 0x85, 0x3e, 0x25, 0x89, 0x5e, 0xcb,
+    0x89, 0x8a, 0xec, 0x8a, 0xde, 0x8b, 0xf4, 0x33, 0x5f, 0x76, 0xdb, 0x3d,
+    0xfc, 0x6a, 0x05, 0x21, 0x43, 0xb2, 0x41, 0xd8, 0x33, 0x8d, 0xfd, 0x05,
+    0x5c, 0x22, 0x0a, 0xf6, 0x90, 0x65, 0x9c, 0x4f, 0x8c, 0x44, 0x9f, 0x2d,
+    0xca, 0xf3, 0x49, 0x9c, 0x3a, 0x14, 0x88, 0xab, 0xe4, 0xce, 0xb7, 0xbc,
+    0x95, 0x22, 0x2e, 0xb1, 0x82, 0x4c, 0xbf, 0x83, 0x3e, 0x49, 0x72, 0x03,
+    0x2a, 0x68, 0xe7, 0x2d, 0xe5, 0x2d, 0x4b, 0x61, 0xb0, 0x8d, 0x0d, 0x0c,
+    0x87, 0xc6, 0x5c, 0x51};
+
+// The RSA root certificate that issued the RSA intermediate certificate above.
+// The certificate was generated with pycert.py
+const uint8_t RSA_ROOT[] = {
+    0x30, 0x82, 0x02, 0xd1, 0x30, 0x82, 0x01, 0xbb, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x14, 0x29, 0x6c, 0x1a, 0xd8, 0x20, 0xcd, 0x74, 0x6d, 0x4b,
+    0x00, 0xf3, 0x16, 0x88, 0xd9, 0x66, 0x87, 0x5f, 0x28, 0x56, 0x6a, 0x30,
+    0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+    0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x08, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18,
+    0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+    0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31,
+    0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x72, 0x6f,
+    0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
+    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+    0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
+    0x01, 0x01, 0x00, 0xba, 0x88, 0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41,
+    0xfd, 0x6e, 0xb6, 0x88, 0x06, 0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea,
+    0xe4, 0x35, 0x4a, 0xb4, 0xec, 0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1,
+    0xc7, 0x25, 0xa8, 0xe0, 0xd8, 0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e,
+    0x1a, 0x86, 0xf2, 0x6b, 0xe2, 0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71,
+    0x08, 0x7a, 0xa5, 0x5a, 0xa7, 0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c,
+    0x02, 0x7e, 0xcd, 0x43, 0xfc, 0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93,
+    0xab, 0x20, 0xc3, 0x49, 0xe4, 0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e,
+    0xed, 0x15, 0x82, 0x0f, 0xf1, 0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02,
+    0x3a, 0x8b, 0x2a, 0x41, 0xee, 0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd,
+    0x66, 0x0b, 0x2b, 0xb0, 0x24, 0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79,
+    0x90, 0xb1, 0x57, 0x90, 0x3d, 0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f,
+    0xa8, 0x37, 0xd3, 0x88, 0x43, 0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66,
+    0x5a, 0xaa, 0x7e, 0x02, 0x90, 0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24,
+    0xcc, 0x1c, 0x6c, 0x97, 0xad, 0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12,
+    0xc0, 0x75, 0x31, 0xa3, 0x0c, 0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad,
+    0x1d, 0x25, 0xd3, 0x09, 0xef, 0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3,
+    0x7b, 0x2f, 0x22, 0x6f, 0x69, 0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee,
+    0x26, 0xd6, 0x25, 0x9d, 0xab, 0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24,
+    0x04, 0x2c, 0xbf, 0x16, 0x8b, 0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31,
+    0xb8, 0xb3, 0xfe, 0x49, 0x23, 0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03,
+    0xac, 0xda, 0x18, 0x0a, 0x35, 0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01,
+    0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
+    0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d,
+    0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0b, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01,
+    0x00, 0x23, 0x2f, 0x9f, 0x72, 0xeb, 0x70, 0x6d, 0x9e, 0x3e, 0x9f, 0xd7,
+    0x9c, 0xd9, 0x19, 0x7c, 0x99, 0x07, 0xc5, 0x5c, 0x9d, 0xf5, 0x66, 0x9f,
+    0x28, 0x8d, 0xfe, 0x0e, 0x3f, 0x38, 0x75, 0xed, 0xee, 0x4e, 0x3f, 0xf6,
+    0x6e, 0x35, 0xe0, 0x95, 0x3f, 0x08, 0x4a, 0x71, 0x5a, 0xf2, 0x4f, 0xc9,
+    0x96, 0x61, 0x8d, 0x45, 0x4b, 0x97, 0x85, 0xff, 0xb0, 0xe3, 0xbb, 0xb5,
+    0xd7, 0x7e, 0xfb, 0xd2, 0xfc, 0xec, 0xfe, 0x42, 0x9f, 0x4e, 0x7b, 0xbf,
+    0x97, 0xbb, 0xb4, 0x3a, 0x93, 0x0b, 0x13, 0x61, 0x90, 0x0c, 0x3a, 0xce,
+    0xf7, 0x8e, 0xef, 0x80, 0xf5, 0x4a, 0x92, 0xc5, 0xa5, 0x03, 0x78, 0xc2,
+    0xee, 0xb8, 0x66, 0x60, 0x6b, 0x76, 0x4f, 0x32, 0x5a, 0x1a, 0xa2, 0x4b,
+    0x7e, 0x2b, 0xa6, 0x1a, 0x89, 0x01, 0xe3, 0xbb, 0x55, 0x13, 0x7c, 0x4c,
+    0xf4, 0x6a, 0x99, 0x94, 0xd1, 0xa0, 0x84, 0x1c, 0x1a, 0xc2, 0x7b, 0xb4,
+    0xa0, 0xb0, 0x3b, 0xdc, 0x5a, 0x7b, 0xc7, 0xe0, 0x44, 0xb2, 0x1f, 0x46,
+    0xd5, 0x8b, 0x39, 0x8b, 0xdc, 0x9e, 0xce, 0xa8, 0x7f, 0x85, 0x1d, 0x4b,
+    0x63, 0x06, 0x1e, 0x8e, 0xe5, 0xe5, 0x99, 0xd9, 0xf7, 0x4d, 0x89, 0x0b,
+    0x1d, 0x5c, 0x27, 0x33, 0x66, 0x21, 0xcf, 0x9a, 0xbd, 0x98, 0x68, 0x23,
+    0x3a, 0x66, 0x9d, 0xd4, 0x46, 0xed, 0x63, 0x58, 0xf3, 0x42, 0xe4, 0x1d,
+    0xe2, 0x47, 0x65, 0x13, 0x8d, 0xd4, 0x1f, 0x4b, 0x7e, 0xde, 0x11, 0x56,
+    0xf8, 0x6d, 0x01, 0x0c, 0x99, 0xbd, 0x8d, 0xca, 0x8a, 0x2e, 0xe3, 0x8a,
+    0x9c, 0x3d, 0x83, 0x8d, 0x69, 0x62, 0x8d, 0x05, 0xea, 0xb7, 0xf5, 0xa3,
+    0x4b, 0xfc, 0x96, 0xcf, 0x18, 0x21, 0x0a, 0xc7, 0xf3, 0x23, 0x7e, 0x1c,
+    0xab, 0xe2, 0xa2, 0xd1, 0x83, 0xc4, 0x25, 0x93, 0x37, 0x80, 0xca, 0xda,
+    0xf0, 0xef, 0x7d, 0x94, 0xb5};
+
+// The P256 intermediate certificate that issued the EE cert used in the
+// signatures above. The certificate was generated with pycert.py
+const uint8_t P256_INT[] = {
+    0x30, 0x82, 0x01, 0x48, 0x30, 0x81, 0xf0, 0xa0, 0x03, 0x02, 0x01, 0x02,
+    0x02, 0x14, 0x43, 0x63, 0x59, 0xad, 0x04, 0x34, 0x56, 0x80, 0x43, 0xec,
+    0x90, 0x6a, 0xd4, 0x10, 0x64, 0x7c, 0x7f, 0x38, 0x32, 0xe2, 0x30, 0x0a,
+    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x14,
+    0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72,
+    0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+    0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+    0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31, 0x11,
+    0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e, 0x74,
+    0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
+    0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb,
+    0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2,
+    0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f,
+    0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4,
+    0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7,
+    0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0,
+    0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
+    0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d,
+    0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44,
+    0x02, 0x20, 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff, 0xd1,
+    0x16, 0x4e, 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf, 0x77, 0x5c,
+    0x93, 0x60, 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d, 0x24, 0x02, 0x20,
+    0x3d, 0x87, 0x0f, 0xac, 0x22, 0x4d, 0x16, 0xd9, 0xa1, 0x95, 0xbb, 0x56,
+    0xe0, 0x21, 0x05, 0x93, 0xd1, 0x07, 0xb5, 0x25, 0x3b, 0xf4, 0x57, 0x20,
+    0x87, 0x13, 0xa2, 0xf7, 0x78, 0x15, 0x30, 0xa7};
+
+// The P256 root certificate that issued the P256 intermediate certificate
+// above. The certificate was generated with pycert.py
+const uint8_t P256_ROOT[] = {
+    0x30, 0x82, 0x01, 0x4a, 0x30, 0x81, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02,
+    0x02, 0x14, 0x5f, 0x3f, 0xae, 0x90, 0x49, 0x30, 0x2f, 0x33, 0x6e, 0x95,
+    0x23, 0xa7, 0xcb, 0x23, 0xd7, 0x65, 0x4f, 0xea, 0x3c, 0xf7, 0x30, 0x0a,
+    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x14,
+    0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72,
+    0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+    0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+    0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+    0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x14, 0x31, 0x12,
+    0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f,
+    0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+    0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+    0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+    0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+    0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+    0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+    0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+    0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+    0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30,
+    0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d,
+    0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75,
+    0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02,
+    0x21, 0x00, 0xc2, 0xe4, 0xc1, 0xa8, 0xe2, 0x89, 0xdc, 0xa1, 0xbb, 0xe7,
+    0xd5, 0x4f, 0x5c, 0x88, 0xad, 0xeb, 0xa4, 0x78, 0xa1, 0x19, 0xbe, 0x22,
+    0x54, 0xc8, 0x9f, 0xef, 0xb8, 0x5d, 0xa2, 0x40, 0xd9, 0x8b};
+
+void check_hard_coded_certs(const uint8_t** cert_chain, size_t cert_chain_len,
+                            const size_t* certs_len) {
+  // Very hacky and fragile check that the intermediate certs are correct.
+  switch (cert_chain_len) {
+    case 2: {
+      const uint8_t* cert = cert_chain[0];
+      size_t cert_len = certs_len[0];
+      ASSERT_EQ(cert_len, sizeof(P256_ROOT));
+      ASSERT_EQ(0, memcmp(cert, P256_ROOT, cert_len));
+      cert = cert_chain[1];
+      cert_len = certs_len[1];
+      ASSERT_EQ(cert_len, sizeof(P256_INT));
+      ASSERT_EQ(0, memcmp(cert, P256_INT, cert_len));
+      break;
+    }
+    case 4: {
+      const uint8_t* cert = cert_chain[0];
+      size_t cert_len = certs_len[0];
+      ASSERT_EQ(cert_len, sizeof(P256_ROOT));
+      ASSERT_EQ(0, memcmp(cert, P256_ROOT, cert_len));
+      cert = cert_chain[1];
+      cert_len = certs_len[1];
+      ASSERT_EQ(cert_len, sizeof(P256_INT));
+      ASSERT_EQ(0, memcmp(cert, P256_INT, cert_len));
+      cert = cert_chain[2];
+      cert_len = certs_len[2];
+      ASSERT_EQ(cert_len, sizeof(RSA_ROOT));
+      ASSERT_EQ(0, memcmp(cert, RSA_ROOT, cert_len));
+      cert = cert_chain[3];
+      cert_len = certs_len[3];
+      ASSERT_EQ(cert_len, sizeof(RSA_INT));
+      ASSERT_EQ(0, memcmp(cert, RSA_INT, cert_len));
+      break;
+    }
+    default:
+      // In this case something went wrong.
+      ASSERT_EQ(true, false);
+  }
+}
+
+/* Verification function called from cose-rust.
+ * Returns true if everything goes well and the signature is good, false in any
+ * other case. */
+bool verify_callback(const uint8_t* payload, size_t payload_len,
+                     const uint8_t** cert_chain, size_t cert_chain_len,
+                     const size_t* certs_len, const uint8_t* ee_cert,
+                     size_t ee_cert_len, const uint8_t* signature,
+                     size_t signature_len, uint8_t signature_algorithm,
+                     void* ctx) {
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  if (!slot) {
+    return false;
+  }
+
+  CK_MECHANISM_TYPE mechanism;
+  SECOidTag oid;
+  uint32_t hash_length;
+  SECItem param = {siBuffer, nullptr, 0};
+  CK_RSA_PKCS_PSS_PARAMS rsa_pss_params = {CKM_SHA256, CKG_MGF1_SHA256,
+                                           SHA256_LENGTH};
+  switch (signature_algorithm) {
+    case (ES256):
+      mechanism = CKM_ECDSA;
+      oid = SEC_OID_SHA256;
+      hash_length = SHA256_LENGTH;
+      break;
+    case (PS256):
+      mechanism = CKM_RSA_PKCS_PSS;
+      oid = SEC_OID_SHA256;
+      hash_length = SHA256_LENGTH;
+      param = {siBuffer, reinterpret_cast<unsigned char*>(&rsa_pss_params),
+               sizeof(rsa_pss_params)};
+      break;
+    default:
+      return false;
+  }
+  check_hard_coded_certs(cert_chain, cert_chain_len, certs_len);
+
+  uint8_t hash_buf[HASH_LENGTH_MAX];
+  SECStatus rv = PK11_HashBuf(oid, hash_buf, payload, payload_len);
+  if (rv != SECSuccess) {
+    return false;
+  }
+  SECItem hash_item = {siBuffer, hash_buf, hash_length};
+  CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB();
+  if (!db_handle) {
+    return false;
+  }
+  SECItem der_cert = {siBuffer, const_cast<uint8_t*>(ee_cert),
+                      static_cast<unsigned int>(ee_cert_len)};
+  UniqueCERTCertificate cert(
+      CERT_NewTempCertificate(db_handle, &der_cert, nullptr, false, true));
+  if (!cert) {
+    return false;
+  }
+  UniqueSECKEYPublicKey key(CERT_ExtractPublicKey(cert.get()));
+  if (!key) {
+    return false;
+  }
+  SECItem signature_item = {siBuffer, const_cast<uint8_t*>(signature),
+                            static_cast<unsigned int>(signature_len)};
+  rv = PK11_VerifyWithMechanism(key.get(), mechanism, &param, &signature_item,
+                                &hash_item, nullptr);
+  if (rv != SECSuccess) {
+    return false;
+  }
+
+  return true;
+}
+
+class psm_COSE : public ::testing::Test {};
+
+TEST_F(psm_COSE, CoseTestingSingleSignature) {
+  SECStatus rv = NSS_NoDB_Init(nullptr);
+  ASSERT_EQ(SECSuccess, rv);
+  bool result =
+      verify_cose_signature_ffi(PAYLOAD, sizeof(PAYLOAD), SIGNATURE,
+                                sizeof(SIGNATURE), nullptr, verify_callback);
+  ASSERT_TRUE(result);
+}
+
+TEST_F(psm_COSE, CoseTestingTwoSignatures) {
+  SECStatus rv = NSS_NoDB_Init(nullptr);
+  ASSERT_EQ(SECSuccess, rv);
+  bool result = verify_cose_signature_ffi(
+      PAYLOAD, sizeof(PAYLOAD), SIGNATURE_ES256_PS256,
+      sizeof(SIGNATURE_ES256_PS256), nullptr, verify_callback);
+  ASSERT_TRUE(result);
+}
+
+TEST_F(psm_COSE, CoseTestingAlteredPayload) {
+  SECStatus rv = NSS_NoDB_Init(nullptr);
+  ASSERT_EQ(SECSuccess, rv);
+  uint8_t altered_payload[20] = {84,  104, 105, 115, 32,  104, 115,
+                                 32,  116, 104, 101, 32,  99,  111,
+                                 110, 116, 101, 110, 116, 46};
+  bool result = verify_cose_signature_ffi(
+      altered_payload, sizeof(altered_payload), SIGNATURE_ES256_PS256,
+      sizeof(SIGNATURE_ES256_PS256), nullptr, verify_callback);
+  ASSERT_FALSE(result);
+}
+
+}  // namespace mozilla
diff --git a/security/manager/ssl/tests/gtest/DataStorageTest.cpp b/security/manager/ssl/tests/gtest/DataStorageTest.cpp
new file mode 100644
index 0000000000..c288aeb3db
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/DataStorageTest.cpp
@@ -0,0 +1,201 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "mozilla/DataStorage.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsNetUtil.h"
+#include "nsPrintfCString.h"
+#include "nsStreamUtils.h"
+#include "prtime.h"
+
+using namespace mozilla;
+
+class psm_DataStorageTest : public ::testing::Test {
+ protected:
+  void SetUp() override {
+    const ::testing::TestInfo* const testInfo =
+        ::testing::UnitTest::GetInstance()->current_test_info();
+    NS_ConvertUTF8toUTF16 testName(testInfo->name());
+    storage = DataStorage::GetFromRawFileName(testName);
+    storage->Init();
+  }
+
+  RefPtr<DataStorage> storage;
+};
+
+constexpr auto testKey = "test"_ns;
+constexpr auto testValue = "value"_ns;
+constexpr auto privateTestValue = "private"_ns;
+
+TEST_F(psm_DataStorageTest, GetPutRemove) {
+  // Test Put/Get on Persistent data
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  // Don't re-use testKey / testValue here, to make sure that this works as
+  // expected with objects that have the same semantic value but are not
+  // literally the same object.
+  nsCString result = storage->Get("test"_ns, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+
+  // Get on Temporary/Private data with the same key should give nothing
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_TRUE(result.IsEmpty());
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+
+  // Put with Temporary/Private data shouldn't affect Persistent data
+  constexpr auto temporaryTestValue = "temporary"_ns;
+  EXPECT_EQ(NS_OK,
+            storage->Put(testKey, temporaryTestValue, DataStorage_Temporary));
+  EXPECT_EQ(NS_OK,
+            storage->Put(testKey, privateTestValue, DataStorage_Private));
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_STREQ("temporary", result.get());
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+
+  // Put of a previously-present key overwrites it (if of the same type)
+  constexpr auto newValue = "new"_ns;
+  EXPECT_EQ(NS_OK, storage->Put(testKey, newValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("new", result.get());
+
+  // Removal should work
+  storage->Remove(testKey, DataStorage_Temporary);
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_TRUE(result.IsEmpty());
+  // But removing one type shouldn't affect the others
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("new", result.get());
+  // Test removing the other types as well
+  storage->Remove(testKey, DataStorage_Private);
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+  storage->Remove(testKey, DataStorage_Persistent);
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, InputValidation) {
+  // Keys may not have tabs or newlines
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put("key\thas tab"_ns, testValue, DataStorage_Persistent));
+  nsCString result = storage->Get("key\thas tab"_ns, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+  EXPECT_EQ(NS_ERROR_INVALID_ARG, storage->Put("key has\nnewline"_ns, testValue,
+                                               DataStorage_Persistent));
+  result = storage->Get("keyhas\nnewline"_ns, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+  // Values may not have newlines
+  EXPECT_EQ(NS_ERROR_INVALID_ARG, storage->Put(testKey, "value\nhas newline"_ns,
+                                               DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  // Values may have tabs
+  EXPECT_TRUE(result.IsEmpty());
+  EXPECT_EQ(NS_OK, storage->Put(testKey, "val\thas tab; this is ok"_ns,
+                                DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("val\thas tab; this is ok", result.get());
+
+  nsCString longKey("a");
+  for (int i = 0; i < 8; i++) {
+    longKey.Append(longKey);
+  }
+  // A key of length 256 will work
+  EXPECT_EQ(NS_OK, storage->Put(longKey, testValue, DataStorage_Persistent));
+  result = storage->Get(longKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+  longKey.AppendLiteral("a");
+  // A key longer than that will not work
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(longKey, testValue, DataStorage_Persistent));
+  result = storage->Get(longKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+
+  nsCString longValue("a");
+  for (int i = 0; i < 10; i++) {
+    longValue.Append(longValue);
+  }
+  // A value of length 1024 will work
+  EXPECT_EQ(NS_OK, storage->Put(testKey, longValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ(longValue.get(), result.get());
+  longValue.AppendLiteral("a");
+  // A value longer than that will not work
+  storage->Remove(testKey, DataStorage_Persistent);
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(testKey, longValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, Eviction) {
+  // Eviction is on a per-table basis. Tables shouldn't affect each other.
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  for (int i = 0; i < 1025; i++) {
+    EXPECT_EQ(NS_OK,
+              storage->Put(nsPrintfCString("%d", i), nsPrintfCString("%d", i),
+                           DataStorage_Temporary));
+    nsCString result =
+        storage->Get(nsPrintfCString("%d", i), DataStorage_Temporary);
+    EXPECT_STREQ(nsPrintfCString("%d", i).get(), result.get());
+  }
+  // We don't know which entry got evicted, but we can count them.
+  int entries = 0;
+  for (int i = 0; i < 1025; i++) {
+    nsCString result =
+        storage->Get(nsPrintfCString("%d", i), DataStorage_Temporary);
+    if (!result.IsEmpty()) {
+      entries++;
+    }
+  }
+  EXPECT_EQ(entries, 1024);
+  nsCString result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+}
+
+TEST_F(psm_DataStorageTest, ClearPrivateData) {
+  EXPECT_EQ(NS_OK,
+            storage->Put(testKey, privateTestValue, DataStorage_Private));
+  nsCString result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  storage->Observe(nullptr, "last-pb-context-exited", nullptr);
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, Shutdown) {
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  nsCString result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+  // Get "now" (in days) close to when the data was last touched, so we won't
+  // get intermittent failures with the day not matching.
+  int64_t microsecondsPerDay = 24 * 60 * 60 * int64_t(PR_USEC_PER_SEC);
+  int32_t nowInDays = int32_t(PR_Now() / microsecondsPerDay);
+  // Simulate shutdown.
+  storage->Observe(nullptr, "profile-before-change", nullptr);
+  nsCOMPtr<nsIFile> backingFile;
+  EXPECT_EQ(NS_OK, NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                          getter_AddRefs(backingFile)));
+  const ::testing::TestInfo* const testInfo =
+      ::testing::UnitTest::GetInstance()->current_test_info();
+  NS_ConvertUTF8toUTF16 testName(testInfo->name());
+  EXPECT_EQ(NS_OK, backingFile->Append(testName));
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  EXPECT_EQ(NS_OK, NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream),
+                                              backingFile));
+  nsCString data;
+  EXPECT_EQ(NS_OK, NS_ConsumeStream(fileInputStream, UINT32_MAX, data));
+  // The data will be of the form 'test\t0\t<days since the epoch>\tvalue'
+  EXPECT_STREQ(nsPrintfCString("test\t0\t%d\tvalue\n", nowInDays).get(),
+               data.get());
+}
diff --git a/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp
new file mode 100644
index 0000000000..acad30e2ae
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp
@@ -0,0 +1,507 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "TransportSecurityInfo.h"
+#include "nsCOMPtr.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIX509Cert.h"
+#include "nsString.h"
+#include "mozilla/Maybe.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+// nsITransportSecurityInfo de-serializatin tests
+//
+// These tests verify that we can still deserialize old binary strings
+// generated for security info.  This is necessary because service workers
+// stores these strings on disk.
+//
+// If you make a change and start breaking these tests, you will need to
+// add a compat fix for loading the old versions.  For things that affect
+// the UUID, but do not break the rest of the format you can simply add
+// another hack condition in nsBinaryInputStream::ReadObject().  If you
+// change the overall format of the serialization then we will need more
+// complex handling in the security info concrete classes.
+//
+// We would like to move away from this binary compatibility requirement
+// in service workers.  See bug 1248628.
+void deserializeAndVerify(const nsCString& serializedSecInfo,
+                          Maybe<size_t> failedCertChainLength = Nothing(),
+                          Maybe<size_t> succeededCertChainLength = Nothing()) {
+  nsCOMPtr<nsITransportSecurityInfo> securityInfo;
+  nsresult rv = TransportSecurityInfo::Read(serializedSecInfo,
+                                            getter_AddRefs(securityInfo));
+  ASSERT_EQ(NS_OK, rv);
+  ASSERT_TRUE(securityInfo);
+
+  nsCOMPtr<nsIX509Cert> cert;
+  rv = securityInfo->GetServerCert(getter_AddRefs(cert));
+  ASSERT_EQ(NS_OK, rv);
+  ASSERT_TRUE(cert);
+
+  nsTArray<RefPtr<nsIX509Cert>> failedCertArray;
+  rv = securityInfo->GetFailedCertChain(failedCertArray);
+  ASSERT_EQ(NS_OK, rv);
+
+  if (failedCertChainLength) {
+    ASSERT_FALSE(failedCertArray.IsEmpty());
+    for (const auto& cert : failedCertArray) {
+      ASSERT_TRUE(cert);
+    }
+    ASSERT_EQ(*failedCertChainLength, failedCertArray.Length());
+  } else {
+    ASSERT_TRUE(failedCertArray.IsEmpty());
+  }
+
+  nsTArray<RefPtr<nsIX509Cert>> succeededCertArray;
+  rv = securityInfo->GetSucceededCertChain(succeededCertArray);
+  ASSERT_EQ(NS_OK, rv);
+
+  if (succeededCertChainLength) {
+    ASSERT_FALSE(succeededCertArray.IsEmpty());
+    for (const auto& cert : succeededCertArray) {
+      ASSERT_TRUE(cert);
+    }
+    ASSERT_EQ(*succeededCertChainLength, succeededCertArray.Length());
+  } else {
+    ASSERT_TRUE(succeededCertArray.IsEmpty());
+  }
+}
+
+TEST(psm_DeserializeCert, gecko33)
+{
+  // clang-format off
+  // Gecko 33+ vintage Security info serialized with UUIDs:
+  //  - nsISupports  00000000-0000-0000-c000-000000000046
+  //  - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8
+  //  - nsIX509Cert  f8ed8364-ced9-4c6e-86ba-48af53c393e6
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA"
+  "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8F+O2DZM7ZTG6GukivU8OT5gAAAAIAAAWpMII"
+  "FpTCCBI2gAwIBAgIQD4svsaKEC+QtqtsU2TF8ITANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN"
+  "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN"
+  "lcnZlciBDQTAeFw0xNTAyMjMwMDAwMDBaFw0xNjAzMDIxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRYwFAYDVQQHEw1TYW4gRnJhbmN"
+  "pc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII"
+  "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ"
+  "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh"
+  "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B"
+  "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICPzCCAjs"
+  "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK"
+  "CDnd3dy5naXRodWIuY29tggpnaXRodWIuY29tggwqLmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV"
+  "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM"
+  "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3J"
+  "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb"
+  "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQc"
+  "wAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUN"
+  "lcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAc4dbVmuKvyI7"
+  "KZ4Txk+ZqcAYToJGKUIVaPL94e5SZGweUisjaCbplAOihnf6Mxt8n6vnuH2IsCaz2NRHqhdcosjT3CwAiJpJNkXPKWVL/txgdSTV"
+  "2cqB1GG4esFOalvI52dzn+J4fTIYZvNF+AtGyHSLm2XRXYZCw455laUKf6Sk9RDShDgUvzhOKL4GXfTwKXv12MyMknJybH8UCpjC"
+  "HZmFBVHMcUN/87HsQo20PdOekeEvkjrrMIxW+gxw22Yb67yF/qKgwrWr+43bLN709iyw+LWiU7sQcHL2xk9SYiWQDj2tYz2soObV"
+  "QYTJm0VUZMEVFhtALq46cx92Zu4vFwC8AAwAAAAABAQAA");
+  // clang-format on
+
+  deserializeAndVerify(base64Serialization);
+}
+
+TEST(psm_DeserializeCert, gecko46)
+{
+  // clang-format off
+  // Gecko 46+ vintage Security info serialized with UUIDs:
+  //  - nsISupports  00000000-0000-0000-c000-000000000046
+  //  - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8
+  //  - nsIX509Cert  bdc3979a-5422-4cd5-8589-696b6e96ea83
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA"
+  "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAIAAAWzMII"
+  "FrzCCBJegAwIBAgIQB3pdwzYjAfmJ/lT3+G8+ZDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN"
+  "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN"
+  "lcnZlciBDQTAeFw0xNjAxMjAwMDAwMDBaFw0xNzA0MDYxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybml"
+  "hMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII"
+  "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ"
+  "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh"
+  "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B"
+  "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICSTCCAkU"
+  "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK"
+  "CDnd3dy5naXRodWIuY29tggwqLmdpdGh1Yi5jb22CCmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV"
+  "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM"
+  "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3J"
+  "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb"
+  "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHU"
+  "wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQ"
+  "uY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQE"
+  "ATxbRdPg+o49+96/P+rbdp4ie+CGtfCgUubT/Z9C54k+BfQO0nbxVgCSM5WZQuLgo2Q+0lcxisod8zxZeU0j5wviQINwOln/iN89"
+  "Bx3VmDRynTe4CqhsAwOoO1ERmCAmsAJBwY/rNr4mK22p8erBrqMW0nYXYU5NFynI+pNTjojhKD4II8PNV8G2yMWwYOb/u4+WPzUA"
+  "HC9DpZdrWTEH/W69Cr/KxRqGsWPwpgMv2Wqav8jaT35JxqTXjOlhQqzo6fNn3eYOeCf4PkCxZKwckWjy10qDaRbjhwAMHAGj2TPr"
+  "idlvOj/7QyyX5m8up/1US8z1fRW4yoCSOt6V2bwuH6cAvAAMAAAAAAQEAAA==");
+  // clang-format on
+
+  deserializeAndVerify(base64Serialization);
+}
+
+TEST(psm_DeserializeCert, preSSLStatusConsolidation)
+{
+  // clang-format off
+  // Generated using serialized output of test "good.include-subdomains.pinning.example.com"
+  // in security/manager/ssl/tests/unit/test_cert_chains.js
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAgAAgAAAAAAAAAAAAAAAAAAAAAB4vFIJp5w"
+  "RkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAONMIIDiTCCAnGg"
+  "AwIBAgIUWbWLTwLBvfwcoiU7I8lDz9snfUgwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE2MTEyNzAw"
+  "MDAwMFoYDzIwMTkwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw"
+  "ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV"
+  "JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o"
+  "N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd"
+  "q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0"
+  "gg0qLmV4YW1wbGUuY29tghUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBs"
+  "ZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB"
+  "hhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQBE+6IPJK5OeonoQPC4CCWMd69SjhwS7X6TNgxDJzW7"
+  "qpVm4SFyYZ2xqzr2zib5LsYek6/jok5LPSpJVeFuSeiesvGMxk0O4ZEihPxSM4uR4xpCnPzz7LoFIzMELJv5i+cgLw4+6cINPkLj"
+  "oCUdb+AXSTur7THJaO75B44I2JjJfMfzgW1FwoWgXL/PQWRw+VY6OY1glqZOXzP+vfSja1SoggpiCzdPx7h1/SEEZov7zhCZXv1C"
+  "enx1njlpcj9wWEJMsyZczMNtiz5GkRrLaqCz9F8ah3NvkvPAZ0oOqtxuQgMXK/c0OXJVKi0SCJsWqZDoZhCrS/dE9guxlseZqhSI"
+  "wC8DAwAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYBlZ+xZWUXSH+rm9iRO+Uxl650zaXNL0c/lvXwt//2LGgA"
+  "AAACZgoyJpFcT/u7IImFpjLfBb3Dl5pUIkzVhYlpa26W6oMAAAAAAAADjTCCA4kwggJxoAMCAQICFFm1i08Cwb38HKIlOyPJQ8/b"
+  "J31IMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNjExMjcwMDAwMDBaGA8yMDE5MDIwNTAwMDAwMFow"
+  "GjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2"
+  "ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC"
+  "a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk"
+  "zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+"
+  "SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHHMIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbYIVKi5waW5u"
+  "aW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9t"
+  "YWlucy5waW5uaW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4"
+  "LzANBgkqhkiG9w0BAQsFAAOCAQEARPuiDySuTnqJ6EDwuAgljHevUo4cEu1+kzYMQyc1u6qVZuEhcmGdsas69s4m+S7GHpOv46JO"
+  "Sz0qSVXhbknonrLxjMZNDuGRIoT8UjOLkeMaQpz88+y6BSMzBCyb+YvnIC8OPunCDT5C46AlHW/gF0k7q+0xyWju+QeOCNiYyXzH"
+  "84FtRcKFoFy/z0FkcPlWOjmNYJamTl8z/r30o2tUqIIKYgs3T8e4df0hBGaL+84QmV79Qnp8dZ45aXI/cFhCTLMmXMzDbYs+RpEa"
+  "y2qgs/RfGodzb5LzwGdKDqrcbkIDFyv3NDlyVSotEgibFqmQ6GYQq0v3RPYLsZbHmaoUiGYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM"
+  "1YWJaWtuluqDAAAAAAAAAtcwggLTMIIBu6ADAgECAhRdBTvvC7swO3cbVWIGn/56DrQ+cjANBgkqhkiG9w0BAQsFADASMRAwDgYD"
+  "VQQDDAdUZXN0IENBMCIYDzIwMTYxMTI3MDAwMDAwWhgPMjAxOTAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0G"
+  "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr"
+  "4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk"
+  "fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo"
+  "4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQF"
+  "MAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCDjewR53YLc3HzZKugRDbQVxjJNILW6fSIyW9dSglYcWh6aiOK"
+  "9cZFVtzRWYEYkIlicAyTiPw34bXzxU1cK6sCSmBR+UTXbRPGb4OOy3MRaoF1m3jxwnPkQwxezDiqJTydCbYcBu0sKwURAZOd5QK9"
+  "22MsOsnrLjNlpRDmuH0VFhb5uN2I5mM3NvMnP2Or19O1Bk//iGD6AyJfiZFcii+FsDrJhbzw6lakEV7O/EnD0kk2l7I0VMtg1xZB"
+  "bEw7P6+V9zz5cAzaaq7EB0mCE+jJckSzSETBN+7lyVD8gwmHYxxZfPnUM/yvPbMU9L3xWD/z6HHwO6r+9m7BT+2pHjBCAAA=");
+  // clang-format on
+
+  deserializeAndVerify(base64Serialization, Nothing(), Some(2));
+}
+
+TEST(psm_DeserializeCert, preSSLStatusConsolidationFailedCertChain)
+{
+  // clang-format off
+  // Generated using serialized output of test "expired.example.com"
+  // in security/manager/ssl/tests/unit/test_cert_chains.js
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAABAAAAAAAAAAA///gCwAAAAAB4vFIJp5w"
+  "RkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAMgMIIDHDCCAgSg"
+  "AwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAw"
+  "MDAwMFoYDzIwMTQwMTAxMDAwMDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvcNAQEB"
+  "BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6"
+  "pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9"
+  "0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK"
+  "lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJl"
+  "ZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZIhvcN"
+  "AQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzfT+ow5WVsxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7"
+  "IAMO1CEr5FVdCOVTma5hmu/81rkJLmZ8RQDWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3L9zJ2JqNc60+hB8l"
+  "297ZaSl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74VkQyNobaFzDZ+Zr3QmfbejEsY2EYnq8XuENgIO4DuYrm80/p6bMO6"
+  "laB0Uv5W6uXZgBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFwWwtnoK7IAAAMAAAEAAAEAAQAAAAAAAAAAAAAAAZWfsWVlF0h/q5vY"
+  "kTvlMZeudM2lzS9HP5b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwggMcMIICBKAD"
+  "AgECAhRj0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAw"
+  "MDAwWhgPMjAxNDAxMDEwMDAwMDBaMCIxIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEF"
+  "AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql"
+  "WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S"
+  "O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV"
+  "YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVk"
+  "LmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0B"
+  "AQsFAAOCAQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF0DjclopP2B8yxuc/WqIjbN6XdT4Xsg"
+  "Aw7UISvkVV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrKf/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb"
+  "3tlpKXSdsp99vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag7gO5iubzT+npsw7qV"
+  "oHRS/lbq5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAA"
+  "AAAAAtcwggLTMIIBu6ADAgECAhRdBTvvC7swO3cbVWIGn/56DrQ+cjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENB"
+  "MCIYDzIwMTYxMTI3MDAwMDAwWhgPMjAxOTAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA"
+  "A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa"
+  "p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7"
+  "xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh"
+  "He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P"
+  "BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCDjewR53YLc3HzZKugRDbQVxjJNILW6fSIyW9dSglYcWh6aiOK9cZFVtzRWYEYkIli"
+  "cAyTiPw34bXzxU1cK6sCSmBR+UTXbRPGb4OOy3MRaoF1m3jxwnPkQwxezDiqJTydCbYcBu0sKwURAZOd5QK922MsOsnrLjNlpRDm"
+  "uH0VFhb5uN2I5mM3NvMnP2Or19O1Bk//iGD6AyJfiZFcii+FsDrJhbzw6lakEV7O/EnD0kk2l7I0VMtg1xZBbEw7P6+V9zz5cAza"
+  "aq7EB0mCE+jJckSzSETBN+7lyVD8gwmHYxxZfPnUM/yvPbMU9L3xWD/z6HHwO6r+9m7BT+2pHjBCAZWfsWVlF0h/q5vYkTvlMZeu"
+  "dM2lzS9HP5b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwggMcMIICBKADAgECAhRj"
+  "0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAwMDAwWhgP"
+  "MjAxNDAxMDEwMDAwMDBaMCIxIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A"
+  "MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc"
+  "1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf"
+  "qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl"
+  "nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVkLmV4YW1w"
+  "bGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOC"
+  "AQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF0DjclopP2B8yxuc/WqIjbN6XdT4XsgAw7UISvk"
+  "VV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrKf/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb3tlpKXSd"
+  "sp99vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag7gO5iubzT+npsw7qVoHRS/lbq"
+  "5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAtcw"
+  "ggLTMIIBu6ADAgECAhRdBTvvC7swO3cbVWIGn/56DrQ+cjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIw"
+  "MTYxMTI3MDAwMDAwWhgPMjAxOTAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw"
+  "ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV"
+  "JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o"
+  "N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd"
+  "q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEG"
+  "MA0GCSqGSIb3DQEBCwUAA4IBAQCDjewR53YLc3HzZKugRDbQVxjJNILW6fSIyW9dSglYcWh6aiOK9cZFVtzRWYEYkIlicAyTiPw3"
+  "4bXzxU1cK6sCSmBR+UTXbRPGb4OOy3MRaoF1m3jxwnPkQwxezDiqJTydCbYcBu0sKwURAZOd5QK922MsOsnrLjNlpRDmuH0VFhb5"
+  "uN2I5mM3NvMnP2Or19O1Bk//iGD6AyJfiZFcii+FsDrJhbzw6lakEV7O/EnD0kk2l7I0VMtg1xZBbEw7P6+V9zz5cAzaaq7EB0mC"
+  "E+jJckSzSETBN+7lyVD8gwmHYxxZfPnUM/yvPbMU9L3xWD/z6HHwO6r+9m7BT+2pHjBC");
+  // clang-format on
+
+  deserializeAndVerify(base64Serialization, Some(2));
+}
+
+TEST(psm_DeserializeCert, preNsIX509CertListReplacement)
+{
+  // This was the serialized output of test
+  // "good.include-subdomains.pinning.example.com" // in
+  // security/manager/ssl/tests/unit/test_cert_chains.js The serialized output
+  // was generated before we replace nsIX509CertList with Array<nsIX509Cert>, so
+  // it had the old version of transportSecurityInfo.
+  nsCString base64Serialization(
+      "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgA"
+      "AAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
+      "AAAAONMIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQELB"
+      "QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAwMjA1MDAw"
+      "MDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4I"
+      "BDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZ"
+      "wGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tF"
+      "YIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n"
+      "FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN"
+      "7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe"
+      "2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tg"
+      "hUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu"
+      "ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20"
+      "wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA"
+      "0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvlaobK2YRb4OGMxySIKuQ80N0X"
+      "lO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0swx/+oUxCfLb0VIl/kdUqLkbGY"
+      "rAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j3rXoimcdo6X3TK1SN2/64fGM"
+      "yG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t/UgqDsnTWq5wUc5IJKwoHT41"
+      "sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16I"
+      "jWEukvJuU1WwC8AAwAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYBlZ+x"
+      "ZWUXSH+rm9iRO+Uxl650zaXNL0c/lvXwt//2LGgAAAACZgoyJpFcT/u7IImFpjLfBb3Dl5p"
+      "UIkzVhYlpa26W6oMAAAAAAAADjTCCA4kwggJxoAMCAQICFA1KP/RtK8+3yYlk8NIWOkyMj0"
+      "UiMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzExMjcwMDAwM"
+      "DBaGA8yMDIwMDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjAN"
+      "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz"
+      "1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4IC"
+      "mTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXk"
+      "D3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK"
+      "9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP"
+      "+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHHMIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdI"
+      "INKi5leGFtcGxlLmNvbYIVKi5waW5uaW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZ"
+      "G9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5u"
+      "aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x"
+      "vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEApILjYTMlQmIcmF3xNtsDb5WqGy"
+      "tmEW+DhjMckiCrkPNDdF5TvsaSyU7PWMxVWNfiUxzXs9UH8D/SiXmc5081cy4eLL9LMMf/q"
+      "FMQny29FSJf5HVKi5GxmKwJrY3jimS2qlbUR9AZ5mz6MC2pNaYup0GDlPmi/UDrr0/49616"
+      "IpnHaOl90ytUjdv+uHxjMhv6cGrPiV3oW0XlH+J9XsJPOAA7W/nsPLUQCn/7scylI+bf1IK"
+      "g7J01qucFHOSCSsKB0+NbEJzaj4NdsePlhlogLFgqUf4SmBxRq+62+CUxhDwCaVnL/VrWWA"
+      "L8E+/GtsaR6eVzYJY9eiI1hLpLyblNVmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtul"
+      "uqDAAAAAAAAAtcwggLTMIIBu6ADAgECAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG"
+      "9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDA"
+      "yMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw"
+      "AwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm"
+      "24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP"
+      "8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFth"
+      "Vt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7Ly"
+      "JvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NA"
+      "gMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB"
+      "AQAgyCfLAcVs/MkERxunH9pZA4ja1QWWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR"
+      "3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmL"
+      "NeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8Oal"
+      "QICt0M0wx29B6HNof3px2NxKyC6qlf01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+S"
+      "Xo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB96muQQ2M3WDiMz5ZLI3oMLu8KSPsAA==");
+
+  deserializeAndVerify(base64Serialization, Nothing(), Some(2));
+}
+
+TEST(psm_DeserializeCert, preNsIX509CertListReplacementV2)
+{
+  // Same as the above test, however, this is the v2 version of the
+  // serialization.
+  nsCString base64Serialization(
+      "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgA"
+      "AAAAAAAAAAAAAAAAAAAEAMgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
+      "AAAAONMIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQELB"
+      "QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAwMjA1MDAw"
+      "MDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4I"
+      "BDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZ"
+      "wGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tF"
+      "YIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n"
+      "FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN"
+      "7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe"
+      "2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tg"
+      "hUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu"
+      "ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20"
+      "wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA"
+      "0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvlaobK2YRb4OGMxySIKuQ80N0X"
+      "lO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0swx/+oUxCfLb0VIl/kdUqLkbGY"
+      "rAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j3rXoimcdo6X3TK1SN2/64fGM"
+      "yG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t/UgqDsnTWq5wUc5IJKwoHT41"
+      "sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16I"
+      "jWEukvJuU1WEwEABAAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYBlZ+x"
+      "ZWUXSH+rm9iRO+Uxl650zaXNL0c/lvXwt//2LGgAAAACZgoyJpFcT/u7IImFpjLfBb3Dl5p"
+      "UIkzVhYlpa26W6oMAAAAAAAADjTCCA4kwggJxoAMCAQICFA1KP/RtK8+3yYlk8NIWOkyMj0"
+      "UiMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzExMjcwMDAwM"
+      "DBaGA8yMDIwMDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjAN"
+      "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz"
+      "1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4IC"
+      "mTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXk"
+      "D3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK"
+      "9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP"
+      "+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHHMIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdI"
+      "INKi5leGFtcGxlLmNvbYIVKi5waW5uaW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZ"
+      "G9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5u"
+      "aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x"
+      "vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEApILjYTMlQmIcmF3xNtsDb5WqGy"
+      "tmEW+DhjMckiCrkPNDdF5TvsaSyU7PWMxVWNfiUxzXs9UH8D/SiXmc5081cy4eLL9LMMf/q"
+      "FMQny29FSJf5HVKi5GxmKwJrY3jimS2qlbUR9AZ5mz6MC2pNaYup0GDlPmi/UDrr0/49616"
+      "IpnHaOl90ytUjdv+uHxjMhv6cGrPiV3oW0XlH+J9XsJPOAA7W/nsPLUQCn/7scylI+bf1IK"
+      "g7J01qucFHOSCSsKB0+NbEJzaj4NdsePlhlogLFgqUf4SmBxRq+62+CUxhDwCaVnL/VrWWA"
+      "L8E+/GtsaR6eVzYJY9eiI1hLpLyblNVmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtul"
+      "uqDAAAAAAAAAtcwggLTMIIBu6ADAgECAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG"
+      "9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDA"
+      "yMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw"
+      "AwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm"
+      "24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP"
+      "8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFth"
+      "Vt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7Ly"
+      "JvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NA"
+      "gMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB"
+      "AQAgyCfLAcVs/MkERxunH9pZA4ja1QWWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR"
+      "3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmL"
+      "NeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8Oal"
+      "QICt0M0wx29B6HNof3px2NxKyC6qlf01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+S"
+      "Xo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB96muQQ2M3WDiMz5ZLI3oMLu8KSPsAAA=");
+
+  deserializeAndVerify(base64Serialization, Nothing(), Some(2));
+}
+
+TEST(psm_DeserializeCert, preNsIX509CertListReplacementWithFailedChain)
+{
+  // This was the serialized output of test "expired.example.com"
+  // in security/manager/ssl/tests/unit/test_cert_chains.js
+  // The serialized output was generated before we replace nsIX509CertList with
+  // Array<nsIX509Cert>, so it had the old version of transportSecurityInfo.
+  nsCString base64Serialization(
+      "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAABAA"
+      "AAAAAAAAA///gCwAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
+      "AAAAMgMIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQELB"
+      "QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQwMTAxMDAw"
+      "MDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvc"
+      "NAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wc"
+      "clqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk2"
+      "7lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI"
+      "H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wn"
+      "vuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxD"
+      "HVA6zaGAo17Y0CAwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyB"
+      "ggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ"
+      "KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzfT+ow5WV"
+      "sxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5hmu/81rkJLmZ8RQ"
+      "DWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3L9zJ2JqNc60+hB8l297Za"
+      "Sl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74VkQyNobaFzDZ+Zr3QmfbejEsY2EYn"
+      "q8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZgBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFw"
+      "WwtnoK7IAAAAAAAEAAAEAAQAAAAAAAAAAAAAAAZWfsWVlF0h/q5vYkTvlMZeudM2lzS9HP5"
+      "b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwg"
+      "gMcMIICBKADAgECAhRj0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAw"
+      "DgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAwMDAwWhgPMjAxNDAxMDEwMDAwMDBaMCI"
+      "xIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAA"
+      "OCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngfv"
+      "bGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO"
+      "7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEP"
+      "vJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naO"
+      "Gzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYC"
+      "jXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUF"
+      "BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0"
+      "BAQsFAAOCAQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF"
+      "0DjclopP2B8yxuc/WqIjbN6XdT4XsgAw7UISvkVV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrK"
+      "f/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb3tlpKXSdsp99"
+      "vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag"
+      "7gO5iubzT+npsw7qVoHRS/lbq5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsm"
+      "YKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAtcwggLTMIIBu6ADAgECA"
+      "hQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0"
+      "IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1R"
+      "lc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBj"
+      "YQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJ"
+      "JwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw"
+      "JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7f"
+      "ilhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL"
+      "8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wC"
+      "wYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1QWW"
+      "jsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv6"
+      "3dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ4"
+      "69RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf01"
+      "wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB"
+      "96muQQ2M3WDiMz5ZLI3oMLu8KSPs");
+
+  deserializeAndVerify(base64Serialization, Some(2));
+}
+
+TEST(psm_DeserializeCert, preNsIX509CertListReplacementWithFailedChainV2)
+{
+  // Same as the above test, however, this is the v2 version of the
+  // serialization.
+  nsCString base64Serialization(
+      "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAABAA"
+      "AAAAAAAAA///gCwAAAAEAMgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
+      "AAAAMgMIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQELB"
+      "QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQwMTAxMDAw"
+      "MDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvc"
+      "NAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wc"
+      "clqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk2"
+      "7lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI"
+      "H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wn"
+      "vuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxD"
+      "HVA6zaGAo17Y0CAwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyB"
+      "ggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ"
+      "KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzfT+ow5WV"
+      "sxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5hmu/81rkJLmZ8RQ"
+      "DWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3L9zJ2JqNc60+hB8l297Za"
+      "Sl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74VkQyNobaFzDZ+Zr3QmfbejEsY2EYn"
+      "q8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZgBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFw"
+      "WwtnoK7IAAAAAAAEAAAEAAQAAAAAAAAAAAAAAAZWfsWVlF0h/q5vYkTvlMZeudM2lzS9HP5"
+      "b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwg"
+      "gMcMIICBKADAgECAhRj0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAw"
+      "DgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAwMDAwWhgPMjAxNDAxMDEwMDAwMDBaMCI"
+      "xIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAA"
+      "OCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngfv"
+      "bGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO"
+      "7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEP"
+      "vJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naO"
+      "Gzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYC"
+      "jXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUF"
+      "BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0"
+      "BAQsFAAOCAQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF"
+      "0DjclopP2B8yxuc/WqIjbN6XdT4XsgAw7UISvkVV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrK"
+      "f/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb3tlpKXSdsp99"
+      "vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag"
+      "7gO5iubzT+npsw7qVoHRS/lbq5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsm"
+      "YKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAtcwggLTMIIBu6ADAgECA"
+      "hQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0"
+      "IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1R"
+      "lc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBj"
+      "YQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJ"
+      "JwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw"
+      "JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7f"
+      "ilhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL"
+      "8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wC"
+      "wYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1QWW"
+      "jsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv6"
+      "3dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ4"
+      "69RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf01"
+      "wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB"
+      "96muQQ2M3WDiMz5ZLI3oMLu8KSPsAA==");
+
+  deserializeAndVerify(base64Serialization, Some(2));
+}
diff --git a/security/manager/ssl/tests/gtest/HMACTest.cpp b/security/manager/ssl/tests/gtest/HMACTest.cpp
new file mode 100644
index 0000000000..679c101124
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/HMACTest.cpp
@@ -0,0 +1,64 @@
+#include <string>
+#include "gtest/gtest.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/gtest/MozAssertions.h"
+#include "mozilla/Span.h"
+#include "nss.h"
+#include "secoidt.h"
+
+// From RFC 2202
+const unsigned char kTestKey[] = "Jefe";
+const unsigned char kTestInput[] = "what do ya want for nothing?";
+
+struct HMACTestCase {
+  SECOidTag hashAlg;
+  std::basic_string<uint8_t> expectedOutput;
+};
+
+#define EXPECTED_RESULT(val)                                        \
+  std::basic_string<uint8_t>(reinterpret_cast<const uint8_t*>(val), \
+                             sizeof(val) - 1)
+
+static const HMACTestCase HMACTestCases[] = {
+    {
+        SEC_OID_MD5,
+        EXPECTED_RESULT(
+            "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38"),
+    },
+    {
+        SEC_OID_SHA256,
+        EXPECTED_RESULT(
+            "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7"
+            "\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43"),
+    },
+};
+
+#undef EXPECTED_RESULT
+
+class psm_HMAC : public ::testing::Test,
+                 public ::testing::WithParamInterface<HMACTestCase> {
+ public:
+  void SetUp() override { NSS_NoDB_Init(nullptr); }
+};
+
+TEST_P(psm_HMAC, Test) {
+  mozilla::HMAC hmac;
+  const HMACTestCase& testCase(GetParam());
+  nsresult rv = hmac.Begin(testCase.hashAlg,
+                           mozilla::Span(kTestKey, sizeof(kTestKey) - 1));
+  ASSERT_NS_SUCCEEDED(rv);
+  rv = hmac.Update(reinterpret_cast<const unsigned char*>(kTestInput),
+                   sizeof(kTestInput) - 1);
+  ASSERT_NS_SUCCEEDED(rv);
+  nsTArray<uint8_t> output;
+  rv = hmac.End(output);
+  ASSERT_NS_SUCCEEDED(rv);
+  EXPECT_EQ(output.Length(), testCase.expectedOutput.length());
+  for (size_t i = 0; i < output.Length(); i++) {
+    EXPECT_EQ(output[i], testCase.expectedOutput[i]);
+  }
+}
+
+INSTANTIATE_TEST_SUITE_P(psm_HMAC, psm_HMAC,
+                         ::testing::ValuesIn(HMACTestCases));
diff --git a/security/manager/ssl/tests/gtest/MD4Test.cpp b/security/manager/ssl/tests/gtest/MD4Test.cpp
new file mode 100644
index 0000000000..0dfc938358
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/MD4Test.cpp
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This file tests the md4.c implementation.
+
+#include "gtest/gtest.h"
+#include "md4.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Casting.h"
+
+struct RFC1320TestParams {
+  const char* data;
+  const uint8_t expectedHash[16];
+};
+
+static const RFC1320TestParams RFC1320_TEST_PARAMS[] = {
+    {"",
+     {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59, 0xd7,
+      0xe0, 0xc0, 0x89, 0xc0}},
+    {"a",
+     {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, 0x24, 0x5e, 0x05, 0xfb,
+      0xdb, 0xd6, 0xfb, 0x24}},
+    {"abc",
+     {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8,
+      0x7a, 0xa6, 0x72, 0x9d}},
+    {"message digest",
+     {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, 0x18, 0x87, 0x48, 0x06,
+      0xe1, 0xc7, 0x01, 0x4b}},
+    {
+        "abcdefghijklmnopqrstuvwxyz",
+        {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, 0xee, 0xa8, 0xed, 0x63,
+         0xdf, 0x41, 0x2d, 0xa9},
+    },
+    {
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, 0x1c, 0xe6, 0x27, 0xe1,
+         0x53, 0xe7, 0xf0, 0xe4},
+    },
+    {
+        "1234567890123456789012345678901234567890123456789012345678901234567890"
+        "1234567890",
+        {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, 0x9c, 0x3e, 0x7b, 0x16,
+         0x4f, 0xcc, 0x05, 0x36},
+    }};
+
+class psm_MD4 : public ::testing::Test,
+                public ::testing::WithParamInterface<RFC1320TestParams> {};
+
+TEST_P(psm_MD4, RFC1320TestValues) {
+  const RFC1320TestParams& params(GetParam());
+  uint8_t actualHash[16];
+  md4sum(mozilla::BitwiseCast<const uint8_t*, const char*>(params.data),
+         strlen(params.data), actualHash);
+  EXPECT_TRUE(mozilla::ArrayEqual(actualHash, params.expectedHash))
+      << "MD4 hashes aren't equal for input: '" << params.data << "'";
+}
+
+INSTANTIATE_TEST_SUITE_P(psm_MD4, psm_MD4,
+                         testing::ValuesIn(RFC1320_TEST_PARAMS));
diff --git a/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
new file mode 100644
index 0000000000..23d0cefc2b
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
@@ -0,0 +1,357 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertVerifier.h"
+#include "OCSPCache.h"
+#include "gtest/gtest.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Sprintf.h"
+#include "nss.h"
+#include "mozpkix/pkixtypes.h"
+#include "mozpkix/test/pkixtestutil.h"
+#include "prerr.h"
+#include "secerr.h"
+
+using namespace mozilla::pkix;
+using namespace mozilla::pkix::test;
+
+using mozilla::OriginAttributes;
+
+template <size_t N>
+inline Input LiteralInput(const char (&valueString)[N]) {
+  // Ideally we would use mozilla::BitwiseCast() here rather than
+  // reinterpret_cast for better type checking, but the |N - 1| part trips
+  // static asserts.
+  return Input(reinterpret_cast<const uint8_t(&)[N - 1]>(valueString));
+}
+
+const int MaxCacheEntries = 1024;
+
+class psm_OCSPCacheTest : public ::testing::Test {
+ protected:
+  psm_OCSPCacheTest() : now(Now()) {}
+
+  static void SetUpTestCase() { NSS_NoDB_Init(nullptr); }
+
+  const Time now;
+  mozilla::psm::OCSPCache cache;
+};
+
+static void PutAndGet(
+    mozilla::psm::OCSPCache& cache, const CertID& certID, Result result,
+    Time time, const OriginAttributes& originAttributes = OriginAttributes()) {
+  // The first time is thisUpdate. The second is validUntil.
+  // The caller is expecting the validUntil returned with Get
+  // to be equal to the passed-in time. Since these values will
+  // be different in practice, make thisUpdate less than validUntil.
+  Time thisUpdate(time);
+  ASSERT_EQ(Success, thisUpdate.SubtractSeconds(10));
+  Result rv = cache.Put(certID, originAttributes, result, thisUpdate, time);
+  ASSERT_TRUE(rv == Success);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, originAttributes, resultOut, timeOut));
+  ASSERT_EQ(result, resultOut);
+  ASSERT_EQ(time, timeOut);
+}
+
+Input fakeIssuer1(LiteralInput("CN=issuer1"));
+Input fakeKey000(LiteralInput("key000"));
+Input fakeKey001(LiteralInput("key001"));
+Input fakeSerial0000(LiteralInput("0000"));
+
+TEST_F(psm_OCSPCacheTest, TestPutAndGet) {
+  Input fakeSerial000(LiteralInput("000"));
+  Input fakeSerial001(LiteralInput("001"));
+
+  SCOPED_TRACE("");
+  PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial001), Success,
+            now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial000),
+                         OriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestVariousGets) {
+  SCOPED_TRACE("");
+  for (int i = 0; i < MaxCacheEntries; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf),
+             sizeof(serialBuf), "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial), Success,
+              timeIn);
+  }
+
+  Time timeIn(now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+
+  // This will be at the end of the list in the cache
+  CertID cert0000(fakeIssuer1, fakeKey000, fakeSerial0000);
+  ASSERT_TRUE(cache.Get(cert0000, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+  // Once we access it, it goes to the front
+  ASSERT_TRUE(cache.Get(cert0000, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+
+  // This will be in the middle
+  Time timeInPlus512(now);
+  ASSERT_EQ(Success, timeInPlus512.AddSeconds(512));
+
+  static const Input fakeSerial0512(LiteralInput("0512"));
+  CertID cert0512(fakeIssuer1, fakeKey000, fakeSerial0512);
+  ASSERT_TRUE(cache.Get(cert0512, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeInPlus512, timeOut);
+  ASSERT_TRUE(cache.Get(cert0512, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeInPlus512, timeOut);
+
+  // We've never seen this certificate
+  static const Input fakeSerial1111(LiteralInput("1111"));
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey000, fakeSerial1111),
+                         OriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestEviction) {
+  SCOPED_TRACE("");
+  // By putting more distinct entries in the cache than it can hold,
+  // we cause the least recently used entry to be evicted.
+  for (int i = 0; i < MaxCacheEntries + 1; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf),
+             sizeof(serialBuf), "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial), Success,
+              timeIn);
+  }
+
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial0000),
+                         OriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestNoEvictionForRevokedResponses) {
+  SCOPED_TRACE("");
+  CertID notEvicted(fakeIssuer1, fakeKey000, fakeSerial0000);
+  Time timeIn(now);
+  PutAndGet(cache, notEvicted, Result::ERROR_REVOKED_CERTIFICATE, timeIn);
+  // By putting more distinct entries in the cache than it can hold,
+  // we cause the least recently used entry that isn't revoked to be evicted.
+  for (int i = 1; i < MaxCacheEntries + 1; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf),
+             sizeof(serialBuf), "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial), Success,
+              timeIn);
+  }
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(notEvicted, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+
+  Input fakeSerial0001(LiteralInput("0001"));
+  CertID evicted(fakeIssuer1, fakeKey000, fakeSerial0001);
+  ASSERT_FALSE(cache.Get(evicted, OriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestEverythingIsRevoked) {
+  SCOPED_TRACE("");
+  Time timeIn(now);
+  // Fill up the cache with revoked responses.
+  for (int i = 0; i < MaxCacheEntries; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf),
+             sizeof(serialBuf), "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Result::ERROR_REVOKED_CERTIFICATE, timeIn);
+  }
+  static const Input fakeSerial1025(LiteralInput("1025"));
+  CertID good(fakeIssuer1, fakeKey000, fakeSerial1025);
+  // This will "succeed", allowing verification to continue. However,
+  // nothing was actually put in the cache.
+  Time timeInPlus1025(timeIn);
+  ASSERT_EQ(Success, timeInPlus1025.AddSeconds(1025));
+  Time timeInPlus1025Minus50(timeInPlus1025);
+  ASSERT_EQ(Success, timeInPlus1025Minus50.SubtractSeconds(50));
+  Result result = cache.Put(good, OriginAttributes(), Success,
+                            timeInPlus1025Minus50, timeInPlus1025);
+  ASSERT_EQ(Success, result);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(good, OriginAttributes(), resultOut, timeOut));
+
+  static const Input fakeSerial1026(LiteralInput("1026"));
+  CertID revoked(fakeIssuer1, fakeKey000, fakeSerial1026);
+  // This will fail, causing verification to fail.
+  Time timeInPlus1026(timeIn);
+  ASSERT_EQ(Success, timeInPlus1026.AddSeconds(1026));
+  Time timeInPlus1026Minus50(timeInPlus1026);
+  ASSERT_EQ(Success, timeInPlus1026Minus50.SubtractSeconds(50));
+  result =
+      cache.Put(revoked, OriginAttributes(), Result::ERROR_REVOKED_CERTIFICATE,
+                timeInPlus1026Minus50, timeInPlus1026);
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, result);
+}
+
+TEST_F(psm_OCSPCacheTest, VariousIssuers) {
+  SCOPED_TRACE("");
+  Time timeIn(now);
+  static const Input fakeIssuer2(LiteralInput("CN=issuer2"));
+  static const Input fakeSerial001(LiteralInput("001"));
+  CertID subject(fakeIssuer1, fakeKey000, fakeSerial001);
+  PutAndGet(cache, subject, Success, now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(subject, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+  // Test that we don't match a different issuer DN
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer2, fakeKey000, fakeSerial001),
+                         OriginAttributes(), resultOut, timeOut));
+  // Test that we don't match a different issuer key
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial001),
+                         OriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, Times) {
+  SCOPED_TRACE("");
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+  PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT,
+            TimeFromElapsedSecondsAD(100));
+  PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200));
+  // This should not override the more recent entry.
+  ASSERT_EQ(
+      Success,
+      cache.Put(certID, OriginAttributes(), Result::ERROR_OCSP_UNKNOWN_CERT,
+                TimeFromElapsedSecondsAD(100), TimeFromElapsedSecondsAD(100)));
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, OriginAttributes(), resultOut, timeOut));
+  // Here we see the more recent time.
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut);
+
+  // Result::ERROR_REVOKED_CERTIFICATE overrides everything
+  PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE,
+            TimeFromElapsedSecondsAD(50));
+}
+
+TEST_F(psm_OCSPCacheTest, NetworkFailure) {
+  SCOPED_TRACE("");
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+  PutAndGet(cache, certID, Result::ERROR_CONNECT_REFUSED,
+            TimeFromElapsedSecondsAD(100));
+  PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200));
+  // This should not override the already present entry.
+  ASSERT_EQ(
+      Success,
+      cache.Put(certID, OriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                TimeFromElapsedSecondsAD(300), TimeFromElapsedSecondsAD(350)));
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut);
+
+  PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT,
+            TimeFromElapsedSecondsAD(400));
+  // This should not override the already present entry.
+  ASSERT_EQ(
+      Success,
+      cache.Put(certID, OriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                TimeFromElapsedSecondsAD(500), TimeFromElapsedSecondsAD(550)));
+  ASSERT_TRUE(cache.Get(certID, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_OCSP_UNKNOWN_CERT, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(400), timeOut);
+
+  PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE,
+            TimeFromElapsedSecondsAD(600));
+  // This should not override the already present entry.
+  ASSERT_EQ(
+      Success,
+      cache.Put(certID, OriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                TimeFromElapsedSecondsAD(700), TimeFromElapsedSecondsAD(750)));
+  ASSERT_TRUE(cache.Get(certID, OriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(600), timeOut);
+}
+
+TEST_F(psm_OCSPCacheTest, TestOriginAttributes) {
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+
+  // We test two attributes, firstPartyDomain and partitionKey, respectively
+  // because we don't have entries that have both attributes set because the two
+  // features that use these attributes are mutually exclusive.
+
+  // Set pref for OCSP cache network partitioning.
+  mozilla::Preferences::SetBool("privacy.partition.network_state.ocsp_cache",
+                                true);
+
+  SCOPED_TRACE("");
+  OriginAttributes attrs;
+  attrs.mFirstPartyDomain.AssignLiteral("foo.com");
+  PutAndGet(cache, certID, Success, now, attrs);
+
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  attrs.mFirstPartyDomain.AssignLiteral("bar.com");
+  ASSERT_FALSE(cache.Get(certID, attrs, resultOut, timeOut));
+
+  // OCSP cache should not be isolated by containers for firstPartyDomain.
+  attrs.mUserContextId = 1;
+  attrs.mFirstPartyDomain.AssignLiteral("foo.com");
+  ASSERT_TRUE(cache.Get(certID, attrs, resultOut, timeOut));
+
+  // Clear originAttributes.
+  attrs.mUserContextId = 0;
+  attrs.mFirstPartyDomain.Truncate();
+
+  // Add OCSP cache for the partitionKey.
+  attrs.mPartitionKey.AssignLiteral("(https,foo.com)");
+  PutAndGet(cache, certID, Success, now, attrs);
+
+  // Check cache entry for the partitionKey.
+  attrs.mPartitionKey.AssignLiteral("(https,foo.com)");
+  ASSERT_TRUE(cache.Get(certID, attrs, resultOut, timeOut));
+
+  // OCSP cache entry should not exist for the other partitionKey.
+  attrs.mPartitionKey.AssignLiteral("(https,bar.com)");
+  ASSERT_FALSE(cache.Get(certID, attrs, resultOut, timeOut));
+
+  // OCSP cache should not be isolated by containers for partitonKey.
+  attrs.mUserContextId = 1;
+  attrs.mPartitionKey.AssignLiteral("(https,foo.com)");
+  ASSERT_TRUE(cache.Get(certID, attrs, resultOut, timeOut));
+
+  // OCSP cache should not exist for the OAs which has both attributes set.
+  attrs.mUserContextId = 0;
+  attrs.mFirstPartyDomain.AssignLiteral("foo.com");
+  attrs.mPartitionKey.AssignLiteral("(https,foo.com)");
+  ASSERT_FALSE(cache.Get(certID, attrs, resultOut, timeOut));
+}
diff --git a/security/manager/ssl/tests/gtest/README.txt b/security/manager/ssl/tests/gtest/README.txt
new file mode 100644
index 0000000000..0e51322690
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/README.txt
@@ -0,0 +1,2 @@
+Please name all test cases in this directory with the prefix "psm". This makes
+it easier to run all PSM related GTests at once.
diff --git a/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
new file mode 100644
index 0000000000..0c9d3ef60d
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
@@ -0,0 +1,383 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSIOLayer.h"
+#include "sslproto.h"
+#include "sslerr.h"
+
+#include "gtest/gtest.h"
+
+constexpr auto HOST = "example.org"_ns;
+const int16_t PORT = 443;
+
+class psm_TLSIntoleranceTest : public ::testing::Test {
+ protected:
+  nsSSLIOLayerHelpers helpers;
+};
+
+TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess) {
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, helpers.mVersionFallbackLimit);
+
+  // No adjustment made when there is no entry for the site.
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, range.min,
+                                                    range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, range.min,
+                                                    range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
+
+    ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, range.min,
+                                                     range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    // When rememberIntolerantAtVersion returns false, it also resets the
+    // intolerance information for the server.
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, DisableFallbackWithHighLimit) {
+  // this value disables version fallback entirely: with this value, all efforts
+  // to mark an origin as version intolerant fail
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_2, 0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_1, 0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_0, 0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, FallbackLimitBelowMin) {
+  // check that we still respect the minimum version,
+  // when it is higher than the fallback limit
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_2, 0));
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  }
+
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_1, 0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant1) {
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_1, 0));
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_2};
+  helpers.adjustForTLSIntolerance(HOST, PORT, range);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant2) {
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_1, 0));
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2);
+  SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_2};
+  helpers.adjustForTLSIntolerance(HOST, PORT, range);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntolerantDoesNotOverrideTolerant) {
+  // No adjustment made when there is no entry for the site.
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  // false because we reached the floor set by rememberTolerantAtVersion.
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(
+      HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_1, 0));
+  SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_2};
+  helpers.adjustForTLSIntolerance(HOST, PORT, range);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+}
+
+TEST_F(psm_TLSIntoleranceTest, PortIsRelevant) {
+  helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(
+      HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_2, 0));
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(
+      HOST, 2, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_2, 0));
+
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, 1, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+
+  {
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, 2, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonInitial) {
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberTolerantAtVersion(HOST, 2, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 2));
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonStored) {
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_2,
+                                      SSL_ERROR_BAD_SERVER);
+  ASSERT_EQ(SSL_ERROR_BAD_SERVER, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_1,
+                                      SSL_ERROR_BAD_MAC_READ);
+  ASSERT_EQ(SSL_ERROR_BAD_MAC_READ, helpers.getIntoleranceReason(HOST, 1));
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonCleared) {
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_2,
+                                      SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+  ASSERT_EQ(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT,
+            helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance) {
+  {
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(
+        HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_2,
+        0));
+
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance) {
+  {
+    helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+
+  {
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(
+        HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_2,
+        0));
+
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = {SSL_LIBRARY_VERSION_TLS_1_0,
+                             SSL_LIBRARY_VERSION_TLS_1_2};
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSPerSiteFallbackLimit) {
+  constexpr auto example_com = "example.com"_ns;
+  constexpr auto example_net = "example.net"_ns;
+  constexpr auto example_org = "example.org"_ns;
+
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0;
+
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(example_com);
+
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites("example.com,example.net"_ns);
+
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(example_net);
+
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(""_ns);
+
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(
+      helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+}
diff --git a/security/manager/ssl/tests/gtest/moz.build b/security/manager/ssl/tests/gtest/moz.build
new file mode 100644
index 0000000000..9f793fd7cb
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/moz.build
@@ -0,0 +1,26 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SOURCES += [
+    "CertDBTest.cpp",
+    "CoseTest.cpp",
+    "DataStorageTest.cpp",
+    "DeserializeCertTest.cpp",
+    "HMACTest.cpp",
+    "MD4Test.cpp",
+    "OCSPCacheTest.cpp",
+    "TLSIntoleranceTest.cpp",
+]
+
+LOCAL_INCLUDES += [
+    "/security/certverifier",
+    "/security/manager/ssl",
+    "/third_party/rust/cose-c/include",
+]
+
+include("/ipc/chromium/chromium-config.mozbuild")
+
+FINAL_LIBRARY = "xul-gtest"
diff --git a/security/manager/ssl/tests/mochitest/browser/browser.ini b/security/manager/ssl/tests/mochitest/browser/browser.ini
new file mode 100644
index 0000000000..8ca1cb1d0d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser.ini
@@ -0,0 +1,40 @@
+[DEFAULT]
+tags = psm
+support-files =
+  *.pem
+  head.js
+  hsts_headers.sjs
+  hsts_headers_framed.html
+  some_content.html
+  some_content_framed.html
+  browser_clientAuth_speculative_connection.html
+
+[browser_HSTS.js]
+https_first_disabled = true
+[browser_add_exception_dialog.js]
+[browser_bug627234_perwindowpb.js]
+[browser_certViewer.js]
+skip-if = verify
+[browser_certificateManager.js]
+[browser_clientAuthRememberService.js]
+skip-if =
+  os == "win" && os_version == "6.1" # Skip on Azure - frequent failure
+[browser_clientAuth_connection.js]
+# Any test that has to delete certificates (e.g. as part of cleanup) is
+# fundamentally incompatible with verify due to how NSS handles deleting
+# certificates.
+skip-if =
+  verify
+  socketprocess_networking
+  os == "win" && os_version == "6.1" # Skip on Azure - frequent failure
+[browser_clientAuth_speculative_connection.js]
+skip-if = socketprocess_networking
+[browser_clientAuth_ui.js]
+[browser_deleteCert_ui.js]
+[browser_downloadCert_ui.js]
+[browser_editCACertTrust.js]
+# An earlier attempt at landing this test resulted in frequent intermittent
+# failures, almost entirely on Linux. See Bug 1309519.
+skip-if = os == "linux"
+[browser_exportP12_passwordUI.js]
+[browser_loadPKCS11Module_ui.js]
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_HSTS.js b/security/manager/ssl/tests/mochitest/browser/browser_HSTS.js
new file mode 100644
index 0000000000..f578ac7c4f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_HSTS.js
@@ -0,0 +1,277 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests that HTTP Strict Transport Security (HSTS) headers are noted as appropriate.
+
+// Register a cleanup function to clear all accumulated HSTS state when this
+// test is done.
+add_task(async function register_cleanup() {
+  registerCleanupFunction(() => {
+    let sss = Cc["@mozilla.org/ssservice;1"].getService(
+      Ci.nsISiteSecurityService
+    );
+    sss.clearAll();
+  });
+});
+
+// In the absense of HSTS information, no upgrade should happen.
+add_task(async function test_no_hsts_information_no_upgrade() {
+  let httpUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, httpUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "http");
+  gBrowser.removeCurrentTab();
+});
+
+// Visit a secure site that sends an HSTS header to set up the rest of the
+// test.
+add_task(async function see_hsts_header() {
+  let setHstsUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "https://example.com"
+    ) + "hsts_headers.sjs";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, setHstsUrl);
+  gBrowser.removeCurrentTab();
+});
+
+// Given a known HSTS host, future http navigations to that domain will be
+// upgraded.
+add_task(async function test_http_upgrade() {
+  let httpUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, httpUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "https");
+  gBrowser.removeCurrentTab();
+});
+
+// http navigations to unrelated hosts should not be upgraded.
+add_task(async function test_unrelated_domain_no_upgrade() {
+  let differentHttpUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://example.org"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, differentHttpUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "http");
+  gBrowser.removeCurrentTab();
+});
+
+// http navigations in private contexts shouldn't use information from
+// non-private contexts, so no upgrade should occur.
+add_task(async function test_private_window_no_upgrade() {
+  await SpecialPowers.pushPrefEnv({
+    set: [["dom.security.https_first_pbm", false]],
+  });
+  let privateWindow = OpenBrowserWindow({ private: true });
+  await BrowserTestUtils.firstBrowserLoaded(privateWindow, false);
+  let url =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(privateWindow.gBrowser, url);
+  Assert.equal(
+    privateWindow.gBrowser.selectedBrowser.currentURI.scheme,
+    "http"
+  );
+  privateWindow.gBrowser.removeCurrentTab();
+  privateWindow.close();
+});
+
+// Since the header didn't specify "includeSubdomains", visiting a subdomain
+// should not result in an upgrade.
+add_task(async function test_subdomain_no_upgrade() {
+  let subdomainHttpUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://test1.example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, subdomainHttpUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "http");
+  gBrowser.removeCurrentTab();
+});
+
+// Now visit a secure site that sends an HSTS header that also includes subdomains.
+add_task(async function see_hsts_header_include_subdomains() {
+  let setHstsUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "https://example.com"
+    ) + "hsts_headers.sjs?includeSubdomains";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, setHstsUrl);
+  gBrowser.removeCurrentTab();
+});
+
+// Now visiting a subdomain should result in an upgrade.
+add_task(async function test_subdomain_upgrade() {
+  let subdomainHttpUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://test1.example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, subdomainHttpUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "https");
+  gBrowser.removeCurrentTab();
+});
+
+// Visiting a subdomain with https should result in an https URL (this isn't an
+// upgrade - this test is essentially a consistency check).
+add_task(async function test_already_https() {
+  let subdomainHttpsUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "https://test2.example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, subdomainHttpsUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "https");
+  gBrowser.removeCurrentTab();
+});
+
+// Test that subresources are upgraded.
+add_task(async function test_iframe_upgrade() {
+  let framedUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "https://example.com"
+    ) + "some_content_framed.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, framedUrl);
+  await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () {
+    await ContentTaskUtils.waitForCondition(() => {
+      let frame = content.document.getElementById("frame");
+      if (frame) {
+        return frame.baseURI.startsWith("https://");
+      }
+      return false;
+    });
+  });
+  gBrowser.removeCurrentTab();
+});
+
+// Clear state.
+add_task(async function clear_hsts_state() {
+  let sss = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  sss.clearAll();
+});
+
+// Make sure this test is valid.
+add_task(async function test_no_hsts_information_no_upgrade_again() {
+  let httpUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, httpUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "http");
+  gBrowser.removeCurrentTab();
+});
+
+// Visit a site with an iframe that loads first-party content that sends an
+// HSTS header. The header should be heeded because it's first-party.
+add_task(async function see_hsts_header_in_framed_first_party_context() {
+  let framedUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "https://example.com"
+    ) + "hsts_headers_framed.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, framedUrl);
+  await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () {
+    await ContentTaskUtils.waitForCondition(() => {
+      return content.document.getElementById("done");
+    });
+  });
+  gBrowser.removeCurrentTab();
+});
+
+// Check that the framed, first-party header was heeded.
+add_task(async function test_http_upgrade_after_framed_first_party_header() {
+  let httpUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://example.com"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, httpUrl);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "https");
+  gBrowser.removeCurrentTab();
+});
+
+// Visit a site with an iframe that loads third-party content that sends an
+// HSTS header. The header should be ignored because it's third-party.
+add_task(async function see_hsts_header_in_third_party_context() {
+  let framedUrl =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "https://example.com"
+    ) + "hsts_headers_framed.html?third-party";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, framedUrl);
+  await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () {
+    await ContentTaskUtils.waitForCondition(() => {
+      return content.document.getElementById("done");
+    });
+  });
+  gBrowser.removeCurrentTab();
+});
+
+// Since the HSTS header was not received in a first-party context, no upgrade
+// should occur.
+add_task(async function test_no_upgrade_for_third_party_header() {
+  let url =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "http://example.org"
+    ) + "some_content.html";
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, url);
+  Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "http");
+  gBrowser.removeCurrentTab();
+});
+
+// Clear state again.
+add_task(async function clear_hsts_state_again() {
+  let sss = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  sss.clearAll();
+});
+
+// HSTS information encountered in private contexts should not be used in
+// non-private contexts.
+add_task(
+  async function test_no_upgrade_for_HSTS_information_from_private_window() {
+    await SpecialPowers.pushPrefEnv({
+      set: [["dom.security.https_first_pbm", false]],
+    });
+    let privateWindow = OpenBrowserWindow({ private: true });
+    await BrowserTestUtils.firstBrowserLoaded(privateWindow, false);
+    let setHstsUrl =
+      getRootDirectory(gTestPath).replace(
+        "chrome://mochitests/content",
+        "https://example.com"
+      ) + "hsts_headers.sjs";
+    await BrowserTestUtils.openNewForegroundTab(
+      privateWindow.gBrowser,
+      setHstsUrl
+    );
+    privateWindow.gBrowser.removeCurrentTab();
+
+    let httpUrl =
+      getRootDirectory(gTestPath).replace(
+        "chrome://mochitests/content",
+        "http://example.com"
+      ) + "some_content.html";
+    await BrowserTestUtils.openNewForegroundTab(gBrowser, httpUrl);
+    Assert.equal(gBrowser.selectedBrowser.currentURI.scheme, "http");
+    gBrowser.removeCurrentTab();
+
+    privateWindow.close();
+  }
+);
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js b/security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js
new file mode 100644
index 0000000000..d04af61036
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js
@@ -0,0 +1,69 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// This test makes sure that adding certificate exceptions behaves correctly
+// when done from the prefs window
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+  BrowserWindowTracker: "resource:///modules/BrowserWindowTracker.jsm",
+});
+
+function test() {
+  const EXCEPTIONS_DLG_URL = "chrome://pippki/content/exceptionDialog.xhtml";
+  const EXCEPTIONS_DLG_FEATURES = "chrome,centerscreen";
+  const INVALID_CERT_DOMAIN = "self-signed.example.com";
+  const INVALID_CERT_LOCATION = "https://" + INVALID_CERT_DOMAIN + "/";
+  waitForExplicitFinish();
+
+  function testAddCertificate() {
+    win.removeEventListener("load", testAddCertificate);
+    Services.obs.addObserver(async function onCertUI(aSubject, aTopic, aData) {
+      Services.obs.removeObserver(onCertUI, "cert-exception-ui-ready");
+      ok(win.gCert, "The certificate information should be available now");
+
+      let dialog = win.document.getElementById("exceptiondialog");
+      let confirmButton = dialog.getButton("extra1");
+      confirmButton.click();
+      ok(
+        params.exceptionAdded,
+        "The certificate exception should have been added"
+      );
+
+      registerCleanupFunction(() => {
+        let certOverrideService = Cc[
+          "@mozilla.org/security/certoverride;1"
+        ].getService(Ci.nsICertOverrideService);
+        certOverrideService.clearValidityOverride(INVALID_CERT_DOMAIN, -1, {});
+      });
+
+      BrowserTestUtils.loadURIString(gBrowser, INVALID_CERT_LOCATION);
+      let loaded = await BrowserTestUtils.browserLoaded(
+        gBrowser,
+        false,
+        INVALID_CERT_LOCATION,
+        true
+      );
+      ok(loaded, "The certificate exception should allow the page to load");
+
+      finish();
+    }, "cert-exception-ui-ready");
+  }
+
+  let bWin = BrowserWindowTracker.getTopWindow();
+  let params = {
+    exceptionAdded: false,
+    location: INVALID_CERT_LOCATION,
+    prefetchCert: true,
+  };
+
+  let win = bWin.openDialog(
+    EXCEPTIONS_DLG_URL,
+    "",
+    EXCEPTIONS_DLG_FEATURES,
+    params
+  );
+  win.addEventListener("load", testAddCertificate);
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
new file mode 100644
index 0000000000..564aca088d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+function whenNewWindowLoaded(aOptions, aCallback) {
+  let win = OpenBrowserWindow(aOptions);
+  win.addEventListener(
+    "load",
+    function () {
+      aCallback(win);
+    },
+    { once: true }
+  );
+}
+
+// This is a template to help porting global private browsing tests
+// to per-window private browsing tests
+function test() {
+  // initialization
+  waitForExplicitFinish();
+  let windowsToClose = [];
+  let testURI = "about:blank";
+  let uri;
+  let gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+
+  function originAttributes(aIsPrivateMode) {
+    return aIsPrivateMode ? { privateBrowsingId: 1 } : {};
+  }
+
+  function doTest(aIsPrivateMode, aWindow, aCallback) {
+    BrowserTestUtils.browserLoaded(aWindow.gBrowser.selectedBrowser).then(
+      () => {
+        uri = aWindow.Services.io.newURI("https://localhost/img.png");
+        gSSService.processHeader(
+          uri,
+          "max-age=1000",
+          originAttributes(aIsPrivateMode)
+        );
+        ok(
+          gSSService.isSecureURI(uri, originAttributes(aIsPrivateMode)),
+          "checking sts host"
+        );
+
+        aCallback();
+      }
+    );
+
+    BrowserTestUtils.loadURIString(aWindow.gBrowser.selectedBrowser, testURI);
+  }
+
+  function testOnWindow(aOptions, aCallback) {
+    whenNewWindowLoaded(aOptions, function (aWin) {
+      windowsToClose.push(aWin);
+      // execute should only be called when need, like when you are opening
+      // web pages on the test. If calling executeSoon() is not necesary, then
+      // call whenNewWindowLoaded() instead of testOnWindow() on your test.
+      executeSoon(function () {
+        aCallback(aWin);
+      });
+    });
+  }
+
+  // this function is called after calling finish() on the test.
+  registerCleanupFunction(function () {
+    windowsToClose.forEach(function (aWin) {
+      aWin.close();
+    });
+    uri = Services.io.newURI("http://localhost");
+    gSSService.resetState(uri);
+  });
+
+  // test first when on private mode
+  testOnWindow({ private: true }, function (aWin) {
+    doTest(true, aWin, function () {
+      // test when not on private mode
+      testOnWindow({}, function (aWin) {
+        doTest(false, aWin, function () {
+          // test again when on private mode
+          testOnWindow({ private: true }, function (aWin) {
+            doTest(true, aWin, function () {
+              finish();
+            });
+          });
+        });
+      });
+    });
+  });
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
new file mode 100644
index 0000000000..7f0b8888c1
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@@ -0,0 +1,112 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Repeatedly opens the certificate viewer dialog with various certificates and
+// determines that the viewer correctly identifies either what usages those
+// certificates are valid for or what errors prevented the certificates from
+// being verified.
+
+add_task(async function testCAandTitle() {
+  let cert = await readCertificate("ca.pem", "CTu,CTu,CTu");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "ca");
+});
+
+add_task(async function testSSLEndEntity() {
+  let cert = await readCertificate("ssl-ee.pem", ",,");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "ssl-ee");
+});
+
+add_task(async function testEmailEndEntity() {
+  let cert = await readCertificate("email-ee.pem", ",,");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "email-ee");
+});
+
+add_task(async function testCodeSignEndEntity() {
+  let cert = await readCertificate("code-ee.pem", ",,");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "code-ee");
+});
+
+add_task(async function testExpired() {
+  let cert = await readCertificate("expired-ca.pem", ",,");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "expired-ca");
+});
+
+add_task(async function testUntrusted() {
+  let cert = await readCertificate("untrusted-ca.pem", "p,p,p");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "untrusted-ca");
+});
+
+add_task(async function testInvalid() {
+  // This certificate has a keyUsage extension asserting cRLSign and
+  // keyCertSign, but it doesn't have a basicConstraints extension. This
+  // shouldn't be valid for any usage. Sadly, we give a pretty bad error
+  // message in this case.
+  let cert = await readCertificate("invalid.pem", ",,");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "invalid");
+});
+
+add_task(async function testLongOID() {
+  // This certificate has a certificatePolicies extension with a policy with a
+  // very long OID. This tests that we don't crash when looking at it.
+  let cert = await readCertificate("longOID.pem", ",,");
+  let url = getURL(cert);
+  await openCertViewerAndCheckTabName(url, "Long OID");
+});
+
+/**
+ * Given a certificate, returns its PEMs (each one of the certificate chain) string in a url.
+ *
+ * @param {object} cert
+ *      A certificate object
+ * @returns {string} an URL for opening the certificate viewer
+ */
+function getURL(cert) {
+  // Note that we don't get the certificate chain as in e.g browser/base/content/browser.js,
+  // because all the .pem files when opened with CS (https://github.com/april/certainly-something)
+  // shows only one certificate
+  let derb64 = encodeURIComponent(cert.getBase64DERString());
+  return `about:certificate?cert=${derb64}`;
+}
+
+/**
+ * Given an certificate URL, opens the new certificate viewer and check
+ * if a certain element exists, with its expected result.
+ *
+ * @param {string} url
+ *        The URL with the certificate info
+ * @param {string} expectedTabName
+ *        The expected name of the tab in the certificate viewer
+ */
+async function openCertViewerAndCheckTabName(url, expectedTabName) {
+  await BrowserTestUtils.withNewTab(
+    { gBrowser, url },
+    async function (browser) {
+      await SpecialPowers.spawn(
+        browser,
+        [expectedTabName],
+        async function (expectedTabName) {
+          let certificateSection = await ContentTaskUtils.waitForCondition(
+            () => {
+              return content.document.querySelector("certificate-section");
+            },
+            "Certificate section found"
+          );
+          let tabName =
+            certificateSection.shadowRoot.querySelector(
+              ".tab[idnumber='0']"
+            ).textContent;
+          Assert.equal(tabName, expectedTabName);
+        }
+      );
+    }
+  );
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js b/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js
new file mode 100644
index 0000000000..c6619909d0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js
@@ -0,0 +1,105 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+async function checkServerCertificates(win, expectedValues = []) {
+  await TestUtils.waitForCondition(() => {
+    return (
+      win.document.getElementById("serverList").itemChildren.length ==
+      expectedValues.length
+    );
+  }, `Expected to have ${expectedValues.length} but got ${win.document.getElementById("serverList").itemChildren.length}`);
+  await new Promise(win.requestAnimationFrame);
+
+  let labels = win.document
+    .getElementById("serverList")
+    .querySelectorAll("label");
+
+  // The strings we will get from the DOM are localized with Fluent.
+  // This will wait until the translation is applied.
+  if (expectedValues.length) {
+    await BrowserTestUtils.waitForCondition(
+      () => labels[1].value || !!labels[1].textContent.length,
+      "At least one label is populated"
+    );
+  }
+
+  expectedValues.forEach((item, i) => {
+    let hostPort = labels[i * 3].value;
+    let fingerprint = labels[i * 3 + 1].value || labels[i * 3 + 1].textContent;
+
+    Assert.equal(
+      hostPort,
+      item.hostPort,
+      `Expected override to be ${item.hostPort} but got ${hostPort}`
+    );
+
+    Assert.equal(
+      fingerprint,
+      item.fingerprint,
+      `Expected override to have field ${item.fingerprint}`
+    );
+  });
+}
+
+async function deleteOverride(win, expectedLength) {
+  win.document.getElementById("serverList").selectedIndex = 0;
+  await TestUtils.waitForCondition(() => {
+    return (
+      win.document.getElementById("serverList").itemChildren.length ==
+      expectedLength
+    );
+  });
+  let newWinPromise = BrowserTestUtils.domWindowOpenedAndLoaded();
+  // Since the .click() blocks we need to dispatch it to the main thread avoid that.
+  Services.tm.dispatchToMainThread(() =>
+    win.document.getElementById("websites_deleteButton").click()
+  );
+  let newWin = await newWinPromise;
+  newWin.document.getElementById("deleteCertificate").acceptDialog();
+  Assert.equal(
+    win.document.getElementById("serverList").selectedIndex,
+    0,
+    "After deletion we expect the selectedItem to be reset."
+  );
+}
+
+add_task(async function test_cert_manager_server_tab() {
+  let win = await openCertManager();
+
+  await checkServerCertificates(win);
+
+  win.document.getElementById("certmanager").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  let cert = await readCertificate("md5-ee.pem", ",,");
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(
+    "example.com",
+    443,
+    {},
+    cert,
+    false
+  );
+
+  win = await openCertManager();
+
+  await checkServerCertificates(win, [
+    {
+      hostPort: "example.com:443",
+      fingerprint: cert.sha256Fingerprint,
+    },
+  ]);
+
+  await deleteOverride(win, 1);
+
+  await checkServerCertificates(win, []);
+
+  win.document.getElementById("certmanager").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  certOverrideService.clearAllOverrides();
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuthRememberService.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuthRememberService.js
new file mode 100644
index 0000000000..460379e688
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuthRememberService.js
@@ -0,0 +1,297 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+/**
+ * Test certificate (i.e. build/pgo/certs/mochitest.client).
+ *
+ * @type {nsIX509Cert}
+ */
+var cert;
+var cert2;
+var cert3;
+
+var sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing);
+var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+var deleted = false;
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+function findCertByCommonName(commonName) {
+  for (let cert of certDB.getCerts()) {
+    if (cert.commonName == commonName) {
+      return cert;
+    }
+  }
+  return null;
+}
+
+async function testHelper(connectURL, expectedURL) {
+  let win = await BrowserTestUtils.openNewBrowserWindow();
+
+  await SpecialPowers.pushPrefEnv({
+    set: [["security.default_personal_cert", "Ask Every Time"]],
+  });
+
+  BrowserTestUtils.loadURIString(win.gBrowser.selectedBrowser, connectURL);
+
+  await BrowserTestUtils.browserLoaded(
+    win.gBrowser.selectedBrowser,
+    false,
+    expectedURL,
+    true
+  );
+  let loadedURL = win.gBrowser.selectedBrowser.documentURI.spec;
+  Assert.ok(
+    loadedURL.startsWith(expectedURL),
+    `Expected and actual URLs should match (got '${loadedURL}', expected '${expectedURL}')`
+  );
+
+  await win.close();
+
+  // This clears the TLS session cache so we don't use a previously-established
+  // ticket to connect and bypass selecting a client auth certificate in
+  // subsequent tests.
+  sdr.logout();
+}
+
+async function openRequireClientCert() {
+  gClientAuthDialogs.chooseCertificateCalled = false;
+  await testHelper(
+    "https://requireclientcert.example.com:443",
+    "https://requireclientcert.example.com/"
+  );
+}
+
+async function openRequireClientCert2() {
+  gClientAuthDialogs.chooseCertificateCalled = false;
+  await testHelper(
+    "https://requireclientcert-2.example.com:443",
+    "https://requireclientcert-2.example.com/"
+  );
+}
+
+// Mock implementation of nsIClientAuthRememberService
+const gClientAuthRememberService = {
+  forgetRememberedDecision(key) {
+    deleted = true;
+    Assert.equal(
+      key,
+      "exampleKey2",
+      "Expected to get the same key that was passed in getDecisions()"
+    );
+  },
+
+  getDecisions() {
+    return [
+      {
+        asciiHost: "example.com",
+        dbKey: cert.dbKey,
+        entryKey: "exampleKey1",
+      },
+      {
+        asciiHost: "example.org",
+        dbKey: cert2.dbKey,
+        entryKey: "exampleKey2",
+      },
+      {
+        asciiHost: "example.test",
+        dbKey: cert3.dbKey,
+        entryKey: "exampleKey3",
+      },
+      {
+        asciiHost: "unavailable.example.com",
+        // This dbKey should not correspond to any real certificate. The first
+        // 8 bytes have to be 0, followed by the lengths of the serial number
+        // and issuer distinguished name, respectively, and then followed by
+        // the bytes of the serial number and finally the encoded issuer
+        // distinguished name. In this case, the serial number is a single 0
+        // byte and the issuer distinguished name is a DER SEQUENCE of length 0
+        // (the bytes 0x30 and 0).
+        // See also the documentation in nsNSSCertificateDB::FindCertByDBKey.
+        dbKey: "AAAAAAAAAAAAAAABAAAAAgAeAA==",
+        entryKey: "exampleKey4",
+      },
+    ];
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIClientAuthRememberService"]),
+};
+
+const gClientAuthDialogs = {
+  _chooseCertificateCalled: false,
+
+  get chooseCertificateCalled() {
+    return this._chooseCertificateCalled;
+  },
+
+  set chooseCertificateCalled(value) {
+    this._chooseCertificateCalled = value;
+  },
+
+  chooseCertificate(
+    hostname,
+    port,
+    organization,
+    issuerOrg,
+    certList,
+    selectedIndex,
+    rememberClientAuthCertificate
+  ) {
+    rememberClientAuthCertificate.value = true;
+    this.chooseCertificateCalled = true;
+    selectedIndex.value = 0;
+    return true;
+  },
+
+  QueryInterface: ChromeUtils.generateQI([Ci.nsIClientAuthDialogs]),
+};
+
+add_task(async function testRememberedDecisionsUI() {
+  cert = findCertByCommonName("Mochitest client");
+  cert2 = await readCertificate("pgo-ca-all-usages.pem", ",,");
+  cert3 = await readCertificate("client-cert-via-intermediate.pem", ",,");
+  isnot(cert, null, "Should be able to find the test client cert");
+  isnot(cert2, null, "Should be able to find pgo-ca-all-usages.pem");
+  isnot(cert3, null, "Should be able to find client-cert-via-intermediate.pem");
+
+  let clientAuthRememberServiceCID = MockRegistrar.register(
+    "@mozilla.org/security/clientAuthRememberService;1",
+    gClientAuthRememberService
+  );
+
+  let win = await openCertManager();
+
+  let listItems = win.document
+    .getElementById("rememberedList")
+    .querySelectorAll("richlistitem");
+
+  Assert.equal(
+    listItems.length,
+    4,
+    "rememberedList has expected number of items"
+  );
+
+  let labels = win.document
+    .getElementById("rememberedList")
+    .querySelectorAll("label");
+
+  Assert.equal(
+    labels.length,
+    12,
+    "rememberedList has expected number of labels"
+  );
+
+  await BrowserTestUtils.waitForCondition(
+    () => !!labels[10].textContent.length,
+    "Localized label is populated"
+  );
+
+  let expectedHosts = [
+    "example.com",
+    "example.org",
+    "example.test",
+    "unavailable.example.com",
+  ];
+  let hosts = [
+    labels[0].value,
+    labels[3].value,
+    labels[6].value,
+    labels[9].value,
+  ];
+  let expectedNames = [
+    cert.commonName,
+    cert2.commonName,
+    cert3.commonName,
+    "(Unavailable)",
+  ];
+  let names = [
+    labels[1].value,
+    labels[4].value,
+    labels[7].value,
+    labels[10].textContent,
+  ];
+  let expectedSerialNumbers = [
+    cert.serialNumber,
+    cert2.serialNumber,
+    cert3.serialNumber,
+    "(Unavailable)",
+  ];
+  let serialNumbers = [
+    labels[2].value,
+    labels[5].value,
+    labels[8].value,
+    labels[11].textContent,
+  ];
+
+  for (let i = 0; i < listItems.length; i++) {
+    Assert.equal(hosts[i], expectedHosts[i], "got expected asciiHost");
+    Assert.equal(names[i], expectedNames[i], "got expected commonName");
+    Assert.equal(
+      serialNumbers[i],
+      expectedSerialNumbers[i],
+      "got expected serialNumber"
+    );
+  }
+
+  win.document.getElementById("rememberedList").selectedIndex = 1;
+  win.document.getElementById("remembered_deleteButton").click();
+
+  Assert.ok(deleted, "Expected forgetRememberedDecision() to get called");
+
+  win.document.getElementById("certmanager").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  MockRegistrar.unregister(clientAuthRememberServiceCID);
+});
+
+add_task(async function testDeletingRememberedDecisions() {
+  let clientAuthDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsClientAuthDialogs;1",
+    gClientAuthDialogs
+  );
+  let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService(
+    Ci.nsIClientAuthRememberService
+  );
+
+  await openRequireClientCert();
+  Assert.ok(
+    gClientAuthDialogs.chooseCertificateCalled,
+    "chooseCertificate should have been called if visiting 'requireclientcert.example.com' for the first time"
+  );
+
+  await openRequireClientCert();
+  Assert.ok(
+    !gClientAuthDialogs.chooseCertificateCalled,
+    "chooseCertificate should not have been called if visiting 'requireclientcert.example.com' for the second time"
+  );
+
+  await openRequireClientCert2();
+  Assert.ok(
+    gClientAuthDialogs.chooseCertificateCalled,
+    "chooseCertificate should have been called if visiting 'requireclientcert-2.example.com' for the first time"
+  );
+
+  let originAttributes = { privateBrowsingId: 0 };
+  cars.deleteDecisionsByHost("requireclientcert.example.com", originAttributes);
+
+  await openRequireClientCert();
+  Assert.ok(
+    gClientAuthDialogs.chooseCertificateCalled,
+    "chooseCertificate should have been called after removing all remembered decisions for 'requireclientcert.example.com'"
+  );
+
+  await openRequireClientCert2();
+  Assert.ok(
+    !gClientAuthDialogs.chooseCertificateCalled,
+    "chooseCertificate should not have been called if visiting 'requireclientcert-2.example.com' for the second time"
+  );
+
+  MockRegistrar.unregister(clientAuthDialogsCID);
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
new file mode 100644
index 0000000000..d8f57c3e8b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
@@ -0,0 +1,401 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various scenarios connecting to a server that requires client cert
+// authentication. Also tests that nsIClientAuthDialogs.chooseCertificate
+// is called at the appropriate times and with the correct arguments.
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+const DialogState = {
+  // Assert that chooseCertificate() is never called.
+  ASSERT_NOT_CALLED: "ASSERT_NOT_CALLED",
+  // Return that the user selected the first given cert.
+  RETURN_CERT_SELECTED: "RETURN_CERT_SELECTED",
+  // Return that the user canceled.
+  RETURN_CERT_NOT_SELECTED: "RETURN_CERT_NOT_SELECTED",
+};
+
+var sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing);
+let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService(
+  Ci.nsIClientAuthRememberService
+);
+
+var gExpectedClientCertificateChoices;
+
+// Mock implementation of nsIClientAuthDialogs.
+const gClientAuthDialogs = {
+  _state: DialogState.ASSERT_NOT_CALLED,
+  _rememberClientAuthCertificate: false,
+  _chooseCertificateCalled: false,
+
+  set state(newState) {
+    info(`old state: ${this._state}`);
+    this._state = newState;
+    info(`new state: ${this._state}`);
+  },
+
+  get state() {
+    return this._state;
+  },
+
+  set rememberClientAuthCertificate(value) {
+    this._rememberClientAuthCertificate = value;
+  },
+
+  get rememberClientAuthCertificate() {
+    return this._rememberClientAuthCertificate;
+  },
+
+  get chooseCertificateCalled() {
+    return this._chooseCertificateCalled;
+  },
+
+  set chooseCertificateCalled(value) {
+    this._chooseCertificateCalled = value;
+  },
+
+  chooseCertificate(
+    hostname,
+    port,
+    organization,
+    issuerOrg,
+    certList,
+    selectedIndex,
+    rememberClientAuthCertificate
+  ) {
+    this.chooseCertificateCalled = true;
+    Assert.notEqual(
+      this.state,
+      DialogState.ASSERT_NOT_CALLED,
+      "chooseCertificate() should be called only when expected"
+    );
+
+    rememberClientAuthCertificate.value = this.rememberClientAuthCertificate;
+
+    Assert.equal(
+      hostname,
+      "requireclientcert.example.com",
+      "Hostname should be 'requireclientcert.example.com'"
+    );
+    Assert.equal(port, 443, "Port should be 443");
+    Assert.equal(
+      organization,
+      "",
+      "Server cert Organization should be empty/not present"
+    );
+    Assert.equal(
+      issuerOrg,
+      "Mozilla Testing",
+      "Server cert issuer Organization should be 'Mozilla Testing'"
+    );
+
+    // For mochitests, the cert at build/pgo/certs/mochitest.client should be
+    // selectable as well as one of the PGO certs we loaded in `setup`, so we do
+    // some brief checks to confirm this.
+    Assert.notEqual(certList, null, "Cert list should not be null");
+    Assert.equal(
+      certList.length,
+      gExpectedClientCertificateChoices,
+      `${gExpectedClientCertificateChoices} certificates should be available`
+    );
+
+    for (let cert of certList.enumerate(Ci.nsIX509Cert)) {
+      Assert.notEqual(cert, null, "Cert list should contain nsIX509Certs");
+      Assert.equal(
+        cert.issuerCommonName,
+        "Temporary Certificate Authority",
+        "cert should have expected issuer CN"
+      );
+    }
+
+    if (this.state == DialogState.RETURN_CERT_SELECTED) {
+      selectedIndex.value = 0;
+      return true;
+    }
+    return false;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogs"]),
+};
+
+add_setup(async function () {
+  let clientAuthDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsClientAuthDialogs;1",
+    gClientAuthDialogs
+  );
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(clientAuthDialogsCID);
+  });
+
+  // This CA has the expected keyCertSign and cRLSign usages. It should not be
+  // presented for use as a client certificate.
+  await readCertificate("pgo-ca-regular-usages.pem", "CTu,CTu,CTu");
+  // This CA has all keyUsages. For compatibility with preexisting behavior, it
+  // will be presented for use as a client certificate.
+  await readCertificate("pgo-ca-all-usages.pem", "CTu,CTu,CTu");
+  // This client certificate was issued by an intermediate that was issued by
+  // the test CA. The server only lists the test CA's subject distinguished name
+  // as an acceptible issuer name for client certificates. If the implementation
+  // can determine that the test CA is a root CA for the client certificate and
+  // thus is acceptible to use, it should be included in the chooseCertificate
+  // callback. At the beginning of this test (speaking of this file as a whole),
+  // the client is not aware of the intermediate, and so it is not available in
+  // the callback.
+  await readCertificate("client-cert-via-intermediate.pem", ",,");
+  // This certificate has an id-kp-OCSPSigning EKU. Client certificates
+  // shouldn't have this EKU, but there is at least one private PKI where they
+  // do. For interoperability, such certificates will be presented for use.
+  await readCertificate("client-cert-with-ocsp-signing.pem", ",,");
+  gExpectedClientCertificateChoices = 3;
+});
+
+/**
+ * Test helper for the tests below.
+ *
+ * @param {string} prefValue
+ *        Value to set the "security.default_personal_cert" pref to.
+ * @param {string} urlToNavigate
+ *        The URL to navigate to.
+ * @param {string} expectedURL
+ *        If the connection is expected to load successfully, the URL that
+ *        should load. If the connection is expected to fail and result in an
+ *        error page, |undefined|.
+ * @param {boolean} expectCallingChooseCertificate
+ *        Determines whether we expect chooseCertificate to be called.
+ * @param {object} options
+ *        Optional options object to pass on to the window that gets opened.
+ * @param {string} expectStringInPage
+ *        Optional string that is expected to be in the content of the page
+ *        once it loads.
+ */
+async function testHelper(
+  prefValue,
+  urlToNavigate,
+  expectedURL,
+  expectCallingChooseCertificate,
+  options = undefined,
+  expectStringInPage = undefined
+) {
+  gClientAuthDialogs.chooseCertificateCalled = false;
+  await SpecialPowers.pushPrefEnv({
+    set: [["security.default_personal_cert", prefValue]],
+  });
+
+  let win = await BrowserTestUtils.openNewBrowserWindow(options);
+
+  BrowserTestUtils.loadURIString(win.gBrowser.selectedBrowser, urlToNavigate);
+  if (expectedURL) {
+    await BrowserTestUtils.browserLoaded(
+      win.gBrowser.selectedBrowser,
+      false,
+      "https://requireclientcert.example.com/",
+      true
+    );
+    let loadedURL = win.gBrowser.selectedBrowser.documentURI.spec;
+    Assert.ok(
+      loadedURL.startsWith(expectedURL),
+      `Expected and actual URLs should match (got '${loadedURL}', expected '${expectedURL}')`
+    );
+  } else {
+    await new Promise(resolve => {
+      let removeEventListener = BrowserTestUtils.addContentEventListener(
+        win.gBrowser.selectedBrowser,
+        "AboutNetErrorLoad",
+        () => {
+          removeEventListener();
+          resolve();
+        },
+        { capture: false, wantUntrusted: true }
+      );
+    });
+  }
+
+  Assert.equal(
+    gClientAuthDialogs.chooseCertificateCalled,
+    expectCallingChooseCertificate,
+    "chooseCertificate should have been called if we were expecting it to be called"
+  );
+
+  if (expectStringInPage) {
+    let pageContent = await SpecialPowers.spawn(
+      win.gBrowser.selectedBrowser,
+      [],
+      async function () {
+        return content.document.body.textContent;
+      }
+    );
+    Assert.ok(
+      pageContent.includes(expectStringInPage),
+      `page should contain the string '${expectStringInPage}' (was '${pageContent}')`
+    );
+  }
+
+  await win.close();
+
+  // This clears the TLS session cache so we don't use a previously-established
+  // ticket to connect and bypass selecting a client auth certificate in
+  // subsequent tests.
+  sdr.logout();
+}
+
+// Test that if a certificate is chosen automatically the connection succeeds,
+// and that nsIClientAuthDialogs.chooseCertificate() is never called.
+add_task(async function testCertChosenAutomatically() {
+  gClientAuthDialogs.state = DialogState.ASSERT_NOT_CALLED;
+  await testHelper(
+    "Select Automatically",
+    "https://requireclientcert.example.com/",
+    "https://requireclientcert.example.com/",
+    false
+  );
+  // This clears all saved client auth certificate state so we don't influence
+  // subsequent tests.
+  cars.clearRememberedDecisions();
+});
+
+// Test that if the user doesn't choose a certificate, the connection fails and
+// an error page is displayed.
+add_task(async function testCertNotChosenByUser() {
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_NOT_SELECTED;
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    undefined,
+    true,
+    undefined,
+    // bug 1818556: ssltunnel doesn't behave as expected here on Windows
+    AppConstants.platform != "win"
+      ? "SSL_ERROR_RX_CERTIFICATE_REQUIRED_ALERT"
+      : undefined
+  );
+  cars.clearRememberedDecisions();
+});
+
+// Test that if the user chooses a certificate the connection suceeeds.
+add_task(async function testCertChosenByUser() {
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_SELECTED;
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    "https://requireclientcert.example.com/",
+    true
+  );
+  cars.clearRememberedDecisions();
+});
+
+// Test that the cancel decision is remembered correctly
+add_task(async function testEmptyCertChosenByUser() {
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_NOT_SELECTED;
+  gClientAuthDialogs.rememberClientAuthCertificate = true;
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    undefined,
+    true
+  );
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    undefined,
+    false
+  );
+  cars.clearRememberedDecisions();
+});
+
+// Test that if the user chooses a certificate in a private browsing window,
+// configures Firefox to remember this certificate for the duration of the
+// session, closes that window (and thus all private windows), reopens a private
+// window, and visits that site again, they are re-asked for a certificate (i.e.
+// any state from the previous private session should be gone). Similarly, after
+// closing that private window, if the user opens a non-private window, they
+// again should be asked to choose a certificate (i.e. private state should not
+// be remembered/used in non-private contexts).
+add_task(async function testClearPrivateBrowsingState() {
+  gClientAuthDialogs.rememberClientAuthCertificate = true;
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_SELECTED;
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    "https://requireclientcert.example.com/",
+    true,
+    {
+      private: true,
+    }
+  );
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    "https://requireclientcert.example.com/",
+    true,
+    {
+      private: true,
+    }
+  );
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    "https://requireclientcert.example.com/",
+    true
+  );
+  // NB: we don't `cars.clearRememberedDecisions()` in between the two calls to
+  // `testHelper` because that would clear all client auth certificate state and
+  // obscure what we're testing (that Firefox properly clears the relevant state
+  // when the last private window closes).
+  cars.clearRememberedDecisions();
+});
+
+// Test that 3rd party certificates are taken into account when filtering client
+// certificates based on the acceptible CA list sent by the server.
+add_task(async function testCertFilteringWithIntermediate() {
+  let intermediateBytes = await IOUtils.readUTF8(
+    getTestFilePath("intermediate.pem")
+  ).then(
+    pem => {
+      let base64 = pemToBase64(pem);
+      let bin = atob(base64);
+      let bytes = [];
+      for (let i = 0; i < bin.length; i++) {
+        bytes.push(bin.charCodeAt(i));
+      }
+      return bytes;
+    },
+    error => {
+      throw error;
+    }
+  );
+  let nssComponent = Cc["@mozilla.org/psm;1"].getService(Ci.nsINSSComponent);
+  nssComponent.addEnterpriseIntermediate(intermediateBytes);
+  gExpectedClientCertificateChoices = 4;
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_SELECTED;
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert.example.com/",
+    "https://requireclientcert.example.com/",
+    true
+  );
+  cars.clearRememberedDecisions();
+  // This will reset the added intermediate.
+  await SpecialPowers.pushPrefEnv({
+    set: [["security.enterprise_roots.enabled", true]],
+  });
+});
+
+// Test that if the server certificate does not validate successfully,
+// nsIClientAuthDialogs.chooseCertificate() is never called.
+add_task(async function testNoDialogForUntrustedServerCertificate() {
+  gClientAuthDialogs.state = DialogState.ASSERT_NOT_CALLED;
+  await testHelper(
+    "Ask Every Time",
+    "https://requireclientcert-untrusted.example.com/",
+    undefined,
+    false
+  );
+  // This clears all saved client auth certificate state so we don't influence
+  // subsequent tests.
+  cars.clearRememberedDecisions();
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.html b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.html
new file mode 100644
index 0000000000..82aac47b2a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+<a href="https://requireclientcert.example.com" id="link">Click Me</a>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.js
new file mode 100644
index 0000000000..aec0ec45aa
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.js
@@ -0,0 +1,90 @@
+/* eslint-disable mozilla/no-arbitrary-setTimeout */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Tests that with speculative connections enabled, connections to servers that
+// request a client authentication certificate succeed (the specific bug that
+// was addressed with this patch involved navigation hanging because the
+// connection to the server couldn't make progress without asking for a client
+// authentication certificate, but it also wouldn't ask for a client
+// authentication certificate until the connection had been claimed, which
+// required that it make progress first).
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+const TEST_PATH = getRootDirectory(gTestPath).replace(
+  "chrome://mochitests/content",
+  "https://example.com"
+);
+
+let chooseCertificateCalled = false;
+
+const clientAuthDialogs = {
+  chooseCertificate(
+    hostname,
+    port,
+    organization,
+    issuerOrg,
+    certList,
+    selectedIndex,
+    rememberClientAuthCertificate
+  ) {
+    is(certList.length, 1, "should have only one client certificate available");
+    selectedIndex.value = 0;
+    rememberClientAuthCertificate.value = false;
+    ok(
+      !chooseCertificateCalled,
+      "chooseCertificate should only be called once"
+    );
+    chooseCertificateCalled = true;
+    return true;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogs"]),
+};
+
+add_setup(async function () {
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      // Enable speculative connections.
+      ["network.http.speculative-parallel-limit", 6],
+      // Always ask to select a client authentication certificate.
+      ["security.default_personal_cert", "Ask Every Time"],
+    ],
+  });
+  let clientAuthDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsClientAuthDialogs;1",
+    clientAuthDialogs
+  );
+  registerCleanupFunction(async function () {
+    MockRegistrar.unregister(clientAuthDialogsCID);
+  });
+});
+
+add_task(
+  async function test_no_client_auth_selection_dialog_for_speculative_connections() {
+    await BrowserTestUtils.withNewTab(
+      `${TEST_PATH}browser_clientAuth_speculative_connection.html`,
+      async browser => {
+        // Click the link to navigate to a page that requests a client
+        // authentication certificate. Necko will make a speculative
+        // connection, but unfortunately there's no event or notification to
+        // observe. This test ensures that the navigation succeeds and that a
+        // client authentication certificate was requested.
+        let loaded = BrowserTestUtils.browserLoaded(
+          browser,
+          false,
+          "https://requireclientcert.example.com/"
+        );
+        await BrowserTestUtils.synthesizeMouseAtCenter("#link", {}, browser);
+        await loaded;
+        ok(chooseCertificateCalled, "chooseCertificate must have been called");
+      }
+    );
+  }
+);
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
new file mode 100644
index 0000000000..516ba701ce
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
@@ -0,0 +1,195 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the client authentication certificate chooser correctly displays
+// provided information and correctly returns user input.
+
+const TEST_HOSTNAME = "Test Hostname";
+const TEST_ORG = "Test Org";
+const TEST_ISSUER_ORG = "Test Issuer Org";
+const TEST_PORT = 123;
+
+var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+/**
+ * Test certificate (i.e. build/pgo/certs/mochitest.client).
+ *
+ * @type {nsIX509Cert}
+ */
+var cert;
+
+/**
+ * Opens the client auth cert chooser dialog.
+ *
+ * @param {nsIX509Cert} cert The cert to pass to the dialog for display.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openClientAuthDialog(cert) {
+  let certList = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
+  certList.appendElement(cert);
+
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance(
+    Ci.nsIWritablePropertyBag2
+  );
+  let win = window.openDialog(
+    "chrome://pippki/content/clientauthask.xhtml",
+    "",
+    "",
+    TEST_HOSTNAME,
+    TEST_ORG,
+    TEST_ISSUER_ORG,
+    TEST_PORT,
+    certList,
+    returnVals
+  );
+  return TestUtils.topicObserved("cert-dialog-loaded").then(() => [
+    win,
+    returnVals,
+  ]);
+}
+
+/**
+ * Checks that the contents of the given cert chooser dialog match the details
+ * of build/pgo/certs/mochitest.client.
+ *
+ * @param {window} win The cert chooser window.
+ * @param {string} notBefore
+ *        The formatted notBefore date of mochitest.client.
+ * @param {string} notAfter
+ *        The formatted notAfter date of mochitest.client.
+ */
+function checkDialogContents(win, notBefore, notAfter) {
+  is(
+    win.document.getElementById("hostname").textContent,
+    `${TEST_HOSTNAME}:${TEST_PORT}`,
+    "Actual and expected hostname and port should be equal"
+  );
+  is(
+    win.document.getElementById("organization").textContent,
+    `Organization: “${TEST_ORG}�`,
+    "Actual and expected organization should be equal"
+  );
+  is(
+    win.document.getElementById("issuer").textContent,
+    `Issued Under: “${TEST_ISSUER_ORG}�`,
+    "Actual and expected issuer organization should be equal"
+  );
+
+  is(
+    win.document.getElementById("nicknames").label,
+    "Mochitest client [03]",
+    "Actual and expected selected cert nickname and serial should be equal"
+  );
+  is(
+    win.document.getElementById("nicknames").itemCount,
+    1,
+    "correct number of items"
+  );
+
+  let [subject, serialNum, validity, issuer, tokenName] = win.document
+    .getElementById("details")
+    .value.split("\n");
+  is(
+    subject,
+    "Issued to: CN=Mochitest client",
+    "Actual and expected subject should be equal"
+  );
+  is(
+    serialNum,
+    "Serial number: 03",
+    "Actual and expected serial number should be equal"
+  );
+  is(
+    validity,
+    `Valid from ${notBefore} to ${notAfter}`,
+    "Actual and expected validity should be equal"
+  );
+  is(
+    issuer,
+    "Issued by: OU=Profile Guided Optimization,O=Mozilla Testing,CN=Temporary Certificate Authority",
+    "Actual and expected issuer should be equal"
+  );
+  is(
+    tokenName,
+    "Stored on: Software Security Device",
+    "Actual and expected token name should be equal"
+  );
+}
+
+function findCertByCommonName(commonName) {
+  for (let cert of certDB.getCerts()) {
+    if (cert.commonName == commonName) {
+      return cert;
+    }
+  }
+  return null;
+}
+
+add_setup(async function () {
+  cert = findCertByCommonName("Mochitest client");
+  isnot(cert, null, "Should be able to find the test client cert");
+});
+
+// Test that the contents of the dialog correspond to the details of the
+// provided cert.
+add_task(async function testContents() {
+  const formatter = new Intl.DateTimeFormat(undefined, {
+    dateStyle: "medium",
+    timeStyle: "long",
+  });
+  let [win] = await openClientAuthDialog(cert);
+  checkDialogContents(
+    win,
+    formatter.format(new Date(cert.validity.notBefore / 1000)),
+    formatter.format(new Date(cert.validity.notAfter / 1000))
+  );
+  await BrowserTestUtils.closeWindow(win);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(async function testAcceptDialogReturnValues() {
+  let [win, retVals] = await openClientAuthDialog(cert);
+  win.document.getElementById("rememberBox").checked = true;
+  info("Accepting dialog");
+  win.document.getElementById("certAuthAsk").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  ok(
+    retVals.get("certChosen"),
+    "Return value should signal user chose a certificate"
+  );
+  is(
+    retVals.get("selectedIndex"),
+    0,
+    "0 should be returned as the selected index"
+  );
+  ok(
+    retVals.get("rememberSelection"),
+    "Return value should signal 'Remember this decision' checkbox was checked"
+  );
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(async function testCancelDialogReturnValues() {
+  let [win, retVals] = await openClientAuthDialog(cert);
+  win.document.getElementById("rememberBox").checked = false;
+  info("Canceling dialog");
+  win.document.getElementById("certAuthAsk").cancelDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  ok(
+    !retVals.get("certChosen"),
+    "Return value should signal user did not choose a certificate"
+  );
+  ok(
+    !retVals.get("rememberSelection"),
+    "Return value should signal 'Remember this decision' checkbox was unchecked"
+  );
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
new file mode 100644
index 0000000000..a8ff7cc8fb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
@@ -0,0 +1,259 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various aspects of the cert delete confirmation dialog.
+// Among other things, tests that for each type of cert that can be deleted:
+// 1. The various lines of explanation text are correctly set.
+// 2. The implementation correctly falls back through multiple cert attributes
+//    to determine what to display to represent a cert.
+
+/**
+ * An array of tree items corresponding to TEST_CASES.
+ *
+ * @type {nsICertTreeItem[]}
+ */
+var gCertArray = [];
+
+const FAKE_HOST_PORT = "Fake host and port";
+
+/**
+ * @typedef TestCase
+ * @type {object}
+ * @property {string} certFilename
+ *           Filename of the cert, or null if we don't want to import a cert for
+ *           this test case (i.e. we expect the hostPort attribute of
+ *           nsICertTreeItem to be used).
+ * @property {string} expectedDisplayString
+ *           The string we expect the UI to display to represent the given cert.
+ * @property {string} expectedSerialNumber
+ *           The serial number we expect the UI to display if it exists.
+ */
+
+/**
+ * A list of test cases representing certs that get "deleted".
+ *
+ * @type {TestCase[]}
+ */
+const TEST_CASES = [
+  {
+    certFilename: null,
+    expectedDisplayString: FAKE_HOST_PORT,
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-cn.pem",
+    expectedDisplayString: "Foo",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-ou.pem",
+    expectedDisplayString: "Bar",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-o.pem",
+    expectedDisplayString: "Baz",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-non-empty-subject.pem",
+    expectedDisplayString: "C=US",
+    expectedSerialNumber: null,
+  },
+  {
+    certFilename: "has-empty-subject.pem",
+    expectedDisplayString: "Certificate with serial number: 0A",
+    expectedSerialNumber: "0A",
+  },
+];
+
+/**
+ * Opens the cert delete confirmation dialog.
+ *
+ * @param {string} tabID
+ *        The ID of the cert category tab the certs to delete belong to.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value object passed to the dialog.
+ */
+function openDeleteCertConfirmDialog(tabID) {
+  let retVals = {
+    deleteConfirmed: false,
+  };
+  let win = window.openDialog(
+    "chrome://pippki/content/deletecert.xhtml",
+    "",
+    "",
+    tabID,
+    gCertArray,
+    retVals
+  );
+  return new Promise((resolve, reject) => {
+    win.addEventListener(
+      "load",
+      function () {
+        executeSoon(() => resolve([win, retVals]));
+      },
+      { once: true }
+    );
+  });
+}
+
+add_setup(async function () {
+  for (let testCase of TEST_CASES) {
+    let cert = null;
+    if (testCase.certFilename) {
+      cert = await readCertificate(testCase.certFilename, ",,");
+    }
+    let certTreeItem = {
+      hostPort: FAKE_HOST_PORT,
+      cert,
+      QueryInterface: ChromeUtils.generateQI(["nsICertTreeItem"]),
+    };
+    gCertArray.push(certTreeItem);
+  }
+});
+
+/**
+ * Test helper for the below test cases.
+ *
+ * @param {string} tabID
+ *        ID of the cert category tab the certs to delete belong to.
+ * @param {string} expectedTitleL10nId
+ *        The L10nId of title the dialog is expected to have.
+ * @param {string} expectedConfirmL10nId
+ *        The l10n id of confirmation message the dialog expected to show.
+ * @param {string} expectedImpactL10nId
+ *        The l10n id of impact the dialog expected to show.
+ */
+async function testHelper(
+  tabID,
+  expectedTitleL10nId,
+  expectedConfirmL10nId,
+  expectedImpactL10nId
+) {
+  let [win] = await openDeleteCertConfirmDialog(tabID);
+  let certList = win.document.getElementById("certlist");
+
+  Assert.deepEqual(
+    win.document.l10n.getAttributes(win.document.documentElement),
+    expectedTitleL10nId,
+    `Actual and expected titles should match for ${tabID}`
+  );
+  let confirm = win.document.getElementById("confirm");
+  Assert.deepEqual(
+    win.document.l10n.getAttributes(confirm),
+    expectedConfirmL10nId,
+    `Actual and expected confirm message should match for ${tabID}`
+  );
+  let impact = win.document.getElementById("impact");
+  Assert.deepEqual(
+    win.document.l10n.getAttributes(impact),
+    expectedImpactL10nId,
+    `Actual and expected impact should match for ${tabID}`
+  );
+
+  Assert.equal(
+    certList.itemCount,
+    TEST_CASES.length,
+    `No. of certs displayed should match for ${tabID}`
+  );
+  for (let i = 0; i < certList.itemCount; i++) {
+    let item = certList.getItemAtIndex(i);
+    if (TEST_CASES[i].expectedSerialNumber == null) {
+      Assert.equal(
+        item.label,
+        TEST_CASES[i].expectedDisplayString,
+        "Actual and expected display string should match for " +
+          `index ${i} for ${tabID}`
+      );
+    } else {
+      Assert.deepEqual(
+        win.document.l10n.getAttributes(item.children[0]),
+        {
+          id: "cert-with-serial",
+          args: { serialNumber: TEST_CASES[i].expectedSerialNumber },
+        },
+        "Actual and expected display string should match for " +
+          `index ${i} for ${tabID}`
+      );
+    }
+  }
+
+  await BrowserTestUtils.closeWindow(win);
+}
+
+// Test deleting certs from the "Your Certificates" tab.
+add_task(async function testDeletePersonalCerts() {
+  const expectedTitleL10nId = { id: "delete-user-cert-title", args: null };
+  const expectedConfirmL10nId = { id: "delete-user-cert-confirm", args: null };
+  const expectedImpactL10nId = { id: "delete-user-cert-impact", args: null };
+  await testHelper(
+    "mine_tab",
+    expectedTitleL10nId,
+    expectedConfirmL10nId,
+    expectedImpactL10nId
+  );
+});
+
+// Test deleting certs from the "People" tab.
+add_task(async function testDeleteOtherPeopleCerts() {
+  const expectedTitleL10nId = { id: "delete-email-cert-title", args: null };
+  // ’ doesn't seem to work when embedded in the following literals, which is
+  // why escape codes are used instead.
+  const expectedConfirmL10nId = { id: "delete-email-cert-confirm", args: null };
+  const expectedImpactL10nId = { id: "delete-email-cert-impact", args: null };
+  await testHelper(
+    "others_tab",
+    expectedTitleL10nId,
+    expectedConfirmL10nId,
+    expectedImpactL10nId
+  );
+});
+
+// Test deleting certs from the "Authorities" tab.
+add_task(async function testDeleteCACerts() {
+  const expectedTitleL10nId = { id: "delete-ca-cert-title", args: null };
+  const expectedConfirmL10nId = { id: "delete-ca-cert-confirm", args: null };
+  const expectedImpactL10nId = { id: "delete-ca-cert-impact", args: null };
+  await testHelper(
+    "ca_tab",
+    expectedTitleL10nId,
+    expectedConfirmL10nId,
+    expectedImpactL10nId
+  );
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(async function testAcceptDialogReturnValues() {
+  let [win, retVals] = await openDeleteCertConfirmDialog(
+    "ca_tab" /* arbitrary */
+  );
+  info("Accepting dialog");
+  win.document.getElementById("deleteCertificate").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    retVals.deleteConfirmed,
+    "Return value should signal user accepted"
+  );
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(async function testCancelDialogReturnValues() {
+  let [win, retVals] = await openDeleteCertConfirmDialog(
+    "ca_tab" /* arbitrary */
+  );
+  info("Canceling dialog");
+  win.document.getElementById("deleteCertificate").cancelDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    !retVals.deleteConfirmed,
+    "Return value should signal user did not accept"
+  );
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
new file mode 100644
index 0000000000..51715b1352
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
@@ -0,0 +1,134 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the cert download/import UI correctly identifies the cert being
+// downloaded, and allows the trust of the cert to be specified.
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+/**
+ * @typedef TestCase
+ * @type {object}
+ * @property {string} certFilename
+ *           Filename of the cert for this test case.
+ * @property {string} expectedDisplayString
+ *           The string we expect the UI to display to represent the given cert.
+ * @property {nsIX509Cert} cert
+ *           Handle to the cert once read in setup().
+ */
+
+/**
+ * A list of test cases representing certs that get "downloaded".
+ *
+ * @type {TestCase[]}
+ */
+const TEST_CASES = [
+  { certFilename: "has-cn.pem", expectedDisplayString: "Foo", cert: null },
+  {
+    certFilename: "has-empty-subject.pem",
+    expectedDisplayString: "Certificate Authority (unnamed)",
+    cert: null,
+  },
+];
+
+/**
+ * Opens the cert download dialog.
+ *
+ * @param {nsIX509Cert} cert
+ *        The cert to pass to the dialog for display.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openCertDownloadDialog(cert) {
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance(
+    Ci.nsIWritablePropertyBag2
+  );
+  let win = window.openDialog(
+    "chrome://pippki/content/downloadcert.xhtml",
+    "",
+    "",
+    cert,
+    returnVals
+  );
+  return new Promise((resolve, reject) => {
+    win.addEventListener(
+      "load",
+      function () {
+        executeSoon(() => resolve([win, returnVals]));
+      },
+      { once: true }
+    );
+  });
+}
+
+add_setup(async function () {
+  for (let testCase of TEST_CASES) {
+    testCase.cert = await readCertificate(testCase.certFilename, ",,");
+    Assert.notEqual(
+      testCase.cert,
+      null,
+      `'${testCase.certFilename}' should have been read`
+    );
+  }
+});
+
+// Test that the trust header message corresponds to the provided cert, and that
+// the View Cert button launches the cert viewer for the provided cert.
+add_task(async function testTrustHeaderAndViewCertButton() {
+  for (let testCase of TEST_CASES) {
+    let [win] = await openCertDownloadDialog(testCase.cert);
+    let expectedTrustHeaderString =
+      `Do you want to trust \u201C${testCase.expectedDisplayString}\u201D ` +
+      "for the following purposes?";
+    Assert.equal(
+      win.document.getElementById("trustHeader").textContent,
+      expectedTrustHeaderString,
+      "Actual and expected trust header text should match for " +
+        `${testCase.certFilename}`
+    );
+
+    await BrowserTestUtils.closeWindow(win);
+  }
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(async function testAcceptDialogReturnValues() {
+  let [win, retVals] = await openCertDownloadDialog(TEST_CASES[0].cert);
+  win.document.getElementById("trustSSL").checked = true;
+  win.document.getElementById("trustEmail").checked = false;
+  info("Accepting dialog");
+  win.document.getElementById("download_cert").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    retVals.get("importConfirmed"),
+    "Return value should signal user chose to import the cert"
+  );
+  Assert.ok(
+    retVals.get("trustForSSL"),
+    "Return value should signal SSL trust checkbox was checked"
+  );
+  Assert.ok(
+    !retVals.get("trustForEmail"),
+    "Return value should signal E-mail trust checkbox was unchecked"
+  );
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(async function testCancelDialogReturnValues() {
+  let [win, retVals] = await openCertDownloadDialog(TEST_CASES[0].cert);
+  info("Canceling dialog");
+  win.document.getElementById("download_cert").cancelDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    !retVals.get("importConfirmed"),
+    "Return value should signal user chose not to import the cert"
+  );
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
new file mode 100644
index 0000000000..9a36eca7bf
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
@@ -0,0 +1,141 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the UI for editing the trust of a CA certificate correctly
+// reflects trust in the cert DB, and correctly updates trust in the cert DB
+// when requested.
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+/**
+ * The cert we're editing the trust of.
+ *
+ * @type {nsIX509Cert}
+ */
+var gCert;
+
+/**
+ * Opens the cert trust editing dialog.
+ *
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading with
+ *          the window of the opened dialog.
+ */
+function openEditCertTrustDialog() {
+  let win = window.openDialog(
+    "chrome://pippki/content/editcacert.xhtml",
+    "",
+    "",
+    gCert
+  );
+  return new Promise((resolve, reject) => {
+    win.addEventListener(
+      "load",
+      function () {
+        executeSoon(() => resolve(win));
+      },
+      { once: true }
+    );
+  });
+}
+
+add_setup(async function () {
+  // Initially trust ca.pem for SSL but not e-mail.
+  gCert = await readCertificate("ca.pem", "CT,,");
+  Assert.ok(
+    gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_SSL
+    ),
+    "Sanity check: ca.pem should be trusted for SSL"
+  );
+  Assert.ok(
+    !gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "Sanity check: ca.pem should not be trusted for e-mail"
+  );
+});
+
+// Tests the following:
+// 1. The checkboxes correctly reflect the trust set in setup().
+// 2. Accepting the dialog after flipping some of the checkboxes results in the
+//    correct trust being set in the cert DB.
+add_task(async function testAcceptDialog() {
+  let win = await openEditCertTrustDialog();
+
+  let sslCheckbox = win.document.getElementById("trustSSL");
+  let emailCheckbox = win.document.getElementById("trustEmail");
+  Assert.ok(sslCheckbox.checked, "Cert should be trusted for SSL in UI");
+  Assert.ok(
+    !emailCheckbox.checked,
+    "Cert should not be trusted for e-mail in UI"
+  );
+
+  sslCheckbox.checked = false;
+  emailCheckbox.checked = true;
+
+  info("Accepting dialog");
+  win.document.getElementById("editCaCert").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    !gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_SSL
+    ),
+    "Cert should no longer be trusted for SSL"
+  );
+  Assert.ok(
+    gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "Cert should now be trusted for e-mail"
+  );
+});
+
+// Tests the following:
+// 1. The checkboxes correctly reflect the trust set in testAcceptDialog().
+// 2. Canceling the dialog even after flipping the checkboxes doesn't result in
+//    a change of trust in the cert DB.
+add_task(async function testCancelDialog() {
+  let win = await openEditCertTrustDialog();
+
+  let sslCheckbox = win.document.getElementById("trustSSL");
+  let emailCheckbox = win.document.getElementById("trustEmail");
+  Assert.ok(!sslCheckbox.checked, "Cert should not be trusted for SSL in UI");
+  Assert.ok(emailCheckbox.checked, "Cert should be trusted for e-mail in UI");
+
+  sslCheckbox.checked = true;
+  emailCheckbox.checked = false;
+
+  info("Canceling dialog");
+  win.document.getElementById("editCaCert").cancelDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    !gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_SSL
+    ),
+    "Cert should still not be trusted for SSL"
+  );
+  Assert.ok(
+    gCertDB.isCertTrusted(
+      gCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "Cert should still be trusted for e-mail"
+  );
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
new file mode 100644
index 0000000000..8e6af27cbb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
@@ -0,0 +1,164 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the UI for setting the password on a to be exported PKCS #12 file:
+//   1. Correctly requires the password to be typed in twice as confirmation.
+//   2. Calculates and displays the strength of said password.
+
+/**
+ * @typedef TestCase
+ * @type {object}
+ * @property {string} name
+ *           The name of the test case for display purposes.
+ * @property {string} password1
+ *           The password to enter into the first password textbox.
+ * @property {string} password2
+ *           The password to enter into the second password textbox.
+ * @property {string} strength
+ *           The expected strength of the password in the range [0, 100].
+ */
+
+/**
+ * A list of test cases representing various inputs to the password textboxes.
+ *
+ * @type {TestCase[]}
+ */
+const TEST_CASES = [
+  { name: "empty", password1: "", password2: "", strength: "0" },
+  { name: "match-weak", password1: "foo", password2: "foo", strength: "10" },
+  {
+    name: "match-medium",
+    password1: "foo123",
+    password2: "foo123",
+    strength: "60",
+  },
+  {
+    name: "match-strong",
+    password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    password2: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    strength: "100",
+  },
+  { name: "mismatch-weak", password1: "foo", password2: "bar", strength: "10" },
+  {
+    name: "mismatch-medium",
+    password1: "foo123",
+    password2: "bar",
+    strength: "60",
+  },
+  {
+    name: "mismatch-strong",
+    password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    password2: "bar",
+    strength: "100",
+  },
+];
+
+/**
+ * Opens the dialog shown to set the password on a PKCS #12 file being exported.
+ *
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openSetP12PasswordDialog() {
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"].createInstance(
+    Ci.nsIWritablePropertyBag2
+  );
+  let win = window.openDialog(
+    "chrome://pippki/content/setp12password.xhtml",
+    "",
+    "",
+    returnVals
+  );
+  return new Promise((resolve, reject) => {
+    win.addEventListener(
+      "load",
+      function () {
+        executeSoon(() => resolve([win, returnVals]));
+      },
+      { once: true }
+    );
+  });
+}
+
+// Tests that the first password textbox is the element that is initially
+// focused.
+add_task(async function testFocus() {
+  let [win] = await openSetP12PasswordDialog();
+  Assert.equal(
+    win.document.activeElement,
+    win.document.getElementById("pw1"),
+    "First password textbox should have focus"
+  );
+  await BrowserTestUtils.closeWindow(win);
+});
+
+// Tests that the password strength algorithm used is reasonable, and that the
+// Accept button is only enabled if the two passwords match.
+add_task(async function testPasswordStrengthAndEquality() {
+  let [win] = await openSetP12PasswordDialog();
+  let password1Textbox = win.document.getElementById("pw1");
+  let password2Textbox = win.document.getElementById("pw2");
+  let strengthProgressBar = win.document.getElementById("pwmeter");
+
+  for (let testCase of TEST_CASES) {
+    password1Textbox.value = testCase.password1;
+    password2Textbox.value = testCase.password2;
+    // Setting the value of the password textboxes via |.value| apparently
+    // doesn't cause the oninput handlers to be called, so we do it here.
+    password1Textbox.oninput();
+    password2Textbox.oninput();
+
+    Assert.equal(
+      win.document.getElementById("setp12password").getButton("accept")
+        .disabled,
+      password1Textbox.value != password2Textbox.value,
+      "Actual and expected accept button disable state should " +
+        `match for ${testCase.name}`
+    );
+    Assert.equal(
+      strengthProgressBar.value,
+      testCase.strength,
+      `Actual and expected strength value should match for ${testCase.name}`
+    );
+  }
+
+  await BrowserTestUtils.closeWindow(win);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(async function testAcceptDialogReturnValues() {
+  let [win, retVals] = await openSetP12PasswordDialog();
+  const password = "fooBAR 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三";
+  win.document.getElementById("pw1").value = password;
+  win.document.getElementById("pw2").value = password;
+  info("Accepting dialog");
+  win.document.getElementById("setp12password").acceptDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    retVals.get("confirmedPassword"),
+    "Return value should signal user confirmed a password"
+  );
+  Assert.equal(
+    retVals.get("password"),
+    password,
+    "Actual and expected password should match"
+  );
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(async function testCancelDialogReturnValues() {
+  let [win, retVals] = await openSetP12PasswordDialog();
+  info("Canceling dialog");
+  win.document.getElementById("setp12password").cancelDialog();
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(
+    !retVals.get("confirmedPassword"),
+    "Return value should signal user didn't confirm a password"
+  );
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
new file mode 100644
index 0000000000..9e4e244123
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
@@ -0,0 +1,312 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the dialog used for loading PKCS #11 modules.
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+const gMockPKCS11ModuleDB = {
+  addModuleCallCount: 0,
+  expectedLibPath: "",
+  expectedModuleName: "",
+  throwOnAddModule: false,
+
+  addModule(moduleName, libraryFullPath, cryptoMechanismFlags, cipherFlags) {
+    this.addModuleCallCount++;
+    Assert.equal(
+      moduleName,
+      this.expectedModuleName,
+      "addModule: Name given should be what's in the name textbox"
+    );
+    Assert.equal(
+      libraryFullPath,
+      this.expectedLibPath,
+      "addModule: Path given should be what's in the path textbox"
+    );
+    Assert.equal(
+      cryptoMechanismFlags,
+      0,
+      "addModule: No crypto mechanism flags should be passed"
+    );
+    Assert.equal(cipherFlags, 0, "addModule: No cipher flags should be passed");
+
+    if (this.throwOnAddModule) {
+      throw new Error(`addModule: Throwing exception`);
+    }
+  },
+
+  deleteModule(moduleName) {
+    Assert.ok(false, `deleteModule: should not be called`);
+  },
+
+  getInternal() {
+    throw new Error("not expecting getInternal() to be called");
+  },
+
+  getInternalFIPS() {
+    throw new Error("not expecting getInternalFIPS() to be called");
+  },
+
+  listModules() {
+    throw new Error("not expecting listModules() to be called");
+  },
+
+  get canToggleFIPS() {
+    throw new Error("not expecting get canToggleFIPS() to be called");
+  },
+
+  toggleFIPSMode() {
+    throw new Error("not expecting toggleFIPSMode() to be called");
+  },
+
+  get isFIPSEnabled() {
+    throw new Error("not expecting get isFIPSEnabled() to be called");
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPKCS11ModuleDB"]),
+};
+
+const gMockPromptService = {
+  alertCallCount: 0,
+  expectedText: "",
+  expectedWindow: null,
+
+  alert(parent, dialogTitle, text) {
+    this.alertCallCount++;
+    Assert.equal(
+      parent,
+      this.expectedWindow,
+      "alert: Parent should be expected window"
+    );
+    Assert.equal(dialogTitle, null, "alert: Title should be null");
+    Assert.equal(
+      text,
+      this.expectedText,
+      "alert: Actual and expected text should match"
+    );
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPromptService"]),
+};
+
+var gMockPKCS11CID = MockRegistrar.register(
+  "@mozilla.org/security/pkcs11moduledb;1",
+  gMockPKCS11ModuleDB
+);
+var gMockPromptServiceCID = MockRegistrar.register(
+  "@mozilla.org/prompter;1",
+  gMockPromptService
+);
+
+var gMockFilePicker = SpecialPowers.MockFilePicker;
+gMockFilePicker.init(window);
+
+var gTempFile = Services.dirsvc.get("TmpD", Ci.nsIFile);
+gTempFile.append("browser_loadPKCS11Module_ui-fakeModule");
+
+registerCleanupFunction(() => {
+  gMockFilePicker.cleanup();
+  MockRegistrar.unregister(gMockPKCS11CID);
+  MockRegistrar.unregister(gMockPromptServiceCID);
+});
+
+function resetCallCounts() {
+  gMockPKCS11ModuleDB.addModuleCallCount = 0;
+  gMockPromptService.alertCallCount = 0;
+}
+
+/**
+ * Opens the dialog shown to load a PKCS #11 module.
+ *
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          the window of the opened dialog.
+ */
+function openLoadModuleDialog() {
+  let win = window.openDialog(
+    "chrome://pippki/content/load_device.xhtml",
+    "",
+    ""
+  );
+  return new Promise(resolve => {
+    win.addEventListener(
+      "load",
+      function () {
+        executeSoon(() => resolve(win));
+      },
+      { once: true }
+    );
+  });
+}
+
+/**
+ * Presses the browse button and simulates interacting with the file picker that
+ * should be triggered.
+ *
+ * @param {window} win
+ *        The dialog window.
+ * @param {boolean} cancel
+ *        If true, the file picker is canceled. If false, gTempFile is chosen in
+ *        the file picker and the file picker is accepted.
+ */
+async function browseToTempFile(win, cancel) {
+  gMockFilePicker.showCallback = () => {
+    gMockFilePicker.setFiles([gTempFile]);
+
+    if (cancel) {
+      info("MockFilePicker returning cancel");
+      return Ci.nsIFilePicker.returnCancel;
+    }
+
+    info("MockFilePicker returning OK");
+    return Ci.nsIFilePicker.returnOK;
+  };
+
+  info("Pressing browse button");
+  win.document.getElementById("browse").doCommand();
+  await TestUtils.topicObserved("LoadPKCS11Module:FilePickHandled");
+}
+
+add_task(async function testBrowseButton() {
+  let win = await openLoadModuleDialog();
+  let pathBox = win.document.getElementById("device_path");
+  let originalPathBoxValue = "expected path if picker is canceled";
+  pathBox.value = originalPathBoxValue;
+
+  // Test what happens if the file picker is canceled.
+  await browseToTempFile(win, true);
+  Assert.equal(
+    pathBox.value,
+    originalPathBoxValue,
+    "Path shown should be unchanged due to canceled picker"
+  );
+
+  // Test what happens if the file picker is not canceled.
+  await browseToTempFile(win, false);
+  Assert.equal(
+    pathBox.value,
+    gTempFile.path,
+    "Path shown should be same as the one chosen in the file picker"
+  );
+
+  await BrowserTestUtils.closeWindow(win);
+});
+
+function testAddModuleHelper(win, throwOnAddModule) {
+  resetCallCounts();
+  gMockPKCS11ModuleDB.expectedLibPath = gTempFile.path;
+  gMockPKCS11ModuleDB.expectedModuleName = "test module";
+  gMockPKCS11ModuleDB.throwOnAddModule = throwOnAddModule;
+
+  win.document.getElementById("device_name").value =
+    gMockPKCS11ModuleDB.expectedModuleName;
+  win.document.getElementById("device_path").value =
+    gMockPKCS11ModuleDB.expectedLibPath;
+
+  info("Accepting dialog");
+  win.document.getElementById("loaddevice").acceptDialog();
+}
+
+add_task(async function testAddModuleSuccess() {
+  let win = await openLoadModuleDialog();
+
+  testAddModuleHelper(win, false);
+  await BrowserTestUtils.windowClosed(win);
+
+  Assert.equal(
+    gMockPKCS11ModuleDB.addModuleCallCount,
+    1,
+    "addModule() should have been called once"
+  );
+  Assert.equal(
+    gMockPromptService.alertCallCount,
+    0,
+    "alert() should never have been called"
+  );
+});
+
+add_task(async function testAddModuleFailure() {
+  let win = await openLoadModuleDialog();
+  gMockPromptService.expectedText = "Unable to add module";
+  gMockPromptService.expectedWindow = win;
+
+  // The exception we throw in addModule is first reported as an uncaught
+  // exception by XPConnect before an exception is propagated to the actual
+  // caller.
+  expectUncaughtException(true);
+
+  testAddModuleHelper(win, true);
+  expectUncaughtException(false);
+  // If adding a module fails, the dialog will not close. As such, we have to
+  // close the window ourselves.
+  await BrowserTestUtils.closeWindow(win);
+
+  Assert.equal(
+    gMockPKCS11ModuleDB.addModuleCallCount,
+    1,
+    "addModule() should have been called once"
+  );
+  Assert.equal(
+    gMockPromptService.alertCallCount,
+    1,
+    "alert() should have been called once"
+  );
+});
+
+add_task(async function testCancel() {
+  let win = await openLoadModuleDialog();
+  resetCallCounts();
+
+  info("Canceling dialog");
+  win.document.getElementById("loaddevice").cancelDialog();
+
+  Assert.equal(
+    gMockPKCS11ModuleDB.addModuleCallCount,
+    0,
+    "addModule() should never have been called"
+  );
+  Assert.equal(
+    gMockPromptService.alertCallCount,
+    0,
+    "alert() should never have been called"
+  );
+
+  await BrowserTestUtils.windowClosed(win);
+});
+
+async function testModuleNameHelper(moduleName, acceptButtonShouldBeDisabled) {
+  let win = await openLoadModuleDialog();
+  resetCallCounts();
+
+  info(`Setting Module Name to '${moduleName}'`);
+  let moduleNameBox = win.document.getElementById("device_name");
+  moduleNameBox.value = moduleName;
+  // this makes this not a great test, but it's the easiest way to simulate this
+  moduleNameBox.onchange();
+
+  let dialogNode = win.document.querySelector("dialog");
+  Assert.equal(
+    dialogNode.getAttribute("buttondisabledaccept"),
+    acceptButtonShouldBeDisabled ? "true" : "", // it's a string
+    `dialog accept button should ${
+      acceptButtonShouldBeDisabled ? "" : "not "
+    }be disabled`
+  );
+
+  return BrowserTestUtils.closeWindow(win);
+}
+
+add_task(async function testEmptyModuleName() {
+  await testModuleNameHelper("", true);
+});
+
+add_task(async function testReservedModuleName() {
+  await testModuleNameHelper("Root Certs", true);
+});
+
+add_task(async function testAcceptableModuleName() {
+  await testModuleNameHelper("Some Module Name", false);
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem b/security/manager/ssl/tests/mochitest/browser/ca.pem
new file mode 100644
index 0000000000..91233a79dd
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUW0tAkXslaf5AkE2ROwvnEvMo79MwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA/1uiRtJJ6gASZfaGdmjTgHNnG
+OX3VBb8CGbu7yrmlUU0/oiH9BHb9/gq+Gwwcjg++2AEmUWd4damMXKUtRzouP6dV
+Z02jnExdXqq3xLDP71/bY3eneqg/KVIv3wDaHhatmVqWB4oy4itNmvVbbtCjUOyX
+DF3RM5HPQEDjMJO0TjKZMXp5HbyggAvGTbyw6kz+6EVuxxhFqVq1bti1CU4tGBdk
+b6ZOVQhxgJljogn70syXX+CUuUtu9+ufklWQjMtITjBKTSP5cg/NMnKrAL7dF30n
+aUcXz8fpmzjseQjk6uzkDYSFW2HiQtMHKhpCOXAoZ0hGtQ4BXhyhScK2sSB8
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec
new file mode 100644
index 0000000000..6660f5d478
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem b/security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem
new file mode 100644
index 0000000000..d5a039da41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDETCCAfmgAwIBAgIUAee5xOtLu81Y/SiLJ0STt50RMT8wDQYJKoZIhvcNAQEL
+BQAwQTEoMCYGA1UEAwwfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEV
+MBMGA1UECwwMSW50ZXJtZWRpYXRlMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCcxJTAjBgNVBAMMHGNsaWVudCBjZXJ0IHZpYSBpbnRlcm1lZGlh
+dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUA
+A4IBAQCE6MA6Fdz6xzNIKqV043/urSVLkVeUAwcSeezuQ3/mTOxP1tj5wtNj+Uso
+hS30XJT3geaVlNnr64+tHthJ0MC23lwEwVNPr6xGXfaFPeaw/ummrTPjhZYXWNKm
+oTmavnj5izA/czrwE0drzPSEKM36yX9xwf8iGAiKFpzYZkjX/0+KuG0rPm7Qgvcg
+fWY17qK3aQKJea/J+i1S4pKjiMxqigXdskTcyvwruagfSRXPbVjVhsmdObWFCcsE
+ry7PbOg9yMkjX4UkUOs2PqYjvRD9MqEIMJelBhi1wdi/TKVCAcvHb7MxYH+LP1Qw
+Pi1oYACb5mW9qKKClpSHxNr04NWA
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem.certspec b/security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem.certspec
new file mode 100644
index 0000000000..cab2448889
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/client-cert-via-intermediate.pem.certspec
@@ -0,0 +1,3 @@
+issuer:/CN=Temporary Certificate Authority/OU=Intermediate
+subject:client cert via intermediate
+extension:extKeyUsage:clientAuth
diff --git a/security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem b/security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem
new file mode 100644
index 0000000000..78286e0d36
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjCgAwIBAgIUU6sY262PVGY54q2FxUD1ZqmwIiMwDQYJKoZIhvcNAQEL
+BQAwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAw
+MFowKzEpMCcGA1UEAwwgY2xpZW50IGNlcnQgd2l0aCBPQ1NQU2lnbmluZyBla3Uw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjITAfMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDCTANBgkqhkiG
+9w0BAQsFAAOCAQEAE6gT6G/Ib4Pw2nTE++I4CpRBEkkAct39JNzsyBvT2ShM29V8
+iQkqQDszpvwc3ftnVwF4FI/darsiE1uaLs2POr2MuJjXKMkxfnlCCEaKMvOMBekK
+Ybm5zo01YYoybiPgPWX3p19nkNcHBSCmWWHt1t96JNtFJobBU0gszx5x1l7FFYOZ
+xq5F9nbczqeFhKU9YSYwk0wOpALCRy9VLiuWQtoqMFa8gfSbfpAPn2avIy989/dS
+Zn8joPmWmCNsplAwXlzHffZZgg1EcnajsjxMjSjDMIt3IbTM+uWA8qfTKdu4vDdc
+541L1ma1kZAe97/gRaNzpCZGaGGSJz9TfhHlaQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem.certspec b/security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem.certspec
new file mode 100644
index 0000000000..5cbd5af8f0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/client-cert-with-ocsp-signing.pem.certspec
@@ -0,0 +1,3 @@
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+subject:client cert with OCSPSigning eku
+extension:extKeyUsage:clientAuth,OCSPSigning
diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem b/security/manager/ssl/tests/mochitest/browser/code-ee.pem
new file mode 100644
index 0000000000..cf541b540b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAbCgAwIBAgIUH6zK9zay4frBqO9qURd3GUeWak8wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEjEQMA4GA1UEAwwHY29kZS1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMXMBUwEwYDVR0lBAwwCgYI
+KwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBABr4gvRF8SN/dO2YGh6DchN50cLl
+Om6d82KA3LgBcLgFOcDMldtUf1maAJxh+Me1mipsJ3RlnWXoummcol61G+xO2Hjb
+uruw6+ttoNwOX80QvOYwRX5NABpGOxb7pReUFCiWO63Hve/pSjN+EP/2OGF5ndQb
+Qlo81qFePb1ylr0Ebmz6C1zasWiciS7+NPuyCxDu1UHdbBmeqrFJxi7hTvmYuLYB
+HRFJqQy4sogCOBHiBiH5iclkUmM/+c9CuyiCuqLFCLiay6qgBvYCn3hLPJVMIrl6
+/Y5Y+XEAOevaKjXsSCcyu4r89mChPYFKAhucqFN6QrNxHm9vIyfaL5E0dEg=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec
new file mode 100644
index 0000000000..93f9a84265
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:code-ee
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem
new file mode 100644
index 0000000000..326888f61d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaqgAwIBAgIUZ0P6GYwMhwdeVdDdwsrrm9WDMpIwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKZXhwaXJlZC1jYTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIw
+MjQwMjA1MDAwMDAwWjAdMRswGQYDVQQDDBJlZS1mcm9tLWV4cGlyZWQtY2EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBAGdIC3QGmFDHvbj90BWGTwtmOncA6bThMES6
+OPyPTSWcoDa5hnvqi3UsX3O6c+cA2FB80Bop479wgtcGKZq9p7zzXtZRdqHW6xQa
+BMO7I04hU0rJXgqRnbjgpf4v5JIoLWLDdzqOs+51VGANSBAuKMg39mXifskKTjcf
+E3wGCikRxKN7Z1NyB6roRBTIdMwG6tTbJ/ZyqZNkt6aqw8kEXZNqm5unzD8PyMmm
+AUiaXMZrplfWAO8RKnmWyYJzAFp1oVZHf3dTrQ8GUVbSBaKlI9+p1jdVmDkzgUNo
+Y/OOflG7uWEsdKUq3gbooFMusQpyjMZtKxe1HutK12jPnK9DEy0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec
new file mode 100644
index 0000000000..3e280fc4fc
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec
@@ -0,0 +1,2 @@
+issuer:expired-ca
+subject:ee-from-expired-ca
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem
new file mode 100644
index 0000000000..0eda6fea83
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIUReDMx4rhamCnCZ1c4abV5C8OwPIwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMdW50cnVzdGVkLWNhMCIYDzIwMjExMTI3MDAwMDAwWhgP
+MjAyNDAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWZyb20tdW50cnVzdGVkLWNh
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA8nC2eyCl4TwO6oKmyBGxZ/nkin+RW
+aSa/iHz1qov/nfHisxzTeKCUPvRBfTWR1jCLvnii89CjcQCoTfM+P/lrmGe0VffJ
+/Czmi6nkV5IaK2l0lXnpjSuIwpreqTziC4U3VA1TYCF8afN5y66r87X3t8YEjvGD
+Ypn6pTYApHLKt7qJ+lfMkdSlgDvbgMgdBHRSayF0Be8icuoC0pQFZXHlA81Wvao9
+vDskHxrla2QEUJ3GnxYG2oaQTsNIVW5SjgqRpFJAYWTXjJpUKI8VR3U0h3vLbcXr
+esF+fzYlIKJFE13WCo6Tf1cvPU2wWZeB6hi3iC3VniEUtp+T94VhVLAG
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec
new file mode 100644
index 0000000000..833e1a23a6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec
@@ -0,0 +1,2 @@
+issuer:untrusted-ca
+subject:ee-from-untrusted-ca
diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem b/security/manager/ssl/tests/mochitest/browser/email-ee.pem
new file mode 100644
index 0000000000..8b9448c6a7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUYa+qat2+K6UrReFkeL4gpZvziCkwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEzERMA8GA1UEAwwIZW1haWwtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjFzAVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQChV2j3U91RsK4oxoBwFf562R9g
+CARt6olvETxlle+NMeN7JqiWOKo9ReTgPpwu1f6Eg4t1L8QljHXBAcv4rbtFa+Nt
+h2UjxEklRqp/A3FnIB5SMeU0PE5WyKVLe5k3+I4b1+k9J2HxOEUBdDLYjRQ5KWh5
+iDbOhlGacLnElGyzntmIy6asH9wLYmrF2ZvYcvIrvX/o/+MkTGMRwDsA/eeaQbK5
+sNwkAxfvMiSkXZlGdfDPeMNYTP0SwsTwJKtlLKBxmHkF+tzjZqWYBr+vM2eWiIRl
+WYWzVJWmvTlWI04Lpd+R6Oc9vvxFhxXO5VzXzJpAllmbA2FVs+x3sRRakGWd
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec
new file mode 100644
index 0000000000..82e3296706
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:email-ee
+extension:extKeyUsage:emailProtection
diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem
new file mode 100644
index 0000000000..e019b37127
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUS6xUkMzG2REizII2g+VecO/KqX8wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDExMDEwMTAw
+MDAwMFowFTETMBEGA1UEAwwKZXhwaXJlZC1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABJdjrt25wocw4aP
+eR1kZuu3WS0bKfuvhQQPFkAG+HYSC5eu0OriQCRlxn+qHY7du9dePcD6DTMDIVDW
+r+oBJ9BwCEREyTcV8AEaHdcTAakXOMhq6OOltl6HUu3lSlqRslzAhtl1chM0P8m1
+Aj+ceOkCFHvnsDd+zcSP75u8zzJKypSWQwAg/i5S0BNLOWYarPiczuYi4HAOpwtX
+QqlmDNMYySqPFfH72BuQdCLuviBXmMP8/kOouBNP4ti06RR88XgqfoL/jV4gkIM7
+92hXt0WpS/QffjWzLaej39YhW4pMZ+hF4bk9nUCtN/MHtg8WDj1CgfSJZegrl28W
+3riMotA=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec
new file mode 100644
index 0000000000..15bdcd7d73
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:expired-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+validity:20100101-20110101
diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem b/security/manager/ssl/tests/mochitest/browser/has-cn.pem
new file mode 100644
index 0000000000..cccd8f92cc
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAbygAwIBAgIUNYIXTgcbtso82Swb2ciZEygN0ScwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowNzEMMAoGA1UEAwwDRm9vMQwwCgYDVQQLDANCYXIxDDAKBgNVBAoMA0Jh
+ejELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFqub/ejjAfj
+tWZuXDCKchVrxiN2PljQe5uKepmkFFvlOt3nkTTvZdvvUd5QTwRdrg6HcPx075SZ
+uj0SzzuBSJrz99zbbkspHnT2l2R47kYx8P3FNodUCYcnnpAJlPIaVOxGR1ul9ZZb
++qz1OMaysszwOPCRwx2OKi+cj3SuVvGFwzDBaLkJkljQyWyuOihJJXKoc/D1MUIc
+nyakQkwEawb63cYE5OfaBQe+hL2Inm2a5CmXR+N8+/Sac85Azd1I3TisYnfiaHZD
+j0yGMhIQ1d3qV8jZQDTgg1qImG35/paBDCZOlvuz+IlwpGmE/Cvvj2ujmpPP8mh/
+kDAob3uIchA=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec
new file mode 100644
index 0000000000..a4a0fcb5fa
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/CN=Foo/OU=Bar/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem
new file mode 100644
index 0000000000..de3a247a5c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICijCCAXKgAwIBAgIBCjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJjYTAi
+GA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAAMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqG
+SIb3DQEBCwUAA4IBAQBxrxn5lQCA9h/kx9uR5rX0DtEpdOHyHHMQlJu33NZjC3mc
+PStwcsTDPCM6TCgu4rqmPrYQuw/YN6sUoSiD8jD5ywz/8UEeAlHpi7j/3zLL2mhw
+8f+gu96NSAMmbSg8gBXPMca7uZ4FbDP8h5Aa6d+cT0xSlbhyD5OXIdVN1ju4daR/
+Qab/ksmLvVH6l2yWN72ZaEUpn1bCbpW1CWCJMuGzFExQxP4HO7SO0yOCw+1DRfzU
+oRjXYlj51CTEWqUNa5lqLnRjIiyP+ahH73nbLCubggPQhrI6iMhB8IaWjew3SIgM
+UCaTOOQmM6tpObDSVyHtuiEDWPasyC8yVvMy5LRI
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec
new file mode 100644
index 0000000000..6346f7b83a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:
+serialNumber:10
diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem
new file mode 100644
index 0000000000..af8b89c4b9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZKgAwIBAgIUJ9bwAWFp2jt506L4XfpDxTkpK/swDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGmf
+8XVFVrwdXfdlJsMkFh7dvT3I2Eh4MFFeETf8rKe9lVIFv0B3IjJzXE+wjc/BpEPY
+Yhh/1Bhi+SBSMUuxUwwmOmLhcUQNMVbWhy3n5JoOyt0tq9KsgjrUEFVcmz0eoWbd
+/NkiaDsKp7d8Nvuz1JEX0JLZf+JpyoMG8gT2Qxl2QZeY2z0BsnHnfTzsoARm9nZP
+cMhH9scqoVbPEEST5PlgB0Z8T2974fH9VHNFdbaml37p7aQMnt+g/NusKEXZlcTJ
+bIN7pQyp9rkCQV9Tiw5EvnZK0AWQF6ymL9WD7O5reyPzQ6kvRNJrmxKzs9mocj9J
+Y4fc7KGQ3CBwfGEHLdg=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec
new file mode 100644
index 0000000000..cc1b668a63
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem b/security/manager/ssl/tests/mochitest/browser/has-o.pem
new file mode 100644
index 0000000000..55353b8eb7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaCgAwIBAgIUaRRl+1wXs1a/UB82ZaCqoPtH0NswDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGzEMMAoGA1UECgwDQmF6MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAoZ6x5m03rOaM4Z2H1ZCu0gLLdoPgYvbTYvDQBMzea84mT8Zz
+D7UKQGIA2o72dhQY7xzs1rhNZJlog/hP/Xtve9vN/do2QPOlTuK/bKV92CdW3B+J
+D0xn8FM8qoMkFnwAIojhuRHJ5/CrnSrbBj5DPTBOktYW2mLGvFvMvGkZe0IMcSKO
+LhOrP1ZBn0jWGGmuGdtFnyiV2IGZMoXIYHGYWLLvzMbesNY3P90tWnzc1m8TTWZg
++KTj479e2DvWsxvVu5rG+oMLI65m+YbMmz93R7BYfO3exkzVK6ZDmZvxr5ggivCw
+HsselmxKcSpJbJuY6DvRtu9TwS3NJwCQJMJwPQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec
new file mode 100644
index 0000000000..f7cc3ffc73
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem b/security/manager/ssl/tests/mochitest/browser/has-ou.pem
new file mode 100644
index 0000000000..7fc4dc3a64
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIUU4uHxO/2rTwK9zo7UktMNOPJfP0wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowKTEMMAoGA1UECwwDQmFyMQwwCgYDVQQKDANCYXoxCzAJBgNVBAYTAlVT
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAv92wXP+0GoQ1xAUFK2uijpyx+3dwb
+EaNQ10Ny8PQ7u/Vu7xPq3seYp4eVmJphQGzfS2oPMyqKrLI3E++2ohThqdE5NJQd
+voXGTrAvNgAVlW1l3E/KIUs/CChG9gO+iPBbWUJ7oklajESuJmHFefP7pFsmrkRI
+7yaB04F63ymPJIwBboVPFks0HPmf1veTXzi85Lm2rr8Y6+yk4REIkvF2RdWYhAmZ
+PoXSmfcBxuZlG0+tRu7ZzfyhLCQIeunJjyXeJiVEpd2/ISlP+tQUs9RNEc6eQnUO
+Uszfc7n1zKcWnykyEDaa9P8DW0RIUjqy6cfVaFDI4I5Vv8S5f/fU/HVM
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec
new file mode 100644
index 0000000000..8879dabf51
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/OU=Bar/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/head.js b/security/manager/ssl/tests/mochitest/browser/head.js
new file mode 100644
index 0000000000..1ae951d7a5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/head.js
@@ -0,0 +1,82 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+/**
+ * List of certs imported via readCertificate(). Certs in this list are
+ * automatically deleted from the cert DB when a test including this head file
+ * finishes.
+ *
+ * @type {nsIX509Cert[]}
+ */
+var gImportedCerts = [];
+
+registerCleanupFunction(() => {
+  for (let cert of gImportedCerts) {
+    gCertDB.deleteCertificate(cert);
+  }
+});
+
+// This function serves the same purpose as the one defined in head_psm.js.
+function pemToBase64(pem) {
+  return pem
+    .replace(/-----BEGIN CERTIFICATE-----/, "")
+    .replace(/-----END CERTIFICATE-----/, "")
+    .replace(/[\r\n]/g, "");
+}
+
+/**
+ * Given the filename of a certificate, returns a promise that will resolve with
+ * a handle to the certificate when that certificate has been read and imported
+ * with the given trust settings.
+ *
+ * Certs imported via this function will automatically be deleted from the cert
+ * DB once the calling test finishes.
+ *
+ * @param {string} filename
+ *        The filename of the certificate (assumed to be in the same directory).
+ * @param {string} trustString
+ *        A string describing how the certificate should be trusted (see
+ *        `certutil -A --help`).
+ * @returns {Promise}
+ *         A promise that will resolve with a handle to the certificate.
+ */
+function readCertificate(filename, trustString) {
+  return IOUtils.readUTF8(getTestFilePath(filename)).then(
+    pem => {
+      let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+        Ci.nsIX509CertDB
+      );
+      let base64 = pemToBase64(pem);
+      certdb.addCertFromBase64(base64, trustString);
+      let cert = certdb.constructX509FromBase64(base64);
+      gImportedCerts.push(cert);
+      return cert;
+    },
+    error => {
+      throw error;
+    }
+  );
+}
+
+/**
+ * Asynchronously opens the certificate manager.
+ *
+ * @returns {Window} a handle on the opened certificate manager window
+ */
+async function openCertManager() {
+  let win = window.openDialog("chrome://pippki/content/certManager.xhtml");
+  return new Promise((resolve, reject) => {
+    win.addEventListener(
+      "load",
+      function () {
+        executeSoon(() => resolve(win));
+      },
+      { once: true }
+    );
+  });
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/hsts_headers.sjs b/security/manager/ssl/tests/mochitest/browser/hsts_headers.sjs
new file mode 100644
index 0000000000..95eede25f0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/hsts_headers.sjs
@@ -0,0 +1,16 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+function handleRequest(request, response) {
+  let hstsHeader = "max-age=300";
+  if (request.queryString == "includeSubdomains") {
+    hstsHeader += "; includeSubdomains";
+  }
+  response.setHeader("Strict-Transport-Security", hstsHeader);
+  response.setHeader("Pragma", "no-cache");
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Content-Type", "text/html", false);
+  response.setStatusLine(request.httpVersion, 200);
+  response.write("<!DOCTYPE html><html><body><h1>Ok!</h1></body></html>");
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/hsts_headers_framed.html b/security/manager/ssl/tests/mochitest/browser/hsts_headers_framed.html
new file mode 100644
index 0000000000..5a0791557b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/hsts_headers_framed.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+  "use strict";
+
+  let src = document.location.href.replace("hsts_headers_framed.html", "hsts_headers.sjs");
+  if (document.location.search == "?third-party") {
+    src = src.replace("example.com", "example.org");
+  }
+  let frame = document.createElement("iframe");
+  frame.setAttribute("src", src);
+  frame.onload = () => {
+    let done = document.createElement("h1");
+    done.textContent = "done";
+    done.setAttribute("id", "done");
+    document.body.appendChild(done);
+  };
+  document.body.appendChild(frame);
+</script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/browser/intermediate.pem b/security/manager/ssl/tests/mochitest/browser/intermediate.pem
new file mode 100644
index 0000000000..08d8d31c9f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/intermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIUFfVirSKu6HtZb2LYCmJb2aHMq0wwDQYJKoZIhvcNAQEL
+BQAwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAw
+MFowQTEoMCYGA1UEAwwfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEV
+MBMGA1UECwwMSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsG
+A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAdKOLt5qF0rjrdg+yVRYeeFQM
+wF2w3aYSqjFLC0pxjYxta3TZVYA8JsErqIefsaU+lvURUFpAZxBhocySXOOkjhdo
+BtJDa5XpPmcRbLpj3YmL1TxBsgkyVJyWHg8RczxE2RckROAIrk/EoQU7yi4kjXxr
+g/uaxekzGYq2dysPR4+Pm1HfnpBRXVQ20P77AJmYrB6HFGHTXR7FsU2CdXQU5D4K
+UfmyBbJA2jfZZLl05rPkJNHCoI3WWdMDyGEMo+cuYJ3/lfPE7k7LGANrn1fUkC8u
+RgXoGKW/UBpLGsluYwMDiSGrsUe2G3Iv63K0Z+HYEMs/Ez03ueph5R2aanVeHQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/intermediate.pem.certspec b/security/manager/ssl/tests/mochitest/browser/intermediate.pem.certspec
new file mode 100644
index 0000000000..a562814041
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/intermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+subject:/CN=Temporary Certificate Authority/OU=Intermediate
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem b/security/manager/ssl/tests/mochitest/browser/invalid.pem
new file mode 100644
index 0000000000..0fabf3e81c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaigAwIBAgIUTcJUGOsO/pcSk2CcjS3L0FXun4swDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEjEQMA4GA1UEAwwHaW52YWxpZDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4IBAQAHRQ4x0bpexE1zpa7fbvNqxmhR8ybYTMVEHveL
+NxAhaxpvN2wjIRbB5VsAk38UunB3J3RvqkmOHYvGwCJZNQhe0RUsg+yCh+yK3bSe
+30Q0uKXdqqtAsCyBhTBxp3hqFzaJgz9hzUUAqSHHCO8jZUugu+RNq2uv6bMYBY1S
+YW2QiJG1yur2PLtQsG+NCd+S/4KDi+7N1w+5rD/CtDD0H0vAVvXXNuIjUjFuADlV
+hghm2rF5N7i5T1mroDeQT2l89XEQghB+cGtdgbzOBucAI8v3rOV/Qg8xk1l61nYz
+8xh7zBXdrByqd1mtTnyOBtzNIjLLveqgQxo1QIKh19vYrW3k
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec
new file mode 100644
index 0000000000..71a1707c35
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:invalid
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/browser/longOID.pem b/security/manager/ssl/tests/mochitest/browser/longOID.pem
new file mode 100644
index 0000000000..d199f88a01
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/longOID.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgIUbSwzdRwYtipF7m7s7eZIseaX64wwDQYJKoZIhvcNAQEL
+BQAwEzERMA8GA1UEAwwITG9uZyBPSUQwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0
+MDIwNTAwMDAwMFowEzERMA8GA1UEAwwITG9uZyBPSUQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjggGQMIIBjDAM
+BgNVHRMEBTADAQH/MIIBegYDVR0gBIIBcTCCAW0wggFpBoIBZSqD3OuTf4Pc65N/
+g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zr
+k3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D
+3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuT
+f4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc
+65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/
+g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zr
+k3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D
+3OuTf4Pc65N/ATANBgkqhkiG9w0BAQsFAAOCAQEAbq2wf1RHXZAU9iD60DX8B52M
+zz0n2Bv3R4rmqJeoFlvgRhnInb0c5N5ceqbjzGE2QTEmjgDhyy5wiU70yLblkyNz
+IWxYxg3Qzjfcibt9AQYYoHXS8rEAKJ5oTWrVExPLCsSnmzL8TDwEb9v/noOwdilU
+98BD3H+5hQMiYZIVo66Jq5uexLV69DH0+pI1n68pKtFtABpX1grjhEVC670mb5uO
+YoMl4GGqFhkmFwpiOcFKcvESfHZdUhzTiPa86rU8LGfA5YyaQMStUWb6jFaCt+LK
+bKyf4De9/3XZpsRoPX7VscBtBLhhnvZERkITAt1ovbZmX4IY9Yh6Jo7Z9urzqg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/longOID.pem.certspec b/security/manager/ssl/tests/mochitest/browser/longOID.pem.certspec
new file mode 100644
index 0000000000..c3c08ac84b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/longOID.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Long OID
+subject:Long OID
+extension:basicConstraints:cA,
+extension:certificatePolicies:1.2.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.1
diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem
new file mode 100644
index 0000000000..b65bd1a9e9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZagAwIBAgIUU6LuY45SDmIYSOVybKlfPm4PkDMwDQYJKoZIhvcNAQEE
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowETEPMA0GA1UEAwwGbWQ1LWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqGSIb3DQEBBAUAA4IB
+AQCmzCGveXJAR75YgRtydRG1y2yxonzm5bKb1sdk4y0Oma7cMeibR7QAz8kCxu3J
+jqc7B1f7G2RD0uWe7Am8diTfPiuDhTJY9kSFqiigrdFB7tpvWUYbfo+jSnfXK8+o
+jhaNGAqz42yrcwxyUHTzUG1jSe6bQYoQu3evJTb31g6VYCHG+QcF5BUMKu3MkCQ6
+L5dK4+4m6ocLycTBGXkcjf0PEhYkyUN2rSYPykNMkEdYx3VVNLbnMqVkC1ozqA4U
+AZuTAZmDeGPzOPtEm85x730nO1DH2MJClZcNHc5iEUiTD3B78EJAtPdgBRfvf6K/
+BCCj6SSNUceqcvU1DkB9tj4U
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec
new file mode 100644
index 0000000000..279c158026
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:md5-ee
+signature:md5WithRSAEncryption
diff --git a/security/manager/ssl/tests/mochitest/browser/moz.build b/security/manager/ssl/tests/mochitest/browser/moz.build
new file mode 100644
index 0000000000..67b1ac4bbb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/moz.build
@@ -0,0 +1,7 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+BROWSER_CHROME_MANIFESTS += ["browser.ini"]
diff --git a/security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem b/security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem
new file mode 100644
index 0000000000..8017659689
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIUIVidj/ZVgLtZWGWK7cZ8hRvkLCIwDQYJKoZIhvcNAQEL
+BQAwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAw
+MFowajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
+AgH+MA0GCSqGSIb3DQEBCwUAA4IBAQBbElkqm+Dtof/toa8F2jT0n4u+MSeVCV8v
+uGzZb34g8j/VPNKqaX3KYFqKhRjQvG/ScFn2xQRVEaX402qCPZkrSFNI0+sGERBo
+MydN0awvZEWn3AEMccbXH7ZzBXNAqu7iNtkUns0Gde9S362ejlEXhlEewFQhhlEs
+LBzUrjiW8AiKG8keFiajEgO8yDbtEjy8z9MPkK23oLBgtVQtg1GO3X2rUxHGZwkE
+Ck8ikXVoaw7olYchAhwFTYtbK7+Pwq1U6Rs/1CWSla++6SAh/uasDnnDziLJj3z+
+MBv2WVFfBpRTCr0IdF/fOqsC5utncdXZe8qwViS5/JzZbySctrbO
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem.certspec b/security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem.certspec
new file mode 100644
index 0000000000..4def496f67
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/pgo-ca-all-usages.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+subject:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem b/security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem
new file mode 100644
index 0000000000..502632f5a3
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIUU34Ahx5Y3OrxTZ8Zij+34BQHt4AwDQYJKoZIhvcNAQEL
+BQAwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAw
+MFowajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCqS4h6tvzNQUKlLt3gdUuOjviVTfOhc2qA
+w0TmWZUY2DDfIo1jggqH2yIikPGByOfkEJ3VICRk0N6Ivk6Nh3EZyp/mmebpGOIV
+Qz9itOzknvny33LwVFovwer4hnHXGKIrcGDIORNWt6BGJ0oREji6bZ8Py12ZuMJ3
+stXdKN3bOrVqrDbCBAmaXuqtngpob5TRCP5/6WJDaFE3JjKOpY+JIwXFSotA+/PO
+aNRF5kGRyBsuESb3l5UNMckwMZedxYCndT4ntGxoA/YJ/lo0boqaP4lVqpbabIqp
+G42FXocz+dpeWPZYFZEx/hNBQRqXNegIuzv7U4rdeHfbuyxDJhXo
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem.certspec b/security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem.certspec
new file mode 100644
index 0000000000..448e167bd0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+subject:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem b/security/manager/ssl/tests/mochitest/browser/revoked.pem
new file mode 100644
index 0000000000..db8fca458a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZegAwIBAgIUOZGi7rHuV7JtJp8SD/Di7lbe3vkwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEjEQMA4GA1UEAwwHcmV2b2tlZDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEAYK8T1YdY7LQ42fkIm48FNnEduEul9ISTjgqpcGscFAEaUtlfb+LoYFXJJh1M
+rcw1WtNaMoA7UMjnj6+18RXi6wTuJiCK9RiLdBFDbZUf8mbavbf69WAwgW1ekT5P
+KNZ+OCQAbw2F41u3MTA4tEybPd9I/fkUiuHwVAFQh4seSOq5WGuu1INgEhHd27R9
+zLRVw37WZIo6DusMt+hmE0KyMNtpoBsGvtMBhnVTA/Hox7DyYoYTh2b8N7zDSda8
+nfon3Zw1ZvoHXw/0p0kfftdrychilcNjequSF1e0PvWC5TnGF7rRck0BHI0Mg00I
+Nej1od23fhK305jDXk6oJ3VqJg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec
new file mode 100644
index 0000000000..daf75c670f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:revoked
diff --git a/security/manager/ssl/tests/mochitest/browser/some_content.html b/security/manager/ssl/tests/mochitest/browser/some_content.html
new file mode 100644
index 0000000000..f591f32d3d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/some_content.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+<h1>Some Content!</h1>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/browser/some_content_framed.html b/security/manager/ssl/tests/mochitest/browser/some_content_framed.html
new file mode 100644
index 0000000000..8f8194f9e7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/some_content_framed.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+  "use strict";
+
+  let src = document.location.href.replace("https://", "http://");
+  let frame = document.createElement("iframe");
+  frame.setAttribute("id", "frame");
+  frame.setAttribute("src", src);
+  document.body.appendChild(frame);
+</script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem
new file mode 100644
index 0000000000..0ea778c9c3
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUFRaHxC8q2vvr6gyB8AMvtVwPTeYwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowETEPMA0GA1UEAwwGc3NsLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyEwHzAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB0FoJO4EuzTF5o0
+mfFcJV3ORxRDTKUqrcE1cl0S0wcFJ7T8A+XEFnAP/YqxFgFCjbpAtJwxv4P3IOPv
+b6dGhSG9rEHJUnVFoKcHnoajzFnn741J0/i6Lkux2tM/eF0sTnADVxmlklt7848h
+0DWNrRY/NbouJjQy8yxVMIrJLSWR9G0fzXLemieXnVKA7MGXH7cbECC8gWYgsuEP
+pTdJ0r9OsTfgLAoW34RxGFSl/l0gmFuinbbqLVGCUQ6TIeLfn9bmKgMxat+TdT6L
+w5k/S3w1bm69naK1YdTGQVFIO4wrNPHOAUXxrcziMd56oMnXmcuG/Ef9N3zqB5/X
+8Q5H9gE=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec
new file mode 100644
index 0000000000..c4037675f1
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ssl-ee
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem
new file mode 100644
index 0000000000..5154c97ccd
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuzCCAaOgAwIBAgIUBdsczlklj8pHAhNbKaxiu+leXzMwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHdW5rbm93bjAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAZMRcwFQYDVQQDDA51bmtub3duLWlzc3VlcjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkq
+hkiG9w0BAQsFAAOCAQEAFUiE73r6gX+NDLhNvEOHBxSFYVCdvMSJ3WSojaF6JKht
+bXdx1/M/TqC0cKi/m4pNEW/2VVjOyibc3qRb/X+TRcHZz3PaSA5cYRfoJVPyH+k6
+LAkGmeGLlCNYFrtcfu9qQ+/ap2z5XzmrJa76KxEXW/RjR16sfCIfRP7HGJZ3fYsB
+JC91LSzGtIMrqA5K97tolp09cC2cIojNXSlaXwQqVn+2uMQdLMcecFcth1P5Sp02
+rBbzlzCZUl0XVhmAOeEefhak2dnwTG6vRZlbim927/8DzPIEgwmZbvjIrpmYQMZx
+GoVdCCgwSbC/uM8tI+LebrJCXqP0VRiZrc3PMbcUUw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec
new file mode 100644
index 0000000000..c76a4e2c7b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec
@@ -0,0 +1,2 @@
+issuer:unknown
+subject:unknown-issuer
diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem
new file mode 100644
index 0000000000..4f09a837ae
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUJ52B/yodNzE1jqzgJSkNIQMaj1swDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFzEVMBMGA1UEAwwMdW50cnVzdGVkLWNhMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAoZWuIsn8xdiC
+OyqqSA4hpY0wVq6xutUD2WlV8zDLf4by2C8Tno7NMMC1a/+UuQlmfLs1ztb3RPgj
+hJ/24fGuGnP/E71VwrZ/IR2mQBhRdo1ILZeHSDuTKqXGBds5SBHd77NIIMSmbU7w
+dhy6bh6Qbh9WYIoHA5h/QGn5x7+b90I0yzTLPkpEV7/v++VWt6hIU/Xc+TvJ1g8M
+uR9QKz9EQzbuVytTXGUzFaUattCtaPKxikf8xhHqcZypjU7r1FEa/JAqUlYWiEew
+V+7I4IsgpPbOUZoUKU1R/KzHObVKHcmsxBhQ5FYIW8tiXqkFAxp9I4hgAuu9yOB0
+3EV9PsnIrQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec
new file mode 100644
index 0000000000..04f4430574
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:untrusted-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
new file mode 100644
index 0000000000..96c14f4e65
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
@@ -0,0 +1,7 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Access-Control-Allow-Origin", "*");
+  response.write("<html><body>hello!</body></html>");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/backward.html b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
new file mode 100644
index 0000000000..8699a07dda
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <script type="text/javascript">
+  "use strict";
+  window.onload = function()
+  {
+    window.setTimeout(function()
+    {
+      SpecialPowers.wrap(window).docShell
+        .QueryInterface(SpecialPowers.Ci.nsIWebNavigation)
+        .goBack();
+    }, 100);
+  };
+
+  </script>
+</head>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
new file mode 100644
index 0000000000..9d67ba1f92
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
@@ -0,0 +1,11 @@
+/* import-globals-from mixedContentTest.js */
+"use strict";
+
+document.open();
+// eslint-disable-next-line no-unsanitized/method
+document.write("This is insecure XSS script " + document.cookie);
+isSecurityState(
+  "broken",
+  "security broken after document write from unsecure script"
+);
+finish();
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
new file mode 100644
index 0000000000..4bbf9bfe8c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
@@ -0,0 +1,28 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, step 2</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/does_not_exist.css">
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  window.onload = function runTest() {
+    window.setTimeout(function () {
+      window.location =
+        "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html?runtest";
+    }, 0);
+  };
+
+  async function afterNavigationTest()
+  {
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
new file mode 100644
index 0000000000..276c2343fd
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
@@ -0,0 +1,29 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, final step</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "secure page after insecure download and insecure subcontent still secure");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "still secure after back/forward");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
new file mode 100644
index 0000000000..4d2fb7d5ae
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
@@ -0,0 +1 @@
+Temporary file for security/mixedconent tests
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
new file mode 100644
index 0000000000..9c3159e153
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
@@ -0,0 +1,2 @@
+Content-disposition: "attachment"
+Content-type: application/x-auto-download
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
new file mode 100644
index 0000000000..9e34227f00
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
@@ -0,0 +1,6 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  //response.setHeader("Content-type", "image/gif");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
new file mode 100644
index 0000000000..5f78a806b4
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
@@ -0,0 +1,17 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-type", "image/bitmap");
+
+  let bmpheader =
+    "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+  let bmpdatapiece =
+    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+  response.bodyOutputStream.write(bmpheader, 54);
+  // Fill 640*480*3 nulls
+  for (let i = 0; i < (640 * 480 * 3) / 64; ++i) {
+    response.bodyOutputStream.write(bmpdatapiece, 64);
+  }
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
new file mode 100644
index 0000000000..064783e0cb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 1:
+  <script>
+    "use strict";
+    // eslint-disable-next-line no-unsanitized/method
+    document.write(location.href);
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
new file mode 100644
index 0000000000..37fc604ea6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
@@ -0,0 +1,15 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 2:
+  <script>
+    "use strict";
+    // eslint-disable-next-line no-unsanitized/method
+    document.write(location.href);
+  </script>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
new file mode 100644
index 0000000000..6c7a5473cb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
@@ -0,0 +1,8 @@
+<!DOCTYPE HTML>
+<META http-equiv="Refresh"
+      Content="0; URL=http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html">
+<html>
+  <body>
+    Redirecting by meta tag...
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
new file mode 100644
index 0000000000..914391e8f5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
@@ -0,0 +1,9 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader(
+    "Location",
+    "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"
+  );
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
new file mode 100644
index 0000000000..32afc824ea
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
@@ -0,0 +1,9 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader(
+    "Location",
+    "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"
+  );
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
new file mode 100644
index 0000000000..cb966a56d2
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
@@ -0,0 +1,9 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader(
+    "Location",
+    "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg"
+  );
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
new file mode 100644
index 0000000000..d128ce2238
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
@@ -0,0 +1,9 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader(
+    "Location",
+    "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg"
+  );
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
new file mode 100644
index 0000000000..6c300b7fc3
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -0,0 +1,211 @@
+"use strict";
+
+/**
+ * Helper script for mixed content testing. It opens a new top-level window
+ * from a secure origin and '?runtest' query. That tells us to run the test
+ * body, function runTest(). Then we wait for call of finish(). On its first
+ * call it loads helper page 'backward.html' that immediately navigates
+ * back to the test secure test. This checks the bfcache. We got second call
+ * to onload and this time we call afterNavigationTest() function to let the
+ * test check security state after re-navigation back. Then we again wait for
+ * finish() call, that this time finishes completelly the test.
+ */
+
+// Tells the framework if to load the test in an insecure page (http://)
+var loadAsInsecure = false;
+// Set true to bypass the navigation forward/back test
+var bypassNavigationTest = false;
+// Set true to do forward/back navigation over an http:// page, test state leaks
+var navigateToInsecure = false;
+// Open the test in two separate windows, test requests sharing among windows
+var openTwoWindows = false;
+// Override the name of the test page to load, useful e.g. to prevent load
+// of images or other content before the test starts; this is actually
+// a 'redirect' to a different test page.
+var testPage = "";
+// Assign a function to this variable to have a clean up at the end
+var testCleanUp = null;
+// Contains mixed active content that needs to load to run the test
+var hasMixedActiveContent = false;
+
+// Internal variables
+var _windowCount = 0;
+
+window.onload = async function onLoad() {
+  if (location.search == "?runtest") {
+    try {
+      if (history.length == 1) {
+        // Each test that includes this helper file is supposed to define
+        // runTest(). See the top level comment.
+        await runTest(); // eslint-disable-line no-undef
+      } else {
+        // Each test that includes this helper file is supposed to define
+        // afterNavigationTest(). See the top level comment.
+        await afterNavigationTest(); // eslint-disable-line no-undef
+      }
+    } catch (ex) {
+      ok(false, "Exception thrown during test: " + ex);
+      finish();
+    }
+  } else {
+    window.addEventListener("message", onMessageReceived);
+
+    let secureTestLocation = loadAsInsecure
+      ? "http://example.com"
+      : "https://example.com";
+    secureTestLocation += location.pathname;
+    if (testPage != "") {
+      let array = secureTestLocation.split("/");
+      array.pop();
+      array.push(testPage);
+      secureTestLocation = array.join("/");
+    }
+    secureTestLocation += "?runtest";
+
+    if (hasMixedActiveContent) {
+      SpecialPowers.pushPrefEnv(
+        { set: [["security.mixed_content.block_active_content", false]] },
+        null
+      );
+    }
+    if (openTwoWindows) {
+      _windowCount = 2;
+      window.open(secureTestLocation, "_new1", "");
+      window.open(secureTestLocation, "_new2", "");
+    } else {
+      _windowCount = 1;
+      window.open(secureTestLocation);
+    }
+  }
+};
+
+function onMessageReceived(event) {
+  switch (event.data) {
+    // Indication of all test parts finish (from any of the frames)
+    case "done":
+      if (--_windowCount == 0) {
+        if (testCleanUp) {
+          testCleanUp();
+        }
+        if (hasMixedActiveContent) {
+          SpecialPowers.popPrefEnv(null);
+        }
+
+        SimpleTest.finish();
+      }
+      break;
+
+    // Any other message is an error or success message of a test.
+    default:
+      SimpleTest.ok(!event.data.match(/^FAILURE/), event.data);
+      break;
+  }
+}
+
+function postMsg(message) {
+  opener.postMessage(message, "http://mochi.test:8888");
+}
+
+function finish() {
+  if (history.length == 1 && !bypassNavigationTest) {
+    window.setTimeout(() => {
+      window.location.assign(
+        navigateToInsecure
+          ? "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html"
+          : "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html"
+      );
+    }, 0);
+  } else {
+    postMsg("done");
+    window.close();
+  }
+}
+
+function ok(a, message) {
+  if (!a) {
+    postMsg("FAILURE: " + message);
+  } else {
+    postMsg(message);
+  }
+}
+
+function is(a, b, message) {
+  if (a != b) {
+    postMsg(`FAILURE: ${message}, expected ${b} got ${a}`);
+  } else {
+    postMsg(`${message}, expected ${b} got ${a}`);
+  }
+}
+
+async function isSecurityState(expectedState, message, test) {
+  if (!test) {
+    test = ok;
+  }
+
+  let state = await SpecialPowers.getSecurityState(window);
+
+  let isInsecure =
+    state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE;
+  let isBroken =
+    state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN;
+  let isEV =
+    state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL;
+
+  let gotState = "secure";
+  if (isInsecure) {
+    gotState = "insecure";
+  } else if (isBroken) {
+    gotState = "broken";
+  } else if (isEV) {
+    gotState = "EV";
+  }
+
+  test(
+    gotState == expectedState,
+    (message || "") + ", expected " + expectedState + " got " + gotState
+  );
+
+  switch (expectedState) {
+    case "insecure":
+      test(
+        isInsecure && !isBroken && !isEV,
+        "for 'insecure' excpected flags [1,0,0], " + (message || "")
+      );
+      break;
+    case "broken":
+      test(
+        !isInsecure && isBroken && !isEV,
+        "for 'broken' expected  flags [0,1,0], " + (message || "")
+      );
+      break;
+    case "secure":
+      test(
+        !isInsecure && !isBroken && !isEV,
+        "for 'secure' expected flags [0,0,0], " + (message || "")
+      );
+      break;
+    case "EV":
+      test(
+        !isInsecure && !isBroken && isEV,
+        "for 'EV' expected flags [0,0,1], " + (message || "")
+      );
+      break;
+    default:
+      throw new Error("Invalid isSecurityState state");
+  }
+}
+
+function waitForSecurityState(expectedState, callback) {
+  let roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
+  let interval = window.setInterval(async () => {
+    await isSecurityState(expectedState, "", isok => {
+      if (isok) {
+        roundsLeft = 0;
+      }
+    });
+    if (!roundsLeft--) {
+      window.clearInterval(interval);
+      callback();
+    }
+  }, 100);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
new file mode 100644
index 0000000000..ec68371093
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
@@ -0,0 +1,70 @@
+[DEFAULT]
+# Disable for Http/3 since Http/3 tests require to run with https.
+skip-if =
+  http3
+prefs =
+  security.mixed_content.upgrade_display_content=false
+  dom.security.https_first=false
+support-files =
+  alloworigin.sjs
+  backward.html
+  bug329869.js
+  bug383369step2.html
+  bug383369step3.html
+  download.auto
+  download.auto^headers^
+  emptyimage.sjs
+  hugebmp.sjs
+  iframe.html
+  iframe2.html
+  iframeMetaRedirect.html
+  iframesecredirect.sjs
+  iframeunsecredirect.sjs
+  imgsecredirect.sjs
+  imgunsecredirect.sjs
+  mixedContentTest.js
+  moonsurface.jpg
+  nocontent.sjs
+  redirecttoemptyimage.sjs
+  somestyle.css
+  unsecureIframe.html
+  unsecurePictureDup.html
+
+[test_bug329869.html]
+[test_bug383369.html]
+skip-if = toolkit == 'android'
+[test_bug455367.html]
+[test_bug472986.html]
+[test_bug477118.html]
+[test_bug521461.html]
+[test_cssBefore1.html]
+[test_cssContent1.html]
+[test_cssContent2.html]
+[test_documentWrite1.html]
+[test_documentWrite2.html]
+[test_dynDelayedUnsecurePicture.html]
+[test_dynDelayedUnsecureXHR.html]
+[test_dynUnsecureBackground.html]
+[test_dynUnsecureIframeRedirect.html]
+[test_dynUnsecurePicture.html]
+[test_dynUnsecurePicturePreload.html]
+[test_dynUnsecureRedirect.html]
+disabled=intermitently fails, quite often, bug 487402
+[test_innerHtmlDelayedUnsecurePicture.html]
+[test_innerHtmlUnsecurePicture.html]
+[test_javascriptPicture.html]
+[test_secureAll.html]
+[test_securePicture.html]
+[test_unsecureBackground.html]
+[test_unsecureCSS.html]
+[test_unsecureIframe.html]
+[test_unsecureIframe2.html]
+skip-if =
+  fission && os == "android" # Bug 1827330
+[test_unsecureIframeMetaRedirect.html]
+disabled=intermittently fails, less often, bug 487632
+[test_unsecureIframeRedirect.html]
+[test_unsecurePicture.html]
+[test_unsecurePictureDup.html]
+[test_unsecurePictureInIframe.html]
+[test_unsecureRedirect.html]
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
new file mode 100644
index 0000000000..c0ffca256a
Binary files /dev/null and b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg differ
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moz.build b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
new file mode 100644
index 0000000000..7c990fbc62
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
@@ -0,0 +1,7 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ["mochitest.ini"]
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
new file mode 100644
index 0000000000..d5d65cf8a4
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
@@ -0,0 +1,5 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 204, "No Content");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
new file mode 100644
index 0000000000..98ed0a2f52
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
@@ -0,0 +1,9 @@
+"use strict";
+
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader(
+    "Location",
+    "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs"
+  );
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
new file mode 100644
index 0000000000..9867e3c41e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
@@ -0,0 +1,4 @@
+body
+{
+  background-color: lightBlue;
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
new file mode 100644
index 0000000000..ccb9a8d9cf
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>dymanic script load</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    window.setTimeout(function () {
+      let newElement = document.createElement("script");
+      newElement.src = "http://example.org/tests/security/manager/ssl/tests/" +
+                       "mochitest/mixedcontent/bug329869.js";
+      document.body.appendChild(newElement);
+    }, 0);
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "when we navigate back, we're loading our secure page again and not loading an insecure script, so our security state is secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
new file mode 100644
index 0000000000..8341f83744
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // We want to start this test from an insecure context
+  loadAsInsecure = true;
+  // We don't want to go through the navigation back/forward test
+  bypassNavigationTest = true;
+
+  async function runTest() {
+    let script = SpecialPowers.loadChromeScript(function() {
+      /* eslint-env mozilla/chrome-script */
+      // Force download to be w/o user assistance for our testing mime type
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+      handlerInfo.preferredAction = Ci.nsIHandlerInfo.saveToDisk;
+      handlerInfo.alwaysAskBeforeHandling = false;
+      handlerInfo.preferredApplicationHandler = null;
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.store(handlerInfo);
+
+      let profileDir = Services.dirsvc.get("ProfDS", Ci.nsIFile);
+      profileDir.append("downloads");
+
+      let prefBranch = Services.prefs.getBranch("browser.download.");
+
+      prefBranch.setCharPref("dir", profileDir.path);
+      prefBranch.setBoolPref("useDownloadDir", true);
+      prefBranch.setIntPref("folderList", 2);
+
+      const { Downloads } =
+        ChromeUtils.import("resource://gre/modules/Downloads.jsm");
+      Downloads.getList(Downloads.PUBLIC).then(list => {
+        list.addView({
+          onDownloadAdded(aDownload) {
+            list.removeView(this);
+            aDownload.whenSucceeded().then(() => {
+              list.removeFinished();
+              sendAsyncMessage("navigate", "bug383369step2.html");
+            });
+          },
+        });
+        sendAsyncMessage("navigate", "download.auto");
+      }).catch(console.error);
+    });
+    script.addMessageListener("navigate", function(url) {
+      window.location = url;
+    });
+  }
+
+  async function afterNavigationTest() {}
+
+  testCleanUp = function cleanup() {
+    SpecialPowers.loadChromeScript(function() {
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.remove(handlerInfo);
+
+      let prefBranch = Services.prefs.getBranch("browser.download.");
+
+      const prefKeys = ["dir", "useDownloadDir", "folderList"];
+      for (let prefKey of prefKeys) {
+        if (prefBranch.prefHasUserValue(prefKey)) {
+          prefBranch.clearUserPref(prefKey);
+        }
+      }
+    });
+  };
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
new file mode 100644
index 0000000000..d2ad64c454
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>No content image doesn't break security</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    SpecialPowers.pushPrefEnv(
+      {"set": [["security.mixed_content.upgrade_display_content", false]]},
+      null);
+    await isSecurityState("broken", "broken");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
new file mode 100644
index 0000000000..bd55a600ca
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src replace</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  SimpleTest.expectAssertions(0, 4);
+
+  // Clear the default onload assigned to test start because we must
+  // wait for replaced image to load and only after that test the security state
+  var onLoadFunction = window.onload;
+  window.onload = function()
+  {
+    let img1 = document.getElementById("img1");
+    img1.addEventListener("load", onLoadFunction);
+    img1.src = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+  };
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "secure");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="img1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
new file mode 100644
index 0000000000..90932790f0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 477118</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "data <img> doesn't break security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "still secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1wAADdcBQiibeAAAAAd0SU1FB9kBDxIAOdxBIbcAAAI+SURBVDjLxZO7TxRhFMV/M/PN7EPYhS02yytggo+ERAgxERsNhYnGzsQojaHT3r9F0cTaUjs6NUQLBRKDi4I8FEwkLMgO+5rdeX3XAoVYiZWnP797cu69Bv8gqZ+0QTqIdRpl1VHGvnV884CJwQgwicVtoB/ku/H4ycOnURgP/Q1g21Fw4+r0RjbbNmaq4ayO35UkXp9S2UzHxK2bE4QNl82FVwD0D49jn+hERBCRgwTiIX7pvGUGYF/BlO327d3ENfV7wuL0AyjPICIsfPvAmev3qdVqlMtlCoUCGxurDPT1kEnPomQKkRTFpXOjh4DN4kvGLuSJ/JC38y/ouXyXYrGIiBDHMVtbu1SrvXTlbfp6HcQcoVwp5hRAaWedPXFYfL+E1lAKswSRy+joKEEQICLkcjm01hiGgRcksW0b4SMKYHb+OSt6ma+VffxWRF3S5OeeMX7pHkqpwy5EBK31H90ogFODF1lbm8OtlEhloDORpbdnhDAMaTabhwbbtkkkEkRRhGVZR4BCfojJO4+o1VwQAItEIolpmliWRVtbG7s/dlDKotGo47U8CvkuAEwA3/eJoxhE0WyGuO4+nucRBAHVahXDMKg3agRhQBAGVKsVtNZHCRzHwTAMcrnc0eX9it3e3g7A6cGzhx0AKHWwQOV5jdXXb2ZOaa3BOP5ffF5ZptVqflG+3xpbWv5kh2FolEo7dnmv7Lium6zXG0nf95MiguM4QTqd9jPZTCvX2eF393QHqVRKZ7KZkP+unzPGLX8Jr7F8AAAAAElFTkSuQmCC" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
new file mode 100644
index 0000000000..59085a5ec4
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 521461</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  loadAsInsecure = true;
+
+  async function runTest()
+  {
+    window.location = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs";
+    window.setTimeout(async () => {
+      await isSecurityState("insecure", "location.href doesn't effect the security state");
+      is(document.body.innerHTML, "This is an unsecure page!\n", "Document has not changed content");
+      finish();
+    }, 1000);
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("insecure", "still not secure after navigation");
+    is(document.body.innerHTML, "This is an unsecure page!\n", "Document has not changed content");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>This is an unsecure page!</body></html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
new file mode 100644
index 0000000000..98cee1bb53
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS :before styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+  <style type="text/css">
+    p:before
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p>
+    There is a moon surface left to this text
+  </p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
new file mode 100644
index 0000000000..5c5019ca78
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
@@ -0,0 +1,41 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <style type="text/css">
+    p
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
new file mode 100644
index 0000000000..19e5784334
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 2</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  if (navigator.platform.startsWith("Mac")) {
+    SimpleTest.expectAssertions(0, 1);
+  }
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.getElementById("para").style.content =
+      "url('http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg')";
+
+    waitForSecurityState("broken", async () =>
+    {
+      await isSecurityState("broken", "insecure content added by styling breaks security");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("para").style.content, "");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p id="para"></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
new file mode 100644
index 0000000000..90eca5bcdb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<img src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> written dynamically breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  document.write(
+    "<img src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
new file mode 100644
index 0000000000..e009fd4f54
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<iframe src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure iframe written dynamically breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  document.write(
+    "<iframe src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html'></iframe>");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
new file mode 100644
index 0000000000..514902d047
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    window.setTimeout(function() {
+      // Don't do this synchronously from onload handler
+      document.getElementById("image1").src =
+        "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+    }, 0);
+
+    waitForSecurityState("broken", async () =>
+    {
+      await isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
new file mode 100644
index 0000000000..d9a8cc8af7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>unsecure XHR test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    window.setTimeout(async () => {
+      try {
+        let req = new XMLHttpRequest();
+        req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
+        req.send(null);
+
+        // Change should be immediate, the request was sent synchronously
+        await isSecurityState("broken", "security broken after insecure XHR");
+      } catch (ex) {
+        ok(false, ex);
+      }
+
+      finish();
+    }, 0);
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
new file mode 100644
index 0000000000..fd66b21a64
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>body.background changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.body.background =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    waitForSecurityState("broken", async () => {
+      await isSecurityState("broken", "document.body.background='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.body.background,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "document backround secure again");
+    await isSecurityState("secure", "secure after re-navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
new file mode 100644
index 0000000000..8934de4b79
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>iframe.src changes to unsecure redirect test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    let self = window;
+    let iframe = document.getElementById("iframe1");
+    iframe.onload = async () => {
+      await self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      self.finish();
+    };
+
+    iframe.src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs";
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe id="iframe1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
new file mode 100644
index 0000000000..5ef5a28b2c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.getElementById("image1").src =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    window.setTimeout(async () => {
+      await isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
new file mode 100644
index 0000000000..d8506e8cc5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  (new Image()).src =
+    "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "(new Image()).src='http://...' changed to broken");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
new file mode 100644
index 0000000000..a73c7f8619
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure redirect test</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+    document.getElementById("image1").src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs";
+
+    window.setTimeout(async () => {
+      await isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    await isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
new file mode 100644
index 0000000000..45bf140384
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+
+    window.setTimeout(function () {
+      document.getElementById("buddy").innerHTML =
+        "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+    }, 1);
+
+    waitForSecurityState("broken", async () => {
+      await isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    });
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "\n", "innerHTML back to previous");
+    await isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
new file mode 100644
index 0000000000..d8b3e5f6e0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+  SimpleTest.requestFlakyTimeout("Timeout in mixedContentTest");
+
+  async function runTest()
+  {
+    await isSecurityState("secure");
+
+    document.getElementById("buddy").innerHTML =
+      "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+
+    window.setTimeout(async () => {
+      await isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "\n", "innerHTML back to previous");
+    await isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
new file mode 100644
index 0000000000..66a28ce74e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "javascript: <img> should not break security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "Still secure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="javascript:'Random data'" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
new file mode 100644
index 0000000000..efd754dd58
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>All secure anti-regression check</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // Navigation test goes over an insecure page, test state leak
+  navigateToInsecure = true;
+
+  async function runTest()
+  {
+    await isSecurityState("secure", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("secure", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs" />
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
new file mode 100644
index 0000000000..961713a2da
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  loadAsInsecure = true;
+
+  async function runTest()
+  {
+    await isSecurityState("insecure", "left insecure");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("insecure", "left insecure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
new file mode 100644
index 0000000000..02fdb29d41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>background unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "security broken");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
new file mode 100644
index 0000000000..c775347e72
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure css load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
new file mode 100644
index 0000000000..291ce3747e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
new file mode 100644
index 0000000000..8f49ecda51
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
new file mode 100644
index 0000000000..4eebbf5b22
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    window.setTimeout(async () =>
+    {
+      await isSecurityState("broken", "insecure meta-tag <iframe> load breaks security");
+      finish();
+    }, 500);
+  }
+
+  async function afterNavigationTest()
+  {
+    window.setTimeout(async () =>
+    {
+      await isSecurityState("broken", "security still broken after navigation");
+      finish();
+    }, 500);
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
new file mode 100644
index 0000000000..12a4233494
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
new file mode 100644
index 0000000000..3c19811db9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
new file mode 100644
index 0000000000..81ed58ffde
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  openTwoWindows = true;
+  testPage = "unsecurePictureDup.html";
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
new file mode 100644
index 0000000000..21bcf5f810
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img in iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> in an <iframe> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
new file mode 100644
index 0000000000..82611ff3fe
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Redirect from secure to unsecure img</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
new file mode 100644
index 0000000000..2282677418
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
new file mode 100644
index 0000000000..7ce3701620
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  async function runTest()
+  {
+    await isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  async function afterNavigationTest()
+  {
+    await isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/moz.build b/security/manager/ssl/tests/mochitest/moz.build
new file mode 100644
index 0000000000..ddb344c83c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/moz.build
@@ -0,0 +1,10 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TEST_DIRS += [
+    "browser",
+    "mixedcontent",
+]
diff --git a/security/manager/ssl/tests/moz.build b/security/manager/ssl/tests/moz.build
new file mode 100644
index 0000000000..d39ca0ff17
--- /dev/null
+++ b/security/manager/ssl/tests/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ["unit"]
+
+TEST_DIRS += [
+    "gtest",
+    "mochitest",
+]
+
+XPCSHELL_TESTS_MANIFESTS += ["unit/xpcshell.ini"]
+
+if not CONFIG["MOZ_NO_SMART_CARDS"]:
+    XPCSHELL_TESTS_MANIFESTS += ["unit/xpcshell-smartcards.ini"]
diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem
new file mode 100644
index 0000000000..0887f60558
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAdCgAwIBAgIUAyI54Ss40HvhJFymYwne7lBQZJ8wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAmMSQwIgYDVQQDDBtFRSB3aXRoIGJhZCBzdWJqZWN0QWx0TmFt
+ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjHjAcMBoGA1UdEQQTMBGCDyouKi5leGFtcGxlLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAMOjSTR1Tmp4baReRr6pvdH+HucpdIf5ZtH7Vn3h5e+Iuq9OO
+Ugq9qquo3sR1IAIAsCxWA/HHZMQOU5X1BxmC5+CXMfHmC/+1vLsxjZozhizKzpMh
+vtuJ33lgrwL30aTkF2IAPmqwu4akPFRdFGUtCL2LHeNGrO5UWQLDv7eDI8btkkm7
+AjV4u9y2/1W5um4KTQHWFzyl0iz1P5x/2MymBeiM4khRbQbfl8DmW6COLbhvPDEg
+YPL4ibjmMwOuOUgZ6bCw5Ck/cR7Yz7vVIOMC21d7elqJKfQ5tg62ZGs3r7L+Ir5o
+461gJUgzKhxT4MUQsLSCtKzSab9Rjg3pwfmHvQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
new file mode 100644
index 0000000000..1b368c26f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:EE with bad subjectAltNames
+extension:subjectAlternativeName:*.*.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem
new file mode 100644
index 0000000000..9faffde6d6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAhOgAwIBAgIUPU/rVUoMybyCeEAWx++fMAuZ6k0wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8xOTQ2MDIxNDAwMDAwMFoYDzIwMzEw
+MTAxMDAwMDAwWjAsMSowKAYDVQQDDCFCZWZvcmUgVU5JWCBFcG9jaCBUZXN0IEVu
+ZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjWzBZMCMGA1UdEQQcMBqCGGJlZm9yZS1lcG9jaC5leGFt
+cGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2Nh
+bGhvc3Q6ODg4OC8wDQYJKoZIhvcNAQELBQADggEBALocgfctX/9NDtkQ7zAkGl14
+UXkXBCq7vn5fKss2bCG7D6M/+Q4ZJ64/QXGK96tKqdJctiyIN3KArnk4/pWfYCQG
+DgIHXFAgbKUQU0uiGmPwbPQnYq8la6VEarMrzWnGhqVPG1wsqiO1cnecycvm2W7W
+9n7qvw3s2Gf0WZIQKqpNmuhouboeiK1xFxryLWiNaG087WPHb71e1C+1enVb/hJN
+E1KD7dBtBh0sOC6bOFdc4BzhDHnDzPSznSqouotHf5U8YniKoPcDCml544msKwP8
+LCj3tG1VdMxL+p83ETDHG6GLUY20R0E6WJJfvfZ3hdxRUKgaAs+diT3xYXXYqTA=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
new file mode 100644
index 0000000000..ac97b2231a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Before UNIX Epoch Test End-entity
+validity:19460214-20310101
+extension:subjectAlternativeName:before-epoch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem
new file mode 100644
index 0000000000..6cdfa86a25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdegAwIBAgIUL5tQyA2FR4V3eMcfGyWTxS4vmp0wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8xOTQ2MDIxNDAwMDAwMFoYDzIwMzEw
+MTAxMDAwMDAwWjAuMSwwKgYDVQQDDCNCZWZvcmUgVU5JWCBFcG9jaCBUZXN0IElu
+dGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAGDlMbdxc1BHrn6l1svyskkHx68lSeTGVucIpClu
+mJIT3rsTR5swYuyvrWe/gqkVqGRv2gIpMUYAJoHWjF4fRyWkIjJz5JnSP5qxFKKk
+NFrjXFpGSqxJGtuMUNNGk7P30RLje5aE00bqrZHokfrokzChC3G3QJPOwvJtP1Gk
+wldQ8AeoHu/u3oEB3caoC1QpFfgF5kunNETSIxX5bTmsjTSSJnJjnf46FQdbOWUh
+P5Qkr6ZNK4ZAOIm+PRRyJ44JiHab+up/cEs17/T5dNcnHCy4TYXquNKwOe35qakm
+iexwhKycaAEM0TcTI1OA5K4tCwFvaiOr4eTzxN28Cemd89E=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
new file mode 100644
index 0000000000..835e63f2b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Before UNIX Epoch Test Intermediate
+validity:19460214-20310101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem
new file mode 100644
index 0000000000..3c00353a49
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIUGeo1nKP85zWT0JhJqZ5K3WQBKx0wDQYJKoZIhvcNAQEL
+BQAwLjEsMCoGA1UEAwwjQmVmb3JlIFVOSVggRXBvY2ggVGVzdCBJbnRlcm1lZGlh
+dGUwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowODE2MDQGA1UE
+AwwtVGVzdCBFbmQtZW50aXR5IHdpdGggQmVmb3JlIFVOSVggRXBvY2ggaXNzdWVy
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABo2IwYDAqBgNVHREEIzAhgh9iZWZvcmUtZXBvY2gtaXNzdWVyLmV4YW1w
+bGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2Fs
+aG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAb3Nv1Hxi4XlvI6yMMgFGEKiU
+gWk9TLQgIkjXbVlyfxhNrJs8WcY1V56sIC8EoBaCsMEgh3htvAhkVJ9v6HEZqgP8
+lwtUpta8sniuMRogVPehIIU53HB0Fp2LzoEQB0UzS7mD0LNCubK0BPMsNdT+LwSQ
+1sA7df8nQVdmLbcoFchQ1CaaSzyf8aFEWNuBiUF46j9BvcQykG8BhpDJ3+lV/Wl7
+wEXaFsW+/cEb0XBLQS/N+2B43+7EZQ9ZVOr1834V+d5jAFOHpyYfjVCySBd+VrRi
+NXq0j86M0RrhKYUzYNQ+bj5NIqHVG+TNYFc7TX6sqGW8S5HJ0v4/bYe33SuTdw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
new file mode 100644
index 0000000000..9aabe21628
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Before UNIX Epoch Test Intermediate
+subject:Test End-entity with Before UNIX Epoch issuer
+extension:subjectAlternativeName:before-epoch-issuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem
new file mode 100644
index 0000000000..69972591d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUCfV2HIsCkOeqHcXdhZf6ejBahIswDQYJKoZIhvcNAQEL
+BQAwODE2MDQGA1UEAwwtU2VsZi1TaWduZWQgQmVmb3JlIFVOSVggRXBvY2ggVGVz
+dCBFbmQtRW50aXR5MCIYDzE5NDYwMjE0MDAwMDAwWhgPMjAzMTAxMDEwMDAwMDBa
+MDgxNjA0BgNVBAMMLVNlbGYtU2lnbmVkIEJlZm9yZSBVTklYIEVwb2NoIFRlc3Qg
+RW5kLUVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMzMDEwLwYDVR0RBCgwJoIkYmVmb3JlLWVwb2NoLXNl
+bGYtc2lnbmVkLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBCrP9yopCm
+BJSG6MIq3olV8meoQ2wIrCm2i1Ob2BI3JXW9CSjtnklmQaXzyEY6EnH7K/qzHMbz
+prbtiM+e0GjwwYNDAe3Ad1kUjDUSVnMAYmtTJOYxhmGYztkmM2xkz9Tvn+M4U35A
+GXimG82MDslBvDINDCPvwWsjst8oMwDAezpxZP2zZ/BrXbyUvOfCqyWQrRTNfSmF
+Aub2UQBdjSCgwY5RpzJ2ib5IWmVm3vPQmhM69FwI3WzWsbOb6MYdyPpnVnlN626l
+AwLjoaSP3F/lSgPzDqVKgx6rjqkYANPGaLLXdRH3ynJlxuW9JlamyuEypPIA0+Ml
+rvaprkFh5rXU
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem.certspec
new file mode 100644
index 0000000000..579e85e496
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochSelfSigned.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Self-Signed Before UNIX Epoch Test End-Entity
+subject:Self-Signed Before UNIX Epoch Test End-Entity
+validity:19460214-20310101
+extension:subjectAlternativeName:before-epoch-self-signed.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem
new file mode 100644
index 0000000000..354741fc50
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUAywOkzxiH/uWcwxb85Yy3OI46WgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAvMS0wKwYDVQQDDCRUZXN0IEludGVybWVkaWF0ZSB1c2VkIGFz
+IEVuZC1FbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjcjBwMAwGA1UdEwQFMAMBAf8wMgYIKwYBBQUHAQEE
+JjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMCwGA1UdEQQl
+MCOCIWNhLXVzZWQtYXMtZW5kLWVudGl0eS5leGFtcGxlLmNvbTANBgkqhkiG9w0B
+AQsFAAOCAQEAN+g9N3uhls8y70fGORVEyYVjBmMCFeQz3DQw3u1J7+aHe6efygSP
+OKPXW3SbHSxlPFIsicVSHO3sso3zUGoedMw0KSyni4tR4yQ9jllrqijVCWorqRbU
+tlseF5hfw7DsKcl6jGA5UN0Aiq9SwKArdkRL+0Ykk0a/rxMEiOjf/Ao3ImfJnsCa
+frDKqziMWOmQtxrVTabpgRqCd1gtTg4cCsy7Yto8v4Gn1N/EL8FAXGWOieWDQ2Iv
+UFd9p0eTReBbRNC/QuZa7nEEAh4JO+JCAW4rHI6+beSPCT+lFQbF8sAJYSMGf0lb
+LAwyUGAPPLRx+SweIClb4EO+iVAFuR0Tug==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
new file mode 100644
index 0000000000..8e16705b50
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate used as End-Entity
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:ca-used-as-end-entity.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key b/security/manager/ssl/tests/unit/bad_certs/default-ee.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem
new file mode 100644
index 0000000000..5dc7cf4ef8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUOYwND1zpte36abEsvdvudfnxjHgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcow
+gccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tghUqLnBp
+bm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu
+ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQBr5H7lb24bMQYGDFY5qeMDNcti
+AI4rI7Nu0aMvZtDcxqHkIg/a7nr7WeQc3gCg8mUJ6xvreXxRswrudZzjjsGiTbym
+qjEz7HYrbvdWh5bLtdL7aoP1KmFD722guwdXVYQ7tx65oHroH+UCU28VT/+WzsHc
+5OjBqZvR928aWEXwIen9lhdk/5Rq2IrFqCTuUrNR5aiP6gJZoy4nIh3IFIxqWzsm
+lOjqvzSQIuo+gLN7oduafrwetpp8ywSrDVTtp9yckIHuW8css+OZLfqbFPMSFRJo
+Qee+FhxaGgDoRGk8oVGYyTJYUPIReZa5dtNPKs1JQvdqhIeUwA3GnJBTFCan
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
new file mode 100644
index 0000000000..554339ff52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem b/security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem
new file mode 100644
index 0000000000..729808a76c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUI58z0zygvl7soKf2Z7nS20tb80cwDQYJKoZIhvcNAQEL
+BQAwHzEdMBsGA1UEAwwUTWlzc2luZyBJbnRlcm1lZGlhdGUwIhgPMjAyMTExMjcw
+MDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowJzElMCMGA1UEAwwcZWUtZnJvbS1taXNz
+aW5nLWludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMnMCUwIwYDVR0RBBwwGoIJbG9jYWxob3N0
+gg0qLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAIik8evPkL8v8lNHey
+GnsO5D21ZoBASKz5RQSiVrIUznEBnRpWSBUDbgIZWQCiP1TZBBpa9F2B6rA9VLM7
+HyetiyL2vEra2t9jH0zrHp0L+azwy1Keog2vFcuBmLEI9zOKvSyCLCAeQ0OlI6iS
+wlNbbauU+UaPVffNk7g8yjM0SScktdA1Ve4/Dwu8OqJZ2XX+gb9pRlowFz4btCBL
+Fo//5sz9CcagJN7c+Rpk2kOvomHe1pgnioNHYQmj6viGXN8AS7dPDXi8z08uxgJ/
+kCSUZeoZLVwRReEGCjhDOiLgCRx+/2mzs/xjuM+43g1hWfj7cce6iR4nfMRWAhsZ
+3WRx
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem.certspec
new file mode 100644
index 0000000000..48bb1c6e4a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ee-from-missing-intermediate.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Missing Intermediate
+subject:ee-from-missing-intermediate
+extension:subjectAlternativeName:localhost,*.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem b/security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem
new file mode 100644
index 0000000000..141c88fe42
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiagAwIBAgIUDUVlzgTWxF+qWP8tpQ3tfmThWikwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjArMSkwJwYDVQQDEyBJbW1pbmVudGx5IERpc3RydXN0ZWQgRW5k
+IEVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaNvMG0wNwYDVR0RBDAwLoIJbG9jYWxob3N0giFpbW1pbmVu
+dGx5LWRpc3RydXN0ZWQuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsG
+AQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IB
+AQAA9rWfwMwc5IIktzvNVAv67CAKcvNoxxuik5vnQk51qglv/k+buamFEpW5nPxS
+Rp8g6TL6Bqppgk4txyLa6+ffbNYoTrMNs29Tj8TjTohvrahYGN4rusXEAmAz7dNj
+hY3nPDVOXG3u90iYHIJOwr/5xlSfjUFFVRBEO0ypt2qaTtbXBbP8JbNiYDFkRVbc
+QGlnq5QiZCzaAQPDG7bOZp4U2ZObu0Vc2jrKfHL1K4Z1tlZdeYJ5M810dEO9GAyj
+TwSRtbiSosWfRjxTH7AyfMn7OGTjoTPukYilLusCmpXy7NI+DOFLDicrNZP4uZ+B
+pG67V1YevJXG5D0nKoAFKNOX
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem.certspec
new file mode 100644
index 0000000000..dd8c6707ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ee-imminently-distrusted.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:printableString/CN=Imminently Distrusted End Entity
+extension:subjectAlternativeName:localhost,imminently-distrusted.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem
new file mode 100644
index 0000000000..04c4f9f167
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAg2gAwIBAgIUY+eX/gQmQBSMBZI1NjyBEpmUFYEwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME0VFIElzc3VlZCBieSBub24t
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjWzBZMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNv
+bTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6
+ODg4OC8wDQYJKoZIhvcNAQELBQADggEBAGG1ldwhUiaY+jVOyDZyQxN2tFCN3TOh
+14tkKxzbx7o2awiLgNtOHAXMyb/6qwT+ktHwxtdA97wJGTYXMcAqAsD7ZtigINe3
+f63d/7uC7Ns7gnw++IFxGbjX7/cJSZMaqg35xMxcWtgt7pb7epXttz7hi2AD2LWu
+jXwCQEVdoPmdOqMVvE4yg6VweKqepOKUoK4hrv8JUWRVT3mhGU53MZhCKNkQ+MiR
+p/ECWX2XGtDKxp5KPYpmInYS2GN5XOpC/KhRAbssT4az0dgRNk1kFHsHUDd1xzq6
+BYhw+Bz+5poWVcf0IUsqjtYt/lOc+1LxXWF6vg443ARf1FXP6TEvLHs=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
new file mode 100644
index 0000000000..63c36d34b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test End-entity
+subject:EE Issued by non-CA
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem
new file mode 100644
index 0000000000..b1eedea530
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdKgAwIBAgIUM7VyNhRBbWRLG2FoCiuqSMtzfOowDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVjEgQ2VydDAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRFRSBJc3N1ZWQgYnkgVjEgQ2VydDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaMnMCUwIwYDVR0RBBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMA0GCSqG
+SIb3DQEBCwUAA4IBAQAXC7B3o4sVsRB3uopTCMVOxj/Doueqkh0u0QGSzB5JaA1L
+ncJd8RNqfKpkwsSGF10ljmqYVU8yS2qWmswAIVU6tpGLMwqBgjqdpHtVUn/SLA3u
+p67uFwvkj+k0nM9g/y1Uy5P2wnsq0FzAklApWVM2ePsCtDPEQ2M5tVggGYeHicEy
+olOOWo28j1otCzACCJc11kBw80WmfGYl+/WUKWqHF3Mv4cBVJ53BRNm+ZTvzwBmK
+wMulP4DX0NMNeS8vQkL3GBlBpGXDsz5yOkYizib/M+U1zalW7WYoSdmUT477iSFu
+0NmUMXeRal7v+izGEVftwHFIRw2U80y9sCz7855c
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
new file mode 100644
index 0000000000..9ed9b33db7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
@@ -0,0 +1,3 @@
+issuer:V1 Cert
+subject:EE Issued by V1 Cert
+extension:subjectAlternativeName:localhost,*.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem
new file mode 100644
index 0000000000..da9948c82e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIUB4Wp0b3lv9F9ib3AeTvgSe1ehCIwDQYJKoZIhvcNAQEL
+BQAwADAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAtMSswKQYD
+VQQDDCJFbmQgZW50aXR5IHNpZ25lZCBieSBlbXB0eSBuYW1lIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyow
+KDAmBgNVHREEHzAdghtlbXB0eWlzc3Vlcm5hbWUuZXhhbXBsZS5jb20wDQYJKoZI
+hvcNAQELBQADggEBAG7JkRGPBAyJMbMMYaHXWDUUxiJOc4yIPC7ykNhhHGpjD+Y5
+zTwxsasl1bmwfu7CY0Lv0dAwGLUkZvoEvKV/PH4NtFN8XVauT/Yq0Zc3ZaADUUFV
+w2+HfFDIotGhLY1AFKqf4OCLzam5raYseTk5ogUu68ImPtxCC5HgE+EUpbfQurB7
+GQnxvXgfDPoBVYM8DKGAhkNJrhtO3naOH3181Au8fnYmaqvQeC7uXMPqph4pUZgl
+i2wUpg1z5XeAEAZhs5qBfR7YvKrDh13cud94rSeoEEr7hSIOUfkXuxX4dLMDmjci
+FqXlePARPBXNCbmdivysrKCZXocOS1aQiCOQHBo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec
new file mode 100644
index 0000000000..a99d84b79e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec
@@ -0,0 +1,3 @@
+issuer:
+subject:End entity signed by empty name CA
+extension:subjectAlternativeName:emptyissuername.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem
new file mode 100644
index 0000000000..7d4afb1d35
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAamgAwIBAgIUfQaeKSLdERUr8AYc1REkbyViS6QwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB
+BjANBgkqhkiG9w0BAQsFAAOCAQEAnOQhNmRo+447vTeC4BzE03fSjmfV7RegozrU
+ZHYOJzetUmNeOYZ2hJfgRA6ZBWbI67iCKfazjVP7aWg0yAOD/0Zua6jkkXB4plAi
+O23XuUj3ZHMIRw//cuol7Aaiv4zkBQYCt6xJqnT/aXby6EANPqbMeO8GpemeZvfv
+Q5VIeDN+1gTiinDQO84HELHqmefZkrSuafNzdWn9AlgciWPviAqhSdTpdjlKAHHJ
+DP7dZ+vr94Z6stGkd74H6OqeGAAu4CXmlC4d2J+mBmbL6uVB4N7IXy4V0FSB9E+g
+DlL4oJVqRs8f797Ks7o+nJHrl3/kkyYKbwL+A/tjke/OV5ST7A==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec
new file mode 100644
index 0000000000..0a7cfdfd84
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem
new file mode 100644
index 0000000000..b72b8bf238
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiOgAwIBAgIUUTQl0w6xynABX6J3RLxwd5dmb6cwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMB8xHTAbBgNVBAMMFGV2LXRlc3QtaW50ZXJtZWRpYXRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+o3kwdzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBHBggrBgEFBQcBAQQ7MDkw
+NwYIKwYBBQUHMAGGK2h0dHA6Ly9sb2NhbGhvc3Q6ODg4OC9ldi10ZXN0LWludGVy
+bWVkaWF0ZS8wEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQAd
+YtclCaPr3EvDHKCLyZq0UiH8AIOdFC4Ii8t6+N1kn49R/yDVH2vQVzGAUGeZ8wNF
+x6WqNWOhzNuaWx3D+iOcg6wTM8l3HPphsxfltjaTccWCS+VU3DfLWK+BStdf2SwT
+zZYzaOtqphaCjD+zCmpEq/CipM5htDsj+ijfpGMbgm7pQroOj4RfS03Y27uy6bLW
+lNQ/LvmMnN9vOH4ahTdSf4TP6a7Q2rQqgwX4hSjLWqd2OJerVjrGc5xlwmh6FhQn
+ykhoFJsfuz4d/3N5aSugct03S1iLNVeA9RbeVokNfKB5AMJgZwhmCC2GSxhDIHPb
+V6NmrlAx9nedbGwRopc9
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec
new file mode 100644
index 0000000000..d5b5859672
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:ev-test-intermediate
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://localhost:8888/ev-test-intermediate/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem
new file mode 100644
index 0000000000..4bf9681537
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIUL2uvkW2WStYLtuliwgT2ffxO85UwDQYJKoZIhvcNAQEL
+BQAwHzEdMBsGA1UEAwwUZXYtdGVzdC1pbnRlcm1lZGlhdGUwIhgPMjAyMTExMjcw
+MDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowEjEQMA4GA1UEAwwHZXYtdGVzdDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaN/MH0wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvZXYtdGVzdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0
+CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsF
+AAOCAQEArR4O8KOT7AloCUSNOW7fCdaXfTOPjnCfXb+lA3UdnMOJYodXRGevmn9D
++A0/M84FzUyc+CqOww7Qv4VG203P1Km6JAajtN5E8WUf67uh0onYdtNquaQsTJ9+
+adib+uYK3b/8XSHk3m6CUz8dbuVAdM/VPv7wnbPk2iQe23CE6BO/vHwV2nBqbIa/
+veucNZF4W5Loelb8wwvx15ozXIWScZHuF9IYjQdXsweZ96h++d3QY+iLp8JGMhKN
+Qtpfwo/XkvVbUeUhCpnUlx/oWzT/RjIRg8NoHUvX5rjQv8utRRTxju/yjnHh1HHM
+NavCexSqWF0hX69JoniwAVZb6sGIHA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec
new file mode 100644
index 0000000000..10f8022585
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev-test-intermediate
+subject:ev-test
+extension:authorityInformationAccess:http://localhost:8888/ev-test/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key b/security/manager/ssl/tests/unit/bad_certs/evroot.key
new file mode 100644
index 0000000000..1d88a930d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec
new file mode 100644
index 0000000000..1a3d76a550
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem b/security/manager/ssl/tests/unit/bad_certs/evroot.pem
new file mode 100644
index 0000000000..13c3031905
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUIZSHsVgzcvhPgdfrgdMGlpSfMegwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMTUwMTAxMDAwMDAwWhgPMjAzNTAx
+MDEwMDAwMDBaMBExDzANBgNVBAMMBmV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALVJiVydABCNEaH5n4ep49Gl21367PGI2le/ZBNojyzkciz/
+EJA4wXQCyToqRz29KGrtP9zTY89aKRR3Ab3YGNdhW/k1a9XTyDNqqowJcTaKBsPN
+RGG5PlFCThdEuy6q1GqrOM4ZaCGWH4dxShZjaT8JdhzfTWuhJerOx74nDTiPeJ9s
+33iuMUTtKMReeSk4Y6eiKkiYCjakDnLVecm5Jd/4x5M2L/1ol6fBdUxel8lnw+rd
+Gq6KoszONIoBabgOKKLXDBqWDG8zXy2gm5tkP1q/uknoqqmB6WDifYdIC91V3ZQX
++hhQn7tVTM+BpDl+i6gSijS98nhlwYnlc0+yKQUCAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABTOHA9XbfLv/C7+
+5KycYXToOIBRSjQ0j2nsiqFda4Jx+aKsvdpdrrbLHvhrpfsA3ZgB2+eKHunVc4fo
+UHNqZllAs2nx+AEinq4GX8iya5BpiyTIxXWu8v06siGgz1GxlJw1cJ/ZnFEQ9IBf
+cCAr5fCoZ4RC+2OVhiSTnYPCKM+zCyw3YpISjNOg1VVkp46Htp+831Eh12YfwvdY
+Fgh1fc5ohYC5GCLRuXKc9PGTsr3gp7Y0liYbK7v0RBjd+GivNQ3dS3W+lB3Ow0LH
+z/fc3qvrhsd58jHpb1QZQzd9bQjuIIM6Gij7TNdNNarEVZfSJjPYLfXosNdYh5fH
+HmbOwao=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec
new file mode 100644
index 0000000000..3121f3486e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem
new file mode 100644
index 0000000000..a7d657a970
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQw
+MTAxMDAwMDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyBggrBgEF
+BQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ
+KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzf
+T+ow5WVsxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5h
+mu/81rkJLmZ8RQDWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3
+L9zJ2JqNc60+hB8l297ZaSl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74V
+kQyNobaFzDZ+Zr3QmfbejEsY2EYnq8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZ
+gBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFwWwtnoK7I=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
new file mode 100644
index 0000000000..0a03bc36f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Expired Test End-entity
+validity:20130101-20140101
+extension:subjectAlternativeName:expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem
new file mode 100644
index 0000000000..e03d862761
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIUY9VlD+O8GH3DRfxtYTip4pS6eBYwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDExMDEwMTAwMDAwMFoYDzIwMTMw
+MTAxMDAwMDAwWjAkMSIwIAYDVQQDDBlFeHBpcmVkIFRlc3QgSW50ZXJtZWRpYXRl
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEANf+C+WsnAgYfISDS37prll2DOGYWKajcVZNzkScDzNGkK2s0c/td
+Mb+HXehqvYz20hT4wEwQZnPt9qMWH7bBEWiJfw85OINbKmG/i0gjZZDgbFMMdHvc
+j6BXJoxL0gAy8fOQyTDuMNX0NBJzSmWhzBsL99BHAWdG6XXQTzSyumiekc8ip4GG
+EhJvArbZwgIBigzdpbc/lQI0dR2qER0BUXamWU8fi2RuvQqtEi2ANjJHrWOillXU
+PR3j0F2LyvoiYlhiNhE1g3JH4VYZ+3eboRCrjel4J3rZHksN17r6+Fla1/YZdz2l
+nAGA5McLBKXYBVcARV4adXlBe1z79TiDeQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
new file mode 100644
index 0000000000..38a0abd8a4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Expired Test Intermediate
+validity:20110101-20130101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem
new file mode 100644
index 0000000000..b9d08b9795
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIUI8ozCyw0+PlX8kSh6xCqm1S+kZwwDQYJKoZIhvcNAQEL
+BQAwJDEiMCAGA1UEAwwZRXhwaXJlZCBUZXN0IEludGVybWVkaWF0ZTAiGA8yMDIx
+MTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAuMSwwKgYDVQQDDCNUZXN0IEVu
+ZC1lbnRpdHkgd2l0aCBleHBpcmVkIGlzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNcMFowJAYDVR0RBB0w
+G4IZZXhwaXJlZGlzc3Vlci5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYI
+KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZIhvcNAQELBQAD
+ggEBADc3mhtwi4RO49fA5MWYiSDzLur0n6uvJFvLwrCFan5zb0GWCyJcvawUzxH3
+BpgNK7FmKeGPOE+mcjd35O3AgVeReWxy9RFXRAZsBThHZUGjEKi/D4kenNplg9I/
+x2DIjHlmjG9sDR2ibNo6pEOqWi2z+l3NcPpCvljJwz8FWms13AR4ns8c5mdjvBv2
+I3nvO/pezyaYVaAAV0h5EN/hQcTn1AuG/EAesigPAAg/ngm0QEJMfzvSX5z5M8Hg
+s1wUbkPXIcNCkuQ/tibM4xBeOmd6+pcXyhWywl8Z0SbVHfLlRHb72t8YWgvwZjLY
+YwAw1B7ii5wR+4I3ppmcdiKABok=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
new file mode 100644
index 0000000000..855f454221
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Expired Test Intermediate
+subject:Test End-entity with expired issuer
+extension:subjectAlternativeName:expiredissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem
new file mode 100644
index 0000000000..d9af1411c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIUB1U85Lv+0j+a0CDGRThLAhFWSv0wDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOVW5rbm93biBJc3N1ZXIwIhgPMjAyMTExMjcwMDAwMDBa
+GA8yMDI0MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPSUROIENlcnRpZmljYXRlMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABozgwNjA0BgNVHREELTArgilidWc0MTM5MDkueG4tLWh4YWpiaGVnMmF6M2Fs
+LnhuLS1qeGFscGRscDANBgkqhkiG9w0BAQsFAAOCAQEAM0ukmmrbeVbEPB3KwnP2
+R1jHeTyVbRoQjQubHClDsoTQSD1evz3PWksfUE1D5e+jXC4DkQ8r9bgkYG1Hoy3A
+g7i5hvROwGmp99vYP/xXX8n0EXn2aQXXyGWImAIiGiu9Obn+K86Cc53jGOOQMjIo
+4cwvRdmVfxsPWupsbcW2RrZdyN1m+19SBAcGOH5jCwGfrEklUmmjxoMBYfFgBEiA
+39RJKN/H8mHaaG/pVBObJtgimGMigYJU8E44fY8YloFc6NSfzgwwlVuwfnj9PSFU
+/w2nZHpEwOZBdU4iUPydtAqUSEWZ8/GDzC2xg6SIzmQveFBp6BAQHg6udCTtZdSW
+tQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec
new file mode 100644
index 0000000000..b3d840fbd3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Unknown Issuer
+subject:IDN Certificate
+extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key
new file mode 100644
index 0000000000..d43495f851
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl
+GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ
+BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh
+WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK
+1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2
+s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV
+nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+
+gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr
+QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA
+Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh
+AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur
+SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx
+vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx
+nmTT4A==
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
new file mode 100644
index 0000000000..21ed73d60b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
@@ -0,0 +1 @@
+rsa1016
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem
new file mode 100644
index 0000000000..6725f9e566
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtzCCAZ+gAwIBAgIUIREXOabfdCGvGyDuQgOBkzu20zEwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowKTEnMCUGA1UEAwweSW5hZGVxdWF0ZSBLZXkg
+U2l6ZSBFbmQtRW50aXR5MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgADSm7Ev
+uE/dzSmzpRnLZsQ7jY+L5UW6eThM5mPtA991mRYA65IHkNJTDOzlRNuZpx8FiWo+
+0gcWVTSqmQV+R8R+O8ga2m+h4S43JotQRqVSaPna18y0hdgaLhnVDU8LaFSsr217
+5p2aCDE24Vr6j1PByMhPxgdyed0OVdc2mlvdAgMBAAGjZTBjMC0GA1UdEQQmMCSC
+ImluYWRlcXVhdGUta2V5LXNpemUtZWUuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEE
+JjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3
+DQEBCwUAA4IBAQA0rIC1XkHz6blfEbgKH79ausj4LhJtZHWVSoV1bAHfeSHoc97S
+Q1UMai44eoJVBNdSpzZKr5yIu4xXFGkHUxG8JQ+TWpfaABs9V3ZpfCNjHkgn9fM1
+aBX0+cnyKE/e9k3FkQaIXBEBzXC/FM+F8eOXCucPWAWJIml31/TIteh3FE0P4zUP
+kK8oqiRdG0flBxXoc4ZL4lekpq6SmZTKSrCxNZbFGUkANgxmtfRMhHZKpA35BqCv
+JhSqU4VuYlBNq6c37yNK/5XD1QV0UpmhofKVRscqBl7bPJP/vqskogU0U1/6EQcf
+MadiPI0GKVvPEwaBKl10jxhFaCtvRSyLTQBB
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
new file mode 100644
index 0000000000..02b595dc9a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test Intermediate
+subject:Inadequate Key Size End-Entity
+subjectKey:rsa1016
+extension:subjectAlternativeName:inadequate-key-size-ee.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem
new file mode 100644
index 0000000000..8374c1399b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgIUN1pxcl/u0+W9JsxKsrvr8nDaWdEwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAvMS0wKwYDVQQDDCRJbmFkZXF1YXRlIEtleSBVc2FnZSBUZXN0
+IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjbjBsMAsGA1UdDwQEAwIBAjApBgNVHREEIjAggh5p
+bmFkZXF1YXRla2V5dXNhZ2UuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIG
+CCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUA
+A4IBAQBWJJ77vwC6xBIh2ANYJ+kthp/f4Hz9YxZko5W0TSoeTwNNnQ5SorZ5h8nQ
+9fr471N4RvK1knH2dCR8fqlyJmf3sW8QQuHpKHHq6AaDbxXABRIGKC/k+Ykc5xdG
+G6bI/+AlUmjN6fiRCL5ffL5WNXVq4b3edkOvfeKUxiCwoamOy7F4/fMBf+SB/D0+
+05n9tPJcnhll0ah2J0Cw8jiMOpks7nvzU31biKx06gLFwFwAIKTt/xih/nQZAhbq
+m8UP9q1l3UwGxnHZ2r1K+zpO7sYwXk6TAK+9lKcJTheuy4aK1GE/czU/9BrP9WR+
+N/9WVK3KTS8r4EtrybjHMKUaS00V
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
new file mode 100644
index 0000000000..4d553890b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Inadequate Key Usage Test End-entity
+extension:keyUsage:cRLSign
+extension:subjectAlternativeName:inadequatekeyusage.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem
new file mode 100644
index 0000000000..2269f4676e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAbigAwIBAgIUPT3TDbFEvyL6hxMsXXAnhbUEvXAwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAUMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjGDAWMBQGA1Ud
+EQQNMAuCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsFAAOCAQEArvYJZIHcejci3ZW9
+BhYUPn3jv/byMmAvSzPHxy9AJk9ZEITGceiEAB/G5MUaG86/tuSmK2x50kTjezll
++KF4PWKjdzgUHUbQD3tgG4gc74the675k6xWAH9cCn9e1ZYX9vi7zEUPxFlKQnAa
+SsnQQRobrLNoZsqJQ6tqui6lPvZ66jpKFDSFLE7FMfTYKLJJhhTsROCX4OY4YkUb
+zXmozzMk1yK0Gy91x1IoqWl8Eua42TeM5klGrt4r+U6pwA8JsMXMusdmvZXwZYJS
+1LFqRQsSLFxDqFicpJDvXp6TT9Z7TG/z2gdFPH+e+G+pdNQmVnm66SHmfRpf5JiO
+F9rdOA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
new file mode 100644
index 0000000000..7662338470
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:127.0.0.1
+extension:subjectAlternativeName:127.0.0.1
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem
new file mode 100644
index 0000000000..3f373d09f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNjCCAh6gAwIBAgIUGUp8qIucVUZ0D+cPoEILDVfteu8wDQYJKoZIhvcNAQEE
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDExMDEwMTAwMDAwMFoYDzIwMTMw
+MTAxMDAwMDAwWjAvMS0wKwYDVQQDDCRUZXN0IE1ENVNpZ25hdHVyZS1FeHBpcmVk
+IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjYzBhMCsGA1UdEQQkMCKCIG1kNXNpZ25hdHVyZS1l
+eHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
+aHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQQFAAOCAQEAYMtZZk0A
+c3xvnK0PSwNxsWidAdOEY5uOKJTPT1LZFUQsNHw/2f7csfDneTeLNoCNKH7LPF3t
+J+zwUMzq1Ut0vIRSs5r84P7LK7KaBRrSwWPSnTP90X4VX3IVIQ7dbwTkrlUaRzfs
+B4Pqa/p2GVuvrLmbtmd2SDw+52GubJYVOF6u2s4KKgUGhHWtegzQOsVKTFEOoqBr
+X3yDEJhK7M82NMiGtq3Fr5F0sLD6DuGL0Mm7ei9junSLS4sH0M+Hac2BVmXwYNTS
+ekKzyjmZ1TYRlo2sCgYyYfCLcTOswG7uVHLU+ie0+Dbaik2NcolUgFNnC7Uk3E+t
+DhSRNeOtKglSxw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
new file mode 100644
index 0000000000..e4c2b7008d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Test CA
+subject:Test MD5Signature-Expired End-entity
+validity:20110101-20130101
+signature:md5WithRSAEncryption
+extension:subjectAlternativeName:md5signature-expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem
new file mode 100644
index 0000000000..c71d1b4c02
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgIUF9VdXuc6cyMkwLE5QkiaA5XGPGgwDQYJKoZIhvcNAQEE
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAtMSswKQYDVQQDDCJUZXN0IEVuZC1lbnRpdHkgd2l0aCBNRDUg
+c2lnbmF0dXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo1swWTAjBgNVHREEHDAaghhtZDVzaWduYXR1cmUuZXhh
+bXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9j
+YWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBBAUAA4IBAQAKDmz3Jd/rFPskUruCHHHb
+GnWoyquul7YYH69Mxro9u8kfB0apfPzTUjdaXNVPmJn201NsMZQsooR3w7WvKw+O
+WwZULevf5OBDuUUltHES6YDHZbUSPyzG9TDEruQUtFdhmAe+r0xrdacdkI391Pzv
+ORdY3x2v3esRJY3DwbTdufKcqmQ0cmiMPRLGJsMBFjmvQdBFBB+iRtp9Jf+3shM2
+M2ZgKMw+gepEX23KXpJcdXI/s8SZhpO1xIzxwcH8sXM+JV7OpfecPfmrylTkA7BX
+PgeD0Aj/BEtEQk4K+HgHZvriHNiukhCwGf/Hh7r5b+zothSAqAGD0iIwnXpja25B
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
new file mode 100644
index 0000000000..02742d910e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test End-entity with MD5 signature
+signature:md5WithRSAEncryption
+extension:subjectAlternativeName:md5signature.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem
new file mode 100644
index 0000000000..d5782da2cd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKTCCAhGgAwIBAgIUXWNmi3NOMsq8iBKvohtG0kX2YFIwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQw
+MTAxMDAwMDAwWjArMSkwJwYDVQQDDCBNaXNtYXRjaC1FeHBpcmVkIFRlc3QgRW5k
+LWVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaNaMFgwIgYDVR0RBBswGYIXZG9lc250bWF0Y2guZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQCt7JzZlMgD/ZHZobiGxcfE/EPQ
+/V405Xu7DGdTJh5cTiFF1h3sQl06BfrCEAo0yhOrpPyMtmhTI+rMyF7PvFWZMQ89
+bk9y4cZ7jG1NEd6B+jlYfD4mFbLR3AbMEbf6QVjYDK29+XnjnhvczT5NPPl8g7rF
+6y1FhFcFMTGiGZCOyhCz0nXbG/LpP/alH+WucXRdpMLUQbEXEDzWOq5WJ1ZPS556
+2Ouurfr1mkydAlXCGc5RYPVLRY48CwX2z+kfHRnF4TCb3ck5oOlqabP+bc+HD7EE
+UgEEdnE6zpUs1D7s8C8Mp89LUcXx+s51/ZUQvGE4btBMML0lNImwwbqxbv02
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
new file mode 100644
index 0000000000..262f08d6be
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Mismatch-Expired Test End-entity
+validity:20130101-20140101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem
new file mode 100644
index 0000000000..b70a632693
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLzCCAhegAwIBAgIUcYUtGOYg2nrx/OAYr+cxTZVbv34wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDMzMDEwMTAwMDAwMFoYDzIwMzQw
+MTAxMDAwMDAwWjAxMS8wLQYDVQQDDCZNaXNtYXRjaC1Ob3QgWWV0IFZhbGlkIFRl
+c3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaNaMFgwIgYDVR0RBBswGYIXZG9lc250bWF0Y2gu
+ZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8v
+bG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQCu5v5Saw0htF59xmKf
+CQJ7YI4M/TvuNJjhVdwq5phvEw3k+qweEdpLHERGu4nrzyDTMKqN8kXO6tXUspnh
+LpXCvmaDLNxx/UyYofWslqYqFwM4vQ4l5QEUriR1ndMN256ELRSx2cEpWCi9xHMb
+1cqB12ulLMCpitmK+NXpflViZy7HliTQOCdwhLPDNWRKsRF85EHOuFzcx4uqfWdw
+5zwA0zVOYG21fyY51bhy4oy7HjTWUOrGi/klwzz2TEDTUX6nRHYagrFxO7C1GMlg
+pe32InUfLU0rR8G9lP/tSug8HawSH/TCE+63jo2BGWaIYGSd+k11QzU+CsT15+A2
+tbAC
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
new file mode 100644
index 0000000000..947eb7d678
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Mismatch-Not Yet Valid Test End-entity
+validity:20330101-20340101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem
new file mode 100644
index 0000000000..4902855da5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAiGgAwIBAgIUO1bWrdrsbGfiDSe6i14vOA3vWsIwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTAiGA8yMDExMDEwMTAwMDAwMFoY
+DzIwMTMwMTAxMDAwMDAwWjA1MTMwMQYDVQQDDCpNaXNtYXRjaC1VbnRydXN0ZWQt
+RXhwaXJlZCBUZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF2Rv
+ZXNudG1hdGNoLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAlTFY
+rHGARngEHz3XEngdY1E3hf2GdITTHssgVRvpW3IvNmUJDhk3zVqvjb2hIVDmxFRv
+ad7yCKK7FQum2A1MKZh/Pl7ylWv6vkdtB8HSg9F5qYifyUD/XEjYp3uSrfAXW7Pp
+XHZHgBR6nlOB1EpAqrLtpEjxMX6F0fcXClOlWf0UsPLv1M6JvPNns/4tbHBnrhfm
+e0DqBMfZIJV7x633eZhpLQmOIA27rZtpElWZsA6Gtenl3szr8mpOgy3hxuEs9oFn
+cigHg2ECzaOKM5ayTP0dc2OVbVgUX/2doF8pGHiIKdsThYNLNEOioBZjJhQlreZE
+K67bzkMDhLQmMBUMtw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
new file mode 100644
index 0000000000..adc8ebaf8b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Other test CA
+subject:Mismatch-Untrusted-Expired Test End-entity
+validity:20110101-20130101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem
new file mode 100644
index 0000000000..bdbd0003c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIUI0pSyZahDeLfI4OrlVIzuliNY6owDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAtMSswKQYDVQQDDCJNaXNtYXRjaC1VbnRydXN0ZWQg
+VGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABo1owWDAiBgNVHREEGzAZghdkb2VzbnRtYXRj
+aC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6
+Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZIhvcNAQELBQADggEBABwg1CM4xUgHVS5v
+VuYG6xH6YskAdK2L2G2E+M+4pp1+1vGt377o2B8PIhIpJ2lyf37PMn2DjpsgvB2T
+lsl2IJpCa0WD0c6Wh+PzVF3B0rP7QtSdHGLIVbHYjRS6RtrC0tvleQaJF9KBTV2O
+3mUSs5o4LW9brR2aFnoWBY6iENwdme/bttHZxivMnOXHK8nCC0LUVEO4lEqYPojo
+oqFzGPHIdWNHF82u67zys6uZ4aVDZgPFeiOG/B62rhHivAv5am7FXWWpIJv1SKTR
+SW6LElRNpgMxvjvjOfDfbGIpUw2H1QRIpWvygr7fdEYWr27x21UdaEwlZHE2yBeN
+4OsHD8E=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
new file mode 100644
index 0000000000..91c5f548b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Other test CA
+subject:Mismatch-Untrusted Test End-entity
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem
new file mode 100644
index 0000000000..fe0a029e2b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIUQ8LmhXEMu/AAMhyTo605M/H4j2YwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhNaXNtYXRjaCBUZXN0IEVuZC1lbnRpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjeTB3MEEGA1UdEQQ6MDiCF2RvZXNudG1hdGNoLmV4YW1wbGUuY29tgh0q
+LmFsc29kb2VzbnRtYXRjaC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYI
+KwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZIhvcNAQELBQAD
+ggEBAEsOUlth9scSnOZ6d4h1kkf4G2bYfkStM+DHB45DYrAYr3a8l1oHfnPcXhvN
+XMnT53sQ+BkTbx18OSlqo4ZSCbPPaJmHGNsqwqMMeCHDtE2do5uwimkT75Pwy9W+
+1LlTYOoRb5Ys4kY8ObpkhG8YM2W/mnQD6A70iusXaMyCiiP1fXdAPW8m2ltEeVne
+mz8PxwI+opq8/9m+IBcX/cXyoec062cUU+FibhpoKXxPtSGSVEbxw2k8gbndHIj5
+DIbcyZwJvzb08dkYWKjwQ0tgGOUzzgvXTa8gEp179LaWQPsyxGRQdSmv/6WVijpR
+7okOenn54XranHx+ObMSdNwKC24=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
new file mode 100644
index 0000000000..b93599fc88
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Mismatch Test End-entity
+extension:subjectAlternativeName:doesntmatch.example.com,*.alsodoesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem
new file mode 100644
index 0000000000..2be28b8a9f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxDCCAaygAwIBAgIUaRjrHyGMBM67Q2Yf0pUNtNJYgHAwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAiMSAwHgYDVQQDDBdkb2VzbnRtYXRjaC5leGFtcGxlLmNvbTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAd0ZB7G4WhIDaiyYcP2quL3AoqbudHoo8
+0gHA9vAnoGDaOdjlcornKAXyyA0qrUNxmxKS3WavOZnyeCeu+2//nHJOOORRqUC9
+5b+8neKnuRFcTYGW4iS7+cTbHWWYdLH5Mmef/xfcEiGWsV/+pxNdCGVBf4eOK+mk
+0UqqcaOaO4HlC0mUyP39GR/WBYNMbtswAwqryAyXcBuAI5sq9vh4u9n+s+RMWUmD
+3/bBtz9Bff/9ClWTJJMZt8CQoZ4CoA7zowTbqLvf5NpQ96bzbX2Z5qTEh7sCb5zA
+mebrXm/pOBI9zTFYxqUMIwtGAbRZRfwHQBkQhMO3m3gKXu6tbWX2sA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
new file mode 100644
index 0000000000..86ef45b7ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
@@ -0,0 +1,2 @@
+issuer:Test CA
+subject:doesntmatch.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/mitm.pem b/security/manager/ssl/tests/unit/bad_certs/mitm.pem
new file mode 100644
index 0000000000..29181ab095
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mitm.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAeKgAwIBAgIUU4/FdNL/Ag71+mAHWRYV1h6cRF8wDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOVGVzdCBNSVRNIFJvb3QwIhgPMjAyMTExMjcwMDAwMDBa
+GA8yMDI0MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlVGVzdCBlbmQtZW50aXR5IGlz
+c3VlZCBmcm9tIE1JVE0gUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMfMB0wGwYDVR0RBBQwEoIQbWl0bS5l
+eGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEABA5ake5/3963f88QiBP87rs/
+2jnsI8uly83Jk7tw9xvAR7H6OAdcj/FCiTvYwlPPUcUKdEZVwrRk4YJnklAqtCiR
+9Li+i1g9ZbP2m+bIjJhg6vxQkKM3UeM17xERM7RdZ9o7axGozAmMl09gBGvSUVbD
+H2DsimUcD3iRjGyA9PH/IAOvCPK2Y5e6KyrrtqDgpgY4uMPMZq7P5spqf7DkLrW3
+TckaoxbyEiTy/EhwVmWS3AWHA7PJmD7BTUs6+m9AXnnHy4NjPQfAMALBhn6lCHe0
+QbxomBFUE/VvCk1mz9aPJvYRIl4zscMgCXTEbVqhnXck8b/GAs1xsrmvSUiVtw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/mitm.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mitm.pem.certspec
new file mode 100644
index 0000000000..1439391f1b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mitm.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test MITM Root
+subject:Test end-entity issued from MITM Root
+extension:subjectAlternativeName:mitm.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem
new file mode 100644
index 0000000000..daba5ce3c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAeugAwIBAgIUe4uQBKpHl7C9PFr1wsXlC3MT1N4wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjApMScwJQYDVQQDDB5FbmQtZW50aXR5IHdpdGggbm8gdmFsaWQg
+bmFtZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjNjA0MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0
+cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAe1q3Kik/TDQW
+xhdRwHXBY+H5vwT6oWRNHj3KPH/fOwjNpSy5yEO0UIKDPzGzwb8yso7HDk+W+SrO
+n4Y+O6nRJbA+qU2ntCyzD5FfAuRqSuT0v6dVnzzgCOFtqwctr3W6CYAxMBm05shl
+kJcvW0mU7sDvVTQLWU41AAHN7UBHHK57rJIqJEvBIJN2hGm3yhEfj/XceAuFx33a
+fiZ4hUtYBlkrrbl/lVw3AwB0DDGIkngOShK+eSRmXtXd8anKtzKkMHAVDhn9/dFh
+FNI0R/FLdKo8Jb7DSXdBCufRwnHeZjeyzm4hWIofI2x+ibByQDYTOphv0YcDDoR5
+zlyArDIhog==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
new file mode 100644
index 0000000000..87088e87e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:End-entity with no valid names
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem
new file mode 100644
index 0000000000..79cc10aa68
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJjCCAg6gAwIBAgIUH+AmYB0Pf6g+gBjtVqu94DStb3UwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDMxMDEwMTAwMDAwMFoYDzIwMzIw
+MTAxMDAwMDAwWjAoMSYwJAYDVQQDDB1Ob3QgWWV0IFZhbGlkIFRlc3QgRW5kLWVu
+dGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u
+togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6
+pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL
+KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq
+fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv
+Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za
+GAo17Y0CAwEAAaNaMFgwIgYDVR0RBBswGYIXbm90eWV0dmFsaWQuZXhhbXBsZS5j
+b20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0
+Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQB1xgChilLhS38NJG3FU3vyD8LN3uGV
+wgzFB33egzO4s4GkPK5zjGpkyQG0ofYFmlbP8NpVrjKykbhbgusdvsZOknuPBBAJ
+jgHDrt5fdT4ah7xlRr+o4KC8RpYOZ8pGy6eoheCZZdNvhV3cDVxYWrkFZbdbtvw9
+YqqgpgiFx/j85ZqFudq/ApdMwcueZWPjmc47Y2fsTtrqO7rVVtX9FrG4O3BWcrVH
+5RJpwN5mBsC//zNhhuvaGNWZB3XGNH0wgxEweI+cpfufWHnshJFKoEESJBrdHywz
++kuH3ha9W3JwyorON9M7uduDBdUBsjwjwLpYLd+Saie6X+XjROrGYe8f
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
new file mode 100644
index 0000000000..5b60c29ebe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Not Yet Valid Test End-entity
+validity:20310101-20320101
+extension:subjectAlternativeName:notyetvalid.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem
new file mode 100644
index 0000000000..0a111582bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdOgAwIBAgIUW7kXNYkW5OLObAOtdMQ9uL8FHUkwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDMxMDEwMTAwMDAwMFoYDzIwMzMw
+MTAxMDAwMDAwWjAqMSgwJgYDVQQDDB9Ob3QgWWV0IFZhbGlkIFRlc3QgSW50ZXJt
+ZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB
+/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRx
+CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC
+OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm
+Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz
+ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD
+rNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAJgm8BvVnIEy9uGjgTxLcNnIoOZeLgQ9CPrNir6RHzGIK
+1hIHcNCDdC2mDc9DvyQ8MQPzJvAiMAOvo1v8yHDijC/mmYi6hTGuC6hDxF2YHKXu
+8VZZOSMdaE9pkKUQ8sckzKMS+Oxw8EJOV7VeW/WZsSLKSpba0qAioae7wEBMg0QS
+0Mp72+l4nMMUG5T/gzea6gy/nGTb0ghV97K1r5jekFNuy1pZZbKun9lLd9KJNmEs
+XiJCn2M7Ce3nEhJfaJcDmz9sde4HOlJ/BVLV9ljkOL2cQ3TxdEkLT9/Unp9dmcLo
+1sdvWkwimWiKT3XAs6Df64uM4GYl3PqPH5tQmUyPFg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
new file mode 100644
index 0000000000..8a00f2ee23
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Not Yet Valid Test Intermediate
+validity:20310101-20330101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem
new file mode 100644
index 0000000000..1fb6797b43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAjigAwIBAgIUfcJn/g+oQNFi8fCskf4b5iUfOVQwDQYJKoZIhvcNAQEL
+BQAwKjEoMCYGA1UEAwwfTm90IFlldCBWYWxpZCBUZXN0IEludGVybWVkaWF0ZTAi
+GA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjA0MTIwMAYDVQQDDClU
+ZXN0IEVuZC1lbnRpdHkgd2l0aCBub3QgeWV0IHZhbGlkIGlzc3VlcjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNg
+MF4wKAYDVR0RBCEwH4Idbm90eWV0dmFsaWRpc3N1ZXIuZXhhbXBsZS5jb20wMgYI
+KwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgv
+MA0GCSqGSIb3DQEBCwUAA4IBAQCBdqR1GuJPvGxqGIJ1LxBnXfO7hd7uwJhPavoD
+8I9x+c7xy3avQat3GgC+IeWUTp7yr5VVNf/XXfi0nDo1RCiD10QsPVJ4FIXJi9VS
+pIorZQBorqAYmpEzV57wTvoIAJGFZLqBrgLZjQQU9x3TmnH0rm30ZMKWNxQTflSt
+PdqIw9twMtJ1SvYEFpaGHakCWng6bdwC31E4b8+6MD90vsA/8/p7T3HQ3CmDRa0c
+3jTKZZ2QF+bqYzSxw3M190UE2hJVj61WHnFodkWUF0Zye/e3EsVlIt9nPmjPQVSS
+BSMXf8JdX88ozxwbgDyzdBpKY+c7IEpow1EOwbTyG907vkFs
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
new file mode 100644
index 0000000000..d8420898e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Not Yet Valid Test Intermediate
+subject:Test End-entity with not yet valid issuer
+extension:subjectAlternativeName:notyetvalidissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem
new file mode 100644
index 0000000000..4f3dba1d61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAeegAwIBAgIUX1ns5qA13/2mu4/kkB99AW7E32MwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNuc0NlcnRUeXBlIENyaXRpY2FsMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+oz0wOzAjBgNVHREEHDAagglsb2NhbGhvc3SCDSouZXhhbXBsZS5jb20wFAYJYIZI
+AYb4QgEBAQH/BAQDAgZAMA0GCSqGSIb3DQEBCwUAA4IBAQAzZtCyx0wSezpVnRYF
+stt0iAJyTPXPQNppz30cACWIEGPf88CvlYN/4LLFVRZ1Q1IuRghChDIYSv66qGt5
+D9RZRPzMhJ9FyQbh7UQ8pgSa6MoyaALLydACO7yZQgl3VCFEOzTsYwgasrJ0xK5I
+670hkVIPEDlfUxs+afvq0uzdJnuFpI3BdlSmAs9+EK4t5Dh+1msuYmdjl2D+7BRS
+SW7UTLB7EskZtWTNBGmhsIC7sUOamDlUYVbjV3Dt3Q/845sl/a9lsNZawzxzEn6X
+oPorbWHwvplhtx8Z4xa/d7PgyN/11x0HB/wT/oNLfWkDuas73ObfiPS3ud0NuyTz
+1VYg
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
new file mode 100644
index 0000000000..b236bdea47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:nsCertType Critical
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType[critical]:sslServer
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem
new file mode 100644
index 0000000000..58271b08ee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgIUd+v+QT/3riqABXPmtHDCRIIxatYwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAvMS0wKwYDVQQDDCRuc0NlcnRUeXBlIENyaXRpY2FsIFdpdGgg
+ZXh0S2V5VXNhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjXTBbMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5l
+eGFtcGxlLmNvbTAUBglghkgBhvhCAQEBAf8EBAMCBkAwCQYDVR0TBAIwADATBgNV
+HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAKVajR2vlz1QcIzlK
+B23stAjqBtcf+DJI0bwSNWjfJ02fugSDo2H1tTQlNjzA2ayqkMLKdB7Ku7GFrz3U
+VX2Xx0iMeaCumQdETIdEz2MhtlStPQcTZ22t4Pb9sMFZQmyeTMH6cU831myosyGa
+LvGDYQMHIpml9XIi4gqLzyLQI9rshlsgvKN8vp0nyAERQYjw26x3U9Od6jYZzeOm
+73E8KJ2zLOMRbxzz0HjeEkxCMcSjW+AdXL15w/d0B7+Uw2ZdFRMOGtxnwf6F9bgM
+l5uCj5D3hsdfhoAF6sPHZDKGK+TbO0ZGjpOXRAZsTEN/jsR5evRN0lIE0vJ6dSHA
+N1uLVw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
new file mode 100644
index 0000000000..0ae63e20f2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Test CA
+subject:nsCertType Critical With extKeyUsage
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType[critical]:sslServer
+extension:basicConstraints:,
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem
new file mode 100644
index 0000000000..3aa7d7c6c1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDADCCAeigAwIBAgIUCQTyCes+6a+Y+69OlFxl12IzBpswDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAiMSAwHgYDVQQDDBduc0NlcnRUeXBlIE5vdCBDcml0aWNhbDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaM6MDgwIwYDVR0RBBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMBEG
+CWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAQEAqYcAU8y2+5/Wfl3F
+ERZGxefQeivQXfa4pZg67fiN2Y0rNWodmTmOVlqFyBVwTO3q2Y63SBI/FyIB7dzV
+wUPW0GHk3WaGO7mOXB5H2URqlrdXJh/Tn7hXUHq+85tr3TgysWsJJZ/2CCve2OtX
+Jr1F3XiPvtHnHyKz8vONQrkIx93l+uSh/Jjr1M4Y+96XOgRLe3UBQ0KzWZVjeyP5
+i3yS4bZbNUyjk2uYvniY0nlJo0pSpD9tXLMiTrc0rSAj/0uvxI216YI0CptvypHY
+/G/U2ZTvk96bmL/9zily1tmmjZT+tznnzTnsTSszPBzkU4gpJ3avWnbBxoC76JAN
+bf9Uig==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
new file mode 100644
index 0000000000..a44a1feeef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:nsCertType Not Critical
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType:sslServer
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem
new file mode 100644
index 0000000000..f4ee143e74
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIUUTjaq6eT9McB+Ix6ki/STTQfzwgwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAnMSUwIwYDVQQDDBxXcm9uZyBDQSBQaW4gVGVzdCBF
+bmQtRW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJ
+n3cIKmeR8bh2w39c5TiwbErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYCl
+HDwSAkTFhKTESDMF5ROMAQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzS
+pss8xwbrzTBw7JjM5AqlkdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2
+mZWGZiVHl+1CaQiICBFCIGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq
+0n7wFvGHzdVOgys1uJMPdLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZV
+Lx0eGR1xIWjTuwIDAQABo4GtMIGqMHQGA1UdEQRtMGuCKCouaW5jbHVkZS1zdWJk
+b21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5z
+LnBpbm5pbmcuZXhhbXBsZS5jb22CFSoucGlubmluZy5leGFtcGxlLmNvbTAyBggr
+BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8w
+DQYJKoZIhvcNAQELBQADggEBACq2BJPXiEEa2S95CPlJuTxEZMyzrrWWhdEHsLHP
+raOfY3Ct/XziwlYO3CJ7NrVGfrHmrBbROLqenbXLD0HwQp/WxY61fOIQeALVZmCU
+sxsDYiLhdFTyT7K/vd33SW+Mq2+L6yWr8B6ElSidNCnQdExcnROkwy8mjPEitq3o
+2iEDBeCfVG3aOo5AxW/JJFeusyRU6+Jo6voM2mpzpTVjEx22SoJBORon4knQsw42
+OjyD8SeU2n7Rwq5biDHQP+y8Gx7bZt5UFIaE/nLP7Hn+8NQau8bJihrK2yCdKJCK
+VKx9rPxi9I6txANEx33WCzlxq5Bi8PZHH6aduLGofTFFNR8=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
new file mode 100644
index 0000000000..a905a66ac2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Other test CA
+subject:Wrong CA Pin Test End-Entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com,*.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key
new file mode 100644
index 0000000000..abde350c28
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq
+Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC
+RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH
+BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm
+JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW
+8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z
+HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw
+aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL
+GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH
+R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8
+/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q
+5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ
+xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG
+8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l
+Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ
++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk
+IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52
+TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH
+4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY
+T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM
+RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x
+hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8
+oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS
+vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6
+S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r
+KVFR3kS3f+Vaew3yceGaZcA=
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
new file mode 100644
index 0000000000..cbd5f309c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem
new file mode 100644
index 0000000000..a2e264030a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcegAwIBAgIURym6o+VN9xgZXT/QLrvN/nv1ZN4wDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTAiGA8yMDE1MDEwMTAwMDAwMFoY
+DzIwMjUwMTAxMDAwMDAwWjAYMRYwFAYDVQQDDA1PdGhlciB0ZXN0IENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5Tiw
+bErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROM
+AQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5Aql
+kdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFC
+IGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMP
+dLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQAB
+ox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AQEAtXplrvls6HSbbibpzfGxOPmSuh2TH05bE4vQk+d7Kz6EOAFvgTiZbLwTxbrQ
+gfrM05t+67C2nAeiwAtW34nUnu6S8MYA6mJjURWICbl7cAvCHuNjg1atVr6f1Y+9
+VFFG6aUibw3bzKneREmDEVcxlEWUaMvv/JjfyMA5veSyX6iTJYkIBrEiVV5Alzg5
+yVHBi6+tpuJDO/YLlG8kmfzkYeJkTyAGx1EJ2yQHim7R232638yb0KrhS4zKsfFU
+egHhM4c+MpiCLc9q2EgblbYGx5GM+2leuzXunj1KPClHFrnmkRRm3rcESG2pK9RN
+/48Nd38VNofRojEbzDSCdOFmow==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
new file mode 100644
index 0000000000..3bc975aa22
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
@@ -0,0 +1,7 @@
+issuer:Other test CA
+subject:Other test CA
+issuerKey:alternate
+subjectKey:alternate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem
new file mode 100644
index 0000000000..312d57f83f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIUO0qfW1Ku2EK6yQlpOYG16M3C88MwDQYJKoZIhvcNAQEL
+BQAwMzExMC8GA1UEAwwoVGVzdCBTZWxmLXNpZ25lZCBFbmQtZW50aXR5IHdpdGgg
+Q0EgdHJ1ZTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAzMTEw
+LwYDVQQDDChUZXN0IFNlbGYtc2lnbmVkIEVuZC1lbnRpdHkgd2l0aCBDQSB0cnVl
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABo4GAMH4wDAYDVR0TBAUwAwEB/zAyBggrBgEFBQcBAQQmMCQwIgYIKwYB
+BQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wOgYDVR0RBDMwMYIvc2VsZi1z
+aWduZWQtZW5kLWVudGl0eS13aXRoLWNBLXRydWUuZXhhbXBsZS5jb20wDQYJKoZI
+hvcNAQELBQADggEBAKHo7nO705MnFJrD51zJX5feNUmVlItGBRK67CO777vGRqYA
+YxBpKuugPxWvBVI7+P3SRvAQAL6vg9fUlf3OHkT4WISyQ06ru9V3kQXbJhS62fe8
+qKfom/iyDErkLEGojXqCoE13gsuQEXCbEKj1sLdKU1gpKA2iSooMkKvlJbhmlNjF
+Hy77/zZ7AeOmUblRMfhm8wF/AeoXSB+/JonOZ5MBCsKrjjK8vzDWBXICR2t/Uwce
+McvUFs5EiPJlveJ7POdUSQmQxnj0F9jdWF67tMLmktmMynEdSUv+9D++uUSSCbuS
+KU3Y4z6ntndjkhiyTQim9vETxcB92sfkIp4fZC4=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
new file mode 100644
index 0000000000..0ca92d7fd1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test Self-signed End-entity with CA true
+subject:Test Self-signed End-entity with CA true
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:self-signed-end-entity-with-cA-true.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem
new file mode 100644
index 0000000000..2ab5904543
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIUdTEF+B9EJBrvwu6jqdZB5MXb5ogwDQYJKoZIhvcNAQEL
+BQAwNTEzMDEGA1UEAwwqU2VsZi1zaWduZWQgSW5hZGVxdWF0ZSBFS1UgVGVzdCBF
+bmQtZW50aXR5MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMDUx
+MzAxBgNVBAMMKlNlbGYtc2lnbmVkIEluYWRlcXVhdGUgRUtVIFRlc3QgRW5kLWVu
+dGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u
+togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6
+pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL
+KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq
+fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv
+Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za
+GAo17Y0CAwEAAaOBijCBhzALBgNVHQ8EBAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUH
+AwEwLwYDVR0RBCgwJoIkc2VsZnNpZ25lZC1pbmFkZXF1YXRlRUtVLmV4YW1wbGUu
+Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z
+dDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAats49K5yDWP8zxxbODXI9VItMfOG
+j2E8QdcFPYRVgkIcmM6chajB3IX0K9cua1fIyXaiFK4ZukXY5IClrNa3K4mchyrW
+t/sL0hd1JNcSiFpYRXuKlmmTh/29PUP3sFo29p4fmXTlEGNmZG10r+RMlnh1/iWz
+H0MmLqE7iabjD91IxR79bRNnaewvmB7p4ccVc/Oh2iJSdd1JhrHljYBL4vTBz8Jb
+1+1zHqgCIf0+Bd9sTHnuu6+iB8hAqcoQVs9RqCjdisgx0+hzjGTmPummdF7xxDdt
+meUKn8pbzUadJuna5SyRN0bXIRVicqi4/dw+gYgb80uA7BUYgqiXhzJnmQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
new file mode 100644
index 0000000000..477b90ce14
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Self-signed Inadequate EKU Test End-entity
+subject:Self-signed Inadequate EKU Test End-entity
+extension:keyUsage:keyEncipherment,dataEncipherment
+extension:extKeyUsage:serverAuth
+extension:subjectAlternativeName:selfsigned-inadequateEKU.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem
new file mode 100644
index 0000000000..a949efa150
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAh+gAwIBAgIUQx4TWJqQt0JuIih8qLKCOJxOUMkwDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbU2VsZi1zaWduZWQgVGVzdCBFbmQtZW50aXR5MCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCYxJDAiBgNVBAMMG1NlbGYt
+c2lnbmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNZMFcwIQYDVR0RBBowGIIWc2Vs
+ZnNpZ25lZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG
+Fmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZIhvcNAQELBQADggEBAA8/4PSt
+7wsHx00uSCMH+mDAwnI6YqmwoWQWg2qq6Ul4mXvupDqaGjXCi3LA+7wP+YXlzXz3
+GJzQopXQ0XObiXNK34GNlTL+8Sk3rvOO88y5hmRpqNxXNCqj0UNaTfqDApYhydET
+/EoowMbObWWKUknQxxH4XxOgXfr11XBLOgmCWUF1ZUZRRxzhDNfeR7GIInw7Z+bP
+a/ghCqgSqaqupQUky21bx6tT6Vte/NEGZSE0NptiatOwkdB3pTaN9ix3firArKhx
+phEkGr2JxWcCAQY14+4Qg/gII2YRY0AMV3ruHjayItpe0SOTxPvJLa//InmUcsof
+eNBIC56EPJcm2U8=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
new file mode 100644
index 0000000000..99a814be17
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Self-signed Test End-entity
+subject:Self-signed Test End-entity
+extension:subjectAlternativeName:selfsigned.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem
new file mode 100644
index 0000000000..67e7ca56e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUP5NBbozOXrtwcuQwu3pzUXbOl7owDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjASMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEABBSMkSBFq/bK
+LpntIx6QJdqPtmnjdjwTpCbQyKKfQjjrazCfru5SheZq7ACtQ0uWFokUOQhB+Xvv
+sqy9HqJhK4UN0zfNPjtkHOSbNefWXOseEzA6XxuaCzQXWOp1WNNPnfdtYZizy6hT
+fKuKjhniKLmIQD61KNl7Ev1hWUhWC7R8U+IFztXusYYFUUmqqaZ/v7lNfY1sHu4k
+zHQFp+xqeaXvkoRpTXhoSdwDQ7ldquwqMM0NIQXlhtcmg7IYwZBGlJgzoejN4k2H
+2WycvxPW70I10NeAAhtie1+K4JHwr6/SLLwCCnJDoRMMpMhM9/853Ye/4PTDGhuK
+fqhEoHH9Ig==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
new file mode 100644
index 0000000000..5d2435d7bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test CA
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem b/security/manager/ssl/tests/unit/bad_certs/test-int.pem
new file mode 100644
index 0000000000..08249b863e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcWgAwIBAgIUa0X7/7DlTaedpgrIJg25iBPOkIMwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMjUw
+MTAxMDAwMDAwWjAcMRowGAYDVQQDDBFUZXN0IEludGVybWVkaWF0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEB
+AILNZM9yT9ylMpjyi0tXaDORzpHiJ8vEoVKk98bC2BQF0kMEEB547p+Ms8zdJY00
+Bxe9qigT8rQwKprXq5RvgIZ32QLn/yMPiCp/e6zBdsx77TkfmnSnxvPi+0nlA+eM
+8JYN0UST4vWD4vPPX9GgZDVoGQTiF3hUivJ5R8sHb/ozcSukMKQQ22+AIU7w6wyA
+IbCAG7Pab4k2XFAeEnUZsl9fCym5jsPN9Pnv9rlBi6h8shHw1R2ROXjgxubjiMr3
+B456vFTJImLJjyA1iTSlr/+VXGUYg6Z0/HYnsO00+8xUKM71dPxGAfIFNaSscpyk
+rGFLvocT/kym6r8galxCJUo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
new file mode 100644
index 0000000000..33b42c2f41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem
new file mode 100644
index 0000000000..30143bb1ba
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIUP5JozopIN1u1syfEtUDb+7eHSs0wDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbVGVzdCBJbnRlcm1lZGlhdGUgdG8gZGVsZXRlMCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMC4xLDAqBgNVBAMMI1Rlc3Qg
+RW5kLWVudGl0eSBmcm9tIHVua25vd24gaXNzdWVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HCMIG/MIGIBgNV
+HREEgYAwfoIZdW5rbm93bmlzc3Vlci5leGFtcGxlLmNvbYI0dW5rbm93bmlzc3Vl
+ci5pbmNsdWRlLXN1YmRvbWFpbnMucGlubmluZy5leGFtcGxlLmNvbYIrdW5rbm93
+bmlzc3Vlci50ZXN0LW1vZGUucGlubmluZy5leGFtcGxlLmNvbTAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZI
+hvcNAQELBQADggEBAI2lkdtGlY+mEsp+k/1OMPP14sB/Rn3OY6Y0FNKKIrugQXa4
+V53aA0Uiopb5O+dCp9t6O6qX8hmiZkqO/24FnpJyT9HKGZWCA95gBAduVK27+LKz
+9a4HEnj5QuhtZw8oProRIukhgOr6AjJvzg1KNh0oJ67IIoqqwzZFFfOGNjoT3Rgu
+Z8WyMFPMI+ZTP7cHriMSPhAOz7v0d4zfRHmSBS+j3nyOkzFBSrjk8i2ODDXjsxjP
+RyCOAFXJRcoHUhY1E7WJ0qGGT3ckOD4gQ0NSJ8yGDtGqSCmoiQiGts9V7NVmnTfN
+RD9Q8KYGkyiZ6LpnQIN08aNZkkuflirZnl5zP4k=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
new file mode 100644
index 0000000000..a735c730ca
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate to delete
+subject:Test End-entity from unknown issuer
+extension:subjectAlternativeName:unknownissuer.example.com,unknownissuer.include-subdomains.pinning.example.com,unknownissuer.test-mode.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem
new file mode 100644
index 0000000000..921d14583f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNjCCAh6gAwIBAgIUGTh5myT/JfbNsso9a1ZhGr8B11gwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTAiGA8yMDExMDEwMTAwMDAwMFoY
+DzIwMTMwMTAxMDAwMDAwWjAsMSowKAYDVQQDDCFVbnRydXN0ZWQtRXhwaXJlZCBU
+ZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjYDBeMCgGA1UdEQQhMB+CHXVudHJ1c3RlZC1l
+eHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
+aHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAMktkDNyd
+MHFk4K4dcOfi0McOkxvdZW6/Nqts51scx8A3q8sT5pdW3ftBjvN7O+3c1cNGoThG
+9SA6uLDV2NT2EQp65yxMZe8j1OHX3qybqZ/RVY5r7VHF4JDsPHHXsgew5+CRGraj
+MTIFUqmgAYLMcv74vB0OLIt3JL4XnHVP7atULMLJrOP8QUmkUhZ49MDqyslN0i6w
+X7KwhdM00+JKadqUFqOAfhacMHsH5ErsQ3LXrQRMJiFoaVbElMy9e/jJmY7rg4pw
+0EMnkt+Vj650FkWsCnLndBia+6z+81L4EZ7uwBeeks2fYhXt85qqkuzmZq2T2diu
+ArcEblKIbUYlVg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
new file mode 100644
index 0000000000..3efd1ce677
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Other test CA
+subject:Untrusted-Expired Test End-entity
+validity:20110101-20130101
+extension:subjectAlternativeName:untrusted-expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem
new file mode 100644
index 0000000000..44466870b7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIUFTheHxum5x5zarr+9tuaXVyal6kwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAwMS4wLAYDVQQDDCVUZXN0IEVuZC1lbnRpdHkgd2l0
+aCB1bnRydXN0ZWQgaXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo14wXDAmBgNVHREEHzAdght1bnRydXN0
+ZWRpc3N1ZXIuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB
+hhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQA4nTja
+7NV7jYhyX3eDGfoWyCHVM2PRIglZrHN1JsmzUOfyrw9T4jF2Jnuvl9lF0SyuBm+N
+X1lXJK4z8VYfM3t1SlGe2qwl+nXiYwoCFl0mfbBuihQNxa3eLWAmjz5ZghStjFwz
+QGwkgrsCaP8gKcU2j94KVhWaAXJJzBe1OPVJUhrjQjG4Q7mhon7qRrRYJaDR4GOe
+bLhJvrZO14Embo81DejBzoIHYeONhz9RqrTjcH15qpxwU8mX/DAZfkPlR85LY3F9
+FTBy7wEGuvoPZbWjtQEZMTeMdyJ1DZyi7TNFkJksf8b5oXtCGzftOv3cJeZIUYQs
+ZmUfzPtaDC9YkAeP
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
new file mode 100644
index 0000000000..5ba0bc2535
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Other test CA
+subject:Test End-entity with untrusted issuer
+extension:subjectAlternativeName:untrustedissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem
new file mode 100644
index 0000000000..8c24bc3d0b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZcCFE8qjyl3WPAoW1Gpnx3TBAEyJJU6MA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEjEQMA4GA1UEAwwHVjEgQ2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEAqUwUJ06FNvZWgq5++nr3wKmfEW/hOI2Mr3+xjDbuvYm8/Z+H+TtIDgqJ+Ryf
+pxTL5/tGFmriX20DC9b+ZtZyEYVZFHbM/WmhKZlp6zfzxODErmX1JuPg+Ue0zCoz
+zQXTda4jB1j39LT88Ci5CLSnNrWFcbHxEp5nmikC6N76Whcw/4OflP0ui/MPeAu7
+wH5Ql7PzL3+m4HtCgri9Jgd/6LWkSeK2mN8AmnLUbV2szXi63eTrYxQ0KcxjTcuN
+4M2PuIXiI3c7V0jjfhIHc09lGUnLeh5pIQSQ17EMVMuh6sUjY26Gczj9CuWGZ+gS
+6B5LY90vNcK+MYRMF2jyXEt1Lg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
new file mode 100644
index 0000000000..7824630bbc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:V1 Cert
+version:1
diff --git a/security/manager/ssl/tests/unit/corrupted_crlite_helper.js b/security/manager/ssl/tests/unit/corrupted_crlite_helper.js
new file mode 100644
index 0000000000..2587c5dad9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/corrupted_crlite_helper.js
@@ -0,0 +1,103 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Helper file for tests that initialize CRLite with corrupted `security_state`
+// files.
+//
+// Usage:
+//   Define nsILocalFile variables for the `crlite.filter`, `crlite.coverage`,
+//   and `crlite.enrollment` files that should be copied to the new profile, and
+//   then load this file. The variables should be called `filter`, `coverage`,
+//   and `enrollment`, respectively. To omit a file, leave the corresponding
+//   variable `undefined`.
+//
+// Example:
+//   let filter = do_get_file("some_test_dir/crlite.filter");
+//   let coverage = undefined;
+//   let enrollment = do_get_file("some_test_dir/crlite.enrollment");
+//   load("./corrupted_crlite_helper.js");
+//
+// Note:
+//   The cert_storage library only attempts to read security_state once. So
+//   this task can only be included once per test file.
+
+"use strict";
+
+/* eslint-disable no-undef */
+
+add_task(async function test_crlite_corrupted() {
+  let securityStateDirectory = do_get_profile();
+  securityStateDirectory.append("security_state");
+
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeEnforcePrefValue
+  );
+
+  if (coverage != undefined) {
+    coverage.copyTo(securityStateDirectory, "crlite.coverage");
+  }
+  if (enrollment != undefined) {
+    enrollment.copyTo(securityStateDirectory, "crlite.enrollment");
+  }
+  if (filter != undefined) {
+    filter.copyTo(securityStateDirectory, "crlite.filter");
+  }
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+
+  // This certificate is revoked according to `test_crlite_filters/20201017-0-filter`.
+  // Its issuer is enrolled according to `test_crlite_preexisting/crlite.enrollment`,
+  // and it is covered according to `test_crlite_preexisting/crlite.coverage`.
+  let revokedCert = constructCertFromFile("test_crlite_filters/revoked.pem");
+
+  // The issuer's certificate needs to be available for path building.
+  let issuerCert = constructCertFromFile("test_crlite_filters/issuer.pem");
+  ok(issuerCert, "issuer certificate should decode successfully");
+
+  // If we copied a corrupted file to security_state, then CRLite should not be
+  // initialized, and we should fall back to OCSP. By setting
+  // Ci.nsIX509CertDB.FLAG_LOCAL_ONLY here we skip the OCSP test, so there's no
+  // revocation checking, and the revoked certificate should pass inspection.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    undefined,
+    "us-datarecovery.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  // We should not have a filter or a stash.
+  let hasFilter = await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_FULL,
+      (rv, result) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve(result);
+      }
+    );
+  });
+  Assert.equal(hasFilter, false, "CRLite should not have a filter");
+
+  let hasStash = await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_INCREMENTAL,
+      (rv, result) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve(result);
+      }
+    );
+  });
+  Assert.equal(hasStash, false, "CRLite should not have a stash");
+});
diff --git a/security/manager/ssl/tests/unit/crlite_enrollment_id.py b/security/manager/ssl/tests/unit/crlite_enrollment_id.py
new file mode 100755
index 0000000000..2deb5ad379
--- /dev/null
+++ b/security/manager/ssl/tests/unit/crlite_enrollment_id.py
@@ -0,0 +1,33 @@
+#!/usr/bin/python
+
+# Given a PEM encoded X.509 certificate, outputs
+#   base64(SHA256(subject || spki))
+# where `subject` is the RFC 5280 RDNSequence encoding
+# the certificate's subject, and `spki` is the RFC 5280
+# SubjectPublicKeyInfo field encoding the certificate's
+# public key.
+
+import sys
+import base64
+
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives import hashes
+
+if len(sys.argv) != 2:
+    print(f"Usage: {sys.argv[0]} <path to pem cert>")
+    sys.exit(1)
+
+with open(sys.argv[1], "r") as f:
+    cert = x509.load_pem_x509_certificate(f.read().encode("utf-8"), backend=None)
+
+subj = cert.subject.public_bytes()
+spki = cert.public_key().public_bytes(
+    format=serialization.PublicFormat.SubjectPublicKeyInfo,
+    encoding=serialization.Encoding.DER,
+)
+
+digest = hashes.Hash(hashes.SHA256(), backend=None)
+digest.update(subj)
+digest.update(spki)
+print(base64.b64encode(digest.finalize()).decode("utf-8"))
diff --git a/security/manager/ssl/tests/unit/crlite_key.py b/security/manager/ssl/tests/unit/crlite_key.py
new file mode 100755
index 0000000000..53d2b2aeaf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/crlite_key.py
@@ -0,0 +1,58 @@
+#!/usr/bin/python
+
+# Given PEM encoded X.509 certificates Issuer and Subscriber,
+# outputs the urlsafe base64 encoding of the SHA256 hash of
+# the Issuer's SubjectPublicKeyInfo, and the ascii hex encoding
+# of the Subscriber's serial number.
+
+import sys
+import base64
+
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives import hashes
+
+
+def uint_to_serial_bytes(a):
+    # Encode the non-negative integer |a| as a DER integer without the leading
+    # tag and length prefix. The DER encoding of |a| is the shortest octet
+    # string that encodes |a| in big endian two's complement form.
+    assert a >= 0
+
+    # Since |a| is non-negative, the shortest bit string that encodes it in
+    # big-endian two's complement form has a leading 0 bit. Positive python
+    # integers have a `bit_length` method that gives the index of the leading 1
+    # bit. The minimal two's complement bit length is one more than this.
+    #
+    # NB: Python defines |int(0).bit_length() == 0|. The other cases are more
+    # intuitive; for integers x and k with x >= 0 and k > 0 with 2**k > x we
+    # have |int(2**k + x).bit_length() == k+1|.
+    bit_len = 1 + a.bit_length()
+    byte_len = (bit_len + 7) // 8
+    return a.to_bytes(byte_len, byteorder="big", signed=False)
+
+
+if len(sys.argv) != 3:
+    print(f"Usage: {sys.argv[0]} <path to issuer cert> <path to subscriber cert>")
+    sys.exit(1)
+
+with open(sys.argv[1], "r") as f:
+    issuer = x509.load_pem_x509_certificate(f.read().encode("utf-8"), backend=None)
+
+with open(sys.argv[2], "r") as f:
+    subscriber = x509.load_pem_x509_certificate(f.read().encode("utf-8"), backend=None)
+
+assert issuer.subject.public_bytes() == subscriber.issuer.public_bytes()
+
+issuer_spki = issuer.public_key().public_bytes(
+    format=serialization.PublicFormat.SubjectPublicKeyInfo,
+    encoding=serialization.Encoding.DER,
+)
+hasher = hashes.Hash(hashes.SHA256(), backend=None)
+hasher.update(issuer_spki)
+issuer_spki_hash = hasher.finalize()
+
+subscriber_serial = uint_to_serial_bytes(int(subscriber.serial_number))
+
+print(base64.urlsafe_b64encode(issuer_spki_hash).decode("utf-8"))
+print(subscriber_serial.hex())
diff --git a/security/manager/ssl/tests/unit/head_psm.js b/security/manager/ssl/tests/unit/head_psm.js
new file mode 100644
index 0000000000..bb770a1b63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -0,0 +1,1192 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+const { AppConstants } = ChromeUtils.importESModule(
+  "resource://gre/modules/AppConstants.sys.mjs"
+);
+const { ctypes } = ChromeUtils.importESModule(
+  "resource://gre/modules/ctypes.sys.mjs"
+);
+const { FileUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/FileUtils.sys.mjs"
+);
+const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+const { PromiseUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/PromiseUtils.sys.mjs"
+);
+const { XPCOMUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/XPCOMUtils.sys.mjs"
+);
+
+const { X509 } = ChromeUtils.importESModule(
+  "resource://gre/modules/psm/X509.sys.mjs"
+);
+
+const isDebugBuild = Cc["@mozilla.org/xpcom/debug;1"].getService(
+  Ci.nsIDebug2
+).isDebugBuild;
+
+// The test EV roots are only enabled in debug builds as a security measure.
+const gEVExpected = isDebugBuild;
+
+const CLIENT_AUTH_FILE_NAME = "ClientAuthRememberList.txt";
+const SSS_STATE_FILE_NAME = "SiteSecurityServiceState.txt";
+const CERT_OVERRIDE_FILE_NAME = "cert_override.txt";
+
+const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
+const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
+const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
+
+// This isn't really a valid PRErrorCode, but is useful for signalling that
+// a test is expected to succeed.
+const PRErrorCodeSuccess = 0;
+
+// Sort in numerical order
+const SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8;
+const SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9;
+const SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10;
+const SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CA_CERT_INVALID = SEC_ERROR_BASE + 36;
+const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = SEC_ERROR_BASE + 41;
+const SEC_ERROR_PKCS7_BAD_SIGNATURE = SEC_ERROR_BASE + 47;
+const SEC_ERROR_INADEQUATE_KEY_USAGE = SEC_ERROR_BASE + 90;
+const SEC_ERROR_INADEQUATE_CERT_TYPE = SEC_ERROR_BASE + 91;
+const SEC_ERROR_CERT_NOT_IN_NAME_SPACE = SEC_ERROR_BASE + 112;
+const SEC_ERROR_CERT_BAD_ACCESS_LOCATION = SEC_ERROR_BASE + 117;
+const SEC_ERROR_OCSP_MALFORMED_REQUEST = SEC_ERROR_BASE + 120;
+const SEC_ERROR_OCSP_SERVER_ERROR = SEC_ERROR_BASE + 121;
+const SEC_ERROR_OCSP_TRY_SERVER_LATER = SEC_ERROR_BASE + 122;
+const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = SEC_ERROR_BASE + 123;
+const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = SEC_ERROR_BASE + 124;
+const SEC_ERROR_OCSP_UNKNOWN_CERT = SEC_ERROR_BASE + 126;
+const SEC_ERROR_OCSP_MALFORMED_RESPONSE = SEC_ERROR_BASE + 129;
+const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = SEC_ERROR_BASE + 130;
+const SEC_ERROR_OCSP_OLD_RESPONSE = SEC_ERROR_BASE + 132;
+const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = SEC_ERROR_BASE + 141;
+const SEC_ERROR_OCSP_INVALID_SIGNING_CERT = SEC_ERROR_BASE + 144;
+const SEC_ERROR_POLICY_VALIDATION_FAILED = SEC_ERROR_BASE + 160;
+const SEC_ERROR_OCSP_BAD_SIGNATURE = SEC_ERROR_BASE + 157;
+const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176;
+
+const SSL_ERROR_NO_CYPHER_OVERLAP = SSL_ERROR_BASE + 2;
+const SSL_ERROR_BAD_CERT_DOMAIN = SSL_ERROR_BASE + 12;
+const SSL_ERROR_BAD_CERT_ALERT = SSL_ERROR_BASE + 17;
+const SSL_ERROR_WEAK_SERVER_CERT_KEY = SSL_ERROR_BASE + 132;
+const SSL_ERROR_DC_INVALID_KEY_USAGE = SSL_ERROR_BASE + 184;
+
+const SSL_ERROR_ECH_RETRY_WITH_ECH = SSL_ERROR_BASE + 188;
+const SSL_ERROR_ECH_RETRY_WITHOUT_ECH = SSL_ERROR_BASE + 189;
+const SSL_ERROR_ECH_FAILED = SSL_ERROR_BASE + 190;
+const SSL_ERROR_ECH_REQUIRED_ALERT = SSL_ERROR_BASE + 191;
+
+const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE = MOZILLA_PKIX_ERROR_BASE + 0;
+const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY =
+  MOZILLA_PKIX_ERROR_BASE + 1;
+const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE = MOZILLA_PKIX_ERROR_BASE + 2;
+const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA = MOZILLA_PKIX_ERROR_BASE + 3;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE =
+  MOZILLA_PKIX_ERROR_BASE + 5;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE =
+  MOZILLA_PKIX_ERROR_BASE + 6;
+const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING =
+  MOZILLA_PKIX_ERROR_BASE + 8;
+const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING =
+  MOZILLA_PKIX_ERROR_BASE + 10;
+const MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME = MOZILLA_PKIX_ERROR_BASE + 12;
+const MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED =
+  MOZILLA_PKIX_ERROR_BASE + 13;
+const MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT = MOZILLA_PKIX_ERROR_BASE + 14;
+const MOZILLA_PKIX_ERROR_MITM_DETECTED = MOZILLA_PKIX_ERROR_BASE + 15;
+
+// Supported Certificate Usages
+const certificateUsageSSLClient = 0x0001;
+const certificateUsageSSLServer = 0x0002;
+const certificateUsageSSLCA = 0x0008;
+const certificateUsageEmailSigner = 0x0010;
+const certificateUsageEmailRecipient = 0x0020;
+
+// A map from the name of a certificate usage to the value of the usage.
+// Useful for printing debugging information and for enumerating all supported
+// usages.
+const allCertificateUsages = {
+  certificateUsageSSLClient,
+  certificateUsageSSLServer,
+  certificateUsageSSLCA,
+  certificateUsageEmailSigner,
+  certificateUsageEmailRecipient,
+};
+
+const NO_FLAGS = 0;
+
+const CRLiteModeDisabledPrefValue = 0;
+const CRLiteModeTelemetryOnlyPrefValue = 1;
+const CRLiteModeEnforcePrefValue = 2;
+const CRLiteModeConfirmRevocationsValue = 3;
+
+// Convert a string to an array of bytes consisting of the char code at each
+// index.
+function stringToArray(s) {
+  let a = [];
+  for (let i = 0; i < s.length; i++) {
+    a.push(s.charCodeAt(i));
+  }
+  return a;
+}
+
+// Converts an array of bytes to a JS string using fromCharCode on each byte.
+function arrayToString(a) {
+  let s = "";
+  for (let b of a) {
+    s += String.fromCharCode(b);
+  }
+  return s;
+}
+
+// Commonly certificates are represented as PEM. The format is roughly as
+// follows:
+//
+// -----BEGIN CERTIFICATE-----
+// [some lines of base64, each typically 64 characters long]
+// -----END CERTIFICATE-----
+//
+// However, nsIX509CertDB.constructX509FromBase64 and related functions do not
+// handle input of this form. Instead, they require a single string of base64
+// with no newlines or BEGIN/END headers. This is a helper function to convert
+// PEM to the format that nsIX509CertDB requires.
+function pemToBase64(pem) {
+  return pem
+    .replace(/-----BEGIN CERTIFICATE-----/, "")
+    .replace(/-----END CERTIFICATE-----/, "")
+    .replace(/[\r\n]/g, "");
+}
+
+function build_cert_chain(certNames, testDirectory = "bad_certs") {
+  let certList = [];
+  certNames.forEach(function (certName) {
+    let cert = constructCertFromFile(`${testDirectory}/${certName}.pem`);
+    certList.push(cert);
+  });
+  return certList;
+}
+
+function areCertsEqual(certA, certB) {
+  let derA = certA.getRawDER();
+  let derB = certB.getRawDER();
+  if (derA.length != derB.length) {
+    return false;
+  }
+  for (let i = 0; i < derA.length; i++) {
+    if (derA[i] != derB[i]) {
+      return false;
+    }
+  }
+  return true;
+}
+
+function areCertArraysEqual(certArrayA, certArrayB) {
+  if (certArrayA.length != certArrayB.length) {
+    return false;
+  }
+
+  for (let i = 0; i < certArrayA.length; i++) {
+    const certA = certArrayA[i];
+    const certB = certArrayB[i];
+    if (!areCertsEqual(certA, certB)) {
+      return false;
+    }
+  }
+  return true;
+}
+
+function readFile(file) {
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  fstream.init(file, -1, 0, 0);
+  let available = fstream.available();
+  let data =
+    available > 0 ? NetUtil.readInputStreamToString(fstream, available) : "";
+  fstream.close();
+  return data;
+}
+
+function addCertFromFile(certdb, filename, trustString) {
+  let certFile = do_get_file(filename, false);
+  let certBytes = readFile(certFile);
+  try {
+    return certdb.addCert(certBytes, trustString);
+  } catch (e) {}
+  // It might be PEM instead of DER.
+  return certdb.addCertFromBase64(pemToBase64(certBytes), trustString);
+}
+
+function constructCertFromFile(filename) {
+  let certFile = do_get_file(filename, false);
+  let certBytes = readFile(certFile);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  try {
+    return certdb.constructX509(stringToArray(certBytes));
+  } catch (e) {}
+  // It might be PEM instead of DER.
+  return certdb.constructX509FromBase64(pemToBase64(certBytes));
+}
+
+function setCertTrust(cert, trustString) {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  certdb.setCertTrustFromString(cert, trustString);
+}
+
+function getXPCOMStatusFromNSS(statusNSS) {
+  let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"].getService(
+    Ci.nsINSSErrorsService
+  );
+  return nssErrorsService.getXPCOMFromNSSError(statusNSS);
+}
+
+// Helper for checkCertErrorGenericAtTime
+class CertVerificationExpectedErrorResult {
+  constructor(certName, expectedError, expectedEVStatus, resolve) {
+    this.certName = certName;
+    this.expectedError = expectedError;
+    this.expectedEVStatus = expectedEVStatus;
+    this.resolve = resolve;
+  }
+
+  verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) {
+    equal(
+      aPRErrorCode,
+      this.expectedError,
+      `verifying ${this.certName}: should get error ${this.expectedError}`
+    );
+    if (this.expectedEVStatus != undefined) {
+      equal(
+        aHasEVPolicy,
+        this.expectedEVStatus,
+        `verifying ${this.certName}: ` +
+          `should ${this.expectedEVStatus ? "be" : "not be"} EV`
+      );
+    }
+    this.resolve();
+  }
+}
+
+// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
+// In particular, hostname is optional.
+function checkCertErrorGenericAtTime(
+  certdb,
+  cert,
+  expectedError,
+  usage,
+  time,
+  /* optional */ isEVExpected,
+  /* optional */ hostname,
+  /* optional */ flags = NO_FLAGS
+) {
+  return new Promise((resolve, reject) => {
+    let result = new CertVerificationExpectedErrorResult(
+      cert.commonName,
+      expectedError,
+      isEVExpected,
+      resolve
+    );
+    certdb.asyncVerifyCertAtTime(cert, usage, flags, hostname, time, result);
+  });
+}
+
+// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
+// In particular, hostname is optional.
+function checkCertErrorGeneric(
+  certdb,
+  cert,
+  expectedError,
+  usage,
+  /* optional */ isEVExpected,
+  /* optional */ hostname
+) {
+  let now = new Date().getTime() / 1000;
+  return checkCertErrorGenericAtTime(
+    certdb,
+    cert,
+    expectedError,
+    usage,
+    now,
+    isEVExpected,
+    hostname
+  );
+}
+
+function checkEVStatus(certDB, cert, usage, isEVExpected) {
+  return checkCertErrorGeneric(
+    certDB,
+    cert,
+    PRErrorCodeSuccess,
+    usage,
+    isEVExpected
+  );
+}
+
+function _getLibraryFunctionWithNoArguments(
+  functionName,
+  libraryName,
+  returnType
+) {
+  // Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js
+  let path = ctypes.libraryName(libraryName);
+
+  // XXX really want to be able to pass specific dlopen flags here.
+  let nsslib;
+  try {
+    nsslib = ctypes.open(path);
+  } catch (e) {
+    // In case opening the library without a full path fails,
+    // try again with a full path.
+    let file = Services.dirsvc.get("GreBinD", Ci.nsIFile);
+    file.append(path);
+    nsslib = ctypes.open(file.path);
+  }
+
+  let SECStatus = ctypes.int;
+  let func = nsslib.declare(
+    functionName,
+    ctypes.default_abi,
+    returnType || SECStatus
+  );
+  return func;
+}
+
+function clearOCSPCache() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  certdb.clearOCSPCache();
+}
+
+function clearSessionCache() {
+  let nssComponent = Cc["@mozilla.org/psm;1"].getService(Ci.nsINSSComponent);
+  nssComponent.clearSSLExternalAndInternalSessionCache();
+}
+
+function getSSLStatistics() {
+  let SSL3Statistics = new ctypes.StructType("SSL3Statistics", [
+    { sch_sid_cache_hits: ctypes.long },
+    { sch_sid_cache_misses: ctypes.long },
+    { sch_sid_cache_not_ok: ctypes.long },
+    { hsh_sid_cache_hits: ctypes.long },
+    { hsh_sid_cache_misses: ctypes.long },
+    { hsh_sid_cache_not_ok: ctypes.long },
+    { hch_sid_cache_hits: ctypes.long },
+    { hch_sid_cache_misses: ctypes.long },
+    { hch_sid_cache_not_ok: ctypes.long },
+    { sch_sid_stateless_resumes: ctypes.long },
+    { hsh_sid_stateless_resumes: ctypes.long },
+    { hch_sid_stateless_resumes: ctypes.long },
+    { hch_sid_ticket_parse_failures: ctypes.long },
+  ]);
+  let SSL3StatisticsPtr = new ctypes.PointerType(SSL3Statistics);
+  let SSL_GetStatistics = null;
+  try {
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments(
+      "SSL_GetStatistics",
+      "ssl3",
+      SSL3StatisticsPtr
+    );
+  } catch (e) {
+    // On Windows, this is actually in the nss3 library.
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments(
+      "SSL_GetStatistics",
+      "nss3",
+      SSL3StatisticsPtr
+    );
+  }
+  if (!SSL_GetStatistics) {
+    throw new Error("Failed to get SSL statistics");
+  }
+  return SSL_GetStatistics();
+}
+
+// Set up a TLS testing environment that has a TLS server running and
+// ready to accept connections. This async function starts the server and
+// waits for the server to indicate that it is ready.
+//
+// Each test should have its own subdomain of example.com, for example
+// my-first-connection-test.example.com. The server can use the server
+// name (passed through the SNI TLS extension) to determine what behavior
+// the server side of the text should exhibit. See TLSServer.h for more
+// information on how to write the server side of tests.
+//
+// Create a new source file for your new server executable in
+// security/manager/ssl/tests/unit/tlsserver/cmd similar to the other ones in
+// that directory, and add a reference to it to the sources variable in that
+// directory's moz.build.
+//
+// Modify TEST_HARNESS_BINS in
+// testing/mochitest/Makefile.in and NO_PKG_FILES in
+// toolkit/mozapps/installer/packager.mk to make sure the new executable
+// gets included in the packages used for shipping the tests to the test
+// runners in our build/test farm. (Things will work fine locally without
+// these changes but will break on TBPL.)
+//
+// Your test script should look something like this:
+/*
+
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// <documentation on your test>
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("<test-server-name>", "<path-to-certificate-directory>");
+
+  add_connection_test("<test-name-1>.example.com",
+                      SEC_ERROR_xxx,
+                      function() { ... },
+                      function(aTransportSecurityInfo) { ... },
+                      function(aTransport) { ... });
+  [...]
+  add_connection_test("<test-name-n>.example.com", PRErrorCodeSuccess);
+
+  run_next_test();
+}
+*/
+
+function add_tls_server_setup(serverBinName, certsPath, addDefaultRoot = true) {
+  add_test(function () {
+    _setupTLSServerTest(serverBinName, certsPath, addDefaultRoot);
+  });
+}
+
+/**
+ * Add a TLS connection test case.
+ *
+ * @param {string} aHost
+ *   The hostname to pass in the SNI TLS extension; this should unambiguously
+ *   identify which test is being run.
+ * @param {PRErrorCode} aExpectedResult
+ *   The expected result of the connection. If an error is not expected, pass
+ *   in PRErrorCodeSuccess.
+ * @param {Function} aBeforeConnect
+ *   A callback function that takes no arguments that will be called before the
+ *   connection is attempted.
+ * @param {Function} aWithSecurityInfo
+ *   A callback function that takes an nsITransportSecurityInfo, which is called
+ *   after the TLS handshake succeeds.
+ * @param {Function} aAfterStreamOpen
+ *   A callback function that is called with the nsISocketTransport once the
+ *   output stream is ready.
+ * @param {OriginAttributes} aOriginAttributes (optional)
+ *   The origin attributes that the socket transport will have. This parameter
+ *   affects OCSP because OCSP cache is double-keyed by origin attributes' first
+ *   party domain.
+ *
+ * @param {OriginAttributes} aEchConfig (optional)
+ *   A Base64-encoded ECHConfig. If non-empty, it will be configured to the client
+ *   socket resulting in an Encrypted Client Hello extension being sent. The client
+ *   keypair is ephermeral and generated within NSS.
+ */
+function add_connection_test(
+  aHost,
+  aExpectedResult,
+  aBeforeConnect,
+  aWithSecurityInfo,
+  aAfterStreamOpen,
+  /* optional */ aOriginAttributes,
+  /* optional */ aEchConfig
+) {
+  add_test(function () {
+    if (aBeforeConnect) {
+      aBeforeConnect();
+    }
+    asyncConnectTo(
+      aHost,
+      aExpectedResult,
+      aWithSecurityInfo,
+      aAfterStreamOpen,
+      aOriginAttributes,
+      aEchConfig
+    ).then(run_next_test);
+  });
+}
+
+async function asyncConnectTo(
+  aHost,
+  aExpectedResult,
+  /* optional */ aWithSecurityInfo = undefined,
+  /* optional */ aAfterStreamOpen = undefined,
+  /* optional */ aOriginAttributes = undefined,
+  /* optional */ aEchConfig = undefined
+) {
+  const REMOTE_PORT = 8443;
+
+  function Connection(host) {
+    this.host = host;
+    this.thread = Services.tm.currentThread;
+    this.defer = PromiseUtils.defer();
+    let sts = Cc["@mozilla.org/network/socket-transport-service;1"].getService(
+      Ci.nsISocketTransportService
+    );
+    this.transport = sts.createTransport(
+      ["ssl"],
+      host,
+      REMOTE_PORT,
+      null,
+      null
+    );
+    if (aEchConfig) {
+      this.transport.setEchConfig(atob(aEchConfig));
+    }
+    // See bug 1129771 - attempting to connect to [::1] when the server is
+    // listening on 127.0.0.1 causes frequent failures on OS X 10.10.
+    this.transport.connectionFlags |= Ci.nsISocketTransport.DISABLE_IPV6;
+    this.transport.setEventSink(this, this.thread);
+    if (aOriginAttributes) {
+      this.transport.originAttributes = aOriginAttributes;
+    }
+    this.inputStream = null;
+    this.outputStream = null;
+    this.connected = false;
+  }
+
+  Connection.prototype = {
+    // nsITransportEventSink
+    onTransportStatus(aTransport, aStatus, aProgress, aProgressMax) {
+      if (
+        !this.connected &&
+        aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO
+      ) {
+        this.connected = true;
+        this.outputStream.asyncWait(this, 0, 0, this.thread);
+      }
+    },
+
+    // nsIInputStreamCallback
+    onInputStreamReady(aStream) {
+      try {
+        // this will throw if the stream has been closed by an error
+        let str = NetUtil.readInputStreamToString(aStream, aStream.available());
+        Assert.equal(str, "0", "Should have received ASCII '0' from server");
+        this.inputStream.close();
+        this.outputStream.close();
+        this.result = Cr.NS_OK;
+      } catch (e) {
+        this.result = e.result;
+      }
+      this.defer.resolve(this);
+    },
+
+    // nsIOutputStreamCallback
+    onOutputStreamReady(aStream) {
+      if (aAfterStreamOpen) {
+        aAfterStreamOpen(this.transport);
+      }
+      this.outputStream.write("0", 1);
+      let inStream = this.transport
+        .openInputStream(0, 0, 0)
+        .QueryInterface(Ci.nsIAsyncInputStream);
+      this.inputStream = inStream;
+      this.inputStream.asyncWait(this, 0, 0, this.thread);
+    },
+
+    go() {
+      this.outputStream = this.transport
+        .openOutputStream(0, 0, 0)
+        .QueryInterface(Ci.nsIAsyncOutputStream);
+      return this.defer.promise;
+    },
+  };
+
+  /* Returns a promise to connect to host that resolves to the result of that
+   * connection */
+  function connectTo(host) {
+    Services.prefs.setCharPref("network.dns.localDomains", host);
+    let connection = new Connection(host);
+    return connection.go();
+  }
+
+  return connectTo(aHost).then(async function (conn) {
+    info("handling " + aHost);
+    let expectedNSResult =
+      aExpectedResult == PRErrorCodeSuccess
+        ? Cr.NS_OK
+        : getXPCOMStatusFromNSS(aExpectedResult);
+    Assert.equal(
+      conn.result,
+      expectedNSResult,
+      "Actual and expected connection result should match"
+    );
+    if (aWithSecurityInfo) {
+      aWithSecurityInfo(
+        await conn.transport.tlsSocketControl.asyncGetSecurityInfo()
+      );
+    }
+  });
+}
+
+function _getBinaryUtil(binaryUtilName) {
+  let utilBin = Services.dirsvc.get("GreD", Ci.nsIFile);
+  // On macOS, GreD is .../Contents/Resources, and most binary utilities
+  // are located there, but certutil is in GreBinD (or .../Contents/MacOS),
+  // so we have to change the path accordingly.
+  if (binaryUtilName === "certutil") {
+    utilBin = Services.dirsvc.get("GreBinD", Ci.nsIFile);
+  }
+  utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  // If we're testing locally, the above works. If not, the server executable
+  // is in another location.
+  if (!utilBin.exists()) {
+    utilBin = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+    while (utilBin.path.includes("xpcshell")) {
+      utilBin = utilBin.parent;
+    }
+    utilBin.append("bin");
+    utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  }
+  // But maybe we're on Android, where binaries are in /data/local/xpcb.
+  if (!utilBin.exists()) {
+    utilBin.initWithPath("/data/local/xpcb/");
+    utilBin.append(binaryUtilName);
+  }
+  Assert.ok(utilBin.exists(), `Binary util ${binaryUtilName} should exist`);
+  return utilBin;
+}
+
+// Do not call this directly; use add_tls_server_setup
+function _setupTLSServerTest(serverBinName, certsPath, addDefaultRoot) {
+  asyncStartTLSTestServer(serverBinName, certsPath, addDefaultRoot).then(
+    run_next_test
+  );
+}
+
+async function asyncStartTLSTestServer(
+  serverBinName,
+  certsPath,
+  addDefaultRoot
+) {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  // The trusted CA that is typically used for "good" certificates.
+  if (addDefaultRoot) {
+    addCertFromFile(certdb, `${certsPath}/test-ca.pem`, "CTu,u,u");
+  }
+
+  const CALLBACK_PORT = 8444;
+
+  let greBinDir = Services.dirsvc.get("GreBinD", Ci.nsIFile);
+  Services.env.set("DYLD_LIBRARY_PATH", greBinDir.path);
+  // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD"
+  // does not return this path on Android, so hard code it here.
+  Services.env.set("LD_LIBRARY_PATH", greBinDir.path + ":/data/local/xpcb");
+  Services.env.set("MOZ_TLS_SERVER_DEBUG_LEVEL", "3");
+  Services.env.set("MOZ_TLS_SERVER_CALLBACK_PORT", CALLBACK_PORT);
+
+  let httpServer = new HttpServer();
+  let serverReady = new Promise(resolve => {
+    httpServer.registerPathHandler(
+      "/",
+      function handleServerCallback(aRequest, aResponse) {
+        aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+        aResponse.setHeader("Content-Type", "text/plain");
+        let responseBody = "OK!";
+        aResponse.bodyOutputStream.write(responseBody, responseBody.length);
+        executeSoon(function () {
+          httpServer.stop(resolve);
+        });
+      }
+    );
+    httpServer.start(CALLBACK_PORT);
+  });
+
+  let serverBin = _getBinaryUtil(serverBinName);
+  let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess);
+  process.init(serverBin);
+  let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  certDir.append(`${certsPath}`);
+  Assert.ok(certDir.exists(), `certificate folder (${certsPath}) should exist`);
+  // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
+  process.run(false, ["sql:" + certDir.path, Services.appinfo.processID], 2);
+
+  registerCleanupFunction(function () {
+    process.kill();
+  });
+
+  await serverReady;
+}
+
+// Returns an Array of OCSP responses for a given ocspRespArray and a location
+// for a nssDB where the certs and public keys are prepopulated.
+// ocspRespArray is an array of arrays like:
+// [ [typeOfResponse, certnick, extracertnick, thisUpdateSkew]...]
+function generateOCSPResponses(ocspRespArray, nssDBlocation) {
+  let utilBinName = "GenerateOCSPResponse";
+  let ocspGenBin = _getBinaryUtil(utilBinName);
+  let retArray = [];
+
+  for (let i = 0; i < ocspRespArray.length; i++) {
+    let argArray = [];
+    let ocspFilepre = do_get_file(i.toString() + ".ocsp", true);
+    let filename = ocspFilepre.path;
+    // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
+    argArray.push("sql:" + nssDBlocation);
+    argArray.push(ocspRespArray[i][0]); // ocsRespType;
+    argArray.push(ocspRespArray[i][1]); // nick;
+    argArray.push(ocspRespArray[i][2]); // extranickname
+    argArray.push(ocspRespArray[i][3]); // thisUpdate skew
+    argArray.push(filename);
+    info("argArray = " + argArray);
+
+    let process = Cc["@mozilla.org/process/util;1"].createInstance(
+      Ci.nsIProcess
+    );
+    process.init(ocspGenBin);
+    process.run(true, argArray, argArray.length);
+    Assert.equal(0, process.exitValue, "Process exit value should be 0");
+    let ocspFile = do_get_file(i.toString() + ".ocsp", false);
+    retArray.push(readFile(ocspFile));
+    ocspFile.remove(false);
+  }
+  return retArray;
+}
+
+// Starts and returns an http responder that will cause a test failure if it is
+// queried. The server identities are given by a non-empty array
+// serverIdentities.
+function getFailingHttpServer(serverPort, serverIdentities) {
+  let httpServer = new HttpServer();
+  httpServer.registerPrefixHandler("/", function (request, response) {
+    Assert.ok(false, "HTTP responder should not have been queried");
+  });
+  httpServer.identity.setPrimary("http", serverIdentities.shift(), serverPort);
+  serverIdentities.forEach(function (identity) {
+    httpServer.identity.add("http", identity, serverPort);
+  });
+  httpServer.start(serverPort);
+  return httpServer;
+}
+
+// Starts an http OCSP responder that serves good OCSP responses and
+// returns an object with a method stop that should be called to stop
+// the http server.
+// NB: Because generating OCSP responses inside the HTTP request
+// handler can cause timeouts, the expected responses are pre-generated
+// all at once before starting the server. This means that their producedAt
+// times will all be the same. If a test depends on this not being the case,
+// perhaps calling startOCSPResponder twice (at different times) will be
+// necessary.
+//
+// serverPort is the port of the http OCSP responder
+// identity is the http hostname that will answer the OCSP requests
+// nssDBLocation is the location of the NSS database from where the OCSP
+//   responses will be generated (assumes appropiate keys are present)
+// expectedCertNames is an array of nicks of the certs to be responsed
+// expectedBasePaths is an optional array that is used to indicate
+//   what is the expected base path of the OCSP request.
+// expectedMethods is an optional array of methods ("GET" or "POST") indicating
+//   by which HTTP method the server is expected to be queried.
+// expectedResponseTypes is an optional array of OCSP response types to use (see
+//   GenerateOCSPResponse.cpp).
+// responseHeaderPairs is an optional array of HTTP header (name, value) pairs
+//   to set in each response.
+function startOCSPResponder(
+  serverPort,
+  identity,
+  nssDBLocation,
+  expectedCertNames,
+  expectedBasePaths,
+  expectedMethods,
+  expectedResponseTypes,
+  responseHeaderPairs = []
+) {
+  let ocspResponseGenerationArgs = expectedCertNames.map(function (
+    expectedNick
+  ) {
+    let responseType = "good";
+    if (expectedResponseTypes && expectedResponseTypes.length >= 1) {
+      responseType = expectedResponseTypes.shift();
+    }
+    return [responseType, expectedNick, "unused", 0];
+  });
+  let ocspResponses = generateOCSPResponses(
+    ocspResponseGenerationArgs,
+    nssDBLocation
+  );
+  let httpServer = new HttpServer();
+  httpServer.registerPrefixHandler(
+    "/",
+    function handleServerCallback(aRequest, aResponse) {
+      info("got request for: " + aRequest.path);
+      let basePath = aRequest.path.slice(1).split("/")[0];
+      if (expectedBasePaths.length >= 1) {
+        Assert.equal(
+          basePath,
+          expectedBasePaths.shift(),
+          "Actual and expected base path should match"
+        );
+      }
+      Assert.ok(
+        expectedCertNames.length >= 1,
+        "expectedCertNames should contain >= 1 entries"
+      );
+      if (expectedMethods && expectedMethods.length >= 1) {
+        Assert.equal(
+          aRequest.method,
+          expectedMethods.shift(),
+          "Actual and expected fetch method should match"
+        );
+      }
+      aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+      aResponse.setHeader("Content-Type", "application/ocsp-response");
+      for (let headerPair of responseHeaderPairs) {
+        aResponse.setHeader(headerPair[0], headerPair[1]);
+      }
+      aResponse.write(ocspResponses.shift());
+    }
+  );
+  httpServer.identity.setPrimary("http", identity, serverPort);
+  httpServer.start(serverPort);
+  return {
+    stop(callback) {
+      // make sure we consumed each expected response
+      Assert.equal(
+        ocspResponses.length,
+        0,
+        "Should have 0 remaining expected OCSP responses"
+      );
+      if (expectedMethods) {
+        Assert.equal(
+          expectedMethods.length,
+          0,
+          "Should have 0 remaining expected fetch methods"
+        );
+      }
+      if (expectedBasePaths) {
+        Assert.equal(
+          expectedBasePaths.length,
+          0,
+          "Should have 0 remaining expected base paths"
+        );
+      }
+      if (expectedResponseTypes) {
+        Assert.equal(
+          expectedResponseTypes.length,
+          0,
+          "Should have 0 remaining expected response types"
+        );
+      }
+      httpServer.stop(callback);
+    },
+  };
+}
+
+// Given an OCSP responder (see startOCSPResponder), returns a promise that
+// resolves when the responder has successfully stopped.
+function stopOCSPResponder(responder) {
+  return new Promise((resolve, reject) => {
+    responder.stop(resolve);
+  });
+}
+
+// Utility functions for adding tests relating to certificate error overrides
+
+// Helper function for add_cert_override_test. Probably doesn't need to be
+// called directly.
+function add_cert_override(aHost, aSecurityInfo) {
+  let cert = aSecurityInfo.serverCert;
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(aHost, 8443, {}, cert, true);
+}
+
+// Given a host and an expected error code, tests that an initial connection to
+// the host fails with the expected error and that adding an override results
+// in a subsequent connection succeeding.
+function add_cert_override_test(aHost, aExpectedError) {
+  add_connection_test(
+    aHost,
+    aExpectedError,
+    null,
+    add_cert_override.bind(this, aHost)
+  );
+  add_connection_test(aHost, PRErrorCodeSuccess, null, aSecurityInfo => {
+    Assert.ok(
+      aSecurityInfo.securityState &
+        Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+      "Cert override flag should be set on the security state"
+    );
+  });
+}
+
+// Helper function for add_prevented_cert_override_test. This is much like
+// add_cert_override except it may not be the case that the connection has an
+// SecInfo set on it. In this case, the error was not overridable anyway, so
+// we consider it a success.
+function attempt_adding_cert_override(aHost, aSecurityInfo) {
+  if (aSecurityInfo.serverCert) {
+    let cert = aSecurityInfo.serverCert;
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    certOverrideService.rememberValidityOverride(aHost, 8443, {}, cert, true);
+  }
+}
+
+// Given a host and an expected error code, tests that an initial connection to
+// the host fails with the expected error and that adding an override does not
+// result in a subsequent connection succeeding (i.e. the same error code is
+// encountered).
+// The idea here is that for HSTS hosts or hosts with key pins, no error is
+// overridable, even if an entry is added to the override service.
+function add_prevented_cert_override_test(aHost, aExpectedError) {
+  add_connection_test(
+    aHost,
+    aExpectedError,
+    null,
+    attempt_adding_cert_override.bind(this, aHost)
+  );
+  add_connection_test(aHost, aExpectedError);
+}
+
+// Helper for asyncTestCertificateUsages.
+class CertVerificationResult {
+  constructor(certName, usageString, successExpected, resolve) {
+    this.certName = certName;
+    this.usageString = usageString;
+    this.successExpected = successExpected;
+    this.resolve = resolve;
+  }
+
+  verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) {
+    if (this.successExpected) {
+      equal(
+        aPRErrorCode,
+        PRErrorCodeSuccess,
+        `verifying ${this.certName} for ${this.usageString} should succeed`
+      );
+    } else {
+      notEqual(
+        aPRErrorCode,
+        PRErrorCodeSuccess,
+        `verifying ${this.certName} for ${this.usageString} should fail`
+      );
+    }
+    this.resolve();
+  }
+}
+
+/**
+ * Asynchronously attempts to verify the given certificate for all supported
+ * usages (see allCertificateUsages). Verifies that the results match the
+ * expected successful usages. Returns a promise that will resolve when all
+ * verifications have been performed.
+ * Verification happens "now" with no specified flags or hostname.
+ *
+ * @param {nsIX509CertDB} certdb
+ *   The certificate database to use to verify the certificate.
+ * @param {nsIX509Cert} cert
+ *   The certificate to be verified.
+ * @param {number[]} expectedUsages
+ *   A list of usages (as their integer values) that are expected to verify
+ *   successfully.
+ * @returns {Promise}
+ *   A promise that will resolve with no value when all asynchronous operations
+ *   have completed.
+ */
+function asyncTestCertificateUsages(certdb, cert, expectedUsages) {
+  let now = new Date().getTime() / 1000;
+  let promises = [];
+  Object.keys(allCertificateUsages).forEach(usageString => {
+    let promise = new Promise((resolve, reject) => {
+      let usage = allCertificateUsages[usageString];
+      let successExpected = expectedUsages.includes(usage);
+      let result = new CertVerificationResult(
+        cert.commonName,
+        usageString,
+        successExpected,
+        resolve
+      );
+      let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY;
+      certdb.asyncVerifyCertAtTime(cert, usage, flags, null, now, result);
+    });
+    promises.push(promise);
+  });
+  return Promise.all(promises);
+}
+
+/**
+ * Loads the pkcs11testmodule.cpp test PKCS #11 module, and registers a cleanup
+ * function that unloads it once the calling test completes.
+ *
+ * @param {nsIFile} libraryFile
+ *                  The dynamic library file that implements the module to
+ *                  load.
+ * @param {string} moduleName
+ *                 What to call the module.
+ * @param {boolean} expectModuleUnloadToFail
+ *                  Should be set to true for tests that manually unload the
+ *                  test module, so the attempt to auto unload the test module
+ *                  doesn't cause a test failure. Should be set to false
+ *                  otherwise, so failure to automatically unload the test
+ *                  module gets reported.
+ */
+function loadPKCS11Module(libraryFile, moduleName, expectModuleUnloadToFail) {
+  ok(libraryFile.exists(), "The PKCS11 module file should exist");
+
+  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  registerCleanupFunction(() => {
+    try {
+      pkcs11ModuleDB.deleteModule(moduleName);
+    } catch (e) {
+      Assert.ok(
+        expectModuleUnloadToFail,
+        `Module unload should suceed only when expected: ${e}`
+      );
+    }
+  });
+  pkcs11ModuleDB.addModule(moduleName, libraryFile.path, 0, 0);
+}
+
+/**
+ * @param {string} data
+ * @returns {string}
+ */
+function hexify(data) {
+  // |slice(-2)| chomps off the last two characters of a string.
+  // Therefore, if the Unicode value is < 0x10, we have a single-character hex
+  // string when we want one that's two characters, and unconditionally
+  // prepending a "0" solves the problem.
+  return Array.from(data, (c, i) =>
+    ("0" + data.charCodeAt(i).toString(16)).slice(-2)
+  ).join("");
+}
+
+/**
+ * @param {string[]} lines
+ *        Lines to write. Each line automatically has "\n" appended to it when
+ *        being written.
+ * @param {nsIFileOutputStream} outputStream
+ */
+function writeLinesAndClose(lines, outputStream) {
+  for (let line of lines) {
+    line += "\n";
+    outputStream.write(line, line.length);
+  }
+  outputStream.close();
+}
+
+/**
+ * @param {string} moduleName
+ *        The name of the module that should not be loaded.
+ * @param {string} libraryName
+ *        A unique substring of name of the dynamic library file of the module
+ *        that should not be loaded.
+ */
+function checkPKCS11ModuleNotPresent(moduleName, libraryName) {
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  let modules = moduleDB.listModules();
+  ok(
+    modules.hasMoreElements(),
+    "One or more modules should be present with test module not present"
+  );
+  for (let module of modules) {
+    notEqual(
+      module.name,
+      moduleName,
+      `Non-test module name shouldn't equal '${moduleName}'`
+    );
+    ok(
+      !(module.libName && module.libName.includes(libraryName)),
+      `Non-test module lib name should not include '${libraryName}'`
+    );
+  }
+}
+
+/**
+ * Checks that the test module exists in the module list.
+ * Also checks various attributes of the test module for correctness.
+ *
+ * @param {string} moduleName
+ *                 The name of the module that should be present.
+ * @param {string} libraryName
+ *                 A unique substring of the name of the dynamic library file
+ *                 of the module that should be loaded.
+ * @returns {nsIPKCS11Module}
+ *          The test module.
+ */
+function checkPKCS11ModuleExists(moduleName, libraryName) {
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  let modules = moduleDB.listModules();
+  ok(
+    modules.hasMoreElements(),
+    "One or more modules should be present with test module present"
+  );
+  let testModule = null;
+  for (let module of modules) {
+    if (module.name == moduleName) {
+      testModule = module;
+      break;
+    }
+  }
+  notEqual(testModule, null, "Test module should have been found");
+  notEqual(testModule.libName, null, "Test module lib name should not be null");
+  ok(
+    testModule.libName.includes(ctypes.libraryName(libraryName)),
+    `Test module lib name should include lib name of '${libraryName}'`
+  );
+
+  return testModule;
+}
+
+// Given an nsIX509Cert, return the bytes of its subject DN (as a JS string) and
+// the sha-256 hash of its subject public key info, base64-encoded.
+function getSubjectAndSPKIHash(nsCert) {
+  let certBytes = nsCert.getRawDER();
+  let cert = new X509.Certificate();
+  cert.parse(certBytes);
+  let subject = cert.tbsCertificate.subject._der._bytes;
+  let subjectString = arrayToString(subject);
+  let spkiHashString = nsCert.sha256SubjectPublicKeyInfoDigest;
+  return { subjectString, spkiHashString };
+}
+
+function run_certutil_on_directory(directory, args, expectSuccess = true) {
+  let greBinDir = Services.dirsvc.get("GreBinD", Ci.nsIFile);
+  Services.env.set("DYLD_LIBRARY_PATH", greBinDir.path);
+  // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD"
+  // does not return this path on Android, so hard code it here.
+  Services.env.set("LD_LIBRARY_PATH", greBinDir.path + ":/data/local/xpcb");
+  let certutilBin = _getBinaryUtil("certutil");
+  let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess);
+  process.init(certutilBin);
+  args.push("-d");
+  args.push(`sql:${directory}`);
+  process.run(true, args, args.length);
+  if (expectSuccess) {
+    Assert.equal(process.exitValue, 0, "certutil should succeed");
+  }
+}
diff --git a/security/manager/ssl/tests/unit/moz.build b/security/manager/ssl/tests/unit/moz.build
new file mode 100644
index 0000000000..561502dd51
--- /dev/null
+++ b/security/manager/ssl/tests/unit/moz.build
@@ -0,0 +1,10 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ["tlsserver", "test_signed_apps"]
+
+if not CONFIG["MOZ_NO_SMART_CARDS"]:
+    DIRS += ["pkcs11testmodule"]
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem
new file mode 100644
index 0000000000..354741fc50
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUAywOkzxiH/uWcwxb85Yy3OI46WgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAvMS0wKwYDVQQDDCRUZXN0IEludGVybWVkaWF0ZSB1c2VkIGFz
+IEVuZC1FbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjcjBwMAwGA1UdEwQFMAMBAf8wMgYIKwYBBQUHAQEE
+JjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMCwGA1UdEQQl
+MCOCIWNhLXVzZWQtYXMtZW5kLWVudGl0eS5leGFtcGxlLmNvbTANBgkqhkiG9w0B
+AQsFAAOCAQEAN+g9N3uhls8y70fGORVEyYVjBmMCFeQz3DQw3u1J7+aHe6efygSP
+OKPXW3SbHSxlPFIsicVSHO3sso3zUGoedMw0KSyni4tR4yQ9jllrqijVCWorqRbU
+tlseF5hfw7DsKcl6jGA5UN0Aiq9SwKArdkRL+0Ykk0a/rxMEiOjf/Ao3ImfJnsCa
+frDKqziMWOmQtxrVTabpgRqCd1gtTg4cCsy7Yto8v4Gn1N/EL8FAXGWOieWDQ2Iv
+UFd9p0eTReBbRNC/QuZa7nEEAh4JO+JCAW4rHI6+beSPCT+lFQbF8sAJYSMGf0lb
+LAwyUGAPPLRx+SweIClb4EO+iVAFuR0Tug==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
new file mode 100644
index 0000000000..8e16705b50
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate used as End-Entity
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:ca-used-as-end-entity.example.com
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem
new file mode 100644
index 0000000000..5dc7cf4ef8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUOYwND1zpte36abEsvdvudfnxjHgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcow
+gccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tghUqLnBp
+bm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu
+ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQBr5H7lb24bMQYGDFY5qeMDNcti
+AI4rI7Nu0aMvZtDcxqHkIg/a7nr7WeQc3gCg8mUJ6xvreXxRswrudZzjjsGiTbym
+qjEz7HYrbvdWh5bLtdL7aoP1KmFD722guwdXVYQ7tx65oHroH+UCU28VT/+WzsHc
+5OjBqZvR928aWEXwIen9lhdk/5Rq2IrFqCTuUrNR5aiP6gJZoy4nIh3IFIxqWzsm
+lOjqvzSQIuo+gLN7oduafrwetpp8ywSrDVTtp9yckIHuW8css+OZLfqbFPMSFRJo
+Qee+FhxaGgDoRGk8oVGYyTJYUPIReZa5dtNPKs1JQvdqhIeUwA3GnJBTFCan
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
new file mode 100644
index 0000000000..554339ff52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem
new file mode 100644
index 0000000000..f4fdae14e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAcugAwIBAgIUKXbCwsfJrBWAUYFNDXaeg/nfIPswDQYJKoZIhvcNAQEF
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAoMSYwJAYDVQQDDB1UZXN0IFNIQTEgRGVsZWdhdGVkIFJlc3Bv
+bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpn
+kfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJE
+xYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG
+680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYl
+R5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbx
+h83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkd
+cSFo07sCAwEAAaMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF
+BQADggEBAJuSur2pt9LuJ+4USQAyLvqDma1oSdkBaXbB/fjkCF/grTsJRZ4ibOaW
+QN06nCHoqhML1Ygdief7unpXtIj9XQS2r7PT08tT3Dxr+2vJdJ4WQV6bb/hAorSp
+K3ow3irQVUmcRFq6ef0SJuluddll4jlxfc0gfd7SLQSFF5QwXEwAeXs3iy0W51Kr
+F47M/VMoTCFSa18x5omLBFx8SyGi4Ufmd+Pk2UW5vTP1S9RydAmZlzNT+v0IaRWD
+SQikynGTO1HA0ev8+RRmjtpZH7S8yJgbbF2BQ0FvDRMvhetn+Au+wn/WAsAf5vBF
+5/QwEp6OjNkmPPqOOyuQwMPrBhetPFM=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
new file mode 100644
index 0000000000..bdf3e2ee4d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test SHA1 Delegated Responder
+subjectKey:alternate
+signature:sha1WithRSAEncryption
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem
new file mode 100644
index 0000000000..5be9b76540
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcagAwIBAgIUAewwnrqZ1D+uII39v6YmAKyJvBkwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhUZXN0IERlbGVnYXRlZCBSZXNwb25kZXIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBdcZSZgmfdwgqZ5HxuHbD
+f1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBICRMWEpMRI
+MwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzHBuvNMHDs
+mMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZmJUeX7UJp
+CIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW8YfN1U6D
+KzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4ZHXEhaNO7
+AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IB
+AQBXSzxBevwLvKO1eCAbuJrNNXXY4Z816s/+Hlf8Ike2M5Zx9XuGmMRjimDksuip
+Jq/iWpwPOAWtQSzdyHYtQT8eY9KAGxzdZL78P+VTLhQVOVdTxoPd/W3yBoHofnNF
+xmJy2MS/3aRO8s8fIh3B/RwXrh18nFVc9zSwwHOjGeu3r3cbdgr2TuabDaxB7EFu
+e2P6NEiAhbK3GzXrxx2P3SoAf08AznoU1ByQ2FxM9xLdSvvM0zLilDuMu1E/VPcB
+7Qf7yLjlYJ/zj1rXGlJeNpDxUJS1hHUmv3csLPiYVPBIgDlnMPbZbEgZMByCLKvr
+EYnk3LpYcUin64yag3fy8ND5
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
new file mode 100644
index 0000000000..19971eeb4d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Delegated Responder
+subjectKey:alternate
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem
new file mode 100644
index 0000000000..82e866fb1d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIUTdVj/pzuxlxEfL7vEQpILaExEJowDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowPTE7MDkGA1UEAwwyVGVzdCBJbnZhbGlkIERl
+bGVnYXRlZCBSZXNwb25kZXIgRnJvbSBJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvU
+b6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqG
+J2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HF
+vmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7k
+jOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dh
+ZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAGjFzAVMBMG
+A1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQBsAeKHkIwoG0QZ
+yLFd+txRTVP7Qetuipuvlk+n1/L1Nf1oGKrW66aJXgtdIerHnvLsODNqHHyhCY8e
+2wI9sMcWQXMi+ceFZc8iqp+qE0GmDs9XLh26tW1GMLWb/BjEzHD+sOGaKNT61fhY
+Y9FD19LU4P3ORbafT97TfkjGH+YublvdGVOtvRETnSrPfJgGeMYACVMFLaFFxzsg
+JX2AH4zUIa4usme2gCOTgs7SjHXCOV/tAmoG672kvsaFswpd+CJUYf84CAqm3gvh
+YWFoBO19lK40Je/eUYU3WvAUTKsnRh2xY29r7Pp91aspZFgTdGRttUl0s7WfutTc
+HQlKG3tJ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
new file mode 100644
index 0000000000..be0d3e9e5f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate
+subject:Test Invalid Delegated Responder From Intermediate
+subjectKey:alternate
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem
new file mode 100644
index 0000000000..c0356e01ec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAdqgAwIBAgIUMy0wGcubgpwZ35tXDgLmzbETHSEwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjA/MT0wOwYDVQQDDDRUZXN0IEludmFsaWQgRGVsZWdhdGVkIFJl
+c3BvbmRlciBrZXlVc2FnZSBjcmxTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+mWtoq3UHI
+wkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidguuai6PNv
+I8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5maR0rLf7I
+SURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izmh4HdIram
+nNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWckKrH9bWIU
+DRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABow8wDTALBgNVHQ8EBAMC
+AQIwDQYJKoZIhvcNAQELBQADggEBAA3bDvQitwX8KjvlT11SuggsrbQvwWN4QMFr
+Rqre+0XQexGsVPxBbo44T71AYSYOQHIaOje5yETj23Uw6aiH8eNYdt61mspkRQ68
+v6laay/+txJZFqByGpbK24saFVThj21WIVc9s7HCvVpeSoYWidfWtLIKlmsQ8qLi
+XzBRqsbaRtfxDRrAW2WmmUfX34gL19ztHKOa84hnFyTahMIPFt9XVixWa1Tdg8Ny
+bGGb8SpPNPXuDoBbnHRvlEWjANs5qKPzH2X3HzEkfQIG0o3+WwgXqZ+wzdruO+SP
+LYcNF2gBvXBTfxN25r3G8DfHuaaPxfDLpc0E6+yWQzvIIsFSVqY=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
new file mode 100644
index 0000000000..2833ed9b52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder keyUsage crlSigning
+subjectKey:alternate
+extension:keyUsage:cRLSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem
new file mode 100644
index 0000000000..197aac8ba1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcSgAwIBAgIUR5DeATqHByZLzUBs0J6D5tz7veEwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjA6MTgwNgYDVQQDDC9UZXN0IEludmFsaWQgRGVsZWdhdGVkIFJl
+c3BvbmRlciBObyBleHRLZXlVc2FnZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSj
+s8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMT
+ud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvF
+o+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UT
+H5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4
+xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+XrKScU1DSiU4Wyk+16PPc8LW3nboaHG+GYOY615veGXsKwVx7OV3aaOvscU57Qng
+2HFPJl8J7wX18aYqAwkIcE5yVtlzygGhVQoEZLo5VsTuJI5BNJ2hY0OgOI2J2yHR
+IGgUp3ypjYxl3QvGKJ41l8lCtZbsvm5tc5uyek0hLqi1SNbMBqPMLlUj5jDYVfmw
+CnqI4fGJ/Abhmv5RF9AfQTGSUNcHuHVmOkbJjRLXymdf2ugmxaDc/ub5TzecW0Bk
+QM5tkGp8gylULaBG1arfGYiiBsHyB5g8aXkbPCF3JpdLw77KEaaecAodLADpolFl
+ivwFQr1BpNeNOTML58CAbg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
new file mode 100644
index 0000000000..92444c94ad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder No extKeyUsage
+subjectKey:alternate
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem
new file mode 100644
index 0000000000..0aeb81e4f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+DCCAeCgAwIBAgIUTYsUyQ3d/zW8mtQDOm0FSHaNj9owDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjA9MTswOQYDVQQDDDJUZXN0IEludmFsaWQgRGVsZWdhdGVkIFJl
+c3BvbmRlciBXcm9uZyBleHRLZXlVc2FnZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJ
+isSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF
+2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElE
+WQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzS
+g3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0Y
+xMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMXMBUwEwYDVR0lBAwwCgYI
+KwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAHpiUjR7ajUbQR7xFFMgOQ07scjM
+nPo7lDUwtnbM7jFVtEAuSCeSkifDj4/ProqoQSU5fcLfKDScTbD1boxspjnoJXtQ
+tHMwzQB+bldObBAgmolWGqPbTBAhCMajlOZrXBVMVZPRefP8+1OqnNLp9ZZMUyNk
+thRWcRXaGbhJliVaynxxtNE4PBW7PxKgQ/apmXFyuqRPSJZ1E0VOX6z0VgXPdMX9
+BguPjLQP6k3LGZBWKdyHM6PgGcMmplvaE/96KeFat4fZ+75VstEuym1JffQe3iQ6
+uYyilCfdEAKyF87AlmB0EejnxyDNYXLR8QtAoCtdPJptUfbbESKPPnl8H/0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
new file mode 100644
index 0000000000..bc704fbd41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder Wrong extKeyUsage
+subjectKey:alternate
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem
new file mode 100644
index 0000000000..4ff3d7f896
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAgygAwIBAgIUP/7EjIlvsUJM2IjufQuGIZ0rkqUwDQYJKoZIhvcNAQEL
+BQAwNzE1MDMGA1UEAwwsVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdWx0aXBsZSBU
+TFMgRmVhdHVyZXMwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFow
+LDEqMCgGA1UEAwwhTXVsdGkgVExTIEZlYXR1cmUgVGVzdCBFbmQtRW50aXR5MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABoy8wLTAYBgNVHREEETAPgg0qLmV4YW1wbGUuY29tMBEGCCsGAQUFBwEYBAUw
+AwIBBTANBgkqhkiG9w0BAQsFAAOCAQEAt0ShK8cvzeMbCn9QkZMRzjYIWGXDSOr8
+05nKaKmumAGSp3ZYmVa3ux1TkVSJZ2TQuxiomUdv7tQabswMI8tW33QwjUsNv8zD
+/6+3PyLyFJKsStn3wYxoL/3DAimkxGwBoruS1UD89oZrkkFJCk0RQ5cJPh32mgvh
+p9vAB85TC1xRdr/VPkDoTFj1wIZrzwkcx9ReG1engf7fluaKy/duXP4WDDmiGP93
+ulBYr8HbvhAXbnaVSo4FcIe22lIqUoizzL3yoFLLqmu2IaQm9Oxt/+6rcLsOBTwD
+lQtXGg3nayKap5GPXEkhN7PRAqQ5HwKMsdlQ9MEjDvjzvci0pJ2JAg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec
new file mode 100644
index 0000000000..3fa2793b30
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Multiple TLS Features
+subject:Multi TLS Feature Test End-Entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem
new file mode 100644
index 0000000000..470d99a725
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJzCCAg+gAwIBAgIUXSCXXXLmmsba5ku37x7zJJ4isEEwDQYJKoZIhvcNAQEL
+BQAwNzE1MDMGA1UEAwwsVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdWx0aXBsZSBU
+TFMgRmVhdHVyZXMwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFow
+LDEqMCgGA1UEAwwhTXVsdGkgVExTIEZlYXR1cmUgVGVzdCBFbmQtRW50aXR5MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABozIwMDAYBgNVHREEETAPgg0qLmV4YW1wbGUuY29tMBQGCCsGAQUFBwEYBAgw
+BgIBBQIBBjANBgkqhkiG9w0BAQsFAAOCAQEAo5Z4o5AYQSGGGaTVTlbbthu9zFwg
+Zvf9kqcEnq1HjAfs0zaOwX1M4VMbrzzfyiqqKVxTOmtwcW2yKVPE1ik3CKH8BVCj
+o3VwRTrPMkBqBGjrOg15NTSwbNxknYB7HyokfNdH4ANQnCs0DYDZVBAt157rIG3K
+oMYyK3aSlEDG2+GIX/fhDBXmkII2b8t7QS9ZT2lwzLxNXz+bKJ+HpAKYcgs7vMGt
+ykZSsRuPEfq/5WnbKpjIc6E2/l1kkpFsR54582kjYPjSA1Y579IoYgbPsk5VHhSV
+7Qg8SJopYa2yo69dFevXsDU2Tv2n4HcX0Cl3c6yermBS6wQUoN4Ek88IuQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec
new file mode 100644
index 0000000000..7a8dd223d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Multiple TLS Features
+subject:Multi TLS Feature Test End-Entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple,6
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem
new file mode 100644
index 0000000000..353301df55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCDCCAfCgAwIBAgIUExI7fUz3GmcjMScLiiOCQIkXurQwDQYJKoZIhvcNAQEL
+BQAwLTErMCkGA1UEAwwiVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdXN0LVN0YXBs
+ZTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAaMRgwFgYDVQQD
+DA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjLzAtMBgGA1UdEQQRMA+CDSouZXhhbXBs
+ZS5jb20wEQYIKwYBBQUHARgEBTADAgEFMA0GCSqGSIb3DQEBCwUAA4IBAQAZLyDW
+Mx2MhSfaOkL1LUymUrWbyB97LRlg/6gj/V9KX0+lu1uKGCpAVkie70JY1kCmDZGY
+PraE+08mqS2dakJAG8fF3G39nHBKOIHV6pgC1oFwdIQNji6Gfng+bW7wY2V/CvpF
+kxvDti4zNqxWFeulyqVY+9HElVqUHaU6cwU3Jyp6F1JY9IXKmp/Qn9/qpc/jVYtg
+hIzXC0ek4Idoun/g0xyPdvGSqV1xOqNQLln6VrDGVgTHY8MvhERdpobaGeCjcIr4
+dHy2QRXOZ9teBu99hjrUs5orw0cU3VrYqquZmkT5hlHzB88uCzCL9yanRiRu7sT6
+AT1rIoY65dulzXxu
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec
new file mode 100644
index 0000000000..352a60675d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Must-Staple
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem
new file mode 100644
index 0000000000..9ef0a6cd32
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgmgAwIBAgIUQTtN9ShJt1pBjl2mkQLi2h6ZarAwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjYzBh
+MBgGA1UdEQQRMA+CDSouZXhhbXBsZS5jb20wEQYIKwYBBQUHARgEBTADAgEFMDIG
+CCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4
+LzANBgkqhkiG9w0BAQsFAAOCAQEAOGWQ8cQnxcL3TyI+iGwT1QaoQKWZ73wNAfKM
+5jOslqRAWYXa5wvSWs4U5EnNhL5BxTGQJodJX9nSTwLnG3UnFAORu/zong8A31tj
+mEuKfsOr2AyLcldaIPGhSSbHkIh3lTOmsGavpBKCiOgTdZDJ0m9XmIWZQquPAUU5
+YrYpdYmE3uyduhz3yRJPpbMGjqUVBJ2JxNlJZKBe6rOksfbDqZOnAeFCDwMPmu5u
+qKGU1ZdPftOd9kUjgDUL8VdfyJYQTalsCEOnwbfeeXVj3uQM+K7GKkIXpM65odyN
+A2ixTwF+4F+O0Ud5gbsv6SRL2NuQ9QS8AWck5sFgNeXCp7lpxQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec
new file mode 100644
index 0000000000..43edfff0d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem
new file mode 100644
index 0000000000..5224806264
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9TCCAd2gAwIBAgIUBTqttZK9tUuSoydawQZiIsRJzMgwDQYJKoZIhvcNAQEL
+BQAwLTErMCkGA1UEAwwiVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdXN0LVN0YXBs
+ZTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAaMRgwFgYDVQQD
+DA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHDAaMBgGA1UdEQQRMA+CDSouZXhhbXBs
+ZS5jb20wDQYJKoZIhvcNAQELBQADggEBAGSfCLtcdh40aAmR7FuDlsEFNB6WCFiA
+KZqgmPKAgwUxz06fzjRD6WKaUIu9EWc2EWOm33mT0ZxDCKveNH7PWaWncqiD+39e
+ufBp/9wchIYRL20RnCjSyWgoY0q2GQcpce4VkKEMsvqVX9PawPHDtDtN83j26Bpt
+ss+WaxmMPMr10M2mXiA4p7YxtyvMUC7mM0uz4oLMVy0zr6u+aYES24wFbMHtDSuv
+luxEdukhgft60ZWRQ87WlLBXthPbF51DOQuMdJkaT9xgWXOQYAHSe9B9mJuHHgne
+ldtJmEHhMY56HZnq5lCfH88HLQ3hjdkvW2C/s/cUTzmOg9K2v9dxehs=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec
new file mode 100644
index 0000000000..8e4a6ac0c5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate With Must-Staple
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem
new file mode 100644
index 0000000000..eeba74d122
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUa3IIjkCGtQbW1mfI5/tlV15JkwYwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowLDEqMCgGA1UEAwwhVGVzdCBFbmQtZW50aXR5
+IHdpdGggSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1swWTAjBgNVHREEHDAagglsb2NhbGhv
+c3SCDSouZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo
+dHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQBQdbi6gS1G
+Dcd5PlWuNRCK9xO4hKNZWsLVtjomtwkGJ2rLlQzdjyOAOMMLBPAHwXr4/sL4XMfz
+g4yw99gpcHViVXr1LZ/ARsatRU2EiGm9At3c2BeES9dxuY7E8TNOyh/JzD4aeBHB
+IHji5+BfqWBNtX9KiuzKI1/rk9jNkqX43vlH+g0NDgRR+qzFZ7d+4cI9RCAjIn+l
+tDq+SXHeE6qNVhgPVrusCJ2BCUYdTurQJlN6SexScXADVduOH/A6Wgn6wqBk590B
+Pyo2uwGOQqPUdmZjuOZT3uEP3S/HZvU1CWhTolTngRU6hYYRUs/bOfa07YvnWfN+
+/pXB66XSWvAu
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
new file mode 100644
index 0000000000..ae3a51565a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate
+subject:Test End-entity with Intermediate
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem
new file mode 100644
index 0000000000..ecba24b47e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIUZfBhvLmi3hqAmDxDC+6crWnZTTYwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAVMRMwEQYDVQQDDApPdGhlciBDZXJ0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1swWTAjBgNV
+HREEHDAagglsb2NhbGhvc3SCDSouZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAk
+MCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEB
+CwUAA4IBAQCLXvngvubhkgVriBewAl1S6mx6VygmmNBglPAXKZMn9z46bmdFmoAZ
+oz6yV3/w0xO07EauQwZCdZesVpkLZYDmIgJdJT0qhXoke6hhBb05Lv9ybqPsNyWA
+1ezX8ZevXX19GOBZCuasCQhLrzn838OIfD9VPPHYhPEjjbuHDzK9vCkJXdRtb8QL
+jJxRQ2zrhyQAW83JdGhKKcERU+lcrwohKxEGnIMbjeaHkBhHAQqeQ/ZXS1ZXQREf
+sU9w5OMAkmcHPbjQqsrBfW4JBZE17oan+dkDlLDD7tpKwDVtnTgcU4bn9l2Tkn8M
+FE8s5Z7aVz2HVz5OeEkSs2tMubzFn8LO
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
new file mode 100644
index 0000000000..5756f6ab5f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Other Cert
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key
new file mode 100644
index 0000000000..abde350c28
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq
+Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC
+RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH
+BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm
+JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW
+8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z
+HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw
+aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL
+GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH
+R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8
+/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q
+5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ
+xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG
+8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l
+Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ
++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk
+IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52
+TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH
+4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY
+T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM
+RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x
+hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8
+oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS
+vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6
+S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r
+KVFR3kS3f+Vaew3yceGaZcA=
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
new file mode 100644
index 0000000000..cbd5f309c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem
new file mode 100644
index 0000000000..a2e264030a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcegAwIBAgIURym6o+VN9xgZXT/QLrvN/nv1ZN4wDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTAiGA8yMDE1MDEwMTAwMDAwMFoY
+DzIwMjUwMTAxMDAwMDAwWjAYMRYwFAYDVQQDDA1PdGhlciB0ZXN0IENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5Tiw
+bErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROM
+AQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5Aql
+kdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFC
+IGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMP
+dLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQAB
+ox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AQEAtXplrvls6HSbbibpzfGxOPmSuh2TH05bE4vQk+d7Kz6EOAFvgTiZbLwTxbrQ
+gfrM05t+67C2nAeiwAtW34nUnu6S8MYA6mJjURWICbl7cAvCHuNjg1atVr6f1Y+9
+VFFG6aUibw3bzKneREmDEVcxlEWUaMvv/JjfyMA5veSyX6iTJYkIBrEiVV5Alzg5
+yVHBi6+tpuJDO/YLlG8kmfzkYeJkTyAGx1EJ2yQHim7R232638yb0KrhS4zKsfFU
+egHhM4c+MpiCLc9q2EgblbYGx5GM+2leuzXunj1KPClHFrnmkRRm3rcESG2pK9RN
+/48Nd38VNofRojEbzDSCdOFmow==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
new file mode 100644
index 0000000000..3bc975aa22
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
@@ -0,0 +1,7 @@
+issuer:Other test CA
+subject:Other test CA
+issuerKey:alternate
+subjectKey:alternate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key
new file mode 100644
index 0000000000..d43495f851
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl
+GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ
+BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh
+WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK
+1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2
+s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV
+nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+
+gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr
+QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA
+Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh
+AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur
+SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx
+vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx
+nmTT4A==
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
new file mode 100644
index 0000000000..21ed73d60b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
@@ -0,0 +1 @@
+rsa1016
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem
new file mode 100644
index 0000000000..b454679f59
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICazCCAVOgAwIBAgIUeyDBOS9mtFv5N72V2YIHiWmPZdIwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjA1MTMwMQYDVQQDDCpSU0EgMTAxNiBLZXkgU2l6ZSBUZXN0IERl
+bGVnYXRlZCBSZXNwb25kZXIwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKb
+sS+4T93NKbOlGctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJ
+aj7SBxZVNKqZBX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyv
+bXvmnZoIMTbhWvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAaMXMBUwEwYDVR0lBAww
+CgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggEBAINTMoS5aPwzfldv/8/emhhg
+PWe+KWFgeyO1el82X0EsrazazEKLk1dtARBDYWCL5BnksnLGpWYZgW4/yqf0CUq+
+MQSxid5YA1/wNhleZV4j2zz+ztdjDMzp2bltPBJjczdck5k9BHBcJcYJ/lnysW+b
+6w1ezHDbv2UfdCIch+W+W1NotJDR7DpZ6oXt9+q/sM7pmRPBaAsKWogXYbSPvPca
+fqSgYlgkk3QCm1I4wjlGX4O9mIGwKPkdqpCKyQFkiK2nS1RX2TBzx+iRJhVFUXRF
+OmVG+yNaEYHgD/SJWWmM6aN7sKSn4Ijr5IniPlhJkE2B+wSyikeEMBrRso8eoF0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
new file mode 100644
index 0000000000..05f73368a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:RSA 1016 Key Size Test Delegated Responder
+subjectKey:rsa1016
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem
new file mode 100644
index 0000000000..67e7ca56e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUP5NBbozOXrtwcuQwu3pzUXbOl7owDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjASMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEABBSMkSBFq/bK
+LpntIx6QJdqPtmnjdjwTpCbQyKKfQjjrazCfru5SheZq7ACtQ0uWFokUOQhB+Xvv
+sqy9HqJhK4UN0zfNPjtkHOSbNefWXOseEzA6XxuaCzQXWOp1WNNPnfdtYZizy6hT
+fKuKjhniKLmIQD61KNl7Ev1hWUhWC7R8U+IFztXusYYFUUmqqaZ/v7lNfY1sHu4k
+zHQFp+xqeaXvkoRpTXhoSdwDQ7ldquwqMM0NIQXlhtcmg7IYwZBGlJgzoejN4k2H
+2WycvxPW70I10NeAAhtie1+K4JHwr6/SLLwCCnJDoRMMpMhM9/853Ye/4PTDGhuK
+fqhEoHH9Ig==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
new file mode 100644
index 0000000000..5d2435d7bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test CA
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem
new file mode 100644
index 0000000000..08249b863e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcWgAwIBAgIUa0X7/7DlTaedpgrIJg25iBPOkIMwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMjUw
+MTAxMDAwMDAwWjAcMRowGAYDVQQDDBFUZXN0IEludGVybWVkaWF0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEB
+AILNZM9yT9ylMpjyi0tXaDORzpHiJ8vEoVKk98bC2BQF0kMEEB547p+Ms8zdJY00
+Bxe9qigT8rQwKprXq5RvgIZ32QLn/yMPiCp/e6zBdsx77TkfmnSnxvPi+0nlA+eM
+8JYN0UST4vWD4vPPX9GgZDVoGQTiF3hUivJ5R8sHb/ozcSukMKQQ22+AIU7w6wyA
+IbCAG7Pab4k2XFAeEnUZsl9fCym5jsPN9Pnv9rlBi6h8shHw1R2ROXjgxubjiMr3
+B456vFTJImLJjyA1iTSlr/+VXGUYg6Z0/HYnsO00+8xUKM71dPxGAfIFNaSscpyk
+rGFLvocT/kym6r8galxCJUo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
new file mode 100644
index 0000000000..33b42c2f41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem
new file mode 100644
index 0000000000..1dc63c35df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIURRwvssJseXcmi8J+DidsPsKTfhEwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjA3MTUwMwYDVQQDDCxUZXN0IEludGVybWVkaWF0ZSBXaXRoIE11
+bHRpcGxlIFRMUyBGZWF0dXJlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMzMDEwDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwFAYIKwYBBQUHARgECDAGAgEFAgEGMA0GCSqGSIb3DQEBCwUAA4IB
+AQARO+X9UxpurzrcJYzIVlqj5EB2i8Z3NFXat159KiOjX6AK58VtIAAWl8d+q1FU
+s40sJ7wFks7h2f/WW9/Yu51nrrtUPIwy/G/gFU09Y9k4eRKLaE+Mi7pIkmp1txvd
+DoZZ1tnxF48zer8jOWCQkuj3P0G0IGs2brHAapWoGlGvIec0jw864f6rj/5YCioi
+BAAy8uRJUmrIq5F2vxl5DjbOzTvNVuG59vTGzFYVMYOWG4QppJVL2rh7zv4jf0z1
+PQj1yFceL34Xghpq9ZlKI6QuQepJDYZlQTiHHAvBl+cIqr59qXiIL0BV/0f4I3+E
+Y7drz37LNNez8NejKWP0gArr
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec
new file mode 100644
index 0000000000..3f0e925aae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate With Multiple TLS Features
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:TLSFeature:OCSPMustStaple,6
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem
new file mode 100644
index 0000000000..38f4fffd53
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDATCCAemgAwIBAgIUG5VJbCoDE3nEodUerxQAr2DeaFswDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAtMSswKQYDVQQDDCJUZXN0IEludGVybWVkaWF0ZSBXaXRoIE11
+c3QtU3RhcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABozAwLjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAR
+BggrBgEFBQcBGAQFMAMCAQUwDQYJKoZIhvcNAQELBQADggEBAAxbb8Gv/Uq2Hz87
+midUQPnDCNSoBdHrZQfKDe9thI3K+U6sRleKFXHr/c3ZMNYIDKAx0viokFzBnGzS
+sAdW+So5bFaL2TZWoW9dfxpKVk0bzesKYlovD+BCbSkIM+YLBSL47yGox2n1dgca
+b293XtdBglEZcMaDhSGLt846OdFG6UdIWvO/VYd8cW+Ozqey/Boq6ZFihQkGKhqv
+ifDOsvsCU1W75lhqz5kcdfB+iS7pwo9S5tXkguYlIKEQe71Wi6YXrux8D75o3Nbi
+xwdp0yyuaKl58iKb3WntO0IquEhQzwpSURXEP+NNE1TacfKwvTSyD95tfFosfp1F
+d6sL4wc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec
new file mode 100644
index 0000000000..7c29aa0ad1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate With Must-Staple
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build
new file mode 100644
index 0000000000..0eef91b076
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build
@@ -0,0 +1,20 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+FINAL_TARGET = "_tests/xpcshell/security/manager/ssl/tests/unit/pkcs11testmodule"
+
+UNIFIED_SOURCES += [
+    "pkcs11testmodule.cpp",
+]
+
+SharedLibrary("pkcs11testmodule")
+
+# C_GetFunctionList needs to be exported. As it turns out, it's much easier to
+# just export all the symbols.
+NoVisibilityFlags()
+SYMBOLS_FILE = "pkcs11testmodule.symbols"
+
+NO_PGO = True
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp
new file mode 100644
index 0000000000..74c5620eb2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp
@@ -0,0 +1,597 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a testing PKCS #11 module that simulates a token being inserted and
+// removed from a slot every 50ms. This is achieved mainly in
+// Test_C_WaitForSlotEvent. If the application that loaded this module calls
+// C_WaitForSlotEvent, this module waits for 50ms and returns, having changed
+// its internal state to report that the token has either been inserted or
+// removed, as appropriate.
+// This module also provides an alternate token that is always present for tests
+// that don't want the cyclic behavior described above.
+
+#include <assert.h>
+#include <atomic>
+#include <string.h>
+
+#if defined(WIN32)
+#  include <windows.h>  // for Sleep
+#else
+#  include <unistd.h>  // for usleep
+#endif
+
+#include "pkcs11.h"
+
+CK_RV Test_C_Initialize(CK_VOID_PTR) { return CKR_OK; }
+
+CK_RV Test_C_Finalize(CK_VOID_PTR) { return CKR_OK; }
+
+static const CK_VERSION CryptokiVersion = {2, 2};
+static const CK_VERSION TestLibraryVersion = {0, 0};
+static const char TestLibraryDescription[] = "Test PKCS11 Library";
+static const char TestManufacturerID[] = "Test PKCS11 Manufacturer ID";
+
+/* The dest buffer is one in the CK_INFO or CK_TOKEN_INFO structs.
+ * Those buffers are padded with spaces. DestSize corresponds to the declared
+ * size for those buffers (e.g. 32 for `char foo[32]`).
+ * The src buffer is a string literal. SrcSize includes the string
+ * termination character (e.g. 4 for `const char foo[] = "foo"` */
+template <size_t DestSize, size_t SrcSize>
+void CopyString(unsigned char (&dest)[DestSize], const char (&src)[SrcSize]) {
+  static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
+  memcpy(dest, src, SrcSize - 1);
+  memset(dest + SrcSize - 1, ' ', DestSize - SrcSize + 1);
+}
+
+CK_RV Test_C_GetInfo(CK_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->cryptokiVersion = CryptokiVersion;
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->flags = 0;  // must be 0
+  CopyString(pInfo->libraryDescription, TestLibraryDescription);
+  pInfo->libraryVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR) { return CKR_OK; }
+
+static int tokenPresent = 0;
+
+CK_RV Test_C_GetSlotList(CK_BBOOL limitToTokensPresent,
+                         CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  // We always return slot 2
+  CK_ULONG slotCount = 1;
+  if (!limitToTokensPresent) {
+    // If we want empty slots, we also return slots 1 and 3
+    slotCount += 2;
+  } else if (tokenPresent) {
+    // If we don't want empty slots, but token 1 is present, return that (but
+    // not slot 3)
+    slotCount++;
+  }
+
+  if (pSlotList) {
+    if (*pulCount < slotCount) {
+      return CKR_BUFFER_TOO_SMALL;
+    }
+    // apparently CK_SLOT_IDs are integers [1,N] because
+    // who likes counting from 0 all the time?
+    switch (slotCount) {
+      case 1:
+        pSlotList[0] = 2;
+        break;
+      case 2:
+        if (tokenPresent) {
+          pSlotList[0] = 1;
+          pSlotList[1] = 2;
+        } else {
+          pSlotList[0] = 2;
+          pSlotList[1] = 3;
+        }
+        break;
+      case 3:
+        pSlotList[0] = 1;
+        pSlotList[1] = 2;
+        pSlotList[2] = 3;
+        break;
+      default:
+        assert("Unexpected slot count in Test_C_GetSlotList" == NULL);
+        return CKR_GENERAL_ERROR;
+    }
+  }
+
+  *pulCount = slotCount;
+  return CKR_OK;
+}
+
+static const char TestSlotDescription[] = "Test PKCS11 Slot";
+static const char TestSlot2Description[] = "Test PKCS11 Slot 二";
+static const char TestSlot3Description[] = "Empty PKCS11 Slot";
+
+CK_RV Test_C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->slotDescription, TestSlotDescription);
+      pInfo->flags =
+          (tokenPresent ? CKF_TOKEN_PRESENT : 0) | CKF_REMOVABLE_DEVICE;
+      break;
+    case 2:
+      CopyString(pInfo->slotDescription, TestSlot2Description);
+      pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE;
+      break;
+    case 3:
+      CopyString(pInfo->slotDescription, TestSlot3Description);
+      pInfo->flags = CKF_REMOVABLE_DEVICE;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+// Deliberately include énye to ensure we're handling encoding correctly.
+// The PKCS #11 base specification v2.20 specifies that strings be encoded
+// as UTF-8.
+static const char TestTokenLabel[] = "Test PKCS11 Tokeñ Label";
+static const char TestToken2Label[] = "Test PKCS11 Tokeñ 2 Label";
+static const char TestTokenModel[] = "Test Model";
+
+std::atomic<bool> sLoggedIn = false;
+
+CK_RV Test_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->label, TestTokenLabel);
+      break;
+    case 2:
+      CopyString(pInfo->label, TestToken2Label);
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  CopyString(pInfo->model, TestTokenModel);
+  memset(pInfo->serialNumber, 0, sizeof(pInfo->serialNumber));
+  pInfo->flags = CKF_TOKEN_INITIALIZED;
+  if (slotID == 2) {
+    pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH |
+                    CKF_USER_PIN_INITIALIZED | CKF_LOGIN_REQUIRED;
+  }
+  pInfo->ulMaxSessionCount = 1;
+  pInfo->ulSessionCount = 0;
+  pInfo->ulMaxRwSessionCount = 1;
+  pInfo->ulRwSessionCount = 0;
+  pInfo->ulMaxPinLen = 4;
+  pInfo->ulMinPinLen = 4;
+  pInfo->ulTotalPublicMemory = 1024;
+  pInfo->ulFreePublicMemory = 1024;
+  pInfo->ulTotalPrivateMemory = 1024;
+  pInfo->ulFreePrivateMemory = 1024;
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  memset(pInfo->utcTime, 0, sizeof(pInfo->utcTime));
+
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismList(CK_SLOT_ID, CK_MECHANISM_TYPE_PTR,
+                              CK_ULONG_PTR pulCount) {
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  *pulCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE,
+                              CK_MECHANISM_INFO_PTR) {
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitToken(CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR) {
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG,
+                    CK_UTF8CHAR_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY,
+                         CK_SESSION_HANDLE_PTR phSession) {
+  switch (slotID) {
+    case 1:
+      *phSession = 1;
+      break;
+    case 2:
+      *phSession = 2;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  return CKR_OK;
+}
+
+CK_RV Test_C_CloseSession(CK_SESSION_HANDLE) { return CKR_OK; }
+
+CK_RV Test_C_CloseAllSessions(CK_SLOT_ID) { return CKR_OK; }
+
+CK_RV Test_C_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                            CK_SESSION_INFO_PTR pInfo) {
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (hSession) {
+    case 1:
+      pInfo->slotID = 1;
+      pInfo->state = CKS_RO_PUBLIC_SESSION;
+      break;
+    case 2:
+      pInfo->slotID = 2;
+      pInfo->state = sLoggedIn ? CKS_RO_USER_FUNCTIONS : CKS_RO_PUBLIC_SESSION;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->flags = CKF_SERIAL_SESSION;
+
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_OBJECT_HANDLE, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG) {
+  // Sleep for 3 seconds to simulate the user using a protected auth path.
+#ifdef WIN32
+  Sleep(3000);  // Sleep takes the duration argument as milliseconds
+#else
+  usleep(3000000);  // usleep takes the duration argument as microseconds
+#endif
+  sLoggedIn = true;
+  return CKR_OK;
+}
+
+CK_RV Test_C_Logout(CK_SESSION_HANDLE) {
+  sLoggedIn = false;
+  return CKR_OK;
+}
+
+CK_RV Test_C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG,
+                          CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR,
+                        CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_FindObjectsInit(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG) {
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjects(CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG,
+                         CK_ULONG_PTR pulObjectCount) {
+  *pulObjectCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjectsFinal(CK_SESSION_HANDLE) { return CKR_OK; }
+
+CK_RV Test_C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                         CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Encrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                         CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Decrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Digest(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Sign(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                  CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                         CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Verify(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                               CK_OBJECT_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR,
+                         CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR,
+                             CK_ULONG, CK_OBJECT_HANDLE_PTR,
+                             CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                     CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_BYTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG,
+                       CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetFunctionStatus(CK_SESSION_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CancelFunction(CK_SESSION_HANDLE) {
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR) {
+#ifdef WIN32
+  Sleep(50);  // Sleep takes the duration argument as milliseconds
+#else
+  usleep(50000);    // usleep takes the duration argument as microseconds
+#endif
+  *pSlot = 1;
+  tokenPresent = !tokenPresent;
+  return CKR_OK;
+}
+
+static CK_FUNCTION_LIST FunctionList = {{2, 2},
+                                        Test_C_Initialize,
+                                        Test_C_Finalize,
+                                        Test_C_GetInfo,
+                                        Test_C_GetFunctionList,
+                                        Test_C_GetSlotList,
+                                        Test_C_GetSlotInfo,
+                                        Test_C_GetTokenInfo,
+                                        Test_C_GetMechanismList,
+                                        Test_C_GetMechanismInfo,
+                                        Test_C_InitToken,
+                                        Test_C_InitPIN,
+                                        Test_C_SetPIN,
+                                        Test_C_OpenSession,
+                                        Test_C_CloseSession,
+                                        Test_C_CloseAllSessions,
+                                        Test_C_GetSessionInfo,
+                                        Test_C_GetOperationState,
+                                        Test_C_SetOperationState,
+                                        Test_C_Login,
+                                        Test_C_Logout,
+                                        Test_C_CreateObject,
+                                        Test_C_CopyObject,
+                                        Test_C_DestroyObject,
+                                        Test_C_GetObjectSize,
+                                        Test_C_GetAttributeValue,
+                                        Test_C_SetAttributeValue,
+                                        Test_C_FindObjectsInit,
+                                        Test_C_FindObjects,
+                                        Test_C_FindObjectsFinal,
+                                        Test_C_EncryptInit,
+                                        Test_C_Encrypt,
+                                        Test_C_EncryptUpdate,
+                                        Test_C_EncryptFinal,
+                                        Test_C_DecryptInit,
+                                        Test_C_Decrypt,
+                                        Test_C_DecryptUpdate,
+                                        Test_C_DecryptFinal,
+                                        Test_C_DigestInit,
+                                        Test_C_Digest,
+                                        Test_C_DigestUpdate,
+                                        Test_C_DigestKey,
+                                        Test_C_DigestFinal,
+                                        Test_C_SignInit,
+                                        Test_C_Sign,
+                                        Test_C_SignUpdate,
+                                        Test_C_SignFinal,
+                                        Test_C_SignRecoverInit,
+                                        Test_C_SignRecover,
+                                        Test_C_VerifyInit,
+                                        Test_C_Verify,
+                                        Test_C_VerifyUpdate,
+                                        Test_C_VerifyFinal,
+                                        Test_C_VerifyRecoverInit,
+                                        Test_C_VerifyRecover,
+                                        Test_C_DigestEncryptUpdate,
+                                        Test_C_DecryptDigestUpdate,
+                                        Test_C_SignEncryptUpdate,
+                                        Test_C_DecryptVerifyUpdate,
+                                        Test_C_GenerateKey,
+                                        Test_C_GenerateKeyPair,
+                                        Test_C_WrapKey,
+                                        Test_C_UnwrapKey,
+                                        Test_C_DeriveKey,
+                                        Test_C_SeedRandom,
+                                        Test_C_GenerateRandom,
+                                        Test_C_GetFunctionStatus,
+                                        Test_C_CancelFunction,
+                                        Test_C_WaitForSlotEvent};
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  *ppFunctionList = &FunctionList;
+  return CKR_OK;
+}
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols
new file mode 100644
index 0000000000..562ecea21d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols
@@ -0,0 +1 @@
+C_GetFunctionList
diff --git a/security/manager/ssl/tests/unit/requirements.txt b/security/manager/ssl/tests/unit/requirements.txt
new file mode 100644
index 0000000000..095fcb04fc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/requirements.txt
@@ -0,0 +1,6 @@
+lxml
+pyasn1 == 0.3.7
+pyasn1_modules == 0.1.5
+ecc
+mock
+rsa
diff --git a/security/manager/ssl/tests/unit/sign_app.py b/security/manager/ssl/tests/unit/sign_app.py
new file mode 100755
index 0000000000..a2767c54eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/sign_app.py
@@ -0,0 +1,426 @@
+#!/usr/bin/env python3
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Given a directory of files, packages them up and signs the
+resulting zip file. Mainly for creating test inputs to the
+nsIX509CertDB.openSignedAppFileAsync API.
+"""
+from base64 import b64encode
+from cbor2 import dumps
+from cbor2.types import CBORTag
+from hashlib import sha1, sha256
+import argparse
+from io import StringIO
+import os
+import re
+import six
+import sys
+import zipfile
+
+# These libraries moved to security/manager/tools/ in bug 1699294.
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "tools"))
+import pycert
+import pycms
+import pykey
+
+ES256 = -7
+ES384 = -35
+ES512 = -36
+KID = 4
+ALG = 1
+COSE_Sign = 98
+
+
+def coseAlgorithmToPykeyHash(algorithm):
+    """Helper function that takes one of (ES256, ES384, ES512)
+    and returns the corresponding pykey.HASH_* identifier."""
+    if algorithm == ES256:
+        return pykey.HASH_SHA256
+    if algorithm == ES384:
+        return pykey.HASH_SHA384
+    if algorithm == ES512:
+        return pykey.HASH_SHA512
+    raise UnknownCOSEAlgorithmError(algorithm)
+
+
+# COSE_Signature = [
+#     protected : serialized_map,
+#     unprotected : {},
+#     signature : bstr
+# ]
+
+
+def coseSignature(payload, algorithm, signingKey, signingCertificate, bodyProtected):
+    """Returns a COSE_Signature structure.
+    payload is a string representing the data to be signed
+    algorithm is one of (ES256, ES384, ES512)
+    signingKey is a pykey.ECKey to sign the data with
+    signingCertificate is a byte string
+    bodyProtected is the serialized byte string of the protected body header
+    """
+    protected = {ALG: algorithm, KID: signingCertificate}
+    protectedEncoded = dumps(protected)
+    # Sig_structure = [
+    #     context : "Signature"
+    #     body_protected : bodyProtected
+    #     sign_protected : protectedEncoded
+    #     external_aad : nil
+    #     payload : bstr
+    # ]
+    sigStructure = [u"Signature", bodyProtected, protectedEncoded, None, payload]
+    sigStructureEncoded = dumps(sigStructure)
+    pykeyHash = coseAlgorithmToPykeyHash(algorithm)
+    signature = signingKey.signRaw(sigStructureEncoded, pykeyHash)
+    return [protectedEncoded, {}, signature]
+
+
+# COSE_Sign = [
+#     protected : serialized_map,
+#     unprotected : {},
+#     payload : nil,
+#     signatures : [+ COSE_Signature]
+# ]
+
+
+def coseSig(payload, intermediates, signatures):
+    """Returns the entire (tagged) COSE_Sign structure.
+    payload is a string representing the data to be signed
+    intermediates is an array of byte strings
+    signatures is an array of (algorithm, signingKey,
+               signingCertificate) triplets to be passed to
+               coseSignature
+    """
+    protected = {KID: intermediates}
+    protectedEncoded = dumps(protected)
+    coseSignatures = []
+    for (algorithm, signingKey, signingCertificate) in signatures:
+        coseSignatures.append(
+            coseSignature(
+                payload, algorithm, signingKey, signingCertificate, protectedEncoded
+            )
+        )
+    tagged = CBORTag(COSE_Sign, [protectedEncoded, {}, None, coseSignatures])
+    return dumps(tagged)
+
+
+def walkDirectory(directory):
+    """Given a relative path to a directory, enumerates the
+    files in the tree rooted at that location. Returns a list
+    of pairs of paths to those files. The first in each pair
+    is the full path to the file. The second in each pair is
+    the path to the file relative to the directory itself."""
+    paths = []
+    for path, _dirs, files in os.walk(directory):
+        for f in files:
+            fullPath = os.path.join(path, f)
+            internalPath = re.sub(r"^/", "", fullPath.replace(directory, ""))
+            paths.append((fullPath, internalPath))
+    return paths
+
+
+def addManifestEntry(filename, hashes, contents, entries):
+    """Helper function to fill out a manifest entry.
+    Takes the filename, a list of (hash function, hash function name)
+    pairs to use, the contents of the file, and the current list
+    of manifest entries."""
+    entry = "Name: %s\n" % filename
+    for (hashFunc, name) in hashes:
+        base64hash = b64encode(hashFunc(contents).digest()).decode("ascii")
+        entry += "%s-Digest: %s\n" % (name, base64hash)
+    entries.append(entry)
+
+
+def getCert(subject, keyName, issuerName, ee, issuerKey="", validity=""):
+    """Helper function to create an X509 cert from a specification.
+    Takes the subject, the subject key name to use, the issuer name,
+    a bool whether this is an EE cert or not, and optionally an issuer key
+    name."""
+    certSpecification = (
+        "issuer:%s\n" % issuerName
+        + "subject:"
+        + subject
+        + "\n"
+        + "subjectKey:%s\n" % keyName
+    )
+    if ee:
+        certSpecification += "extension:keyUsage:digitalSignature"
+    else:
+        certSpecification += (
+            "extension:basicConstraints:cA,\n"
+            + "extension:keyUsage:cRLSign,keyCertSign"
+        )
+    if issuerKey:
+        certSpecification += "\nissuerKey:%s" % issuerKey
+    if validity:
+        certSpecification += "\nvalidity:%s" % validity
+    certSpecificationStream = StringIO()
+    print(certSpecification, file=certSpecificationStream)
+    certSpecificationStream.seek(0)
+    return pycert.Certificate(certSpecificationStream)
+
+
+def coseAlgorithmToSignatureParams(coseAlgorithm, issuerName, certValidity):
+    """Given a COSE algorithm ('ES256', 'ES384', 'ES512') and an issuer
+    name, returns a (algorithm id, pykey.ECCKey, encoded certificate)
+    triplet for use with coseSig.
+    """
+    if coseAlgorithm == "ES256":
+        keyName = "secp256r1"
+        algId = ES256
+    elif coseAlgorithm == "ES384":
+        keyName = "secp384r1"
+        algId = ES384
+    elif coseAlgorithm == "ES512":
+        keyName = "secp521r1"  # COSE uses the hash algorithm; this is the curve
+        algId = ES512
+    else:
+        raise UnknownCOSEAlgorithmError(coseAlgorithm)
+    key = pykey.ECCKey(keyName)
+    # The subject must differ to avoid errors when importing into NSS later.
+    ee = getCert(
+        "xpcshell signed app test signer " + keyName,
+        keyName,
+        issuerName,
+        True,
+        "default",
+        certValidity,
+    )
+    return (algId, key, ee.toDER())
+
+
+def signZip(
+    appDirectory,
+    outputFile,
+    issuerName,
+    rootName,
+    certValidity,
+    manifestHashes,
+    signatureHashes,
+    pkcs7Hashes,
+    coseAlgorithms,
+    emptySignerInfos,
+    headerPaddingFactor,
+):
+    """Given a directory containing the files to package up,
+    an output filename to write to, the name of the issuer of
+    the signing certificate, the name of trust anchor, a list of hash algorithms
+    to use in the manifest file, a similar list for the signature file,
+    a similar list for the pkcs#7 signature, a list of COSE signature algorithms
+    to include, whether the pkcs#7 signer info should be kept empty, and how
+    many MB to pad the manifests by (to test handling large manifest files),
+    packages up the files in the directory and creates the output as
+    appropriate."""
+    # The header of each manifest starts with the magic string
+    # 'Manifest-Version: 1.0' and ends with a blank line. There can be
+    # essentially anything after the first line before the blank line.
+    mfEntries = ["Manifest-Version: 1.0"]
+    if headerPaddingFactor > 0:
+        # In this format, each line can only be 72 bytes long. We make
+        # our padding 50 bytes per line (49 of content and one newline)
+        # so the math is easy.
+        singleLinePadding = "a" * 49
+        # 1000000 / 50 = 20000
+        allPadding = [singleLinePadding] * (headerPaddingFactor * 20000)
+        mfEntries.extend(allPadding)
+    # Append the blank line.
+    mfEntries.append("")
+
+    with zipfile.ZipFile(outputFile, "w", zipfile.ZIP_DEFLATED) as outZip:
+        for (fullPath, internalPath) in walkDirectory(appDirectory):
+            with open(fullPath, "rb") as inputFile:
+                contents = inputFile.read()
+            outZip.writestr(internalPath, contents)
+
+            # Add the entry to the manifest we're building
+            addManifestEntry(internalPath, manifestHashes, contents, mfEntries)
+
+        if len(coseAlgorithms) > 0:
+            coseManifest = "\n".join(mfEntries)
+            outZip.writestr("META-INF/cose.manifest", coseManifest)
+            coseManifest = six.ensure_binary(coseManifest)
+            addManifestEntry(
+                "META-INF/cose.manifest", manifestHashes, coseManifest, mfEntries
+            )
+            intermediates = []
+            coseIssuerName = issuerName
+            if rootName:
+                coseIssuerName = "xpcshell signed app test issuer"
+                intermediate = getCert(
+                    coseIssuerName,
+                    "default",
+                    rootName,
+                    False,
+                    "",
+                    certValidity,
+                )
+                intermediate = intermediate.toDER()
+                intermediates.append(intermediate)
+            signatures = [
+                coseAlgorithmToSignatureParams(
+                    coseAlgorithm,
+                    coseIssuerName,
+                    certValidity,
+                )
+                for coseAlgorithm in coseAlgorithms
+            ]
+            coseSignatureBytes = coseSig(coseManifest, intermediates, signatures)
+            outZip.writestr("META-INF/cose.sig", coseSignatureBytes)
+            addManifestEntry(
+                "META-INF/cose.sig", manifestHashes, coseSignatureBytes, mfEntries
+            )
+
+        if len(pkcs7Hashes) != 0 or emptySignerInfos:
+            mfContents = "\n".join(mfEntries)
+            sfContents = "Signature-Version: 1.0\n"
+            for (hashFunc, name) in signatureHashes:
+                hashed = hashFunc(six.ensure_binary(mfContents)).digest()
+                base64hash = b64encode(hashed).decode("ascii")
+                sfContents += "%s-Digest-Manifest: %s\n" % (name, base64hash)
+
+            cmsSpecification = ""
+            for name in pkcs7Hashes:
+                hashFunc, _ = hashNameToFunctionAndIdentifier(name)
+                cmsSpecification += "%s:%s\n" % (
+                    name,
+                    hashFunc(six.ensure_binary(sfContents)).hexdigest(),
+                )
+            cmsSpecification += (
+                "signer:\n"
+                + "issuer:%s\n" % issuerName
+                + "subject:xpcshell signed app test signer\n"
+                + "extension:keyUsage:digitalSignature"
+            )
+            if certValidity:
+                cmsSpecification += "\nvalidity:%s" % certValidity
+            cmsSpecificationStream = StringIO()
+            print(cmsSpecification, file=cmsSpecificationStream)
+            cmsSpecificationStream.seek(0)
+            cms = pycms.CMS(cmsSpecificationStream)
+            p7 = cms.toDER()
+            outZip.writestr("META-INF/A.RSA", p7)
+            outZip.writestr("META-INF/A.SF", sfContents)
+            outZip.writestr("META-INF/MANIFEST.MF", mfContents)
+
+
+class Error(Exception):
+    """Base class for exceptions in this module."""
+
+    pass
+
+
+class UnknownHashAlgorithmError(Error):
+    """Helper exception type to handle unknown hash algorithms."""
+
+    def __init__(self, name):
+        super(UnknownHashAlgorithmError, self).__init__()
+        self.name = name
+
+    def __str__(self):
+        return "Unknown hash algorithm %s" % repr(self.name)
+
+
+class UnknownCOSEAlgorithmError(Error):
+    """Helper exception type to handle unknown COSE algorithms."""
+
+    def __init__(self, name):
+        super(UnknownCOSEAlgorithmError, self).__init__()
+        self.name = name
+
+    def __str__(self):
+        return "Unknown COSE algorithm %s" % repr(self.name)
+
+
+def hashNameToFunctionAndIdentifier(name):
+    if name == "sha1":
+        return (sha1, "SHA1")
+    if name == "sha256":
+        return (sha256, "SHA256")
+    raise UnknownHashAlgorithmError(name)
+
+
+def main(outputFile, appPath, *args):
+    """Main entrypoint. Given an already-opened file-like
+    object, a path to the app directory to sign, and some
+    optional arguments, signs the contents of the directory and
+    writes the resulting package to the 'file'."""
+    parser = argparse.ArgumentParser(description="Sign an app.")
+    parser.add_argument(
+        "-i",
+        "--issuer",
+        action="store",
+        help="Issuer name",
+        default="xpcshell signed apps test root",
+    )
+    parser.add_argument("-r", "--root", action="store", help="Root name", default="")
+    parser.add_argument(
+        "--cert-validity",
+        action="store",
+        help="Certificate validity; YYYYMMDD-YYYYMMDD or duration in days",
+        default="",
+    )
+    parser.add_argument(
+        "-m",
+        "--manifest-hash",
+        action="append",
+        help="Hash algorithms to use in manifest",
+        default=[],
+    )
+    parser.add_argument(
+        "-s",
+        "--signature-hash",
+        action="append",
+        help="Hash algorithms to use in signature file",
+        default=[],
+    )
+    parser.add_argument(
+        "-c",
+        "--cose-sign",
+        action="append",
+        help="Append a COSE signature with the given "
+        + "algorithms (out of ES256, ES384, and ES512)",
+        default=[],
+    )
+    parser.add_argument(
+        "-z",
+        "--pad-headers",
+        action="store",
+        default=0,
+        help="Pad the header sections of the manifests "
+        + "with X MB of repetitive data",
+    )
+    group = parser.add_mutually_exclusive_group()
+    group.add_argument(
+        "-p",
+        "--pkcs7-hash",
+        action="append",
+        help="Hash algorithms to use in PKCS#7 signature",
+        default=[],
+    )
+    group.add_argument(
+        "-e",
+        "--empty-signerInfos",
+        action="store_true",
+        help="Emit pkcs#7 SignedData with empty signerInfos",
+    )
+    parsed = parser.parse_args(args)
+    if len(parsed.manifest_hash) == 0:
+        parsed.manifest_hash.append("sha256")
+    if len(parsed.signature_hash) == 0:
+        parsed.signature_hash.append("sha256")
+    signZip(
+        appPath,
+        outputFile,
+        parsed.issuer,
+        parsed.root,
+        parsed.cert_validity,
+        [hashNameToFunctionAndIdentifier(h) for h in parsed.manifest_hash],
+        [hashNameToFunctionAndIdentifier(h) for h in parsed.signature_hash],
+        parsed.pkcs7_hash,
+        parsed.cose_sign,
+        parsed.empty_signerInfos,
+        int(parsed.pad_headers),
+    )
diff --git a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
new file mode 100644
index 0000000000..8e165b2b8d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
@@ -0,0 +1,46 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests that adding a certificate already present in the certificate database
+// with different trust bits than those stored in the database does not result
+// in the new trust bits being ignored.
+
+do_get_profile();
+var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function load_cert(cert, trust) {
+  let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem";
+  return addCertFromFile(certDB, file, trust);
+}
+
+add_task(async function () {
+  load_cert("ca", "CTu,CTu,CTu");
+  let int_cert = load_cert("int-limited-depth", "CTu,CTu,CTu");
+  let file =
+    "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem";
+  let cert_pem = readFile(do_get_file(file));
+  let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem));
+  await checkCertErrorGeneric(
+    certDB,
+    ee,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  // Change the already existing intermediate certificate's trust using
+  // addCertFromBase64().
+  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
+  let base64_cert = int_cert.getBase64DERString();
+  let returnedEE = certDB.addCertFromBase64(base64_cert, "p,p,p");
+  notEqual(returnedEE, null, "addCertFromBase64 should return a certificate");
+  await checkCertErrorGeneric(
+    certDB,
+    ee,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageSSLServer
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_allow_all_cert_errors.js b/security/manager/ssl/tests/unit/test_allow_all_cert_errors.js
new file mode 100644
index 0000000000..6bcd71aaf3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_allow_all_cert_errors.js
@@ -0,0 +1,25 @@
+/* -*- tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+function run_test() {
+  do_get_profile();
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    true
+  );
+
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+  add_connection_test("expired.example.com", PRErrorCodeSuccess);
+  add_test(function () {
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      false
+    );
+    run_next_test();
+  });
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem
new file mode 100644
index 0000000000..161ce88377
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUXwklABFZn09Yj1azSdQ4kpuizxYwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCdpP06UqpAnAAak/i4+LShrIG/
+DdjHLQ8qLChBdPkT6Gxx1XVoNfG3GJsIGCoOf6isORMfBlBXiR5kmLFTE3kJhA/I
+pDxDGYDqt9DNb0fxeMpOJxwQ+mBMZIKLPu+nk4jTqUrOX8bLwDMiXTbFeY91SUr8
+4b43YzXVorVQSlYOfcsmrnEfmfJNauHBrzak5BQhsEXHqAI7qV9TCQA1+cGwH8jb
+Aw2SyVu1usAyHkM2wCisHXeidf3qR6PxmfLMAgHKXBLz3DsXY30xDI4jJS9MySu9
+lhrs1IJf5PdJk5z5viYqZQemuv0R+R7ItbpCHpreUXh2GutiAY4Xsgrhfcer
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec
new file mode 100644
index 0000000000..9c21e7adcf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:ca
+validity:20100101-20500101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem
new file mode 100644
index 0000000000..a13b0cbcd1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUS00fexo4Y4FagP1oiKQiGCJKd/swDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNjA3MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAGjMx1NAs2guKp3wRRAWdiAw9NCeX+qCsxxkr4jUdgQ14wZwU2fZ/2rK
+7Z/StpwlWN+G4dWwCRCjibKvjauQs+XLT9wMO3U/1VBcQda36duX70ss2SAF9crs
+dmZdISevFItTn+W6JNyr1Wt2sSiD4buXpW1UzNwuxnWGpo/a++bMEYaM8KDdz73t
+KA9VShYNbcrUZgf70bvCbc8BR3vYUwyIp3fP7TngD/dRLYJyv5ayo9VXVJxOzYU7
+/aRrBvAdAL2w8eQzzYm6uyHlOE+imWYix2QOGNFJIiRXFRTii9Rr0o4geW7x2wZJ
++TzO4XPVlax1h6KDPRLsmwhbJDAMuUU=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec
new file mode 100644
index 0000000000..7a34d0758f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20160724-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem
new file mode 100644
index 0000000000..f2bb8c97d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUZ3gdKZRvWFYArMRStT2zAGE6JDQwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNTA3MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBABERZmWOEZAI2dQHbpXo7BJFw8eigDs8xWGtnu5UbNFs7zGnXzta0L8T
+RBoaWeEbsaVpuGQ648eorgQRGwNdL3JkJb0qHtaSl5/raAOvv+YqmGzZhFWcj3ib
+WUOWODdFlY3oUzpPjA+IeRzULya6//s8DhEKfVi2mJXc/sS6fE9J234IhKBysyr1
+cRIApw6OCr0V78TbHzEPh1z0QuMKY8hH0lz3JvQqGD59oTEdSJ5VVbmDLxqqmVtA
+/i4j2lYkDos2HvHGP7a/LC20FI0lOcSqazSeKc+y2Mand9tDXCU/dEEYMj1IW5rM
+z2+96XzCbJBesYFEEfWXG6XysP3UtE0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec
new file mode 100644
index 0000000000..aa682a7afd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20150724-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem
new file mode 100644
index 0000000000..7ac56a0689
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUWxGwhSb8roUQoLNpJajl0X8jk10wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNjA4MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAKxEoWUrHht8zENUlC/3tj/KbDSeaIy5nVE49aJRqHwuSczG5PTDn7sD
+rjl6Qq2rx3Z3ftZxJNIdpS3BUeUJ+FsQ2fK3ckDyeWkzxADlWp2l2bgKDtnW5Xjw
+lfzFt1Z/4PUmz0JyNGqijvpT/YYM9uM5OOKmKvy6C/6HiIMI2f5pVHM2bFWLuHLI
+p9yqp056EKPWCEQbkqseXLS0O8ZyxAyW4kHezUQzn1KFq9IGZu5sBZ8Imop0xnal
+2wXCuEisuAIOQNb1l9t+hf/P53+oRLjPbJzuzLZGSNA5PzoTbmZOqOdJS+kCNGCX
+IahLlU3dPILDlvl8DLFhk+lz9mA8x90=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec
new file mode 100644
index 0000000000..e38478165c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20160824-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem
new file mode 100644
index 0000000000..ba11dcc152
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIUOWkKeR6blD0zzhElEnCm4eSqLTAwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNjA3MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjMDAuMCwGA1UdEQQl
+MCOkITAfMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjANBgkqhkiG9w0B
+AQsFAAOCAQEACPZ4Ed3iONrIIKtg3865taT5TUj4Ts3tnYn4riFqojr6h/CHEDPR
+LStAJ4yYGQoTTzQzaxYjEZXHIEI/bCZ1VpGNpZt8DXWsJWwJgt8QUNeYT0eFFE2M
+CjrLJC1OIQRvlR89WEbk/q45KBQC0faeizqkAn+YUSG8mjHHbmSO8PWbh4z0YYlg
+BjwhTRFWUmWfQKC+mHyWblbYyFKlsFWf6cGOd4qE8N/hIz7oPzI4IPN1EQ/IfaQy
+WOOyxPZeu+J5VPlPE10nV5afoRcPLh/6vTwH85tPGzxWU4Jo4NDtFOtZAZR/S7sO
+OB/ST8Dbvs7qQFfRtgCtpEMicG7kxO1F+Q==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec
new file mode 100644
index 0000000000..41817bde75
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20160724-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem
new file mode 100644
index 0000000000..6882ba0554
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIUG1q3+RCKIizPHadkamCYLL7cp2swDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNTA3MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjMDAuMCwGA1UdEQQl
+MCOkITAfMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjANBgkqhkiG9w0B
+AQsFAAOCAQEAqa/ayP8zXODUJJmuZLTJsdT2VaqbOh2WWk2bC2A82feGvCevLuL0
+0gPk+001Zx49Y1erMmt2M1cKtf2Lob8SGLNGUlJf2K7SNJTk7nyog+4UIlK4Hsxo
+CQ9sqKGJjkwHTDK1rB9gSW4e27Taj6tudnsUfgKWVzERxipebtLsCvz8Jfa0YLRI
+bGr6L4LoWiN2RNiK7/IOycfJ8VLDlBRouHD2Xfu0pFcvymMvfOC7GG4oBAacCKGn
+muUfoODgKw2yCIOSe7jsJOQ9yOp03sRipISfO0TALFzJX0V5+7CYDLZYR8vs/F/4
+0cIqkhwyCfUWYsGI4gPPR/nVxNvTRZhiFw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec
new file mode 100644
index 0000000000..65acf0b024
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20150724-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem
new file mode 100644
index 0000000000..cd87acfe48
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIUD1kNqQ0aKQ2TJjGUYztUh8I7j4AwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNjA4MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjMDAuMCwGA1UdEQQl
+MCOkITAfMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjANBgkqhkiG9w0B
+AQsFAAOCAQEAU9n5I/Hdfod2fPBYWHZA/5/SabHkOBUHfrg6UUQYeHagVbqmoTQD
+M5F/DcDna+w6nHagIC/GRHBHkgY3Syh8QK5LnL3zi5tC0u4dzysDUjWtEAEgIcWA
+/pYtp6qZwJzxvn68PTnYnFDL61+LDLxlUBa2iRieRkCUOokCLL4ce3jsSTuJ+mGk
+XoaRrRREgtG5loYK8hFXM1RDkzyCa82DF/qD+iYgUJS9LMXrsksIRHP7Lqzhnwba
+Q4N8rgsBDFkNTEAmGcnTLMTlfO+SyKdHZI4n9VHdUQ1n38qFn70jj1YjcqEOFKXb
+wldSrYMedEOFVWyXaVWmxMwMTiDIKWMoxg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec
new file mode 100644
index 0000000000..140c201434
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20160824-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
new file mode 100644
index 0000000000..514964b5fb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
@@ -0,0 +1,78 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function certFromFile(certName) {
+  return constructCertFromFile(`test_baseline_requirements/${certName}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(
+    gCertDB,
+    `test_baseline_requirements/${certName}.pem`,
+    trustString
+  );
+}
+
+function checkCertOn25August2016(cert, expectedResult) {
+  // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
+  const VALIDATION_TIME = 1472083200;
+  return checkCertErrorGenericAtTime(
+    gCertDB,
+    cert,
+    expectedResult,
+    certificateUsageSSLServer,
+    VALIDATION_TIME,
+    false,
+    "example.com"
+  );
+}
+
+add_task(async function () {
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("privacy.reduceTimerPrecision");
+  });
+
+  Services.prefs.setBoolPref("privacy.reduceTimerPrecision", false);
+
+  loadCertWithTrust("ca", "CTu,,");
+
+  // At one time there was a preference security.pki.name_matching_mode that
+  // controlled whether or not mozilla::pkix would fall back to using a
+  // certificate's subject common name during name matching. This no longer
+  // exists, and certificates that previously required the fallback should fail
+  // to verify.
+
+  await checkCertOn25August2016(
+    certFromFile("no-san-recent"),
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  await checkCertOn25August2016(
+    certFromFile("no-san-old"),
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  await checkCertOn25August2016(
+    certFromFile("no-san-older"),
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-recent"),
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-old"),
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  await checkCertOn25August2016(
+    certFromFile("san-contains-no-hostnames-older"),
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_blocklist_onecrl.js b/security/manager/ssl/tests/unit/test_blocklist_onecrl.js
new file mode 100644
index 0000000000..d82a493f16
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_blocklist_onecrl.js
@@ -0,0 +1,148 @@
+"use strict";
+
+do_get_profile();
+
+const { Utils } = ChromeUtils.importESModule(
+  "resource://services-settings/Utils.sys.mjs"
+);
+const { RemoteSettings } = ChromeUtils.importESModule(
+  "resource://services-settings/remote-settings.sys.mjs"
+);
+const { RemoteSecuritySettings } = ChromeUtils.importESModule(
+  "resource://gre/modules/psm/RemoteSecuritySettings.sys.mjs"
+);
+const { OneCRLBlocklistClient } = RemoteSecuritySettings.init();
+
+add_task(async function test_uses_a_custom_signer() {
+  Assert.notEqual(
+    OneCRLBlocklistClient.signerName,
+    RemoteSettings("not-specified").signerName
+  );
+});
+
+add_task(async function test_has_initial_dump() {
+  Assert.ok(
+    await Utils.hasLocalDump(
+      OneCRLBlocklistClient.bucketName,
+      OneCRLBlocklistClient.collectionName
+    )
+  );
+});
+
+add_task(async function test_default_jexl_filter_is_used() {
+  Assert.deepEqual(
+    OneCRLBlocklistClient.filterFunc,
+    RemoteSettings("not-specified").filterFunc
+  );
+});
+
+add_task(
+  async function test_revocations_are_updated_on_sync_with_cert_storage() {
+    const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+      Ci.nsICertStorage
+    );
+    const has_revocations = () =>
+      new Promise(resolve => {
+        certStorage.hasPriorData(
+          Ci.nsICertStorage.DATA_TYPE_REVOCATION,
+          (rv, hasPriorData) => {
+            if (rv == Cr.NS_OK) {
+              return resolve(hasPriorData);
+            }
+            return resolve(false);
+          }
+        );
+      });
+
+    Assert.ok(!(await has_revocations()));
+
+    await OneCRLBlocklistClient.emit("sync", {
+      data: {
+        current: [],
+        created: [
+          {
+            issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+            serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
+          },
+        ],
+        updated: [],
+        deleted: [],
+      },
+    });
+
+    Assert.ok(await has_revocations());
+  }
+);
+
+add_task(async function test_updated_entry() {
+  // Revoke a particular issuer/serial number.
+  await OneCRLBlocklistClient.emit("sync", {
+    data: {
+      current: [],
+      created: [
+        {
+          issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+          serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
+        },
+      ],
+      updated: [],
+      deleted: [],
+    },
+  });
+  const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+  let issuerArray = [
+    0x30, 0x12, 0x31, 0x10, 0x30, 0xe, 0x6, 0x3, 0x55, 0x4, 0x3, 0xc, 0x7, 0x54,
+    0x65, 0x73, 0x74, 0x20, 0x43, 0x41,
+  ];
+  let serialArray = [
+    0x6b, 0x45, 0xfb, 0xff, 0xb0, 0xe5, 0x4d, 0xa7, 0x9d, 0xa6, 0xa, 0xc8, 0x26,
+    0xd, 0xb9, 0x88, 0x13, 0xce, 0x90, 0x83,
+  ];
+  let revocationState = certStorage.getRevocationState(
+    issuerArray,
+    serialArray,
+    [],
+    []
+  );
+  Assert.equal(revocationState, Ci.nsICertStorage.STATE_ENFORCE);
+
+  // Update the revocation to be a different serial number; the original
+  // (issuer, serial) pair should now not be revoked.
+  await OneCRLBlocklistClient.emit("sync", {
+    data: {
+      current: [],
+      created: [],
+      updated: [
+        {
+          old: {
+            issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+            serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
+          },
+          new: {
+            issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+            serialNumber: "ALtF+/+w5U0=",
+          },
+        },
+      ],
+      deleted: [],
+    },
+  });
+  let oldRevocationState = certStorage.getRevocationState(
+    issuerArray,
+    serialArray,
+    [],
+    []
+  );
+  Assert.equal(oldRevocationState, Ci.nsICertStorage.STATE_UNSET);
+
+  let newSerialArray = [0x00, 0xbb, 0x45, 0xfb, 0xff, 0xb0, 0xe5, 0x4d];
+  let newRevocationState = certStorage.getRevocationState(
+    issuerArray,
+    newSerialArray,
+    [],
+    []
+  );
+  Assert.equal(newRevocationState, Ci.nsICertStorage.STATE_ENFORCE);
+});
diff --git a/security/manager/ssl/tests/unit/test_broken_fips.js b/security/manager/ssl/tests/unit/test_broken_fips.js
new file mode 100644
index 0000000000..2aac2496f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_broken_fips.js
@@ -0,0 +1,61 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that if Firefox attempts and fails to load a PKCS#11 module DB that was
+// in FIPS mode, Firefox can still make use of keys in the key database.
+// secomd.db can be created via `certutil -N -d <dir>`. Putting it in FIPS mode
+// involves running `modutil -fips true -dbdir <dir>`. key4.db is from
+// test_sdr_preexisting/key4.db.
+
+function run_test() {
+  // Append a single quote and non-ASCII characters to the profile path.
+  let profd = Services.env.get("XPCSHELL_TEST_PROFILE_DIR");
+  let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+  file.initWithPath(profd);
+  file.append("'÷1");
+  Services.env.set("XPCSHELL_TEST_PROFILE_DIR", file.path);
+
+  let profile = do_get_profile(); // must be called before getting nsIX509CertDB
+  Assert.ok(
+    /[^\x20-\x7f]/.test(profile.path),
+    "the profile path should contain a non-ASCII character"
+  );
+
+  let keyDBName = "key4.db";
+  let keyDBFile = do_get_file(`test_broken_fips/${keyDBName}`);
+  keyDBFile.copyTo(profile, keyDBName);
+
+  let pkcs11modDBName = "pkcs11.txt";
+  let pkcs11modDBFile = do_get_file(`test_broken_fips/${pkcs11modDBName}`);
+  pkcs11modDBFile.copyTo(profile, pkcs11modDBName);
+
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  ok(!moduleDB.isFIPSEnabled, "FIPS should not be enabled");
+
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  const encrypted =
+    "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d";
+  const expectedResult = "password";
+  let decrypted = sdr.decryptString(encrypted);
+  equal(
+    decrypted,
+    expectedResult,
+    "decrypted ciphertext should match expected plaintext"
+  );
+
+  let pkcs11modDBFileFIPS = do_get_profile();
+  pkcs11modDBFileFIPS.append(`${pkcs11modDBName}.fips`);
+  ok(
+    pkcs11modDBFileFIPS.exists(),
+    "backed-up PKCS#11 module db should now exist"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_broken_fips/key4.db b/security/manager/ssl/tests/unit/test_broken_fips/key4.db
new file mode 100644
index 0000000000..8f320dfdbd
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_broken_fips/key4.db differ
diff --git a/security/manager/ssl/tests/unit/test_broken_fips/pkcs11.txt b/security/manager/ssl/tests/unit/test_broken_fips/pkcs11.txt
new file mode 100644
index 0000000000..78a11f5fa7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_broken_fips/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal FIPS PKCS #11 Module
+parameters=configdir='.' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512,Camellia,SEED,RANDOM ] }  Flags=internal,FIPS,critical
+
diff --git a/security/manager/ssl/tests/unit/test_certDB_export_pkcs12.js b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12.js
new file mode 100644
index 0000000000..04fa1c655c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12.js
@@ -0,0 +1,56 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests exporting a certificate and key as a PKCS#12 blob and importing it
+// again with a new password set.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
+const CERT_COMMON_NAME = "test_cert_from_windows";
+const TEST_CERT_PASSWORD = "黒�";
+
+function findCertByCommonName(commonName) {
+  for (let cert of gCertDB.getCerts()) {
+    if (cert.commonName == commonName) {
+      return cert;
+    }
+  }
+  return null;
+}
+
+function run_test() {
+  // Import the certificate and key so we have something to export.
+  let cert = findCertByCommonName(CERT_COMMON_NAME);
+  equal(cert, null, "cert should not be found before import");
+  let certFile = do_get_file(PKCS12_FILE);
+  ok(certFile, `${PKCS12_FILE} should exist`);
+  let errorCode = gCertDB.importPKCS12File(certFile, TEST_CERT_PASSWORD);
+  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should be imported");
+  cert = findCertByCommonName(CERT_COMMON_NAME);
+  notEqual(cert, null, "cert should be found now");
+
+  // Export the certificate and key.
+  let output = do_get_tempdir();
+  output.append("output.p12");
+  ok(!output.exists(), "output shouldn't exist before exporting PKCS12 file");
+  errorCode = gCertDB.exportPKCS12File(output, [cert], TEST_CERT_PASSWORD);
+  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should be exported");
+  ok(output.exists(), "output should exist after exporting PKCS12 file");
+
+  // We should be able to import the exported blob again using the new password.
+  errorCode = gCertDB.importPKCS12File(output, TEST_CERT_PASSWORD);
+  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should be imported");
+  output.remove(false /* not a directory; recursive doesn't apply */);
+
+  // Ideally there would be some way to confirm that this actually did anything.
+  // Unfortunately, since deleting a certificate currently doesn't actually do
+  // anything until the platform is restarted, we can't confirm that we
+  // successfully re-imported the certificate.
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js
new file mode 100644
index 0000000000..25f4ab58bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js
@@ -0,0 +1,117 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests exporting a certificate and key as a PKCS#12 blob if the user has a
+// primary password set.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
+const CERT_COMMON_NAME = "test_cert_from_windows";
+const TEST_CERT_PASSWORD = "黒�";
+
+var gPrompt = {
+  password: "password",
+  clickOk: true,
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]),
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gPrompt| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  alert(title, text) {
+    info(`alert('${text}')`);
+    ok(false, "not expecting alert() to be called");
+  },
+
+  promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+    equal(
+      text,
+      "Please enter your Primary Password.",
+      "password prompt text should be as expected"
+    );
+    equal(checkMsg, null, "checkMsg should be null");
+    password.value = this.password;
+    return this.clickOk;
+  },
+};
+
+const gPromptFactory = {
+  QueryInterface: ChromeUtils.generateQI(["nsIPromptFactory"]),
+  getPrompt: (aWindow, aIID) => gPrompt,
+};
+
+function findCertByCommonName(commonName) {
+  for (let cert of gCertDB.getCerts()) {
+    if (cert.commonName == commonName) {
+      return cert;
+    }
+  }
+  return null;
+}
+
+function run_test() {
+  let promptFactoryCID = MockRegistrar.register(
+    "@mozilla.org/prompter;1",
+    gPromptFactory
+  );
+
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(promptFactoryCID);
+  });
+
+  // Set a primary password.
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
+  let token = tokenDB.getInternalKeyToken();
+  token.initPassword("password");
+  token.logoutSimple();
+
+  // Import the certificate and key so we have something to export.
+  let cert = findCertByCommonName(CERT_COMMON_NAME);
+  equal(cert, null, "cert should not be found before import");
+  let certFile = do_get_file(PKCS12_FILE);
+  ok(certFile, `${PKCS12_FILE} should exist`);
+  let errorCode = gCertDB.importPKCS12File(certFile, TEST_CERT_PASSWORD);
+  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should import");
+  cert = findCertByCommonName(CERT_COMMON_NAME);
+  notEqual(cert, null, "cert should be found now");
+
+  // Log out so we're prompted for the password.
+  token.logoutSimple();
+
+  // Export the certificate and key (and don't cancel the password request
+  // dialog).
+  let output = do_get_tempdir();
+  output.append("output.p12");
+  ok(!output.exists(), "output shouldn't exist before exporting PKCS12 file");
+  errorCode = gCertDB.exportPKCS12File(output, [cert], TEST_CERT_PASSWORD);
+  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should export");
+  ok(output.exists(), "output should exist after exporting PKCS12 file");
+  output.remove(false /* not a directory; recursive doesn't apply */);
+
+  // Log out again so we're prompted for the password.
+  token.logoutSimple();
+
+  // Attempt to export the certificate and key, but this time cancel the
+  // password request dialog. The export operation should also be canceled.
+  gPrompt.clickOk = false;
+  let output2 = do_get_tempdir();
+  output2.append("output2.p12");
+  ok(!output2.exists(), "output2 shouldn't exist before exporting PKCS12 file");
+  errorCode = gCertDB.exportPKCS12File(output, [cert], TEST_CERT_PASSWORD);
+  equal(
+    errorCode,
+    Ci.nsIX509CertDB.ERROR_PKCS12_BACKUP_FAILED,
+    "cert should not export"
+  );
+
+  ok(!output2.exists(), "output2 shouldn't exist after failing to export");
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import.js b/security/manager/ssl/tests/unit/test_certDB_import.js
new file mode 100644
index 0000000000..86c66f4989
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import.js
@@ -0,0 +1,187 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the various nsIX509CertDB import methods.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const CA_CERT_COMMON_NAME = "importedCA";
+const TEST_EMAIL_ADDRESS = "test@example.com";
+
+let gCACertImportDialogCount = 0;
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  confirmDownloadCACert: (ctx, cert, trust) => {
+    gCACertImportDialogCount++;
+    equal(
+      cert.commonName,
+      CA_CERT_COMMON_NAME,
+      "CA cert to import should have the correct CN"
+    );
+    trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
+    return true;
+  },
+  setPKCS12FilePassword: (ctx, password) => {
+    // This is only relevant to exporting.
+    ok(false, "setPKCS12FilePassword() should not have been called");
+  },
+  getPKCS12FilePassword: (ctx, password) => {
+    // We don't test anything that calls this method yet.
+    ok(false, "getPKCS12FilePassword() should not have been called");
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsICertificateDialogs"]),
+};
+
+// Implements nsIInterfaceRequestor. Mostly serves to mock nsIPrompt.
+const gInterfaceRequestor = {
+  alert: (title, text) => {
+    // We don't test anything that calls this method yet.
+    ok(false, `alert() should not have been called: ${text}`);
+  },
+
+  getInterface: iid => {
+    if (iid.equals(Ci.nsIPrompt)) {
+      return this;
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+};
+
+function getCertAsByteArray(certPath) {
+  let certFile = do_get_file(certPath, false);
+  let certBytes = readFile(certFile);
+
+  let byteArray = [];
+  for (let i = 0; i < certBytes.length; i++) {
+    byteArray.push(certBytes.charCodeAt(i));
+  }
+
+  return byteArray;
+}
+
+function commonFindCertBy(propertyName, value) {
+  for (let cert of gCertDB.getCerts()) {
+    if (cert[propertyName] == value) {
+      return cert;
+    }
+  }
+  return null;
+}
+
+function findCertByCommonName(commonName) {
+  return commonFindCertBy("commonName", commonName);
+}
+
+function findCertByEmailAddress(emailAddress) {
+  return commonFindCertBy("emailAddress", emailAddress);
+}
+
+function testImportCACert() {
+  // Sanity check the CA cert is missing.
+  equal(
+    findCertByCommonName(CA_CERT_COMMON_NAME),
+    null,
+    "CA cert should not be in the database before import"
+  );
+
+  // Import and check for success.
+  let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem");
+  gCertDB.importCertificates(
+    caArray,
+    caArray.length,
+    Ci.nsIX509Cert.CA_CERT,
+    gInterfaceRequestor
+  );
+  equal(
+    gCACertImportDialogCount,
+    1,
+    "Confirmation dialog for the CA cert should only be shown once"
+  );
+
+  let caCert = findCertByCommonName(CA_CERT_COMMON_NAME);
+  notEqual(caCert, null, "CA cert should now be found in the database");
+  ok(
+    gCertDB.isCertTrusted(
+      caCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "CA cert should be trusted for e-mail"
+  );
+}
+
+function testImportEmptyCertPackage() {
+  // Because this is an empty cert package, nothing will be imported. We know it succeeded if no errors are thrown.
+  let byteArray = [
+    0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+    0x05, 0xa0, 0x02, 0x30, 0x00,
+  ];
+  gCertDB.importCertificates(
+    byteArray,
+    byteArray.length,
+    Ci.nsIX509Cert.CA_CERT,
+    gInterfaceRequestor
+  );
+}
+
+function testImportEmptyUserCert() {
+  // Because this is an empty cert package, nothing will be imported. We know it succeeded if no errors are thrown.
+  let byteArray = [
+    0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+    0x05, 0xa0, 0x02, 0x30, 0x00,
+  ];
+  gCertDB.importUserCertificate(
+    byteArray,
+    byteArray.length,
+    gInterfaceRequestor
+  );
+}
+
+function run_test() {
+  let certificateDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsCertificateDialogs;1",
+    gCertificateDialogs
+  );
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+  });
+
+  // Sanity check the e-mail cert is missing.
+  equal(
+    findCertByEmailAddress(TEST_EMAIL_ADDRESS),
+    null,
+    "E-mail cert should not be in the database before import"
+  );
+
+  // Import the CA cert so that the e-mail import succeeds.
+  testImportCACert();
+  testImportEmptyCertPackage();
+  testImportEmptyUserCert();
+
+  // Import the e-mail cert and check for success.
+  let emailArray = getCertAsByteArray("test_certDB_import/emailEE.pem");
+  gCertDB.importEmailCertificate(
+    emailArray,
+    emailArray.length,
+    gInterfaceRequestor
+  );
+  let emailCert = findCertByEmailAddress(TEST_EMAIL_ADDRESS);
+  notEqual(emailCert, null, "E-mail cert should now be found in the database");
+  let bundle = Services.strings.createBundle(
+    "chrome://pipnss/locale/pipnss.properties"
+  );
+  equal(
+    emailCert.tokenName,
+    bundle.GetStringFromName("PrivateTokenDescription"),
+    "cert's tokenName should be the expected localized value"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx
new file mode 100644
index 0000000000..e969d672d7
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx differ
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_emptypass.pfx b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_emptypass.pfx
new file mode 100644
index 0000000000..879d424b85
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_emptypass.pfx differ
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_nopass.pfx b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_nopass.pfx
new file mode 100644
index 0000000000..7dcd668121
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows_nopass.pfx differ
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
new file mode 100644
index 0000000000..a3e58933f0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIUO3XveEEK2bu0gx8Lu8vi1NxEGdIwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaW1wb3J0ZWRDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIw
+MjQwMjA1MDAwMDAwWjAhMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1wbGUuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAnhH0WY14SMcVDXj6OvvxHuaRRO8lA
+A6vDrn/AmWg0gN7e0aQgvonedXY4OgefAj17X345yZj8VpPFgOjUIb7PYErMxdeB
+biKGv/psCB1uDk68Gn1KrFMZ2BtlLeYRWRejgSo53GYH1PBpZZ6owjicqIKKo9cW
+Y/EFyauQCQGhWub+tshNFbucSrNDk1Q0uu1Ogs8QFve3x+YbdceAwK835XzLROvS
+pWBeWDK1Eqvqun1yWUHVn6aAbZZgKn9yUG7kZqWoBc1InRwaZcImttQF//OJw08y
+b0KVWoM5qo2c20qaxNW66GW/tpWnDfUvSTIHZuaDiar4mlSK/0O2aGa8
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec
new file mode 100644
index 0000000000..0528bc624a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec
@@ -0,0 +1,2 @@
+issuer:importedCA
+subject:/emailAddress=test@example.com
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/encrypted_with_aes.p12 b/security/manager/ssl/tests/unit/test_certDB_import/encrypted_with_aes.p12
new file mode 100644
index 0000000000..105f918782
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_certDB_import/encrypted_with_aes.p12 differ
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
new file mode 100644
index 0000000000..e45812f786
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICzDCCAbSgAwIBAgIUd0wCxJoXOgEeMrd0+AIGybyqYgEwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaW1wb3J0ZWRDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIw
+MjQwMjA1MDAwMDAwWjAVMRMwEQYDVQQDDAppbXBvcnRlZENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB5N5HCphrUqEmwLj+1graV
+zneZbDyL2nb1ooITiJj+i+NaOg383Sr/lvWyhw+51o5qx1hnBu8JZ/HlBhFsz/OH
+mujJmot+jVg/MRpaTdxZNfpxVZqfroyx1qzr7TC8wgHggxI/DWeCifQmEgNdKIgI
+JL0BvVLasGOMhmprRRK3DabjzOjW5xMbY1B3+msbtQtxB6eCXa4byNIZ7vAUdg8L
+x2+TovO4c1cs8AzLdpgECImdcHaBFyOYd5sK7f6gcJHtiEx+7JkIF+53wHbFIFlp
+s7zkbDA4v97bm5oYMmaW4JEZ8rW07a62ILrNOezvEZCccOnfo+miHcr1AwuJSx9z
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec
new file mode 100644
index 0000000000..b168253544
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:importedCA
+subject:importedCA
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
new file mode 100644
index 0000000000..9ddba36c4e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
@@ -0,0 +1,126 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests import PKCS12 file by nsIX509CertDB.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
+const PKCS12_FILE_EMPTY_PASS =
+  "test_certDB_import/cert_from_windows_emptypass.pfx";
+const PKCS12_FILE_NO_PASS = "test_certDB_import/cert_from_windows_nopass.pfx";
+const CERT_COMMON_NAME = "test_cert_from_windows";
+const TEST_CERT_PASSWORD = "黒�";
+
+let gTestcases = [
+  // Test that importing a PKCS12 file with the wrong password fails.
+  {
+    name: "import using incorrect password",
+    filename: PKCS12_FILE,
+    passwordToUse: "this is the wrong password",
+    successExpected: false,
+    errorCode: Ci.nsIX509CertDB.ERROR_BAD_PASSWORD,
+    checkCertExist: true,
+    certCommonName: CERT_COMMON_NAME,
+  },
+  // Test that importing something that isn't a PKCS12 file fails.
+  {
+    name: "import non-PKCS12 file",
+    filename: "test_certDB_import_pkcs12.js",
+    passwordToUse: TEST_CERT_PASSWORD,
+    successExpected: false,
+    errorCode: Ci.nsIX509CertDB.ERROR_DECODE_ERROR,
+    checkCertExist: true,
+    certCommonName: CERT_COMMON_NAME,
+  },
+  // Test that importing a PKCS12 file with the correct password succeeds.
+  // This needs to be last because currently there isn't a way to delete the
+  // imported certificate (and thus reset the test state) that doesn't depend on
+  // the garbage collector running.
+  {
+    name: "import PKCS12 file",
+    filename: PKCS12_FILE,
+    passwordToUse: TEST_CERT_PASSWORD,
+    successExpected: true,
+    errorCode: Ci.nsIX509CertDB.Success,
+    checkCertExist: true,
+    certCommonName: CERT_COMMON_NAME,
+  },
+  // Same cert file protected with empty string password
+  {
+    name: "import PKCS12 file empty password",
+    filename: PKCS12_FILE_EMPTY_PASS,
+    passwordToUse: "",
+    successExpected: true,
+    errorCode: Ci.nsIX509CertDB.Success,
+    checkCertExist: false,
+    certCommonName: CERT_COMMON_NAME,
+  },
+  // Same cert file protected with no password
+  {
+    name: "import PKCS12 file no password",
+    filename: PKCS12_FILE_NO_PASS,
+    passwordToUse: null,
+    successExpected: true,
+    errorCode: Ci.nsIX509CertDB.Success,
+    checkCertExist: false,
+    certCommonName: CERT_COMMON_NAME,
+  },
+  // Test a PKCS12 file encrypted using AES
+  {
+    name: "import PKCS12 file using AES",
+    filename: "test_certDB_import/encrypted_with_aes.p12",
+    passwordToUse: "password",
+    successExpected: true,
+    errorCode: Ci.nsIX509CertDB.Success,
+    checkCertExist: true,
+    certCommonName: "John Doe",
+  },
+];
+
+function doesCertExist(commonName) {
+  let allCerts = gCertDB.getCerts();
+  for (let cert of allCerts) {
+    if (cert.isBuiltInRoot) {
+      continue;
+    }
+    if (cert.commonName == commonName) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+function runOneTestcase(testcase) {
+  info(`running ${testcase.name}`);
+  if (testcase.checkCertExist) {
+    ok(
+      !doesCertExist(testcase.certCommonName),
+      "cert should not be in the database before import"
+    );
+  }
+
+  // Import and check for failure.
+  let certFile = do_get_file(testcase.filename);
+  ok(certFile, `${testcase.filename} should exist`);
+  let errorCode = gCertDB.importPKCS12File(certFile, testcase.passwordToUse);
+  equal(errorCode, testcase.errorCode, `verifying error code`);
+  equal(
+    doesCertExist(testcase.certCommonName),
+    testcase.successExpected,
+    `cert should${testcase.successExpected ? "" : " not"} be found now`
+  );
+}
+
+function run_test() {
+  for (let testcase of gTestcases) {
+    runOneTestcase(testcase);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js b/security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js
new file mode 100644
index 0000000000..ab1ad36fd2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js
@@ -0,0 +1,148 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that a CA certificate can still be imported if the user has a primary
+// password set.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const CA_CERT_COMMON_NAME = "importedCA";
+
+let gCACertImportDialogCount = 0;
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  confirmDownloadCACert: (ctx, cert, trust) => {
+    gCACertImportDialogCount++;
+    equal(
+      cert.commonName,
+      CA_CERT_COMMON_NAME,
+      "CA cert to import should have the correct CN"
+    );
+    trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
+    return true;
+  },
+  setPKCS12FilePassword: (ctx, password) => {
+    // This is only relevant to exporting.
+    ok(false, "setPKCS12FilePassword() should not have been called");
+  },
+  getPKCS12FilePassword: (ctx, password) => {
+    // We don't test anything that calls this method yet.
+    ok(false, "getPKCS12FilePassword() should not have been called");
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsICertificateDialogs"]),
+};
+
+var gMockPrompter = {
+  passwordToTry: "password",
+  numPrompts: 0,
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gMockPrompter| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+    this.numPrompts++;
+    if (this.numPrompts > 1) {
+      // don't keep retrying a bad password
+      return false;
+    }
+    equal(
+      text,
+      "Please enter your Primary Password.",
+      "password prompt text should be as expected"
+    );
+    equal(checkMsg, null, "checkMsg should be null");
+    ok(this.passwordToTry, "passwordToTry should be non-null");
+    password.value = this.passwordToTry;
+    return true;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]),
+
+  // Again with the arrow function issue.
+  getInterface(iid) {
+    if (iid.equals(Ci.nsIPrompt)) {
+      return this;
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+};
+
+function getCertAsByteArray(certPath) {
+  let certFile = do_get_file(certPath, false);
+  let certBytes = readFile(certFile);
+
+  let byteArray = [];
+  for (let i = 0; i < certBytes.length; i++) {
+    byteArray.push(certBytes.charCodeAt(i));
+  }
+
+  return byteArray;
+}
+
+function findCertByCommonName(commonName) {
+  for (let cert of gCertDB.getCerts()) {
+    if (cert.commonName == commonName) {
+      return cert;
+    }
+  }
+  return null;
+}
+
+function run_test() {
+  let certificateDialogsCID = MockRegistrar.register(
+    "@mozilla.org/nsCertificateDialogs;1",
+    gCertificateDialogs
+  );
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+  });
+
+  // Set a primary password.
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
+  let token = tokenDB.getInternalKeyToken();
+  token.initPassword("password");
+  token.logoutSimple();
+
+  // Sanity check the CA cert is missing.
+  equal(
+    findCertByCommonName(CA_CERT_COMMON_NAME),
+    null,
+    "CA cert should not be in the database before import"
+  );
+
+  // Import and check for success.
+  let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem");
+  gCertDB.importCertificates(
+    caArray,
+    caArray.length,
+    Ci.nsIX509Cert.CA_CERT,
+    gMockPrompter
+  );
+  equal(
+    gCACertImportDialogCount,
+    1,
+    "Confirmation dialog for the CA cert should only be shown once"
+  );
+
+  let caCert = findCertByCommonName(CA_CERT_COMMON_NAME);
+  notEqual(caCert, null, "CA cert should now be found in the database");
+  ok(
+    gCertDB.isCertTrusted(
+      caCert,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_EMAIL
+    ),
+    "CA cert should be trusted for e-mail"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_chains.js b/security/manager/ssl/tests/unit/test_cert_chains.js
new file mode 100644
index 0000000000..471bc42c03
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -0,0 +1,394 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// We hard-code the following certificates for the pkcs7 export tests so that we
+// don't have to change the test data when the certificates change each year.
+// Luckily these tests don't depend on the certificates being valid, so it's ok
+// to let them expire.
+const gDefaultEEPEM = `-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAw
+MjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcow
+gccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tghUqLnBp
+bm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu
+ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvlaob
+K2YRb4OGMxySIKuQ80N0XlO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4s
+v0swx/+oUxCfLb0VIl/kdUqLkbGYrAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU
++aL9QOuvT/j3rXoimcdo6X3TK1SN2/64fGMyG/pwas+JXehbReUf4n1ewk84ADtb
++ew8tRAKf/uxzKUj5t/UgqDsnTWq5wUc5IJKwoHT41sQnNqPg12x4+WGWiAsWCpR
+/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16IjWEukvJuU1W
+-----END CERTIFICATE-----`;
+
+const gTestCAPEM = `-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUKaFwIwCwHXUgKRuOhAX4pjYsmbgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAw
+MjA1MDAwMDAwWjASMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAIMgnywHFbPzJ
+BEcbpx/aWQOI2tUFlo7MUoPSoACHzoI/HOUTx25eKHlpNK2jSljLufhUd//eCCXg
++OQt4f2N/tRw8gumbs3YDF7+t3ZNGt+iQxZTwN7MKsGIZy+6R523XHw8lpzFX5iz
+XgIS+0APlX+XyZk7MRCcBWh6PSaSqEOOvUXVp6Omh3it034kBWnm809TEWmwiVw3
+ssPDmpUCArdDNMMdvQehzaH96cdjcSsguqpX9NcMDUmmiG7HLQ2iy+WSzek9S46S
+bKKDLw8Ebevfkl6PEpg+GDulq+EPXayN3AsFXkF8MaFLgfeprkENjN1g4jM+WSyN
+6DC7vCkj7A==
+-----END CERTIFICATE-----`;
+
+const gUnknownIssuerPEM = `
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIUMRiJ9TrwqTOoVFU+j5FDWDWS1X8wDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbVGVzdCBJbnRlcm1lZGlhdGUgdG8gZGVsZXRlMCIYDzIw
+MTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMC4xLDAqBgNVBAMMI1Rlc3Qg
+RW5kLWVudGl0eSBmcm9tIHVua25vd24gaXNzdWVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HCMIG/MIGIBgNV
+HREEgYAwfoIZdW5rbm93bmlzc3Vlci5leGFtcGxlLmNvbYI0dW5rbm93bmlzc3Vl
+ci5pbmNsdWRlLXN1YmRvbWFpbnMucGlubmluZy5leGFtcGxlLmNvbYIrdW5rbm93
+bmlzc3Vlci50ZXN0LW1vZGUucGlubmluZy5leGFtcGxlLmNvbTAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZI
+hvcNAQELBQADggEBALAnJjBJ+MOc7kMRzmESYZRSxKak7A1K67xBXWzWmK3t3WXv
+e/RLjV/RhbyTN20h2ZjSVcuDzgNYC/RJ/z3Xd5Q9QEGoi1ly84HeaeHw/3kUSHxv
+J3JnbPu2lk96U5y7tXEVfbEVZYpx4Us72fuURPWriVldILH2lgrEg+iKZWbY/wcT
+vfu1j/flMkGEOpc1HytlmR9fkCDnqzFfcmv7Eh3X1BiSBOIemGnUHxONwlthSE68
+IItE5l3c82G8oQGmve6r0N9h7t6opIjH1koFWMck/pzDA01FmWey4ASdlmjE8NSJ
+Al1zsF8EiLOZeI1rvurcXwVOd0Olk9/QT5hwTkk=
+-----END CERTIFICATE-----`;
+
+const gOCSPEEWithIntermediatePEM = `
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUZ67hS7lHVnCQtXx7oXFlzihqh0cwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAxNzExMjcwMDAw
+MDBaGA8yMDIwMDIwNTAwMDAwMFowLDEqMCgGA1UEAwwhVGVzdCBFbmQtZW50aXR5
+IHdpdGggSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1swWTAjBgNVHREEHDAagglsb2NhbGhv
+c3SCDSouZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo
+dHRwOi8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQAo043hM4Gi
+UtoXKOQB2v0C8nF4Yyzpf+i0LlxQCFZkiLYu9pIuQu16I3TbLQRBwhCC0ml7TqJB
+AbryzILTorCQP8A1WQa1kt6cb30jCyXLcWnDA/ULPexn9cYm6I0YyLFlnkcVzMGL
+Fc+LyWTAPEW5rMauu5iOOp/6L5rBF0M9bg5yXSGNDv8gk3Jc+opJbBDTrAuKDNLp
+JSEp4rqovNFnirzlJWDS+ScAsWHtoLcrH6gnQRPsEV1WFQnYr3HkAakYQok9xs5A
+ikBS6mgz4/cFBts8bSGSuXxctkN2Ss7Y5l3YmTYKCxPz6retVfrhi/islH4W3z9H
+pu3ZqyACO6Lb
+-----END CERTIFICATE-----`;
+
+const gTestIntPEM = `
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcWgAwIBAgIUa0X7/7DlTaedpgrIJg25iBPOkIMwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMjUw
+MTAxMDAwMDAwWjAcMRowGAYDVQQDDBFUZXN0IEludGVybWVkaWF0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEB
+AILNZM9yT9ylMpjyi0tXaDORzpHiJ8vEoVKk98bC2BQF0kMEEB547p+Ms8zdJY00
+Bxe9qigT8rQwKprXq5RvgIZ32QLn/yMPiCp/e6zBdsx77TkfmnSnxvPi+0nlA+eM
+8JYN0UST4vWD4vPPX9GgZDVoGQTiF3hUivJ5R8sHb/ozcSukMKQQ22+AIU7w6wyA
+IbCAG7Pab4k2XFAeEnUZsl9fCym5jsPN9Pnv9rlBi6h8shHw1R2ROXjgxubjiMr3
+B456vFTJImLJjyA1iTSlr/+VXGUYg6Z0/HYnsO00+8xUKM71dPxGAfIFNaSscpyk
+rGFLvocT/kym6r8galxCJUo=
+-----END CERTIFICATE-----`;
+
+function build_cert_list_from_pem_list(pemList) {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let certList = [];
+  for (let pem of pemList) {
+    let cert = certdb.constructX509FromBase64(pemToBase64(pem));
+    certList.push(cert);
+  }
+  return certList;
+}
+
+function test_cert_pkcs7_export() {
+  // This was generated by running BadCertAndPinningServer locally on the bad_certs
+  // directory and visiting:
+  // https://good.include-subdomains.pinning.example.com:8443/
+  // and then viewing the certificate chain presented (in the page info dialog)
+  // and exporting it.
+  // (NB: test-ca must be imported and trusted for the connection to succeed)
+  const expectedPKCS7ForDefaultEE =
+    "MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCCBmQwggLTMIIBu6ADAgE" +
+    "CAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZX" +
+    "N0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB" +
+    "1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI" +
+    "BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xz" +
+    "VJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCy" +
+    "uwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW" +
+    "7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE" +
+    "LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8" +
+    "wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1Q" +
+    "WWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMX" +
+    "v63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKo" +
+    "Q469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf" +
+    "01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoU" +
+    "uB96muQQ2M3WDiMz5ZLI3oMLu8KSPsMIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6T" +
+    "IyPRSIwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAw" +
+    "MDAwMFoYDzIwMjAwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggE" +
+    "iMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNU" +
+    "q07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0" +
+    "DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ" +
+    "sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJH" +
+    "dtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFz" +
+    "G4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob" +
+    "3N0gg0qLmV4YW1wbGUuY29tghUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1z" +
+    "dWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnB" +
+    "pbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi" +
+    "8vbG9jYWxob3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvl" +
+    "aobK2YRb4OGMxySIKuQ80N0XlO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0sw" +
+    "x/+oUxCfLb0VIl/kdUqLkbGYrAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j" +
+    "3rXoimcdo6X3TK1SN2/64fGMyG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t" +
+    "/UgqDsnTWq5wUc5IJKwoHT41sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9W" +
+    "tZYAvwT78a2xpHp5XNglj16IjWEukvJuU1WMQAAAAAAAAA=";
+  let certListDefaultEE = build_cert_list_from_pem_list([
+    gDefaultEEPEM,
+    gTestCAPEM,
+  ]);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let pkcs7DefaultEE = certdb.asPKCS7Blob(certListDefaultEE);
+
+  equal(
+    btoa(pkcs7DefaultEE),
+    expectedPKCS7ForDefaultEE,
+    "PKCS7 export should work as expected for default-ee chain"
+  );
+
+  // This was generated by running BadCertAndPinningServer locally on the bad_certs
+  // directory and visiting:
+  // https://unknownissuer.example.com:8443/
+  // and then viewing the certificate presented (in the add certificate
+  // exception dialog) and exporting it.
+  const expectedPKCS7ForUnknownIssuer =
+    "MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCCA60wggOpMIICkaADAgE" +
+    "CAhQxGIn1OvCpM6hUVT6PkUNYNZLVfzANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtUZX" +
+    "N0IEludGVybWVkaWF0ZSB0byBkZWxldGUwIhgPMjAxNzExMjcwMDAwMDBaGA8yMDIwMDIwN" +
+    "TAwMDAwMFowLjEsMCoGA1UEAwwjVGVzdCBFbmQtZW50aXR5IGZyb20gdW5rbm93biBpc3N1" +
+    "ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTw" +
+    "T2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs" +
+    "1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkf" +
+    "bmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA" +
+    "dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/" +
+    "l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcIwgb8wgYgGA1UdEQSBgDB+ghl1bm" +
+    "tub3duaXNzdWVyLmV4YW1wbGUuY29tgjR1bmtub3duaXNzdWVyLmluY2x1ZGUtc3ViZG9tY" +
+    "Wlucy5waW5uaW5nLmV4YW1wbGUuY29tgit1bmtub3duaXNzdWVyLnRlc3QtbW9kZS5waW5u" +
+    "aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x" +
+    "vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAsCcmMEn4w5zuQxHOYRJhlFLEpq" +
+    "TsDUrrvEFdbNaYre3dZe979EuNX9GFvJM3bSHZmNJVy4POA1gL9En/Pdd3lD1AQaiLWXLzg" +
+    "d5p4fD/eRRIfG8ncmds+7aWT3pTnLu1cRV9sRVlinHhSzvZ+5RE9auJWV0gsfaWCsSD6Ipl" +
+    "Ztj/BxO9+7WP9+UyQYQ6lzUfK2WZH1+QIOerMV9ya/sSHdfUGJIE4h6YadQfE43CW2FITrw" +
+    "gi0TmXdzzYbyhAaa97qvQ32Hu3qikiMfWSgVYxyT+nMMDTUWZZ7LgBJ2WaMTw1IkCXXOwXw" +
+    "SIs5l4jWu+6txfBU53Q6WT39BPmHBOSTEAAAAAAAAA";
+  let certListUnknownIssuer = build_cert_list_from_pem_list([
+    gUnknownIssuerPEM,
+  ]);
+  let pkcs7UnknownIssuer = certdb.asPKCS7Blob(certListUnknownIssuer);
+  equal(
+    btoa(pkcs7UnknownIssuer),
+    expectedPKCS7ForUnknownIssuer,
+    "PKCS7 export should work as expected for unknown issuer"
+  );
+
+  // This was generated by running OCSPStaplingServer locally on the ocsp_certs
+  // directory and visiting:
+  // https://ocsp-stapling-with-intermediate.example.com:8443/
+  // and then viewing the certificate chain presented (in the page info dialog)
+  // and exporting it.
+  // (NB: test-ca must be imported and trusted for the connection to succeed)
+  const expectedPKCS7WithIntermediate =
+    "MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCCCPEwggLTMIIBu6ADAgE" +
+    "CAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZX" +
+    "N0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB" +
+    "1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI" +
+    "BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xz" +
+    "VJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCy" +
+    "uwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW" +
+    "7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE" +
+    "LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8" +
+    "wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1Q" +
+    "WWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMX" +
+    "v63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKo" +
+    "Q469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf" +
+    "01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoU" +
+    "uB96muQQ2M3WDiMz5ZLI3oMLu8KSPsMIIC3TCCAcWgAwIBAgIUa0X7/7DlTaedpgrIJg25i" +
+    "BPOkIMwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE1MDEwMTAw" +
+    "MDAwMFoYDzIwMjUwMTAxMDAwMDAwWjAcMRowGAYDVQQDDBFUZXN0IEludGVybWVkaWF0ZTC" +
+    "CASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6u" +
+    "Q1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8H" +
+    "mnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh" +
+    "eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaM" +
+    "Mkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5" +
+    "kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EB" +
+    "AMCAQYwDQYJKoZIhvcNAQELBQADggEBAILNZM9yT9ylMpjyi0tXaDORzpHiJ8vEoVKk98bC" +
+    "2BQF0kMEEB547p+Ms8zdJY00Bxe9qigT8rQwKprXq5RvgIZ32QLn/yMPiCp/e6zBdsx77Tk" +
+    "fmnSnxvPi+0nlA+eM8JYN0UST4vWD4vPPX9GgZDVoGQTiF3hUivJ5R8sHb/ozcSukMKQQ22" +
+    "+AIU7w6wyAIbCAG7Pab4k2XFAeEnUZsl9fCym5jsPN9Pnv9rlBi6h8shHw1R2ROXjgxubji" +
+    "Mr3B456vFTJImLJjyA1iTSlr/+VXGUYg6Z0/HYnsO00+8xUKM71dPxGAfIFNaSscpykrGFL" +
+    "vocT/kym6r8galxCJUowggM1MIICHaADAgECAhRnruFLuUdWcJC1fHuhcWXOKGqHRzANBgk" +
+    "qhkiG9w0BAQsFADAcMRowGAYDVQQDDBFUZXN0IEludGVybWVkaWF0ZTAiGA8yMDE3MTEyNz" +
+    "AwMDAwMFoYDzIwMjAwMjA1MDAwMDAwWjAsMSowKAYDVQQDDCFUZXN0IEVuZC1lbnRpdHkgd" +
+    "2l0aCBJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo" +
+    "RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHE" +
+    "IeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7q" +
+    "dw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCAB" +
+    "iTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd" +
+    "q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjWzBZMCMGA1U" +
+    "dEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKw" +
+    "YBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJKoZIhvcNAQELBQADggEBACjTj" +
+    "eEzgaJS2hco5AHa/QLycXhjLOl/6LQuXFAIVmSIti72ki5C7XojdNstBEHCEILSaXtOokEB" +
+    "uvLMgtOisJA/wDVZBrWS3pxvfSMLJctxacMD9Qs97Gf1xibojRjIsWWeRxXMwYsVz4vJZMA" +
+    "8Rbmsxq67mI46n/ovmsEXQz1uDnJdIY0O/yCTclz6iklsENOsC4oM0uklISniuqi80WeKvO" +
+    "UlYNL5JwCxYe2gtysfqCdBE+wRXVYVCdivceQBqRhCiT3GzkCKQFLqaDPj9wUG2zxtIZK5f" +
+    "Fy2Q3ZKztjmXdiZNgoLE/Pqt61V+uGL+KyUfhbfP0em7dmrIAI7otsxAAAAAAAAAA==";
+  let certListWithIntermediate = build_cert_list_from_pem_list([
+    gOCSPEEWithIntermediatePEM,
+    gTestIntPEM,
+    gTestCAPEM,
+  ]);
+  let pkcs7WithIntermediate = certdb.asPKCS7Blob(certListWithIntermediate);
+  equal(
+    btoa(pkcs7WithIntermediate),
+    expectedPKCS7WithIntermediate,
+    "PKCS7 export should work as expected for chain with intermediate"
+  );
+}
+
+function test_cert_pkcs7_empty_array() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  throws(
+    () => certdb.asPKCS7Blob([]),
+    /NS_ERROR_ILLEGAL_VALUE/,
+    "trying to convert an empty array to pkcs7 should throw"
+  );
+}
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+
+  add_test(function () {
+    test_cert_pkcs7_export();
+    run_next_test();
+  });
+
+  add_test(function () {
+    test_cert_pkcs7_empty_array();
+    run_next_test();
+  });
+
+  // Test successful connection (failedCertChain should be null)
+  add_connection_test(
+    // re-use pinning certs (keeler)
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess,
+    null,
+    function withSecurityInfo(aTransportSecurityInfo) {
+      equal(
+        aTransportSecurityInfo.failedCertChain.length,
+        0,
+        "failedCertChain for a successful connection should be null"
+      );
+    }
+  );
+
+  // Test overrideable connection failure (failedCertChain should be non-null)
+  add_connection_test(
+    "expired.example.com",
+    SEC_ERROR_EXPIRED_CERTIFICATE,
+    null,
+    function withSecurityInfo(securityInfo) {
+      notEqual(
+        securityInfo.failedCertChain,
+        null,
+        "failedCertChain should not be null for an overrideable" +
+          " connection failure"
+      );
+      let originalCertChain = build_cert_chain(["expired-ee", "test-ca"]);
+      ok(
+        areCertArraysEqual(originalCertChain, securityInfo.failedCertChain),
+        "failedCertChain should equal the original cert chain for an" +
+          " overrideable connection failure"
+      );
+    }
+  );
+
+  // Test overrideable connection failure (failedCertChain should be non-null)
+  add_connection_test(
+    "unknownissuer.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER,
+    null,
+    function withSecurityInfo(securityInfo) {
+      notEqual(
+        securityInfo.failedCertChain,
+        null,
+        "failedCertChain should not be null for an overrideable" +
+          " connection failure"
+      );
+      let originalCertChain = build_cert_chain(["unknownissuer"]);
+      ok(
+        areCertArraysEqual(originalCertChain, securityInfo.failedCertChain),
+        "failedCertChain should equal the original cert chain for an" +
+          " overrideable connection failure"
+      );
+    }
+  );
+
+  // Test non-overrideable error (failedCertChain should be non-null)
+  add_connection_test(
+    "inadequatekeyusage.example.com",
+    SEC_ERROR_INADEQUATE_KEY_USAGE,
+    null,
+    function withSecurityInfo(securityInfo) {
+      notEqual(
+        securityInfo.failedCertChain,
+        null,
+        "failedCertChain should not be null for a non-overrideable" +
+          " connection failure"
+      );
+      let originalCertChain = build_cert_chain([
+        "inadequatekeyusage-ee",
+        "test-ca",
+      ]);
+      ok(
+        areCertArraysEqual(originalCertChain, securityInfo.failedCertChain),
+        "failedCertChain should equal the original cert chain for a" +
+          " non-overrideable connection failure"
+      );
+    }
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_dbKey.js b/security/manager/ssl/tests/unit/test_cert_dbKey.js
new file mode 100644
index 0000000000..3ff36f905c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_dbKey.js
@@ -0,0 +1,225 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// This test tests that the nsIX509Cert.dbKey and nsIX509CertDB.findCertByDBKey
+// APIs work as expected. That is, getting a certificate's dbKey and using it
+// in findCertByDBKey should return the same certificate. Also, for backwards
+// compatibility, findCertByDBKey should ignore any whitespace in its input
+// (even though now nsIX509Cert.dbKey will never have whitespace in it).
+
+function hexStringToBytes(hex) {
+  let bytes = [];
+  for (let hexByteStr of hex.split(":")) {
+    bytes.push(parseInt(hexByteStr, 16));
+  }
+  return bytes;
+}
+
+function encodeCommonNameAsBytes(commonName) {
+  // The encoding will look something like this (in hex):
+  // 30 (SEQUENCE) <length of contents>
+  //    31 (SET) <length of contents>
+  //       30 (SEQUENCE) <length of contents>
+  //          06 (OID) 03 (length)
+  //             55 04 03 (id-at-commonName)
+  //          0C (UTF8String) <length of common name>
+  //             <common name bytes>
+  // To make things simple, it would be nice to have the length of each
+  // component be less than 128 bytes (so we can have single-byte lengths).
+  // For this to hold, the maximum length of the contents of the outermost
+  // SEQUENCE must be 127. Everything not in the contents of the common name
+  // will take up 11 bytes, so the value of the common name itself can be at
+  // most 116 bytes.
+  ok(
+    commonName.length <= 116,
+    "test assumption: common name can't be longer than 116 bytes (makes " +
+      "DER encoding easier)"
+  );
+  let commonNameOIDBytes = [0x06, 0x03, 0x55, 0x04, 0x03];
+  let commonNameBytes = [0x0c, commonName.length];
+  for (let i = 0; i < commonName.length; i++) {
+    commonNameBytes.push(commonName.charCodeAt(i));
+  }
+  let bytes = commonNameOIDBytes.concat(commonNameBytes);
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x30); // SEQUENCE
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x31); // SET
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x30); // SEQUENCE
+  return bytes;
+}
+
+function testInvalidDBKey(certDB, dbKey) {
+  throws(
+    () => certDB.findCertByDBKey(dbKey),
+    /NS_ERROR_ILLEGAL_INPUT/,
+    `findCertByDBKey(${dbKey}) should raise NS_ERROR_ILLEGAL_INPUT`
+  );
+}
+
+function testDBKeyForNonexistentCert(certDB, dbKey) {
+  let cert = certDB.findCertByDBKey(dbKey);
+  ok(!cert, "shouldn't find cert for given dbKey");
+}
+
+function byteArrayToByteString(bytes) {
+  let byteString = "";
+  for (let b of bytes) {
+    byteString += String.fromCharCode(b);
+  }
+  return byteString;
+}
+
+function run_test() {
+  do_get_profile();
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let cert = constructCertFromFile("bad_certs/test-ca.pem");
+  equal(
+    cert.issuerName,
+    "CN=" + cert.issuerCommonName,
+    "test assumption: this certificate's issuer distinguished name " +
+      "consists only of a common name"
+  );
+  let issuerBytes = encodeCommonNameAsBytes(cert.issuerCommonName);
+  ok(
+    issuerBytes.length < 256,
+    "test assumption: length of encoded issuer is less than 256 bytes"
+  );
+  let serialNumberBytes = hexStringToBytes(cert.serialNumber);
+  ok(
+    serialNumberBytes.length < 256,
+    "test assumption: length of encoded serial number is less than 256 bytes"
+  );
+  let dbKeyHeader = [
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    0,
+    serialNumberBytes.length,
+    0,
+    0,
+    0,
+    issuerBytes.length,
+  ];
+  let expectedDbKeyBytes = dbKeyHeader.concat(serialNumberBytes, issuerBytes);
+  let expectedDbKey = btoa(byteArrayToByteString(expectedDbKeyBytes));
+  equal(
+    cert.dbKey,
+    expectedDbKey,
+    "actual and expected dbKey values should match"
+  );
+
+  let certFromDbKey = certDB.findCertByDBKey(expectedDbKey);
+  ok(
+    areCertsEqual(certFromDbKey, cert),
+    "nsIX509CertDB.findCertByDBKey should find the right certificate"
+  );
+
+  ok(
+    expectedDbKey.length > 64,
+    "test assumption: dbKey should be longer than 64 characters"
+  );
+  let expectedDbKeyWithCRLF = expectedDbKey.replace(/(.{64})/, "$1\r\n");
+  ok(
+    expectedDbKeyWithCRLF.indexOf("\r\n") == 64,
+    "test self-check: adding CRLF to dbKey should succeed"
+  );
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF);
+  ok(
+    areCertsEqual(certFromDbKey, cert),
+    "nsIX509CertDB.findCertByDBKey should work with dbKey with CRLF"
+  );
+
+  let expectedDbKeyWithSpaces = expectedDbKey.replace(/(.{64})/, "$1  ");
+  ok(
+    expectedDbKeyWithSpaces.indexOf("  ") == 64,
+    "test self-check: adding spaces to dbKey should succeed"
+  );
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces);
+  ok(
+    areCertsEqual(certFromDbKey, cert),
+    "nsIX509CertDB.findCertByDBKey should work with dbKey with spaces"
+  );
+
+  // Test some invalid dbKey values.
+  testInvalidDBKey(certDB, "AAAA"); // Not long enough.
+  // No header.
+  testInvalidDBKey(
+    certDB,
+    btoa(
+      byteArrayToByteString(
+        [0, 0, 0, serialNumberBytes.length, 0, 0, 0, issuerBytes.length].concat(
+          serialNumberBytes,
+          issuerBytes
+        )
+      )
+    )
+  );
+  testInvalidDBKey(
+    certDB,
+    btoa(
+      byteArrayToByteString([
+        0,
+        0,
+        0,
+        0,
+        0,
+        0,
+        0,
+        0,
+        255,
+        255,
+        255,
+        255, // serial number length is way too long
+        255,
+        255,
+        255,
+        255, // issuer length is way too long
+        0,
+        0,
+        0,
+        0,
+      ])
+    )
+  );
+  // Truncated issuer.
+  testInvalidDBKey(
+    certDB,
+    btoa(
+      byteArrayToByteString([
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 10, 1, 1, 2, 3,
+      ])
+    )
+  );
+  // Issuer doesn't decode to valid common name.
+  testDBKeyForNonexistentCert(
+    certDB,
+    btoa(
+      byteArrayToByteString([
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 3, 1, 1, 2, 3,
+      ])
+    )
+  );
+
+  // zero-length serial number and issuer -> no such certificate
+  testDBKeyForNonexistentCert(
+    certDB,
+    btoa(
+      byteArrayToByteString([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
+    )
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_eku.js b/security/manager/ssl/tests/unit/test_cert_eku.js
new file mode 100644
index 0000000000..de1d5fcbfe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku.js
@@ -0,0 +1,189 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that the extended key usage extension is properly processed by the
+// platform when verifying certificates. There are already comprehensive tests
+// in mozilla::pkix itself, but these tests serve as integration tests to ensure
+// that the cases we're particularly concerned about are correctly handled.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function certFromFile(certName) {
+  return constructCertFromFile(`test_cert_eku/${certName}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, `test_cert_eku/${certName}.pem`, trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    expectedResult,
+    certificateUsageSSLServer
+  );
+}
+
+function checkCertOn25August2016(cert, expectedResult) {
+  // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
+  const VALIDATION_TIME = 1472083200;
+  return checkCertErrorGenericAtTime(
+    certdb,
+    cert,
+    expectedResult,
+    certificateUsageSSLServer,
+    VALIDATION_TIME
+  );
+}
+
+add_task(async function () {
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("privacy.reduceTimerPrecision");
+  });
+  Services.prefs.setBoolPref("privacy.reduceTimerPrecision", false);
+
+  loadCertWithTrust("ca", "CTu,,");
+  // end-entity has id-kp-serverAuth => success
+  await checkEndEntity(certFromFile("ee-SA"), PRErrorCodeSuccess);
+  // end-entity has id-kp-serverAuth => success
+  await checkEndEntity(certFromFile("ee-SA-CA"), PRErrorCodeSuccess);
+  // end-entity has extended key usage, but id-kp-serverAuth is not present =>
+  // failure
+  await checkEndEntity(certFromFile("ee-CA"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // end-entity has id-kp-serverAuth => success
+  await checkEndEntity(certFromFile("ee-SA-nsSGC"), PRErrorCodeSuccess);
+
+  // end-entity has extended key usage, but id-kp-serverAuth is not present =>
+  // failure (in particular, Netscape Server Gated Crypto (also known as
+  // Netscape Step Up) is not an acceptable substitute for end-entity
+  // certificates).
+  // Verify this for all Netscape Step Up policy configurations.
+  // 0 = "always accept nsSGC in place of serverAuth for CA certificates"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0);
+  await checkEndEntity(
+    certFromFile("ee-nsSGC"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  // 1 = "accept nsSGC before 23 August 2016"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1);
+  await checkEndEntity(
+    certFromFile("ee-nsSGC"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  // 2 = "accept nsSGC before 23 August 2015"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2);
+  await checkEndEntity(
+    certFromFile("ee-nsSGC"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  // 3 = "never accept nsSGC"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3);
+  await checkEndEntity(
+    certFromFile("ee-nsSGC"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+
+  // end-entity has id-kp-OCSPSigning, which is not acceptable for end-entity
+  // certificates being verified as TLS server certificates => failure
+  await checkEndEntity(
+    certFromFile("ee-SA-OCSP"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA", ",,");
+  await checkEndEntity(certFromFile("ee-int-SA"), PRErrorCodeSuccess);
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA-CA", ",,");
+  await checkEndEntity(certFromFile("ee-int-SA-CA"), PRErrorCodeSuccess);
+  // intermediate has extended key usage, but id-kp-serverAuth is not present
+  // => failure
+  loadCertWithTrust("int-CA", ",,");
+  await checkEndEntity(
+    certFromFile("ee-int-CA"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA-nsSGC", ",,");
+  await checkEndEntity(certFromFile("ee-int-SA-nsSGC"), PRErrorCodeSuccess);
+
+  // Intermediate has Netscape Server Gated Crypto. Success will depend on the
+  // Netscape Step Up policy configuration and the notBefore property of the
+  // intermediate.
+  loadCertWithTrust("int-nsSGC-recent", ",,");
+  loadCertWithTrust("int-nsSGC-old", ",,");
+  loadCertWithTrust("int-nsSGC-older", ",,");
+  // 0 = "always accept nsSGC in place of serverAuth for CA certificates"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0);
+  info("Netscape Step Up policy: always accept");
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-recent"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-old"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-older"),
+    PRErrorCodeSuccess
+  );
+  // 1 = "accept nsSGC before 23 August 2016"
+  info("Netscape Step Up policy: accept before 23 August 2016");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1);
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-recent"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-old"),
+    PRErrorCodeSuccess
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-older"),
+    PRErrorCodeSuccess
+  );
+  // 2 = "accept nsSGC before 23 August 2015"
+  info("Netscape Step Up policy: accept before 23 August 2015");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2);
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-recent"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-old"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-older"),
+    PRErrorCodeSuccess
+  );
+  // 3 = "never accept nsSGC"
+  info("Netscape Step Up policy: never accept");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3);
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-recent"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-old"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+  await checkCertOn25August2016(
+    certFromFile("ee-int-nsSGC-older"),
+    SEC_ERROR_INADEQUATE_CERT_TYPE
+  );
+
+  // intermediate has id-kp-OCSPSigning, which is acceptable for CA
+  // certificates => success
+  loadCertWithTrust("int-SA-OCSP", ",,");
+  await checkEndEntity(certFromFile("ee-int-SA-OCSP"), PRErrorCodeSuccess);
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem
new file mode 100644
index 0000000000..790e942fbd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvDCCAaSgAwIBAgIUbYeck7JVOWdVm1AGwsw/DzdRnaYwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDM1MDEwMTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAI0AO+ZBY1oImSrpifcmQZTE/C4xIu7Uu5GX/A7ApQU7
+8UAXivMgRDbtrjOie1HNH9DIxHBCFY/Y7f0VRXxWmPEmT+5LpHrLoi+YF0h2wh/1
+RuiJV1AfaEdVJyNCVDSQrS8BQG5O3LebBq00gjSJSQ4+DHu7YHWkyMIZk+lbBiO1
+GsD0FWBDlOtiMpL/CQWjyiskiqQjrDCs5m0NayqgzYAMtdlEd+pAKEMNO8Fr8xSI
+tAlcG4frvH0kLJ2scX9ayvKTZrAiAxJz9CjmmnXOyL78yyr/hkJbzYTvk0+1cClg
+J2aGnsFIHgUxEx7sApOqlmG8g1lqL7UPqpi8ItVNl48=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec
new file mode 100644
index 0000000000..c6e443f5d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+validity:20150101-20350101
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem
new file mode 100644
index 0000000000..3cb03da8f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIUC03diwvrB4IClE/zsjnrM/hOwWQwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEDEOMAwGA1UEAwwFZWUtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG
+AQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAnfkwf3dUtHoAqV8RNSvFz7KJ0RQui
+nIvnUmKUtzbVoIyC4rJQjVbjOPlh+//Qq7UjLdOicvePiu5kK5lzckaKieFcp8Mh
+IYvhiK0awUMH6Xs5sZbjwcUwWkWr1/7LuuZZa1k54vj5M4XwSQ4snrRQkzibUL7X
+kRKaDfIG2GTKQiK3Snl8o0X9nlTdGUVstAT6QtzkvwDRbs/vcjJUPkW0E8RZitkP
+E8n/QuW6+7Lf/zSO9wKUQdCa/m4dFlIzEDwUPGdk+BHbHOkEfd3+al+zmXwayBn0
+apP+bXWRBMPEZ6eXvdSrYx7bYFvJBiZX3WyGXzOQg+aOXnHebQjfDpvo
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec
new file mode 100644
index 0000000000..d49cabaa2f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-CA
+extension:extKeyUsage:clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem
new file mode 100644
index 0000000000..ede5b867bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUSfuClZeHYlvEYfPk7WTIXpRXbM0wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEzERMA8GA1UEAwwIZWUtU0EtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjITAfMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAc1UdQZONXBiW
+PHmGb+irQkZK7cET3oPn2iuHlHGgs4rgeXzbZkxFF6/wp84iSf7Svb7pWVmW/FaI
+iigoRROXBwssvrfz2yqYF+5uPrZst7OzyQ5iDEzOc+tXC2051sdPNOXNJDQeE4ac
+sr+e39xBMUwcOVIJE5bMtlcYhQGppTZA9PMfz137aQHdzV4g+1Io0pT851rhPP3p
+EhehyM2GyqwIP7KcHG1p4ncPD6Ninge6ar7nv1WV81vc8SkOUIBfD5JcjRobe80F
+AeSTTqRmlkFVbvOtnLctYdXWCIKg1GRUwk/89Xnhg3DdIANEhCW1jRxKsFwVTM7e
+D2TMbbw0aw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec
new file mode 100644
index 0000000000..5250cc4a84
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-CA
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem
new file mode 100644
index 0000000000..9c195b89bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAb2gAwIBAgIUE6Hbt6pxuVOgduBB/3H+COBki0owDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFTETMBEGA1UEAwwKZWUtU0EtT0NTUDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMhMB8wHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQBR2xe6V/V9
+jEBWS4Vyx9xsi3B9I44I85iQZKVMQARWJg24MBcPw6P0gNnv2n2VUHsA6XED9R0a
+naYxCzXRm/UPHUbJp+GQpX4khsTA4Vf5NfyaUMyvnrmVQnfXEISmVS3aoPZUyDrJ
+F6+v3hqNllT9Ub1VaszCybRjxGvjyMqlGQ9Cc8okeDdw2k0B6w2/61DEkQ8ZEQHQ
+Z+jzGCAeEyVC3UsASL4qSeXQYCkjKHPzwK3co8tyX/YuEZFrRz0wUNvSwx0Byp6t
+2egt51hgnO8mCEzfrEA37vEkzsmv/gFzoSSJvh0WttKLMgHVAIhP4e1K6tkGNTqN
+QXkdhBwi53N4
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec
new file mode 100644
index 0000000000..3b3eff9ae4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-OCSP
+extension:extKeyUsage:serverAuth,OCSPSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem
new file mode 100644
index 0000000000..2b3c805a5b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAb+gAwIBAgIUSWceP1hy2YehKHlNAGJTud5AQBEwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLZWUtU0EtbnNTR0MwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjIjAgMB4GA1UdJQQX
+MBUGCCsGAQUFBwMBBglghkgBhvhCBAEwDQYJKoZIhvcNAQELBQADggEBADR8iLp+
+wdwL+F6xHrZoRZ0twse/VXPZdCtYiII93zZnkT5/Kw9L0jPqSrXkAPECCyRAArFE
+M1sggTtgmDZqSegcihlFIQwwcKmEtvGy47IxgQ8M0r2N+2Tt1LLnQ5lyaxvaRLRk
+P7wRsVJMdzX9lhF9gIo5j+YJPjK68EXxLceDyfz1M9PNQIqjGz3efoAmsVry2HoS
+j10B53rKh/UcwpYv+++qVZwzZrfFK6bRGoRzO4zapDRmsXKWmEJZWL7EFYh85SXO
+J35mFJJDnswKajLpPdNrzc5Dvki/XM/50Yshli96S5uQeEKSfYBIWXS9yKq8VOXJ
+FXCbtkWVe+B8fOQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec
new file mode 100644
index 0000000000..4c51425ce7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-nsSGC
+extension:extKeyUsage:serverAuth,nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem
new file mode 100644
index 0000000000..6975921b9d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIULzA2uHt40mZircmlebIa0o2nR0MwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEDEOMAwGA1UEAwwFZWUtU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCb+rwpPNCs9bg0lFWJLo9YzubV9eM3
+ktSIWubXVwjRnXrd9rwKU7OSpcD8LkJTMLqLHlBhsu32hWd3EEgBwpEpPDTcoHNH
+4zDWAc8I+5gpFdB6IEeM2CIOcpA+52PAo02mafj/WDfIcyKTbtK/DJfKSg+I6TpC
+mwYwwKQYw8CW+BuAIFP39f+000oEuf7rPfAeZIvF4YV3pWnZ9wuXhW+4+SYO0+KD
+B0EI41phP/wOmG7+haKZ1AG/H0j+/SMBS1ErByw9VvW2Y3Wd440wrhBHeXI7Wx2W
+qIrd2k4ksd4pM4m+yojtc4vSS2P+At6rvdWL7NvIKgfhAFzqfqZoAGLQ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec
new file mode 100644
index 0000000000..690f579afa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem
new file mode 100644
index 0000000000..039b1f6f6f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ2gAwIBAgIUdUT/GdLxD1B7t8/7+yrahnifL1MwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBQxEjAQBgNVBAMMCWVlLWludC1DQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAhJfneO1hs5/bpWCTWgYIEzWsjD/hAFaEaokmyM7mvgt2ZGSqWnyE
+qJ4fQ08cdfuHHv1mjTcLs8V77ahdar+9alW8Z5t+rZYhgOiu9LJo8O9BThd64JxO
+1MJ6HSdtdyJcfwSW+OsVWotFZtSRI2fIX7ent0rujJX5GMZpiP32KhCjqxQtcf1x
+HFiTgzro+n7umZDLd3jH1e+Y5dn0EY4Y9vwAQ4YYXsJIFl0lhLACjG+mZj29hMct
+hxO3DYLrKFlfZTUrz+KZtx6etN0I7M0ChBpMWHmPECfXhg/ffkJqFZtl94oCr5hB
+gi6ZhjoAaGyxVKxuujtVpRaYIRT5B9OZXw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec
new file mode 100644
index 0000000000..670973930d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-CA
+subject:ee-int-CA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem
new file mode 100644
index 0000000000..50c26d7ba3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuzCCAaOgAwIBAgIUB8K+R7AzVbDqn7RA4hMZWP9Kbf8wDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJaW50LVNBLUNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAy
+NDAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGVlLWludC1TQS1DQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkq
+hkiG9w0BAQsFAAOCAQEAmiDm0St0AQ9a+RPBC95ycM8cHDsSiY8aRdfIEojLUCwJ
+3BSMAWh65tSSy59YFM/+hZquxW6mFKenKsvcVghBTUVxKONJKr8pnrpJiK1rkZxe
+euN3VOuv+nio4byTol9AQGKOg5GUtDtFsYIXrDH2wd6aUxGbi2cuD8q+YyjLpOr2
+1galNh18R9vXXlec/59Jp3hkSzgMs07RlbS8+G6qGRiSE5T6Yjf3vnv2rqQKE7xn
+Wiw+enu/RjPoZeXq6pzBupSo8FiunxT3dXESvjGxamG38T2w1n0NEz6jNs0E90/V
+R34SITuc+/Hk6AQUy04U9AiOx0Kb7DRNlXXb6/rZdQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec
new file mode 100644
index 0000000000..bd012ab712
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-CA
+subject:ee-int-SA-CA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem
new file mode 100644
index 0000000000..68d799dfd4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAaegAwIBAgIUZQ9IB4KTIRfOUcb3bOGwbFEnUI4wDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLaW50LVNBLU9DU1AwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowGTEXMBUGA1UEAwwOZWUtaW50LVNBLU9DU1AwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEw
+DQYJKoZIhvcNAQELBQADggEBAHLWWm2bWrApkz4OyZNVTyNNFHgcAGQPsAOAv4BO
+tm6DppAewakqHOEOJ+DBvTmyVvx66tpl48IHW5am2e0zoV3N6VTZhfZ1zzavS2h5
+SF4xMUWeJSjtmkjAxHFnz9JcR53CselhMj2ZRXQVMyr1W6QxBi1AfMtR96hWcY3f
+v4nBtIz/FkIFjTN/GU+vt5Rtc0Gns/kbl21ifuRM0QaXOj8u81gAQ3wEh0NLmy8Z
+ACTcy787xTRspMB3WOCJFHY2GqxrG5t7bS2EeUYu6xq1fnnRCfvemKUEALpCzzZn
+t8zmO7PVgNbBfXta0cXGFn5WNRSpOZGxXiQoBqnYWLStXFI=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec
new file mode 100644
index 0000000000..2374d248f6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-OCSP
+subject:ee-int-SA-OCSP
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem
new file mode 100644
index 0000000000..8722e2f71c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAamgAwIBAgIUG/gIwkS6ibsfvsd3knsfZ5AkaEswDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMaW50LVNBLW5zU0dDMCIYDzIwMjExMTI3MDAwMDAwWhgP
+MjAyNDAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD2VlLWludC1TQS1uc1NHQzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+ATANBgkqhkiG9w0BAQsFAAOCAQEADKzVNVhzBer5Tt4j61bsP8UL5/bJ6KPL9oHR
+WSgBGoaamfyn1gG9vOFKTI1/GjEzCrbIQPfsJypWj2MAER/msMiuucnzdjD9iUpK
+tkzTPFeO4hwAR9rImy0C4MiEXlY51Z2Ir+GH7DDVqVu5OPSDeuYUEF2mrL8T0Y/Q
+f7UTfbCinecnznWTgvC8EhXCUwMMnPjHqpJGVKwXuPjqVYA83htZ6m5kvg9/MWpZ
+YeRa4HO9A1Ui5OXsWnk4Uzp4cX5cMlc5VhnaMQV0gCPrcYw4x34t75Pu2VZPKlO4
+XmDiy90kfGat0wuOzqOGb9FEPkmvrbRhc6+LLCBHbHSIXlKWLA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec
new file mode 100644
index 0000000000..6c3cb64730
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-nsSGC
+subject:ee-int-SA-nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem
new file mode 100644
index 0000000000..2af207eed6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ2gAwIBAgIUc1s5H7wRuokI6INDaqXAJUUghNIwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LVNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBQxEjAQBgNVBAMMCWVlLWludC1TQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEANXVEEPwO3d4e8tBtwYHr78z3X1Fmtrjwb594Zp4xxx79mAUmAXnr
++SHJKfInLgdr0f85Pml5EAR7dlvqC0RMmkoljmlsPOLkEgiRxc/++ohEf2rn1QLL
+6+4tXjuHZ5u1qFa/tgdNqWzNqeGHA1y/+5KAB80mTiytFMBieKgVdv7ijvbClJRg
+V4vybtDD8RZMveGrOd1i+nPR5TLI5OnEmwP8duVLdq5eB/M2CYa+uPg8WgM8BlFP
+B4e9w99MW39z86MAwzw+tpgBT03uSQeV9UxcQVwLm+gjcxaHFPaKhRnqUaVH7A4F
+ZFMb168XWz34MCjJ3AWt4FfP6UwGn8L+nA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec
new file mode 100644
index 0000000000..72ddb78dfd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA
+subject:ee-int-SA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem
new file mode 100644
index 0000000000..8e8d4c2c04
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwzCCAaugAwIBAgIUB/nCi+kTmIkobMVqQFtJnevhGwEwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNaW50LW5zU0dDLW9sZDAiGA8yMDE2MDcyNDAwMDAwMFoY
+DzIwMTYwOTI0MDAwMDAwWjAbMRkwFwYDVQQDDBBlZS1pbnQtbnNTR0Mtb2xkMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABMA0GCSqGSIb3DQEBCwUAA4IBAQBcxzg5hx9tQ57Jv3wibAhPktjmqapB2suH
+eGE253Xn5haGq+0E3Qkmn7oF1ou6QyLvP+qbElhkx7+eEvhMhzRZFU8XmxzHRqbb
+dZ0/MQw+aLEOc4Utl+1n3pDbVhBjoG3yVxyErndHfyXg+hNPMBEPvtfMYnSkKHX1
+3w3pJSs8HtUNMG3jecwXOJic0kUu6V5npNC0KTeZq4OOzp48WCpEfsQ6W5MzR4PN
+mrCVU2t1GzCKRNA8E8a9unOcxnukz8FaY9RCkeW3cTwRNt0VaFprX32d1C4mz5rV
+vNz/TGA0jy2b4Mg/dpGXrxqyRy1mG3zfs7sDhEoCxLsd/7ytu/bs
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec
new file mode 100644
index 0000000000..a21b49b783
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-nsSGC-old
+subject:ee-int-nsSGC-old
+validity:20160724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem
new file mode 100644
index 0000000000..4acdf7b59d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxzCCAa+gAwIBAgIUYfx/2lyIWKMRlK/zS6/kmkp+t/MwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaW50LW5zU0dDLW9sZGVyMCIYDzIwMTUwNzI0MDAwMDAw
+WhgPMjAxNjA5MjQwMDAwMDBaMB0xGzAZBgNVBAMMEmVlLWludC1uc1NHQy1vbGRl
+cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAbCqK5OcHMj28V1PKiL4CHeN2oTCj
+pObUJrAUqsHJbqS2Q+huzzoSsL+yT4uKeiuDMZnKOm8OIZMtM7M4zQb6b5H1Wqm+
+fM5384kUubmSG+CzUd4adK8NjSwgYhgdvAecbzhPS1GUlai9qDJU+elQVIrNZCL4
+6B634koCQkarYybibdXgoum9zzcla0TRXe9rHjb8VYe+BH7tLAnWGpUqw4x36Buz
+gv605ApVb+QDAB9NH4/EZ1TXuKby6I9I19EkfADHL5XUKHGFH2EE+6Fsqihgu3QG
+NRYMU2GL79bZcwOm2t2v+ZB2fp+UlEs8nykWY7PgwbJ+ObgSauNHhKi5DA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec
new file mode 100644
index 0000000000..93e1831a32
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-nsSGC-older
+subject:ee-int-nsSGC-older
+validity:20150724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem
new file mode 100644
index 0000000000..557c8276e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUE/PT07mikR8SeEYcqdLT8IL5vMIwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQaW50LW5zU0dDLXJlY2VudDAiGA8yMDE2MDgyNDAwMDAw
+MFoYDzIwMTcwODI0MDAwMDAwWjAeMRwwGgYDVQQDDBNlZS1pbnQtbnNTR0MtcmVj
+ZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAKnYtenyuUSykB8EP4IkEeeVPo
+PeZpLKEHHr9CnjIC8b0lHhTsFQhIiNsCWt8xh+JS273QJi/A2rdo1M4KiMZyURne
+RZvTBpFu5F8E+VixDP9xmpAffrgqPqgNRyN+co7tUQZgsJHhb8LSKKMHQTMTBOgW
+nrVlMR+MwXBBQx7Yc7KkVob8DMWmIAAXlv0JY6ID2lRb4haBVS1gsPIj24mVF8XG
+dRJIgtVUvey49/PvErG6FNA32QPDCyv9UOkX9mtpnu9dT+v6mAkbRcSDYAsTTWh2
+seog8fOBA8WoqO+EtTIY2VLiO2G8pTp8MftYVc1Mhd5Kh/ZT+PtdngloPnDM
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
new file mode 100644
index 0000000000..4a3ad8ec05
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-nsSGC-recent
+subject:ee-int-nsSGC-recent
+validity:20160824-20170824
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem
new file mode 100644
index 0000000000..10bae6542e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbKgAwIBAgIUTe5MT0p0so5MFykddr1kBAMk1J4wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowEzERMA8GA1UEAwwIZWUtbnNTR0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjGDAWMBQGA1UdJQQNMAsG
+CWCGSAGG+EIEATANBgkqhkiG9w0BAQsFAAOCAQEAcGPEiH/hfb1EbEuv66X9c3fD
+g71Pe3qqOJ6QEW5S6Y1qwmVNOA0e7awGKj0i9MCMMb6sw0bWxmPJyR4QTsEG4lbi
+SazRgS2n6FAnaQMyU/qE8jG2epIJRWECEbhuviv88Rci2/w7/N3ED1mu2/f/19Zo
+UPNydVnAU5M1xRiV/lqlo2ZzNJHOw8raezoedrh15jUwcFs1WAqcxAUTearZYjr4
+GMYqOiDY0AzndK9XHHTyuj4rrHd+XgLRbHP/JPfAGzWyTa3Yqwe0fD2mORBtEDT8
+Y+nZIhKzM5Hra+TeeDs5jNFC9JH5ZMQgos4l6N5UeyqB1H+J0owl7VuvqLxrHQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec
new file mode 100644
index 0000000000..43d58ab6d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-nsSGC
+extension:extKeyUsage:nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem
new file mode 100644
index 0000000000..2195a06582
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAb2gAwIBAgIUYf8P4Z0RmA/uflirA4xHoKNqtHUwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowETEPMA0GA1UEAwwGaW50LUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyUwIzAMBgNVHRMEBTADAQH/
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA/izUgZ12n
+DeYVPwvRzgoQ6oZNoZNGwSip5AKfpdC/RtFsDMH5AjaUMrSGvJjSCgcEXSey1fTV
+wdkQs1gYOdDTu935Gg0K13kHZSN0bGEwBA7Gh8gBaOrA/PElx6q8FEG1+qg20GQB
+vN174zjsSy9M6lXu90jApAh4whwgSTOO8JJ4VR9k9jnTzb+5lL5DTvWjFaR0M0zE
++XCDMUr90pGtg/qLzfSiaLaHEBMZu1cpVwtg3lLmMZhQXm067jP/nNZpe0yvPwz5
+HLFA7vrHAZkmtuKg22Le3FLyhtgQRLd6KT92pg33yhD5jqJskI0jq8EGvNvUKLbV
+cZbtU1Px/vOt
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec
new file mode 100644
index 0000000000..e5bc18198c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem
new file mode 100644
index 0000000000..3dbec3ad5a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcqgAwIBAgIUK2ufphp0ShP+8H3RzpTFrZY/NrQwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFDESMBAGA1UEAwwJaW50LVNBLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAMBgNVHRMEBTAD
+AQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsF
+AAOCAQEAOclvzLUjmZihoAVTCzyH04vhIEfzSl3gbZsooUdY1CZ05+i95YhA8IOM
+Q9YDkIYGsLyMaX/X5OV96KKMRsfSldEWNiNMqXJamqHh1ZalfVFtmmI+k5P/pWX9
+hOzCm12CcxGpaklkyrJ1zQ9CE3Upil34X/Wfmzwiz88zUjc+jpfWU7/VQASoGNku
+AiOswyAuuTSWQ89GBzwH06Q6Ty4sICDdD+69RFnY9sBKPCiTDO1W85d/A/QqnCkj
++Be27/lFmpHV64u6vIa6WUdJ5FA8b/ernVvdZJc42jyTPy8Cwh/l7Onphy0cmHe8
+fm5lAou5Gh6pc3UB4haso1ib5hdkVw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec
new file mode 100644
index 0000000000..94e9a42d48
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem
new file mode 100644
index 0000000000..b4642e5e09
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAcygAwIBAgIUHyOa9EUn1y5E6yT4ne+opcI/RbwwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLaW50LVNBLU9DU1AwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjLzAtMAwGA1UdEwQF
+MAMBAf8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEB
+CwUAA4IBAQC2VSyElSFe/z7BdCgAot834Eer4HgxBtimrb1YNZgsaZjjU8v9Cv9h
+yBvs4M3J5ZuikyU5AyYiOF+YH9FouWbrsFnJezSpNI1MBqR8QDxdAwBCMqpHPsjT
+7Bw7N0ajkvWHA1PzzphFXthjNTYiIWQHLly6D/MQYHetyv3WvOevNQjl56B9uMdc
+pf5N/JDbxh23euSHuBTGICxMAOg4JkgqXlxVbTAXfQhLVmnvGY6/cjtyhz7tbfEC
+2fL9hnDPOciusR8WIYYi3TF8TWrZL5vhImQZimETuSQBMm5cygsaPFy3J28P2bPe
+lk6ehrv5e8pAHUak+OrbaWtyP4bh3tiK
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec
new file mode 100644
index 0000000000..c38a640b9b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-OCSP
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,OCSPSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem
new file mode 100644
index 0000000000..d0c8b0f89a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAc6gAwIBAgIUYeEyTSJzsgBm34At1b54YQbcruYwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFzEVMBMGA1UEAwwMaW50LVNBLW5zU0dDMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAMBgNVHRME
+BTADAQH/MB4GA1UdJQQXMBUGCCsGAQUFBwMBBglghkgBhvhCBAEwDQYJKoZIhvcN
+AQELBQADggEBACQdyOExX0WnOgZHDOcJFSxGXQ5B4d7DxdH5EKRYtCgq7zbqolvE
+qzi4fsDxbeRCrzVsCKDYqU69fO4sTAJRhBsEsz5Ybzi1Djfm3awjoCGl/kMJDZ8h
+trRh3pUlmwh6NXbF6IBlNrw2EqRR8TS+w71VDqFbvF0J2AKYSD9Fu44ArwLlPN2q
++nAKZnh1PDEW+jsKrZ6lKoft1A6894bp5g34wx2W5LR6RDk3xRGGoMFQXi//OQG1
+YWthV2tBPOWd8pJ7KJJBkliidsg3/vJzsGZXvd6bzd34LjJxNZfG3UNKP0RfHX4q
+El1zBn59yclrtG7vYKGITSJLbwv7E8vdBLQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec
new file mode 100644
index 0000000000..c84201d874
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-nsSGC
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem
new file mode 100644
index 0000000000..43e5d861b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAb2gAwIBAgIUE7YXyGbnrzogbe8A8yh1856yWAAwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowETEPMA0GA1UEAwwGaW50LVNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyUwIzAMBgNVHRMEBTADAQH/
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQAhGBv+d4uZ
+qUeJf7MoPJhW+aN9BzuOpzvo12DbAdQNOTEgzpx/OmpwOQq7+8QTKgusYvn6+O/l
+U4MxwKhXWPD5kZXXIPdYKiGmClxhAszP6jfhpaIyjfw04Bhj50uSv41fAastSygm
+rxUv95dc4K4PbyWxu+Yhz67bZ69wcU/wV6GPrkm4dlRPtTCZy6Y59mdlskfky7g9
+/jpfS0E7zZgjLRRCgk3QGeCvNV9aPHxbGZwVCZ4M7wNkFx+P/rhVDj2x6aAFTSaB
+acAkLEek+eY9tgmfTMEY9iZ80dUZV5XHTaQGRuoQNtSjJEkk0mjGTvG56xV1bP8f
+yv/QLk/RFMfi
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec
new file mode 100644
index 0000000000..74bec2b21c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem
new file mode 100644
index 0000000000..e0deef7c3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcWgAwIBAgIUbXK8dZ2kTHVUtKZ1Uamdr5h27tQwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNjA3MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowGDEWMBQGA1UEAwwNaW50LW5zU0dDLW9sZDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMmMCQwDAYDVR0T
+BAUwAwEB/zAUBgNVHSUEDTALBglghkgBhvhCBAEwDQYJKoZIhvcNAQELBQADggEB
+AK/99QYaWy5/SG7iKiGwSgJ49hobsVUf4DTN9+4FIesvXNUtXc+vmPVNwgy8S4Kn
+23zOUmp2LaRBQ3VxaiQ0o/RN3ZjULhPhGi3cHsjDTKXH3U0snAloUYONx1JCFOif
+RWwLeiyps1oW9ARfUQrbQRtw87ospU5aJ7JSPoVgbCMXubmEpRSeTMv0SHdOs6g7
+ahSaoT7BBRuHDnCb8+ZR509H9Dc4M2Dv4lQ9vlWGZjXnfM1ImIeUBTWQ0fngyoZW
+neTStGeL5MmCjjMMupJYbjNsenQXd9doD08+voOfmKgaMQDH0fgEACJHjmmt+eQ4
+j8WZP3lRZHZm/s23xNl+6S4=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec
new file mode 100644
index 0000000000..35f61671ed
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-old
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20160724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem
new file mode 100644
index 0000000000..dd709c343d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcegAwIBAgIUITNR+z5zrXNAq+3y9u3et1fNp6YwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNTA3MjQwMDAwMDBaGA8yMDE2MDkyNDAw
+MDAwMFowGjEYMBYGA1UEAwwPaW50LW5zU0dDLW9sZGVyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyYwJDAMBgNV
+HRMEBTADAQH/MBQGA1UdJQQNMAsGCWCGSAGG+EIEATANBgkqhkiG9w0BAQsFAAOC
+AQEAtkFQHiG8UeleNMgvJVneYQzIQt8wiZwudAH2FdiyeCtYUp95z19IzPlZeYq0
+FXlMJJ+SOn2wSZ9jHshV5VF8S4Rb3ou0EVJcu+X7cs3jOuLtV/KwFDKXrncWpF7L
+sH1yGVkAUNMQlE52MgPxg7P6yd+lbU9MlqD5rpifsAecrXzctzi8l3qb2UJvkHku
+BLE+ViTnn9RFDQFQ/1AAF9cbSJaUF0rwWznXpB0PAu+v9lBpn9a83/GXZc1SO2mE
+MIdgRpuB1Lr+wZq5ulXHAeBJ+kH8lrG2CIXSQPFQjPfiS2D5hM1cdd7GSEh4BoZv
+AbTKG12NXN9AG7RpG7upSBG4mQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec
new file mode 100644
index 0000000000..f7a870c0f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-older
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20150724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem
new file mode 100644
index 0000000000..c5c8e724c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcigAwIBAgIUec5AldPAXDY+y1Q7RfO4SfvteiEwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNjA4MjQwMDAwMDBaGA8yMDE3MDgyNDAw
+MDAwMFowGzEZMBcGA1UEAwwQaW50LW5zU0dDLXJlY2VudDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMmMCQwDAYD
+VR0TBAUwAwEB/zAUBgNVHSUEDTALBglghkgBhvhCBAEwDQYJKoZIhvcNAQELBQAD
+ggEBAJO1C5eYEk2/+xvgWsCsUZi7PMoZLhb5Jb2V61JMWREfCozmYepqlamR6IZV
+fn5Q9OClLtAzSybeia40nsW/xb/o+5zJn0rPzk6JIsMToJk07fqp+uG9LbAM82IV
+RnHzmCS4/3n4fl1k1GGL0A/NYBUsilY9oKhVl1zukB/z3ALp9LyProNLsEZmWkl7
+F07+lR9PPMOqA1SuDJmZMyZ4cKDyYYF7NYKGi57xpgpUXGq8IPOKKGq4XlYqQhOQ
+sVSuc+16A+NlPwMogczcgTgy7QD6DF4WNOCDGwuF0YB7uROEbYvh4lkKJfhnAtb7
+1/xnmTVssnCTsbppIiXtKs8zzu0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
new file mode 100644
index 0000000000..f421ddc1a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-recent
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20160824-20170824
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null.js b/security/manager/ssl/tests/unit/test_cert_embedded_null.js
new file mode 100644
index 0000000000..c23717252f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null.js
@@ -0,0 +1,54 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that a certificate with a clever subject common name like
+// 'www.bank1.com[NUL]www.bad-guy.com' (where [NUL] is a single byte with
+// value 0) will not be treated as valid for www.bank1.com.
+// Includes a similar test case but for the subject alternative name extension.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+async function do_testcase(certname, checkCommonName) {
+  let cert = constructCertFromFile(`test_cert_embedded_null/${certname}.pem`);
+  // Where applicable, check that the testcase is meaningful (i.e. that the
+  // certificate's subject common name has an embedded NUL in it).
+  if (checkCommonName) {
+    equal(
+      cert.commonName,
+      "www.bank1.com\\00www.bad-guy.com",
+      "certificate subject common name should have an embedded NUL byte"
+    );
+  }
+  await checkCertErrorGeneric(
+    certdb,
+    cert,
+    SSL_ERROR_BAD_CERT_DOMAIN,
+    certificateUsageSSLServer,
+    undefined,
+    "www.bank1.com"
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    cert,
+    SSL_ERROR_BAD_CERT_DOMAIN,
+    certificateUsageSSLServer,
+    undefined,
+    "www.bad-guy.com"
+  );
+}
+
+add_task(async function () {
+  addCertFromFile(certdb, "test_cert_embedded_null/ca.pem", "CTu,,");
+
+  await do_testcase("embeddedNull", true);
+  await do_testcase("embeddedNullSAN", false);
+  await do_testcase("embeddedNullCNAndSAN", true);
+  await do_testcase("embeddedNullSAN2", false);
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem
new file mode 100644
index 0000000000..91233a79dd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUW0tAkXslaf5AkE2ROwvnEvMo79MwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA/1uiRtJJ6gASZfaGdmjTgHNnG
+OX3VBb8CGbu7yrmlUU0/oiH9BHb9/gq+Gwwcjg++2AEmUWd4damMXKUtRzouP6dV
+Z02jnExdXqq3xLDP71/bY3eneqg/KVIv3wDaHhatmVqWB4oy4itNmvVbbtCjUOyX
+DF3RM5HPQEDjMJO0TjKZMXp5HbyggAvGTbyw6kz+6EVuxxhFqVq1bti1CU4tGBdk
+b6ZOVQhxgJljogn70syXX+CUuUtu9+ufklWQjMtITjBKTSP5cg/NMnKrAL7dF30n
+aUcXz8fpmzjseQjk6uzkDYSFW2HiQtMHKhpCOXAoZ0hGtQ4BXhyhScK2sSB8
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec
new file mode 100644
index 0000000000..6660f5d478
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem
new file mode 100644
index 0000000000..d1e1dc03b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa2gAwIBAgIUdfhUzL690DlZ9ozJDIeI+5x3M4cwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowKDEmMCQGA1UEAwwdd3d3LmJhbmsxLmNvbQB3d3cuYmFkLWd1eS5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGL6BtraqvvOT9jKF7MGo6Q36s9ZX1E0
+N8D0PJnsexXKWOrnqGOT1rrp+YN0zgLc783pqH+pOkYHMKk88L9FKDeZeK8zo6j5
+E/X609Bdo+S89EW0qBqEvpWCAsF9I/F/sbuTf49hS8kE9mwMW0dbqcBuQYviCN4Y
+AEQCACkjdrI8KBG54Q4iVzvUP4+Ub+/QGuDEZC6n9yeiYQjw4LnY/uNO22dGKgU1
+wJbTRSsTsT7iXQkhag/3/pCMHURzJ3jWlNZMa+lhvm30Af/AqAqIrcidP1QwdifS
+QcNZlY0cSlqwqYe8By10B3oLKLu9ChutTerw7p0j3H3WDSAbmOiSfQI=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec
new file mode 100644
index 0000000000..d1a32349a2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem
new file mode 100644
index 0000000000..60672695da
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAdugAwIBAgIUFUHbA2Pa/0TJflA2QO7eNc/EC1gwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowKDEmMCQGA1UEAwwdd3d3LmJhbmsxLmNvbQB3d3cuYmFkLWd1eS5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjLDAqMCgGA1UdEQQhMB+CHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXku
+Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQATiTRzyQxrGnwWmRATYy3TWChqhzFECBSU
+iVrdAZ2bFJxb4FJWRbwPI6d67GK0C6DLtdtNt9q2jWxdfDZCkpR7rFH2hj0sW1hm
+knYaQKmNmd64FS4nH26FMD5YxgykxQAEJzXSCYHUwM0UX72ebLaFn55wdA+onc/g
+JijC3UI62fYYUzEu8TwbAnqfzclevWBHpZJgZxdUK/tk2RRPz4MAWrKOL1R1jX2i
+57CDGXOC3fQtu7pKjMLcZv3T/vkttJNqmSD4YeA6+xd117ig5d0OqLzFxrwA83Ls
+ltkxkS4rsphX9zkgcAb1x0/VgoZbmeLTZM6INyWOkE4W+IXYh7kN
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec
new file mode 100644
index 0000000000..1029d6cdd0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:www.bank1.com\0www.bad-guy.com
+extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem
new file mode 100644
index 0000000000..fc3b0ad73a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIUDzUDem23kK14+ubqJMXuQR5ZhjUwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowHjEcMBoGA1UEAwwTZW1iZWRkZWQgTlVMIGluIFNBTjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMsMCow
+KAYDVR0RBCEwH4Idd3d3LmJhbmsxLmNvbQB3d3cuYmFkLWd1eS5jb20wDQYJKoZI
+hvcNAQELBQADggEBAHkWUv8gAyNjRQyOlWm9JetvuBKy6d446LbaSQdEoDZAK6Oa
+WAAQ2ao1d5/dIWJLZPHCJYLUjBWj1EOS/no96FjTK+xg99zdweMPUAyK2uzKmsNS
+lfrwTktv21xT6QamLhFXMspTwPV6VYcIgQpUI8wuhAEN858xPcbO+bLQtQ+XvklP
+ZReejgox6quiKEw5qFbX9jDeZDq713dnnUqwL1FczdFjTm1uP1o3SoUGHsGH3FPJ
+p6LsyKiUfaTBglFNN+iasl50e/MDJZmCIjqVvv/tCVCN2VPpWNYeyP1e2DxPL+yb
+nVqbdSGVqOMWz4sRSjEnb9Xf9Uy1EigO8rb48VA=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec
new file mode 100644
index 0000000000..f224888eee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:embedded NUL in SAN
+extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem
new file mode 100644
index 0000000000..3aea7c6b5c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdagAwIBAgIURTMxPbOwfgpUVoSWuyXAKlS8e00wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLYmFkLWd1eS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjOTA3MDUGA1UdEQQu
+MCyCC2JhZC1ndXkuY29tgh13d3cuYmFuazEuY29tAHd3dy5iYWQtZ3V5LmNvbTAN
+BgkqhkiG9w0BAQsFAAOCAQEAoMSmJIxxm9N/qNkADdIYDwEByibG4CLYD7EqtclQ
+gTKUW5RWLcF1xkAfqSKsRkfE0965SofgH31J7sGnL02ROEdPK3Tc1/R7INS05yCp
+QHAYLwz9rWhJaF42tfn06cOpaoAVvU/0reOLUwwCg4j+0bDTErkZZyY0QX4i+ou0
+f2I/oGK0HfdkxiKjCExz5qsgdAVfPk8Kp5sJ7S/kJzkKQbQ58qAD9ObiF4zl5wtR
+5KveoFUckVXrznd9haqMlyj/kd3s4hKNl7n/kbXdiaxxvSh57c7K1O+mugREiwCA
+Oa57wZV4F6N2FpJrwlsvYH+J5ejNTCU1VJqWffqJbdPpdg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec
new file mode 100644
index 0000000000..d352d034b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:bad-guy.com
+extension:subjectAlternativeName:bad-guy.com,www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_expiration_canary.js b/security/manager/ssl/tests/unit/test_cert_expiration_canary.js
new file mode 100644
index 0000000000..4f76555096
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_expiration_canary.js
@@ -0,0 +1,40 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Attempts to verify a certificate for a time a few weeks into the future in
+// the hopes of avoiding mass test failures when the certificates all expire.
+// If this test fails, the certificates probably need to be regenerated.
+// See bug 1525191.
+
+// If this test and only this test fails, do the following:
+// 1. Create a bug for the issue in "Core :: Security: PSM".
+// 2. Write a patch to temporarily disable the test.
+// 3. Land the patch.
+// 4. Write a patch to reenable the test but don't land it.
+// 5. Needinfo the triage owner of Bugzilla's "Core :: Security: PSM" component
+//    in the bug.
+// 6. Patches to update certificates get created.
+// 7. Test the patches with a Try push.
+// 8. Land the patches on all trees whose code will still be used when the
+//    certificates expire in 3 weeks.
+add_task(async function () {
+  do_get_profile();
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certDB, "bad_certs/test-ca.pem", "CTu,,");
+  let threeWeeksFromNowInSeconds = Date.now() / 1000 + 3 * 7 * 24 * 60 * 60;
+  let ee = constructCertFromFile("bad_certs/default-ee.pem");
+  await checkCertErrorGenericAtTime(
+    certDB,
+    ee,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    threeWeeksFromNowInSeconds,
+    false,
+    "test.example.com"
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
new file mode 100644
index 0000000000..13ae5e31e2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
@@ -0,0 +1,89 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that nsIX509Cert.isBuiltInRoot works as expected.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+// This is a certificate that (currently) ships with the platform.
+// It should be considered a built-in root.
+const sNaverBase64 =
+  "" +
+  "MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM" +
+  "BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG" +
+  "T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0" +
+  "aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx" +
+  "CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD" +
+  "b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB" +
+  "dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA" +
+  "iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH" +
+  "38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE" +
+  "HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz" +
+  "kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP" +
+  "szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq" +
+  "vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf" +
+  "nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG" +
+  "YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo" +
+  "0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a" +
+  "CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K" +
+  "AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I" +
+  "36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB" +
+  "Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN" +
+  "qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj" +
+  "cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm" +
+  "+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL" +
+  "hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe" +
+  "lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7" +
+  "p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8" +
+  "piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR" +
+  "LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX" +
+  "5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO" +
+  "dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul" +
+  "9XXeifdy";
+
+// This is a certificate that does not ship with the platform.
+// It should not be considered a built-in root.
+const sLetsEncryptBase64 =
+  "" +
+  "MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw" +
+  "PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD" +
+  "Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa" +
+  "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD" +
+  "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD" +
+  "ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB" +
+  "BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg" +
+  "PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG" +
+  "dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1" +
+  "gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4" +
+  "4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud" +
+  "EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy" +
+  "BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j" +
+  "b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv" +
+  "ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ" +
+  "MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH" +
+  "AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw" +
+  "MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM" +
+  "LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3" +
+  "pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd" +
+  "v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd" +
+  "ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW" +
+  "ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk" +
+  "6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj" +
+  "f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=";
+
+function run_test() {
+  let builtInCert = certdb.constructX509FromBase64(sNaverBase64);
+  ok(builtInCert, "should be able to decode base-64 of built-in cert");
+  ok(builtInCert.isBuiltInRoot, "cert should be considered built-in");
+
+  let notBuiltInCert = certdb.constructX509FromBase64(sLetsEncryptBase64);
+  ok(notBuiltInCert, "should be able to decode base-64 of built-in cert");
+  ok(!notBuiltInCert.isBuiltInRoot, "cert should not be considered built-in");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
new file mode 100644
index 0000000000..deb6ba914a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
@@ -0,0 +1,143 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that nsIX509Cert.isBuiltInRoot works as expected. Differs from
+// test_cert_isBuiltInRoot.js in that this test uses a preexisting NSS
+// certificate DB that already contains some of the certificates in question.
+//
+// To create the necessary preexisting files, obtain the "NAVER Global Root
+// Certification Authority" certificate and the "Let's Encrypt Authority
+// X1" certificate (copied below for reference) and perform the following steps:
+//
+// `certutil -d . -N` (use an empty password)
+// `certutil -d . -A -n "NAVER Global Root Certification Authority" -t ,, \
+//   -a -i naverrc1.pem`
+// `certutil -d . -A -n "Let's Encrypt Authority X1" -t ,, -a \
+//   -i LetsEncrypt.pem`
+//
+// This should create the cert9.db and key4.db files.
+//
+// To determine the new DBKey associated to the replacement root,
+// one can print builtInRoot.dbKey in test_cert_isBuiltInRoot.js.
+//
+// (The crucial property of the first certificate is that it is a built-in trust
+// anchor, so any replacement must also have this property. The second
+// certificate is not a built-in trust anchor, so any replacement must not be a
+// built-in trust anchor.)
+//
+//
+// NAVER Global Root Certification Authority:
+// -----BEGIN CERTIFICATE-----
+// MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM
+// BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG
+// T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0
+// aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx
+// CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD
+// b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB
+// dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA
+// iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH
+// 38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE
+// HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz
+// kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP
+// szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq
+// vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf
+// nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG
+// YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo
+// 0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a
+// CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K
+// AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I
+// 36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+// Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN
+// qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj
+// cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm
+// +LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL
+// hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe
+// lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7
+// p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8
+// piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR
+// LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX
+// 5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO
+// dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul
+// 9XXeifdy
+// -----END CERTIFICATE-----
+//
+// Let's Encrypt Authority X1:
+// -----BEGIN CERTIFICATE-----
+// MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+// PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+// Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+// MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+// ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+// ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+// BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+// PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+// dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+// gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+// 4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+// EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+// BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+// b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+// ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+// MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+// AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+// MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+// LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+// pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+// v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+// ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+// ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+// 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+// f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+// -----END CERTIFICATE-----
+
+"use strict";
+
+function run_test() {
+  const certDBName = "cert9.db";
+  const keyDBName = "key4.db";
+  let profile = do_get_profile();
+  let certDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${certDBName}`);
+  certDBFile.copyTo(profile, certDBName);
+  let keyDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${keyDBName}`);
+  keyDBFile.copyTo(profile, keyDBName);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  // This is a built-in root, but not one that was added to the preexisting
+  // certificate DB.
+  // Verisign Class 1 Public Primary Certification Authority - G3
+  // Certificate fingerprint (SHA1): 204285DCF7EB764195578E136BD4B7D1E98E46A5
+  // https://crt.sh/?id=8984570
+  const veriSignCertDBKey = `AAAAAAAAAAAAAAARAAAAzQCLW3VWhFSFCwDPrzhI
+    zrGkMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdB
+    gNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IF
+    ZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAM
+    TPFZlcmlTaWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
+    dXRob3JpdHkgLSBHMw==`;
+  let veriSignCert = certdb.findCertByDBKey(veriSignCertDBKey);
+  ok(veriSignCert, "Should be able to find VeriSign root");
+  ok(veriSignCert.isBuiltInRoot, "VeriSign root is a built-in");
+
+  // This is a built-in root. It was added to the preexisting certificate DB. It
+  // should still be considered a built-in.
+  const naverCertDBKey = `AAAAAAAAAAAAAAAUAAAAawGUMB6iC93
+    1xTMqsUNEcfjWUE0NMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVN
+    JTkVTUyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3Q
+    gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHk=`;
+  let naverCert = certdb.findCertByDBKey(naverCertDBKey);
+  ok(naverCert, "Should be able to find NAVER root");
+  ok(naverCert.isBuiltInRoot, "NAVER root is a built-in");
+
+  // This is not a built-in root. It was added to the preexisting certificate
+  // DB. It should not be considered a built-in root.
+  const letsEncryptCertDBKey = `AAAAAAAAAAAAAAARAAAAQQCYE
+    /R1E+V1C0PnQx6XHkS9MD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRyd
+    XN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDM=`;
+  let letsEncryptCert = certdb.findCertByDBKey(letsEncryptCertDBKey);
+  ok(letsEncryptCert, "Should be able to find LetsEncrypt root");
+  ok(!letsEncryptCert.isBuiltInRoot, "LetsEncrypt root is not a built-in");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db
new file mode 100644
index 0000000000..7d48c6b133
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db differ
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db
new file mode 100644
index 0000000000..e41477dfd9
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db differ
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage.js b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
new file mode 100644
index 0000000000..a327cb41fa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
@@ -0,0 +1,76 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const caList = [
+  "ca-no-keyUsage-extension",
+  "ca-missing-keyCertSign",
+  "ca-all-usages",
+];
+const eeList = [
+  "ee-no-keyUsage-extension",
+  "ee-keyCertSign-only",
+  "ee-keyEncipherment-only",
+  "ee-keyCertSign-and-keyEncipherment",
+];
+
+const caUsage = [certificateUsageSSLCA];
+const allEEUsages = [
+  certificateUsageSSLClient,
+  certificateUsageSSLServer,
+  certificateUsageEmailSigner,
+  certificateUsageEmailRecipient,
+];
+const serverEEUsages = [
+  certificateUsageSSLServer,
+  certificateUsageEmailRecipient,
+];
+
+const expectedUsagesMap = {
+  "ca-no-keyUsage-extension": caUsage,
+  "ca-missing-keyCertSign": [],
+  "ca-all-usages": caUsage,
+
+  "ee-no-keyUsage-extension-ca-no-keyUsage-extension": allEEUsages,
+  "ee-no-keyUsage-extension-ca-missing-keyCertSign": [],
+  "ee-no-keyUsage-extension-ca-all-usages": allEEUsages,
+
+  "ee-keyCertSign-only-ca-no-keyUsage-extension": [],
+  "ee-keyCertSign-only-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-only-ca-all-usages": [],
+
+  "ee-keyEncipherment-only-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyEncipherment-only-ca-missing-keyCertSign": [],
+  "ee-keyEncipherment-only-ca-all-usages": serverEEUsages,
+
+  "ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-and-keyEncipherment-ca-all-usages": serverEEUsages,
+};
+
+add_task(async function () {
+  for (let ca of caList) {
+    addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem", "CTu,CTu,CTu");
+    let caCert = constructCertFromFile("test_cert_keyUsage/" + ca + ".pem");
+    await asyncTestCertificateUsages(certdb, caCert, expectedUsagesMap[ca]);
+    for (let ee of eeList) {
+      let eeFullName = ee + "-" + ca;
+      let eeCert = constructCertFromFile(
+        "test_cert_keyUsage/" + eeFullName + ".pem"
+      );
+      await asyncTestCertificateUsages(
+        certdb,
+        eeCert,
+        expectedUsagesMap[eeFullName]
+      );
+    }
+  }
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem
new file mode 100644
index 0000000000..7ef812e4c9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcegAwIBAgIUE5r8LYaA73SA25Y8MhWmudWklrowDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAYMRYwFAYDVQQDDA1jYS1hbGwtdXNhZ2VzMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+ox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jANBgkqhkiG9w0BAQsFAAOC
+AQEAbfCeYrdUfCn8yN8rtt69olTC8huRW7dWFr8LcRgoU+jQO5myXPvZc6r4Kig7
+SuXueQCvX7IRipDf6lB8t911vHwvvZATTvXB4MJ0QZTSjn2P61bekoAVfexFfM1n
+QE4ONlo/3f/p/RtP6VKJnErdwSFyNzIuEBdSNPUwyJIOgBge3qi5BMM7Lm0oiTIw
+L1E++BcBffAEociBiCaB1nd6jbIUtnTY8jyWIr/trzG5BmIKjZGzzrS8zCI8brq6
+M7lT7oOXwD5Q0aP+OUPrtLPC3norMKVuyo4HJdT1XZVjc/15GbwbSeTI3jiYGxWv
+RY288eAkTXZvXxwQvT7W7q1Owg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec
new file mode 100644
index 0000000000..2ca523c74e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-all-usages
+subject:ca-all-usages
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem
new file mode 100644
index 0000000000..cb8d04ae3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIUCaFrRP9EdV/s2molg6t0aH4/M9QwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWY2EtbWlzc2luZy1rZXlDZXJ0U2lnbjAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAhMR8wHQYDVQQDDBZjYS1taXNzaW5n
+LWtleUNlcnRTaWduMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB
++jANBgkqhkiG9w0BAQsFAAOCAQEAMT30/3FlLT0SRLla9/6nUnhM18/h5te+HEew
+3PwtcRv0JwUBdYXxNK/MVIMDaL9GC/6S9zqlGw4N86tP2E3s8giwbLcNWelou8Zu
+nmnz8BU4MtfW+lkF/0ZNhDRBFXFWTNM7pdKDfVHJhMvzZdk0tEgU2hCZwMu4PGRs
+6oJTrBacjc27s3mVRaxi6NdGZIJQBlfakn7FXI2RcP/+WYgTNNBzvFyRO1pvJdTq
+cGR1fykBoiFZrKOO+MSAWEXke3w/U/lQCM5odDAFngxsHrSftc44XgP2DG08vovH
+wl3MGpr2RDqovYSWKJSv2VeLqSdpeIG/y4ixFBXwmRF/YVUyrQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 0000000000..26e0158ebe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-missing-keyCertSign
+subject:ca-missing-keyCertSign
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem
new file mode 100644
index 0000000000..29a39ee751
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAdCgAwIBAgIUaZMM8r1k443E+DQLRBc1j34OAGYwDQYJKoZIhvcNAQEL
+BQAwIzEhMB8GA1UEAwwYY2Etbm8ta2V5VXNhZ2UtZXh0ZW5zaW9uMCIYDzIwMjEx
+MTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCMxITAfBgNVBAMMGGNhLW5vLWtl
+eVVzYWdlLWV4dGVuc2lvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAPBRfUuVZulBelyNkd9A9UP5svL4sM8HjbYfggMGh8wHudlH9
+mghp/up5ZEuqyfrwJ8G2yCRC8pvZv4BcBvtlUngWsuBuGKJ0+8OMFdGk5gLhjiDm
+tVQR99o2MFzG8fCjqpNwB+MfSrt2Mbu5hV66UjSvjar6qVcwjWpdKmDnJGgvs6Ib
+t2mZIyoV1pSJNkDai7o1GtXj2WFL9VwjYhi4EDfdUz5xOuLWdBMMRlnfDq1pDpub
+LZ+8FqHJCbFL6G9q3RXPjRhmWIePc/gZLEkVd9S092ePb18gs62UHxK68n+4DOQp
+BdFdrTMeqehtapMkO5G2RMCa7seL6hStoTsxJQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 0000000000..d32e6a6496
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ca-no-keyUsage-extension
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem
new file mode 100644
index 0000000000..393380d981
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAc6gAwIBAgIUGWYB9e9ARnyr9cvrxtuO7gAvALIwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAtMSswKQYDVQQDDCJlZS1rZXlDZXJ0U2lnbi1hbmQt
+a2V5RW5jaXBoZXJtZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAiQwDQYJKoZIhvcN
+AQELBQADggEBADQMLlcZMsXMKfScNpZZ4KSSWr20vhhXerUk9hK6QqCSUjxlD/QH
+Bib9+T3w0qfEL9QBt5ic/BIN9V9Z5bfLW5IuCT1Gq4yL9aQNkRtTNEtXPZjsAyP5
+OBcsWcsqdNvPn7DOCE4DSo7Omqx1QOGGD3F9ico1NykgUZNN/xdK3kstrugY9Gnv
+FpHvrlkpMxFEmKzxx2AKgsdr4ZxiZnzu87Cv0ICWYjRTTOflJmwKkfO+hR6K5XrP
+TWbyoX2AYkWXWlierE5nTDWAG4Z2fi5FFQfGbGBxdBU/febJZwLBghRCLFQRjkYK
+GOThHpemmJV2UPxfbWXX1pqQkEGb+a4Aqis=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec
new file mode 100644
index 0000000000..0bb2721a31
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem
new file mode 100644
index 0000000000..6f9425e546
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdegAwIBAgIULaOT+liPEeD1woYhMEmcCYf8h4IwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWY2EtbWlzc2luZy1rZXlDZXJ0U2lnbjAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAtMSswKQYDVQQDDCJlZS1rZXlDZXJ0
+U2lnbi1hbmQta2V5RW5jaXBoZXJtZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAiQw
+DQYJKoZIhvcNAQELBQADggEBACbwD8VRRCFLZFSp31okFWXBJLTqilYjzZChoQVS
+/rbz6ae8P8ScX8ppi2eGFNB2vVETTtKwpI8bdncmtInk/JtUncnmU5wjqKsG1gmI
+Lzz3ZC+x62R/6ocCRw0FfEa9C87BYHy3oRHa6qpSv+ZjNWMc9Me15WIt9JPFrENs
+SWWTF005OXT6/SN9Db3DL2yOGn9cB6GbwsbNptBd9joBFbhpZNY7XMakkVDKGL/W
+JeKZEzeyiR2EGxFYxOn4lNuJty3DOjClP8++iQFClBO5E6c+9jV0Rsew3aL7Q87y
+JWouTF7sYRjwBf+lWsRJ4sZCe6yEhNkGQKXGBAOiWtxeuUI=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 0000000000..567ab0ce2d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem
new file mode 100644
index 0000000000..8344820c66
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIULe9oCGYjHMm9s2kUkeaGeYDfkYowDQYJKoZIhvcNAQEL
+BQAwIzEhMB8GA1UEAwwYY2Etbm8ta2V5VXNhZ2UtZXh0ZW5zaW9uMCIYDzIwMjEx
+MTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMC0xKzApBgNVBAMMImVlLWtleUNl
+cnRTaWduLWFuZC1rZXlFbmNpcGhlcm1lbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwIC
+JDANBgkqhkiG9w0BAQsFAAOCAQEAbvM/6pDn9yYnnEKzEoEC5rSpQVZkgunP2WNc
+dJ9s0zkZeT5HCnPbcntHfjbK217iwja9k/eSg8ukDofstkExjRswRS4F4rCb3ciB
+yEsb5QX2mFAFnFE4b/i3XFDlYSzw2hWOOB2+WXmYNu82eZOvfiM4UvSV2wwFQiOf
+XAYbW5rd7umW5YS8K6heBuFbS1aJLFasDgPb7bHCCYJH/GyLcvDn45e0Y89m3us9
+e2OHLsVN6Mjaq1UO0zXwsSb0GwoYxagHy8h5c3m8tNpe254X6f6jnKbVNUK6SJ2Q
+293EF9vGzv0q1FUZDP/y/qiVlbFJ1QT4cos7Ryzg1KVQSDqL1Q==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 0000000000..c48ef66126
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem
new file mode 100644
index 0000000000..92e5f92177
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAb+gAwIBAgIUCWQJroNopActb60dEoJJYUXC6YQwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNlZS1rZXlDZXJ0U2lnbi1vbmx5
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABow8wDTALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAGU/zN/j
+eXCJzlYjTcRRZF8/3kDauNwfQMHFD2ftNcdsTDHBZt+8ZN7aGau8038f0tw3//CL
+C2VJNkhy9DvizdzgITO315HIM9wYaITDxpLob+z27/Wb7NPfYFb26Z9mY91l89ku
+umemthFmh4oHRDmEbDa1tUD0bcqmdg5zChemA/LuKV3nw6oZsHEy5NUESXicNhSx
+9zm8F32/SyTur75mJ4a2AHqFr8fbLAgYCtj7RWmAI4sPGgk1C689Aj4oGWkkFkgE
+uifRyiui2GRiTH82wvzWh3UNYyJZEOnKE4jxGljE9I5BjK95vyU13d3IkIvJJ1pH
+tfQSjzOe6SsNvP4=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec
new file mode 100644
index 0000000000..c495ca6d0e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem
new file mode 100644
index 0000000000..74a3be06df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcigAwIBAgIUWbCPLRav9EW2uQgTKqbUCxb/sUAwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWY2EtbWlzc2luZy1rZXlDZXJ0U2lnbjAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNlZS1rZXlDZXJ0
+U2lnbi1vbmx5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQELBQAD
+ggEBADXuaMRmW0SKcP3hLgeoE5J/Sw7cm+ffo9j192akaHTnI/H/pD+j6JkEOsw/
+2gyrKPQdcKqWNqSIDpZMEcQrCi2LnYgJEZFGRHol7oS7FnQaZ5Bp+cx5wnz37Ig5
+UkYHoBoa2JYD6HmibtsB9d83CG/b9B7ulEE4pYJga+0nRcIRLIbEP87mRFPmMAe9
+i8yvZI1FbzFYILehOYcIBVUT1O4U1Xyt/k1lPGOlKs8VUQ66XY+7+iLu53pxv9ja
+dIgPcFer+dRC7GVtneOnggHQ3aYxrnSBlOFd54Y+O7QfESSZsrXbrZmzhd617UeW
+7spMsdHfI1rsc8aQ6gVFqlXd6mw=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 0000000000..23ddd0eb8a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem
new file mode 100644
index 0000000000..086f2ac5d1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcqgAwIBAgIUfcLeIvoPPBJMolgBDz+v3K8mAEEwDQYJKoZIhvcNAQEL
+BQAwIzEhMB8GA1UEAwwYY2Etbm8ta2V5VXNhZ2UtZXh0ZW5zaW9uMCIYDzIwMjEx
+MTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME2VlLWtleUNl
+cnRTaWduLW9ubHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsF
+AAOCAQEAq9eg9Xq7glTjKJtItaRt8PPhXeVZIbMoabIuDdHMq7hT4YXS5vWysT8V
+M6oNOsvnSuwAm+9Y1fTsB/mR8l0BpaYadLizagIHSFZ57bPZzzfEQngu2NkGd+v2
+wxQIrp1KkZCHzYRenT6sZGuAxqqX0KVsEnwen0N93UIrOn3D6T2EE1QT5IMI9IPU
+3OX3UtOVYzUOia+IV0VEpQ0r1o8BmZopx1dkMFvsj7rciF4pR9UQQDzkCs8z60iK
+oG1zzqnwW0ZA9PAmB0pAJbHf3gKOka6I137QvYhCWlFUr5LqVKY/A2IACbIeBQJG
+WKib6YiVMFSI0vdEqNgH38F5c+SaFg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 0000000000..a5a2d62a7d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem
new file mode 100644
index 0000000000..321ceca492
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcOgAwIBAgIUYfQJjxnw4OD0vXwmpPInpoGAILowDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAiMSAwHgYDVQQDDBdlZS1rZXlFbmNpcGhlcm1lbnQt
+b25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u
+togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6
+pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL
+KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq
+fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv
+Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za
+GAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBCwUAA4IBAQAc
+KoBdffm/erD9x/k7jvpq99n6AYDeWpIfLdAA3FUTLZItlNNjEYZGDaLd2NRYB0ay
+mbJgYnwdnuac0pylWfTxDMQfcC1ztsXeB8DF/H3v3/iWXUoHbtmCFa3OBac6PJQQ
+K4+ssbipWUaCTP+79lT6e0cs7PXnLLxEyLYlLJFxO6t3Y3knsH3/UEu/86ZWJs5F
+e6BamdM26itAfe30rzTzSr0WxiHZYGX3K5mSZ0+p/FD4Up0MFALukn1xZ6+WLd8c
+gsi0li246g2aUf+rjjKlg4wmx2JndYL5vUP2SJJfFxulvzgDtHw2RfsgA2eN9Zvi
+5a/1QH9m39qO6LXZxwVu
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec
new file mode 100644
index 0000000000..08154a53ee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem
new file mode 100644
index 0000000000..8e45895208
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAcygAwIBAgIUf2jeIliw8Hs+4yN24J1B9he7DEIwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWY2EtbWlzc2luZy1rZXlDZXJ0U2lnbjAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAiMSAwHgYDVQQDDBdlZS1rZXlFbmNp
+cGhlcm1lbnQtb25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEB
+CwUAA4IBAQAto3rwCaozt9tPSju24aTGvGPQwoiZ1uJzp9PJGKTMKpm2jobT1c1o
+RLjpfa5P2TM6vUCOS7M+uLkzlYsr8aW5WrD0ehJX3Ge1oOFA2A/xwHbffwPpUXgS
+euBMN/RV5Oq9pPLlI5FCG2nWTNjG1u2oEx9Lxf0iMs4YpPwFU1w/mbgFqdnQNn5N
+54DWg3MFNMeNXpGJZrJnKZj7iPFpDtGbTVAKe9tsR4wu5EbReOxa4LvN79BP2Z44
+jivHsnId2SMu1xbaqXLg8ZoTTNX8zL9Mls6kQkjf7vunGrK968x6wDffhz+FTafZ
+qx0xbp/j82UxSPGnj+MYe3dPKU+yZaAZ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 0000000000..9bdcf4b7b8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem
new file mode 100644
index 0000000000..2cf8010b45
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAc6gAwIBAgIUOXP432q/p9DYN1yjp9TtbUn7sCMwDQYJKoZIhvcNAQEL
+BQAwIzEhMB8GA1UEAwwYY2Etbm8ta2V5VXNhZ2UtZXh0ZW5zaW9uMCIYDzIwMjEx
+MTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCIxIDAeBgNVBAMMF2VlLWtleUVu
+Y2lwaGVybWVudC1vbmx5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCBSAwDQYJKoZIhvcN
+AQELBQADggEBAJ/fbi3UftOoyyTSyNPq2zRMDDpEkHx7jcmSDB72wVVfiIDD0tYW
+BaI0zVBHa7PtePCWorCc1SR9rzMKRLl4jpKmfBdmFWDKBrzA+Yd6s2eN+G7zQw9R
+CN0BTou7vHPqAdVeT8e0XhQPBB4IyPw0Zk/8KO3kin5g5Dyf2Eaqc1CY63PzS0F7
+U9MAGwHo8o1ikA6gdKM/vi282sd2Nqa/HaYR4TXgFOCe3zzkq1DKAm+26lfWznmO
+L2KINdoqRhtEEc69NAsoJa5xKXm5+aemk5YNA5JpUH3NgACaUomIseU1JwSgJauk
+3BreCw1pwCuWG/ArNgCkMG4bNJA7I5nc49E=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 0000000000..a2383ecfdd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem
new file mode 100644
index 0000000000..3c8fd4266e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAbOgAwIBAgIUE3y2+REalJVr9BJgRHvD/0X6kggwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1uby1rZXlVc2FnZS1leHRl
+bnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAH710Q5yUWJdwRYPAucysm6E
+cJtzX5CD2fs8pJkKtFY4CTofI7rKdU+dIuTsfX/xrnIhdknMAit8kbkQzRsyk0c3
+Am1qgD8pBbrBtNkzHD1cWvNIQGuntI8+4CWqSNkgFtDEmhNH4N3gr4I7ozNfeZKy
+vaZQCqrDpZ6hJdrFbkKeuivZisCXT6OMkhCtJmUz1g2Vlzq1JD5Jffj6nz5u88+G
+gYQ8oJ//R3+AkYmdbF1SzL3XAGFKgJ752UowrCVRTWhe7jj7qqgjMTLwHd7WbRfW
+eyPcDf8l8Fx40I8W4mv7SYArfYpSBohHHMA2ajD2ZglVmkYweK8vO3V3as62lXw=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec
new file mode 100644
index 0000000000..6d2e672961
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-all-usages
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem
new file mode 100644
index 0000000000..ca06b96af7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAbygAwIBAgIUN3Gtxz6p1g5APefpvRImgppez0gwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWY2EtbWlzc2luZy1rZXlDZXJ0U2lnbjAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1uby1rZXlV
+c2FnZS1leHRlbnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJ5tsZ2pBNLa
+SQyu952+mbY0McHswPvp34q9ihKtUAaZiwusSnVDGP09FTzu6ejRO857Mjqk4oCf
+C77FyXsWhAVSEqZyYeKwn+UZyZONA3ZY6plx5rpn5CFVZleh5G0TC6eAVmUcJ13J
+x2mmhgPyU2LvHxIRFOaWhTJ9r0qikIDr+96Vti6qDdBeroKuSi2eWUKyofwgV3zK
+FsXauOjGzzLZT3va4c0NUdC4+/qppAoC6ejma0iqj3A1gm00DnYU3GMsBXtSSHAH
+iZGsbtiuZtCZXxgf2os0NLl5demKOcOzKAHs1No2KwVcxonE6t5uqbKsQFbC47x+
+mT2WDtwpQSo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 0000000000..3cba2f0d81
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-missing-keyCertSign
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem
new file mode 100644
index 0000000000..c667430b40
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1jCCAb6gAwIBAgIUcUkpEkAlszLM+q9hdNYNVNbjhhQwDQYJKoZIhvcNAQEL
+BQAwIzEhMB8GA1UEAwwYY2Etbm8ta2V5VXNhZ2UtZXh0ZW5zaW9uMCIYDzIwMjEx
+MTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCMxITAfBgNVBAMMGGVlLW5vLWtl
+eVVzYWdlLWV4dGVuc2lvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcX+eZ5QZ
+2ji/0gf+sLsw5M/OGw6LMqCKUd5X36XybPCbY1xx8D9Z9dGMV1kzq5TkCSpLOg6f
+1qBqUCIQa/Cpeg1ScHJC9zgmo9XFIniX2ZhiT0o33dDXvTn7l6AuKA4hicbdTcx2
+aGI2MoNpIFINwrNnr6gKQMrBUCBPkWYuCOANqhH8jV9BYgVvYuqK1ecmll5/Cgxp
+ikQ6dzmpUHXFgN46UokyFfaudvt/PVqnukiYfjarKltAH5sfFjCQzrkXrK4QjWUW
+vjd2AJSsxJb6N3wQgfjEI2WTxLfr2DzhNSFB/SdB2tOcJTxIaIkHbS65aimhNXOx
+mppJ0lp9HXjpeg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 0000000000..c850725a63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_override_read.js b/security/manager/ssl/tests/unit/test_cert_override_read.js
new file mode 100644
index 0000000000..800f82872d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_override_read.js
@@ -0,0 +1,188 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test checks parsing of the the certificate override file
+
+function run_test() {
+  // These are hard-coded to avoid initialization of NSS before setup is complete
+  // bad_certs/mitm.pem
+  let cert1 = {
+    sha256Fingerprint:
+      "E9:3A:91:F6:15:11:FB:DD:02:76:DD:45:8C:4B:F4:9B:D1:14:13:91:2E:96:4B:EC:D2:4F:90:D5:F4:BB:29:5C",
+  };
+  // bad_certs/selfsigned.pem
+  let cert2 = {
+    sha256Fingerprint:
+      "51:BC:41:90:C1:FD:6E:73:18:19:B0:60:08:DD:A3:3D:59:B2:5B:FB:D0:3D:DD:89:19:A5:BB:C6:2B:5A:72:A7",
+  };
+  // bad_certs/noValidNames.pem
+  let cert3 = {
+    sha256Fingerprint:
+      "C3:A3:61:02:CA:64:CC:EC:45:1D:24:B6:A0:69:DB:DB:F0:D8:58:76:FC:50:36:52:5A:E8:40:4C:55:72:08:F4",
+  };
+
+  let profileDir = do_get_profile();
+  let overrideFile = profileDir.clone();
+  overrideFile.append(CERT_OVERRIDE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!overrideFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(overrideFile);
+  let lines = [
+    "# PSM Certificate Override Settings file",
+    "# This is a generated file!  Do not edit.",
+    "test.example.com:443:^privateBrowsingId=1\tOID.2.16.840.1.101.3.4.2.1\t" +
+      cert1.sha256Fingerprint +
+      "\t",
+    "test.example.com:443:^privateBrowsingId=2\tOID.2.16.840.1.101.3.4.2.1\t" +
+      cert1.sha256Fingerprint +
+      "\t",
+    "test.example.com:443:^privateBrowsingId=3\tOID.2.16.840.1.101.3.4.2.1\t" + // includes bits and dbKey (now obsolete)
+      cert1.sha256Fingerprint +
+      "\tM\t" +
+      "AAAAAAAAAAAAAAACAAAAFjA5MBQxEjAQBgNVBAMMCWxvY2FsaG9zdA==",
+    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" +
+      cert2.sha256Fingerprint +
+      "\t",
+    "[::1]:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // IPv6
+      cert2.sha256Fingerprint +
+      "\t",
+    "old.example.com:443\tOID.2.16.840.1.101.3.4.2.1\t" + // missing attributes (defaulted)
+      cert1.sha256Fingerprint +
+      "\t",
+    ":443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing host name
+      cert3.sha256Fingerprint +
+      "\t",
+    "example.com::\tOID.2.16.840.1.101.3.4.2.1\t" + // missing port
+      cert3.sha256Fingerprint +
+      "\t",
+    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // wrong fingerprint
+      cert2.sha256Fingerprint +
+      "\t",
+    "example.com:443:\tOID.0.00.000.0.000.0.0.0.0\t" + // bad OID
+      cert3.sha256Fingerprint +
+      "\t",
+    "example.com:443:\t.0.0.0.0\t" + // malformed OID
+      cert3.sha256Fingerprint +
+      "\t",
+    "example.com:443:\t\t" + // missing OID
+      cert3.sha256Fingerprint +
+      "\t",
+    "example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t", // missing fingerprint
+  ];
+  writeLinesAndClose(lines, outputStream);
+  let overrideService = Cc["@mozilla.org/security/certoverride;1"].getService(
+    Ci.nsICertOverrideService
+  );
+  notEqual(overrideService, null);
+
+  // Now that the override service is initialized we can actually read the certificates
+  cert1 = constructCertFromFile("bad_certs/mitm.pem");
+  info(
+    `if this test fails, try updating cert1.sha256Fingerprint to "${cert1.sha256Fingerprint}"`
+  );
+  cert2 = constructCertFromFile("bad_certs/selfsigned.pem");
+  info(
+    `if this test fails, try updating cert2.sha256Fingerprint to "${cert2.sha256Fingerprint}"`
+  );
+  cert3 = constructCertFromFile("bad_certs/noValidNames.pem");
+  info(
+    `if this test fails, try updating cert3.sha256Fingerprint to "${cert3.sha256Fingerprint}"`
+  );
+
+  const OVERRIDES = [
+    {
+      host: "test.example.com",
+      port: 443,
+      cert: cert1,
+      attributes: { privateBrowsingId: 1 },
+    },
+    {
+      host: "test.example.com",
+      port: 443,
+      cert: cert1,
+      attributes: { privateBrowsingId: 2 },
+    },
+    {
+      host: "test.example.com",
+      port: 443,
+      cert: cert1,
+      attributes: { privateBrowsingId: 3 },
+    },
+    {
+      host: "example.com",
+      port: 443,
+      cert: cert2,
+      attributes: {},
+    },
+    {
+      host: "::1",
+      port: 443,
+      cert: cert2,
+      attributes: {},
+    },
+    {
+      host: "example.com",
+      port: 443,
+      cert: cert2,
+      attributes: { userContextId: 1 }, // only privateBrowsingId is used
+    },
+    {
+      host: "old.example.com",
+      port: 443,
+      cert: cert1,
+      attributes: {},
+    },
+  ];
+  const BAD_OVERRIDES = [
+    {
+      host: "test.example.com",
+      port: 443,
+      cert: cert1,
+      attributes: { privateBrowsingId: 4 }, // wrong attributes
+    },
+    {
+      host: "test.example.com",
+      port: 443,
+      cert: cert3, // wrong certificate
+      attributes: { privateBrowsingId: 1 },
+    },
+    {
+      host: "example.com",
+      port: 443,
+      cert: cert3,
+      attributes: {},
+    },
+  ];
+
+  for (let override of OVERRIDES) {
+    let temp = {};
+    ok(
+      overrideService.hasMatchingOverride(
+        override.host,
+        override.port,
+        override.attributes,
+        override.cert,
+        temp
+      ),
+      `${JSON.stringify(override)} should have an override`
+    );
+    equal(temp.value, false);
+  }
+
+  for (let override of BAD_OVERRIDES) {
+    let temp = {};
+    ok(
+      !overrideService.hasMatchingOverride(
+        override.host,
+        override.port,
+        override.attributes,
+        override.cert,
+        temp
+      ),
+      `${override} should not have an override`
+    );
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_overrides.js b/security/manager/ssl/tests/unit/test_cert_overrides.js
new file mode 100644
index 0000000000..7ae45b7ef2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -0,0 +1,734 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests the certificate overrides we allow.
+// add_cert_override_test will queue a test that does the following:
+// 1. Attempt to connect to the given host. This should fail with the
+//    given error.
+// 2. Add an override for that host/port/certificate.
+// 3. Connect again. This should succeed.
+
+do_get_profile();
+
+function check_telemetry() {
+  let histogram = Services.telemetry
+    .getHistogramById("SSL_CERT_ERROR_OVERRIDES")
+    .snapshot();
+  equal(histogram.values[0], 0, "Should have 0 unclassified values");
+  equal(
+    histogram.values[2],
+    9,
+    "Actual and expected SEC_ERROR_UNKNOWN_ISSUER values should match"
+  );
+  equal(
+    histogram.values[3],
+    1,
+    "Actual and expected SEC_ERROR_CA_CERT_INVALID values should match"
+  );
+  equal(
+    histogram.values[4] || 0,
+    0,
+    "Actual and expected SEC_ERROR_UNTRUSTED_ISSUER values should match"
+  );
+  equal(
+    histogram.values[5],
+    1,
+    "Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE values should match"
+  );
+  equal(
+    histogram.values[6] || 0,
+    0,
+    "Actual and expected SEC_ERROR_UNTRUSTED_CERT values should match"
+  );
+  equal(
+    histogram.values[7] || 0,
+    0,
+    "Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE values should match"
+  );
+  equal(
+    histogram.values[8],
+    2,
+    "Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED values should match"
+  );
+  equal(
+    histogram.values[9],
+    9,
+    "Actual and expected SSL_ERROR_BAD_CERT_DOMAIN values should match"
+  );
+  equal(
+    histogram.values[10],
+    1,
+    "Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE values should match"
+  );
+  equal(
+    histogram.values[11],
+    2,
+    "Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY values should match"
+  );
+  equal(
+    histogram.values[12],
+    1,
+    "Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA values should match"
+  );
+  equal(
+    histogram.values[13],
+    1,
+    "Actual and expected MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE values should match"
+  );
+  equal(
+    histogram.values[14],
+    1,
+    "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE values should match"
+  );
+  equal(
+    histogram.values[15],
+    1,
+    "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE values should match"
+  );
+  equal(
+    histogram.values[16],
+    2,
+    "Actual and expected SEC_ERROR_INVALID_TIME values should match"
+  );
+  equal(
+    histogram.values[17],
+    1,
+    "Actual and expected MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME values should match"
+  );
+  equal(
+    histogram.values[19],
+    4,
+    "Actual and expected MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT values should match"
+  );
+  equal(
+    histogram.values[20],
+    1,
+    "Actual and expected MOZILLA_PKIX_ERROR_MITM_DETECTED values should match"
+  );
+
+  let keySizeHistogram = Services.telemetry
+    .getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS")
+    .snapshot();
+  equal(
+    keySizeHistogram.values[0],
+    0,
+    "Actual and expected unchecked key size values should match"
+  );
+  equal(
+    keySizeHistogram.values[1],
+    16,
+    "Actual and expected successful verifications of 2048-bit keys should match"
+  );
+  equal(
+    keySizeHistogram.values[2] || 0,
+    0,
+    "Actual and expected successful verifications of 1024-bit keys should match"
+  );
+  equal(
+    keySizeHistogram.values[3],
+    70,
+    "Actual and expected verification failures unrelated to key size should match"
+  );
+
+  run_next_test();
+}
+
+// Internally, specifying "port" -1 is the same as port 443. This tests that.
+function run_port_equivalency_test(inPort, outPort) {
+  Assert.ok(
+    (inPort == 443 && outPort == -1) || (inPort == -1 && outPort == 443),
+    "The two specified ports must be -1 and 443 (in any order)"
+  );
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  let cert = constructCertFromFile("bad_certs/default-ee.pem");
+  let expectedTemporary = true;
+  certOverrideService.rememberValidityOverride(
+    "example.com",
+    inPort,
+    {},
+    cert,
+    expectedTemporary
+  );
+  let actualTemporary = {};
+  Assert.ok(
+    certOverrideService.hasMatchingOverride(
+      "example.com",
+      outPort,
+      {},
+      cert,
+      actualTemporary
+    ),
+    `override set on port ${inPort} should match port ${outPort}`
+  );
+  equal(
+    actualTemporary.value,
+    expectedTemporary,
+    "input override temporary value should match output temporary value"
+  );
+  Assert.ok(
+    !certOverrideService.hasMatchingOverride("example.com", 563, {}, cert, {}),
+    `override set on port ${inPort} should not match port 563`
+  );
+  certOverrideService.clearValidityOverride("example.com", inPort, {});
+  Assert.ok(
+    !certOverrideService.hasMatchingOverride(
+      "example.com",
+      outPort,
+      {},
+      cert,
+      {}
+    ),
+    `override cleared on port ${inPort} should match port ${outPort}`
+  );
+}
+
+function run_test() {
+  run_port_equivalency_test(-1, 443);
+  run_port_equivalency_test(443, -1);
+
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_simple_tests();
+  add_localhost_tests();
+  add_combo_tests();
+  add_distrust_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(check_telemetry);
+  });
+
+  run_next_test();
+}
+
+function add_simple_tests() {
+  add_cert_override_test("expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE);
+  add_cert_override_test(
+    "notyetvalid.example.com",
+    MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE
+  );
+  add_cert_override_test("before-epoch.example.com", SEC_ERROR_INVALID_TIME);
+  add_cert_override_test(
+    "before-epoch-self-signed.example.com",
+    MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
+  );
+  add_cert_override_test(
+    "selfsigned.example.com",
+    MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
+  );
+  add_cert_override_test("unknownissuer.example.com", SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test(
+    "expiredissuer.example.com",
+    SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
+  );
+  add_cert_override_test(
+    "notyetvalidissuer.example.com",
+    MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE
+  );
+  add_cert_override_test(
+    "before-epoch-issuer.example.com",
+    SEC_ERROR_INVALID_TIME
+  );
+  add_cert_override_test(
+    "md5signature.example.com",
+    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
+  );
+  add_cert_override_test(
+    "emptyissuername.example.com",
+    MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME
+  );
+  // This has name information in the subject alternative names extension,
+  // but not the subject common name.
+  add_cert_override_test("mismatch.example.com", SSL_ERROR_BAD_CERT_DOMAIN);
+  // This has name information in the subject common name but not the subject
+  // alternative names extension.
+  add_cert_override_test("mismatch-CN.example.com", SSL_ERROR_BAD_CERT_DOMAIN);
+
+  // A Microsoft IIS utility generates self-signed certificates with
+  // properties similar to the one this "host" will present.
+  add_cert_override_test(
+    "selfsigned-inadequateEKU.example.com",
+    MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
+  );
+
+  add_prevented_cert_override_test(
+    "inadequatekeyusage.example.com",
+    SEC_ERROR_INADEQUATE_KEY_USAGE
+  );
+
+  // Test triggering the MitM detection. We don't set-up a proxy here. Just
+  // set the pref. Without the pref set we expect an unkown issuer error.
+  add_cert_override_test("mitm.example.com", SEC_ERROR_UNKNOWN_ISSUER);
+  add_test(function () {
+    Services.prefs.setStringPref(
+      "security.pki.mitm_canary_issuer",
+      "CN=Test MITM Root"
+    );
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride("mitm.example.com", 8443, {});
+    run_next_test();
+  });
+  add_cert_override_test("mitm.example.com", MOZILLA_PKIX_ERROR_MITM_DETECTED);
+  add_test(function () {
+    Services.prefs.setStringPref(
+      "security.pki.mitm_canary_issuer",
+      "CN=Other MITM Root"
+    );
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride("mitm.example.com", 8443, {});
+    run_next_test();
+  });
+  // If the canary issuer doesn't match the one we see, we exepct and unknown
+  // issuer error.
+  add_cert_override_test("mitm.example.com", SEC_ERROR_UNKNOWN_ISSUER);
+  // If security.pki.mitm_canary_issuer.enabled is false, there should always
+  // be an unknown issuer error.
+  add_test(function () {
+    Services.prefs.setBoolPref(
+      "security.pki.mitm_canary_issuer.enabled",
+      false
+    );
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride("mitm.example.com", 8443, {});
+    run_next_test();
+  });
+  add_cert_override_test("mitm.example.com", SEC_ERROR_UNKNOWN_ISSUER);
+  add_test(function () {
+    Services.prefs.clearUserPref("security.pki.mitm_canary_issuer");
+    run_next_test();
+  });
+
+  // This is intended to test the case where a verification has failed for one
+  // overridable reason (e.g. unknown issuer) but then, in the process of
+  // reporting that error, a non-overridable error is encountered. The
+  // non-overridable error should be prioritized.
+  add_test(function () {
+    let rootCert = constructCertFromFile("bad_certs/test-ca.pem");
+    setCertTrust(rootCert, ",,");
+    run_next_test();
+  });
+  add_prevented_cert_override_test(
+    "nsCertTypeCritical.example.com",
+    SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION
+  );
+  add_test(function () {
+    let rootCert = constructCertFromFile("bad_certs/test-ca.pem");
+    setCertTrust(rootCert, "CTu,,");
+    run_next_test();
+  });
+
+  // Bug 990603: Apache documentation has recommended generating a self-signed
+  // test certificate with basic constraints: CA:true. For compatibility, this
+  // is a scenario in which an override is allowed.
+  add_cert_override_test(
+    "self-signed-end-entity-with-cA-true.example.com",
+    MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
+  );
+
+  add_cert_override_test(
+    "ca-used-as-end-entity.example.com",
+    MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
+  );
+
+  // If an X.509 version 1 certificate is not a trust anchor, we will
+  // encounter an overridable error.
+  add_cert_override_test(
+    "end-entity-issued-by-v1-cert.example.com",
+    MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA
+  );
+  // If we make that certificate a trust anchor, the connection will succeed.
+  add_test(function () {
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride(
+      "end-entity-issued-by-v1-cert.example.com",
+      8443,
+      {}
+    );
+    let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem");
+    setCertTrust(v1Cert, "CTu,,");
+    clearSessionCache();
+    run_next_test();
+  });
+  add_connection_test(
+    "end-entity-issued-by-v1-cert.example.com",
+    PRErrorCodeSuccess
+  );
+  // Reset the trust for that certificate.
+  add_test(function () {
+    let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem");
+    setCertTrust(v1Cert, ",,");
+    clearSessionCache();
+    run_next_test();
+  });
+
+  // Due to compatibility issues, we allow overrides for certificates issued by
+  // certificates that are not valid CAs.
+  add_cert_override_test(
+    "end-entity-issued-by-non-CA.example.com",
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  // This host presents a 1016-bit RSA key.
+  add_cert_override_test(
+    "inadequate-key-size-ee.example.com",
+    MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE
+  );
+
+  add_cert_override_test(
+    "ipAddressAsDNSNameInSAN.example.com",
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  add_cert_override_test("noValidNames.example.com", SSL_ERROR_BAD_CERT_DOMAIN);
+  add_cert_override_test(
+    "badSubjectAltNames.example.com",
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+
+  add_cert_override_test(
+    "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_test(function () {
+    // At this point, the override for bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
+    // is still valid. Do some additional tests relating to IDN handling.
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    let uri = Services.io.newURI(
+      "https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp"
+    );
+    let cert = constructCertFromFile("bad_certs/idn-certificate.pem");
+    Assert.ok(
+      certOverrideService.hasMatchingOverride(
+        uri.asciiHost,
+        8443,
+        {},
+        cert,
+        {}
+      ),
+      "IDN certificate should have matching override using ascii host"
+    );
+    Assert.throws(
+      () =>
+        !certOverrideService.hasMatchingOverride(
+          uri.displayHost,
+          8443,
+          {},
+          cert,
+          {}
+        ),
+      /NS_ERROR_ILLEGAL_VALUE/,
+      "IDN certificate should not have matching override using (non-ascii) host"
+    );
+    let invalidHost = uri.asciiHost.replace(/./g, c =>
+      String.fromCharCode(c.charCodeAt(0) | 0x100)
+    );
+    Assert.throws(
+      () =>
+        !certOverrideService.hasMatchingOverride(
+          invalidHost,
+          8443,
+          {},
+          cert,
+          {}
+        ),
+      /NS_ERROR_ILLEGAL_VALUE/,
+      "hasMatchingOverride should not truncate high-bytes"
+    );
+    run_next_test();
+  });
+
+  add_test(function () {
+    // Add a bunch of overrides...
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    let cert = constructCertFromFile("bad_certs/default-ee.pem");
+    certOverrideService.rememberValidityOverride(
+      "example.com",
+      443,
+      {},
+      cert,
+      false
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride("example.com", 443, {}, cert, {}),
+      "Should have added override for example.com:443"
+    );
+    certOverrideService.rememberValidityOverride(
+      "example.com",
+      80,
+      {},
+      cert,
+      false
+    );
+    certOverrideService.rememberValidityOverride("::1", 80, {}, cert, false);
+    Assert.ok(
+      certOverrideService.hasMatchingOverride("example.com", 80, {}, cert, {}),
+      "Should have added override for example.com:80"
+    );
+    certOverrideService.rememberValidityOverride(
+      "example.org",
+      443,
+      {},
+      cert,
+      false
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride("example.org", 443, {}, cert, {}),
+      "Should have added override for example.org:443"
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride("::1", 80, {}, cert, {}),
+      "Should have added override for [::1]:80"
+    );
+    // When in a private browsing context, overrides added in non-private
+    // contexts should match (but not vice-versa).
+    Assert.ok(
+      certOverrideService.hasMatchingOverride(
+        "example.org",
+        443,
+        { privateBrowsingId: 1 },
+        cert,
+        {}
+      ),
+      "Should have override for example.org:443 with privateBrowsingId 1"
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride(
+        "example.org",
+        443,
+        { privateBrowsingId: 2 },
+        cert,
+        {}
+      ),
+      "Should have override for example.org:443 with privateBrowsingId 2"
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride(
+        "example.org",
+        443,
+        { firstPartyDomain: "example.org", userContextId: 1 },
+        cert,
+        {}
+      ),
+      "Should ignore firstPartyDomain and userContextId when checking overrides"
+    );
+    certOverrideService.rememberValidityOverride(
+      "example.org",
+      80,
+      {},
+      cert,
+      true
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride("example.org", 80, {}, cert, {}),
+      "Should have added override for example.org:80"
+    );
+    certOverrideService.rememberValidityOverride(
+      "test.example.org",
+      443,
+      { firstPartyDomain: "example.org", userContextId: 1 },
+      cert,
+      false
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride(
+        "test.example.org",
+        443,
+        {},
+        cert,
+        {}
+      ),
+      "Should ignore firstPartyDomain and userContextId when adding overrides"
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride(
+        "test.example.org",
+        443,
+        { firstPartyDomain: "example.com", userContextId: 2 },
+        cert,
+        {}
+      ),
+      "Should ignore firstPartyDomain and userContextId when checking overrides"
+    );
+    certOverrideService.rememberValidityOverride(
+      "example.test",
+      443,
+      { privateBrowsingId: 1 },
+      cert,
+      false
+    );
+    Assert.ok(
+      certOverrideService.hasMatchingOverride(
+        "example.test",
+        443,
+        { privateBrowsingId: 1 },
+        cert,
+        {}
+      ),
+      "Should have added override for example.test:443 with privateBrowsingId 1"
+    );
+    Assert.ok(
+      !certOverrideService.hasMatchingOverride(
+        "example.test",
+        443,
+        { privateBrowsingId: 2 },
+        cert,
+        {}
+      ),
+      "Should not have override for example.test:443 with privateBrowsingId 2"
+    );
+    Assert.ok(
+      !certOverrideService.hasMatchingOverride(
+        "example.test",
+        443,
+        {},
+        cert,
+        {}
+      ),
+      "Should not have override for example.test:443 with non-private OriginAttributes"
+    );
+    // Clear them all...
+    certOverrideService.clearAllOverrides();
+
+    // And ensure they're all gone.
+    Assert.ok(
+      !certOverrideService.hasMatchingOverride(
+        "example.com",
+        443,
+        {},
+        cert,
+        {}
+      ),
+      "Should have removed override for example.com:443"
+    );
+    Assert.ok(
+      !certOverrideService.hasMatchingOverride("example.com", 80, {}, cert, {}),
+      "Should have removed override for example.com:80"
+    );
+    Assert.ok(
+      !certOverrideService.hasMatchingOverride(
+        "example.org",
+        443,
+        {},
+        cert,
+        {}
+      ),
+      "Should have removed override for example.org:443"
+    );
+    Assert.ok(
+      !certOverrideService.hasMatchingOverride("example.org", 80, {}, cert, {}),
+      "Should have removed override for example.org:80"
+    );
+    Assert.ok(
+      !certOverrideService.hasMatchingOverride(
+        "example.org",
+        443,
+        { privateBrowsingId: 1 },
+        cert,
+        {}
+      ),
+      "Should have removed override for example.org:443 with privateBrowsingId 1"
+    );
+
+    run_next_test();
+  });
+}
+
+function add_localhost_tests() {
+  add_cert_override_test("localhost", SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("127.0.0.1", SSL_ERROR_BAD_CERT_DOMAIN);
+  add_cert_override_test("::1", SSL_ERROR_BAD_CERT_DOMAIN);
+}
+
+function add_combo_tests() {
+  add_cert_override_test(
+    "mismatch-expired.example.com",
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  add_cert_override_test(
+    "mismatch-notYetValid.example.com",
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  add_cert_override_test(
+    "mismatch-untrusted.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_cert_override_test(
+    "untrusted-expired.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_cert_override_test(
+    "mismatch-untrusted-expired.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+
+  add_cert_override_test(
+    "md5signature-expired.example.com",
+    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
+  );
+
+  add_cert_override_test(
+    "ca-used-as-end-entity-name-mismatch.example.com",
+    MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
+  );
+}
+
+function add_distrust_tests() {
+  // Before we specifically distrust this certificate, it should be trusted.
+  add_connection_test("untrusted.example.com", PRErrorCodeSuccess);
+
+  add_distrust_test(
+    "bad_certs/default-ee.pem",
+    "untrusted.example.com",
+    SEC_ERROR_UNTRUSTED_CERT
+  );
+
+  add_distrust_test(
+    "bad_certs/other-test-ca.pem",
+    "untrustedissuer.example.com",
+    SEC_ERROR_UNTRUSTED_ISSUER
+  );
+
+  add_distrust_test(
+    "bad_certs/test-ca.pem",
+    "ca-used-as-end-entity.example.com",
+    SEC_ERROR_UNTRUSTED_ISSUER
+  );
+}
+
+function add_distrust_test(certFileName, hostName, expectedResult) {
+  let certToDistrust = constructCertFromFile(certFileName);
+
+  add_test(function () {
+    // Add an entry to the NSS certDB that says to distrust the cert
+    setCertTrust(certToDistrust, "pu,,");
+    clearSessionCache();
+    run_next_test();
+  });
+  add_prevented_cert_override_test(hostName, expectedResult);
+  add_test(function () {
+    setCertTrust(certToDistrust, "u,,");
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js b/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js
new file mode 100644
index 0000000000..1d2c2c1727
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js
@@ -0,0 +1,94 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests that permanent certificate error overrides can be added even if the
+// certificate/key databases are in read-only mode.
+
+// Helper function for add_read_only_cert_override_test. Probably doesn't need
+// to be called directly.
+function add_read_only_cert_override(aHost, aSecurityInfo) {
+  let cert = aSecurityInfo.serverCert;
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  // Setting the last argument to false here ensures that we attempt to store a
+  // permanent override (which is what was failing in bug 1427273).
+  certOverrideService.rememberValidityOverride(aHost, 8443, {}, cert, false);
+}
+
+// Given a host and an expected error code, tests that an initial connection to
+// the host fails with the expected errors and that adding an override results
+// in a subsequent connection succeeding.
+function add_read_only_cert_override_test(aHost, aExpectedError) {
+  add_connection_test(
+    aHost,
+    aExpectedError,
+    null,
+    add_read_only_cert_override.bind(this, aHost)
+  );
+  add_connection_test(aHost, PRErrorCodeSuccess, null, aSecurityInfo => {
+    Assert.ok(
+      aSecurityInfo.securityState &
+        Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+      "Cert override flag should be set on the security state"
+    );
+  });
+}
+
+function run_test() {
+  let profile = do_get_profile();
+  const KEY_DB_NAME = "key4.db";
+  const CERT_DB_NAME = "cert9.db";
+  let srcKeyDBFile = do_get_file(
+    `test_cert_overrides_read_only/${KEY_DB_NAME}`
+  );
+  srcKeyDBFile.copyTo(profile, KEY_DB_NAME);
+  let srcCertDBFile = do_get_file(
+    `test_cert_overrides_read_only/${CERT_DB_NAME}`
+  );
+  srcCertDBFile.copyTo(profile, CERT_DB_NAME);
+
+  // set the databases to read-only
+  let keyDBFile = do_get_profile();
+  keyDBFile.append(KEY_DB_NAME);
+  keyDBFile.permissions = 0o400;
+  let certDBFile = do_get_profile();
+  certDBFile.append(CERT_DB_NAME);
+  certDBFile.permissions = 0o400;
+
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  // Specifying false as the last argument means we don't try to add the default
+  // test root CA (which would fail).
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs", false);
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  // Since we can't add the root CA to the (read-only) trust db, all of these
+  // will result in an "unknown issuer error" and need the "untrusted" error bit
+  // set in addition to whatever other specific error bits are necessary.
+  add_read_only_cert_override_test(
+    "expired.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_read_only_cert_override_test(
+    "selfsigned.example.com",
+    MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
+  );
+  add_read_only_cert_override_test(
+    "mismatch.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+
+  add_test(function () {
+    fakeOCSPResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_overrides_read_only/cert9.db b/security/manager/ssl/tests/unit/test_cert_overrides_read_only/cert9.db
new file mode 100644
index 0000000000..3d452f335c
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_overrides_read_only/cert9.db differ
diff --git a/security/manager/ssl/tests/unit/test_cert_overrides_read_only/key4.db b/security/manager/ssl/tests/unit/test_cert_overrides_read_only/key4.db
new file mode 100644
index 0000000000..44d0cb1728
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_overrides_read_only/key4.db differ
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1.js b/security/manager/ssl/tests/unit/test_cert_sha1.js
new file mode 100644
index 0000000000..f0a95bcd61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1.js
@@ -0,0 +1,53 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests the rejection of SHA-1 certificates.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+// (new Date("2016-03-01")).getTime() / 1000
+const VALIDATION_TIME = 1456790400;
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_cert_sha1/" + certName + ".pem");
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  return checkCertErrorGenericAtTime(
+    certdb,
+    cert,
+    expectedResult,
+    certificateUsageSSLServer,
+    VALIDATION_TIME
+  );
+}
+
+add_task(async function () {
+  loadCertWithTrust("ca", "CTu,,");
+  loadCertWithTrust("int-pre", ",,");
+  loadCertWithTrust("int-post", ",,");
+
+  await checkEndEntity(
+    certFromFile("ee-pre_int-pre"),
+    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
+  );
+  await checkEndEntity(
+    certFromFile("ee-post_int-pre"),
+    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
+  );
+  await checkEndEntity(
+    certFromFile("ee-post_int-post"),
+    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem
new file mode 100644
index 0000000000..60140056de
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUUbC4F7yPobFDd+B73iWKejQ3THkwDQYJKoZIhvcNAQEF
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCU+Y0AeMXFIfX4/L2aX37uSR70
+pGpPrh0FPOwBO2ETUc4j7Whol9wOSPnUwuPIpiDhar5qRuhY6aCPGTIJbRZrVeXv
+T5uFQXq+3CQdIyI55AkFDh9tO7wX7p3pRgzma47mBxIH082Uwy7+eEeQfhuJ5cU4
+e/zyHf6FEdkSrDjgwDip+dn8Q7tnjdaN3WYQjOFRXkHyYCIFkORDPTbYSYZ6DAqq
+Q/loKTdrcbyeEwFVBZxQu4Nb6mjhkfk8U+8TIGMCTQXhoQhgMWMeMo2E0kWvYbjc
+YDiRzmnsdvPu2LKnTvH28M9ODi3ZzcOuLs6jAKAiXISq0CbmwaddV/oAMoF2
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec
new file mode 100644
index 0000000000..7e65e9ee30
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:ca
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem
new file mode 100644
index 0000000000..8fb93e69e3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ2gAwIBAgIUJWQl8gkrLL7gPn47YYMdN7qBP5wwDQYJKoZIhvcNAQEF
+BQAwEzERMA8GA1UEAwwIaW50LXBvc3QwIhgPMjAxNjAxMDIwMDAwMDBaGA8yMDE3
+MDIwMTAwMDAwMFowEjEQMA4GA1UEAwwHZWUtcG9zdDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0B
+AQUFAAOCAQEAVOPvLS8zwos/RdClnabdxMh5g1WN5T1BsIMExE6oU6sJ7n4HyIXt
+RnFTFe0t2CdXBCQPK6qG8ymeLQFNKykYlQxVZb8m5YgUK3k4IeMS/EoX4g7taREI
+IwK9/n7+oKZYlz2Q/ro/R2HFmLXsCIUrsxV3vAWQCm8rSeCKzEVNlDaQ5FEMVAM7
+VlNhNNKtUnXkzZ3SRj6O4eOq3G4azr5DNo5kAQPaIbAI3k/3AHyPqIjHcoSiG1Ug
+aqzIK6fNNCIAxIKAY2ERJfxA4fPlBZXono2sCOgCdFfF7QAo+o9SO8v3B+djuHgb
+flbfdyEnN+y32UpYe3qV8LnFmRqGAe/vbQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec
new file mode 100644
index 0000000000..76834f8447
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-post
+subject:ee-post
+validity:20160102-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem
new file mode 100644
index 0000000000..2385322a64
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIUIVsTCuql4BDO2r4O5zePBEoHg3QwDQYJKoZIhvcNAQEF
+BQAwEjEQMA4GA1UEAwwHaW50LXByZTAiGA8yMDE2MDEwMTAwMDAwMFoYDzIwMTcw
+MjAxMDAwMDAwWjASMRAwDgYDVQQDDAdlZS1wb3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqGSIb3DQEB
+BQUAA4IBAQCW5zeJg+LzGn07GtdBprRLarL7aLNFSr+s+3yzphq9kN43prElX6eD
+gdggPWicZozTm3IFLfJfsuhiodBZjWmkF/dsvvT3W77AcKzNWjShCnnA/Vf5IF6k
+U01ROfjmgcX0mMuhVUB7b9Fl6G5DFxJgny2jYehZcJIzWUBLiwu41TIxj5Cv5F9p
++XIHEyygqm8rYzbW8F49FRbsDD9nvhmdVqXsoTaKxY8bsKKu1EpBSBXozRbLKcAn
+/zrLy0HHS4qfXTHm0UKt+RCYVylL5I5YGR6rapXHChkBTBHFXdkPVsW5uHKBdBqY
+98zoAAMWRvJ3xOuqAbtKG6DKadiOpz6l
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec
new file mode 100644
index 0000000000..1e8bb35b34
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-pre
+subject:ee-post
+validity:20160101-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem
new file mode 100644
index 0000000000..11a5e41e99
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUOU+CyYnf3GRRgGHvbeJB8HTUvJ4wDQYJKoZIhvcNAQEF
+BQAwEjEQMA4GA1UEAwwHaW50LXByZTAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMTcw
+MjAxMDAwMDAwWjARMQ8wDQYDVQQDDAZlZS1wcmUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEF
+BQADggEBACWLcVnT0nNyU/qFZNDZPGDFPuZCXuodBf3sgz1XDmcp5wlH+IjW3J8H
+3HH6ZwIUpTtppqVxuvo2y9GP+GNyeXhxmokHTVdKDj8HqYl5lV+reO1UmzEH0AU8
+x3hd2Fkzv/h3N3EPVETWuPiFSB0oAN/xwsXC/7Yi4AY0s/I/4q/vkS76Oa2RyL3f
+gbaa80+nR73BX+0wRqyg+Sgo2hOzjkCQchtZPUFYsRLhsHHBnokD8GJlT7NBKSN1
+TFt6uXpfEmqDICoyZoAw6rtnFfdEsZNo+PU6NDN3T0fkolBQPvuzfqcqAl85dpJK
+ow8mFKkb2t6qQH98yabi/172l03/P34=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec
new file mode 100644
index 0000000000..0f4a6ec257
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-pre
+subject:ee-pre
+validity:20150101-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem
new file mode 100644
index 0000000000..94ab4f5b15
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbegAwIBAgIUYQ6xulHM0FrQ0sKMdbPI2ecC3PcwDQYJKoZIhvcNAQEF
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxNjAxMDEwMDAwMDBaGA8yMDI2MDEwMTAw
+MDAwMFowEzERMA8GA1UEAwwIaW50LXBvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIB
+BjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCJN8/XexXMusXYbhVW
+uYA1YpaSTrz96CXlckIuABnzCrGD5iHkfFoB0LPKd+EZ80fdHIvS1zQTYohy6O95
+JageOaTY9HsOEqsgr1BA9VKZW4QlGp7csQzNMa52WRetimv6XY/lrfPf4qAhomWG
+/ImmLJpGTVPhEdz6Pl4Kvmf9zNf/BcXtBTWLSGWUC5UItC58WTopqcr5kLg3DmXB
+Qr7DjqA7DT92N6qefFkTYspDZJzv0nL9OfqkdCj/s6bm3iisTQq3aek6IP6OEkXF
+4TWUF3RDBsyRpG8jt/XsOsrwJDOGZGFPmMTz2uZPsZkeZhU+sfFDWL7wojl7kHV1
+c7f5
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec
new file mode 100644
index 0000000000..50156c9f6e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:int-post
+validity:20160101-20260101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem
new file mode 100644
index 0000000000..0b916d5755
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAgIUYW27TGzVOIbjpG1ADx7m7mZnrNQwDQYJKoZIhvcNAQEF
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDIwMDEwMTAw
+MDAwMFowEjEQMA4GA1UEAwwHaW50LXByZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQDAgEG
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAESNgcKkxBwkaBykKo2Q
+GzgimnI3eNw8O8GrhefL+r3Ek/CH4/oBHGvfvrz6D19uemdOyHxo5QNW2iWEq0No
+pE6Hhm504P1fdkfQvjqjIhu/h3y5QjO3zdMGeVE/39TWAGrGsNFKE+jSxm8IbycF
+Ue6165agasf+PhQdorjFca48iLcowKYs5Df0SAhY7zbw1fM1HTr1YGAXc1K9aCA5
+fTmu8Nd0fNKc1NcbNDpdCG2YEj1nox1iMN5A4nY1ve88zJsnlpfsoJkHJqo2Cy+M
+mpQSnkTlf3Gfpl8NO3UW9FTcnK8L4Ix2DSNBDe8Yg2YL5w/VIxecFwlmwV0wWdg6
+vl0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec
new file mode 100644
index 0000000000..9f0a59ee99
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:int-pre
+validity:20100101-20200101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures.js b/security/manager/ssl/tests/unit/test_cert_signatures.js
new file mode 100644
index 0000000000..73858afe37
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures.js
@@ -0,0 +1,140 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that certificates cannot be tampered with without being detected.
+// Tests a combination of cases: RSA signatures, ECDSA signatures, certificate
+// chains where the intermediate has been tampered with, chains where the
+// end-entity has been tampered, tampering of the signature, and tampering in
+// the rest of the certificate.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+// Reads a PEM-encoded certificate, modifies the nth byte (0-indexed), and
+// returns the base64-encoded bytes of the certificate. Negative indices may be
+// specified to modify a byte from the end of the certificate.
+function readAndTamperWithNthByte(certificatePath, n) {
+  let pem = readFile(do_get_file(certificatePath, false));
+  let der = atob(pemToBase64(pem));
+  if (n < 0) {
+    // remember, n is negative at this point
+    n = der.length + n;
+  }
+  let replacement = "\x22";
+  if (der.charCodeAt(n) == replacement) {
+    replacement = "\x23";
+  }
+  der = der.substring(0, n) + replacement + der.substring(n + 1);
+  return btoa(der);
+}
+
+// The signature on certificates appears last. This should modify the contents
+// of the signature such that it no longer validates correctly while still
+// resulting in a structurally valid certificate.
+const BYTE_IN_SIGNATURE = -8;
+function addSignatureTamperedCertificate(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE);
+  certdb.addCertFromBase64(base64, ",,");
+}
+
+function ensureSignatureVerificationFailure(certificatePath) {
+  let cert = constructCertFromFile(certificatePath);
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    SEC_ERROR_BAD_SIGNATURE,
+    certificateUsageSSLServer
+  );
+}
+
+function tamperWithSignatureAndEnsureVerificationFailure(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE);
+  let cert = certdb.constructX509FromBase64(base64);
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    SEC_ERROR_BAD_SIGNATURE,
+    certificateUsageSSLServer
+  );
+}
+
+// The beginning of a certificate looks like this (in hex, using DER):
+// 30 XX XX XX [the XX encode length - there are probably 3 bytes here]
+//    30 XX XX XX [length again]
+//       A0 03
+//          02 01
+//             02
+//       02 XX [length again - 1 byte as long as we're using pycert]
+//          XX XX ... [serial number - 20 bytes as long as we're using pycert]
+// Since we want to modify the serial number, we need to change something from
+// byte 15 to byte 34 (0-indexed). If it turns out that the two length sections
+// we assumed were 3 bytes are shorter (they can't be longer), modifying
+// something from byte 15 to byte 30 will still get us what we want. Since the
+// serial number is a DER INTEGER and because it must be positive, it's best to
+// skip the first two bytes of the serial number so as to not run into any
+// issues there. Thus byte 17 is a good byte to modify.
+const BYTE_IN_SERIAL_NUMBER = 17;
+function addSerialNumberTamperedCertificate(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SERIAL_NUMBER);
+  certdb.addCertFromBase64(base64, ",,");
+}
+
+function tamperWithSerialNumberAndEnsureVerificationFailure(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SERIAL_NUMBER);
+  let cert = certdb.constructX509FromBase64(base64);
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    SEC_ERROR_BAD_SIGNATURE,
+    certificateUsageSSLServer
+  );
+}
+
+add_task(async function () {
+  addCertFromFile(certdb, "test_cert_signatures/ca-rsa.pem", "CTu,,");
+  addCertFromFile(certdb, "test_cert_signatures/ca-secp384r1.pem", "CTu,,");
+
+  // Tamper with the signatures on intermediate certificates and ensure that
+  // end-entity certificates issued by those intermediates do not validate
+  // successfully.
+  addSignatureTamperedCertificate("test_cert_signatures/int-rsa.pem");
+  addSignatureTamperedCertificate("test_cert_signatures/int-secp384r1.pem");
+  await ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem");
+  await ensureSignatureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1.pem"
+  );
+
+  // Tamper with the signatures on end-entity certificates and ensure that they
+  // do not validate successfully.
+  await tamperWithSignatureAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-rsa-direct.pem"
+  );
+  await tamperWithSignatureAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1-direct.pem"
+  );
+
+  // Tamper with the serial numbers of intermediate certificates and ensure
+  // that end-entity certificates issued by those intermediates do not validate
+  // successfully.
+  addSerialNumberTamperedCertificate("test_cert_signatures/int-rsa.pem");
+  addSerialNumberTamperedCertificate("test_cert_signatures/int-secp384r1.pem");
+  await ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem");
+  await ensureSignatureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1.pem"
+  );
+
+  // Tamper with the serial numbers of end-entity certificates and ensure that
+  // they do not validate successfully.
+  await tamperWithSerialNumberAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-rsa-direct.pem"
+  );
+  await tamperWithSerialNumberAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1-direct.pem"
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem
new file mode 100644
index 0000000000..60fb8c8280
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUT8jfl072RlfOreJkjWraanVZqnUwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGY2EtcnNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBExDzANBgNVBAMMBmNhLXJzYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBACAWVqoxSxIyJ0Am
+28SrJn1ussg8npP2ETHrTfoynoV5bz8qNIoK0draCheU4gKNut8dZ68mkj8gMSoj
+vxGfXMRW3FNIrAKbn/Asuyjz2MD9LHRvf4ELypEIywS0bBDdV1sWSbek9XU7uobz
+mQMvn/HzTo4PW2+N9M+V0SEj2WV8fY7j1YHmggnmDy2TJrgrviXeJC9StlifNQy8
+GwN7EDctuJ0epoKzpKJGTdSLOty4FyuAEfY2MKQcvvP5xk6u8rEWCbbEq7gW4Voo
+F8EbC8AauuFRyXgD3hN3YHgFvRatXMF0y/w/g6RH3Phl+1P5kxTz702UJradTjzo
+zRHh5Pc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec
new file mode 100644
index 0000000000..5890d2db60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-rsa
+subject:ca-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem
new file mode 100644
index 0000000000..7a6421456b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjzCCARSgAwIBAgIUU56dEINjI+b83xJvJn1PQt/p41YwCgYIKoZIzj0EAwIw
+FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAy
+NDAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGNhLXNlY3AzODRyMTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt
+qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC
+8Fr3Gh/dzIN0qm6pzqMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYI
+KoZIzj0EAwIDaQAwZgIxAO0GJz6haDpUtNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ
+1OxFRuhW515lVbeTqfcA8wIxAIr+3diKqPT5EEiOXgoswSP8CwuLNe4pc6AjdCV+
+dnE9Ibr64s45zjHfjcRLja/Z+w==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec
new file mode 100644
index 0000000000..0701c23c1e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ca-secp384r1
+subject:ca-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem
new file mode 100644
index 0000000000..46e6e5ceae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuTCCAaGgAwIBAgIUGzRGmvrzu+NFvnMfZjX1GG3QF4gwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGY2EtcnNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBgxFjAUBgNVBAMMDWVlLXJzYS1kaXJlY3QwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZI
+hvcNAQELBQADggEBAHtV0do2QpXEzm8OwnFt1LVlNqxaVCRKFENCc9nOKBHODbhS
+/6YZcvI/CNn1JNFhDgHKiTdiiYdu2aqy0Y6WbnSzHqfHmGrvLBskMH+6xDK+6qSp
+bvTR6iWyUql7X4K/J1VGeXAZHFysbxlvrhONSkRHZBDv+4nu3zEB6euIFeCMfGNH
+sxgp9I51d3vb8JiRqvB0FA5FcN7Od2MHv008rcXRAcCfKvm7DX25ZLVX9hSmPD/4
+KiJFK6nidDiguIkaD558IFp0Oc/5zOP0iGpynzICRuuAOdO5lAXMpzRrJzftvQiP
+B3+ED28z7nuI0nkSMBWlpIy/uL7s4VaChR/uSEo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec
new file mode 100644
index 0000000000..4e25ddcf94
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-rsa
+subject:ee-rsa-direct
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem
new file mode 100644
index 0000000000..1eafd948f2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUSTmi0SZM0FZ2whVeqfymGPKOiZ8wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHaW50LXJzYTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjARMQ8wDQYDVQQDDAZlZS1yc2EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAIFbfCcJOg5Q4wsfmHgwyx4P80o11WKLC6UytwA17yc47sCGx8+df/Ac
+KxrG4j0pVqee/61NxpwvIozJV8k2aoj8pDmECa4CfbHpikSU6Gd0xWX3zl/z6gAl
+6w0LIrIFk5edWlcLwrH3zX5FmukXcXb5oiEubSoaO2F78ws1UXzA7AzMoY5yZEbM
+0fAJr3f1KMpdOY8nNLIctzD23oFxeiN/HuzE4KI2FLXjYsMFYGXo8cMJlwnRxr05
+L5Po1VCe6lzFAZpC62S4l9BKlPHOOtBL77RNVz07KDxKyzoTMWRw7EgYp5HyvBa6
+lG8GpcFyJcMN5eq2PTKxrEaZKu73PQ8=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec
new file mode 100644
index 0000000000..b974a0a0a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-rsa
+subject:ee-rsa
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem
new file mode 100644
index 0000000000..d66fd61ef5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdjCB/KADAgECAhRFwdFDhUYutDxj04OT4wqoqfIMRTAKBggqhkjOPQQDAjAX
+MRUwEwYDVQQDDAxjYS1zZWNwMzg0cjEwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0
+MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtc2VjcDM4NHIxLWRpcmVjdDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22CO
+JS3ktxMtqM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXED
+viiIz/AC8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNpADBmAjEA7QYnPqFoOlS0
+2BpDdIRIljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAjEAu7C/bumy
+Dq9mke/MI7TCi3WKCJ5jFXDA2qErfTjJQ2FvSVk4970Vd78vSR8e7xZ3
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec
new file mode 100644
index 0000000000..386ab95f78
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-secp384r1
+subject:ee-secp384r1-direct
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem
new file mode 100644
index 0000000000..b3a310303a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbzCB9qADAgECAhRHCf3/9aTW4X0AHQfxJGe+P2tNazAKBggqhkjOPQQDAjAY
+MRYwFAYDVQQDDA1pbnQtc2VjcDM4NHIxMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAy
+NDAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGVlLXNlY3AzODRyMTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt
+qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC
+8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNoADBlAjEA7QYnPqFoOlS02BpDdIRI
+ljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAjBtn1PwZNY1ZR//hvpP
+r6deQnBTAS/f09KRS1DnuZypQdLFxlHVuGb3U5PL5bF298A=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec
new file mode 100644
index 0000000000..b8f7993be8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-secp384r1
+subject:ee-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem
new file mode 100644
index 0000000000..f886a9a3a6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbqgAwIBAgIUActQ49AIBGNcpw2ugrUFaaE2qMIwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGY2EtcnNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBIxEDAOBgNVBAMMB2ludC1yc2EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQF
+MAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBskZ1Lc1PHuC2r
+Jk317zOhzQlXtGCx7EbKq+wd4kdb/1dnjEiLqgASktBIaNd2249DZC1bpiF+DGYR
+k1D7DBfduygiukI3/MY19+tvUaM0C2RCo+H69pjFKGS0y9mVSxm15iwk4+DzAOpC
+Q/duzYUflOQJVDL6adPWubRAlAk9p1n4LDD9JQhuGIE5Tt4MytjxN6aGSNb6erFd
+mDgRS4dLN8JdwyI0b1AVIFulCpimnS/jf9PSEKD63xZmL/ofqXGe/V5OA3LsmHkw
+rIocCL7q/F4wImI2hELlEVsT9O6hAFSC6yVtvSCsh1421+QR1xqrfqY6luO4rMK2
+AdB34jUa
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec
new file mode 100644
index 0000000000..a86d28b44a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-rsa
+subject:int-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem
new file mode 100644
index 0000000000..5a62aaf50a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjzCCARWgAwIBAgIUKebpNrQIc1+bS1ss5l/kfaGctGwwCgYIKoZIzj0EAwIw
+FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAy
+NDAyMDUwMDAwMDBaMBgxFjAUBgNVBAMMDWludC1zZWNwMzg0cjEwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcT
+LajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/w
+AvBa9xof3cyDdKpuqc6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA2gAMGUCMQDtBic+oWg6VLTYGkN0hEiWPOY+voEXA+zXPXLwolQG
+WdTsRUboVudeZVW3k6n3APMCMD4MFMoR0AN/qV8Z7nT39tgi0LNpH8s05ltV61rc
+qqcPR+e8kOLUxDV29JfJM4icfg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec
new file mode 100644
index 0000000000..e002a1569a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ca-secp384r1
+subject:int-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_storage.js b/security/manager/ssl/tests/unit/test_cert_storage.js
new file mode 100644
index 0000000000..e6bd4d944b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage.js
@@ -0,0 +1,258 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test checks a number of things:
+// * it ensures that data loaded from revocations.txt on startup is present
+// * it ensures that data served from OneCRL are persisted correctly
+// * it ensures that items in the CertBlocklist are seen as revoked by the
+//   cert verifier
+// * it does a sanity check to ensure other cert verifier behavior is
+//   unmodified
+
+const { RemoteSecuritySettings } = ChromeUtils.importESModule(
+  "resource://gre/modules/psm/RemoteSecuritySettings.sys.mjs"
+);
+
+// First, we need to setup appInfo for the blocklist service to work
+var id = "xpcshell@tests.mozilla.org";
+var appName = "XPCShell";
+var version = "1";
+var platformVersion = "1.9.2";
+const { updateAppInfo } = ChromeUtils.importESModule(
+  "resource://testing-common/AppInfo.sys.mjs"
+);
+updateAppInfo({
+  name: appName,
+  ID: id,
+  version,
+  platformVersion: platformVersion ? platformVersion : "1.0",
+  crashReporter: true,
+});
+
+// we need to ensure we setup revocation data before certDB, or we'll start with
+// no revocation.txt in the profile
+var gProfile = do_get_profile();
+
+var gRevocations = gProfile.clone();
+gRevocations.append("revocations.txt");
+if (!gRevocations.exists()) {
+  let existing = do_get_file("test_onecrl/sample_revocations.txt", false);
+  existing.copyTo(gProfile, "revocations.txt");
+}
+
+var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const certBlocklist = [
+  // test with some bad data ...
+  {
+    issuerName: "Some nonsense in issuer",
+    serialNumber: "AkHVNA==",
+  },
+  {
+    issuerName: "MA0xCzAJBgNVBAMMAmNh",
+    serialNumber: "some nonsense in serial",
+  },
+  {
+    issuerName: "and serial",
+    serialNumber: "some nonsense in both issuer",
+  },
+  // some mixed
+  // In these case, the issuer name and the valid serialNumber correspond
+  // to test-int.pem in bad_certs/
+  {
+    issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+    serialNumber: "oops! more nonsense.",
+  },
+  {
+    issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
+    serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
+  },
+  // ... and some good
+  // In this case, the issuer name and the valid serialNumber correspond
+  // to other-test-ca.pem in bad_certs/ (for testing root revocation)
+  {
+    issuerName: "MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E=",
+    serialNumber: "Rym6o+VN9xgZXT/QLrvN/nv1ZN4=",
+  },
+  // These items correspond to an entry in sample_revocations.txt where:
+  // isser name is the base-64 encoded subject DN for the shared Test
+  // Intermediate and the serialNumbers are base-64 encoded 78 and 31,
+  // respectively.
+  // We need this to ensure that existing items are retained if they're
+  // also in the blocklist
+  {
+    issuerName: "MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRl",
+    serialNumber: "Tg==",
+  },
+  {
+    issuerName: "MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRl",
+    serialNumber: "Hw==",
+  },
+  // This item revokes same-issuer-ee.pem by subject and pubKeyHash.
+  {
+    subject: "MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5",
+    pubKeyHash: "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=",
+  },
+];
+
+function verify_cert(file, expectedError) {
+  let ee = constructCertFromFile(file);
+  return checkCertErrorGeneric(
+    certDB,
+    ee,
+    expectedError,
+    certificateUsageSSLServer
+  );
+}
+
+// The certificate blocklist currently only applies to TLS server certificates.
+async function verify_non_tls_usage_succeeds(file) {
+  let ee = constructCertFromFile(file);
+  await checkCertErrorGeneric(
+    certDB,
+    ee,
+    PRErrorCodeSuccess,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certDB,
+    ee,
+    PRErrorCodeSuccess,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certDB,
+    ee,
+    PRErrorCodeSuccess,
+    certificateUsageEmailRecipient
+  );
+}
+
+function load_cert(cert, trust) {
+  let file = "bad_certs/" + cert + ".pem";
+  addCertFromFile(certDB, file, trust);
+}
+
+async function update_blocklist() {
+  const { OneCRLBlocklistClient } = RemoteSecuritySettings.init();
+
+  const fakeEvent = {
+    current: certBlocklist, // with old .txt revocations.
+    deleted: [],
+    created: certBlocklist, // with new cert storage.
+    updated: [],
+  };
+  await OneCRLBlocklistClient.emit("sync", { data: fakeEvent });
+  // Save the last check timestamp, used by cert_storage to assert
+  // if the blocklist is «fresh».
+  Services.prefs.setIntPref(
+    OneCRLBlocklistClient.lastCheckTimePref,
+    Math.floor(Date.now() / 1000)
+  );
+}
+
+function run_test() {
+  // import the certificates we need
+  load_cert("test-ca", "CTu,CTu,CTu");
+  load_cert("test-int", ",,");
+  load_cert("other-test-ca", "CTu,CTu,CTu");
+
+  add_task(async function () {
+    // check some existing items in revocations.txt are blocked.
+    // This test corresponds to:
+    // issuer: MBIxEDAOBgNVBAMMB1Rlc3QgQ0E= (CN=Test CA)
+    // serial: Kg== (42)
+    let file = "test_onecrl/ee-revoked-by-revocations-txt.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // This test corresponds to:
+    // issuer: MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRl (CN=Test Intermediate)
+    // serial: Tg== (78)
+    file = "test_onecrl/another-ee-revoked-by-revocations-txt.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // And this test corresponds to:
+    // issuer: MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRl (CN=Test Intermediate)
+    // serial: Hw== (31)
+    // (we test this issuer twice to ensure we can read multiple serials)
+    file = "test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // Test that a certificate revoked by subject and public key hash in
+    // revocations.txt is revoked
+    // subject: MCsxKTAnBgNVBAMMIEVFIFJldm9rZWQgQnkgU3ViamVjdCBhbmQgUHViS2V5
+    // (CN=EE Revoked By Subject and PubKey)
+    // pubkeyhash: VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8= (this is the
+    // shared RSA SPKI)
+    file = "test_onecrl/ee-revoked-by-subject-and-pubkey.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // Soon we'll load a blocklist which revokes test-int.pem, which issued
+    // test-int-ee.pem.
+    // Check the cert validates before we load the blocklist
+    file = "test_onecrl/test-int-ee.pem";
+    await verify_cert(file, PRErrorCodeSuccess);
+
+    // The blocklist also revokes other-test-ca.pem, which issued
+    // other-ca-ee.pem. Check the cert validates before we load the blocklist
+    file = "bad_certs/other-issuer-ee.pem";
+    await verify_cert(file, PRErrorCodeSuccess);
+
+    // The blocklist will revoke same-issuer-ee.pem via subject / pubKeyHash.
+    // Check the cert validates before we load the blocklist
+    file = "test_onecrl/same-issuer-ee.pem";
+    await verify_cert(file, PRErrorCodeSuccess);
+  });
+
+  // blocklist load is async so we must use add_test from here
+  add_task(update_blocklist);
+
+  add_task(async function () {
+    // The blocklist will be loaded now. Let's check the data is sane.
+    // In particular, we should still have the revoked issuer / serial pair
+    // that was in revocations.txt but not the blocklist.
+    let file = "test_onecrl/ee-revoked-by-revocations-txt.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // We should also still have the revoked issuer / serial pairs that were in
+    // revocations.txt and are also in the blocklist.
+    file = "test_onecrl/another-ee-revoked-by-revocations-txt.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    file = "test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // The cert revoked by subject and pubkeyhash should still be revoked.
+    file = "test_onecrl/ee-revoked-by-subject-and-pubkey.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // Check the blocklisted intermediate now causes a failure
+    file = "test_onecrl/test-int-ee.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    await verify_non_tls_usage_succeeds(file);
+
+    // Check the ee with the blocklisted root also causes a failure
+    file = "bad_certs/other-issuer-ee.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    await verify_non_tls_usage_succeeds(file);
+
+    // Check the ee blocked by subject / pubKey causes a failure
+    file = "test_onecrl/same-issuer-ee.pem";
+    await verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    await verify_non_tls_usage_succeeds(file);
+
+    // Check a non-blocklisted chain still validates OK
+    file = "bad_certs/default-ee.pem";
+    await verify_cert(file, PRErrorCodeSuccess);
+
+    // Check a bad cert is still bad (unknown issuer)
+    file = "bad_certs/unknownissuer.pem";
+    await verify_cert(file, SEC_ERROR_UNKNOWN_ISSUER);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_broken_db.js b/security/manager/ssl/tests/unit/test_cert_storage_broken_db.js
new file mode 100644
index 0000000000..cabf16b48d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_broken_db.js
@@ -0,0 +1,72 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file tests cert_storage's automatic database recreation mechanism. If
+// opening the database for the first time fails, cert_storage will re-create
+// it.
+
+function call_has_prior_data(certStorage, type) {
+  return new Promise(resolve => {
+    certStorage.hasPriorData(type, (rv, hasPriorData) => {
+      Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+      resolve(hasPriorData);
+    });
+  });
+}
+
+async function check_has_prior_revocation_data(certStorage, expectedResult) {
+  let hasPriorRevocationData = await call_has_prior_data(
+    certStorage,
+    Ci.nsICertStorage.DATA_TYPE_REVOCATION
+  );
+  Assert.equal(
+    hasPriorRevocationData,
+    expectedResult,
+    `should ${expectedResult ? "have" : "not have"} prior revocation data`
+  );
+}
+
+async function check_has_prior_cert_data(certStorage, expectedResult) {
+  let hasPriorCertData = await call_has_prior_data(
+    certStorage,
+    Ci.nsICertStorage.DATA_TYPE_CERTIFICATE
+  );
+  Assert.equal(
+    hasPriorCertData,
+    expectedResult,
+    `should ${expectedResult ? "have" : "not have"} prior cert data`
+  );
+}
+
+add_task(async function () {
+  // Create an invalid database.
+  let fileToCopy = do_get_file("test_cert_storage_broken_db.js");
+  let dbDirectory = do_get_profile();
+  dbDirectory.append("security_state");
+  fileToCopy.copyTo(dbDirectory, "data.mdb");
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+  check_has_prior_revocation_data(certStorage, false);
+  check_has_prior_cert_data(certStorage, false);
+
+  let result = await new Promise(resolve => {
+    certStorage.setRevocations([], resolve);
+  });
+  Assert.equal(result, Cr.NS_OK, "setRevocations should succeed");
+
+  check_has_prior_revocation_data(certStorage, true);
+  check_has_prior_cert_data(certStorage, false);
+
+  result = await new Promise(resolve => {
+    certStorage.addCerts([], resolve);
+  });
+  Assert.equal(result, Cr.NS_OK, "addCerts should succeed");
+
+  check_has_prior_revocation_data(certStorage, true);
+  check_has_prior_cert_data(certStorage, true);
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_direct.js b/security/manager/ssl/tests/unit/test_cert_storage_direct.js
new file mode 100644
index 0000000000..a1ba818dd9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_direct.js
@@ -0,0 +1,417 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file consists of unit tests for cert_storage (whereas test_cert_storage.js is more of an
+// integration test).
+
+do_get_profile();
+
+this.certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+  Ci.nsICertStorage
+);
+
+async function addCerts(certInfos) {
+  let result = await new Promise(resolve => {
+    certStorage.addCerts(certInfos, resolve);
+  });
+  Assert.equal(result, Cr.NS_OK, "addCerts should succeed");
+}
+
+async function removeCertsByHashes(hashesBase64) {
+  let result = await new Promise(resolve => {
+    certStorage.removeCertsByHashes(hashesBase64, resolve);
+  });
+  Assert.equal(result, Cr.NS_OK, "removeCertsByHashes should succeed");
+}
+
+function getLongString(uniquePart, length) {
+  return String(uniquePart).padStart(length, "0");
+}
+
+class CertInfo {
+  constructor(cert, subject) {
+    this.cert = btoa(cert);
+    this.subject = btoa(subject);
+    this.trust = Ci.nsICertStorage.TRUST_INHERIT;
+  }
+}
+CertInfo.prototype.QueryInterface = ChromeUtils.generateQI(["nsICertInfo"]);
+
+add_task(async function test_common_subject() {
+  let someCert1 = new CertInfo(
+    "some certificate bytes 1",
+    "some common subject"
+  );
+  let someCert2 = new CertInfo(
+    "some certificate bytes 2",
+    "some common subject"
+  );
+  let someCert3 = new CertInfo(
+    "some certificate bytes 3",
+    "some common subject"
+  );
+  await addCerts([someCert1, someCert2, someCert3]);
+  let storedCerts = certStorage.findCertsBySubject(
+    stringToArray("some common subject")
+  );
+  let storedCertsAsStrings = storedCerts.map(arrayToString);
+  let expectedCerts = [
+    "some certificate bytes 1",
+    "some certificate bytes 2",
+    "some certificate bytes 3",
+  ];
+  Assert.deepEqual(
+    storedCertsAsStrings.sort(),
+    expectedCerts.sort(),
+    "should find expected certs"
+  );
+
+  await addCerts([
+    new CertInfo("some other certificate bytes", "some other subject"),
+  ]);
+  storedCerts = certStorage.findCertsBySubject(
+    stringToArray("some common subject")
+  );
+  storedCertsAsStrings = storedCerts.map(arrayToString);
+  Assert.deepEqual(
+    storedCertsAsStrings.sort(),
+    expectedCerts.sort(),
+    "should still find expected certs"
+  );
+
+  let storedOtherCerts = certStorage.findCertsBySubject(
+    stringToArray("some other subject")
+  );
+  let storedOtherCertsAsStrings = storedOtherCerts.map(arrayToString);
+  let expectedOtherCerts = ["some other certificate bytes"];
+  Assert.deepEqual(
+    storedOtherCertsAsStrings,
+    expectedOtherCerts,
+    "should have other certificate"
+  );
+});
+
+add_task(async function test_many_entries() {
+  const NUM_CERTS = 500;
+  const CERT_LENGTH = 3000;
+  const SUBJECT_LENGTH = 40;
+  let certs = [];
+  for (let i = 0; i < NUM_CERTS; i++) {
+    certs.push(
+      new CertInfo(
+        getLongString(i, CERT_LENGTH),
+        getLongString(i, SUBJECT_LENGTH)
+      )
+    );
+  }
+  await addCerts(certs);
+  for (let i = 0; i < NUM_CERTS; i++) {
+    let subject = stringToArray(getLongString(i, SUBJECT_LENGTH));
+    let storedCerts = certStorage.findCertsBySubject(subject);
+    Assert.equal(
+      storedCerts.length,
+      1,
+      "should have 1 certificate (lots of data test)"
+    );
+    let storedCertAsString = arrayToString(storedCerts[0]);
+    Assert.equal(
+      storedCertAsString,
+      getLongString(i, CERT_LENGTH),
+      "certificate should be as expected (lots of data test)"
+    );
+  }
+});
+
+add_task(async function test_removal() {
+  // As long as cert_storage is given valid base64, attempting to delete some nonexistent
+  // certificate will "succeed" (it'll do nothing).
+  await removeCertsByHashes([btoa("thishashisthewrongsize")]);
+
+  let removalCert1 = new CertInfo(
+    "removal certificate bytes 1",
+    "common subject to remove"
+  );
+  let removalCert2 = new CertInfo(
+    "removal certificate bytes 2",
+    "common subject to remove"
+  );
+  let removalCert3 = new CertInfo(
+    "removal certificate bytes 3",
+    "common subject to remove"
+  );
+  await addCerts([removalCert1, removalCert2, removalCert3]);
+
+  let storedCerts = certStorage.findCertsBySubject(
+    stringToArray("common subject to remove")
+  );
+  let storedCertsAsStrings = storedCerts.map(arrayToString);
+  let expectedCerts = [
+    "removal certificate bytes 1",
+    "removal certificate bytes 2",
+    "removal certificate bytes 3",
+  ];
+  Assert.deepEqual(
+    storedCertsAsStrings.sort(),
+    expectedCerts.sort(),
+    "should find expected certs before removing them"
+  );
+
+  // echo -n "removal certificate bytes 2" | sha256sum | xxd -r -p | base64
+  await removeCertsByHashes(["2nUPHwl5TVr1mAD1FU9FivLTlTb0BAdnVUhsYgBccN4="]);
+  storedCerts = certStorage.findCertsBySubject(
+    stringToArray("common subject to remove")
+  );
+  storedCertsAsStrings = storedCerts.map(arrayToString);
+  expectedCerts = [
+    "removal certificate bytes 1",
+    "removal certificate bytes 3",
+  ];
+  Assert.deepEqual(
+    storedCertsAsStrings.sort(),
+    expectedCerts.sort(),
+    "should only have first and third certificates now"
+  );
+
+  // echo -n "removal certificate bytes 1" | sha256sum | xxd -r -p | base64
+  await removeCertsByHashes(["8zoRqHYrklr7Zx6UWpzrPuL+ol8KL1Ml6XHBQmXiaTY="]);
+  storedCerts = certStorage.findCertsBySubject(
+    stringToArray("common subject to remove")
+  );
+  storedCertsAsStrings = storedCerts.map(arrayToString);
+  expectedCerts = ["removal certificate bytes 3"];
+  Assert.deepEqual(
+    storedCertsAsStrings.sort(),
+    expectedCerts.sort(),
+    "should only have third certificate now"
+  );
+
+  // echo -n "removal certificate bytes 3" | sha256sum | xxd -r -p | base64
+  await removeCertsByHashes(["vZn7GwDSabB/AVo0T+N26nUsfSXIIx4NgQtSi7/0p/w="]);
+  storedCerts = certStorage.findCertsBySubject(
+    stringToArray("common subject to remove")
+  );
+  Assert.equal(storedCerts.length, 0, "shouldn't have any certificates now");
+
+  // echo -n "removal certificate bytes 3" | sha256sum | xxd -r -p | base64
+  // Again, removing a nonexistent certificate should "succeed".
+  await removeCertsByHashes(["vZn7GwDSabB/AVo0T+N26nUsfSXIIx4NgQtSi7/0p/w="]);
+});
+
+add_task(async function test_batched_removal() {
+  let removalCert1 = new CertInfo(
+    "batch removal certificate bytes 1",
+    "batch subject to remove"
+  );
+  let removalCert2 = new CertInfo(
+    "batch removal certificate bytes 2",
+    "batch subject to remove"
+  );
+  let removalCert3 = new CertInfo(
+    "batch removal certificate bytes 3",
+    "batch subject to remove"
+  );
+  await addCerts([removalCert1, removalCert2, removalCert3]);
+  let storedCerts = certStorage.findCertsBySubject(
+    stringToArray("batch subject to remove")
+  );
+  let storedCertsAsStrings = storedCerts.map(arrayToString);
+  let expectedCerts = [
+    "batch removal certificate bytes 1",
+    "batch removal certificate bytes 2",
+    "batch removal certificate bytes 3",
+  ];
+  Assert.deepEqual(
+    storedCertsAsStrings.sort(),
+    expectedCerts.sort(),
+    "should find expected certs before removing them"
+  );
+  // echo -n "batch removal certificate bytes 1" | sha256sum | xxd -r -p | base64
+  // echo -n "batch removal certificate bytes 2" | sha256sum | xxd -r -p | base64
+  // echo -n "batch removal certificate bytes 3" | sha256sum | xxd -r -p | base64
+  await removeCertsByHashes([
+    "EOEEUTuanHZX9NFVCoMKVT22puIJC6g+ZuNPpJgvaa8=",
+    "Xz6h/Kvn35cCLJEZXkjPqk1GG36b56sreLyAXpO+0zg=",
+    "Jr7XdiTT8ZONUL+ogNNMW2oxKxanvYOLQPKBPgH/has=",
+  ]);
+  storedCerts = certStorage.findCertsBySubject(
+    stringToArray("batch subject to remove")
+  );
+  Assert.equal(storedCerts.length, 0, "shouldn't have any certificates now");
+});
+
+class CRLiteCoverage {
+  constructor(ctLogID, minTimestamp, maxTimestamp) {
+    this.b64LogID = ctLogID;
+    this.minTimestamp = minTimestamp;
+    this.maxTimestamp = maxTimestamp;
+  }
+}
+CRLiteCoverage.prototype.QueryInterface = ChromeUtils.generateQI([
+  "nsICRLiteCoverage",
+]);
+
+add_task(async function test_crlite_filter() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(
+    certdb,
+    "test_cert_storage_direct/valid-cert-issuer.pem",
+    ",,"
+  );
+  let validCert = constructCertFromFile(
+    "test_cert_storage_direct/valid-cert.pem"
+  );
+  addCertFromFile(
+    certdb,
+    "test_cert_storage_direct/revoked-cert-issuer.pem",
+    ",,"
+  );
+  let revokedCert = constructCertFromFile(
+    "test_cert_storage_direct/revoked-cert.pem"
+  );
+  let filterFile = do_get_file(
+    "test_cert_storage_direct/test-filter.crlite",
+    false
+  );
+  ok(filterFile.exists(), "test filter file should exist");
+  let enrollment = [];
+  let coverage = [];
+  let filterBytes = stringToArray(readFile(filterFile));
+  // First simualte a filter that does not cover any certificates. With CRLite
+  // enabled, none of the certificates should appear to be revoked.
+  let setFullCRLiteFilterResult = await new Promise(resolve => {
+    certStorage.setFullCRLiteFilter(filterBytes, enrollment, coverage, resolve);
+  });
+  Assert.equal(
+    setFullCRLiteFilterResult,
+    Cr.NS_OK,
+    "setFullCRLiteFilter should succeed"
+  );
+
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeEnforcePrefValue
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "skynew.jp",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "schunk-group.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  // Now replace the filter with one that covers the "valid" and "revoked"
+  // certificates. CRLite should flag the revoked certificate.
+  coverage.push(
+    new CRLiteCoverage(
+      "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=",
+      0,
+      1641612275000
+    )
+  );
+
+  // crlite_enrollment_id.py test_crlite_filters/issuer.pem
+  enrollment.push("UbH9/ZAnjuqf79Xhah1mFOWo6ZvgQCgsdheWfjvVUM8=");
+  // crlite_enrollment_id.py test_crlite_filters/no-sct-issuer.pem
+  enrollment.push("Myn7EasO1QikOtNmo/UZdh6snCAw0BOY6wgU8OsUeeY=");
+  // crlite_enrollment_id.py test_cert_storage_direct/revoked-cert-issuer.pem
+  enrollment.push("HTvSp2263dqBYtgYA2fldKAoTYcEVLPVTlRia9XaoCQ=");
+
+  setFullCRLiteFilterResult = await new Promise(resolve => {
+    certStorage.setFullCRLiteFilter(filterBytes, enrollment, coverage, resolve);
+  });
+  Assert.equal(
+    setFullCRLiteFilterResult,
+    Cr.NS_OK,
+    "setFullCRLiteFilter should succeed"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "skynew.jp",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "schunk-group.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  // If we're only collecting telemetry, none of the certificates should appear to be revoked.
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeTelemetryOnlyPrefValue
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "skynew.jp",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "schunk-group.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  // If CRLite is disabled, none of the certificates should appear to be revoked.
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeDisabledPrefValue
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "skynew.jp",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "schunk-group.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert-issuer.pem b/security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert-issuer.pem
new file mode 100644
index 0000000000..d775817b33
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert-issuer.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIQBpaPlkroI1bHThfCtTZbADANBgkqhkiG9w0BAQsFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTE3MTEwNjEyMjI1N1oXDTI3MTEwNjEyMjI1N1owXzEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTEeMBwGA1UEAxMVVGhhd3RlIEVWIFJTQSBDQSAyMDE4MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0Cu52zmdJFnSezXMKvL0rso
+WgA/1X7OxjMQHsAllID1eDG836ptJXSTPg+DoEenHfkKyw++wXobgahr0cU/2v8R
+WR3fID53ZDhEGHzS+Ol7V+HRtZG5teMWCY7gldtBQH0r7xUEp/3ISVsZUVBqtUmL
+VJlf9nxJD6Cxp4LBlcJJ8+N6kSkV+fA+WdQc0HYhXSg3PxJP7XSU28Wc7gf6y9kZ
+zQhK4WrZLRrHHbHC2QXdqQYUxR927QV+UCNXnlbTcZy2QpxWTPLzK+/cKXX4cwP6
+MGF7+8RnUgHlij/5V2k/tIF9ep4B72ucqaS/UhEPpIN/T7A3OAw995yrB38glQID
+AQABo4IBSTCCAUUwHQYDVR0OBBYEFOcB/AwWGMp9sozshyejb2GBO4Q5MB8GA1Ud
+IwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA4GA1UdDwEB/wQEAwIBhjAdBgNV
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0
+BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0
+LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v
+RGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYE
+VR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MA0GCSqGSIb3DQEBCwUAA4IBAQAWGka+5ffLpfFuzT+WlwDRwhyTZSunnvecZWZT
+PPKXipynjpXx5dK8YG+2XoH74285GR1UABuvHMFV94XeDET9Pzz5s/NHS1/eAr5e
+GdwfBl80XwPkwXaYqzRtw6J4RAxeLqcbibhUQv9Iev9QcP0kNPyJu413Xov76mSu
+JlGThKzcurJPive2eLmwmoIgTPH11N/IIO9nHLVe8KTkt+FGgZCOWHA3kbFBZR39
+Mn2hFS974rhUkM+VS9KbCiQQ5OwkfbZ/6BINkE1CMtiESZ2WkbxJKPsF3dN7p9DF
+YWiQSbYjFP+rCT0/MkaHHYUkEvLNPgyJ6z29eMf0DjLu/SXJ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert.pem b/security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert.pem
new file mode 100644
index 0000000000..81e01bd783
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_direct/revoked-cert.pem
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHOzCCBiOgAwIBAgIQBi31aKBRMQgg1+xDJ+G6/TANBgkqhkiG9w0BAQsFADBf
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMR4wHAYDVQQDExVUaGF3dGUgRVYgUlNBIENBIDIwMTgw
+HhcNMTgwNTI4MDAwMDAwWhcNMjAwNTIxMTIwMDAwWjCB6zEdMBsGA1UEDwwUUHJp
+dmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCREUxFjAUBgsrBgEE
+AYI3PAIBAhMFSGVzc2UxGDAWBgsrBgEEAYI3PAIBAQwHR2llw59lbjERMA8GA1UE
+BRMISFJCIDY5MDIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIZXNzZW4xFDASBgNV
+BAcTC0hldWNoZWxoZWltMRQwEgYDVQQKEwtTY2h1bmsgR21iSDELMAkGA1UECxMC
+SVQxGTAXBgNVBAMTEHNjaHVuay1ncm91cC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCvkuQZz2ExPv9paJb622OOk+o4bWnjDe1zHGK6qnK25mMT
+Zldk74sXF+Wfr9lbwqHTcjGhQFwmVDqvtr55KVX8FOv0CSqNaewOrnNrFz8Xg4rn
+OlIs3+MmqD5CIK+el0rA+xltEY8WvNlwZKG7yeJYrdsr+5DAThDuwCVe8bU7it4h
+sjsMsof5ocee9zDkFThNVGR4sMk5EgBxb1Gt4n9wXUj4OBT78whhlkLH/pVZrrhs
+tQwC3q90MOPC5RJcEolSCNjGdHCKRbexmRqJgbJj/qZ9JT+fQ+Ko6a+UAWvc2BUc
+POnzGV2GzCdFFGOubJb6RjU0nuPG4Lmdc/BuS9kFAgMBAAGjggNkMIIDYDAfBgNV
+HSMEGDAWgBTnAfwMFhjKfbKM7Icno29hgTuEOTAdBgNVHQ4EFgQUNb1SY8Bkil98
+tD8zoxE30jBA1NIwZwYDVR0RBGAwXoIQc2NodW5rLWdyb3VwLmNvbYIUd3d3LnNj
+aHVuay1ncm91cC5jb22CG3NjaHVuay1jYXJib250ZWNobm9sb2d5LmNvbYIXc2No
+dW5rLXNpbnRlcm1ldGFscy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY2Rw
+LnRoYXd0ZS5jb20vVGhhd3RlRVZSU0FDQTIwMTguY3JsMEsGA1UdIAREMEIwNwYJ
+YIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv
+bS9DUFMwBwYFZ4EMAQEwcQYIKwYBBQUHAQEEZTBjMCQGCCsGAQUFBzABhhhodHRw
+Oi8vc3RhdHVzLnRoYXd0ZS5jb20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9jYWNlcnRz
+LnRoYXd0ZS5jb20vVGhhd3RlRVZSU0FDQTIwMTguY3J0MAkGA1UdEwQCMAAwggF7
+BgorBgEEAdZ5AgQCBIIBawSCAWcBZQB1AKS5CZC0GFgUh7sTosxncAo8NZgE+Rvf
+uON3zQ7IDdwQAAABY6Ze9XAAAAQDAEYwRAIgNUeXL3GwlpGQtTS/wKBlOkHJvHR5
+knSop0OPumeCfQECIEdxY7qr/WRVbWkQFvP48fgWkZHkd4vTq70Y0aaSZTbPAHUA
+VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFjpl71tQAABAMARjBE
+AiAtxKdc/wum3TE7r9BoRd/gkrjYLWyqeLuL/opRBRy9xwIgPF6uEZxyhEoLZ+9G
+AFBAP+X89zjZphVALjIXu0RRea4AdQC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQ
+lmQ2jh7RhQAAAWOmXvY1AAAEAwBGMEQCIHc04ERlUbIkVrlC+I89C9xtugvRCwbR
+a7qZzSdqHltUAiBRVwTacf1dnO9AgLSgrxft5LV32DvH3qNT7pWYh8dFNjANBgkq
+hkiG9w0BAQsFAAOCAQEARJ+tbnM+yS6chgpyzfB3e7IWPq2Den46Ja1H6/4qaKrd
+nsbElcvd4cCQf1zYY6jlQkO6qtfMUChKrEar5aqqnyX8x/8T9PkpHp8XyUxgGlmT
+hrnHML0gDJFS8O4MB5pFnGkgoOQa+OIQokWCXr4/a4AwsTG3Ms+lC+R+vRYz90lg
+TEJLNHB2fSvQyvpXDUL9aAjACBp/9pKxfM9iq06MFO5jP483xJUfdqtVteHMw75w
+1mb8IrM9R1dP47GsblTrf2rZYdaoxdyLjtJQG2aaOdU5unE6QeFrXbz0qeTPePs8
+ftuXSW9xb053HjAkCcVo48j07b2cHfU1hxzGGptVbQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_direct/test-filter.crlite b/security/manager/ssl/tests/unit/test_cert_storage_direct/test-filter.crlite
new file mode 100644
index 0000000000..34ced4b840
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_storage_direct/test-filter.crlite differ
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert-issuer.pem b/security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert-issuer.pem
new file mode 100644
index 0000000000..705827a85e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert-issuer.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkDCCA3igAwIBAgIJIrmxUyPlrv3NMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV
+BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw
+JQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTIwHhcNMTgwODIy
+MDczMjI0WhcNMjgwODIyMDczMjI0WjBQMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEaMBgGA1UEAxMRQ3Jvc3NUcnVz
+dCBEViBDQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnTNi5Kgrt
+FL8qBuEmpL2gvLFY7f9MEgjzClvic/45ebM+DxZ2CMuqtMtImgf8XPIpLaFFbozx
+3VgqH41cmGHbpAoDRKpwfF1f53peHYhRxpOVgcnsiVCPZJPBPCUM9St+cuEjfo0d
+YGbr3aG5urdT2zeKIFyxKbggdkU0LVRHwvLFsIpXCn/YK/8Rmx87yW9VB80OXkzf
+IQoZop83+aebq1VwzjNCN3u4bWSFLYDyJGqE40WlZ53NZh+TwBsa6gld9YXPGQfx
+k8x38zkFXberlMQOYhX9KyuTOMdlFkbx6LfIUqVKJavpcr54+XPzVyeroNPpKxtZ
+mEqUYiFjAqUVAgMBAAGjggFeMIIBWjAdBgNVHQ4EFgQUT4twz6lAHJbllF13rNZv
+TS2b8ncwHwYDVR0jBBgwFoAUCoWpd2UFmHxAgfgPlyw48QrsPM8wEgYDVR0TAQH/
+BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwSQYDVR0fBEIwQDA+oDygOoY4aHR0
+cDovL3JlcG9zaXRvcnkuc2Vjb210cnVzdC5uZXQvU0MtUm9vdDIvU0NSb290MkNS
+TC5jcmwwUgYDVR0gBEswSTBHBgoqgwiMmxtkhwUEMDkwNwYIKwYBBQUHAgEWK2h0
+dHBzOi8vcmVwb3NpdG9yeS5zZWNvbXRydXN0Lm5ldC9TQy1Sb290Mi8wQAYIKwYB
+BQUHAQEENDAyMDAGCCsGAQUFBzABhiRodHRwOi8vc2Nyb290Y2EyLm9jc3Auc2Vj
+b210cnVzdC5uZXQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD
+ggEBABEDSrrhhR+Js5q45yih2Ne4cMLZmrH0AZwU3eM+7HZplzi1EhppgvcYk/2k
+LM9haQGWnAZ5wiixLqKu7WlWrHgblZbXyCxALmMBK1rqeP0omxXExqKVqWNHU8KZ
+t3jahH1wDYSzfetM7guWR+PAPpb9oQCtAx8DVyI/3Ocswvti/uWb517Bdo6Nd0+9
+mf0LiphNKcSzSFX0s1Cb47cJROYHGBe2J6NUSWR7wE0asPtKsznGyNO+NJCUR+0h
+OLN2cA2KJwPhZjYJt8UkucAF/EE7qC0Fc8B9Q/gttQ52en5BZxdkDrHCi4qnsSvi
+gueQme/RzYkEaQlNT1WCZ9AIgVE=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert.pem b/security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert.pem
new file mode 100644
index 0000000000..195d2d8ca2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_direct/valid-cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF4DCCBMigAwIBAgIQC3d196+a5UJlyc0yVxB3jjANBgkqhkiG9w0BAQsFADBQ
+MQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4s
+TFRELjEaMBgGA1UEAxMRQ3Jvc3NUcnVzdCBEViBDQTUwHhcNMTkwNjExMDUyMjEy
+WhcNMjEwNjMwMTQ1OTU5WjAUMRIwEAYDVQQDEwlza3luZXcuanAwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeciw7C297026HA4oIwc29vL2h29GVrRF7
+HGdeXzAJA7kh+qwo8rTBFfdX7sgHy6nnE1+flEtFt91Ss8i3BZMEqoFUZFb1jGXd
+DbQtmIWxz7O5skkjR1gdKwt9GImy1hEPt8dwU52mwVsSUEKvlZlsjeofUPAEbnYY
++iA/nYaYXiXyCxJzk6Y09VlzghyMIhkLwDa7rL3S9FgUQI6tSUwsiNYNoQzlYgXF
+yPfQfd57LbBwZJtqVPC6rjPOZZd0sw7uvrDNuxnAM2k2mzlML9Vwt8EvSlZX60xD
+oGQCsQQ/ZgjEQTA8WRZ+fxW/LqQNYYm70KU/1M+e8o4MKmA9xkH5AgMBAAGjggLw
+MIIC7DAfBgNVHSMEGDAWgBRPi3DPqUAcluWUXXes1m9NLZvydzA8BggrBgEFBQcB
+AQQwMC4wLAYIKwYBBQUHMAGGIGh0dHA6Ly9kdmNhNS5vY3NwLnNlY29tdHJ1c3Qu
+bmV0MCMGA1UdEQQcMBqCCXNreW5ldy5qcIINd3d3LnNreW5ldy5qcDBaBgNVHSAE
+UzBRMEUGCiqDCIybG26BVQIwNzA1BggrBgEFBQcCARYpaHR0cHM6Ly9yZXBvMS5z
+ZWNvbXRydXN0Lm5ldC9zcHBjYS94dGR2NS8wCAYGZ4EMAQIBMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9yZXBvMS5zZWNvbXRy
+dXN0Lm5ldC9zcHBjYS94dGR2NS9mdWxsY3JsLmNybDAdBgNVHQ4EFgQUuj9305tQ
+JIeVAQtsz9JHx3PTqaQwDgYDVR0PAQH/BAQDAgWgMIIBfgYKKwYBBAHWeQIEAgSC
+AW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWtF
+Bb6pAAAEAwBHMEUCIHUQkmFzUh01r1Px/zWMZSL21dNNQwM+rN1z0gutxV3JAiEA
+jSb2/GAm4+2qiNWDtx1EkHsMXjNW+5S4GhJePexjJR8AdgDuS723dc5guuFCaR+r
+4Z5mow9+X7By2IMAxHuJeqj9ywAAAWtFBcdeAAAEAwBHMEUCIDVHdfP9wnVgz45l
+eX80DpRCRNEV/OCDwfW+B0g/dveYAiEArbpLQb5Z9hul3r00kF2LrivNuI7kwEBy
+MpkYsLtSPJoAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWtF
+BdCQAAAEAwBHMEUCIE2GUo6x3qDrIhacnCmjikBCHF2yT6Fv5GAehZB569YCAiEA
+vXwMXV8+y3xNFys+A6u9EjKiy8CTKv+SQxqsJ4s6jK0wDQYJKoZIhvcNAQELBQAD
+ggEBAAzlm9W+N5fviTJ9wDsc5nXKYur3744V/cm75+8dUM61Rko1isK6IZt5aNPN
+wOfhBsTzHHSYmAFMR9Xjoq8iDYZtIk01IGI6LEWuls9F2hVcERiHMWJOLTiH35xN
+vRNTG0AbBdIpTX2sURsoCPJ+8DTnVUr3pTzXnIY4EQ4UXfANuYwceOHShF6UJo/L
+PK0uRdHcd5SmMa03gFUdkTc9gU6PIEO/UgubazGh9xDBHtHECeleL+gpSfOP3SkF
+7W1RgmbE6WJdVPlto7FRQtl2xIzHs/gNaPezqNKPHgFlx4c+ECTjPLqoW8LdeXu+
+N8dueJg1+h+lQifkmgl23DqEIiI=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js b/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js
new file mode 100644
index 0000000000..8a757c199c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js
@@ -0,0 +1,48 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file tests that cert_storage correctly persists its "has prior data"
+// information across runs of the browser.
+// (The test DB files for this test were created by running the test
+// `test_cert_storage_broken_db.js` and copying them from that test's profile
+// directory.)
+
+/* eslint-disable no-unused-vars */
+add_task(async function () {
+  let dbDirectory = do_get_profile();
+  dbDirectory.append("security_state");
+  let dbFile = do_get_file("test_cert_storage_preexisting/data.safe.bin");
+  dbFile.copyTo(dbDirectory, "data.safe.bin");
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+  let hasPriorRevocationData = await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_REVOCATION,
+      (rv, hasPriorData) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve(hasPriorData);
+      }
+    );
+  });
+  Assert.equal(
+    hasPriorRevocationData,
+    true,
+    "should have prior revocation data"
+  );
+
+  let hasPriorCertData = await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CERTIFICATE,
+      (rv, hasPriorData) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve(hasPriorData);
+      }
+    );
+  });
+  Assert.equal(hasPriorCertData, true, "should have prior cert data");
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb
new file mode 100644
index 0000000000..df4cb182a7
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb differ
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin
new file mode 100644
index 0000000000..011ed93484
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin differ
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb
new file mode 100644
index 0000000000..dc4b50fdfc
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb differ
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js
new file mode 100644
index 0000000000..c444bdd945
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js
@@ -0,0 +1,83 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file tests that cert_storage correctly persists its information across
+// runs of the browser specifically in the case of CRLite.
+// (The test DB files for this test were created by running the test
+// `test_cert_storage_direct.js` and copying them from that test's profile
+// directory.)
+
+/* eslint-disable no-unused-vars */
+add_task(async function () {
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeEnforcePrefValue
+  );
+
+  let dbDirectory = do_get_profile();
+  dbDirectory.append("security_state");
+  let crliteFile = do_get_file(
+    "test_cert_storage_preexisting_crlite/crlite.filter"
+  );
+  crliteFile.copyTo(dbDirectory, "crlite.filter");
+  let coverageFile = do_get_file(
+    "test_cert_storage_preexisting_crlite/crlite.coverage"
+  );
+  coverageFile.copyTo(dbDirectory, "crlite.coverage");
+  let enrollmentFile = do_get_file(
+    "test_cert_storage_preexisting_crlite/crlite.enrollment"
+  );
+  enrollmentFile.copyTo(dbDirectory, "crlite.enrollment");
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+
+  // Add an empty stash to ensure the filter is considered to be fresh.
+  await new Promise(resolve => {
+    certStorage.addCRLiteStash(new Uint8Array([]), (rv, _) => {
+      Assert.equal(rv, Cr.NS_OK, "marked filter as fresh");
+      resolve();
+    });
+  });
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let validCertIssuer = constructCertFromFile(
+    "test_cert_storage_direct/valid-cert-issuer.pem"
+  );
+  let validCert = constructCertFromFile(
+    "test_cert_storage_direct/valid-cert.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-10-28T00:00:00Z").getTime() / 1000,
+    false,
+    "skynew.jp",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  let revokedCertIssuer = constructCertFromFile(
+    "test_cert_storage_direct/revoked-cert-issuer.pem"
+  );
+  let revokedCert = constructCertFromFile(
+    "test_cert_storage_direct/revoked-cert.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "schunk-group.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage
new file mode 100644
index 0000000000..2bd13319e5
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage differ
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment
new file mode 100644
index 0000000000..aac0238188
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment
@@ -0,0 +1 @@
+
3)û«Õ¤:Óf£õv¬œ 0ИëðëyæQ±ýý�'ŽêŸïÕájfå¨é›à@(,v–~;ÕPÏ;Ò§mºÝÚ�bØgåt (M‡T³ÕNTbkÕÚ $
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter
new file mode 100644
index 0000000000..34ced4b840
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter differ
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin
new file mode 100644
index 0000000000..d96571f128
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin differ
diff --git a/security/manager/ssl/tests/unit/test_cert_trust.js b/security/manager/ssl/tests/unit/test_cert_trust.js
new file mode 100644
index 0000000000..45ff78a253
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust.js
@@ -0,0 +1,324 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function load_cert(cert_name, trust_string) {
+  let cert_filename = cert_name + ".pem";
+  return addCertFromFile(
+    certdb,
+    "test_cert_trust/" + cert_filename,
+    trust_string
+  );
+}
+
+function setup_basic_trusts(ca_cert, int_cert) {
+  certdb.setCertTrust(
+    ca_cert,
+    Ci.nsIX509Cert.CA_CERT,
+    Ci.nsIX509CertDB.TRUSTED_SSL | Ci.nsIX509CertDB.TRUSTED_EMAIL
+  );
+
+  certdb.setCertTrust(int_cert, Ci.nsIX509Cert.CA_CERT, 0);
+}
+
+async function test_ca_distrust(ee_cert, cert_to_modify_trust, isRootCA) {
+  // On reset most usages are successful
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_CA_CERT_INVALID,
+    certificateUsageSSLCA
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailRecipient
+  );
+
+  // Test of active distrust. No usage should pass.
+  setCertTrust(cert_to_modify_trust, "p,p,p");
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageSSLServer
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_CA_CERT_INVALID,
+    certificateUsageSSLCA
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageEmailRecipient
+  );
+
+  // Trust set to T  -  trusted CA to issue client certs, where client cert is
+  // usageSSLClient.
+  setCertTrust(cert_to_modify_trust, "T,T,T");
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+
+  // XXX(Bug 982340)
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageSSLClient
+  );
+
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_CA_CERT_INVALID,
+    certificateUsageSSLCA
+  );
+
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageEmailRecipient
+  );
+
+  // Now tests on the SSL trust bit
+  setCertTrust(cert_to_modify_trust, "p,C,C");
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageSSLServer
+  );
+
+  // XXX(Bug 982340)
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_CA_CERT_INVALID,
+    certificateUsageSSLCA
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailRecipient
+  );
+
+  // Inherited trust SSL
+  setCertTrust(cert_to_modify_trust, ",C,C");
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  // XXX(Bug 982340)
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_CA_CERT_INVALID,
+    certificateUsageSSLCA
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailRecipient
+  );
+
+  // Now tests on the EMAIL trust bit
+  setCertTrust(cert_to_modify_trust, "C,p,C");
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_CA_CERT_INVALID,
+    certificateUsageSSLCA
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_UNTRUSTED_ISSUER,
+    certificateUsageEmailRecipient
+  );
+
+  // inherited EMAIL Trust
+  setCertTrust(cert_to_modify_trust, "C,,C");
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    SEC_ERROR_CA_CERT_INVALID,
+    certificateUsageSSLCA
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    isRootCA ? SEC_ERROR_UNKNOWN_ISSUER : PRErrorCodeSuccess,
+    certificateUsageEmailRecipient
+  );
+}
+
+add_task(async function () {
+  let certList = ["ca", "int", "ee"];
+  let loadedCerts = [];
+  for (let certName of certList) {
+    loadedCerts.push(load_cert(certName, ",,"));
+  }
+
+  let ca_cert = loadedCerts[0];
+  notEqual(ca_cert, null, "CA cert should have successfully loaded");
+  let int_cert = loadedCerts[1];
+  notEqual(int_cert, null, "Intermediate cert should have successfully loaded");
+  let ee_cert = loadedCerts[2];
+  notEqual(ee_cert, null, "EE cert should have successfully loaded");
+
+  setup_basic_trusts(ca_cert, int_cert);
+  await test_ca_distrust(ee_cert, ca_cert, true);
+
+  setup_basic_trusts(ca_cert, int_cert);
+  await test_ca_distrust(ee_cert, int_cert, false);
+
+  // Reset trust to default ("inherit trust")
+  setCertTrust(ca_cert, ",,");
+  setCertTrust(int_cert, ",,");
+
+  // End-entities can be trust anchors for interoperability with users who
+  // prefer not to build a hierarchy and instead directly trust a particular
+  // server certificate.
+  setCertTrust(ee_cert, "CTu,CTu,CTu");
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLClient
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailSigner
+  );
+  await checkCertErrorGeneric(
+    certdb,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageEmailRecipient
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem
new file mode 100644
index 0000000000..54b436cdab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUbd6irDfViDg0hGYGrBFpSOiAgmswDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBa/UJSVAkS4R5UUprUZ+VETh+G
+TbLf+xbhyhpXn39i7Rk0/U7IelYJN3qalF3eIL7ab4qij3jWLrdOJz1ERkxVWXeX
+a9rjQC7nQQqnOrdcEPvq297cHuwtKb+jTTKDI4ATy7UVeE3DDW6VWewmAz8VA7FH
+SxAwdLWgqKzAqLEhhrg6l0JtpDmCfoBZ5yVA9gPdcSouaQ+6WnL0TFmNtriZPZI5
+Sq7Ua1aM1X/Ca3kQLo1DD06lgR7bJbjH+2j0uRYbB7NeB5aeYYnnxRdXcbXtM2Wl
+dPg/8WETAK3hjbaY0Xq5UFP9tLkLbq3a1lew5BEz9xFz7P+offg8hSAONOZu
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec
new file mode 100644
index 0000000000..d809dbd635
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem
new file mode 100644
index 0000000000..82e6a30f34
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcqgAwIBAgIUMdajt4X/9IBhgxXiQsm9Bu84o80wDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozUwMzAxBgNVHSUEKjAoBggrBgEF
+BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDAzANBgkqhkiG9w0BAQsF
+AAOCAQEAA7nG4h3CGUtm2eS08c0e+mROnPPpkOMaOS0McOFIDOamQlKtxuzl6md7
+CmZtQfckTwVxy8KaEtVhcJ5Dj4w+HJJ2uwun8PspBkgEaVJAMxhm8CAOBHO72vee
+1WU1K2lxcGz1tTFzyvGi7b+frWWaeoTM4/4qUQkKEBTbJannKqmKSHdawNNeJ7XB
+yxyO+Pf5JlWMDpSoFY3IEG2j01ALdWcI4T63TFLB0lEmuMRGZ6o2EnNOFvg2bDkg
++peiKONSzIVqiVHkJjgMDGOdXfeei2pFyQz+1ESWYl3+LuxHbxXauyKV5tAjXL8n
+RbN+Ds8/8RpSFhDOTRLVCVrQiFqNag==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec
new file mode 100644
index 0000000000..9666c18062
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:ee
+extension:extKeyUsage:serverAuth,clientAuth,emailProtection,codeSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem b/security/manager/ssl/tests/unit/test_cert_trust/int.pem
new file mode 100644
index 0000000000..f12ebf91fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbKgAwIBAgIUS7UFd8kviZT6AzkUw+zBza2WxxcwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDjEMMAoGA1UEAwwDaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsG
+A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAXr6DXGOqX+xkzyNm1YZc+wtm
+6yFQo2jgeCMxgOv4j07wEEgGPP4adgyHjAhqTtYNbdBCuPtEbMInVRHdJooWNGk7
+MeoyTmJLlEJlnzVHdCUDi0mb+E7w2vVWNeirXnUSBN8qStok8vNoHJDT7pX3QEQs
+zRRNHw5qs/xxZKxzxeBiljYlh1d1zVgqNWTx9LP5IOEKOQ9OzxpzsCpJtPZRxh/d
+gip6TZT9srCndY2jCFUEYdSFRWOjsb6ni9TGC2o4SUxxJvC8jmrLjgGqPGNdTMiX
+DOxuAjt1gue4kqK6r6nMqxOZ04TEe0c/M5+hF4dhQaxqga6vvGBl0oF2QMxXGA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec
new file mode 100644
index 0000000000..a7f6d81419
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_utf8.js b/security/manager/ssl/tests/unit/test_cert_utf8.js
new file mode 100644
index 0000000000..caeddd8158
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_utf8.js
@@ -0,0 +1,79 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function run_test() {
+  // This certificate has a number of placeholder byte sequences that we can
+  // replace with invalid UTF-8 to ensure that we handle these cases safely.
+  let certificateToAlterFile = do_get_file(
+    "test_cert_utf8/certificateToAlter.pem",
+    false
+  );
+  let certificateBytesToAlter = atob(
+    pemToBase64(readFile(certificateToAlterFile))
+  );
+  testUTF8InField("issuerName", "ISSUER CN", certificateBytesToAlter);
+  testUTF8InField("issuerOrganization", "ISSUER O", certificateBytesToAlter);
+  testUTF8InField(
+    "issuerOrganizationUnit",
+    "ISSUER OU",
+    certificateBytesToAlter
+  );
+  testUTF8InField("issuerCommonName", "ISSUER CN", certificateBytesToAlter);
+  testUTF8InField("organization", "SUBJECT O", certificateBytesToAlter);
+  testUTF8InField("organizationalUnit", "SUBJECT OU", certificateBytesToAlter);
+  testUTF8InField("subjectName", "SUBJECT CN", certificateBytesToAlter);
+  testUTF8InField("displayName", "SUBJECT CN", certificateBytesToAlter);
+  testUTF8InField("commonName", "SUBJECT CN", certificateBytesToAlter);
+  testUTF8InField(
+    "emailAddress",
+    "SUBJECT EMAILADDRESS",
+    certificateBytesToAlter
+  );
+}
+
+// Every (issuer, serial number) pair must be unique. If NSS ever encounters two
+// different (in terms of encoding) certificates with the same values for this
+// pair, it will refuse to import it (even as a temporary certificate). Since
+// we're creating a number of different certificates, we need to ensure this
+// pair is always unique. The easiest way to do this is to change the issuer
+// distinguished name each time. To make sure this doesn't introduce additional
+// UTF8 issues, always use a printable ASCII value.
+var gUniqueIssuerCounter = 32;
+
+function testUTF8InField(field, replacementPrefix, certificateBytesToAlter) {
+  let toReplace = `${replacementPrefix} REPLACE ME`;
+  let replacement = "";
+  for (let i = 0; i < toReplace.length; i++) {
+    replacement += "\xEB";
+  }
+  let bytes = certificateBytesToAlter.replace(toReplace, replacement);
+  let uniqueIssuerReplacement =
+    "ALWAYS MAKE ME UNIQU" + String.fromCharCode(gUniqueIssuerCounter);
+  bytes = bytes.replace("ALWAYS MAKE ME UNIQUE", uniqueIssuerReplacement);
+  ok(
+    gUniqueIssuerCounter < 127,
+    "should have enough ASCII replacements to make a unique issuer DN"
+  );
+  gUniqueIssuerCounter++;
+  let cert = gCertDB.constructX509(stringToArray(bytes));
+  notEqual(cert[field], null, `accessing nsIX509Cert.${field} shouldn't fail`);
+  notEqual(
+    cert.getEmailAddresses(),
+    null,
+    "calling nsIX509Cert.getEmailAddresses() shouldn't assert"
+  );
+  ok(
+    !cert.containsEmailAddress("test@test.test"),
+    "calling nsIX509Cert.containsEmailAddress() shouldn't assert"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem b/security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem
new file mode 100644
index 0000000000..344858e1fe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIUBd/A9SPEdfUGTxKTRoSskwSi2UYwDQYJKoZIhvcNAQEL
+BQAwfDEcMBoGA1UECgwTSVNTVUVSIE8gUkVQTEFDRSBNRTEdMBsGA1UECwwUSVNT
+VUVSIE9VIFJFUExBQ0UgTUUxHTAbBgNVBAMMFElTU1VFUiBDTiBSRVBMQUNFIE1F
+MR4wHAYDVQQHDBVBTFdBWVMgTUFLRSBNRSBVTklRVUUwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowgY8xHTAbBgNVBAoMFFNVQkpFQ1QgTyBSRVBM
+QUNFIE1FMR4wHAYDVQQLDBVTVUJKRUNUIE9VIFJFUExBQ0UgTUUxHjAcBgNVBAMM
+FVNVQkpFQ1QgQ04gUkVQTEFDRSBNRTEuMCwGCSqGSIb3DQEJARYfU1VCSkVDVCBF
+TUFJTEFERFJFU1MgUkVQTEFDRSBNRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNRME8wTQYDVR0RBEYwRIIeU1VC
+SkVDVCBBTFQgRE5TTkFNRSBSRVBMQUNFIE1FgSJTVUJKRUNUIEFMVCBSRkM4MjJA
+TkFNRSBSRVBMQUNFIE1FMA0GCSqGSIb3DQEBCwUAA4IBAQAKUSa8BdHwFUeuwcIx
+zjUMm3VfByLFQ1bGMPzH8oZ2iYPEuna+2yWgMt1PyqKlRu6LUFbxDhS1zyNdHmTE
+IgZ5L7AqA92pi1NNHJdMPJx5Pm2S0YzvTGoJMiU+btqykWq1YA4qviVFJC41V7mF
+ykgLl31W+5EOT6H3kPwFOa80s5u7PdtNZ18M9rRX36fP1W3vBLd9QUlEyKlJBwNf
++bLIQF8LbG4R5DbvinZufeMa6CQLQI1eot9WzBYddIzJVVJy04RBiCnZhZjdow1t
+j3daswBkJDX0kEPlW707yXHrLQhlI8imTYrEXCO0u9+n1NmRqD0eNhNEqdjAAgpC
+5PAD
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem.certspec b/security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem.certspec
new file mode 100644
index 0000000000..6579ac5550
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_utf8/certificateToAlter.pem.certspec
@@ -0,0 +1,3 @@
+issuer:/O=ISSUER O REPLACE ME/OU=ISSUER OU REPLACE ME/CN=ISSUER CN REPLACE ME/L=ALWAYS MAKE ME UNIQUE
+subject:/O=SUBJECT O REPLACE ME/OU=SUBJECT OU REPLACE ME/CN=SUBJECT CN REPLACE ME/emailAddress=SUBJECT EMAILADDRESS REPLACE ME
+extension:subjectAlternativeName:SUBJECT ALT DNSNAME REPLACE ME,SUBJECT ALT RFC822@NAME REPLACE ME
diff --git a/security/manager/ssl/tests/unit/test_cert_version.js b/security/manager/ssl/tests/unit/test_cert_version.js
new file mode 100644
index 0000000000..5bf8dd180f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version.js
@@ -0,0 +1,304 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests the interaction between the basic constraints extension and the
+// certificate version field. In general, the testcases consist of verifying
+// certificate chains of the form:
+//
+// end-entity (issued by) intermediate (issued by) trusted X509v3 root
+//
+// where the intermediate is one of X509 v1, v2, v3, or v4, and either does or
+// does not have the basic constraints extension. If it has the extension, it
+// either does or does not specify that it is a CA.
+//
+// To test cases where the trust anchor has a different version and/or does or
+// does not have the basic constraint extension, there are testcases where the
+// intermediate is trusted as an anchor and the verification is repeated.
+// (Loading a certificate with trust "CTu,," means that it is a trust anchor
+// for SSL. Loading a certificate with trust ",," means that it inherits its
+// trust.)
+//
+// There are also testcases for end-entities issued by a trusted X509v3 root
+// where the end-entities similarly cover the range of versions and basic
+// constraint extensions.
+//
+// Finally, there are testcases for self-signed certificates that, again, cover
+// the range of versions and basic constraint extensions.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_cert_version/" + certName + ".pem");
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(
+    certdb,
+    "test_cert_version/" + certName + ".pem",
+    trustString
+  );
+}
+
+function checkEndEntity(cert, expectedResult) {
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    expectedResult,
+    certificateUsageSSLServer
+  );
+}
+
+function checkIntermediate(cert, expectedResult) {
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    expectedResult,
+    certificateUsageSSLCA
+  );
+}
+
+add_task(async function () {
+  loadCertWithTrust("ca", "CTu,,");
+
+  // Section for CAs lacking the basicConstraints extension entirely:
+  loadCertWithTrust("int-v1-noBC_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v1-noBC_ca"),
+    MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v1-noBC"),
+    MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA
+  );
+  // A v1 certificate with no basicConstraints extension may issue certificates
+  // if it is a trust anchor.
+  loadCertWithTrust("int-v1-noBC_ca", "CTu,,");
+  await checkIntermediate(certFromFile("int-v1-noBC_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v1-noBC"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v2-noBC_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v2-noBC_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v2-noBC"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  loadCertWithTrust("int-v2-noBC_ca", "CTu,,");
+  await checkIntermediate(
+    certFromFile("int-v2-noBC_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v2-noBC"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  loadCertWithTrust("int-v3-noBC_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v3-noBC_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v3-noBC"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  loadCertWithTrust("int-v3-noBC_ca", "CTu,,");
+  await checkIntermediate(
+    certFromFile("int-v3-noBC_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v3-noBC"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  loadCertWithTrust("int-v4-noBC_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v4-noBC_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v4-noBC"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  loadCertWithTrust("int-v4-noBC_ca", "CTu,,");
+  await checkIntermediate(
+    certFromFile("int-v4-noBC_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v4-noBC"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  // Section for CAs with basicConstraints not specifying cA:
+  loadCertWithTrust("int-v1-BC-not-cA_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v1-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v1-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  loadCertWithTrust("int-v1-BC-not-cA_ca", "CTu,,");
+  await checkIntermediate(
+    certFromFile("int-v1-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v1-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  loadCertWithTrust("int-v2-BC-not-cA_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v2-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v2-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  loadCertWithTrust("int-v2-BC-not-cA_ca", "CTu,,");
+  await checkIntermediate(
+    certFromFile("int-v2-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v2-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  loadCertWithTrust("int-v3-BC-not-cA_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v3-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v3-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  loadCertWithTrust("int-v3-BC-not-cA_ca", "CTu,,");
+  await checkIntermediate(
+    certFromFile("int-v3-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v3-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  loadCertWithTrust("int-v4-BC-not-cA_ca", ",,");
+  await checkIntermediate(
+    certFromFile("int-v4-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v4-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  loadCertWithTrust("int-v4-BC-not-cA_ca", "CTu,,");
+  await checkIntermediate(
+    certFromFile("int-v4-BC-not-cA_ca"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+  await checkEndEntity(
+    certFromFile("ee_int-v4-BC-not-cA"),
+    SEC_ERROR_CA_CERT_INVALID
+  );
+
+  // Section for CAs with basicConstraints specifying cA:
+  loadCertWithTrust("int-v1-BC-cA_ca", ",,");
+  await checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v1-BC-cA_ca", "CTu,,");
+  await checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v2-BC-cA_ca", ",,");
+  await checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v2-BC-cA_ca", "CTu,,");
+  await checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v3-BC-cA_ca", ",,");
+  await checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v3-BC-cA_ca", "CTu,,");
+  await checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v4-BC-cA_ca", ",,");
+  await checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v4-BC-cA_ca", "CTu,,");
+  await checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess);
+
+  // Section for end-entity certificates with various basicConstraints:
+  await checkEndEntity(certFromFile("ee-v1-noBC_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee-v2-noBC_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee-v3-noBC_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee-v4-noBC_ca"), PRErrorCodeSuccess);
+
+  await checkEndEntity(certFromFile("ee-v1-BC-not-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee-v2-BC-not-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee-v3-BC-not-cA_ca"), PRErrorCodeSuccess);
+  await checkEndEntity(certFromFile("ee-v4-BC-not-cA_ca"), PRErrorCodeSuccess);
+
+  await checkEndEntity(
+    certFromFile("ee-v1-BC-cA_ca"),
+    MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
+  );
+  await checkEndEntity(
+    certFromFile("ee-v2-BC-cA_ca"),
+    MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
+  );
+  await checkEndEntity(
+    certFromFile("ee-v3-BC-cA_ca"),
+    MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
+  );
+  await checkEndEntity(
+    certFromFile("ee-v4-BC-cA_ca"),
+    MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
+  );
+
+  // Section for self-signed certificates:
+  await checkEndEntity(certFromFile("ss-v1-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  await checkEndEntity(certFromFile("ss-v2-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  await checkEndEntity(certFromFile("ss-v3-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  await checkEndEntity(certFromFile("ss-v4-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+
+  await checkEndEntity(
+    certFromFile("ss-v1-BC-not-cA"),
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  await checkEndEntity(
+    certFromFile("ss-v2-BC-not-cA"),
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  await checkEndEntity(
+    certFromFile("ss-v3-BC-not-cA"),
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  await checkEndEntity(
+    certFromFile("ss-v4-BC-not-cA"),
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+
+  await checkEndEntity(certFromFile("ss-v1-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  await checkEndEntity(certFromFile("ss-v2-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  await checkEndEntity(certFromFile("ss-v3-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  await checkEndEntity(certFromFile("ss-v4-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ca.pem
new file mode 100644
index 0000000000..e640e32bbf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUR09v04QlrQMgLL9A9x5Lis3g49EwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBYoi35Dp3gNfLJAi4Gk2GwxCie
+kk5hUcWiM7wAttc1NTH3PU7lzcnmkL4Fn0urD8DpYr17Fzd3LMvPTcvc/fHgl2R9
+uxXEvS38SCuAq8gfEraHy9m7w+J11SBA8PsnZqNJSDdGblAjNXbv3yeAIjI22+rE
++gUEd+62kObnUYoPC6tX/kq7uJU1h10jjoR1nYrghij6yRM5ozeqbl/AEam1YgnU
+RZWRSnsP5g2QDrpwlpOxAQZxpwW2KYk+Jr1uFROsbn/cUbMRLg8pwAw3DasmIJlS
+31oldY5nuSACsBWcJW1Cck5h2+PJqT9SfP9AqtPWF1BMUjC4xiCV0W3NVKLf
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec
new file mode 100644
index 0000000000..8689ef9ea1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem
new file mode 100644
index 0000000000..f5ba3ee376
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAagCFC+ZWtAQE8lVz0D4wb40yUfGwCkNMA0GCSqGSIb3DQEBCwUAMA0x
+CzAJBgNVBAMMAmNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBYxFDASBgNVBAMMC2VlLXYxLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQAcgP1lvoA0169HURGT56n+WBBbjkGXuH5cmkhg
+BHZxU8AsonQl5T+IXRWNT/iyWVNlfvYTOZeWga5G42tvQxYsJ3nOg4Tg16b+Ny7p
++F9QFv/ggvVdiV9EF9ofy+0gY8Kp6h7sIfjqqjkRUquPkuFmsucYbpKHV66XB0z3
+VKHwZxBWkOgmHOeCuY8+7eVrhntDOuLD5SHwN/NPBQy0CLppN0T9rPJ8rMZ4BGsk
+NCakLrw2hISVBajKmcFtdEYPZ65PCuJI24ziDPhGlc2lTkjocf8Ixg4V881Lqy3x
+rWkR5qu1OoMM6oWzXw+0YunB8bRuP4/tBJDVpvu6xBqkgGKv
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..4570e6e3ff
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v1-BC-cA
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..9815e5e13c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAakCFCXWLDfdUshis2BR2AOx1Wx0Pe4/MA0GCSqGSIb3DQEBCwUAMA0x
+CzAJBgNVBAMMAmNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBoxGDAWBgNVBAMMD2VlLXYxLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMNMAswCQYDVR0TBAIw
+ADANBgkqhkiG9w0BAQsFAAOCAQEAmOBNxj3ggsPlL425Fdsnlwg9xe+YGYrQ+qDx
+gXgQypAf9+A6PzJde3x0todPYShaItrpUkkqq+65y3PFQ5/Cx4JTSuLZowx1US3D
+TVCTr8zPkx44+pFsPpVo/H46ntgTdJzeGxy4CLwRuzfCwE7xDXu4RGWG6HJ0H4H0
+BQQQoY+PZwjQKzV8ac+mO7zXxEA9KG+J0whj89x6Ps31Oj5wsQb6mt5M1KzihzLe
+yJMc2J/d0xj0NN/mxjFyeu2gg5efJgByZgCs1oGImlvrV8mll6zNazGwIzAEjOv7
+qFlzeX8fnowEZkYjt655nzH6qV51D5Ml2KPanMUdwXwttsgJ9w==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..f4257841fe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v1-BC-not-cA
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem
new file mode 100644
index 0000000000..276596cf8f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrTCCAZUCFDfaJVmc86Op+Njp91sQs3VibqnjMA0GCSqGSIb3DQEBCwUAMA0x
+CzAJBgNVBAMMAmNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBUxEzARBgNVBAMMCmVlLXYxLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
+AKNZOtDY6VR1afUmrbxsYNmSlbJfDH1Wf1yW1mGlEaaAt+2jCwq4XQe+WydH+XNY
+1hF6qB8Dfv6BjHtz3mDlEurO8OQLzbEsCjoHTsC2k7xBX5AqjgLOd7VXTw+nkWpl
+KS16AGoFwWwJoRiqvRIN7QmrL4+VTy9qiMjW/xQZpJRjgclghsyD1ftuS8MO6CFA
+Xl8H10FX+iLrQ1vVZEpFvawJsaPqpP1Q/aaUbuVFOdl9FdO/AoYg9T4OoNMuVAri
+1EdM0PJ2fLuBZEfGu0Xzfx3DQMGTGY3b+rbXXsAvKDY7Lz2uH3QQ3dV8u/A/ziXR
+4CuNiCfPf9ln9nYZryvPhTo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..48fe9e5416
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v1-noBC
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem
new file mode 100644
index 0000000000..d0f8108576
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa2gAwIBAQIUSfJg0GeqJHFEX50dYSwtSQ3bMKowDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLZWUtdjItQkMtY0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+oYLQRft2MQcjzbocFjcHuOtGLN2zd
+h/VRTr6kdHVUlTWGxPAlbbMQebdqxrkOs7z7AUdXND4ByKTtNEuQPr+wXwwXSTE3
+iYjViklkaO/90FwPXCY0cKPP3Wlr+dU//+ae8MHxUgITiz1pSaCxpn+aWNuT0YEh
+OyPHJp604kUXsaS/tnh9Gs+PcUnbzDdajbsCgKHoxtjMJWvYzr7AbHxmZdNJj5+s
+oayWjkj57NlX3fSRPLwcLoLanp7stBFXQuYdUdHBxPo4NJvCePu+qX9dKRfs8iOh
+QX/C7/hznhGYCmr+bwA5vDP2/hlaXVY3Y86QVtSxjfzAR8FipCk7Csw=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..f714725d2b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v2-BC-cA
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..70137183e2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAQIUDxDa2ifUgdQYpJ8MdfEeYRaJsdMwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGjEYMBYGA1UEAwwPZWUtdjItQkMtbm90LWNBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow0wCzAJBgNV
+HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCddjVLxryXnecJPMqSm0jUBYLnM+AK
+Rq6/2mzN4RpEVWZp6GNnWYzmONMwJ6wtGVgARfg0FuBONBzNtHxpdLcbia6wajf0
+/A9FZ2IA6TmEDt9iBQQYphczJquzzrPU1ST472ueH9ugSWm6CV2a8tWZTqpADewy
+waivrK76PCatnMHWZy+h0QlMStf5j9mvEXydnDVZtyqH28THAHOfTyseEBdkl+VI
+rJ/mnuK6toyJRJOEajDPfhJveAu8Xc139qWrC79P9Tp82eqNLZxfIEBh20eNYxSk
+PFkDwGE+pmEQEpGuIrFBR/e2vZTQJ6OTNhWxG8JriY58UlIQ1kACWw7y
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..db72288814
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v2-BC-not-cA
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem
new file mode 100644
index 0000000000..f2c644ce6f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAQIUXbeigSj410bH6jRhgrqYja0GpzowDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFTETMBEGA1UEAwwKZWUtdjItbm9CQzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAuDsqRa2nVMQ97V4Tf2WevBu+k7ZhcIaW68a5tlKLEKhx6/eGSSGeij4m
+OeBOyFOr885Y/Kkhd+aHEefJV61HcgHYNDkRAcEFg6WRDwoto3u06wlqDt4hWr5x
+I/gRPudZ702Mw4trcwXljvm8lKYOL1O79Ic9kbqpCoIdFRbf2n+mMwqf/z17Lis/
+TSQTmYwO4lMDqv2XJ4a+DAyCItLvlAUsWukWEyHY9RUaKS+flqwLB6w5nkM8enI0
+oiqxEeSgn0DwnSEyLzb8bjybErM+qnDjmRPXN/w9lkpzs6LhhP+YY1eUhlw7JRJO
+EHESM9OVGl3i60Ed9U2vNPgwqciqbw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..cc304ab87e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v2-noBC
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem
new file mode 100644
index 0000000000..8b9056a167
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa2gAwIBAgIUc98+jTM4qNvfdiHHTt3xeTnklo0wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLZWUtdjMtQkMtY0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGPnZLZtuRfQew8WQGlkkLGRBVLTqudE
+eGIVRcAMToZ8clV5nFTRJd8TDPJtEnJq7JuVzKXwYyibfd1jGixewFSs1NVZqshN
+Twx+FSQCoWNTrH1g09hhJDKDYZAIl940Jfp3tI9dmLDAT6eJK7MtfocJcnfJT++X
+6OXE9CzwA+jNoqEhPXjmPa41SMpAgr0lLviONqy0sUjUy6Wwd/Awi3BsV7pgkInb
+59hTTWaxwsIVXr8d5uXvxNvXiTFRmxAsF4EgF/OR413gel2cR8ERy4GLp7y044AE
+7NaFQoeto9yW3IpYr3fvmyYbMLPXdQcv7OPvolLgN9756qU73BaYhwA=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..6f69c35743
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v3-BC-cA
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..c909ceae66
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAgIUZbMh4u0fW5ML6yh8z8pbXjOe1VEwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGjEYMBYGA1UEAwwPZWUtdjMtQkMtbm90LWNBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow0wCzAJBgNV
+HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCYkQCEZnA8CNk3m3GRWOmmfSHggAEg
+DPhdb/lD5HPuwk7mZvlmVWuLzL7KkbNe71lGcDxH9/az8loi/3F+qPtTAQm0dIv6
++PMeJ9M81FrrL9QOlt1g6oD2H3CpeBmPXTZhw8BrY8G5vOazqng8BHv5HhDu64U2
+tG0uCynb/9DP0JyZykV9l8r8c4Tsz2xFAMfbowricN3kNoeV0WLY9NL7T3iBa22+
+mSVUVfVb6JgX59hkupfq6ykSWy90aHpHvOYGvnxAp+r31ddwGAix9FyebSNNQn80
+YfMR6qlPWwTqe5nVGqEdQ4fTg+qC93OqWtcDJrXshB3j415ubudwKN59
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..4a9de06358
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v3-BC-not-cA
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem
new file mode 100644
index 0000000000..b5c0319790
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAgIUAQDoVGw+r6lNT2b+jJm2+epsWHcwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFTETMBEGA1UEAwwKZWUtdjMtbm9CQzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAGpZrWuH+x+qgSsl+EtFBQ6dlKN1w481HZlxA9UEXLqcV4ePHpdu0gb2p
+nIlDxJDCIbPmsmh2NkiwrxtW+UO7Gee2qSJx+HzTbDU4Zf61AdzrSLy7UXeAa/Db
+HoVqGZ6SY7HRfUZSwHhNjUhxemp7b98HCQWn8lIvkcDrkXRpaQUWd1slyEA3VNem
+EXVbjybmuoO60Xka65CSSg3B8+UY/fhYONh6UvpyWLc5N+qoMEywqvSCB8vNPcmw
+fVr8AFzvWQ0XKT5YxUtPZvAcreC0lUZXIF41us5JVbx7eX9GU5/viguxOUTj5W4B
+jyLS9tyap1ysIq3sPPlXW7S1i1pmXA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..9d385900f0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v3-noBC
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem
new file mode 100644
index 0000000000..d780e80fcd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa2gAwIBAwIUCd37312Tb5EZpix3723WyR6xMJUwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLZWUtdjQtQkMtY0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBALC4++IlQxFJcpwHvCdfQ7DjwM579Sn2
+/QRXYfA4UnHWzx5GCggoMPnyvI70hbYXNZvsOg4fkk/wY4vLYblGPYY3NRB51DAr
+2udwFlqnMhHLwzGntRWb7Fvnug0f9GCjD6+CI8sfamlTBg33JDT/LQUB0+7Pwih7
+6kxSr+D4TXxDZkCcn+imjA2y6t90jl09Gyaxj2fGya1Tz3O4F2dhUlhD+Z1VyGSO
+WeMCDMJq0HlHymc2C9NJa+l8mxP3ZhAhCkquz98l9iNi8feKET3Mor1QkZQrw4iX
+EztBsqyMP7TZJrzgzNVQgdM67gj670qOOlYDG0fftJkPhvwUtUzGJIQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..1f44c1dd27
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v4-BC-cA
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..580730ead1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAa6gAwIBAwIUf14/9bHAT4wfeg67o/l7Z6hx1RIwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGjEYMBYGA1UEAwwPZWUtdjQtQkMtbm90LWNBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow0wCzAJBgNV
+HRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBa8RvfZI03C2soSzVOamYtjem/rQ9c
+sCUr5b/twKBFUxFWPPeM+zQbLjKwCVMKfhOrBddqxiWtBEXoeDgGN4Hz7dYtedQY
+yZXrBHFx8NTkP1hu7ZLH6/Wmq8pIY1clVkCW9BaN/VrooivYDVT9FAQ3Olmb7ndY
+WpG/HAJtvLI0IvFq4AzMXa0zJJFOzWd+zeYFkizdEIeWTd9blb70czeru3hf5NwO
+zxE4bsKgWXO9hRaJwdb6STlit2BVtx8mMOibJn852IZ0tECKRGlTLJSC2Pz2kk67
+dqRTLC4ys09cGT/wQbE9nBYqdRD46LeSYnxBLlPaJZ8tJ3p82VK8I+ob
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..e9659153e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v4-BC-not-cA
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem
new file mode 100644
index 0000000000..685d2da6b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAwIUaR0hFbbBz1XsN9CW31yoUhYk7k0wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFTETMBEGA1UEAwwKZWUtdjQtbm9CQzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAcWHh1vTXippkY8F4flCD4/4S7e6X0hr/WKPPpQGWKMDUyTBp5bvlSlJo
+CQnceIqJ7PW48tEhSv7XjCFYAtrJaN+I5ttP+RvhWk7CY8bZFH469PWMKiEZQrR7
+CJyk1LBX3zDRbRRweT8h0DuzqcHqFXE9J+DEfYue/Y0ZMlly3u9NAFiFj+etyrX7
+zm9cG3cc1AVbnQMC0tAyJnbepwj1QHDbxDGN1UBI9SlUW9FolPBJzgtNuLMiY/VX
+B8SfNGvTm5nvHGrL+tp0jp32ufCtwT/DGp4jasa4vG3gpD7l91SoIx3W0cKJuclB
+/dTVAfLtVNFvJWV6J5FdrHiPzufHNw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..19229ba766
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v4-noBC
+version:4
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem
new file mode 100644
index 0000000000..e7c3b79420
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIUVWOyeMgSib4O1LKG1AJMZEOfA5EwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMaW50LXYxLUJDLWNBMCIYDzIwMjExMTI3MDAwMDAwWhgP
+MjAyNDAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQBhWnPGcosA9XFiil1ODUfKcRa6J5Pp3R/n/tdp7XZFauH6q512f4wy
+23L0zJhhov7dJdnI+spAuXcsKR9rDFYximIGUSjYPoJmGTdemTW60ddF3DjLYZvf
+BJJQyZMn1zvlJE73G24vZK1FNP0u0zRQvKVPt3/OFwE906AysPk8waodm0fMjCgu
+rRWcX0HJcnYj+LCic8/hiNypu/z4eES136pkpzegh08fOS9NmTERXovIMOEGKLzq
+2nGX4qR/q78kbM1T79Qv0RAqz/BWTrrf3HOwtguQ4LqM8wRN4xeyEqfvzw2I5tSt
+pGJtVfIXSwWoC7oVw1rgRdPOmzVyXMI2
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec
new file mode 100644
index 0000000000..6a7dc5c436
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem
new file mode 100644
index 0000000000..41206cae7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaCgAwIBAgIUQxRBwJhxMEAFMa7BzkaZKbkhuoQwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQaW50LXYxLUJDLW5vdC1jQTAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAVNqzFe5ctks0XWw8TEF8pasaXlMvpB8KTAJAr2Qamo3eyS+r
+Sj9di81UA6ty83yKcUQgxaAcE+1K39vynS2/uMdOycbOLrfA/bEDqtTYxL86LvRS
+5nzbk1gfq2HfMt5Y1EpRAJ+loOKynLGnuJ07Q62unUtMf5G9BXKbkQ90s4tAhVh5
+EWTdV8Yj9loI1TqkjXMFGUAMhMh/dSvdbQib1z0ikJtGHmeIwbs6sZzLt+9IHABj
+xFBgjrveLBD5vKvGmno3BN3lqzlU+KaQ8HJmYRX1VP1sancFbGFWWhdJpcBPVRkV
+0uiOvCLHBfGA6TN1XhRwgMwSUr+1Qh36sov0jQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..639f83d660
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem
new file mode 100644
index 0000000000..31f154b29b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUSZxrSB1ASCb/9OLKTfbXvWhu8oMwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLaW50LXYxLW5vQkMwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAF2GVw1iaU9gHhCPgZVZlAOb6O5k507/xrT2SdYiRkFQaHfH9iL2l5aL
+tQ+gQNH4BY3fUyxIR0wOKR2WUiBKBFPzvgZYzdajTzd1Cwy8F4v4hvCkx8T9dY16
+UE0TRSM7M2D+UpelJ/c8k2EzbBdeeNs1LR1XEGqVFUoTb0voFVgPb4ZnpSw+36wc
+v2kZaZjxPJOkoNcif3kuGbp0RVZW9zG0LVfgsZTyfczWmMdpdVCXVdXe4cJ1wAxy
+kQUGPMjv6xUXMcawgOLvT7JmX+9hQFkqidP2oR7eU8bGX8Kc9mFtJEG3I+xmcig6
+TbgPEBsnRfM8KxHcZpnxeKsRAP3msoo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec
new file mode 100644
index 0000000000..d704f3086d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem
new file mode 100644
index 0000000000..3948a89f26
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIUU/Jvq3MSz1uQv7XntCtIuprX+bMwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMaW50LXYyLUJDLWNBMCIYDzIwMjExMTI3MDAwMDAwWhgP
+MjAyNDAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQBFv3t9QETpW/vJYCDwA6xAUS3h68J+0pwHhq/dVsart/cgsC8LzHhG
+bOJUKseHitl0gHjHiH50dkuzKzjH2bfrG8a+t3J46WnmxDEJP09viwRZYyxufSzt
+eX4+P+Z83ByRdqoIPFzd5ytWRo97oyZemNz3a3pU7bsbytYq2nIjCOAVAWxnIS2Z
+LPaQhEaQTeZ8hkHOlgQzAWAo5ncgVtmlgy4B6ObxDrHMMRG76rG96enCkrtxmqTm
+CjNyMC0Kim0q5rli6V7CV5hyF4V8/k+0uAeYFPboTHXOC7qY/1Kuer7BMejwEYOh
+uaYfipGohEbIYJGPgqf7wVFsZH+rsECZ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec
new file mode 100644
index 0000000000..5d3a65e650
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem
new file mode 100644
index 0000000000..b8161aa201
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaCgAwIBAgIUQ0aSCvyN3w9lBlcjtfY7MI+9znEwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQaW50LXYyLUJDLW5vdC1jQTAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAPFTPXlcnxZn3v2lA4XKkBMjgz6ofD2k3Q+9CBIPAQ8adsr2U
+k6J5bDHr0hZs3OTSjm4MvnkDPUXnz0TEaCkGPaMDJSm5Pc+QNz8mtFZ3LCU7kaXk
+eye/mgUyA6kzp9m+beI2bPFgs6yfNF1hJwmFLprfr8tAfhSRdG0Be1n2ZlxD5+JK
+m2VRUXuWfZk9zG2XEVH7aiIsdvsvP2LvisfpPVWG1UaMv+RytnGT3bwHB1qaTeEz
+QUriOWNRevenmHzRBAsepSUlNvejPrGh8kiGaQXA2TVUHMFxhn3nrG081cZnlBpB
+8MJmJXvgAciIbuOwA3EofUzjIgvRCbl6YoGIhw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..591a16aca0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem
new file mode 100644
index 0000000000..e1f66e9e51
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUX0FaQnSAZBS9om1VZNfOrAUkAe0wDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLaW50LXYyLW5vQkMwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAKwAvSfgc83j7dwYrrblbKrMEi/+XVeMuFNHnBh2HYvSInBbRA4Opflg
+EgGkh8X3X6cHemjTzNRqQAI1dsODNRgjigY1KJ3voiRWdasd4em/qBHtUr8yL3H2
+E8AAQKtHNzDimP5bYcf4ABibTVw9n6fRsmsP9WsQPafiyBOfqpu95ZBrc5xSCi/I
+z7QEO90pPoBmvmb0vDQnAZ2qrqXXRmMes+wDceWTQRz4aHErlmriyCbqI8jsFqDg
+IcuydsUzZXUxa9Jw2LAUEQ4uNnNXycOZrZYG3Y6EW9AmwkTT5mHGWdBlVVUfgPyy
+T7tC1iWYC10v6b2QqW6E5AlRjEMMa74=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec
new file mode 100644
index 0000000000..7f99393cf2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem
new file mode 100644
index 0000000000..6c037d9e29
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIUZ4+j89wGn7o9vFoh7xjDTNgsTikwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMaW50LXYzLUJDLWNBMCIYDzIwMjExMTI3MDAwMDAwWhgP
+MjAyNDAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQANK4s2ijXn8xh45oXq0QjgiWMF1QnA6egTC7uKlDk1BYHtW+hztq4i
+71dkmot4SOL6Qf7ar3HSmRl8HzFfD0uasf8uobH5zFfn9wImjs2k0ZFMl9rc2NVj
+adNi0fqZ6x6sAN49QAZzkwx9nwnUj7larBg7F0KYNEpQ3li44l7W9ZYR6A39pCmJ
+QSUOJLH2OZEelAn/Ys8gQBz6od6Csa3sYYZGxvzfe3XEsGGFKktZjJzlwrZq0wqn
+1hPXy9cj5LbwB28F1OuO9Xwqt2pNdNI6oMW0N/SnGL9bcJs6zH0HFO4o6oRtNUFn
+4uaz1Oxe4NjHmU1p3UEXwzuUs2eAOl9H
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec
new file mode 100644
index 0000000000..13af934f29
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem
new file mode 100644
index 0000000000..386d5a0b6a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaCgAwIBAgIUM0bo32+v9wg+ySb7JNgS9bNERjQwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQaW50LXYzLUJDLW5vdC1jQTAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAoZ1c9YGZvP5LfhC/PkgXr+ASbbfXpAs2ku/vLcVCx83/tf4H
+suQhyjyIJxwh73C4MvJLwhjhRN7wTbsGjcQdmFRsR4bFnFPSmtXbbkG9ZETo/fdX
+dRp8tOS73ZoqFNaO5f+9+CWFcMIE2WznMVruBXK3AfNZ2pxmT6hvYngpvoulHaab
+kTsAZhtGIlKZ50UgTfW9xo7vEREgFXU5aRptA20zjHC/jlzlrYA5FJNnT8Kb3h2d
+yVtan28mbtC8Chaytfhg/olwNyXmlugid1wZ1MyKq2aRXE4phvubhHhfVE19EQ7x
+0KAx2S5LmSIM6kPVX2A87G8asDPRIdE8JGq/OQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..8539715a03
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem
new file mode 100644
index 0000000000..e9a5dbc060
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUYwcJlTtvWVYPYl8zRS5OIB6KHyMwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLaW50LXYzLW5vQkMwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAAZLo88i5xTVqbh2Q0eIlYQ3U/2wiCEt31iTlWIBegfemPs47yZszm6Z
+H/TEl6pw4sBBUmRRD8R/kFwqruJ3I83m83XgVv8wV6rxgQy+l/7vgS+9aRzwJ4rE
+I+jsYxtrCab/rQB+1ExmLfLM+SlyBu+pwyrJrhMCxfQ3YXftWdJ/OnuHF7HOQSgO
+N9mskwjAiJLgZkW4ncsJ9yqlmCMSCL954P+gZP+a7vh7t52/+Ye3QgqrzdW4njGw
+RTVXZv9WT0nutkzz2UN1LXe2YPACVC15Z2jAx0NE+soF/cv7+ABLbNi3cJ4xT2ub
+NJpF2DU/rhqYqRCNXKthPm+/HgxuygA=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec
new file mode 100644
index 0000000000..a65e41cea5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem
new file mode 100644
index 0000000000..68597d3617
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIUJQnuCvzn6Cptf7mbf5euO8tqA6QwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMaW50LXY0LUJDLWNBMCIYDzIwMjExMTI3MDAwMDAwWhgP
+MjAyNDAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA2iunDwwbF7DjKjXfY8TagUVcuYRlM0aR0NOWDJht7HGQ165jGvlbD
+tGFiV8LCttQ7mHIkM5petJQOijZ/WOE+TBOPdwOlGKI7LK64Dx0jD+STXeR8funZ
+C9oxou7BQTguKsDL8e+Vx3CiduJ//82yCvoiSOWKZNt2/XzMJVkXe2zwqjWJ1mZy
+eFM1R+HhmeTiElWHylyNmZu1rMQEvM8cRVT9T07BkUwe/Q1YNC2pssg8zWvsXlJe
+uyEKxd+rtbxXfZ2Ca5K6zoc03Da92DF/ZYeA1rr2jLfWlekcUUWyytQ1tvFpXX28
+wB9+G2j4ghLch847KX6jFvLloB4XAUsZ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec
new file mode 100644
index 0000000000..35a3a9ff36
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem
new file mode 100644
index 0000000000..6459172a25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaCgAwIBAgIUP4CbTDW2dlD720iPom3sJdQk4i4wDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQaW50LXY0LUJDLW5vdC1jQTAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAADRGeHq/tJLPiJSuPdGLKRV06gwvSqynXeTGxuLouD37GAf0
+IH0JKP6zMKAo06am7YJxThwQSj+cdyEmR5fPcZXeJW25s05YP+CyY76J8Zevxu7I
+1E/lEPg9D0xOiwbN4LtlK8UXCCgkVJEkqqtcxaa2QNvUsdu9C4tpGz9NdYbfSFtu
+ItcfOH0mX0JqSwnYjaYys8FuP2xCTvCIY0iqUw3bJw8X5kvUrC/tOURl/vvAo5JE
+x/qqoJCZi8zYkF6FQ2ore2XH4WrovFRr0QHEO6iSPJwFFuBmHLBSZN+Qcb6lf0AY
+Im7gb1hJdEOqnICcEgwqRslVm6WduwjbrzQ9Nw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..7627d3a8a2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem
new file mode 100644
index 0000000000..e7ca4d52cb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIUMQUX3zZT021FdxR9n54rCz06Yq8wDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLaW50LXY0LW5vQkMwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAC4Z3DsSJU8p7V/8G++ImlrraGiZgr1ORJkDA3CpOkWkPftYlQoY+fvD
+1GoJs5kLnhrhhchOatRvWVR+/y6QZPV5SVNydDzPl+c7vVesxjnN2sQmekCt5olS
+GI/UnTCFUNUA1Tdsi8rYN9wHjJuhbq82+1kvxPBT69rJ7YxEvQYi9qiEj1/6k5n8
+QSMImyp4wvr2QXgO8PcfThZEq4f62jH/tqqkk4UhN839N+R5v7n12GcS+/OfArDT
+XNr2KxiSZoApP3gDrEU4HEcltszfkBxhc/fjvHLqJdJvVlbNeY4TJxXHOtCEuG1p
+hGLFa63QwhnIaYfHRn8G1Oy+H2SZepk=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec
new file mode 100644
index 0000000000..a780337539
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/generate.py b/security/manager/ssl/tests/unit/test_cert_version/generate.py
new file mode 100755
index 0000000000..2afaace3b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/generate.py
@@ -0,0 +1,93 @@
+#!/usr/bin/env python
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This file generates the certspec files for test_cert_version.js. The naming
+# convention for those files is generally of the form
+# "<subject-description>_<issuer-description>.pem.certspec". End-entity
+# certificates are generally called "ee". Intermediates are called
+# "int". The root CA is called "ca" and self-signed certificates are called
+# "ss".
+# In the case that the subject and issuer are the same, the redundant part is
+# not repeated.
+# If there is nothing particularly special about a certificate, it has no
+# description ("nothing particularly special" meaning the certificate is X509v3
+# and has or does not have the basic constraints extension as expected by where
+# it is in the hierarchy). Otherwise, the description includes its version and
+# details about the extension. If the extension is not present, the string
+# "noBC" is used. If it is present but the cA bit is not asserted, the string
+# "BC-not-cA" is used. If it is present with the cA bit asserted, the string
+# "BC-cA" is used.
+# For example, a v1 intermediate that does not have the extension that was
+# issued by the root CA has the name "int-v1-noBC_ca.pem.certspec".
+# A v4 end-entity that does have the extension but does not assert the cA bit
+# that was issued by the root CA has the name
+# "ee-v4-BC-not-cA_ca.pem.certspec".
+# An end-entity issued by a v3 intermediate with the extension that asserts the
+# cA bit has the name "ee_int-v3-BC-cA.pem.certspec".
+
+versions = {"v1": 1, "v2": 2, "v3": 3, "v4": 4}
+
+basicConstraintsTypes = {
+    "noBC": "",
+    "BC-not-cA": "extension:basicConstraints:,",
+    "BC-cA": "extension:basicConstraints:cA,",
+}
+
+
+def writeCertspec(issuer, subject, fields):
+    filename = "%s_%s.pem.certspec" % (subject, issuer)
+    if issuer == subject:
+        filename = "%s.pem.certspec" % subject
+    with open(filename, "w") as f:
+        f.write("issuer:%s\n" % issuer)
+        f.write("subject:%s\n" % subject)
+        for field in fields:
+            if len(field) > 0:
+                f.write("%s\n" % field)
+
+
+keyUsage = "extension:keyUsage:keyCertSign,cRLSign"
+basicConstraintsCA = "extension:basicConstraints:cA,"
+
+writeCertspec("ca", "ca", [keyUsage, basicConstraintsCA])
+
+for versionStr, versionVal in versions.iteritems():
+    # intermediates
+    versionText = "version:%s" % versionVal
+    for (
+        basicConstraintsType,
+        basicConstraintsExtension,
+    ) in basicConstraintsTypes.iteritems():
+        intermediateName = "int-%s-%s" % (versionStr, basicConstraintsType)
+        writeCertspec(
+            "ca", intermediateName, [keyUsage, versionText, basicConstraintsExtension]
+        )
+        writeCertspec(intermediateName, "ee", [])
+
+    # end-entities
+    versionText = "version:%s" % versionVal
+    for (
+        basicConstraintsType,
+        basicConstraintsExtension,
+    ) in basicConstraintsTypes.iteritems():
+        writeCertspec(
+            "ca",
+            "ee-%s-%s" % (versionStr, basicConstraintsType),
+            [versionText, basicConstraintsExtension],
+        )
+
+    # self-signed certificates
+    versionText = "version:%s" % versionVal
+    for (
+        basicConstraintsType,
+        basicConstraintsExtension,
+    ) in basicConstraintsTypes.iteritems():
+        selfSignedName = "ss-%s-%s" % (versionStr, basicConstraintsType)
+        writeCertspec(
+            selfSignedName, selfSignedName, [versionText, basicConstraintsExtension]
+        )
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem
new file mode 100644
index 0000000000..4713680eab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbYCFE/Qhor9ec3ELTS4N1BGKhj1nEShMA0GCSqGSIb3DQEBCwUAMA0x
+CzAJBgNVBAMMAmNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBcxFTATBgNVBAMMDGludC12MS1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQDAgEG
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJCQfexxdv7+4MqcTMOj
+1keHx0hdsqx6lvRPatw3YgAyuaT6ZPWLfFZk+LF5uK6CpkMY9v5Cq3x0Le42vQZH
+5ekERe6JA87bJuDgndHUAde7UKYb1JIdomBBISQjS1yP46asX2a9s7Tbaa6rLrRH
+CCvGI6Gk6KK8l9CMUuMqWb0TxoZosfhz+Wn+Jw/gthcZXjxc+cM2XRCUe6G+NNa1
+EtvEujaOBlzF+XMESgm9MSp3E4tc0uWHcp+K0sA2Cq1CtC/NULUS0RgdFKfE7sc4
+5a9MpamgJ/EiCOiwoNGVwd0CxJEforr8nsRBT5Wlbkla6Q4VjFlYjiqTJ1QSXoOr
+Spc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..77f3ae9147
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v1-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..d566d59e30
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbcCFDmurlX239tmJzMSwE2yWclnP/YTMA0GCSqGSIb3DQEBCwUAMA0x
+CzAJBgNVBAMMAmNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBsxGTAXBgNVBAMMEGludC12MS1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjGjAYMAsGA1UdDwQE
+AwIBBjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA2sZIPc4usxnbGoqze
+dBE+p3d+XcbH9gMfNBbmUl6XfKf+RZFcZuE7Jml1Uv+6Jd+nZdJDJaYJMPzbRRn6
+E8lTi7Ml5dCkmyRVJfmjuaec3IegrNcInau7ApNCidM6wPfcd+P7b3doh1qYD7l2
+NYOdNGik4yFqDgYVH7RghAYGKmJ1yvejqB0ulfNCJCXz2e+jxbgvMVm176wDxhi4
+yCmwvRWRi9byXpMmI6PqC2za4aZL3Ztb7uqyoa/CYEJQVZtS8OtDmpjru4bq9wlV
+RGhgg2zygpRsmBGim9LVIgWZVDehvJ8fP8cFsndVEQ03OrQohq827x2SkKoWurzU
+x1Qp
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..2a366535b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v1-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem
new file mode 100644
index 0000000000..2d63a43993
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAacCFFlMGtxn81zLZeWwYjryulK7jFX7MA0GCSqGSIb3DQEBCwUAMA0x
+CzAJBgNVBAMMAmNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBYxFDASBgNVBAMMC2ludC12MS1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBABIkDbeDGKocP3t3H8pcicHy57lHkPUqzOV5Qz4k
+K1py+SKGY7dn08rfts6L5GsNB4euv7TXt4CJvUxZfyv6V87ZfP5hN0si3YwDaBRq
+WmHtOQuyoEu3Gjagq5rvnM32YVV+2luA2LH3uKRyD+WWyY8OKekxCnNGpgG5CH/t
+tKujd2VQPZ++74rzI4zFLDEohdPJ+V/zYWHFcIAIXbKFnaFXOiDdps3+Wjm83uLO
+t8103w1lFRl4si1ilr++cnZdWw7KGY5pSi+XM5f3X7O+tF01QTBTB4oYHpR7aLMr
+KSun8GxhvE5N/im6BHW7MlwWg7/dCBcWFdVvoahLtpbTtEM=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..63bf6ed737
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v1-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem
new file mode 100644
index 0000000000..ab3de4239d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAQIUdRNyE5Q7FT2TnlhkA3MFGPl8kHMwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFzEVMBMGA1UEAwwMaW50LXYyLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8E
+BAMCAQYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeTnN/gKQj4Ke
+OTTweVvVugkfTU9BKBrqNGwarLQCznA7RHo+FvVKLjoY3Q+baHcK4EtO0u6SG9p5
+wP77QcvAmf2Zr3cnU5thgEPhn6GD3hpxDTH1Ai1i+5Y+kD+0AoDyXcAoDYYSOL8J
+XoTDeWFlKwUchWcVqr6T23dQk1ugYX2jSvozQJ92uTdk3xFqj3glhPEY/KmsiGGd
+WX9CWt9df/sw2fkCHWDTx4Uwa4f6bnu0YL/rHV5F/J3iHM0PN++vtLifyEJmwWh9
+pkLR79Pvd7eQelrdt+vcnUbvT9L/KdlUptcO4FWtlPE+hfkQdlSL0M9Wo+bsJTeG
+CekrPZWLOw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..ca1bf67a7d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v2-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..e18ee2c0cb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAbygAwIBAQIUZbO+K3eIJS/mMdcdqWTFhjTgZYswDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGzEZMBcGA1UEAwwQaW50LXYyLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMaMBgwCwYD
+VR0PBAQDAgEGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAHPwO/Xglbd7
+0tOHcMV5fgQOIPY1qXyG3DM/dYNYJ1+Ma+2F09nZjaOtJpUeSNJReTD6TNWFuNbH
+pcDge8qlQImjjM1CN7TIgefwY1riWqryJniX9mL0oGaZsRMWH8Ad2e44vAbG9yRv
+2t933F9LC9MjEHMhrLCaY/DRtA3Hbao1l+ykAOl/Y8M7AVQmscsyw+BKtAv10lxR
+ktTz0ksevwxGIBgx6MTJRFreY3JbCraJBdkM4RjiKhmXhmEjQS2+TRWTp0do030N
+FO9ELuo59+DMCf8hZi33IlekAfda6qmtuIxBg4USLKhoF0KAa+KnIIVY3G17zO94
+VnA8/fR5uJ8=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..fc28ff150e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v2-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem
new file mode 100644
index 0000000000..8ef8e505bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxDCCAaygAwIBAQIUUQLaY8ipGIlTLB/nSbAqMeW6VScwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLaW50LXYyLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAioRpOtyrsMKsL6Hty1aZ71A8VK6rccVF
+87ONK3VlT2PqrT9QW4RnVpyBgghPNqFTup9i/5SmC8Onva8beyRFj0zXThw0R4dg
+jEssH8l0a/kHZL/WYhrgIEjddoyoghcNKEldlzTjystlwSF19vjaAjIuyMXkz6vB
+sxZPybLUsku/Vadr6q+IgVQfbAnnKi4nlmju4Y7qcBDHSMNRyiSQ+UvCLYRqBp4P
+eJmNQ6CIveosdZHN0GL5TA2wwLaZPeg2dSIMyZZkJ3wZ8f9rUo+K3djlhBlsNbb8
+tnXTtF+V0Cuw1K27sUDwcpzGkW3KZOyTNChnNGeTRuRvL8atnovoiQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..2d3fe59ffa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v2-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem
new file mode 100644
index 0000000000..020f8c95a0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUI1ybSEPY2poauHkhPwser00Xp/MwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFzEVMBMGA1UEAwwMaW50LXYzLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8E
+BAMCAQYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOGTAs8e845vz
+QlLoD0fleQQZ2MXLA+/OrpWyzsN5ACv3PMShQs7TBl+/xxAu8lt2AvGso5lFsV8b
+0URtUP/X+nSrrKDFDx9g6A47q4XNpWeDESAWxJzigH2JYszzg/YtEdTcf78cIIIF
+rLvoohH3zobR95yMXsfbs2JSvYH3vzWDZV+cz0FyaUXw16e2KS0MnmIwP+37t6xk
+sJQ5bCoWQhg2vuanikOUoqvr3aFgoLJ0HjArk5rDAi7fX8/JuAWc3cIJufHUTlXD
+Q9t8x8dbmGk02IcNDqyzpTzyht8vWEkx3NeA+xalUdC7Q7ERK5RfnTGZE61NCP2t
+Hc/W4GT9Jg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..56fcb21a03
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v3-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..84a3cb5aa9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAbygAwIBAgIUD4qSXNFu/c46+734YKWQ34JSbYwwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGzEZMBcGA1UEAwwQaW50LXYzLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMaMBgwCwYD
+VR0PBAQDAgEGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGScr4E0l8ED
+DTvqNg3LofHZhzXbcjnIMCtF0Lsm+bgD/lcakGq36EHfRe5lzYkCUJNYZdzhoEPA
+vusoj+SxXvmvGf0a58yW6m3Qm1nwIS3g93AA5QakNeMAKNqwNubLK2LCeaI7BUzh
+Q8rMOwskLjPe9dTVFWQc+w8xFwM3okYQQbwtwm8xJ/246RTCsN0bNDX3+stMy9q9
+cIJe3Qn4Ts/1MRdk3h9xmpY3gxP7Z1pAoVGR4rkw90ZHQgyVKZeewEl3FSH2MUNA
+0pAwdNCudoSrsVzWyd5/B8cdLzbaZX5K3+6/O2b7EYSxcLTwSxbhFFrzBchdr7gW
+6h1ZkGIuZ54=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..a2def8d323
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v3-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem
new file mode 100644
index 0000000000..95da1f083f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxDCCAaygAwIBAgIUI2KYUx6IdZc7V+QOkPrR6lb8mB0wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLaW50LXYzLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAaeXb3bAjhYr/PTWrfsPEbafwF60e9iMB
+SIvCE4EgFkk4jVmnSsQ3x9gipx1j+7M0xIMPSvkC/wdK9G1gdUVg64xjIUoBy38h
+YP9Mla/4vThWkkOt/0LDqtVio26R89GKR0v1tLwOfSBGJtZIpzZmZeGfYhFQDKc6
+MioBkNO/2QGABwyTtzRBhirgm3Sr39mLO1LiAeX/9kZ8kx+RQ+rhb5zxkwh1J5Fu
+c53sY4bfssi1PZTCiqv1TunBNfCnUexSsryFVpt66nUmTFpxAFTF4LB0o2nxesN0
+MB6t/FCjQB4ohAjsDZFuvay20i39QeOdn1giiq8WKxkJ/1gJEJoghQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..b336397ab6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v3-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem
new file mode 100644
index 0000000000..3a70fcb59f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAwIUf4EySk0lSBQJqR+4lgqvertC0zYwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFzEVMBMGA1UEAwwMaW50LXY0LUJDLWNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8E
+BAMCAQYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaZBJSMK66toq
+1l0vfxuY8w6uwbged4tuAEZPtl8hA2I/E70HwcaFpphKZGC5W1HeCrUsooZpRJPb
+UZntyARmXdaTD3tUi85VUX2LnZ4OjmfATAcEHZixItQSmRrXRQrDOk2hwADrLRD0
+aH8dR23aE+pbZSvPt8Oj/0M0PMeyfYLjPwacyspMKBOKB2psAISnRqiRJidprhuy
+XDmYPaCMzw+cB5nFK3w6UJagxR6n9p70BQXaj5vodHpAsYDKHNmJzoUTewQhDjvu
+8IZ7IwwIQCkzBYD1hzgyv3iwos1Fdruo3HlUG3QrTlKRJWTg+uy22mjz2LkQTASs
+GtMjAMQoXg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec
new file mode 100644
index 0000000000..12b94e63a5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v4-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem
new file mode 100644
index 0000000000..258edfd30b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAbygAwIBAwIUaRagMmDSJscXn/t4Oc6wCFBRsAswDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGzEZMBcGA1UEAwwQaW50LXY0LUJDLW5vdC1jQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMaMBgwCwYD
+VR0PBAQDAgEGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBALc+XVxkZhVz
+jUck7fZy1tMh8WoDXjeVEg1nLC/ZR7RSKyJrsvqiz3lVgI5PHKEJTdX4GGUIduaV
+cqF5NegfOEIxbz1e4TIETyr6+bZpSyEY9+yRZlXViXYu3RN/06D7iRs+GiCRalD6
+LqWGka40hU2RnfTJMQl5vdKYRsEkgKJdDcy9siqtyy+N0q99qrjdgmEp9frvFOeK
+n+Z2A0q2dd4SvNJMjBuWOSDkf7OWe8ikG9a6/LuqvKTLKbSGPcn3kBBRWa50fhXF
+VD7zNYCEenOUkKtSEuOLjfCXkclq5E+2x6xevQzLhaq+YEn9eWIB1lkUKlIKRctH
+mMxi6abwwmo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec
new file mode 100644
index 0000000000..43a04f70fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v4-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem
new file mode 100644
index 0000000000..eb04abd1ac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxDCCAaygAwIBAwIUHQVqHNDgKUKfLlJSssV/DtzK7n8wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFjEUMBIGA1UEAwwLaW50LXY0LW5vQkMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAOlKR1lHnYxbIL/rDMu7L9iOV/r1rz2X9
+hD5cIsB21vlgGyX2Mgp5FqnzqdEwspUDkK37R0rKQx1RSERbgFSoGomTmkcoGcxw
+eZu7uURGGkhHCUxGa58LgDsbsRTJ8z6M61fC9bax9rTTSNdmwMoQ6RVNTeTcPBC0
+FuzC0IkKpTSRlkZiRiGsGmOboDdyJepopFNBdiiF4TP6h6R1VuG36wxWkuVjpmo7
+EjQATtHKW3hA2OUeG7MZ3uXfA9LB6J0YLeQx6RAtxJz3l8h1H6FLQqjHzZdpaqlz
+TiZK2iVAFwysASY934d3960AVXf6w7sTcm+VATUJ6FeyZqv+MHLzrw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec
new file mode 100644
index 0000000000..4970d1e945
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v4-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:4
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem
new file mode 100644
index 0000000000..26d1e24ab8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbECFEm03vqIwHzrulQ6ThsgNEQPGQ1pMA0GCSqGSIb3DQEBCwUAMBYx
+FDASBgNVBAMMC3NzLXYxLUJDLWNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXYxLUJDLWNBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxarz9SPSE3MKd2HcoDsHx66Cj
+VpIgwPpGRCNoagkknbjSunYdIIi2NDnMHIzQBD0ldQWh6up2fdXGeVVyvKfs9Nt4
+c8oodt2JpOh8F3HHYeXy3xCr/5CA7t+MUamcMrE7xsZ36ozbVMKHR6FmgQ+J62ht
+onoprRvwvwh/Q9RFC+oG4hC+M+PzDH+XXVXJ9tVsuOEPElb27sQATNr/msGfwNV3
+ly2KUdrexprB03HC/WxrkW82vJEqWBx2AtQ5p1VpczAcKW6hxknIE3aW/T8BAk+u
+BrVWnL/Dm2WWMAiMYLdp0/yB0qCVwBLbWxr1pyzvvI71ht/rQ2cLuFaMaWGV
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec
new file mode 100644
index 0000000000..731396f034
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v1-BC-cA
+subject:ss-v1-BC-cA
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem
new file mode 100644
index 0000000000..58e32058f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbYCFB2XtG2qFhxdho3Q01DnHGTK3Mn4MA0GCSqGSIb3DQEBCwUAMBox
+GDAWBgNVBAMMD3NzLXYxLUJDLW5vdC1jQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIw
+MjQwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12MS1CQy1ub3QtY0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAEfB+j9e5x5l1ucXYQwj
+bIB2mGM0OmgN7gWjknyMNO7G48cydDPSay6OgX7yulT3TPNE+/p447hOo5LOeUSx
+om+pLouQ6YejxgFzmfpNyOz3E2wJpLhMTis0S2z/YlyHQ+jKPawgH80pgPMcWdIJ
+X/yz4whWW5XyELYsMR/M3wAhRK1KWgdDruZ/TvDhUkKmZWb5R2Q9fp1hqj88E8vI
+0tW74SjrTVRO+N8r9SvaXxtzJgKl3lBKE54JUTaCCCgNZfDFw4qJNy46KkbX9nQF
+rBCc5W7Ol3UvFRXCXFgvKWjKZNIs4+hHtKze9BnTN6P7qojv//6YPILPvtxRLBQu
+OSE=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..20d716d494
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v1-BC-not-cA
+subject:ss-v1-BC-not-cA
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem
new file mode 100644
index 0000000000..897b2929d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ0CFCtTEqIZaepqohtlFuKdl2gKmSgLMA0GCSqGSIb3DQEBCwUAMBUx
+EzARBgNVBAMMCnNzLXYxLW5vQkMwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIw
+NTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjEtbm9CQzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAl3uPUlywKxXEyN2YufvSbOK1YUXV0U50+Y7ForOzz4fkGagQ3JnJ
+0kxPSyKBv49f+NKPWQXpTQI18vhJCAsuKu91h26iPVmNpIpur9c80J0MuB9h7d/N
+OvnjU+mOZERvNjiMREKmf/iXc9muxD8m768uXLx9fD/TlVnNSGg3EB01xGdIYUVb
+4OeiYdRveU7tTHRYQm+7fDpvz0bsushAC/IP+gMVKr9L0cOi9Sm8kXYofF6KE9OP
+uqZubzychgdd8NeDFiZV+gKuzrFo+KDfZXgv7uPLsLXJTPrF4oa8K0f2o/7eodzy
+dCqgcGAMiG8RY99fj/wkr53PTeoyjmH8JA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec
new file mode 100644
index 0000000000..58d2f0d7f5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v1-noBC
+subject:ss-v1-noBC
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem
new file mode 100644
index 0000000000..a9698fa84b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAQIUccKKmvoyz83s/BA7Se0cmdaDyA4wDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLc3MtdjItQkMtY0EwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowFjEUMBIGA1UEAwwLc3MtdjItQkMtY0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAO
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKCYVHe7DQRTQ8bGEkSf
+WFzWfcbVaijFx7fxDP7bSQ8odxLQ6HL9+qFY7YFAdlYNtzxnd1/7Lq91nmRn0yqV
+W7KVCLMld9OsXMtrGZoA8BQ7AeiaC+UHjpdvNNkPVm4rMqutTTXzEfhlJ6sIYUFg
+CTmRpBrAHZiQy0KoUAyu+mAEYgoZoBITapgj150ScwHYDrZZRMHQyBmWtS9Y/vkL
+4mlU1k2x3vGp1OzEZ7ha/W6UKGj11vKYNH0wTJ7CFFOMWOybLnr47GkGvqYpM4AX
+baIDecJcHu83EIVbVolkEhPyxGpdKd6ooSulOx4kqvOUfpa3qmtK8L1mG0GhtB8m
+8EY=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec
new file mode 100644
index 0000000000..8dbb3a65ad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v2-BC-cA
+subject:ss-v2-BC-cA
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem
new file mode 100644
index 0000000000..3962a757d6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAQIUJfSgjF/arNqPCRg7D0Wxb4V09DEwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPc3MtdjItQkMtbm90LWNBMCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3NzLXYyLUJDLW5vdC1jQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAEj9uU+SGjK3L
+BX2rRLlAmmY2gqpFPvVaPyxFlmqsLOnr/1LYzT5oWGP0TA57WLNv5KG1oJK+Jgcy
+8kzVQvV3y/nMjYLF+JmPiNwkhZgHtjLuEpymjGtmqPQ1xyPRHz9tJwpw06HTcSZB
+QgOY8gbAThJUyXS4/2ScOnSCyHXA/vOD2b11LPD+N3YWqsSg8DwMGoD2NoeoOlB/
+E3f7/oC4o/t17dRaivcruajM2BtAgG2hxWDXacNw1CuM19aCK2WFczP5bC20jwFT
+a0G++6UnUD9VtnuZqSpPAUy57sddBavoLAhBe/CqSCgRAsPdNxyg1xBrZ6+We3O3
+r7Lsq4PH4Q==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..2b8f4bcc55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v2-BC-not-cA
+subject:ss-v2-BC-not-cA
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem
new file mode 100644
index 0000000000..a8fa3cf4ee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICujCCAaKgAwIBAQIUQdBy+4wdhpohAMac8EXVk4wUnPkwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKc3MtdjItbm9CQzAiGA8yMDIxMTEyNzAwMDAwMFoYDzIw
+MjQwMjA1MDAwMDAwWjAVMRMwEQYDVQQDDApzcy12Mi1ub0JDMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqG
+SIb3DQEBCwUAA4IBAQCW9HCqtoNi0A4JKT5I/zdq3m5e7gBPXxA1ZKdN0mqkkrhS
+nqH+QvQmQrX/k53N/h3j/E/Dim9UYg26M+avN4/hfU/cx6AS5oHBHUwT4FVktktg
+Qi7LCVnEop0GfRh37F3ELH2CP4/dPQCtVv1SUzMyJluKxnxjSfMHZtdzysGrAmRR
+5cZKkaEBhqRPhfbhcb9zg6aE8Zkz/wJDERbQPNm64zUnvCok+Odzd9k1LiEeVcZ6
+f9BHkfij47T1v0thdmPFt7nEj7K2NslaTu1F9fvt8Km8d6RYYyb7LPROaW9vCvpa
+O8RjTqqO5WuhaTG8Dm5JKWdv7sI7Y5idy9BcJ5V/
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec
new file mode 100644
index 0000000000..7656115a84
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v2-noBC
+subject:ss-v2-noBC
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem
new file mode 100644
index 0000000000..a86689c286
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAgIUV3RPQ09ejjSXQuMvUHp+zUtwebkwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLc3MtdjMtQkMtY0EwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowFjEUMBIGA1UEAwwLc3MtdjMtQkMtY0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAO
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJOBJL+9cOC3goHK5Koy
+QtMAovGwLK/6C79HM3rmAm/sKgc1fKNR6HKSN+dHT20n7DbNNLs0Yi0vxREqe77Q
+tc57OM99Qa4AHDKyKM7C/dLNjvhedDJUGQx9Z6BdmvnsplPJ0mLE0Q/Tfvv/ptDV
+frUiJtHAytpSQdIHex6pTn1duw9C6077MeOFWTFBhN46ofaWX7CJ/VFmo3cFe4w2
+81W2l4OY47KOMShPOulWegPoD7F5n7RLxCJmglgc3YqNKU0ZmjIbGd0pxBwA3hJ6
+RJYABAgFt4vWHiR681o92EdrvGxynQrt+rNua7vnbd15mpdlWhOzf2TpH6Eb1xQJ
+xh0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec
new file mode 100644
index 0000000000..df822e99b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v3-BC-cA
+subject:ss-v3-BC-cA
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem
new file mode 100644
index 0000000000..50cb38c511
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUe6vAs3LdMkG/SJQc7W2Z2nK0BhQwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPc3MtdjMtQkMtbm90LWNBMCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3NzLXYzLUJDLW5vdC1jQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAucdyWJ2AEXtX
+Q39648iG6PVW1J3wcnGX8qzmgFATl6bJAnW4kvUIJPx7Giuwr5FXiU0+4iH1UjvF
+BorUywDb3H8R8PawAeNZK2pgbhy1aar1sAGINhJHq6ezyJzBHo/Kc6VHaHT2CHLa
+3++MB9afCWa5+mUKfXbwQErCoI66N+ft6CEFRMtEvgLdqNNjoXrtW8Nag0elXwCs
+dLBlErXmUnms8qXm4qnYu4bmw1fTbhpEmWYTZVEFpjcukKceOsK9g0HcuCzIKRTc
+XH09WTxYiic5b2czUkCFA7LLwlslk6wzUZ/7ZwzR/+g/m+09ov/LkSPaacFIoOn0
+zaDYXSF1aw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..0b2b575573
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v3-BC-not-cA
+subject:ss-v3-BC-not-cA
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem
new file mode 100644
index 0000000000..088bb2090b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICujCCAaKgAwIBAgIUaVRk3sXNmaUjSjJv3jBL0P0UTWIwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKc3MtdjMtbm9CQzAiGA8yMDIxMTEyNzAwMDAwMFoYDzIw
+MjQwMjA1MDAwMDAwWjAVMRMwEQYDVQQDDApzcy12My1ub0JDMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqG
+SIb3DQEBCwUAA4IBAQCyXkVIdklwHrjupe3kra+HJFuVX4YmH1aPmTmbZ6lcbjue
+4s3N4B6vMko1EpSLTkURaXptwIqTXepJW408wvq/I90AS41yFZdJWIqA4Ja660wo
+GPiAg2pXYrRkJF3EuHywZBnAwW2ofvHfrWorZILvDuJHzV5ATwZq3Ol/h+Y0A/5m
+tSD0nX3HsQzP12vJGe49MDcns/KZ/EjM2OYjES/0RaKO0RlsjcNwMRumDzONIQuy
+nK/fqLUb3Kr85TUszug43hYLxggthGtQPABoKe3SWZdcUw436BcVajALLooIvPL2
+hWOvLzNaoTe/s0hstVlQA+w4A7gXBJ/ObXEig8Ug
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec
new file mode 100644
index 0000000000..96314e51a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v3-noBC
+subject:ss-v3-noBC
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem
new file mode 100644
index 0000000000..ac28f2a876
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAwIUKQWpRSl3Uj/ocXqC2oi769nb2qcwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLc3MtdjQtQkMtY0EwIhgPMjAyMTExMjcwMDAwMDBaGA8y
+MDI0MDIwNTAwMDAwMFowFjEUMBIGA1UEAwwLc3MtdjQtQkMtY0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAO
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKlNt44BoIpzXgsZi0C7
+OIzkY4K3S7sa16Y+yyTlLNmUFSWd2LlFsecbqF5hsfQpGr4VGZ2qiRMMp/58SN6x
+ZcIooVxuoPzrgmAsi88+oIg8/3y44rMYXTzUDEtT8qdCj+ZPFDJ+kXCQJgZg073/
+7Ds6gZrssJ7522Srneba/UCqpULVh3L7GCirWi9l55fWARGDpzzqx6jQ0VgKX51M
+5h9F+xtqN1AauQwIszYR5Hayd31isphb3Xi+QHKkDu0hLeUIoYL+R3wrK3v66PsQ
+UN3vP5uFlPSTytFyxHxznq/XK7PQTKJtDEsw83w1Zf/eC/OQqhpp5CQRIqhp4uvc
+6fM=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec
new file mode 100644
index 0000000000..54269184ed
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v4-BC-cA
+subject:ss-v4-BC-cA
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem
new file mode 100644
index 0000000000..513c923439
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAwIUIeyKT44j1c2KJk9pttBpbzR9ZSYwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPc3MtdjQtQkMtbm90LWNBMCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3NzLXY0LUJDLW5vdC1jQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAmotdMTHJSzQd
+7qW3zeMmT8LJrfAcYBH6mG0akuU+qI6DJyhxPZ1+WAg/WaDA9RxIBPX2kiWf3M6P
+KPNlVQpenRuMVBpRGmkpdZVZzliM0Fy5GASUppXYwkUsXCDRD0bAOhvFR7c4JnSN
+9jcE6GBJ0uMg06+YU5iAAX9G2WraWzp7Pk+xjqP8mbwda1xeNzj17jQ+byH+uYD6
+06l4yVrc5tEhvaLNQ4kj6WfwH2McfH8QKmTcKc4Hrurpy1DoIvhiPUXgjWRh10mY
+hK2cyYKxOLkARC9rZyNC+Gs49QPNIvP8hx0bcBt2155KCyq+maY2z89V+4GDniCb
+cotpFITaQQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec
new file mode 100644
index 0000000000..3d65335316
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v4-BC-not-cA
+subject:ss-v4-BC-not-cA
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem
new file mode 100644
index 0000000000..21c3e5ab41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICujCCAaKgAwIBAwIUY9VIv+NEAO2/Qp7CbzKTT7ZFeIwwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKc3MtdjQtbm9CQzAiGA8yMDIxMTEyNzAwMDAwMFoYDzIw
+MjQwMjA1MDAwMDAwWjAVMRMwEQYDVQQDDApzcy12NC1ub0JDMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqG
+SIb3DQEBCwUAA4IBAQC167h5gNohDcvc3rNzNfzoEVyRnF9dxUkqjJRoNZ+LG+SQ
+5zpkmFbbztbh+lto9oKNaLZre6ZKIVortL5zuKIaL7wl5D/V4sww/PDE7As8bWen
+GR5ayqzq1jtOdVS0rbE11phIrnRciT6poZ8OQjasD1PYU/vYn1p8n8bEKqFR5uzq
+g0nHMvGrVBPoe0fHYC1XIhIxFzJly0iDG2mObdgA4lusktAPBdXTbQElkQBuLVnE
+yoL1lqt1jDPaOBhptIMuJC1yOqQcdlFPHdqRAd2xTur/ZwVOGSD2K+a0fqIyfFDl
+hI+MT6xYiExzrkfQ+FV5wGQ95omzeVweeqhUCcbw
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec
new file mode 100644
index 0000000000..d02e04de51
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v4-noBC
+subject:ss-v4-noBC
+version:4
diff --git a/security/manager/ssl/tests/unit/test_client_auth_remember_service/ClientAuthRememberList.txt b/security/manager/ssl/tests/unit/test_client_auth_remember_service/ClientAuthRememberList.txt
new file mode 100644
index 0000000000..414144e51b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_client_auth_remember_service/ClientAuthRememberList.txt
@@ -0,0 +1,3 @@
+example.com,C9:65:33:89:EE:DC:4D:05:DA:16:3D:D0:12:61:BC:61:21:51:AF:2B:CC:C6:E1:72:B3:78:23:0F:13:B1:C7:4D,	0	19486	AAAA
+example.com,C9:65:33:89:EE:DC:4D:05:DA:16:3D:D0:12:61:BC:61:21:51:AF:2B:CC:C6:E1:72:B3:78:23:0F:13:B1:C7:4D,^partitionKey=%28https%2Cexample.com%29	0	19486	BBBB
+example.test,,	0	19486	CCCC
diff --git a/security/manager/ssl/tests/unit/test_client_auth_remember_service_read.js b/security/manager/ssl/tests/unit/test_client_auth_remember_service_read.js
new file mode 100644
index 0000000000..6238b1dfda
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_client_auth_remember_service_read.js
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This tests that the nsIClientAuthRememberService correctly reads its backing
+// state file.
+
+function run_test() {
+  let profile = do_get_profile();
+  let clientAuthRememberFile = do_get_file(
+    `test_client_auth_remember_service/${CLIENT_AUTH_FILE_NAME}`
+  );
+  clientAuthRememberFile.copyTo(profile, CLIENT_AUTH_FILE_NAME);
+
+  let clientAuthRememberService = Cc[
+    "@mozilla.org/security/clientAuthRememberService;1"
+  ].getService(Ci.nsIClientAuthRememberService);
+
+  let dbKey = {};
+  ok(
+    clientAuthRememberService.hasRememberedDecisionScriptable(
+      "example.com",
+      {},
+      dbKey
+    )
+  );
+  equal(dbKey.value, "AAAA");
+
+  dbKey = {};
+  ok(
+    clientAuthRememberService.hasRememberedDecisionScriptable(
+      "example.com",
+      { partitionKey: "(https,example.com)" },
+      dbKey
+    )
+  );
+  equal(dbKey.value, "BBBB");
+
+  ok(
+    !clientAuthRememberService.hasRememberedDecisionScriptable(
+      "example.org",
+      {},
+      {}
+    )
+  );
+  ok(
+    !clientAuthRememberService.hasRememberedDecisionScriptable(
+      "example.com",
+      { partitionKey: "(https,example.org)" },
+      {}
+    )
+  );
+
+  dbKey = {};
+  ok(
+    clientAuthRememberService.hasRememberedDecisionScriptable(
+      "example.test",
+      {},
+      dbKey
+    )
+  );
+  equal(dbKey.value, "CCCC");
+}
diff --git a/security/manager/ssl/tests/unit/test_constructX509FromBase64.js b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
new file mode 100644
index 0000000000..400724bef8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
@@ -0,0 +1,87 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that ConstructX509FromBase64() accepts valid input and rejects invalid
+// input.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function excMessage(e) {
+  if (e.message) {
+    let msg = e.message;
+    if (e.data) {
+      msg = msg + ": " + e.data;
+    }
+    return msg;
+  }
+
+  return e.toString();
+}
+
+function testGood(data) {
+  try {
+    let cert = certDB.constructX509FromBase64(data.cert);
+    equal(
+      cert.commonName,
+      data.cn,
+      "Actual and expected commonName should match"
+    );
+  } catch (e) {
+    info(`Exception: ${excMessage(e)}`);
+    ok(false, `Should not have gotten an exception for "CN=${data.cn}"`);
+  }
+}
+
+function testBad(data) {
+  throws(
+    () => certDB.constructX509FromBase64(data.input),
+    data.result,
+    `Should get "${data.result}" for "${data.input}"`
+  );
+}
+
+function run_test() {
+  const badCases = [
+    // Wrong type or too short
+    { input: null, result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "=", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "==", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    // Not base64
+    { input: "forty-four dead stone lions", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    // Not a cert
+    {
+      input: "Zm9ydHktZm91ciBkZWFkIHN0b25lIGxpb25z",
+      result: /NS_ERROR_FAILURE/,
+    },
+  ];
+
+  // Real certs with all three padding levels
+  const goodCases = [
+    {
+      cn: "A",
+      cert: "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t",
+    },
+    {
+      cn: "Bo",
+      cert: "MIHjMIGeAgEAMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNVBAMTAkJvMB4XDTExMDMyMzIzMjYwMloXDTExMDQyMjIzMjYwMlowDTELMAkGA1UEAxMCQm8wTDANBgkqhkiG9w0BAQEFAAM7ADA4AjEA1FoSl9w9HqMqVgk2K0J3OTiRsgHeNsQdPUl6S82ME33gH+E56PcWZA3nse+fpS3NAgMBAAEwDQYJKoZIhvcNAQEFBQADMQAo/e3BvQAmygiATljQ68tWPoWcbMwa1xxAvpWTEc1LOvMqeDBinBUqbAbSmPhGWb4=",
+    },
+    {
+      cn: "Cid",
+      cert: "MIHlMIGgAgEAMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNVBAMTA0NpZDAeFw0xMTAzMjMyMzI2MzJaFw0xMTA0MjIyMzI2MzJaMA4xDDAKBgNVBAMTA0NpZDBMMA0GCSqGSIb3DQEBAQUAAzsAMDgCMQDUUxlF5xKN+8KCSsR83sN+SRwJmZdliXsnBB7PU0OgbmOWN0u8yehRkmu39kN9tzcCAwEAATANBgkqhkiG9w0BAQUFAAMxAJ3UScNqRcjHFrNu4nuwRldZLJlVJvRYXp982V4/kYodQEGN4gJ+Qyj+HTsaXy5x/w==",
+    },
+  ];
+
+  for (let badCase of badCases) {
+    testBad(badCase);
+  }
+  for (let goodCase of goodCases) {
+    testGood(goodCase);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_content_signing.js b/security/manager/ssl/tests/unit/test_content_signing.js
new file mode 100644
index 0000000000..7e96ea2df6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing.js
@@ -0,0 +1,431 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// These tests ensure content signatures are working correctly.
+
+const TEST_DATA_DIR = "test_content_signing/";
+
+const ONECRL_NAME = "oneCRL-signer.mozilla.org";
+const ABOUT_NEWTAB_NAME = "remotenewtab.content-signature.mozilla.org";
+var VERIFICATION_HISTOGRAM = Services.telemetry.getHistogramById(
+  "CONTENT_SIGNATURE_VERIFICATION_STATUS"
+);
+var ERROR_HISTOGRAM = Services.telemetry.getKeyedHistogramById(
+  "CONTENT_SIGNATURE_VERIFICATION_ERRORS"
+);
+
+function getSignatureVerifier() {
+  return Cc["@mozilla.org/security/contentsignatureverifier;1"].getService(
+    Ci.nsIContentSignatureVerifier
+  );
+}
+
+function getCertHash(name) {
+  let cert = constructCertFromFile(`test_content_signing/${name}.pem`);
+  return cert.sha256Fingerprint.replace(/:/g, "");
+}
+
+function loadChain(prefix, names) {
+  let chain = [];
+  for (let name of names) {
+    let filename = `${prefix}_${name}.pem`;
+    chain.push(readFile(do_get_file(filename)));
+  }
+  return chain;
+}
+
+function check_telemetry(expected_index, expected, expectedId) {
+  for (let i = 0; i < 10; i++) {
+    let expected_value = 0;
+    if (i == expected_index) {
+      expected_value = expected;
+    }
+    let errorSnapshot = ERROR_HISTOGRAM.snapshot();
+    for (let k in errorSnapshot) {
+      // We clear the histogram every time so there should be only this one
+      // category.
+      equal(k, expectedId);
+      equal(errorSnapshot[k].values[i] || 0, expected_value);
+    }
+    equal(
+      VERIFICATION_HISTOGRAM.snapshot().values[i] || 0,
+      expected_value,
+      "count " +
+        i +
+        ": " +
+        VERIFICATION_HISTOGRAM.snapshot().values[i] +
+        " expected " +
+        expected_value
+    );
+  }
+  VERIFICATION_HISTOGRAM.clear();
+  ERROR_HISTOGRAM.clear();
+}
+
+add_task(async function run_test() {
+  // set up some data
+  const DATA = readFile(do_get_file(TEST_DATA_DIR + "test.txt"));
+  const GOOD_SIGNATURE =
+    "p384ecdsa=" +
+    readFile(do_get_file(TEST_DATA_DIR + "test.txt.signature")).trim();
+
+  const BAD_SIGNATURE =
+    "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2r" +
+    "UWM4GJke4pE8ecHiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1G" +
+    "q25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L";
+
+  let remoteNewTabChain = loadChain(TEST_DATA_DIR + "content_signing", [
+    "remote_newtab_ee",
+    "int",
+  ]);
+
+  let oneCRLChain = loadChain(TEST_DATA_DIR + "content_signing", [
+    "onecrl_ee",
+    "int",
+  ]);
+
+  let oneCRLBadKeyChain = loadChain(TEST_DATA_DIR + "content_signing", [
+    "onecrl_wrong_key_ee",
+    "int",
+  ]);
+
+  let noSANChain = loadChain(TEST_DATA_DIR + "content_signing", [
+    "onecrl_no_SAN_ee",
+    "int",
+  ]);
+
+  let expiredOneCRLChain = loadChain(TEST_DATA_DIR + "content_signing", [
+    "onecrl_ee_expired",
+    "int",
+  ]);
+
+  let notValidYetOneCRLChain = loadChain(TEST_DATA_DIR + "content_signing", [
+    "onecrl_ee_not_valid_yet",
+    "int",
+  ]);
+
+  // Check signature verification works without throwing when using the wrong
+  // root
+  VERIFICATION_HISTOGRAM.clear();
+  let chain1 = oneCRLChain.join("\n");
+  let verifier = getSignatureVerifier();
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      ONECRL_NAME,
+      Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot
+    )),
+    "using the wrong root, signatures should fail to verify but not throw."
+  );
+  // Check for generic chain building error.
+  check_telemetry(6, 1, getCertHash("content_signing_onecrl_ee"));
+
+  // Check good signatures from good certificates with the correct SAN
+  ok(
+    await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    ),
+    "A OneCRL signature should verify with the OneCRL chain"
+  );
+  let chain2 = remoteNewTabChain.join("\n");
+  ok(
+    await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain2,
+      ABOUT_NEWTAB_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    ),
+    "A newtab signature should verify with the newtab chain"
+  );
+  // Check for valid signature
+  check_telemetry(0, 2, getCertHash("content_signing_remote_newtab_ee"));
+
+  // Check a bad signature when a good chain is provided
+  chain1 = oneCRLChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      BAD_SIGNATURE,
+      chain1,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A bad signature should not verify"
+  );
+  // Check for invalid signature
+  check_telemetry(1, 1, getCertHash("content_signing_onecrl_ee"));
+
+  // Check a good signature from cert with good SAN but a different key than the
+  // one used to create the signature
+  let badKeyChain = oneCRLBadKeyChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      badKeyChain,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the signing key is wrong"
+  );
+  // Check for wrong key in cert.
+  check_telemetry(9, 1, getCertHash("content_signing_onecrl_wrong_key_ee"));
+
+  // Check a good signature from cert with good SAN but a different key than the
+  // one used to create the signature (this time, an RSA key)
+  let rsaKeyChain = oneCRLBadKeyChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      rsaKeyChain,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the signing key is wrong (RSA)"
+  );
+  // Check for wrong key in cert.
+  check_telemetry(9, 1, getCertHash("content_signing_onecrl_wrong_key_ee"));
+
+  // Check a good signature from cert with good SAN but with no path to root
+  let missingInt = [oneCRLChain[0], oneCRLChain[2]].join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      missingInt,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the chain is incomplete (missing int)"
+  );
+  // Check for generic chain building error.
+  check_telemetry(6, 1, getCertHash("content_signing_onecrl_ee"));
+
+  // Check good signatures from good certificates with the wrong SANs
+  chain1 = oneCRLChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      ABOUT_NEWTAB_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A OneCRL signature should not verify if we require the newtab SAN"
+  );
+  // Check for invalid EE cert.
+  check_telemetry(7, 1, getCertHash("content_signing_onecrl_ee"));
+
+  chain2 = remoteNewTabChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain2,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A newtab signature should not verify if we require the OneCRL SAN"
+  );
+  // Check for invalid EE cert.
+  check_telemetry(7, 1, getCertHash("content_signing_remote_newtab_ee"));
+
+  // Check good signatures with good chains with some other invalid names
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      "",
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the SANs do not match an empty name"
+  );
+  // Check for invalid EE cert.
+  check_telemetry(7, 1, getCertHash("content_signing_onecrl_ee"));
+
+  // Test expired certificate.
+  let chainExpired = expiredOneCRLChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chainExpired,
+      "",
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the signing certificate is expired"
+  );
+  // Check for expired cert.
+  check_telemetry(4, 1, getCertHash("content_signing_onecrl_ee_expired"));
+
+  // Test not valid yet certificate.
+  let chainNotValidYet = notValidYetOneCRLChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chainNotValidYet,
+      "",
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the signing certificate is not valid yet"
+  );
+  // Check for not yet valid cert.
+  check_telemetry(5, 1, getCertHash("content_signing_onecrl_ee_not_valid_yet"));
+
+  let relatedName = "subdomain." + ONECRL_NAME;
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      relatedName,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the SANs do not match a related name"
+  );
+
+  let randomName =
+    "\xb1\x9bU\x1c\xae\xaa3\x19H\xdb\xed\xa1\xa1\xe0\x81\xfb" +
+    "\xb2\x8f\x1cP\xe5\x8b\x9c\xc2s\xd3\x1f\x8e\xbbN";
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      randomName,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the SANs do not match a random name"
+  );
+
+  // check good signatures with chains that have strange or missing SANs
+  chain1 = noSANChain.join("\n");
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A signature should not verify if the SANs do not match a supplied name"
+  );
+
+  // Check malformed signature data
+  chain1 = oneCRLChain.join("\n");
+  let bad_signatures = [
+    // wrong length
+    "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi-" +
+      "7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L==",
+    // incorrectly encoded
+    "p384ecdsa='WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi" +
+      "-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L=",
+    // missing directive
+    "other_directive=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ec" +
+      "HiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L",
+    // actually sha256 with RSA
+    "p384ecdsa=XS_jiQsS5qlzQyUKaA1nAnQn_OvxhvDfKybflB8Xe5gNH1wNmPGK1qN-jpeTfK" +
+      "6ob3l3gCTXrsMnOXMeht0kPP3wLfVgXbuuO135pQnsv0c-ltRMWLe56Cm4S4Z6E7WWKLPWaj" +
+      "jhAcG5dZxjffP9g7tuPP4lTUJztyc4d1z_zQZakEG7R0vN7P5_CaX9MiMzP4R7nC3H4Ba6yi" +
+      "yjlGvsZwJ_C5zDQzWWs95czUbMzbDScEZ_7AWnidw91jZn-fUK3xLb6m-Zb_b4GAqZ-vnXIf" +
+      "LpLB1Nzal42BQZn7i4rhAldYdcVvy7rOMlsTUb5Zz6vpVW9LCT9lMJ7Sq1xbU-0g==",
+  ];
+  for (let badSig of bad_signatures) {
+    await Assert.rejects(
+      verifier.asyncVerifyContentSignature(
+        DATA,
+        badSig,
+        chain1,
+        ONECRL_NAME,
+        Ci.nsIX509CertDB.AppXPCShellRoot
+      ),
+      /NS_ERROR/,
+      `Bad or malformed signature "${badSig}" should be rejected`
+    );
+  }
+
+  // Check malformed and missing certificate chain data
+  let chainSuffix = [oneCRLChain[1], oneCRLChain[2]].join("\n");
+  let badChains = [
+    // no data
+    "",
+    // completely wrong data
+    "blah blah \n blah",
+  ];
+
+  let badSections = [
+    // data that looks like PEM but isn't
+    "-----BEGIN CERTIFICATE-----\nBSsPRlYp5+gaFMRIczwUzaioRfteCjr94xyz0g==\n",
+    // data that will start to parse but won't base64decode
+    "-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n-----END CERTIFICATE-----",
+    // data with garbage outside of PEM sections
+    "this data is garbage\n-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n" +
+      "-----END CERTIFICATE-----",
+  ];
+
+  for (let badSection of badSections) {
+    // ensure we test each bad section on its own...
+    badChains.push(badSection);
+    // ... and as part of a chain with good certificates
+    badChains.push(badSection + "\n" + chainSuffix);
+  }
+
+  for (let badChain of badChains) {
+    await Assert.rejects(
+      verifier.asyncVerifyContentSignature(
+        DATA,
+        GOOD_SIGNATURE,
+        badChain,
+        ONECRL_NAME,
+        Ci.nsIX509CertDB.AppXPCShellRoot
+      ),
+      /NS_ERROR/,
+      `Bad chain data starting "${badChain.substring(0, 80)}" ` +
+        "should be rejected"
+    );
+  }
+
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA + "appended data",
+      GOOD_SIGNATURE,
+      chain1,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A good signature should not verify if the data is tampered with (append)"
+  );
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      "prefixed data" + DATA,
+      GOOD_SIGNATURE,
+      chain1,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A good signature should not verify if the data is tampered with (prefix)"
+  );
+  ok(
+    !(await verifier.asyncVerifyContentSignature(
+      DATA.replace(/e/g, "i"),
+      GOOD_SIGNATURE,
+      chain1,
+      ONECRL_NAME,
+      Ci.nsIX509CertDB.AppXPCShellRoot
+    )),
+    "A good signature should not verify if the data is tampered with (modify)"
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem
new file mode 100644
index 0000000000..d615eccf22
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIUNZb51bNpKyzQtWTCj5zrdME7cKYwDQYJKoZIhvcNAQEL
+BQAwKTEnMCUGA1UEAwweeHBjc2hlbGwgc2lnbmVkIGFwcHMgdGVzdCByb290MCIY
+DzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMBExDzANBgNVBAMMBmlu
+dC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u
+togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6
+pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL
+KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq
+fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv
+Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za
+GAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zATBgNVHSUEDDAKBggrBgEFBQcD
+AzANBgkqhkiG9w0BAQsFAAOCAQEAefvKJnF/4qRY9sf/jYCPhWyngBx6JhWFJKiy
+IUHmejn9q/LUX3nskHXA4gAt+KF9hfk9Nx5naL5DaYOkvETawdrSw55Hvphi4MB2
+yHManuj+yplqr8rtDh8Tb2Wm/AeiBqKMTa4AFN9xPbKOrUAVgU+VsXlEIUmOzEI+
+E0HeeIoPCCa6vWPpwhKb4LUlVupe3toJHVbFSp2KcD4gCRsgK60lyqZBosAG8Sat
+Vk7XLPv152/jl7j+pYqnlwabF/LEyVSqegVvvr481kgX8RyEjiPx2wNYYqUF3CPG
+SE2lDXWy629KUGwTH9rUpayMqbfL5bQ9fSGA5vE9pT7vlbBaRg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec
new file mode 100644
index 0000000000..fc9dfd47ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:xpcshell signed apps test root
+subject:int-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem
new file mode 100644
index 0000000000..041fa0ebc1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIUfVErdg1uvVM/D2oapMLb9gSeabswDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBExDzANBgNVBAMMBmVlLVJTQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM9MDswEwYDVR0lBAww
+CgYIKwYBBQUHAwMwJAYDVR0RBB0wG4IZb25lQ1JMLXNpZ25lci5tb3ppbGxhLm9y
+ZzANBgkqhkiG9w0BAQsFAAOCAQEAOLPmVQpsFu7rL6Tc6TUQdS1/wnBDZeO3Q8uq
+x7FSm7tyvrMwCx2pGGJATWIdH33amhRDe3fH5IB7dvFiQx0qDewROnE900ooOQCu
+dsjKDzYurpGmlpYsBHtdFz8tEVgN2CUzfFLRTrJK0wAio5OqbyuZQwb8QBl/HMyk
+aqG33hm/1t8gR7NLn4c03XtaK/xbBGC07aCijsWTj09UB5wgtB12p9Wt7IWrkh2B
+9omSirPYgCWaD0wWJP1d1PlheeNeOYweNbEncjQlH+ukYjMzzZ3IVm7zFN1kit/W
+M7enx5fdED/84092ZzuDheLYKaA63ysJhQvCCzOovWr0PuOnLg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec
new file mode 100644
index 0000000000..7b2a02bdaf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-CA
+subject:ee-RSA
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem
new file mode 100644
index 0000000000..6f15597b6a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICPzCCASegAwIBAgIUSRecknZ3alfumVeo6yV/3O5nvrswDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
+oWhyQzYrXHsYifN5FUYVocc/tI3uhj4CKRXbYI4lLeS3Ey2ozpjoMVNOapwMCwnI
+1jmt6DIG5bqBNHOhH6Mw4F2oyW5Dg/4nhz2pcQO+KIjP8ALwWvcaH93Mg3SqbqnO
+oz0wOzATBgNVHSUEDDAKBggrBgEFBQcDAzAkBgNVHREEHTAbghlvbmVDUkwtc2ln
+bmVyLm1vemlsbGEub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBElZXLzQGRPdygDJ33
+2LuNJiDU8lFXdDulPXcZAQjVXo5gy9XQfMtbTLzf07dpPuQntzJNbGuS4ypboEal
+ixi2jYZHy/Q3CCxFk8jWi18auKES+uRF6qI3PK9RsXXxm7Xt0vk9akYwmmnuAJl9
+eYTCNZ0VaXANvv5GjuFczMHF08XTW1j2x81s0epmblgagcaMIcaq5nKSNuFt/2j/
+hXtGzNfI1njHIT8X6Fp4QeGqQiSlW90WVPoDPxfUHh8VvE/9Y0fnnHcDwGICb7LH
+on1mz76mcXNwOgA+dBmHKS/5t7/PBT/F7+UuORfYdoFKrnc7npVYhQmH06ENKHMS
+9Bmv
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec
new file mode 100644
index 0000000000..ab22807b9e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem
new file mode 100644
index 0000000000..ef22669f4d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTjCCATagAwIBAgIUOQNrYQz01j0SirgoHMLKbtGL9RowDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwMTMwMTAxMDAwMDAwWhgPMjAxNDAx
+MDEwMDAwMDBaMBwxGjAYBgNVBAMMEWVlLWludC1DQS1leHBpcmVkMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAEoWhyQzYrXHsYifN5FUYVocc/tI3uhj4CKRXbYI4lLeS3
+Ey2ozpjoMVNOapwMCwnI1jmt6DIG5bqBNHOhH6Mw4F2oyW5Dg/4nhz2pcQO+KIjP
+8ALwWvcaH93Mg3SqbqnOoz0wOzATBgNVHSUEDDAKBggrBgEFBQcDAzAkBgNVHREE
+HTAbghlvbmVDUkwtc2lnbmVyLm1vemlsbGEub3JnMA0GCSqGSIb3DQEBCwUAA4IB
+AQBZJPo4llgMe5588+BnRLnFguspIiwMWmTeqCfi8VQBx/tUwRiTizbU7J2Yh9bo
+yZEPKfPSP2o8J0eSUgvXdVOxU1fNRuocsVfXUlveq5x10ddjXBT9X4AY1mtR7HJw
+hl/7269N8b4itfrfvZmCBToJayjv0I2N84bqjpOnXJ/iB5YVdk8oZIJDXWi4SR3B
+E9IejwA1fikpt++RjpJSZ1BSNU7FfiyGGUonxHDoP/29znaOJnpAqaH5LVJCRkfN
+H12vePBbunZd+ay5r+mMJPaXR+V2sY8OaOfcrPSHQLa8Eb/EEhBuITMKkOucohjx
+zqvM6S2iOI9GbwHClybEHRO7
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem.certspec
new file mode 100644
index 0000000000..48fd9c8cc7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_expired.pem.certspec
@@ -0,0 +1,6 @@
+issuer:int-CA
+subject:ee-int-CA-expired
+subjectKey:secp384r1
+validity:20130101-20140101
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem
new file mode 100644
index 0000000000..6cf5c6a312
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVDCCATygAwIBAgIUbV+rBAfhGRv/bU22A92xneoAy3owDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwNTAwMTAxMDAwMDAwWhgPMjA1MTAx
+MDEwMDAwMDBaMCIxIDAeBgNVBAMMF2VlLWludC1DQS1ub3QteWV0LXZhbGlkMHYw
+EAYHKoZIzj0CAQYFK4EEACIDYgAEoWhyQzYrXHsYifN5FUYVocc/tI3uhj4CKRXb
+YI4lLeS3Ey2ozpjoMVNOapwMCwnI1jmt6DIG5bqBNHOhH6Mw4F2oyW5Dg/4nhz2p
+cQO+KIjP8ALwWvcaH93Mg3SqbqnOoz0wOzATBgNVHSUEDDAKBggrBgEFBQcDAzAk
+BgNVHREEHTAbghlvbmVDUkwtc2lnbmVyLm1vemlsbGEub3JnMA0GCSqGSIb3DQEB
+CwUAA4IBAQAjXmLNn2kLa/FzNp7F3PqcSXuAO2jT31Y2g4pZnVqCDfMqplsl2ZFn
+oam3wyQnepm3q9DD4BOAW9JFYR3wqnl9cBRNHlSGyjGM4qBpuSD6WxAz7EdFcRO6
+fcA50245fAuB45UJeYJ58QvIBv7AwoBGnqAI7ZDN3eIGopZIL56jiH7vO9WyQPWj
+XZAWrXTG68rEf0RxXRtjUv9coFiuInT8+oyXB3NwK2EbaI5IeR+x3qIDEgNKk+t+
+PlE3NrtaAiK19p0s9RtQQilBKNmo+5irrUq/OD2H1aurDaAXpLTM5vLUpfyN3/qD
+HzuZujaUIeMsRiXsIRDNql1S+nq4oNRy
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem.certspec
new file mode 100644
index 0000000000..b2926dfc42
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee_not_valid_yet.pem.certspec
@@ -0,0 +1,6 @@
+issuer:int-CA
+subject:ee-int-CA-not-yet-valid
+subjectKey:secp384r1
+validity:20500101-20510101
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem
new file mode 100644
index 0000000000..6c35f2f377
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIDCCAQigAwIBAgIUI9ZQ+lOT4QPSefKaSaGvSm4BzikwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBQxEjAQBgNVBAMMCWVlLW5vLVNBTjB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMtqM6Y6DFT
+TmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC8Fr3Gh/d
+zIN0qm6pzqMXMBUwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQAD
+ggEBABwtpcPoXa4bLLw8WCuLPMPm7RiWrj7ifWqeyNoQO+xIxIefZhFTxhs6yM0Y
+H+B2jSzrCmfslRaX0eZPQ3BOPPI0CCo4eZOlq7oNaltXCLP3NwPodLfxd8pGlOIK
+xpRB/+iyXu5bKHfG1v4XJ+g+yXPh8p0ykVJeH/hc/+kAhq4vey+0PB/KjIcpAsGo
+S7Yvbal7pSr0CQCxDB4mTWJeE1/FeTQpeFiIiCtvkEyLD+igxRlP5lbLOd6Lt5Oh
+BSJ6TnUdMajalOku3BufB5j4ynDBGNi9h935ZCOKWu3qgbFlIE1qZIJS+u7+2PTN
+vIlU3orErRSmuAlusdo6Z9YtxbQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec
new file mode 100644
index 0000000000..4a9b9a3ceb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-CA
+subject:ee-no-SAN
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem
new file mode 100644
index 0000000000..d76f4501cb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLDCCARSgAwIBAgIUV+E6VhJoKZrnCV22wV/aVW9aglwwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBcxFTATBgNVBAMMDGVlLXdyb25nLWtleTBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABE+/u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnS
+M0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME6qBKpsCjPTA7MBMGA1UdJQQMMAoGCCsG
+AQUFBwMDMCQGA1UdEQQdMBuCGW9uZUNSTC1zaWduZXIubW96aWxsYS5vcmcwDQYJ
+KoZIhvcNAQELBQADggEBAFOgIZXl0sf1hEH0H5fqGPshlMemqjhFZKPBgLlWl+3W
+wSIcuBPw5GSDkoQOdAxE/iIsLfZoC0PfYdee+twANQ13MMbwP0NmR78qJKLPOO4b
+yWRiQFaIU6fTleU7wSD6tcDtIsKAfTDNF6EiC3czw3XuOiNh4r7A2EJ3GyGuUq7d
+YgpwA5I2s3VjG/2lhRKP06UH/YGCpBTio23NUyzS2NINPhTnrLjyY2IWIp9EiXXj
+d6QRQ8ytp6wU/rI3HAueWOWEQ6dDWR5hfe0Y/QDB0n9hEBgf+lUOtuqpTs/ZK0eM
+HPC6swGdKVnJ1DCcfyzMsDIvGZKUyj8v6E2E7x8AdLk=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec
new file mode 100644
index 0000000000..fbc8e603f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee-wrong-key
+subjectKey:secp256r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem
new file mode 100644
index 0000000000..b2e7d3cdbb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUDCCATigAwIBAgIUd9FOUg8KGZnunc6wzwp+21rSdVswDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGaW50LUNBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
+oWhyQzYrXHsYifN5FUYVocc/tI3uhj4CKRXbYI4lLeS3Ey2ozpjoMVNOapwMCwnI
+1jmt6DIG5bqBNHOhH6Mw4F2oyW5Dg/4nhz2pcQO+KIjP8ALwWvcaH93Mg3SqbqnO
+o04wTDATBgNVHSUEDDAKBggrBgEFBQcDAzA1BgNVHREELjAsgipyZW1vdGVuZXd0
+YWIuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwDQYJKoZIhvcNAQELBQAD
+ggEBAJvuDgm64Fca8XKLPxCSaANEFXIQy3I0lvPqmRRFtkP8cNpgjaRQTNNwyRPL
+eI6VZv9IfecgjMNMcSbrdUPSmETA5M0kzH0lVBPsgzcv1EO6FFS+B9uwip52nKot
+HsWYhDIVKYFYLrFcBHS0qSaoPWUpRZ+igI0uBgzmSIBuZYLDbe0xcXzZmpdPnGYt
+pjRmTuNtJ8R/Qvbp37aTpN279AwhOP/uF+x3HdPgI4M1pQKjZ/Oxk9JHIeSafjG5
+58D1rGivjWYq6Yl1vwzBWwlPJvDAgADWCQR4wWjlXc0Hzn/393QRs3rvbkCFWZfi
+1GMOoGuxmHzb7VL+1Kf4igjHXcQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec
new file mode 100644
index 0000000000..81e1eefe1d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:remotenewtab.content-signature.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/pysign.py b/security/manager/ssl/tests/unit/test_content_signing/pysign.py
new file mode 100644
index 0000000000..23c6128aa2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/pysign.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Create an ECDSA signature on the P-384 curve using the SHA-384 hash of data from
+stdin. The key used for the signature is the secp384r1Encoded key used in pykey
+and pycert.
+
+The certificates for the content signature tests make use of this program.
+You can use pysign.py like this:
+
+cat test.txt | python pysign.py > test.txt.signature
+"""
+
+import base64
+import binascii
+import hashlib
+import pathlib
+import six
+import sys
+
+import ecdsa
+
+# For pykey, find the relative file location and add it to path
+toolsDir = (pathlib.Path(__file__).parents[4] / "tools").resolve()
+sys.path.append(str(toolsDir))
+import pykey
+
+data = sys.stdin.buffer.read()
+
+key = pykey.ECCKey("secp384r1")
+sig = key.signRaw(b"Content-Signature:\00" + data, pykey.HASH_SHA384)
+print(str(base64.b64encode(sig)).replace("+", "-").replace("/", "_"))
diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt b/security/manager/ssl/tests/unit/test_content_signing/test.txt
new file mode 100644
index 0000000000..2daac1cb00
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt
@@ -0,0 +1 @@
+This is a test file to test content-signature verification with a PKI.
diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature
new file mode 100644
index 0000000000..e613981473
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature
@@ -0,0 +1 @@
+hSvmvvA7_QLedDsjRJGBevqLwjPILx1EtWSPP4A0fepaWWPuuZRB8VfDT2j07bKDacRsbmJjmvg_R4CpKmnoWF8-2w5lSszlFFDqYSvQVQxpKhu-HMM_qquu_l0KecQ2
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/bad.stash b/security/manager/ssl/tests/unit/test_crlite_corrupted/bad.stash
new file mode 100644
index 0000000000..7bde8641b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_corrupted/bad.stash
@@ -0,0 +1 @@
+ÿÿÿÿ
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/hash-alg-0.filter b/security/manager/ssl/tests/unit/test_crlite_corrupted/hash-alg-0.filter
new file mode 100644
index 0000000000..f76dd238ad
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_corrupted/hash-alg-0.filter differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-issuer-id.enrollment b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-issuer-id.enrollment
new file mode 100644
index 0000000000..119fd67098
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-issuer-id.enrollment
@@ -0,0 +1,2 @@
+

	
+

\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-log-id.coverage b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-log-id.coverage
new file mode 100644
index 0000000000..119fd67098
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-log-id.coverage
@@ -0,0 +1,2 @@
+

	
+

\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-max-timestamp.coverage b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-max-timestamp.coverage
new file mode 100644
index 0000000000..787a2bdfc7
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-max-timestamp.coverage differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-min-timestamp.coverage b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-min-timestamp.coverage
new file mode 100644
index 0000000000..c76b47cac6
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_corrupted/trunc-min-timestamp.coverage differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.coverage b/security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.coverage
new file mode 100644
index 0000000000..d08c818596
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.coverage differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.enrollment b/security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.enrollment
new file mode 100644
index 0000000000..3ef70ac188
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_corrupted/version-0.enrollment differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_coverage_missing.js b/security/manager/ssl/tests/unit/test_crlite_coverage_missing.js
new file mode 100644
index 0000000000..2b71c3dfe2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_coverage_missing.js
@@ -0,0 +1,17 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted coverage file. Specifically, this handles the case
+// where the coverage file is missing.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = undefined;
+let enrollment = do_get_file("test_crlite_preexisting/crlite.enrollment");
+let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_coverage_trunc1.js b/security/manager/ssl/tests/unit/test_crlite_coverage_trunc1.js
new file mode 100644
index 0000000000..1782885964
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_coverage_trunc1.js
@@ -0,0 +1,17 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted coverage file. Specifically, this handles the case
+// where the coverage file is truncated in a LogID field.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = do_get_file("test_crlite_corrupted/trunc-log-id.coverage");
+let enrollment = do_get_file("test_crlite_preexisting/crlite.enrollment");
+let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_coverage_trunc2.js b/security/manager/ssl/tests/unit/test_crlite_coverage_trunc2.js
new file mode 100644
index 0000000000..0eed16bac3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_coverage_trunc2.js
@@ -0,0 +1,19 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted coverage file. Specifically, this handles the case
+// where the coverage file is truncated in a MinTimestamp field.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = do_get_file(
+  "test_crlite_corrupted/trunc-min-timestamp.coverage"
+);
+let enrollment = do_get_file("test_crlite_preexisting/crlite.enrollment");
+let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_coverage_trunc3.js b/security/manager/ssl/tests/unit/test_crlite_coverage_trunc3.js
new file mode 100644
index 0000000000..419a639b07
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_coverage_trunc3.js
@@ -0,0 +1,19 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted coverage file. Specifically, this handles the case
+// where the coverage file is truncated in a MaxTimestamp field.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = do_get_file(
+  "test_crlite_corrupted/trunc-max-timestamp.coverage"
+);
+let enrollment = do_get_file("test_crlite_preexisting/crlite.enrollment");
+let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_coverage_version.js b/security/manager/ssl/tests/unit/test_crlite_coverage_version.js
new file mode 100644
index 0000000000..1764e5abaf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_coverage_version.js
@@ -0,0 +1,17 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted coverage file. Specifically, this handles the case
+// where the coverage file's version is not recognized.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = do_get_file("test_crlite_corrupted/version-0.coverage");
+let enrollment = do_get_file("test_crlite_preexisting/crlite.enrollment");
+let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_enrollment_trunc1.js b/security/manager/ssl/tests/unit/test_crlite_enrollment_trunc1.js
new file mode 100644
index 0000000000..5f259f28a2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_enrollment_trunc1.js
@@ -0,0 +1,19 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted enrollment file. Specifically, this handles the case
+// where the enrollment file is truncated in an issuer ID field.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = do_get_file("test_crlite_preexisting/crlite.coverage");
+let enrollment = do_get_file(
+  "test_crlite_corrupted/trunc-issuer-id.enrollment"
+);
+let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_enrollment_version.js b/security/manager/ssl/tests/unit/test_crlite_enrollment_version.js
new file mode 100644
index 0000000000..8c673a47d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_enrollment_version.js
@@ -0,0 +1,17 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted enrollment file. Specifically, this handles the case
+// where the enrollment file's version is not recognized.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = do_get_file("test_crlite_preexisting/crlite.coverage");
+let enrollment = do_get_file("test_crlite_corrupted/version-0.enrollment");
+let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_filter_corrupted.js b/security/manager/ssl/tests/unit/test_crlite_filter_corrupted.js
new file mode 100644
index 0000000000..cc947d287f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filter_corrupted.js
@@ -0,0 +1,21 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted filter file.
+//
+// There are many ways that a filter file could be corrupted, but the parsing
+// is done in rust-cascade, not cert_storage, so it is sufficient for us to
+// test any form of corruption here. For simplicity we just try to load a
+// single \x00 byte as the filter.
+
+"use strict";
+
+/* eslint-disable no-unused-vars */
+let coverage = do_get_file("test_crlite_preexisting/crlite.coverage");
+let enrollment = do_get_file("test_crlite_preexisting/crlite.enrollment");
+let filter = do_get_file("test_crlite_corrupted/hash-alg-0.filter");
+
+load("./corrupted_crlite_helper.js");
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters.js b/security/manager/ssl/tests/unit/test_crlite_filters.js
new file mode 100644
index 0000000000..55fe4d75e3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters.js
@@ -0,0 +1,880 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite filter downloading works correctly.
+
+// The file `test_crlite_filters/20201017-0-filter` can be regenerated using
+// the rust-create-cascade program from https://github.com/mozilla/crlite.
+//
+// The input to this program is a list of known serial numbers and a list of
+// revoked serial numbers. The lists are presented as directories of files in
+// which each file holds serials for one issuer. The file names are
+// urlsafe-base64 encoded SHA256 hashes of issuer SPKIs. The file contents are
+// ascii hex encoded serial numbers. The program crlite_key.py in this directory
+// can generate these values for you.
+//
+// The test filter was generated as follows:
+//
+// $ ./crlite_key.py test_crlite_filters/issuer.pem test_crlite_filters/valid.pem
+// 8Rw90Ej3Ttt8RRkrg-WYDS9n7IS03bk5bjP_UXPtaY8=
+// 00da4f392bfd8bcea8
+//
+// $ ./crlite_key.py test_crlite_filters/issuer.pem test_crlite_filters/revoked.pem
+// 8Rw90Ej3Ttt8RRkrg-WYDS9n7IS03bk5bjP_UXPtaY8=
+// 2d35ca6503fb1ba3
+//
+// $ mkdir known revoked
+// $ echo "00da4f392bfd8bcea8" > known/8Rw90Ej3Ttt8RRkrg-WYDS9n7IS03bk5bjP_UXPtaY8\=
+// $ echo "2d35ca6503fb1ba3" >> known/8Rw90Ej3Ttt8RRkrg-WYDS9n7IS03bk5bjP_UXPtaY8\=
+// $ echo "2d35ca6503fb1ba3" > revoked/8Rw90Ej3Ttt8RRkrg-WYDS9n7IS03bk5bjP_UXPtaY8\=
+//
+// $ rust-create-cascade --known ./known/ --revoked ./revoked/
+//
+
+"use strict";
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+const { RemoteSecuritySettings } = ChromeUtils.importESModule(
+  "resource://gre/modules/psm/RemoteSecuritySettings.sys.mjs"
+);
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+const { CRLiteFiltersClient } = RemoteSecuritySettings.init();
+
+const CRLITE_FILTERS_ENABLED_PREF =
+  "security.remote_settings.crlite_filters.enabled";
+const INTERMEDIATES_ENABLED_PREF =
+  "security.remote_settings.intermediates.enabled";
+const INTERMEDIATES_DL_PER_POLL_PREF =
+  "security.remote_settings.intermediates.downloads_per_poll";
+
+// crlite_enrollment_id.py test_crlite_filters/issuer.pem
+const ISSUER_PEM_UID = "UbH9/ZAnjuqf79Xhah1mFOWo6ZvgQCgsdheWfjvVUM8=";
+// crlite_enrollment_id.py test_crlite_filters/no-sct-issuer.pem
+const NO_SCT_ISSUER_PEM_UID = "Myn7EasO1QikOtNmo/UZdh6snCAw0BOY6wgU8OsUeeY=";
+
+function getHashCommon(aStr, useBase64) {
+  let hasher = Cc["@mozilla.org/security/hash;1"].createInstance(
+    Ci.nsICryptoHash
+  );
+  hasher.init(Ci.nsICryptoHash.SHA256);
+  let stringStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stringStream.data = aStr;
+  hasher.updateFromStream(stringStream, -1);
+
+  return hasher.finish(useBase64);
+}
+
+// Get a hexified SHA-256 hash of the given string.
+function getHash(aStr) {
+  return hexify(getHashCommon(aStr, false));
+}
+
+// Get the name of the file in the test directory to serve as the attachment
+// for the given filter.
+function getFilenameForFilter(filter) {
+  if (filter.type == "full") {
+    return "20201017-0-filter";
+  }
+  if (filter.id == "0001") {
+    return "20201017-1-filter.stash";
+  }
+  // The addition of another stash file was written more than a month after
+  // other parts of this test. As such, the second stash file for October 17th,
+  // 2020 was not readily available. Since the structure of stash files don't
+  // depend on each other, though, any two stash files are compatible, and so
+  // this stash from December 1st is used instead.
+  return "20201201-3-filter.stash";
+}
+
+/**
+ * Simulate a Remote Settings synchronization by filling up the local data with
+ * fake records.
+ *
+ * @param {*} filters List of filters for which we will create records.
+ * @param {boolean} clear Whether or not to clear the local DB first. Defaults
+ *                        to true.
+ */
+async function syncAndDownload(filters, clear = true) {
+  const localDB = await CRLiteFiltersClient.client.db;
+  if (clear) {
+    await localDB.clear();
+  }
+
+  for (let filter of filters) {
+    const filename = getFilenameForFilter(filter);
+    const file = do_get_file(`test_crlite_filters/${filename}`);
+    const fileBytes = readFile(file);
+
+    const record = {
+      details: {
+        name: `${filter.timestamp}-${filter.type}`,
+      },
+      attachment: {
+        hash: getHash(fileBytes),
+        size: fileBytes.length,
+        filename,
+        location: `security-state-workspace/cert-revocations/test_crlite_filters/${filename}`,
+        mimetype: "application/octet-stream",
+      },
+      incremental: filter.type == "diff",
+      effectiveTimestamp: new Date(filter.timestamp).getTime(),
+      parent: filter.type == "diff" ? filter.parent : undefined,
+      id: filter.id,
+      coverage: filter.type == "full" ? filter.coverage : undefined,
+      enrolledIssuers:
+        filter.type == "full" ? filter.enrolledIssuers : undefined,
+    };
+
+    await localDB.create(record);
+  }
+  // This promise will wait for the end of downloading.
+  let promise = TestUtils.topicObserved(
+    "remote-security-settings:crlite-filters-downloaded"
+  );
+  // Simulate polling for changes, trigger the download of attachments.
+  Services.obs.notifyObservers(null, "remote-settings:changes-poll-end");
+  let results = await promise;
+  return results[1]; // topicObserved gives back a 2-array
+}
+
+add_task(async function test_crlite_filters_disabled() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, false);
+
+  let result = await syncAndDownload([
+    {
+      timestamp: "2019-01-01T00:00:00Z",
+      type: "full",
+      id: "0000",
+      coverage: [
+        {
+          logID: "9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOM=",
+          minTimestamp: 0,
+          maxTimestamp: 9999999999999,
+        },
+      ],
+    },
+  ]);
+  equal(result, "disabled", "CRLite filter download should not have run");
+});
+
+add_task(async function test_crlite_no_filters() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([]);
+  equal(
+    result,
+    "unavailable",
+    "CRLite filter download should have run, but nothing was available"
+  );
+});
+
+add_task(async function test_crlite_only_incremental_filters() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([
+    {
+      timestamp: "2019-01-01T06:00:00Z",
+      type: "diff",
+      id: "0001",
+      parent: "0000",
+    },
+    {
+      timestamp: "2019-01-01T18:00:00Z",
+      type: "diff",
+      id: "0002",
+      parent: "0001",
+    },
+    {
+      timestamp: "2019-01-01T12:00:00Z",
+      type: "diff",
+      id: "0003",
+      parent: "0002",
+    },
+  ]);
+  equal(
+    result,
+    "unavailable",
+    "CRLite filter download should have run, but no full filters were available"
+  );
+});
+
+add_task(async function test_crlite_incremental_filters_with_wrong_parent() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([
+    { timestamp: "2019-01-01T00:00:00Z", type: "full", id: "0000" },
+    {
+      timestamp: "2019-01-01T06:00:00Z",
+      type: "diff",
+      id: "0001",
+      parent: "0000",
+    },
+    {
+      timestamp: "2019-01-01T12:00:00Z",
+      type: "diff",
+      id: "0003",
+      parent: "0002",
+    },
+    {
+      timestamp: "2019-01-01T18:00:00Z",
+      type: "diff",
+      id: "0004",
+      parent: "0003",
+    },
+  ]);
+  let [status, filters] = result.split(";");
+  equal(status, "finished", "CRLite filter download should have run");
+  let filtersSplit = filters.split(",");
+  deepEqual(
+    filtersSplit,
+    ["2019-01-01T00:00:00Z-full", "2019-01-01T06:00:00Z-diff"],
+    "Should have downloaded the expected CRLite filters"
+  );
+});
+
+add_task(async function test_crlite_incremental_filter_too_early() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([
+    { timestamp: "2019-01-02T00:00:00Z", type: "full", id: "0000" },
+    {
+      timestamp: "2019-01-01T00:00:00Z",
+      type: "diff",
+      id: "0001",
+      parent: "0000",
+    },
+  ]);
+  equal(
+    result,
+    "finished;2019-01-02T00:00:00Z-full",
+    "CRLite filter download should have run"
+  );
+});
+
+add_task(async function test_crlite_filters_basic() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([
+    { timestamp: "2019-01-01T00:00:00Z", type: "full", id: "0000" },
+  ]);
+  equal(
+    result,
+    "finished;2019-01-01T00:00:00Z-full",
+    "CRLite filter download should have run"
+  );
+});
+
+add_task(async function test_crlite_filters_not_cached() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+  let filters = [
+    { timestamp: "2019-01-01T00:00:00Z", type: "full", id: "0000" },
+  ];
+  let result = await syncAndDownload(filters);
+  equal(
+    result,
+    "finished;2019-01-01T00:00:00Z-full",
+    "CRLite filter download should have run"
+  );
+
+  let records = await CRLiteFiltersClient.client.db.list();
+
+  // `syncAndDownload` should not cache the attachment, so this download should
+  // get the attachment from the source.
+  let attachment = await CRLiteFiltersClient.client.attachments.download(
+    records[0]
+  );
+  equal(attachment._source, "remote_match");
+  await CRLiteFiltersClient.client.attachments.deleteDownloaded(records[0]);
+});
+
+add_task(async function test_crlite_filters_full_and_incremental() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([
+    // These are deliberately listed out of order.
+    {
+      timestamp: "2019-01-01T06:00:00Z",
+      type: "diff",
+      id: "0001",
+      parent: "0000",
+    },
+    { timestamp: "2019-01-01T00:00:00Z", type: "full", id: "0000" },
+    {
+      timestamp: "2019-01-01T18:00:00Z",
+      type: "diff",
+      id: "0003",
+      parent: "0002",
+    },
+    {
+      timestamp: "2019-01-01T12:00:00Z",
+      type: "diff",
+      id: "0002",
+      parent: "0001",
+    },
+  ]);
+  let [status, filters] = result.split(";");
+  equal(status, "finished", "CRLite filter download should have run");
+  let filtersSplit = filters.split(",");
+  deepEqual(
+    filtersSplit,
+    [
+      "2019-01-01T00:00:00Z-full",
+      "2019-01-01T06:00:00Z-diff",
+      "2019-01-01T12:00:00Z-diff",
+      "2019-01-01T18:00:00Z-diff",
+    ],
+    "Should have downloaded the expected CRLite filters"
+  );
+});
+
+add_task(async function test_crlite_filters_multiple_days() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([
+    // These are deliberately listed out of order.
+    {
+      timestamp: "2019-01-02T06:00:00Z",
+      type: "diff",
+      id: "0011",
+      parent: "0010",
+    },
+    {
+      timestamp: "2019-01-03T12:00:00Z",
+      type: "diff",
+      id: "0022",
+      parent: "0021",
+    },
+    {
+      timestamp: "2019-01-02T12:00:00Z",
+      type: "diff",
+      id: "0012",
+      parent: "0011",
+    },
+    {
+      timestamp: "2019-01-03T18:00:00Z",
+      type: "diff",
+      id: "0023",
+      parent: "0022",
+    },
+    {
+      timestamp: "2019-01-02T18:00:00Z",
+      type: "diff",
+      id: "0013",
+      parent: "0012",
+    },
+    { timestamp: "2019-01-02T00:00:00Z", type: "full", id: "0010" },
+    { timestamp: "2019-01-03T00:00:00Z", type: "full", id: "0020" },
+    {
+      timestamp: "2019-01-01T06:00:00Z",
+      type: "diff",
+      id: "0001",
+      parent: "0000",
+    },
+    {
+      timestamp: "2019-01-01T18:00:00Z",
+      type: "diff",
+      id: "0003",
+      parent: "0002",
+    },
+    {
+      timestamp: "2019-01-01T12:00:00Z",
+      type: "diff",
+      id: "0002",
+      parent: "0001",
+    },
+    { timestamp: "2019-01-01T00:00:00Z", type: "full", id: "0000" },
+    {
+      timestamp: "2019-01-03T06:00:00Z",
+      type: "diff",
+      id: "0021",
+      parent: "0020",
+    },
+  ]);
+  let [status, filters] = result.split(";");
+  equal(status, "finished", "CRLite filter download should have run");
+  let filtersSplit = filters.split(",");
+  deepEqual(
+    filtersSplit,
+    [
+      "2019-01-03T00:00:00Z-full",
+      "2019-01-03T06:00:00Z-diff",
+      "2019-01-03T12:00:00Z-diff",
+      "2019-01-03T18:00:00Z-diff",
+    ],
+    "Should have downloaded the expected CRLite filters"
+  );
+});
+
+add_task(async function test_crlite_confirm_revocations_mode() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeConfirmRevocationsValue
+  );
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "test_crlite_filters/issuer.pem", ",,");
+  addCertFromFile(certdb, "test_crlite_filters/no-sct-issuer.pem", ",,");
+
+  let result = await syncAndDownload([
+    {
+      timestamp: "2020-10-17T00:00:00Z",
+      type: "full",
+      id: "0000",
+      coverage: [
+        {
+          logID: "9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOM=",
+          minTimestamp: 0,
+          maxTimestamp: 9999999999999,
+        },
+        {
+          logID: "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=",
+          minTimestamp: 0,
+          maxTimestamp: 9999999999999,
+        },
+      ],
+      enrolledIssuers: [ISSUER_PEM_UID, NO_SCT_ISSUER_PEM_UID],
+    },
+  ]);
+  equal(
+    result,
+    "finished;2020-10-17T00:00:00Z-full",
+    "CRLite filter download should have run"
+  );
+
+  // The CRLite result should be enforced for this certificate and
+  // OCSP should not be consulted.
+  let validCert = constructCertFromFile("test_crlite_filters/valid.pem");
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    undefined,
+    "vpn.worldofspeed.org",
+    0
+  );
+
+  // OCSP should be consulted for this certificate, but OCSP is disabled by
+  // Ci.nsIX509CertDB.FLAG_LOCAL_ONLY so this will be treated as a soft-failure
+  // and the CRLite result will be used.
+  let revokedCert = constructCertFromFile("test_crlite_filters/revoked.pem");
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    undefined,
+    "us-datarecovery.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  // Reload the filter w/o coverage and enrollment metadata.
+  result = await syncAndDownload([
+    {
+      timestamp: "2020-10-17T00:00:00Z",
+      type: "full",
+      id: "0000",
+      coverage: [],
+      enrolledIssuers: [],
+    },
+  ]);
+  equal(
+    result,
+    "finished;2020-10-17T00:00:00Z-full",
+    "CRLite filter download should have run"
+  );
+
+  // OCSP will be consulted for the revoked certificate, but a soft-failure
+  // should now result in a Success return.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    undefined,
+    "us-datarecovery.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+});
+
+add_task(async function test_crlite_filters_and_check_revocation() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeEnforcePrefValue
+  );
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "test_crlite_filters/issuer.pem", ",,");
+  addCertFromFile(certdb, "test_crlite_filters/no-sct-issuer.pem", ",,");
+
+  let result = await syncAndDownload([
+    {
+      timestamp: "2020-10-17T00:00:00Z",
+      type: "full",
+      id: "0000",
+      coverage: [
+        {
+          logID: "9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOM=",
+          minTimestamp: 0,
+          maxTimestamp: 9999999999999,
+        },
+        {
+          logID: "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=",
+          minTimestamp: 0,
+          maxTimestamp: 9999999999999,
+        },
+      ],
+      enrolledIssuers: [ISSUER_PEM_UID, NO_SCT_ISSUER_PEM_UID],
+    },
+  ]);
+  equal(
+    result,
+    "finished;2020-10-17T00:00:00Z-full",
+    "CRLite filter download should have run"
+  );
+
+  let validCert = constructCertFromFile("test_crlite_filters/valid.pem");
+  // NB: by not specifying Ci.nsIX509CertDB.FLAG_LOCAL_ONLY, this tests that
+  // the implementation does not fall back to OCSP fetching, because if it
+  // did, the implementation would attempt to connect to a server outside the
+  // test infrastructure, which would result in a crash in the test
+  // environment, which would be treated as a test failure.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "vpn.worldofspeed.org",
+    0
+  );
+
+  let revokedCert = constructCertFromFile("test_crlite_filters/revoked.pem");
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "us-datarecovery.com",
+    0
+  );
+
+  // Before any stashes are downloaded, this should verify successfully.
+  let revokedInStashCert = constructCertFromFile(
+    "test_crlite_filters/revoked-in-stash.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedInStashCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "stokedmoto.com",
+    0
+  );
+
+  result = await syncAndDownload(
+    [
+      {
+        timestamp: "2020-10-17T03:00:00Z",
+        type: "diff",
+        id: "0001",
+        parent: "0000",
+      },
+    ],
+    false
+  );
+  equal(
+    result,
+    "finished;2020-10-17T03:00:00Z-diff",
+    "Should have downloaded the expected CRLite filters"
+  );
+
+  // After downloading the first stash, this should be revoked.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedInStashCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "stokedmoto.com",
+    0
+  );
+
+  // Before downloading the second stash, this should not be revoked.
+  let revokedInStash2Cert = constructCertFromFile(
+    "test_crlite_filters/revoked-in-stash-2.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedInStash2Cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "icsreps.com",
+    0
+  );
+
+  result = await syncAndDownload(
+    [
+      {
+        timestamp: "2020-10-17T06:00:00Z",
+        type: "diff",
+        id: "0002",
+        parent: "0001",
+      },
+    ],
+    false
+  );
+  equal(
+    result,
+    "finished;2020-10-17T06:00:00Z-diff",
+    "Should have downloaded the expected CRLite filters"
+  );
+
+  // After downloading the second stash, this should be revoked.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedInStash2Cert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "icsreps.com",
+    0
+  );
+
+  // The other certificates should still get the same results as they did before.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "vpn.worldofspeed.org",
+    0
+  );
+
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "us-datarecovery.com",
+    0
+  );
+
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedInStashCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "stokedmoto.com",
+    0
+  );
+
+  // This certificate has no embedded SCTs, so it is not guaranteed to be in
+  // CT, so CRLite can't be guaranteed to give the correct answer, so it is
+  // not consulted, and the implementation falls back to OCSP. Since the real
+  // OCSP responder can't be reached, this results in a
+  // SEC_ERROR_OCSP_SERVER_ERROR.
+  let noSCTCert = constructCertFromFile("test_crlite_filters/no-sct.pem");
+  // NB: this will cause an OCSP request to be sent to localhost:80, but
+  // since an OCSP responder shouldn't be running on that port, this should
+  // fail safely.
+  Services.prefs.setCharPref("network.dns.localDomains", "ocsp.digicert.com");
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  await checkCertErrorGenericAtTime(
+    certdb,
+    noSCTCert,
+    SEC_ERROR_OCSP_SERVER_ERROR,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "mail233.messagelabs.com",
+    0
+  );
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("security.OCSP.require");
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+
+  // The revoked certificate example has one SCT from the log with ID "9ly...="
+  // at time 1598140096613 and another from the log with ID "XNx...=" at time
+  // 1598140096917. The filter we construct here fails to cover it by one
+  // millisecond in each case. The implementation will fall back to OCSP
+  // fetching. Since this would result in a crash and test failure, the
+  // Ci.nsIX509CertDB.FLAG_LOCAL_ONLY is used.
+  result = await syncAndDownload([
+    {
+      timestamp: "2020-10-17T00:00:00Z",
+      type: "full",
+      id: "0000",
+      coverage: [
+        {
+          logID: "9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOM=",
+          minTimestamp: 0,
+          maxTimestamp: 1598140096612,
+        },
+        {
+          logID: "XNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDso=",
+          minTimestamp: 1598140096917,
+          maxTimestamp: 9999999999999,
+        },
+      ],
+      enrolledIssuers: [ISSUER_PEM_UID, NO_SCT_ISSUER_PEM_UID],
+    },
+  ]);
+  equal(
+    result,
+    "finished;2020-10-17T00:00:00Z-full",
+    "CRLite filter download should have run"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "us-datarecovery.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+});
+
+add_task(async function test_crlite_filters_avoid_reprocessing_filters() {
+  Services.prefs.setBoolPref(CRLITE_FILTERS_ENABLED_PREF, true);
+
+  let result = await syncAndDownload([
+    {
+      timestamp: "2019-01-01T00:00:00Z",
+      type: "full",
+      id: "0000",
+      coverage: [
+        {
+          logID: "9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOM=",
+          minTimestamp: 0,
+          maxTimestamp: 9999999999999,
+        },
+      ],
+      enrolledIssuers: [ISSUER_PEM_UID, NO_SCT_ISSUER_PEM_UID],
+    },
+    {
+      timestamp: "2019-01-01T06:00:00Z",
+      type: "diff",
+      id: "0001",
+      parent: "0000",
+    },
+    {
+      timestamp: "2019-01-01T12:00:00Z",
+      type: "diff",
+      id: "0002",
+      parent: "0001",
+    },
+    {
+      timestamp: "2019-01-01T18:00:00Z",
+      type: "diff",
+      id: "0003",
+      parent: "0002",
+    },
+  ]);
+  let [status, filters] = result.split(";");
+  equal(status, "finished", "CRLite filter download should have run");
+  let filtersSplit = filters.split(",");
+  deepEqual(
+    filtersSplit,
+    [
+      "2019-01-01T00:00:00Z-full",
+      "2019-01-01T06:00:00Z-diff",
+      "2019-01-01T12:00:00Z-diff",
+      "2019-01-01T18:00:00Z-diff",
+    ],
+    "Should have downloaded the expected CRLite filters"
+  );
+  // This simulates another poll without clearing the database first. The
+  // filter and stashes should not be re-downloaded.
+  result = await syncAndDownload([], false);
+  equal(result, "finished;");
+
+  // If a new stash is added, only it should be downloaded.
+  result = await syncAndDownload(
+    [
+      {
+        timestamp: "2019-01-02T00:00:00Z",
+        type: "diff",
+        id: "0004",
+        parent: "0003",
+      },
+    ],
+    false
+  );
+  equal(result, "finished;2019-01-02T00:00:00Z-diff");
+});
+
+let server;
+
+function run_test() {
+  server = new HttpServer();
+  server.start(-1);
+  registerCleanupFunction(() => server.stop(() => {}));
+
+  server.registerDirectory(
+    "/cdn/security-state-workspace/cert-revocations/",
+    do_get_file(".")
+  );
+
+  server.registerPathHandler("/v1/", (request, response) => {
+    response.write(
+      JSON.stringify({
+        capabilities: {
+          attachments: {
+            base_url: `http://localhost:${server.identity.primaryPort}/cdn/`,
+          },
+        },
+      })
+    );
+    response.setHeader("Content-Type", "application/json; charset=UTF-8");
+    response.setStatusLine(null, 200, "OK");
+  });
+
+  Services.prefs.setCharPref(
+    "services.settings.server",
+    `http://localhost:${server.identity.primaryPort}/v1`
+  );
+
+  // Set intermediate preloading to download 0 intermediates at a time.
+  Services.prefs.setIntPref(INTERMEDIATES_DL_PER_POLL_PREF, 0);
+
+  Services.prefs.setCharPref("browser.policies.loglevel", "debug");
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/20201017-0-filter b/security/manager/ssl/tests/unit/test_crlite_filters/20201017-0-filter
new file mode 100644
index 0000000000..151cac41a9
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_filters/20201017-0-filter differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/20201017-1-filter.stash b/security/manager/ssl/tests/unit/test_crlite_filters/20201017-1-filter.stash
new file mode 100644
index 0000000000..d43193a78c
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_filters/20201017-1-filter.stash differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/20201201-3-filter.stash b/security/manager/ssl/tests/unit/test_crlite_filters/20201201-3-filter.stash
new file mode 100644
index 0000000000..52c9ee8d51
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_filters/20201201-3-filter.stash differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/issuer.pem b/security/manager/ssl/tests/unit/test_crlite_filters/issuer.pem
new file mode 100644
index 0000000000..ead19e3c14
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/issuer.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3
+MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE
+CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD
+EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD
+BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv
+K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e
+cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY
+pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n
+eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB
+AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv
+9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n
+b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG
+CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
+MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz
+91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2
+RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi
+DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11
+GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x
+LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/no-sct-issuer.pem b/security/manager/ssl/tests/unit/test_crlite_filters/no-sct-issuer.pem
new file mode 100644
index 0000000000..70b86dfd71
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/no-sct-issuer.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg
+U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83
+nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd
+KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f
+/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX
+kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0
+/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
+aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6
+Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1
+oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD
+QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
+d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh
+xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
+CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl
+5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA
+8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC
+2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit
+c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0
+j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/no-sct.pem b/security/manager/ssl/tests/unit/test_crlite_filters/no-sct.pem
new file mode 100644
index 0000000000..a690a0ad0d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/no-sct.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFpDCCBIygAwIBAgIQDVHBpbd6yyk2LgPoPr9QyjANBgkqhkiG9w0BAQsFADBN
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
+aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkxMTE4MDAwMDAwWhcN
+MjExMTE4MTIwMDAwWjCBlDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
+aWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHTAbBgNVBAoTFFN5bWFudGVjIENv
+cnBvcmF0aW9uMRcwFQYDVQQLEw5TeW1hbnRlYy5jbG91ZDEgMB4GA1UEAxMXbWFp
+bDIzMy5tZXNzYWdlbGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCyM1Fy9hAlahRqqeEnPKDWgUmsxofivWEWKNeSMEKcnXX3TCQOGbLQTthN
+xfNU7IWY8ViTPwQ8JBWWDxNhd6dTYLNnytKrNRG8qDQ3rFMKJY4p0dZImMp55X3W
+1xcKMxSOkPv0YUCGp7qlAHq6+N3YY1ILw6MRdJ75Njh4Kw8qe5F3rHLwD+AyYQmx
+3WsMCRp5NZtWUcU5Vbc9ca/osrh9xBF7U3ZYR6GoPXQlizrNjXv7/BaKWWO5ChbD
+iRI4Nj8d3HhWUHsJoGvYDof5Iudgtbubz3c5cwp6+VNNMas7izpvbixqW8zXdUug
+8v5v47IkRNYnlma/zvv2IDC1dVlxAgMBAAGjggI2MIICMjAfBgNVHSMEGDAWgBQP
+gGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUZnBdWwGQjkPX/+A2ZEYdUdnw
+lN8wfQYDVR0RBHYwdIIbY2x1c3RlcjguZXUubWVzc2FnZWxhYnMuY29tgh5jbHVz
+dGVyOG91dC5ldS5tZXNzYWdlbGFicy5jb22CHGNsdXN0ZXI4YS5ldS5tZXNzYWdl
+bGFicy5jb22CF21haWwyMzMubWVzc2FnZWxhYnMuY29tMA4GA1UdDwEB/wQEAwIF
+oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2g
+K4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6At
+oCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwG
+A1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
+LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggr
+BgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpo
+dHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
+dmVyQ0EuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAK7vS/qDcGKb
+QYu26+jGtBemopT3+2YJjtALeR62eNhF9LoHu+mnmNLvPI0M0NMhz56Ss/6sUHOz
+hJgB98SLAQ5ElSWXrnZThLIjsiH5X5MYTD0Y8MqzoJSi2Lf2Muy/UpyrD3wB14E1
+kUYhvUnaWDDPIN81DCFzEosBmnsRqr5zlcZSKs0e1LVQ8cNkt8svVkiwFgeOIhwo
+QF22GJAZPtRceSGlbRTFBYKh+u3KN8eNS/X+C935y+F4J/grufDCzRSGtRRseTcd
+1QW49+QME/rx1mBb7id4iXNKxvGuJTivBlxaHWBQLh/RGk39DSdHfjAhYvt2gmxh
+C3gxXMNrymE=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/notcovered.pem b/security/manager/ssl/tests/unit/test_crlite_filters/notcovered.pem
new file mode 100644
index 0000000000..bac70a76bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/notcovered.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGpzCCBY+gAwIBAgIIfLPIa/Mc/f4wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
+GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
+LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
+cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjIwMTA2MDA1MTI5WhcN
+MjMwMjA0MTUxNjQwWjAeMRwwGgYDVQQDExNwZWVrYWJvb3Bob25pY3MuY29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCKkB+36Yd/mBwwlq/F+B2R/
+ibNdUncADG1+xCB21TB6H0UWR1Aj92ZsIKXwXIyhj02VT58y0Oh4eycsMtEi/lLq
+KXhpWjRAMZaxjdyIrSJxpQVXC3v8Taej6PG2RewGMA3uXj+oWfl7t25JnEes1l2n
+JOnDXs5w4K0aDD1+r7wqCgZA7evmmdK3WJMWD/GSeF2hYcXFgb5dM2TiSRBGkv/9
+jMAvOSuJO8/kxKHLtLfM4I3O0gugB5Uyxtn5a6+P4vOphozsYgHqnSapCV8eAEN2
+SWRhFpfwsbt6/Dw/k38F2A5axSF0n+IQ49ejtWjs+f/GNTloieTsDbcpKkDSEwID
+AQABo4IDUDCCA0wwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6
+Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0zNzEwLmNybDBdBgNVHSAEVjBUMEgG
+C2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu
+Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGow
+aDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUF
+BzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
+Z2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMDcGA1Ud
+EQQwMC6CE3BlZWthYm9vcGhvbmljcy5jb22CF3d3dy5wZWVrYWJvb3Bob25pY3Mu
+Y29tMB0GA1UdDgQWBBRElZlefxDT9BFjvpeq7zP6TlVv+TCCAYEGCisGAQQB1nkC
+BAIEggFxBIIBbQFrAHcA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4A
+AAF+LN6rOQAABAMASDBGAiEAssjNEfjNFhpQmiFRCFZSr1zZk7ISWHqPIzoghyZ+
+UbgCIQDB6iKxtMkpx1I9P9uL40M93xynsb/3DVl1OX8pSO1n9gB3ADXPGRu/sWxX
+vw+tTG1Cy7u2JyAmUeo/4SrvqAPDO9ZMAAABfizerPwAAAQDAEgwRgIhANUhPyqm
+inLVPy1zUqikc64dwi0P/nvCoNtC1gO2cDHgAiEAjv1Gw04htq5OyTP3XYQTHsZW
+h35omGu+WCS68t8LnIEAdwB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1Lr
+UgAAAX4s3q2BAAAEAwBIMEYCIQDqxot9iMPghZbHZSegX98g1o5dvSsG1azMv290
+Cp+sBgIhALiMl5lj1A3nWkHTQKF9bF3ops5/ZxxJYE7XwBxlkZYYMA0GCSqGSIb3
+DQEBCwUAA4IBAQAOfIC7VLhn3oBYQKTzX4CN+249JN7l5tbSMqC2zjKRjOWOF3p/
+yNb2gk/v6EW0xN024E2yo8K4XF+QJMfzlwpsed1yuziYHIpjeiad7JGUs/57jdCo
+EUQrvwkuIeR5CZrGcXKG8nlVM5SaNhmId8XixnJz7XfEWiCxszlRkXIZ4Uhpwz2D
+XhQ8RE1DhwX3x6oO5y9Eu6o6+bz2Y14E0lL4hCng09UmrOFEUzVcO4bK8qsSp9oe
+1NNPlMQ3SD6RlGBy+2O5Iy8Kj4BRv2US2stuDeZWSvxp6N2RwLGBnDTyT08VAFD5
+SkulqE2/r6AHWNMe649z1clhq14i1+kQjEq5
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash-2.pem b/security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash-2.pem
new file mode 100644
index 0000000000..9550453493
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash-2.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGNTCCBR2gAwIBAgIIFn0oGKdatdgwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
+GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
+LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
+cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwOTI3MTE0MzI0WhcN
+MjExMDI5MTE0MzI0WjA5MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0
+ZWQxFDASBgNVBAMTC2ljc3JlcHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAydMKPhCqRWjy5h1aPUNdRb80kt0hP/g55ytjlSF04PG+1CbIcId1
+GJg1qkbTR1vqZyvaI8wjv3zdfvsvYbka9OQFJiOasJfeqmiA+sDd9AvFiD2EF5zN
+D9uKHi+sF8Ut4JMl7jqaRAu/gbjBvY/9ammkz4sUiTlp1x4rteda3tuX9O7yMO7U
+ldnyfabHgGmmm8KU3nvRAjNbHCq3J/V/zw8YeolXU5OpOeZMhI8KAGKpxk8tRiIb
+LkdSdCTWoKgXO60extYcGTxIT8c8zfY6OoN0VaQY8HA1VyBZQIw2RTWivmI8le0J
+ypXYxNcUtInS0ivO4ymiNnCjYR9pgQ6+tQIDAQABo4ICwzCCAr8wDAYDVR0TAQH/
+BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQD
+AgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Rp
+ZzJzMS0yMzM0LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYB
+BQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9y
+eS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDov
+L29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNh
+dGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaA
+FEDCvSeOzDSDMKIz1/tss/C0LIDOMCcGA1UdEQQgMB6CC2ljc3JlcHMuY29tgg93
+d3cuaWNzcmVwcy5jb20wHQYDVR0OBBYEFEgqFQnM5zH3cKFGtFanJxxD9zdPMIIB
+BAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98M
+LyALzE7xZOMAAAF0z1/40gAABAMARjBEAiADSOnqg/I15y+dJDSWta8NzBwE6Xti
+UzyBKMT2OYHCYwIgb1aFpZxlkhx6XCCuniBLTcr5JbhigoM/lAfUmvvUqrIAdwBc
+3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXTPX/oBAAAEAwBIMEYC
+IQD6WvavTba+Lydf6uhaaxcRmhuuPeddzSmC8t4+tBLGGgIhANJPxhRl1pGYm6WX
+ay9jPCM2SqtBraOJYncaV6k37zGYMA0GCSqGSIb3DQEBCwUAA4IBAQA0IknIoU51
+FCBqpksgo7zR9OJj5MoQmlsQbzSFppdRKgyHhk8rW6IrBi3yrtWjo3HxcwihZlJQ
+2AbinRTNnHvBpiiiXXxR5u9yVly+9l3KfF/uHIGMnIqsahaKXNOy5h98uq4o4N0+
+YCGu9wSeDwtaCzdT+V447Fq63nmW629pjwin8FYCz2S8RdztranPZuOgwYqBNlWu
+u3Mi9DWIV2hP6eFwMZh7BWgbvnhWiI37TE74YQ+3cEVaLxLHJH9jkBjsel+ZwVIo
+9xeE6kGsh5+D0uHS5NWf9zu+fvW0iTgsB8J4VX5OihAa1v4FS4IaF3snkaMa0PCd
+MJMOgY5VkZiw
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash.pem b/security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash.pem
new file mode 100644
index 0000000000..1073159662
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/revoked-in-stash.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGPTCCBSWgAwIBAgIJAJeW47AXop8NMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
+MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
+cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
+dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTIwMDgyMjIzMDI0NVoX
+DTIxMDkyMTIxMTYxMVowPDEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
+dGVkMRcwFQYDVQQDEw5zdG9rZWRtb3RvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANLX8D4Cin6x2bmoSdgnuw9O+tGcD1x1S++3110NJVXUlpSc
+3uSUwqpU4rMOkJlRnuaBtHXYUFG8NMMnbTJYY9JuuhAlnHzVqoRWmcTNRp72fpDA
+XoD3U20spJeGQZXuQnGfe/k9EouvXt5du029YqItkFbjdbub4FP5MbIz1CWeelEn
+fEwpe/peLVYEfKSyYf325tFI9wZhuIM/zTe9DE6lauznM8hg1ioiBujxzeWWSstZ
+K2uJKaI8nlWkSr6vwPqJEBvvoShcWHFEmG8SWqPBy1tsNsLNjJkaHfD7gvG/J1Rc
+G21D0XO2IA0rEo6lo8MNEkWoHZA/oHO1eHrCjNkCAwEAAaOCAscwggLDMAwGA1Ud
+EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB
+/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29t
+L2dkaWcyczEtMjIzNy5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcG
+CCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9z
+aXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRp
+ZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSME
+GDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAtBgNVHREEJjAkgg5zdG9rZWRtb3Rv
+LmNvbYISd3d3LnN0b2tlZG1vdG8uY29tMB0GA1UdDgQWBBTP8YI0WwVBgvg5GABQ
+fUksbk6evjCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC/RdzAiFFQYCDCU
+Vo7jTRMZM7/fDC8gC8xO8WTjAAABdBhpJtAAAAQDAEYwRAIgcrebTXyuMk/ciVyg
+LMbbd6qbkyB3yRAY1QnBs5sGK1ICIGw6EpH/NMXcOfYdkuSmhSYgUx0AIDdT9QWH
+rRIT50D3AHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAF0GGko
+AwAABAMARjBEAiBtzQQHVVML3yZhZRsLLhJkYcc11nXeU/S/rouOZCCZQQIgVYKY
+jgjCU5HQyY6R5PZQTsCQGWiaOm1VguAIgPbvKzYwDQYJKoZIhvcNAQELBQADggEB
+AH6jCZU9+5TMaR5XThGL/z8EYQ1uFVN0hlXXB+gP3IDQLmyxkqrk9cOSf1D6fLRT
+5T4tGzPLvmReBLfrzQEkuqkXpUieortbpi116V82K+zBDT5s9Dol6+MxhwIZyZ7K
+DkHSbcFyiV9hkr2bf8JZzjvpCOfw9kYZTcYv8M8kheIOQsONdfe/rqNQnMRy56UZ
+OGZmxqDT2RwbewHEMAEb5ZsZ55/UHq08vZSVSA8qIqX/BU+7frwwt4vmv4WQ7AoJ
+YNml0TdV4R27NlnvhbAclucuqEMBcBg8gNylvKD3Mid7O4c5gCX5Wuml6rLpOr05
+vpJJqSf0uy73EtNcyTqfwUQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/revoked.pem b/security/manager/ssl/tests/unit/test_crlite_filters/revoked.pem
new file mode 100644
index 0000000000..ece7360def
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/revoked.pem
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIHTjCCBjagAwIBAgIILTXKZQP7G6MwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
+GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
+LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
+cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwODIyMjM0ODE1WhcN
+MjEwMTE0MjEwMzAxWjBDMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0
+ZWQxHjAcBgNVBAMMFSoudXMtZGF0YXJlY292ZXJ5LmNvbTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKzuSr8LaH2Aw/G1aKN4URo0RwaFv4+7MzM0RVTB
+189BdE8rgNRfxskoAVfte+iftO7P5qjg+1Jx8SCE1ZCNT2TGtcYwlsjyNLnbP3xV
+Cq514bODlwimOKLhpUFH1/ofO4/enbU8E4hlxS4DPtOGbsjouTiRHAOLsi7D+WT3
+3pZelFa5Hgmed5dL/CCJTiwbF10lbTXNwLgI7efUqiwvHRwf/CXEW9IvKJ9HG2We
+tT9ouQGOHfz4fyGOMN268dHqP89K+auCcf9b3BzzWOsknhmDisl+06WaIJe/W7Dn
++eG07nAuJLhE6nH9KLYiU2X5CHnLPvBTOPDdm/hzH84hnHkX2pSbst4d1aNtU4uP
+hyQcE5aMfnV7Yr1ZQUlLreCKzwIAb6BKqF/gHMASXUX7Fw5OFUHxV1xcPbcHQLs6
+D3XAoLBzopTR4YjxIDqhS3pkxHu5u9OEzFfaeP5zYnrj69Bke3lrdbrKV8aXIxHn
+xh9xJV4zAaPoHe8ze03zvdBXfu69DU+TTQkRfzJSZx/sXV6BHe15WGSHZxe0i61z
+wA1Oi7QgySMKIKSs6dsPOqppmePc3seMJy7y0FSxF1Kq6a1tR+W3j2WT9nY1c4Wb
+4LWc+0gDK3nvibJbFqCfnPznq/Q+q0V6m9BqBNjvqyyWXbgzCVn7qcT4apiP47IV
++MiBAgMBAAGjggLSMIICzjAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYn
+aHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTIyMzcuY3JsMF0GA1UdIARW
+MFQwSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmlj
+YXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUH
+AQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYI
+KwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3Np
+dG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4w
+NQYDVR0RBC4wLIIVKi51cy1kYXRhcmVjb3ZlcnkuY29tghN1cy1kYXRhcmVjb3Zl
+cnkuY29tMB0GA1UdDgQWBBTooRcQfblnnD7pJFCZfGGcf4kD4jCCAQUGCisGAQQB
+1nkCBAIEgfYEgfMA8QB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTj
+AAABdBiSoGUAAAQDAEgwRgIhAI4Cd+FhKsWdUZkBugaburD9dzdlVHSxKq6oYNyI
+vmIIAiEAwlmkvAiPb9nwDirqe7MZud5nu/lmq/Ip7M1xSKuraykAdgBc3EOS/uar
+RUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXQYkqGUAAAEAwBHMEUCIQCpYqq+
+Uc881tR+ikvsR97FRl6jBfxG50Sum+cdHEQkYQIgZJbGaeNoDS9+LAKI88NNRiCK
+vtQZkwWigDYr+2dWguYwDQYJKoZIhvcNAQELBQADggEBAD+sj44+86AvdVUrAN9h
+cU6kt4I6K1TM0KBmKg3rG8JEY7+Ec4Rztls3uviLR0ajH5tkQPwD7vRBVrLVDtQS
+Ndt2StR38AXiBRWwewy/sPMz11YzOPLyHaTl4pJVfyzHJ+rPdWuFZLtpTras/MIK
+IFnnbInlh5XtRhDCv6UEkAmGu5BeftA+9XxTuZlbwQlO5U1yg9Hqor9zANMqX9Ad
+3omIZrPtBkTdVOwHRU8SoaS6XxQ9jxcmWRgNTVAhU1/J7Bgvg3CPSpcHyV78sXkS
+D9bb1f4jdadaMKuJc0mTHBAxZenr3IFV8upf2FRTJnrCiS0jX8kKobN/+04Gbev6
+Tr0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_filters/valid.pem b/security/manager/ssl/tests/unit/test_crlite_filters/valid.pem
new file mode 100644
index 0000000000..6769ba3d37
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_filters/valid.pem
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGyTCCBbGgAwIBAgIJANpPOSv9i86oMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
+MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
+cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
+dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE4MTAxNTE5NTQxNFoX
+DTIwMTAyNDE4MzczOFowQjEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
+dGVkMR0wGwYDVQQDExR2cG4ud29ybGRvZnNwZWVkLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKb1cjhtYv6yiyZa1feabWaSBOCmN0JuqXIMkX3r
+4g+5heKAwPFlPFbZ3vZ3DQXiliV7jb5nhlx0O6nYG+MoGFmj6hEHDptCASAfdd3j
+4tCxg0FlilXgrgMkJCg+SjW0npZ86jMkfc0WzufUyMjxv2pUUicPNXyWbaQr+PCq
+zs6AsOkmuQ8RUUAqZ+Q0EJfQnjuhql7NCdByNui9S2LmrPcV6TAHHeTwKX733edv
+zsNzaLNgE6TLGXSSRvsW/eZ/uNScPHLybE4wdxxCDwSYCPwaQq34csc3a8SUTWfS
+4UkdbOn7j5sZPx7Jj0uUlm20ZDsj2FUi/0SXNvz5flFQbVsCAwEAAaOCA00wggNJ
+MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4G
+A1UdDwEB/wQEAwIFoDA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmdvZGFk
+ZHkuY29tL2dkaWcyczEtODc4LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcB
+MDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20v
+cmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcw
+AYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8v
+Y2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8G
+A1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMDkGA1UdEQQyMDCCFHZwbi53
+b3JsZG9mc3BlZWQub3Jnghh3d3cudnBuLndvcmxkb2ZzcGVlZC5vcmcwHQYDVR0O
+BBYEFGjmOgodY5yPX19UPVcACFpVExz1MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFp
+AWcAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWZ5SxEeAAAE
+AwBHMEUCIEL5OLHwBpIALbEnLFQntFlGBe8Oko6U/arr15jU4sLDAiEA6uy8DEnh
+PFLOxXDC3ZaeOlK2+cdx76IAr6M6As74ETEAdgDuS723dc5guuFCaR+r4Z5mow9+
+X7By2IMAxHuJeqj9ywAAAWZ5SxMzAAAEAwBHMEUCIFWIeePa6jdf6y9o/YYxoqWr
+Je3j8W94e4f5bixaGPiyAiEA7aJRZI+aWCE/zz5DpvcyRgkIoSKS3+dKS2irf/mp
+qx0AdQBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAWZ5SxPjAAAE
+AwBGMEQCIEkYw6g/cIZBdOUh+ETwl2XX2S0Bv8iGGiaOKOoXqVK6AiAh3eqABfMc
+9b/wLJZo186YgbzmbZB0N3y5TUJKK1oMYDANBgkqhkiG9w0BAQsFAAOCAQEAPEwx
+d597oqiP9/TN8RDrZqhn4uLZ9K5mXOD93RorUN8T8O1kV0B4UcXM1CkU2zxv4a9S
+tG3diHjmfJgcrhpa4i19sZD7+QpTU8j0e82JlsB3MpbtuaiBwqb979c5qNPixQlJ
+kDs4DWf8kV+4B9/DWWLDKvs+FtL8ST8n+LfwstZqi2EyK+1ZyM0p9hkUAzrT/M2h
+Ou1DYELbCt2HaKMHMPSlrkESG7Q9v9Ba23EXElG+oFXxgnPwk4n84rYG8lI8pPyA
+clunJNqc2cISUTDMdgGctCFdSVGyEq+8VVG5Y6Od5LMwtOLKcv+VPi17+iGfxNt/
++dAMbzGIlDuJELwn0g==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_crlite_preexisting.js b/security/manager/ssl/tests/unit/test_crlite_preexisting.js
new file mode 100644
index 0000000000..c788a11b54
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_preexisting.js
@@ -0,0 +1,208 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that starting a profile with a preexisting CRLite filter and stash
+// works correctly.
+
+"use strict";
+
+add_task(async function test_preexisting_crlite_data() {
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeEnforcePrefValue
+  );
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  // These need to be available to be able to find them during path building
+  // for certificate verification.
+  let issuerCert = constructCertFromFile("test_crlite_filters/issuer.pem");
+  ok(issuerCert, "issuer certificate should decode successfully");
+  let noSCTCertIssuer = constructCertFromFile(
+    "test_crlite_filters/no-sct-issuer.pem"
+  );
+  ok(
+    noSCTCertIssuer,
+    "issuer certificate for certificate without SCTs should decode successfully"
+  );
+
+  let validCert = constructCertFromFile("test_crlite_filters/valid.pem");
+  let revokedCert = constructCertFromFile("test_crlite_filters/revoked.pem");
+
+  // We didn't load a data.bin file, so the filter is not considered fresh and
+  // we should get a "no filter" result. We later test that CRLite considers
+  // this cert to be revoked. So success here shows that CRLite is not
+  // consulted when the filter is stale.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "us-datarecovery.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  // Add an empty stash to ensure the filter is considered to be fresh.
+  await new Promise(resolve => {
+    certStorage.addCRLiteStash(new Uint8Array([]), (rv, _) => {
+      Assert.equal(rv, Cr.NS_OK, "marked filter as fresh");
+      resolve();
+    });
+  });
+
+  // NB: by not specifying Ci.nsIX509CertDB.FLAG_LOCAL_ONLY, this tests that
+  // the implementation does not fall back to OCSP fetching, because if it
+  // did, the implementation would attempt to connect to a server outside the
+  // test infrastructure, which would result in a crash in the test
+  // environment, which would be treated as a test failure.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "vpn.worldofspeed.org",
+    0
+  );
+
+  // NB: by not specifying Ci.nsIX509CertDB.FLAG_LOCAL_ONLY, this tests that
+  // the implementation does not fall back to OCSP fetching, because if it
+  // did, the implementation would attempt to connect to a server outside the
+  // test infrastructure, which would result in a crash in the test
+  // environment, which would be treated as a test failure.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "vpn.worldofspeed.org",
+    0
+  );
+
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "us-datarecovery.com",
+    0
+  );
+
+  let revokedInStashCert = constructCertFromFile(
+    "test_crlite_filters/revoked-in-stash.pem"
+  );
+  // The stash may not have loaded yet, so await a task that ensures the stash
+  // loading task has completed.
+  await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_INCREMENTAL,
+      (rv, _) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve();
+      }
+    );
+  });
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedInStashCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "stokedmoto.com",
+    0
+  );
+
+  let revokedInStash2Cert = constructCertFromFile(
+    "test_crlite_filters/revoked-in-stash-2.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedInStash2Cert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "icsreps.com",
+    0
+  );
+
+  // This certificate has no embedded SCTs, so it is not guaranteed to be in
+  // CT, so CRLite can't be guaranteed to give the correct answer, so it is
+  // not consulted, and the implementation falls back to OCSP. Since the real
+  // OCSP responder can't be reached, this results in a
+  // SEC_ERROR_OCSP_SERVER_ERROR.
+  let noSCTCert = constructCertFromFile("test_crlite_filters/no-sct.pem");
+  // NB: this will cause an OCSP request to be sent to localhost:80, but
+  // since an OCSP responder shouldn't be running on that port, this should
+  // fail safely.
+  Services.prefs.setCharPref("network.dns.localDomains", "ocsp.digicert.com");
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  await checkCertErrorGenericAtTime(
+    certdb,
+    noSCTCert,
+    SEC_ERROR_OCSP_SERVER_ERROR,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    false,
+    "mail233.messagelabs.com",
+    0
+  );
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("security.OCSP.require");
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+
+  let notCoveredCert = constructCertFromFile(
+    "test_crlite_filters/notcovered.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    notCoveredCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2022-01-07T00:00:00Z").getTime() / 1000,
+    false,
+    "peekaboophonics.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+});
+
+function run_test() {
+  let securityStateDirectory = do_get_profile();
+  securityStateDirectory.append("security_state");
+  // For simplicity, re-use the filter from test_crlite_filters.js.
+  let crilteFile = do_get_file("test_crlite_filters/20201017-0-filter");
+  crilteFile.copyTo(securityStateDirectory, "crlite.filter");
+  // This stash file and the following cert storage file were obtained by
+  // running just the task `test_crlite_filters_and_check_revocation` in
+  // test_crlite_filters.js, causing it to hang (by adding something like
+  // `add_test(() => {});`), and then copying the files from the temporary
+  // profile directory.
+  let stashFile = do_get_file("test_crlite_preexisting/crlite.stash");
+  stashFile.copyTo(securityStateDirectory, "crlite.stash");
+  let coverageFile = do_get_file("test_crlite_preexisting/crlite.coverage");
+  coverageFile.copyTo(securityStateDirectory, "crlite.coverage");
+  let enrollmentFile = do_get_file("test_crlite_preexisting/crlite.enrollment");
+  enrollmentFile.copyTo(securityStateDirectory, "crlite.enrollment");
+  let certStorageFile = do_get_file(
+    "test_crlite_preexisting/crlite.enrollment"
+  );
+  certStorageFile.copyTo(securityStateDirectory, "crlite.enrollment");
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.coverage b/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.coverage
new file mode 100644
index 0000000000..2bd13319e5
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.coverage differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.enrollment b/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.enrollment
new file mode 100644
index 0000000000..7f34283ded
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.enrollment
@@ -0,0 +1 @@
+
3)û«Õ¤:Óf£õv¬œ 0ИëðëyæQ±ýý�'ŽêŸïÕájfå¨é›à@(,v–~;ÕPÏ
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.stash b/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.stash
new file mode 100644
index 0000000000..25bd87d8eb
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_crlite_preexisting/crlite.stash differ
diff --git a/security/manager/ssl/tests/unit/test_crlite_stash_corrupted.js b/security/manager/ssl/tests/unit/test_crlite_stash_corrupted.js
new file mode 100644
index 0000000000..707e2f400b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_crlite_stash_corrupted.js
@@ -0,0 +1,91 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that CRLite is left in the uninitialized state when the profile
+// contains a corrupted stash file.
+
+"use strict";
+
+add_task(async function test_crlite_stash_corrupted() {
+  let securityStateDirectory = do_get_profile();
+  securityStateDirectory.append("security_state");
+
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeEnforcePrefValue
+  );
+
+  let coverage = do_get_file("test_crlite_preexisting/crlite.coverage");
+  coverage.copyTo(securityStateDirectory, "crlite.coverage");
+
+  let enrollment = do_get_file("test_crlite_preexisting/crlite.enrollment");
+  enrollment.copyTo(securityStateDirectory, "crlite.enrollment");
+
+  let filter = do_get_file("test_crlite_filters/20201017-0-filter");
+  filter.copyTo(securityStateDirectory, "crlite.filter");
+
+  let stash = do_get_file("test_crlite_corrupted/bad.stash");
+  stash.copyTo(securityStateDirectory, "crlite.stash");
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+
+  // Add an empty stash to ensure the filter is considered to be fresh.
+  await new Promise(resolve => {
+    certStorage.addCRLiteStash(new Uint8Array([]), (rv, _) => {
+      Assert.equal(rv, Cr.NS_OK, "marked filter as fresh");
+      resolve();
+    });
+  });
+
+  // Await a task that ensures the stash loading task has completed.
+  await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_INCREMENTAL,
+      (rv, _) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve();
+      }
+    );
+  });
+
+  // This certificate is revoked according to `test_crlite_filters/20201017-0-filter`.
+  // Its issuer is enrolled according to `test_crlite_preexisting/crlite.enrollment`,
+  // and it is covered according to `test_crlite_preexisting/crlite.coverage`.
+  let revokedCert = constructCertFromFile("test_crlite_filters/revoked.pem");
+
+  // The issuer's certificate needs to be available for path building.
+  let issuerCert = constructCertFromFile("test_crlite_filters/issuer.pem");
+  ok(issuerCert, "issuer certificate should decode successfully");
+
+  // Loading the stash should not have caused any problems, and `revokedCert`
+  // should be marked as revoked.
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2020-10-20T00:00:00Z").getTime() / 1000,
+    undefined,
+    "us-datarecovery.com",
+    0
+  );
+
+  let hasFilter = await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_FULL,
+      (rv, result) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve(result);
+      }
+    );
+  });
+  Assert.equal(hasFilter, true, "CRLite should have a filter");
+});
diff --git a/security/manager/ssl/tests/unit/test_ct.js b/security/manager/ssl/tests/unit/test_ct.js
new file mode 100644
index 0000000000..1f436eb44d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct.js
@@ -0,0 +1,72 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+function expectCT(value) {
+  return securityInfo => {
+    Assert.equal(
+      securityInfo.certificateTransparencyStatus,
+      value,
+      "actual and expected CT status should match"
+    );
+  };
+}
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.pki.certificate_transparency.mode");
+  let cert = constructCertFromFile("test_ct/ct-valid.example.com.pem");
+  setCertTrust(cert, ",,");
+});
+
+function run_test() {
+  Services.prefs.setIntPref("security.pki.certificate_transparency.mode", 1);
+  add_tls_server_setup("BadCertAndPinningServer", "test_ct");
+  // These certificates have a validity period of 800 days, which is a little
+  // over 2 years and 2 months. This gets rounded down to 2 years (since it's
+  // less than 2 years and 3 months). Our policy requires N + 1 embedded SCTs,
+  // where N is 2 in this case. So, a policy-compliant certificate would have at
+  // least 3 SCTs.
+  add_connection_test(
+    "ct-valid.example.com",
+    PRErrorCodeSuccess,
+    null,
+    expectCT(
+      Ci.nsITransportSecurityInfo.CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT
+    )
+  );
+  // This certificate has only 2 embedded SCTs, and so is not policy-compliant.
+  add_connection_test(
+    "ct-insufficient-scts.example.com",
+    PRErrorCodeSuccess,
+    null,
+    expectCT(
+      Ci.nsITransportSecurityInfo
+        .CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS
+    )
+  );
+
+  // Test that if an end-entity is marked as a trust anchor, CT verification
+  // returns a "not enough SCTs" result.
+  add_test(() => {
+    let cert = constructCertFromFile("test_ct/ct-valid.example.com.pem");
+    setCertTrust(cert, "CTu,,");
+    clearSessionCache();
+    run_next_test();
+  });
+  add_connection_test(
+    "ct-valid.example.com",
+    PRErrorCodeSuccess,
+    null,
+    expectCT(
+      Ci.nsITransportSecurityInfo
+        .CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS
+    )
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem b/security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem
new file mode 100644
index 0000000000..dc5ba854a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEsjCCA5qgAwIBAgIUO1A7IKB0sCUgXosbjKr2+i1ynO0wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjArMSkwJwYDVQQDDCBjdC1pbnN1ZmZpY2llbnQtc2N0cy5leGFt
+cGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOCAeEwggHdMBgGA1UdEQQRMA+CDSouZXhhbXBsZS5jb20w
+ggG/BgorBgEEAdZ5AgQCBIIBrwSCAasBqQB2ACq4MEQzuRTe0vMeQgfyUcF6N6CS
+aFLZCAIG+F5XORYqAAABUfp73AAAAAQDAEcwRQIgXHVRnxMRUM1dit4go7wGMJH/
+snN1XzFk7P3LQoAKcOYCIQCukSzwRcH5LaZUGjQQswNOAf0giSm/7LC6Awq+EMMD
+jAEvADEI9rbdchgH8BaVhE2FAla2cZNgg9u9OTSgUFJQGiiSAAABUfp73AAAAAQB
+AQBfrqR5eXq3/2XT6FUWtKVv8DHpP6VnLw8rARRr3GJM8nd4SMk/ds+1nWLFT+Uu
+CNm2wcVImCmumIi9zWoaWbh5xWpO2SN4KX85vZVhhsyPH27iR9M9PZ/OEblBJdIz
+W/QFLBKRmFe06GyLq0LuW5aQun+tjGx//dm0LB4Sug1NixnEUYUhCt4uGdcEyohj
+Hk95Gv89hAtiz2O6GS2fMzoe78IoN2d7XaCXNWTz4JkMCwTUwkxbpn76f/kGyD1K
++usjemQdVBOhZ8KE46+wZiI3BgqugHrmWY2xpr6oZxYbKzrVC3+BuKMI4sDDsX64
+pR88XkOqvluKcfxtTnVjhKmyMA0GCSqGSIb3DQEBCwUAA4IBAQAjm3TIr026oz6N
+DZyj2+9PqoOYsngraVhZlogvwWK/GIkcNUGupczij7JdoCA5b4szCcaYqSC/gTMl
+kp9YmrUzYjbI8OU7KIwPazx/3QZzZDmmUUvTlM5cfDhDPJX0MmwypzM+klmRJKh4
+2hyE6TiKmoARMLDSrHxLaU43Ph8Q9PDricAdUk+r87Xq/z2785l32XJUeXFFbM1A
+ZrD059jjQX+oWucVxdql9+SM/ZnHC5gnZS+UOIYY9USu1FhSyX8OqwlrLzl0GeI1
+GLrgvHPBLYhbl6NtdVHxXrAy6ueL89wPZevBkAZ6G5GXDhtbrdLQuXIvluWyRfRu
+PjrboP8a
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem.certspec b/security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem.certspec
new file mode 100644
index 0000000000..c40f26d5d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/ct-insufficient-scts.example.com.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:ct-insufficient-scts.example.com
+extension:subjectAlternativeName:*.example.com
+extension:embeddedSCTList:secp256r1:20160101,alternate:20160101
diff --git a/security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem b/security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem
new file mode 100644
index 0000000000..539a558f4a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF1zCCBL+gAwIBAgIUVcPTyId6kLmdmBE+lvZPcEuHWWowDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRjdC12YWxpZC5leGFtcGxlLmNvbTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaOCAxIwggMOMBgGA1UdEQQRMA+CDSouZXhhbXBsZS5jb20wggLwBgorBgEEAdZ5
+AgQCBIIC4ASCAtwC2gEvAFQiJZjzPTZIBULa7ODmuU3hXA7ujFkUykjXXjxIToA/
+AAABUfp73AAAAAQBAQApU8txbrW74luVlVcqhBmSPgDDrO1DJwJD5Nh0AFi+IHUp
+1HGttD5v4631GMKg6YQurbxBjIyf2XoIEcz0ItvcH6JAn5DQ+hnNVN38CFy2LKvQ
+fZ5+YMmbQQICUZvNaknC5QDD04CmfcJBNtE6f2NOsw2ssUOEy37fnHIQNqb68YWG
+HMJDHdhhN/PdPA55ew79w1Q8l5+ShU0sewGQkXMsWiNVPJwf/YZ9ZwglcVZMTU7S
+w00EntzeShcDb8XVsCNvuw/7R10cW9XEnFxC+/aIZp/MnbagJctiKpuEioPpkJtz
+UHa2G8j98u21W4ZRYpzUjuhtZMXg4WrAt2kMQtKEAHYAKrgwRDO5FN7S8x5CB/JR
+wXo3oJJoUtkIAgb4Xlc5FioAAAFR+nvcAAAABAMARzBFAiBcdVGfExFQzV2K3iCj
+vAYwkf+yc3VfMWTs/ctCgApw5gIhAKuTtYDsjlbPaI0qWB+4k+jdEMRWTLeoLyGe
+0OFrQx5lAS8AMQj2tt1yGAfwFpWETYUCVrZxk2CD2705NKBQUlAaKJIAAAFR+nvc
+AAAABAEBAEBwuP6rrIG0L8/cMl/TNSQBumJtza2IzHNGQ8Y1nrhzYebNwrcrm+gB
+ur+EalPi7JucxOehxiiRvWNVhQ5gk1TG78GWnrWQMHCAiISGGNRru5MyIlu+VqY4
+dae1sKb9jiuQ1zm1PnZnpIfUxr2Q4oKVwkCMPl0m+ddbAaNBbuhfqdd8vCY9GeAf
+tfRq3Zm7Zrwj3nqQduAMErRbZ3ief6vUGmJR4JY6pHfhf9xE65LpsPbWo2DSI5br
+2jTojixZ6B6ECtHTvZWohypMbbb2tMEdVPCRRwuWar0mhfQ9w/EaDkd3smVfuxJp
+hfFTN2pvqKHAMkQMj7Q1wOWZC1Y/cREwDQYJKoZIhvcNAQELBQADggEBAGeXrpKU
+mMhXj+8NlmQFd5GoqUHEWIz6Ryz4esAznDDphASxRSnzzYzzRoti3M6Dk3QvHvUG
+d/cU2pmhZBonKBeGbAkXIHkv1jGQfzr0/KrTPALl61RUFZ9xxp4UXGH8fJUtMIko
+sg4YMvsMsgobX6PozctO+teNWG4fsOfSRJACFbqGzOEJh/lVA0VWDbABHOBoNRw4
+m254+oECn39t4WAenTAbqueF3fKN18WvWNYiY2OIYyfolipg9/YnZwhGXOlPVIzQ
+xpcKKBaRYWgmHRZlm5r34ywxYrG2MqkvK9D6eBB5EVGJQg2ClvgnO+GRbFjNG602
+sSp/9KiOM6Z4HiQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem.certspec b/security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem.certspec
new file mode 100644
index 0000000000..0ecf46d89c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/ct-valid.example.com.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:ct-valid.example.com
+extension:subjectAlternativeName:*.example.com
+extension:embeddedSCTList:default:20160101,secp256r1:20160101,alternate:20160101
diff --git a/security/manager/ssl/tests/unit/test_ct/default-ee.key b/security/manager/ssl/tests/unit/test_ct/default-ee.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_ct/default-ee.key.keyspec b/security/manager/ssl/tests/unit/test_ct/default-ee.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ct/default-ee.pem b/security/manager/ssl/tests/unit/test_ct/default-ee.pem
new file mode 100644
index 0000000000..5dc7cf4ef8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUOYwND1zpte36abEsvdvudfnxjHgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcow
+gccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tghUqLnBp
+bm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu
+ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQBr5H7lb24bMQYGDFY5qeMDNcti
+AI4rI7Nu0aMvZtDcxqHkIg/a7nr7WeQc3gCg8mUJ6xvreXxRswrudZzjjsGiTbym
+qjEz7HYrbvdWh5bLtdL7aoP1KmFD722guwdXVYQ7tx65oHroH+UCU28VT/+WzsHc
+5OjBqZvR928aWEXwIen9lhdk/5Rq2IrFqCTuUrNR5aiP6gJZoy4nIh3IFIxqWzsm
+lOjqvzSQIuo+gLN7oduafrwetpp8ywSrDVTtp9yckIHuW8css+OZLfqbFPMSFRJo
+Qee+FhxaGgDoRGk8oVGYyTJYUPIReZa5dtNPKs1JQvdqhIeUwA3GnJBTFCan
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ct/default-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ct/default-ee.pem.certspec
new file mode 100644
index 0000000000..554339ff52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/test_ct/test-ca.pem b/security/manager/ssl/tests/unit/test_ct/test-ca.pem
new file mode 100644
index 0000000000..67e7ca56e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAbugAwIBAgIUP5NBbozOXrtwcuQwu3pzUXbOl7owDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjASMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEABBSMkSBFq/bK
+LpntIx6QJdqPtmnjdjwTpCbQyKKfQjjrazCfru5SheZq7ACtQ0uWFokUOQhB+Xvv
+sqy9HqJhK4UN0zfNPjtkHOSbNefWXOseEzA6XxuaCzQXWOp1WNNPnfdtYZizy6hT
+fKuKjhniKLmIQD61KNl7Ev1hWUhWC7R8U+IFztXusYYFUUmqqaZ/v7lNfY1sHu4k
+zHQFp+xqeaXvkoRpTXhoSdwDQ7ldquwqMM0NIQXlhtcmg7IYwZBGlJgzoejN4k2H
+2WycvxPW70I10NeAAhtie1+K4JHwr6/SLLwCCnJDoRMMpMhM9/853Ye/4PTDGhuK
+fqhEoHH9Ig==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ct/test-ca.pem.certspec b/security/manager/ssl/tests/unit/test_ct/test-ca.pem.certspec
new file mode 100644
index 0000000000..5d2435d7bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ct/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test CA
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_db_format_pref_new.js b/security/manager/ssl/tests/unit/test_db_format_pref_new.js
new file mode 100644
index 0000000000..9921948927
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_db_format_pref_new.js
@@ -0,0 +1,30 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests that when PSM initializes, we create the sqlite-backed certificate and
+// key databases.
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let certificateDBFile = profileDir.clone();
+  let certificateDBName = "cert9.db";
+  certificateDBFile.append(certificateDBName);
+  ok(
+    !certificateDBFile.exists(),
+    `${certificateDBName} should not exist beforehand`
+  );
+  let keyDBFile = profileDir.clone();
+  let keyDBName = "key4.db";
+  keyDBFile.append(keyDBName);
+  ok(!keyDBFile.exists(), `${keyDBName} should not exist beforehand`);
+  // This should start PSM.
+  Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+  ok(
+    certificateDBFile.exists(),
+    `${certificateDBName} should exist in the profile`
+  );
+  ok(keyDBFile.exists(), `${keyDBName} should exist in the profile`);
+}
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials.js b/security/manager/ssl/tests/unit/test_delegated_credentials.js
new file mode 100644
index 0000000000..1bb6f70aad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials.js
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests handling of certificates marked as permitting delegated credentials
+
+function shouldBeDelegatedCredential(aTransportSecurityInfo) {
+  Assert.ok(
+    aTransportSecurityInfo.isDelegatedCredential,
+    "This host should have used a delegated credential"
+  );
+}
+
+function shouldNotBeDelegatedCredential(aTransportSecurityInfo) {
+  Assert.ok(
+    !aTransportSecurityInfo.isDelegatedCredential,
+    "This host should not have used a delegated credential"
+  );
+}
+
+do_get_profile();
+
+add_tls_server_setup(
+  "DelegatedCredentialsServer",
+  "test_delegated_credentials"
+);
+
+// Test:
+// Server certificate supports DC
+// Server DC support enabled
+// Client DC support disabled
+// Result: Successful connection without DC
+add_test(function () {
+  clearSessionCache();
+  Services.prefs.setBoolPref(
+    "security.tls.enable_delegated_credentials",
+    false
+  );
+  run_next_test();
+});
+add_connection_test(
+  "delegated-enabled.example.com",
+  PRErrorCodeSuccess,
+  null,
+  shouldNotBeDelegatedCredential
+);
+
+// Test:
+// Server certificate does not support DC
+// Server DC support enabled
+// Client DC support enabled
+// Result: SSL_ERROR_DC_INVALID_KEY_USAGE from client when
+//         checking DC against EE cert, no DC in aTransportSecurityInfo.
+add_test(function () {
+  clearSessionCache();
+  Services.prefs.setBoolPref("security.tls.enable_delegated_credentials", true);
+  run_next_test();
+});
+add_connection_test(
+  "standard-enabled.example.com",
+  SSL_ERROR_DC_INVALID_KEY_USAGE,
+  null,
+  // We'll never |mHaveCipherSuiteAndProtocol|,
+  // and therefore can't check IsDelegatedCredential
+  null
+);
+
+// Test:
+// Server certificate supports DC
+// Server DC support disabled
+// Client DC support enabled
+// Result: Successful connection without DC
+add_connection_test(
+  "delegated-disabled.example.com",
+  PRErrorCodeSuccess,
+  null,
+  shouldNotBeDelegatedCredential
+);
+
+// Test:
+// Server certificate supports DC
+// Server DC support enabled
+// Client DC support enabled
+// Result: Successful connection with DC
+add_connection_test(
+  "delegated-enabled.example.com",
+  PRErrorCodeSuccess,
+  null,
+  shouldBeDelegatedCredential
+);
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key
new file mode 100644
index 0000000000..a926a54efb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIZFAPVcQvxWiZYGM
+1C7W/t8JrdkteLGOeh6f65VSRwKhRANCAARPv7u7YeD4+bGmClmshwTi7AULQj48
+9y6SPyxPeUtFXCpp0jNFbDbEEZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbA
+-----END EC PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key.keyspec b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key.keyspec
new file mode 100644
index 0000000000..03c3ce198f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.key.keyspec
@@ -0,0 +1 @@
+secp256r1
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem
new file mode 100644
index 0000000000..4ee85cb1eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICSDCCATCgAwIBAgIUN26/sySuiNB+ynuprhHIoxsuFXQwDQYJKoZIhvcNAQEL
+BQAwLDEqMCgGA1UEAwwhZGVsZWdhdGVkLWNyZWRlbnRpYWwtaW50ZXJtZWRpYXRl
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMBUxEzARBgNVBAMM
+CmRlZmF1bHQtZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARPv7u7YeD4+bGm
+ClmshwTi7AULQj489y6SPyxPeUtFXCpp0jNFbDbEEZ0HBuAO7cjRk5DXmRt7LQej
+BOqgSqbAo0AwPjATBgNVHSUEDDAKBggrBgEFBQcDATAnBgNVHREEIDAeghxzdGFu
+ZGFyZC1lbmFibGVkLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBIxTo+
+s5Tg/YrX0tLgg0rKcrZumJdN64j10IW1JwKCgYqoP/XhXK5AEISudekcedjrQOtb
+Kalacxn9Pecmw+EiDvhXklxQfZKSHBtsecLtmQnr2RaDdbxQx+ebAmAtn4y9MwjO
+rWVqdW80viHcsn+1S/+uDF8tNPuBTTInLh7yYRwBZ1O44sT/w/5DXujmjefK5LoK
+VORWpnHZ9JA1jVEj4MHlhHXky6og2SG+10WnouvmOGKJsV7JfWrUe/ogMnW1nkEZ
+dcOBIqjHQWLCWKd27ZQASmTZThVDHoN+QnXe/dEYwBaCcUmoafM+uis9A2zcMdJw
+o6scbgbJMwgS/e/d
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem.certspec b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem.certspec
new file mode 100644
index 0000000000..5ebe9b5ba7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/default-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:delegated-credential-intermediate
+subjectKey:secp256r1
+subject:default-ee
+extension:extKeyUsage:serverAuth
+extension:subjectAlternativeName:standard-enabled.example.com
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem
new file mode 100644
index 0000000000..8da0838e6f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiTCCAXGgAwIBAgIUXdQo1CMJjWFQKxkJ45F9RpbesCQwDQYJKoZIhvcNAQEL
+BQAwLDEqMCgGA1UEAwwhZGVsZWdhdGVkLWNyZWRlbnRpYWwtaW50ZXJtZWRpYXRl
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMBcxFTATBgNVBAMM
+DGRlbGVnYXRlZC1lZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5
+saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3st
+B6ME6qBKpsCjfzB9MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDBI
+BgNVHREEQTA/gh1kZWxlZ2F0ZWQtZW5hYmxlZC5leGFtcGxlLmNvbYIeZGVsZWdh
+dGVkLWRpc2FibGVkLmV4YW1wbGUuY29tMA8GCSsGAQQBgtpLLAQCBQAwDQYJKoZI
+hvcNAQELBQADggEBABih6ICVs7RsbhTEhAJQ16rrD36fF0fCe+1XqUy52nUaQuAj
+a2JWbkqp24Ib76dU40B40L7Pd4ksmYnazKS4aFZ8HrTRKfPzmKR743Jex6rcFiRM
+0JnqLw75p5LbZcOfW4+Nu1AzhgUiPp1u0PJnfCbVTlcCkyS3Fb+SH7knCftF6BJt
+zS+ZQFRzorbVjjUAkUeN2B7qeesYJVLqFpGfhsTSge9+F8JIAqE9Fso7+a+sHuhp
+5ItAKczQkFcXwyCdTCBnNo4yy7NvQ66tNj6+v0ifHnINg3wqd2gOAJ9xMY7mGE7F
+uXi/dBWquWVHsg481ybTW20Ovk4HWJz33Ylxc6E=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem.certspec b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem.certspec
new file mode 100644
index 0000000000..e90fa3b646
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated-ee.pem.certspec
@@ -0,0 +1,7 @@
+issuer:delegated-credential-intermediate
+subject:delegated-ee
+subjectKey:secp256r1
+extension:extKeyUsage:serverAuth
+extension:keyUsage:digitalSignature,keyEncipherment
+extension:subjectAlternativeName:delegated-enabled.example.com,delegated-disabled.example.com
+extension:delegationUsage:
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key
new file mode 100644
index 0000000000..1c1af40bda
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDADXHobENn6/oN7ZK2S
+8i9c7QeJGGU4ZptcbYcs7D2SYSKzk3crV2Av8xNl7+E5MkahZANiAAShaHJDNitc
+exiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05qnAwLCcjWOa3oMgbl
+uoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyDdKpuqc4=
+-----END EC PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key.keyspec b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key.keyspec
new file mode 100644
index 0000000000..11f041d996
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key.keyspec
@@ -0,0 +1 @@
+secp384r1
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem b/security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem
new file mode 100644
index 0000000000..8090606694
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAdugAwIBAgIUV5QPCtt30cr0OHQqp5FKh9iORPUwDQYJKoZIhvcNAQEL
+BQAwIjEgMB4GA1UEAwwXZGVsZWdhdGVkLWNyZWRlbnRpYWwtY2EwIhgPMjAyMTEx
+MjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZGVsZWdhdGVk
+LWNyZWRlbnRpYWwtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
+AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7snna6hblvBPTwNKeReVfshWDEeeW4cFM
+zDZIxdQ+Xh9dWSZHN8fT0r4ZH621vnfipRqlfKTNp2/472WfVLGWRJSBX/bSqfVG
+EH2SQVixHOAHnmgi2zfE6XY0O5CT1IoHLNOEoGkpPXXgpw6ya/XPWHNw/I+Poj9F
+sEnot00uDdn3yO/mzMyHaOnWoKoycLIPHxsRQb/twRYFs5rypEzXvRd2IWj6E0Kj
+TDAusnuYrzZOyTG+pqvq7V9Xr5igwD29f48KQVYRu+wuXaxH8KXw8nB3N7+rhMOW
+x9nnItSoPDkZI2fxWedhDF6YLoDPkISZpw8/4vs4kVkBAgjnKxZ5
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem.certspec b/security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem.certspec
new file mode 100644
index 0000000000..91227f5da0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:delegated-credential-ca
+subject:delegated-credential-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem b/security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem
new file mode 100644
index 0000000000..dbeca6352f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIUJRD5PaFbjcWhPAHq+mbNZw66NKowDQYJKoZIhvcNAQEL
+BQAwIjEgMB4GA1UEAwwXZGVsZWdhdGVkLWNyZWRlbnRpYWwtY2EwIhgPMjAyMTEx
+MjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowLDEqMCgGA1UEAwwhZGVsZWdhdGVk
+LWNyZWRlbnRpYWwtaW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/
+MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAeRvreFXifukKi5uoS290
+3UcsmVcGiPGrFFBvOi279MqzZFawGwsAFD9hCrQbx6Ym3PvMdKjcwAb/sVGui7b8
+NYKXt7U5hSvncWQOFShK0eWUYZp7yVUt+ZPd0NPpmP5QGbnBoR4YVAuubb/lLycZ
+r3tt41pYBKhOBov4AX2Rab16yW619pClss4Qqd7pIAimSXYxRFh0p8FRh8c9a2tK
+Cc8qA0tc8lQfem1Z1gWHhUMiFBTS0HRwRr6s4JqYVJcu1zMzU6QxEDzTClA3BVHB
+tiSwVSDRg2blzlIbaAD4OQwip9aTzQQw0Sc7wV//UOjuR5DmcX5d6Qd18qE5NQHR
+aA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem.certspec b/security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem.certspec
new file mode 100644
index 0000000000..64cc4e5693
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials/test-int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:delegated-credential-ca
+subject:delegated-credential-intermediate
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_der.js b/security/manager/ssl/tests/unit/test_der.js
new file mode 100644
index 0000000000..2d125488e9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_der.js
@@ -0,0 +1,345 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests DER.jsm functionality.
+
+// Until DER.jsm is actually used in production code, this is where we have to
+// import it from.
+var { DER } = ChromeUtils.importESModule(
+  "resource://gre/modules/psm/DER.sys.mjs"
+);
+
+function run_simple_tests() {
+  throws(
+    () => new DER.DERDecoder("this is not an array"),
+    /invalid input/,
+    "should throw given non-array input"
+  );
+
+  let testReadByte = new DER.DERDecoder([0x0a, 0x0b]);
+  equal(testReadByte.readByte(), 0x0a, "should read 0x0a");
+  equal(testReadByte.readByte(), 0x0b, "should read 0x0b");
+  throws(
+    () => testReadByte.readByte(),
+    /data truncated/,
+    "reading more data than is available should fail"
+  );
+
+  let testReadBytes = new DER.DERDecoder([0x0c, 0x0d, 0x0e]);
+  deepEqual(
+    testReadBytes.readBytes(3),
+    [0x0c, 0x0d, 0x0e],
+    "should read correct sequence of bytes"
+  );
+
+  let testReadNegativeBytes = new DER.DERDecoder([0xff, 0xaf]);
+  throws(
+    () => testReadNegativeBytes.readBytes(-4),
+    /invalid length/,
+    "reading a negative number of bytes should fail"
+  );
+
+  let testReadZeroBytes = new DER.DERDecoder([]);
+  equal(
+    testReadZeroBytes.readBytes(0).length,
+    0,
+    "reading zero bytes should result in a zero-length array"
+  );
+
+  let testReadTooManyBytes = new DER.DERDecoder([0xab, 0xcd, 0xef]);
+  throws(
+    () => testReadTooManyBytes.readBytes(4),
+    /data truncated/,
+    "reading too many bytes should fail"
+  );
+
+  let testSEQUENCE = new DER.DERDecoder([0x30, 0x01, 0x01]);
+  let content = testSEQUENCE.readTagAndGetContents(DER.SEQUENCE);
+  equal(content.length, 1, "content should have length 1");
+  equal(content[0], 1, "value of content should be [1]");
+  ok(testSEQUENCE.atEnd(), "testSEQUENCE should be at the end of its input");
+  testSEQUENCE.assertAtEnd();
+
+  // The length purports to be 4 bytes, but there are only 2 available.
+  let truncatedSEQUENCE = new DER.DERDecoder([0x30, 0x04, 0x00, 0x00]);
+  throws(
+    () => truncatedSEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+    /data truncated/,
+    "should get 'data truncated' error"
+  );
+
+  // With 2 bytes of content, there is 1 remaining after reading the content.
+  let extraDataSEQUENCE = new DER.DERDecoder([0x30, 0x02, 0xab, 0xcd, 0xef]);
+  content = extraDataSEQUENCE.readTagAndGetContents(DER.SEQUENCE);
+  equal(content.length, 2, "content should have length 2");
+  deepEqual(content, [0xab, 0xcd], "value of content should be [0xab, 0xcd]");
+  ok(
+    !extraDataSEQUENCE.atEnd(),
+    "extraDataSEQUENCE should not be at the end of its input"
+  );
+  throws(
+    () => extraDataSEQUENCE.assertAtEnd(),
+    /extra data/,
+    "should get 'extra data' error"
+  );
+
+  // The length of 0x81 0x01 is invalid because it could be encoded as just
+  // 0x01, which is shorter.
+  let invalidLengthSEQUENCE1 = new DER.DERDecoder([0x30, 0x81, 0x01, 0x00]);
+  throws(
+    () => invalidLengthSEQUENCE1.readTagAndGetContents(DER.SEQUENCE),
+    /invalid length/,
+    "should get 'invalid length' error"
+  );
+
+  // Similarly, 0x82 0x00 0x01 could be encoded as just 0x01, which is shorter.
+  let invalidLengthSEQUENCE2 = new DER.DERDecoder([
+    0x30, 0x82, 0x00, 0x01, 0x00,
+  ]);
+  throws(
+    () => invalidLengthSEQUENCE2.readTagAndGetContents(DER.SEQUENCE),
+    /invalid length/,
+    "should get 'invalid length' error"
+  );
+
+  // Lengths requiring 4 bytes to encode are not supported.
+  let unsupportedLengthSEQUENCE = new DER.DERDecoder([
+    0x30, 0x83, 0x01, 0x01, 0x01,
+  ]);
+  throws(
+    () => unsupportedLengthSEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+    /unsupported length/,
+    "should get 'unsupported length' error"
+  );
+
+  // Indefinite lengths are not supported (and aren't DER anyway).
+  let unsupportedASN1SEQUENCE = new DER.DERDecoder([
+    0x30, 0x80, 0x01, 0x00, 0x00,
+  ]);
+  throws(
+    () => unsupportedASN1SEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+    /unsupported asn.1/,
+    "should get 'unsupported asn.1' error"
+  );
+
+  let unexpectedTag = new DER.DERDecoder([0x31, 0x01, 0x00]);
+  throws(
+    () => unexpectedTag.readTagAndGetContents(DER.SEQUENCE),
+    /unexpected tag/,
+    "should get 'unexpected tag' error"
+  );
+
+  let readTLVTestcase = new DER.DERDecoder([0x02, 0x03, 0x45, 0x67, 0x89]);
+  let bytes = readTLVTestcase.readTLV();
+  deepEqual(
+    bytes,
+    [0x02, 0x03, 0x45, 0x67, 0x89],
+    "bytes read with readTLV should be equal to expected value"
+  );
+
+  let peekTagTestcase = new DER.DERDecoder([0x30, 0x01, 0x00]);
+  ok(
+    peekTagTestcase.peekTag(DER.SEQUENCE),
+    "peekTag should return true for peeking with a SEQUENCE at a SEQUENCE"
+  );
+  ok(
+    !peekTagTestcase.peekTag(DER.SET),
+    "peekTag should return false for peeking with a SET at a SEQUENCE"
+  );
+  peekTagTestcase.readTLV();
+  ok(
+    !peekTagTestcase.peekTag(DER.SEQUENCE),
+    "peekTag should return false for peeking at a DER with no more data"
+  );
+
+  let tlvChoiceTestcase = new DER.DERDecoder([0x31, 0x02, 0xaa, 0xbb]);
+  let tlvChoiceContents = tlvChoiceTestcase.readTLVChoice([DER.NULL, DER.SET]);
+  deepEqual(
+    tlvChoiceContents,
+    [0x31, 0x02, 0xaa, 0xbb],
+    "readTLVChoice should return expected bytes"
+  );
+
+  let tlvChoiceNoMatchTestcase = new DER.DERDecoder([0x30, 0x01, 0xff]);
+  throws(
+    () => tlvChoiceNoMatchTestcase.readTLVChoice([DER.NULL, DER.SET]),
+    /unexpected tag/,
+    "readTLVChoice should throw if no matching tag is found"
+  );
+}
+
+function run_bit_string_tests() {
+  let bitstringDER = new DER.DERDecoder([0x03, 0x04, 0x03, 0x01, 0x02, 0xf8]);
+  let bitstring = bitstringDER.readBIT_STRING();
+  equal(bitstring.unusedBits, 3, "BIT STRING should have 3 unused bits");
+  deepEqual(
+    bitstring.contents,
+    [0x01, 0x02, 0xf8],
+    "BIT STRING should have expected contents"
+  );
+
+  let bitstringTooManyUnusedBits = new DER.DERDecoder([0x03, 0x02, 0x08, 0x00]);
+  throws(
+    () => bitstringTooManyUnusedBits.readBIT_STRING(),
+    /invalid BIT STRING encoding/,
+    "BIT STRING with too many unused bits should throw"
+  );
+
+  // A BIT STRING must have the unused bits byte, and so its length must be at
+  // least one.
+  let bitstringMissingUnusedBits = new DER.DERDecoder([0x03, 0x00]);
+  throws(
+    () => bitstringMissingUnusedBits.readBIT_STRING(),
+    /invalid BIT STRING encoding/,
+    "BIT STRING with missing unused bits (and no contents) should throw"
+  );
+
+  // The minimal BIT STRING is 03 01 00 (zero bits of padding and zero bytes of
+  // content).
+  let minimalBitstringDER = new DER.DERDecoder([0x03, 0x01, 0x00]);
+  let minimalBitstring = minimalBitstringDER.readBIT_STRING();
+  equal(
+    minimalBitstring.unusedBits,
+    0,
+    "minimal BIT STRING should have 0 unused bits"
+  );
+  equal(
+    minimalBitstring.contents.length,
+    0,
+    "minimal BIT STRING should have empty contents"
+  );
+
+  // However, a BIT STRING with zero bytes of content can't have any padding,
+  // because that makes no sense.
+  let noContentsPaddedBitstringDER = new DER.DERDecoder([0x03, 0x01, 0x03]);
+  throws(
+    () => noContentsPaddedBitstringDER.readBIT_STRING(),
+    /invalid BIT STRING encoding/,
+    "BIT STRING with no contents with non-zero padding should throw"
+  );
+}
+
+function run_compound_tests() {
+  let derBytes = [
+    0x30,
+    0x1a, // SEQUENCE
+    0x02,
+    0x02,
+    0x77,
+    0xff, //   INTEGER
+    0x06,
+    0x03,
+    0x2b,
+    0x01,
+    0x01, //   OBJECT IDENTIFIER
+    0x30,
+    0x07, //   SEQUENCE
+    0x05,
+    0x00, //     NULL
+    0x02,
+    0x03,
+    0x45,
+    0x46,
+    0x47, //     INTEGER
+    0x30,
+    0x06, //   SEQUENCE
+    0x02,
+    0x02,
+    0x00,
+    0xff, //     INTEGER
+    0x05,
+    0x00,
+  ]; //     NULL
+  let der = new DER.DERDecoder(derBytes);
+  let contents = new DER.DERDecoder(der.readTagAndGetContents(DER.SEQUENCE));
+  let firstINTEGER = contents.readTagAndGetContents(DER.INTEGER);
+  deepEqual(
+    firstINTEGER,
+    [0x77, 0xff],
+    "first INTEGER should have expected value"
+  );
+  let oid = contents.readTagAndGetContents(DER.OBJECT_IDENTIFIER);
+  deepEqual(
+    oid,
+    [0x2b, 0x01, 0x01],
+    "OBJECT IDENTIFIER should have expected value"
+  );
+
+  let firstNested = new DER.DERDecoder(
+    contents.readTagAndGetContents(DER.SEQUENCE)
+  );
+  let firstNestedNULL = firstNested.readTagAndGetContents(DER.NULL);
+  equal(
+    firstNestedNULL.length,
+    0,
+    "first nested NULL should have expected value (empty array)"
+  );
+  let firstNestedINTEGER = firstNested.readTagAndGetContents(DER.INTEGER);
+  deepEqual(
+    firstNestedINTEGER,
+    [0x45, 0x46, 0x47],
+    "first nested INTEGER should have expected value"
+  );
+  firstNested.assertAtEnd();
+
+  let secondNested = new DER.DERDecoder(
+    contents.readTagAndGetContents(DER.SEQUENCE)
+  );
+  let secondNestedINTEGER = secondNested.readTagAndGetContents(DER.INTEGER);
+  deepEqual(
+    secondNestedINTEGER,
+    [0x00, 0xff],
+    "second nested INTEGER should have expected value"
+  );
+  let secondNestedNULL = secondNested.readTagAndGetContents(DER.NULL);
+  equal(
+    secondNestedNULL.length,
+    0,
+    "second nested NULL should have expected value (empty array)"
+  );
+  secondNested.assertAtEnd();
+
+  contents.assertAtEnd();
+  der.assertAtEnd();
+
+  let invalidDERBytes = [
+    0x30,
+    0x06, // SEQUENCE
+    0x30,
+    0x02, //   SEQUENCE
+    0x02,
+    0x01, //     INTEGER (missing data)
+    0x05,
+    0x00, //   NULL
+    0x00,
+    0x00,
+  ]; // (extra data)
+  let invalidDER = new DER.DERDecoder(invalidDERBytes);
+  let invalidContents = new DER.DERDecoder(
+    invalidDER.readTagAndGetContents(DER.SEQUENCE)
+  );
+  let invalidContentsContents = new DER.DERDecoder(
+    invalidContents.readTagAndGetContents(DER.SEQUENCE)
+  );
+  throws(
+    () => invalidContentsContents.readTagAndGetContents(DER.INTEGER),
+    /data truncated/,
+    "should throw due to missing data"
+  );
+  let nestedNULL = invalidContents.readTagAndGetContents(DER.NULL);
+  equal(nestedNULL.length, 0, "nested NULL should have expected value");
+  invalidContents.assertAtEnd();
+  throws(
+    () => invalidDER.assertAtEnd(),
+    /extra data/,
+    "should throw due to extra data"
+  );
+}
+
+function run_test() {
+  run_simple_tests();
+  run_bit_string_tests();
+  run_compound_tests();
+}
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello.js b/security/manager/ssl/tests/unit/test_encrypted_client_hello.js
new file mode 100644
index 0000000000..945a9ea83f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello.js
@@ -0,0 +1,101 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests handling of Encrypted Client Hello. These ECHConfigs
+// can be regenerated by running EncryptedClientHelloServer
+// and dumping the output of SSL_EncodeEchConfig. They do not
+// expire. An update here is only needed if the host or ECH
+// ciphersuite configuration changes, or if the keypair in
+// EncryptedClientHelloServer.cpp is modified.
+
+// Public name: ech-public.example.com
+const ECH_CONFIG_FIXED =
+  "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
+
+// Public name: ech-public.example.com, Unsupported AEAD to prompt retry_configs from a trusted host.
+const ECH_CONFIG_TRUSTED_RETRY =
+  "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAMAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
+
+// Public name: selfsigned.example.com. Unsupported AEAD to prompt retry_configs from an untrusted host.
+const ECH_CONFIG_UNTRUSTED_RETRY =
+  "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAMAA2QWc2VsZnNpZ25lZC5leGFtcGxlLmNvbQAA";
+
+function shouldBeAcceptedEch(aTransportSecurityInfo) {
+  Assert.ok(
+    aTransportSecurityInfo.isAcceptedEch,
+    "This host should have accepted ECH"
+  );
+  Assert.ok(
+    !aTransportSecurityInfo.usedPrivateDNS,
+    "This connection does not use DoH"
+  );
+}
+
+function shouldBeRejectedEch(aTransportSecurityInfo) {
+  Assert.ok(
+    !aTransportSecurityInfo.isAcceptedEch,
+    "This host should have rejected ECH"
+  );
+  Assert.ok(
+    !aTransportSecurityInfo.usedPrivateDNS,
+    "This connection does not use DoH"
+  );
+}
+
+do_get_profile();
+
+add_tls_server_setup(
+  "EncryptedClientHelloServer",
+  "test_encrypted_client_hello"
+);
+
+// Connect directly without ECH first
+add_connection_test(
+  "ech-public.example.com",
+  PRErrorCodeSuccess,
+  null,
+  shouldBeRejectedEch
+);
+
+// Connect with ECH
+add_connection_test(
+  "ech-private.example.com",
+  PRErrorCodeSuccess,
+  null,
+  shouldBeAcceptedEch,
+  null,
+  null,
+  ECH_CONFIG_FIXED
+);
+
+// Trigger retry_configs by setting an ECHConfig with a different.
+// AEAD than the server supports.
+add_connection_test(
+  "ech-private.example.com",
+  SSL_ERROR_ECH_RETRY_WITH_ECH,
+  null,
+  null,
+  null,
+  null,
+  ECH_CONFIG_TRUSTED_RETRY
+);
+
+// Trigger retry_configs, but from a host that is untrusted
+// (due to a self-signed certificate for the public name).
+// Retry_configs must not be used or reported as available.
+add_connection_test(
+  "ech-private.example.com",
+  MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT,
+  null,
+  null,
+  null,
+  null,
+  ECH_CONFIG_UNTRUSTED_RETRY
+);
+
+// A client-only (retry_without_ech) test is located in
+// test_encrypted_client_hello_client_only.js We can't easily restart
+// a different server (one without ECHConfigs) here, so put that
+// test in a different file that launches a non-ECH server.
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key.keyspec b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem
new file mode 100644
index 0000000000..60960b4daa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcigAwIBAgIUWxEI7DW20X+b24MUvyO3J1pngeQwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZWNoLWNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBgxFjAUBgNVBAMMDWVjaC1wdWJsaWMtZWUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjJTAjMCEG
+A1UdEQQaMBiCFmVjaC1wdWJsaWMuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
+ggEBALBk11enYtAuUPy77WPmNv4fN/NigB4wuygvdTJqVQTUDrRLXhX7ThFL68pd
+b7jTdBsCS3QGucU3W05miyyHwGfiN3PqTvzY6xATR6i4+cKPyW2OM8U7gIZmH3du
+et/rIJ8eAio98S4wvqAmd7oMKeQ4zJ3iRomEHIXH80c8VLOaSugarZuZG11hKCWT
+qbSiVYvCkLBuKzNMlLN3QEaK1mSWngwZ7u6AvbzvoDV3+JX1UThFjI97j/41Kpgy
+Ip0PbKONjUOjb+Rd1Fo6FLBAtJ/tfKrJZqCm7HxJiY9PuPJWyL6PBxIAymFcAyRU
+deD8cDEq9EaQmfYM3rPeUortM8g=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem.certspec b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem.certspec
new file mode 100644
index 0000000000..d5c332ceec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/default-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ech-ca
+subject:ech-public-ee
+extension:subjectAlternativeName:ech-public.example.com
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key.keyspec b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem
new file mode 100644
index 0000000000..f136a811e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcqgAwIBAgIUN7V9tjNwYafgE24tOZNXBSQn96QwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZWNoLWNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBkxFzAVBgNVBAMMDmVjaC1wcml2YXRlLWVlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyYwJDAi
+BgNVHREEGzAZghdlY2gtcHJpdmF0ZS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsF
+AAOCAQEATfrz7BkT8pNISv2h71JHVkuPNDpjgSG+M0Z0IzXhTON0CpE/6Jk8nRwS
+LjfW9n9nJL7PATF4RT45tQ83+jmfFykhrmPctl2Tiq1HfTKdMdpW2i8lZVOovKZN
+3c98eNWZ5cqicG4XZEQbq1Nu+VsL7R5UCVvhIgLPWAdiEJu1D7VagCzZHguoUBDT
+C428L9nx0z80l4XNOeqYGtJtN2YqRSErkeMPAN1Q7MxVyp0Lsz8lwHQx8D73jYKK
+AN1kjtC18jBr5BYL1HCHvE/sL7ZLlaBRS+PQnF2HW0qkCOb3POlZ1UCjTa09Qy4f
+pxbYP6sTh1c6VShYzlE04jXC3K8KKw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem.certspec b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem.certspec
new file mode 100644
index 0000000000..c152462f0d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/private-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ech-ca
+subject:ech-private-ee
+extension:subjectAlternativeName:ech-private.example.com
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem b/security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem
new file mode 100644
index 0000000000..eb6a2c1096
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAeugAwIBAgIUKXdVQO3RzfhQiRP9uZIuxnydYxAwDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbU2VsZi1zaWduZWQgVGVzdCBFbmQtZW50aXR5MCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCYxJDAiBgNVBAMMG1NlbGYt
+c2lnbmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwIQYDVR0RBBowGIIWc2Vs
+ZnNpZ25lZC5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAXAU/SRgl952l
+O2B26d2oytCFyWJkotYhd7cHLTWcdGdfwgJ6YD2JaW9Bos0NVFbj+Z9PJJh2xNCy
+xULqNCVnRu11dFlGad6FDvY1psli8By00Kvz74kbNseISNuuzCTsZU2Uw5BXS9W9
+ia4S1dskQyuBae5M8ma6BeUyyHHfmu9TiqtzrlrAqIsXDucMs6WhgfOVimgAIQDl
+fA5qju7cmOJ8lzSV+CTrmoAMv2Q80G3rw0CPPIWqKrcTjkf+R5p3CSYUQ5Qq38Qx
+m0hK0fdlZ4MPsSKxQN7k/DeINotW2IaLX/AGL5z6dEFsBMp50iJCMEebkFmuFQ50
+oOILqRNvCA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem.certspec b/security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem.certspec
new file mode 100644
index 0000000000..438a08eba2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/selfsigned.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Self-signed Test End-entity
+subject:Self-signed Test End-entity
+extension:subjectAlternativeName:selfsigned.example.com
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem b/security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem
new file mode 100644
index 0000000000..80c87da490
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUG1Lw/SgeLtklG97Ln5uybxccJyMwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZWNoLWNhMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBExDzANBgNVBAMMBmVjaC1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAAMcKWJnU+OkvNVY
+g3glJ1ZgNURoWjhFnyqX8EmxFYH8mRdEdb8ZBTGeBYUDc3diHdZcmunGJ3FCVO5v
+zOI4UOCfADvIzY0hwtj+adtaavgRBRXeTZp8MyTSiN2a1T/3XgsnzKLYqAK7GIEq
+NwdRcsgu/mFG6p0ktOBvfBgbyD3rlupZhuWoedUQ6fR04BKFgdp4zg411qCG8HBQ
+lSa2t0e+dT5pZ1QTtyzIjtkAQu+GWJqc2Sqr5I4BnHOzRiXPc2lhVl0yGPjROHaD
+qK/jsbIkFxvi++59F9ptkOJTPJk1rAJ69Grx5/V7s1NxtXocCEm6gtDSi0zJ3V0f
+J0Qs50Y=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem.certspec b/security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem.certspec
new file mode 100644
index 0000000000..1735a15075
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ech-ca
+subject:ech-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_encrypted_client_hello_client_only.js b/security/manager/ssl/tests/unit/test_encrypted_client_hello_client_only.js
new file mode 100644
index 0000000000..0949bc6038
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_encrypted_client_hello_client_only.js
@@ -0,0 +1,32 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Public Name = delegated-enabled.example.com
+const ECH_CONFIG_FIXED =
+  "AFD+DQBMTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QdZGVsZWdhdGVkLWVuYWJsZWQuZXhhbXBsZS5jb20AAA==";
+do_get_profile();
+
+// An arbitrary, non-ECH server.
+add_tls_server_setup(
+  "DelegatedCredentialsServer",
+  "test_delegated_credentials"
+);
+
+add_test(function () {
+  clearSessionCache();
+  run_next_test();
+});
+
+// Connect, sending ECH. The server is not configured for it,
+// but *is* authoritative for the public name.
+add_connection_test(
+  "delegated-disabled.example.com",
+  SSL_ERROR_ECH_RETRY_WITHOUT_ECH,
+  null,
+  null,
+  null,
+  null,
+  ECH_CONFIG_FIXED
+);
diff --git a/security/manager/ssl/tests/unit/test_enterprise_roots.js b/security/manager/ssl/tests/unit/test_enterprise_roots.js
new file mode 100644
index 0000000000..6abd7161ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_enterprise_roots.js
@@ -0,0 +1,82 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests enterprise root certificate support. When configured to do so, the
+// platform will attempt to find and import enterprise root certificates. This
+// feature is specific to Windows.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+async function check_no_enterprise_roots_imported(
+  nssComponent,
+  certDB,
+  dbKey = undefined
+) {
+  let enterpriseRoots = nssComponent.getEnterpriseRoots();
+  notEqual(enterpriseRoots, null, "enterprise roots list should not be null");
+  equal(
+    enterpriseRoots.length,
+    0,
+    "should not have imported any enterprise roots"
+  );
+  if (dbKey) {
+    let cert = certDB.findCertByDBKey(dbKey);
+    // If the garbage-collector hasn't run, there may be reachable copies of
+    // imported enterprise root certificates. If so, they shouldn't be trusted
+    // to issue TLS server auth certificates.
+    if (cert) {
+      await asyncTestCertificateUsages(certDB, cert, []);
+    }
+  }
+}
+
+async function check_some_enterprise_roots_imported(nssComponent, certDB) {
+  let enterpriseRoots = nssComponent.getEnterpriseRoots();
+  notEqual(enterpriseRoots, null, "enterprise roots list should not be null");
+  notEqual(
+    enterpriseRoots.length,
+    0,
+    "should have imported some enterprise roots"
+  );
+  let foundNonBuiltIn = false;
+  let savedDBKey = null;
+  for (let certDer of enterpriseRoots) {
+    let cert = certDB.constructX509(certDer);
+    notEqual(cert, null, "should be able to decode cert from DER");
+    if (!cert.isBuiltInRoot && !savedDBKey) {
+      foundNonBuiltIn = true;
+      savedDBKey = cert.dbKey;
+      info("saving dbKey from " + cert.commonName);
+      await asyncTestCertificateUsages(certDB, cert, [certificateUsageSSLCA]);
+      break;
+    }
+  }
+  ok(foundNonBuiltIn, "should have found non-built-in root");
+  return savedDBKey;
+}
+
+add_task(async function run_test() {
+  let nssComponent = Cc["@mozilla.org/psm;1"].getService(Ci.nsINSSComponent);
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  nssComponent.getEnterpriseRoots(); // blocks until roots are loaded
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+  await check_no_enterprise_roots_imported(nssComponent, certDB);
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", true);
+  await TestUtils.topicObserved("psm:enterprise-certs-imported");
+  let savedDBKey = await check_some_enterprise_roots_imported(
+    nssComponent,
+    certDB
+  );
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+  await check_no_enterprise_roots_imported(nssComponent, certDB, savedDBKey);
+});
diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js
new file mode 100644
index 0000000000..f163623919
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -0,0 +1,310 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that end-entity certificates that should successfully verify as EV
+// (Extended Validation) do so and that end-entity certificates that should not
+// successfully verify as EV do not. Also tests related situations (e.g. that
+// failure to fetch an OCSP response results in no EV treatment).
+//
+// A quick note about the certificates in these tests: generally, an EV
+// certificate chain will have an end-entity with a specific policy OID followed
+// by an intermediate with the anyPolicy OID chaining to a root with no policy
+// OID (since it's a trust anchor, it can be omitted). In these tests, the
+// specific policy OID is 1.3.6.1.4.1.13769.666.666.666.1.500.9.1 and is
+// referred to as the test OID. In order to reflect what will commonly be
+// encountered, the end-entity of any given test path will have the test OID
+// unless otherwise specified in the name of the test path. Similarly, the
+// intermediate will have the anyPolicy OID, again unless otherwise specified.
+// For example, for the path where the end-entity does not have an OCSP URI
+// (referred to as "no-ocsp-ee-path-{ee,int}", the end-entity has the test OID
+// whereas the intermediate has the anyPolicy OID.
+// For another example, for the test OID path ("test-oid-path-{ee,int}"), both
+// the end-entity and the intermediate have the test OID.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+});
+
+Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+const evroot = addCertFromFile(certdb, "test_ev_certs/evroot.pem", "CTu,,");
+addCertFromFile(certdb, "test_ev_certs/non-evroot-ca.pem", "CTu,,");
+
+const SERVER_PORT = 8888;
+
+function failingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+class EVCertVerificationResult {
+  constructor(
+    testcase,
+    expectedPRErrorCode,
+    expectedEV,
+    resolve,
+    ocspResponder
+  ) {
+    this.testcase = testcase;
+    this.expectedPRErrorCode = expectedPRErrorCode;
+    this.expectedEV = expectedEV;
+    this.resolve = resolve;
+    this.ocspResponder = ocspResponder;
+  }
+
+  verifyCertFinished(prErrorCode, verifiedChain, hasEVPolicy) {
+    equal(
+      prErrorCode,
+      this.expectedPRErrorCode,
+      `${this.testcase} should have expected error code`
+    );
+    equal(
+      hasEVPolicy,
+      this.expectedEV,
+      `${this.testcase} should result in expected EV status`
+    );
+    this.ocspResponder.stop(this.resolve);
+  }
+}
+
+function asyncTestEV(
+  cert,
+  expectedPRErrorCode,
+  expectedEV,
+  expectedOCSPRequestPaths,
+  ocspResponseTypes = undefined
+) {
+  let now = Date.now() / 1000;
+  return new Promise((resolve, reject) => {
+    let ocspResponder = expectedOCSPRequestPaths.length
+      ? startOCSPResponder(
+          SERVER_PORT,
+          "www.example.com",
+          "test_ev_certs",
+          expectedOCSPRequestPaths,
+          expectedOCSPRequestPaths.slice(),
+          null,
+          ocspResponseTypes
+        )
+      : failingOCSPResponder();
+    let result = new EVCertVerificationResult(
+      cert.subjectName,
+      expectedPRErrorCode,
+      expectedEV,
+      resolve,
+      ocspResponder
+    );
+    certdb.asyncVerifyCertAtTime(
+      cert,
+      certificateUsageSSLServer,
+      0,
+      "ev-test.example.com",
+      now,
+      result
+    );
+  });
+}
+
+function ensureVerifiesAsEV(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let expectedOCSPRequestPaths = [`${testcase}-ee`];
+  return asyncTestEV(
+    cert,
+    PRErrorCodeSuccess,
+    gEVExpected,
+    expectedOCSPRequestPaths
+  );
+}
+
+function ensureVerifiesAsEVWithNoOCSPRequests(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected, []);
+}
+
+function ensureVerifiesAsDV(testcase, expectedOCSPRequestPaths = undefined) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(
+    cert,
+    PRErrorCodeSuccess,
+    false,
+    expectedOCSPRequestPaths ? expectedOCSPRequestPaths : [`${testcase}-ee`]
+  );
+}
+
+function ensureVerificationFails(testcase, expectedPRErrorCode) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, expectedPRErrorCode, false, []);
+}
+
+function verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, expectSuccess) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let now = Date.now() / 1000;
+  let expectedErrorCode = SEC_ERROR_POLICY_VALIDATION_FAILED;
+  if (expectSuccess && gEVExpected) {
+    expectedErrorCode = PRErrorCodeSuccess;
+  }
+  return new Promise((resolve, reject) => {
+    let ocspResponder = failingOCSPResponder();
+    let result = new EVCertVerificationResult(
+      cert.subjectName,
+      expectedErrorCode,
+      expectSuccess && gEVExpected,
+      resolve,
+      ocspResponder
+    );
+    let flags =
+      Ci.nsIX509CertDB.FLAG_LOCAL_ONLY | Ci.nsIX509CertDB.FLAG_MUST_BE_EV;
+    certdb.asyncVerifyCertAtTime(
+      cert,
+      certificateUsageSSLServer,
+      flags,
+      "ev-test.example.com",
+      now,
+      result
+    );
+  });
+}
+
+function ensureNoOCSPMeansNoEV(testcase) {
+  return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, false);
+}
+
+function ensureVerifiesAsEVWithFLAG_LOCAL_ONLY(testcase) {
+  return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, true);
+}
+
+function verifyWithOCSPResponseType(testcase, response, expectEV) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let expectedOCSPRequestPaths = [`${testcase}-ee`];
+  let ocspResponseTypes = [response];
+  return asyncTestEV(
+    cert,
+    PRErrorCodeSuccess,
+    gEVExpected && expectEV,
+    expectedOCSPRequestPaths,
+    ocspResponseTypes
+  );
+}
+
+function ensureVerifiesAsDVWithOldEndEntityOCSPResponse(testcase) {
+  return verifyWithOCSPResponseType(testcase, "longvalidityalmostold", false);
+}
+
+function ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(testcase) {
+  return verifyWithOCSPResponseType(testcase, "ancientstillvalid", false);
+}
+
+// These should all verify as EV.
+add_task(async function plainExpectSuccessEVTests() {
+  await ensureVerifiesAsEV("anyPolicy-int-path");
+  await ensureVerifiesAsEV("test-oid-path");
+  await ensureVerifiesAsEV("cabforum-oid-path");
+  await ensureVerifiesAsEV("cabforum-and-test-oid-ee-path");
+  await ensureVerifiesAsEV("test-and-cabforum-oid-ee-path");
+  await ensureVerifiesAsEV("reverse-order-oids-path");
+  // In this case, the end-entity has both the CA/B Forum OID and the test OID
+  // (in that order). The intermediate has the CA/B Forum OID. Since the
+  // implementation tries all EV policies it encounters, this successfully
+  // verifies as EV.
+  await ensureVerifiesAsEV("cabforum-and-test-oid-ee-cabforum-oid-int-path");
+  // In this case, the end-entity has both the test OID and the CA/B Forum OID
+  // (in that order). The intermediate has only the CA/B Forum OID. Since the
+  // implementation tries all EV policies it encounters, this successfully
+  // verifies as EV.
+  await ensureVerifiesAsEV("test-and-cabforum-oid-ee-cabforum-oid-int-path");
+});
+
+// These fail for various reasons to verify as EV, but fallback to DV should
+// succeed.
+add_task(async function expectDVFallbackTests() {
+  await ensureVerifiesAsDV("anyPolicy-ee-path");
+  await ensureVerifiesAsDV("non-ev-root-path");
+  await ensureVerifiesAsDV("no-ocsp-ee-path", []);
+  await ensureVerifiesAsEV("no-ocsp-int-path");
+  // In this case, the end-entity has the test OID and the intermediate has the
+  // CA/B Forum OID. Since the CA/B Forum OID is not treated the same as the
+  // anyPolicy OID, this will not verify as EV.
+  await ensureVerifiesAsDV("test-oid-ee-cabforum-oid-int-path");
+});
+
+// Test that removing the trust bits from an EV root causes verifications
+// relying on that root to fail (and then test that adding back the trust bits
+// causes the verifications to succeed again).
+add_task(async function evRootTrustTests() {
+  clearOCSPCache();
+  info("untrusting evroot");
+  certdb.setCertTrust(
+    evroot,
+    Ci.nsIX509Cert.CA_CERT,
+    Ci.nsIX509CertDB.UNTRUSTED
+  );
+  await ensureVerificationFails("test-oid-path", SEC_ERROR_UNKNOWN_ISSUER);
+  info("re-trusting evroot");
+  certdb.setCertTrust(
+    evroot,
+    Ci.nsIX509Cert.CA_CERT,
+    Ci.nsIX509CertDB.TRUSTED_SSL
+  );
+  await ensureVerifiesAsEV("test-oid-path");
+});
+
+// Test that if FLAG_LOCAL_ONLY and FLAG_MUST_BE_EV are specified, that no OCSP
+// requests are made (this also means that nothing will verify as EV).
+add_task(async function localOnlyMustBeEVTests() {
+  clearOCSPCache();
+  await ensureNoOCSPMeansNoEV("anyPolicy-ee-path");
+  await ensureNoOCSPMeansNoEV("anyPolicy-int-path");
+  await ensureNoOCSPMeansNoEV("non-ev-root-path");
+  await ensureNoOCSPMeansNoEV("no-ocsp-ee-path");
+  await ensureNoOCSPMeansNoEV("no-ocsp-int-path");
+  await ensureNoOCSPMeansNoEV("test-oid-path");
+});
+
+// Prime the OCSP cache and then ensure that we can validate certificates as EV
+// without hitting the network. There's two cases here: one where we simply
+// validate like normal and then check that the network was never accessed and
+// another where we use flags to mandate that the network not be used.
+add_task(async function ocspCachingTests() {
+  clearOCSPCache();
+
+  await ensureVerifiesAsEV("anyPolicy-int-path");
+  await ensureVerifiesAsEV("test-oid-path");
+
+  await ensureVerifiesAsEVWithNoOCSPRequests("anyPolicy-int-path");
+  await ensureVerifiesAsEVWithNoOCSPRequests("test-oid-path");
+
+  await ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("anyPolicy-int-path");
+  await ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("test-oid-path");
+});
+
+// Old-but-still-valid OCSP responses are accepted for intermediates but not
+// end-entity certificates (because of OCSP soft-fail this results in DV
+// fallback).
+add_task(async function oldOCSPResponseTests() {
+  clearOCSPCache();
+
+  clearOCSPCache();
+  await ensureVerifiesAsDVWithOldEndEntityOCSPResponse("anyPolicy-int-path");
+  await ensureVerifiesAsDVWithOldEndEntityOCSPResponse("test-oid-path");
+
+  clearOCSPCache();
+  await ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(
+    "anyPolicy-int-path"
+  );
+  await ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse("test-oid-path");
+});
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem
new file mode 100644
index 0000000000..bb67341220
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVzCCAj+gAwIBAgIUHb9CrEDo8VwITKCJOkRAeW4iftkwDQYJKoZIhvcNAQEL
+BQAwIDEeMBwGA1UEAwwVYW55UG9saWN5LWVlLXBhdGgtaW50MCIYDzIwMjExMTI3
+MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGFueVBvbGljeS1l
+ZS1wYXRoLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo4GFMIGCME0GCCsGAQUFBwEBBEEwPzA9BggrBgEFBQcw
+AYYxaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2FueVBvbGljeS1lZS1wYXRo
+LWVlLzARBgNVHSAECjAIMAYGBFUdIAAwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAt3y+8E3yCuL0S85twhU87JxsyNCL
+Am+QQGqyTpH81RsL64uxvSVyswKvyA4LpJBN/w13xsIOue/55AK9CwGhyw9jSPcn
+/OGRXzcqiBjeSkkCHOPXzPV5e/xWuWI9fR0XBBy/UgBsoXQzrrq5lCHR76yr2eyF
+2RA5lh1qqk2fgsqq3cCqsFEiOUbWjsHjlra8yvArfqexLVowlyg5olisnORbi7eJ
+/jm7w+X9eEP17yRDFnb5joeXh+UeCaxdhVp7c71oY/5lBdnesmkwr6b9CNVg9vLk
+LHrp3IyQF5Wj1usyDu/BYr0lu+VRAEusNnqDiz7LZfhnUMZJJwvqC+Tcrg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec
new file mode 100644
index 0000000000..a9175c32ed
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:anyPolicy-ee-path-int
+subject:anyPolicy-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-ee/
+extension:certificatePolicies:any
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem
new file mode 100644
index 0000000000..860453152c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAiygAwIBAgIUHUngL0WtaSVKsjGfK6Ktnv/n3acwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCAxHjAcBgNVBAMMFWFueVBvbGljeS1lZS1wYXRoLWludDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaOBgDB+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME4GCCsGAQUFBwEBBEIw
+QDA+BggrBgEFBQcwAYYyaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2FueVBv
+bGljeS1lZS1wYXRoLWludC8wEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEB
+CwUAA4IBAQCSEsmhHQQkMTDD+JU3kEWCt7v0RujqGvkBuUUM5VObzheZFKTQVYZ1
+1fui+s+AlogSfCWOOHNLGMrF2HQd1imzVqSDaoeeGMqKsiJ/MR9MWKjxZE+omL4J
+HsJ59n0+9U4k28/dujgno3BK65mbfKlAqBEBYFBmGmZO5Fb6U+dtDZi9mOiN2JzM
+Y/l8uax0i1XmKR6TESu9f3ue5D5WFkd2uL9oexGnvpEpV/wEB1f8wViU3W1AFC52
+CYHGiwV/54PZ3cg7zH86i2Gionq4CMApP1QRvOBTheJpkM5ul3BPiGg8mDkjb5lB
+dlPnrj4exf+eoqsrVFxdTX0EL7gQSRqr
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec
new file mode 100644
index 0000000000..c49f6c4bcc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:anyPolicy-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
new file mode 100644
index 0000000000..c088a135a1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIUBcyX7McNHTUw58i902kjb15KZlswDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWYW55UG9saWN5LWludC1wYXRoLWludDAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAgMR4wHAYDVQQDDBVhbnlQb2xpY3kt
+aW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjgZQwgZEwTgYIKwYBBQUHAQEEQjBAMD4GCCsGAQUF
+BzABhjJodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvYW55UG9saWN5LWludC1w
+YXRoLWVlLzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAeBgNVHREE
+FzAVghNldi10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAxk4+S
+laaEinRp3bXkqJ3rQTdaZwX9uegjAfOfaDLMFnGiD63aGNg9mqvsdt9rgbGmuFYX
+nsoeSzzWhV/Uk1VA/9El7x5eRHOMs3r5VnnW395eIYdAlGmDW81ANm4NIdiAfKZj
+fr2LOkjhPbhrV9i3YtY9lDFIiZheS6V2RgeHLoHc1cj0EB46PH1HC8fP+rg4tOhd
+vq5tL1p6dkHWnhduJ+oKrBuHehmnJfrXV53pz9VoOIj3F6F2F/c/EriyAPc/KOO9
+ocyNrJMoD0aFBF9ijK6uERhga/vM4dXIPUGzECQxceUuTUkn/2wEECNV2ETVmNTZ
+cRcP3J32vzU1jaVQ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
new file mode 100644
index 0000000000..1c643c2f95
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:anyPolicy-int-path-int
+subject:anyPolicy-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
new file mode 100644
index 0000000000..779f2dfa85
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRjCCAi6gAwIBAgIUHyEVo6adgErPC5OEcIkP33KrTjgwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCExHzAdBgNVBAMMFmFueVBvbGljeS1pbnQtcGF0aC1pbnQwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjgYEwfzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBPBggrBgEFBQcBAQRD
+MEEwPwYIKwYBBQUHMAGGM2h0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9hbnlQ
+b2xpY3ktaW50LXBhdGgtaW50LzARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcN
+AQELBQADggEBAINthPjozG2qV5mlu5XJKM+LofF58fyxH7KCNIyDErghGz3DQyR/
+5GcPpKwzfl/gnXvXvF6yWOimQOOmU4u1oDtKv0lodL0EVEAqZQmZ0pDF2wBKPquH
+H7Eaji8uDhSuhnJZpwmyaCpOiMCda3qq5YgxwjyQTZ63lLXqQpEnSqgExfUISueH
+7j68bvPm8Q/SLVhOVLQdNf7mDVacFZE0OmtyjlSUN2ZFBZaN8o7FTnfocNmPlyD8
+EGmdkbdggXmESN5jGnBxo9fqLnqYCJEA8uN0Xckfz3ovKlt6PfbgnEeUzJRT71pN
+fqXYugdt7ppcn3sJbEOKInkw6h8to/pNlCU=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
new file mode 100644
index 0000000000..5f5adacc7f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:anyPolicy-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 0000000000..0c83086180
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIUfU399SRJMbYE6q+pNnq6hlSOzt4wDQYJKoZIhvcNAQEL
+BQAwPTE7MDkGA1UEAwwyY2FiZm9ydW0tYW5kLXRlc3Qtb2lkLWVlLWNhYmZvcnVt
+LW9pZC1pbnQtcGF0aC1pbnQwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowPDE6MDgGA1UEAwwxY2FiZm9ydW0tYW5kLXRlc3Qtb2lkLWVlLWNhYmZv
+cnVtLW9pZC1pbnQtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBuTCBtjBqBggrBgEFBQcBAQReMFww
+WgYIKwYBBQUHMAGGTmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1
+bS1hbmQtdGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRoLWVlLzAoBgNV
+HSAEITAfMAcGBWeBDAEBMBQGEisGAQQB60mFGoUahRoBg3QJATAeBgNVHREEFzAV
+ghNldi10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB0CMZ2fLLZ
+1qUT8t9DlOq9kMses1ASgX74/g5cl8W96x31QnxgEtRAMQKZrvucke8+us2LRh1d
+Oi5XAYry+g0kNOwfpXiWo+y23WoA+WHX2hYcH26fgzoyz3ULuMMyoM9DMlrwJvHv
+/+v1eMiAw71JfK987KWcbP1uESaTHZ04+5aN57efGVr3ADZiicaj6fUIsDIfMKJ3
+INVgVdMWpX01zFNTsSPNImxMZ7Gtqs1lP0gv30QXwGLTPCG1gARWSYF/fCFwbpon
+P7wBCAr/ADvUJl0UjcdCpU+YmwYxOW0QPGNVwRwgEAdLCnnnztq3y3bOzmGL/lQ4
+eD9G3c6ZD14D
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 0000000000..c72237e453
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-and-test-oid-ee-cabforum-oid-int-path-int
+subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 0000000000..6a2a55cd98
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIUDTr/XHbekA2O0a9J+hMLRhyOr3EwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMD0xOzA5BgNVBAMMMmNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1j
+YWJmb3J1bS1vaWQtaW50LXBhdGgtaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GfMIGcMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMGsGCCsGAQUFBwEBBF8wXTBbBggrBgEFBQcwAYZPaHR0
+cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2NhYmZvcnVtLWFuZC10ZXN0LW9pZC1l
+ZS1jYWJmb3J1bS1vaWQtaW50LXBhdGgtaW50LzASBgNVHSAECzAJMAcGBWeBDAEB
+MA0GCSqGSIb3DQEBCwUAA4IBAQCBt+AdgkYRRMubo29YkYXETC2UKiIHcyk/PuMU
+yFtR0xqsj7oe5lUf7XYHUNbJPuoF7hflSIKXx5un5zwZ5Vw3SE0qYcy6kM2PS4dK
+w6SMFkrZxCMf9GHFMubDk01T/p7BmpFKGVVAKgsUZmQSn+s/K+9+v4reDJ7yBfiu
+l+KjNGsa5In6l2kO799Q/QAPfBLxl0ZOYIONF4+IjJAwt6AXuilkPgPUcRkyZ3ka
+p+4GUc962Ylc4rGPxSKxcs93AkFl+8aYy5lW9kkFRQKSDM3W6WRPoal8411BsXEg
+LBcS5MoY024Y4gRn5H2WVUcqYbZ+SQtQ3sqnFbgtvVH0t89E
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 0000000000..92ebdb37fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem
new file mode 100644
index 0000000000..c6f64b2001
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIUJwEFxlIecfbIub/Yy2vC/isMYB0wDQYJKoZIhvcNAQEL
+BQAwLDEqMCgGA1UEAwwhY2FiZm9ydW0tYW5kLXRlc3Qtb2lkLWVlLXBhdGgtaW50
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCsxKTAnBgNVBAMM
+IGNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1wYXRoLWVlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GoMIGlMFkG
+CCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAYY9aHR0cDovL3d3dy5leGFtcGxlLmNv
+bTo4ODg4L2NhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1wYXRoLWVlLzAoBgNVHSAE
+ITAfMAcGBWeBDAEBMBQGEisGAQQB60mFGoUahRoBg3QJATAeBgNVHREEFzAVghNl
+di10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBQdToSfEhnomqt
+UFfMjK3tieFSRqQ60lF28IFX40/Yu48k8AQY8UN/frh7r4tVk59aQK44QDj9CwUo
+E5DIwPwqOozGrrNYfSVaqqsyepepYp410EuT5OTjHIJ71Wus3EPf8w7oPABApidH
+GjOdoMj8dUufmnsCOlXYt32g/x70OpAn1PRw7Sc7YfIQwOuGRuTIuCS2T/JKkU2Y
+s+DNT98tuBlTnpByHen7QpdPdWCmMX+30e7B2bC/1IRetDOaUuT0zLMFBtL1sx2p
+W/U9p4mU3z9IkDflqSuxBuuMudY7n1+ZPw9uJF2z1PqZN4qOGXiebiGfigWlU4Ac
+uDd/MtOD
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec
new file mode 100644
index 0000000000..36f80e017b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-and-test-oid-ee-path-int
+subject:cabforum-and-test-oid-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem
new file mode 100644
index 0000000000..8f92651d3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIUQS8yxTmnGrb3xLk+pZAOVYuZoR0wDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCwxKjAoBgNVBAMMIWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1w
+YXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBjTCBijAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBa
+BggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAGGPmh0dHA6Ly93d3cuZXhhbXBsZS5j
+b206ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1pbnQvMBEGA1Ud
+IAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAZmY7h/FLsNdMGtjTauA7
+LY6oaWD8kZAEsn9tq59CsAQG/M/nJFrjeFQUtzaSz2vmg8u1xqinelrAoy02Ujup
+Nm+/WULLoOjyb99QmkY3VaK7FkjNdbvt5AfgriRXWnbZpC+vXDHXMWViAQx0+Wm+
+9C1ssqbIClbQMhwsVldyRjVMRFMO5F/hvgGkLsUWaztEaVnMRG4eM/c9bl5HsdVM
+VfSIIb7D92TmQyfPbum2ws2CDmsYL2OKgosy3eylZjwprrE4yq8ZTsRaovvB7FwG
+UGV+L6FjuUVN7nR3EnQTDoXin3a0C5enc6fIfcmM5MLy+bHxpG5nHrQH9yvSwqqI
+zw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec
new file mode 100644
index 0000000000..79ae7ae801
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-and-test-oid-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem
new file mode 100644
index 0000000000..fe4447dc7a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWDCCAkCgAwIBAgIUWy0RlFqNWWWgn+O3e6YCiRHdLFkwDQYJKoZIhvcNAQEL
+BQAwIDEeMBwGA1UEAwwVY2FiZm9ydW0tb2lkLXBhdGgtaW50MCIYDzIwMjExMTI3
+MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGNhYmZvcnVtLW9p
+ZC1wYXRoLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo4GGMIGDME0GCCsGAQUFBwEBBEEwPzA9BggrBgEFBQcw
+AYYxaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2NhYmZvcnVtLW9pZC1wYXRo
+LWVlLzASBgNVHSAECzAJMAcGBWeBDAEBMB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhh
+bXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAH+evAgGQBC6njxTFd0BuozC3Skz
+UGKec1dIMmiYFj7mgzuKp9eTAeOK1WdOvevygxoWRHkHAmquWEY9mvt4dSWIqhsz
+RJ2b5cKnhtkFdfnQf+depCRZbdO4A7fLNYL9HCRnnN1PQKpaFF7fFEZ1rSzSShGX
+nsz4KbEvGQVxCe2HmflqJQARp4gJUGZ+psAIspmwAqA4dViNZSgg79E1neG/g+EG
+Ocq03fAbwb2Ko2eLzI0GF31L2iI1p0keEHzbwsxCjJQ5pRQdra5c7vEQHgQq5eSL
+9RQrtE1J9erO0Jy9MUCDoZ4+WCnl4VZXVlYLt0oUh1YCOKD3J5dm7sRJ93A=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec
new file mode 100644
index 0000000000..86fd9aca39
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-oid-path-int
+subject:cabforum-oid-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-ee/
+extension:certificatePolicies:2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem
new file mode 100644
index 0000000000..f4bbc67785
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUJ3QtUr7ndrb3mL/xD7keEx/Qj1owDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCAxHjAcBgNVBAMMFWNhYmZvcnVtLW9pZC1wYXRoLWludDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaOBgTB/MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME4GCCsGAQUFBwEBBEIw
+QDA+BggrBgEFBQcwAYYyaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2NhYmZv
+cnVtLW9pZC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATANBgkqhkiG9w0B
+AQsFAAOCAQEAGkKvsFxMmr30hx3Z4gJ8ZKLeQ2yomqPxSgjZxir4sumwkjEguFYE
+ZcaLijKzoTdOHs1G6VnjOxVYUsAXBNT2gC2h3e5TO/toub2lyst6csDB3nj1y4Ee
+2JYctZAyYHg4UJZU+zAvsTpTamEjn4LMievWD5foeoPFAAB5PNTSgvibAe6oi0Mo
+MTb0dwrmWkfIDyH7xjQKNlLCgi0U+KF0TtWX7boZ2QDmMl3b5DLA2/idf1Y21ix3
+EmAXKz4Ni93vL3Oy+Wnj1R5KjEQw4U3RURZ/OnmQOhg2UJloUbDjKAHdtp6lQC0W
+hL8oOBBAkCgkphWeDqOkjgRY+oyVMkgMSQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec
new file mode 100644
index 0000000000..343307164b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-oid-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key
new file mode 100644
index 0000000000..1d88a930d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec
new file mode 100644
index 0000000000..1a3d76a550
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem
new file mode 100644
index 0000000000..13c3031905
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUIZSHsVgzcvhPgdfrgdMGlpSfMegwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMTUwMTAxMDAwMDAwWhgPMjAzNTAx
+MDEwMDAwMDBaMBExDzANBgNVBAMMBmV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALVJiVydABCNEaH5n4ep49Gl21367PGI2le/ZBNojyzkciz/
+EJA4wXQCyToqRz29KGrtP9zTY89aKRR3Ab3YGNdhW/k1a9XTyDNqqowJcTaKBsPN
+RGG5PlFCThdEuy6q1GqrOM4ZaCGWH4dxShZjaT8JdhzfTWuhJerOx74nDTiPeJ9s
+33iuMUTtKMReeSk4Y6eiKkiYCjakDnLVecm5Jd/4x5M2L/1ol6fBdUxel8lnw+rd
+Gq6KoszONIoBabgOKKLXDBqWDG8zXy2gm5tkP1q/uknoqqmB6WDifYdIC91V3ZQX
++hhQn7tVTM+BpDl+i6gSijS98nhlwYnlc0+yKQUCAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABTOHA9XbfLv/C7+
+5KycYXToOIBRSjQ0j2nsiqFda4Jx+aKsvdpdrrbLHvhrpfsA3ZgB2+eKHunVc4fo
+UHNqZllAs2nx+AEinq4GX8iya5BpiyTIxXWu8v06siGgz1GxlJw1cJ/ZnFEQ9IBf
+cCAr5fCoZ4RC+2OVhiSTnYPCKM+zCyw3YpISjNOg1VVkp46Htp+831Eh12YfwvdY
+Fgh1fc5ohYC5GCLRuXKc9PGTsr3gp7Y0liYbK7v0RBjd+GivNQ3dS3W+lB3Ow0LH
+z/fc3qvrhsd58jHpb1QZQzd9bQjuIIM6Gij7TNdNNarEVZfSJjPYLfXosNdYh5fH
+HmbOwao=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec
new file mode 100644
index 0000000000..3121f3486e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
new file mode 100644
index 0000000000..af5ffef782
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEDCCAfigAwIBAgIUV4EyKmZfq4MEI8NLfzjTZovpx3owDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTbm8tb2NzcC1lZS1wYXRoLWludDAiGA8yMDIxMTEyNzAw
+MDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAdMRswGQYDVQQDDBJuby1vY3NwLWVlLXBh
+dGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjQzBBMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkB
+MB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
+ggEBACqYubzmmeSUHH2ONuYa1B13hyuMCgDvyQKOxI1m/NewbtEZ80UDWmQMolFP
+m2l8lbmlSuNWi25RQxONcXSspCQgIwRzfi4OBql81nZkjyGWWprLUTBrCfyYE3gi
+P2acboz9ObJoXDzYl63MnyAiD/VQifM/iYuiiel/tJRCV5I72a2wQKlZniulgyWQ
+HuWQk9v7lKUX+msgEo9ZW8ndb/hgq+QnEzB3kPmkWgEmLJdK2k05UIjYNBRbgntj
+qGSUgCtdga8gfEeaD/00DweQ8MFwhQkXol2kQVY3j0rddi5T0BI9Fu8BuPaPXU4w
+nr0GvC4bu/ATRI5EuKOJRt4WSv4=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
new file mode 100644
index 0000000000..ece1cf816f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:no-ocsp-ee-path-int
+subject:no-ocsp-ee-path-ee
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem
new file mode 100644
index 0000000000..09cfda1739
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIUcXOmLIKcwe+H0AekAT8yEbaqdJUwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMB4xHDAaBgNVBAMME25vLW9jc3AtZWUtcGF0aC1pbnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+fjB8MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMEwGCCsGAQUFBwEBBEAwPjA8
+BggrBgEFBQcwAYYwaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L25vLW9jc3At
+ZWUtcGF0aC1pbnQvMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOC
+AQEAS/QkZA0m4gZRyp7eyeXeHaR0toxH9RaypHw5FkG/vHQ4EIjO6eXRcC/bPuCX
+N4cMfYmkCpU3Dy5uSZLetYYmu05X+rCwXQu6TZO3D4medEiVslbD3cQH7LmxCLxT
+wBf2foLLFAJ+wFmVmzZk26+G71vbJ5RvzL5djHPZhm6XFQcg8D2oHMfp5mIWEkCk
+VtB3/AIhxh8CIuhs1+lCsOc7XoOAZ04EVPP9kkc8o9K0rPaTzupmfHRTVuWyAQrC
+MPSYnQITQAQAN9Qg/BGgIW1qudgFJpMmjb6AS+7Ts9f7225z+SzLBkNMQggApW14
+ZIUonu/c9e/2+3baPEiVfzcfzA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec
new file mode 100644
index 0000000000..5eb952a9a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:no-ocsp-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem
new file mode 100644
index 0000000000..fd01063ac3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIUGwe4TG7p4Bv83RKwPf6KcStdBLAwDQYJKoZIhvcNAQEL
+BQAwHzEdMBsGA1UEAwwUbm8tb2NzcC1pbnQtcGF0aC1pbnQwIhgPMjAyMTExMjcw
+MDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTbm8tb2NzcC1pbnQt
+cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBkjCBjzBMBggrBgEFBQcBAQRAMD4wPAYIKwYBBQUHMAGG
+MGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9uby1vY3NwLWludC1wYXRoLWVl
+LzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAeBgNVHREEFzAVghNl
+di10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCr21rqLU8BEBZN
+oYZ/Mltq+7EXM7NKhRSBvwozcwVvBHgXO90bxogeLsXCyhW8b/zH908M1ne/0Ir2
+MuKUZy82wzLr9VSmN/3tAR4CsIftCR3gbPRgITkkvU/3sZkvZVJLaZkL9cQ7WVdL
+0fwNQR7FQx8/S20/KNa/Ud63l0QnIR2uys6KpS93iT4W2DOiC2vrHS1xja0OAw9+
+BBfnLp99KRVOXi9LHXcWyLWJU7/zW7rbJX1S/mONZbQtq8qwpzb/q0mUSxBX1p4U
+l6SY/m7Pl5Ef4RgwsMdu0zRmmmb6kQmboE/qBX75IgIZjOK5FnrJCZcR6EyV60uu
+jMeIG7hs
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec
new file mode 100644
index 0000000000..623057e9e9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:no-ocsp-int-path-int
+subject:no-ocsp-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem
new file mode 100644
index 0000000000..ff07be395f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAdqgAwIBAgIUTZjDIERCE7WIkgtKaDPqLLkqk9IwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMB8xHTAbBgNVBAMMFG5vLW9jc3AtaW50LXBhdGgtaW50MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+ozAwLjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjARBgNVHSAECjAIMAYGBFUd
+IAAwDQYJKoZIhvcNAQELBQADggEBAAKFwKsNxeiFmmVyq3YsF2tS11eJJ0/n/KzC
+G4t39HZWfWw8u2osQpHn1O2+L0YhRBNpYX85GgVKSPYzjsptfTmIcAyAWdlJsK5r
+Np9LHrsx65A7cFkKxD6V7FbG1YwL+VbD7qkEZBy3SqFe6m7hQ3om0LgWpaNu756x
+TJeZdqNoSwvtbPdH/GYId1dTj8KdTDncer6eBfefcq0yCoNA1zphgdBMRVBPjXj8
+MFJEd+PTkyDzuTvBG5nB0ChZQ+ca3z8w38rI0KZTeWKH8mW3IU4dSj4q+8ZGymv6
+O1BYsVGr7Z4M//zJ70x9c5+jgDyam7LtxRpsd61R2/sVfqzJVTg=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec
new file mode 100644
index 0000000000..548241de3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec
@@ -0,0 +1,6 @@
+issuer:evroot
+subject:no-ocsp-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
new file mode 100644
index 0000000000..150eb3dfa1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIUVY/VRh2hxRcuAlpF5eXruz6Rbi4wDQYJKoZIhvcNAQEL
+BQAwHzEdMBsGA1UEAwwUbm9uLWV2LXJvb3QtcGF0aC1pbnQwIhgPMjAyMTExMjcw
+MDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTbm9uLWV2LXJvb3Qt
+cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBkjCBjzBMBggrBgEFBQcBAQRAMD4wPAYIKwYBBQUHMAGG
+MGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9ub24tZXYtcm9vdC1wYXRoLWVl
+LzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAeBgNVHREEFzAVghNl
+di10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBXgdfedO5sSJJE
+n1BMPeTQIZvhXADPJuQfw589m0J3KZIyQrZvpKJpnx70FcfnTx2ef1QFGrRPT0be
+ikVjzahGsKl2YZxJTHsfsYIBtXb3gxJhWMOWjp/o61yJoMOxuv3+sD1FeK15F73R
+LIwZ8FJw+kPVQr6nHKg/KxZ2x6z9AUzxr0vrbEXbClopnIoXVYT2YsnBLASlPKjk
+iHxuR4AR31ue9T38Y2p8eTKAyxssqE5DUYeRlS6RxHQKf3zNPIDlYoU6K+CpXp/R
+aGjUAsUGyFqEXSrqoiYrMthUmkESpgY8pj8gaFwwElIgrhL+TEJDLYVQtRcZf+9/
+NF21J9M2
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
new file mode 100644
index 0000000000..9895732b15
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:non-ev-root-path-int
+subject:non-ev-root-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
new file mode 100644
index 0000000000..fabab40b3d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAjCgAwIBAgIUL2l0QIXF1lhAxtAsa96UcJ2xVv0wDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNbm9uLWV2cm9vdC1jYTAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRub24tZXYtcm9vdC1wYXRoLWlu
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAAaN/MH0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTQYIKwYBBQUH
+AQEEQTA/MD0GCCsGAQUFBzABhjFodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgv
+bm9uLWV2LXJvb3QtcGF0aC1pbnQvMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG
+9w0BAQsFAAOCAQEAVcD0UEY9IIAhyuk9cnSrU9rf28agFR7Gs3YOQUqqGePrNf1w
+ZwiFB3cHGaroBlFYsV9PHRM/o6kGKXiw+c5uo0vTQMAb8+/YcXUYL2eYBZMCIUDx
+Z9yzPUZenK9WBaZCcWFBcoZsWSMb/CV0AasRpM8VMxQ+i0IejzF/Jk1FrfT1+jSO
+H0EoUETMNx8ULbiUh3OWvTbTG5emiBIKA5YdhCQXwaqsB3tqwAz/fu8aYjf3zP3C
+h8PjV5pe+hMk0vkkAekzdiJQJYodPEn0VZz4wiQn9KOtFFGO0PJ9JDxBQLCDLFza
+07HSkmRfF7+Z3Nf9zEiYkuZZiRXWhE637X+rpw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
new file mode 100644
index 0000000000..5ce035ae1e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
@@ -0,0 +1,6 @@
+issuer:non-evroot-ca
+subject:non-ev-root-path-int
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem
new file mode 100644
index 0000000000..345485e228
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcegAwIBAgIUBfqrswEJGDjE9nm6ejtjD0kklVwwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNbm9uLWV2cm9vdC1jYTAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAYMRYwFAYDVQQDDA1ub24tZXZyb290LWNhMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+ox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AQEAgp5QqEQH2DbmS5o6AFElwUJqETVSj82Mh4x8MmMWX5kx/f2oRMYGd3fuqirQ
+fgZFyp6z1O0Ei+sosKj6B5tsZKcEEIKBiOGJeFPv0XAVeny0GSN/UsCNpJdPI8bA
+WzuwDFCL62a7Rh7rbViNyzEWw8PUwsNjziRUx6TcgbvFahkW25vJJr4mmOiE26zw
+5kqI4AAqVHpzy89p11dsKld30Y122TdLuXVwvuE2Al1w3tW9HK8oeoQPueHpMQcz
+i1SUAZdSSQ0MyOVWVWz6uGEWU+7iSYCQrwLR9eIfpOku8Pb6C6olsYYm0D6vG/a7
+1O2Tm7VL2prtY5lv503AKF7QHA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec
new file mode 100644
index 0000000000..7b61447a80
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:non-evroot-ca
+subject:non-evroot-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem
new file mode 100644
index 0000000000..9c18903539
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIUY65iIQOPqad0zzesK3FOt5aVmeIwDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbcmV2ZXJzZS1vcmRlci1vaWRzLXBhdGgtaW50MCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCUxIzAhBgNVBAMMGnJldmVy
+c2Utb3JkZXItb2lkcy1wYXRoLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GiMIGfMFMGCCsGAQUFBwEBBEcw
+RTBDBggrBgEFBQcwAYY3aHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L3JldmVy
+c2Utb3JkZXItb2lkcy1wYXRoLWVlLzAoBgNVHSAEITAfMAcGBWeBDAEBMBQGEisG
+AQQB60mFGoUahRoBg3QJATAeBgNVHREEFzAVghNldi10ZXN0LmV4YW1wbGUuY29t
+MA0GCSqGSIb3DQEBCwUAA4IBAQC1RiorsYhREaYYkyTYNifb2XLtf5R2diikyO9E
+P+ZObrMhOtiQuGymn/HmhX37bv+lcginsTP+7UhUyAtRrWYFZ/+KFiwogA0X0gVD
+w6XbfCeExMc1PhyaCMTafIxbNjg0E4oaZZMZ8uM8ekxCXJoNVe7hms7AIjofQZkI
+0UTcr35l/8QPwKHdMWarQNNGk/hLfrlKEl+aYCySi1VXmJDFfkw2Ttd75pEaDjCP
+Lmx+8EUKqgLvwWJZ23b9+NbjYBwoS5E25qmd4v+nTykL0J6qYoIIiw3SzppsBE48
+Upeg19FmitAsp19J43mVB9/qvwvrreKs3Sjh2eDp64xmmbDm
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec
new file mode 100644
index 0000000000..31e3e69e53
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:reverse-order-oids-path-int
+subject:reverse-order-oids-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem
new file mode 100644
index 0000000000..7b1255309b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIUMWXAuy7fu9hNxa2wdzYNdAbnEfIwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCYxJDAiBgNVBAMMG3JldmVyc2Utb3JkZXItb2lkcy1wYXRoLWlu
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAAaOBnjCBmzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBUBggrBgEF
+BQcBAQRIMEYwRAYIKwYBBQUHMAGGOGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4
+OC9yZXZlcnNlLW9yZGVyLW9pZHMtcGF0aC1pbnQvMCgGA1UdIAQhMB8wFAYSKwYB
+BAHrSYUahRqFGgGDdAkBMAcGBWeBDAEBMA0GCSqGSIb3DQEBCwUAA4IBAQAAgTzv
+rOKCCIsum1ejoJeKdCLVhOoYdkLwMvQPx9GrDrkOK0xBT/hS7CPgKoeni0GTFk8A
+VIKO9p90STMWeAAvkvVoPbMMCjgirXf6H6BXnWBzROu5KQMEmCnozrGj7KlaNcFj
+r8IjxvhKsAHzbIBnPorH2/ksXmai+34XOTDdSzXIDQvfPu8wZHU49xgwFArNfsh+
+m7cwPdqnk3zeBlQ5aMWZyRJG86LeTO2fTvMsyHxlL/p5SYb1JPWyK03qUwKpfKvX
+rRqNqmUapWvsVBdAU60yLPipNO/mw6I10HJ1v3ZU7fdYeoOV/gDl7RPquPnV73Ff
+tt+m1SpB9l5StlS9
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec
new file mode 100644
index 0000000000..a2b523073e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:reverse-order-oids-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-int/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 0000000000..5439295f29
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIUFUZzpOeJ6SMwLH4GMYnNKJQ6J5YwDQYJKoZIhvcNAQEL
+BQAwPTE7MDkGA1UEAwwydGVzdC1hbmQtY2FiZm9ydW0tb2lkLWVlLWNhYmZvcnVt
+LW9pZC1pbnQtcGF0aC1pbnQwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowPDE6MDgGA1UEAwwxdGVzdC1hbmQtY2FiZm9ydW0tb2lkLWVlLWNhYmZv
+cnVtLW9pZC1pbnQtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBuTCBtjBqBggrBgEFBQcBAQReMFww
+WgYIKwYBBQUHMAGGTmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LWFu
+ZC1jYWJmb3J1bS1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRoLWVlLzAoBgNV
+HSAEITAfMBQGEisGAQQB60mFGoUahRoBg3QJATAHBgVngQwBATAeBgNVHREEFzAV
+ghNldi10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB2gvv3BrZ0
+3wqNT7VwXUzgtvQ9gRC2l9PpKFGAPjZlN0QlOKh7q2A/efTeVr9IIEOJrvjMdepB
+0qFRuGMw8Zw+veIEv4Gy5YfHYkeNPnYXm/NkvXiWECmCkOUyxZzrqqlEWdzjkcvI
+bUVyspWmS5RjcNCJY+kFOclPRM8xqZbuyZs5gC3Qabo71cYLDW/7QobcOvmMN+P6
+1tBd5GPH4QJnJiJrSWmAotB44vdWM1guAftJhl0zf0wgr0Rxq/eUNBCm7Lc4Qv4R
+neh/1uUBXjeh8py7HCTUK5nJb8eAcg/gD6d4+HYEOik8BpLB/gDqCLyGzuy409VO
+qyX4hAhGVP8e
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 0000000000..edac2fc1ad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-and-cabforum-oid-ee-cabforum-oid-int-path-int
+subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 0000000000..7fb0c8a643
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIUI59mCZyqqA1n9QHKquSu1nhheGUwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMD0xOzA5BgNVBAMMMnRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1j
+YWJmb3J1bS1vaWQtaW50LXBhdGgtaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GfMIGcMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMGsGCCsGAQUFBwEBBF8wXTBbBggrBgEFBQcwAYZPaHR0
+cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L3Rlc3QtYW5kLWNhYmZvcnVtLW9pZC1l
+ZS1jYWJmb3J1bS1vaWQtaW50LXBhdGgtaW50LzASBgNVHSAECzAJMAcGBWeBDAEB
+MA0GCSqGSIb3DQEBCwUAA4IBAQAzuiRK8DbNihTSeXbgCz8rEAVK864Fyl+nyPoo
+eMvIp/Xwb2lKakji3IRX2xqJuQR6sdckn8RyzVvvMzZHGXto+DbMnNPh0ACmNE2x
+8rg+OBnNun8da0oP6gIlnl2q2eRP6XbQtQ7w2DSbbHJ7QvNyi77EjgMVOU2ZiE0M
+yeWHvL+OqwqgB6ZsLRWjQeKu/iTKHh5EGG9yPQl+2TYOlTGAlBjpKDyptwA17CW3
++tnXODlgGDBo3hLyFNStKG2JxtpJTwDn4k7IVJ6pJjFmpCNMXpcc9McI6xl6bBy8
+nXKJaRSM4wlJs8sPe4BMnCaSsUayoLEvzwnEu7vW71cOjmzA
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 0000000000..68dfd00573
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem
new file mode 100644
index 0000000000..087d1f05e4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIUYT7HpFGQFkg/E790SoVkCNUtYn8wDQYJKoZIhvcNAQEL
+BQAwLDEqMCgGA1UEAwwhdGVzdC1hbmQtY2FiZm9ydW0tb2lkLWVlLXBhdGgtaW50
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCsxKTAnBgNVBAMM
+IHRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1wYXRoLWVlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GoMIGlMFkG
+CCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAYY9aHR0cDovL3d3dy5leGFtcGxlLmNv
+bTo4ODg4L3Rlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1wYXRoLWVlLzAoBgNVHSAE
+ITAfMBQGEisGAQQB60mFGoUahRoBg3QJATAHBgVngQwBATAeBgNVHREEFzAVghNl
+di10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBDRKyEcWf9alVl
+a/qcpHwuJ1+5WGxFv88ZPo6CTav77YrxUdOxTt8abQh2AMMZcJ/Nucerm7eiESPK
+2KO/fgayLkDqsJ0BBz+lpz6WmWk4puvQYNW5C3+FLvpgCI79kksva3h2WcOwRPrN
+YmiITKnZsgzFxrU6EkRjgO/OQBlU/azBS3kHhWYPEmnDGtr3rjr51wBAXUwMFxcM
+fxmopVMe/rERRoStxGvXAFNLfCBGFrcLSiMPB//BN/3Nk24iHrTvjzofF70oeOV3
+kcbYlCvpTF+bg9SzLvpOHqwxCiC9IrOA4D3jQmFv8Udo9QCaGC56IJTua+rhoWqm
+e9viX7js
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec
new file mode 100644
index 0000000000..affbd87458
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-and-cabforum-oid-ee-path-int
+subject:test-and-cabforum-oid-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem
new file mode 100644
index 0000000000..cc2f45d3ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIUb2D4HeEORbizbOLDdYEKZeydFOcwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCwxKjAoBgNVBAMMIXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1w
+YXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBjTCBijAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBa
+BggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAGGPmh0dHA6Ly93d3cuZXhhbXBsZS5j
+b206ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1pbnQvMBEGA1Ud
+IAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAnxGTQXg6kASA3iTx6F//
+1NJjcf+xLthZA4Nr6Hr36gmgMwIPi1TQd40omtwIs+BcTXRUJsXkvW/NfRB2GIV2
+Zz1+2ViUMp95O98fVnIC1rJOvVha2t6Ct6jUGx9pznghH/5WR8yaK3GUCYjKO9Cn
+t67wF8ff6/GTXxenyCHp8iAffUJOhiXinDEYZ7DF0ylzYCrFr9hUlNicNMCIOLLe
+jeb+aD55bn8lvwgnErNIweOG+DKn3yWjjfnvVLn/PATg1xGRLe86MZgA5VzYU61q
+rEx0y6dlaxpfISarNfuicLrznf67bNXCpU17tyeITzxBCIfokDdeW1VxwWVVlS5K
+Aw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec
new file mode 100644
index 0000000000..11630b4b4f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-and-cabforum-oid-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 0000000000..a49017dd4a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIUBz5FscfzmfpyDXtVsfMuu/CYTkcwDQYJKoZIhvcNAQEL
+BQAwMDEuMCwGA1UEAwwldGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRo
+LWludDAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAvMS0wKwYD
+VQQDDCR0ZXN0LW9pZC1lZS1jYWJmb3J1bS1vaWQtaW50LXBhdGgtZWUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+gaMwgaAwXQYIKwYBBQUHAQEEUTBPME0GCCsGAQUFBzABhkFodHRwOi8vd3d3LmV4
+YW1wbGUuY29tOjg4ODgvdGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRo
+LWVlLzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAeBgNVHREEFzAV
+ghNldi10ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAH14OR4H62
+ENgeo7uXk6xgY01XulxL2jT4a/RY2Dsja43yjevGACMSO3X07y0MbjmPUtCS8vyo
+x9zr8deVnh+4fllU1Q7IZFDraje0qnOueNOtFeYYM6GRt/6fMMikE5VrcOtUkjo8
+b4IRru3eWt56JdUr/sytkDEUGSZiP2ipNXDNhvHKO6KEDuJETwPmOMSS0QkxnisV
+o1s9/tkrQV5ZNoZ3lgrK8hPIV4oHuJJnFyMtkcvLiRoN+uGVVVZL3jwTE17PlG2N
+/pVVC4vZmZPNCIZyzXjfqifzg2vWPTAFdBqy0L+3nUDrGvXswrnKVpi8MbCzFJM9
+ZoOHfu2/Ncex
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 0000000000..bd0f955ada
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-oid-ee-cabforum-oid-int-path-int
+subject:test-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 0000000000..70c6974db9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk6gAwIBAgIUMcttbpnyWBC8D4SQ5L52xqdAchgwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMDAxLjAsBgNVBAMMJXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1p
+bnQtcGF0aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjgZIwgY8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
+AQYwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzABhkJodHRwOi8vd3d3LmV4YW1w
+bGUuY29tOjg4ODgvdGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRoLWlu
+dC8wEgYDVR0gBAswCTAHBgVngQwBATANBgkqhkiG9w0BAQsFAAOCAQEAkWY3TNtZ
+uIZDgcBslHPsaNJ9CLy88Uv6WK4+0r07WeTK4m716cHARRzaWfG/saYZErCD3wPy
+PXsDvzHH5TB7NYcDO9wGFvHyqr8nM6Y0g675LJZO/MIv/F+6cXnidGFpGQYAyN27
+oYlsg5UxHVf85unSWdYOekEk3Vb3j7yOyDyJlfPUjekCrFb2IXwGCXV8vwySnH08
+sOozuXxRL+IMOqhgXwSygP+uKIOpDTCm+ab9LCQ9rXrS/nSeP5dqsCTwSh08YUYW
+R/7drxxbAIP4hkdfypW+qNSFhVUagRqyNPOlyclnXiT/ECPbvZTJO2aVUnq/2wgf
+AACvPx4gGI/gPQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 0000000000..37d4d133a1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
new file mode 100644
index 0000000000..b28d658f34
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkGgAwIBAgIUP0QPDJYHS8iqIxQh16sMCzUo2J4wDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRdGVzdC1vaWQtcGF0aC1pbnQwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowGzEZMBcGA1UEAwwQdGVzdC1vaWQtcGF0aC1l
+ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAAaOBjzCBjDBJBggrBgEFBQcBAQQ9MDswOQYIKwYBBQUHMAGGLWh0dHA6
+Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LW9pZC1wYXRoLWVlLzAfBgNVHSAE
+GDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAeBgNVHREEFzAVghNldi10ZXN0LmV4
+YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAulta+AvmR58Lr0CzIcRHSFkx6
+OAXxS7qxSy2DhfMucxyjIGFiL5GTFZ+PjZjpm7kBavXAq3s42/6gYaoUsTWy+exE
+G2wSV22L2iU0zTPJExtcOciLaWpX90yqUZN9ThB0WCosLGg9GiLfZLjlmX+IL0bC
+bGmOMmxpk9wCEdQbQGkSkkucZaPONST/n3W4g0eYzlCiC5bY45HnEbYPVxGKDd1P
+xTcJqEsbxffNflSAMyY4c5+KEY9DFpdXeKJvfAddoT61bBbrUHvi6g4xo+fBDfgP
+Zz9VeBvUMILYrbpFyFBmQL2rd8pCFnUcC7M6+HrSHdrXwAZWKiNmATFexWS4
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
new file mode 100644
index 0000000000..a9d62c65e9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-oid-path-int
+subject:test-oid-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
new file mode 100644
index 0000000000..ad2bd1d509
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUQ9qTdUCkE4CVzUr1Rvfr0N+HsVkwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMBwxGjAYBgNVBAMMEXRlc3Qtb2lkLXBhdGgtaW50MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GL
+MIGIMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMEoGCCsGAQUFBwEBBD4wPDA6
+BggrBgEFBQcwAYYuaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L3Rlc3Qtb2lk
+LXBhdGgtaW50LzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATANBgkq
+hkiG9w0BAQsFAAOCAQEAGmKNKoN7WoJUTqRBPdDm/acbFxtmXXSwl9SdxQ8+yW9w
+ukE9nqMii5V7viy+nimZ96ggcvbGsjZmyL9yMbG7nDyDbMI8z7p+5IaHY4pjPmu/
+JhWaMLneZDIQNADn8JOtBpwkGPRlKzDPBwjMBerfDXBxoj384iZZNsBCB0BLQgdx
+oQL+yrHXCq882e1KFkl+j0JJhvqiNHE3A6WPPcz/iaHm8kKRfjYNIWWapXLlEyv1
+06QQew0gPEmUUZu3nK76gvmxGqJOg4MV9ahCOW4R5ScHCyBH7QNZzlRRwmobfmH/
+gVfq9IkiIV2PXiic+YiXUlERvXElRzLamt/zWaHk6w==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
new file mode 100644
index 0000000000..53534eb526
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-oid-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-int/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/default-ee.key b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.key
new file mode 100644
index 0000000000..a926a54efb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIZFAPVcQvxWiZYGM
+1C7W/t8JrdkteLGOeh6f65VSRwKhRANCAARPv7u7YeD4+bGmClmshwTi7AULQj48
+9y6SPyxPeUtFXCpp0jNFbDbEEZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbA
+-----END EC PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/default-ee.key.keyspec b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.key.keyspec
new file mode 100644
index 0000000000..03c3ce198f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.key.keyspec
@@ -0,0 +1 @@
+secp256r1
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem
new file mode 100644
index 0000000000..a5c0e04b0a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMjCCARqgAwIBAgIUQQv+1NaQ2YW3zROTKhMXi0+z4+kwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaZmF1bHR5LXNlcnZlci1pbnRlcm1lZGlhdGUwIhgPMjAy
+MTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKZGVmYXVs
+dC1lZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYKWayHBOLs
+BQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME6qBKpsCj
+MTAvMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBgGA1UdEQQRMA+CDSouZXhhbXBsZS5j
+b20wDQYJKoZIhvcNAQELBQADggEBAIa1n0PRvEO1vobr+MUhrdC2pkjrf3BkPofv
+UMX0GArZsYtkZTnB073ZuzRMaR1RNnEbCerDC8ibxVQzPqc3+HjCGhxUH8Mv6QMl
+K/F9FixiEHSiWOocGpSqNIbUtLFTVJOf7GC7GvT5a3rvAzMwtujetHKw+3QzgpZT
+Ja77qqxE1VJDdjnaXGgUc1hUfiNGPy1bh4/Eed/nLIbeDYDP9TfvvkhNTc3mb/vG
+LIxhaAXuQmxm3vHJl7ewXSzL+3g8Slr+LycODwv07SCz5ZYkY42ahqDlELKlkcwM
+O867QbO8leAZV2B/6ugEZJV02Sho1fNJkE/zYr/yBpZkTHqB3Uc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem.certspec b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem.certspec
new file mode 100644
index 0000000000..5d471da110
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/default-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:faulty-server-intermediate
+subjectKey:secp256r1
+subject:default-ee
+extension:extKeyUsage:serverAuth
+extension:subjectAlternativeName:*.example.com
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem
new file mode 100644
index 0000000000..c896de631d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICFjCB/6ADAgECAhQJA7Qytg0FIuJ3Y9mQfFhL/MXBgzANBgkqhkiG9w0BAQsF
+ADAlMSMwIQYDVQQDDBpmYXVsdHktc2VydmVyLWludGVybWVkaWF0ZTAiGA8yMDIx
+MTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAUMRIwEAYDVQQDDAluby1zYW4t
+ZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARPv7u7YeD4+bGmClmshwTi7AUL
+Qj489y6SPyxPeUtFXCpp0jNFbDbEEZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbAoxcw
+FTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEACQkHi4sl
+CReY+YWeZ7YCkzCt0UYHAlrd4F86n4GEJzXrjdrorzV3R4o1tNQtbDBJVIH3OzuM
+9xH2L7brtnVFP/INP4imkOFwvJiibt24hYssKTVS7vOh6VoIKF2QqLPh2mEO3u5g
+0w7D1xIIqMFATeZ/ovTEJzAhM4rt4cp0sMYJ8Zx8etuK5xDdMxkVuWp+HHNcEaSd
+674tpLwD2Peeoa/n90Dp8q3fxgbZ85jLetXz2Hi0WQE/nTKF3Cr1Fk+ECgCGbEL+
+DS2jbVYuR/P6EdBssZYtaCfW/Lajt9z+5+njqBGqCgfBeBN9m543xdUbvwdxFIGh
+fezZ/D6tdaeSEQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.certspec b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.certspec
new file mode 100644
index 0000000000..68eb6b0202
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:faulty-server-intermediate
+subjectKey:secp256r1
+subject:no-san-ee
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key
new file mode 100644
index 0000000000..a926a54efb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIZFAPVcQvxWiZYGM
+1C7W/t8JrdkteLGOeh6f65VSRwKhRANCAARPv7u7YeD4+bGmClmshwTi7AULQj48
+9y6SPyxPeUtFXCpp0jNFbDbEEZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbA
+-----END EC PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key.keyspec b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key.keyspec
new file mode 100644
index 0000000000..03c3ce198f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/no-san-ee.pem.key.keyspec
@@ -0,0 +1 @@
+secp256r1
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem b/security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem
new file mode 100644
index 0000000000..3d0ae14911
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIUGSmSb2HbEr51bpQzj+bUUISSggowDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQZmF1bHR5LXNlcnZlci1jYTAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjAbMRkwFwYDVQQDDBBmYXVsdHktc2VydmVyLWNh
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEARaxPN9ImyTHcTq2l4hCl3vybWKsY+RLOT0cap3xqst1htZbkoejV
+sy9OrA6jMe7k6N7IquopV/3ZuZTbebQZwCP+82HDs48yL20ACrUU3rlQJoOPtTJf
+7yUskA0ztDYkRtuV3KMWoscxoVFGoMIXwzjskUxy/Rp6+vKTuf0gvF+zd4iQzZ11
+oZarse5nF5pSxiFxQscep44bAh9Wnt8cMkUqoXgOc0hJE2MV/Kn1bLptNDVRyVmk
+2e6403EsBzmAjfy7yLLx/mpz2Fl+XgztP52AwK2V0TcWxaHg29cRIc16si0wNqF4
+2xxhvYyAUMArnzvKgRHXHqZbuyyaHV762A==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem.certspec b/security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem.certspec
new file mode 100644
index 0000000000..bcbf751bb2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:faulty-server-ca
+subject:faulty-server-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/test-int.pem b/security/manager/ssl/tests/unit/test_faulty_server/test-int.pem
new file mode 100644
index 0000000000..9964b1ed68
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/test-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdegAwIBAgIUFXP/lk1Ozpz/foBDAI+E6dPYOJkwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQZmF1bHR5LXNlcnZlci1jYTAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjAlMSMwIQYDVQQDDBpmYXVsdHktc2VydmVyLWlu
+dGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAKKRqr0ubyrDGcUcswUGJGZXcvCZryaa3vbv/ccm
+G26nli+ANlthqjwnInKP1sdTjbk/BnhsOXrs05ygSdFuW/dOZqkeJKlPXbeFGF8i
+wnJb0gYdceBoTqyJ7H83AIVYJbuP5JMR78CE/iFOUv+43OaRQAMQdppcMiyq49oU
+hXMxsVuXOFelUD0XZSP/oAlrEXxeyAVkBJS2iPAN+B3Mxe9CVmkuibCZ47dsMHYr
+LEtzbdKVaO8pg+FHEMiv95Wtx2fBDX+6mhPHbXo21pn8jAVV0uHR3u+CwGvGcMrL
+Y94oWHnU2ojPicyhuy6NOH3v3RxACFW0jQV0sH/VK7bh8Ts=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_faulty_server/test-int.pem.certspec b/security/manager/ssl/tests/unit/test_faulty_server/test-int.pem.certspec
new file mode 100644
index 0000000000..5be535c81d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_faulty_server/test-int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:faulty-server-ca
+subject:faulty-server-intermediate
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
new file mode 100644
index 0000000000..3a595a3e08
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
@@ -0,0 +1,119 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * vim: sw=2 ts=2 sts=2
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Ensures that HSTS (HTTP Strict Transport Security) information is cleared
+// when using "Forget About This Site".
+
+const { ForgetAboutSite } = ChromeUtils.importESModule(
+  "resource://gre/modules/ForgetAboutSite.sys.mjs"
+);
+
+do_get_profile(); // must be done before instantiating nsIX509CertDB
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
+});
+
+const GOOD_MAX_AGE_SECONDS = 69403;
+const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
+
+const sss = Cc["@mozilla.org/ssservice;1"].getService(
+  Ci.nsISiteSecurityService
+);
+const uri = Services.io.newURI("https://a.pinning.example.com");
+
+// Test the normal case of processing HSTS headers for a.pinning.example.com,
+// using "Forget About Site" on a.pinning2.example.com, and then checking
+// that the platform doesn't consider a.pinning.example.com to be HSTS any
+// longer.
+add_task(async function () {
+  sss.processHeader(uri, GOOD_MAX_AGE);
+
+  Assert.ok(sss.isSecureURI(uri), "a.pinning.example.com should be HSTS");
+
+  await ForgetAboutSite.removeDataFromDomain("a.pinning.example.com");
+
+  Assert.ok(
+    !sss.isSecureURI(uri),
+    "a.pinning.example.com should not be HSTS now"
+  );
+});
+
+// Test the case of processing HSTS headers for a.pinning.example.com, using
+// "Forget About Site" on example.com, and then checking that the platform
+// doesn't consider the subdomain to be HSTS any longer. Also test that
+// unrelated sites don't also get removed.
+add_task(async function () {
+  sss.processHeader(uri, GOOD_MAX_AGE);
+
+  Assert.ok(
+    sss.isSecureURI(uri),
+    "a.pinning.example.com should be HSTS (subdomain case)"
+  );
+
+  // Add an unrelated site to HSTS.
+  let unrelatedURI = Services.io.newURI("https://example.org");
+  sss.processHeader(unrelatedURI, GOOD_MAX_AGE);
+  Assert.ok(sss.isSecureURI(unrelatedURI), "example.org should be HSTS");
+
+  await ForgetAboutSite.removeDataFromDomain("example.com");
+
+  Assert.ok(
+    !sss.isSecureURI(uri),
+    "a.pinning.example.com should not be HSTS now (subdomain case)"
+  );
+
+  Assert.ok(sss.isSecureURI(unrelatedURI), "example.org should still be HSTS");
+});
+
+// Test the case of processing HSTS headers for a.pinning.example.com with
+// various originAttributes, using "Forget About Site" on example.com, and
+// then checking that the platform doesn't consider the subdomain to be HSTS
+// for any originAttributes any longer. Also test that unrelated sites don't
+// also get removed.
+add_task(async function () {
+  let originAttributesList = [
+    {},
+    { userContextId: 1 },
+    { firstPartyDomain: "foo.com" },
+    { userContextId: 1, firstPartyDomain: "foo.com" },
+  ];
+
+  let unrelatedURI = Services.io.newURI("https://example.org");
+
+  for (let originAttributes of originAttributesList) {
+    sss.processHeader(uri, GOOD_MAX_AGE, originAttributes);
+
+    Assert.ok(
+      sss.isSecureURI(uri, originAttributes),
+      "a.pinning.example.com should be HSTS (originAttributes case)"
+    );
+
+    // Add an unrelated site to HSTS.
+    sss.processHeader(unrelatedURI, GOOD_MAX_AGE, originAttributes);
+    Assert.ok(
+      sss.isSecureURI(unrelatedURI, originAttributes),
+      "example.org should be HSTS (originAttributes case)"
+    );
+  }
+
+  await ForgetAboutSite.removeDataFromDomain("example.com");
+
+  for (let originAttributes of originAttributesList) {
+    Assert.ok(
+      !sss.isSecureURI(uri, originAttributes),
+      "a.pinning.example.com should not be HSTS now " +
+        "(originAttributes case)"
+    );
+
+    Assert.ok(
+      sss.isSecureURI(unrelatedURI, originAttributes),
+      "example.org should still be HSTS (originAttributes case)"
+    );
+  }
+});
diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms.js b/security/manager/ssl/tests/unit/test_hash_algorithms.js
new file mode 100644
index 0000000000..3a42017bea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms.js
@@ -0,0 +1,158 @@
+"use strict";
+
+// This file tests various aspects of the nsICryptoHash implementation for all
+// of the supported algorithms.
+
+const messages = ["The quick brown fox jumps over the lazy dog", ""];
+const ALGORITHMS = [
+  {
+    initString: "md5",
+    initConstant: Ci.nsICryptoHash.MD5,
+    hexHashes: [
+      "9e107d9d372bb6826bd81d3542a419d6",
+      "d41d8cd98f00b204e9800998ecf8427e",
+    ],
+    b64Hashes: ["nhB9nTcrtoJr2B01QqQZ1g==", "1B2M2Y8AsgTpgAmY7PhCfg=="],
+  },
+  {
+    initString: "sha1",
+    initConstant: Ci.nsICryptoHash.SHA1,
+    hexHashes: [
+      "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
+      "da39a3ee5e6b4b0d3255bfef95601890afd80709",
+    ],
+    b64Hashes: ["L9ThxnotKPzthJ7hu3bnORuT6xI=", "2jmj7l5rSw0yVb/vlWAYkK/YBwk="],
+  },
+  {
+    initString: "sha256",
+    initConstant: Ci.nsICryptoHash.SHA256,
+    hexHashes: [
+      "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+      "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+    ],
+    b64Hashes: [
+      "16j7swfXgJRpypq8sAguT41WUeRtPNt2LQLQvzfJ5ZI=",
+      "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=",
+    ],
+  },
+  {
+    initString: "sha384",
+    initConstant: Ci.nsICryptoHash.SHA384,
+    hexHashes: [
+      "ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1",
+      "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b",
+    ],
+    b64Hashes: [
+      "ynN/EBSkj0wLbdQ8sXewr9nlFpNnVExJQBHjMX2/mlCcseXcHoWpQbvuPX8q+8mx",
+      "OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb",
+    ],
+  },
+  {
+    initString: "sha512",
+    initConstant: Ci.nsICryptoHash.SHA512,
+    hexHashes: [
+      "07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6",
+      "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
+    ],
+    b64Hashes: [
+      "B+VH2VhvanP3P7rAQ17XaVEhj7fQyNeIownXhUNru2Quk6JSqVTyORJUfR6KO17W4b/XCXghIz+gU489uFT+5g==",
+      "z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==",
+    ],
+  },
+];
+
+function doHash(algo, value, cmp) {
+  let hash = Cc["@mozilla.org/security/hash;1"].createInstance(
+    Ci.nsICryptoHash
+  );
+  hash.initWithString(algo);
+
+  let converter = Cc[
+    "@mozilla.org/intl/scriptableunicodeconverter"
+  ].createInstance(Ci.nsIScriptableUnicodeConverter);
+  converter.charset = "utf8";
+  value = converter.convertToByteArray(value);
+  hash.update(value, value.length);
+  equal(
+    hexify(hash.finish(false)),
+    cmp,
+    `Actual and expected hash for ${algo} should match`
+  );
+
+  hash.initWithString(algo);
+  hash.update(value, value.length);
+  equal(
+    hexify(hash.finish(false)),
+    cmp,
+    `Actual and expected hash for ${algo} should match after re-init`
+  );
+}
+
+function doHashStream(algo, value, cmp) {
+  // TODO(Bug 459835): Make updateFromStream() accept zero length streams.
+  if (!value.length) {
+    return;
+  }
+
+  let hash = Cc["@mozilla.org/security/hash;1"].createInstance(
+    Ci.nsICryptoHash
+  );
+  hash.initWithString(algo);
+
+  let converter = Cc[
+    "@mozilla.org/intl/scriptableunicodeconverter"
+  ].createInstance(Ci.nsIScriptableUnicodeConverter);
+  converter.charset = "utf8";
+  let stream = converter.convertToInputStream(value);
+  hash.updateFromStream(stream, stream.available());
+  equal(
+    hexify(hash.finish(false)),
+    cmp,
+    `Actual and expected hash for ${algo} should match updating from stream`
+  );
+}
+
+function testInitConstantAndBase64(
+  initConstant,
+  algoName,
+  message,
+  expectedOutput
+) {
+  let converter = Cc[
+    "@mozilla.org/intl/scriptableunicodeconverter"
+  ].createInstance(Ci.nsIScriptableUnicodeConverter);
+  converter.charset = "utf8";
+  let value = converter.convertToByteArray(message);
+
+  let hash = Cc["@mozilla.org/security/hash;1"].createInstance(
+    Ci.nsICryptoHash
+  );
+  hash.init(initConstant);
+  hash.update(value, value.length);
+  equal(
+    hash.finish(true),
+    expectedOutput,
+    `Actual and expected base64 hash for ${algoName} should match`
+  );
+}
+
+function run_test() {
+  for (let algo of ALGORITHMS) {
+    algo.hexHashes.forEach((hash, i) => {
+      doHash(algo.initString, messages[i], hash);
+      doHashStream(algo.initString, messages[i], hash);
+    });
+    algo.b64Hashes.forEach((hash, i) => {
+      testInitConstantAndBase64(
+        algo.initConstant,
+        algo.initString,
+        messages[i],
+        hash
+      );
+    });
+  }
+
+  // Our buffer size for working with streams is 4096 bytes. This tests we
+  // handle larger inputs.
+  doHashStream("md5", " ".repeat(4100), "59f337d82f9ef5c9571bec4d78d66641");
+}
diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js
new file mode 100644
index 0000000000..f2b7016c05
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js
@@ -0,0 +1,5 @@
+"use strict";
+
+function run_test() {
+  run_test_in_child("test_hash_algorithms.js");
+}
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
new file mode 100644
index 0000000000..4b09c719fc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
@@ -0,0 +1,138 @@
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function load_cert(name, trust) {
+  let filename = "test_intermediate_basic_usage_constraints/" + name + ".pem";
+  addCertFromFile(certdb, filename, trust);
+}
+
+function test_cert_for_usages(certChainNicks, expected_usages) {
+  let certs = [];
+  for (let i in certChainNicks) {
+    let certNick = certChainNicks[i];
+    let certPEM = readFile(
+      do_get_file(
+        "test_intermediate_basic_usage_constraints/" + certNick + ".pem"
+      ),
+      false
+    );
+    certs.push(certdb.constructX509FromBase64(pemToBase64(certPEM)));
+  }
+
+  let cert = certs[0];
+  return asyncTestCertificateUsages(certdb, cert, expected_usages);
+}
+
+add_task(async function () {
+  let ee_usages = [
+    certificateUsageSSLClient,
+    certificateUsageSSLServer,
+    certificateUsageEmailSigner,
+    certificateUsageEmailRecipient,
+  ];
+  let ca_usages = [certificateUsageSSLCA];
+  let eku_usages = [certificateUsageSSLClient, certificateUsageSSLServer];
+
+  // Load the ca into mem
+  let ca_name = "ca";
+  load_cert(ca_name, "CTu,CTu,CTu");
+  await test_cert_for_usages([ca_name], ca_usages);
+
+  // A certificate with no basicConstraints extension is considered an EE.
+  await test_cert_for_usages(["int-no-extensions"], ee_usages);
+
+  // int-no-extensions is an EE (see previous case), so no certs can chain to
+  // it.
+  await test_cert_for_usages(["ee-int-no-extensions", "int-no-extensions"], []);
+
+  // a certificate with basicConstraints.cA==false is considered an EE.
+  await test_cert_for_usages(["int-not-a-ca"], ee_usages);
+
+  // int-not-a-ca is an EE (see previous case), so no certs can chain to it.
+  await test_cert_for_usages(["ee-int-not-a-ca", "int-not-a-ca"], []);
+
+  // a certificate with basicConstraints.cA==false but with the keyCertSign
+  // key usage may not act as a CA (it can act like an end-entity).
+  await test_cert_for_usages(["int-cA-FALSE-asserts-keyCertSign"], ee_usages);
+  await test_cert_for_usages(
+    ["ee-int-cA-FALSE-asserts-keyCertSign", "int-cA-FALSE-asserts-keyCertSign"],
+    []
+  );
+
+  // int-limited-depth has cA==true and a path length constraint of zero.
+  await test_cert_for_usages(["int-limited-depth"], ca_usages);
+
+  // path length constraints do not affect the ability of a non-CA cert to
+  // chain to to the CA cert.
+  await test_cert_for_usages(
+    ["ee-int-limited-depth", "int-limited-depth"],
+    ee_usages
+  );
+
+  // ca
+  //   int-limited-depth (cA==true, pathLenConstraint==0)
+  //      int-limited-depth-invalid (cA==true)
+  //
+  await test_cert_for_usages(
+    ["int-limited-depth-invalid", "int-limited-depth"],
+    []
+  );
+  await test_cert_for_usages(
+    [
+      "ee-int-limited-depth-invalid",
+      "int-limited-depth-invalid",
+      "int-limited-depth",
+    ],
+    []
+  );
+
+  // int-valid-ku-no-eku has keyCertSign
+  await test_cert_for_usages(["int-valid-ku-no-eku"], ca_usages);
+  await test_cert_for_usages(
+    ["ee-int-valid-ku-no-eku", "int-valid-ku-no-eku"],
+    ee_usages
+  );
+
+  // int-bad-ku-no-eku has basicConstraints.cA==true and has a KU extension
+  // but the KU extension is missing keyCertSign. Note that mozilla::pkix
+  // doesn't validate certificates with basicConstraints.Ca==true for non-CA
+  // uses.
+  await test_cert_for_usages(["int-bad-ku-no-eku"], []);
+  await test_cert_for_usages(["ee-int-bad-ku-no-eku", "int-bad-ku-no-eku"], []);
+
+  // int-no-ku-no-eku has basicConstraints.cA==true and no KU extension.
+  // We treat a missing KU as "any key usage is OK".
+  await test_cert_for_usages(["int-no-ku-no-eku"], ca_usages);
+  await test_cert_for_usages(
+    ["ee-int-no-ku-no-eku", "int-no-ku-no-eku"],
+    ee_usages
+  );
+
+  // int-valid-ku-server-eku has basicConstraints.cA==true, keyCertSign in KU,
+  // and EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  await test_cert_for_usages(["int-valid-ku-server-eku"], ca_usages);
+  await test_cert_for_usages(
+    ["ee-int-valid-ku-server-eku", "int-valid-ku-server-eku"],
+    eku_usages
+  );
+
+  // int-bad-ku-server-eku has basicConstraints.cA==true, a KU without
+  // keyCertSign, and EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  await test_cert_for_usages(["int-bad-ku-server-eku"], []);
+  await test_cert_for_usages(
+    ["ee-int-bad-ku-server-eku", "int-bad-ku-server-eku"],
+    []
+  );
+
+  // int-bad-ku-server-eku has basicConstraints.cA==true, no KU, and
+  // EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  await test_cert_for_usages(["int-no-ku-server-eku"], ca_usages);
+  await test_cert_for_usages(
+    ["ee-int-no-ku-server-eku", "int-no-ku-server-eku"],
+    eku_usages
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem
new file mode 100644
index 0000000000..69c16a8d42
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvDCCAaSgAwIBAgIUSyYNcZmBB3Fq//SFPcSyXEpJ6tIwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAFsWYvf5u1J578KdSOtot0N4h6jCRbE41le2inKzuBY4
+bKzTckFPNscz3NXjGydHHuMA0WI1BnskiXw59dotlAsaWttq2V02EP8fPMSC0Sbx
+J+Uap+b9xONUzTTja2yBWVEI4pN47xiCAEyVWu88/XWm+Ig+HyTjfhT3a32FviiO
+4MuXaN73kJvLjzTUqk0KOtzbuhPLF6kRvycIuLEDel7f21cIbp7ezQRBaDcT+nVv
++WdlXsm8aA7GqnKNY1wBGL8FwsIcIOOeAVb4HgCG4FXp4eKODoexywRu3LP9yN1u
+XAy3x+0wUWp85H3CQuTD7p76ZR1Ui4soSHDs0DdRpkc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec
new file mode 100644
index 0000000000..eb7c4b4bee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem
new file mode 100644
index 0000000000..b92dc8fc03
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAc+gAwIBAgIUX2dsScLlfW4gR9BgNZCZQUmGMVgwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaW50LWJhZC1rdS1uby1la3UwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowHzEdMBsGA1UEAwwUZWUtaW50LWJhZC1rdS1u
+by1la3UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgP4MA0GCSqGSIb3
+DQEBCwUAA4IBAQAwovJGGbmC872VetJzSnRzUuGG5tPdn6OrnalmanwsZipR5yzd
+tNe+V3olt3kh9CS4M0aU8dB1Usu3VX35yNXMFAl1pa0wtgOWm4wU3iUu5e6XYoak
+X1PM6FysCbiJoaRejhKJdt525zVomVZ/4v+Ww/OxfGfvqXOgfnhEkdVBDNsO02qx
+RoDWllKKz+fjQbHfwN65VFMG4qFSeCBAo58+pTWapJgNT6rprIsmfqAX89lnpAyY
+NhgWCSczyLtHL2voIeabbOWCpL4WjKp4yj2hztrlRuvWTnOzbZaiydckXnorkfmD
+AVxdSYCZJT5zf+kDUFj7rSS1SfgGLEXa6uHW
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec
new file mode 100644
index 0000000000..390adf2344
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-bad-ku-no-eku
+subject:ee-int-bad-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem
new file mode 100644
index 0000000000..6602f1d911
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdegAwIBAgIUaWcqNQwNMI1aFqgOG5mw0z0Ph8kwDQYJKoZIhvcNAQEL
+BQAwIDEeMBwGA1UEAwwVaW50LWJhZC1rdS1zZXJ2ZXItZWt1MCIYDzIwMjExMTI3
+MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCMxITAfBgNVBAMMGGVlLWludC1iYWQt
+a3Utc2VydmVyLWVrdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCA/gw
+DQYJKoZIhvcNAQELBQADggEBAFK/ct1l9T0Hs5cOB/yhXWKbEwp74UCZvwKzgpuc
+VslyzB3GPHl8a8aOvastiSgBEzsWzOuGlKprqWsGozG4jG2KHLZWHWG535vjISIO
+wrHyOv20wjgTmMca0osxiQxWumQG7HupZZou8xlbm9XDrFVFriWtvXD88sxhvy6r
+DwtFFzTVXqE0W0LC2KVxFMI6oWIsviYClsAovQLBdMUwjcKpyJj0KFGf0158ncMv
+bkdZgO4uvn+BdUTlbnhyJXs74iSgau7D7t8zCT92CcLojI4+Q70rVt6fw3ZqW/wo
+6s6x+LfPkvkiOBifmhUJGxNOnYlIgxos9Jl1Gi+8nRyxgaw=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec
new file mode 100644
index 0000000000..32bb6c2485
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-bad-ku-server-eku
+subject:ee-int-bad-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem
new file mode 100644
index 0000000000..611c93cc97
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIUCQnY3uTX2s9L1e03jirXWhQ8u0QwDQYJKoZIhvcNAQEL
+BQAwKzEpMCcGA1UEAwwgaW50LWNBLUZBTFNFLWFzc2VydHMta2V5Q2VydFNpZ24w
+IhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowLjEsMCoGA1UEAwwj
+ZWUtaW50LWNBLUZBTFNFLWFzc2VydHMta2V5Q2VydFNpZ24wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjGjAYMAkG
+A1UdEwQCMAAwCwYDVR0PBAQDAgP4MA0GCSqGSIb3DQEBCwUAA4IBAQCASFIVTN69
+PWqwJI0aACKMn9re9uVfSjXEljM9rxFCCYtW1lcTm3tqMq/Hn4BEa4hIBFGDADOc
+DNAhvzIaLOWjxWPcKdxWSUsbg5QJ9M60yqUpbIMw6Y4igQkIUMZG8gOEqnvL2jW1
+dJnjpuBFNXKfW5Ww/WurNXSrz/M+z+6jSn3LCB3pzOpBrAIXYqul+4J0S6mJvXdZ
+hP41/f2s/2r3pl91M/ZlE2uJtEPiGXlXxc5biHl9NxahBi8ZtO+dQ9fQX34Kj3y+
+SjAl594g+9zBpLyeoMJIu4h8cUSKbfCGEwrhlkWL5r0i2NCvdOjh/rVhAhuYoUKe
+D/AGM1NDr5tC
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec
new file mode 100644
index 0000000000..9e0fb65fd6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-cA-FALSE-asserts-keyCertSign
+subject:ee-int-cA-FALSE-asserts-keyCertSign
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem
new file mode 100644
index 0000000000..0313f22fa3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9zCCAd+gAwIBAgIUJTkDPPQhp5SptWJuRzUcxOQpGrwwDQYJKoZIhvcNAQEL
+BQAwJDEiMCAGA1UEAwwZaW50LWxpbWl0ZWQtZGVwdGgtaW52YWxpZDAiGA8yMDIx
+MTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAnMSUwIwYDVQQDDBxlZS1pbnQt
+bGltaXRlZC1kZXB0aC1pbnZhbGlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID+DANBgkqhkiG9w0BAQsFAAOCAQEAo54m8X4ZIwPI62dxL0v5YlxaR32S
+8EEnFzpp9ZDKIDxBAjKdY8YLkbhXF/7VTAbqdQJIWZYsFjHVRKvzjgYQzei+oi9K
+fc8HIwFKTaKd+MDcoLzMXm8J4ykRuz482C3jE5SnjwkaGnWWyMH7DLvqd0A+iUzI
+FQhmwQmtiG1O5poN+qCJQmfXInPOs2ne0vKKM679tAMnWFD0qG+nL2+YRba/TJ5T
+unSmCpRbQU/t8obecB38wa67tSC7u9YZ8ot6vWO7BlVe4NWU7eP71JFFCyl891fY
+hD971ulMb9AKsujEhCIqjlcq9Eq64w6ZPFyVhy1P/Mp8dpJg+krXY1yUXg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec
new file mode 100644
index 0000000000..f00b4d1591
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-limited-depth-invalid
+subject:ee-int-limited-depth-invalid
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem
new file mode 100644
index 0000000000..7b206b3253
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAc+gAwIBAgIUTfEUPuNAjYMBNO7pTXwAW4m2QywwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaW50LWxpbWl0ZWQtZGVwdGgwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowHzEdMBsGA1UEAwwUZWUtaW50LWxpbWl0ZWQt
+ZGVwdGgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgP4MA0GCSqGSIb3
+DQEBCwUAA4IBAQBGRRnLNAucxyYbATTURGI3VH4aOQS5QfZI6X2Alga7U4odlAsN
+l2wZzETWkgLh5PomEW85l4QGw7nt9AGqu+bVS1e7V4DTLdrNFPpMdjcxfBi36tUl
+pZbvzW09pFO9klTUovL3i1i4KtY59wohPHsC1Px46sr1U1kMZbYxcGQnGtE3cerl
+Pbfx1XuLInk1shMU/XnFn5gwtZLkPdRWcHJAjdPpH4DEyMxyiU7Xkq7j/5PmZp3R
+eWFEh8B6Ww77kR9PgFXw9i3evQSwG3HKWiLvkpcfffHc73FQJC8Thhx7DrQqFyGp
+RzG07oNPjprOIwm6GTWNcQ6bDvOksajKhONU
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec
new file mode 100644
index 0000000000..df85342d98
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-limited-depth
+subject:ee-int-limited-depth
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem
new file mode 100644
index 0000000000..ee57cb363b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAc+gAwIBAgIUO9f0kr95LgU+xDs1PzAfLOKqnBMwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaW50LW5vLWV4dGVuc2lvbnMwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowHzEdMBsGA1UEAwwUZWUtaW50LW5vLWV4dGVu
+c2lvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgP4MA0GCSqGSIb3
+DQEBCwUAA4IBAQBBAowOTcEZ1VVW0v7xgIo1hga8cgsgRZHVfvh5n9AuEQ0D+l7e
+tZ/oJFNOloyXu1hfTMCNbSE16trQWAE6b6g+3VsvJvwjYdWFJP6t5JgB3M6IvK+W
+nETRBUw5rkcLASwJfNKWZoYvbblgm9q5AbqxcWUQD35vOunNSr+5qp8RwLzFP/Sl
+8SkRS/vwNZALOZ0y6+OLuvw09m+rtrn+PRfxNLnOA0os7M8AlbEJXZoUkmlf2BlP
+AhkHu3v2ujS11eirT7bQCMU2hB0qHr8W8e/PdsBvnjppv/F4/FPdcbH463q4DFV1
+rzUvWbWHFIt4AqdMZFibyQcSVwddPf5dcZzK
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec
new file mode 100644
index 0000000000..c5279046d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-extensions
+subject:ee-int-no-extensions
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem
new file mode 100644
index 0000000000..e356ecf72e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIUX5IwL/hJqOZ0Iyh2OWGyGSoA0kcwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQaW50LW5vLWt1LW5vLWVrdTAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNlZS1pbnQtbm8ta3Utbm8t
+ZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwID+DANBgkqhkiG9w0B
+AQsFAAOCAQEAONTwF02LG0ZbucYtE7aGaaOP7nG6jZPiT8VPI19y77GVEFNwt+zW
+FtDq/80SIJj1mIzJ4E9oTNUi2v5VxG5m9Slc2VAf2iZfGHdNUBO4gfYKm9waYjqd
+cd7vYA7hEm+K+rMdhgc4TVf4c+I1tK8JtifycRMTZSYSaBeNb7SruB7ZAb+1QhvI
+e8fMYSrZSKpHbE85CfOMHXF/sKJeojouBCdPpYzQRrQ9rbGyQTDZoEqBqdcbuAZo
+m7gCtobppcjq3bBgxrdnPeTU0DMnhS/t5WLzEG28mTcwndIK9OVkZOrxgNTN5Jg8
+qTIRfVlgTurQm6S8BL+c/ncONJObKPwevQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec
new file mode 100644
index 0000000000..92ee3cc6d6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-ku-no-eku
+subject:ee-int-no-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem
new file mode 100644
index 0000000000..e5a5e0bea8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdWgAwIBAgIUX22fNLvnip6KC7WCdXKFxQXZqUYwDQYJKoZIhvcNAQEL
+BQAwHzEdMBsGA1UEAwwUaW50LW5vLWt1LXNlcnZlci1la3UwIhgPMjAyMTExMjcw
+MDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZWUtaW50LW5vLWt1
+LXNlcnZlci1la3UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgP4MA0G
+CSqGSIb3DQEBCwUAA4IBAQBVZ/G/hh1al04zc3kxvCf9GF2KPR98ugcRGqqonXZP
+ix5eHf6w8AgEbucuFqQ7Gd8DbrEeKkL5v7RoQxQuJvL/455BYdFSBN8nx94tRWyy
+8taFHiSrjqt/7wF4kGoTlXuoEWvsowAsI65CgvRe8C/kPa3AYfS5ZsoQDbX39pJo
+adrz5HeSaM7pPrVtxjjd4+0gxH1lwtDJqpPTqR8lpmcVLYxrUFWVmZjRL1nJ30e+
+U5M3vXWORDRPa9Vk6bzJXqwgr6hqXwr76w9ZO5H5RpLL1RNP/DGTt3Jp1yo035BJ
+KPJzAUi7eu6vb/9FCJ69ltUIBdxFYaSYFyF6ZrmmkHm3
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec
new file mode 100644
index 0000000000..c148896710
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-ku-server-eku
+subject:ee-int-no-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem
new file mode 100644
index 0000000000..ddb6b4810f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcWgAwIBAgIUNx7IjEtdkB/tsL/CqgWRGxCMkSswDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMaW50LW5vdC1hLWNhMCIYDzIwMjExMTI3MDAwMDAwWhgP
+MjAyNDAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD2VlLWludC1ub3QtYS1jYTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCA/gwDQYJKoZIhvcNAQELBQADggEB
+ACLu/f0o3T4sd35U49UKAJiKzzaJMLJJa/OUnxrja5p441nI7SAcr+uLKnQokaj6
+FATB/INGwYpGMg+WPrKp0FAFNFHFrsmcE6ADHdZ5nie2NRPCDSNG98X3uQeAK+La
+90DqyYZoDj6C43KpML/oNxH4MBGS2bLL/zGVjoZBs20Fw8HlbjCmCBfa57gAmUC3
+588bjavhoOEqOIQQ5UXwgLQN03yhz/KAnTpB7/ctv9nzv3RdG5Eh7M8zr+VRoqkh
+M8zMqJDY+lLQ/uNyq7GKfzxnpcEpYdH4mTcnDEKZfeocyl6WSk0dR94Iwpu8iXur
+jRzyrsJEB+h+OipLAuSGHTg=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec
new file mode 100644
index 0000000000..a95b0dc260
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-not-a-ca
+subject:ee-int-not-a-ca
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem
new file mode 100644
index 0000000000..907671c3e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdOgAwIBAgIUVanRJenZNEF+cjecPKqHsbneTa0wDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTaW50LXZhbGlkLWt1LW5vLWVrdTAiGA8yMDIxMTEyNzAw
+MDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAhMR8wHQYDVQQDDBZlZS1pbnQtdmFsaWQt
+a3Utbm8tZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwID+DANBgkq
+hkiG9w0BAQsFAAOCAQEAI1rwnetC4tEnvUYabxo0oNmtHi57Blddig3bLWKjTZB5
+jyWidVZqlhcQsKs1Vy2V/SkgFrERsCr3MejyY9FIS1ugqFp/bdq1I6W3BuRYjYKR
+/EkuUMQXVZr+rijX0JDegh0Yo8gf+RTFzI80/NzBnO2OTCSE++lAvRf6DsjFKU4W
+kLSP5tF4ZBdnuBJt+mlrk6SSDVppG2eMCPjJB2Lejkrvx6jJpIWHSzcWhsDC3jNU
+YxtdZtUxyZlO82/EVJnFrinZSiPrA3X6MqinXX2Glyu1BEG05YUgEbDfUpczNgH1
+HWPojXE3OtirTtvFmCtQ0z0H/iDS2vWqGFI9WSez4w==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec
new file mode 100644
index 0000000000..89a66b9f97
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-valid-ku-no-eku
+subject:ee-int-valid-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem
new file mode 100644
index 0000000000..ef07acc2d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAdugAwIBAgIUOSSwDry8R9Mp7YyOQ8GFPgOKxW4wDQYJKoZIhvcNAQEL
+BQAwIjEgMB4GA1UEAwwXaW50LXZhbGlkLWt1LXNlcnZlci1la3UwIhgPMjAyMTEx
+MjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaZWUtaW50LXZh
+bGlkLWt1LXNlcnZlci1la3UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgP4MA0GCSqGSIb3DQEBCwUAA4IBAQC5mUBhwkAJq11r0NRLh32+A+p26fJz1lBT
+Fdct7k75tTY0dE7qTUC4XOWj2Ry63cE/LnNFeNRWrZV3sqmxLPbHLHVZZ3P7a31S
+HAch7qxgtysmDYSMcirMa2SwmL8DEN138HXB2PH0T2B4OYmgYX0p0H4/bOPIjPRt
+HNsDWzz3hg57jf4sR2UC4jV53w5uXmByaJLWVXlzsBsnZcVLnSp+4zmp68aUNsTx
+mNMYTseMNYbtmNhNQlWwsvhBUvIog8zLdF6wYApdHjlyrV0NUVgEv8eDU+Xo73mt
+5sPh9vRb26+B/CdyANACF5nMdse04Incym1yLFqHro0kcRnsnWF0
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec
new file mode 100644
index 0000000000..43e83a336e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-valid-ku-server-eku
+subject:ee-int-valid-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem
new file mode 100644
index 0000000000..d7cd3b7eb0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAcCgAwIBAgIUBdrcACRCSGk1ypWIXk360U1xp6UwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowHDEaMBgGA1UEAwwRaW50LWJhZC1rdS1uby1la3UwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwG
+A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH6MA0GCSqGSIb3DQEBCwUAA4IBAQCEXus9
+J5tHBLGUt55OM7ms2OxUerMkz8DdgsDO/fzQi++6h4rIxktmYU/wL5XAtQKurf14
+boo+h9Kspx6GBHvhGAsTrFFAjtoDbi5jpXG4+8RagnJfe5gTL4Fipd9Rqxhrw5xu
+lBltX0iCw6JkXBIb5r9EOyztJ9U8D5tQfbC/oqiNqMcJBaXlNayffh8d8jeLm79J
+iEPIzRUMz25YGfPSBNHs5IyyNjCWGTtFDEXfDq82WAJMu4SYPiylgjQ4SQNaIKWX
+sfrPjS7IZsTv0quMTzvNiCVz3JUR5I/IbgzMlLOGaZ3vVSYSI2w+NoWbUffXn+m1
+bZYy1Mh1ehAukwkQ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec
new file mode 100644
index 0000000000..f6525449b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-bad-ku-no-eku
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem
new file mode 100644
index 0000000000..6710e14319
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeOgAwIBAgIUT+4cv6NAFN70fnPV/T4jEnMVDLYwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowIDEeMBwGA1UEAwwVaW50LWJhZC1rdS1zZXJ2ZXItZWt1MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozww
+OjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB+jAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAB5ipw/UJs2yK/v6oQHpMkoD
+Q7uoZkgNnOO5Sr5tZoc9OxKSkMluYVOFWFGDTfM24ENSqAT73OmaRbKITV1nR59g
+W3oc/6bHPD4smjOQTK6ShVNBz3l4vSOvW2i/reui/v/vrKf9nZmwaV2JBJVkJBtu
+IJ2VOPSlkA+22X4YaLi74VjgLNlkROjEB28GV0Xsd42h3zFfAmDtWAI1xNUMMKQS
+wRm139Zy8d1UiZ6LchdUC0Ekktolen8eYRvaSlpOigJFBLjiaphJcfATKomyfvc3
+IpktKPHjS8d1MlQEumH8Wn15wfG2QzA5Eri8IXGX25dm9+OTNBLpdzCgn/0wT5k=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec
new file mode 100644
index 0000000000..2d324508d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-bad-ku-server-eku
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem
new file mode 100644
index 0000000000..7b677573a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAcygAwIBAgIUHUteHerAK5l63j3cnwe85sn7MHIwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowKzEpMCcGA1UEAwwgaW50LWNBLUZBTFNFLWFzc2VydHMta2V5Q2VydFNp
+Z24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgH+MA0GCSqGSIb3DQEB
+CwUAA4IBAQAp6oogLBAKI9JqnYGFFMTLRZ/v08fWlx8WXyrEMse10gpPluVYw9+Z
+U0LpbLbiiUwrsF1Tt7OMNVRsjCQAnWfXKKvG+ekkUslrLHz0heWlHG0QU9VUqI6q
+oumlE84qeEOrNFjyOscBnw/mqyAsCKyhNPNQIcqfotpDJnnZoPe8BTvn91vckaz6
+YtysMgQO58kNJN/ACFjjbg2cvSxB4qXkP1nDTZbtRVvVi7iqKLxKaJJI/orAvX4s
+wjkW8XzD9oJBy8xV4Za28xHf/Y5flIT7uIn+0idyqCmQ9YMF29ymj7oTZPnVHVXx
++qr0nbnmjj0mLGAfOgsAdUojRpWJchjX
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec
new file mode 100644
index 0000000000..39785d8a48
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-cA-FALSE-asserts-keyCertSign
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem
new file mode 100644
index 0000000000..f6c42b54ff
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcqgAwIBAgIUf4VnRPe9twPlf+DNyCIgMod7xZ0wDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaW50LWxpbWl0ZWQtZGVwdGgwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowJDEiMCAGA1UEAwwZaW50LWxpbWl0ZWQtZGVw
+dGgtaW52YWxpZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAQEAtE9Ejr5Lh+bKpA8ymVLC5uefOx2qgjNPNCICA2ohGuubKIWjiwYa9gpf
+a02v15qTnnlgnldbOiKaoL8jK2GofpAaOWGtnQrjvMtjLz2OoSBaXTXybrOJhdlN
+Vzk5dXsiIWmDGzsmM5H7i/TYm1MfbQK9n+ZBJ6wLq61WoMAKECQCoR+YJaWXyx3z
+AUXRyN/IRWMIE6kCihZpU4/Cr8k+iLHDZ4ZTGUXmyJTzFSHkVLlgiHVeVfAmHPYy
+3Vqjda16ObX7+xA4avruSKnwdpn8+1faHsPFDZri0x7uytM0UNTRIH5tyPWq5pee
+odI/mhuYAlXOlJ0FEsfdSKA4z5A2lg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec
new file mode 100644
index 0000000000..9fdb2a248a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-limited-depth
+subject:int-limited-depth-invalid
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem
new file mode 100644
index 0000000000..db6ac489a4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAgIUE/WlBd0Of+fhvk5dxXZtLiWD4bYwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowHDEaMBgGA1UEAwwRaW50LWxpbWl0ZWQtZGVwdGgwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEzARMA8G
+A1UdEwQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBADwCYAuFWn/72BC3mor7
+YWcirS4nWpVyGfixmVv6E53EBfXn02Ed9yxuEPIN68cXgIlIfKyUk9gEuiTZZEuI
+oFLOnC5vc1UnWGReX7CpzLMGP6FyYvsnP0AXpQ4BjQ42vkuQh8rgSAUAnmDZf0at
+eJEyu/uqJFheWpLJqwYAfyMSyxf3nEz3itLbbTm+apj7wFyddWDoxoHJi6UX2CuJ
+bevVoBHUiKaqRN8tsE0Ffaz1CvAJcSDn2XhAXGPCo0rT5GES///umEa32fvxNhOZ
+Ia2JyjIfzGG9n57mraimiyGep0CiigwEX393G/Im2q2h86mvIedRPCl6zSi9f3td
+FYE=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec
new file mode 100644
index 0000000000..64f54b0441
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-limited-depth
+extension:basicConstraints:cA,0
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem
new file mode 100644
index 0000000000..b283219ac2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuTCCAaGgAwIBAgIUcaLqCVjHQF9LBa2AxD4jgbGxJrgwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowHDEaMBgGA1UEAwwRaW50LW5vLWV4dGVuc2lvbnMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZI
+hvcNAQELBQADggEBAKO52Cuun7/lbVm57hiFGhkFAITYz3tnIPfI5LHk0iax1K+x
+w/X3AoElGtU+/7wgUYzecNmLAs5MsHfxuzdjJ1NccZL/+X7Pfqqzgc0qhK/2l3ou
+NOutsawlnqEw0HWL2th71IcCZvD7SxeL635BzHvJckbpvmMLv6IU/4YgHwmvRTOA
+wYrzmBabL7kexVIss28bPX3Lg1uNWmqan+ZxBMXrN97eUUMm/rVetJlTJi1yPtie
+htsx4T8nVzeXyc8krQJ3r7xYAnCbEIH4Gr1DQ74HMy1wEqGxYOK9qso7Tm0mfwbs
+VRuE0QPnaqe19GC95YXYXen95ISOISnkV/iMp/o=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec
new file mode 100644
index 0000000000..c99626bd5a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:int-no-extensions
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem
new file mode 100644
index 0000000000..8045f66c50
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbKgAwIBAgIUXVploRsp/hZMzGClfcQ4dRVNaOwwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowGzEZMBcGA1UEAwwQaW50LW5vLWt1LW5vLWVrdTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAhzPm8mP8EoZmB2TLj1oRwtwg
+aah2AD+zb+2Y/whKrs5y5YNriOajAt7zxXPIxlNe2T++ZRUiwPlmJZyDhKaTxjfE
+rWXgtm4fru3Pc972k8UxYkZdqOj5tnsFHJ7C/O9kwvkPUTvIcIJxVvtTLIypAaLs
+DRq/CTvtGZ2XUUqSsvzrMcl1npaq2JjhAOURBo4QftJlTcAfm5tNZc4Mu9B9QnZA
+7PyK4Ewv8CB66ZT6nRCnz7Bz2dhODqaVi7a92Gww1yCZTuTr7LkQY12V0bqyEBTc
+3uAgInlxZ3sCTCI2NlFrqWalF+v3bdZIYIzooSAYOVHcN7zVYXIUbte2Z3MHYQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec
new file mode 100644
index 0000000000..306a218db9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-no-ku-no-eku
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem
new file mode 100644
index 0000000000..dc4271d321
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdWgAwIBAgIUVdlklAPEUQebV/LWoHRUcE1itMAwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowHzEdMBsGA1UEAwwUaW50LW5vLWt1LXNlcnZlci1la3UwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjLzAt
+MAwGA1UdEwQFMAMBAf8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G
+CSqGSIb3DQEBCwUAA4IBAQBo59TtYXo38fhbrYRtxnjeZeWUe6DFTlEf4zNHUFXz
+dsHmslSp938LiAR0fTRB0PbWWquZz70vGbhRC8hl5lJgf+/R6yGAjLxBpcRlQu2t
+MRvQjS7YDVGYafD5Mt7mUqkzw/Hb1fWAgOfUfSulv9c7gu7WUpSiuFlaHE8lOPR2
+aedPEcq1kza2Fc8xY3OidpJHtZq2jInQSnunu2hOkCRPXIvMvvbTio576QcfTPv4
+b/FNY7IqTC+DEh1VCkb5P9XFtHNGvZ2uYDuL3w1ekZFBL7Aq8hB+6UEb7WCIO6A/
+7vW9Ts+On4nZI11JCk3vRtn9dZYmJoJrJtHSzFaEkyVZ
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec
new file mode 100644
index 0000000000..1482b627c7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-no-ku-server-eku
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem
new file mode 100644
index 0000000000..e6efeaa28a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwzCCAaugAwIBAgIUWa2mJPi/2cEfrq8RFVw70uO0JJ4wDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowFzEVMBMGA1UEAwwMaW50LW5vdC1hLWNhMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow0wCzAJBgNVHRME
+AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBuRuMaGSuSHD9Vuvm4Ln4QkXaqWtiUSfvO
+d4LHv8NzZ8QTVaWZH5Q91yC/0EV82TmGP+YqCJ9e/ILqYCnNdUHfZ1+z1Jd/pwkL
+Ir0uLdCePRee9CPBHPuz6hzHsgyQavYWsrAujBgetYC5De1tFPTl0YgFKtrhxLM6
+H6425T9eFvhZ+B5Jz9/iUB0NjbgpaG0qq32tUUZP/aJkosWqmweq1h9HcDXEamxs
+y4azUVMtW2t6Hbtmn8lAFHz6iCzrbjVqXY/ZqHtrtnGFvcM044/VqjgU9jMlookh
+cSyWqk62xQcpMSuZy955OTEpMnlXXkW4tjUxztAahlJhZP+tal5y
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec
new file mode 100644
index 0000000000..3161680b1c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-not-a-ca
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem
new file mode 100644
index 0000000000..fdfcbd8ccb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2jCCAcKgAwIBAgIUBQhZeXfh8VRjz67JI9aGUjCi9/swDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowHjEcMBoGA1UEAwwTaW50LXZhbGlkLWt1LW5vLWVrdTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBsw
+DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAEUa
+bjiSJtmAjz24jMQzwT9FDIKfYpuPjyff4TGhHh1+mKz4AtELFZE3IfS+TXaTwWHq
+Rmi5SmFusKP8MK85CRKkX47SB3kdvXe4JVXp2QmQ0LwCyLP50sdpzn+gs32lHJHm
+BXqe/fAfqvyAzjBwmkT6uPW6DFKcbrilBeQfX/D2B8LZ/8b74sWiGeBakocUzfNa
+El3nyhWuAsw5nNImZYWW4/pOJecT23WTda3EJ1+J9CEDlW/F6VBdk+9Eckis33rW
+BzoAc+gPS5eisilZsnDxEIVdpWif4IAON6Fh2bhHlrsMKR+gLqJ5g8NQrWkFO/0D
+veptxxVD08aLSmFiIBk=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec
new file mode 100644
index 0000000000..d7f9b0387a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-valid-ku-no-eku
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem
new file mode 100644
index 0000000000..db3a11431e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIUM0xZKEt3/nPLSqS+U75xn0zoKhwwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowIjEgMB4GA1UEAwwXaW50LXZhbGlkLWt1LXNlcnZlci1la3UwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+PDA6MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAMLbdKU+1y7AV2h9hiMZw
+vCxzBNcPr11o83mCP4eBrO9NQ+TZ/IDLWqWmfog80CA+VrKoEApsVce+1T/PZQ/S
+nNYxawlBDkHD2lcKn929H2G53xhD+U6j69ZesfPiE83sR48fuzOUdpEDpQdR8yol
+9UAVckFK00/6RQwF2YiyyHZDj37ft4mxkV2Y2l0oowgIRm1C5ZUU7BQUxTGbg6K8
+3Is575EyHAfMmeSMDTjWUDn0vT4saa77oG9tbwIhoauku2gwiX+ZIX0hvmaLyzed
+R12GeOm2qgDKi99S4CTibgo4puF+AgiQYmeNwtHha+5XmGKCf6k8IIF5FQy9QNmj
+sg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec
new file mode 100644
index 0000000000..84314bfa40
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-valid-ku-server-eku
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads.js b/security/manager/ssl/tests/unit/test_intermediate_preloads.js
new file mode 100644
index 0000000000..f1568e0a47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads.js
@@ -0,0 +1,528 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+const { RemoteSecuritySettings } = ChromeUtils.importESModule(
+  "resource://gre/modules/psm/RemoteSecuritySettings.sys.mjs"
+);
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+const { IntermediatePreloadsClient } = RemoteSecuritySettings.init();
+
+let server;
+
+const INTERMEDIATES_DL_PER_POLL_PREF =
+  "security.remote_settings.intermediates.downloads_per_poll";
+const INTERMEDIATES_ENABLED_PREF =
+  "security.remote_settings.intermediates.enabled";
+
+function getHashCommon(aStr, useBase64) {
+  let hasher = Cc["@mozilla.org/security/hash;1"].createInstance(
+    Ci.nsICryptoHash
+  );
+  hasher.init(Ci.nsICryptoHash.SHA256);
+  let stringStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stringStream.data = aStr;
+  hasher.updateFromStream(stringStream, -1);
+
+  return hasher.finish(useBase64);
+}
+
+// Get a hexified SHA-256 hash of the given string.
+function getHash(aStr) {
+  return hexify(getHashCommon(aStr, false));
+}
+
+function getSubjectBytes(certDERString) {
+  let bytes = stringToArray(certDERString);
+  let cert = new X509.Certificate();
+  cert.parse(bytes);
+  return arrayToString(cert.tbsCertificate.subject._der._bytes);
+}
+
+function getSPKIBytes(certDERString) {
+  let bytes = stringToArray(certDERString);
+  let cert = new X509.Certificate();
+  cert.parse(bytes);
+  return arrayToString(cert.tbsCertificate.subjectPublicKeyInfo._der._bytes);
+}
+
+/**
+ * Simulate a Remote Settings synchronization by filling up the
+ * local data with fake records.
+ *
+ * @param {*} filenames List of pem files for which we will create
+ *                      records.
+ * @param {*} options Options for records to generate.
+ */
+async function syncAndDownload(filenames, options = {}) {
+  const {
+    hashFunc = getHash,
+    lengthFunc = arr => arr.length,
+    clear = true,
+  } = options;
+
+  const localDB = await IntermediatePreloadsClient.client.db;
+  if (clear) {
+    await localDB.clear();
+  }
+
+  let count = 1;
+  for (const filename of filenames) {
+    const file = do_get_file(`test_intermediate_preloads/${filename}`);
+    const certBytes = readFile(file);
+    const certDERBytes = atob(pemToBase64(certBytes));
+
+    const record = {
+      details: {
+        who: "",
+        why: "",
+        name: "",
+        created: "",
+      },
+      derHash: getHashCommon(certDERBytes, true),
+      subject: "",
+      subjectDN: btoa(getSubjectBytes(certDERBytes)),
+      attachment: {
+        hash: hashFunc(certBytes),
+        size: lengthFunc(certBytes),
+        filename: `intermediate certificate #${count}.pem`,
+        location: `security-state-workspace/intermediates/${filename}`,
+        mimetype: "application/x-pem-file",
+      },
+      whitelist: false,
+      pubKeyHash: getHashCommon(getSPKIBytes(certDERBytes), true),
+      crlite_enrolled: true,
+    };
+
+    await localDB.create(record);
+    count++;
+  }
+  // This promise will wait for the end of downloading.
+  const updatedPromise = TestUtils.topicObserved(
+    "remote-security-settings:intermediates-updated"
+  );
+  // Simulate polling for changes, trigger the download of attachments.
+  Services.obs.notifyObservers(null, "remote-settings:changes-poll-end");
+  const results = await updatedPromise;
+  return results[1]; // topicObserved gives back a 2-array
+}
+
+/**
+ * Return the list of records whose attachment was downloaded.
+ */
+async function locallyDownloaded() {
+  return IntermediatePreloadsClient.client.get({
+    filters: { cert_import_complete: true },
+    syncIfEmpty: false,
+  });
+}
+
+add_task(async function test_preload_empty() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  // load the first root and end entity, ignore the initial intermediate
+  addCertFromFile(certDB, "test_intermediate_preloads/ca.pem", "CTu,,");
+
+  let ee_cert = constructCertFromFile(
+    "test_intermediate_preloads/default-ee.pem"
+  );
+  notEqual(ee_cert, null, "EE cert should have successfully loaded");
+
+  equal(
+    await syncAndDownload([]),
+    "success",
+    "Preloading update should have run"
+  );
+
+  equal(
+    (await locallyDownloaded()).length,
+    0,
+    "There should have been no downloads"
+  );
+
+  // check that ee cert 1 is unknown
+  await checkCertErrorGeneric(
+    certDB,
+    ee_cert,
+    SEC_ERROR_UNKNOWN_ISSUER,
+    certificateUsageSSLServer
+  );
+});
+
+add_task(async function test_preload_disabled() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, false);
+
+  equal(
+    await syncAndDownload(["int.pem"]),
+    "disabled",
+    "Preloading update should not have run"
+  );
+
+  equal(
+    (await locallyDownloaded()).length,
+    0,
+    "There should have been no downloads"
+  );
+});
+
+add_task(async function test_preload_invalid_hash() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+  const invalidHash =
+    "6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d";
+
+  const result = await syncAndDownload(["int.pem"], {
+    hashFunc: () => invalidHash,
+  });
+  equal(result, "success", "Preloading update should have run");
+
+  equal(
+    (await locallyDownloaded()).length,
+    0,
+    "There should be no local entry"
+  );
+
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  // load the first root and end entity, ignore the initial intermediate
+  addCertFromFile(certDB, "test_intermediate_preloads/ca.pem", "CTu,,");
+
+  let ee_cert = constructCertFromFile(
+    "test_intermediate_preloads/default-ee.pem"
+  );
+  notEqual(ee_cert, null, "EE cert should have successfully loaded");
+
+  // We should still have a missing intermediate.
+  await checkCertErrorGeneric(
+    certDB,
+    ee_cert,
+    SEC_ERROR_UNKNOWN_ISSUER,
+    certificateUsageSSLServer
+  );
+});
+
+add_task(async function test_preload_invalid_length() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+
+  const result = await syncAndDownload(["int.pem"], {
+    lengthFunc: () => 42,
+  });
+  equal(result, "success", "Preloading update should have run");
+
+  equal(
+    (await locallyDownloaded()).length,
+    0,
+    "There should be no local entry"
+  );
+
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  // load the first root and end entity, ignore the initial intermediate
+  addCertFromFile(certDB, "test_intermediate_preloads/ca.pem", "CTu,,");
+
+  let ee_cert = constructCertFromFile(
+    "test_intermediate_preloads/default-ee.pem"
+  );
+  notEqual(ee_cert, null, "EE cert should have successfully loaded");
+
+  // We should still have a missing intermediate.
+  await checkCertErrorGeneric(
+    certDB,
+    ee_cert,
+    SEC_ERROR_UNKNOWN_ISSUER,
+    certificateUsageSSLServer
+  );
+});
+
+add_task(async function test_preload_basic() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+  Services.prefs.setIntPref(INTERMEDIATES_DL_PER_POLL_PREF, 100);
+
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+
+  // load the first root and end entity, ignore the initial intermediate
+  addCertFromFile(certDB, "test_intermediate_preloads/ca.pem", "CTu,,");
+
+  let ee_cert = constructCertFromFile(
+    "test_intermediate_preloads/default-ee.pem"
+  );
+  notEqual(ee_cert, null, "EE cert should have successfully loaded");
+
+  // load the second end entity, ignore both intermediate and root
+  let ee_cert_2 = constructCertFromFile("test_intermediate_preloads/ee2.pem");
+  notEqual(ee_cert_2, null, "EE cert 2 should have successfully loaded");
+
+  // check that the missing intermediate causes an unknown issuer error, as
+  // expected, in both cases
+  await checkCertErrorGeneric(
+    certDB,
+    ee_cert,
+    SEC_ERROR_UNKNOWN_ISSUER,
+    certificateUsageSSLServer
+  );
+  await checkCertErrorGeneric(
+    certDB,
+    ee_cert_2,
+    SEC_ERROR_UNKNOWN_ISSUER,
+    certificateUsageSSLServer
+  );
+
+  let intermediateBytes = readFile(
+    do_get_file("test_intermediate_preloads/int.pem")
+  );
+  let intermediateDERBytes = atob(pemToBase64(intermediateBytes));
+  let intermediateCert = new X509.Certificate();
+  intermediateCert.parse(stringToArray(intermediateDERBytes));
+
+  const result = await syncAndDownload(["int.pem", "int2.pem"]);
+  equal(result, "success", "Preloading update should have run");
+
+  equal(
+    (await locallyDownloaded()).length,
+    2,
+    "There should have been 2 downloads"
+  );
+
+  // check that ee cert 1 verifies now the update has happened and there is
+  // an intermediate
+
+  // First verify by connecting to a server that uses that end-entity
+  // certificate but doesn't send the intermediate.
+  await asyncStartTLSTestServer(
+    "BadCertAndPinningServer",
+    "test_intermediate_preloads"
+  );
+  // This ensures the test server doesn't include the intermediate in the
+  // handshake.
+  let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  certDir.append("test_intermediate_preloads");
+  Assert.ok(certDir.exists(), "test_intermediate_preloads should exist");
+  let args = ["-D", "-n", "int"];
+  // If the certdb is cached from a previous run, the intermediate will have
+  // already been deleted, so this may "fail".
+  run_certutil_on_directory(certDir.path, args, false);
+  let certsCachedPromise = TestUtils.topicObserved(
+    "psm:intermediate-certs-cached"
+  );
+  await asyncConnectTo("ee.example.com", PRErrorCodeSuccess);
+  let subjectAndData = await certsCachedPromise;
+  Assert.equal(subjectAndData.length, 2, "expecting [subject, data]");
+  // Since the intermediate is preloaded, we don't save it to the profile's
+  // certdb.
+  Assert.equal(subjectAndData[1], "0", `expecting "0" certs imported`);
+
+  await checkCertErrorGeneric(
+    certDB,
+    ee_cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+
+  let localDB = await IntermediatePreloadsClient.client.db;
+  let data = await localDB.list();
+  ok(!!data.length, "should have some entries");
+  // simulate a sync (syncAndDownload doesn't actually... sync.)
+  await IntermediatePreloadsClient.client.emit("sync", {
+    data: {
+      current: data,
+      created: data,
+      deleted: [],
+      updated: [],
+    },
+  });
+
+  // check that ee cert 2 does not verify - since we don't know the issuer of
+  // this certificate
+  await checkCertErrorGeneric(
+    certDB,
+    ee_cert_2,
+    SEC_ERROR_UNKNOWN_ISSUER,
+    certificateUsageSSLServer
+  );
+});
+
+add_task(async function test_preload_200() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+  Services.prefs.setIntPref(INTERMEDIATES_DL_PER_POLL_PREF, 100);
+
+  const files = [];
+  for (let i = 0; i < 200; i++) {
+    files.push(["int.pem", "int2.pem"][i % 2]);
+  }
+
+  let result = await syncAndDownload(files);
+  equal(result, "success", "Preloading update should have run");
+
+  equal(
+    (await locallyDownloaded()).length,
+    100,
+    "There should have been only 100 downloaded"
+  );
+
+  // Re-run
+  result = await syncAndDownload([], { clear: false });
+  equal(result, "success", "Preloading update should have run");
+
+  equal(
+    (await locallyDownloaded()).length,
+    200,
+    "There should have been 200 downloaded"
+  );
+});
+
+add_task(async function test_delete() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+  Services.prefs.setIntPref(INTERMEDIATES_DL_PER_POLL_PREF, 100);
+
+  let syncResult = await syncAndDownload(["int.pem", "int2.pem"]);
+  equal(syncResult, "success", "Preloading update should have run");
+
+  equal(
+    (await locallyDownloaded()).length,
+    2,
+    "There should have been 2 downloads"
+  );
+
+  let localDB = await IntermediatePreloadsClient.client.db;
+  let data = await localDB.list();
+  ok(!!data.length, "should have some entries");
+  let subject = data[0].subjectDN;
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+  let resultsBefore = certStorage.findCertsBySubject(
+    stringToArray(atob(subject))
+  );
+  equal(
+    resultsBefore.length,
+    1,
+    "should find the intermediate in cert storage before"
+  );
+  // simulate a sync where we deleted the entry
+  await IntermediatePreloadsClient.client.emit("sync", {
+    data: {
+      current: [],
+      created: [],
+      deleted: [data[0]],
+      updated: [],
+    },
+  });
+  let resultsAfter = certStorage.findCertsBySubject(
+    stringToArray(atob(subject))
+  );
+  equal(
+    resultsAfter.length,
+    0,
+    "shouldn't find intermediate in cert storage now"
+  );
+});
+
+function findCertByCommonName(certDB, commonName) {
+  for (let cert of certDB.getCerts()) {
+    if (cert.commonName == commonName) {
+      return cert;
+    }
+  }
+  return null;
+}
+
+add_task(async function test_healer() {
+  Services.prefs.setBoolPref(INTERMEDIATES_ENABLED_PREF, true);
+  Services.prefs.setIntPref(INTERMEDIATES_DL_PER_POLL_PREF, 100);
+
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  // Add an intermediate as if it had previously been cached.
+  addCertFromFile(certDB, "test_intermediate_preloads/int.pem", ",,");
+  // Add an intermediate with non-default trust settings as if it had been added by the user.
+  addCertFromFile(certDB, "test_intermediate_preloads/int2.pem", "CTu,,");
+
+  let syncResult = await syncAndDownload(["int.pem", "int2.pem"]);
+  equal(syncResult, "success", "Preloading update should have run");
+
+  equal(
+    (await locallyDownloaded()).length,
+    2,
+    "There should have been 2 downloads"
+  );
+
+  let healerRanPromise = TestUtils.topicObserved(
+    "psm:intermediate-preloading-healer-ran"
+  );
+  Services.prefs.setIntPref(
+    "security.intermediate_preloading_healer.timer_interval_ms",
+    500
+  );
+  Services.prefs.setBoolPref(
+    "security.intermediate_preloading_healer.enabled",
+    true
+  );
+  await healerRanPromise;
+  Services.prefs.setBoolPref(
+    "security.intermediate_preloading_healer.enabled",
+    false
+  );
+
+  let intermediate = findCertByCommonName(
+    certDB,
+    "intermediate-preloading-intermediate"
+  );
+  equal(intermediate, null, "should not find intermediate in NSS");
+  let intermediate2 = findCertByCommonName(
+    certDB,
+    "intermediate-preloading-intermediate2"
+  );
+  notEqual(intermediate2, null, "should find second intermediate in NSS");
+});
+
+function run_test() {
+  server = new HttpServer();
+  server.start(-1);
+  registerCleanupFunction(() => server.stop(() => {}));
+
+  server.registerDirectory(
+    "/cdn/security-state-workspace/intermediates/",
+    do_get_file("test_intermediate_preloads")
+  );
+
+  server.registerPathHandler("/v1/", (request, response) => {
+    response.write(
+      JSON.stringify({
+        capabilities: {
+          attachments: {
+            base_url: `http://localhost:${server.identity.primaryPort}/cdn/`,
+          },
+        },
+      })
+    );
+    response.setHeader("Content-Type", "application/json; charset=UTF-8");
+    response.setStatusLine(null, 200, "OK");
+  });
+
+  Services.prefs.setCharPref(
+    "services.settings.server",
+    `http://localhost:${server.identity.primaryPort}/v1`
+  );
+
+  Services.prefs.setCharPref("browser.policies.loglevel", "debug");
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem b/security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem
new file mode 100644
index 0000000000..680b068f34
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIUN/Y56TvJcL2liqk2Feh/QfKrlLwwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaaW50ZXJtZWRpYXRlLXByZWxvYWRpbmctY2EwIhgPMjAx
+MDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFowJTEjMCEGA1UEAwwaaW50ZXJt
+ZWRpYXRlLXByZWxvYWRpbmctY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBSPwr2BfSHT3saxwx6YGEautZx
+w/sdM9AJAubFLqDd3MYHtzCZcQXaeDGbAzvo8m/PKA4Yt+UYbKyDnRR8sLA4f/iu
+z1zHeenlzBWpRVHu/++ZSk/ESwn0zLprIsOcXjaYkbfrqcEGNWvLJzpT4T36Gr9t
+DvxHnpsaMsJviZS3WHzTSoioWkcRyF78bYa51ZJWYJHFKZQppqhJ+jcoJhiomRlc
+WwhI8NAU3dOOFJuEg/z+vQpcEQi0rRW9J6X/15BUZRQlF5Hs2wilGa8ViNX2+B5I
+kjbmNrdT5hcnGEfR7JpHFuihFdxQc4CFY87u1chI8yaHLhhriUP6Jq0+J5ur
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem.certspec
new file mode 100644
index 0000000000..4ccabc25b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:intermediate-preloading-ca
+subject:intermediate-preloading-ca
+validity:20100101-20500101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key.keyspec b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem
new file mode 100644
index 0000000000..4a69166215
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfSgAwIBAgIUcx7CbjSZKlPaTqjk1pXt0w+fswUwDQYJKoZIhvcNAQEL
+BQAwLzEtMCsGA1UEAwwkaW50ZXJtZWRpYXRlLXByZWxvYWRpbmctaW50ZXJtZWRp
+YXRlMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMBkxFzAVBgNV
+BAMMDmVlLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozIwMDATBgNVHSUEDDAKBggrBgEFBQcD
+ATAZBgNVHREEEjAQgg5lZS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA
+gNr8S/J6CJLQu56YUxksBCLxvcrJw82G9X7rdZ0sXZ4CCHTQjQZbnuc+rJTuGPJX
+36f0m3EPkNa1UepfTtZWe364ATju/F2TUg0XWEm634NI4F8Hy7jXBsYaTVN6yBoK
+cvRSdvko3BbcKXMQfq5zbdRvs1VtSC9cPPyrZYdQxpMar4+JhN1sPx7C3g0hn84C
+VnVpgZlrh+CnSwUiq7I3Q44el2j453GEbKCbXDMxooSq+gD3rMTPsOCsk4GmeH3R
+ILMtaJ/zFd6C7lSkGQPSLNarTqcIudXACWWbzEqZ8uS4GoyaEIYiUf00YMquS4Cu
+xTG8+QNSp9tIoUw48chxjw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem.certspec
new file mode 100644
index 0000000000..e9decb76dc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:intermediate-preloading-intermediate
+subject:ee.example.com
+extension:extKeyUsage:serverAuth
+extension:subjectAlternativeName:ee.example.com
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem b/security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem
new file mode 100644
index 0000000000..a1394d56db
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAc+gAwIBAgIUI6lFTWQgzUkUf/0bE/nqjn1SLNYwDQYJKoZIhvcNAQEL
+BQAwMDEuMCwGA1UEAwwlaW50ZXJtZWRpYXRlLXByZWxvYWRpbmctaW50ZXJtZWRp
+YXRlMjAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAOMQwwCgYD
+VQQDDANlZTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4IBAQBDTPaqjguUw5J5Jh7p0NdZK6A2XxBRxUcrQqvT3FsnO5sauXHU
+2y7BJNDilPs+A8edIPLezio6aCijg2uZpIKc0Le0L/AeyWYoObiuQ+Lcs9NkhQMm
+3Jqnjw8lbKLO4ojOHEgJqW7VWDCyTCsLDFkZBSC0cAxr79mRdrvPF89Q27xHrBo2
+UgwKuffODwmgNJCznpvkYvvrZQ2WxO8JZk9eAy/mSn6vlyD41nqI8CYQhGKwdxLT
+Xwip+uag1KQup6dgD3cNSRTBDeBL2z9m9HziPNlOTY9SyFxt32YxO1DOaSHy7kCi
+o82rGqU5p8VbGlS2RvzQvMEhptxt+GKLC/6c
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem.certspec
new file mode 100644
index 0000000000..089ac63831
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem.certspec
@@ -0,0 +1,3 @@
+issuer:intermediate-preloading-intermediate2
+subject:ee2
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem b/security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem
new file mode 100644
index 0000000000..480a18002a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAeugAwIBAgIUIRWUrRSEgMYUudCmgeB863e4mK4wDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaaW50ZXJtZWRpYXRlLXByZWxvYWRpbmctY2EwIhgPMjAy
+MTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowLzEtMCsGA1UEAwwkaW50ZXJt
+ZWRpYXRlLXByZWxvYWRpbmctaW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAuEbrWJmimyJJ
+XQr4efjCRdNUaZ9b/7MihnpISIPvVQFrQ1XmDEG+9zy1IDaNNZ14s8NCEl0S12mI
+vWxKtU91UAJttFH8idip6s2kC9Mfxw8wTbgsGcUnJhszS6emJ8TnEPMaovFwet2m
+bjwjzvPoFohsupHz+FXMxHgaErzxIh08y6DzU+N9DctKcZkNGg5TTwfzYrcJo3MV
+Xx1uxLHTRMdQHfve2g53kKzAJIThls7NdHoD8DcK54lns05tO7CD2vdtNXMc1M8q
+DnofGLcaGBtPbB8RbwCSQme7G5ICvbxNDC3i6/LAjvKSAsUL2gCExFjaN7UK/qN+
+PklUW8438Q==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem.certspec
new file mode 100644
index 0000000000..5863b3131f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:intermediate-preloading-ca
+subject:intermediate-preloading-intermediate
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem b/security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem
new file mode 100644
index 0000000000..2e2791ac00
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIUEyGPTx1+eoN9OVa+vKQz//tVlfYwDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbaW50ZXJtZWRpYXRlLXByZWxvYWRpbmctY2EyMCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMDAxLjAsBgNVBAMMJWludGVy
+bWVkaWF0ZS1wcmVsb2FkaW5nLWludGVybWVkaWF0ZTIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAeX4/JsyHg
+0g8S+om/H4zuEgGntF1nqpcAFejMJfl7DJe8ukzTzlQF/IcDQEtv264xjMWaVssn
+kV/va8vVkYIJqc/FIrkuxrFLNFGNOrV6KL14sR0+TlJ/FEOyig+Yt5+RPC2HZZBS
+4n5VUxxK/U52dM6jonbFOcqZXpPAJDYcfg2MThkg/oupcXW7v00EUOL6QEdAMlzY
+wZk5PEIgQckDVr4hwygdmpmAYfD98ru0gqNp5KYdR5uqskQlfHjrIuUNEUpehPGX
+KF9Fqo8Gu1G0dmI4poOxGarKum8nd+b/Cjo1rgQYTBwWMhFzS4zVK4CfgzgUCjNb
+ykTwaGJf7EwV
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem.certspec
new file mode 100644
index 0000000000..27e9a008df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem.certspec
@@ -0,0 +1,4 @@
+issuer:intermediate-preloading-ca2
+subject:intermediate-preloading-intermediate2
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_keysize.js b/security/manager/ssl/tests/unit/test_keysize.js
new file mode 100644
index 0000000000..0fa880f8f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize.js
@@ -0,0 +1,204 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that RSA certs with key sizes below 1024 bits are rejected.
+// Checks that ECC certs using curves other than the NIST P-256, P-384 or P-521
+// curves are rejected.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+/**
+ * Tests a cert chain.
+ *
+ * @param {string} rootKeyType
+ *        The key type of the root certificate, or the name of an elliptic
+ *        curve, as output by the 'openssl ecparam -list_curves' command.
+ * @param {number} rootKeySize
+ * @param {string} intKeyType
+ * @param {number} intKeySize
+ * @param {string} eeKeyType
+ * @param {number} eeKeySize
+ * @param {PRErrorCode} eeExpectedError
+ * @returns {Promise} a promise that will resolve when the verification has
+ *                   completed
+ */
+function checkChain(
+  rootKeyType,
+  rootKeySize,
+  intKeyType,
+  intKeySize,
+  eeKeyType,
+  eeKeySize,
+  eeExpectedError
+) {
+  let rootName = "root_" + rootKeyType + "_" + rootKeySize;
+  let intName = "int_" + intKeyType + "_" + intKeySize;
+  let eeName = "ee_" + eeKeyType + "_" + eeKeySize;
+
+  let intFullName = intName + "-" + rootName;
+  let eeFullName = eeName + "-" + intName + "-" + rootName;
+
+  addCertFromFile(certdb, `test_keysize/${rootName}.pem`, "CTu,CTu,CTu");
+  addCertFromFile(certdb, `test_keysize/${intFullName}.pem`, ",,");
+  let eeCert = constructCertFromFile(`test_keysize/${eeFullName}.pem`);
+
+  info("cert o=" + eeCert.organization);
+  info("cert issuer o=" + eeCert.issuerOrganization);
+  return checkCertErrorGeneric(
+    certdb,
+    eeCert,
+    eeExpectedError,
+    certificateUsageSSLServer
+  );
+}
+
+/**
+ * Tests various RSA chains.
+ *
+ * @param {number} inadequateKeySize
+ * @param {number} adequateKeySize
+ */
+async function checkRSAChains(inadequateKeySize, adequateKeySize) {
+  // Chain with certs that have adequate sizes for DV
+  await checkChain(
+    "rsa",
+    adequateKeySize,
+    "rsa",
+    adequateKeySize,
+    "rsa",
+    adequateKeySize,
+    PRErrorCodeSuccess
+  );
+
+  // Chain with a root cert that has an inadequate size for DV
+  await checkChain(
+    "rsa",
+    inadequateKeySize,
+    "rsa",
+    adequateKeySize,
+    "rsa",
+    adequateKeySize,
+    MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE
+  );
+
+  // Chain with an intermediate cert that has an inadequate size for DV
+  await checkChain(
+    "rsa",
+    adequateKeySize,
+    "rsa",
+    inadequateKeySize,
+    "rsa",
+    adequateKeySize,
+    MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE
+  );
+
+  // Chain with an end entity cert that has an inadequate size for DV
+  await checkChain(
+    "rsa",
+    adequateKeySize,
+    "rsa",
+    adequateKeySize,
+    "rsa",
+    inadequateKeySize,
+    MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE
+  );
+}
+
+async function checkECCChains() {
+  await checkChain(
+    "secp256r1",
+    256,
+    "secp384r1",
+    384,
+    "secp521r1",
+    521,
+    PRErrorCodeSuccess
+  );
+  await checkChain(
+    "secp256r1",
+    256,
+    "secp224r1",
+    224,
+    "secp256r1",
+    256,
+    SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE
+  );
+  await checkChain(
+    "secp256r1",
+    256,
+    "secp256r1",
+    256,
+    "secp224r1",
+    224,
+    SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE
+  );
+  await checkChain(
+    "secp224r1",
+    224,
+    "secp256r1",
+    256,
+    "secp256r1",
+    256,
+    SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE
+  );
+  await checkChain(
+    "secp256r1",
+    256,
+    "secp256r1",
+    256,
+    "secp256k1",
+    256,
+    SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE
+  );
+  await checkChain(
+    "secp256k1",
+    256,
+    "secp256r1",
+    256,
+    "secp256r1",
+    256,
+    SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE
+  );
+}
+
+async function checkCombinationChains() {
+  await checkChain(
+    "rsa",
+    2048,
+    "secp256r1",
+    256,
+    "secp384r1",
+    384,
+    PRErrorCodeSuccess
+  );
+  await checkChain(
+    "rsa",
+    2048,
+    "secp256r1",
+    256,
+    "secp224r1",
+    224,
+    SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE
+  );
+  await checkChain(
+    "secp256r1",
+    256,
+    "rsa",
+    1016,
+    "secp256r1",
+    256,
+    MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE
+  );
+}
+
+add_task(async function () {
+  await checkRSAChains(1016, 1024);
+  await checkECCChains();
+  await checkCombinationChains();
+});
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 0000000000..1514e2afe0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAUmgAwIBAgIUVwxpwbAz8P34bpOsh6+QbP2ojSAwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNhXzEwMjQwIhgPMjAy
+MTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowMTEvMC0GA1UEAwwmZWVfcnNh
+XzEwMTYtaW50X3JzYV8xMDI0LXJvb3RfcnNhXzEwMjQwgZ4wDQYJKoZIhvcNAQEB
+BQADgYwAMIGIAoGAANKbsS+4T93NKbOlGctmxDuNj4vlRbp5OEzmY+0D33WZFgDr
+kgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZBX5HxH47yBrab6HhLjcmi1BGpVJo+drX
+zLSF2BouGdUNTwtoVKyvbXvmnZoIMTbhWvqPU8HIyE/GB3J53Q5V1zaaW90CAwEA
+ATANBgkqhkiG9w0BAQsFAAOBgQAJBfYK3k9MPwwgr5XUjo2GDsMyWL/rrF6qud/Q
+vRhdgfPZYWXZ70dHdZEH3iEOub4z049/Jpvz4CkW+mxV1JTwzJn/t/t/UNWlhovX
+rrRAUTid2ePG2AnceiuGRNj6DLMyIriMURnVj1imscyamATg2t6bIHEzsvmUheaA
+3fDiMw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 0000000000..7b86ef7861
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1024
+subject:ee_rsa_1016-int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1016
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem
new file mode 100644
index 0000000000..42daa0757b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAUqgAwIBAgIUfx3llLPabDFECt89htHl5RT/8dgwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaaW50X3JzYV8xMDE2LXJvb3RfcnNhXzEwMjQwIhgPMjAy
+MTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowMTEvMC0GA1UEAwwmZWVfcnNh
+XzEwMjQtaW50X3JzYV8xMDE2LXJvb3RfcnNhXzEwMjQwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+TXrUv/rPr6dDcXKzib5c8qUy8DZwx
+1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKtbuYcjBvdhmPGi9NiJKmIKueOifVW
+39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TRNI5kY1GlUcdXHM2guP419hp1AgMB
+AAEwDQYJKoZIhvcNAQELBQADgYAAu75m62DkOU7ZXkCVpF1Qu6IZ3Kxpw+JCKDmm
+jDyrtW7VyVadDnpcXeXsfoWgpWICGNgS/nYHPW/Sb8VmIdSkYZz0WZ4LrnJR+ReM
+WYnShnhMnfVDZ+2ei5gFrNMlGy9VESyZpHMtK069v4y2Krj28CAQ5PLtK56MrlcW
+KuGqsQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec
new file mode 100644
index 0000000000..326d665dcc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1016-root_rsa_1024
+subject:ee_rsa_1024-int_rsa_1016-root_rsa_1024
+issuerKey:rsa1016
+subjectKey:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem
new file mode 100644
index 0000000000..5e3c2b7616
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICRjCCAa+gAwIBAgIUbSYmFjBHNggSogoGtlUuasRUNUMwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNhXzEwMTYwIhgPMjAy
+MTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowEjEQMA4GA1UEAwwHcnNhMTAy
+NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQBPmmqHLLrGqankJL7agjYMNnN4zUnH
+i03p3WOQHfI58xRjBev0xoLBIf7pD/N4+RyB2zGyhfUBN7DAcFxwr3n4If4Z1bo3
+KLjDe4vQx/cxU1iUod7VDB/FoDrKGG9otpUakgBURLmi/2sdfg5VyedmzfINJYso
+Fx7U2rKFpkBTzA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec
new file mode 100644
index 0000000000..c44a089ed6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1016
+subject:ee_rsa_1024-int_rsa_1024-root_rsa_1016
+issuerKey:rsa1024
+subject:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 0000000000..2f05523a61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4TCCAUqgAwIBAgIUf88bfQzu3egYcqR2nozsNhooSEEwDQYJKoZIhvcNAQEL
+BQAwJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNhXzEwMjQwIhgPMjAy
+MTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowMTEvMC0GA1UEAwwmZWVfcnNh
+XzEwMjQtaW50X3JzYV8xMDI0LXJvb3RfcnNhXzEwMjQwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+TXrUv/rPr6dDcXKzib5c8qUy8DZwx
+1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKtbuYcjBvdhmPGi9NiJKmIKueOifVW
+39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TRNI5kY1GlUcdXHM2guP419hp1AgMB
+AAEwDQYJKoZIhvcNAQELBQADgYEAl0O2IIX5cI8wtLbjxrwrIxPq04WSzUHA0/MM
+UKTvB544MDje/rjg88UKuQ/JbPWYCrK/8kKpriQKFSwx9y8aL32j2jD6u/QkPdE2
+ow/P2ycHJlgdrROCrWiByfaXullQRR2e7dxWgHXINcIeokdDeOlh6rORQWySaSdm
+kYpjObw=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 0000000000..a6ee408ec9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1024
+subject:ee_rsa_1024-int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 0000000000..f3a5ab79b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXDCCAQOgAwIBAgIUXYvHjg0MUxqF2X6hrh/dJbT805AwCgYIKoZIzj0EAwIw
+KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y
+MDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z
+ZWNwMjI0cjFfMjI0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwTTAQ
+BgcqhkjOPQIBBgUrgQQAIQM5AARmjXLMpv1qGzVXtTZhBNhECOy2N/COjIa7/4LM
+6I8AZtevY8Mpi6N3NIoSArA7N/1rH/QVqjEeMAoGCCqGSM49BAMCA0cAMEQCIFx1
+UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiB0nTf5BbTdtJmD7a1JRbHC
+tQ5dVzRgseqLk/nFu2/0cg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 0000000000..87d2f67339
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_rsa_2048
+subject:ee_secp224r1_224-int_secp256r1_256-root_rsa_2048
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 0000000000..c0894db548
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBZzCCAQ2gAwIBAgIUb5c9bUbBr5F+ODFobDbjzKYl6ZwwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyMjRyMV8yMjQtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+cjFfMjU2ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjs
+tjfwjoyGu/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHjAKBggqhkjOPQQD
+AgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw5gIhALwxNSek
+yl4Ve2/JszqMa7k+C2Q4tuZChCZYvNqQp99f
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..1aadce0765
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256r1_256
+subject:ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 0000000000..4ca0497642
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbzCCARagAwIBAgIUa1MOcQgjz0GXbvb/nNSJWQo7Y9MwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZrMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+cjFfMjU2MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAENe58conY/veoav5dpm2Lwuu2
+qFQ/0v6tCJ9FznrND6ZDgqlQDEHa13D/1LURv0tJLrEjiADDLE92xzo/MpTnxTAK
+BggqhkjOPQQDAgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw
+5gIgdRmR9h7EWLJiw/HOA4VI/+aCQTQ74ywcJc6m1v8bxcc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..ba999e8f14
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256r1_256
+subject:ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256k1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem
new file mode 100644
index 0000000000..f9b3563ce6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBqDCCARKgAwIBAgIUQXmjIgDMGJMlxFe7ZCL7DCwTTOwwDQYJKoZIhvcNAQEL
+BQAwKjEoMCYGA1UEAwwfaW50X3JzYV8xMDE2LXJvb3Rfc2VjcDI1NnIxXzI1NjAi
+GA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBl
+ZV9zZWNwMjU2cjFfMjU2LWludF9yc2FfMTAxNi1yb290X3NlY3AyNTZyMV8yNTYw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARPv7u7YeD4+bGmClmshwTi7AULQj48
+9y6SPyxPeUtFXCpp0jNFbDbEEZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbAMA0GCSqG
+SIb3DQEBCwUAA4GAAHF+Lr1T0H2jrjkcXLUsXkVPjNZjy1NRRr6WJyjhF6FKnetP
+SAMZx1oTY9Sql2mgfWJqJA7vx7t8074hsyjbPt4SHozNdoRw8UhDTIhYZf+pH5pf
+u7D/l0d3zwTm2rHy4PBBJRnJYPES9Gdh5XnQWX08zsPU50Y6NGQm/WS2b1Q=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..1e2e0a3759
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1016-root_secp256r1_256
+subject:ee_secp256r1_256-int_rsa_1016-root_secp256r1_256
+issuerKey:rsa1016
+subjectKey:secp256r1
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem
new file mode 100644
index 0000000000..4403f731cc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBazCCARmgAwIBAgIUJ2KRkxVMwamWLnZIQF6ghanSUzIwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2
+cjFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNAADA9Ah0Amjxv8EbbcPJV9S/WmFIc1y28BSBjT5W2S7JS
+VAIcT8yypPbHzh/icArRyNdIkahxBc/+5tX8YsY/OA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..bd7bc770c7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp224r1_224-root_secp256r1_256
+subject:ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256
+issuerKey:secp224r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem
new file mode 100644
index 0000000000..6ee2ed1f2f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBcjCCARmgAwIBAgIUDQfZ3zvs9qJa/PtD+Zsr5myOCYYwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0cjFfMjI0
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0
+cjFfMjI0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC
+gApw5gIgJDWD1/nBx/6dIMlHHa07N2IDyTwYFzltWBXmgrigTjQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
new file mode 100644
index 0000000000..fe7b7f7482
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp224r1_224
+subject:ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem
new file mode 100644
index 0000000000..e273ce5525
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBczCCARmgAwIBAgIUATe62fX5Ze+WwA3r3INkBmZ2No0wCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2azFfMjU2
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+azFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC
+gApw5gIhAKOvAfyNhAtngfvVMxAw2Ql34vGZccVGQDS59AWW93RV
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
new file mode 100644
index 0000000000..aefffd9810
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256k1_256
+subject:ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 0000000000..0e44de8e33
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBhTCCASygAwIBAgIUWfAaaiXGBAuskGffwQ+qApfqSwowCgYIKoZIzj0EAwIw
+KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y
+MDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z
+ZWNwMzg0cjFfMzg0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtg
+jiUt5LcTLajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalx
+A74oiM/wAvBa9xof3cyDdKpuqc4wCgYIKoZIzj0EAwIDRwAwRAIgXHVRnxMRUM1d
+it4go7wGMJH/snN1XzFk7P3LQoAKcOYCIDpgUEiNKL+ntNWMucP0wHDNTDIxEg4v
+Bjem251RNI7f
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 0000000000..615818d08b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_rsa_2048
+subject:ee_secp384r1_384-int_secp256r1_256-root_rsa_2048
+issuerKey:secp256r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem
new file mode 100644
index 0000000000..6d7ec9003f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1zCCAVygAwIBAgIUOd3+Ig6xQ1VYRGT/6xjAv5tiQnEwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3A1MjFyMV81MjEtaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2
+cjFfMjU2MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBTNycrMR5QQlrycxmdS7C
+f1l3NPpmxit5L4jFGdbTfw0W6hxIOhgnoBC5Eo46CAcMoz719Xg1t8G6JR9sw1Id
+xCsBBlNFGYG0RdND7tN4KjXWz/D/SE9aiD0gnxuQQrcmcDVosvMm4YuDO92KoHND
+krzRlQHhDWmKefU+EeCiK90qrZAwCgYIKoZIzj0EAwIDaQAwZgIxAO0GJz6haDpU
+tNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ1OxFRuhW515lVbeTqfcA8wIxAOzP94f9
+No4Fk3LsupP5uGkSyi5QDAQ0o8uGQV9AzwOZ+qWIbTU5dtSscvjhskLAXQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..b2ae9d0c8f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp384r1_384-root_secp256r1_256
+subject:ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256
+issuerKey:secp384r1
+subjectKey:secp521r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem
new file mode 100644
index 0000000000..b8374730a6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB5jCCAU+gAwIBAgIUEUvOHnMPiL7M+vsW3nuLxaEea2kwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAyNDAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAlMSMwIQYDVQQDDBppbnRfcnNhXzEwMTYtcm9vdF9y
+c2FfMTAyNDCBnjANBgkqhkiG9w0BAQEFAAOBjAAwgYgCgYAA0puxL7hP3c0ps6UZ
+y2bEO42Pi+VFunk4TOZj7QPfdZkWAOuSB5DSUwzs5UTbmacfBYlqPtIHFlU0qpkF
+fkfEfjvIGtpvoeEuNyaLUEalUmj52tfMtIXYGi4Z1Q1PC2hUrK9te+admggxNuFa
++o9TwcjIT8YHcnndDlXXNppb3QIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOBgQCoCuy8BladR/PAVrgOOf4Ph9dFe2MV
+Yq6EKOWVU/PuYqZRssLh2CQX3v0vhfDzurD/zgj4+UEzJmm5B3knMFcBedPwW+0k
+5KGSdI5Q+gROdkwNx5bGqfnWd+RApjnI8Ykf/HhfO7yFJNzxxr4NANGvt3+M+0rh
+WlaGiJ8uWV02gg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec
new file mode 100644
index 0000000000..c6e77116b7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:int_rsa_1016-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1016
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem
new file mode 100644
index 0000000000..7358d4358b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAVagAwIBAgIUW50MunLFoD4GAqoirchzeiePUZcwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMCoxKDAmBgNVBAMMH2ludF9yc2FfMTAxNi1yb290
+X3NlY3AyNTZyMV8yNTYwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKbsS+4
+T93NKbOlGctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7S
+BxZVNKqZBX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvm
+nZoIMTbhWvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAaMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIgXHVRnxMRUM1dit4go7wG
+MJH/snN1XzFk7P3LQoAKcOYCIQD5W4T/b85G2u0prFnlPiVMZ0Wjw0rvAFjBUcDV
+Y8l0kQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..27728ca374
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_rsa_1016-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:rsa1016
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem
new file mode 100644
index 0000000000..7228823bd3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB5jCCAVCgAwIBAgIUY2vK8QUP90UMoUqSZytNypfMOnwwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAxNjAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAlMSMwIQYDVQQDDBppbnRfcnNhXzEwMjQtcm9vdF9y
+c2FfMTAxNjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA06l0QBAeuoxd+VA+
+b5NetS/+s+vp0NxcrOJvlzypTLwNnDHWbAwBO86cgtDUgDKN8F+2vNeZClMS3a5h
+Uq1u5hyMG92GY8aL02IkqYgq546J9Vbf2+b1HaYRLL/CfIpJM2tBr9t1MhtSskpz
+RNE0jmRjUaVRx1cczaC4/jX2GnUCAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYAAINNXc+CjW72JwEYkt+uf23lsrKPb
+FujBh35bnHAJJ1UurBdOrr6D1tujWdF+jiixRUeBxfhvn6o6k5UQmNvq8cs7YoJs
+ZQNb6+VK849E09vhtE6/xo2GQI8Muyh/8+D9ujGlgWRWQsJmKuUTca02yLfD+Lcx
+MHypk9mRS3CDPw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec
new file mode 100644
index 0000000000..fafb393bf9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1016
+subject:int_rsa_1024-root_rsa_1016
+issuerKey:rsa1016
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 0000000000..a0dc860b28
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB5zCCAVCgAwIBAgIUQQZXnXSEQFy9H8+KvR29mhZL8CkwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAyNDAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAlMSMwIQYDVQQDDBppbnRfcnNhXzEwMjQtcm9vdF9y
+c2FfMTAyNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA06l0QBAeuoxd+VA+
+b5NetS/+s+vp0NxcrOJvlzypTLwNnDHWbAwBO86cgtDUgDKN8F+2vNeZClMS3a5h
+Uq1u5hyMG92GY8aL02IkqYgq546J9Vbf2+b1HaYRLL/CfIpJM2tBr9t1MhtSskpz
+RNE0jmRjUaVRx1cczaC4/jX2GnUCAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAqL9M3IKj2oB7xmb5/kj/ljVzawt0
+rlcBTewr4diSiuuJtzR4FGhe7+Sdd8bt9iyOXfdTANOs4hwwuykMtLmNNQ6FT209
+XDzv9NP95kBu/Jc+cF12gYulgbBkFkx9D4zd7W5TTVjyr75Xs+wISSOFGNssNwBn
+jOwDWk2JGPCL+sw=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 0000000000..66891f9793
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem
new file mode 100644
index 0000000000..2f7ca90151
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYjCCAQmgAwIBAgIUa0XXUQa7LlU9/NCMU/UvW1p5/r8wCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjI0cjFfMjI0
+LXJvb3Rfc2VjcDI1NnIxXzI1NjBNMBAGByqGSM49AgEGBSuBBAAhAzkABGaNcsym
+/WobNVe1NmEE2EQI7LY38I6Mhrv/gszojwBm169jwymLo3c0ihICsDs3/Wsf9BWq
+MR6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cA
+MEQCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiB6OW49o/Plw34E
+llpmo3clMwUoC5zINELSPN3uKMElUw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..89d77d3b89
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp224r1_224-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 0000000000..91bba98392
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICJjCCAQ6gAwIBAgIULfRIJwqhrTgphLCOMhBD3HMzZoIwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNcm9vdF9yc2FfMjA0ODAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAqMSgwJgYDVQQDDB9pbnRfc2VjcDI1NnIxXzI1Ni1y
+b290X3JzYV8yMDQ4MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+Pmx
+pgpZrIcE4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0H
+owTqoEqmwKMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
+AQELBQADggEBALnX/gmXf0oTbESNYaBQ3w0fo/GMNfXFQJJicnstxFt510GGQnM6
+k+mCmtWB3e3w5LMClRz1irAVWEhp+xqaH9a0T7LkmziVv3Iz3YzqDOUkMVFIrWWr
+jPX3O/HUV52UF/YNE3pbDD0w72Zbe6BFS0NzXgdBDZiBM9/GAE9Bepsg5pKGcjea
+PpHcWIbxOJvzLAKrQdjHjoaYWTukL21kspsBw7dIaYgMo69f/JhY8suakh4Y45g9
+uD2S6A4lw2E+ITOi0V+EQU//OUFgynIt7kfB8kVyKTflHw2UpVCwu1XICGvPxDZU
+7OKLAp/2Y18qqGbmVGEf9nZ4zojcCdtAsAU=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 0000000000..44a65ef5a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:root_rsa_2048
+subject:int_secp256r1_256-root_rsa_2048
+subjectKey:secp256r1
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem
new file mode 100644
index 0000000000..14178a22d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBZzCCARWgAwIBAgIUS9UDyDRw6jcSIVOE3Jd/25HnZKUwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDIyNHIxXzIyNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0AAMD0CHQCaPG/wRttw8lX1L9aYUhzXLbwFIGNPlbZLslJUAhwR
+QjtGEs8T4jEfvTzExNDStQ07IOzgazIlFtfw
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
new file mode 100644
index 0000000000..66ebc1b93e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp224r1_224
+subject:int_secp256r1_256-root_secp224r1_224
+issuerKey:secp224r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem
new file mode 100644
index 0000000000..d8ee88f643
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbjCCARWgAwIBAgIUbfWsobapssVY8KJM2yCX2ixKnPswCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDI1NmsxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0cAMEQCIFuwodUwyOUnIR4KN5ZCSrU7y4iz4/1EWRdHm5kWKi8d
+AiAPwQROIzfXlMFBuhspsRKzB5bfRlK3JAQUSCN5CsmfEw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
new file mode 100644
index 0000000000..c7e190ab0b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256k1_256
+subject:int_secp256r1_256-root_secp256k1_256
+issuerKey:secp256k1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 0000000000..6eca3f2b9b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbjCCARWgAwIBAgIUa0D2PJJTJo9PXI+vG9zQ1xsBn/owCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDI1NnIxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0cAMEQCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDm
+AiA4ISAfKF73X9PGnyvy/moXFGmSVwofC5A9v2X5+huJHQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..6854d21876
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem
new file mode 100644
index 0000000000..a30df8f600
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBizCCATKgAwIBAgIUE3rMvYbUkYGloXh1cHBH2bCZyBcwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMzg0cjFfMzg0
+LXJvb3Rfc2VjcDI1NnIxXzI1NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKFockM2
+K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMtqM6Y6DFTTmqcDAsJyNY5regy
+BuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC8Fr3Gh/dzIN0qm6pzqMdMBsw
+DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDRwAwRAIgXHVR
+nxMRUM1dit4go7wGMJH/snN1XzFk7P3LQoAKcOYCIEwCzXhoYODip/jtMmkCe36I
+IIHXI7fafiAbVaadub6I
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..de8e851981
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp384r1_384-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem
new file mode 100644
index 0000000000..4d1522bb8b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2DCCAUKgAwIBAgIUfXnvTK9B9FK+1IelCwSO1Mf5UTwwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAxNjAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAYMRYwFAYDVQQDDA1yb290X3JzYV8xMDE2MIGeMA0G
+CSqGSIb3DQEBAQUAA4GMADCBiAKBgADSm7EvuE/dzSmzpRnLZsQ7jY+L5UW6eThM
+5mPtA991mRYA65IHkNJTDOzlRNuZpx8FiWo+0gcWVTSqmQV+R8R+O8ga2m+h4S43
+JotQRqVSaPna18y0hdgaLhnVDU8LaFSsr2175p2aCDE24Vr6j1PByMhPxgdyed0O
+Vdc2mlvdAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
+SIb3DQEBCwUAA4GAAD8C2t9CPWsOkjh/CLrrCa+4TXvZ08h8W/8IhqdQAfCv7dti
+9bEvHqR9zQOFDeahFe7z5PkQcy4muoEYycBEod7MmacIDz8Mp3tZ3z2dHlaGxYIN
+zAhQa8PShkltJw9+whOhPyLFVd4sExO6GSJU616wDCO0XSsk82Akrp3b22E=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec
new file mode 100644
index 0000000000..b0b5ba8e5e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1016
+subject:root_rsa_1016
+issuerKey:rsa1016
+subjectKey:rsa1016
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem
new file mode 100644
index 0000000000..de4451ce56
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2jCCAUOgAwIBAgIUMVucrt/selpf3q8amlrvDqneZmEwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAyNDAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAYMRYwFAYDVQQDDA1yb290X3JzYV8xMDI0MIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTqXRAEB66jF35UD5vk161L/6z6+nQ3Fys
+4m+XPKlMvA2cMdZsDAE7zpyC0NSAMo3wX7a815kKUxLdrmFSrW7mHIwb3YZjxovT
+YiSpiCrnjon1Vt/b5vUdphEsv8J8ikkza0Gv23UyG1KySnNE0TSOZGNRpVHHVxzN
+oLj+NfYadQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOBgQAmXbjjKelajwlEDMtahrBCsERFd6+ROiGkWPd2f7DrcbM0
+4XTeBJMOk0JUHRNelafp7s+B/Na/gA6tF7DwbBff6CroFMA08AtT6CaGGshyym4e
+v1gLXMZRAw7Ql0vHwp5+62umXMYQZRsxc7+evlm4BQKsIkVG20R9P39/f2DErg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec
new file mode 100644
index 0000000000..09cd420f70
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem
new file mode 100644
index 0000000000..76c11d0c5d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcegAwIBAgIUHc/POtVpyiofkS90PJVYOJh6zpcwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNcm9vdF9yc2FfMjA0ODAiGA8yMDIxMTEyNzAwMDAwMFoY
+DzIwMjQwMjA1MDAwMDAwWjAYMRYwFAYDVQQDDA1yb290X3JzYV8yMDQ4MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+ox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AQEAk5wQl5Buy92gRlkSDZ2zDu4l4vELd6YC+ObqOe6ixuUf4Y7rGMWiHtbyrhh1
+4IXAD8ZAhZQhdrhl6YX9QsLwIMSowkzhnDLgO7vBJrIw1PsQlyonMFk+A09sbFvk
+iLo6gAo+8Vb83DrkJWp9uoIqSIhJTTRFz4MbWh82oNqpQZeARFZ6TzsJK2cekmL5
+sdIkC5Sh7nnDPQvH4pc+k+AwjAJIyj3ysDelxpvzVoVVhHJCdzVVaN25Kd3pAByL
+nUhQ/r7z2tdg6I/7CijIuRVD8sPKAhrTT8Xo+fIcrqqXnuHEIgNcRpLaR3zgpVRV
+G4p5aG3iXXviN44uwz7abs+l1A==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec
new file mode 100644
index 0000000000..cebc2f8e6a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec
@@ -0,0 +1,4 @@
+issuer:root_rsa_2048
+subject:root_rsa_2048
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem
new file mode 100644
index 0000000000..6475f8ef91
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBSDCB96ADAgECAhQHiZOs85zvfLeFMhsh68xncNi5wzAKBggqhkjOPQQDAjAd
+MRswGQYDVQQDDBJyb290X3NlY3AyMjRyMV8yMjQwIhgPMjAyMTExMjcwMDAwMDBa
+GA8yMDI0MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0
+ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjstjfwjoyG
+u/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHqMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDQAAwPQIdAJo8b/BG23DyVfUv1phS
+HNctvAUgY0+VtkuyUlQCHHjzlIZKE3ktC+mtNDdM57lQZsqdPCUo2IehzBo=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec
new file mode 100644
index 0000000000..31370f6f73
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp224r1_224
+subject:root_secp224r1_224
+issuerKey:secp224r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem
new file mode 100644
index 0000000000..a062c78eb2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWjCCAQCgAwIBAgIUfUU3FkeasPqniKMpSraSUECrlnowCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NmsxXzI1
+NjBWMBAGByqGSM49AgEGBSuBBAAKA0IABDXufHKJ2P73qGr+XaZti8LrtqhUP9L+
+rQifRc56zQ+mQ4KpUAxB2tdw/9S1Eb9LSS6xI4gAwyxPdsc6PzKU58WjHTAbMAwG
+A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gAMEUCIFuwodUw
+yOUnIR4KN5ZCSrU7y4iz4/1EWRdHm5kWKi8dAiEA75wpo6AToMf20m7rvmTKnlK8
+FGo2xq0TYVCCcCEfkcM=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec
new file mode 100644
index 0000000000..c78aa61bba
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256k1_256
+subject:root_secp256k1_256
+issuerKey:secp256k1
+subjectKey:secp256k1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem
new file mode 100644
index 0000000000..f0fa1a3298
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXDCCAQOgAwIBAgIUB5NlTHpszJgjDr4BNFqeBut30O8wCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMjExMTI3MDAwMDAw
+WhgPMjAyNDAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NnIxXzI1
+NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYKWayHBOLsBQtC
+Pjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME6qBKpsCjHTAb
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIFx1
+UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiAwSXG3ZAwdTkc4IYrNr7A3
+PwsFyeNA6J5MEWhUHVzgTw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
new file mode 100644
index 0000000000..4447fc4b47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev.js b/security/manager/ssl/tests/unit/test_keysize_ev.js
new file mode 100644
index 0000000000..8e0edd7851
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@@ -0,0 +1,169 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Checks that RSA certs with key sizes below 2048 bits when verifying for EV
+// are rejected.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const SERVER_PORT = 8888;
+
+function getOCSPResponder(expectedCertNames) {
+  let expectedPaths = expectedCertNames.slice();
+  return startOCSPResponder(
+    SERVER_PORT,
+    "www.example.com",
+    "test_keysize_ev/",
+    expectedCertNames,
+    expectedPaths
+  );
+}
+
+function loadCert(certName, trustString) {
+  let certFilename = "test_keysize_ev/" + certName + ".pem";
+  addCertFromFile(certDB, certFilename, trustString);
+  return constructCertFromFile(certFilename);
+}
+
+/**
+ * Asynchronously runs a single EV key size test.
+ *
+ * @param {Array} expectedNamesForOCSP
+ *        An array of nicknames of the certs to be responded to.
+ * @param {string} rootCertFileName
+ *        The file name of the root cert. Can begin with ".." to reference
+ *        certs in folders other than "test_keysize_ev/".
+ * @param {Array} intCertFileNames
+ *        An array of file names of any intermediate certificates.
+ * @param {string} endEntityCertFileName
+ *        The file name of the end entity cert.
+ * @param {boolean} expectedResult
+ *        Whether the chain is expected to validate as EV.
+ */
+async function keySizeTestForEV(
+  expectedNamesForOCSP,
+  rootCertFileName,
+  intCertFileNames,
+  endEntityCertFileName,
+  expectedResult
+) {
+  clearOCSPCache();
+  let ocspResponder = getOCSPResponder(expectedNamesForOCSP);
+
+  loadCert(rootCertFileName, "CTu,CTu,CTu");
+  for (let intCertFileName of intCertFileNames) {
+    loadCert(intCertFileName, ",,");
+  }
+  await checkEVStatus(
+    certDB,
+    constructCertFromFile(`test_keysize_ev/${endEntityCertFileName}.pem`),
+    certificateUsageSSLServer,
+    expectedResult
+  );
+
+  await stopOCSPResponder(ocspResponder);
+}
+
+/**
+ * For debug builds which have the test EV roots compiled in, checks RSA chains
+ * which contain certs with key sizes adequate for EV are validated as such,
+ * while chains that contain any cert with an inadequate key size fail EV and
+ * validate as DV.
+ * For opt builds which don't have the test EV roots compiled in, checks that
+ * none of the chains validate as EV.
+ *
+ * Note: This function assumes that the key size requirements for EV are greater
+ * than the requirements for DV.
+ *
+ * @param {number} inadequateKeySize
+ *        The inadequate key size of the generated certs.
+ * @param {number} adequateKeySize
+ *        The adequate key size of the generated certs.
+ */
+async function checkRSAChains(inadequateKeySize, adequateKeySize) {
+  // Reuse the existing test RSA EV root
+  let rootOKCertFileName = "../test_ev_certs/evroot";
+  let rootOKName = "evroot";
+  let rootNotOKName = "ev_root_rsa_" + inadequateKeySize;
+  let intOKName = "ev_int_rsa_" + adequateKeySize;
+  let intNotOKName = "ev_int_rsa_" + inadequateKeySize;
+  let eeOKName = "ev_ee_rsa_" + adequateKeySize;
+  let eeNotOKName = "ev_ee_rsa_" + inadequateKeySize;
+
+  // Chain with certs that have adequate sizes for EV and DV
+  // In opt builds, this chain is only validated for DV. Hence, an OCSP fetch
+  // will for example not be done for the "ev_int_rsa_2048-evroot" intermediate
+  // in such a build.
+  let intFullName = intOKName + "-" + rootOKName;
+  let eeFullName = eeOKName + "-" + intOKName + "-" + rootOKName;
+  let expectedNamesForOCSP = [eeFullName];
+  await keySizeTestForEV(
+    expectedNamesForOCSP,
+    rootOKCertFileName,
+    [intFullName],
+    eeFullName,
+    gEVExpected
+  );
+
+  // Chain with a root cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intOKName + "-" + rootNotOKName;
+  eeFullName = eeOKName + "-" + intOKName + "-" + rootNotOKName;
+  expectedNamesForOCSP = [eeFullName];
+  await keySizeTestForEV(
+    expectedNamesForOCSP,
+    rootNotOKName,
+    [intFullName],
+    eeFullName,
+    false
+  );
+
+  // Chain with an intermediate cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intNotOKName + "-" + rootOKName;
+  eeFullName = eeOKName + "-" + intNotOKName + "-" + rootOKName;
+  expectedNamesForOCSP = [eeFullName];
+  await keySizeTestForEV(
+    expectedNamesForOCSP,
+    rootOKCertFileName,
+    [intFullName],
+    eeFullName,
+    false
+  );
+
+  // Chain with an end entity cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intOKName + "-" + rootOKName;
+  eeFullName = eeNotOKName + "-" + intOKName + "-" + rootOKName;
+  expectedNamesForOCSP = [eeFullName];
+  await keySizeTestForEV(
+    expectedNamesForOCSP,
+    rootOKCertFileName,
+    [intFullName],
+    eeFullName,
+    false
+  );
+}
+
+add_task(async function () {
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  let smallKeyEVRoot = constructCertFromFile(
+    "test_keysize_ev/ev_root_rsa_2040.pem"
+  );
+  equal(
+    smallKeyEVRoot.sha256Fingerprint,
+    "40:AB:5D:A5:89:15:A9:4B:82:87:B8:A6:9A:84:B1:DB:" +
+      "7A:9D:DB:B8:4E:E1:23:E3:C6:64:E7:50:DC:35:8C:68",
+    "test sanity check: the small-key EV root must have the same " +
+      "fingerprint as the corresponding entry in ExtendedValidation.cpp"
+  );
+
+  await checkRSAChains(2040, 2048);
+});
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem
new file mode 100644
index 0000000000..394cb6caea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIUVZYfMEsZbV/AnYHYi9fRg/e/buYwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAwMS4wLAYDVQQDDCVldl9lZV9yc2Ff
+MjA0MC1ldl9pbnRfcnNhXzIwNDgtZXZyb290MIIBITANBgkqhkiG9w0BAQEFAAOC
+AQ4AMIIBCQKCAQAAusBlL9+8AFWIL/uurO7Ij6LQg8KX3V1AZk3T2Q9S+aoCvYpQ
++6FuD9mRh470dfmzUNn44+sqvXF84yewl4hTHxPfjj5OO51ha7ikHlMG7tJHIWMW
+EFEYASdqTrZvBzMbXLyLyucBao+bPU8qxFU8Ykz1JjvLNI6IQN5mEocJYKeSGRsT
+j7IX92XOx7/46U8Ws5QZv3UExZp+T3m9bRc+nHvz2dKk5zzBgLBZCnPVhPt/ybVP
+pURgflP8aFx6Vf1EqB1BQravUepvps6lKWWi6MXYTzygJNb7ubAFuWUc5dny7PQO
+1ASYGp/8AmNuMRsJXGMyoMh9w5JxtVUUgXdLAgMBAAGjgYQwgYEwXgYIKwYBBQUH
+AQEEUjBQME4GCCsGAQUFBzABhkJodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgv
+ZXZfZWVfcnNhXzIwNDAtZXZfaW50X3JzYV8yMDQ4LWV2cm9vdC8wHwYDVR0gBBgw
+FjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwDQYJKoZIhvcNAQELBQADggEBADEl0bWl
+HI7w8k4AN2yIxDMFCzd4AJBqtqanL5JVkPFl4VCzmmK2okwdGq5TZYvbDRaQK4nQ
+FECjTuxDGY95BVd4brca/JKvaCk8HBXFbh4iv9OZJbr6gm+N2LiV78P8V8nz1RVw
+WfGB9T5TZAhsMBF8nMum9p3bPj5IJXA2IpQswtfAx19so9D7i+vt++F8g2M8MjHC
+FIwH5961OYBUvd1c+CAjE8ekZ/ajQnrEuayPVGacBwWmqJ8Lz6viyXIfPdRIWlvn
+0+rJB20eBXnoSW3k2kp0QwzTxuD/5RwRiTgGphGta0wHtaVCwrkdkWTH1u7R/OxW
+I+X16RQo8Ayto3o=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 0000000000..e64c651bc7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_rsa_2048-evroot
+subject:ev_ee_rsa_2040-ev_int_rsa_2048-evroot
+subjectKey:rsa2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2040-ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem
new file mode 100644
index 0000000000..c7b6b0ddab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAlCgAwIBAgIUZfXrSpbPemyhfINT4zz1d30Ek2wwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWZXZfaW50X3JzYV8yMDQwLWV2cm9vdDAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAwMS4wLAYDVQQDDCVldl9lZV9yc2Ff
+MjA0OC1ldl9pbnRfcnNhXzIwNDAtZXZyb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GEMIGBMF4GCCsGAQUF
+BwEBBFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4
+L2V2X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0MC1ldnJvb3QvMB8GA1UdIAQY
+MBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMA0GCSqGSIb3DQEBCwUAA4IBAAA0bpkI
+YZXUPMUehztpOIlqHZyliVXpt5P2KpBG/3lSwkomGszQZT4+mvZqGS7Hy/gIJNnF
+vE0Obol+2LT8WOsJuqlOZz2Q04ckggp+HsgwBZYTAvgSSPVbiXwsAVq9aMHcw9l1
+usGJC8Y3rEsQYdGx01/SBP/jAfq882yOSX/MmE0DElDDygLkpynttd60XBwUNiuM
+RdvE9HmQ1g8teQjXoZiOctgSmYeNGcjx0Tabr96ONhf1ol7tf0lVECweWl32G0PL
+Z9PnXtatiH4wcItb3S4P3jlCjEcaK6iq0PntcarxICyraOkWXvD+cAecptFSEhRh
+TGE7OM/RblZ1waQ=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec
new file mode 100644
index 0000000000..0b7bfd4269
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_rsa_2040-evroot
+subject:ev_ee_rsa_2048-ev_int_rsa_2040-evroot
+issuerKey:rsa2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2040-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem
new file mode 100644
index 0000000000..6743c1859a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhjCCAm6gAwIBAgIUSwd9p0zHyco2QXDr8tpsJc2ljTwwDQYJKoZIhvcNAQEL
+BQAwKzEpMCcGA1UEAwwgZXZfaW50X3JzYV8yMDQ4LWV2X3Jvb3RfcnNhXzIwNDAw
+IhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAwMDAwMFowOjE4MDYGA1UEAwwv
+ZXZfZWVfcnNhXzIwNDgtZXZfaW50X3JzYV8yMDQ4LWV2X3Jvb3RfcnNhXzIwNDAw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjgY4wgYswaAYIKwYBBQUHAQEEXDBaMFgGCCsGAQUFBzABhkxodHRwOi8v
+d3d3LmV4YW1wbGUuY29tOjg4ODgvZXZfZWVfcnNhXzIwNDgtZXZfaW50X3JzYV8y
+MDQ4LWV2X3Jvb3RfcnNhXzIwNDAvMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqF
+GgGDdAkBMA0GCSqGSIb3DQEBCwUAA4IBAQBuSOtnkDe3ob+sBv9AIEUi4Rysxb3N
+Xhg3sAR6RFNP0kZnuROdWloSSfA9+H6f7l1w/LFTVFZhdQG2PqmJJ7vVzZYbgKXQ
+bWFri8W5Moj75f+Q3hpOczTqgBZfKl07gQp15/BfaUxsvmiw0IZBZHpaggYGerC3
+stamAyLWYI4hvQacoVz/2wRLa/NMs2qWElZ8+AjR10cCevvC15HD/U48s5NdLhGZ
+63x9dz7DCWQcrxz+eIS+S1qEeU7N4DTMYR5QRxPWM7s37hAZGASZlDmiL5fs3DRv
+IbynUqPgLPELvM+BvZN6edALZxGC2ngcqxVVmg/j8nl5Xcjqvq0cO1VH
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
new file mode 100644
index 0000000000..a36acf887d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ev_int_rsa_2048-ev_root_rsa_2040
+subject:ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem
new file mode 100644
index 0000000000..753a39f0e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIUWW7gg8Czo9BnB6ui50M3Xu6ivEcwDQYJKoZIhvcNAQEL
+BQAwITEfMB0GA1UEAwwWZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDAiGA8yMDIxMTEy
+NzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAwMS4wLAYDVQQDDCVldl9lZV9yc2Ff
+MjA0OC1ldl9pbnRfcnNhXzIwNDgtZXZyb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GEMIGBMF4GCCsGAQUF
+BwEBBFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4
+L2V2X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0OC1ldnJvb3QvMB8GA1UdIAQY
+MBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMA0GCSqGSIb3DQEBCwUAA4IBAQAZ6F/Z
+4Alyl3Mc7/QcrKEbu1BWIWt4e5wvWqAw3evX36OsFrkAD+26FHLgkjyMVxeX6g95
+LAbbQN2K48mIHGLdK8fAnLmNJpBJpetAEfIpcQzKf4BuNsCAB+TVRfAt0yeDDagQ
+va7jy8kzC+UG/OX2KW0SG5Zn6OwJTAIq6LLnGeyeMGqleBVW8HUsQBB4waPFfejJ
+AuPPiIuHh+6lOcSpjLel/xcEnnmMJFjO8zoOW32HuR02iUsrkZqPvIeRm6sVjQEs
+HWd0d+mAtzUWN4YkFqDdBJ71iK0ZZDlx4wPdjhshdDFLg/g0PW6sUEeUak6e3WQ4
+oNA9ie/2y779fkX6
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 0000000000..0b34be6db8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ev_int_rsa_2048-evroot
+subject:ev_ee_rsa_2048-ev_int_rsa_2048-evroot
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem
new file mode 100644
index 0000000000..cf632da080
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIUAcFzVqJIY35fm8QGImTLo+kRhoowDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0MC1ldnJvb3QwggEh
+MA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAAC6wGUv37wAVYgv+66s7siPotCD
+wpfdXUBmTdPZD1L5qgK9ilD7oW4P2ZGHjvR1+bNQ2fjj6yq9cXzjJ7CXiFMfE9+O
+Pk47nWFruKQeUwbu0kchYxYQURgBJ2pOtm8HMxtcvIvK5wFqj5s9TyrEVTxiTPUm
+O8s0johA3mYShwlgp5IZGxOPshf3Zc7Hv/jpTxazlBm/dQTFmn5Peb1tFz6ce/PZ
+0qTnPMGAsFkKc9WE+3/JtU+lRGB+U/xoXHpV/USoHUFCtq9R6m+mzqUpZaLoxdhP
+PKAk1vu5sAW5ZRzl2fLs9A7UBJgan/wCY24xGwlcYzKgyH3DknG1VRSBd0sCAwEA
+AaOBkDCBjTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBPBggrBgEFBQcBAQRD
+MEEwPwYIKwYBBQUHMAGGM2h0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9ldl9p
+bnRfcnNhXzIwNDAtZXZyb290LzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoB
+g3QJATANBgkqhkiG9w0BAQsFAAOCAQEAXXKAxLkrQ+U2XlsV87bacCpbpSpRsdps
+EGFUEZ1h1Pmlcea7I4tgLhavwnP48zSa3J15dCacXlupHlKspILYbWvkSM3P+64s
+MAo2Nt0av/eQsXZrasMNhLPPkvWXtA7MUB57eQm+2pKyy0hmNaZC2cOWsJw+FqXB
+9Nw2tPpo/rSXr5jkqEMKSUrA/B8dDNjl1QNe0nbr6pS2Ux3Eayuc57xg8envOkn+
+nTm6Wf9oJeE/+0D7Y4whiRJWDv/ANYW5b982sn4BA48jtxYDP1M8UZ/ZzWfMG7tE
+xtYL6EBZbZ9KOmPkPEzzKwM2IdFRexTAzVrid3VHbBYOQOfQBDP4pg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec
new file mode 100644
index 0000000000..80be711742
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec
@@ -0,0 +1,8 @@
+issuer:evroot
+subject:ev_int_rsa_2040-evroot
+issuerKey:ev
+subjectKey:rsa2040
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2040-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key
new file mode 100644
index 0000000000..63b267865f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEtwIBADANBgkqhkiG9w0BAQEFAASCBKEwggSdAgEAAoIBAAC6wGUv37wAVYgv
++66s7siPotCDwpfdXUBmTdPZD1L5qgK9ilD7oW4P2ZGHjvR1+bNQ2fjj6yq9cXzj
+J7CXiFMfE9+OPk47nWFruKQeUwbu0kchYxYQURgBJ2pOtm8HMxtcvIvK5wFqj5s9
+TyrEVTxiTPUmO8s0johA3mYShwlgp5IZGxOPshf3Zc7Hv/jpTxazlBm/dQTFmn5P
+eb1tFz6ce/PZ0qTnPMGAsFkKc9WE+3/JtU+lRGB+U/xoXHpV/USoHUFCtq9R6m+m
+zqUpZaLoxdhPPKAk1vu5sAW5ZRzl2fLs9A7UBJgan/wCY24xGwlcYzKgyH3DknG1
+VRSBd0sCAwEAAQKB/2A9smffl1VcvthrjfNVA0ryjx638+eCnSObzCc6fHppoQvo
+8h8bbEsCxrrjcxwxWLW7/0YF9Xq3t7Kgy6LsAFottbHqbgrO6lvHRdzS0OnWuA1+
+sOorwIEnvONfpQxCzEEYcbpZHiO6ajhISjPv8TR/kH7ppakqIxG7C0NVEAIPeOO7
+AAmdtNEYKSgJZQX8uoTzyhI4/R66XuofORu7zFQksWgGP8F+HKbhkSzLpE+dApIw
+ih/tuAYSUps59Z0KP4GAtbogETIZf5OlgV3tk43459k8mxV2ZYjzObtZEAr9pJSn
+5FLX3UyaGc4uw6M6GLIPC02t4XK+4Z8m8Ny+QQKBgA7Dhpy5LUBsrd96MZqylEi8
+UFoFkTcHhzNh/FuYakmftl7rgVp+N2h9GfEoCHKJ2buIGOe8ylAsSQCtmuzhF5vh
+L/PkZ9YG/IIOqPB6yev/4iNuOBaEEgKIIj5C2+aN/ZcqhaZEflFpXyNNp5EcZ8mr
+lTHzPfO5lDLU7ojJpO+7AoGADKY5NFSehf6sjg9WBDA/0YSf6Ir0t/fhITKDu8ei
+wqUJ+Sc8Qoxo3j25PmFF8bQAvW1KJiYU6QQ602LU66SmuZU5nIk0o5mRIZnoQdjo
+2/8EifaeZjeWcwspgFMLMctwaVohYl6irczAnZMFFvqHIhGpHiLdif2et9qFdLci
+NbECgYANfTp14X9l+KZYpIXECVwQpPZpeeK3O8qc+O8hJT4frKxtR5H1g5LOhlb4
+jxJAzJDCllPjEAxtejjtRLFjsznl87bjiRISbGmzzv8uUZJCbZZJtv/KGrt10rou
+1tmiaqODxZc9ViFv8u25DM+Id0Kg8YOskslM8YdldkXHdy2a1wKBgAP1UBlMEX8k
+vqKFsgkFgDL0KYX/Vazr6IsW35o3UntOYdyRpo28mmRRNFKM5fJIvaKJPJbLe+ee
+5zmWx8Ild/bC95BAbzRyrbOyEbfpRJTzLFxvzAl4g5/kckwxsGMYokiVZ7T8oDN6
+yxuEEieqpfbHSACiMGkp8CzgOLrZQ99BAoGACAp9v6jCWEgUxxZkxW62LOTK8Wr+
+iNRJkVnWdHdKOj7N3xJWwC/JFSXFJ2kkItCrqU5cQe4S3HG7Zvhnn6F+CW8oCAhR
+ugRusxiFwUFOiYWt5ZnZB68XRT0cyuosDQZEP4Nnpr4VSxJeOQ7g2Q90bwiAHdP1
+Nn9Z+6LlpnwF83U=
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec
new file mode 100644
index 0000000000..f488e73a94
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec
@@ -0,0 +1 @@
+rsa2040
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem
new file mode 100644
index 0000000000..3460534a0b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlugAwIBAgIUZSpbli3rGt5J38O5lKUHT1lCyUEwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQZXZfcm9vdF9yc2FfMjA0MDAiGA8yMDIxMTEyNzAwMDAw
+MFoYDzIwMjQwMjA1MDAwMDAwWjArMSkwJwYDVQQDDCBldl9pbnRfcnNhXzIwNDgt
+ZXZfcm9vdF9yc2FfMjA0MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBmjCBlzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjBZBggrBgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cu
+ZXhhbXBsZS5jb206ODg4OC9ldl9pbnRfcnNhXzIwNDgtZXZfcm9vdF9yc2FfMjA0
+MC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwDQYJKoZIhvcNAQEL
+BQADggEAABBuxXUR0hyJquyO21vDSVBAfJxZzfanX2HTra0RQuHKsMJT+stYBaW5
+dyxwmRtOnWgn4FOYqVppLZe1jSws6zUoWgSBiAxKJiX3RvQ4aR5bSIm9DueBDR8u
+d/vwQOWR1+qqZb7FRvFkXkzFyBP9C5cT/INjmFiRzidMIWIPuoS3kSzIIcyLr4Gj
+CPb/TDGTL3pc5xdSIiQ3i43f1u17yeurjzbN8yzjIX3CuoeaOrBUWsBxnNgFhmVm
+KY8AP4GHKg0/If0cY1O+cVJ33meKLLxoV9sH98tAbBUs/jQ7mAH+lGQRBUtp5WxJ
+hIPwSS31RIFglSm9FVEraLU+dl+mzA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
new file mode 100644
index 0000000000..5bc5674b2c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ev_root_rsa_2040
+subject:ev_int_rsa_2048-ev_root_rsa_2040
+issuerKey:evRSA2040
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-ev_root_rsa_2040/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem
new file mode 100644
index 0000000000..982eb60fd4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj2gAwIBAgIUaQnDkiefXQWH/NTUbBlfx7LtXIMwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAy
+MDUwMDAwMDBaMCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0OC1ldnJvb3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjgZAwgY0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTwYIKwYBBQUHAQEE
+QzBBMD8GCCsGAQUFBzABhjNodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvZXZf
+aW50X3JzYV8yMDQ4LWV2cm9vdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa
+AYN0CQEwDQYJKoZIhvcNAQELBQADggEBAFr4zW09JSWiZyP/xLgjaSwybNjNy844
++RveDtS0i9k3MgNI4pmG82CqfaMDdQYUSdiIDFLLZMbKYNU9pBG0WUr2AlPAMsU4
+Pt1I4/IT6xAQvB9reuKeHdM7r99W1r5IYmRFf4YHcGTeNOTBExaQCsnAwk1nWj4+
++dNQidDkzcvb2CMcp5DvILtYyFam9irx1K2u/pzH4naBeXjvuCk2gE+nK9nBZUuD
+Ot0Lg/hHNK/ultREiFoBXkEyuLHbUxfNug6SfUvppXy2tCR+bA98QkwM25LflG4J
+/Bej2fWYhDcO1keGO9A9STb6S/4T64AVbqDZNILRwFENWKoarvcE3YA=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 0000000000..a0cb6250dc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:ev_int_rsa_2048-evroot
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key
new file mode 100644
index 0000000000..bcd996ab23
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEuQIBADANBgkqhkiG9w0BAQEFAASCBKMwggSfAgEAAoIBAADKcCDcIV9XkU00
+P65KAVERaXr5l6Xs6RhmSZ/CPxuIoRjL0wsQ2Rx7mg1O6JcvyuVsr1fyX8EnWipN
+vLmCQowy71h78jh0EDMKD/sWuAKb14OWnvZ19t44wY9nGTy2wHL4sj0LM3QRJiel
+e5AFV3HZ5iYD9TeI1/Y6+nJPXRCAlt8x+J8msetffENXmA4Aj81V2CfdJiOVyi9S
+ageJfMQMWTs4cW68DKpZZxnG8prJtzp6lEdIo6o+CenrTUYeoAJ+VAkmYUcoudJD
+l1z5oFQb79JedrUflREQsOdkT8fjhEF5G20iJzhMuABOIzQjcrHPXMPnPjG3u++h
+YOaGLrsCAwEAAQKCAQAAstt0vOkjYqv3KVWmOK6HILowM7t/lxyvORiNdULqocGr
+tdIFseIRH0eRwIkRouFB6M/XBUcC0jEAtWQsBuGjGxGK/R+aLzlsztQlxQHZFDXK
+hlZ2bO0rk7u4Zp/Om6zXJ9Hayz2vq8MpPjU4nu+OoLWOGusaIOamH5/NRT91Z/4x
+0SO2FqJv703x1sn3SQER0Cju/R2XIEWxokInPdemfr8RHbJ0GlqTx7IonMSiNvWp
+mm7HqCBv2uHB0EvbsZgNSimMWhfa5BhkdKX3g12IK87ySu9O1vFJ+U2WyffXjmR/
+x3ipAX/yCNO0oXaLGCFiECzasDL6u6s41SAKMkZJAoGADzhE0NTU1qIazXam/DcL
+hVDh1+xaYjQXLnkPACmuZR9tXFkzCrGYArnXogfeeh+3eON3T9vcQRdQYz2NGz/g
+dQBv/P0dEOdjx6kifS1fDC2t4cnmWcNQoVnTa7mG8SY21PmUKyiLwP4h2oeZR3Fz
+FEJJyi44nmxcJap4yMrX1N8CgYANTQvt0ZYvB6Hq1rI6TtZ66vEnDwUqbSm6B0lF
+xjYaXE+PB7+FngZ67T9ObjI+8qqKas00CwvcfP5P0ynjyX+HDH93NXksaqnQ9+dU
+KijtbwGw5VorjZwkplxtoxTJVIT1x8OVSoG7AWsH7RfumwYDlpW8oFmnn43CQj0y
+jVJlpQKBgAnymi/wW+ipbWFLoxsIk1QgqGxrxCuZpmkuoNpXY/AeWWlZt93Oc++c
+Lk9uW0BxCIdQDUS6DDzTEyy6J0dfOcLfdVLi0SOiSXpPlwZAKHaaSKNiRlf3K/U5
+89DeI0/szTvooKqQxr9umwvtQwcKJNBh/z7RdRo+8v9/a5C529X7AoGAAaZZ4XDK
+wSCgO+HPj53xyqNTsDWTvXR25YU72HTChziGAcbDQc6dHShKXu8aOmadMrgWpers
+2LeET+BwZLm8oMKzGNVAJ3s/fxUQ04a7NuA7BHceXSKeiIk+E7dTv7lFGLtjjiQE
+vW5qmTwWaNk/wLgv8IqvNDR9P+g5cQjIfKUCgYAEAlfA1KIcC5hDKXxlZS22YwT7
+Jjdz1yi2q/oG03rAymLGKAI+CeN9wKkB5M4SJBgOJYKjqktqGnuY4r1wB3rsFKyK
+tmp1XHHg/BAkcfm7wbRqlaoLZF8sOOdkUCiWGeo/XormEDe//PgknyKqTnbioBkJ
+8/6ykM6T7fV7EOvnlg==
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec
new file mode 100644
index 0000000000..a85e16858b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec
@@ -0,0 +1 @@
+evRSA2040
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem
new file mode 100644
index 0000000000..fe3abd78a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAcygAwIBAgIUJ7nCMgtzNcSPG7jAh3CWzlTGHQgwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQZXZfcm9vdF9yc2FfMjA0MDAiGA8yMDE1MDEwMTAwMDAw
+MFoYDzIwMzUwMTAxMDAwMDAwWjAbMRkwFwYDVQQDDBBldl9yb290X3JzYV8yMDQw
+MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQAAynAg3CFfV5FNND+uSgFR
+EWl6+Zel7OkYZkmfwj8biKEYy9MLENkce5oNTuiXL8rlbK9X8l/BJ1oqTby5gkKM
+Mu9Ye/I4dBAzCg/7FrgCm9eDlp72dfbeOMGPZxk8tsBy+LI9CzN0ESYnpXuQBVdx
+2eYmA/U3iNf2OvpyT10QgJbfMfifJrHrX3xDV5gOAI/NVdgn3SYjlcovUmoHiXzE
+DFk7OHFuvAyqWWcZxvKaybc6epRHSKOqPgnp601GHqACflQJJmFHKLnSQ5dc+aBU
+G+/SXna1H5URELDnZE/H44RBeRttIic4TLgATiM0I3Kxz1zD5z4xt7vvoWDmhi67
+AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
+CwUAA4IBAAA/4/YVyeRLPr05Uw5j0JOCx5WNUv2HxemfvTZgF4QEg4vDt8ba3VDR
+Xj3Z8hiGYG+s2Wz4k+82wCNRTglm3iutCJ/LbwOAZIa8dFyQUa03EssS0BBvVNhx
+uu6+kYMqGteIX5Q94daqZe+0KM9xKbydNCQJKSMD8IV1YHKvotF91MFQHDdnVAZX
+anpqDnw0j4YGknFHA1i++0GZC0aWxhRn6Epfza+bYCVogC5BviY6xYIg2kZE8kII
+msQ6iUrKQ2OV7HmZ03BdpsGADorycyJ/wRGR3xDDg8RYUur80jU/D0eBq8BX1md8
+Rc+IyDmcFcs7hYRUaJAoxuLPvQ+/vy4=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec
new file mode 100644
index 0000000000..fd1ade8dea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ev_root_rsa_2040
+subject:ev_root_rsa_2040
+issuerKey:evRSA2040
+subjectKey:evRSA2040
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key
new file mode 100644
index 0000000000..1d88a930d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec
new file mode 100644
index 0000000000..1a3d76a550
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem
new file mode 100644
index 0000000000..13c3031905
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUIZSHsVgzcvhPgdfrgdMGlpSfMegwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMTUwMTAxMDAwMDAwWhgPMjAzNTAx
+MDEwMDAwMDBaMBExDzANBgNVBAMMBmV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALVJiVydABCNEaH5n4ep49Gl21367PGI2le/ZBNojyzkciz/
+EJA4wXQCyToqRz29KGrtP9zTY89aKRR3Ab3YGNdhW/k1a9XTyDNqqowJcTaKBsPN
+RGG5PlFCThdEuy6q1GqrOM4ZaCGWH4dxShZjaT8JdhzfTWuhJerOx74nDTiPeJ9s
+33iuMUTtKMReeSk4Y6eiKkiYCjakDnLVecm5Jd/4x5M2L/1ol6fBdUxel8lnw+rd
+Gq6KoszONIoBabgOKKLXDBqWDG8zXy2gm5tkP1q/uknoqqmB6WDifYdIC91V3ZQX
++hhQn7tVTM+BpDl+i6gSijS98nhlwYnlc0+yKQUCAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABTOHA9XbfLv/C7+
+5KycYXToOIBRSjQ0j2nsiqFda4Jx+aKsvdpdrrbLHvhrpfsA3ZgB2+eKHunVc4fo
+UHNqZllAs2nx+AEinq4GX8iya5BpiyTIxXWu8v06siGgz1GxlJw1cJ/ZnFEQ9IBf
+cCAr5fCoZ4RC+2OVhiSTnYPCKM+zCyw3YpISjNOg1VVkp46Htp+831Eh12YfwvdY
+Fgh1fc5ohYC5GCLRuXKc9PGTsr3gp7Y0liYbK7v0RBjd+GivNQ3dS3W+lB3Ow0LH
+z/fc3qvrhsd58jHpb1QZQzd9bQjuIIM6Gij7TNdNNarEVZfSJjPYLfXosNdYh5fH
+HmbOwao=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec
new file mode 100644
index 0000000000..3121f3486e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_logoutAndTeardown.js b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
new file mode 100644
index 0000000000..f1e5991f05
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
@@ -0,0 +1,195 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+
+"use strict";
+
+// This test ensures that in-progress https connections are cancelled when the
+// user logs out of a PKCS#11 token.
+
+// Get a profile directory and ensure PSM initializes NSS.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+function getTestServerCertificate() {
+  const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  const certFile = do_get_file("test_certDB_import/encrypted_with_aes.p12");
+  certDB.importPKCS12File(certFile, "password");
+  for (const cert of certDB.getCerts()) {
+    if (cert.commonName == "John Doe") {
+      return cert;
+    }
+  }
+  return null;
+}
+
+class InputStreamCallback {
+  constructor(output) {
+    this.output = output;
+    this.stopped = false;
+  }
+
+  onInputStreamReady(stream) {
+    info("input stream ready");
+    if (this.stopped) {
+      info("input stream callback stopped - bailing");
+      return;
+    }
+    let available = 0;
+    try {
+      available = stream.available();
+    } catch (e) {
+      // onInputStreamReady may fire when the stream has been closed.
+      equal(
+        e.result,
+        Cr.NS_BASE_STREAM_CLOSED,
+        "error should be NS_BASE_STREAM_CLOSED"
+      );
+    }
+    if (available > 0) {
+      let request = NetUtil.readInputStreamToString(stream, available, {
+        charset: "utf8",
+      });
+      ok(
+        request.startsWith("GET / HTTP/1.1\r\n"),
+        "Should get a simple GET / HTTP/1.1 request"
+      );
+      let response =
+        "HTTP/1.1 200 OK\r\n" +
+        "Content-Length: 2\r\n" +
+        "Content-Type: text/plain\r\n" +
+        "\r\nOK";
+      let written = this.output.write(response, response.length);
+      equal(
+        written,
+        response.length,
+        "should have been able to write entire response"
+      );
+    }
+    this.output.close();
+    info("done with input stream ready");
+  }
+
+  stop() {
+    this.stopped = true;
+    this.output.close();
+  }
+}
+
+class TLSServerSecurityObserver {
+  constructor(input, output) {
+    this.input = input;
+    this.output = output;
+    this.callbacks = [];
+    this.stopped = false;
+  }
+
+  onHandshakeDone(socket, status) {
+    info("TLS handshake done");
+    info(`TLS version used: ${status.tlsVersionUsed}`);
+
+    if (this.stopped) {
+      info("handshake done callback stopped - bailing");
+      return;
+    }
+
+    let callback = new InputStreamCallback(this.output);
+    this.callbacks.push(callback);
+    this.input.asyncWait(callback, 0, 0, Services.tm.currentThread);
+
+    // We've set up everything needed for a successful request/response,
+    // but calling logoutAndTeardown should cause the request to be cancelled.
+    Cc["@mozilla.org/security/sdr;1"]
+      .getService(Ci.nsISecretDecoderRing)
+      .logoutAndTeardown();
+  }
+
+  stop() {
+    this.stopped = true;
+    this.input.close();
+    this.output.close();
+    this.callbacks.forEach(callback => {
+      callback.stop();
+    });
+  }
+}
+
+class ServerSocketListener {
+  constructor() {
+    this.securityObservers = [];
+  }
+
+  onSocketAccepted(socket, transport) {
+    info("accepted TLS client connection");
+    let connectionInfo = transport.securityCallbacks.getInterface(
+      Ci.nsITLSServerConnectionInfo
+    );
+    let input = transport.openInputStream(0, 0, 0);
+    let output = transport.openOutputStream(0, 0, 0);
+    let securityObserver = new TLSServerSecurityObserver(input, output);
+    this.securityObservers.push(securityObserver);
+    connectionInfo.setSecurityObserver(securityObserver);
+  }
+
+  // For some reason we get input stream callback events after we've stopped
+  // listening, so this ensures we just drop those events.
+  onStopListening() {
+    info("onStopListening");
+    this.securityObservers.forEach(observer => {
+      observer.stop();
+    });
+  }
+}
+
+function getStartedServer(cert) {
+  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
+    Ci.nsITLSServerSocket
+  );
+  tlsServer.init(-1, true, -1);
+  tlsServer.serverCert = cert;
+  tlsServer.setSessionTickets(false);
+  tlsServer.asyncListen(new ServerSocketListener());
+  return tlsServer;
+}
+
+const hostname = "example.com";
+
+function storeCertOverride(port, cert) {
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(hostname, port, {}, cert, true);
+}
+
+function startClient(port) {
+  let req = new XMLHttpRequest();
+  req.open("GET", `https://${hostname}:${port}`);
+  return new Promise((resolve, reject) => {
+    req.onload = () => {
+      ok(false, "should not have gotten load event");
+      resolve();
+    };
+    req.onerror = () => {
+      ok(true, "should have gotten an error");
+      resolve();
+    };
+
+    req.send();
+  });
+}
+
+add_task(async function () {
+  Services.prefs.setCharPref("network.dns.localDomains", hostname);
+  let cert = getTestServerCertificate();
+
+  let server = getStartedServer(cert);
+  storeCertOverride(server.port, cert);
+  await startClient(server.port);
+  server.close();
+});
+
+registerCleanupFunction(function () {
+  Services.prefs.clearUserPref("network.dns.localDomains");
+});
diff --git a/security/manager/ssl/tests/unit/test_missing_intermediate.js b/security/manager/ssl/tests/unit/test_missing_intermediate.js
new file mode 100644
index 0000000000..2a723b2a0f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_missing_intermediate.js
@@ -0,0 +1,92 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that if a server does not send a complete certificate chain, we can
+// make use of cached intermediates to build a trust path.
+
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+registerCleanupFunction(() => {
+  let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  certDir.append("bad_certs");
+  Assert.ok(certDir.exists(), "bad_certs should exist");
+  let args = ["-D", "-n", "manually-added-missing-intermediate"];
+  run_certutil_on_directory(certDir.path, args, false);
+});
+
+function run_test() {
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+  // If we don't know about the intermediate, we'll get an unknown issuer error.
+  add_connection_test(
+    "ee-from-missing-intermediate.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+
+  // Make BadCertAndPinningServer aware of the intermediate.
+  add_test(() => {
+    let args = [
+      "-A",
+      "-n",
+      "manually-added-missing-intermediate",
+      "-i",
+      "test_missing_intermediate/missing-intermediate.pem",
+      "-a",
+      "-t",
+      ",,",
+    ];
+    let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+    certDir.append("bad_certs");
+    Assert.ok(certDir.exists(), "bad_certs should exist");
+    run_certutil_on_directory(certDir.path, args);
+    run_next_test();
+  });
+
+  // We have to start observing the topic before there's a chance it gets
+  // emitted.
+  add_test(() => {
+    TestUtils.topicObserved("psm:intermediate-certs-cached").then(
+      subjectAndData => {
+        Assert.equal(subjectAndData.length, 2, "expecting [subject, data]");
+        Assert.equal(subjectAndData[1], "1", `expecting "1" cert imported`);
+        run_next_test();
+      }
+    );
+    run_next_test();
+  });
+  // Connect and cache the intermediate.
+  add_connection_test(
+    "ee-from-missing-intermediate.example.com",
+    PRErrorCodeSuccess
+  );
+
+  // Add a dummy test so that the only way we advance from here is by observing
+  // "psm:intermediate-certs-cached".
+  add_test(() => {});
+
+  // Delete the intermediate on the server again.
+  add_test(() => {
+    clearSessionCache();
+    let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+    certDir.append("bad_certs");
+    Assert.ok(certDir.exists(), "bad_certs should exist");
+    let args = ["-D", "-n", "manually-added-missing-intermediate"];
+    run_certutil_on_directory(certDir.path, args);
+    run_next_test();
+  });
+
+  // Since we cached the intermediate in gecko, this should succeed.
+  add_connection_test(
+    "ee-from-missing-intermediate.example.com",
+    PRErrorCodeSuccess
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem b/security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem
new file mode 100644
index 0000000000..3ba4cc67d1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcigAwIBAgIUXVqax21Zg1E4snLU25SGHPmGws8wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRNaXNzaW5nIEludGVybWVkaWF0ZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQAD
+ggEBAJU1u07/x6ATZrK4/Cq6cqTbdkoUJRfZERwJBx4mBnQTbQXBhuo2y4qF+J7U
+SA3LKtfAHRJGkH7nBwRIlAxfN87saJcVXMA8n6WRHNjrDzhK7bZtt1sS23tBCtbs
+TxrMCmfrR2tVZApuGa3lwz8gWhzZkZvoENuqqFAM5nMroKjpKVDFRDAn/Ub7lsvQ
+vQqXti0EqMcg7e6rmBQEvwD0L9sagFLyIqtQM2n901vDlLUfnWrddVH3pA0O3KAr
+ft079b4Lh7RPyeocSU++xGtQ+jkx1WjNtNhVSUNjrmxQMhqAgFPONhJOTo3FqeYO
+T/Rt5MdiZpnMuD2C3VF2r9rTURU=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem.certspec b/security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem.certspec
new file mode 100644
index 0000000000..c21e757449
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Missing Intermediate
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_name_constraints.js b/security/manager/ssl/tests/unit/test_name_constraints.js
new file mode 100644
index 0000000000..ab38b96a31
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints.js
@@ -0,0 +1,71 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// This test tests two specific items:
+// 1. Are name constraints properly enforced across the entire constructed
+// certificate chain? This makes use of a certificate hierarchy like so:
+//  - (trusted) root CA with permitted subtree dNSName example.com
+//  - intermediate CA with permitted subtree dNSName example.org
+//    a. end-entity with dNSNames example.com and example.org
+//       (the first entry is allowed by the root but not by the intermediate,
+//        and the second entry is allowed by the intermediate but not by the
+//        root)
+//    b. end-entity with dNSName example.com (not allowed by the intermediate)
+//    c. end-entity with dNSName examle.org (not allowed by the root)
+//    d. end-entity with dNSName example.test (not allowed by either)
+//  All of these cases should fail to verify with the error that the
+//  end-entity is not in the name space permitted by the hierarchy.
+//
+// 2. Are externally-imposed name constraints properly enforced? This makes use
+// of a certificate hierarchy rooted by a certificate with the same DN as an
+// existing hierarchy that has externally-imposed name constraints (DCISS).
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function certFromFile(name) {
+  return constructCertFromFile(`test_name_constraints/${name}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, `test_name_constraints/${certName}.pem`, trustString);
+}
+
+function checkCertNotInNameSpace(cert) {
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    SEC_ERROR_CERT_NOT_IN_NAME_SPACE,
+    certificateUsageSSLServer
+  );
+}
+
+function checkCertInNameSpace(cert) {
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+}
+
+add_task(async function () {
+  // Test that name constraints from the entire certificate chain are enforced.
+  loadCertWithTrust("ca-example-com-permitted", "CTu,,");
+  loadCertWithTrust("int-example-org-permitted", ",,");
+  await checkCertNotInNameSpace(certFromFile("ee-example-com-and-org"));
+  await checkCertNotInNameSpace(certFromFile("ee-example-com"));
+  await checkCertNotInNameSpace(certFromFile("ee-example-org"));
+  await checkCertNotInNameSpace(certFromFile("ee-example-test"));
+
+  // Test that externally-imposed name constraints are enforced (DCISS tests).
+  loadCertWithTrust("dciss", "CTu,,");
+  await checkCertInNameSpace(certFromFile("NameConstraints.dcissallowed"));
+  await checkCertNotInNameSpace(certFromFile("NameConstraints.dcissblocked"));
+});
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem
new file mode 100644
index 0000000000..8058f77b23
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVzCCAj+gAwIBAgIUByfcws/1BsAT11Q4PQoblWadQD0wDQYJKoZIhvcNAQEL
+BQAwgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBh
+cmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMF
+SUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEExCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIDAJDQTEMMAoGA1UECgwDRm9vMRcwFQYDVQQDDA5mb28uZXhhbXBsZS5m
+cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADR+2W/J/dKAwAf8I06e89ZBKd0H5
+yxJqgpwCZfhtjT200R0KUy3Idml1TVdvM1J/hLKu5dMtQ6ewGZIEpf9A+TQ/CN8U
+0D1m94HUAIZDMt+I/9FjXff9OrLOBxU1AQtlK9dunE0751bqq2aIvdMYcD3D3sHQ
+jj1gxmsdoxWmoE7vTcwXzkTOX6s9SsylGmqWDuoNl2gioyAU0MFIgTkNRxuUOfSR
+0LtBHsqEmWYXAjLFqRwa09NZ49jRq+n64svv65gdkKeuecvdYEnFQPKhQJHh0UE8
+oq3T7HWiGkaPgQ2FfFwIXGSQD+jJTDV+hzH5wuWbnxW5bl/Tq1olAh0S+w==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec
new file mode 100644
index 0000000000..1a02a0cc1a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec
@@ -0,0 +1,2 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:/C=US/ST=CA/O=Foo/CN=foo.example.fr
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem
new file mode 100644
index 0000000000..4b29717d91
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWDCCAkCgAwIBAgIUeThptwYWQpW7Kmc4xj2lLpzdjfIwDQYJKoZIhvcNAQEL
+BQAwgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBh
+cmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMF
+SUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMEIxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIDAJDQTEMMAoGA1UECgwDRm9vMRgwFgYDVQQDDA9mb28uZXhhbXBsZS5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHG3W9MHDLoH+PtllciSci7+QaNX
+lSb/+OyqCpx/XkjS2/Bd8+c4Pbn7GdrR/Nf17f/KZ5qgY+uO6NExeh3LrGvTKkig
+Kpt+Uij0iVBd9XTzTnHZdU3EW1Y3539TBT0ABilG1YlKlpJWA+fzUWRo9vHPcETm
+KJRH3eKtyXTHeRPpOSG2afJKzqfkiGSK/zvWe5YjTKLhJGRRnX37SG7GIA7l1kX7
+1UPJs2Wtr05qrUmSBSgP0k+T7pi4+94/TgMjai//E802m7EdfSfRsvUEnh6Lv1Mk
+iY8C6RsPQIhTr4dsp04TazciE42TfsPZ/zpgf5AHF+Xrz1AoFdNABpXAcNk=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec
new file mode 100644
index 0000000000..eabee87e83
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec
@@ -0,0 +1,2 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:/C=US/ST=CA/O=Foo/CN=foo.example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem
new file mode 100644
index 0000000000..f96b43db09
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDETCCAfmgAwIBAgIUI3lD7Re7UzKxqghLVnq19q1yxakwDQYJKoZIhvcNAQEL
+BQAwIzEhMB8GA1UEAwwYY2EtZXhhbXBsZS1jb20tcGVybWl0dGVkMCIYDzIwMjEx
+MTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCMxITAfBgNVBAMMGGNhLWV4YW1w
+bGUtY29tLXBlcm1pdHRlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM5MDcwDAYDVR0TBAUwAwEB/zALBgNVHQ8E
+BAMCAQYwGgYDVR0eBBMwEaAPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUA
+A4IBAQCqe0psTB+mMNH5u+5ZNGy27aYGpl4hegtWQtNUYmNWL6xnSJwLB+4tKtHG
+I6HKMNQ9so3l0x28jitBbcnbSSkVV+Q2upVziZX8uNgg2613O//loKhvvSeJqeVw
+vGfPNnIkwcSpTMqDyYuY1tSA2dW3fMeX6kqnP5nupmERt60Xqxd56XZaAC4ZI0vY
+FVIbxCrxuBHDi/hcGCDFUB3gnwE+CNqTnNOh95w1nRLuBJxyrUF3SFrLVdlbSO9Q
+YXD20E7e79ZdGCcIZFIvCG5AKDzd0amEVJ/GGNuqZGa3+ScP5PVd571KcFB0nl7s
+hGWiQsC/9yJg0eZNZ64hlWLofeYf
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec
new file mode 100644
index 0000000000..1cc3c1d81b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-example-com-permitted
+subject:ca-example-com-permitted
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:nameConstraints:permitted:example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem
new file mode 100644
index 0000000000..632d60fd51
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIULcsHU0vMF8j+8wH20P0dJztPKgEwDQYJKoZIhvcNAQEL
+BQAwgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBh
+cmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMF
+SUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMCIYDzIw
+MjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMIGFMQswCQYDVQQGEwJGUjEP
+MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczEQMA4GA1UEChMHUE0vU0dE
+TjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlHQy9BMSMwIQYJKoZIhvcNAQkB
+FhRpZ2NhQHNnZG4ucG0uZ291di5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zAL
+BgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABMUv/zQZiMOGUd8VhQ2Bpct
+bFy+LXpRmPZKuaxAeXWJOOO6YzXKWu5Ozvy1B0+2+OpS7eTWO/4p/sBcqmHuIf45
+jCPDm6RhRDXe+9zGKqv9dt0hXpZwUx7q9nUIlDsyVKrJ2XRd70EAvrpqbJBN2ztF
+dGwvVFXYINyOFVBfMbdUnbqtwUMUoYQ8UgoTAoJTA09nfIv6YXIebX553u/ZOcpk
+wQbyl69r8hc5pYxKdEBqjqfy6rrl7/h6ptTSJDp+z0EBCG592WVClVu3cpaRlnQt
+/gSHxGH+ZTFKqjrf2pP9a34DtepJL1K/LNHv+XpnmUK6hSLkW9aR+MtK5A7lROg=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec
new file mode 100644
index 0000000000..5d53706bc5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem
new file mode 100644
index 0000000000..f49fe5ebcc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/jCCAeagAwIBAgIUa3sb3Kmjzf4Q38n9GGzgAluQs3UwDQYJKoZIhvcNAQEL
+BQAwJDEiMCAGA1UEAwwZaW50LWV4YW1wbGUtb3JnLXBlcm1pdHRlZDAiGA8yMDIx
+MTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAhMR8wHQYDVQQDDBZlZS1leGFt
+cGxlLWNvbS1hbmQtb3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABoycwJTAjBgNVHREEHDAaggtleGFtcGxlLmNv
+bYILZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADggEBAEp9KUBTRs8erSIiiAj1
+HVtbJyvBipgvWQHG/4G7A3tm6E0ZGZRofhovLspsDCdoaEiHSmLpxAjzAcYNA68v
+OPloyfV8H0p/V0h/PzQKjJYcx4oQ5xt/TVo7oUgDL2ap37rMDYzXevSFJ/hFRJjX
+IWrWoCwweGJrXlyRyF84SmC1oMWDfwOxNpDDOc1qW/+6Rhftx361B3GBe7A9Xb5g
+X6I4xCFYSLnHMMBSfqsfLZkTb+rqpeLy1k0BBpJWZP1Dbgy3BCmWhyzMG1n6IYwr
+Nqg35i2YhCFlr/lNvwy+Jix9EjAmrYVl8rJ0eOHUoFGyphzv331kO4B8MiZo33rY
+Ci4=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec
new file mode 100644
index 0000000000..904ca65955
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-com-and-org
+extension:subjectAlternativeName:example.com,example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem
new file mode 100644
index 0000000000..e1872fb869
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIUNyYkQhaojroU27Ob3YEOgU/gSIowDQYJKoZIhvcNAQEL
+BQAwJDEiMCAGA1UEAwwZaW50LWV4YW1wbGUtb3JnLXBlcm1pdHRlZDAiGA8yMDIx
+MTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAZMRcwFQYDVQQDDA5lZS1leGFt
+cGxlLWNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMaMBgwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wDQYJKoZI
+hvcNAQELBQADggEBAEbqCfq2MUMQ9/Y3GYVUCJZOTQd6LFbk7edj/d5B0MLialsm
+xZ9+4/hv98hiL3V3rJPsZNLMgaZjE10Yer+HdwC8do2OsuIO85UA4oWJKKjjLbUO
+Mek36zrzcgrbWqGEthXgnUwvUGKedEgeIoPzhN4UT3Ifkf1u0L308kc+0bnhQlEJ
+V49YCMoyrIX/mzYs5D3zd1IxlWN3WNVfzF+pmQQ6LSfI8OtppCgRuNYDY3Md7Lqc
+x+QITmjJYZJJN2hpRJPMoUagF89M3XUj/6w4oLNBJmF02VrU/4JChEyKqmAqNCi/
+Z0nDqmRwXyO8tnTIzx7XJcb9CDIoaBCzgoP2nCc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec
new file mode 100644
index 0000000000..46630c4a1a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-com
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem
new file mode 100644
index 0000000000..9b820e9a3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIUK/q+41F1BJ5V5yLuTubosg8UyzowDQYJKoZIhvcNAQEL
+BQAwJDEiMCAGA1UEAwwZaW50LWV4YW1wbGUtb3JnLXBlcm1pdHRlZDAiGA8yMDIx
+MTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAZMRcwFQYDVQQDDA5lZS1leGFt
+cGxlLW9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMaMBgwFgYDVR0RBA8wDYILZXhhbXBsZS5vcmcwDQYJKoZI
+hvcNAQELBQADggEBAK38zSQwGdXOtrm9KyhDC2iUXdL+bmQyVPXqxgOsc39oG4kK
+yQ49cmkrdTfrOccrXVK80mJaSlMccQkv7++BlWhxE0yJw4nU5PGfGZ1wbKdYgTXx
+YYrqk7WTEZ28jvf42MXtz+YPceGLFI5jm4CACE4+RFjBUydRmadbIQytp5wz+rDX
+90RAHw6K5niEylXpkaqIUjZj27qQRHX7X/2N9rFj0Z8c7wSrCA4RsG9RPWtDgoE8
+NtgqMrRqDwbIzxWw4RtnirErgk+1aFAleNJ8bS3QBTO/a5PWFwUi5/ZePpI+7+Gf
+flEWX+zxAOdQCLNWRnk8BMjnuBN8rL9cj3s1okw=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec
new file mode 100644
index 0000000000..6a24090e51
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-org
+extension:subjectAlternativeName:example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem
new file mode 100644
index 0000000000..53cd45391e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdOgAwIBAgIULd4A5nOUpfcpueUvavcnGwnza44wDQYJKoZIhvcNAQEL
+BQAwJDEiMCAGA1UEAwwZaW50LWV4YW1wbGUtb3JnLXBlcm1pdHRlZDAiGA8yMDIx
+MTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9lZS1leGFt
+cGxlLXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjGzAZMBcGA1UdEQQQMA6CDGV4YW1wbGUudGVzdDANBgkq
+hkiG9w0BAQsFAAOCAQEAGclmIUn18xP9ZBL5dIZ6SDS1tYgwbDdczT6Lxe1QWILy
+QxM5cL30hxf/O9dOBqCnv1px72RemKx9H0S5dr1JSaq4q+cuwtIqWlIiBAF3APoj
+HpOct+VsLI+UxyfvTKVSvWXKgXdlvKYQ4FMu1CUI90dmRNP2fQbEMYqkbAoQXz47
+2Qk19gMhmTGah0RXE5cBfMf+3VD508dJejyzA+yA9hw5HUsH3tvSIX9JhP7s+wyu
+cyMUfovHS20ML1VQ+Lzf2YQO0lhxmS3UMSEg2h4MBUcgLaJEeGpDt2WCJKliISk5
+TaJDaiQBTrd6eupMegUQcVn0UrBD4hxrPiAg1ibU3Q==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec
new file mode 100644
index 0000000000..0926ce477a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-test
+extension:subjectAlternativeName:example.test
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem
new file mode 100644
index 0000000000..715ee48d57
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEjCCAfqgAwIBAgIUC12ZLFrh+TExo/zOUHTYqBfd0ZMwDQYJKoZIhvcNAQEL
+BQAwIzEhMB8GA1UEAwwYY2EtZXhhbXBsZS1jb20tcGVybWl0dGVkMCIYDzIwMjEx
+MTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCQxIjAgBgNVBAMMGWludC1leGFt
+cGxlLW9yZy1wZXJtaXR0ZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjOTA3MAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMBoGA1UdHgQTMBGgDzANggtleGFtcGxlLm9yZzANBgkqhkiG9w0BAQsF
+AAOCAQEAlnz9bttQ1SXr8R9fYrSQPPHXCQ2KfQNm3WWVj/jZwwcLokG3U8o9qpMn
+0LZ8AW9726SK2YzkBEHsCA58Vi+4Sh/m4GGue6RKx02w2H3r+D9U+oB2VvqK71ga
+HoS9FAy+Wy8f9dceZpJbteCpz/e7UTM+6BPXOp5F+VZoCk0jKhzhYEYqONTIL0Xk
+/1IhkUT5jf3WNbAuGXhgUMc4Q6UdXj4GcYM1rx3r3YOb+wX1Zh0rjgkIEyBT5JFH
+yBqBDWG9xhMoftQYkLb1VGIms/HcaEsP6ckz2sev6ZDRrhRQS+SU44X6bpKddqYo
+xRRqtHKbc7bjutoBFGxNzJNRPvzCLg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec
new file mode 100644
index 0000000000..87e2cf8a56
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-example-com-permitted
+subject:int-example-org-permitted
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:nameConstraints:permitted:example.org
diff --git a/security/manager/ssl/tests/unit/test_nonascii_path.js b/security/manager/ssl/tests/unit/test_nonascii_path.js
new file mode 100644
index 0000000000..3c31640d05
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nonascii_path.js
@@ -0,0 +1,52 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests to make sure that the certificate DB works with non-ASCII paths.
+
+// Append a single quote and non-ASCII characters to the profile path.
+let profd = Services.env.get("XPCSHELL_TEST_PROFILE_DIR");
+let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+file.initWithPath(profd);
+file.append("'÷1");
+Services.env.set("XPCSHELL_TEST_PROFILE_DIR", file.path);
+
+file = do_get_profile(); // must be called before getting nsIX509CertDB
+Assert.ok(
+  /[^\x20-\x7f]/.test(file.path),
+  "the profile path should contain a non-ASCII character"
+);
+
+// Restore the original value.
+Services.env.set("XPCSHELL_TEST_PROFILE_DIR", profd);
+
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function load_cert(cert_name, trust_string) {
+  let cert_filename = cert_name + ".pem";
+  return addCertFromFile(
+    certdb,
+    "test_cert_trust/" + cert_filename,
+    trust_string
+  );
+}
+
+function run_test() {
+  let certList = ["ca", "int", "ee"];
+  let loadedCerts = [];
+  for (let certName of certList) {
+    loadedCerts.push(load_cert(certName, ",,"));
+  }
+
+  let ca_cert = loadedCerts[0];
+  notEqual(ca_cert, null, "CA cert should have successfully loaded");
+  let int_cert = loadedCerts[1];
+  notEqual(int_cert, null, "Intermediate cert should have successfully loaded");
+  let ee_cert = loadedCerts[2];
+  notEqual(ee_cert, null, "EE cert should have successfully loaded");
+}
diff --git a/security/manager/ssl/tests/unit/test_nsCertType.js b/security/manager/ssl/tests/unit/test_nsCertType.js
new file mode 100644
index 0000000000..8341575473
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsCertType.js
@@ -0,0 +1,32 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// While the Netscape certificate type extension is not a standard and has been
+// discouraged from use for quite some time, it is still encountered. Thus, we
+// handle it slightly differently from other unknown extensions.
+// If it is not marked critical, we ignore it.
+// If it is marked critical:
+//   If the basic constraints and extended key usage extensions are also
+//   present, we ignore it, because they are standardized and should convey the
+//   same information.
+//   Otherwise, we reject it with an error indicating an unknown critical
+//   extension.
+
+"use strict";
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+  add_connection_test("nsCertTypeNotCritical.example.com", PRErrorCodeSuccess);
+  add_connection_test(
+    "nsCertTypeCriticalWithExtKeyUsage.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "nsCertTypeCritical.example.com",
+    SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION
+  );
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
new file mode 100644
index 0000000000..8650409df7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
@@ -0,0 +1,25 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// This file tests the nsIX509CertValidity implementation.
+
+function run_test() {
+  // Date.parse("2013-01-01T00:00:00Z")
+  const NOT_BEFORE_IN_MS = 1356998400000;
+  // Date.parse("2014-01-01T00:00:00Z")
+  const NOT_AFTER_IN_MS = 1388534400000;
+  let cert = constructCertFromFile("bad_certs/expired-ee.pem");
+
+  equal(
+    cert.validity.notBefore,
+    NOT_BEFORE_IN_MS * 1000,
+    "Actual and expected notBefore should be equal"
+  );
+  equal(
+    cert.validity.notAfter,
+    NOT_AFTER_IN_MS * 1000,
+    "Actual and expected notAfter should be equal"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
new file mode 100644
index 0000000000..6305b878b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
@@ -0,0 +1,96 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that various nsIX509Cert attributes correctly handle UTF-8.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function run_test() {
+  let cert = certDB.constructX509FromBase64(
+    "MIIF3DCCBMSgAwIBAgIEAJiZbzANBgkqhkiG9w0BAQUFADCCAQ0xYTBfBgNVBAMM" +
+      "WEkuQ0EgLSBRdWFsaWZpZWQgcm9vdCBjZXJ0aWZpY2F0ZSAoa3ZhbGlmaWtvdmFu" +
+      "w70gY2VydGlmaWvDoXQgcG9za3l0b3ZhdGVsZSkgLSBQU0VVRE9OWU0xCzAJBgNV" +
+      "BAYTAkNaMS8wLQYDVQQHDCZQb2R2aW5uw70gbWzDvW4gMjE3OC82LCAxOTAgMDAg" +
+      "UHJhaGEgOTEsMCoGA1UECgwjUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRh" +
+      "IGEucy4xPDA6BgNVBAsMM0FrcmVkaXRvdmFuw70gcG9za3l0b3ZhdGVsIGNlcnRp" +
+      "ZmlrYcSNbsOtY2ggc2x1xb5lYjAeFw0wMjEyMTIxMzMzNDZaFw0wMzEyMTIxMzMz" +
+      "NDZaMIIBFDELMAkGA1UEBhMCQ1oxHzAdBgNVBAMeFgBMAHUAZAEbAGsAIABSAGEB" +
+      "YQBlAGsxGTAXBgNVBAgeEABWAHkAcwBvAQ0AaQBuAGExLzAtBgNVBAceJgBQAGEA" +
+      "YwBvAHYALAAgAE4A4QBkAHIAYQF+AG4A7QAgADcANgA5MSUwIwYJKoZIhvcNAQkB" +
+      "FhZsdWRlay5yYXNla0BjZW50cnVtLmN6MRMwEQYDVQQqHgoATAB1AGQBGwBrMQ0w" +
+      "CwYDVQQrHgQATABSMR8wHQYDVQQpHhYATAB1AGQBGwBrACAAUgBhAWEAZQBrMRMw" +
+      "EQYDVQQEHgoAUgBhAWEAZQBrMRcwFQYDVQQFEw5JQ0EgLSAxMDAwMzc2OTCBnzAN" +
+      "BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxc7dGd0cNlHZ7tUUl5k30bfYlY3lnOD0" +
+      "49JGbTXSt4jNFMRLj6s/777W3kcIdcIwdKxjQULBKgryDvZJ1DAWp2TwzhPDVYj3" +
+      "sU4Niqb7mOUcp/4ckteUxGF6FmXtJR9+XHTuLZ+omF9HOUefheBKnXvZuqrLM16y" +
+      "nbJn4sPwwdcCAwEAAaOCAbswggG3MCUGA1UdEQQeMBygGgYKKwMGAQQB3BkCAaAM" +
+      "DAoxNzYyODk2ODgzMGkGA1UdHwRiMGAwHqAcoBqGGGh0dHA6Ly9xLmljYS5jei9x" +
+      "aWNhLmNybDAeoBygGoYYaHR0cDovL2IuaWNhLmN6L3FpY2EuY3JsMB6gHKAahhho" +
+      "dHRwOi8vci5pY2EuY3ovcWljYS5jcmwwHwYDVR0jBBgwFoAUK1oKfvvlDYUsZTBy" +
+      "vGN701mca/UwHQYDVR0OBBYEFPAs70DB+LS0PnA6niPUfJ5wdQH5MIG4BgNVHSAE" +
+      "gbAwga0wgaoGCysGAQQBs2EBAQQEMIGaMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3" +
+      "LmljYS5jei9xY3AvY3BxcGljYTAyLnBkZjBnBggrBgEFBQcCAjBbGllUZW50byBj" +
+      "ZXJ0aWZpa2F0IGplIHZ5ZGFuIGpha28gS3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0" +
+      "IHYgc291bGFkdSBzZSB6YWtvbmVtIDIyNy8yMDAwIFNiLjAYBggrBgEFBQcBAwQM" +
+      "MAowCAYGBACORgEBMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOCAQEA" +
+      "v2V+nnYYMIgabmmgHx49CtlZIHdGS3TuWKXw130xFhbXDnNhEbx3alaskNsvjQQR" +
+      "Lqs1ZwKy58yynse+eJYHqenmHDACpAfVpCF9PXC/mDarVsoQw7NTcUpsAFhSd/zT" +
+      "v9jIf3twECyxx/RVzONVcob7nPePESHiKoG4FbtcuUh0wSHvCmTwRIQqPDCIuHcF" +
+      "StSt3Jr9iXcbXEhe4mSccOZ8N+r7Rv3ncKcevlRl7uFfDKDTyd43SZeRS/7J8KRf" +
+      "hD/h2nawrCFwc5gJW10aLJGFL/mcS7ViAIT9HCVk23j4TuBjsVmnZ0VKxB5edux+" +
+      "LIEqtU428UVHZWU/I5ngLw=="
+  );
+
+  equal(
+    cert.emailAddress,
+    "ludek.rasek@centrum.cz",
+    "Actual and expected emailAddress should match"
+  );
+  equal(
+    cert.subjectName,
+    'serialNumber=ICA - 10003769,SN=Rašek,name=Luděk Rašek,initials=LR,givenName=Luděk,E=ludek.rasek@centrum.cz,L="Pacov, Nádražní 769",ST=Vyso�ina,CN=Luděk Rašek,C=CZ',
+    "Actual and expected subjectName should match"
+  );
+  equal(
+    cert.commonName,
+    "Luděk Rašek",
+    "Actual and expected commonName should match"
+  );
+  equal(cert.organization, "", "Actual and expected organization should match");
+  equal(
+    cert.organizationalUnit,
+    "",
+    "Actual and expected organizationalUnit should match"
+  );
+  equal(
+    cert.displayName,
+    "Luděk Rašek",
+    "Actual and expected displayName should match"
+  );
+  equal(
+    cert.issuerName,
+    'OU=Akreditovaný poskytovatel certifika�ních služeb,O=První certifika�ní autorita a.s.,L="Podvinný mlýn 2178/6, 190 00 Praha 9",C=CZ,CN=I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM',
+    "Actual and expected issuerName should match"
+  );
+  equal(
+    cert.issuerCommonName,
+    "I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM",
+    "Actual and expected issuerCommonName should match"
+  );
+  equal(
+    cert.issuerOrganization,
+    "První certifika�ní autorita a.s.",
+    "Actual and expected issuerOrganization should match"
+  );
+  equal(
+    cert.issuerOrganizationUnit,
+    "Akreditovaný poskytovatel certifika�ních služeb",
+    "Actual and expected issuerOrganizationUnit should match"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_caching.js b/security/manager/ssl/tests/unit/test_ocsp_caching.js
new file mode 100644
index 0000000000..b964018518
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_caching.js
@@ -0,0 +1,479 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks various aspects of the OCSP cache, mainly to to ensure we do not fetch
+// responses more than necessary.
+
+var gFetchCount = 0;
+var gGoodOCSPResponse = null;
+var gResponsePattern = [];
+
+function respondWithGoodOCSP(request, response) {
+  info("returning 200 OK");
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/ocsp-response");
+  response.write(gGoodOCSPResponse);
+}
+
+function respondWithSHA1OCSP(request, response) {
+  info("returning 200 OK with sha-1 delegated response");
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/ocsp-response");
+
+  let args = [["good-delegated", "default-ee", "delegatedSHA1Signer", 0]];
+  let responses = generateOCSPResponses(args, "ocsp_certs");
+  response.write(responses[0]);
+}
+
+function respondWithError(request, response) {
+  info("returning 500 Internal Server Error");
+  response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  let body = "Refusing to return a response";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function generateGoodOCSPResponse(thisUpdateSkew) {
+  let args = [["good", "default-ee", "unused", thisUpdateSkew]];
+  let responses = generateOCSPResponses(args, "ocsp_certs");
+  return responses[0];
+}
+
+function add_ocsp_test(
+  aHost,
+  aExpectedResult,
+  aResponses,
+  aMessage,
+  aOriginAttributes
+) {
+  add_connection_test(
+    aHost,
+    aExpectedResult,
+    function () {
+      clearSessionCache();
+      gFetchCount = 0;
+      gResponsePattern = aResponses;
+    },
+    function () {
+      // check the number of requests matches the size of aResponses
+      equal(gFetchCount, aResponses.length, aMessage);
+    },
+    null,
+    aOriginAttributes
+  );
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    info("gFetchCount: " + gFetchCount);
+    let responseFunction = gResponsePattern[gFetchCount];
+    Assert.notEqual(undefined, responseFunction);
+
+    ++gFetchCount;
+    responseFunction(request, response);
+  });
+  ocspResponder.start(8888);
+
+  add_tests();
+
+  add_test(function () {
+    ocspResponder.stop(run_next_test);
+  });
+  run_next_test();
+}
+
+function add_tests() {
+  // Test that verifying a certificate with a "short lifetime" doesn't result
+  // in OCSP fetching. Due to longevity requirements in our testing
+  // infrastructure, the certificate we encounter is valid for a very long
+  // time, so we have to define a "short lifetime" as something very long.
+  add_test(function () {
+    Services.prefs.setIntPref(
+      "security.pki.cert_short_lifetime_in_days",
+      12000
+    );
+    run_next_test();
+  });
+
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "expected zero OCSP requests for a short-lived certificate"
+  );
+
+  add_test(function () {
+    Services.prefs.setIntPref("security.pki.cert_short_lifetime_in_days", 100);
+    run_next_test();
+  });
+
+  // If a "short lifetime" is something more reasonable, ensure that we do OCSP
+  // fetching for this long-lived certificate.
+
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithError],
+    "expected one OCSP request for a long-lived certificate"
+  );
+  add_test(function () {
+    Services.prefs.clearUserPref("security.pki.cert_short_lifetime_in_days");
+    run_next_test();
+  });
+  // ---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function () {
+    clearOCSPCache();
+    run_next_test();
+  });
+
+  // This test assumes that OCSPStaplingServer uses the same cert for
+  // ocsp-stapling-unknown.example.com and ocsp-stapling-none.example.com.
+
+  // Get an Unknown response for the *.example.com cert and put it in the
+  // OCSP cache.
+  add_ocsp_test(
+    "ocsp-stapling-unknown.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    [],
+    "Stapled Unknown response -> a fetch should not have been attempted"
+  );
+
+  // A failure to retrieve an OCSP response must result in the cached Unknown
+  // response being recognized and honored.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    [respondWithError, respondWithError],
+    "No stapled response -> a fetch should have been attempted"
+  );
+
+  // A valid Good response from the OCSP responder must override the cached
+  // Unknown response.
+  //
+  // Note that We need to make sure that the Unknown response and the Good
+  // response have different thisUpdate timestamps; otherwise, the Good
+  // response will be seen as "not newer" and it won't replace the existing
+  // entry.
+  add_test(function () {
+    gGoodOCSPResponse = generateGoodOCSPResponse(1200);
+    run_next_test();
+  });
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "Cached Unknown response, no stapled response -> a fetch" +
+      " should have been attempted"
+  );
+
+  // The Good response retrieved from the previous fetch must have replaced
+  // the Unknown response in the cache, resulting in the catched Good response
+  // being returned and no fetch.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "Cached Good response -> a fetch should not have been attempted"
+  );
+
+  // ---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function () {
+    clearOCSPCache();
+    run_next_test();
+  });
+
+  // A failure to retrieve an OCSP response will result in an error entry being
+  // added to the cache.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithError],
+    "No stapled response -> a fetch should have been attempted"
+  );
+
+  // The error entry will prevent a fetch from happening for a while.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "Noted OCSP server failure -> a fetch should not have been attempted"
+  );
+
+  // The error entry must not prevent a stapled OCSP response from being
+  // honored.
+  add_ocsp_test(
+    "ocsp-stapling-revoked.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    [],
+    "Stapled Revoked response -> a fetch should not have been attempted"
+  );
+
+  // ---------------------------------------------------------------------------
+
+  // Ensure OCSP responses from signers with SHA1 certificates are OK. This
+  // is included in the OCSP caching tests since there were OCSP cache-related
+  // regressions when sha-1 telemetry probes were added.
+  add_test(function () {
+    clearOCSPCache();
+    // set security.OCSP.require so that checking the OCSP signature fails
+    Services.prefs.setBoolPref("security.OCSP.require", true);
+    run_next_test();
+  });
+
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    [respondWithSHA1OCSP],
+    "OCSP signing cert was issued with sha1 - should fail"
+  );
+
+  add_test(function () {
+    Services.prefs.setBoolPref("security.OCSP.require", false);
+    run_next_test();
+  });
+
+  // ---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function () {
+    clearOCSPCache();
+    run_next_test();
+  });
+
+  // This test makes sure that OCSP cache are isolated by firstPartyDomain.
+
+  let gObservedCnt = 0;
+  let protocolProxyService = Cc[
+    "@mozilla.org/network/protocol-proxy-service;1"
+  ].getService(Ci.nsIProtocolProxyService);
+
+  // Observe all channels and make sure the firstPartyDomain in their loadInfo's
+  // origin attributes are aFirstPartyDomain.
+  function startObservingChannels(aFirstPartyDomain) {
+    // We use a dummy proxy filter to catch all channels, even those that do not
+    // generate an "http-on-modify-request" notification.
+    let proxyFilter = {
+      applyFilter(aChannel, aProxy, aCallback) {
+        // We have the channel; provide it to the callback.
+        if (aChannel.originalURI.spec == "http://localhost:8888/") {
+          gObservedCnt++;
+          equal(
+            aChannel.loadInfo.originAttributes.firstPartyDomain,
+            aFirstPartyDomain,
+            "firstPartyDomain should match"
+          );
+        }
+        // Pass on aProxy unmodified.
+        aCallback.onProxyFilterResult(aProxy);
+      },
+    };
+    protocolProxyService.registerChannelFilter(proxyFilter, 0);
+    // Return the stop() function:
+    return () => protocolProxyService.unregisterChannelFilter(proxyFilter);
+  }
+
+  let stopObservingChannels;
+  add_test(function () {
+    stopObservingChannels = startObservingChannels("foo.com");
+    run_next_test();
+  });
+
+  // A good OCSP response will be cached.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "No stapled response (firstPartyDomain = foo.com) -> a fetch " +
+      "should have been attempted",
+    { firstPartyDomain: "foo.com" }
+  );
+
+  // The cache will prevent a fetch from happening.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "Noted OCSP server failure (firstPartyDomain = foo.com) -> a " +
+      "fetch should not have been attempted",
+    { firstPartyDomain: "foo.com" }
+  );
+
+  add_test(function () {
+    stopObservingChannels();
+    equal(gObservedCnt, 1, "should have observed only 1 OCSP requests");
+    gObservedCnt = 0;
+    run_next_test();
+  });
+
+  add_test(function () {
+    stopObservingChannels = startObservingChannels("bar.com");
+    run_next_test();
+  });
+
+  // But using a different firstPartyDomain should result in a fetch.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "No stapled response (firstPartyDomain = bar.com) -> a fetch " +
+      "should have been attempted",
+    { firstPartyDomain: "bar.com" }
+  );
+
+  add_test(function () {
+    stopObservingChannels();
+    equal(gObservedCnt, 1, "should have observed only 1 OCSP requests");
+    gObservedCnt = 0;
+    run_next_test();
+  });
+
+  // ---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function () {
+    clearOCSPCache();
+    run_next_test();
+  });
+
+  // Test that the OCSP cache is not isolated by userContextId.
+
+  // A good OCSP response will be cached.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "No stapled response (userContextId = 1) -> a fetch " +
+      "should have been attempted",
+    { userContextId: 1 }
+  );
+
+  // The cache will prevent a fetch from happening.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "Noted OCSP server failure (userContextId = 1) -> a " +
+      "fetch should not have been attempted",
+    { userContextId: 1 }
+  );
+
+  // Fetching is prevented even if in a different userContextId.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "Noted OCSP server failure (userContextId = 2) -> a " +
+      "fetch should not have been attempted",
+    { userContextId: 2 }
+  );
+
+  // ---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function () {
+    clearOCSPCache();
+    run_next_test();
+  });
+
+  // This test makes sure that OCSP cache are isolated by partitionKey.
+
+  add_test(function () {
+    Services.prefs.setBoolPref(
+      "privacy.partition.network_state.ocsp_cache",
+      true
+    );
+    run_next_test();
+  });
+
+  // A good OCSP response will be cached.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "No stapled response (partitionKey = (https,foo.com)) -> a fetch " +
+      "should have been attempted",
+    { partitionKey: "(https,foo.com)" }
+  );
+
+  // The cache will prevent a fetch from happening.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "Noted OCSP server failure (partitionKey = (https,foo.com)) -> a " +
+      "fetch should not have been attempted",
+    { partitionKey: "(https,foo.com)" }
+  );
+
+  // Using a different partitionKey should result in a fetch.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "Noted OCSP server failure (partitionKey = (https,bar.com)) -> a " +
+      "fetch should have been attempted",
+    { partitionKey: "(https,bar.com)" }
+  );
+
+  // ---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function () {
+    Services.prefs.clearUserPref("privacy.partition.network_state.ocsp_cache");
+    clearOCSPCache();
+    run_next_test();
+  });
+
+  // This test makes sure that OCSP cache are isolated by partitionKey in
+  // private mode.
+
+  // A good OCSP response will be cached.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "No stapled response (partitionKey = (https,foo.com)) -> a fetch " +
+      "should have been attempted",
+    { partitionKey: "(https,foo.com)", privateBrowsingId: 1 }
+  );
+
+  // The cache will prevent a fetch from happening.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [],
+    "Noted OCSP server failure (partitionKey = (https,foo.com)) -> a " +
+      "fetch should not have been attempted",
+    { partitionKey: "(https,foo.com)", privateBrowsingId: 1 }
+  );
+
+  // Using a different partitionKey should result in a fetch.
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    [respondWithGoodOCSP],
+    "Noted OCSP server failure (partitionKey = (https,bar.com)) -> a " +
+      "fetch should have been attempted",
+    { partitionKey: "(https,bar.com)", privateBrowsingId: 1 }
+  );
+
+  // ---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function () {
+    clearOCSPCache();
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
new file mode 100644
index 0000000000..00b1fc02a9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
@@ -0,0 +1,146 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Checks that the security.OCSP.enabled pref correctly controls OCSP fetching
+// behavior.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const SERVER_PORT = 8888;
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_ev_certs/${filename}.pem`);
+}
+
+function loadCert(certName, trustString) {
+  addCertFromFile(gCertDB, `test_ev_certs/${certName}.pem`, trustString);
+}
+
+function getFailingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+function getOCSPResponder(expectedCertNames) {
+  return startOCSPResponder(
+    SERVER_PORT,
+    "www.example.com",
+    "test_ev_certs",
+    expectedCertNames,
+    []
+  );
+}
+
+// Tests that in ocspOff mode, OCSP fetches are never done.
+async function testOff() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 0);
+  info("Setting security.OCSP.enabled to 0");
+
+  // EV chains should verify successfully but never get EV status.
+  clearOCSPCache();
+  let ocspResponder = getFailingOCSPResponder();
+  await checkEVStatus(
+    gCertDB,
+    certFromFile("test-oid-path-ee"),
+    certificateUsageSSLServer,
+    false
+  );
+  await stopOCSPResponder(ocspResponder);
+
+  // A DV chain should verify successfully.
+  clearOCSPCache();
+  ocspResponder = getFailingOCSPResponder();
+  await checkCertErrorGeneric(
+    gCertDB,
+    certFromFile("non-ev-root-path-ee"),
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  await stopOCSPResponder(ocspResponder);
+}
+
+// Tests that in ocspOn mode, OCSP fetches are done for both EV and DV certs.
+async function testOn() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  info("Setting security.OCSP.enabled to 1");
+
+  // If a successful OCSP response is fetched, then an EV chain should verify
+  // successfully and get EV status as well.
+  clearOCSPCache();
+  let ocspResponder = getOCSPResponder(["test-oid-path-ee"]);
+  await checkEVStatus(
+    gCertDB,
+    certFromFile("test-oid-path-ee"),
+    certificateUsageSSLServer,
+    gEVExpected
+  );
+  await stopOCSPResponder(ocspResponder);
+
+  // If a successful OCSP response is fetched, then a DV chain should verify
+  // successfully.
+  clearOCSPCache();
+  ocspResponder = getOCSPResponder(["non-ev-root-path-ee"]);
+  await checkCertErrorGeneric(
+    gCertDB,
+    certFromFile("non-ev-root-path-ee"),
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  await stopOCSPResponder(ocspResponder);
+}
+
+// Tests that in ocspEVOnly mode, OCSP fetches are done for EV certs only.
+async function testEVOnly() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 2);
+  info("Setting security.OCSP.enabled to 2");
+
+  // If a successful OCSP response is fetched, then an EV chain should verify
+  // successfully and get EV status as well.
+  clearOCSPCache();
+  let ocspResponder = gEVExpected
+    ? getOCSPResponder(["test-oid-path-ee"])
+    : getFailingOCSPResponder();
+  await checkEVStatus(
+    gCertDB,
+    certFromFile("test-oid-path-ee"),
+    certificateUsageSSLServer,
+    gEVExpected
+  );
+  await stopOCSPResponder(ocspResponder);
+
+  // A DV chain should verify successfully even without doing OCSP fetches.
+  clearOCSPCache();
+  ocspResponder = getFailingOCSPResponder();
+  await checkCertErrorGeneric(
+    gCertDB,
+    certFromFile("non-ev-root-path-ee"),
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer
+  );
+  await stopOCSPResponder(ocspResponder);
+}
+
+add_task(async function () {
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("network.dns.localDomains");
+    Services.prefs.clearUserPref("security.OCSP.enabled");
+    Services.prefs.clearUserPref("security.OCSP.require");
+  });
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  // Enable hard fail to ensure chains that should only succeed because they get
+  // a good OCSP response do not succeed due to soft fail leniency.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  loadCert("evroot", "CTu,,");
+  loadCert("test-oid-path-int", ",,");
+  loadCert("non-evroot-ca", "CTu,,");
+  loadCert("non-ev-root-path-int", ",,");
+
+  await testOff();
+  await testOn();
+  await testEVOnly();
+});
diff --git a/security/manager/ssl/tests/unit/test_ocsp_must_staple.js b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
new file mode 100644
index 0000000000..32ac332e61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
@@ -0,0 +1,160 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests OCSP Must Staple handling by connecting to various domains (as faked by
+// a server running locally) that correspond to combinations of whether the
+// extension is present in intermediate and end-entity certificates.
+
+var gExpectOCSPRequest;
+
+function add_ocsp_test(
+  aHost,
+  aExpectedResult,
+  aStaplingEnabled,
+  aExpectOCSPRequest = false,
+  aWithSecurityInfo = undefined
+) {
+  add_connection_test(
+    aHost,
+    aExpectedResult,
+    function () {
+      gExpectOCSPRequest = aExpectOCSPRequest;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref(
+        "security.ssl.enable_ocsp_stapling",
+        aStaplingEnabled
+      );
+    },
+    aWithSecurityInfo
+  );
+}
+
+function add_tests() {
+  // Next, a case where it's present in the intermediate, not the ee
+  add_ocsp_test(
+    "ocsp-stapling-plain-ee-with-must-staple-int.example.com",
+    MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING,
+    true
+  );
+
+  // We disable OCSP stapling in the next two tests so we can perform checks
+  // on TLS Features in the chain without needing to support the TLS
+  // extension values used.
+  // Test an issuer with multiple TLS features in matched in the EE
+  add_ocsp_test(
+    "multi-tls-feature-good.example.com",
+    PRErrorCodeSuccess,
+    false
+  );
+
+  // Finally, an issuer with multiple TLS features not matched by the EE.
+  add_ocsp_test(
+    "multi-tls-feature-bad.example.com",
+    MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING,
+    false
+  );
+
+  // Now a bunch of operations with only a must-staple ee
+  add_ocsp_test(
+    "ocsp-stapling-must-staple.example.com",
+    PRErrorCodeSuccess,
+    true
+  );
+
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-revoked.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    true
+  );
+
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-missing.example.com",
+    MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING,
+    true,
+    true
+  );
+
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-empty.example.com",
+    SEC_ERROR_OCSP_MALFORMED_RESPONSE,
+    true
+  );
+
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-missing.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+
+  // If the stapled response is expired, we will try to fetch a new one.
+  // If that fails, we should report the original error.
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-expired.example.com",
+    SEC_ERROR_OCSP_OLD_RESPONSE,
+    true,
+    true
+  );
+  // Similarly with a "try server later" response.
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-try-later.example.com",
+    SEC_ERROR_OCSP_TRY_SERVER_LATER,
+    true,
+    true
+  );
+  // And again with an invalid OCSP response signing certificate.
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-invalid-signer.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+
+  // check that disabling must-staple works
+  add_test(function () {
+    clearSessionCache();
+    Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", false);
+    run_next_test();
+  });
+
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-missing.example.com",
+    PRErrorCodeSuccess,
+    true,
+    true
+  );
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  // This test may sometimes fail on android due to an OCSP request timing out.
+  // That aspect of OCSP requests is not what we're testing here, so we can just
+  // bump the timeout and hopefully avoid these failures.
+  Services.prefs.setIntPref("security.OCSP.timeoutMilliseconds.soft", 5000);
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    ok(
+      gExpectOCSPRequest,
+      "Should be getting an OCSP request only when expected"
+    );
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
new file mode 100644
index 0000000000..ed5d0a3e00
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
@@ -0,0 +1,58 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Test that if an OCSP request is made to a domain that (erroneously)
+// has HSTS status, the request is not upgraded from HTTP to HTTPS.
+
+function run_test() {
+  do_get_profile();
+  // OCSP required means this test will only pass if the request succeeds.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  // We don't actually make use of stapling in this test. This is just how we
+  // get a TLS connection.
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let args = [["good", "default-ee", "unused", 0]];
+  let ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+  let goodOCSPResponse = ocspResponses[0];
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "application/ocsp-response");
+    response.write(goodOCSPResponse);
+  });
+  ocspResponder.start(8888);
+
+  // ocsp-stapling-none.example.com does not staple an OCSP response in the
+  // handshake, so the revocation checking code will attempt to fetch one.
+  // Since the domain of the certificate's OCSP AIA URI is an HSTS host
+  // (as added in the setup of this test, below), a buggy implementation would
+  // upgrade the OCSP request to HTTPS. We specifically prevent this. This
+  // test demonstrates that our implementation is correct in this regard.
+  add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess);
+  add_test(function () {
+    run_next_test();
+  });
+
+  add_test(function () {
+    ocspResponder.stop(run_next_test);
+  });
+
+  let SSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  let uri = Services.io.newURI("http://localhost");
+  SSService.processHeader(uri, "max-age=10000");
+  ok(
+    SSService.isSecureURI(uri),
+    "Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" +
+      " we wouldn't be testing what we think we're testing"
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_private_caching.js b/security/manager/ssl/tests/unit/test_ocsp_private_caching.js
new file mode 100644
index 0000000000..47b976cf71
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_private_caching.js
@@ -0,0 +1,115 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// In which we connect to a host and encounter OCSP responses with the
+// Cache-Control header set, which normally Necko would cache. This test
+// ensures that these responses aren't cached. PSM has its own OCSP cache, so
+// Necko shouldn't also be caching them.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+const SERVER_PORT = 8888;
+
+function add_flush_cache() {
+  add_test(() => {
+    // This appears to either fire multiple times or fire once for every
+    // observer that has ever been passed to flush. To prevent multiple calls to
+    // run_next_test, keep track of if this observer has already called it.
+    let observed = false;
+    let observer = {
+      observe: () => {
+        if (!observed) {
+          observed = true;
+          run_next_test();
+        }
+      },
+    };
+    Services.cache2.QueryInterface(Ci.nsICacheTesting).flush(observer);
+  });
+}
+
+function add_ocsp_necko_cache_test(loadContext) {
+  // Pre-testcase cleanup/setup.
+  add_test(() => {
+    Services.cache2.clear();
+    run_next_test();
+  });
+  add_flush_cache();
+
+  let responder;
+  add_test(() => {
+    clearOCSPCache();
+    clearSessionCache();
+    responder = startOCSPResponder(
+      SERVER_PORT,
+      "localhost",
+      "ocsp_certs",
+      ["default-ee"],
+      [],
+      [],
+      [],
+      [["Cache-Control", "max-age=1000"]]
+    );
+    run_next_test();
+  });
+
+  // Prepare a connection that will cause an OCSP request.
+  add_connection_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    null,
+    null,
+    null,
+    loadContext.originAttributes
+  );
+
+  add_flush_cache();
+
+  // Traverse the cache and ensure the response was not cached.
+  add_test(() => {
+    let foundEntry = false;
+    let visitor = {
+      onCacheStorageInfo() {},
+      onCacheEntryInfo(
+        aURI,
+        aIdEnhance,
+        aDataSize,
+        aFetchCount,
+        aLastModifiedTime,
+        aExpirationTime,
+        aPinned,
+        aInfo
+      ) {
+        Assert.equal(
+          aURI.spec,
+          "http://localhost:8888/",
+          "expected OCSP request URI should match"
+        );
+        foundEntry = true;
+      },
+      onCacheEntryVisitCompleted() {
+        Assert.ok(!foundEntry, "should not find a cached entry");
+        run_next_test();
+      },
+      QueryInterface: ChromeUtils.generateQI(["nsICacheStorageVisitor"]),
+    };
+    Services.cache2.asyncVisitAllStorages(visitor, true);
+  });
+
+  // Clean up (stop the responder).
+  add_test(() => {
+    responder.stop(run_next_test);
+  });
+}
+
+function run_test() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+  add_ocsp_necko_cache_test(Services.loadContextInfo.private);
+  add_ocsp_necko_cache_test(Services.loadContextInfo.default);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_required.js b/security/manager/ssl/tests/unit/test_ocsp_required.js
new file mode 100644
index 0000000000..3b2cceed72
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_required.js
@@ -0,0 +1,95 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a domain (as faked by a server running locally) and
+// start up an OCSP responder (also basically faked) that gives a response with
+// a bad signature (and later, an empty response). With security.OCSP.require
+// set to true, these connections should fail (but they also shouldn't cause
+// assertion failures).
+
+var gOCSPRequestCount = 0;
+var gOCSPResponse;
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  // We don't actually make use of stapling in this test. This is just how we
+  // get a TLS connection.
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let args = [["bad-signature", "default-ee", "unused", 0]];
+  let ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+  // Start by replying with a response with a bad signature.
+  gOCSPResponse = ocspResponses[0];
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "application/ocsp-response");
+    response.write(gOCSPResponse);
+    gOCSPRequestCount++;
+  });
+  ocspResponder.start(8888);
+
+  add_tests();
+
+  add_test(function () {
+    ocspResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
+
+function add_tests() {
+  add_connection_test(
+    "ocsp-stapling-none.example.com",
+    SEC_ERROR_OCSP_BAD_SIGNATURE,
+    function () {},
+    function (aTransportSecurityInfo) {
+      Assert.ok(
+        aTransportSecurityInfo.madeOCSPRequests,
+        "An OCSP Request should have been made."
+      );
+    }
+  );
+  add_connection_test(
+    "ocsp-stapling-none.example.com",
+    SEC_ERROR_OCSP_BAD_SIGNATURE,
+    function () {},
+    function (aTransportSecurityInfo) {
+      Assert.ok(
+        !aTransportSecurityInfo.madeOCSPRequests,
+        "An OCSP Request should not have been made."
+      );
+    }
+  );
+  add_test(function () {
+    equal(
+      gOCSPRequestCount,
+      1,
+      "OCSP request count should be 1 due to OCSP response caching"
+    );
+    gOCSPRequestCount = 0;
+    // Now set the OCSP responder to reply with 200 OK but empty content.
+    gOCSPResponse = "";
+    clearOCSPCache();
+    run_next_test();
+  });
+
+  add_connection_test(
+    "ocsp-stapling-none.example.com",
+    SEC_ERROR_OCSP_MALFORMED_RESPONSE,
+    function () {},
+    function (aTransportSecurityInfo) {
+      Assert.ok(
+        aTransportSecurityInfo.madeOCSPRequests,
+        "An OCSP Request should have been made."
+      );
+    }
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling.js b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
new file mode 100644
index 0000000000..990f286289
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
@@ -0,0 +1,393 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a number of domains (as faked by a server running
+// locally) with and without OCSP stapling enabled to determine that good
+// things happen and bad things don't.
+
+var gExpectOCSPRequest;
+
+function add_ocsp_test(
+  aHost,
+  aExpectedResult,
+  aStaplingEnabled,
+  aExpectOCSPRequest = false
+) {
+  add_connection_test(aHost, aExpectedResult, function () {
+    gExpectOCSPRequest = aExpectOCSPRequest;
+    clearOCSPCache();
+    clearSessionCache();
+    Services.prefs.setBoolPref(
+      "security.ssl.enable_ocsp_stapling",
+      aStaplingEnabled
+    );
+  });
+}
+
+function add_tests() {
+  // In the absence of OCSP stapling, these should actually all work.
+  add_ocsp_test(
+    "ocsp-stapling-good.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-revoked.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-good-other-ca.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-malformed.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-srverr.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-trylater.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-needssig.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-unauthorized.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-unknown.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-good-other.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired-fresh-ca.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-skip-responseBytes.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-critical-extension.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-noncritical-extension.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-empty-extensions.example.com",
+    PRErrorCodeSuccess,
+    false,
+    true
+  );
+
+  // Now test OCSP stapling
+  // The following error codes are defined in security/nss/lib/util/SECerrs.h
+
+  add_ocsp_test("ocsp-stapling-good.example.com", PRErrorCodeSuccess, true);
+
+  add_ocsp_test(
+    "ocsp-stapling-revoked.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    true
+  );
+
+  // This stapled response is from a CA that is untrusted and did not issue
+  // the server's certificate.
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let otherTestCA = constructCertFromFile("ocsp_certs/other-test-ca.pem");
+  add_test(function () {
+    certDB.setCertTrust(
+      otherTestCA,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.UNTRUSTED
+    );
+    run_next_test();
+  });
+  add_ocsp_test(
+    "ocsp-stapling-good-other-ca.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+
+  // The stapled response is from a CA that is trusted but did not issue the
+  // server's certificate.
+  add_test(function () {
+    certDB.setCertTrust(
+      otherTestCA,
+      Ci.nsIX509Cert.CA_CERT,
+      Ci.nsIX509CertDB.TRUSTED_SSL
+    );
+    run_next_test();
+  });
+  // TODO(bug 979055): When using ByName instead of ByKey, the error here is
+  // SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE. We should be testing both cases.
+  add_ocsp_test(
+    "ocsp-stapling-good-other-ca.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+
+  // TODO: Test the case where the signing cert can't be found at all, which
+  // will result in SEC_ERROR_BAD_DATABASE in the NSS classic case.
+
+  add_ocsp_test(
+    "ocsp-stapling-malformed.example.com",
+    SEC_ERROR_OCSP_MALFORMED_REQUEST,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-srverr.example.com",
+    SEC_ERROR_OCSP_SERVER_ERROR,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-trylater.example.com",
+    SEC_ERROR_OCSP_TRY_SERVER_LATER,
+    true,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-needssig.example.com",
+    SEC_ERROR_OCSP_REQUEST_NEEDS_SIG,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-unauthorized.example.com",
+    SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-unknown.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-good-other.example.com",
+    MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING,
+    true
+  );
+  // If the server doesn't staple an OCSP response, we continue as normal
+  // (this means that even though stapling is enabled, we expect an OCSP
+  // request).
+  add_connection_test(
+    "ocsp-stapling-none.example.com",
+    PRErrorCodeSuccess,
+    function () {
+      gExpectOCSPRequest = true;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+    }
+  );
+  add_ocsp_test(
+    "ocsp-stapling-empty.example.com",
+    SEC_ERROR_OCSP_MALFORMED_RESPONSE,
+    true
+  );
+
+  add_ocsp_test(
+    "ocsp-stapling-skip-responseBytes.example.com",
+    SEC_ERROR_OCSP_MALFORMED_RESPONSE,
+    true
+  );
+
+  add_ocsp_test(
+    "ocsp-stapling-critical-extension.example.com",
+    SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-noncritical-extension.example.com",
+    PRErrorCodeSuccess,
+    true
+  );
+  // TODO(bug 997994): Disallow empty Extensions in responses
+  add_ocsp_test(
+    "ocsp-stapling-empty-extensions.example.com",
+    PRErrorCodeSuccess,
+    true
+  );
+
+  add_ocsp_test(
+    "ocsp-stapling-delegated-included.example.com",
+    PRErrorCodeSuccess,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-delegated-included-last.example.com",
+    PRErrorCodeSuccess,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-delegated-missing.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-delegated-missing-multiple.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-delegated-no-extKeyUsage.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-delegated-from-intermediate.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-delegated-keyUsage-crlSigning.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+  add_ocsp_test(
+    "ocsp-stapling-delegated-wrong-extKeyUsage.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+
+  // ocsp-stapling-expired.example.com and
+  // ocsp-stapling-expired-fresh-ca.example.com are handled in
+  // test_ocsp_stapling_expired.js
+
+  // Check that OCSP responder certificates with key sizes below 1024 bits are
+  // rejected, even when the main certificate chain keys are at least 1024 bits.
+  add_ocsp_test(
+    "keysize-ocsp-delegated.example.com",
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT,
+    true,
+    true
+  );
+
+  add_ocsp_test(
+    "revoked-ca-cert-used-as-end-entity.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    true
+  );
+}
+
+function check_ocsp_stapling_telemetry() {
+  let histogram = Services.telemetry
+    .getHistogramById("SSL_OCSP_STAPLING")
+    .snapshot();
+  equal(
+    histogram.values[0],
+    0,
+    "Should have 0 connections for unused histogram bucket 0"
+  );
+  equal(
+    histogram.values[1],
+    5,
+    "Actual and expected connections with a good response should match"
+  );
+  equal(
+    histogram.values[2],
+    18,
+    "Actual and expected connections with no stapled response should match"
+  );
+  equal(
+    histogram.values[3] || 0,
+    0,
+    "Actual and expected connections with an expired response should match"
+  );
+  equal(
+    histogram.values[4],
+    21,
+    "Actual and expected connections with bad responses should match"
+  );
+  run_next_test();
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  // This test may sometimes fail on android due to an OCSP request timing out.
+  // That aspect of OCSP requests is not what we're testing here, so we can just
+  // bump the timeout and hopefully avoid these failures.
+  Services.prefs.setIntPref("security.OCSP.timeoutMilliseconds.soft", 5000);
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    ok(
+      gExpectOCSPRequest,
+      "Should be getting an OCSP request only when expected"
+    );
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(check_ocsp_stapling_telemetry);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
new file mode 100644
index 0000000000..22f552218c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
@@ -0,0 +1,317 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a number of domains (as faked by a server running
+// locally) with OCSP stapling enabled to determine that good things happen
+// and bad things don't, specifically with respect to various expired OCSP
+// responses (stapled and otherwise).
+// According to RFC 6066, if a stapled OCSP response can't be satisfactorilly
+// verified, the client should terminate the connection. Unfortunately, due to
+// some bugs where servers will staple any old garbage without verifying it, we
+// can't be this strict in practice. Originally this caveat only applied to
+// expired responses, but recent high-profile failures have caused us to expand
+// this to "try later" responses and responses where the signing certificate
+// doesn't verify successfully.
+
+var gCurrentOCSPResponse = null;
+var gOCSPRequestCount = 0;
+
+function add_ocsp_test(
+  aHost,
+  aExpectedResult,
+  aOCSPResponseToServe,
+  aExpectedRequestCount
+) {
+  add_connection_test(
+    aHost,
+    aExpectedResult,
+    function () {
+      clearOCSPCache();
+      clearSessionCache();
+      gCurrentOCSPResponse = aOCSPResponseToServe;
+      gOCSPRequestCount = 0;
+    },
+    function () {
+      equal(
+        gOCSPRequestCount,
+        aExpectedRequestCount,
+        "Should have made " +
+          aExpectedRequestCount +
+          " fallback OCSP request" +
+          (aExpectedRequestCount == 1 ? "" : "s")
+      );
+    }
+  );
+}
+
+do_get_profile();
+Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+// Sometimes this test will fail on android due to an OCSP request timing out.
+// That aspect of OCSP requests is not what we're testing here, so we can just
+// bump the timeout and hopefully avoid these failures.
+Services.prefs.setIntPref("security.OCSP.timeoutMilliseconds.soft", 5000);
+var args = [
+  ["good", "default-ee", "unused", 0],
+  ["expiredresponse", "default-ee", "unused", 0],
+  ["oldvalidperiod", "default-ee", "unused", 0],
+  ["revoked", "default-ee", "unused", 0],
+  ["unknown", "default-ee", "unused", 0],
+  ["good", "must-staple-ee", "unused", 0],
+];
+var ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+// Fresh response, certificate is good.
+var ocspResponseGood = ocspResponses[0];
+// Expired response, certificate is good.
+var expiredOCSPResponseGood = ocspResponses[1];
+// Fresh signature, old validity period, certificate is good.
+var oldValidityPeriodOCSPResponseGood = ocspResponses[2];
+// Fresh signature, certificate is revoked.
+var ocspResponseRevoked = ocspResponses[3];
+// Fresh signature, certificate is unknown.
+var ocspResponseUnknown = ocspResponses[4];
+var ocspResponseGoodMustStaple = ocspResponses[5];
+
+// sometimes we expect a result without re-fetch
+var willNotRetry = 1;
+// but sometimes, since a bad response is in the cache, OCSP fetch will be
+// attempted for each validation - in practice, for these test certs, this
+// means 2 requests because various key sizes are tried.
+var willRetry = 2;
+
+function run_test() {
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    if (gCurrentOCSPResponse) {
+      response.setStatusLine(request.httpVersion, 200, "OK");
+      response.setHeader("Content-Type", "application/ocsp-response");
+      response.write(gCurrentOCSPResponse);
+    } else {
+      response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+      response.write("Internal Server Error");
+    }
+    gOCSPRequestCount++;
+  });
+  ocspResponder.start(8888);
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  // In these tests, the OCSP stapling server gives us a stapled
+  // response based on the host name ("ocsp-stapling-expired" or
+  // "ocsp-stapling-expired-fresh-ca"). We then ensure that we're
+  // properly falling back to fetching revocation information.
+  // For ocsp-stapling-expired.example.com, the OCSP stapling server
+  // staples an expired OCSP response. The certificate has not expired.
+  // For ocsp-stapling-expired-fresh-ca.example.com, the OCSP stapling
+  // server staples an OCSP response with a recent signature but with an
+  // out-of-date validity period. The certificate has not expired.
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGood,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired-fresh-ca.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGood,
+    willNotRetry
+  );
+  // if we can't fetch a more recent response when
+  // given an expired stapled response, we terminate the connection.
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    SEC_ERROR_OCSP_OLD_RESPONSE,
+    expiredOCSPResponseGood,
+    willRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired-fresh-ca.example.com",
+    SEC_ERROR_OCSP_OLD_RESPONSE,
+    expiredOCSPResponseGood,
+    willRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    SEC_ERROR_OCSP_OLD_RESPONSE,
+    oldValidityPeriodOCSPResponseGood,
+    willRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired-fresh-ca.example.com",
+    SEC_ERROR_OCSP_OLD_RESPONSE,
+    oldValidityPeriodOCSPResponseGood,
+    willRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    SEC_ERROR_OCSP_OLD_RESPONSE,
+    null,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    SEC_ERROR_OCSP_OLD_RESPONSE,
+    null,
+    willNotRetry
+  );
+  // Of course, if the newer response indicates Revoked or Unknown,
+  // that status must be returned.
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    ocspResponseRevoked,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired-fresh-ca.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    ocspResponseRevoked,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    ocspResponseUnknown,
+    willRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-expired-fresh-ca.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    ocspResponseUnknown,
+    willRetry
+  );
+
+  // If the response is expired but indicates Revoked or Unknown and a
+  // newer status can't be fetched, the Revoked or Unknown status will
+  // be returned.
+  add_ocsp_test(
+    "ocsp-stapling-revoked-old.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    null,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-unknown-old.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    null,
+    willNotRetry
+  );
+  // If the response is expired but indicates Revoked or Unknown and
+  // a newer status can be fetched and successfully verified, this
+  // should result in a successful certificate verification.
+  add_ocsp_test(
+    "ocsp-stapling-revoked-old.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGood,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-unknown-old.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGood,
+    willNotRetry
+  );
+  // If a newer status can be fetched but it fails to verify, the
+  // Revoked or Unknown status of the expired stapled response
+  // should be returned.
+  add_ocsp_test(
+    "ocsp-stapling-revoked-old.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    expiredOCSPResponseGood,
+    willRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-unknown-old.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    expiredOCSPResponseGood,
+    willRetry
+  );
+
+  // These tests are verifying that an valid but very old response
+  // is rejected as a valid stapled response, requiring a fetch
+  // from the ocsp responder.
+  add_ocsp_test(
+    "ocsp-stapling-ancient-valid.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGood,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-ancient-valid.example.com",
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    ocspResponseRevoked,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-ancient-valid.example.com",
+    SEC_ERROR_OCSP_UNKNOWN_CERT,
+    ocspResponseUnknown,
+    willRetry
+  );
+
+  // Test how OCSP-must-staple (i.e. TLS feature) interacts with stapled OCSP
+  // responses that don't successfully verify.
+  // A strict reading of the relevant RFCs might say that these connections
+  // should all fail because a satisfactory stapled OCSP response is not
+  // present, but for compatibility reasons we fall back to active OCSP fetching
+  // in these situations. If the fetch succeeds, then connection succeeds.
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-expired.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGoodMustStaple,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-try-later.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGoodMustStaple,
+    willNotRetry
+  );
+  add_ocsp_test(
+    "ocsp-stapling-must-staple-invalid-signer.example.com",
+    PRErrorCodeSuccess,
+    ocspResponseGoodMustStaple,
+    willNotRetry
+  );
+
+  add_test(function () {
+    ocspResponder.stop(run_next_test);
+  });
+  add_test(check_ocsp_stapling_telemetry);
+  run_next_test();
+}
+
+function check_ocsp_stapling_telemetry() {
+  let histogram = Services.telemetry
+    .getHistogramById("SSL_OCSP_STAPLING")
+    .snapshot();
+  equal(
+    histogram.values[0] || 0,
+    0,
+    "Should have 0 connections for unused histogram bucket 0"
+  );
+  equal(
+    histogram.values[1] || 0,
+    0,
+    "Actual and expected connections with a good response should match"
+  );
+  equal(
+    histogram.values[2] || 0,
+    0,
+    "Actual and expected connections with no stapled response should match"
+  );
+  equal(
+    histogram.values[3],
+    22,
+    "Actual and expected connections with an expired response should match"
+  );
+  equal(
+    histogram.values[4],
+    2,
+    "Actual and expected connections with bad responses should match"
+  );
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
new file mode 100644
index 0000000000..d9c5986dd0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
@@ -0,0 +1,48 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a server that staples an OCSP response for a
+// certificate signed by an intermediate that has an OCSP AIA to ensure
+// that an OCSP request is not made for the intermediate.
+
+var gOCSPRequestCount = 0;
+
+function add_ocsp_test(aHost, aExpectedResult) {
+  add_connection_test(aHost, aExpectedResult, function () {
+    clearOCSPCache();
+    clearSessionCache();
+  });
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    gOCSPRequestCount++;
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    let body = "Refusing to return a response";
+    response.bodyOutputStream.write(body, body.length);
+  });
+  ocspResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_ocsp_test(
+    "ocsp-stapling-with-intermediate.example.com",
+    PRErrorCodeSuccess
+  );
+
+  add_test(function () {
+    ocspResponder.stop(run_next_test);
+  });
+  add_test(function () {
+    equal(gOCSPRequestCount, 0, "No OCSP requests should have been made");
+    run_next_test();
+  });
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_timeout.js b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
new file mode 100644
index 0000000000..8d606bc028
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
@@ -0,0 +1,100 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// This test connects to ocsp-stapling-none.example.com to test that OCSP
+// requests are cancelled if they're taking too long.
+// ocsp-stapling-none.example.com doesn't staple an OCSP response, so
+// connecting to it will cause a request to the OCSP responder. As with all of
+// these tests, the OCSP AIA (i.e. the url of the responder) in the certificate
+// is http://localhost:8888. Since this test opens a TCP socket listening on
+// port 8888 that just accepts connections and then ignores them (with
+// connect/read/write timeouts of 30 seconds), the OCSP requests should cancel
+// themselves. When OCSP hard-fail is enabled, connections will be terminated.
+// Otherwise, they will succeed.
+
+var gSocketListener = {
+  onSocketAccepted(serverSocket, socketTransport) {
+    socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_CONNECT, 30);
+    socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, 30);
+  },
+
+  onStopListening(serverSocket, status) {},
+};
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let socket = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  socket.init(8888, true, -1);
+  socket.asyncListen(gSocketListener);
+
+  add_one_test(false, "security.OCSP.timeoutMilliseconds.soft", 1000);
+  add_one_test(false, "security.OCSP.timeoutMilliseconds.soft", 2000);
+  add_one_test(false, "security.OCSP.timeoutMilliseconds.soft", 4000);
+
+  add_one_test(true, "security.OCSP.timeoutMilliseconds.hard", 3000);
+  add_one_test(true, "security.OCSP.timeoutMilliseconds.hard", 10000);
+  add_one_test(true, "security.OCSP.timeoutMilliseconds.hard", 15000);
+
+  add_test(function () {
+    socket.close();
+    run_next_test();
+  });
+  run_next_test();
+}
+
+function add_one_test(useHardFail, timeoutPrefName, timeoutMilliseconds) {
+  let startTime;
+  add_test(function () {
+    Services.prefs.setBoolPref("security.OCSP.require", useHardFail);
+    Services.prefs.setIntPref(timeoutPrefName, timeoutMilliseconds);
+    startTime = new Date();
+    run_next_test();
+  });
+
+  add_connection_test(
+    "ocsp-stapling-none.example.com",
+    useHardFail ? SEC_ERROR_OCSP_SERVER_ERROR : PRErrorCodeSuccess,
+    clearSessionCache
+  );
+
+  add_test(function () {
+    let endTime = new Date();
+    let timeDifference = endTime - startTime;
+    info(`useHardFail = ${useHardFail}`);
+    info(`startTime = ${startTime.getTime()} (${startTime})`);
+    info(`endTime = ${endTime.getTime()} (${endTime})`);
+    info(`timeDifference = ${timeDifference}ms`);
+    // Date() is not guaranteed to be monotonic, so add extra fuzz time to
+    // prevent intermittent failures (this only appeared to be a problem on
+    // Windows XP). See Bug 1121117.
+    const FUZZ_MS = 300;
+    ok(
+      timeDifference + FUZZ_MS > timeoutMilliseconds,
+      `OCSP timeout should be ~${timeoutMilliseconds}s for ` +
+        `${useHardFail ? "hard" : "soft"}-fail`
+    );
+    // Make sure we didn't wait too long.
+    // (Unfortunately, we probably can't have a tight upper bound on
+    // how long is too long for this test, because we might be running
+    // on slow hardware.)
+    ok(
+      timeDifference < 60000,
+      "Automatic OCSP timeout shouldn't be more than 60s"
+    );
+
+    // Reset state
+    clearOCSPCache();
+    Services.prefs.clearUserPref("security.OCSP.require");
+    Services.prefs.clearUserPref(timeoutPrefName);
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url.js b/security/manager/ssl/tests/unit/test_ocsp_url.js
new file mode 100644
index 0000000000..6ff79df03f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url.js
@@ -0,0 +1,122 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// In which we try to validate several ocsp responses, checking in particular
+// if the ocsp url is valid and the path expressed is correctly passed to
+// the caller.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const SERVER_PORT = 8888;
+
+function failingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+function start_ocsp_responder(expectedCertNames, expectedPaths) {
+  return startOCSPResponder(
+    SERVER_PORT,
+    "www.example.com",
+    "test_ocsp_url",
+    expectedCertNames,
+    expectedPaths
+  );
+}
+
+function check_cert_err(cert_name, expected_error) {
+  let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem");
+  return checkCertErrorGeneric(
+    certdb,
+    cert,
+    expected_error,
+    certificateUsageSSLServer
+  );
+}
+
+add_task(async function () {
+  addCertFromFile(certdb, "test_ocsp_url/ca.pem", "CTu,CTu,CTu");
+  addCertFromFile(certdb, "test_ocsp_url/int.pem", ",,");
+
+  // Enabled so that we can force ocsp failure responses.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  // Note: We don't test the case of a well-formed HTTP URL with an empty port
+  //       because the OCSP code would then send a request to port 80, which we
+  //       can't use in tests.
+
+  clearOCSPCache();
+  let ocspResponder = failingOCSPResponder();
+  await check_cert_err("bad-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err("empty-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err("ftp-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err("https-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = start_ocsp_responder(["hTTp-url"], ["hTTp-url"]);
+  await check_cert_err("hTTp-url", PRErrorCodeSuccess);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err("negative-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err("no-host-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = start_ocsp_responder(["no-path-url"], [""]);
+  await check_cert_err("no-path-url", PRErrorCodeSuccess);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err(
+    "no-scheme-host-port",
+    SEC_ERROR_CERT_BAD_ACCESS_LOCATION
+  );
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err("no-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  clearOCSPCache();
+  ocspResponder = failingOCSPResponder();
+  await check_cert_err("unknown-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+  await stopOCSPResponder(ocspResponder);
+
+  // Note: We currently don't have anything that ensures user:pass sections
+  //       weren't sent. The following test simply checks that such sections
+  //       don't cause failures.
+  clearOCSPCache();
+  ocspResponder = start_ocsp_responder(["user-pass"], [""]);
+  await check_cert_err("user-pass", PRErrorCodeSuccess);
+  await stopOCSPResponder(ocspResponder);
+});
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
new file mode 100644
index 0000000000..4d31ad30e2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAc6gAwIBAgIUcxiMVENAraxc4sbSRTxsifEGHjQwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBUxEzARBgNVBAMMCmJhZC1zY2hlbWUwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjMTAvMC0GCCsGAQUF
+BwEBBCEwHzAdBggrBgEFBQcwAYYRL3d3dy5leGFtcGxlLmNvbS8wDQYJKoZIhvcN
+AQELBQADggEBADf/rIlagOSOthTQAOg21ESO5SKZuH/hOQkdagoSupiui6BX2E8d
+1wMoZPGGOQBwEo8XT3ak+0ANlznoFLCvac4UQlLEiN6TR5ODJTep/8vTMDxBguRd
+WoCIHtFFpcs8HGWvyZtoh+pr8UH38Csw9g8mqX3L6g5QcpDUIfVhPEOSK46HapVM
+15BBqYsOpM5B0Yd+7AiIhiZZiNRojPxSN8DT55J+sRGiXunzP4BV2GwOI2ldjRJ5
+yJYJfUF4D+hmM37/QsLocV3AnWzSegY8xc372bkaHc3jOgo+9DJPliOOhrWNLEDk
+1cM5IXNP+fQxkCCm6VMO5dUx/mM2OXPVldc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
new file mode 100644
index 0000000000..12cc072792
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:bad-scheme
+extension:authorityInformationAccess:/www.example.com/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem
new file mode 100644
index 0000000000..54b436cdab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIUbd6irDfViDg0hGYGrBFpSOiAgmswDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDTELMAkGA1UEAwwCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBa/UJSVAkS4R5UUprUZ+VETh+G
+TbLf+xbhyhpXn39i7Rk0/U7IelYJN3qalF3eIL7ab4qij3jWLrdOJz1ERkxVWXeX
+a9rjQC7nQQqnOrdcEPvq297cHuwtKb+jTTKDI4ATy7UVeE3DDW6VWewmAz8VA7FH
+SxAwdLWgqKzAqLEhhrg6l0JtpDmCfoBZ5yVA9gPdcSouaQ+6WnL0TFmNtriZPZI5
+Sq7Ua1aM1X/Ca3kQLo1DD06lgR7bJbjH+2j0uRYbB7NeB5aeYYnnxRdXcbXtM2Wl
+dPg/8WETAK3hjbaY0Xq5UFP9tLkLbq3a1lew5BEz9xFz7P+offg8hSAONOZu
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec
new file mode 100644
index 0000000000..d809dbd635
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem
new file mode 100644
index 0000000000..9e014e046a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAdugAwIBAgIUfXZLX886ys6oYF2hFTD113w25vIwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBsxGTAXBgNVBAMMEGVtcHR5LXNjaGVtZS11cmwwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjODA2MDQG
+CCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYOi8vd3d3LmV4YW1wbGUuY29tOjg4
+ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQB/FqFwqO/trl/aSBpjWE9+jPLtnJOUxWRt
+J0lx/7SREoxDlltp+qrDcpKgA4uEz2xeo/AVHpcEd8V1mjFJhiFCQR3IGuCIkBtX
+/fanzlYl49XTtGDHmVZOOgok3Q3NwV+qwv/Qah/PzL7C2z8QD9UDDSu5jeGUC5vP
+wSe8pr+LFMSB4Koe13biFiHZ2rerLuRrHXPCwlHytFXr6MeZyk8DrjBpQ4Qa0I6P
+tMXFRLIXm30dKxKZefY4Cxqce2M5iUhTJQ7AH6NDtV7SClbi8Px7yFeIAIBcGTbQ
+HauxBJ189pnzGpMTAZ7dheZW/tK++MCzu+oy1tGbjWEeSpFFD+92
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec
new file mode 100644
index 0000000000..e8959653f3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:empty-scheme-url
+extension:authorityInformationAccess:://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem
new file mode 100644
index 0000000000..0e76de6922
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdWgAwIBAgIUP6gYyih9vcQFEmw6jInzA0Lcx5owDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBIxEDAOBgNVBAMMB2Z0cC11cmwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjOzA5MDcGCCsGAQUFBwEB
+BCswKTAnBggrBgEFBQcwAYYbZnRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvMA0G
+CSqGSIb3DQEBCwUAA4IBAQB8Ts6atwiom8QSkIVDayT7fMWo6Qu0M/Uhd60/M8cI
+it4KBFBN1IimF8768ZmX/CPx0BaUopC5aOnkrZ69bJYrVao8nZ4Iv46IY1S1Xroa
+ty+lej25NkVKVJe6Vlc73rbt36nc9xW8hl/mXV63tXmbm7SXUIWOiYuZIa4HwmGw
+FkDexshf5QFoe8FfMix1ZiVj8oKr2Ah5Tpmc8oHOI1CfbKK4OACvA3zWSrfNRUL3
+QysUc8a5ivjRXNAerBdCUsCD0AGqxNKMKksAehaGw7QoH0lpsV0nhnB7sAfo3g23
+azcOr1kugLtYVU9zLjqXHXp85WQQNW6u7jjN7rZ7O27V
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec
new file mode 100644
index 0000000000..9f50a7d792
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:ftp-url
+extension:authorityInformationAccess:ftp://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem
new file mode 100644
index 0000000000..0e9765db26
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9zCCAd+gAwIBAgIUPyIl+CW63MemORS1mNNtzeYU1PYwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBMxETAPBgNVBAMMCGhUVHAtdXJsMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo0QwQjBABggrBgEFBQcB
+AQQ0MDIwMAYIKwYBBQUHMAGGJGhUVHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9o
+VFRwLXVybDANBgkqhkiG9w0BAQsFAAOCAQEATB54EtpZ1EK2bz1gy9khuT9HJHqZ
+UvBlzz3wto/NXvq9Cd79bW93sydmKiNveiVrGuYJG5WX3VdxzHBlcTzpm+9ObsgH
+FRLu5KP4fLRhL49dix48k9Gl5VBgZfZSjjzpb/tpPjUvPnE2UPtDa8kC1Is9xN4m
+bL6hbwVpcusFBiRQWq37tzCCV1oce0S/MvvEMinnp6daLwI3BYAcmWexq0JdpRV+
+ixu3IL0chOIjM4W2Zv0WHPXtz0q9/rU7HbJ9X7k3e7lYmoU297tM5r3MKw2T8D/h
+9McUjgTMwqdcoUUM8iwCphbjmFO3yPLILiAMdXV/4OvhognLpL6wViD+Kw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec
new file mode 100644
index 0000000000..10b1504b29
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:hTTp-url
+extension:authorityInformationAccess:hTTp://www.example.com:8888/hTTp-url
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem
new file mode 100644
index 0000000000..233c7dbbb4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAeKgAwIBAgIUcYnrnPrivVifCZHI3B1RI9yhpcUwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBQxEjAQBgNVBAMMCWh0dHBzLXVybDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNGMEQwQgYIKwYBBQUH
+AQEENjA0MDIGCCsGAQUFBzABhiZodHRwczovL3d3dy5leGFtcGxlLmNvbTo4ODg4
+L2h0dHBzLXVybDANBgkqhkiG9w0BAQsFAAOCAQEAjx5EcBAumCFK8/lj8vr6N88i
+G6vq8vkUMFXjlqrxw4ODbajVVFnGBIfzG7usDajQr2f3Rvl6huLm1P4ljLfHwu60
+d7uJKExnjTXzxEjC6mrupOG8t3VvIjv4C9MgaD6P4I96opG0V1V22YDC+fHuRZgb
+7I0+9EwUqrM3BqBSob3AFkcl7oyjIovG/KU26GlMbtLBbt1F6UpI5DAiOsb/UfY9
+bhEevyv7L9Sn07CYRbLFXUy47D5MhJk9XLZJQmgalnAtWxK6G+i8Y6s9DDDz6g0n
+AYiRmOQydYgVMt8+h5KYzOnNO/vES41ATBgGPrp5J0LAxNvofme02+nU0sFQPw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec
new file mode 100644
index 0000000000..891005bf5c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:https-url
+extension:authorityInformationAccess:https://www.example.com:8888/https-url
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key b/security/manager/ssl/tests/unit/test_ocsp_url/int.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem
new file mode 100644
index 0000000000..f12ebf91fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbKgAwIBAgIUS7UFd8kviZT6AzkUw+zBza2WxxcwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEAwwCY2EwIhgPMjAyMTExMjcwMDAwMDBaGA8yMDI0MDIwNTAw
+MDAwMFowDjEMMAoGA1UEAwwDaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsG
+A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAXr6DXGOqX+xkzyNm1YZc+wtm
+6yFQo2jgeCMxgOv4j07wEEgGPP4adgyHjAhqTtYNbdBCuPtEbMInVRHdJooWNGk7
+MeoyTmJLlEJlnzVHdCUDi0mb+E7w2vVWNeirXnUSBN8qStok8vNoHJDT7pX3QEQs
+zRRNHw5qs/xxZKxzxeBiljYlh1d1zVgqNWTx9LP5IOEKOQ9OzxpzsCpJtPZRxh/d
+gip6TZT9srCndY2jCFUEYdSFRWOjsb6ni9TGC2o4SUxxJvC8jmrLjgGqPGNdTMiX
+DOxuAjt1gue4kqK6r6nMqxOZ04TEe0c/M5+hF4dhQaxqga6vvGBl0oF2QMxXGA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec
new file mode 100644
index 0000000000..a7f6d81419
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
new file mode 100644
index 0000000000..07b3eece77
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAdqgAwIBAgIUI+NlsiPCC51FapO6j10d1zhvVkYwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBgxFjAUBgNVBAMMDW5lZ2F0aXZlLXBvcnQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjOjA4MDYGCCsG
+AQUFBwEBBCowKDAmBggrBgEFBQcwAYYaaHR0cDovL3d3dy5leGFtcGxlLmNvbTot
+MS8wDQYJKoZIhvcNAQELBQADggEBABCPXr4pvTLeDOPJ9G/A06wTpyoTAUa925GG
+hRTuEeEw5o83Uzgm/fT2bO6+RJCfdR0wA95897l/p6vzybobZe8w2GM4RYWzkzkL
+xMHrJQtzSdgG7tLRaxZ58A+Q1l8mRGtYpyAb14hwEsKY+8phG3XGP2w7ekQxODhM
+gTgaICYNoQaBlz4PqVdqhDv7ZgmF9QQyG0C3H5Hma0jinr5YcCYRkzPciZTwS8DP
+Jv7n+/9WbTK0rOc1n5omFwb0fPs64rpVgWqGmySPPT7G8aUo89a9ma8XJMoaHjzE
+T1TZL03SoOxxEN3NBB4+9i14qHfmiWu+pOFlcDxCnVkRACMk2d0=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
new file mode 100644
index 0000000000..fce6d43848
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:negative-port
+extension:authorityInformationAccess:http://www.example.com:-1/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem
new file mode 100644
index 0000000000..0358a13a65
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAcugAwIBAgIUJ/hWC/IA8OSkpAm4v2bLiFq5xlMwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBYxFDASBgNVBAMMC25vLWhvc3QtdXJsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy0wKzApBggrBgEF
+BQcBAQQdMBswGQYIKwYBBQUHMAGGDWh0dHA6Ly86ODg4OC8wDQYJKoZIhvcNAQEL
+BQADggEBAK4Fk3641sIxflNan2/JobCNeV8UoDpVn9ZaU9sUOfXHnVVPjUAnlzKj
+SdhI9Z9bVqsEt787B2UIGQeqYnot5x7Gu9hGSeGz7kfp/xURyx4CHmIC33n9jwKZ
+daWaiWvqHfbRljd6Mvm9lJYWx3w8Ggci61N+GeeRAmBhPJvpe6gzo/vCmO6rnSqG
+0AxiEb98DHaes4ofL/DTgDlHWryB5UByyf9FEenHFFizr/YuYEKc8FMf19nvbQiN
+VJFP6LMmIlmg4Xq7ED97U5VhDal1e6vro12d5Cv9EZkkTxaTQMKhG4W8iNHZlwFB
+BsQX7n6BT1Lg/MqVCUt265qDF3c7Pvc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec
new file mode 100644
index 0000000000..4ac76e7eb3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-host-url
+extension:authorityInformationAccess:http://:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem
new file mode 100644
index 0000000000..f7b346e338
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdmgAwIBAgIUaz9vziBHmRLkLlxVoF1xxTuiNH4wDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBYxFDASBgNVBAMMC25vLXBhdGgtdXJsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozswOTA3BggrBgEF
+BQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4
+ODANBgkqhkiG9w0BAQsFAAOCAQEAlMdLsu6jig7c3TW2eYVzA8uAuANVDpE49XXf
+6KJI/RCGjJZa5h6SEPRnvhmruc3TsY/3Tt1U8i9QqEgFTkFmFmFI+twqJGH/F2KM
+Ied4MBF970tkTVYRRUI0RCOdhBUfx1kDuA1D00YdDA3v5mYTcdsSIB7U6lqah/28
+Rga+PhQX6Yu2VVcQF48sO51vsa2Q3hhZEqyGwezWDml1IAgr5EXT3hDdVKTXtZpM
+g6lzAfcdF/vhDVtmABvDpyWhMcfTQ/nNel2/7ICJvukP5v1VW15XYzL4tsyMx4K7
+8CL1Ol6XMixU7Ov0liwN3s4ltvJqpVoyOrMWLoa3Qn7F4XHJMg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec
new file mode 100644
index 0000000000..497bb28796
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-path-url
+extension:authorityInformationAccess:http://www.example.com:8888
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem
new file mode 100644
index 0000000000..2e4b35203d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcegAwIBAgIUc6pGAyMLd73M5wLzGIk7VHQ1UGgwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMB4xHDAaBgNVBAMME25vLXNjaGVtZS1ob3N0LXBvcnQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjITAf
+MB0GCCsGAQUFBwEBBBEwDzANBggrBgEFBQcwAYYBLzANBgkqhkiG9w0BAQsFAAOC
+AQEAoNZDLXjNXKUumNMieyWv67kOH/uoDS9tsX4+LIuZRgKLeb4xjstHxxKkaWWy
+HJCjBwHYjbndWXSqE+6NPm8oHTypPc0+vZOStKnj/OzxHWfxbEzqsy27qoWKFpxA
+HNzyt4/EWmSdoDRiCoXTYP4KuIPGrtqUS2wnJAoEcNa52wazsqSRJPfiK02r+N96
+N/z8+Olyudbgkl6QNMNaxmzYejENLfwxS1nH5R3orxEH2/L+6Mr3vKDMq9IQc3Ou
+vrHHtW7XiOaYNV+8p4ChaGe6yEEbnz53G7TwjoDKvxD1tV0AGqRqMxdCJ+CDQ7Ev
+xwxHLNIXGsaQs2H7m7eE9OpN/Q==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec
new file mode 100644
index 0000000000..42a555e411
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-scheme-host-port
+extension:authorityInformationAccess:/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem
new file mode 100644
index 0000000000..9a7530baa9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdWgAwIBAgIUccG45Puc/if4zk65IRFmiwMkTyowDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBgxFjAUBgNVBAMMDW5vLXNjaGVtZS11cmwwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjNTAzMDEGCCsG
+AQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVd3d3LmV4YW1wbGUuY29tOjg4ODgvMA0G
+CSqGSIb3DQEBCwUAA4IBAQBTjpqXEXFANWFs+cs4nu2rUFEnvXkZzmkoRlPbWaKw
+naVdEJ5xetaX79sh5N3vSNPCsArAF1iCnv8jmgnQRzXRKWxrZGVrUGm+5a74O/99
+vvy7CIj90A7OytXUwyAhrz6hGxmWYrnJUY5RjZTmjxvr4wgiXXZuHc+/uZRn84RK
+sJnh+XDS3hFz0M78FQOSTgdwEI/hC/QFh0CIycrc4qR6xY+fwdfLvk8GepC6ABCG
+6hn9bEpt1POO7O7UmBtIYuiyHx/32hwVrCXFbD7sgnLvz0iQYvnO4gg4Cb42pK2N
+gBeej4JDWaxq3HOBCKEARgdpWML2E94Vx7a484EuLI0h
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec
new file mode 100644
index 0000000000..a82196a6d1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-scheme-url
+extension:authorityInformationAccess:www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
new file mode 100644
index 0000000000..798afe22d3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdegAwIBAgIUNW/IeKC4Vw2JT/VDNXHrYgCqKegwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBkxFzAVBgNVBAMMDnVua25vd24tc2NoZW1lMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozYwNDAyBggr
+BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFnR0cDovL3d3dy5leGFtcGxlLmNvbS8w
+DQYJKoZIhvcNAQELBQADggEBALT6AXU+U5IK7KxE2FW8F719+2Solmn3WcbLP9z+
+klThJ2HcNlxZBxuV+DwS3kBhsocZDneuOvUfSMilswGrGi9pGNgdhQWN2gO41LUy
+QavfjRuSbGJghAZJSN5dVWBkF8kuv19ZiLMiM53C5vQo92/+Vww+Ue5S1HSagybI
+3mmBUyf+8nvVO5mDsfDL8OnH4ON66sxqgu6Kuwlr2wc3inZo7ZOW24m75KLJG2Ah
+KOs0sksn7DsG2VFUIJJj/qN9Co8ZjrnJbLYec57MBM8V8l1wIfVdqM/a7wof4tE3
+DVKvFl7uGK/u1nh4lRYQx7/MH1GU4ItULEbOZ2kCIpnozpU=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
new file mode 100644
index 0000000000..0089455398
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:unknown-scheme
+extension:authorityInformationAccess:ttp://www.example.com/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
new file mode 100644
index 0000000000..ab104a9f45
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAeKgAwIBAgIUJ7gBTm0Yo/h/kQT3ggLP9jbM3yIwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDaW50MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUw
+MDAwMDBaMBQxEjAQBgNVBAMMCXVzZXItcGFzczCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNGMEQwQgYIKwYBBQUH
+AQEENjA0MDIGCCsGAQUFBzABhiZodHRwOi8vdXNlcjpwYXNzQHd3dy5leGFtcGxl
+LmNvbTo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEAatrdhzPYl8dtK3j+q0F2cD0M
+QpgNpBZeRa+9puQK/mLlSNEI1ottNU+DbukELLpwAtS0YzN02qf48MptuWkyudT0
+3bDNWIGMmzXpGgD7OCE2iwuiWJD6URahLoCew0eByIhaywaexEtqiNFIBtD3xPJr
+vqxAJ7JvXpTNpE90dbnHCXlXQU6h9HFIfj8pIPDc/hXACjqVmqetwzK6d5XPLUaG
+D4Jxy+lHN90JvH9+oApumJj/i2g7Bpjbn1SFwg5UKamAFc4SsDbV/DsXy91rqpSJ
+Wtrq6EP8cPNQ5cTQ3nzs/cO7nSVrVXllxkcUpOo1JnAARmWlyePioomaqf1fKA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
new file mode 100644
index 0000000000..337e67e5f9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:user-pass
+extension:authorityInformationAccess:http://user:pass@www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem
new file mode 100644
index 0000000000..74a9711cf6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIBHzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDDBFUZXN0
+IEludGVybWVkaWF0ZTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAw
+WjAwMS4wLAYDVQQDDCVBbm90aGVyIEVFIFJldm9rZWQgYnkgcmV2b2NhdGlvbnMu
+dHh0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB2pHWaL4x9Z6EwRI54eDjBvbhW
+Nckc9QFYHdheA91DnlSkyeAIHcXe+fW0nvoCZ9xfnSjPlsXgs/qQyOHg+w6LgfhM
+3UaGRRRouIqOMMko1DgbrJRm2YFrUhCjmsnnKq99rp4eShc2kwBSd0Az6OGhBnE6
++CcU7a6wfOV/enX/KGiiWeQON5+jh9bBBDRO1trvFd7CDSMyAEkg+CEu6Mb53QlK
+cOBuev+Bc5GV6gng+I/X7vh3DsMIbsfOAU6llpqx0VO/evp4SFExSQI4zbjxQEqv
+/38YQAhJ7j97kupgPXL98q27TQaUZvOCok/Go8j0ZQZ1dlJFwRNZE6ZT393R
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem.certspec
new file mode 100644
index 0000000000..d3ba461104
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt-serial-2.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate
+subject:Another EE Revoked by revocations.txt
+serialNumber:31
diff --git a/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem
new file mode 100644
index 0000000000..f118e94dd3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyTCCAbGgAwIBAgIBTjANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDDBFUZXN0
+IEludGVybWVkaWF0ZTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAw
+WjAwMS4wLAYDVQQDDCVBbm90aGVyIEVFIFJldm9rZWQgYnkgcmV2b2NhdGlvbnMu
+dHh0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAD1fjkHeUSNoIXuGDYRYn2rZJS
+5oV2caQaXRv7FaB4M7oGx5FNTaooSJLr+M6yC+0dxkfU8316vJ4d2DAKyL1sVrpw
+QMhndYCKQXpJ/06F59khzZnsPVAdnuXJ99aLGVjiebN+NYWzLDPUQw9sERvw+lep
+wNWJAgBsjdc/9iyLR7Tj5Y72zB4tV961GLSX6WztKyuLhIHCFueU3IvbDe4NWLyT
+CNZOohGcpdAzGH18gPOJnuVKLzND629qUZrr8/orh0xk989/uk97Kg1oF5Wd6LaT
+4CuH3CIVA5ijYj6jwPbj6gkV5IdxW4QVYefH47G9xum7RDF/IVEs3rzwybPj
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem.certspec
new file mode 100644
index 0000000000..10f8f07cce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/another-ee-revoked-by-revocations-txt.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate
+subject:Another EE Revoked by revocations.txt
+serialNumber:78
diff --git a/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem
new file mode 100644
index 0000000000..566f6f227d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtzCCAZ+gAwIBAgIBKjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
+IENBMCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBaMCgxJjAkBgNV
+BAMMHUVFIFJldm9rZWQgYnkgcmV2b2NhdGlvbnMudHh0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMA0GCSqGSIb3
+DQEBCwUAA4IBAQBXENg6gQp2CVGvs2e5SFpj+9K0Df6qICkQeIsEsqL/loRbBhdf
+kRudVBVaXANEWdInLppGGfv8tk3VAre2Trlq8Owt3RuP4mdyrlSt3ZTNPbK3lPCU
+K51iqEX/URBvwo+dZpOZqBy+NQ1ZdLlWWTzABiXfQNnsg1z0U/laGYNvNoGxWmg0
+YDU/moLw4EOh8akvTRdoZ6WaSTRCwNISTPCUrwj4RvKeSlsuat+MsxCA4oQqquni
+iDD1Aq2MLDXAsMfCz7fB+FJ8hMA8nGOTNd4eRXsJIFRcIRSiPo6eADZaex88z84b
+NlE/N5/6MQ7EDsiumkHO35B1Nr2hKSnygrCl
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem.certspec
new file mode 100644
index 0000000000..a2a67d909c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-revocations-txt.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:EE Revoked by revocations.txt
+serialNumber:42
diff --git a/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem
new file mode 100644
index 0000000000..eb6db83ff8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbWgAwIBAgIUF0SQAekyqW5LqQAmYGwNQpn7o18wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjArMSkwJwYDVQQDDCBFRSBSZXZva2VkIEJ5IFN1YmplY3QgYW5k
+IFB1YktleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtqoXX2PHLaQdil4gzPbg
+vONLbChJFeN/rBwenDrYYvyyw/x7hEov3pedjiapzjQHZiEINFICipArwEkN3hBK
+5eSSdfRbHrfzZ3XIRwkgRlPkVSN0DPv1QXvRbym3OuKZLmDHYNLr0g4siTB9QT/X
+KuCCnJazaBrNclz2DmZq7tMjKi/82i5aMot7fCJ8Rc+TSOMgTGCS2BnvoM/F4+0e
+q3Nd7XfSrdEgd2qfzKON4qrJyDK8v9RnY3c1kG+JbpQHby70JPz9YBO8sa2Yuy1U
+Vxnh2zhmPBUWPNwDYefkGfA+Mw2cW48+6vvFxigWjoLyNAGVEH8zrYhgSGY67P1l
+2g==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem.certspec
new file mode 100644
index 0000000000..cadbcf9038
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/ee-revoked-by-subject-and-pubkey.pem.certspec
@@ -0,0 +1,2 @@
+issuer:Test CA
+subject:EE Revoked By Subject and PubKey
diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem
new file mode 100644
index 0000000000..d524b4480b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgmgAwIBAgIUKU+OMvdur/GbuU28D3WfX/xbV9AwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAiMSAwHgYDVQQDDBdBbm90aGVyIFRlc3QgRW5kLWVudGl0eTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaNbMFkwIwYDVR0RBBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMDIG
+CCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4
+LzANBgkqhkiG9w0BAQsFAAOCAQEAReIPRx+jafffXyK50Ig6Juzjs51zXX3IrdA2
+HYcXGZsdsLL8CvlnwHJhrMBP+Eh/bs8u9UgfmC9rxDX2gLxfIDlbidryYGzONAQq
+jWiFlVzq30fz28uatwFYzUzKODtsCM+47Qg0Y+HY9506Bj7TNmPB/a9JBY76SSw0
+Rwk1LSaMEuzu62XXuT+jjVGWqQZktAAUCtpM39UlC8aazrk6ipfh6iKHcJCN5+U1
++IM4BOErevre0SxKTz7cNKr04lghxFFGUKm/jkoZeF/6Hm73Ke75EhKlfS3D1YAY
+rm3DuUnGaWn/00X6lAWrm/dCfq1uepp+Xmgsc27jFPnVAccuMw==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
new file mode 100644
index 0000000000..8b20f03f59
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Another Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
new file mode 100644
index 0000000000..2ee2b87b2a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
@@ -0,0 +1,41 @@
+# a sample revocations.txt for tests
+# Lines starting with '#' are ignored - as are empty lines like this:
+
+# otherwise:
+# non-empty lines are treated as base-64 encoded DER DN data (e.g. issuer or
+# subject)
+# ...unless the line starts with a ' ' (space) character, in which case it's
+# assumed to be base-64 encoded DER serial data, or
+# the line starts with a '\t' (tab) character, in which case it's assumed to
+# be a base-64 encoded SHA256 hash of a public key
+
+# First a serial with no issuer to ensure this doesn't cause parsing to fail
+# (there should be an issuer first, but we need to test this won't fail)
+ dGVzdA==
+# next, let's ensure data that isn't valid base64 doesn't cause breakage.
+ this serial isn't valid base64 (but then there's no issuer anyway)
+Neither is this issuer, though the serial is fine
+ dGVzdA==
+dGVzdA==
+ in this case, issuer is fine but not the serial
+# Next two entries; we can add valid base-64 encoded data for some basic tests:
+# issuer is the base-64 encoded subject DN for the shared Test CA
+# serial is the base-64 encoded integer 42
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=
+ Kg==
+# issuer is the base-64 encoded subject DN for the shared Test Intermediate
+# the first serial is the base-64 encoded integer 78
+# the second serial is the base-64 encoded integer 31
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRl
+ Tg==
+ Hw==
+ c2VyaWFsMi4=
+# subject is base-64 encoded subject DN "CN=EE Revoked By Subject and PubKey"
+# pubKeyHash is the base-64 encoded sha256 hash of the shared RSA SPKI
+MCsxKTAnBgNVBAMMIEVFIFJldm9rZWQgQnkgU3ViamVjdCBhbmQgUHViS2V5
+	VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=
+# and some more data to ensure that mixed items don't cause parsing failure
+a DN
+ a serial
+	a hash
+ another serial
diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem
new file mode 100644
index 0000000000..525cd71c47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdKgAwIBAgIUa4ks0VUTyrp6BlZyCB65lVeSFDgwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAyMTExMjcwMDAw
+MDBaGA8yMDI0MDIwNTAwMDAwMFowJDEiMCAGA1UEAwwZRUUgaXNzdWVkIGJ5IGlu
+dGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqG
+SIb3DQEBCwUAA4IBAQA1n1VzCy6MJBHPaZlsuILBLkNqd7Bhzalhp6ubI05DGgfq
+yIYSyEn7ALTwo0bsp9kndmijyB3T8BJoDekEHjcKRpnDuuBGKGVrvOWquIJ1YFRf
+1r+VxI7n0wC9RF953+rTgsyPYPS5q1DJrMx+q1PCzga4mP5Tm3OxTyMXsHpM7uxN
+9/imDY0gLndSUYjx0S5EADhmXul+SCLxzh+9TfdQPRSiDhFsNrUen31Ajh/5Iu34
+e0wc4UEEUJftqbmbFMk7OJiUi2UcezCJdt7WYZQJGLWHLQFugJmsE6sLy0fDXHVX
+65VKh/HrXYQ5xemJtJaQfImoHV5+SGkVxdyYFKwO
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
new file mode 100644
index 0000000000..24792d540a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate
+subject:EE issued by intermediate
+extension:subjectAlternativeName:localhost
diff --git a/security/manager/ssl/tests/unit/test_osclientcerts_module.js b/security/manager/ssl/tests/unit/test_osclientcerts_module.js
new file mode 100644
index 0000000000..bebc0aa58b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_osclientcerts_module.js
@@ -0,0 +1,60 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the platform can load the osclientcerts module.
+
+// Ensure that the appropriate initialization has happened.
+Services.prefs.setBoolPref("security.osclientcerts.autoload", false);
+do_get_profile();
+
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+async function check_osclientcerts_module_loaded() {
+  // Loading happens asynchronously, so we have to wait for the notification.
+  await TestUtils.topicObserved("psm:load-os-client-certs-module-task-ran");
+  let testModule = checkPKCS11ModuleExists(
+    "OS Client Cert Module",
+    "osclientcerts"
+  );
+
+  // Check that listing the slots for the osclientcerts module works.
+  let testModuleSlotNames = Array.from(
+    testModule.listSlots(),
+    slot => slot.name
+  );
+  testModuleSlotNames.sort();
+  const expectedSlotNames = ["OS Client Cert Slot"];
+  deepEqual(
+    testModuleSlotNames,
+    expectedSlotNames,
+    "Actual and expected slot names should be equal"
+  );
+}
+
+add_task(async function run_test() {
+  // Check that if we haven't loaded the osclientcerts module, we don't find it
+  // in the module list.
+  checkPKCS11ModuleNotPresent("OS Client Cert Module", "osclientcerts");
+
+  // Check that enabling the pref that loads the osclientcerts module makes it
+  // appear in the module list.
+  Services.prefs.setBoolPref("security.osclientcerts.autoload", true);
+  await check_osclientcerts_module_loaded();
+
+  // Check that disabling the pref that loads the osclientcerts module (thus
+  // unloading the module) makes it disappear from the module list.
+  Services.prefs.setBoolPref("security.osclientcerts.autoload", false);
+  checkPKCS11ModuleNotPresent("OS Client Cert Module", "osclientcerts");
+
+  // Check that loading the module again succeeds.
+  Services.prefs.setBoolPref("security.osclientcerts.autoload", true);
+  await check_osclientcerts_module_loaded();
+
+  // And once more check that unloading succeeds.
+  Services.prefs.setBoolPref("security.osclientcerts.autoload", false);
+  checkPKCS11ModuleNotPresent("OS Client Cert Module", "osclientcerts");
+});
diff --git a/security/manager/ssl/tests/unit/test_oskeystore.js b/security/manager/ssl/tests/unit/test_oskeystore.js
new file mode 100644
index 0000000000..028c308faf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_oskeystore.js
@@ -0,0 +1,413 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with nsIOSKeyStore.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+const LABELS = ["mylabel1", "mylabel2", "mylabel3"];
+
+async function delete_all_secrets() {
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+  for (let label of LABELS) {
+    if (await keystore.asyncSecretAvailable(label)) {
+      await keystore.asyncDeleteSecret(label);
+      ok(
+        !(await keystore.asyncSecretAvailable(label)),
+        label + " should be deleted now."
+      );
+    }
+  }
+}
+
+// Test that Firefox handles locking and unlocking of the OSKeyStore properly.
+// Does so by mocking out the actual dialog and "filling in" the
+// password. Also tests that providing an incorrect password will fail (well,
+// technically the user will just get prompted again, but if they then cancel
+// the dialog the overall operation will fail).
+
+var gMockPrompter = {
+  passwordToTry: null,
+  numPrompts: 0,
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gMockPrompter| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+    this.numPrompts++;
+    equal(
+      text,
+      "Please enter your Primary Password.",
+      "password prompt text should be as expected"
+    );
+    equal(checkMsg, null, "checkMsg should be null");
+    ok(this.passwordToTry, "passwordToTry should be non-null");
+    if (this.passwordToTry == "DontTryThisPassword") {
+      // Cancel the prompt in this case.
+      return false;
+    }
+    password.value = this.passwordToTry;
+    return true;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]),
+};
+
+// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
+// to call promptPassword. We return the mock one, above.
+var gWindowWatcher = {
+  getNewPrompter: () => gMockPrompter,
+  QueryInterface: ChromeUtils.generateQI(["nsIWindowWatcher"]),
+};
+
+async function encrypt_decrypt_test() {
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+  ok(
+    !(await keystore.asyncSecretAvailable(LABELS[0])),
+    "The secret should not be available yet."
+  );
+
+  let recoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(recoveryPhrase, "A recovery phrase should've been created.");
+  let recoveryPhrase2 = await keystore.asyncGenerateSecret(LABELS[1]);
+  ok(recoveryPhrase2, "A recovery phrase should've been created.");
+
+  let text = new Uint8Array([0x01, 0x00, 0x01]);
+  let ciphertext = "";
+  try {
+    ciphertext = await keystore.asyncEncryptBytes(LABELS[0], text);
+    ok(ciphertext, "We should have a ciphertext now.");
+  } catch (e) {
+    ok(false, "Error encrypting " + e);
+  }
+
+  // Decrypting should give us the plaintext bytes again.
+  try {
+    let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
+    ok(
+      plaintext.toString() == text.toString(),
+      "Decrypted plaintext should be the same as text."
+    );
+  } catch (e) {
+    ok(false, "Error decrypting ciphertext " + e);
+  }
+
+  // Decrypting with a wrong key should throw an error.
+  try {
+    await keystore.asyncDecryptBytes(LABELS[1], ciphertext);
+    ok(false, "Decrypting with the wrong key should fail.");
+  } catch (e) {
+    ok(true, "Decrypting with the wrong key should fail " + e);
+  }
+}
+
+add_task(async function () {
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+  let windowWatcherCID;
+  if (keystore.isNSSKeyStore) {
+    windowWatcherCID = MockRegistrar.register(
+      "@mozilla.org/embedcomp/window-watcher;1",
+      gWindowWatcher
+    );
+    registerCleanupFunction(() => {
+      MockRegistrar.unregister(windowWatcherCID);
+    });
+  }
+
+  await delete_all_secrets();
+  await encrypt_decrypt_test();
+  await delete_all_secrets();
+
+  if (
+    AppConstants.platform == "macosx" ||
+    AppConstants.platform == "win" ||
+    AppConstants.platform == "linux"
+  ) {
+    ok(
+      !keystore.isNSSKeyStore,
+      "OS X, Windows, and Linux should use the non-NSS implementation"
+    );
+  }
+
+  if (keystore.isNSSKeyStore) {
+    // If we use the NSS key store implementation test that everything works
+    // when a master password is set.
+    // Set an initial password.
+    let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+      Ci.nsIPK11TokenDB
+    );
+    let token = tokenDB.getInternalKeyToken();
+    token.initPassword("hunter2");
+
+    // Lock the key store. This should be equivalent to token.logoutSimple()
+    await keystore.asyncLock();
+
+    // Set the correct password so that the test operations should succeed.
+    gMockPrompter.passwordToTry = "hunter2";
+    await encrypt_decrypt_test();
+    ok(
+      gMockPrompter.numPrompts == 1,
+      "There should've been one password prompt."
+    );
+    await delete_all_secrets();
+  }
+
+  // Check lock/unlock behaviour.
+  // Unfortunately we can only test this automatically for the NSS key store.
+  // Uncomment the outer keystore.isNSSKeyStore to test other key stores manually.
+  if (keystore.isNSSKeyStore) {
+    await delete_all_secrets();
+    await encrypt_decrypt_test();
+    await keystore.asyncLock();
+    info("Keystore should be locked. Cancel the login request.");
+    try {
+      if (keystore.isNSSKeyStore) {
+        gMockPrompter.passwordToTry = "DontTryThisPassword";
+      }
+      await keystore.asyncUnlock();
+      ok(false, "Unlock should've rejected.");
+    } catch (e) {
+      ok(
+        e.result == Cr.NS_ERROR_FAILURE || e.result == Cr.NS_ERROR_ABORT,
+        "Rejected login prompt."
+      );
+    }
+    // clean up
+    if (keystore.isNSSKeyStore) {
+      gMockPrompter.passwordToTry = "hunter2";
+    }
+    await delete_all_secrets();
+  }
+});
+
+// Test that if we kick off a background operation and then call a synchronous function on the
+// keystore, we don't deadlock.
+add_task(async function () {
+  await delete_all_secrets();
+
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+  let recoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(recoveryPhrase, "A recovery phrase should've been created.");
+
+  try {
+    let text = new Uint8Array(8192);
+    let promise = keystore.asyncEncryptBytes(LABELS[0], text);
+    /* eslint-disable no-unused-expressions */
+    keystore.isNSSKeyStore; // we don't care what this is - we just need to access it
+    /* eslint-enable no-unused-expressions */
+    let ciphertext = await promise;
+    ok(ciphertext, "We should have a ciphertext now.");
+  } catch (e) {
+    ok(false, "Error encrypting " + e);
+  }
+
+  await delete_all_secrets();
+});
+
+// Test that using a recovery phrase works.
+add_task(async function () {
+  await delete_all_secrets();
+
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+
+  let recoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(recoveryPhrase, "A recovery phrase should've been created.");
+
+  let text = new Uint8Array([0x01, 0x00, 0x01]);
+  let ciphertext = await keystore.asyncEncryptBytes(LABELS[0], text);
+  ok(ciphertext, "We should have a ciphertext now.");
+
+  await keystore.asyncDeleteSecret(LABELS[0]);
+  // Decrypting should fail after deleting the secret.
+  await keystore
+    .asyncDecryptBytes(LABELS[0], ciphertext)
+    .then(() =>
+      ok(false, "decrypting didn't throw as expected after deleting the secret")
+    )
+    .catch(() =>
+      ok(true, "decrypting threw as expected after deleting the secret")
+    );
+
+  await keystore.asyncRecoverSecret(LABELS[0], recoveryPhrase);
+  let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
+  ok(
+    plaintext.toString() == text.toString(),
+    "Decrypted plaintext should be the same as text."
+  );
+
+  await delete_all_secrets();
+});
+
+// Test that trying to use a non-base64 recovery phrase fails.
+add_task(async function () {
+  await delete_all_secrets();
+
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+  await keystore
+    .asyncRecoverSecret(LABELS[0], "@##$^&*()#$^&*(@#%&*_")
+    .then(() =>
+      ok(false, "base64-decoding non-base64 should have failed but didn't")
+    )
+    .catch(() => ok(true, "base64-decoding non-base64 failed as expected"));
+
+  ok(
+    !(await keystore.asyncSecretAvailable(LABELS[0])),
+    "we didn't recover a secret, so the secret shouldn't be available"
+  );
+  let recoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(
+    recoveryPhrase && !!recoveryPhrase.length,
+    "we should be able to re-use that label to generate a new secret"
+  );
+  await delete_all_secrets();
+});
+
+// Test that re-using a label overwrites any previously-stored secret.
+add_task(async function () {
+  await delete_all_secrets();
+
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+
+  let recoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(recoveryPhrase, "A recovery phrase should've been created.");
+
+  let text = new Uint8Array([0x66, 0x6f, 0x6f, 0x66]);
+  let ciphertext = await keystore.asyncEncryptBytes(LABELS[0], text);
+  ok(ciphertext, "We should have a ciphertext now.");
+
+  let newRecoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(newRecoveryPhrase, "A new recovery phrase should've been created.");
+
+  // The new secret replaced the old one so we shouldn't be able to decrypt the ciphertext now.
+  await keystore
+    .asyncDecryptBytes(LABELS[0], ciphertext)
+    .then(() =>
+      ok(false, "decrypting without the original key should have failed")
+    )
+    .catch(() =>
+      ok(true, "decrypting without the original key failed as expected")
+    );
+
+  await keystore.asyncRecoverSecret(LABELS[0], recoveryPhrase);
+  let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
+  ok(
+    plaintext.toString() == text.toString(),
+    "Decrypted plaintext should be the same as text (once we have the original key again)."
+  );
+
+  await delete_all_secrets();
+});
+
+// Test that re-using a label (this time using a recovery phrase) overwrites any previously-stored
+// secret.
+add_task(async function () {
+  await delete_all_secrets();
+
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+
+  let recoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(recoveryPhrase, "A recovery phrase should've been created.");
+
+  let newRecoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(newRecoveryPhrase, "A new recovery phrase should've been created.");
+
+  let text = new Uint8Array([0x66, 0x6f, 0x6f, 0x66]);
+  let ciphertext = await keystore.asyncEncryptBytes(LABELS[0], text);
+  ok(ciphertext, "We should have a ciphertext now.");
+
+  await keystore.asyncRecoverSecret(LABELS[0], recoveryPhrase);
+
+  // We recovered the old secret, so decrypting ciphertext that had been encrypted with the newer
+  // key should fail.
+  await keystore
+    .asyncDecryptBytes(LABELS[0], ciphertext)
+    .then(() => ok(false, "decrypting without the new key should have failed"))
+    .catch(() => ok(true, "decrypting without the new key failed as expected"));
+
+  await keystore.asyncRecoverSecret(LABELS[0], newRecoveryPhrase);
+  let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
+  ok(
+    plaintext.toString() == text.toString(),
+    "Decrypted plaintext should be the same as text (once we have the new key again)."
+  );
+
+  await delete_all_secrets();
+});
+
+// Test that trying to use recovery phrases that are the wrong size fails.
+add_task(async function () {
+  await delete_all_secrets();
+
+  let keystore = Cc["@mozilla.org/security/oskeystore;1"].getService(
+    Ci.nsIOSKeyStore
+  );
+
+  await keystore
+    .asyncRecoverSecret(LABELS[0], "")
+    .then(() => ok(false, "'recovering' with an empty key should have failed"))
+    .catch(() => ok(true, "'recovering' with an empty key failed as expected"));
+  ok(
+    !(await keystore.asyncSecretAvailable(LABELS[0])),
+    "we didn't recover a secret, so the secret shouldn't be available"
+  );
+
+  await keystore
+    .asyncRecoverSecret(LABELS[0], "AAAAAA")
+    .then(() =>
+      ok(false, "recovering with a key that is too short should have failed")
+    )
+    .catch(() =>
+      ok(true, "recovering with a key that is too short failed as expected")
+    );
+  ok(
+    !(await keystore.asyncSecretAvailable(LABELS[0])),
+    "we didn't recover a secret, so the secret shouldn't be available"
+  );
+
+  await keystore
+    .asyncRecoverSecret(
+      LABELS[0],
+      "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+    )
+    .then(() =>
+      ok(false, "recovering with a key that is too long should have failed")
+    )
+    .catch(() =>
+      ok(true, "recovering with a key that is too long failed as expected")
+    );
+  ok(
+    !(await keystore.asyncSecretAvailable(LABELS[0])),
+    "we didn't recover a secret, so the secret shouldn't be available"
+  );
+
+  let recoveryPhrase = await keystore.asyncGenerateSecret(LABELS[0]);
+  ok(
+    recoveryPhrase && !!recoveryPhrase.length,
+    "we should be able to use that label to generate a new secret"
+  );
+  ok(
+    await keystore.asyncSecretAvailable(LABELS[0]),
+    "the generated secret should now be available"
+  );
+
+  await delete_all_secrets();
+});
diff --git a/security/manager/ssl/tests/unit/test_osreauthenticator.js b/security/manager/ssl/tests/unit/test_osreauthenticator.js
new file mode 100644
index 0000000000..01784a5fef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_osreauthenticator.js
@@ -0,0 +1,27 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests nsIOSReauthenticator.asyncReauthenticateUser().
+// As this gets implemented on various platforms, running this test
+// will result in a prompt from the OS. Consequently, we won't be able
+// to run this in automation, but it will help in testing locally.
+add_task(async function test_asyncReauthenticateUser() {
+  const reauthenticator = Cc[
+    "@mozilla.org/security/osreauthenticator;1"
+  ].getService(Ci.nsIOSReauthenticator);
+  ok(reauthenticator, "nsIOSReauthenticator should be available");
+  const EXPECTED = false; // Change this variable to suit your needs while testing.
+  ok(
+    (
+      await reauthenticator.asyncReauthenticateUser(
+        "this is the prompt string",
+        "this is the caption string",
+        null
+      )
+    )[0] == EXPECTED,
+    "nsIOSReauthenticator.asyncReauthenticateUser should return a boolean array with the first item being the authentication result of: " +
+      EXPECTED
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_password_prompt.js b/security/manager/ssl/tests/unit/test_password_prompt.js
new file mode 100644
index 0000000000..cf4c6db7bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_password_prompt.js
@@ -0,0 +1,87 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that PSM can successfully ask for a password from the user and relay it
+// back to NSS. Does so by mocking out the actual dialog and "filling in" the
+// password. Also tests that providing an incorrect password will fail (well,
+// technically the user will just get prompted again, but if they then cancel
+// the dialog the overall operation will fail).
+
+var gMockPrompter = {
+  passwordToTry: null,
+  numPrompts: 0,
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gMockPrompter| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+    this.numPrompts++;
+    if (this.numPrompts > 1) {
+      // don't keep retrying a bad password
+      return false;
+    }
+    equal(
+      text,
+      "Please enter your Primary Password.",
+      "password prompt text should be as expected"
+    );
+    equal(checkMsg, null, "checkMsg should be null");
+    ok(this.passwordToTry, "passwordToTry should be non-null");
+    password.value = this.passwordToTry;
+    return true;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]),
+};
+
+// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
+// to call promptPassword. We return the mock one, above.
+var gWindowWatcher = {
+  getNewPrompter: () => gMockPrompter,
+  QueryInterface: ChromeUtils.generateQI(["nsIWindowWatcher"]),
+};
+
+function run_test() {
+  do_get_profile();
+
+  let windowWatcherCID = MockRegistrar.register(
+    "@mozilla.org/embedcomp/window-watcher;1",
+    gWindowWatcher
+  );
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(windowWatcherCID);
+  });
+
+  // Set an initial password.
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
+  let token = tokenDB.getInternalKeyToken();
+  token.initPassword("hunter2");
+  token.logoutSimple();
+
+  // Try with the correct password.
+  gMockPrompter.passwordToTry = "hunter2";
+  // Using nsISecretDecoderRing will cause the password prompt to come up if the
+  // token has a password and is logged out.
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+  sdr.encryptString("poke");
+  equal(gMockPrompter.numPrompts, 1, "should have prompted for password once");
+
+  // Reset state.
+  gMockPrompter.numPrompts = 0;
+  token.logoutSimple();
+
+  // Try with an incorrect password.
+  gMockPrompter.passwordToTry = "*******";
+  throws(
+    () => sdr.encryptString("poke2"),
+    /NS_ERROR_FAILURE/,
+    "logging in with the wrong password should fail"
+  );
+  equal(gMockPrompter.numPrompts, 2, "should have prompted for password twice");
+}
diff --git a/security/manager/ssl/tests/unit/test_pinning.js b/security/manager/ssl/tests/unit/test_pinning.js
new file mode 100644
index 0000000000..6661f3cc38
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning.js
@@ -0,0 +1,311 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// For all cases, the acceptable pinset includes only certificates pinned to
+// Test End Entity Cert (signed by issuer testCA). Other certificates
+// are issued by otherCA, which is never in the pinset but is a user-specified
+// trust anchor. This test covers multiple cases:
+//
+// Pinned domain include-subdomains.pinning.example.com includes subdomains
+// - PASS: include-subdomains.pinning.example.com serves a correct cert
+// - PASS: good.include-subdomains.pinning.example.com serves a correct cert
+// - FAIL (strict): bad.include-subdomains.pinning.example.com serves a cert
+// not in the pinset
+// - PASS (mitm): bad.include-subdomains.pinning.example.com serves a cert not
+// in the pinset, but issued by a user-specified trust domain
+//
+// Pinned domain exclude-subdomains.pinning.example.com excludes subdomains
+// - PASS: exclude-subdomains.pinning.example.com serves a correct cert
+// - FAIL: exclude-subdomains.pinning.example.com serves an incorrect cert
+// (TODO: test using verifyCertNow)
+// - PASS: sub.exclude-subdomains.pinning.example.com serves an incorrect cert
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function add_clear_override(host) {
+  add_test(function () {
+    let certOverrideService = Cc[
+      "@mozilla.org/security/certoverride;1"
+    ].getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride(host, 8443, {});
+    run_next_test();
+  });
+}
+
+function test_strict() {
+  // In strict mode, we always evaluate pinning data, regardless of whether the
+  // issuer is a built-in trust anchor. We only enforce pins that are not in
+  // test mode.
+  add_test(function () {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+    run_next_test();
+  });
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // Issued by otherCA, which is not in the pinset for pinning.example.com.
+  add_connection_test(
+    "bad.include-subdomains.pinning.example.com",
+    MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
+  );
+
+  // Check that using a FQDN doesn't bypass pinning.
+  add_connection_test(
+    "bad.include-subdomains.pinning.example.com.",
+    MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
+  );
+  // For some reason this is also navigable (see bug 1118522).
+  add_connection_test(
+    "bad.include-subdomains.pinning.example.com..",
+    MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
+  );
+
+  // These domains serve certs that match the pinset.
+  add_connection_test(
+    "include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+
+  // This domain serves a cert that doesn't match the pinset, but subdomains
+  // are excluded.
+  add_connection_test(
+    "sub.exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+
+  // This domain's pinset is exactly the same as
+  // include-subdomains.pinning.example.com, serves the same cert as
+  // bad.include-subdomains.pinning.example.com, but it should pass because
+  // it's in test_mode.
+  add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess);
+  // Similarly, this pin is in test-mode, so it should be overridable.
+  add_cert_override_test(
+    "unknownissuer.test-mode.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_mitm() {
+  // In MITM mode, we allow pinning to pass if the chain resolves to any
+  // user-specified trust anchor, even if it is not in the pinset.
+  add_test(function () {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1);
+    run_next_test();
+  });
+
+  add_connection_test(
+    "include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides (since building a trusted chain fails,
+  // we have no reason to believe this was issued by a user-added trust
+  // anchor, so we can't allow overrides for it).
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // In this case, even though otherCA is not in the pinset, it is a
+  // user-specified trust anchor and the pinning check succeeds.
+  add_connection_test(
+    "bad.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+
+  add_connection_test(
+    "exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "sub.exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess);
+  add_cert_override_test(
+    "unknownissuer.test-mode.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_disabled() {
+  // Disable pinning.
+  add_test(function () {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 0);
+    run_next_test();
+  });
+
+  add_connection_test(
+    "include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "bad.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "sub.exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess);
+
+  add_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+  add_cert_override_test(
+    "unknownissuer.test-mode.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_enforce_test_mode() {
+  // In enforce test mode, we always enforce all pins, even test pins.
+  add_test(function () {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 3);
+    run_next_test();
+  });
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // Issued by otherCA, which is not in the pinset for pinning.example.com.
+  add_connection_test(
+    "bad.include-subdomains.pinning.example.com",
+    MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
+  );
+
+  // These domains serve certs that match the pinset.
+  add_connection_test(
+    "include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+  add_connection_test(
+    "exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+
+  // This domain serves a cert that doesn't match the pinset, but subdomains
+  // are excluded.
+  add_connection_test(
+    "sub.exclude-subdomains.pinning.example.com",
+    PRErrorCodeSuccess
+  );
+
+  // This domain's pinset is exactly the same as
+  // include-subdomains.pinning.example.com, serves the same cert as
+  // bad.include-subdomains.pinning.example.com, is in test-mode, but we are
+  // enforcing test mode pins.
+  add_connection_test(
+    "test-mode.pinning.example.com",
+    MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
+  );
+  // Normally this is overridable. But, since we have pinning information for
+  // this host (and since we're enforcing test mode), we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.test-mode.pinning.example.com",
+    SEC_ERROR_UNKNOWN_ISSUER
+  );
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function check_pinning_telemetry() {
+  let prod_histogram = Services.telemetry
+    .getHistogramById("CERT_PINNING_RESULTS")
+    .snapshot();
+  let test_histogram = Services.telemetry
+    .getHistogramById("CERT_PINNING_TEST_RESULTS")
+    .snapshot();
+  // Because all of our test domains are pinned to user-specified trust
+  // anchors, effectively only strict mode and enforce test-mode get evaluated
+  equal(
+    prod_histogram.values[0],
+    4,
+    "Actual and expected prod (non-Mozilla) failure count should match"
+  );
+  equal(
+    prod_histogram.values[1],
+    6,
+    "Actual and expected prod (non-Mozilla) success count should match"
+  );
+  equal(
+    test_histogram.values[0],
+    2,
+    "Actual and expected test (non-Mozilla) failure count should match"
+  );
+  equal(
+    test_histogram.values[1] || 0,
+    0,
+    "Actual and expected test (non-Mozilla) success count should match"
+  );
+
+  run_next_test();
+}
+
+function run_test() {
+  // Ensure that static pinning works when HPKP is disabled.
+  Services.prefs.setBoolPref("security.cert_pinning.hpkp.enabled", false);
+
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+
+  // Add a user-specified trust anchor.
+  addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u");
+
+  test_strict();
+  test_mitm();
+  test_disabled();
+  test_enforce_test_mode();
+
+  add_test(function () {
+    check_pinning_telemetry();
+  });
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_module.js b/security/manager/ssl/tests/unit/test_pkcs11_module.js
new file mode 100644
index 0000000000..abad2dbb54
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_module.js
@@ -0,0 +1,58 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 module and
+// the module database.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+const gModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+  Ci.nsIPKCS11ModuleDB
+);
+
+function run_test() {
+  // Check that if we have never added the test module, that we don't find it
+  // in the module list.
+  checkPKCS11ModuleNotPresent("PKCS11 Test Module", "pkcs11testmodule");
+
+  // Check that adding the test module makes it appear in the module list.
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(ctypes.libraryName("pkcs11testmodule"));
+  loadPKCS11Module(libraryFile, "PKCS11 Test Module", true);
+  let testModule = checkPKCS11ModuleExists(
+    "PKCS11 Test Module",
+    "pkcs11testmodule"
+  );
+
+  // Check that listing the slots for the test module works.
+  let testModuleSlotNames = Array.from(
+    testModule.listSlots(),
+    slot => slot.name
+  );
+  testModuleSlotNames.sort();
+  const expectedSlotNames = [
+    "Empty PKCS11 Slot",
+    "Test PKCS11 Slot",
+    "Test PKCS11 Slot 二",
+  ];
+  deepEqual(
+    testModuleSlotNames,
+    expectedSlotNames,
+    "Actual and expected slot names should be equal"
+  );
+
+  // Check that deleting the test module makes it disappear from the module list.
+  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  pkcs11ModuleDB.deleteModule("PKCS11 Test Module");
+  checkPKCS11ModuleNotPresent("PKCS11 Test Module", "pkcs11testmodule");
+
+  // Check miscellaneous module DB methods and attributes.
+  ok(!gModuleDB.canToggleFIPS, "It should NOT be possible to toggle FIPS");
+  ok(!gModuleDB.isFIPSEnabled, "FIPS should not be enabled");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_moduleDB.js b/security/manager/ssl/tests/unit/test_pkcs11_moduleDB.js
new file mode 100644
index 0000000000..e8cbf17abf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_moduleDB.js
@@ -0,0 +1,46 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that adding modules with invalid names are prevented.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function run_test() {
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(ctypes.libraryName("pkcs11testmodule"));
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
+
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  throws(
+    () => moduleDB.addModule("Root Certs", libraryFile.path, 0, 0),
+    /NS_ERROR_ILLEGAL_VALUE/,
+    "Adding a module named 'Root Certs' should fail."
+  );
+  throws(
+    () => moduleDB.addModule("", libraryFile.path, 0, 0),
+    /NS_ERROR_ILLEGAL_VALUE/,
+    "Adding a module with an empty name should fail."
+  );
+
+  let bundle = Services.strings.createBundle(
+    "chrome://pipnss/locale/pipnss.properties"
+  );
+  let rootsModuleName = bundle.GetStringFromName("RootCertModuleName");
+  let foundRootsModule = false;
+  for (let module of moduleDB.listModules()) {
+    if (module.name == rootsModuleName) {
+      foundRootsModule = true;
+      break;
+    }
+  }
+  ok(
+    foundRootsModule,
+    "Should be able to find builtin roots module by localized name."
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
new file mode 100644
index 0000000000..e4e3467d79
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
@@ -0,0 +1,58 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// In safe mode, PKCS#11 modules should not be loaded. This test tests this by
+// simulating starting in safe mode and then attempting to load a module.
+
+function run_test() {
+  do_get_profile();
+
+  // Simulate starting in safe mode.
+  let xulRuntime = {
+    inSafeMode: true,
+    logConsoleErrors: true,
+    OS: "XPCShell",
+    XPCOMABI: "noarch-spidermonkey",
+    invalidateCachesOnRestart: function invalidateCachesOnRestart() {
+      // Do nothing
+    },
+    QueryInterface: ChromeUtils.generateQI(["nsIXULRuntime"]),
+  };
+
+  let xulRuntimeFactory = {
+    createInstance(iid) {
+      return xulRuntime.QueryInterface(iid);
+    },
+  };
+
+  let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+  const XULRUNTIME_CONTRACTID = "@mozilla.org/xre/runtime;1";
+  const XULRUNTIME_CID = Components.ID(
+    "{f0f0b230-5525-4127-98dc-7bca39059e70}"
+  );
+  registrar.registerFactory(
+    XULRUNTIME_CID,
+    "XULRuntime",
+    XULRUNTIME_CONTRACTID,
+    xulRuntimeFactory
+  );
+
+  // When starting in safe mode, the test module should fail to load.
+  let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  let libraryName = ctypes.libraryName("pkcs11testmodule");
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(libraryName);
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
+  throws(
+    () =>
+      pkcs11ModuleDB.addModule("PKCS11 Test Module", libraryFile.path, 0, 0),
+    /NS_ERROR_FAILURE/,
+    "addModule should throw when in safe mode"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_slot.js b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
new file mode 100644
index 0000000000..dba2a4d3a1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
@@ -0,0 +1,161 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 slot.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function find_slot_by_name(module, name) {
+  for (let slot of module.listSlots()) {
+    if (slot.name == name) {
+      return slot;
+    }
+  }
+  return null;
+}
+
+function find_module_by_name(moduleDB, name) {
+  for (let slot of moduleDB.listModules()) {
+    if (slot.name == name) {
+      return slot;
+    }
+  }
+  return null;
+}
+
+var gPrompt = {
+  QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]),
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gPrompt| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  alert(title, text) {
+    equal(
+      text,
+      "Please authenticate to the token “Test PKCS11 Tokeñ 2 Label�. " +
+        "How to do so depends on the token (for example, using a fingerprint " +
+        "reader or entering a code with a keypad)."
+    );
+  },
+};
+
+const gPromptFactory = {
+  QueryInterface: ChromeUtils.generateQI(["nsIPromptFactory"]),
+  getPrompt: (aWindow, aIID) => gPrompt,
+};
+
+function run_test() {
+  MockRegistrar.register("@mozilla.org/prompter;1", gPromptFactory);
+
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(ctypes.libraryName("pkcs11testmodule"));
+  loadPKCS11Module(libraryFile, "PKCS11 Test Module", false);
+
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
+    Ci.nsIPKCS11ModuleDB
+  );
+  let testModule = find_module_by_name(moduleDB, "PKCS11 Test Module");
+  notEqual(testModule, null, "should be able to find test module");
+  let testSlot = find_slot_by_name(testModule, "Test PKCS11 Slot 二");
+  notEqual(testSlot, null, "should be able to find 'Test PKCS11 Slot 二'");
+
+  equal(
+    testSlot.name,
+    "Test PKCS11 Slot 二",
+    "Actual and expected name should match"
+  );
+  equal(
+    testSlot.desc,
+    "Test PKCS11 Slot 二",
+    "Actual and expected description should match"
+  );
+  equal(
+    testSlot.manID,
+    "Test PKCS11 Manufacturer ID",
+    "Actual and expected manufacturer ID should match"
+  );
+  equal(
+    testSlot.HWVersion,
+    "0.0",
+    "Actual and expected hardware version should match"
+  );
+  equal(
+    testSlot.FWVersion,
+    "0.0",
+    "Actual and expected firmware version should match"
+  );
+  equal(
+    testSlot.status,
+    Ci.nsIPKCS11Slot.SLOT_NOT_LOGGED_IN,
+    "Actual and expected status should match"
+  );
+  equal(
+    testSlot.tokenName,
+    "Test PKCS11 Tokeñ 2 Label",
+    "Actual and expected token name should match"
+  );
+
+  let testToken = testSlot.getToken();
+  notEqual(testToken, null, "getToken() should succeed");
+  equal(
+    testToken.tokenName,
+    "Test PKCS11 Tokeñ 2 Label",
+    "Spot check: the actual and expected test token names should be equal"
+  );
+  ok(!testToken.isInternalKeyToken, "This token is not the internal key token");
+
+  testToken.login(true);
+  ok(testToken.isLoggedIn(), "Should have 'logged in' successfully");
+
+  testSlot = find_slot_by_name(testModule, "Empty PKCS11 Slot");
+  notEqual(testSlot, null, "should be able to find 'Empty PKCS11 Slot'");
+  equal(testSlot.tokenName, null, "Empty slot is empty");
+  equal(
+    testSlot.status,
+    Ci.nsIPKCS11Slot.SLOT_NOT_PRESENT,
+    "Actual and expected status should match"
+  );
+
+  let bundle = Services.strings.createBundle(
+    "chrome://pipnss/locale/pipnss.properties"
+  );
+  let internalModule = find_module_by_name(
+    moduleDB,
+    "NSS Internal PKCS #11 Module"
+  );
+  notEqual(internalModule, null, "should be able to find internal module");
+  let cryptoSlot = find_slot_by_name(
+    internalModule,
+    bundle.GetStringFromName("TokenDescription")
+  );
+  notEqual(cryptoSlot, "should be able to find internal crypto slot");
+  equal(
+    cryptoSlot.desc,
+    bundle.GetStringFromName("SlotDescription"),
+    "crypto slot should have expected 'desc'"
+  );
+  equal(
+    cryptoSlot.manID,
+    bundle.GetStringFromName("ManufacturerID"),
+    "crypto slot should have expected 'manID'"
+  );
+  let keySlot = find_slot_by_name(
+    internalModule,
+    bundle.GetStringFromName("PrivateTokenDescription")
+  );
+  notEqual(keySlot, "should be able to find internal key slot");
+  equal(
+    keySlot.desc,
+    bundle.GetStringFromName("PrivateSlotDescription"),
+    "key slot should have expected 'desc'"
+  );
+  equal(
+    keySlot.manID,
+    bundle.GetStringFromName("ManufacturerID"),
+    "key slot should have expected 'manID'"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_token.js b/security/manager/ssl/tests/unit/test_pkcs11_token.js
new file mode 100644
index 0000000000..575fc26b88
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_token.js
@@ -0,0 +1,149 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 token, using
+// the internal key token.
+// We don't use either of the test tokens in the test PKCS #11 module because:
+//   1. Test token 1 cyclically inserts and removes itself in a tight loop.
+//      Using token 1 would complicate the test and introduce intermittent
+//      failures.
+//   2. Neither test token implements login or password related functionality.
+//      We want to test such functionality.
+//   3. Using the internal token lets us actually test the internal token works
+//      as expected.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function checkBasicAttributes(token) {
+  let bundle = Services.strings.createBundle(
+    "chrome://pipnss/locale/pipnss.properties"
+  );
+
+  let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
+  equal(
+    token.tokenName,
+    expectedTokenName,
+    "Actual and expected name should match"
+  );
+  equal(
+    token.tokenManID,
+    bundle.GetStringFromName("ManufacturerID"),
+    "Actual and expected manufacturer ID should match"
+  );
+  equal(
+    token.tokenHWVersion,
+    "0.0",
+    "Actual and expected hardware version should match"
+  );
+  equal(
+    token.tokenFWVersion,
+    "0.0",
+    "Actual and expected firmware version should match"
+  );
+  equal(
+    token.tokenSerialNumber,
+    "0000000000000000",
+    "Actual and expected serial number should match"
+  );
+}
+
+/**
+ * Checks the various password related features of the given token.
+ * The token should already have been init with a password and be logged into.
+ * The password of the token will be reset after calling this function.
+ *
+ * @param {nsIPK11Token} token
+ *        The token to test.
+ * @param {string} initialPW
+ *        The password that the token should have been init with.
+ */
+function checkPasswordFeaturesAndResetPassword(token, initialPW) {
+  ok(
+    !token.needsUserInit,
+    "Token should not need user init after setting a password"
+  );
+  ok(
+    token.hasPassword,
+    "Token should have a password after setting a password"
+  );
+
+  ok(
+    token.checkPassword(initialPW),
+    "checkPassword() should succeed if the correct initial password is given"
+  );
+  token.changePassword(initialPW, "newPW ÿ 一二三");
+  ok(
+    token.checkPassword("newPW ÿ 一二三"),
+    "checkPassword() should succeed if the correct new password is given"
+  );
+
+  ok(
+    !token.checkPassword("wrongPW"),
+    "checkPassword() should fail if an incorrect password is given"
+  );
+  ok(
+    !token.isLoggedIn(),
+    "Token should be logged out after an incorrect password was given"
+  );
+  ok(
+    !token.needsUserInit,
+    "Token should still be init with a password even if an incorrect " +
+      "password was given"
+  );
+
+  token.reset();
+  ok(token.needsUserInit, "Token should need password init after reset");
+  ok(!token.hasPassword, "Token should not have a password after reset");
+  ok(!token.isLoggedIn(), "Token should be logged out of after reset");
+}
+
+function run_test() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
+  let token = tokenDB.getInternalKeyToken();
+  notEqual(token, null, "The internal token should be present");
+  ok(
+    token.isInternalKeyToken,
+    "The internal token should be represented as such"
+  );
+
+  checkBasicAttributes(token);
+
+  ok(!token.isLoggedIn(), "Token should not be logged into yet");
+  // Test that attempting to log out even when the token was not logged into
+  // does not result in an error.
+  token.logoutSimple();
+  ok(!token.isLoggedIn(), "Token should still not be logged into");
+  ok(
+    !token.hasPassword,
+    "Token should not have a password before it has been set"
+  );
+
+  let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三";
+  token.initPassword(initialPW);
+  token.login(/* force */ false);
+  ok(token.isLoggedIn(), "Token should now be logged into");
+
+  checkPasswordFeaturesAndResetPassword(token, initialPW);
+
+  // We reset the password previously, so we need to initialize again.
+  token.initPassword("arbitrary");
+  ok(
+    token.isLoggedIn(),
+    "Token should be logged into after initializing password again"
+  );
+  token.logoutSimple();
+  ok(
+    !token.isLoggedIn(),
+    "Token should be logged out after calling logoutSimple()"
+  );
+
+  ok(
+    token.needsLogin(),
+    "The internal token should always need authentication"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
new file mode 100644
index 0000000000..127c533439
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
@@ -0,0 +1,20 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods for interfacing with the PKCS #11 token database.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function run_test() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
+
+  notEqual(
+    tokenDB.getInternalKeyToken(),
+    null,
+    "The internal token should be non-null"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_sanctions/apple-ist-ca-8-g1-intermediate.pem b/security/manager/ssl/tests/unit/test_sanctions/apple-ist-ca-8-g1-intermediate.pem
new file mode 100644
index 0000000000..8401bd3e87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/apple-ist-ca-8-g1-intermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAsegAwIBAgIQDGdiB3elq8S6U12Nrc+a1zAKBggqhkjOPQQDAzBhMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe
+Fw0xODEyMjExMjAwMDBaFw0zMTA2MDgxMjAwMDBaMGIxHDAaBgNVBAMME0FwcGxl
+IElTVCBDQSA4IC0gRzExIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABC1UjmiwEBPv9C3b2AmyQ+idZZluNLjUl8mOydaoIjcyyHFg
+7rDx8sVk9rpHX/zmB3gyLfbKgCDJ/XD4cpMhiEWjggFeMIIBWjAdBgNVHQ4EFgQU
+w8SkWAVj14MGupaN3LKPMva7t0EwHwYDVR0jBBgwFoAUs9tIpPmhxdiuNkHMEWNp
+Yim8S8YwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+BQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEF
+BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1UdHwQ7MDkwN6A1oDOG
+MWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMy5j
+cmwwWwYDVR0gBFQwUjAMBgoqhkiG92NkBQsEMAgGBmeBDAECAjA4BgpghkgBhv1s
+AAIEMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
+CgYIKoZIzj0EAwMDZwAwZAIwaMzTwP/37zR/ZM5T7OGnd9hYStUPL3QlqDXGhNUZ
+cUZM7UmDZWvBS97XS9wKCtxPAjAeetP564whYQw4g3yLIEqpXNiHCW1Pf1e+uXMa
+g1fK+AQr8p7TR2320C8NorVUcfM=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/cds-apple-com.pem b/security/manager/ssl/tests/unit/test_sanctions/cds-apple-com.pem
new file mode 100644
index 0000000000..5e3054e80e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/cds-apple-com.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGnzCCBkWgAwIBAgIQVwXojWDvTZtfUY6TR9QUTDAKBggqhkjOPQQDAjBiMRww
+GgYDVQQDDBNBcHBsZSBJU1QgQ0EgOCAtIEcxMSAwHgYDVQQLDBdDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMw
+HhcNMTkwMzExMjEzMjQxWhcNMjEwNDA5MjEzMjQxWjB2MRYwFAYDVQQDDA1jZHMu
+YXBwbGUuY29tMSUwIwYDVQQLDBxtYW5hZ2VtZW50OmlkbXMuZ3JvdXAuNjY1MDM1
+MRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYD
+VQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJHADA5vqarO+Cj0Ha6T
+uh/JhKmaIVuz0z7dVZUIBgVbxNOE3FW8zJTH20k4NBAnls3IXkJEiOWtt8GZbzlS
+cXijggTHMIIEwzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMPEpFgFY9eDBrqW
+jdyyjzL2u7dBMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2Nl
+cnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhOGcxLmRlcjA4BggrBgEFBQcwAYYsaHR0
+cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhOGcxMDUwGAYDVR0R
+BBEwD4INY2RzLmFwcGxlLmNvbTCB/gYDVR0gBIH2MIHzMIHwBgoqhkiG92NkBQsE
+MIHhMIGkBggrBgEFBQcCAjCBlwyBlFJlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNh
+dGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiBhbnkgYXBwbGlj
+YWJsZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UgYW5kL29yIGNlcnRpZmlj
+YXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wOAYIKwYBBQUHAgIwLAwqaHR0cDov
+L3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMB0GA1UdJQQWMBQG
+CCsGAQUFBwMCBggrBgEFBQcDATA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
+LmFwcGxlLmNvbS9hcHBsZWlzdGNhOGcxLmNybDAdBgNVHQ4EFgQUtfKFXS+GsdSn
+im90n/2GX/X47rgwDgYDVR0PAQH/BAQDAgOIMIICbgYKKwYBBAHWeQIEAgSCAl4E
+ggJaAlgAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWlutS/9
+AAAEAwBHMEUCIQC7JOfynh9ir4vZfE39sB2b7b9u6hwSo3i1A0WMCsB2kwIgHnqJ
+dmGCaGHryIgFREBginRf879Km3zjdnCR4XjGTN4AdgDuS723dc5guuFCaR+r4Z5m
+ow9+X7By2IMAxHuJeqj9ywAAAWlutS/9AAAEAwBHMEUCIQD+dYvPDT3PQ6T4eqqF
+SSHsHU+ETeeMIhPWF1+5xxt0igIgbjEPNy+PV3wa0+dw4Umqvlp4padXYhF/zxKQ
+UVSF5u0AdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlutTHE
+AAAEAwBHMEUCIQCsggeANxAqJffU5L8inc3QZCQpC5f3ILhwSymugYaelQIgOKLJ
+RmDt2rvI10G661L9MO0g4SHSbGZcTnkMVzUlSOUAdgBvU3asMfAxGdiZAKRRFf93
+FRwR2QLBACkGjbIImjfZEwAAAWlutTH/AAAEAwBHMEUCIFA7S1eyu7kxhvnAmVyB
+fJUi7cy2/bizaC0LLE0w35dNAiEA+aIKxhYy6VAAyGAmTiAOA/VU/pDtQp4uUIKF
+azgRpscAdgBElGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAWlutTA2
+AAAEAwBHMEUCIQDkm2/8xF0dSiyO/o8iwKPjEgYYhokUM03KLiSZWUSRzQIgMp5z
+ryZTqIHFLgbE0y7L8CCDvgZRRyoKbnBcCaGJJ1gwCgYIKoZIzj0EAwIDSAAwRQIh
+AKJgejWMoWWP42EQIPsvua2biHvRng0QcgA3+0GLzcjXAiBr2xfk0vGWinDLG3gz
+m73X42sCFxyMZrLDbgyeBQNI8A==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/default-ee.key b/security/manager/ssl/tests/unit/test_sanctions/default-ee.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/default-ee.key.keyspec b/security/manager/ssl/tests/unit/test_sanctions/default-ee.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_sanctions/default-ee.pem b/security/manager/ssl/tests/unit/test_sanctions/default-ee.pem
new file mode 100644
index 0000000000..5dc7cf4ef8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUOYwND1zpte36abEsvdvudfnxjHgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQw
+MjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgcow
+gccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tghUqLnBp
+bm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu
+ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMA0GCSqGSIb3DQEBCwUAA4IBAQBr5H7lb24bMQYGDFY5qeMDNcti
+AI4rI7Nu0aMvZtDcxqHkIg/a7nr7WeQc3gCg8mUJ6xvreXxRswrudZzjjsGiTbym
+qjEz7HYrbvdWh5bLtdL7aoP1KmFD722guwdXVYQ7tx65oHroH+UCU28VT/+WzsHc
+5OjBqZvR928aWEXwIen9lhdk/5Rq2IrFqCTuUrNR5aiP6gJZoy4nIh3IFIxqWzsm
+lOjqvzSQIuo+gLN7oduafrwetpp8ywSrDVTtp9yckIHuW8css+OZLfqbFPMSFRJo
+Qee+FhxaGgDoRGk8oVGYyTJYUPIReZa5dtNPKs1JQvdqhIeUwA3GnJBTFCan
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/default-ee.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/default-ee.pem.certspec
new file mode 100644
index 0000000000..554339ff52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem
new file mode 100644
index 0000000000..95316b235e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiagAwIBAgIUN+Dcp+HeMvZhIJ3BD5af4bwrj4IwDQYJKoZIhvcNAQEL
+BQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMT
+HEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwIhgPMjAxNjA2MDEwMDAwMDBa
+GA8yMDUwMDEwMTAwMDAwMFowKTEnMCUGA1UEAwweZWUtZnJvbS1hbGxvd2xpc3Qt
+YWZ0ZXItY3V0b2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABozowODA2BgNVHREELzAtgitzeW1hbnRlYy1hbGxv
+d2xpc3QtYWZ0ZXItY3V0b2ZmLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB
+AQB/2Pgyyje+T4uKkibYZ537NZB6OUvef4nrGtswjxKbUnHzrLK1kJd3mtyNpydK
+fzW8WV1CR+nltFI5oaoOAf26FuQfaoCADmlmFlirgnm2fEH2xCokDCQHIgQxNwXr
+Ok6JTHWeuaOsu+verDPjkuUATnONY+FRTBxfPh5B3OA+aBO62bAeNCAjIya1U60S
+emAnleYtwhXs0Q9TLsR7O7aSYP3FgnqnWPuOkPF3wrUiE8Nrd3givz5OJW42IU63
+ijiojHtPpjAiudbzD8y1zuDcxTxiI4jEjTDS1kIqnvHd3f4bSxpgcQUPk44nu+wO
+j5+as/TRu5dC+xHmWCVT10yd
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem.certspec
new file mode 100644
index 0000000000..c8a4249dfc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-after-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=US/O=Google Inc/CN=Google Internet Authority G2
+subject:ee-from-allowlist-after-cutoff
+validity:20160601-20500101
+extension:subjectAlternativeName:symantec-allowlist-after-cutoff.example.com
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem
new file mode 100644
index 0000000000..0c8a52b8d6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIUVWP+EbM7hYQLOXoABvWpRwoPWJ0wDQYJKoZIhvcNAQEL
+BQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMT
+HEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwIhgPMjAxNDA2MDEwMDAwMDBa
+GA8yMDUwMDEwMTAwMDAwMFowKjEoMCYGA1UEAwwfZWUtZnJvbS1hbGxvd2xpc3Qt
+YmVmb3JlLWN1dG9mZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaM7MDkwNwYDVR0RBDAwLoIsc3ltYW50ZWMtYWxs
+b3dsaXN0LWJlZm9yZS1jdXRvZmYuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQAD
+ggEBAFhn9xNv/Yp1Ua9OX7oXgbVgzxCIAm6/zDK7V4V37P5em/lI85OpbuuTO4ns
+9VB2/nijkELhSkiyCjmCaxQhlUBzA/2wJeNIfaWu9Mq5MR6jWShhNXND66lTCDIQ
+wGVQkBl8/3OqSD4IFI3pKAiPhCGsUnRIhGSARcrFMQpKssnN5XN1ump1YA7/u6Kv
+apNbKccgKvLekO8/kUpFrpHt+uQaNS2IeVrmOnNh4GtyD3DG1ZDcZ1VgLAnzbVUg
+xiUbs58mY0o1qumuzqJ0/ie5UPOjWnoXSNq6dd4jqsXcFeYXe106G6arV5BLN1Pa
+gNxxfOfBcebE1OwxZpfQwNy3JxI=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem.certspec
new file mode 100644
index 0000000000..51cecd1f8e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-from-allowlist-before-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=US/O=Google Inc/CN=Google Internet Authority G2
+subject:ee-from-allowlist-before-cutoff
+validity:20140601-20500101
+extension:subjectAlternativeName:symantec-allowlist-before-cutoff.example.com
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem
new file mode 100644
index 0000000000..65eab919b5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUNWWgyC4I0/jmqdamoCRL0qhP3QQwDQYJKoZIhvcNAQEL
+BQAwTzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0Fub3RoZXIgQ0EgSW5jLjEmMCQG
+A1UEAxMdU29tZSBPdGhlciBDQSBUaGFuIFRoZSBPdGhlcnMwIhgPMjAxNjA2MDEw
+MDAwMDBaGA8yMDUwMDEwMTAwMDAwMFowKjEoMCYGA1UEAwwfZWUtbm90LWFsbG93
+bGlzdGVkLWFmdGVyLWN1dG9mZjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNAMD4wPAYDVR0RBDUwM4Ixc3ltYW50
+ZWMtbm90LWFsbG93bGlzdGVkLWFmdGVyLWN1dG9mZi5leGFtcGxlLmNvbTANBgkq
+hkiG9w0BAQsFAAOCAQEARlQNYz+w2ekzdX8FKwlWoMX6Df5o4ZhXreRK9V4SuYJg
+SvAucL35TuTKkBz9C5VPjAL/Qts4n5DKWaWQfsvoCJOGtTMEKd1MEL9RbMFOewI0
+tN9sV9aMNsmhNPL4PB3A7lKJb8gi/tyoN3BXjsaZBxmyi5A6Vt3lyybgMOSTdzR6
+u2XAPm+zNDrOzc2tavZEyhEKzptaJuCQrefcnAM9JTHtJhvJp30WWighJyclqmRX
+bLDYaHRRuRI0jkgrrcUKolau8YKsSoIBoxP2aels8drZDH4UAC86GW2iF/tK+J65
++JJ2Mk9erdcLoYGLxHZqQySpRaFtciSF+Uym1nmNxA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem.certspec
new file mode 100644
index 0000000000..85edcf742d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-after-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=US/O=Another CA Inc./CN=Some Other CA Than The Others
+subject:ee-not-allowlisted-after-cutoff
+validity:20160601-20500101
+extension:subjectAlternativeName:symantec-not-allowlisted-after-cutoff.example.com
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem
new file mode 100644
index 0000000000..23d6fec107
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIUaxGuzjOrA/2qScMaz5tKQTUrvAYwDQYJKoZIhvcNAQEL
+BQAwTzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0Fub3RoZXIgQ0EgSW5jLjEmMCQG
+A1UEAxMdU29tZSBPdGhlciBDQSBUaGFuIFRoZSBPdGhlcnMwIhgPMjAxNDA2MDEw
+MDAwMDBaGA8yMDUwMDEwMTAwMDAwMFowKzEpMCcGA1UEAwwgZWUtbm90LWFsbG93
+bGlzdGVkLWJlZm9yZS1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjQTA/MD0GA1UdEQQ2MDSCMnN5bWFu
+dGVjLW5vdC1hbGxvd2xpc3RlZC1iZWZvcmUtY3V0b2ZmLmV4YW1wbGUuY29tMA0G
+CSqGSIb3DQEBCwUAA4IBAQBCkIIEXnX/3rv0JuF0FZEpROnQw8zoa4vZjwG1NmvH
++PwnTL7FvBg9QBK0n8ZKfCMqJU98jR5+x6V9Eo2amXEYRAsxCU6kY/Xz43OxGLQz
+5cbr9eDswWmt7h/LXl0tsprpgfBNaQ9512UbPMkDG4MSwLjkuTgdnM4dBsLURrAU
+5lcukutuNYJ7x92/Ah7hffouB6QHyP80onxqqQTQs2j/0MvJxlUWrnKBzk+B475W
+/1iMOCE3r2q6+TVp1sun9mcn7UvRHQRPvjSdjujjJ++5fqH5s4cF2Sv4lv+dEGJn
+xrr/a9GA3bUE6Iq9PbAeX3l7RaP+q/znSDBtaLYZ1Xau
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem.certspec
new file mode 100644
index 0000000000..b736169a04
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-ee-not-allowlisted-before-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=US/O=Another CA Inc./CN=Some Other CA Than The Others
+subject:ee-not-allowlisted-before-cutoff
+validity:20140601-20500101
+extension:subjectAlternativeName:symantec-not-allowlisted-before-cutoff.example.com
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem
new file mode 100644
index 0000000000..70bfa802ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIUHayrfZ5YGkWYRPXIsNuGSemGyk8wDQYJKoZIhvcNAQEL
+BQAwgZQxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlv
+bjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazFFMEMGA1UEAxM8U3lt
+YW50ZWMgQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAwMDBaMEkx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29n
+bGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUMbnz3c2Evfehzm1LU+L
+3UL3alL/C5jteDjrrNqkamAZF26klGAZ5AX2tW6yG4bOnmZMzqkW/NV8+ydE6HGW
+oVwm+qekOyR4nSPHS5mZRdHD3uBrVJ0PR2rUyk/6oIVBYEcNHY/vuHMorQ0q2plq
+Z+62i1SHuq5qxP9apKmhvmgwvna3ber9VH8DgiZLJRAuiDAXpanGZh37dm/e2ZVI
+OgVctvRIb7ETcDrSbj4oOKo4WwFaZHlsN1ee0hstxDnIVXWzu5cCdqGALlw2N1av
+RPUgDI0kshVojmvKFwnYptE1Ru+CYf403ZD7gt3ZvHueOTpEEKLRQp1QRELXIx/7
+XQ==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem.certspec
new file mode 100644
index 0000000000..518527b741
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-allowlisted.pem.certspec
@@ -0,0 +1,5 @@
+issuer:printableString/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 1 Public Primary Certification Authority - G4
+subject:printableString/C=US/O=Google Inc/CN=Google Internet Authority G2
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem
new file mode 100644
index 0000000000..819d8a30da
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFzCCAf+gAwIBAgIUBy1RVPb6jMqyBSQwtlK+jZftnKIwDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOVW5rbm93biBJc3N1ZXIwIhgPMjAxMDAxMDEwMDAwMDBa
+GA8yMDUwMDEwMTAwMDAwMFowTzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0Fub3Ro
+ZXIgQ0EgSW5jLjEmMCQGA1UEAxMdU29tZSBPdGhlciBDQSBUaGFuIFRoZSBPdGhl
+cnMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQAs7dfRClCtgzMfYVRIciVqdjNR+jeFLmYFCDDqx5h6zve4VfxK
+AEQPWNsIVdPlu+djILHHd9+RvLSHh5HqeXKppBevnux2SxwfXJQ3T+ysqGxH4tEQ
+BCgXryt8v5q/DL9H2+T352NJCh7ZMkftEta3Hchtr4TSaT7udtib1uQ9JeLx97LJ
+A6aI8SpfI/as1Ku1LAAV9rfhkJgMyeC0ppMfTVGj/gjgq8fL52/9Su9Id8l+SeYD
+yLCXjPX0rhAjTeJyiOpAK9OPQgk7i3DRvdO/F+JCkTNE9V6PLX0J+30g+3YZND+a
+R81zibhRfa6Ki5cqRflHYhAY4GCFk7mhHLsL
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem.certspec
new file mode 100644
index 0000000000..fdcb287cd1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other-crossigned.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Unknown Issuer
+subject:printableString/C=US/O=Another CA Inc./CN=Some Other CA Than The Others
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem
new file mode 100644
index 0000000000..9057a0a0dc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIUSyQ/MON3PZLW/WEcsIuOIT0kUlQwDQYJKoZIhvcNAQEL
+BQAwgZQxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlv
+bjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazFFMEMGA1UEAxM8U3lt
+YW50ZWMgQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAwMDBaME8x
+CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9Bbm90aGVyIENBIEluYy4xJjAkBgNVBAMT
+HVNvbWUgT3RoZXIgQ0EgVGhhbiBUaGUgT3RoZXJzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8E
+BAMCAQYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAfpCigqN5qPf/
+fD6N8a5taq4bsmggdNztYabFOFY8zIRNVYoVVAHd8a5FOlShKw1MTgRNEpzWcN4O
+rX16HCaKCJA6mGbkoE/XVqo/shQR1P0U8N75oeWgxd10IsWpJoYYtF38GIM+HZM4
+8NZ/aM2ViKWexlpa7KhmIjCNsP4U+VFXPwLLuKbegQ6miTwdyG5Sq2PLsjQEn4Xq
+/nHYyE3Nn+8H+dlyFuWn9XcJN9D9H3NqVGqAvnWWPR0Vz9Q5/iixw2Ym8NWNzlxa
+RXLC9Bfg1BDSJLttopU6qGPotuQkhlm1AElcauI9FaWATsdM82tNMK3hrHnTqV28
+C/BiYIunmA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem.certspec
new file mode 100644
index 0000000000..0c96819f94
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-intermediate-other.pem.certspec
@@ -0,0 +1,5 @@
+issuer:printableString/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 1 Public Primary Certification Authority - G4
+subject:printableString/C=US/O=Another CA Inc./CN=Some Other CA Than The Others
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem b/security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem
new file mode 100644
index 0000000000..77f5a05963
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIUd4MA0Hhfw36r5rkFHdHo5/oSbTYwDQYJKoZIhvcNAQEL
+BQAwgZQxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlv
+bjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazFFMEMGA1UEAxM8U3lt
+YW50ZWMgQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAwMDBaMIGU
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxRTBDBgNVBAMTPFN5bWFudGVj
+IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u
+togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6
+pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL
+KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq
+fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv
+Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za
+GAo17Y0CAwEAAaMdMBswCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAKAdvWVDbB3GxOooXgqNElLvjYwmNcWk12CvQnwxglCRytY5
+DX4UhcCJ6TW8pcezPDEdqrkf4iR+UpgDyBUbVa4m5O5MHGYy3nRHfwT/js9hh2PH
+gcAmT0ivknTFlEcP4D0kp7HQr2kmlFuW64HOM+/3J7Zyvu3VNYAlqTlxgG7QyRaN
+3W3jfDvc5Ol0O0vyFmhHv0k1yOqLJiOmmOOujfltl4Grbvss+wsHjmP+WOH/BYRn
+ACDXdvGr9uu0Z2mymqP0Sy2ZKKrbA7dX5Q/RUr4p3EfyDuNgERx+pYXTUeQ3o9sL
+ynQmBa+9aWijUN2USC69EDX9zObn7lO8WV19dQM=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem.certspec b/security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem.certspec
new file mode 100644
index 0000000000..f84697130c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions/symantec-test-ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:printableString/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 1 Public Primary Certification Authority - G4
+subject:printableString/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 1 Public Primary Certification Authority - G4
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_sanctions_symantec_apple_google.js b/security/manager/ssl/tests/unit/test_sanctions_symantec_apple_google.js
new file mode 100644
index 0000000000..4c3b9f406f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sanctions_symantec_apple_google.js
@@ -0,0 +1,95 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+do_get_profile();
+
+const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+add_tls_server_setup(
+  "SanctionsTestServer",
+  "test_sanctions",
+  /* Don't try to load non-existent test-ca.pem */ false
+);
+
+addCertFromFile(certDB, "test_sanctions/symantec-test-ca.pem", "CTu,u,u");
+
+// Add the necessary intermediates. This is important because the test server,
+// though it will attempt to send along an intermediate, isn't able to reliably
+// pick between the intermediate-other-crossigned and intermediate-other.
+add_test(function () {
+  addCertFromFile(
+    certDB,
+    "test_sanctions/symantec-intermediate-allowlisted.pem",
+    ",,"
+  );
+  addCertFromFile(
+    certDB,
+    "test_sanctions/symantec-intermediate-other.pem",
+    ",,"
+  );
+  run_next_test();
+});
+
+add_connection_test(
+  "symantec-not-allowlisted-before-cutoff.example.com",
+  MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED,
+  null,
+  null
+);
+
+add_connection_test(
+  "symantec-not-allowlisted-after-cutoff.example.com",
+  MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED,
+  null,
+  null
+);
+
+// Add a cross-signed intermediate into the database, and ensure we still get
+// the expected error.
+add_test(function () {
+  addCertFromFile(
+    certDB,
+    "test_sanctions/symantec-intermediate-other-crossigned.pem",
+    ",,"
+  );
+  run_next_test();
+});
+
+add_connection_test(
+  "symantec-not-allowlisted-before-cutoff.example.com",
+  MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED,
+  null,
+  null
+);
+
+// Load the Apple EE cert and its intermediate, then verify
+// it at a reasonable time and make sure the allowlists work
+add_task(async function () {
+  addCertFromFile(
+    certDB,
+    "test_sanctions/apple-ist-ca-8-g1-intermediate.pem",
+    ",,"
+  );
+  let allowlistedCert = constructCertFromFile(
+    "test_sanctions/cds-apple-com.pem"
+  );
+
+  // Since we don't want to actually try to fetch OCSP for this certificate,
+  // (as an external fetch is bad in the tests), disable OCSP first.
+  Services.prefs.setIntPref("security.OCSP.enabled", 0);
+
+  // (new Date("2020-01-01")).getTime() / 1000
+  const VALIDATION_TIME = 1577836800;
+
+  await checkCertErrorGenericAtTime(
+    certDB,
+    allowlistedCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    VALIDATION_TIME
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_sdr.js b/security/manager/ssl/tests/unit/test_sdr.js
new file mode 100644
index 0000000000..e9e477efc5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sdr.js
@@ -0,0 +1,272 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various aspects of the nsISecretDecoderRing implementation.
+
+do_get_profile();
+
+let gSetPasswordShownCount = 0;
+
+// Mock implementation of nsITokenPasswordDialogs.
+const gTokenPasswordDialogs = {
+  setPassword(ctx, tokenName) {
+    gSetPasswordShownCount++;
+    info(`setPassword() called; shown ${gSetPasswordShownCount} times`);
+    info(`tokenName: ${tokenName}`);
+    return false; // Returning false means "the user didn't cancel".
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsITokenPasswordDialogs"]),
+};
+
+let gMockPrompter = {
+  promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+    // Returning false simulates the user canceling the password prompt.
+    return false;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]),
+};
+
+// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
+// to call promptPassword. We return the mock one, above.
+let gWindowWatcher = {
+  getNewPrompter: () => gMockPrompter,
+  QueryInterface: ChromeUtils.generateQI(["nsIWindowWatcher"]),
+};
+
+add_task(function setup() {
+  let windowWatcherCID = MockRegistrar.register(
+    "@mozilla.org/embedcomp/window-watcher;1",
+    gWindowWatcher
+  );
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(windowWatcherCID);
+  });
+});
+
+add_task(function testEncryptString() {
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  // Test valid inputs for encryptString() and decryptString().
+  let inputs = [
+    "",
+    " ", // First printable latin1 character (code point 32).
+    "foo",
+    "1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?",
+    "¡äöüÿ", // Misc + last printable latin1 character (code point 255).
+    "aaa 一二三", // Includes Unicode with code points outside [0, 255].
+  ];
+  for (let input of inputs) {
+    let converter = Cc[
+      "@mozilla.org/intl/scriptableunicodeconverter"
+    ].createInstance(Ci.nsIScriptableUnicodeConverter);
+    converter.charset = "UTF-8";
+
+    let convertedInput = converter.ConvertFromUnicode(input);
+    convertedInput += converter.Finish();
+
+    let encrypted = sdr.encryptString(convertedInput);
+
+    notEqual(
+      convertedInput,
+      encrypted,
+      "Encrypted input should not just be the input itself"
+    );
+
+    try {
+      atob(encrypted);
+    } catch (e) {
+      ok(false, `encryptString() should have returned Base64: ${e}`);
+    }
+
+    equal(
+      convertedInput,
+      sdr.decryptString(encrypted),
+      "decryptString(encryptString(input)) should return input"
+    );
+  }
+
+  // Test invalid inputs for decryptString().
+  throws(
+    () => sdr.decryptString("*"),
+    /NS_ERROR_ILLEGAL_VALUE/,
+    "decryptString() should throw if given non-Base64 input"
+  );
+
+  // Test calling changePassword() pops up the appropriate dialog.
+  // Note: On Android, nsITokenPasswordDialogs is apparently not implemented,
+  //       which also seems to prevent us from mocking out the interface.
+  if (AppConstants.platform != "android") {
+    let tokenPasswordDialogsCID = MockRegistrar.register(
+      "@mozilla.org/nsTokenPasswordDialogs;1",
+      gTokenPasswordDialogs
+    );
+    registerCleanupFunction(() => {
+      MockRegistrar.unregister(tokenPasswordDialogsCID);
+    });
+
+    equal(
+      gSetPasswordShownCount,
+      0,
+      "changePassword() dialog should have been shown zero times"
+    );
+    sdr.changePassword();
+    equal(
+      gSetPasswordShownCount,
+      1,
+      "changePassword() dialog should have been shown exactly once"
+    );
+  }
+});
+
+add_task(async function testAsyncEncryptStrings() {
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  // Test valid inputs for encryptString() and decryptString().
+  let inputs = [
+    "",
+    " ", // First printable latin1 character (code point 32).
+    "foo",
+    "1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?",
+    "¡äöüÿ", // Misc + last printable latin1 character (code point 255).
+    "aaa 一二三", // Includes Unicode with code points outside [0, 255].
+  ];
+
+  let encrypteds = await sdr.asyncEncryptStrings(inputs);
+  for (let i = 0; i < inputs.length; i++) {
+    let encrypted = encrypteds[i];
+    let input = inputs[i];
+    let converter = Cc[
+      "@mozilla.org/intl/scriptableunicodeconverter"
+    ].createInstance(Ci.nsIScriptableUnicodeConverter);
+    converter.charset = "UTF-8";
+
+    let convertedInput = converter.ConvertFromUnicode(input);
+    convertedInput += converter.Finish();
+    notEqual(
+      convertedInput,
+      encrypted,
+      "Encrypted input should not just be the input itself"
+    );
+
+    try {
+      atob(encrypted);
+    } catch (e) {
+      ok(false, `encryptString() should have returned Base64: ${e}`);
+    }
+
+    equal(
+      convertedInput,
+      sdr.decryptString(encrypted),
+      "decryptString(encryptString(input)) should return input"
+    );
+  }
+});
+
+add_task(async function testAsyncDecryptStrings() {
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  // Test valid inputs for encryptString() and decryptString().
+  let testCases = [
+    "",
+    " ", // First printable latin1 character (code point 32).
+    "foo",
+    "1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?",
+    "¡äöüÿ", // Misc + last printable latin1 character (code point 255).
+    "aaa 一二三", // Includes Unicode with code points outside [0, 255].
+  ];
+
+  let convertedTestCases = testCases.map(tc => {
+    let converter = Cc[
+      "@mozilla.org/intl/scriptableunicodeconverter"
+    ].createInstance(Ci.nsIScriptableUnicodeConverter);
+    converter.charset = "UTF-8";
+
+    let convertedInput = converter.ConvertFromUnicode(tc);
+    convertedInput += converter.Finish();
+    return convertedInput;
+  });
+
+  let encryptedStrings = convertedTestCases.map(tc => sdr.encryptString(tc));
+  let decrypteds = await sdr.asyncDecryptStrings(encryptedStrings);
+  for (let i = 0; i < encryptedStrings.length; i++) {
+    let decrypted = decrypteds[i];
+
+    equal(
+      decrypted,
+      testCases[i],
+      "decrypted string should match expected value"
+    );
+    equal(
+      sdr.decryptString(encryptedStrings[i]),
+      convertedTestCases[i],
+      "decryptString(encryptString(input)) should return the initial decrypted string value"
+    );
+  }
+});
+
+add_task(async function testAsyncDecryptInvalidStrings() {
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  // Test invalid inputs for sdr.asyncDecryptStrings
+  let testCases = [
+    "~bmV0cGxheQ==", // invalid base64 encoding
+    "bmV0cGxheQ==", // valid base64 characters but not encrypted
+    "https://www.example.com", // website address from erroneous migration
+  ];
+
+  let decrypteds = await sdr.asyncDecryptStrings(testCases);
+  equal(
+    decrypteds.length,
+    testCases.length,
+    "each testcase should still return a response"
+  );
+  for (let i = 0; i < decrypteds.length; i++) {
+    let decrypted = decrypteds[i];
+
+    equal(
+      decrypted,
+      "",
+      "decrypted string should be empty when trying to decrypt an invalid input with asyncDecryptStrings"
+    );
+
+    Assert.throws(
+      () => sdr.decryptString(testCases[i]),
+      /NS_ERROR_ILLEGAL_VALUE|NS_ERROR_FAILURE/,
+      `Check testcase would have thrown: ${testCases[i]}`
+    );
+  }
+});
+
+add_task(async function testAsyncDecryptLoggedOut() {
+  // Set a master password.
+  let token = Cc["@mozilla.org/security/pk11tokendb;1"]
+    .getService(Ci.nsIPK11TokenDB)
+    .getInternalKeyToken();
+  token.initPassword("password");
+  token.logoutSimple();
+
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  await Assert.rejects(
+    sdr.asyncDecryptStrings(["irrelevant"]),
+    /NS_ERROR_NOT_AVAILABLE/,
+    "Check error is thrown instead of returning empty strings"
+  );
+
+  token.reset();
+  token.initPassword("");
+});
diff --git a/security/manager/ssl/tests/unit/test_sdr_preexisting.js b/security/manager/ssl/tests/unit/test_sdr_preexisting.js
new file mode 100644
index 0000000000..69b5c194df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sdr_preexisting.js
@@ -0,0 +1,79 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that the SDR implementation is able to decrypt strings encrypted using
+// a preexisting NSS key database. Creating the database is straight-forward:
+// simply run Firefox (or xpcshell) and encrypt something using
+// nsISecretDecoderRing (e.g. by saving a password or directly using the
+// interface). The resulting key4.db file (in the profile directory) now
+// contains the private key used to encrypt the data.
+
+function run_test() {
+  const keyDBName = "key4.db";
+  let profile = do_get_profile();
+  let keyDBFile = do_get_file(`test_sdr_preexisting/${keyDBName}`);
+  keyDBFile.copyTo(profile, keyDBName);
+
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  let testcases = [
+    // a full padding block
+    {
+      ciphertext:
+        "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d",
+      plaintext: "password",
+    },
+    // 7 bytes of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECCAzLDVmYG2/BAh3IoIsMmT8dQ==",
+      plaintext: "a",
+    },
+    // 6 bytes of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECPN8zlZzn8FdBAiu2acpT8UHsg==",
+      plaintext: "bb",
+    },
+    // 1 byte of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECD5px1eMKkJQBAgUPp35GlrDvQ==",
+      plaintext: "!seven!",
+    },
+    // 2 bytes of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECMh0hLtKDyUdBAixw9UZsMt+vA==",
+      plaintext: "sixsix",
+    },
+    // long plaintext requiring more than two blocks
+    {
+      ciphertext:
+        "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDATFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
+      plaintext: "thisismuchlongerandsotakesupmultipleblocks",
+    },
+    // this differs from the previous ciphertext by one bit and demonstrates
+    // that this implementation does not enforce message integrity
+    {
+      ciphertext:
+        "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDAbFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
+      plaintext: "nnLbuwLRkhlongerandsotakesupmultipleblocks",
+    },
+  ];
+
+  for (let testcase of testcases) {
+    let decrypted = sdr.decryptString(testcase.ciphertext);
+    equal(
+      decrypted,
+      testcase.plaintext,
+      "decrypted ciphertext should match expected plaintext"
+    );
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_sdr_preexisting/key4.db b/security/manager/ssl/tests/unit/test_sdr_preexisting/key4.db
new file mode 100644
index 0000000000..8f320dfdbd
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_sdr_preexisting/key4.db differ
diff --git a/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
new file mode 100644
index 0000000000..5c1b2bb653
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
@@ -0,0 +1,135 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that the SDR implementation is able to decrypt strings encrypted using
+// a preexisting NSS key database that has a password.
+// To create such a database, run Firefox (or xpcshell), set a primary
+// password, and then encrypt something using nsISecretDecoderRing.
+
+var gMockPrompter = {
+  passwordToTry: "password",
+  numPrompts: 0,
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gMockPrompter| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+    this.numPrompts++;
+    if (this.numPrompts > 1) {
+      // don't keep retrying a bad password
+      return false;
+    }
+    equal(
+      text,
+      "Please enter your Primary Password.",
+      "password prompt text should be as expected"
+    );
+    equal(checkMsg, null, "checkMsg should be null");
+    ok(this.passwordToTry, "passwordToTry should be non-null");
+    password.value = this.passwordToTry;
+    return true;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]),
+};
+
+// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
+// to call promptPassword. We return the mock one, above.
+var gWindowWatcher = {
+  getNewPrompter: () => gMockPrompter,
+  QueryInterface: ChromeUtils.generateQI(["nsIWindowWatcher"]),
+};
+
+function run_test() {
+  let windowWatcherCID = MockRegistrar.register(
+    "@mozilla.org/embedcomp/window-watcher;1",
+    gWindowWatcher
+  );
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(windowWatcherCID);
+  });
+
+  // Append a single quote and non-ASCII characters to the profile path.
+  let profd = Services.env.get("XPCSHELL_TEST_PROFILE_DIR");
+  let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+  file.initWithPath(profd);
+  file.append("'÷1");
+  Services.env.set("XPCSHELL_TEST_PROFILE_DIR", file.path);
+
+  let profile = do_get_profile(); // must be called before getting nsIX509CertDB
+  Assert.ok(
+    /[^\x20-\x7f]/.test(profile.path),
+    "the profile path should contain a non-ASCII character"
+  );
+
+  let key4DBFile = do_get_file("test_sdr_preexisting_with_password/key4.db");
+  key4DBFile.copyTo(profile, "key4.db");
+
+  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+    Ci.nsISecretDecoderRing
+  );
+
+  let testcases = [
+    // a full padding block
+    {
+      ciphertext:
+        "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d",
+      plaintext: "password",
+    },
+    // 7 bytes of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECCAzLDVmYG2/BAh3IoIsMmT8dQ==",
+      plaintext: "a",
+    },
+    // 6 bytes of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECPN8zlZzn8FdBAiu2acpT8UHsg==",
+      plaintext: "bb",
+    },
+    // 1 byte of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECD5px1eMKkJQBAgUPp35GlrDvQ==",
+      plaintext: "!seven!",
+    },
+    // 2 bytes of padding
+    {
+      ciphertext:
+        "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECMh0hLtKDyUdBAixw9UZsMt+vA==",
+      plaintext: "sixsix",
+    },
+    // long plaintext requiring more than two blocks
+    {
+      ciphertext:
+        "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDATFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
+      plaintext: "thisismuchlongerandsotakesupmultipleblocks",
+    },
+    // this differs from the previous ciphertext by one bit and demonstrates
+    // that this implementation does not enforce message integrity
+    {
+      ciphertext:
+        "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDAbFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
+      plaintext: "nnLbuwLRkhlongerandsotakesupmultipleblocks",
+    },
+  ];
+
+  for (let testcase of testcases) {
+    let decrypted = sdr.decryptString(testcase.ciphertext);
+    equal(
+      decrypted,
+      testcase.plaintext,
+      "decrypted ciphertext should match expected plaintext"
+    );
+  }
+  equal(
+    gMockPrompter.numPrompts,
+    1,
+    "Should have been prompted for a password once"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password/key4.db b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password/key4.db
new file mode 100644
index 0000000000..959718da34
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password/key4.db differ
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs.js b/security/manager/ssl/tests/unit/test_self_signed_certs.js
new file mode 100644
index 0000000000..ef0a38f9bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs.js
@@ -0,0 +1,109 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// This test uses a specially-crafted NSS cert DB containing 12 self-signed certificates that all
+// have the same subject and issuer distinguished name. Since they all have different keys and none
+// of them are trust anchors, there are a large number of potential trust paths that could be
+// explored. If our trust domain were naive enough to allow mozilla::pkix to explore them all, it
+// would take a long time to perform (mozilla::pkix does have the concept of a path-building budget,
+// but even on a fast computer, it takes an unacceptable amount of time to exhaust). To prevent the
+// full exploration of this space, NSSCertDBTrustDomain skips searching through self-signed
+// certificates that aren't trust anchors, since those would never otherwise be essential to
+// complete a path (note that this is only true as long as the extensions we support are restrictive
+// rather than additive).
+// When we try to verify one of these certificates in this test, we should finish relatively
+// quickly, even on slow hardware.
+// Should these certificates ever need regenerating, they were produced with the following commands:
+// certutil -N -d . --empty-password
+// for num in 00 01 02 03 04 05 06 07 08 09 10 11; do
+//   echo -ne "5\n6\n9\ny\ny\n\ny\n" | certutil -d . -S -s "CN=self-signed cert" -t ,, \
+//   -q secp256r1 -x -k ec -z <(date +%s) -1 -2 -n cert$num; sleep 2;
+// done
+
+add_task(async function test_no_overlong_path_building() {
+  let profile = do_get_profile();
+  const CERT_DB_NAME = "cert9.db";
+  let srcCertDBFile = do_get_file(`test_self_signed_certs/${CERT_DB_NAME}`);
+  srcCertDBFile.copyTo(profile, CERT_DB_NAME);
+
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let certToVerify = null;
+  for (let cert of certDB.getCerts()) {
+    if (cert.subjectName == "CN=self-signed cert") {
+      certToVerify = cert;
+      break;
+    }
+  }
+  notEqual(
+    certToVerify,
+    null,
+    "should have found one of the preloaded self-signed certs"
+  );
+  let timeBefore = Date.now();
+  // As mentioned above, mozilla::pkix limits how much it will search for a trusted path, even if a
+  // trust domain keeps providing potential issuers. So, if we only tried to verify a certificate
+  // once, this test could potentially pass on a fast computer even if we weren't properly skipping
+  // unnecessary paths. If we were to try and lower our time limit (the comparison with
+  // secondsElapsed, below), this test would intermittently fail on slow hardware. By trying to
+  // verify the certificate 10 times, we hopefully end up with a meaningful test (it should still
+  // fail on fast hardware if we don't properly skip unproductive paths) that won't intermittently
+  // time out on slow hardware.
+  for (let i = 0; i < 10; i++) {
+    let date = new Date("2019-05-15T00:00:00.000Z");
+    await checkCertErrorGenericAtTime(
+      certDB,
+      certToVerify,
+      SEC_ERROR_UNKNOWN_ISSUER,
+      certificateUsageSSLCA,
+      date.getTime() / 1000
+    );
+  }
+  let timeAfter = Date.now();
+  let secondsElapsed = (timeAfter - timeBefore) / 1000;
+  ok(secondsElapsed < 120, "verifications shouldn't take too long");
+});
+
+add_task(async function test_no_bad_signature() {
+  // If there are two self-signed CA certificates with the same subject and
+  // issuer but different keys, where one is trusted, test that using the other
+  // one as a server certificate doesn't result in a non-overridable "bad
+  // signature" error but rather a "self-signed cert" error.
+  let selfSignedCert = constructCertFromFile("test_self_signed_certs/ca1.pem");
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certDB, "test_self_signed_certs/ca2.pem", "CTu,,");
+  await checkCertErrorGeneric(
+    certDB,
+    selfSignedCert,
+    MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT,
+    certificateUsageSSLServer,
+    false,
+    "example.com"
+  );
+});
+
+add_task(async function test_no_inadequate_key_usage() {
+  // If there are two different non-CA, self-signed certificates with the same
+  // subject and issuer but different keys, test that using one of them as a
+  // server certificate doesn't result in a non-overridable "inadequate key
+  // usage" error but rather a "self-signed cert" error.
+  let selfSignedCert = constructCertFromFile("test_self_signed_certs/ee1.pem");
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certDB, "test_self_signed_certs/ee2.pem", ",,");
+  await checkCertErrorGeneric(
+    certDB,
+    selfSignedCert,
+    MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT,
+    certificateUsageSSLServer,
+    false,
+    "example.com"
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem b/security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem
new file mode 100644
index 0000000000..49c905eacc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAgIBATANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5TZWxm
+LVNpZ25lZCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAZ
+MRcwFQYDVQQDDA5TZWxmLVNpZ25lZCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAGYbweuY4SItzbgVeI2G
+EvJKGbHGlPdB/pYA8j02AIajr8zY79b/mcuPmGmBJHXmmQc9ipV3QnVO3IYjKZwo
+HEAR7duowBrB36B3MXjelaruYwno2qw0+duiz0OLpo0DOstcMDIs2UiSoNTZ1wue
++tmrNlnWWC7V7hTLZZ4Z7v7bi55G0OviCNOdW+EBi9VoQBGJLxZFcW9uE//mBCNx
+nKANNdb4ube7ulIfox/pQ1+yE+ddY/MfQHd67oX4wPNRfHAePT4vvJkUWXiXap21
+gdkAUbbwz0r1mDzvvKmVauT7N5+m2Zj6b3wCBvtITuD4zi/og61o6xyQ52DTYu4M
+hPk=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem.certspec b/security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem.certspec
new file mode 100644
index 0000000000..97bc2d4ad1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ca1.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Self-Signed CA
+subject:Self-Signed CA
+serialNumber:1
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem b/security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem
new file mode 100644
index 0000000000..7efca5da17
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5TZWxm
+LVNpZ25lZCBDQTAiGA8yMDIxMTEyNzAwMDAwMFoYDzIwMjQwMjA1MDAwMDAwWjAZ
+MRcwFQYDVQQDDA5TZWxmLVNpZ25lZCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJ
+isSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF
+2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElE
+WQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzS
+g3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0Y
+xMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAL5sqCV7HbsLEO3Az1n4
+ulmzaJHdyrae6l46Fws849G65O2suhBS55ENGFLmpof12WOXSvYxRf6swswYnm6S
+oTcjg/A5gVfmRYl/wMR0qBZQV1stLmOsnMqiVqB5BSB1szAv/ItAo2DLtH+6FDaW
+1xl0bcJsRxhtKqK9ST9Jr+HLsGZOGlA1r5++PZXaa+OA+dARcjDmNnJUFZYR0/vq
+gMc2MHl4/4XvrPZvfbCV3Alzy7UDq05/9EodR+DlACs/LWExHi8nTW0ZtwkfsbHH
+cfRw7xa3KInaCVYVs3jXzsFNNxUYKCmvm0cojdf3S9Va9/4z555XIK/a30kCFBbf
+hJc=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem.certspec b/security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem.certspec
new file mode 100644
index 0000000000..f827239d2a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ca2.pem.certspec
@@ -0,0 +1,7 @@
+issuer:Self-Signed CA
+subject:Self-Signed CA
+serialNumber:2
+issuerKey:alternate
+subjectKey:alternate
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/cert9.db b/security/manager/ssl/tests/unit/test_self_signed_certs/cert9.db
new file mode 100644
index 0000000000..5450fe82e5
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_self_signed_certs/cert9.db differ
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem b/security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem
new file mode 100644
index 0000000000..d61091216d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIBATANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBTZWxm
+LVNpZ25lZCBDZXJ0MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBsxGTAXBgNVBAMMEFNlbGYtU2lnbmVkIENlcnQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBADHcrQaX6Vw4BP8YDSNQ9dACjWliS6NMIDlG9ZIck2NvnmiDY6yOiENX
+G/gOAI4k+Eq6l83ZtE3EEB0ljREzhoUkxuP8w8mKZUflvAxtYh5t1sLmhNnC7YCN
+KG2SspKJC2/7nKsxG6s2jvnCqkreeNNH7BdJ2AHwRPEu2UudXrooDh9mgPac0Woa
+wx0nT9Kqun7JYMXxro+/837+qvaAhWlFYKglq3PaNMQShBkjRARXpCMV0N5TWNFp
+f7MXUoKC/+R+4rRKgln4KTXtkk7Ggn13oBrGPhF3fvVZlP2ySAkTW8Ii58MA24N9
+TNM0MP661fQXHZGVg7EAKcqa2bxKIAY=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem.certspec b/security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem.certspec
new file mode 100644
index 0000000000..9582f7b918
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ee1.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Self-Signed Cert
+subject:Self-Signed Cert
+serialNumber:1
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem b/security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem
new file mode 100644
index 0000000000..1a7ee50368
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBTZWxm
+LVNpZ25lZCBDZXJ0MCIYDzIwMjExMTI3MDAwMDAwWhgPMjAyNDAyMDUwMDAwMDBa
+MBsxGTAXBgNVBAMMEFNlbGYtU2lnbmVkIENlcnQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvUb6Za2ird
+QcjCSYrEo7PB9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo
+828jxdmDE7nfrzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst
+/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0i
+tqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dhZyQqsf1t
+YhQNGMTAuMaPw3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAFqvHU0CJMIydbm8TKpLB5eI/gHE6dGxHKDyZlfTeGCGsILl/ejp46VU
+Cs+aDmLxyMuNmnsNNoHBa8oTV4jyVRR/zWkibVKM4Fzz1YJclOMVrcxJqhDk1Gcj
+og+N29pxG8BwCdNbKLFma6xjIGK7j6mc6kpb+dbURiEI7tPkEW2jGk77xkGM93co
+drRMCwsmTt2QTsQDVmpNnd5avfQgguBYy/5/kyvAo6vDQE1Sj7cBg0+YPASzjFR4
+oIfyo+neTITxDfd0QLBSSFa+dIZUGKVF+XKe4FCKLlfVmO/MI7llJilR8RiNcZCh
+eX/8OfjNpptiQBydCgKycHcXSVkvWRg=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem.certspec b/security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem.certspec
new file mode 100644
index 0000000000..fa45f13078
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs/ee2.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Self-Signed Cert
+subject:Self-Signed Cert
+serialNumber:2
+issuerKey:alternate
+subjectKey:alternate
diff --git a/security/manager/ssl/tests/unit/test_session_resumption.js b/security/manager/ssl/tests/unit/test_session_resumption.js
new file mode 100644
index 0000000000..fe7252a630
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_session_resumption.js
@@ -0,0 +1,291 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that PSM makes the correct determination of the security status of
+// loads involving session resumption (i.e. when a TLS handshake bypasses the
+// AuthCertificate callback).
+
+do_get_profile();
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+});
+
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+addCertFromFile(certdb, "bad_certs/evroot.pem", "CTu,,");
+addCertFromFile(certdb, "bad_certs/ev-test-intermediate.pem", ",,");
+
+// For expired.example.com, the platform will make a connection that will fail.
+// Using information gathered at that point, an override will be added and
+// another connection will be made. This connection will succeed. At that point,
+// as long as the session cache isn't cleared, subsequent new connections should
+// use session resumption, thereby bypassing the AuthCertificate hook. We need
+// to ensure that the correct security state is propagated to the new connection
+// information object.
+function add_resume_non_ev_with_override_test() {
+  // This adds the override and makes one successful connection.
+  add_cert_override_test("expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE);
+
+  // This connects again, using session resumption. Note that we don't clear
+  // the TLS session cache between these operations (that would defeat the
+  // purpose).
+  add_connection_test(
+    "expired.example.com",
+    PRErrorCodeSuccess,
+    null,
+    transportSecurityInfo => {
+      ok(transportSecurityInfo.resumed, "connection should be resumed");
+      ok(
+        transportSecurityInfo.securityState &
+          Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+        "expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag"
+      );
+      equal(
+        transportSecurityInfo.succeededCertChain.length,
+        0,
+        "expired.example.com should not have succeededCertChain set"
+      );
+      equal(
+        transportSecurityInfo.failedCertChain.length,
+        2,
+        "expired.example.com should have failedCertChain set"
+      );
+      equal(
+        transportSecurityInfo.overridableErrorCategory,
+        Ci.nsITransportSecurityInfo.ERROR_TIME,
+        "expired.example.com should have time overridable error category"
+      );
+      ok(
+        !transportSecurityInfo.isExtendedValidation,
+        "expired.example.com should not have isExtendedValidation set"
+      );
+
+      let certOverrideService = Cc[
+        "@mozilla.org/security/certoverride;1"
+      ].getService(Ci.nsICertOverrideService);
+      certOverrideService.clearValidityOverride(
+        "expired.example.com",
+        8443,
+        {}
+      );
+    }
+  );
+}
+
+// Helper function that adds a test that connects to ev-test.example.com and
+// verifies that it validates as EV (or not, if we're running a non-debug
+// build). This assumes that an appropriate OCSP responder is running or that
+// good responses are cached.
+function add_one_ev_test(resumed) {
+  add_connection_test(
+    "ev-test.example.com",
+    PRErrorCodeSuccess,
+    null,
+    transportSecurityInfo => {
+      equal(
+        transportSecurityInfo.resumed,
+        resumed,
+        "connection should be resumed or not resumed as expected"
+      );
+      ok(
+        !(
+          transportSecurityInfo.securityState &
+          Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN
+        ),
+        "ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag"
+      );
+      equal(
+        transportSecurityInfo.succeededCertChain.length,
+        3,
+        "ev-test.example.com should have succeededCertChain set"
+      );
+      equal(
+        transportSecurityInfo.failedCertChain.length,
+        0,
+        "ev-test.example.com should not have failedCertChain set"
+      );
+      equal(
+        transportSecurityInfo.overridableErrorCategory,
+        Ci.nsITransportSecurityInfo.ERROR_UNSET,
+        "ev-test.example.com should not have an overridable error category"
+      );
+      ok(
+        !gEVExpected || transportSecurityInfo.isExtendedValidation,
+        "ev-test.example.com should have isExtendedValidation set " +
+          "(or this is a non-debug build)"
+      );
+    }
+  );
+}
+
+// This test is similar, except with extended validation. We should connect
+// successfully, and the certificate should be EV in debug builds. Without
+// clearing the session cache, we should connect successfully again, this time
+// with session resumption. The certificate should again be EV in debug builds.
+function add_resume_ev_test() {
+  const SERVER_PORT = 8888;
+  let expectedRequestPaths = ["ev-test"];
+  let responseTypes = ["good"];
+  // Since we cache OCSP responses, we only ever actually serve one set.
+  let ocspResponder;
+  // If we don't wrap this in an `add_test`, the OCSP responder will be running
+  // while we are actually running unrelated testcases, which can disrupt them.
+  add_test(() => {
+    ocspResponder = startOCSPResponder(
+      SERVER_PORT,
+      "localhost",
+      "bad_certs",
+      expectedRequestPaths,
+      expectedRequestPaths.slice(),
+      null,
+      responseTypes
+    );
+    run_next_test();
+  });
+  // We should be able to connect and verify the certificate as EV (in debug
+  // builds).
+  add_one_ev_test(false);
+  // We should be able to connect again (using session resumption). In debug
+  // builds, the certificate should be noted as EV. Again, it's important that
+  // nothing clears the TLS cache in between these two operations.
+  add_one_ev_test(true);
+
+  add_test(() => {
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+const GOOD_DOMAIN = "good.include-subdomains.pinning.example.com";
+
+// Helper function that adds a test that connects to a domain that should
+// succeed (but isn't EV) and verifies that its succeededCertChain gets set
+// appropriately.
+function add_one_non_ev_test() {
+  add_connection_test(
+    GOOD_DOMAIN,
+    PRErrorCodeSuccess,
+    null,
+    transportSecurityInfo => {
+      ok(
+        !(
+          transportSecurityInfo.securityState &
+          Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN
+        ),
+        `${GOOD_DOMAIN} should not have STATE_CERT_USER_OVERRIDDEN flag`
+      );
+      ok(
+        transportSecurityInfo.succeededCertChain,
+        `${GOOD_DOMAIN} should have succeededCertChain set`
+      );
+      equal(
+        transportSecurityInfo.overridableErrorCategory,
+        0,
+        `${GOOD_DOMAIN} should not have an overridable error category set`
+      );
+      ok(
+        !transportSecurityInfo.isExtendedValidation,
+        `${GOOD_DOMAIN} should not have isExtendedValidation set`
+      );
+    }
+  );
+}
+
+// This test is similar, except with non-extended validation. We should connect
+// successfully, and the certificate should not be EV. Without clearing the
+// session cache, we should connect successfully again, this time with session
+// resumption. In this case, though, we want to ensure the succeededCertChain is
+// set.
+function add_resume_non_ev_test() {
+  add_one_non_ev_test();
+  add_one_non_ev_test();
+}
+
+const statsPtr = getSSLStatistics();
+const toInt32 = ctypes.Int64.lo;
+
+// Connect to the same domain with two origin attributes and check if any ssl
+// session is resumed.
+function add_origin_attributes_test(
+  originAttributes1,
+  originAttributes2,
+  resumeExpected
+) {
+  add_connection_test(
+    GOOD_DOMAIN,
+    PRErrorCodeSuccess,
+    clearSessionCache,
+    null,
+    null,
+    originAttributes1
+  );
+
+  let hitsBeforeConnect;
+  let missesBeforeConnect;
+  let expectedHits = resumeExpected ? 1 : 0;
+  let expectedMisses = 1 - expectedHits;
+
+  add_connection_test(
+    GOOD_DOMAIN,
+    PRErrorCodeSuccess,
+    function () {
+      // Add the hits and misses before connection.
+      let stats = statsPtr.contents;
+      hitsBeforeConnect = toInt32(stats.sch_sid_cache_hits);
+      missesBeforeConnect = toInt32(stats.sch_sid_cache_misses);
+    },
+    function () {
+      let stats = statsPtr.contents;
+      equal(
+        toInt32(stats.sch_sid_cache_hits),
+        hitsBeforeConnect + expectedHits,
+        "Unexpected cache hits"
+      );
+      equal(
+        toInt32(stats.sch_sid_cache_misses),
+        missesBeforeConnect + expectedMisses,
+        "Unexpected cache misses"
+      );
+    },
+    null,
+    originAttributes2
+  );
+}
+
+function add_resumption_tests() {
+  add_resume_ev_test();
+  add_resume_non_ev_test();
+  add_resume_non_ev_with_override_test();
+  add_origin_attributes_test({}, {}, true);
+  add_origin_attributes_test({ userContextId: 1 }, { userContextId: 2 }, false);
+  add_origin_attributes_test({ userContextId: 3 }, { userContextId: 3 }, true);
+  add_origin_attributes_test(
+    { firstPartyDomain: "foo.com" },
+    { firstPartyDomain: "bar.com" },
+    false
+  );
+  add_origin_attributes_test(
+    { firstPartyDomain: "baz.com" },
+    { firstPartyDomain: "baz.com" },
+    true
+  );
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+  add_resumption_tests();
+  // Enable external session cache and reset the status.
+  add_test(function () {
+    Services.prefs.setBoolPref("network.ssl_tokens_cache_enabled", true);
+    certdb.clearOCSPCache();
+    run_next_test();
+  });
+  // Do tests again.
+  add_resumption_tests();
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps.js b/security/manager/ssl/tests/unit/test_signed_apps.js
new file mode 100644
index 0000000000..4893bfd714
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps.js
@@ -0,0 +1,1038 @@
+"use strict";
+
+// Tests the API nsIX509CertDB.openSignedAppFileAsync, which backs add-on
+// signature verification. Testcases include various ways of tampering with
+// add-ons as well as different hash algorithms used in the various
+// signature/metadata files.
+
+// from prio.h
+const PR_RDWR = 0x04;
+const PR_CREATE_FILE = 0x08;
+const PR_TRUNCATE = 0x20;
+const PR_USEC_PER_MSEC = 1000;
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+// Creates a new app package based in the inFilePath package, with a set of
+// modifications (including possibly deletions) applied to the existing entries,
+// and/or a set of new entries to be included.
+function tamper(inFilePath, outFilePath, modifications, newEntries) {
+  let writer = Cc["@mozilla.org/zipwriter;1"].createInstance(Ci.nsIZipWriter);
+  writer.open(outFilePath, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE);
+  try {
+    let reader = Cc["@mozilla.org/libjar/zip-reader;1"].createInstance(
+      Ci.nsIZipReader
+    );
+    reader.open(inFilePath);
+    try {
+      for (let entryName of reader.findEntries("")) {
+        let inEntry = reader.getEntry(entryName);
+        let entryInput = reader.getInputStream(entryName);
+        try {
+          let f = modifications[entryName];
+          let outEntry, outEntryInput;
+          if (f) {
+            [outEntry, outEntryInput] = f(inEntry, entryInput);
+            delete modifications[entryName];
+          } else {
+            [outEntry, outEntryInput] = [inEntry, entryInput];
+          }
+          // if f does not want the input entry to be copied to the output entry
+          // at all (i.e. it wants it to be deleted), it will return null.
+          if (outEntryInput) {
+            try {
+              writer.addEntryStream(
+                entryName,
+                outEntry.lastModifiedTime,
+                outEntry.compression,
+                outEntryInput,
+                false
+              );
+            } finally {
+              if (entryInput != outEntryInput) {
+                outEntryInput.close();
+              }
+            }
+          }
+        } finally {
+          entryInput.close();
+        }
+      }
+    } finally {
+      reader.close();
+    }
+
+    // Any leftover modification means that we were expecting to modify an entry
+    // in the input file that wasn't there.
+    for (let name in modifications) {
+      if (modifications.hasOwnProperty(name)) {
+        throw new Error("input file was missing expected entries: " + name);
+      }
+    }
+
+    // Now, append any new entries to the end
+    newEntries.forEach(function (newEntry) {
+      let sis = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+        Ci.nsIStringInputStream
+      );
+      try {
+        sis.setData(newEntry.content, newEntry.content.length);
+        writer.addEntryStream(
+          newEntry.name,
+          new Date() * PR_USEC_PER_MSEC,
+          Ci.nsIZipWriter.COMPRESSION_BEST,
+          sis,
+          false
+        );
+      } finally {
+        sis.close();
+      }
+    });
+  } finally {
+    writer.close();
+  }
+}
+
+function removeEntry(entry, entryInput) {
+  return [null, null];
+}
+
+function truncateEntry(entry, entryInput) {
+  if (entryInput.available() == 0) {
+    throw new Error(
+      "Truncating already-zero length entry will result in " +
+        "identical entry."
+    );
+  }
+
+  let content = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  content.data = "";
+
+  return [entry, content];
+}
+
+function check_open_result(name, expectedRv) {
+  return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
+    info("openSignedAppFileCallback called for " + name);
+    equal(rv, expectedRv, "Actual and expected return value should match");
+    equal(
+      aZipReader != null,
+      Components.isSuccessCode(expectedRv),
+      "ZIP reader should be null only if the return value denotes failure"
+    );
+    equal(
+      aSignerCert != null,
+      Components.isSuccessCode(expectedRv),
+      "Signer cert should be null only if the return value denotes failure"
+    );
+    run_next_test();
+  };
+}
+
+function original_app_path(test_name) {
+  return do_get_file("test_signed_apps/" + test_name + ".zip", false);
+}
+
+function tampered_app_path(test_name) {
+  return new FileUtils.File(
+    PathUtils.join(
+      Services.dirsvc.get("TmpD", Ci.nsIFile).path,
+      `test_signed_app-${test_name}.zip`
+    )
+  );
+}
+
+var hashTestcases = [
+  // SHA-256 in PKCS#7 + SHA-256 present elsewhere => OK
+  { name: "app_mf-1-256_sf-1-256_p7-1-256", expectedResult: Cr.NS_OK },
+  { name: "app_mf-1-256_sf-1-256_p7-256", expectedResult: Cr.NS_OK },
+  { name: "app_mf-1-256_sf-256_p7-1-256", expectedResult: Cr.NS_OK },
+  { name: "app_mf-1-256_sf-256_p7-256", expectedResult: Cr.NS_OK },
+  { name: "app_mf-256_sf-1-256_p7-1-256", expectedResult: Cr.NS_OK },
+  { name: "app_mf-256_sf-1-256_p7-256", expectedResult: Cr.NS_OK },
+  { name: "app_mf-256_sf-256_p7-1-256", expectedResult: Cr.NS_OK },
+  { name: "app_mf-256_sf-256_p7-256", expectedResult: Cr.NS_OK },
+
+  // SHA-1 in PKCS#7 + SHA-1 present elsewhere => OK
+  { name: "app_mf-1-256_sf-1-256_p7-1", expectedResult: Cr.NS_OK },
+  { name: "app_mf-1-256_sf-1_p7-1", expectedResult: Cr.NS_OK },
+  { name: "app_mf-1_sf-1-256_p7-1", expectedResult: Cr.NS_OK },
+  { name: "app_mf-1_sf-1_p7-1", expectedResult: Cr.NS_OK },
+
+  // SHA-256 in PKCS#7 + SHA-256 not present elsewhere => INVALID
+  {
+    name: "app_mf-1-256_sf-1_p7-1-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1-256_sf-1_p7-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1_sf-1-256_p7-1-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1_sf-1-256_p7-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1_sf-1_p7-1-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1_sf-1_p7-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1_sf-256_p7-1-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1_sf-256_p7-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-256_sf-1_p7-1-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-256_sf-1_p7-256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+
+  // SHA-1 in PKCS#7 + SHA-1 not present elsewhere => INVALID
+  {
+    name: "app_mf-1-256_sf-256_p7-1",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-1_sf-256_p7-1",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-256_sf-1-256_p7-1",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-256_sf-1_p7-1",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+  {
+    name: "app_mf-256_sf-256_p7-1",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+  },
+];
+
+// Policy values for the preference "security.signed_app_signatures.policy"
+const PKCS7WithSHA1OrSHA256 = 0b0;
+const PKCS7WithSHA256 = 0b1;
+const COSEAndPKCS7WithSHA1OrSHA256 = 0b10;
+const COSEAndPKCS7WithSHA256 = 0b11;
+const COSERequiredAndPKCS7WithSHA1OrSHA256 = 0b100;
+const COSERequiredAndPKCS7WithSHA256 = 0b101;
+const COSEOnly = 0b110;
+const COSEOnlyAgain = 0b111;
+
+function add_signature_test(policy, test) {
+  // First queue up a test to set the desired policy:
+  add_test(function () {
+    Services.prefs.setIntPref("security.signed_app_signatures.policy", policy);
+    run_next_test();
+  });
+  // Then queue up the test itself:
+  add_test(test);
+}
+
+for (let testcase of hashTestcases) {
+  add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+    certdb.openSignedAppFileAsync(
+      Ci.nsIX509CertDB.AppXPCShellRoot,
+      original_app_path(testcase.name),
+      check_open_result(testcase.name, testcase.expectedResult)
+    );
+  });
+}
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("empty_signerInfos"),
+    check_open_result(
+      "the signerInfos in the PKCS#7 signature is empty",
+      Cr.NS_ERROR_CMS_VERIFY_NOT_SIGNED
+    )
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("unsigned_app"),
+    check_open_result("unsigned", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("unknown_issuer_app"),
+    check_open_result(
+      "unknown_issuer",
+      getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)
+    )
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_signed_with_pkcs7"),
+    check_open_result("cose_signed_with_pkcs7", Cr.NS_OK)
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("app_mf-256_sf-256_p7-256"),
+    check_open_result("no COSE but correct PK#7", Cr.NS_OK)
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("app_mf-1_sf-256_p7-256"),
+    check_open_result(
+      "no COSE and wrong PK#7 hash",
+      Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+    )
+  );
+});
+
+add_signature_test(COSERequiredAndPKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("app_mf-256_sf-256_p7-256"),
+    check_open_result(
+      "COSE signature missing (SHA1 or 256)",
+      Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+    )
+  );
+});
+
+add_signature_test(COSERequiredAndPKCS7WithSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("app_mf-256_sf-256_p7-256"),
+    check_open_result(
+      "COSE signature missing (SHA256)",
+      Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+    )
+  );
+});
+
+add_signature_test(COSERequiredAndPKCS7WithSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("only_cose_signed"),
+    check_open_result(
+      "COSE signature only (PK#7 allowed, not present)",
+      Cr.NS_OK
+    )
+  );
+});
+
+add_signature_test(COSERequiredAndPKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("only_cose_signed"),
+    check_open_result(
+      "COSE signature only (PK#7 allowed, not present)",
+      Cr.NS_OK
+    )
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_multiple_signed_with_pkcs7"),
+    check_open_result("cose_multiple_signed_with_pkcs7", Cr.NS_OK)
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_int_signed_with_pkcs7"),
+    check_open_result("COSE signed with an intermediate", Cr.NS_OK)
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("only_cose_signed"),
+    check_open_result(
+      "PK7 signature missing",
+      Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_multiple_signed_with_pkcs7"),
+    check_open_result(
+      "Expected only COSE signature",
+      Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("only_cose_multiple_signed"),
+    check_open_result("only Multiple COSE signatures", Cr.NS_OK)
+  );
+});
+
+add_signature_test(COSEOnly, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("only_cose_signed"),
+    check_open_result("only_cose_signed", Cr.NS_OK)
+  );
+});
+
+add_signature_test(COSEOnlyAgain, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("only_cose_signed"),
+    check_open_result("only_cose_signed (again)", Cr.NS_OK)
+  );
+});
+
+add_signature_test(COSEOnly, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_signed_with_pkcs7"),
+    check_open_result(
+      "COSE only expected but also PK#7 signed",
+      Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+    )
+  );
+});
+
+// Sanity check to ensure a no-op tampering gives a valid result
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("identity_tampering");
+  tamper(original_app_path("app_mf-1_sf-1_p7-1"), tampered, {}, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    check_open_result("identity_tampering", Cr.NS_OK)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("missing_rsa");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "META-INF/A.RSA": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("missing_rsa", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("missing_sf");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "META-INF/A.SF": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("missing_sf", Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("missing_manifest_mf");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "META-INF/MANIFEST.MF": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "missing_manifest_mf",
+      Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+    )
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("missing_entry");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "manifest.json": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("missing_entry", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("truncated_entry");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "manifest.json": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("truncated_entry", Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("truncated_manifestFile");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "META-INF/MANIFEST.MF": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "truncated_manifestFile",
+      Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+    )
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("truncated_signatureFile");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "META-INF/A.SF": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "truncated_signatureFile",
+      getXPCOMStatusFromNSS(SEC_ERROR_PKCS7_BAD_SIGNATURE)
+    )
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("truncated_pkcs7File");
+  tamper(
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    tampered,
+    { "META-INF/A.RSA": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("truncated_pkcs7File", Cr.NS_ERROR_CMS_VERIFY_NOT_SIGNED)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("unsigned_entry");
+  tamper(original_app_path("app_mf-1_sf-1_p7-1"), tampered, {}, [
+    { name: "unsigned.txt", content: "unsigned content!" },
+  ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("unsigned_entry", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY)
+  );
+});
+
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  let tampered = tampered_app_path("unsigned_metainf_entry");
+  tamper(original_app_path("app_mf-1_sf-1_p7-1"), tampered, {}, [
+    { name: "META-INF/unsigned.txt", content: "unsigned content!" },
+  ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "unsigned_metainf_entry",
+      Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+    )
+  );
+});
+
+add_signature_test(PKCS7WithSHA256, function testSHA1Disabled() {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("app_mf-1_sf-1_p7-1"),
+    check_open_result(
+      "SHA-1 should not be accepted if disabled by policy",
+      Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+    )
+  );
+});
+
+add_signature_test(PKCS7WithSHA256, function testSHA256WorksWithSHA1Disabled() {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("app_mf-256_sf-256_p7-256"),
+    check_open_result(
+      "SHA-256 should work if SHA-1 is disabled by policy",
+      Cr.NS_OK
+    )
+  );
+});
+
+add_signature_test(
+  PKCS7WithSHA256,
+  function testMultipleSignaturesWorkWithSHA1Disabled() {
+    certdb.openSignedAppFileAsync(
+      Ci.nsIX509CertDB.AppXPCShellRoot,
+      original_app_path("app_mf-1-256_sf-1-256_p7-1-256"),
+      check_open_result(
+        "Multiple signatures should work if SHA-1 is " +
+          "disabled by policy (if SHA-256 signature verifies)",
+        Cr.NS_OK
+      )
+    );
+  }
+);
+
+var cosePolicies = [
+  COSEAndPKCS7WithSHA1OrSHA256,
+  COSERequiredAndPKCS7WithSHA1OrSHA256,
+];
+
+// PS256 is not yet supported.
+var coseTestcasesStage = [
+  {
+    name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384",
+    expectedResult: Cr.NS_OK,
+    root: Ci.nsIX509CertDB.AddonsStageRoot,
+  },
+  {
+    name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+    root: Ci.nsIX509CertDB.AddonsStageRoot,
+  },
+  {
+    name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256",
+    expectedResult: Cr.NS_OK,
+    root: Ci.nsIX509CertDB.AddonsStageRoot,
+  },
+  {
+    name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+    root: Ci.nsIX509CertDB.AddonsStageRoot,
+  },
+];
+
+var coseTestcasesProd = [
+  {
+    name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-ES384",
+    expectedResult: Cr.NS_OK,
+    root: Ci.nsIX509CertDB.AddonsPublicRoot,
+  },
+  {
+    name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-PS256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+    root: Ci.nsIX509CertDB.AddonsPublicRoot,
+  },
+  {
+    name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256",
+    expectedResult: Cr.NS_OK,
+    root: Ci.nsIX509CertDB.AddonsPublicRoot,
+  },
+  {
+    name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-PS256",
+    expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+    root: Ci.nsIX509CertDB.AddonsPublicRoot,
+  },
+];
+
+for (let policy of cosePolicies) {
+  for (let testcase of [...coseTestcasesStage, ...coseTestcasesProd]) {
+    add_signature_test(policy, function () {
+      certdb.openSignedAppFileAsync(
+        testcase.root,
+        original_app_path(testcase.name),
+        check_open_result(testcase.name, testcase.expectedResult)
+      );
+    });
+  }
+}
+
+add_signature_test(COSEAndPKCS7WithSHA256, function testCOSESigTampered() {
+  let tampered = tampered_app_path("cose_sig_tampered");
+  tamper(
+    original_app_path("cose_signed_with_pkcs7"),
+    tampered,
+    { "META-INF/cose.sig": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "cose_sig_tampered",
+      Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+    )
+  );
+});
+
+// PKCS7 is processed before COSE, so if a COSE signature file is removed or
+// tampered with, this appears as a PKCS7 signature verification failure.
+add_signature_test(COSEAndPKCS7WithSHA256, function testCOSESigRemoved() {
+  let tampered = tampered_app_path("cose_sig_removed");
+  tamper(
+    original_app_path("cose_signed_with_pkcs7"),
+    tampered,
+    { "META-INF/cose.sig": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("cose_sig_removed", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING)
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEManifestTampered() {
+  let tampered = tampered_app_path("cose_manifest_tampered");
+  tamper(
+    original_app_path("cose_signed_with_pkcs7"),
+    tampered,
+    { "META-INF/cose.manifest": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "cose_manifest_tampered",
+      Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+    )
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEManifestRemoved() {
+  let tampered = tampered_app_path("cose_manifest_removed");
+  tamper(
+    original_app_path("cose_signed_with_pkcs7"),
+    tampered,
+    { "META-INF/cose.manifest": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "cose_manifest_removed",
+      Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING
+    )
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEFileAdded() {
+  let tampered = tampered_app_path("cose_file_added");
+  tamper(original_app_path("cose_signed_with_pkcs7"), tampered, {}, [
+    { name: "unsigned.txt", content: "unsigned content!" },
+  ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("cose_file_added", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY)
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEFileRemoved() {
+  let tampered = tampered_app_path("cose_file_removed");
+  tamper(
+    original_app_path("cose_signed_with_pkcs7"),
+    tampered,
+    { "manifest.json": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result("cose_file_removed", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING)
+  );
+});
+
+add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEFileTampered() {
+  let tampered = tampered_app_path("cose_file_tampered");
+  tamper(
+    original_app_path("cose_signed_with_pkcs7"),
+    tampered,
+    { "manifest.json": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "cose_file_tampered",
+      Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function testOnlyCOSESigTampered() {
+  let tampered = tampered_app_path("only_cose_sig_tampered");
+  tamper(
+    original_app_path("only_cose_signed"),
+    tampered,
+    { "META-INF/cose.sig": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "only_cose_sig_tampered",
+      Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function testOnlyCOSESigRemoved() {
+  let tampered = tampered_app_path("only_cose_sig_removed");
+  tamper(
+    original_app_path("only_cose_signed"),
+    tampered,
+    { "META-INF/cose.sig": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "only_cose_sig_removed",
+      Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function testOnlyCOSEManifestTampered() {
+  let tampered = tampered_app_path("only_cose_manifest_tampered");
+  tamper(
+    original_app_path("only_cose_signed"),
+    tampered,
+    { "META-INF/cose.manifest": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "only_cose_manifest_tampered",
+      Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function testOnlyCOSEManifestRemoved() {
+  let tampered = tampered_app_path("only_cose_manifest_removed");
+  tamper(
+    original_app_path("only_cose_signed"),
+    tampered,
+    { "META-INF/cose.manifest": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "only_cose_manifest_removed",
+      Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function testOnlyCOSEFileAdded() {
+  let tampered = tampered_app_path("only_cose_file_added");
+  tamper(original_app_path("only_cose_signed"), tampered, {}, [
+    { name: "unsigned.txt", content: "unsigned content!" },
+  ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "only_cose_file_added",
+      Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function testOnlyCOSEFileRemoved() {
+  let tampered = tampered_app_path("only_cose_file_removed");
+  tamper(
+    original_app_path("only_cose_signed"),
+    tampered,
+    { "manifest.json": removeEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "only_cose_file_removed",
+      Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function testOnlyCOSEFileTampered() {
+  let tampered = tampered_app_path("only_cose_file_tampered");
+  tamper(
+    original_app_path("only_cose_signed"),
+    tampered,
+    { "manifest.json": truncateEntry },
+    []
+  );
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    tampered,
+    check_open_result(
+      "only_cose_file_tampered",
+      Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+    )
+  );
+});
+
+// This was signed with only COSE first, and then the contents were tampered
+// with (making the signature invalid). Then, the file was signed with
+// PKCS7/SHA1. We need to ensure that if we're configured to process COSE, this
+// verification fails.
+add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_tampered_good_pkcs7"),
+    check_open_result(
+      "tampered COSE with good PKCS7 signature should fail " +
+        "when COSE and PKCS7 is processed",
+      Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+    )
+  );
+});
+
+add_signature_test(COSEOnly, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_tampered_good_pkcs7"),
+    check_open_result(
+      "tampered COSE with good PKCS7 signature should fail " +
+        "when only COSE is processed",
+      Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+    )
+  );
+});
+
+// If we're not processing COSE, this should verify successfully.
+add_signature_test(PKCS7WithSHA1OrSHA256, function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("cose_tampered_good_pkcs7"),
+    check_open_result(
+      "tampered COSE with good PKCS7 signature should succeed" +
+        "when COSE is not processed",
+      Cr.NS_OK
+    )
+  );
+});
+
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("bug_1411458"),
+    check_open_result("bug 1411458", Cr.NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO)
+  );
+});
+
+// This has a big manifest file (~2MB). It should verify correctly.
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("big_manifest"),
+    check_open_result("add-on with big manifest file", Cr.NS_OK)
+  );
+});
+
+// This has a huge manifest file (~10MB). Manifest files this large are not
+// supported (8MB is the limit). It should not verify correctly.
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("huge_manifest"),
+    check_open_result(
+      "add-on with huge manifest file",
+      Cr.NS_ERROR_SIGNED_JAR_ENTRY_INVALID
+    )
+  );
+});
+
+// Verification should pass despite a not-yet-valid EE certificate.
+// Regression test for bug 1713628
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("validity_not_yet_valid"),
+    check_open_result("validity_not_yet_valid", Cr.NS_OK)
+  );
+});
+
+// Verification should pass despite an expired EE certificate.
+// Regression test for bug 1267318 and bug 1548973
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    original_app_path("validity_expired"),
+    check_open_result("validity_expired", Cr.NS_OK)
+  );
+});
+
+// TODO: tampered MF, tampered SF
+// TODO: too-large MF, too-large RSA, too-large SF
+// TODO: MF and SF that end immediately after the last main header
+//       (no CR nor LF)
+// TODO: broken headers to exercise the parser
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app/README b/security/manager/ssl/tests/unit/test_signed_apps/app/README
new file mode 100644
index 0000000000..4f4db4f73e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/app/README
@@ -0,0 +1 @@
+This is the readme for the test extension.
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app/data/image.png b/security/manager/ssl/tests/unit/test_signed_apps/app/data/image.png
new file mode 100644
index 0000000000..f4a62faddf
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app/data/image.png differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app/manifest.json b/security/manager/ssl/tests/unit/test_signed_apps/app/manifest.json
new file mode 100644
index 0000000000..eacaedfa7a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/app/manifest.json
@@ -0,0 +1,5 @@
+{
+  "manifest_version": 2,
+  "name": "Test Extension",
+  "version": "0.0.1"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.manifest b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.manifest
new file mode 100644
index 0000000000..be5069f57b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.manifest
@@ -0,0 +1,10 @@
+Manifest-Version: 1.0
+
+Name: README
+SHA256-Digest: bY0l9xqGJYCpqYeJ0K6q4DWUQqu0mNBFM4H4emhjiJg=
+
+Name: manifest.json
+SHA256-Digest: BTnCpT154N26RZm8bhdD43WXd0tj5bg6ofM19NLI0OE=
+
+Name: data/image.png
+SHA256-Digest: EPjkNZwya9X+pruLlxG+FACLwGC48XU4S9oZOA0lVVQ=
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.sig b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.sig
new file mode 100644
index 0000000000..ee9f3e2ce9
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/META-INF/cose.sig differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/README b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/README
new file mode 100644
index 0000000000..46217087d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/README
@@ -0,0 +1,2 @@
+This is the readme for the test extension.
+This app was created by unzipping only_cose_signed.zip and adding this line (thus invalidating the COSE signature).
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/data/image.png b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/data/image.png
new file mode 100644
index 0000000000..f4a62faddf
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/data/image.png differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/manifest.json b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/manifest.json
new file mode 100644
index 0000000000..eacaedfa7a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/app_cose_tampered/manifest.json
@@ -0,0 +1,5 @@
+{
+  "manifest_version": 2,
+  "name": "Test Extension",
+  "version": "0.0.1"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
new file mode 100644
index 0000000000..e8643ae4a1
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1.zip
new file mode 100644
index 0000000000..c796b05d89
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-256.zip
new file mode 100644
index 0000000000..65b1e7be43
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1-256.zip
new file mode 100644
index 0000000000..eb6bbee0d4
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
new file mode 100644
index 0000000000..1efcaf4408
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-256.zip
new file mode 100644
index 0000000000..1554349f31
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1-256.zip
new file mode 100644
index 0000000000..3beaf11361
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
new file mode 100644
index 0000000000..7f2e5386bc
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-256.zip
new file mode 100644
index 0000000000..8bd0938986
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1-256.zip
new file mode 100644
index 0000000000..6021fd3aa9
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
new file mode 100644
index 0000000000..54211eb519
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-256.zip
new file mode 100644
index 0000000000..704504a448
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1-256.zip
new file mode 100644
index 0000000000..68941bf6e3
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
new file mode 100644
index 0000000000..727b148130
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-256.zip
new file mode 100644
index 0000000000..2bed33dce4
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1-256.zip
new file mode 100644
index 0000000000..d57b44b6e2
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
new file mode 100644
index 0000000000..6f17528f8b
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-256.zip
new file mode 100644
index 0000000000..243113b8a7
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1-256.zip
new file mode 100644
index 0000000000..6735f81499
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
new file mode 100644
index 0000000000..f213ac0990
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-256.zip
new file mode 100644
index 0000000000..7a0f561196
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1-256.zip
new file mode 100644
index 0000000000..ce8a55dfa4
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
new file mode 100644
index 0000000000..0fc2f9368e
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-256.zip
new file mode 100644
index 0000000000..79bd0249c3
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1-256.zip
new file mode 100644
index 0000000000..c7c76f6a6c
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1.zip
new file mode 100644
index 0000000000..9ed61ff6a8
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-1.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
new file mode 100644
index 0000000000..75e6434188
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-ES384.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-ES384.zip
new file mode 100644
index 0000000000..40b4fc7857
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-ES384.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-PS256.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-PS256.zip
new file mode 100644
index 0000000000..d364e590e5
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-PS256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256.zip
new file mode 100644
index 0000000000..a4353bba19
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-PS256.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-PS256.zip
new file mode 100644
index 0000000000..51ae592ee9
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-PS256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip
new file mode 100644
index 0000000000..b74e087620
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip
new file mode 100644
index 0000000000..772c42e494
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip
new file mode 100644
index 0000000000..b1d1999551
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip
new file mode 100644
index 0000000000..0ce563680d
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/big_manifest.zip b/security/manager/ssl/tests/unit/test_signed_apps/big_manifest.zip
new file mode 100644
index 0000000000..1daed90236
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/big_manifest.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/bug_1411458.zip b/security/manager/ssl/tests/unit/test_signed_apps/bug_1411458.zip
new file mode 100644
index 0000000000..0b296945ab
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/bug_1411458.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/cose_int_signed_with_pkcs7.zip b/security/manager/ssl/tests/unit/test_signed_apps/cose_int_signed_with_pkcs7.zip
new file mode 100644
index 0000000000..f67c91c3ea
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/cose_int_signed_with_pkcs7.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed_with_pkcs7.zip b/security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed_with_pkcs7.zip
new file mode 100644
index 0000000000..105f2be712
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed_with_pkcs7.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/cose_signed_with_pkcs7.zip b/security/manager/ssl/tests/unit/test_signed_apps/cose_signed_with_pkcs7.zip
new file mode 100644
index 0000000000..8edd1bd7c0
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/cose_signed_with_pkcs7.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/cose_tampered_good_pkcs7.zip b/security/manager/ssl/tests/unit/test_signed_apps/cose_tampered_good_pkcs7.zip
new file mode 100644
index 0000000000..a1565eb9f7
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/cose_tampered_good_pkcs7.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/empty_signerInfos.zip b/security/manager/ssl/tests/unit/test_signed_apps/empty_signerInfos.zip
new file mode 100644
index 0000000000..53744b4a8e
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/empty_signerInfos.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/huge_manifest.zip b/security/manager/ssl/tests/unit/test_signed_apps/huge_manifest.zip
new file mode 100644
index 0000000000..845c39c8b8
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/huge_manifest.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/moz.build b/security/manager/ssl/tests/unit/test_signed_apps/moz.build
new file mode 100644
index 0000000000..8680c8d457
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/moz.build
@@ -0,0 +1,78 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+@template
+def SignedAppFile(name, flags, app_directory="app/"):
+    if not CONFIG["COMPILE_ENVIRONMENT"]:
+        return
+
+    GENERATED_FILES += [name]
+    props = GENERATED_FILES[name]
+    props.script = "/security/manager/ssl/tests/unit/sign_app.py"
+    props.inputs = [app_directory]
+    props.flags = flags
+    # Turn RELATIVEDIR into list entry: like
+    # 'security/manager/ssl/tests/unit/test_signed_apps' ->
+    # TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_signed_apps.
+    files = TEST_HARNESS_FILES.xpcshell
+    for part in RELATIVEDIR.split("/"):
+        files = files[part]
+    files += ["!%s" % name]
+
+
+# Except for unusual testcases (unknown issuer, unsigned app, empty
+# signerInfos), the naming scheme is as follows:
+# app_mf{-1,-256}_sf{-1,-256}_p7{-1,-256}.zip, where:
+# "mf" refers to the manifest file, "sf" refers to the signature file,
+# and "p7" refers to the pkcs#7 file. The "{-1,-256}" indicates which
+# hash algorithms are present in the corresponding file (both may be
+# present).
+# For example, "app_mf-1_sf-1-256_p7-256.zip" means that the manifest
+# file has sha-1 hashes, the signature file has sha-1 hashes and sha-256
+# hashes, and the pkcs#7 file only has sha-256.
+#
+# Temporarily disabled. See bug 1256495.
+# signed_app_files = (
+#    ['unknown_issuer_app.zip', '-i', 'unknown issuer', '-p', 'sha256'],
+#    ['unsigned_app.zip'],
+#    ['empty_signerInfos.zip', '-e'],
+# )
+#
+# for signed_app_file_params in signed_app_files:
+#    SignedAppFile(signed_app_file_params[0], signed_app_file_params[1:])
+#
+# for mf_algs in [['1'], ['256'], ['1', '256']]:
+#    for sf_algs in [['1'], ['256'], ['1', '256']]:
+#        for p7_algs in [['1'], ['256'], ['1', '256']]:
+#            filename = "app_mf-%s_sf-%s_p7-%s.zip" % ('-'.join(mf_algs), '-'.join(sf_algs), '-'.join(p7_algs))
+#            args = []
+#            for mf_alg in mf_algs:
+#                args.append('-m')
+#                args.append('sha%s' % mf_alg)
+#            for sf_alg in sf_algs:
+#                args.append('-s')
+#                args.append('sha%s' % sf_alg)
+#            for p7_alg in p7_algs:
+#                args.append('-p')
+#                args.append('sha%s' % p7_alg)
+#            SignedAppFile(filename, args)
+#
+# COSE test-cases
+# SignedAppFile('cose_signed_with_pkcs7.zip', ['-c', 'ES256', '-p', 'sha256'])
+# SignedAppFile('cose_int_signed_with_pkcs7.zip', ['-c', 'ES256', '-r', 'xpcshell signed apps test root', '-p', 'sha256'])
+# SignedAppFile('cose_multiple_signed_with_pkcs7.zip', ['-c', 'ES256', '-c', 'ES384', '-p', 'sha256'])
+# SignedAppFile('only_cose_signed.zip', ['-c', 'ES256'])
+# SignedAppFile('only_cose_multiple_signed.zip', ['-c', 'ES384', '-c', 'ES256'])
+# SignedAppFile('cose_tampered_good_pkcs7.zip', ['-m', 'sha1', '-s', 'sha1', '-p', 'sha1'], 'app_cose_tampered/')
+# SignedAppFile('big_manifest.zip', ['-p', 'sha256', '--pad-headers', '2'])
+# SignedAppFile('huge_manifest.zip', ['-p', 'sha256', '--pad-headers', '10'])
+# SignedAppFile('validity_expired.zip', ['-c', 'ES256', '-p', 'sha256', '--cert-validity', '19700101-19701212'])
+# SignedAppFile('validity_not_yet_valid.zip', ['-c', 'ES256', '-p', 'sha256', '--cert-validity', '99990101-99991212'])
+
+# To generate a new entry, add SignedAppFile, run mach build and copy from
+# objdir/_tests/xpcshell/security/manager/ssl/tests/unit/test_signed_apps/
+# to this directory.
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/only_cose_multiple_signed.zip b/security/manager/ssl/tests/unit/test_signed_apps/only_cose_multiple_signed.zip
new file mode 100644
index 0000000000..4befbcd47f
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/only_cose_multiple_signed.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/only_cose_signed.zip b/security/manager/ssl/tests/unit/test_signed_apps/only_cose_signed.zip
new file mode 100644
index 0000000000..70ec223475
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/only_cose_signed.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app.zip b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app.zip
new file mode 100644
index 0000000000..03f59a20bb
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app.zip b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app.zip
new file mode 100644
index 0000000000..162b1107fe
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/validity_expired.zip b/security/manager/ssl/tests/unit/test_signed_apps/validity_expired.zip
new file mode 100644
index 0000000000..4b160fe736
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/validity_expired.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/validity_not_yet_valid.zip b/security/manager/ssl/tests/unit/test_signed_apps/validity_not_yet_valid.zip
new file mode 100644
index 0000000000..82a8b4836a
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/validity_not_yet_valid.zip differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.der b/security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.der
new file mode 100644
index 0000000000..3c1869b13b
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.der differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.pem.certspec b/security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.pem.certspec
new file mode 100644
index 0000000000..500c4185cd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.pem.certspec
@@ -0,0 +1,6 @@
+issuer:xpcshell signed apps test root
+subject:xpcshell signed apps test root
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyEncipherment,keyCertSign
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_ssl_status.js b/security/manager/ssl/tests/unit/test_ssl_status.js
new file mode 100644
index 0000000000..e8df767c85
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ssl_status.js
@@ -0,0 +1,75 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+do_get_profile();
+
+function run_test() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  // Test successful connection (failedCertChain should be null,
+  // succeededCertChain should be set as expected)
+  add_connection_test(
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess,
+    null,
+    function withSecurityInfo(aSecInfo) {
+      equal(
+        aSecInfo.failedCertChain.length,
+        0,
+        "failedCertChain for a successful connection should be empty"
+      );
+      ok(
+        areCertArraysEqual(
+          aSecInfo.succeededCertChain,
+          build_cert_chain(["default-ee", "test-ca"])
+        ),
+        "succeededCertChain for a successful connection should be as expected"
+      );
+    }
+  );
+
+  // Test failed connection (failedCertChain should be set as expected,
+  // succeededCertChain should be null)
+  add_connection_test(
+    "expired.example.com",
+    SEC_ERROR_EXPIRED_CERTIFICATE,
+    null,
+    function withSecurityInfo(aSecInfo) {
+      equal(
+        aSecInfo.succeededCertChain.length,
+        0,
+        "succeededCertChain for a failed connection should be null"
+      );
+      ok(
+        areCertArraysEqual(
+          aSecInfo.failedCertChain,
+          build_cert_chain(["expired-ee", "test-ca"])
+        ),
+        "failedCertChain for a failed connection should be as expected"
+      );
+    }
+  );
+
+  // Ensure the correct failed cert chain is set on cert override
+  let overrideStatus = {
+    failedCertChain: build_cert_chain(["expired-ee", "test-ca"]),
+  };
+  add_cert_override_test(
+    "expired.example.com",
+    SEC_ERROR_EXPIRED_CERTIFICATE,
+    undefined,
+    overrideStatus
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_eviction.js b/security/manager/ssl/tests/unit/test_sss_eviction.js
new file mode 100644
index 0000000000..eee9e00e22
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_eviction.js
@@ -0,0 +1,88 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to check that a frequently visited site
+// will not be evicted over an infrequently visited site.
+
+var gSSService = null;
+var gProfileDir = null;
+
+function do_state_written(aSubject, aTopic, aData) {
+  if (aData == CLIENT_AUTH_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  ok(stateFile.exists());
+  let stateFileContents = readFile(stateFile);
+  // the last part is removed because it's the empty string after the final \n
+  let lines = stateFileContents.split("\n").slice(0, -1);
+  // We can receive multiple data-storage-written events. In particular, we
+  // may receive one where DataStorage wrote out data before we were done
+  // processing all of our headers. In this case, the data may not be
+  // as we expect. We only care about the final one being correct, however,
+  // so we return and wait for the next event if things aren't as we expect.
+  // There should be 1024 entries.
+  if (lines.length != 1024) {
+    return;
+  }
+
+  let foundLegitSite = false;
+  for (let line of lines) {
+    if (line.startsWith("frequentlyused.example.com:HSTS")) {
+      foundLegitSite = true;
+      break;
+    }
+  }
+
+  ok(foundLegitSite);
+  do_test_finished();
+}
+
+function do_state_read(aSubject, aTopic, aData) {
+  if (aData == CLIENT_AUTH_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://frequentlyused.example.com")
+    )
+  );
+  for (let i = 0; i < 2000; i++) {
+    let uri = Services.io.newURI("http://bad" + i + ".example.com");
+    gSSService.processHeader(uri, "max-age=1000");
+  }
+  do_test_pending();
+  Services.obs.addObserver(do_state_written, "data-storage-written");
+  do_test_finished();
+}
+
+function run_test() {
+  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
+  gProfileDir = do_get_profile();
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = new Date().getTime();
+  let line =
+    "frequentlyused.example.com:HSTS\t4\t0\t" + (now + 100000) + ",1,0\n";
+  outputStream.write(line, line.length);
+  outputStream.close();
+  Services.obs.addObserver(do_state_read, "data-storage-ready");
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_originAttributes.js b/security/manager/ssl/tests/unit/test_sss_originAttributes.js
new file mode 100644
index 0000000000..280b0df5a6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_originAttributes.js
@@ -0,0 +1,99 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * vim: sw=2 ts=2 sts=2
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Ensures nsISiteSecurityService APIs respects origin attributes.
+
+const GOOD_MAX_AGE_SECONDS = 69403;
+const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
+
+do_get_profile(); // must be done before instantiating nsIX509CertDB
+
+let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
+let host = "a.pinning.example.com";
+let uri = Services.io.newURI("https://" + host);
+
+// Check if originAttributes1 and originAttributes2 are isolated with respect
+// to HSTS storage.
+function doTest(originAttributes1, originAttributes2, shouldShare) {
+  sss.clearAll();
+  let header = GOOD_MAX_AGE;
+  // Set HSTS for originAttributes1.
+  sss.processHeader(uri, header, originAttributes1);
+  ok(
+    sss.isSecureURI(uri, originAttributes1),
+    "URI should be secure given original origin attributes"
+  );
+  equal(
+    sss.isSecureURI(uri, originAttributes2),
+    shouldShare,
+    "URI should be secure given different origin attributes if and " +
+      "only if shouldShare is true"
+  );
+
+  if (!shouldShare) {
+    // Remove originAttributes2 from the storage.
+    sss.resetState(uri, originAttributes2);
+    ok(
+      sss.isSecureURI(uri, originAttributes1),
+      "URI should still be secure given original origin attributes"
+    );
+  }
+
+  // Remove originAttributes1 from the storage.
+  sss.resetState(uri, originAttributes1);
+  ok(
+    !sss.isSecureURI(uri, originAttributes1),
+    "URI should not be secure after removeState"
+  );
+
+  sss.clearAll();
+}
+
+function testInvalidOriginAttributes(originAttributes) {
+  let header = GOOD_MAX_AGE;
+
+  let callbacks = [
+    () => sss.processHeader(uri, header, originAttributes),
+    () => sss.isSecureURI(uri, originAttributes),
+    () => sss.resetState(uri, originAttributes),
+  ];
+
+  for (let callback of callbacks) {
+    throws(
+      callback,
+      /NS_ERROR_ILLEGAL_VALUE/,
+      "Should get an error with invalid origin attributes"
+    );
+  }
+}
+
+function run_test() {
+  sss.clearAll();
+
+  let originAttributesList = [];
+  for (let userContextId of [0, 1, 2]) {
+    for (let firstPartyDomain of ["", "foo.com", "bar.com"]) {
+      originAttributesList.push({ userContextId, firstPartyDomain });
+    }
+  }
+  for (let attrs1 of originAttributesList) {
+    for (let attrs2 of originAttributesList) {
+      // SSS storage is not isolated by userContext
+      doTest(
+        attrs1,
+        attrs2,
+        attrs1.firstPartyDomain == attrs2.firstPartyDomain
+      );
+    }
+  }
+
+  testInvalidOriginAttributes(undefined);
+  testInvalidOriginAttributes(null);
+  testInvalidOriginAttributes(1);
+  testInvalidOriginAttributes("foo");
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate.js b/security/manager/ssl/tests/unit/test_sss_readstate.js
new file mode 100644
index 0000000000..689df13495
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate.js
@@ -0,0 +1,123 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// and see that the site security service reads it properly.
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == CLIENT_AUTH_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(
+    !gSSService.isSecureURI(Services.io.newURI("https://expired.example.com"))
+  );
+  ok(
+    gSSService.isSecureURI(Services.io.newURI("https://notexpired.example.com"))
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://sub.includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://incsubdomain.example.com")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://sub.incsubdomain.example.com")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains2.preloaded.test")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://sub.includesubdomains2.preloaded.test")
+    )
+  );
+
+  // Clearing the data should make everything go back to default.
+  gSSService.clearAll();
+  ok(
+    !gSSService.isSecureURI(Services.io.newURI("https://expired.example.com"))
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://notexpired.example.com")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://sub.includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://incsubdomain.example.com")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://sub.incsubdomain.example.com")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains2.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://sub.includesubdomains2.preloaded.test")
+    )
+  );
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = Date.now();
+  let lines = [
+    `expired.example.com:HSTS\t0\t0\t${now - 100000},1,0`,
+    `notexpired.example.com:HSTS\t0\t0\t${now + 100000},1,0`,
+    // This overrides an entry on the preload list.
+    `includesubdomains.preloaded.test:HSTS\t0\t0\t${now + 100000},1,0`,
+    `incsubdomain.example.com:HSTS\t0\t0\t${now + 100000},1,1`,
+    // This overrides an entry on the preload list.
+    "includesubdomains2.preloaded.test:HSTS\t0\t0\t0,2,0",
+  ];
+  writeLinesAndClose(lines, outputStream);
+  Services.obs.addObserver(checkStateRead, "data-storage-ready");
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_empty.js b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js
new file mode 100644
index 0000000000..83d96f5245
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create an empty site security service state
+// file and see that the site security service doesn't fail when reading it.
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  // nonexistent.example.com should never be an HSTS host
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://nonexistent.example.com")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains.preloaded.test")
+    )
+  );
+  // notexpired.example.com is an HSTS host in a different test - we
+  // want to make sure that test hasn't interfered with this one.
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://notexpired.example.com")
+    )
+  );
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  stateFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0x1a4); // 0x1a4 == 0o644
+  ok(stateFile.exists());
+  // Initialize nsISiteSecurityService after do_get_profile() so it
+  // can read the state file.
+  Services.obs.addObserver(checkStateRead, "data-storage-ready");
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
new file mode 100644
index 0000000000..00c79756d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
@@ -0,0 +1,95 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a mostly bogus site security service
+// state file and see that the site security service handles it properly.
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == CLIENT_AUTH_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  const HSTS_HOSTS = [
+    "https://example1.example.com",
+    "https://example2.example.com",
+  ];
+  for (let host of HSTS_HOSTS) {
+    ok(
+      gSSService.isSecureURI(Services.io.newURI(host)),
+      `${host} should be HSTS enabled`
+    );
+  }
+
+  const NOT_HSTS_HOSTS = [
+    "https://example.com",
+    "https://example3.example.com",
+    "https://extra.comma.example.com",
+    "https://empty.statestring.example.com",
+    "https://rubbish.statestring.example.com",
+    "https://spaces.statestring.example.com",
+    "https://invalid.expirytime.example.com",
+    "https://text.securitypropertystate.example.com",
+    "https://invalid.securitypropertystate.example.com",
+    "https://text.includesubdomains.example.com",
+    "https://invalid.includesubdomains.example.com",
+  ];
+  for (let host of NOT_HSTS_HOSTS) {
+    ok(
+      !gSSService.isSecureURI(Services.io.newURI(host)),
+      `${host} should not be HSTS enabled`
+    );
+  }
+
+  do_test_finished();
+}
+
+function run_test() {
+  Services.prefs.setBoolPref("security.cert_pinning.hpkp.enabled", true);
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let expiryTime = Date.now() + 100000;
+  let lines = [
+    // General state file entry tests.
+    `example1.example.com:HSTS\t0\t0\t${expiryTime},1,0`,
+    "I'm a lumberjack and I'm okay; I work all night and I sleep all day!",
+    "This is a totally bogus entry\t",
+    "0\t0\t0\t0\t",
+    "\t\t\t\t\t\t\t",
+    "example.com:HSTS\t\t\t\t\t\t\t",
+    "example3.example.com:HSTS\t0\t\t\t\t\t\t",
+    `example2.example.com:HSTS\t0\t0\t${expiryTime},1,0`,
+    // HSTS state string parsing tests
+    `extra.comma.example.com:HSTS\t0\t0\t${expiryTime},,1,0`,
+    "empty.statestring.example.com:HSTS\t0\t0\t",
+    "rubbish.statestring.example.com:HSTS\t0\t0\tfoobar",
+    `spaces.statestring.example.com:HSTS\t0\t0\t${expiryTime}, 1,0 `,
+    `invalid.expirytime.example.com:HSTS\t0\t0\t${expiryTime}foo123,1,0`,
+    `text.securitypropertystate.example.com:HSTS\t0\t0\t${expiryTime},1foo,0`,
+    `invalid.securitypropertystate.example.com:HSTS\t0\t0\t${expiryTime},999,0`,
+    `text.includesubdomains.example.com:HSTS\t0\t0\t${expiryTime},1,1foo`,
+    `invalid.includesubdomains.example.com:HSTS\t0\t0\t${expiryTime},1,0foo`,
+  ];
+  writeLinesAndClose(lines, outputStream);
+  Services.obs.addObserver(checkStateRead, "data-storage-ready");
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  notEqual(gSSService, null);
+
+  Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_huge.js b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
new file mode 100644
index 0000000000..079fd598b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
@@ -0,0 +1,80 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// that is too large and see that the site security service reads it properly
+// (this means discarding all entries after the 1024th).
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == CLIENT_AUTH_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(
+    gSSService.isSecureURI(Services.io.newURI("https://example0.example.com"))
+  );
+  ok(
+    gSSService.isSecureURI(Services.io.newURI("https://example423.example.com"))
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://example1023.example.com")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://example1024.example.com")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://example1025.example.com")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://example9000.example.com")
+    )
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://example99999.example.com")
+    )
+  );
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let expiryTime = Date.now() + 100000;
+  let lines = [];
+  for (let i = 0; i < 10000; i++) {
+    // The 0s will all get squashed down into one 0 when they are read.
+    // This is just to make the file size large (>2MB).
+    lines.push(
+      `example${i}.example.com:HSTS\t` +
+        "0000000000000000000000000000000000000000000000000\t" +
+        "00000000000000000000000000000000000000\t" +
+        `${expiryTime},1,0000000000000000000000000000000000000000000000000000000000000000000000000`
+    );
+  }
+  writeLinesAndClose(lines, outputStream);
+  Services.obs.addObserver(checkStateRead, "data-storage-ready");
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_resetState.js b/security/manager/ssl/tests/unit/test_sss_resetState.js
new file mode 100644
index 0000000000..4a667c05f0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_resetState.js
@@ -0,0 +1,62 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that resetting HSTS state in the way the "forget about this site"
+// functionality does works as expected for preloaded and non-preloaded sites.
+
+do_get_profile();
+
+var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+  Ci.nsISiteSecurityService
+);
+
+function test_removeState(originAttributes) {
+  info(`running test_removeState(originAttributes=${originAttributes})`);
+  // Simulate visiting a non-preloaded site by processing an HSTS header check
+  // that the HSTS bit gets set, simulate "forget about this site" (call
+  // removeState), and then check that the HSTS bit isn't set.
+  let notPreloadedURI = Services.io.newURI("https://not-preloaded.example.com");
+  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
+  gSSService.processHeader(notPreloadedURI, "max-age=1000;", originAttributes);
+  ok(gSSService.isSecureURI(notPreloadedURI, originAttributes));
+  gSSService.resetState(notPreloadedURI, originAttributes);
+  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
+
+  // Simulate visiting a non-preloaded site that unsets HSTS by processing
+  // an HSTS header with "max-age=0", check that the HSTS bit isn't
+  // set, simulate "forget about this site" (call removeState), and then check
+  // that the HSTS bit isn't set.
+  gSSService.processHeader(notPreloadedURI, "max-age=0;", originAttributes);
+  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
+  gSSService.resetState(notPreloadedURI, originAttributes);
+  ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
+
+  // Simulate visiting a preloaded site by processing an HSTS header, check
+  // that the HSTS bit is still set, simulate "forget about this site"
+  // (call removeState), and then check that the HSTS bit is still set.
+  let preloadedHost = "includesubdomains.preloaded.test";
+  let preloadedURI = Services.io.newURI(`https://${preloadedHost}`);
+  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
+  gSSService.processHeader(preloadedURI, "max-age=1000;", originAttributes);
+  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
+  gSSService.resetState(preloadedURI, originAttributes);
+  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
+
+  // Simulate visiting a preloaded site that unsets HSTS by processing an
+  // HSTS header with "max-age=0", check that the HSTS bit is what we
+  // expect (see below), simulate "forget about this site" (call removeState),
+  // and then check that the HSTS bit is set.
+  gSSService.processHeader(preloadedURI, "max-age=0;", originAttributes);
+  ok(!gSSService.isSecureURI(preloadedURI, originAttributes));
+  gSSService.resetState(preloadedURI, originAttributes);
+  ok(gSSService.isSecureURI(preloadedURI, originAttributes));
+}
+
+function run_test() {
+  test_removeState({});
+  test_removeState({ privateBrowsingId: 1 });
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js b/security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js
new file mode 100644
index 0000000000..d84920a977
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to ensure that Firefox sanitizes site security
+// service data on shutdown if configured to do so.
+
+ChromeUtils.defineESModuleGetters(this, {
+  Sanitizer: "resource:///modules/Sanitizer.sys.mjs",
+  TestUtils: "resource://testing-common/TestUtils.sys.mjs",
+});
+
+Sanitizer.onStartup();
+
+// This helps us away from test timed out. If service worker manager(swm) hasn't
+// been initilaized before profile-change-teardown, this test would fail due to
+// the shutdown blocker added by swm. Normally, swm should be initialized before
+// that and the similar crash signatures are fixed. So, assume this cannot
+// happen in the real world and initilaize swm here as a workaround.
+Cc["@mozilla.org/serviceworkers/manager;1"].getService(
+  Ci.nsIServiceWorkerManager
+);
+
+function getStateFileContents() {
+  let stateFile = do_get_profile();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  ok(stateFile.exists());
+  return readFile(stateFile);
+}
+
+add_task(async function run_test() {
+  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
+  do_get_profile();
+  let SSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  let header = "max-age=50000";
+  SSService.processHeader(Services.io.newURI("http://example.com"), header);
+  await TestUtils.topicObserved(
+    "data-storage-written",
+    (_, data) => data == SSS_STATE_FILE_NAME
+  );
+  let stateFileContents = getStateFileContents();
+  ok(
+    stateFileContents.includes("example.com"),
+    "should have written out state file"
+  );
+
+  // Configure Firefox to clear this data on shutdown.
+  Services.prefs.setBoolPref(
+    Sanitizer.PREF_SHUTDOWN_BRANCH + "siteSettings",
+    true
+  );
+  Services.prefs.setBoolPref(Sanitizer.PREF_SANITIZE_ON_SHUTDOWN, true);
+
+  // Simulate shutdown.
+  Services.startup.advanceShutdownPhase(
+    Services.startup.SHUTDOWN_PHASE_APPSHUTDOWNTEARDOWN
+  );
+  Services.startup.advanceShutdownPhase(
+    Services.startup.SHUTDOWN_PHASE_APPSHUTDOWN
+  );
+
+  equal(getStateFileContents(), "", "state file should be empty");
+});
diff --git a/security/manager/ssl/tests/unit/test_sss_savestate.js b/security/manager/ssl/tests/unit/test_sss_savestate.js
new file mode 100644
index 0000000000..1ab4ceaf40
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_savestate.js
@@ -0,0 +1,126 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to see that the site security service properly
+// writes its state file.
+
+const EXPECTED_ENTRIES = 5;
+const EXPECTED_HSTS_COLUMNS = 3;
+
+var gProfileDir = null;
+var gExpectingWrites = true;
+
+// For reference, the format of the state file is a list of:
+// <domain name> <expiration time in milliseconds>,<sts status>,<includeSubdomains>
+// separated by newlines ('\n')
+
+function checkStateWritten(aSubject, aTopic, aData) {
+  if (aData == CLIENT_AUTH_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+  ok(gExpectingWrites);
+
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  ok(stateFile.exists());
+  let stateFileContents = readFile(stateFile);
+  // the last line is removed because it's just a trailing newline
+  let lines = stateFileContents.split("\n").slice(0, -1);
+  equal(lines.length, EXPECTED_ENTRIES);
+  let sites = {}; // a map of domain name -> [the entry in the state file]
+  for (let line of lines) {
+    let parts = line.split("\t");
+    let host = parts[0];
+    let entry = parts[3].split(",");
+    let expectedColumns = EXPECTED_HSTS_COLUMNS;
+    equal(entry.length, expectedColumns);
+    sites[host] = entry;
+  }
+
+  // While we're still processing headers, multiple writes of the backing data
+  // can be scheduled, and thus we can receive multiple data-storage-written
+  // notifications. In these cases, the data may not be as we expect. We only
+  // care about the final one being correct, however, so we return and wait for
+  // the next event if things aren't as we expect.
+  // each sites[url][1] should be SecurityPropertySet (i.e. 1).
+  // sites[url][2] corresponds to includeSubdomains, so every other one should
+  // be set (i.e. 1);
+  if (sites["includesubdomains.preloaded.test:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["includesubdomains.preloaded.test:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["a.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["a.example.com:HSTS"][2] != 1) {
+    return;
+  }
+  if (sites["b.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["b.example.com:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["c.c.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["c.c.example.com:HSTS"][2] != 1) {
+    return;
+  }
+  if (sites["d.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["d.example.com:HSTS"][2] != 0) {
+    return;
+  }
+
+  // If we get here, the file was as expected and we no longer expect any
+  // data-storage-written notifications.
+  gExpectingWrites = false;
+
+  // Process the headers again to test that seeing them again after such a
+  // short delay doesn't cause another write.
+  process_headers();
+
+  // Wait a bit before finishing the test, to see if another write happens.
+  do_timeout(2000, function () {
+    do_test_finished();
+  });
+}
+
+function process_headers() {
+  let SSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+
+  let uris = [
+    Services.io.newURI("http://includesubdomains.preloaded.test"),
+    Services.io.newURI("http://a.example.com"),
+    Services.io.newURI("http://b.example.com"),
+    Services.io.newURI("http://c.c.example.com"),
+    Services.io.newURI("http://d.example.com"),
+  ];
+
+  for (let i = 0; i < 1000; i++) {
+    let uriIndex = i % uris.length;
+    // vary max-age, but have it be within one day of one year
+    let maxAge = "max-age=" + (i + 31536000);
+    // have every other URI set includeSubdomains
+    let includeSubdomains = uriIndex % 2 == 1 ? "; includeSubdomains" : "";
+    SSService.processHeader(uris[uriIndex], maxAge + includeSubdomains);
+  }
+}
+
+function run_test() {
+  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
+  gProfileDir = do_get_profile();
+  process_headers();
+  do_test_pending();
+  Services.obs.addObserver(checkStateWritten, "data-storage-written");
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js
new file mode 100644
index 0000000000..3c136a9d99
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  let uri = Services.io.newURI("https://example.com");
+  let uri1 = Services.io.newURI("https://example.com.");
+  let uri2 = Services.io.newURI("https://example.com..");
+  ok(!SSService.isSecureURI(uri));
+  ok(!SSService.isSecureURI(uri1));
+  // These cases are only relevant as long as bug 1118522 hasn't been fixed.
+  ok(!SSService.isSecureURI(uri2));
+
+  SSService.processHeader(uri, "max-age=1000;includeSubdomains");
+  ok(SSService.isSecureURI(uri));
+  ok(SSService.isSecureURI(uri1));
+  ok(SSService.isSecureURI(uri2));
+
+  SSService.resetState(uri);
+  ok(!SSService.isSecureURI(uri));
+  ok(!SSService.isSecureURI(uri1));
+  ok(!SSService.isSecureURI(uri2));
+
+  // Somehow creating this malformed URI succeeds - we need to handle it
+  // gracefully.
+  uri = Services.io.newURI("https://../foo");
+  equal(uri.host, "..");
+  throws(
+    () => {
+      SSService.isSecureURI(uri);
+    },
+    /NS_ERROR_UNEXPECTED/,
+    "Malformed URI should be rejected"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
new file mode 100644
index 0000000000..4ffac59356
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
@@ -0,0 +1,55 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+function check_ip(s, v, ip) {
+  let str = "https://";
+  if (v == 6) {
+    str += "[";
+  }
+  str += ip;
+  if (v == 6) {
+    str += "]";
+  }
+  str += "/";
+
+  let uri = Services.io.newURI(str);
+  ok(!s.isSecureURI(uri));
+
+  let parsedMaxAge = {};
+  let parsedIncludeSubdomains = {};
+  s.processHeader(
+    uri,
+    "max-age=1000;includeSubdomains",
+    {},
+    parsedMaxAge,
+    parsedIncludeSubdomains
+  );
+  ok(
+    !s.isSecureURI(uri),
+    "URI should not be secure if it contains an IP address"
+  );
+
+  /* Test that processHeader will ignore headers for an uri, if the uri
+   * contains an IP address not a hostname.
+   * If processHeader indeed ignore the header, then the output parameters will
+   * remain empty, and we shouldn't see the values passed as the header.
+   */
+  notEqual(parsedMaxAge.value, 1000);
+  notEqual(parsedIncludeSubdomains.value, true);
+  notEqual(parsedMaxAge.value, undefined);
+  notEqual(parsedIncludeSubdomains.value, undefined);
+}
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+
+  check_ip(SSService, 4, "127.0.0.1");
+  check_ip(SSService, 4, "10.0.0.1");
+  check_ip(SSService, 6, "2001:db8::1");
+  check_ip(SSService, 6, "1080::8:800:200C:417A");
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_parser.js b/security/manager/ssl/tests/unit/test_sts_parser.js
new file mode 100644
index 0000000000..3d99a44e79
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_parser.js
@@ -0,0 +1,126 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * vim: sw=2 ts=2 sts=2
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// STS parser tests
+
+let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
+
+function testSuccess(header, expectedMaxAge, expectedIncludeSubdomains) {
+  let dummyUri = Services.io.newURI("https://foo.com/bar.html");
+  let maxAge = {};
+  let includeSubdomains = {};
+
+  sss.processHeader(dummyUri, header, {}, maxAge, includeSubdomains);
+
+  equal(maxAge.value, expectedMaxAge, "Did not correctly parse maxAge");
+  equal(
+    includeSubdomains.value,
+    expectedIncludeSubdomains,
+    "Did not correctly parse presence/absence of includeSubdomains"
+  );
+}
+
+function testFailure(header) {
+  let dummyUri = Services.io.newURI("https://foo.com/bar.html");
+  let maxAge = {};
+  let includeSubdomains = {};
+
+  throws(
+    () => {
+      sss.processHeader(dummyUri, header, {}, maxAge, includeSubdomains);
+    },
+    /NS_ERROR_FAILURE/,
+    "Parsed invalid header: " + header
+  );
+}
+
+function run_test() {
+  // SHOULD SUCCEED:
+  testSuccess("max-age=100", 100, false);
+  testSuccess("max-age  =100", 100, false);
+  testSuccess(" max-age=100", 100, false);
+  testSuccess("max-age = 100 ", 100, false);
+  testSuccess('max-age = "100" ', 100, false);
+  testSuccess('max-age="100"', 100, false);
+  testSuccess(' max-age ="100" ', 100, false);
+  testSuccess('\tmax-age\t=\t"100"\t', 100, false);
+  testSuccess("max-age  =       100             ", 100, false);
+
+  testSuccess("maX-aGe=100", 100, false);
+  testSuccess("MAX-age  =100", 100, false);
+  testSuccess("max-AGE=100", 100, false);
+  testSuccess("Max-Age = 100 ", 100, false);
+  testSuccess("MAX-AGE = 100 ", 100, false);
+
+  testSuccess("max-age=100;includeSubdomains", 100, true);
+  testSuccess("max-age=100\t; includeSubdomains", 100, true);
+  testSuccess(" max-age=100; includeSubdomains", 100, true);
+  testSuccess("max-age = 100 ; includeSubdomains", 100, true);
+  testSuccess(
+    "max-age  =       100             ; includeSubdomains",
+    100,
+    true
+  );
+
+  testSuccess("maX-aGe=100; includeSUBDOMAINS", 100, true);
+  testSuccess("MAX-age  =100; includeSubDomains", 100, true);
+  testSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", 100, true);
+  testSuccess("Max-Age = 100; includesubdomains ", 100, true);
+  testSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", 100, true);
+  // Turns out, the actual directive is entirely optional (hence the
+  // trailing semicolon)
+  testSuccess("max-age=100;includeSubdomains;", 100, true);
+
+  // these are weird tests, but are testing that some extended syntax is
+  // still allowed (but it is ignored)
+  testSuccess("max-age=100 ; includesubdomainsSomeStuff", 100, false);
+  testSuccess(
+    "\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103" +
+      "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t",
+    34520103,
+    true
+  );
+  testSuccess('max-age=100; unrelated="quoted \\"thingy\\""', 100, false);
+
+  // Test a max-age greater than 100 years. It will be capped at 100 years.
+  testSuccess("max-age=4294967296", 60 * 60 * 24 * 365 * 100, false);
+
+  // SHOULD FAIL:
+  // invalid max-ages
+  testFailure("max-age");
+  testFailure("max-age ");
+  testFailure("max-age=p");
+  testFailure("max-age=*1p2");
+  testFailure("max-age=.20032");
+  testFailure("max-age=!20032");
+  testFailure("max-age==20032");
+
+  // invalid headers
+  testFailure("foobar");
+  testFailure("maxage=100");
+  testFailure("maxa-ge=100");
+  testFailure("max-ag=100");
+  testFailure("includesubdomains");
+  testFailure(";");
+  testFailure('max-age="100');
+  // The max-age directive here doesn't conform to the spec, so it MUST
+  // be ignored. Consequently, the REQUIRED max-age directive is not
+  // present in this header, and so it is invalid.
+  testFailure("max-age=100, max-age=200; includeSubdomains");
+  testFailure("max-age=100 includesubdomains");
+  testFailure("max-age=100 bar foo");
+  testFailure("max-age=100randomstuffhere");
+  // All directives MUST appear only once in an STS header field.
+  testFailure("max-age=100; max-age=200");
+  testFailure("includeSubdomains; max-age=200; includeSubdomains");
+  testFailure("max-age=200; includeSubdomains; includeSubdomains");
+  // The includeSubdomains directive is valueless.
+  testFailure("max-age=100; includeSubdomains=unexpected");
+  // LWS must have at least one space or horizontal tab
+  testFailure("\r\nmax-age=200");
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
new file mode 100644
index 0000000000..6b1b4a5ba6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
@@ -0,0 +1,269 @@
+"use strict";
+
+var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+  Ci.nsISiteSecurityService
+);
+
+function Observer() {}
+Observer.prototype = {
+  observe(subject, topic, data) {
+    if (topic == "last-pb-context-exited") {
+      run_next_test();
+    }
+  },
+};
+
+var gObserver = new Observer();
+
+function cleanup() {
+  Services.obs.removeObserver(gObserver, "last-pb-context-exited");
+  gSSService.clearAll();
+}
+
+function run_test() {
+  do_get_profile();
+
+  registerCleanupFunction(cleanup);
+  Services.obs.addObserver(gObserver, "last-pb-context-exited");
+
+  add_test(test_part1);
+  add_test(test_private_browsing1);
+  add_test(test_private_browsing2);
+
+  run_next_test();
+}
+
+function test_part1() {
+  // check that a host not in the list is not identified as an sts host
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://nonexistent.example.com")
+    )
+  );
+
+  // check that an ancestor domain is not identified as an sts host
+  ok(!gSSService.isSecureURI(Services.io.newURI("https://com")));
+
+  // check that the pref to toggle using the preload list works
+  Services.prefs.setBoolPref(
+    "network.stricttransportsecurity.preloadlist",
+    false
+  );
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains.preloaded.test")
+    )
+  );
+  Services.prefs.setBoolPref(
+    "network.stricttransportsecurity.preloadlist",
+    true
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains.preloaded.test")
+    )
+  );
+
+  // check that a subdomain is an sts host (includeSubdomains is set)
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+    )
+  );
+
+  // check that another subdomain is an sts host (includeSubdomains is set)
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://a.b.c.def.includesubdomains.preloaded.test")
+    )
+  );
+
+  // check that a subdomain is not an sts host (includeSubdomains is not set)
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://subdomain.noincludesubdomains.preloaded.test")
+    )
+  );
+
+  // check that a host with a dot on the end won't break anything
+  ok(
+    !gSSService.isSecureURI(
+      Services.io.newURI("https://notsts.nonexistent.example.com.")
+    )
+  );
+
+  // check that processing a header with max-age: 0 will remove a preloaded
+  // site from the list
+  let uri = Services.io.newURI("https://includesubdomains.preloaded.test");
+  let subDomainUri = Services.io.newURI(
+    "https://subdomain.includesubdomains.preloaded.test"
+  );
+  gSSService.processHeader(uri, "max-age=0");
+  ok(!gSSService.isSecureURI(uri));
+  ok(!gSSService.isSecureURI(subDomainUri));
+  // check that processing another header (with max-age non-zero) will
+  // re-enable a site's sts status
+  gSSService.processHeader(uri, "max-age=1000");
+  ok(gSSService.isSecureURI(uri));
+  // but this time include subdomains was not set, so test for that
+  ok(!gSSService.isSecureURI(subDomainUri));
+  gSSService.clearAll();
+
+  // check that processing a header with max-age: 0 from a subdomain of a site
+  // will not remove that (ancestor) site from the list
+  uri = Services.io.newURI(
+    "https://subdomain.noincludesubdomains.preloaded.test"
+  );
+  gSSService.processHeader(uri, "max-age=0");
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://noincludesubdomains.preloaded.test")
+    )
+  );
+  ok(!gSSService.isSecureURI(uri));
+
+  uri = Services.io.newURI(
+    "https://subdomain.includesubdomains.preloaded.test"
+  );
+  gSSService.processHeader(uri, "max-age=0");
+  // we received a header with "max-age=0", so we have "no information"
+  // regarding the sts state of subdomain.includesubdomains.preloaded.test specifically,
+  // but it is actually still an STS host, because of the preloaded
+  // includesubdomains.preloaded.test including subdomains.
+  // Here's a drawing:
+  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+  //     |-- subdomain.includesubdomains.preloaded.test                          IS sts host
+  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS sts host
+  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://sibling.includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI(
+        "https://another.subdomain.includesubdomains.preloaded.test"
+      )
+    )
+  );
+
+  gSSService.processHeader(uri, "max-age=1000");
+  // Here's what we have now:
+  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+  //     |-- subdomain.includesubdomains.preloaded.test (include subdomains is false) IS sts host
+  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS sts host
+  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
+  // Note that another.subdomain.includesubdomains.preloaded.test IS still an sts host, because
+  // there exists a superdomain that is sts and asserts includeSubdomains (namely,
+  // includesubdomains.preloaded.test)
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://sibling.includesubdomains.preloaded.test")
+    )
+  );
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI(
+        "https://another.subdomain.includesubdomains.preloaded.test"
+      )
+    )
+  );
+
+  // Test that an expired non-private browsing entry results in correctly
+  // identifying a host that is on the preload list as no longer sts.
+  // (This happens when we're in regular browsing mode, we get a header from
+  // a site on the preload list, and that header later expires. We need to
+  // then treat that host as no longer an sts host.)
+  // (sanity check first - this should be in the preload list)
+  uri = Services.io.newURI("https://includesubdomains2.preloaded.test");
+  ok(gSSService.isSecureURI(uri));
+  gSSService.processHeader(uri, "max-age=1");
+  do_timeout(1250, function () {
+    ok(!gSSService.isSecureURI(uri));
+    run_next_test();
+  });
+}
+
+const PRIVATE_ORIGIN_ATTRIBUTES = { privateBrowsingId: 1 };
+
+function test_private_browsing1() {
+  gSSService.clearAll();
+  let uri = Services.io.newURI("https://includesubdomains.preloaded.test");
+  let subDomainUri = Services.io.newURI(
+    "https://a.b.c.subdomain.includesubdomains.preloaded.test"
+  );
+  // sanity - includesubdomains.preloaded.test is preloaded, includeSubdomains set
+  ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+  ok(gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+  gSSService.processHeader(uri, "max-age=0", PRIVATE_ORIGIN_ATTRIBUTES);
+  ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+  ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+  // check adding it back in
+  gSSService.processHeader(uri, "max-age=1000", PRIVATE_ORIGIN_ATTRIBUTES);
+  ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+  // but no includeSubdomains this time
+  ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+  // do the hokey-pokey...
+  gSSService.processHeader(uri, "max-age=0", PRIVATE_ORIGIN_ATTRIBUTES);
+  ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+  ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+  // Test that an expired private browsing entry results in correctly
+  // identifying a host that is on the preload list as no longer sts.
+  // (This happens when we're in private browsing mode, we get a header from
+  // a site on the preload list, and that header later expires. We need to
+  // then treat that host as no longer an sts host.)
+  // (sanity check first - this should be in the preload list)
+  uri = Services.io.newURI("https://includesubdomains2.preloaded.test");
+  ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+  gSSService.processHeader(uri, "max-age=1", PRIVATE_ORIGIN_ATTRIBUTES);
+  do_timeout(1250, function () {
+    ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+    // Simulate leaving private browsing mode
+    Services.obs.notifyObservers(null, "last-pb-context-exited");
+  });
+}
+
+function test_private_browsing2() {
+  // if this test gets this far, it means there's a private browsing service
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains.preloaded.test")
+    )
+  );
+  // the includesubdomains.preloaded.test entry has includeSubdomains set
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+    )
+  );
+
+  // Now that we're out of private browsing mode, we need to make sure
+  // we've "forgotten" that we "forgot" this site's sts status.
+  ok(
+    gSSService.isSecureURI(
+      Services.io.newURI("https://includesubdomains2.preloaded.test")
+    )
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
new file mode 100644
index 0000000000..334fbf8a7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
@@ -0,0 +1,22 @@
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"].getService(
+    Ci.nsISiteSecurityService
+  );
+  let uri = Services.io.newURI("https://includesubdomains.preloaded.test");
+
+  // check that a host on the preload list is identified as an sts host
+  ok(SSService.isSecureURI(uri));
+
+  // now simulate that it's 19 weeks later than it actually is
+  let offsetSeconds = 19 * 7 * 24 * 60 * 60;
+  Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
+
+  // check that the preloaded host is no longer considered sts
+  ok(!SSService.isSecureURI(uri));
+
+  // just make sure we can get everything back to normal
+  Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
+  ok(SSService.isSecureURI(uri));
+}
diff --git a/security/manager/ssl/tests/unit/test_validity.js b/security/manager/ssl/tests/unit/test_validity.js
new file mode 100644
index 0000000000..e1ee44b060
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity.js
@@ -0,0 +1,106 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that chains containing an end-entity cert with an overly long validity
+// period are rejected.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+const SERVER_PORT = 8888;
+
+function getOCSPResponder(expectedCertNames) {
+  let expectedPaths = expectedCertNames.slice();
+  return startOCSPResponder(
+    SERVER_PORT,
+    "www.example.com",
+    "test_validity",
+    expectedCertNames,
+    expectedPaths
+  );
+}
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_validity/${filename}`);
+}
+
+function loadCert(certFilename, trustString) {
+  addCertFromFile(certDB, `test_validity/${certFilename}`, trustString);
+}
+
+/**
+ * Asynchronously runs a single EV test.
+ *
+ * @param {Array} expectedNamesForOCSP
+ *        An array of nicknames of the certs to be responded to.
+ * @param {string} rootCertFileName
+ *        The file name of the root cert. Can begin with ".." to reference
+ *        certs in folders other than "test_validity/".
+ * @param {Array} intCertFileNames
+ *        An array of file names of any intermediate certificates.
+ * @param {string} endEntityCertFileName
+ *        The file name of the end entity cert.
+ * @param {boolean} expectedResult
+ *        Whether the chain is expected to validate as EV.
+ */
+async function doEVTest(
+  expectedNamesForOCSP,
+  rootCertFileName,
+  intCertFileNames,
+  endEntityCertFileName,
+  expectedResult
+) {
+  clearOCSPCache();
+  let ocspResponder = getOCSPResponder(expectedNamesForOCSP);
+
+  loadCert(`${rootCertFileName}.pem`, "CTu,CTu,CTu");
+  for (let intCertFileName of intCertFileNames) {
+    loadCert(`${intCertFileName}.pem`, ",,");
+  }
+  await checkEVStatus(
+    certDB,
+    certFromFile(`${endEntityCertFileName}.pem`),
+    certificateUsageSSLServer,
+    expectedResult
+  );
+
+  await stopOCSPResponder(ocspResponder);
+}
+
+async function checkEVChains() {
+  // Chain with an end entity cert with a validity period that is acceptable
+  // for EV.
+  const intFullName = "ev_int_60_months-evroot";
+  let eeFullName = `ev_ee_27_months-${intFullName}`;
+  let expectedNamesForOCSP = [eeFullName];
+  await doEVTest(
+    expectedNamesForOCSP,
+    "../test_ev_certs/evroot",
+    [intFullName],
+    eeFullName,
+    gEVExpected
+  );
+
+  // Chain with an end entity cert with a validity period that is too long
+  // for EV.
+  eeFullName = `ev_ee_28_months-${intFullName}`;
+  expectedNamesForOCSP = [eeFullName];
+  await doEVTest(
+    expectedNamesForOCSP,
+    "../test_ev_certs/evroot",
+    [intFullName],
+    eeFullName,
+    false
+  );
+}
+
+add_task(async function () {
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  await checkEVChains();
+});
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem
new file mode 100644
index 0000000000..cccff8d9eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIUL3u0qxcophiFgaiJ2owryQeh3uwwDQYJKoZIhvcNAQEL
+BQAwIjEgMB4GA1UEAwwXZXZfaW50XzYwX21vbnRocy1ldnJvb3QwIhgPMjAyMTEx
+MTUxMjAwMDBaGA8yMDI0MDIxNjEyMDAwMFowMjEwMC4GA1UEAwwnZXZfZWVfMjdf
+bW9udGhzLWV2X2ludF82MF9tb250aHMtZXZyb290MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GGMIGDMGAGCCsG
+AQUFBwEBBFQwUjBQBggrBgEFBQcwAYZEaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4
+ODg4L2V2X2VlXzI3X21vbnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdC8wHwYD
+VR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwDQYJKoZIhvcNAQELBQADggEB
+ABZH5/BLYkqjaKryxtGq1Yc6CbguhJUg4LfYfIT2ir/ehmvSOUAv0S8ZrLNmNmVn
+cDWDYehPoCuPlbuhgOpGM2+Oej+tWAA6k5SMZhOM0c/16x5Ljqc2ZtOL/JJwYV9z
+3YqW4TPWqdcARu7Ijf4cqonlZ+Uc398/wMiRlDQxOobtR+qN1QgyFri8Qnz22rBd
+JP+cRqjcyWAdhcHGT0c49dAk1fx7aO5zmithCJ6z+smrrruDms1aFb0kqi/TVkGv
+xYtvnkgdi09Pk6vXpX5JPwLBKPDawMBvZmlJSNfjCvDpoHhY6FCjyXFRQj6R7Uiq
+YP9z9sbvjS9D9lnYa3UjoGI=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 0000000000..d2c7fa1275
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_60_months-evroot
+subject:ev_ee_27_months-ev_int_60_months-evroot
+validity:823
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_27_months-ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem
new file mode 100644
index 0000000000..5baed71ca9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIUZf3qHuuMLRALksijM8PX7b+F3DQwDQYJKoZIhvcNAQEL
+BQAwIjEgMB4GA1UEAwwXZXZfaW50XzYwX21vbnRocy1ldnJvb3QwIhgPMjAyMTEw
+MzEwMDAwMDBaGA8yMDI0MDMwMzAwMDAwMFowMjEwMC4GA1UEAwwnZXZfZWVfMjhf
+bW9udGhzLWV2X2ludF82MF9tb250aHMtZXZyb290MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4GGMIGDMGAGCCsG
+AQUFBwEBBFQwUjBQBggrBgEFBQcwAYZEaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4
+ODg4L2V2X2VlXzI4X21vbnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdC8wHwYD
+VR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwDQYJKoZIhvcNAQELBQADggEB
+AGG25tskpdAYzSwgXWQ8hC8Z44pkYGVHpu7LfszA4WPM+17I8iczxqHa9vANvEfh
+g95QEuBbXVkp+W1aXvgDcA0ZyKumBRMrFFMapOapsqYMCSbMMjMtIhUwvAiJgPav
+nmyap+Q5Ds0PY1d+MCT3PZQBTfk6zfusUTWhgQIaNZxXG7b6pxZ8AvUuZoxG9AWh
+GuysraUJbUyFRfiM+YybbyldVDouFzaqSYh2Z6+/5bwf96AksVeepPLitNYibmsg
+qBQsFje/90X6FU+GcD1PV91cC2j7hdENgSkmAJilBMBl5LclXMSH/lN5lTpyYll4
+YPNbYKy+3n64n0+PfW/JTus=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 0000000000..2dcfb2e29c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_60_months-evroot
+subject:ev_ee_28_months-ev_int_60_months-evroot
+validity:854
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_28_months-ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key
new file mode 100644
index 0000000000..09e044f5e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem
new file mode 100644
index 0000000000..e46a1bed99
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVzCCAj+gAwIBAgIUEY63P4X1xogoyQ0ncUXjGGmc63YwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMjAwNzAyMTIwMDAwWhgPMjAyNTA3
+MDExMjAwMDBaMCIxIDAeBgNVBAMMF2V2X2ludF82MF9tb250aHMtZXZyb290MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMFAGCCsGAQUFBwEB
+BEQwQjBABggrBgEFBQcwAYY0aHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2V2
+X2ludF82MF9tb250aHMtZXZyb290LzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUa
+hRoBg3QJATANBgkqhkiG9w0BAQsFAAOCAQEAKiVH+FgOqh/HTMCPjgftKQ8icRJF
++TysMrjJTCZ+whi1uMtXNHZmWtckAd8xEjor4qhO3K8gaZv3wm56t6FPZp9zWNO2
+QYbNeWwex6Dd9uIl0h2/uCTnUAjBGjPcNZngYMVh5NANQ1vRcnZ4CalBew9oPQwG
+EEd2uerN+ikXUTAQD4Z1MuSZSoRaWw6vAB5sooFWc8TqDfWdAVtv+R7pKezIV76f
+3Pas+Tci+CeUkwSRCTKPAy3aqygtaD4ZGq9d6n9pBoxEHg8iJs7iMUaJCy7HTYUj
+t1Xou5AMJwEHm2OA+J9/okPxI1acDjTIxgkvLkmAYT6ieQsOXw5lpd2WxA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 0000000000..e169514ffa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,8 @@
+issuer:evroot
+subject:ev_int_60_months-evroot
+issuerKey:ev
+validity:1825
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key b/security/manager/ssl/tests/unit/test_validity/evroot.key
new file mode 100644
index 0000000000..1d88a930d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec
new file mode 100644
index 0000000000..1a3d76a550
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem b/security/manager/ssl/tests/unit/test_validity/evroot.pem
new file mode 100644
index 0000000000..13c3031905
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbmgAwIBAgIUIZSHsVgzcvhPgdfrgdMGlpSfMegwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZXZyb290MCIYDzIwMTUwMTAxMDAwMDAwWhgPMjAzNTAx
+MDEwMDAwMDBaMBExDzANBgNVBAMMBmV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALVJiVydABCNEaH5n4ep49Gl21367PGI2le/ZBNojyzkciz/
+EJA4wXQCyToqRz29KGrtP9zTY89aKRR3Ab3YGNdhW/k1a9XTyDNqqowJcTaKBsPN
+RGG5PlFCThdEuy6q1GqrOM4ZaCGWH4dxShZjaT8JdhzfTWuhJerOx74nDTiPeJ9s
+33iuMUTtKMReeSk4Y6eiKkiYCjakDnLVecm5Jd/4x5M2L/1ol6fBdUxel8lnw+rd
+Gq6KoszONIoBabgOKKLXDBqWDG8zXy2gm5tkP1q/uknoqqmB6WDifYdIC91V3ZQX
++hhQn7tVTM+BpDl+i6gSijS98nhlwYnlc0+yKQUCAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBABTOHA9XbfLv/C7+
+5KycYXToOIBRSjQ0j2nsiqFda4Jx+aKsvdpdrrbLHvhrpfsA3ZgB2+eKHunVc4fo
+UHNqZllAs2nx+AEinq4GX8iya5BpiyTIxXWu8v06siGgz1GxlJw1cJ/ZnFEQ9IBf
+cCAr5fCoZ4RC+2OVhiSTnYPCKM+zCyw3YpISjNOg1VVkp46Htp+831Eh12YfwvdY
+Fgh1fc5ohYC5GCLRuXKc9PGTsr3gp7Y0liYbK7v0RBjd+GivNQ3dS3W+lB3Ow0LH
+z/fc3qvrhsd58jHpb1QZQzd9bQjuIIM6Gij7TNdNNarEVZfSJjPYLfXosNdYh5fH
+HmbOwao=
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec
new file mode 100644
index 0000000000..3121f3486e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_x509.js b/security/manager/ssl/tests/unit/test_x509.js
new file mode 100644
index 0000000000..89fd01e819
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_x509.js
@@ -0,0 +1,124 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests X509.jsm functionality.
+
+function stringToArray(s) {
+  let b = [];
+  for (let i = 0; i < s.length; i++) {
+    b.push(s.charCodeAt(i));
+  }
+  return b;
+}
+
+function readPEMToBytes(filename) {
+  return stringToArray(atob(pemToBase64(readFile(do_get_file(filename)))));
+}
+
+function run_test() {
+  let certificate = new X509.Certificate();
+  // We use this certificate because it has a set validity period, which means that when
+  // the test certificates get regenerated each year, the values in this test won't change.
+  certificate.parse(readPEMToBytes("bad_certs/expired-ee.pem"));
+
+  equal(
+    certificate.tbsCertificate.version,
+    3,
+    "expired-ee.pem should be x509v3"
+  );
+
+  // serialNumber
+  deepEqual(
+    certificate.tbsCertificate.serialNumber,
+    [
+      0x63, 0xd1, 0x11, 0x00, 0x82, 0xa3, 0xd2, 0x3b, 0x3f, 0x61, 0xb8, 0x49,
+      0xa0, 0xca, 0xdc, 0x2e, 0x78, 0xfe, 0xfa, 0xea,
+    ],
+    "expired-ee.pem should have expected serialNumber"
+  );
+
+  deepEqual(
+    certificate.tbsCertificate.signature.algorithm._values,
+    [1, 2, 840, 113549, 1, 1, 11], // sha256WithRSAEncryption
+    "expired-ee.pem should have sha256WithRSAEncryption signature"
+  );
+  deepEqual(
+    certificate.tbsCertificate.signature.parameters._contents,
+    [],
+    "expired-ee.pem should have NULL parameters for signature"
+  );
+
+  equal(
+    certificate.tbsCertificate.issuer.rdns.length,
+    1,
+    "expired-ee.pem should have one RDN in issuer"
+  );
+  equal(
+    certificate.tbsCertificate.issuer.rdns[0].avas.length,
+    1,
+    "expired-ee.pem should have one AVA in RDN in issuer"
+  );
+  deepEqual(
+    certificate.tbsCertificate.issuer.rdns[0].avas[0].value.value,
+    stringToArray("Test CA"),
+    "expired-ee.pem should have issuer 'Test CA'"
+  );
+
+  equal(
+    certificate.tbsCertificate.validity.notBefore.time.getTime(),
+    Date.parse("2013-01-01T00:00:00.000Z"),
+    "expired-ee.pem should have the correct value for notBefore"
+  );
+  equal(
+    certificate.tbsCertificate.validity.notAfter.time.getTime(),
+    Date.parse("2014-01-01T00:00:00.000Z"),
+    "expired-ee.pem should have the correct value for notAfter"
+  );
+
+  equal(
+    certificate.tbsCertificate.subject.rdns.length,
+    1,
+    "expired-ee.pem should have one RDN in subject"
+  );
+  equal(
+    certificate.tbsCertificate.subject.rdns[0].avas.length,
+    1,
+    "expired-ee.pem should have one AVA in RDN in subject"
+  );
+  deepEqual(
+    certificate.tbsCertificate.subject.rdns[0].avas[0].value.value,
+    stringToArray("Expired Test End-entity"),
+    "expired-ee.pem should have subject 'Expired Test End-entity'"
+  );
+
+  deepEqual(
+    certificate.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm._values,
+    [1, 2, 840, 113549, 1, 1, 1], // rsaEncryption
+    "expired-ee.pem should have a spki algorithm of rsaEncryption"
+  );
+
+  equal(
+    certificate.tbsCertificate.extensions.length,
+    2,
+    "expired-ee.pem should have two extensions"
+  );
+
+  deepEqual(
+    certificate.signatureAlgorithm.algorithm._values,
+    [1, 2, 840, 113549, 1, 1, 11], // sha256WithRSAEncryption
+    "expired-ee.pem should have sha256WithRSAEncryption signatureAlgorithm"
+  );
+  deepEqual(
+    certificate.signatureAlgorithm.parameters._contents,
+    [],
+    "expired-ee.pem should have NULL parameters for signatureAlgorithm"
+  );
+
+  equal(
+    certificate.signatureValue.length,
+    2048 / 8,
+    "length of signature on expired-ee.pem should be 2048 bits"
+  );
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertAndPinningServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertAndPinningServer.cpp
new file mode 100644
index 0000000000..1ccd5e876b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertAndPinningServer.cpp
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that uses various bad certificates.
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the certificate.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdio.h>
+
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct BadCertAndPinningHost {
+  const char* mHostName;
+  const char* mCertName;
+};
+
+// Hostname, cert nickname pairs.
+const BadCertAndPinningHost sBadCertAndPinningHosts[] = {
+    {"expired.example.com", "expired-ee"},
+    {"notyetvalid.example.com", "notYetValid"},
+    {"before-epoch.example.com", "beforeEpoch"},
+    {"before-epoch-self-signed.example.com", "beforeEpochSelfSigned"},
+    {"selfsigned.example.com", "selfsigned"},
+    {"unknownissuer.example.com", "unknownissuer"},
+    {"mismatch.example.com", "mismatch"},
+    {"mismatch-CN.example.com", "mismatchCN"},
+    {"mitm.example.com", "mitm"},
+    {"expiredissuer.example.com", "expiredissuer"},
+    {"notyetvalidissuer.example.com", "notYetValidIssuer"},
+    {"before-epoch-issuer.example.com", "beforeEpochIssuer"},
+    {"md5signature.example.com", "md5signature"},
+    {"untrusted.example.com", "default-ee"},
+    {"untrustedissuer.example.com", "untrustedissuer"},
+    {"mismatch-expired.example.com", "mismatch-expired"},
+    {"mismatch-notYetValid.example.com", "mismatch-notYetValid"},
+    {"mismatch-untrusted.example.com", "mismatch-untrusted"},
+    {"untrusted-expired.example.com", "untrusted-expired"},
+    {"md5signature-expired.example.com", "md5signature-expired"},
+    {"mismatch-untrusted-expired.example.com", "mismatch-untrusted-expired"},
+    {"inadequatekeyusage.example.com", "inadequatekeyusage-ee"},
+    {"selfsigned-inadequateEKU.example.com", "selfsigned-inadequateEKU"},
+    {"self-signed-end-entity-with-cA-true.example.com",
+     "self-signed-EE-with-cA-true"},
+    {"ca-used-as-end-entity.example.com", "ca-used-as-end-entity"},
+    {"ca-used-as-end-entity-name-mismatch.example.com",
+     "ca-used-as-end-entity"},
+    // All of include-subdomains.pinning.example.com is pinned to End Entity
+    // Test Cert with nick default-ee. Any other nick will only
+    // pass pinning when security.cert_pinning.enforcement.level != strict and
+    // otherCA is added as a user-specified trust anchor. See StaticHPKPins.h.
+    {"include-subdomains.pinning.example.com", "default-ee"},
+    {"good.include-subdomains.pinning.example.com", "default-ee"},
+    {"bad.include-subdomains.pinning.example.com", "other-issuer-ee"},
+    {"bad.include-subdomains.pinning.example.com.", "other-issuer-ee"},
+    {"bad.include-subdomains.pinning.example.com..", "other-issuer-ee"},
+    {"exclude-subdomains.pinning.example.com", "default-ee"},
+    {"sub.exclude-subdomains.pinning.example.com", "other-issuer-ee"},
+    {"test-mode.pinning.example.com", "other-issuer-ee"},
+    {"unknownissuer.include-subdomains.pinning.example.com", "unknownissuer"},
+    {"unknownissuer.test-mode.pinning.example.com", "unknownissuer"},
+    {"nsCertTypeNotCritical.example.com", "nsCertTypeNotCritical"},
+    {"nsCertTypeCriticalWithExtKeyUsage.example.com",
+     "nsCertTypeCriticalWithExtKeyUsage"},
+    {"nsCertTypeCritical.example.com", "nsCertTypeCritical"},
+    {"end-entity-issued-by-v1-cert.example.com", "eeIssuedByV1Cert"},
+    {"end-entity-issued-by-non-CA.example.com", "eeIssuedByNonCA"},
+    {"inadequate-key-size-ee.example.com", "inadequateKeySizeEE"},
+    {"badSubjectAltNames.example.com", "badSubjectAltNames"},
+    {"ipAddressAsDNSNameInSAN.example.com", "ipAddressAsDNSNameInSAN"},
+    {"noValidNames.example.com", "noValidNames"},
+    {"bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", "idn-certificate"},
+    {"emptyissuername.example.com", "emptyIssuerName"},
+    {"ev-test.example.com", "ev-test"},
+    {"ee-from-missing-intermediate.example.com",
+     "ee-from-missing-intermediate"},
+    {"imminently-distrusted.example.com", "ee-imminently-distrusted"},
+    {"localhost", "unknownissuer"},
+    {"a.pinning.example.com", "default-ee"},
+    {"b.pinning.example.com", "default-ee"},
+    {"not-preloaded.example.com", "default-ee"},
+    {"ee.example.com", "default-ee"},
+    {nullptr, nullptr}};
+
+int32_t DoSNISocketConfigBySubjectCN(PRFileDesc* aFd,
+                                     const SECItem* aSrvNameArr,
+                                     uint32_t aSrvNameArrSize) {
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    UniquePORTString name(
+        static_cast<char*>(PORT_ZAlloc(aSrvNameArr[i].len + 1)));
+    if (name) {
+      PORT_Memcpy(name.get(), aSrvNameArr[i].data, aSrvNameArr[i].len);
+      if (ConfigSecureServerWithNamedCert(aFd, name.get(), nullptr, nullptr,
+                                          nullptr) == SECSuccess) {
+        return 0;
+      }
+    }
+  }
+
+  return SSL_SNI_SEND_ALERT;
+}
+
+int32_t DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                          uint32_t aSrvNameArrSize, void* aArg) {
+  const BadCertAndPinningHost* host =
+      GetHostForSNI(aSrvNameArr, aSrvNameArrSize, sBadCertAndPinningHosts);
+  if (!host) {
+    // No static cert <-> hostname mapping found. This happens when we use a
+    // collection of certificates in a given directory and build a cert DB at
+    // runtime, rather than using an NSS cert DB populated at build time.
+    // (This will be the default in the future.)
+    // For all given server names, check if the runtime-built cert DB contains
+    // a certificate with a matching subject CN.
+    return DoSNISocketConfigBySubjectCN(aFd, aSrvNameArr, aSrvNameArrSize);
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, host->mCertName, &cert,
+                                                    &certKEA, nullptr)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int main(int argc, char* argv[]) {
+  return StartServer(argc, argv, DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/DelegatedCredentialsServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/DelegatedCredentialsServer.cpp
new file mode 100644
index 0000000000..5f12756425
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/DelegatedCredentialsServer.cpp
@@ -0,0 +1,142 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server used to test Delegated Credentials
+// (see: https://tools.ietf.org/html/draft-ietf-tls-subcerts-03).
+//
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the certificate.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <iostream>
+
+#include "TLSServer.h"
+
+#include "sslexp.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct DelegatedCertHost {
+  const char* mHostName;
+  const char* mCertName;
+  const char* mDCKeyNick;
+  bool mEnableDelegatedCredentials;
+};
+
+const PRUint32 kDCValidFor = 60 * 60 * 24 * 7 /* 1 week (seconds) */;
+
+// {host, eeCert, dcCert, enableDC}
+const DelegatedCertHost sDelegatedCertHosts[] = {
+    {"delegated-enabled.example.com", "delegated-ee", "delegated.key", true},
+    {"standard-enabled.example.com", "default-ee", "delegated.key", true},
+    {"delegated-disabled.example.com", "delegated-ee",
+     /* anything non-null */ "delegated.key", false},
+    {nullptr, nullptr, nullptr, false}};
+
+int32_t DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                          uint32_t aSrvNameArrSize, void* aArg) {
+  const DelegatedCertHost* host =
+      GetHostForSNI(aSrvNameArr, aSrvNameArrSize, sDelegatedCertHosts);
+  if (!host) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    std::cerr << "Identified host " << host->mHostName << std::endl;
+  }
+
+  UniqueCERTCertificate delegatorCert(
+      PK11_FindCertFromNickname(host->mCertName, nullptr));
+  if (!delegatorCert) {
+    PrintPRError("PK11_FindCertFromNickname failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  SSLExtraServerCertData extra_data = {ssl_auth_null,
+                                       /* Filled in by callee */ nullptr,
+                                       nullptr,
+                                       nullptr,
+                                       /* DC */ nullptr,
+                                       /* DC PrivKey */ nullptr};
+
+  UniqueSECKEYPrivateKey delegatorPriv(
+      PK11_FindKeyByDERCert(slot.get(), delegatorCert.get(), nullptr));
+  if (!delegatorPriv) {
+    PrintPRError("PK11_FindKeyByDERCert failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // Find the DC keypair by the file (nick) name.
+  ScopedAutoSECItem dc;
+  UniqueSECKEYPrivateKey dcPriv;
+  if (host->mEnableDelegatedCredentials) {
+    if (gDebugLevel >= DEBUG_VERBOSE) {
+      std::cerr << "Enabling a delegated credential for host "
+                << host->mHostName << std::endl;
+    }
+
+    if (PK11_NeedLogin(slot.get())) {
+      SECStatus rv = PK11_Authenticate(slot.get(), PR_TRUE, nullptr);
+      if (rv != SECSuccess) {
+        PrintPRError("PK11_Authenticate failed");
+        return SSL_SNI_SEND_ALERT;
+      }
+    }
+    UniqueSECKEYPrivateKeyList list(PK11_ListPrivKeysInSlot(
+        slot.get(), const_cast<char*>(host->mDCKeyNick), nullptr));
+    if (!list) {
+      PrintPRError("PK11_ListPrivKeysInSlot failed");
+      return SSL_SNI_SEND_ALERT;
+    }
+    SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(list);
+
+    dcPriv.reset(SECKEY_CopyPrivateKey(node->key));
+    if (!dcPriv) {
+      PrintPRError("PK11_ListPrivKeysInSlot could not find dcPriv");
+      return SSL_SNI_SEND_ALERT;
+    }
+
+    UniqueSECKEYPublicKey dcPub(SECKEY_ConvertToPublicKey(dcPriv.get()));
+    if (!dcPub) {
+      PrintPRError("SECKEY_ConvertToPublicKey failed");
+      return SSL_SNI_SEND_ALERT;
+    }
+
+    // Create and set the DC.
+    if (SSL_DelegateCredential(delegatorCert.get(), delegatorPriv.get(),
+                               dcPub.get(), ssl_sig_ecdsa_secp384r1_sha384,
+                               kDCValidFor, PR_Now(), &dc) != SECSuccess) {
+      PrintPRError("SSL_DelegateCredential failed");
+      return SSL_SNI_SEND_ALERT;
+    }
+    extra_data.delegCred = &dc;
+    extra_data.delegCredPrivKey = dcPriv.get();
+
+    // The list should only have a single key.
+    PORT_Assert(PRIVKEY_LIST_END(PRIVKEY_LIST_NEXT(node), list));
+  }
+
+  if (ConfigSecureServerWithNamedCert(aFd, host->mCertName, nullptr, nullptr,
+                                      &extra_data) != SECSuccess) {
+    PrintPRError("ConfigSecureServerWithNamedCert failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int main(int argc, char* argv[]) {
+  return StartServer(argc, argv, DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/EncryptedClientHelloServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/EncryptedClientHelloServer.cpp
new file mode 100644
index 0000000000..fd284874b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/EncryptedClientHelloServer.cpp
@@ -0,0 +1,178 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that offers TLS 1.3 Encrypted
+// Client Hello support.
+
+#include <stdio.h>
+
+#include "nspr.h"
+#include "ScopedNSSTypes.h"
+#include "ssl.h"
+#include "sslexp.h"
+#include "TLSServer.h"
+#include <pk11pub.h>
+#include <vector>
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct EchHost {
+  const char* mHostName;
+  const char* mCertName;
+};
+
+const std::vector<uint32_t> kSuiteChaCha = {
+    (static_cast<uint32_t>(HpkeKdfHkdfSha256) << 16) |
+    HpkeAeadChaCha20Poly1305};
+
+// Hostname, cert nickname pairs.
+const EchHost sEchHosts[] = {{"ech-public.example.com", "default-ee"},
+                             {"ech-private.example.com", "private-ee"},
+                             {"selfsigned.example.com", "selfsigned"},
+                             {nullptr, nullptr}};
+
+int32_t DoSNISocketConfigBySubjectCN(PRFileDesc* aFd,
+                                     const SECItem* aSrvNameArr,
+                                     uint32_t aSrvNameArrSize) {
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    UniquePORTString name(
+        static_cast<char*>(PORT_ZAlloc(aSrvNameArr[i].len + 1)));
+    if (name) {
+      PORT_Memcpy(name.get(), aSrvNameArr[i].data, aSrvNameArr[i].len);
+      if (ConfigSecureServerWithNamedCert(aFd, name.get(), nullptr, nullptr,
+                                          nullptr) == SECSuccess) {
+        return 0;
+      }
+    }
+  }
+
+  return SSL_SNI_SEND_ALERT;
+}
+
+int32_t DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                          uint32_t aSrvNameArrSize, void* aArg) {
+  const EchHost* host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize, sEchHosts);
+  if (!host) {
+    PrintPRError("No cert found for hostname");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, host->mCertName, &cert,
+                                                    &certKEA, nullptr)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int32_t SetAlpnOptions(PRFileDesc* aFd, uint8_t flags) {
+  const std::vector<uint8_t> http1 = {0x08, 0x68, 0x74, 0x74, 0x70,
+                                      0x2f, 0x31, 0x2e, 0x31};
+  const std::vector<uint8_t> http2 = {0x02, 0x68, 0x32};
+  const std::vector<uint8_t> http3 = {0x02, 0x68, 0x33};
+  std::vector<uint8_t> alpnVec = {};
+  if (flags & 0b001) {
+    alpnVec.insert(alpnVec.end(), http1.begin(), http1.end());
+  }
+  if (flags & 0b010) {
+    alpnVec.insert(alpnVec.end(), http2.begin(), http2.end());
+  }
+  if (flags & 0b100) {
+    alpnVec.insert(alpnVec.end(), http3.begin(), http3.end());
+  }
+  fprintf(stderr, "ALPN Flags: %u\n", flags);
+  fprintf(stderr, "ALPN length: %zu\n", alpnVec.size());
+  if (SSL_SetNextProtoNego(aFd, alpnVec.data(), alpnVec.size()) != SECSuccess) {
+    fprintf(stderr, "Setting ALPN failed!\n");
+    return 1;
+  }
+
+  return 0;
+}
+
+SECStatus ConfigureServer(PRFileDesc* aFd) {
+  const char* alpnFlag = PR_GetEnv("MOZ_TLS_ECH_ALPN_FLAG");
+  if (alpnFlag) {
+    uint8_t flag = atoi(alpnFlag);
+    SetAlpnOptions(aFd, flag);
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+
+  UniqueSECKEYPublicKey pubKey;
+  UniqueSECKEYPrivateKey privKey;
+  SECKEYPublicKey* tmpPubKey = nullptr;
+  SECKEYPrivateKey* tmpPrivKey = nullptr;
+
+  static const std::vector<uint8_t> pkcs8{
+      0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+      0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+      0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+      0x8c, 0x49, 0x0e, 0x5b, 0x0c, 0x7d, 0xbe, 0x0c, 0x6d, 0x21, 0x92, 0x48,
+      0x4d, 0x2b, 0x7a, 0x04, 0x23, 0xb3, 0xb4, 0x54, 0x4f, 0x24, 0x81, 0x09,
+      0x5a, 0x99, 0xdb, 0xf2, 0x38, 0xfb, 0x35, 0x0f, 0xa1, 0x23, 0x03, 0x21,
+      0x00, 0x8a, 0x07, 0x56, 0x39, 0x49, 0xfa, 0xc6, 0x23, 0x29, 0x36, 0xed,
+      0x6f, 0x36, 0xc4, 0xfa, 0x73, 0x59, 0x30, 0xec, 0xde, 0xae, 0xf6, 0x73,
+      0x4e, 0x31, 0x4a, 0xea, 0xc3, 0x5a, 0x56, 0xfd, 0x0a};
+
+  SECItem pkcs8Item = {siBuffer, const_cast<uint8_t*>(pkcs8.data()),
+                       static_cast<unsigned int>(pkcs8.size())};
+  SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+      slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL,
+      &tmpPrivKey, nullptr);
+
+  if (rv != SECSuccess) {
+    PrintPRError("PK11_ImportDERPrivateKeyInfoAndReturnKey failed");
+    return SECFailure;
+  }
+  privKey.reset(tmpPrivKey);
+  tmpPubKey = SECKEY_ConvertToPublicKey(privKey.get());
+  pubKey.reset(tmpPubKey);
+
+  if (!privKey || !pubKey) {
+    PrintPRError("ECH/HPKE Public or Private key is null!");
+    return SECFailure;
+  }
+
+  std::vector<uint8_t> echConfig(1000, 0);
+  unsigned int len = 0;
+  const PRUint8 configId = 77;
+  const HpkeSymmetricSuite echCipherSuite = {HpkeKdfHkdfSha256,
+                                             HpkeAeadChaCha20Poly1305};
+  rv = SSL_EncodeEchConfigId(configId, "ech-public.example.com", 100,
+                             HpkeDhKemX25519Sha256, pubKey.get(),
+                             &echCipherSuite, 1, echConfig.data(), &len,
+                             echConfig.size());
+  if (rv != SECSuccess) {
+    PrintPRError("SSL_EncodeEchConfig failed");
+    return rv;
+  }
+
+  rv = SSL_SetServerEchConfigs(aFd, pubKey.get(), privKey.get(),
+                               echConfig.data(), len);
+  if (rv != SECSuccess) {
+    PrintPRError("SSL_SetServerEchConfigs failed");
+    return rv;
+  }
+
+  return SECSuccess;
+}
+
+int main(int argc, char* argv[]) {
+  int rv = StartServer(argc, argv, DoSNISocketConfig, nullptr, ConfigureServer);
+  if (rv < 0) {
+    return rv;
+  }
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp
new file mode 100644
index 0000000000..4d30f8a87a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp
@@ -0,0 +1,206 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+
+#include "nspr.h"
+#include "ScopedNSSTypes.h"
+#include "ssl.h"
+#include "ssl3prot.h"
+#include "sslexp.h"
+#include "sslimpl.h"
+#include "TLSServer.h"
+
+#include "mozilla/Sprintf.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+enum FaultType {
+  None = 0,
+  ZeroRtt,
+  UnknownSNI,
+};
+
+struct FaultyServerHost {
+  const char* mHostName;
+  const char* mCertName;
+  FaultType mFaultType;
+};
+
+const char* kHostOk = "ok.example.com";
+const char* kHostUnknown = "unknown.example.com";
+const char* kHostZeroRttAlertBadMac = "0rtt-alert-bad-mac.example.com";
+const char* kHostZeroRttAlertVersion =
+    "0rtt-alert-protocol-version.example.com";
+const char* kHostZeroRttAlertUnexpected = "0rtt-alert-unexpected.example.com";
+const char* kHostZeroRttAlertDowngrade = "0rtt-alert-downgrade.example.com";
+
+const char* kCertWildcard = "default-ee";
+
+/* Each type of failure gets a different SNI.
+ * the "default-ee" cert has a SAN for *.example.com
+ * the "no-san-ee" cert is signed by the test-ca, but it doesn't have any SANs.
+ */
+const FaultyServerHost sFaultyServerHosts[]{
+    {kHostOk, kCertWildcard, None},
+    {kHostUnknown, kCertWildcard, UnknownSNI},
+    {kHostZeroRttAlertBadMac, kCertWildcard, ZeroRtt},
+    {kHostZeroRttAlertVersion, kCertWildcard, ZeroRtt},
+    {kHostZeroRttAlertUnexpected, kCertWildcard, ZeroRtt},
+    {kHostZeroRttAlertDowngrade, kCertWildcard, ZeroRtt},
+    {nullptr, nullptr},
+};
+
+nsresult SendAll(PRFileDesc* aSocket, const char* aData, size_t aDataLen) {
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "sending '%s'\n", aData);
+  }
+
+  int32_t len = static_cast<int32_t>(aDataLen);
+  while (len > 0) {
+    int32_t bytesSent = PR_Send(aSocket, aData, len, 0, PR_INTERVAL_NO_TIMEOUT);
+    if (bytesSent == -1) {
+      PrintPRError("PR_Send failed");
+      return NS_ERROR_FAILURE;
+    }
+
+    len -= bytesSent;
+    aData += bytesSent;
+  }
+
+  return NS_OK;
+}
+
+// returns 0 on success, non-zero on error
+int DoCallback(const char* path) {
+  UniquePRFileDesc socket(PR_NewTCPSocket());
+  if (!socket) {
+    PrintPRError("PR_NewTCPSocket failed");
+    return 1;
+  }
+
+  uint32_t port = 0;
+  const char* callbackPort = PR_GetEnv("FAULTY_SERVER_CALLBACK_PORT");
+  if (callbackPort) {
+    port = atoi(callbackPort);
+  }
+  if (!port) {
+    return 0;
+  }
+
+  PRNetAddr addr;
+  PR_InitializeNetAddr(PR_IpAddrLoopback, port, &addr);
+  if (PR_Connect(socket.get(), &addr, PR_INTERVAL_NO_TIMEOUT) != PR_SUCCESS) {
+    PrintPRError("PR_Connect failed");
+    return 1;
+  }
+
+  char request[512];
+  SprintfLiteral(request, "GET %s HTTP/1.0\r\n\r\n", path);
+  SendAll(socket.get(), request, strlen(request));
+  char buf[4096];
+  memset(buf, 0, sizeof(buf));
+  int32_t bytesRead =
+      PR_Recv(socket.get(), buf, sizeof(buf) - 1, 0, PR_INTERVAL_NO_TIMEOUT);
+  if (bytesRead < 0) {
+    PrintPRError("PR_Recv failed 1");
+    return 1;
+  }
+  if (bytesRead == 0) {
+    fprintf(stderr, "PR_Recv eof 1\n");
+    return 1;
+  }
+  // fprintf(stderr, "%s\n", buf);
+  return 0;
+}
+
+/* These are very rough examples. In practice the `arg` parameter to a callback
+ * might need to be an object that holds some state, like the various traffic
+ * secrets. */
+
+/* An SSLSecretCallback is called after every key derivation step in the TLS
+ * 1.3 key schedule.
+ *
+ * Epoch 1 is for the early traffic secret.
+ * Epoch 2 is for the handshake traffic secrets.
+ * Epoch 3 is for the application traffic secrets.
+ */
+void SecretCallbackFailZeroRtt(PRFileDesc* fd, PRUint16 epoch,
+                               SSLSecretDirection dir, PK11SymKey* secret,
+                               void* arg) {
+  fprintf(stderr, "0RTT handler epoch=%d dir=%d\n", epoch, (uint32_t)dir);
+  FaultyServerHost* host = static_cast<FaultyServerHost*>(arg);
+
+  if (epoch == 1 && dir == ssl_secret_read) {
+    sslSocket* ss = ssl_FindSocket(fd);
+    if (!ss) {
+      fprintf(stderr, "0RTT handler, no ss!\n");
+      return;
+    }
+
+    char path[256];
+    SprintfLiteral(path, "/callback/%d", epoch);
+    DoCallback(path);
+
+    fprintf(stderr, "0RTT handler, configuring alert\n");
+    if (!strcmp(host->mHostName, kHostZeroRttAlertBadMac)) {
+      SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
+    } else if (!strcmp(host->mHostName, kHostZeroRttAlertVersion)) {
+      SSL3_SendAlert(ss, alert_fatal, protocol_version);
+    } else if (!strcmp(host->mHostName, kHostZeroRttAlertUnexpected)) {
+      SSL3_SendAlert(ss, alert_fatal, no_alert);
+    }
+  }
+}
+
+/* An SSLRecordWriteCallback can replace the TLS record layer. */
+SECStatus WriteCallbackExample(PRFileDesc* fd, PRUint16 epoch,
+                               SSLContentType contentType, const PRUint8* data,
+                               unsigned int len, void* arg) {
+  /* do something */
+  return SECSuccess;
+}
+
+int32_t DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                          uint32_t aSrvNameArrSize, void* aArg) {
+  const FaultyServerHost* host =
+      GetHostForSNI(aSrvNameArr, aSrvNameArrSize, sFaultyServerHosts);
+  if (!host || host->mFaultType == UnknownSNI) {
+    PrintPRError("No cert found for hostname");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  switch (host->mFaultType) {
+    case ZeroRtt:
+      SSL_SecretCallback(aFd, &SecretCallbackFailZeroRtt, (void*)host);
+      break;
+    case None:
+      break;
+    default:
+      break;
+  }
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, host->mCertName, &cert,
+                                                    &certKEA, nullptr)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+SECStatus ConfigureServer(PRFileDesc* aFd) { return SECSuccess; }
+
+int main(int argc, char* argv[]) {
+  int rv = StartServer(argc, argv, DoSNISocketConfig, nullptr, ConfigureServer);
+  if (rv < 0) {
+    return rv;
+  }
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
new file mode 100644
index 0000000000..113e668f89
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
@@ -0,0 +1,168 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 sw=2 tw=80 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This simple program takes a database directory, and one or more tuples like
+ * <typeOfResponse> <CertNick> <ExtraCertNick> <outPutFilename>
+ * to generate (one or more) ocsp responses.
+ */
+
+#include <stdio.h>
+#include <string>
+#include <vector>
+
+#include "mozilla/ArrayUtils.h"
+
+#include "cert.h"
+#include "nspr.h"
+#include "nss.h"
+#include "plarenas.h"
+#include "prerror.h"
+#include "ssl.h"
+#include "secerr.h"
+
+#include "OCSPCommon.h"
+#include "ScopedNSSTypes.h"
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct OCSPResponseName {
+  const char* mTypeString;
+  const OCSPResponseType mORT;
+};
+
+const static OCSPResponseName kOCSPResponseNameList[] = {
+    {"good", ORTGood},                         // the certificate is good
+    {"good-delegated", ORTDelegatedIncluded},  // the certificate is good, using
+                                               // a delegated signer
+    {"revoked", ORTRevoked},                // the certificate has been revoked
+    {"unknown", ORTUnknown},                // the responder doesn't know if the
+                                            //   cert is good
+    {"goodotherca", ORTGoodOtherCA},        // the wrong CA has signed the
+                                            //   response
+    {"expiredresponse", ORTExpired},        // the signature on the response has
+                                            //   expired
+    {"oldvalidperiod", ORTExpiredFreshCA},  // fresh signature, but old validity
+                                            //   period
+    {"empty", ORTEmpty},                    // an empty stapled response
+
+    {"malformed", ORTMalformed},         // the response from the responder
+                                         //   was malformed
+    {"serverr", ORTSrverr},              // the response indicates there was a
+                                         //   server error
+    {"trylater", ORTTryLater},           // the responder replied with
+                                         //   "try again later"
+    {"resp-unsigned", ORTNeedsSig},      // the response needs a signature
+    {"unauthorized", ORTUnauthorized},   // the responder does not know about
+                                         //   the cert
+    {"bad-signature", ORTBadSignature},  // the response has a bad signature
+    {"longvalidityalmostold",
+     ORTLongValidityAlmostExpired},  // the response is
+                                     // still valid, but the generation
+                                     // is almost a year old
+    {"ancientstillvalid", ORTAncientAlmostExpired},  // The response is still
+                                                     // valid but the generation
+                                                     // is almost two years old
+};
+
+bool StringToOCSPResponseType(const char* respText,
+                              /*out*/ OCSPResponseType* OCSPType) {
+  if (!OCSPType) {
+    return false;
+  }
+  for (auto ocspResponseName : kOCSPResponseNameList) {
+    if (strcmp(respText, ocspResponseName.mTypeString) == 0) {
+      *OCSPType = ocspResponseName.mORT;
+      return true;
+    }
+  }
+  return false;
+}
+
+bool WriteResponse(const char* filename, const SECItem* item) {
+  if (!filename || !item || !item->data) {
+    PR_fprintf(PR_STDERR, "invalid parameters to WriteResponse");
+    return false;
+  }
+
+  UniquePRFileDesc outFile(
+      PR_Open(filename, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0644));
+  if (!outFile) {
+    PrintPRError("cannot open file for writing");
+    return false;
+  }
+  int32_t rv = PR_Write(outFile.get(), item->data, item->len);
+  if (rv < 0 || (uint32_t)rv != item->len) {
+    PrintPRError("File write failure");
+    return false;
+  }
+
+  return true;
+}
+
+int main(int argc, char* argv[]) {
+  if (argc < 7 || (argc - 7) % 5 != 0) {
+    PR_fprintf(
+        PR_STDERR,
+        "usage: %s <NSS DB directory> <responsetype> "
+        "<cert_nick> <extranick> <this_update_skew> <outfilename> [<resptype> "
+        "<cert_nick> <extranick> <this_update_skew> <outfilename>]* \n",
+        argv[0]);
+    exit(EXIT_FAILURE);
+  }
+  SECStatus rv = InitializeNSS(argv[1]);
+  if (rv != SECSuccess) {
+    PR_fprintf(PR_STDERR, "Failed to initialize NSS\n");
+    exit(EXIT_FAILURE);
+  }
+  UniquePLArenaPool arena(PORT_NewArena(256 * argc));
+  if (!arena) {
+    PrintPRError("PORT_NewArena failed");
+    exit(EXIT_FAILURE);
+  }
+
+  for (int i = 2; i + 3 < argc; i += 5) {
+    const char* ocspTypeText = argv[i];
+    const char* certNick = argv[i + 1];
+    const char* extraCertname = argv[i + 2];
+    const char* skewChars = argv[i + 3];
+    const char* filename = argv[i + 4];
+
+    OCSPResponseType ORT;
+    if (!StringToOCSPResponseType(ocspTypeText, &ORT)) {
+      PR_fprintf(PR_STDERR, "Cannot generate OCSP response of type %s\n",
+                 ocspTypeText);
+      exit(EXIT_FAILURE);
+    }
+
+    UniqueCERTCertificate cert(PK11_FindCertFromNickname(certNick, nullptr));
+    if (!cert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      PR_fprintf(PR_STDERR, "Failed to find certificate with nick '%s'\n",
+                 certNick);
+      exit(EXIT_FAILURE);
+    }
+
+    time_t skew = static_cast<time_t>(atoll(skewChars));
+
+    SECItemArray* response =
+        GetOCSPResponseForType(ORT, cert, arena, extraCertname, skew);
+    if (!response) {
+      PR_fprintf(PR_STDERR,
+                 "Failed to generate OCSP response of type %s "
+                 "for %s\n",
+                 ocspTypeText, certNick);
+      exit(EXIT_FAILURE);
+    }
+
+    if (!WriteResponse(filename, &response->items[0])) {
+      PR_fprintf(PR_STDERR, "Failed to write file %s\n", filename);
+      exit(EXIT_FAILURE);
+    }
+  }
+  return 0;
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
new file mode 100644
index 0000000000..b35484572f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
@@ -0,0 +1,153 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that delivers various stapled OCSP responses.
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the OCSP response.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdio.h>
+
+#include "OCSPCommon.h"
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+const OCSPHost sOCSPHosts[] = {
+    {"ocsp-stapling-good.example.com", ORTGood, nullptr, nullptr},
+    {"ocsp-stapling-revoked.example.com", ORTRevoked, nullptr, nullptr},
+    {"ocsp-stapling-revoked-old.example.com", ORTRevokedOld, nullptr, nullptr},
+    {"ocsp-stapling-unknown.example.com", ORTUnknown, nullptr, nullptr},
+    {"ocsp-stapling-unknown-old.example.com", ORTUnknownOld, nullptr, nullptr},
+    {"ocsp-stapling-good-other.example.com", ORTGoodOtherCert,
+     "ocspOtherEndEntity", nullptr},
+    {"ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA, "other-test-ca",
+     nullptr},
+    {"ocsp-stapling-expired.example.com", ORTExpired, nullptr, nullptr},
+    {"ocsp-stapling-expired-fresh-ca.example.com", ORTExpiredFreshCA, nullptr,
+     nullptr},
+    {"ocsp-stapling-none.example.com", ORTNone, nullptr, nullptr},
+    {"ocsp-stapling-empty.example.com", ORTEmpty, nullptr, nullptr},
+    {"ocsp-stapling-malformed.example.com", ORTMalformed, nullptr, nullptr},
+    {"ocsp-stapling-srverr.example.com", ORTSrverr, nullptr, nullptr},
+    {"ocsp-stapling-trylater.example.com", ORTTryLater, nullptr, nullptr},
+    {"ocsp-stapling-needssig.example.com", ORTNeedsSig, nullptr, nullptr},
+    {"ocsp-stapling-unauthorized.example.com", ORTUnauthorized, nullptr,
+     nullptr},
+    {"ocsp-stapling-with-intermediate.example.com", ORTGood, nullptr,
+     "ocspEEWithIntermediate"},
+    {"ocsp-stapling-bad-signature.example.com", ORTBadSignature, nullptr,
+     nullptr},
+    {"ocsp-stapling-skip-responseBytes.example.com", ORTSkipResponseBytes,
+     nullptr, nullptr},
+    {"ocsp-stapling-critical-extension.example.com", ORTCriticalExtension,
+     nullptr, nullptr},
+    {"ocsp-stapling-noncritical-extension.example.com", ORTNoncriticalExtension,
+     nullptr, nullptr},
+    {"ocsp-stapling-empty-extensions.example.com", ORTEmptyExtensions, nullptr,
+     nullptr},
+    {"ocsp-stapling-delegated-included.example.com", ORTDelegatedIncluded,
+     "delegatedSigner", nullptr},
+    {"ocsp-stapling-delegated-included-last.example.com",
+     ORTDelegatedIncludedLast, "delegatedSigner", nullptr},
+    {"ocsp-stapling-delegated-missing.example.com", ORTDelegatedMissing,
+     "delegatedSigner", nullptr},
+    {"ocsp-stapling-delegated-missing-multiple.example.com",
+     ORTDelegatedMissingMultiple, "delegatedSigner", nullptr},
+    {"ocsp-stapling-delegated-no-extKeyUsage.example.com", ORTDelegatedIncluded,
+     "invalidDelegatedSignerNoExtKeyUsage", nullptr},
+    {"ocsp-stapling-delegated-from-intermediate.example.com",
+     ORTDelegatedIncluded, "invalidDelegatedSignerFromIntermediate", nullptr},
+    {"ocsp-stapling-delegated-keyUsage-crlSigning.example.com",
+     ORTDelegatedIncluded, "invalidDelegatedSignerKeyUsageCrlSigning", nullptr},
+    {"ocsp-stapling-delegated-wrong-extKeyUsage.example.com",
+     ORTDelegatedIncluded, "invalidDelegatedSignerWrongExtKeyUsage", nullptr},
+    {"ocsp-stapling-ancient-valid.example.com", ORTAncientAlmostExpired,
+     nullptr, nullptr},
+    {"keysize-ocsp-delegated.example.com", ORTDelegatedIncluded,
+     "rsa-1016-keysizeDelegatedSigner", nullptr},
+    {"revoked-ca-cert-used-as-end-entity.example.com", ORTRevoked,
+     "ca-used-as-end-entity", nullptr},
+    {"ocsp-stapling-must-staple.example.com", ORTGood, nullptr,
+     "must-staple-ee"},
+    {"ocsp-stapling-must-staple-revoked.example.com", ORTRevoked, nullptr,
+     "must-staple-ee"},
+    {"ocsp-stapling-must-staple-missing.example.com", ORTNone, nullptr,
+     "must-staple-ee"},
+    {"ocsp-stapling-must-staple-empty.example.com", ORTEmpty, nullptr,
+     "must-staple-ee"},
+    {"ocsp-stapling-must-staple-ee-with-must-staple-int.example.com", ORTGood,
+     nullptr, "must-staple-ee-with-must-staple-int"},
+    {"ocsp-stapling-plain-ee-with-must-staple-int.example.com", ORTGood,
+     nullptr, "must-staple-missing-ee"},
+    {"ocsp-stapling-must-staple-expired.example.com", ORTExpired, nullptr,
+     "must-staple-ee"},
+    {"ocsp-stapling-must-staple-try-later.example.com", ORTTryLater, nullptr,
+     "must-staple-ee"},
+    {"ocsp-stapling-must-staple-invalid-signer.example.com", ORTGoodOtherCA,
+     "other-test-ca", "must-staple-ee"},
+    {"multi-tls-feature-good.example.com", ORTNone, nullptr,
+     "multi-tls-feature-good-ee"},
+    {"multi-tls-feature-bad.example.com", ORTNone, nullptr,
+     "multi-tls-feature-bad-ee"},
+    {nullptr, ORTNull, nullptr, nullptr}};
+
+int32_t DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                          uint32_t aSrvNameArrSize, void* aArg) {
+  const OCSPHost* host =
+      GetHostForSNI(aSrvNameArr, aSrvNameArrSize, sOCSPHosts);
+  if (!host) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  const char* certNickname =
+      host->mServerCertName ? host->mServerCertName : DEFAULT_CERT_NICKNAME;
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, certNickname, &cert,
+                                                    &certKEA, nullptr)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // If the OCSP response type is "none", don't staple a response.
+  if (host->mORT == ORTNone) {
+    return 0;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(1024));
+  if (!arena) {
+    PrintPRError("PORT_NewArena failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // response is contained by the arena - freeing the arena will free it
+  SECItemArray* response = GetOCSPResponseForType(host->mORT, cert, arena,
+                                                  host->mAdditionalCertName, 0);
+  if (!response) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // SSL_SetStapledOCSPResponses makes a deep copy of response
+  SECStatus st = SSL_SetStapledOCSPResponses(aFd, response, certKEA);
+  if (st != SECSuccess) {
+    PrintPRError("SSL_SetStapledOCSPResponses failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int main(int argc, char* argv[]) {
+  return StartServer(argc, argv, DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/SanctionsTestServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/SanctionsTestServer.cpp
new file mode 100644
index 0000000000..9371617305
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/SanctionsTestServer.cpp
@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that uses various bad certificates.
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the certificate.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdio.h>
+
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct SanctionsCertHost {
+  const char* mHostName;
+  const char* mCertName;
+};
+
+// Hostname, cert nickname pairs.
+const SanctionsCertHost sSanctionsCertHosts[] = {
+    {"symantec-allowlist-after-cutoff.example.com",
+     "symantec-ee-from-allowlist-after-cutoff"},
+    {"symantec-allowlist-before-cutoff.example.com",
+     "symantec-ee-from-allowlist-before-cutoff"},
+    {"symantec-not-allowlisted-after-cutoff.example.com",
+     "symantec-ee-not-allowlisted-after-cutoff"},
+    {"symantec-not-allowlisted-before-cutoff.example.com",
+     "symantec-ee-not-allowlisted-before-cutoff"},
+    {"symantec-unaffected.example.com", "symantec-ee-unaffected"},
+    {nullptr, nullptr}};
+
+int32_t DoSNISocketConfigBySubjectCN(PRFileDesc* aFd,
+                                     const SECItem* aSrvNameArr,
+                                     uint32_t aSrvNameArrSize) {
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    UniquePORTString name(
+        static_cast<char*>(PORT_ZAlloc(aSrvNameArr[i].len + 1)));
+    if (name) {
+      PORT_Memcpy(name.get(), aSrvNameArr[i].data, aSrvNameArr[i].len);
+      if (ConfigSecureServerWithNamedCert(aFd, name.get(), nullptr, nullptr,
+                                          nullptr) == SECSuccess) {
+        return 0;
+      }
+    }
+  }
+
+  return SSL_SNI_SEND_ALERT;
+}
+
+int32_t DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                          uint32_t aSrvNameArrSize, void* aArg) {
+  const SanctionsCertHost* host =
+      GetHostForSNI(aSrvNameArr, aSrvNameArrSize, sSanctionsCertHosts);
+  if (!host) {
+    // No static cert <-> hostname mapping found. This happens when we use a
+    // collection of certificates in a given directory and build a cert DB at
+    // runtime, rather than using an NSS cert DB populated at build time.
+    // (This will be the default in the future.)
+    // For all given server names, check if the runtime-built cert DB contains
+    // a certificate with a matching subject CN.
+    return DoSNISocketConfigBySubjectCN(aFd, aSrvNameArr, aSrvNameArrSize);
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, host->mCertName, &cert,
+                                                    &certKEA, nullptr)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int main(int argc, char* argv[]) {
+  return StartServer(argc, argv, DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build
new file mode 100644
index 0000000000..ebf8f8e3e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build
@@ -0,0 +1,45 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+GeckoSimplePrograms(
+    [
+        "BadCertAndPinningServer",
+        "DelegatedCredentialsServer",
+        "EncryptedClientHelloServer",
+        "GenerateOCSPResponse",
+        "OCSPStaplingServer",
+        "SanctionsTestServer",
+    ],
+    linkage=None,
+)
+
+if not CONFIG["MOZ_SYSTEM_NSS"]:
+    # Bug 1805371. See comment in ../lib/moz.build
+    GeckoSimplePrograms(
+        [
+            "FaultyServer",
+        ],
+        linkage=None,
+    )
+
+    DEFINES["NSS_USE_STATIC_LIBS"] = True
+
+    LOCAL_INCLUDES += [
+        "../../../../../../nss/lib/ssl",
+        "../lib",
+    ]
+    USE_LIBS += [
+        "tlsserver",
+    ]
+else:
+    LOCAL_INCLUDES += [
+        "../lib",
+    ]
+    USE_LIBS += ["mozpkix", "nspr", "nss", "tlsserver"]
+
+
+if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
+    CXXFLAGS += CONFIG["MOZ_GTK3_CFLAGS"]
diff --git a/security/manager/ssl/tests/unit/tlsserver/default-ee.der b/security/manager/ssl/tests/unit/tlsserver/default-ee.der
new file mode 100644
index 0000000000..3a9b8fa9bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/default-ee.der
@@ -0,0 +1,3 @@
+This is now an unused file. It exists to ease the coordination between gecko
+development trees and the automation infrastructure that runs periodic updates.
+See bug 1203312 and bug 1205406.
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
new file mode 100644
index 0000000000..be9a9af9b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "OCSPCommon.h"
+
+#include <stdio.h>
+
+#include "mozpkix/test/pkixtestutil.h"
+#include "mozpkix/test/pkixtestnss.h"
+#include "TLSServer.h"
+#include "secder.h"
+#include "secerr.h"
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::pkix::test;
+using namespace mozilla::test;
+
+static TestKeyPair* CreateTestKeyPairFromCert(
+    const UniqueCERTCertificate& cert) {
+  ScopedSECKEYPrivateKey privateKey(PK11_FindKeyByAnyCert(cert.get(), nullptr));
+  if (!privateKey) {
+    return nullptr;
+  }
+  ScopedSECKEYPublicKey publicKey(CERT_ExtractPublicKey(cert.get()));
+  if (!publicKey) {
+    return nullptr;
+  }
+  return CreateTestKeyPair(RSA_PKCS1(), publicKey, privateKey);
+}
+
+SECItemArray* GetOCSPResponseForType(OCSPResponseType aORT,
+                                     const UniqueCERTCertificate& aCert,
+                                     const UniquePLArenaPool& aArena,
+                                     const char* aAdditionalCertName,
+                                     time_t aThisUpdateSkew) {
+  MOZ_ASSERT(aArena);
+  MOZ_ASSERT(aCert);
+  // Note: |aAdditionalCertName| may or may not need to be non-null depending
+  //       on the |aORT| value given.
+
+  if (aORT == ORTNone) {
+    if (gDebugLevel >= DEBUG_WARNINGS) {
+      fprintf(stderr,
+              "GetOCSPResponseForType called with type ORTNone, "
+              "which makes no sense.\n");
+    }
+    return nullptr;
+  }
+
+  if (aORT == ORTEmpty) {
+    SECItemArray* arr = SECITEM_AllocArray(aArena.get(), nullptr, 1);
+    arr->items[0].data = nullptr;
+    arr->items[0].len = 0;
+    return arr;
+  }
+
+  time_t now = time(nullptr) + aThisUpdateSkew;
+  time_t oldNow = now - (8 * Time::ONE_DAY_IN_SECONDS);
+
+  mozilla::UniqueCERTCertificate cert(CERT_DupCertificate(aCert.get()));
+
+  if (aORT == ORTGoodOtherCert) {
+    cert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr));
+    if (!cert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      return nullptr;
+    }
+  }
+  // XXX CERT_FindCertIssuer uses the old, deprecated path-building logic
+  mozilla::UniqueCERTCertificate issuerCert(
+      CERT_FindCertIssuer(aCert.get(), PR_Now(), certUsageSSLCA));
+  if (!issuerCert) {
+    PrintPRError("CERT_FindCertIssuer failed");
+    return nullptr;
+  }
+  Input issuer;
+  if (issuer.Init(cert->derIssuer.data, cert->derIssuer.len) != Success) {
+    return nullptr;
+  }
+  Input issuerPublicKey;
+  if (issuerPublicKey.Init(issuerCert->derPublicKey.data,
+                           issuerCert->derPublicKey.len) != Success) {
+    return nullptr;
+  }
+  Input serialNumber;
+  if (serialNumber.Init(cert->serialNumber.data, cert->serialNumber.len) !=
+      Success) {
+    return nullptr;
+  }
+  CertID certID(issuer, issuerPublicKey, serialNumber);
+  OCSPResponseContext context(certID, now);
+
+  mozilla::UniqueCERTCertificate signerCert;
+  if (aORT == ORTGoodOtherCA || aORT == ORTDelegatedIncluded ||
+      aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissing ||
+      aORT == ORTDelegatedMissingMultiple) {
+    signerCert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr));
+    if (!signerCert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      return nullptr;
+    }
+  }
+
+  ByteString certs[5];
+
+  if (aORT == ORTDelegatedIncluded) {
+    certs[0].assign(signerCert->derCert.data, signerCert->derCert.len);
+    context.certs = certs;
+  }
+  if (aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissingMultiple) {
+    certs[0].assign(issuerCert->derCert.data, issuerCert->derCert.len);
+    certs[1].assign(cert->derCert.data, cert->derCert.len);
+    certs[2].assign(issuerCert->derCert.data, issuerCert->derCert.len);
+    if (aORT != ORTDelegatedMissingMultiple) {
+      certs[3].assign(signerCert->derCert.data, signerCert->derCert.len);
+    }
+    context.certs = certs;
+  }
+
+  switch (aORT) {
+    case ORTMalformed:
+      context.responseStatus = 1;
+      break;
+    case ORTSrverr:
+      context.responseStatus = 2;
+      break;
+    case ORTTryLater:
+      context.responseStatus = 3;
+      break;
+    case ORTNeedsSig:
+      context.responseStatus = 5;
+      break;
+    case ORTUnauthorized:
+      context.responseStatus = 6;
+      break;
+    default:
+      // context.responseStatus is 0 in all other cases, and it has
+      // already been initialized in the constructor.
+      break;
+  }
+  if (aORT == ORTSkipResponseBytes) {
+    context.skipResponseBytes = true;
+  }
+  if (aORT == ORTExpired || aORT == ORTExpiredFreshCA ||
+      aORT == ORTRevokedOld || aORT == ORTUnknownOld) {
+    context.thisUpdate = oldNow;
+    context.nextUpdate = oldNow + Time::ONE_DAY_IN_SECONDS;
+  }
+  if (aORT == ORTLongValidityAlmostExpired) {
+    context.thisUpdate = now - (320 * Time::ONE_DAY_IN_SECONDS);
+  }
+  if (aORT == ORTAncientAlmostExpired) {
+    context.thisUpdate = now - (640 * Time::ONE_DAY_IN_SECONDS);
+  }
+  if (aORT == ORTRevoked || aORT == ORTRevokedOld) {
+    context.certStatus = 1;
+  }
+  if (aORT == ORTUnknown || aORT == ORTUnknownOld) {
+    context.certStatus = 2;
+  }
+  if (aORT == ORTBadSignature) {
+    context.badSignature = true;
+  }
+  OCSPResponseExtension extension;
+  if (aORT == ORTCriticalExtension || aORT == ORTNoncriticalExtension) {
+    // python DottedOIDToCode.py --tlv
+    // some-Mozilla-OID 1.3.6.1.4.1.13769.666.666.666.1.500.9.2
+    static const uint8_t tlv_some_Mozilla_OID[] = {
+        0x06, 0x12, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xeb, 0x49, 0x85,
+        0x1a, 0x85, 0x1a, 0x85, 0x1a, 0x01, 0x83, 0x74, 0x09, 0x02};
+
+    extension.id.assign(tlv_some_Mozilla_OID, sizeof(tlv_some_Mozilla_OID));
+    extension.critical = (aORT == ORTCriticalExtension);
+    extension.value.push_back(0x05);  // tag: NULL
+    extension.value.push_back(0x00);  // length: 0
+    extension.next = nullptr;
+    context.responseExtensions = &extension;
+  }
+  if (aORT == ORTEmptyExtensions) {
+    context.includeEmptyExtensions = true;
+  }
+
+  if (!signerCert) {
+    signerCert.reset(CERT_DupCertificate(issuerCert.get()));
+  }
+  context.signerKeyPair.reset(CreateTestKeyPairFromCert(signerCert));
+  if (!context.signerKeyPair) {
+    PrintPRError("PK11_FindKeyByAnyCert failed");
+    return nullptr;
+  }
+
+  ByteString response(CreateEncodedOCSPResponse(context));
+  if (ENCODING_FAILED(response)) {
+    PrintPRError("CreateEncodedOCSPResponse failed");
+    return nullptr;
+  }
+
+  SECItem item = {siBuffer, const_cast<uint8_t*>(response.data()),
+                  static_cast<unsigned int>(response.length())};
+  SECItemArray arr = {&item, 1};
+  return SECITEM_DupArray(aArena.get(), &arr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
new file mode 100644
index 0000000000..c72eae6a8e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Implements generating OCSP responses of various types. Used by the
+// programs in tlsserver/cmd.
+
+#ifndef OCSPCommon_h
+#define OCSPCommon_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "seccomon.h"
+
+enum OCSPResponseType {
+  ORTNull = 0,
+  ORTGood,               // the certificate is good
+  ORTRevoked,            // the certificate has been revoked
+  ORTRevokedOld,         // same, but the response is old
+  ORTUnknown,            // the responder doesn't know if the cert is good
+  ORTUnknownOld,         // same, but the response is old
+  ORTGoodOtherCert,      // the response references a different certificate
+  ORTGoodOtherCA,        // the wrong CA has signed the response
+  ORTExpired,            // the signature on the response has expired
+  ORTExpiredFreshCA,     // fresh signature, but old validity period
+  ORTNone,               // no stapled response
+  ORTEmpty,              // an empty stapled response
+  ORTMalformed,          // the response from the responder was malformed
+  ORTSrverr,             // the response indicates there was a server error
+  ORTTryLater,           // the responder replied with "try again later"
+  ORTNeedsSig,           // the response needs a signature
+  ORTUnauthorized,       // the responder is not authorized for this certificate
+  ORTBadSignature,       // the response has a signature that does not verify
+  ORTSkipResponseBytes,  // the response does not include responseBytes
+  ORTCriticalExtension,  // the response includes a critical extension
+  ORTNoncriticalExtension,  // the response includes an extension that is not
+                            // critical
+  ORTEmptyExtensions,  // the response includes a SEQUENCE OF Extension that is
+                       // empty
+  ORTDelegatedIncluded,      // the response is signed by an included delegated
+                             // responder
+  ORTDelegatedIncludedLast,  // same, but multiple other certificates are
+                             // included
+  ORTDelegatedMissing,  // the response is signed by a not included delegated
+                        // responder
+  ORTDelegatedMissingMultiple,   // same, but multiple other certificates are
+                                 // included
+  ORTLongValidityAlmostExpired,  // a good response, but that was generated a
+                                 // almost a year ago
+  ORTAncientAlmostExpired,  // a good response, with a validity of almost two
+                            // years almost expiring
+};
+
+struct OCSPHost {
+  const char* mHostName;
+  OCSPResponseType mORT;
+  const char* mAdditionalCertName;  // useful for ORTGoodOtherCert, etc.
+  const char* mServerCertName;
+};
+
+SECItemArray* GetOCSPResponseForType(
+    OCSPResponseType aORT, const mozilla::UniqueCERTCertificate& aCert,
+    const mozilla::UniquePLArenaPool& aArena, const char* aAdditionalCertName,
+    time_t aThisUpdateSkew);
+
+#endif  // OCSPCommon_h
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
new file mode 100644
index 0000000000..401b982346
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
@@ -0,0 +1,692 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "TLSServer.h"
+
+#include <stdio.h>
+#include <string>
+#include <thread>
+#include <vector>
+#include <fstream>
+#include <iostream>
+#ifdef XP_WIN
+#  include <windows.h>
+#else
+#  include <unistd.h>
+#endif
+
+#include <utility>
+
+#include "base64.h"
+#include "mozilla/Sprintf.h"
+#include "nspr.h"
+#include "nss.h"
+#include "plarenas.h"
+#include "prenv.h"
+#include "prerror.h"
+#include "prnetdb.h"
+#include "prtime.h"
+#include "ssl.h"
+#include "sslexp.h"
+#include "sslproto.h"
+
+namespace mozilla {
+namespace test {
+
+static const uint16_t LISTEN_PORT = 8443;
+
+SSLAntiReplayContext* antiReplay = nullptr;
+
+DebugLevel gDebugLevel = DEBUG_ERRORS;
+uint16_t gCallbackPort = 0;
+
+const std::string kPEMBegin = "-----BEGIN ";
+const std::string kPEMEnd = "-----END ";
+const char DEFAULT_CERT_NICKNAME[] = "default-ee";
+
+struct Connection {
+  PRFileDesc* mSocket;
+  char mByte;
+
+  explicit Connection(PRFileDesc* aSocket);
+  ~Connection();
+};
+
+Connection::Connection(PRFileDesc* aSocket) : mSocket(aSocket), mByte(0) {}
+
+Connection::~Connection() {
+  if (mSocket) {
+    PR_Close(mSocket);
+  }
+}
+
+void PrintPRError(const char* aPrefix) {
+  const char* err = PR_ErrorToName(PR_GetError());
+  if (err) {
+    if (gDebugLevel >= DEBUG_ERRORS) {
+      fprintf(stderr, "%s: %s\n", aPrefix, err);
+    }
+  } else {
+    if (gDebugLevel >= DEBUG_ERRORS) {
+      fprintf(stderr, "%s\n", aPrefix);
+    }
+  }
+}
+
+// This decodes a PEM file into `item`. The line endings need to be
+// UNIX-style, or there will be cross-platform issues.
+static bool DecodePEMFile(const std::string& filename, SECItem* item) {
+  std::ifstream in(filename);
+  if (in.bad()) {
+    return false;
+  }
+
+  char buf[1024];
+  in.getline(buf, sizeof(buf));
+  if (in.bad()) {
+    return false;
+  }
+
+  if (strncmp(buf, kPEMBegin.c_str(), kPEMBegin.size()) != 0) {
+    return false;
+  }
+
+  std::string value;
+  for (;;) {
+    in.getline(buf, sizeof(buf));
+    if (in.bad()) {
+      return false;
+    }
+
+    if (strncmp(buf, kPEMEnd.c_str(), kPEMEnd.size()) == 0) {
+      break;
+    }
+
+    value += buf;
+  }
+
+  unsigned int binLength;
+  UniquePORTString bin(BitwiseCast<char*, unsigned char*>(
+      ATOB_AsciiToData(value.c_str(), &binLength)));
+  if (!bin || binLength == 0) {
+    PrintPRError("ATOB_AsciiToData failed");
+    return false;
+  }
+
+  if (SECITEM_AllocItem(nullptr, item, binLength) == nullptr) {
+    return false;
+  }
+
+  PORT_Memcpy(item->data, bin.get(), binLength);
+  return true;
+}
+
+static SECStatus AddKeyFromFile(const std::string& path,
+                                const std::string& filename) {
+  ScopedAutoSECItem item;
+
+  std::string file = path + "/" + filename;
+  if (!DecodePEMFile(file, &item)) {
+    return SECFailure;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+
+  if (PK11_NeedUserInit(slot.get())) {
+    if (PK11_InitPin(slot.get(), nullptr, nullptr) != SECSuccess) {
+      PrintPRError("PK11_InitPin failed");
+      return SECFailure;
+    }
+  }
+
+  SECKEYPrivateKey* privateKey = nullptr;
+  SECItem nick = {siBuffer,
+                  BitwiseCast<unsigned char*, const char*>(filename.data()),
+                  static_cast<unsigned int>(filename.size())};
+  if (PK11_ImportDERPrivateKeyInfoAndReturnKey(
+          slot.get(), &item, &nick, nullptr, true, false, KU_ALL, &privateKey,
+          nullptr) != SECSuccess) {
+    PrintPRError("PK11_ImportDERPrivateKeyInfoAndReturnKey failed");
+    return SECFailure;
+  }
+
+  SECKEY_DestroyPrivateKey(privateKey);
+  return SECSuccess;
+}
+
+static SECStatus AddCertificateFromFile(const std::string& path,
+                                        const std::string& filename) {
+  ScopedAutoSECItem item;
+
+  std::string file = path + "/" + filename;
+  if (!DecodePEMFile(file, &item)) {
+    return SECFailure;
+  }
+
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &item, nullptr, false, true));
+  if (!cert) {
+    PrintPRError("CERT_NewTempCertificate failed");
+    return SECFailure;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  // The nickname is the filename without '.pem'.
+  std::string nickname = filename.substr(0, filename.length() - 4);
+  SECStatus rv = PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE,
+                                 nickname.c_str(), false);
+  if (rv != SECSuccess) {
+    PrintPRError("PK11_ImportCert failed");
+    return rv;
+  }
+
+  return SECSuccess;
+}
+
+SECStatus LoadCertificatesAndKeys(const char* basePath) {
+  // The NSS cert DB path could have been specified as "sql:path". Trim off
+  // the leading "sql:" if so.
+  if (strncmp(basePath, "sql:", 4) == 0) {
+    basePath = basePath + 4;
+  }
+
+  UniquePRDir fdDir(PR_OpenDir(basePath));
+  if (!fdDir) {
+    PrintPRError("PR_OpenDir failed");
+    return SECFailure;
+  }
+  // On the B2G ICS emulator, operations taken in AddCertificateFromFile
+  // appear to interact poorly with readdir (more specifically, something is
+  // causing readdir to never return null - it indefinitely loops through every
+  // file in the directory, which causes timeouts). Rather than waste more time
+  // chasing this down, loading certificates and keys happens in two phases:
+  // filename collection and then loading. (This is probably a good
+  // idea anyway because readdir isn't reentrant. Something could change later
+  // such that it gets called as a result of calling AddCertificateFromFile or
+  // AddKeyFromFile.)
+  std::vector<std::string> certificates;
+  std::vector<std::string> keys;
+  for (PRDirEntry* dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH); dirEntry;
+       dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH)) {
+    size_t nameLength = strlen(dirEntry->name);
+    if (nameLength > 4) {
+      if (strncmp(dirEntry->name + nameLength - 4, ".pem", 4) == 0) {
+        certificates.push_back(dirEntry->name);
+      } else if (strncmp(dirEntry->name + nameLength - 4, ".key", 4) == 0) {
+        keys.push_back(dirEntry->name);
+      }
+    }
+  }
+  SECStatus rv;
+  for (std::string& certificate : certificates) {
+    rv = AddCertificateFromFile(basePath, certificate.c_str());
+    if (rv != SECSuccess) {
+      return rv;
+    }
+  }
+  for (std::string& key : keys) {
+    rv = AddKeyFromFile(basePath, key.c_str());
+    if (rv != SECSuccess) {
+      return rv;
+    }
+  }
+  return SECSuccess;
+}
+
+SECStatus InitializeNSS(const char* nssCertDBDir) {
+  // Try initializing an existing DB.
+  if (NSS_Init(nssCertDBDir) == SECSuccess) {
+    return SECSuccess;
+  }
+
+  // Create a new DB if there is none...
+  SECStatus rv = NSS_Initialize(nssCertDBDir, nullptr, nullptr, nullptr, 0);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+
+  // ...and load all certificates into it.
+  return LoadCertificatesAndKeys(nssCertDBDir);
+}
+
+nsresult SendAll(PRFileDesc* aSocket, const char* aData, size_t aDataLen) {
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "sending '%s'\n", aData);
+  }
+
+  while (aDataLen > 0) {
+    int32_t bytesSent =
+        PR_Send(aSocket, aData, aDataLen, 0, PR_INTERVAL_NO_TIMEOUT);
+    if (bytesSent == -1) {
+      PrintPRError("PR_Send failed");
+      return NS_ERROR_FAILURE;
+    }
+
+    aDataLen -= bytesSent;
+    aData += bytesSent;
+  }
+
+  return NS_OK;
+}
+
+nsresult ReplyToRequest(Connection* aConn) {
+  // For debugging purposes, SendAll can print out what it's sending.
+  // So, any strings we give to it to send need to be null-terminated.
+  char buf[2] = {aConn->mByte, 0};
+  return SendAll(aConn->mSocket, buf, 1);
+}
+
+nsresult SetupTLS(Connection* aConn, PRFileDesc* aModelSocket) {
+  PRFileDesc* sslSocket = SSL_ImportFD(aModelSocket, aConn->mSocket);
+  if (!sslSocket) {
+    PrintPRError("SSL_ImportFD failed");
+    return NS_ERROR_FAILURE;
+  }
+  aConn->mSocket = sslSocket;
+
+  /* anti-replay must be configured to accept 0RTT */
+  if (antiReplay) {
+    SECStatus rv = SSL_SetAntiReplayContext(sslSocket, antiReplay);
+    if (rv != SECSuccess) {
+      PrintPRError("error configuring anti-replay ");
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  SSL_OptionSet(sslSocket, SSL_SECURITY, true);
+  SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, false);
+  SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, true);
+  // Unconditionally enabling 0RTT makes test_session_resumption.js fail
+  SSL_OptionSet(sslSocket, SSL_ENABLE_0RTT_DATA,
+                !!PR_GetEnv("MOZ_TLS_SERVER_0RTT"));
+
+  SSL_ResetHandshake(sslSocket, /* asServer */ 1);
+
+  return NS_OK;
+}
+
+nsresult ReadRequest(Connection* aConn) {
+  int32_t bytesRead =
+      PR_Recv(aConn->mSocket, &aConn->mByte, 1, 0, PR_INTERVAL_NO_TIMEOUT);
+  if (bytesRead < 0) {
+    PrintPRError("PR_Recv failed");
+    return NS_ERROR_FAILURE;
+  } else if (bytesRead == 0) {
+    PR_SetError(PR_IO_ERROR, 0);
+    PrintPRError("PR_Recv EOF in ReadRequest");
+    return NS_ERROR_FAILURE;
+  } else {
+    if (gDebugLevel >= DEBUG_VERBOSE) {
+      fprintf(stderr, "read '0x%hhx'\n", aConn->mByte);
+    }
+  }
+  return NS_OK;
+}
+
+void HandleConnection(PRFileDesc* aSocket,
+                      const UniquePRFileDesc& aModelSocket) {
+  Connection conn(aSocket);
+  nsresult rv = SetupTLS(&conn, aModelSocket.get());
+  if (NS_FAILED(rv)) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    PrintPRError("PR_Recv failed");
+    exit(1);
+  }
+
+  // TODO: On tests that are expected to fail (e.g. due to a revoked
+  // certificate), the client will close the connection wtihout sending us the
+  // request byte. In those cases, we should keep going. But, in the cases
+  // where the connection is supposed to suceed, we should verify that we
+  // successfully receive the request and send the response.
+  rv = ReadRequest(&conn);
+  if (NS_SUCCEEDED(rv)) {
+    rv = ReplyToRequest(&conn);
+  }
+}
+
+// returns 0 on success, non-zero on error
+int DoCallback() {
+  UniquePRFileDesc socket(PR_NewTCPSocket());
+  if (!socket) {
+    PrintPRError("PR_NewTCPSocket failed");
+    return 1;
+  }
+
+  PRNetAddr addr;
+  PR_InitializeNetAddr(PR_IpAddrLoopback, gCallbackPort, &addr);
+  if (PR_Connect(socket.get(), &addr, PR_INTERVAL_NO_TIMEOUT) != PR_SUCCESS) {
+    PrintPRError("PR_Connect failed");
+    return 1;
+  }
+
+  const char* request = "GET / HTTP/1.0\r\n\r\n";
+  SendAll(socket.get(), request, strlen(request));
+  char buf[4096];
+  memset(buf, 0, sizeof(buf));
+  int32_t bytesRead =
+      PR_Recv(socket.get(), buf, sizeof(buf) - 1, 0, PR_INTERVAL_NO_TIMEOUT);
+  if (bytesRead < 0) {
+    PrintPRError("PR_Recv failed 1");
+    return 1;
+  }
+  if (bytesRead == 0) {
+    fprintf(stderr, "PR_Recv eof 1\n");
+    return 1;
+  }
+  fprintf(stderr, "%s\n", buf);
+  return 0;
+}
+
+SECStatus ConfigSecureServerWithNamedCert(
+    PRFileDesc* fd, const char* certName,
+    /*optional*/ UniqueCERTCertificate* certOut,
+    /*optional*/ SSLKEAType* keaOut,
+    /*optional*/ SSLExtraServerCertData* extraData) {
+  UniqueCERTCertificate cert(PK11_FindCertFromNickname(certName, nullptr));
+  if (!cert) {
+    PrintPRError("PK11_FindCertFromNickname failed");
+    return SECFailure;
+  }
+  // If an intermediate certificate issued the server certificate (rather than
+  // directly by a trust anchor), we want to send it along in the handshake so
+  // we don't encounter unknown issuer errors when that's not what we're
+  // testing.
+  UniqueCERTCertificateList certList;
+  UniqueCERTCertificate issuerCert(
+      CERT_FindCertByName(CERT_GetDefaultCertDB(), &cert->derIssuer));
+  // If we can't find the issuer cert, continue without it.
+  if (issuerCert) {
+    // Sadly, CERTCertificateList does not have a CERT_NewCertificateList
+    // utility function, so we must create it ourselves. This consists
+    // of creating an arena, allocating space for the CERTCertificateList,
+    // and then transferring ownership of the arena to that list.
+    UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+    if (!arena) {
+      PrintPRError("PORT_NewArena failed");
+      return SECFailure;
+    }
+    certList.reset(static_cast<CERTCertificateList*>(
+        PORT_ArenaAlloc(arena.get(), sizeof(CERTCertificateList))));
+    if (!certList) {
+      PrintPRError("PORT_ArenaAlloc failed");
+      return SECFailure;
+    }
+    certList->arena = arena.release();
+    // We also have to manually copy the certificates we care about to the
+    // list, because there aren't any utility functions for that either.
+    certList->certs = static_cast<SECItem*>(
+        PORT_ArenaAlloc(certList->arena, 2 * sizeof(SECItem)));
+    if (SECITEM_CopyItem(certList->arena, certList->certs, &cert->derCert) !=
+        SECSuccess) {
+      PrintPRError("SECITEM_CopyItem failed");
+      return SECFailure;
+    }
+    if (SECITEM_CopyItem(certList->arena, certList->certs + 1,
+                         &issuerCert->derCert) != SECSuccess) {
+      PrintPRError("SECITEM_CopyItem failed");
+      return SECFailure;
+    }
+    certList->len = 2;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  UniqueSECKEYPrivateKey key(
+      PK11_FindKeyByDERCert(slot.get(), cert.get(), nullptr));
+  if (!key) {
+    PrintPRError("PK11_FindKeyByDERCert failed");
+    return SECFailure;
+  }
+
+  if (extraData) {
+    SSLExtraServerCertData dataCopy = {ssl_auth_null, nullptr, nullptr,
+                                       nullptr,       nullptr, nullptr};
+    memcpy(&dataCopy, extraData, sizeof(dataCopy));
+    dataCopy.certChain = certList.get();
+
+    if (SSL_ConfigServerCert(fd, cert.get(), key.get(), &dataCopy,
+                             sizeof(dataCopy)) != SECSuccess) {
+      PrintPRError("SSL_ConfigServerCert failed");
+      return SECFailure;
+    }
+
+  } else {
+    // This is the deprecated setup mechanism, to be cleaned up in Bug 1569222
+    SSLKEAType certKEA = NSS_FindCertKEAType(cert.get());
+    if (SSL_ConfigSecureServerWithCertChain(fd, cert.get(), certList.get(),
+                                            key.get(), certKEA) != SECSuccess) {
+      PrintPRError("SSL_ConfigSecureServer failed");
+      return SECFailure;
+    }
+
+    if (keaOut) {
+      *keaOut = certKEA;
+    }
+  }
+
+  if (certOut) {
+    *certOut = std::move(cert);
+  }
+
+  SSL_OptionSet(fd, SSL_NO_CACHE, false);
+  SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, true);
+  // Unconditionally enabling 0RTT makes test_session_resumption.js fail
+  SSL_OptionSet(fd, SSL_ENABLE_0RTT_DATA, !!PR_GetEnv("MOZ_TLS_SERVER_0RTT"));
+
+  return SECSuccess;
+}
+
+#ifdef XP_WIN
+using PidType = DWORD;
+constexpr bool IsValidPid(long long pid) {
+  // Excluding `(DWORD)-1` because it is not a valid process ID.
+  // See https://devblogs.microsoft.com/oldnewthing/20040223-00/?p=40503
+  return pid > 0 && pid < std::numeric_limits<PidType>::max();
+}
+#else
+using PidType = pid_t;
+constexpr bool IsValidPid(long long pid) {
+  return pid > 0 && pid <= std::numeric_limits<PidType>::max();
+}
+#endif
+
+PidType ConvertPid(const char* pidStr) {
+  long long pid = strtoll(pidStr, nullptr, 10);
+  if (!IsValidPid(pid)) {
+    return 0;
+  }
+  return static_cast<PidType>(pid);
+}
+
+int StartServer(int argc, char* argv[], SSLSNISocketConfig sniSocketConfig,
+                void* sniSocketConfigArg, ServerConfigFunc configFunc) {
+  if (argc != 3) {
+    fprintf(stderr, "usage: %s <NSS DB directory> <ppid>\n", argv[0]);
+    return 1;
+  }
+  const char* nssCertDBDir = argv[1];
+  PidType ppid = ConvertPid(argv[2]);
+
+  const char* debugLevel = PR_GetEnv("MOZ_TLS_SERVER_DEBUG_LEVEL");
+  if (debugLevel) {
+    int level = atoi(debugLevel);
+    switch (level) {
+      case DEBUG_ERRORS:
+        gDebugLevel = DEBUG_ERRORS;
+        break;
+      case DEBUG_WARNINGS:
+        gDebugLevel = DEBUG_WARNINGS;
+        break;
+      case DEBUG_VERBOSE:
+        gDebugLevel = DEBUG_VERBOSE;
+        break;
+      default:
+        PrintPRError("invalid MOZ_TLS_SERVER_DEBUG_LEVEL");
+        return 1;
+    }
+  }
+
+  const char* callbackPort = PR_GetEnv("MOZ_TLS_SERVER_CALLBACK_PORT");
+  if (callbackPort) {
+    gCallbackPort = atoi(callbackPort);
+  }
+
+  if (InitializeNSS(nssCertDBDir) != SECSuccess) {
+    PR_fprintf(PR_STDERR, "InitializeNSS failed");
+    return 1;
+  }
+
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    PrintPRError("NSS_SetDomesticPolicy failed");
+    return 1;
+  }
+
+  if (SSL_ConfigServerSessionIDCache(0, 0, 0, nullptr) != SECSuccess) {
+    PrintPRError("SSL_ConfigServerSessionIDCache failed");
+    return 1;
+  }
+
+  UniquePRFileDesc serverSocket(PR_NewTCPSocket());
+  if (!serverSocket) {
+    PrintPRError("PR_NewTCPSocket failed");
+    return 1;
+  }
+
+  PRSocketOptionData socketOption;
+  socketOption.option = PR_SockOpt_Reuseaddr;
+  socketOption.value.reuse_addr = true;
+  PR_SetSocketOption(serverSocket.get(), &socketOption);
+
+  PRNetAddr serverAddr;
+  PR_InitializeNetAddr(PR_IpAddrLoopback, LISTEN_PORT, &serverAddr);
+  if (PR_Bind(serverSocket.get(), &serverAddr) != PR_SUCCESS) {
+    PrintPRError("PR_Bind failed");
+    return 1;
+  }
+
+  if (PR_Listen(serverSocket.get(), 1) != PR_SUCCESS) {
+    PrintPRError("PR_Listen failed");
+    return 1;
+  }
+
+  UniquePRFileDesc rawModelSocket(PR_NewTCPSocket());
+  if (!rawModelSocket) {
+    PrintPRError("PR_NewTCPSocket failed for rawModelSocket");
+    return 1;
+  }
+
+  UniquePRFileDesc modelSocket(SSL_ImportFD(nullptr, rawModelSocket.release()));
+  if (!modelSocket) {
+    PrintPRError("SSL_ImportFD of rawModelSocket failed");
+    return 1;
+  }
+
+  SSLVersionRange range = {0, 0};
+  if (SSL_VersionRangeGet(modelSocket.get(), &range) != SECSuccess) {
+    PrintPRError("SSL_VersionRangeGet failed");
+    return 1;
+  }
+
+  if (range.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+    range.max = SSL_LIBRARY_VERSION_TLS_1_3;
+    if (SSL_VersionRangeSet(modelSocket.get(), &range) != SECSuccess) {
+      PrintPRError("SSL_VersionRangeSet failed");
+      return 1;
+    }
+  }
+
+  if (PR_GetEnv("MOZ_TLS_SERVER_0RTT")) {
+    if (SSL_CreateAntiReplayContext(PR_Now(), 1L * PR_USEC_PER_SEC, 7, 14,
+                                    &antiReplay) != SECSuccess) {
+      PrintPRError("Unable to create anti-replay context for 0-RTT.");
+      return 1;
+    }
+  }
+
+  if (SSL_SNISocketConfigHook(modelSocket.get(), sniSocketConfig,
+                              sniSocketConfigArg) != SECSuccess) {
+    PrintPRError("SSL_SNISocketConfigHook failed");
+    return 1;
+  }
+
+  // We have to configure the server with a certificate, but it's not one
+  // we're actually going to end up using. In the SNI callback, we pick
+  // the right certificate for the connection.
+  //
+  // Provide an empty |extra_data| to force config via SSL_ConfigServerCert.
+  // This is a temporary mechanism to work around inconsistent setting of
+  // |authType| in the deprecated API (preventing the default cert from
+  // being removed in favor of the SNI-selected cert). This may be removed
+  // after Bug 1569222 removes the deprecated mechanism.
+  SSLExtraServerCertData extra_data = {ssl_auth_null, nullptr, nullptr,
+                                       nullptr,       nullptr, nullptr};
+  if (ConfigSecureServerWithNamedCert(modelSocket.get(), DEFAULT_CERT_NICKNAME,
+                                      nullptr, nullptr,
+                                      &extra_data) != SECSuccess) {
+    return 1;
+  }
+
+  // Call back to implementation-defined configuration func, if provided.
+  if (configFunc) {
+    if (((configFunc)(modelSocket.get())) != SECSuccess) {
+      PrintPRError("configFunc failed");
+      return 1;
+    }
+  }
+
+  if (gCallbackPort != 0) {
+    if (DoCallback()) {
+      return 1;
+    }
+  }
+
+  std::thread([ppid] {
+    if (!ppid) {
+      if (gDebugLevel >= DEBUG_ERRORS) {
+        fprintf(stderr, "invalid ppid\n");
+      }
+      return;
+    }
+#ifdef XP_WIN
+    HANDLE parent = OpenProcess(SYNCHRONIZE, false, ppid);
+    if (!parent) {
+      if (gDebugLevel >= DEBUG_ERRORS) {
+        fprintf(stderr, "OpenProcess failed\n");
+      }
+      return;
+    }
+    WaitForSingleObject(parent, INFINITE);
+    CloseHandle(parent);
+#else
+    while (getppid() == ppid) {
+      sleep(1);
+    }
+#endif
+    if (gDebugLevel >= DEBUG_ERRORS) {
+      fprintf(stderr, "Parent process crashed\n");
+    }
+    exit(1);
+  }).detach();
+
+  while (true) {
+    PRNetAddr clientAddr;
+    PRFileDesc* clientSocket =
+        PR_Accept(serverSocket.get(), &clientAddr, PR_INTERVAL_NO_TIMEOUT);
+    HandleConnection(clientSocket, modelSocket);
+  }
+}
+
+}  // namespace test
+}  // namespace mozilla
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
new file mode 100644
index 0000000000..3927b3e541
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
@@ -0,0 +1,93 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef TLSServer_h
+#define TLSServer_h
+
+// This is a standalone server for testing SSL features of Gecko.
+// The client is expected to connect and initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to). If all is good, the client then
+// sends one encrypted byte and receives that same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdint.h>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "prio.h"
+#include "secerr.h"
+#include "ssl.h"
+
+namespace mozilla {
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRDir, PRDir, PR_CloseDir);
+
+}  // namespace mozilla
+
+namespace mozilla {
+namespace test {
+
+typedef SECStatus (*ServerConfigFunc)(PRFileDesc* fd);
+
+enum DebugLevel { DEBUG_ERRORS = 1, DEBUG_WARNINGS = 2, DEBUG_VERBOSE = 3 };
+
+extern DebugLevel gDebugLevel;
+
+void PrintPRError(const char* aPrefix);
+
+// The default certificate is trusted for localhost and *.example.com
+extern const char DEFAULT_CERT_NICKNAME[];
+
+// ConfigSecureServerWithNamedCert sets up the hostname name provided. If the
+// extraData parameter is presented, extraData->certChain will be automatically
+// filled in using database information.
+// Pass DEFAULT_CERT_NICKNAME as certName unless you need a specific
+// certificate.
+SECStatus ConfigSecureServerWithNamedCert(
+    PRFileDesc* fd, const char* certName,
+    /*optional*/ UniqueCERTCertificate* cert,
+    /*optional*/ SSLKEAType* kea,
+    /*optional*/ SSLExtraServerCertData* extraData);
+
+SECStatus InitializeNSS(const char* nssCertDBDir);
+
+// StartServer initializes NSS, sockets, the SNI callback, and a default
+// certificate. configFunc (optional) is a pointer to an implementation-
+// defined configuration function, which is called on the model socket
+// prior to handling any connections.
+int StartServer(int argc, char* argv[], SSLSNISocketConfig sniSocketConfig,
+                void* sniSocketConfigArg,
+                ServerConfigFunc configFunc = nullptr);
+
+template <typename Host>
+inline const Host* GetHostForSNI(const SECItem* aSrvNameArr,
+                                 uint32_t aSrvNameArrSize, const Host* hosts) {
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    for (const Host* host = hosts; host->mHostName; ++host) {
+      SECItem hostName;
+      hostName.data = BitwiseCast<unsigned char*, const char*>(host->mHostName);
+      hostName.len = strlen(host->mHostName);
+      if (SECITEM_ItemsAreEqual(&hostName, &aSrvNameArr[i])) {
+        if (gDebugLevel >= DEBUG_VERBOSE) {
+          fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+        }
+        return host;
+      }
+    }
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "could not find host info from SNI\n");
+  }
+
+  PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+  return nullptr;
+}
+
+}  // namespace test
+}  // namespace mozilla
+
+#endif  // TLSServer_h
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/moz.build b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
new file mode 100644
index 0000000000..54820f9b52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
@@ -0,0 +1,48 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+UNIFIED_SOURCES += [
+    "OCSPCommon.cpp",
+    "TLSServer.cpp",
+]
+
+USE_LIBS += [
+    "mozpkix-testlib",
+]
+
+if not CONFIG["MOZ_SYSTEM_NSS"]:
+    # Bug 1805371: The FaultyServer binary added in Bug 1754746 needs to
+    # be statically linked against NSS, but the configuration here breaks
+    # builds with system NSS. A complete solution involves some changes
+    # to the NSS build system. For now we're disabling FaultyServer when
+    # using system NSS and linking the rest of the tests dynamically.
+    DEFINES["NSS_USE_STATIC_LIBS"] = True
+
+    USE_LIBS += [
+        "certdb",
+        "certhi",
+        "cryptohi",
+        "freebl",
+        "mozpkix",
+        "mozpkix-testlib",
+        "nspr",
+        "nss_static",
+        "nssb",
+        "nssdev",
+        "nsspki",
+        "pk11wrap",
+        "smime",
+        "softokn3",
+        "sqlite",
+        "ssl",
+    ]
+
+    if CONFIG["MOZ_FOLD_LIBS"]:
+        USE_LIBS += ["nssutil"]
+    else:
+        USE_LIBS += ["nssutil3"]
+
+Library("tlsserver")
diff --git a/security/manager/ssl/tests/unit/tlsserver/moz.build b/security/manager/ssl/tests/unit/tlsserver/moz.build
new file mode 100644
index 0000000000..1488352914
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/moz.build
@@ -0,0 +1,8 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# lib must be first, because cmd depends on its output
+DIRS += ["lib", "cmd"]
diff --git a/security/manager/ssl/tests/unit/xpcshell-smartcards.ini b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini
new file mode 100644
index 0000000000..0a240f3e59
--- /dev/null
+++ b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini
@@ -0,0 +1,17 @@
+[DEFAULT]
+head = head_psm.js
+tail =
+tags = psm
+skip-if = toolkit == 'android'
+support-files =
+
+[test_osclientcerts_module.js]
+skip-if =
+  os == "linux"
+  os == "android"
+[test_pkcs11_module.js]
+[test_pkcs11_moduleDB.js]
+[test_pkcs11_safe_mode.js]
+[test_pkcs11_slot.js]
+[test_pkcs11_token.js]
+[test_pkcs11_tokenDB.js]
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini
new file mode 100644
index 0000000000..f559d83a73
--- /dev/null
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -0,0 +1,242 @@
+[DEFAULT]
+head = head_psm.js
+tags = psm condprof
+firefox-appdir = browser
+skip-if = os == 'win' && msix # https://bugzilla.mozilla.org/show_bug.cgi?id=1809477
+support-files =
+  corrupted_crlite_helper.js
+  bad_certs/**
+  ocsp_certs/**
+  test_baseline_requirements/**
+  test_broken_fips/**
+  test_cert_eku/**
+  test_cert_embedded_null/**
+  test_cert_isBuiltInRoot_reload/**
+  test_cert_keyUsage/**
+  test_cert_overrides_read_only/**
+  test_cert_sha1/**
+  test_cert_signatures/**
+  test_cert_storage_direct/**
+  test_cert_storage_preexisting/**
+  test_cert_storage_preexisting_crlite/**
+  test_cert_trust/**
+  test_cert_utf8/**
+  test_cert_version/**
+  test_certDB_import/**
+  test_client_auth_remember_service/**
+  test_content_signing/**
+  test_crlite_filters/**
+  test_crlite_preexisting/**
+  test_crlite_corrupted/**
+  test_ct/**
+  test_delegated_credentials/**
+  test_encrypted_client_hello/**
+  test_ev_certs/**
+  test_faulty_server/**
+  test_intermediate_basic_usage_constraints/**
+  test_intermediate_preloads/**
+  test_keysize/**
+  test_keysize_ev/**
+  test_missing_intermediate/**
+  test_name_constraints/**
+  test_ocsp_url/**
+  test_onecrl/**
+  test_sanctions/**
+  test_sdr_preexisting/**
+  test_sdr_preexisting_with_password/**
+  test_self_signed_certs/**
+  test_signed_apps/**
+  test_validity/**
+  tlsserver/**
+
+[test_add_preexisting_cert.js]
+[test_baseline_requirements_subject_common_name.js]
+[test_blocklist_onecrl.js]
+# Skip signature tests for Thunderbird (Bug 1341983).
+skip-if = appname == "thunderbird"
+tags = remote-settings blocklist psm
+[test_broken_fips.js]
+# FIPS has never been a thing on Android, so the workaround doesn't
+# exist on that platform.
+# FIPS still works on Linux, so this test doesn't make any sense there.
+# FIPS still works on Windows, but running the test to ensure that it does not
+# break with a non-ASCII profile path.
+skip-if = toolkit == 'android' || os == 'linux'
+[test_cert_storage.js]
+tags = addons psm blocklist
+[test_cert_storage_broken_db.js]
+[test_cert_storage_direct.js]
+[test_cert_storage_preexisting.js]
+[test_cert_storage_preexisting_crlite.js]
+# This test cannot succeed on 32-bit platforms. See bugs 1546361 and 1548956.
+skip-if = bits != 64
+[test_cert_chains.js]
+run-sequentially = hardcoded ports
+[test_cert_dbKey.js]
+[test_cert_eku.js]
+[test_cert_embedded_null.js]
+[test_cert_expiration_canary.js]
+run-if = nightly_build
+[test_cert_keyUsage.js]
+[test_cert_isBuiltInRoot.js]
+[test_cert_isBuiltInRoot_reload.js]
+[test_cert_overrides.js]
+run-sequentially = hardcoded ports
+[test_cert_overrides_read_only.js]
+run-sequentially = hardcoded ports
+[test_cert_override_read.js]
+[test_cert_sha1.js]
+[test_cert_signatures.js]
+[test_cert_trust.js]
+[test_cert_version.js]
+[test_cert_utf8.js]
+[test_certDB_export_pkcs12.js]
+[test_certDB_export_pkcs12_with_primary_password.js]
+[test_certDB_import.js]
+# nsCertificateDialogs not available in geckoview, bug 1554276
+skip-if = toolkit == 'android' && processor == 'x86_64'
+[test_certDB_import_pkcs12.js]
+[test_certDB_import_with_primary_password.js]
+# nsCertificateDialogs not available in geckoview, bug 1554276
+skip-if = toolkit == 'android' && processor == 'x86_64'
+[test_client_auth_remember_service_read.js]
+[test_constructX509FromBase64.js]
+[test_content_signing.js]
+[test_crlite_filters.js]
+tags = remote-settings psm
+[test_crlite_preexisting.js]
+[test_crlite_filter_corrupted.js]
+[test_crlite_stash_corrupted.js]
+[test_crlite_enrollment_version.js]
+[test_crlite_enrollment_trunc1.js]
+[test_crlite_coverage_version.js]
+[test_crlite_coverage_trunc1.js]
+[test_crlite_coverage_trunc2.js]
+[test_crlite_coverage_trunc3.js]
+[test_crlite_coverage_missing.js]
+[test_ct.js]
+# Requires hard-coded debug-only data
+skip-if = !debug
+run-sequentially = hardcoded ports
+[test_db_format_pref_new.js]
+# Android always has and always will use the new format, so
+# this test doesn't apply.
+skip-if = toolkit == 'android'
+  condprof  # Bug 1769154 - as designed
+[test_delegated_credentials.js]
+run-sequentially = hardcoded ports
+[test_encrypted_client_hello.js]
+run-sequentially = hardcoded ports
+[test_encrypted_client_hello_client_only.js]
+run-sequentially = hardcoded ports
+[test_der.js]
+[test_enterprise_roots.js]
+# This feature is implemented for Windows and OS X. However, we don't currently
+# have a way to test it on OS X.
+skip-if = os != 'win'
+[test_ev_certs.js]
+tags = blocklist psm
+run-sequentially = hardcoded ports
+[test_forget_about_site_security_headers.js]
+[test_hash_algorithms.js]
+[test_hash_algorithms_wrap.js]
+# bug 1124289 - run_test_in_child violates the sandbox on android
+skip-if = toolkit == 'android'
+[test_intermediate_basic_usage_constraints.js]
+[test_intermediate_preloads.js]
+run-sequentially = hardcoded ports
+tags = blocklist psm remote-settings
+[test_allow_all_cert_errors.js]
+run-sequentially = hardcoded ports
+[test_keysize.js]
+[test_keysize_ev.js]
+run-sequentially = hardcoded ports
+[test_logoutAndTeardown.js]
+skip-if = socketprocess_networking && os == "linux" && debug
+run-sequentially = hardcoded ports
+[test_missing_intermediate.js]
+run-sequentially = hardcoded ports
+[test_name_constraints.js]
+[test_nonascii_path.js]
+[test_nsCertType.js]
+run-sequentially = hardcoded ports
+[test_nsIX509Cert_utf8.js]
+[test_nsIX509CertValidity.js]
+[test_ocsp_caching.js]
+run-sequentially = hardcoded ports
+[test_ocsp_enabled_pref.js]
+run-sequentially = hardcoded ports
+[test_ocsp_must_staple.js]
+run-sequentially = hardcoded ports
+[test_ocsp_private_caching.js]
+run-sequentially = hardcoded ports
+skip-if = condprof  # Bug 1769154 - should look into this
+[test_ocsp_no_hsts_upgrade.js]
+run-sequentially = hardcoded ports
+[test_ocsp_required.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling_expired.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling_with_intermediate.js]
+run-sequentially = hardcoded ports
+[test_ocsp_timeout.js]
+skip-if = (os == "win" && socketprocess_networking)
+run-sequentially = hardcoded ports
+[test_ocsp_url.js]
+run-sequentially = hardcoded ports
+[test_oskeystore.js]
+skip-if = apple_silicon # bug 1729538
+[test_osreauthenticator.js]
+# Reauthentication has been implemented on Windows and MacOS, so running this
+# test results in the OS popping up a dialog, which means we can't run it in
+# automation.
+skip-if = os == 'win' || os == 'mac'
+[test_password_prompt.js]
+[test_pinning.js]
+run-sequentially = hardcoded ports
+[test_sdr.js]
+[test_sdr_preexisting.js]
+# Not relevant to Android. See the comment in the test.
+skip-if = toolkit == 'android'
+[test_sdr_preexisting_with_password.js]
+# Not relevant to Android. See the comment in the test.
+skip-if = toolkit == 'android'
+[test_self_signed_certs.js]
+[test_session_resumption.js]
+skip-if = 
+  os == "win" # Bug 1585916
+run-sequentially = hardcoded ports
+[test_signed_apps.js]
+[test_ssl_status.js]
+run-sequentially = hardcoded ports
+[test_sss_eviction.js]
+skip-if = condprof  # Bug 1769154 - as designed
+[test_sss_originAttributes.js]
+[test_sss_readstate.js]
+skip-if = condprof  # Bug 1769154 - as designed
+[test_sss_readstate_empty.js]
+skip-if = condprof  # Bug 1769154 - as designed
+[test_sss_readstate_garbage.js]
+skip-if = condprof  # Bug 1769154 - as designed
+[test_sss_readstate_huge.js]
+skip-if = condprof  # Bug 1769154 - as designed
+[test_sss_resetState.js]
+[test_sss_savestate.js]
+skip-if = condprof  # Bug 1769154 - as designed
+[test_sss_sanitizeOnShutdown.js]
+firefox-appdir = browser
+# Sanitization works differently on Android - this doesn't apply.
+# browser/modules/Sanitizer.jsm used by the test isn't available in Thunderbird.
+skip-if = toolkit == 'android' || appname == 'thunderbird'
+[test_sts_fqdn.js]
+[test_sts_ipv4_ipv6.js]
+[test_sts_parser.js]
+[test_sts_preloadlist_perwindowpb.js]
+[test_sts_preloadlist_selfdestruct.js]
+[test_sanctions_symantec_apple_google.js]
+run-sequentially = hardcoded ports
+[test_validity.js]
+run-sequentially = hardcoded ports
+[test_x509.js]
diff --git a/security/manager/tools/.eslintrc.js b/security/manager/tools/.eslintrc.js
new file mode 100644
index 0000000000..44c1d9cba6
--- /dev/null
+++ b/security/manager/tools/.eslintrc.js
@@ -0,0 +1,13 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+module.exports = {
+  globals: {
+    // JS files in this folder are commonly xpcshell scripts where |arguments|
+    // is defined in the global scope.
+    arguments: false,
+  },
+};
diff --git a/security/manager/tools/KnownRootHashes.json b/security/manager/tools/KnownRootHashes.json
new file mode 100644
index 0000000000..e939b39ca7
--- /dev/null
+++ b/security/manager/tools/KnownRootHashes.json
@@ -0,0 +1,1263 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+//
+//***************************************************************************
+// This is an automatically generated file. It's used to maintain state for
+// runs of genRootCAHashes.js; you should never need to manually edit it
+//***************************************************************************
+
+// Notes:
+// binNumber 1 used to be for "GTE_CyberTrust_Global_Root", but that root was
+// removed from the built-in roots module, so now it is used to indicate that
+// the certificate is not a built-in and was found in the softoken (cert9.db).
+
+// binNumber 2 used to be for "Thawte_Server_CA", but that root was removed from
+// the built-in roots module, so now it is used to indicate that the certificate
+// is not a built-in and was found on an external PKCS#11 token.
+
+// binNumber 3 used to be for "Thawte_Premium_Server_CA", but that root was
+// removed from the built-in roots module, so now it is used to indicate that
+// the certificate is not a built-in and was temporarily imported from the OS as
+// part of the "Enterprise Roots" feature.
+
+{
+  "roots": [
+    {
+      "label": "OU_Equifax_Secure_Certificate_Authority_O_Equifax_C_US",
+      "binNumber": 4,
+      "sha256Fingerprint": "CCl6QEfbojaAxzHbbjF2U8p4SOG+vToLAXmnB/ks8Xg="
+    },
+    {
+      "label": "OU_VeriSign_Trust_Network_OU___c__1998_VeriSign__Inc____For_authorized_use_only__OU_Class_3_Public_Primary_Certification_Authority___G2_O__VeriSign__Inc___C_US",
+      "binNumber": 5,
+      "sha256Fingerprint": "g848Eiloilk9SF+BlzwPkZVDHto3zF42Qw55x6iIY4s="
+    },
+    {
+      "label": "GlobalSign_Root_CA",
+      "binNumber": 6,
+      "sha256Fingerprint": "69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 7,
+      "sha256Fingerprint": "ykLdQXRf0LgeuQI2LPnYv3Gdob0bHvyUb1tMmfQsG54="
+    },
+    {
+      "label": "VeriSign_Class_3_Public_Primary_Certification_Authority___G3",
+      "binNumber": 8,
+      "sha256Fingerprint": "6wTPXrHzmvp2LyuxIPKWy6Ugwbl9sViVZbgcuaF7ckQ="
+    },
+    {
+      "label": "VeriSign_Class_4_Public_Primary_Certification_Authority___G3",
+      "binNumber": 9,
+      "sha256Fingerprint": "44k2DQ/brrPSUFhLRzAxTiIvOcFWoCAUTo2WBWF5FQY="
+    },
+    {
+      "label": "Entrust_net_Certification_Authority__2048_",
+      "binNumber": 10,
+      "sha256Fingerprint": "bcRxcuAcvLC/YlgNiV/iuKya1PhzgB4MELnIN9IesXc="
+    },
+    {
+      "label": "Baltimore_CyberTrust_Root",
+      "binNumber": 11,
+      "sha256Fingerprint": "Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus="
+    },
+    {
+      "label": "Equifax_Secure_Global_eBusiness_CA_1",
+      "binNumber": 12,
+      "sha256Fingerprint": "Xwti6rXjU+plIWUWWPu2U1n0QygKSvvRBNd9EPnwTAc="
+    },
+    {
+      "label": "Equifax_Secure_eBusiness_CA_1",
+      "binNumber": 13,
+      "sha256Fingerprint": "z1b/RqShhhCd2WWEte61ilEMQnWw5flPQLuuhl4Z9nM="
+    },
+    {
+      "label": "AddTrust_Class_1_CA_Root",
+      "binNumber": 14,
+      "sha256Fingerprint": "jHIJJ5rATideFtB/07d16AFUtZaARuMfUt0ldmMk6ac="
+    },
+    {
+      "label": "AddTrust_External_CA_Root",
+      "binNumber": 15,
+      "sha256Fingerprint": "aH+kUTgieP/wyLEfjUPVdmccbrK86rQT+4PZZdBtL/I="
+    },
+    {
+      "label": "AddTrust_Public_CA_Root",
+      "binNumber": 16,
+      "sha256Fingerprint": "B5HKB0myB4Kq08fXvQzfyUhYNYQ+steZYAnOQ6tsaSc="
+    },
+    {
+      "label": "AddTrust_Qualified_CA_Root",
+      "binNumber": 17,
+      "sha256Fingerprint": "gJUhCAXbS7w1XkQo2P1uws3jq1+5eplCmI649NzQYBY="
+    },
+    {
+      "label": "Entrust_Root_Certification_Authority",
+      "binNumber": 18,
+      "sha256Fingerprint": "c8F2Q08bxtWt9FsOducnKHyN5XYWwebmFBorLLx9jkw="
+    },
+    {
+      "label": "OU_RSA_Security_2048_V3_O_RSA_Security_Inc",
+      "binNumber": 19,
+      "sha256Fingerprint": "r4tnYqHlKCKBYaldXFWe4mYnj3XXnoMBiaUDUGq9a0w="
+    },
+    {
+      "label": "GeoTrust_Global_CA",
+      "binNumber": 20,
+      "sha256Fingerprint": "/4VqLSUdzYjTZlb0UBJnmM+rqt5AeZxyLeTStds2pzo="
+    },
+    {
+      "label": "GeoTrust_Global_CA_2",
+      "binNumber": 21,
+      "sha256Fingerprint": "yi2CoIZ3By+KtnZP8DVnbP4+XjJeASFy3z+SCW23m4U="
+    },
+    {
+      "label": "GeoTrust_Universal_CA",
+      "binNumber": 22,
+      "sha256Fingerprint": "oEWbn2OyJVn1+l1MbbP59y/xk0IDNXjwc78dG0bLuRI="
+    },
+    {
+      "label": "GeoTrust_Universal_CA_2",
+      "binNumber": 23,
+      "sha256Fingerprint": "oCNPO8hSfKVijuyBrV1piV2laA3JHRy4R38z+Hi5Wws="
+    },
+    {
+      "label": "America_Online_Root_Certification_Authority_1",
+      "binNumber": 24,
+      "sha256Fingerprint": "d0BzEsY6FT1bwAtOUXWc39rCN9wqM7Z5RumOm/poCuM="
+    },
+    {
+      "label": "America_Online_Root_Certification_Authority_2",
+      "binNumber": 25,
+      "sha256Fingerprint": "fTtGWmAU5SbAr/zuISfSMRcnrYEcJoQtAGrzcwbMgL0="
+    },
+    {
+      "label": "Visa_eCommerce_Root",
+      "binNumber": 26,
+      "sha256Fingerprint": "afrJvVX7CseNU7vuXPHVl5if0KqrIKJRUb3xcz7n0SI="
+    },
+    {
+      "label": "Certum_CA",
+      "binNumber": 27,
+      "sha256Fingerprint": "2OD+vB2y440AlA830n1BNE2ZPnNLmdVlbZd41NgUNiQ="
+    },
+    {
+      "label": "AAA_Certificate_Services",
+      "binNumber": 28,
+      "sha256Fingerprint": "16eg+11+JzHXcelITrze9x1fDD4KKUh4K8g+4OppnvQ="
+    },
+    {
+      "label": "Secure_Certificate_Services",
+      "binNumber": 29,
+      "sha256Fingerprint": "vYHOO09lkdEaZ7X8ekf97yVSG/mqThi5498uNKeAO+g="
+    },
+    {
+      "label": "Trusted_Certificate_Services",
+      "binNumber": 30,
+      "sha256Fingerprint": "PwblVoHUlvW+Fp61OJ+fK4/2HhcI32iBckhJzV0ny2k="
+    },
+    {
+      "label": "QuoVadis_Root_Certification_Authority",
+      "binNumber": 31,
+      "sha256Fingerprint": "pF7eO7vwnIrhXHLvwHJo1pOiHJlv1R5nygeUYP1tiHM="
+    },
+    {
+      "label": "QuoVadis_Root_CA_2",
+      "binNumber": 32,
+      "sha256Fingerprint": "haDdfdcgrbf/Bfg9VCsgncf/RSj31nexg4n+peXEnoY="
+    },
+    {
+      "label": "QuoVadis_Root_CA_3",
+      "binNumber": 33,
+      "sha256Fingerprint": "GPH8fyBd+K3d63/gB91X4683WpxNjXNUa/Tx/tHhjTU="
+    },
+    {
+      "label": "OU_Security_Communication_RootCA1_O_SECOM_Trust_net_C_JP",
+      "binNumber": 34,
+      "sha256Fingerprint": "515y7Z9WDuxutIAAc6Q/w60ZGVo5IoIBeJWXSpkCa2w="
+    },
+    {
+      "label": "Sonera_Class2_CA",
+      "binNumber": 35,
+      "sha256Fingerprint": "eQi0AxTBOBALUY0HNYB/+/z4UYoAlTNxBbo4axU92Sc="
+    },
+    {
+      "label": "Staat_der_Nederlanden_Root_CA",
+      "binNumber": 36,
+      "sha256Fingerprint": "1B2CnowWWYIq+T/OYr/83iZPyE6LlQxf8nXQUjVGlaM="
+    },
+    {
+      "label": "UTN___DATACorp_SGC",
+      "binNumber": 37,
+      "sha256Fingerprint": "hfsvkd0SJ1oBRbY2U0+EAkrWi2m47ohoT/cRN1gFs0g="
+    },
+    {
+      "label": "UTN_USERFirst_Hardware",
+      "binNumber": 38,
+      "sha256Fingerprint": "bqVHQdAEZn7tG0gWY0qjp55uS5aVD4J52vyNm9iBITc="
+    },
+    {
+      "label": "Chambers_of_Commerce_Root",
+      "binNumber": 39,
+      "sha256Fingerprint": "DCWKEqVnSu8l8oun3Prs7qNI5UHm9cxO5jtxs2FgasM="
+    },
+    {
+      "label": "Global_Chambersign_Root",
+      "binNumber": 40,
+      "sha256Fingerprint": "7zy0F/yOv2+Xh2yeTs453h6l/mSRQdECi30RwLIpjO0="
+    },
+    {
+      "label": "NetLock_Kozjegyzoi__Class_A__Tanusitvanykiado",
+      "binNumber": 41,
+      "sha256Fingerprint": "fxLNX35eKQ7H2FF51bcsIKW+dQj/21v4GrloSn/J9mc="
+    },
+    {
+      "label": "XRamp_Global_Certification_Authority",
+      "binNumber": 42,
+      "sha256Fingerprint": "zs3ckFCZ2NrfxbHSCbc3y+LBjPssEMD/C88NMob8GqI="
+    },
+    {
+      "label": "OU_Go_Daddy_Class_2_Certification_Authority_O__The_Go_Daddy_Group__Inc___C_US",
+      "binNumber": 43,
+      "sha256Fingerprint": "w4Rr8kuek8pkJ0wOxnwezF4CT/ys0tdAGTUOgf5UauQ="
+    },
+    {
+      "label": "OU_Starfield_Class_2_Certification_Authority_O__Starfield_Technologies__Inc___C_US",
+      "binNumber": 44,
+      "sha256Fingerprint": "FGX6IFOXuHb6pvCplY5VkOQPzH+qT7fCyGd1Iftftlg="
+    },
+    {
+      "label": "StartCom_Certification_Authority",
+      "binNumber": 45,
+      "sha256Fingerprint": "x2apvvLUBxyGOjGqSSDoE7LRmGCMt7fP4hFDuDbfCeo="
+    },
+    {
+      "label": "O_Government_Root_Certification_Authority_C_TW",
+      "binNumber": 46,
+      "sha256Fingerprint": "dgApXu/oW54f1iTbdgYqqq5ZgYpU0ndM1MCywBEx4bM="
+    },
+    {
+      "label": "Swisscom_Root_CA_1",
+      "binNumber": 47,
+      "sha256Fingerprint": "IdsgEjZguy7UGCBdoR7nqFpl4rxuVbWvfniZyKJm2S4="
+    },
+    {
+      "label": "DigiCert_Assured_ID_Root_CA",
+      "binNumber": 48,
+      "sha256Fingerprint": "PpCZtQFej0hsALzqnREe5yH6ujVaibzx32lWHj3GMlw="
+    },
+    {
+      "label": "DigiCert_Global_Root_CA",
+      "binNumber": 49,
+      "sha256Fingerprint": "Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE="
+    },
+    {
+      "label": "DigiCert_High_Assurance_EV_Root_CA",
+      "binNumber": 50,
+      "sha256Fingerprint": "dDHl9MPBzkaQd08LYeBUQIg7qaAe0Aumq9eAbtOxGM8="
+    },
+    {
+      "label": "Class_2_Primary_CA",
+      "binNumber": 51,
+      "sha256Fingerprint": "D5k8iu+Xuq9WhxQO1ZrRghu0r6zwqppYtdV6M4o6+8s="
+    },
+    {
+      "label": "DST_Root_CA_X3",
+      "binNumber": 52,
+      "sha256Fingerprint": "BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk="
+    },
+    {
+      "label": "DST_ACES_CA_X6",
+      "binNumber": 53,
+      "sha256Fingerprint": "dnyVWnZBLImvaI6QoccPVWz9a2Al2+oQQW1+toMfjEA="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 54,
+      "sha256Fingerprint": "RATjO14UDc+ZgFH9/IAox8gWFcXuc3sRG1iCM6m1NaA="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 55,
+      "sha256Fingerprint": "xHDPVH4jArl3+yndcaiae2wfYHd7Ayn1YBfzKL9Pa+Y="
+    },
+    {
+      "label": "SwissSign_Gold_CA___G2",
+      "binNumber": 56,
+      "sha256Fingerprint": "Yt0L6bn1ChY+oPjnXAU7HspX6lXIaI9kfGiB8sg1e5U="
+    },
+    {
+      "label": "SwissSign_Silver_CA___G2",
+      "binNumber": 57,
+      "sha256Fingerprint": "vmxNoru5ulm285OXaDdCRsPABZk/qY8CDR3tvtSKgdU="
+    },
+    {
+      "label": "GeoTrust_Primary_Certification_Authority",
+      "binNumber": 58,
+      "sha256Fingerprint": "N9UQBsUS6qtiZCHx7IySAT/F+CrpjuUz60YZuN600Gw="
+    },
+    {
+      "label": "thawte_Primary_Root_CA",
+      "binNumber": 59,
+      "sha256Fingerprint": "jXIvganBE8B5HfE2opZtsmyVCpcdtGtBmfTqVLeL+58="
+    },
+    {
+      "label": "VeriSign_Class_3_Public_Primary_Certification_Authority___G5",
+      "binNumber": 60,
+      "sha256Fingerprint": "ms+rfkPI2IDQayYqlN7u5LRlmYnD0Mrxm69kBeQat98="
+    },
+    {
+      "label": "SecureTrust_CA",
+      "binNumber": 61,
+      "sha256Fingerprint": "8cG1CuWiDdgDDsn2vCSCPdNntSVXWbTnG2H86fc3XXM="
+    },
+    {
+      "label": "Secure_Global_CA",
+      "binNumber": 62,
+      "sha256Fingerprint": "QgD1BDrIWQ67Un0gntFQMCn7y9QcobUG7CfxWt59rGk="
+    },
+    {
+      "label": "COMODO_Certification_Authority",
+      "binNumber": 63,
+      "sha256Fingerprint": "DCzWPfeAb6OZ7egJEWtXW/h5ifBlGPmAjIYFAxeLr2Y="
+    },
+    {
+      "label": "Network_Solutions_Certificate_Authority",
+      "binNumber": 64,
+      "sha256Fingerprint": "FfC6AKOsevOsiEwHKxARoHe9d8CX9AFksvhZir2Dhgw="
+    },
+    {
+      "label": "WellsSecure_Public_Root_Certificate_Authority",
+      "binNumber": 65,
+      "sha256Fingerprint": "pxJyrqqjz+hyf3+znw+z0eVCbpBgsG7m8T6aPFgzzUM="
+    },
+    {
+      "label": "COMODO_ECC_Certification_Authority",
+      "binNumber": 66,
+      "sha256Fingerprint": "F5OSegYUVJeJrc4vjzT38LZtDzrjo7hNIewV27pPrcc="
+    },
+    {
+      "label": "IGC_A",
+      "binNumber": 67,
+      "sha256Fingerprint": "ub6nhgqWLqNhHauXq22j4hwQaLl9VVde0OESecEciTI="
+    },
+    {
+      "label": "OU_Security_Communication_EV_RootCA1_O__SECOM_Trust_Systems_CO__LTD___C_JP",
+      "binNumber": 68,
+      "sha256Fingerprint": "oi26aB6XN24tOX1yiq46m2KWuf26YLwuEfZH8sZ1+zc="
+    },
+    {
+      "label": "OISTE_WISeKey_Global_Root_GA_CA",
+      "binNumber": 69,
+      "sha256Fingerprint": "Qckjhmq0yta3rVeAgVguAgeXpsvfT/94zoOWs4k31/U="
+    },
+    {
+      "label": "Microsec_e_Szigno_Root_CA",
+      "binNumber": 70,
+      "sha256Fingerprint": "Mno9dhq63qA065mEBidcsaR3bv2uL99tAWjqHE9VZ9A="
+    },
+    {
+      "label": "Certigna",
+      "binNumber": 71,
+      "sha256Fingerprint": "47ai2y7XzkiEL3rFMkHHtx1UFEv7QMEfPx0LQvXuoS0="
+    },
+    {
+      "label": "TC_TrustCenter_Class_2_CA_II",
+      "binNumber": 72,
+      "sha256Fingerprint": "5rj4dmSF+Aeuf42sFnBGHwfAoT7vOh/3F1ONerrTkbQ="
+    },
+    {
+      "label": "TC_TrustCenter_Class_3_CA_II",
+      "binNumber": 73,
+      "sha256Fingerprint": "jaCE/Pmc4Hci+JsyBZOYBvpcuBHhyBP2oQjH0zazQI4="
+    },
+    {
+      "label": "TC_TrustCenter_Universal_CA_I",
+      "binNumber": 74,
+      "sha256Fingerprint": "6/PAKoeJsft9URmV1mO3KQbZE84NXhBWiop34lhhZ+c="
+    },
+    {
+      "label": "Deutsche_Telekom_Root_CA_2",
+      "binNumber": 75,
+      "sha256Fingerprint": "thkaUNDDl399qZvNqshqIn2uuWeexwujsMnZInHBcNM="
+    },
+    {
+      "label": "ComSign_Secured_CA",
+      "binNumber": 76,
+      "sha256Fingerprint": "UHlBx0RgoLRwhiINTpkyVyq10bW7y4mAqxyxdlGoRNI="
+    },
+    {
+      "label": "Cybertrust_Global_Root",
+      "binNumber": 77,
+      "sha256Fingerprint": "lgrfAGPpY1Z1DCll3QoIZ9oLnL1ud3FK6vsjSas5PaM="
+    },
+    {
+      "label": "OU_ePKI_Root_Certification_Authority_O__Chunghwa_Telecom_Co___Ltd___C_TW",
+      "binNumber": 78,
+      "sha256Fingerprint": "wKb03GOiS/3PVO8qaggqCnLeNYA+L/X/Unrl2HIG39U="
+    },
+    {
+      "label": "T_B_TAK_UEKAE_K_k_Sertifika_Hizmet_Sa_lay_c_s____S_r_m_3",
+      "binNumber": 79,
+      "sha256Fingerprint": "5Mc0MNeltQkl30M3Cg0hbpp5udbbg3Ogxp6xzDHHxSo="
+    },
+    {
+      "label": "Buypass_Class_2_CA_1",
+      "binNumber": 80,
+      "sha256Fingerprint": "D06c3SZLAlVQ0XCAY0AhT+lENMmwL2l+xxD8X+r7Xjg="
+    },
+    {
+      "label": "Buypass_Class_3_CA_1",
+      "binNumber": 81,
+      "sha256Fingerprint": "t7ErFx+CHaqZDND+UIexKESLqOUYT4TFHgK1yPuWKyQ="
+    },
+    {
+      "label": "EBG_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 82,
+      "sha256Fingerprint": "Na5b3dj3rmNc/7pWgqjwC5X0hGLHEI7poOUpKwdKr7I="
+    },
+    {
+      "label": "OU_certSIGN_ROOT_CA_O_certSIGN_C_RO",
+      "binNumber": 83,
+      "sha256Fingerprint": "6qlixPpKa6/r5BUZbTUczYiNT1Pz+orm18RmqU5gQrs="
+    },
+    {
+      "label": "CNNIC_ROOT",
+      "binNumber": 84,
+      "sha256Fingerprint": "4oOTdz2oRaZ58ggMx/tEo7ehw3kst+t3Kf3Lao2Zrqc="
+    },
+    {
+      "label": "OU_ApplicationCA_O_Japanese_Government_C_JP",
+      "binNumber": 85,
+      "sha256Fingerprint": "LUdDfeF5USFaEvPFjlHHKaWAJu8fzApfs9ncAS9gDRk="
+    },
+    {
+      "label": "GeoTrust_Primary_Certification_Authority___G3",
+      "binNumber": 86,
+      "sha256Fingerprint": "tHi4EiUN+HhjXCqn7H0VXqpiXugpFuLNKUNhiGzR+9Q="
+    },
+    {
+      "label": "thawte_Primary_Root_CA___G2",
+      "binNumber": 87,
+      "sha256Fingerprint": "pDENUK8YpkRxkDcqhq+vi5Uf+0Mdg38eVoi0WXHtFVc="
+    },
+    {
+      "label": "thawte_Primary_Root_CA___G3",
+      "binNumber": 88,
+      "sha256Fingerprint": "SwP0WAetcPIb/Cyuccn95GBMBkz1/7aGuuXbqtf900w="
+    },
+    {
+      "label": "GeoTrust_Primary_Certification_Authority___G2",
+      "binNumber": 89,
+      "sha256Fingerprint": "Xtt6xDuCoGqHYejXvkl56/JhH33Xm/kcHGtWaiGe12Y="
+    },
+    {
+      "label": "VeriSign_Universal_Root_Certification_Authority",
+      "binNumber": 90,
+      "sha256Fingerprint": "I5lWESelcSXejO/qYQ3fL6B4tcgGf06CgpC/uGDoSzw="
+    },
+    {
+      "label": "VeriSign_Class_3_Public_Primary_Certification_Authority___G4",
+      "binNumber": 91,
+      "sha256Fingerprint": "ad3X6pC7V8k+E13IXqb81UgLYDI5vcRU/HWLKibPf3k="
+    },
+    {
+      "label": "NetLock_Arany__Class_Gold__F_tan_s_tv_ny",
+      "binNumber": 92,
+      "sha256Fingerprint": "bGHaw6Le8DFQa+A20qb+QBmU+9E9+cjUZlmSdMRG7Jg="
+    },
+    {
+      "label": "Staat_der_Nederlanden_Root_CA___G2",
+      "binNumber": 93,
+      "sha256Fingerprint": "ZoyDlH2mO3JL7OF0PDGg5q7Q247Fsxvjd7t4T5G2cW8="
+    },
+    {
+      "label": "CA_Disig",
+      "binNumber": 94,
+      "sha256Fingerprint": "kr9RGavsytCxMy3E4dBfunW1Z5BE7gyibpMfdE8vM88="
+    },
+    {
+      "label": "Juur_SK",
+      "binNumber": 95,
+      "sha256Fingerprint": "7MPpw0B1A77gkaqVL0E0j/iLqoY7ImS++sgHkBV06Tk="
+    },
+    {
+      "label": "Hongkong_Post_Root_CA_1",
+      "binNumber": 96,
+      "sha256Fingerprint": "+eZ9M2xRACrAVMYyAi1m3aLn4//xCtBh7THYu7QQz7I="
+    },
+    {
+      "label": "SecureSign_RootCA11",
+      "binNumber": 97,
+      "sha256Fingerprint": "vw/u+546WBrV+enbdYmYV0PSYQhcTTFPb11yWapCFhI="
+    },
+    {
+      "label": "ACEDICOM_Root",
+      "binNumber": 98,
+      "sha256Fingerprint": "A5UPtJpTHz4ZkZQjmN+p4Ooy17oc3ZvIXbV+2UALQ0o="
+    },
+    {
+      "label": "Microsec_e_Szigno_Root_CA_2009",
+      "binNumber": 99,
+      "sha256Fingerprint": "PF+B/qX6uCxkv6Lq7K/N6OB3/IYgp8rlNxY9827b83g="
+    },
+    {
+      "label": "e_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi",
+      "binNumber": 100,
+      "sha256Fingerprint": "5gkHhGWkGXgMtqxMHAv7RlPZ2cxus5Rut/PWmZe61Zg="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 101,
+      "sha256Fingerprint": "y7Ui17fxJ61qAROGW98c1BAufQdZr2NafPRyDcljxTs="
+    },
+    {
+      "label": "Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068",
+      "binNumber": 102,
+      "sha256Fingerprint": "BASAKL8fKGTUj5rU2DKUNmqCiFZVPzsUMD+QFH9dQO8="
+    },
+    {
+      "label": "Izenpe_com",
+      "binNumber": 103,
+      "sha256Fingerprint": "JTDMjpgyFQK62W+bH7obCZ4tKZ4PRUi7kU82O8DUUx8="
+    },
+    {
+      "label": "Chambers_of_Commerce_Root___2008",
+      "binNumber": 104,
+      "sha256Fingerprint": "Bj5K+sSR39My8wibhULpRhfYk9f+lE4Qp5N+4p2Wk8A="
+    },
+    {
+      "label": "Global_Chambersign_Root___2008",
+      "binNumber": 105,
+      "sha256Fingerprint": "E2M1Q5M0p2mAFqDTJN5yKE4HnXtSILuPvXR4Fu6+uso="
+    },
+    {
+      "label": "Go_Daddy_Root_Certificate_Authority___G2",
+      "binNumber": 106,
+      "sha256Fingerprint": "RRQLMkfrnMjFtPDXtTCR9zKSCJ5uWmPidJ3TrKkZjto="
+    },
+    {
+      "label": "Starfield_Root_Certificate_Authority___G2",
+      "binNumber": 107,
+      "sha256Fingerprint": "LOHLC/nS+eECmT++IVFSw7LdDKveHGjlMZuDkVTbt/U="
+    },
+    {
+      "label": "Starfield_Services_Root_Certificate_Authority___G2",
+      "binNumber": 108,
+      "sha256Fingerprint": "Vo1pBaLIhwikswJRkO3P7bGXSmBqE8blKQ/LKuY+2rU="
+    },
+    {
+      "label": "AffirmTrust_Commercial",
+      "binNumber": 109,
+      "sha256Fingerprint": "A3arHVTF+YA85LLiAaDufu97V7Y26Kk8m41IYMlvX6c="
+    },
+    {
+      "label": "AffirmTrust_Networking",
+      "binNumber": 110,
+      "sha256Fingerprint": "CoHsWpKXd/FFkErzjV1Qn2a14sWPzbUxBYsOF/PwtBs="
+    },
+    {
+      "label": "AffirmTrust_Premium",
+      "binNumber": 111,
+      "sha256Fingerprint": "cKc/fzdrYAdCSJBFNLEUgtW/DmmOzEmN9SV36/LpO5o="
+    },
+    {
+      "label": "AffirmTrust_Premium_ECC",
+      "binNumber": 112,
+      "sha256Fingerprint": "vXH99tqX5M9i0WR63SWBsH15rfg5frTsupxehIiCFCM="
+    },
+    {
+      "label": "Certum_Trusted_Network_CA",
+      "binNumber": 113,
+      "sha256Fingerprint": "XFhGjVX1jkl+dDmC0rUAELbRZTdKz4On1KMtt2jEQI4="
+    },
+    {
+      "label": "Certinomis___Autorit__Racine",
+      "binNumber": 114,
+      "sha256Fingerprint": "/L/iiGIG9ysnWTyLBwKX4S12ntEO15MHBagJjv/BTRc="
+    },
+    {
+      "label": "Root_CA_Generalitat_Valenciana",
+      "binNumber": 115,
+      "sha256Fingerprint": "jE7f0ENI8yKWnn4ppM1NygBGVQYcFuGwdkIu80KtYw4="
+    },
+    {
+      "label": "A_Trust_nQual_03",
+      "binNumber": 116,
+      "sha256Fingerprint": "eTy/RVm5/eOKsi3xaGn2mIGuFMSwE5rHiKeKGvzKAvs="
+    },
+    {
+      "label": "TWCA_Root_Certification_Authority",
+      "binNumber": 117,
+      "sha256Fingerprint": "v9iP4RAcQa4+gBv4vlY1Dum60aa5vVFe3FxtW4cRrEQ="
+    },
+    {
+      "label": "OU_Security_Communication_RootCA2_O__SECOM_Trust_Systems_CO__LTD___C_JP",
+      "binNumber": 118,
+      "sha256Fingerprint": "UTss7LgQ1M3l3YU5Gt/Gwt1g2Hu3NtK1IUhKpHoOvvY="
+    },
+    {
+      "label": "EC_ACC",
+      "binNumber": 119,
+      "sha256Fingerprint": "iEl/AWAvMVQkauKMTVrvEPHYfrt2Ym9K4Lf5W6eWh5k="
+    },
+    {
+      "label": "Hellenic_Academic_and_Research_Institutions_RootCA_2011",
+      "binNumber": 120,
+      "sha256Fingerprint": "vBBPFaSL5wncpUKn4dS5328FRSfoAuqpLVlURCWK/nE="
+    },
+    {
+      "label": "Actalis_Authentication_Root_CA",
+      "binNumber": 121,
+      "sha256Fingerprint": "VZJghOyWOmS5biq+Ac4LqGpk+/68x6q1r8FVs3/XYGY="
+    },
+    {
+      "label": "OU_Trustis_FPS_Root_CA_O_Trustis_Limited_C_GB",
+      "binNumber": 122,
+      "sha256Fingerprint": "wbSCmaulII/pYwrOVcpooD7aWlGciAKg06Zzvo+OVX0="
+    },
+    {
+      "label": "StartCom_Certification_Authority",
+      "binNumber": 123,
+      "sha256Fingerprint": "4XiQ7gmj+/T0i5xBShfWN7elBkfpvHUjInJ/zBdCqRE="
+    },
+    {
+      "label": "StartCom_Certification_Authority_G2",
+      "binNumber": 124,
+      "sha256Fingerprint": "x7plZ96Tp5iuH6p5HnEtN4+uH5PEOX/qRBu3y+b9WZU="
+    },
+    {
+      "label": "Buypass_Class_2_Root_CA",
+      "binNumber": 125,
+      "sha256Fingerprint": "mhFAJRl8W7ldlOY9Vc1DeQhHtkayPN8RraSgDv8V+0g="
+    },
+    {
+      "label": "Buypass_Class_3_Root_CA",
+      "binNumber": 126,
+      "sha256Fingerprint": "7ffrvKJ6KjhNOHt9QBDGZuLttIQ+TCm0rh1bkzLmsk0="
+    },
+    {
+      "label": "T_TeleSec_GlobalRoot_Class_3",
+      "binNumber": 127,
+      "sha256Fingerprint": "/XPa0xxkT/G0O+8MzdqWcQuc2Ydeyn4xcHrz6W1SK70="
+    },
+    {
+      "label": "EE_Certification_Centre_Root_CA",
+      "binNumber": 128,
+      "sha256Fingerprint": "PoS6Q0KQhRbndXPAmS8JecoITkaFaB/xlcy6iiKbinY="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_",
+      "binNumber": 129,
+      "sha256Fingerprint": "l4zZZvL6oHunqpUA2cAunXfyza2mrWunSvS5HGZZPFA="
+    },
+    {
+      "label": "D_TRUST_Root_Class_3_CA_2_2009",
+      "binNumber": 130,
+      "sha256Fingerprint": "SeekQqzw6mKHBQBUtSVktlDk9J5C40jWqjjgOelXscE="
+    },
+    {
+      "label": "D_TRUST_Root_Class_3_CA_2_EV_2009",
+      "binNumber": 131,
+      "sha256Fingerprint": "7sVJa5iM6YYluTQJLuwpCL7QsPMWwtRzDITq8fPTSIE="
+    },
+    {
+      "label": "PSCProcert",
+      "binNumber": 132,
+      "sha256Fingerprint": "PPw8FNH2hP8X44xDykQMALln7JM+i/4GTKHXLJDyrbA="
+    },
+    {
+      "label": "China_Internet_Network_Information_Center_EV_Certificates_Root",
+      "binNumber": 133,
+      "sha256Fingerprint": "HAHG9Nuy/vwiVYsryjJWP0mESs/DK3vksP9Zn56Mevc="
+    },
+    {
+      "label": "Swisscom_Root_CA_2",
+      "binNumber": 134,
+      "sha256Fingerprint": "8JsSLHEU9KCb1OpPSpnVWLRuTCXNgRQNKcBWE5FMOEE="
+    },
+    {
+      "label": "Swisscom_Root_EV_CA_2",
+      "binNumber": 135,
+      "sha256Fingerprint": "2V/qPKTu3OdM1251/G0f9ixEHw+ovHfwNLGeXbJYAV0="
+    },
+    {
+      "label": "CA_Disig_Root_R1",
+      "binNumber": 136,
+      "sha256Fingerprint": "+W8j9MPnnAd6RpiNWvWQBnag8DnLZF3RdUmyFsgkQM4="
+    },
+    {
+      "label": "CA_Disig_Root_R2",
+      "binNumber": 137,
+      "sha256Fingerprint": "4j1KA217cOn1lbFCIHnSuR7fux+2UaBjPqqKncX4BwM="
+    },
+    {
+      "label": "ACCVRAIZ1",
+      "binNumber": 138,
+      "sha256Fingerprint": "mm7AEuGn2p2+NBlNR4rXwNsYIvsHHfEpgUlu0QQ4QRM="
+    },
+    {
+      "label": "TWCA_Global_Root_CA",
+      "binNumber": 139,
+      "sha256Fingerprint": "WXaQB/doXQ/NUIcvn5XVdVpbK0V9gfNpK2EKmGcvDhs="
+    },
+    {
+      "label": "TeliaSonera_Root_CA_v1",
+      "binNumber": 140,
+      "sha256Fingerprint": "3Wk2/iH48HfBI6GlIcEiJPciVbc+A6cmBpPooksPo4k="
+    },
+    {
+      "label": "E_Tugra_Certification_Authority",
+      "binNumber": 141,
+      "sha256Fingerprint": "sL/VK7DX2b2Sv11NwT2iVcAsVC83g2XqiTkR9V5V8jw="
+    },
+    {
+      "label": "T_TeleSec_GlobalRoot_Class_2",
+      "binNumber": 142,
+      "sha256Fingerprint": "keL1eI1YEOunulhzfeFUio7KzQFFmLwLFD4EGxcFJVI="
+    },
+    {
+      "label": "Atos_TrustedRoot_2011",
+      "binNumber": 143,
+      "sha256Fingerprint": "81a+okS3qR6zXVPKmteGSs4Bji011fj5bd9opvQapHQ="
+    },
+    {
+      "label": "QuoVadis_Root_CA_1_G3",
+      "binNumber": 144,
+      "sha256Fingerprint": "ioZv0bJ2tX5XjpIcZYKKK+1Y6fLyiAVBNLfx9L/JzHQ="
+    },
+    {
+      "label": "QuoVadis_Root_CA_2_G3",
+      "binNumber": 145,
+      "sha256Fingerprint": "j+T7Cvk6TQ1n2wvrsj43xxvzJdy83SQOoE2vWLR+GEA="
+    },
+    {
+      "label": "QuoVadis_Root_CA_3_G3",
+      "binNumber": 146,
+      "sha256Fingerprint": "iO+B3iAusBhFLkP4ZHJc6l+9H8LZ0gVzBwnF2LhpD0Y="
+    },
+    {
+      "label": "DigiCert_Assured_ID_Root_G2",
+      "binNumber": 147,
+      "sha256Fingerprint": "fQXrtoIzn4yUUe4JTuv++nlToRTtsvRJSUUvq30vwYU="
+    },
+    {
+      "label": "DigiCert_Assured_ID_Root_G3",
+      "binNumber": 148,
+      "sha256Fingerprint": "fjfLi0xHCQyrNlUbpvRduEBoD7oWapUtsQBxf0MFP8I="
+    },
+    {
+      "label": "DigiCert_Global_Root_G2",
+      "binNumber": 149,
+      "sha256Fingerprint": "yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18="
+    },
+    {
+      "label": "DigiCert_Global_Root_G3",
+      "binNumber": 150,
+      "sha256Fingerprint": "Ma1mSPgQQTjHOPOepDIBMzk+OhjMAilu+Xwqye9nMdA="
+    },
+    {
+      "label": "DigiCert_Trusted_Root_G4",
+      "binNumber": 151,
+      "sha256Fingerprint": "VS973PGnr55s5nIBf08Sq/dyQMeOdhrCA9HZ0grImYg="
+    },
+    {
+      "label": "Certification_Authority_of_WoSign",
+      "binNumber": 152,
+      "sha256Fingerprint": "SyLVpq7JnzzbeapewGg4R5zV7LpxZPfyLcHWX2PYVwg="
+    },
+    {
+      "label": "CA______",
+      "binNumber": 153,
+      "sha256Fingerprint": "1vA0vZSqIz8Cl+ykJFsoOXPkR6pZDzEMd/SP34MRIlQ="
+    },
+    {
+      "label": "COMODO_RSA_Certification_Authority",
+      "binNumber": 154,
+      "sha256Fingerprint": "UvDhxOWOxikpG2AxfwdGcbhdfqgNWwcnNGNTSzK0AjQ="
+    },
+    {
+      "label": "USERTrust_RSA_Certification_Authority",
+      "binNumber": 155,
+      "sha256Fingerprint": "55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I="
+    },
+    {
+      "label": "USERTrust_ECC_Certification_Authority",
+      "binNumber": 156,
+      "sha256Fingerprint": "T/Rg1Uuchtq/vPxXEuBADSvtP7xNT72qhuBq3NKprXo="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 157,
+      "sha256Fingerprint": "vslJEcKVVnbbbApVCYbXbjugBWZ8RCyXYrT7t3PeIow="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 158,
+      "sha256Fingerprint": "F5+8FIo90A/STqE0WMxDv6f1nIGC14OlE/br7BAMiSQ="
+    },
+    {
+      "label": "Staat_der_Nederlanden_Root_CA___G3",
+      "binNumber": 159,
+      "sha256Fingerprint": "PE+wuVq4swAy9DK4b1Nf4XLBhdD9OYZYN882GH+m9Cg="
+    },
+    {
+      "label": "Staat_der_Nederlanden_EV_Root_CA",
+      "binNumber": 160,
+      "sha256Fingerprint": "TSSRQUz+lWdG7Ezvps9vcuKKEylDL52KkHrEy12twVo="
+    },
+    {
+      "label": "IdenTrust_Commercial_Root_CA_1",
+      "binNumber": 161,
+      "sha256Fingerprint": "XVZJm+TS4IvPytCKPjhyPVBQO95waUjkL1VgMBnlKK4="
+    },
+    {
+      "label": "IdenTrust_Public_Sector_Root_CA_1",
+      "binNumber": 162,
+      "sha256Fingerprint": "MNCJWppEiiYgkWNVItH1IBC1hnrK4Sx475WP1PQ4ny8="
+    },
+    {
+      "label": "Entrust_Root_Certification_Authority___G2",
+      "binNumber": 163,
+      "sha256Fingerprint": "Q99XdLA+f+9f5A2TGnvt8bsua0JzjE5tOEEQPTqn8zk="
+    },
+    {
+      "label": "Entrust_Root_Certification_Authority___EC1",
+      "binNumber": 164,
+      "sha256Fingerprint": "Au0OsowU2kUWXFZnkXANZFHX+1bwsqsdO46wcOVu3/U="
+    },
+    {
+      "label": "CFCA_EV_ROOT",
+      "binNumber": 165,
+      "sha256Fingerprint": "XMPXjk4dXkVUegTmhz5k+Qz5U20czC74APNVxMX9cP0="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H5",
+      "binNumber": 166,
+      "sha256Fingerprint": "STUbkDREwYXM3FxpPSTYVVyyCNaoFBMHaZ9K8GMZnXg="
+    },
+    {
+      "label": "T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H6",
+      "binNumber": 167,
+      "sha256Fingerprint": "jeeGVeG+f3hHgAuT9pTSHTaMwG4DPn+rBLteuZ2mtwA="
+    },
+    {
+      "label": "Certinomis___Root_CA",
+      "binNumber": 168,
+      "sha256Fingerprint": "Kpn1vBF0tzy7HWIIhOAcNOUcyzl42hJfDjMmiIO/QVg="
+    },
+    {
+      "label": "OISTE_WISeKey_Global_Root_GB_CA",
+      "binNumber": 169,
+      "sha256Fingerprint": "a5wI6G6w92fPrWXNmLYhSeVJSmf1hF570e0Bnye4a9Y="
+    },
+    {
+      "label": "Certification_Authority_of_WoSign_G2",
+      "binNumber": 170,
+      "sha256Fingerprint": "1Ielb4OwdILoXpYzlMHswsnlHQkD7pRrAsMBWB7ZnhY="
+    },
+    {
+      "label": "CA_WoSign_ECC_Root",
+      "binNumber": 171,
+      "sha256Fingerprint": "i0XaHAb3kesMq/Jr5Yj1+yMWXC5hS/iFVi0NzlCymwI="
+    },
+    {
+      "label": "SZAFIR_ROOT_CA2",
+      "binNumber": 172,
+      "sha256Fingerprint": "oTOdMygaC1blV9PTKxzn+TZ+sJS9X6cqflAEyN7Xyv4="
+    },
+    {
+      "label": "Certum_Trusted_Network_CA_2",
+      "binNumber": 173,
+      "sha256Fingerprint": "tnby7drod1zTbLD2PNHUYDlh9J5iZboBOi8DB7bQuAQ="
+    },
+    {
+      "label": "Hellenic_Academic_and_Research_Institutions_RootCA_2015",
+      "binNumber": 174,
+      "sha256Fingerprint": "oECSmgLOU7Ss9PL/xpgc5ElvdV5tRf4LKmkrzVJSPzY="
+    },
+    {
+      "label": "Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015",
+      "binNumber": 175,
+      "sha256Fingerprint": "RLVFqool5lpzyhXcJ/w20kwcuZU6BmU5sRWC3Eh7SDM="
+    },
+    {
+      "label": "Certplus_Root_CA_G1",
+      "binNumber": 176,
+      "sha256Fingerprint": "FSpAK/zfLNVIBU0idbOcf8o+wJeAeLDw6nblYabHQz4="
+    },
+    {
+      "label": "Certplus_Root_CA_G2",
+      "binNumber": 177,
+      "sha256Fingerprint": "bMBQQeZEXnRpbEz7yfgPVDt+q7tEtM5veHxqmXHELxc="
+    },
+    {
+      "label": "OpenTrust_Root_CA_G1",
+      "binNumber": 178,
+      "sha256Fingerprint": "VsdxKNmMGNkbTP3/vCXukQPUdY6iq62CapDzRX1GDrQ="
+    },
+    {
+      "label": "OpenTrust_Root_CA_G2",
+      "binNumber": 179,
+      "sha256Fingerprint": "J5lYKf5qdRXBv+hI+cR2HbFsIlkpJXv0DQiU8p6ouvI="
+    },
+    {
+      "label": "OpenTrust_Root_CA_G3",
+      "binNumber": 180,
+      "sha256Fingerprint": "t8NiMXBugQeMNny4lhmPHjII3ZJpSd2PVwmkEPdbYpI="
+    },
+    {
+      "label": "ISRG_Root_X1",
+      "binNumber": 181,
+      "sha256Fingerprint": "lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY="
+    },
+    {
+      "label": "OU_AC_RAIZ_FNMT_RCM_O_FNMT_RCM_C_ES",
+      "binNumber": 182,
+      "sha256Fingerprint": "68VXDCkBjE1nsaoSe68S9wO0YR68F7fatVc4lBebk/o="
+    },
+    {
+      "label": "Amazon_Root_CA_1",
+      "binNumber": 183,
+      "sha256Fingerprint": "js3miE89h7ESW6Maw/yxPXAW3n9XzJBP4cuXxq6YGW4="
+    },
+    {
+      "label": "Amazon_Root_CA_2",
+      "binNumber": 184,
+      "sha256Fingerprint": "G6WyqoxlQBqClgEY+AvsT2IwTYPOxHE6GcOcAR6kbbQ="
+    },
+    {
+      "label": "Amazon_Root_CA_3",
+      "binNumber": 185,
+      "sha256Fingerprint": "GM5s/nvxTmCy40e43+hoyzHQLrs62icVafUDQ7Rts6Q="
+    },
+    {
+      "label": "Amazon_Root_CA_4",
+      "binNumber": 186,
+      "sha256Fingerprint": "410oQZ7QICXPppA4zWI5YkWNpcaV+96jwisL+yWJcJI="
+    },
+    {
+      "label": "LuxTrust_Global_Root_2",
+      "binNumber": 187,
+      "sha256Fingerprint": "VEVfcSnCCxRHxBj5lxaPJMWPxQI79dpb4utuHdiQLtU="
+    },
+    {
+      "label": "TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi___Surum_1",
+      "binNumber": 188,
+      "sha256Fingerprint": "Ru3DaJBG1TpFP7MQSrgNyuxliyZg6hYp3X6GeZBkhxY="
+    },
+    {
+      "label": "GDCA_TrustAUTH_R5_ROOT",
+      "binNumber": 189,
+      "sha256Fingerprint": "v/+P0EQzSH1qiqYMGil2ep/Cu7BeQg9xOhO5kokdOJM="
+    },
+    {
+      "label": "TrustCor_RootCert_CA_1",
+      "binNumber": 190,
+      "sha256Fingerprint": "1A6chs2P5GjBd2lZ9J6ndPpUhoS2xAbzkJJh9NziV1w="
+    },
+    {
+      "label": "TrustCor_RootCert_CA_2",
+      "binNumber": 191,
+      "sha256Fingerprint": "B1PpQDeMG9Xjg245Xa6ly4OeUEbxvQ6uGVHPEP7HyWU="
+    },
+    {
+      "label": "TrustCor_ECA_1",
+      "binNumber": 192,
+      "sha256Fingerprint": "WohdsZwB2RLFdZOIk4yvu98DGrLUjpHuFVibQpcdA5w="
+    },
+    {
+      "label": "SSL_com_Root_Certification_Authority_RSA",
+      "binNumber": 193,
+      "sha256Fingerprint": "hWZqVi7gvlzpJcHYiQpvdqh+wW1NfV8p6nQZzyASO2k="
+    },
+    {
+      "label": "SSL_com_Root_Certification_Authority_ECC",
+      "binNumber": 194,
+      "sha256Fingerprint": "NBe7BsxgB9oblhySC4q0zj+tgg5Kowuay8SnTr3OvGU="
+    },
+    {
+      "label": "SSL_com_EV_Root_Certification_Authority_RSA_R2",
+      "binNumber": 195,
+      "sha256Fingerprint": "LnvxbMIkhae74qqGlnUHYbCuOb47L+nQzG1O9zSRQlw="
+    },
+    {
+      "label": "SSL_com_EV_Root_Certification_Authority_ECC",
+      "binNumber": 196,
+      "sha256Fingerprint": "IqLB973tcEzB5wG19AjDEIgP6Va13ipKRPmchzolp8g="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 197,
+      "sha256Fingerprint": "LKvq/jfQbKIqunORwAM9JZgpUsRTZHNJdjo6ta1sz2k="
+    },
+    {
+      "label": "OISTE_WISeKey_Global_Root_GC_CA",
+      "binNumber": 198,
+      "sha256Fingerprint": "hWD5HDYk2rqVcLX+oNvjb/EagyO+lIaFT7PzSlVxGY0="
+    },
+    {
+      "label": "GTS_Root_R1",
+      "binNumber": 199,
+      "sha256Fingerprint": "KldUceMTQLwhWBy9LPE+FYRjID7OlLz508wZa/CaVHI="
+    },
+    {
+      "label": "GTS_Root_R2",
+      "binNumber": 200,
+      "sha256Fingerprint": "xF17sI5tZ+YuQjURC1ZOX3j9ku8FjIQK6k5kVddYXGA="
+    },
+    {
+      "label": "GTS_Root_R3",
+      "binNumber": 201,
+      "sha256Fingerprint": "FdW4d0YZ6n1Uzhym0LDEA+A3qRfxMeigTh5renG6vOU="
+    },
+    {
+      "label": "GTS_Root_R4",
+      "binNumber": 202,
+      "sha256Fingerprint": "ccylOR+eeUsEgCUws2PhIdqKMEO7JmYv6k3Kf8lRpL0="
+    },
+    {
+      "label": "UCA_Global_G2_Root",
+      "binNumber": 203,
+      "sha256Fingerprint": "m+oRyXb+AUdkwb5WpvkUtaVgMXq9mYg5M4LlFhqgSTw="
+    },
+    {
+      "label": "UCA_Extended_Validation_Root",
+      "binNumber": 204,
+      "sha256Fingerprint": "1Dr5s1RzdVyWhPwG19jLcO5cKOdz+ylOtB7nFyKSTSQ="
+    },
+    {
+      "label": "Certigna_Root_CA",
+      "binNumber": 205,
+      "sha256Fingerprint": "1I09I+7bUKRZ5VGXYBwnd0udexjJTVoFlRGhAlC5MWg="
+    },
+    {
+      "label": "emSign_Root_CA___G1",
+      "binNumber": 206,
+      "sha256Fingerprint": "QPavA0apmqHNHVVaTpzOYsf5Y0YD7kBmFYM9yMjQA2c="
+    },
+    {
+      "label": "emSign_ECC_Root_CA___G3",
+      "binNumber": 207,
+      "sha256Fingerprint": "hqHsugicSo07vic0xhK6NB2BPgQ8+eioYs1cV6Nrvms="
+    },
+    {
+      "label": "emSign_Root_CA___C1",
+      "binNumber": 208,
+      "sha256Fingerprint": "ElYJqjAdoKJJuXqCOctqNCFvRNysnzlUsUKS8ujIYI8="
+    },
+    {
+      "label": "emSign_ECC_Root_CA___C3",
+      "binNumber": 209,
+      "sha256Fingerprint": "vE2AmxUYnXjbPh2M9PlyanldoWQ8pfE1jh3bDtwNfrM="
+    },
+    {
+      "label": "Hongkong_Post_Root_CA_3",
+      "binNumber": 210,
+      "sha256Fingerprint": "Wi/APwyDsJC7+kBgSwmIRGx2Nhg9+YRuFxAaRH+479Y="
+    },
+    {
+      "label": "Entrust_Root_Certification_Authority___G4",
+      "binNumber": 211,
+      "sha256Fingerprint": "2zUX0fZzKi1auXxTPscHee4ycKYvtKxCODckYObwHog="
+    },
+    {
+      "label": "Microsoft_ECC_Root_Certificate_Authority_2017",
+      "binNumber": 212,
+      "sha256Fingerprint": "NY3znXZK+eG3ZunJct81LuFc+sInr2rR1w6OSm7cugI="
+    },
+    {
+      "label": "Microsoft_RSA_Root_Certificate_Authority_2017",
+      "binNumber": 213,
+      "sha256Fingerprint": "x0H3D0sqjYi/LnHBQSLvU+8Q66DPpeZM+iD0GIUwc+A="
+    },
+    {
+      "label": "e_Szigno_Root_CA_2017",
+      "binNumber": 214,
+      "sha256Fingerprint": "vrALMIObm8MsMuREeQWVBkHyZCGxXtCJGYtRiuLqG5k="
+    },
+    {
+      "label": "OU_certSIGN_ROOT_CA_G2_O_CERTSIGN_SA_C_RO",
+      "binNumber": 215,
+      "sha256Fingerprint": "ZXz+L6c/qjhGJXHzMqI2Okb85wIJUXEHAs37tu7aMwU="
+    },
+    {
+      "label": "Trustwave_Global_Certification_Authority",
+      "binNumber": 216,
+      "sha256Fingerprint": "l1UgFfXd/DyHiMAGlEVVQIiURQCE8QCGcIa8Giu1jcg="
+    },
+    {
+      "label": "Trustwave_Global_ECC_P256_Certification_Authority",
+      "binNumber": 217,
+      "sha256Fingerprint": "lFu8gl6lVPSJ0f1Rpz3fLqYkrHAZoFIFIlwip4zPqLQ="
+    },
+    {
+      "label": "Trustwave_Global_ECC_P384_Certification_Authority",
+      "binNumber": 218,
+      "sha256Fingerprint": "VZA4WcjAw+u4dZ7OTiVXIl/1dYu9OOvUgnZgHhvVgJc="
+    },
+    {
+      "label": "NAVER_Global_Root_Certification_Authority",
+      "binNumber": 219,
+      "sha256Fingerprint": "iPQ43Pj/0fqPQpEV/+X4KuHgbgxww3X6rXF7NKSecmU="
+    },
+    {
+      "label": "AC_RAIZ_FNMT_RCM_SERVIDORES_SEGUROS",
+      "binNumber": 220,
+      "sha256Fingerprint": "VUFTsT0s+d23U7++Gk4K4I0KpBhwWP5gorhisuS4e8s="
+    },
+    {
+      "label": "GlobalSign_Root_R46",
+      "binNumber": 221,
+      "sha256Fingerprint": "T6MSbY06EdHEhVpPgHy61s+RnTpaiLA76ixjctk8QMk="
+    },
+    {
+      "label": "GlobalSign_Root_E46",
+      "binNumber": 222,
+      "sha256Fingerprint": "y7nETYS4BD4QUOoxpp9RSVXXv9LixrSTAQGa1h2fUFg="
+    },
+    {
+      "label": "GLOBALTRUST_2020",
+      "binNumber": 223,
+      "sha256Fingerprint": "milqUYLR1FGi439Dm3Tar6JnUjMp+Q+aDSAHwzTiPJo="
+    },
+    {
+      "label": "ANF_Secure_Server_Root_CA",
+      "binNumber": 224,
+      "sha256Fingerprint": "+4/sdZFpuRBrHlEWRMYYxRMENz9sBkMIjYvv/RuZdZk="
+    },
+    {
+      "label": "Certum_EC_384_CA",
+      "binNumber": 225,
+      "sha256Fingerprint": "azKAhWJTGKpQ0XPJjYvaCdV+J0E9EUz3h6D10GwDDPY="
+    },
+    {
+      "label": "Certum_Trusted_Root_CA",
+      "binNumber": 226,
+      "sha256Fingerprint": "/naWVzhVdz43qV561NnMlsMBV8FdMXZbqbFXBOGueP0="
+    },
+    {
+      "label": "TunTrust_Root_CA",
+      "binNumber": 227,
+      "sha256Fingerprint": "LkQQKrWMuFQZRRyOGdms82Ysr7xhS2pTlgow99Di60E="
+    },
+    {
+      "label": "HARICA_TLS_RSA_Root_CA_2021",
+      "binNumber": 228,
+      "sha256Fingerprint": "2V0Ojtp5Ulv5vrEbFNIQDTKUmF8MYtn6vZzZmezLex0="
+    },
+    {
+      "label": "HARICA_TLS_ECC_Root_CA_2021",
+      "binNumber": 229,
+      "sha256Fingerprint": "P5nMR0rPzk3+1YeUZl5HjRVHc58ueA8btMqbEzCX1AE="
+    },
+    {
+      "label": "Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068",
+      "binNumber": 230,
+      "sha256Fingerprint": "V94Fg+/Ssm4DYdqZ2p30ZI3vfuhEHDtyivqbzeD5smo="
+    },
+    {
+      "label": "vTrus_ECC_Root_CA",
+      "binNumber": 231,
+      "sha256Fingerprint": "MPu6LDIjjiqYVHr5eTHlUEKLmz8cjutmM9z6hsWyfdM="
+    },
+    {
+      "label": "vTrus_Root_CA",
+      "binNumber": 232,
+      "sha256Fingerprint": "inHeZVkzb0JsJuU4gNANiKGNpMapHw3LYZTiBsXJY4c="
+    },
+    {
+      "label": "ISRG_Root_X2",
+      "binNumber": 233,
+      "sha256Fingerprint": "aXKbjhWobvwXelevtxcd/GSt0owvyozxUH40RTzLFHA="
+    },
+    {
+      "label": "HiPKI_Root_CA___G1",
+      "binNumber": 234,
+      "sha256Fingerprint": "8BXOPMI5v+8GS+nx0sQX4aAmSgqUvh8MjRIYZOtpScw="
+    },
+    {
+      "label": "GlobalSign",
+      "binNumber": 235,
+      "sha256Fingerprint": "sIXXC5ZPGRpz5K8NVK56Dgeq/a+bcd0IYhOKtzJaJKI="
+    },
+    {
+      "label": "GTS_Root_R1",
+      "binNumber": 236,
+      "sha256Fingerprint": "2UdDKr3nt/qQ/C5rWRAbEoDg4cfk5A+jxoh//1en9M8="
+    },
+    {
+      "label": "GTS_Root_R2",
+      "binNumber": 237,
+      "sha256Fingerprint": "jSXNlyKdv3A1a9pOs8xzQDHiTPAPr8/TLcdutYQcfqg="
+    },
+    {
+      "label": "GTS_Root_R3",
+      "binNumber": 238,
+      "sha256Fingerprint": "NNinPuII2bzbDZVlIJNLTkDmlIJZbotvc8hCawEKb0g="
+    },
+    {
+      "label": "GTS_Root_R4",
+      "binNumber": 239,
+      "sha256Fingerprint": "NJ36QFjF4mMSOzmK55VXPE4TE8g/5o+TVWzV6AMbPH0="
+    },
+    {
+      "label": "Telia_Root_CA_v2",
+      "binNumber": 240,
+      "sha256Fingerprint": "JCtpdC/LHlsqv5iJi5RXIYdUTltNmRF4ZXNiH2p0uCw="
+    },
+    {
+      "label": "D_TRUST_BR_Root_CA_1_2020",
+      "binNumber": 241,
+      "sha256Fingerprint": "5ZqqgWAJwiv/WyW6033zBvBJeXwfgdhasInmV72PAEQ="
+    },
+    {
+      "label": "D_TRUST_EV_Root_CA_1_2020",
+      "binNumber": 242,
+      "sha256Fingerprint": "CBcNGqNkU5AaL5WSReNH2wyNN6uqvFa4GqEA3JWJcNs="
+    },
+    {
+      "label": "DigiCert_TLS_ECC_P384_Root_G5",
+      "binNumber": 243,
+      "sha256Fingerprint": "AY4T8HclMs+Am9GxcoGGcoP8SMbhO+nGmBKFSkkMGwU="
+    },
+    {
+      "label": "DigiCert_TLS_RSA4096_Root_G5",
+      "binNumber": 244,
+      "sha256Fingerprint": "NxoA3AUzs3IafutA6EGecHmdKwoPLB2AaTFl987ErXU="
+    },
+    {
+      "label": "Certainly_Root_R1",
+      "binNumber": 245,
+      "sha256Fingerprint": "d7gs2GRMQwX3rMXLFWtFZ1AEAz1RxgxiAqjgwzRn06A="
+    },
+    {
+      "label": "Certainly_Root_E1",
+      "binNumber": 246,
+      "sha256Fingerprint": "tFhfIuSsdWpOhhKhNhxdnQMak/2E/rt3j6MGiw/ELcI="
+    },
+    {
+      "label": "E_Tugra_Global_Root_CA_RSA_v3",
+      "binNumber": 247,
+      "sha256Fingerprint": "72awsQo8258uNkjHa9KvGOrSv+bxF2VeKMQGDaGj9MI="
+    },
+    {
+      "label": "E_Tugra_Global_Root_CA_ECC_v3",
+      "binNumber": 248,
+      "sha256Fingerprint": "hz9Ghfp/VjYlJS5tNrzX8W/CSVHyZOR+G5VPSQjNyhM="
+    },
+    {
+      "label": "Security_Communication_RootCA3",
+      "binNumber": 249,
+      "sha256Fingerprint": "JKVcKrBRRC0GF3ZlQSOaStAy18VRdao0/94vvE9cUpQ="
+    },
+    {
+      "label": "Security_Communication_ECC_RootCA1",
+      "binNumber": 250,
+      "sha256Fingerprint": "50+9pVvVZMRzo2tEGqeZyKaOB3RA6CiLn6HlDku6yhE="
+    }
+  ],
+  "maxBin": 250
+}
\ No newline at end of file
diff --git a/security/manager/tools/PreloadedHPKPins.json b/security/manager/tools/PreloadedHPKPins.json
new file mode 100644
index 0000000000..d4790e9525
--- /dev/null
+++ b/security/manager/tools/PreloadedHPKPins.json
@@ -0,0 +1,207 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// The top-level element is a dictionary with two keys: "pinsets" maps details
+// of certificate pinning to a name and "entries" contains the HPKP details for
+// each host.
+//
+// "pinsets" is a list of objects. Each object has the following members:
+//   name: (string) the name of the pinset
+//   sha256_hashes: (list of strings) the set of allowed SPKIs hashes
+//
+// For a given pinset, a certificate is accepted if at least one of the
+// Subject Public Key Infos (SPKIs) is found in the chain.  SPKIs are specified
+// as names, which must match up with the name given in the Mozilla root store.
+//
+// "entries" is a list of objects. Each object has the following members:
+//   name: (string) the DNS name of the host in question
+//   include_subdomains: (optional bool) whether subdomains of |name| are also covered
+//   pins: (string) the |name| member of an object in |pinsets|
+//
+// "extra_certificates" is a list of base64-encoded certificates. These are used in
+// pinsets that reference certificates not in our root program (for example,
+// Facebook or intermediate CA certs).
+
+{
+  "chromium_data" : {
+    "cert_file_url": "https://chromium.googlesource.com/chromium/src/+/refs/heads/main/net/http/transport_security_state_static.pins?format=TEXT",
+    "json_file_url": "https://chromium.googlesource.com/chromium/src/+/refs/heads/main/net/http/transport_security_state_static_pins.json?format=TEXT",
+    "substitute_pinsets": {
+      // Use the larger google_root_pems pinset instead of google
+      "google": "google_root_pems"
+    },
+    "production_pinsets": [
+      "google_root_pems",
+      "facebook",
+      "ncsccs"
+    ],
+    "production_domains": [
+      // Chrome's test domains.
+      "pinningtest.appspot.com",
+      "pinning-test.badssl.com",
+      // Tor
+      "torproject.org",
+      "blog.torproject.org",
+      "check.torproject.org",
+      "dist.torproject.org",
+      "www.torproject.org",
+      // SpiderOak
+      "spideroak.com"
+    ],
+    "exclude_domains" : []
+   },
+  "pinsets": [
+    {
+      "name": "mozilla_services",
+      "sha256_hashes": [
+        // Current Digicert root hierarchy (G1)
+        // Digicert is migrating users off this root hierarchy
+        // https://knowledge.digicert.com/generalinformation/digicert-root-and-intermediate-ca-certificate-updates-2023.html
+        "DigiCert Global Root CA",
+        "DigiCert High Assurance EV Root CA",
+        // New Digicert root hierarchy (G2)
+        // Digicert is migrating users to this root hierarchy
+        // https://knowledge.digicert.com/generalinformation/digicert-root-and-intermediate-ca-certificate-updates-2023.html
+        "DigiCert Global Root G2",
+        // Future Digicert root hierarchy (G5)
+        // Digicert will be switching to this root hierarchy in the future
+        // https://knowledge.digicert.com/generalinformation/digicert-g5-root-and-intermediate-ca-certificate-migration.html
+        "DigiCert TLS ECC P384 Root G5",
+        "DigiCert TLS RSA4096 Root G5",
+        // Current Let’s Encrypt root hierachy
+        // https://letsencrypt.org/certificates/
+        "ISRG Root X1"
+      ]
+    },
+    // For pinning tests on pinning.example.com, the certificate must be 'End
+    // Entity Test Cert'
+    {
+      "name": "mozilla_test",
+      "sha256_hashes": [
+        "End Entity Test Cert"
+      ]
+    },
+    // Google's root PEMs. Chrome pins only to their intermediate certs, but
+    // they'd like us to be more liberal. For the initial list, we are using
+    // the certs from https://pki.google.com/roots.pem.
+    // We have no built-in for commented out CAs.
+    // This list should be updated via the dumpGoogleRoots.js script.
+    {
+      "name": "google_root_pems",
+      "sha256_hashes": [
+        "AffirmTrust Commercial",
+        "AffirmTrust Networking",
+        "AffirmTrust Premium",
+        "AffirmTrust Premium ECC",
+        "Baltimore CyberTrust Root",
+        "Comodo AAA Services root",
+        "COMODO Certification Authority",
+        "COMODO ECC Certification Authority",
+        "COMODO RSA Certification Authority",
+        "DigiCert Assured ID Root CA",
+        "DigiCert Assured ID Root G2",
+        "DigiCert Assured ID Root G3",
+        "DigiCert Global Root CA",
+        "DigiCert Global Root G2",
+        "DigiCert Global Root G3",
+        "DigiCert High Assurance EV Root CA",
+        "DigiCert Trusted Root G4",
+        "Entrust Root Certification Authority",
+        "Entrust Root Certification Authority - EC1",
+        "Entrust Root Certification Authority - G2",
+        "Entrust.net Premium 2048 Secure Server CA",
+        // "GlobalSign",
+        "GlobalSign ECC Root CA - R5",
+        "GlobalSign Root CA",
+        "GlobalSign Root CA - R3",
+        "GlobalSign Root CA - R6",
+        "Go Daddy Class 2 CA",
+        "Go Daddy Root Certificate Authority - G2",
+        // "GTS Root R1",
+        // "GTS Root R2",
+        // "GTS Root R3",
+        // "GTS Root R4",
+        "Starfield Class 2 CA",
+        "Starfield Root Certificate Authority - G2",
+        "USERTrust ECC Certification Authority",
+        "USERTrust RSA Certification Authority"
+      ]
+    }
+    // The list above should be updated via the dumpGoogleRoots.js script.
+  ],
+
+  "entries": [
+    // Only domains that are operationally crucial to Firefox can have per-host
+    // telemetry reporting (the "id") field
+    { "name": "addons.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 1 },
+    { "name": "addons.mozilla.net", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 2 },
+    // AUS servers MUST remain in test mode
+    // see: https://bugzilla.mozilla.org/show_bug.cgi?id=1301956#c23
+    { "name": "aus4.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": true, "id": 3 },
+    { "name": "aus5.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": true, "id": 7 },
+    // Catchall for applications hosted under firefox.com
+    // see https://bugzilla.mozilla.org/show_bug.cgi?id=1494431
+    { "name": "firefox.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": true, "id": 15 },
+    // Firefox Accounts & sync
+    // superseded by catchall for firefox.com, but leaving for tracking
+    { "name": "accounts.firefox.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 4 },
+    { "name": "api.accounts.firefox.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 5 },
+    { "name": "sync.services.mozilla.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 13 },
+    // Catch-all for all CDN resources, including product delivery
+    // Telemetry IDs added in bug 1521983.
+    { "name": "cdn.mozilla.net", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 16 },
+    { "name": "cdn.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 17 },
+    { "name": "download.mozilla.org", "include_subdomains": false,
+      "pins": "mozilla_services", "test_mode": false, "id": 14 },
+    // Catch-all for everything hosted under services.mozilla.com
+    { "name": "services.mozilla.com", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": false, "id": 6 },
+    // Catch-all for everything hosted under telemetry.mozilla.org
+    // MUST remain in test mode in order to receive telemetry on broken pins
+    { "name": "telemetry.mozilla.org", "include_subdomains": true,
+      "pins": "mozilla_services", "test_mode": true, "id": 8 },
+    // Test Pilot
+    // superseded by catchall for firefox.com, but leaving for tracking
+    { "name": "testpilot.firefox.com", "include_subdomains": false,
+      "pins": "mozilla_services", "test_mode": false, "id": 9 },
+    // Crash report sites
+    { "name": "crash-reports.mozilla.com", "include_subdomains": false,
+      "pins": "mozilla_services", "test_mode": false, "id": 10 },
+    { "name": "crash-reports-xpsp2.mozilla.com", "include_subdomains": false,
+      "pins": "mozilla_services", "test_mode": false, "id": 11 },
+    { "name": "crash-stats.mozilla.org", "include_subdomains": false,
+      "pins": "mozilla_services", "test_mode": false, "id": 12 },
+    { "name": "include-subdomains.pinning.example.com",
+      "include_subdomains": true, "pins": "mozilla_test",
+      "test_mode": false },
+    // Example domain to collect per-host stats for telemetry tests.
+    { "name": "exclude-subdomains.pinning.example.com",
+      "include_subdomains": false, "pins": "mozilla_test",
+      "test_mode": false },
+    { "name": "test-mode.pinning.example.com", "include_subdomains": true,
+      "pins": "mozilla_test", "test_mode": true }
+  ],
+  // When pinning to non-root certs, like intermediates,
+  // place the PEM of the pinned certificate in this array
+  // so Firefox can find the subject DN and public key
+  "extra_certificates": [
+    // Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
+    // Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1
+    "MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrXNSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHlNpi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7DcGu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgzuEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMBAAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEFBQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsGAQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYDVR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIBABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGxA/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRMUM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOuOsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vwp7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKRPB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5brUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt",
+    // Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X4
+    // Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1
+    "MIIFjTCCA3WgAwIBAgIRAJObmZ6kjhYNW0JZtD0gE9owDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0NDM0WhcNMjExMDA2MTU0NDM0WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhJHRCe7eRMdlz/ziq2M5EXLc5CtxErg29RbmXN2evvVBPX9MQVGv3QdqOY+ZtW8DoQKmMQfzRA4n/YmEJYNYHBXiakL0aZD5P3M93L4lry2evQU3FjQDAa/6NhNy18pUxqOj2kKBDSpN0XLM+Q2lLiSJHdFE+mWTDzSQB+YQvKHcXIqfdw2wITGYvN3TFb5OOsEY3FmHRUJjIsA9PWFN8rPbaLZZhUK1D3AqmT561Urmcju9O30azMdwg/GnCoyB1Puw4GzZOZmbS3/VmpJMve6YOlD5gPUpLHG+6tE0cPJFYbi9NxNpw2+0BOXbASefpNbUUBpDB5ZLiEP1rubSFAgMBAAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBTFsatOTLHNZDCTfsGEmQWr5gPiJTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEFBQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsGAQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYDVR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIBAF4tI1yGjZgld9lP01+zftU3aSV0un0d2GKUMO7GxvwTLWAKQz/eT+u3J4+GvpD+BMfopIxkJcDCzMChjjZtZZwJpIY7BatVrO6OkEmaRNITtbZ/hCwNkUnbk3C7EG3OGJZlo9b2wzA8v9WBsPzHpTvLfOr+dS57LLPZBhp3ArHaLbdk33lIONRPt9sseDEkmdHnVmGmBRf4+J0Wy67mddOvz5rHH8uzY94raOayf20gzzcmqmot4hPXtDG4Y49MoFMMT2kcWck3EOTAH6QiGWkGJ7cxMfSL3S0niA6wgFJtfETETOZu8AVDgENgCJ3DS0bz/dhVKvs3WRkaKuuR/W0nnC2VDdaFj4+CRF8LGtn/8ERaH48TktH5BDyDVcF9zfJ75Scxcy23jAL2N6w3n/t3nnqoXt9Im4FprDr+mP1g2Z6Lf2YA0jE3kZalgZ6lNHu4CmvJYoOTSJw9X2qlGl1K+B4U327rG1tRxgjM76pN6lIS02PMECoyKJigpOSBu4V8+LVaUMezCJH9Qf4EKeZTHddQ1t96zvNd2s9ewSKx/DblXbKsBDzIdHJ+qi6+F9DIVM5/ICdtDdulOO+dr/BXB+pBZ3uVxjRANvJKKpdxkePyluITSNZHbanWRN07gMvwBWOL060i4VrL9er1sBQrRjU9iNpZQGTnLVAxQVFu"
+  ]
+}
diff --git a/security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py b/security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py
new file mode 100644
index 0000000000..05e0842e2a
--- /dev/null
+++ b/security/manager/tools/crtshToIdentifyingStruct/crtshToIdentifyingStruct.py
@@ -0,0 +1,156 @@
+#!/usr/bin/env python3
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+This utility takes a series of https://crt.sh/ identifiers and writes to
+stdout all of those certs' distinguished name or SPKI fields in hex, with an
+array of all those. You'll need to post-process this list to handle any
+duplicates.
+
+Requires Python 3.
+"""
+import argparse
+import io
+import re
+import sys
+
+import requests
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.x509.oid import NameOID
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import pem, rfc5280
+
+assert sys.version_info >= (3, 2), "Requires Python 3.2 or later"
+
+
+def hex_string_for_struct(bytes):
+    return ["0x{:02X}".format(x) for x in bytes]
+
+
+def hex_string_human_readable(bytes):
+    return ["{:02X}".format(x) for x in bytes]
+
+
+def nameOIDtoString(oid):
+    if oid == NameOID.COUNTRY_NAME:
+        return "C"
+    if oid == NameOID.COMMON_NAME:
+        return "CN"
+    if oid == NameOID.LOCALITY_NAME:
+        return "L"
+    if oid == NameOID.ORGANIZATION_NAME:
+        return "O"
+    if oid == NameOID.ORGANIZATIONAL_UNIT_NAME:
+        return "OU"
+    raise Exception("Unknown OID: {}".format(oid))
+
+
+def print_block(pemData, identifierType="DN", crtshId=None):
+    substrate = pem.readPemFromFile(io.StringIO(pemData.decode("utf-8")))
+    cert, _ = decoder.decode(substrate, asn1Spec=rfc5280.Certificate())
+    octets = None
+
+    if identifierType == "DN":
+        der_subject = encoder.encode(cert["tbsCertificate"]["subject"])
+        octets = hex_string_for_struct(der_subject)
+    elif identifierType == "SPKI":
+        der_spki = encoder.encode(cert["tbsCertificate"]["subjectPublicKeyInfo"])
+        octets = hex_string_for_struct(der_spki)
+    else:
+        raise Exception("Unknown identifier type: " + identifierType)
+
+    cert = x509.load_pem_x509_certificate(pemData, default_backend())
+    common_name = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0]
+    block_name = "CA{}{}".format(
+        re.sub(r"[-:=_. ]", "", common_name.value), identifierType
+    )
+
+    fingerprint = hex_string_human_readable(cert.fingerprint(hashes.SHA256()))
+
+    dn_parts = [
+        "/{id}={value}".format(id=nameOIDtoString(part.oid), value=part.value)
+        for part in cert.subject
+    ]
+    distinguished_name = "".join(dn_parts)
+
+    print("// {dn}".format(dn=distinguished_name))
+    print("// SHA256 Fingerprint: " + ":".join(fingerprint[:16]))
+    print("//                     " + ":".join(fingerprint[16:]))
+    if crtshId:
+        print("// https://crt.sh/?id={crtsh} (crt.sh ID={crtsh})".format(crtsh=crtshId))
+    print("static const uint8_t {}[{}] = ".format(block_name, len(octets)) + "{")
+
+    while len(octets) > 0:
+        print("  " + ", ".join(octets[:13]) + ",")
+        octets = octets[13:]
+
+    print("};")
+    print()
+
+    return block_name
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "-spki",
+        action="store_true",
+        help="Create a list of subject public key info fields",
+    )
+    parser.add_argument(
+        "-dn",
+        action="store_true",
+        help="Create a list of subject distinguished name fields",
+    )
+    parser.add_argument("-listname", help="Name of the final DataAndLength block")
+    parser.add_argument(
+        "certId", nargs="+", help="A list of PEM files on disk or crt.sh IDs"
+    )
+    args = parser.parse_args()
+
+    if not args.dn and not args.spki:
+        parser.print_help()
+        raise Exception("You must select either DN or SPKI matching")
+
+    blocks = []
+
+    print(
+        "// Script from security/manager/tools/crtshToIdentifyingStruct/"
+        + "crtshToIdentifyingStruct.py"
+    )
+    print("// Invocation: {}".format(" ".join(sys.argv)))
+    print()
+
+    identifierType = None
+    if args.dn:
+        identifierType = "DN"
+    else:
+        identifierType = "SPKI"
+
+    for certId in args.certId:
+        # Try a local file first, then crt.sh
+        try:
+            with open(certId, "rb") as pemFile:
+                blocks.append(
+                    print_block(pemFile.read(), identifierType=identifierType)
+                )
+        except OSError:
+            r = requests.get("https://crt.sh/?d={}".format(certId))
+            r.raise_for_status()
+            blocks.append(
+                print_block(r.content, crtshId=certId, identifierType=identifierType)
+            )
+
+    print("static const DataAndLength " + args.listname + "[]= {")
+    for structName in blocks:
+        if len(structName) < 33:
+            print("  { " + "{name}, sizeof({name}) ".format(name=structName) + "},")
+        else:
+            print("  { " + "{},".format(structName))
+            print("    sizeof({})".format(structName) + " },")
+    print("};")
diff --git a/security/manager/tools/crtshToIdentifyingStruct/requirements.txt b/security/manager/tools/crtshToIdentifyingStruct/requirements.txt
new file mode 100644
index 0000000000..c5c04ec1cc
--- /dev/null
+++ b/security/manager/tools/crtshToIdentifyingStruct/requirements.txt
@@ -0,0 +1,4 @@
+cryptography >= 1.8
+requests >= 2.0
+pyasn1 >= 0.3
+pyasn1_modules >= 0.1
\ No newline at end of file
diff --git a/security/manager/tools/dumpGoogleRoots.js b/security/manager/tools/dumpGoogleRoots.js
new file mode 100644
index 0000000000..ab215e88e4
--- /dev/null
+++ b/security/manager/tools/dumpGoogleRoots.js
@@ -0,0 +1,96 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file is a helper script that generates the list of certificates that
+// make up the preloaded pinset for Google properties.
+//
+// How to run this file:
+// 1. [obtain firefox source code]
+// 2. [build/obtain firefox binaries]
+// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell dumpGoogleRoots.js'
+// 4. [paste the output into the appropriate section in
+//     security/manager/tools/PreloadedHPKPins.json]
+
+Services.prefs.setBoolPref("network.process.enabled", false);
+
+function downloadRoots() {
+  let req = new XMLHttpRequest();
+  req.open("GET", "https://pki.google.com/roots.pem", false);
+  try {
+    req.send();
+  } catch (e) {
+    throw new Error("ERROR: problem downloading Google Root PEMs: " + e);
+  }
+
+  if (req.status != 200) {
+    throw new Error(
+      "ERROR: problem downloading Google Root PEMs. Status: " + req.status
+    );
+  }
+
+  let pem = req.responseText;
+  let roots = [];
+  let currentPEM = "";
+  let readingRoot = false;
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  for (let line of pem.split(/[\r\n]/)) {
+    if (line == "-----END CERTIFICATE-----") {
+      if (currentPEM) {
+        roots.push(certDB.constructX509FromBase64(currentPEM));
+      }
+      currentPEM = "";
+      readingRoot = false;
+      continue;
+    }
+    if (readingRoot) {
+      currentPEM += line;
+    }
+    if (line == "-----BEGIN CERTIFICATE-----") {
+      readingRoot = true;
+    }
+  }
+  return roots;
+}
+
+function makeFormattedNickname(cert) {
+  if (cert.isBuiltInRoot) {
+    return `"${cert.displayName}"`;
+  }
+  // Otherwise, this isn't a built-in and we have to comment it out.
+  return `// "${cert.displayName}"`;
+}
+
+var roots = downloadRoots();
+var rootNicknames = [];
+for (var root of roots) {
+  rootNicknames.push(makeFormattedNickname(root));
+}
+rootNicknames.sort(function (rootA, rootB) {
+  let rootALowercase = rootA.toLowerCase().replace(/(^[^"]*")|"/g, "");
+  let rootBLowercase = rootB.toLowerCase().replace(/(^[^"]*")|"/g, "");
+  if (rootALowercase < rootBLowercase) {
+    return -1;
+  }
+  if (rootALowercase > rootBLowercase) {
+    return 1;
+  }
+  return 0;
+});
+dump("    {\n");
+dump('      "name": "google_root_pems",\n');
+dump('      "sha256_hashes": [\n');
+var first = true;
+for (var nickname of rootNicknames) {
+  if (!first) {
+    dump(",\n");
+  }
+  first = false;
+  dump("        " + nickname);
+}
+dump("\n");
+dump("      ]\n");
+dump("    }\n");
diff --git a/security/manager/tools/genRootCAHashes.js b/security/manager/tools/genRootCAHashes.js
new file mode 100644
index 0000000000..fbe6b847de
--- /dev/null
+++ b/security/manager/tools/genRootCAHashes.js
@@ -0,0 +1,273 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// How to run this file:
+// 1. [obtain firefox source code]
+// 2. [build/obtain firefox binaries]
+// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell genRootCAHashes.js \
+//                                  [absolute path to]/RootHashes.inc'
+
+const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
+const CertDb = Cc[nsX509CertDB].getService(Ci.nsIX509CertDB);
+
+const { FileUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/FileUtils.sys.mjs"
+);
+const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
+const { CommonUtils } = ChromeUtils.importESModule(
+  "resource://services-common/utils.sys.mjs"
+);
+
+const FILENAME_OUTPUT = "RootHashes.inc";
+const FILENAME_TRUST_ANCHORS = "KnownRootHashes.json";
+const ROOT_NOT_ASSIGNED = -1;
+
+const JSON_HEADER = `// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+//
+//***************************************************************************
+// This is an automatically generated file. It's used to maintain state for
+// runs of genRootCAHashes.js; you should never need to manually edit it
+//***************************************************************************
+
+// Notes:
+// binNumber 1 used to be for "GTE_CyberTrust_Global_Root", but that root was
+// removed from the built-in roots module, so now it is used to indicate that
+// the certificate is not a built-in and was found in the softoken (cert9.db).
+
+// binNumber 2 used to be for "Thawte_Server_CA", but that root was removed from
+// the built-in roots module, so now it is used to indicate that the certificate
+// is not a built-in and was found on an external PKCS#11 token.
+
+// binNumber 3 used to be for "Thawte_Premium_Server_CA", but that root was
+// removed from the built-in roots module, so now it is used to indicate that
+// the certificate is not a built-in and was temporarily imported from the OS as
+// part of the "Enterprise Roots" feature.
+
+`;
+
+const FILE_HEADER =
+  "/* This Source Code Form is subject to the terms of the Mozilla Public\n" +
+  " * License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
+  " * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n" +
+  "\n" +
+  "/*****************************************************************************/\n" +
+  "/* This is an automatically generated file. If you're not                    */\n" +
+  "/* RootCertificateTelemetryUtils.cpp, you shouldn't be #including it.        */\n" +
+  "/*****************************************************************************/\n" +
+  "\n" +
+  "#define HASH_LEN 32\n";
+
+const FP_PREAMBLE =
+  "struct CertAuthorityHash {\n" +
+  "  // See bug 1338873 about making these fields const.\n" +
+  "  uint8_t hash[HASH_LEN];\n" +
+  "  int32_t binNumber;\n" +
+  "};\n\n" +
+  "static const struct CertAuthorityHash ROOT_TABLE[] = {\n";
+
+const FP_POSTAMBLE = "};\n";
+
+// Helper
+function writeString(fos, string) {
+  fos.write(string, string.length);
+}
+
+// Remove all colons from a string
+function stripColons(hexString) {
+  return hexString.replace(/:/g, "");
+}
+
+// Expect an array of bytes and make it C-formatted
+function hexSlice(bytes, start, end) {
+  let ret = "";
+  for (let i = start; i < end; i++) {
+    let hex = (0 + bytes.charCodeAt(i).toString(16)).slice(-2).toUpperCase();
+    ret += "0x" + hex;
+    if (i < end - 1) {
+      ret += ", ";
+    }
+  }
+  return ret;
+}
+
+function stripComments(buf) {
+  let lines = buf.split("\n");
+  let entryRegex = /^\s*\/\//;
+  let data = "";
+  for (let i = 0; i < lines.length; i++) {
+    let match = entryRegex.exec(lines[i]);
+    if (!match) {
+      data = data + lines[i];
+    }
+  }
+  return data;
+}
+
+// Load the trust anchors JSON object from disk
+function loadTrustAnchors(file) {
+  if (file.exists()) {
+    let stream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+      Ci.nsIFileInputStream
+    );
+    stream.init(file, -1, 0, 0);
+    let buf = NetUtil.readInputStreamToString(stream, stream.available());
+    return JSON.parse(stripComments(buf));
+  }
+  // If there's no input file, bootstrap.
+  return { roots: [], maxBin: 0 };
+}
+
+// Saves our persistence file so that we don't lose track of the mapping
+// between bin numbers and the CA-hashes, even as CAs come and go.
+function writeTrustAnchors(file) {
+  let fos = FileUtils.openSafeFileOutputStream(file);
+
+  let serializedData = JSON.stringify(gTrustAnchors, null, "  ");
+  fos.write(JSON_HEADER, JSON_HEADER.length);
+  fos.write(serializedData, serializedData.length);
+
+  FileUtils.closeSafeFileOutputStream(fos);
+}
+
+// Write the C++ header file
+function writeRootHashes(fos) {
+  try {
+    writeString(fos, FILE_HEADER);
+
+    // Output the sorted gTrustAnchors
+    writeString(fos, FP_PREAMBLE);
+    gTrustAnchors.roots.forEach(function (fp) {
+      let fpBytes = atob(fp.sha256Fingerprint);
+
+      writeString(fos, "  {\n");
+      writeString(fos, "    /* " + fp.label + " */\n");
+      writeString(fos, "    { " + hexSlice(fpBytes, 0, 16) + ",\n");
+      writeString(fos, "      " + hexSlice(fpBytes, 16, 32) + " },\n");
+      writeString(fos, "      " + fp.binNumber + " /* Bin Number */\n");
+
+      writeString(fos, "  },\n");
+    });
+    writeString(fos, FP_POSTAMBLE);
+
+    writeString(fos, "\n");
+  } catch (e) {
+    dump("ERROR: problem writing output: " + e + "\n");
+  }
+}
+
+// Scan our list (linearly) for the given fingerprint string
+function findTrustAnchorByFingerprint(sha256Fingerprint) {
+  for (let i = 0; i < gTrustAnchors.roots.length; i++) {
+    if (sha256Fingerprint == gTrustAnchors.roots[i].sha256Fingerprint) {
+      return i;
+    }
+  }
+  return ROOT_NOT_ASSIGNED;
+}
+
+// Get a clean label for a given certificate; usually the common name.
+function getLabelForCert(cert) {
+  let label = cert.commonName;
+
+  if (label.length < 5) {
+    label = cert.subjectName;
+  }
+
+  // replace non-ascii characters
+  label = label.replace(/[^[:ascii:]]/g, "_");
+  // replace non-word characters
+  label = label.replace(/[^A-Za-z0-9]/g, "_");
+  return label;
+}
+
+// Fill in the gTrustAnchors list with trust anchors from the database.
+function insertTrustAnchorsFromDatabase() {
+  // We only want CA certs for SSL
+  const CERT_TYPE = Ci.nsIX509Cert.CA_CERT;
+  const TRUST_TYPE = Ci.nsIX509CertDB.TRUSTED_SSL;
+
+  // Iterate through the whole Cert DB
+  for (let cert of CertDb.getCerts()) {
+    // Find the certificate in our existing list. Do it here because we need to check if
+    // it's untrusted too.
+
+    // If this is a trusted cert
+    if (CertDb.isCertTrusted(cert, CERT_TYPE, TRUST_TYPE)) {
+      // Base64 encode the hex string
+      let binaryFingerprint = CommonUtils.hexToBytes(
+        stripColons(cert.sha256Fingerprint)
+      );
+      let encodedFingerprint = btoa(binaryFingerprint);
+
+      // Scan to see if this is already in the database.
+      if (
+        findTrustAnchorByFingerprint(encodedFingerprint) == ROOT_NOT_ASSIGNED
+      ) {
+        // Let's get a usable name; some old certs do not have CN= filled out
+        let label = getLabelForCert(cert);
+
+        // Add to list
+        gTrustAnchors.maxBin += 1;
+        gTrustAnchors.roots.push({
+          label,
+          binNumber: gTrustAnchors.maxBin,
+          sha256Fingerprint: encodedFingerprint,
+        });
+      }
+    }
+  }
+}
+
+//
+//  PRIMARY LOGIC
+//
+
+if (arguments.length != 1) {
+  throw new Error(
+    "Usage: genRootCAHashes.js <absolute path to current RootHashes.inc>"
+  );
+}
+
+var trustAnchorsFile = new FileUtils.File(
+  PathUtils.join(
+    Services.dirsvc.get("CurWorkD", Ci.nsIFile).path,
+    FILENAME_TRUST_ANCHORS
+  )
+);
+var rootHashesFile = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+rootHashesFile.initWithPath(arguments[0]);
+
+// Open the known hashes file; this is to ensure stable bin numbers.
+var gTrustAnchors = loadTrustAnchors(trustAnchorsFile);
+
+// Collect all certificate entries
+insertTrustAnchorsFromDatabase();
+
+// Update known hashes before we sort
+writeTrustAnchors(trustAnchorsFile);
+
+// Sort all trust anchors before writing, as AccumulateRootCA.cpp
+// will perform binary searches
+gTrustAnchors.roots.sort(function (a, b) {
+  // We need to work from the binary values, not the base64 values.
+  let aBin = atob(a.sha256Fingerprint);
+  let bBin = atob(b.sha256Fingerprint);
+
+  if (aBin < bBin) {
+    return -1;
+  }
+  if (aBin > bBin) {
+    return 1;
+  }
+  return 0;
+});
+
+// Write the output file.
+var rootHashesFileOutputStream =
+  FileUtils.openSafeFileOutputStream(rootHashesFile);
+writeRootHashes(rootHashesFileOutputStream);
+FileUtils.closeSafeFileOutputStream(rootHashesFileOutputStream);
diff --git a/security/manager/tools/getCTKnownLogs.py b/security/manager/tools/getCTKnownLogs.py
new file mode 100755
index 0000000000..677791bffd
--- /dev/null
+++ b/security/manager/tools/getCTKnownLogs.py
@@ -0,0 +1,330 @@
+#!/usr/bin/env python
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Parses a JSON file listing the known Certificate Transparency logs
+(log_list.json) and generates a C++ header file to be included in Firefox.
+
+The current log_list.json file available under security/manager/tools
+was originally downloaded from
+https://www.certificate-transparency.org/known-logs
+and edited to include the disqualification time for the disqualified logs using
+https://cs.chromium.org/chromium/src/net/cert/ct_known_logs_static-inc.h
+"""
+
+import argparse
+import base64
+import datetime
+import json
+import os.path
+import sys
+import textwrap
+from string import Template
+
+import six
+import urllib3
+
+
+def decodebytes(s):
+    if six.PY3:
+        return base64.decodebytes(six.ensure_binary(s))
+    return base64.decodestring(s)
+
+
+OUTPUT_TEMPLATE = """\
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file was automatically generated by $prog. */
+
+#ifndef $include_guard
+#define $include_guard
+
+#include "CTLog.h"
+
+#include <stddef.h>
+
+struct CTLogInfo
+{
+  // See bug 1338873 about making these fields const.
+  const char* name;
+  // Index within kCTLogOperatorList.
+  mozilla::ct::CTLogStatus status;
+  // 0 for qualified logs, disqualification time for disqualified logs
+  // (in milliseconds, measured since the epoch, ignoring leap seconds).
+  uint64_t disqualificationTime;
+  size_t operatorIndex;
+  const char* key;
+  size_t keyLength;
+};
+
+struct CTLogOperatorInfo
+{
+  // See bug 1338873 about making these fields const.
+  const char* name;
+  mozilla::ct::CTLogOperatorId id;
+};
+
+const CTLogInfo kCTLogList[] = {
+$logs
+};
+
+const CTLogOperatorInfo kCTLogOperatorList[] = {
+$operators
+};
+
+#endif // $include_guard
+"""
+
+
+def get_disqualification_time(time_str):
+    """
+    Convert a time string such as "2017-01-01T00:00:00Z" to an integer
+    representing milliseconds since the epoch.
+    Timezones in the string are not supported and will result in an exception.
+    """
+    t = datetime.datetime.strptime(time_str, "%Y-%m-%dT%H:%M:%SZ")
+    epoch = datetime.datetime.utcfromtimestamp(0)
+    seconds_since_epoch = (t - epoch).total_seconds()
+    return int(seconds_since_epoch * 1000)
+
+
+def get_hex_lines(blob, width):
+    """Convert a binary string to a multiline text of C escape sequences."""
+    text = "".join(["\\x{:02x}".format(c) for c in blob])
+    # When escaped, a single byte takes 4 chars (e.g. "\x00").
+    # Make sure we don't break an escaped byte between the lines.
+    return textwrap.wrap(text, width - width % 4)
+
+
+def get_operator_index(json_data, target_name):
+    """Return operator's entry from the JSON along with its array index."""
+    matches = [
+        (operator, index)
+        for (index, operator) in enumerate(json_data["operators"])
+        if operator["name"] == target_name
+    ]
+    assert len(matches) != 0, "No operators with id {0} defined.".format(target_name)
+    assert len(matches) == 1, "Found multiple operators with id {0}.".format(
+        target_name
+    )
+    return matches[0][1]
+
+
+def get_log_info_structs(json_data):
+    """Return array of CTLogInfo initializers for the known logs."""
+    tmpl = Template(
+        textwrap.dedent(
+            """\
+          { $description,
+            $status,
+            $disqualification_time, // $disqualification_time_comment
+            $operator_index, // $operator_comment
+        $indented_log_key,
+            $log_key_len }"""
+        )
+    )
+    initializers = []
+    for operator in json_data["operators"]:
+        operator_name = operator["name"]
+        for log in operator["logs"]:
+            log_key = decodebytes(log["key"])
+            operator_index = get_operator_index(json_data, operator_name)
+            if "disqualification_time" in log:
+                status = "mozilla::ct::CTLogStatus::Disqualified"
+                disqualification_time = get_disqualification_time(
+                    log["disqualification_time"]
+                )
+                disqualification_time_comment = 'Date.parse("{0}")'.format(
+                    log["disqualification_time"]
+                )
+            else:
+                status = "mozilla::ct::CTLogStatus::Included"
+                disqualification_time = 0
+                disqualification_time_comment = "no disqualification time"
+            is_test_log = "test_only" in operator and operator["test_only"]
+            prefix = ""
+            suffix = ","
+            if is_test_log:
+                prefix = "#ifdef DEBUG\n"
+                suffix = ",\n#endif // DEBUG"
+            toappend = tmpl.substitute(
+                # Use json.dumps for C-escaping strings.
+                # Not perfect but close enough.
+                description=json.dumps(log["description"]),
+                operator_index=operator_index,
+                operator_comment="operated by {0}".
+                # The comment must not contain "/".
+                format(operator_name).replace("/", "|"),
+                status=status,
+                disqualification_time=disqualification_time,
+                disqualification_time_comment=disqualification_time_comment,
+                # Maximum line width is 80.
+                indented_log_key="\n".join(
+                    ['    "{0}"'.format(l) for l in get_hex_lines(log_key, 74)]
+                ),
+                log_key_len=len(log_key),
+            )
+            initializers.append(prefix + toappend + suffix)
+    return initializers
+
+
+def get_log_operator_structs(json_data):
+    """Return array of CTLogOperatorInfo initializers."""
+    tmpl = Template("  { $name, $id }")
+    initializers = []
+    currentId = 0
+    for operator in json_data["operators"]:
+        prefix = ""
+        suffix = ","
+        is_test_log = "test_only" in operator and operator["test_only"]
+        if is_test_log:
+            prefix = "#ifdef DEBUG\n"
+            suffix = ",\n#endif // DEBUG"
+        toappend = tmpl.substitute(name=json.dumps(operator["name"]), id=currentId)
+        currentId += 1
+        initializers.append(prefix + toappend + suffix)
+    return initializers
+
+
+def generate_cpp_header_file(json_data, out_file):
+    """Generate the C++ header file for the known logs."""
+    filename = os.path.basename(out_file.name)
+    include_guard = filename.replace(".", "_").replace("/", "_")
+    log_info_initializers = get_log_info_structs(json_data)
+    operator_info_initializers = get_log_operator_structs(json_data)
+    out_file.write(
+        Template(OUTPUT_TEMPLATE).substitute(
+            prog=os.path.basename(sys.argv[0]),
+            include_guard=include_guard,
+            logs="\n".join(log_info_initializers),
+            operators="\n".join(operator_info_initializers),
+        )
+    )
+
+
+def patch_in_test_logs(json_data):
+    """Insert Mozilla-specific test log data."""
+    max_id = len(json_data["operators"])
+    mozilla_test_operator_1 = {
+        "name": "Mozilla Test Org 1",
+        "id": max_id + 1,
+        "test_only": True,
+        "logs": [
+            {
+                "description": "Mozilla Test RSA Log 1",
+                # `openssl x509 -noout -pubkey -in <path/to/default-ee.pem>`
+                "key": """
+            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+            ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+            h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+            cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+            OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+            tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+            jQIDAQAB
+        """,
+                "operated_by": [max_id + 1],
+            },
+            {
+                "description": "Mozilla Test EC Log",
+                # `openssl x509 -noout -pubkey -in <path/to/root_secp256r1_256.pem`
+                "key": """
+            MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE4uwFC0I+
+            PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqmwA==
+        """,
+                "operated_by": [max_id + 1],
+            },
+        ],
+    }
+    mozilla_test_operator_2 = {
+        "name": "Mozilla Test Org 2",
+        "id": max_id + 2,
+        "test_only": True,
+        "logs": [
+            {
+                "description": "Mozilla Test RSA Log 2",
+                # `openssl x509 -noout -pubkey -in <path/to/other-test-ca.pem>`
+                "key": """
+            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2
+            w39c5TiwbErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTE
+            SDMF5ROMAQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw
+            7JjM5AqlkdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1C
+            aQiICBFCIGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVO
+            gys1uJMPdLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjT
+            uwIDAQAB
+        """,
+                "operated_by": [max_id + 2],
+            }
+        ],
+    }
+    json_data["operators"].append(mozilla_test_operator_1)
+    json_data["operators"].append(mozilla_test_operator_2)
+
+
+def run(args):
+    """
+    Load the input JSON file and generate the C++ header according to the
+    command line arguments.
+    """
+    if args.file:
+        print("Reading file: ", args.file)
+        with open(args.file, "rb") as json_file:
+            json_text = json_file.read()
+    elif args.url:
+        print("Fetching URL: ", args.url)
+        json_request = urllib3.urlopen(args.url)
+        try:
+            json_text = json_request.read()
+        finally:
+            json_request.close()
+
+    json_data = json.loads(json_text)
+
+    print("Writing output: ", args.out)
+
+    patch_in_test_logs(json_data)
+
+    with open(args.out, "w") as out_file:
+        generate_cpp_header_file(json_data, out_file)
+
+    print("Done.")
+
+
+def parse_arguments_and_run():
+    """Parse the command line arguments and run the program."""
+    arg_parser = argparse.ArgumentParser(
+        description="Parses a JSON file listing the known "
+        "Certificate Transparency logs and generates "
+        "a C++ header file to be included in Firefox.",
+        epilog="Example: python %s --url" % os.path.basename(sys.argv[0]),
+    )
+
+    source_group = arg_parser.add_mutually_exclusive_group(required=True)
+    source_group.add_argument(
+        "--file",
+        nargs="?",
+        const="log_list.json",
+        help="Read the known CT logs JSON data from the "
+        "specified local file (%(const)s by default).",
+    )
+    source_group.add_argument(
+        "--url", help="Download the known CT logs JSON file " "from the specified URL."
+    )
+
+    arg_parser.add_argument(
+        "--out",
+        default="../../certverifier/CTKnownLogs.h",
+        help="Path and filename of the header file "
+        "to be generated. Defaults to %(default)s",
+    )
+
+    run(arg_parser.parse_args())
+
+
+if __name__ == "__main__":
+    parse_arguments_and_run()
diff --git a/security/manager/tools/log_list.json b/security/manager/tools/log_list.json
new file mode 100644
index 0000000000..39c0952634
--- /dev/null
+++ b/security/manager/tools/log_list.json
@@ -0,0 +1,403 @@
+{
+  "version": "20.36",
+  "log_list_timestamp": "2023-04-11T12:55:27Z",
+  "operators": [
+    {
+      "name": "Google",
+      "email": [
+        "google-ct-logs@googlegroups.com"
+      ],
+      "logs": [
+        {
+          "description": "Google 'Argon2023' log",
+          "log_id": "6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0GvW4=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0JCPZFJOQqyEti5M8j13ALN3CAVHqkVM4yyOcKWCu2yye5yYeqDpEXYoALIgtM3TmHtNlifmt+4iatGwLpF3eA==",
+          "url": "https://ct.googleapis.com/logs/argon2023/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2019-12-17T18:38:01Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-01-01T00:00:00Z",
+            "end_exclusive": "2024-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "Google 'Argon2024' log",
+          "log_id": "7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZs=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHblsqctplMVc5ramA7vSuNxUQxcomQwGAVAdnWTAWUYr3MgDHQW0LagJ95lB7QT75Ve6JgT2EVLOFGU7L3YrwA==",
+          "url": "https://ct.googleapis.com/logs/us1/argon2024/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-01T18:54:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2024-01-01T00:00:00Z",
+            "end_exclusive": "2025-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "Google 'Xenon2023' log",
+          "log_id": "rfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgoo=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEchY+C+/vzj5g3ZXLY3q5qY1Kb2zcYYCmRV4vg6yU84WI0KV00HuO/8XuQqLwLZPjwtCymeLhQunSxgAnaXSuzg==",
+          "url": "https://ct.googleapis.com/logs/xenon2023/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2019-12-17T18:38:01Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-01-01T00:00:00Z",
+            "end_exclusive": "2024-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "Google 'Xenon2024' log",
+          "log_id": "dv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQ=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuWDgNB415GUAk0+QCb1a7ETdjA/O7RE+KllGmjG2x5n33O89zY+GwjWlPtwpurvyVOKoDIMIUQbeIW02UI44TQ==",
+          "url": "https://ct.googleapis.com/logs/eu1/xenon2024/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-01T18:54:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2024-01-01T00:00:00Z",
+            "end_exclusive": "2025-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "Google 'Icarus' log",
+          "log_id": "KTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9Hg=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETtK8v7MICve56qTHHDhhBOuV4IlUaESxZryCfk9QbG9co/CqPvTsgPDbCpp6oFtyAHwlDhnvr7JijXRD9Cb2FA==",
+          "url": "https://ct.googleapis.com/icarus/",
+          "mmd": 86400,
+          "state": {
+            "retired": {
+              "timestamp": "2022-09-15T00:00:00Z"
+            }
+          }
+        },
+        {
+          "description": "Google 'Pilot' log",
+          "log_id": "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",
+          "url": "https://ct.googleapis.com/pilot/",
+          "mmd": 86400,
+          "state": {
+            "retired": {
+              "timestamp": "2022-09-15T00:00:00Z"
+            }
+          }
+        },
+        {
+          "description": "Google 'Rocketeer' log",
+          "log_id": "7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/cs=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==",
+          "url": "https://ct.googleapis.com/rocketeer/",
+          "mmd": 86400,
+          "state": {
+            "retired": {
+              "timestamp": "2022-09-15T00:00:00Z"
+            }
+          }
+        },
+        {
+          "description": "Google 'Skydiver' log",
+          "log_id": "u9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YU=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEmyGDvYXsRJsNyXSrYc9DjHsIa2xzb4UR7ZxVoV6mrc9iZB7xjI6+NrOiwH+P/xxkRmOFG6Jel20q37hTh58rA==",
+          "url": "https://ct.googleapis.com/skydiver/",
+          "mmd": 86400,
+          "state": {
+            "retired": {
+              "timestamp": "2022-09-15T00:00:00Z"
+            }
+          }
+        }
+      ]
+    },
+    {
+      "name": "Cloudflare",
+      "email": [
+        "ct-logs@cloudflare.com",
+        "brendan@cloudflare.com",
+        "nick@cloudflare.com",
+        "pat@cloudflare.com",
+        "zi@cloudflare.com",
+        "ivan@cloudflare.com"
+      ],
+      "logs": [
+        {
+          "description": "Cloudflare 'Nimbus2023' Log",
+          "log_id": "ejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61I=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEi/8tkhjLRp0SXrlZdTzNkTd6HqmcmXiDJz3fAdWLgOhjmv4mohvRhwXul9bgW0ODgRwC9UGAgH/vpGHPvIS1qA==",
+          "url": "https://ct.cloudflare.com/logs/nimbus2023/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2019-10-31T19:22:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-01-01T00:00:00Z",
+            "end_exclusive": "2024-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "Cloudflare 'Nimbus2024' Log",
+          "log_id": "2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6s=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEd7Gbe4/mizX+OpIpLayKjVGKJfyTttegiyk3cR0zyswz6ii5H+Ksw6ld3Ze+9p6UJd02gdHrXSnDK0TxW8oVSA==",
+          "url": "https://ct.cloudflare.com/logs/nimbus2024/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-30T17:00:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2024-01-01T00:00:00Z",
+            "end_exclusive": "2025-01-01T00:00:00Z"
+          }
+        }
+      ]
+    },
+    {
+      "name": "DigiCert",
+      "email": [
+        "ctops@digicert.com"
+      ],
+      "logs": [
+        {
+          "description": "DigiCert Yeti2023 Log",
+          "log_id": "Nc8ZG7+xbFe/D61MbULLu7YnICZR6j/hKu+oA8M71kw=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfQ0DsdWYitzwFTvG3F4Nbj8Nv5XIVYzQpkyWsU4nuSYlmcwrAp6m092fsdXEw6w1BAeHlzaqrSgNfyvZaJ9y0Q==",
+          "url": "https://yeti2023.ct.digicert.com/log/",
+          "mmd": 86400,
+          "state": {
+            "retired": {
+              "timestamp": "2022-09-29T00:00:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-01-01T00:00:00Z",
+            "end_exclusive": "2024-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "DigiCert Yeti2024 Log",
+          "log_id": "SLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHM=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEV7jBbzCkfy7k8NDZYGITleN6405Tw7O4c4XBGA0jDliE0njvm7MeLBrewY+BGxlEWLcAd2AgGnLYgt6unrHGSw==",
+          "url": "https://yeti2024.ct.digicert.com/log/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-01T18:54:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2024-01-01T00:00:00Z",
+            "end_exclusive": "2025-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "DigiCert Yeti2025 Log",
+          "log_id": "fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebg=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE35UAXhDBAfc34xB00f+yypDtMplfDDn+odETEazRs3OTIMITPEy1elKGhj3jlSR82JGYSDvw8N8h8bCBWlklQw==",
+          "url": "https://yeti2025.ct.digicert.com/log/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-01T18:54:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2025-01-01T00:00:00Z",
+            "end_exclusive": "2026-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "DigiCert Nessie2023 Log",
+          "log_id": "s3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZo=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXu8iQwSCRSf2CbITGpUpBtFVt8+I0IU0d1C36Lfe1+fbwdaI0Z5FktfM2fBoI1bXBd18k2ggKGYGgdZBgLKTg==",
+          "url": "https://nessie2023.ct.digicert.com/log/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2019-10-31T19:22:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-01-01T00:00:00Z",
+            "end_exclusive": "2024-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "DigiCert Nessie2024 Log",
+          "log_id": "c9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crU=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELfyieza/VpHp/j/oPfzDp+BhUuos6QWjnycXgQVwa4FhRIr4OxCAQu0DLwBQIfxBVISjVNUusnoWSyofK2YEKw==",
+          "url": "https://nessie2024.ct.digicert.com/log/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-01T18:54:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2024-01-01T00:00:00Z",
+            "end_exclusive": "2025-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "DigiCert Nessie2025 Log",
+          "log_id": "5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlA=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8vDwp4uBLgk5O59C2jhEX7TM7Ta72EN/FklXhwR/pQE09+hoP7d4H2BmLWeadYC3U6eF1byrRwZV27XfiKFvOA==",
+          "url": "https://nessie2025.ct.digicert.com/log/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-01T18:54:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2025-01-01T00:00:00Z",
+            "end_exclusive": "2026-01-01T00:00:00Z"
+          }
+        }
+      ]
+    },
+    {
+      "name": "Sectigo",
+      "email": [
+        "ctops@sectigo.com"
+      ],
+      "logs": [
+        {
+          "description": "Sectigo 'Sabre' CT log",
+          "log_id": "VYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0ww=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8m/SiQ8/xfiHHqtls9m7FyOMBg4JVZY9CgiixXGz0akvKD6DEL8S0ERmFe9U4ZiA0M4kbT5nmuk3I85Sk4bagA==",
+          "url": "https://sabre.ct.comodo.com/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2017-10-10T00:38:10Z"
+            }
+          }
+        },
+        {
+          "description": "Sectigo 'Mammoth' CT log",
+          "log_id": "b1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RM=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7+R9dC4VFbbpuyOL+yy14ceAmEf7QGlo/EmtYU6DRzwat43f/3swtLr/L8ugFOOt1YU/RFmMjGCL17ixv66MZw==",
+          "url": "https://mammoth.ct.comodo.com/",
+          "mmd": 86400,
+          "state": {
+            "retired": {
+              "timestamp": "2023-01-15T00:00:00Z"
+            }
+          }
+        }
+      ]
+    },
+    {
+      "name": "Let's Encrypt",
+      "email": [
+        "sre@letsencrypt.org"
+      ],
+      "logs": [
+        {
+          "description": "Let's Encrypt 'Oak2023' log",
+          "log_id": "tz77JN+cTbp18jnFulj0bF38Qs96nzXEnh0JgSXttJk=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsz0OeL7jrVxEXJu+o4QWQYLKyokXHiPOOKVUL3/TNFFquVzDSer7kZ3gijxzBp98ZTgRgMSaWgCmZ8OD74mFUQ==",
+          "url": "https://oak.ct.letsencrypt.org/2023/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2021-03-01T19:24:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-01-01T00:00:00Z",
+            "end_exclusive": "2024-01-07T00:00:00Z"
+          }
+        },
+        {
+          "description": "Let's Encrypt 'Oak2024H1' log",
+          "log_id": "O1N3dT4tuYBOizBbBv5AO2fYT8P0x70ADS1yb+H61Bc=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVkPXfnvUcre6qVG9NpO36bWSD+pet0Wjkv3JpTyArBog7yUvuOEg96g6LgeN5uuk4n0kY59Gv5RzUo2Wrqkm/Q==",
+          "url": "https://oak.ct.letsencrypt.org/2024h1/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-30T17:00:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-12-20T00:00:00Z",
+            "end_exclusive": "2024-07-20T00:00:00Z"
+          }
+        },
+        {
+          "description": "Let's Encrypt 'Oak2024H2' log",
+          "log_id": "PxdLT9ciR1iUHWUchL4NEu2QN38fhWrrwb8ohez4ZG4=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE13PWU0fp88nVfBbC1o9wZfryUTapE4Av7fmU01qL6E8zz8PTidRfWmaJuiAfccvKu5+f81wtHqOBWa+Ss20waA==",
+          "url": "https://oak.ct.letsencrypt.org/2024h2/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2022-11-30T17:00:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2024-06-20T00:00:00Z",
+            "end_exclusive": "2025-01-20T00:00:00Z"
+          }
+        }
+      ]
+    },
+    {
+      "name": "TrustAsia",
+      "email": [
+        "trustasia-ct-logs@trustasia.com"
+      ],
+      "logs": [
+        {
+          "description": "Trust Asia Log2023",
+          "log_id": "6H6nZgvCbPYALvVyXT/g4zG5OTu5L79Y6zuQSdr1Q1o=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpBFS2xdBTpDUVlESMFL4mwPPTJ/4Lji18Vq6+ji50o8agdqVzDPsIShmxlY+YDYhINnUrF36XBmhBX3+ICP89Q==",
+          "url": "https://ct.trustasia.com/log2023/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2021-03-01T19:24:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2023-01-01T00:00:00Z",
+            "end_exclusive": "2024-01-01T00:00:00Z"
+          }
+        },
+        {
+          "description": "Trust Asia Log2024-2",
+          "log_id": "h0+1DcAp2ZMd5XPp8omejkUzs5LTiwpGJXS/D+6y/B4=",
+          "key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEp2TieYE/YdfsxvhlKB2gtGYzwyXVCpV4nI/+pCrYj35y4P6of/ixLYXAjhJ0DS+Mq9d/eh7ZhDM56P2JX5ZICA==",
+          "url": "https://ct2024.trustasia.com/log2024/",
+          "mmd": 86400,
+          "state": {
+            "usable": {
+              "timestamp": "2023-02-03T08:00:00Z"
+            }
+          },
+          "temporal_interval": {
+            "start_inclusive": "2024-01-01T00:00:00Z",
+            "end_exclusive": "2025-01-01T00:00:00Z"
+          }
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/security/manager/tools/mach_commands.py b/security/manager/tools/mach_commands.py
new file mode 100644
index 0000000000..e543821dbe
--- /dev/null
+++ b/security/manager/tools/mach_commands.py
@@ -0,0 +1,129 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import os
+
+from mach.decorators import Command, CommandArgument
+from mach.util import UserError
+from mozpack.files import FileFinder
+from mozpack.path import basedir
+
+
+def run_module_main_on(module, input_filename, output_is_binary):
+    """Run the given module (pycert or pykey) on the given
+    file."""
+    # By convention, the specification files have names of the form
+    # "name.ext.*spec", where "ext" is some extension, and the "*" in
+    # "*spec" identifies what kind of specification it represents
+    # (certspec or keyspec). Taking off the ".*spec" part results in the
+    # desired filename for this file.
+    output_filename = os.path.splitext(input_filename)[0]
+    mode = "w"
+    encoding = "utf-8"
+    newline = "\n"
+    if output_is_binary:
+        mode = "wb"
+        encoding = None
+        newline = None
+    with open(output_filename, mode=mode, encoding=encoding, newline=newline) as output:
+        module.main(output, input_filename)
+
+
+def is_certspec_file(filename):
+    """Returns True if the given filename is a certificate
+    specification file (.certspec) and False otherwise."""
+    return filename.endswith(".certspec")
+
+
+def is_keyspec_file(filename):
+    """Returns True if the given filename is a key specification
+    file (.keyspec) and False otherwise."""
+    return filename.endswith(".keyspec")
+
+
+def is_pkcs12spec_file(filename):
+    """Returns True if the given filename is a pkcs12
+    specification file (.pkcs12spec) and False otherwise."""
+    return filename.endswith(".pkcs12spec")
+
+
+def is_specification_file(filename):
+    """Returns True if the given filename is a specification
+    file supported by this script, and False otherewise."""
+    return (
+        is_certspec_file(filename)
+        or is_keyspec_file(filename)
+        or is_pkcs12spec_file(filename)
+    )
+
+
+def is_excluded_directory(directory, exclusions):
+    """Returns True if the given directory is in or is a
+    subdirectory of a directory in the list of exclusions and
+    False otherwise."""
+
+    for exclusion in exclusions:
+        if directory.startswith(exclusion):
+            return True
+    return False
+
+
+@Command(
+    "generate-test-certs",
+    category="devenv",
+    description="Generate test certificates and keys from specifications.",
+)
+@CommandArgument(
+    "specifications",
+    nargs="*",
+    help="Specification files for test certs. If omitted, all certs are regenerated.",
+)
+def generate_test_certs(command_context, specifications):
+    """Generate test certificates and keys from specifications."""
+    import pycert
+    import pykey
+    import pypkcs12
+
+    if not specifications:
+        specifications = find_all_specifications(command_context)
+
+    for specification in specifications:
+        output_is_binary = False
+        if is_certspec_file(specification):
+            module = pycert
+        elif is_keyspec_file(specification):
+            module = pykey
+        elif is_pkcs12spec_file(specification):
+            module = pypkcs12
+            output_is_binary = True
+        else:
+            raise UserError(
+                "'{}' is not a .certspec, .keyspec, or .pkcs12spec file".format(
+                    specification
+                )
+            )
+        run_module_main_on(module, os.path.abspath(specification), output_is_binary)
+    return 0
+
+
+def find_all_specifications(command_context):
+    """Searches the source tree for all specification files
+    and returns them as a list."""
+    specifications = []
+    inclusions = [
+        "netwerk/test/unit",
+        "security/manager/ssl/tests",
+        "services/settings/test/unit/test_remote_settings_signatures",
+        "testing/xpcshell/moz-http2",
+        "toolkit/mozapps/extensions/test/xpcshell/data/productaddons",
+    ]
+    exclusions = ["security/manager/ssl/tests/unit/test_signed_apps"]
+    finder = FileFinder(command_context.topsrcdir)
+    for inclusion_path in inclusions:
+        for f, _ in finder.find(inclusion_path):
+            if basedir(f, exclusions):
+                continue
+            if is_specification_file(f):
+                specifications.append(os.path.join(command_context.topsrcdir, f))
+    return specifications
diff --git a/security/manager/tools/pycert.py b/security/manager/tools/pycert.py
new file mode 100755
index 0000000000..2fe90515e1
--- /dev/null
+++ b/security/manager/tools/pycert.py
@@ -0,0 +1,805 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a certificate specification from stdin or a file and outputs a
+signed x509 certificate with the desired properties.
+
+The input format is as follows:
+
+issuer:<issuer distinguished name specification>
+subject:<subject distinguished name specification>
+[version:{1,2,3,4}]
+[validity:<YYYYMMDD-YYYYMMDD|duration in days>]
+[issuerKey:<key specification>]
+[subjectKey:<key specification>]
+[signature:{sha256WithRSAEncryption,sha1WithRSAEncryption,
+            md5WithRSAEncryption,ecdsaWithSHA256,ecdsaWithSHA384,
+            ecdsaWithSHA512}]
+[serialNumber:<integer in the interval [1, 127]>]
+[extension:<extension name:<extension-specific data>>]
+[...]
+
+Known extensions are:
+basicConstraints:[cA],[pathLenConstraint]
+keyUsage:[digitalSignature,nonRepudiation,keyEncipherment,
+          dataEncipherment,keyAgreement,keyCertSign,cRLSign]
+extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection
+             nsSGC, # Netscape Server Gated Crypto
+             OCSPSigning,timeStamping]
+subjectAlternativeName:[<dNSName|directoryName|"ip4:"iPV4Address>,...]
+authorityInformationAccess:<OCSP URI>
+certificatePolicies:[<policy OID>,...]
+nameConstraints:{permitted,excluded}:[<dNSName|directoryName>,...]
+nsCertType:sslServer
+TLSFeature:[<TLSFeature>,...]
+embeddedSCTList:[<key specification>:<YYYYMMDD>,...]
+delegationUsage:
+
+Where:
+  [] indicates an optional field or component of a field
+  <> indicates a required component of a field
+  {} indicates a choice of exactly one value among a set of values
+  [a,b,c] indicates a list of potential values, of which zero or more
+          may be used
+
+For instance, the version field is optional. However, if it is
+specified, it must have exactly one value from the set {1,2,3,4}.
+
+Most fields have reasonable default values. By default one shared RSA
+key is used for all signatures and subject public key information
+fields. Using "issuerKey:<key specification>" or
+"subjectKey:<key specification>" causes a different key be used for
+signing or as the subject public key information field, respectively.
+See pykey.py for the list of available specifications.
+The signature algorithm is sha256WithRSAEncryption by default.
+
+The validity period may be specified as either concrete notBefore and
+notAfter values or as a validity period centered around 'now'. For the
+latter, this will result in a notBefore of 'now' - duration/2 and a
+notAfter of 'now' + duration/2.
+
+Issuer and subject distinguished name specifications are of the form
+'[stringEncoding]/C=XX/O=Example/CN=example.com'. C (country name), ST
+(state or province name), L (locality name), O (organization name), OU
+(organizational unit name), CN (common name) and emailAddress (email
+address) are currently supported. The optional stringEncoding field may
+be 'utf8String' or 'printableString'. If the given string does not
+contain a '/', it is assumed to represent a common name. If an empty
+string is provided, then an empty distinguished name is returned.
+DirectoryNames also use this format. When specifying a directoryName in
+a nameConstraints extension, the implicit form may not be used.
+
+If an extension name has '[critical]' after it, it will be marked as
+critical. Otherwise (by default), it will not be marked as critical.
+
+TLSFeature values can either consist of a named value (currently only
+'OCSPMustStaple' which corresponds to status_request) or a numeric TLS
+feature value (see rfc7633 for more information).
+
+If a serial number is not explicitly specified, it is automatically
+generated based on the contents of the certificate.
+"""
+
+import base64
+import datetime
+import hashlib
+import re
+import socket
+import sys
+from struct import pack
+
+import pyct
+import pykey
+import six
+from pyasn1.codec.der import decoder, encoder
+from pyasn1.type import constraint, tag, univ, useful
+from pyasn1_modules import rfc2459
+
+
+class Error(Exception):
+    """Base class for exceptions in this module."""
+
+    pass
+
+
+class UnknownBaseError(Error):
+    """Base class for handling unexpected input in this module."""
+
+    def __init__(self, value):
+        super(UnknownBaseError, self).__init__()
+        self.value = value
+        self.category = "input"
+
+    def __str__(self):
+        return 'Unknown %s type "%s"' % (self.category, repr(self.value))
+
+
+class UnknownAlgorithmTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown algorithm types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "algorithm"
+
+
+class UnknownParameterTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown input parameters."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "parameter"
+
+
+class UnknownExtensionTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown input extensions."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "extension"
+
+
+class UnknownKeyPurposeTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown key purposes."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "keyPurpose"
+
+
+class UnknownKeyTargetError(UnknownBaseError):
+    """Helper exception type to handle unknown key targets."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "key target"
+
+
+class UnknownVersionError(UnknownBaseError):
+    """Helper exception type to handle unknown specified versions."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "version"
+
+
+class UnknownNameConstraintsSpecificationError(UnknownBaseError):
+    """Helper exception type to handle unknown specified
+    nameConstraints."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "nameConstraints specification"
+
+
+class UnknownDNTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown DN types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "DN"
+
+
+class UnknownNSCertTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown nsCertType types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "nsCertType"
+
+
+class UnknownTLSFeature(UnknownBaseError):
+    """Helper exception type to handle unknown TLS Features."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "TLSFeature"
+
+
+class UnknownDelegatedCredentialError(UnknownBaseError):
+    """Helper exception type to handle unknown Delegated Credential args."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "delegatedCredential"
+
+
+class InvalidSCTSpecification(Error):
+    """Helper exception type to handle invalid SCT specifications."""
+
+    def __init__(self, value):
+        super(InvalidSCTSpecification, self).__init__()
+        self.value = value
+
+    def __str__(self):
+        return repr('invalid SCT specification "{}"' % self.value)
+
+
+class InvalidSerialNumber(Error):
+    """Exception type to handle invalid serial numbers."""
+
+    def __init__(self, value):
+        super(InvalidSerialNumber, self).__init__()
+        self.value = value
+
+    def __str__(self):
+        return repr(self.value)
+
+
+def getASN1Tag(asn1Type):
+    """Helper function for returning the base tag value of a given
+    type from the pyasn1 package"""
+    return asn1Type.tagSet.baseTag.tagId
+
+
+def stringToAccessDescription(string):
+    """Helper function that takes a string representing a URI
+    presumably identifying an OCSP authority information access
+    location. Returns an AccessDescription usable by pyasn1."""
+    accessMethod = rfc2459.id_ad_ocsp
+    accessLocation = rfc2459.GeneralName()
+    accessLocation["uniformResourceIdentifier"] = string
+    sequence = univ.Sequence()
+    sequence.setComponentByPosition(0, accessMethod)
+    sequence.setComponentByPosition(1, accessLocation)
+    return sequence
+
+
+def stringToDN(string, tag=None):
+    """Takes a string representing a distinguished name or directory
+    name and returns a Name for use by pyasn1. See the documentation
+    for the issuer and subject fields for more details. Takes an
+    optional implicit tag in cases where the Name needs to be tagged
+    differently."""
+    if string and "/" not in string:
+        string = "/CN=%s" % string
+    rdns = rfc2459.RDNSequence()
+    pattern = "/(C|ST|L|O|OU|CN|emailAddress)="
+    split = re.split(pattern, string)
+    # split should now be [[encoding], <type>, <value>, <type>, <value>, ...]
+    if split[0]:
+        encoding = split[0]
+    else:
+        encoding = "utf8String"
+    for pos, (nameType, value) in enumerate(zip(split[1::2], split[2::2])):
+        ava = rfc2459.AttributeTypeAndValue()
+        if nameType == "C":
+            ava["type"] = rfc2459.id_at_countryName
+            nameComponent = rfc2459.X520countryName(value)
+        elif nameType == "ST":
+            ava["type"] = rfc2459.id_at_stateOrProvinceName
+            nameComponent = rfc2459.X520StateOrProvinceName()
+        elif nameType == "L":
+            ava["type"] = rfc2459.id_at_localityName
+            nameComponent = rfc2459.X520LocalityName()
+        elif nameType == "O":
+            ava["type"] = rfc2459.id_at_organizationName
+            nameComponent = rfc2459.X520OrganizationName()
+        elif nameType == "OU":
+            ava["type"] = rfc2459.id_at_organizationalUnitName
+            nameComponent = rfc2459.X520OrganizationalUnitName()
+        elif nameType == "CN":
+            ava["type"] = rfc2459.id_at_commonName
+            nameComponent = rfc2459.X520CommonName()
+        elif nameType == "emailAddress":
+            ava["type"] = rfc2459.emailAddress
+            nameComponent = rfc2459.Pkcs9email(value)
+        else:
+            raise UnknownDNTypeError(nameType)
+        if not nameType == "C" and not nameType == "emailAddress":
+            # The value may have things like '\0' (i.e. a slash followed by
+            # the number zero) that have to be decoded into the resulting
+            # '\x00' (i.e. a byte with value zero).
+            nameComponent[encoding] = six.ensure_binary(value).decode(
+                encoding="unicode_escape"
+            )
+        ava["value"] = nameComponent
+        rdn = rfc2459.RelativeDistinguishedName()
+        rdn.setComponentByPosition(0, ava)
+        rdns.setComponentByPosition(pos, rdn)
+    if tag:
+        name = rfc2459.Name().subtype(implicitTag=tag)
+    else:
+        name = rfc2459.Name()
+    name.setComponentByPosition(0, rdns)
+    return name
+
+
+def stringToAlgorithmIdentifiers(string):
+    """Helper function that converts a description of an algorithm
+    to a representation usable by the pyasn1 package and a hash
+    algorithm constant for use by pykey."""
+    algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+    algorithmType = None
+    algorithm = None
+    # We add Null parameters for RSA only
+    addParameters = False
+    if string == "sha1WithRSAEncryption":
+        algorithmType = pykey.HASH_SHA1
+        algorithm = rfc2459.sha1WithRSAEncryption
+        addParameters = True
+    elif string == "sha256WithRSAEncryption":
+        algorithmType = pykey.HASH_SHA256
+        algorithm = univ.ObjectIdentifier("1.2.840.113549.1.1.11")
+        addParameters = True
+    elif string == "md5WithRSAEncryption":
+        algorithmType = pykey.HASH_MD5
+        algorithm = rfc2459.md5WithRSAEncryption
+        addParameters = True
+    elif string == "ecdsaWithSHA256":
+        algorithmType = pykey.HASH_SHA256
+        algorithm = univ.ObjectIdentifier("1.2.840.10045.4.3.2")
+    elif string == "ecdsaWithSHA384":
+        algorithmType = pykey.HASH_SHA384
+        algorithm = univ.ObjectIdentifier("1.2.840.10045.4.3.3")
+    elif string == "ecdsaWithSHA512":
+        algorithmType = pykey.HASH_SHA512
+        algorithm = univ.ObjectIdentifier("1.2.840.10045.4.3.4")
+    else:
+        raise UnknownAlgorithmTypeError(string)
+    algorithmIdentifier["algorithm"] = algorithm
+    if addParameters:
+        # Directly setting parameters to univ.Null doesn't currently work.
+        nullEncapsulated = encoder.encode(univ.Null())
+        algorithmIdentifier["parameters"] = univ.Any(nullEncapsulated)
+    return (algorithmIdentifier, algorithmType)
+
+
+def datetimeToTime(dt):
+    """Takes a datetime object and returns an rfc2459.Time object with
+    that time as its value as a GeneralizedTime"""
+    time = rfc2459.Time()
+    time["generalTime"] = useful.GeneralizedTime(dt.strftime("%Y%m%d%H%M%SZ"))
+    return time
+
+
+def serialBytesToString(serialBytes):
+    """Takes a list of integers in the interval [0, 255] and returns
+    the corresponding serial number string."""
+    serialBytesLen = len(serialBytes)
+    if serialBytesLen > 127:
+        raise InvalidSerialNumber("{} bytes is too long".format(serialBytesLen))
+    # Prepend the ASN.1 INTEGER tag and length bytes.
+    stringBytes = [getASN1Tag(univ.Integer), serialBytesLen] + serialBytes
+    return bytes(stringBytes)
+
+
+class Certificate(object):
+    """Utility class for reading a certificate specification and
+    generating a signed x509 certificate"""
+
+    def __init__(self, paramStream):
+        self.versionValue = 2  # a value of 2 is X509v3
+        self.signature = "sha256WithRSAEncryption"
+        self.issuer = "Default Issuer"
+        actualNow = datetime.datetime.utcnow()
+        self.now = datetime.datetime.strptime(str(actualNow.year), "%Y")
+        aYearAndAWhile = datetime.timedelta(days=400)
+        self.notBefore = self.now - aYearAndAWhile
+        self.notAfter = self.now + aYearAndAWhile
+        self.subject = "Default Subject"
+        self.extensions = None
+        # The serial number can be automatically generated from the
+        # certificate specification. We need this value to depend in
+        # part of what extensions are present. self.extensions are
+        # pyasn1 objects. Depending on the string representation of
+        # these objects can cause the resulting serial number to change
+        # unexpectedly, so instead we depend on the original string
+        # representation of the extensions as specified.
+        self.extensionLines = None
+        self.savedEmbeddedSCTListData = None
+        self.subjectKey = pykey.keyFromSpecification("default")
+        self.issuerKey = pykey.keyFromSpecification("default")
+        self.serialNumber = None
+        self.decodeParams(paramStream)
+        # If a serial number wasn't specified, generate one based on
+        # the certificate contents.
+        if not self.serialNumber:
+            self.serialNumber = self.generateSerialNumber()
+        # This has to be last because the SCT signature depends on the
+        # contents of the certificate.
+        if self.savedEmbeddedSCTListData:
+            self.addEmbeddedSCTListData()
+
+    def generateSerialNumber(self):
+        """Generates a serial number for this certificate based on its
+        contents. Intended to be reproducible for compatibility with
+        the build system on OS X (see the comment above main, later in
+        this file)."""
+        hasher = hashlib.sha256()
+        hasher.update(six.ensure_binary(str(self.versionValue)))
+        hasher.update(six.ensure_binary(self.signature))
+        hasher.update(six.ensure_binary(self.issuer))
+        hasher.update(six.ensure_binary(str(self.notBefore)))
+        hasher.update(six.ensure_binary(str(self.notAfter)))
+        hasher.update(six.ensure_binary(self.subject))
+        if self.extensionLines:
+            for extensionLine in self.extensionLines:
+                hasher.update(six.ensure_binary(extensionLine))
+        if self.savedEmbeddedSCTListData:
+            # savedEmbeddedSCTListData is
+            # (embeddedSCTListSpecification, critical), where |critical|
+            # may be None
+            hasher.update(six.ensure_binary(self.savedEmbeddedSCTListData[0]))
+            if self.savedEmbeddedSCTListData[1]:
+                hasher.update(six.ensure_binary(self.savedEmbeddedSCTListData[1]))
+        serialBytes = [c for c in hasher.digest()[:20]]
+        # Ensure that the most significant bit isn't set (which would
+        # indicate a negative number, which isn't valid for serial
+        # numbers).
+        serialBytes[0] &= 0x7F
+        # Also ensure that the least significant bit on the most
+        # significant byte is set (to prevent a leading zero byte,
+        # which also wouldn't be valid).
+        serialBytes[0] |= 0x01
+        return serialBytesToString(serialBytes)
+
+    def decodeParams(self, paramStream):
+        for line in paramStream.readlines():
+            self.decodeParam(line.strip())
+
+    def decodeParam(self, line):
+        param = line.split(":")[0]
+        value = ":".join(line.split(":")[1:])
+        if param == "version":
+            self.setVersion(value)
+        elif param == "subject":
+            self.subject = value
+        elif param == "issuer":
+            self.issuer = value
+        elif param == "validity":
+            self.decodeValidity(value)
+        elif param == "extension":
+            self.decodeExtension(value)
+        elif param == "issuerKey":
+            self.setupKey("issuer", value)
+        elif param == "subjectKey":
+            self.setupKey("subject", value)
+        elif param == "signature":
+            self.signature = value
+        elif param == "serialNumber":
+            serialNumber = int(value)
+            # Ensure only serial numbers that conform to the rules listed in
+            # generateSerialNumber() are permitted.
+            if serialNumber < 1 or serialNumber > 127:
+                raise InvalidSerialNumber(value)
+            self.serialNumber = serialBytesToString([serialNumber])
+        else:
+            raise UnknownParameterTypeError(param)
+
+    def setVersion(self, version):
+        intVersion = int(version)
+        if intVersion >= 1 and intVersion <= 4:
+            self.versionValue = intVersion - 1
+        else:
+            raise UnknownVersionError(version)
+
+    def decodeValidity(self, duration):
+        match = re.search("([0-9]{8})-([0-9]{8})", duration)
+        if match:
+            self.notBefore = datetime.datetime.strptime(match.group(1), "%Y%m%d")
+            self.notAfter = datetime.datetime.strptime(match.group(2), "%Y%m%d")
+        else:
+            delta = datetime.timedelta(days=(int(duration) / 2))
+            self.notBefore = self.now - delta
+            self.notAfter = self.now + delta
+
+    def decodeExtension(self, extension):
+        match = re.search(r"([a-zA-Z]+)(\[critical\])?:(.*)", extension)
+        if not match:
+            raise UnknownExtensionTypeError(extension)
+        extensionType = match.group(1)
+        critical = match.group(2)
+        value = match.group(3)
+        if extensionType == "basicConstraints":
+            self.addBasicConstraints(value, critical)
+        elif extensionType == "keyUsage":
+            self.addKeyUsage(value, critical)
+        elif extensionType == "extKeyUsage":
+            self.addExtKeyUsage(value, critical)
+        elif extensionType == "subjectAlternativeName":
+            self.addSubjectAlternativeName(value, critical)
+        elif extensionType == "authorityInformationAccess":
+            self.addAuthorityInformationAccess(value, critical)
+        elif extensionType == "certificatePolicies":
+            self.addCertificatePolicies(value, critical)
+        elif extensionType == "nameConstraints":
+            self.addNameConstraints(value, critical)
+        elif extensionType == "nsCertType":
+            self.addNSCertType(value, critical)
+        elif extensionType == "TLSFeature":
+            self.addTLSFeature(value, critical)
+        elif extensionType == "embeddedSCTList":
+            self.savedEmbeddedSCTListData = (value, critical)
+        elif extensionType == "delegationUsage":
+            self.addDelegationUsage(critical)
+        else:
+            raise UnknownExtensionTypeError(extensionType)
+
+        if extensionType != "embeddedSCTList":
+            if not self.extensionLines:
+                self.extensionLines = []
+            self.extensionLines.append(extension)
+
+    def setupKey(self, subjectOrIssuer, value):
+        if subjectOrIssuer == "subject":
+            self.subjectKey = pykey.keyFromSpecification(value)
+        elif subjectOrIssuer == "issuer":
+            self.issuerKey = pykey.keyFromSpecification(value)
+        else:
+            raise UnknownKeyTargetError(subjectOrIssuer)
+
+    def addExtension(self, extensionType, extensionValue, critical):
+        if not self.extensions:
+            self.extensions = []
+        encapsulated = univ.OctetString(encoder.encode(extensionValue))
+        extension = rfc2459.Extension()
+        extension["extnID"] = extensionType
+        # critical is either the string '[critical]' or None.
+        # We only care whether or not it is truthy.
+        if critical:
+            extension["critical"] = True
+        extension["extnValue"] = encapsulated
+        self.extensions.append(extension)
+
+    def addBasicConstraints(self, basicConstraints, critical):
+        cA = basicConstraints.split(",")[0]
+        pathLenConstraint = basicConstraints.split(",")[1]
+        basicConstraintsExtension = rfc2459.BasicConstraints()
+        basicConstraintsExtension["cA"] = cA == "cA"
+        if pathLenConstraint:
+            pathLenConstraintValue = univ.Integer(int(pathLenConstraint)).subtype(
+                subtypeSpec=constraint.ValueRangeConstraint(0, float("inf"))
+            )
+            basicConstraintsExtension["pathLenConstraint"] = pathLenConstraintValue
+        self.addExtension(
+            rfc2459.id_ce_basicConstraints, basicConstraintsExtension, critical
+        )
+
+    def addKeyUsage(self, keyUsage, critical):
+        keyUsageExtension = rfc2459.KeyUsage(keyUsage)
+        self.addExtension(rfc2459.id_ce_keyUsage, keyUsageExtension, critical)
+
+    def keyPurposeToOID(self, keyPurpose):
+        if keyPurpose == "serverAuth":
+            return rfc2459.id_kp_serverAuth
+        if keyPurpose == "clientAuth":
+            return rfc2459.id_kp_clientAuth
+        if keyPurpose == "codeSigning":
+            return rfc2459.id_kp_codeSigning
+        if keyPurpose == "emailProtection":
+            return rfc2459.id_kp_emailProtection
+        if keyPurpose == "nsSGC":
+            return univ.ObjectIdentifier("2.16.840.1.113730.4.1")
+        if keyPurpose == "OCSPSigning":
+            return univ.ObjectIdentifier("1.3.6.1.5.5.7.3.9")
+        if keyPurpose == "timeStamping":
+            return rfc2459.id_kp_timeStamping
+        raise UnknownKeyPurposeTypeError(keyPurpose)
+
+    def addExtKeyUsage(self, extKeyUsage, critical):
+        extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax()
+        for count, keyPurpose in enumerate(extKeyUsage.split(",")):
+            extKeyUsageExtension.setComponentByPosition(
+                count, self.keyPurposeToOID(keyPurpose)
+            )
+        self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension, critical)
+
+    def addSubjectAlternativeName(self, names, critical):
+        IPV4_PREFIX = "ip4:"
+
+        subjectAlternativeName = rfc2459.SubjectAltName()
+        for count, name in enumerate(names.split(",")):
+            generalName = rfc2459.GeneralName()
+            if "/" in name:
+                directoryName = stringToDN(
+                    name, tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)
+                )
+                generalName["directoryName"] = directoryName
+            elif "@" in name:
+                generalName["rfc822Name"] = name
+            elif name.startswith(IPV4_PREFIX):
+                generalName["iPAddress"] = socket.inet_pton(
+                    socket.AF_INET, name[len(IPV4_PREFIX) :]
+                )
+            else:
+                # The string may have things like '\0' (i.e. a slash
+                # followed by the number zero) that have to be decoded into
+                # the resulting '\x00' (i.e. a byte with value zero).
+                generalName["dNSName"] = six.ensure_binary(name).decode(
+                    "unicode_escape"
+                )
+            subjectAlternativeName.setComponentByPosition(count, generalName)
+        self.addExtension(
+            rfc2459.id_ce_subjectAltName, subjectAlternativeName, critical
+        )
+
+    def addAuthorityInformationAccess(self, ocspURI, critical):
+        sequence = univ.Sequence()
+        accessDescription = stringToAccessDescription(ocspURI)
+        sequence.setComponentByPosition(0, accessDescription)
+        self.addExtension(rfc2459.id_pe_authorityInfoAccess, sequence, critical)
+
+    def addCertificatePolicies(self, policyOIDs, critical):
+        policies = rfc2459.CertificatePolicies()
+        for pos, policyOID in enumerate(policyOIDs.split(",")):
+            if policyOID == "any":
+                policyOID = "2.5.29.32.0"
+            policy = rfc2459.PolicyInformation()
+            policyIdentifier = rfc2459.CertPolicyId(policyOID)
+            policy["policyIdentifier"] = policyIdentifier
+            policies.setComponentByPosition(pos, policy)
+        self.addExtension(rfc2459.id_ce_certificatePolicies, policies, critical)
+
+    def addNameConstraints(self, constraints, critical):
+        nameConstraints = rfc2459.NameConstraints()
+        if constraints.startswith("permitted:"):
+            (subtreesType, subtreesTag) = ("permittedSubtrees", 0)
+        elif constraints.startswith("excluded:"):
+            (subtreesType, subtreesTag) = ("excludedSubtrees", 1)
+        else:
+            raise UnknownNameConstraintsSpecificationError(constraints)
+        generalSubtrees = rfc2459.GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, subtreesTag
+            )
+        )
+        subtrees = constraints[(constraints.find(":") + 1) :]
+        for pos, name in enumerate(subtrees.split(",")):
+            generalName = rfc2459.GeneralName()
+            if "/" in name:
+                directoryName = stringToDN(
+                    name, tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)
+                )
+                generalName["directoryName"] = directoryName
+            else:
+                generalName["dNSName"] = name
+            generalSubtree = rfc2459.GeneralSubtree()
+            generalSubtree["base"] = generalName
+            generalSubtrees.setComponentByPosition(pos, generalSubtree)
+        nameConstraints[subtreesType] = generalSubtrees
+        self.addExtension(rfc2459.id_ce_nameConstraints, nameConstraints, critical)
+
+    def addNSCertType(self, certType, critical):
+        if certType != "sslServer":
+            raise UnknownNSCertTypeError(certType)
+        self.addExtension(
+            univ.ObjectIdentifier("2.16.840.1.113730.1.1"),
+            univ.BitString("'01'B"),
+            critical,
+        )
+
+    def addDelegationUsage(self, critical):
+        if critical:
+            raise UnknownDelegatedCredentialError(critical)
+        self.addExtension(
+            univ.ObjectIdentifier("1.3.6.1.4.1.44363.44"), univ.Null(), critical
+        )
+
+    def addTLSFeature(self, features, critical):
+        namedFeatures = {"OCSPMustStaple": 5}
+        featureList = [f.strip() for f in features.split(",")]
+        sequence = univ.Sequence()
+        for pos, feature in enumerate(featureList):
+            featureValue = 0
+            try:
+                featureValue = int(feature)
+            except ValueError:
+                try:
+                    featureValue = namedFeatures[feature]
+                except Exception:
+                    raise UnknownTLSFeature(feature)
+            sequence.setComponentByPosition(pos, univ.Integer(featureValue))
+        self.addExtension(
+            univ.ObjectIdentifier("1.3.6.1.5.5.7.1.24"), sequence, critical
+        )
+
+    def addEmbeddedSCTListData(self):
+        (scts, critical) = self.savedEmbeddedSCTListData
+        encodedSCTs = []
+        for sctSpec in scts.split(","):
+            match = re.search(r"(\w+):(\d{8})", sctSpec)
+            if not match:
+                raise InvalidSCTSpecification(sctSpec)
+            keySpec = match.group(1)
+            key = pykey.keyFromSpecification(keySpec)
+            time = datetime.datetime.strptime(match.group(2), "%Y%m%d")
+            tbsCertificate = self.getTBSCertificate()
+            tbsDER = encoder.encode(tbsCertificate)
+            sct = pyct.SCT(key, time, tbsDER, self.issuerKey)
+            signed = sct.signAndEncode()
+            lengthPrefix = pack("!H", len(signed))
+            encodedSCTs.append(lengthPrefix + signed)
+        encodedSCTBytes = b"".join(encodedSCTs)
+        lengthPrefix = pack("!H", len(encodedSCTBytes))
+        extensionBytes = lengthPrefix + encodedSCTBytes
+        self.addExtension(
+            univ.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.2"),
+            univ.OctetString(extensionBytes),
+            critical,
+        )
+
+    def getVersion(self):
+        return rfc2459.Version(self.versionValue).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)
+        )
+
+    def getSerialNumber(self):
+        return decoder.decode(self.serialNumber)[0]
+
+    def getIssuer(self):
+        return stringToDN(self.issuer)
+
+    def getValidity(self):
+        validity = rfc2459.Validity()
+        validity["notBefore"] = self.getNotBefore()
+        validity["notAfter"] = self.getNotAfter()
+        return validity
+
+    def getNotBefore(self):
+        return datetimeToTime(self.notBefore)
+
+    def getNotAfter(self):
+        return datetimeToTime(self.notAfter)
+
+    def getSubject(self):
+        return stringToDN(self.subject)
+
+    def getTBSCertificate(self):
+        (signatureOID, _) = stringToAlgorithmIdentifiers(self.signature)
+        tbsCertificate = rfc2459.TBSCertificate()
+        tbsCertificate["version"] = self.getVersion()
+        tbsCertificate["serialNumber"] = self.getSerialNumber()
+        tbsCertificate["signature"] = signatureOID
+        tbsCertificate["issuer"] = self.getIssuer()
+        tbsCertificate["validity"] = self.getValidity()
+        tbsCertificate["subject"] = self.getSubject()
+        tbsCertificate[
+            "subjectPublicKeyInfo"
+        ] = self.subjectKey.asSubjectPublicKeyInfo()
+        if self.extensions:
+            extensions = rfc2459.Extensions().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)
+            )
+            for count, extension in enumerate(self.extensions):
+                extensions.setComponentByPosition(count, extension)
+            tbsCertificate["extensions"] = extensions
+        return tbsCertificate
+
+    def toDER(self):
+        (signatureOID, hashAlgorithm) = stringToAlgorithmIdentifiers(self.signature)
+        certificate = rfc2459.Certificate()
+        tbsCertificate = self.getTBSCertificate()
+        certificate["tbsCertificate"] = tbsCertificate
+        certificate["signatureAlgorithm"] = signatureOID
+        tbsDER = encoder.encode(tbsCertificate)
+        certificate["signatureValue"] = self.issuerKey.sign(tbsDER, hashAlgorithm)
+        return encoder.encode(certificate)
+
+    def toPEM(self):
+        output = "-----BEGIN CERTIFICATE-----"
+        der = self.toDER()
+        b64 = six.ensure_text(base64.b64encode(der))
+        while b64:
+            output += "\n" + b64[:64]
+            b64 = b64[64:]
+        output += "\n-----END CERTIFICATE-----"
+        return output
+
+
+# The build harness will call this function with an output
+# file-like object and a path to a file containing a
+# specification. This will read the specification and output
+# the certificate as PEM.
+def main(output, inputPath):
+    with open(inputPath) as configStream:
+        output.write(Certificate(configStream).toPEM() + "\n")
+
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the certificate as PEM to stdout.
+if __name__ == "__main__":
+    print(Certificate(sys.stdin).toPEM())
diff --git a/security/manager/tools/pycms.py b/security/manager/tools/pycms.py
new file mode 100755
index 0000000000..1717513fdf
--- /dev/null
+++ b/security/manager/tools/pycms.py
@@ -0,0 +1,219 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a specification from stdin and outputs a PKCS7 (CMS) message with
+the desired properties.
+
+The specification format is as follows:
+
+sha1:<hex string>
+sha256:<hex string>
+signer:
+<pycert specification>
+
+Eith or both of sha1 and sha256 may be specified. The value of
+each hash directive is what will be put in the messageDigest
+attribute of the SignerInfo that corresponds to the signature
+algorithm defined by the hash algorithm and key type of the
+default key. Together, these comprise the signerInfos field of
+the SignedData. If neither hash is specified, the signerInfos
+will be an empty SET (i.e. there will be no actual signature
+information).
+The certificate specification must come last.
+"""
+
+import base64
+import sys
+from io import StringIO
+
+import pycert
+import pykey
+from pyasn1.codec.der import decoder, encoder
+from pyasn1.type import tag, univ
+from pyasn1_modules import rfc2315, rfc2459
+
+
+class Error(Exception):
+    """Base class for exceptions in this module."""
+
+    pass
+
+
+class UnknownDirectiveError(Error):
+    """Helper exception type to handle unknown specification
+    directives."""
+
+    def __init__(self, directive):
+        super(UnknownDirectiveError, self).__init__()
+        self.directive = directive
+
+    def __str__(self):
+        return "Unknown directive %s" % repr(self.directive)
+
+
+class CMS(object):
+    """Utility class for reading a CMS specification and
+    generating a CMS message"""
+
+    def __init__(self, paramStream):
+        self.sha1 = ""
+        self.sha256 = ""
+        signerSpecification = StringIO()
+        readingSignerSpecification = False
+        for line in paramStream.readlines():
+            if readingSignerSpecification:
+                print(line.strip(), file=signerSpecification)
+            elif line.strip() == "signer:":
+                readingSignerSpecification = True
+            elif line.startswith("sha1:"):
+                self.sha1 = line.strip()[len("sha1:") :]
+            elif line.startswith("sha256:"):
+                self.sha256 = line.strip()[len("sha256:") :]
+            else:
+                raise UnknownDirectiveError(line.strip())
+        signerSpecification.seek(0)
+        self.signer = pycert.Certificate(signerSpecification)
+        self.signingKey = pykey.keyFromSpecification("default")
+
+    def buildAuthenticatedAttributes(self, value, implicitTag=None):
+        """Utility function to build a pyasn1 AuthenticatedAttributes
+        object. Useful because when building a SignerInfo, the
+        authenticatedAttributes needs to be tagged implicitly, but when
+        signing an AuthenticatedAttributes, it needs the explicit SET
+        tag."""
+        if implicitTag:
+            authenticatedAttributes = rfc2315.Attributes().subtype(
+                implicitTag=implicitTag
+            )
+        else:
+            authenticatedAttributes = rfc2315.Attributes()
+        contentTypeAttribute = rfc2315.Attribute()
+        # PKCS#9 contentType
+        contentTypeAttribute["type"] = univ.ObjectIdentifier("1.2.840.113549.1.9.3")
+        contentTypeAttribute["values"] = univ.SetOf(rfc2459.AttributeValue())
+        # PKCS#7 data
+        contentTypeAttribute["values"][0] = univ.ObjectIdentifier(
+            "1.2.840.113549.1.7.1"
+        )
+        authenticatedAttributes[0] = contentTypeAttribute
+        hashAttribute = rfc2315.Attribute()
+        # PKCS#9 messageDigest
+        hashAttribute["type"] = univ.ObjectIdentifier("1.2.840.113549.1.9.4")
+        hashAttribute["values"] = univ.SetOf(rfc2459.AttributeValue())
+        hashAttribute["values"][0] = univ.OctetString(hexValue=value)
+        authenticatedAttributes[1] = hashAttribute
+        return authenticatedAttributes
+
+    def pykeyHashToDigestAlgorithm(self, pykeyHash):
+        """Given a pykey hash algorithm identifier, builds an
+        AlgorithmIdentifier for use with pyasn1."""
+        if pykeyHash == pykey.HASH_SHA1:
+            oidString = "1.3.14.3.2.26"
+        elif pykeyHash == pykey.HASH_SHA256:
+            oidString = "2.16.840.1.101.3.4.2.1"
+        else:
+            raise pykey.UnknownHashAlgorithmError(pykeyHash)
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier["algorithm"] = univ.ObjectIdentifier(oidString)
+        # Directly setting parameters to univ.Null doesn't currently work.
+        nullEncapsulated = encoder.encode(univ.Null())
+        algorithmIdentifier["parameters"] = univ.Any(nullEncapsulated)
+        return algorithmIdentifier
+
+    def buildSignerInfo(self, certificate, pykeyHash, digestValue):
+        """Given a pyasn1 certificate, a pykey hash identifier
+        and a hash value, creates a SignerInfo with the
+        appropriate values."""
+        signerInfo = rfc2315.SignerInfo()
+        signerInfo["version"] = 1
+        issuerAndSerialNumber = rfc2315.IssuerAndSerialNumber()
+        issuerAndSerialNumber["issuer"] = self.signer.getIssuer()
+        issuerAndSerialNumber["serialNumber"] = certificate["tbsCertificate"][
+            "serialNumber"
+        ]
+        signerInfo["issuerAndSerialNumber"] = issuerAndSerialNumber
+        signerInfo["digestAlgorithm"] = self.pykeyHashToDigestAlgorithm(pykeyHash)
+        rsa = rfc2459.AlgorithmIdentifier()
+        rsa["algorithm"] = rfc2459.rsaEncryption
+        rsa["parameters"] = univ.Null()
+        authenticatedAttributes = self.buildAuthenticatedAttributes(
+            digestValue,
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0),
+        )
+        authenticatedAttributesTBS = self.buildAuthenticatedAttributes(digestValue)
+        signerInfo["authenticatedAttributes"] = authenticatedAttributes
+        signerInfo["digestEncryptionAlgorithm"] = rsa
+        authenticatedAttributesEncoded = encoder.encode(authenticatedAttributesTBS)
+        signature = self.signingKey.sign(authenticatedAttributesEncoded, pykeyHash)
+        # signature will be a hexified bit string of the form
+        # "'<hex bytes>'H". For some reason that's what BitString wants,
+        # but since this is an OCTET STRING, we have to strip off the
+        # quotation marks and trailing "H".
+        signerInfo["encryptedDigest"] = univ.OctetString(hexValue=signature[1:-2])
+        return signerInfo
+
+    def toDER(self):
+        contentInfo = rfc2315.ContentInfo()
+        contentInfo["contentType"] = rfc2315.signedData
+
+        signedData = rfc2315.SignedData()
+        signedData["version"] = rfc2315.Version(1)
+
+        digestAlgorithms = rfc2315.DigestAlgorithmIdentifiers()
+        digestAlgorithms[0] = self.pykeyHashToDigestAlgorithm(pykey.HASH_SHA1)
+        signedData["digestAlgorithms"] = digestAlgorithms
+
+        dataContentInfo = rfc2315.ContentInfo()
+        dataContentInfo["contentType"] = rfc2315.data
+        signedData["contentInfo"] = dataContentInfo
+
+        certificates = rfc2315.ExtendedCertificatesAndCertificates().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        )
+        extendedCertificateOrCertificate = rfc2315.ExtendedCertificateOrCertificate()
+        certificate = decoder.decode(
+            self.signer.toDER(), asn1Spec=rfc2459.Certificate()
+        )[0]
+        extendedCertificateOrCertificate["certificate"] = certificate
+        certificates[0] = extendedCertificateOrCertificate
+        signedData["certificates"] = certificates
+
+        signerInfos = rfc2315.SignerInfos()
+
+        if len(self.sha1) > 0:
+            signerInfos[len(signerInfos)] = self.buildSignerInfo(
+                certificate, pykey.HASH_SHA1, self.sha1
+            )
+        if len(self.sha256) > 0:
+            signerInfos[len(signerInfos)] = self.buildSignerInfo(
+                certificate, pykey.HASH_SHA256, self.sha256
+            )
+        signedData["signerInfos"] = signerInfos
+
+        encoded = encoder.encode(signedData)
+        anyTag = univ.Any(encoded).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        )
+
+        contentInfo["content"] = anyTag
+        return encoder.encode(contentInfo)
+
+    def toPEM(self):
+        output = "-----BEGIN PKCS7-----"
+        der = self.toDER()
+        b64 = base64.b64encode(der)
+        while b64:
+            output += "\n" + b64[:64]
+            b64 = b64[64:]
+        output += "\n-----END PKCS7-----\n"
+        return output
+
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the certificate as PEM to stdout.
+if __name__ == "__main__":
+    print(CMS(sys.stdin).toPEM())
diff --git a/security/manager/tools/pyct.py b/security/manager/tools/pyct.py
new file mode 100644
index 0000000000..8f9d61b72b
--- /dev/null
+++ b/security/manager/tools/pyct.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Helper library for creating a Signed Certificate Timestamp given the
+details of a signing key, when to sign, and the certificate data to
+sign. Currently only supports precert_entry types. See RFC 6962.
+"""
+
+import binascii
+import calendar
+import hashlib
+from struct import pack
+
+import pykey
+from pyasn1.codec.der import encoder
+
+
+class InvalidKeyError(Exception):
+    """Helper exception to handle unknown key types."""
+
+    def __init__(self, key):
+        self.key = key
+
+    def __str__(self):
+        return 'Invalid key: "%s"' % str(self.key)
+
+
+class SCT(object):
+    """SCT represents a Signed Certificate Timestamp."""
+
+    def __init__(self, key, date, tbsCertificate, issuerKey):
+        self.key = key
+        self.timestamp = calendar.timegm(date.timetuple()) * 1000
+        self.tbsCertificate = tbsCertificate
+        self.issuerKey = issuerKey
+
+    def signAndEncode(self):
+        """Returns a signed and encoded representation of the SCT as a
+        string."""
+        # The signature is over the following data:
+        # sct_version (one 0 byte)
+        # signature_type (one 0 byte)
+        # timestamp (8 bytes, milliseconds since the epoch)
+        # entry_type (two bytes [0, 1] - currently only precert_entry is
+        #             supported)
+        # signed_entry (bytes of PreCert)
+        # extensions (2-byte-length-prefixed, currently empty (so two 0
+        #             bytes))
+        # A PreCert is:
+        # issuer_key_hash (32 bytes of SHA-256 hash of the issuing
+        #                  public key, as DER-encoded SPKI)
+        # tbs_certificate (3-byte-length-prefixed data)
+        timestamp = pack("!Q", self.timestamp)
+        hasher = hashlib.sha256()
+        hasher.update(encoder.encode(self.issuerKey.asSubjectPublicKeyInfo()))
+        issuer_key_hash = hasher.digest()
+        len_prefix = pack("!L", len(self.tbsCertificate))[1:]
+        data = (
+            b"\0\0"
+            + timestamp
+            + b"\0\1"
+            + issuer_key_hash
+            + len_prefix
+            + self.tbsCertificate
+            + b"\0\0"
+        )
+        if isinstance(self.key, pykey.ECCKey):
+            signatureByte = b"\3"
+        elif isinstance(self.key, pykey.RSAKey):
+            signatureByte = b"\1"
+        else:
+            raise InvalidKeyError(self.key)
+        # sign returns a hex string like "'<hex bytes>'H", but we want
+        # bytes here
+        hexSignature = self.key.sign(data, pykey.HASH_SHA256)
+        signature = binascii.unhexlify(hexSignature[1:-2])
+        # The actual data returned is the following:
+        # sct_version (one 0 byte)
+        # id (32 bytes of SHA-256 hash of the signing key, as
+        #     DER-encoded SPKI)
+        # timestamp (8 bytes, milliseconds since the epoch)
+        # extensions (2-byte-length-prefixed data, currently
+        #             empty)
+        # hash (one 4 byte representing sha256)
+        # signature (one byte - 1 for RSA and 3 for ECDSA)
+        # signature (2-byte-length-prefixed data)
+        hasher = hashlib.sha256()
+        hasher.update(encoder.encode(self.key.asSubjectPublicKeyInfo()))
+        key_id = hasher.digest()
+        signature_len_prefix = pack("!H", len(signature))
+        return (
+            b"\0"
+            + key_id
+            + timestamp
+            + b"\0\0\4"
+            + signatureByte
+            + signature_len_prefix
+            + signature
+        )
diff --git a/security/manager/tools/pykey.py b/security/manager/tools/pykey.py
new file mode 100755
index 0000000000..fec8021c26
--- /dev/null
+++ b/security/manager/tools/pykey.py
@@ -0,0 +1,957 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a key specification from stdin or a file and outputs a
+PKCS #8 file representing the (private) key. Also provides
+methods for signing data and representing the key as a subject
+public key info for use with pyasn1.
+
+The key specification format is as follows:
+
+default: a 2048-bit RSA key
+alternate: a different 2048-bit RSA key
+ev: a 2048-bit RSA key that, when combined with the right pycert
+    specification, results in a certificate that is enabled for
+    extended validation in debug Firefox (see ExtendedValidation.cpp).
+evRSA2040: a 2040-bit RSA key that, when combined with the right pycert
+           specification, results in a certificate that is enabled for
+           extended validation in debug Firefox.
+rsa2040: a 2040-bit RSA key
+rsa1024: a 1024-bit RSA key
+rsa1016: a 1016-bit RSA key
+secp256k1: an ECC key on the curve secp256k1
+secp244r1: an ECC key on the curve secp244r1
+secp256r1: an ECC key on the curve secp256r1
+secp384r1: an ECC key on the curve secp384r1
+secp521r1: an ECC key on the curve secp521r1
+"""
+
+import base64
+import binascii
+import hashlib
+import math
+import sys
+
+import ecdsa
+import rsa
+import six
+from pyasn1.codec.der import encoder
+from pyasn1.type import namedtype, tag, univ
+from pyasn1_modules import rfc2459
+
+# "constants" to make it easier for consumers to specify hash algorithms
+HASH_MD5 = "hash:md5"
+HASH_SHA1 = "hash:sha1"
+HASH_SHA256 = "hash:sha256"
+HASH_SHA384 = "hash:sha384"
+HASH_SHA512 = "hash:sha512"
+
+
+# NOTE: With bug 1621441 we migrated from one library for ecdsa to another.
+# These libraries differ somewhat in terms of functionality and interface. In
+# order to ensure there are no diffs and that the generated signatures are
+# exactly the same between the two libraries, we need to patch some stuff in.
+
+
+def _gen_k(curve):
+    # This calculation is arbitrary, but it matches what we were doing pre-
+    # bug 1621441 (see the above NOTE). Crucially, this generation of k is
+    # non-random; the ecdsa library exposes an option to deterministically
+    # generate a value of k for us, but it doesn't match up to what we were
+    # doing before so we have to inject a custom value.
+    num_bytes = int(math.log(curve.order - 1, 2) + 1) // 8 + 8
+    entropy = int.from_bytes(b"\04" * num_bytes, byteorder="big")
+    p = curve.curve.p()
+    return (entropy % (p - 1)) + 1
+
+
+# As above, the library has built-in logic for truncating digests that are too
+# large, but they use a slightly different technique than our previous library.
+# Re-implement that logic here.
+def _truncate_digest(digest, curve):
+    i = int.from_bytes(digest, byteorder="big")
+    p = curve.curve.p()
+    while i > p:
+        i >>= 1
+    return i.to_bytes(math.ceil(i.bit_length() / 8), byteorder="big")
+
+
+def byteStringToHexifiedBitString(string):
+    """Takes a string of bytes and returns a hex string representing
+    those bytes for use with pyasn1.type.univ.BitString. It must be of
+    the form "'<hex bytes>'H", where the trailing 'H' indicates to
+    pyasn1 that the input is a hex string."""
+    return "'%s'H" % six.ensure_binary(string).hex()
+
+
+class UnknownBaseError(Exception):
+    """Base class for handling unexpected input in this module."""
+
+    def __init__(self, value):
+        super(UnknownBaseError, self).__init__()
+        self.value = value
+        self.category = "input"
+
+    def __str__(self):
+        return 'Unknown %s type "%s"' % (self.category, repr(self.value))
+
+
+class UnknownKeySpecificationError(UnknownBaseError):
+    """Helper exception type to handle unknown key specifications."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "key specification"
+
+
+class UnknownHashAlgorithmError(UnknownBaseError):
+    """Helper exception type to handle unknown key specifications."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = "hash algorithm"
+
+
+class UnsupportedHashAlgorithmError(Exception):
+    """Helper exception type for unsupported hash algorithms."""
+
+    def __init__(self, value):
+        super(UnsupportedHashAlgorithmError, self).__init__()
+        self.value = value
+
+    def __str__(self):
+        return 'Unsupported hash algorithm "%s"' % repr(self.value)
+
+
+class RSAPublicKey(univ.Sequence):
+    """Helper type for encoding an RSA public key"""
+
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType("N", univ.Integer()),
+        namedtype.NamedType("E", univ.Integer()),
+    )
+
+
+class RSAPrivateKey(univ.Sequence):
+    """Helper type for encoding an RSA private key"""
+
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType("version", univ.Integer()),
+        namedtype.NamedType("modulus", univ.Integer()),
+        namedtype.NamedType("publicExponent", univ.Integer()),
+        namedtype.NamedType("privateExponent", univ.Integer()),
+        namedtype.NamedType("prime1", univ.Integer()),
+        namedtype.NamedType("prime2", univ.Integer()),
+        namedtype.NamedType("exponent1", univ.Integer()),
+        namedtype.NamedType("exponent2", univ.Integer()),
+        namedtype.NamedType("coefficient", univ.Integer()),
+    )
+
+
+class ECPrivateKey(univ.Sequence):
+    """Helper type for encoding an EC private key
+    ECPrivateKey ::= SEQUENCE {
+        version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+        privateKey     OCTET STRING,
+        parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+                        (NOTE: parameters field is not supported)
+        publicKey  [1] BIT STRING OPTIONAL
+    }"""
+
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType("version", univ.Integer()),
+        namedtype.NamedType("privateKey", univ.OctetString()),
+        namedtype.OptionalNamedType(
+            "publicKey",
+            univ.BitString().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)
+            ),
+        ),
+    )
+
+
+class ECPoint(univ.Sequence):
+    """Helper type for encoding a EC point"""
+
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType("x", univ.Integer()),
+        namedtype.NamedType("y", univ.Integer()),
+    )
+
+
+class PrivateKeyInfo(univ.Sequence):
+    """Helper type for encoding a PKCS #8 private key info"""
+
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType("version", univ.Integer()),
+        namedtype.NamedType("privateKeyAlgorithm", rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType("privateKey", univ.OctetString()),
+    )
+
+
+class RSAKey(object):
+    # For reference, when encoded as a subject public key info, the
+    # base64-encoded sha-256 hash of this key is
+    # VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=
+    sharedRSA_N = int(
+        "00ba8851a8448e16d641fd6eb6880636103d3c13d9eae4354ab4ecf56857"
+        "6c247bc1c725a8e0d81fbdb19c069b6e1a86f26be2af5a756b6a6471087a"
+        "a55aa74587f71cd5249c027ecd43fc1e69d038202993ab20c349e4dbb94c"
+        "c26b6c0eed15820ff17ead691ab1d3023a8b2a41eea770e00f0d8dfd660b"
+        "2bb02492a47db988617990b157903dd23bc5e0b8481fa837d38843ef2716"
+        "d855b7665aaa7e02902f3a7b10800624cc1c6c97ad96615bb7e29612c075"
+        "31a30c91ddb4caf7fcad1d25d309efb9170ea768e1b37b2f226f69e3b48a"
+        "95611dee26d6259dab91084e36cb1c24042cbf168b2fe5f18f991731b8b3"
+        "fe4923fa7251c431d503acda180a35ed8d",
+        16,
+    )
+    sharedRSA_E = 65537
+    sharedRSA_D = int(
+        "009ecbce3861a454ecb1e0fe8f85dd43c92f5825ce2e997884d0e1a949da"
+        "a2c5ac559b240450e5ac9fe0c3e31c0eefa6525a65f0c22194004ee1ab46"
+        "3dde9ee82287cc93e746a91929c5e6ac3d88753f6c25ba5979e73e5d8fb2"
+        "39111a3cdab8a4b0cdf5f9cab05f1233a38335c64b5560525e7e3b92ad7c"
+        "7504cf1dc7cb005788afcbe1e8f95df7402a151530d5808346864eb370aa"
+        "79956a587862cb533791307f70d91c96d22d001a69009b923c683388c9f3"
+        "6cb9b5ebe64302041c78d908206b87009cb8cabacad3dbdb2792fb911b2c"
+        "f4db6603585be9ae0ca3b8e6417aa04b06e470ea1a3b581ca03a6781c931"
+        "5b62b30e6011f224725946eec57c6d9441",
+        16,
+    )
+    sharedRSA_P = int(
+        "00dd6e1d4fffebf68d889c4d114cdaaa9caa63a59374286c8a5c29a717bb"
+        "a60375644d5caa674c4b8bc7326358646220e4550d7608ac27d55b6db74f"
+        "8d8127ef8fa09098b69147de065573447e183d22fe7d885aceb513d9581d"
+        "d5e07c1a90f5ce0879de131371ecefc9ce72e9c43dc127d238190de81177"
+        "3ca5d19301f48c742b",
+        16,
+    )
+    sharedRSA_Q = int(
+        "00d7a773d9ebc380a767d2fec0934ad4e8b5667240771acdebb5ad796f47"
+        "8fec4d45985efbc9532968289c8d89102fadf21f34e2dd4940eba8c09d6d"
+        "1f16dcc29729774c43275e9251ddbe4909e1fd3bf1e4bedf46a39b8b3833"
+        "28ef4ae3b95b92f2070af26c9e7c5c9b587fedde05e8e7d86ca57886fb16"
+        "5810a77b9845bc3127",
+        16,
+    )
+    sharedRSA_exp1 = int(
+        "0096472b41a610c0ade1af2266c1600e3671355ba42d4b5a0eb4e9d7eb35"
+        "81400ba5dd132cdb1a5e9328c7bbc0bbb0155ea192972edf97d12751d8fc"
+        "f6ae572a30b1ea309a8712dd4e33241db1ee455fc093f5bc9b592d756e66"
+        "21474f32c07af22fb275d340792b32ba2590bbb261aefb95a258eea53765"
+        "5315be9c24d191992d",
+        16,
+    )
+    sharedRSA_exp2 = int(
+        "28b450a7a75a856413b2bda6f7a63e3d964fb9ecf50e3823ef6cc8e8fa26"
+        "ee413f8b9d1205540f12bbe7a0c76828b7ba65ad83cca4d0fe2a220114e1"
+        "b35d03d5a85bfe2706bd50fce6cfcdd571b46ca621b8ed47d605bbe765b0"
+        "aa4a0665ac25364da20154032e1204b8559d3e34fb5b177c9a56ff93510a"
+        "5a4a6287c151de2d",
+        16,
+    )
+    sharedRSA_coef = int(
+        "28067b9355801d2ef52dfa96d8adb589673cf8ee8a9c6ff72aeeabe9ef6b"
+        "e58a4f4abf05f788947dc851fdaa34542147a71a246bfb054ee76aa346ab"
+        "cd2692cfc9e44c51e6f069c735e073ba019f6a7214961c91b26871caeabf"
+        "8f064418a02690e39a8d5ff3067b7cdb7f50b1f53418a703966c4fc774bf"
+        "7402af6c43247f43",
+        16,
+    )
+
+    # For reference, when encoded as a subject public key info, the
+    # base64-encoded sha-256 hash of this key is
+    # MQj2tt1yGAfwFpWETYUCVrZxk2CD2705NKBQUlAaKJI=
+    alternateRSA_N = int(
+        "00c175c65266099f77082a6791f1b876c37f5ce538b06c4acd22b1cbd46f"
+        "a65ada2add41c8c2498ac4a3b3c1f61487f41b698941bd80a51c3c120244"
+        "c584a4c4483305e5138c0106cf08be9a862760bae6a2e8f36f23c5d98313"
+        "b9dfaf378345dace51d4d6dcd2a6cb3cc706ebcd3070ec98cce40aa591d7"
+        "295a7f71c5be66691d2b2dfec84944590bc5a3ea49fd93b1d753405f1773"
+        "7699958666254797ed426908880811422069988a43fee48ce68781dd22b6"
+        "a69cd28375131f932b128ce286fa7d251c062ad27ef016f187cdd54e832b"
+        "35b8930f74ba90aa8bc76167242ab1fd6d62140d18c4c0b8c68fc3748457"
+        "324ad7de86e6552f1d1e191d712168d3bb",
+        16,
+    )
+    alternateRSA_E = 65537
+    alternateRSA_D = int(
+        "7e3f6d7cb839ef66ae5d7dd92ff5410bb341dc14728d39034570e1a37079"
+        "0f30f0681355fff41e2ad4e9a9d9fcebfbd127bdfab8c00affb1f3cea732"
+        "7ead47aa1621f2ac1ee14ca02f04b3b2786017980b181a449d03b03e69d1"
+        "12b83571e55434f012056575d2832ed6731dce799e37c83f6d51c55ab71e"
+        "b58015af05e1af15c747603ef7f27d03a6ff049d96bbf854c1e4e50ef5b0"
+        "58d0fb08180e0ac7f7be8f2ff1673d97fc9e55dba838077bbf8a7cff2962"
+        "857785269cd9d5bad2b57469e4afcd33c4ca2d2f699f11e7c8fbdcd484f0"
+        "8d8efb8a3cb8a972eb24bed972efaae4bb712093e48fe94a46eb629a8750"
+        "78c4021a9a2c93c9a70390e9d0a54401",
+        16,
+    )
+    alternateRSA_P = int(
+        "00e63fc725a6ba76925a7ff8cb59c4f56dd7ec83fe85bf1f53e11cac9a81"
+        "258bcfc0ae819077b0f2d1477aaf868de6a8ecbeaf7bb22b196f2a9ad82d"
+        "3286f0d0cc29de719e5f2be8e509b7284d5963edd362f927887a4c4a8979"
+        "9d340d51b301ac7601ab27179024fcaadd38bf6522af63eb16461ec02a7f"
+        "27b06fe09ddda7c0a1",
+        16,
+    )
+    alternateRSA_Q = int(
+        "00d718b1fe9f8f99f00e832ae1fbdc6fe2ab27f34e049c498010fa0eb708"
+        "4852182346083b5c96c3eee5592c014a410c6b930b165c13b5c26aa32eac"
+        "6e7c925a8551c25134f2f4a72c6421f19a73148a0edfaba5d3a6888b35cb"
+        "a18c00fd38ee5aaf0b545731d720761bbccdee744a52ca415e98e4de01cd"
+        "fe764c1967b3e8cadb",
+        16,
+    )
+    alternateRSA_exp1 = int(
+        "01e5aca266c94a88d22e13c2b92ea247116c657a076817bdfd30db4b3a9d"
+        "3095b9a4b6749647e2f84e7a784fc7838b08c85971cf7a036fa30e3b91c3"
+        "c4d0df278f80c1b6e859d8456adb137defaa9f1f0ac5bac9a9184fd4ea27"
+        "9d722ea626f160d78aad7bc83845ccb29df115c83f61b7622b99bd439c60"
+        "9b5790a63c595181",
+        16,
+    )
+    alternateRSA_exp2 = int(
+        "0080cc45d10d2484ee0d1297fc07bf80b3beff461ea27e1f38f371789c3a"
+        "f66b4a0edd2192c227791db4f1c77ae246bf342f31856b0f56581b58a95b"
+        "1131c0c5396db2a8c3c6f39ea2e336bc205ae6a2a0b36869fca98cbba733"
+        "cf01319a6f9bb26b7ca23d3017fc551cd8da8afdd17f6fa2e30d34868798"
+        "1cd6234d571e90b7df",
+        16,
+    )
+    alternateRSA_coef = int(
+        "6f77c0c1f2ae7ac169561cca499c52bdfbe04cddccdbdc12aec5a85691e8"
+        "594b7ee29908f30e7b96aa6254b80ed4aeec9b993782bdfc79b69d8d58c6"
+        "8870fa4be1bc0c3527288c5c82bb4aebaf15edff110403fc78e6ace6a828"
+        "27bf42f0cfa751e507651c5638db9393dd23dd1f6b295151de44b77fe55a"
+        "7b0df271e19a65c0",
+        16,
+    )
+
+    evRSA_N = int(
+        "00b549895c9d00108d11a1f99f87a9e3d1a5db5dfaecf188da57bf641368"
+        "8f2ce4722cff109038c17402c93a2a473dbd286aed3fdcd363cf5a291477"
+        "01bdd818d7615bf9356bd5d3c8336aaa8c0971368a06c3cd4461b93e5142"
+        "4e1744bb2eaad46aab38ce196821961f87714a1663693f09761cdf4d6ba1"
+        "25eacec7be270d388f789f6cdf78ae3144ed28c45e79293863a7a22a4898"
+        "0a36a40e72d579c9b925dff8c793362ffd6897a7c1754c5e97c967c3eadd"
+        "1aae8aa2ccce348a0169b80e28a2d70c1a960c6f335f2da09b9b643f5abf"
+        "ba49e8aaa981e960e27d87480bdd55dd9417fa18509fbb554ccf81a4397e"
+        "8ba8128a34bdf27865c189e5734fb22905",
+        16,
+    )
+    evRSA_E = 65537
+    evRSA_D = int(
+        "00983d54f94d6f4c76eb23d6f93d78523530cf73b0d16254c6e781768d45"
+        "f55681d1d02fb2bd2aac6abc1c389860935c52a0d8f41482010394778314"
+        "1d864bff30803638a5c0152570ae9d18f3d8ca163efb475b0dddf32e7e16"
+        "ec7565e6bb5e025c41c5c66e57a03cede554221f83045347a2c4c451c3dc"
+        "e476b787ce0c057244be9e04ef13118dbbb3d5e0a6cc87029eafd4a69ed9"
+        "b14759b15e39d8a9884e56f54d2f9ab013f0d15f318a9ab6b2f73d1ec3c9"
+        "fe274ae89431a10640be7899b0011c5e5093a1834708689de100634dabde"
+        "60fbd6aaefa3a33df34a1f36f60c043036b748d1c9ee98c4031a0afec60e"
+        "fda0a990be524f5614eac4fdb34a52f951",
+        16,
+    )
+    evRSA_P = int(
+        "00eadc2cb33e5ff1ca376bbd95bd6a1777d2cf4fac47545e92d11a6209b9"
+        "d5e4ded47834581c169b3c884742a09ea187505c1ca55414d8d25b497632"
+        "d5ec2aaa05233430fad49892777a7d68e038f561a3b8969e60b0a263defb"
+        "fda48a9b0ff39d95bc88b15267c8ade97b5107948e41e433249d87f7db10"
+        "9d5d74584d86bcc1d7",
+        16,
+    )
+    evRSA_Q = int(
+        "00c59ae576a216470248d944a55b9e9bf93299da341ec56e558eba821abc"
+        "e1bf57b79cf411d2904c774f9dba1f15185f607b0574a08205d6ec28b66a"
+        "36d634232eaaf2fea37561abaf9d644b68db38c9964cb8c96ec0ac61eba6"
+        "4d05b446542f423976f5acde4ecc95536d2df578954f93f0cfd9c58fb78b"
+        "a2a76dd5ac284dc883",
+        16,
+    )
+    evRSA_exp1 = int(
+        "00c1d2ef3906331c52aca64811f9fe425beb2898322fb3db51032ce8d7e9"
+        "fc32240be92019cf2480fcd5e329837127118b2a59a1bfe06c883e3a4447"
+        "f3f031cd9aebd0b8d368fc79740d2cce8eadb324df7f091eafe1564361d5"
+        "4920b01b0471230e5e47d93f8ed33963c517bc4fc78f6d8b1f9eba85bcce"
+        "db7033026508db6285",
+        16,
+    )
+    evRSA_exp2 = int(
+        "008521b8db5694dfbe804a315f9efc9b65275c5490acf2a3456d65e6e610"
+        "bf9f647fc67501d4f5772f232ac70ccdef9fc2a6dfa415c7c41b6afc7af9"
+        "d07c3ca03f7ed93c09f0b99f2c304434322f1071709bbc1baa4c91575fa6"
+        "a959e07d4996956d95e22b57938b6e47c8d51ffedfc9bf888ce0d1a3e42b"
+        "65a89bed4b91d3e5f5",
+        16,
+    )
+    evRSA_coef = int(
+        "00dc497b06b920c8be0b0077b798e977eef744a90ec2c5d7e6cbb22448fa"
+        "c72da81a33180e0d8a02e831460c7fc7fd3a612f7b9930b61b799f8e908e"
+        "632e9ba0409b6aa70b03a3ba787426263b5bd5843df8476edb5d14f6a861"
+        "3ebaf5b9cd5ca42f5fbd2802e08e4e49e5709f5151510caa5ab2c1c6eb3e"
+        "fe9295d16e8c25c916",
+        16,
+    )
+
+    evRSA2040_N = int(
+        "00ca7020dc215f57914d343fae4a015111697af997a5ece91866499fc23f"
+        "1b88a118cbd30b10d91c7b9a0d4ee8972fcae56caf57f25fc1275a2a4dbc"
+        "b982428c32ef587bf2387410330a0ffb16b8029bd783969ef675f6de38c1"
+        "8f67193cb6c072f8b23d0b3374112627a57b90055771d9e62603f53788d7"
+        "f63afa724f5d108096df31f89f26b1eb5f7c4357980e008fcd55d827dd26"
+        "2395ca2f526a07897cc40c593b38716ebc0caa596719c6f29ac9b73a7a94"
+        "4748a3aa3e09e9eb4d461ea0027e540926614728b9d243975cf9a0541bef"
+        "d25e76b51f951110b0e7644fc7e38441791b6d2227384cb8004e23342372"
+        "b1cf5cc3e73e31b7bbefa160e6862ebb",
+        16,
+    )
+    evRSA2040_E = 65537
+    evRSA2040_D = int(
+        "00b2db74bce92362abf72955a638ae8720ba3033bb7f971caf39188d7542"
+        "eaa1c1abb5d205b1e2111f4791c08911a2e141e8cfd7054702d23100b564"
+        "2c06e1a31b118afd1f9a2f396cced425c501d91435ca8656766ced2b93bb"
+        "b8669fce9bacd727d1dacb3dafabc3293e35389eef8ea0b58e1aeb1a20e6"
+        "a61f9fcd453f7567fe31d123b616a26fef4df1d6c9f7490111d028eefd1d"
+        "972045b1a242273dd7a67ebf111db2741a5a93c7b2289cc4a236f5a99a6e"
+        "c7a8206fdae1c1d04bdbb1980d4a298c5a17dae4186474a5f7835d882bce"
+        "f24aef4ed6f149f94d96c9f7d78e647fc778a9017ff208d3b4a1768b1821"
+        "62102cdab032fabbab38d5200a324649",
+        16,
+    )
+    evRSA2040_P = int(
+        "0f3844d0d4d4d6a21acd76a6fc370b8550e1d7ec5a6234172e790f0029ae"
+        "651f6d5c59330ab19802b9d7a207de7a1fb778e3774fdbdc411750633d8d"
+        "1b3fe075006ffcfd1d10e763c7a9227d2d5f0c2dade1c9e659c350a159d3"
+        "6bb986f12636d4f9942b288bc0fe21da8799477173144249ca2e389e6c5c"
+        "25aa78c8cad7d4df",
+        16,
+    )
+    evRSA2040_Q = int(
+        "0d4d0bedd1962f07a1ead6b23a4ed67aeaf1270f052a6d29ba074945c636"
+        "1a5c4f8f07bf859e067aed3f4e6e323ef2aa8a6acd340b0bdc7cfe4fd329"
+        "e3c97f870c7f7735792c6aa9d0f7e7542a28ed6f01b0e55a2b8d9c24a65c"
+        "6da314c95484f5c7c3954a81bb016b07ed17ee9b06039695bca059a79f8d"
+        "c2423d328d5265a5",
+        16,
+    )
+    evRSA2040_exp1 = int(
+        "09f29a2ff05be8a96d614ba31b08935420a86c6bc42b99a6692ea0da5763"
+        "f01e596959b7ddce73ef9c2e4f6e5b40710887500d44ba0c3cd3132cba27"
+        "475f39c2df7552e2d123a2497a4f97064028769a48a3624657f72bf539f3"
+        "d0de234feccd3be8a0aa90c6bf6e9b0bed43070a24d061ff3ed1751a3ef2"
+        "ff7f6b90b9dbd5fb",
+        16,
+    )
+    evRSA2040_exp2 = int(
+        "01a659e170cac120a03be1cf8f9df1caa353b03593bd7476e5853bd874c2"
+        "87388601c6c341ce9d1d284a5eef1a3a669d32b816a5eaecd8b7844fe070"
+        "64b9bca0c2b318d540277b3f7f1510d386bb36e03b04771e5d229e88893e"
+        "13b753bfb94518bb638e2404bd6e6a993c1668d93fc0b82ff08aaf34347d"
+        "3fe8397108c87ca5",
+        16,
+    )
+    evRSA2040_coef = int(
+        "040257c0d4a21c0b9843297c65652db66304fb263773d728b6abfa06d37a"
+        "c0ca62c628023e09e37dc0a901e4ce1224180e2582a3aa4b6a1a7b98e2bd"
+        "70077aec14ac8ab66a755c71e0fc102471f9bbc1b46a95aa0b645f2c38e7"
+        "6450289619ea3f5e8ae61037bffcf8249f22aa4e76e2a01909f3feb290ce"
+        "93edf57b10ebe796",
+        16,
+    )
+
+    rsa2040_N = int(
+        "00bac0652fdfbc0055882ffbaeaceec88fa2d083c297dd5d40664dd3d90f"
+        "52f9aa02bd8a50fba16e0fd991878ef475f9b350d9f8e3eb2abd717ce327"
+        "b09788531f13df8e3e4e3b9d616bb8a41e5306eed2472163161051180127"
+        "6a4eb66f07331b5cbc8bcae7016a8f9b3d4f2ac4553c624cf5263bcb348e"
+        "8840de6612870960a792191b138fb217f765cec7bff8e94f16b39419bf75"
+        "04c59a7e4f79bd6d173e9c7bf3d9d2a4e73cc180b0590a73d584fb7fc9b5"
+        "4fa544607e53fc685c7a55fd44a81d4142b6af51ea6fa6cea52965a2e8c5"
+        "d84f3ca024d6fbb9b005b9651ce5d9f2ecf40ed404981a9ffc02636e311b"
+        "095c6332a0c87dc39271b5551481774b",
+        16,
+    )
+    rsa2040_E = 65537
+    rsa2040_D = int(
+        "603db267df97555cbed86b8df355034af28f1eb7f3e7829d239bcc273a7c"
+        "7a69a10be8f21f1b6c4b02c6bae3731c3158b5bbff4605f57ab7b7b2a0cb"
+        "a2ec005a2db5b1ea6e0aceea5bc745dcd2d0e9d6b80d7eb0ea2bc08127bc"
+        "e35fa50c42cc411871ba591e23ba6a38484a33eff1347f907ee9a5a92a23"
+        "11bb0b435510020f78e3bb00099db4d1182928096505fcba84f3ca1238fd"
+        "1eba5eea1f391bbbcc5424b168063fc17e1ca6e1912ccba44f9d0292308a"
+        "1fedb80612529b39f59d0a3f8180b5ba201132197f93a5815ded938df8e7"
+        "d93c9b15766588f339bb59100afda494a7e452d7dd4c9a19ce2ec3a33a18"
+        "b20f0b4dade172bee19f26f0dcbe41",
+        16,
+    )
+    rsa2040_P = int(
+        "0ec3869cb92d406caddf7a319ab29448bc505a05913707873361fc5b986a"
+        "499fb65eeb815a7e37687d19f128087289d9bb8818e7bcca502c4900ad9a"
+        "ece1179be12ff3e467d606fc820ea8f07ac9ebffe2236e38168412028822"
+        "3e42dbe68dfd972a85a6447e51695f234da7911c67c9ab9531f33df3b994"
+        "32d4ee88c9a4efbb",
+        16,
+    )
+    rsa2040_Q = int(
+        "0ca63934549e85feac8e0f5604303fd1849fe88af4b7f7e1213283bbc7a2"
+        "c2a509f9273c428c68de3db93e6145f1b400bd6d4a262614e9043ad362d4"
+        "eba4a6b995399c8934a399912199e841d8e8dbff0489f69e663796730b29"
+        "80530b31cb70695a21625ea2adccc09d930516fa872211a91e22dd89fd9e"
+        "b7da8574b72235b1",
+        16,
+    )
+    rsa2040_exp1 = int(
+        "0d7d3a75e17f65f8a658a485c4095c10a4f66979e2b73bca9cf8ef21253e"
+        "1facac6d4791f58392ce8656f88f1240cc90c29653e3100c6d7a38ed44b1"
+        "63b339e5f3b6e38912126c69b3ceff2e5192426d9649b6ffca1abb75d2ba"
+        "2ed6d9a26aa383c5973d56216ff2edb90ccf887742a0f183ac92c94cf187"
+        "657645c7772d9ad7",
+        16,
+    )
+    rsa2040_exp2 = int(
+        "03f550194c117f24bea285b209058032f42985ff55acebe88b16df9a3752"
+        "7b4e61dc91a68dbc9a645134528ce5f248bda2893c96cb7be79ee73996c7"
+        "c22577f6c2f790406f3472adb3b211b7e94494f32c5c6fcc0978839fe472"
+        "4c31b06318a2489567b4fca0337acb1b841227aaa5f6c74800a2306929f0"
+        "2ce038bad943df41",
+        16,
+    )
+    rsa2040_coef = int(
+        "080a7dbfa8c2584814c71664c56eb62ce4caf16afe88d4499159d674774a"
+        "3a3ecddf1256c02fc91525c527692422d0aba94e5c41ee12dc71bb66f867"
+        "9fa17e096f28080851ba046eb31885c1414e8985ade599d907af17453d1c"
+        "caea2c0d06443f8367a6be154b125e390ee0d90f746f08801dd3f5367f59"
+        "fba2e5a67c05f375",
+        16,
+    )
+
+    rsa1024_N = int(
+        "00d3a97440101eba8c5df9503e6f935eb52ffeb3ebe9d0dc5cace26f973c"
+        "a94cbc0d9c31d66c0c013bce9c82d0d480328df05fb6bcd7990a5312ddae"
+        "6152ad6ee61c8c1bdd8663c68bd36224a9882ae78e89f556dfdbe6f51da6"
+        "112cbfc27c8a49336b41afdb75321b52b24a7344d1348e646351a551c757"
+        "1ccda0b8fe35f61a75",
+        16,
+    )
+    rsa1024_E = 65537
+    rsa1024_D = int(
+        "5b6708e185548fc07ff062dba3792363e106ff9177d60ee3227162391024"
+        "1813f958a318f26db8b6a801646863ebbc69190d6c2f5e7723433e99666d"
+        "76b3987892cd568f1f18451e8dc05477c0607ee348380ebb7f4c98d0c036"
+        "a0260bc67b2dab46cbaa4ce87636d839d8fddcbae2da3e02e8009a21225d"
+        "d7e47aff2f82699d",
+        16,
+    )
+    rsa1024_P = int(
+        "00fcdee570323e8fc399dbfc63d8c1569546fb3cd6886c628668ab1e1d0f"
+        "ca71058febdf76d702970ad6579d80ac2f9521075e40ef8f3f39983bd819"
+        "07e898bad3",
+        16,
+    )
+    rsa1024_Q = int(
+        "00d64801c955b4eb75fbae230faa8b28c9cc5e258be63747ff5ac8d2af25"
+        "3e9f6d6ce03ea2eb13ae0eb32572feb848c32ca00743635374338fedacd8"
+        "c5885f7897",
+        16,
+    )
+    rsa1024_exp1 = int(
+        "76c0526d5b1b28368a75d5d42a01b9a086e20b9310241e2cd2d0b166a278"
+        "c694ff1e9d25d9193d47789b52bb0fa194de1af0b77c09007f12afdfeef9"
+        "58d108c3",
+        16,
+    )
+    rsa1024_exp2 = int(
+        "008a41898d8b14217c4d782cbd15ef95d0a660f45ed09a4884f4e170367b"
+        "946d2f20398b907896890e88fe17b54bd7febe133ebc7720c86fe0649cca"
+        "7ca121e05f",
+        16,
+    )
+    rsa1024_coef = int(
+        "22db133445f7442ea2a0f582031ee214ff5f661972986f172651d8d6b4ec"
+        "3163e99bff1c82fe58ec3d075c6d8f26f277020edb77c3ba821b9ba3ae18"
+        "ff8cb2cb",
+        16,
+    )
+
+    rsa1016_N = int(
+        "00d29bb12fb84fddcd29b3a519cb66c43b8d8f8be545ba79384ce663ed03"
+        "df75991600eb920790d2530cece544db99a71f05896a3ed207165534aa99"
+        "057e47c47e3bc81ada6fa1e12e37268b5046a55268f9dad7ccb485d81a2e"
+        "19d50d4f0b6854acaf6d7be69d9a083136e15afa8f53c1c8c84fc6077279"
+        "dd0e55d7369a5bdd",
+        16,
+    )
+    rsa1016_E = 65537
+    rsa1016_D = int(
+        "3c4965070bf390c251d5a2c5277c5b5fd0bdee85cad7fe2b27982bb28511"
+        "4a507004036ae1cf8ae54b25e4db39215abd7e903f618c2d8b2f08cc6cd1"
+        "2dbccd72205e4945b6b3df389e5e43de0a148bb2c84e2431fdbe5920b044"
+        "bb272f45ecff0721b7dfb60397fc613a9ea35c22300530cae8f9159c534d"
+        "f3bf0910951901",
+        16,
+    )
+    rsa1016_P = int(
+        "0f9f17597c85b8051b9c69afb55ef576c996dbd09047d0ccde5b9d60ea5c"
+        "67fe4fac67be803f4b6ac5a3f050f76b966fb14f5cf105761e5ade6dd960"
+        "b183ba55",
+        16,
+    )
+    rsa1016_Q = int(
+        "0d7b637112ce61a55168c0f9c9386fb279ab40cba0d549336bba65277263"
+        "aac782611a2c81d9b635cf78c40018859e018c5e9006d12e3d2ee6f346e7"
+        "9fa43369",
+        16,
+    )
+    rsa1016_exp1 = int(
+        "09fd6c9a3ea6e91ae32070f9fc1c210ff9352f97be5d1eeb951bb39681e9"
+        "dc5b672a532221b3d8900c9a9d99b9d0a4e102dc450ca1b87b0b1389de65"
+        "16c0ae0d",
+        16,
+    )
+    rsa1016_exp2 = int(
+        "0141b832491b7dd4a83308920024c79cae64bd447df883bb4c5672a96bab"
+        "48b7123b34f26324452cdceb17f21e570e347cbe2fd4c2d8f9910eac2cb6"
+        "d895b8c9",
+        16,
+    )
+    rsa1016_coef = int(
+        "0458dd6aee18c88b2f9b81f1bc3075ae20dc1f9973d20724f20b06043d61"
+        "47c8789d4a07ae88bc82c8438c893e017b13947f62e0b18958a31eb664b1"
+        "9e64d3e0",
+        16,
+    )
+
+    def __init__(self, specification):
+        if specification == "default":
+            self.RSA_N = self.sharedRSA_N
+            self.RSA_E = self.sharedRSA_E
+            self.RSA_D = self.sharedRSA_D
+            self.RSA_P = self.sharedRSA_P
+            self.RSA_Q = self.sharedRSA_Q
+            self.RSA_exp1 = self.sharedRSA_exp1
+            self.RSA_exp2 = self.sharedRSA_exp2
+            self.RSA_coef = self.sharedRSA_coef
+        elif specification == "alternate":
+            self.RSA_N = self.alternateRSA_N
+            self.RSA_E = self.alternateRSA_E
+            self.RSA_D = self.alternateRSA_D
+            self.RSA_P = self.alternateRSA_P
+            self.RSA_Q = self.alternateRSA_Q
+            self.RSA_exp1 = self.alternateRSA_exp1
+            self.RSA_exp2 = self.alternateRSA_exp2
+            self.RSA_coef = self.alternateRSA_coef
+        elif specification == "ev":
+            self.RSA_N = self.evRSA_N
+            self.RSA_E = self.evRSA_E
+            self.RSA_D = self.evRSA_D
+            self.RSA_P = self.evRSA_P
+            self.RSA_Q = self.evRSA_Q
+            self.RSA_exp1 = self.evRSA_exp1
+            self.RSA_exp2 = self.evRSA_exp2
+            self.RSA_coef = self.evRSA_coef
+        elif specification == "evRSA2040":
+            self.RSA_N = self.evRSA2040_N
+            self.RSA_E = self.evRSA2040_E
+            self.RSA_D = self.evRSA2040_D
+            self.RSA_P = self.evRSA2040_P
+            self.RSA_Q = self.evRSA2040_Q
+            self.RSA_exp1 = self.evRSA2040_exp1
+            self.RSA_exp2 = self.evRSA2040_exp2
+            self.RSA_coef = self.evRSA2040_coef
+        elif specification == "rsa2040":
+            self.RSA_N = self.rsa2040_N
+            self.RSA_E = self.rsa2040_E
+            self.RSA_D = self.rsa2040_D
+            self.RSA_P = self.rsa2040_P
+            self.RSA_Q = self.rsa2040_Q
+            self.RSA_exp1 = self.rsa2040_exp1
+            self.RSA_exp2 = self.rsa2040_exp2
+            self.RSA_coef = self.rsa2040_coef
+        elif specification == "rsa1024":
+            self.RSA_N = self.rsa1024_N
+            self.RSA_E = self.rsa1024_E
+            self.RSA_D = self.rsa1024_D
+            self.RSA_P = self.rsa1024_P
+            self.RSA_Q = self.rsa1024_Q
+            self.RSA_exp1 = self.rsa1024_exp1
+            self.RSA_exp2 = self.rsa1024_exp2
+            self.RSA_coef = self.rsa1024_coef
+        elif specification == "rsa1016":
+            self.RSA_N = self.rsa1016_N
+            self.RSA_E = self.rsa1016_E
+            self.RSA_D = self.rsa1016_D
+            self.RSA_P = self.rsa1016_P
+            self.RSA_Q = self.rsa1016_Q
+            self.RSA_exp1 = self.rsa1016_exp1
+            self.RSA_exp2 = self.rsa1016_exp2
+            self.RSA_coef = self.rsa1016_coef
+        else:
+            raise UnknownKeySpecificationError(specification)
+
+    def toDER(self):
+        privateKeyInfo = PrivateKeyInfo()
+        privateKeyInfo["version"] = 0
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier["algorithm"] = rfc2459.rsaEncryption
+        # Directly setting parameters to univ.Null doesn't currently work.
+        nullEncapsulated = encoder.encode(univ.Null())
+        algorithmIdentifier["parameters"] = univ.Any(nullEncapsulated)
+        privateKeyInfo["privateKeyAlgorithm"] = algorithmIdentifier
+        rsaPrivateKey = RSAPrivateKey()
+        rsaPrivateKey["version"] = 0
+        rsaPrivateKey["modulus"] = self.RSA_N
+        rsaPrivateKey["publicExponent"] = self.RSA_E
+        rsaPrivateKey["privateExponent"] = self.RSA_D
+        rsaPrivateKey["prime1"] = self.RSA_P
+        rsaPrivateKey["prime2"] = self.RSA_Q
+        rsaPrivateKey["exponent1"] = self.RSA_exp1
+        rsaPrivateKey["exponent2"] = self.RSA_exp2
+        rsaPrivateKey["coefficient"] = self.RSA_coef
+        rsaPrivateKeyEncoded = encoder.encode(rsaPrivateKey)
+        privateKeyInfo["privateKey"] = univ.OctetString(rsaPrivateKeyEncoded)
+        return encoder.encode(privateKeyInfo)
+
+    def toPEM(self):
+        output = "-----BEGIN PRIVATE KEY-----"
+        der = self.toDER()
+        b64 = six.ensure_text(base64.b64encode(der))
+        while b64:
+            output += "\n" + b64[:64]
+            b64 = b64[64:]
+        output += "\n-----END PRIVATE KEY-----"
+        return output
+
+    def asSubjectPublicKeyInfo(self):
+        """Returns a subject public key info representing
+        this key for use by pyasn1."""
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier["algorithm"] = rfc2459.rsaEncryption
+        # Directly setting parameters to univ.Null doesn't currently work.
+        nullEncapsulated = encoder.encode(univ.Null())
+        algorithmIdentifier["parameters"] = univ.Any(nullEncapsulated)
+        spki = rfc2459.SubjectPublicKeyInfo()
+        spki["algorithm"] = algorithmIdentifier
+        rsaKey = RSAPublicKey()
+        rsaKey["N"] = univ.Integer(self.RSA_N)
+        rsaKey["E"] = univ.Integer(self.RSA_E)
+        subjectPublicKey = univ.BitString(
+            byteStringToHexifiedBitString(encoder.encode(rsaKey))
+        )
+        spki["subjectPublicKey"] = subjectPublicKey
+        return spki
+
+    def sign(self, data, hashAlgorithm):
+        """Returns a hexified bit string representing a
+        signature by this key over the specified data.
+        Intended for use with pyasn1.type.univ.BitString"""
+        hashAlgorithmName = None
+        if hashAlgorithm == HASH_MD5:
+            hashAlgorithmName = "MD5"
+        elif hashAlgorithm == HASH_SHA1:
+            hashAlgorithmName = "SHA-1"
+        elif hashAlgorithm == HASH_SHA256:
+            hashAlgorithmName = "SHA-256"
+        elif hashAlgorithm == HASH_SHA384:
+            hashAlgorithmName = "SHA-384"
+        elif hashAlgorithm == HASH_SHA512:
+            hashAlgorithmName = "SHA-512"
+        else:
+            raise UnknownHashAlgorithmError(hashAlgorithm)
+        rsaPrivateKey = rsa.PrivateKey(
+            self.RSA_N, self.RSA_E, self.RSA_D, self.RSA_P, self.RSA_Q
+        )
+        signature = rsa.sign(data, rsaPrivateKey, hashAlgorithmName)
+        return byteStringToHexifiedBitString(signature)
+
+
+ecPublicKey = univ.ObjectIdentifier("1.2.840.10045.2.1")
+secp256k1 = univ.ObjectIdentifier("1.3.132.0.10")
+secp224r1 = univ.ObjectIdentifier("1.3.132.0.33")
+secp256r1 = univ.ObjectIdentifier("1.2.840.10045.3.1.7")
+secp384r1 = univ.ObjectIdentifier("1.3.132.0.34")
+secp521r1 = univ.ObjectIdentifier("1.3.132.0.35")
+
+
+def longToEvenLengthHexString(val):
+    h = format(val, "x")
+    if not len(h) % 2 == 0:
+        h = "0" + h
+    return h
+
+
+class ECCKey(object):
+    secp256k1KeyPair = (
+        "35ee7c7289d8fef7a86afe5da66d8bc2ebb6a8543fd2fead089f45ce7acd0fa6"
+        + "4382a9500c41dad770ffd4b511bf4b492eb1238800c32c4f76c73a3f3294e7c5",
+        "67cebc208a5fa3df16ec2bb34acc59a42ab4abb0538575ca99b92b6a2149a04f",
+    )
+
+    secp224r1KeyPair = (
+        "668d72cca6fd6a1b3557b5366104d84408ecb637f08e8c86bbff82cc"
+        + "00e88f0066d7af63c3298ba377348a1202b03b37fd6b1ff415aa311e",
+        "04389459926c3296c242b83e10a6cd2011c8fe2dae1b772ea5b21067",
+    )
+
+    secp256r1KeyPair = (
+        "4fbfbbbb61e0f8f9b1a60a59ac8704e2ec050b423e3cf72e923f2c4f794b455c"
+        + "2a69d233456c36c4119d0706e00eedc8d19390d7991b7b2d07a304eaa04aa6c0",
+        "2191403d5710bf15a265818cd42ed6fedf09add92d78b18e7a1e9feb95524702",
+    )
+
+    secp384r1KeyPair = (
+        "a1687243362b5c7b1889f379154615a1c73fb48dee863e022915db608e252de4b71"
+        + "32da8ce98e831534e6a9c0c0b09c8d639ade83206e5ba813473a11fa330e05da8c9"
+        + "6e4383fe27873da97103be2888cff002f05af71a1fddcc8374aa6ea9ce",
+        "035c7a1b10d9fafe837b64ad92f22f5ced0789186538669b5c6d872cec3d926122b"
+        + "393772b57602ff31365efe1393246",
+    )
+
+    secp521r1KeyPair = (
+        "014cdc9cacc47941096bc9cc66752ec27f597734fa66c62b792f88c519d6d37f0d1"
+        + "6ea1c483a1827a010b9128e3a08070ca33ef5f57835b7c1ba251f6cc3521dc42b01"
+        + "0653451981b445d343eed3782a35d6cff0ff484f5a883d209f1b9042b726703568b"
+        + "2f326e18b833bdd8aa0734392bcd19501e10d698a79f53e11e0a22bdd2aad90",
+        "014f3284fa698dd9fe1118dd331851cdfaac5a3829278eb8994839de9471c940b85"
+        + "8c69d2d05e8c01788a7d0b6e235aa5e783fc1bee807dcc3865f920e12cf8f2d29",
+    )
+
+    def __init__(self, specification):
+        if specification == "secp256k1":
+            key_pair = self.secp256k1KeyPair
+            self.keyOID = secp256k1
+            self.curve = ecdsa.SECP256k1
+        elif specification == "secp224r1":
+            key_pair = self.secp224r1KeyPair
+            self.keyOID = secp224r1
+            self.curve = ecdsa.NIST224p
+        elif specification == "secp256r1":
+            key_pair = self.secp256r1KeyPair
+            self.keyOID = secp256r1
+            self.curve = ecdsa.NIST256p
+        elif specification == "secp384r1":
+            key_pair = self.secp384r1KeyPair
+            self.keyOID = secp384r1
+            self.curve = ecdsa.NIST384p
+        elif specification == "secp521r1":
+            key_pair = self.secp521r1KeyPair
+            self.keyOID = secp521r1
+            self.curve = ecdsa.NIST521p
+        else:
+            raise UnknownKeySpecificationError(specification)
+
+        self.public_key, self.private_key = (
+            binascii.unhexlify(key_pair[0]),
+            binascii.unhexlify(key_pair[1]),
+        )
+        self.key = ecdsa.SigningKey.from_string(self.private_key, curve=self.curve)
+
+    def getPublicKeyHexifiedString(self):
+        """Returns the EC public key as a hex string using the uncompressed
+        point representation. This is intended to be used in the encoder
+        functions, as it surrounds the value with ''H to indicate its type."""
+        p1, p2 = (
+            self.public_key[: len(self.public_key) // 2],
+            self.public_key[len(self.public_key) // 2 :],
+        )
+        # We don't want leading zeroes.
+        p1, p2 = (p1.lstrip(b"\0"), p2.lstrip(b"\0"))
+        # '04' indicates that the points are in uncompressed form.
+        return byteStringToHexifiedBitString(b"\04" + p1 + p2)
+
+    def toPEM(self):
+        """Return the EC private key in PEM-encoded form."""
+        output = "-----BEGIN EC PRIVATE KEY-----"
+        der = self.toDER()
+        b64 = six.ensure_text(base64.b64encode(der))
+        while b64:
+            output += "\n" + b64[:64]
+            b64 = b64[64:]
+        output += "\n-----END EC PRIVATE KEY-----"
+        return output
+
+    def toDER(self):
+        """Return the EC private key in DER-encoded form, encoded per SEC 1
+        section C.4 format."""
+        privateKeyInfo = PrivateKeyInfo()
+        privateKeyInfo["version"] = 0
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier["algorithm"] = ecPublicKey
+        algorithmIdentifier["parameters"] = self.keyOID
+        privateKeyInfo["privateKeyAlgorithm"] = algorithmIdentifier
+        ecPrivateKey = ECPrivateKey()
+        ecPrivateKey["version"] = 1
+        ecPrivateKey["privateKey"] = self.private_key
+        ecPrivateKey["publicKey"] = univ.BitString(
+            self.getPublicKeyHexifiedString()
+        ).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))
+        ecPrivateKeyEncoded = encoder.encode(ecPrivateKey)
+        privateKeyInfo["privateKey"] = univ.OctetString(ecPrivateKeyEncoded)
+        return encoder.encode(privateKeyInfo)
+
+    def asSubjectPublicKeyInfo(self):
+        """Returns a subject public key info representing
+        this key for use by pyasn1."""
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier["algorithm"] = ecPublicKey
+        algorithmIdentifier["parameters"] = self.keyOID
+        spki = rfc2459.SubjectPublicKeyInfo()
+        spki["algorithm"] = algorithmIdentifier
+        spki["subjectPublicKey"] = univ.BitString(self.getPublicKeyHexifiedString())
+        return spki
+
+    def signRaw(self, data, hashAlgorithm):
+        """Performs the ECDSA signature algorithm over the given data.
+        The returned value is a string representing the bytes of the
+        resulting point when encoded by left-padding each of (r, s) to
+        the key size and concatenating them.
+        """
+        assert hashAlgorithm.startswith("hash:")
+        hashAlgorithm = hashAlgorithm[len("hash:") :]
+        k = _gen_k(self.curve)
+        digest = hashlib.new(hashAlgorithm, six.ensure_binary(data)).digest()
+        digest = _truncate_digest(digest, self.curve)
+        # NOTE: Under normal circumstances it's advisable to use
+        # sign_digest_deterministic. In this case we don't want the library's
+        # default generation of k, so we call the normal "sign" method and
+        # inject it here.
+        return self.key.sign_digest(digest, sigencode=ecdsa.util.sigencode_string, k=k)
+
+    def sign(self, data, hashAlgorithm):
+        """Returns a hexified bit string representing a
+        signature by this key over the specified data.
+        Intended for use with pyasn1.type.univ.BitString"""
+        # signRaw returns an encoded point, which is useful in some situations.
+        # However, for signatures on X509 certificates, we need to decode it so
+        # we can encode it as a BITSTRING consisting of a SEQUENCE of two
+        # INTEGERs.
+        raw = self.signRaw(data, hashAlgorithm)
+        point = ECPoint()
+        point["x"] = int.from_bytes(raw[: len(raw) // 2], byteorder="big")
+        point["y"] = int.from_bytes(raw[len(raw) // 2 :], byteorder="big")
+        return byteStringToHexifiedBitString(encoder.encode(point))
+
+
+def keyFromSpecification(specification):
+    """Pass in a specification, get the appropriate key back."""
+    if specification.startswith("secp"):
+        return ECCKey(specification)
+    return RSAKey(specification)
+
+
+# The build harness will call this function with an output file-like
+# object and a path to a file containing a specification. This will
+# read the specification and output the key as ASCII-encoded PKCS #8.
+def main(output, inputPath):
+    with open(inputPath) as configStream:
+        output.write(keyFromSpecification(configStream.read().strip()).toPEM() + "\n")
+
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the certificate as PEM to stdout.
+if __name__ == "__main__":
+    print(keyFromSpecification(sys.stdin.read().strip()).toPEM())
diff --git a/security/manager/tools/pypkcs12.py b/security/manager/tools/pypkcs12.py
new file mode 100644
index 0000000000..e21c52076f
--- /dev/null
+++ b/security/manager/tools/pypkcs12.py
@@ -0,0 +1,124 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a specification from stdin or a file and outputs a PKCS12
+file with the desired properties.
+
+The input format currently consists of a pycert certificate
+specification (see pycert.py).
+Currently, keys other than the default key are not supported.
+The password that is used to encrypt and authenticate the file
+is "password".
+"""
+
+import base64
+import os
+import subprocess
+import sys
+from distutils.spawn import find_executable
+
+import mozinfo
+import pycert
+import pykey
+import six
+from mozfile import NamedTemporaryFile
+
+
+class Error(Exception):
+    """Base class for exceptions in this module."""
+
+    pass
+
+
+class OpenSSLError(Error):
+    """Class for handling errors when calling OpenSSL."""
+
+    def __init__(self, status):
+        super(OpenSSLError, self).__init__()
+        self.status = status
+
+    def __str__(self):
+        return "Error running openssl: %s " % self.status
+
+
+def runUtil(util, args):
+    env = os.environ.copy()
+    if mozinfo.os == "linux":
+        pathvar = "LD_LIBRARY_PATH"
+        app_path = os.path.dirname(util)
+        if pathvar in env:
+            env[pathvar] = "%s%s%s" % (app_path, os.pathsep, env[pathvar])
+        else:
+            env[pathvar] = app_path
+    proc = subprocess.run(
+        [util] + args,
+        env=env,
+        universal_newlines=True,
+    )
+    return proc.returncode
+
+
+class PKCS12(object):
+    """Utility class for reading a specification and generating
+    a PKCS12 file"""
+
+    def __init__(self, paramStream):
+        self.cert = pycert.Certificate(paramStream)
+        self.key = pykey.keyFromSpecification("default")
+
+    def toDER(self):
+        with NamedTemporaryFile(mode="wt+") as certTmp, NamedTemporaryFile(
+            mode="wt+"
+        ) as keyTmp, NamedTemporaryFile(mode="rb+") as pkcs12Tmp:
+            certTmp.write(self.cert.toPEM())
+            certTmp.flush()
+            keyTmp.write(self.key.toPEM())
+            keyTmp.flush()
+            openssl = find_executable("openssl")
+            status = runUtil(
+                openssl,
+                [
+                    "pkcs12",
+                    "-export",
+                    "-inkey",
+                    keyTmp.name,
+                    "-in",
+                    certTmp.name,
+                    "-out",
+                    pkcs12Tmp.name,
+                    "-passout",
+                    "pass:password",
+                ],
+            )
+            if status != 0:
+                raise OpenSSLError(status)
+            return pkcs12Tmp.read()
+
+    def toPEM(self):
+        output = "-----BEGIN PKCS12-----"
+        der = self.toDER()
+        b64 = six.ensure_text(base64.b64encode(der))
+        while b64:
+            output += "\n" + b64[:64]
+            b64 = b64[64:]
+        output += "\n-----END PKCS12-----"
+        return output
+
+
+# The build harness will call this function with an output
+# file-like object and a path to a file containing a
+# specification. This will read the specification and output
+# the PKCS12 file.
+def main(output, inputPath):
+    with open(inputPath) as configStream:
+        output.write(PKCS12(configStream).toDER())
+
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the PKCS12 file as PEM to stdout.
+if __name__ == "__main__":
+    print(PKCS12(sys.stdin).toPEM())
-- 
cgit v1.2.3